1 { lib, pkgs, config, ... }:
3 adminer = pkgs.callPackage ./adminer.nix {
4 inherit (pkgs.webapps) adminer;
6 ympd = pkgs.callPackage ./ympd.nix {
7 env = config.myEnv.tools.ympd;
9 ttrss = pkgs.callPackage ./ttrss.nix {
10 inherit (pkgs.webapps) ttrss ttrss-plugins;
11 env = config.myEnv.tools.ttrss;
13 kanboard = pkgs.callPackage ./kanboard.nix {
14 env = config.myEnv.tools.kanboard;
16 wallabag = pkgs.callPackage ./wallabag.nix {
17 inherit (pkgs.webapps) wallabag;
18 env = config.myEnv.tools.wallabag;
20 yourls = pkgs.callPackage ./yourls.nix {
21 inherit (pkgs.webapps) yourls yourls-plugins;
22 env = config.myEnv.tools.yourls;
24 rompr = pkgs.callPackage ./rompr.nix {
25 inherit (pkgs.webapps) rompr;
26 env = config.myEnv.tools.rompr;
28 shaarli = pkgs.callPackage ./shaarli.nix {
29 env = config.myEnv.tools.shaarli;
31 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
32 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
34 ldap = pkgs.callPackage ./ldap.nix {
35 inherit (pkgs.webapps) phpldapadmin;
36 env = config.myEnv.tools.phpldapadmin;
38 grocy = pkgs.callPackage ./grocy.nix {
39 inherit (pkgs.webapps) grocy;
42 cfg = config.myServices.websites.tools.tools;
43 pcfg = config.services.phpfpm.pools;
45 options.myServices.websites.tools.tools = {
46 enable = lib.mkEnableOption "enable tools website";
49 config = lib.mkIf cfg.enable {
58 services.duplyBackup.profiles = {
59 dokuwiki = dokuwiki.backups;
60 grocy = grocy.backups;
61 kanboard = kanboard.backups;
62 rompr = rompr.backups;
63 shaarli = shaarli.backups;
64 ttrss = ttrss.backups;
65 wallabag = wallabag.backups;
68 services.websites.env.tools.modules =
70 ++ adminer.apache.modules
71 ++ ympd.apache.modules
72 ++ ttrss.apache.modules
73 ++ wallabag.apache.modules
74 ++ yourls.apache.modules
75 ++ rompr.apache.modules
76 ++ shaarli.apache.modules
77 ++ dokuwiki.apache.modules
78 ++ ldap.apache.modules
79 ++ kanboard.apache.modules;
81 services.websites.env.integration.vhostConfs.devtools = {
82 certName = "integration";
83 certMainHost = "devtools.immae.eu";
85 hosts = [ "devtools.immae.eu" ];
86 root = "/var/lib/ftp/devtools.immae.eu";
91 <Directory "/var/lib/ftp/devtools.immae.eu">
92 DirectoryIndex index.php index.htm index.html
96 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
103 services.websites.env.tools.vhostConfs.tools = {
104 certName = "eldiron";
106 hosts = ["tools.immae.eu" ];
107 root = "/var/lib/ftp/tools.immae.eu";
110 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
111 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
112 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
115 RewriteCond %{DOCUMENT_ROOT}/homer%{REQUEST_URI} -f
116 RewriteRule ^(.*)$ /homer$1 [QSA,L]
118 <Directory "/var/lib/ftp/tools.immae.eu">
119 DirectoryIndex index.php index.htm index.html
122 <FilesMatch "\.php$">
123 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
127 (adminer.apache.vhostConf pcfg.adminer.socket)
128 ympd.apache.vhostConf
129 (ttrss.apache.vhostConf pcfg.ttrss.socket)
130 (wallabag.apache.vhostConf pcfg.wallabag.socket)
131 (yourls.apache.vhostConf pcfg.yourls.socket)
132 (rompr.apache.vhostConf pcfg.rompr.socket)
133 (shaarli.apache.vhostConf pcfg.shaarli.socket)
134 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
135 (ldap.apache.vhostConf pcfg.ldap.socket)
136 (kanboard.apache.vhostConf pcfg.kanboard.socket)
137 (grocy.apache.vhostConf pcfg.grocy.socket)
139 Alias /paste /var/lib/fiche
140 <Directory "/var/lib/fiche">
141 DirectoryIndex index.txt index.html
150 services.websites.env.tools.vhostConfs.outils = {
151 certName = "eldiron";
153 hosts = [ "outils.immae.eu" ];
157 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
159 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
161 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
162 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
164 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
165 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
166 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
167 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
169 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
171 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
173 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
175 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
177 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
184 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
185 wants = dokuwiki.phpFpm.serviceDeps;
188 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
189 wants = kanboard.phpFpm.serviceDeps;
192 after = lib.mkAfter ldap.phpFpm.serviceDeps;
193 wants = ldap.phpFpm.serviceDeps;
196 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
197 wants = shaarli.phpFpm.serviceDeps;
200 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
201 wants = ttrss.phpFpm.serviceDeps;
204 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
205 wants = wallabag.phpFpm.serviceDeps;
206 preStart = lib.mkAfter wallabag.phpFpm.preStart;
209 after = lib.mkAfter yourls.phpFpm.serviceDeps;
210 wants = yourls.phpFpm.serviceDeps;
213 description = "Standalone MPD Web GUI written in C";
214 wantedBy = [ "multi-user.target" ];
216 export MPD_PASSWORD=$(cat /var/secrets/mpd)
217 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
221 description = "Tiny Tiny RSS feeds update daemon";
224 ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
225 StandardOutput = "syslog";
226 StandardError = "syslog";
227 PermissionsStartOnly = true;
230 wantedBy = [ "multi-user.target" ];
231 requires = ["postgresql.service"];
232 after = ["network.target" "postgresql.service"];
236 services.filesWatcher.ympd = {
238 paths = [ "/var/secrets/mpd" ];
241 services.phpfpm.pools = {
246 "listen.owner" = "wwwrun";
247 "listen.group" = "wwwrun";
249 "pm.max_children" = "60";
250 "pm.start_servers" = "2";
251 "pm.min_spare_servers" = "1";
252 "pm.max_spare_servers" = "10";
254 # Needed to avoid clashes in browser cookies (same domain)
255 "php_value[session.name]" = "ToolsPHPSESSID";
256 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp";
263 "listen.owner" = "wwwrun";
264 "listen.group" = "wwwrun";
266 "pm.max_children" = "60";
267 "pm.start_servers" = "2";
268 "pm.min_spare_servers" = "1";
269 "pm.max_spare_servers" = "10";
271 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
273 phpOptions = config.services.phpfpm.phpOptions + ''
274 extension=${pkgs.php}/lib/php/extensions/mysqli.so
275 extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
276 extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
277 zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
280 adminer = adminer.phpFpm;
284 settings = ttrss.phpFpm.pool;
289 settings = wallabag.phpFpm.pool;
294 settings = yourls.phpFpm.pool;
299 settings = rompr.phpFpm.pool;
304 settings = shaarli.phpFpm.pool;
309 settings = dokuwiki.phpFpm.pool;
314 settings = ldap.phpFpm.pool;
315 phpPackage = pkgs.php72;
320 settings = kanboard.phpFpm.pool;
325 settings = grocy.phpFpm.pool;
329 system.activationScripts = {
330 adminer = adminer.activationScript;
331 grocy = grocy.activationScript;
332 ttrss = ttrss.activationScript;
333 wallabag = wallabag.activationScript;
334 yourls = yourls.activationScript;
335 rompr = rompr.activationScript;
336 shaarli = shaarli.activationScript;
337 dokuwiki = dokuwiki.activationScript;
338 kanboard = kanboard.activationScript;
339 ldap = ldap.activationScript;
342 services.websites.webappDirs = {
343 _adminer = adminer.webRoot;
344 "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
345 "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
346 "${rompr.apache.webappName}" = rompr.webRoot;
347 "${shaarli.apache.webappName}" = shaarli.webRoot;
348 "${ttrss.apache.webappName}" = ttrss.webRoot;
349 "${wallabag.apache.webappName}" = wallabag.webRoot;
350 "${yourls.apache.webappName}" = yourls.webRoot;
351 "${kanboard.apache.webappName}" = kanboard.webRoot;
352 "${grocy.apache.webappName}" = grocy.webRoot;
355 services.websites.env.tools.watchPaths = [
356 "/var/secrets/webapps/tools-shaarli"
358 services.filesWatcher.phpfpm-wallabag = {
360 paths = [ "/var/secrets/webapps/tools-wallabag" ];
365 port = config.myEnv.ports.fiche;
366 domain = "tools.immae.eu/paste";