1 { lib, pkgs, config, ... }:
3 flakeCompat = import ../../../../../lib/flake-compat.nix;
5 adminer = pkgs.callPackage ./adminer.nix {};
6 ympd = pkgs.callPackage ./ympd.nix {
7 env = config.myEnv.tools.ympd;
9 ttrss = pkgs.callPackage ./ttrss.nix {
10 inherit (pkgs.webapps) ttrss ttrss-plugins;
11 env = config.myEnv.tools.ttrss;
15 kanboard = pkgs.callPackage ./kanboard.nix {
17 env = config.myEnv.tools.kanboard;
19 wallabag = pkgs.callPackage ./wallabag.nix {
20 wallabag = pkgs.webapps.wallabag.override {
21 composerEnv = pkgs.composerEnv.override {
22 php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
25 env = config.myEnv.tools.wallabag;
28 yourls = pkgs.callPackage ./yourls.nix {
29 inherit (pkgs.webapps) yourls yourls-plugins;
30 env = config.myEnv.tools.yourls;
33 rompr = pkgs.callPackage ./rompr.nix {
34 inherit (pkgs.webapps) rompr;
35 env = config.myEnv.tools.rompr;
37 shaarli = pkgs.callPackage ./shaarli.nix {
38 env = config.myEnv.tools.shaarli;
41 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
42 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
44 ldap = pkgs.callPackage ./ldap.nix {
45 inherit (pkgs.webapps) phpldapadmin;
46 env = config.myEnv.tools.phpldapadmin;
49 grocy = pkgs.callPackage ./grocy.nix {
50 grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
52 phpbb = pkgs.callPackage ./phpbb.nix {
53 phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
54 e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
55 e.empteintesduweb.monitoranswers e.lr94.autosubscribe
56 e.phpbbmodders.adduser ]);
58 webhooks-bin-env = pkgs.buildEnv {
60 paths = [ pkgs.apprise ];
61 pathsToLink = [ "/bin" ];
63 webhooks = pkgs.callPackage ./webhooks.nix {
64 env = config.myEnv.tools.webhooks;
65 binEnv = webhooks-bin-env;
67 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
68 env = config.myEnv.tools.dmarc_reports;
72 landing = pkgs.callPackage ./landing.nix {};
74 cfg = config.myServices.websites.tools.tools;
75 pcfg = config.services.phpfpm.pools;
78 builtins.attrValues (flakeCompat ../../../../../flakes/private/paste).nixosModules;
80 options.myServices.websites.tools.tools = {
81 enable = lib.mkEnableOption "enable tools website";
84 config = lib.mkIf cfg.enable {
95 services.websites.env.tools.modules =
97 ++ adminer.apache.modules
98 ++ ympd.apache.modules
99 ++ ttrss.apache.modules
100 ++ wallabag.apache.modules
101 ++ yourls.apache.modules
102 ++ rompr.apache.modules
103 ++ shaarli.apache.modules
104 ++ dokuwiki.apache.modules
105 ++ dmarc-reports.apache.modules
106 ++ phpbb.apache.modules
107 ++ ldap.apache.modules
108 ++ kanboard.apache.modules;
110 services.websites.env.integration.vhostConfs.devtools = {
111 certName = "integration";
112 certMainHost = "tools.immae.dev";
114 hosts = [ "tools.immae.dev" ];
115 root = "/var/lib/ftp/immae/devtools";
118 Use Apaxy "/var/lib/ftp/immae/devtools" "title"
121 Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
122 <Directory "/var/lib/ftp/immae/devtools">
123 DirectoryIndex index.php index.htm index.html
126 <FilesMatch "\.php$">
127 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
134 services.websites.env.tools.vhostConfs.tools = {
135 certName = "eldiron";
137 hosts = ["tools.immae.eu" ];
141 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
142 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
143 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
145 <Directory "${landing}">
146 DirectoryIndex index.html
150 <FilesMatch "\.php$">
151 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
155 (adminer.apache.vhostConf pcfg.adminer.socket)
156 ympd.apache.vhostConf
157 (ttrss.apache.vhostConf pcfg.ttrss.socket)
158 (wallabag.apache.vhostConf pcfg.wallabag.socket)
159 (yourls.apache.vhostConf pcfg.yourls.socket)
160 (rompr.apache.vhostConf pcfg.rompr.socket)
161 (shaarli.apache.vhostConf pcfg.shaarli.socket)
162 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
163 (ldap.apache.vhostConf pcfg.ldap.socket)
164 (kanboard.apache.vhostConf pcfg.kanboard.socket)
165 (grocy.apache.vhostConf pcfg.grocy.socket)
166 (phpbb.apache.vhostConf pcfg.phpbb.socket)
167 (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
170 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
171 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
175 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
176 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
180 Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
181 <Directory "/var/lib/buildbot/outputs/immae/bip39">
182 DirectoryIndex index.html
187 Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
188 <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
190 DirectoryIndex index.php
193 <FilesMatch "\.php$">
194 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
201 services.websites.env.tools.vhostConfs.outils = {
202 certName = "eldiron";
204 hosts = [ "outils.immae.eu" ];
208 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
210 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
212 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
213 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
215 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
216 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
217 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
218 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
220 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
222 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
224 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
226 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
228 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
235 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
236 wants = dokuwiki.phpFpm.serviceDeps;
239 after = lib.mkAfter phpbb.phpFpm.serviceDeps;
240 wants = phpbb.phpFpm.serviceDeps;
243 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
244 wants = kanboard.phpFpm.serviceDeps;
247 after = lib.mkAfter ldap.phpFpm.serviceDeps;
248 wants = ldap.phpFpm.serviceDeps;
251 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
252 wants = shaarli.phpFpm.serviceDeps;
255 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
256 wants = ttrss.phpFpm.serviceDeps;
259 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
260 wants = wallabag.phpFpm.serviceDeps;
261 preStart = lib.mkAfter wallabag.phpFpm.preStart;
264 after = lib.mkAfter yourls.phpFpm.serviceDeps;
265 wants = yourls.phpFpm.serviceDeps;
268 description = "Standalone MPD Web GUI written in C";
269 wantedBy = [ "multi-user.target" ];
271 export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
272 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
276 description = "Tiny Tiny RSS feeds update daemon";
279 ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
280 StandardOutput = "syslog";
281 StandardError = "syslog";
282 PermissionsStartOnly = true;
285 wantedBy = [ "multi-user.target" ];
286 requires = ["postgresql.service"];
287 after = ["network.target" "postgresql.service"];
291 services.filesWatcher.ympd = {
293 paths = [ config.secrets.fullPaths."mpd" ];
296 services.phpfpm.pools = {
301 "listen.owner" = "wwwrun";
302 "listen.group" = "wwwrun";
304 "pm.max_children" = "60";
305 "pm.start_servers" = "2";
306 "pm.min_spare_servers" = "1";
307 "pm.max_spare_servers" = "10";
309 # Needed to avoid clashes in browser cookies (same domain)
310 "php_value[session.name]" = "ToolsPHPSESSID";
311 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
312 "/run/wrappers/bin/sendmail" landing "/tmp"
313 config.secrets.fullPaths."webapps/webhooks"
314 "${webhooks-bin-env}/bin"
318 CONTACT_EMAIL = config.myEnv.tools.contact;
320 phpPackage = pkgs.php72;
326 "listen.owner" = "wwwrun";
327 "listen.group" = "wwwrun";
329 "pm.max_children" = "60";
330 "pm.start_servers" = "2";
331 "pm.min_spare_servers" = "1";
332 "pm.max_spare_servers" = "10";
334 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
336 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
338 adminer = adminer.phpFpm;
342 settings = ttrss.phpFpm.pool;
343 phpPackage = pkgs.php72;
348 settings = wallabag.phpFpm.pool;
349 phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
354 settings = yourls.phpFpm.pool;
355 phpPackage = pkgs.php72;
360 settings = rompr.phpFpm.pool;
361 phpPackage = pkgs.php72;
366 settings = shaarli.phpFpm.pool;
367 phpPackage = pkgs.php72;
372 settings = dmarc-reports.phpFpm.pool;
373 phpEnv = dmarc-reports.phpFpm.phpEnv;
374 phpPackage = pkgs.php72;
379 settings = dokuwiki.phpFpm.pool;
380 phpPackage = pkgs.php72;
385 settings = phpbb.phpFpm.pool;
386 phpPackage = pkgs.php72;
391 settings = ldap.phpFpm.pool;
392 phpPackage = pkgs.php72;
397 settings = kanboard.phpFpm.pool;
398 phpPackage = pkgs.php72;
403 settings = grocy.phpFpm.pool;
404 phpPackage = pkgs.php72;
408 system.activationScripts = {
409 adminer = adminer.activationScript;
410 grocy = grocy.activationScript;
411 ttrss = ttrss.activationScript;
412 wallabag = wallabag.activationScript;
413 yourls = yourls.activationScript;
414 rompr = rompr.activationScript;
415 shaarli = shaarli.activationScript;
416 dokuwiki = dokuwiki.activationScript;
417 phpbb = phpbb.activationScript;
418 kanboard = kanboard.activationScript;
419 ldap = ldap.activationScript;
422 services.websites.env.tools.watchPaths = [
423 config.secrets.fullPaths."webapps/tools-shaarli"
425 services.filesWatcher.phpfpm-wallabag = {
427 paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];