piedsjalouxInte = ./websites/piedsjaloux/integration.nix;
piedsjalouxProd = ./websites/piedsjaloux/production.nix;
+ cloudTool = ./websites/tools/cloud;
+ davTool = ./websites/tools/dav;
+ dbTool = ./websites/tools/db;
+ diasporaTool = ./websites/tools/diaspora;
+ etherTool = ./websites/tools/ether;
+ gitTool = ./websites/tools/git;
+ mastodonTool = ./websites/tools/mastodon;
+ mgoblinTool = ./websites/tools/mgoblin;
+ peertubeTool = ./websites/tools/peertube;
+ toolsTool = ./websites/tools/tools;
+
irc = ./irc.nix;
};
in
systemd.services.phpfpm-aten_dev.wants = aten.phpFpm.serviceDeps;
services.phpfpm.poolConfigs.aten_dev = aten.phpFpm.pool;
system.activationScripts.aten_dev = aten.activationScript;
- system.extraSystemBuilderCmds = ''
- mkdir -p $out/webapps
- ln -s ${aten.app.webRoot} $out/webapps/${aten.apache.webappName}
- '';
+ myServices.websites.webappDirs."${aten.apache.webappName}" = aten.app.webRoot;
services.websites.integration.modules = aten.apache.modules;
services.websites.integration.vhostConfs.aten = {
certName = "eldiron";
systemd.services.phpfpm-aten_prod.wants = aten.phpFpm.serviceDeps;
services.phpfpm.poolConfigs.aten_prod = aten.phpFpm.pool;
system.activationScripts.aten_prod = aten.activationScript;
- system.extraSystemBuilderCmds = ''
- mkdir -p $out/webapps
- ln -s ${aten.app.webRoot} $out/webapps/${aten.apache.webappName}
- '';
+ myServices.websites.webappDirs."${aten.apache.webappName}" = aten.app.webRoot;
services.websites.production.modules = aten.apache.modules;
services.websites.production.vhostConfs.aten = {
certName = "aten";
options.myServices.websites.capitaines.production.enable = lib.mkEnableOption "enable Capitaines's website";
config = lib.mkIf cfg.enable {
- system.extraSystemBuilderCmds = ''
- mkdir -p $out/webapps
- ln -s ${siteDir} $out/webapps/${webappName}
- '';
+ myServices.websites.webappDirs."${webappName}" = siteDir;
services.websites.production.vhostConfs.capitaines_mastodon = {
certName = "capitaines";
'';
};
system.activationScripts.chloe_dev = chloe.activationScript;
- system.extraSystemBuilderCmds = ''
- mkdir -p $out/webapps
- ln -s ${chloe.app.webRoot} $out/webapps/${chloe.apache.webappName}
- '';
+ myServices.websites.webappDirs."${chloe.apache.webappName}" = chloe.app.webRoot;
services.websites.integration.modules = chloe.apache.modules;
services.websites.integration.vhostConfs.chloe = {
certName = "eldiron";
'';
};
system.activationScripts.chloe_prod = chloe.activationScript;
- system.extraSystemBuilderCmds = ''
- mkdir -p $out/webapps
- ln -s ${chloe.app.webRoot} $out/webapps/${chloe.apache.webappName}
- '';
+ myServices.websites.webappDirs."${chloe.apache.webappName}" = chloe.app.webRoot;
services.websites.production.modules = chloe.apache.modules;
services.websites.production.vhostConfs.chloe = {
certName = "chloe";
phpOptions = config.services.phpfpm.phpOptions + connexionswing.phpFpm.phpConfig;
};
system.activationScripts.connexionswing_dev = connexionswing.activationScript;
- system.extraSystemBuilderCmds = ''
- mkdir -p $out/webapps
- ln -s ${connexionswing.app.webRoot} $out/webapps/${connexionswing.apache.webappName}
- '';
+ myServices.websites.webappDirs."${connexionswing.apache.webappName}" = connexionswing.app.webRoot;
services.websites.integration.modules = connexionswing.apache.modules;
services.websites.integration.vhostConfs.connexionswing = {
certName = "eldiron";
phpOptions = config.services.phpfpm.phpOptions + connexionswing.phpFpm.phpConfig;
};
system.activationScripts.connexionswing_prod = connexionswing.activationScript;
- system.extraSystemBuilderCmds = ''
- mkdir -p $out/webapps
- ln -s ${connexionswing.app.webRoot} $out/webapps/${connexionswing.apache.webappName}
- '';
+ myServices.websites.webappDirs."${connexionswing.apache.webappName}" = connexionswing.app.webRoot;
services.websites.production.modules = connexionswing.apache.modules;
services.websites.production.vhostConfs.connexionswing = {
certName = "connexionswing";
-{ ... }:
+{ lib, pkgs, config, myconfig, ... }:
+let
+ www_root = "/run/current-system/webapps/_www";
+ theme_root = "/run/current-system/webapps/_theme";
+ apacheConfig = {
+ gzip = {
+ modules = [ "deflate" "filter" ];
+ extraConfig = ''
+ AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
+ '';
+ };
+ macros = {
+ modules = [ "macro" ];
+ };
+ stats = {
+ extraConfig = ''
+ <Macro Stats %{domain}>
+ Alias /webstats ${config.services.webstats.dataDir}/%{domain}
+ <Directory ${config.services.webstats.dataDir}/%{domain}>
+ DirectoryIndex index.html
+ AllowOverride None
+ Require all granted
+ </Directory>
+ <Location /webstats>
+ Use LDAPConnect
+ Require ldap-group cn=%{domain},ou=stats,cn=httpd,ou=services,dc=immae,dc=eu
+ </Location>
+ </Macro>
+ '';
+ };
+ ldap = {
+ modules = [ "ldap" "authnz_ldap" ];
+ extraConfig = ''
+ <IfModule ldap_module>
+ LDAPSharedCacheSize 500000
+ LDAPCacheEntries 1024
+ LDAPCacheTTL 600
+ LDAPOpCacheEntries 1024
+ LDAPOpCacheTTL 600
+ </IfModule>
+
+ Include /var/secrets/apache-ldap
+ '';
+ };
+ global = {
+ extraConfig = (pkgs.webapps.apache-default.override { inherit www_root;}).apacheConfig;
+ };
+ apaxy = {
+ extraConfig = (pkgs.webapps.apache-theme.override { inherit theme_root; }).apacheConfig;
+ };
+ http2 = {
+ modules = [ "http2" ];
+ extraConfig = ''
+ Protocols h2 http/1.1
+ '';
+ };
+ customLog = {
+ extraConfig = ''
+ LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedVhost
+ '';
+ };
+ };
+ makeModules = lib.lists.flatten (lib.attrsets.mapAttrsToList (n: v: v.modules or []) apacheConfig);
+ makeExtraConfig = (builtins.filter (x: x != null) (lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) apacheConfig));
+in
{
- config.myServices.websites.aten.integration.enable = true;
- config.myServices.websites.aten.production.enable = true;
+ options.myServices.websites.webappDirs = lib.mkOption {
+ type = lib.types.attrsOf lib.types.path;
+ description = ''
+ Webapp paths to create in /run/current-system/webapps
+ '';
+ default = {};
+ };
+
+ config = {
+ users.users.wwwrun.extraGroups = [ "keys" ];
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+ nixpkgs.overlays = [ (self: super: rec {
+ #openssl = self.openssl_1_1;
+ php = php72;
+ php72 = (super.php72.override {
+ mysql.connector-c = self.mariadb;
+ config.php.mysqlnd = false;
+ config.php.mysqli = false;
+ }).overrideAttrs(old: rec {
+ # Didn't manage to build with mysqli + mysql_config connector
+ configureFlags = old.configureFlags ++ [
+ "--with-mysqli=shared,mysqlnd"
+ ];
+ # preConfigure = (old.preConfigure or "") + ''
+ # export CPPFLAGS="$CPPFLAGS -I${pkgs.mariadb}/include/mysql/server";
+ # sed -i -e 's/#include "mysqli_priv.h"/#include "mysqli_priv.h"\n#include <mysql_version.h>/' \
+ # ext/mysqli/mysqli.c ext/mysqli/mysqli_prop.c
+ # '';
+ });
+ phpPackages = super.php72Packages.override { inherit php; };
+ }) ];
+
+ secrets.keys = [{
+ dest = "apache-ldap";
+ user = "wwwrun";
+ group = "wwwrun";
+ permissions = "0400";
+ text = ''
+ <Macro LDAPConnect>
+ <IfModule authnz_ldap_module>
+ AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu STARTTLS
+ AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu
+ AuthLDAPBindPassword "${myconfig.env.httpd.ldap.password}"
+ AuthType Basic
+ AuthName "Authentification requise (Acces LDAP)"
+ AuthBasicProvider ldap
+ </IfModule>
+ </Macro>
+ '';
+ }];
+
+ system.activationScripts = {
+ httpd = ''
+ install -d -m 0755 ${config.security.acme.directory}/acme-challenge
+ install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions
+ '';
+ };
+
+ services.phpfpm = {
+ phpPackage = pkgs.php;
+ phpOptions = ''
+ session.save_path = "/var/lib/php/sessions"
+ post_max_size = 20M
+ ; 15 days (seconds)
+ session.gc_maxlifetime = 1296000
+ ; 30 days (minutes)
+ session.cache_expire = 43200
+ '';
+ extraConfig = ''
+ log_level = notice
+ '';
+ };
+
+ services.websites.production = {
+ enable = true;
+ adminAddr = "httpd@immae.eu";
+ httpdName = "Prod";
+ ips =
+ let ips = myconfig.env.servers.eldiron.ips.production;
+ in [ips.ip4] ++ (ips.ip6 or []);
+ modules = makeModules;
+ extraConfig = makeExtraConfig;
+ fallbackVhost = {
+ certName = "eldiron";
+ hosts = ["eldiron.immae.eu" ];
+ root = www_root;
+ extraConfig = [ "DirectoryIndex index.htm" ];
+ };
+ };
+
+ services.websites.integration = {
+ enable = true;
+ adminAddr = "httpd@immae.eu";
+ httpdName = "Inte";
+ ips =
+ let ips = myconfig.env.servers.eldiron.ips.integration;
+ in [ips.ip4] ++ (ips.ip6 or []);
+ modules = makeModules;
+ extraConfig = makeExtraConfig;
+ fallbackVhost = {
+ certName = "eldiron";
+ hosts = ["eldiron.immae.eu" ];
+ root = www_root;
+ extraConfig = [ "DirectoryIndex index.htm" ];
+ };
+ };
+
+ services.websites.tools = {
+ enable = true;
+ adminAddr = "httpd@immae.eu";
+ httpdName = "Tools";
+ ips =
+ let ips = myconfig.env.servers.eldiron.ips.main;
+ in [ips.ip4] ++ (ips.ip6 or []);
+ modules = makeModules;
+ extraConfig = makeExtraConfig ++
+ [ ''
+ RedirectMatch ^/licen[cs]es?_et_tip(ping)?$ https://www.immae.eu/licences_et_tip.html
+ RedirectMatch ^/licen[cs]es?_and_tip(ping)?$ https://www.immae.eu/licenses_and_tipping.html
+ RedirectMatch ^/licen[cs]es?$ https://www.immae.eu/licenses_and_tipping.html
+ RedirectMatch ^/tip(ping)?$ https://www.immae.eu/licenses_and_tipping.html
+ RedirectMatch ^/(mentions|mentions_legales|legal)$ https://www.immae.eu/mentions.html
+ RedirectMatch ^/CGU$ https://www.immae.eu/CGU
+ ''
+ ];
+ nosslVhost = {
+ enable = true;
+ host = "nossl.immae.eu";
+ };
+ fallbackVhost = {
+ certName = "eldiron";
+ hosts = ["eldiron.immae.eu" ];
+ root = www_root;
+ extraConfig = [ "DirectoryIndex index.htm" ];
+ };
+ };
+
+ system.extraSystemBuilderCmds = lib.mkIf (builtins.length (builtins.attrValues config.myServices.websites.webappDirs) > 0) ''
+ mkdir -p $out/webapps
+ ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (name: path: "ln -s ${path} $out/webapps/${name}") config.myServices.websites.webappDirs)}
+ '';
+
+ myServices.websites = {
+ webappDirs = {
+ _www = pkgs.webapps.apache-default.www;
+ _theme = pkgs.webapps.apache-theme.theme;
+ };
+
+ aten.integration.enable = true;
+ aten.production.enable = true;
+
+ capitaines.production.enable = true;
- config.myServices.websites.capitaines.production.enable = true;
+ chloe.integration.enable = true;
+ chloe.production.enable = true;
- config.myServices.websites.chloe.integration.enable = true;
- config.myServices.websites.chloe.production.enable = true;
+ connexionswing.integration.enable = true;
+ connexionswing.production.enable = true;
- config.myServices.websites.connexionswing.integration.enable = true;
- config.myServices.websites.connexionswing.production.enable = true;
+ denisejerome.production.enable = true;
- config.myServices.websites.denisejerome.production.enable = true;
+ emilia.production.enable = true;
- config.myServices.websites.emilia.production.enable = true;
+ florian.app.enable = true;
+ florian.integration.enable = true;
+ florian.production.enable = true;
- config.myServices.websites.florian.app.enable = true;
- config.myServices.websites.florian.integration.enable = true;
- config.myServices.websites.florian.production.enable = true;
+ immae.production.enable = true;
+ immae.release.enable = true;
+ immae.temp.enable = true;
- config.myServices.websites.immae.production.enable = true;
- config.myServices.websites.immae.release.enable = true;
- config.myServices.websites.immae.temp.enable = true;
+ leila.production.enable = true;
- config.myServices.websites.leila.production.enable = true;
+ ludivinecassal.integration.enable = true;
+ ludivinecassal.production.enable = true;
- config.myServices.websites.ludivinecassal.integration.enable = true;
- config.myServices.websites.ludivinecassal.production.enable = true;
+ nassime.production.enable = true;
- config.myServices.websites.nassime.production.enable = true;
+ naturaloutil.production.enable = true;
- config.myServices.websites.naturaloutil.production.enable = true;
+ papa.surveillance.enable = true;
- config.myServices.websites.papa.surveillance.enable = true;
+ piedsjaloux.integration.enable = true;
+ piedsjaloux.production.enable = true;
- config.myServices.websites.piedsjaloux.integration.enable = true;
- config.myServices.websites.piedsjaloux.production.enable = true;
+ tools.cloud.enable = true;
+ tools.dav.enable = true;
+ tools.db.enable = true;
+ tools.diaspora.enable = true;
+ tools.etherpad-lite.enable = true;
+ tools.git.enable = true;
+ tools.mastodon.enable = true;
+ tools.mediagoblin.enable = true;
+ tools.peertube.enable = true;
+ tools.tools.enable = true;
+ };
+ };
}
system.activationScripts.emilia = ''
install -m 0755 -o wwwrun -g wwwrun -d ${varDir}
'';
- system.extraSystemBuilderCmds = ''
- mkdir -p $out/webapps
- ln -s ${siteDir} $out/webapps/${webappName}
- '';
+ myServices.websites.webappDirs."${webappName}" = siteDir;
services.websites.production.vhostConfs.emilia = {
certName = "emilia";
certMainHost = "saison-photo.org";
systemd.services.phpfpm-tellesflorian_dev.preStart = lib.mkAfter tellesflorian.phpFpm.preStart;
services.phpfpm.poolConfigs.tellesflorian_dev = tellesflorian.phpFpm.pool;
system.activationScripts.tellesflorian_dev = tellesflorian.activationScript;
- system.extraSystemBuilderCmds = ''
- mkdir -p $out/webapps
- ln -s ${tellesflorian.app.webRoot} $out/webapps/${tellesflorian.apache.webappName}
- '';
+ myServices.websites.webappDirs."${tellesflorian.apache.webappName}" = tellesflorian.app.webRoot;
services.websites.integration.modules = adminer.apache.modules ++ tellesflorian.apache.modules;
services.websites.integration.vhostConfs.tellesflorian = {
certName = "eldiron";
systemd.services.phpfpm-ludivinecassal_dev.preStart = lib.mkAfter ludivinecassal.phpFpm.preStart;
services.phpfpm.poolConfigs.ludivinecassal_dev = ludivinecassal.phpFpm.pool;
system.activationScripts.ludivinecassal_dev = ludivinecassal.activationScript;
- system.extraSystemBuilderCmds = ''
- mkdir -p $out/webapps
- ln -s ${ludivinecassal.app.webRoot} $out/webapps/${ludivinecassal.apache.webappName}
- '';
+ myServices.websites.webappDirs."${ludivinecassal.apache.webappName}" = ludivinecassal.app.webRoot;
services.websites.integration.modules = ludivinecassal.apache.modules;
services.websites.integration.vhostConfs.ludivine = {
certName = "eldiron";
systemd.services.phpfpm-ludivinecassal_prod.preStart = lib.mkAfter ludivinecassal.phpFpm.preStart;
services.phpfpm.poolConfigs.ludivinecassal_prod = ludivinecassal.phpFpm.pool;
system.activationScripts.ludivinecassal_prod = ludivinecassal.activationScript;
- system.extraSystemBuilderCmds = ''
- mkdir -p $out/webapps
- ln -s ${ludivinecassal.app.webRoot} $out/webapps/${ludivinecassal.apache.webappName}
- '';
+ myServices.websites.webappDirs."${ludivinecassal.apache.webappName}" = ludivinecassal.app.webRoot;
services.websites.production.modules = ludivinecassal.apache.modules;
services.websites.production.vhostConfs.ludivine = {
certName = "ludivinecassal";
?>
'';
}];
+ system.activationScripts.naturaloutil = {
+ deps = [ "httpd" ];
+ text = ''
+ install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/naturaloutil
+ '';
+ };
systemd.services.phpfpm-jerome.after = lib.mkAfter [ "mysql.service" ];
systemd.services.phpfpm-jerome.wants = [ "mysql.service" ];
services.phpfpm.pools.jerome = {
pm.process_idle_timeout = 60
env[BDD_CONNECT] = "/var/secrets/webapps/prod-naturaloutil"
- php_admin_value[open_basedir] = "/var/secrets/webapps/prod-naturaloutil:${varDir}:/tmp"
+ php_admin_value[open_basedir] = "/var/lib/php/sessions/naturaloutil:/var/secrets/webapps/prod-naturaloutil:${varDir}:/tmp"
+ php_admin_value[session.save_path] = "/var/lib/php/sessions/naturaloutil"
'';
phpOptions = config.services.phpfpm.phpOptions + ''
extension=${pkgs.php}/lib/php/extensions/mysqli.so
systemd.services.phpfpm-piedsjaloux_dev.preStart = lib.mkAfter piedsjaloux.phpFpm.preStart;
services.phpfpm.poolConfigs.piedsjaloux_dev = piedsjaloux.phpFpm.pool;
system.activationScripts.piedsjaloux_dev = piedsjaloux.activationScript;
- system.extraSystemBuilderCmds = ''
- mkdir -p $out/webapps
- ln -s ${piedsjaloux.app.webRoot} $out/webapps/${piedsjaloux.apache.webappName}
- '';
+ myServices.websites.webappDirs."${piedsjaloux.apache.webappName}" = piedsjaloux.app.webRoot;
services.websites.integration.modules = piedsjaloux.apache.modules;
services.websites.integration.vhostConfs.piedsjaloux = {
certName = "eldiron";
systemd.services.phpfpm-piedsjaloux_prod.preStart = lib.mkAfter piedsjaloux.phpFpm.preStart;
services.phpfpm.poolConfigs.piedsjaloux_prod = piedsjaloux.phpFpm.pool;
system.activationScripts.piedsjaloux_prod = piedsjaloux.activationScript;
- system.extraSystemBuilderCmds = ''
- mkdir -p $out/webapps
- ln -s ${piedsjaloux.app.webRoot} $out/webapps/${piedsjaloux.apache.webappName}
- '';
+ myServices.websites.webappDirs."${piedsjaloux.apache.webappName}" = piedsjaloux.app.webRoot;
services.websites.production.modules = piedsjaloux.apache.modules;
services.websites.production.vhostConfs.piedsjaloux = {
certName = "piedsjaloux";
varDir = "/var/lib/nextcloud";
webappName = "tools_nextcloud";
apacheRoot = "/run/current-system/webapps/${webappName}";
- cfg = config.services.myWebsites.tools.cloud;
+ cfg = config.myServices.websites.tools.cloud;
phpFpm = rec {
basedir = builtins.concatStringsSep ":" (
[ nextcloud varDir ]
'';
};
in {
- options.services.myWebsites.tools.cloud = {
+ options.myServices.websites.tools.cloud = {
enable = lib.mkEnableOption "enable cloud website";
};
{ stdenv, fetchurl, gettext, writeText, env, awl, davical }:
rec {
+ activationScript = {
+ deps = [ "httpd" ];
+ text = ''
+ install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/davical
+ '';
+ };
keys = [{
dest = "webapps/dav-davical";
user = apache.user;
inherit (pkgs.webapps) davical awl;
};
- cfg = config.services.myWebsites.tools.dav;
+ cfg = config.myServices.websites.tools.dav;
in {
- options.services.myWebsites.tools.dav = {
+ options.myServices.websites.tools.dav = {
enable = lib.mkEnableOption "enable dav website";
};
config = lib.mkIf cfg.enable {
+ system.activationScripts.davical = davical.activationScript;
secrets.keys = davical.keys;
services.websites.tools.modules = davical.apache.modules;
davical = davical.phpFpm.pool;
};
- system.extraSystemBuilderCmds = ''
- mkdir -p $out/webapps
- ln -s ${davical.webRoot} $out/webapps/${davical.apache.webappName}
- ln -s ${pkgs.webapps.infcloud} $out/webapps/${infcloud.webappName}
- '';
+ myServices.websites.webappDirs."${davical.apache.webappName}" = davical.webRoot;
+ myServices.websites.webappDirs."${infcloud.webappName}" = pkgs.webapps.infcloud;
};
}
{ lib, pkgs, config, ... }:
let
- adminer = pkgs.callPackage ../commons/adminer.nix {};
+ adminer = pkgs.callPackage ../../commons/adminer.nix {};
- cfg = config.services.myWebsites.tools.databases;
+ cfg = config.myServices.websites.tools.db;
in {
- options.services.myWebsites.tools.databases = {
+ options.myServices.websites.tools.db = {
enable = lib.mkEnableOption "enable database's website";
};
let
env = myconfig.env.tools.diaspora;
root = "/run/current-system/webapps/tools_diaspora";
- cfg = config.services.myWebsites.tools.diaspora;
+ cfg = config.myServices.websites.tools.diaspora;
dcfg = config.services.diaspora;
in {
- options.services.myWebsites.tools.diaspora = {
+ options.myServices.websites.tools.diaspora = {
enable = lib.mkEnableOption "enable diaspora's website";
};
{ lib, pkgs, config, myconfig, ... }:
let
env = myconfig.env.tools.etherpad-lite;
- cfg = config.services.myWebsites.tools.etherpad-lite;
+ cfg = config.myServices.websites.tools.etherpad-lite;
# Make sure we’re not rebuilding whole libreoffice just because of a
# dependency
libreoffice = (import <nixpkgs> { overlays = []; }).libreoffice-fresh;
ecfg = config.services.etherpad-lite;
in {
- options.services.myWebsites.tools.etherpad-lite = {
+ options.myServices.websites.tools.etherpad-lite = {
enable = lib.mkEnableOption "enable etherpad's website";
};
};
gitweb = pkgs.callPackage ./gitweb.nix { gitoliteDir = config.services.myGitolite.gitoliteDir; };
- cfg = config.services.myWebsites.tools.git;
+ cfg = config.myServices.websites.tools.git;
in {
- options.services.myWebsites.tools.git = {
+ options.myServices.websites.tools.git = {
enable = lib.mkEnableOption "enable git's website";
};
services.websites.tools.modules =
gitweb.apache.modules ++
mantisbt.apache.modules;
- system.extraSystemBuilderCmds = ''
- mkdir -p $out/webapps
- ln -s ${gitweb.webRoot} $out/webapps/${gitweb.apache.webappName}
- ln -s ${mantisbt.webRoot} $out/webapps/${mantisbt.apache.webappName}
- '';
+ myServices.websites.webappDirs."${gitweb.apache.webappName}" = gitweb.webRoot;
+ myServices.websites.webappDirs."${mantisbt.apache.webappName}" = mantisbt.webRoot;
+ system.activationScripts.mantisbt = mantisbt.activationScript;
services.websites.tools.vhostConfs.git = {
certName = "eldiron";
addToCerts = true;
{ env, mantisbt_2, mantisbt_2-plugins }:
rec {
+ activationScript = {
+ deps = [ "httpd" ];
+ text = ''
+ install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/mantisbt
+ '';
+ };
keys = [{
dest = "webapps/tools-mantisbt";
user = apache.user;
let
env = myconfig.env.tools.mastodon;
root = "/run/current-system/webapps/tools_mastodon";
- cfg = config.services.myWebsites.tools.mastodon;
+ cfg = config.myServices.websites.tools.mastodon;
mcfg = config.services.mastodon;
in {
- options.services.myWebsites.tools.mastodon = {
+ options.myServices.websites.tools.mastodon = {
enable = lib.mkEnableOption "enable mastodon's website";
};
{ lib, pkgs, config, myconfig, ... }:
let
env = myconfig.env.tools.mediagoblin;
- cfg = config.services.myWebsites.tools.mediagoblin;
+ cfg = config.myServices.websites.tools.mediagoblin;
mcfg = config.services.mediagoblin;
in {
- options.services.myWebsites.tools.mediagoblin = {
+ options.myServices.websites.tools.mediagoblin = {
enable = lib.mkEnableOption "enable mediagoblin's website";
};
{ lib, pkgs, config, myconfig, ... }:
let
env = myconfig.env.tools.peertube;
- cfg = config.services.myWebsites.tools.peertube;
+ cfg = config.myServices.websites.tools.peertube;
pcfg = config.services.peertube;
in {
- options.services.myWebsites.tools.peertube = {
+ options.myServices.websites.tools.peertube = {
enable = lib.mkEnableOption "enable Peertube's website";
};
-{ stdenv, fetchurl, webapps }:
+{ adminer }:
rec {
- webRoot = webapps.adminer;
+ activationScript = {
+ deps = [ "httpd" ];
+ text = ''
+ install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/adminer
+ install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/tmp/adminer
+ '';
+ };
+ webRoot = adminer;
phpFpm = rec {
socket = "/var/run/phpfpm/adminer.sock";
pool = ''
{ lib, pkgs, config, myconfig, ... }:
let
- adminer = pkgs.callPackage ../../commons/adminer.nix {};
- ympd = pkgs.callPackage ./ympd.nix {
- env = myconfig.env.tools.ympd;
- };
- ttrss = pkgs.callPackage ./ttrss.nix {
- inherit (pkgs.webapps) ttrss ttrss-plugins;
- env = myconfig.env.tools.ttrss;
- };
- roundcubemail = pkgs.callPackage ./roundcubemail.nix {
- inherit (pkgs.webapps) roundcubemail roundcubemail-plugins roundcubemail-skins;
- env = myconfig.env.tools.roundcubemail;
- };
- rainloop = pkgs.callPackage ./rainloop.nix {};
- kanboard = pkgs.callPackage ./kanboard.nix {
- env = myconfig.env.tools.kanboard;
- };
- wallabag = pkgs.callPackage ./wallabag.nix {
- inherit (pkgs.webapps) wallabag;
- env = myconfig.env.tools.wallabag;
- };
- yourls = pkgs.callPackage ./yourls.nix {
- inherit (pkgs.webapps) yourls yourls-plugins;
- env = myconfig.env.tools.yourls;
- };
- rompr = pkgs.callPackage ./rompr.nix {
- inherit (pkgs.webapps) rompr;
- env = myconfig.env.tools.rompr;
- };
- shaarli = pkgs.callPackage ./shaarli.nix {
- env = myconfig.env.tools.shaarli;
- };
- dokuwiki = pkgs.callPackage ./dokuwiki.nix {
- inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
- };
- ldap = pkgs.callPackage ./ldap.nix {
- inherit (pkgs.webapps) phpldapadmin;
- env = myconfig.env.tools.phpldapadmin;
- };
+ adminer = pkgs.callPackage ./adminer.nix {
+ inherit (pkgs.webapps) adminer;
+ };
+ ympd = pkgs.callPackage ./ympd.nix {
+ env = myconfig.env.tools.ympd;
+ };
+ ttrss = pkgs.callPackage ./ttrss.nix {
+ inherit (pkgs.webapps) ttrss ttrss-plugins;
+ env = myconfig.env.tools.ttrss;
+ };
+ roundcubemail = pkgs.callPackage ./roundcubemail.nix {
+ inherit (pkgs.webapps) roundcubemail roundcubemail-plugins roundcubemail-skins;
+ env = myconfig.env.tools.roundcubemail;
+ };
+ rainloop = pkgs.callPackage ./rainloop.nix {};
+ kanboard = pkgs.callPackage ./kanboard.nix {
+ env = myconfig.env.tools.kanboard;
+ };
+ wallabag = pkgs.callPackage ./wallabag.nix {
+ inherit (pkgs.webapps) wallabag;
+ env = myconfig.env.tools.wallabag;
+ };
+ yourls = pkgs.callPackage ./yourls.nix {
+ inherit (pkgs.webapps) yourls yourls-plugins;
+ env = myconfig.env.tools.yourls;
+ };
+ rompr = pkgs.callPackage ./rompr.nix {
+ inherit (pkgs.webapps) rompr;
+ env = myconfig.env.tools.rompr;
+ };
+ shaarli = pkgs.callPackage ./shaarli.nix {
+ env = myconfig.env.tools.shaarli;
+ };
+ dokuwiki = pkgs.callPackage ./dokuwiki.nix {
+ inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
+ };
+ ldap = pkgs.callPackage ./ldap.nix {
+ inherit (pkgs.webapps) phpldapadmin;
+ env = myconfig.env.tools.phpldapadmin;
+ };
- cfg = config.services.myWebsites.tools.tools;
+ cfg = config.myServices.websites.tools.tools;
in {
- options.services.myWebsites.tools.tools = {
+ options.myServices.websites.tools.tools = {
enable = lib.mkEnableOption "enable tools website";
};
};
system.activationScripts = {
+ adminer = adminer.activationScript;
ttrss = ttrss.activationScript;
roundcubemail = roundcubemail.activationScript;
wallabag = wallabag.activationScript;
dokuwiki = dokuwiki.activationScript;
rainloop = rainloop.activationScript;
kanboard = kanboard.activationScript;
+ ldap = ldap.activationScript;
};
- system.extraSystemBuilderCmds = ''
- mkdir -p $out/webapps
- ln -s ${dokuwiki.webRoot} $out/webapps/${dokuwiki.apache.webappName}
- ln -s ${ldap.webRoot}/htdocs $out/webapps/${ldap.apache.webappName}
- ln -s ${rompr.webRoot} $out/webapps/${rompr.apache.webappName}
- ln -s ${roundcubemail.webRoot} $out/webapps/${roundcubemail.apache.webappName}
- ln -s ${shaarli.webRoot} $out/webapps/${shaarli.apache.webappName}
- ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName}
- ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName}
- ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName}
- ln -s ${rainloop.webRoot} $out/webapps/${rainloop.apache.webappName}
- ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName}
- '';
+ myServices.websites.webappDirs = {
+ _adminer = adminer.webRoot;
+ "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
+ "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
+ "${rompr.apache.webappName}" = rompr.webRoot;
+ "${roundcubemail.apache.webappName}" = roundcubemail.webRoot;
+ "${shaarli.apache.webappName}" = shaarli.webRoot;
+ "${ttrss.apache.webappName}" = ttrss.webRoot;
+ "${wallabag.apache.webappName}" = wallabag.webRoot;
+ "${yourls.apache.webappName}" = yourls.webRoot;
+ "${rainloop.apache.webappName}" = rainloop.webRoot;
+ "${kanboard.apache.webappName}" = kanboard.webRoot;
+ };
};
}
{ lib, php, env, writeText, phpldapadmin }:
rec {
+ activationScript = {
+ deps = [ "httpd" ];
+ text = ''
+ install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/phpldapadmin
+ '';
+ };
keys = [{
dest = "webapps/tools-ldap";
user = apache.user;
{ env, yourls, yourls-plugins }:
rec {
- activationScript = ''
- install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/yourls
- '';
+ activationScript = {
+ deps = [ "httpd" ];
+ text = ''
+ install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/yourls
+ '';
+ };
keys = [{
dest = "webapps/tools-yourls";
user = apache.user;
./modules/certificates.nix
./modules/gitolite
./modules/mpd.nix
- ./modules/websites
./modules/mail.nix
./modules/ftp.nix
./modules/pub
'';
};
- system.extraSystemBuilderCmds = ''
- ln -s ${./www} $out/webapps/_task
- '';
+ myServices.websites.webappDirs._task = ./www;
security.acme.certs."task" = config.services.myCertificates.certConfig // {
inherit user group;
+++ /dev/null
-{ lib, pkgs, config, myconfig, ... }:
-let
- cfg = config.services.myWebsites;
- www_root = "/run/current-system/webapps/_www";
- theme_root = "/run/current-system/webapps/_theme";
- apacheConfig = {
- gzip = {
- modules = [ "deflate" "filter" ];
- extraConfig = ''
- AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
- '';
- };
- macros = {
- modules = [ "macro" ];
- };
- stats = {
- extraConfig = ''
- <Macro Stats %{domain}>
- Alias /webstats ${config.services.webstats.dataDir}/%{domain}
- <Directory ${config.services.webstats.dataDir}/%{domain}>
- DirectoryIndex index.html
- AllowOverride None
- Require all granted
- </Directory>
- <Location /webstats>
- Use LDAPConnect
- Require ldap-group cn=%{domain},ou=stats,cn=httpd,ou=services,dc=immae,dc=eu
- </Location>
- </Macro>
- '';
- };
- ldap = {
- modules = [ "ldap" "authnz_ldap" ];
- extraConfig = ''
- <IfModule ldap_module>
- LDAPSharedCacheSize 500000
- LDAPCacheEntries 1024
- LDAPCacheTTL 600
- LDAPOpCacheEntries 1024
- LDAPOpCacheTTL 600
- </IfModule>
-
- Include /var/secrets/apache-ldap
- '';
- };
- global = {
- extraConfig = (pkgs.webapps.apache-default.override { inherit www_root;}).apacheConfig;
- };
- apaxy = {
- extraConfig = (pkgs.webapps.apache-theme.override { inherit theme_root; }).apacheConfig;
- };
- http2 = {
- modules = [ "http2" ];
- extraConfig = ''
- Protocols h2 http/1.1
- '';
- };
- customLog = {
- extraConfig = ''
- LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedVhost
- '';
- };
- };
- makeModules = lib.lists.flatten (lib.attrsets.mapAttrsToList (n: v: v.modules or []) apacheConfig);
- makeExtraConfig = (builtins.filter (x: x != null) (lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) apacheConfig));
-in
-{
- imports = [
- ./tools/db.nix
- ./tools/tools
- ./tools/dav
- ./tools/cloud.nix
- ./tools/git
- ./tools/mastodon.nix
- ./tools/mediagoblin.nix
- ./tools/diaspora.nix
- ./tools/ether.nix
- ./tools/peertube.nix
- ];
-
- config = {
- users.users.wwwrun.extraGroups = [ "keys" ];
- networking.firewall.allowedTCPPorts = [ 80 443 ];
-
- nixpkgs.overlays = [ (self: super: rec {
- #openssl = self.openssl_1_1;
- php = php72;
- php72 = (super.php72.override {
- mysql.connector-c = self.mariadb;
- config.php.mysqlnd = false;
- config.php.mysqli = false;
- }).overrideAttrs(old: rec {
- # Didn't manage to build with mysqli + mysql_config connector
- configureFlags = old.configureFlags ++ [
- "--with-mysqli=shared,mysqlnd"
- ];
- # preConfigure = (old.preConfigure or "") + ''
- # export CPPFLAGS="$CPPFLAGS -I${pkgs.mariadb}/include/mysql/server";
- # sed -i -e 's/#include "mysqli_priv.h"/#include "mysqli_priv.h"\n#include <mysql_version.h>/' \
- # ext/mysqli/mysqli.c ext/mysqli/mysqli_prop.c
- # '';
- });
- phpPackages = super.php72Packages.override { inherit php; };
- }) ];
-
- services.myWebsites.tools.databases.enable = true;
- services.myWebsites.tools.tools.enable = true;
- services.myWebsites.tools.dav.enable = true;
- services.myWebsites.tools.cloud.enable = true;
- services.myWebsites.tools.git.enable = true;
- services.myWebsites.tools.mastodon.enable = true;
- services.myWebsites.tools.mediagoblin.enable = true;
- services.myWebsites.tools.diaspora.enable = true;
- services.myWebsites.tools.etherpad-lite.enable = true;
- services.myWebsites.tools.peertube.enable = true;
-
- secrets.keys = [{
- dest = "apache-ldap";
- user = "wwwrun";
- group = "wwwrun";
- permissions = "0400";
- text = ''
- <Macro LDAPConnect>
- <IfModule authnz_ldap_module>
- AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu STARTTLS
- AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu
- AuthLDAPBindPassword "${myconfig.env.httpd.ldap.password}"
- AuthType Basic
- AuthName "Authentification requise (Acces LDAP)"
- AuthBasicProvider ldap
- </IfModule>
- </Macro>
- '';
- }];
-
- system.activationScripts = {
- httpd = ''
- install -d -m 0755 ${config.security.acme.directory}/acme-challenge
- install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions
- install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/adminer
- install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/tmp/adminer
- install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/mantisbt
- install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/davical
- install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/phpldapadmin
- '';
- };
-
- system.extraSystemBuilderCmds = let
- adminer = pkgs.callPackage ./commons/adminer.nix {};
- in ''
- mkdir -p $out/webapps
- ln -s ${pkgs.webapps.apache-default.www} $out/webapps/_www
- ln -s ${pkgs.webapps.apache-theme.theme} $out/webapps/_theme
- ln -s ${adminer.webRoot} $out/webapps/${adminer.apache.webappName}
- '';
-
- services.phpfpm = {
- phpPackage = pkgs.php;
- phpOptions = ''
- session.save_path = "/var/lib/php/sessions"
- post_max_size = 20M
- ; 15 days (seconds)
- session.gc_maxlifetime = 1296000
- ; 30 days (minutes)
- session.cache_expire = 43200
- '';
- extraConfig = ''
- log_level = notice
- '';
- };
-
- services.websites.production = {
- enable = true;
- adminAddr = "httpd@immae.eu";
- httpdName = "Prod";
- ips =
- let ips = myconfig.env.servers.eldiron.ips.production;
- in [ips.ip4] ++ (ips.ip6 or []);
- modules = makeModules;
- extraConfig = makeExtraConfig;
- fallbackVhost = {
- certName = "eldiron";
- hosts = ["eldiron.immae.eu" ];
- root = www_root;
- extraConfig = [ "DirectoryIndex index.htm" ];
- };
- };
-
- services.websites.integration = {
- enable = true;
- adminAddr = "httpd@immae.eu";
- httpdName = "Inte";
- ips =
- let ips = myconfig.env.servers.eldiron.ips.integration;
- in [ips.ip4] ++ (ips.ip6 or []);
- modules = makeModules;
- extraConfig = makeExtraConfig;
- fallbackVhost = {
- certName = "eldiron";
- hosts = ["eldiron.immae.eu" ];
- root = www_root;
- extraConfig = [ "DirectoryIndex index.htm" ];
- };
- };
-
- services.websites.tools = {
- enable = true;
- adminAddr = "httpd@immae.eu";
- httpdName = "Tools";
- ips =
- let ips = myconfig.env.servers.eldiron.ips.main;
- in [ips.ip4] ++ (ips.ip6 or []);
- modules = makeModules;
- extraConfig = makeExtraConfig ++
- [ ''
- RedirectMatch ^/licen[cs]es?_et_tip(ping)?$ https://www.immae.eu/licences_et_tip.html
- RedirectMatch ^/licen[cs]es?_and_tip(ping)?$ https://www.immae.eu/licenses_and_tipping.html
- RedirectMatch ^/licen[cs]es?$ https://www.immae.eu/licenses_and_tipping.html
- RedirectMatch ^/tip(ping)?$ https://www.immae.eu/licenses_and_tipping.html
- RedirectMatch ^/(mentions|mentions_legales|legal)$ https://www.immae.eu/mentions.html
- RedirectMatch ^/CGU$ https://www.immae.eu/CGU
- ''
- ];
- nosslVhost = {
- enable = true;
- host = "nossl.immae.eu";
- };
- fallbackVhost = {
- certName = "eldiron";
- hosts = ["eldiron.immae.eu" ];
- root = www_root;
- extraConfig = [ "DirectoryIndex index.htm" ];
- };
- };
- };
-}
projects / perso / Immae / Config / Nix.git / commitdiff
