1 { lib, pkgs, config, mypackages-lib, grocy, ... }:
3 composerEnv = mypackages-lib.composerEnv;
4 adminer = pkgs.callPackage ./adminer.nix { inherit config; };
5 ympd = pkgs.callPackage ./ympd.nix {
6 env = config.myEnv.tools.ympd;
9 ttrss = pkgs.callPackage ./ttrss.nix {
10 ttrss = pkgs.webapps-ttrss;
11 ttrss-plugins = pkgs.webapps-ttrss-plugins;
12 env = config.myEnv.tools.ttrss;
16 kanboard = pkgs.callPackage ./kanboard.nix {
18 env = config.myEnv.tools.kanboard;
20 wallabag = pkgs.callPackage ./wallabag.nix {
21 wallabag = pkgs.webapps-wallabag.override {
22 composerEnv = composerEnv.override {
23 php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
26 env = config.myEnv.tools.wallabag;
29 yourls = pkgs.callPackage ./yourls.nix {
30 yourls = pkgs.webapps-yourls;
31 yourls-plugins = pkgs.webapps-yourls-plugins;
32 env = config.myEnv.tools.yourls;
35 rompr = pkgs.callPackage ./rompr.nix {
36 rompr = pkgs.webapps-rompr;
37 env = config.myEnv.tools.rompr;
40 shaarli = pkgs.callPackage ./shaarli.nix {
41 env = config.myEnv.tools.shaarli;
44 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
45 dokuwiki = pkgs.webapps-dokuwiki;
46 dokuwiki-plugins = pkgs.webapps-dokuwiki-plugins;
49 ldap = pkgs.callPackage ./ldap.nix {
50 phpldapadmin = pkgs.webapps-phpldapadmin;
51 env = config.myEnv.tools.phpldapadmin;
54 grocy' = pkgs.callPackage ./grocy.nix {
55 grocy = grocy.override { composerEnv = composerEnv.override { php = pkgs.php72; }; };
57 phpbb = pkgs.callPackage ./phpbb.nix {
58 phpbb = (pkgs.webapps-phpbb.withLangs (l: [ l.fr ])).withExts (e: [
59 e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
60 e.empteintesduweb.monitoranswers e.lr94.autosubscribe
61 e.phpbbmodders.adduser ]);
63 webhooks-bin-env = pkgs.buildEnv {
65 paths = [ pkgs.apprise ];
66 pathsToLink = [ "/bin" ];
68 webhooks = pkgs.callPackage ./webhooks.nix {
69 env = config.myEnv.tools.webhooks;
70 binEnv = webhooks-bin-env;
72 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
73 env = config.myEnv.tools.dmarc_reports;
77 landing = pkgs.callPackage ./landing.nix { };
79 cfg = config.myServices.websites.tools.tools;
80 pcfg = config.services.phpfpm.pools;
82 options.myServices.websites.tools.tools = {
83 enable = lib.mkEnableOption "enable tools website";
86 config = lib.mkIf cfg.enable {
87 # Services needing to send e-mails
88 myServices.dns.zones."immae.eu".emailPolicies."tools".receive = true;
89 myServices.dns.zones."immae.eu".subdomains =
90 with config.myServices.dns.helpers;
92 outils = ips servers.eldiron.ips.main;
94 (mailCommon "immae.eu" true)
96 (ips servers.eldiron.ips.main)
100 myServices.chatonsProperties.services = {
101 adminer = adminer.chatonsProperties;
102 dokuwiki = dokuwiki.chatonsProperties;
103 shaarli = shaarli.chatonsProperties;
104 ttrss = ttrss.chatonsProperties;
105 wallabag = wallabag.chatonsProperties;
107 file.datetime = "2022-08-22T00:15:00";
110 description = "A simple paster script with syntax highlight";
111 website = "https://tools.immae.eu/paste/";
112 logo = "https://assets.immae.eu/logo.jpg";
114 status.description = "OK";
115 registration."" = ["MEMBER" "CLIENT"];
116 registration.load = "OPEN";
117 install.type = "PACKAGE";
118 guide.user = "https://tools.immae.eu/paste/";
122 website = "https://tools.immae.eu/paste/";
123 license.url = "https://tools.immae.eu/paste/license";
124 license.name = "MIT License";
125 version = "Unversioned";
126 source.url = "https://tools.immae.eu/paste/abcd123/py";
130 myServices.chatonsProperties.hostings = {
131 dokuwiki = dokuwiki.chatonsHostingProperties;
132 phpbb = phpbb.chatonsHostingProperties;
141 // dmarc-reports.keys
143 // ({ "webapps/tools-landing-sql-rw" = {
146 permissions = "0400";
148 env = config.myEnv.tools.landing;
150 SetEnv PGUSER "${env.postgresql.user}"
151 SetEnv PGPASSWORD "${env.postgresql.password}"
152 SetEnv PGDATABASE "${env.postgresql.database}"
153 SetEnv PGHOST "${env.postgresql.socket}"
156 services.websites.env.tools.modules =
158 ++ adminer.apache.modules
159 ++ ympd.apache.modules
160 ++ ttrss.apache.modules
161 ++ wallabag.apache.modules
162 ++ yourls.apache.modules
163 ++ rompr.apache.modules
164 ++ shaarli.apache.modules
165 ++ dokuwiki.apache.modules
166 ++ dmarc-reports.apache.modules
167 ++ phpbb.apache.modules
168 ++ ldap.apache.modules
169 ++ kanboard.apache.modules;
171 myServices.dns.zones."immae.dev" = with config.myServices.dns.helpers; {
172 subdomains.tools = ips servers.eldiron.ips.integration;
174 security.acme.certs.integration.domain = "tools.immae.dev";
175 services.websites.env.integration.vhostConfs.devtools = {
176 certName = "integration";
177 hosts = [ "tools.immae.dev" ];
178 root = "/var/lib/ftp/immae/devtools";
181 Use Apaxy "/var/lib/ftp/immae/devtools" "title"
184 Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
185 <Directory "/var/lib/ftp/immae/devtools">
186 DirectoryIndex index.php index.htm index.html
189 <FilesMatch "\.php$">
190 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
198 security.acme.certs.eldiron.extraDomainNames = [ "outils.immae.eu" "tools.immae.eu" ];
199 services.websites.env.tools.vhostConfs.tools = {
200 certName = "eldiron";
201 hosts = ["tools.immae.eu" ];
205 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
206 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
207 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
209 <Directory "${landing}">
210 Include ${config.secrets.fullPaths."webapps/tools-landing-sql-rw"}
211 DirectoryIndex index.html
215 <FilesMatch "\.php$">
216 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
220 (adminer.apache.vhostConf pcfg.adminer.socket)
221 ympd.apache.vhostConf
222 (ttrss.apache.vhostConf pcfg.ttrss.socket)
223 (wallabag.apache.vhostConf pcfg.wallabag.socket)
224 (yourls.apache.vhostConf pcfg.yourls.socket)
225 (rompr.apache.vhostConf pcfg.rompr.socket)
226 (shaarli.apache.vhostConf pcfg.shaarli.socket)
227 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
228 (ldap.apache.vhostConf pcfg.ldap.socket)
229 (kanboard.apache.vhostConf pcfg.kanboard.socket)
230 (grocy'.apache.vhostConf pcfg.grocy.socket)
231 (phpbb.apache.vhostConf pcfg.phpbb.socket)
232 (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
235 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
236 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
240 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
241 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
246 SetEnv proxy-nokeepalive 1
247 SetEnv proxy-sendchunked 1
248 LimitRequestBody 102400
252 # FIXME: why is landing prefixed in the url?
253 RewriteCond %{HTTP:Upgrade} websocket [NC]
254 RewriteCond %{HTTP:Connection} upgrade [NC]
255 RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|ws://tools.immae.eu/$2 [P,NE,QSA,L]
257 RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|http://tools.immae.eu/$2 [P,NE,QSA,L]
259 Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
260 <Directory "/var/lib/buildbot/outputs/immae/bip39">
261 DirectoryIndex index.html
266 Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
267 <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
269 DirectoryIndex index.php
272 <FilesMatch "\.php$">
273 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
280 services.websites.env.tools.vhostConfs.outils = {
281 certName = "eldiron";
282 hosts = [ "outils.immae.eu" ];
286 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
288 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
290 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
291 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
293 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
294 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
295 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
296 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
298 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
300 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
302 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
304 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
306 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
313 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
314 wants = dokuwiki.phpFpm.serviceDeps;
317 after = lib.mkAfter phpbb.phpFpm.serviceDeps;
318 wants = phpbb.phpFpm.serviceDeps;
321 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
322 wants = kanboard.phpFpm.serviceDeps;
325 after = lib.mkAfter ldap.phpFpm.serviceDeps;
326 wants = ldap.phpFpm.serviceDeps;
329 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
330 wants = shaarli.phpFpm.serviceDeps;
333 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
334 wants = ttrss.phpFpm.serviceDeps;
337 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
338 wants = wallabag.phpFpm.serviceDeps;
339 preStart = lib.mkAfter wallabag.phpFpm.preStart;
342 after = lib.mkAfter yourls.phpFpm.serviceDeps;
343 wants = yourls.phpFpm.serviceDeps;
346 description = "send push notifications to your phone or desktop via scripts from any computer";
347 wantedBy = [ "multi-user.target" ];
349 ExecStart = "${pkgs.ntfy-sh}/bin/ntfy serve --listen-http '' --listen-unix %t/ntfy/ntfy.sock --cache-file %S/ntfy/cache.db --cache-duration 120h --behind-proxy --attachment-cache-dir %S/ntfy/attachments --base-url https://tools.immae.eu/ntfy";
351 WorkingDirectory = "%S/ntfy";
352 RuntimeDirectory = "ntfy";
353 StateDirectory = "ntfy";
358 description = "Standalone MPD Web GUI written in C";
359 wantedBy = [ "multi-user.target" ];
361 export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
362 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
366 description = "Tiny Tiny RSS feeds update daemon";
369 ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
370 StandardOutput = "syslog";
371 StandardError = "syslog";
372 PermissionsStartOnly = true;
375 wantedBy = [ "multi-user.target" ];
376 requires = ["postgresql.service"];
377 after = ["network.target" "postgresql.service"];
381 services.filesWatcher.ympd = {
383 paths = [ config.secrets.fullPaths."mpd" ];
388 webDirectory = "/paste";
391 services.phpfpm.pools = {
396 "listen.owner" = "wwwrun";
397 "listen.group" = "wwwrun";
399 "pm.max_children" = "60";
400 "pm.start_servers" = "2";
401 "pm.min_spare_servers" = "1";
402 "pm.max_spare_servers" = "10";
404 "php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i";
405 "php_admin_value[session.save_handler]" = "redis";
406 "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Tools:'";
407 # Needed to avoid clashes in browser cookies (same domain)
408 "php_value[session.name]" = "ToolsPHPSESSID";
409 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
410 "/run/wrappers/bin/sendmail" landing "/tmp"
411 config.secrets.fullPaths."webapps/webhooks"
412 "${webhooks-bin-env}/bin"
416 CONTACT_EMAIL = config.myEnv.tools.contact;
418 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]);
424 "listen.owner" = "wwwrun";
425 "listen.group" = "wwwrun";
427 "pm.max_children" = "60";
428 "pm.start_servers" = "2";
429 "pm.min_spare_servers" = "1";
430 "pm.max_spare_servers" = "10";
432 "php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i";
433 "php_admin_value[session.save_handler]" = "redis";
434 "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Devtools:'";
435 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
437 phpPackage = pkgs.php82.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.sqlite3 all.redis all.apcu all.opcache ]);
439 adminer = adminer.phpFpm;
443 settings = ttrss.phpFpm.pool;
444 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
449 settings = wallabag.phpFpm.pool;
450 phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy all.redis]);
455 settings = yourls.phpFpm.pool;
456 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
461 settings = rompr.phpFpm.pool;
462 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
467 settings = shaarli.phpFpm.pool;
468 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
473 settings = dmarc-reports.phpFpm.pool;
474 phpEnv = dmarc-reports.phpFpm.phpEnv;
475 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
480 settings = dokuwiki.phpFpm.pool;
481 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
486 settings = phpbb.phpFpm.pool;
487 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
492 settings = ldap.phpFpm.pool;
493 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
498 settings = kanboard.phpFpm.pool;
499 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
504 settings = grocy'.phpFpm.pool;
505 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
509 system.activationScripts = {
510 grocy = grocy'.activationScript;
511 ttrss = ttrss.activationScript;
512 wallabag = wallabag.activationScript;
513 rompr = rompr.activationScript;
514 shaarli = shaarli.activationScript;
515 dokuwiki = dokuwiki.activationScript;
516 phpbb = phpbb.activationScript;
517 kanboard = kanboard.activationScript;
520 services.websites.env.tools.watchPaths = [
521 config.secrets.fullPaths."webapps/tools-shaarli"
523 services.filesWatcher.phpfpm-wallabag = {
525 paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
528 myServices.monitoring.fromMasterActivatedPlugins = lib.mkMerge [
529 ttrss.monitoringPlugins
530 rompr.monitoringPlugins
531 wallabag.monitoringPlugins
532 yourls.monitoringPlugins
533 ympd.monitoringPlugins
534 dokuwiki.monitoringPlugins
535 shaarli.monitoringPlugins
536 ldap.monitoringPlugins
537 adminer.monitoringPlugins
539 myServices.monitoring.fromMasterObjects = lib.mkMerge [
540 ttrss.monitoringObjects
541 rompr.monitoringObjects
542 wallabag.monitoringObjects
543 yourls.monitoringObjects
544 ympd.monitoringObjects
545 dokuwiki.monitoringObjects
546 shaarli.monitoringObjects
547 ldap.monitoringObjects
548 adminer.monitoringObjects