X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Ftools%2Ftools%2Fdefault.nix;h=90524739900ac75a640351f261eb524604e449c4;hb=41cce84a02652e22ad967c9f31669092eb3e7f0e;hp=7903ca55984a51d997d773510e30dbe154796e33;hpb=0966f95c6968963988d7ebc846eb0e6087091acc;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix index 7903ca5..9052473 100644 --- a/modules/private/websites/tools/tools/default.nix +++ b/modules/private/websites/tools/tools/default.nix @@ -1,8 +1,8 @@ { lib, pkgs, config, ... }: let - adminer = pkgs.callPackage ./adminer.nix { - inherit (pkgs.webapps) adminer; - }; + flakeCompat = import ../../../../../lib/flake-compat.nix; + + adminer = pkgs.callPackage ./adminer.nix {}; ympd = pkgs.callPackage ./ympd.nix { env = config.myEnv.tools.ympd; }; @@ -10,8 +10,10 @@ let inherit (pkgs.webapps) ttrss ttrss-plugins; env = config.myEnv.tools.ttrss; php = pkgs.php72; + inherit config; }; kanboard = pkgs.callPackage ./kanboard.nix { + inherit config; env = config.myEnv.tools.kanboard; }; wallabag = pkgs.callPackage ./wallabag.nix { @@ -21,10 +23,12 @@ let }; }; env = config.myEnv.tools.wallabag; + inherit config; }; yourls = pkgs.callPackage ./yourls.nix { inherit (pkgs.webapps) yourls yourls-plugins; env = config.myEnv.tools.yourls; + inherit config; }; rompr = pkgs.callPackage ./rompr.nix { inherit (pkgs.webapps) rompr; @@ -32,6 +36,7 @@ let }; shaarli = pkgs.callPackage ./shaarli.nix { env = config.myEnv.tools.shaarli; + inherit config; }; dokuwiki = pkgs.callPackage ./dokuwiki.nix { inherit (pkgs.webapps) dokuwiki dokuwiki-plugins; @@ -39,6 +44,7 @@ let ldap = pkgs.callPackage ./ldap.nix { inherit (pkgs.webapps) phpldapadmin; env = config.myEnv.tools.phpldapadmin; + inherit config; }; grocy = pkgs.callPackage ./grocy.nix { grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; }; @@ -54,6 +60,7 @@ let }; dmarc-reports = pkgs.callPackage ./dmarc_reports.nix { env = config.myEnv.tools.dmarc_reports; + inherit config; }; csp-reports = pkgs.callPackage ./csp_reports.nix { env = config.myEnv.tools.csp_reports; @@ -64,6 +71,9 @@ let cfg = config.myServices.websites.tools.tools; pcfg = config.services.phpfpm.pools; in { + imports = + builtins.attrValues (flakeCompat ../../../../../flakes/private/paste).nixosModules; + options.myServices.websites.tools.tools = { enable = lib.mkEnableOption "enable tools website"; }; @@ -71,14 +81,14 @@ in { config = lib.mkIf cfg.enable { secrets.keys = kanboard.keys - ++ ldap.keys - ++ shaarli.keys - ++ ttrss.keys - ++ wallabag.keys - ++ yourls.keys - ++ dmarc-reports.keys - ++ csp-reports.keys - ++ webhooks.keys; + // ldap.keys + // shaarli.keys + // ttrss.keys + // wallabag.keys + // yourls.keys + // dmarc-reports.keys + // csp-reports.keys + // webhooks.keys; services.duplyBackup.profiles = { dokuwiki = dokuwiki.backups; @@ -111,13 +121,14 @@ in { certMainHost = "devtools.immae.eu"; addToCerts = true; hosts = [ "devtools.immae.eu" ]; - root = "/var/lib/ftp/devtools.immae.eu"; + root = "/var/lib/ftp/immae/devtools"; extraConfig = [ '' + Use Apaxy "/var/lib/ftp/immae/devtools" "title" Timeout 600 ProxyTimeout 600 Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}" - + DirectoryIndex index.php index.htm index.html AllowOverride all Require all granted @@ -164,13 +175,16 @@ in { (phpbb.apache.vhostConf pcfg.phpbb.socket) (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket) '' - Alias /paste /var/lib/fiche - - DirectoryIndex index.txt index.html - AllowOverride None - Require all granted - Options -Indexes - + + ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/ + ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/ + ProxyPreserveHost on + + + ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/ + ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/ + ProxyPreserveHost on + Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39 @@ -179,8 +193,8 @@ in { Require all granted - Alias /webhooks ${config.secrets.location}/webapps/webhooks - + Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"} + Options -Indexes Require all granted AllowOverride None @@ -262,7 +276,7 @@ in { description = "Standalone MPD Web GUI written in C"; wantedBy = [ "multi-user.target" ]; script = '' - export MPD_PASSWORD=$(cat /var/secrets/mpd) + export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"}) ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody ''; }; @@ -284,7 +298,7 @@ in { services.filesWatcher.ympd = { restart = true; - paths = [ "/var/secrets/mpd" ]; + paths = [ config.secrets.fullPaths."mpd" ]; }; services.phpfpm.pools = { @@ -304,9 +318,9 @@ in { "php_value[session.name]" = "ToolsPHPSESSID"; "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [ "/run/wrappers/bin/sendmail" landing "/tmp" - "${config.secrets.location}/webapps/webhooks" + config.secrets.fullPaths."webapps/webhooks" ]; - "include" = "${config.secrets.location}/webapps/tools-csp-reports.conf"; + "include" = config.secrets.fullPaths."webapps/tools-csp-reports.conf"; }; phpEnv = { CONTACT_EMAIL = config.myEnv.tools.contact; @@ -325,7 +339,7 @@ in { "pm.min_spare_servers" = "1"; "pm.max_spare_servers" = "10"; - "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp"; + "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp"; }; phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]); }; @@ -413,35 +427,14 @@ in { ldap = ldap.activationScript; }; - services.websites.webappDirs = { - _adminer = adminer.webRoot; - "${dmarc-reports.apache.webappName}" = dmarc-reports.webRoot; - "${dokuwiki.apache.webappName}" = dokuwiki.webRoot; - "${phpbb.apache.webappName}" = phpbb.webRoot; - "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs"; - "${rompr.apache.webappName}" = rompr.webRoot; - "${shaarli.apache.webappName}" = shaarli.webRoot; - "${ttrss.apache.webappName}" = ttrss.webRoot; - "${wallabag.apache.webappName}" = wallabag.webRoot; - "${yourls.apache.webappName}" = yourls.webRoot; - "${kanboard.apache.webappName}" = kanboard.webRoot; - "${grocy.apache.webappName}" = grocy.webRoot; - }; - services.websites.env.tools.watchPaths = [ - "/var/secrets/webapps/tools-shaarli" + config.secrets.fullPaths."webapps/tools-shaarli" ]; services.filesWatcher.phpfpm-wallabag = { restart = true; - paths = [ "/var/secrets/webapps/tools-wallabag" ]; + paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ]; }; - services.fiche = { - enable = true; - port = config.myEnv.ports.fiche; - domain = "tools.immae.eu/paste"; - https = true; - }; }; }