-{ lib, pkgs, config, myconfig, ... }:
+{ lib, pkgs, config, ... }:
let
cfg = config.myServices.websites.immae.temp;
- varDir = "/var/lib/ftp/temp.immae.eu";
- env = myconfig.env.websites.temp;
+ varDir = "/var/lib/immae_temp";
+ env = config.myEnv.websites.immae.temp;
in {
options.myServices.websites.immae.temp.enable = lib.mkEnableOption "enable Temp' website";
config = lib.mkIf cfg.enable {
- services.websites.production.modules = [ "headers" ];
- services.websites.production.vhostConfs.temp = {
- certName = "eldiron";
+ services.duplyBackup.profiles.immae_temp.rootDir = varDir;
+ services.duplyBackup.profiles.immae_temp_surfer.rootDir = "/var/lib/surfer";
+ services.websites.env.production.vhostConfs.immae_temp = {
+ certName = "immae";
addToCerts = true;
hosts = [ "temp.immae.eu" ];
- root = varDir;
- extraConfig = [
- ''
- Use Apaxy "${varDir}" "title .duplicity-ignore"
- <FilesMatch ".+">
- Header set Content-Disposition attachment
- </FilesMatch>
- <Directory "${varDir}">
- Options -Indexes
+ root = null;
+ extraConfig = [ ''
+ ProxyVia On
+ ProxyRequests Off
+ ProxyPreserveHost On
+ ProxyPass / unix:///run/surfer/listen.sock|http://temp.immae.eu/
+ ProxyPassReverse / unix:///run/surfer/listen.sock|http://temp.immae.eu/
+ <Proxy *>
+ Options FollowSymLinks MultiViews
AllowOverride None
Require all granted
- </Directory>
+ </Proxy>
+ '' ];
+ };
+
+ secrets.keys = [
+ {
+ dest = "webapps/surfer";
+ permissions = "0400";
+ user = "wwwrun";
+ group = "wwwrun";
+ text = ''
+ CLOUDRON_LDAP_URL=ldaps://${env.ldap.host}
+ CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
+ TOKENSTORE_FILE=/var/lib/surfer/tokens.json
+ CLOUDRON_LDAP_BIND_DN=${env.ldap.dn}
+ CLOUDRON_LDAP_BIND_PASSWORD=${env.ldap.password}
+ CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
+ CLOUDRON_LDAP_FILTER="${env.ldap.filter}"
+ LISTEN=/run/surfer/listen.sock
+ '';
+ }
+ ];
+
+ systemd.services.surfer = {
+ description = "Surfer";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" ];
- <DirectoryMatch "${varDir}/(.+)">
- Options Indexes
- </DirectoryMatch>
- ''
- ];
+ script = ''
+ exec ${pkgs.webapps.surfer}/bin/surfer-server ${varDir}
+ '';
+ serviceConfig = {
+ EnvironmentFile = "/var/secrets/webapps/surfer";
+ User = "wwwrun";
+ Group = "wwwrun";
+ StateDirectory = "surfer";
+ RuntimeDirectory = "surfer";
+ Type = "simple";
+ };
};
};
}