modules/private/websites/immae/production.nix

   1 { lib, pkgs, config,  ... }:
   2 let
   3   cfg = config.myServices.websites.immae.production;
   4   varDir = "/var/lib/buildbot/outputs/immae/blog";
   5   coursDir = "/var/lib/buildbot/outputs/immae/cours";
   6   rechercheDir = "/var/lib/buildbot/outputs/immae/recherche";
   7   recettesDir = "/var/lib/buildbot/outputs/immae/recettes";
   8   historyDir = "/var/lib/buildbot/outputs/immae/history";
   9   docsDir = "/var/lib/buildbot/outputs/immae/docs/";
  10   env = config.myEnv.websites.immae;
  11 in {
  12   options.myServices.websites.immae.production.enable = lib.mkEnableOption "enable Immae's website";
  13
  14   config = lib.mkIf cfg.enable {
  15     services.webstats.sites = [ { name = "www.immae.eu"; } ];
  16
  17     services.websites.env.production.vhostConfs.immae_production = {
  18       certName     = "immae";
  19       addToCerts   = true;
  20       certMainHost = "www.immae.eu";
  21       hosts        = [ "www.immae.eu" "immae.eu" ];
  22       root         = varDir;
  23       extraConfig  = [
  24         ''
  25         Use Stats www.immae.eu
  26         Header always set Strict-Transport-Security "max-age=31536000"
  27
  28         <LocationMatch /.well-known/(webfinger|host-meta)>
  29           Header always set Referrer-Policy "strict-origin-when-cross-origin"
  30           RequestHeader set X-Forwarded-Proto "https"
  31
  32           RewriteRule ^(.*)$ https://mastodon.immae.eu%{REQUEST_URI} [QSA,L]
  33         </LocationMatch>
  34
  35         RewriteEngine On
  36         RewriteCond "%{REQUEST_URI}" "!^/.well-known/(webfinger|host-meta)"
  37         RewriteCond "%{HTTP_HOST}" "!^www\.immae\.eu$" [NC]
  38         RewriteRule ^(.+)$ https://www.immae.eu$1 [R=302,L]
  39
  40         <Directory ${varDir}>
  41           DirectoryIndex index.htm index.html
  42           Options Indexes FollowSymLinks MultiViews Includes
  43           AllowOverride All
  44           Require all granted
  45         </Directory>
  46
  47         Alias /.well-known/chatonsinfos ${./chatons}
  48         <Directory ${./chatons}>
  49           Options Indexes FollowSymLinks MultiViews Includes
  50           AllowOverride None
  51           Require all granted
  52         </Directory>
  53
  54         Alias /.well-known/matrix ${./matrix}
  55         <Directory ${./matrix}>
  56           Options Indexes FollowSymLinks MultiViews Includes
  57           AllowOverride None
  58           Require all granted
  59           Header always set Access-Control-Allow-Origin "*"
  60         </Directory>
  61
  62         Alias /cours ${coursDir}
  63         <Directory ${coursDir}>
  64           DirectoryIndex index.htm index.html
  65           Options Indexes FollowSymLinks MultiViews Includes
  66           AllowOverride All
  67           Require all granted
  68         </Directory>
  69
  70         Alias /docs ${docsDir}
  71         <Directory ${docsDir}>
  72           DirectoryIndex index.htm index.html
  73           Options Indexes FollowSymLinks MultiViews Includes
  74           AllowOverride All
  75           Require all granted
  76         </Directory>
  77
  78         Alias /eurl ${./sarl}
  79         Alias /eurl ${./sarl}
  80         <Directory ${./sarl}>
  81           DirectoryIndex index.htm index.html
  82           Options Indexes FollowSymLinks MultiViews Includes
  83           AllowOverride None
  84           Require all granted
  85         </Directory>
  86
  87         Alias /recherche ${rechercheDir}
  88         <Directory ${rechercheDir}>
  89           DirectoryIndex index.htm index.html
  90           Options Indexes FollowSymLinks MultiViews Includes
  91           AllowOverride All
  92           Require all granted
  93         </Directory>
  94
  95         Alias /recettes ${recettesDir}
  96         <Directory ${recettesDir}>
  97           DirectoryIndex index.htm index.html
  98           Options Indexes FollowSymLinks MultiViews Includes
  99           AllowOverride All
 100           Require all granted
 101         </Directory>
 102
 103         Alias /history ${historyDir}
 104         <Directory ${historyDir}>
 105           DirectoryIndex index.html
 106           AllowOverride None
 107           Require all granted
 108         </Directory>
 109         ''
 110       ];
 111     };
 112
 113     services.websites.env.production.vhostConfs.immae_fr = {
 114       certName    = "immae";
 115       addToCerts  = true;
 116       hosts       = [ "www.immae.fr" "immae.fr" ];
 117       root        = null;
 118       extraConfig = [ ''
 119         RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://www.immae.eu/chapeaux/
 120         '' ];
 121     };
 122
 123     services.websites.env.production.vhostConfs.immae_bouya = {
 124       certName    = "immae";
 125       addToCerts  = true;
 126       hosts       = [ "bouya.org" "www.bouya.org" ];
 127       root        = rechercheDir;
 128       extraConfig = [ ''
 129         <Directory ${rechercheDir}>
 130           DirectoryIndex index.htm index.html
 131           Options Indexes FollowSymLinks MultiViews Includes
 132           AllowOverride All
 133           Require all granted
 134         </Directory>
 135         '' ];
 136     };
 137   };
 138 }