Move personal websites to modules

[perso/Immae/Config/Nix.git] / modules / private / websites / papa / surveillance.nix

diff --git a/modules/private/websites/papa/surveillance.nix b/modules/private/websites/papa/surveillance.nix
new file mode 100644 (file)
index 0000000..8e7cd9d
--- /dev/null
+++ b/modules/private/websites/papa/surveillance.nix
@@ -0,0 +1,49 @@
+{ lib, pkgs, config, myconfig,  ... }:
+let
+  cfg = config.myServices.websites.papa.surveillance;
+  varDir = "/var/lib/ftp/papa";
+in {
+  options.myServices.websites.papa.surveillance.enable = lib.mkEnableOption "enable Papa surveillance's website";
+
+  config = lib.mkIf cfg.enable {
+    security.acme.certs."ftp".extraDomains."surveillance.maison.bbc.bouya.org" = null;
+
+    services.cron = {
+      systemCronJobs = let
+        script = pkgs.writeScript "cleanup-papa" ''
+          #!${pkgs.stdenv.shell}
+          d=$(date -d "7 days ago" +%Y%m%d)
+          for i in /var/lib/ftp/papa/*/20[0-9][0-9][0-9][0-9][0-9][0-9]; do
+            if [ "$d" -gt $(basename $i) ]; then
+              rm -rf "$i"
+            fi
+          done
+          '';
+      in
+        [
+        ''
+          0 6 * * * wwwrun ${script}
+        ''
+      ];
+    };
+
+    services.websites.production.vhostConfs.papa = {
+      certName     = "papa";
+      certMainHost = "surveillance.maison.bbc.bouya.org";
+      hosts        = [ "surveillance.maison.bbc.bouya.org" ];
+      root         = varDir;
+      extraConfig  = [
+        ''
+        Use Apaxy "${varDir}" "title .duplicity-ignore"
+        <Directory ${varDir}>
+          Use LDAPConnect
+          Options Indexes
+          AllowOverride None
+          Require ldap-group   cn=surveillance.maison.bbc.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
+        </Directory>
+          ''
+      ];
+    };
+  };
+}
+