[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / tools / default.nix

{ lib, pkgs, config, myconfig, mylibs, ... }:
let
    adminer = pkgs.callPackage ../../commons/adminer.nix {};
    ympd = pkgs.callPackage ./ympd.nix {
      env = myconfig.env.tools.ympd;
    };
    ttrss = pkgs.callPackage ./ttrss.nix {
      inherit (mylibs) fetchedGithub fetchedGit;
      env = myconfig.env.tools.ttrss;
    };
    roundcubemail = pkgs.callPackage ./roundcubemail.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.roundcubemail;
    };
    rainloop = pkgs.callPackage ./rainloop.nix  {};
    kanboard = pkgs.callPackage ./kanboard.nix  {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.kanboard;
    };
    wallabag = pkgs.callPackage ./wallabag.nix { env = myconfig.env.tools.wallabag; };
    yourls = pkgs.callPackage ./yourls.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.yourls;
    };
    rompr = pkgs.callPackage ./rompr.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.rompr;
    };
    shaarli = pkgs.callPackage ./shaarli.nix {
      env = myconfig.env.tools.shaarli;
    };
    dokuwiki = pkgs.callPackage ./dokuwiki.nix {
      inherit (mylibs) fetchedGithub;
    };
    ldap = pkgs.callPackage ./ldap.nix {
      env = myconfig.env.tools.phpldapadmin;
    };

    cfg = config.services.myWebsites.tools.tools;
in {
  options.services.myWebsites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
    security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null;

    deployment.keys =
      kanboard.keys
      // ldap.keys
      // roundcubemail.keys
      // shaarli.keys
      // ttrss.keys
      // wallabag.keys
      // yourls.keys;

    services.myWebsites.integration.modules =
      rainloop.apache.modules;

    services.myWebsites.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ roundcubemail.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    services.ympd = ympd.config // { enable = true; };

    services.myWebsites.integration.vhostConfs.devtools = {
      certName    = "eldiron";
      hosts       = ["devtools.immae.eu" ];
      root        = "/var/lib/ftp/devtools.immae.eu";
      extraConfig = [
        ''
          <Directory "/var/lib/ftp/devtools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:/var/run/phpfpm/devtools.sock|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        rainloop.apache.vhostConf
      ];
    };

    services.myWebsites.tools.vhostConfs.tools = {
      certName    = "eldiron";
      hosts       = ["tools.immae.eu" ];
      root        = "/var/lib/ftp/tools.immae.eu";
      extraConfig = [
        ''
          <Directory "/var/lib/ftp/tools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:/var/run/phpfpm/tools.sock|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        adminer.apache.vhostConf
        ympd.apache.vhostConf
        ttrss.apache.vhostConf
        roundcubemail.apache.vhostConf
        wallabag.apache.vhostConf
        yourls.apache.vhostConf
        rompr.apache.vhostConf
        shaarli.apache.vhostConf
        dokuwiki.apache.vhostConf
        ldap.apache.vhostConf
        kanboard.apache.vhostConf
      ];
    };

    security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null;
    services.myWebsites.tools.vhostConfs.outils = {
      certName = "eldiron";
      hosts    = [ "outils.immae.eu" ];
      root     = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    services.myPhpfpm.serviceDependencies = {
      dokuwiki = dokuwiki.phpFpm.serviceDeps;
      kanboard = kanboard.phpFpm.serviceDeps;
      ldap = ldap.phpFpm.serviceDeps;
      rainloop = rainloop.phpFpm.serviceDeps;
      roundcubemail = roundcubemail.phpFpm.serviceDeps;
      shaarli = shaarli.phpFpm.serviceDeps;
      ttrss = ttrss.phpFpm.serviceDeps;
      wallabag = wallabag.phpFpm.serviceDeps;
      yourls = yourls.phpFpm.serviceDeps;
    };

    services.myPhpfpm.poolPhpConfigs = {
      devtools = ''
        extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
        extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
        zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
        '';
      roundcubemail = roundcubemail.phpFpm.phpConfig;
    };
    services.myPhpfpm.poolConfigs = {
      adminer = adminer.phpFpm.pool;
      ttrss = ttrss.phpFpm.pool;
      roundcubemail = roundcubemail.phpFpm.pool;
      wallabag = wallabag.phpFpm.pool;
      yourls = yourls.phpFpm.pool;
      rompr = rompr.phpFpm.pool;
      shaarli = shaarli.phpFpm.pool;
      dokuwiki = dokuwiki.phpFpm.pool;
      ldap = ldap.phpFpm.pool;
      rainloop = rainloop.phpFpm.pool;
      kanboard = kanboard.phpFpm.pool;
      devtools = ''
        listen = /var/run/phpfpm/devtools.sock
        user = wwwrun
        group = wwwrun
        listen.owner = wwwrun
        listen.group = wwwrun
        pm = dynamic
        pm.max_children = 60
        pm.start_servers = 2
        pm.min_spare_servers = 1
        pm.max_spare_servers = 10

        php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp"
        '';
      tools = ''
        listen = /var/run/phpfpm/tools.sock
        user = wwwrun
        group = wwwrun
        listen.owner = wwwrun
        listen.group = wwwrun
        pm = dynamic
        pm.max_children = 60
        pm.start_servers = 2
        pm.min_spare_servers = 1
        pm.max_spare_servers = 10

        ; Needed to avoid clashes in browser cookies (same domain)
        php_value[session.name] = ToolsPHPSESSID
        php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
        '';
    };

    system.activationScripts = {
      ttrss = ttrss.activationScript;
      roundcubemail = roundcubemail.activationScript;
      wallabag = wallabag.activationScript;
      yourls = yourls.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      rainloop = rainloop.activationScript;
      kanboard = kanboard.activationScript;
    };

    system.extraSystemBuilderCmds = ''
      mkdir -p $out/webapps
      ln -s ${dokuwiki.webRoot} $out/webapps/${dokuwiki.apache.webappName}
      ln -s ${ldap.webRoot}/htdocs $out/webapps/${ldap.apache.webappName}
      ln -s ${rompr.webRoot} $out/webapps/${rompr.apache.webappName}
      ln -s ${roundcubemail.webRoot} $out/webapps/${roundcubemail.apache.webappName}
      ln -s ${shaarli.webRoot} $out/webapps/${shaarli.apache.webappName}
      ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName}
      ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName}
      ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName}
      ln -s ${rainloop.webRoot} $out/webapps/${rainloop.apache.webappName}
      ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName}
      '';

    nixpkgs.overlays = [ (self: super: rec {
      ympd = super.ympd.overrideAttrs(old: mylibs.fetchedGithub ./ympd.json);
    }) ];

    systemd.services.tt-rss = {
      description = "Tiny Tiny RSS feeds update daemon";
      serviceConfig = {
        User = "wwwrun";
        ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
        StandardOutput = "syslog";
        StandardError = "syslog";
        PermissionsStartOnly = true;
      };

      wantedBy = [ "multi-user.target" ];
      requires = ["postgresql.service"];
      after = ["network.target" "postgresql.service"];
    };

  };
}
Commit	Line	Data
9d90e7e2	1	{ lib, pkgs, config, myconfig, mylibs, ... }:
10889174 IB	2	let
10889174 IB	3	adminer = pkgs.callPackage ../../commons/adminer.nix {};
bfe3c9c9 IB	4	ympd = pkgs.callPackage ./ympd.nix {
	5	env = myconfig.env.tools.ympd;
	6	};
9d90e7e2 IB	7	ttrss = pkgs.callPackage ./ttrss.nix {
	8	inherit (mylibs) fetchedGithub fetchedGit;
	9	env = myconfig.env.tools.ttrss;
	10	};
8a2ccf84 IB	11	roundcubemail = pkgs.callPackage ./roundcubemail.nix {
	12	inherit (mylibs) fetchedGithub;
	13	env = myconfig.env.tools.roundcubemail;
	14	};
46f30ecc	15	rainloop = pkgs.callPackage ./rainloop.nix {};
d4ed0eff IB	16	kanboard = pkgs.callPackage ./kanboard.nix {
	17	inherit (mylibs) fetchedGithub;
	18	env = myconfig.env.tools.kanboard;
	19	};
9d90e7e2	20	wallabag = pkgs.callPackage ./wallabag.nix { env = myconfig.env.tools.wallabag; };
133ebaee IB	21	yourls = pkgs.callPackage ./yourls.nix {
	22	inherit (mylibs) fetchedGithub;
	23	env = myconfig.env.tools.yourls;
	24	};
bfe3c9c9 IB	25	rompr = pkgs.callPackage ./rompr.nix {
	26	inherit (mylibs) fetchedGithub;
	27	env = myconfig.env.tools.rompr;
	28	};
95b20e17 IB	29	shaarli = pkgs.callPackage ./shaarli.nix {
	30	env = myconfig.env.tools.shaarli;
	31	};
b892dcbe IB	32	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
	33	inherit (mylibs) fetchedGithub;
	34	};
f80772dc IB	35	ldap = pkgs.callPackage ./ldap.nix {
	36	env = myconfig.env.tools.phpldapadmin;
	37	};
10889174 IB	38
	39	cfg = config.services.myWebsites.tools.tools;
	40	in {
	41	options.services.myWebsites.tools.tools = {
	42	enable = lib.mkEnableOption "enable tools website";
	43	};
	44
	45	config = lib.mkIf cfg.enable {
	46	security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
46f30ecc IB	47	security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null;
46f30ecc IB	48
a840a21c IB	49	deployment.keys =
	50	kanboard.keys
	51	// ldap.keys
	52	// roundcubemail.keys
5f08b34c	53	// shaarli.keys
a840a21c IB	54	// ttrss.keys
	55	// wallabag.keys
	56	// yourls.keys;
98163486	57
46f30ecc IB	58	services.myWebsites.integration.modules =
46f30ecc IB	59	rainloop.apache.modules;
10889174 IB	60
10889174 IB	61	services.myWebsites.tools.modules =
1922655a IB	62	[ "proxy_fcgi" ]
1922655a IB	63	++ adminer.apache.modules
10889174 IB	64	++ ympd.apache.modules
10889174 IB	65	++ ttrss.apache.modules
aebd817b	66	++ roundcubemail.apache.modules
133ebaee	67	++ wallabag.apache.modules
bfe3c9c9	68	++ yourls.apache.modules
95b20e17	69	++ rompr.apache.modules
b892dcbe	70	++ shaarli.apache.modules
f80772dc	71	++ dokuwiki.apache.modules
d4ed0eff IB	72	++ ldap.apache.modules
d4ed0eff IB	73	++ kanboard.apache.modules;
10889174	74
bfe3c9c9	75	services.ympd = ympd.config // { enable = true; };
10889174	76
46f30ecc IB	77	services.myWebsites.integration.vhostConfs.devtools = {
	78	certName = "eldiron";
	79	hosts = ["devtools.immae.eu" ];
0aae0181	80	root = "/var/lib/ftp/devtools.immae.eu";
46f30ecc	81	extraConfig = [
0aae0181 IB	82	''
	83	<Directory "/var/lib/ftp/devtools.immae.eu">
	84	DirectoryIndex index.php index.htm index.html
	85	AllowOverride all
	86	Require all granted
	87	<FilesMatch "\.php$">
	88	SetHandler "proxy:unix:/var/run/phpfpm/devtools.sock\|fcgi://localhost"
	89	</FilesMatch>
	90	</Directory>
	91	''
46f30ecc IB	92	rainloop.apache.vhostConf
	93	];
	94	};
	95
10889174 IB	96	services.myWebsites.tools.vhostConfs.tools = {
	97	certName = "eldiron";
	98	hosts = ["tools.immae.eu" ];
1922655a	99	root = "/var/lib/ftp/tools.immae.eu";
10889174	100	extraConfig = [
1922655a IB	101	''
1922655a IB	102	<Directory "/var/lib/ftp/tools.immae.eu">
0eaac6ba	103	DirectoryIndex index.php index.htm index.html
1922655a IB	104	AllowOverride all
	105	Require all granted
	106	<FilesMatch "\.php$">
	107	SetHandler "proxy:unix:/var/run/phpfpm/tools.sock\|fcgi://localhost"
	108	</FilesMatch>
	109	</Directory>
	110	''
10889174 IB	111	adminer.apache.vhostConf
	112	ympd.apache.vhostConf
	113	ttrss.apache.vhostConf
	114	roundcubemail.apache.vhostConf
aebd817b	115	wallabag.apache.vhostConf
133ebaee	116	yourls.apache.vhostConf
bfe3c9c9	117	rompr.apache.vhostConf
95b20e17	118	shaarli.apache.vhostConf
b892dcbe	119	dokuwiki.apache.vhostConf
f80772dc	120	ldap.apache.vhostConf
d4ed0eff	121	kanboard.apache.vhostConf
10889174 IB	122	];
	123	};
	124
70606070 IB	125	security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null;
	126	services.myWebsites.tools.vhostConfs.outils = {
	127	certName = "eldiron";
	128	hosts = [ "outils.immae.eu" ];
	129	root = null;
	130	extraConfig = [
	131	''
	132	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	133
	134	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	135
	136	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	137	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	138
	139	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	140	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	141	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	142	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	143
	144	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	145
	146	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	147	''
	148	];
	149	};
	150
a840a21c IB	151	services.myPhpfpm.serviceDependencies = {
	152	dokuwiki = dokuwiki.phpFpm.serviceDeps;
	153	kanboard = kanboard.phpFpm.serviceDeps;
	154	ldap = ldap.phpFpm.serviceDeps;
	155	rainloop = rainloop.phpFpm.serviceDeps;
	156	roundcubemail = roundcubemail.phpFpm.serviceDeps;
5f08b34c	157	shaarli = shaarli.phpFpm.serviceDeps;
a840a21c IB	158	ttrss = ttrss.phpFpm.serviceDeps;
	159	wallabag = wallabag.phpFpm.serviceDeps;
	160	yourls = yourls.phpFpm.serviceDeps;
	161	};
	162
b7d2d4e3	163	services.myPhpfpm.poolPhpConfigs = {
0aae0181 IB	164	devtools = ''
	165	extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
	166	extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
	167	zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
	168	'';
b7d2d4e3 IB	169	roundcubemail = roundcubemail.phpFpm.phpConfig;
b7d2d4e3 IB	170	};
10889174 IB	171	services.myPhpfpm.poolConfigs = {
	172	adminer = adminer.phpFpm.pool;
	173	ttrss = ttrss.phpFpm.pool;
	174	roundcubemail = roundcubemail.phpFpm.pool;
aebd817b	175	wallabag = wallabag.phpFpm.pool;
133ebaee	176	yourls = yourls.phpFpm.pool;
bfe3c9c9	177	rompr = rompr.phpFpm.pool;
95b20e17	178	shaarli = shaarli.phpFpm.pool;
b892dcbe	179	dokuwiki = dokuwiki.phpFpm.pool;
f80772dc	180	ldap = ldap.phpFpm.pool;
46f30ecc	181	rainloop = rainloop.phpFpm.pool;
d4ed0eff	182	kanboard = kanboard.phpFpm.pool;
0aae0181 IB	183	devtools = ''
	184	listen = /var/run/phpfpm/devtools.sock
	185	user = wwwrun
	186	group = wwwrun
	187	listen.owner = wwwrun
	188	listen.group = wwwrun
	189	pm = dynamic
	190	pm.max_children = 60
	191	pm.start_servers = 2
	192	pm.min_spare_servers = 1
	193	pm.max_spare_servers = 10
	194
	195	php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp"
	196	'';
1922655a IB	197	tools = ''
	198	listen = /var/run/phpfpm/tools.sock
	199	user = wwwrun
	200	group = wwwrun
	201	listen.owner = wwwrun
	202	listen.group = wwwrun
	203	pm = dynamic
	204	pm.max_children = 60
	205	pm.start_servers = 2
	206	pm.min_spare_servers = 1
	207	pm.max_spare_servers = 10
	208
	209	; Needed to avoid clashes in browser cookies (same domain)
	210	php_value[session.name] = ToolsPHPSESSID
	211	php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
	212	'';
10889174 IB	213	};
	214
	215	system.activationScripts = {
	216	ttrss = ttrss.activationScript;
	217	roundcubemail = roundcubemail.activationScript;
aebd817b	218	wallabag = wallabag.activationScript;
133ebaee	219	yourls = yourls.activationScript;
bfe3c9c9	220	rompr = rompr.activationScript;
95b20e17	221	shaarli = shaarli.activationScript;
b892dcbe	222	dokuwiki = dokuwiki.activationScript;
46f30ecc	223	rainloop = rainloop.activationScript;
d4ed0eff	224	kanboard = kanboard.activationScript;
10889174 IB	225	};
10889174 IB	226
a95ab089 IB	227	system.extraSystemBuilderCmds = ''
	228	mkdir -p $out/webapps
	229	ln -s ${dokuwiki.webRoot} $out/webapps/${dokuwiki.apache.webappName}
	230	ln -s ${ldap.webRoot}/htdocs $out/webapps/${ldap.apache.webappName}
	231	ln -s ${rompr.webRoot} $out/webapps/${rompr.apache.webappName}
	232	ln -s ${roundcubemail.webRoot} $out/webapps/${roundcubemail.apache.webappName}
	233	ln -s ${shaarli.webRoot} $out/webapps/${shaarli.apache.webappName}
	234	ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName}
	235	ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName}
	236	ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName}
46f30ecc	237	ln -s ${rainloop.webRoot} $out/webapps/${rainloop.apache.webappName}
d4ed0eff	238	ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName}
a95ab089 IB	239	'';
a95ab089 IB	240
2368a4b7 IB	241	nixpkgs.overlays = [ (self: super: rec {
	242	ympd = super.ympd.overrideAttrs(old: mylibs.fetchedGithub ./ympd.json);
	243	}) ];
e229e6f2	244
10889174 IB	245	systemd.services.tt-rss = {
	246	description = "Tiny Tiny RSS feeds update daemon";
	247	serviceConfig = {
	248	User = "wwwrun";
	249	ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
	250	StandardOutput = "syslog";
	251	StandardError = "syslog";
	252	PermissionsStartOnly = true;
	253	};
	254
	255	wantedBy = [ "multi-user.target" ];
	256	requires = ["postgresql.service"];
	257	after = ["network.target" "postgresql.service"];
	258	};
	259
	260	};
	261	}
	262