[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / tools / default.nix

{ lib, pkgs, config, myconfig, mylibs, ... }:
let
    adminer = pkgs.callPackage ../../commons/adminer.nix {};
    ympd = pkgs.callPackage ./ympd.nix {
      env = myconfig.env.tools.ympd;
    };
    ttrss = pkgs.callPackage ./ttrss.nix {
      inherit (mylibs) fetchedGithub fetchedGit;
      env = myconfig.env.tools.ttrss;
    };
    roundcubemail = pkgs.callPackage ./roundcubemail.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.roundcubemail;
    };
    rainloop = pkgs.callPackage ./rainloop.nix  {};
    kanboard = pkgs.callPackage ./kanboard.nix  {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.kanboard;
    };
    wallabag = pkgs.callPackage ./wallabag.nix { env = myconfig.env.tools.wallabag; };
    yourls = pkgs.callPackage ./yourls.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.yourls;
    };
    rompr = pkgs.callPackage ./rompr.nix {
      inherit (pkgs.webapps) rompr;
      env = myconfig.env.tools.rompr;
    };
    shaarli = pkgs.callPackage ./shaarli.nix {
      env = myconfig.env.tools.shaarli;
    };
    dokuwiki = pkgs.callPackage ./dokuwiki.nix {
      inherit (mylibs) fetchedGithub;
    };
    ldap = pkgs.callPackage ./ldap.nix {
      inherit (pkgs.webapps) phpldapadmin;
      env = myconfig.env.tools.phpldapadmin;
    };

    cfg = config.services.myWebsites.tools.tools;
in {
  options.services.myWebsites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
    security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null;

    mySecrets.keys =
      kanboard.keys
      ++ ldap.keys
      ++ roundcubemail.keys
      ++ shaarli.keys
      ++ ttrss.keys
      ++ wallabag.keys
      ++ yourls.keys;

    services.myWebsites.integration.modules =
      rainloop.apache.modules;

    services.myWebsites.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ roundcubemail.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    systemd.services.ympd = {
      description = "Standalone MPD Web GUI written in C";
      wantedBy = [ "multi-user.target" ];
      script = ''
        export MPD_PASSWORD=$(cat /var/secrets/mpd)
        ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
        '';
    };

    services.myWebsites.integration.vhostConfs.devtools = {
      certName    = "eldiron";
      hosts       = ["devtools.immae.eu" ];
      root        = "/var/lib/ftp/devtools.immae.eu";
      extraConfig = [
        ''
          <Directory "/var/lib/ftp/devtools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:/var/run/phpfpm/devtools.sock|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        rainloop.apache.vhostConf
      ];
    };

    services.myWebsites.tools.vhostConfs.tools = {
      certName    = "eldiron";
      hosts       = ["tools.immae.eu" ];
      root        = "/var/lib/ftp/tools.immae.eu";
      extraConfig = [
        ''
          <Directory "/var/lib/ftp/tools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:/var/run/phpfpm/tools.sock|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        adminer.apache.vhostConf
        ympd.apache.vhostConf
        ttrss.apache.vhostConf
        roundcubemail.apache.vhostConf
        wallabag.apache.vhostConf
        yourls.apache.vhostConf
        rompr.apache.vhostConf
        shaarli.apache.vhostConf
        dokuwiki.apache.vhostConf
        ldap.apache.vhostConf
        kanboard.apache.vhostConf
      ];
    };

    security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null;
    services.myWebsites.tools.vhostConfs.outils = {
      certName = "eldiron";
      hosts    = [ "outils.immae.eu" ];
      root     = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    services.myPhpfpm.serviceDependencies = {
      dokuwiki = dokuwiki.phpFpm.serviceDeps;
      kanboard = kanboard.phpFpm.serviceDeps;
      ldap = ldap.phpFpm.serviceDeps;
      rainloop = rainloop.phpFpm.serviceDeps;
      roundcubemail = roundcubemail.phpFpm.serviceDeps;
      shaarli = shaarli.phpFpm.serviceDeps;
      ttrss = ttrss.phpFpm.serviceDeps;
      wallabag = wallabag.phpFpm.serviceDeps;
      yourls = yourls.phpFpm.serviceDeps;
    };

    services.myPhpfpm.poolPhpConfigs = {
      devtools = ''
        extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
        extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
        zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
        '';
      roundcubemail = roundcubemail.phpFpm.phpConfig;
    };
    services.myPhpfpm.preStart = {
      wallabag = wallabag.phpFpm.preStart;
    };
    services.myPhpfpm.poolConfigs = {
      adminer = adminer.phpFpm.pool;
      ttrss = ttrss.phpFpm.pool;
      roundcubemail = roundcubemail.phpFpm.pool;
      wallabag = wallabag.phpFpm.pool;
      yourls = yourls.phpFpm.pool;
      rompr = rompr.phpFpm.pool;
      shaarli = shaarli.phpFpm.pool;
      dokuwiki = dokuwiki.phpFpm.pool;
      ldap = ldap.phpFpm.pool;
      rainloop = rainloop.phpFpm.pool;
      kanboard = kanboard.phpFpm.pool;
      devtools = ''
        listen = /var/run/phpfpm/devtools.sock
        user = wwwrun
        group = wwwrun
        listen.owner = wwwrun
        listen.group = wwwrun
        pm = dynamic
        pm.max_children = 60
        pm.start_servers = 2
        pm.min_spare_servers = 1
        pm.max_spare_servers = 10

        php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp"
        '';
      tools = ''
        listen = /var/run/phpfpm/tools.sock
        user = wwwrun
        group = wwwrun
        listen.owner = wwwrun
        listen.group = wwwrun
        pm = dynamic
        pm.max_children = 60
        pm.start_servers = 2
        pm.min_spare_servers = 1
        pm.max_spare_servers = 10

        ; Needed to avoid clashes in browser cookies (same domain)
        php_value[session.name] = ToolsPHPSESSID
        php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
        '';
    };

    system.activationScripts = {
      ttrss = ttrss.activationScript;
      roundcubemail = roundcubemail.activationScript;
      wallabag = wallabag.activationScript;
      yourls = yourls.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      rainloop = rainloop.activationScript;
      kanboard = kanboard.activationScript;
    };

    system.extraSystemBuilderCmds = ''
      mkdir -p $out/webapps
      ln -s ${dokuwiki.webRoot} $out/webapps/${dokuwiki.apache.webappName}
      ln -s ${ldap.webRoot}/htdocs $out/webapps/${ldap.apache.webappName}
      ln -s ${rompr.webRoot} $out/webapps/${rompr.apache.webappName}
      ln -s ${roundcubemail.webRoot} $out/webapps/${roundcubemail.apache.webappName}
      ln -s ${shaarli.webRoot} $out/webapps/${shaarli.apache.webappName}
      ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName}
      ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName}
      ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName}
      ln -s ${rainloop.webRoot} $out/webapps/${rainloop.apache.webappName}
      ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName}
      '';

    systemd.services.tt-rss = {
      description = "Tiny Tiny RSS feeds update daemon";
      serviceConfig = {
        User = "wwwrun";
        ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
        StandardOutput = "syslog";
        StandardError = "syslog";
        PermissionsStartOnly = true;
      };

      wantedBy = [ "multi-user.target" ];
      requires = ["postgresql.service"];
      after = ["network.target" "postgresql.service"];
    };

  };
}
Commit	Line	Data
9d90e7e2	1	{ lib, pkgs, config, myconfig, mylibs, ... }:
10889174 IB	2	let
10889174 IB	3	adminer = pkgs.callPackage ../../commons/adminer.nix {};
bfe3c9c9 IB	4	ympd = pkgs.callPackage ./ympd.nix {
	5	env = myconfig.env.tools.ympd;
	6	};
9d90e7e2 IB	7	ttrss = pkgs.callPackage ./ttrss.nix {
	8	inherit (mylibs) fetchedGithub fetchedGit;
	9	env = myconfig.env.tools.ttrss;
	10	};
8a2ccf84 IB	11	roundcubemail = pkgs.callPackage ./roundcubemail.nix {
	12	inherit (mylibs) fetchedGithub;
	13	env = myconfig.env.tools.roundcubemail;
	14	};
46f30ecc	15	rainloop = pkgs.callPackage ./rainloop.nix {};
d4ed0eff IB	16	kanboard = pkgs.callPackage ./kanboard.nix {
	17	inherit (mylibs) fetchedGithub;
	18	env = myconfig.env.tools.kanboard;
	19	};
9d90e7e2	20	wallabag = pkgs.callPackage ./wallabag.nix { env = myconfig.env.tools.wallabag; };
133ebaee IB	21	yourls = pkgs.callPackage ./yourls.nix {
	22	inherit (mylibs) fetchedGithub;
	23	env = myconfig.env.tools.yourls;
	24	};
bfe3c9c9	25	rompr = pkgs.callPackage ./rompr.nix {
5dbe7ba1	26	inherit (pkgs.webapps) rompr;
bfe3c9c9 IB	27	env = myconfig.env.tools.rompr;
bfe3c9c9 IB	28	};
95b20e17 IB	29	shaarli = pkgs.callPackage ./shaarli.nix {
	30	env = myconfig.env.tools.shaarli;
	31	};
b892dcbe IB	32	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
	33	inherit (mylibs) fetchedGithub;
	34	};
f80772dc	35	ldap = pkgs.callPackage ./ldap.nix {
f5efae0f	36	inherit (pkgs.webapps) phpldapadmin;
f80772dc IB	37	env = myconfig.env.tools.phpldapadmin;
f80772dc IB	38	};
10889174 IB	39
	40	cfg = config.services.myWebsites.tools.tools;
	41	in {
	42	options.services.myWebsites.tools.tools = {
	43	enable = lib.mkEnableOption "enable tools website";
	44	};
	45
	46	config = lib.mkIf cfg.enable {
	47	security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
46f30ecc IB	48	security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null;
46f30ecc IB	49
8db8e666	50	mySecrets.keys =
a840a21c	51	kanboard.keys
8db8e666 IB	52	++ ldap.keys
	53	++ roundcubemail.keys
	54	++ shaarli.keys
	55	++ ttrss.keys
	56	++ wallabag.keys
	57	++ yourls.keys;
98163486	58
46f30ecc IB	59	services.myWebsites.integration.modules =
46f30ecc IB	60	rainloop.apache.modules;
10889174 IB	61
10889174 IB	62	services.myWebsites.tools.modules =
1922655a IB	63	[ "proxy_fcgi" ]
1922655a IB	64	++ adminer.apache.modules
10889174 IB	65	++ ympd.apache.modules
10889174 IB	66	++ ttrss.apache.modules
aebd817b	67	++ roundcubemail.apache.modules
133ebaee	68	++ wallabag.apache.modules
bfe3c9c9	69	++ yourls.apache.modules
95b20e17	70	++ rompr.apache.modules
b892dcbe	71	++ shaarli.apache.modules
f80772dc	72	++ dokuwiki.apache.modules
d4ed0eff IB	73	++ ldap.apache.modules
d4ed0eff IB	74	++ kanboard.apache.modules;
10889174	75
914dd76c IB	76	systemd.services.ympd = {
	77	description = "Standalone MPD Web GUI written in C";
	78	wantedBy = [ "multi-user.target" ];
	79	script = ''
742697c9	80	export MPD_PASSWORD=$(cat /var/secrets/mpd)
914dd76c IB	81	${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
	82	'';
	83	};
10889174	84
46f30ecc IB	85	services.myWebsites.integration.vhostConfs.devtools = {
	86	certName = "eldiron";
	87	hosts = ["devtools.immae.eu" ];
0aae0181	88	root = "/var/lib/ftp/devtools.immae.eu";
46f30ecc	89	extraConfig = [
0aae0181 IB	90	''
	91	<Directory "/var/lib/ftp/devtools.immae.eu">
	92	DirectoryIndex index.php index.htm index.html
	93	AllowOverride all
	94	Require all granted
	95	<FilesMatch "\.php$">
	96	SetHandler "proxy:unix:/var/run/phpfpm/devtools.sock\|fcgi://localhost"
	97	</FilesMatch>
	98	</Directory>
	99	''
46f30ecc IB	100	rainloop.apache.vhostConf
	101	];
	102	};
	103
10889174 IB	104	services.myWebsites.tools.vhostConfs.tools = {
	105	certName = "eldiron";
	106	hosts = ["tools.immae.eu" ];
1922655a	107	root = "/var/lib/ftp/tools.immae.eu";
10889174	108	extraConfig = [
1922655a IB	109	''
1922655a IB	110	<Directory "/var/lib/ftp/tools.immae.eu">
0eaac6ba	111	DirectoryIndex index.php index.htm index.html
1922655a IB	112	AllowOverride all
	113	Require all granted
	114	<FilesMatch "\.php$">
	115	SetHandler "proxy:unix:/var/run/phpfpm/tools.sock\|fcgi://localhost"
	116	</FilesMatch>
	117	</Directory>
	118	''
10889174 IB	119	adminer.apache.vhostConf
	120	ympd.apache.vhostConf
	121	ttrss.apache.vhostConf
	122	roundcubemail.apache.vhostConf
aebd817b	123	wallabag.apache.vhostConf
133ebaee	124	yourls.apache.vhostConf
bfe3c9c9	125	rompr.apache.vhostConf
95b20e17	126	shaarli.apache.vhostConf
b892dcbe	127	dokuwiki.apache.vhostConf
f80772dc	128	ldap.apache.vhostConf
d4ed0eff	129	kanboard.apache.vhostConf
10889174 IB	130	];
	131	};
	132
70606070 IB	133	security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null;
	134	services.myWebsites.tools.vhostConfs.outils = {
	135	certName = "eldiron";
	136	hosts = [ "outils.immae.eu" ];
	137	root = null;
	138	extraConfig = [
	139	''
	140	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	141
	142	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	143
	144	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	145	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	146
	147	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	148	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	149	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	150	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	151
	152	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	153
	154	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	155	''
	156	];
	157	};
	158
a840a21c IB	159	services.myPhpfpm.serviceDependencies = {
	160	dokuwiki = dokuwiki.phpFpm.serviceDeps;
	161	kanboard = kanboard.phpFpm.serviceDeps;
	162	ldap = ldap.phpFpm.serviceDeps;
	163	rainloop = rainloop.phpFpm.serviceDeps;
	164	roundcubemail = roundcubemail.phpFpm.serviceDeps;
5f08b34c	165	shaarli = shaarli.phpFpm.serviceDeps;
a840a21c IB	166	ttrss = ttrss.phpFpm.serviceDeps;
	167	wallabag = wallabag.phpFpm.serviceDeps;
	168	yourls = yourls.phpFpm.serviceDeps;
	169	};
	170
b7d2d4e3	171	services.myPhpfpm.poolPhpConfigs = {
0aae0181 IB	172	devtools = ''
	173	extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
	174	extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
	175	zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
	176	'';
b7d2d4e3 IB	177	roundcubemail = roundcubemail.phpFpm.phpConfig;
b7d2d4e3 IB	178	};
8eded9ec IB	179	services.myPhpfpm.preStart = {
	180	wallabag = wallabag.phpFpm.preStart;
	181	};
10889174 IB	182	services.myPhpfpm.poolConfigs = {
	183	adminer = adminer.phpFpm.pool;
	184	ttrss = ttrss.phpFpm.pool;
	185	roundcubemail = roundcubemail.phpFpm.pool;
aebd817b	186	wallabag = wallabag.phpFpm.pool;
133ebaee	187	yourls = yourls.phpFpm.pool;
bfe3c9c9	188	rompr = rompr.phpFpm.pool;
95b20e17	189	shaarli = shaarli.phpFpm.pool;
b892dcbe	190	dokuwiki = dokuwiki.phpFpm.pool;
f80772dc	191	ldap = ldap.phpFpm.pool;
46f30ecc	192	rainloop = rainloop.phpFpm.pool;
d4ed0eff	193	kanboard = kanboard.phpFpm.pool;
0aae0181 IB	194	devtools = ''
	195	listen = /var/run/phpfpm/devtools.sock
	196	user = wwwrun
	197	group = wwwrun
	198	listen.owner = wwwrun
	199	listen.group = wwwrun
	200	pm = dynamic
	201	pm.max_children = 60
	202	pm.start_servers = 2
	203	pm.min_spare_servers = 1
	204	pm.max_spare_servers = 10
	205
	206	php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp"
	207	'';
1922655a IB	208	tools = ''
	209	listen = /var/run/phpfpm/tools.sock
	210	user = wwwrun
	211	group = wwwrun
	212	listen.owner = wwwrun
	213	listen.group = wwwrun
	214	pm = dynamic
	215	pm.max_children = 60
	216	pm.start_servers = 2
	217	pm.min_spare_servers = 1
	218	pm.max_spare_servers = 10
	219
	220	; Needed to avoid clashes in browser cookies (same domain)
	221	php_value[session.name] = ToolsPHPSESSID
	222	php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
	223	'';
10889174 IB	224	};
	225
	226	system.activationScripts = {
	227	ttrss = ttrss.activationScript;
	228	roundcubemail = roundcubemail.activationScript;
aebd817b	229	wallabag = wallabag.activationScript;
133ebaee	230	yourls = yourls.activationScript;
bfe3c9c9	231	rompr = rompr.activationScript;
95b20e17	232	shaarli = shaarli.activationScript;
b892dcbe	233	dokuwiki = dokuwiki.activationScript;
46f30ecc	234	rainloop = rainloop.activationScript;
d4ed0eff	235	kanboard = kanboard.activationScript;
10889174 IB	236	};
10889174 IB	237
a95ab089 IB	238	system.extraSystemBuilderCmds = ''
	239	mkdir -p $out/webapps
	240	ln -s ${dokuwiki.webRoot} $out/webapps/${dokuwiki.apache.webappName}
	241	ln -s ${ldap.webRoot}/htdocs $out/webapps/${ldap.apache.webappName}
	242	ln -s ${rompr.webRoot} $out/webapps/${rompr.apache.webappName}
	243	ln -s ${roundcubemail.webRoot} $out/webapps/${roundcubemail.apache.webappName}
	244	ln -s ${shaarli.webRoot} $out/webapps/${shaarli.apache.webappName}
	245	ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName}
	246	ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName}
	247	ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName}
46f30ecc	248	ln -s ${rainloop.webRoot} $out/webapps/${rainloop.apache.webappName}
d4ed0eff	249	ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName}
a95ab089 IB	250	'';
a95ab089 IB	251
10889174 IB	252	systemd.services.tt-rss = {
	253	description = "Tiny Tiny RSS feeds update daemon";
	254	serviceConfig = {
	255	User = "wwwrun";
	256	ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
	257	StandardOutput = "syslog";
	258	StandardError = "syslog";
	259	PermissionsStartOnly = true;
	260	};
	261
	262	wantedBy = [ "multi-user.target" ];
	263	requires = ["postgresql.service"];
	264	after = ["network.target" "postgresql.service"];
	265	};
	266
	267	};
	268	}
	269