[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / tools / default.nix

{ lib, pkgs, config, myconfig, mylibs, ... }:
let
    adminer = pkgs.callPackage ../../commons/adminer.nix {};
    ympd = pkgs.callPackage ./ympd.nix {
      env = myconfig.env.tools.ympd;
    };
    ttrss = pkgs.callPackage ./ttrss.nix {
      inherit (mylibs) fetchedGithub fetchedGit;
      env = myconfig.env.tools.ttrss;
    };
    roundcubemail = pkgs.callPackage ./roundcubemail.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.roundcubemail;
    };
    rainloop = pkgs.callPackage ./rainloop.nix  {};
    kanboard = pkgs.callPackage ./kanboard.nix  {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.kanboard;
    };
    wallabag = pkgs.callPackage ./wallabag.nix { env = myconfig.env.tools.wallabag; };
    yourls = pkgs.callPackage ./yourls.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.yourls;
    };
    rompr = pkgs.callPackage ./rompr.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.rompr;
    };
    shaarli = pkgs.callPackage ./shaarli.nix {
      env = myconfig.env.tools.shaarli;
    };
    dokuwiki = pkgs.callPackage ./dokuwiki.nix {
      inherit (mylibs) fetchedGithub;
    };
    ldap = pkgs.callPackage ./ldap.nix {
      env = myconfig.env.tools.phpldapadmin;
    };

    cfg = config.services.myWebsites.tools.tools;
in {
  options.services.myWebsites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
    security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null;

    services.myWebsites.integration.modules =
      rainloop.apache.modules;

    services.myWebsites.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ roundcubemail.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    services.ympd = ympd.config // { enable = true; };

    services.myWebsites.integration.vhostConfs.devtools = {
      certName    = "eldiron";
      hosts       = ["devtools.immae.eu" ];
      root        = null;
      extraConfig = [
        rainloop.apache.vhostConf
      ];
    };

    services.myWebsites.tools.vhostConfs.tools = {
      certName    = "eldiron";
      hosts       = ["tools.immae.eu" ];
      root        = "/var/lib/ftp/tools.immae.eu";
      extraConfig = [
        ''
          <Directory "/var/lib/ftp/tools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:/var/run/phpfpm/tools.sock|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        adminer.apache.vhostConf
        ympd.apache.vhostConf
        ttrss.apache.vhostConf
        roundcubemail.apache.vhostConf
        wallabag.apache.vhostConf
        yourls.apache.vhostConf
        rompr.apache.vhostConf
        shaarli.apache.vhostConf
        dokuwiki.apache.vhostConf
        ldap.apache.vhostConf
        kanboard.apache.vhostConf
      ];
    };

    security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null;
    services.myWebsites.tools.vhostConfs.outils = {
      certName = "eldiron";
      hosts    = [ "outils.immae.eu" ];
      root     = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    services.myPhpfpm.poolPhpConfigs.roundcubemail = roundcubemail.phpFpm.phpConfig;
    services.myPhpfpm.poolConfigs = {
      adminer = adminer.phpFpm.pool;
      ttrss = ttrss.phpFpm.pool;
      roundcubemail = roundcubemail.phpFpm.pool;
      wallabag = wallabag.phpFpm.pool;
      yourls = yourls.phpFpm.pool;
      rompr = rompr.phpFpm.pool;
      shaarli = shaarli.phpFpm.pool;
      dokuwiki = dokuwiki.phpFpm.pool;
      ldap = ldap.phpFpm.pool;
      rainloop = rainloop.phpFpm.pool;
      kanboard = kanboard.phpFpm.pool;
      tools = ''
        listen = /var/run/phpfpm/tools.sock
        user = wwwrun
        group = wwwrun
        listen.owner = wwwrun
        listen.group = wwwrun
        pm = dynamic
        pm.max_children = 60
        pm.start_servers = 2
        pm.min_spare_servers = 1
        pm.max_spare_servers = 10

        ; Needed to avoid clashes in browser cookies (same domain)
        php_value[session.name] = ToolsPHPSESSID
        php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
        '';
    };

    system.activationScripts = {
      ttrss = ttrss.activationScript;
      roundcubemail = roundcubemail.activationScript;
      wallabag = wallabag.activationScript;
      yourls = yourls.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      rainloop = rainloop.activationScript;
      kanboard = kanboard.activationScript;
    };

    system.extraSystemBuilderCmds = ''
      mkdir -p $out/webapps
      ln -s ${dokuwiki.webRoot} $out/webapps/${dokuwiki.apache.webappName}
      ln -s ${ldap.webRoot}/htdocs $out/webapps/${ldap.apache.webappName}
      ln -s ${rompr.webRoot} $out/webapps/${rompr.apache.webappName}
      ln -s ${roundcubemail.webRoot} $out/webapps/${roundcubemail.apache.webappName}
      ln -s ${shaarli.webRoot} $out/webapps/${shaarli.apache.webappName}
      ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName}
      ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName}
      ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName}
      ln -s ${rainloop.webRoot} $out/webapps/${rainloop.apache.webappName}
      ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName}
      '';

    nixpkgs.overlays = [ (self: super: rec {
      ympd = super.ympd.overrideAttrs(old: mylibs.fetchedGithub ./ympd.json);
    }) ];

    systemd.services.tt-rss = {
      description = "Tiny Tiny RSS feeds update daemon";
      serviceConfig = {
        User = "wwwrun";
        ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
        StandardOutput = "syslog";
        StandardError = "syslog";
        PermissionsStartOnly = true;
      };

      wantedBy = [ "multi-user.target" ];
      requires = ["postgresql.service"];
      after = ["network.target" "postgresql.service"];
    };

  };
}
Commit	Line	Data
9d90e7e2	1	{ lib, pkgs, config, myconfig, mylibs, ... }:
10889174 IB	2	let
10889174 IB	3	adminer = pkgs.callPackage ../../commons/adminer.nix {};
bfe3c9c9 IB	4	ympd = pkgs.callPackage ./ympd.nix {
	5	env = myconfig.env.tools.ympd;
	6	};
9d90e7e2 IB	7	ttrss = pkgs.callPackage ./ttrss.nix {
	8	inherit (mylibs) fetchedGithub fetchedGit;
	9	env = myconfig.env.tools.ttrss;
	10	};
8a2ccf84 IB	11	roundcubemail = pkgs.callPackage ./roundcubemail.nix {
	12	inherit (mylibs) fetchedGithub;
	13	env = myconfig.env.tools.roundcubemail;
	14	};
46f30ecc	15	rainloop = pkgs.callPackage ./rainloop.nix {};
d4ed0eff IB	16	kanboard = pkgs.callPackage ./kanboard.nix {
	17	inherit (mylibs) fetchedGithub;
	18	env = myconfig.env.tools.kanboard;
	19	};
9d90e7e2	20	wallabag = pkgs.callPackage ./wallabag.nix { env = myconfig.env.tools.wallabag; };
133ebaee IB	21	yourls = pkgs.callPackage ./yourls.nix {
	22	inherit (mylibs) fetchedGithub;
	23	env = myconfig.env.tools.yourls;
	24	};
bfe3c9c9 IB	25	rompr = pkgs.callPackage ./rompr.nix {
	26	inherit (mylibs) fetchedGithub;
	27	env = myconfig.env.tools.rompr;
	28	};
95b20e17 IB	29	shaarli = pkgs.callPackage ./shaarli.nix {
	30	env = myconfig.env.tools.shaarli;
	31	};
b892dcbe IB	32	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
	33	inherit (mylibs) fetchedGithub;
	34	};
f80772dc IB	35	ldap = pkgs.callPackage ./ldap.nix {
	36	env = myconfig.env.tools.phpldapadmin;
	37	};
10889174 IB	38
	39	cfg = config.services.myWebsites.tools.tools;
	40	in {
	41	options.services.myWebsites.tools.tools = {
	42	enable = lib.mkEnableOption "enable tools website";
	43	};
	44
	45	config = lib.mkIf cfg.enable {
	46	security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
46f30ecc IB	47	security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null;
	48
	49	services.myWebsites.integration.modules =
	50	rainloop.apache.modules;
10889174 IB	51
10889174 IB	52	services.myWebsites.tools.modules =
1922655a IB	53	[ "proxy_fcgi" ]
1922655a IB	54	++ adminer.apache.modules
10889174 IB	55	++ ympd.apache.modules
10889174 IB	56	++ ttrss.apache.modules
aebd817b	57	++ roundcubemail.apache.modules
133ebaee	58	++ wallabag.apache.modules
bfe3c9c9	59	++ yourls.apache.modules
95b20e17	60	++ rompr.apache.modules
b892dcbe	61	++ shaarli.apache.modules
f80772dc	62	++ dokuwiki.apache.modules
d4ed0eff IB	63	++ ldap.apache.modules
d4ed0eff IB	64	++ kanboard.apache.modules;
10889174	65
bfe3c9c9	66	services.ympd = ympd.config // { enable = true; };
10889174	67
46f30ecc IB	68	services.myWebsites.integration.vhostConfs.devtools = {
	69	certName = "eldiron";
	70	hosts = ["devtools.immae.eu" ];
	71	root = null;
	72	extraConfig = [
	73	rainloop.apache.vhostConf
	74	];
	75	};
	76
10889174 IB	77	services.myWebsites.tools.vhostConfs.tools = {
	78	certName = "eldiron";
	79	hosts = ["tools.immae.eu" ];
1922655a	80	root = "/var/lib/ftp/tools.immae.eu";
10889174	81	extraConfig = [
1922655a IB	82	''
1922655a IB	83	<Directory "/var/lib/ftp/tools.immae.eu">
0eaac6ba	84	DirectoryIndex index.php index.htm index.html
1922655a IB	85	AllowOverride all
	86	Require all granted
	87	<FilesMatch "\.php$">
	88	SetHandler "proxy:unix:/var/run/phpfpm/tools.sock\|fcgi://localhost"
	89	</FilesMatch>
	90	</Directory>
	91	''
10889174 IB	92	adminer.apache.vhostConf
	93	ympd.apache.vhostConf
	94	ttrss.apache.vhostConf
	95	roundcubemail.apache.vhostConf
aebd817b	96	wallabag.apache.vhostConf
133ebaee	97	yourls.apache.vhostConf
bfe3c9c9	98	rompr.apache.vhostConf
95b20e17	99	shaarli.apache.vhostConf
b892dcbe	100	dokuwiki.apache.vhostConf
f80772dc	101	ldap.apache.vhostConf
d4ed0eff	102	kanboard.apache.vhostConf
10889174 IB	103	];
	104	};
	105
70606070 IB	106	security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null;
	107	services.myWebsites.tools.vhostConfs.outils = {
	108	certName = "eldiron";
	109	hosts = [ "outils.immae.eu" ];
	110	root = null;
	111	extraConfig = [
	112	''
	113	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	114
	115	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	116
	117	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	118	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	119
	120	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	121	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	122	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	123	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	124
	125	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	126
	127	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	128	''
	129	];
	130	};
	131
e2ca51b2	132	services.myPhpfpm.poolPhpConfigs.roundcubemail = roundcubemail.phpFpm.phpConfig;
10889174 IB	133	services.myPhpfpm.poolConfigs = {
	134	adminer = adminer.phpFpm.pool;
	135	ttrss = ttrss.phpFpm.pool;
	136	roundcubemail = roundcubemail.phpFpm.pool;
aebd817b	137	wallabag = wallabag.phpFpm.pool;
133ebaee	138	yourls = yourls.phpFpm.pool;
bfe3c9c9	139	rompr = rompr.phpFpm.pool;
95b20e17	140	shaarli = shaarli.phpFpm.pool;
b892dcbe	141	dokuwiki = dokuwiki.phpFpm.pool;
f80772dc	142	ldap = ldap.phpFpm.pool;
46f30ecc	143	rainloop = rainloop.phpFpm.pool;
d4ed0eff	144	kanboard = kanboard.phpFpm.pool;
1922655a IB	145	tools = ''
	146	listen = /var/run/phpfpm/tools.sock
	147	user = wwwrun
	148	group = wwwrun
	149	listen.owner = wwwrun
	150	listen.group = wwwrun
	151	pm = dynamic
	152	pm.max_children = 60
	153	pm.start_servers = 2
	154	pm.min_spare_servers = 1
	155	pm.max_spare_servers = 10
	156
	157	; Needed to avoid clashes in browser cookies (same domain)
	158	php_value[session.name] = ToolsPHPSESSID
	159	php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
	160	'';
10889174 IB	161	};
	162
	163	system.activationScripts = {
	164	ttrss = ttrss.activationScript;
	165	roundcubemail = roundcubemail.activationScript;
aebd817b	166	wallabag = wallabag.activationScript;
133ebaee	167	yourls = yourls.activationScript;
bfe3c9c9	168	rompr = rompr.activationScript;
95b20e17	169	shaarli = shaarli.activationScript;
b892dcbe	170	dokuwiki = dokuwiki.activationScript;
46f30ecc	171	rainloop = rainloop.activationScript;
d4ed0eff	172	kanboard = kanboard.activationScript;
10889174 IB	173	};
10889174 IB	174
a95ab089 IB	175	system.extraSystemBuilderCmds = ''
	176	mkdir -p $out/webapps
	177	ln -s ${dokuwiki.webRoot} $out/webapps/${dokuwiki.apache.webappName}
	178	ln -s ${ldap.webRoot}/htdocs $out/webapps/${ldap.apache.webappName}
	179	ln -s ${rompr.webRoot} $out/webapps/${rompr.apache.webappName}
	180	ln -s ${roundcubemail.webRoot} $out/webapps/${roundcubemail.apache.webappName}
	181	ln -s ${shaarli.webRoot} $out/webapps/${shaarli.apache.webappName}
	182	ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName}
	183	ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName}
	184	ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName}
46f30ecc	185	ln -s ${rainloop.webRoot} $out/webapps/${rainloop.apache.webappName}
d4ed0eff	186	ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName}
a95ab089 IB	187	'';
a95ab089 IB	188
2368a4b7 IB	189	nixpkgs.overlays = [ (self: super: rec {
	190	ympd = super.ympd.overrideAttrs(old: mylibs.fetchedGithub ./ympd.json);
	191	}) ];
e229e6f2	192
10889174 IB	193	systemd.services.tt-rss = {
	194	description = "Tiny Tiny RSS feeds update daemon";
	195	serviceConfig = {
	196	User = "wwwrun";
	197	ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
	198	StandardOutput = "syslog";
	199	StandardError = "syslog";
	200	PermissionsStartOnly = true;
	201	};
	202
	203	wantedBy = [ "multi-user.target" ];
	204	requires = ["postgresql.service"];
	205	after = ["network.target" "postgresql.service"];
	206	};
	207
	208	};
	209	}
	210