[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix

{ lib, pkgs, config, ... }:
let
  adminer = pkgs.callPackage ./adminer.nix {
    inherit (pkgs.webapps) adminer;
  };
  ympd = pkgs.callPackage ./ympd.nix {
    env = config.myEnv.tools.ympd;
  };
  ttrss = pkgs.callPackage ./ttrss.nix {
    inherit (pkgs.webapps) ttrss ttrss-plugins;
    env = config.myEnv.tools.ttrss;
  };
  kanboard = pkgs.callPackage ./kanboard.nix  {
    env = config.myEnv.tools.kanboard;
  };
  wallabag = pkgs.callPackage ./wallabag.nix {
    inherit (pkgs.webapps) wallabag;
    env = config.myEnv.tools.wallabag;
  };
  yourls = pkgs.callPackage ./yourls.nix {
    inherit (pkgs.webapps) yourls yourls-plugins;
    env = config.myEnv.tools.yourls;
  };
  rompr = pkgs.callPackage ./rompr.nix {
    inherit (pkgs.webapps) rompr;
    env = config.myEnv.tools.rompr;
  };
  shaarli = pkgs.callPackage ./shaarli.nix {
    env = config.myEnv.tools.shaarli;
  };
  dokuwiki = pkgs.callPackage ./dokuwiki.nix {
    inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
  };
  ldap = pkgs.callPackage ./ldap.nix {
    inherit (pkgs.webapps) phpldapadmin;
    env = config.myEnv.tools.phpldapadmin;
  };
  grocy = pkgs.callPackage ./grocy.nix {
    inherit (pkgs.webapps) grocy;
  };
  webhooks = pkgs.callPackage ./webhooks.nix {
    env = config.myEnv.tools.webhooks;
  };

  landing = pkgs.callPackage ./landing.nix {};

  cfg = config.myServices.websites.tools.tools;
  pcfg = config.services.phpfpm.pools;
in {
  options.myServices.websites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    secrets.keys =
      kanboard.keys
      ++ ldap.keys
      ++ shaarli.keys
      ++ ttrss.keys
      ++ wallabag.keys
      ++ yourls.keys
      ++ webhooks.keys;

    services.duplyBackup.profiles = {
      dokuwiki = dokuwiki.backups;
      grocy = grocy.backups;
      kanboard = kanboard.backups;
      rompr = rompr.backups;
      shaarli = shaarli.backups;
      ttrss = ttrss.backups;
      wallabag = wallabag.backups;
    };

    services.websites.env.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    services.websites.env.integration.vhostConfs.devtools = {
      certName     = "integration";
      certMainHost = "devtools.immae.eu";
      addToCerts   = true;
      hosts        = [ "devtools.immae.eu" ];
      root         = "/var/lib/ftp/devtools.immae.eu";
      extraConfig  = [
        ''
          Timeout 600
          ProxyTimeout 600
          <Directory "/var/lib/ftp/devtools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
      ];
    };

    services.websites.env.tools.vhostConfs.tools = {
      certName    = "eldiron";
      addToCerts  = true;
      hosts       = ["tools.immae.eu" ];
      root        = "/var/lib/ftp/tools.immae.eu";
      extraConfig = [
        ''
          RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1
          RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1
          RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

          Alias /landing ${landing}
          <Directory "${landing}">
            DirectoryIndex index.html
            AllowOverride None
            Require all granted

            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>

          <Directory "/var/lib/ftp/tools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>

            RewriteEngine On
            RewriteCond ${landing}%{REQUEST_URI} -f
            RewriteRule ^(.*)$ /landing/$1 [L]
            RewriteRule ^$ /landing/ [L]
          </Directory>
          ''
        (adminer.apache.vhostConf pcfg.adminer.socket)
        ympd.apache.vhostConf
        (ttrss.apache.vhostConf pcfg.ttrss.socket)
        (wallabag.apache.vhostConf pcfg.wallabag.socket)
        (yourls.apache.vhostConf pcfg.yourls.socket)
        (rompr.apache.vhostConf pcfg.rompr.socket)
        (shaarli.apache.vhostConf pcfg.shaarli.socket)
        (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
        (ldap.apache.vhostConf pcfg.ldap.socket)
        (kanboard.apache.vhostConf pcfg.kanboard.socket)
        (grocy.apache.vhostConf pcfg.grocy.socket)
        ''
          Alias /paste /var/lib/fiche
          <Directory "/var/lib/fiche">
            DirectoryIndex index.txt index.html
            AllowOverride None
            Require all granted
            Options -Indexes
          </Directory>

          Alias /BIP39 /var/lib/buildbot/outputs/bip39
          <Directory "/var/lib/buildbot/outputs/bip39">
            DirectoryIndex index.html
            AllowOverride None
            Require all granted
          </Directory>

          Alias /webhooks ${config.secrets.location}/webapps/webhooks
          <Directory "${config.secrets.location}/webapps/webhooks">
            Options -Indexes
            Require all granted
            AllowOverride None
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
        ''
      ];
    };

    services.websites.env.tools.vhostConfs.outils = {
      certName   = "eldiron";
      addToCerts = true;
      hosts      = [ "outils.immae.eu" ];
      root       = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1

        RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

        RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    systemd.services = {
      phpfpm-dokuwiki = {
        after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
        wants = dokuwiki.phpFpm.serviceDeps;
      };
      phpfpm-kanboard = {
        after = lib.mkAfter kanboard.phpFpm.serviceDeps;
        wants = kanboard.phpFpm.serviceDeps;
      };
      phpfpm-ldap = {
        after = lib.mkAfter ldap.phpFpm.serviceDeps;
        wants = ldap.phpFpm.serviceDeps;
      };
      phpfpm-shaarli = {
        after = lib.mkAfter shaarli.phpFpm.serviceDeps;
        wants = shaarli.phpFpm.serviceDeps;
      };
      phpfpm-ttrss = {
        after = lib.mkAfter ttrss.phpFpm.serviceDeps;
        wants = ttrss.phpFpm.serviceDeps;
      };
      phpfpm-wallabag = {
        after = lib.mkAfter wallabag.phpFpm.serviceDeps;
        wants = wallabag.phpFpm.serviceDeps;
        preStart = lib.mkAfter wallabag.phpFpm.preStart;
      };
      phpfpm-yourls = {
        after = lib.mkAfter yourls.phpFpm.serviceDeps;
        wants = yourls.phpFpm.serviceDeps;
      };
      ympd = {
        description = "Standalone MPD Web GUI written in C";
        wantedBy = [ "multi-user.target" ];
        script = ''
          export MPD_PASSWORD=$(cat /var/secrets/mpd)
          ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
          '';
      };
      tt-rss = {
        description = "Tiny Tiny RSS feeds update daemon";
        serviceConfig = {
          User = "wwwrun";
          ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
          StandardOutput = "syslog";
          StandardError = "syslog";
          PermissionsStartOnly = true;
        };

        wantedBy = [ "multi-user.target" ];
        requires = ["postgresql.service"];
        after = ["network.target" "postgresql.service"];
      };
    };

    services.filesWatcher.ympd = {
      restart = true;
      paths = [ "/var/secrets/mpd" ];
    };

    services.phpfpm.pools = {
      tools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          # Needed to avoid clashes in browser cookies (same domain)
          "php_value[session.name]" = "ToolsPHPSESSID";
          "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
            "/run/wrappers/bin/sendmail" "/var/lib/ftp/tools.immae.eu"
            landing "/tmp" "${config.secrets.location}/webapps/webhooks"
          ];
        };
        phpEnv = {
          CONTACT_EMAIL = config.myEnv.tools.contact;
        };
      };
      devtools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
        };
        phpOptions = config.services.phpfpm.phpOptions + ''
          extension=${pkgs.php}/lib/php/extensions/mysqli.so
          extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
          extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
          zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
          '';
      };
      adminer = adminer.phpFpm;
      ttrss = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ttrss.phpFpm.pool;
      };
      wallabag = {
        user = "wwwrun";
        group = "wwwrun";
        settings = wallabag.phpFpm.pool;
      };
      yourls = {
        user = "wwwrun";
        group = "wwwrun";
        settings = yourls.phpFpm.pool;
      };
      rompr = {
        user = "wwwrun";
        group = "wwwrun";
        settings = rompr.phpFpm.pool;
      };
      shaarli = {
        user = "wwwrun";
        group = "wwwrun";
        settings = shaarli.phpFpm.pool;
      };
      dokuwiki = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dokuwiki.phpFpm.pool;
      };
      ldap = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ldap.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      kanboard = {
        user = "wwwrun";
        group = "wwwrun";
        settings = kanboard.phpFpm.pool;
      };
      grocy = {
        user = "wwwrun";
        group = "wwwrun";
        settings = grocy.phpFpm.pool;
      };
    };

    system.activationScripts = {
      adminer = adminer.activationScript;
      grocy = grocy.activationScript;
      ttrss = ttrss.activationScript;
      wallabag = wallabag.activationScript;
      yourls = yourls.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      kanboard = kanboard.activationScript;
      ldap = ldap.activationScript;
    };

    services.websites.webappDirs = {
      _adminer = adminer.webRoot;
      "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
      "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
      "${rompr.apache.webappName}" = rompr.webRoot;
      "${shaarli.apache.webappName}" = shaarli.webRoot;
      "${ttrss.apache.webappName}" = ttrss.webRoot;
      "${wallabag.apache.webappName}" = wallabag.webRoot;
      "${yourls.apache.webappName}" = yourls.webRoot;
      "${kanboard.apache.webappName}" = kanboard.webRoot;
      "${grocy.apache.webappName}" = grocy.webRoot;
    };

    services.websites.env.tools.watchPaths = [
      "/var/secrets/webapps/tools-shaarli"
    ];
    services.filesWatcher.phpfpm-wallabag = {
      restart = true;
      paths = [ "/var/secrets/webapps/tools-wallabag" ];
    };

    services.fiche = {
      enable = true;
      port = config.myEnv.ports.fiche;
      domain = "tools.immae.eu/paste";
      https = true;
    };
  };
}
Commit	Line	Data
ab8f306d	1	{ lib, pkgs, config, ... }:
10889174	2	let
4288c2f2 IB	3	adminer = pkgs.callPackage ./adminer.nix {
	4	inherit (pkgs.webapps) adminer;
	5	};
	6	ympd = pkgs.callPackage ./ympd.nix {
ab8f306d	7	env = config.myEnv.tools.ympd;
4288c2f2 IB	8	};
	9	ttrss = pkgs.callPackage ./ttrss.nix {
	10	inherit (pkgs.webapps) ttrss ttrss-plugins;
ab8f306d	11	env = config.myEnv.tools.ttrss;
4288c2f2	12	};
4288c2f2	13	kanboard = pkgs.callPackage ./kanboard.nix {
ab8f306d	14	env = config.myEnv.tools.kanboard;
4288c2f2 IB	15	};
	16	wallabag = pkgs.callPackage ./wallabag.nix {
	17	inherit (pkgs.webapps) wallabag;
ab8f306d	18	env = config.myEnv.tools.wallabag;
4288c2f2 IB	19	};
	20	yourls = pkgs.callPackage ./yourls.nix {
	21	inherit (pkgs.webapps) yourls yourls-plugins;
ab8f306d	22	env = config.myEnv.tools.yourls;
4288c2f2 IB	23	};
	24	rompr = pkgs.callPackage ./rompr.nix {
	25	inherit (pkgs.webapps) rompr;
ab8f306d	26	env = config.myEnv.tools.rompr;
4288c2f2 IB	27	};
4288c2f2 IB	28	shaarli = pkgs.callPackage ./shaarli.nix {
ab8f306d	29	env = config.myEnv.tools.shaarli;
4288c2f2 IB	30	};
	31	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
	32	inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
	33	};
	34	ldap = pkgs.callPackage ./ldap.nix {
	35	inherit (pkgs.webapps) phpldapadmin;
ab8f306d	36	env = config.myEnv.tools.phpldapadmin;
4288c2f2	37	};
c7627e14 IB	38	grocy = pkgs.callPackage ./grocy.nix {
	39	inherit (pkgs.webapps) grocy;
	40	};
251c0a13 IB	41	webhooks = pkgs.callPackage ./webhooks.nix {
	42	env = config.myEnv.tools.webhooks;
	43	};
	44
	45	landing = pkgs.callPackage ./landing.nix {};
10889174	46
4288c2f2	47	cfg = config.myServices.websites.tools.tools;
5400b9b6	48	pcfg = config.services.phpfpm.pools;
10889174	49	in {
4288c2f2	50	options.myServices.websites.tools.tools = {
10889174 IB	51	enable = lib.mkEnableOption "enable tools website";
	52	};
	53
	54	config = lib.mkIf cfg.enable {
1a718805	55	secrets.keys =
a840a21c	56	kanboard.keys
8db8e666	57	++ ldap.keys
8db8e666 IB	58	++ shaarli.keys
	59	++ ttrss.keys
	60	++ wallabag.keys
251c0a13 IB	61	++ yourls.keys
251c0a13 IB	62	++ webhooks.keys;
98163486	63
d2e703c5	64	services.duplyBackup.profiles = {
6a8252b1	65	dokuwiki = dokuwiki.backups;
c7627e14	66	grocy = grocy.backups;
6a8252b1 IB	67	kanboard = kanboard.backups;
	68	rompr = rompr.backups;
	69	shaarli = shaarli.backups;
	70	ttrss = ttrss.backups;
	71	wallabag = wallabag.backups;
	72	};
	73
29f8cb85	74	services.websites.env.tools.modules =
1922655a IB	75	[ "proxy_fcgi" ]
1922655a IB	76	++ adminer.apache.modules
10889174 IB	77	++ ympd.apache.modules
10889174 IB	78	++ ttrss.apache.modules
133ebaee	79	++ wallabag.apache.modules
bfe3c9c9	80	++ yourls.apache.modules
95b20e17	81	++ rompr.apache.modules
b892dcbe	82	++ shaarli.apache.modules
f80772dc	83	++ dokuwiki.apache.modules
d4ed0eff IB	84	++ ldap.apache.modules
d4ed0eff IB	85	++ kanboard.apache.modules;
10889174	86
29f8cb85	87	services.websites.env.integration.vhostConfs.devtools = {
0f71cd76 IB	88	certName = "integration";
	89	certMainHost = "devtools.immae.eu";
	90	addToCerts = true;
	91	hosts = [ "devtools.immae.eu" ];
	92	root = "/var/lib/ftp/devtools.immae.eu";
	93	extraConfig = [
0aae0181	94	''
9338c832 IB	95	Timeout 600
9338c832 IB	96	ProxyTimeout 600
0aae0181 IB	97	<Directory "/var/lib/ftp/devtools.immae.eu">
	98	DirectoryIndex index.php index.htm index.html
	99	AllowOverride all
	100	Require all granted
	101	<FilesMatch "\.php$">
5400b9b6	102	SetHandler "proxy:unix:${pcfg.devtools.socket}\|fcgi://localhost"
0aae0181 IB	103	</FilesMatch>
	104	</Directory>
	105	''
46f30ecc IB	106	];
	107	};
	108
29f8cb85	109	services.websites.env.tools.vhostConfs.tools = {
10889174	110	certName = "eldiron";
7df420c2	111	addToCerts = true;
10889174	112	hosts = ["tools.immae.eu" ];
1922655a	113	root = "/var/lib/ftp/tools.immae.eu";
10889174	114	extraConfig = [
1922655a	115	''
ea9c6fe8	116	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
afcc5de0	117	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
3f453c7d	118	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
afcc5de0	119
251c0a13 IB	120	Alias /landing ${landing}
	121	<Directory "${landing}">
	122	DirectoryIndex index.html
	123	AllowOverride None
	124	Require all granted
	125
	126	<FilesMatch "\.php$">
	127	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	128	</FilesMatch>
	129	</Directory>
d10ecf14	130
1922655a	131	<Directory "/var/lib/ftp/tools.immae.eu">
0eaac6ba	132	DirectoryIndex index.php index.htm index.html
1922655a IB	133	AllowOverride all
	134	Require all granted
	135	<FilesMatch "\.php$">
5400b9b6	136	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
1922655a	137	</FilesMatch>
251c0a13 IB	138
	139	RewriteEngine On
	140	RewriteCond ${landing}%{REQUEST_URI} -f
	141	RewriteRule ^(.*)$ /landing/$1 [L]
	142	RewriteRule ^$ /landing/ [L]
1922655a IB	143	</Directory>
1922655a IB	144	''
5400b9b6	145	(adminer.apache.vhostConf pcfg.adminer.socket)
10889174	146	ympd.apache.vhostConf
5400b9b6 IB	147	(ttrss.apache.vhostConf pcfg.ttrss.socket)
	148	(wallabag.apache.vhostConf pcfg.wallabag.socket)
	149	(yourls.apache.vhostConf pcfg.yourls.socket)
	150	(rompr.apache.vhostConf pcfg.rompr.socket)
	151	(shaarli.apache.vhostConf pcfg.shaarli.socket)
	152	(dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
	153	(ldap.apache.vhostConf pcfg.ldap.socket)
	154	(kanboard.apache.vhostConf pcfg.kanboard.socket)
	155	(grocy.apache.vhostConf pcfg.grocy.socket)
ea3b46ee IB	156	''
	157	Alias /paste /var/lib/fiche
	158	<Directory "/var/lib/fiche">
	159	DirectoryIndex index.txt index.html
	160	AllowOverride None
	161	Require all granted
	162	Options -Indexes
	163	</Directory>
251c0a13 IB	164
	165	Alias /BIP39 /var/lib/buildbot/outputs/bip39
	166	<Directory "/var/lib/buildbot/outputs/bip39">
	167	DirectoryIndex index.html
	168	AllowOverride None
	169	Require all granted
	170	</Directory>
	171
	172	Alias /webhooks ${config.secrets.location}/webapps/webhooks
	173	<Directory "${config.secrets.location}/webapps/webhooks">
	174	Options -Indexes
	175	Require all granted
	176	AllowOverride None
	177	<FilesMatch "\.php$">
	178	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	179	</FilesMatch>
	180	</Directory>
ea3b46ee	181	''
10889174 IB	182	];
	183	};
	184
29f8cb85	185	services.websites.env.tools.vhostConfs.outils = {
7df420c2 IB	186	certName = "eldiron";
7df420c2 IB	187	addToCerts = true;
0f71cd76	188	hosts = [ "outils.immae.eu" ];
7df420c2	189	root = null;
70606070 IB	190	extraConfig = [
	191	''
	192	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	193
	194	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	195
	196	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	197	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	198
	199	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	200	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	201	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	202	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	203
	204	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	205
afcc5de0 IB	206	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
afcc5de0 IB	207
3f453c7d IB	208	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
3f453c7d IB	209
ea9c6fe8 IB	210	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
ea9c6fe8 IB	211
70606070 IB	212	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	213	''
	214	];
	215	};
	216
f40f5b23 IB	217	systemd.services = {
	218	phpfpm-dokuwiki = {
	219	after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
	220	wants = dokuwiki.phpFpm.serviceDeps;
	221	};
	222	phpfpm-kanboard = {
	223	after = lib.mkAfter kanboard.phpFpm.serviceDeps;
	224	wants = kanboard.phpFpm.serviceDeps;
	225	};
	226	phpfpm-ldap = {
	227	after = lib.mkAfter ldap.phpFpm.serviceDeps;
	228	wants = ldap.phpFpm.serviceDeps;
	229	};
f40f5b23 IB	230	phpfpm-shaarli = {
	231	after = lib.mkAfter shaarli.phpFpm.serviceDeps;
	232	wants = shaarli.phpFpm.serviceDeps;
	233	};
	234	phpfpm-ttrss = {
	235	after = lib.mkAfter ttrss.phpFpm.serviceDeps;
	236	wants = ttrss.phpFpm.serviceDeps;
	237	};
	238	phpfpm-wallabag = {
	239	after = lib.mkAfter wallabag.phpFpm.serviceDeps;
	240	wants = wallabag.phpFpm.serviceDeps;
	241	preStart = lib.mkAfter wallabag.phpFpm.preStart;
	242	};
	243	phpfpm-yourls = {
	244	after = lib.mkAfter yourls.phpFpm.serviceDeps;
	245	wants = yourls.phpFpm.serviceDeps;
	246	};
	247	ympd = {
	248	description = "Standalone MPD Web GUI written in C";
	249	wantedBy = [ "multi-user.target" ];
	250	script = ''
	251	export MPD_PASSWORD=$(cat /var/secrets/mpd)
	252	${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
	253	'';
	254	};
	255	tt-rss = {
	256	description = "Tiny Tiny RSS feeds update daemon";
	257	serviceConfig = {
	258	User = "wwwrun";
	259	ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
	260	StandardOutput = "syslog";
	261	StandardError = "syslog";
	262	PermissionsStartOnly = true;
	263	};
	264
	265	wantedBy = [ "multi-user.target" ];
	266	requires = ["postgresql.service"];
	267	after = ["network.target" "postgresql.service"];
	268	};
	269	};
	270
17f6eae9 IB	271	services.filesWatcher.ympd = {
	272	restart = true;
	273	paths = [ "/var/secrets/mpd" ];
	274	};
	275
441da8aa IB	276	services.phpfpm.pools = {
441da8aa IB	277	tools = {
5400b9b6 IB	278	user = "wwwrun";
	279	group = "wwwrun";
	280	settings = {
	281	"listen.owner" = "wwwrun";
	282	"listen.group" = "wwwrun";
	283	"pm" = "dynamic";
	284	"pm.max_children" = "60";
	285	"pm.start_servers" = "2";
	286	"pm.min_spare_servers" = "1";
	287	"pm.max_spare_servers" = "10";
f40f5b23	288
5400b9b6 IB	289	# Needed to avoid clashes in browser cookies (same domain)
5400b9b6 IB	290	"php_value[session.name]" = "ToolsPHPSESSID";
251c0a13 IB	291	"php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
	292	"/run/wrappers/bin/sendmail" "/var/lib/ftp/tools.immae.eu"
	293	landing "/tmp" "${config.secrets.location}/webapps/webhooks"
	294	];
	295	};
	296	phpEnv = {
	297	CONTACT_EMAIL = config.myEnv.tools.contact;
5400b9b6	298	};
441da8aa IB	299	};
441da8aa IB	300	devtools = {
5400b9b6 IB	301	user = "wwwrun";
	302	group = "wwwrun";
	303	settings = {
	304	"listen.owner" = "wwwrun";
	305	"listen.group" = "wwwrun";
	306	"pm" = "dynamic";
	307	"pm.max_children" = "60";
	308	"pm.start_servers" = "2";
	309	"pm.min_spare_servers" = "1";
	310	"pm.max_spare_servers" = "10";
1922655a	311
5400b9b6 IB	312	"php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
5400b9b6 IB	313	};
441da8aa IB	314	phpOptions = config.services.phpfpm.phpOptions + ''
	315	extension=${pkgs.php}/lib/php/extensions/mysqli.so
	316	extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
	317	extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
	318	zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
	319	'';
	320	};
5400b9b6	321	adminer = adminer.phpFpm;
441da8aa	322	ttrss = {
5400b9b6 IB	323	user = "wwwrun";
	324	group = "wwwrun";
	325	settings = ttrss.phpFpm.pool;
441da8aa IB	326	};
441da8aa IB	327	wallabag = {
5400b9b6 IB	328	user = "wwwrun";
	329	group = "wwwrun";
	330	settings = wallabag.phpFpm.pool;
441da8aa IB	331	};
441da8aa IB	332	yourls = {
5400b9b6 IB	333	user = "wwwrun";
	334	group = "wwwrun";
	335	settings = yourls.phpFpm.pool;
441da8aa IB	336	};
441da8aa IB	337	rompr = {
5400b9b6 IB	338	user = "wwwrun";
	339	group = "wwwrun";
	340	settings = rompr.phpFpm.pool;
441da8aa IB	341	};
441da8aa IB	342	shaarli = {
5400b9b6 IB	343	user = "wwwrun";
	344	group = "wwwrun";
	345	settings = shaarli.phpFpm.pool;
441da8aa IB	346	};
441da8aa IB	347	dokuwiki = {
5400b9b6 IB	348	user = "wwwrun";
	349	group = "wwwrun";
	350	settings = dokuwiki.phpFpm.pool;
441da8aa IB	351	};
441da8aa IB	352	ldap = {
5400b9b6 IB	353	user = "wwwrun";
	354	group = "wwwrun";
	355	settings = ldap.phpFpm.pool;
64608496	356	phpPackage = pkgs.php72;
441da8aa IB	357	};
441da8aa IB	358	kanboard = {
5400b9b6 IB	359	user = "wwwrun";
	360	group = "wwwrun";
	361	settings = kanboard.phpFpm.pool;
441da8aa IB	362	};
441da8aa IB	363	grocy = {
5400b9b6 IB	364	user = "wwwrun";
	365	group = "wwwrun";
	366	settings = grocy.phpFpm.pool;
441da8aa	367	};
10889174 IB	368	};
	369
	370	system.activationScripts = {
4288c2f2	371	adminer = adminer.activationScript;
c7627e14	372	grocy = grocy.activationScript;
10889174	373	ttrss = ttrss.activationScript;
aebd817b	374	wallabag = wallabag.activationScript;
133ebaee	375	yourls = yourls.activationScript;
bfe3c9c9	376	rompr = rompr.activationScript;
95b20e17	377	shaarli = shaarli.activationScript;
b892dcbe	378	dokuwiki = dokuwiki.activationScript;
d4ed0eff	379	kanboard = kanboard.activationScript;
4288c2f2	380	ldap = ldap.activationScript;
10889174 IB	381	};
10889174 IB	382
d3452fc5	383	services.websites.webappDirs = {
4288c2f2 IB	384	_adminer = adminer.webRoot;
	385	"${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
	386	"${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
	387	"${rompr.apache.webappName}" = rompr.webRoot;
4288c2f2 IB	388	"${shaarli.apache.webappName}" = shaarli.webRoot;
	389	"${ttrss.apache.webappName}" = ttrss.webRoot;
	390	"${wallabag.apache.webappName}" = wallabag.webRoot;
	391	"${yourls.apache.webappName}" = yourls.webRoot;
4288c2f2	392	"${kanboard.apache.webappName}" = kanboard.webRoot;
c7627e14	393	"${grocy.apache.webappName}" = grocy.webRoot;
4288c2f2	394	};
a95ab089	395
29f8cb85	396	services.websites.env.tools.watchPaths = [
9247b444	397	"/var/secrets/webapps/tools-shaarli"
17f6eae9 IB	398	];
	399	services.filesWatcher.phpfpm-wallabag = {
	400	restart = true;
	401	paths = [ "/var/secrets/webapps/tools-wallabag" ];
	402	};
ea3b46ee IB	403
	404	services.fiche = {
	405	enable = true;
	406	port = config.myEnv.ports.fiche;
	407	domain = "tools.immae.eu/paste";
	408	https = true;
	409	};
10889174 IB	410	};
	411	}
	412