[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix

{ lib, pkgs, config, ... }:
let
  flakeCompat = import ../../../../../lib/flake-compat.nix;

  adminer = pkgs.callPackage ./adminer.nix {};
  ympd = pkgs.callPackage ./ympd.nix {
    env = config.myEnv.tools.ympd;
  };
  ttrss = pkgs.callPackage ./ttrss.nix {
    inherit (pkgs.webapps) ttrss ttrss-plugins;
    env = config.myEnv.tools.ttrss;
    php = pkgs.php72;
    inherit config;
  };
  kanboard = pkgs.callPackage ./kanboard.nix  {
    inherit config;
    env = config.myEnv.tools.kanboard;
  };
  wallabag = pkgs.callPackage ./wallabag.nix {
    wallabag = pkgs.webapps.wallabag.override {
      composerEnv = pkgs.composerEnv.override {
        php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
      };
    };
    env = config.myEnv.tools.wallabag;
    inherit config;
  };
  yourls = pkgs.callPackage ./yourls.nix {
    inherit (pkgs.webapps) yourls yourls-plugins;
    env = config.myEnv.tools.yourls;
    inherit config;
  };
  rompr = pkgs.callPackage ./rompr.nix {
    inherit (pkgs.webapps) rompr;
    env = config.myEnv.tools.rompr;
  };
  shaarli = pkgs.callPackage ./shaarli.nix {
    env = config.myEnv.tools.shaarli;
    inherit config;
  };
  dokuwiki = pkgs.callPackage ./dokuwiki.nix {
    inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
  };
  ldap = pkgs.callPackage ./ldap.nix {
    inherit (pkgs.webapps) phpldapadmin;
    env = config.myEnv.tools.phpldapadmin;
    inherit config;
  };
  grocy = pkgs.callPackage ./grocy.nix {
    grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
  };
  phpbb = pkgs.callPackage ./phpbb.nix {
    phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
      e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
      e.empteintesduweb.monitoranswers e.lr94.autosubscribe
      e.phpbbmodders.adduser ]);
  };
  webhooks = pkgs.callPackage ./webhooks.nix {
    env = config.myEnv.tools.webhooks;
  };
  dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
    env = config.myEnv.tools.dmarc_reports;
    inherit config;
  };
  csp-reports = pkgs.callPackage ./csp_reports.nix {
    env = config.myEnv.tools.csp_reports;
  };

  landing = pkgs.callPackage ./landing.nix {};

  cfg = config.myServices.websites.tools.tools;
  pcfg = config.services.phpfpm.pools;
in {
  imports =
    builtins.attrValues (flakeCompat ../../../../../flakes/private/paste).nixosModules;

  options.myServices.websites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    secrets.keys =
      kanboard.keys
      // ldap.keys
      // shaarli.keys
      // ttrss.keys
      // wallabag.keys
      // yourls.keys
      // dmarc-reports.keys
      // csp-reports.keys
      // webhooks.keys;

    services.duplyBackup.profiles = {
      dokuwiki = dokuwiki.backups;
      grocy = grocy.backups;
      kanboard = kanboard.backups;
      rompr = rompr.backups;
      shaarli = shaarli.backups;
      ttrss = ttrss.backups;
      wallabag = wallabag.backups;
      phpbb = phpbb.backups;
    };

    services.websites.env.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ dmarc-reports.apache.modules
      ++ phpbb.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    services.websites.env.integration.vhostConfs.devtools = {
      certName     = "integration";
      certMainHost = "devtools.immae.eu";
      addToCerts   = true;
      hosts        = [ "devtools.immae.eu" ];
      root         = "/var/lib/ftp/devtools.immae.eu";
      extraConfig  = [
        ''
          Use Apaxy "/var/lib/ftp/devtools.immae.eu" "title"
          Timeout 600
          ProxyTimeout 600
          Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
          <Directory "/var/lib/ftp/devtools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
      ];
    };

    services.websites.env.tools.vhostConfs.tools = {
      certName    = "eldiron";
      addToCerts  = true;
      hosts       = ["tools.immae.eu" ];
      root        = landing;
      extraConfig = [
        ''
          RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1
          RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1
          RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

          <Directory "${landing}">
            DirectoryIndex index.html
            AllowOverride None
            Require all granted

            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        (adminer.apache.vhostConf pcfg.adminer.socket)
        ympd.apache.vhostConf
        (ttrss.apache.vhostConf pcfg.ttrss.socket)
        (wallabag.apache.vhostConf pcfg.wallabag.socket)
        (yourls.apache.vhostConf pcfg.yourls.socket)
        (rompr.apache.vhostConf pcfg.rompr.socket)
        (shaarli.apache.vhostConf pcfg.shaarli.socket)
        (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
        (ldap.apache.vhostConf pcfg.ldap.socket)
        (kanboard.apache.vhostConf pcfg.kanboard.socket)
        (grocy.apache.vhostConf pcfg.grocy.socket)
        (phpbb.apache.vhostConf pcfg.phpbb.socket)
        (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
        ''
          <Location "/paste/">
            ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPreserveHost on
          </Location>
          <Location "/paste">
            ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPreserveHost on
          </Location>

          Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
          <Directory "/var/lib/buildbot/outputs/immae/bip39">
            DirectoryIndex index.html
            AllowOverride None
            Require all granted
          </Directory>

          Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
          <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
            Options -Indexes
            Require all granted
            AllowOverride None
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
        ''
      ];
    };

    services.websites.env.tools.vhostConfs.outils = {
      certName   = "eldiron";
      addToCerts = true;
      hosts      = [ "outils.immae.eu" ];
      root       = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1

        RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

        RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    systemd.services = {
      phpfpm-dokuwiki = {
        after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
        wants = dokuwiki.phpFpm.serviceDeps;
      };
      phpfpm-phpbb = {
        after = lib.mkAfter phpbb.phpFpm.serviceDeps;
        wants = phpbb.phpFpm.serviceDeps;
      };
      phpfpm-kanboard = {
        after = lib.mkAfter kanboard.phpFpm.serviceDeps;
        wants = kanboard.phpFpm.serviceDeps;
      };
      phpfpm-ldap = {
        after = lib.mkAfter ldap.phpFpm.serviceDeps;
        wants = ldap.phpFpm.serviceDeps;
      };
      phpfpm-shaarli = {
        after = lib.mkAfter shaarli.phpFpm.serviceDeps;
        wants = shaarli.phpFpm.serviceDeps;
      };
      phpfpm-ttrss = {
        after = lib.mkAfter ttrss.phpFpm.serviceDeps;
        wants = ttrss.phpFpm.serviceDeps;
      };
      phpfpm-wallabag = {
        after = lib.mkAfter wallabag.phpFpm.serviceDeps;
        wants = wallabag.phpFpm.serviceDeps;
        preStart = lib.mkAfter wallabag.phpFpm.preStart;
      };
      phpfpm-yourls = {
        after = lib.mkAfter yourls.phpFpm.serviceDeps;
        wants = yourls.phpFpm.serviceDeps;
      };
      ympd = {
        description = "Standalone MPD Web GUI written in C";
        wantedBy = [ "multi-user.target" ];
        script = ''
          export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
          ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
          '';
      };
      tt-rss = {
        description = "Tiny Tiny RSS feeds update daemon";
        serviceConfig = {
          User = "wwwrun";
          ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
          StandardOutput = "syslog";
          StandardError = "syslog";
          PermissionsStartOnly = true;
        };

        wantedBy = [ "multi-user.target" ];
        requires = ["postgresql.service"];
        after = ["network.target" "postgresql.service"];
      };
    };

    services.filesWatcher.ympd = {
      restart = true;
      paths = [ config.secrets.fullPaths."mpd" ];
    };

    services.phpfpm.pools = {
      tools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          # Needed to avoid clashes in browser cookies (same domain)
          "php_value[session.name]" = "ToolsPHPSESSID";
          "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
            "/run/wrappers/bin/sendmail" landing "/tmp"
            config.secrets.fullPaths."webapps/webhooks"
          ];
          "include" = config.secrets.fullPaths."webapps/tools-csp-reports.conf";
        };
        phpEnv = {
          CONTACT_EMAIL = config.myEnv.tools.contact;
        };
        phpPackage = pkgs.php72;
      };
      devtools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
        };
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
      };
      adminer = adminer.phpFpm;
      ttrss = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ttrss.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      wallabag = {
        user = "wwwrun";
        group = "wwwrun";
        settings = wallabag.phpFpm.pool;
        phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
      };
      yourls = {
        user = "wwwrun";
        group = "wwwrun";
        settings = yourls.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      rompr = {
        user = "wwwrun";
        group = "wwwrun";
        settings = rompr.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      shaarli = {
        user = "wwwrun";
        group = "wwwrun";
        settings = shaarli.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      dmarc-reports = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dmarc-reports.phpFpm.pool;
        phpEnv = dmarc-reports.phpFpm.phpEnv;
        phpPackage = pkgs.php72;
      };
      dokuwiki = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dokuwiki.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      phpbb = {
        user = "wwwrun";
        group = "wwwrun";
        settings = phpbb.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      ldap = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ldap.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      kanboard = {
        user = "wwwrun";
        group = "wwwrun";
        settings = kanboard.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      grocy = {
        user = "wwwrun";
        group = "wwwrun";
        settings = grocy.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
    };

    system.activationScripts = {
      adminer = adminer.activationScript;
      grocy = grocy.activationScript;
      ttrss = ttrss.activationScript;
      wallabag = wallabag.activationScript;
      yourls = yourls.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      phpbb = phpbb.activationScript;
      kanboard = kanboard.activationScript;
      ldap = ldap.activationScript;
    };

    services.websites.env.tools.watchPaths = [
      config.secrets.fullPaths."webapps/tools-shaarli"
    ];
    services.filesWatcher.phpfpm-wallabag = {
      restart = true;
      paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
    };

  };
}
Commit	Line	Data
ab8f306d	1	{ lib, pkgs, config, ... }:
10889174	2	let
a9f52ec5 IB	3	flakeCompat = import ../../../../../lib/flake-compat.nix;
a9f52ec5 IB	4
750fe5a4	5	adminer = pkgs.callPackage ./adminer.nix {};
4288c2f2	6	ympd = pkgs.callPackage ./ympd.nix {
ab8f306d	7	env = config.myEnv.tools.ympd;
4288c2f2 IB	8	};
	9	ttrss = pkgs.callPackage ./ttrss.nix {
	10	inherit (pkgs.webapps) ttrss ttrss-plugins;
ab8f306d	11	env = config.myEnv.tools.ttrss;
dcac3ec7	12	php = pkgs.php72;
da30ae4f	13	inherit config;
4288c2f2	14	};
4288c2f2	15	kanboard = pkgs.callPackage ./kanboard.nix {
da30ae4f	16	inherit config;
ab8f306d	17	env = config.myEnv.tools.kanboard;
4288c2f2 IB	18	};
4288c2f2 IB	19	wallabag = pkgs.callPackage ./wallabag.nix {
46c99b57 IB	20	wallabag = pkgs.webapps.wallabag.override {
46c99b57 IB	21	composerEnv = pkgs.composerEnv.override {
2053ddac	22	php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
46c99b57 IB	23	};
46c99b57 IB	24	};
ab8f306d	25	env = config.myEnv.tools.wallabag;
da30ae4f	26	inherit config;
4288c2f2 IB	27	};
	28	yourls = pkgs.callPackage ./yourls.nix {
	29	inherit (pkgs.webapps) yourls yourls-plugins;
ab8f306d	30	env = config.myEnv.tools.yourls;
da30ae4f	31	inherit config;
4288c2f2 IB	32	};
	33	rompr = pkgs.callPackage ./rompr.nix {
	34	inherit (pkgs.webapps) rompr;
ab8f306d	35	env = config.myEnv.tools.rompr;
4288c2f2 IB	36	};
4288c2f2 IB	37	shaarli = pkgs.callPackage ./shaarli.nix {
ab8f306d	38	env = config.myEnv.tools.shaarli;
da30ae4f	39	inherit config;
4288c2f2 IB	40	};
	41	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
	42	inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
	43	};
	44	ldap = pkgs.callPackage ./ldap.nix {
	45	inherit (pkgs.webapps) phpldapadmin;
ab8f306d	46	env = config.myEnv.tools.phpldapadmin;
da30ae4f	47	inherit config;
4288c2f2	48	};
c7627e14	49	grocy = pkgs.callPackage ./grocy.nix {
dcac3ec7	50	grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
c7627e14	51	};
a8ef1adb IB	52	phpbb = pkgs.callPackage ./phpbb.nix {
	53	phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
	54	e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
	55	e.empteintesduweb.monitoranswers e.lr94.autosubscribe
	56	e.phpbbmodders.adduser ]);
	57	};
251c0a13 IB	58	webhooks = pkgs.callPackage ./webhooks.nix {
	59	env = config.myEnv.tools.webhooks;
	60	};
7df5e532 IB	61	dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
7df5e532 IB	62	env = config.myEnv.tools.dmarc_reports;
da30ae4f	63	inherit config;
7df5e532	64	};
0966f95c IB	65	csp-reports = pkgs.callPackage ./csp_reports.nix {
	66	env = config.myEnv.tools.csp_reports;
	67	};
251c0a13 IB	68
251c0a13 IB	69	landing = pkgs.callPackage ./landing.nix {};
10889174	70
4288c2f2	71	cfg = config.myServices.websites.tools.tools;
5400b9b6	72	pcfg = config.services.phpfpm.pools;
10889174	73	in {
a9f52ec5 IB	74	imports =
	75	builtins.attrValues (flakeCompat ../../../../../flakes/private/paste).nixosModules;
	76
4288c2f2	77	options.myServices.websites.tools.tools = {
10889174 IB	78	enable = lib.mkEnableOption "enable tools website";
	79	};
	80
	81	config = lib.mkIf cfg.enable {
1a718805	82	secrets.keys =
a840a21c	83	kanboard.keys
4c4652aa IB	84	// ldap.keys
	85	// shaarli.keys
	86	// ttrss.keys
	87	// wallabag.keys
	88	// yourls.keys
	89	// dmarc-reports.keys
	90	// csp-reports.keys
	91	// webhooks.keys;
98163486	92
d2e703c5	93	services.duplyBackup.profiles = {
6a8252b1	94	dokuwiki = dokuwiki.backups;
c7627e14	95	grocy = grocy.backups;
6a8252b1 IB	96	kanboard = kanboard.backups;
	97	rompr = rompr.backups;
	98	shaarli = shaarli.backups;
	99	ttrss = ttrss.backups;
	100	wallabag = wallabag.backups;
a8ef1adb	101	phpbb = phpbb.backups;
6a8252b1 IB	102	};
6a8252b1 IB	103
29f8cb85	104	services.websites.env.tools.modules =
1922655a IB	105	[ "proxy_fcgi" ]
1922655a IB	106	++ adminer.apache.modules
10889174 IB	107	++ ympd.apache.modules
10889174 IB	108	++ ttrss.apache.modules
133ebaee	109	++ wallabag.apache.modules
bfe3c9c9	110	++ yourls.apache.modules
95b20e17	111	++ rompr.apache.modules
b892dcbe	112	++ shaarli.apache.modules
f80772dc	113	++ dokuwiki.apache.modules
7df5e532	114	++ dmarc-reports.apache.modules
a8ef1adb	115	++ phpbb.apache.modules
d4ed0eff IB	116	++ ldap.apache.modules
d4ed0eff IB	117	++ kanboard.apache.modules;
10889174	118
29f8cb85	119	services.websites.env.integration.vhostConfs.devtools = {
0f71cd76 IB	120	certName = "integration";
	121	certMainHost = "devtools.immae.eu";
	122	addToCerts = true;
	123	hosts = [ "devtools.immae.eu" ];
	124	root = "/var/lib/ftp/devtools.immae.eu";
	125	extraConfig = [
0aae0181	126	''
a0e80453	127	Use Apaxy "/var/lib/ftp/devtools.immae.eu" "title"
9338c832 IB	128	Timeout 600
9338c832 IB	129	ProxyTimeout 600
68c45ad5	130	Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
0aae0181 IB	131	<Directory "/var/lib/ftp/devtools.immae.eu">
	132	DirectoryIndex index.php index.htm index.html
	133	AllowOverride all
	134	Require all granted
	135	<FilesMatch "\.php$">
5400b9b6	136	SetHandler "proxy:unix:${pcfg.devtools.socket}\|fcgi://localhost"
0aae0181 IB	137	</FilesMatch>
	138	</Directory>
	139	''
46f30ecc IB	140	];
	141	};
	142
29f8cb85	143	services.websites.env.tools.vhostConfs.tools = {
10889174	144	certName = "eldiron";
7df420c2	145	addToCerts = true;
10889174	146	hosts = ["tools.immae.eu" ];
a8ef1adb	147	root = landing;
10889174	148	extraConfig = [
1922655a	149	''
ea9c6fe8	150	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
afcc5de0	151	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
3f453c7d	152	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
afcc5de0	153
251c0a13 IB	154	<Directory "${landing}">
	155	DirectoryIndex index.html
	156	AllowOverride None
	157	Require all granted
	158
	159	<FilesMatch "\.php$">
	160	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	161	</FilesMatch>
	162	</Directory>
1922655a	163	''
5400b9b6	164	(adminer.apache.vhostConf pcfg.adminer.socket)
10889174	165	ympd.apache.vhostConf
5400b9b6 IB	166	(ttrss.apache.vhostConf pcfg.ttrss.socket)
	167	(wallabag.apache.vhostConf pcfg.wallabag.socket)
	168	(yourls.apache.vhostConf pcfg.yourls.socket)
	169	(rompr.apache.vhostConf pcfg.rompr.socket)
	170	(shaarli.apache.vhostConf pcfg.shaarli.socket)
	171	(dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
	172	(ldap.apache.vhostConf pcfg.ldap.socket)
	173	(kanboard.apache.vhostConf pcfg.kanboard.socket)
	174	(grocy.apache.vhostConf pcfg.grocy.socket)
a8ef1adb	175	(phpbb.apache.vhostConf pcfg.phpbb.socket)
7df5e532	176	(dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
ea3b46ee	177	''
a9f52ec5 IB	178	<Location "/paste/">
	179	ProxyPass unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	180	ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	181	ProxyPreserveHost on
	182	</Location>
	183	<Location "/paste">
	184	ProxyPass unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	185	ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	186	ProxyPreserveHost on
	187	</Location>
251c0a13	188
cb589b2e IB	189	Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
cb589b2e IB	190	<Directory "/var/lib/buildbot/outputs/immae/bip39">
251c0a13 IB	191	DirectoryIndex index.html
	192	AllowOverride None
	193	Require all granted
	194	</Directory>
	195
da30ae4f IB	196	Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
da30ae4f IB	197	<Directory "${config.secrets.fullPaths."webapps/webhooks"}">
251c0a13 IB	198	Options -Indexes
	199	Require all granted
	200	AllowOverride None
	201	<FilesMatch "\.php$">
	202	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	203	</FilesMatch>
	204	</Directory>
ea3b46ee	205	''
10889174 IB	206	];
	207	};
	208
29f8cb85	209	services.websites.env.tools.vhostConfs.outils = {
7df420c2 IB	210	certName = "eldiron";
7df420c2 IB	211	addToCerts = true;
0f71cd76	212	hosts = [ "outils.immae.eu" ];
7df420c2	213	root = null;
70606070 IB	214	extraConfig = [
	215	''
	216	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	217
	218	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	219
	220	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	221	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	222
	223	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	224	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	225	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	226	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	227
	228	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	229
afcc5de0 IB	230	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
afcc5de0 IB	231
3f453c7d IB	232	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
3f453c7d IB	233
ea9c6fe8 IB	234	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
ea9c6fe8 IB	235
70606070 IB	236	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	237	''
	238	];
	239	};
	240
f40f5b23 IB	241	systemd.services = {
	242	phpfpm-dokuwiki = {
	243	after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
	244	wants = dokuwiki.phpFpm.serviceDeps;
	245	};
a8ef1adb IB	246	phpfpm-phpbb = {
	247	after = lib.mkAfter phpbb.phpFpm.serviceDeps;
	248	wants = phpbb.phpFpm.serviceDeps;
	249	};
f40f5b23 IB	250	phpfpm-kanboard = {
	251	after = lib.mkAfter kanboard.phpFpm.serviceDeps;
	252	wants = kanboard.phpFpm.serviceDeps;
	253	};
	254	phpfpm-ldap = {
	255	after = lib.mkAfter ldap.phpFpm.serviceDeps;
	256	wants = ldap.phpFpm.serviceDeps;
	257	};
f40f5b23 IB	258	phpfpm-shaarli = {
	259	after = lib.mkAfter shaarli.phpFpm.serviceDeps;
	260	wants = shaarli.phpFpm.serviceDeps;
	261	};
	262	phpfpm-ttrss = {
	263	after = lib.mkAfter ttrss.phpFpm.serviceDeps;
	264	wants = ttrss.phpFpm.serviceDeps;
	265	};
	266	phpfpm-wallabag = {
	267	after = lib.mkAfter wallabag.phpFpm.serviceDeps;
	268	wants = wallabag.phpFpm.serviceDeps;
	269	preStart = lib.mkAfter wallabag.phpFpm.preStart;
	270	};
	271	phpfpm-yourls = {
	272	after = lib.mkAfter yourls.phpFpm.serviceDeps;
	273	wants = yourls.phpFpm.serviceDeps;
	274	};
	275	ympd = {
	276	description = "Standalone MPD Web GUI written in C";
	277	wantedBy = [ "multi-user.target" ];
	278	script = ''
da30ae4f	279	export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
f40f5b23 IB	280	${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
	281	'';
	282	};
	283	tt-rss = {
	284	description = "Tiny Tiny RSS feeds update daemon";
	285	serviceConfig = {
	286	User = "wwwrun";
dcac3ec7	287	ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
f40f5b23 IB	288	StandardOutput = "syslog";
	289	StandardError = "syslog";
	290	PermissionsStartOnly = true;
	291	};
	292
	293	wantedBy = [ "multi-user.target" ];
	294	requires = ["postgresql.service"];
	295	after = ["network.target" "postgresql.service"];
	296	};
	297	};
	298
17f6eae9 IB	299	services.filesWatcher.ympd = {
17f6eae9 IB	300	restart = true;
da30ae4f	301	paths = [ config.secrets.fullPaths."mpd" ];
17f6eae9 IB	302	};
17f6eae9 IB	303
441da8aa IB	304	services.phpfpm.pools = {
441da8aa IB	305	tools = {
5400b9b6 IB	306	user = "wwwrun";
	307	group = "wwwrun";
	308	settings = {
	309	"listen.owner" = "wwwrun";
	310	"listen.group" = "wwwrun";
	311	"pm" = "dynamic";
	312	"pm.max_children" = "60";
	313	"pm.start_servers" = "2";
	314	"pm.min_spare_servers" = "1";
	315	"pm.max_spare_servers" = "10";
f40f5b23	316
5400b9b6 IB	317	# Needed to avoid clashes in browser cookies (same domain)
5400b9b6 IB	318	"php_value[session.name]" = "ToolsPHPSESSID";
251c0a13	319	"php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
a8ef1adb	320	"/run/wrappers/bin/sendmail" landing "/tmp"
da30ae4f	321	config.secrets.fullPaths."webapps/webhooks"
251c0a13	322	];
da30ae4f	323	"include" = config.secrets.fullPaths."webapps/tools-csp-reports.conf";
251c0a13 IB	324	};
	325	phpEnv = {
	326	CONTACT_EMAIL = config.myEnv.tools.contact;
5400b9b6	327	};
dcac3ec7	328	phpPackage = pkgs.php72;
441da8aa IB	329	};
441da8aa IB	330	devtools = {
5400b9b6 IB	331	user = "wwwrun";
	332	group = "wwwrun";
	333	settings = {
	334	"listen.owner" = "wwwrun";
	335	"listen.group" = "wwwrun";
	336	"pm" = "dynamic";
	337	"pm.max_children" = "60";
	338	"pm.start_servers" = "2";
	339	"pm.min_spare_servers" = "1";
	340	"pm.max_spare_servers" = "10";
1922655a	341
5400b9b6 IB	342	"php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
5400b9b6 IB	343	};
2053ddac	344	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
441da8aa	345	};
5400b9b6	346	adminer = adminer.phpFpm;
441da8aa	347	ttrss = {
5400b9b6 IB	348	user = "wwwrun";
	349	group = "wwwrun";
	350	settings = ttrss.phpFpm.pool;
dcac3ec7	351	phpPackage = pkgs.php72;
441da8aa IB	352	};
441da8aa IB	353	wallabag = {
5400b9b6 IB	354	user = "wwwrun";
	355	group = "wwwrun";
	356	settings = wallabag.phpFpm.pool;
2053ddac	357	phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
441da8aa IB	358	};
441da8aa IB	359	yourls = {
5400b9b6 IB	360	user = "wwwrun";
	361	group = "wwwrun";
	362	settings = yourls.phpFpm.pool;
dcac3ec7	363	phpPackage = pkgs.php72;
441da8aa IB	364	};
441da8aa IB	365	rompr = {
5400b9b6 IB	366	user = "wwwrun";
	367	group = "wwwrun";
	368	settings = rompr.phpFpm.pool;
dcac3ec7	369	phpPackage = pkgs.php72;
441da8aa IB	370	};
441da8aa IB	371	shaarli = {
5400b9b6 IB	372	user = "wwwrun";
	373	group = "wwwrun";
	374	settings = shaarli.phpFpm.pool;
dcac3ec7	375	phpPackage = pkgs.php72;
441da8aa	376	};
7df5e532 IB	377	dmarc-reports = {
	378	user = "wwwrun";
	379	group = "wwwrun";
	380	settings = dmarc-reports.phpFpm.pool;
	381	phpEnv = dmarc-reports.phpFpm.phpEnv;
dcac3ec7	382	phpPackage = pkgs.php72;
7df5e532	383	};
441da8aa	384	dokuwiki = {
5400b9b6 IB	385	user = "wwwrun";
	386	group = "wwwrun";
	387	settings = dokuwiki.phpFpm.pool;
dcac3ec7	388	phpPackage = pkgs.php72;
441da8aa	389	};
a8ef1adb IB	390	phpbb = {
	391	user = "wwwrun";
	392	group = "wwwrun";
	393	settings = phpbb.phpFpm.pool;
dcac3ec7	394	phpPackage = pkgs.php72;
a8ef1adb	395	};
441da8aa	396	ldap = {
5400b9b6 IB	397	user = "wwwrun";
	398	group = "wwwrun";
	399	settings = ldap.phpFpm.pool;
64608496	400	phpPackage = pkgs.php72;
441da8aa IB	401	};
441da8aa IB	402	kanboard = {
5400b9b6 IB	403	user = "wwwrun";
	404	group = "wwwrun";
	405	settings = kanboard.phpFpm.pool;
dcac3ec7	406	phpPackage = pkgs.php72;
441da8aa IB	407	};
441da8aa IB	408	grocy = {
5400b9b6 IB	409	user = "wwwrun";
	410	group = "wwwrun";
	411	settings = grocy.phpFpm.pool;
dcac3ec7	412	phpPackage = pkgs.php72;
441da8aa	413	};
10889174 IB	414	};
	415
	416	system.activationScripts = {
4288c2f2	417	adminer = adminer.activationScript;
c7627e14	418	grocy = grocy.activationScript;
10889174	419	ttrss = ttrss.activationScript;
aebd817b	420	wallabag = wallabag.activationScript;
133ebaee	421	yourls = yourls.activationScript;
bfe3c9c9	422	rompr = rompr.activationScript;
95b20e17	423	shaarli = shaarli.activationScript;
b892dcbe	424	dokuwiki = dokuwiki.activationScript;
a8ef1adb	425	phpbb = phpbb.activationScript;
d4ed0eff	426	kanboard = kanboard.activationScript;
4288c2f2	427	ldap = ldap.activationScript;
10889174 IB	428	};
10889174 IB	429
29f8cb85	430	services.websites.env.tools.watchPaths = [
da30ae4f	431	config.secrets.fullPaths."webapps/tools-shaarli"
17f6eae9 IB	432	];
	433	services.filesWatcher.phpfpm-wallabag = {
	434	restart = true;
da30ae4f	435	paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
17f6eae9	436	};
ea3b46ee	437
10889174 IB	438	};
	439	}
	440