[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / tools / default.nix

{ lib, pkgs, config, myconfig, mylibs, ... }:
let
    adminer = pkgs.callPackage ../../commons/adminer.nix {};
    ympd = pkgs.callPackage ./ympd.nix {
      env = myconfig.env.tools.ympd;
    };
    ttrss = pkgs.callPackage ./ttrss.nix {
      inherit (mylibs) fetchedGithub fetchedGit;
      env = myconfig.env.tools.ttrss;
    };
    roundcubemail = pkgs.callPackage ./roundcubemail.nix { env = myconfig.env.tools.roundcubemail; };
    rainloop = pkgs.callPackage ./rainloop.nix  {};
    kanboard = pkgs.callPackage ./kanboard.nix  {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.kanboard;
    };
    wallabag = pkgs.callPackage ./wallabag.nix { env = myconfig.env.tools.wallabag; };
    yourls = pkgs.callPackage ./yourls.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.yourls;
    };
    rompr = pkgs.callPackage ./rompr.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.rompr;
    };
    shaarli = pkgs.callPackage ./shaarli.nix {
      env = myconfig.env.tools.shaarli;
    };
    dokuwiki = pkgs.callPackage ./dokuwiki.nix {
      inherit (mylibs) fetchedGithub;
    };
    ldap = pkgs.callPackage ./ldap.nix {
      env = myconfig.env.tools.phpldapadmin;
    };

    cfg = config.services.myWebsites.tools.tools;
in {
  options.services.myWebsites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
    security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null;

    services.myWebsites.integration.modules =
      rainloop.apache.modules;

    services.myWebsites.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ roundcubemail.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    services.ympd = ympd.config // { enable = true; };

    services.myWebsites.integration.vhostConfs.devtools = {
      certName    = "eldiron";
      hosts       = ["devtools.immae.eu" ];
      root        = null;
      extraConfig = [
        rainloop.apache.vhostConf
      ];
    };

    services.myWebsites.tools.vhostConfs.tools = {
      certName    = "eldiron";
      hosts       = ["tools.immae.eu" ];
      root        = "/var/lib/ftp/tools.immae.eu";
      extraConfig = [
        ''
          <Directory "/var/lib/ftp/tools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:/var/run/phpfpm/tools.sock|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        adminer.apache.vhostConf
        ympd.apache.vhostConf
        ttrss.apache.vhostConf
        roundcubemail.apache.vhostConf
        wallabag.apache.vhostConf
        yourls.apache.vhostConf
        rompr.apache.vhostConf
        shaarli.apache.vhostConf
        dokuwiki.apache.vhostConf
        ldap.apache.vhostConf
        kanboard.apache.vhostConf
      ];
    };

    security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null;
    services.myWebsites.tools.vhostConfs.outils = {
      certName = "eldiron";
      hosts    = [ "outils.immae.eu" ];
      root     = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    services.myPhpfpm.poolConfigs = {
      adminer = adminer.phpFpm.pool;
      ttrss = ttrss.phpFpm.pool;
      roundcubemail = roundcubemail.phpFpm.pool;
      wallabag = wallabag.phpFpm.pool;
      yourls = yourls.phpFpm.pool;
      rompr = rompr.phpFpm.pool;
      shaarli = shaarli.phpFpm.pool;
      dokuwiki = dokuwiki.phpFpm.pool;
      ldap = ldap.phpFpm.pool;
      rainloop = rainloop.phpFpm.pool;
      kanboard = kanboard.phpFpm.pool;
      tools = ''
        listen = /var/run/phpfpm/tools.sock
        user = wwwrun
        group = wwwrun
        listen.owner = wwwrun
        listen.group = wwwrun
        pm = dynamic
        pm.max_children = 60
        pm.start_servers = 2
        pm.min_spare_servers = 1
        pm.max_spare_servers = 10

        ; Needed to avoid clashes in browser cookies (same domain)
        php_value[session.name] = ToolsPHPSESSID
        php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
        '';
    };

    system.activationScripts = {
      ttrss = ttrss.activationScript;
      roundcubemail = roundcubemail.activationScript;
      wallabag = wallabag.activationScript;
      yourls = yourls.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      rainloop = rainloop.activationScript;
      kanboard = kanboard.activationScript;
    };

    system.extraSystemBuilderCmds = ''
      mkdir -p $out/webapps
      ln -s ${dokuwiki.webRoot} $out/webapps/${dokuwiki.apache.webappName}
      ln -s ${ldap.webRoot}/htdocs $out/webapps/${ldap.apache.webappName}
      ln -s ${rompr.webRoot} $out/webapps/${rompr.apache.webappName}
      ln -s ${roundcubemail.webRoot} $out/webapps/${roundcubemail.apache.webappName}
      ln -s ${shaarli.webRoot} $out/webapps/${shaarli.apache.webappName}
      ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName}
      ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName}
      ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName}
      ln -s ${rainloop.webRoot} $out/webapps/${rainloop.apache.webappName}
      ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName}
      '';

    nixpkgs.overlays = [ (self: super: rec {
      ympd = super.ympd.overrideAttrs(old: mylibs.fetchedGithub ./ympd.json);
    }) ];

    systemd.services.tt-rss = {
      description = "Tiny Tiny RSS feeds update daemon";
      serviceConfig = {
        User = "wwwrun";
        ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
        StandardOutput = "syslog";
        StandardError = "syslog";
        PermissionsStartOnly = true;
      };

      wantedBy = [ "multi-user.target" ];
      requires = ["postgresql.service"];
      after = ["network.target" "postgresql.service"];
    };

  };
}
Commit	Line	Data
9d90e7e2	1	{ lib, pkgs, config, myconfig, mylibs, ... }:
10889174 IB	2	let
10889174 IB	3	adminer = pkgs.callPackage ../../commons/adminer.nix {};
bfe3c9c9 IB	4	ympd = pkgs.callPackage ./ympd.nix {
	5	env = myconfig.env.tools.ympd;
	6	};
9d90e7e2 IB	7	ttrss = pkgs.callPackage ./ttrss.nix {
	8	inherit (mylibs) fetchedGithub fetchedGit;
	9	env = myconfig.env.tools.ttrss;
	10	};
	11	roundcubemail = pkgs.callPackage ./roundcubemail.nix { env = myconfig.env.tools.roundcubemail; };
46f30ecc	12	rainloop = pkgs.callPackage ./rainloop.nix {};
d4ed0eff IB	13	kanboard = pkgs.callPackage ./kanboard.nix {
	14	inherit (mylibs) fetchedGithub;
	15	env = myconfig.env.tools.kanboard;
	16	};
9d90e7e2	17	wallabag = pkgs.callPackage ./wallabag.nix { env = myconfig.env.tools.wallabag; };
133ebaee IB	18	yourls = pkgs.callPackage ./yourls.nix {
	19	inherit (mylibs) fetchedGithub;
	20	env = myconfig.env.tools.yourls;
	21	};
bfe3c9c9 IB	22	rompr = pkgs.callPackage ./rompr.nix {
	23	inherit (mylibs) fetchedGithub;
	24	env = myconfig.env.tools.rompr;
	25	};
95b20e17 IB	26	shaarli = pkgs.callPackage ./shaarli.nix {
	27	env = myconfig.env.tools.shaarli;
	28	};
b892dcbe IB	29	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
	30	inherit (mylibs) fetchedGithub;
	31	};
f80772dc IB	32	ldap = pkgs.callPackage ./ldap.nix {
	33	env = myconfig.env.tools.phpldapadmin;
	34	};
10889174 IB	35
	36	cfg = config.services.myWebsites.tools.tools;
	37	in {
	38	options.services.myWebsites.tools.tools = {
	39	enable = lib.mkEnableOption "enable tools website";
	40	};
	41
	42	config = lib.mkIf cfg.enable {
	43	security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
46f30ecc IB	44	security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null;
	45
	46	services.myWebsites.integration.modules =
	47	rainloop.apache.modules;
10889174 IB	48
10889174 IB	49	services.myWebsites.tools.modules =
1922655a IB	50	[ "proxy_fcgi" ]
1922655a IB	51	++ adminer.apache.modules
10889174 IB	52	++ ympd.apache.modules
10889174 IB	53	++ ttrss.apache.modules
aebd817b	54	++ roundcubemail.apache.modules
133ebaee	55	++ wallabag.apache.modules
bfe3c9c9	56	++ yourls.apache.modules
95b20e17	57	++ rompr.apache.modules
b892dcbe	58	++ shaarli.apache.modules
f80772dc	59	++ dokuwiki.apache.modules
d4ed0eff IB	60	++ ldap.apache.modules
d4ed0eff IB	61	++ kanboard.apache.modules;
10889174	62
bfe3c9c9	63	services.ympd = ympd.config // { enable = true; };
10889174	64
46f30ecc IB	65	services.myWebsites.integration.vhostConfs.devtools = {
	66	certName = "eldiron";
	67	hosts = ["devtools.immae.eu" ];
	68	root = null;
	69	extraConfig = [
	70	rainloop.apache.vhostConf
	71	];
	72	};
	73
10889174 IB	74	services.myWebsites.tools.vhostConfs.tools = {
	75	certName = "eldiron";
	76	hosts = ["tools.immae.eu" ];
1922655a	77	root = "/var/lib/ftp/tools.immae.eu";
10889174	78	extraConfig = [
1922655a IB	79	''
1922655a IB	80	<Directory "/var/lib/ftp/tools.immae.eu">
0eaac6ba	81	DirectoryIndex index.php index.htm index.html
1922655a IB	82	AllowOverride all
	83	Require all granted
	84	<FilesMatch "\.php$">
	85	SetHandler "proxy:unix:/var/run/phpfpm/tools.sock\|fcgi://localhost"
	86	</FilesMatch>
	87	</Directory>
	88	''
10889174 IB	89	adminer.apache.vhostConf
	90	ympd.apache.vhostConf
	91	ttrss.apache.vhostConf
	92	roundcubemail.apache.vhostConf
aebd817b	93	wallabag.apache.vhostConf
133ebaee	94	yourls.apache.vhostConf
bfe3c9c9	95	rompr.apache.vhostConf
95b20e17	96	shaarli.apache.vhostConf
b892dcbe	97	dokuwiki.apache.vhostConf
f80772dc	98	ldap.apache.vhostConf
d4ed0eff	99	kanboard.apache.vhostConf
10889174 IB	100	];
	101	};
	102
70606070 IB	103	security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null;
	104	services.myWebsites.tools.vhostConfs.outils = {
	105	certName = "eldiron";
	106	hosts = [ "outils.immae.eu" ];
	107	root = null;
	108	extraConfig = [
	109	''
	110	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	111
	112	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	113
	114	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	115	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	116
	117	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	118	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	119	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	120	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	121
	122	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	123
	124	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	125	''
	126	];
	127	};
	128
10889174 IB	129	services.myPhpfpm.poolConfigs = {
	130	adminer = adminer.phpFpm.pool;
	131	ttrss = ttrss.phpFpm.pool;
	132	roundcubemail = roundcubemail.phpFpm.pool;
aebd817b	133	wallabag = wallabag.phpFpm.pool;
133ebaee	134	yourls = yourls.phpFpm.pool;
bfe3c9c9	135	rompr = rompr.phpFpm.pool;
95b20e17	136	shaarli = shaarli.phpFpm.pool;
b892dcbe	137	dokuwiki = dokuwiki.phpFpm.pool;
f80772dc	138	ldap = ldap.phpFpm.pool;
46f30ecc	139	rainloop = rainloop.phpFpm.pool;
d4ed0eff	140	kanboard = kanboard.phpFpm.pool;
1922655a IB	141	tools = ''
	142	listen = /var/run/phpfpm/tools.sock
	143	user = wwwrun
	144	group = wwwrun
	145	listen.owner = wwwrun
	146	listen.group = wwwrun
	147	pm = dynamic
	148	pm.max_children = 60
	149	pm.start_servers = 2
	150	pm.min_spare_servers = 1
	151	pm.max_spare_servers = 10
	152
	153	; Needed to avoid clashes in browser cookies (same domain)
	154	php_value[session.name] = ToolsPHPSESSID
	155	php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
	156	'';
10889174 IB	157	};
	158
	159	system.activationScripts = {
	160	ttrss = ttrss.activationScript;
	161	roundcubemail = roundcubemail.activationScript;
aebd817b	162	wallabag = wallabag.activationScript;
133ebaee	163	yourls = yourls.activationScript;
bfe3c9c9	164	rompr = rompr.activationScript;
95b20e17	165	shaarli = shaarli.activationScript;
b892dcbe	166	dokuwiki = dokuwiki.activationScript;
46f30ecc	167	rainloop = rainloop.activationScript;
d4ed0eff	168	kanboard = kanboard.activationScript;
10889174 IB	169	};
10889174 IB	170
a95ab089 IB	171	system.extraSystemBuilderCmds = ''
	172	mkdir -p $out/webapps
	173	ln -s ${dokuwiki.webRoot} $out/webapps/${dokuwiki.apache.webappName}
	174	ln -s ${ldap.webRoot}/htdocs $out/webapps/${ldap.apache.webappName}
	175	ln -s ${rompr.webRoot} $out/webapps/${rompr.apache.webappName}
	176	ln -s ${roundcubemail.webRoot} $out/webapps/${roundcubemail.apache.webappName}
	177	ln -s ${shaarli.webRoot} $out/webapps/${shaarli.apache.webappName}
	178	ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName}
	179	ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName}
	180	ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName}
46f30ecc	181	ln -s ${rainloop.webRoot} $out/webapps/${rainloop.apache.webappName}
d4ed0eff	182	ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName}
a95ab089 IB	183	'';
a95ab089 IB	184
2368a4b7 IB	185	nixpkgs.overlays = [ (self: super: rec {
	186	ympd = super.ympd.overrideAttrs(old: mylibs.fetchedGithub ./ympd.json);
	187	}) ];
e229e6f2	188
10889174 IB	189	systemd.services.tt-rss = {
	190	description = "Tiny Tiny RSS feeds update daemon";
	191	serviceConfig = {
	192	User = "wwwrun";
	193	ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
	194	StandardOutput = "syslog";
	195	StandardError = "syslog";
	196	PermissionsStartOnly = true;
	197	};
	198
	199	wantedBy = [ "multi-user.target" ];
	200	requires = ["postgresql.service"];
	201	after = ["network.target" "postgresql.service"];
	202	};
	203
	204	};
	205	}
	206