1 { lib, pkgs, config, ... }:
3 adminer = pkgs.callPackage ./adminer.nix {
4 inherit (pkgs.webapps) adminer;
6 ympd = pkgs.callPackage ./ympd.nix {
7 env = config.myEnv.tools.ympd;
9 ttrss = pkgs.callPackage ./ttrss.nix {
10 inherit (pkgs.webapps) ttrss ttrss-plugins;
11 env = config.myEnv.tools.ttrss;
14 kanboard = pkgs.callPackage ./kanboard.nix {
15 env = config.myEnv.tools.kanboard;
17 wallabag = pkgs.callPackage ./wallabag.nix {
18 wallabag = pkgs.webapps.wallabag.override {
19 composerEnv = pkgs.composerEnv.override {
20 php = pkgs.php73.withExtensions(e: pkgs.php73.enabledExtensions ++ [e.tidy]);
23 env = config.myEnv.tools.wallabag;
25 yourls = pkgs.callPackage ./yourls.nix {
26 inherit (pkgs.webapps) yourls yourls-plugins;
27 env = config.myEnv.tools.yourls;
29 rompr = pkgs.callPackage ./rompr.nix {
30 inherit (pkgs.webapps) rompr;
31 env = config.myEnv.tools.rompr;
33 shaarli = pkgs.callPackage ./shaarli.nix {
34 env = config.myEnv.tools.shaarli;
36 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
37 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
39 ldap = pkgs.callPackage ./ldap.nix {
40 inherit (pkgs.webapps) phpldapadmin;
41 env = config.myEnv.tools.phpldapadmin;
43 grocy = pkgs.callPackage ./grocy.nix {
44 grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
46 phpbb = pkgs.callPackage ./phpbb.nix {
47 phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
48 e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
49 e.empteintesduweb.monitoranswers e.lr94.autosubscribe
50 e.phpbbmodders.adduser ]);
52 webhooks = pkgs.callPackage ./webhooks.nix {
53 env = config.myEnv.tools.webhooks;
55 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
56 env = config.myEnv.tools.dmarc_reports;
59 landing = pkgs.callPackage ./landing.nix {};
61 cfg = config.myServices.websites.tools.tools;
62 pcfg = config.services.phpfpm.pools;
64 options.myServices.websites.tools.tools = {
65 enable = lib.mkEnableOption "enable tools website";
68 config = lib.mkIf cfg.enable {
79 services.duplyBackup.profiles = {
80 dokuwiki = dokuwiki.backups;
81 grocy = grocy.backups;
82 kanboard = kanboard.backups;
83 rompr = rompr.backups;
84 shaarli = shaarli.backups;
85 ttrss = ttrss.backups;
86 wallabag = wallabag.backups;
87 phpbb = phpbb.backups;
90 services.websites.env.tools.modules =
92 ++ adminer.apache.modules
93 ++ ympd.apache.modules
94 ++ ttrss.apache.modules
95 ++ wallabag.apache.modules
96 ++ yourls.apache.modules
97 ++ rompr.apache.modules
98 ++ shaarli.apache.modules
99 ++ dokuwiki.apache.modules
100 ++ dmarc-reports.apache.modules
101 ++ phpbb.apache.modules
102 ++ ldap.apache.modules
103 ++ kanboard.apache.modules;
105 services.websites.env.integration.vhostConfs.devtools = {
106 certName = "integration";
107 certMainHost = "devtools.immae.eu";
109 hosts = [ "devtools.immae.eu" ];
110 root = "/var/lib/ftp/devtools.immae.eu";
115 Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
116 <Directory "/var/lib/ftp/devtools.immae.eu">
117 DirectoryIndex index.php index.htm index.html
120 <FilesMatch "\.php$">
121 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
128 services.websites.env.tools.vhostConfs.tools = {
129 certName = "eldiron";
131 hosts = ["tools.immae.eu" ];
135 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
136 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
137 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
139 <Directory "${landing}">
140 DirectoryIndex index.html
144 <FilesMatch "\.php$">
145 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
149 (adminer.apache.vhostConf pcfg.adminer.socket)
150 ympd.apache.vhostConf
151 (ttrss.apache.vhostConf pcfg.ttrss.socket)
152 (wallabag.apache.vhostConf pcfg.wallabag.socket)
153 (yourls.apache.vhostConf pcfg.yourls.socket)
154 (rompr.apache.vhostConf pcfg.rompr.socket)
155 (shaarli.apache.vhostConf pcfg.shaarli.socket)
156 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
157 (ldap.apache.vhostConf pcfg.ldap.socket)
158 (kanboard.apache.vhostConf pcfg.kanboard.socket)
159 (grocy.apache.vhostConf pcfg.grocy.socket)
160 (phpbb.apache.vhostConf pcfg.phpbb.socket)
161 (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
163 Alias /paste /var/lib/fiche
164 <Directory "/var/lib/fiche">
165 DirectoryIndex index.txt index.html
171 Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
172 <Directory "/var/lib/buildbot/outputs/immae/bip39">
173 DirectoryIndex index.html
178 Alias /webhooks ${config.secrets.location}/webapps/webhooks
179 <Directory "${config.secrets.location}/webapps/webhooks">
183 <FilesMatch "\.php$">
184 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
191 services.websites.env.tools.vhostConfs.outils = {
192 certName = "eldiron";
194 hosts = [ "outils.immae.eu" ];
198 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
200 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
202 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
203 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
205 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
206 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
207 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
208 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
210 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
212 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
214 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
216 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
218 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
225 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
226 wants = dokuwiki.phpFpm.serviceDeps;
229 after = lib.mkAfter phpbb.phpFpm.serviceDeps;
230 wants = phpbb.phpFpm.serviceDeps;
233 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
234 wants = kanboard.phpFpm.serviceDeps;
237 after = lib.mkAfter ldap.phpFpm.serviceDeps;
238 wants = ldap.phpFpm.serviceDeps;
241 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
242 wants = shaarli.phpFpm.serviceDeps;
245 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
246 wants = ttrss.phpFpm.serviceDeps;
249 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
250 wants = wallabag.phpFpm.serviceDeps;
251 preStart = lib.mkAfter wallabag.phpFpm.preStart;
254 after = lib.mkAfter yourls.phpFpm.serviceDeps;
255 wants = yourls.phpFpm.serviceDeps;
258 description = "Standalone MPD Web GUI written in C";
259 wantedBy = [ "multi-user.target" ];
261 export MPD_PASSWORD=$(cat /var/secrets/mpd)
262 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
266 description = "Tiny Tiny RSS feeds update daemon";
269 ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
270 StandardOutput = "syslog";
271 StandardError = "syslog";
272 PermissionsStartOnly = true;
275 wantedBy = [ "multi-user.target" ];
276 requires = ["postgresql.service"];
277 after = ["network.target" "postgresql.service"];
281 services.filesWatcher.ympd = {
283 paths = [ "/var/secrets/mpd" ];
286 services.phpfpm.pools = {
291 "listen.owner" = "wwwrun";
292 "listen.group" = "wwwrun";
294 "pm.max_children" = "60";
295 "pm.start_servers" = "2";
296 "pm.min_spare_servers" = "1";
297 "pm.max_spare_servers" = "10";
299 # Needed to avoid clashes in browser cookies (same domain)
300 "php_value[session.name]" = "ToolsPHPSESSID";
301 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
302 "/run/wrappers/bin/sendmail" landing "/tmp"
303 "${config.secrets.location}/webapps/webhooks"
307 CONTACT_EMAIL = config.myEnv.tools.contact;
308 CSP_REPORT_URI = with config.myEnv.tools.csp_reports.postgresql;
309 "\"host=${socket} dbname=${database} user=${user} password=${password}\"";
311 phpPackage = pkgs.php72;
317 "listen.owner" = "wwwrun";
318 "listen.group" = "wwwrun";
320 "pm.max_children" = "60";
321 "pm.start_servers" = "2";
322 "pm.min_spare_servers" = "1";
323 "pm.max_spare_servers" = "10";
325 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
327 phpPackage = pkgs.php72.withExtensions(e: pkgs.php72.enabledExtensions ++ [e.mysqli e.redis e.apcu e.opcache ]);
329 adminer = adminer.phpFpm;
333 settings = ttrss.phpFpm.pool;
334 phpPackage = pkgs.php72;
339 settings = wallabag.phpFpm.pool;
340 phpPackage = pkgs.php73.withExtensions(e: pkgs.php73.enabledExtensions ++ [e.tidy]);
345 settings = yourls.phpFpm.pool;
346 phpPackage = pkgs.php72;
351 settings = rompr.phpFpm.pool;
352 phpPackage = pkgs.php72;
357 settings = shaarli.phpFpm.pool;
358 phpPackage = pkgs.php72;
363 settings = dmarc-reports.phpFpm.pool;
364 phpEnv = dmarc-reports.phpFpm.phpEnv;
365 phpPackage = pkgs.php72;
370 settings = dokuwiki.phpFpm.pool;
371 phpPackage = pkgs.php72;
376 settings = phpbb.phpFpm.pool;
377 phpPackage = pkgs.php72;
382 settings = ldap.phpFpm.pool;
383 phpPackage = pkgs.php72;
388 settings = kanboard.phpFpm.pool;
389 phpPackage = pkgs.php72;
394 settings = grocy.phpFpm.pool;
395 phpPackage = pkgs.php72;
399 system.activationScripts = {
400 adminer = adminer.activationScript;
401 grocy = grocy.activationScript;
402 ttrss = ttrss.activationScript;
403 wallabag = wallabag.activationScript;
404 yourls = yourls.activationScript;
405 rompr = rompr.activationScript;
406 shaarli = shaarli.activationScript;
407 dokuwiki = dokuwiki.activationScript;
408 phpbb = phpbb.activationScript;
409 kanboard = kanboard.activationScript;
410 ldap = ldap.activationScript;
413 services.websites.webappDirs = {
414 _adminer = adminer.webRoot;
415 "${dmarc-reports.apache.webappName}" = dmarc-reports.webRoot;
416 "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
417 "${phpbb.apache.webappName}" = phpbb.webRoot;
418 "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
419 "${rompr.apache.webappName}" = rompr.webRoot;
420 "${shaarli.apache.webappName}" = shaarli.webRoot;
421 "${ttrss.apache.webappName}" = ttrss.webRoot;
422 "${wallabag.apache.webappName}" = wallabag.webRoot;
423 "${yourls.apache.webappName}" = yourls.webRoot;
424 "${kanboard.apache.webappName}" = kanboard.webRoot;
425 "${grocy.apache.webappName}" = grocy.webRoot;
428 services.websites.env.tools.watchPaths = [
429 "/var/secrets/webapps/tools-shaarli"
431 services.filesWatcher.phpfpm-wallabag = {
433 paths = [ "/var/secrets/webapps/tools-wallabag" ];
438 port = config.myEnv.ports.fiche;
439 domain = "tools.immae.eu/paste";