[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix

{ lib, pkgs, config, ... }:
let
  flakeCompat = import ../../../../../lib/flake-compat.nix;

  adminer = pkgs.callPackage ./adminer.nix {};
  ympd = pkgs.callPackage ./ympd.nix {
    env = config.myEnv.tools.ympd;
  };
  ttrss = pkgs.callPackage ./ttrss.nix {
    inherit (pkgs.webapps) ttrss ttrss-plugins;
    env = config.myEnv.tools.ttrss;
    php = pkgs.php72;
    inherit config;
  };
  kanboard = pkgs.callPackage ./kanboard.nix  {
    inherit config;
    env = config.myEnv.tools.kanboard;
  };
  wallabag = pkgs.callPackage ./wallabag.nix {
    wallabag = pkgs.webapps.wallabag.override {
      composerEnv = pkgs.composerEnv.override {
        php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
      };
    };
    env = config.myEnv.tools.wallabag;
    inherit config;
  };
  yourls = pkgs.callPackage ./yourls.nix {
    inherit (pkgs.webapps) yourls yourls-plugins;
    env = config.myEnv.tools.yourls;
    inherit config;
  };
  rompr = pkgs.callPackage ./rompr.nix {
    inherit (pkgs.webapps) rompr;
    env = config.myEnv.tools.rompr;
  };
  shaarli = pkgs.callPackage ./shaarli.nix {
    env = config.myEnv.tools.shaarli;
    inherit config;
  };
  dokuwiki = pkgs.callPackage ./dokuwiki.nix {
    inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
  };
  ldap = pkgs.callPackage ./ldap.nix {
    inherit (pkgs.webapps) phpldapadmin;
    env = config.myEnv.tools.phpldapadmin;
    inherit config;
  };
  grocy = pkgs.callPackage ./grocy.nix {
    grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
  };
  phpbb = pkgs.callPackage ./phpbb.nix {
    phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
      e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
      e.empteintesduweb.monitoranswers e.lr94.autosubscribe
      e.phpbbmodders.adduser ]);
  };
  webhooks = pkgs.callPackage ./webhooks.nix {
    env = config.myEnv.tools.webhooks;
  };
  dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
    env = config.myEnv.tools.dmarc_reports;
    inherit config;
  };
  csp-reports = pkgs.callPackage ./csp_reports.nix {
    env = config.myEnv.tools.csp_reports;
  };

  landing = pkgs.callPackage ./landing.nix {};

  cfg = config.myServices.websites.tools.tools;
  pcfg = config.services.phpfpm.pools;
in {
  imports =
    builtins.attrValues (flakeCompat ../../../../../flakes/private/paste).nixosModules;

  options.myServices.websites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    secrets.keys =
      kanboard.keys
      // ldap.keys
      // shaarli.keys
      // ttrss.keys
      // wallabag.keys
      // yourls.keys
      // dmarc-reports.keys
      // csp-reports.keys
      // webhooks.keys;

    services.websites.env.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ dmarc-reports.apache.modules
      ++ phpbb.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    services.websites.env.integration.vhostConfs.devtools = {
      certName     = "integration";
      certMainHost = "devtools.immae.eu";
      addToCerts   = true;
      hosts        = [ "devtools.immae.eu" ];
      root         = "/var/lib/ftp/immae/devtools";
      extraConfig  = [
        ''
          Use Apaxy "/var/lib/ftp/immae/devtools" "title"
          Timeout 600
          ProxyTimeout 600
          Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
          <Directory "/var/lib/ftp/immae/devtools">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
      ];
    };

    services.websites.env.tools.vhostConfs.tools = {
      certName    = "eldiron";
      addToCerts  = true;
      hosts       = ["tools.immae.eu" ];
      root        = landing;
      extraConfig = [
        ''
          RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1
          RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1
          RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

          <Directory "${landing}">
            DirectoryIndex index.html
            AllowOverride None
            Require all granted

            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        (adminer.apache.vhostConf pcfg.adminer.socket)
        ympd.apache.vhostConf
        (ttrss.apache.vhostConf pcfg.ttrss.socket)
        (wallabag.apache.vhostConf pcfg.wallabag.socket)
        (yourls.apache.vhostConf pcfg.yourls.socket)
        (rompr.apache.vhostConf pcfg.rompr.socket)
        (shaarli.apache.vhostConf pcfg.shaarli.socket)
        (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
        (ldap.apache.vhostConf pcfg.ldap.socket)
        (kanboard.apache.vhostConf pcfg.kanboard.socket)
        (grocy.apache.vhostConf pcfg.grocy.socket)
        (phpbb.apache.vhostConf pcfg.phpbb.socket)
        (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
        ''
          <Location "/paste/">
            ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPreserveHost on
          </Location>
          <Location "/paste">
            ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPreserveHost on
          </Location>

          Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
          <Directory "/var/lib/buildbot/outputs/immae/bip39">
            DirectoryIndex index.html
            AllowOverride None
            Require all granted
          </Directory>

          Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
          <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
            Options -Indexes
            Require all granted
            AllowOverride None
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
        ''
      ];
    };

    services.websites.env.tools.vhostConfs.outils = {
      certName   = "eldiron";
      addToCerts = true;
      hosts      = [ "outils.immae.eu" ];
      root       = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1

        RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

        RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    systemd.services = {
      phpfpm-dokuwiki = {
        after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
        wants = dokuwiki.phpFpm.serviceDeps;
      };
      phpfpm-phpbb = {
        after = lib.mkAfter phpbb.phpFpm.serviceDeps;
        wants = phpbb.phpFpm.serviceDeps;
      };
      phpfpm-kanboard = {
        after = lib.mkAfter kanboard.phpFpm.serviceDeps;
        wants = kanboard.phpFpm.serviceDeps;
      };
      phpfpm-ldap = {
        after = lib.mkAfter ldap.phpFpm.serviceDeps;
        wants = ldap.phpFpm.serviceDeps;
      };
      phpfpm-shaarli = {
        after = lib.mkAfter shaarli.phpFpm.serviceDeps;
        wants = shaarli.phpFpm.serviceDeps;
      };
      phpfpm-ttrss = {
        after = lib.mkAfter ttrss.phpFpm.serviceDeps;
        wants = ttrss.phpFpm.serviceDeps;
      };
      phpfpm-wallabag = {
        after = lib.mkAfter wallabag.phpFpm.serviceDeps;
        wants = wallabag.phpFpm.serviceDeps;
        preStart = lib.mkAfter wallabag.phpFpm.preStart;
      };
      phpfpm-yourls = {
        after = lib.mkAfter yourls.phpFpm.serviceDeps;
        wants = yourls.phpFpm.serviceDeps;
      };
      ympd = {
        description = "Standalone MPD Web GUI written in C";
        wantedBy = [ "multi-user.target" ];
        script = ''
          export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
          ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
          '';
      };
      tt-rss = {
        description = "Tiny Tiny RSS feeds update daemon";
        serviceConfig = {
          User = "wwwrun";
          ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
          StandardOutput = "syslog";
          StandardError = "syslog";
          PermissionsStartOnly = true;
        };

        wantedBy = [ "multi-user.target" ];
        requires = ["postgresql.service"];
        after = ["network.target" "postgresql.service"];
      };
    };

    services.filesWatcher.ympd = {
      restart = true;
      paths = [ config.secrets.fullPaths."mpd" ];
    };

    services.phpfpm.pools = {
      tools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          # Needed to avoid clashes in browser cookies (same domain)
          "php_value[session.name]" = "ToolsPHPSESSID";
          "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
            "/run/wrappers/bin/sendmail" landing "/tmp"
            config.secrets.fullPaths."webapps/webhooks"
          ];
          "include" = config.secrets.fullPaths."webapps/tools-csp-reports.conf";
        };
        phpEnv = {
          CONTACT_EMAIL = config.myEnv.tools.contact;
        };
        phpPackage = pkgs.php72;
      };
      devtools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
        };
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
      };
      adminer = adminer.phpFpm;
      ttrss = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ttrss.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      wallabag = {
        user = "wwwrun";
        group = "wwwrun";
        settings = wallabag.phpFpm.pool;
        phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
      };
      yourls = {
        user = "wwwrun";
        group = "wwwrun";
        settings = yourls.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      rompr = {
        user = "wwwrun";
        group = "wwwrun";
        settings = rompr.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      shaarli = {
        user = "wwwrun";
        group = "wwwrun";
        settings = shaarli.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      dmarc-reports = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dmarc-reports.phpFpm.pool;
        phpEnv = dmarc-reports.phpFpm.phpEnv;
        phpPackage = pkgs.php72;
      };
      dokuwiki = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dokuwiki.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      phpbb = {
        user = "wwwrun";
        group = "wwwrun";
        settings = phpbb.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      ldap = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ldap.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      kanboard = {
        user = "wwwrun";
        group = "wwwrun";
        settings = kanboard.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      grocy = {
        user = "wwwrun";
        group = "wwwrun";
        settings = grocy.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
    };

    system.activationScripts = {
      adminer = adminer.activationScript;
      grocy = grocy.activationScript;
      ttrss = ttrss.activationScript;
      wallabag = wallabag.activationScript;
      yourls = yourls.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      phpbb = phpbb.activationScript;
      kanboard = kanboard.activationScript;
      ldap = ldap.activationScript;
    };

    services.websites.env.tools.watchPaths = [
      config.secrets.fullPaths."webapps/tools-shaarli"
    ];
    services.filesWatcher.phpfpm-wallabag = {
      restart = true;
      paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
    };

  };
}
Commit	Line	Data
ab8f306d	1	{ lib, pkgs, config, ... }:
10889174	2	let
a9f52ec5 IB	3	flakeCompat = import ../../../../../lib/flake-compat.nix;
a9f52ec5 IB	4
750fe5a4	5	adminer = pkgs.callPackage ./adminer.nix {};
4288c2f2	6	ympd = pkgs.callPackage ./ympd.nix {
ab8f306d	7	env = config.myEnv.tools.ympd;
4288c2f2 IB	8	};
	9	ttrss = pkgs.callPackage ./ttrss.nix {
	10	inherit (pkgs.webapps) ttrss ttrss-plugins;
ab8f306d	11	env = config.myEnv.tools.ttrss;
dcac3ec7	12	php = pkgs.php72;
da30ae4f	13	inherit config;
4288c2f2	14	};
4288c2f2	15	kanboard = pkgs.callPackage ./kanboard.nix {
da30ae4f	16	inherit config;
ab8f306d	17	env = config.myEnv.tools.kanboard;
4288c2f2 IB	18	};
4288c2f2 IB	19	wallabag = pkgs.callPackage ./wallabag.nix {
46c99b57 IB	20	wallabag = pkgs.webapps.wallabag.override {
46c99b57 IB	21	composerEnv = pkgs.composerEnv.override {
2053ddac	22	php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
46c99b57 IB	23	};
46c99b57 IB	24	};
ab8f306d	25	env = config.myEnv.tools.wallabag;
da30ae4f	26	inherit config;
4288c2f2 IB	27	};
	28	yourls = pkgs.callPackage ./yourls.nix {
	29	inherit (pkgs.webapps) yourls yourls-plugins;
ab8f306d	30	env = config.myEnv.tools.yourls;
da30ae4f	31	inherit config;
4288c2f2 IB	32	};
	33	rompr = pkgs.callPackage ./rompr.nix {
	34	inherit (pkgs.webapps) rompr;
ab8f306d	35	env = config.myEnv.tools.rompr;
4288c2f2 IB	36	};
4288c2f2 IB	37	shaarli = pkgs.callPackage ./shaarli.nix {
ab8f306d	38	env = config.myEnv.tools.shaarli;
da30ae4f	39	inherit config;
4288c2f2 IB	40	};
	41	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
	42	inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
	43	};
	44	ldap = pkgs.callPackage ./ldap.nix {
	45	inherit (pkgs.webapps) phpldapadmin;
ab8f306d	46	env = config.myEnv.tools.phpldapadmin;
da30ae4f	47	inherit config;
4288c2f2	48	};
c7627e14	49	grocy = pkgs.callPackage ./grocy.nix {
dcac3ec7	50	grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
c7627e14	51	};
a8ef1adb IB	52	phpbb = pkgs.callPackage ./phpbb.nix {
	53	phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
	54	e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
	55	e.empteintesduweb.monitoranswers e.lr94.autosubscribe
	56	e.phpbbmodders.adduser ]);
	57	};
251c0a13 IB	58	webhooks = pkgs.callPackage ./webhooks.nix {
	59	env = config.myEnv.tools.webhooks;
	60	};
7df5e532 IB	61	dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
7df5e532 IB	62	env = config.myEnv.tools.dmarc_reports;
da30ae4f	63	inherit config;
7df5e532	64	};
0966f95c IB	65	csp-reports = pkgs.callPackage ./csp_reports.nix {
	66	env = config.myEnv.tools.csp_reports;
	67	};
251c0a13 IB	68
251c0a13 IB	69	landing = pkgs.callPackage ./landing.nix {};
10889174	70
4288c2f2	71	cfg = config.myServices.websites.tools.tools;
5400b9b6	72	pcfg = config.services.phpfpm.pools;
10889174	73	in {
a9f52ec5 IB	74	imports =
	75	builtins.attrValues (flakeCompat ../../../../../flakes/private/paste).nixosModules;
	76
4288c2f2	77	options.myServices.websites.tools.tools = {
10889174 IB	78	enable = lib.mkEnableOption "enable tools website";
	79	};
	80
	81	config = lib.mkIf cfg.enable {
1a718805	82	secrets.keys =
a840a21c	83	kanboard.keys
4c4652aa IB	84	// ldap.keys
	85	// shaarli.keys
	86	// ttrss.keys
	87	// wallabag.keys
	88	// yourls.keys
	89	// dmarc-reports.keys
	90	// csp-reports.keys
	91	// webhooks.keys;
98163486	92
29f8cb85	93	services.websites.env.tools.modules =
1922655a IB	94	[ "proxy_fcgi" ]
1922655a IB	95	++ adminer.apache.modules
10889174 IB	96	++ ympd.apache.modules
10889174 IB	97	++ ttrss.apache.modules
133ebaee	98	++ wallabag.apache.modules
bfe3c9c9	99	++ yourls.apache.modules
95b20e17	100	++ rompr.apache.modules
b892dcbe	101	++ shaarli.apache.modules
f80772dc	102	++ dokuwiki.apache.modules
7df5e532	103	++ dmarc-reports.apache.modules
a8ef1adb	104	++ phpbb.apache.modules
d4ed0eff IB	105	++ ldap.apache.modules
d4ed0eff IB	106	++ kanboard.apache.modules;
10889174	107
29f8cb85	108	services.websites.env.integration.vhostConfs.devtools = {
0f71cd76 IB	109	certName = "integration";
	110	certMainHost = "devtools.immae.eu";
	111	addToCerts = true;
	112	hosts = [ "devtools.immae.eu" ];
41cce84a	113	root = "/var/lib/ftp/immae/devtools";
0f71cd76	114	extraConfig = [
0aae0181	115	''
41cce84a	116	Use Apaxy "/var/lib/ftp/immae/devtools" "title"
9338c832 IB	117	Timeout 600
9338c832 IB	118	ProxyTimeout 600
68c45ad5	119	Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
41cce84a	120	<Directory "/var/lib/ftp/immae/devtools">
0aae0181 IB	121	DirectoryIndex index.php index.htm index.html
	122	AllowOverride all
	123	Require all granted
	124	<FilesMatch "\.php$">
5400b9b6	125	SetHandler "proxy:unix:${pcfg.devtools.socket}\|fcgi://localhost"
0aae0181 IB	126	</FilesMatch>
	127	</Directory>
	128	''
46f30ecc IB	129	];
	130	};
	131
29f8cb85	132	services.websites.env.tools.vhostConfs.tools = {
10889174	133	certName = "eldiron";
7df420c2	134	addToCerts = true;
10889174	135	hosts = ["tools.immae.eu" ];
a8ef1adb	136	root = landing;
10889174	137	extraConfig = [
1922655a	138	''
ea9c6fe8	139	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
afcc5de0	140	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
3f453c7d	141	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
afcc5de0	142
251c0a13 IB	143	<Directory "${landing}">
	144	DirectoryIndex index.html
	145	AllowOverride None
	146	Require all granted
	147
	148	<FilesMatch "\.php$">
	149	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	150	</FilesMatch>
	151	</Directory>
1922655a	152	''
5400b9b6	153	(adminer.apache.vhostConf pcfg.adminer.socket)
10889174	154	ympd.apache.vhostConf
5400b9b6 IB	155	(ttrss.apache.vhostConf pcfg.ttrss.socket)
	156	(wallabag.apache.vhostConf pcfg.wallabag.socket)
	157	(yourls.apache.vhostConf pcfg.yourls.socket)
	158	(rompr.apache.vhostConf pcfg.rompr.socket)
	159	(shaarli.apache.vhostConf pcfg.shaarli.socket)
	160	(dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
	161	(ldap.apache.vhostConf pcfg.ldap.socket)
	162	(kanboard.apache.vhostConf pcfg.kanboard.socket)
	163	(grocy.apache.vhostConf pcfg.grocy.socket)
a8ef1adb	164	(phpbb.apache.vhostConf pcfg.phpbb.socket)
7df5e532	165	(dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
ea3b46ee	166	''
a9f52ec5 IB	167	<Location "/paste/">
	168	ProxyPass unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	169	ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	170	ProxyPreserveHost on
	171	</Location>
	172	<Location "/paste">
	173	ProxyPass unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	174	ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	175	ProxyPreserveHost on
	176	</Location>
251c0a13	177
cb589b2e IB	178	Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
cb589b2e IB	179	<Directory "/var/lib/buildbot/outputs/immae/bip39">
251c0a13 IB	180	DirectoryIndex index.html
	181	AllowOverride None
	182	Require all granted
	183	</Directory>
	184
da30ae4f IB	185	Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
da30ae4f IB	186	<Directory "${config.secrets.fullPaths."webapps/webhooks"}">
251c0a13 IB	187	Options -Indexes
	188	Require all granted
	189	AllowOverride None
	190	<FilesMatch "\.php$">
	191	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	192	</FilesMatch>
	193	</Directory>
ea3b46ee	194	''
10889174 IB	195	];
	196	};
	197
29f8cb85	198	services.websites.env.tools.vhostConfs.outils = {
7df420c2 IB	199	certName = "eldiron";
7df420c2 IB	200	addToCerts = true;
0f71cd76	201	hosts = [ "outils.immae.eu" ];
7df420c2	202	root = null;
70606070 IB	203	extraConfig = [
	204	''
	205	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	206
	207	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	208
	209	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	210	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	211
	212	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	213	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	214	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	215	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	216
	217	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	218
afcc5de0 IB	219	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
afcc5de0 IB	220
3f453c7d IB	221	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
3f453c7d IB	222
ea9c6fe8 IB	223	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
ea9c6fe8 IB	224
70606070 IB	225	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	226	''
	227	];
	228	};
	229
f40f5b23 IB	230	systemd.services = {
	231	phpfpm-dokuwiki = {
	232	after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
	233	wants = dokuwiki.phpFpm.serviceDeps;
	234	};
a8ef1adb IB	235	phpfpm-phpbb = {
	236	after = lib.mkAfter phpbb.phpFpm.serviceDeps;
	237	wants = phpbb.phpFpm.serviceDeps;
	238	};
f40f5b23 IB	239	phpfpm-kanboard = {
	240	after = lib.mkAfter kanboard.phpFpm.serviceDeps;
	241	wants = kanboard.phpFpm.serviceDeps;
	242	};
	243	phpfpm-ldap = {
	244	after = lib.mkAfter ldap.phpFpm.serviceDeps;
	245	wants = ldap.phpFpm.serviceDeps;
	246	};
f40f5b23 IB	247	phpfpm-shaarli = {
	248	after = lib.mkAfter shaarli.phpFpm.serviceDeps;
	249	wants = shaarli.phpFpm.serviceDeps;
	250	};
	251	phpfpm-ttrss = {
	252	after = lib.mkAfter ttrss.phpFpm.serviceDeps;
	253	wants = ttrss.phpFpm.serviceDeps;
	254	};
	255	phpfpm-wallabag = {
	256	after = lib.mkAfter wallabag.phpFpm.serviceDeps;
	257	wants = wallabag.phpFpm.serviceDeps;
	258	preStart = lib.mkAfter wallabag.phpFpm.preStart;
	259	};
	260	phpfpm-yourls = {
	261	after = lib.mkAfter yourls.phpFpm.serviceDeps;
	262	wants = yourls.phpFpm.serviceDeps;
	263	};
	264	ympd = {
	265	description = "Standalone MPD Web GUI written in C";
	266	wantedBy = [ "multi-user.target" ];
	267	script = ''
da30ae4f	268	export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
f40f5b23 IB	269	${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
	270	'';
	271	};
	272	tt-rss = {
	273	description = "Tiny Tiny RSS feeds update daemon";
	274	serviceConfig = {
	275	User = "wwwrun";
dcac3ec7	276	ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
f40f5b23 IB	277	StandardOutput = "syslog";
	278	StandardError = "syslog";
	279	PermissionsStartOnly = true;
	280	};
	281
	282	wantedBy = [ "multi-user.target" ];
	283	requires = ["postgresql.service"];
	284	after = ["network.target" "postgresql.service"];
	285	};
	286	};
	287
17f6eae9 IB	288	services.filesWatcher.ympd = {
17f6eae9 IB	289	restart = true;
da30ae4f	290	paths = [ config.secrets.fullPaths."mpd" ];
17f6eae9 IB	291	};
17f6eae9 IB	292
441da8aa IB	293	services.phpfpm.pools = {
441da8aa IB	294	tools = {
5400b9b6 IB	295	user = "wwwrun";
	296	group = "wwwrun";
	297	settings = {
	298	"listen.owner" = "wwwrun";
	299	"listen.group" = "wwwrun";
	300	"pm" = "dynamic";
	301	"pm.max_children" = "60";
	302	"pm.start_servers" = "2";
	303	"pm.min_spare_servers" = "1";
	304	"pm.max_spare_servers" = "10";
f40f5b23	305
5400b9b6 IB	306	# Needed to avoid clashes in browser cookies (same domain)
5400b9b6 IB	307	"php_value[session.name]" = "ToolsPHPSESSID";
251c0a13	308	"php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
a8ef1adb	309	"/run/wrappers/bin/sendmail" landing "/tmp"
da30ae4f	310	config.secrets.fullPaths."webapps/webhooks"
251c0a13	311	];
da30ae4f	312	"include" = config.secrets.fullPaths."webapps/tools-csp-reports.conf";
251c0a13 IB	313	};
	314	phpEnv = {
	315	CONTACT_EMAIL = config.myEnv.tools.contact;
5400b9b6	316	};
dcac3ec7	317	phpPackage = pkgs.php72;
441da8aa IB	318	};
441da8aa IB	319	devtools = {
5400b9b6 IB	320	user = "wwwrun";
	321	group = "wwwrun";
	322	settings = {
	323	"listen.owner" = "wwwrun";
	324	"listen.group" = "wwwrun";
	325	"pm" = "dynamic";
	326	"pm.max_children" = "60";
	327	"pm.start_servers" = "2";
	328	"pm.min_spare_servers" = "1";
	329	"pm.max_spare_servers" = "10";
1922655a	330
41cce84a	331	"php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
5400b9b6	332	};
2053ddac	333	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
441da8aa	334	};
5400b9b6	335	adminer = adminer.phpFpm;
441da8aa	336	ttrss = {
5400b9b6 IB	337	user = "wwwrun";
	338	group = "wwwrun";
	339	settings = ttrss.phpFpm.pool;
dcac3ec7	340	phpPackage = pkgs.php72;
441da8aa IB	341	};
441da8aa IB	342	wallabag = {
5400b9b6 IB	343	user = "wwwrun";
	344	group = "wwwrun";
	345	settings = wallabag.phpFpm.pool;
2053ddac	346	phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
441da8aa IB	347	};
441da8aa IB	348	yourls = {
5400b9b6 IB	349	user = "wwwrun";
	350	group = "wwwrun";
	351	settings = yourls.phpFpm.pool;
dcac3ec7	352	phpPackage = pkgs.php72;
441da8aa IB	353	};
441da8aa IB	354	rompr = {
5400b9b6 IB	355	user = "wwwrun";
	356	group = "wwwrun";
	357	settings = rompr.phpFpm.pool;
dcac3ec7	358	phpPackage = pkgs.php72;
441da8aa IB	359	};
441da8aa IB	360	shaarli = {
5400b9b6 IB	361	user = "wwwrun";
	362	group = "wwwrun";
	363	settings = shaarli.phpFpm.pool;
dcac3ec7	364	phpPackage = pkgs.php72;
441da8aa	365	};
7df5e532 IB	366	dmarc-reports = {
	367	user = "wwwrun";
	368	group = "wwwrun";
	369	settings = dmarc-reports.phpFpm.pool;
	370	phpEnv = dmarc-reports.phpFpm.phpEnv;
dcac3ec7	371	phpPackage = pkgs.php72;
7df5e532	372	};
441da8aa	373	dokuwiki = {
5400b9b6 IB	374	user = "wwwrun";
	375	group = "wwwrun";
	376	settings = dokuwiki.phpFpm.pool;
dcac3ec7	377	phpPackage = pkgs.php72;
441da8aa	378	};
a8ef1adb IB	379	phpbb = {
	380	user = "wwwrun";
	381	group = "wwwrun";
	382	settings = phpbb.phpFpm.pool;
dcac3ec7	383	phpPackage = pkgs.php72;
a8ef1adb	384	};
441da8aa	385	ldap = {
5400b9b6 IB	386	user = "wwwrun";
	387	group = "wwwrun";
	388	settings = ldap.phpFpm.pool;
64608496	389	phpPackage = pkgs.php72;
441da8aa IB	390	};
441da8aa IB	391	kanboard = {
5400b9b6 IB	392	user = "wwwrun";
	393	group = "wwwrun";
	394	settings = kanboard.phpFpm.pool;
dcac3ec7	395	phpPackage = pkgs.php72;
441da8aa IB	396	};
441da8aa IB	397	grocy = {
5400b9b6 IB	398	user = "wwwrun";
	399	group = "wwwrun";
	400	settings = grocy.phpFpm.pool;
dcac3ec7	401	phpPackage = pkgs.php72;
441da8aa	402	};
10889174 IB	403	};
	404
	405	system.activationScripts = {
4288c2f2	406	adminer = adminer.activationScript;
c7627e14	407	grocy = grocy.activationScript;
10889174	408	ttrss = ttrss.activationScript;
aebd817b	409	wallabag = wallabag.activationScript;
133ebaee	410	yourls = yourls.activationScript;
bfe3c9c9	411	rompr = rompr.activationScript;
95b20e17	412	shaarli = shaarli.activationScript;
b892dcbe	413	dokuwiki = dokuwiki.activationScript;
a8ef1adb	414	phpbb = phpbb.activationScript;
d4ed0eff	415	kanboard = kanboard.activationScript;
4288c2f2	416	ldap = ldap.activationScript;
10889174 IB	417	};
10889174 IB	418
29f8cb85	419	services.websites.env.tools.watchPaths = [
da30ae4f	420	config.secrets.fullPaths."webapps/tools-shaarli"
17f6eae9 IB	421	];
	422	services.filesWatcher.phpfpm-wallabag = {
	423	restart = true;
da30ae4f	424	paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
17f6eae9	425	};
ea3b46ee	426
10889174 IB	427	};
	428	}
	429