[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / tools / default.nix

{ lib, pkgs, config, myconfig, mylibs, ... }:
let
    adminer = pkgs.callPackage ../../commons/adminer.nix {};
    ympd = pkgs.callPackage ./ympd.nix {
      env = myconfig.env.tools.ympd;
    };
    ttrss = pkgs.callPackage ./ttrss.nix {
      inherit (mylibs) fetchedGithub fetchedGit;
      env = myconfig.env.tools.ttrss;
    };
    roundcubemail = pkgs.callPackage ./roundcubemail.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.roundcubemail;
    };
    rainloop = pkgs.callPackage ./rainloop.nix  {};
    kanboard = pkgs.callPackage ./kanboard.nix  {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.kanboard;
    };
    wallabag = pkgs.callPackage ./wallabag.nix { env = myconfig.env.tools.wallabag; };
    yourls = pkgs.callPackage ./yourls.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.yourls;
    };
    rompr = pkgs.callPackage ./rompr.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.rompr;
    };
    shaarli = pkgs.callPackage ./shaarli.nix {
      env = myconfig.env.tools.shaarli;
    };
    dokuwiki = pkgs.callPackage ./dokuwiki.nix {
      inherit (mylibs) fetchedGithub;
    };
    ldap = pkgs.callPackage ./ldap.nix {
      env = myconfig.env.tools.phpldapadmin;
    };

    cfg = config.services.myWebsites.tools.tools;
in {
  options.services.myWebsites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
    security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null;

    deployment.keys =
      kanboard.keys
      // ldap.keys
      // roundcubemail.keys
      // ttrss.keys
      // wallabag.keys
      // yourls.keys;

    services.myWebsites.integration.modules =
      rainloop.apache.modules;

    services.myWebsites.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ roundcubemail.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    services.ympd = ympd.config // { enable = true; };

    services.myWebsites.integration.vhostConfs.devtools = {
      certName    = "eldiron";
      hosts       = ["devtools.immae.eu" ];
      root        = null;
      extraConfig = [
        rainloop.apache.vhostConf
      ];
    };

    services.myWebsites.tools.vhostConfs.tools = {
      certName    = "eldiron";
      hosts       = ["tools.immae.eu" ];
      root        = "/var/lib/ftp/tools.immae.eu";
      extraConfig = [
        ''
          <Directory "/var/lib/ftp/tools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:/var/run/phpfpm/tools.sock|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        adminer.apache.vhostConf
        ympd.apache.vhostConf
        ttrss.apache.vhostConf
        roundcubemail.apache.vhostConf
        wallabag.apache.vhostConf
        yourls.apache.vhostConf
        rompr.apache.vhostConf
        shaarli.apache.vhostConf
        dokuwiki.apache.vhostConf
        ldap.apache.vhostConf
        kanboard.apache.vhostConf
      ];
    };

    security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null;
    services.myWebsites.tools.vhostConfs.outils = {
      certName = "eldiron";
      hosts    = [ "outils.immae.eu" ];
      root     = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    services.myPhpfpm.serviceDependencies = {
      dokuwiki = dokuwiki.phpFpm.serviceDeps;
      kanboard = kanboard.phpFpm.serviceDeps;
      ldap = ldap.phpFpm.serviceDeps;
      rainloop = rainloop.phpFpm.serviceDeps;
      roundcubemail = roundcubemail.phpFpm.serviceDeps;
      ttrss = ttrss.phpFpm.serviceDeps;
      wallabag = wallabag.phpFpm.serviceDeps;
      yourls = yourls.phpFpm.serviceDeps;
    };

    services.myPhpfpm.poolPhpConfigs.roundcubemail = roundcubemail.phpFpm.phpConfig;
    services.myPhpfpm.poolConfigs = {
      adminer = adminer.phpFpm.pool;
      ttrss = ttrss.phpFpm.pool;
      roundcubemail = roundcubemail.phpFpm.pool;
      wallabag = wallabag.phpFpm.pool;
      yourls = yourls.phpFpm.pool;
      rompr = rompr.phpFpm.pool;
      shaarli = shaarli.phpFpm.pool;
      dokuwiki = dokuwiki.phpFpm.pool;
      ldap = ldap.phpFpm.pool;
      rainloop = rainloop.phpFpm.pool;
      kanboard = kanboard.phpFpm.pool;
      tools = ''
        listen = /var/run/phpfpm/tools.sock
        user = wwwrun
        group = wwwrun
        listen.owner = wwwrun
        listen.group = wwwrun
        pm = dynamic
        pm.max_children = 60
        pm.start_servers = 2
        pm.min_spare_servers = 1
        pm.max_spare_servers = 10

        ; Needed to avoid clashes in browser cookies (same domain)
        php_value[session.name] = ToolsPHPSESSID
        php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
        '';
    };

    system.activationScripts = {
      ttrss = ttrss.activationScript;
      roundcubemail = roundcubemail.activationScript;
      wallabag = wallabag.activationScript;
      yourls = yourls.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      rainloop = rainloop.activationScript;
      kanboard = kanboard.activationScript;
    };

    system.extraSystemBuilderCmds = ''
      mkdir -p $out/webapps
      ln -s ${dokuwiki.webRoot} $out/webapps/${dokuwiki.apache.webappName}
      ln -s ${ldap.webRoot}/htdocs $out/webapps/${ldap.apache.webappName}
      ln -s ${rompr.webRoot} $out/webapps/${rompr.apache.webappName}
      ln -s ${roundcubemail.webRoot} $out/webapps/${roundcubemail.apache.webappName}
      ln -s ${shaarli.webRoot} $out/webapps/${shaarli.apache.webappName}
      ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName}
      ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName}
      ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName}
      ln -s ${rainloop.webRoot} $out/webapps/${rainloop.apache.webappName}
      ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName}
      '';

    nixpkgs.overlays = [ (self: super: rec {
      ympd = super.ympd.overrideAttrs(old: mylibs.fetchedGithub ./ympd.json);
    }) ];

    systemd.services.tt-rss = {
      description = "Tiny Tiny RSS feeds update daemon";
      serviceConfig = {
        User = "wwwrun";
        ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
        StandardOutput = "syslog";
        StandardError = "syslog";
        PermissionsStartOnly = true;
      };

      wantedBy = [ "multi-user.target" ];
      requires = ["postgresql.service"];
      after = ["network.target" "postgresql.service"];
    };

  };
}
Commit	Line	Data
9d90e7e2	1	{ lib, pkgs, config, myconfig, mylibs, ... }:
10889174 IB	2	let
10889174 IB	3	adminer = pkgs.callPackage ../../commons/adminer.nix {};
bfe3c9c9 IB	4	ympd = pkgs.callPackage ./ympd.nix {
	5	env = myconfig.env.tools.ympd;
	6	};
9d90e7e2 IB	7	ttrss = pkgs.callPackage ./ttrss.nix {
	8	inherit (mylibs) fetchedGithub fetchedGit;
	9	env = myconfig.env.tools.ttrss;
	10	};
8a2ccf84 IB	11	roundcubemail = pkgs.callPackage ./roundcubemail.nix {
	12	inherit (mylibs) fetchedGithub;
	13	env = myconfig.env.tools.roundcubemail;
	14	};
46f30ecc	15	rainloop = pkgs.callPackage ./rainloop.nix {};
d4ed0eff IB	16	kanboard = pkgs.callPackage ./kanboard.nix {
	17	inherit (mylibs) fetchedGithub;
	18	env = myconfig.env.tools.kanboard;
	19	};
9d90e7e2	20	wallabag = pkgs.callPackage ./wallabag.nix { env = myconfig.env.tools.wallabag; };
133ebaee IB	21	yourls = pkgs.callPackage ./yourls.nix {
	22	inherit (mylibs) fetchedGithub;
	23	env = myconfig.env.tools.yourls;
	24	};
bfe3c9c9 IB	25	rompr = pkgs.callPackage ./rompr.nix {
	26	inherit (mylibs) fetchedGithub;
	27	env = myconfig.env.tools.rompr;
	28	};
95b20e17 IB	29	shaarli = pkgs.callPackage ./shaarli.nix {
	30	env = myconfig.env.tools.shaarli;
	31	};
b892dcbe IB	32	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
	33	inherit (mylibs) fetchedGithub;
	34	};
f80772dc IB	35	ldap = pkgs.callPackage ./ldap.nix {
	36	env = myconfig.env.tools.phpldapadmin;
	37	};
10889174 IB	38
	39	cfg = config.services.myWebsites.tools.tools;
	40	in {
	41	options.services.myWebsites.tools.tools = {
	42	enable = lib.mkEnableOption "enable tools website";
	43	};
	44
	45	config = lib.mkIf cfg.enable {
	46	security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
46f30ecc IB	47	security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null;
46f30ecc IB	48
a840a21c IB	49	deployment.keys =
	50	kanboard.keys
	51	// ldap.keys
	52	// roundcubemail.keys
	53	// ttrss.keys
	54	// wallabag.keys
	55	// yourls.keys;
98163486	56
46f30ecc IB	57	services.myWebsites.integration.modules =
46f30ecc IB	58	rainloop.apache.modules;
10889174 IB	59
10889174 IB	60	services.myWebsites.tools.modules =
1922655a IB	61	[ "proxy_fcgi" ]
1922655a IB	62	++ adminer.apache.modules
10889174 IB	63	++ ympd.apache.modules
10889174 IB	64	++ ttrss.apache.modules
aebd817b	65	++ roundcubemail.apache.modules
133ebaee	66	++ wallabag.apache.modules
bfe3c9c9	67	++ yourls.apache.modules
95b20e17	68	++ rompr.apache.modules
b892dcbe	69	++ shaarli.apache.modules
f80772dc	70	++ dokuwiki.apache.modules
d4ed0eff IB	71	++ ldap.apache.modules
d4ed0eff IB	72	++ kanboard.apache.modules;
10889174	73
bfe3c9c9	74	services.ympd = ympd.config // { enable = true; };
10889174	75
46f30ecc IB	76	services.myWebsites.integration.vhostConfs.devtools = {
	77	certName = "eldiron";
	78	hosts = ["devtools.immae.eu" ];
	79	root = null;
	80	extraConfig = [
	81	rainloop.apache.vhostConf
	82	];
	83	};
	84
10889174 IB	85	services.myWebsites.tools.vhostConfs.tools = {
	86	certName = "eldiron";
	87	hosts = ["tools.immae.eu" ];
1922655a	88	root = "/var/lib/ftp/tools.immae.eu";
10889174	89	extraConfig = [
1922655a IB	90	''
1922655a IB	91	<Directory "/var/lib/ftp/tools.immae.eu">
0eaac6ba	92	DirectoryIndex index.php index.htm index.html
1922655a IB	93	AllowOverride all
	94	Require all granted
	95	<FilesMatch "\.php$">
	96	SetHandler "proxy:unix:/var/run/phpfpm/tools.sock\|fcgi://localhost"
	97	</FilesMatch>
	98	</Directory>
	99	''
10889174 IB	100	adminer.apache.vhostConf
	101	ympd.apache.vhostConf
	102	ttrss.apache.vhostConf
	103	roundcubemail.apache.vhostConf
aebd817b	104	wallabag.apache.vhostConf
133ebaee	105	yourls.apache.vhostConf
bfe3c9c9	106	rompr.apache.vhostConf
95b20e17	107	shaarli.apache.vhostConf
b892dcbe	108	dokuwiki.apache.vhostConf
f80772dc	109	ldap.apache.vhostConf
d4ed0eff	110	kanboard.apache.vhostConf
10889174 IB	111	];
	112	};
	113
70606070 IB	114	security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null;
	115	services.myWebsites.tools.vhostConfs.outils = {
	116	certName = "eldiron";
	117	hosts = [ "outils.immae.eu" ];
	118	root = null;
	119	extraConfig = [
	120	''
	121	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	122
	123	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	124
	125	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	126	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	127
	128	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	129	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	130	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	131	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	132
	133	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	134
	135	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	136	''
	137	];
	138	};
	139
a840a21c IB	140	services.myPhpfpm.serviceDependencies = {
	141	dokuwiki = dokuwiki.phpFpm.serviceDeps;
	142	kanboard = kanboard.phpFpm.serviceDeps;
	143	ldap = ldap.phpFpm.serviceDeps;
	144	rainloop = rainloop.phpFpm.serviceDeps;
	145	roundcubemail = roundcubemail.phpFpm.serviceDeps;
	146	ttrss = ttrss.phpFpm.serviceDeps;
	147	wallabag = wallabag.phpFpm.serviceDeps;
	148	yourls = yourls.phpFpm.serviceDeps;
	149	};
	150
e2ca51b2	151	services.myPhpfpm.poolPhpConfigs.roundcubemail = roundcubemail.phpFpm.phpConfig;
10889174 IB	152	services.myPhpfpm.poolConfigs = {
	153	adminer = adminer.phpFpm.pool;
	154	ttrss = ttrss.phpFpm.pool;
	155	roundcubemail = roundcubemail.phpFpm.pool;
aebd817b	156	wallabag = wallabag.phpFpm.pool;
133ebaee	157	yourls = yourls.phpFpm.pool;
bfe3c9c9	158	rompr = rompr.phpFpm.pool;
95b20e17	159	shaarli = shaarli.phpFpm.pool;
b892dcbe	160	dokuwiki = dokuwiki.phpFpm.pool;
f80772dc	161	ldap = ldap.phpFpm.pool;
46f30ecc	162	rainloop = rainloop.phpFpm.pool;
d4ed0eff	163	kanboard = kanboard.phpFpm.pool;
1922655a IB	164	tools = ''
	165	listen = /var/run/phpfpm/tools.sock
	166	user = wwwrun
	167	group = wwwrun
	168	listen.owner = wwwrun
	169	listen.group = wwwrun
	170	pm = dynamic
	171	pm.max_children = 60
	172	pm.start_servers = 2
	173	pm.min_spare_servers = 1
	174	pm.max_spare_servers = 10
	175
	176	; Needed to avoid clashes in browser cookies (same domain)
	177	php_value[session.name] = ToolsPHPSESSID
	178	php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
	179	'';
10889174 IB	180	};
	181
	182	system.activationScripts = {
	183	ttrss = ttrss.activationScript;
	184	roundcubemail = roundcubemail.activationScript;
aebd817b	185	wallabag = wallabag.activationScript;
133ebaee	186	yourls = yourls.activationScript;
bfe3c9c9	187	rompr = rompr.activationScript;
95b20e17	188	shaarli = shaarli.activationScript;
b892dcbe	189	dokuwiki = dokuwiki.activationScript;
46f30ecc	190	rainloop = rainloop.activationScript;
d4ed0eff	191	kanboard = kanboard.activationScript;
10889174 IB	192	};
10889174 IB	193
a95ab089 IB	194	system.extraSystemBuilderCmds = ''
	195	mkdir -p $out/webapps
	196	ln -s ${dokuwiki.webRoot} $out/webapps/${dokuwiki.apache.webappName}
	197	ln -s ${ldap.webRoot}/htdocs $out/webapps/${ldap.apache.webappName}
	198	ln -s ${rompr.webRoot} $out/webapps/${rompr.apache.webappName}
	199	ln -s ${roundcubemail.webRoot} $out/webapps/${roundcubemail.apache.webappName}
	200	ln -s ${shaarli.webRoot} $out/webapps/${shaarli.apache.webappName}
	201	ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName}
	202	ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName}
	203	ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName}
46f30ecc	204	ln -s ${rainloop.webRoot} $out/webapps/${rainloop.apache.webappName}
d4ed0eff	205	ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName}
a95ab089 IB	206	'';
a95ab089 IB	207
2368a4b7 IB	208	nixpkgs.overlays = [ (self: super: rec {
	209	ympd = super.ympd.overrideAttrs(old: mylibs.fetchedGithub ./ympd.json);
	210	}) ];
e229e6f2	211
10889174 IB	212	systemd.services.tt-rss = {
	213	description = "Tiny Tiny RSS feeds update daemon";
	214	serviceConfig = {
	215	User = "wwwrun";
	216	ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
	217	StandardOutput = "syslog";
	218	StandardError = "syslog";
	219	PermissionsStartOnly = true;
	220	};
	221
	222	wantedBy = [ "multi-user.target" ];
	223	requires = ["postgresql.service"];
	224	after = ["network.target" "postgresql.service"];
	225	};
	226
	227	};
	228	}
	229