[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / tools / default.nix

{ lib, pkgs, config, myconfig, mylibs, ... }:
let
    adminer = pkgs.callPackage ../../commons/adminer.nix {};
    ympd = pkgs.callPackage ./ympd.nix {
      env = myconfig.env.tools.ympd;
    };
    ttrss = pkgs.callPackage ./ttrss.nix {
      inherit (mylibs) fetchedGithub fetchedGit;
      env = myconfig.env.tools.ttrss;
    };
    roundcubemail = pkgs.callPackage ./roundcubemail.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.roundcubemail;
    };
    rainloop = pkgs.callPackage ./rainloop.nix  {};
    kanboard = pkgs.callPackage ./kanboard.nix  {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.kanboard;
    };
    wallabag = pkgs.callPackage ./wallabag.nix { env = myconfig.env.tools.wallabag; };
    yourls = pkgs.callPackage ./yourls.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.yourls;
    };
    rompr = pkgs.callPackage ./rompr.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.rompr;
    };
    shaarli = pkgs.callPackage ./shaarli.nix {
      env = myconfig.env.tools.shaarli;
    };
    dokuwiki = pkgs.callPackage ./dokuwiki.nix {
      inherit (mylibs) fetchedGithub;
    };
    ldap = pkgs.callPackage ./ldap.nix {
      env = myconfig.env.tools.phpldapadmin;
    };

    cfg = config.services.myWebsites.tools.tools;
in {
  options.services.myWebsites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
    security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null;

    deployment.keys =
      kanboard.keys
      // ldap.keys
      // roundcubemail.keys
      // shaarli.keys
      // ttrss.keys
      // wallabag.keys
      // yourls.keys;

    services.myWebsites.integration.modules =
      rainloop.apache.modules;

    services.myWebsites.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ roundcubemail.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    services.ympd = ympd.config // { enable = true; };

    services.myWebsites.integration.vhostConfs.devtools = {
      certName    = "eldiron";
      hosts       = ["devtools.immae.eu" ];
      root        = null;
      extraConfig = [
        rainloop.apache.vhostConf
      ];
    };

    services.myWebsites.tools.vhostConfs.tools = {
      certName    = "eldiron";
      hosts       = ["tools.immae.eu" ];
      root        = "/var/lib/ftp/tools.immae.eu";
      extraConfig = [
        ''
          <Directory "/var/lib/ftp/tools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:/var/run/phpfpm/tools.sock|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        adminer.apache.vhostConf
        ympd.apache.vhostConf
        ttrss.apache.vhostConf
        roundcubemail.apache.vhostConf
        wallabag.apache.vhostConf
        yourls.apache.vhostConf
        rompr.apache.vhostConf
        shaarli.apache.vhostConf
        dokuwiki.apache.vhostConf
        ldap.apache.vhostConf
        kanboard.apache.vhostConf
      ];
    };

    security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null;
    services.myWebsites.tools.vhostConfs.outils = {
      certName = "eldiron";
      hosts    = [ "outils.immae.eu" ];
      root     = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    services.myPhpfpm.serviceDependencies = {
      dokuwiki = dokuwiki.phpFpm.serviceDeps;
      kanboard = kanboard.phpFpm.serviceDeps;
      ldap = ldap.phpFpm.serviceDeps;
      rainloop = rainloop.phpFpm.serviceDeps;
      roundcubemail = roundcubemail.phpFpm.serviceDeps;
      shaarli = shaarli.phpFpm.serviceDeps;
      ttrss = ttrss.phpFpm.serviceDeps;
      wallabag = wallabag.phpFpm.serviceDeps;
      yourls = yourls.phpFpm.serviceDeps;
    };

    services.myPhpfpm.poolPhpConfigs.roundcubemail = roundcubemail.phpFpm.phpConfig;
    services.myPhpfpm.poolConfigs = {
      adminer = adminer.phpFpm.pool;
      ttrss = ttrss.phpFpm.pool;
      roundcubemail = roundcubemail.phpFpm.pool;
      wallabag = wallabag.phpFpm.pool;
      yourls = yourls.phpFpm.pool;
      rompr = rompr.phpFpm.pool;
      shaarli = shaarli.phpFpm.pool;
      dokuwiki = dokuwiki.phpFpm.pool;
      ldap = ldap.phpFpm.pool;
      rainloop = rainloop.phpFpm.pool;
      kanboard = kanboard.phpFpm.pool;
      tools = ''
        listen = /var/run/phpfpm/tools.sock
        user = wwwrun
        group = wwwrun
        listen.owner = wwwrun
        listen.group = wwwrun
        pm = dynamic
        pm.max_children = 60
        pm.start_servers = 2
        pm.min_spare_servers = 1
        pm.max_spare_servers = 10

        ; Needed to avoid clashes in browser cookies (same domain)
        php_value[session.name] = ToolsPHPSESSID
        php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
        '';
    };

    system.activationScripts = {
      ttrss = ttrss.activationScript;
      roundcubemail = roundcubemail.activationScript;
      wallabag = wallabag.activationScript;
      yourls = yourls.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      rainloop = rainloop.activationScript;
      kanboard = kanboard.activationScript;
    };

    system.extraSystemBuilderCmds = ''
      mkdir -p $out/webapps
      ln -s ${dokuwiki.webRoot} $out/webapps/${dokuwiki.apache.webappName}
      ln -s ${ldap.webRoot}/htdocs $out/webapps/${ldap.apache.webappName}
      ln -s ${rompr.webRoot} $out/webapps/${rompr.apache.webappName}
      ln -s ${roundcubemail.webRoot} $out/webapps/${roundcubemail.apache.webappName}
      ln -s ${shaarli.webRoot} $out/webapps/${shaarli.apache.webappName}
      ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName}
      ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName}
      ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName}
      ln -s ${rainloop.webRoot} $out/webapps/${rainloop.apache.webappName}
      ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName}
      '';

    nixpkgs.overlays = [ (self: super: rec {
      ympd = super.ympd.overrideAttrs(old: mylibs.fetchedGithub ./ympd.json);
    }) ];

    systemd.services.tt-rss = {
      description = "Tiny Tiny RSS feeds update daemon";
      serviceConfig = {
        User = "wwwrun";
        ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
        StandardOutput = "syslog";
        StandardError = "syslog";
        PermissionsStartOnly = true;
      };

      wantedBy = [ "multi-user.target" ];
      requires = ["postgresql.service"];
      after = ["network.target" "postgresql.service"];
    };

  };
}
Commit	Line	Data
9d90e7e2	1	{ lib, pkgs, config, myconfig, mylibs, ... }:
10889174 IB	2	let
10889174 IB	3	adminer = pkgs.callPackage ../../commons/adminer.nix {};
bfe3c9c9 IB	4	ympd = pkgs.callPackage ./ympd.nix {
	5	env = myconfig.env.tools.ympd;
	6	};
9d90e7e2 IB	7	ttrss = pkgs.callPackage ./ttrss.nix {
	8	inherit (mylibs) fetchedGithub fetchedGit;
	9	env = myconfig.env.tools.ttrss;
	10	};
8a2ccf84 IB	11	roundcubemail = pkgs.callPackage ./roundcubemail.nix {
	12	inherit (mylibs) fetchedGithub;
	13	env = myconfig.env.tools.roundcubemail;
	14	};
46f30ecc	15	rainloop = pkgs.callPackage ./rainloop.nix {};
d4ed0eff IB	16	kanboard = pkgs.callPackage ./kanboard.nix {
	17	inherit (mylibs) fetchedGithub;
	18	env = myconfig.env.tools.kanboard;
	19	};
9d90e7e2	20	wallabag = pkgs.callPackage ./wallabag.nix { env = myconfig.env.tools.wallabag; };
133ebaee IB	21	yourls = pkgs.callPackage ./yourls.nix {
	22	inherit (mylibs) fetchedGithub;
	23	env = myconfig.env.tools.yourls;
	24	};
bfe3c9c9 IB	25	rompr = pkgs.callPackage ./rompr.nix {
	26	inherit (mylibs) fetchedGithub;
	27	env = myconfig.env.tools.rompr;
	28	};
95b20e17 IB	29	shaarli = pkgs.callPackage ./shaarli.nix {
	30	env = myconfig.env.tools.shaarli;
	31	};
b892dcbe IB	32	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
	33	inherit (mylibs) fetchedGithub;
	34	};
f80772dc IB	35	ldap = pkgs.callPackage ./ldap.nix {
	36	env = myconfig.env.tools.phpldapadmin;
	37	};
10889174 IB	38
	39	cfg = config.services.myWebsites.tools.tools;
	40	in {
	41	options.services.myWebsites.tools.tools = {
	42	enable = lib.mkEnableOption "enable tools website";
	43	};
	44
	45	config = lib.mkIf cfg.enable {
	46	security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
46f30ecc IB	47	security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null;
46f30ecc IB	48
a840a21c IB	49	deployment.keys =
	50	kanboard.keys
	51	// ldap.keys
	52	// roundcubemail.keys
5f08b34c	53	// shaarli.keys
a840a21c IB	54	// ttrss.keys
	55	// wallabag.keys
	56	// yourls.keys;
98163486	57
46f30ecc IB	58	services.myWebsites.integration.modules =
46f30ecc IB	59	rainloop.apache.modules;
10889174 IB	60
10889174 IB	61	services.myWebsites.tools.modules =
1922655a IB	62	[ "proxy_fcgi" ]
1922655a IB	63	++ adminer.apache.modules
10889174 IB	64	++ ympd.apache.modules
10889174 IB	65	++ ttrss.apache.modules
aebd817b	66	++ roundcubemail.apache.modules
133ebaee	67	++ wallabag.apache.modules
bfe3c9c9	68	++ yourls.apache.modules
95b20e17	69	++ rompr.apache.modules
b892dcbe	70	++ shaarli.apache.modules
f80772dc	71	++ dokuwiki.apache.modules
d4ed0eff IB	72	++ ldap.apache.modules
d4ed0eff IB	73	++ kanboard.apache.modules;
10889174	74
bfe3c9c9	75	services.ympd = ympd.config // { enable = true; };
10889174	76
46f30ecc IB	77	services.myWebsites.integration.vhostConfs.devtools = {
	78	certName = "eldiron";
	79	hosts = ["devtools.immae.eu" ];
	80	root = null;
	81	extraConfig = [
	82	rainloop.apache.vhostConf
	83	];
	84	};
	85
10889174 IB	86	services.myWebsites.tools.vhostConfs.tools = {
	87	certName = "eldiron";
	88	hosts = ["tools.immae.eu" ];
1922655a	89	root = "/var/lib/ftp/tools.immae.eu";
10889174	90	extraConfig = [
1922655a IB	91	''
1922655a IB	92	<Directory "/var/lib/ftp/tools.immae.eu">
0eaac6ba	93	DirectoryIndex index.php index.htm index.html
1922655a IB	94	AllowOverride all
	95	Require all granted
	96	<FilesMatch "\.php$">
	97	SetHandler "proxy:unix:/var/run/phpfpm/tools.sock\|fcgi://localhost"
	98	</FilesMatch>
	99	</Directory>
	100	''
10889174 IB	101	adminer.apache.vhostConf
	102	ympd.apache.vhostConf
	103	ttrss.apache.vhostConf
	104	roundcubemail.apache.vhostConf
aebd817b	105	wallabag.apache.vhostConf
133ebaee	106	yourls.apache.vhostConf
bfe3c9c9	107	rompr.apache.vhostConf
95b20e17	108	shaarli.apache.vhostConf
b892dcbe	109	dokuwiki.apache.vhostConf
f80772dc	110	ldap.apache.vhostConf
d4ed0eff	111	kanboard.apache.vhostConf
10889174 IB	112	];
	113	};
	114
70606070 IB	115	security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null;
	116	services.myWebsites.tools.vhostConfs.outils = {
	117	certName = "eldiron";
	118	hosts = [ "outils.immae.eu" ];
	119	root = null;
	120	extraConfig = [
	121	''
	122	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	123
	124	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	125
	126	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	127	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	128
	129	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	130	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	131	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	132	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	133
	134	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	135
	136	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	137	''
	138	];
	139	};
	140
a840a21c IB	141	services.myPhpfpm.serviceDependencies = {
	142	dokuwiki = dokuwiki.phpFpm.serviceDeps;
	143	kanboard = kanboard.phpFpm.serviceDeps;
	144	ldap = ldap.phpFpm.serviceDeps;
	145	rainloop = rainloop.phpFpm.serviceDeps;
	146	roundcubemail = roundcubemail.phpFpm.serviceDeps;
5f08b34c	147	shaarli = shaarli.phpFpm.serviceDeps;
a840a21c IB	148	ttrss = ttrss.phpFpm.serviceDeps;
	149	wallabag = wallabag.phpFpm.serviceDeps;
	150	yourls = yourls.phpFpm.serviceDeps;
	151	};
	152
e2ca51b2	153	services.myPhpfpm.poolPhpConfigs.roundcubemail = roundcubemail.phpFpm.phpConfig;
10889174 IB	154	services.myPhpfpm.poolConfigs = {
	155	adminer = adminer.phpFpm.pool;
	156	ttrss = ttrss.phpFpm.pool;
	157	roundcubemail = roundcubemail.phpFpm.pool;
aebd817b	158	wallabag = wallabag.phpFpm.pool;
133ebaee	159	yourls = yourls.phpFpm.pool;
bfe3c9c9	160	rompr = rompr.phpFpm.pool;
95b20e17	161	shaarli = shaarli.phpFpm.pool;
b892dcbe	162	dokuwiki = dokuwiki.phpFpm.pool;
f80772dc	163	ldap = ldap.phpFpm.pool;
46f30ecc	164	rainloop = rainloop.phpFpm.pool;
d4ed0eff	165	kanboard = kanboard.phpFpm.pool;
1922655a IB	166	tools = ''
	167	listen = /var/run/phpfpm/tools.sock
	168	user = wwwrun
	169	group = wwwrun
	170	listen.owner = wwwrun
	171	listen.group = wwwrun
	172	pm = dynamic
	173	pm.max_children = 60
	174	pm.start_servers = 2
	175	pm.min_spare_servers = 1
	176	pm.max_spare_servers = 10
	177
	178	; Needed to avoid clashes in browser cookies (same domain)
	179	php_value[session.name] = ToolsPHPSESSID
	180	php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
	181	'';
10889174 IB	182	};
	183
	184	system.activationScripts = {
	185	ttrss = ttrss.activationScript;
	186	roundcubemail = roundcubemail.activationScript;
aebd817b	187	wallabag = wallabag.activationScript;
133ebaee	188	yourls = yourls.activationScript;
bfe3c9c9	189	rompr = rompr.activationScript;
95b20e17	190	shaarli = shaarli.activationScript;
b892dcbe	191	dokuwiki = dokuwiki.activationScript;
46f30ecc	192	rainloop = rainloop.activationScript;
d4ed0eff	193	kanboard = kanboard.activationScript;
10889174 IB	194	};
10889174 IB	195
a95ab089 IB	196	system.extraSystemBuilderCmds = ''
	197	mkdir -p $out/webapps
	198	ln -s ${dokuwiki.webRoot} $out/webapps/${dokuwiki.apache.webappName}
	199	ln -s ${ldap.webRoot}/htdocs $out/webapps/${ldap.apache.webappName}
	200	ln -s ${rompr.webRoot} $out/webapps/${rompr.apache.webappName}
	201	ln -s ${roundcubemail.webRoot} $out/webapps/${roundcubemail.apache.webappName}
	202	ln -s ${shaarli.webRoot} $out/webapps/${shaarli.apache.webappName}
	203	ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName}
	204	ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName}
	205	ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName}
46f30ecc	206	ln -s ${rainloop.webRoot} $out/webapps/${rainloop.apache.webappName}
d4ed0eff	207	ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName}
a95ab089 IB	208	'';
a95ab089 IB	209
2368a4b7 IB	210	nixpkgs.overlays = [ (self: super: rec {
	211	ympd = super.ympd.overrideAttrs(old: mylibs.fetchedGithub ./ympd.json);
	212	}) ];
e229e6f2	213
10889174 IB	214	systemd.services.tt-rss = {
	215	description = "Tiny Tiny RSS feeds update daemon";
	216	serviceConfig = {
	217	User = "wwwrun";
	218	ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
	219	StandardOutput = "syslog";
	220	StandardError = "syslog";
	221	PermissionsStartOnly = true;
	222	};
	223
	224	wantedBy = [ "multi-user.target" ];
	225	requires = ["postgresql.service"];
	226	after = ["network.target" "postgresql.service"];
	227	};
	228
	229	};
	230	}
	231