X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=systems%2Feldiron%2Fwebsites%2Ftools%2Fdefault.nix;fp=modules%2Fprivate%2Fwebsites%2Ftools%2Ftools%2Fdefault.nix;h=4d9e3c1a36b47ec133f713831fe65c08a06c431c;hb=1a64deeb894dc95e2645a75771732c6cc53a79ad;hp=90fcbe1ff11cd0f1ca3718af9bb8cd981573de7d;hpb=fa25ffd4583cc362075cd5e1b4130f33306103f0;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/private/websites/tools/tools/default.nix b/systems/eldiron/websites/tools/default.nix similarity index 62% rename from modules/private/websites/tools/tools/default.nix rename to systems/eldiron/websites/tools/default.nix index 90fcbe1..4d9e3c1 100644 --- a/modules/private/websites/tools/tools/default.nix +++ b/systems/eldiron/websites/tools/default.nix @@ -1,13 +1,14 @@ -{ lib, pkgs, config, ... }: +{ lib, pkgs, config, mypackages-lib, grocy, ... }: let - flakeCompat = import ../../../../../lib/flake-compat.nix; - - adminer = pkgs.callPackage ./adminer.nix {}; + composerEnv = mypackages-lib.composerEnv; + adminer = pkgs.callPackage ./adminer.nix { inherit config; }; ympd = pkgs.callPackage ./ympd.nix { env = config.myEnv.tools.ympd; + inherit config; }; ttrss = pkgs.callPackage ./ttrss.nix { - inherit (pkgs.webapps) ttrss ttrss-plugins; + ttrss = pkgs.webapps-ttrss; + ttrss-plugins = pkgs.webapps-ttrss-plugins; env = config.myEnv.tools.ttrss; php = pkgs.php72; inherit config; @@ -17,8 +18,8 @@ let env = config.myEnv.tools.kanboard; }; wallabag = pkgs.callPackage ./wallabag.nix { - wallabag = pkgs.webapps.wallabag.override { - composerEnv = pkgs.composerEnv.override { + wallabag = pkgs.webapps-wallabag.override { + composerEnv = composerEnv.override { php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]); }; }; @@ -26,59 +27,110 @@ let inherit config; }; yourls = pkgs.callPackage ./yourls.nix { - inherit (pkgs.webapps) yourls yourls-plugins; + yourls = pkgs.webapps-yourls; + yourls-plugins = pkgs.webapps-yourls-plugins; env = config.myEnv.tools.yourls; inherit config; }; rompr = pkgs.callPackage ./rompr.nix { - inherit (pkgs.webapps) rompr; + rompr = pkgs.webapps-rompr; env = config.myEnv.tools.rompr; + inherit config; }; shaarli = pkgs.callPackage ./shaarli.nix { env = config.myEnv.tools.shaarli; inherit config; }; dokuwiki = pkgs.callPackage ./dokuwiki.nix { - inherit (pkgs.webapps) dokuwiki dokuwiki-plugins; + dokuwiki = pkgs.webapps-dokuwiki; + dokuwiki-plugins = pkgs.webapps-dokuwiki-plugins; + inherit config; }; ldap = pkgs.callPackage ./ldap.nix { - inherit (pkgs.webapps) phpldapadmin; + phpldapadmin = pkgs.webapps-phpldapadmin; env = config.myEnv.tools.phpldapadmin; inherit config; }; - grocy = pkgs.callPackage ./grocy.nix { - grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; }; + grocy' = pkgs.callPackage ./grocy.nix { + grocy = grocy.override { composerEnv = composerEnv.override { php = pkgs.php72; }; }; }; phpbb = pkgs.callPackage ./phpbb.nix { - phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [ + phpbb = (pkgs.webapps-phpbb.withLangs (l: [ l.fr ])).withExts (e: [ e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat e.empteintesduweb.monitoranswers e.lr94.autosubscribe e.phpbbmodders.adduser ]); }; + webhooks-bin-env = pkgs.buildEnv { + name = "webhook-env"; + paths = [ pkgs.apprise ]; + pathsToLink = [ "/bin" ]; + }; webhooks = pkgs.callPackage ./webhooks.nix { env = config.myEnv.tools.webhooks; + binEnv = webhooks-bin-env; }; dmarc-reports = pkgs.callPackage ./dmarc_reports.nix { env = config.myEnv.tools.dmarc_reports; inherit config; }; - csp-reports = pkgs.callPackage ./csp_reports.nix { - env = config.myEnv.tools.csp_reports; - }; - landing = pkgs.callPackage ./landing.nix {}; + landing = pkgs.callPackage ./landing.nix { }; cfg = config.myServices.websites.tools.tools; pcfg = config.services.phpfpm.pools; in { - imports = - builtins.attrValues (flakeCompat ../../../../../flakes/private/paste).nixosModules; - options.myServices.websites.tools.tools = { enable = lib.mkEnableOption "enable tools website"; }; config = lib.mkIf cfg.enable { + # Services needing to send e-mails + myServices.dns.zones."immae.eu".emailPolicies."tools".receive = true; + myServices.dns.zones."immae.eu".subdomains = + with config.myServices.dns.helpers; + { + outils = ips servers.eldiron.ips.main; + tools = lib.mkMerge [ + (mailCommon "immae.eu") + mailSend + (ips servers.eldiron.ips.main) + ]; + }; + + myServices.chatonsProperties.services = { + adminer = adminer.chatonsProperties; + dokuwiki = dokuwiki.chatonsProperties; + shaarli = shaarli.chatonsProperties; + ttrss = ttrss.chatonsProperties; + wallabag = wallabag.chatonsProperties; + paste = { + file.datetime = "2022-08-22T00:15:00"; + service = { + name = "Paste"; + description = "A simple paster script with syntax highlight"; + website = "https://tools.immae.eu/paste/"; + logo = "https://assets.immae.eu/logo.jpg"; + status.level = "OK"; + status.description = "OK"; + registration."" = ["MEMBER" "CLIENT"]; + registration.load = "OPEN"; + install.type = "PACKAGE"; + guide.user = "https://tools.immae.eu/paste/"; + }; + software = { + name = "Paste"; + website = "https://tools.immae.eu/paste/"; + license.url = "https://tools.immae.eu/paste/license"; + license.name = "MIT License"; + version = "Unversioned"; + source.url = "https://tools.immae.eu/paste/abcd123/py"; + }; + }; + }; + myServices.chatonsProperties.hostings = { + dokuwiki = dokuwiki.chatonsHostingProperties; + phpbb = phpbb.chatonsHostingProperties; + }; secrets.keys = kanboard.keys // ldap.keys @@ -87,9 +139,20 @@ in { // wallabag.keys // yourls.keys // dmarc-reports.keys - // csp-reports.keys - // webhooks.keys; - + // webhooks.keys + // ({ "webapps/tools-landing-sql-rw" = { + user = "wwwrun"; + group = "wwwrun"; + permissions = "0400"; + text = let + env = config.myEnv.tools.landing; + in '' + SetEnv PGUSER "${env.postgresql.user}" + SetEnv PGPASSWORD "${env.postgresql.password}" + SetEnv PGDATABASE "${env.postgresql.database}" + SetEnv PGHOST "${env.postgresql.socket}" + ''; + }; }); services.websites.env.tools.modules = [ "proxy_fcgi" ] ++ adminer.apache.modules @@ -105,10 +168,12 @@ in { ++ ldap.apache.modules ++ kanboard.apache.modules; + myServices.dns.zones."immae.dev" = with config.myServices.dns.helpers; { + subdomains.tools = ips servers.eldiron.ips.integration; + }; + security.acme.certs.integration.domain = "tools.immae.dev"; services.websites.env.integration.vhostConfs.devtools = { certName = "integration"; - certMainHost = "tools.immae.dev"; - addToCerts = true; hosts = [ "tools.immae.dev" ]; root = "/var/lib/ftp/immae/devtools"; extraConfig = [ @@ -129,9 +194,10 @@ in { ]; }; + + security.acme.certs.eldiron.extraDomainNames = [ "outils.immae.eu" "tools.immae.eu" ]; services.websites.env.tools.vhostConfs.tools = { certName = "eldiron"; - addToCerts = true; hosts = ["tools.immae.eu" ]; root = landing; extraConfig = [ @@ -141,6 +207,7 @@ in { RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse + Include ${config.secrets.fullPaths."webapps/tools-landing-sql-rw"} DirectoryIndex index.html AllowOverride None Require all granted @@ -160,7 +227,7 @@ in { (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket) (ldap.apache.vhostConf pcfg.ldap.socket) (kanboard.apache.vhostConf pcfg.kanboard.socket) - (grocy.apache.vhostConf pcfg.grocy.socket) + (grocy'.apache.vhostConf pcfg.grocy.socket) (phpbb.apache.vhostConf pcfg.phpbb.socket) (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket) '' @@ -175,6 +242,20 @@ in { ProxyPreserveHost on + + SetEnv proxy-nokeepalive 1 + SetEnv proxy-sendchunked 1 + LimitRequestBody 102400 + + RewriteEngine On + + # FIXME: why is landing prefixed in the url? + RewriteCond %{HTTP:Upgrade} websocket [NC] + RewriteCond %{HTTP:Connection} upgrade [NC] + RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|ws://tools.immae.eu/$2 [P,NE,QSA,L] + + RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|http://tools.immae.eu/$2 [P,NE,QSA,L] + Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39 DirectoryIndex index.html @@ -185,6 +266,7 @@ in { Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"} Options -Indexes + DirectoryIndex index.php Require all granted AllowOverride None @@ -197,7 +279,6 @@ in { services.websites.env.tools.vhostConfs.outils = { certName = "eldiron"; - addToCerts = true; hosts = [ "outils.immae.eu" ]; root = null; extraConfig = [ @@ -261,6 +342,18 @@ in { after = lib.mkAfter yourls.phpFpm.serviceDeps; wants = yourls.phpFpm.serviceDeps; }; + ntfy = { + description = "send push notifications to your phone or desktop via scripts from any computer"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${pkgs.ntfy-sh}/bin/ntfy serve --listen-http '' --listen-unix %t/ntfy/ntfy.sock --cache-file %S/ntfy/cache.db --cache-duration 120h --behind-proxy --attachment-cache-dir %S/ntfy/attachments --base-url https://tools.immae.eu/ntfy"; + Type = "simple"; + WorkingDirectory = "%S/ntfy"; + RuntimeDirectory = "ntfy"; + StateDirectory = "ntfy"; + User = "wwwrun"; + }; + }; ympd = { description = "Standalone MPD Web GUI written in C"; wantedBy = [ "multi-user.target" ]; @@ -303,18 +396,21 @@ in { "pm.min_spare_servers" = "1"; "pm.max_spare_servers" = "10"; + "php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Tools:'"; # Needed to avoid clashes in browser cookies (same domain) "php_value[session.name]" = "ToolsPHPSESSID"; "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [ "/run/wrappers/bin/sendmail" landing "/tmp" config.secrets.fullPaths."webapps/webhooks" + "${webhooks-bin-env}/bin" ]; - "include" = config.secrets.fullPaths."webapps/tools-csp-reports.conf"; }; phpEnv = { CONTACT_EMAIL = config.myEnv.tools.contact; }; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]); }; devtools = { user = "wwwrun"; @@ -328,92 +424,92 @@ in { "pm.min_spare_servers" = "1"; "pm.max_spare_servers" = "10"; + "php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i"; + "php_admin_value[session.save_handler]" = "redis"; + "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Devtools:'"; "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp"; }; - phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]); + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.sqlite3 all.redis all.apcu all.opcache ]); }; adminer = adminer.phpFpm; ttrss = { user = "wwwrun"; group = "wwwrun"; settings = ttrss.phpFpm.pool; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; wallabag = { user = "wwwrun"; group = "wwwrun"; settings = wallabag.phpFpm.pool; - phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]); + phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy all.redis]); }; yourls = { user = "wwwrun"; group = "wwwrun"; settings = yourls.phpFpm.pool; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; rompr = { user = "wwwrun"; group = "wwwrun"; settings = rompr.phpFpm.pool; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; shaarli = { user = "wwwrun"; group = "wwwrun"; settings = shaarli.phpFpm.pool; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; dmarc-reports = { user = "wwwrun"; group = "wwwrun"; settings = dmarc-reports.phpFpm.pool; phpEnv = dmarc-reports.phpFpm.phpEnv; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; dokuwiki = { user = "wwwrun"; group = "wwwrun"; settings = dokuwiki.phpFpm.pool; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; phpbb = { user = "wwwrun"; group = "wwwrun"; settings = phpbb.phpFpm.pool; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; ldap = { user = "wwwrun"; group = "wwwrun"; settings = ldap.phpFpm.pool; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; kanboard = { user = "wwwrun"; group = "wwwrun"; settings = kanboard.phpFpm.pool; - phpPackage = pkgs.php72; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; grocy = { user = "wwwrun"; group = "wwwrun"; - settings = grocy.phpFpm.pool; - phpPackage = pkgs.php72; + settings = grocy'.phpFpm.pool; + phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); }; }; system.activationScripts = { - adminer = adminer.activationScript; - grocy = grocy.activationScript; + grocy = grocy'.activationScript; ttrss = ttrss.activationScript; wallabag = wallabag.activationScript; - yourls = yourls.activationScript; rompr = rompr.activationScript; shaarli = shaarli.activationScript; dokuwiki = dokuwiki.activationScript; phpbb = phpbb.activationScript; kanboard = kanboard.activationScript; - ldap = ldap.activationScript; }; services.websites.env.tools.watchPaths = [ @@ -424,6 +520,28 @@ in { paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ]; }; + myServices.monitoring.fromMasterActivatedPlugins = lib.mkMerge [ + ttrss.monitoringPlugins + rompr.monitoringPlugins + wallabag.monitoringPlugins + yourls.monitoringPlugins + ympd.monitoringPlugins + dokuwiki.monitoringPlugins + shaarli.monitoringPlugins + ldap.monitoringPlugins + adminer.monitoringPlugins + ]; + myServices.monitoring.fromMasterObjects = lib.mkMerge [ + ttrss.monitoringObjects + rompr.monitoringObjects + wallabag.monitoringObjects + yourls.monitoringObjects + ympd.monitoringObjects + dokuwiki.monitoringObjects + shaarli.monitoringObjects + ldap.monitoringObjects + adminer.monitoringObjects + ]; }; }