[perso/Immae/Config/Nix.git] / modules / private / websites / immae / temp.nix

{ lib, pkgs, config,  ... }:
let
  cfg = config.myServices.websites.immae.temp;
  varDir = "/var/lib/immae_temp";
  env = config.myEnv.websites.immae.temp;
in {
  options.myServices.websites.immae.temp.enable = lib.mkEnableOption "enable Temp' website";

  config = lib.mkIf cfg.enable {
    services.duplyBackup.profiles.immae_temp.rootDir = varDir;
    services.duplyBackup.profiles.immae_temp_surfer.rootDir = "/var/lib/surfer";
    services.websites.env.production.vhostConfs.immae_temp = {
      certName    = "immae";
      addToCerts  = true;
      hosts       = [ "temp.immae.eu" ];
      root        = null;
      extraConfig = [ ''
        ProxyVia On
        ProxyRequests Off
        ProxyPreserveHost On
        ProxyPass         / unix:///run/surfer/listen.sock|http://temp.immae.eu/
        ProxyPassReverse  / unix:///run/surfer/listen.sock|http://temp.immae.eu/
        <Proxy *>
          Options FollowSymLinks MultiViews
          AllowOverride None
          Require all granted
        </Proxy>
      '' ];
    };

    secrets.keys."webapps/surfer" = {
      permissions = "0400";
      user = "wwwrun";
      group = "wwwrun";
      text = ''
        CLOUDRON_LDAP_URL=ldaps://${env.ldap.host}
        CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
        TOKENSTORE_FILE=/var/lib/surfer/tokens.json
        CLOUDRON_LDAP_BIND_DN=${env.ldap.dn}
        CLOUDRON_LDAP_BIND_PASSWORD=${env.ldap.password}
        CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
        CLOUDRON_LDAP_FILTER="${env.ldap.filter}"
        LISTEN=/run/surfer/listen.sock
      '';
    };

    systemd.services.surfer = {
      description = "Surfer";
      wantedBy = [ "multi-user.target" ];
      after = [ "network.target" ];

      script = ''
        exec ${pkgs.webapps.surfer}/bin/surfer-server ${varDir}
      '';
      serviceConfig = {
        EnvironmentFile = config.secrets.fullPaths."webapps/surfer";
        User = "wwwrun";
        Group = "wwwrun";
        StateDirectory = "surfer";
        RuntimeDirectory = "surfer";
        Type = "simple";
      };
    };
  };
}
Commit	Line	Data
ab8f306d	1	{ lib, pkgs, config, ... }:
ce493c5d	2	let
f8026b6e	3	cfg = config.myServices.websites.immae.temp;
91b3d06b IB	4	varDir = "/var/lib/immae_temp";
91b3d06b IB	5	env = config.myEnv.websites.immae.temp;
ce493c5d	6	in {
f8026b6e	7	options.myServices.websites.immae.temp.enable = lib.mkEnableOption "enable Temp' website";
ce493c5d	8
f8026b6e	9	config = lib.mkIf cfg.enable {
91b3d06b IB	10	services.duplyBackup.profiles.immae_temp.rootDir = varDir;
91b3d06b IB	11	services.duplyBackup.profiles.immae_temp_surfer.rootDir = "/var/lib/surfer";
d3452fc5 IB	12	services.websites.env.production.vhostConfs.immae_temp = {
d3452fc5 IB	13	certName = "immae";
7df420c2	14	addToCerts = true;
ce493c5d	15	hosts = [ "temp.immae.eu" ];
91b3d06b IB	16	root = null;
	17	extraConfig = [ ''
	18	ProxyVia On
	19	ProxyRequests Off
	20	ProxyPreserveHost On
	21	ProxyPass / unix:///run/surfer/listen.sock\|http://temp.immae.eu/
	22	ProxyPassReverse / unix:///run/surfer/listen.sock\|http://temp.immae.eu/
	23	<Proxy *>
	24	Options FollowSymLinks MultiViews
ce493c5d IB	25	AllowOverride None
ce493c5d IB	26	Require all granted
91b3d06b IB	27	</Proxy>
	28	'' ];
	29	};
	30
4c4652aa IB	31	secrets.keys."webapps/surfer" = {
	32	permissions = "0400";
	33	user = "wwwrun";
	34	group = "wwwrun";
	35	text = ''
	36	CLOUDRON_LDAP_URL=ldaps://${env.ldap.host}
	37	CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
	38	TOKENSTORE_FILE=/var/lib/surfer/tokens.json
	39	CLOUDRON_LDAP_BIND_DN=${env.ldap.dn}
	40	CLOUDRON_LDAP_BIND_PASSWORD=${env.ldap.password}
	41	CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
	42	CLOUDRON_LDAP_FILTER="${env.ldap.filter}"
	43	LISTEN=/run/surfer/listen.sock
	44	'';
	45	};
91b3d06b IB	46
	47	systemd.services.surfer = {
	48	description = "Surfer";
	49	wantedBy = [ "multi-user.target" ];
	50	after = [ "network.target" ];
ce493c5d	51
91b3d06b IB	52	script = ''
	53	exec ${pkgs.webapps.surfer}/bin/surfer-server ${varDir}
	54	'';
	55	serviceConfig = {
da30ae4f	56	EnvironmentFile = config.secrets.fullPaths."webapps/surfer";
91b3d06b IB	57	User = "wwwrun";
	58	Group = "wwwrun";
	59	StateDirectory = "surfer";
	60	RuntimeDirectory = "surfer";
	61	Type = "simple";
	62	};
ce493c5d IB	63	};
	64	};
	65	}
	66