[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / tools / default.nix

{ lib, pkgs, config, myconfig, mylibs, ... }:
let
    adminer = pkgs.callPackage ../../commons/adminer.nix {};
    ympd = pkgs.callPackage ./ympd.nix {
      env = myconfig.env.tools.ympd;
    };
    ttrss = pkgs.callPackage ./ttrss.nix {
      inherit (mylibs) fetchedGithub fetchedGit;
      env = myconfig.env.tools.ttrss;
    };
    roundcubemail = pkgs.callPackage ./roundcubemail.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.roundcubemail;
    };
    rainloop = pkgs.callPackage ./rainloop.nix  {};
    kanboard = pkgs.callPackage ./kanboard.nix  {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.kanboard;
    };
    wallabag = pkgs.callPackage ./wallabag.nix { env = myconfig.env.tools.wallabag; };
    yourls = pkgs.callPackage ./yourls.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.yourls;
    };
    rompr = pkgs.callPackage ./rompr.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.rompr;
    };
    shaarli = pkgs.callPackage ./shaarli.nix {
      env = myconfig.env.tools.shaarli;
    };
    dokuwiki = pkgs.callPackage ./dokuwiki.nix {
      inherit (mylibs) fetchedGithub;
    };
    ldap = pkgs.callPackage ./ldap.nix {
      env = myconfig.env.tools.phpldapadmin;
    };

    cfg = config.services.myWebsites.tools.tools;
in {
  options.services.myWebsites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
    security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null;

    deployment.keys =
      kanboard.keys
      // ldap.keys
      // roundcubemail.keys
      // shaarli.keys
      // ttrss.keys
      // wallabag.keys
      // yourls.keys;

    services.myWebsites.integration.modules =
      rainloop.apache.modules;

    services.myWebsites.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ roundcubemail.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    systemd.services.ympd = {
      description = "Standalone MPD Web GUI written in C";
      wantedBy = [ "multi-user.target" ];
      script = ''
        export MPD_PASSWORD=$(cat /run/keys/mpd)
        ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
        '';
    };

    services.myWebsites.integration.vhostConfs.devtools = {
      certName    = "eldiron";
      hosts       = ["devtools.immae.eu" ];
      root        = "/var/lib/ftp/devtools.immae.eu";
      extraConfig = [
        ''
          <Directory "/var/lib/ftp/devtools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:/var/run/phpfpm/devtools.sock|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        rainloop.apache.vhostConf
      ];
    };

    services.myWebsites.tools.vhostConfs.tools = {
      certName    = "eldiron";
      hosts       = ["tools.immae.eu" ];
      root        = "/var/lib/ftp/tools.immae.eu";
      extraConfig = [
        ''
          <Directory "/var/lib/ftp/tools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:/var/run/phpfpm/tools.sock|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        adminer.apache.vhostConf
        ympd.apache.vhostConf
        ttrss.apache.vhostConf
        roundcubemail.apache.vhostConf
        wallabag.apache.vhostConf
        yourls.apache.vhostConf
        rompr.apache.vhostConf
        shaarli.apache.vhostConf
        dokuwiki.apache.vhostConf
        ldap.apache.vhostConf
        kanboard.apache.vhostConf
      ];
    };

    security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null;
    services.myWebsites.tools.vhostConfs.outils = {
      certName = "eldiron";
      hosts    = [ "outils.immae.eu" ];
      root     = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    services.myPhpfpm.serviceDependencies = {
      dokuwiki = dokuwiki.phpFpm.serviceDeps;
      kanboard = kanboard.phpFpm.serviceDeps;
      ldap = ldap.phpFpm.serviceDeps;
      rainloop = rainloop.phpFpm.serviceDeps;
      roundcubemail = roundcubemail.phpFpm.serviceDeps;
      shaarli = shaarli.phpFpm.serviceDeps;
      ttrss = ttrss.phpFpm.serviceDeps;
      wallabag = wallabag.phpFpm.serviceDeps;
      yourls = yourls.phpFpm.serviceDeps;
    };

    services.myPhpfpm.poolPhpConfigs = {
      devtools = ''
        extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
        extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
        zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
        '';
      roundcubemail = roundcubemail.phpFpm.phpConfig;
    };
    services.myPhpfpm.poolConfigs = {
      adminer = adminer.phpFpm.pool;
      ttrss = ttrss.phpFpm.pool;
      roundcubemail = roundcubemail.phpFpm.pool;
      wallabag = wallabag.phpFpm.pool;
      yourls = yourls.phpFpm.pool;
      rompr = rompr.phpFpm.pool;
      shaarli = shaarli.phpFpm.pool;
      dokuwiki = dokuwiki.phpFpm.pool;
      ldap = ldap.phpFpm.pool;
      rainloop = rainloop.phpFpm.pool;
      kanboard = kanboard.phpFpm.pool;
      devtools = ''
        listen = /var/run/phpfpm/devtools.sock
        user = wwwrun
        group = wwwrun
        listen.owner = wwwrun
        listen.group = wwwrun
        pm = dynamic
        pm.max_children = 60
        pm.start_servers = 2
        pm.min_spare_servers = 1
        pm.max_spare_servers = 10

        php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp"
        '';
      tools = ''
        listen = /var/run/phpfpm/tools.sock
        user = wwwrun
        group = wwwrun
        listen.owner = wwwrun
        listen.group = wwwrun
        pm = dynamic
        pm.max_children = 60
        pm.start_servers = 2
        pm.min_spare_servers = 1
        pm.max_spare_servers = 10

        ; Needed to avoid clashes in browser cookies (same domain)
        php_value[session.name] = ToolsPHPSESSID
        php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
        '';
    };

    system.activationScripts = {
      ttrss = ttrss.activationScript;
      roundcubemail = roundcubemail.activationScript;
      wallabag = wallabag.activationScript;
      yourls = yourls.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      rainloop = rainloop.activationScript;
      kanboard = kanboard.activationScript;
    };

    system.extraSystemBuilderCmds = ''
      mkdir -p $out/webapps
      ln -s ${dokuwiki.webRoot} $out/webapps/${dokuwiki.apache.webappName}
      ln -s ${ldap.webRoot}/htdocs $out/webapps/${ldap.apache.webappName}
      ln -s ${rompr.webRoot} $out/webapps/${rompr.apache.webappName}
      ln -s ${roundcubemail.webRoot} $out/webapps/${roundcubemail.apache.webappName}
      ln -s ${shaarli.webRoot} $out/webapps/${shaarli.apache.webappName}
      ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName}
      ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName}
      ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName}
      ln -s ${rainloop.webRoot} $out/webapps/${rainloop.apache.webappName}
      ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName}
      '';

    nixpkgs.overlays = [ (self: super: rec {
      ympd = super.ympd.overrideAttrs(old: mylibs.fetchedGithub ./ympd.json // {
        patches = (old.patches or []) ++ [ ./ympd-password-env.patch ];
      });
    }) ];

    systemd.services.tt-rss = {
      description = "Tiny Tiny RSS feeds update daemon";
      serviceConfig = {
        User = "wwwrun";
        ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
        StandardOutput = "syslog";
        StandardError = "syslog";
        PermissionsStartOnly = true;
      };

      wantedBy = [ "multi-user.target" ];
      requires = ["postgresql.service"];
      after = ["network.target" "postgresql.service"];
    };

  };
}
Commit	Line	Data
9d90e7e2	1	{ lib, pkgs, config, myconfig, mylibs, ... }:
10889174 IB	2	let
10889174 IB	3	adminer = pkgs.callPackage ../../commons/adminer.nix {};
bfe3c9c9 IB	4	ympd = pkgs.callPackage ./ympd.nix {
	5	env = myconfig.env.tools.ympd;
	6	};
9d90e7e2 IB	7	ttrss = pkgs.callPackage ./ttrss.nix {
	8	inherit (mylibs) fetchedGithub fetchedGit;
	9	env = myconfig.env.tools.ttrss;
	10	};
8a2ccf84 IB	11	roundcubemail = pkgs.callPackage ./roundcubemail.nix {
	12	inherit (mylibs) fetchedGithub;
	13	env = myconfig.env.tools.roundcubemail;
	14	};
46f30ecc	15	rainloop = pkgs.callPackage ./rainloop.nix {};
d4ed0eff IB	16	kanboard = pkgs.callPackage ./kanboard.nix {
	17	inherit (mylibs) fetchedGithub;
	18	env = myconfig.env.tools.kanboard;
	19	};
9d90e7e2	20	wallabag = pkgs.callPackage ./wallabag.nix { env = myconfig.env.tools.wallabag; };
133ebaee IB	21	yourls = pkgs.callPackage ./yourls.nix {
	22	inherit (mylibs) fetchedGithub;
	23	env = myconfig.env.tools.yourls;
	24	};
bfe3c9c9 IB	25	rompr = pkgs.callPackage ./rompr.nix {
	26	inherit (mylibs) fetchedGithub;
	27	env = myconfig.env.tools.rompr;
	28	};
95b20e17 IB	29	shaarli = pkgs.callPackage ./shaarli.nix {
	30	env = myconfig.env.tools.shaarli;
	31	};
b892dcbe IB	32	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
	33	inherit (mylibs) fetchedGithub;
	34	};
f80772dc IB	35	ldap = pkgs.callPackage ./ldap.nix {
	36	env = myconfig.env.tools.phpldapadmin;
	37	};
10889174 IB	38
	39	cfg = config.services.myWebsites.tools.tools;
	40	in {
	41	options.services.myWebsites.tools.tools = {
	42	enable = lib.mkEnableOption "enable tools website";
	43	};
	44
	45	config = lib.mkIf cfg.enable {
	46	security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
46f30ecc IB	47	security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null;
46f30ecc IB	48
a840a21c IB	49	deployment.keys =
	50	kanboard.keys
	51	// ldap.keys
	52	// roundcubemail.keys
5f08b34c	53	// shaarli.keys
a840a21c IB	54	// ttrss.keys
	55	// wallabag.keys
	56	// yourls.keys;
98163486	57
46f30ecc IB	58	services.myWebsites.integration.modules =
46f30ecc IB	59	rainloop.apache.modules;
10889174 IB	60
10889174 IB	61	services.myWebsites.tools.modules =
1922655a IB	62	[ "proxy_fcgi" ]
1922655a IB	63	++ adminer.apache.modules
10889174 IB	64	++ ympd.apache.modules
10889174 IB	65	++ ttrss.apache.modules
aebd817b	66	++ roundcubemail.apache.modules
133ebaee	67	++ wallabag.apache.modules
bfe3c9c9	68	++ yourls.apache.modules
95b20e17	69	++ rompr.apache.modules
b892dcbe	70	++ shaarli.apache.modules
f80772dc	71	++ dokuwiki.apache.modules
d4ed0eff IB	72	++ ldap.apache.modules
d4ed0eff IB	73	++ kanboard.apache.modules;
10889174	74
914dd76c IB	75	systemd.services.ympd = {
	76	description = "Standalone MPD Web GUI written in C";
	77	wantedBy = [ "multi-user.target" ];
	78	script = ''
	79	export MPD_PASSWORD=$(cat /run/keys/mpd)
	80	${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
	81	'';
	82	};
10889174	83
46f30ecc IB	84	services.myWebsites.integration.vhostConfs.devtools = {
	85	certName = "eldiron";
	86	hosts = ["devtools.immae.eu" ];
0aae0181	87	root = "/var/lib/ftp/devtools.immae.eu";
46f30ecc	88	extraConfig = [
0aae0181 IB	89	''
	90	<Directory "/var/lib/ftp/devtools.immae.eu">
	91	DirectoryIndex index.php index.htm index.html
	92	AllowOverride all
	93	Require all granted
	94	<FilesMatch "\.php$">
	95	SetHandler "proxy:unix:/var/run/phpfpm/devtools.sock\|fcgi://localhost"
	96	</FilesMatch>
	97	</Directory>
	98	''
46f30ecc IB	99	rainloop.apache.vhostConf
	100	];
	101	};
	102
10889174 IB	103	services.myWebsites.tools.vhostConfs.tools = {
	104	certName = "eldiron";
	105	hosts = ["tools.immae.eu" ];
1922655a	106	root = "/var/lib/ftp/tools.immae.eu";
10889174	107	extraConfig = [
1922655a IB	108	''
1922655a IB	109	<Directory "/var/lib/ftp/tools.immae.eu">
0eaac6ba	110	DirectoryIndex index.php index.htm index.html
1922655a IB	111	AllowOverride all
	112	Require all granted
	113	<FilesMatch "\.php$">
	114	SetHandler "proxy:unix:/var/run/phpfpm/tools.sock\|fcgi://localhost"
	115	</FilesMatch>
	116	</Directory>
	117	''
10889174 IB	118	adminer.apache.vhostConf
	119	ympd.apache.vhostConf
	120	ttrss.apache.vhostConf
	121	roundcubemail.apache.vhostConf
aebd817b	122	wallabag.apache.vhostConf
133ebaee	123	yourls.apache.vhostConf
bfe3c9c9	124	rompr.apache.vhostConf
95b20e17	125	shaarli.apache.vhostConf
b892dcbe	126	dokuwiki.apache.vhostConf
f80772dc	127	ldap.apache.vhostConf
d4ed0eff	128	kanboard.apache.vhostConf
10889174 IB	129	];
	130	};
	131
70606070 IB	132	security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null;
	133	services.myWebsites.tools.vhostConfs.outils = {
	134	certName = "eldiron";
	135	hosts = [ "outils.immae.eu" ];
	136	root = null;
	137	extraConfig = [
	138	''
	139	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	140
	141	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	142
	143	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	144	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	145
	146	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	147	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	148	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	149	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	150
	151	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	152
	153	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	154	''
	155	];
	156	};
	157
a840a21c IB	158	services.myPhpfpm.serviceDependencies = {
	159	dokuwiki = dokuwiki.phpFpm.serviceDeps;
	160	kanboard = kanboard.phpFpm.serviceDeps;
	161	ldap = ldap.phpFpm.serviceDeps;
	162	rainloop = rainloop.phpFpm.serviceDeps;
	163	roundcubemail = roundcubemail.phpFpm.serviceDeps;
5f08b34c	164	shaarli = shaarli.phpFpm.serviceDeps;
a840a21c IB	165	ttrss = ttrss.phpFpm.serviceDeps;
	166	wallabag = wallabag.phpFpm.serviceDeps;
	167	yourls = yourls.phpFpm.serviceDeps;
	168	};
	169
b7d2d4e3	170	services.myPhpfpm.poolPhpConfigs = {
0aae0181 IB	171	devtools = ''
	172	extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
	173	extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
	174	zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
	175	'';
b7d2d4e3 IB	176	roundcubemail = roundcubemail.phpFpm.phpConfig;
b7d2d4e3 IB	177	};
10889174 IB	178	services.myPhpfpm.poolConfigs = {
	179	adminer = adminer.phpFpm.pool;
	180	ttrss = ttrss.phpFpm.pool;
	181	roundcubemail = roundcubemail.phpFpm.pool;
aebd817b	182	wallabag = wallabag.phpFpm.pool;
133ebaee	183	yourls = yourls.phpFpm.pool;
bfe3c9c9	184	rompr = rompr.phpFpm.pool;
95b20e17	185	shaarli = shaarli.phpFpm.pool;
b892dcbe	186	dokuwiki = dokuwiki.phpFpm.pool;
f80772dc	187	ldap = ldap.phpFpm.pool;
46f30ecc	188	rainloop = rainloop.phpFpm.pool;
d4ed0eff	189	kanboard = kanboard.phpFpm.pool;
0aae0181 IB	190	devtools = ''
	191	listen = /var/run/phpfpm/devtools.sock
	192	user = wwwrun
	193	group = wwwrun
	194	listen.owner = wwwrun
	195	listen.group = wwwrun
	196	pm = dynamic
	197	pm.max_children = 60
	198	pm.start_servers = 2
	199	pm.min_spare_servers = 1
	200	pm.max_spare_servers = 10
	201
	202	php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp"
	203	'';
1922655a IB	204	tools = ''
	205	listen = /var/run/phpfpm/tools.sock
	206	user = wwwrun
	207	group = wwwrun
	208	listen.owner = wwwrun
	209	listen.group = wwwrun
	210	pm = dynamic
	211	pm.max_children = 60
	212	pm.start_servers = 2
	213	pm.min_spare_servers = 1
	214	pm.max_spare_servers = 10
	215
	216	; Needed to avoid clashes in browser cookies (same domain)
	217	php_value[session.name] = ToolsPHPSESSID
	218	php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
	219	'';
10889174 IB	220	};
	221
	222	system.activationScripts = {
	223	ttrss = ttrss.activationScript;
	224	roundcubemail = roundcubemail.activationScript;
aebd817b	225	wallabag = wallabag.activationScript;
133ebaee	226	yourls = yourls.activationScript;
bfe3c9c9	227	rompr = rompr.activationScript;
95b20e17	228	shaarli = shaarli.activationScript;
b892dcbe	229	dokuwiki = dokuwiki.activationScript;
46f30ecc	230	rainloop = rainloop.activationScript;
d4ed0eff	231	kanboard = kanboard.activationScript;
10889174 IB	232	};
10889174 IB	233
a95ab089 IB	234	system.extraSystemBuilderCmds = ''
	235	mkdir -p $out/webapps
	236	ln -s ${dokuwiki.webRoot} $out/webapps/${dokuwiki.apache.webappName}
	237	ln -s ${ldap.webRoot}/htdocs $out/webapps/${ldap.apache.webappName}
	238	ln -s ${rompr.webRoot} $out/webapps/${rompr.apache.webappName}
	239	ln -s ${roundcubemail.webRoot} $out/webapps/${roundcubemail.apache.webappName}
	240	ln -s ${shaarli.webRoot} $out/webapps/${shaarli.apache.webappName}
	241	ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName}
	242	ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName}
	243	ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName}
46f30ecc	244	ln -s ${rainloop.webRoot} $out/webapps/${rainloop.apache.webappName}
d4ed0eff	245	ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName}
a95ab089 IB	246	'';
a95ab089 IB	247
2368a4b7	248	nixpkgs.overlays = [ (self: super: rec {
914dd76c IB	249	ympd = super.ympd.overrideAttrs(old: mylibs.fetchedGithub ./ympd.json // {
	250	patches = (old.patches or []) ++ [ ./ympd-password-env.patch ];
	251	});
2368a4b7	252	}) ];
e229e6f2	253
10889174 IB	254	systemd.services.tt-rss = {
	255	description = "Tiny Tiny RSS feeds update daemon";
	256	serviceConfig = {
	257	User = "wwwrun";
	258	ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
	259	StandardOutput = "syslog";
	260	StandardError = "syslog";
	261	PermissionsStartOnly = true;
	262	};
	263
	264	wantedBy = [ "multi-user.target" ];
	265	requires = ["postgresql.service"];
	266	after = ["network.target" "postgresql.service"];
	267	};
	268
	269	};
	270	}
	271