1 { lib, pkgs, config, ... }:
3 flakeCompat = import ../../../../../lib/flake-compat.nix;
5 adminer = pkgs.callPackage ./adminer.nix {};
6 ympd = pkgs.callPackage ./ympd.nix {
7 env = config.myEnv.tools.ympd;
9 ttrss = pkgs.callPackage ./ttrss.nix {
10 inherit (pkgs.webapps) ttrss ttrss-plugins;
11 env = config.myEnv.tools.ttrss;
15 kanboard = pkgs.callPackage ./kanboard.nix {
17 env = config.myEnv.tools.kanboard;
19 wallabag = pkgs.callPackage ./wallabag.nix {
20 wallabag = pkgs.webapps.wallabag.override {
21 composerEnv = pkgs.composerEnv.override {
22 php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
25 env = config.myEnv.tools.wallabag;
28 yourls = pkgs.callPackage ./yourls.nix {
29 inherit (pkgs.webapps) yourls yourls-plugins;
30 env = config.myEnv.tools.yourls;
33 rompr = pkgs.callPackage ./rompr.nix {
34 inherit (pkgs.webapps) rompr;
35 env = config.myEnv.tools.rompr;
37 shaarli = pkgs.callPackage ./shaarli.nix {
38 env = config.myEnv.tools.shaarli;
41 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
42 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
44 ldap = pkgs.callPackage ./ldap.nix {
45 inherit (pkgs.webapps) phpldapadmin;
46 env = config.myEnv.tools.phpldapadmin;
49 grocy = pkgs.callPackage ./grocy.nix {
50 grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
52 phpbb = pkgs.callPackage ./phpbb.nix {
53 phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
54 e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
55 e.empteintesduweb.monitoranswers e.lr94.autosubscribe
56 e.phpbbmodders.adduser ]);
58 webhooks = pkgs.callPackage ./webhooks.nix {
59 env = config.myEnv.tools.webhooks;
61 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
62 env = config.myEnv.tools.dmarc_reports;
66 landing = pkgs.callPackage ./landing.nix {};
68 cfg = config.myServices.websites.tools.tools;
69 pcfg = config.services.phpfpm.pools;
72 builtins.attrValues (flakeCompat ../../../../../flakes/private/paste).nixosModules;
74 options.myServices.websites.tools.tools = {
75 enable = lib.mkEnableOption "enable tools website";
78 config = lib.mkIf cfg.enable {
89 services.websites.env.tools.modules =
91 ++ adminer.apache.modules
92 ++ ympd.apache.modules
93 ++ ttrss.apache.modules
94 ++ wallabag.apache.modules
95 ++ yourls.apache.modules
96 ++ rompr.apache.modules
97 ++ shaarli.apache.modules
98 ++ dokuwiki.apache.modules
99 ++ dmarc-reports.apache.modules
100 ++ phpbb.apache.modules
101 ++ ldap.apache.modules
102 ++ kanboard.apache.modules;
104 services.websites.env.integration.vhostConfs.devtools = {
105 certName = "integration";
106 certMainHost = "tools.immae.dev";
108 hosts = [ "tools.immae.dev" ];
109 root = "/var/lib/ftp/immae/devtools";
112 Use Apaxy "/var/lib/ftp/immae/devtools" "title"
115 Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
116 <Directory "/var/lib/ftp/immae/devtools">
117 DirectoryIndex index.php index.htm index.html
120 <FilesMatch "\.php$">
121 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
128 services.websites.env.tools.vhostConfs.tools = {
129 certName = "eldiron";
131 hosts = ["tools.immae.eu" ];
135 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
136 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
137 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
139 <Directory "${landing}">
140 DirectoryIndex index.html
144 <FilesMatch "\.php$">
145 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
149 (adminer.apache.vhostConf pcfg.adminer.socket)
150 ympd.apache.vhostConf
151 (ttrss.apache.vhostConf pcfg.ttrss.socket)
152 (wallabag.apache.vhostConf pcfg.wallabag.socket)
153 (yourls.apache.vhostConf pcfg.yourls.socket)
154 (rompr.apache.vhostConf pcfg.rompr.socket)
155 (shaarli.apache.vhostConf pcfg.shaarli.socket)
156 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
157 (ldap.apache.vhostConf pcfg.ldap.socket)
158 (kanboard.apache.vhostConf pcfg.kanboard.socket)
159 (grocy.apache.vhostConf pcfg.grocy.socket)
160 (phpbb.apache.vhostConf pcfg.phpbb.socket)
161 (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
164 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
165 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
169 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
170 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
174 Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
175 <Directory "/var/lib/buildbot/outputs/immae/bip39">
176 DirectoryIndex index.html
181 Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
182 <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
184 DirectoryIndex index.php
187 <FilesMatch "\.php$">
188 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
195 services.websites.env.tools.vhostConfs.outils = {
196 certName = "eldiron";
198 hosts = [ "outils.immae.eu" ];
202 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
204 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
206 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
207 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
209 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
210 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
211 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
212 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
214 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
216 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
218 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
220 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
222 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
229 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
230 wants = dokuwiki.phpFpm.serviceDeps;
233 after = lib.mkAfter phpbb.phpFpm.serviceDeps;
234 wants = phpbb.phpFpm.serviceDeps;
237 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
238 wants = kanboard.phpFpm.serviceDeps;
241 after = lib.mkAfter ldap.phpFpm.serviceDeps;
242 wants = ldap.phpFpm.serviceDeps;
245 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
246 wants = shaarli.phpFpm.serviceDeps;
249 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
250 wants = ttrss.phpFpm.serviceDeps;
253 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
254 wants = wallabag.phpFpm.serviceDeps;
255 preStart = lib.mkAfter wallabag.phpFpm.preStart;
258 after = lib.mkAfter yourls.phpFpm.serviceDeps;
259 wants = yourls.phpFpm.serviceDeps;
262 description = "Standalone MPD Web GUI written in C";
263 wantedBy = [ "multi-user.target" ];
265 export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
266 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
270 description = "Tiny Tiny RSS feeds update daemon";
273 ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
274 StandardOutput = "syslog";
275 StandardError = "syslog";
276 PermissionsStartOnly = true;
279 wantedBy = [ "multi-user.target" ];
280 requires = ["postgresql.service"];
281 after = ["network.target" "postgresql.service"];
285 services.filesWatcher.ympd = {
287 paths = [ config.secrets.fullPaths."mpd" ];
290 services.phpfpm.pools = {
295 "listen.owner" = "wwwrun";
296 "listen.group" = "wwwrun";
298 "pm.max_children" = "60";
299 "pm.start_servers" = "2";
300 "pm.min_spare_servers" = "1";
301 "pm.max_spare_servers" = "10";
303 # Needed to avoid clashes in browser cookies (same domain)
304 "php_value[session.name]" = "ToolsPHPSESSID";
305 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
306 "/run/wrappers/bin/sendmail" landing "/tmp"
307 config.secrets.fullPaths."webapps/webhooks"
311 CONTACT_EMAIL = config.myEnv.tools.contact;
313 phpPackage = pkgs.php72;
319 "listen.owner" = "wwwrun";
320 "listen.group" = "wwwrun";
322 "pm.max_children" = "60";
323 "pm.start_servers" = "2";
324 "pm.min_spare_servers" = "1";
325 "pm.max_spare_servers" = "10";
327 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
329 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
331 adminer = adminer.phpFpm;
335 settings = ttrss.phpFpm.pool;
336 phpPackage = pkgs.php72;
341 settings = wallabag.phpFpm.pool;
342 phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
347 settings = yourls.phpFpm.pool;
348 phpPackage = pkgs.php72;
353 settings = rompr.phpFpm.pool;
354 phpPackage = pkgs.php72;
359 settings = shaarli.phpFpm.pool;
360 phpPackage = pkgs.php72;
365 settings = dmarc-reports.phpFpm.pool;
366 phpEnv = dmarc-reports.phpFpm.phpEnv;
367 phpPackage = pkgs.php72;
372 settings = dokuwiki.phpFpm.pool;
373 phpPackage = pkgs.php72;
378 settings = phpbb.phpFpm.pool;
379 phpPackage = pkgs.php72;
384 settings = ldap.phpFpm.pool;
385 phpPackage = pkgs.php72;
390 settings = kanboard.phpFpm.pool;
391 phpPackage = pkgs.php72;
396 settings = grocy.phpFpm.pool;
397 phpPackage = pkgs.php72;
401 system.activationScripts = {
402 adminer = adminer.activationScript;
403 grocy = grocy.activationScript;
404 ttrss = ttrss.activationScript;
405 wallabag = wallabag.activationScript;
406 yourls = yourls.activationScript;
407 rompr = rompr.activationScript;
408 shaarli = shaarli.activationScript;
409 dokuwiki = dokuwiki.activationScript;
410 phpbb = phpbb.activationScript;
411 kanboard = kanboard.activationScript;
412 ldap = ldap.activationScript;
415 services.websites.env.tools.watchPaths = [
416 config.secrets.fullPaths."webapps/tools-shaarli"
418 services.filesWatcher.phpfpm-wallabag = {
420 paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];