X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Ftools%2Ftools%2Fdefault.nix;h=1e30eed4affaf0770ba0d6d91d5054106c93509e;hb=2053ddac783c931053676ebc2b02bc8b82d89399;hp=be2ee755ae5c1feccd1db3c85ae2a9f5312b24cc;hpb=d3452fc59b9839846225fd254926c64a9c71f071;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix index be2ee75..1e30eed 100644 --- a/modules/private/websites/tools/tools/default.nix +++ b/modules/private/websites/tools/tools/default.nix @@ -9,12 +9,17 @@ let ttrss = pkgs.callPackage ./ttrss.nix { inherit (pkgs.webapps) ttrss ttrss-plugins; env = config.myEnv.tools.ttrss; + php = pkgs.php72; }; kanboard = pkgs.callPackage ./kanboard.nix { env = config.myEnv.tools.kanboard; }; wallabag = pkgs.callPackage ./wallabag.nix { - inherit (pkgs.webapps) wallabag; + wallabag = pkgs.webapps.wallabag.override { + composerEnv = pkgs.composerEnv.override { + php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]); + }; + }; env = config.myEnv.tools.wallabag; }; yourls = pkgs.callPackage ./yourls.nix { @@ -36,8 +41,22 @@ let env = config.myEnv.tools.phpldapadmin; }; grocy = pkgs.callPackage ./grocy.nix { - inherit (pkgs.webapps) grocy; + grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; }; + }; + phpbb = pkgs.callPackage ./phpbb.nix { + phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [ + e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat + e.empteintesduweb.monitoranswers e.lr94.autosubscribe + e.phpbbmodders.adduser ]); }; + webhooks = pkgs.callPackage ./webhooks.nix { + env = config.myEnv.tools.webhooks; + }; + dmarc-reports = pkgs.callPackage ./dmarc_reports.nix { + env = config.myEnv.tools.dmarc_reports; + }; + + landing = pkgs.callPackage ./landing.nix {}; cfg = config.myServices.websites.tools.tools; pcfg = config.services.phpfpm.pools; @@ -53,7 +72,9 @@ in { ++ shaarli.keys ++ ttrss.keys ++ wallabag.keys - ++ yourls.keys; + ++ yourls.keys + ++ dmarc-reports.keys + ++ webhooks.keys; services.duplyBackup.profiles = { dokuwiki = dokuwiki.backups; @@ -63,6 +84,7 @@ in { shaarli = shaarli.backups; ttrss = ttrss.backups; wallabag = wallabag.backups; + phpbb = phpbb.backups; }; services.websites.env.tools.modules = @@ -75,6 +97,8 @@ in { ++ rompr.apache.modules ++ shaarli.apache.modules ++ dokuwiki.apache.modules + ++ dmarc-reports.apache.modules + ++ phpbb.apache.modules ++ ldap.apache.modules ++ kanboard.apache.modules; @@ -88,6 +112,7 @@ in { '' Timeout 600 ProxyTimeout 600 + Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}" DirectoryIndex index.php index.htm index.html AllowOverride all @@ -104,17 +129,18 @@ in { certName = "eldiron"; addToCerts = true; hosts = ["tools.immae.eu" ]; - root = "/var/lib/ftp/tools.immae.eu"; + root = landing; extraConfig = [ '' RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse - - DirectoryIndex index.php index.htm index.html - AllowOverride all + + DirectoryIndex index.html + AllowOverride None Require all granted + SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost" @@ -131,6 +157,8 @@ in { (ldap.apache.vhostConf pcfg.ldap.socket) (kanboard.apache.vhostConf pcfg.kanboard.socket) (grocy.apache.vhostConf pcfg.grocy.socket) + (phpbb.apache.vhostConf pcfg.phpbb.socket) + (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket) '' Alias /paste /var/lib/fiche @@ -139,6 +167,23 @@ in { Require all granted Options -Indexes + + Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39 + + DirectoryIndex index.html + AllowOverride None + Require all granted + + + Alias /webhooks ${config.secrets.location}/webapps/webhooks + + Options -Indexes + Require all granted + AllowOverride None + + SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost" + + '' ]; }; @@ -180,6 +225,10 @@ in { after = lib.mkAfter dokuwiki.phpFpm.serviceDeps; wants = dokuwiki.phpFpm.serviceDeps; }; + phpfpm-phpbb = { + after = lib.mkAfter phpbb.phpFpm.serviceDeps; + wants = phpbb.phpFpm.serviceDeps; + }; phpfpm-kanboard = { after = lib.mkAfter kanboard.phpFpm.serviceDeps; wants = kanboard.phpFpm.serviceDeps; @@ -217,7 +266,7 @@ in { description = "Tiny Tiny RSS feeds update daemon"; serviceConfig = { User = "wwwrun"; - ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon"; + ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon"; StandardOutput = "syslog"; StandardError = "syslog"; PermissionsStartOnly = true; @@ -249,8 +298,17 @@ in { # Needed to avoid clashes in browser cookies (same domain) "php_value[session.name]" = "ToolsPHPSESSID"; - "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"; + "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [ + "/run/wrappers/bin/sendmail" landing "/tmp" + "${config.secrets.location}/webapps/webhooks" + ]; + }; + phpEnv = { + CONTACT_EMAIL = config.myEnv.tools.contact; + CSP_REPORT_URI = with config.myEnv.tools.csp_reports.postgresql; + "\"host=${socket} dbname=${database} user=${user} password=${password}\""; }; + phpPackage = pkgs.php72; }; devtools = { user = "wwwrun"; @@ -266,43 +324,57 @@ in { "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp"; }; - phpOptions = config.services.phpfpm.phpOptions + '' - extension=${pkgs.php}/lib/php/extensions/mysqli.so - extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so - extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - zend_extension=${pkgs.php}/lib/php/extensions/opcache.so - ''; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]); }; adminer = adminer.phpFpm; ttrss = { user = "wwwrun"; group = "wwwrun"; settings = ttrss.phpFpm.pool; + phpPackage = pkgs.php72; }; wallabag = { user = "wwwrun"; group = "wwwrun"; settings = wallabag.phpFpm.pool; + phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]); }; yourls = { user = "wwwrun"; group = "wwwrun"; settings = yourls.phpFpm.pool; + phpPackage = pkgs.php72; }; rompr = { user = "wwwrun"; group = "wwwrun"; settings = rompr.phpFpm.pool; + phpPackage = pkgs.php72; }; shaarli = { user = "wwwrun"; group = "wwwrun"; settings = shaarli.phpFpm.pool; + phpPackage = pkgs.php72; + }; + dmarc-reports = { + user = "wwwrun"; + group = "wwwrun"; + settings = dmarc-reports.phpFpm.pool; + phpEnv = dmarc-reports.phpFpm.phpEnv; + phpPackage = pkgs.php72; }; dokuwiki = { user = "wwwrun"; group = "wwwrun"; settings = dokuwiki.phpFpm.pool; + phpPackage = pkgs.php72; + }; + phpbb = { + user = "wwwrun"; + group = "wwwrun"; + settings = phpbb.phpFpm.pool; + phpPackage = pkgs.php72; }; ldap = { user = "wwwrun"; @@ -314,11 +386,13 @@ in { user = "wwwrun"; group = "wwwrun"; settings = kanboard.phpFpm.pool; + phpPackage = pkgs.php72; }; grocy = { user = "wwwrun"; group = "wwwrun"; settings = grocy.phpFpm.pool; + phpPackage = pkgs.php72; }; }; @@ -331,13 +405,16 @@ in { rompr = rompr.activationScript; shaarli = shaarli.activationScript; dokuwiki = dokuwiki.activationScript; + phpbb = phpbb.activationScript; kanboard = kanboard.activationScript; ldap = ldap.activationScript; }; services.websites.webappDirs = { _adminer = adminer.webRoot; + "${dmarc-reports.apache.webappName}" = dmarc-reports.webRoot; "${dokuwiki.apache.webappName}" = dokuwiki.webRoot; + "${phpbb.apache.webappName}" = phpbb.webRoot; "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs"; "${rompr.apache.webappName}" = rompr.webRoot; "${shaarli.apache.webappName}" = shaarli.webRoot;