[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix

{ lib, pkgs, config, ... }:
let
  flakeCompat = import ../../../../../lib/flake-compat.nix;

  adminer = pkgs.callPackage ./adminer.nix {
    inherit (pkgs.webapps) adminer;
  };
  ympd = pkgs.callPackage ./ympd.nix {
    env = config.myEnv.tools.ympd;
  };
  ttrss = pkgs.callPackage ./ttrss.nix {
    inherit (pkgs.webapps) ttrss ttrss-plugins;
    env = config.myEnv.tools.ttrss;
    php = pkgs.php72;
    inherit config;
  };
  kanboard = pkgs.callPackage ./kanboard.nix  {
    inherit config;
    env = config.myEnv.tools.kanboard;
  };
  wallabag = pkgs.callPackage ./wallabag.nix {
    wallabag = pkgs.webapps.wallabag.override {
      composerEnv = pkgs.composerEnv.override {
        php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
      };
    };
    env = config.myEnv.tools.wallabag;
    inherit config;
  };
  yourls = pkgs.callPackage ./yourls.nix {
    inherit (pkgs.webapps) yourls yourls-plugins;
    env = config.myEnv.tools.yourls;
    inherit config;
  };
  rompr = pkgs.callPackage ./rompr.nix {
    inherit (pkgs.webapps) rompr;
    env = config.myEnv.tools.rompr;
  };
  shaarli = pkgs.callPackage ./shaarli.nix {
    env = config.myEnv.tools.shaarli;
    inherit config;
  };
  dokuwiki = pkgs.callPackage ./dokuwiki.nix {
    inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
  };
  ldap = pkgs.callPackage ./ldap.nix {
    inherit (pkgs.webapps) phpldapadmin;
    env = config.myEnv.tools.phpldapadmin;
    inherit config;
  };
  grocy = pkgs.callPackage ./grocy.nix {
    grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
  };
  phpbb = pkgs.callPackage ./phpbb.nix {
    phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
      e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
      e.empteintesduweb.monitoranswers e.lr94.autosubscribe
      e.phpbbmodders.adduser ]);
  };
  webhooks = pkgs.callPackage ./webhooks.nix {
    env = config.myEnv.tools.webhooks;
  };
  dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
    env = config.myEnv.tools.dmarc_reports;
    inherit config;
  };
  csp-reports = pkgs.callPackage ./csp_reports.nix {
    env = config.myEnv.tools.csp_reports;
  };

  landing = pkgs.callPackage ./landing.nix {};

  cfg = config.myServices.websites.tools.tools;
  pcfg = config.services.phpfpm.pools;
in {
  imports =
    builtins.attrValues (flakeCompat ../../../../../flakes/private/paste).nixosModules;

  options.myServices.websites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    secrets.keys =
      kanboard.keys
      // ldap.keys
      // shaarli.keys
      // ttrss.keys
      // wallabag.keys
      // yourls.keys
      // dmarc-reports.keys
      // csp-reports.keys
      // webhooks.keys;

    services.duplyBackup.profiles = {
      dokuwiki = dokuwiki.backups;
      grocy = grocy.backups;
      kanboard = kanboard.backups;
      rompr = rompr.backups;
      shaarli = shaarli.backups;
      ttrss = ttrss.backups;
      wallabag = wallabag.backups;
      phpbb = phpbb.backups;
    };

    services.websites.env.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ dmarc-reports.apache.modules
      ++ phpbb.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    services.websites.env.integration.vhostConfs.devtools = {
      certName     = "integration";
      certMainHost = "devtools.immae.eu";
      addToCerts   = true;
      hosts        = [ "devtools.immae.eu" ];
      root         = "/var/lib/ftp/devtools.immae.eu";
      extraConfig  = [
        ''
          Use Apaxy "/var/lib/ftp/devtools.immae.eu" "title"
          Timeout 600
          ProxyTimeout 600
          Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
          <Directory "/var/lib/ftp/devtools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
      ];
    };

    services.websites.env.tools.vhostConfs.tools = {
      certName    = "eldiron";
      addToCerts  = true;
      hosts       = ["tools.immae.eu" ];
      root        = landing;
      extraConfig = [
        ''
          RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1
          RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1
          RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

          <Directory "${landing}">
            DirectoryIndex index.html
            AllowOverride None
            Require all granted

            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        (adminer.apache.vhostConf pcfg.adminer.socket)
        ympd.apache.vhostConf
        (ttrss.apache.vhostConf pcfg.ttrss.socket)
        (wallabag.apache.vhostConf pcfg.wallabag.socket)
        (yourls.apache.vhostConf pcfg.yourls.socket)
        (rompr.apache.vhostConf pcfg.rompr.socket)
        (shaarli.apache.vhostConf pcfg.shaarli.socket)
        (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
        (ldap.apache.vhostConf pcfg.ldap.socket)
        (kanboard.apache.vhostConf pcfg.kanboard.socket)
        (grocy.apache.vhostConf pcfg.grocy.socket)
        (phpbb.apache.vhostConf pcfg.phpbb.socket)
        (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
        ''
          <Location "/paste/">
            ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPreserveHost on
          </Location>
          <Location "/paste">
            ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPreserveHost on
          </Location>

          Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
          <Directory "/var/lib/buildbot/outputs/immae/bip39">
            DirectoryIndex index.html
            AllowOverride None
            Require all granted
          </Directory>

          Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
          <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
            Options -Indexes
            Require all granted
            AllowOverride None
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
        ''
      ];
    };

    services.websites.env.tools.vhostConfs.outils = {
      certName   = "eldiron";
      addToCerts = true;
      hosts      = [ "outils.immae.eu" ];
      root       = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1

        RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

        RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    systemd.services = {
      phpfpm-dokuwiki = {
        after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
        wants = dokuwiki.phpFpm.serviceDeps;
      };
      phpfpm-phpbb = {
        after = lib.mkAfter phpbb.phpFpm.serviceDeps;
        wants = phpbb.phpFpm.serviceDeps;
      };
      phpfpm-kanboard = {
        after = lib.mkAfter kanboard.phpFpm.serviceDeps;
        wants = kanboard.phpFpm.serviceDeps;
      };
      phpfpm-ldap = {
        after = lib.mkAfter ldap.phpFpm.serviceDeps;
        wants = ldap.phpFpm.serviceDeps;
      };
      phpfpm-shaarli = {
        after = lib.mkAfter shaarli.phpFpm.serviceDeps;
        wants = shaarli.phpFpm.serviceDeps;
      };
      phpfpm-ttrss = {
        after = lib.mkAfter ttrss.phpFpm.serviceDeps;
        wants = ttrss.phpFpm.serviceDeps;
      };
      phpfpm-wallabag = {
        after = lib.mkAfter wallabag.phpFpm.serviceDeps;
        wants = wallabag.phpFpm.serviceDeps;
        preStart = lib.mkAfter wallabag.phpFpm.preStart;
      };
      phpfpm-yourls = {
        after = lib.mkAfter yourls.phpFpm.serviceDeps;
        wants = yourls.phpFpm.serviceDeps;
      };
      ympd = {
        description = "Standalone MPD Web GUI written in C";
        wantedBy = [ "multi-user.target" ];
        script = ''
          export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
          ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
          '';
      };
      tt-rss = {
        description = "Tiny Tiny RSS feeds update daemon";
        serviceConfig = {
          User = "wwwrun";
          ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
          StandardOutput = "syslog";
          StandardError = "syslog";
          PermissionsStartOnly = true;
        };

        wantedBy = [ "multi-user.target" ];
        requires = ["postgresql.service"];
        after = ["network.target" "postgresql.service"];
      };
    };

    services.filesWatcher.ympd = {
      restart = true;
      paths = [ config.secrets.fullPaths."mpd" ];
    };

    services.phpfpm.pools = {
      tools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          # Needed to avoid clashes in browser cookies (same domain)
          "php_value[session.name]" = "ToolsPHPSESSID";
          "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
            "/run/wrappers/bin/sendmail" landing "/tmp"
            config.secrets.fullPaths."webapps/webhooks"
          ];
          "include" = config.secrets.fullPaths."webapps/tools-csp-reports.conf";
        };
        phpEnv = {
          CONTACT_EMAIL = config.myEnv.tools.contact;
        };
        phpPackage = pkgs.php72;
      };
      devtools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
        };
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
      };
      adminer = adminer.phpFpm;
      ttrss = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ttrss.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      wallabag = {
        user = "wwwrun";
        group = "wwwrun";
        settings = wallabag.phpFpm.pool;
        phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
      };
      yourls = {
        user = "wwwrun";
        group = "wwwrun";
        settings = yourls.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      rompr = {
        user = "wwwrun";
        group = "wwwrun";
        settings = rompr.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      shaarli = {
        user = "wwwrun";
        group = "wwwrun";
        settings = shaarli.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      dmarc-reports = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dmarc-reports.phpFpm.pool;
        phpEnv = dmarc-reports.phpFpm.phpEnv;
        phpPackage = pkgs.php72;
      };
      dokuwiki = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dokuwiki.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      phpbb = {
        user = "wwwrun";
        group = "wwwrun";
        settings = phpbb.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      ldap = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ldap.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      kanboard = {
        user = "wwwrun";
        group = "wwwrun";
        settings = kanboard.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      grocy = {
        user = "wwwrun";
        group = "wwwrun";
        settings = grocy.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
    };

    system.activationScripts = {
      adminer = adminer.activationScript;
      grocy = grocy.activationScript;
      ttrss = ttrss.activationScript;
      wallabag = wallabag.activationScript;
      yourls = yourls.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      phpbb = phpbb.activationScript;
      kanboard = kanboard.activationScript;
      ldap = ldap.activationScript;
    };

    services.websites.webappDirs = {
      _adminer = adminer.webRoot;
      "${dmarc-reports.apache.webappName}" = dmarc-reports.webRoot;
      "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
      "${phpbb.apache.webappName}" = phpbb.webRoot;
      "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
      "${rompr.apache.webappName}" = rompr.webRoot;
      "${shaarli.apache.webappName}" = shaarli.webRoot;
      "${ttrss.apache.webappName}" = ttrss.webRoot;
      "${wallabag.apache.webappName}" = wallabag.webRoot;
      "${yourls.apache.webappName}" = yourls.webRoot;
      "${kanboard.apache.webappName}" = kanboard.webRoot;
      "${grocy.apache.webappName}" = grocy.webRoot;
    };

    services.websites.env.tools.watchPaths = [
      config.secrets.fullPaths."webapps/tools-shaarli"
    ];
    services.filesWatcher.phpfpm-wallabag = {
      restart = true;
      paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
    };

  };
}
Commit	Line	Data
ab8f306d	1	{ lib, pkgs, config, ... }:
10889174	2	let
a9f52ec5 IB	3	flakeCompat = import ../../../../../lib/flake-compat.nix;
a9f52ec5 IB	4
4288c2f2 IB	5	adminer = pkgs.callPackage ./adminer.nix {
	6	inherit (pkgs.webapps) adminer;
	7	};
	8	ympd = pkgs.callPackage ./ympd.nix {
ab8f306d	9	env = config.myEnv.tools.ympd;
4288c2f2 IB	10	};
	11	ttrss = pkgs.callPackage ./ttrss.nix {
	12	inherit (pkgs.webapps) ttrss ttrss-plugins;
ab8f306d	13	env = config.myEnv.tools.ttrss;
dcac3ec7	14	php = pkgs.php72;
da30ae4f	15	inherit config;
4288c2f2	16	};
4288c2f2	17	kanboard = pkgs.callPackage ./kanboard.nix {
da30ae4f	18	inherit config;
ab8f306d	19	env = config.myEnv.tools.kanboard;
4288c2f2 IB	20	};
4288c2f2 IB	21	wallabag = pkgs.callPackage ./wallabag.nix {
46c99b57 IB	22	wallabag = pkgs.webapps.wallabag.override {
46c99b57 IB	23	composerEnv = pkgs.composerEnv.override {
2053ddac	24	php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
46c99b57 IB	25	};
46c99b57 IB	26	};
ab8f306d	27	env = config.myEnv.tools.wallabag;
da30ae4f	28	inherit config;
4288c2f2 IB	29	};
	30	yourls = pkgs.callPackage ./yourls.nix {
	31	inherit (pkgs.webapps) yourls yourls-plugins;
ab8f306d	32	env = config.myEnv.tools.yourls;
da30ae4f	33	inherit config;
4288c2f2 IB	34	};
	35	rompr = pkgs.callPackage ./rompr.nix {
	36	inherit (pkgs.webapps) rompr;
ab8f306d	37	env = config.myEnv.tools.rompr;
4288c2f2 IB	38	};
4288c2f2 IB	39	shaarli = pkgs.callPackage ./shaarli.nix {
ab8f306d	40	env = config.myEnv.tools.shaarli;
da30ae4f	41	inherit config;
4288c2f2 IB	42	};
	43	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
	44	inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
	45	};
	46	ldap = pkgs.callPackage ./ldap.nix {
	47	inherit (pkgs.webapps) phpldapadmin;
ab8f306d	48	env = config.myEnv.tools.phpldapadmin;
da30ae4f	49	inherit config;
4288c2f2	50	};
c7627e14	51	grocy = pkgs.callPackage ./grocy.nix {
dcac3ec7	52	grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
c7627e14	53	};
a8ef1adb IB	54	phpbb = pkgs.callPackage ./phpbb.nix {
	55	phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
	56	e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
	57	e.empteintesduweb.monitoranswers e.lr94.autosubscribe
	58	e.phpbbmodders.adduser ]);
	59	};
251c0a13 IB	60	webhooks = pkgs.callPackage ./webhooks.nix {
	61	env = config.myEnv.tools.webhooks;
	62	};
7df5e532 IB	63	dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
7df5e532 IB	64	env = config.myEnv.tools.dmarc_reports;
da30ae4f	65	inherit config;
7df5e532	66	};
0966f95c IB	67	csp-reports = pkgs.callPackage ./csp_reports.nix {
	68	env = config.myEnv.tools.csp_reports;
	69	};
251c0a13 IB	70
251c0a13 IB	71	landing = pkgs.callPackage ./landing.nix {};
10889174	72
4288c2f2	73	cfg = config.myServices.websites.tools.tools;
5400b9b6	74	pcfg = config.services.phpfpm.pools;
10889174	75	in {
a9f52ec5 IB	76	imports =
	77	builtins.attrValues (flakeCompat ../../../../../flakes/private/paste).nixosModules;
	78
4288c2f2	79	options.myServices.websites.tools.tools = {
10889174 IB	80	enable = lib.mkEnableOption "enable tools website";
	81	};
	82
	83	config = lib.mkIf cfg.enable {
1a718805	84	secrets.keys =
a840a21c	85	kanboard.keys
4c4652aa IB	86	// ldap.keys
	87	// shaarli.keys
	88	// ttrss.keys
	89	// wallabag.keys
	90	// yourls.keys
	91	// dmarc-reports.keys
	92	// csp-reports.keys
	93	// webhooks.keys;
98163486	94
d2e703c5	95	services.duplyBackup.profiles = {
6a8252b1	96	dokuwiki = dokuwiki.backups;
c7627e14	97	grocy = grocy.backups;
6a8252b1 IB	98	kanboard = kanboard.backups;
	99	rompr = rompr.backups;
	100	shaarli = shaarli.backups;
	101	ttrss = ttrss.backups;
	102	wallabag = wallabag.backups;
a8ef1adb	103	phpbb = phpbb.backups;
6a8252b1 IB	104	};
6a8252b1 IB	105
29f8cb85	106	services.websites.env.tools.modules =
1922655a IB	107	[ "proxy_fcgi" ]
1922655a IB	108	++ adminer.apache.modules
10889174 IB	109	++ ympd.apache.modules
10889174 IB	110	++ ttrss.apache.modules
133ebaee	111	++ wallabag.apache.modules
bfe3c9c9	112	++ yourls.apache.modules
95b20e17	113	++ rompr.apache.modules
b892dcbe	114	++ shaarli.apache.modules
f80772dc	115	++ dokuwiki.apache.modules
7df5e532	116	++ dmarc-reports.apache.modules
a8ef1adb	117	++ phpbb.apache.modules
d4ed0eff IB	118	++ ldap.apache.modules
d4ed0eff IB	119	++ kanboard.apache.modules;
10889174	120
29f8cb85	121	services.websites.env.integration.vhostConfs.devtools = {
0f71cd76 IB	122	certName = "integration";
	123	certMainHost = "devtools.immae.eu";
	124	addToCerts = true;
	125	hosts = [ "devtools.immae.eu" ];
	126	root = "/var/lib/ftp/devtools.immae.eu";
	127	extraConfig = [
0aae0181	128	''
a0e80453	129	Use Apaxy "/var/lib/ftp/devtools.immae.eu" "title"
9338c832 IB	130	Timeout 600
9338c832 IB	131	ProxyTimeout 600
68c45ad5	132	Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
0aae0181 IB	133	<Directory "/var/lib/ftp/devtools.immae.eu">
	134	DirectoryIndex index.php index.htm index.html
	135	AllowOverride all
	136	Require all granted
	137	<FilesMatch "\.php$">
5400b9b6	138	SetHandler "proxy:unix:${pcfg.devtools.socket}\|fcgi://localhost"
0aae0181 IB	139	</FilesMatch>
	140	</Directory>
	141	''
46f30ecc IB	142	];
	143	};
	144
29f8cb85	145	services.websites.env.tools.vhostConfs.tools = {
10889174	146	certName = "eldiron";
7df420c2	147	addToCerts = true;
10889174	148	hosts = ["tools.immae.eu" ];
a8ef1adb	149	root = landing;
10889174	150	extraConfig = [
1922655a	151	''
ea9c6fe8	152	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
afcc5de0	153	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
3f453c7d	154	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
afcc5de0	155
251c0a13 IB	156	<Directory "${landing}">
	157	DirectoryIndex index.html
	158	AllowOverride None
	159	Require all granted
	160
	161	<FilesMatch "\.php$">
	162	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	163	</FilesMatch>
	164	</Directory>
1922655a	165	''
5400b9b6	166	(adminer.apache.vhostConf pcfg.adminer.socket)
10889174	167	ympd.apache.vhostConf
5400b9b6 IB	168	(ttrss.apache.vhostConf pcfg.ttrss.socket)
	169	(wallabag.apache.vhostConf pcfg.wallabag.socket)
	170	(yourls.apache.vhostConf pcfg.yourls.socket)
	171	(rompr.apache.vhostConf pcfg.rompr.socket)
	172	(shaarli.apache.vhostConf pcfg.shaarli.socket)
	173	(dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
	174	(ldap.apache.vhostConf pcfg.ldap.socket)
	175	(kanboard.apache.vhostConf pcfg.kanboard.socket)
	176	(grocy.apache.vhostConf pcfg.grocy.socket)
a8ef1adb	177	(phpbb.apache.vhostConf pcfg.phpbb.socket)
7df5e532	178	(dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
ea3b46ee	179	''
a9f52ec5 IB	180	<Location "/paste/">
	181	ProxyPass unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	182	ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	183	ProxyPreserveHost on
	184	</Location>
	185	<Location "/paste">
	186	ProxyPass unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	187	ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	188	ProxyPreserveHost on
	189	</Location>
251c0a13	190
cb589b2e IB	191	Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
cb589b2e IB	192	<Directory "/var/lib/buildbot/outputs/immae/bip39">
251c0a13 IB	193	DirectoryIndex index.html
	194	AllowOverride None
	195	Require all granted
	196	</Directory>
	197
da30ae4f IB	198	Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
da30ae4f IB	199	<Directory "${config.secrets.fullPaths."webapps/webhooks"}">
251c0a13 IB	200	Options -Indexes
	201	Require all granted
	202	AllowOverride None
	203	<FilesMatch "\.php$">
	204	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	205	</FilesMatch>
	206	</Directory>
ea3b46ee	207	''
10889174 IB	208	];
	209	};
	210
29f8cb85	211	services.websites.env.tools.vhostConfs.outils = {
7df420c2 IB	212	certName = "eldiron";
7df420c2 IB	213	addToCerts = true;
0f71cd76	214	hosts = [ "outils.immae.eu" ];
7df420c2	215	root = null;
70606070 IB	216	extraConfig = [
	217	''
	218	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	219
	220	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	221
	222	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	223	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	224
	225	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	226	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	227	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	228	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	229
	230	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	231
afcc5de0 IB	232	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
afcc5de0 IB	233
3f453c7d IB	234	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
3f453c7d IB	235
ea9c6fe8 IB	236	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
ea9c6fe8 IB	237
70606070 IB	238	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	239	''
	240	];
	241	};
	242
f40f5b23 IB	243	systemd.services = {
	244	phpfpm-dokuwiki = {
	245	after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
	246	wants = dokuwiki.phpFpm.serviceDeps;
	247	};
a8ef1adb IB	248	phpfpm-phpbb = {
	249	after = lib.mkAfter phpbb.phpFpm.serviceDeps;
	250	wants = phpbb.phpFpm.serviceDeps;
	251	};
f40f5b23 IB	252	phpfpm-kanboard = {
	253	after = lib.mkAfter kanboard.phpFpm.serviceDeps;
	254	wants = kanboard.phpFpm.serviceDeps;
	255	};
	256	phpfpm-ldap = {
	257	after = lib.mkAfter ldap.phpFpm.serviceDeps;
	258	wants = ldap.phpFpm.serviceDeps;
	259	};
f40f5b23 IB	260	phpfpm-shaarli = {
	261	after = lib.mkAfter shaarli.phpFpm.serviceDeps;
	262	wants = shaarli.phpFpm.serviceDeps;
	263	};
	264	phpfpm-ttrss = {
	265	after = lib.mkAfter ttrss.phpFpm.serviceDeps;
	266	wants = ttrss.phpFpm.serviceDeps;
	267	};
	268	phpfpm-wallabag = {
	269	after = lib.mkAfter wallabag.phpFpm.serviceDeps;
	270	wants = wallabag.phpFpm.serviceDeps;
	271	preStart = lib.mkAfter wallabag.phpFpm.preStart;
	272	};
	273	phpfpm-yourls = {
	274	after = lib.mkAfter yourls.phpFpm.serviceDeps;
	275	wants = yourls.phpFpm.serviceDeps;
	276	};
	277	ympd = {
	278	description = "Standalone MPD Web GUI written in C";
	279	wantedBy = [ "multi-user.target" ];
	280	script = ''
da30ae4f	281	export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
f40f5b23 IB	282	${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
	283	'';
	284	};
	285	tt-rss = {
	286	description = "Tiny Tiny RSS feeds update daemon";
	287	serviceConfig = {
	288	User = "wwwrun";
dcac3ec7	289	ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
f40f5b23 IB	290	StandardOutput = "syslog";
	291	StandardError = "syslog";
	292	PermissionsStartOnly = true;
	293	};
	294
	295	wantedBy = [ "multi-user.target" ];
	296	requires = ["postgresql.service"];
	297	after = ["network.target" "postgresql.service"];
	298	};
	299	};
	300
17f6eae9 IB	301	services.filesWatcher.ympd = {
17f6eae9 IB	302	restart = true;
da30ae4f	303	paths = [ config.secrets.fullPaths."mpd" ];
17f6eae9 IB	304	};
17f6eae9 IB	305
441da8aa IB	306	services.phpfpm.pools = {
441da8aa IB	307	tools = {
5400b9b6 IB	308	user = "wwwrun";
	309	group = "wwwrun";
	310	settings = {
	311	"listen.owner" = "wwwrun";
	312	"listen.group" = "wwwrun";
	313	"pm" = "dynamic";
	314	"pm.max_children" = "60";
	315	"pm.start_servers" = "2";
	316	"pm.min_spare_servers" = "1";
	317	"pm.max_spare_servers" = "10";
f40f5b23	318
5400b9b6 IB	319	# Needed to avoid clashes in browser cookies (same domain)
5400b9b6 IB	320	"php_value[session.name]" = "ToolsPHPSESSID";
251c0a13	321	"php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
a8ef1adb	322	"/run/wrappers/bin/sendmail" landing "/tmp"
da30ae4f	323	config.secrets.fullPaths."webapps/webhooks"
251c0a13	324	];
da30ae4f	325	"include" = config.secrets.fullPaths."webapps/tools-csp-reports.conf";
251c0a13 IB	326	};
	327	phpEnv = {
	328	CONTACT_EMAIL = config.myEnv.tools.contact;
5400b9b6	329	};
dcac3ec7	330	phpPackage = pkgs.php72;
441da8aa IB	331	};
441da8aa IB	332	devtools = {
5400b9b6 IB	333	user = "wwwrun";
	334	group = "wwwrun";
	335	settings = {
	336	"listen.owner" = "wwwrun";
	337	"listen.group" = "wwwrun";
	338	"pm" = "dynamic";
	339	"pm.max_children" = "60";
	340	"pm.start_servers" = "2";
	341	"pm.min_spare_servers" = "1";
	342	"pm.max_spare_servers" = "10";
1922655a	343
5400b9b6 IB	344	"php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
5400b9b6 IB	345	};
2053ddac	346	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
441da8aa	347	};
5400b9b6	348	adminer = adminer.phpFpm;
441da8aa	349	ttrss = {
5400b9b6 IB	350	user = "wwwrun";
	351	group = "wwwrun";
	352	settings = ttrss.phpFpm.pool;
dcac3ec7	353	phpPackage = pkgs.php72;
441da8aa IB	354	};
441da8aa IB	355	wallabag = {
5400b9b6 IB	356	user = "wwwrun";
	357	group = "wwwrun";
	358	settings = wallabag.phpFpm.pool;
2053ddac	359	phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
441da8aa IB	360	};
441da8aa IB	361	yourls = {
5400b9b6 IB	362	user = "wwwrun";
	363	group = "wwwrun";
	364	settings = yourls.phpFpm.pool;
dcac3ec7	365	phpPackage = pkgs.php72;
441da8aa IB	366	};
441da8aa IB	367	rompr = {
5400b9b6 IB	368	user = "wwwrun";
	369	group = "wwwrun";
	370	settings = rompr.phpFpm.pool;
dcac3ec7	371	phpPackage = pkgs.php72;
441da8aa IB	372	};
441da8aa IB	373	shaarli = {
5400b9b6 IB	374	user = "wwwrun";
	375	group = "wwwrun";
	376	settings = shaarli.phpFpm.pool;
dcac3ec7	377	phpPackage = pkgs.php72;
441da8aa	378	};
7df5e532 IB	379	dmarc-reports = {
	380	user = "wwwrun";
	381	group = "wwwrun";
	382	settings = dmarc-reports.phpFpm.pool;
	383	phpEnv = dmarc-reports.phpFpm.phpEnv;
dcac3ec7	384	phpPackage = pkgs.php72;
7df5e532	385	};
441da8aa	386	dokuwiki = {
5400b9b6 IB	387	user = "wwwrun";
	388	group = "wwwrun";
	389	settings = dokuwiki.phpFpm.pool;
dcac3ec7	390	phpPackage = pkgs.php72;
441da8aa	391	};
a8ef1adb IB	392	phpbb = {
	393	user = "wwwrun";
	394	group = "wwwrun";
	395	settings = phpbb.phpFpm.pool;
dcac3ec7	396	phpPackage = pkgs.php72;
a8ef1adb	397	};
441da8aa	398	ldap = {
5400b9b6 IB	399	user = "wwwrun";
	400	group = "wwwrun";
	401	settings = ldap.phpFpm.pool;
64608496	402	phpPackage = pkgs.php72;
441da8aa IB	403	};
441da8aa IB	404	kanboard = {
5400b9b6 IB	405	user = "wwwrun";
	406	group = "wwwrun";
	407	settings = kanboard.phpFpm.pool;
dcac3ec7	408	phpPackage = pkgs.php72;
441da8aa IB	409	};
441da8aa IB	410	grocy = {
5400b9b6 IB	411	user = "wwwrun";
	412	group = "wwwrun";
	413	settings = grocy.phpFpm.pool;
dcac3ec7	414	phpPackage = pkgs.php72;
441da8aa	415	};
10889174 IB	416	};
	417
	418	system.activationScripts = {
4288c2f2	419	adminer = adminer.activationScript;
c7627e14	420	grocy = grocy.activationScript;
10889174	421	ttrss = ttrss.activationScript;
aebd817b	422	wallabag = wallabag.activationScript;
133ebaee	423	yourls = yourls.activationScript;
bfe3c9c9	424	rompr = rompr.activationScript;
95b20e17	425	shaarli = shaarli.activationScript;
b892dcbe	426	dokuwiki = dokuwiki.activationScript;
a8ef1adb	427	phpbb = phpbb.activationScript;
d4ed0eff	428	kanboard = kanboard.activationScript;
4288c2f2	429	ldap = ldap.activationScript;
10889174 IB	430	};
10889174 IB	431
d3452fc5	432	services.websites.webappDirs = {
4288c2f2	433	_adminer = adminer.webRoot;
7df5e532	434	"${dmarc-reports.apache.webappName}" = dmarc-reports.webRoot;
4288c2f2	435	"${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
a8ef1adb	436	"${phpbb.apache.webappName}" = phpbb.webRoot;
4288c2f2 IB	437	"${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
4288c2f2 IB	438	"${rompr.apache.webappName}" = rompr.webRoot;
4288c2f2 IB	439	"${shaarli.apache.webappName}" = shaarli.webRoot;
	440	"${ttrss.apache.webappName}" = ttrss.webRoot;
	441	"${wallabag.apache.webappName}" = wallabag.webRoot;
	442	"${yourls.apache.webappName}" = yourls.webRoot;
4288c2f2	443	"${kanboard.apache.webappName}" = kanboard.webRoot;
c7627e14	444	"${grocy.apache.webappName}" = grocy.webRoot;
4288c2f2	445	};
a95ab089	446
29f8cb85	447	services.websites.env.tools.watchPaths = [
da30ae4f	448	config.secrets.fullPaths."webapps/tools-shaarli"
17f6eae9 IB	449	];
	450	services.filesWatcher.phpfpm-wallabag = {
	451	restart = true;
da30ae4f	452	paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
17f6eae9	453	};
ea3b46ee	454
10889174 IB	455	};
	456	}
	457