X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Fdefault.nix;h=2fdd18f8350b4524efe4ad8d1085bdab8d546680;hb=cc0ec972ee21b296ca382939350605cb2483aefd;hp=e2bcef5269aac642ca39ecb4dff7ffe1134e4a8a;hpb=6a8252b11bb02f3e67857d5a9d733b1affa6a625;p=perso%2FImmae%2FConfig%2FNix.git
diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix
index e2bcef5..2fdd18f 100644
--- a/modules/private/websites/default.nix
+++ b/modules/private/websites/default.nix
@@ -1,8 +1,21 @@
-{ lib, pkgs, config, myconfig, ... }:
+{ lib, pkgs, config, ... }:
let
- www_root = "/run/current-system/webapps/_www";
- theme_root = "/run/current-system/webapps/_theme";
+ www_root = ./_www;
+ theme_root = (pkgs.webapps.apache-theme {}).theme;
apacheConfig = {
+ cache = {
+ # This setting permits to ignore time-based cache for files in the
+ # nix store:
+ # If a client requires an If-Modified-Since from timestamp 1, then
+ # this header is removed, and if the response contains a
+ # too old Last-Modified tag, then it is removed too
+ extraConfig = ''
+
+ RequestHeader unset If-Modified-Since
+
+ Header unset Last-Modified "expr=%{LAST_MODIFIED} < 19991231235959"
+ '';
+ };
gzip = {
modules = [ "deflate" "filter" ];
extraConfig = ''
@@ -39,14 +52,28 @@ let
LDAPOpCacheTTL 600
- Include /var/secrets/apache-ldap
+ Include ${config.secrets.fullPaths."apache-ldap"}
'';
};
global = {
- extraConfig = (pkgs.webapps.apache-default.override { inherit www_root;}).apacheConfig;
+ extraConfig = ''
+ ErrorDocument 500 /maintenance_immae.html
+ ErrorDocument 501 /maintenance_immae.html
+ ErrorDocument 502 /maintenance_immae.html
+ ErrorDocument 503 /maintenance_immae.html
+ ErrorDocument 504 /maintenance_immae.html
+ Alias /maintenance_immae.html ${www_root}/maintenance_immae.html
+ ProxyPass /maintenance_immae.html !
+
+ AliasMatch "(.*)/googleb6d69446ff4ca3e5.html" ${www_root}/googleb6d69446ff4ca3e5.html
+
+ AllowOverride None
+ Require all granted
+
+ '';
};
apaxy = {
- extraConfig = (pkgs.webapps.apache-theme.override { inherit theme_root; }).apacheConfig;
+ extraConfig = (pkgs.webapps.apache-theme { inherit theme_root; }).apacheConfig;
};
http2 = {
modules = [ "http2" ];
@@ -62,46 +89,44 @@ let
};
makeModules = lib.lists.flatten (lib.attrsets.mapAttrsToList (n: v: v.modules or []) apacheConfig);
makeExtraConfig = (builtins.filter (x: x != null) (lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) apacheConfig));
+ moomin = let
+ lines = lib.splitString "\n" (lib.fileContents ./moomin.txt);
+ pad = width: str: let
+ padWidth = width - lib.stringLength str;
+ padding = lib.concatStrings (lib.genList (lib.const "0") padWidth);
+ in lib.optionalString (padWidth > 0) padding + str;
+ in
+ lib.imap0 (i: e: ''Header always set "X-Moomin-${pad 2 (builtins.toString i)}" "${e}"'') lines;
in
{
- options.myServices.websites.webappDirs = lib.mkOption {
- type = lib.types.attrsOf lib.types.path;
- description = ''
- Webapp paths to create in /run/current-system/webapps
- '';
- default = {};
- };
+ options.myServices.websites.enable = lib.mkEnableOption "enable websites";
- config = {
- services.backup.profiles.php = {
- rootDir = "/var/lib/php";
+ config = lib.mkIf config.myServices.websites.enable {
+ myServices.chatonsProperties.hostings.web = {
+ file.datetime = "2022-08-22T01:30:00";
+ hosting = {
+ name = "Hébergement Web";
+ description = "Service d'hébergement web avec php/mysql/postgresql";
+ website = "https://www.immae.eu";
+ status.level = "OK";
+ status.description = "OK";
+ registration.load = "OPEN";
+ install.type = "PACKAGE";
+ };
+ software = {
+ name = "Apache Httpd";
+ website = "https://httpd.apache.org/";
+ license.url = "https://www.apache.org/licenses/";
+ license.name = "Apache License Version 2";
+ version = pkgs.apacheHttpd.version;
+ source.url = "https://httpd.apache.org/download.cgi";
+ modules = "openssh,pure-ftpd";
+ };
};
users.users.wwwrun.extraGroups = [ "keys" ];
networking.firewall.allowedTCPPorts = [ 80 443 ];
- nixpkgs.overlays = [ (self: super: rec {
- #openssl = self.openssl_1_1;
- php = php72;
- php72 = (super.php72.override {
- mysql.connector-c = self.mariadb;
- config.php.mysqlnd = false;
- config.php.mysqli = false;
- }).overrideAttrs(old: rec {
- # Didn't manage to build with mysqli + mysql_config connector
- configureFlags = old.configureFlags ++ [
- "--with-mysqli=shared,mysqlnd"
- ];
- # preConfigure = (old.preConfigure or "") + ''
- # export CPPFLAGS="$CPPFLAGS -I${pkgs.mariadb}/include/mysql/server";
- # sed -i -e 's/#include "mysqli_priv.h"/#include "mysqli_priv.h"\n#include /' \
- # ext/mysqli/mysqli.c ext/mysqli/mysqli_prop.c
- # '';
- });
- phpPackages = super.php72Packages.override { inherit php; };
- }) ];
-
- secrets.keys = [{
- dest = "apache-ldap";
+ secrets.keys."apache-ldap" = {
user = "wwwrun";
group = "wwwrun";
permissions = "0400";
@@ -110,24 +135,23 @@ in
AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu STARTTLS
AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu
- AuthLDAPBindPassword "${myconfig.env.httpd.ldap.password}"
+ AuthLDAPBindPassword "${config.myEnv.httpd.ldap.password}"
AuthType Basic
AuthName "Authentification requise (Acces LDAP)"
AuthBasicProvider ldap
'';
- }];
+ };
system.activationScripts = {
httpd = ''
- install -d -m 0755 ${config.security.acme.directory}/acme-challenge
+ install -d -m 0755 /var/lib/acme/acme-challenges
install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions
'';
};
services.phpfpm = {
- phpPackage = pkgs.php;
phpOptions = ''
session.save_path = "/var/lib/php/sessions"
post_max_size = 20M
@@ -136,22 +160,22 @@ in
; 30 days (minutes)
session.cache_expire = 43200
'';
- extraConfig = ''
- log_level = notice
- '';
+ settings = {
+ log_level = "notice";
+ };
};
- services.filesWatcher.httpdProd.paths = [ "/var/secrets/apache-ldap" ];
- services.filesWatcher.httpdInte.paths = [ "/var/secrets/apache-ldap" ];
- services.filesWatcher.httpdTools.paths = [ "/var/secrets/apache-ldap" ];
+ services.filesWatcher.httpdProd.paths = [ config.secrets.fullPaths."apache-ldap" ];
+ services.filesWatcher.httpdInte.paths = [ config.secrets.fullPaths."apache-ldap" ];
+ services.filesWatcher.httpdTools.paths = [ config.secrets.fullPaths."apache-ldap" ];
services.websites.env.production = {
enable = true;
adminAddr = "httpd@immae.eu";
httpdName = "Prod";
ips =
- let ips = myconfig.env.servers.eldiron.ips.production;
- in [ips.ip4] ++ (ips.ip6 or []);
+ let ips = config.myEnv.servers.eldiron.ips.production;
+ in (ips.ip4 or []) ++ (ips.ip6 or []);
modules = makeModules;
extraConfig = makeExtraConfig;
fallbackVhost = {
@@ -167,12 +191,12 @@ in
adminAddr = "httpd@immae.eu";
httpdName = "Inte";
ips =
- let ips = myconfig.env.servers.eldiron.ips.integration;
- in [ips.ip4] ++ (ips.ip6 or []);
+ let ips = config.myEnv.servers.eldiron.ips.integration;
+ in (ips.ip4 or []) ++ (ips.ip6 or []);
modules = makeModules;
- extraConfig = makeExtraConfig;
+ extraConfig = makeExtraConfig ++ moomin;
fallbackVhost = {
- certName = "eldiron";
+ certName = "integration";
hosts = ["eldiron.immae.eu" ];
root = www_root;
extraConfig = [ "DirectoryIndex index.htm" ];
@@ -184,8 +208,8 @@ in
adminAddr = "httpd@immae.eu";
httpdName = "Tools";
ips =
- let ips = myconfig.env.servers.eldiron.ips.main;
- in [ips.ip4] ++ (ips.ip6 or []);
+ let ips = config.myEnv.servers.eldiron.ips.main;
+ in (ips.ip4 or []) ++ (ips.ip6 or []);
modules = makeModules;
extraConfig = makeExtraConfig ++
[ ''
@@ -209,56 +233,127 @@ in
};
};
- system.extraSystemBuilderCmds = lib.mkIf (builtins.length (builtins.attrValues config.myServices.websites.webappDirs) > 0) ''
- mkdir -p $out/webapps
- ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (name: path: "ln -s ${path} $out/webapps/${name}") config.myServices.websites.webappDirs)}
- '';
-
+ myServices.tools.kanboard.farm.instances.tonnelle = {};
+ myServices.tools.kanboard.farm.instances.gebull = {};
myServices.websites = {
- webappDirs = {
- _www = pkgs.webapps.apache-default.www;
- _theme = pkgs.webapps.apache-theme.theme;
+ attilax.dolibarr.enable = true;
+
+ bakeer.cloud.enable = true;
+ capitaines.landing_pages.enable = true;
+
+ chloe = {
+ new.enable = true;
+ production.enable = true;
+ };
+
+ christophe_carpentier = {
+ website.enable = true;
+ agorakit.enable = true;
+ agora-project.enable = true;
+ ateliersduchangement.enable = true;
};
- aten.integration.enable = true;
- aten.production.enable = true;
+ cip-ca = {
+ sympa.enable = true;
+ };
- capitaines.production.enable = true;
+ connexionswing = {
+ integration.enable = true;
+ production.enable = true;
+ };
- chloe.integration.enable = true;
- chloe.production.enable = true;
+ denise = {
+ evariste.enable = true;
+ denisejerome.enable = true;
+ oms.enable = true;
+ bingo.enable = true;
+ aventuriers.enable = true;
+ production.enable = true;
+ };
- connexionswing.integration.enable = true;
- connexionswing.production.enable = true;
+ emilia = {
+ moodle.enable = false;
+ atelierfringant.enable = false;
+ };
- denisejerome.production.enable = true;
+ florian = {
+ app.enable = true;
+ integration.enable = true;
+ production.enable = true;
+ };
- emilia.production.enable = true;
+ immae = {
+ production.enable = true;
+ release.enable = true;
+ temp.enable = true;
+ dolibarr.enable = true;
+ };
- florian.app.enable = true;
- florian.integration.enable = true;
- florian.production.enable = true;
+ isabelle = {
+ aten_integration.enable = true;
+ aten_production.enable = true;
+ iridologie.enable = true;
+ };
- immae.production.enable = true;
- immae.release.enable = true;
- immae.temp.enable = true;
+ jerome.naturaloutil.enable = true;
leila.production.enable = true;
- ludivinecassal.integration.enable = true;
- ludivinecassal.production.enable = true;
+ librezo = {
+ cloud.enable = true;
+ dolibarr.enable = true;
+ dolibarrDev.enable = true;
+ website.enable = true;
+ };
+
+ ludivine = {
+ integration.enable = true;
+ production.enable = true;
+ };
nassime.production.enable = true;
- naturaloutil.production.enable = true;
- telioTortay.production.enable = true;
+ nicecoop = {
+ gestion-compte.enable = true;
+ gestion-compte-integration.enable = true;
+ odoo.enable = true;
+ dolibarrDev.enable = true;
+ copanier.enable = true;
+ };
+
+ noctambules = {
+ cloud.enable = true;
+ };
+
+ papa = {
+ surveillance.enable = true;
+ maison_bbc.enable = true;
+ };
- papa.surveillance.enable = true;
+ patrick_fodella = {
+ ecolyeu.enable = false;
+ altermondia.enable = true;
+ };
- piedsjaloux.integration.enable = true;
- piedsjaloux.production.enable = true;
+ piedsjaloux = {
+ integration.enable = true;
+ production.enable = true;
+ };
+ ressourcerie_banon.production.enable = true;
+ ressourcerie_banon.cryptpad.enable = true;
+ ressourcerie_banon.cloud.enable = true;
+
+ richie.production.enable = true;
+
+ syden.peertube.enable = true;
+
+ telio_tortay.production.enable = true;
+
+ tools.assets.enable = true;
tools.cloud.enable = true;
+ tools.commento.enable = true;
+ tools.cryptpad.enable = true;
tools.dav.enable = true;
tools.db.enable = true;
tools.diaspora.enable = true;
@@ -267,8 +362,14 @@ in
tools.mastodon.enable = true;
tools.mediagoblin.enable = true;
tools.peertube.enable = true;
+ tools.performance.enable = true;
tools.tools.enable = true;
tools.email.enable = true;
+ tools.stats.enable = false;
+ tools.visio.enable = true;
+
+ games.codenames.enable = true;
+ games.terraforming-mars.enable = true;
};
};
}