[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix

{ lib, pkgs, config, ... }:
let
  adminer = pkgs.callPackage ./adminer.nix {
    inherit (pkgs.webapps) adminer;
  };
  ympd = pkgs.callPackage ./ympd.nix {
    env = config.myEnv.tools.ympd;
  };
  ttrss = pkgs.callPackage ./ttrss.nix {
    inherit (pkgs.webapps) ttrss ttrss-plugins;
    env = config.myEnv.tools.ttrss;
    php = pkgs.php72;
  };
  kanboard = pkgs.callPackage ./kanboard.nix  {
    env = config.myEnv.tools.kanboard;
  };
  wallabag = pkgs.callPackage ./wallabag.nix {
    wallabag = pkgs.webapps.wallabag.override {
      composerEnv = pkgs.composerEnv.override {
        php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
      };
    };
    env = config.myEnv.tools.wallabag;
  };
  yourls = pkgs.callPackage ./yourls.nix {
    inherit (pkgs.webapps) yourls yourls-plugins;
    env = config.myEnv.tools.yourls;
  };
  rompr = pkgs.callPackage ./rompr.nix {
    inherit (pkgs.webapps) rompr;
    env = config.myEnv.tools.rompr;
  };
  shaarli = pkgs.callPackage ./shaarli.nix {
    env = config.myEnv.tools.shaarli;
  };
  dokuwiki = pkgs.callPackage ./dokuwiki.nix {
    inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
  };
  ldap = pkgs.callPackage ./ldap.nix {
    inherit (pkgs.webapps) phpldapadmin;
    env = config.myEnv.tools.phpldapadmin;
  };
  grocy = pkgs.callPackage ./grocy.nix {
    grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
  };
  phpbb = pkgs.callPackage ./phpbb.nix {
    phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
      e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
      e.empteintesduweb.monitoranswers e.lr94.autosubscribe
      e.phpbbmodders.adduser ]);
  };
  webhooks = pkgs.callPackage ./webhooks.nix {
    env = config.myEnv.tools.webhooks;
  };
  dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
    env = config.myEnv.tools.dmarc_reports;
  };
  csp-reports = pkgs.callPackage ./csp_reports.nix {
    env = config.myEnv.tools.csp_reports;
  };

  landing = pkgs.callPackage ./landing.nix {};

  cfg = config.myServices.websites.tools.tools;
  pcfg = config.services.phpfpm.pools;
in {
  options.myServices.websites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    secrets.keys =
      kanboard.keys
      ++ ldap.keys
      ++ shaarli.keys
      ++ ttrss.keys
      ++ wallabag.keys
      ++ yourls.keys
      ++ dmarc-reports.keys
      ++ csp-reports.keys
      ++ webhooks.keys;

    services.duplyBackup.profiles = {
      dokuwiki = dokuwiki.backups;
      grocy = grocy.backups;
      kanboard = kanboard.backups;
      rompr = rompr.backups;
      shaarli = shaarli.backups;
      ttrss = ttrss.backups;
      wallabag = wallabag.backups;
      phpbb = phpbb.backups;
    };

    services.websites.env.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ dmarc-reports.apache.modules
      ++ phpbb.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    services.websites.env.integration.vhostConfs.devtools = {
      certName     = "integration";
      certMainHost = "devtools.immae.eu";
      addToCerts   = true;
      hosts        = [ "devtools.immae.eu" ];
      root         = "/var/lib/ftp/devtools.immae.eu";
      extraConfig  = [
        ''
          Timeout 600
          ProxyTimeout 600
          Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
          <Directory "/var/lib/ftp/devtools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
      ];
    };

    services.websites.env.tools.vhostConfs.tools = {
      certName    = "eldiron";
      addToCerts  = true;
      hosts       = ["tools.immae.eu" ];
      root        = landing;
      extraConfig = [
        ''
          RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1
          RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1
          RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

          <Directory "${landing}">
            DirectoryIndex index.html
            AllowOverride None
            Require all granted

            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        (adminer.apache.vhostConf pcfg.adminer.socket)
        ympd.apache.vhostConf
        (ttrss.apache.vhostConf pcfg.ttrss.socket)
        (wallabag.apache.vhostConf pcfg.wallabag.socket)
        (yourls.apache.vhostConf pcfg.yourls.socket)
        (rompr.apache.vhostConf pcfg.rompr.socket)
        (shaarli.apache.vhostConf pcfg.shaarli.socket)
        (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
        (ldap.apache.vhostConf pcfg.ldap.socket)
        (kanboard.apache.vhostConf pcfg.kanboard.socket)
        (grocy.apache.vhostConf pcfg.grocy.socket)
        (phpbb.apache.vhostConf pcfg.phpbb.socket)
        (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
        ''
          Alias /paste /var/lib/fiche
          <Directory "/var/lib/fiche">
            DirectoryIndex index.txt index.html
            AllowOverride None
            Require all granted
            Options -Indexes
          </Directory>

          Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
          <Directory "/var/lib/buildbot/outputs/immae/bip39">
            DirectoryIndex index.html
            AllowOverride None
            Require all granted
          </Directory>

          Alias /webhooks ${config.secrets.location}/webapps/webhooks
          <Directory "${config.secrets.location}/webapps/webhooks">
            Options -Indexes
            Require all granted
            AllowOverride None
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
        ''
      ];
    };

    services.websites.env.tools.vhostConfs.outils = {
      certName   = "eldiron";
      addToCerts = true;
      hosts      = [ "outils.immae.eu" ];
      root       = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1

        RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

        RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    systemd.services = {
      phpfpm-dokuwiki = {
        after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
        wants = dokuwiki.phpFpm.serviceDeps;
      };
      phpfpm-phpbb = {
        after = lib.mkAfter phpbb.phpFpm.serviceDeps;
        wants = phpbb.phpFpm.serviceDeps;
      };
      phpfpm-kanboard = {
        after = lib.mkAfter kanboard.phpFpm.serviceDeps;
        wants = kanboard.phpFpm.serviceDeps;
      };
      phpfpm-ldap = {
        after = lib.mkAfter ldap.phpFpm.serviceDeps;
        wants = ldap.phpFpm.serviceDeps;
      };
      phpfpm-shaarli = {
        after = lib.mkAfter shaarli.phpFpm.serviceDeps;
        wants = shaarli.phpFpm.serviceDeps;
      };
      phpfpm-ttrss = {
        after = lib.mkAfter ttrss.phpFpm.serviceDeps;
        wants = ttrss.phpFpm.serviceDeps;
      };
      phpfpm-wallabag = {
        after = lib.mkAfter wallabag.phpFpm.serviceDeps;
        wants = wallabag.phpFpm.serviceDeps;
        preStart = lib.mkAfter wallabag.phpFpm.preStart;
      };
      phpfpm-yourls = {
        after = lib.mkAfter yourls.phpFpm.serviceDeps;
        wants = yourls.phpFpm.serviceDeps;
      };
      ympd = {
        description = "Standalone MPD Web GUI written in C";
        wantedBy = [ "multi-user.target" ];
        script = ''
          export MPD_PASSWORD=$(cat /var/secrets/mpd)
          ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
          '';
      };
      tt-rss = {
        description = "Tiny Tiny RSS feeds update daemon";
        serviceConfig = {
          User = "wwwrun";
          ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
          StandardOutput = "syslog";
          StandardError = "syslog";
          PermissionsStartOnly = true;
        };

        wantedBy = [ "multi-user.target" ];
        requires = ["postgresql.service"];
        after = ["network.target" "postgresql.service"];
      };
    };

    services.filesWatcher.ympd = {
      restart = true;
      paths = [ "/var/secrets/mpd" ];
    };

    services.phpfpm.pools = {
      tools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          # Needed to avoid clashes in browser cookies (same domain)
          "php_value[session.name]" = "ToolsPHPSESSID";
          "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
            "/run/wrappers/bin/sendmail" landing "/tmp"
            "${config.secrets.location}/webapps/webhooks"
          ];
          "include" = "${config.secrets.location}/webapps/tools-csp-reports.conf";
        };
        phpEnv = {
          CONTACT_EMAIL = config.myEnv.tools.contact;
        };
        phpPackage = pkgs.php72;
      };
      devtools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
        };
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
      };
      adminer = adminer.phpFpm;
      ttrss = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ttrss.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      wallabag = {
        user = "wwwrun";
        group = "wwwrun";
        settings = wallabag.phpFpm.pool;
        phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
      };
      yourls = {
        user = "wwwrun";
        group = "wwwrun";
        settings = yourls.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      rompr = {
        user = "wwwrun";
        group = "wwwrun";
        settings = rompr.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      shaarli = {
        user = "wwwrun";
        group = "wwwrun";
        settings = shaarli.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      dmarc-reports = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dmarc-reports.phpFpm.pool;
        phpEnv = dmarc-reports.phpFpm.phpEnv;
        phpPackage = pkgs.php72;
      };
      dokuwiki = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dokuwiki.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      phpbb = {
        user = "wwwrun";
        group = "wwwrun";
        settings = phpbb.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      ldap = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ldap.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      kanboard = {
        user = "wwwrun";
        group = "wwwrun";
        settings = kanboard.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      grocy = {
        user = "wwwrun";
        group = "wwwrun";
        settings = grocy.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
    };

    system.activationScripts = {
      adminer = adminer.activationScript;
      grocy = grocy.activationScript;
      ttrss = ttrss.activationScript;
      wallabag = wallabag.activationScript;
      yourls = yourls.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      phpbb = phpbb.activationScript;
      kanboard = kanboard.activationScript;
      ldap = ldap.activationScript;
    };

    services.websites.webappDirs = {
      _adminer = adminer.webRoot;
      "${dmarc-reports.apache.webappName}" = dmarc-reports.webRoot;
      "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
      "${phpbb.apache.webappName}" = phpbb.webRoot;
      "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
      "${rompr.apache.webappName}" = rompr.webRoot;
      "${shaarli.apache.webappName}" = shaarli.webRoot;
      "${ttrss.apache.webappName}" = ttrss.webRoot;
      "${wallabag.apache.webappName}" = wallabag.webRoot;
      "${yourls.apache.webappName}" = yourls.webRoot;
      "${kanboard.apache.webappName}" = kanboard.webRoot;
      "${grocy.apache.webappName}" = grocy.webRoot;
    };

    services.websites.env.tools.watchPaths = [
      "/var/secrets/webapps/tools-shaarli"
    ];
    services.filesWatcher.phpfpm-wallabag = {
      restart = true;
      paths = [ "/var/secrets/webapps/tools-wallabag" ];
    };

    services.fiche = {
      enable = true;
      port = config.myEnv.ports.fiche;
      domain = "tools.immae.eu/paste";
      https = true;
    };
  };
}
Commit	Line	Data
ab8f306d	1	{ lib, pkgs, config, ... }:
10889174	2	let
4288c2f2 IB	3	adminer = pkgs.callPackage ./adminer.nix {
	4	inherit (pkgs.webapps) adminer;
	5	};
	6	ympd = pkgs.callPackage ./ympd.nix {
ab8f306d	7	env = config.myEnv.tools.ympd;
4288c2f2 IB	8	};
	9	ttrss = pkgs.callPackage ./ttrss.nix {
	10	inherit (pkgs.webapps) ttrss ttrss-plugins;
ab8f306d	11	env = config.myEnv.tools.ttrss;
dcac3ec7	12	php = pkgs.php72;
4288c2f2	13	};
4288c2f2	14	kanboard = pkgs.callPackage ./kanboard.nix {
ab8f306d	15	env = config.myEnv.tools.kanboard;
4288c2f2 IB	16	};
4288c2f2 IB	17	wallabag = pkgs.callPackage ./wallabag.nix {
46c99b57 IB	18	wallabag = pkgs.webapps.wallabag.override {
46c99b57 IB	19	composerEnv = pkgs.composerEnv.override {
2053ddac	20	php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
46c99b57 IB	21	};
46c99b57 IB	22	};
ab8f306d	23	env = config.myEnv.tools.wallabag;
4288c2f2 IB	24	};
	25	yourls = pkgs.callPackage ./yourls.nix {
	26	inherit (pkgs.webapps) yourls yourls-plugins;
ab8f306d	27	env = config.myEnv.tools.yourls;
4288c2f2 IB	28	};
	29	rompr = pkgs.callPackage ./rompr.nix {
	30	inherit (pkgs.webapps) rompr;
ab8f306d	31	env = config.myEnv.tools.rompr;
4288c2f2 IB	32	};
4288c2f2 IB	33	shaarli = pkgs.callPackage ./shaarli.nix {
ab8f306d	34	env = config.myEnv.tools.shaarli;
4288c2f2 IB	35	};
	36	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
	37	inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
	38	};
	39	ldap = pkgs.callPackage ./ldap.nix {
	40	inherit (pkgs.webapps) phpldapadmin;
ab8f306d	41	env = config.myEnv.tools.phpldapadmin;
4288c2f2	42	};
c7627e14	43	grocy = pkgs.callPackage ./grocy.nix {
dcac3ec7	44	grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
c7627e14	45	};
a8ef1adb IB	46	phpbb = pkgs.callPackage ./phpbb.nix {
	47	phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
	48	e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
	49	e.empteintesduweb.monitoranswers e.lr94.autosubscribe
	50	e.phpbbmodders.adduser ]);
	51	};
251c0a13 IB	52	webhooks = pkgs.callPackage ./webhooks.nix {
	53	env = config.myEnv.tools.webhooks;
	54	};
7df5e532 IB	55	dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
	56	env = config.myEnv.tools.dmarc_reports;
	57	};
0966f95c IB	58	csp-reports = pkgs.callPackage ./csp_reports.nix {
	59	env = config.myEnv.tools.csp_reports;
	60	};
251c0a13 IB	61
251c0a13 IB	62	landing = pkgs.callPackage ./landing.nix {};
10889174	63
4288c2f2	64	cfg = config.myServices.websites.tools.tools;
5400b9b6	65	pcfg = config.services.phpfpm.pools;
10889174	66	in {
4288c2f2	67	options.myServices.websites.tools.tools = {
10889174 IB	68	enable = lib.mkEnableOption "enable tools website";
	69	};
	70
	71	config = lib.mkIf cfg.enable {
1a718805	72	secrets.keys =
a840a21c	73	kanboard.keys
8db8e666	74	++ ldap.keys
8db8e666 IB	75	++ shaarli.keys
	76	++ ttrss.keys
	77	++ wallabag.keys
251c0a13	78	++ yourls.keys
7df5e532	79	++ dmarc-reports.keys
0966f95c	80	++ csp-reports.keys
251c0a13	81	++ webhooks.keys;
98163486	82
d2e703c5	83	services.duplyBackup.profiles = {
6a8252b1	84	dokuwiki = dokuwiki.backups;
c7627e14	85	grocy = grocy.backups;
6a8252b1 IB	86	kanboard = kanboard.backups;
	87	rompr = rompr.backups;
	88	shaarli = shaarli.backups;
	89	ttrss = ttrss.backups;
	90	wallabag = wallabag.backups;
a8ef1adb	91	phpbb = phpbb.backups;
6a8252b1 IB	92	};
6a8252b1 IB	93
29f8cb85	94	services.websites.env.tools.modules =
1922655a IB	95	[ "proxy_fcgi" ]
1922655a IB	96	++ adminer.apache.modules
10889174 IB	97	++ ympd.apache.modules
10889174 IB	98	++ ttrss.apache.modules
133ebaee	99	++ wallabag.apache.modules
bfe3c9c9	100	++ yourls.apache.modules
95b20e17	101	++ rompr.apache.modules
b892dcbe	102	++ shaarli.apache.modules
f80772dc	103	++ dokuwiki.apache.modules
7df5e532	104	++ dmarc-reports.apache.modules
a8ef1adb	105	++ phpbb.apache.modules
d4ed0eff IB	106	++ ldap.apache.modules
d4ed0eff IB	107	++ kanboard.apache.modules;
10889174	108
29f8cb85	109	services.websites.env.integration.vhostConfs.devtools = {
0f71cd76 IB	110	certName = "integration";
	111	certMainHost = "devtools.immae.eu";
	112	addToCerts = true;
	113	hosts = [ "devtools.immae.eu" ];
	114	root = "/var/lib/ftp/devtools.immae.eu";
	115	extraConfig = [
0aae0181	116	''
9338c832 IB	117	Timeout 600
9338c832 IB	118	ProxyTimeout 600
68c45ad5	119	Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
0aae0181 IB	120	<Directory "/var/lib/ftp/devtools.immae.eu">
	121	DirectoryIndex index.php index.htm index.html
	122	AllowOverride all
	123	Require all granted
	124	<FilesMatch "\.php$">
5400b9b6	125	SetHandler "proxy:unix:${pcfg.devtools.socket}\|fcgi://localhost"
0aae0181 IB	126	</FilesMatch>
	127	</Directory>
	128	''
46f30ecc IB	129	];
	130	};
	131
29f8cb85	132	services.websites.env.tools.vhostConfs.tools = {
10889174	133	certName = "eldiron";
7df420c2	134	addToCerts = true;
10889174	135	hosts = ["tools.immae.eu" ];
a8ef1adb	136	root = landing;
10889174	137	extraConfig = [
1922655a	138	''
ea9c6fe8	139	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
afcc5de0	140	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
3f453c7d	141	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
afcc5de0	142
251c0a13 IB	143	<Directory "${landing}">
	144	DirectoryIndex index.html
	145	AllowOverride None
	146	Require all granted
	147
	148	<FilesMatch "\.php$">
	149	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	150	</FilesMatch>
	151	</Directory>
1922655a	152	''
5400b9b6	153	(adminer.apache.vhostConf pcfg.adminer.socket)
10889174	154	ympd.apache.vhostConf
5400b9b6 IB	155	(ttrss.apache.vhostConf pcfg.ttrss.socket)
	156	(wallabag.apache.vhostConf pcfg.wallabag.socket)
	157	(yourls.apache.vhostConf pcfg.yourls.socket)
	158	(rompr.apache.vhostConf pcfg.rompr.socket)
	159	(shaarli.apache.vhostConf pcfg.shaarli.socket)
	160	(dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
	161	(ldap.apache.vhostConf pcfg.ldap.socket)
	162	(kanboard.apache.vhostConf pcfg.kanboard.socket)
	163	(grocy.apache.vhostConf pcfg.grocy.socket)
a8ef1adb	164	(phpbb.apache.vhostConf pcfg.phpbb.socket)
7df5e532	165	(dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
ea3b46ee IB	166	''
	167	Alias /paste /var/lib/fiche
	168	<Directory "/var/lib/fiche">
	169	DirectoryIndex index.txt index.html
	170	AllowOverride None
	171	Require all granted
	172	Options -Indexes
	173	</Directory>
251c0a13	174
cb589b2e IB	175	Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
cb589b2e IB	176	<Directory "/var/lib/buildbot/outputs/immae/bip39">
251c0a13 IB	177	DirectoryIndex index.html
	178	AllowOverride None
	179	Require all granted
	180	</Directory>
	181
	182	Alias /webhooks ${config.secrets.location}/webapps/webhooks
	183	<Directory "${config.secrets.location}/webapps/webhooks">
	184	Options -Indexes
	185	Require all granted
	186	AllowOverride None
	187	<FilesMatch "\.php$">
	188	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	189	</FilesMatch>
	190	</Directory>
ea3b46ee	191	''
10889174 IB	192	];
	193	};
	194
29f8cb85	195	services.websites.env.tools.vhostConfs.outils = {
7df420c2 IB	196	certName = "eldiron";
7df420c2 IB	197	addToCerts = true;
0f71cd76	198	hosts = [ "outils.immae.eu" ];
7df420c2	199	root = null;
70606070 IB	200	extraConfig = [
	201	''
	202	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	203
	204	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	205
	206	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	207	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	208
	209	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	210	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	211	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	212	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	213
	214	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	215
afcc5de0 IB	216	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
afcc5de0 IB	217
3f453c7d IB	218	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
3f453c7d IB	219
ea9c6fe8 IB	220	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
ea9c6fe8 IB	221
70606070 IB	222	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	223	''
	224	];
	225	};
	226
f40f5b23 IB	227	systemd.services = {
	228	phpfpm-dokuwiki = {
	229	after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
	230	wants = dokuwiki.phpFpm.serviceDeps;
	231	};
a8ef1adb IB	232	phpfpm-phpbb = {
	233	after = lib.mkAfter phpbb.phpFpm.serviceDeps;
	234	wants = phpbb.phpFpm.serviceDeps;
	235	};
f40f5b23 IB	236	phpfpm-kanboard = {
	237	after = lib.mkAfter kanboard.phpFpm.serviceDeps;
	238	wants = kanboard.phpFpm.serviceDeps;
	239	};
	240	phpfpm-ldap = {
	241	after = lib.mkAfter ldap.phpFpm.serviceDeps;
	242	wants = ldap.phpFpm.serviceDeps;
	243	};
f40f5b23 IB	244	phpfpm-shaarli = {
	245	after = lib.mkAfter shaarli.phpFpm.serviceDeps;
	246	wants = shaarli.phpFpm.serviceDeps;
	247	};
	248	phpfpm-ttrss = {
	249	after = lib.mkAfter ttrss.phpFpm.serviceDeps;
	250	wants = ttrss.phpFpm.serviceDeps;
	251	};
	252	phpfpm-wallabag = {
	253	after = lib.mkAfter wallabag.phpFpm.serviceDeps;
	254	wants = wallabag.phpFpm.serviceDeps;
	255	preStart = lib.mkAfter wallabag.phpFpm.preStart;
	256	};
	257	phpfpm-yourls = {
	258	after = lib.mkAfter yourls.phpFpm.serviceDeps;
	259	wants = yourls.phpFpm.serviceDeps;
	260	};
	261	ympd = {
	262	description = "Standalone MPD Web GUI written in C";
	263	wantedBy = [ "multi-user.target" ];
	264	script = ''
	265	export MPD_PASSWORD=$(cat /var/secrets/mpd)
	266	${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
	267	'';
	268	};
	269	tt-rss = {
	270	description = "Tiny Tiny RSS feeds update daemon";
	271	serviceConfig = {
	272	User = "wwwrun";
dcac3ec7	273	ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
f40f5b23 IB	274	StandardOutput = "syslog";
	275	StandardError = "syslog";
	276	PermissionsStartOnly = true;
	277	};
	278
	279	wantedBy = [ "multi-user.target" ];
	280	requires = ["postgresql.service"];
	281	after = ["network.target" "postgresql.service"];
	282	};
	283	};
	284
17f6eae9 IB	285	services.filesWatcher.ympd = {
	286	restart = true;
	287	paths = [ "/var/secrets/mpd" ];
	288	};
	289
441da8aa IB	290	services.phpfpm.pools = {
441da8aa IB	291	tools = {
5400b9b6 IB	292	user = "wwwrun";
	293	group = "wwwrun";
	294	settings = {
	295	"listen.owner" = "wwwrun";
	296	"listen.group" = "wwwrun";
	297	"pm" = "dynamic";
	298	"pm.max_children" = "60";
	299	"pm.start_servers" = "2";
	300	"pm.min_spare_servers" = "1";
	301	"pm.max_spare_servers" = "10";
f40f5b23	302
5400b9b6 IB	303	# Needed to avoid clashes in browser cookies (same domain)
5400b9b6 IB	304	"php_value[session.name]" = "ToolsPHPSESSID";
251c0a13	305	"php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
a8ef1adb IB	306	"/run/wrappers/bin/sendmail" landing "/tmp"
a8ef1adb IB	307	"${config.secrets.location}/webapps/webhooks"
251c0a13	308	];
0966f95c	309	"include" = "${config.secrets.location}/webapps/tools-csp-reports.conf";
251c0a13 IB	310	};
	311	phpEnv = {
	312	CONTACT_EMAIL = config.myEnv.tools.contact;
5400b9b6	313	};
dcac3ec7	314	phpPackage = pkgs.php72;
441da8aa IB	315	};
441da8aa IB	316	devtools = {
5400b9b6 IB	317	user = "wwwrun";
	318	group = "wwwrun";
	319	settings = {
	320	"listen.owner" = "wwwrun";
	321	"listen.group" = "wwwrun";
	322	"pm" = "dynamic";
	323	"pm.max_children" = "60";
	324	"pm.start_servers" = "2";
	325	"pm.min_spare_servers" = "1";
	326	"pm.max_spare_servers" = "10";
1922655a	327
5400b9b6 IB	328	"php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
5400b9b6 IB	329	};
2053ddac	330	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
441da8aa	331	};
5400b9b6	332	adminer = adminer.phpFpm;
441da8aa	333	ttrss = {
5400b9b6 IB	334	user = "wwwrun";
	335	group = "wwwrun";
	336	settings = ttrss.phpFpm.pool;
dcac3ec7	337	phpPackage = pkgs.php72;
441da8aa IB	338	};
441da8aa IB	339	wallabag = {
5400b9b6 IB	340	user = "wwwrun";
	341	group = "wwwrun";
	342	settings = wallabag.phpFpm.pool;
2053ddac	343	phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
441da8aa IB	344	};
441da8aa IB	345	yourls = {
5400b9b6 IB	346	user = "wwwrun";
	347	group = "wwwrun";
	348	settings = yourls.phpFpm.pool;
dcac3ec7	349	phpPackage = pkgs.php72;
441da8aa IB	350	};
441da8aa IB	351	rompr = {
5400b9b6 IB	352	user = "wwwrun";
	353	group = "wwwrun";
	354	settings = rompr.phpFpm.pool;
dcac3ec7	355	phpPackage = pkgs.php72;
441da8aa IB	356	};
441da8aa IB	357	shaarli = {
5400b9b6 IB	358	user = "wwwrun";
	359	group = "wwwrun";
	360	settings = shaarli.phpFpm.pool;
dcac3ec7	361	phpPackage = pkgs.php72;
441da8aa	362	};
7df5e532 IB	363	dmarc-reports = {
	364	user = "wwwrun";
	365	group = "wwwrun";
	366	settings = dmarc-reports.phpFpm.pool;
	367	phpEnv = dmarc-reports.phpFpm.phpEnv;
dcac3ec7	368	phpPackage = pkgs.php72;
7df5e532	369	};
441da8aa	370	dokuwiki = {
5400b9b6 IB	371	user = "wwwrun";
	372	group = "wwwrun";
	373	settings = dokuwiki.phpFpm.pool;
dcac3ec7	374	phpPackage = pkgs.php72;
441da8aa	375	};
a8ef1adb IB	376	phpbb = {
	377	user = "wwwrun";
	378	group = "wwwrun";
	379	settings = phpbb.phpFpm.pool;
dcac3ec7	380	phpPackage = pkgs.php72;
a8ef1adb	381	};
441da8aa	382	ldap = {
5400b9b6 IB	383	user = "wwwrun";
	384	group = "wwwrun";
	385	settings = ldap.phpFpm.pool;
64608496	386	phpPackage = pkgs.php72;
441da8aa IB	387	};
441da8aa IB	388	kanboard = {
5400b9b6 IB	389	user = "wwwrun";
	390	group = "wwwrun";
	391	settings = kanboard.phpFpm.pool;
dcac3ec7	392	phpPackage = pkgs.php72;
441da8aa IB	393	};
441da8aa IB	394	grocy = {
5400b9b6 IB	395	user = "wwwrun";
	396	group = "wwwrun";
	397	settings = grocy.phpFpm.pool;
dcac3ec7	398	phpPackage = pkgs.php72;
441da8aa	399	};
10889174 IB	400	};
	401
	402	system.activationScripts = {
4288c2f2	403	adminer = adminer.activationScript;
c7627e14	404	grocy = grocy.activationScript;
10889174	405	ttrss = ttrss.activationScript;
aebd817b	406	wallabag = wallabag.activationScript;
133ebaee	407	yourls = yourls.activationScript;
bfe3c9c9	408	rompr = rompr.activationScript;
95b20e17	409	shaarli = shaarli.activationScript;
b892dcbe	410	dokuwiki = dokuwiki.activationScript;
a8ef1adb	411	phpbb = phpbb.activationScript;
d4ed0eff	412	kanboard = kanboard.activationScript;
4288c2f2	413	ldap = ldap.activationScript;
10889174 IB	414	};
10889174 IB	415
d3452fc5	416	services.websites.webappDirs = {
4288c2f2	417	_adminer = adminer.webRoot;
7df5e532	418	"${dmarc-reports.apache.webappName}" = dmarc-reports.webRoot;
4288c2f2	419	"${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
a8ef1adb	420	"${phpbb.apache.webappName}" = phpbb.webRoot;
4288c2f2 IB	421	"${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
4288c2f2 IB	422	"${rompr.apache.webappName}" = rompr.webRoot;
4288c2f2 IB	423	"${shaarli.apache.webappName}" = shaarli.webRoot;
	424	"${ttrss.apache.webappName}" = ttrss.webRoot;
	425	"${wallabag.apache.webappName}" = wallabag.webRoot;
	426	"${yourls.apache.webappName}" = yourls.webRoot;
4288c2f2	427	"${kanboard.apache.webappName}" = kanboard.webRoot;
c7627e14	428	"${grocy.apache.webappName}" = grocy.webRoot;
4288c2f2	429	};
a95ab089	430
29f8cb85	431	services.websites.env.tools.watchPaths = [
9247b444	432	"/var/secrets/webapps/tools-shaarli"
17f6eae9 IB	433	];
	434	services.filesWatcher.phpfpm-wallabag = {
	435	restart = true;
	436	paths = [ "/var/secrets/webapps/tools-wallabag" ];
	437	};
ea3b46ee IB	438
	439	services.fiche = {
	440	enable = true;
	441	port = config.myEnv.ports.fiche;
	442	domain = "tools.immae.eu/paste";
	443	https = true;
	444	};
10889174 IB	445	};
	446	}
	447