X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=virtual%2Feldiron.nix;h=4087be8e9758935dd4652b101230c16cf5e685e0;hb=94818b7506f7284e2115863364b571daf0b5f5fc;hp=e5839483810b0bf6f17f69d6bb036adabae841ca;hpb=e273ef92ae582984e0896a8c16fab73747c3ab2b;p=perso%2FImmae%2FConfig%2FNix.git
diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix
index e583948..4087be8 100644
--- a/virtual/eldiron.nix
+++ b/virtual/eldiron.nix
@@ -36,6 +36,11 @@
};
};
+ environment.systemPackages = [
+ pkgs.telnet
+ pkgs.vim
+ ];
+
security.acme.certs = {
"eldiron" = {
webroot = "/var/lib/acme/acme-challenge";
@@ -109,41 +114,67 @@
sslServerKey = "/var/lib/acme/${domain}/key.pem";
sslServerChain = "/var/lib/acme/${domain}/fullchain.pem";
};
+ apacheConfig = {
+ gzip = {
+ modules = [ "deflate" "filter" ];
+ extraConfig = ''
+ AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
+ '';
+ };
+ ldap = {
+ modules = [ "ldap" "authnz_ldap" ];
+ extraConfig = assert mylibs.checkEnv "NIXOPS_HTTP_LDAP_PASSWORD"; ''
+
+ LDAPSharedCacheSize 500000
+ LDAPCacheEntries 1024
+ LDAPCacheTTL 600
+ LDAPOpCacheEntries 1024
+ LDAPOpCacheTTL 600
+
+
+
+
+ AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu
+ AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu
+ AuthLDAPBindPassword "${builtins.getEnv "NIXOPS_HTTP_LDAP_PASSWORD"}"
+ AuthType Basic
+ AuthName "Authentification requise (Acces LDAP)"
+ AuthBasicProvider ldap
+
+
+ '';
+ };
+ };
in rec {
enable = true;
logPerVirtualHost = true;
multiProcessingModule = "worker";
adminAddr = "httpd@immae.eu";
# FIXME: http2
+ # FIXME: voir les autres modules:
+ # authz_core_module
+ # reqtimeout_module
+ # http2_module
+ # version_module
+ # proxy_connect_module
+ # proxy_ftp_module
+ # proxy_scgi_module
+ # proxy_ajp_module
+ # proxy_balancer_module
+ # proxy_express_module
+ # lbmethod_byrequests_module
+ # lbmethod_bytraffic_module
+ # lbmethod_bybusyness_module
+ # lbmethod_heartbeat_module
+
extraModules = pkgs.lib.lists.unique (
mypkgs.adminer.apache.modules ++
mypkgs.connexionswing_dev.apache.modules ++
mypkgs.connexionswing_prod.apache.modules ++
- [
- "macro"
- "ldap"
- "authnz_ldap"
- ]);
- extraConfig = assert mylibs.checkEnv "NIXOPS_HTTP_LDAP_PASSWORD"; ''
-
- LDAPSharedCacheSize 500000
- LDAPCacheEntries 1024
- LDAPCacheTTL 600
- LDAPOpCacheEntries 1024
- LDAPOpCacheTTL 600
-
-
-
-
- AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu
- AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu
- AuthLDAPBindPassword "${builtins.getEnv "NIXOPS_HTTP_LDAP_PASSWORD"}"
- AuthType Basic
- AuthName "Authentification requise (Acces LDAP)"
- AuthBasicProvider ldap
-
-
- '';
+ pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules) apacheConfig) ++
+ [ "macro" ]);
+ extraConfig = builtins.concatStringsSep "\n"
+ (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig) apacheConfig);
virtualHosts = [
(withSSL "eldiron" // {
listen = [ { ip = "*"; port = 443; } ];