[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix

{ lib, pkgs, config, ... }:
let
  adminer = pkgs.callPackage ./adminer.nix {
    inherit (pkgs.webapps) adminer;
  };
  ympd = pkgs.callPackage ./ympd.nix {
    env = config.myEnv.tools.ympd;
  };
  ttrss = pkgs.callPackage ./ttrss.nix {
    inherit (pkgs.webapps) ttrss ttrss-plugins;
    env = config.myEnv.tools.ttrss;
  };
  kanboard = pkgs.callPackage ./kanboard.nix  {
    env = config.myEnv.tools.kanboard;
  };
  wallabag = pkgs.callPackage ./wallabag.nix {
    inherit (pkgs.webapps) wallabag;
    env = config.myEnv.tools.wallabag;
  };
  yourls = pkgs.callPackage ./yourls.nix {
    inherit (pkgs.webapps) yourls yourls-plugins;
    env = config.myEnv.tools.yourls;
  };
  rompr = pkgs.callPackage ./rompr.nix {
    inherit (pkgs.webapps) rompr;
    env = config.myEnv.tools.rompr;
  };
  shaarli = pkgs.callPackage ./shaarli.nix {
    env = config.myEnv.tools.shaarli;
  };
  dokuwiki = pkgs.callPackage ./dokuwiki.nix {
    inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
  };
  ldap = pkgs.callPackage ./ldap.nix {
    inherit (pkgs.webapps) phpldapadmin;
    env = config.myEnv.tools.phpldapadmin;
  };
  grocy = pkgs.callPackage ./grocy.nix {
    inherit (pkgs.webapps) grocy;
  };

  cfg = config.myServices.websites.tools.tools;
  pcfg = config.services.phpfpm.pools;
in {
  options.myServices.websites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    secrets.keys =
      kanboard.keys
      ++ ldap.keys
      ++ shaarli.keys
      ++ ttrss.keys
      ++ wallabag.keys
      ++ yourls.keys;

    services.duplyBackup.profiles = {
      dokuwiki = dokuwiki.backups;
      grocy = grocy.backups;
      kanboard = kanboard.backups;
      rompr = rompr.backups;
      shaarli = shaarli.backups;
      ttrss = ttrss.backups;
      wallabag = wallabag.backups;
    };

    services.websites.env.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    services.websites.env.integration.vhostConfs.devtools = {
      certName     = "integration";
      certMainHost = "devtools.immae.eu";
      addToCerts   = true;
      hosts        = [ "devtools.immae.eu" ];
      root         = "/var/lib/ftp/devtools.immae.eu";
      extraConfig  = [
        ''
          Timeout 600
          ProxyTimeout 600
          <Directory "/var/lib/ftp/devtools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
      ];
    };

    services.websites.env.tools.vhostConfs.tools = {
      certName    = "eldiron";
      addToCerts  = true;
      hosts       = ["tools.immae.eu" ];
      root        = "/var/lib/ftp/tools.immae.eu";
      extraConfig = [
        ''
          RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1
          RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1
          RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

          RewriteEngine On
          RewriteCond %{DOCUMENT_ROOT}/homer%{REQUEST_URI} -f
          RewriteRule ^(.*)$ /homer$1 [QSA,L]

          <Directory "/var/lib/ftp/tools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        (adminer.apache.vhostConf pcfg.adminer.socket)
        ympd.apache.vhostConf
        (ttrss.apache.vhostConf pcfg.ttrss.socket)
        (wallabag.apache.vhostConf pcfg.wallabag.socket)
        (yourls.apache.vhostConf pcfg.yourls.socket)
        (rompr.apache.vhostConf pcfg.rompr.socket)
        (shaarli.apache.vhostConf pcfg.shaarli.socket)
        (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
        (ldap.apache.vhostConf pcfg.ldap.socket)
        (kanboard.apache.vhostConf pcfg.kanboard.socket)
        (grocy.apache.vhostConf pcfg.grocy.socket)
        ''
          Alias /paste /var/lib/fiche
          <Directory "/var/lib/fiche">
            DirectoryIndex index.txt index.html
            AllowOverride None
            Require all granted
            Options -Indexes
          </Directory>
        ''
      ];
    };

    services.websites.env.tools.vhostConfs.outils = {
      certName   = "eldiron";
      addToCerts = true;
      hosts      = [ "outils.immae.eu" ];
      root       = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1

        RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

        RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    systemd.services = {
      phpfpm-dokuwiki = {
        after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
        wants = dokuwiki.phpFpm.serviceDeps;
      };
      phpfpm-kanboard = {
        after = lib.mkAfter kanboard.phpFpm.serviceDeps;
        wants = kanboard.phpFpm.serviceDeps;
      };
      phpfpm-ldap = {
        after = lib.mkAfter ldap.phpFpm.serviceDeps;
        wants = ldap.phpFpm.serviceDeps;
      };
      phpfpm-shaarli = {
        after = lib.mkAfter shaarli.phpFpm.serviceDeps;
        wants = shaarli.phpFpm.serviceDeps;
      };
      phpfpm-ttrss = {
        after = lib.mkAfter ttrss.phpFpm.serviceDeps;
        wants = ttrss.phpFpm.serviceDeps;
      };
      phpfpm-wallabag = {
        after = lib.mkAfter wallabag.phpFpm.serviceDeps;
        wants = wallabag.phpFpm.serviceDeps;
        preStart = lib.mkAfter wallabag.phpFpm.preStart;
      };
      phpfpm-yourls = {
        after = lib.mkAfter yourls.phpFpm.serviceDeps;
        wants = yourls.phpFpm.serviceDeps;
      };
      ympd = {
        description = "Standalone MPD Web GUI written in C";
        wantedBy = [ "multi-user.target" ];
        script = ''
          export MPD_PASSWORD=$(cat /var/secrets/mpd)
          ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
          '';
      };
      tt-rss = {
        description = "Tiny Tiny RSS feeds update daemon";
        serviceConfig = {
          User = "wwwrun";
          ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
          StandardOutput = "syslog";
          StandardError = "syslog";
          PermissionsStartOnly = true;
        };

        wantedBy = [ "multi-user.target" ];
        requires = ["postgresql.service"];
        after = ["network.target" "postgresql.service"];
      };
    };

    services.filesWatcher.ympd = {
      restart = true;
      paths = [ "/var/secrets/mpd" ];
    };

    services.phpfpm.pools = {
      tools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          # Needed to avoid clashes in browser cookies (same domain)
          "php_value[session.name]" = "ToolsPHPSESSID";
          "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp";
        };
      };
      devtools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
        };
        phpOptions = config.services.phpfpm.phpOptions + ''
          extension=${pkgs.php}/lib/php/extensions/mysqli.so
          extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
          extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
          zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
          '';
      };
      adminer = adminer.phpFpm;
      ttrss = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ttrss.phpFpm.pool;
      };
      wallabag = {
        user = "wwwrun";
        group = "wwwrun";
        settings = wallabag.phpFpm.pool;
      };
      yourls = {
        user = "wwwrun";
        group = "wwwrun";
        settings = yourls.phpFpm.pool;
      };
      rompr = {
        user = "wwwrun";
        group = "wwwrun";
        settings = rompr.phpFpm.pool;
      };
      shaarli = {
        user = "wwwrun";
        group = "wwwrun";
        settings = shaarli.phpFpm.pool;
      };
      dokuwiki = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dokuwiki.phpFpm.pool;
      };
      ldap = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ldap.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      kanboard = {
        user = "wwwrun";
        group = "wwwrun";
        settings = kanboard.phpFpm.pool;
      };
      grocy = {
        user = "wwwrun";
        group = "wwwrun";
        settings = grocy.phpFpm.pool;
      };
    };

    system.activationScripts = {
      adminer = adminer.activationScript;
      grocy = grocy.activationScript;
      ttrss = ttrss.activationScript;
      wallabag = wallabag.activationScript;
      yourls = yourls.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      kanboard = kanboard.activationScript;
      ldap = ldap.activationScript;
    };

    services.websites.webappDirs = {
      _adminer = adminer.webRoot;
      "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
      "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
      "${rompr.apache.webappName}" = rompr.webRoot;
      "${shaarli.apache.webappName}" = shaarli.webRoot;
      "${ttrss.apache.webappName}" = ttrss.webRoot;
      "${wallabag.apache.webappName}" = wallabag.webRoot;
      "${yourls.apache.webappName}" = yourls.webRoot;
      "${kanboard.apache.webappName}" = kanboard.webRoot;
      "${grocy.apache.webappName}" = grocy.webRoot;
    };

    services.websites.env.tools.watchPaths = [
      "/var/secrets/webapps/tools-shaarli"
    ];
    services.filesWatcher.phpfpm-wallabag = {
      restart = true;
      paths = [ "/var/secrets/webapps/tools-wallabag" ];
    };

    services.fiche = {
      enable = true;
      port = config.myEnv.ports.fiche;
      domain = "tools.immae.eu/paste";
      https = true;
    };
  };
}
Commit	Line	Data
ab8f306d	1	{ lib, pkgs, config, ... }:
10889174	2	let
4288c2f2 IB	3	adminer = pkgs.callPackage ./adminer.nix {
	4	inherit (pkgs.webapps) adminer;
	5	};
	6	ympd = pkgs.callPackage ./ympd.nix {
ab8f306d	7	env = config.myEnv.tools.ympd;
4288c2f2 IB	8	};
	9	ttrss = pkgs.callPackage ./ttrss.nix {
	10	inherit (pkgs.webapps) ttrss ttrss-plugins;
ab8f306d	11	env = config.myEnv.tools.ttrss;
4288c2f2	12	};
4288c2f2	13	kanboard = pkgs.callPackage ./kanboard.nix {
ab8f306d	14	env = config.myEnv.tools.kanboard;
4288c2f2 IB	15	};
	16	wallabag = pkgs.callPackage ./wallabag.nix {
	17	inherit (pkgs.webapps) wallabag;
ab8f306d	18	env = config.myEnv.tools.wallabag;
4288c2f2 IB	19	};
	20	yourls = pkgs.callPackage ./yourls.nix {
	21	inherit (pkgs.webapps) yourls yourls-plugins;
ab8f306d	22	env = config.myEnv.tools.yourls;
4288c2f2 IB	23	};
	24	rompr = pkgs.callPackage ./rompr.nix {
	25	inherit (pkgs.webapps) rompr;
ab8f306d	26	env = config.myEnv.tools.rompr;
4288c2f2 IB	27	};
4288c2f2 IB	28	shaarli = pkgs.callPackage ./shaarli.nix {
ab8f306d	29	env = config.myEnv.tools.shaarli;
4288c2f2 IB	30	};
	31	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
	32	inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
	33	};
	34	ldap = pkgs.callPackage ./ldap.nix {
	35	inherit (pkgs.webapps) phpldapadmin;
ab8f306d	36	env = config.myEnv.tools.phpldapadmin;
4288c2f2	37	};
c7627e14 IB	38	grocy = pkgs.callPackage ./grocy.nix {
	39	inherit (pkgs.webapps) grocy;
	40	};
10889174	41
4288c2f2	42	cfg = config.myServices.websites.tools.tools;
5400b9b6	43	pcfg = config.services.phpfpm.pools;
10889174	44	in {
4288c2f2	45	options.myServices.websites.tools.tools = {
10889174 IB	46	enable = lib.mkEnableOption "enable tools website";
	47	};
	48
	49	config = lib.mkIf cfg.enable {
1a718805	50	secrets.keys =
a840a21c	51	kanboard.keys
8db8e666	52	++ ldap.keys
8db8e666 IB	53	++ shaarli.keys
	54	++ ttrss.keys
	55	++ wallabag.keys
	56	++ yourls.keys;
98163486	57
d2e703c5	58	services.duplyBackup.profiles = {
6a8252b1	59	dokuwiki = dokuwiki.backups;
c7627e14	60	grocy = grocy.backups;
6a8252b1 IB	61	kanboard = kanboard.backups;
	62	rompr = rompr.backups;
	63	shaarli = shaarli.backups;
	64	ttrss = ttrss.backups;
	65	wallabag = wallabag.backups;
	66	};
	67
29f8cb85	68	services.websites.env.tools.modules =
1922655a IB	69	[ "proxy_fcgi" ]
1922655a IB	70	++ adminer.apache.modules
10889174 IB	71	++ ympd.apache.modules
10889174 IB	72	++ ttrss.apache.modules
133ebaee	73	++ wallabag.apache.modules
bfe3c9c9	74	++ yourls.apache.modules
95b20e17	75	++ rompr.apache.modules
b892dcbe	76	++ shaarli.apache.modules
f80772dc	77	++ dokuwiki.apache.modules
d4ed0eff IB	78	++ ldap.apache.modules
d4ed0eff IB	79	++ kanboard.apache.modules;
10889174	80
29f8cb85	81	services.websites.env.integration.vhostConfs.devtools = {
0f71cd76 IB	82	certName = "integration";
	83	certMainHost = "devtools.immae.eu";
	84	addToCerts = true;
	85	hosts = [ "devtools.immae.eu" ];
	86	root = "/var/lib/ftp/devtools.immae.eu";
	87	extraConfig = [
0aae0181	88	''
9338c832 IB	89	Timeout 600
9338c832 IB	90	ProxyTimeout 600
0aae0181 IB	91	<Directory "/var/lib/ftp/devtools.immae.eu">
	92	DirectoryIndex index.php index.htm index.html
	93	AllowOverride all
	94	Require all granted
	95	<FilesMatch "\.php$">
5400b9b6	96	SetHandler "proxy:unix:${pcfg.devtools.socket}\|fcgi://localhost"
0aae0181 IB	97	</FilesMatch>
	98	</Directory>
	99	''
46f30ecc IB	100	];
	101	};
	102
29f8cb85	103	services.websites.env.tools.vhostConfs.tools = {
10889174	104	certName = "eldiron";
7df420c2	105	addToCerts = true;
10889174	106	hosts = ["tools.immae.eu" ];
1922655a	107	root = "/var/lib/ftp/tools.immae.eu";
10889174	108	extraConfig = [
1922655a	109	''
ea9c6fe8	110	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
afcc5de0	111	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
3f453c7d	112	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
afcc5de0	113
d10ecf14 IB	114	RewriteEngine On
	115	RewriteCond %{DOCUMENT_ROOT}/homer%{REQUEST_URI} -f
	116	RewriteRule ^(.*)$ /homer$1 [QSA,L]
	117
1922655a	118	<Directory "/var/lib/ftp/tools.immae.eu">
0eaac6ba	119	DirectoryIndex index.php index.htm index.html
1922655a IB	120	AllowOverride all
	121	Require all granted
	122	<FilesMatch "\.php$">
5400b9b6	123	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
1922655a IB	124	</FilesMatch>
	125	</Directory>
	126	''
5400b9b6	127	(adminer.apache.vhostConf pcfg.adminer.socket)
10889174	128	ympd.apache.vhostConf
5400b9b6 IB	129	(ttrss.apache.vhostConf pcfg.ttrss.socket)
	130	(wallabag.apache.vhostConf pcfg.wallabag.socket)
	131	(yourls.apache.vhostConf pcfg.yourls.socket)
	132	(rompr.apache.vhostConf pcfg.rompr.socket)
	133	(shaarli.apache.vhostConf pcfg.shaarli.socket)
	134	(dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
	135	(ldap.apache.vhostConf pcfg.ldap.socket)
	136	(kanboard.apache.vhostConf pcfg.kanboard.socket)
	137	(grocy.apache.vhostConf pcfg.grocy.socket)
ea3b46ee IB	138	''
	139	Alias /paste /var/lib/fiche
	140	<Directory "/var/lib/fiche">
	141	DirectoryIndex index.txt index.html
	142	AllowOverride None
	143	Require all granted
	144	Options -Indexes
	145	</Directory>
	146	''
10889174 IB	147	];
	148	};
	149
29f8cb85	150	services.websites.env.tools.vhostConfs.outils = {
7df420c2 IB	151	certName = "eldiron";
7df420c2 IB	152	addToCerts = true;
0f71cd76	153	hosts = [ "outils.immae.eu" ];
7df420c2	154	root = null;
70606070 IB	155	extraConfig = [
	156	''
	157	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	158
	159	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	160
	161	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	162	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	163
	164	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	165	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	166	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	167	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	168
	169	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	170
afcc5de0 IB	171	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
afcc5de0 IB	172
3f453c7d IB	173	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
3f453c7d IB	174
ea9c6fe8 IB	175	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
ea9c6fe8 IB	176
70606070 IB	177	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	178	''
	179	];
	180	};
	181
f40f5b23 IB	182	systemd.services = {
	183	phpfpm-dokuwiki = {
	184	after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
	185	wants = dokuwiki.phpFpm.serviceDeps;
	186	};
	187	phpfpm-kanboard = {
	188	after = lib.mkAfter kanboard.phpFpm.serviceDeps;
	189	wants = kanboard.phpFpm.serviceDeps;
	190	};
	191	phpfpm-ldap = {
	192	after = lib.mkAfter ldap.phpFpm.serviceDeps;
	193	wants = ldap.phpFpm.serviceDeps;
	194	};
f40f5b23 IB	195	phpfpm-shaarli = {
	196	after = lib.mkAfter shaarli.phpFpm.serviceDeps;
	197	wants = shaarli.phpFpm.serviceDeps;
	198	};
	199	phpfpm-ttrss = {
	200	after = lib.mkAfter ttrss.phpFpm.serviceDeps;
	201	wants = ttrss.phpFpm.serviceDeps;
	202	};
	203	phpfpm-wallabag = {
	204	after = lib.mkAfter wallabag.phpFpm.serviceDeps;
	205	wants = wallabag.phpFpm.serviceDeps;
	206	preStart = lib.mkAfter wallabag.phpFpm.preStart;
	207	};
	208	phpfpm-yourls = {
	209	after = lib.mkAfter yourls.phpFpm.serviceDeps;
	210	wants = yourls.phpFpm.serviceDeps;
	211	};
	212	ympd = {
	213	description = "Standalone MPD Web GUI written in C";
	214	wantedBy = [ "multi-user.target" ];
	215	script = ''
	216	export MPD_PASSWORD=$(cat /var/secrets/mpd)
	217	${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
	218	'';
	219	};
	220	tt-rss = {
	221	description = "Tiny Tiny RSS feeds update daemon";
	222	serviceConfig = {
	223	User = "wwwrun";
	224	ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
	225	StandardOutput = "syslog";
	226	StandardError = "syslog";
	227	PermissionsStartOnly = true;
	228	};
	229
	230	wantedBy = [ "multi-user.target" ];
	231	requires = ["postgresql.service"];
	232	after = ["network.target" "postgresql.service"];
	233	};
	234	};
	235
17f6eae9 IB	236	services.filesWatcher.ympd = {
	237	restart = true;
	238	paths = [ "/var/secrets/mpd" ];
	239	};
	240
441da8aa IB	241	services.phpfpm.pools = {
441da8aa IB	242	tools = {
5400b9b6 IB	243	user = "wwwrun";
	244	group = "wwwrun";
	245	settings = {
	246	"listen.owner" = "wwwrun";
	247	"listen.group" = "wwwrun";
	248	"pm" = "dynamic";
	249	"pm.max_children" = "60";
	250	"pm.start_servers" = "2";
	251	"pm.min_spare_servers" = "1";
	252	"pm.max_spare_servers" = "10";
f40f5b23	253
5400b9b6 IB	254	# Needed to avoid clashes in browser cookies (same domain)
	255	"php_value[session.name]" = "ToolsPHPSESSID";
	256	"php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp";
	257	};
441da8aa IB	258	};
441da8aa IB	259	devtools = {
5400b9b6 IB	260	user = "wwwrun";
	261	group = "wwwrun";
	262	settings = {
	263	"listen.owner" = "wwwrun";
	264	"listen.group" = "wwwrun";
	265	"pm" = "dynamic";
	266	"pm.max_children" = "60";
	267	"pm.start_servers" = "2";
	268	"pm.min_spare_servers" = "1";
	269	"pm.max_spare_servers" = "10";
1922655a	270
5400b9b6 IB	271	"php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
5400b9b6 IB	272	};
441da8aa IB	273	phpOptions = config.services.phpfpm.phpOptions + ''
	274	extension=${pkgs.php}/lib/php/extensions/mysqli.so
	275	extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
	276	extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
	277	zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
	278	'';
	279	};
5400b9b6	280	adminer = adminer.phpFpm;
441da8aa	281	ttrss = {
5400b9b6 IB	282	user = "wwwrun";
	283	group = "wwwrun";
	284	settings = ttrss.phpFpm.pool;
441da8aa IB	285	};
441da8aa IB	286	wallabag = {
5400b9b6 IB	287	user = "wwwrun";
	288	group = "wwwrun";
	289	settings = wallabag.phpFpm.pool;
441da8aa IB	290	};
441da8aa IB	291	yourls = {
5400b9b6 IB	292	user = "wwwrun";
	293	group = "wwwrun";
	294	settings = yourls.phpFpm.pool;
441da8aa IB	295	};
441da8aa IB	296	rompr = {
5400b9b6 IB	297	user = "wwwrun";
	298	group = "wwwrun";
	299	settings = rompr.phpFpm.pool;
441da8aa IB	300	};
441da8aa IB	301	shaarli = {
5400b9b6 IB	302	user = "wwwrun";
	303	group = "wwwrun";
	304	settings = shaarli.phpFpm.pool;
441da8aa IB	305	};
441da8aa IB	306	dokuwiki = {
5400b9b6 IB	307	user = "wwwrun";
	308	group = "wwwrun";
	309	settings = dokuwiki.phpFpm.pool;
441da8aa IB	310	};
441da8aa IB	311	ldap = {
5400b9b6 IB	312	user = "wwwrun";
	313	group = "wwwrun";
	314	settings = ldap.phpFpm.pool;
64608496	315	phpPackage = pkgs.php72;
441da8aa IB	316	};
441da8aa IB	317	kanboard = {
5400b9b6 IB	318	user = "wwwrun";
	319	group = "wwwrun";
	320	settings = kanboard.phpFpm.pool;
441da8aa IB	321	};
441da8aa IB	322	grocy = {
5400b9b6 IB	323	user = "wwwrun";
	324	group = "wwwrun";
	325	settings = grocy.phpFpm.pool;
441da8aa	326	};
10889174 IB	327	};
	328
	329	system.activationScripts = {
4288c2f2	330	adminer = adminer.activationScript;
c7627e14	331	grocy = grocy.activationScript;
10889174	332	ttrss = ttrss.activationScript;
aebd817b	333	wallabag = wallabag.activationScript;
133ebaee	334	yourls = yourls.activationScript;
bfe3c9c9	335	rompr = rompr.activationScript;
95b20e17	336	shaarli = shaarli.activationScript;
b892dcbe	337	dokuwiki = dokuwiki.activationScript;
d4ed0eff	338	kanboard = kanboard.activationScript;
4288c2f2	339	ldap = ldap.activationScript;
10889174 IB	340	};
10889174 IB	341
d3452fc5	342	services.websites.webappDirs = {
4288c2f2 IB	343	_adminer = adminer.webRoot;
	344	"${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
	345	"${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
	346	"${rompr.apache.webappName}" = rompr.webRoot;
4288c2f2 IB	347	"${shaarli.apache.webappName}" = shaarli.webRoot;
	348	"${ttrss.apache.webappName}" = ttrss.webRoot;
	349	"${wallabag.apache.webappName}" = wallabag.webRoot;
	350	"${yourls.apache.webappName}" = yourls.webRoot;
4288c2f2	351	"${kanboard.apache.webappName}" = kanboard.webRoot;
c7627e14	352	"${grocy.apache.webappName}" = grocy.webRoot;
4288c2f2	353	};
a95ab089	354
29f8cb85	355	services.websites.env.tools.watchPaths = [
9247b444	356	"/var/secrets/webapps/tools-shaarli"
17f6eae9 IB	357	];
	358	services.filesWatcher.phpfpm-wallabag = {
	359	restart = true;
	360	paths = [ "/var/secrets/webapps/tools-wallabag" ];
	361	};
ea3b46ee IB	362
	363	services.fiche = {
	364	enable = true;
	365	port = config.myEnv.ports.fiche;
	366	domain = "tools.immae.eu/paste";
	367	https = true;
	368	};
10889174 IB	369	};
	370	}
	371