[perso/Immae/Config/Nix.git] / systems / eldiron / websites / tools / default.nix

{ lib, pkgs, config, mypackages-lib, grocy, ... }:
let
  composerEnv = mypackages-lib.composerEnv;
  adminer = pkgs.callPackage ./adminer.nix { inherit config; };
  ympd = pkgs.callPackage ./ympd.nix {
    env = config.myEnv.tools.ympd;
    inherit config;
  };
  ttrss = pkgs.callPackage ./ttrss.nix {
    ttrss = pkgs.webapps-ttrss;
    ttrss-plugins = pkgs.webapps-ttrss-plugins;
    env = config.myEnv.tools.ttrss;
    php = pkgs.php72;
    inherit config;
  };
  kanboard = pkgs.callPackage ./kanboard.nix  {
    inherit config;
    env = config.myEnv.tools.kanboard;
  };
  wallabag = pkgs.callPackage ./wallabag.nix {
    wallabag = pkgs.webapps-wallabag.override {
      composerEnv = composerEnv.override {
        php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
      };
    };
    env = config.myEnv.tools.wallabag;
    inherit config;
  };
  yourls = pkgs.callPackage ./yourls.nix {
    yourls = pkgs.webapps-yourls;
    yourls-plugins = pkgs.webapps-yourls-plugins;
    env = config.myEnv.tools.yourls;
    inherit config;
  };
  rompr = pkgs.callPackage ./rompr.nix {
    rompr = pkgs.webapps-rompr;
    env = config.myEnv.tools.rompr;
    inherit config;
  };
  shaarli = pkgs.callPackage ./shaarli.nix {
    env = config.myEnv.tools.shaarli;
    inherit config;
  };
  dokuwiki = pkgs.callPackage ./dokuwiki.nix {
    dokuwiki = pkgs.webapps-dokuwiki;
    dokuwiki-plugins = pkgs.webapps-dokuwiki-plugins;
    inherit config;
  };
  ldap = pkgs.callPackage ./ldap.nix {
    phpldapadmin = pkgs.webapps-phpldapadmin;
    env = config.myEnv.tools.phpldapadmin;
    inherit config;
  };
  grocy' = pkgs.callPackage ./grocy.nix {
    grocy = grocy.override { composerEnv = composerEnv.override { php = pkgs.php72; }; };
  };
  phpbb = pkgs.callPackage ./phpbb.nix {
    phpbb = (pkgs.webapps-phpbb.withLangs (l: [ l.fr ])).withExts (e: [
      e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
      e.empteintesduweb.monitoranswers e.lr94.autosubscribe
      e.phpbbmodders.adduser ]);
  };
  webhooks-bin-env = pkgs.buildEnv {
    name = "webhook-env";
    paths = [ pkgs.apprise ];
    pathsToLink = [ "/bin" ];
  };
  webhooks = pkgs.callPackage ./webhooks.nix {
    env = config.myEnv.tools.webhooks;
    binEnv = webhooks-bin-env;
  };
  dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
    env = config.myEnv.tools.dmarc_reports;
    inherit config;
  };

  landing = pkgs.callPackage ./landing.nix { };

  cfg = config.myServices.websites.tools.tools;
  pcfg = config.services.phpfpm.pools;
in {
  options.myServices.websites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    # Services needing to send e-mails
    myServices.dns.zones."immae.eu".emailPolicies."tools".receive = true;
    myServices.dns.zones."immae.eu".subdomains =
      with config.myServices.dns.helpers;
      {
        outils = ips servers.eldiron.ips.main;
        tools  = lib.mkMerge [
          (mailCommon "immae.eu")
          mailSend
          (ips servers.eldiron.ips.main)
        ];
      };

    myServices.chatonsProperties.services = {
      adminer = adminer.chatonsProperties;
      dokuwiki = dokuwiki.chatonsProperties;
      shaarli = shaarli.chatonsProperties;
      ttrss = ttrss.chatonsProperties;
      wallabag = wallabag.chatonsProperties;
      paste = {
        file.datetime = "2022-08-22T00:15:00";
        service = {
          name = "Paste";
          description = "A simple paster script with syntax highlight";
          website = "https://tools.immae.eu/paste/";
          logo = "https://assets.immae.eu/logo.jpg";
          status.level = "OK";
          status.description = "OK";
          registration."" = ["MEMBER" "CLIENT"];
          registration.load = "OPEN";
          install.type = "PACKAGE";
          guide.user = "https://tools.immae.eu/paste/";
        };
        software = {
          name = "Paste";
          website = "https://tools.immae.eu/paste/";
          license.url = "https://tools.immae.eu/paste/license";
          license.name = "MIT License";
          version = "Unversioned";
          source.url = "https://tools.immae.eu/paste/abcd123/py";
        };
      };
    };
    myServices.chatonsProperties.hostings = {
      dokuwiki = dokuwiki.chatonsHostingProperties;
      phpbb = phpbb.chatonsHostingProperties;
    };
    secrets.keys =
      kanboard.keys
      // ldap.keys
      // shaarli.keys
      // ttrss.keys
      // wallabag.keys
      // yourls.keys
      // dmarc-reports.keys
      // webhooks.keys
      // ({ "webapps/tools-landing-sql-rw" = {
        user = "wwwrun";
        group = "wwwrun";
        permissions = "0400";
        text = let
          env = config.myEnv.tools.landing;
        in ''
          SetEnv PGUSER "${env.postgresql.user}"
          SetEnv PGPASSWORD "${env.postgresql.password}"
          SetEnv PGDATABASE "${env.postgresql.database}"
          SetEnv PGHOST "${env.postgresql.socket}"
        '';
      }; });
    services.websites.env.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ dmarc-reports.apache.modules
      ++ phpbb.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    myServices.dns.zones."immae.dev" = with config.myServices.dns.helpers; {
      subdomains.tools = ips servers.eldiron.ips.integration;
    };
    security.acme.certs.integration.domain = "tools.immae.dev";
    services.websites.env.integration.vhostConfs.devtools = {
      certName     = "integration";
      hosts        = [ "tools.immae.dev" ];
      root         = "/var/lib/ftp/immae/devtools";
      extraConfig  = [
        ''
          Use Apaxy "/var/lib/ftp/immae/devtools" "title"
          Timeout 600
          ProxyTimeout 600
          Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
          <Directory "/var/lib/ftp/immae/devtools">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
      ];
    };


    security.acme.certs.eldiron.extraDomainNames = [ "outils.immae.eu" "tools.immae.eu" ];
    services.websites.env.tools.vhostConfs.tools = {
      certName    = "eldiron";
      hosts       = ["tools.immae.eu" ];
      root        = landing;
      extraConfig = [
        ''
          RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1
          RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1
          RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

          <Directory "${landing}">
            Include ${config.secrets.fullPaths."webapps/tools-landing-sql-rw"}
            DirectoryIndex index.html
            AllowOverride None
            Require all granted

            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        (adminer.apache.vhostConf pcfg.adminer.socket)
        ympd.apache.vhostConf
        (ttrss.apache.vhostConf pcfg.ttrss.socket)
        (wallabag.apache.vhostConf pcfg.wallabag.socket)
        (yourls.apache.vhostConf pcfg.yourls.socket)
        (rompr.apache.vhostConf pcfg.rompr.socket)
        (shaarli.apache.vhostConf pcfg.shaarli.socket)
        (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
        (ldap.apache.vhostConf pcfg.ldap.socket)
        (kanboard.apache.vhostConf pcfg.kanboard.socket)
        (grocy'.apache.vhostConf pcfg.grocy.socket)
        (phpbb.apache.vhostConf pcfg.phpbb.socket)
        (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
        ''
          <Location "/paste/">
            ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPreserveHost on
          </Location>
          <Location "/paste">
            ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPreserveHost on
          </Location>

          <Location "/ntfy/">
            SetEnv proxy-nokeepalive 1
            SetEnv proxy-sendchunked 1
            LimitRequestBody 102400

            RewriteEngine On

            # FIXME: why is landing prefixed in the url?
            RewriteCond %{HTTP:Upgrade} websocket [NC]
            RewriteCond %{HTTP:Connection} upgrade [NC]
            RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|ws://tools.immae.eu/$2 [P,NE,QSA,L]

            RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|http://tools.immae.eu/$2 [P,NE,QSA,L]
          </Location>
          Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
          <Directory "/var/lib/buildbot/outputs/immae/bip39">
            DirectoryIndex index.html
            AllowOverride None
            Require all granted
          </Directory>

          Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
          <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
            Options -Indexes
            DirectoryIndex index.php
            Require all granted
            AllowOverride None
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
        ''
      ];
    };

    services.websites.env.tools.vhostConfs.outils = {
      certName   = "eldiron";
      hosts      = [ "outils.immae.eu" ];
      root       = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1

        RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

        RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    systemd.services = {
      phpfpm-dokuwiki = {
        after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
        wants = dokuwiki.phpFpm.serviceDeps;
      };
      phpfpm-phpbb = {
        after = lib.mkAfter phpbb.phpFpm.serviceDeps;
        wants = phpbb.phpFpm.serviceDeps;
      };
      phpfpm-kanboard = {
        after = lib.mkAfter kanboard.phpFpm.serviceDeps;
        wants = kanboard.phpFpm.serviceDeps;
      };
      phpfpm-ldap = {
        after = lib.mkAfter ldap.phpFpm.serviceDeps;
        wants = ldap.phpFpm.serviceDeps;
      };
      phpfpm-shaarli = {
        after = lib.mkAfter shaarli.phpFpm.serviceDeps;
        wants = shaarli.phpFpm.serviceDeps;
      };
      phpfpm-ttrss = {
        after = lib.mkAfter ttrss.phpFpm.serviceDeps;
        wants = ttrss.phpFpm.serviceDeps;
      };
      phpfpm-wallabag = {
        after = lib.mkAfter wallabag.phpFpm.serviceDeps;
        wants = wallabag.phpFpm.serviceDeps;
        preStart = lib.mkAfter wallabag.phpFpm.preStart;
      };
      phpfpm-yourls = {
        after = lib.mkAfter yourls.phpFpm.serviceDeps;
        wants = yourls.phpFpm.serviceDeps;
      };
      ntfy = {
        description = "send push notifications to your phone or desktop via scripts from any computer";
        wantedBy = [ "multi-user.target" ];
        serviceConfig = {
          ExecStart = "${pkgs.ntfy-sh}/bin/ntfy serve --listen-http '' --listen-unix %t/ntfy/ntfy.sock --cache-file %S/ntfy/cache.db --cache-duration 120h --behind-proxy --attachment-cache-dir %S/ntfy/attachments --base-url https://tools.immae.eu/ntfy";
          Type = "simple";
          WorkingDirectory = "%S/ntfy";
          RuntimeDirectory = "ntfy";
          StateDirectory = "ntfy";
          User = "wwwrun";
        };
      };
      ympd = {
        description = "Standalone MPD Web GUI written in C";
        wantedBy = [ "multi-user.target" ];
        script = ''
          export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
          ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
          '';
      };
      tt-rss = {
        description = "Tiny Tiny RSS feeds update daemon";
        serviceConfig = {
          User = "wwwrun";
          ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
          StandardOutput = "syslog";
          StandardError = "syslog";
          PermissionsStartOnly = true;
        };

        wantedBy = [ "multi-user.target" ];
        requires = ["postgresql.service"];
        after = ["network.target" "postgresql.service"];
      };
    };

    services.filesWatcher.ympd = {
      restart = true;
      paths = [ config.secrets.fullPaths."mpd" ];
    };

    services.phpfpm.pools = {
      tools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          "php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i";
          "php_admin_value[session.save_handler]" = "redis";
          "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Tools:'";
          # Needed to avoid clashes in browser cookies (same domain)
          "php_value[session.name]" = "ToolsPHPSESSID";
          "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
            "/run/wrappers/bin/sendmail" landing "/tmp"
            config.secrets.fullPaths."webapps/webhooks"
            "${webhooks-bin-env}/bin"
          ];
        };
        phpEnv = {
          CONTACT_EMAIL = config.myEnv.tools.contact;
        };
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]);
      };
      devtools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          "php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i";
          "php_admin_value[session.save_handler]" = "redis";
          "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Devtools:'";
          "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
        };
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.sqlite3 all.redis all.apcu all.opcache ]);
      };
      adminer = adminer.phpFpm;
      ttrss = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ttrss.phpFpm.pool;
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
      };
      wallabag = {
        user = "wwwrun";
        group = "wwwrun";
        settings = wallabag.phpFpm.pool;
        phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy all.redis]);
      };
      yourls = {
        user = "wwwrun";
        group = "wwwrun";
        settings = yourls.phpFpm.pool;
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
      };
      rompr = {
        user = "wwwrun";
        group = "wwwrun";
        settings = rompr.phpFpm.pool;
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
      };
      shaarli = {
        user = "wwwrun";
        group = "wwwrun";
        settings = shaarli.phpFpm.pool;
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
      };
      dmarc-reports = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dmarc-reports.phpFpm.pool;
        phpEnv = dmarc-reports.phpFpm.phpEnv;
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
      };
      dokuwiki = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dokuwiki.phpFpm.pool;
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
      };
      phpbb = {
        user = "wwwrun";
        group = "wwwrun";
        settings = phpbb.phpFpm.pool;
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
      };
      ldap = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ldap.phpFpm.pool;
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
      };
      kanboard = {
        user = "wwwrun";
        group = "wwwrun";
        settings = kanboard.phpFpm.pool;
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
      };
      grocy = {
        user = "wwwrun";
        group = "wwwrun";
        settings = grocy'.phpFpm.pool;
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
      };
    };

    system.activationScripts = {
      grocy = grocy'.activationScript;
      ttrss = ttrss.activationScript;
      wallabag = wallabag.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      phpbb = phpbb.activationScript;
      kanboard = kanboard.activationScript;
    };

    services.websites.env.tools.watchPaths = [
      config.secrets.fullPaths."webapps/tools-shaarli"
    ];
    services.filesWatcher.phpfpm-wallabag = {
      restart = true;
      paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
    };

    myServices.monitoring.fromMasterActivatedPlugins = lib.mkMerge [
      ttrss.monitoringPlugins
      rompr.monitoringPlugins
      wallabag.monitoringPlugins
      yourls.monitoringPlugins
      ympd.monitoringPlugins
      dokuwiki.monitoringPlugins
      shaarli.monitoringPlugins
      ldap.monitoringPlugins
      adminer.monitoringPlugins
    ];
    myServices.monitoring.fromMasterObjects = lib.mkMerge [
      ttrss.monitoringObjects
      rompr.monitoringObjects
      wallabag.monitoringObjects
      yourls.monitoringObjects
      ympd.monitoringObjects
      dokuwiki.monitoringObjects
      shaarli.monitoringObjects
      ldap.monitoringObjects
      adminer.monitoringObjects
    ];
  };
}
Commit	Line	Data
1a64deeb	1	{ lib, pkgs, config, mypackages-lib, grocy, ... }:
10889174	2	let
1a64deeb IB	3	composerEnv = mypackages-lib.composerEnv;
1a64deeb IB	4	adminer = pkgs.callPackage ./adminer.nix { inherit config; };
4288c2f2	5	ympd = pkgs.callPackage ./ympd.nix {
ab8f306d	6	env = config.myEnv.tools.ympd;
1a64deeb	7	inherit config;
4288c2f2 IB	8	};
4288c2f2 IB	9	ttrss = pkgs.callPackage ./ttrss.nix {
1a64deeb IB	10	ttrss = pkgs.webapps-ttrss;
1a64deeb IB	11	ttrss-plugins = pkgs.webapps-ttrss-plugins;
ab8f306d	12	env = config.myEnv.tools.ttrss;
dcac3ec7	13	php = pkgs.php72;
da30ae4f	14	inherit config;
4288c2f2	15	};
4288c2f2	16	kanboard = pkgs.callPackage ./kanboard.nix {
da30ae4f	17	inherit config;
ab8f306d	18	env = config.myEnv.tools.kanboard;
4288c2f2 IB	19	};
4288c2f2 IB	20	wallabag = pkgs.callPackage ./wallabag.nix {
1a64deeb IB	21	wallabag = pkgs.webapps-wallabag.override {
1a64deeb IB	22	composerEnv = composerEnv.override {
2053ddac	23	php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
46c99b57 IB	24	};
46c99b57 IB	25	};
ab8f306d	26	env = config.myEnv.tools.wallabag;
da30ae4f	27	inherit config;
4288c2f2 IB	28	};
4288c2f2 IB	29	yourls = pkgs.callPackage ./yourls.nix {
1a64deeb IB	30	yourls = pkgs.webapps-yourls;
1a64deeb IB	31	yourls-plugins = pkgs.webapps-yourls-plugins;
ab8f306d	32	env = config.myEnv.tools.yourls;
da30ae4f	33	inherit config;
4288c2f2 IB	34	};
4288c2f2 IB	35	rompr = pkgs.callPackage ./rompr.nix {
1a64deeb	36	rompr = pkgs.webapps-rompr;
ab8f306d	37	env = config.myEnv.tools.rompr;
1a64deeb	38	inherit config;
4288c2f2 IB	39	};
4288c2f2 IB	40	shaarli = pkgs.callPackage ./shaarli.nix {
ab8f306d	41	env = config.myEnv.tools.shaarli;
da30ae4f	42	inherit config;
4288c2f2 IB	43	};
4288c2f2 IB	44	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
1a64deeb IB	45	dokuwiki = pkgs.webapps-dokuwiki;
	46	dokuwiki-plugins = pkgs.webapps-dokuwiki-plugins;
	47	inherit config;
4288c2f2 IB	48	};
4288c2f2 IB	49	ldap = pkgs.callPackage ./ldap.nix {
1a64deeb	50	phpldapadmin = pkgs.webapps-phpldapadmin;
ab8f306d	51	env = config.myEnv.tools.phpldapadmin;
da30ae4f	52	inherit config;
4288c2f2	53	};
1a64deeb IB	54	grocy' = pkgs.callPackage ./grocy.nix {
1a64deeb IB	55	grocy = grocy.override { composerEnv = composerEnv.override { php = pkgs.php72; }; };
c7627e14	56	};
a8ef1adb	57	phpbb = pkgs.callPackage ./phpbb.nix {
1a64deeb	58	phpbb = (pkgs.webapps-phpbb.withLangs (l: [ l.fr ])).withExts (e: [
a8ef1adb IB	59	e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
	60	e.empteintesduweb.monitoranswers e.lr94.autosubscribe
	61	e.phpbbmodders.adduser ]);
	62	};
1a64deeb IB	63	webhooks-bin-env = pkgs.buildEnv {
	64	name = "webhook-env";
	65	paths = [ pkgs.apprise ];
	66	pathsToLink = [ "/bin" ];
	67	};
251c0a13 IB	68	webhooks = pkgs.callPackage ./webhooks.nix {
251c0a13 IB	69	env = config.myEnv.tools.webhooks;
1a64deeb	70	binEnv = webhooks-bin-env;
251c0a13	71	};
7df5e532 IB	72	dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
7df5e532 IB	73	env = config.myEnv.tools.dmarc_reports;
da30ae4f	74	inherit config;
7df5e532	75	};
251c0a13	76
1a64deeb	77	landing = pkgs.callPackage ./landing.nix { };
10889174	78
4288c2f2	79	cfg = config.myServices.websites.tools.tools;
5400b9b6	80	pcfg = config.services.phpfpm.pools;
10889174	81	in {
4288c2f2	82	options.myServices.websites.tools.tools = {
10889174 IB	83	enable = lib.mkEnableOption "enable tools website";
	84	};
	85
	86	config = lib.mkIf cfg.enable {
1a64deeb IB	87	# Services needing to send e-mails
	88	myServices.dns.zones."immae.eu".emailPolicies."tools".receive = true;
	89	myServices.dns.zones."immae.eu".subdomains =
	90	with config.myServices.dns.helpers;
	91	{
	92	outils = ips servers.eldiron.ips.main;
	93	tools = lib.mkMerge [
	94	(mailCommon "immae.eu")
	95	mailSend
	96	(ips servers.eldiron.ips.main)
	97	];
	98	};
	99
	100	myServices.chatonsProperties.services = {
	101	adminer = adminer.chatonsProperties;
	102	dokuwiki = dokuwiki.chatonsProperties;
	103	shaarli = shaarli.chatonsProperties;
	104	ttrss = ttrss.chatonsProperties;
	105	wallabag = wallabag.chatonsProperties;
	106	paste = {
	107	file.datetime = "2022-08-22T00:15:00";
	108	service = {
	109	name = "Paste";
	110	description = "A simple paster script with syntax highlight";
	111	website = "https://tools.immae.eu/paste/";
	112	logo = "https://assets.immae.eu/logo.jpg";
	113	status.level = "OK";
	114	status.description = "OK";
	115	registration."" = ["MEMBER" "CLIENT"];
	116	registration.load = "OPEN";
	117	install.type = "PACKAGE";
	118	guide.user = "https://tools.immae.eu/paste/";
	119	};
	120	software = {
	121	name = "Paste";
	122	website = "https://tools.immae.eu/paste/";
	123	license.url = "https://tools.immae.eu/paste/license";
	124	license.name = "MIT License";
	125	version = "Unversioned";
	126	source.url = "https://tools.immae.eu/paste/abcd123/py";
	127	};
	128	};
	129	};
	130	myServices.chatonsProperties.hostings = {
	131	dokuwiki = dokuwiki.chatonsHostingProperties;
	132	phpbb = phpbb.chatonsHostingProperties;
	133	};
1a718805	134	secrets.keys =
a840a21c	135	kanboard.keys
4c4652aa IB	136	// ldap.keys
	137	// shaarli.keys
	138	// ttrss.keys
	139	// wallabag.keys
	140	// yourls.keys
	141	// dmarc-reports.keys
1a64deeb IB	142	// webhooks.keys
	143	// ({ "webapps/tools-landing-sql-rw" = {
	144	user = "wwwrun";
	145	group = "wwwrun";
	146	permissions = "0400";
	147	text = let
	148	env = config.myEnv.tools.landing;
	149	in ''
	150	SetEnv PGUSER "${env.postgresql.user}"
	151	SetEnv PGPASSWORD "${env.postgresql.password}"
	152	SetEnv PGDATABASE "${env.postgresql.database}"
	153	SetEnv PGHOST "${env.postgresql.socket}"
	154	'';
	155	}; });
29f8cb85	156	services.websites.env.tools.modules =
1922655a IB	157	[ "proxy_fcgi" ]
1922655a IB	158	++ adminer.apache.modules
10889174 IB	159	++ ympd.apache.modules
10889174 IB	160	++ ttrss.apache.modules
133ebaee	161	++ wallabag.apache.modules
bfe3c9c9	162	++ yourls.apache.modules
95b20e17	163	++ rompr.apache.modules
b892dcbe	164	++ shaarli.apache.modules
f80772dc	165	++ dokuwiki.apache.modules
7df5e532	166	++ dmarc-reports.apache.modules
a8ef1adb	167	++ phpbb.apache.modules
d4ed0eff IB	168	++ ldap.apache.modules
d4ed0eff IB	169	++ kanboard.apache.modules;
10889174	170
1a64deeb IB	171	myServices.dns.zones."immae.dev" = with config.myServices.dns.helpers; {
	172	subdomains.tools = ips servers.eldiron.ips.integration;
	173	};
	174	security.acme.certs.integration.domain = "tools.immae.dev";
29f8cb85	175	services.websites.env.integration.vhostConfs.devtools = {
0f71cd76	176	certName = "integration";
7c5e6fe8	177	hosts = [ "tools.immae.dev" ];
41cce84a	178	root = "/var/lib/ftp/immae/devtools";
0f71cd76	179	extraConfig = [
0aae0181	180	''
41cce84a	181	Use Apaxy "/var/lib/ftp/immae/devtools" "title"
9338c832 IB	182	Timeout 600
9338c832 IB	183	ProxyTimeout 600
68c45ad5	184	Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
41cce84a	185	<Directory "/var/lib/ftp/immae/devtools">
0aae0181 IB	186	DirectoryIndex index.php index.htm index.html
	187	AllowOverride all
	188	Require all granted
	189	<FilesMatch "\.php$">
5400b9b6	190	SetHandler "proxy:unix:${pcfg.devtools.socket}\|fcgi://localhost"
0aae0181 IB	191	</FilesMatch>
	192	</Directory>
	193	''
46f30ecc IB	194	];
	195	};
	196
1a64deeb IB	197
1a64deeb IB	198	security.acme.certs.eldiron.extraDomainNames = [ "outils.immae.eu" "tools.immae.eu" ];
29f8cb85	199	services.websites.env.tools.vhostConfs.tools = {
10889174 IB	200	certName = "eldiron";
10889174 IB	201	hosts = ["tools.immae.eu" ];
a8ef1adb	202	root = landing;
10889174	203	extraConfig = [
1922655a	204	''
ea9c6fe8	205	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
afcc5de0	206	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
3f453c7d	207	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
afcc5de0	208
251c0a13	209	<Directory "${landing}">
1a64deeb	210	Include ${config.secrets.fullPaths."webapps/tools-landing-sql-rw"}
251c0a13 IB	211	DirectoryIndex index.html
	212	AllowOverride None
	213	Require all granted
	214
	215	<FilesMatch "\.php$">
	216	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	217	</FilesMatch>
	218	</Directory>
1922655a	219	''
5400b9b6	220	(adminer.apache.vhostConf pcfg.adminer.socket)
10889174	221	ympd.apache.vhostConf
5400b9b6 IB	222	(ttrss.apache.vhostConf pcfg.ttrss.socket)
	223	(wallabag.apache.vhostConf pcfg.wallabag.socket)
	224	(yourls.apache.vhostConf pcfg.yourls.socket)
	225	(rompr.apache.vhostConf pcfg.rompr.socket)
	226	(shaarli.apache.vhostConf pcfg.shaarli.socket)
	227	(dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
	228	(ldap.apache.vhostConf pcfg.ldap.socket)
	229	(kanboard.apache.vhostConf pcfg.kanboard.socket)
1a64deeb	230	(grocy'.apache.vhostConf pcfg.grocy.socket)
a8ef1adb	231	(phpbb.apache.vhostConf pcfg.phpbb.socket)
7df5e532	232	(dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
ea3b46ee	233	''
a9f52ec5 IB	234	<Location "/paste/">
	235	ProxyPass unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	236	ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	237	ProxyPreserveHost on
	238	</Location>
	239	<Location "/paste">
	240	ProxyPass unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	241	ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	242	ProxyPreserveHost on
	243	</Location>
251c0a13	244
1a64deeb IB	245	<Location "/ntfy/">
	246	SetEnv proxy-nokeepalive 1
	247	SetEnv proxy-sendchunked 1
	248	LimitRequestBody 102400
	249
	250	RewriteEngine On
	251
	252	# FIXME: why is landing prefixed in the url?
	253	RewriteCond %{HTTP:Upgrade} websocket [NC]
	254	RewriteCond %{HTTP:Connection} upgrade [NC]
	255	RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock\|ws://tools.immae.eu/$2 [P,NE,QSA,L]
	256
	257	RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock\|http://tools.immae.eu/$2 [P,NE,QSA,L]
	258	</Location>
cb589b2e IB	259	Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
cb589b2e IB	260	<Directory "/var/lib/buildbot/outputs/immae/bip39">
251c0a13 IB	261	DirectoryIndex index.html
	262	AllowOverride None
	263	Require all granted
	264	</Directory>
	265
da30ae4f IB	266	Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
da30ae4f IB	267	<Directory "${config.secrets.fullPaths."webapps/webhooks"}">
251c0a13	268	Options -Indexes
1a64deeb	269	DirectoryIndex index.php
251c0a13 IB	270	Require all granted
	271	AllowOverride None
	272	<FilesMatch "\.php$">
	273	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	274	</FilesMatch>
	275	</Directory>
ea3b46ee	276	''
10889174 IB	277	];
	278	};
	279
29f8cb85	280	services.websites.env.tools.vhostConfs.outils = {
7df420c2	281	certName = "eldiron";
0f71cd76	282	hosts = [ "outils.immae.eu" ];
7df420c2	283	root = null;
70606070 IB	284	extraConfig = [
	285	''
	286	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	287
	288	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	289
	290	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	291	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	292
	293	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	294	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	295	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	296	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	297
	298	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	299
afcc5de0 IB	300	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
afcc5de0 IB	301
3f453c7d IB	302	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
3f453c7d IB	303
ea9c6fe8 IB	304	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
ea9c6fe8 IB	305
70606070 IB	306	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	307	''
	308	];
	309	};
	310
f40f5b23 IB	311	systemd.services = {
	312	phpfpm-dokuwiki = {
	313	after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
	314	wants = dokuwiki.phpFpm.serviceDeps;
	315	};
a8ef1adb IB	316	phpfpm-phpbb = {
	317	after = lib.mkAfter phpbb.phpFpm.serviceDeps;
	318	wants = phpbb.phpFpm.serviceDeps;
	319	};
f40f5b23 IB	320	phpfpm-kanboard = {
	321	after = lib.mkAfter kanboard.phpFpm.serviceDeps;
	322	wants = kanboard.phpFpm.serviceDeps;
	323	};
	324	phpfpm-ldap = {
	325	after = lib.mkAfter ldap.phpFpm.serviceDeps;
	326	wants = ldap.phpFpm.serviceDeps;
	327	};
f40f5b23 IB	328	phpfpm-shaarli = {
	329	after = lib.mkAfter shaarli.phpFpm.serviceDeps;
	330	wants = shaarli.phpFpm.serviceDeps;
	331	};
	332	phpfpm-ttrss = {
	333	after = lib.mkAfter ttrss.phpFpm.serviceDeps;
	334	wants = ttrss.phpFpm.serviceDeps;
	335	};
	336	phpfpm-wallabag = {
	337	after = lib.mkAfter wallabag.phpFpm.serviceDeps;
	338	wants = wallabag.phpFpm.serviceDeps;
	339	preStart = lib.mkAfter wallabag.phpFpm.preStart;
	340	};
	341	phpfpm-yourls = {
	342	after = lib.mkAfter yourls.phpFpm.serviceDeps;
	343	wants = yourls.phpFpm.serviceDeps;
	344	};
1a64deeb IB	345	ntfy = {
	346	description = "send push notifications to your phone or desktop via scripts from any computer";
	347	wantedBy = [ "multi-user.target" ];
	348	serviceConfig = {
	349	ExecStart = "${pkgs.ntfy-sh}/bin/ntfy serve --listen-http '' --listen-unix %t/ntfy/ntfy.sock --cache-file %S/ntfy/cache.db --cache-duration 120h --behind-proxy --attachment-cache-dir %S/ntfy/attachments --base-url https://tools.immae.eu/ntfy";
	350	Type = "simple";
	351	WorkingDirectory = "%S/ntfy";
	352	RuntimeDirectory = "ntfy";
	353	StateDirectory = "ntfy";
	354	User = "wwwrun";
	355	};
	356	};
f40f5b23 IB	357	ympd = {
	358	description = "Standalone MPD Web GUI written in C";
	359	wantedBy = [ "multi-user.target" ];
	360	script = ''
da30ae4f	361	export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
f40f5b23 IB	362	${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
	363	'';
	364	};
	365	tt-rss = {
	366	description = "Tiny Tiny RSS feeds update daemon";
	367	serviceConfig = {
	368	User = "wwwrun";
dcac3ec7	369	ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
f40f5b23 IB	370	StandardOutput = "syslog";
	371	StandardError = "syslog";
	372	PermissionsStartOnly = true;
	373	};
	374
	375	wantedBy = [ "multi-user.target" ];
	376	requires = ["postgresql.service"];
	377	after = ["network.target" "postgresql.service"];
	378	};
	379	};
	380
17f6eae9 IB	381	services.filesWatcher.ympd = {
17f6eae9 IB	382	restart = true;
da30ae4f	383	paths = [ config.secrets.fullPaths."mpd" ];
17f6eae9 IB	384	};
17f6eae9 IB	385
441da8aa IB	386	services.phpfpm.pools = {
441da8aa IB	387	tools = {
5400b9b6 IB	388	user = "wwwrun";
	389	group = "wwwrun";
	390	settings = {
	391	"listen.owner" = "wwwrun";
	392	"listen.group" = "wwwrun";
	393	"pm" = "dynamic";
	394	"pm.max_children" = "60";
	395	"pm.start_servers" = "2";
	396	"pm.min_spare_servers" = "1";
	397	"pm.max_spare_servers" = "10";
f40f5b23	398
1a64deeb IB	399	"php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i";
	400	"php_admin_value[session.save_handler]" = "redis";
	401	"php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Tools:'";
5400b9b6 IB	402	# Needed to avoid clashes in browser cookies (same domain)
5400b9b6 IB	403	"php_value[session.name]" = "ToolsPHPSESSID";
251c0a13	404	"php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
a8ef1adb	405	"/run/wrappers/bin/sendmail" landing "/tmp"
da30ae4f	406	config.secrets.fullPaths."webapps/webhooks"
1a64deeb	407	"${webhooks-bin-env}/bin"
251c0a13 IB	408	];
	409	};
	410	phpEnv = {
	411	CONTACT_EMAIL = config.myEnv.tools.contact;
5400b9b6	412	};
1a64deeb	413	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]);
441da8aa IB	414	};
441da8aa IB	415	devtools = {
5400b9b6 IB	416	user = "wwwrun";
	417	group = "wwwrun";
	418	settings = {
	419	"listen.owner" = "wwwrun";
	420	"listen.group" = "wwwrun";
	421	"pm" = "dynamic";
	422	"pm.max_children" = "60";
	423	"pm.start_servers" = "2";
	424	"pm.min_spare_servers" = "1";
	425	"pm.max_spare_servers" = "10";
1922655a	426
1a64deeb IB	427	"php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i";
	428	"php_admin_value[session.save_handler]" = "redis";
	429	"php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Devtools:'";
41cce84a	430	"php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
5400b9b6	431	};
1a64deeb	432	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.sqlite3 all.redis all.apcu all.opcache ]);
441da8aa	433	};
5400b9b6	434	adminer = adminer.phpFpm;
441da8aa	435	ttrss = {
5400b9b6 IB	436	user = "wwwrun";
	437	group = "wwwrun";
	438	settings = ttrss.phpFpm.pool;
1a64deeb	439	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
441da8aa IB	440	};
441da8aa IB	441	wallabag = {
5400b9b6 IB	442	user = "wwwrun";
	443	group = "wwwrun";
	444	settings = wallabag.phpFpm.pool;
1a64deeb	445	phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy all.redis]);
441da8aa IB	446	};
441da8aa IB	447	yourls = {
5400b9b6 IB	448	user = "wwwrun";
	449	group = "wwwrun";
	450	settings = yourls.phpFpm.pool;
1a64deeb	451	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
441da8aa IB	452	};
441da8aa IB	453	rompr = {
5400b9b6 IB	454	user = "wwwrun";
	455	group = "wwwrun";
	456	settings = rompr.phpFpm.pool;
1a64deeb	457	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
441da8aa IB	458	};
441da8aa IB	459	shaarli = {
5400b9b6 IB	460	user = "wwwrun";
	461	group = "wwwrun";
	462	settings = shaarli.phpFpm.pool;
1a64deeb	463	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
441da8aa	464	};
7df5e532 IB	465	dmarc-reports = {
	466	user = "wwwrun";
	467	group = "wwwrun";
	468	settings = dmarc-reports.phpFpm.pool;
	469	phpEnv = dmarc-reports.phpFpm.phpEnv;
1a64deeb	470	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
7df5e532	471	};
441da8aa	472	dokuwiki = {
5400b9b6 IB	473	user = "wwwrun";
	474	group = "wwwrun";
	475	settings = dokuwiki.phpFpm.pool;
1a64deeb	476	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
441da8aa	477	};
a8ef1adb IB	478	phpbb = {
	479	user = "wwwrun";
	480	group = "wwwrun";
	481	settings = phpbb.phpFpm.pool;
1a64deeb	482	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
a8ef1adb	483	};
441da8aa	484	ldap = {
5400b9b6 IB	485	user = "wwwrun";
	486	group = "wwwrun";
	487	settings = ldap.phpFpm.pool;
1a64deeb	488	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
441da8aa IB	489	};
441da8aa IB	490	kanboard = {
5400b9b6 IB	491	user = "wwwrun";
	492	group = "wwwrun";
	493	settings = kanboard.phpFpm.pool;
1a64deeb	494	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
441da8aa IB	495	};
441da8aa IB	496	grocy = {
5400b9b6 IB	497	user = "wwwrun";
5400b9b6 IB	498	group = "wwwrun";
1a64deeb IB	499	settings = grocy'.phpFpm.pool;
1a64deeb IB	500	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
441da8aa	501	};
10889174 IB	502	};
	503
	504	system.activationScripts = {
1a64deeb	505	grocy = grocy'.activationScript;
10889174	506	ttrss = ttrss.activationScript;
aebd817b	507	wallabag = wallabag.activationScript;
bfe3c9c9	508	rompr = rompr.activationScript;
95b20e17	509	shaarli = shaarli.activationScript;
b892dcbe	510	dokuwiki = dokuwiki.activationScript;
a8ef1adb	511	phpbb = phpbb.activationScript;
d4ed0eff	512	kanboard = kanboard.activationScript;
10889174 IB	513	};
10889174 IB	514
29f8cb85	515	services.websites.env.tools.watchPaths = [
da30ae4f	516	config.secrets.fullPaths."webapps/tools-shaarli"
17f6eae9 IB	517	];
	518	services.filesWatcher.phpfpm-wallabag = {
	519	restart = true;
da30ae4f	520	paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
17f6eae9	521	};
ea3b46ee	522
1a64deeb IB	523	myServices.monitoring.fromMasterActivatedPlugins = lib.mkMerge [
	524	ttrss.monitoringPlugins
	525	rompr.monitoringPlugins
	526	wallabag.monitoringPlugins
	527	yourls.monitoringPlugins
	528	ympd.monitoringPlugins
	529	dokuwiki.monitoringPlugins
	530	shaarli.monitoringPlugins
	531	ldap.monitoringPlugins
	532	adminer.monitoringPlugins
	533	];
	534	myServices.monitoring.fromMasterObjects = lib.mkMerge [
	535	ttrss.monitoringObjects
	536	rompr.monitoringObjects
	537	wallabag.monitoringObjects
	538	yourls.monitoringObjects
	539	ympd.monitoringObjects
	540	dokuwiki.monitoringObjects
	541	shaarli.monitoringObjects
	542	ldap.monitoringObjects
	543	adminer.monitoringObjects
	544	];
10889174 IB	545	};
	546	}
	547