./aten
./piedsjaloux
./connexionswing
+ ./tellesflorian
+ ./tools/db
+ ./tools/tools
+ ./tools/dav
+ ./tools/cloud
+ ./tools/git
+ ./tools/mastodon
+ ./tools/mediagoblin
# built using:
# sed -e "s/services\.httpd/services\.httpdProd/g" .nix-defexpr/channels/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix
+ # Removed allGranted
# And removed users / groups
./apache/httpd_prod.nix
./apache/httpd_inte.nix
+ # except for this one for users/groups
+ ./apache/httpd_tools.nix
+ # Adapted from base phpfpm
+ ./phpfpm
];
options.services.myWebsites = {
phpPackages = oldpkgs.php72Packages.override { inherit php; };
};
+ services.myWebsites.tools.databases.enable = true;
+ services.myWebsites.tools.tools.enable = true;
+ services.myWebsites.tools.dav.enable = true;
+ services.myWebsites.tools.cloud.enable = true;
+ services.myWebsites.tools.git.enable = true;
+ services.myWebsites.tools.mastodon.enable = true;
+ services.myWebsites.tools.mediagoblin.enable = true;
+
services.myWebsites.Chloe.production.enable = cfg.production.enable;
services.myWebsites.Ludivine.production.enable = cfg.production.enable;
services.myWebsites.Aten.production.enable = cfg.production.enable;
services.myWebsites.Aten.integration.enable = cfg.integration.enable;
services.myWebsites.PiedsJaloux.integration.enable = cfg.integration.enable;
services.myWebsites.Connexionswing.integration.enable = cfg.integration.enable;
+ services.myWebsites.TellesFlorian.integration.enable = true;
services.myWebsites.apacheConfig = {
gzip = {
Require ldap-group cn=%{domain},ou=stats,cn=httpd,ou=services,dc=immae,dc=eu
</Location>
</Macro>
+
+ ErrorDocument 500 /maintenance_immae.html
+ ErrorDocument 501 /maintenance_immae.html
+ ErrorDocument 502 /maintenance_immae.html
+ ErrorDocument 503 /maintenance_immae.html
+ ErrorDocument 504 /maintenance_immae.html
+ Alias /maintenance_immae.html ${../../www}/maintenance_immae.html
+ ProxyPass /maintenance_immae.html !
+
+ AliasMatch "(.*)/googleb6d69446ff4ca3e5.html" ${../../www}/googleb6d69446ff4ca3e5.html
'';
};
http2 = {
};
};
+ system.activationScripts = {
+ httpd = ''
+ install -d -m 0755 /var/lib/acme/acme-challenge
+ install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions
+ install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/adminer
+ install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/mantisbt
+ install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/davical
+ '';
+ };
+
+ services.myPhpfpm = {
+ phpPackage = pkgs.php;
+ phpOptions = ''
+ session.save_path = "/var/lib/php/sessions"
+ session.gc_maxlifetime = 60*60*24*15
+ session.cache_expire = 60*24*30
+ '';
+ extraConfig = ''
+ log_level = notice
+ '';
+ };
+
# FIXME: logrotate
# FIXME: ipv6
services.httpdProd = makeService "production" config.services.myWebsites.production;
services.myWebsites.integration.modules = pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig);
services.myWebsites.integration.extraConfig = (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig));
- services.httpd = makeService "tools" config.services.myWebsites.tools;
- services.myWebsites.tools.modules =
- mypkgs.adminer.apache.modules ++
- mypkgs.nextcloud.apache.modules ++
- mypkgs.ympd.apache.modules ++
- mypkgs.mantisbt.apache.modules ++
- mypkgs.ttrss.apache.modules ++
- mypkgs.roundcubemail.apache.modules ++
- pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig);
- services.myWebsites.tools.extraConfig = (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig));
- # FIXME: move them all to separate modules
- services.myWebsites.tools.vhostConfs.eldiron = {
- certName = "eldiron";
- hosts = ["eldiron.immae.eu" ];
- root = ../../www;
- extraConfig = [ "DirectoryIndex index.htm" ];
- };
- services.myWebsites.tools.vhostConfs.db-1 = {
- certName = "eldiron";
- hosts = ["db-1.immae.eu" ];
- root = null;
- extraConfig = [ mypkgs.adminer.apache.vhostConf ];
- };
- services.myWebsites.tools.vhostConfs.tools = {
- certName = "eldiron";
- hosts = ["tools.immae.eu" ];
- root = null;
- extraConfig = [
- mypkgs.adminer.apache.vhostConf
- mypkgs.ympd.apache.vhostConf
- mypkgs.ttrss.apache.vhostConf
- mypkgs.roundcubemail.apache.vhostConf
- ];
- };
- services.myWebsites.tools.vhostConfs.dav = {
- certName = "eldiron";
- hosts = ["dav.immae.eu" ];
- root = null;
- extraConfig = [
- mypkgs.infcloud.apache.vhostConf
- mypkgs.davical.apache.vhostConf
- ];
- };
- services.myWebsites.tools.vhostConfs.cloud = {
- certName = "eldiron";
- hosts = ["cloud.immae.eu" ];
- root = mypkgs.nextcloud.webRoot;
- extraConfig = [
- mypkgs.nextcloud.apache.vhostConf
- ];
- };
- services.myWebsites.tools.vhostConfs.git.extraConfig = [
- mypkgs.mantisbt.apache.vhostConf
+ services.httpdTools = makeService "tools" config.services.myWebsites.tools;
+ services.myWebsites.tools.modules = pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig);
+ services.myWebsites.tools.extraConfig = (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig)) ++
+ [ ''
+ RedirectMatch ^/licen[cs]es?_et_tip(ping)?$ https://www.immae.eu/licences_et_tip.html
+ RedirectMatch ^/licen[cs]es?_and_tip(ping)?$ https://www.immae.eu/licenses_and_tipping.html
+ RedirectMatch ^/licen[cs]es?$ https://www.immae.eu/licenses_and_tipping.html
+ RedirectMatch ^/tip(ping)?$ https://www.immae.eu/licenses_and_tipping.html
+ RedirectMatch ^/(mentions|mentions_legales|legal)$ https://www.immae.eu/mentions.html
+ RedirectMatch ^/CGU$ https://www.immae.eu/CGU
''
- RewriteEngine on
- RewriteCond %{REQUEST_URI} ^/releases
- RewriteRule /releases(.*) https://release.immae.eu$1 [P,L]
- ''
- ];
+ ]
+ ;
};
}