1 { lib, pkgs, config, mypackages-lib, grocy, ... }:
3 composerEnv = mypackages-lib.composerEnv;
4 adminer = pkgs.callPackage ./adminer.nix { inherit config; };
5 ympd = pkgs.callPackage ./ympd.nix {
6 env = config.myEnv.tools.ympd;
9 ttrss = pkgs.callPackage ./ttrss.nix {
10 ttrss = pkgs.webapps-ttrss;
11 ttrss-plugins = pkgs.webapps-ttrss-plugins;
12 env = config.myEnv.tools.ttrss;
16 kanboard = pkgs.callPackage ./kanboard.nix {
18 env = config.myEnv.tools.kanboard;
20 wallabag = pkgs.callPackage ./wallabag.nix {
21 wallabag = pkgs.webapps-wallabag.override {
22 composerEnv = composerEnv.override {
23 php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
26 env = config.myEnv.tools.wallabag;
29 yourls = pkgs.callPackage ./yourls.nix {
30 yourls = pkgs.webapps-yourls;
31 yourls-plugins = pkgs.webapps-yourls-plugins;
32 env = config.myEnv.tools.yourls;
35 rompr = pkgs.callPackage ./rompr.nix {
36 rompr = pkgs.webapps-rompr;
37 env = config.myEnv.tools.rompr;
40 shaarli = pkgs.callPackage ./shaarli.nix {
41 env = config.myEnv.tools.shaarli;
44 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
45 dokuwiki = pkgs.webapps-dokuwiki;
46 dokuwiki-plugins = pkgs.webapps-dokuwiki-plugins;
49 ldap = pkgs.callPackage ./ldap.nix {
50 phpldapadmin = pkgs.webapps-phpldapadmin;
51 env = config.myEnv.tools.phpldapadmin;
54 grocy' = pkgs.callPackage ./grocy.nix {
55 grocy = grocy.override { composerEnv = composerEnv.override { php = pkgs.php72; }; };
57 phpbb = pkgs.callPackage ./phpbb.nix {
58 phpbb = (pkgs.webapps-phpbb.withLangs (l: [ l.fr ])).withExts (e: [
59 e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
60 e.empteintesduweb.monitoranswers e.lr94.autosubscribe
61 e.phpbbmodders.adduser ]);
63 webhooks-bin-env = pkgs.buildEnv {
65 paths = [ pkgs.apprise ];
66 pathsToLink = [ "/bin" ];
68 webhooks = pkgs.callPackage ./webhooks.nix {
69 env = config.myEnv.tools.webhooks;
70 binEnv = webhooks-bin-env;
72 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
73 env = config.myEnv.tools.dmarc_reports;
77 landing = pkgs.callPackage ./landing.nix { };
79 cfg = config.myServices.websites.tools.tools;
80 pcfg = config.services.phpfpm.pools;
82 options.myServices.websites.tools.tools = {
83 enable = lib.mkEnableOption "enable tools website";
86 config = lib.mkIf cfg.enable {
87 # Services needing to send e-mails
88 myServices.dns.zones."immae.eu".emailPolicies."tools".receive = true;
89 myServices.dns.zones."immae.eu".subdomains =
90 with config.myServices.dns.helpers;
92 outils = ips servers.eldiron.ips.main;
94 (mailCommon "immae.eu")
96 (ips servers.eldiron.ips.main)
100 myServices.chatonsProperties.services = {
101 adminer = adminer.chatonsProperties;
102 dokuwiki = dokuwiki.chatonsProperties;
103 shaarli = shaarli.chatonsProperties;
104 ttrss = ttrss.chatonsProperties;
105 wallabag = wallabag.chatonsProperties;
107 file.datetime = "2022-08-22T00:15:00";
110 description = "A simple paster script with syntax highlight";
111 website = "https://tools.immae.eu/paste/";
112 logo = "https://assets.immae.eu/logo.jpg";
114 status.description = "OK";
115 registration."" = ["MEMBER" "CLIENT"];
116 registration.load = "OPEN";
117 install.type = "PACKAGE";
118 guide.user = "https://tools.immae.eu/paste/";
122 website = "https://tools.immae.eu/paste/";
123 license.url = "https://tools.immae.eu/paste/license";
124 license.name = "MIT License";
125 version = "Unversioned";
126 source.url = "https://tools.immae.eu/paste/abcd123/py";
130 myServices.chatonsProperties.hostings = {
131 dokuwiki = dokuwiki.chatonsHostingProperties;
132 phpbb = phpbb.chatonsHostingProperties;
141 // dmarc-reports.keys
143 // ({ "webapps/tools-landing-sql-rw" = {
146 permissions = "0400";
148 env = config.myEnv.tools.landing;
150 SetEnv PGUSER "${env.postgresql.user}"
151 SetEnv PGPASSWORD "${env.postgresql.password}"
152 SetEnv PGDATABASE "${env.postgresql.database}"
153 SetEnv PGHOST "${env.postgresql.socket}"
156 services.websites.env.tools.modules =
158 ++ adminer.apache.modules
159 ++ ympd.apache.modules
160 ++ ttrss.apache.modules
161 ++ wallabag.apache.modules
162 ++ yourls.apache.modules
163 ++ rompr.apache.modules
164 ++ shaarli.apache.modules
165 ++ dokuwiki.apache.modules
166 ++ dmarc-reports.apache.modules
167 ++ phpbb.apache.modules
168 ++ ldap.apache.modules
169 ++ kanboard.apache.modules;
171 myServices.dns.zones."immae.dev" = with config.myServices.dns.helpers; {
172 subdomains.tools = ips servers.eldiron.ips.integration;
174 security.acme.certs.integration.domain = "tools.immae.dev";
175 services.websites.env.integration.vhostConfs.devtools = {
176 certName = "integration";
177 hosts = [ "tools.immae.dev" ];
178 root = "/var/lib/ftp/immae/devtools";
181 Use Apaxy "/var/lib/ftp/immae/devtools" "title"
184 Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
185 <Directory "/var/lib/ftp/immae/devtools">
186 DirectoryIndex index.php index.htm index.html
189 <FilesMatch "\.php$">
190 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
198 security.acme.certs.eldiron.extraDomainNames = [ "outils.immae.eu" "tools.immae.eu" ];
199 services.websites.env.tools.vhostConfs.tools = {
200 certName = "eldiron";
201 hosts = ["tools.immae.eu" ];
205 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
206 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
207 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
209 <Directory "${landing}">
210 Include ${config.secrets.fullPaths."webapps/tools-landing-sql-rw"}
211 DirectoryIndex index.html
215 <FilesMatch "\.php$">
216 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
220 (adminer.apache.vhostConf pcfg.adminer.socket)
221 ympd.apache.vhostConf
222 (ttrss.apache.vhostConf pcfg.ttrss.socket)
223 (wallabag.apache.vhostConf pcfg.wallabag.socket)
224 (yourls.apache.vhostConf pcfg.yourls.socket)
225 (rompr.apache.vhostConf pcfg.rompr.socket)
226 (shaarli.apache.vhostConf pcfg.shaarli.socket)
227 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
228 (ldap.apache.vhostConf pcfg.ldap.socket)
229 (kanboard.apache.vhostConf pcfg.kanboard.socket)
230 (grocy'.apache.vhostConf pcfg.grocy.socket)
231 (phpbb.apache.vhostConf pcfg.phpbb.socket)
232 (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
235 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
236 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
240 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
241 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
246 SetEnv proxy-nokeepalive 1
247 SetEnv proxy-sendchunked 1
248 LimitRequestBody 102400
252 # FIXME: why is landing prefixed in the url?
253 RewriteCond %{HTTP:Upgrade} websocket [NC]
254 RewriteCond %{HTTP:Connection} upgrade [NC]
255 RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|ws://tools.immae.eu/$2 [P,NE,QSA,L]
257 RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|http://tools.immae.eu/$2 [P,NE,QSA,L]
259 Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
260 <Directory "/var/lib/buildbot/outputs/immae/bip39">
261 DirectoryIndex index.html
266 Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
267 <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
269 DirectoryIndex index.php
272 <FilesMatch "\.php$">
273 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
280 services.websites.env.tools.vhostConfs.outils = {
281 certName = "eldiron";
282 hosts = [ "outils.immae.eu" ];
286 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
288 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
290 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
291 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
293 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
294 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
295 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
296 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
298 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
300 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
302 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
304 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
306 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
313 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
314 wants = dokuwiki.phpFpm.serviceDeps;
317 after = lib.mkAfter phpbb.phpFpm.serviceDeps;
318 wants = phpbb.phpFpm.serviceDeps;
321 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
322 wants = kanboard.phpFpm.serviceDeps;
325 after = lib.mkAfter ldap.phpFpm.serviceDeps;
326 wants = ldap.phpFpm.serviceDeps;
329 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
330 wants = shaarli.phpFpm.serviceDeps;
333 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
334 wants = ttrss.phpFpm.serviceDeps;
337 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
338 wants = wallabag.phpFpm.serviceDeps;
339 preStart = lib.mkAfter wallabag.phpFpm.preStart;
342 after = lib.mkAfter yourls.phpFpm.serviceDeps;
343 wants = yourls.phpFpm.serviceDeps;
346 description = "send push notifications to your phone or desktop via scripts from any computer";
347 wantedBy = [ "multi-user.target" ];
349 ExecStart = "${pkgs.ntfy-sh}/bin/ntfy serve --listen-http '' --listen-unix %t/ntfy/ntfy.sock --cache-file %S/ntfy/cache.db --cache-duration 120h --behind-proxy --attachment-cache-dir %S/ntfy/attachments --base-url https://tools.immae.eu/ntfy";
351 WorkingDirectory = "%S/ntfy";
352 RuntimeDirectory = "ntfy";
353 StateDirectory = "ntfy";
358 description = "Standalone MPD Web GUI written in C";
359 wantedBy = [ "multi-user.target" ];
361 export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
362 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
366 description = "Tiny Tiny RSS feeds update daemon";
369 ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
370 StandardOutput = "syslog";
371 StandardError = "syslog";
372 PermissionsStartOnly = true;
375 wantedBy = [ "multi-user.target" ];
376 requires = ["postgresql.service"];
377 after = ["network.target" "postgresql.service"];
381 services.filesWatcher.ympd = {
383 paths = [ config.secrets.fullPaths."mpd" ];
386 services.phpfpm.pools = {
391 "listen.owner" = "wwwrun";
392 "listen.group" = "wwwrun";
394 "pm.max_children" = "60";
395 "pm.start_servers" = "2";
396 "pm.min_spare_servers" = "1";
397 "pm.max_spare_servers" = "10";
399 "php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i";
400 "php_admin_value[session.save_handler]" = "redis";
401 "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Tools:'";
402 # Needed to avoid clashes in browser cookies (same domain)
403 "php_value[session.name]" = "ToolsPHPSESSID";
404 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
405 "/run/wrappers/bin/sendmail" landing "/tmp"
406 config.secrets.fullPaths."webapps/webhooks"
407 "${webhooks-bin-env}/bin"
411 CONTACT_EMAIL = config.myEnv.tools.contact;
413 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]);
419 "listen.owner" = "wwwrun";
420 "listen.group" = "wwwrun";
422 "pm.max_children" = "60";
423 "pm.start_servers" = "2";
424 "pm.min_spare_servers" = "1";
425 "pm.max_spare_servers" = "10";
427 "php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i";
428 "php_admin_value[session.save_handler]" = "redis";
429 "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Devtools:'";
430 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
432 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.sqlite3 all.redis all.apcu all.opcache ]);
434 adminer = adminer.phpFpm;
438 settings = ttrss.phpFpm.pool;
439 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
444 settings = wallabag.phpFpm.pool;
445 phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy all.redis]);
450 settings = yourls.phpFpm.pool;
451 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
456 settings = rompr.phpFpm.pool;
457 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
462 settings = shaarli.phpFpm.pool;
463 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
468 settings = dmarc-reports.phpFpm.pool;
469 phpEnv = dmarc-reports.phpFpm.phpEnv;
470 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
475 settings = dokuwiki.phpFpm.pool;
476 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
481 settings = phpbb.phpFpm.pool;
482 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
487 settings = ldap.phpFpm.pool;
488 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
493 settings = kanboard.phpFpm.pool;
494 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
499 settings = grocy'.phpFpm.pool;
500 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
504 system.activationScripts = {
505 grocy = grocy'.activationScript;
506 ttrss = ttrss.activationScript;
507 wallabag = wallabag.activationScript;
508 rompr = rompr.activationScript;
509 shaarli = shaarli.activationScript;
510 dokuwiki = dokuwiki.activationScript;
511 phpbb = phpbb.activationScript;
512 kanboard = kanboard.activationScript;
515 services.websites.env.tools.watchPaths = [
516 config.secrets.fullPaths."webapps/tools-shaarli"
518 services.filesWatcher.phpfpm-wallabag = {
520 paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
523 myServices.monitoring.fromMasterActivatedPlugins = lib.mkMerge [
524 ttrss.monitoringPlugins
525 rompr.monitoringPlugins
526 wallabag.monitoringPlugins
527 yourls.monitoringPlugins
528 ympd.monitoringPlugins
529 dokuwiki.monitoringPlugins
530 shaarli.monitoringPlugins
531 ldap.monitoringPlugins
532 adminer.monitoringPlugins
534 myServices.monitoring.fromMasterObjects = lib.mkMerge [
535 ttrss.monitoringObjects
536 rompr.monitoringObjects
537 wallabag.monitoringObjects
538 yourls.monitoringObjects
539 ympd.monitoringObjects
540 dokuwiki.monitoringObjects
541 shaarli.monitoringObjects
542 ldap.monitoringObjects
543 adminer.monitoringObjects