]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/websites/tools/tools/default.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add chatons infos
[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix
1 { lib, pkgs, config, ... }:
2 let
3 flakeCompat = import ../../../../../lib/flake-compat.nix;
4
5 adminer = pkgs.callPackage ./adminer.nix {};
6 ympd = pkgs.callPackage ./ympd.nix {
7 env = config.myEnv.tools.ympd;
8 };
9 ttrss = pkgs.callPackage ./ttrss.nix {
10 inherit (pkgs.webapps) ttrss ttrss-plugins;
11 env = config.myEnv.tools.ttrss;
12 php = pkgs.php72;
13 inherit config;
14 };
15 kanboard = pkgs.callPackage ./kanboard.nix {
16 inherit config;
17 env = config.myEnv.tools.kanboard;
18 };
19 wallabag = pkgs.callPackage ./wallabag.nix {
20 wallabag = pkgs.webapps.wallabag.override {
21 composerEnv = pkgs.composerEnv.override {
22 php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
23 };
24 };
25 env = config.myEnv.tools.wallabag;
26 inherit config;
27 };
28 yourls = pkgs.callPackage ./yourls.nix {
29 inherit (pkgs.webapps) yourls yourls-plugins;
30 env = config.myEnv.tools.yourls;
31 inherit config;
32 };
33 rompr = pkgs.callPackage ./rompr.nix {
34 inherit (pkgs.webapps) rompr;
35 env = config.myEnv.tools.rompr;
36 };
37 shaarli = pkgs.callPackage ./shaarli.nix {
38 env = config.myEnv.tools.shaarli;
39 inherit config;
40 };
41 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
42 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
43 };
44 ldap = pkgs.callPackage ./ldap.nix {
45 inherit (pkgs.webapps) phpldapadmin;
46 env = config.myEnv.tools.phpldapadmin;
47 inherit config;
48 };
49 grocy = pkgs.callPackage ./grocy.nix {
50 grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
51 };
52 phpbb = pkgs.callPackage ./phpbb.nix {
53 phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
54 e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
55 e.empteintesduweb.monitoranswers e.lr94.autosubscribe
56 e.phpbbmodders.adduser ]);
57 };
58 webhooks-bin-env = pkgs.buildEnv {
59 name = "webhook-env";
60 paths = [ pkgs.apprise ];
61 pathsToLink = [ "/bin" ];
62 };
63 webhooks = pkgs.callPackage ./webhooks.nix {
64 env = config.myEnv.tools.webhooks;
65 binEnv = webhooks-bin-env;
66 };
67 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
68 env = config.myEnv.tools.dmarc_reports;
69 inherit config;
70 };
71
72 landing = pkgs.callPackage ./landing.nix {};
73
74 cfg = config.myServices.websites.tools.tools;
75 pcfg = config.services.phpfpm.pools;
76 in {
77 imports =
78 builtins.attrValues (flakeCompat ../../../../../flakes/private/paste).nixosModules;
79
80 options.myServices.websites.tools.tools = {
81 enable = lib.mkEnableOption "enable tools website";
82 };
83
84 config = lib.mkIf cfg.enable {
85 myServices.chatonsProperties.services = {
86 dokuwiki = dokuwiki.chatonsProperties;
87 shaarli = shaarli.chatonsProperties;
88 ttrss = ttrss.chatonsProperties;
89 wallabag = wallabag.chatonsProperties;
90 paste = {
91 file.datetime = "2022-08-22T00:15:00";
92 service = {
93 name = "Paste";
94 description = "A simple paster script with syntax highlight";
95 website = "https://tools.immae.eu/paste/";
96 logo = "https://assets.immae.eu/logo.jpg";
97 status.level = "OK";
98 status.description = "OK";
99 registration."" = ["MEMBER" "CLIENT"];
100 registration.load = "OPEN";
101 install.type = "PACKAGE";
102 guide.user = "https://tools.immae.eu/paste/";
103 };
104 software = {
105 name = "Paste";
106 website = "https://tools.immae.eu/paste/";
107 license.url = "https://tools.immae.eu/paste/license";
108 license.name = "MIT License";
109 version = "Unversioned";
110 source.url = "https://tools.immae.eu/paste/abcd123/py";
111 };
112 };
113 };
114 myServices.chatonsProperties.hostings = {
115 dokuwiki = dokuwiki.chatonsHostingProperties;
116 phpbb = phpbb.chatonsHostingProperties;
117 };
118 secrets.keys =
119 kanboard.keys
120 // ldap.keys
121 // shaarli.keys
122 // ttrss.keys
123 // wallabag.keys
124 // yourls.keys
125 // dmarc-reports.keys
126 // webhooks.keys;
127
128 services.websites.env.tools.modules =
129 [ "proxy_fcgi" ]
130 ++ adminer.apache.modules
131 ++ ympd.apache.modules
132 ++ ttrss.apache.modules
133 ++ wallabag.apache.modules
134 ++ yourls.apache.modules
135 ++ rompr.apache.modules
136 ++ shaarli.apache.modules
137 ++ dokuwiki.apache.modules
138 ++ dmarc-reports.apache.modules
139 ++ phpbb.apache.modules
140 ++ ldap.apache.modules
141 ++ kanboard.apache.modules;
142
143 services.websites.env.integration.vhostConfs.devtools = {
144 certName = "integration";
145 certMainHost = "tools.immae.dev";
146 addToCerts = true;
147 hosts = [ "tools.immae.dev" ];
148 root = "/var/lib/ftp/immae/devtools";
149 extraConfig = [
150 ''
151 Use Apaxy "/var/lib/ftp/immae/devtools" "title"
152 Timeout 600
153 ProxyTimeout 600
154 Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
155 <Directory "/var/lib/ftp/immae/devtools">
156 DirectoryIndex index.php index.htm index.html
157 AllowOverride all
158 Require all granted
159 <FilesMatch "\.php$">
160 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
161 </FilesMatch>
162 </Directory>
163 ''
164 ];
165 };
166
167 services.websites.env.tools.vhostConfs.tools = {
168 certName = "eldiron";
169 addToCerts = true;
170 hosts = ["tools.immae.eu" ];
171 root = landing;
172 extraConfig = [
173 ''
174 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
175 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
176 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
177
178 <Directory "${landing}">
179 DirectoryIndex index.html
180 AllowOverride None
181 Require all granted
182
183 <FilesMatch "\.php$">
184 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
185 </FilesMatch>
186 </Directory>
187 ''
188 (adminer.apache.vhostConf pcfg.adminer.socket)
189 ympd.apache.vhostConf
190 (ttrss.apache.vhostConf pcfg.ttrss.socket)
191 (wallabag.apache.vhostConf pcfg.wallabag.socket)
192 (yourls.apache.vhostConf pcfg.yourls.socket)
193 (rompr.apache.vhostConf pcfg.rompr.socket)
194 (shaarli.apache.vhostConf pcfg.shaarli.socket)
195 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
196 (ldap.apache.vhostConf pcfg.ldap.socket)
197 (kanboard.apache.vhostConf pcfg.kanboard.socket)
198 (grocy.apache.vhostConf pcfg.grocy.socket)
199 (phpbb.apache.vhostConf pcfg.phpbb.socket)
200 (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
201 ''
202 <Location "/paste/">
203 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
204 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
205 ProxyPreserveHost on
206 </Location>
207 <Location "/paste">
208 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
209 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
210 ProxyPreserveHost on
211 </Location>
212
213 Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
214 <Directory "/var/lib/buildbot/outputs/immae/bip39">
215 DirectoryIndex index.html
216 AllowOverride None
217 Require all granted
218 </Directory>
219
220 Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
221 <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
222 Options -Indexes
223 DirectoryIndex index.php
224 Require all granted
225 AllowOverride None
226 <FilesMatch "\.php$">
227 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
228 </FilesMatch>
229 </Directory>
230 ''
231 ];
232 };
233
234 services.websites.env.tools.vhostConfs.outils = {
235 certName = "eldiron";
236 addToCerts = true;
237 hosts = [ "outils.immae.eu" ];
238 root = null;
239 extraConfig = [
240 ''
241 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
242
243 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
244
245 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
246 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
247
248 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
249 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
250 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
251 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
252
253 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
254
255 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
256
257 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
258
259 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
260
261 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
262 ''
263 ];
264 };
265
266 systemd.services = {
267 phpfpm-dokuwiki = {
268 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
269 wants = dokuwiki.phpFpm.serviceDeps;
270 };
271 phpfpm-phpbb = {
272 after = lib.mkAfter phpbb.phpFpm.serviceDeps;
273 wants = phpbb.phpFpm.serviceDeps;
274 };
275 phpfpm-kanboard = {
276 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
277 wants = kanboard.phpFpm.serviceDeps;
278 };
279 phpfpm-ldap = {
280 after = lib.mkAfter ldap.phpFpm.serviceDeps;
281 wants = ldap.phpFpm.serviceDeps;
282 };
283 phpfpm-shaarli = {
284 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
285 wants = shaarli.phpFpm.serviceDeps;
286 };
287 phpfpm-ttrss = {
288 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
289 wants = ttrss.phpFpm.serviceDeps;
290 };
291 phpfpm-wallabag = {
292 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
293 wants = wallabag.phpFpm.serviceDeps;
294 preStart = lib.mkAfter wallabag.phpFpm.preStart;
295 };
296 phpfpm-yourls = {
297 after = lib.mkAfter yourls.phpFpm.serviceDeps;
298 wants = yourls.phpFpm.serviceDeps;
299 };
300 ympd = {
301 description = "Standalone MPD Web GUI written in C";
302 wantedBy = [ "multi-user.target" ];
303 script = ''
304 export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
305 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
306 '';
307 };
308 tt-rss = {
309 description = "Tiny Tiny RSS feeds update daemon";
310 serviceConfig = {
311 User = "wwwrun";
312 ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
313 StandardOutput = "syslog";
314 StandardError = "syslog";
315 PermissionsStartOnly = true;
316 };
317
318 wantedBy = [ "multi-user.target" ];
319 requires = ["postgresql.service"];
320 after = ["network.target" "postgresql.service"];
321 };
322 };
323
324 services.filesWatcher.ympd = {
325 restart = true;
326 paths = [ config.secrets.fullPaths."mpd" ];
327 };
328
329 services.phpfpm.pools = {
330 tools = {
331 user = "wwwrun";
332 group = "wwwrun";
333 settings = {
334 "listen.owner" = "wwwrun";
335 "listen.group" = "wwwrun";
336 "pm" = "dynamic";
337 "pm.max_children" = "60";
338 "pm.start_servers" = "2";
339 "pm.min_spare_servers" = "1";
340 "pm.max_spare_servers" = "10";
341
342 # Needed to avoid clashes in browser cookies (same domain)
343 "php_value[session.name]" = "ToolsPHPSESSID";
344 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
345 "/run/wrappers/bin/sendmail" landing "/tmp"
346 config.secrets.fullPaths."webapps/webhooks"
347 "${webhooks-bin-env}/bin"
348 ];
349 };
350 phpEnv = {
351 CONTACT_EMAIL = config.myEnv.tools.contact;
352 };
353 phpPackage = pkgs.php72;
354 };
355 devtools = {
356 user = "wwwrun";
357 group = "wwwrun";
358 settings = {
359 "listen.owner" = "wwwrun";
360 "listen.group" = "wwwrun";
361 "pm" = "dynamic";
362 "pm.max_children" = "60";
363 "pm.start_servers" = "2";
364 "pm.min_spare_servers" = "1";
365 "pm.max_spare_servers" = "10";
366
367 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
368 };
369 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
370 };
371 adminer = adminer.phpFpm;
372 ttrss = {
373 user = "wwwrun";
374 group = "wwwrun";
375 settings = ttrss.phpFpm.pool;
376 phpPackage = pkgs.php72;
377 };
378 wallabag = {
379 user = "wwwrun";
380 group = "wwwrun";
381 settings = wallabag.phpFpm.pool;
382 phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
383 };
384 yourls = {
385 user = "wwwrun";
386 group = "wwwrun";
387 settings = yourls.phpFpm.pool;
388 phpPackage = pkgs.php72;
389 };
390 rompr = {
391 user = "wwwrun";
392 group = "wwwrun";
393 settings = rompr.phpFpm.pool;
394 phpPackage = pkgs.php72;
395 };
396 shaarli = {
397 user = "wwwrun";
398 group = "wwwrun";
399 settings = shaarli.phpFpm.pool;
400 phpPackage = pkgs.php72;
401 };
402 dmarc-reports = {
403 user = "wwwrun";
404 group = "wwwrun";
405 settings = dmarc-reports.phpFpm.pool;
406 phpEnv = dmarc-reports.phpFpm.phpEnv;
407 phpPackage = pkgs.php72;
408 };
409 dokuwiki = {
410 user = "wwwrun";
411 group = "wwwrun";
412 settings = dokuwiki.phpFpm.pool;
413 phpPackage = pkgs.php72;
414 };
415 phpbb = {
416 user = "wwwrun";
417 group = "wwwrun";
418 settings = phpbb.phpFpm.pool;
419 phpPackage = pkgs.php72;
420 };
421 ldap = {
422 user = "wwwrun";
423 group = "wwwrun";
424 settings = ldap.phpFpm.pool;
425 phpPackage = pkgs.php72;
426 };
427 kanboard = {
428 user = "wwwrun";
429 group = "wwwrun";
430 settings = kanboard.phpFpm.pool;
431 phpPackage = pkgs.php72;
432 };
433 grocy = {
434 user = "wwwrun";
435 group = "wwwrun";
436 settings = grocy.phpFpm.pool;
437 phpPackage = pkgs.php72;
438 };
439 };
440
441 system.activationScripts = {
442 adminer = adminer.activationScript;
443 grocy = grocy.activationScript;
444 ttrss = ttrss.activationScript;
445 wallabag = wallabag.activationScript;
446 yourls = yourls.activationScript;
447 rompr = rompr.activationScript;
448 shaarli = shaarli.activationScript;
449 dokuwiki = dokuwiki.activationScript;
450 phpbb = phpbb.activationScript;
451 kanboard = kanboard.activationScript;
452 ldap = ldap.activationScript;
453 };
454
455 services.websites.env.tools.watchPaths = [
456 config.secrets.fullPaths."webapps/tools-shaarli"
457 ];
458 services.filesWatcher.phpfpm-wallabag = {
459 restart = true;
460 paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
461 };
462
463 };
464 }
465
My infrastructure configuration