[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / tools / default.nix

{ lib, pkgs, config, myconfig, mylibs, ... }:
let
    adminer = pkgs.callPackage ../../commons/adminer.nix {};
    ympd = pkgs.callPackage ./ympd.nix {
      env = myconfig.env.tools.ympd;
    };
    ttrss = pkgs.callPackage ./ttrss.nix {
      inherit (mylibs) fetchedGithub fetchedGit;
      env = myconfig.env.tools.ttrss;
    };
    roundcubemail = pkgs.callPackage ./roundcubemail.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.roundcubemail;
    };
    rainloop = pkgs.callPackage ./rainloop.nix  {};
    kanboard = pkgs.callPackage ./kanboard.nix  {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.kanboard;
    };
    wallabag = pkgs.callPackage ./wallabag.nix { env = myconfig.env.tools.wallabag; };
    yourls = pkgs.callPackage ./yourls.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.yourls;
    };
    rompr = pkgs.callPackage ./rompr.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.rompr;
    };
    shaarli = pkgs.callPackage ./shaarli.nix {
      env = myconfig.env.tools.shaarli;
    };
    dokuwiki = pkgs.callPackage ./dokuwiki.nix {
      inherit (mylibs) fetchedGithub;
    };
    ldap = pkgs.callPackage ./ldap.nix {
      env = myconfig.env.tools.phpldapadmin;
    };

    cfg = config.services.myWebsites.tools.tools;
in {
  options.services.myWebsites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
    security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null;

    deployment.keys = kanboard.keys;

    services.myWebsites.integration.modules =
      rainloop.apache.modules;

    services.myWebsites.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ roundcubemail.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    services.ympd = ympd.config // { enable = true; };

    services.myWebsites.integration.vhostConfs.devtools = {
      certName    = "eldiron";
      hosts       = ["devtools.immae.eu" ];
      root        = null;
      extraConfig = [
        rainloop.apache.vhostConf
      ];
    };

    services.myWebsites.tools.vhostConfs.tools = {
      certName    = "eldiron";
      hosts       = ["tools.immae.eu" ];
      root        = "/var/lib/ftp/tools.immae.eu";
      extraConfig = [
        ''
          <Directory "/var/lib/ftp/tools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:/var/run/phpfpm/tools.sock|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        adminer.apache.vhostConf
        ympd.apache.vhostConf
        ttrss.apache.vhostConf
        roundcubemail.apache.vhostConf
        wallabag.apache.vhostConf
        yourls.apache.vhostConf
        rompr.apache.vhostConf
        shaarli.apache.vhostConf
        dokuwiki.apache.vhostConf
        ldap.apache.vhostConf
        kanboard.apache.vhostConf
      ];
    };

    security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null;
    services.myWebsites.tools.vhostConfs.outils = {
      certName = "eldiron";
      hosts    = [ "outils.immae.eu" ];
      root     = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    services.myPhpfpm.serviceDependencies.kanboard = kanboard.phpFpm.serviceDeps;
    services.myPhpfpm.poolPhpConfigs.roundcubemail = roundcubemail.phpFpm.phpConfig;
    services.myPhpfpm.poolConfigs = {
      adminer = adminer.phpFpm.pool;
      ttrss = ttrss.phpFpm.pool;
      roundcubemail = roundcubemail.phpFpm.pool;
      wallabag = wallabag.phpFpm.pool;
      yourls = yourls.phpFpm.pool;
      rompr = rompr.phpFpm.pool;
      shaarli = shaarli.phpFpm.pool;
      dokuwiki = dokuwiki.phpFpm.pool;
      ldap = ldap.phpFpm.pool;
      rainloop = rainloop.phpFpm.pool;
      kanboard = kanboard.phpFpm.pool;
      tools = ''
        listen = /var/run/phpfpm/tools.sock
        user = wwwrun
        group = wwwrun
        listen.owner = wwwrun
        listen.group = wwwrun
        pm = dynamic
        pm.max_children = 60
        pm.start_servers = 2
        pm.min_spare_servers = 1
        pm.max_spare_servers = 10

        ; Needed to avoid clashes in browser cookies (same domain)
        php_value[session.name] = ToolsPHPSESSID
        php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
        '';
    };

    system.activationScripts = {
      ttrss = ttrss.activationScript;
      roundcubemail = roundcubemail.activationScript;
      wallabag = wallabag.activationScript;
      yourls = yourls.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      rainloop = rainloop.activationScript;
      kanboard = kanboard.activationScript;
    };

    system.extraSystemBuilderCmds = ''
      mkdir -p $out/webapps
      ln -s ${dokuwiki.webRoot} $out/webapps/${dokuwiki.apache.webappName}
      ln -s ${ldap.webRoot}/htdocs $out/webapps/${ldap.apache.webappName}
      ln -s ${rompr.webRoot} $out/webapps/${rompr.apache.webappName}
      ln -s ${roundcubemail.webRoot} $out/webapps/${roundcubemail.apache.webappName}
      ln -s ${shaarli.webRoot} $out/webapps/${shaarli.apache.webappName}
      ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName}
      ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName}
      ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName}
      ln -s ${rainloop.webRoot} $out/webapps/${rainloop.apache.webappName}
      ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName}
      '';

    nixpkgs.overlays = [ (self: super: rec {
      ympd = super.ympd.overrideAttrs(old: mylibs.fetchedGithub ./ympd.json);
    }) ];

    systemd.services.tt-rss = {
      description = "Tiny Tiny RSS feeds update daemon";
      serviceConfig = {
        User = "wwwrun";
        ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
        StandardOutput = "syslog";
        StandardError = "syslog";
        PermissionsStartOnly = true;
      };

      wantedBy = [ "multi-user.target" ];
      requires = ["postgresql.service"];
      after = ["network.target" "postgresql.service"];
    };

  };
}
Commit	Line	Data
9d90e7e2	1	{ lib, pkgs, config, myconfig, mylibs, ... }:
10889174 IB	2	let
10889174 IB	3	adminer = pkgs.callPackage ../../commons/adminer.nix {};
bfe3c9c9 IB	4	ympd = pkgs.callPackage ./ympd.nix {
	5	env = myconfig.env.tools.ympd;
	6	};
9d90e7e2 IB	7	ttrss = pkgs.callPackage ./ttrss.nix {
	8	inherit (mylibs) fetchedGithub fetchedGit;
	9	env = myconfig.env.tools.ttrss;
	10	};
8a2ccf84 IB	11	roundcubemail = pkgs.callPackage ./roundcubemail.nix {
	12	inherit (mylibs) fetchedGithub;
	13	env = myconfig.env.tools.roundcubemail;
	14	};
46f30ecc	15	rainloop = pkgs.callPackage ./rainloop.nix {};
d4ed0eff IB	16	kanboard = pkgs.callPackage ./kanboard.nix {
	17	inherit (mylibs) fetchedGithub;
	18	env = myconfig.env.tools.kanboard;
	19	};
9d90e7e2	20	wallabag = pkgs.callPackage ./wallabag.nix { env = myconfig.env.tools.wallabag; };
133ebaee IB	21	yourls = pkgs.callPackage ./yourls.nix {
	22	inherit (mylibs) fetchedGithub;
	23	env = myconfig.env.tools.yourls;
	24	};
bfe3c9c9 IB	25	rompr = pkgs.callPackage ./rompr.nix {
	26	inherit (mylibs) fetchedGithub;
	27	env = myconfig.env.tools.rompr;
	28	};
95b20e17 IB	29	shaarli = pkgs.callPackage ./shaarli.nix {
	30	env = myconfig.env.tools.shaarli;
	31	};
b892dcbe IB	32	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
	33	inherit (mylibs) fetchedGithub;
	34	};
f80772dc IB	35	ldap = pkgs.callPackage ./ldap.nix {
	36	env = myconfig.env.tools.phpldapadmin;
	37	};
10889174 IB	38
	39	cfg = config.services.myWebsites.tools.tools;
	40	in {
	41	options.services.myWebsites.tools.tools = {
	42	enable = lib.mkEnableOption "enable tools website";
	43	};
	44
	45	config = lib.mkIf cfg.enable {
	46	security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
46f30ecc IB	47	security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null;
46f30ecc IB	48
98163486 IB	49	deployment.keys = kanboard.keys;
98163486 IB	50
46f30ecc IB	51	services.myWebsites.integration.modules =
46f30ecc IB	52	rainloop.apache.modules;
10889174 IB	53
10889174 IB	54	services.myWebsites.tools.modules =
1922655a IB	55	[ "proxy_fcgi" ]
1922655a IB	56	++ adminer.apache.modules
10889174 IB	57	++ ympd.apache.modules
10889174 IB	58	++ ttrss.apache.modules
aebd817b	59	++ roundcubemail.apache.modules
133ebaee	60	++ wallabag.apache.modules
bfe3c9c9	61	++ yourls.apache.modules
95b20e17	62	++ rompr.apache.modules
b892dcbe	63	++ shaarli.apache.modules
f80772dc	64	++ dokuwiki.apache.modules
d4ed0eff IB	65	++ ldap.apache.modules
d4ed0eff IB	66	++ kanboard.apache.modules;
10889174	67
bfe3c9c9	68	services.ympd = ympd.config // { enable = true; };
10889174	69
46f30ecc IB	70	services.myWebsites.integration.vhostConfs.devtools = {
	71	certName = "eldiron";
	72	hosts = ["devtools.immae.eu" ];
	73	root = null;
	74	extraConfig = [
	75	rainloop.apache.vhostConf
	76	];
	77	};
	78
10889174 IB	79	services.myWebsites.tools.vhostConfs.tools = {
	80	certName = "eldiron";
	81	hosts = ["tools.immae.eu" ];
1922655a	82	root = "/var/lib/ftp/tools.immae.eu";
10889174	83	extraConfig = [
1922655a IB	84	''
1922655a IB	85	<Directory "/var/lib/ftp/tools.immae.eu">
0eaac6ba	86	DirectoryIndex index.php index.htm index.html
1922655a IB	87	AllowOverride all
	88	Require all granted
	89	<FilesMatch "\.php$">
	90	SetHandler "proxy:unix:/var/run/phpfpm/tools.sock\|fcgi://localhost"
	91	</FilesMatch>
	92	</Directory>
	93	''
10889174 IB	94	adminer.apache.vhostConf
	95	ympd.apache.vhostConf
	96	ttrss.apache.vhostConf
	97	roundcubemail.apache.vhostConf
aebd817b	98	wallabag.apache.vhostConf
133ebaee	99	yourls.apache.vhostConf
bfe3c9c9	100	rompr.apache.vhostConf
95b20e17	101	shaarli.apache.vhostConf
b892dcbe	102	dokuwiki.apache.vhostConf
f80772dc	103	ldap.apache.vhostConf
d4ed0eff	104	kanboard.apache.vhostConf
10889174 IB	105	];
	106	};
	107
70606070 IB	108	security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null;
	109	services.myWebsites.tools.vhostConfs.outils = {
	110	certName = "eldiron";
	111	hosts = [ "outils.immae.eu" ];
	112	root = null;
	113	extraConfig = [
	114	''
	115	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	116
	117	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	118
	119	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	120	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	121
	122	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	123	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	124	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	125	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	126
	127	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	128
	129	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	130	''
	131	];
	132	};
	133
98163486	134	services.myPhpfpm.serviceDependencies.kanboard = kanboard.phpFpm.serviceDeps;
e2ca51b2	135	services.myPhpfpm.poolPhpConfigs.roundcubemail = roundcubemail.phpFpm.phpConfig;
10889174 IB	136	services.myPhpfpm.poolConfigs = {
	137	adminer = adminer.phpFpm.pool;
	138	ttrss = ttrss.phpFpm.pool;
	139	roundcubemail = roundcubemail.phpFpm.pool;
aebd817b	140	wallabag = wallabag.phpFpm.pool;
133ebaee	141	yourls = yourls.phpFpm.pool;
bfe3c9c9	142	rompr = rompr.phpFpm.pool;
95b20e17	143	shaarli = shaarli.phpFpm.pool;
b892dcbe	144	dokuwiki = dokuwiki.phpFpm.pool;
f80772dc	145	ldap = ldap.phpFpm.pool;
46f30ecc	146	rainloop = rainloop.phpFpm.pool;
d4ed0eff	147	kanboard = kanboard.phpFpm.pool;
1922655a IB	148	tools = ''
	149	listen = /var/run/phpfpm/tools.sock
	150	user = wwwrun
	151	group = wwwrun
	152	listen.owner = wwwrun
	153	listen.group = wwwrun
	154	pm = dynamic
	155	pm.max_children = 60
	156	pm.start_servers = 2
	157	pm.min_spare_servers = 1
	158	pm.max_spare_servers = 10
	159
	160	; Needed to avoid clashes in browser cookies (same domain)
	161	php_value[session.name] = ToolsPHPSESSID
	162	php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
	163	'';
10889174 IB	164	};
	165
	166	system.activationScripts = {
	167	ttrss = ttrss.activationScript;
	168	roundcubemail = roundcubemail.activationScript;
aebd817b	169	wallabag = wallabag.activationScript;
133ebaee	170	yourls = yourls.activationScript;
bfe3c9c9	171	rompr = rompr.activationScript;
95b20e17	172	shaarli = shaarli.activationScript;
b892dcbe	173	dokuwiki = dokuwiki.activationScript;
46f30ecc	174	rainloop = rainloop.activationScript;
d4ed0eff	175	kanboard = kanboard.activationScript;
10889174 IB	176	};
10889174 IB	177
a95ab089 IB	178	system.extraSystemBuilderCmds = ''
	179	mkdir -p $out/webapps
	180	ln -s ${dokuwiki.webRoot} $out/webapps/${dokuwiki.apache.webappName}
	181	ln -s ${ldap.webRoot}/htdocs $out/webapps/${ldap.apache.webappName}
	182	ln -s ${rompr.webRoot} $out/webapps/${rompr.apache.webappName}
	183	ln -s ${roundcubemail.webRoot} $out/webapps/${roundcubemail.apache.webappName}
	184	ln -s ${shaarli.webRoot} $out/webapps/${shaarli.apache.webappName}
	185	ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName}
	186	ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName}
	187	ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName}
46f30ecc	188	ln -s ${rainloop.webRoot} $out/webapps/${rainloop.apache.webappName}
d4ed0eff	189	ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName}
a95ab089 IB	190	'';
a95ab089 IB	191
2368a4b7 IB	192	nixpkgs.overlays = [ (self: super: rec {
	193	ympd = super.ympd.overrideAttrs(old: mylibs.fetchedGithub ./ympd.json);
	194	}) ];
e229e6f2	195
10889174 IB	196	systemd.services.tt-rss = {
	197	description = "Tiny Tiny RSS feeds update daemon";
	198	serviceConfig = {
	199	User = "wwwrun";
	200	ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
	201	StandardOutput = "syslog";
	202	StandardError = "syslog";
	203	PermissionsStartOnly = true;
	204	};
	205
	206	wantedBy = [ "multi-user.target" ];
	207	requires = ["postgresql.service"];
	208	after = ["network.target" "postgresql.service"];
	209	};
	210
	211	};
	212	}
	213