security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null;
- deployment.keys = kanboard.keys;
+ deployment.keys =
+ kanboard.keys
+ // ldap.keys
+ // roundcubemail.keys
+ // ttrss.keys
+ // wallabag.keys
+ // yourls.keys;
services.myWebsites.integration.modules =
rainloop.apache.modules;
];
};
- services.myPhpfpm.serviceDependencies.kanboard = kanboard.phpFpm.serviceDeps;
+ services.myPhpfpm.serviceDependencies = {
+ dokuwiki = dokuwiki.phpFpm.serviceDeps;
+ kanboard = kanboard.phpFpm.serviceDeps;
+ ldap = ldap.phpFpm.serviceDeps;
+ rainloop = rainloop.phpFpm.serviceDeps;
+ roundcubemail = roundcubemail.phpFpm.serviceDeps;
+ ttrss = ttrss.phpFpm.serviceDeps;
+ wallabag = wallabag.phpFpm.serviceDeps;
+ yourls = yourls.phpFpm.serviceDeps;
+ };
+
services.myPhpfpm.poolPhpConfigs.roundcubemail = roundcubemail.phpFpm.phpConfig;
services.myPhpfpm.poolConfigs = {
adminer = adminer.phpFpm.pool;
'';
};
phpFpm = rec {
+ serviceDeps = [ "openldap.service" ];
basedir = builtins.concatStringsSep ":" (
[ webRoot varDir ]
++ lib.attrsets.mapAttrsToList (name: value: value) plugins);
{ lib, php, env, writeText, stdenv, optipng, fetchurl }:
rec {
- config = writeText "config.php" ''
- <?php
- $config->custom->appearance['show_clear_password'] = true;
- $config->custom->appearance['hide_template_warning'] = true;
- $config->custom->appearance['theme'] = "tango";
- $config->custom->appearance['minimalMode'] = true;
+ keys.tools-ldap = {
+ destDir = "/run/keys/webapps";
+ user = apache.user;
+ group = apache.group;
+ permissions = "0700";
+ text = ''
+ <?php
+ $config->custom->appearance['show_clear_password'] = true;
+ $config->custom->appearance['hide_template_warning'] = true;
+ $config->custom->appearance['theme'] = "tango";
+ $config->custom->appearance['minimalMode'] = true;
- $servers = new Datastore();
+ $servers = new Datastore();
- $servers->newServer('ldap_pla');
- $servers->setValue('server','name','Immae’s LDAP');
- $servers->setValue('server','host','ldaps://${env.ldap.host}');
- $servers->setValue('login','auth_type','cookie');
- $servers->setValue('login','bind_id','${env.ldap.dn}');
- $servers->setValue('login','bind_pass','${env.ldap.password}');
- $servers->setValue('appearance','password_hash','ssha');
- $servers->setValue('login','attr','uid');
- $servers->setValue('login','fallback_dn',true);
- '';
+ $servers->newServer('ldap_pla');
+ $servers->setValue('server','name','Immae’s LDAP');
+ $servers->setValue('server','host','ldaps://${env.ldap.host}');
+ $servers->setValue('login','auth_type','cookie');
+ $servers->setValue('login','bind_id','${env.ldap.dn}');
+ $servers->setValue('login','bind_pass','${env.ldap.password}');
+ $servers->setValue('appearance','password_hash','ssha');
+ $servers->setValue('login','attr','uid');
+ $servers->setValue('login','fallback_dn',true);
+ '';
+ };
webRoot = stdenv.mkDerivation rec {
version = "1.2.3";
name = "phpldapadmin-${version}";
'';
installPhase = ''
cp -a . $out
- ln -sf ${config} $out/config/config.php
+ ln -sf /run/keys/webapps/tools-ldap $out/config/config.php
'';
};
apache = rec {
'';
};
phpFpm = rec {
- basedir = builtins.concatStringsSep ":" [ webRoot config ];
+ serviceDeps = [ "openldap.service" "tools-ldap-key.service" ];
+ basedir = builtins.concatStringsSep ":" [ webRoot "/run/keys/webapps/tools-ldap" ];
socket = "/var/run/phpfpm/ldap.sock";
pool = ''
listen = ${socket}
'';
};
phpFpm = rec {
+ serviceDeps = [ "postgresql.service" ];
basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
socket = "/var/run/phpfpm/rainloop.sock";
pool = ''
install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
'';
};
- config = writeText "config.php" ''
- <?php
- $config['db_dsnw'] = '${env.psql_url}';
- $config['default_host'] = 'ssl://mail.immae.eu';
- $config['imap_conn_options'] = array("ssl" => array("verify_peer" => false));
- $config['smtp_server'] = 'tls://mail.immae.eu';
- $config['smtp_port'] = '25';
- $config['managesieve_host'] = 'mail.immae.eu';
- $config['managesieve_port'] = '4190';
- $config['managesieve_usetls'] = true;
- $config['managesieve_conn_options'] = array("ssl" => array("verify_peer" => false));
+ keys.tools-roundcube = {
+ destDir = "/run/keys/webapps";
+ user = apache.user;
+ group = apache.group;
+ permissions = "0700";
+ text = ''
+ <?php
+ $config['db_dsnw'] = '${env.psql_url}';
+ $config['default_host'] = 'ssl://mail.immae.eu';
+ $config['imap_conn_options'] = array("ssl" => array("verify_peer" => false));
+ $config['smtp_server'] = 'tls://mail.immae.eu';
+ $config['smtp_port'] = '25';
+ $config['managesieve_host'] = 'mail.immae.eu';
+ $config['managesieve_port'] = '4190';
+ $config['managesieve_usetls'] = true;
+ $config['managesieve_conn_options'] = array("ssl" => array("verify_peer" => false));
- $config['imap_cache'] = 'db';
- $config['messages_cache'] = 'db';
+ $config['imap_cache'] = 'db';
+ $config['messages_cache'] = 'db';
- $config['support_url'] = ''';
+ $config['support_url'] = ''';
- $config['des_key'] = '${env.secret}';
+ $config['des_key'] = '${env.secret}';
- $config['skin'] = 'elastic';
- $config['plugins'] = array(
- 'attachment_reminder',
- 'emoticons',
- 'filesystem_attachments',
- 'hide_blockquote',
- 'identicon',
- 'identity_select',
- 'jqueryui',
- 'managesieve',
- 'newmail_notifier',
- 'vcard_attachments',
- 'zipdownload',
+ $config['skin'] = 'elastic';
+ $config['plugins'] = array(
+ 'attachment_reminder',
+ 'emoticons',
+ 'filesystem_attachments',
+ 'hide_blockquote',
+ 'identicon',
+ 'identity_select',
+ 'jqueryui',
+ 'managesieve',
+ 'newmail_notifier',
+ 'vcard_attachments',
+ 'zipdownload',
- 'automatic_addressbook',
- 'message_highlight',
- 'carddav',
- // Ne marche pas ?: 'ident_switch',
- // Ne marche pas ?: 'thunderbird_labels',
- );
+ 'automatic_addressbook',
+ 'message_highlight',
+ 'carddav',
+ // Ne marche pas ?: 'ident_switch',
+ // Ne marche pas ?: 'thunderbird_labels',
+ );
- $config['language'] = 'fr_FR';
+ $config['language'] = 'fr_FR';
- $config['drafts_mbox'] = 'Mail/Drafts';
- $config['junk_mbox'] = 'Mail/Spam';
- $config['sent_mbox'] = 'Mail/sent';
- $config['trash_mbox'] = ''';
- $config['default_folders'] = array('INBOX', 'Mail/Drafts', 'Mail/sent', 'Mail/Spam', ''');
- $config['draft_autosave'] = 60;
- $config['enable_installer'] = false;
- $config['log_driver'] = 'file';
- $config['temp_dir'] = '${varDir}/cache';
- $config['mime_types'] = '${apacheHttpd}/conf/mime.types';
+ $config['drafts_mbox'] = 'Mail/Drafts';
+ $config['junk_mbox'] = 'Mail/Spam';
+ $config['sent_mbox'] = 'Mail/sent';
+ $config['trash_mbox'] = ''';
+ $config['default_folders'] = array('INBOX', 'Mail/Drafts', 'Mail/sent', 'Mail/Spam', ''');
+ $config['draft_autosave'] = 60;
+ $config['enable_installer'] = false;
+ $config['log_driver'] = 'file';
+ $config['temp_dir'] = '${varDir}/cache';
+ $config['mime_types'] = '${apacheHttpd}/conf/mime.types';
'';
+ };
webRoot = stdenv.mkDerivation rec {
version = "1.4-rc1";
name = "roundcubemail-${version}";
'';
installPhase = ''
cp -a . $out
- ln -s ${config} $out/config/config.inc.php
+ ln -s /run/keys/webapps/tools-roundcube $out/config/config.inc.php
${builtins.concatStringsSep "\n" (
lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/plugins/${name}") plugins
)}
'';
};
phpFpm = rec {
+ serviceDeps = [ "postgresql.service" "tools-roundcube-key.service" ];
basedir = builtins.concatStringsSep ":" (
- [ webRoot config varDir ]
+ [ webRoot "/run/keys/webapps/tools-roundcube" varDir ]
++ lib.attrsets.mapAttrsToList (name: value: value) plugins
++ lib.attrsets.mapAttrsToList (name: value: value) skins);
phpConfig = ''
install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
'';
};
- config = writeText "config.php" ''
- <?php
+ keys.tools-ttrss = {
+ destDir = "/run/keys/webapps";
+ user = apache.user;
+ group = apache.group;
+ permissions = "0700";
+ text = ''
+ <?php
- define('PHP_EXECUTABLE', '${php}/bin/php');
+ define('PHP_EXECUTABLE', '${php}/bin/php');
- define('LOCK_DIRECTORY', 'lock');
- define('CACHE_DIR', 'cache');
- define('ICONS_DIR', 'feed-icons');
- define('ICONS_URL', 'feed-icons');
- define('SELF_URL_PATH', 'https://tools.immae.eu/ttrss/');
+ define('LOCK_DIRECTORY', 'lock');
+ define('CACHE_DIR', 'cache');
+ define('ICONS_DIR', 'feed-icons');
+ define('ICONS_URL', 'feed-icons');
+ define('SELF_URL_PATH', 'https://tools.immae.eu/ttrss/');
- define('MYSQL_CHARSET', 'UTF8');
+ define('MYSQL_CHARSET', 'UTF8');
- define('DB_TYPE', 'pgsql');
- define('DB_HOST', '${env.postgresql.socket}');
- define('DB_USER', '${env.postgresql.user}');
- define('DB_NAME', '${env.postgresql.database}');
- define('DB_PASS', '${env.postgresql.password}');
- define('DB_PORT', '${env.postgresql.port}');
+ define('DB_TYPE', 'pgsql');
+ define('DB_HOST', '${env.postgresql.socket}');
+ define('DB_USER', '${env.postgresql.user}');
+ define('DB_NAME', '${env.postgresql.database}');
+ define('DB_PASS', '${env.postgresql.password}');
+ define('DB_PORT', '${env.postgresql.port}');
- define('AUTH_AUTO_CREATE', true);
- define('AUTH_AUTO_LOGIN', true);
+ define('AUTH_AUTO_CREATE', true);
+ define('AUTH_AUTO_LOGIN', true);
- define('SINGLE_USER_MODE', false);
+ define('SINGLE_USER_MODE', false);
- define('SIMPLE_UPDATE_MODE', false);
- define('CHECK_FOR_UPDATES', true);
+ define('SIMPLE_UPDATE_MODE', false);
+ define('CHECK_FOR_UPDATES', true);
- define('FORCE_ARTICLE_PURGE', 0);
- define('SESSION_COOKIE_LIFETIME', 60*60*24*120);
- define('ENABLE_GZIP_OUTPUT', false);
+ define('FORCE_ARTICLE_PURGE', 0);
+ define('SESSION_COOKIE_LIFETIME', 60*60*24*120);
+ define('ENABLE_GZIP_OUTPUT', false);
- define('PLUGINS', 'auth_ldap, note, instances');
+ define('PLUGINS', 'auth_ldap, note, instances');
- define('LOG_DESTINATION', ''');
- define('CONFIG_VERSION', 26);
+ define('LOG_DESTINATION', ''');
+ define('CONFIG_VERSION', 26);
- define('SPHINX_SERVER', 'localhost:9312');
- define('SPHINX_INDEX', 'ttrss, delta');
+ define('SPHINX_SERVER', 'localhost:9312');
+ define('SPHINX_INDEX', 'ttrss, delta');
- define('ENABLE_REGISTRATION', false);
- define('REG_NOTIFY_ADDRESS', 'ttrss@tools.immae.eu');
- define('REG_MAX_USERS', 10);
+ define('ENABLE_REGISTRATION', false);
+ define('REG_NOTIFY_ADDRESS', 'ttrss@tools.immae.eu');
+ define('REG_MAX_USERS', 10);
- define('SMTP_FROM_NAME', 'Tiny Tiny RSS');
- define('SMTP_FROM_ADDRESS', 'ttrss@tools.immae.eu');
- define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');
+ define('SMTP_FROM_NAME', 'Tiny Tiny RSS');
+ define('SMTP_FROM_ADDRESS', 'ttrss@tools.immae.eu');
+ define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');
- define('LDAP_AUTH_SERVER_URI', 'ldap://ldap.immae.eu:389/');
- define('LDAP_AUTH_USETLS', TRUE);
- define('LDAP_AUTH_ALLOW_UNTRUSTED_CERT', TRUE);
- define('LDAP_AUTH_BASEDN', 'dc=immae,dc=eu');
- define('LDAP_AUTH_ANONYMOUSBEFOREBIND', FALSE);
- define('LDAP_AUTH_SEARCHFILTER', '(&(memberOf=cn=users,cn=ttrss,ou=services,dc=immae,dc=eu)(|(cn=???)(uid=???)(&(uid:dn:=???)(ou=ttrss))))');
+ define('LDAP_AUTH_SERVER_URI', 'ldap://ldap.immae.eu:389/');
+ define('LDAP_AUTH_USETLS', TRUE);
+ define('LDAP_AUTH_ALLOW_UNTRUSTED_CERT', TRUE);
+ define('LDAP_AUTH_BASEDN', 'dc=immae,dc=eu');
+ define('LDAP_AUTH_ANONYMOUSBEFOREBIND', FALSE);
+ define('LDAP_AUTH_SEARCHFILTER', '(&(memberOf=cn=users,cn=ttrss,ou=services,dc=immae,dc=eu)(|(cn=???)(uid=???)(&(uid:dn:=???)(ou=ttrss))))');
- define('LDAP_AUTH_BINDDN', 'cn=ttrss,ou=services,dc=immae,dc=eu');
- define('LDAP_AUTH_BINDPW', '${env.ldap.password}');
- define('LDAP_AUTH_LOGIN_ATTRIB', 'immaeTtrssLogin');
+ define('LDAP_AUTH_BINDDN', 'cn=ttrss,ou=services,dc=immae,dc=eu');
+ define('LDAP_AUTH_BINDPW', '${env.ldap.password}');
+ define('LDAP_AUTH_LOGIN_ATTRIB', 'immaeTtrssLogin');
- define('LDAP_AUTH_LOG_ATTEMPTS', FALSE);
- define('LDAP_AUTH_DEBUG', FALSE);
- '';
+ define('LDAP_AUTH_LOG_ATTEMPTS', FALSE);
+ define('LDAP_AUTH_DEBUG', FALSE);
+ '';
+ };
webRoot = stdenv.mkDerivation (fetchedGit ./tt-rss.json // rec {
buildPhase = ''
rm -rf lock feed-icons cache
'';
installPhase = ''
cp -a . $out
- ln -s ${config} $out/config.php
+ ln -s /run/keys/webapps/tools-ttrss $out/config.php
${builtins.concatStringsSep "\n" (
lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/plugins/${name}") plugins
)}
'';
};
phpFpm = rec {
+ serviceDeps = [ "postgresql.service" "openldap.service" "tools-ttrss-key.service" ];
basedir = builtins.concatStringsSep ":" (
- [ webRoot config varDir ]
+ [ webRoot "/run/keys/webapps/tools-ttrss" varDir ]
++ lib.attrsets.mapAttrsToList (name: value: value) plugins);
socket = "/var/run/phpfpm/ttrss.sock";
pool = ''
let
wallabag = rec {
varDir = "/var/lib/wallabag";
- parameters = writeText "parameters.yml" ''
- # This file is auto-generated during the composer install
- parameters:
- database_driver: pdo_pgsql
- database_driver_class: Wallabag\CoreBundle\Doctrine\DBAL\Driver\CustomPostgreSQLDriver
- database_host: ${env.postgresql.socket}
- database_port: ${env.postgresql.port}
- database_name: ${env.postgresql.database}
- database_user: ${env.postgresql.user}
- database_password: ${env.postgresql.password}
- database_path: null
- database_table_prefix: wallabag_
- database_socket: null
- database_charset: utf8
- domain_name: https://tools.immae.eu/wallabag
- mailer_transport: sendmail
- mailer_host: 127.0.0.1
- mailer_user: null
- mailer_password: null
- locale: fr
- secret: ${env.secret}
- twofactor_auth: true
- twofactor_sender: wallabag@tools.immae.eu
- fosuser_registration: false
- fosuser_confirmation: true
- from_email: wallabag@tools.immae.eu
- rss_limit: 50
- rabbitmq_host: localhost
- rabbitmq_port: 5672
- rabbitmq_user: guest
- rabbitmq_password: guest
- rabbitmq_prefetch_count: 10
- redis_scheme: unix
- redis_host: null
- redis_port: null
- redis_path: ${env.redis.socket}
- redis_password: null
- sites_credentials: { }
- ldap_enabled: true
- ldap_host: ldap.immae.eu
- ldap_port: 636
- ldap_tls: false
- ldap_ssl: true
- ldap_bind_requires_dn: true
- ldap_base: 'dc=immae,dc=eu'
- ldap_manager_dn: 'cn=wallabag,ou=services,dc=immae,dc=eu'
- ldap_manager_pw: ${env.ldap.password}
- ldap_filter: '(&(memberOf=cn=users,cn=wallabag,ou=services,dc=immae,dc=eu))'
- ldap_admin_filter: '(&(memberOf=cn=admins,cn=wallabag,ou=services,dc=immae,dc=eu)(uid=%s))'
- ldap_username_attribute: uid
- ldap_email_attribute: mail
- ldap_name_attribute: cn
- ldap_enabled_attribute: null
- services:
- swiftmailer.mailer.default.transport:
- class: Swift_SendmailTransport
- arguments: ['/run/wrappers/bin/sendmail -bs']
- '';
+ keys.tools-wallabag = {
+ destDir = "/run/keys/webapps";
+ user = apache.user;
+ group = apache.group;
+ permissions = "0700";
+ text = ''
+ # This file is auto-generated during the composer install
+ parameters:
+ database_driver: pdo_pgsql
+ database_driver_class: Wallabag\CoreBundle\Doctrine\DBAL\Driver\CustomPostgreSQLDriver
+ database_host: ${env.postgresql.socket}
+ database_port: ${env.postgresql.port}
+ database_name: ${env.postgresql.database}
+ database_user: ${env.postgresql.user}
+ database_password: ${env.postgresql.password}
+ database_path: null
+ database_table_prefix: wallabag_
+ database_socket: null
+ database_charset: utf8
+ domain_name: https://tools.immae.eu/wallabag
+ mailer_transport: sendmail
+ mailer_host: 127.0.0.1
+ mailer_user: null
+ mailer_password: null
+ locale: fr
+ secret: ${env.secret}
+ twofactor_auth: true
+ twofactor_sender: wallabag@tools.immae.eu
+ fosuser_registration: false
+ fosuser_confirmation: true
+ from_email: wallabag@tools.immae.eu
+ rss_limit: 50
+ rabbitmq_host: localhost
+ rabbitmq_port: 5672
+ rabbitmq_user: guest
+ rabbitmq_password: guest
+ rabbitmq_prefetch_count: 10
+ redis_scheme: unix
+ redis_host: null
+ redis_port: null
+ redis_path: ${env.redis.socket}
+ redis_password: null
+ sites_credentials: { }
+ ldap_enabled: true
+ ldap_host: ldap.immae.eu
+ ldap_port: 636
+ ldap_tls: false
+ ldap_ssl: true
+ ldap_bind_requires_dn: true
+ ldap_base: 'dc=immae,dc=eu'
+ ldap_manager_dn: 'cn=wallabag,ou=services,dc=immae,dc=eu'
+ ldap_manager_pw: ${env.ldap.password}
+ ldap_filter: '(&(memberOf=cn=users,cn=wallabag,ou=services,dc=immae,dc=eu))'
+ ldap_admin_filter: '(&(memberOf=cn=admins,cn=wallabag,ou=services,dc=immae,dc=eu)(uid=%s))'
+ ldap_username_attribute: uid
+ ldap_email_attribute: mail
+ ldap_name_attribute: cn
+ ldap_enabled_attribute: null
+ services:
+ swiftmailer.mailer.default.transport:
+ class: Swift_SendmailTransport
+ arguments: ['/run/wrappers/bin/sendmail -bs']
+ '';
+ };
webappDir = composerEnv.buildPackage rec {
packages = {
"fr3d/ldap-bundle" = {
'';
postInstall = ''
rm -rf web/assets var/{cache,logs,sessions} app/config/parameters.yml data
- ln -sf ${parameters} app/config/parameters.yml
+ ln -sf /run/keys/webapps/tools-wallabag app/config/parameters.yml
ln -sf ${varDir}/var/{cache,logs,sessions} var
ln -sf ${varDir}/data data
ln -sf ${varDir}/assets web/assets
'';
};
phpFpm = rec {
- basedir = builtins.concatStringsSep ":" [ webappDir parameters varDir ];
+ serviceDeps = [ "postgresql.service" "openldap.service" "tools-wallabag-key.service" ];
+ basedir = builtins.concatStringsSep ":" [ webappDir "/run/keys/webapps/tools-wallabag" varDir ];
socket = "/var/run/phpfpm/wallabag.sock";
pool = ''
listen = ${socket}
activationScript = ''
install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/yourls
'';
- config = writeText "config.php" ''
+ keys.tools-yourls = {
+ destDir = "/run/keys/webapps";
+ user = apache.user;
+ group = apache.group;
+ permissions = "0700";
+ text = ''
<?php
define( 'YOURLS_DB_USER', '${env.mysql.user}' );
define( 'YOURLS_DB_PASS', '${env.mysql.password}' );
define( 'LDAPAUTH_USERCACHE_TYPE', 0);
'';
+ };
webRoot = stdenv.mkDerivation (fetchedGithub ./yourls.json // rec {
installPhase = ''
mkdir -p $out
cp -a */ *.php $out/
cp sample-robots.txt $out/robots.txt
- ln -sf ${config} $out/includes/config.php
+ ln -sf /run/keys/webapps/tools-yourls $out/includes/config.php
${builtins.concatStringsSep "\n" (
lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/user/plugins/${name}") plugins
)}
'';
};
phpFpm = rec {
+ serviceDeps = [ "mysql.service" "openldap.service" "tools-yourls-key.service" ];
basedir = builtins.concatStringsSep ":" (
- [ webRoot config ]
+ [ webRoot "/run/keys/webapps/tools-yourls" ]
++ lib.attrsets.mapAttrsToList (name: value: value) plugins);
socket = "/var/run/phpfpm/yourls.sock";
pool = ''