Add surveillance for papa

[perso/Immae/Config/Nix.git] / nixops / modules / websites / ftp / papa.nix

diff --git a/nixops/modules/websites/ftp/papa.nix b/nixops/modules/websites/ftp/papa.nix
new file mode 100644 (file)
index 0000000..ca1aabe
--- /dev/null
+++ b/nixops/modules/websites/ftp/papa.nix
@@ -0,0 +1,55 @@
+{ lib, pkgs, config, myconfig, mylibs, ... }:
+let
+    cfg = config.services.myWebsites.Papa;
+    varDir = "/var/lib/ftp/papa";
+in {
+  options.services.myWebsites.Papa = {
+    production = {
+      enable = lib.mkEnableOption "enable Papa's website";
+    };
+  };
+
+  config = lib.mkIf cfg.production.enable {
+    security.acme.certs."ftp".extraDomains."surveillance.maison.bbc.bouya.org" = null;
+    security.acme.certs."papa" = config.services.myCertificates.certConfig // {
+      domain = "surveillance.maison.bbc.bouya.org";
+    };
+
+    services.cron = {
+      systemCronJobs = let
+        script = pkgs.writeScript "cleanup-papa" ''
+          #!${pkgs.stdenv.shell}
+          d=$(date -d "7 days ago" +%Y%m%d)
+          for i in /var/lib/ftp/papa/*/20[0-9][0-9][0-9][0-9][0-9][0-9]; do
+            if [ "$d" -gt $(basename $i) ]; then
+              rm -rf "$i"
+            fi
+          done
+          '';
+      in
+        [
+        ''
+          0 6 * * * wwwrun ${script}
+        ''
+      ];
+    };
+
+    services.myWebsites.production.vhostConfs.papa = {
+      certName    = "papa";
+      hosts       = [ "surveillance.maison.bbc.bouya.org" ];
+      root        = varDir;
+      extraConfig = [
+        ''
+        Use Apaxy "${varDir}" "title .duplicity-ignore"
+        <Directory ${varDir}>
+          Use LDAPConnect
+          Options Indexes
+          AllowOverride None
+          Require ldap-group   cn=surveillance.maison.bbc.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
+        </Directory>
+          ''
+      ];
+    };
+  };
+}
+