1 { lib, pkgs, config, mypackages-lib, grocy, ... }:
3 composerEnv = mypackages-lib.composerEnv;
4 adminer = pkgs.callPackage ./adminer.nix { inherit config; };
5 ympd = pkgs.callPackage ./ympd.nix {
6 env = config.myEnv.tools.ympd;
9 ttrss = pkgs.callPackage ./ttrss.nix {
10 ttrss = pkgs.webapps-ttrss;
11 ttrss-plugins = pkgs.webapps-ttrss-plugins;
12 env = config.myEnv.tools.ttrss;
16 kanboard = pkgs.callPackage ./kanboard.nix {
18 env = config.myEnv.tools.kanboard;
20 wallabag = pkgs.callPackage ./wallabag.nix {
21 wallabag = pkgs.webapps-wallabag.override {
22 composerEnv = composerEnv.override {
23 php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
26 env = config.myEnv.tools.wallabag;
29 yourls = pkgs.callPackage ./yourls.nix {
30 yourls = pkgs.webapps-yourls;
31 yourls-plugins = pkgs.webapps-yourls-plugins;
32 env = config.myEnv.tools.yourls;
35 rompr = pkgs.callPackage ./rompr.nix {
36 rompr = pkgs.webapps-rompr;
37 env = config.myEnv.tools.rompr;
40 shaarli = pkgs.callPackage ./shaarli.nix {
41 env = config.myEnv.tools.shaarli;
44 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
45 dokuwiki = pkgs.webapps-dokuwiki;
46 dokuwiki-plugins = pkgs.webapps-dokuwiki-plugins;
49 ldap = pkgs.callPackage ./ldap.nix {
50 phpldapadmin = pkgs.webapps-phpldapadmin;
51 env = config.myEnv.tools.phpldapadmin;
54 grocy' = pkgs.callPackage ./grocy.nix {
55 grocy = grocy.override { composerEnv = composerEnv.override { php = pkgs.php72; }; };
57 phpbb = pkgs.callPackage ./phpbb.nix {
58 phpbb = (pkgs.webapps-phpbb.withLangs (l: [ l.fr ])).withExts (e: [
59 e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
60 e.empteintesduweb.monitoranswers e.lr94.autosubscribe
61 e.phpbbmodders.adduser ]);
63 webhooks-bin-env = pkgs.buildEnv {
65 paths = [ pkgs.apprise ];
66 pathsToLink = [ "/bin" ];
68 webhooks = pkgs.callPackage ./webhooks.nix {
69 env = config.myEnv.tools.webhooks;
70 binEnv = webhooks-bin-env;
72 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
73 env = config.myEnv.tools.dmarc_reports;
77 landing = pkgs.callPackage ./landing.nix { };
79 matrix = pkgs.element-web.override {
81 default_server_config."m.homeserver" = {
82 base_url = "https://synapse.immae.eu";
83 server_name = "immae.eu";
85 default_server_config."m.identity_server" = {
86 base_url = "https://vector.im";
88 room_directory.servers = [ "immae.eu" "matrix.org" ];
92 cfg = config.myServices.websites.tools.tools;
93 pcfg = config.services.phpfpm.pools;
95 options.myServices.websites.tools.tools = {
96 enable = lib.mkEnableOption "enable tools website";
99 config = lib.mkIf cfg.enable {
100 # Services needing to send e-mails
101 myServices.dns.zones."immae.eu".emailPolicies."tools".receive = true;
102 myServices.dns.zones."immae.eu".subdomains =
103 with config.myServices.dns.helpers;
105 outils = ips servers.eldiron.ips.main;
106 tools = lib.mkMerge [
107 (mailCommon "immae.eu" true)
109 (ips servers.eldiron.ips.main)
111 synapse = ips servers.zoldene.ips.main;
114 services.borgBackup.profiles.global.ignoredPaths = [
119 services.borgBackup.profiles.global.includedPaths = [
129 myServices.chatonsProperties.services = {
130 adminer = adminer.chatonsProperties;
131 dokuwiki = dokuwiki.chatonsProperties;
132 shaarli = shaarli.chatonsProperties;
133 ttrss = ttrss.chatonsProperties;
134 wallabag = wallabag.chatonsProperties;
136 file.datetime = "2022-08-22T00:15:00";
139 description = "A simple paster script with syntax highlight";
140 website = "https://tools.immae.eu/paste/";
141 logo = "https://assets.immae.eu/logo.jpg";
143 status.description = "OK";
144 registration."" = ["MEMBER" "CLIENT"];
145 registration.load = "OPEN";
146 install.type = "PACKAGE";
147 guide.user = "https://tools.immae.eu/paste/";
151 website = "https://tools.immae.eu/paste/";
152 license.url = "https://tools.immae.eu/paste/license";
153 license.name = "MIT License";
154 version = "Unversioned";
155 source.url = "https://tools.immae.eu/paste/abcd123/py";
159 myServices.chatonsProperties.hostings = {
160 dokuwiki = dokuwiki.chatonsHostingProperties;
161 phpbb = phpbb.chatonsHostingProperties;
170 // dmarc-reports.keys
172 // ({ "webapps/tools-landing-sql-rw" = {
175 permissions = "0400";
177 env = config.myEnv.tools.landing;
179 SetEnv PGUSER "${env.postgresql.user}"
180 SetEnv PGPASSWORD "${env.postgresql.password}"
181 SetEnv PGDATABASE "${env.postgresql.database}"
182 SetEnv PGHOST "${env.postgresql.socket}"
185 services.websites.env.tools.modules =
187 ++ adminer.apache.modules
188 ++ ympd.apache.modules
189 ++ ttrss.apache.modules
190 ++ wallabag.apache.modules
191 ++ yourls.apache.modules
192 ++ rompr.apache.modules
193 ++ shaarli.apache.modules
194 ++ dokuwiki.apache.modules
195 ++ dmarc-reports.apache.modules
196 ++ phpbb.apache.modules
197 ++ ldap.apache.modules
198 ++ kanboard.apache.modules;
200 myServices.dns.zones."immae.dev" = with config.myServices.dns.helpers; {
201 subdomains.tools = ips servers.eldiron.ips.integration;
203 security.acme.certs.integration.domain = "tools.immae.dev";
204 services.websites.env.integration.vhostConfs.devtools = {
205 certName = "integration";
206 hosts = [ "tools.immae.dev" ];
207 root = "/var/lib/ftp/immae/devtools";
210 Use Apaxy "/var/lib/ftp/immae/devtools" "title"
213 Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
214 <Directory "/var/lib/ftp/immae/devtools">
215 DirectoryIndex index.php index.htm index.html
218 <FilesMatch "\.php$">
219 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
227 security.acme.certs.eldiron.extraDomainNames = [ "outils.immae.eu" "tools.immae.eu" ];
228 services.websites.env.tools.vhostConfs.tools = {
229 certName = "eldiron";
230 hosts = ["tools.immae.eu" ];
234 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
235 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
236 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
238 <Directory "${landing}">
239 Include ${config.secrets.fullPaths."webapps/tools-landing-sql-rw"}
240 DirectoryIndex index.html
244 <FilesMatch "\.php$">
245 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
249 (adminer.apache.vhostConf pcfg.adminer.socket)
250 ympd.apache.vhostConf
251 (ttrss.apache.vhostConf pcfg.ttrss.socket)
252 (wallabag.apache.vhostConf pcfg.wallabag.socket)
253 (yourls.apache.vhostConf pcfg.yourls.socket)
254 (rompr.apache.vhostConf pcfg.rompr.socket)
255 (shaarli.apache.vhostConf pcfg.shaarli.socket)
256 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
257 (ldap.apache.vhostConf pcfg.ldap.socket)
258 (kanboard.apache.vhostConf pcfg.kanboard.socket)
259 (grocy'.apache.vhostConf pcfg.grocy.socket)
260 (phpbb.apache.vhostConf pcfg.phpbb.socket)
261 (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
264 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
265 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
269 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
270 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
275 SetEnv proxy-nokeepalive 1
276 SetEnv proxy-sendchunked 1
277 LimitRequestBody 102400
281 # FIXME: why is landing prefixed in the url?
282 RewriteCond %{HTTP:Upgrade} websocket [NC]
283 RewriteCond %{HTTP:Connection} upgrade [NC]
284 RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|ws://tools.immae.eu/$2 [P,NE,QSA,L]
286 RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|http://tools.immae.eu/$2 [P,NE,QSA,L]
288 Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
289 <Directory "/var/lib/buildbot/outputs/immae/bip39">
290 DirectoryIndex index.html
295 Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
296 <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
298 DirectoryIndex index.php
301 <FilesMatch "\.php$">
302 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
306 Alias /matrix ${matrix}
307 <Directory "${matrix}">
308 DirectoryIndex index.html
316 services.websites.env.tools.vhostConfs.outils = {
317 certName = "eldiron";
318 hosts = [ "outils.immae.eu" ];
322 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
324 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
326 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
327 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
329 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
330 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
331 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
332 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
334 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
336 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
338 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
340 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
342 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
349 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
350 wants = dokuwiki.phpFpm.serviceDeps;
353 after = lib.mkAfter phpbb.phpFpm.serviceDeps;
354 wants = phpbb.phpFpm.serviceDeps;
357 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
358 wants = kanboard.phpFpm.serviceDeps;
361 after = lib.mkAfter ldap.phpFpm.serviceDeps;
362 wants = ldap.phpFpm.serviceDeps;
365 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
366 wants = shaarli.phpFpm.serviceDeps;
369 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
370 wants = ttrss.phpFpm.serviceDeps;
373 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
374 wants = wallabag.phpFpm.serviceDeps;
375 preStart = lib.mkAfter wallabag.phpFpm.preStart;
378 after = lib.mkAfter yourls.phpFpm.serviceDeps;
379 wants = yourls.phpFpm.serviceDeps;
382 description = "send push notifications to your phone or desktop via scripts from any computer";
383 wantedBy = [ "multi-user.target" ];
385 ExecStart = "${pkgs.ntfy-sh}/bin/ntfy serve --listen-http '' --listen-unix %t/ntfy/ntfy.sock --cache-file %S/ntfy/cache.db --cache-duration 120h --behind-proxy --attachment-cache-dir %S/ntfy/attachments --base-url https://tools.immae.eu/ntfy";
387 WorkingDirectory = "%S/ntfy";
388 RuntimeDirectory = "ntfy";
389 StateDirectory = "ntfy";
394 description = "Standalone MPD Web GUI written in C";
395 wantedBy = [ "multi-user.target" ];
397 export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
398 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
402 description = "Tiny Tiny RSS feeds update daemon";
405 ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
406 StandardOutput = "syslog";
407 StandardError = "syslog";
408 PermissionsStartOnly = true;
411 wantedBy = [ "multi-user.target" ];
412 requires = ["postgresql.service"];
413 after = ["network.target" "postgresql.service"];
417 services.filesWatcher.ympd = {
419 paths = [ config.secrets.fullPaths."mpd" ];
424 webDirectory = "/paste";
427 services.phpfpm.pools = {
432 "listen.owner" = "wwwrun";
433 "listen.group" = "wwwrun";
435 "pm.max_children" = "60";
436 "pm.start_servers" = "2";
437 "pm.min_spare_servers" = "1";
438 "pm.max_spare_servers" = "10";
440 "php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i";
441 "php_admin_value[session.save_handler]" = "redis";
442 "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Tools:'";
443 # Needed to avoid clashes in browser cookies (same domain)
444 "php_value[session.name]" = "ToolsPHPSESSID";
445 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
446 "/run/wrappers/bin/sendmail" landing "/tmp"
447 config.secrets.fullPaths."webapps/webhooks"
448 "${webhooks-bin-env}/bin"
452 CONTACT_EMAIL = config.myEnv.tools.contact;
454 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]);
460 "listen.owner" = "wwwrun";
461 "listen.group" = "wwwrun";
463 "pm.max_children" = "60";
464 "pm.start_servers" = "2";
465 "pm.min_spare_servers" = "1";
466 "pm.max_spare_servers" = "10";
468 "php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i";
469 "php_admin_value[session.save_handler]" = "redis";
470 "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Devtools:'";
471 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
473 phpPackage = pkgs.php82.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.sqlite3 all.redis all.apcu all.opcache ]);
475 adminer = adminer.phpFpm;
479 settings = ttrss.phpFpm.pool;
480 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
485 settings = wallabag.phpFpm.pool;
486 phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy all.redis]);
491 settings = yourls.phpFpm.pool;
492 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
497 settings = rompr.phpFpm.pool;
498 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
503 settings = shaarli.phpFpm.pool;
504 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
509 settings = dmarc-reports.phpFpm.pool;
510 phpEnv = dmarc-reports.phpFpm.phpEnv;
511 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
516 settings = dokuwiki.phpFpm.pool;
517 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
522 settings = phpbb.phpFpm.pool;
523 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
528 settings = ldap.phpFpm.pool;
529 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
534 settings = kanboard.phpFpm.pool;
535 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
540 settings = grocy'.phpFpm.pool;
541 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
545 system.activationScripts = {
546 grocy = grocy'.activationScript;
547 ttrss = ttrss.activationScript;
548 wallabag = wallabag.activationScript;
549 rompr = rompr.activationScript;
550 shaarli = shaarli.activationScript;
551 dokuwiki = dokuwiki.activationScript;
552 phpbb = phpbb.activationScript;
553 kanboard = kanboard.activationScript;
556 services.websites.env.tools.watchPaths = [
557 config.secrets.fullPaths."webapps/tools-shaarli"
559 services.filesWatcher.phpfpm-wallabag = {
561 paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
564 myServices.monitoring.fromMasterActivatedPlugins = lib.mkMerge [
565 ttrss.monitoringPlugins
566 rompr.monitoringPlugins
567 wallabag.monitoringPlugins
568 yourls.monitoringPlugins
569 ympd.monitoringPlugins
570 dokuwiki.monitoringPlugins
571 shaarli.monitoringPlugins
572 ldap.monitoringPlugins
573 adminer.monitoringPlugins
575 myServices.monitoring.fromMasterObjects = lib.mkMerge [
576 ttrss.monitoringObjects
577 rompr.monitoringObjects
578 wallabag.monitoringObjects
579 yourls.monitoringObjects
580 ympd.monitoringObjects
581 dokuwiki.monitoringObjects
582 shaarli.monitoringObjects
583 ldap.monitoringObjects
584 adminer.monitoringObjects