[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix

{ lib, pkgs, config, ... }:
let
  adminer = pkgs.callPackage ./adminer.nix {
    inherit (pkgs.webapps) adminer;
  };
  ympd = pkgs.callPackage ./ympd.nix {
    env = config.myEnv.tools.ympd;
  };
  ttrss = pkgs.callPackage ./ttrss.nix {
    inherit (pkgs.webapps) ttrss ttrss-plugins;
    env = config.myEnv.tools.ttrss;
  };
  kanboard = pkgs.callPackage ./kanboard.nix  {
    env = config.myEnv.tools.kanboard;
  };
  wallabag = pkgs.callPackage ./wallabag.nix {
    inherit (pkgs.webapps) wallabag;
    env = config.myEnv.tools.wallabag;
  };
  yourls = pkgs.callPackage ./yourls.nix {
    inherit (pkgs.webapps) yourls yourls-plugins;
    env = config.myEnv.tools.yourls;
  };
  rompr = pkgs.callPackage ./rompr.nix {
    inherit (pkgs.webapps) rompr;
    env = config.myEnv.tools.rompr;
  };
  shaarli = pkgs.callPackage ./shaarli.nix {
    env = config.myEnv.tools.shaarli;
  };
  dokuwiki = pkgs.callPackage ./dokuwiki.nix {
    inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
  };
  ldap = pkgs.callPackage ./ldap.nix {
    inherit (pkgs.webapps) phpldapadmin;
    env = config.myEnv.tools.phpldapadmin;
  };
  grocy = pkgs.callPackage ./grocy.nix {
    inherit (pkgs.webapps) grocy;
  };
  phpbb = pkgs.callPackage ./phpbb.nix {
    phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
      e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
      e.empteintesduweb.monitoranswers e.lr94.autosubscribe
      e.phpbbmodders.adduser ]);
  };
  webhooks = pkgs.callPackage ./webhooks.nix {
    env = config.myEnv.tools.webhooks;
  };

  landing = pkgs.callPackage ./landing.nix {};

  cfg = config.myServices.websites.tools.tools;
  pcfg = config.services.phpfpm.pools;
in {
  options.myServices.websites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    secrets.keys =
      kanboard.keys
      ++ ldap.keys
      ++ shaarli.keys
      ++ ttrss.keys
      ++ wallabag.keys
      ++ yourls.keys
      ++ webhooks.keys;

    services.duplyBackup.profiles = {
      dokuwiki = dokuwiki.backups;
      grocy = grocy.backups;
      kanboard = kanboard.backups;
      rompr = rompr.backups;
      shaarli = shaarli.backups;
      ttrss = ttrss.backups;
      wallabag = wallabag.backups;
      phpbb = phpbb.backups;
    };

    services.websites.env.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ phpbb.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    services.websites.env.integration.vhostConfs.devtools = {
      certName     = "integration";
      certMainHost = "devtools.immae.eu";
      addToCerts   = true;
      hosts        = [ "devtools.immae.eu" ];
      root         = "/var/lib/ftp/devtools.immae.eu";
      extraConfig  = [
        ''
          Timeout 600
          ProxyTimeout 600
          <Directory "/var/lib/ftp/devtools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
      ];
    };

    services.websites.env.tools.vhostConfs.tools = {
      certName    = "eldiron";
      addToCerts  = true;
      hosts       = ["tools.immae.eu" ];
      root        = landing;
      extraConfig = [
        ''
          RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1
          RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1
          RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

          <Directory "${landing}">
            DirectoryIndex index.html
            AllowOverride None
            Require all granted

            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        (adminer.apache.vhostConf pcfg.adminer.socket)
        ympd.apache.vhostConf
        (ttrss.apache.vhostConf pcfg.ttrss.socket)
        (wallabag.apache.vhostConf pcfg.wallabag.socket)
        (yourls.apache.vhostConf pcfg.yourls.socket)
        (rompr.apache.vhostConf pcfg.rompr.socket)
        (shaarli.apache.vhostConf pcfg.shaarli.socket)
        (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
        (ldap.apache.vhostConf pcfg.ldap.socket)
        (kanboard.apache.vhostConf pcfg.kanboard.socket)
        (grocy.apache.vhostConf pcfg.grocy.socket)
        (phpbb.apache.vhostConf pcfg.phpbb.socket)
        ''
          Alias /paste /var/lib/fiche
          <Directory "/var/lib/fiche">
            DirectoryIndex index.txt index.html
            AllowOverride None
            Require all granted
            Options -Indexes
          </Directory>

          Alias /BIP39 /var/lib/buildbot/outputs/bip39
          <Directory "/var/lib/buildbot/outputs/bip39">
            DirectoryIndex index.html
            AllowOverride None
            Require all granted
          </Directory>

          Alias /webhooks ${config.secrets.location}/webapps/webhooks
          <Directory "${config.secrets.location}/webapps/webhooks">
            Options -Indexes
            Require all granted
            AllowOverride None
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
        ''
      ];
    };

    services.websites.env.tools.vhostConfs.outils = {
      certName   = "eldiron";
      addToCerts = true;
      hosts      = [ "outils.immae.eu" ];
      root       = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1

        RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

        RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    systemd.services = {
      phpfpm-dokuwiki = {
        after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
        wants = dokuwiki.phpFpm.serviceDeps;
      };
      phpfpm-phpbb = {
        after = lib.mkAfter phpbb.phpFpm.serviceDeps;
        wants = phpbb.phpFpm.serviceDeps;
      };
      phpfpm-kanboard = {
        after = lib.mkAfter kanboard.phpFpm.serviceDeps;
        wants = kanboard.phpFpm.serviceDeps;
      };
      phpfpm-ldap = {
        after = lib.mkAfter ldap.phpFpm.serviceDeps;
        wants = ldap.phpFpm.serviceDeps;
      };
      phpfpm-shaarli = {
        after = lib.mkAfter shaarli.phpFpm.serviceDeps;
        wants = shaarli.phpFpm.serviceDeps;
      };
      phpfpm-ttrss = {
        after = lib.mkAfter ttrss.phpFpm.serviceDeps;
        wants = ttrss.phpFpm.serviceDeps;
      };
      phpfpm-wallabag = {
        after = lib.mkAfter wallabag.phpFpm.serviceDeps;
        wants = wallabag.phpFpm.serviceDeps;
        preStart = lib.mkAfter wallabag.phpFpm.preStart;
      };
      phpfpm-yourls = {
        after = lib.mkAfter yourls.phpFpm.serviceDeps;
        wants = yourls.phpFpm.serviceDeps;
      };
      ympd = {
        description = "Standalone MPD Web GUI written in C";
        wantedBy = [ "multi-user.target" ];
        script = ''
          export MPD_PASSWORD=$(cat /var/secrets/mpd)
          ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
          '';
      };
      tt-rss = {
        description = "Tiny Tiny RSS feeds update daemon";
        serviceConfig = {
          User = "wwwrun";
          ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
          StandardOutput = "syslog";
          StandardError = "syslog";
          PermissionsStartOnly = true;
        };

        wantedBy = [ "multi-user.target" ];
        requires = ["postgresql.service"];
        after = ["network.target" "postgresql.service"];
      };
    };

    services.filesWatcher.ympd = {
      restart = true;
      paths = [ "/var/secrets/mpd" ];
    };

    services.phpfpm.pools = {
      tools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          # Needed to avoid clashes in browser cookies (same domain)
          "php_value[session.name]" = "ToolsPHPSESSID";
          "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
            "/run/wrappers/bin/sendmail" landing "/tmp"
            "${config.secrets.location}/webapps/webhooks"
          ];
        };
        phpEnv = {
          CONTACT_EMAIL = config.myEnv.tools.contact;
        };
      };
      devtools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
        };
        phpOptions = config.services.phpfpm.phpOptions + ''
          extension=${pkgs.php}/lib/php/extensions/mysqli.so
          extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
          extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
          zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
          '';
      };
      adminer = adminer.phpFpm;
      ttrss = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ttrss.phpFpm.pool;
      };
      wallabag = {
        user = "wwwrun";
        group = "wwwrun";
        settings = wallabag.phpFpm.pool;
      };
      yourls = {
        user = "wwwrun";
        group = "wwwrun";
        settings = yourls.phpFpm.pool;
      };
      rompr = {
        user = "wwwrun";
        group = "wwwrun";
        settings = rompr.phpFpm.pool;
      };
      shaarli = {
        user = "wwwrun";
        group = "wwwrun";
        settings = shaarli.phpFpm.pool;
      };
      dokuwiki = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dokuwiki.phpFpm.pool;
      };
      phpbb = {
        user = "wwwrun";
        group = "wwwrun";
        settings = phpbb.phpFpm.pool;
      };
      ldap = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ldap.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      kanboard = {
        user = "wwwrun";
        group = "wwwrun";
        settings = kanboard.phpFpm.pool;
      };
      grocy = {
        user = "wwwrun";
        group = "wwwrun";
        settings = grocy.phpFpm.pool;
      };
    };

    system.activationScripts = {
      adminer = adminer.activationScript;
      grocy = grocy.activationScript;
      ttrss = ttrss.activationScript;
      wallabag = wallabag.activationScript;
      yourls = yourls.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      phpbb = phpbb.activationScript;
      kanboard = kanboard.activationScript;
      ldap = ldap.activationScript;
    };

    services.websites.webappDirs = {
      _adminer = adminer.webRoot;
      "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
      "${phpbb.apache.webappName}" = phpbb.webRoot;
      "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
      "${rompr.apache.webappName}" = rompr.webRoot;
      "${shaarli.apache.webappName}" = shaarli.webRoot;
      "${ttrss.apache.webappName}" = ttrss.webRoot;
      "${wallabag.apache.webappName}" = wallabag.webRoot;
      "${yourls.apache.webappName}" = yourls.webRoot;
      "${kanboard.apache.webappName}" = kanboard.webRoot;
      "${grocy.apache.webappName}" = grocy.webRoot;
    };

    services.websites.env.tools.watchPaths = [
      "/var/secrets/webapps/tools-shaarli"
    ];
    services.filesWatcher.phpfpm-wallabag = {
      restart = true;
      paths = [ "/var/secrets/webapps/tools-wallabag" ];
    };

    services.fiche = {
      enable = true;
      port = config.myEnv.ports.fiche;
      domain = "tools.immae.eu/paste";
      https = true;
    };
  };
}
Commit	Line	Data
ab8f306d	1	{ lib, pkgs, config, ... }:
10889174	2	let
4288c2f2 IB	3	adminer = pkgs.callPackage ./adminer.nix {
	4	inherit (pkgs.webapps) adminer;
	5	};
	6	ympd = pkgs.callPackage ./ympd.nix {
ab8f306d	7	env = config.myEnv.tools.ympd;
4288c2f2 IB	8	};
	9	ttrss = pkgs.callPackage ./ttrss.nix {
	10	inherit (pkgs.webapps) ttrss ttrss-plugins;
ab8f306d	11	env = config.myEnv.tools.ttrss;
4288c2f2	12	};
4288c2f2	13	kanboard = pkgs.callPackage ./kanboard.nix {
ab8f306d	14	env = config.myEnv.tools.kanboard;
4288c2f2 IB	15	};
	16	wallabag = pkgs.callPackage ./wallabag.nix {
	17	inherit (pkgs.webapps) wallabag;
ab8f306d	18	env = config.myEnv.tools.wallabag;
4288c2f2 IB	19	};
	20	yourls = pkgs.callPackage ./yourls.nix {
	21	inherit (pkgs.webapps) yourls yourls-plugins;
ab8f306d	22	env = config.myEnv.tools.yourls;
4288c2f2 IB	23	};
	24	rompr = pkgs.callPackage ./rompr.nix {
	25	inherit (pkgs.webapps) rompr;
ab8f306d	26	env = config.myEnv.tools.rompr;
4288c2f2 IB	27	};
4288c2f2 IB	28	shaarli = pkgs.callPackage ./shaarli.nix {
ab8f306d	29	env = config.myEnv.tools.shaarli;
4288c2f2 IB	30	};
	31	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
	32	inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
	33	};
	34	ldap = pkgs.callPackage ./ldap.nix {
	35	inherit (pkgs.webapps) phpldapadmin;
ab8f306d	36	env = config.myEnv.tools.phpldapadmin;
4288c2f2	37	};
c7627e14 IB	38	grocy = pkgs.callPackage ./grocy.nix {
	39	inherit (pkgs.webapps) grocy;
	40	};
a8ef1adb IB	41	phpbb = pkgs.callPackage ./phpbb.nix {
	42	phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
	43	e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
	44	e.empteintesduweb.monitoranswers e.lr94.autosubscribe
	45	e.phpbbmodders.adduser ]);
	46	};
251c0a13 IB	47	webhooks = pkgs.callPackage ./webhooks.nix {
	48	env = config.myEnv.tools.webhooks;
	49	};
	50
	51	landing = pkgs.callPackage ./landing.nix {};
10889174	52
4288c2f2	53	cfg = config.myServices.websites.tools.tools;
5400b9b6	54	pcfg = config.services.phpfpm.pools;
10889174	55	in {
4288c2f2	56	options.myServices.websites.tools.tools = {
10889174 IB	57	enable = lib.mkEnableOption "enable tools website";
	58	};
	59
	60	config = lib.mkIf cfg.enable {
1a718805	61	secrets.keys =
a840a21c	62	kanboard.keys
8db8e666	63	++ ldap.keys
8db8e666 IB	64	++ shaarli.keys
	65	++ ttrss.keys
	66	++ wallabag.keys
251c0a13 IB	67	++ yourls.keys
251c0a13 IB	68	++ webhooks.keys;
98163486	69
d2e703c5	70	services.duplyBackup.profiles = {
6a8252b1	71	dokuwiki = dokuwiki.backups;
c7627e14	72	grocy = grocy.backups;
6a8252b1 IB	73	kanboard = kanboard.backups;
	74	rompr = rompr.backups;
	75	shaarli = shaarli.backups;
	76	ttrss = ttrss.backups;
	77	wallabag = wallabag.backups;
a8ef1adb	78	phpbb = phpbb.backups;
6a8252b1 IB	79	};
6a8252b1 IB	80
29f8cb85	81	services.websites.env.tools.modules =
1922655a IB	82	[ "proxy_fcgi" ]
1922655a IB	83	++ adminer.apache.modules
10889174 IB	84	++ ympd.apache.modules
10889174 IB	85	++ ttrss.apache.modules
133ebaee	86	++ wallabag.apache.modules
bfe3c9c9	87	++ yourls.apache.modules
95b20e17	88	++ rompr.apache.modules
b892dcbe	89	++ shaarli.apache.modules
f80772dc	90	++ dokuwiki.apache.modules
a8ef1adb	91	++ phpbb.apache.modules
d4ed0eff IB	92	++ ldap.apache.modules
d4ed0eff IB	93	++ kanboard.apache.modules;
10889174	94
29f8cb85	95	services.websites.env.integration.vhostConfs.devtools = {
0f71cd76 IB	96	certName = "integration";
	97	certMainHost = "devtools.immae.eu";
	98	addToCerts = true;
	99	hosts = [ "devtools.immae.eu" ];
	100	root = "/var/lib/ftp/devtools.immae.eu";
	101	extraConfig = [
0aae0181	102	''
9338c832 IB	103	Timeout 600
9338c832 IB	104	ProxyTimeout 600
0aae0181 IB	105	<Directory "/var/lib/ftp/devtools.immae.eu">
	106	DirectoryIndex index.php index.htm index.html
	107	AllowOverride all
	108	Require all granted
	109	<FilesMatch "\.php$">
5400b9b6	110	SetHandler "proxy:unix:${pcfg.devtools.socket}\|fcgi://localhost"
0aae0181 IB	111	</FilesMatch>
	112	</Directory>
	113	''
46f30ecc IB	114	];
	115	};
	116
29f8cb85	117	services.websites.env.tools.vhostConfs.tools = {
10889174	118	certName = "eldiron";
7df420c2	119	addToCerts = true;
10889174	120	hosts = ["tools.immae.eu" ];
a8ef1adb	121	root = landing;
10889174	122	extraConfig = [
1922655a	123	''
ea9c6fe8	124	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
afcc5de0	125	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
3f453c7d	126	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
afcc5de0	127
251c0a13 IB	128	<Directory "${landing}">
	129	DirectoryIndex index.html
	130	AllowOverride None
	131	Require all granted
	132
	133	<FilesMatch "\.php$">
	134	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	135	</FilesMatch>
	136	</Directory>
1922655a	137	''
5400b9b6	138	(adminer.apache.vhostConf pcfg.adminer.socket)
10889174	139	ympd.apache.vhostConf
5400b9b6 IB	140	(ttrss.apache.vhostConf pcfg.ttrss.socket)
	141	(wallabag.apache.vhostConf pcfg.wallabag.socket)
	142	(yourls.apache.vhostConf pcfg.yourls.socket)
	143	(rompr.apache.vhostConf pcfg.rompr.socket)
	144	(shaarli.apache.vhostConf pcfg.shaarli.socket)
	145	(dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
	146	(ldap.apache.vhostConf pcfg.ldap.socket)
	147	(kanboard.apache.vhostConf pcfg.kanboard.socket)
	148	(grocy.apache.vhostConf pcfg.grocy.socket)
a8ef1adb	149	(phpbb.apache.vhostConf pcfg.phpbb.socket)
ea3b46ee IB	150	''
	151	Alias /paste /var/lib/fiche
	152	<Directory "/var/lib/fiche">
	153	DirectoryIndex index.txt index.html
	154	AllowOverride None
	155	Require all granted
	156	Options -Indexes
	157	</Directory>
251c0a13 IB	158
	159	Alias /BIP39 /var/lib/buildbot/outputs/bip39
	160	<Directory "/var/lib/buildbot/outputs/bip39">
	161	DirectoryIndex index.html
	162	AllowOverride None
	163	Require all granted
	164	</Directory>
	165
	166	Alias /webhooks ${config.secrets.location}/webapps/webhooks
	167	<Directory "${config.secrets.location}/webapps/webhooks">
	168	Options -Indexes
	169	Require all granted
	170	AllowOverride None
	171	<FilesMatch "\.php$">
	172	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	173	</FilesMatch>
	174	</Directory>
ea3b46ee	175	''
10889174 IB	176	];
	177	};
	178
29f8cb85	179	services.websites.env.tools.vhostConfs.outils = {
7df420c2 IB	180	certName = "eldiron";
7df420c2 IB	181	addToCerts = true;
0f71cd76	182	hosts = [ "outils.immae.eu" ];
7df420c2	183	root = null;
70606070 IB	184	extraConfig = [
	185	''
	186	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	187
	188	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	189
	190	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	191	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	192
	193	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	194	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	195	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	196	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	197
	198	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	199
afcc5de0 IB	200	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
afcc5de0 IB	201
3f453c7d IB	202	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
3f453c7d IB	203
ea9c6fe8 IB	204	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
ea9c6fe8 IB	205
70606070 IB	206	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	207	''
	208	];
	209	};
	210
f40f5b23 IB	211	systemd.services = {
	212	phpfpm-dokuwiki = {
	213	after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
	214	wants = dokuwiki.phpFpm.serviceDeps;
	215	};
a8ef1adb IB	216	phpfpm-phpbb = {
	217	after = lib.mkAfter phpbb.phpFpm.serviceDeps;
	218	wants = phpbb.phpFpm.serviceDeps;
	219	};
f40f5b23 IB	220	phpfpm-kanboard = {
	221	after = lib.mkAfter kanboard.phpFpm.serviceDeps;
	222	wants = kanboard.phpFpm.serviceDeps;
	223	};
	224	phpfpm-ldap = {
	225	after = lib.mkAfter ldap.phpFpm.serviceDeps;
	226	wants = ldap.phpFpm.serviceDeps;
	227	};
f40f5b23 IB	228	phpfpm-shaarli = {
	229	after = lib.mkAfter shaarli.phpFpm.serviceDeps;
	230	wants = shaarli.phpFpm.serviceDeps;
	231	};
	232	phpfpm-ttrss = {
	233	after = lib.mkAfter ttrss.phpFpm.serviceDeps;
	234	wants = ttrss.phpFpm.serviceDeps;
	235	};
	236	phpfpm-wallabag = {
	237	after = lib.mkAfter wallabag.phpFpm.serviceDeps;
	238	wants = wallabag.phpFpm.serviceDeps;
	239	preStart = lib.mkAfter wallabag.phpFpm.preStart;
	240	};
	241	phpfpm-yourls = {
	242	after = lib.mkAfter yourls.phpFpm.serviceDeps;
	243	wants = yourls.phpFpm.serviceDeps;
	244	};
	245	ympd = {
	246	description = "Standalone MPD Web GUI written in C";
	247	wantedBy = [ "multi-user.target" ];
	248	script = ''
	249	export MPD_PASSWORD=$(cat /var/secrets/mpd)
	250	${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
	251	'';
	252	};
	253	tt-rss = {
	254	description = "Tiny Tiny RSS feeds update daemon";
	255	serviceConfig = {
	256	User = "wwwrun";
	257	ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
	258	StandardOutput = "syslog";
	259	StandardError = "syslog";
	260	PermissionsStartOnly = true;
	261	};
	262
	263	wantedBy = [ "multi-user.target" ];
	264	requires = ["postgresql.service"];
	265	after = ["network.target" "postgresql.service"];
	266	};
	267	};
	268
17f6eae9 IB	269	services.filesWatcher.ympd = {
	270	restart = true;
	271	paths = [ "/var/secrets/mpd" ];
	272	};
	273
441da8aa IB	274	services.phpfpm.pools = {
441da8aa IB	275	tools = {
5400b9b6 IB	276	user = "wwwrun";
	277	group = "wwwrun";
	278	settings = {
	279	"listen.owner" = "wwwrun";
	280	"listen.group" = "wwwrun";
	281	"pm" = "dynamic";
	282	"pm.max_children" = "60";
	283	"pm.start_servers" = "2";
	284	"pm.min_spare_servers" = "1";
	285	"pm.max_spare_servers" = "10";
f40f5b23	286
5400b9b6 IB	287	# Needed to avoid clashes in browser cookies (same domain)
5400b9b6 IB	288	"php_value[session.name]" = "ToolsPHPSESSID";
251c0a13	289	"php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
a8ef1adb IB	290	"/run/wrappers/bin/sendmail" landing "/tmp"
a8ef1adb IB	291	"${config.secrets.location}/webapps/webhooks"
251c0a13 IB	292	];
	293	};
	294	phpEnv = {
	295	CONTACT_EMAIL = config.myEnv.tools.contact;
5400b9b6	296	};
441da8aa IB	297	};
441da8aa IB	298	devtools = {
5400b9b6 IB	299	user = "wwwrun";
	300	group = "wwwrun";
	301	settings = {
	302	"listen.owner" = "wwwrun";
	303	"listen.group" = "wwwrun";
	304	"pm" = "dynamic";
	305	"pm.max_children" = "60";
	306	"pm.start_servers" = "2";
	307	"pm.min_spare_servers" = "1";
	308	"pm.max_spare_servers" = "10";
1922655a	309
5400b9b6 IB	310	"php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
5400b9b6 IB	311	};
441da8aa IB	312	phpOptions = config.services.phpfpm.phpOptions + ''
	313	extension=${pkgs.php}/lib/php/extensions/mysqli.so
	314	extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
	315	extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
	316	zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
	317	'';
	318	};
5400b9b6	319	adminer = adminer.phpFpm;
441da8aa	320	ttrss = {
5400b9b6 IB	321	user = "wwwrun";
	322	group = "wwwrun";
	323	settings = ttrss.phpFpm.pool;
441da8aa IB	324	};
441da8aa IB	325	wallabag = {
5400b9b6 IB	326	user = "wwwrun";
	327	group = "wwwrun";
	328	settings = wallabag.phpFpm.pool;
441da8aa IB	329	};
441da8aa IB	330	yourls = {
5400b9b6 IB	331	user = "wwwrun";
	332	group = "wwwrun";
	333	settings = yourls.phpFpm.pool;
441da8aa IB	334	};
441da8aa IB	335	rompr = {
5400b9b6 IB	336	user = "wwwrun";
	337	group = "wwwrun";
	338	settings = rompr.phpFpm.pool;
441da8aa IB	339	};
441da8aa IB	340	shaarli = {
5400b9b6 IB	341	user = "wwwrun";
	342	group = "wwwrun";
	343	settings = shaarli.phpFpm.pool;
441da8aa IB	344	};
441da8aa IB	345	dokuwiki = {
5400b9b6 IB	346	user = "wwwrun";
	347	group = "wwwrun";
	348	settings = dokuwiki.phpFpm.pool;
441da8aa	349	};
a8ef1adb IB	350	phpbb = {
	351	user = "wwwrun";
	352	group = "wwwrun";
	353	settings = phpbb.phpFpm.pool;
	354	};
441da8aa	355	ldap = {
5400b9b6 IB	356	user = "wwwrun";
	357	group = "wwwrun";
	358	settings = ldap.phpFpm.pool;
64608496	359	phpPackage = pkgs.php72;
441da8aa IB	360	};
441da8aa IB	361	kanboard = {
5400b9b6 IB	362	user = "wwwrun";
	363	group = "wwwrun";
	364	settings = kanboard.phpFpm.pool;
441da8aa IB	365	};
441da8aa IB	366	grocy = {
5400b9b6 IB	367	user = "wwwrun";
	368	group = "wwwrun";
	369	settings = grocy.phpFpm.pool;
441da8aa	370	};
10889174 IB	371	};
	372
	373	system.activationScripts = {
4288c2f2	374	adminer = adminer.activationScript;
c7627e14	375	grocy = grocy.activationScript;
10889174	376	ttrss = ttrss.activationScript;
aebd817b	377	wallabag = wallabag.activationScript;
133ebaee	378	yourls = yourls.activationScript;
bfe3c9c9	379	rompr = rompr.activationScript;
95b20e17	380	shaarli = shaarli.activationScript;
b892dcbe	381	dokuwiki = dokuwiki.activationScript;
a8ef1adb	382	phpbb = phpbb.activationScript;
d4ed0eff	383	kanboard = kanboard.activationScript;
4288c2f2	384	ldap = ldap.activationScript;
10889174 IB	385	};
10889174 IB	386
d3452fc5	387	services.websites.webappDirs = {
4288c2f2 IB	388	_adminer = adminer.webRoot;
4288c2f2 IB	389	"${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
a8ef1adb	390	"${phpbb.apache.webappName}" = phpbb.webRoot;
4288c2f2 IB	391	"${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
4288c2f2 IB	392	"${rompr.apache.webappName}" = rompr.webRoot;
4288c2f2 IB	393	"${shaarli.apache.webappName}" = shaarli.webRoot;
	394	"${ttrss.apache.webappName}" = ttrss.webRoot;
	395	"${wallabag.apache.webappName}" = wallabag.webRoot;
	396	"${yourls.apache.webappName}" = yourls.webRoot;
4288c2f2	397	"${kanboard.apache.webappName}" = kanboard.webRoot;
c7627e14	398	"${grocy.apache.webappName}" = grocy.webRoot;
4288c2f2	399	};
a95ab089	400
29f8cb85	401	services.websites.env.tools.watchPaths = [
9247b444	402	"/var/secrets/webapps/tools-shaarli"
17f6eae9 IB	403	];
	404	services.filesWatcher.phpfpm-wallabag = {
	405	restart = true;
	406	paths = [ "/var/secrets/webapps/tools-wallabag" ];
	407	};
ea3b46ee IB	408
	409	services.fiche = {
	410	enable = true;
	411	port = config.myEnv.ports.fiche;
	412	domain = "tools.immae.eu/paste";
	413	https = true;
	414	};
10889174 IB	415	};
	416	}
	417