[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / tools / default.nix

{ lib, pkgs, config, myconfig, mylibs, ... }:
let
    adminer = pkgs.callPackage ../../commons/adminer.nix {};
    ympd = pkgs.callPackage ./ympd.nix {
      env = myconfig.env.tools.ympd;
    };
    ttrss = pkgs.callPackage ./ttrss.nix {
      inherit (mylibs) fetchedGithub fetchedGit;
      env = myconfig.env.tools.ttrss;
    };
    roundcubemail = pkgs.callPackage ./roundcubemail.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.roundcubemail;
    };
    rainloop = pkgs.callPackage ./rainloop.nix  {};
    kanboard = pkgs.callPackage ./kanboard.nix  {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.kanboard;
    };
    wallabag = pkgs.callPackage ./wallabag.nix { env = myconfig.env.tools.wallabag; };
    yourls = pkgs.callPackage ./yourls.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.yourls;
    };
    rompr = pkgs.callPackage ./rompr.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.rompr;
    };
    shaarli = pkgs.callPackage ./shaarli.nix {
      env = myconfig.env.tools.shaarli;
    };
    dokuwiki = pkgs.callPackage ./dokuwiki.nix {
      inherit (mylibs) fetchedGithub;
    };
    ldap = pkgs.callPackage ./ldap.nix {
      env = myconfig.env.tools.phpldapadmin;
    };

    cfg = config.services.myWebsites.tools.tools;
in {
  options.services.myWebsites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
    security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null;

    deployment.keys =
      kanboard.keys
      // ldap.keys
      // roundcubemail.keys
      // shaarli.keys
      // ttrss.keys
      // wallabag.keys
      // yourls.keys;

    services.myWebsites.integration.modules =
      rainloop.apache.modules;

    services.myWebsites.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ roundcubemail.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    services.ympd = ympd.config // { enable = true; };

    services.myWebsites.integration.vhostConfs.devtools = {
      certName    = "eldiron";
      hosts       = ["devtools.immae.eu" ];
      root        = null;
      extraConfig = [
        rainloop.apache.vhostConf
      ];
    };

    services.myWebsites.tools.vhostConfs.tools = {
      certName    = "eldiron";
      hosts       = ["tools.immae.eu" ];
      root        = "/var/lib/ftp/tools.immae.eu";
      extraConfig = [
        ''
          <Directory "/var/lib/ftp/tools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:/var/run/phpfpm/tools.sock|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        adminer.apache.vhostConf
        ympd.apache.vhostConf
        ttrss.apache.vhostConf
        roundcubemail.apache.vhostConf
        wallabag.apache.vhostConf
        yourls.apache.vhostConf
        rompr.apache.vhostConf
        shaarli.apache.vhostConf
        dokuwiki.apache.vhostConf
        ldap.apache.vhostConf
        kanboard.apache.vhostConf
      ];
    };

    security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null;
    services.myWebsites.tools.vhostConfs.outils = {
      certName = "eldiron";
      hosts    = [ "outils.immae.eu" ];
      root     = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    services.myPhpfpm.serviceDependencies = {
      dokuwiki = dokuwiki.phpFpm.serviceDeps;
      kanboard = kanboard.phpFpm.serviceDeps;
      ldap = ldap.phpFpm.serviceDeps;
      rainloop = rainloop.phpFpm.serviceDeps;
      roundcubemail = roundcubemail.phpFpm.serviceDeps;
      shaarli = shaarli.phpFpm.serviceDeps;
      ttrss = ttrss.phpFpm.serviceDeps;
      wallabag = wallabag.phpFpm.serviceDeps;
      yourls = yourls.phpFpm.serviceDeps;
    };

    services.myPhpfpm.poolPhpConfigs = {
      roundcubemail = roundcubemail.phpFpm.phpConfig;
    };
    services.myPhpfpm.poolConfigs = {
      adminer = adminer.phpFpm.pool;
      ttrss = ttrss.phpFpm.pool;
      roundcubemail = roundcubemail.phpFpm.pool;
      wallabag = wallabag.phpFpm.pool;
      yourls = yourls.phpFpm.pool;
      rompr = rompr.phpFpm.pool;
      shaarli = shaarli.phpFpm.pool;
      dokuwiki = dokuwiki.phpFpm.pool;
      ldap = ldap.phpFpm.pool;
      rainloop = rainloop.phpFpm.pool;
      kanboard = kanboard.phpFpm.pool;
      tools = ''
        listen = /var/run/phpfpm/tools.sock
        user = wwwrun
        group = wwwrun
        listen.owner = wwwrun
        listen.group = wwwrun
        pm = dynamic
        pm.max_children = 60
        pm.start_servers = 2
        pm.min_spare_servers = 1
        pm.max_spare_servers = 10

        ; Needed to avoid clashes in browser cookies (same domain)
        php_value[session.name] = ToolsPHPSESSID
        php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
        '';
    };

    system.activationScripts = {
      ttrss = ttrss.activationScript;
      roundcubemail = roundcubemail.activationScript;
      wallabag = wallabag.activationScript;
      yourls = yourls.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      rainloop = rainloop.activationScript;
      kanboard = kanboard.activationScript;
    };

    system.extraSystemBuilderCmds = ''
      mkdir -p $out/webapps
      ln -s ${dokuwiki.webRoot} $out/webapps/${dokuwiki.apache.webappName}
      ln -s ${ldap.webRoot}/htdocs $out/webapps/${ldap.apache.webappName}
      ln -s ${rompr.webRoot} $out/webapps/${rompr.apache.webappName}
      ln -s ${roundcubemail.webRoot} $out/webapps/${roundcubemail.apache.webappName}
      ln -s ${shaarli.webRoot} $out/webapps/${shaarli.apache.webappName}
      ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName}
      ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName}
      ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName}
      ln -s ${rainloop.webRoot} $out/webapps/${rainloop.apache.webappName}
      ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName}
      '';

    nixpkgs.overlays = [ (self: super: rec {
      ympd = super.ympd.overrideAttrs(old: mylibs.fetchedGithub ./ympd.json);
    }) ];

    systemd.services.tt-rss = {
      description = "Tiny Tiny RSS feeds update daemon";
      serviceConfig = {
        User = "wwwrun";
        ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
        StandardOutput = "syslog";
        StandardError = "syslog";
        PermissionsStartOnly = true;
      };

      wantedBy = [ "multi-user.target" ];
      requires = ["postgresql.service"];
      after = ["network.target" "postgresql.service"];
    };

  };
}
Commit	Line	Data
9d90e7e2	1	{ lib, pkgs, config, myconfig, mylibs, ... }:
10889174 IB	2	let
10889174 IB	3	adminer = pkgs.callPackage ../../commons/adminer.nix {};
bfe3c9c9 IB	4	ympd = pkgs.callPackage ./ympd.nix {
	5	env = myconfig.env.tools.ympd;
	6	};
9d90e7e2 IB	7	ttrss = pkgs.callPackage ./ttrss.nix {
	8	inherit (mylibs) fetchedGithub fetchedGit;
	9	env = myconfig.env.tools.ttrss;
	10	};
8a2ccf84 IB	11	roundcubemail = pkgs.callPackage ./roundcubemail.nix {
	12	inherit (mylibs) fetchedGithub;
	13	env = myconfig.env.tools.roundcubemail;
	14	};
46f30ecc	15	rainloop = pkgs.callPackage ./rainloop.nix {};
d4ed0eff IB	16	kanboard = pkgs.callPackage ./kanboard.nix {
	17	inherit (mylibs) fetchedGithub;
	18	env = myconfig.env.tools.kanboard;
	19	};
9d90e7e2	20	wallabag = pkgs.callPackage ./wallabag.nix { env = myconfig.env.tools.wallabag; };
133ebaee IB	21	yourls = pkgs.callPackage ./yourls.nix {
	22	inherit (mylibs) fetchedGithub;
	23	env = myconfig.env.tools.yourls;
	24	};
bfe3c9c9 IB	25	rompr = pkgs.callPackage ./rompr.nix {
	26	inherit (mylibs) fetchedGithub;
	27	env = myconfig.env.tools.rompr;
	28	};
95b20e17 IB	29	shaarli = pkgs.callPackage ./shaarli.nix {
	30	env = myconfig.env.tools.shaarli;
	31	};
b892dcbe IB	32	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
	33	inherit (mylibs) fetchedGithub;
	34	};
f80772dc IB	35	ldap = pkgs.callPackage ./ldap.nix {
	36	env = myconfig.env.tools.phpldapadmin;
	37	};
10889174 IB	38
	39	cfg = config.services.myWebsites.tools.tools;
	40	in {
	41	options.services.myWebsites.tools.tools = {
	42	enable = lib.mkEnableOption "enable tools website";
	43	};
	44
	45	config = lib.mkIf cfg.enable {
	46	security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
46f30ecc IB	47	security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null;
46f30ecc IB	48
a840a21c IB	49	deployment.keys =
	50	kanboard.keys
	51	// ldap.keys
	52	// roundcubemail.keys
5f08b34c	53	// shaarli.keys
a840a21c IB	54	// ttrss.keys
	55	// wallabag.keys
	56	// yourls.keys;
98163486	57
46f30ecc IB	58	services.myWebsites.integration.modules =
46f30ecc IB	59	rainloop.apache.modules;
10889174 IB	60
10889174 IB	61	services.myWebsites.tools.modules =
1922655a IB	62	[ "proxy_fcgi" ]
1922655a IB	63	++ adminer.apache.modules
10889174 IB	64	++ ympd.apache.modules
10889174 IB	65	++ ttrss.apache.modules
aebd817b	66	++ roundcubemail.apache.modules
133ebaee	67	++ wallabag.apache.modules
bfe3c9c9	68	++ yourls.apache.modules
95b20e17	69	++ rompr.apache.modules
b892dcbe	70	++ shaarli.apache.modules
f80772dc	71	++ dokuwiki.apache.modules
d4ed0eff IB	72	++ ldap.apache.modules
d4ed0eff IB	73	++ kanboard.apache.modules;
10889174	74
bfe3c9c9	75	services.ympd = ympd.config // { enable = true; };
10889174	76
46f30ecc IB	77	services.myWebsites.integration.vhostConfs.devtools = {
	78	certName = "eldiron";
	79	hosts = ["devtools.immae.eu" ];
	80	root = null;
	81	extraConfig = [
	82	rainloop.apache.vhostConf
	83	];
	84	};
	85
10889174 IB	86	services.myWebsites.tools.vhostConfs.tools = {
	87	certName = "eldiron";
	88	hosts = ["tools.immae.eu" ];
1922655a	89	root = "/var/lib/ftp/tools.immae.eu";
10889174	90	extraConfig = [
1922655a IB	91	''
1922655a IB	92	<Directory "/var/lib/ftp/tools.immae.eu">
0eaac6ba	93	DirectoryIndex index.php index.htm index.html
1922655a IB	94	AllowOverride all
	95	Require all granted
	96	<FilesMatch "\.php$">
	97	SetHandler "proxy:unix:/var/run/phpfpm/tools.sock\|fcgi://localhost"
	98	</FilesMatch>
	99	</Directory>
	100	''
10889174 IB	101	adminer.apache.vhostConf
	102	ympd.apache.vhostConf
	103	ttrss.apache.vhostConf
	104	roundcubemail.apache.vhostConf
aebd817b	105	wallabag.apache.vhostConf
133ebaee	106	yourls.apache.vhostConf
bfe3c9c9	107	rompr.apache.vhostConf
95b20e17	108	shaarli.apache.vhostConf
b892dcbe	109	dokuwiki.apache.vhostConf
f80772dc	110	ldap.apache.vhostConf
d4ed0eff	111	kanboard.apache.vhostConf
10889174 IB	112	];
	113	};
	114
70606070 IB	115	security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null;
	116	services.myWebsites.tools.vhostConfs.outils = {
	117	certName = "eldiron";
	118	hosts = [ "outils.immae.eu" ];
	119	root = null;
	120	extraConfig = [
	121	''
	122	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	123
	124	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	125
	126	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	127	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	128
	129	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	130	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	131	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	132	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	133
	134	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	135
	136	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	137	''
	138	];
	139	};
	140
a840a21c IB	141	services.myPhpfpm.serviceDependencies = {
	142	dokuwiki = dokuwiki.phpFpm.serviceDeps;
	143	kanboard = kanboard.phpFpm.serviceDeps;
	144	ldap = ldap.phpFpm.serviceDeps;
	145	rainloop = rainloop.phpFpm.serviceDeps;
	146	roundcubemail = roundcubemail.phpFpm.serviceDeps;
5f08b34c	147	shaarli = shaarli.phpFpm.serviceDeps;
a840a21c IB	148	ttrss = ttrss.phpFpm.serviceDeps;
	149	wallabag = wallabag.phpFpm.serviceDeps;
	150	yourls = yourls.phpFpm.serviceDeps;
	151	};
	152
b7d2d4e3 IB	153	services.myPhpfpm.poolPhpConfigs = {
	154	roundcubemail = roundcubemail.phpFpm.phpConfig;
	155	};
10889174 IB	156	services.myPhpfpm.poolConfigs = {
	157	adminer = adminer.phpFpm.pool;
	158	ttrss = ttrss.phpFpm.pool;
	159	roundcubemail = roundcubemail.phpFpm.pool;
aebd817b	160	wallabag = wallabag.phpFpm.pool;
133ebaee	161	yourls = yourls.phpFpm.pool;
bfe3c9c9	162	rompr = rompr.phpFpm.pool;
95b20e17	163	shaarli = shaarli.phpFpm.pool;
b892dcbe	164	dokuwiki = dokuwiki.phpFpm.pool;
f80772dc	165	ldap = ldap.phpFpm.pool;
46f30ecc	166	rainloop = rainloop.phpFpm.pool;
d4ed0eff	167	kanboard = kanboard.phpFpm.pool;
1922655a IB	168	tools = ''
	169	listen = /var/run/phpfpm/tools.sock
	170	user = wwwrun
	171	group = wwwrun
	172	listen.owner = wwwrun
	173	listen.group = wwwrun
	174	pm = dynamic
	175	pm.max_children = 60
	176	pm.start_servers = 2
	177	pm.min_spare_servers = 1
	178	pm.max_spare_servers = 10
	179
	180	; Needed to avoid clashes in browser cookies (same domain)
	181	php_value[session.name] = ToolsPHPSESSID
	182	php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
	183	'';
10889174 IB	184	};
	185
	186	system.activationScripts = {
	187	ttrss = ttrss.activationScript;
	188	roundcubemail = roundcubemail.activationScript;
aebd817b	189	wallabag = wallabag.activationScript;
133ebaee	190	yourls = yourls.activationScript;
bfe3c9c9	191	rompr = rompr.activationScript;
95b20e17	192	shaarli = shaarli.activationScript;
b892dcbe	193	dokuwiki = dokuwiki.activationScript;
46f30ecc	194	rainloop = rainloop.activationScript;
d4ed0eff	195	kanboard = kanboard.activationScript;
10889174 IB	196	};
10889174 IB	197
a95ab089 IB	198	system.extraSystemBuilderCmds = ''
	199	mkdir -p $out/webapps
	200	ln -s ${dokuwiki.webRoot} $out/webapps/${dokuwiki.apache.webappName}
	201	ln -s ${ldap.webRoot}/htdocs $out/webapps/${ldap.apache.webappName}
	202	ln -s ${rompr.webRoot} $out/webapps/${rompr.apache.webappName}
	203	ln -s ${roundcubemail.webRoot} $out/webapps/${roundcubemail.apache.webappName}
	204	ln -s ${shaarli.webRoot} $out/webapps/${shaarli.apache.webappName}
	205	ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName}
	206	ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName}
	207	ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName}
46f30ecc	208	ln -s ${rainloop.webRoot} $out/webapps/${rainloop.apache.webappName}
d4ed0eff	209	ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName}
a95ab089 IB	210	'';
a95ab089 IB	211
2368a4b7 IB	212	nixpkgs.overlays = [ (self: super: rec {
	213	ympd = super.ympd.overrideAttrs(old: mylibs.fetchedGithub ./ympd.json);
	214	}) ];
e229e6f2	215
10889174 IB	216	systemd.services.tt-rss = {
	217	description = "Tiny Tiny RSS feeds update daemon";
	218	serviceConfig = {
	219	User = "wwwrun";
	220	ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
	221	StandardOutput = "syslog";
	222	StandardError = "syslog";
	223	PermissionsStartOnly = true;
	224	};
	225
	226	wantedBy = [ "multi-user.target" ];
	227	requires = ["postgresql.service"];
	228	after = ["network.target" "postgresql.service"];
	229	};
	230
	231	};
	232	}
	233