-{ lib, pkgs, config, ... }:
+{ lib, pkgs, config, flakes, ... }:
let
- adminer = pkgs.callPackage ./adminer.nix {
- inherit (pkgs.webapps) adminer;
- };
+ adminer = pkgs.callPackage ./adminer.nix {};
ympd = pkgs.callPackage ./ympd.nix {
env = config.myEnv.tools.ympd;
};
inherit (pkgs.webapps) ttrss ttrss-plugins;
env = config.myEnv.tools.ttrss;
php = pkgs.php72;
+ inherit config;
};
kanboard = pkgs.callPackage ./kanboard.nix {
+ inherit config;
env = config.myEnv.tools.kanboard;
};
wallabag = pkgs.callPackage ./wallabag.nix {
};
};
env = config.myEnv.tools.wallabag;
+ inherit config;
};
yourls = pkgs.callPackage ./yourls.nix {
inherit (pkgs.webapps) yourls yourls-plugins;
env = config.myEnv.tools.yourls;
+ inherit config;
};
rompr = pkgs.callPackage ./rompr.nix {
inherit (pkgs.webapps) rompr;
};
shaarli = pkgs.callPackage ./shaarli.nix {
env = config.myEnv.tools.shaarli;
+ inherit config;
};
dokuwiki = pkgs.callPackage ./dokuwiki.nix {
inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
ldap = pkgs.callPackage ./ldap.nix {
inherit (pkgs.webapps) phpldapadmin;
env = config.myEnv.tools.phpldapadmin;
+ inherit config;
};
grocy = pkgs.callPackage ./grocy.nix {
- grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
+ grocy = flakes.subflakes.public.grocy.defaultPackage.x86_64-linux.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
};
phpbb = pkgs.callPackage ./phpbb.nix {
phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
e.empteintesduweb.monitoranswers e.lr94.autosubscribe
e.phpbbmodders.adduser ]);
};
+ webhooks-bin-env = pkgs.buildEnv {
+ name = "webhook-env";
+ paths = [ pkgs.apprise ];
+ pathsToLink = [ "/bin" ];
+ };
webhooks = pkgs.callPackage ./webhooks.nix {
env = config.myEnv.tools.webhooks;
+ binEnv = webhooks-bin-env;
};
dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
env = config.myEnv.tools.dmarc_reports;
- };
- csp-reports = pkgs.callPackage ./csp_reports.nix {
- env = config.myEnv.tools.csp_reports;
+ inherit config;
};
landing = pkgs.callPackage ./landing.nix {};
cfg = config.myServices.websites.tools.tools;
pcfg = config.services.phpfpm.pools;
in {
+ imports =
+ builtins.attrValues flakes.subflakes.private.paste.nixosModules;
+
options.myServices.websites.tools.tools = {
enable = lib.mkEnableOption "enable tools website";
};
config = lib.mkIf cfg.enable {
+ myServices.chatonsProperties.services = {
+ dokuwiki = dokuwiki.chatonsProperties;
+ shaarli = shaarli.chatonsProperties;
+ ttrss = ttrss.chatonsProperties;
+ wallabag = wallabag.chatonsProperties;
+ paste = {
+ file.datetime = "2022-08-22T00:15:00";
+ service = {
+ name = "Paste";
+ description = "A simple paster script with syntax highlight";
+ website = "https://tools.immae.eu/paste/";
+ logo = "https://assets.immae.eu/logo.jpg";
+ status.level = "OK";
+ status.description = "OK";
+ registration."" = ["MEMBER" "CLIENT"];
+ registration.load = "OPEN";
+ install.type = "PACKAGE";
+ guide.user = "https://tools.immae.eu/paste/";
+ };
+ software = {
+ name = "Paste";
+ website = "https://tools.immae.eu/paste/";
+ license.url = "https://tools.immae.eu/paste/license";
+ license.name = "MIT License";
+ version = "Unversioned";
+ source.url = "https://tools.immae.eu/paste/abcd123/py";
+ };
+ };
+ };
+ myServices.chatonsProperties.hostings = {
+ dokuwiki = dokuwiki.chatonsHostingProperties;
+ phpbb = phpbb.chatonsHostingProperties;
+ };
secrets.keys =
kanboard.keys
- ++ ldap.keys
- ++ shaarli.keys
- ++ ttrss.keys
- ++ wallabag.keys
- ++ yourls.keys
- ++ dmarc-reports.keys
- ++ csp-reports.keys
- ++ webhooks.keys;
-
- services.duplyBackup.profiles = {
- dokuwiki = dokuwiki.backups;
- grocy = grocy.backups;
- kanboard = kanboard.backups;
- rompr = rompr.backups;
- shaarli = shaarli.backups;
- ttrss = ttrss.backups;
- wallabag = wallabag.backups;
- phpbb = phpbb.backups;
- };
+ // ldap.keys
+ // shaarli.keys
+ // ttrss.keys
+ // wallabag.keys
+ // yourls.keys
+ // dmarc-reports.keys
+ // webhooks.keys;
services.websites.env.tools.modules =
[ "proxy_fcgi" ]
services.websites.env.integration.vhostConfs.devtools = {
certName = "integration";
- certMainHost = "devtools.immae.eu";
+ certMainHost = "tools.immae.dev";
addToCerts = true;
- hosts = [ "devtools.immae.eu" ];
- root = "/var/lib/ftp/devtools.immae.eu";
+ hosts = [ "tools.immae.dev" ];
+ root = "/var/lib/ftp/immae/devtools";
extraConfig = [
''
+ Use Apaxy "/var/lib/ftp/immae/devtools" "title"
Timeout 600
ProxyTimeout 600
Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
- <Directory "/var/lib/ftp/devtools.immae.eu">
+ <Directory "/var/lib/ftp/immae/devtools">
DirectoryIndex index.php index.htm index.html
AllowOverride all
Require all granted
(phpbb.apache.vhostConf pcfg.phpbb.socket)
(dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
''
- Alias /paste /var/lib/fiche
- <Directory "/var/lib/fiche">
- DirectoryIndex index.txt index.html
- AllowOverride None
- Require all granted
- Options -Indexes
- </Directory>
+ <Location "/paste/">
+ ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
+ ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
+ ProxyPreserveHost on
+ </Location>
+ <Location "/paste">
+ ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
+ ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
+ ProxyPreserveHost on
+ </Location>
+
+ <Location "/ntfy/">
+ SetEnv proxy-nokeepalive 1
+ SetEnv proxy-sendchunked 1
+ LimitRequestBody 102400
+
+ RewriteEngine On
+ # FIXME: why is landing prefixed in the url?
+ RewriteCond %{HTTP:Upgrade} websocket [NC]
+ RewriteCond %{HTTP:Connection} upgrade [NC]
+ RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|ws://tools.immae.eu/$2 [P,NE,QSA,L]
+
+ RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|http://tools.immae.eu/$2 [P,NE,QSA,L]
+ </Location>
Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
<Directory "/var/lib/buildbot/outputs/immae/bip39">
DirectoryIndex index.html
Require all granted
</Directory>
- Alias /webhooks ${config.secrets.location}/webapps/webhooks
- <Directory "${config.secrets.location}/webapps/webhooks">
+ Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
+ <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
Options -Indexes
+ DirectoryIndex index.php
Require all granted
AllowOverride None
<FilesMatch "\.php$">
after = lib.mkAfter yourls.phpFpm.serviceDeps;
wants = yourls.phpFpm.serviceDeps;
};
+ ntfy = {
+ description = "send push notifications to your phone or desktop via scripts from any computer";
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ ExecStart = "${pkgs.ntfy-sh}/bin/ntfy serve --listen-http '' --listen-unix %t/ntfy/ntfy.sock --cache-file %S/ntfy/cache.db --cache-duration 120h --behind-proxy --attachment-cache-dir %S/ntfy/attachments --base-url https://tools.immae.eu/ntfy";
+ Type = "simple";
+ WorkingDirectory = "%S/ntfy";
+ RuntimeDirectory = "ntfy";
+ StateDirectory = "ntfy";
+ User = "wwwrun";
+ };
+ };
ympd = {
description = "Standalone MPD Web GUI written in C";
wantedBy = [ "multi-user.target" ];
script = ''
- export MPD_PASSWORD=$(cat /var/secrets/mpd)
+ export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
'';
};
services.filesWatcher.ympd = {
restart = true;
- paths = [ "/var/secrets/mpd" ];
+ paths = [ config.secrets.fullPaths."mpd" ];
};
services.phpfpm.pools = {
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "10";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Tools:'";
# Needed to avoid clashes in browser cookies (same domain)
"php_value[session.name]" = "ToolsPHPSESSID";
"php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
"/run/wrappers/bin/sendmail" landing "/tmp"
- "${config.secrets.location}/webapps/webhooks"
+ config.secrets.fullPaths."webapps/webhooks"
+ "${webhooks-bin-env}/bin"
];
- "include" = "${config.secrets.location}/webapps/tools-csp-reports.conf";
};
phpEnv = {
CONTACT_EMAIL = config.myEnv.tools.contact;
};
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]);
};
devtools = {
user = "wwwrun";
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "10";
- "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Devtools:'";
+ "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
};
- phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.sqlite3 all.redis all.apcu all.opcache ]);
};
adminer = adminer.phpFpm;
ttrss = {
user = "wwwrun";
group = "wwwrun";
settings = ttrss.phpFpm.pool;
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
wallabag = {
user = "wwwrun";
group = "wwwrun";
settings = wallabag.phpFpm.pool;
- phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
+ phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy all.redis]);
};
yourls = {
user = "wwwrun";
group = "wwwrun";
settings = yourls.phpFpm.pool;
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
rompr = {
user = "wwwrun";
group = "wwwrun";
settings = rompr.phpFpm.pool;
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
shaarli = {
user = "wwwrun";
group = "wwwrun";
settings = shaarli.phpFpm.pool;
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
dmarc-reports = {
user = "wwwrun";
group = "wwwrun";
settings = dmarc-reports.phpFpm.pool;
phpEnv = dmarc-reports.phpFpm.phpEnv;
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
dokuwiki = {
user = "wwwrun";
group = "wwwrun";
settings = dokuwiki.phpFpm.pool;
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
phpbb = {
user = "wwwrun";
group = "wwwrun";
settings = phpbb.phpFpm.pool;
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
ldap = {
user = "wwwrun";
group = "wwwrun";
settings = ldap.phpFpm.pool;
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
kanboard = {
user = "wwwrun";
group = "wwwrun";
settings = kanboard.phpFpm.pool;
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
grocy = {
user = "wwwrun";
group = "wwwrun";
settings = grocy.phpFpm.pool;
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
};
system.activationScripts = {
- adminer = adminer.activationScript;
grocy = grocy.activationScript;
ttrss = ttrss.activationScript;
wallabag = wallabag.activationScript;
- yourls = yourls.activationScript;
rompr = rompr.activationScript;
shaarli = shaarli.activationScript;
dokuwiki = dokuwiki.activationScript;
phpbb = phpbb.activationScript;
kanboard = kanboard.activationScript;
- ldap = ldap.activationScript;
- };
-
- services.websites.webappDirs = {
- _adminer = adminer.webRoot;
- "${dmarc-reports.apache.webappName}" = dmarc-reports.webRoot;
- "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
- "${phpbb.apache.webappName}" = phpbb.webRoot;
- "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
- "${rompr.apache.webappName}" = rompr.webRoot;
- "${shaarli.apache.webappName}" = shaarli.webRoot;
- "${ttrss.apache.webappName}" = ttrss.webRoot;
- "${wallabag.apache.webappName}" = wallabag.webRoot;
- "${yourls.apache.webappName}" = yourls.webRoot;
- "${kanboard.apache.webappName}" = kanboard.webRoot;
- "${grocy.apache.webappName}" = grocy.webRoot;
};
services.websites.env.tools.watchPaths = [
- "/var/secrets/webapps/tools-shaarli"
+ config.secrets.fullPaths."webapps/tools-shaarli"
];
services.filesWatcher.phpfpm-wallabag = {
restart = true;
- paths = [ "/var/secrets/webapps/tools-wallabag" ];
+ paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
};
- services.fiche = {
- enable = true;
- port = config.myEnv.ports.fiche;
- domain = "tools.immae.eu/paste";
- https = true;
- };
};
}
projects / perso / Immae / Config / Nix.git / blobdiff