]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/websites/tools/tools/default.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add flake skeletons
[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix
1 { lib, pkgs, config, flakes, ... }:
2 let
3 adminer = pkgs.callPackage ./adminer.nix {};
4 ympd = pkgs.callPackage ./ympd.nix {
5 env = config.myEnv.tools.ympd;
6 };
7 ttrss = pkgs.callPackage ./ttrss.nix {
8 inherit (pkgs.webapps) ttrss ttrss-plugins;
9 env = config.myEnv.tools.ttrss;
10 php = pkgs.php72;
11 inherit config;
12 };
13 kanboard = pkgs.callPackage ./kanboard.nix {
14 inherit config;
15 env = config.myEnv.tools.kanboard;
16 };
17 wallabag = pkgs.callPackage ./wallabag.nix {
18 wallabag = pkgs.webapps.wallabag.override {
19 composerEnv = pkgs.composerEnv.override {
20 php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
21 };
22 };
23 env = config.myEnv.tools.wallabag;
24 inherit config;
25 };
26 yourls = pkgs.callPackage ./yourls.nix {
27 inherit (pkgs.webapps) yourls yourls-plugins;
28 env = config.myEnv.tools.yourls;
29 inherit config;
30 };
31 rompr = pkgs.callPackage ./rompr.nix {
32 inherit (pkgs.webapps) rompr;
33 env = config.myEnv.tools.rompr;
34 };
35 shaarli = pkgs.callPackage ./shaarli.nix {
36 env = config.myEnv.tools.shaarli;
37 inherit config;
38 };
39 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
40 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
41 };
42 ldap = pkgs.callPackage ./ldap.nix {
43 inherit (pkgs.webapps) phpldapadmin;
44 env = config.myEnv.tools.phpldapadmin;
45 inherit config;
46 };
47 grocy = pkgs.callPackage ./grocy.nix {
48 grocy = flakes.subflakes.public.grocy.defaultPackage.x86_64-linux.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
49 };
50 phpbb = pkgs.callPackage ./phpbb.nix {
51 phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
52 e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
53 e.empteintesduweb.monitoranswers e.lr94.autosubscribe
54 e.phpbbmodders.adduser ]);
55 };
56 webhooks-bin-env = pkgs.buildEnv {
57 name = "webhook-env";
58 paths = [ pkgs.apprise ];
59 pathsToLink = [ "/bin" ];
60 };
61 webhooks = pkgs.callPackage ./webhooks.nix {
62 env = config.myEnv.tools.webhooks;
63 binEnv = webhooks-bin-env;
64 };
65 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
66 env = config.myEnv.tools.dmarc_reports;
67 inherit config;
68 };
69
70 landing = pkgs.callPackage ./landing.nix {};
71
72 cfg = config.myServices.websites.tools.tools;
73 pcfg = config.services.phpfpm.pools;
74 in {
75 imports =
76 builtins.attrValues flakes.subflakes.private.paste.nixosModules;
77
78 options.myServices.websites.tools.tools = {
79 enable = lib.mkEnableOption "enable tools website";
80 };
81
82 config = lib.mkIf cfg.enable {
83 myServices.chatonsProperties.services = {
84 dokuwiki = dokuwiki.chatonsProperties;
85 shaarli = shaarli.chatonsProperties;
86 ttrss = ttrss.chatonsProperties;
87 wallabag = wallabag.chatonsProperties;
88 paste = {
89 file.datetime = "2022-08-22T00:15:00";
90 service = {
91 name = "Paste";
92 description = "A simple paster script with syntax highlight";
93 website = "https://tools.immae.eu/paste/";
94 logo = "https://assets.immae.eu/logo.jpg";
95 status.level = "OK";
96 status.description = "OK";
97 registration."" = ["MEMBER" "CLIENT"];
98 registration.load = "OPEN";
99 install.type = "PACKAGE";
100 guide.user = "https://tools.immae.eu/paste/";
101 };
102 software = {
103 name = "Paste";
104 website = "https://tools.immae.eu/paste/";
105 license.url = "https://tools.immae.eu/paste/license";
106 license.name = "MIT License";
107 version = "Unversioned";
108 source.url = "https://tools.immae.eu/paste/abcd123/py";
109 };
110 };
111 };
112 myServices.chatonsProperties.hostings = {
113 dokuwiki = dokuwiki.chatonsHostingProperties;
114 phpbb = phpbb.chatonsHostingProperties;
115 };
116 secrets.keys =
117 kanboard.keys
118 // ldap.keys
119 // shaarli.keys
120 // ttrss.keys
121 // wallabag.keys
122 // yourls.keys
123 // dmarc-reports.keys
124 // webhooks.keys;
125
126 services.websites.env.tools.modules =
127 [ "proxy_fcgi" ]
128 ++ adminer.apache.modules
129 ++ ympd.apache.modules
130 ++ ttrss.apache.modules
131 ++ wallabag.apache.modules
132 ++ yourls.apache.modules
133 ++ rompr.apache.modules
134 ++ shaarli.apache.modules
135 ++ dokuwiki.apache.modules
136 ++ dmarc-reports.apache.modules
137 ++ phpbb.apache.modules
138 ++ ldap.apache.modules
139 ++ kanboard.apache.modules;
140
141 services.websites.env.integration.vhostConfs.devtools = {
142 certName = "integration";
143 certMainHost = "tools.immae.dev";
144 addToCerts = true;
145 hosts = [ "tools.immae.dev" ];
146 root = "/var/lib/ftp/immae/devtools";
147 extraConfig = [
148 ''
149 Use Apaxy "/var/lib/ftp/immae/devtools" "title"
150 Timeout 600
151 ProxyTimeout 600
152 Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
153 <Directory "/var/lib/ftp/immae/devtools">
154 DirectoryIndex index.php index.htm index.html
155 AllowOverride all
156 Require all granted
157 <FilesMatch "\.php$">
158 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
159 </FilesMatch>
160 </Directory>
161 ''
162 ];
163 };
164
165 services.websites.env.tools.vhostConfs.tools = {
166 certName = "eldiron";
167 addToCerts = true;
168 hosts = ["tools.immae.eu" ];
169 root = landing;
170 extraConfig = [
171 ''
172 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
173 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
174 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
175
176 <Directory "${landing}">
177 DirectoryIndex index.html
178 AllowOverride None
179 Require all granted
180
181 <FilesMatch "\.php$">
182 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
183 </FilesMatch>
184 </Directory>
185 ''
186 (adminer.apache.vhostConf pcfg.adminer.socket)
187 ympd.apache.vhostConf
188 (ttrss.apache.vhostConf pcfg.ttrss.socket)
189 (wallabag.apache.vhostConf pcfg.wallabag.socket)
190 (yourls.apache.vhostConf pcfg.yourls.socket)
191 (rompr.apache.vhostConf pcfg.rompr.socket)
192 (shaarli.apache.vhostConf pcfg.shaarli.socket)
193 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
194 (ldap.apache.vhostConf pcfg.ldap.socket)
195 (kanboard.apache.vhostConf pcfg.kanboard.socket)
196 (grocy.apache.vhostConf pcfg.grocy.socket)
197 (phpbb.apache.vhostConf pcfg.phpbb.socket)
198 (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
199 ''
200 <Location "/paste/">
201 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
202 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
203 ProxyPreserveHost on
204 </Location>
205 <Location "/paste">
206 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
207 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
208 ProxyPreserveHost on
209 </Location>
210
211 <Location "/ntfy/">
212 SetEnv proxy-nokeepalive 1
213 SetEnv proxy-sendchunked 1
214 LimitRequestBody 102400
215
216 RewriteEngine On
217
218 # FIXME: why is landing prefixed in the url?
219 RewriteCond %{HTTP:Upgrade} websocket [NC]
220 RewriteCond %{HTTP:Connection} upgrade [NC]
221 RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|ws://tools.immae.eu/$2 [P,NE,QSA,L]
222
223 RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|http://tools.immae.eu/$2 [P,NE,QSA,L]
224 </Location>
225 Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
226 <Directory "/var/lib/buildbot/outputs/immae/bip39">
227 DirectoryIndex index.html
228 AllowOverride None
229 Require all granted
230 </Directory>
231
232 Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
233 <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
234 Options -Indexes
235 DirectoryIndex index.php
236 Require all granted
237 AllowOverride None
238 <FilesMatch "\.php$">
239 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
240 </FilesMatch>
241 </Directory>
242 ''
243 ];
244 };
245
246 services.websites.env.tools.vhostConfs.outils = {
247 certName = "eldiron";
248 addToCerts = true;
249 hosts = [ "outils.immae.eu" ];
250 root = null;
251 extraConfig = [
252 ''
253 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
254
255 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
256
257 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
258 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
259
260 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
261 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
262 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
263 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
264
265 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
266
267 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
268
269 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
270
271 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
272
273 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
274 ''
275 ];
276 };
277
278 systemd.services = {
279 phpfpm-dokuwiki = {
280 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
281 wants = dokuwiki.phpFpm.serviceDeps;
282 };
283 phpfpm-phpbb = {
284 after = lib.mkAfter phpbb.phpFpm.serviceDeps;
285 wants = phpbb.phpFpm.serviceDeps;
286 };
287 phpfpm-kanboard = {
288 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
289 wants = kanboard.phpFpm.serviceDeps;
290 };
291 phpfpm-ldap = {
292 after = lib.mkAfter ldap.phpFpm.serviceDeps;
293 wants = ldap.phpFpm.serviceDeps;
294 };
295 phpfpm-shaarli = {
296 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
297 wants = shaarli.phpFpm.serviceDeps;
298 };
299 phpfpm-ttrss = {
300 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
301 wants = ttrss.phpFpm.serviceDeps;
302 };
303 phpfpm-wallabag = {
304 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
305 wants = wallabag.phpFpm.serviceDeps;
306 preStart = lib.mkAfter wallabag.phpFpm.preStart;
307 };
308 phpfpm-yourls = {
309 after = lib.mkAfter yourls.phpFpm.serviceDeps;
310 wants = yourls.phpFpm.serviceDeps;
311 };
312 ntfy = {
313 description = "send push notifications to your phone or desktop via scripts from any computer";
314 wantedBy = [ "multi-user.target" ];
315 serviceConfig = {
316 ExecStart = "${pkgs.ntfy-sh}/bin/ntfy serve --listen-http '' --listen-unix %t/ntfy/ntfy.sock --cache-file %S/ntfy/cache.db --cache-duration 120h --behind-proxy --attachment-cache-dir %S/ntfy/attachments --base-url https://tools.immae.eu/ntfy";
317 Type = "simple";
318 WorkingDirectory = "%S/ntfy";
319 RuntimeDirectory = "ntfy";
320 StateDirectory = "ntfy";
321 User = "wwwrun";
322 };
323 };
324 ympd = {
325 description = "Standalone MPD Web GUI written in C";
326 wantedBy = [ "multi-user.target" ];
327 script = ''
328 export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
329 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
330 '';
331 };
332 tt-rss = {
333 description = "Tiny Tiny RSS feeds update daemon";
334 serviceConfig = {
335 User = "wwwrun";
336 ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
337 StandardOutput = "syslog";
338 StandardError = "syslog";
339 PermissionsStartOnly = true;
340 };
341
342 wantedBy = [ "multi-user.target" ];
343 requires = ["postgresql.service"];
344 after = ["network.target" "postgresql.service"];
345 };
346 };
347
348 services.filesWatcher.ympd = {
349 restart = true;
350 paths = [ config.secrets.fullPaths."mpd" ];
351 };
352
353 services.phpfpm.pools = {
354 tools = {
355 user = "wwwrun";
356 group = "wwwrun";
357 settings = {
358 "listen.owner" = "wwwrun";
359 "listen.group" = "wwwrun";
360 "pm" = "dynamic";
361 "pm.max_children" = "60";
362 "pm.start_servers" = "2";
363 "pm.min_spare_servers" = "1";
364 "pm.max_spare_servers" = "10";
365
366 "php_admin_value[session.save_handler]" = "redis";
367 "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Tools:'";
368 # Needed to avoid clashes in browser cookies (same domain)
369 "php_value[session.name]" = "ToolsPHPSESSID";
370 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
371 "/run/wrappers/bin/sendmail" landing "/tmp"
372 config.secrets.fullPaths."webapps/webhooks"
373 "${webhooks-bin-env}/bin"
374 ];
375 };
376 phpEnv = {
377 CONTACT_EMAIL = config.myEnv.tools.contact;
378 };
379 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]);
380 };
381 devtools = {
382 user = "wwwrun";
383 group = "wwwrun";
384 settings = {
385 "listen.owner" = "wwwrun";
386 "listen.group" = "wwwrun";
387 "pm" = "dynamic";
388 "pm.max_children" = "60";
389 "pm.start_servers" = "2";
390 "pm.min_spare_servers" = "1";
391 "pm.max_spare_servers" = "10";
392
393 "php_admin_value[session.save_handler]" = "redis";
394 "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Devtools:'";
395 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
396 };
397 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.sqlite3 all.redis all.apcu all.opcache ]);
398 };
399 adminer = adminer.phpFpm;
400 ttrss = {
401 user = "wwwrun";
402 group = "wwwrun";
403 settings = ttrss.phpFpm.pool;
404 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
405 };
406 wallabag = {
407 user = "wwwrun";
408 group = "wwwrun";
409 settings = wallabag.phpFpm.pool;
410 phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy all.redis]);
411 };
412 yourls = {
413 user = "wwwrun";
414 group = "wwwrun";
415 settings = yourls.phpFpm.pool;
416 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
417 };
418 rompr = {
419 user = "wwwrun";
420 group = "wwwrun";
421 settings = rompr.phpFpm.pool;
422 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
423 };
424 shaarli = {
425 user = "wwwrun";
426 group = "wwwrun";
427 settings = shaarli.phpFpm.pool;
428 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
429 };
430 dmarc-reports = {
431 user = "wwwrun";
432 group = "wwwrun";
433 settings = dmarc-reports.phpFpm.pool;
434 phpEnv = dmarc-reports.phpFpm.phpEnv;
435 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
436 };
437 dokuwiki = {
438 user = "wwwrun";
439 group = "wwwrun";
440 settings = dokuwiki.phpFpm.pool;
441 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
442 };
443 phpbb = {
444 user = "wwwrun";
445 group = "wwwrun";
446 settings = phpbb.phpFpm.pool;
447 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
448 };
449 ldap = {
450 user = "wwwrun";
451 group = "wwwrun";
452 settings = ldap.phpFpm.pool;
453 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
454 };
455 kanboard = {
456 user = "wwwrun";
457 group = "wwwrun";
458 settings = kanboard.phpFpm.pool;
459 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
460 };
461 grocy = {
462 user = "wwwrun";
463 group = "wwwrun";
464 settings = grocy.phpFpm.pool;
465 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
466 };
467 };
468
469 system.activationScripts = {
470 grocy = grocy.activationScript;
471 ttrss = ttrss.activationScript;
472 wallabag = wallabag.activationScript;
473 rompr = rompr.activationScript;
474 shaarli = shaarli.activationScript;
475 dokuwiki = dokuwiki.activationScript;
476 phpbb = phpbb.activationScript;
477 kanboard = kanboard.activationScript;
478 };
479
480 services.websites.env.tools.watchPaths = [
481 config.secrets.fullPaths."webapps/tools-shaarli"
482 ];
483 services.filesWatcher.phpfpm-wallabag = {
484 restart = true;
485 paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
486 };
487
488 };
489 }
490
My infrastructure configuration