1 { lib, pkgs, config, flakes, ... }:
3 adminer = pkgs.callPackage ./adminer.nix {};
4 ympd = pkgs.callPackage ./ympd.nix {
5 env = config.myEnv.tools.ympd;
7 ttrss = pkgs.callPackage ./ttrss.nix {
8 inherit (pkgs.webapps) ttrss ttrss-plugins;
9 env = config.myEnv.tools.ttrss;
13 kanboard = pkgs.callPackage ./kanboard.nix {
15 env = config.myEnv.tools.kanboard;
17 wallabag = pkgs.callPackage ./wallabag.nix {
18 wallabag = pkgs.webapps.wallabag.override {
19 composerEnv = pkgs.composerEnv.override {
20 php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
23 env = config.myEnv.tools.wallabag;
26 yourls = pkgs.callPackage ./yourls.nix {
27 inherit (pkgs.webapps) yourls yourls-plugins;
28 env = config.myEnv.tools.yourls;
31 rompr = pkgs.callPackage ./rompr.nix {
32 inherit (pkgs.webapps) rompr;
33 env = config.myEnv.tools.rompr;
35 shaarli = pkgs.callPackage ./shaarli.nix {
36 env = config.myEnv.tools.shaarli;
39 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
40 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
42 ldap = pkgs.callPackage ./ldap.nix {
43 inherit (pkgs.webapps) phpldapadmin;
44 env = config.myEnv.tools.phpldapadmin;
47 grocy = pkgs.callPackage ./grocy.nix {
48 grocy = flakes.subflakes.public.grocy.defaultPackage.x86_64-linux.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
50 phpbb = pkgs.callPackage ./phpbb.nix {
51 phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
52 e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
53 e.empteintesduweb.monitoranswers e.lr94.autosubscribe
54 e.phpbbmodders.adduser ]);
56 webhooks-bin-env = pkgs.buildEnv {
58 paths = [ pkgs.apprise ];
59 pathsToLink = [ "/bin" ];
61 webhooks = pkgs.callPackage ./webhooks.nix {
62 env = config.myEnv.tools.webhooks;
63 binEnv = webhooks-bin-env;
65 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
66 env = config.myEnv.tools.dmarc_reports;
70 landing = pkgs.callPackage ./landing.nix {};
72 cfg = config.myServices.websites.tools.tools;
73 pcfg = config.services.phpfpm.pools;
76 builtins.attrValues flakes.subflakes.private.paste.nixosModules;
78 options.myServices.websites.tools.tools = {
79 enable = lib.mkEnableOption "enable tools website";
82 config = lib.mkIf cfg.enable {
83 myServices.chatonsProperties.services = {
84 dokuwiki = dokuwiki.chatonsProperties;
85 shaarli = shaarli.chatonsProperties;
86 ttrss = ttrss.chatonsProperties;
87 wallabag = wallabag.chatonsProperties;
89 file.datetime = "2022-08-22T00:15:00";
92 description = "A simple paster script with syntax highlight";
93 website = "https://tools.immae.eu/paste/";
94 logo = "https://assets.immae.eu/logo.jpg";
96 status.description = "OK";
97 registration."" = ["MEMBER" "CLIENT"];
98 registration.load = "OPEN";
99 install.type = "PACKAGE";
100 guide.user = "https://tools.immae.eu/paste/";
104 website = "https://tools.immae.eu/paste/";
105 license.url = "https://tools.immae.eu/paste/license";
106 license.name = "MIT License";
107 version = "Unversioned";
108 source.url = "https://tools.immae.eu/paste/abcd123/py";
112 myServices.chatonsProperties.hostings = {
113 dokuwiki = dokuwiki.chatonsHostingProperties;
114 phpbb = phpbb.chatonsHostingProperties;
123 // dmarc-reports.keys
126 services.websites.env.tools.modules =
128 ++ adminer.apache.modules
129 ++ ympd.apache.modules
130 ++ ttrss.apache.modules
131 ++ wallabag.apache.modules
132 ++ yourls.apache.modules
133 ++ rompr.apache.modules
134 ++ shaarli.apache.modules
135 ++ dokuwiki.apache.modules
136 ++ dmarc-reports.apache.modules
137 ++ phpbb.apache.modules
138 ++ ldap.apache.modules
139 ++ kanboard.apache.modules;
141 services.websites.env.integration.vhostConfs.devtools = {
142 certName = "integration";
143 certMainHost = "tools.immae.dev";
145 hosts = [ "tools.immae.dev" ];
146 root = "/var/lib/ftp/immae/devtools";
149 Use Apaxy "/var/lib/ftp/immae/devtools" "title"
152 Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
153 <Directory "/var/lib/ftp/immae/devtools">
154 DirectoryIndex index.php index.htm index.html
157 <FilesMatch "\.php$">
158 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
165 services.websites.env.tools.vhostConfs.tools = {
166 certName = "eldiron";
168 hosts = ["tools.immae.eu" ];
172 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
173 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
174 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
176 <Directory "${landing}">
177 DirectoryIndex index.html
181 <FilesMatch "\.php$">
182 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
186 (adminer.apache.vhostConf pcfg.adminer.socket)
187 ympd.apache.vhostConf
188 (ttrss.apache.vhostConf pcfg.ttrss.socket)
189 (wallabag.apache.vhostConf pcfg.wallabag.socket)
190 (yourls.apache.vhostConf pcfg.yourls.socket)
191 (rompr.apache.vhostConf pcfg.rompr.socket)
192 (shaarli.apache.vhostConf pcfg.shaarli.socket)
193 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
194 (ldap.apache.vhostConf pcfg.ldap.socket)
195 (kanboard.apache.vhostConf pcfg.kanboard.socket)
196 (grocy.apache.vhostConf pcfg.grocy.socket)
197 (phpbb.apache.vhostConf pcfg.phpbb.socket)
198 (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
201 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
202 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
206 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
207 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
212 SetEnv proxy-nokeepalive 1
213 SetEnv proxy-sendchunked 1
214 LimitRequestBody 102400
218 # FIXME: why is landing prefixed in the url?
219 RewriteCond %{HTTP:Upgrade} websocket [NC]
220 RewriteCond %{HTTP:Connection} upgrade [NC]
221 RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|ws://tools.immae.eu/$2 [P,NE,QSA,L]
223 RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|http://tools.immae.eu/$2 [P,NE,QSA,L]
225 Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
226 <Directory "/var/lib/buildbot/outputs/immae/bip39">
227 DirectoryIndex index.html
232 Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
233 <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
235 DirectoryIndex index.php
238 <FilesMatch "\.php$">
239 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
246 services.websites.env.tools.vhostConfs.outils = {
247 certName = "eldiron";
249 hosts = [ "outils.immae.eu" ];
253 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
255 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
257 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
258 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
260 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
261 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
262 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
263 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
265 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
267 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
269 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
271 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
273 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
280 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
281 wants = dokuwiki.phpFpm.serviceDeps;
284 after = lib.mkAfter phpbb.phpFpm.serviceDeps;
285 wants = phpbb.phpFpm.serviceDeps;
288 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
289 wants = kanboard.phpFpm.serviceDeps;
292 after = lib.mkAfter ldap.phpFpm.serviceDeps;
293 wants = ldap.phpFpm.serviceDeps;
296 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
297 wants = shaarli.phpFpm.serviceDeps;
300 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
301 wants = ttrss.phpFpm.serviceDeps;
304 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
305 wants = wallabag.phpFpm.serviceDeps;
306 preStart = lib.mkAfter wallabag.phpFpm.preStart;
309 after = lib.mkAfter yourls.phpFpm.serviceDeps;
310 wants = yourls.phpFpm.serviceDeps;
313 description = "send push notifications to your phone or desktop via scripts from any computer";
314 wantedBy = [ "multi-user.target" ];
316 ExecStart = "${pkgs.ntfy-sh}/bin/ntfy serve --listen-http '' --listen-unix %t/ntfy/ntfy.sock --cache-file %S/ntfy/cache.db --cache-duration 120h --behind-proxy --attachment-cache-dir %S/ntfy/attachments --base-url https://tools.immae.eu/ntfy";
318 WorkingDirectory = "%S/ntfy";
319 RuntimeDirectory = "ntfy";
320 StateDirectory = "ntfy";
325 description = "Standalone MPD Web GUI written in C";
326 wantedBy = [ "multi-user.target" ];
328 export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
329 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
333 description = "Tiny Tiny RSS feeds update daemon";
336 ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
337 StandardOutput = "syslog";
338 StandardError = "syslog";
339 PermissionsStartOnly = true;
342 wantedBy = [ "multi-user.target" ];
343 requires = ["postgresql.service"];
344 after = ["network.target" "postgresql.service"];
348 services.filesWatcher.ympd = {
350 paths = [ config.secrets.fullPaths."mpd" ];
353 services.phpfpm.pools = {
358 "listen.owner" = "wwwrun";
359 "listen.group" = "wwwrun";
361 "pm.max_children" = "60";
362 "pm.start_servers" = "2";
363 "pm.min_spare_servers" = "1";
364 "pm.max_spare_servers" = "10";
366 "php_admin_value[session.save_handler]" = "redis";
367 "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Tools:'";
368 # Needed to avoid clashes in browser cookies (same domain)
369 "php_value[session.name]" = "ToolsPHPSESSID";
370 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
371 "/run/wrappers/bin/sendmail" landing "/tmp"
372 config.secrets.fullPaths."webapps/webhooks"
373 "${webhooks-bin-env}/bin"
377 CONTACT_EMAIL = config.myEnv.tools.contact;
379 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]);
385 "listen.owner" = "wwwrun";
386 "listen.group" = "wwwrun";
388 "pm.max_children" = "60";
389 "pm.start_servers" = "2";
390 "pm.min_spare_servers" = "1";
391 "pm.max_spare_servers" = "10";
393 "php_admin_value[session.save_handler]" = "redis";
394 "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Devtools:'";
395 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
397 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.sqlite3 all.redis all.apcu all.opcache ]);
399 adminer = adminer.phpFpm;
403 settings = ttrss.phpFpm.pool;
404 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
409 settings = wallabag.phpFpm.pool;
410 phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy all.redis]);
415 settings = yourls.phpFpm.pool;
416 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
421 settings = rompr.phpFpm.pool;
422 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
427 settings = shaarli.phpFpm.pool;
428 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
433 settings = dmarc-reports.phpFpm.pool;
434 phpEnv = dmarc-reports.phpFpm.phpEnv;
435 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
440 settings = dokuwiki.phpFpm.pool;
441 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
446 settings = phpbb.phpFpm.pool;
447 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
452 settings = ldap.phpFpm.pool;
453 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
458 settings = kanboard.phpFpm.pool;
459 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
464 settings = grocy.phpFpm.pool;
465 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
469 system.activationScripts = {
470 grocy = grocy.activationScript;
471 ttrss = ttrss.activationScript;
472 wallabag = wallabag.activationScript;
473 rompr = rompr.activationScript;
474 shaarli = shaarli.activationScript;
475 dokuwiki = dokuwiki.activationScript;
476 phpbb = phpbb.activationScript;
477 kanboard = kanboard.activationScript;
480 services.websites.env.tools.watchPaths = [
481 config.secrets.fullPaths."webapps/tools-shaarli"
483 services.filesWatcher.phpfpm-wallabag = {
485 paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];