[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix

{ lib, pkgs, config, ... }:
let
  adminer = pkgs.callPackage ./adminer.nix {
    inherit (pkgs.webapps) adminer;
  };
  ympd = pkgs.callPackage ./ympd.nix {
    env = config.myEnv.tools.ympd;
  };
  ttrss = pkgs.callPackage ./ttrss.nix {
    inherit (pkgs.webapps) ttrss ttrss-plugins;
    env = config.myEnv.tools.ttrss;
    php = pkgs.php72;
  };
  kanboard = pkgs.callPackage ./kanboard.nix  {
    env = config.myEnv.tools.kanboard;
  };
  wallabag = pkgs.callPackage ./wallabag.nix {
    wallabag = pkgs.webapps.wallabag.override {
      composerEnv = pkgs.composerEnv.override {
        php = pkgs.php73.withExtensions(e: pkgs.php73.enabledExtensions ++ [e.tidy]);
      };
    };
    env = config.myEnv.tools.wallabag;
  };
  yourls = pkgs.callPackage ./yourls.nix {
    inherit (pkgs.webapps) yourls yourls-plugins;
    env = config.myEnv.tools.yourls;
  };
  rompr = pkgs.callPackage ./rompr.nix {
    inherit (pkgs.webapps) rompr;
    env = config.myEnv.tools.rompr;
  };
  shaarli = pkgs.callPackage ./shaarli.nix {
    env = config.myEnv.tools.shaarli;
  };
  dokuwiki = pkgs.callPackage ./dokuwiki.nix {
    inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
  };
  ldap = pkgs.callPackage ./ldap.nix {
    inherit (pkgs.webapps) phpldapadmin;
    env = config.myEnv.tools.phpldapadmin;
  };
  grocy = pkgs.callPackage ./grocy.nix {
    grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
  };
  phpbb = pkgs.callPackage ./phpbb.nix {
    phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
      e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
      e.empteintesduweb.monitoranswers e.lr94.autosubscribe
      e.phpbbmodders.adduser ]);
  };
  webhooks = pkgs.callPackage ./webhooks.nix {
    env = config.myEnv.tools.webhooks;
  };
  dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
    env = config.myEnv.tools.dmarc_reports;
  };

  landing = pkgs.callPackage ./landing.nix {};

  cfg = config.myServices.websites.tools.tools;
  pcfg = config.services.phpfpm.pools;
in {
  options.myServices.websites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    secrets.keys =
      kanboard.keys
      ++ ldap.keys
      ++ shaarli.keys
      ++ ttrss.keys
      ++ wallabag.keys
      ++ yourls.keys
      ++ dmarc-reports.keys
      ++ webhooks.keys;

    services.duplyBackup.profiles = {
      dokuwiki = dokuwiki.backups;
      grocy = grocy.backups;
      kanboard = kanboard.backups;
      rompr = rompr.backups;
      shaarli = shaarli.backups;
      ttrss = ttrss.backups;
      wallabag = wallabag.backups;
      phpbb = phpbb.backups;
    };

    services.websites.env.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ dmarc-reports.apache.modules
      ++ phpbb.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    services.websites.env.integration.vhostConfs.devtools = {
      certName     = "integration";
      certMainHost = "devtools.immae.eu";
      addToCerts   = true;
      hosts        = [ "devtools.immae.eu" ];
      root         = "/var/lib/ftp/devtools.immae.eu";
      extraConfig  = [
        ''
          Timeout 600
          ProxyTimeout 600
          <Directory "/var/lib/ftp/devtools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
      ];
    };

    services.websites.env.tools.vhostConfs.tools = {
      certName    = "eldiron";
      addToCerts  = true;
      hosts       = ["tools.immae.eu" ];
      root        = landing;
      extraConfig = [
        ''
          RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1
          RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1
          RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

          <Directory "${landing}">
            DirectoryIndex index.html
            AllowOverride None
            Require all granted

            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        (adminer.apache.vhostConf pcfg.adminer.socket)
        ympd.apache.vhostConf
        (ttrss.apache.vhostConf pcfg.ttrss.socket)
        (wallabag.apache.vhostConf pcfg.wallabag.socket)
        (yourls.apache.vhostConf pcfg.yourls.socket)
        (rompr.apache.vhostConf pcfg.rompr.socket)
        (shaarli.apache.vhostConf pcfg.shaarli.socket)
        (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
        (ldap.apache.vhostConf pcfg.ldap.socket)
        (kanboard.apache.vhostConf pcfg.kanboard.socket)
        (grocy.apache.vhostConf pcfg.grocy.socket)
        (phpbb.apache.vhostConf pcfg.phpbb.socket)
        (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
        ''
          Alias /paste /var/lib/fiche
          <Directory "/var/lib/fiche">
            DirectoryIndex index.txt index.html
            AllowOverride None
            Require all granted
            Options -Indexes
          </Directory>

          Alias /BIP39 /var/lib/buildbot/outputs/bip39
          <Directory "/var/lib/buildbot/outputs/bip39">
            DirectoryIndex index.html
            AllowOverride None
            Require all granted
          </Directory>

          Alias /webhooks ${config.secrets.location}/webapps/webhooks
          <Directory "${config.secrets.location}/webapps/webhooks">
            Options -Indexes
            Require all granted
            AllowOverride None
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
        ''
      ];
    };

    services.websites.env.tools.vhostConfs.outils = {
      certName   = "eldiron";
      addToCerts = true;
      hosts      = [ "outils.immae.eu" ];
      root       = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1

        RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

        RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    systemd.services = {
      phpfpm-dokuwiki = {
        after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
        wants = dokuwiki.phpFpm.serviceDeps;
      };
      phpfpm-phpbb = {
        after = lib.mkAfter phpbb.phpFpm.serviceDeps;
        wants = phpbb.phpFpm.serviceDeps;
      };
      phpfpm-kanboard = {
        after = lib.mkAfter kanboard.phpFpm.serviceDeps;
        wants = kanboard.phpFpm.serviceDeps;
      };
      phpfpm-ldap = {
        after = lib.mkAfter ldap.phpFpm.serviceDeps;
        wants = ldap.phpFpm.serviceDeps;
      };
      phpfpm-shaarli = {
        after = lib.mkAfter shaarli.phpFpm.serviceDeps;
        wants = shaarli.phpFpm.serviceDeps;
      };
      phpfpm-ttrss = {
        after = lib.mkAfter ttrss.phpFpm.serviceDeps;
        wants = ttrss.phpFpm.serviceDeps;
      };
      phpfpm-wallabag = {
        after = lib.mkAfter wallabag.phpFpm.serviceDeps;
        wants = wallabag.phpFpm.serviceDeps;
        preStart = lib.mkAfter wallabag.phpFpm.preStart;
      };
      phpfpm-yourls = {
        after = lib.mkAfter yourls.phpFpm.serviceDeps;
        wants = yourls.phpFpm.serviceDeps;
      };
      ympd = {
        description = "Standalone MPD Web GUI written in C";
        wantedBy = [ "multi-user.target" ];
        script = ''
          export MPD_PASSWORD=$(cat /var/secrets/mpd)
          ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
          '';
      };
      tt-rss = {
        description = "Tiny Tiny RSS feeds update daemon";
        serviceConfig = {
          User = "wwwrun";
          ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
          StandardOutput = "syslog";
          StandardError = "syslog";
          PermissionsStartOnly = true;
        };

        wantedBy = [ "multi-user.target" ];
        requires = ["postgresql.service"];
        after = ["network.target" "postgresql.service"];
      };
    };

    services.filesWatcher.ympd = {
      restart = true;
      paths = [ "/var/secrets/mpd" ];
    };

    services.phpfpm.pools = {
      tools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          # Needed to avoid clashes in browser cookies (same domain)
          "php_value[session.name]" = "ToolsPHPSESSID";
          "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
            "/run/wrappers/bin/sendmail" landing "/tmp"
            "${config.secrets.location}/webapps/webhooks"
          ];
        };
        phpEnv = {
          CONTACT_EMAIL = config.myEnv.tools.contact;
        };
        phpPackage = pkgs.php72;
      };
      devtools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
        };
        phpPackage = pkgs.php72.withExtensions(e: pkgs.php72.enabledExtensions ++ [e.mysqli e.redis e.apcu e.opcache ]);
      };
      adminer = adminer.phpFpm;
      ttrss = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ttrss.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      wallabag = {
        user = "wwwrun";
        group = "wwwrun";
        settings = wallabag.phpFpm.pool;
        phpPackage = pkgs.php73.withExtensions(e: pkgs.php73.enabledExtensions ++ [e.tidy]);
      };
      yourls = {
        user = "wwwrun";
        group = "wwwrun";
        settings = yourls.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      rompr = {
        user = "wwwrun";
        group = "wwwrun";
        settings = rompr.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      shaarli = {
        user = "wwwrun";
        group = "wwwrun";
        settings = shaarli.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      dmarc-reports = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dmarc-reports.phpFpm.pool;
        phpEnv = dmarc-reports.phpFpm.phpEnv;
        phpPackage = pkgs.php72;
      };
      dokuwiki = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dokuwiki.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      phpbb = {
        user = "wwwrun";
        group = "wwwrun";
        settings = phpbb.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      ldap = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ldap.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      kanboard = {
        user = "wwwrun";
        group = "wwwrun";
        settings = kanboard.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      grocy = {
        user = "wwwrun";
        group = "wwwrun";
        settings = grocy.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
    };

    system.activationScripts = {
      adminer = adminer.activationScript;
      grocy = grocy.activationScript;
      ttrss = ttrss.activationScript;
      wallabag = wallabag.activationScript;
      yourls = yourls.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      phpbb = phpbb.activationScript;
      kanboard = kanboard.activationScript;
      ldap = ldap.activationScript;
    };

    services.websites.webappDirs = {
      _adminer = adminer.webRoot;
      "${dmarc-reports.apache.webappName}" = dmarc-reports.webRoot;
      "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
      "${phpbb.apache.webappName}" = phpbb.webRoot;
      "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
      "${rompr.apache.webappName}" = rompr.webRoot;
      "${shaarli.apache.webappName}" = shaarli.webRoot;
      "${ttrss.apache.webappName}" = ttrss.webRoot;
      "${wallabag.apache.webappName}" = wallabag.webRoot;
      "${yourls.apache.webappName}" = yourls.webRoot;
      "${kanboard.apache.webappName}" = kanboard.webRoot;
      "${grocy.apache.webappName}" = grocy.webRoot;
    };

    services.websites.env.tools.watchPaths = [
      "/var/secrets/webapps/tools-shaarli"
    ];
    services.filesWatcher.phpfpm-wallabag = {
      restart = true;
      paths = [ "/var/secrets/webapps/tools-wallabag" ];
    };

    services.fiche = {
      enable = true;
      port = config.myEnv.ports.fiche;
      domain = "tools.immae.eu/paste";
      https = true;
    };
  };
}
Commit	Line	Data
ab8f306d	1	{ lib, pkgs, config, ... }:
10889174	2	let
4288c2f2 IB	3	adminer = pkgs.callPackage ./adminer.nix {
	4	inherit (pkgs.webapps) adminer;
	5	};
	6	ympd = pkgs.callPackage ./ympd.nix {
ab8f306d	7	env = config.myEnv.tools.ympd;
4288c2f2 IB	8	};
	9	ttrss = pkgs.callPackage ./ttrss.nix {
	10	inherit (pkgs.webapps) ttrss ttrss-plugins;
ab8f306d	11	env = config.myEnv.tools.ttrss;
dcac3ec7	12	php = pkgs.php72;
4288c2f2	13	};
4288c2f2	14	kanboard = pkgs.callPackage ./kanboard.nix {
ab8f306d	15	env = config.myEnv.tools.kanboard;
4288c2f2 IB	16	};
4288c2f2 IB	17	wallabag = pkgs.callPackage ./wallabag.nix {
46c99b57 IB	18	wallabag = pkgs.webapps.wallabag.override {
	19	composerEnv = pkgs.composerEnv.override {
	20	php = pkgs.php73.withExtensions(e: pkgs.php73.enabledExtensions ++ [e.tidy]);
	21	};
	22	};
ab8f306d	23	env = config.myEnv.tools.wallabag;
4288c2f2 IB	24	};
	25	yourls = pkgs.callPackage ./yourls.nix {
	26	inherit (pkgs.webapps) yourls yourls-plugins;
ab8f306d	27	env = config.myEnv.tools.yourls;
4288c2f2 IB	28	};
	29	rompr = pkgs.callPackage ./rompr.nix {
	30	inherit (pkgs.webapps) rompr;
ab8f306d	31	env = config.myEnv.tools.rompr;
4288c2f2 IB	32	};
4288c2f2 IB	33	shaarli = pkgs.callPackage ./shaarli.nix {
ab8f306d	34	env = config.myEnv.tools.shaarli;
4288c2f2 IB	35	};
	36	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
	37	inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
	38	};
	39	ldap = pkgs.callPackage ./ldap.nix {
	40	inherit (pkgs.webapps) phpldapadmin;
ab8f306d	41	env = config.myEnv.tools.phpldapadmin;
4288c2f2	42	};
c7627e14	43	grocy = pkgs.callPackage ./grocy.nix {
dcac3ec7	44	grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
c7627e14	45	};
a8ef1adb IB	46	phpbb = pkgs.callPackage ./phpbb.nix {
	47	phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
	48	e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
	49	e.empteintesduweb.monitoranswers e.lr94.autosubscribe
	50	e.phpbbmodders.adduser ]);
	51	};
251c0a13 IB	52	webhooks = pkgs.callPackage ./webhooks.nix {
	53	env = config.myEnv.tools.webhooks;
	54	};
7df5e532 IB	55	dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
	56	env = config.myEnv.tools.dmarc_reports;
	57	};
251c0a13 IB	58
251c0a13 IB	59	landing = pkgs.callPackage ./landing.nix {};
10889174	60
4288c2f2	61	cfg = config.myServices.websites.tools.tools;
5400b9b6	62	pcfg = config.services.phpfpm.pools;
10889174	63	in {
4288c2f2	64	options.myServices.websites.tools.tools = {
10889174 IB	65	enable = lib.mkEnableOption "enable tools website";
	66	};
	67
	68	config = lib.mkIf cfg.enable {
1a718805	69	secrets.keys =
a840a21c	70	kanboard.keys
8db8e666	71	++ ldap.keys
8db8e666 IB	72	++ shaarli.keys
	73	++ ttrss.keys
	74	++ wallabag.keys
251c0a13	75	++ yourls.keys
7df5e532	76	++ dmarc-reports.keys
251c0a13	77	++ webhooks.keys;
98163486	78
d2e703c5	79	services.duplyBackup.profiles = {
6a8252b1	80	dokuwiki = dokuwiki.backups;
c7627e14	81	grocy = grocy.backups;
6a8252b1 IB	82	kanboard = kanboard.backups;
	83	rompr = rompr.backups;
	84	shaarli = shaarli.backups;
	85	ttrss = ttrss.backups;
	86	wallabag = wallabag.backups;
a8ef1adb	87	phpbb = phpbb.backups;
6a8252b1 IB	88	};
6a8252b1 IB	89
29f8cb85	90	services.websites.env.tools.modules =
1922655a IB	91	[ "proxy_fcgi" ]
1922655a IB	92	++ adminer.apache.modules
10889174 IB	93	++ ympd.apache.modules
10889174 IB	94	++ ttrss.apache.modules
133ebaee	95	++ wallabag.apache.modules
bfe3c9c9	96	++ yourls.apache.modules
95b20e17	97	++ rompr.apache.modules
b892dcbe	98	++ shaarli.apache.modules
f80772dc	99	++ dokuwiki.apache.modules
7df5e532	100	++ dmarc-reports.apache.modules
a8ef1adb	101	++ phpbb.apache.modules
d4ed0eff IB	102	++ ldap.apache.modules
d4ed0eff IB	103	++ kanboard.apache.modules;
10889174	104
29f8cb85	105	services.websites.env.integration.vhostConfs.devtools = {
0f71cd76 IB	106	certName = "integration";
	107	certMainHost = "devtools.immae.eu";
	108	addToCerts = true;
	109	hosts = [ "devtools.immae.eu" ];
	110	root = "/var/lib/ftp/devtools.immae.eu";
	111	extraConfig = [
0aae0181	112	''
9338c832 IB	113	Timeout 600
9338c832 IB	114	ProxyTimeout 600
0aae0181 IB	115	<Directory "/var/lib/ftp/devtools.immae.eu">
	116	DirectoryIndex index.php index.htm index.html
	117	AllowOverride all
	118	Require all granted
	119	<FilesMatch "\.php$">
5400b9b6	120	SetHandler "proxy:unix:${pcfg.devtools.socket}\|fcgi://localhost"
0aae0181 IB	121	</FilesMatch>
	122	</Directory>
	123	''
46f30ecc IB	124	];
	125	};
	126
29f8cb85	127	services.websites.env.tools.vhostConfs.tools = {
10889174	128	certName = "eldiron";
7df420c2	129	addToCerts = true;
10889174	130	hosts = ["tools.immae.eu" ];
a8ef1adb	131	root = landing;
10889174	132	extraConfig = [
1922655a	133	''
ea9c6fe8	134	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
afcc5de0	135	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
3f453c7d	136	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
afcc5de0	137
251c0a13 IB	138	<Directory "${landing}">
	139	DirectoryIndex index.html
	140	AllowOverride None
	141	Require all granted
	142
	143	<FilesMatch "\.php$">
	144	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	145	</FilesMatch>
	146	</Directory>
1922655a	147	''
5400b9b6	148	(adminer.apache.vhostConf pcfg.adminer.socket)
10889174	149	ympd.apache.vhostConf
5400b9b6 IB	150	(ttrss.apache.vhostConf pcfg.ttrss.socket)
	151	(wallabag.apache.vhostConf pcfg.wallabag.socket)
	152	(yourls.apache.vhostConf pcfg.yourls.socket)
	153	(rompr.apache.vhostConf pcfg.rompr.socket)
	154	(shaarli.apache.vhostConf pcfg.shaarli.socket)
	155	(dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
	156	(ldap.apache.vhostConf pcfg.ldap.socket)
	157	(kanboard.apache.vhostConf pcfg.kanboard.socket)
	158	(grocy.apache.vhostConf pcfg.grocy.socket)
a8ef1adb	159	(phpbb.apache.vhostConf pcfg.phpbb.socket)
7df5e532	160	(dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
ea3b46ee IB	161	''
	162	Alias /paste /var/lib/fiche
	163	<Directory "/var/lib/fiche">
	164	DirectoryIndex index.txt index.html
	165	AllowOverride None
	166	Require all granted
	167	Options -Indexes
	168	</Directory>
251c0a13 IB	169
	170	Alias /BIP39 /var/lib/buildbot/outputs/bip39
	171	<Directory "/var/lib/buildbot/outputs/bip39">
	172	DirectoryIndex index.html
	173	AllowOverride None
	174	Require all granted
	175	</Directory>
	176
	177	Alias /webhooks ${config.secrets.location}/webapps/webhooks
	178	<Directory "${config.secrets.location}/webapps/webhooks">
	179	Options -Indexes
	180	Require all granted
	181	AllowOverride None
	182	<FilesMatch "\.php$">
	183	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	184	</FilesMatch>
	185	</Directory>
ea3b46ee	186	''
10889174 IB	187	];
	188	};
	189
29f8cb85	190	services.websites.env.tools.vhostConfs.outils = {
7df420c2 IB	191	certName = "eldiron";
7df420c2 IB	192	addToCerts = true;
0f71cd76	193	hosts = [ "outils.immae.eu" ];
7df420c2	194	root = null;
70606070 IB	195	extraConfig = [
	196	''
	197	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	198
	199	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	200
	201	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	202	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	203
	204	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	205	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	206	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	207	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	208
	209	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	210
afcc5de0 IB	211	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
afcc5de0 IB	212
3f453c7d IB	213	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
3f453c7d IB	214
ea9c6fe8 IB	215	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
ea9c6fe8 IB	216
70606070 IB	217	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	218	''
	219	];
	220	};
	221
f40f5b23 IB	222	systemd.services = {
	223	phpfpm-dokuwiki = {
	224	after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
	225	wants = dokuwiki.phpFpm.serviceDeps;
	226	};
a8ef1adb IB	227	phpfpm-phpbb = {
	228	after = lib.mkAfter phpbb.phpFpm.serviceDeps;
	229	wants = phpbb.phpFpm.serviceDeps;
	230	};
f40f5b23 IB	231	phpfpm-kanboard = {
	232	after = lib.mkAfter kanboard.phpFpm.serviceDeps;
	233	wants = kanboard.phpFpm.serviceDeps;
	234	};
	235	phpfpm-ldap = {
	236	after = lib.mkAfter ldap.phpFpm.serviceDeps;
	237	wants = ldap.phpFpm.serviceDeps;
	238	};
f40f5b23 IB	239	phpfpm-shaarli = {
	240	after = lib.mkAfter shaarli.phpFpm.serviceDeps;
	241	wants = shaarli.phpFpm.serviceDeps;
	242	};
	243	phpfpm-ttrss = {
	244	after = lib.mkAfter ttrss.phpFpm.serviceDeps;
	245	wants = ttrss.phpFpm.serviceDeps;
	246	};
	247	phpfpm-wallabag = {
	248	after = lib.mkAfter wallabag.phpFpm.serviceDeps;
	249	wants = wallabag.phpFpm.serviceDeps;
	250	preStart = lib.mkAfter wallabag.phpFpm.preStart;
	251	};
	252	phpfpm-yourls = {
	253	after = lib.mkAfter yourls.phpFpm.serviceDeps;
	254	wants = yourls.phpFpm.serviceDeps;
	255	};
	256	ympd = {
	257	description = "Standalone MPD Web GUI written in C";
	258	wantedBy = [ "multi-user.target" ];
	259	script = ''
	260	export MPD_PASSWORD=$(cat /var/secrets/mpd)
	261	${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
	262	'';
	263	};
	264	tt-rss = {
	265	description = "Tiny Tiny RSS feeds update daemon";
	266	serviceConfig = {
	267	User = "wwwrun";
dcac3ec7	268	ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
f40f5b23 IB	269	StandardOutput = "syslog";
	270	StandardError = "syslog";
	271	PermissionsStartOnly = true;
	272	};
	273
	274	wantedBy = [ "multi-user.target" ];
	275	requires = ["postgresql.service"];
	276	after = ["network.target" "postgresql.service"];
	277	};
	278	};
	279
17f6eae9 IB	280	services.filesWatcher.ympd = {
	281	restart = true;
	282	paths = [ "/var/secrets/mpd" ];
	283	};
	284
441da8aa IB	285	services.phpfpm.pools = {
441da8aa IB	286	tools = {
5400b9b6 IB	287	user = "wwwrun";
	288	group = "wwwrun";
	289	settings = {
	290	"listen.owner" = "wwwrun";
	291	"listen.group" = "wwwrun";
	292	"pm" = "dynamic";
	293	"pm.max_children" = "60";
	294	"pm.start_servers" = "2";
	295	"pm.min_spare_servers" = "1";
	296	"pm.max_spare_servers" = "10";
f40f5b23	297
5400b9b6 IB	298	# Needed to avoid clashes in browser cookies (same domain)
5400b9b6 IB	299	"php_value[session.name]" = "ToolsPHPSESSID";
251c0a13	300	"php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
a8ef1adb IB	301	"/run/wrappers/bin/sendmail" landing "/tmp"
a8ef1adb IB	302	"${config.secrets.location}/webapps/webhooks"
251c0a13 IB	303	];
	304	};
	305	phpEnv = {
	306	CONTACT_EMAIL = config.myEnv.tools.contact;
5400b9b6	307	};
dcac3ec7	308	phpPackage = pkgs.php72;
441da8aa IB	309	};
441da8aa IB	310	devtools = {
5400b9b6 IB	311	user = "wwwrun";
	312	group = "wwwrun";
	313	settings = {
	314	"listen.owner" = "wwwrun";
	315	"listen.group" = "wwwrun";
	316	"pm" = "dynamic";
	317	"pm.max_children" = "60";
	318	"pm.start_servers" = "2";
	319	"pm.min_spare_servers" = "1";
	320	"pm.max_spare_servers" = "10";
1922655a	321
5400b9b6 IB	322	"php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
5400b9b6 IB	323	};
f5761aac	324	phpPackage = pkgs.php72.withExtensions(e: pkgs.php72.enabledExtensions ++ [e.mysqli e.redis e.apcu e.opcache ]);
441da8aa	325	};
5400b9b6	326	adminer = adminer.phpFpm;
441da8aa	327	ttrss = {
5400b9b6 IB	328	user = "wwwrun";
	329	group = "wwwrun";
	330	settings = ttrss.phpFpm.pool;
dcac3ec7	331	phpPackage = pkgs.php72;
441da8aa IB	332	};
441da8aa IB	333	wallabag = {
5400b9b6 IB	334	user = "wwwrun";
	335	group = "wwwrun";
	336	settings = wallabag.phpFpm.pool;
46c99b57	337	phpPackage = pkgs.php73.withExtensions(e: pkgs.php73.enabledExtensions ++ [e.tidy]);
441da8aa IB	338	};
441da8aa IB	339	yourls = {
5400b9b6 IB	340	user = "wwwrun";
	341	group = "wwwrun";
	342	settings = yourls.phpFpm.pool;
dcac3ec7	343	phpPackage = pkgs.php72;
441da8aa IB	344	};
441da8aa IB	345	rompr = {
5400b9b6 IB	346	user = "wwwrun";
	347	group = "wwwrun";
	348	settings = rompr.phpFpm.pool;
dcac3ec7	349	phpPackage = pkgs.php72;
441da8aa IB	350	};
441da8aa IB	351	shaarli = {
5400b9b6 IB	352	user = "wwwrun";
	353	group = "wwwrun";
	354	settings = shaarli.phpFpm.pool;
dcac3ec7	355	phpPackage = pkgs.php72;
441da8aa	356	};
7df5e532 IB	357	dmarc-reports = {
	358	user = "wwwrun";
	359	group = "wwwrun";
	360	settings = dmarc-reports.phpFpm.pool;
	361	phpEnv = dmarc-reports.phpFpm.phpEnv;
dcac3ec7	362	phpPackage = pkgs.php72;
7df5e532	363	};
441da8aa	364	dokuwiki = {
5400b9b6 IB	365	user = "wwwrun";
	366	group = "wwwrun";
	367	settings = dokuwiki.phpFpm.pool;
dcac3ec7	368	phpPackage = pkgs.php72;
441da8aa	369	};
a8ef1adb IB	370	phpbb = {
	371	user = "wwwrun";
	372	group = "wwwrun";
	373	settings = phpbb.phpFpm.pool;
dcac3ec7	374	phpPackage = pkgs.php72;
a8ef1adb	375	};
441da8aa	376	ldap = {
5400b9b6 IB	377	user = "wwwrun";
	378	group = "wwwrun";
	379	settings = ldap.phpFpm.pool;
64608496	380	phpPackage = pkgs.php72;
441da8aa IB	381	};
441da8aa IB	382	kanboard = {
5400b9b6 IB	383	user = "wwwrun";
	384	group = "wwwrun";
	385	settings = kanboard.phpFpm.pool;
dcac3ec7	386	phpPackage = pkgs.php72;
441da8aa IB	387	};
441da8aa IB	388	grocy = {
5400b9b6 IB	389	user = "wwwrun";
	390	group = "wwwrun";
	391	settings = grocy.phpFpm.pool;
dcac3ec7	392	phpPackage = pkgs.php72;
441da8aa	393	};
10889174 IB	394	};
	395
	396	system.activationScripts = {
4288c2f2	397	adminer = adminer.activationScript;
c7627e14	398	grocy = grocy.activationScript;
10889174	399	ttrss = ttrss.activationScript;
aebd817b	400	wallabag = wallabag.activationScript;
133ebaee	401	yourls = yourls.activationScript;
bfe3c9c9	402	rompr = rompr.activationScript;
95b20e17	403	shaarli = shaarli.activationScript;
b892dcbe	404	dokuwiki = dokuwiki.activationScript;
a8ef1adb	405	phpbb = phpbb.activationScript;
d4ed0eff	406	kanboard = kanboard.activationScript;
4288c2f2	407	ldap = ldap.activationScript;
10889174 IB	408	};
10889174 IB	409
d3452fc5	410	services.websites.webappDirs = {
4288c2f2	411	_adminer = adminer.webRoot;
7df5e532	412	"${dmarc-reports.apache.webappName}" = dmarc-reports.webRoot;
4288c2f2	413	"${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
a8ef1adb	414	"${phpbb.apache.webappName}" = phpbb.webRoot;
4288c2f2 IB	415	"${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
4288c2f2 IB	416	"${rompr.apache.webappName}" = rompr.webRoot;
4288c2f2 IB	417	"${shaarli.apache.webappName}" = shaarli.webRoot;
	418	"${ttrss.apache.webappName}" = ttrss.webRoot;
	419	"${wallabag.apache.webappName}" = wallabag.webRoot;
	420	"${yourls.apache.webappName}" = yourls.webRoot;
4288c2f2	421	"${kanboard.apache.webappName}" = kanboard.webRoot;
c7627e14	422	"${grocy.apache.webappName}" = grocy.webRoot;
4288c2f2	423	};
a95ab089	424
29f8cb85	425	services.websites.env.tools.watchPaths = [
9247b444	426	"/var/secrets/webapps/tools-shaarli"
17f6eae9 IB	427	];
	428	services.filesWatcher.phpfpm-wallabag = {
	429	restart = true;
	430	paths = [ "/var/secrets/webapps/tools-wallabag" ];
	431	};
ea3b46ee IB	432
	433	services.fiche = {
	434	enable = true;
	435	port = config.myEnv.ports.fiche;
	436	domain = "tools.immae.eu/paste";
	437	https = true;
	438	};
10889174 IB	439	};
	440	}
	441