[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix

{ lib, pkgs, config, myconfig,  ... }:
let
  adminer = pkgs.callPackage ./adminer.nix {
    inherit (pkgs.webapps) adminer;
  };
  ympd = pkgs.callPackage ./ympd.nix {
    env = myconfig.env.tools.ympd;
  };
  ttrss = pkgs.callPackage ./ttrss.nix {
    inherit (pkgs.webapps) ttrss ttrss-plugins;
    env = myconfig.env.tools.ttrss;
  };
  kanboard = pkgs.callPackage ./kanboard.nix  {
    env = myconfig.env.tools.kanboard;
  };
  wallabag = pkgs.callPackage ./wallabag.nix {
    inherit (pkgs.webapps) wallabag;
    env = myconfig.env.tools.wallabag;
  };
  yourls = pkgs.callPackage ./yourls.nix {
    inherit (pkgs.webapps) yourls yourls-plugins;
    env = myconfig.env.tools.yourls;
  };
  rompr = pkgs.callPackage ./rompr.nix {
    inherit (pkgs.webapps) rompr;
    env = myconfig.env.tools.rompr;
  };
  shaarli = pkgs.callPackage ./shaarli.nix {
    env = myconfig.env.tools.shaarli;
  };
  dokuwiki = pkgs.callPackage ./dokuwiki.nix {
    inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
  };
  ldap = pkgs.callPackage ./ldap.nix {
    inherit (pkgs.webapps) phpldapadmin;
    env = myconfig.env.tools.phpldapadmin;
  };

  cfg = config.myServices.websites.tools.tools;
in {
  options.myServices.websites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    secrets.keys =
      kanboard.keys
      ++ ldap.keys
      ++ shaarli.keys
      ++ ttrss.keys
      ++ wallabag.keys
      ++ yourls.keys;

    services.websites.env.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    services.websites.env.integration.vhostConfs.devtools = {
      certName    = "eldiron";
      addToCerts  = true;
      hosts       = ["devtools.immae.eu" ];
      root        = "/var/lib/ftp/devtools.immae.eu";
      extraConfig = [
        ''
          <Directory "/var/lib/ftp/devtools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:/var/run/phpfpm/devtools.sock|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
      ];
    };

    services.websites.env.tools.vhostConfs.tools = {
      certName    = "eldiron";
      addToCerts  = true;
      hosts       = ["tools.immae.eu" ];
      root        = "/var/lib/ftp/tools.immae.eu";
      extraConfig = [
        ''
          RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1

          <Directory "/var/lib/ftp/tools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:/var/run/phpfpm/tools.sock|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        adminer.apache.vhostConf
        ympd.apache.vhostConf
        ttrss.apache.vhostConf
        wallabag.apache.vhostConf
        yourls.apache.vhostConf
        rompr.apache.vhostConf
        shaarli.apache.vhostConf
        dokuwiki.apache.vhostConf
        ldap.apache.vhostConf
        kanboard.apache.vhostConf
      ];
    };

    services.websites.env.tools.vhostConfs.outils = {
      certName   = "eldiron";
      addToCerts = true;
      hosts      = [ "outils.immae.eu" ];
      root       = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    systemd.services = {
      phpfpm-dokuwiki = {
        after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
        wants = dokuwiki.phpFpm.serviceDeps;
      };
      phpfpm-kanboard = {
        after = lib.mkAfter kanboard.phpFpm.serviceDeps;
        wants = kanboard.phpFpm.serviceDeps;
      };
      phpfpm-ldap = {
        after = lib.mkAfter ldap.phpFpm.serviceDeps;
        wants = ldap.phpFpm.serviceDeps;
      };
      phpfpm-shaarli = {
        after = lib.mkAfter shaarli.phpFpm.serviceDeps;
        wants = shaarli.phpFpm.serviceDeps;
      };
      phpfpm-ttrss = {
        after = lib.mkAfter ttrss.phpFpm.serviceDeps;
        wants = ttrss.phpFpm.serviceDeps;
      };
      phpfpm-wallabag = {
        after = lib.mkAfter wallabag.phpFpm.serviceDeps;
        wants = wallabag.phpFpm.serviceDeps;
        preStart = lib.mkAfter wallabag.phpFpm.preStart;
      };
      phpfpm-yourls = {
        after = lib.mkAfter yourls.phpFpm.serviceDeps;
        wants = yourls.phpFpm.serviceDeps;
      };
      ympd = {
        description = "Standalone MPD Web GUI written in C";
        wantedBy = [ "multi-user.target" ];
        script = ''
          export MPD_PASSWORD=$(cat /var/secrets/mpd)
          ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
          '';
      };
      tt-rss = {
        description = "Tiny Tiny RSS feeds update daemon";
        serviceConfig = {
          User = "wwwrun";
          ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
          StandardOutput = "syslog";
          StandardError = "syslog";
          PermissionsStartOnly = true;
        };

        wantedBy = [ "multi-user.target" ];
        requires = ["postgresql.service"];
        after = ["network.target" "postgresql.service"];
      };
    };

    services.filesWatcher.ympd = {
      restart = true;
      paths = [ "/var/secrets/mpd" ];
    };

    services.phpfpm.pools.devtools = {
      listen = "/var/run/phpfpm/devtools.sock";
      extraConfig = ''
        user = wwwrun
        group = wwwrun
        listen.owner = wwwrun
        listen.group = wwwrun
        pm = dynamic
        pm.max_children = 60
        pm.start_servers = 2
        pm.min_spare_servers = 1
        pm.max_spare_servers = 10

        php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp"
        '';
      phpOptions = config.services.phpfpm.phpOptions + ''
        extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
        extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
        zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
        '';
    };

    services.phpfpm.poolConfigs = {
      adminer = adminer.phpFpm.pool;
      ttrss = ttrss.phpFpm.pool;
      wallabag = wallabag.phpFpm.pool;
      yourls = yourls.phpFpm.pool;
      rompr = rompr.phpFpm.pool;
      shaarli = shaarli.phpFpm.pool;
      dokuwiki = dokuwiki.phpFpm.pool;
      ldap = ldap.phpFpm.pool;
      kanboard = kanboard.phpFpm.pool;
      tools = ''
        listen = /var/run/phpfpm/tools.sock
        user = wwwrun
        group = wwwrun
        listen.owner = wwwrun
        listen.group = wwwrun
        pm = dynamic
        pm.max_children = 60
        pm.start_servers = 2
        pm.min_spare_servers = 1
        pm.max_spare_servers = 10

        ; Needed to avoid clashes in browser cookies (same domain)
        php_value[session.name] = ToolsPHPSESSID
        php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
        '';
    };

    system.activationScripts = {
      adminer = adminer.activationScript;
      ttrss = ttrss.activationScript;
      wallabag = wallabag.activationScript;
      yourls = yourls.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      kanboard = kanboard.activationScript;
      ldap = ldap.activationScript;
    };

    myServices.websites.webappDirs = {
      _adminer = adminer.webRoot;
      "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
      "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
      "${rompr.apache.webappName}" = rompr.webRoot;
      "${shaarli.apache.webappName}" = shaarli.webRoot;
      "${ttrss.apache.webappName}" = ttrss.webRoot;
      "${wallabag.apache.webappName}" = wallabag.webRoot;
      "${yourls.apache.webappName}" = yourls.webRoot;
      "${kanboard.apache.webappName}" = kanboard.webRoot;
    };

    services.websites.env.tools.watchPaths = [
      "/var/secrets/webapps/tools-shaarli"
    ];
    services.filesWatcher.phpfpm-wallabag = {
      restart = true;
      paths = [ "/var/secrets/webapps/tools-wallabag" ];
    };
  };
}
Commit	Line	Data
8a964143	1	{ lib, pkgs, config, myconfig, ... }:
10889174	2	let
4288c2f2 IB	3	adminer = pkgs.callPackage ./adminer.nix {
	4	inherit (pkgs.webapps) adminer;
	5	};
	6	ympd = pkgs.callPackage ./ympd.nix {
	7	env = myconfig.env.tools.ympd;
	8	};
	9	ttrss = pkgs.callPackage ./ttrss.nix {
	10	inherit (pkgs.webapps) ttrss ttrss-plugins;
	11	env = myconfig.env.tools.ttrss;
	12	};
4288c2f2 IB	13	kanboard = pkgs.callPackage ./kanboard.nix {
	14	env = myconfig.env.tools.kanboard;
	15	};
	16	wallabag = pkgs.callPackage ./wallabag.nix {
	17	inherit (pkgs.webapps) wallabag;
	18	env = myconfig.env.tools.wallabag;
	19	};
	20	yourls = pkgs.callPackage ./yourls.nix {
	21	inherit (pkgs.webapps) yourls yourls-plugins;
	22	env = myconfig.env.tools.yourls;
	23	};
	24	rompr = pkgs.callPackage ./rompr.nix {
	25	inherit (pkgs.webapps) rompr;
	26	env = myconfig.env.tools.rompr;
	27	};
	28	shaarli = pkgs.callPackage ./shaarli.nix {
	29	env = myconfig.env.tools.shaarli;
	30	};
	31	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
	32	inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
	33	};
	34	ldap = pkgs.callPackage ./ldap.nix {
	35	inherit (pkgs.webapps) phpldapadmin;
	36	env = myconfig.env.tools.phpldapadmin;
	37	};
10889174	38
4288c2f2	39	cfg = config.myServices.websites.tools.tools;
10889174	40	in {
4288c2f2	41	options.myServices.websites.tools.tools = {
10889174 IB	42	enable = lib.mkEnableOption "enable tools website";
	43	};
	44
	45	config = lib.mkIf cfg.enable {
1a718805	46	secrets.keys =
a840a21c	47	kanboard.keys
8db8e666	48	++ ldap.keys
8db8e666 IB	49	++ shaarli.keys
	50	++ ttrss.keys
	51	++ wallabag.keys
	52	++ yourls.keys;
98163486	53
29f8cb85	54	services.websites.env.tools.modules =
1922655a IB	55	[ "proxy_fcgi" ]
1922655a IB	56	++ adminer.apache.modules
10889174 IB	57	++ ympd.apache.modules
10889174 IB	58	++ ttrss.apache.modules
133ebaee	59	++ wallabag.apache.modules
bfe3c9c9	60	++ yourls.apache.modules
95b20e17	61	++ rompr.apache.modules
b892dcbe	62	++ shaarli.apache.modules
f80772dc	63	++ dokuwiki.apache.modules
d4ed0eff IB	64	++ ldap.apache.modules
d4ed0eff IB	65	++ kanboard.apache.modules;
10889174	66
29f8cb85	67	services.websites.env.integration.vhostConfs.devtools = {
46f30ecc	68	certName = "eldiron";
7df420c2	69	addToCerts = true;
46f30ecc	70	hosts = ["devtools.immae.eu" ];
0aae0181	71	root = "/var/lib/ftp/devtools.immae.eu";
46f30ecc	72	extraConfig = [
0aae0181 IB	73	''
	74	<Directory "/var/lib/ftp/devtools.immae.eu">
	75	DirectoryIndex index.php index.htm index.html
	76	AllowOverride all
	77	Require all granted
	78	<FilesMatch "\.php$">
	79	SetHandler "proxy:unix:/var/run/phpfpm/devtools.sock\|fcgi://localhost"
	80	</FilesMatch>
	81	</Directory>
	82	''
46f30ecc IB	83	];
	84	};
	85
29f8cb85	86	services.websites.env.tools.vhostConfs.tools = {
10889174	87	certName = "eldiron";
7df420c2	88	addToCerts = true;
10889174	89	hosts = ["tools.immae.eu" ];
1922655a	90	root = "/var/lib/ftp/tools.immae.eu";
10889174	91	extraConfig = [
1922655a	92	''
afcc5de0 IB	93	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
afcc5de0 IB	94
1922655a	95	<Directory "/var/lib/ftp/tools.immae.eu">
0eaac6ba	96	DirectoryIndex index.php index.htm index.html
1922655a IB	97	AllowOverride all
	98	Require all granted
	99	<FilesMatch "\.php$">
	100	SetHandler "proxy:unix:/var/run/phpfpm/tools.sock\|fcgi://localhost"
	101	</FilesMatch>
	102	</Directory>
	103	''
10889174 IB	104	adminer.apache.vhostConf
	105	ympd.apache.vhostConf
	106	ttrss.apache.vhostConf
aebd817b	107	wallabag.apache.vhostConf
133ebaee	108	yourls.apache.vhostConf
bfe3c9c9	109	rompr.apache.vhostConf
95b20e17	110	shaarli.apache.vhostConf
b892dcbe	111	dokuwiki.apache.vhostConf
f80772dc	112	ldap.apache.vhostConf
d4ed0eff	113	kanboard.apache.vhostConf
10889174 IB	114	];
	115	};
	116
29f8cb85	117	services.websites.env.tools.vhostConfs.outils = {
7df420c2 IB	118	certName = "eldiron";
	119	addToCerts = true;
	120	hosts = [ "outils.immae.eu" ];
	121	root = null;
70606070 IB	122	extraConfig = [
	123	''
	124	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	125
	126	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	127
	128	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	129	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	130
	131	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	132	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	133	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	134	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	135
	136	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	137
afcc5de0 IB	138	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
afcc5de0 IB	139
70606070 IB	140	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	141	''
	142	];
	143	};
	144
f40f5b23 IB	145	systemd.services = {
	146	phpfpm-dokuwiki = {
	147	after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
	148	wants = dokuwiki.phpFpm.serviceDeps;
	149	};
	150	phpfpm-kanboard = {
	151	after = lib.mkAfter kanboard.phpFpm.serviceDeps;
	152	wants = kanboard.phpFpm.serviceDeps;
	153	};
	154	phpfpm-ldap = {
	155	after = lib.mkAfter ldap.phpFpm.serviceDeps;
	156	wants = ldap.phpFpm.serviceDeps;
	157	};
f40f5b23 IB	158	phpfpm-shaarli = {
	159	after = lib.mkAfter shaarli.phpFpm.serviceDeps;
	160	wants = shaarli.phpFpm.serviceDeps;
	161	};
	162	phpfpm-ttrss = {
	163	after = lib.mkAfter ttrss.phpFpm.serviceDeps;
	164	wants = ttrss.phpFpm.serviceDeps;
	165	};
	166	phpfpm-wallabag = {
	167	after = lib.mkAfter wallabag.phpFpm.serviceDeps;
	168	wants = wallabag.phpFpm.serviceDeps;
	169	preStart = lib.mkAfter wallabag.phpFpm.preStart;
	170	};
	171	phpfpm-yourls = {
	172	after = lib.mkAfter yourls.phpFpm.serviceDeps;
	173	wants = yourls.phpFpm.serviceDeps;
	174	};
	175	ympd = {
	176	description = "Standalone MPD Web GUI written in C";
	177	wantedBy = [ "multi-user.target" ];
	178	script = ''
	179	export MPD_PASSWORD=$(cat /var/secrets/mpd)
	180	${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
	181	'';
	182	};
	183	tt-rss = {
	184	description = "Tiny Tiny RSS feeds update daemon";
	185	serviceConfig = {
	186	User = "wwwrun";
	187	ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
	188	StandardOutput = "syslog";
	189	StandardError = "syslog";
	190	PermissionsStartOnly = true;
	191	};
	192
	193	wantedBy = [ "multi-user.target" ];
	194	requires = ["postgresql.service"];
	195	after = ["network.target" "postgresql.service"];
	196	};
	197	};
	198
17f6eae9 IB	199	services.filesWatcher.ympd = {
	200	restart = true;
	201	paths = [ "/var/secrets/mpd" ];
	202	};
	203
f40f5b23 IB	204	services.phpfpm.pools.devtools = {
	205	listen = "/var/run/phpfpm/devtools.sock";
	206	extraConfig = ''
	207	user = wwwrun
	208	group = wwwrun
	209	listen.owner = wwwrun
	210	listen.group = wwwrun
	211	pm = dynamic
	212	pm.max_children = 60
	213	pm.start_servers = 2
	214	pm.min_spare_servers = 1
	215	pm.max_spare_servers = 10
	216
	217	php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp"
	218	'';
	219	phpOptions = config.services.phpfpm.phpOptions + ''
0aae0181 IB	220	extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
	221	extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
	222	zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
	223	'';
8eded9ec	224	};
f40f5b23 IB	225
f40f5b23 IB	226	services.phpfpm.poolConfigs = {
10889174 IB	227	adminer = adminer.phpFpm.pool;
10889174 IB	228	ttrss = ttrss.phpFpm.pool;
aebd817b	229	wallabag = wallabag.phpFpm.pool;
133ebaee	230	yourls = yourls.phpFpm.pool;
bfe3c9c9	231	rompr = rompr.phpFpm.pool;
95b20e17	232	shaarli = shaarli.phpFpm.pool;
b892dcbe	233	dokuwiki = dokuwiki.phpFpm.pool;
f80772dc	234	ldap = ldap.phpFpm.pool;
d4ed0eff	235	kanboard = kanboard.phpFpm.pool;
1922655a IB	236	tools = ''
	237	listen = /var/run/phpfpm/tools.sock
	238	user = wwwrun
	239	group = wwwrun
	240	listen.owner = wwwrun
	241	listen.group = wwwrun
	242	pm = dynamic
	243	pm.max_children = 60
	244	pm.start_servers = 2
	245	pm.min_spare_servers = 1
	246	pm.max_spare_servers = 10
	247
	248	; Needed to avoid clashes in browser cookies (same domain)
	249	php_value[session.name] = ToolsPHPSESSID
	250	php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
	251	'';
10889174 IB	252	};
	253
	254	system.activationScripts = {
4288c2f2	255	adminer = adminer.activationScript;
10889174	256	ttrss = ttrss.activationScript;
aebd817b	257	wallabag = wallabag.activationScript;
133ebaee	258	yourls = yourls.activationScript;
bfe3c9c9	259	rompr = rompr.activationScript;
95b20e17	260	shaarli = shaarli.activationScript;
b892dcbe	261	dokuwiki = dokuwiki.activationScript;
d4ed0eff	262	kanboard = kanboard.activationScript;
4288c2f2	263	ldap = ldap.activationScript;
10889174 IB	264	};
10889174 IB	265
4288c2f2 IB	266	myServices.websites.webappDirs = {
	267	_adminer = adminer.webRoot;
	268	"${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
	269	"${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
	270	"${rompr.apache.webappName}" = rompr.webRoot;
4288c2f2 IB	271	"${shaarli.apache.webappName}" = shaarli.webRoot;
	272	"${ttrss.apache.webappName}" = ttrss.webRoot;
	273	"${wallabag.apache.webappName}" = wallabag.webRoot;
	274	"${yourls.apache.webappName}" = yourls.webRoot;
4288c2f2 IB	275	"${kanboard.apache.webappName}" = kanboard.webRoot;
4288c2f2 IB	276	};
a95ab089	277
29f8cb85	278	services.websites.env.tools.watchPaths = [
9247b444	279	"/var/secrets/webapps/tools-shaarli"
17f6eae9 IB	280	];
	281	services.filesWatcher.phpfpm-wallabag = {
	282	restart = true;
	283	paths = [ "/var/secrets/webapps/tools-wallabag" ];
	284	};
10889174 IB	285	};
	286	}
	287