[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / tools / default.nix

{ lib, pkgs, config, myconfig, mylibs, ... }:
let
    adminer = pkgs.callPackage ../../commons/adminer.nix {};
    ympd = pkgs.callPackage ./ympd.nix {
      env = myconfig.env.tools.ympd;
    };
    ttrss = pkgs.callPackage ./ttrss.nix {
      inherit (mylibs) fetchedGithub fetchedGit;
      env = myconfig.env.tools.ttrss;
    };
    roundcubemail = pkgs.callPackage ./roundcubemail.nix { env = myconfig.env.tools.roundcubemail; };
    wallabag = pkgs.callPackage ./wallabag.nix { env = myconfig.env.tools.wallabag; };
    yourls = pkgs.callPackage ./yourls.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.yourls;
    };
    rompr = pkgs.callPackage ./rompr.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.rompr;
    };
    shaarli = pkgs.callPackage ./shaarli.nix {
      env = myconfig.env.tools.shaarli;
    };
    dokuwiki = pkgs.callPackage ./dokuwiki.nix {
      inherit (mylibs) fetchedGithub;
    };
    ldap = pkgs.callPackage ./ldap.nix {
      env = myconfig.env.tools.phpldapadmin;
    };

    cfg = config.services.myWebsites.tools.tools;
in {
  options.services.myWebsites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;

    services.myWebsites.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ roundcubemail.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ ldap.apache.modules;

    services.ympd = ympd.config // { enable = true; };

    services.myWebsites.tools.vhostConfs.tools = {
      certName    = "eldiron";
      hosts       = ["tools.immae.eu" ];
      root        = "/var/lib/ftp/tools.immae.eu";
      extraConfig = [
        ''
          <Directory "/var/lib/ftp/tools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:/var/run/phpfpm/tools.sock|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        adminer.apache.vhostConf
        ympd.apache.vhostConf
        ttrss.apache.vhostConf
        roundcubemail.apache.vhostConf
        wallabag.apache.vhostConf
        yourls.apache.vhostConf
        rompr.apache.vhostConf
        shaarli.apache.vhostConf
        dokuwiki.apache.vhostConf
        ldap.apache.vhostConf
      ];
    };

    security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null;
    services.myWebsites.tools.vhostConfs.outils = {
      certName = "eldiron";
      hosts    = [ "outils.immae.eu" ];
      root     = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    services.myPhpfpm.poolConfigs = {
      adminer = adminer.phpFpm.pool;
      ttrss = ttrss.phpFpm.pool;
      roundcubemail = roundcubemail.phpFpm.pool;
      wallabag = wallabag.phpFpm.pool;
      yourls = yourls.phpFpm.pool;
      rompr = rompr.phpFpm.pool;
      shaarli = shaarli.phpFpm.pool;
      dokuwiki = dokuwiki.phpFpm.pool;
      ldap = ldap.phpFpm.pool;
      tools = ''
        listen = /var/run/phpfpm/tools.sock
        user = wwwrun
        group = wwwrun
        listen.owner = wwwrun
        listen.group = wwwrun
        pm = dynamic
        pm.max_children = 60
        pm.start_servers = 2
        pm.min_spare_servers = 1
        pm.max_spare_servers = 10

        ; Needed to avoid clashes in browser cookies (same domain)
        php_value[session.name] = ToolsPHPSESSID
        php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
        '';
    };

    system.activationScripts = {
      ttrss = ttrss.activationScript;
      roundcubemail = roundcubemail.activationScript;
      wallabag = wallabag.activationScript;
      yourls = yourls.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
    };

    system.extraSystemBuilderCmds = ''
      mkdir -p $out/webapps
      ln -s ${dokuwiki.webRoot} $out/webapps/${dokuwiki.apache.webappName}
      ln -s ${ldap.webRoot}/htdocs $out/webapps/${ldap.apache.webappName}
      ln -s ${rompr.webRoot} $out/webapps/${rompr.apache.webappName}
      ln -s ${roundcubemail.webRoot} $out/webapps/${roundcubemail.apache.webappName}
      ln -s ${shaarli.webRoot} $out/webapps/${shaarli.apache.webappName}
      ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName}
      ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName}
      ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName}
      '';

    nixpkgs.config.packageOverrides = oldpkgs: rec {
      ympd = oldpkgs.ympd.overrideAttrs(old: mylibs.fetchedGithub ./ympd.json);
    };

    systemd.services.tt-rss = {
      description = "Tiny Tiny RSS feeds update daemon";
      serviceConfig = {
        User = "wwwrun";
        ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
        StandardOutput = "syslog";
        StandardError = "syslog";
        PermissionsStartOnly = true;
      };

      wantedBy = [ "multi-user.target" ];
      requires = ["postgresql.service"];
      after = ["network.target" "postgresql.service"];
    };

  };
}
Commit	Line	Data
9d90e7e2	1	{ lib, pkgs, config, myconfig, mylibs, ... }:
10889174 IB	2	let
10889174 IB	3	adminer = pkgs.callPackage ../../commons/adminer.nix {};
bfe3c9c9 IB	4	ympd = pkgs.callPackage ./ympd.nix {
	5	env = myconfig.env.tools.ympd;
	6	};
9d90e7e2 IB	7	ttrss = pkgs.callPackage ./ttrss.nix {
	8	inherit (mylibs) fetchedGithub fetchedGit;
	9	env = myconfig.env.tools.ttrss;
	10	};
	11	roundcubemail = pkgs.callPackage ./roundcubemail.nix { env = myconfig.env.tools.roundcubemail; };
	12	wallabag = pkgs.callPackage ./wallabag.nix { env = myconfig.env.tools.wallabag; };
133ebaee IB	13	yourls = pkgs.callPackage ./yourls.nix {
	14	inherit (mylibs) fetchedGithub;
	15	env = myconfig.env.tools.yourls;
	16	};
bfe3c9c9 IB	17	rompr = pkgs.callPackage ./rompr.nix {
	18	inherit (mylibs) fetchedGithub;
	19	env = myconfig.env.tools.rompr;
	20	};
95b20e17 IB	21	shaarli = pkgs.callPackage ./shaarli.nix {
	22	env = myconfig.env.tools.shaarli;
	23	};
b892dcbe IB	24	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
	25	inherit (mylibs) fetchedGithub;
	26	};
f80772dc IB	27	ldap = pkgs.callPackage ./ldap.nix {
	28	env = myconfig.env.tools.phpldapadmin;
	29	};
10889174 IB	30
	31	cfg = config.services.myWebsites.tools.tools;
	32	in {
	33	options.services.myWebsites.tools.tools = {
	34	enable = lib.mkEnableOption "enable tools website";
	35	};
	36
	37	config = lib.mkIf cfg.enable {
	38	security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
	39
	40	services.myWebsites.tools.modules =
1922655a IB	41	[ "proxy_fcgi" ]
1922655a IB	42	++ adminer.apache.modules
10889174 IB	43	++ ympd.apache.modules
10889174 IB	44	++ ttrss.apache.modules
aebd817b	45	++ roundcubemail.apache.modules
133ebaee	46	++ wallabag.apache.modules
bfe3c9c9	47	++ yourls.apache.modules
95b20e17	48	++ rompr.apache.modules
b892dcbe	49	++ shaarli.apache.modules
f80772dc IB	50	++ dokuwiki.apache.modules
f80772dc IB	51	++ ldap.apache.modules;
10889174	52
bfe3c9c9	53	services.ympd = ympd.config // { enable = true; };
10889174 IB	54
	55	services.myWebsites.tools.vhostConfs.tools = {
	56	certName = "eldiron";
	57	hosts = ["tools.immae.eu" ];
1922655a	58	root = "/var/lib/ftp/tools.immae.eu";
10889174	59	extraConfig = [
1922655a IB	60	''
1922655a IB	61	<Directory "/var/lib/ftp/tools.immae.eu">
0eaac6ba	62	DirectoryIndex index.php index.htm index.html
1922655a IB	63	AllowOverride all
	64	Require all granted
	65	<FilesMatch "\.php$">
	66	SetHandler "proxy:unix:/var/run/phpfpm/tools.sock\|fcgi://localhost"
	67	</FilesMatch>
	68	</Directory>
	69	''
10889174 IB	70	adminer.apache.vhostConf
	71	ympd.apache.vhostConf
	72	ttrss.apache.vhostConf
	73	roundcubemail.apache.vhostConf
aebd817b	74	wallabag.apache.vhostConf
133ebaee	75	yourls.apache.vhostConf
bfe3c9c9	76	rompr.apache.vhostConf
95b20e17	77	shaarli.apache.vhostConf
b892dcbe	78	dokuwiki.apache.vhostConf
f80772dc	79	ldap.apache.vhostConf
10889174 IB	80	];
	81	};
	82
70606070 IB	83	security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null;
	84	services.myWebsites.tools.vhostConfs.outils = {
	85	certName = "eldiron";
	86	hosts = [ "outils.immae.eu" ];
	87	root = null;
	88	extraConfig = [
	89	''
	90	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	91
	92	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	93
	94	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	95	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	96
	97	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	98	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	99	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	100	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	101
	102	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	103
	104	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	105	''
	106	];
	107	};
	108
10889174 IB	109	services.myPhpfpm.poolConfigs = {
	110	adminer = adminer.phpFpm.pool;
	111	ttrss = ttrss.phpFpm.pool;
	112	roundcubemail = roundcubemail.phpFpm.pool;
aebd817b	113	wallabag = wallabag.phpFpm.pool;
133ebaee	114	yourls = yourls.phpFpm.pool;
bfe3c9c9	115	rompr = rompr.phpFpm.pool;
95b20e17	116	shaarli = shaarli.phpFpm.pool;
b892dcbe	117	dokuwiki = dokuwiki.phpFpm.pool;
f80772dc	118	ldap = ldap.phpFpm.pool;
1922655a IB	119	tools = ''
	120	listen = /var/run/phpfpm/tools.sock
	121	user = wwwrun
	122	group = wwwrun
	123	listen.owner = wwwrun
	124	listen.group = wwwrun
	125	pm = dynamic
	126	pm.max_children = 60
	127	pm.start_servers = 2
	128	pm.min_spare_servers = 1
	129	pm.max_spare_servers = 10
	130
	131	; Needed to avoid clashes in browser cookies (same domain)
	132	php_value[session.name] = ToolsPHPSESSID
	133	php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
	134	'';
10889174 IB	135	};
	136
	137	system.activationScripts = {
	138	ttrss = ttrss.activationScript;
	139	roundcubemail = roundcubemail.activationScript;
aebd817b	140	wallabag = wallabag.activationScript;
133ebaee	141	yourls = yourls.activationScript;
bfe3c9c9	142	rompr = rompr.activationScript;
95b20e17	143	shaarli = shaarli.activationScript;
b892dcbe	144	dokuwiki = dokuwiki.activationScript;
10889174 IB	145	};
10889174 IB	146
a95ab089 IB	147	system.extraSystemBuilderCmds = ''
	148	mkdir -p $out/webapps
	149	ln -s ${dokuwiki.webRoot} $out/webapps/${dokuwiki.apache.webappName}
	150	ln -s ${ldap.webRoot}/htdocs $out/webapps/${ldap.apache.webappName}
	151	ln -s ${rompr.webRoot} $out/webapps/${rompr.apache.webappName}
	152	ln -s ${roundcubemail.webRoot} $out/webapps/${roundcubemail.apache.webappName}
	153	ln -s ${shaarli.webRoot} $out/webapps/${shaarli.apache.webappName}
	154	ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName}
	155	ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName}
	156	ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName}
	157	'';
	158
e229e6f2 IB	159	nixpkgs.config.packageOverrides = oldpkgs: rec {
	160	ympd = oldpkgs.ympd.overrideAttrs(old: mylibs.fetchedGithub ./ympd.json);
	161	};
	162
10889174 IB	163	systemd.services.tt-rss = {
	164	description = "Tiny Tiny RSS feeds update daemon";
	165	serviceConfig = {
	166	User = "wwwrun";
	167	ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
	168	StandardOutput = "syslog";
	169	StandardError = "syslog";
	170	PermissionsStartOnly = true;
	171	};
	172
	173	wantedBy = [ "multi-user.target" ];
	174	requires = ["postgresql.service"];
	175	after = ["network.target" "postgresql.service"];
	176	};
	177
	178	};
	179	}
	180