1 { lib, pkgs, config, ... }:
3 flakeCompat = import ../../../../../lib/flake-compat.nix;
5 adminer = pkgs.callPackage ./adminer.nix {};
6 ympd = pkgs.callPackage ./ympd.nix {
7 env = config.myEnv.tools.ympd;
9 ttrss = pkgs.callPackage ./ttrss.nix {
10 inherit (pkgs.webapps) ttrss ttrss-plugins;
11 env = config.myEnv.tools.ttrss;
15 kanboard = pkgs.callPackage ./kanboard.nix {
17 env = config.myEnv.tools.kanboard;
19 wallabag = pkgs.callPackage ./wallabag.nix {
20 wallabag = pkgs.webapps.wallabag.override {
21 composerEnv = pkgs.composerEnv.override {
22 php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
25 env = config.myEnv.tools.wallabag;
28 yourls = pkgs.callPackage ./yourls.nix {
29 inherit (pkgs.webapps) yourls yourls-plugins;
30 env = config.myEnv.tools.yourls;
33 rompr = pkgs.callPackage ./rompr.nix {
34 inherit (pkgs.webapps) rompr;
35 env = config.myEnv.tools.rompr;
37 shaarli = pkgs.callPackage ./shaarli.nix {
38 env = config.myEnv.tools.shaarli;
41 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
42 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
44 ldap = pkgs.callPackage ./ldap.nix {
45 inherit (pkgs.webapps) phpldapadmin;
46 env = config.myEnv.tools.phpldapadmin;
49 grocy = pkgs.callPackage ./grocy.nix {
50 grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
52 phpbb = pkgs.callPackage ./phpbb.nix {
53 phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
54 e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
55 e.empteintesduweb.monitoranswers e.lr94.autosubscribe
56 e.phpbbmodders.adduser ]);
58 webhooks = pkgs.callPackage ./webhooks.nix {
59 env = config.myEnv.tools.webhooks;
61 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
62 env = config.myEnv.tools.dmarc_reports;
65 csp-reports = pkgs.callPackage ./csp_reports.nix {
66 env = config.myEnv.tools.csp_reports;
69 landing = pkgs.callPackage ./landing.nix {};
71 cfg = config.myServices.websites.tools.tools;
72 pcfg = config.services.phpfpm.pools;
75 builtins.attrValues (flakeCompat ../../../../../flakes/private/paste).nixosModules;
77 options.myServices.websites.tools.tools = {
78 enable = lib.mkEnableOption "enable tools website";
81 config = lib.mkIf cfg.enable {
93 services.websites.env.tools.modules =
95 ++ adminer.apache.modules
96 ++ ympd.apache.modules
97 ++ ttrss.apache.modules
98 ++ wallabag.apache.modules
99 ++ yourls.apache.modules
100 ++ rompr.apache.modules
101 ++ shaarli.apache.modules
102 ++ dokuwiki.apache.modules
103 ++ dmarc-reports.apache.modules
104 ++ phpbb.apache.modules
105 ++ ldap.apache.modules
106 ++ kanboard.apache.modules;
108 services.websites.env.integration.vhostConfs.devtools = {
109 certName = "integration";
110 certMainHost = "tools.immae.dev";
112 hosts = [ "tools.immae.dev" ];
113 root = "/var/lib/ftp/immae/devtools";
116 Use Apaxy "/var/lib/ftp/immae/devtools" "title"
119 Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
120 <Directory "/var/lib/ftp/immae/devtools">
121 DirectoryIndex index.php index.htm index.html
124 <FilesMatch "\.php$">
125 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
132 services.websites.env.tools.vhostConfs.tools = {
133 certName = "eldiron";
135 hosts = ["tools.immae.eu" ];
139 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
140 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
141 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
143 <Directory "${landing}">
144 DirectoryIndex index.html
148 <FilesMatch "\.php$">
149 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
153 (adminer.apache.vhostConf pcfg.adminer.socket)
154 ympd.apache.vhostConf
155 (ttrss.apache.vhostConf pcfg.ttrss.socket)
156 (wallabag.apache.vhostConf pcfg.wallabag.socket)
157 (yourls.apache.vhostConf pcfg.yourls.socket)
158 (rompr.apache.vhostConf pcfg.rompr.socket)
159 (shaarli.apache.vhostConf pcfg.shaarli.socket)
160 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
161 (ldap.apache.vhostConf pcfg.ldap.socket)
162 (kanboard.apache.vhostConf pcfg.kanboard.socket)
163 (grocy.apache.vhostConf pcfg.grocy.socket)
164 (phpbb.apache.vhostConf pcfg.phpbb.socket)
165 (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
168 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
169 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
173 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
174 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
178 Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
179 <Directory "/var/lib/buildbot/outputs/immae/bip39">
180 DirectoryIndex index.html
185 Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
186 <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
190 <FilesMatch "\.php$">
191 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
198 services.websites.env.tools.vhostConfs.outils = {
199 certName = "eldiron";
201 hosts = [ "outils.immae.eu" ];
205 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
207 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
209 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
210 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
212 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
213 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
214 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
215 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
217 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
219 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
221 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
223 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
225 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
232 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
233 wants = dokuwiki.phpFpm.serviceDeps;
236 after = lib.mkAfter phpbb.phpFpm.serviceDeps;
237 wants = phpbb.phpFpm.serviceDeps;
240 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
241 wants = kanboard.phpFpm.serviceDeps;
244 after = lib.mkAfter ldap.phpFpm.serviceDeps;
245 wants = ldap.phpFpm.serviceDeps;
248 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
249 wants = shaarli.phpFpm.serviceDeps;
252 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
253 wants = ttrss.phpFpm.serviceDeps;
256 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
257 wants = wallabag.phpFpm.serviceDeps;
258 preStart = lib.mkAfter wallabag.phpFpm.preStart;
261 after = lib.mkAfter yourls.phpFpm.serviceDeps;
262 wants = yourls.phpFpm.serviceDeps;
265 description = "Standalone MPD Web GUI written in C";
266 wantedBy = [ "multi-user.target" ];
268 export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
269 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
273 description = "Tiny Tiny RSS feeds update daemon";
276 ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
277 StandardOutput = "syslog";
278 StandardError = "syslog";
279 PermissionsStartOnly = true;
282 wantedBy = [ "multi-user.target" ];
283 requires = ["postgresql.service"];
284 after = ["network.target" "postgresql.service"];
288 services.filesWatcher.ympd = {
290 paths = [ config.secrets.fullPaths."mpd" ];
293 services.phpfpm.pools = {
298 "listen.owner" = "wwwrun";
299 "listen.group" = "wwwrun";
301 "pm.max_children" = "60";
302 "pm.start_servers" = "2";
303 "pm.min_spare_servers" = "1";
304 "pm.max_spare_servers" = "10";
306 # Needed to avoid clashes in browser cookies (same domain)
307 "php_value[session.name]" = "ToolsPHPSESSID";
308 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
309 "/run/wrappers/bin/sendmail" landing "/tmp"
310 config.secrets.fullPaths."webapps/webhooks"
312 "include" = config.secrets.fullPaths."webapps/tools-csp-reports.conf";
315 CONTACT_EMAIL = config.myEnv.tools.contact;
317 phpPackage = pkgs.php72;
323 "listen.owner" = "wwwrun";
324 "listen.group" = "wwwrun";
326 "pm.max_children" = "60";
327 "pm.start_servers" = "2";
328 "pm.min_spare_servers" = "1";
329 "pm.max_spare_servers" = "10";
331 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
333 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
335 adminer = adminer.phpFpm;
339 settings = ttrss.phpFpm.pool;
340 phpPackage = pkgs.php72;
345 settings = wallabag.phpFpm.pool;
346 phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
351 settings = yourls.phpFpm.pool;
352 phpPackage = pkgs.php72;
357 settings = rompr.phpFpm.pool;
358 phpPackage = pkgs.php72;
363 settings = shaarli.phpFpm.pool;
364 phpPackage = pkgs.php72;
369 settings = dmarc-reports.phpFpm.pool;
370 phpEnv = dmarc-reports.phpFpm.phpEnv;
371 phpPackage = pkgs.php72;
376 settings = dokuwiki.phpFpm.pool;
377 phpPackage = pkgs.php72;
382 settings = phpbb.phpFpm.pool;
383 phpPackage = pkgs.php72;
388 settings = ldap.phpFpm.pool;
389 phpPackage = pkgs.php72;
394 settings = kanboard.phpFpm.pool;
395 phpPackage = pkgs.php72;
400 settings = grocy.phpFpm.pool;
401 phpPackage = pkgs.php72;
405 system.activationScripts = {
406 adminer = adminer.activationScript;
407 grocy = grocy.activationScript;
408 ttrss = ttrss.activationScript;
409 wallabag = wallabag.activationScript;
410 yourls = yourls.activationScript;
411 rompr = rompr.activationScript;
412 shaarli = shaarli.activationScript;
413 dokuwiki = dokuwiki.activationScript;
414 phpbb = phpbb.activationScript;
415 kanboard = kanboard.activationScript;
416 ldap = ldap.activationScript;
419 services.websites.env.tools.watchPaths = [
420 config.secrets.fullPaths."webapps/tools-shaarli"
422 services.filesWatcher.phpfpm-wallabag = {
424 paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];