X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=nixops%2Fmodules%2Fwebsites%2Fdefault.nix;h=627d01a7dedd824970237c057e2a693f36cb68fa;hb=581c499c06bcc834e084c49f284e18611fbc139b;hp=f820c83ceb04c5a301ae7fd0522d6a13d998309e;hpb=415bcd272a0cbd65494fbb245bd94f0420656044;p=perso%2FImmae%2FConfig%2FNix.git
diff --git a/nixops/modules/websites/default.nix b/nixops/modules/websites/default.nix
index f820c83..627d01a 100644
--- a/nixops/modules/websites/default.nix
+++ b/nixops/modules/websites/default.nix
@@ -1,4 +1,4 @@
-{ lib, pkgs, config, mylibs, myconfig, ... }:
+{ lib, pkgs, config, myconfig, ... }:
let
cfg = config.services.myWebsites;
www_root = "/run/current-system/webapps/_www";
@@ -8,7 +8,7 @@ let
enableSSL = true;
sslServerCert = "/var/lib/acme/${vhostConf.certName}/cert.pem";
sslServerKey = "/var/lib/acme/${vhostConf.certName}/key.pem";
- sslServerChain = "/var/lib/acme/${vhostConf.certName}/fullchain.pem";
+ sslServerChain = "/var/lib/acme/${vhostConf.certName}/chain.pem";
logFormat = "combinedVhost";
listen = map (ip: { inherit ip; port = 443; }) cfg.ips;
hostName = builtins.head vhostConf.hosts;
@@ -117,27 +117,20 @@ in
./ftp/florian.nix
./ftp/denisejerome.nix
./ftp/leila.nix
+ ./ftp/papa.nix
./ftp/immae.nix
./ftp/release.nix
./ftp/temp.nix
- ./tools/db
+ ./tools/db.nix
./tools/tools
./tools/dav
- ./tools/cloud
+ ./tools/cloud.nix
./tools/git
- ./tools/mastodon
- ./tools/mediagoblin
- ./tools/diaspora
- ./tools/ether
- ./tools/peertube
- # built using:
- # sed -e "s/services\.httpd/services\.httpdProd/g" .nix-defexpr/channels/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix
- # Removed allGranted
- # And removed users / groups
- ./apache/httpd_prod.nix
- ./apache/httpd_inte.nix
- # except for this one for users/groups
- ./apache/httpd_tools.nix
+ ./tools/mastodon.nix
+ ./tools/mediagoblin.nix
+ ./tools/diaspora.nix
+ ./tools/ether.nix
+ ./tools/peertube.nix
# Adapted from base phpfpm
./phpfpm
];
@@ -189,9 +182,6 @@ in
# '';
});
phpPackages = super.php72Packages.override { inherit php; };
- composerEnv = import ./commons/composer-env.nix {
- inherit (self) stdenv writeTextFile fetchurl php unzip;
- };
}) ];
services.myWebsites.tools.databases.enable = true;
@@ -214,6 +204,7 @@ in
services.myWebsites.Nassime.production.enable = cfg.production.enable;
services.myWebsites.Florian.production.enable = cfg.production.enable;
services.myWebsites.Leila.production.enable = cfg.production.enable;
+ services.myWebsites.Papa.production.enable = cfg.production.enable;
services.myWebsites.DeniseJerome.production.enable = cfg.production.enable;
services.myWebsites.Emilia.production.enable = cfg.production.enable;
services.myWebsites.Capitaines.production.enable = cfg.production.enable;
@@ -229,10 +220,11 @@ in
services.myWebsites.TellesFlorian.integration.enable = true;
services.myWebsites.Florian.integration.enable = true;
- deployment.keys.apache-ldap = {
+ secrets.keys = [{
+ dest = "apache-ldap";
user = "wwwrun";
group = "wwwrun";
- permissions = "0700";
+ permissions = "0400";
text = ''
@@ -245,7 +237,7 @@ in
'';
- };
+ }];
services.myWebsites.apacheConfig = {
gzip = {
@@ -260,13 +252,13 @@ in
stats = {
extraConfig = ''
- Alias /awstats /var/lib/goaccess/%{domain}
-
+ Alias /webstats ${config.services.webstats.dataDir}/%{domain}
+
DirectoryIndex index.html
AllowOverride None
Require all granted
-
+
Use LDAPConnect
Require ldap-group cn=%{domain},ou=stats,cn=httpd,ou=services,dc=immae,dc=eu
@@ -284,109 +276,14 @@ in
LDAPOpCacheTTL 600
- Include /run/keys/apache-ldap
+ Include /var/secrets/apache-ldap
'';
};
global = {
- extraConfig = ''
- ErrorDocument 500 /maintenance_immae.html
- ErrorDocument 501 /maintenance_immae.html
- ErrorDocument 502 /maintenance_immae.html
- ErrorDocument 503 /maintenance_immae.html
- ErrorDocument 504 /maintenance_immae.html
- Alias /maintenance_immae.html ${www_root}/maintenance_immae.html
- ProxyPass /maintenance_immae.html !
-
- AliasMatch "(.*)/googleb6d69446ff4ca3e5.html" ${www_root}/googleb6d69446ff4ca3e5.html
-
- AllowOverride None
- Require all granted
-
- '';
+ extraConfig = (pkgs.webapps.apache-default.override { inherit www_root;}).apacheConfig;
};
apaxy = {
- extraConfig = ''
-
- Alias /theme ${theme_root}
-
- Options -Indexes
- AllowOverride None
- Require all granted
-
-
- # mod_autoindex
-
- Options Indexes
- AllowOverride None
- Require all granted
-
- # Inspired from Apaxy by @adamwhitcroft
-
- IndexOptions +Charset=UTF-8 +FancyIndexing +IgnoreCase +FoldersFirst +XHTML +HTMLTable +SuppressRules +SuppressDescription +NameWidth=* +IconsAreLinks +ShowForbidden
-
- IndexHeadInsert ""
-
- IndexIgnoreReset ON
- IndexIgnore /theme .htaccess %{ignored}
-
- AddIcon /theme/icons/blank.png ^^BLANKICON^^
- AddIcon /theme/icons/folder.png ^^DIRECTORY^^
- AddIcon /theme/icons/folder-home.png ..
-
- AddIconByType (TXT,/theme/icons/text.png) text/*
- AddIconByType (IMG,/theme/icons/image.png) image/*
- AddIconByType (SND,/theme/icons/audio.png) audio/*
- AddIconByType (VID,/theme/icons/video.png) video/*
-
- AddIcon /theme/icons/archive.png .7z .bz2 .cab .gz .tar
- AddIcon /theme/icons/audio.png .aac .aif .aifc .aiff .ape .au .flac .iff .m4a .mid .mp3 .mpa .ra .wav .wma .f4a .f4b .oga .ogg .xm .it .s3m .mod
- AddIcon /theme/icons/bin.png .bin .hex
- AddIcon /theme/icons/bmp.png .bmp
- AddIcon /theme/icons/c.png .c
- AddIcon /theme/icons/calc.png .xlsx .xlsm .xltx .xltm .xlam .xlr .xls .csv
- AddIcon /theme/icons/cd.png .iso
- AddIcon /theme/icons/cpp.png .cpp
- AddIcon /theme/icons/css.png .css .sass .scss
- AddIcon /theme/icons/deb.png .deb
- AddIcon /theme/icons/doc.png .doc .docx .docm .dot .dotx .dotm .log .msg .odt .pages .rtf .tex .wpd .wps
- AddIcon /theme/icons/draw.png .svg .svgz
- AddIcon /theme/icons/eps.png .ai .eps
- AddIcon /theme/icons/exe.png .exe
- AddIcon /theme/icons/gif.png .gif
- AddIcon /theme/icons/h.png .h
- AddIcon /theme/icons/html.png .html .xhtml .shtml .htm .URL .url
- AddIcon /theme/icons/ico.png .ico
- AddIcon /theme/icons/java.png .jar
- AddIcon /theme/icons/jpg.png .jpg .jpeg .jpe
- AddIcon /theme/icons/js.png .js .json
- AddIcon /theme/icons/markdown.png .md
- AddIcon /theme/icons/package.png .pkg .dmg
- AddIcon /theme/icons/pdf.png .pdf
- AddIcon /theme/icons/php.png .php .phtml
- AddIcon /theme/icons/playlist.png .m3u .m3u8 .pls .pls8
- AddIcon /theme/icons/png.png .png
- AddIcon /theme/icons/ps.png .ps
- AddIcon /theme/icons/psd.png .psd
- AddIcon /theme/icons/py.png .py
- AddIcon /theme/icons/rar.png .rar
- AddIcon /theme/icons/rb.png .rb
- AddIcon /theme/icons/rpm.png .rpm
- AddIcon /theme/icons/rss.png .rss
- AddIcon /theme/icons/script.png .bat .cmd .sh
- AddIcon /theme/icons/sql.png .sql
- AddIcon /theme/icons/tiff.png .tiff .tif
- AddIcon /theme/icons/text.png .txt .nfo
- AddIcon /theme/icons/video.png .asf .asx .avi .flv .mkv .mov .mp4 .mpg .rm .srt .swf .vob .wmv .m4v .f4v .f4p .ogv
- AddIcon /theme/icons/xml.png .xml
- AddIcon /theme/icons/zip.png .zip
- DefaultIcon /theme/icons/default.png
-
- HeaderName /theme/header.html
- ReadmeName /theme/footer.html
- IndexStyleSheet /theme/style.css
-
-
- '';
+ extraConfig = (pkgs.webapps.apache-theme.override { inherit theme_root; }).apacheConfig;
};
http2 = {
modules = [ "http2" ];
@@ -406,8 +303,10 @@ in
install -d -m 0755 /var/lib/acme/acme-challenge
install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions
install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/adminer
+ install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/tmp/adminer
install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/mantisbt
install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/davical
+ install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/phpldapadmin
'';
};
@@ -415,8 +314,8 @@ in
adminer = pkgs.callPackage ./commons/adminer.nix {};
in ''
mkdir -p $out/webapps
- ln -s ${../../www} $out/webapps/_www
- ln -s ${./apache/theme} $out/webapps/_theme
+ ln -s ${pkgs.webapps.apache-default.www} $out/webapps/_www
+ ln -s ${pkgs.webapps.apache-theme.theme} $out/webapps/_theme
ln -s ${adminer.webRoot} $out/webapps/${adminer.apache.webappName}
'';