]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/websites/tools/tools/default.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Move notification systems to apprise
[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix
1 { lib, pkgs, config, ... }:
2 let
3 flakeCompat = import ../../../../../lib/flake-compat.nix;
4
5 adminer = pkgs.callPackage ./adminer.nix {};
6 ympd = pkgs.callPackage ./ympd.nix {
7 env = config.myEnv.tools.ympd;
8 };
9 ttrss = pkgs.callPackage ./ttrss.nix {
10 inherit (pkgs.webapps) ttrss ttrss-plugins;
11 env = config.myEnv.tools.ttrss;
12 php = pkgs.php72;
13 inherit config;
14 };
15 kanboard = pkgs.callPackage ./kanboard.nix {
16 inherit config;
17 env = config.myEnv.tools.kanboard;
18 };
19 wallabag = pkgs.callPackage ./wallabag.nix {
20 wallabag = pkgs.webapps.wallabag.override {
21 composerEnv = pkgs.composerEnv.override {
22 php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
23 };
24 };
25 env = config.myEnv.tools.wallabag;
26 inherit config;
27 };
28 yourls = pkgs.callPackage ./yourls.nix {
29 inherit (pkgs.webapps) yourls yourls-plugins;
30 env = config.myEnv.tools.yourls;
31 inherit config;
32 };
33 rompr = pkgs.callPackage ./rompr.nix {
34 inherit (pkgs.webapps) rompr;
35 env = config.myEnv.tools.rompr;
36 };
37 shaarli = pkgs.callPackage ./shaarli.nix {
38 env = config.myEnv.tools.shaarli;
39 inherit config;
40 };
41 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
42 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
43 };
44 ldap = pkgs.callPackage ./ldap.nix {
45 inherit (pkgs.webapps) phpldapadmin;
46 env = config.myEnv.tools.phpldapadmin;
47 inherit config;
48 };
49 grocy = pkgs.callPackage ./grocy.nix {
50 grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
51 };
52 phpbb = pkgs.callPackage ./phpbb.nix {
53 phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
54 e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
55 e.empteintesduweb.monitoranswers e.lr94.autosubscribe
56 e.phpbbmodders.adduser ]);
57 };
58 webhooks-bin-env = pkgs.buildEnv {
59 name = "webhook-env";
60 paths = [ pkgs.apprise ];
61 pathsToLink = [ "/bin" ];
62 };
63 webhooks = pkgs.callPackage ./webhooks.nix {
64 env = config.myEnv.tools.webhooks;
65 binEnv = webhooks-bin-env;
66 };
67 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
68 env = config.myEnv.tools.dmarc_reports;
69 inherit config;
70 };
71
72 landing = pkgs.callPackage ./landing.nix {};
73
74 cfg = config.myServices.websites.tools.tools;
75 pcfg = config.services.phpfpm.pools;
76 in {
77 imports =
78 builtins.attrValues (flakeCompat ../../../../../flakes/private/paste).nixosModules;
79
80 options.myServices.websites.tools.tools = {
81 enable = lib.mkEnableOption "enable tools website";
82 };
83
84 config = lib.mkIf cfg.enable {
85 secrets.keys =
86 kanboard.keys
87 // ldap.keys
88 // shaarli.keys
89 // ttrss.keys
90 // wallabag.keys
91 // yourls.keys
92 // dmarc-reports.keys
93 // webhooks.keys;
94
95 services.websites.env.tools.modules =
96 [ "proxy_fcgi" ]
97 ++ adminer.apache.modules
98 ++ ympd.apache.modules
99 ++ ttrss.apache.modules
100 ++ wallabag.apache.modules
101 ++ yourls.apache.modules
102 ++ rompr.apache.modules
103 ++ shaarli.apache.modules
104 ++ dokuwiki.apache.modules
105 ++ dmarc-reports.apache.modules
106 ++ phpbb.apache.modules
107 ++ ldap.apache.modules
108 ++ kanboard.apache.modules;
109
110 services.websites.env.integration.vhostConfs.devtools = {
111 certName = "integration";
112 certMainHost = "tools.immae.dev";
113 addToCerts = true;
114 hosts = [ "tools.immae.dev" ];
115 root = "/var/lib/ftp/immae/devtools";
116 extraConfig = [
117 ''
118 Use Apaxy "/var/lib/ftp/immae/devtools" "title"
119 Timeout 600
120 ProxyTimeout 600
121 Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
122 <Directory "/var/lib/ftp/immae/devtools">
123 DirectoryIndex index.php index.htm index.html
124 AllowOverride all
125 Require all granted
126 <FilesMatch "\.php$">
127 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
128 </FilesMatch>
129 </Directory>
130 ''
131 ];
132 };
133
134 services.websites.env.tools.vhostConfs.tools = {
135 certName = "eldiron";
136 addToCerts = true;
137 hosts = ["tools.immae.eu" ];
138 root = landing;
139 extraConfig = [
140 ''
141 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
142 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
143 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
144
145 <Directory "${landing}">
146 DirectoryIndex index.html
147 AllowOverride None
148 Require all granted
149
150 <FilesMatch "\.php$">
151 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
152 </FilesMatch>
153 </Directory>
154 ''
155 (adminer.apache.vhostConf pcfg.adminer.socket)
156 ympd.apache.vhostConf
157 (ttrss.apache.vhostConf pcfg.ttrss.socket)
158 (wallabag.apache.vhostConf pcfg.wallabag.socket)
159 (yourls.apache.vhostConf pcfg.yourls.socket)
160 (rompr.apache.vhostConf pcfg.rompr.socket)
161 (shaarli.apache.vhostConf pcfg.shaarli.socket)
162 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
163 (ldap.apache.vhostConf pcfg.ldap.socket)
164 (kanboard.apache.vhostConf pcfg.kanboard.socket)
165 (grocy.apache.vhostConf pcfg.grocy.socket)
166 (phpbb.apache.vhostConf pcfg.phpbb.socket)
167 (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
168 ''
169 <Location "/paste/">
170 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
171 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
172 ProxyPreserveHost on
173 </Location>
174 <Location "/paste">
175 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
176 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
177 ProxyPreserveHost on
178 </Location>
179
180 Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
181 <Directory "/var/lib/buildbot/outputs/immae/bip39">
182 DirectoryIndex index.html
183 AllowOverride None
184 Require all granted
185 </Directory>
186
187 Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
188 <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
189 Options -Indexes
190 DirectoryIndex index.php
191 Require all granted
192 AllowOverride None
193 <FilesMatch "\.php$">
194 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
195 </FilesMatch>
196 </Directory>
197 ''
198 ];
199 };
200
201 services.websites.env.tools.vhostConfs.outils = {
202 certName = "eldiron";
203 addToCerts = true;
204 hosts = [ "outils.immae.eu" ];
205 root = null;
206 extraConfig = [
207 ''
208 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
209
210 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
211
212 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
213 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
214
215 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
216 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
217 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
218 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
219
220 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
221
222 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
223
224 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
225
226 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
227
228 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
229 ''
230 ];
231 };
232
233 systemd.services = {
234 phpfpm-dokuwiki = {
235 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
236 wants = dokuwiki.phpFpm.serviceDeps;
237 };
238 phpfpm-phpbb = {
239 after = lib.mkAfter phpbb.phpFpm.serviceDeps;
240 wants = phpbb.phpFpm.serviceDeps;
241 };
242 phpfpm-kanboard = {
243 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
244 wants = kanboard.phpFpm.serviceDeps;
245 };
246 phpfpm-ldap = {
247 after = lib.mkAfter ldap.phpFpm.serviceDeps;
248 wants = ldap.phpFpm.serviceDeps;
249 };
250 phpfpm-shaarli = {
251 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
252 wants = shaarli.phpFpm.serviceDeps;
253 };
254 phpfpm-ttrss = {
255 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
256 wants = ttrss.phpFpm.serviceDeps;
257 };
258 phpfpm-wallabag = {
259 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
260 wants = wallabag.phpFpm.serviceDeps;
261 preStart = lib.mkAfter wallabag.phpFpm.preStart;
262 };
263 phpfpm-yourls = {
264 after = lib.mkAfter yourls.phpFpm.serviceDeps;
265 wants = yourls.phpFpm.serviceDeps;
266 };
267 ympd = {
268 description = "Standalone MPD Web GUI written in C";
269 wantedBy = [ "multi-user.target" ];
270 script = ''
271 export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
272 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
273 '';
274 };
275 tt-rss = {
276 description = "Tiny Tiny RSS feeds update daemon";
277 serviceConfig = {
278 User = "wwwrun";
279 ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
280 StandardOutput = "syslog";
281 StandardError = "syslog";
282 PermissionsStartOnly = true;
283 };
284
285 wantedBy = [ "multi-user.target" ];
286 requires = ["postgresql.service"];
287 after = ["network.target" "postgresql.service"];
288 };
289 };
290
291 services.filesWatcher.ympd = {
292 restart = true;
293 paths = [ config.secrets.fullPaths."mpd" ];
294 };
295
296 services.phpfpm.pools = {
297 tools = {
298 user = "wwwrun";
299 group = "wwwrun";
300 settings = {
301 "listen.owner" = "wwwrun";
302 "listen.group" = "wwwrun";
303 "pm" = "dynamic";
304 "pm.max_children" = "60";
305 "pm.start_servers" = "2";
306 "pm.min_spare_servers" = "1";
307 "pm.max_spare_servers" = "10";
308
309 # Needed to avoid clashes in browser cookies (same domain)
310 "php_value[session.name]" = "ToolsPHPSESSID";
311 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
312 "/run/wrappers/bin/sendmail" landing "/tmp"
313 config.secrets.fullPaths."webapps/webhooks"
314 "${webhooks-bin-env}/bin"
315 ];
316 };
317 phpEnv = {
318 CONTACT_EMAIL = config.myEnv.tools.contact;
319 };
320 phpPackage = pkgs.php72;
321 };
322 devtools = {
323 user = "wwwrun";
324 group = "wwwrun";
325 settings = {
326 "listen.owner" = "wwwrun";
327 "listen.group" = "wwwrun";
328 "pm" = "dynamic";
329 "pm.max_children" = "60";
330 "pm.start_servers" = "2";
331 "pm.min_spare_servers" = "1";
332 "pm.max_spare_servers" = "10";
333
334 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
335 };
336 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
337 };
338 adminer = adminer.phpFpm;
339 ttrss = {
340 user = "wwwrun";
341 group = "wwwrun";
342 settings = ttrss.phpFpm.pool;
343 phpPackage = pkgs.php72;
344 };
345 wallabag = {
346 user = "wwwrun";
347 group = "wwwrun";
348 settings = wallabag.phpFpm.pool;
349 phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
350 };
351 yourls = {
352 user = "wwwrun";
353 group = "wwwrun";
354 settings = yourls.phpFpm.pool;
355 phpPackage = pkgs.php72;
356 };
357 rompr = {
358 user = "wwwrun";
359 group = "wwwrun";
360 settings = rompr.phpFpm.pool;
361 phpPackage = pkgs.php72;
362 };
363 shaarli = {
364 user = "wwwrun";
365 group = "wwwrun";
366 settings = shaarli.phpFpm.pool;
367 phpPackage = pkgs.php72;
368 };
369 dmarc-reports = {
370 user = "wwwrun";
371 group = "wwwrun";
372 settings = dmarc-reports.phpFpm.pool;
373 phpEnv = dmarc-reports.phpFpm.phpEnv;
374 phpPackage = pkgs.php72;
375 };
376 dokuwiki = {
377 user = "wwwrun";
378 group = "wwwrun";
379 settings = dokuwiki.phpFpm.pool;
380 phpPackage = pkgs.php72;
381 };
382 phpbb = {
383 user = "wwwrun";
384 group = "wwwrun";
385 settings = phpbb.phpFpm.pool;
386 phpPackage = pkgs.php72;
387 };
388 ldap = {
389 user = "wwwrun";
390 group = "wwwrun";
391 settings = ldap.phpFpm.pool;
392 phpPackage = pkgs.php72;
393 };
394 kanboard = {
395 user = "wwwrun";
396 group = "wwwrun";
397 settings = kanboard.phpFpm.pool;
398 phpPackage = pkgs.php72;
399 };
400 grocy = {
401 user = "wwwrun";
402 group = "wwwrun";
403 settings = grocy.phpFpm.pool;
404 phpPackage = pkgs.php72;
405 };
406 };
407
408 system.activationScripts = {
409 adminer = adminer.activationScript;
410 grocy = grocy.activationScript;
411 ttrss = ttrss.activationScript;
412 wallabag = wallabag.activationScript;
413 yourls = yourls.activationScript;
414 rompr = rompr.activationScript;
415 shaarli = shaarli.activationScript;
416 dokuwiki = dokuwiki.activationScript;
417 phpbb = phpbb.activationScript;
418 kanboard = kanboard.activationScript;
419 ldap = ldap.activationScript;
420 };
421
422 services.websites.env.tools.watchPaths = [
423 config.secrets.fullPaths."webapps/tools-shaarli"
424 ];
425 services.filesWatcher.phpfpm-wallabag = {
426 restart = true;
427 paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
428 };
429
430 };
431 }
432
My infrastructure configuration