X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Ftools%2Ftools%2Fdefault.nix;h=29440abf7548ab8d948e9d6602a2765d6f59f667;hb=776aa3603903616702b8bc1d9e955d3a6da9ee1e;hp=93d11222785fd860c64dcd7320d1221f35f7b6d8;hpb=68c45ad53b34301c1a0c59352a839db13e1f2420;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix index 93d1122..29440ab 100644 --- a/modules/private/websites/tools/tools/default.nix +++ b/modules/private/websites/tools/tools/default.nix @@ -1,8 +1,6 @@ -{ lib, pkgs, config, ... }: +{ lib, pkgs, config, flakes, ... }: let - adminer = pkgs.callPackage ./adminer.nix { - inherit (pkgs.webapps) adminer; - }; + adminer = pkgs.callPackage ./adminer.nix {}; ympd = pkgs.callPackage ./ympd.nix { env = config.myEnv.tools.ympd; }; @@ -10,21 +8,25 @@ let inherit (pkgs.webapps) ttrss ttrss-plugins; env = config.myEnv.tools.ttrss; php = pkgs.php72; + inherit config; }; kanboard = pkgs.callPackage ./kanboard.nix { + inherit config; env = config.myEnv.tools.kanboard; }; wallabag = pkgs.callPackage ./wallabag.nix { wallabag = pkgs.webapps.wallabag.override { composerEnv = pkgs.composerEnv.override { - php = pkgs.php73.withExtensions(e: pkgs.php73.enabledExtensions ++ [e.tidy]); + php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]); }; }; env = config.myEnv.tools.wallabag; + inherit config; }; yourls = pkgs.callPackage ./yourls.nix { inherit (pkgs.webapps) yourls yourls-plugins; env = config.myEnv.tools.yourls; + inherit config; }; rompr = pkgs.callPackage ./rompr.nix { inherit (pkgs.webapps) rompr; @@ -32,6 +34,7 @@ let }; shaarli = pkgs.callPackage ./shaarli.nix { env = config.myEnv.tools.shaarli; + inherit config; }; dokuwiki = pkgs.callPackage ./dokuwiki.nix { inherit (pkgs.webapps) dokuwiki dokuwiki-plugins; @@ -39,9 +42,10 @@ let ldap = pkgs.callPackage ./ldap.nix { inherit (pkgs.webapps) phpldapadmin; env = config.myEnv.tools.phpldapadmin; + inherit config; }; grocy = pkgs.callPackage ./grocy.nix { - grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; }; + grocy = flakes.subflakes.public.grocy.defaultPackage.x86_64-linux.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; }; }; phpbb = pkgs.callPackage ./phpbb.nix { phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [ @@ -49,11 +53,18 @@ let e.empteintesduweb.monitoranswers e.lr94.autosubscribe e.phpbbmodders.adduser ]); }; + webhooks-bin-env = pkgs.buildEnv { + name = "webhook-env"; + paths = [ pkgs.apprise ]; + pathsToLink = [ "/bin" ]; + }; webhooks = pkgs.callPackage ./webhooks.nix { env = config.myEnv.tools.webhooks; + binEnv = webhooks-bin-env; }; dmarc-reports = pkgs.callPackage ./dmarc_reports.nix { env = config.myEnv.tools.dmarc_reports; + inherit config; }; landing = pkgs.callPackage ./landing.nix {}; @@ -61,31 +72,56 @@ let cfg = config.myServices.websites.tools.tools; pcfg = config.services.phpfpm.pools; in { + imports = + builtins.attrValues flakes.subflakes.private.paste.nixosModules; + options.myServices.websites.tools.tools = { enable = lib.mkEnableOption "enable tools website"; }; config = lib.mkIf cfg.enable { + myServices.chatonsProperties.services = { + dokuwiki = dokuwiki.chatonsProperties; + shaarli = shaarli.chatonsProperties; + ttrss = ttrss.chatonsProperties; + wallabag = wallabag.chatonsProperties; + paste = { + file.datetime = "2022-08-22T00:15:00"; + service = { + name = "Paste"; + description = "A simple paster script with syntax highlight"; + website = "https://tools.immae.eu/paste/"; + logo = "https://assets.immae.eu/logo.jpg"; + status.level = "OK"; + status.description = "OK"; + registration."" = ["MEMBER" "CLIENT"]; + registration.load = "OPEN"; + install.type = "PACKAGE"; + guide.user = "https://tools.immae.eu/paste/"; + }; + software = { + name = "Paste"; + website = "https://tools.immae.eu/paste/"; + license.url = "https://tools.immae.eu/paste/license"; + license.name = "MIT License"; + version = "Unversioned"; + source.url = "https://tools.immae.eu/paste/abcd123/py"; + }; + }; + }; + myServices.chatonsProperties.hostings = { + dokuwiki = dokuwiki.chatonsHostingProperties; + phpbb = phpbb.chatonsHostingProperties; + }; secrets.keys = kanboard.keys - ++ ldap.keys - ++ shaarli.keys - ++ ttrss.keys - ++ wallabag.keys - ++ yourls.keys - ++ dmarc-reports.keys - ++ webhooks.keys; - - services.duplyBackup.profiles = { - dokuwiki = dokuwiki.backups; - grocy = grocy.backups; - kanboard = kanboard.backups; - rompr = rompr.backups; - shaarli = shaarli.backups; - ttrss = ttrss.backups; - wallabag = wallabag.backups; - phpbb = phpbb.backups; - }; + // ldap.keys + // shaarli.keys + // ttrss.keys + // wallabag.keys + // yourls.keys + // dmarc-reports.keys + // webhooks.keys; services.websites.env.tools.modules = [ "proxy_fcgi" ] @@ -104,16 +140,17 @@ in { services.websites.env.integration.vhostConfs.devtools = { certName = "integration"; - certMainHost = "devtools.immae.eu"; + certMainHost = "tools.immae.dev"; addToCerts = true; - hosts = [ "devtools.immae.eu" ]; - root = "/var/lib/ftp/devtools.immae.eu"; + hosts = [ "tools.immae.dev" ]; + root = "/var/lib/ftp/immae/devtools"; extraConfig = [ '' + Use Apaxy "/var/lib/ftp/immae/devtools" "title" Timeout 600 ProxyTimeout 600 Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}" - + DirectoryIndex index.php index.htm index.html AllowOverride all Require all granted @@ -160,14 +197,31 @@ in { (phpbb.apache.vhostConf pcfg.phpbb.socket) (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket) '' - Alias /paste /var/lib/fiche - - DirectoryIndex index.txt index.html - AllowOverride None - Require all granted - Options -Indexes - + + ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/ + ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/ + ProxyPreserveHost on + + + ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/ + ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/ + ProxyPreserveHost on + + + + SetEnv proxy-nokeepalive 1 + SetEnv proxy-sendchunked 1 + LimitRequestBody 102400 + + RewriteEngine On + # FIXME: why is landing prefixed in the url? + RewriteCond %{HTTP:Upgrade} websocket [NC] + RewriteCond %{HTTP:Connection} upgrade [NC] + RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|ws://tools.immae.eu/$2 [P,NE,QSA,L] + + RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|http://tools.immae.eu/$2 [P,NE,QSA,L] + Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39 DirectoryIndex index.html @@ -175,9 +229,10 @@ in { Require all granted - Alias /webhooks ${config.secrets.location}/webapps/webhooks - + Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"} + Options -Indexes + DirectoryIndex index.php Require all granted AllowOverride None @@ -254,11 +309,23 @@ in { after = lib.mkAfter yourls.phpFpm.serviceDeps; wants = yourls.phpFpm.serviceDeps; }; + ntfy = { + description = "send push notifications to your phone or desktop via scripts from any computer"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${pkgs.ntfy-sh}/bin/ntfy serve --listen-http '' --listen-unix %t/ntfy/ntfy.sock --cache-file %S/ntfy/cache.db --cache-duration 120h --behind-proxy --attachment-cache-dir %S/ntfy/attachments --base-url https://tools.immae.eu/ntfy"; + Type = "simple"; + WorkingDirectory = "%S/ntfy"; + RuntimeDirectory = "ntfy"; + StateDirectory = "ntfy"; + User = "wwwrun"; + }; + }; ympd = { description = "Standalone MPD Web GUI written in C"; wantedBy = [ "multi-user.target" ]; script = '' - export MPD_PASSWORD=$(cat /var/secrets/mpd) + export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"}) ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody ''; }; @@ -280,7 +347,7 @@ in { services.filesWatcher.ympd = { restart = true; - paths = [ "/var/secrets/mpd" ]; + paths = [ config.secrets.fullPaths."mpd" ]; }; services.phpfpm.pools = { @@ -296,19 +363,20 @@ in { "pm.min_spare_servers" = "1"; "pm.max_spare_servers" = "10"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Tools:'"; # Needed to avoid clashes in browser cookies (same domain) "php_value[session.name]" = "ToolsPHPSESSID"; "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [ "/run/wrappers/bin/sendmail" landing "/tmp" - "${config.secrets.location}/webapps/webhooks" + config.secrets.fullPaths."webapps/webhooks" + "${webhooks-bin-env}/bin" ]; }; phpEnv = { CONTACT_EMAIL = config.myEnv.tools.contact; - CSP_REPORT_URI = with config.myEnv.tools.csp_reports.postgresql; - "\"host=${socket} dbname=${database} user=${user} password=${password}\""; }; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]); }; devtools = { user = "wwwrun"; @@ -322,123 +390,101 @@ in { "pm.min_spare_servers" = "1"; "pm.max_spare_servers" = "10"; - "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Devtools:'"; + "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp"; }; - phpPackage = pkgs.php72.withExtensions(e: pkgs.php72.enabledExtensions ++ [e.mysqli e.redis e.apcu e.opcache ]); + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.sqlite3 all.redis all.apcu all.opcache ]); }; adminer = adminer.phpFpm; ttrss = { user = "wwwrun"; group = "wwwrun"; settings = ttrss.phpFpm.pool; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; wallabag = { user = "wwwrun"; group = "wwwrun"; settings = wallabag.phpFpm.pool; - phpPackage = pkgs.php73.withExtensions(e: pkgs.php73.enabledExtensions ++ [e.tidy]); + phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy all.redis]); }; yourls = { user = "wwwrun"; group = "wwwrun"; settings = yourls.phpFpm.pool; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; rompr = { user = "wwwrun"; group = "wwwrun"; settings = rompr.phpFpm.pool; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; shaarli = { user = "wwwrun"; group = "wwwrun"; settings = shaarli.phpFpm.pool; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; dmarc-reports = { user = "wwwrun"; group = "wwwrun"; settings = dmarc-reports.phpFpm.pool; phpEnv = dmarc-reports.phpFpm.phpEnv; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; dokuwiki = { user = "wwwrun"; group = "wwwrun"; settings = dokuwiki.phpFpm.pool; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; phpbb = { user = "wwwrun"; group = "wwwrun"; settings = phpbb.phpFpm.pool; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; ldap = { user = "wwwrun"; group = "wwwrun"; settings = ldap.phpFpm.pool; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; kanboard = { user = "wwwrun"; group = "wwwrun"; settings = kanboard.phpFpm.pool; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; grocy = { user = "wwwrun"; group = "wwwrun"; settings = grocy.phpFpm.pool; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; }; system.activationScripts = { - adminer = adminer.activationScript; grocy = grocy.activationScript; ttrss = ttrss.activationScript; wallabag = wallabag.activationScript; - yourls = yourls.activationScript; rompr = rompr.activationScript; shaarli = shaarli.activationScript; dokuwiki = dokuwiki.activationScript; phpbb = phpbb.activationScript; kanboard = kanboard.activationScript; - ldap = ldap.activationScript; - }; - - services.websites.webappDirs = { - _adminer = adminer.webRoot; - "${dmarc-reports.apache.webappName}" = dmarc-reports.webRoot; - "${dokuwiki.apache.webappName}" = dokuwiki.webRoot; - "${phpbb.apache.webappName}" = phpbb.webRoot; - "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs"; - "${rompr.apache.webappName}" = rompr.webRoot; - "${shaarli.apache.webappName}" = shaarli.webRoot; - "${ttrss.apache.webappName}" = ttrss.webRoot; - "${wallabag.apache.webappName}" = wallabag.webRoot; - "${yourls.apache.webappName}" = yourls.webRoot; - "${kanboard.apache.webappName}" = kanboard.webRoot; - "${grocy.apache.webappName}" = grocy.webRoot; }; services.websites.env.tools.watchPaths = [ - "/var/secrets/webapps/tools-shaarli" + config.secrets.fullPaths."webapps/tools-shaarli" ]; services.filesWatcher.phpfpm-wallabag = { restart = true; - paths = [ "/var/secrets/webapps/tools-wallabag" ]; + paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ]; }; - services.fiche = { - enable = true; - port = config.myEnv.ports.fiche; - domain = "tools.immae.eu/paste"; - https = true; - }; }; }