{ lib, pkgs, config, mylibs, ... }:
let
cfg = config.services.myWebsites;
in
{
imports = [
./websites/chloe.nix
./websites/ludivine.nix
./websites/aten.nix
./websites/piedsjaloux.nix
./websites/connexionswing.nix
];
options.services.myWebsites = {
production = {
enable = lib.mkEnableOption "enable websites in production";
};
integration = {
enable = lib.mkEnableOption "enable websites in integration";
};
apacheConfig = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule {
options = {
modules = lib.mkOption {
type = lib.types.listOf (lib.types.str);
default = [];
};
extraConfig = lib.mkOption {
type = lib.types.nullOr lib.types.lines;
default = null;
};
};
});
default = {};
description = "Extra global config";
};
};
config = {
services.myWebsites.Chloe.production.enable = cfg.production.enable;
services.myWebsites.Ludivine.production.enable = cfg.production.enable;
services.myWebsites.Aten.production.enable = cfg.production.enable;
services.myWebsites.PiedsJaloux.production.enable = cfg.production.enable;
services.myWebsites.Connexionswing.production.enable = cfg.production.enable;
services.myWebsites.Chloe.integration.enable = cfg.integration.enable;
services.myWebsites.Ludivine.integration.enable = cfg.integration.enable;
services.myWebsites.Aten.integration.enable = cfg.integration.enable;
services.myWebsites.PiedsJaloux.integration.enable = cfg.integration.enable;
services.myWebsites.Connexionswing.integration.enable = cfg.integration.enable;
services.myWebsites.apacheConfig = {
gzip = {
modules = [ "deflate" "filter" ];
extraConfig = ''
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
'';
};
macros = {
modules = [ "macro" ];
};
ldap = {
modules = [ "ldap" "authnz_ldap" ];
# FIXME: starttls
extraConfig = assert mylibs.checkEnv "NIXOPS_HTTP_LDAP_PASSWORD"; ''
LDAPSharedCacheSize 500000
LDAPCacheEntries 1024
LDAPCacheTTL 600
LDAPOpCacheEntries 1024
LDAPOpCacheTTL 600
AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu STARTTLS
AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu
AuthLDAPBindPassword "${builtins.getEnv "NIXOPS_HTTP_LDAP_PASSWORD"}"
AuthType Basic
AuthName "Authentification requise (Acces LDAP)"
AuthBasicProvider ldap
Alias /awstats /var/lib/goaccess/%{domain}
DirectoryIndex index.html
AllowOverride None
Require all granted
Use LDAPConnect
Require ldap-group cn=%{domain},ou=stats,cn=httpd,ou=services,dc=immae,dc=eu
'';
};
http2 = {
modules = [ "http2" ];
extraConfig = ''
Protocols h2 http/1.1
'';
};
customLog = {
extraConfig = ''
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedVhost
'';
};
};
};
}