[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix

{ lib, pkgs, config, ... }:
let
  adminer = pkgs.callPackage ./adminer.nix {
    inherit (pkgs.webapps) adminer;
  };
  ympd = pkgs.callPackage ./ympd.nix {
    env = config.myEnv.tools.ympd;
  };
  ttrss = pkgs.callPackage ./ttrss.nix {
    inherit (pkgs.webapps) ttrss ttrss-plugins;
    env = config.myEnv.tools.ttrss;
    php = pkgs.php72;
  };
  kanboard = pkgs.callPackage ./kanboard.nix  {
    env = config.myEnv.tools.kanboard;
  };
  wallabag = pkgs.callPackage ./wallabag.nix {
    wallabag = pkgs.webapps.wallabag.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
    env = config.myEnv.tools.wallabag;
  };
  yourls = pkgs.callPackage ./yourls.nix {
    inherit (pkgs.webapps) yourls yourls-plugins;
    env = config.myEnv.tools.yourls;
  };
  rompr = pkgs.callPackage ./rompr.nix {
    inherit (pkgs.webapps) rompr;
    env = config.myEnv.tools.rompr;
  };
  shaarli = pkgs.callPackage ./shaarli.nix {
    env = config.myEnv.tools.shaarli;
  };
  dokuwiki = pkgs.callPackage ./dokuwiki.nix {
    inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
  };
  ldap = pkgs.callPackage ./ldap.nix {
    inherit (pkgs.webapps) phpldapadmin;
    env = config.myEnv.tools.phpldapadmin;
  };
  grocy = pkgs.callPackage ./grocy.nix {
    grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
  };
  phpbb = pkgs.callPackage ./phpbb.nix {
    phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
      e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
      e.empteintesduweb.monitoranswers e.lr94.autosubscribe
      e.phpbbmodders.adduser ]);
  };
  webhooks = pkgs.callPackage ./webhooks.nix {
    env = config.myEnv.tools.webhooks;
  };
  dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
    env = config.myEnv.tools.dmarc_reports;
  };

  landing = pkgs.callPackage ./landing.nix {};

  cfg = config.myServices.websites.tools.tools;
  pcfg = config.services.phpfpm.pools;
in {
  options.myServices.websites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    secrets.keys =
      kanboard.keys
      ++ ldap.keys
      ++ shaarli.keys
      ++ ttrss.keys
      ++ wallabag.keys
      ++ yourls.keys
      ++ dmarc-reports.keys
      ++ webhooks.keys;

    services.duplyBackup.profiles = {
      dokuwiki = dokuwiki.backups;
      grocy = grocy.backups;
      kanboard = kanboard.backups;
      rompr = rompr.backups;
      shaarli = shaarli.backups;
      ttrss = ttrss.backups;
      wallabag = wallabag.backups;
      phpbb = phpbb.backups;
    };

    services.websites.env.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ dmarc-reports.apache.modules
      ++ phpbb.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    services.websites.env.integration.vhostConfs.devtools = {
      certName     = "integration";
      certMainHost = "devtools.immae.eu";
      addToCerts   = true;
      hosts        = [ "devtools.immae.eu" ];
      root         = "/var/lib/ftp/devtools.immae.eu";
      extraConfig  = [
        ''
          Timeout 600
          ProxyTimeout 600
          <Directory "/var/lib/ftp/devtools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
      ];
    };

    services.websites.env.tools.vhostConfs.tools = {
      certName    = "eldiron";
      addToCerts  = true;
      hosts       = ["tools.immae.eu" ];
      root        = landing;
      extraConfig = [
        ''
          RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1
          RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1
          RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

          <Directory "${landing}">
            DirectoryIndex index.html
            AllowOverride None
            Require all granted

            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        (adminer.apache.vhostConf pcfg.adminer.socket)
        ympd.apache.vhostConf
        (ttrss.apache.vhostConf pcfg.ttrss.socket)
        (wallabag.apache.vhostConf pcfg.wallabag.socket)
        (yourls.apache.vhostConf pcfg.yourls.socket)
        (rompr.apache.vhostConf pcfg.rompr.socket)
        (shaarli.apache.vhostConf pcfg.shaarli.socket)
        (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
        (ldap.apache.vhostConf pcfg.ldap.socket)
        (kanboard.apache.vhostConf pcfg.kanboard.socket)
        (grocy.apache.vhostConf pcfg.grocy.socket)
        (phpbb.apache.vhostConf pcfg.phpbb.socket)
        (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
        ''
          Alias /paste /var/lib/fiche
          <Directory "/var/lib/fiche">
            DirectoryIndex index.txt index.html
            AllowOverride None
            Require all granted
            Options -Indexes
          </Directory>

          Alias /BIP39 /var/lib/buildbot/outputs/bip39
          <Directory "/var/lib/buildbot/outputs/bip39">
            DirectoryIndex index.html
            AllowOverride None
            Require all granted
          </Directory>

          Alias /webhooks ${config.secrets.location}/webapps/webhooks
          <Directory "${config.secrets.location}/webapps/webhooks">
            Options -Indexes
            Require all granted
            AllowOverride None
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
        ''
      ];
    };

    services.websites.env.tools.vhostConfs.outils = {
      certName   = "eldiron";
      addToCerts = true;
      hosts      = [ "outils.immae.eu" ];
      root       = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1

        RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

        RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    systemd.services = {
      phpfpm-dokuwiki = {
        after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
        wants = dokuwiki.phpFpm.serviceDeps;
      };
      phpfpm-phpbb = {
        after = lib.mkAfter phpbb.phpFpm.serviceDeps;
        wants = phpbb.phpFpm.serviceDeps;
      };
      phpfpm-kanboard = {
        after = lib.mkAfter kanboard.phpFpm.serviceDeps;
        wants = kanboard.phpFpm.serviceDeps;
      };
      phpfpm-ldap = {
        after = lib.mkAfter ldap.phpFpm.serviceDeps;
        wants = ldap.phpFpm.serviceDeps;
      };
      phpfpm-shaarli = {
        after = lib.mkAfter shaarli.phpFpm.serviceDeps;
        wants = shaarli.phpFpm.serviceDeps;
      };
      phpfpm-ttrss = {
        after = lib.mkAfter ttrss.phpFpm.serviceDeps;
        wants = ttrss.phpFpm.serviceDeps;
      };
      phpfpm-wallabag = {
        after = lib.mkAfter wallabag.phpFpm.serviceDeps;
        wants = wallabag.phpFpm.serviceDeps;
        preStart = lib.mkAfter wallabag.phpFpm.preStart;
      };
      phpfpm-yourls = {
        after = lib.mkAfter yourls.phpFpm.serviceDeps;
        wants = yourls.phpFpm.serviceDeps;
      };
      ympd = {
        description = "Standalone MPD Web GUI written in C";
        wantedBy = [ "multi-user.target" ];
        script = ''
          export MPD_PASSWORD=$(cat /var/secrets/mpd)
          ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
          '';
      };
      tt-rss = {
        description = "Tiny Tiny RSS feeds update daemon";
        serviceConfig = {
          User = "wwwrun";
          ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
          StandardOutput = "syslog";
          StandardError = "syslog";
          PermissionsStartOnly = true;
        };

        wantedBy = [ "multi-user.target" ];
        requires = ["postgresql.service"];
        after = ["network.target" "postgresql.service"];
      };
    };

    services.filesWatcher.ympd = {
      restart = true;
      paths = [ "/var/secrets/mpd" ];
    };

    services.phpfpm.pools = {
      tools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          # Needed to avoid clashes in browser cookies (same domain)
          "php_value[session.name]" = "ToolsPHPSESSID";
          "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
            "/run/wrappers/bin/sendmail" landing "/tmp"
            "${config.secrets.location}/webapps/webhooks"
          ];
        };
        phpEnv = {
          CONTACT_EMAIL = config.myEnv.tools.contact;
        };
        phpPackage = pkgs.php72;
      };
      devtools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
        };
        phpOptions = config.services.phpfpm.phpOptions + ''
          extension=${pkgs.php72}/lib/php/extensions/mysqli.so
          extension=${pkgs.php72Packages.redis}/lib/php/extensions/redis.so
          extension=${pkgs.php72Packages.apcu}/lib/php/extensions/apcu.so
          zend_extension=${pkgs.php72}/lib/php/extensions/opcache.so
          '';
        phpPackage = pkgs.php72;
      };
      adminer = adminer.phpFpm;
      ttrss = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ttrss.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      wallabag = {
        user = "wwwrun";
        group = "wwwrun";
        settings = wallabag.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      yourls = {
        user = "wwwrun";
        group = "wwwrun";
        settings = yourls.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      rompr = {
        user = "wwwrun";
        group = "wwwrun";
        settings = rompr.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      shaarli = {
        user = "wwwrun";
        group = "wwwrun";
        settings = shaarli.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      dmarc-reports = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dmarc-reports.phpFpm.pool;
        phpEnv = dmarc-reports.phpFpm.phpEnv;
        phpOptions = config.services.phpfpm.phpOptions + ''
          extension=${pkgs.php72}/lib/php/extensions/mysqli.so
        '';
        phpPackage = pkgs.php72;
      };
      dokuwiki = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dokuwiki.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      phpbb = {
        user = "wwwrun";
        group = "wwwrun";
        settings = phpbb.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      ldap = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ldap.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      kanboard = {
        user = "wwwrun";
        group = "wwwrun";
        settings = kanboard.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      grocy = {
        user = "wwwrun";
        group = "wwwrun";
        settings = grocy.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
    };

    system.activationScripts = {
      adminer = adminer.activationScript;
      grocy = grocy.activationScript;
      ttrss = ttrss.activationScript;
      wallabag = wallabag.activationScript;
      yourls = yourls.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      phpbb = phpbb.activationScript;
      kanboard = kanboard.activationScript;
      ldap = ldap.activationScript;
    };

    services.websites.webappDirs = {
      _adminer = adminer.webRoot;
      "${dmarc-reports.apache.webappName}" = dmarc-reports.webRoot;
      "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
      "${phpbb.apache.webappName}" = phpbb.webRoot;
      "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
      "${rompr.apache.webappName}" = rompr.webRoot;
      "${shaarli.apache.webappName}" = shaarli.webRoot;
      "${ttrss.apache.webappName}" = ttrss.webRoot;
      "${wallabag.apache.webappName}" = wallabag.webRoot;
      "${yourls.apache.webappName}" = yourls.webRoot;
      "${kanboard.apache.webappName}" = kanboard.webRoot;
      "${grocy.apache.webappName}" = grocy.webRoot;
    };

    services.websites.env.tools.watchPaths = [
      "/var/secrets/webapps/tools-shaarli"
    ];
    services.filesWatcher.phpfpm-wallabag = {
      restart = true;
      paths = [ "/var/secrets/webapps/tools-wallabag" ];
    };

    services.fiche = {
      enable = true;
      port = config.myEnv.ports.fiche;
      domain = "tools.immae.eu/paste";
      https = true;
    };
  };
}
Commit	Line	Data
ab8f306d	1	{ lib, pkgs, config, ... }:
10889174	2	let
4288c2f2 IB	3	adminer = pkgs.callPackage ./adminer.nix {
	4	inherit (pkgs.webapps) adminer;
	5	};
	6	ympd = pkgs.callPackage ./ympd.nix {
ab8f306d	7	env = config.myEnv.tools.ympd;
4288c2f2 IB	8	};
	9	ttrss = pkgs.callPackage ./ttrss.nix {
	10	inherit (pkgs.webapps) ttrss ttrss-plugins;
ab8f306d	11	env = config.myEnv.tools.ttrss;
dcac3ec7	12	php = pkgs.php72;
4288c2f2	13	};
4288c2f2	14	kanboard = pkgs.callPackage ./kanboard.nix {
ab8f306d	15	env = config.myEnv.tools.kanboard;
4288c2f2 IB	16	};
4288c2f2 IB	17	wallabag = pkgs.callPackage ./wallabag.nix {
dcac3ec7	18	wallabag = pkgs.webapps.wallabag.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
ab8f306d	19	env = config.myEnv.tools.wallabag;
4288c2f2 IB	20	};
	21	yourls = pkgs.callPackage ./yourls.nix {
	22	inherit (pkgs.webapps) yourls yourls-plugins;
ab8f306d	23	env = config.myEnv.tools.yourls;
4288c2f2 IB	24	};
	25	rompr = pkgs.callPackage ./rompr.nix {
	26	inherit (pkgs.webapps) rompr;
ab8f306d	27	env = config.myEnv.tools.rompr;
4288c2f2 IB	28	};
4288c2f2 IB	29	shaarli = pkgs.callPackage ./shaarli.nix {
ab8f306d	30	env = config.myEnv.tools.shaarli;
4288c2f2 IB	31	};
	32	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
	33	inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
	34	};
	35	ldap = pkgs.callPackage ./ldap.nix {
	36	inherit (pkgs.webapps) phpldapadmin;
ab8f306d	37	env = config.myEnv.tools.phpldapadmin;
4288c2f2	38	};
c7627e14	39	grocy = pkgs.callPackage ./grocy.nix {
dcac3ec7	40	grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
c7627e14	41	};
a8ef1adb IB	42	phpbb = pkgs.callPackage ./phpbb.nix {
	43	phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
	44	e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
	45	e.empteintesduweb.monitoranswers e.lr94.autosubscribe
	46	e.phpbbmodders.adduser ]);
	47	};
251c0a13 IB	48	webhooks = pkgs.callPackage ./webhooks.nix {
	49	env = config.myEnv.tools.webhooks;
	50	};
7df5e532 IB	51	dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
	52	env = config.myEnv.tools.dmarc_reports;
	53	};
251c0a13 IB	54
251c0a13 IB	55	landing = pkgs.callPackage ./landing.nix {};
10889174	56
4288c2f2	57	cfg = config.myServices.websites.tools.tools;
5400b9b6	58	pcfg = config.services.phpfpm.pools;
10889174	59	in {
4288c2f2	60	options.myServices.websites.tools.tools = {
10889174 IB	61	enable = lib.mkEnableOption "enable tools website";
	62	};
	63
	64	config = lib.mkIf cfg.enable {
1a718805	65	secrets.keys =
a840a21c	66	kanboard.keys
8db8e666	67	++ ldap.keys
8db8e666 IB	68	++ shaarli.keys
	69	++ ttrss.keys
	70	++ wallabag.keys
251c0a13	71	++ yourls.keys
7df5e532	72	++ dmarc-reports.keys
251c0a13	73	++ webhooks.keys;
98163486	74
d2e703c5	75	services.duplyBackup.profiles = {
6a8252b1	76	dokuwiki = dokuwiki.backups;
c7627e14	77	grocy = grocy.backups;
6a8252b1 IB	78	kanboard = kanboard.backups;
	79	rompr = rompr.backups;
	80	shaarli = shaarli.backups;
	81	ttrss = ttrss.backups;
	82	wallabag = wallabag.backups;
a8ef1adb	83	phpbb = phpbb.backups;
6a8252b1 IB	84	};
6a8252b1 IB	85
29f8cb85	86	services.websites.env.tools.modules =
1922655a IB	87	[ "proxy_fcgi" ]
1922655a IB	88	++ adminer.apache.modules
10889174 IB	89	++ ympd.apache.modules
10889174 IB	90	++ ttrss.apache.modules
133ebaee	91	++ wallabag.apache.modules
bfe3c9c9	92	++ yourls.apache.modules
95b20e17	93	++ rompr.apache.modules
b892dcbe	94	++ shaarli.apache.modules
f80772dc	95	++ dokuwiki.apache.modules
7df5e532	96	++ dmarc-reports.apache.modules
a8ef1adb	97	++ phpbb.apache.modules
d4ed0eff IB	98	++ ldap.apache.modules
d4ed0eff IB	99	++ kanboard.apache.modules;
10889174	100
29f8cb85	101	services.websites.env.integration.vhostConfs.devtools = {
0f71cd76 IB	102	certName = "integration";
	103	certMainHost = "devtools.immae.eu";
	104	addToCerts = true;
	105	hosts = [ "devtools.immae.eu" ];
	106	root = "/var/lib/ftp/devtools.immae.eu";
	107	extraConfig = [
0aae0181	108	''
9338c832 IB	109	Timeout 600
9338c832 IB	110	ProxyTimeout 600
0aae0181 IB	111	<Directory "/var/lib/ftp/devtools.immae.eu">
	112	DirectoryIndex index.php index.htm index.html
	113	AllowOverride all
	114	Require all granted
	115	<FilesMatch "\.php$">
5400b9b6	116	SetHandler "proxy:unix:${pcfg.devtools.socket}\|fcgi://localhost"
0aae0181 IB	117	</FilesMatch>
	118	</Directory>
	119	''
46f30ecc IB	120	];
	121	};
	122
29f8cb85	123	services.websites.env.tools.vhostConfs.tools = {
10889174	124	certName = "eldiron";
7df420c2	125	addToCerts = true;
10889174	126	hosts = ["tools.immae.eu" ];
a8ef1adb	127	root = landing;
10889174	128	extraConfig = [
1922655a	129	''
ea9c6fe8	130	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
afcc5de0	131	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
3f453c7d	132	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
afcc5de0	133
251c0a13 IB	134	<Directory "${landing}">
	135	DirectoryIndex index.html
	136	AllowOverride None
	137	Require all granted
	138
	139	<FilesMatch "\.php$">
	140	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	141	</FilesMatch>
	142	</Directory>
1922655a	143	''
5400b9b6	144	(adminer.apache.vhostConf pcfg.adminer.socket)
10889174	145	ympd.apache.vhostConf
5400b9b6 IB	146	(ttrss.apache.vhostConf pcfg.ttrss.socket)
	147	(wallabag.apache.vhostConf pcfg.wallabag.socket)
	148	(yourls.apache.vhostConf pcfg.yourls.socket)
	149	(rompr.apache.vhostConf pcfg.rompr.socket)
	150	(shaarli.apache.vhostConf pcfg.shaarli.socket)
	151	(dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
	152	(ldap.apache.vhostConf pcfg.ldap.socket)
	153	(kanboard.apache.vhostConf pcfg.kanboard.socket)
	154	(grocy.apache.vhostConf pcfg.grocy.socket)
a8ef1adb	155	(phpbb.apache.vhostConf pcfg.phpbb.socket)
7df5e532	156	(dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
ea3b46ee IB	157	''
	158	Alias /paste /var/lib/fiche
	159	<Directory "/var/lib/fiche">
	160	DirectoryIndex index.txt index.html
	161	AllowOverride None
	162	Require all granted
	163	Options -Indexes
	164	</Directory>
251c0a13 IB	165
	166	Alias /BIP39 /var/lib/buildbot/outputs/bip39
	167	<Directory "/var/lib/buildbot/outputs/bip39">
	168	DirectoryIndex index.html
	169	AllowOverride None
	170	Require all granted
	171	</Directory>
	172
	173	Alias /webhooks ${config.secrets.location}/webapps/webhooks
	174	<Directory "${config.secrets.location}/webapps/webhooks">
	175	Options -Indexes
	176	Require all granted
	177	AllowOverride None
	178	<FilesMatch "\.php$">
	179	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	180	</FilesMatch>
	181	</Directory>
ea3b46ee	182	''
10889174 IB	183	];
	184	};
	185
29f8cb85	186	services.websites.env.tools.vhostConfs.outils = {
7df420c2 IB	187	certName = "eldiron";
7df420c2 IB	188	addToCerts = true;
0f71cd76	189	hosts = [ "outils.immae.eu" ];
7df420c2	190	root = null;
70606070 IB	191	extraConfig = [
	192	''
	193	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	194
	195	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	196
	197	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	198	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	199
	200	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	201	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	202	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	203	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	204
	205	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	206
afcc5de0 IB	207	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
afcc5de0 IB	208
3f453c7d IB	209	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
3f453c7d IB	210
ea9c6fe8 IB	211	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
ea9c6fe8 IB	212
70606070 IB	213	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	214	''
	215	];
	216	};
	217
f40f5b23 IB	218	systemd.services = {
	219	phpfpm-dokuwiki = {
	220	after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
	221	wants = dokuwiki.phpFpm.serviceDeps;
	222	};
a8ef1adb IB	223	phpfpm-phpbb = {
	224	after = lib.mkAfter phpbb.phpFpm.serviceDeps;
	225	wants = phpbb.phpFpm.serviceDeps;
	226	};
f40f5b23 IB	227	phpfpm-kanboard = {
	228	after = lib.mkAfter kanboard.phpFpm.serviceDeps;
	229	wants = kanboard.phpFpm.serviceDeps;
	230	};
	231	phpfpm-ldap = {
	232	after = lib.mkAfter ldap.phpFpm.serviceDeps;
	233	wants = ldap.phpFpm.serviceDeps;
	234	};
f40f5b23 IB	235	phpfpm-shaarli = {
	236	after = lib.mkAfter shaarli.phpFpm.serviceDeps;
	237	wants = shaarli.phpFpm.serviceDeps;
	238	};
	239	phpfpm-ttrss = {
	240	after = lib.mkAfter ttrss.phpFpm.serviceDeps;
	241	wants = ttrss.phpFpm.serviceDeps;
	242	};
	243	phpfpm-wallabag = {
	244	after = lib.mkAfter wallabag.phpFpm.serviceDeps;
	245	wants = wallabag.phpFpm.serviceDeps;
	246	preStart = lib.mkAfter wallabag.phpFpm.preStart;
	247	};
	248	phpfpm-yourls = {
	249	after = lib.mkAfter yourls.phpFpm.serviceDeps;
	250	wants = yourls.phpFpm.serviceDeps;
	251	};
	252	ympd = {
	253	description = "Standalone MPD Web GUI written in C";
	254	wantedBy = [ "multi-user.target" ];
	255	script = ''
	256	export MPD_PASSWORD=$(cat /var/secrets/mpd)
	257	${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
	258	'';
	259	};
	260	tt-rss = {
	261	description = "Tiny Tiny RSS feeds update daemon";
	262	serviceConfig = {
	263	User = "wwwrun";
dcac3ec7	264	ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
f40f5b23 IB	265	StandardOutput = "syslog";
	266	StandardError = "syslog";
	267	PermissionsStartOnly = true;
	268	};
	269
	270	wantedBy = [ "multi-user.target" ];
	271	requires = ["postgresql.service"];
	272	after = ["network.target" "postgresql.service"];
	273	};
	274	};
	275
17f6eae9 IB	276	services.filesWatcher.ympd = {
	277	restart = true;
	278	paths = [ "/var/secrets/mpd" ];
	279	};
	280
441da8aa IB	281	services.phpfpm.pools = {
441da8aa IB	282	tools = {
5400b9b6 IB	283	user = "wwwrun";
	284	group = "wwwrun";
	285	settings = {
	286	"listen.owner" = "wwwrun";
	287	"listen.group" = "wwwrun";
	288	"pm" = "dynamic";
	289	"pm.max_children" = "60";
	290	"pm.start_servers" = "2";
	291	"pm.min_spare_servers" = "1";
	292	"pm.max_spare_servers" = "10";
f40f5b23	293
5400b9b6 IB	294	# Needed to avoid clashes in browser cookies (same domain)
5400b9b6 IB	295	"php_value[session.name]" = "ToolsPHPSESSID";
251c0a13	296	"php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
a8ef1adb IB	297	"/run/wrappers/bin/sendmail" landing "/tmp"
a8ef1adb IB	298	"${config.secrets.location}/webapps/webhooks"
251c0a13 IB	299	];
	300	};
	301	phpEnv = {
	302	CONTACT_EMAIL = config.myEnv.tools.contact;
5400b9b6	303	};
dcac3ec7	304	phpPackage = pkgs.php72;
441da8aa IB	305	};
441da8aa IB	306	devtools = {
5400b9b6 IB	307	user = "wwwrun";
	308	group = "wwwrun";
	309	settings = {
	310	"listen.owner" = "wwwrun";
	311	"listen.group" = "wwwrun";
	312	"pm" = "dynamic";
	313	"pm.max_children" = "60";
	314	"pm.start_servers" = "2";
	315	"pm.min_spare_servers" = "1";
	316	"pm.max_spare_servers" = "10";
1922655a	317
5400b9b6 IB	318	"php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
5400b9b6 IB	319	};
441da8aa	320	phpOptions = config.services.phpfpm.phpOptions + ''
dcac3ec7 IB	321	extension=${pkgs.php72}/lib/php/extensions/mysqli.so
	322	extension=${pkgs.php72Packages.redis}/lib/php/extensions/redis.so
	323	extension=${pkgs.php72Packages.apcu}/lib/php/extensions/apcu.so
	324	zend_extension=${pkgs.php72}/lib/php/extensions/opcache.so
441da8aa	325	'';
dcac3ec7	326	phpPackage = pkgs.php72;
441da8aa	327	};
5400b9b6	328	adminer = adminer.phpFpm;
441da8aa	329	ttrss = {
5400b9b6 IB	330	user = "wwwrun";
	331	group = "wwwrun";
	332	settings = ttrss.phpFpm.pool;
dcac3ec7	333	phpPackage = pkgs.php72;
441da8aa IB	334	};
441da8aa IB	335	wallabag = {
5400b9b6 IB	336	user = "wwwrun";
	337	group = "wwwrun";
	338	settings = wallabag.phpFpm.pool;
dcac3ec7	339	phpPackage = pkgs.php72;
441da8aa IB	340	};
441da8aa IB	341	yourls = {
5400b9b6 IB	342	user = "wwwrun";
	343	group = "wwwrun";
	344	settings = yourls.phpFpm.pool;
dcac3ec7	345	phpPackage = pkgs.php72;
441da8aa IB	346	};
441da8aa IB	347	rompr = {
5400b9b6 IB	348	user = "wwwrun";
	349	group = "wwwrun";
	350	settings = rompr.phpFpm.pool;
dcac3ec7	351	phpPackage = pkgs.php72;
441da8aa IB	352	};
441da8aa IB	353	shaarli = {
5400b9b6 IB	354	user = "wwwrun";
	355	group = "wwwrun";
	356	settings = shaarli.phpFpm.pool;
dcac3ec7	357	phpPackage = pkgs.php72;
441da8aa	358	};
7df5e532 IB	359	dmarc-reports = {
	360	user = "wwwrun";
	361	group = "wwwrun";
	362	settings = dmarc-reports.phpFpm.pool;
	363	phpEnv = dmarc-reports.phpFpm.phpEnv;
	364	phpOptions = config.services.phpfpm.phpOptions + ''
dcac3ec7	365	extension=${pkgs.php72}/lib/php/extensions/mysqli.so
7df5e532	366	'';
dcac3ec7	367	phpPackage = pkgs.php72;
7df5e532	368	};
441da8aa	369	dokuwiki = {
5400b9b6 IB	370	user = "wwwrun";
	371	group = "wwwrun";
	372	settings = dokuwiki.phpFpm.pool;
dcac3ec7	373	phpPackage = pkgs.php72;
441da8aa	374	};
a8ef1adb IB	375	phpbb = {
	376	user = "wwwrun";
	377	group = "wwwrun";
	378	settings = phpbb.phpFpm.pool;
dcac3ec7	379	phpPackage = pkgs.php72;
a8ef1adb	380	};
441da8aa	381	ldap = {
5400b9b6 IB	382	user = "wwwrun";
	383	group = "wwwrun";
	384	settings = ldap.phpFpm.pool;
64608496	385	phpPackage = pkgs.php72;
441da8aa IB	386	};
441da8aa IB	387	kanboard = {
5400b9b6 IB	388	user = "wwwrun";
	389	group = "wwwrun";
	390	settings = kanboard.phpFpm.pool;
dcac3ec7	391	phpPackage = pkgs.php72;
441da8aa IB	392	};
441da8aa IB	393	grocy = {
5400b9b6 IB	394	user = "wwwrun";
	395	group = "wwwrun";
	396	settings = grocy.phpFpm.pool;
dcac3ec7	397	phpPackage = pkgs.php72;
441da8aa	398	};
10889174 IB	399	};
	400
	401	system.activationScripts = {
4288c2f2	402	adminer = adminer.activationScript;
c7627e14	403	grocy = grocy.activationScript;
10889174	404	ttrss = ttrss.activationScript;
aebd817b	405	wallabag = wallabag.activationScript;
133ebaee	406	yourls = yourls.activationScript;
bfe3c9c9	407	rompr = rompr.activationScript;
95b20e17	408	shaarli = shaarli.activationScript;
b892dcbe	409	dokuwiki = dokuwiki.activationScript;
a8ef1adb	410	phpbb = phpbb.activationScript;
d4ed0eff	411	kanboard = kanboard.activationScript;
4288c2f2	412	ldap = ldap.activationScript;
10889174 IB	413	};
10889174 IB	414
d3452fc5	415	services.websites.webappDirs = {
4288c2f2	416	_adminer = adminer.webRoot;
7df5e532	417	"${dmarc-reports.apache.webappName}" = dmarc-reports.webRoot;
4288c2f2	418	"${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
a8ef1adb	419	"${phpbb.apache.webappName}" = phpbb.webRoot;
4288c2f2 IB	420	"${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
4288c2f2 IB	421	"${rompr.apache.webappName}" = rompr.webRoot;
4288c2f2 IB	422	"${shaarli.apache.webappName}" = shaarli.webRoot;
	423	"${ttrss.apache.webappName}" = ttrss.webRoot;
	424	"${wallabag.apache.webappName}" = wallabag.webRoot;
	425	"${yourls.apache.webappName}" = yourls.webRoot;
4288c2f2	426	"${kanboard.apache.webappName}" = kanboard.webRoot;
c7627e14	427	"${grocy.apache.webappName}" = grocy.webRoot;
4288c2f2	428	};
a95ab089	429
29f8cb85	430	services.websites.env.tools.watchPaths = [
9247b444	431	"/var/secrets/webapps/tools-shaarli"
17f6eae9 IB	432	];
	433	services.filesWatcher.phpfpm-wallabag = {
	434	restart = true;
	435	paths = [ "/var/secrets/webapps/tools-wallabag" ];
	436	};
ea3b46ee IB	437
	438	services.fiche = {
	439	enable = true;
	440	port = config.myEnv.ports.fiche;
	441	domain = "tools.immae.eu/paste";
	442	https = true;
	443	};
10889174 IB	444	};
	445	}
	446