X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Fimmae%2Ftemp.nix;h=85182834a7bce60deeff6f81ee4e6fd69b21862f;hb=da30ae4ffdd153a1eb32fb86f9ca9a65aa19e4e2;hp=b3b28ccadd3ee5fae34fcf2f5ba45ac4d8d1cdbb;hpb=ab8f306d7c2c49b8116e1af7b355ed2384617ed9;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/websites/immae/temp.nix b/modules/private/websites/immae/temp.nix
index b3b28cc..8518283 100644
--- a/modules/private/websites/immae/temp.nix
+++ b/modules/private/websites/immae/temp.nix
@@ -1,35 +1,68 @@
 { lib, pkgs, config,  ... }:
 let
   cfg = config.myServices.websites.immae.temp;
-  varDir = "/var/lib/ftp/temp.immae.eu";
-  env = config.myEnv.websites.temp;
+  varDir = "/var/lib/immae_temp";
+  env = config.myEnv.websites.immae.temp;
 in {
   options.myServices.websites.immae.temp.enable = lib.mkEnableOption "enable Temp' website";
 
   config = lib.mkIf cfg.enable {
-    services.websites.env.production.modules = [ "headers" ];
-    services.websites.env.production.vhostConfs.temp = {
-      certName    = "eldiron";
+    services.duplyBackup.profiles.immae_temp.rootDir = varDir;
+    services.duplyBackup.profiles.immae_temp_surfer.rootDir = "/var/lib/surfer";
+    services.websites.env.production.vhostConfs.immae_temp = {
+      certName    = "immae";
       addToCerts  = true;
       hosts       = [ "temp.immae.eu" ];
-      root        = varDir;
-      extraConfig = [
-        ''
-        Use Apaxy "${varDir}" "title .duplicity-ignore"
-        <FilesMatch ".+">
-          Header set Content-Disposition attachment
-        </FilesMatch>
-        <Directory "${varDir}">
-          Options -Indexes
+      root        = null;
+      extraConfig = [ ''
+        ProxyVia On
+        ProxyRequests Off
+        ProxyPreserveHost On
+        ProxyPass         / unix:///run/surfer/listen.sock|http://temp.immae.eu/
+        ProxyPassReverse  / unix:///run/surfer/listen.sock|http://temp.immae.eu/
+        <Proxy *>
+          Options FollowSymLinks MultiViews
           AllowOverride None
           Require all granted
-        </Directory>
+        </Proxy>
+      '' ];
+    };
+
+    secrets.keys = [
+      {
+        dest = "webapps/surfer";
+        permissions = "0400";
+        user = "wwwrun";
+        group = "wwwrun";
+        text = ''
+          CLOUDRON_LDAP_URL=ldaps://${env.ldap.host}
+          CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
+          TOKENSTORE_FILE=/var/lib/surfer/tokens.json
+          CLOUDRON_LDAP_BIND_DN=${env.ldap.dn}
+          CLOUDRON_LDAP_BIND_PASSWORD=${env.ldap.password}
+          CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
+          CLOUDRON_LDAP_FILTER="${env.ldap.filter}"
+          LISTEN=/run/surfer/listen.sock
+        '';
+      }
+    ];
+
+    systemd.services.surfer = {
+      description = "Surfer";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
 
-        <DirectoryMatch "${varDir}/(.+)">
-          Options Indexes
-        </DirectoryMatch>
-        ''
-      ];
+      script = ''
+        exec ${pkgs.webapps.surfer}/bin/surfer-server ${varDir}
+      '';
+      serviceConfig = {
+        EnvironmentFile = config.secrets.fullPaths."webapps/surfer";
+        User = "wwwrun";
+        Group = "wwwrun";
+        StateDirectory = "surfer";
+        RuntimeDirectory = "surfer";
+        Type = "simple";
+      };
     };
   };
 }