[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix

{ lib, pkgs, config, ... }:
let
  adminer = pkgs.callPackage ./adminer.nix {
    inherit (pkgs.webapps) adminer;
  };
  ympd = pkgs.callPackage ./ympd.nix {
    env = config.myEnv.tools.ympd;
  };
  ttrss = pkgs.callPackage ./ttrss.nix {
    inherit (pkgs.webapps) ttrss ttrss-plugins;
    env = config.myEnv.tools.ttrss;
    php = pkgs.php72;
  };
  kanboard = pkgs.callPackage ./kanboard.nix  {
    env = config.myEnv.tools.kanboard;
  };
  wallabag = pkgs.callPackage ./wallabag.nix {
    wallabag = pkgs.webapps.wallabag.override {
      composerEnv = pkgs.composerEnv.override {
        php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
      };
    };
    env = config.myEnv.tools.wallabag;
  };
  yourls = pkgs.callPackage ./yourls.nix {
    inherit (pkgs.webapps) yourls yourls-plugins;
    env = config.myEnv.tools.yourls;
  };
  rompr = pkgs.callPackage ./rompr.nix {
    inherit (pkgs.webapps) rompr;
    env = config.myEnv.tools.rompr;
  };
  shaarli = pkgs.callPackage ./shaarli.nix {
    env = config.myEnv.tools.shaarli;
  };
  dokuwiki = pkgs.callPackage ./dokuwiki.nix {
    inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
  };
  ldap = pkgs.callPackage ./ldap.nix {
    inherit (pkgs.webapps) phpldapadmin;
    env = config.myEnv.tools.phpldapadmin;
  };
  grocy = pkgs.callPackage ./grocy.nix {
    grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
  };
  phpbb = pkgs.callPackage ./phpbb.nix {
    phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
      e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
      e.empteintesduweb.monitoranswers e.lr94.autosubscribe
      e.phpbbmodders.adduser ]);
  };
  webhooks = pkgs.callPackage ./webhooks.nix {
    env = config.myEnv.tools.webhooks;
  };
  dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
    env = config.myEnv.tools.dmarc_reports;
  };
  csp-reports = pkgs.callPackage ./csp_reports.nix {
    env = config.myEnv.tools.csp_reports;
  };

  landing = pkgs.callPackage ./landing.nix {};

  cfg = config.myServices.websites.tools.tools;
  pcfg = config.services.phpfpm.pools;
in {
  options.myServices.websites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    secrets.keys =
      kanboard.keys
      ++ ldap.keys
      ++ shaarli.keys
      ++ ttrss.keys
      ++ wallabag.keys
      ++ yourls.keys
      ++ dmarc-reports.keys
      ++ csp-reports.keys
      ++ webhooks.keys;

    services.duplyBackup.profiles = {
      dokuwiki = dokuwiki.backups;
      grocy = grocy.backups;
      kanboard = kanboard.backups;
      rompr = rompr.backups;
      shaarli = shaarli.backups;
      ttrss = ttrss.backups;
      wallabag = wallabag.backups;
      phpbb = phpbb.backups;
    };

    services.websites.env.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ dmarc-reports.apache.modules
      ++ phpbb.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    services.websites.env.integration.vhostConfs.devtools = {
      certName     = "integration";
      certMainHost = "devtools.immae.eu";
      addToCerts   = true;
      hosts        = [ "devtools.immae.eu" ];
      root         = "/var/lib/ftp/devtools.immae.eu";
      extraConfig  = [
        ''
          Use Apaxy "/var/lib/ftp/devtools.immae.eu" "title"
          Timeout 600
          ProxyTimeout 600
          Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
          <Directory "/var/lib/ftp/devtools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
      ];
    };

    services.websites.env.tools.vhostConfs.tools = {
      certName    = "eldiron";
      addToCerts  = true;
      hosts       = ["tools.immae.eu" ];
      root        = landing;
      extraConfig = [
        ''
          RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1
          RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1
          RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

          <Directory "${landing}">
            DirectoryIndex index.html
            AllowOverride None
            Require all granted

            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        (adminer.apache.vhostConf pcfg.adminer.socket)
        ympd.apache.vhostConf
        (ttrss.apache.vhostConf pcfg.ttrss.socket)
        (wallabag.apache.vhostConf pcfg.wallabag.socket)
        (yourls.apache.vhostConf pcfg.yourls.socket)
        (rompr.apache.vhostConf pcfg.rompr.socket)
        (shaarli.apache.vhostConf pcfg.shaarli.socket)
        (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
        (ldap.apache.vhostConf pcfg.ldap.socket)
        (kanboard.apache.vhostConf pcfg.kanboard.socket)
        (grocy.apache.vhostConf pcfg.grocy.socket)
        (phpbb.apache.vhostConf pcfg.phpbb.socket)
        (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
        ''
          Alias /paste /var/lib/fiche
          <Directory "/var/lib/fiche">
            DirectoryIndex index.txt index.html
            AllowOverride None
            Require all granted
            Options -Indexes
          </Directory>

          Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
          <Directory "/var/lib/buildbot/outputs/immae/bip39">
            DirectoryIndex index.html
            AllowOverride None
            Require all granted
          </Directory>

          Alias /webhooks ${config.secrets.location}/webapps/webhooks
          <Directory "${config.secrets.location}/webapps/webhooks">
            Options -Indexes
            Require all granted
            AllowOverride None
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
        ''
      ];
    };

    services.websites.env.tools.vhostConfs.outils = {
      certName   = "eldiron";
      addToCerts = true;
      hosts      = [ "outils.immae.eu" ];
      root       = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1

        RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

        RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    systemd.services = {
      phpfpm-dokuwiki = {
        after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
        wants = dokuwiki.phpFpm.serviceDeps;
      };
      phpfpm-phpbb = {
        after = lib.mkAfter phpbb.phpFpm.serviceDeps;
        wants = phpbb.phpFpm.serviceDeps;
      };
      phpfpm-kanboard = {
        after = lib.mkAfter kanboard.phpFpm.serviceDeps;
        wants = kanboard.phpFpm.serviceDeps;
      };
      phpfpm-ldap = {
        after = lib.mkAfter ldap.phpFpm.serviceDeps;
        wants = ldap.phpFpm.serviceDeps;
      };
      phpfpm-shaarli = {
        after = lib.mkAfter shaarli.phpFpm.serviceDeps;
        wants = shaarli.phpFpm.serviceDeps;
      };
      phpfpm-ttrss = {
        after = lib.mkAfter ttrss.phpFpm.serviceDeps;
        wants = ttrss.phpFpm.serviceDeps;
      };
      phpfpm-wallabag = {
        after = lib.mkAfter wallabag.phpFpm.serviceDeps;
        wants = wallabag.phpFpm.serviceDeps;
        preStart = lib.mkAfter wallabag.phpFpm.preStart;
      };
      phpfpm-yourls = {
        after = lib.mkAfter yourls.phpFpm.serviceDeps;
        wants = yourls.phpFpm.serviceDeps;
      };
      ympd = {
        description = "Standalone MPD Web GUI written in C";
        wantedBy = [ "multi-user.target" ];
        script = ''
          export MPD_PASSWORD=$(cat /var/secrets/mpd)
          ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
          '';
      };
      tt-rss = {
        description = "Tiny Tiny RSS feeds update daemon";
        serviceConfig = {
          User = "wwwrun";
          ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
          StandardOutput = "syslog";
          StandardError = "syslog";
          PermissionsStartOnly = true;
        };

        wantedBy = [ "multi-user.target" ];
        requires = ["postgresql.service"];
        after = ["network.target" "postgresql.service"];
      };
    };

    services.filesWatcher.ympd = {
      restart = true;
      paths = [ "/var/secrets/mpd" ];
    };

    services.phpfpm.pools = {
      tools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          # Needed to avoid clashes in browser cookies (same domain)
          "php_value[session.name]" = "ToolsPHPSESSID";
          "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
            "/run/wrappers/bin/sendmail" landing "/tmp"
            "${config.secrets.location}/webapps/webhooks"
          ];
          "include" = "${config.secrets.location}/webapps/tools-csp-reports.conf";
        };
        phpEnv = {
          CONTACT_EMAIL = config.myEnv.tools.contact;
        };
        phpPackage = pkgs.php72;
      };
      devtools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
        };
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
      };
      adminer = adminer.phpFpm;
      ttrss = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ttrss.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      wallabag = {
        user = "wwwrun";
        group = "wwwrun";
        settings = wallabag.phpFpm.pool;
        phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
      };
      yourls = {
        user = "wwwrun";
        group = "wwwrun";
        settings = yourls.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      rompr = {
        user = "wwwrun";
        group = "wwwrun";
        settings = rompr.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      shaarli = {
        user = "wwwrun";
        group = "wwwrun";
        settings = shaarli.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      dmarc-reports = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dmarc-reports.phpFpm.pool;
        phpEnv = dmarc-reports.phpFpm.phpEnv;
        phpPackage = pkgs.php72;
      };
      dokuwiki = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dokuwiki.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      phpbb = {
        user = "wwwrun";
        group = "wwwrun";
        settings = phpbb.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      ldap = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ldap.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      kanboard = {
        user = "wwwrun";
        group = "wwwrun";
        settings = kanboard.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      grocy = {
        user = "wwwrun";
        group = "wwwrun";
        settings = grocy.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
    };

    system.activationScripts = {
      adminer = adminer.activationScript;
      grocy = grocy.activationScript;
      ttrss = ttrss.activationScript;
      wallabag = wallabag.activationScript;
      yourls = yourls.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      phpbb = phpbb.activationScript;
      kanboard = kanboard.activationScript;
      ldap = ldap.activationScript;
    };

    services.websites.webappDirs = {
      _adminer = adminer.webRoot;
      "${dmarc-reports.apache.webappName}" = dmarc-reports.webRoot;
      "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
      "${phpbb.apache.webappName}" = phpbb.webRoot;
      "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
      "${rompr.apache.webappName}" = rompr.webRoot;
      "${shaarli.apache.webappName}" = shaarli.webRoot;
      "${ttrss.apache.webappName}" = ttrss.webRoot;
      "${wallabag.apache.webappName}" = wallabag.webRoot;
      "${yourls.apache.webappName}" = yourls.webRoot;
      "${kanboard.apache.webappName}" = kanboard.webRoot;
      "${grocy.apache.webappName}" = grocy.webRoot;
    };

    services.websites.env.tools.watchPaths = [
      "/var/secrets/webapps/tools-shaarli"
    ];
    services.filesWatcher.phpfpm-wallabag = {
      restart = true;
      paths = [ "/var/secrets/webapps/tools-wallabag" ];
    };

    services.fiche = {
      enable = true;
      port = config.myEnv.ports.fiche;
      domain = "tools.immae.eu/paste";
      https = true;
    };
  };
}
Commit	Line	Data
ab8f306d	1	{ lib, pkgs, config, ... }:
10889174	2	let
4288c2f2 IB	3	adminer = pkgs.callPackage ./adminer.nix {
	4	inherit (pkgs.webapps) adminer;
	5	};
	6	ympd = pkgs.callPackage ./ympd.nix {
ab8f306d	7	env = config.myEnv.tools.ympd;
4288c2f2 IB	8	};
	9	ttrss = pkgs.callPackage ./ttrss.nix {
	10	inherit (pkgs.webapps) ttrss ttrss-plugins;
ab8f306d	11	env = config.myEnv.tools.ttrss;
dcac3ec7	12	php = pkgs.php72;
4288c2f2	13	};
4288c2f2	14	kanboard = pkgs.callPackage ./kanboard.nix {
ab8f306d	15	env = config.myEnv.tools.kanboard;
4288c2f2 IB	16	};
4288c2f2 IB	17	wallabag = pkgs.callPackage ./wallabag.nix {
46c99b57 IB	18	wallabag = pkgs.webapps.wallabag.override {
46c99b57 IB	19	composerEnv = pkgs.composerEnv.override {
2053ddac	20	php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
46c99b57 IB	21	};
46c99b57 IB	22	};
ab8f306d	23	env = config.myEnv.tools.wallabag;
4288c2f2 IB	24	};
	25	yourls = pkgs.callPackage ./yourls.nix {
	26	inherit (pkgs.webapps) yourls yourls-plugins;
ab8f306d	27	env = config.myEnv.tools.yourls;
4288c2f2 IB	28	};
	29	rompr = pkgs.callPackage ./rompr.nix {
	30	inherit (pkgs.webapps) rompr;
ab8f306d	31	env = config.myEnv.tools.rompr;
4288c2f2 IB	32	};
4288c2f2 IB	33	shaarli = pkgs.callPackage ./shaarli.nix {
ab8f306d	34	env = config.myEnv.tools.shaarli;
4288c2f2 IB	35	};
	36	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
	37	inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
	38	};
	39	ldap = pkgs.callPackage ./ldap.nix {
	40	inherit (pkgs.webapps) phpldapadmin;
ab8f306d	41	env = config.myEnv.tools.phpldapadmin;
4288c2f2	42	};
c7627e14	43	grocy = pkgs.callPackage ./grocy.nix {
dcac3ec7	44	grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
c7627e14	45	};
a8ef1adb IB	46	phpbb = pkgs.callPackage ./phpbb.nix {
	47	phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
	48	e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
	49	e.empteintesduweb.monitoranswers e.lr94.autosubscribe
	50	e.phpbbmodders.adduser ]);
	51	};
251c0a13 IB	52	webhooks = pkgs.callPackage ./webhooks.nix {
	53	env = config.myEnv.tools.webhooks;
	54	};
7df5e532 IB	55	dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
	56	env = config.myEnv.tools.dmarc_reports;
	57	};
0966f95c IB	58	csp-reports = pkgs.callPackage ./csp_reports.nix {
	59	env = config.myEnv.tools.csp_reports;
	60	};
251c0a13 IB	61
251c0a13 IB	62	landing = pkgs.callPackage ./landing.nix {};
10889174	63
4288c2f2	64	cfg = config.myServices.websites.tools.tools;
5400b9b6	65	pcfg = config.services.phpfpm.pools;
10889174	66	in {
4288c2f2	67	options.myServices.websites.tools.tools = {
10889174 IB	68	enable = lib.mkEnableOption "enable tools website";
	69	};
	70
	71	config = lib.mkIf cfg.enable {
1a718805	72	secrets.keys =
a840a21c	73	kanboard.keys
8db8e666	74	++ ldap.keys
8db8e666 IB	75	++ shaarli.keys
	76	++ ttrss.keys
	77	++ wallabag.keys
251c0a13	78	++ yourls.keys
7df5e532	79	++ dmarc-reports.keys
0966f95c	80	++ csp-reports.keys
251c0a13	81	++ webhooks.keys;
98163486	82
d2e703c5	83	services.duplyBackup.profiles = {
6a8252b1	84	dokuwiki = dokuwiki.backups;
c7627e14	85	grocy = grocy.backups;
6a8252b1 IB	86	kanboard = kanboard.backups;
	87	rompr = rompr.backups;
	88	shaarli = shaarli.backups;
	89	ttrss = ttrss.backups;
	90	wallabag = wallabag.backups;
a8ef1adb	91	phpbb = phpbb.backups;
6a8252b1 IB	92	};
6a8252b1 IB	93
29f8cb85	94	services.websites.env.tools.modules =
1922655a IB	95	[ "proxy_fcgi" ]
1922655a IB	96	++ adminer.apache.modules
10889174 IB	97	++ ympd.apache.modules
10889174 IB	98	++ ttrss.apache.modules
133ebaee	99	++ wallabag.apache.modules
bfe3c9c9	100	++ yourls.apache.modules
95b20e17	101	++ rompr.apache.modules
b892dcbe	102	++ shaarli.apache.modules
f80772dc	103	++ dokuwiki.apache.modules
7df5e532	104	++ dmarc-reports.apache.modules
a8ef1adb	105	++ phpbb.apache.modules
d4ed0eff IB	106	++ ldap.apache.modules
d4ed0eff IB	107	++ kanboard.apache.modules;
10889174	108
29f8cb85	109	services.websites.env.integration.vhostConfs.devtools = {
0f71cd76 IB	110	certName = "integration";
	111	certMainHost = "devtools.immae.eu";
	112	addToCerts = true;
	113	hosts = [ "devtools.immae.eu" ];
	114	root = "/var/lib/ftp/devtools.immae.eu";
	115	extraConfig = [
0aae0181	116	''
a0e80453	117	Use Apaxy "/var/lib/ftp/devtools.immae.eu" "title"
9338c832 IB	118	Timeout 600
9338c832 IB	119	ProxyTimeout 600
68c45ad5	120	Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
0aae0181 IB	121	<Directory "/var/lib/ftp/devtools.immae.eu">
	122	DirectoryIndex index.php index.htm index.html
	123	AllowOverride all
	124	Require all granted
	125	<FilesMatch "\.php$">
5400b9b6	126	SetHandler "proxy:unix:${pcfg.devtools.socket}\|fcgi://localhost"
0aae0181 IB	127	</FilesMatch>
	128	</Directory>
	129	''
46f30ecc IB	130	];
	131	};
	132
29f8cb85	133	services.websites.env.tools.vhostConfs.tools = {
10889174	134	certName = "eldiron";
7df420c2	135	addToCerts = true;
10889174	136	hosts = ["tools.immae.eu" ];
a8ef1adb	137	root = landing;
10889174	138	extraConfig = [
1922655a	139	''
ea9c6fe8	140	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
afcc5de0	141	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
3f453c7d	142	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
afcc5de0	143
251c0a13 IB	144	<Directory "${landing}">
	145	DirectoryIndex index.html
	146	AllowOverride None
	147	Require all granted
	148
	149	<FilesMatch "\.php$">
	150	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	151	</FilesMatch>
	152	</Directory>
1922655a	153	''
5400b9b6	154	(adminer.apache.vhostConf pcfg.adminer.socket)
10889174	155	ympd.apache.vhostConf
5400b9b6 IB	156	(ttrss.apache.vhostConf pcfg.ttrss.socket)
	157	(wallabag.apache.vhostConf pcfg.wallabag.socket)
	158	(yourls.apache.vhostConf pcfg.yourls.socket)
	159	(rompr.apache.vhostConf pcfg.rompr.socket)
	160	(shaarli.apache.vhostConf pcfg.shaarli.socket)
	161	(dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
	162	(ldap.apache.vhostConf pcfg.ldap.socket)
	163	(kanboard.apache.vhostConf pcfg.kanboard.socket)
	164	(grocy.apache.vhostConf pcfg.grocy.socket)
a8ef1adb	165	(phpbb.apache.vhostConf pcfg.phpbb.socket)
7df5e532	166	(dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
ea3b46ee IB	167	''
	168	Alias /paste /var/lib/fiche
	169	<Directory "/var/lib/fiche">
	170	DirectoryIndex index.txt index.html
	171	AllowOverride None
	172	Require all granted
	173	Options -Indexes
	174	</Directory>
251c0a13	175
cb589b2e IB	176	Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
cb589b2e IB	177	<Directory "/var/lib/buildbot/outputs/immae/bip39">
251c0a13 IB	178	DirectoryIndex index.html
	179	AllowOverride None
	180	Require all granted
	181	</Directory>
	182
	183	Alias /webhooks ${config.secrets.location}/webapps/webhooks
	184	<Directory "${config.secrets.location}/webapps/webhooks">
	185	Options -Indexes
	186	Require all granted
	187	AllowOverride None
	188	<FilesMatch "\.php$">
	189	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	190	</FilesMatch>
	191	</Directory>
ea3b46ee	192	''
10889174 IB	193	];
	194	};
	195
29f8cb85	196	services.websites.env.tools.vhostConfs.outils = {
7df420c2 IB	197	certName = "eldiron";
7df420c2 IB	198	addToCerts = true;
0f71cd76	199	hosts = [ "outils.immae.eu" ];
7df420c2	200	root = null;
70606070 IB	201	extraConfig = [
	202	''
	203	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	204
	205	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	206
	207	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	208	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	209
	210	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	211	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	212	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	213	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	214
	215	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	216
afcc5de0 IB	217	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
afcc5de0 IB	218
3f453c7d IB	219	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
3f453c7d IB	220
ea9c6fe8 IB	221	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
ea9c6fe8 IB	222
70606070 IB	223	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	224	''
	225	];
	226	};
	227
f40f5b23 IB	228	systemd.services = {
	229	phpfpm-dokuwiki = {
	230	after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
	231	wants = dokuwiki.phpFpm.serviceDeps;
	232	};
a8ef1adb IB	233	phpfpm-phpbb = {
	234	after = lib.mkAfter phpbb.phpFpm.serviceDeps;
	235	wants = phpbb.phpFpm.serviceDeps;
	236	};
f40f5b23 IB	237	phpfpm-kanboard = {
	238	after = lib.mkAfter kanboard.phpFpm.serviceDeps;
	239	wants = kanboard.phpFpm.serviceDeps;
	240	};
	241	phpfpm-ldap = {
	242	after = lib.mkAfter ldap.phpFpm.serviceDeps;
	243	wants = ldap.phpFpm.serviceDeps;
	244	};
f40f5b23 IB	245	phpfpm-shaarli = {
	246	after = lib.mkAfter shaarli.phpFpm.serviceDeps;
	247	wants = shaarli.phpFpm.serviceDeps;
	248	};
	249	phpfpm-ttrss = {
	250	after = lib.mkAfter ttrss.phpFpm.serviceDeps;
	251	wants = ttrss.phpFpm.serviceDeps;
	252	};
	253	phpfpm-wallabag = {
	254	after = lib.mkAfter wallabag.phpFpm.serviceDeps;
	255	wants = wallabag.phpFpm.serviceDeps;
	256	preStart = lib.mkAfter wallabag.phpFpm.preStart;
	257	};
	258	phpfpm-yourls = {
	259	after = lib.mkAfter yourls.phpFpm.serviceDeps;
	260	wants = yourls.phpFpm.serviceDeps;
	261	};
	262	ympd = {
	263	description = "Standalone MPD Web GUI written in C";
	264	wantedBy = [ "multi-user.target" ];
	265	script = ''
	266	export MPD_PASSWORD=$(cat /var/secrets/mpd)
	267	${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
	268	'';
	269	};
	270	tt-rss = {
	271	description = "Tiny Tiny RSS feeds update daemon";
	272	serviceConfig = {
	273	User = "wwwrun";
dcac3ec7	274	ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
f40f5b23 IB	275	StandardOutput = "syslog";
	276	StandardError = "syslog";
	277	PermissionsStartOnly = true;
	278	};
	279
	280	wantedBy = [ "multi-user.target" ];
	281	requires = ["postgresql.service"];
	282	after = ["network.target" "postgresql.service"];
	283	};
	284	};
	285
17f6eae9 IB	286	services.filesWatcher.ympd = {
	287	restart = true;
	288	paths = [ "/var/secrets/mpd" ];
	289	};
	290
441da8aa IB	291	services.phpfpm.pools = {
441da8aa IB	292	tools = {
5400b9b6 IB	293	user = "wwwrun";
	294	group = "wwwrun";
	295	settings = {
	296	"listen.owner" = "wwwrun";
	297	"listen.group" = "wwwrun";
	298	"pm" = "dynamic";
	299	"pm.max_children" = "60";
	300	"pm.start_servers" = "2";
	301	"pm.min_spare_servers" = "1";
	302	"pm.max_spare_servers" = "10";
f40f5b23	303
5400b9b6 IB	304	# Needed to avoid clashes in browser cookies (same domain)
5400b9b6 IB	305	"php_value[session.name]" = "ToolsPHPSESSID";
251c0a13	306	"php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
a8ef1adb IB	307	"/run/wrappers/bin/sendmail" landing "/tmp"
a8ef1adb IB	308	"${config.secrets.location}/webapps/webhooks"
251c0a13	309	];
0966f95c	310	"include" = "${config.secrets.location}/webapps/tools-csp-reports.conf";
251c0a13 IB	311	};
	312	phpEnv = {
	313	CONTACT_EMAIL = config.myEnv.tools.contact;
5400b9b6	314	};
dcac3ec7	315	phpPackage = pkgs.php72;
441da8aa IB	316	};
441da8aa IB	317	devtools = {
5400b9b6 IB	318	user = "wwwrun";
	319	group = "wwwrun";
	320	settings = {
	321	"listen.owner" = "wwwrun";
	322	"listen.group" = "wwwrun";
	323	"pm" = "dynamic";
	324	"pm.max_children" = "60";
	325	"pm.start_servers" = "2";
	326	"pm.min_spare_servers" = "1";
	327	"pm.max_spare_servers" = "10";
1922655a	328
5400b9b6 IB	329	"php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
5400b9b6 IB	330	};
2053ddac	331	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
441da8aa	332	};
5400b9b6	333	adminer = adminer.phpFpm;
441da8aa	334	ttrss = {
5400b9b6 IB	335	user = "wwwrun";
	336	group = "wwwrun";
	337	settings = ttrss.phpFpm.pool;
dcac3ec7	338	phpPackage = pkgs.php72;
441da8aa IB	339	};
441da8aa IB	340	wallabag = {
5400b9b6 IB	341	user = "wwwrun";
	342	group = "wwwrun";
	343	settings = wallabag.phpFpm.pool;
2053ddac	344	phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
441da8aa IB	345	};
441da8aa IB	346	yourls = {
5400b9b6 IB	347	user = "wwwrun";
	348	group = "wwwrun";
	349	settings = yourls.phpFpm.pool;
dcac3ec7	350	phpPackage = pkgs.php72;
441da8aa IB	351	};
441da8aa IB	352	rompr = {
5400b9b6 IB	353	user = "wwwrun";
	354	group = "wwwrun";
	355	settings = rompr.phpFpm.pool;
dcac3ec7	356	phpPackage = pkgs.php72;
441da8aa IB	357	};
441da8aa IB	358	shaarli = {
5400b9b6 IB	359	user = "wwwrun";
	360	group = "wwwrun";
	361	settings = shaarli.phpFpm.pool;
dcac3ec7	362	phpPackage = pkgs.php72;
441da8aa	363	};
7df5e532 IB	364	dmarc-reports = {
	365	user = "wwwrun";
	366	group = "wwwrun";
	367	settings = dmarc-reports.phpFpm.pool;
	368	phpEnv = dmarc-reports.phpFpm.phpEnv;
dcac3ec7	369	phpPackage = pkgs.php72;
7df5e532	370	};
441da8aa	371	dokuwiki = {
5400b9b6 IB	372	user = "wwwrun";
	373	group = "wwwrun";
	374	settings = dokuwiki.phpFpm.pool;
dcac3ec7	375	phpPackage = pkgs.php72;
441da8aa	376	};
a8ef1adb IB	377	phpbb = {
	378	user = "wwwrun";
	379	group = "wwwrun";
	380	settings = phpbb.phpFpm.pool;
dcac3ec7	381	phpPackage = pkgs.php72;
a8ef1adb	382	};
441da8aa	383	ldap = {
5400b9b6 IB	384	user = "wwwrun";
	385	group = "wwwrun";
	386	settings = ldap.phpFpm.pool;
64608496	387	phpPackage = pkgs.php72;
441da8aa IB	388	};
441da8aa IB	389	kanboard = {
5400b9b6 IB	390	user = "wwwrun";
	391	group = "wwwrun";
	392	settings = kanboard.phpFpm.pool;
dcac3ec7	393	phpPackage = pkgs.php72;
441da8aa IB	394	};
441da8aa IB	395	grocy = {
5400b9b6 IB	396	user = "wwwrun";
	397	group = "wwwrun";
	398	settings = grocy.phpFpm.pool;
dcac3ec7	399	phpPackage = pkgs.php72;
441da8aa	400	};
10889174 IB	401	};
	402
	403	system.activationScripts = {
4288c2f2	404	adminer = adminer.activationScript;
c7627e14	405	grocy = grocy.activationScript;
10889174	406	ttrss = ttrss.activationScript;
aebd817b	407	wallabag = wallabag.activationScript;
133ebaee	408	yourls = yourls.activationScript;
bfe3c9c9	409	rompr = rompr.activationScript;
95b20e17	410	shaarli = shaarli.activationScript;
b892dcbe	411	dokuwiki = dokuwiki.activationScript;
a8ef1adb	412	phpbb = phpbb.activationScript;
d4ed0eff	413	kanboard = kanboard.activationScript;
4288c2f2	414	ldap = ldap.activationScript;
10889174 IB	415	};
10889174 IB	416
d3452fc5	417	services.websites.webappDirs = {
4288c2f2	418	_adminer = adminer.webRoot;
7df5e532	419	"${dmarc-reports.apache.webappName}" = dmarc-reports.webRoot;
4288c2f2	420	"${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
a8ef1adb	421	"${phpbb.apache.webappName}" = phpbb.webRoot;
4288c2f2 IB	422	"${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
4288c2f2 IB	423	"${rompr.apache.webappName}" = rompr.webRoot;
4288c2f2 IB	424	"${shaarli.apache.webappName}" = shaarli.webRoot;
	425	"${ttrss.apache.webappName}" = ttrss.webRoot;
	426	"${wallabag.apache.webappName}" = wallabag.webRoot;
	427	"${yourls.apache.webappName}" = yourls.webRoot;
4288c2f2	428	"${kanboard.apache.webappName}" = kanboard.webRoot;
c7627e14	429	"${grocy.apache.webappName}" = grocy.webRoot;
4288c2f2	430	};
a95ab089	431
29f8cb85	432	services.websites.env.tools.watchPaths = [
9247b444	433	"/var/secrets/webapps/tools-shaarli"
17f6eae9 IB	434	];
	435	services.filesWatcher.phpfpm-wallabag = {
	436	restart = true;
	437	paths = [ "/var/secrets/webapps/tools-wallabag" ];
	438	};
ea3b46ee IB	439
	440	services.fiche = {
	441	enable = true;
	442	port = config.myEnv.ports.fiche;
	443	domain = "tools.immae.eu/paste";
	444	https = true;
	445	};
10889174 IB	446	};
	447	}
	448