[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / tools / default.nix

{ lib, pkgs, config, myconfig, mylibs, ... }:
let
    adminer = pkgs.callPackage ../../commons/adminer.nix {};
    ympd = pkgs.callPackage ./ympd.nix {
      env = myconfig.env.tools.ympd;
    };
    ttrss = pkgs.callPackage ./ttrss.nix {
      inherit (mylibs) fetchedGithub fetchedGit;
      env = myconfig.env.tools.ttrss;
    };
    roundcubemail = pkgs.callPackage ./roundcubemail.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.roundcubemail;
    };
    rainloop = pkgs.callPackage ./rainloop.nix  {};
    kanboard = pkgs.callPackage ./kanboard.nix  {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.kanboard;
    };
    wallabag = pkgs.callPackage ./wallabag.nix { env = myconfig.env.tools.wallabag; };
    yourls = pkgs.callPackage ./yourls.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.yourls;
    };
    rompr = pkgs.callPackage ./rompr.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.rompr;
    };
    shaarli = pkgs.callPackage ./shaarli.nix {
      env = myconfig.env.tools.shaarli;
    };
    dokuwiki = pkgs.callPackage ./dokuwiki.nix {
      inherit (mylibs) fetchedGithub;
    };
    ldap = pkgs.callPackage ./ldap.nix {
      env = myconfig.env.tools.phpldapadmin;
    };

    cfg = config.services.myWebsites.tools.tools;
in {
  options.services.myWebsites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
    security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null;

    services.myWebsites.integration.modules =
      rainloop.apache.modules;

    services.myWebsites.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ roundcubemail.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    services.ympd = ympd.config // { enable = true; };

    services.myWebsites.integration.vhostConfs.devtools = {
      certName    = "eldiron";
      hosts       = ["devtools.immae.eu" ];
      root        = null;
      extraConfig = [
        rainloop.apache.vhostConf
      ];
    };

    services.myWebsites.tools.vhostConfs.tools = {
      certName    = "eldiron";
      hosts       = ["tools.immae.eu" ];
      root        = "/var/lib/ftp/tools.immae.eu";
      extraConfig = [
        ''
          <Directory "/var/lib/ftp/tools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:/var/run/phpfpm/tools.sock|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        adminer.apache.vhostConf
        ympd.apache.vhostConf
        ttrss.apache.vhostConf
        roundcubemail.apache.vhostConf
        wallabag.apache.vhostConf
        yourls.apache.vhostConf
        rompr.apache.vhostConf
        shaarli.apache.vhostConf
        dokuwiki.apache.vhostConf
        ldap.apache.vhostConf
        kanboard.apache.vhostConf
      ];
    };

    security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null;
    services.myWebsites.tools.vhostConfs.outils = {
      certName = "eldiron";
      hosts    = [ "outils.immae.eu" ];
      root     = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    services.myPhpfpm.poolConfigs = {
      adminer = adminer.phpFpm.pool;
      ttrss = ttrss.phpFpm.pool;
      roundcubemail = roundcubemail.phpFpm.pool;
      wallabag = wallabag.phpFpm.pool;
      yourls = yourls.phpFpm.pool;
      rompr = rompr.phpFpm.pool;
      shaarli = shaarli.phpFpm.pool;
      dokuwiki = dokuwiki.phpFpm.pool;
      ldap = ldap.phpFpm.pool;
      rainloop = rainloop.phpFpm.pool;
      kanboard = kanboard.phpFpm.pool;
      tools = ''
        listen = /var/run/phpfpm/tools.sock
        user = wwwrun
        group = wwwrun
        listen.owner = wwwrun
        listen.group = wwwrun
        pm = dynamic
        pm.max_children = 60
        pm.start_servers = 2
        pm.min_spare_servers = 1
        pm.max_spare_servers = 10

        ; Needed to avoid clashes in browser cookies (same domain)
        php_value[session.name] = ToolsPHPSESSID
        php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
        '';
    };

    system.activationScripts = {
      ttrss = ttrss.activationScript;
      roundcubemail = roundcubemail.activationScript;
      wallabag = wallabag.activationScript;
      yourls = yourls.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      rainloop = rainloop.activationScript;
      kanboard = kanboard.activationScript;
    };

    system.extraSystemBuilderCmds = ''
      mkdir -p $out/webapps
      ln -s ${dokuwiki.webRoot} $out/webapps/${dokuwiki.apache.webappName}
      ln -s ${ldap.webRoot}/htdocs $out/webapps/${ldap.apache.webappName}
      ln -s ${rompr.webRoot} $out/webapps/${rompr.apache.webappName}
      ln -s ${roundcubemail.webRoot} $out/webapps/${roundcubemail.apache.webappName}
      ln -s ${shaarli.webRoot} $out/webapps/${shaarli.apache.webappName}
      ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName}
      ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName}
      ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName}
      ln -s ${rainloop.webRoot} $out/webapps/${rainloop.apache.webappName}
      ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName}
      '';

    nixpkgs.overlays = [ (self: super: rec {
      ympd = super.ympd.overrideAttrs(old: mylibs.fetchedGithub ./ympd.json);
    }) ];

    systemd.services.tt-rss = {
      description = "Tiny Tiny RSS feeds update daemon";
      serviceConfig = {
        User = "wwwrun";
        ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
        StandardOutput = "syslog";
        StandardError = "syslog";
        PermissionsStartOnly = true;
      };

      wantedBy = [ "multi-user.target" ];
      requires = ["postgresql.service"];
      after = ["network.target" "postgresql.service"];
    };

  };
}
Commit	Line	Data
9d90e7e2	1	{ lib, pkgs, config, myconfig, mylibs, ... }:
10889174 IB	2	let
10889174 IB	3	adminer = pkgs.callPackage ../../commons/adminer.nix {};
bfe3c9c9 IB	4	ympd = pkgs.callPackage ./ympd.nix {
	5	env = myconfig.env.tools.ympd;
	6	};
9d90e7e2 IB	7	ttrss = pkgs.callPackage ./ttrss.nix {
	8	inherit (mylibs) fetchedGithub fetchedGit;
	9	env = myconfig.env.tools.ttrss;
	10	};
8a2ccf84 IB	11	roundcubemail = pkgs.callPackage ./roundcubemail.nix {
	12	inherit (mylibs) fetchedGithub;
	13	env = myconfig.env.tools.roundcubemail;
	14	};
46f30ecc	15	rainloop = pkgs.callPackage ./rainloop.nix {};
d4ed0eff IB	16	kanboard = pkgs.callPackage ./kanboard.nix {
	17	inherit (mylibs) fetchedGithub;
	18	env = myconfig.env.tools.kanboard;
	19	};
9d90e7e2	20	wallabag = pkgs.callPackage ./wallabag.nix { env = myconfig.env.tools.wallabag; };
133ebaee IB	21	yourls = pkgs.callPackage ./yourls.nix {
	22	inherit (mylibs) fetchedGithub;
	23	env = myconfig.env.tools.yourls;
	24	};
bfe3c9c9 IB	25	rompr = pkgs.callPackage ./rompr.nix {
	26	inherit (mylibs) fetchedGithub;
	27	env = myconfig.env.tools.rompr;
	28	};
95b20e17 IB	29	shaarli = pkgs.callPackage ./shaarli.nix {
	30	env = myconfig.env.tools.shaarli;
	31	};
b892dcbe IB	32	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
	33	inherit (mylibs) fetchedGithub;
	34	};
f80772dc IB	35	ldap = pkgs.callPackage ./ldap.nix {
	36	env = myconfig.env.tools.phpldapadmin;
	37	};
10889174 IB	38
	39	cfg = config.services.myWebsites.tools.tools;
	40	in {
	41	options.services.myWebsites.tools.tools = {
	42	enable = lib.mkEnableOption "enable tools website";
	43	};
	44
	45	config = lib.mkIf cfg.enable {
	46	security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
46f30ecc IB	47	security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null;
	48
	49	services.myWebsites.integration.modules =
	50	rainloop.apache.modules;
10889174 IB	51
10889174 IB	52	services.myWebsites.tools.modules =
1922655a IB	53	[ "proxy_fcgi" ]
1922655a IB	54	++ adminer.apache.modules
10889174 IB	55	++ ympd.apache.modules
10889174 IB	56	++ ttrss.apache.modules
aebd817b	57	++ roundcubemail.apache.modules
133ebaee	58	++ wallabag.apache.modules
bfe3c9c9	59	++ yourls.apache.modules
95b20e17	60	++ rompr.apache.modules
b892dcbe	61	++ shaarli.apache.modules
f80772dc	62	++ dokuwiki.apache.modules
d4ed0eff IB	63	++ ldap.apache.modules
d4ed0eff IB	64	++ kanboard.apache.modules;
10889174	65
bfe3c9c9	66	services.ympd = ympd.config // { enable = true; };
10889174	67
46f30ecc IB	68	services.myWebsites.integration.vhostConfs.devtools = {
	69	certName = "eldiron";
	70	hosts = ["devtools.immae.eu" ];
	71	root = null;
	72	extraConfig = [
	73	rainloop.apache.vhostConf
	74	];
	75	};
	76
10889174 IB	77	services.myWebsites.tools.vhostConfs.tools = {
	78	certName = "eldiron";
	79	hosts = ["tools.immae.eu" ];
1922655a	80	root = "/var/lib/ftp/tools.immae.eu";
10889174	81	extraConfig = [
1922655a IB	82	''
1922655a IB	83	<Directory "/var/lib/ftp/tools.immae.eu">
0eaac6ba	84	DirectoryIndex index.php index.htm index.html
1922655a IB	85	AllowOverride all
	86	Require all granted
	87	<FilesMatch "\.php$">
	88	SetHandler "proxy:unix:/var/run/phpfpm/tools.sock\|fcgi://localhost"
	89	</FilesMatch>
	90	</Directory>
	91	''
10889174 IB	92	adminer.apache.vhostConf
	93	ympd.apache.vhostConf
	94	ttrss.apache.vhostConf
	95	roundcubemail.apache.vhostConf
aebd817b	96	wallabag.apache.vhostConf
133ebaee	97	yourls.apache.vhostConf
bfe3c9c9	98	rompr.apache.vhostConf
95b20e17	99	shaarli.apache.vhostConf
b892dcbe	100	dokuwiki.apache.vhostConf
f80772dc	101	ldap.apache.vhostConf
d4ed0eff	102	kanboard.apache.vhostConf
10889174 IB	103	];
	104	};
	105
70606070 IB	106	security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null;
	107	services.myWebsites.tools.vhostConfs.outils = {
	108	certName = "eldiron";
	109	hosts = [ "outils.immae.eu" ];
	110	root = null;
	111	extraConfig = [
	112	''
	113	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	114
	115	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	116
	117	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	118	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	119
	120	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	121	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	122	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	123	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	124
	125	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	126
	127	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	128	''
	129	];
	130	};
	131
10889174 IB	132	services.myPhpfpm.poolConfigs = {
	133	adminer = adminer.phpFpm.pool;
	134	ttrss = ttrss.phpFpm.pool;
	135	roundcubemail = roundcubemail.phpFpm.pool;
aebd817b	136	wallabag = wallabag.phpFpm.pool;
133ebaee	137	yourls = yourls.phpFpm.pool;
bfe3c9c9	138	rompr = rompr.phpFpm.pool;
95b20e17	139	shaarli = shaarli.phpFpm.pool;
b892dcbe	140	dokuwiki = dokuwiki.phpFpm.pool;
f80772dc	141	ldap = ldap.phpFpm.pool;
46f30ecc	142	rainloop = rainloop.phpFpm.pool;
d4ed0eff	143	kanboard = kanboard.phpFpm.pool;
1922655a IB	144	tools = ''
	145	listen = /var/run/phpfpm/tools.sock
	146	user = wwwrun
	147	group = wwwrun
	148	listen.owner = wwwrun
	149	listen.group = wwwrun
	150	pm = dynamic
	151	pm.max_children = 60
	152	pm.start_servers = 2
	153	pm.min_spare_servers = 1
	154	pm.max_spare_servers = 10
	155
	156	; Needed to avoid clashes in browser cookies (same domain)
	157	php_value[session.name] = ToolsPHPSESSID
	158	php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
	159	'';
10889174 IB	160	};
	161
	162	system.activationScripts = {
	163	ttrss = ttrss.activationScript;
	164	roundcubemail = roundcubemail.activationScript;
aebd817b	165	wallabag = wallabag.activationScript;
133ebaee	166	yourls = yourls.activationScript;
bfe3c9c9	167	rompr = rompr.activationScript;
95b20e17	168	shaarli = shaarli.activationScript;
b892dcbe	169	dokuwiki = dokuwiki.activationScript;
46f30ecc	170	rainloop = rainloop.activationScript;
d4ed0eff	171	kanboard = kanboard.activationScript;
10889174 IB	172	};
10889174 IB	173
a95ab089 IB	174	system.extraSystemBuilderCmds = ''
	175	mkdir -p $out/webapps
	176	ln -s ${dokuwiki.webRoot} $out/webapps/${dokuwiki.apache.webappName}
	177	ln -s ${ldap.webRoot}/htdocs $out/webapps/${ldap.apache.webappName}
	178	ln -s ${rompr.webRoot} $out/webapps/${rompr.apache.webappName}
	179	ln -s ${roundcubemail.webRoot} $out/webapps/${roundcubemail.apache.webappName}
	180	ln -s ${shaarli.webRoot} $out/webapps/${shaarli.apache.webappName}
	181	ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName}
	182	ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName}
	183	ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName}
46f30ecc	184	ln -s ${rainloop.webRoot} $out/webapps/${rainloop.apache.webappName}
d4ed0eff	185	ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName}
a95ab089 IB	186	'';
a95ab089 IB	187
2368a4b7 IB	188	nixpkgs.overlays = [ (self: super: rec {
	189	ympd = super.ympd.overrideAttrs(old: mylibs.fetchedGithub ./ympd.json);
	190	}) ];
e229e6f2	191
10889174 IB	192	systemd.services.tt-rss = {
	193	description = "Tiny Tiny RSS feeds update daemon";
	194	serviceConfig = {
	195	User = "wwwrun";
	196	ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
	197	StandardOutput = "syslog";
	198	StandardError = "syslog";
	199	PermissionsStartOnly = true;
	200	};
	201
	202	wantedBy = [ "multi-user.target" ];
	203	requires = ["postgresql.service"];
	204	after = ["network.target" "postgresql.service"];
	205	};
	206
	207	};
	208	}
	209