1 { lib, pkgs, config, ... }:
3 adminer = pkgs.callPackage ./adminer.nix {
4 inherit (pkgs.webapps) adminer;
6 ympd = pkgs.callPackage ./ympd.nix {
7 env = config.myEnv.tools.ympd;
9 ttrss = pkgs.callPackage ./ttrss.nix {
10 inherit (pkgs.webapps) ttrss ttrss-plugins;
11 env = config.myEnv.tools.ttrss;
14 kanboard = pkgs.callPackage ./kanboard.nix {
15 env = config.myEnv.tools.kanboard;
17 wallabag = pkgs.callPackage ./wallabag.nix {
18 wallabag = pkgs.webapps.wallabag.override {
19 composerEnv = pkgs.composerEnv.override {
20 php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
23 env = config.myEnv.tools.wallabag;
25 yourls = pkgs.callPackage ./yourls.nix {
26 inherit (pkgs.webapps) yourls yourls-plugins;
27 env = config.myEnv.tools.yourls;
29 rompr = pkgs.callPackage ./rompr.nix {
30 inherit (pkgs.webapps) rompr;
31 env = config.myEnv.tools.rompr;
33 shaarli = pkgs.callPackage ./shaarli.nix {
34 env = config.myEnv.tools.shaarli;
36 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
37 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
39 ldap = pkgs.callPackage ./ldap.nix {
40 inherit (pkgs.webapps) phpldapadmin;
41 env = config.myEnv.tools.phpldapadmin;
43 grocy = pkgs.callPackage ./grocy.nix {
44 grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
46 phpbb = pkgs.callPackage ./phpbb.nix {
47 phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
48 e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
49 e.empteintesduweb.monitoranswers e.lr94.autosubscribe
50 e.phpbbmodders.adduser ]);
52 webhooks = pkgs.callPackage ./webhooks.nix {
53 env = config.myEnv.tools.webhooks;
55 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
56 env = config.myEnv.tools.dmarc_reports;
58 csp-reports = pkgs.callPackage ./csp_reports.nix {
59 env = config.myEnv.tools.csp_reports;
62 landing = pkgs.callPackage ./landing.nix {};
64 cfg = config.myServices.websites.tools.tools;
65 pcfg = config.services.phpfpm.pools;
67 options.myServices.websites.tools.tools = {
68 enable = lib.mkEnableOption "enable tools website";
71 config = lib.mkIf cfg.enable {
83 services.duplyBackup.profiles = {
84 dokuwiki = dokuwiki.backups;
85 grocy = grocy.backups;
86 kanboard = kanboard.backups;
87 rompr = rompr.backups;
88 shaarli = shaarli.backups;
89 ttrss = ttrss.backups;
90 wallabag = wallabag.backups;
91 phpbb = phpbb.backups;
94 services.websites.env.tools.modules =
96 ++ adminer.apache.modules
97 ++ ympd.apache.modules
98 ++ ttrss.apache.modules
99 ++ wallabag.apache.modules
100 ++ yourls.apache.modules
101 ++ rompr.apache.modules
102 ++ shaarli.apache.modules
103 ++ dokuwiki.apache.modules
104 ++ dmarc-reports.apache.modules
105 ++ phpbb.apache.modules
106 ++ ldap.apache.modules
107 ++ kanboard.apache.modules;
109 services.websites.env.integration.vhostConfs.devtools = {
110 certName = "integration";
111 certMainHost = "devtools.immae.eu";
113 hosts = [ "devtools.immae.eu" ];
114 root = "/var/lib/ftp/devtools.immae.eu";
117 Use Apaxy "/var/lib/ftp/devtools.immae.eu" "title"
120 Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
121 <Directory "/var/lib/ftp/devtools.immae.eu">
122 DirectoryIndex index.php index.htm index.html
125 <FilesMatch "\.php$">
126 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
133 services.websites.env.tools.vhostConfs.tools = {
134 certName = "eldiron";
136 hosts = ["tools.immae.eu" ];
140 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
141 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
142 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
144 <Directory "${landing}">
145 DirectoryIndex index.html
149 <FilesMatch "\.php$">
150 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
154 (adminer.apache.vhostConf pcfg.adminer.socket)
155 ympd.apache.vhostConf
156 (ttrss.apache.vhostConf pcfg.ttrss.socket)
157 (wallabag.apache.vhostConf pcfg.wallabag.socket)
158 (yourls.apache.vhostConf pcfg.yourls.socket)
159 (rompr.apache.vhostConf pcfg.rompr.socket)
160 (shaarli.apache.vhostConf pcfg.shaarli.socket)
161 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
162 (ldap.apache.vhostConf pcfg.ldap.socket)
163 (kanboard.apache.vhostConf pcfg.kanboard.socket)
164 (grocy.apache.vhostConf pcfg.grocy.socket)
165 (phpbb.apache.vhostConf pcfg.phpbb.socket)
166 (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
168 Alias /paste /var/lib/fiche
169 <Directory "/var/lib/fiche">
170 DirectoryIndex index.txt index.html
176 Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
177 <Directory "/var/lib/buildbot/outputs/immae/bip39">
178 DirectoryIndex index.html
183 Alias /webhooks ${config.secrets.location}/webapps/webhooks
184 <Directory "${config.secrets.location}/webapps/webhooks">
188 <FilesMatch "\.php$">
189 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
196 services.websites.env.tools.vhostConfs.outils = {
197 certName = "eldiron";
199 hosts = [ "outils.immae.eu" ];
203 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
205 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
207 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
208 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
210 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
211 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
212 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
213 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
215 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
217 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
219 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
221 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
223 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
230 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
231 wants = dokuwiki.phpFpm.serviceDeps;
234 after = lib.mkAfter phpbb.phpFpm.serviceDeps;
235 wants = phpbb.phpFpm.serviceDeps;
238 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
239 wants = kanboard.phpFpm.serviceDeps;
242 after = lib.mkAfter ldap.phpFpm.serviceDeps;
243 wants = ldap.phpFpm.serviceDeps;
246 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
247 wants = shaarli.phpFpm.serviceDeps;
250 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
251 wants = ttrss.phpFpm.serviceDeps;
254 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
255 wants = wallabag.phpFpm.serviceDeps;
256 preStart = lib.mkAfter wallabag.phpFpm.preStart;
259 after = lib.mkAfter yourls.phpFpm.serviceDeps;
260 wants = yourls.phpFpm.serviceDeps;
263 description = "Standalone MPD Web GUI written in C";
264 wantedBy = [ "multi-user.target" ];
266 export MPD_PASSWORD=$(cat /var/secrets/mpd)
267 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
271 description = "Tiny Tiny RSS feeds update daemon";
274 ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
275 StandardOutput = "syslog";
276 StandardError = "syslog";
277 PermissionsStartOnly = true;
280 wantedBy = [ "multi-user.target" ];
281 requires = ["postgresql.service"];
282 after = ["network.target" "postgresql.service"];
286 services.filesWatcher.ympd = {
288 paths = [ "/var/secrets/mpd" ];
291 services.phpfpm.pools = {
296 "listen.owner" = "wwwrun";
297 "listen.group" = "wwwrun";
299 "pm.max_children" = "60";
300 "pm.start_servers" = "2";
301 "pm.min_spare_servers" = "1";
302 "pm.max_spare_servers" = "10";
304 # Needed to avoid clashes in browser cookies (same domain)
305 "php_value[session.name]" = "ToolsPHPSESSID";
306 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
307 "/run/wrappers/bin/sendmail" landing "/tmp"
308 "${config.secrets.location}/webapps/webhooks"
310 "include" = "${config.secrets.location}/webapps/tools-csp-reports.conf";
313 CONTACT_EMAIL = config.myEnv.tools.contact;
315 phpPackage = pkgs.php72;
321 "listen.owner" = "wwwrun";
322 "listen.group" = "wwwrun";
324 "pm.max_children" = "60";
325 "pm.start_servers" = "2";
326 "pm.min_spare_servers" = "1";
327 "pm.max_spare_servers" = "10";
329 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
331 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
333 adminer = adminer.phpFpm;
337 settings = ttrss.phpFpm.pool;
338 phpPackage = pkgs.php72;
343 settings = wallabag.phpFpm.pool;
344 phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
349 settings = yourls.phpFpm.pool;
350 phpPackage = pkgs.php72;
355 settings = rompr.phpFpm.pool;
356 phpPackage = pkgs.php72;
361 settings = shaarli.phpFpm.pool;
362 phpPackage = pkgs.php72;
367 settings = dmarc-reports.phpFpm.pool;
368 phpEnv = dmarc-reports.phpFpm.phpEnv;
369 phpPackage = pkgs.php72;
374 settings = dokuwiki.phpFpm.pool;
375 phpPackage = pkgs.php72;
380 settings = phpbb.phpFpm.pool;
381 phpPackage = pkgs.php72;
386 settings = ldap.phpFpm.pool;
387 phpPackage = pkgs.php72;
392 settings = kanboard.phpFpm.pool;
393 phpPackage = pkgs.php72;
398 settings = grocy.phpFpm.pool;
399 phpPackage = pkgs.php72;
403 system.activationScripts = {
404 adminer = adminer.activationScript;
405 grocy = grocy.activationScript;
406 ttrss = ttrss.activationScript;
407 wallabag = wallabag.activationScript;
408 yourls = yourls.activationScript;
409 rompr = rompr.activationScript;
410 shaarli = shaarli.activationScript;
411 dokuwiki = dokuwiki.activationScript;
412 phpbb = phpbb.activationScript;
413 kanboard = kanboard.activationScript;
414 ldap = ldap.activationScript;
417 services.websites.webappDirs = {
418 _adminer = adminer.webRoot;
419 "${dmarc-reports.apache.webappName}" = dmarc-reports.webRoot;
420 "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
421 "${phpbb.apache.webappName}" = phpbb.webRoot;
422 "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
423 "${rompr.apache.webappName}" = rompr.webRoot;
424 "${shaarli.apache.webappName}" = shaarli.webRoot;
425 "${ttrss.apache.webappName}" = ttrss.webRoot;
426 "${wallabag.apache.webappName}" = wallabag.webRoot;
427 "${yourls.apache.webappName}" = yourls.webRoot;
428 "${kanboard.apache.webappName}" = kanboard.webRoot;
429 "${grocy.apache.webappName}" = grocy.webRoot;
432 services.websites.env.tools.watchPaths = [
433 "/var/secrets/webapps/tools-shaarli"
435 services.filesWatcher.phpfpm-wallabag = {
437 paths = [ "/var/secrets/webapps/tools-wallabag" ];
442 port = config.myEnv.ports.fiche;
443 domain = "tools.immae.eu/paste";