X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Ftools%2Ftools%2Fdefault.nix;h=ada62537fb04021ef6e5ac759bd7622e0fa00b43;hb=da30ae4ffdd153a1eb32fb86f9ca9a65aa19e4e2;hp=a5e7f2e6897c6febe41af4804b7ed2d3b7bab8b9;hpb=7df5e532c1ce2ab9e8527615c08c1178990870e6;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix index a5e7f2e..ada6253 100644 --- a/modules/private/websites/tools/tools/default.nix +++ b/modules/private/websites/tools/tools/default.nix @@ -1,5 +1,7 @@ { lib, pkgs, config, ... }: let + flakeCompat = import ../../../../../lib/flake-compat.nix; + adminer = pkgs.callPackage ./adminer.nix { inherit (pkgs.webapps) adminer; }; @@ -9,17 +11,26 @@ let ttrss = pkgs.callPackage ./ttrss.nix { inherit (pkgs.webapps) ttrss ttrss-plugins; env = config.myEnv.tools.ttrss; + php = pkgs.php72; + inherit config; }; kanboard = pkgs.callPackage ./kanboard.nix { + inherit config; env = config.myEnv.tools.kanboard; }; wallabag = pkgs.callPackage ./wallabag.nix { - inherit (pkgs.webapps) wallabag; + wallabag = pkgs.webapps.wallabag.override { + composerEnv = pkgs.composerEnv.override { + php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]); + }; + }; env = config.myEnv.tools.wallabag; + inherit config; }; yourls = pkgs.callPackage ./yourls.nix { inherit (pkgs.webapps) yourls yourls-plugins; env = config.myEnv.tools.yourls; + inherit config; }; rompr = pkgs.callPackage ./rompr.nix { inherit (pkgs.webapps) rompr; @@ -27,6 +38,7 @@ let }; shaarli = pkgs.callPackage ./shaarli.nix { env = config.myEnv.tools.shaarli; + inherit config; }; dokuwiki = pkgs.callPackage ./dokuwiki.nix { inherit (pkgs.webapps) dokuwiki dokuwiki-plugins; @@ -34,9 +46,10 @@ let ldap = pkgs.callPackage ./ldap.nix { inherit (pkgs.webapps) phpldapadmin; env = config.myEnv.tools.phpldapadmin; + inherit config; }; grocy = pkgs.callPackage ./grocy.nix { - inherit (pkgs.webapps) grocy; + grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; }; }; phpbb = pkgs.callPackage ./phpbb.nix { phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [ @@ -49,6 +62,10 @@ let }; dmarc-reports = pkgs.callPackage ./dmarc_reports.nix { env = config.myEnv.tools.dmarc_reports; + inherit config; + }; + csp-reports = pkgs.callPackage ./csp_reports.nix { + env = config.myEnv.tools.csp_reports; }; landing = pkgs.callPackage ./landing.nix {}; @@ -56,6 +73,9 @@ let cfg = config.myServices.websites.tools.tools; pcfg = config.services.phpfpm.pools; in { + imports = + builtins.attrValues (flakeCompat ../../../../../flakes/private/paste).nixosModules; + options.myServices.websites.tools.tools = { enable = lib.mkEnableOption "enable tools website"; }; @@ -69,6 +89,7 @@ in { ++ wallabag.keys ++ yourls.keys ++ dmarc-reports.keys + ++ csp-reports.keys ++ webhooks.keys; services.duplyBackup.profiles = { @@ -105,8 +126,10 @@ in { root = "/var/lib/ftp/devtools.immae.eu"; extraConfig = [ '' + Use Apaxy "/var/lib/ftp/devtools.immae.eu" "title" Timeout 600 ProxyTimeout 600 + Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}" DirectoryIndex index.php index.htm index.html AllowOverride all @@ -154,23 +177,26 @@ in { (phpbb.apache.vhostConf pcfg.phpbb.socket) (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket) '' - Alias /paste /var/lib/fiche - - DirectoryIndex index.txt index.html - AllowOverride None - Require all granted - Options -Indexes - + + ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/ + ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/ + ProxyPreserveHost on + + + ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/ + ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/ + ProxyPreserveHost on + - Alias /BIP39 /var/lib/buildbot/outputs/bip39 - + Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39 + DirectoryIndex index.html AllowOverride None Require all granted - Alias /webhooks ${config.secrets.location}/webapps/webhooks - + Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"} + Options -Indexes Require all granted AllowOverride None @@ -252,7 +278,7 @@ in { description = "Standalone MPD Web GUI written in C"; wantedBy = [ "multi-user.target" ]; script = '' - export MPD_PASSWORD=$(cat /var/secrets/mpd) + export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"}) ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody ''; }; @@ -260,7 +286,7 @@ in { description = "Tiny Tiny RSS feeds update daemon"; serviceConfig = { User = "wwwrun"; - ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon"; + ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon"; StandardOutput = "syslog"; StandardError = "syslog"; PermissionsStartOnly = true; @@ -274,7 +300,7 @@ in { services.filesWatcher.ympd = { restart = true; - paths = [ "/var/secrets/mpd" ]; + paths = [ config.secrets.fullPaths."mpd" ]; }; services.phpfpm.pools = { @@ -294,12 +320,14 @@ in { "php_value[session.name]" = "ToolsPHPSESSID"; "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [ "/run/wrappers/bin/sendmail" landing "/tmp" - "${config.secrets.location}/webapps/webhooks" + config.secrets.fullPaths."webapps/webhooks" ]; + "include" = config.secrets.fullPaths."webapps/tools-csp-reports.conf"; }; phpEnv = { CONTACT_EMAIL = config.myEnv.tools.contact; }; + phpPackage = pkgs.php72; }; devtools = { user = "wwwrun"; @@ -315,57 +343,57 @@ in { "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp"; }; - phpOptions = config.services.phpfpm.phpOptions + '' - extension=${pkgs.php}/lib/php/extensions/mysqli.so - extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so - extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - zend_extension=${pkgs.php}/lib/php/extensions/opcache.so - ''; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]); }; adminer = adminer.phpFpm; ttrss = { user = "wwwrun"; group = "wwwrun"; settings = ttrss.phpFpm.pool; + phpPackage = pkgs.php72; }; wallabag = { user = "wwwrun"; group = "wwwrun"; settings = wallabag.phpFpm.pool; + phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]); }; yourls = { user = "wwwrun"; group = "wwwrun"; settings = yourls.phpFpm.pool; + phpPackage = pkgs.php72; }; rompr = { user = "wwwrun"; group = "wwwrun"; settings = rompr.phpFpm.pool; + phpPackage = pkgs.php72; }; shaarli = { user = "wwwrun"; group = "wwwrun"; settings = shaarli.phpFpm.pool; + phpPackage = pkgs.php72; }; dmarc-reports = { user = "wwwrun"; group = "wwwrun"; settings = dmarc-reports.phpFpm.pool; phpEnv = dmarc-reports.phpFpm.phpEnv; - phpOptions = config.services.phpfpm.phpOptions + '' - extension=${pkgs.php}/lib/php/extensions/mysqli.so - ''; + phpPackage = pkgs.php72; }; dokuwiki = { user = "wwwrun"; group = "wwwrun"; settings = dokuwiki.phpFpm.pool; + phpPackage = pkgs.php72; }; phpbb = { user = "wwwrun"; group = "wwwrun"; settings = phpbb.phpFpm.pool; + phpPackage = pkgs.php72; }; ldap = { user = "wwwrun"; @@ -377,11 +405,13 @@ in { user = "wwwrun"; group = "wwwrun"; settings = kanboard.phpFpm.pool; + phpPackage = pkgs.php72; }; grocy = { user = "wwwrun"; group = "wwwrun"; settings = grocy.phpFpm.pool; + phpPackage = pkgs.php72; }; }; @@ -415,19 +445,13 @@ in { }; services.websites.env.tools.watchPaths = [ - "/var/secrets/webapps/tools-shaarli" + config.secrets.fullPaths."webapps/tools-shaarli" ]; services.filesWatcher.phpfpm-wallabag = { restart = true; - paths = [ "/var/secrets/webapps/tools-wallabag" ]; + paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ]; }; - services.fiche = { - enable = true; - port = config.myEnv.ports.fiche; - domain = "tools.immae.eu/paste"; - https = true; - }; }; }