1 { lib, pkgs, config, ... }:
3 flakeCompat = import ../../../../../lib/flake-compat.nix;
5 adminer = pkgs.callPackage ./adminer.nix {};
6 ympd = pkgs.callPackage ./ympd.nix {
7 env = config.myEnv.tools.ympd;
9 ttrss = pkgs.callPackage ./ttrss.nix {
10 inherit (pkgs.webapps) ttrss ttrss-plugins;
11 env = config.myEnv.tools.ttrss;
15 kanboard = pkgs.callPackage ./kanboard.nix {
17 env = config.myEnv.tools.kanboard;
19 wallabag = pkgs.callPackage ./wallabag.nix {
20 wallabag = pkgs.webapps.wallabag.override {
21 composerEnv = pkgs.composerEnv.override {
22 php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
25 env = config.myEnv.tools.wallabag;
28 yourls = pkgs.callPackage ./yourls.nix {
29 inherit (pkgs.webapps) yourls yourls-plugins;
30 env = config.myEnv.tools.yourls;
33 rompr = pkgs.callPackage ./rompr.nix {
34 inherit (pkgs.webapps) rompr;
35 env = config.myEnv.tools.rompr;
37 shaarli = pkgs.callPackage ./shaarli.nix {
38 env = config.myEnv.tools.shaarli;
41 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
42 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
44 ldap = pkgs.callPackage ./ldap.nix {
45 inherit (pkgs.webapps) phpldapadmin;
46 env = config.myEnv.tools.phpldapadmin;
49 grocy = pkgs.callPackage ./grocy.nix {
50 grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
52 phpbb = pkgs.callPackage ./phpbb.nix {
53 phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
54 e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
55 e.empteintesduweb.monitoranswers e.lr94.autosubscribe
56 e.phpbbmodders.adduser ]);
58 webhooks = pkgs.callPackage ./webhooks.nix {
59 env = config.myEnv.tools.webhooks;
61 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
62 env = config.myEnv.tools.dmarc_reports;
65 csp-reports = pkgs.callPackage ./csp_reports.nix {
66 env = config.myEnv.tools.csp_reports;
69 landing = pkgs.callPackage ./landing.nix {};
71 cfg = config.myServices.websites.tools.tools;
72 pcfg = config.services.phpfpm.pools;
75 builtins.attrValues (flakeCompat ../../../../../flakes/private/paste).nixosModules;
77 options.myServices.websites.tools.tools = {
78 enable = lib.mkEnableOption "enable tools website";
81 config = lib.mkIf cfg.enable {
93 services.duplyBackup.profiles = {
94 dokuwiki = dokuwiki.backups;
95 grocy = grocy.backups;
96 kanboard = kanboard.backups;
97 rompr = rompr.backups;
98 shaarli = shaarli.backups;
99 ttrss = ttrss.backups;
100 wallabag = wallabag.backups;
101 phpbb = phpbb.backups;
104 services.websites.env.tools.modules =
106 ++ adminer.apache.modules
107 ++ ympd.apache.modules
108 ++ ttrss.apache.modules
109 ++ wallabag.apache.modules
110 ++ yourls.apache.modules
111 ++ rompr.apache.modules
112 ++ shaarli.apache.modules
113 ++ dokuwiki.apache.modules
114 ++ dmarc-reports.apache.modules
115 ++ phpbb.apache.modules
116 ++ ldap.apache.modules
117 ++ kanboard.apache.modules;
119 services.websites.env.integration.vhostConfs.devtools = {
120 certName = "integration";
121 certMainHost = "devtools.immae.eu";
123 hosts = [ "devtools.immae.eu" ];
124 root = "/var/lib/ftp/immae/devtools";
127 Use Apaxy "/var/lib/ftp/immae/devtools" "title"
130 Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
131 <Directory "/var/lib/ftp/immae/devtools">
132 DirectoryIndex index.php index.htm index.html
135 <FilesMatch "\.php$">
136 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
143 services.websites.env.tools.vhostConfs.tools = {
144 certName = "eldiron";
146 hosts = ["tools.immae.eu" ];
150 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
151 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
152 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
154 <Directory "${landing}">
155 DirectoryIndex index.html
159 <FilesMatch "\.php$">
160 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
164 (adminer.apache.vhostConf pcfg.adminer.socket)
165 ympd.apache.vhostConf
166 (ttrss.apache.vhostConf pcfg.ttrss.socket)
167 (wallabag.apache.vhostConf pcfg.wallabag.socket)
168 (yourls.apache.vhostConf pcfg.yourls.socket)
169 (rompr.apache.vhostConf pcfg.rompr.socket)
170 (shaarli.apache.vhostConf pcfg.shaarli.socket)
171 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
172 (ldap.apache.vhostConf pcfg.ldap.socket)
173 (kanboard.apache.vhostConf pcfg.kanboard.socket)
174 (grocy.apache.vhostConf pcfg.grocy.socket)
175 (phpbb.apache.vhostConf pcfg.phpbb.socket)
176 (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
179 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
180 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
184 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
185 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
189 Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
190 <Directory "/var/lib/buildbot/outputs/immae/bip39">
191 DirectoryIndex index.html
196 Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
197 <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
201 <FilesMatch "\.php$">
202 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
209 services.websites.env.tools.vhostConfs.outils = {
210 certName = "eldiron";
212 hosts = [ "outils.immae.eu" ];
216 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
218 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
220 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
221 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
223 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
224 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
225 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
226 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
228 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
230 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
232 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
234 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
236 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
243 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
244 wants = dokuwiki.phpFpm.serviceDeps;
247 after = lib.mkAfter phpbb.phpFpm.serviceDeps;
248 wants = phpbb.phpFpm.serviceDeps;
251 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
252 wants = kanboard.phpFpm.serviceDeps;
255 after = lib.mkAfter ldap.phpFpm.serviceDeps;
256 wants = ldap.phpFpm.serviceDeps;
259 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
260 wants = shaarli.phpFpm.serviceDeps;
263 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
264 wants = ttrss.phpFpm.serviceDeps;
267 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
268 wants = wallabag.phpFpm.serviceDeps;
269 preStart = lib.mkAfter wallabag.phpFpm.preStart;
272 after = lib.mkAfter yourls.phpFpm.serviceDeps;
273 wants = yourls.phpFpm.serviceDeps;
276 description = "Standalone MPD Web GUI written in C";
277 wantedBy = [ "multi-user.target" ];
279 export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
280 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
284 description = "Tiny Tiny RSS feeds update daemon";
287 ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
288 StandardOutput = "syslog";
289 StandardError = "syslog";
290 PermissionsStartOnly = true;
293 wantedBy = [ "multi-user.target" ];
294 requires = ["postgresql.service"];
295 after = ["network.target" "postgresql.service"];
299 services.filesWatcher.ympd = {
301 paths = [ config.secrets.fullPaths."mpd" ];
304 services.phpfpm.pools = {
309 "listen.owner" = "wwwrun";
310 "listen.group" = "wwwrun";
312 "pm.max_children" = "60";
313 "pm.start_servers" = "2";
314 "pm.min_spare_servers" = "1";
315 "pm.max_spare_servers" = "10";
317 # Needed to avoid clashes in browser cookies (same domain)
318 "php_value[session.name]" = "ToolsPHPSESSID";
319 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
320 "/run/wrappers/bin/sendmail" landing "/tmp"
321 config.secrets.fullPaths."webapps/webhooks"
323 "include" = config.secrets.fullPaths."webapps/tools-csp-reports.conf";
326 CONTACT_EMAIL = config.myEnv.tools.contact;
328 phpPackage = pkgs.php72;
334 "listen.owner" = "wwwrun";
335 "listen.group" = "wwwrun";
337 "pm.max_children" = "60";
338 "pm.start_servers" = "2";
339 "pm.min_spare_servers" = "1";
340 "pm.max_spare_servers" = "10";
342 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
344 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
346 adminer = adminer.phpFpm;
350 settings = ttrss.phpFpm.pool;
351 phpPackage = pkgs.php72;
356 settings = wallabag.phpFpm.pool;
357 phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
362 settings = yourls.phpFpm.pool;
363 phpPackage = pkgs.php72;
368 settings = rompr.phpFpm.pool;
369 phpPackage = pkgs.php72;
374 settings = shaarli.phpFpm.pool;
375 phpPackage = pkgs.php72;
380 settings = dmarc-reports.phpFpm.pool;
381 phpEnv = dmarc-reports.phpFpm.phpEnv;
382 phpPackage = pkgs.php72;
387 settings = dokuwiki.phpFpm.pool;
388 phpPackage = pkgs.php72;
393 settings = phpbb.phpFpm.pool;
394 phpPackage = pkgs.php72;
399 settings = ldap.phpFpm.pool;
400 phpPackage = pkgs.php72;
405 settings = kanboard.phpFpm.pool;
406 phpPackage = pkgs.php72;
411 settings = grocy.phpFpm.pool;
412 phpPackage = pkgs.php72;
416 system.activationScripts = {
417 adminer = adminer.activationScript;
418 grocy = grocy.activationScript;
419 ttrss = ttrss.activationScript;
420 wallabag = wallabag.activationScript;
421 yourls = yourls.activationScript;
422 rompr = rompr.activationScript;
423 shaarli = shaarli.activationScript;
424 dokuwiki = dokuwiki.activationScript;
425 phpbb = phpbb.activationScript;
426 kanboard = kanboard.activationScript;
427 ldap = ldap.activationScript;
430 services.websites.env.tools.watchPaths = [
431 config.secrets.fullPaths."webapps/tools-shaarli"
433 services.filesWatcher.phpfpm-wallabag = {
435 paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];