X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Fimmae%2Ftemp.nix;h=fd54f5e0d86708383b6972b3684dcf2b28e534ab;hb=c5f1602f941d34ad1f9e7bdb69678d0c844c9db6;hp=b3b28ccadd3ee5fae34fcf2f5ba45ac4d8d1cdbb;hpb=ab8f306d7c2c49b8116e1af7b355ed2384617ed9;p=perso%2FImmae%2FConfig%2FNix.git
diff --git a/modules/private/websites/immae/temp.nix b/modules/private/websites/immae/temp.nix
index b3b28cc..fd54f5e 100644
--- a/modules/private/websites/immae/temp.nix
+++ b/modules/private/websites/immae/temp.nix
@@ -1,35 +1,68 @@
{ lib, pkgs, config, ... }:
let
cfg = config.myServices.websites.immae.temp;
- varDir = "/var/lib/ftp/temp.immae.eu";
- env = config.myEnv.websites.temp;
+ varDir = "/var/lib/immae_temp";
+ env = config.myEnv.websites.immae.temp;
in {
options.myServices.websites.immae.temp.enable = lib.mkEnableOption "enable Temp' website";
config = lib.mkIf cfg.enable {
- services.websites.env.production.modules = [ "headers" ];
- services.websites.env.production.vhostConfs.temp = {
- certName = "eldiron";
+ services.duplyBackup.profiles.immae_temp.rootDir = varDir;
+ services.duplyBackup.profiles.immae_temp_surfer.rootDir = "/var/lib/surfer";
+ services.websites.env.production.vhostConfs.immae_temp = {
+ certName = "immae";
addToCerts = true;
hosts = [ "temp.immae.eu" ];
- root = varDir;
- extraConfig = [
- ''
- Use Apaxy "${varDir}" "title .duplicity-ignore"
-
- Header set Content-Disposition attachment
-
-
- Options -Indexes
+ root = null;
+ extraConfig = [ ''
+ ProxyVia On
+ ProxyRequests Off
+ ProxyPreserveHost On
+ ProxyPass / unix:///run/surfer/listen.sock|http://temp.immae.eu/
+ ProxyPassReverse / unix:///run/surfer/listen.sock|http://temp.immae.eu/
+
+ Options FollowSymLinks MultiViews
AllowOverride None
Require all granted
-
+
+ '' ];
+ };
+
+ secrets.keys = [
+ {
+ dest = "webapps/surfer";
+ permissions = "0400";
+ user = "wwwrun";
+ group = "wwwrun";
+ text = ''
+ CLOUDRON_LDAP_URL=ldaps://${env.ldap.host}
+ CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
+ TOKENSTORE_FILE=/var/lib/surfer/tokens.json
+ CLOUDRON_LDAP_BIND_DN=${env.ldap.dn}
+ CLOUDRON_LDAP_BIND_PASSWORD=${env.ldap.password}
+ CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
+ CLOUDRON_LDAP_FILTER="${env.ldap.filter}"
+ LISTEN=/run/surfer/listen.sock
+ '';
+ }
+ ];
+
+ systemd.services.surfer = {
+ description = "Surfer";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" ];
-
- Options Indexes
-
- ''
- ];
+ script = ''
+ exec ${pkgs.webapps.surfer}/bin/surfer-server ${varDir}
+ '';
+ serviceConfig = {
+ EnvironmentFile = "/var/secrets/webapps/surfer";
+ User = "wwwrun";
+ Group = "wwwrun";
+ StateDirectory = "surfer";
+ RuntimeDirectory = "surfer";
+ Type = "simple";
+ };
};
};
}