]>
Commit | Line | Data |
---|---|---|
ab8f306d | 1 | { lib, pkgs, config, ... }: |
10889174 | 2 | let |
4288c2f2 IB |
3 | adminer = pkgs.callPackage ./adminer.nix { |
4 | inherit (pkgs.webapps) adminer; | |
5 | }; | |
6 | ympd = pkgs.callPackage ./ympd.nix { | |
ab8f306d | 7 | env = config.myEnv.tools.ympd; |
4288c2f2 IB |
8 | }; |
9 | ttrss = pkgs.callPackage ./ttrss.nix { | |
10 | inherit (pkgs.webapps) ttrss ttrss-plugins; | |
ab8f306d | 11 | env = config.myEnv.tools.ttrss; |
4288c2f2 | 12 | }; |
4288c2f2 | 13 | kanboard = pkgs.callPackage ./kanboard.nix { |
ab8f306d | 14 | env = config.myEnv.tools.kanboard; |
4288c2f2 IB |
15 | }; |
16 | wallabag = pkgs.callPackage ./wallabag.nix { | |
17 | inherit (pkgs.webapps) wallabag; | |
ab8f306d | 18 | env = config.myEnv.tools.wallabag; |
4288c2f2 IB |
19 | }; |
20 | yourls = pkgs.callPackage ./yourls.nix { | |
21 | inherit (pkgs.webapps) yourls yourls-plugins; | |
ab8f306d | 22 | env = config.myEnv.tools.yourls; |
4288c2f2 IB |
23 | }; |
24 | rompr = pkgs.callPackage ./rompr.nix { | |
25 | inherit (pkgs.webapps) rompr; | |
ab8f306d | 26 | env = config.myEnv.tools.rompr; |
4288c2f2 IB |
27 | }; |
28 | shaarli = pkgs.callPackage ./shaarli.nix { | |
ab8f306d | 29 | env = config.myEnv.tools.shaarli; |
4288c2f2 IB |
30 | }; |
31 | dokuwiki = pkgs.callPackage ./dokuwiki.nix { | |
32 | inherit (pkgs.webapps) dokuwiki dokuwiki-plugins; | |
33 | }; | |
34 | ldap = pkgs.callPackage ./ldap.nix { | |
35 | inherit (pkgs.webapps) phpldapadmin; | |
ab8f306d | 36 | env = config.myEnv.tools.phpldapadmin; |
4288c2f2 | 37 | }; |
c7627e14 IB |
38 | grocy = pkgs.callPackage ./grocy.nix { |
39 | inherit (pkgs.webapps) grocy; | |
40 | }; | |
a8ef1adb IB |
41 | phpbb = pkgs.callPackage ./phpbb.nix { |
42 | phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [ | |
43 | e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat | |
44 | e.empteintesduweb.monitoranswers e.lr94.autosubscribe | |
45 | e.phpbbmodders.adduser ]); | |
46 | }; | |
251c0a13 IB |
47 | webhooks = pkgs.callPackage ./webhooks.nix { |
48 | env = config.myEnv.tools.webhooks; | |
49 | }; | |
50 | ||
51 | landing = pkgs.callPackage ./landing.nix {}; | |
10889174 | 52 | |
4288c2f2 | 53 | cfg = config.myServices.websites.tools.tools; |
5400b9b6 | 54 | pcfg = config.services.phpfpm.pools; |
10889174 | 55 | in { |
4288c2f2 | 56 | options.myServices.websites.tools.tools = { |
10889174 IB |
57 | enable = lib.mkEnableOption "enable tools website"; |
58 | }; | |
59 | ||
60 | config = lib.mkIf cfg.enable { | |
1a718805 | 61 | secrets.keys = |
a840a21c | 62 | kanboard.keys |
8db8e666 | 63 | ++ ldap.keys |
8db8e666 IB |
64 | ++ shaarli.keys |
65 | ++ ttrss.keys | |
66 | ++ wallabag.keys | |
251c0a13 IB |
67 | ++ yourls.keys |
68 | ++ webhooks.keys; | |
98163486 | 69 | |
d2e703c5 | 70 | services.duplyBackup.profiles = { |
6a8252b1 | 71 | dokuwiki = dokuwiki.backups; |
c7627e14 | 72 | grocy = grocy.backups; |
6a8252b1 IB |
73 | kanboard = kanboard.backups; |
74 | rompr = rompr.backups; | |
75 | shaarli = shaarli.backups; | |
76 | ttrss = ttrss.backups; | |
77 | wallabag = wallabag.backups; | |
a8ef1adb | 78 | phpbb = phpbb.backups; |
6a8252b1 IB |
79 | }; |
80 | ||
29f8cb85 | 81 | services.websites.env.tools.modules = |
1922655a IB |
82 | [ "proxy_fcgi" ] |
83 | ++ adminer.apache.modules | |
10889174 IB |
84 | ++ ympd.apache.modules |
85 | ++ ttrss.apache.modules | |
133ebaee | 86 | ++ wallabag.apache.modules |
bfe3c9c9 | 87 | ++ yourls.apache.modules |
95b20e17 | 88 | ++ rompr.apache.modules |
b892dcbe | 89 | ++ shaarli.apache.modules |
f80772dc | 90 | ++ dokuwiki.apache.modules |
a8ef1adb | 91 | ++ phpbb.apache.modules |
d4ed0eff IB |
92 | ++ ldap.apache.modules |
93 | ++ kanboard.apache.modules; | |
10889174 | 94 | |
29f8cb85 | 95 | services.websites.env.integration.vhostConfs.devtools = { |
0f71cd76 IB |
96 | certName = "integration"; |
97 | certMainHost = "devtools.immae.eu"; | |
98 | addToCerts = true; | |
99 | hosts = [ "devtools.immae.eu" ]; | |
100 | root = "/var/lib/ftp/devtools.immae.eu"; | |
101 | extraConfig = [ | |
0aae0181 | 102 | '' |
9338c832 IB |
103 | Timeout 600 |
104 | ProxyTimeout 600 | |
0aae0181 IB |
105 | <Directory "/var/lib/ftp/devtools.immae.eu"> |
106 | DirectoryIndex index.php index.htm index.html | |
107 | AllowOverride all | |
108 | Require all granted | |
109 | <FilesMatch "\.php$"> | |
5400b9b6 | 110 | SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost" |
0aae0181 IB |
111 | </FilesMatch> |
112 | </Directory> | |
113 | '' | |
46f30ecc IB |
114 | ]; |
115 | }; | |
116 | ||
29f8cb85 | 117 | services.websites.env.tools.vhostConfs.tools = { |
10889174 | 118 | certName = "eldiron"; |
7df420c2 | 119 | addToCerts = true; |
10889174 | 120 | hosts = ["tools.immae.eu" ]; |
a8ef1adb | 121 | root = landing; |
10889174 | 122 | extraConfig = [ |
1922655a | 123 | '' |
ea9c6fe8 | 124 | RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1 |
afcc5de0 | 125 | RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1 |
3f453c7d | 126 | RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse |
afcc5de0 | 127 | |
251c0a13 IB |
128 | <Directory "${landing}"> |
129 | DirectoryIndex index.html | |
130 | AllowOverride None | |
131 | Require all granted | |
132 | ||
133 | <FilesMatch "\.php$"> | |
134 | SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost" | |
135 | </FilesMatch> | |
136 | </Directory> | |
1922655a | 137 | '' |
5400b9b6 | 138 | (adminer.apache.vhostConf pcfg.adminer.socket) |
10889174 | 139 | ympd.apache.vhostConf |
5400b9b6 IB |
140 | (ttrss.apache.vhostConf pcfg.ttrss.socket) |
141 | (wallabag.apache.vhostConf pcfg.wallabag.socket) | |
142 | (yourls.apache.vhostConf pcfg.yourls.socket) | |
143 | (rompr.apache.vhostConf pcfg.rompr.socket) | |
144 | (shaarli.apache.vhostConf pcfg.shaarli.socket) | |
145 | (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket) | |
146 | (ldap.apache.vhostConf pcfg.ldap.socket) | |
147 | (kanboard.apache.vhostConf pcfg.kanboard.socket) | |
148 | (grocy.apache.vhostConf pcfg.grocy.socket) | |
a8ef1adb | 149 | (phpbb.apache.vhostConf pcfg.phpbb.socket) |
ea3b46ee IB |
150 | '' |
151 | Alias /paste /var/lib/fiche | |
152 | <Directory "/var/lib/fiche"> | |
153 | DirectoryIndex index.txt index.html | |
154 | AllowOverride None | |
155 | Require all granted | |
156 | Options -Indexes | |
157 | </Directory> | |
251c0a13 IB |
158 | |
159 | Alias /BIP39 /var/lib/buildbot/outputs/bip39 | |
160 | <Directory "/var/lib/buildbot/outputs/bip39"> | |
161 | DirectoryIndex index.html | |
162 | AllowOverride None | |
163 | Require all granted | |
164 | </Directory> | |
165 | ||
166 | Alias /webhooks ${config.secrets.location}/webapps/webhooks | |
167 | <Directory "${config.secrets.location}/webapps/webhooks"> | |
168 | Options -Indexes | |
169 | Require all granted | |
170 | AllowOverride None | |
171 | <FilesMatch "\.php$"> | |
172 | SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost" | |
173 | </FilesMatch> | |
174 | </Directory> | |
ea3b46ee | 175 | '' |
10889174 IB |
176 | ]; |
177 | }; | |
178 | ||
29f8cb85 | 179 | services.websites.env.tools.vhostConfs.outils = { |
7df420c2 IB |
180 | certName = "eldiron"; |
181 | addToCerts = true; | |
0f71cd76 | 182 | hosts = [ "outils.immae.eu" ]; |
7df420c2 | 183 | root = null; |
70606070 IB |
184 | extraConfig = [ |
185 | '' | |
186 | RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1 | |
187 | ||
188 | RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1 | |
189 | ||
190 | RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1 | |
191 | RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1 | |
192 | ||
193 | RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1 | |
194 | RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1 | |
195 | RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1 | |
196 | RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1 | |
197 | ||
198 | RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1 | |
199 | ||
afcc5de0 IB |
200 | RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1 |
201 | ||
3f453c7d IB |
202 | RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse |
203 | ||
ea9c6fe8 IB |
204 | RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1 |
205 | ||
70606070 IB |
206 | RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1 |
207 | '' | |
208 | ]; | |
209 | }; | |
210 | ||
f40f5b23 IB |
211 | systemd.services = { |
212 | phpfpm-dokuwiki = { | |
213 | after = lib.mkAfter dokuwiki.phpFpm.serviceDeps; | |
214 | wants = dokuwiki.phpFpm.serviceDeps; | |
215 | }; | |
a8ef1adb IB |
216 | phpfpm-phpbb = { |
217 | after = lib.mkAfter phpbb.phpFpm.serviceDeps; | |
218 | wants = phpbb.phpFpm.serviceDeps; | |
219 | }; | |
f40f5b23 IB |
220 | phpfpm-kanboard = { |
221 | after = lib.mkAfter kanboard.phpFpm.serviceDeps; | |
222 | wants = kanboard.phpFpm.serviceDeps; | |
223 | }; | |
224 | phpfpm-ldap = { | |
225 | after = lib.mkAfter ldap.phpFpm.serviceDeps; | |
226 | wants = ldap.phpFpm.serviceDeps; | |
227 | }; | |
f40f5b23 IB |
228 | phpfpm-shaarli = { |
229 | after = lib.mkAfter shaarli.phpFpm.serviceDeps; | |
230 | wants = shaarli.phpFpm.serviceDeps; | |
231 | }; | |
232 | phpfpm-ttrss = { | |
233 | after = lib.mkAfter ttrss.phpFpm.serviceDeps; | |
234 | wants = ttrss.phpFpm.serviceDeps; | |
235 | }; | |
236 | phpfpm-wallabag = { | |
237 | after = lib.mkAfter wallabag.phpFpm.serviceDeps; | |
238 | wants = wallabag.phpFpm.serviceDeps; | |
239 | preStart = lib.mkAfter wallabag.phpFpm.preStart; | |
240 | }; | |
241 | phpfpm-yourls = { | |
242 | after = lib.mkAfter yourls.phpFpm.serviceDeps; | |
243 | wants = yourls.phpFpm.serviceDeps; | |
244 | }; | |
245 | ympd = { | |
246 | description = "Standalone MPD Web GUI written in C"; | |
247 | wantedBy = [ "multi-user.target" ]; | |
248 | script = '' | |
249 | export MPD_PASSWORD=$(cat /var/secrets/mpd) | |
250 | ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody | |
251 | ''; | |
252 | }; | |
253 | tt-rss = { | |
254 | description = "Tiny Tiny RSS feeds update daemon"; | |
255 | serviceConfig = { | |
256 | User = "wwwrun"; | |
257 | ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon"; | |
258 | StandardOutput = "syslog"; | |
259 | StandardError = "syslog"; | |
260 | PermissionsStartOnly = true; | |
261 | }; | |
262 | ||
263 | wantedBy = [ "multi-user.target" ]; | |
264 | requires = ["postgresql.service"]; | |
265 | after = ["network.target" "postgresql.service"]; | |
266 | }; | |
267 | }; | |
268 | ||
17f6eae9 IB |
269 | services.filesWatcher.ympd = { |
270 | restart = true; | |
271 | paths = [ "/var/secrets/mpd" ]; | |
272 | }; | |
273 | ||
441da8aa IB |
274 | services.phpfpm.pools = { |
275 | tools = { | |
5400b9b6 IB |
276 | user = "wwwrun"; |
277 | group = "wwwrun"; | |
278 | settings = { | |
279 | "listen.owner" = "wwwrun"; | |
280 | "listen.group" = "wwwrun"; | |
281 | "pm" = "dynamic"; | |
282 | "pm.max_children" = "60"; | |
283 | "pm.start_servers" = "2"; | |
284 | "pm.min_spare_servers" = "1"; | |
285 | "pm.max_spare_servers" = "10"; | |
f40f5b23 | 286 | |
5400b9b6 IB |
287 | # Needed to avoid clashes in browser cookies (same domain) |
288 | "php_value[session.name]" = "ToolsPHPSESSID"; | |
251c0a13 | 289 | "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [ |
a8ef1adb IB |
290 | "/run/wrappers/bin/sendmail" landing "/tmp" |
291 | "${config.secrets.location}/webapps/webhooks" | |
251c0a13 IB |
292 | ]; |
293 | }; | |
294 | phpEnv = { | |
295 | CONTACT_EMAIL = config.myEnv.tools.contact; | |
5400b9b6 | 296 | }; |
441da8aa IB |
297 | }; |
298 | devtools = { | |
5400b9b6 IB |
299 | user = "wwwrun"; |
300 | group = "wwwrun"; | |
301 | settings = { | |
302 | "listen.owner" = "wwwrun"; | |
303 | "listen.group" = "wwwrun"; | |
304 | "pm" = "dynamic"; | |
305 | "pm.max_children" = "60"; | |
306 | "pm.start_servers" = "2"; | |
307 | "pm.min_spare_servers" = "1"; | |
308 | "pm.max_spare_servers" = "10"; | |
1922655a | 309 | |
5400b9b6 IB |
310 | "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp"; |
311 | }; | |
441da8aa IB |
312 | phpOptions = config.services.phpfpm.phpOptions + '' |
313 | extension=${pkgs.php}/lib/php/extensions/mysqli.so | |
314 | extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so | |
315 | extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so | |
316 | zend_extension=${pkgs.php}/lib/php/extensions/opcache.so | |
317 | ''; | |
318 | }; | |
5400b9b6 | 319 | adminer = adminer.phpFpm; |
441da8aa | 320 | ttrss = { |
5400b9b6 IB |
321 | user = "wwwrun"; |
322 | group = "wwwrun"; | |
323 | settings = ttrss.phpFpm.pool; | |
441da8aa IB |
324 | }; |
325 | wallabag = { | |
5400b9b6 IB |
326 | user = "wwwrun"; |
327 | group = "wwwrun"; | |
328 | settings = wallabag.phpFpm.pool; | |
441da8aa IB |
329 | }; |
330 | yourls = { | |
5400b9b6 IB |
331 | user = "wwwrun"; |
332 | group = "wwwrun"; | |
333 | settings = yourls.phpFpm.pool; | |
441da8aa IB |
334 | }; |
335 | rompr = { | |
5400b9b6 IB |
336 | user = "wwwrun"; |
337 | group = "wwwrun"; | |
338 | settings = rompr.phpFpm.pool; | |
441da8aa IB |
339 | }; |
340 | shaarli = { | |
5400b9b6 IB |
341 | user = "wwwrun"; |
342 | group = "wwwrun"; | |
343 | settings = shaarli.phpFpm.pool; | |
441da8aa IB |
344 | }; |
345 | dokuwiki = { | |
5400b9b6 IB |
346 | user = "wwwrun"; |
347 | group = "wwwrun"; | |
348 | settings = dokuwiki.phpFpm.pool; | |
441da8aa | 349 | }; |
a8ef1adb IB |
350 | phpbb = { |
351 | user = "wwwrun"; | |
352 | group = "wwwrun"; | |
353 | settings = phpbb.phpFpm.pool; | |
354 | }; | |
441da8aa | 355 | ldap = { |
5400b9b6 IB |
356 | user = "wwwrun"; |
357 | group = "wwwrun"; | |
358 | settings = ldap.phpFpm.pool; | |
64608496 | 359 | phpPackage = pkgs.php72; |
441da8aa IB |
360 | }; |
361 | kanboard = { | |
5400b9b6 IB |
362 | user = "wwwrun"; |
363 | group = "wwwrun"; | |
364 | settings = kanboard.phpFpm.pool; | |
441da8aa IB |
365 | }; |
366 | grocy = { | |
5400b9b6 IB |
367 | user = "wwwrun"; |
368 | group = "wwwrun"; | |
369 | settings = grocy.phpFpm.pool; | |
441da8aa | 370 | }; |
10889174 IB |
371 | }; |
372 | ||
373 | system.activationScripts = { | |
4288c2f2 | 374 | adminer = adminer.activationScript; |
c7627e14 | 375 | grocy = grocy.activationScript; |
10889174 | 376 | ttrss = ttrss.activationScript; |
aebd817b | 377 | wallabag = wallabag.activationScript; |
133ebaee | 378 | yourls = yourls.activationScript; |
bfe3c9c9 | 379 | rompr = rompr.activationScript; |
95b20e17 | 380 | shaarli = shaarli.activationScript; |
b892dcbe | 381 | dokuwiki = dokuwiki.activationScript; |
a8ef1adb | 382 | phpbb = phpbb.activationScript; |
d4ed0eff | 383 | kanboard = kanboard.activationScript; |
4288c2f2 | 384 | ldap = ldap.activationScript; |
10889174 IB |
385 | }; |
386 | ||
d3452fc5 | 387 | services.websites.webappDirs = { |
4288c2f2 IB |
388 | _adminer = adminer.webRoot; |
389 | "${dokuwiki.apache.webappName}" = dokuwiki.webRoot; | |
a8ef1adb | 390 | "${phpbb.apache.webappName}" = phpbb.webRoot; |
4288c2f2 IB |
391 | "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs"; |
392 | "${rompr.apache.webappName}" = rompr.webRoot; | |
4288c2f2 IB |
393 | "${shaarli.apache.webappName}" = shaarli.webRoot; |
394 | "${ttrss.apache.webappName}" = ttrss.webRoot; | |
395 | "${wallabag.apache.webappName}" = wallabag.webRoot; | |
396 | "${yourls.apache.webappName}" = yourls.webRoot; | |
4288c2f2 | 397 | "${kanboard.apache.webappName}" = kanboard.webRoot; |
c7627e14 | 398 | "${grocy.apache.webappName}" = grocy.webRoot; |
4288c2f2 | 399 | }; |
a95ab089 | 400 | |
29f8cb85 | 401 | services.websites.env.tools.watchPaths = [ |
9247b444 | 402 | "/var/secrets/webapps/tools-shaarli" |
17f6eae9 IB |
403 | ]; |
404 | services.filesWatcher.phpfpm-wallabag = { | |
405 | restart = true; | |
406 | paths = [ "/var/secrets/webapps/tools-wallabag" ]; | |
407 | }; | |
ea3b46ee IB |
408 | |
409 | services.fiche = { | |
410 | enable = true; | |
411 | port = config.myEnv.ports.fiche; | |
412 | domain = "tools.immae.eu/paste"; | |
413 | https = true; | |
414 | }; | |
10889174 IB |
415 | }; |
416 | } | |
417 |