[perso/Immae/Config/Nix.git] / systems / eldiron / websites / tools / default.nix

{ lib, pkgs, config, mypackages-lib, grocy, ... }:
let
  composerEnv = mypackages-lib.composerEnv;
  adminer = pkgs.callPackage ./adminer.nix { inherit config; };
  ympd = pkgs.callPackage ./ympd.nix {
    env = config.myEnv.tools.ympd;
    inherit config;
  };
  ttrss = pkgs.callPackage ./ttrss.nix {
    ttrss = pkgs.webapps-ttrss;
    ttrss-plugins = pkgs.webapps-ttrss-plugins;
    env = config.myEnv.tools.ttrss;
    php = pkgs.php72;
    inherit config;
  };
  kanboard = pkgs.callPackage ./kanboard.nix  {
    inherit config;
    env = config.myEnv.tools.kanboard;
  };
  wallabag = pkgs.callPackage ./wallabag.nix {
    wallabag = pkgs.webapps-wallabag.override {
      composerEnv = composerEnv.override {
        php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
      };
    };
    env = config.myEnv.tools.wallabag;
    inherit config;
  };
  yourls = pkgs.callPackage ./yourls.nix {
    yourls = pkgs.webapps-yourls;
    yourls-plugins = pkgs.webapps-yourls-plugins;
    env = config.myEnv.tools.yourls;
    inherit config;
  };
  rompr = pkgs.callPackage ./rompr.nix {
    rompr = pkgs.webapps-rompr;
    env = config.myEnv.tools.rompr;
    inherit config;
  };
  shaarli = pkgs.callPackage ./shaarli.nix {
    env = config.myEnv.tools.shaarli;
    inherit config;
  };
  dokuwiki = pkgs.callPackage ./dokuwiki.nix {
    dokuwiki = pkgs.webapps-dokuwiki;
    dokuwiki-plugins = pkgs.webapps-dokuwiki-plugins;
    inherit config;
  };
  ldap = pkgs.callPackage ./ldap.nix {
    phpldapadmin = pkgs.webapps-phpldapadmin;
    env = config.myEnv.tools.phpldapadmin;
    inherit config;
  };
  grocy' = pkgs.callPackage ./grocy.nix {
    grocy = grocy.override { composerEnv = composerEnv.override { php = pkgs.php72; }; };
  };
  phpbb = pkgs.callPackage ./phpbb.nix {
    phpbb = (pkgs.webapps-phpbb.withLangs (l: [ l.fr ])).withExts (e: [
      e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
      e.empteintesduweb.monitoranswers e.lr94.autosubscribe
      e.phpbbmodders.adduser ]);
  };
  webhooks-bin-env = pkgs.buildEnv {
    name = "webhook-env";
    paths = [ pkgs.apprise ];
    pathsToLink = [ "/bin" ];
  };
  webhooks = pkgs.callPackage ./webhooks.nix {
    env = config.myEnv.tools.webhooks;
    binEnv = webhooks-bin-env;
  };
  dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
    env = config.myEnv.tools.dmarc_reports;
    inherit config;
  };

  landing = pkgs.callPackage ./landing.nix { };

  matrix = pkgs.element-web.override {
    conf = {
      default_server_config."m.homeserver" = {
        base_url = "https://immae.ems.host";
        server_name = "immae.eu";
      };
      default_server_config."m.identity_server" = {
        base_url = "https://vector.im";
      };
      room_directory.servers = [ "immae.eu" "matrix.org" ];
    };
  };

  cfg = config.myServices.websites.tools.tools;
  pcfg = config.services.phpfpm.pools;
in {
  options.myServices.websites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    # Services needing to send e-mails
    myServices.dns.zones."immae.eu".emailPolicies."tools".receive = true;
    myServices.dns.zones."immae.eu".subdomains =
      with config.myServices.dns.helpers;
      {
        outils = ips servers.eldiron.ips.main;
        tools  = lib.mkMerge [
          (mailCommon "immae.eu" true)
          mailSend
          (ips servers.eldiron.ips.main)
        ];
      };

    myServices.chatonsProperties.services = {
      adminer = adminer.chatonsProperties;
      dokuwiki = dokuwiki.chatonsProperties;
      shaarli = shaarli.chatonsProperties;
      ttrss = ttrss.chatonsProperties;
      wallabag = wallabag.chatonsProperties;
      paste = {
        file.datetime = "2022-08-22T00:15:00";
        service = {
          name = "Paste";
          description = "A simple paster script with syntax highlight";
          website = "https://tools.immae.eu/paste/";
          logo = "https://assets.immae.eu/logo.jpg";
          status.level = "OK";
          status.description = "OK";
          registration."" = ["MEMBER" "CLIENT"];
          registration.load = "OPEN";
          install.type = "PACKAGE";
          guide.user = "https://tools.immae.eu/paste/";
        };
        software = {
          name = "Paste";
          website = "https://tools.immae.eu/paste/";
          license.url = "https://tools.immae.eu/paste/license";
          license.name = "MIT License";
          version = "Unversioned";
          source.url = "https://tools.immae.eu/paste/abcd123/py";
        };
      };
    };
    myServices.chatonsProperties.hostings = {
      dokuwiki = dokuwiki.chatonsHostingProperties;
      phpbb = phpbb.chatonsHostingProperties;
    };
    secrets.keys =
      kanboard.keys
      // ldap.keys
      // shaarli.keys
      // ttrss.keys
      // wallabag.keys
      // yourls.keys
      // dmarc-reports.keys
      // webhooks.keys
      // ({ "webapps/tools-landing-sql-rw" = {
        user = "wwwrun";
        group = "wwwrun";
        permissions = "0400";
        text = let
          env = config.myEnv.tools.landing;
        in ''
          SetEnv PGUSER "${env.postgresql.user}"
          SetEnv PGPASSWORD "${env.postgresql.password}"
          SetEnv PGDATABASE "${env.postgresql.database}"
          SetEnv PGHOST "${env.postgresql.socket}"
        '';
      }; });
    services.websites.env.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ dmarc-reports.apache.modules
      ++ phpbb.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    myServices.dns.zones."immae.dev" = with config.myServices.dns.helpers; {
      subdomains.tools = ips servers.eldiron.ips.integration;
    };
    security.acme.certs.integration.domain = "tools.immae.dev";
    services.websites.env.integration.vhostConfs.devtools = {
      certName     = "integration";
      hosts        = [ "tools.immae.dev" ];
      root         = "/var/lib/ftp/immae/devtools";
      extraConfig  = [
        ''
          Use Apaxy "/var/lib/ftp/immae/devtools" "title"
          Timeout 600
          ProxyTimeout 600
          Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
          <Directory "/var/lib/ftp/immae/devtools">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
      ];
    };


    security.acme.certs.eldiron.extraDomainNames = [ "outils.immae.eu" "tools.immae.eu" ];
    services.websites.env.tools.vhostConfs.tools = {
      certName    = "eldiron";
      hosts       = ["tools.immae.eu" ];
      root        = landing;
      extraConfig = [
        ''
          RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1
          RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1
          RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

          <Directory "${landing}">
            Include ${config.secrets.fullPaths."webapps/tools-landing-sql-rw"}
            DirectoryIndex index.html
            AllowOverride None
            Require all granted

            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        (adminer.apache.vhostConf pcfg.adminer.socket)
        ympd.apache.vhostConf
        (ttrss.apache.vhostConf pcfg.ttrss.socket)
        (wallabag.apache.vhostConf pcfg.wallabag.socket)
        (yourls.apache.vhostConf pcfg.yourls.socket)
        (rompr.apache.vhostConf pcfg.rompr.socket)
        (shaarli.apache.vhostConf pcfg.shaarli.socket)
        (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
        (ldap.apache.vhostConf pcfg.ldap.socket)
        (kanboard.apache.vhostConf pcfg.kanboard.socket)
        (grocy'.apache.vhostConf pcfg.grocy.socket)
        (phpbb.apache.vhostConf pcfg.phpbb.socket)
        (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
        ''
          <Location "/paste/">
            ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPreserveHost on
          </Location>
          <Location "/paste">
            ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPreserveHost on
          </Location>

          <Location "/ntfy/">
            SetEnv proxy-nokeepalive 1
            SetEnv proxy-sendchunked 1
            LimitRequestBody 102400

            RewriteEngine On

            # FIXME: why is landing prefixed in the url?
            RewriteCond %{HTTP:Upgrade} websocket [NC]
            RewriteCond %{HTTP:Connection} upgrade [NC]
            RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|ws://tools.immae.eu/$2 [P,NE,QSA,L]

            RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|http://tools.immae.eu/$2 [P,NE,QSA,L]
          </Location>
          Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
          <Directory "/var/lib/buildbot/outputs/immae/bip39">
            DirectoryIndex index.html
            AllowOverride None
            Require all granted
          </Directory>

          Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
          <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
            Options -Indexes
            DirectoryIndex index.php
            Require all granted
            AllowOverride None
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>

          Alias /matrix ${matrix}
          <Directory "${matrix}">
            DirectoryIndex index.html
            AllowOverride None
            Require all granted
          </Directory>
        ''
      ];
    };

    services.websites.env.tools.vhostConfs.outils = {
      certName   = "eldiron";
      hosts      = [ "outils.immae.eu" ];
      root       = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1

        RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

        RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    systemd.services = {
      phpfpm-dokuwiki = {
        after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
        wants = dokuwiki.phpFpm.serviceDeps;
      };
      phpfpm-phpbb = {
        after = lib.mkAfter phpbb.phpFpm.serviceDeps;
        wants = phpbb.phpFpm.serviceDeps;
      };
      phpfpm-kanboard = {
        after = lib.mkAfter kanboard.phpFpm.serviceDeps;
        wants = kanboard.phpFpm.serviceDeps;
      };
      phpfpm-ldap = {
        after = lib.mkAfter ldap.phpFpm.serviceDeps;
        wants = ldap.phpFpm.serviceDeps;
      };
      phpfpm-shaarli = {
        after = lib.mkAfter shaarli.phpFpm.serviceDeps;
        wants = shaarli.phpFpm.serviceDeps;
      };
      phpfpm-ttrss = {
        after = lib.mkAfter ttrss.phpFpm.serviceDeps;
        wants = ttrss.phpFpm.serviceDeps;
      };
      phpfpm-wallabag = {
        after = lib.mkAfter wallabag.phpFpm.serviceDeps;
        wants = wallabag.phpFpm.serviceDeps;
        preStart = lib.mkAfter wallabag.phpFpm.preStart;
      };
      phpfpm-yourls = {
        after = lib.mkAfter yourls.phpFpm.serviceDeps;
        wants = yourls.phpFpm.serviceDeps;
      };
      ntfy = {
        description = "send push notifications to your phone or desktop via scripts from any computer";
        wantedBy = [ "multi-user.target" ];
        serviceConfig = {
          ExecStart = "${pkgs.ntfy-sh}/bin/ntfy serve --listen-http '' --listen-unix %t/ntfy/ntfy.sock --cache-file %S/ntfy/cache.db --cache-duration 120h --behind-proxy --attachment-cache-dir %S/ntfy/attachments --base-url https://tools.immae.eu/ntfy";
          Type = "simple";
          WorkingDirectory = "%S/ntfy";
          RuntimeDirectory = "ntfy";
          StateDirectory = "ntfy";
          User = "wwwrun";
        };
      };
      ympd = {
        description = "Standalone MPD Web GUI written in C";
        wantedBy = [ "multi-user.target" ];
        script = ''
          export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
          ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
          '';
      };
      tt-rss = {
        description = "Tiny Tiny RSS feeds update daemon";
        serviceConfig = {
          User = "wwwrun";
          ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
          StandardOutput = "syslog";
          StandardError = "syslog";
          PermissionsStartOnly = true;
        };

        wantedBy = [ "multi-user.target" ];
        requires = ["postgresql.service"];
        after = ["network.target" "postgresql.service"];
      };
    };

    services.filesWatcher.ympd = {
      restart = true;
      paths = [ config.secrets.fullPaths."mpd" ];
    };

    services.paste = {
      enable = true;
      webDirectory = "/paste";
    };

    services.phpfpm.pools = {
      tools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          "php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i";
          "php_admin_value[session.save_handler]" = "redis";
          "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Tools:'";
          # Needed to avoid clashes in browser cookies (same domain)
          "php_value[session.name]" = "ToolsPHPSESSID";
          "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
            "/run/wrappers/bin/sendmail" landing "/tmp"
            config.secrets.fullPaths."webapps/webhooks"
            "${webhooks-bin-env}/bin"
          ];
        };
        phpEnv = {
          CONTACT_EMAIL = config.myEnv.tools.contact;
        };
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]);
      };
      devtools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          "php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i";
          "php_admin_value[session.save_handler]" = "redis";
          "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Devtools:'";
          "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
        };
        phpPackage = pkgs.php82.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.sqlite3 all.redis all.apcu all.opcache ]);
      };
      adminer = adminer.phpFpm;
      ttrss = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ttrss.phpFpm.pool;
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
      };
      wallabag = {
        user = "wwwrun";
        group = "wwwrun";
        settings = wallabag.phpFpm.pool;
        phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy all.redis]);
      };
      yourls = {
        user = "wwwrun";
        group = "wwwrun";
        settings = yourls.phpFpm.pool;
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
      };
      rompr = {
        user = "wwwrun";
        group = "wwwrun";
        settings = rompr.phpFpm.pool;
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
      };
      shaarli = {
        user = "wwwrun";
        group = "wwwrun";
        settings = shaarli.phpFpm.pool;
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
      };
      dmarc-reports = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dmarc-reports.phpFpm.pool;
        phpEnv = dmarc-reports.phpFpm.phpEnv;
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
      };
      dokuwiki = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dokuwiki.phpFpm.pool;
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
      };
      phpbb = {
        user = "wwwrun";
        group = "wwwrun";
        settings = phpbb.phpFpm.pool;
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
      };
      ldap = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ldap.phpFpm.pool;
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
      };
      kanboard = {
        user = "wwwrun";
        group = "wwwrun";
        settings = kanboard.phpFpm.pool;
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
      };
      grocy = {
        user = "wwwrun";
        group = "wwwrun";
        settings = grocy'.phpFpm.pool;
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
      };
    };

    system.activationScripts = {
      grocy = grocy'.activationScript;
      ttrss = ttrss.activationScript;
      wallabag = wallabag.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      phpbb = phpbb.activationScript;
      kanboard = kanboard.activationScript;
    };

    services.websites.env.tools.watchPaths = [
      config.secrets.fullPaths."webapps/tools-shaarli"
    ];
    services.filesWatcher.phpfpm-wallabag = {
      restart = true;
      paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
    };

    myServices.monitoring.fromMasterActivatedPlugins = lib.mkMerge [
      ttrss.monitoringPlugins
      rompr.monitoringPlugins
      wallabag.monitoringPlugins
      yourls.monitoringPlugins
      ympd.monitoringPlugins
      dokuwiki.monitoringPlugins
      shaarli.monitoringPlugins
      ldap.monitoringPlugins
      adminer.monitoringPlugins
    ];
    myServices.monitoring.fromMasterObjects = lib.mkMerge [
      ttrss.monitoringObjects
      rompr.monitoringObjects
      wallabag.monitoringObjects
      yourls.monitoringObjects
      ympd.monitoringObjects
      dokuwiki.monitoringObjects
      shaarli.monitoringObjects
      ldap.monitoringObjects
      adminer.monitoringObjects
    ];
  };
}
Commit	Line	Data
1a64deeb	1	{ lib, pkgs, config, mypackages-lib, grocy, ... }:
10889174	2	let
1a64deeb IB	3	composerEnv = mypackages-lib.composerEnv;
1a64deeb IB	4	adminer = pkgs.callPackage ./adminer.nix { inherit config; };
4288c2f2	5	ympd = pkgs.callPackage ./ympd.nix {
ab8f306d	6	env = config.myEnv.tools.ympd;
1a64deeb	7	inherit config;
4288c2f2 IB	8	};
4288c2f2 IB	9	ttrss = pkgs.callPackage ./ttrss.nix {
1a64deeb IB	10	ttrss = pkgs.webapps-ttrss;
1a64deeb IB	11	ttrss-plugins = pkgs.webapps-ttrss-plugins;
ab8f306d	12	env = config.myEnv.tools.ttrss;
dcac3ec7	13	php = pkgs.php72;
da30ae4f	14	inherit config;
4288c2f2	15	};
4288c2f2	16	kanboard = pkgs.callPackage ./kanboard.nix {
da30ae4f	17	inherit config;
ab8f306d	18	env = config.myEnv.tools.kanboard;
4288c2f2 IB	19	};
4288c2f2 IB	20	wallabag = pkgs.callPackage ./wallabag.nix {
1a64deeb IB	21	wallabag = pkgs.webapps-wallabag.override {
1a64deeb IB	22	composerEnv = composerEnv.override {
2053ddac	23	php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
46c99b57 IB	24	};
46c99b57 IB	25	};
ab8f306d	26	env = config.myEnv.tools.wallabag;
da30ae4f	27	inherit config;
4288c2f2 IB	28	};
4288c2f2 IB	29	yourls = pkgs.callPackage ./yourls.nix {
1a64deeb IB	30	yourls = pkgs.webapps-yourls;
1a64deeb IB	31	yourls-plugins = pkgs.webapps-yourls-plugins;
ab8f306d	32	env = config.myEnv.tools.yourls;
da30ae4f	33	inherit config;
4288c2f2 IB	34	};
4288c2f2 IB	35	rompr = pkgs.callPackage ./rompr.nix {
1a64deeb	36	rompr = pkgs.webapps-rompr;
ab8f306d	37	env = config.myEnv.tools.rompr;
1a64deeb	38	inherit config;
4288c2f2 IB	39	};
4288c2f2 IB	40	shaarli = pkgs.callPackage ./shaarli.nix {
ab8f306d	41	env = config.myEnv.tools.shaarli;
da30ae4f	42	inherit config;
4288c2f2 IB	43	};
4288c2f2 IB	44	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
1a64deeb IB	45	dokuwiki = pkgs.webapps-dokuwiki;
	46	dokuwiki-plugins = pkgs.webapps-dokuwiki-plugins;
	47	inherit config;
4288c2f2 IB	48	};
4288c2f2 IB	49	ldap = pkgs.callPackage ./ldap.nix {
1a64deeb	50	phpldapadmin = pkgs.webapps-phpldapadmin;
ab8f306d	51	env = config.myEnv.tools.phpldapadmin;
da30ae4f	52	inherit config;
4288c2f2	53	};
1a64deeb IB	54	grocy' = pkgs.callPackage ./grocy.nix {
1a64deeb IB	55	grocy = grocy.override { composerEnv = composerEnv.override { php = pkgs.php72; }; };
c7627e14	56	};
a8ef1adb	57	phpbb = pkgs.callPackage ./phpbb.nix {
1a64deeb	58	phpbb = (pkgs.webapps-phpbb.withLangs (l: [ l.fr ])).withExts (e: [
a8ef1adb IB	59	e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
	60	e.empteintesduweb.monitoranswers e.lr94.autosubscribe
	61	e.phpbbmodders.adduser ]);
	62	};
1a64deeb IB	63	webhooks-bin-env = pkgs.buildEnv {
	64	name = "webhook-env";
	65	paths = [ pkgs.apprise ];
	66	pathsToLink = [ "/bin" ];
	67	};
251c0a13 IB	68	webhooks = pkgs.callPackage ./webhooks.nix {
251c0a13 IB	69	env = config.myEnv.tools.webhooks;
1a64deeb	70	binEnv = webhooks-bin-env;
251c0a13	71	};
7df5e532 IB	72	dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
7df5e532 IB	73	env = config.myEnv.tools.dmarc_reports;
da30ae4f	74	inherit config;
7df5e532	75	};
251c0a13	76
1a64deeb	77	landing = pkgs.callPackage ./landing.nix { };
10889174	78
3cc24358 IB	79	matrix = pkgs.element-web.override {
	80	conf = {
	81	default_server_config."m.homeserver" = {
	82	base_url = "https://immae.ems.host";
	83	server_name = "immae.eu";
	84	};
	85	default_server_config."m.identity_server" = {
	86	base_url = "https://vector.im";
	87	};
	88	room_directory.servers = [ "immae.eu" "matrix.org" ];
	89	};
	90	};
	91
4288c2f2	92	cfg = config.myServices.websites.tools.tools;
5400b9b6	93	pcfg = config.services.phpfpm.pools;
10889174	94	in {
4288c2f2	95	options.myServices.websites.tools.tools = {
10889174 IB	96	enable = lib.mkEnableOption "enable tools website";
	97	};
	98
	99	config = lib.mkIf cfg.enable {
1a64deeb IB	100	# Services needing to send e-mails
	101	myServices.dns.zones."immae.eu".emailPolicies."tools".receive = true;
	102	myServices.dns.zones."immae.eu".subdomains =
	103	with config.myServices.dns.helpers;
	104	{
	105	outils = ips servers.eldiron.ips.main;
	106	tools = lib.mkMerge [
97787a9d	107	(mailCommon "immae.eu" true)
1a64deeb IB	108	mailSend
	109	(ips servers.eldiron.ips.main)
	110	];
	111	};
	112
	113	myServices.chatonsProperties.services = {
	114	adminer = adminer.chatonsProperties;
	115	dokuwiki = dokuwiki.chatonsProperties;
	116	shaarli = shaarli.chatonsProperties;
	117	ttrss = ttrss.chatonsProperties;
	118	wallabag = wallabag.chatonsProperties;
	119	paste = {
	120	file.datetime = "2022-08-22T00:15:00";
	121	service = {
	122	name = "Paste";
	123	description = "A simple paster script with syntax highlight";
	124	website = "https://tools.immae.eu/paste/";
	125	logo = "https://assets.immae.eu/logo.jpg";
	126	status.level = "OK";
	127	status.description = "OK";
	128	registration."" = ["MEMBER" "CLIENT"];
	129	registration.load = "OPEN";
	130	install.type = "PACKAGE";
	131	guide.user = "https://tools.immae.eu/paste/";
	132	};
	133	software = {
	134	name = "Paste";
	135	website = "https://tools.immae.eu/paste/";
	136	license.url = "https://tools.immae.eu/paste/license";
	137	license.name = "MIT License";
	138	version = "Unversioned";
	139	source.url = "https://tools.immae.eu/paste/abcd123/py";
	140	};
	141	};
	142	};
	143	myServices.chatonsProperties.hostings = {
	144	dokuwiki = dokuwiki.chatonsHostingProperties;
	145	phpbb = phpbb.chatonsHostingProperties;
	146	};
1a718805	147	secrets.keys =
a840a21c	148	kanboard.keys
4c4652aa IB	149	// ldap.keys
	150	// shaarli.keys
	151	// ttrss.keys
	152	// wallabag.keys
	153	// yourls.keys
	154	// dmarc-reports.keys
1a64deeb IB	155	// webhooks.keys
	156	// ({ "webapps/tools-landing-sql-rw" = {
	157	user = "wwwrun";
	158	group = "wwwrun";
	159	permissions = "0400";
	160	text = let
	161	env = config.myEnv.tools.landing;
	162	in ''
	163	SetEnv PGUSER "${env.postgresql.user}"
	164	SetEnv PGPASSWORD "${env.postgresql.password}"
	165	SetEnv PGDATABASE "${env.postgresql.database}"
	166	SetEnv PGHOST "${env.postgresql.socket}"
	167	'';
	168	}; });
29f8cb85	169	services.websites.env.tools.modules =
1922655a IB	170	[ "proxy_fcgi" ]
1922655a IB	171	++ adminer.apache.modules
10889174 IB	172	++ ympd.apache.modules
10889174 IB	173	++ ttrss.apache.modules
133ebaee	174	++ wallabag.apache.modules
bfe3c9c9	175	++ yourls.apache.modules
95b20e17	176	++ rompr.apache.modules
b892dcbe	177	++ shaarli.apache.modules
f80772dc	178	++ dokuwiki.apache.modules
7df5e532	179	++ dmarc-reports.apache.modules
a8ef1adb	180	++ phpbb.apache.modules
d4ed0eff IB	181	++ ldap.apache.modules
d4ed0eff IB	182	++ kanboard.apache.modules;
10889174	183
1a64deeb IB	184	myServices.dns.zones."immae.dev" = with config.myServices.dns.helpers; {
	185	subdomains.tools = ips servers.eldiron.ips.integration;
	186	};
	187	security.acme.certs.integration.domain = "tools.immae.dev";
29f8cb85	188	services.websites.env.integration.vhostConfs.devtools = {
0f71cd76	189	certName = "integration";
7c5e6fe8	190	hosts = [ "tools.immae.dev" ];
41cce84a	191	root = "/var/lib/ftp/immae/devtools";
0f71cd76	192	extraConfig = [
0aae0181	193	''
41cce84a	194	Use Apaxy "/var/lib/ftp/immae/devtools" "title"
9338c832 IB	195	Timeout 600
9338c832 IB	196	ProxyTimeout 600
68c45ad5	197	Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
41cce84a	198	<Directory "/var/lib/ftp/immae/devtools">
0aae0181 IB	199	DirectoryIndex index.php index.htm index.html
	200	AllowOverride all
	201	Require all granted
	202	<FilesMatch "\.php$">
5400b9b6	203	SetHandler "proxy:unix:${pcfg.devtools.socket}\|fcgi://localhost"
0aae0181 IB	204	</FilesMatch>
	205	</Directory>
	206	''
46f30ecc IB	207	];
	208	};
	209
1a64deeb IB	210
1a64deeb IB	211	security.acme.certs.eldiron.extraDomainNames = [ "outils.immae.eu" "tools.immae.eu" ];
29f8cb85	212	services.websites.env.tools.vhostConfs.tools = {
10889174 IB	213	certName = "eldiron";
10889174 IB	214	hosts = ["tools.immae.eu" ];
a8ef1adb	215	root = landing;
10889174	216	extraConfig = [
1922655a	217	''
ea9c6fe8	218	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
afcc5de0	219	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
3f453c7d	220	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
afcc5de0	221
251c0a13	222	<Directory "${landing}">
1a64deeb	223	Include ${config.secrets.fullPaths."webapps/tools-landing-sql-rw"}
251c0a13 IB	224	DirectoryIndex index.html
	225	AllowOverride None
	226	Require all granted
	227
	228	<FilesMatch "\.php$">
	229	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	230	</FilesMatch>
	231	</Directory>
1922655a	232	''
5400b9b6	233	(adminer.apache.vhostConf pcfg.adminer.socket)
10889174	234	ympd.apache.vhostConf
5400b9b6 IB	235	(ttrss.apache.vhostConf pcfg.ttrss.socket)
	236	(wallabag.apache.vhostConf pcfg.wallabag.socket)
	237	(yourls.apache.vhostConf pcfg.yourls.socket)
	238	(rompr.apache.vhostConf pcfg.rompr.socket)
	239	(shaarli.apache.vhostConf pcfg.shaarli.socket)
	240	(dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
	241	(ldap.apache.vhostConf pcfg.ldap.socket)
	242	(kanboard.apache.vhostConf pcfg.kanboard.socket)
1a64deeb	243	(grocy'.apache.vhostConf pcfg.grocy.socket)
a8ef1adb	244	(phpbb.apache.vhostConf pcfg.phpbb.socket)
7df5e532	245	(dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
ea3b46ee	246	''
a9f52ec5 IB	247	<Location "/paste/">
	248	ProxyPass unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	249	ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	250	ProxyPreserveHost on
	251	</Location>
	252	<Location "/paste">
	253	ProxyPass unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	254	ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	255	ProxyPreserveHost on
	256	</Location>
251c0a13	257
1a64deeb IB	258	<Location "/ntfy/">
	259	SetEnv proxy-nokeepalive 1
	260	SetEnv proxy-sendchunked 1
	261	LimitRequestBody 102400
	262
	263	RewriteEngine On
	264
	265	# FIXME: why is landing prefixed in the url?
	266	RewriteCond %{HTTP:Upgrade} websocket [NC]
	267	RewriteCond %{HTTP:Connection} upgrade [NC]
	268	RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock\|ws://tools.immae.eu/$2 [P,NE,QSA,L]
	269
	270	RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock\|http://tools.immae.eu/$2 [P,NE,QSA,L]
	271	</Location>
cb589b2e IB	272	Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
cb589b2e IB	273	<Directory "/var/lib/buildbot/outputs/immae/bip39">
251c0a13 IB	274	DirectoryIndex index.html
	275	AllowOverride None
	276	Require all granted
	277	</Directory>
	278
da30ae4f IB	279	Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
da30ae4f IB	280	<Directory "${config.secrets.fullPaths."webapps/webhooks"}">
251c0a13	281	Options -Indexes
1a64deeb	282	DirectoryIndex index.php
251c0a13 IB	283	Require all granted
	284	AllowOverride None
	285	<FilesMatch "\.php$">
	286	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	287	</FilesMatch>
	288	</Directory>
3cc24358 IB	289
	290	Alias /matrix ${matrix}
	291	<Directory "${matrix}">
	292	DirectoryIndex index.html
	293	AllowOverride None
	294	Require all granted
	295	</Directory>
ea3b46ee	296	''
10889174 IB	297	];
	298	};
	299
29f8cb85	300	services.websites.env.tools.vhostConfs.outils = {
7df420c2	301	certName = "eldiron";
0f71cd76	302	hosts = [ "outils.immae.eu" ];
7df420c2	303	root = null;
70606070 IB	304	extraConfig = [
	305	''
	306	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	307
	308	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	309
	310	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	311	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	312
	313	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	314	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	315	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	316	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	317
	318	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	319
afcc5de0 IB	320	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
afcc5de0 IB	321
3f453c7d IB	322	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
3f453c7d IB	323
ea9c6fe8 IB	324	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
ea9c6fe8 IB	325
70606070 IB	326	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	327	''
	328	];
	329	};
	330
f40f5b23 IB	331	systemd.services = {
	332	phpfpm-dokuwiki = {
	333	after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
	334	wants = dokuwiki.phpFpm.serviceDeps;
	335	};
a8ef1adb IB	336	phpfpm-phpbb = {
	337	after = lib.mkAfter phpbb.phpFpm.serviceDeps;
	338	wants = phpbb.phpFpm.serviceDeps;
	339	};
f40f5b23 IB	340	phpfpm-kanboard = {
	341	after = lib.mkAfter kanboard.phpFpm.serviceDeps;
	342	wants = kanboard.phpFpm.serviceDeps;
	343	};
	344	phpfpm-ldap = {
	345	after = lib.mkAfter ldap.phpFpm.serviceDeps;
	346	wants = ldap.phpFpm.serviceDeps;
	347	};
f40f5b23 IB	348	phpfpm-shaarli = {
	349	after = lib.mkAfter shaarli.phpFpm.serviceDeps;
	350	wants = shaarli.phpFpm.serviceDeps;
	351	};
	352	phpfpm-ttrss = {
	353	after = lib.mkAfter ttrss.phpFpm.serviceDeps;
	354	wants = ttrss.phpFpm.serviceDeps;
	355	};
	356	phpfpm-wallabag = {
	357	after = lib.mkAfter wallabag.phpFpm.serviceDeps;
	358	wants = wallabag.phpFpm.serviceDeps;
	359	preStart = lib.mkAfter wallabag.phpFpm.preStart;
	360	};
	361	phpfpm-yourls = {
	362	after = lib.mkAfter yourls.phpFpm.serviceDeps;
	363	wants = yourls.phpFpm.serviceDeps;
	364	};
1a64deeb IB	365	ntfy = {
	366	description = "send push notifications to your phone or desktop via scripts from any computer";
	367	wantedBy = [ "multi-user.target" ];
	368	serviceConfig = {
	369	ExecStart = "${pkgs.ntfy-sh}/bin/ntfy serve --listen-http '' --listen-unix %t/ntfy/ntfy.sock --cache-file %S/ntfy/cache.db --cache-duration 120h --behind-proxy --attachment-cache-dir %S/ntfy/attachments --base-url https://tools.immae.eu/ntfy";
	370	Type = "simple";
	371	WorkingDirectory = "%S/ntfy";
	372	RuntimeDirectory = "ntfy";
	373	StateDirectory = "ntfy";
	374	User = "wwwrun";
	375	};
	376	};
f40f5b23 IB	377	ympd = {
	378	description = "Standalone MPD Web GUI written in C";
	379	wantedBy = [ "multi-user.target" ];
	380	script = ''
da30ae4f	381	export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
f40f5b23 IB	382	${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
	383	'';
	384	};
	385	tt-rss = {
	386	description = "Tiny Tiny RSS feeds update daemon";
	387	serviceConfig = {
	388	User = "wwwrun";
dcac3ec7	389	ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
f40f5b23 IB	390	StandardOutput = "syslog";
	391	StandardError = "syslog";
	392	PermissionsStartOnly = true;
	393	};
	394
	395	wantedBy = [ "multi-user.target" ];
	396	requires = ["postgresql.service"];
	397	after = ["network.target" "postgresql.service"];
	398	};
	399	};
	400
17f6eae9 IB	401	services.filesWatcher.ympd = {
17f6eae9 IB	402	restart = true;
da30ae4f	403	paths = [ config.secrets.fullPaths."mpd" ];
17f6eae9 IB	404	};
17f6eae9 IB	405
f8df6790 IB	406	services.paste = {
	407	enable = true;
	408	webDirectory = "/paste";
	409	};
	410
441da8aa IB	411	services.phpfpm.pools = {
441da8aa IB	412	tools = {
5400b9b6 IB	413	user = "wwwrun";
	414	group = "wwwrun";
	415	settings = {
	416	"listen.owner" = "wwwrun";
	417	"listen.group" = "wwwrun";
	418	"pm" = "dynamic";
	419	"pm.max_children" = "60";
	420	"pm.start_servers" = "2";
	421	"pm.min_spare_servers" = "1";
	422	"pm.max_spare_servers" = "10";
f40f5b23	423
1a64deeb IB	424	"php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i";
	425	"php_admin_value[session.save_handler]" = "redis";
	426	"php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Tools:'";
5400b9b6 IB	427	# Needed to avoid clashes in browser cookies (same domain)
5400b9b6 IB	428	"php_value[session.name]" = "ToolsPHPSESSID";
251c0a13	429	"php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
a8ef1adb	430	"/run/wrappers/bin/sendmail" landing "/tmp"
da30ae4f	431	config.secrets.fullPaths."webapps/webhooks"
1a64deeb	432	"${webhooks-bin-env}/bin"
251c0a13 IB	433	];
	434	};
	435	phpEnv = {
	436	CONTACT_EMAIL = config.myEnv.tools.contact;
5400b9b6	437	};
1a64deeb	438	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]);
441da8aa IB	439	};
441da8aa IB	440	devtools = {
5400b9b6 IB	441	user = "wwwrun";
	442	group = "wwwrun";
	443	settings = {
	444	"listen.owner" = "wwwrun";
	445	"listen.group" = "wwwrun";
	446	"pm" = "dynamic";
	447	"pm.max_children" = "60";
	448	"pm.start_servers" = "2";
	449	"pm.min_spare_servers" = "1";
	450	"pm.max_spare_servers" = "10";
1922655a	451
1a64deeb IB	452	"php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i";
	453	"php_admin_value[session.save_handler]" = "redis";
	454	"php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Devtools:'";
41cce84a	455	"php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
5400b9b6	456	};
736621e5	457	phpPackage = pkgs.php82.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.sqlite3 all.redis all.apcu all.opcache ]);
441da8aa	458	};
5400b9b6	459	adminer = adminer.phpFpm;
441da8aa	460	ttrss = {
5400b9b6 IB	461	user = "wwwrun";
	462	group = "wwwrun";
	463	settings = ttrss.phpFpm.pool;
1a64deeb	464	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
441da8aa IB	465	};
441da8aa IB	466	wallabag = {
5400b9b6 IB	467	user = "wwwrun";
	468	group = "wwwrun";
	469	settings = wallabag.phpFpm.pool;
1a64deeb	470	phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy all.redis]);
441da8aa IB	471	};
441da8aa IB	472	yourls = {
5400b9b6 IB	473	user = "wwwrun";
	474	group = "wwwrun";
	475	settings = yourls.phpFpm.pool;
1a64deeb	476	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
441da8aa IB	477	};
441da8aa IB	478	rompr = {
5400b9b6 IB	479	user = "wwwrun";
	480	group = "wwwrun";
	481	settings = rompr.phpFpm.pool;
1a64deeb	482	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
441da8aa IB	483	};
441da8aa IB	484	shaarli = {
5400b9b6 IB	485	user = "wwwrun";
	486	group = "wwwrun";
	487	settings = shaarli.phpFpm.pool;
1a64deeb	488	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
441da8aa	489	};
7df5e532 IB	490	dmarc-reports = {
	491	user = "wwwrun";
	492	group = "wwwrun";
	493	settings = dmarc-reports.phpFpm.pool;
	494	phpEnv = dmarc-reports.phpFpm.phpEnv;
1a64deeb	495	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
7df5e532	496	};
441da8aa	497	dokuwiki = {
5400b9b6 IB	498	user = "wwwrun";
	499	group = "wwwrun";
	500	settings = dokuwiki.phpFpm.pool;
1a64deeb	501	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
441da8aa	502	};
a8ef1adb IB	503	phpbb = {
	504	user = "wwwrun";
	505	group = "wwwrun";
	506	settings = phpbb.phpFpm.pool;
1a64deeb	507	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
a8ef1adb	508	};
441da8aa	509	ldap = {
5400b9b6 IB	510	user = "wwwrun";
	511	group = "wwwrun";
	512	settings = ldap.phpFpm.pool;
1a64deeb	513	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
441da8aa IB	514	};
441da8aa IB	515	kanboard = {
5400b9b6 IB	516	user = "wwwrun";
	517	group = "wwwrun";
	518	settings = kanboard.phpFpm.pool;
1a64deeb	519	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
441da8aa IB	520	};
441da8aa IB	521	grocy = {
5400b9b6 IB	522	user = "wwwrun";
5400b9b6 IB	523	group = "wwwrun";
1a64deeb IB	524	settings = grocy'.phpFpm.pool;
1a64deeb IB	525	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
441da8aa	526	};
10889174 IB	527	};
	528
	529	system.activationScripts = {
1a64deeb	530	grocy = grocy'.activationScript;
10889174	531	ttrss = ttrss.activationScript;
aebd817b	532	wallabag = wallabag.activationScript;
bfe3c9c9	533	rompr = rompr.activationScript;
95b20e17	534	shaarli = shaarli.activationScript;
b892dcbe	535	dokuwiki = dokuwiki.activationScript;
a8ef1adb	536	phpbb = phpbb.activationScript;
d4ed0eff	537	kanboard = kanboard.activationScript;
10889174 IB	538	};
10889174 IB	539
29f8cb85	540	services.websites.env.tools.watchPaths = [
da30ae4f	541	config.secrets.fullPaths."webapps/tools-shaarli"
17f6eae9 IB	542	];
	543	services.filesWatcher.phpfpm-wallabag = {
	544	restart = true;
da30ae4f	545	paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
17f6eae9	546	};
ea3b46ee	547
1a64deeb IB	548	myServices.monitoring.fromMasterActivatedPlugins = lib.mkMerge [
	549	ttrss.monitoringPlugins
	550	rompr.monitoringPlugins
	551	wallabag.monitoringPlugins
	552	yourls.monitoringPlugins
	553	ympd.monitoringPlugins
	554	dokuwiki.monitoringPlugins
	555	shaarli.monitoringPlugins
	556	ldap.monitoringPlugins
	557	adminer.monitoringPlugins
	558	];
	559	myServices.monitoring.fromMasterObjects = lib.mkMerge [
	560	ttrss.monitoringObjects
	561	rompr.monitoringObjects
	562	wallabag.monitoringObjects
	563	yourls.monitoringObjects
	564	ympd.monitoringObjects
	565	dokuwiki.monitoringObjects
	566	shaarli.monitoringObjects
	567	ldap.monitoringObjects
	568	adminer.monitoringObjects
	569	];
10889174 IB	570	};
	571	}
	572