]>
Commit | Line | Data |
---|---|---|
ab8f306d | 1 | { lib, pkgs, config, ... }: |
10889174 | 2 | let |
4288c2f2 IB |
3 | adminer = pkgs.callPackage ./adminer.nix { |
4 | inherit (pkgs.webapps) adminer; | |
5 | }; | |
6 | ympd = pkgs.callPackage ./ympd.nix { | |
ab8f306d | 7 | env = config.myEnv.tools.ympd; |
4288c2f2 IB |
8 | }; |
9 | ttrss = pkgs.callPackage ./ttrss.nix { | |
10 | inherit (pkgs.webapps) ttrss ttrss-plugins; | |
ab8f306d | 11 | env = config.myEnv.tools.ttrss; |
4288c2f2 | 12 | }; |
4288c2f2 | 13 | kanboard = pkgs.callPackage ./kanboard.nix { |
ab8f306d | 14 | env = config.myEnv.tools.kanboard; |
4288c2f2 IB |
15 | }; |
16 | wallabag = pkgs.callPackage ./wallabag.nix { | |
17 | inherit (pkgs.webapps) wallabag; | |
ab8f306d | 18 | env = config.myEnv.tools.wallabag; |
4288c2f2 IB |
19 | }; |
20 | yourls = pkgs.callPackage ./yourls.nix { | |
21 | inherit (pkgs.webapps) yourls yourls-plugins; | |
ab8f306d | 22 | env = config.myEnv.tools.yourls; |
4288c2f2 IB |
23 | }; |
24 | rompr = pkgs.callPackage ./rompr.nix { | |
25 | inherit (pkgs.webapps) rompr; | |
ab8f306d | 26 | env = config.myEnv.tools.rompr; |
4288c2f2 IB |
27 | }; |
28 | shaarli = pkgs.callPackage ./shaarli.nix { | |
ab8f306d | 29 | env = config.myEnv.tools.shaarli; |
4288c2f2 IB |
30 | }; |
31 | dokuwiki = pkgs.callPackage ./dokuwiki.nix { | |
32 | inherit (pkgs.webapps) dokuwiki dokuwiki-plugins; | |
33 | }; | |
34 | ldap = pkgs.callPackage ./ldap.nix { | |
35 | inherit (pkgs.webapps) phpldapadmin; | |
ab8f306d | 36 | env = config.myEnv.tools.phpldapadmin; |
4288c2f2 | 37 | }; |
10889174 | 38 | |
4288c2f2 | 39 | cfg = config.myServices.websites.tools.tools; |
10889174 | 40 | in { |
4288c2f2 | 41 | options.myServices.websites.tools.tools = { |
10889174 IB |
42 | enable = lib.mkEnableOption "enable tools website"; |
43 | }; | |
44 | ||
45 | config = lib.mkIf cfg.enable { | |
1a718805 | 46 | secrets.keys = |
a840a21c | 47 | kanboard.keys |
8db8e666 | 48 | ++ ldap.keys |
8db8e666 IB |
49 | ++ shaarli.keys |
50 | ++ ttrss.keys | |
51 | ++ wallabag.keys | |
52 | ++ yourls.keys; | |
98163486 | 53 | |
d2e703c5 | 54 | services.duplyBackup.profiles = { |
6a8252b1 IB |
55 | dokuwiki = dokuwiki.backups; |
56 | kanboard = kanboard.backups; | |
57 | rompr = rompr.backups; | |
58 | shaarli = shaarli.backups; | |
59 | ttrss = ttrss.backups; | |
60 | wallabag = wallabag.backups; | |
61 | }; | |
62 | ||
29f8cb85 | 63 | services.websites.env.tools.modules = |
1922655a IB |
64 | [ "proxy_fcgi" ] |
65 | ++ adminer.apache.modules | |
10889174 IB |
66 | ++ ympd.apache.modules |
67 | ++ ttrss.apache.modules | |
133ebaee | 68 | ++ wallabag.apache.modules |
bfe3c9c9 | 69 | ++ yourls.apache.modules |
95b20e17 | 70 | ++ rompr.apache.modules |
b892dcbe | 71 | ++ shaarli.apache.modules |
f80772dc | 72 | ++ dokuwiki.apache.modules |
d4ed0eff IB |
73 | ++ ldap.apache.modules |
74 | ++ kanboard.apache.modules; | |
10889174 | 75 | |
29f8cb85 | 76 | services.websites.env.integration.vhostConfs.devtools = { |
0f71cd76 IB |
77 | certName = "integration"; |
78 | certMainHost = "devtools.immae.eu"; | |
79 | addToCerts = true; | |
80 | hosts = [ "devtools.immae.eu" ]; | |
81 | root = "/var/lib/ftp/devtools.immae.eu"; | |
82 | extraConfig = [ | |
0aae0181 | 83 | '' |
9338c832 IB |
84 | Timeout 600 |
85 | ProxyTimeout 600 | |
0aae0181 IB |
86 | <Directory "/var/lib/ftp/devtools.immae.eu"> |
87 | DirectoryIndex index.php index.htm index.html | |
88 | AllowOverride all | |
89 | Require all granted | |
90 | <FilesMatch "\.php$"> | |
91 | SetHandler "proxy:unix:/var/run/phpfpm/devtools.sock|fcgi://localhost" | |
92 | </FilesMatch> | |
93 | </Directory> | |
94 | '' | |
46f30ecc IB |
95 | ]; |
96 | }; | |
97 | ||
29f8cb85 | 98 | services.websites.env.tools.vhostConfs.tools = { |
10889174 | 99 | certName = "eldiron"; |
7df420c2 | 100 | addToCerts = true; |
10889174 | 101 | hosts = ["tools.immae.eu" ]; |
1922655a | 102 | root = "/var/lib/ftp/tools.immae.eu"; |
10889174 | 103 | extraConfig = [ |
1922655a | 104 | '' |
afcc5de0 | 105 | RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1 |
3f453c7d | 106 | RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse |
afcc5de0 | 107 | |
1922655a | 108 | <Directory "/var/lib/ftp/tools.immae.eu"> |
0eaac6ba | 109 | DirectoryIndex index.php index.htm index.html |
1922655a IB |
110 | AllowOverride all |
111 | Require all granted | |
112 | <FilesMatch "\.php$"> | |
113 | SetHandler "proxy:unix:/var/run/phpfpm/tools.sock|fcgi://localhost" | |
114 | </FilesMatch> | |
115 | </Directory> | |
116 | '' | |
10889174 IB |
117 | adminer.apache.vhostConf |
118 | ympd.apache.vhostConf | |
119 | ttrss.apache.vhostConf | |
aebd817b | 120 | wallabag.apache.vhostConf |
133ebaee | 121 | yourls.apache.vhostConf |
bfe3c9c9 | 122 | rompr.apache.vhostConf |
95b20e17 | 123 | shaarli.apache.vhostConf |
b892dcbe | 124 | dokuwiki.apache.vhostConf |
f80772dc | 125 | ldap.apache.vhostConf |
d4ed0eff | 126 | kanboard.apache.vhostConf |
10889174 IB |
127 | ]; |
128 | }; | |
129 | ||
29f8cb85 | 130 | services.websites.env.tools.vhostConfs.outils = { |
7df420c2 IB |
131 | certName = "eldiron"; |
132 | addToCerts = true; | |
0f71cd76 | 133 | hosts = [ "outils.immae.eu" ]; |
7df420c2 | 134 | root = null; |
70606070 IB |
135 | extraConfig = [ |
136 | '' | |
137 | RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1 | |
138 | ||
139 | RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1 | |
140 | ||
141 | RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1 | |
142 | RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1 | |
143 | ||
144 | RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1 | |
145 | RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1 | |
146 | RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1 | |
147 | RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1 | |
148 | ||
149 | RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1 | |
150 | ||
afcc5de0 IB |
151 | RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1 |
152 | ||
3f453c7d IB |
153 | RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse |
154 | ||
70606070 IB |
155 | RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1 |
156 | '' | |
157 | ]; | |
158 | }; | |
159 | ||
f40f5b23 IB |
160 | systemd.services = { |
161 | phpfpm-dokuwiki = { | |
162 | after = lib.mkAfter dokuwiki.phpFpm.serviceDeps; | |
163 | wants = dokuwiki.phpFpm.serviceDeps; | |
164 | }; | |
165 | phpfpm-kanboard = { | |
166 | after = lib.mkAfter kanboard.phpFpm.serviceDeps; | |
167 | wants = kanboard.phpFpm.serviceDeps; | |
168 | }; | |
169 | phpfpm-ldap = { | |
170 | after = lib.mkAfter ldap.phpFpm.serviceDeps; | |
171 | wants = ldap.phpFpm.serviceDeps; | |
172 | }; | |
f40f5b23 IB |
173 | phpfpm-shaarli = { |
174 | after = lib.mkAfter shaarli.phpFpm.serviceDeps; | |
175 | wants = shaarli.phpFpm.serviceDeps; | |
176 | }; | |
177 | phpfpm-ttrss = { | |
178 | after = lib.mkAfter ttrss.phpFpm.serviceDeps; | |
179 | wants = ttrss.phpFpm.serviceDeps; | |
180 | }; | |
181 | phpfpm-wallabag = { | |
182 | after = lib.mkAfter wallabag.phpFpm.serviceDeps; | |
183 | wants = wallabag.phpFpm.serviceDeps; | |
184 | preStart = lib.mkAfter wallabag.phpFpm.preStart; | |
185 | }; | |
186 | phpfpm-yourls = { | |
187 | after = lib.mkAfter yourls.phpFpm.serviceDeps; | |
188 | wants = yourls.phpFpm.serviceDeps; | |
189 | }; | |
190 | ympd = { | |
191 | description = "Standalone MPD Web GUI written in C"; | |
192 | wantedBy = [ "multi-user.target" ]; | |
193 | script = '' | |
194 | export MPD_PASSWORD=$(cat /var/secrets/mpd) | |
195 | ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody | |
196 | ''; | |
197 | }; | |
198 | tt-rss = { | |
199 | description = "Tiny Tiny RSS feeds update daemon"; | |
200 | serviceConfig = { | |
201 | User = "wwwrun"; | |
202 | ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon"; | |
203 | StandardOutput = "syslog"; | |
204 | StandardError = "syslog"; | |
205 | PermissionsStartOnly = true; | |
206 | }; | |
207 | ||
208 | wantedBy = [ "multi-user.target" ]; | |
209 | requires = ["postgresql.service"]; | |
210 | after = ["network.target" "postgresql.service"]; | |
211 | }; | |
212 | }; | |
213 | ||
17f6eae9 IB |
214 | services.filesWatcher.ympd = { |
215 | restart = true; | |
216 | paths = [ "/var/secrets/mpd" ]; | |
217 | }; | |
218 | ||
f40f5b23 IB |
219 | services.phpfpm.pools.devtools = { |
220 | listen = "/var/run/phpfpm/devtools.sock"; | |
221 | extraConfig = '' | |
222 | user = wwwrun | |
223 | group = wwwrun | |
224 | listen.owner = wwwrun | |
225 | listen.group = wwwrun | |
226 | pm = dynamic | |
227 | pm.max_children = 60 | |
228 | pm.start_servers = 2 | |
229 | pm.min_spare_servers = 1 | |
230 | pm.max_spare_servers = 10 | |
231 | ||
232 | php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp" | |
233 | ''; | |
234 | phpOptions = config.services.phpfpm.phpOptions + '' | |
c75b75a2 | 235 | extension=${pkgs.php}/lib/php/extensions/mysqli.so |
0aae0181 IB |
236 | extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so |
237 | extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so | |
238 | zend_extension=${pkgs.php}/lib/php/extensions/opcache.so | |
239 | ''; | |
8eded9ec | 240 | }; |
f40f5b23 IB |
241 | |
242 | services.phpfpm.poolConfigs = { | |
10889174 IB |
243 | adminer = adminer.phpFpm.pool; |
244 | ttrss = ttrss.phpFpm.pool; | |
aebd817b | 245 | wallabag = wallabag.phpFpm.pool; |
133ebaee | 246 | yourls = yourls.phpFpm.pool; |
bfe3c9c9 | 247 | rompr = rompr.phpFpm.pool; |
95b20e17 | 248 | shaarli = shaarli.phpFpm.pool; |
b892dcbe | 249 | dokuwiki = dokuwiki.phpFpm.pool; |
f80772dc | 250 | ldap = ldap.phpFpm.pool; |
d4ed0eff | 251 | kanboard = kanboard.phpFpm.pool; |
1922655a IB |
252 | tools = '' |
253 | listen = /var/run/phpfpm/tools.sock | |
254 | user = wwwrun | |
255 | group = wwwrun | |
256 | listen.owner = wwwrun | |
257 | listen.group = wwwrun | |
258 | pm = dynamic | |
259 | pm.max_children = 60 | |
260 | pm.start_servers = 2 | |
261 | pm.min_spare_servers = 1 | |
262 | pm.max_spare_servers = 10 | |
263 | ||
264 | ; Needed to avoid clashes in browser cookies (same domain) | |
265 | php_value[session.name] = ToolsPHPSESSID | |
266 | php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp" | |
267 | ''; | |
10889174 IB |
268 | }; |
269 | ||
270 | system.activationScripts = { | |
4288c2f2 | 271 | adminer = adminer.activationScript; |
10889174 | 272 | ttrss = ttrss.activationScript; |
aebd817b | 273 | wallabag = wallabag.activationScript; |
133ebaee | 274 | yourls = yourls.activationScript; |
bfe3c9c9 | 275 | rompr = rompr.activationScript; |
95b20e17 | 276 | shaarli = shaarli.activationScript; |
b892dcbe | 277 | dokuwiki = dokuwiki.activationScript; |
d4ed0eff | 278 | kanboard = kanboard.activationScript; |
4288c2f2 | 279 | ldap = ldap.activationScript; |
10889174 IB |
280 | }; |
281 | ||
4288c2f2 IB |
282 | myServices.websites.webappDirs = { |
283 | _adminer = adminer.webRoot; | |
284 | "${dokuwiki.apache.webappName}" = dokuwiki.webRoot; | |
285 | "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs"; | |
286 | "${rompr.apache.webappName}" = rompr.webRoot; | |
4288c2f2 IB |
287 | "${shaarli.apache.webappName}" = shaarli.webRoot; |
288 | "${ttrss.apache.webappName}" = ttrss.webRoot; | |
289 | "${wallabag.apache.webappName}" = wallabag.webRoot; | |
290 | "${yourls.apache.webappName}" = yourls.webRoot; | |
4288c2f2 IB |
291 | "${kanboard.apache.webappName}" = kanboard.webRoot; |
292 | }; | |
a95ab089 | 293 | |
29f8cb85 | 294 | services.websites.env.tools.watchPaths = [ |
9247b444 | 295 | "/var/secrets/webapps/tools-shaarli" |
17f6eae9 IB |
296 | ]; |
297 | services.filesWatcher.phpfpm-wallabag = { | |
298 | restart = true; | |
299 | paths = [ "/var/secrets/webapps/tools-wallabag" ]; | |
300 | }; | |
10889174 IB |
301 | }; |
302 | } | |
303 |