X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Ftools%2Ftools%2Fdefault.nix;h=ac92ef48f33d5407bc58f6665f2d5634ef8e407d;hb=a9f52ec521e45204ad9363dd143b32ac9910b6b3;hp=dcda15a6d6f936313a246b309c6c3bfc9321bd10;hpb=dcac3ec730176549cd52a9a42db2001dc652c30d;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix
index dcda15a..ac92ef4 100644
--- a/modules/private/websites/tools/tools/default.nix
+++ b/modules/private/websites/tools/tools/default.nix
@@ -1,5 +1,7 @@
 { lib, pkgs, config, ... }:
 let
+  flakeCompat = import ../../../../../lib/flake-compat.nix;
+
   adminer = pkgs.callPackage ./adminer.nix {
     inherit (pkgs.webapps) adminer;
   };
@@ -15,7 +17,11 @@ let
     env = config.myEnv.tools.kanboard;
   };
   wallabag = pkgs.callPackage ./wallabag.nix {
-    wallabag = pkgs.webapps.wallabag.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
+    wallabag = pkgs.webapps.wallabag.override {
+      composerEnv = pkgs.composerEnv.override {
+        php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
+      };
+    };
     env = config.myEnv.tools.wallabag;
   };
   yourls = pkgs.callPackage ./yourls.nix {
@@ -51,12 +57,18 @@ let
   dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
     env = config.myEnv.tools.dmarc_reports;
   };
+  csp-reports = pkgs.callPackage ./csp_reports.nix {
+    env = config.myEnv.tools.csp_reports;
+  };
 
   landing = pkgs.callPackage ./landing.nix {};
 
   cfg = config.myServices.websites.tools.tools;
   pcfg = config.services.phpfpm.pools;
 in {
+  imports =
+    builtins.attrValues (flakeCompat ../../../../../flakes/private/paste).nixosModules;
+
   options.myServices.websites.tools.tools = {
     enable = lib.mkEnableOption "enable tools website";
   };
@@ -70,6 +82,7 @@ in {
       ++ wallabag.keys
       ++ yourls.keys
       ++ dmarc-reports.keys
+      ++ csp-reports.keys
       ++ webhooks.keys;
 
     services.duplyBackup.profiles = {
@@ -106,8 +119,10 @@ in {
       root         = "/var/lib/ftp/devtools.immae.eu";
       extraConfig  = [
         ''
+          Use Apaxy "/var/lib/ftp/devtools.immae.eu" "title"
           Timeout 600
           ProxyTimeout 600
+          Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
           <Directory "/var/lib/ftp/devtools.immae.eu">
             DirectoryIndex index.php index.htm index.html
             AllowOverride all
@@ -155,16 +170,19 @@ in {
         (phpbb.apache.vhostConf pcfg.phpbb.socket)
         (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
         ''
-          Alias /paste /var/lib/fiche
-          <Directory "/var/lib/fiche">
-            DirectoryIndex index.txt index.html
-            AllowOverride None
-            Require all granted
-            Options -Indexes
-          </Directory>
+          <Location "/paste/">
+            ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
+            ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
+            ProxyPreserveHost on
+          </Location>
+          <Location "/paste">
+            ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
+            ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
+            ProxyPreserveHost on
+          </Location>
 
-          Alias /BIP39 /var/lib/buildbot/outputs/bip39
-          <Directory "/var/lib/buildbot/outputs/bip39">
+          Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
+          <Directory "/var/lib/buildbot/outputs/immae/bip39">
             DirectoryIndex index.html
             AllowOverride None
             Require all granted
@@ -297,6 +315,7 @@ in {
             "/run/wrappers/bin/sendmail" landing "/tmp"
             "${config.secrets.location}/webapps/webhooks"
           ];
+          "include" = "${config.secrets.location}/webapps/tools-csp-reports.conf";
         };
         phpEnv = {
           CONTACT_EMAIL = config.myEnv.tools.contact;
@@ -317,13 +336,7 @@ in {
 
           "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
         };
-        phpOptions = config.services.phpfpm.phpOptions + ''
-          extension=${pkgs.php72}/lib/php/extensions/mysqli.so
-          extension=${pkgs.php72Packages.redis}/lib/php/extensions/redis.so
-          extension=${pkgs.php72Packages.apcu}/lib/php/extensions/apcu.so
-          zend_extension=${pkgs.php72}/lib/php/extensions/opcache.so
-          '';
-        phpPackage = pkgs.php72;
+        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
       };
       adminer = adminer.phpFpm;
       ttrss = {
@@ -336,7 +349,7 @@ in {
         user = "wwwrun";
         group = "wwwrun";
         settings = wallabag.phpFpm.pool;
-        phpPackage = pkgs.php72;
+        phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
       };
       yourls = {
         user = "wwwrun";
@@ -361,9 +374,6 @@ in {
         group = "wwwrun";
         settings = dmarc-reports.phpFpm.pool;
         phpEnv = dmarc-reports.phpFpm.phpEnv;
-        phpOptions = config.services.phpfpm.phpOptions + ''
-          extension=${pkgs.php72}/lib/php/extensions/mysqli.so
-        '';
         phpPackage = pkgs.php72;
       };
       dokuwiki = {
@@ -435,12 +445,6 @@ in {
       paths = [ "/var/secrets/webapps/tools-wallabag" ];
     };
 
-    services.fiche = {
-      enable = true;
-      port = config.myEnv.ports.fiche;
-      domain = "tools.immae.eu/paste";
-      https = true;
-    };
   };
 }