X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Fdefault.nix;h=8fb6a4d3054ba3cdd3b7592edb8fc76b772a1b4c;hb=da30ae4ffdd153a1eb32fb86f9ca9a65aa19e4e2;hp=5c33e1c15372037c4e293cf123abc08d672f2ee8;hpb=d3452fc59b9839846225fd254926c64a9c71f071;p=perso%2FImmae%2FConfig%2FNix.git
diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix
index 5c33e1c..8fb6a4d 100644
--- a/modules/private/websites/default.nix
+++ b/modules/private/websites/default.nix
@@ -3,6 +3,19 @@ let
www_root = "/run/current-system/webapps/_www";
theme_root = "/run/current-system/webapps/_theme";
apacheConfig = {
+ cache = {
+ # This setting permits to ignore time-based cache for files in the
+ # nix store:
+ # If a client requires an If-Modified-Since from timestamp 1, then
+ # this header is removed, and if the response contains a
+ # too old Last-Modified tag, then it is removed too
+ extraConfig = ''
+
+ RequestHeader unset If-Modified-Since
+
+ Header unset Last-Modified "expr=%{LAST_MODIFIED} < 19991231235959"
+ '';
+ };
gzip = {
modules = [ "deflate" "filter" ];
extraConfig = ''
@@ -39,7 +52,7 @@ let
LDAPOpCacheTTL 600
- Include /var/secrets/apache-ldap
+ Include ${config.secrets.fullPaths."apache-ldap"}
'';
};
global = {
@@ -76,6 +89,14 @@ let
};
makeModules = lib.lists.flatten (lib.attrsets.mapAttrsToList (n: v: v.modules or []) apacheConfig);
makeExtraConfig = (builtins.filter (x: x != null) (lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) apacheConfig));
+ moomin = let
+ lines = lib.splitString "\n" (lib.fileContents ./moomin.txt);
+ pad = width: str: let
+ padWidth = width - lib.stringLength str;
+ padding = lib.concatStrings (lib.genList (lib.const "0") padWidth);
+ in lib.optionalString (padWidth > 0) padding + str;
+ in
+ lib.imap0 (i: e: ''Header always set "X-Moomin-${pad 2 (builtins.toString i)}" "${e}"'') lines;
in
{
options.myServices.websites.enable = lib.mkEnableOption "enable websites";
@@ -83,31 +104,11 @@ in
config = lib.mkIf config.myServices.websites.enable {
services.duplyBackup.profiles.php = {
rootDir = "/var/lib/php";
+ remotes = [ "eriomem" "ovh" ];
};
users.users.wwwrun.extraGroups = [ "keys" ];
networking.firewall.allowedTCPPorts = [ 80 443 ];
- nixpkgs.overlays = [ (self: super: rec {
- #openssl = self.openssl_1_1;
- php = php72;
- php72 = (super.php72.override {
- config.php.mysqlnd = true;
- config.php.mysqli = false;
- config.php.mhash = true; # Is it needed?
- }).overrideAttrs(old: rec {
- # Didn't manage to build with mysqli + mysql_config connector
- configureFlags = old.configureFlags ++ [
- "--with-mysqli=shared,mysqlnd"
- ];
- # preConfigure = (old.preConfigure or "") + ''
- # export CPPFLAGS="$CPPFLAGS -I${pkgs.mariadb}/include/mysql/server";
- # sed -i -e 's/#include "mysqli_priv.h"/#include "mysqli_priv.h"\n#include /' \
- # ext/mysqli/mysqli.c ext/mysqli/mysqli_prop.c
- # '';
- });
- phpPackages = super.php72Packages.override { inherit php; };
- }) ];
-
secrets.keys = [{
dest = "apache-ldap";
user = "wwwrun";
@@ -135,7 +136,6 @@ in
};
services.phpfpm = {
- phpPackage = pkgs.php;
phpOptions = ''
session.save_path = "/var/lib/php/sessions"
post_max_size = 20M
@@ -149,9 +149,9 @@ in
};
};
- services.filesWatcher.httpdProd.paths = [ "/var/secrets/apache-ldap" ];
- services.filesWatcher.httpdInte.paths = [ "/var/secrets/apache-ldap" ];
- services.filesWatcher.httpdTools.paths = [ "/var/secrets/apache-ldap" ];
+ services.filesWatcher.httpdProd.paths = [ config.secrets.fullPaths."apache-ldap" ];
+ services.filesWatcher.httpdInte.paths = [ config.secrets.fullPaths."apache-ldap" ];
+ services.filesWatcher.httpdTools.paths = [ config.secrets.fullPaths."apache-ldap" ];
services.websites.env.production = {
enable = true;
@@ -178,7 +178,7 @@ in
let ips = config.myEnv.servers.eldiron.ips.integration;
in [ips.ip4] ++ (ips.ip6 or []);
modules = makeModules;
- extraConfig = makeExtraConfig;
+ extraConfig = makeExtraConfig ++ moomin;
fallbackVhost = {
certName = "eldiron";
hosts = ["eldiron.immae.eu" ];
@@ -222,6 +222,7 @@ in
_theme = pkgs.webapps.apache-theme.theme;
};
myServices.websites = {
+ bakeer.cloud.enable = true;
capitaines.landing_pages.enable = true;
chloe = {
@@ -229,6 +230,10 @@ in
production.enable = true;
};
+ cip-ca = {
+ sympa.enable = true;
+ };
+
connexionswing = {
integration.enable = true;
production.enable = true;
@@ -237,9 +242,16 @@ in
denise = {
evariste.enable = true;
denisejerome.enable = true;
+ oms.enable = true;
+ bingo.enable = true;
+ aventuriers.enable = true;
+ production.enable = true;
};
- emilia.moodle.enable = true;
+ emilia = {
+ moodle.enable = false;
+ atelierfringant.enable = true;
+ };
florian = {
app.enable = true;
@@ -270,23 +282,34 @@ in
nassime.production.enable = true;
+ nath.villon.enable = true;
+
papa = {
surveillance.enable = true;
maison_bbc.enable = true;
};
+ patrick_fodella.production.enable = true;
+
piedsjaloux = {
integration.enable = true;
production.enable = true;
};
+ ressourcerie_banon.production.enable = true;
+ ressourcerie_banon.cryptpad.enable = true;
+ ressourcerie_banon.cloud.enable = true;
+
richie.production.enable = true;
syden.peertube.enable = true;
telio_tortay.production.enable = true;
+ tools.assets.enable = true;
tools.cloud.enable = true;
+ tools.commento.enable = true;
+ tools.cryptpad.enable = true;
tools.dav.enable = true;
tools.db.enable = true;
tools.diaspora.enable = true;
@@ -295,8 +318,13 @@ in
tools.mastodon.enable = true;
tools.mediagoblin.enable = true;
tools.peertube.enable = true;
+ tools.performance.enable = true;
tools.tools.enable = true;
tools.email.enable = true;
+ tools.stats.enable = false;
+
+ games.codenames.enable = true;
+ games.terraforming-mars.enable = true;
};
};
}