[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix

{ lib, pkgs, config, ... }:
let
  adminer = pkgs.callPackage ./adminer.nix {
    inherit (pkgs.webapps) adminer;
  };
  ympd = pkgs.callPackage ./ympd.nix {
    env = config.myEnv.tools.ympd;
  };
  ttrss = pkgs.callPackage ./ttrss.nix {
    inherit (pkgs.webapps) ttrss ttrss-plugins;
    env = config.myEnv.tools.ttrss;
    php = pkgs.php72;
  };
  kanboard = pkgs.callPackage ./kanboard.nix  {
    env = config.myEnv.tools.kanboard;
  };
  wallabag = pkgs.callPackage ./wallabag.nix {
    wallabag = pkgs.webapps.wallabag.override {
      composerEnv = pkgs.composerEnv.override {
        php = pkgs.php73.withExtensions(e: pkgs.php73.enabledExtensions ++ [e.tidy]);
      };
    };
    env = config.myEnv.tools.wallabag;
  };
  yourls = pkgs.callPackage ./yourls.nix {
    inherit (pkgs.webapps) yourls yourls-plugins;
    env = config.myEnv.tools.yourls;
  };
  rompr = pkgs.callPackage ./rompr.nix {
    inherit (pkgs.webapps) rompr;
    env = config.myEnv.tools.rompr;
  };
  shaarli = pkgs.callPackage ./shaarli.nix {
    env = config.myEnv.tools.shaarli;
  };
  dokuwiki = pkgs.callPackage ./dokuwiki.nix {
    inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
  };
  ldap = pkgs.callPackage ./ldap.nix {
    inherit (pkgs.webapps) phpldapadmin;
    env = config.myEnv.tools.phpldapadmin;
  };
  grocy = pkgs.callPackage ./grocy.nix {
    grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
  };
  phpbb = pkgs.callPackage ./phpbb.nix {
    phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
      e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
      e.empteintesduweb.monitoranswers e.lr94.autosubscribe
      e.phpbbmodders.adduser ]);
  };
  webhooks = pkgs.callPackage ./webhooks.nix {
    env = config.myEnv.tools.webhooks;
  };
  dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
    env = config.myEnv.tools.dmarc_reports;
  };

  landing = pkgs.callPackage ./landing.nix {};

  cfg = config.myServices.websites.tools.tools;
  pcfg = config.services.phpfpm.pools;
in {
  options.myServices.websites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    secrets.keys =
      kanboard.keys
      ++ ldap.keys
      ++ shaarli.keys
      ++ ttrss.keys
      ++ wallabag.keys
      ++ yourls.keys
      ++ dmarc-reports.keys
      ++ webhooks.keys;

    services.duplyBackup.profiles = {
      dokuwiki = dokuwiki.backups;
      grocy = grocy.backups;
      kanboard = kanboard.backups;
      rompr = rompr.backups;
      shaarli = shaarli.backups;
      ttrss = ttrss.backups;
      wallabag = wallabag.backups;
      phpbb = phpbb.backups;
    };

    services.websites.env.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ dmarc-reports.apache.modules
      ++ phpbb.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    services.websites.env.integration.vhostConfs.devtools = {
      certName     = "integration";
      certMainHost = "devtools.immae.eu";
      addToCerts   = true;
      hosts        = [ "devtools.immae.eu" ];
      root         = "/var/lib/ftp/devtools.immae.eu";
      extraConfig  = [
        ''
          Timeout 600
          ProxyTimeout 600
          Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
          <Directory "/var/lib/ftp/devtools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
      ];
    };

    services.websites.env.tools.vhostConfs.tools = {
      certName    = "eldiron";
      addToCerts  = true;
      hosts       = ["tools.immae.eu" ];
      root        = landing;
      extraConfig = [
        ''
          RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1
          RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1
          RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

          <Directory "${landing}">
            DirectoryIndex index.html
            AllowOverride None
            Require all granted

            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        (adminer.apache.vhostConf pcfg.adminer.socket)
        ympd.apache.vhostConf
        (ttrss.apache.vhostConf pcfg.ttrss.socket)
        (wallabag.apache.vhostConf pcfg.wallabag.socket)
        (yourls.apache.vhostConf pcfg.yourls.socket)
        (rompr.apache.vhostConf pcfg.rompr.socket)
        (shaarli.apache.vhostConf pcfg.shaarli.socket)
        (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
        (ldap.apache.vhostConf pcfg.ldap.socket)
        (kanboard.apache.vhostConf pcfg.kanboard.socket)
        (grocy.apache.vhostConf pcfg.grocy.socket)
        (phpbb.apache.vhostConf pcfg.phpbb.socket)
        (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
        ''
          Alias /paste /var/lib/fiche
          <Directory "/var/lib/fiche">
            DirectoryIndex index.txt index.html
            AllowOverride None
            Require all granted
            Options -Indexes
          </Directory>

          Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
          <Directory "/var/lib/buildbot/outputs/immae/bip39">
            DirectoryIndex index.html
            AllowOverride None
            Require all granted
          </Directory>

          Alias /webhooks ${config.secrets.location}/webapps/webhooks
          <Directory "${config.secrets.location}/webapps/webhooks">
            Options -Indexes
            Require all granted
            AllowOverride None
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
        ''
      ];
    };

    services.websites.env.tools.vhostConfs.outils = {
      certName   = "eldiron";
      addToCerts = true;
      hosts      = [ "outils.immae.eu" ];
      root       = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1

        RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

        RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    systemd.services = {
      phpfpm-dokuwiki = {
        after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
        wants = dokuwiki.phpFpm.serviceDeps;
      };
      phpfpm-phpbb = {
        after = lib.mkAfter phpbb.phpFpm.serviceDeps;
        wants = phpbb.phpFpm.serviceDeps;
      };
      phpfpm-kanboard = {
        after = lib.mkAfter kanboard.phpFpm.serviceDeps;
        wants = kanboard.phpFpm.serviceDeps;
      };
      phpfpm-ldap = {
        after = lib.mkAfter ldap.phpFpm.serviceDeps;
        wants = ldap.phpFpm.serviceDeps;
      };
      phpfpm-shaarli = {
        after = lib.mkAfter shaarli.phpFpm.serviceDeps;
        wants = shaarli.phpFpm.serviceDeps;
      };
      phpfpm-ttrss = {
        after = lib.mkAfter ttrss.phpFpm.serviceDeps;
        wants = ttrss.phpFpm.serviceDeps;
      };
      phpfpm-wallabag = {
        after = lib.mkAfter wallabag.phpFpm.serviceDeps;
        wants = wallabag.phpFpm.serviceDeps;
        preStart = lib.mkAfter wallabag.phpFpm.preStart;
      };
      phpfpm-yourls = {
        after = lib.mkAfter yourls.phpFpm.serviceDeps;
        wants = yourls.phpFpm.serviceDeps;
      };
      ympd = {
        description = "Standalone MPD Web GUI written in C";
        wantedBy = [ "multi-user.target" ];
        script = ''
          export MPD_PASSWORD=$(cat /var/secrets/mpd)
          ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
          '';
      };
      tt-rss = {
        description = "Tiny Tiny RSS feeds update daemon";
        serviceConfig = {
          User = "wwwrun";
          ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
          StandardOutput = "syslog";
          StandardError = "syslog";
          PermissionsStartOnly = true;
        };

        wantedBy = [ "multi-user.target" ];
        requires = ["postgresql.service"];
        after = ["network.target" "postgresql.service"];
      };
    };

    services.filesWatcher.ympd = {
      restart = true;
      paths = [ "/var/secrets/mpd" ];
    };

    services.phpfpm.pools = {
      tools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          # Needed to avoid clashes in browser cookies (same domain)
          "php_value[session.name]" = "ToolsPHPSESSID";
          "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
            "/run/wrappers/bin/sendmail" landing "/tmp"
            "${config.secrets.location}/webapps/webhooks"
          ];
        };
        phpEnv = {
          CONTACT_EMAIL = config.myEnv.tools.contact;
          CSP_REPORT_URI = with config.myEnv.tools.csp_reports.postgresql;
            "\"host=${socket} dbname=${database} user=${user} password=${password}\"";
        };
        phpPackage = pkgs.php72;
      };
      devtools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
        };
        phpPackage = pkgs.php72.withExtensions(e: pkgs.php72.enabledExtensions ++ [e.mysqli e.redis e.apcu e.opcache ]);
      };
      adminer = adminer.phpFpm;
      ttrss = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ttrss.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      wallabag = {
        user = "wwwrun";
        group = "wwwrun";
        settings = wallabag.phpFpm.pool;
        phpPackage = pkgs.php73.withExtensions(e: pkgs.php73.enabledExtensions ++ [e.tidy]);
      };
      yourls = {
        user = "wwwrun";
        group = "wwwrun";
        settings = yourls.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      rompr = {
        user = "wwwrun";
        group = "wwwrun";
        settings = rompr.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      shaarli = {
        user = "wwwrun";
        group = "wwwrun";
        settings = shaarli.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      dmarc-reports = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dmarc-reports.phpFpm.pool;
        phpEnv = dmarc-reports.phpFpm.phpEnv;
        phpPackage = pkgs.php72;
      };
      dokuwiki = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dokuwiki.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      phpbb = {
        user = "wwwrun";
        group = "wwwrun";
        settings = phpbb.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      ldap = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ldap.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      kanboard = {
        user = "wwwrun";
        group = "wwwrun";
        settings = kanboard.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      grocy = {
        user = "wwwrun";
        group = "wwwrun";
        settings = grocy.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
    };

    system.activationScripts = {
      adminer = adminer.activationScript;
      grocy = grocy.activationScript;
      ttrss = ttrss.activationScript;
      wallabag = wallabag.activationScript;
      yourls = yourls.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      phpbb = phpbb.activationScript;
      kanboard = kanboard.activationScript;
      ldap = ldap.activationScript;
    };

    services.websites.webappDirs = {
      _adminer = adminer.webRoot;
      "${dmarc-reports.apache.webappName}" = dmarc-reports.webRoot;
      "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
      "${phpbb.apache.webappName}" = phpbb.webRoot;
      "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
      "${rompr.apache.webappName}" = rompr.webRoot;
      "${shaarli.apache.webappName}" = shaarli.webRoot;
      "${ttrss.apache.webappName}" = ttrss.webRoot;
      "${wallabag.apache.webappName}" = wallabag.webRoot;
      "${yourls.apache.webappName}" = yourls.webRoot;
      "${kanboard.apache.webappName}" = kanboard.webRoot;
      "${grocy.apache.webappName}" = grocy.webRoot;
    };

    services.websites.env.tools.watchPaths = [
      "/var/secrets/webapps/tools-shaarli"
    ];
    services.filesWatcher.phpfpm-wallabag = {
      restart = true;
      paths = [ "/var/secrets/webapps/tools-wallabag" ];
    };

    services.fiche = {
      enable = true;
      port = config.myEnv.ports.fiche;
      domain = "tools.immae.eu/paste";
      https = true;
    };
  };
}
Commit	Line	Data
ab8f306d	1	{ lib, pkgs, config, ... }:
10889174	2	let
4288c2f2 IB	3	adminer = pkgs.callPackage ./adminer.nix {
	4	inherit (pkgs.webapps) adminer;
	5	};
	6	ympd = pkgs.callPackage ./ympd.nix {
ab8f306d	7	env = config.myEnv.tools.ympd;
4288c2f2 IB	8	};
	9	ttrss = pkgs.callPackage ./ttrss.nix {
	10	inherit (pkgs.webapps) ttrss ttrss-plugins;
ab8f306d	11	env = config.myEnv.tools.ttrss;
dcac3ec7	12	php = pkgs.php72;
4288c2f2	13	};
4288c2f2	14	kanboard = pkgs.callPackage ./kanboard.nix {
ab8f306d	15	env = config.myEnv.tools.kanboard;
4288c2f2 IB	16	};
4288c2f2 IB	17	wallabag = pkgs.callPackage ./wallabag.nix {
46c99b57 IB	18	wallabag = pkgs.webapps.wallabag.override {
	19	composerEnv = pkgs.composerEnv.override {
	20	php = pkgs.php73.withExtensions(e: pkgs.php73.enabledExtensions ++ [e.tidy]);
	21	};
	22	};
ab8f306d	23	env = config.myEnv.tools.wallabag;
4288c2f2 IB	24	};
	25	yourls = pkgs.callPackage ./yourls.nix {
	26	inherit (pkgs.webapps) yourls yourls-plugins;
ab8f306d	27	env = config.myEnv.tools.yourls;
4288c2f2 IB	28	};
	29	rompr = pkgs.callPackage ./rompr.nix {
	30	inherit (pkgs.webapps) rompr;
ab8f306d	31	env = config.myEnv.tools.rompr;
4288c2f2 IB	32	};
4288c2f2 IB	33	shaarli = pkgs.callPackage ./shaarli.nix {
ab8f306d	34	env = config.myEnv.tools.shaarli;
4288c2f2 IB	35	};
	36	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
	37	inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
	38	};
	39	ldap = pkgs.callPackage ./ldap.nix {
	40	inherit (pkgs.webapps) phpldapadmin;
ab8f306d	41	env = config.myEnv.tools.phpldapadmin;
4288c2f2	42	};
c7627e14	43	grocy = pkgs.callPackage ./grocy.nix {
dcac3ec7	44	grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
c7627e14	45	};
a8ef1adb IB	46	phpbb = pkgs.callPackage ./phpbb.nix {
	47	phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
	48	e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
	49	e.empteintesduweb.monitoranswers e.lr94.autosubscribe
	50	e.phpbbmodders.adduser ]);
	51	};
251c0a13 IB	52	webhooks = pkgs.callPackage ./webhooks.nix {
	53	env = config.myEnv.tools.webhooks;
	54	};
7df5e532 IB	55	dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
	56	env = config.myEnv.tools.dmarc_reports;
	57	};
251c0a13 IB	58
251c0a13 IB	59	landing = pkgs.callPackage ./landing.nix {};
10889174	60
4288c2f2	61	cfg = config.myServices.websites.tools.tools;
5400b9b6	62	pcfg = config.services.phpfpm.pools;
10889174	63	in {
4288c2f2	64	options.myServices.websites.tools.tools = {
10889174 IB	65	enable = lib.mkEnableOption "enable tools website";
	66	};
	67
	68	config = lib.mkIf cfg.enable {
1a718805	69	secrets.keys =
a840a21c	70	kanboard.keys
8db8e666	71	++ ldap.keys
8db8e666 IB	72	++ shaarli.keys
	73	++ ttrss.keys
	74	++ wallabag.keys
251c0a13	75	++ yourls.keys
7df5e532	76	++ dmarc-reports.keys
251c0a13	77	++ webhooks.keys;
98163486	78
d2e703c5	79	services.duplyBackup.profiles = {
6a8252b1	80	dokuwiki = dokuwiki.backups;
c7627e14	81	grocy = grocy.backups;
6a8252b1 IB	82	kanboard = kanboard.backups;
	83	rompr = rompr.backups;
	84	shaarli = shaarli.backups;
	85	ttrss = ttrss.backups;
	86	wallabag = wallabag.backups;
a8ef1adb	87	phpbb = phpbb.backups;
6a8252b1 IB	88	};
6a8252b1 IB	89
29f8cb85	90	services.websites.env.tools.modules =
1922655a IB	91	[ "proxy_fcgi" ]
1922655a IB	92	++ adminer.apache.modules
10889174 IB	93	++ ympd.apache.modules
10889174 IB	94	++ ttrss.apache.modules
133ebaee	95	++ wallabag.apache.modules
bfe3c9c9	96	++ yourls.apache.modules
95b20e17	97	++ rompr.apache.modules
b892dcbe	98	++ shaarli.apache.modules
f80772dc	99	++ dokuwiki.apache.modules
7df5e532	100	++ dmarc-reports.apache.modules
a8ef1adb	101	++ phpbb.apache.modules
d4ed0eff IB	102	++ ldap.apache.modules
d4ed0eff IB	103	++ kanboard.apache.modules;
10889174	104
29f8cb85	105	services.websites.env.integration.vhostConfs.devtools = {
0f71cd76 IB	106	certName = "integration";
	107	certMainHost = "devtools.immae.eu";
	108	addToCerts = true;
	109	hosts = [ "devtools.immae.eu" ];
	110	root = "/var/lib/ftp/devtools.immae.eu";
	111	extraConfig = [
0aae0181	112	''
9338c832 IB	113	Timeout 600
9338c832 IB	114	ProxyTimeout 600
68c45ad5	115	Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
0aae0181 IB	116	<Directory "/var/lib/ftp/devtools.immae.eu">
	117	DirectoryIndex index.php index.htm index.html
	118	AllowOverride all
	119	Require all granted
	120	<FilesMatch "\.php$">
5400b9b6	121	SetHandler "proxy:unix:${pcfg.devtools.socket}\|fcgi://localhost"
0aae0181 IB	122	</FilesMatch>
	123	</Directory>
	124	''
46f30ecc IB	125	];
	126	};
	127
29f8cb85	128	services.websites.env.tools.vhostConfs.tools = {
10889174	129	certName = "eldiron";
7df420c2	130	addToCerts = true;
10889174	131	hosts = ["tools.immae.eu" ];
a8ef1adb	132	root = landing;
10889174	133	extraConfig = [
1922655a	134	''
ea9c6fe8	135	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
afcc5de0	136	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
3f453c7d	137	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
afcc5de0	138
251c0a13 IB	139	<Directory "${landing}">
	140	DirectoryIndex index.html
	141	AllowOverride None
	142	Require all granted
	143
	144	<FilesMatch "\.php$">
	145	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	146	</FilesMatch>
	147	</Directory>
1922655a	148	''
5400b9b6	149	(adminer.apache.vhostConf pcfg.adminer.socket)
10889174	150	ympd.apache.vhostConf
5400b9b6 IB	151	(ttrss.apache.vhostConf pcfg.ttrss.socket)
	152	(wallabag.apache.vhostConf pcfg.wallabag.socket)
	153	(yourls.apache.vhostConf pcfg.yourls.socket)
	154	(rompr.apache.vhostConf pcfg.rompr.socket)
	155	(shaarli.apache.vhostConf pcfg.shaarli.socket)
	156	(dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
	157	(ldap.apache.vhostConf pcfg.ldap.socket)
	158	(kanboard.apache.vhostConf pcfg.kanboard.socket)
	159	(grocy.apache.vhostConf pcfg.grocy.socket)
a8ef1adb	160	(phpbb.apache.vhostConf pcfg.phpbb.socket)
7df5e532	161	(dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
ea3b46ee IB	162	''
	163	Alias /paste /var/lib/fiche
	164	<Directory "/var/lib/fiche">
	165	DirectoryIndex index.txt index.html
	166	AllowOverride None
	167	Require all granted
	168	Options -Indexes
	169	</Directory>
251c0a13	170
cb589b2e IB	171	Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
cb589b2e IB	172	<Directory "/var/lib/buildbot/outputs/immae/bip39">
251c0a13 IB	173	DirectoryIndex index.html
	174	AllowOverride None
	175	Require all granted
	176	</Directory>
	177
	178	Alias /webhooks ${config.secrets.location}/webapps/webhooks
	179	<Directory "${config.secrets.location}/webapps/webhooks">
	180	Options -Indexes
	181	Require all granted
	182	AllowOverride None
	183	<FilesMatch "\.php$">
	184	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	185	</FilesMatch>
	186	</Directory>
ea3b46ee	187	''
10889174 IB	188	];
	189	};
	190
29f8cb85	191	services.websites.env.tools.vhostConfs.outils = {
7df420c2 IB	192	certName = "eldiron";
7df420c2 IB	193	addToCerts = true;
0f71cd76	194	hosts = [ "outils.immae.eu" ];
7df420c2	195	root = null;
70606070 IB	196	extraConfig = [
	197	''
	198	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	199
	200	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	201
	202	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	203	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	204
	205	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	206	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	207	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	208	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	209
	210	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	211
afcc5de0 IB	212	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
afcc5de0 IB	213
3f453c7d IB	214	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
3f453c7d IB	215
ea9c6fe8 IB	216	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
ea9c6fe8 IB	217
70606070 IB	218	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	219	''
	220	];
	221	};
	222
f40f5b23 IB	223	systemd.services = {
	224	phpfpm-dokuwiki = {
	225	after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
	226	wants = dokuwiki.phpFpm.serviceDeps;
	227	};
a8ef1adb IB	228	phpfpm-phpbb = {
	229	after = lib.mkAfter phpbb.phpFpm.serviceDeps;
	230	wants = phpbb.phpFpm.serviceDeps;
	231	};
f40f5b23 IB	232	phpfpm-kanboard = {
	233	after = lib.mkAfter kanboard.phpFpm.serviceDeps;
	234	wants = kanboard.phpFpm.serviceDeps;
	235	};
	236	phpfpm-ldap = {
	237	after = lib.mkAfter ldap.phpFpm.serviceDeps;
	238	wants = ldap.phpFpm.serviceDeps;
	239	};
f40f5b23 IB	240	phpfpm-shaarli = {
	241	after = lib.mkAfter shaarli.phpFpm.serviceDeps;
	242	wants = shaarli.phpFpm.serviceDeps;
	243	};
	244	phpfpm-ttrss = {
	245	after = lib.mkAfter ttrss.phpFpm.serviceDeps;
	246	wants = ttrss.phpFpm.serviceDeps;
	247	};
	248	phpfpm-wallabag = {
	249	after = lib.mkAfter wallabag.phpFpm.serviceDeps;
	250	wants = wallabag.phpFpm.serviceDeps;
	251	preStart = lib.mkAfter wallabag.phpFpm.preStart;
	252	};
	253	phpfpm-yourls = {
	254	after = lib.mkAfter yourls.phpFpm.serviceDeps;
	255	wants = yourls.phpFpm.serviceDeps;
	256	};
	257	ympd = {
	258	description = "Standalone MPD Web GUI written in C";
	259	wantedBy = [ "multi-user.target" ];
	260	script = ''
	261	export MPD_PASSWORD=$(cat /var/secrets/mpd)
	262	${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
	263	'';
	264	};
	265	tt-rss = {
	266	description = "Tiny Tiny RSS feeds update daemon";
	267	serviceConfig = {
	268	User = "wwwrun";
dcac3ec7	269	ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
f40f5b23 IB	270	StandardOutput = "syslog";
	271	StandardError = "syslog";
	272	PermissionsStartOnly = true;
	273	};
	274
	275	wantedBy = [ "multi-user.target" ];
	276	requires = ["postgresql.service"];
	277	after = ["network.target" "postgresql.service"];
	278	};
	279	};
	280
17f6eae9 IB	281	services.filesWatcher.ympd = {
	282	restart = true;
	283	paths = [ "/var/secrets/mpd" ];
	284	};
	285
441da8aa IB	286	services.phpfpm.pools = {
441da8aa IB	287	tools = {
5400b9b6 IB	288	user = "wwwrun";
	289	group = "wwwrun";
	290	settings = {
	291	"listen.owner" = "wwwrun";
	292	"listen.group" = "wwwrun";
	293	"pm" = "dynamic";
	294	"pm.max_children" = "60";
	295	"pm.start_servers" = "2";
	296	"pm.min_spare_servers" = "1";
	297	"pm.max_spare_servers" = "10";
f40f5b23	298
5400b9b6 IB	299	# Needed to avoid clashes in browser cookies (same domain)
5400b9b6 IB	300	"php_value[session.name]" = "ToolsPHPSESSID";
251c0a13	301	"php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
a8ef1adb IB	302	"/run/wrappers/bin/sendmail" landing "/tmp"
a8ef1adb IB	303	"${config.secrets.location}/webapps/webhooks"
251c0a13 IB	304	];
	305	};
	306	phpEnv = {
	307	CONTACT_EMAIL = config.myEnv.tools.contact;
68c45ad5 IB	308	CSP_REPORT_URI = with config.myEnv.tools.csp_reports.postgresql;
68c45ad5 IB	309	"\"host=${socket} dbname=${database} user=${user} password=${password}\"";
5400b9b6	310	};
dcac3ec7	311	phpPackage = pkgs.php72;
441da8aa IB	312	};
441da8aa IB	313	devtools = {
5400b9b6 IB	314	user = "wwwrun";
	315	group = "wwwrun";
	316	settings = {
	317	"listen.owner" = "wwwrun";
	318	"listen.group" = "wwwrun";
	319	"pm" = "dynamic";
	320	"pm.max_children" = "60";
	321	"pm.start_servers" = "2";
	322	"pm.min_spare_servers" = "1";
	323	"pm.max_spare_servers" = "10";
1922655a	324
5400b9b6 IB	325	"php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
5400b9b6 IB	326	};
f5761aac	327	phpPackage = pkgs.php72.withExtensions(e: pkgs.php72.enabledExtensions ++ [e.mysqli e.redis e.apcu e.opcache ]);
441da8aa	328	};
5400b9b6	329	adminer = adminer.phpFpm;
441da8aa	330	ttrss = {
5400b9b6 IB	331	user = "wwwrun";
	332	group = "wwwrun";
	333	settings = ttrss.phpFpm.pool;
dcac3ec7	334	phpPackage = pkgs.php72;
441da8aa IB	335	};
441da8aa IB	336	wallabag = {
5400b9b6 IB	337	user = "wwwrun";
	338	group = "wwwrun";
	339	settings = wallabag.phpFpm.pool;
46c99b57	340	phpPackage = pkgs.php73.withExtensions(e: pkgs.php73.enabledExtensions ++ [e.tidy]);
441da8aa IB	341	};
441da8aa IB	342	yourls = {
5400b9b6 IB	343	user = "wwwrun";
	344	group = "wwwrun";
	345	settings = yourls.phpFpm.pool;
dcac3ec7	346	phpPackage = pkgs.php72;
441da8aa IB	347	};
441da8aa IB	348	rompr = {
5400b9b6 IB	349	user = "wwwrun";
	350	group = "wwwrun";
	351	settings = rompr.phpFpm.pool;
dcac3ec7	352	phpPackage = pkgs.php72;
441da8aa IB	353	};
441da8aa IB	354	shaarli = {
5400b9b6 IB	355	user = "wwwrun";
	356	group = "wwwrun";
	357	settings = shaarli.phpFpm.pool;
dcac3ec7	358	phpPackage = pkgs.php72;
441da8aa	359	};
7df5e532 IB	360	dmarc-reports = {
	361	user = "wwwrun";
	362	group = "wwwrun";
	363	settings = dmarc-reports.phpFpm.pool;
	364	phpEnv = dmarc-reports.phpFpm.phpEnv;
dcac3ec7	365	phpPackage = pkgs.php72;
7df5e532	366	};
441da8aa	367	dokuwiki = {
5400b9b6 IB	368	user = "wwwrun";
	369	group = "wwwrun";
	370	settings = dokuwiki.phpFpm.pool;
dcac3ec7	371	phpPackage = pkgs.php72;
441da8aa	372	};
a8ef1adb IB	373	phpbb = {
	374	user = "wwwrun";
	375	group = "wwwrun";
	376	settings = phpbb.phpFpm.pool;
dcac3ec7	377	phpPackage = pkgs.php72;
a8ef1adb	378	};
441da8aa	379	ldap = {
5400b9b6 IB	380	user = "wwwrun";
	381	group = "wwwrun";
	382	settings = ldap.phpFpm.pool;
64608496	383	phpPackage = pkgs.php72;
441da8aa IB	384	};
441da8aa IB	385	kanboard = {
5400b9b6 IB	386	user = "wwwrun";
	387	group = "wwwrun";
	388	settings = kanboard.phpFpm.pool;
dcac3ec7	389	phpPackage = pkgs.php72;
441da8aa IB	390	};
441da8aa IB	391	grocy = {
5400b9b6 IB	392	user = "wwwrun";
	393	group = "wwwrun";
	394	settings = grocy.phpFpm.pool;
dcac3ec7	395	phpPackage = pkgs.php72;
441da8aa	396	};
10889174 IB	397	};
	398
	399	system.activationScripts = {
4288c2f2	400	adminer = adminer.activationScript;
c7627e14	401	grocy = grocy.activationScript;
10889174	402	ttrss = ttrss.activationScript;
aebd817b	403	wallabag = wallabag.activationScript;
133ebaee	404	yourls = yourls.activationScript;
bfe3c9c9	405	rompr = rompr.activationScript;
95b20e17	406	shaarli = shaarli.activationScript;
b892dcbe	407	dokuwiki = dokuwiki.activationScript;
a8ef1adb	408	phpbb = phpbb.activationScript;
d4ed0eff	409	kanboard = kanboard.activationScript;
4288c2f2	410	ldap = ldap.activationScript;
10889174 IB	411	};
10889174 IB	412
d3452fc5	413	services.websites.webappDirs = {
4288c2f2	414	_adminer = adminer.webRoot;
7df5e532	415	"${dmarc-reports.apache.webappName}" = dmarc-reports.webRoot;
4288c2f2	416	"${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
a8ef1adb	417	"${phpbb.apache.webappName}" = phpbb.webRoot;
4288c2f2 IB	418	"${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
4288c2f2 IB	419	"${rompr.apache.webappName}" = rompr.webRoot;
4288c2f2 IB	420	"${shaarli.apache.webappName}" = shaarli.webRoot;
	421	"${ttrss.apache.webappName}" = ttrss.webRoot;
	422	"${wallabag.apache.webappName}" = wallabag.webRoot;
	423	"${yourls.apache.webappName}" = yourls.webRoot;
4288c2f2	424	"${kanboard.apache.webappName}" = kanboard.webRoot;
c7627e14	425	"${grocy.apache.webappName}" = grocy.webRoot;
4288c2f2	426	};
a95ab089	427
29f8cb85	428	services.websites.env.tools.watchPaths = [
9247b444	429	"/var/secrets/webapps/tools-shaarli"
17f6eae9 IB	430	];
	431	services.filesWatcher.phpfpm-wallabag = {
	432	restart = true;
	433	paths = [ "/var/secrets/webapps/tools-wallabag" ];
	434	};
ea3b46ee IB	435
	436	services.fiche = {
	437	enable = true;
	438	port = config.myEnv.ports.fiche;
	439	domain = "tools.immae.eu/paste";
	440	https = true;
	441	};
10889174 IB	442	};
	443	}
	444