]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/websites/tools/tools/default.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Rework webhooks
[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix
1 { lib, pkgs, config, ... }:
2 let
3 flakeCompat = import ../../../../../lib/flake-compat.nix;
4
5 adminer = pkgs.callPackage ./adminer.nix {};
6 ympd = pkgs.callPackage ./ympd.nix {
7 env = config.myEnv.tools.ympd;
8 };
9 ttrss = pkgs.callPackage ./ttrss.nix {
10 inherit (pkgs.webapps) ttrss ttrss-plugins;
11 env = config.myEnv.tools.ttrss;
12 php = pkgs.php72;
13 inherit config;
14 };
15 kanboard = pkgs.callPackage ./kanboard.nix {
16 inherit config;
17 env = config.myEnv.tools.kanboard;
18 };
19 wallabag = pkgs.callPackage ./wallabag.nix {
20 wallabag = pkgs.webapps.wallabag.override {
21 composerEnv = pkgs.composerEnv.override {
22 php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
23 };
24 };
25 env = config.myEnv.tools.wallabag;
26 inherit config;
27 };
28 yourls = pkgs.callPackage ./yourls.nix {
29 inherit (pkgs.webapps) yourls yourls-plugins;
30 env = config.myEnv.tools.yourls;
31 inherit config;
32 };
33 rompr = pkgs.callPackage ./rompr.nix {
34 inherit (pkgs.webapps) rompr;
35 env = config.myEnv.tools.rompr;
36 };
37 shaarli = pkgs.callPackage ./shaarli.nix {
38 env = config.myEnv.tools.shaarli;
39 inherit config;
40 };
41 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
42 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
43 };
44 ldap = pkgs.callPackage ./ldap.nix {
45 inherit (pkgs.webapps) phpldapadmin;
46 env = config.myEnv.tools.phpldapadmin;
47 inherit config;
48 };
49 grocy = pkgs.callPackage ./grocy.nix {
50 grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
51 };
52 phpbb = pkgs.callPackage ./phpbb.nix {
53 phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
54 e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
55 e.empteintesduweb.monitoranswers e.lr94.autosubscribe
56 e.phpbbmodders.adduser ]);
57 };
58 webhooks = pkgs.callPackage ./webhooks.nix {
59 env = config.myEnv.tools.webhooks;
60 };
61 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
62 env = config.myEnv.tools.dmarc_reports;
63 inherit config;
64 };
65
66 landing = pkgs.callPackage ./landing.nix {};
67
68 cfg = config.myServices.websites.tools.tools;
69 pcfg = config.services.phpfpm.pools;
70 in {
71 imports =
72 builtins.attrValues (flakeCompat ../../../../../flakes/private/paste).nixosModules;
73
74 options.myServices.websites.tools.tools = {
75 enable = lib.mkEnableOption "enable tools website";
76 };
77
78 config = lib.mkIf cfg.enable {
79 secrets.keys =
80 kanboard.keys
81 // ldap.keys
82 // shaarli.keys
83 // ttrss.keys
84 // wallabag.keys
85 // yourls.keys
86 // dmarc-reports.keys
87 // webhooks.keys;
88
89 services.websites.env.tools.modules =
90 [ "proxy_fcgi" ]
91 ++ adminer.apache.modules
92 ++ ympd.apache.modules
93 ++ ttrss.apache.modules
94 ++ wallabag.apache.modules
95 ++ yourls.apache.modules
96 ++ rompr.apache.modules
97 ++ shaarli.apache.modules
98 ++ dokuwiki.apache.modules
99 ++ dmarc-reports.apache.modules
100 ++ phpbb.apache.modules
101 ++ ldap.apache.modules
102 ++ kanboard.apache.modules;
103
104 services.websites.env.integration.vhostConfs.devtools = {
105 certName = "integration";
106 certMainHost = "tools.immae.dev";
107 addToCerts = true;
108 hosts = [ "tools.immae.dev" ];
109 root = "/var/lib/ftp/immae/devtools";
110 extraConfig = [
111 ''
112 Use Apaxy "/var/lib/ftp/immae/devtools" "title"
113 Timeout 600
114 ProxyTimeout 600
115 Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
116 <Directory "/var/lib/ftp/immae/devtools">
117 DirectoryIndex index.php index.htm index.html
118 AllowOverride all
119 Require all granted
120 <FilesMatch "\.php$">
121 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
122 </FilesMatch>
123 </Directory>
124 ''
125 ];
126 };
127
128 services.websites.env.tools.vhostConfs.tools = {
129 certName = "eldiron";
130 addToCerts = true;
131 hosts = ["tools.immae.eu" ];
132 root = landing;
133 extraConfig = [
134 ''
135 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
136 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
137 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
138
139 <Directory "${landing}">
140 DirectoryIndex index.html
141 AllowOverride None
142 Require all granted
143
144 <FilesMatch "\.php$">
145 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
146 </FilesMatch>
147 </Directory>
148 ''
149 (adminer.apache.vhostConf pcfg.adminer.socket)
150 ympd.apache.vhostConf
151 (ttrss.apache.vhostConf pcfg.ttrss.socket)
152 (wallabag.apache.vhostConf pcfg.wallabag.socket)
153 (yourls.apache.vhostConf pcfg.yourls.socket)
154 (rompr.apache.vhostConf pcfg.rompr.socket)
155 (shaarli.apache.vhostConf pcfg.shaarli.socket)
156 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
157 (ldap.apache.vhostConf pcfg.ldap.socket)
158 (kanboard.apache.vhostConf pcfg.kanboard.socket)
159 (grocy.apache.vhostConf pcfg.grocy.socket)
160 (phpbb.apache.vhostConf pcfg.phpbb.socket)
161 (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
162 ''
163 <Location "/paste/">
164 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
165 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
166 ProxyPreserveHost on
167 </Location>
168 <Location "/paste">
169 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
170 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
171 ProxyPreserveHost on
172 </Location>
173
174 Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
175 <Directory "/var/lib/buildbot/outputs/immae/bip39">
176 DirectoryIndex index.html
177 AllowOverride None
178 Require all granted
179 </Directory>
180
181 Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
182 <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
183 Options -Indexes
184 DirectoryIndex index.php
185 Require all granted
186 AllowOverride None
187 <FilesMatch "\.php$">
188 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
189 </FilesMatch>
190 </Directory>
191 ''
192 ];
193 };
194
195 services.websites.env.tools.vhostConfs.outils = {
196 certName = "eldiron";
197 addToCerts = true;
198 hosts = [ "outils.immae.eu" ];
199 root = null;
200 extraConfig = [
201 ''
202 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
203
204 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
205
206 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
207 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
208
209 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
210 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
211 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
212 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
213
214 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
215
216 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
217
218 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
219
220 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
221
222 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
223 ''
224 ];
225 };
226
227 systemd.services = {
228 phpfpm-dokuwiki = {
229 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
230 wants = dokuwiki.phpFpm.serviceDeps;
231 };
232 phpfpm-phpbb = {
233 after = lib.mkAfter phpbb.phpFpm.serviceDeps;
234 wants = phpbb.phpFpm.serviceDeps;
235 };
236 phpfpm-kanboard = {
237 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
238 wants = kanboard.phpFpm.serviceDeps;
239 };
240 phpfpm-ldap = {
241 after = lib.mkAfter ldap.phpFpm.serviceDeps;
242 wants = ldap.phpFpm.serviceDeps;
243 };
244 phpfpm-shaarli = {
245 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
246 wants = shaarli.phpFpm.serviceDeps;
247 };
248 phpfpm-ttrss = {
249 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
250 wants = ttrss.phpFpm.serviceDeps;
251 };
252 phpfpm-wallabag = {
253 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
254 wants = wallabag.phpFpm.serviceDeps;
255 preStart = lib.mkAfter wallabag.phpFpm.preStart;
256 };
257 phpfpm-yourls = {
258 after = lib.mkAfter yourls.phpFpm.serviceDeps;
259 wants = yourls.phpFpm.serviceDeps;
260 };
261 ympd = {
262 description = "Standalone MPD Web GUI written in C";
263 wantedBy = [ "multi-user.target" ];
264 script = ''
265 export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
266 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
267 '';
268 };
269 tt-rss = {
270 description = "Tiny Tiny RSS feeds update daemon";
271 serviceConfig = {
272 User = "wwwrun";
273 ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
274 StandardOutput = "syslog";
275 StandardError = "syslog";
276 PermissionsStartOnly = true;
277 };
278
279 wantedBy = [ "multi-user.target" ];
280 requires = ["postgresql.service"];
281 after = ["network.target" "postgresql.service"];
282 };
283 };
284
285 services.filesWatcher.ympd = {
286 restart = true;
287 paths = [ config.secrets.fullPaths."mpd" ];
288 };
289
290 services.phpfpm.pools = {
291 tools = {
292 user = "wwwrun";
293 group = "wwwrun";
294 settings = {
295 "listen.owner" = "wwwrun";
296 "listen.group" = "wwwrun";
297 "pm" = "dynamic";
298 "pm.max_children" = "60";
299 "pm.start_servers" = "2";
300 "pm.min_spare_servers" = "1";
301 "pm.max_spare_servers" = "10";
302
303 # Needed to avoid clashes in browser cookies (same domain)
304 "php_value[session.name]" = "ToolsPHPSESSID";
305 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
306 "/run/wrappers/bin/sendmail" landing "/tmp"
307 config.secrets.fullPaths."webapps/webhooks"
308 ];
309 };
310 phpEnv = {
311 CONTACT_EMAIL = config.myEnv.tools.contact;
312 };
313 phpPackage = pkgs.php72;
314 };
315 devtools = {
316 user = "wwwrun";
317 group = "wwwrun";
318 settings = {
319 "listen.owner" = "wwwrun";
320 "listen.group" = "wwwrun";
321 "pm" = "dynamic";
322 "pm.max_children" = "60";
323 "pm.start_servers" = "2";
324 "pm.min_spare_servers" = "1";
325 "pm.max_spare_servers" = "10";
326
327 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
328 };
329 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
330 };
331 adminer = adminer.phpFpm;
332 ttrss = {
333 user = "wwwrun";
334 group = "wwwrun";
335 settings = ttrss.phpFpm.pool;
336 phpPackage = pkgs.php72;
337 };
338 wallabag = {
339 user = "wwwrun";
340 group = "wwwrun";
341 settings = wallabag.phpFpm.pool;
342 phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
343 };
344 yourls = {
345 user = "wwwrun";
346 group = "wwwrun";
347 settings = yourls.phpFpm.pool;
348 phpPackage = pkgs.php72;
349 };
350 rompr = {
351 user = "wwwrun";
352 group = "wwwrun";
353 settings = rompr.phpFpm.pool;
354 phpPackage = pkgs.php72;
355 };
356 shaarli = {
357 user = "wwwrun";
358 group = "wwwrun";
359 settings = shaarli.phpFpm.pool;
360 phpPackage = pkgs.php72;
361 };
362 dmarc-reports = {
363 user = "wwwrun";
364 group = "wwwrun";
365 settings = dmarc-reports.phpFpm.pool;
366 phpEnv = dmarc-reports.phpFpm.phpEnv;
367 phpPackage = pkgs.php72;
368 };
369 dokuwiki = {
370 user = "wwwrun";
371 group = "wwwrun";
372 settings = dokuwiki.phpFpm.pool;
373 phpPackage = pkgs.php72;
374 };
375 phpbb = {
376 user = "wwwrun";
377 group = "wwwrun";
378 settings = phpbb.phpFpm.pool;
379 phpPackage = pkgs.php72;
380 };
381 ldap = {
382 user = "wwwrun";
383 group = "wwwrun";
384 settings = ldap.phpFpm.pool;
385 phpPackage = pkgs.php72;
386 };
387 kanboard = {
388 user = "wwwrun";
389 group = "wwwrun";
390 settings = kanboard.phpFpm.pool;
391 phpPackage = pkgs.php72;
392 };
393 grocy = {
394 user = "wwwrun";
395 group = "wwwrun";
396 settings = grocy.phpFpm.pool;
397 phpPackage = pkgs.php72;
398 };
399 };
400
401 system.activationScripts = {
402 adminer = adminer.activationScript;
403 grocy = grocy.activationScript;
404 ttrss = ttrss.activationScript;
405 wallabag = wallabag.activationScript;
406 yourls = yourls.activationScript;
407 rompr = rompr.activationScript;
408 shaarli = shaarli.activationScript;
409 dokuwiki = dokuwiki.activationScript;
410 phpbb = phpbb.activationScript;
411 kanboard = kanboard.activationScript;
412 ldap = ldap.activationScript;
413 };
414
415 services.websites.env.tools.watchPaths = [
416 config.secrets.fullPaths."webapps/tools-shaarli"
417 ];
418 services.filesWatcher.phpfpm-wallabag = {
419 restart = true;
420 paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
421 };
422
423 };
424 }
425
My infrastructure configuration