X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Fdefault.nix;h=47a41ab8847a2eda79ae1b3327b0f1a36e13ee9f;hb=420ca31ba31007c6802389ad01e7b04be7f1f618;hp=5c33e1c15372037c4e293cf123abc08d672f2ee8;hpb=d3452fc59b9839846225fd254926c64a9c71f071;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix index 5c33e1c..47a41ab 100644 --- a/modules/private/websites/default.nix +++ b/modules/private/websites/default.nix @@ -1,8 +1,21 @@ { lib, pkgs, config, ... }: let - www_root = "/run/current-system/webapps/_www"; - theme_root = "/run/current-system/webapps/_theme"; + www_root = ./_www; + theme_root = (pkgs.webapps.apache-theme {}).theme; apacheConfig = { + cache = { + # This setting permits to ignore time-based cache for files in the + # nix store: + # If a client requires an If-Modified-Since from timestamp 1, then + # this header is removed, and if the response contains a + # too old Last-Modified tag, then it is removed too + extraConfig = '' + + RequestHeader unset If-Modified-Since + + Header unset Last-Modified "expr=%{LAST_MODIFIED} < 19991231235959" + ''; + }; gzip = { modules = [ "deflate" "filter" ]; extraConfig = '' @@ -39,7 +52,7 @@ let LDAPOpCacheTTL 600 - Include /var/secrets/apache-ldap + Include ${config.secrets.fullPaths."apache-ldap"} ''; }; global = { @@ -60,7 +73,7 @@ let ''; }; apaxy = { - extraConfig = (pkgs.webapps.apache-theme.override { inherit theme_root; }).apacheConfig; + extraConfig = (pkgs.webapps.apache-theme { inherit theme_root; }).apacheConfig; }; http2 = { modules = [ "http2" ]; @@ -76,40 +89,44 @@ let }; makeModules = lib.lists.flatten (lib.attrsets.mapAttrsToList (n: v: v.modules or []) apacheConfig); makeExtraConfig = (builtins.filter (x: x != null) (lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) apacheConfig)); + moomin = let + lines = lib.splitString "\n" (lib.fileContents ./moomin.txt); + pad = width: str: let + padWidth = width - lib.stringLength str; + padding = lib.concatStrings (lib.genList (lib.const "0") padWidth); + in lib.optionalString (padWidth > 0) padding + str; + in + lib.imap0 (i: e: ''Header always set "X-Moomin-${pad 2 (builtins.toString i)}" "${e}"'') lines; in { options.myServices.websites.enable = lib.mkEnableOption "enable websites"; config = lib.mkIf config.myServices.websites.enable { - services.duplyBackup.profiles.php = { - rootDir = "/var/lib/php"; + myServices.chatonsProperties.hostings.web = { + file.datetime = "2022-08-22T01:30:00"; + hosting = { + name = "Hébergement Web"; + description = "Service d'hébergement web avec php/mysql/postgresql"; + website = "https://www.immae.eu"; + status.level = "OK"; + status.description = "OK"; + registration.load = "OPEN"; + install.type = "PACKAGE"; + }; + software = { + name = "Apache Httpd"; + website = "https://httpd.apache.org/"; + license.url = "https://www.apache.org/licenses/"; + license.name = "Apache License Version 2"; + version = pkgs.apacheHttpd.version; + source.url = "https://httpd.apache.org/download.cgi"; + modules = "openssh,pure-ftpd"; + }; }; users.users.wwwrun.extraGroups = [ "keys" ]; networking.firewall.allowedTCPPorts = [ 80 443 ]; - nixpkgs.overlays = [ (self: super: rec { - #openssl = self.openssl_1_1; - php = php72; - php72 = (super.php72.override { - config.php.mysqlnd = true; - config.php.mysqli = false; - config.php.mhash = true; # Is it needed? - }).overrideAttrs(old: rec { - # Didn't manage to build with mysqli + mysql_config connector - configureFlags = old.configureFlags ++ [ - "--with-mysqli=shared,mysqlnd" - ]; - # preConfigure = (old.preConfigure or "") + '' - # export CPPFLAGS="$CPPFLAGS -I${pkgs.mariadb}/include/mysql/server"; - # sed -i -e 's/#include "mysqli_priv.h"/#include "mysqli_priv.h"\n#include /' \ - # ext/mysqli/mysqli.c ext/mysqli/mysqli_prop.c - # ''; - }); - phpPackages = super.php72Packages.override { inherit php; }; - }) ]; - - secrets.keys = [{ - dest = "apache-ldap"; + secrets.keys."apache-ldap" = { user = "wwwrun"; group = "wwwrun"; permissions = "0400"; @@ -125,7 +142,7 @@ in ''; - }]; + }; system.activationScripts = { httpd = '' @@ -135,7 +152,6 @@ in }; services.phpfpm = { - phpPackage = pkgs.php; phpOptions = '' session.save_path = "/var/lib/php/sessions" post_max_size = 20M @@ -149,9 +165,9 @@ in }; }; - services.filesWatcher.httpdProd.paths = [ "/var/secrets/apache-ldap" ]; - services.filesWatcher.httpdInte.paths = [ "/var/secrets/apache-ldap" ]; - services.filesWatcher.httpdTools.paths = [ "/var/secrets/apache-ldap" ]; + services.filesWatcher.httpdProd.paths = [ config.secrets.fullPaths."apache-ldap" ]; + services.filesWatcher.httpdInte.paths = [ config.secrets.fullPaths."apache-ldap" ]; + services.filesWatcher.httpdTools.paths = [ config.secrets.fullPaths."apache-ldap" ]; services.websites.env.production = { enable = true; @@ -159,7 +175,7 @@ in httpdName = "Prod"; ips = let ips = config.myEnv.servers.eldiron.ips.production; - in [ips.ip4] ++ (ips.ip6 or []); + in (ips.ip4 or []) ++ (ips.ip6 or []); modules = makeModules; extraConfig = makeExtraConfig; fallbackVhost = { @@ -176,11 +192,11 @@ in httpdName = "Inte"; ips = let ips = config.myEnv.servers.eldiron.ips.integration; - in [ips.ip4] ++ (ips.ip6 or []); + in (ips.ip4 or []) ++ (ips.ip6 or []); modules = makeModules; - extraConfig = makeExtraConfig; + extraConfig = makeExtraConfig ++ moomin; fallbackVhost = { - certName = "eldiron"; + certName = "integration"; hosts = ["eldiron.immae.eu" ]; root = www_root; extraConfig = [ "DirectoryIndex index.htm" ]; @@ -193,7 +209,7 @@ in httpdName = "Tools"; ips = let ips = config.myEnv.servers.eldiron.ips.main; - in [ips.ip4] ++ (ips.ip6 or []); + in (ips.ip4 or []) ++ (ips.ip6 or []); modules = makeModules; extraConfig = makeExtraConfig ++ [ '' @@ -217,18 +233,29 @@ in }; }; - services.websites.webappDirs = { - _www = ./_www; - _theme = pkgs.webapps.apache-theme.theme; - }; + myServices.tools.kanboard.farm.instances.tonnelle = {}; + myServices.tools.kanboard.farm.instances.gebull = {}; myServices.websites = { + attilax.dolibarr.enable = true; + + bakeer.cloud.enable = true; capitaines.landing_pages.enable = true; chloe = { - integration.enable = true; + new.enable = true; production.enable = true; }; + christophe_carpentier = { + website.enable = true; + agorakit.enable = true; + agora-project.enable = true; + }; + + cip-ca = { + sympa.enable = true; + }; + connexionswing = { integration.enable = true; production.enable = true; @@ -237,9 +264,16 @@ in denise = { evariste.enable = true; denisejerome.enable = true; + oms.enable = true; + bingo.enable = true; + aventuriers.enable = true; + production.enable = true; }; - emilia.moodle.enable = true; + emilia = { + moodle.enable = false; + atelierfringant.enable = false; + }; florian = { app.enable = true; @@ -251,6 +285,7 @@ in production.enable = true; release.enable = true; temp.enable = true; + dolibarr.enable = true; }; isabelle = { @@ -263,6 +298,13 @@ in leila.production.enable = true; + librezo = { + cloud.enable = true; + dolibarr.enable = true; + dolibarrDev.enable = true; + website.enable = true; + }; + ludivine = { integration.enable = true; production.enable = true; @@ -270,23 +312,47 @@ in nassime.production.enable = true; + nicecoop = { + gestion-compte.enable = true; + gestion-compte-integration.enable = true; + odoo.enable = true; + dolibarrDev.enable = true; + copanier.enable = true; + }; + + noctambules = { + cloud.enable = true; + }; + papa = { surveillance.enable = true; maison_bbc.enable = true; }; + patrick_fodella = { + ecolyeu.enable = false; + altermondia.enable = true; + }; + piedsjaloux = { integration.enable = true; production.enable = true; }; + ressourcerie_banon.production.enable = true; + ressourcerie_banon.cryptpad.enable = true; + ressourcerie_banon.cloud.enable = true; + richie.production.enable = true; syden.peertube.enable = true; telio_tortay.production.enable = true; + tools.assets.enable = true; tools.cloud.enable = true; + tools.commento.enable = true; + tools.cryptpad.enable = true; tools.dav.enable = true; tools.db.enable = true; tools.diaspora.enable = true; @@ -295,8 +361,14 @@ in tools.mastodon.enable = true; tools.mediagoblin.enable = true; tools.peertube.enable = true; + tools.performance.enable = true; tools.tools.enable = true; tools.email.enable = true; + tools.stats.enable = false; + tools.visio.enable = true; + + games.codenames.enable = true; + games.terraforming-mars.enable = true; }; }; }