1 { lib, pkgs, config, ... }:
3 flakeCompat = import ../../../../../lib/flake-compat.nix;
5 adminer = pkgs.callPackage ./adminer.nix {};
6 ympd = pkgs.callPackage ./ympd.nix {
7 env = config.myEnv.tools.ympd;
9 ttrss = pkgs.callPackage ./ttrss.nix {
10 inherit (pkgs.webapps) ttrss ttrss-plugins;
11 env = config.myEnv.tools.ttrss;
15 kanboard = pkgs.callPackage ./kanboard.nix {
17 env = config.myEnv.tools.kanboard;
19 wallabag = pkgs.callPackage ./wallabag.nix {
20 wallabag = pkgs.webapps.wallabag.override {
21 composerEnv = pkgs.composerEnv.override {
22 php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
25 env = config.myEnv.tools.wallabag;
28 yourls = pkgs.callPackage ./yourls.nix {
29 inherit (pkgs.webapps) yourls yourls-plugins;
30 env = config.myEnv.tools.yourls;
33 rompr = pkgs.callPackage ./rompr.nix {
34 inherit (pkgs.webapps) rompr;
35 env = config.myEnv.tools.rompr;
37 shaarli = pkgs.callPackage ./shaarli.nix {
38 env = config.myEnv.tools.shaarli;
41 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
42 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
44 ldap = pkgs.callPackage ./ldap.nix {
45 inherit (pkgs.webapps) phpldapadmin;
46 env = config.myEnv.tools.phpldapadmin;
49 grocy = pkgs.callPackage ./grocy.nix {
50 grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
52 phpbb = pkgs.callPackage ./phpbb.nix {
53 phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
54 e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
55 e.empteintesduweb.monitoranswers e.lr94.autosubscribe
56 e.phpbbmodders.adduser ]);
58 webhooks-bin-env = pkgs.buildEnv {
60 paths = [ pkgs.apprise ];
61 pathsToLink = [ "/bin" ];
63 webhooks = pkgs.callPackage ./webhooks.nix {
64 env = config.myEnv.tools.webhooks;
65 binEnv = webhooks-bin-env;
67 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
68 env = config.myEnv.tools.dmarc_reports;
72 landing = pkgs.callPackage ./landing.nix {};
74 cfg = config.myServices.websites.tools.tools;
75 pcfg = config.services.phpfpm.pools;
78 builtins.attrValues (flakeCompat ../../../../../flakes/private/paste).nixosModules;
80 options.myServices.websites.tools.tools = {
81 enable = lib.mkEnableOption "enable tools website";
84 config = lib.mkIf cfg.enable {
85 myServices.chatonsProperties.services = {
86 dokuwiki = dokuwiki.chatonsProperties;
87 shaarli = shaarli.chatonsProperties;
88 ttrss = ttrss.chatonsProperties;
89 wallabag = wallabag.chatonsProperties;
91 file.datetime = "2022-08-22T00:15:00";
94 description = "A simple paster script with syntax highlight";
95 website = "https://tools.immae.eu/paste/";
96 logo = "https://assets.immae.eu/logo.jpg";
98 status.description = "OK";
99 registration."" = ["MEMBER" "CLIENT"];
100 registration.load = "OPEN";
101 install.type = "PACKAGE";
102 guide.user = "https://tools.immae.eu/paste/";
106 website = "https://tools.immae.eu/paste/";
107 license.url = "https://tools.immae.eu/paste/license";
108 license.name = "MIT License";
109 version = "Unversioned";
110 source.url = "https://tools.immae.eu/paste/abcd123/py";
114 myServices.chatonsProperties.hostings = {
115 dokuwiki = dokuwiki.chatonsHostingProperties;
116 phpbb = phpbb.chatonsHostingProperties;
125 // dmarc-reports.keys
128 services.websites.env.tools.modules =
130 ++ adminer.apache.modules
131 ++ ympd.apache.modules
132 ++ ttrss.apache.modules
133 ++ wallabag.apache.modules
134 ++ yourls.apache.modules
135 ++ rompr.apache.modules
136 ++ shaarli.apache.modules
137 ++ dokuwiki.apache.modules
138 ++ dmarc-reports.apache.modules
139 ++ phpbb.apache.modules
140 ++ ldap.apache.modules
141 ++ kanboard.apache.modules;
143 services.websites.env.integration.vhostConfs.devtools = {
144 certName = "integration";
145 certMainHost = "tools.immae.dev";
147 hosts = [ "tools.immae.dev" ];
148 root = "/var/lib/ftp/immae/devtools";
151 Use Apaxy "/var/lib/ftp/immae/devtools" "title"
154 Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
155 <Directory "/var/lib/ftp/immae/devtools">
156 DirectoryIndex index.php index.htm index.html
159 <FilesMatch "\.php$">
160 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
167 services.websites.env.tools.vhostConfs.tools = {
168 certName = "eldiron";
170 hosts = ["tools.immae.eu" ];
174 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
175 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
176 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
178 <Directory "${landing}">
179 DirectoryIndex index.html
183 <FilesMatch "\.php$">
184 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
188 (adminer.apache.vhostConf pcfg.adminer.socket)
189 ympd.apache.vhostConf
190 (ttrss.apache.vhostConf pcfg.ttrss.socket)
191 (wallabag.apache.vhostConf pcfg.wallabag.socket)
192 (yourls.apache.vhostConf pcfg.yourls.socket)
193 (rompr.apache.vhostConf pcfg.rompr.socket)
194 (shaarli.apache.vhostConf pcfg.shaarli.socket)
195 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
196 (ldap.apache.vhostConf pcfg.ldap.socket)
197 (kanboard.apache.vhostConf pcfg.kanboard.socket)
198 (grocy.apache.vhostConf pcfg.grocy.socket)
199 (phpbb.apache.vhostConf pcfg.phpbb.socket)
200 (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
203 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
204 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
208 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
209 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
214 SetEnv proxy-nokeepalive 1
215 SetEnv proxy-sendchunked 1
216 LimitRequestBody 102400
220 # FIXME: why is landing prefixed in the url?
221 RewriteCond %{HTTP:Upgrade} websocket [NC]
222 RewriteCond %{HTTP:Connection} upgrade [NC]
223 RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|ws://tools.immae.eu/$2 [P,NE,QSA,L]
225 RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|http://tools.immae.eu/$2 [P,NE,QSA,L]
227 Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
228 <Directory "/var/lib/buildbot/outputs/immae/bip39">
229 DirectoryIndex index.html
234 Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
235 <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
237 DirectoryIndex index.php
240 <FilesMatch "\.php$">
241 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
248 services.websites.env.tools.vhostConfs.outils = {
249 certName = "eldiron";
251 hosts = [ "outils.immae.eu" ];
255 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
257 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
259 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
260 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
262 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
263 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
264 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
265 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
267 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
269 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
271 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
273 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
275 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
282 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
283 wants = dokuwiki.phpFpm.serviceDeps;
286 after = lib.mkAfter phpbb.phpFpm.serviceDeps;
287 wants = phpbb.phpFpm.serviceDeps;
290 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
291 wants = kanboard.phpFpm.serviceDeps;
294 after = lib.mkAfter ldap.phpFpm.serviceDeps;
295 wants = ldap.phpFpm.serviceDeps;
298 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
299 wants = shaarli.phpFpm.serviceDeps;
302 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
303 wants = ttrss.phpFpm.serviceDeps;
306 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
307 wants = wallabag.phpFpm.serviceDeps;
308 preStart = lib.mkAfter wallabag.phpFpm.preStart;
311 after = lib.mkAfter yourls.phpFpm.serviceDeps;
312 wants = yourls.phpFpm.serviceDeps;
315 description = "send push notifications to your phone or desktop via scripts from any computer";
316 wantedBy = [ "multi-user.target" ];
318 ExecStart = "${pkgs.ntfy-sh}/bin/ntfy serve --listen-http '' --listen-unix %t/ntfy/ntfy.sock --cache-file %S/ntfy/cache.db --cache-duration 120h --behind-proxy --attachment-cache-dir %S/ntfy/attachments --base-url https://tools.immae.eu/ntfy";
320 WorkingDirectory = "%S/ntfy";
321 RuntimeDirectory = "ntfy";
322 StateDirectory = "ntfy";
327 description = "Standalone MPD Web GUI written in C";
328 wantedBy = [ "multi-user.target" ];
330 export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
331 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
335 description = "Tiny Tiny RSS feeds update daemon";
338 ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
339 StandardOutput = "syslog";
340 StandardError = "syslog";
341 PermissionsStartOnly = true;
344 wantedBy = [ "multi-user.target" ];
345 requires = ["postgresql.service"];
346 after = ["network.target" "postgresql.service"];
350 services.filesWatcher.ympd = {
352 paths = [ config.secrets.fullPaths."mpd" ];
355 services.phpfpm.pools = {
360 "listen.owner" = "wwwrun";
361 "listen.group" = "wwwrun";
363 "pm.max_children" = "60";
364 "pm.start_servers" = "2";
365 "pm.min_spare_servers" = "1";
366 "pm.max_spare_servers" = "10";
368 # Needed to avoid clashes in browser cookies (same domain)
369 "php_value[session.name]" = "ToolsPHPSESSID";
370 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
371 "/run/wrappers/bin/sendmail" landing "/tmp"
372 config.secrets.fullPaths."webapps/webhooks"
373 "${webhooks-bin-env}/bin"
377 CONTACT_EMAIL = config.myEnv.tools.contact;
379 phpPackage = pkgs.php72;
385 "listen.owner" = "wwwrun";
386 "listen.group" = "wwwrun";
388 "pm.max_children" = "60";
389 "pm.start_servers" = "2";
390 "pm.min_spare_servers" = "1";
391 "pm.max_spare_servers" = "10";
393 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
395 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
397 adminer = adminer.phpFpm;
401 settings = ttrss.phpFpm.pool;
402 phpPackage = pkgs.php72;
407 settings = wallabag.phpFpm.pool;
408 phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
413 settings = yourls.phpFpm.pool;
414 phpPackage = pkgs.php72;
419 settings = rompr.phpFpm.pool;
420 phpPackage = pkgs.php72;
425 settings = shaarli.phpFpm.pool;
426 phpPackage = pkgs.php72;
431 settings = dmarc-reports.phpFpm.pool;
432 phpEnv = dmarc-reports.phpFpm.phpEnv;
433 phpPackage = pkgs.php72;
438 settings = dokuwiki.phpFpm.pool;
439 phpPackage = pkgs.php72;
444 settings = phpbb.phpFpm.pool;
445 phpPackage = pkgs.php72;
450 settings = ldap.phpFpm.pool;
451 phpPackage = pkgs.php72;
456 settings = kanboard.phpFpm.pool;
457 phpPackage = pkgs.php72;
462 settings = grocy.phpFpm.pool;
463 phpPackage = pkgs.php72;
467 system.activationScripts = {
468 adminer = adminer.activationScript;
469 grocy = grocy.activationScript;
470 ttrss = ttrss.activationScript;
471 wallabag = wallabag.activationScript;
472 yourls = yourls.activationScript;
473 rompr = rompr.activationScript;
474 shaarli = shaarli.activationScript;
475 dokuwiki = dokuwiki.activationScript;
476 phpbb = phpbb.activationScript;
477 kanboard = kanboard.activationScript;
478 ldap = ldap.activationScript;
481 services.websites.env.tools.watchPaths = [
482 config.secrets.fullPaths."webapps/tools-shaarli"
484 services.filesWatcher.phpfpm-wallabag = {
486 paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];