[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix

{ lib, pkgs, config, ... }:
let
  adminer = pkgs.callPackage ./adminer.nix {
    inherit (pkgs.webapps) adminer;
  };
  ympd = pkgs.callPackage ./ympd.nix {
    env = config.myEnv.tools.ympd;
  };
  ttrss = pkgs.callPackage ./ttrss.nix {
    inherit (pkgs.webapps) ttrss ttrss-plugins;
    env = config.myEnv.tools.ttrss;
  };
  kanboard = pkgs.callPackage ./kanboard.nix  {
    env = config.myEnv.tools.kanboard;
  };
  wallabag = pkgs.callPackage ./wallabag.nix {
    inherit (pkgs.webapps) wallabag;
    env = config.myEnv.tools.wallabag;
  };
  yourls = pkgs.callPackage ./yourls.nix {
    inherit (pkgs.webapps) yourls yourls-plugins;
    env = config.myEnv.tools.yourls;
  };
  rompr = pkgs.callPackage ./rompr.nix {
    inherit (pkgs.webapps) rompr;
    env = config.myEnv.tools.rompr;
  };
  shaarli = pkgs.callPackage ./shaarli.nix {
    env = config.myEnv.tools.shaarli;
  };
  dokuwiki = pkgs.callPackage ./dokuwiki.nix {
    inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
  };
  ldap = pkgs.callPackage ./ldap.nix {
    inherit (pkgs.webapps) phpldapadmin;
    env = config.myEnv.tools.phpldapadmin;
  };
  grocy = pkgs.callPackage ./grocy.nix {
    inherit (pkgs.webapps) grocy;
  };
  phpbb = pkgs.callPackage ./phpbb.nix {
    phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
      e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
      e.empteintesduweb.monitoranswers e.lr94.autosubscribe
      e.phpbbmodders.adduser ]);
  };
  webhooks = pkgs.callPackage ./webhooks.nix {
    env = config.myEnv.tools.webhooks;
  };
  dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
    env = config.myEnv.tools.dmarc_reports;
  };

  landing = pkgs.callPackage ./landing.nix {};

  cfg = config.myServices.websites.tools.tools;
  pcfg = config.services.phpfpm.pools;
in {
  options.myServices.websites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    secrets.keys =
      kanboard.keys
      ++ ldap.keys
      ++ shaarli.keys
      ++ ttrss.keys
      ++ wallabag.keys
      ++ yourls.keys
      ++ dmarc-reports.keys
      ++ webhooks.keys;

    services.duplyBackup.profiles = {
      dokuwiki = dokuwiki.backups;
      grocy = grocy.backups;
      kanboard = kanboard.backups;
      rompr = rompr.backups;
      shaarli = shaarli.backups;
      ttrss = ttrss.backups;
      wallabag = wallabag.backups;
      phpbb = phpbb.backups;
    };

    services.websites.env.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ dmarc-reports.apache.modules
      ++ phpbb.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    services.websites.env.integration.vhostConfs.devtools = {
      certName     = "integration";
      certMainHost = "devtools.immae.eu";
      addToCerts   = true;
      hosts        = [ "devtools.immae.eu" ];
      root         = "/var/lib/ftp/devtools.immae.eu";
      extraConfig  = [
        ''
          Timeout 600
          ProxyTimeout 600
          <Directory "/var/lib/ftp/devtools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
      ];
    };

    services.websites.env.tools.vhostConfs.tools = {
      certName    = "eldiron";
      addToCerts  = true;
      hosts       = ["tools.immae.eu" ];
      root        = landing;
      extraConfig = [
        ''
          RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1
          RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1
          RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

          <Directory "${landing}">
            DirectoryIndex index.html
            AllowOverride None
            Require all granted

            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        (adminer.apache.vhostConf pcfg.adminer.socket)
        ympd.apache.vhostConf
        (ttrss.apache.vhostConf pcfg.ttrss.socket)
        (wallabag.apache.vhostConf pcfg.wallabag.socket)
        (yourls.apache.vhostConf pcfg.yourls.socket)
        (rompr.apache.vhostConf pcfg.rompr.socket)
        (shaarli.apache.vhostConf pcfg.shaarli.socket)
        (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
        (ldap.apache.vhostConf pcfg.ldap.socket)
        (kanboard.apache.vhostConf pcfg.kanboard.socket)
        (grocy.apache.vhostConf pcfg.grocy.socket)
        (phpbb.apache.vhostConf pcfg.phpbb.socket)
        (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
        ''
          Alias /paste /var/lib/fiche
          <Directory "/var/lib/fiche">
            DirectoryIndex index.txt index.html
            AllowOverride None
            Require all granted
            Options -Indexes
          </Directory>

          Alias /BIP39 /var/lib/buildbot/outputs/bip39
          <Directory "/var/lib/buildbot/outputs/bip39">
            DirectoryIndex index.html
            AllowOverride None
            Require all granted
          </Directory>

          Alias /webhooks ${config.secrets.location}/webapps/webhooks
          <Directory "${config.secrets.location}/webapps/webhooks">
            Options -Indexes
            Require all granted
            AllowOverride None
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
        ''
      ];
    };

    services.websites.env.tools.vhostConfs.outils = {
      certName   = "eldiron";
      addToCerts = true;
      hosts      = [ "outils.immae.eu" ];
      root       = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1

        RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

        RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    systemd.services = {
      phpfpm-dokuwiki = {
        after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
        wants = dokuwiki.phpFpm.serviceDeps;
      };
      phpfpm-phpbb = {
        after = lib.mkAfter phpbb.phpFpm.serviceDeps;
        wants = phpbb.phpFpm.serviceDeps;
      };
      phpfpm-kanboard = {
        after = lib.mkAfter kanboard.phpFpm.serviceDeps;
        wants = kanboard.phpFpm.serviceDeps;
      };
      phpfpm-ldap = {
        after = lib.mkAfter ldap.phpFpm.serviceDeps;
        wants = ldap.phpFpm.serviceDeps;
      };
      phpfpm-shaarli = {
        after = lib.mkAfter shaarli.phpFpm.serviceDeps;
        wants = shaarli.phpFpm.serviceDeps;
      };
      phpfpm-ttrss = {
        after = lib.mkAfter ttrss.phpFpm.serviceDeps;
        wants = ttrss.phpFpm.serviceDeps;
      };
      phpfpm-wallabag = {
        after = lib.mkAfter wallabag.phpFpm.serviceDeps;
        wants = wallabag.phpFpm.serviceDeps;
        preStart = lib.mkAfter wallabag.phpFpm.preStart;
      };
      phpfpm-yourls = {
        after = lib.mkAfter yourls.phpFpm.serviceDeps;
        wants = yourls.phpFpm.serviceDeps;
      };
      ympd = {
        description = "Standalone MPD Web GUI written in C";
        wantedBy = [ "multi-user.target" ];
        script = ''
          export MPD_PASSWORD=$(cat /var/secrets/mpd)
          ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
          '';
      };
      tt-rss = {
        description = "Tiny Tiny RSS feeds update daemon";
        serviceConfig = {
          User = "wwwrun";
          ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
          StandardOutput = "syslog";
          StandardError = "syslog";
          PermissionsStartOnly = true;
        };

        wantedBy = [ "multi-user.target" ];
        requires = ["postgresql.service"];
        after = ["network.target" "postgresql.service"];
      };
    };

    services.filesWatcher.ympd = {
      restart = true;
      paths = [ "/var/secrets/mpd" ];
    };

    services.phpfpm.pools = {
      tools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          # Needed to avoid clashes in browser cookies (same domain)
          "php_value[session.name]" = "ToolsPHPSESSID";
          "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
            "/run/wrappers/bin/sendmail" landing "/tmp"
            "${config.secrets.location}/webapps/webhooks"
          ];
        };
        phpEnv = {
          CONTACT_EMAIL = config.myEnv.tools.contact;
        };
      };
      devtools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
        };
        phpOptions = config.services.phpfpm.phpOptions + ''
          extension=${pkgs.php}/lib/php/extensions/mysqli.so
          extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
          extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
          zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
          '';
      };
      adminer = adminer.phpFpm;
      ttrss = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ttrss.phpFpm.pool;
      };
      wallabag = {
        user = "wwwrun";
        group = "wwwrun";
        settings = wallabag.phpFpm.pool;
      };
      yourls = {
        user = "wwwrun";
        group = "wwwrun";
        settings = yourls.phpFpm.pool;
      };
      rompr = {
        user = "wwwrun";
        group = "wwwrun";
        settings = rompr.phpFpm.pool;
      };
      shaarli = {
        user = "wwwrun";
        group = "wwwrun";
        settings = shaarli.phpFpm.pool;
      };
      dmarc-reports = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dmarc-reports.phpFpm.pool;
        phpEnv = dmarc-reports.phpFpm.phpEnv;
        phpOptions = config.services.phpfpm.phpOptions + ''
          extension=${pkgs.php}/lib/php/extensions/mysqli.so
        '';
      };
      dokuwiki = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dokuwiki.phpFpm.pool;
      };
      phpbb = {
        user = "wwwrun";
        group = "wwwrun";
        settings = phpbb.phpFpm.pool;
      };
      ldap = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ldap.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      kanboard = {
        user = "wwwrun";
        group = "wwwrun";
        settings = kanboard.phpFpm.pool;
      };
      grocy = {
        user = "wwwrun";
        group = "wwwrun";
        settings = grocy.phpFpm.pool;
      };
    };

    system.activationScripts = {
      adminer = adminer.activationScript;
      grocy = grocy.activationScript;
      ttrss = ttrss.activationScript;
      wallabag = wallabag.activationScript;
      yourls = yourls.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      phpbb = phpbb.activationScript;
      kanboard = kanboard.activationScript;
      ldap = ldap.activationScript;
    };

    services.websites.webappDirs = {
      _adminer = adminer.webRoot;
      "${dmarc-reports.apache.webappName}" = dmarc-reports.webRoot;
      "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
      "${phpbb.apache.webappName}" = phpbb.webRoot;
      "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
      "${rompr.apache.webappName}" = rompr.webRoot;
      "${shaarli.apache.webappName}" = shaarli.webRoot;
      "${ttrss.apache.webappName}" = ttrss.webRoot;
      "${wallabag.apache.webappName}" = wallabag.webRoot;
      "${yourls.apache.webappName}" = yourls.webRoot;
      "${kanboard.apache.webappName}" = kanboard.webRoot;
      "${grocy.apache.webappName}" = grocy.webRoot;
    };

    services.websites.env.tools.watchPaths = [
      "/var/secrets/webapps/tools-shaarli"
    ];
    services.filesWatcher.phpfpm-wallabag = {
      restart = true;
      paths = [ "/var/secrets/webapps/tools-wallabag" ];
    };

    services.fiche = {
      enable = true;
      port = config.myEnv.ports.fiche;
      domain = "tools.immae.eu/paste";
      https = true;
    };
  };
}
Commit	Line	Data
ab8f306d	1	{ lib, pkgs, config, ... }:
10889174	2	let
4288c2f2 IB	3	adminer = pkgs.callPackage ./adminer.nix {
	4	inherit (pkgs.webapps) adminer;
	5	};
	6	ympd = pkgs.callPackage ./ympd.nix {
ab8f306d	7	env = config.myEnv.tools.ympd;
4288c2f2 IB	8	};
	9	ttrss = pkgs.callPackage ./ttrss.nix {
	10	inherit (pkgs.webapps) ttrss ttrss-plugins;
ab8f306d	11	env = config.myEnv.tools.ttrss;
4288c2f2	12	};
4288c2f2	13	kanboard = pkgs.callPackage ./kanboard.nix {
ab8f306d	14	env = config.myEnv.tools.kanboard;
4288c2f2 IB	15	};
	16	wallabag = pkgs.callPackage ./wallabag.nix {
	17	inherit (pkgs.webapps) wallabag;
ab8f306d	18	env = config.myEnv.tools.wallabag;
4288c2f2 IB	19	};
	20	yourls = pkgs.callPackage ./yourls.nix {
	21	inherit (pkgs.webapps) yourls yourls-plugins;
ab8f306d	22	env = config.myEnv.tools.yourls;
4288c2f2 IB	23	};
	24	rompr = pkgs.callPackage ./rompr.nix {
	25	inherit (pkgs.webapps) rompr;
ab8f306d	26	env = config.myEnv.tools.rompr;
4288c2f2 IB	27	};
4288c2f2 IB	28	shaarli = pkgs.callPackage ./shaarli.nix {
ab8f306d	29	env = config.myEnv.tools.shaarli;
4288c2f2 IB	30	};
	31	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
	32	inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
	33	};
	34	ldap = pkgs.callPackage ./ldap.nix {
	35	inherit (pkgs.webapps) phpldapadmin;
ab8f306d	36	env = config.myEnv.tools.phpldapadmin;
4288c2f2	37	};
c7627e14 IB	38	grocy = pkgs.callPackage ./grocy.nix {
	39	inherit (pkgs.webapps) grocy;
	40	};
a8ef1adb IB	41	phpbb = pkgs.callPackage ./phpbb.nix {
	42	phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
	43	e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
	44	e.empteintesduweb.monitoranswers e.lr94.autosubscribe
	45	e.phpbbmodders.adduser ]);
	46	};
251c0a13 IB	47	webhooks = pkgs.callPackage ./webhooks.nix {
	48	env = config.myEnv.tools.webhooks;
	49	};
7df5e532 IB	50	dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
	51	env = config.myEnv.tools.dmarc_reports;
	52	};
251c0a13 IB	53
251c0a13 IB	54	landing = pkgs.callPackage ./landing.nix {};
10889174	55
4288c2f2	56	cfg = config.myServices.websites.tools.tools;
5400b9b6	57	pcfg = config.services.phpfpm.pools;
10889174	58	in {
4288c2f2	59	options.myServices.websites.tools.tools = {
10889174 IB	60	enable = lib.mkEnableOption "enable tools website";
	61	};
	62
	63	config = lib.mkIf cfg.enable {
1a718805	64	secrets.keys =
a840a21c	65	kanboard.keys
8db8e666	66	++ ldap.keys
8db8e666 IB	67	++ shaarli.keys
	68	++ ttrss.keys
	69	++ wallabag.keys
251c0a13	70	++ yourls.keys
7df5e532	71	++ dmarc-reports.keys
251c0a13	72	++ webhooks.keys;
98163486	73
d2e703c5	74	services.duplyBackup.profiles = {
6a8252b1	75	dokuwiki = dokuwiki.backups;
c7627e14	76	grocy = grocy.backups;
6a8252b1 IB	77	kanboard = kanboard.backups;
	78	rompr = rompr.backups;
	79	shaarli = shaarli.backups;
	80	ttrss = ttrss.backups;
	81	wallabag = wallabag.backups;
a8ef1adb	82	phpbb = phpbb.backups;
6a8252b1 IB	83	};
6a8252b1 IB	84
29f8cb85	85	services.websites.env.tools.modules =
1922655a IB	86	[ "proxy_fcgi" ]
1922655a IB	87	++ adminer.apache.modules
10889174 IB	88	++ ympd.apache.modules
10889174 IB	89	++ ttrss.apache.modules
133ebaee	90	++ wallabag.apache.modules
bfe3c9c9	91	++ yourls.apache.modules
95b20e17	92	++ rompr.apache.modules
b892dcbe	93	++ shaarli.apache.modules
f80772dc	94	++ dokuwiki.apache.modules
7df5e532	95	++ dmarc-reports.apache.modules
a8ef1adb	96	++ phpbb.apache.modules
d4ed0eff IB	97	++ ldap.apache.modules
d4ed0eff IB	98	++ kanboard.apache.modules;
10889174	99
29f8cb85	100	services.websites.env.integration.vhostConfs.devtools = {
0f71cd76 IB	101	certName = "integration";
	102	certMainHost = "devtools.immae.eu";
	103	addToCerts = true;
	104	hosts = [ "devtools.immae.eu" ];
	105	root = "/var/lib/ftp/devtools.immae.eu";
	106	extraConfig = [
0aae0181	107	''
9338c832 IB	108	Timeout 600
9338c832 IB	109	ProxyTimeout 600
0aae0181 IB	110	<Directory "/var/lib/ftp/devtools.immae.eu">
	111	DirectoryIndex index.php index.htm index.html
	112	AllowOverride all
	113	Require all granted
	114	<FilesMatch "\.php$">
5400b9b6	115	SetHandler "proxy:unix:${pcfg.devtools.socket}\|fcgi://localhost"
0aae0181 IB	116	</FilesMatch>
	117	</Directory>
	118	''
46f30ecc IB	119	];
	120	};
	121
29f8cb85	122	services.websites.env.tools.vhostConfs.tools = {
10889174	123	certName = "eldiron";
7df420c2	124	addToCerts = true;
10889174	125	hosts = ["tools.immae.eu" ];
a8ef1adb	126	root = landing;
10889174	127	extraConfig = [
1922655a	128	''
ea9c6fe8	129	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
afcc5de0	130	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
3f453c7d	131	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
afcc5de0	132
251c0a13 IB	133	<Directory "${landing}">
	134	DirectoryIndex index.html
	135	AllowOverride None
	136	Require all granted
	137
	138	<FilesMatch "\.php$">
	139	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	140	</FilesMatch>
	141	</Directory>
1922655a	142	''
5400b9b6	143	(adminer.apache.vhostConf pcfg.adminer.socket)
10889174	144	ympd.apache.vhostConf
5400b9b6 IB	145	(ttrss.apache.vhostConf pcfg.ttrss.socket)
	146	(wallabag.apache.vhostConf pcfg.wallabag.socket)
	147	(yourls.apache.vhostConf pcfg.yourls.socket)
	148	(rompr.apache.vhostConf pcfg.rompr.socket)
	149	(shaarli.apache.vhostConf pcfg.shaarli.socket)
	150	(dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
	151	(ldap.apache.vhostConf pcfg.ldap.socket)
	152	(kanboard.apache.vhostConf pcfg.kanboard.socket)
	153	(grocy.apache.vhostConf pcfg.grocy.socket)
a8ef1adb	154	(phpbb.apache.vhostConf pcfg.phpbb.socket)
7df5e532	155	(dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
ea3b46ee IB	156	''
	157	Alias /paste /var/lib/fiche
	158	<Directory "/var/lib/fiche">
	159	DirectoryIndex index.txt index.html
	160	AllowOverride None
	161	Require all granted
	162	Options -Indexes
	163	</Directory>
251c0a13 IB	164
	165	Alias /BIP39 /var/lib/buildbot/outputs/bip39
	166	<Directory "/var/lib/buildbot/outputs/bip39">
	167	DirectoryIndex index.html
	168	AllowOverride None
	169	Require all granted
	170	</Directory>
	171
	172	Alias /webhooks ${config.secrets.location}/webapps/webhooks
	173	<Directory "${config.secrets.location}/webapps/webhooks">
	174	Options -Indexes
	175	Require all granted
	176	AllowOverride None
	177	<FilesMatch "\.php$">
	178	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	179	</FilesMatch>
	180	</Directory>
ea3b46ee	181	''
10889174 IB	182	];
	183	};
	184
29f8cb85	185	services.websites.env.tools.vhostConfs.outils = {
7df420c2 IB	186	certName = "eldiron";
7df420c2 IB	187	addToCerts = true;
0f71cd76	188	hosts = [ "outils.immae.eu" ];
7df420c2	189	root = null;
70606070 IB	190	extraConfig = [
	191	''
	192	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	193
	194	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	195
	196	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	197	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	198
	199	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	200	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	201	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	202	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	203
	204	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	205
afcc5de0 IB	206	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
afcc5de0 IB	207
3f453c7d IB	208	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
3f453c7d IB	209
ea9c6fe8 IB	210	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
ea9c6fe8 IB	211
70606070 IB	212	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	213	''
	214	];
	215	};
	216
f40f5b23 IB	217	systemd.services = {
	218	phpfpm-dokuwiki = {
	219	after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
	220	wants = dokuwiki.phpFpm.serviceDeps;
	221	};
a8ef1adb IB	222	phpfpm-phpbb = {
	223	after = lib.mkAfter phpbb.phpFpm.serviceDeps;
	224	wants = phpbb.phpFpm.serviceDeps;
	225	};
f40f5b23 IB	226	phpfpm-kanboard = {
	227	after = lib.mkAfter kanboard.phpFpm.serviceDeps;
	228	wants = kanboard.phpFpm.serviceDeps;
	229	};
	230	phpfpm-ldap = {
	231	after = lib.mkAfter ldap.phpFpm.serviceDeps;
	232	wants = ldap.phpFpm.serviceDeps;
	233	};
f40f5b23 IB	234	phpfpm-shaarli = {
	235	after = lib.mkAfter shaarli.phpFpm.serviceDeps;
	236	wants = shaarli.phpFpm.serviceDeps;
	237	};
	238	phpfpm-ttrss = {
	239	after = lib.mkAfter ttrss.phpFpm.serviceDeps;
	240	wants = ttrss.phpFpm.serviceDeps;
	241	};
	242	phpfpm-wallabag = {
	243	after = lib.mkAfter wallabag.phpFpm.serviceDeps;
	244	wants = wallabag.phpFpm.serviceDeps;
	245	preStart = lib.mkAfter wallabag.phpFpm.preStart;
	246	};
	247	phpfpm-yourls = {
	248	after = lib.mkAfter yourls.phpFpm.serviceDeps;
	249	wants = yourls.phpFpm.serviceDeps;
	250	};
	251	ympd = {
	252	description = "Standalone MPD Web GUI written in C";
	253	wantedBy = [ "multi-user.target" ];
	254	script = ''
	255	export MPD_PASSWORD=$(cat /var/secrets/mpd)
	256	${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
	257	'';
	258	};
	259	tt-rss = {
	260	description = "Tiny Tiny RSS feeds update daemon";
	261	serviceConfig = {
	262	User = "wwwrun";
	263	ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
	264	StandardOutput = "syslog";
	265	StandardError = "syslog";
	266	PermissionsStartOnly = true;
	267	};
	268
	269	wantedBy = [ "multi-user.target" ];
	270	requires = ["postgresql.service"];
	271	after = ["network.target" "postgresql.service"];
	272	};
	273	};
	274
17f6eae9 IB	275	services.filesWatcher.ympd = {
	276	restart = true;
	277	paths = [ "/var/secrets/mpd" ];
	278	};
	279
441da8aa IB	280	services.phpfpm.pools = {
441da8aa IB	281	tools = {
5400b9b6 IB	282	user = "wwwrun";
	283	group = "wwwrun";
	284	settings = {
	285	"listen.owner" = "wwwrun";
	286	"listen.group" = "wwwrun";
	287	"pm" = "dynamic";
	288	"pm.max_children" = "60";
	289	"pm.start_servers" = "2";
	290	"pm.min_spare_servers" = "1";
	291	"pm.max_spare_servers" = "10";
f40f5b23	292
5400b9b6 IB	293	# Needed to avoid clashes in browser cookies (same domain)
5400b9b6 IB	294	"php_value[session.name]" = "ToolsPHPSESSID";
251c0a13	295	"php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
a8ef1adb IB	296	"/run/wrappers/bin/sendmail" landing "/tmp"
a8ef1adb IB	297	"${config.secrets.location}/webapps/webhooks"
251c0a13 IB	298	];
	299	};
	300	phpEnv = {
	301	CONTACT_EMAIL = config.myEnv.tools.contact;
5400b9b6	302	};
441da8aa IB	303	};
441da8aa IB	304	devtools = {
5400b9b6 IB	305	user = "wwwrun";
	306	group = "wwwrun";
	307	settings = {
	308	"listen.owner" = "wwwrun";
	309	"listen.group" = "wwwrun";
	310	"pm" = "dynamic";
	311	"pm.max_children" = "60";
	312	"pm.start_servers" = "2";
	313	"pm.min_spare_servers" = "1";
	314	"pm.max_spare_servers" = "10";
1922655a	315
5400b9b6 IB	316	"php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
5400b9b6 IB	317	};
441da8aa IB	318	phpOptions = config.services.phpfpm.phpOptions + ''
	319	extension=${pkgs.php}/lib/php/extensions/mysqli.so
	320	extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
	321	extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
	322	zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
	323	'';
	324	};
5400b9b6	325	adminer = adminer.phpFpm;
441da8aa	326	ttrss = {
5400b9b6 IB	327	user = "wwwrun";
	328	group = "wwwrun";
	329	settings = ttrss.phpFpm.pool;
441da8aa IB	330	};
441da8aa IB	331	wallabag = {
5400b9b6 IB	332	user = "wwwrun";
	333	group = "wwwrun";
	334	settings = wallabag.phpFpm.pool;
441da8aa IB	335	};
441da8aa IB	336	yourls = {
5400b9b6 IB	337	user = "wwwrun";
	338	group = "wwwrun";
	339	settings = yourls.phpFpm.pool;
441da8aa IB	340	};
441da8aa IB	341	rompr = {
5400b9b6 IB	342	user = "wwwrun";
	343	group = "wwwrun";
	344	settings = rompr.phpFpm.pool;
441da8aa IB	345	};
441da8aa IB	346	shaarli = {
5400b9b6 IB	347	user = "wwwrun";
	348	group = "wwwrun";
	349	settings = shaarli.phpFpm.pool;
441da8aa	350	};
7df5e532 IB	351	dmarc-reports = {
	352	user = "wwwrun";
	353	group = "wwwrun";
	354	settings = dmarc-reports.phpFpm.pool;
	355	phpEnv = dmarc-reports.phpFpm.phpEnv;
	356	phpOptions = config.services.phpfpm.phpOptions + ''
	357	extension=${pkgs.php}/lib/php/extensions/mysqli.so
	358	'';
	359	};
441da8aa	360	dokuwiki = {
5400b9b6 IB	361	user = "wwwrun";
	362	group = "wwwrun";
	363	settings = dokuwiki.phpFpm.pool;
441da8aa	364	};
a8ef1adb IB	365	phpbb = {
	366	user = "wwwrun";
	367	group = "wwwrun";
	368	settings = phpbb.phpFpm.pool;
	369	};
441da8aa	370	ldap = {
5400b9b6 IB	371	user = "wwwrun";
	372	group = "wwwrun";
	373	settings = ldap.phpFpm.pool;
64608496	374	phpPackage = pkgs.php72;
441da8aa IB	375	};
441da8aa IB	376	kanboard = {
5400b9b6 IB	377	user = "wwwrun";
	378	group = "wwwrun";
	379	settings = kanboard.phpFpm.pool;
441da8aa IB	380	};
441da8aa IB	381	grocy = {
5400b9b6 IB	382	user = "wwwrun";
	383	group = "wwwrun";
	384	settings = grocy.phpFpm.pool;
441da8aa	385	};
10889174 IB	386	};
	387
	388	system.activationScripts = {
4288c2f2	389	adminer = adminer.activationScript;
c7627e14	390	grocy = grocy.activationScript;
10889174	391	ttrss = ttrss.activationScript;
aebd817b	392	wallabag = wallabag.activationScript;
133ebaee	393	yourls = yourls.activationScript;
bfe3c9c9	394	rompr = rompr.activationScript;
95b20e17	395	shaarli = shaarli.activationScript;
b892dcbe	396	dokuwiki = dokuwiki.activationScript;
a8ef1adb	397	phpbb = phpbb.activationScript;
d4ed0eff	398	kanboard = kanboard.activationScript;
4288c2f2	399	ldap = ldap.activationScript;
10889174 IB	400	};
10889174 IB	401
d3452fc5	402	services.websites.webappDirs = {
4288c2f2	403	_adminer = adminer.webRoot;
7df5e532	404	"${dmarc-reports.apache.webappName}" = dmarc-reports.webRoot;
4288c2f2	405	"${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
a8ef1adb	406	"${phpbb.apache.webappName}" = phpbb.webRoot;
4288c2f2 IB	407	"${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
4288c2f2 IB	408	"${rompr.apache.webappName}" = rompr.webRoot;
4288c2f2 IB	409	"${shaarli.apache.webappName}" = shaarli.webRoot;
	410	"${ttrss.apache.webappName}" = ttrss.webRoot;
	411	"${wallabag.apache.webappName}" = wallabag.webRoot;
	412	"${yourls.apache.webappName}" = yourls.webRoot;
4288c2f2	413	"${kanboard.apache.webappName}" = kanboard.webRoot;
c7627e14	414	"${grocy.apache.webappName}" = grocy.webRoot;
4288c2f2	415	};
a95ab089	416
29f8cb85	417	services.websites.env.tools.watchPaths = [
9247b444	418	"/var/secrets/webapps/tools-shaarli"
17f6eae9 IB	419	];
	420	services.filesWatcher.phpfpm-wallabag = {
	421	restart = true;
	422	paths = [ "/var/secrets/webapps/tools-wallabag" ];
	423	};
ea3b46ee IB	424
	425	services.fiche = {
	426	enable = true;
	427	port = config.myEnv.ports.fiche;
	428	domain = "tools.immae.eu/paste";
	429	https = true;
	430	};
10889174 IB	431	};
	432	}
	433