1 { lib, pkgs, config, ... }:
3 flakeCompat = import ../../../../../lib/flake-compat.nix;
5 adminer = pkgs.callPackage ./adminer.nix {
6 inherit (pkgs.webapps) adminer;
8 ympd = pkgs.callPackage ./ympd.nix {
9 env = config.myEnv.tools.ympd;
11 ttrss = pkgs.callPackage ./ttrss.nix {
12 inherit (pkgs.webapps) ttrss ttrss-plugins;
13 env = config.myEnv.tools.ttrss;
17 kanboard = pkgs.callPackage ./kanboard.nix {
19 env = config.myEnv.tools.kanboard;
21 wallabag = pkgs.callPackage ./wallabag.nix {
22 wallabag = pkgs.webapps.wallabag.override {
23 composerEnv = pkgs.composerEnv.override {
24 php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
27 env = config.myEnv.tools.wallabag;
30 yourls = pkgs.callPackage ./yourls.nix {
31 inherit (pkgs.webapps) yourls yourls-plugins;
32 env = config.myEnv.tools.yourls;
35 rompr = pkgs.callPackage ./rompr.nix {
36 inherit (pkgs.webapps) rompr;
37 env = config.myEnv.tools.rompr;
39 shaarli = pkgs.callPackage ./shaarli.nix {
40 env = config.myEnv.tools.shaarli;
43 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
44 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
46 ldap = pkgs.callPackage ./ldap.nix {
47 inherit (pkgs.webapps) phpldapadmin;
48 env = config.myEnv.tools.phpldapadmin;
51 grocy = pkgs.callPackage ./grocy.nix {
52 grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
54 phpbb = pkgs.callPackage ./phpbb.nix {
55 phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
56 e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
57 e.empteintesduweb.monitoranswers e.lr94.autosubscribe
58 e.phpbbmodders.adduser ]);
60 webhooks = pkgs.callPackage ./webhooks.nix {
61 env = config.myEnv.tools.webhooks;
63 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
64 env = config.myEnv.tools.dmarc_reports;
67 csp-reports = pkgs.callPackage ./csp_reports.nix {
68 env = config.myEnv.tools.csp_reports;
71 landing = pkgs.callPackage ./landing.nix {};
73 cfg = config.myServices.websites.tools.tools;
74 pcfg = config.services.phpfpm.pools;
77 builtins.attrValues (flakeCompat ../../../../../flakes/private/paste).nixosModules;
79 options.myServices.websites.tools.tools = {
80 enable = lib.mkEnableOption "enable tools website";
83 config = lib.mkIf cfg.enable {
95 services.duplyBackup.profiles = {
96 dokuwiki = dokuwiki.backups;
97 grocy = grocy.backups;
98 kanboard = kanboard.backups;
99 rompr = rompr.backups;
100 shaarli = shaarli.backups;
101 ttrss = ttrss.backups;
102 wallabag = wallabag.backups;
103 phpbb = phpbb.backups;
106 services.websites.env.tools.modules =
108 ++ adminer.apache.modules
109 ++ ympd.apache.modules
110 ++ ttrss.apache.modules
111 ++ wallabag.apache.modules
112 ++ yourls.apache.modules
113 ++ rompr.apache.modules
114 ++ shaarli.apache.modules
115 ++ dokuwiki.apache.modules
116 ++ dmarc-reports.apache.modules
117 ++ phpbb.apache.modules
118 ++ ldap.apache.modules
119 ++ kanboard.apache.modules;
121 services.websites.env.integration.vhostConfs.devtools = {
122 certName = "integration";
123 certMainHost = "devtools.immae.eu";
125 hosts = [ "devtools.immae.eu" ];
126 root = "/var/lib/ftp/devtools.immae.eu";
129 Use Apaxy "/var/lib/ftp/devtools.immae.eu" "title"
132 Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
133 <Directory "/var/lib/ftp/devtools.immae.eu">
134 DirectoryIndex index.php index.htm index.html
137 <FilesMatch "\.php$">
138 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
145 services.websites.env.tools.vhostConfs.tools = {
146 certName = "eldiron";
148 hosts = ["tools.immae.eu" ];
152 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
153 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
154 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
156 <Directory "${landing}">
157 DirectoryIndex index.html
161 <FilesMatch "\.php$">
162 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
166 (adminer.apache.vhostConf pcfg.adminer.socket)
167 ympd.apache.vhostConf
168 (ttrss.apache.vhostConf pcfg.ttrss.socket)
169 (wallabag.apache.vhostConf pcfg.wallabag.socket)
170 (yourls.apache.vhostConf pcfg.yourls.socket)
171 (rompr.apache.vhostConf pcfg.rompr.socket)
172 (shaarli.apache.vhostConf pcfg.shaarli.socket)
173 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
174 (ldap.apache.vhostConf pcfg.ldap.socket)
175 (kanboard.apache.vhostConf pcfg.kanboard.socket)
176 (grocy.apache.vhostConf pcfg.grocy.socket)
177 (phpbb.apache.vhostConf pcfg.phpbb.socket)
178 (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
181 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
182 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
186 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
187 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
191 Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
192 <Directory "/var/lib/buildbot/outputs/immae/bip39">
193 DirectoryIndex index.html
198 Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
199 <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
203 <FilesMatch "\.php$">
204 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
211 services.websites.env.tools.vhostConfs.outils = {
212 certName = "eldiron";
214 hosts = [ "outils.immae.eu" ];
218 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
220 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
222 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
223 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
225 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
226 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
227 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
228 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
230 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
232 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
234 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
236 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
238 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
245 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
246 wants = dokuwiki.phpFpm.serviceDeps;
249 after = lib.mkAfter phpbb.phpFpm.serviceDeps;
250 wants = phpbb.phpFpm.serviceDeps;
253 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
254 wants = kanboard.phpFpm.serviceDeps;
257 after = lib.mkAfter ldap.phpFpm.serviceDeps;
258 wants = ldap.phpFpm.serviceDeps;
261 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
262 wants = shaarli.phpFpm.serviceDeps;
265 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
266 wants = ttrss.phpFpm.serviceDeps;
269 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
270 wants = wallabag.phpFpm.serviceDeps;
271 preStart = lib.mkAfter wallabag.phpFpm.preStart;
274 after = lib.mkAfter yourls.phpFpm.serviceDeps;
275 wants = yourls.phpFpm.serviceDeps;
278 description = "Standalone MPD Web GUI written in C";
279 wantedBy = [ "multi-user.target" ];
281 export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
282 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
286 description = "Tiny Tiny RSS feeds update daemon";
289 ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
290 StandardOutput = "syslog";
291 StandardError = "syslog";
292 PermissionsStartOnly = true;
295 wantedBy = [ "multi-user.target" ];
296 requires = ["postgresql.service"];
297 after = ["network.target" "postgresql.service"];
301 services.filesWatcher.ympd = {
303 paths = [ config.secrets.fullPaths."mpd" ];
306 services.phpfpm.pools = {
311 "listen.owner" = "wwwrun";
312 "listen.group" = "wwwrun";
314 "pm.max_children" = "60";
315 "pm.start_servers" = "2";
316 "pm.min_spare_servers" = "1";
317 "pm.max_spare_servers" = "10";
319 # Needed to avoid clashes in browser cookies (same domain)
320 "php_value[session.name]" = "ToolsPHPSESSID";
321 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
322 "/run/wrappers/bin/sendmail" landing "/tmp"
323 config.secrets.fullPaths."webapps/webhooks"
325 "include" = config.secrets.fullPaths."webapps/tools-csp-reports.conf";
328 CONTACT_EMAIL = config.myEnv.tools.contact;
330 phpPackage = pkgs.php72;
336 "listen.owner" = "wwwrun";
337 "listen.group" = "wwwrun";
339 "pm.max_children" = "60";
340 "pm.start_servers" = "2";
341 "pm.min_spare_servers" = "1";
342 "pm.max_spare_servers" = "10";
344 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
346 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
348 adminer = adminer.phpFpm;
352 settings = ttrss.phpFpm.pool;
353 phpPackage = pkgs.php72;
358 settings = wallabag.phpFpm.pool;
359 phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
364 settings = yourls.phpFpm.pool;
365 phpPackage = pkgs.php72;
370 settings = rompr.phpFpm.pool;
371 phpPackage = pkgs.php72;
376 settings = shaarli.phpFpm.pool;
377 phpPackage = pkgs.php72;
382 settings = dmarc-reports.phpFpm.pool;
383 phpEnv = dmarc-reports.phpFpm.phpEnv;
384 phpPackage = pkgs.php72;
389 settings = dokuwiki.phpFpm.pool;
390 phpPackage = pkgs.php72;
395 settings = phpbb.phpFpm.pool;
396 phpPackage = pkgs.php72;
401 settings = ldap.phpFpm.pool;
402 phpPackage = pkgs.php72;
407 settings = kanboard.phpFpm.pool;
408 phpPackage = pkgs.php72;
413 settings = grocy.phpFpm.pool;
414 phpPackage = pkgs.php72;
418 system.activationScripts = {
419 adminer = adminer.activationScript;
420 grocy = grocy.activationScript;
421 ttrss = ttrss.activationScript;
422 wallabag = wallabag.activationScript;
423 yourls = yourls.activationScript;
424 rompr = rompr.activationScript;
425 shaarli = shaarli.activationScript;
426 dokuwiki = dokuwiki.activationScript;
427 phpbb = phpbb.activationScript;
428 kanboard = kanboard.activationScript;
429 ldap = ldap.activationScript;
432 services.websites.webappDirs = {
433 _adminer = adminer.webRoot;
434 "${dmarc-reports.apache.webappName}" = dmarc-reports.webRoot;
435 "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
436 "${phpbb.apache.webappName}" = phpbb.webRoot;
437 "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
438 "${rompr.apache.webappName}" = rompr.webRoot;
439 "${shaarli.apache.webappName}" = shaarli.webRoot;
440 "${ttrss.apache.webappName}" = ttrss.webRoot;
441 "${wallabag.apache.webappName}" = wallabag.webRoot;
442 "${yourls.apache.webappName}" = yourls.webRoot;
443 "${kanboard.apache.webappName}" = kanboard.webRoot;
444 "${grocy.apache.webappName}" = grocy.webRoot;
447 services.websites.env.tools.watchPaths = [
448 config.secrets.fullPaths."webapps/tools-shaarli"
450 services.filesWatcher.phpfpm-wallabag = {
452 paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];