[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix

{ lib, pkgs, config, ... }:
let
  flakeCompat = import ../../../../../lib/flake-compat.nix;

  adminer = pkgs.callPackage ./adminer.nix {
    inherit (pkgs.webapps) adminer;
  };
  ympd = pkgs.callPackage ./ympd.nix {
    env = config.myEnv.tools.ympd;
  };
  ttrss = pkgs.callPackage ./ttrss.nix {
    inherit (pkgs.webapps) ttrss ttrss-plugins;
    env = config.myEnv.tools.ttrss;
    php = pkgs.php72;
  };
  kanboard = pkgs.callPackage ./kanboard.nix  {
    env = config.myEnv.tools.kanboard;
  };
  wallabag = pkgs.callPackage ./wallabag.nix {
    wallabag = pkgs.webapps.wallabag.override {
      composerEnv = pkgs.composerEnv.override {
        php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
      };
    };
    env = config.myEnv.tools.wallabag;
  };
  yourls = pkgs.callPackage ./yourls.nix {
    inherit (pkgs.webapps) yourls yourls-plugins;
    env = config.myEnv.tools.yourls;
  };
  rompr = pkgs.callPackage ./rompr.nix {
    inherit (pkgs.webapps) rompr;
    env = config.myEnv.tools.rompr;
  };
  shaarli = pkgs.callPackage ./shaarli.nix {
    env = config.myEnv.tools.shaarli;
  };
  dokuwiki = pkgs.callPackage ./dokuwiki.nix {
    inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
  };
  ldap = pkgs.callPackage ./ldap.nix {
    inherit (pkgs.webapps) phpldapadmin;
    env = config.myEnv.tools.phpldapadmin;
  };
  grocy = pkgs.callPackage ./grocy.nix {
    grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
  };
  phpbb = pkgs.callPackage ./phpbb.nix {
    phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
      e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
      e.empteintesduweb.monitoranswers e.lr94.autosubscribe
      e.phpbbmodders.adduser ]);
  };
  webhooks = pkgs.callPackage ./webhooks.nix {
    env = config.myEnv.tools.webhooks;
  };
  dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
    env = config.myEnv.tools.dmarc_reports;
  };
  csp-reports = pkgs.callPackage ./csp_reports.nix {
    env = config.myEnv.tools.csp_reports;
  };

  landing = pkgs.callPackage ./landing.nix {};

  cfg = config.myServices.websites.tools.tools;
  pcfg = config.services.phpfpm.pools;
in {
  imports =
    builtins.attrValues (flakeCompat ../../../../../flakes/private/paste).nixosModules;

  options.myServices.websites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    secrets.keys =
      kanboard.keys
      ++ ldap.keys
      ++ shaarli.keys
      ++ ttrss.keys
      ++ wallabag.keys
      ++ yourls.keys
      ++ dmarc-reports.keys
      ++ csp-reports.keys
      ++ webhooks.keys;

    services.duplyBackup.profiles = {
      dokuwiki = dokuwiki.backups;
      grocy = grocy.backups;
      kanboard = kanboard.backups;
      rompr = rompr.backups;
      shaarli = shaarli.backups;
      ttrss = ttrss.backups;
      wallabag = wallabag.backups;
      phpbb = phpbb.backups;
    };

    services.websites.env.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ dmarc-reports.apache.modules
      ++ phpbb.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    services.websites.env.integration.vhostConfs.devtools = {
      certName     = "integration";
      certMainHost = "devtools.immae.eu";
      addToCerts   = true;
      hosts        = [ "devtools.immae.eu" ];
      root         = "/var/lib/ftp/devtools.immae.eu";
      extraConfig  = [
        ''
          Use Apaxy "/var/lib/ftp/devtools.immae.eu" "title"
          Timeout 600
          ProxyTimeout 600
          Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
          <Directory "/var/lib/ftp/devtools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
      ];
    };

    services.websites.env.tools.vhostConfs.tools = {
      certName    = "eldiron";
      addToCerts  = true;
      hosts       = ["tools.immae.eu" ];
      root        = landing;
      extraConfig = [
        ''
          RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1
          RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1
          RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

          <Directory "${landing}">
            DirectoryIndex index.html
            AllowOverride None
            Require all granted

            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        (adminer.apache.vhostConf pcfg.adminer.socket)
        ympd.apache.vhostConf
        (ttrss.apache.vhostConf pcfg.ttrss.socket)
        (wallabag.apache.vhostConf pcfg.wallabag.socket)
        (yourls.apache.vhostConf pcfg.yourls.socket)
        (rompr.apache.vhostConf pcfg.rompr.socket)
        (shaarli.apache.vhostConf pcfg.shaarli.socket)
        (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
        (ldap.apache.vhostConf pcfg.ldap.socket)
        (kanboard.apache.vhostConf pcfg.kanboard.socket)
        (grocy.apache.vhostConf pcfg.grocy.socket)
        (phpbb.apache.vhostConf pcfg.phpbb.socket)
        (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
        ''
          <Location "/paste/">
            ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPreserveHost on
          </Location>
          <Location "/paste">
            ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPreserveHost on
          </Location>

          Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
          <Directory "/var/lib/buildbot/outputs/immae/bip39">
            DirectoryIndex index.html
            AllowOverride None
            Require all granted
          </Directory>

          Alias /webhooks ${config.secrets.location}/webapps/webhooks
          <Directory "${config.secrets.location}/webapps/webhooks">
            Options -Indexes
            Require all granted
            AllowOverride None
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
        ''
      ];
    };

    services.websites.env.tools.vhostConfs.outils = {
      certName   = "eldiron";
      addToCerts = true;
      hosts      = [ "outils.immae.eu" ];
      root       = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1

        RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

        RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    systemd.services = {
      phpfpm-dokuwiki = {
        after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
        wants = dokuwiki.phpFpm.serviceDeps;
      };
      phpfpm-phpbb = {
        after = lib.mkAfter phpbb.phpFpm.serviceDeps;
        wants = phpbb.phpFpm.serviceDeps;
      };
      phpfpm-kanboard = {
        after = lib.mkAfter kanboard.phpFpm.serviceDeps;
        wants = kanboard.phpFpm.serviceDeps;
      };
      phpfpm-ldap = {
        after = lib.mkAfter ldap.phpFpm.serviceDeps;
        wants = ldap.phpFpm.serviceDeps;
      };
      phpfpm-shaarli = {
        after = lib.mkAfter shaarli.phpFpm.serviceDeps;
        wants = shaarli.phpFpm.serviceDeps;
      };
      phpfpm-ttrss = {
        after = lib.mkAfter ttrss.phpFpm.serviceDeps;
        wants = ttrss.phpFpm.serviceDeps;
      };
      phpfpm-wallabag = {
        after = lib.mkAfter wallabag.phpFpm.serviceDeps;
        wants = wallabag.phpFpm.serviceDeps;
        preStart = lib.mkAfter wallabag.phpFpm.preStart;
      };
      phpfpm-yourls = {
        after = lib.mkAfter yourls.phpFpm.serviceDeps;
        wants = yourls.phpFpm.serviceDeps;
      };
      ympd = {
        description = "Standalone MPD Web GUI written in C";
        wantedBy = [ "multi-user.target" ];
        script = ''
          export MPD_PASSWORD=$(cat /var/secrets/mpd)
          ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
          '';
      };
      tt-rss = {
        description = "Tiny Tiny RSS feeds update daemon";
        serviceConfig = {
          User = "wwwrun";
          ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
          StandardOutput = "syslog";
          StandardError = "syslog";
          PermissionsStartOnly = true;
        };

        wantedBy = [ "multi-user.target" ];
        requires = ["postgresql.service"];
        after = ["network.target" "postgresql.service"];
      };
    };

    services.filesWatcher.ympd = {
      restart = true;
      paths = [ "/var/secrets/mpd" ];
    };

    services.phpfpm.pools = {
      tools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          # Needed to avoid clashes in browser cookies (same domain)
          "php_value[session.name]" = "ToolsPHPSESSID";
          "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
            "/run/wrappers/bin/sendmail" landing "/tmp"
            "${config.secrets.location}/webapps/webhooks"
          ];
          "include" = "${config.secrets.location}/webapps/tools-csp-reports.conf";
        };
        phpEnv = {
          CONTACT_EMAIL = config.myEnv.tools.contact;
        };
        phpPackage = pkgs.php72;
      };
      devtools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
        };
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
      };
      adminer = adminer.phpFpm;
      ttrss = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ttrss.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      wallabag = {
        user = "wwwrun";
        group = "wwwrun";
        settings = wallabag.phpFpm.pool;
        phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
      };
      yourls = {
        user = "wwwrun";
        group = "wwwrun";
        settings = yourls.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      rompr = {
        user = "wwwrun";
        group = "wwwrun";
        settings = rompr.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      shaarli = {
        user = "wwwrun";
        group = "wwwrun";
        settings = shaarli.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      dmarc-reports = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dmarc-reports.phpFpm.pool;
        phpEnv = dmarc-reports.phpFpm.phpEnv;
        phpPackage = pkgs.php72;
      };
      dokuwiki = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dokuwiki.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      phpbb = {
        user = "wwwrun";
        group = "wwwrun";
        settings = phpbb.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      ldap = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ldap.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      kanboard = {
        user = "wwwrun";
        group = "wwwrun";
        settings = kanboard.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      grocy = {
        user = "wwwrun";
        group = "wwwrun";
        settings = grocy.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
    };

    system.activationScripts = {
      adminer = adminer.activationScript;
      grocy = grocy.activationScript;
      ttrss = ttrss.activationScript;
      wallabag = wallabag.activationScript;
      yourls = yourls.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      phpbb = phpbb.activationScript;
      kanboard = kanboard.activationScript;
      ldap = ldap.activationScript;
    };

    services.websites.webappDirs = {
      _adminer = adminer.webRoot;
      "${dmarc-reports.apache.webappName}" = dmarc-reports.webRoot;
      "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
      "${phpbb.apache.webappName}" = phpbb.webRoot;
      "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
      "${rompr.apache.webappName}" = rompr.webRoot;
      "${shaarli.apache.webappName}" = shaarli.webRoot;
      "${ttrss.apache.webappName}" = ttrss.webRoot;
      "${wallabag.apache.webappName}" = wallabag.webRoot;
      "${yourls.apache.webappName}" = yourls.webRoot;
      "${kanboard.apache.webappName}" = kanboard.webRoot;
      "${grocy.apache.webappName}" = grocy.webRoot;
    };

    services.websites.env.tools.watchPaths = [
      "/var/secrets/webapps/tools-shaarli"
    ];
    services.filesWatcher.phpfpm-wallabag = {
      restart = true;
      paths = [ "/var/secrets/webapps/tools-wallabag" ];
    };

  };
}
Commit	Line	Data
ab8f306d	1	{ lib, pkgs, config, ... }:
10889174	2	let
a9f52ec5 IB	3	flakeCompat = import ../../../../../lib/flake-compat.nix;
a9f52ec5 IB	4
4288c2f2 IB	5	adminer = pkgs.callPackage ./adminer.nix {
	6	inherit (pkgs.webapps) adminer;
	7	};
	8	ympd = pkgs.callPackage ./ympd.nix {
ab8f306d	9	env = config.myEnv.tools.ympd;
4288c2f2 IB	10	};
	11	ttrss = pkgs.callPackage ./ttrss.nix {
	12	inherit (pkgs.webapps) ttrss ttrss-plugins;
ab8f306d	13	env = config.myEnv.tools.ttrss;
dcac3ec7	14	php = pkgs.php72;
4288c2f2	15	};
4288c2f2	16	kanboard = pkgs.callPackage ./kanboard.nix {
ab8f306d	17	env = config.myEnv.tools.kanboard;
4288c2f2 IB	18	};
4288c2f2 IB	19	wallabag = pkgs.callPackage ./wallabag.nix {
46c99b57 IB	20	wallabag = pkgs.webapps.wallabag.override {
46c99b57 IB	21	composerEnv = pkgs.composerEnv.override {
2053ddac	22	php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
46c99b57 IB	23	};
46c99b57 IB	24	};
ab8f306d	25	env = config.myEnv.tools.wallabag;
4288c2f2 IB	26	};
	27	yourls = pkgs.callPackage ./yourls.nix {
	28	inherit (pkgs.webapps) yourls yourls-plugins;
ab8f306d	29	env = config.myEnv.tools.yourls;
4288c2f2 IB	30	};
	31	rompr = pkgs.callPackage ./rompr.nix {
	32	inherit (pkgs.webapps) rompr;
ab8f306d	33	env = config.myEnv.tools.rompr;
4288c2f2 IB	34	};
4288c2f2 IB	35	shaarli = pkgs.callPackage ./shaarli.nix {
ab8f306d	36	env = config.myEnv.tools.shaarli;
4288c2f2 IB	37	};
	38	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
	39	inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
	40	};
	41	ldap = pkgs.callPackage ./ldap.nix {
	42	inherit (pkgs.webapps) phpldapadmin;
ab8f306d	43	env = config.myEnv.tools.phpldapadmin;
4288c2f2	44	};
c7627e14	45	grocy = pkgs.callPackage ./grocy.nix {
dcac3ec7	46	grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
c7627e14	47	};
a8ef1adb IB	48	phpbb = pkgs.callPackage ./phpbb.nix {
	49	phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
	50	e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
	51	e.empteintesduweb.monitoranswers e.lr94.autosubscribe
	52	e.phpbbmodders.adduser ]);
	53	};
251c0a13 IB	54	webhooks = pkgs.callPackage ./webhooks.nix {
	55	env = config.myEnv.tools.webhooks;
	56	};
7df5e532 IB	57	dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
	58	env = config.myEnv.tools.dmarc_reports;
	59	};
0966f95c IB	60	csp-reports = pkgs.callPackage ./csp_reports.nix {
	61	env = config.myEnv.tools.csp_reports;
	62	};
251c0a13 IB	63
251c0a13 IB	64	landing = pkgs.callPackage ./landing.nix {};
10889174	65
4288c2f2	66	cfg = config.myServices.websites.tools.tools;
5400b9b6	67	pcfg = config.services.phpfpm.pools;
10889174	68	in {
a9f52ec5 IB	69	imports =
	70	builtins.attrValues (flakeCompat ../../../../../flakes/private/paste).nixosModules;
	71
4288c2f2	72	options.myServices.websites.tools.tools = {
10889174 IB	73	enable = lib.mkEnableOption "enable tools website";
	74	};
	75
	76	config = lib.mkIf cfg.enable {
1a718805	77	secrets.keys =
a840a21c	78	kanboard.keys
8db8e666	79	++ ldap.keys
8db8e666 IB	80	++ shaarli.keys
	81	++ ttrss.keys
	82	++ wallabag.keys
251c0a13	83	++ yourls.keys
7df5e532	84	++ dmarc-reports.keys
0966f95c	85	++ csp-reports.keys
251c0a13	86	++ webhooks.keys;
98163486	87
d2e703c5	88	services.duplyBackup.profiles = {
6a8252b1	89	dokuwiki = dokuwiki.backups;
c7627e14	90	grocy = grocy.backups;
6a8252b1 IB	91	kanboard = kanboard.backups;
	92	rompr = rompr.backups;
	93	shaarli = shaarli.backups;
	94	ttrss = ttrss.backups;
	95	wallabag = wallabag.backups;
a8ef1adb	96	phpbb = phpbb.backups;
6a8252b1 IB	97	};
6a8252b1 IB	98
29f8cb85	99	services.websites.env.tools.modules =
1922655a IB	100	[ "proxy_fcgi" ]
1922655a IB	101	++ adminer.apache.modules
10889174 IB	102	++ ympd.apache.modules
10889174 IB	103	++ ttrss.apache.modules
133ebaee	104	++ wallabag.apache.modules
bfe3c9c9	105	++ yourls.apache.modules
95b20e17	106	++ rompr.apache.modules
b892dcbe	107	++ shaarli.apache.modules
f80772dc	108	++ dokuwiki.apache.modules
7df5e532	109	++ dmarc-reports.apache.modules
a8ef1adb	110	++ phpbb.apache.modules
d4ed0eff IB	111	++ ldap.apache.modules
d4ed0eff IB	112	++ kanboard.apache.modules;
10889174	113
29f8cb85	114	services.websites.env.integration.vhostConfs.devtools = {
0f71cd76 IB	115	certName = "integration";
	116	certMainHost = "devtools.immae.eu";
	117	addToCerts = true;
	118	hosts = [ "devtools.immae.eu" ];
	119	root = "/var/lib/ftp/devtools.immae.eu";
	120	extraConfig = [
0aae0181	121	''
a0e80453	122	Use Apaxy "/var/lib/ftp/devtools.immae.eu" "title"
9338c832 IB	123	Timeout 600
9338c832 IB	124	ProxyTimeout 600
68c45ad5	125	Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
0aae0181 IB	126	<Directory "/var/lib/ftp/devtools.immae.eu">
	127	DirectoryIndex index.php index.htm index.html
	128	AllowOverride all
	129	Require all granted
	130	<FilesMatch "\.php$">
5400b9b6	131	SetHandler "proxy:unix:${pcfg.devtools.socket}\|fcgi://localhost"
0aae0181 IB	132	</FilesMatch>
	133	</Directory>
	134	''
46f30ecc IB	135	];
	136	};
	137
29f8cb85	138	services.websites.env.tools.vhostConfs.tools = {
10889174	139	certName = "eldiron";
7df420c2	140	addToCerts = true;
10889174	141	hosts = ["tools.immae.eu" ];
a8ef1adb	142	root = landing;
10889174	143	extraConfig = [
1922655a	144	''
ea9c6fe8	145	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
afcc5de0	146	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
3f453c7d	147	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
afcc5de0	148
251c0a13 IB	149	<Directory "${landing}">
	150	DirectoryIndex index.html
	151	AllowOverride None
	152	Require all granted
	153
	154	<FilesMatch "\.php$">
	155	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	156	</FilesMatch>
	157	</Directory>
1922655a	158	''
5400b9b6	159	(adminer.apache.vhostConf pcfg.adminer.socket)
10889174	160	ympd.apache.vhostConf
5400b9b6 IB	161	(ttrss.apache.vhostConf pcfg.ttrss.socket)
	162	(wallabag.apache.vhostConf pcfg.wallabag.socket)
	163	(yourls.apache.vhostConf pcfg.yourls.socket)
	164	(rompr.apache.vhostConf pcfg.rompr.socket)
	165	(shaarli.apache.vhostConf pcfg.shaarli.socket)
	166	(dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
	167	(ldap.apache.vhostConf pcfg.ldap.socket)
	168	(kanboard.apache.vhostConf pcfg.kanboard.socket)
	169	(grocy.apache.vhostConf pcfg.grocy.socket)
a8ef1adb	170	(phpbb.apache.vhostConf pcfg.phpbb.socket)
7df5e532	171	(dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
ea3b46ee	172	''
a9f52ec5 IB	173	<Location "/paste/">
	174	ProxyPass unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	175	ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	176	ProxyPreserveHost on
	177	</Location>
	178	<Location "/paste">
	179	ProxyPass unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	180	ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	181	ProxyPreserveHost on
	182	</Location>
251c0a13	183
cb589b2e IB	184	Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
cb589b2e IB	185	<Directory "/var/lib/buildbot/outputs/immae/bip39">
251c0a13 IB	186	DirectoryIndex index.html
	187	AllowOverride None
	188	Require all granted
	189	</Directory>
	190
	191	Alias /webhooks ${config.secrets.location}/webapps/webhooks
	192	<Directory "${config.secrets.location}/webapps/webhooks">
	193	Options -Indexes
	194	Require all granted
	195	AllowOverride None
	196	<FilesMatch "\.php$">
	197	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	198	</FilesMatch>
	199	</Directory>
ea3b46ee	200	''
10889174 IB	201	];
	202	};
	203
29f8cb85	204	services.websites.env.tools.vhostConfs.outils = {
7df420c2 IB	205	certName = "eldiron";
7df420c2 IB	206	addToCerts = true;
0f71cd76	207	hosts = [ "outils.immae.eu" ];
7df420c2	208	root = null;
70606070 IB	209	extraConfig = [
	210	''
	211	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	212
	213	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	214
	215	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	216	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	217
	218	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	219	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	220	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	221	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	222
	223	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	224
afcc5de0 IB	225	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
afcc5de0 IB	226
3f453c7d IB	227	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
3f453c7d IB	228
ea9c6fe8 IB	229	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
ea9c6fe8 IB	230
70606070 IB	231	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	232	''
	233	];
	234	};
	235
f40f5b23 IB	236	systemd.services = {
	237	phpfpm-dokuwiki = {
	238	after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
	239	wants = dokuwiki.phpFpm.serviceDeps;
	240	};
a8ef1adb IB	241	phpfpm-phpbb = {
	242	after = lib.mkAfter phpbb.phpFpm.serviceDeps;
	243	wants = phpbb.phpFpm.serviceDeps;
	244	};
f40f5b23 IB	245	phpfpm-kanboard = {
	246	after = lib.mkAfter kanboard.phpFpm.serviceDeps;
	247	wants = kanboard.phpFpm.serviceDeps;
	248	};
	249	phpfpm-ldap = {
	250	after = lib.mkAfter ldap.phpFpm.serviceDeps;
	251	wants = ldap.phpFpm.serviceDeps;
	252	};
f40f5b23 IB	253	phpfpm-shaarli = {
	254	after = lib.mkAfter shaarli.phpFpm.serviceDeps;
	255	wants = shaarli.phpFpm.serviceDeps;
	256	};
	257	phpfpm-ttrss = {
	258	after = lib.mkAfter ttrss.phpFpm.serviceDeps;
	259	wants = ttrss.phpFpm.serviceDeps;
	260	};
	261	phpfpm-wallabag = {
	262	after = lib.mkAfter wallabag.phpFpm.serviceDeps;
	263	wants = wallabag.phpFpm.serviceDeps;
	264	preStart = lib.mkAfter wallabag.phpFpm.preStart;
	265	};
	266	phpfpm-yourls = {
	267	after = lib.mkAfter yourls.phpFpm.serviceDeps;
	268	wants = yourls.phpFpm.serviceDeps;
	269	};
	270	ympd = {
	271	description = "Standalone MPD Web GUI written in C";
	272	wantedBy = [ "multi-user.target" ];
	273	script = ''
	274	export MPD_PASSWORD=$(cat /var/secrets/mpd)
	275	${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
	276	'';
	277	};
	278	tt-rss = {
	279	description = "Tiny Tiny RSS feeds update daemon";
	280	serviceConfig = {
	281	User = "wwwrun";
dcac3ec7	282	ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
f40f5b23 IB	283	StandardOutput = "syslog";
	284	StandardError = "syslog";
	285	PermissionsStartOnly = true;
	286	};
	287
	288	wantedBy = [ "multi-user.target" ];
	289	requires = ["postgresql.service"];
	290	after = ["network.target" "postgresql.service"];
	291	};
	292	};
	293
17f6eae9 IB	294	services.filesWatcher.ympd = {
	295	restart = true;
	296	paths = [ "/var/secrets/mpd" ];
	297	};
	298
441da8aa IB	299	services.phpfpm.pools = {
441da8aa IB	300	tools = {
5400b9b6 IB	301	user = "wwwrun";
	302	group = "wwwrun";
	303	settings = {
	304	"listen.owner" = "wwwrun";
	305	"listen.group" = "wwwrun";
	306	"pm" = "dynamic";
	307	"pm.max_children" = "60";
	308	"pm.start_servers" = "2";
	309	"pm.min_spare_servers" = "1";
	310	"pm.max_spare_servers" = "10";
f40f5b23	311
5400b9b6 IB	312	# Needed to avoid clashes in browser cookies (same domain)
5400b9b6 IB	313	"php_value[session.name]" = "ToolsPHPSESSID";
251c0a13	314	"php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
a8ef1adb IB	315	"/run/wrappers/bin/sendmail" landing "/tmp"
a8ef1adb IB	316	"${config.secrets.location}/webapps/webhooks"
251c0a13	317	];
0966f95c	318	"include" = "${config.secrets.location}/webapps/tools-csp-reports.conf";
251c0a13 IB	319	};
	320	phpEnv = {
	321	CONTACT_EMAIL = config.myEnv.tools.contact;
5400b9b6	322	};
dcac3ec7	323	phpPackage = pkgs.php72;
441da8aa IB	324	};
441da8aa IB	325	devtools = {
5400b9b6 IB	326	user = "wwwrun";
	327	group = "wwwrun";
	328	settings = {
	329	"listen.owner" = "wwwrun";
	330	"listen.group" = "wwwrun";
	331	"pm" = "dynamic";
	332	"pm.max_children" = "60";
	333	"pm.start_servers" = "2";
	334	"pm.min_spare_servers" = "1";
	335	"pm.max_spare_servers" = "10";
1922655a	336
5400b9b6 IB	337	"php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
5400b9b6 IB	338	};
2053ddac	339	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
441da8aa	340	};
5400b9b6	341	adminer = adminer.phpFpm;
441da8aa	342	ttrss = {
5400b9b6 IB	343	user = "wwwrun";
	344	group = "wwwrun";
	345	settings = ttrss.phpFpm.pool;
dcac3ec7	346	phpPackage = pkgs.php72;
441da8aa IB	347	};
441da8aa IB	348	wallabag = {
5400b9b6 IB	349	user = "wwwrun";
	350	group = "wwwrun";
	351	settings = wallabag.phpFpm.pool;
2053ddac	352	phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
441da8aa IB	353	};
441da8aa IB	354	yourls = {
5400b9b6 IB	355	user = "wwwrun";
	356	group = "wwwrun";
	357	settings = yourls.phpFpm.pool;
dcac3ec7	358	phpPackage = pkgs.php72;
441da8aa IB	359	};
441da8aa IB	360	rompr = {
5400b9b6 IB	361	user = "wwwrun";
	362	group = "wwwrun";
	363	settings = rompr.phpFpm.pool;
dcac3ec7	364	phpPackage = pkgs.php72;
441da8aa IB	365	};
441da8aa IB	366	shaarli = {
5400b9b6 IB	367	user = "wwwrun";
	368	group = "wwwrun";
	369	settings = shaarli.phpFpm.pool;
dcac3ec7	370	phpPackage = pkgs.php72;
441da8aa	371	};
7df5e532 IB	372	dmarc-reports = {
	373	user = "wwwrun";
	374	group = "wwwrun";
	375	settings = dmarc-reports.phpFpm.pool;
	376	phpEnv = dmarc-reports.phpFpm.phpEnv;
dcac3ec7	377	phpPackage = pkgs.php72;
7df5e532	378	};
441da8aa	379	dokuwiki = {
5400b9b6 IB	380	user = "wwwrun";
	381	group = "wwwrun";
	382	settings = dokuwiki.phpFpm.pool;
dcac3ec7	383	phpPackage = pkgs.php72;
441da8aa	384	};
a8ef1adb IB	385	phpbb = {
	386	user = "wwwrun";
	387	group = "wwwrun";
	388	settings = phpbb.phpFpm.pool;
dcac3ec7	389	phpPackage = pkgs.php72;
a8ef1adb	390	};
441da8aa	391	ldap = {
5400b9b6 IB	392	user = "wwwrun";
	393	group = "wwwrun";
	394	settings = ldap.phpFpm.pool;
64608496	395	phpPackage = pkgs.php72;
441da8aa IB	396	};
441da8aa IB	397	kanboard = {
5400b9b6 IB	398	user = "wwwrun";
	399	group = "wwwrun";
	400	settings = kanboard.phpFpm.pool;
dcac3ec7	401	phpPackage = pkgs.php72;
441da8aa IB	402	};
441da8aa IB	403	grocy = {
5400b9b6 IB	404	user = "wwwrun";
	405	group = "wwwrun";
	406	settings = grocy.phpFpm.pool;
dcac3ec7	407	phpPackage = pkgs.php72;
441da8aa	408	};
10889174 IB	409	};
	410
	411	system.activationScripts = {
4288c2f2	412	adminer = adminer.activationScript;
c7627e14	413	grocy = grocy.activationScript;
10889174	414	ttrss = ttrss.activationScript;
aebd817b	415	wallabag = wallabag.activationScript;
133ebaee	416	yourls = yourls.activationScript;
bfe3c9c9	417	rompr = rompr.activationScript;
95b20e17	418	shaarli = shaarli.activationScript;
b892dcbe	419	dokuwiki = dokuwiki.activationScript;
a8ef1adb	420	phpbb = phpbb.activationScript;
d4ed0eff	421	kanboard = kanboard.activationScript;
4288c2f2	422	ldap = ldap.activationScript;
10889174 IB	423	};
10889174 IB	424
d3452fc5	425	services.websites.webappDirs = {
4288c2f2	426	_adminer = adminer.webRoot;
7df5e532	427	"${dmarc-reports.apache.webappName}" = dmarc-reports.webRoot;
4288c2f2	428	"${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
a8ef1adb	429	"${phpbb.apache.webappName}" = phpbb.webRoot;
4288c2f2 IB	430	"${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
4288c2f2 IB	431	"${rompr.apache.webappName}" = rompr.webRoot;
4288c2f2 IB	432	"${shaarli.apache.webappName}" = shaarli.webRoot;
	433	"${ttrss.apache.webappName}" = ttrss.webRoot;
	434	"${wallabag.apache.webappName}" = wallabag.webRoot;
	435	"${yourls.apache.webappName}" = yourls.webRoot;
4288c2f2	436	"${kanboard.apache.webappName}" = kanboard.webRoot;
c7627e14	437	"${grocy.apache.webappName}" = grocy.webRoot;
4288c2f2	438	};
a95ab089	439
29f8cb85	440	services.websites.env.tools.watchPaths = [
9247b444	441	"/var/secrets/webapps/tools-shaarli"
17f6eae9 IB	442	];
	443	services.filesWatcher.phpfpm-wallabag = {
	444	restart = true;
	445	paths = [ "/var/secrets/webapps/tools-wallabag" ];
	446	};
ea3b46ee	447
10889174 IB	448	};
	449	}
	450