[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / tools / default.nix

{ lib, pkgs, config, myconfig, mylibs, ... }:
let
    adminer = pkgs.callPackage ../../commons/adminer.nix {};
    ympd = pkgs.callPackage ./ympd.nix {
      env = myconfig.env.tools.ympd;
    };
    ttrss = pkgs.callPackage ./ttrss.nix {
      inherit (mylibs) fetchedGithub fetchedGit;
      env = myconfig.env.tools.ttrss;
    };
    roundcubemail = pkgs.callPackage ./roundcubemail.nix { env = myconfig.env.tools.roundcubemail; };
    kanboard = pkgs.callPackage ./kanboard.nix  {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.kanboard;
    };
    wallabag = pkgs.callPackage ./wallabag.nix { env = myconfig.env.tools.wallabag; };
    yourls = pkgs.callPackage ./yourls.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.yourls;
    };
    rompr = pkgs.callPackage ./rompr.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.rompr;
    };
    shaarli = pkgs.callPackage ./shaarli.nix {
      env = myconfig.env.tools.shaarli;
    };
    dokuwiki = pkgs.callPackage ./dokuwiki.nix {
      inherit (mylibs) fetchedGithub;
    };
    ldap = pkgs.callPackage ./ldap.nix {
      env = myconfig.env.tools.phpldapadmin;
    };

    cfg = config.services.myWebsites.tools.tools;
in {
  options.services.myWebsites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;

    services.myWebsites.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ roundcubemail.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    services.ympd = ympd.config // { enable = true; };

    services.myWebsites.tools.vhostConfs.tools = {
      certName    = "eldiron";
      hosts       = ["tools.immae.eu" ];
      root        = "/var/lib/ftp/tools.immae.eu";
      extraConfig = [
        ''
          <Directory "/var/lib/ftp/tools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:/var/run/phpfpm/tools.sock|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        adminer.apache.vhostConf
        ympd.apache.vhostConf
        ttrss.apache.vhostConf
        roundcubemail.apache.vhostConf
        wallabag.apache.vhostConf
        yourls.apache.vhostConf
        rompr.apache.vhostConf
        shaarli.apache.vhostConf
        dokuwiki.apache.vhostConf
        ldap.apache.vhostConf
        kanboard.apache.vhostConf
      ];
    };

    security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null;
    services.myWebsites.tools.vhostConfs.outils = {
      certName = "eldiron";
      hosts    = [ "outils.immae.eu" ];
      root     = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    services.myPhpfpm.poolConfigs = {
      adminer = adminer.phpFpm.pool;
      ttrss = ttrss.phpFpm.pool;
      roundcubemail = roundcubemail.phpFpm.pool;
      wallabag = wallabag.phpFpm.pool;
      yourls = yourls.phpFpm.pool;
      rompr = rompr.phpFpm.pool;
      shaarli = shaarli.phpFpm.pool;
      dokuwiki = dokuwiki.phpFpm.pool;
      ldap = ldap.phpFpm.pool;
      kanboard = kanboard.phpFpm.pool;
      tools = ''
        listen = /var/run/phpfpm/tools.sock
        user = wwwrun
        group = wwwrun
        listen.owner = wwwrun
        listen.group = wwwrun
        pm = dynamic
        pm.max_children = 60
        pm.start_servers = 2
        pm.min_spare_servers = 1
        pm.max_spare_servers = 10

        ; Needed to avoid clashes in browser cookies (same domain)
        php_value[session.name] = ToolsPHPSESSID
        php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
        '';
    };

    system.activationScripts = {
      ttrss = ttrss.activationScript;
      roundcubemail = roundcubemail.activationScript;
      wallabag = wallabag.activationScript;
      yourls = yourls.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      kanboard = kanboard.activationScript;
    };

    system.extraSystemBuilderCmds = ''
      mkdir -p $out/webapps
      ln -s ${dokuwiki.webRoot} $out/webapps/${dokuwiki.apache.webappName}
      ln -s ${ldap.webRoot}/htdocs $out/webapps/${ldap.apache.webappName}
      ln -s ${rompr.webRoot} $out/webapps/${rompr.apache.webappName}
      ln -s ${roundcubemail.webRoot} $out/webapps/${roundcubemail.apache.webappName}
      ln -s ${shaarli.webRoot} $out/webapps/${shaarli.apache.webappName}
      ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName}
      ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName}
      ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName}
      ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName}
      '';

    nixpkgs.overlays = [ (self: super: rec {
      ympd = super.ympd.overrideAttrs(old: mylibs.fetchedGithub ./ympd.json);
    }) ];

    systemd.services.tt-rss = {
      description = "Tiny Tiny RSS feeds update daemon";
      serviceConfig = {
        User = "wwwrun";
        ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
        StandardOutput = "syslog";
        StandardError = "syslog";
        PermissionsStartOnly = true;
      };

      wantedBy = [ "multi-user.target" ];
      requires = ["postgresql.service"];
      after = ["network.target" "postgresql.service"];
    };

  };
}
Commit	Line	Data
9d90e7e2	1	{ lib, pkgs, config, myconfig, mylibs, ... }:
10889174 IB	2	let
10889174 IB	3	adminer = pkgs.callPackage ../../commons/adminer.nix {};
bfe3c9c9 IB	4	ympd = pkgs.callPackage ./ympd.nix {
	5	env = myconfig.env.tools.ympd;
	6	};
9d90e7e2 IB	7	ttrss = pkgs.callPackage ./ttrss.nix {
	8	inherit (mylibs) fetchedGithub fetchedGit;
	9	env = myconfig.env.tools.ttrss;
	10	};
	11	roundcubemail = pkgs.callPackage ./roundcubemail.nix { env = myconfig.env.tools.roundcubemail; };
d4ed0eff IB	12	kanboard = pkgs.callPackage ./kanboard.nix {
	13	inherit (mylibs) fetchedGithub;
	14	env = myconfig.env.tools.kanboard;
	15	};
9d90e7e2	16	wallabag = pkgs.callPackage ./wallabag.nix { env = myconfig.env.tools.wallabag; };
133ebaee IB	17	yourls = pkgs.callPackage ./yourls.nix {
	18	inherit (mylibs) fetchedGithub;
	19	env = myconfig.env.tools.yourls;
	20	};
bfe3c9c9 IB	21	rompr = pkgs.callPackage ./rompr.nix {
	22	inherit (mylibs) fetchedGithub;
	23	env = myconfig.env.tools.rompr;
	24	};
95b20e17 IB	25	shaarli = pkgs.callPackage ./shaarli.nix {
	26	env = myconfig.env.tools.shaarli;
	27	};
b892dcbe IB	28	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
	29	inherit (mylibs) fetchedGithub;
	30	};
f80772dc IB	31	ldap = pkgs.callPackage ./ldap.nix {
	32	env = myconfig.env.tools.phpldapadmin;
	33	};
10889174 IB	34
	35	cfg = config.services.myWebsites.tools.tools;
	36	in {
	37	options.services.myWebsites.tools.tools = {
	38	enable = lib.mkEnableOption "enable tools website";
	39	};
	40
	41	config = lib.mkIf cfg.enable {
	42	security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
	43
	44	services.myWebsites.tools.modules =
1922655a IB	45	[ "proxy_fcgi" ]
1922655a IB	46	++ adminer.apache.modules
10889174 IB	47	++ ympd.apache.modules
10889174 IB	48	++ ttrss.apache.modules
aebd817b	49	++ roundcubemail.apache.modules
133ebaee	50	++ wallabag.apache.modules
bfe3c9c9	51	++ yourls.apache.modules
95b20e17	52	++ rompr.apache.modules
b892dcbe	53	++ shaarli.apache.modules
f80772dc	54	++ dokuwiki.apache.modules
d4ed0eff IB	55	++ ldap.apache.modules
d4ed0eff IB	56	++ kanboard.apache.modules;
10889174	57
bfe3c9c9	58	services.ympd = ympd.config // { enable = true; };
10889174 IB	59
	60	services.myWebsites.tools.vhostConfs.tools = {
	61	certName = "eldiron";
	62	hosts = ["tools.immae.eu" ];
1922655a	63	root = "/var/lib/ftp/tools.immae.eu";
10889174	64	extraConfig = [
1922655a IB	65	''
1922655a IB	66	<Directory "/var/lib/ftp/tools.immae.eu">
0eaac6ba	67	DirectoryIndex index.php index.htm index.html
1922655a IB	68	AllowOverride all
	69	Require all granted
	70	<FilesMatch "\.php$">
	71	SetHandler "proxy:unix:/var/run/phpfpm/tools.sock\|fcgi://localhost"
	72	</FilesMatch>
	73	</Directory>
	74	''
10889174 IB	75	adminer.apache.vhostConf
	76	ympd.apache.vhostConf
	77	ttrss.apache.vhostConf
	78	roundcubemail.apache.vhostConf
aebd817b	79	wallabag.apache.vhostConf
133ebaee	80	yourls.apache.vhostConf
bfe3c9c9	81	rompr.apache.vhostConf
95b20e17	82	shaarli.apache.vhostConf
b892dcbe	83	dokuwiki.apache.vhostConf
f80772dc	84	ldap.apache.vhostConf
d4ed0eff	85	kanboard.apache.vhostConf
10889174 IB	86	];
	87	};
	88
70606070 IB	89	security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null;
	90	services.myWebsites.tools.vhostConfs.outils = {
	91	certName = "eldiron";
	92	hosts = [ "outils.immae.eu" ];
	93	root = null;
	94	extraConfig = [
	95	''
	96	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	97
	98	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	99
	100	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	101	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	102
	103	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	104	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	105	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	106	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	107
	108	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	109
	110	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	111	''
	112	];
	113	};
	114
10889174 IB	115	services.myPhpfpm.poolConfigs = {
	116	adminer = adminer.phpFpm.pool;
	117	ttrss = ttrss.phpFpm.pool;
	118	roundcubemail = roundcubemail.phpFpm.pool;
aebd817b	119	wallabag = wallabag.phpFpm.pool;
133ebaee	120	yourls = yourls.phpFpm.pool;
bfe3c9c9	121	rompr = rompr.phpFpm.pool;
95b20e17	122	shaarli = shaarli.phpFpm.pool;
b892dcbe	123	dokuwiki = dokuwiki.phpFpm.pool;
f80772dc	124	ldap = ldap.phpFpm.pool;
d4ed0eff	125	kanboard = kanboard.phpFpm.pool;
1922655a IB	126	tools = ''
	127	listen = /var/run/phpfpm/tools.sock
	128	user = wwwrun
	129	group = wwwrun
	130	listen.owner = wwwrun
	131	listen.group = wwwrun
	132	pm = dynamic
	133	pm.max_children = 60
	134	pm.start_servers = 2
	135	pm.min_spare_servers = 1
	136	pm.max_spare_servers = 10
	137
	138	; Needed to avoid clashes in browser cookies (same domain)
	139	php_value[session.name] = ToolsPHPSESSID
	140	php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
	141	'';
10889174 IB	142	};
	143
	144	system.activationScripts = {
	145	ttrss = ttrss.activationScript;
	146	roundcubemail = roundcubemail.activationScript;
aebd817b	147	wallabag = wallabag.activationScript;
133ebaee	148	yourls = yourls.activationScript;
bfe3c9c9	149	rompr = rompr.activationScript;
95b20e17	150	shaarli = shaarli.activationScript;
b892dcbe	151	dokuwiki = dokuwiki.activationScript;
d4ed0eff	152	kanboard = kanboard.activationScript;
10889174 IB	153	};
10889174 IB	154
a95ab089 IB	155	system.extraSystemBuilderCmds = ''
	156	mkdir -p $out/webapps
	157	ln -s ${dokuwiki.webRoot} $out/webapps/${dokuwiki.apache.webappName}
	158	ln -s ${ldap.webRoot}/htdocs $out/webapps/${ldap.apache.webappName}
	159	ln -s ${rompr.webRoot} $out/webapps/${rompr.apache.webappName}
	160	ln -s ${roundcubemail.webRoot} $out/webapps/${roundcubemail.apache.webappName}
	161	ln -s ${shaarli.webRoot} $out/webapps/${shaarli.apache.webappName}
	162	ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName}
	163	ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName}
	164	ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName}
d4ed0eff	165	ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName}
a95ab089 IB	166	'';
a95ab089 IB	167
2368a4b7 IB	168	nixpkgs.overlays = [ (self: super: rec {
	169	ympd = super.ympd.overrideAttrs(old: mylibs.fetchedGithub ./ympd.json);
	170	}) ];
e229e6f2	171
10889174 IB	172	systemd.services.tt-rss = {
	173	description = "Tiny Tiny RSS feeds update daemon";
	174	serviceConfig = {
	175	User = "wwwrun";
	176	ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
	177	StandardOutput = "syslog";
	178	StandardError = "syslog";
	179	PermissionsStartOnly = true;
	180	};
	181
	182	wantedBy = [ "multi-user.target" ];
	183	requires = ["postgresql.service"];
	184	after = ["network.target" "postgresql.service"];
	185	};
	186
	187	};
	188	}
	189