[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / tools / default.nix

{ lib, pkgs, config, myconfig,  ... }:
let
    adminer = pkgs.callPackage ../../commons/adminer.nix {};
    ympd = pkgs.callPackage ./ympd.nix {
      env = myconfig.env.tools.ympd;
    };
    ttrss = pkgs.callPackage ./ttrss.nix {
      inherit (pkgs.webapps) ttrss ttrss-plugins;
      env = myconfig.env.tools.ttrss;
    };
    roundcubemail = pkgs.callPackage ./roundcubemail.nix {
      inherit (pkgs.webapps) roundcubemail roundcubemail-plugins roundcubemail-skins;
      env = myconfig.env.tools.roundcubemail;
    };
    rainloop = pkgs.callPackage ./rainloop.nix  {};
    kanboard = pkgs.callPackage ./kanboard.nix  {
      env = myconfig.env.tools.kanboard;
    };
    wallabag = pkgs.callPackage ./wallabag.nix {
      inherit (pkgs.webapps) wallabag;
      env = myconfig.env.tools.wallabag;
    };
    yourls = pkgs.callPackage ./yourls.nix {
      inherit (pkgs.webapps) yourls yourls-plugins;
      env = myconfig.env.tools.yourls;
    };
    rompr = pkgs.callPackage ./rompr.nix {
      inherit (pkgs.webapps) rompr;
      env = myconfig.env.tools.rompr;
    };
    shaarli = pkgs.callPackage ./shaarli.nix {
      env = myconfig.env.tools.shaarli;
    };
    dokuwiki = pkgs.callPackage ./dokuwiki.nix {
      inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
    };
    ldap = pkgs.callPackage ./ldap.nix {
      inherit (pkgs.webapps) phpldapadmin;
      env = myconfig.env.tools.phpldapadmin;
    };

    cfg = config.services.myWebsites.tools.tools;
in {
  options.services.myWebsites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    secrets.keys =
      kanboard.keys
      ++ ldap.keys
      ++ roundcubemail.keys
      ++ shaarli.keys
      ++ ttrss.keys
      ++ wallabag.keys
      ++ yourls.keys;

    services.websites.integration.modules =
      rainloop.apache.modules;

    services.websites.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ roundcubemail.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    systemd.services.ympd = {
      description = "Standalone MPD Web GUI written in C";
      wantedBy = [ "multi-user.target" ];
      script = ''
        export MPD_PASSWORD=$(cat /var/secrets/mpd)
        ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
        '';
    };

    services.websites.integration.vhostConfs.devtools = {
      certName    = "eldiron";
      addToCerts  = true;
      hosts       = ["devtools.immae.eu" ];
      root        = "/var/lib/ftp/devtools.immae.eu";
      extraConfig = [
        ''
          <Directory "/var/lib/ftp/devtools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:/var/run/phpfpm/devtools.sock|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        rainloop.apache.vhostConf
      ];
    };

    services.websites.tools.vhostConfs.tools = {
      certName    = "eldiron";
      addToCerts  = true;
      hosts       = ["tools.immae.eu" ];
      root        = "/var/lib/ftp/tools.immae.eu";
      extraConfig = [
        ''
          <Directory "/var/lib/ftp/tools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:/var/run/phpfpm/tools.sock|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        adminer.apache.vhostConf
        ympd.apache.vhostConf
        ttrss.apache.vhostConf
        roundcubemail.apache.vhostConf
        wallabag.apache.vhostConf
        yourls.apache.vhostConf
        rompr.apache.vhostConf
        shaarli.apache.vhostConf
        dokuwiki.apache.vhostConf
        ldap.apache.vhostConf
        kanboard.apache.vhostConf
      ];
    };

    services.websites.tools.vhostConfs.outils = {
      certName   = "eldiron";
      addToCerts = true;
      hosts      = [ "outils.immae.eu" ];
      root       = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    services.myPhpfpm.serviceDependencies = {
      dokuwiki = dokuwiki.phpFpm.serviceDeps;
      kanboard = kanboard.phpFpm.serviceDeps;
      ldap = ldap.phpFpm.serviceDeps;
      rainloop = rainloop.phpFpm.serviceDeps;
      roundcubemail = roundcubemail.phpFpm.serviceDeps;
      shaarli = shaarli.phpFpm.serviceDeps;
      ttrss = ttrss.phpFpm.serviceDeps;
      wallabag = wallabag.phpFpm.serviceDeps;
      yourls = yourls.phpFpm.serviceDeps;
    };

    services.myPhpfpm.poolPhpConfigs = {
      devtools = ''
        extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
        extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
        zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
        '';
      roundcubemail = roundcubemail.phpFpm.phpConfig;
    };
    services.myPhpfpm.preStart = {
      wallabag = wallabag.phpFpm.preStart;
    };
    services.myPhpfpm.poolConfigs = {
      adminer = adminer.phpFpm.pool;
      ttrss = ttrss.phpFpm.pool;
      roundcubemail = roundcubemail.phpFpm.pool;
      wallabag = wallabag.phpFpm.pool;
      yourls = yourls.phpFpm.pool;
      rompr = rompr.phpFpm.pool;
      shaarli = shaarli.phpFpm.pool;
      dokuwiki = dokuwiki.phpFpm.pool;
      ldap = ldap.phpFpm.pool;
      rainloop = rainloop.phpFpm.pool;
      kanboard = kanboard.phpFpm.pool;
      devtools = ''
        listen = /var/run/phpfpm/devtools.sock
        user = wwwrun
        group = wwwrun
        listen.owner = wwwrun
        listen.group = wwwrun
        pm = dynamic
        pm.max_children = 60
        pm.start_servers = 2
        pm.min_spare_servers = 1
        pm.max_spare_servers = 10

        php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp"
        '';
      tools = ''
        listen = /var/run/phpfpm/tools.sock
        user = wwwrun
        group = wwwrun
        listen.owner = wwwrun
        listen.group = wwwrun
        pm = dynamic
        pm.max_children = 60
        pm.start_servers = 2
        pm.min_spare_servers = 1
        pm.max_spare_servers = 10

        ; Needed to avoid clashes in browser cookies (same domain)
        php_value[session.name] = ToolsPHPSESSID
        php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
        '';
    };

    system.activationScripts = {
      ttrss = ttrss.activationScript;
      roundcubemail = roundcubemail.activationScript;
      wallabag = wallabag.activationScript;
      yourls = yourls.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      rainloop = rainloop.activationScript;
      kanboard = kanboard.activationScript;
    };

    system.extraSystemBuilderCmds = ''
      mkdir -p $out/webapps
      ln -s ${dokuwiki.webRoot} $out/webapps/${dokuwiki.apache.webappName}
      ln -s ${ldap.webRoot}/htdocs $out/webapps/${ldap.apache.webappName}
      ln -s ${rompr.webRoot} $out/webapps/${rompr.apache.webappName}
      ln -s ${roundcubemail.webRoot} $out/webapps/${roundcubemail.apache.webappName}
      ln -s ${shaarli.webRoot} $out/webapps/${shaarli.apache.webappName}
      ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName}
      ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName}
      ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName}
      ln -s ${rainloop.webRoot} $out/webapps/${rainloop.apache.webappName}
      ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName}
      '';

    systemd.services.tt-rss = {
      description = "Tiny Tiny RSS feeds update daemon";
      serviceConfig = {
        User = "wwwrun";
        ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
        StandardOutput = "syslog";
        StandardError = "syslog";
        PermissionsStartOnly = true;
      };

      wantedBy = [ "multi-user.target" ];
      requires = ["postgresql.service"];
      after = ["network.target" "postgresql.service"];
    };

  };
}
Commit	Line	Data
8a964143	1	{ lib, pkgs, config, myconfig, ... }:
10889174 IB	2	let
10889174 IB	3	adminer = pkgs.callPackage ../../commons/adminer.nix {};
bfe3c9c9 IB	4	ympd = pkgs.callPackage ./ympd.nix {
	5	env = myconfig.env.tools.ympd;
	6	};
9d90e7e2	7	ttrss = pkgs.callPackage ./ttrss.nix {
86663f17	8	inherit (pkgs.webapps) ttrss ttrss-plugins;
9d90e7e2 IB	9	env = myconfig.env.tools.ttrss;
9d90e7e2 IB	10	};
8a2ccf84	11	roundcubemail = pkgs.callPackage ./roundcubemail.nix {
fffbbb56	12	inherit (pkgs.webapps) roundcubemail roundcubemail-plugins roundcubemail-skins;
8a2ccf84 IB	13	env = myconfig.env.tools.roundcubemail;
8a2ccf84 IB	14	};
46f30ecc	15	rainloop = pkgs.callPackage ./rainloop.nix {};
d4ed0eff	16	kanboard = pkgs.callPackage ./kanboard.nix {
d4ed0eff IB	17	env = myconfig.env.tools.kanboard;
d4ed0eff IB	18	};
fd2d83bd IB	19	wallabag = pkgs.callPackage ./wallabag.nix {
	20	inherit (pkgs.webapps) wallabag;
	21	env = myconfig.env.tools.wallabag;
	22	};
133ebaee	23	yourls = pkgs.callPackage ./yourls.nix {
b44b42a1	24	inherit (pkgs.webapps) yourls yourls-plugins;
133ebaee IB	25	env = myconfig.env.tools.yourls;
133ebaee IB	26	};
bfe3c9c9	27	rompr = pkgs.callPackage ./rompr.nix {
5dbe7ba1	28	inherit (pkgs.webapps) rompr;
bfe3c9c9 IB	29	env = myconfig.env.tools.rompr;
bfe3c9c9 IB	30	};
95b20e17 IB	31	shaarli = pkgs.callPackage ./shaarli.nix {
	32	env = myconfig.env.tools.shaarli;
	33	};
b892dcbe	34	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
c9d13ae3	35	inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
b892dcbe	36	};
f80772dc	37	ldap = pkgs.callPackage ./ldap.nix {
f5efae0f	38	inherit (pkgs.webapps) phpldapadmin;
f80772dc IB	39	env = myconfig.env.tools.phpldapadmin;
f80772dc IB	40	};
10889174 IB	41
	42	cfg = config.services.myWebsites.tools.tools;
	43	in {
	44	options.services.myWebsites.tools.tools = {
	45	enable = lib.mkEnableOption "enable tools website";
	46	};
	47
	48	config = lib.mkIf cfg.enable {
1a718805	49	secrets.keys =
a840a21c	50	kanboard.keys
8db8e666 IB	51	++ ldap.keys
	52	++ roundcubemail.keys
	53	++ shaarli.keys
	54	++ ttrss.keys
	55	++ wallabag.keys
	56	++ yourls.keys;
98163486	57
daf64e3f	58	services.websites.integration.modules =
46f30ecc	59	rainloop.apache.modules;
10889174	60
daf64e3f	61	services.websites.tools.modules =
1922655a IB	62	[ "proxy_fcgi" ]
1922655a IB	63	++ adminer.apache.modules
10889174 IB	64	++ ympd.apache.modules
10889174 IB	65	++ ttrss.apache.modules
aebd817b	66	++ roundcubemail.apache.modules
133ebaee	67	++ wallabag.apache.modules
bfe3c9c9	68	++ yourls.apache.modules
95b20e17	69	++ rompr.apache.modules
b892dcbe	70	++ shaarli.apache.modules
f80772dc	71	++ dokuwiki.apache.modules
d4ed0eff IB	72	++ ldap.apache.modules
d4ed0eff IB	73	++ kanboard.apache.modules;
10889174	74
914dd76c IB	75	systemd.services.ympd = {
	76	description = "Standalone MPD Web GUI written in C";
	77	wantedBy = [ "multi-user.target" ];
	78	script = ''
742697c9	79	export MPD_PASSWORD=$(cat /var/secrets/mpd)
914dd76c IB	80	${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
	81	'';
	82	};
10889174	83
daf64e3f	84	services.websites.integration.vhostConfs.devtools = {
46f30ecc	85	certName = "eldiron";
7df420c2	86	addToCerts = true;
46f30ecc	87	hosts = ["devtools.immae.eu" ];
0aae0181	88	root = "/var/lib/ftp/devtools.immae.eu";
46f30ecc	89	extraConfig = [
0aae0181 IB	90	''
	91	<Directory "/var/lib/ftp/devtools.immae.eu">
	92	DirectoryIndex index.php index.htm index.html
	93	AllowOverride all
	94	Require all granted
	95	<FilesMatch "\.php$">
	96	SetHandler "proxy:unix:/var/run/phpfpm/devtools.sock\|fcgi://localhost"
	97	</FilesMatch>
	98	</Directory>
	99	''
46f30ecc IB	100	rainloop.apache.vhostConf
	101	];
	102	};
	103
daf64e3f	104	services.websites.tools.vhostConfs.tools = {
10889174	105	certName = "eldiron";
7df420c2	106	addToCerts = true;
10889174	107	hosts = ["tools.immae.eu" ];
1922655a	108	root = "/var/lib/ftp/tools.immae.eu";
10889174	109	extraConfig = [
1922655a IB	110	''
1922655a IB	111	<Directory "/var/lib/ftp/tools.immae.eu">
0eaac6ba	112	DirectoryIndex index.php index.htm index.html
1922655a IB	113	AllowOverride all
	114	Require all granted
	115	<FilesMatch "\.php$">
	116	SetHandler "proxy:unix:/var/run/phpfpm/tools.sock\|fcgi://localhost"
	117	</FilesMatch>
	118	</Directory>
	119	''
10889174 IB	120	adminer.apache.vhostConf
	121	ympd.apache.vhostConf
	122	ttrss.apache.vhostConf
	123	roundcubemail.apache.vhostConf
aebd817b	124	wallabag.apache.vhostConf
133ebaee	125	yourls.apache.vhostConf
bfe3c9c9	126	rompr.apache.vhostConf
95b20e17	127	shaarli.apache.vhostConf
b892dcbe	128	dokuwiki.apache.vhostConf
f80772dc	129	ldap.apache.vhostConf
d4ed0eff	130	kanboard.apache.vhostConf
10889174 IB	131	];
	132	};
	133
daf64e3f	134	services.websites.tools.vhostConfs.outils = {
7df420c2 IB	135	certName = "eldiron";
	136	addToCerts = true;
	137	hosts = [ "outils.immae.eu" ];
	138	root = null;
70606070 IB	139	extraConfig = [
	140	''
	141	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	142
	143	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	144
	145	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	146	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	147
	148	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	149	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	150	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	151	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	152
	153	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	154
	155	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	156	''
	157	];
	158	};
	159
a840a21c IB	160	services.myPhpfpm.serviceDependencies = {
	161	dokuwiki = dokuwiki.phpFpm.serviceDeps;
	162	kanboard = kanboard.phpFpm.serviceDeps;
	163	ldap = ldap.phpFpm.serviceDeps;
	164	rainloop = rainloop.phpFpm.serviceDeps;
	165	roundcubemail = roundcubemail.phpFpm.serviceDeps;
5f08b34c	166	shaarli = shaarli.phpFpm.serviceDeps;
a840a21c IB	167	ttrss = ttrss.phpFpm.serviceDeps;
	168	wallabag = wallabag.phpFpm.serviceDeps;
	169	yourls = yourls.phpFpm.serviceDeps;
	170	};
	171
b7d2d4e3	172	services.myPhpfpm.poolPhpConfigs = {
0aae0181 IB	173	devtools = ''
	174	extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
	175	extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
	176	zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
	177	'';
b7d2d4e3 IB	178	roundcubemail = roundcubemail.phpFpm.phpConfig;
b7d2d4e3 IB	179	};
8eded9ec IB	180	services.myPhpfpm.preStart = {
	181	wallabag = wallabag.phpFpm.preStart;
	182	};
10889174 IB	183	services.myPhpfpm.poolConfigs = {
	184	adminer = adminer.phpFpm.pool;
	185	ttrss = ttrss.phpFpm.pool;
	186	roundcubemail = roundcubemail.phpFpm.pool;
aebd817b	187	wallabag = wallabag.phpFpm.pool;
133ebaee	188	yourls = yourls.phpFpm.pool;
bfe3c9c9	189	rompr = rompr.phpFpm.pool;
95b20e17	190	shaarli = shaarli.phpFpm.pool;
b892dcbe	191	dokuwiki = dokuwiki.phpFpm.pool;
f80772dc	192	ldap = ldap.phpFpm.pool;
46f30ecc	193	rainloop = rainloop.phpFpm.pool;
d4ed0eff	194	kanboard = kanboard.phpFpm.pool;
0aae0181 IB	195	devtools = ''
	196	listen = /var/run/phpfpm/devtools.sock
	197	user = wwwrun
	198	group = wwwrun
	199	listen.owner = wwwrun
	200	listen.group = wwwrun
	201	pm = dynamic
	202	pm.max_children = 60
	203	pm.start_servers = 2
	204	pm.min_spare_servers = 1
	205	pm.max_spare_servers = 10
	206
	207	php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp"
	208	'';
1922655a IB	209	tools = ''
	210	listen = /var/run/phpfpm/tools.sock
	211	user = wwwrun
	212	group = wwwrun
	213	listen.owner = wwwrun
	214	listen.group = wwwrun
	215	pm = dynamic
	216	pm.max_children = 60
	217	pm.start_servers = 2
	218	pm.min_spare_servers = 1
	219	pm.max_spare_servers = 10
	220
	221	; Needed to avoid clashes in browser cookies (same domain)
	222	php_value[session.name] = ToolsPHPSESSID
	223	php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
	224	'';
10889174 IB	225	};
	226
	227	system.activationScripts = {
	228	ttrss = ttrss.activationScript;
	229	roundcubemail = roundcubemail.activationScript;
aebd817b	230	wallabag = wallabag.activationScript;
133ebaee	231	yourls = yourls.activationScript;
bfe3c9c9	232	rompr = rompr.activationScript;
95b20e17	233	shaarli = shaarli.activationScript;
b892dcbe	234	dokuwiki = dokuwiki.activationScript;
46f30ecc	235	rainloop = rainloop.activationScript;
d4ed0eff	236	kanboard = kanboard.activationScript;
10889174 IB	237	};
10889174 IB	238
a95ab089 IB	239	system.extraSystemBuilderCmds = ''
	240	mkdir -p $out/webapps
	241	ln -s ${dokuwiki.webRoot} $out/webapps/${dokuwiki.apache.webappName}
	242	ln -s ${ldap.webRoot}/htdocs $out/webapps/${ldap.apache.webappName}
	243	ln -s ${rompr.webRoot} $out/webapps/${rompr.apache.webappName}
	244	ln -s ${roundcubemail.webRoot} $out/webapps/${roundcubemail.apache.webappName}
	245	ln -s ${shaarli.webRoot} $out/webapps/${shaarli.apache.webappName}
	246	ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName}
	247	ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName}
	248	ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName}
46f30ecc	249	ln -s ${rainloop.webRoot} $out/webapps/${rainloop.apache.webappName}
d4ed0eff	250	ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName}
a95ab089 IB	251	'';
a95ab089 IB	252
10889174 IB	253	systemd.services.tt-rss = {
	254	description = "Tiny Tiny RSS feeds update daemon";
	255	serviceConfig = {
	256	User = "wwwrun";
	257	ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
	258	StandardOutput = "syslog";
	259	StandardError = "syslog";
	260	PermissionsStartOnly = true;
	261	};
	262
	263	wantedBy = [ "multi-user.target" ];
	264	requires = ["postgresql.service"];
	265	after = ["network.target" "postgresql.service"];
	266	};
	267
	268	};
	269	}
	270