]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - virtual/eldiron.nix
projects / perso / Immae / Config / Nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add ympd
[perso/Immae/Config/Nix.git] / virtual / eldiron.nix
diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix
index 768de84c63e173bfdaea6d12e45c76763d63b306..160595d0cc08ab16c52be6c699c8b304bc1b9fc7 100644 (file)
--- a/virtual/eldiron.nix
+++ b/virtual/eldiron.nix
@@ -41,12 +41,19 @@
         webroot = "/var/lib/acme/acme-challenge";
         email = "ismael@bouya.org";
         domain = "eldiron.immae.eu";
+        plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ];
+        postRun = ''
+          "systemctl reload httpd.service"
+        '';
         extraDomains = {
           "db-1.immae.eu" = null;
+          "tools.immae.eu" = null;
         };
       };
     };
 
+    services.ympd = mypkgs.ympd.config // { enable = true; };
+
     # FIXME: open_basedir
     services.phpfpm = {
       extraConfig = ''
@@ -83,7 +90,30 @@
       adminAddr = "httpd@immae.eu";
       extraModules = [
         "proxy_fcgi" # for PHP
+        "macro"
+        "ldap"
+        "authnz_ldap"
       ];
+      extraConfig = ''
+        <IfModule ldap_module>
+          LDAPSharedCacheSize 500000
+          LDAPCacheEntries 1024
+          LDAPCacheTTL 600
+          LDAPOpCacheEntries 1024
+          LDAPOpCacheTTL 600
+        </IfModule>
+
+        <Macro LDAPConnect>
+          <IfModule authnz_ldap_module>
+            AuthLDAPURL          ldap://ldap.immae.eu:389/dc=immae,dc=eu
+            AuthLDAPBindDN       cn=httpd,ou=services,dc=immae,dc=eu
+            AuthLDAPBindPassword "${builtins.getEnv "NIXOPS_HTTP_LDAP_PASSWORD"}"
+            AuthType             Basic
+            AuthName             "Authentification requise (Acces LDAP)"
+            AuthBasicProvider    ldap
+          </IfModule>
+        </Macro>
+        '';
       virtualHosts = [
         (withSSL "eldiron" // {
           listen = [ { ip = "*"; port = 443; } ];
@@ -96,7 +126,16 @@
           hostName = "db-1.immae.eu";
           documentRoot = null;
           extraConfig = builtins.concatStringsSep "\n" [
-            mypkgs.adminer.apacheConf
+            mypkgs.adminer.apache.vhostConf
+          ];
+        })
+        (withSSL "eldiron" // {
+          listen = [ { ip = "*"; port = 443; } ];
+          hostName = "tools.immae.eu";
+          documentRoot = null;
+          extraConfig = builtins.concatStringsSep "\n" [
+            mypkgs.adminer.apache.vhostConf
+            mypkgs.ympd.apache.vhostConf
           ];
         })
         { # Should go last, default fallback
My infrastructure configuration