[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix

{ lib, pkgs, config, ... }:
let
  adminer = pkgs.callPackage ./adminer.nix {
    inherit (pkgs.webapps) adminer;
  };
  ympd = pkgs.callPackage ./ympd.nix {
    env = config.myEnv.tools.ympd;
  };
  ttrss = pkgs.callPackage ./ttrss.nix {
    inherit (pkgs.webapps) ttrss ttrss-plugins;
    env = config.myEnv.tools.ttrss;
  };
  kanboard = pkgs.callPackage ./kanboard.nix  {
    env = config.myEnv.tools.kanboard;
  };
  wallabag = pkgs.callPackage ./wallabag.nix {
    inherit (pkgs.webapps) wallabag;
    env = config.myEnv.tools.wallabag;
  };
  yourls = pkgs.callPackage ./yourls.nix {
    inherit (pkgs.webapps) yourls yourls-plugins;
    env = config.myEnv.tools.yourls;
  };
  rompr = pkgs.callPackage ./rompr.nix {
    inherit (pkgs.webapps) rompr;
    env = config.myEnv.tools.rompr;
  };
  shaarli = pkgs.callPackage ./shaarli.nix {
    env = config.myEnv.tools.shaarli;
  };
  dokuwiki = pkgs.callPackage ./dokuwiki.nix {
    inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
  };
  ldap = pkgs.callPackage ./ldap.nix {
    inherit (pkgs.webapps) phpldapadmin;
    env = config.myEnv.tools.phpldapadmin;
  };
  grocy = pkgs.callPackage ./grocy.nix {
    inherit (pkgs.webapps) grocy;
  };

  cfg = config.myServices.websites.tools.tools;
  pcfg = config.services.phpfpm.pools;
in {
  options.myServices.websites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    secrets.keys =
      kanboard.keys
      ++ ldap.keys
      ++ shaarli.keys
      ++ ttrss.keys
      ++ wallabag.keys
      ++ yourls.keys;

    services.duplyBackup.profiles = {
      dokuwiki = dokuwiki.backups;
      grocy = grocy.backups;
      kanboard = kanboard.backups;
      rompr = rompr.backups;
      shaarli = shaarli.backups;
      ttrss = ttrss.backups;
      wallabag = wallabag.backups;
    };

    services.websites.env.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    services.websites.env.integration.vhostConfs.devtools = {
      certName     = "integration";
      certMainHost = "devtools.immae.eu";
      addToCerts   = true;
      hosts        = [ "devtools.immae.eu" ];
      root         = "/var/lib/ftp/devtools.immae.eu";
      extraConfig  = [
        ''
          Timeout 600
          ProxyTimeout 600
          <Directory "/var/lib/ftp/devtools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
      ];
    };

    services.websites.env.tools.vhostConfs.tools = {
      certName    = "eldiron";
      addToCerts  = true;
      hosts       = ["tools.immae.eu" ];
      root        = "/var/lib/ftp/tools.immae.eu";
      extraConfig = [
        ''
          RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1
          RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1
          RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

          <Directory "/var/lib/ftp/tools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        (adminer.apache.vhostConf pcfg.adminer.socket)
        ympd.apache.vhostConf
        (ttrss.apache.vhostConf pcfg.ttrss.socket)
        (wallabag.apache.vhostConf pcfg.wallabag.socket)
        (yourls.apache.vhostConf pcfg.yourls.socket)
        (rompr.apache.vhostConf pcfg.rompr.socket)
        (shaarli.apache.vhostConf pcfg.shaarli.socket)
        (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
        (ldap.apache.vhostConf pcfg.ldap.socket)
        (kanboard.apache.vhostConf pcfg.kanboard.socket)
        (grocy.apache.vhostConf pcfg.grocy.socket)
        ''
          Alias /paste /var/lib/fiche
          <Directory "/var/lib/fiche">
            DirectoryIndex index.txt index.html
            AllowOverride None
            Require all granted
            Options -Indexes
          </Directory>
        ''
      ];
    };

    services.websites.env.tools.vhostConfs.outils = {
      certName   = "eldiron";
      addToCerts = true;
      hosts      = [ "outils.immae.eu" ];
      root       = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1

        RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

        RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    systemd.services = {
      phpfpm-dokuwiki = {
        after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
        wants = dokuwiki.phpFpm.serviceDeps;
      };
      phpfpm-kanboard = {
        after = lib.mkAfter kanboard.phpFpm.serviceDeps;
        wants = kanboard.phpFpm.serviceDeps;
      };
      phpfpm-ldap = {
        after = lib.mkAfter ldap.phpFpm.serviceDeps;
        wants = ldap.phpFpm.serviceDeps;
      };
      phpfpm-shaarli = {
        after = lib.mkAfter shaarli.phpFpm.serviceDeps;
        wants = shaarli.phpFpm.serviceDeps;
      };
      phpfpm-ttrss = {
        after = lib.mkAfter ttrss.phpFpm.serviceDeps;
        wants = ttrss.phpFpm.serviceDeps;
      };
      phpfpm-wallabag = {
        after = lib.mkAfter wallabag.phpFpm.serviceDeps;
        wants = wallabag.phpFpm.serviceDeps;
        preStart = lib.mkAfter wallabag.phpFpm.preStart;
      };
      phpfpm-yourls = {
        after = lib.mkAfter yourls.phpFpm.serviceDeps;
        wants = yourls.phpFpm.serviceDeps;
      };
      ympd = {
        description = "Standalone MPD Web GUI written in C";
        wantedBy = [ "multi-user.target" ];
        script = ''
          export MPD_PASSWORD=$(cat /var/secrets/mpd)
          ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
          '';
      };
      tt-rss = {
        description = "Tiny Tiny RSS feeds update daemon";
        serviceConfig = {
          User = "wwwrun";
          ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
          StandardOutput = "syslog";
          StandardError = "syslog";
          PermissionsStartOnly = true;
        };

        wantedBy = [ "multi-user.target" ];
        requires = ["postgresql.service"];
        after = ["network.target" "postgresql.service"];
      };
    };

    services.filesWatcher.ympd = {
      restart = true;
      paths = [ "/var/secrets/mpd" ];
    };

    services.phpfpm.pools = {
      tools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          # Needed to avoid clashes in browser cookies (same domain)
          "php_value[session.name]" = "ToolsPHPSESSID";
          "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp";
        };
      };
      devtools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
        };
        phpOptions = config.services.phpfpm.phpOptions + ''
          extension=${pkgs.php}/lib/php/extensions/mysqli.so
          extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
          extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
          zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
          '';
      };
      adminer = adminer.phpFpm;
      ttrss = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ttrss.phpFpm.pool;
      };
      wallabag = {
        user = "wwwrun";
        group = "wwwrun";
        settings = wallabag.phpFpm.pool;
      };
      yourls = {
        user = "wwwrun";
        group = "wwwrun";
        settings = yourls.phpFpm.pool;
      };
      rompr = {
        user = "wwwrun";
        group = "wwwrun";
        settings = rompr.phpFpm.pool;
      };
      shaarli = {
        user = "wwwrun";
        group = "wwwrun";
        settings = shaarli.phpFpm.pool;
      };
      dokuwiki = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dokuwiki.phpFpm.pool;
      };
      ldap = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ldap.phpFpm.pool;
        phpPackage = pkgs.php74;
      };
      kanboard = {
        user = "wwwrun";
        group = "wwwrun";
        settings = kanboard.phpFpm.pool;
      };
      grocy = {
        user = "wwwrun";
        group = "wwwrun";
        settings = grocy.phpFpm.pool;
      };
    };

    system.activationScripts = {
      adminer = adminer.activationScript;
      grocy = grocy.activationScript;
      ttrss = ttrss.activationScript;
      wallabag = wallabag.activationScript;
      yourls = yourls.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      kanboard = kanboard.activationScript;
      ldap = ldap.activationScript;
    };

    myServices.websites.webappDirs = {
      _adminer = adminer.webRoot;
      "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
      "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
      "${rompr.apache.webappName}" = rompr.webRoot;
      "${shaarli.apache.webappName}" = shaarli.webRoot;
      "${ttrss.apache.webappName}" = ttrss.webRoot;
      "${wallabag.apache.webappName}" = wallabag.webRoot;
      "${yourls.apache.webappName}" = yourls.webRoot;
      "${kanboard.apache.webappName}" = kanboard.webRoot;
      "${grocy.apache.webappName}" = grocy.webRoot;
    };

    services.websites.env.tools.watchPaths = [
      "/var/secrets/webapps/tools-shaarli"
    ];
    services.filesWatcher.phpfpm-wallabag = {
      restart = true;
      paths = [ "/var/secrets/webapps/tools-wallabag" ];
    };

    services.fiche = {
      enable = true;
      port = config.myEnv.ports.fiche;
      domain = "tools.immae.eu/paste";
      https = true;
    };
  };
}
Commit	Line	Data
ab8f306d	1	{ lib, pkgs, config, ... }:
10889174	2	let
4288c2f2 IB	3	adminer = pkgs.callPackage ./adminer.nix {
	4	inherit (pkgs.webapps) adminer;
	5	};
	6	ympd = pkgs.callPackage ./ympd.nix {
ab8f306d	7	env = config.myEnv.tools.ympd;
4288c2f2 IB	8	};
	9	ttrss = pkgs.callPackage ./ttrss.nix {
	10	inherit (pkgs.webapps) ttrss ttrss-plugins;
ab8f306d	11	env = config.myEnv.tools.ttrss;
4288c2f2	12	};
4288c2f2	13	kanboard = pkgs.callPackage ./kanboard.nix {
ab8f306d	14	env = config.myEnv.tools.kanboard;
4288c2f2 IB	15	};
	16	wallabag = pkgs.callPackage ./wallabag.nix {
	17	inherit (pkgs.webapps) wallabag;
ab8f306d	18	env = config.myEnv.tools.wallabag;
4288c2f2 IB	19	};
	20	yourls = pkgs.callPackage ./yourls.nix {
	21	inherit (pkgs.webapps) yourls yourls-plugins;
ab8f306d	22	env = config.myEnv.tools.yourls;
4288c2f2 IB	23	};
	24	rompr = pkgs.callPackage ./rompr.nix {
	25	inherit (pkgs.webapps) rompr;
ab8f306d	26	env = config.myEnv.tools.rompr;
4288c2f2 IB	27	};
4288c2f2 IB	28	shaarli = pkgs.callPackage ./shaarli.nix {
ab8f306d	29	env = config.myEnv.tools.shaarli;
4288c2f2 IB	30	};
	31	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
	32	inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
	33	};
	34	ldap = pkgs.callPackage ./ldap.nix {
	35	inherit (pkgs.webapps) phpldapadmin;
ab8f306d	36	env = config.myEnv.tools.phpldapadmin;
4288c2f2	37	};
c7627e14 IB	38	grocy = pkgs.callPackage ./grocy.nix {
	39	inherit (pkgs.webapps) grocy;
	40	};
10889174	41
4288c2f2	42	cfg = config.myServices.websites.tools.tools;
5400b9b6	43	pcfg = config.services.phpfpm.pools;
10889174	44	in {
4288c2f2	45	options.myServices.websites.tools.tools = {
10889174 IB	46	enable = lib.mkEnableOption "enable tools website";
	47	};
	48
	49	config = lib.mkIf cfg.enable {
1a718805	50	secrets.keys =
a840a21c	51	kanboard.keys
8db8e666	52	++ ldap.keys
8db8e666 IB	53	++ shaarli.keys
	54	++ ttrss.keys
	55	++ wallabag.keys
	56	++ yourls.keys;
98163486	57
d2e703c5	58	services.duplyBackup.profiles = {
6a8252b1	59	dokuwiki = dokuwiki.backups;
c7627e14	60	grocy = grocy.backups;
6a8252b1 IB	61	kanboard = kanboard.backups;
	62	rompr = rompr.backups;
	63	shaarli = shaarli.backups;
	64	ttrss = ttrss.backups;
	65	wallabag = wallabag.backups;
	66	};
	67
29f8cb85	68	services.websites.env.tools.modules =
1922655a IB	69	[ "proxy_fcgi" ]
1922655a IB	70	++ adminer.apache.modules
10889174 IB	71	++ ympd.apache.modules
10889174 IB	72	++ ttrss.apache.modules
133ebaee	73	++ wallabag.apache.modules
bfe3c9c9	74	++ yourls.apache.modules
95b20e17	75	++ rompr.apache.modules
b892dcbe	76	++ shaarli.apache.modules
f80772dc	77	++ dokuwiki.apache.modules
d4ed0eff IB	78	++ ldap.apache.modules
d4ed0eff IB	79	++ kanboard.apache.modules;
10889174	80
29f8cb85	81	services.websites.env.integration.vhostConfs.devtools = {
0f71cd76 IB	82	certName = "integration";
	83	certMainHost = "devtools.immae.eu";
	84	addToCerts = true;
	85	hosts = [ "devtools.immae.eu" ];
	86	root = "/var/lib/ftp/devtools.immae.eu";
	87	extraConfig = [
0aae0181	88	''
9338c832 IB	89	Timeout 600
9338c832 IB	90	ProxyTimeout 600
0aae0181 IB	91	<Directory "/var/lib/ftp/devtools.immae.eu">
	92	DirectoryIndex index.php index.htm index.html
	93	AllowOverride all
	94	Require all granted
	95	<FilesMatch "\.php$">
5400b9b6	96	SetHandler "proxy:unix:${pcfg.devtools.socket}\|fcgi://localhost"
0aae0181 IB	97	</FilesMatch>
	98	</Directory>
	99	''
46f30ecc IB	100	];
	101	};
	102
29f8cb85	103	services.websites.env.tools.vhostConfs.tools = {
10889174	104	certName = "eldiron";
7df420c2	105	addToCerts = true;
10889174	106	hosts = ["tools.immae.eu" ];
1922655a	107	root = "/var/lib/ftp/tools.immae.eu";
10889174	108	extraConfig = [
1922655a	109	''
ea9c6fe8	110	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
afcc5de0	111	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
3f453c7d	112	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
afcc5de0	113
1922655a	114	<Directory "/var/lib/ftp/tools.immae.eu">
0eaac6ba	115	DirectoryIndex index.php index.htm index.html
1922655a IB	116	AllowOverride all
	117	Require all granted
	118	<FilesMatch "\.php$">
5400b9b6	119	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
1922655a IB	120	</FilesMatch>
	121	</Directory>
	122	''
5400b9b6	123	(adminer.apache.vhostConf pcfg.adminer.socket)
10889174	124	ympd.apache.vhostConf
5400b9b6 IB	125	(ttrss.apache.vhostConf pcfg.ttrss.socket)
	126	(wallabag.apache.vhostConf pcfg.wallabag.socket)
	127	(yourls.apache.vhostConf pcfg.yourls.socket)
	128	(rompr.apache.vhostConf pcfg.rompr.socket)
	129	(shaarli.apache.vhostConf pcfg.shaarli.socket)
	130	(dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
	131	(ldap.apache.vhostConf pcfg.ldap.socket)
	132	(kanboard.apache.vhostConf pcfg.kanboard.socket)
	133	(grocy.apache.vhostConf pcfg.grocy.socket)
ea3b46ee IB	134	''
	135	Alias /paste /var/lib/fiche
	136	<Directory "/var/lib/fiche">
	137	DirectoryIndex index.txt index.html
	138	AllowOverride None
	139	Require all granted
	140	Options -Indexes
	141	</Directory>
	142	''
10889174 IB	143	];
	144	};
	145
29f8cb85	146	services.websites.env.tools.vhostConfs.outils = {
7df420c2 IB	147	certName = "eldiron";
7df420c2 IB	148	addToCerts = true;
0f71cd76	149	hosts = [ "outils.immae.eu" ];
7df420c2	150	root = null;
70606070 IB	151	extraConfig = [
	152	''
	153	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	154
	155	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	156
	157	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	158	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	159
	160	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	161	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	162	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	163	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	164
	165	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	166
afcc5de0 IB	167	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
afcc5de0 IB	168
3f453c7d IB	169	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
3f453c7d IB	170
ea9c6fe8 IB	171	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
ea9c6fe8 IB	172
70606070 IB	173	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	174	''
	175	];
	176	};
	177
f40f5b23 IB	178	systemd.services = {
	179	phpfpm-dokuwiki = {
	180	after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
	181	wants = dokuwiki.phpFpm.serviceDeps;
	182	};
	183	phpfpm-kanboard = {
	184	after = lib.mkAfter kanboard.phpFpm.serviceDeps;
	185	wants = kanboard.phpFpm.serviceDeps;
	186	};
	187	phpfpm-ldap = {
	188	after = lib.mkAfter ldap.phpFpm.serviceDeps;
	189	wants = ldap.phpFpm.serviceDeps;
	190	};
f40f5b23 IB	191	phpfpm-shaarli = {
	192	after = lib.mkAfter shaarli.phpFpm.serviceDeps;
	193	wants = shaarli.phpFpm.serviceDeps;
	194	};
	195	phpfpm-ttrss = {
	196	after = lib.mkAfter ttrss.phpFpm.serviceDeps;
	197	wants = ttrss.phpFpm.serviceDeps;
	198	};
	199	phpfpm-wallabag = {
	200	after = lib.mkAfter wallabag.phpFpm.serviceDeps;
	201	wants = wallabag.phpFpm.serviceDeps;
	202	preStart = lib.mkAfter wallabag.phpFpm.preStart;
	203	};
	204	phpfpm-yourls = {
	205	after = lib.mkAfter yourls.phpFpm.serviceDeps;
	206	wants = yourls.phpFpm.serviceDeps;
	207	};
	208	ympd = {
	209	description = "Standalone MPD Web GUI written in C";
	210	wantedBy = [ "multi-user.target" ];
	211	script = ''
	212	export MPD_PASSWORD=$(cat /var/secrets/mpd)
	213	${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
	214	'';
	215	};
	216	tt-rss = {
	217	description = "Tiny Tiny RSS feeds update daemon";
	218	serviceConfig = {
	219	User = "wwwrun";
	220	ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
	221	StandardOutput = "syslog";
	222	StandardError = "syslog";
	223	PermissionsStartOnly = true;
	224	};
	225
	226	wantedBy = [ "multi-user.target" ];
	227	requires = ["postgresql.service"];
	228	after = ["network.target" "postgresql.service"];
	229	};
	230	};
	231
17f6eae9 IB	232	services.filesWatcher.ympd = {
	233	restart = true;
	234	paths = [ "/var/secrets/mpd" ];
	235	};
	236
441da8aa IB	237	services.phpfpm.pools = {
441da8aa IB	238	tools = {
5400b9b6 IB	239	user = "wwwrun";
	240	group = "wwwrun";
	241	settings = {
	242	"listen.owner" = "wwwrun";
	243	"listen.group" = "wwwrun";
	244	"pm" = "dynamic";
	245	"pm.max_children" = "60";
	246	"pm.start_servers" = "2";
	247	"pm.min_spare_servers" = "1";
	248	"pm.max_spare_servers" = "10";
f40f5b23	249
5400b9b6 IB	250	# Needed to avoid clashes in browser cookies (same domain)
	251	"php_value[session.name]" = "ToolsPHPSESSID";
	252	"php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp";
	253	};
441da8aa IB	254	};
441da8aa IB	255	devtools = {
5400b9b6 IB	256	user = "wwwrun";
	257	group = "wwwrun";
	258	settings = {
	259	"listen.owner" = "wwwrun";
	260	"listen.group" = "wwwrun";
	261	"pm" = "dynamic";
	262	"pm.max_children" = "60";
	263	"pm.start_servers" = "2";
	264	"pm.min_spare_servers" = "1";
	265	"pm.max_spare_servers" = "10";
1922655a	266
5400b9b6 IB	267	"php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
5400b9b6 IB	268	};
441da8aa IB	269	phpOptions = config.services.phpfpm.phpOptions + ''
	270	extension=${pkgs.php}/lib/php/extensions/mysqli.so
	271	extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
	272	extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
	273	zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
	274	'';
	275	};
5400b9b6	276	adminer = adminer.phpFpm;
441da8aa	277	ttrss = {
5400b9b6 IB	278	user = "wwwrun";
	279	group = "wwwrun";
	280	settings = ttrss.phpFpm.pool;
441da8aa IB	281	};
441da8aa IB	282	wallabag = {
5400b9b6 IB	283	user = "wwwrun";
	284	group = "wwwrun";
	285	settings = wallabag.phpFpm.pool;
441da8aa IB	286	};
441da8aa IB	287	yourls = {
5400b9b6 IB	288	user = "wwwrun";
	289	group = "wwwrun";
	290	settings = yourls.phpFpm.pool;
441da8aa IB	291	};
441da8aa IB	292	rompr = {
5400b9b6 IB	293	user = "wwwrun";
	294	group = "wwwrun";
	295	settings = rompr.phpFpm.pool;
441da8aa IB	296	};
441da8aa IB	297	shaarli = {
5400b9b6 IB	298	user = "wwwrun";
	299	group = "wwwrun";
	300	settings = shaarli.phpFpm.pool;
441da8aa IB	301	};
441da8aa IB	302	dokuwiki = {
5400b9b6 IB	303	user = "wwwrun";
	304	group = "wwwrun";
	305	settings = dokuwiki.phpFpm.pool;
441da8aa IB	306	};
441da8aa IB	307	ldap = {
5400b9b6 IB	308	user = "wwwrun";
	309	group = "wwwrun";
	310	settings = ldap.phpFpm.pool;
b639cc33	311	phpPackage = pkgs.php74;
441da8aa IB	312	};
441da8aa IB	313	kanboard = {
5400b9b6 IB	314	user = "wwwrun";
	315	group = "wwwrun";
	316	settings = kanboard.phpFpm.pool;
441da8aa IB	317	};
441da8aa IB	318	grocy = {
5400b9b6 IB	319	user = "wwwrun";
	320	group = "wwwrun";
	321	settings = grocy.phpFpm.pool;
441da8aa	322	};
10889174 IB	323	};
	324
	325	system.activationScripts = {
4288c2f2	326	adminer = adminer.activationScript;
c7627e14	327	grocy = grocy.activationScript;
10889174	328	ttrss = ttrss.activationScript;
aebd817b	329	wallabag = wallabag.activationScript;
133ebaee	330	yourls = yourls.activationScript;
bfe3c9c9	331	rompr = rompr.activationScript;
95b20e17	332	shaarli = shaarli.activationScript;
b892dcbe	333	dokuwiki = dokuwiki.activationScript;
d4ed0eff	334	kanboard = kanboard.activationScript;
4288c2f2	335	ldap = ldap.activationScript;
10889174 IB	336	};
10889174 IB	337
4288c2f2 IB	338	myServices.websites.webappDirs = {
	339	_adminer = adminer.webRoot;
	340	"${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
	341	"${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
	342	"${rompr.apache.webappName}" = rompr.webRoot;
4288c2f2 IB	343	"${shaarli.apache.webappName}" = shaarli.webRoot;
	344	"${ttrss.apache.webappName}" = ttrss.webRoot;
	345	"${wallabag.apache.webappName}" = wallabag.webRoot;
	346	"${yourls.apache.webappName}" = yourls.webRoot;
4288c2f2	347	"${kanboard.apache.webappName}" = kanboard.webRoot;
c7627e14	348	"${grocy.apache.webappName}" = grocy.webRoot;
4288c2f2	349	};
a95ab089	350
29f8cb85	351	services.websites.env.tools.watchPaths = [
9247b444	352	"/var/secrets/webapps/tools-shaarli"
17f6eae9 IB	353	];
	354	services.filesWatcher.phpfpm-wallabag = {
	355	restart = true;
	356	paths = [ "/var/secrets/webapps/tools-wallabag" ];
	357	};
ea3b46ee IB	358
	359	services.fiche = {
	360	enable = true;
	361	port = config.myEnv.ports.fiche;
	362	domain = "tools.immae.eu/paste";
	363	https = true;
	364	};
10889174 IB	365	};
	366	}
	367