[perso/Immae/Config/Nix.git] / systems / eldiron / websites / tools / default.nix

{ lib, pkgs, config, mypackages-lib, grocy, ... }:
let
  composerEnv = mypackages-lib.composerEnv;
  adminer = pkgs.callPackage ./adminer.nix { inherit config; };
  ympd = pkgs.callPackage ./ympd.nix {
    env = config.myEnv.tools.ympd;
    inherit config;
  };
  ttrss = pkgs.callPackage ./ttrss.nix {
    ttrss = pkgs.webapps-ttrss;
    ttrss-plugins = pkgs.webapps-ttrss-plugins;
    env = config.myEnv.tools.ttrss;
    php = pkgs.php72;
    inherit config;
  };
  kanboard = pkgs.callPackage ./kanboard.nix  {
    inherit config;
    env = config.myEnv.tools.kanboard;
  };
  wallabag = pkgs.callPackage ./wallabag.nix {
    wallabag = pkgs.webapps-wallabag.override {
      composerEnv = composerEnv.override {
        php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
      };
    };
    env = config.myEnv.tools.wallabag;
    inherit config;
  };
  yourls = pkgs.callPackage ./yourls.nix {
    yourls = pkgs.webapps-yourls;
    yourls-plugins = pkgs.webapps-yourls-plugins;
    env = config.myEnv.tools.yourls;
    inherit config;
  };
  rompr = pkgs.callPackage ./rompr.nix {
    rompr = pkgs.webapps-rompr;
    env = config.myEnv.tools.rompr;
    inherit config;
  };
  shaarli = pkgs.callPackage ./shaarli.nix {
    env = config.myEnv.tools.shaarli;
    inherit config;
  };
  dokuwiki = pkgs.callPackage ./dokuwiki.nix {
    dokuwiki = pkgs.webapps-dokuwiki;
    dokuwiki-plugins = pkgs.webapps-dokuwiki-plugins;
    inherit config;
  };
  ldap = pkgs.callPackage ./ldap.nix {
    phpldapadmin = pkgs.webapps-phpldapadmin;
    env = config.myEnv.tools.phpldapadmin;
    inherit config;
  };
  grocy' = pkgs.callPackage ./grocy.nix {
    grocy = grocy.override { composerEnv = composerEnv.override { php = pkgs.php72; }; };
  };
  phpbb = pkgs.callPackage ./phpbb.nix {
    phpbb = (pkgs.webapps-phpbb.withLangs (l: [ l.fr ])).withExts (e: [
      e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
      e.empteintesduweb.monitoranswers e.lr94.autosubscribe
      e.phpbbmodders.adduser ]);
  };
  webhooks-bin-env = pkgs.buildEnv {
    name = "webhook-env";
    paths = [ pkgs.apprise ];
    pathsToLink = [ "/bin" ];
  };
  webhooks = pkgs.callPackage ./webhooks.nix {
    env = config.myEnv.tools.webhooks;
    binEnv = webhooks-bin-env;
  };
  dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
    env = config.myEnv.tools.dmarc_reports;
    inherit config;
  };

  landing = pkgs.callPackage ./landing.nix { };

  cfg = config.myServices.websites.tools.tools;
  pcfg = config.services.phpfpm.pools;
in {
  options.myServices.websites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    # Services needing to send e-mails
    myServices.dns.zones."immae.eu".emailPolicies."tools".receive = true;
    myServices.dns.zones."immae.eu".subdomains =
      with config.myServices.dns.helpers;
      {
        outils = ips servers.eldiron.ips.main;
        tools  = lib.mkMerge [
          (mailCommon "immae.eu")
          mailSend
          (ips servers.eldiron.ips.main)
        ];
      };

    myServices.chatonsProperties.services = {
      adminer = adminer.chatonsProperties;
      dokuwiki = dokuwiki.chatonsProperties;
      shaarli = shaarli.chatonsProperties;
      ttrss = ttrss.chatonsProperties;
      wallabag = wallabag.chatonsProperties;
      paste = {
        file.datetime = "2022-08-22T00:15:00";
        service = {
          name = "Paste";
          description = "A simple paster script with syntax highlight";
          website = "https://tools.immae.eu/paste/";
          logo = "https://assets.immae.eu/logo.jpg";
          status.level = "OK";
          status.description = "OK";
          registration."" = ["MEMBER" "CLIENT"];
          registration.load = "OPEN";
          install.type = "PACKAGE";
          guide.user = "https://tools.immae.eu/paste/";
        };
        software = {
          name = "Paste";
          website = "https://tools.immae.eu/paste/";
          license.url = "https://tools.immae.eu/paste/license";
          license.name = "MIT License";
          version = "Unversioned";
          source.url = "https://tools.immae.eu/paste/abcd123/py";
        };
      };
    };
    myServices.chatonsProperties.hostings = {
      dokuwiki = dokuwiki.chatonsHostingProperties;
      phpbb = phpbb.chatonsHostingProperties;
    };
    secrets.keys =
      kanboard.keys
      // ldap.keys
      // shaarli.keys
      // ttrss.keys
      // wallabag.keys
      // yourls.keys
      // dmarc-reports.keys
      // webhooks.keys
      // ({ "webapps/tools-landing-sql-rw" = {
        user = "wwwrun";
        group = "wwwrun";
        permissions = "0400";
        text = let
          env = config.myEnv.tools.landing;
        in ''
          SetEnv PGUSER "${env.postgresql.user}"
          SetEnv PGPASSWORD "${env.postgresql.password}"
          SetEnv PGDATABASE "${env.postgresql.database}"
          SetEnv PGHOST "${env.postgresql.socket}"
        '';
      }; });
    services.websites.env.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ dmarc-reports.apache.modules
      ++ phpbb.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    myServices.dns.zones."immae.dev" = with config.myServices.dns.helpers; {
      subdomains.tools = ips servers.eldiron.ips.integration;
    };
    security.acme.certs.integration.domain = "tools.immae.dev";
    services.websites.env.integration.vhostConfs.devtools = {
      certName     = "integration";
      hosts        = [ "tools.immae.dev" ];
      root         = "/var/lib/ftp/immae/devtools";
      extraConfig  = [
        ''
          Use Apaxy "/var/lib/ftp/immae/devtools" "title"
          Timeout 600
          ProxyTimeout 600
          Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
          <Directory "/var/lib/ftp/immae/devtools">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
      ];
    };


    security.acme.certs.eldiron.extraDomainNames = [ "outils.immae.eu" "tools.immae.eu" ];
    services.websites.env.tools.vhostConfs.tools = {
      certName    = "eldiron";
      hosts       = ["tools.immae.eu" ];
      root        = landing;
      extraConfig = [
        ''
          RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1
          RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1
          RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

          <Directory "${landing}">
            Include ${config.secrets.fullPaths."webapps/tools-landing-sql-rw"}
            DirectoryIndex index.html
            AllowOverride None
            Require all granted

            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        (adminer.apache.vhostConf pcfg.adminer.socket)
        ympd.apache.vhostConf
        (ttrss.apache.vhostConf pcfg.ttrss.socket)
        (wallabag.apache.vhostConf pcfg.wallabag.socket)
        (yourls.apache.vhostConf pcfg.yourls.socket)
        (rompr.apache.vhostConf pcfg.rompr.socket)
        (shaarli.apache.vhostConf pcfg.shaarli.socket)
        (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
        (ldap.apache.vhostConf pcfg.ldap.socket)
        (kanboard.apache.vhostConf pcfg.kanboard.socket)
        (grocy'.apache.vhostConf pcfg.grocy.socket)
        (phpbb.apache.vhostConf pcfg.phpbb.socket)
        (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
        ''
          <Location "/paste/">
            ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPreserveHost on
          </Location>
          <Location "/paste">
            ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPreserveHost on
          </Location>

          <Location "/ntfy/">
            SetEnv proxy-nokeepalive 1
            SetEnv proxy-sendchunked 1
            LimitRequestBody 102400

            RewriteEngine On

            # FIXME: why is landing prefixed in the url?
            RewriteCond %{HTTP:Upgrade} websocket [NC]
            RewriteCond %{HTTP:Connection} upgrade [NC]
            RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|ws://tools.immae.eu/$2 [P,NE,QSA,L]

            RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|http://tools.immae.eu/$2 [P,NE,QSA,L]
          </Location>
          Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
          <Directory "/var/lib/buildbot/outputs/immae/bip39">
            DirectoryIndex index.html
            AllowOverride None
            Require all granted
          </Directory>

          Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
          <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
            Options -Indexes
            DirectoryIndex index.php
            Require all granted
            AllowOverride None
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
        ''
      ];
    };

    services.websites.env.tools.vhostConfs.outils = {
      certName   = "eldiron";
      hosts      = [ "outils.immae.eu" ];
      root       = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1

        RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

        RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    systemd.services = {
      phpfpm-dokuwiki = {
        after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
        wants = dokuwiki.phpFpm.serviceDeps;
      };
      phpfpm-phpbb = {
        after = lib.mkAfter phpbb.phpFpm.serviceDeps;
        wants = phpbb.phpFpm.serviceDeps;
      };
      phpfpm-kanboard = {
        after = lib.mkAfter kanboard.phpFpm.serviceDeps;
        wants = kanboard.phpFpm.serviceDeps;
      };
      phpfpm-ldap = {
        after = lib.mkAfter ldap.phpFpm.serviceDeps;
        wants = ldap.phpFpm.serviceDeps;
      };
      phpfpm-shaarli = {
        after = lib.mkAfter shaarli.phpFpm.serviceDeps;
        wants = shaarli.phpFpm.serviceDeps;
      };
      phpfpm-ttrss = {
        after = lib.mkAfter ttrss.phpFpm.serviceDeps;
        wants = ttrss.phpFpm.serviceDeps;
      };
      phpfpm-wallabag = {
        after = lib.mkAfter wallabag.phpFpm.serviceDeps;
        wants = wallabag.phpFpm.serviceDeps;
        preStart = lib.mkAfter wallabag.phpFpm.preStart;
      };
      phpfpm-yourls = {
        after = lib.mkAfter yourls.phpFpm.serviceDeps;
        wants = yourls.phpFpm.serviceDeps;
      };
      ntfy = {
        description = "send push notifications to your phone or desktop via scripts from any computer";
        wantedBy = [ "multi-user.target" ];
        serviceConfig = {
          ExecStart = "${pkgs.ntfy-sh}/bin/ntfy serve --listen-http '' --listen-unix %t/ntfy/ntfy.sock --cache-file %S/ntfy/cache.db --cache-duration 120h --behind-proxy --attachment-cache-dir %S/ntfy/attachments --base-url https://tools.immae.eu/ntfy";
          Type = "simple";
          WorkingDirectory = "%S/ntfy";
          RuntimeDirectory = "ntfy";
          StateDirectory = "ntfy";
          User = "wwwrun";
        };
      };
      ympd = {
        description = "Standalone MPD Web GUI written in C";
        wantedBy = [ "multi-user.target" ];
        script = ''
          export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
          ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
          '';
      };
      tt-rss = {
        description = "Tiny Tiny RSS feeds update daemon";
        serviceConfig = {
          User = "wwwrun";
          ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
          StandardOutput = "syslog";
          StandardError = "syslog";
          PermissionsStartOnly = true;
        };

        wantedBy = [ "multi-user.target" ];
        requires = ["postgresql.service"];
        after = ["network.target" "postgresql.service"];
      };
    };

    services.filesWatcher.ympd = {
      restart = true;
      paths = [ config.secrets.fullPaths."mpd" ];
    };

    services.paste = {
      enable = true;
      webDirectory = "/paste";
    };

    services.phpfpm.pools = {
      tools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          "php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i";
          "php_admin_value[session.save_handler]" = "redis";
          "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Tools:'";
          # Needed to avoid clashes in browser cookies (same domain)
          "php_value[session.name]" = "ToolsPHPSESSID";
          "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
            "/run/wrappers/bin/sendmail" landing "/tmp"
            config.secrets.fullPaths."webapps/webhooks"
            "${webhooks-bin-env}/bin"
          ];
        };
        phpEnv = {
          CONTACT_EMAIL = config.myEnv.tools.contact;
        };
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]);
      };
      devtools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          "php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i";
          "php_admin_value[session.save_handler]" = "redis";
          "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Devtools:'";
          "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
        };
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.sqlite3 all.redis all.apcu all.opcache ]);
      };
      adminer = adminer.phpFpm;
      ttrss = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ttrss.phpFpm.pool;
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
      };
      wallabag = {
        user = "wwwrun";
        group = "wwwrun";
        settings = wallabag.phpFpm.pool;
        phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy all.redis]);
      };
      yourls = {
        user = "wwwrun";
        group = "wwwrun";
        settings = yourls.phpFpm.pool;
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
      };
      rompr = {
        user = "wwwrun";
        group = "wwwrun";
        settings = rompr.phpFpm.pool;
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
      };
      shaarli = {
        user = "wwwrun";
        group = "wwwrun";
        settings = shaarli.phpFpm.pool;
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
      };
      dmarc-reports = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dmarc-reports.phpFpm.pool;
        phpEnv = dmarc-reports.phpFpm.phpEnv;
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
      };
      dokuwiki = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dokuwiki.phpFpm.pool;
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
      };
      phpbb = {
        user = "wwwrun";
        group = "wwwrun";
        settings = phpbb.phpFpm.pool;
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
      };
      ldap = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ldap.phpFpm.pool;
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
      };
      kanboard = {
        user = "wwwrun";
        group = "wwwrun";
        settings = kanboard.phpFpm.pool;
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
      };
      grocy = {
        user = "wwwrun";
        group = "wwwrun";
        settings = grocy'.phpFpm.pool;
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
      };
    };

    system.activationScripts = {
      grocy = grocy'.activationScript;
      ttrss = ttrss.activationScript;
      wallabag = wallabag.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      phpbb = phpbb.activationScript;
      kanboard = kanboard.activationScript;
    };

    services.websites.env.tools.watchPaths = [
      config.secrets.fullPaths."webapps/tools-shaarli"
    ];
    services.filesWatcher.phpfpm-wallabag = {
      restart = true;
      paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
    };

    myServices.monitoring.fromMasterActivatedPlugins = lib.mkMerge [
      ttrss.monitoringPlugins
      rompr.monitoringPlugins
      wallabag.monitoringPlugins
      yourls.monitoringPlugins
      ympd.monitoringPlugins
      dokuwiki.monitoringPlugins
      shaarli.monitoringPlugins
      ldap.monitoringPlugins
      adminer.monitoringPlugins
    ];
    myServices.monitoring.fromMasterObjects = lib.mkMerge [
      ttrss.monitoringObjects
      rompr.monitoringObjects
      wallabag.monitoringObjects
      yourls.monitoringObjects
      ympd.monitoringObjects
      dokuwiki.monitoringObjects
      shaarli.monitoringObjects
      ldap.monitoringObjects
      adminer.monitoringObjects
    ];
  };
}
Commit	Line	Data
1a64deeb	1	{ lib, pkgs, config, mypackages-lib, grocy, ... }:
10889174	2	let
1a64deeb IB	3	composerEnv = mypackages-lib.composerEnv;
1a64deeb IB	4	adminer = pkgs.callPackage ./adminer.nix { inherit config; };
4288c2f2	5	ympd = pkgs.callPackage ./ympd.nix {
ab8f306d	6	env = config.myEnv.tools.ympd;
1a64deeb	7	inherit config;
4288c2f2 IB	8	};
4288c2f2 IB	9	ttrss = pkgs.callPackage ./ttrss.nix {
1a64deeb IB	10	ttrss = pkgs.webapps-ttrss;
1a64deeb IB	11	ttrss-plugins = pkgs.webapps-ttrss-plugins;
ab8f306d	12	env = config.myEnv.tools.ttrss;
dcac3ec7	13	php = pkgs.php72;
da30ae4f	14	inherit config;
4288c2f2	15	};
4288c2f2	16	kanboard = pkgs.callPackage ./kanboard.nix {
da30ae4f	17	inherit config;
ab8f306d	18	env = config.myEnv.tools.kanboard;
4288c2f2 IB	19	};
4288c2f2 IB	20	wallabag = pkgs.callPackage ./wallabag.nix {
1a64deeb IB	21	wallabag = pkgs.webapps-wallabag.override {
1a64deeb IB	22	composerEnv = composerEnv.override {
2053ddac	23	php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
46c99b57 IB	24	};
46c99b57 IB	25	};
ab8f306d	26	env = config.myEnv.tools.wallabag;
da30ae4f	27	inherit config;
4288c2f2 IB	28	};
4288c2f2 IB	29	yourls = pkgs.callPackage ./yourls.nix {
1a64deeb IB	30	yourls = pkgs.webapps-yourls;
1a64deeb IB	31	yourls-plugins = pkgs.webapps-yourls-plugins;
ab8f306d	32	env = config.myEnv.tools.yourls;
da30ae4f	33	inherit config;
4288c2f2 IB	34	};
4288c2f2 IB	35	rompr = pkgs.callPackage ./rompr.nix {
1a64deeb	36	rompr = pkgs.webapps-rompr;
ab8f306d	37	env = config.myEnv.tools.rompr;
1a64deeb	38	inherit config;
4288c2f2 IB	39	};
4288c2f2 IB	40	shaarli = pkgs.callPackage ./shaarli.nix {
ab8f306d	41	env = config.myEnv.tools.shaarli;
da30ae4f	42	inherit config;
4288c2f2 IB	43	};
4288c2f2 IB	44	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
1a64deeb IB	45	dokuwiki = pkgs.webapps-dokuwiki;
	46	dokuwiki-plugins = pkgs.webapps-dokuwiki-plugins;
	47	inherit config;
4288c2f2 IB	48	};
4288c2f2 IB	49	ldap = pkgs.callPackage ./ldap.nix {
1a64deeb	50	phpldapadmin = pkgs.webapps-phpldapadmin;
ab8f306d	51	env = config.myEnv.tools.phpldapadmin;
da30ae4f	52	inherit config;
4288c2f2	53	};
1a64deeb IB	54	grocy' = pkgs.callPackage ./grocy.nix {
1a64deeb IB	55	grocy = grocy.override { composerEnv = composerEnv.override { php = pkgs.php72; }; };
c7627e14	56	};
a8ef1adb	57	phpbb = pkgs.callPackage ./phpbb.nix {
1a64deeb	58	phpbb = (pkgs.webapps-phpbb.withLangs (l: [ l.fr ])).withExts (e: [
a8ef1adb IB	59	e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
	60	e.empteintesduweb.monitoranswers e.lr94.autosubscribe
	61	e.phpbbmodders.adduser ]);
	62	};
1a64deeb IB	63	webhooks-bin-env = pkgs.buildEnv {
	64	name = "webhook-env";
	65	paths = [ pkgs.apprise ];
	66	pathsToLink = [ "/bin" ];
	67	};
251c0a13 IB	68	webhooks = pkgs.callPackage ./webhooks.nix {
251c0a13 IB	69	env = config.myEnv.tools.webhooks;
1a64deeb	70	binEnv = webhooks-bin-env;
251c0a13	71	};
7df5e532 IB	72	dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
7df5e532 IB	73	env = config.myEnv.tools.dmarc_reports;
da30ae4f	74	inherit config;
7df5e532	75	};
251c0a13	76
1a64deeb	77	landing = pkgs.callPackage ./landing.nix { };
10889174	78
4288c2f2	79	cfg = config.myServices.websites.tools.tools;
5400b9b6	80	pcfg = config.services.phpfpm.pools;
10889174	81	in {
4288c2f2	82	options.myServices.websites.tools.tools = {
10889174 IB	83	enable = lib.mkEnableOption "enable tools website";
	84	};
	85
	86	config = lib.mkIf cfg.enable {
1a64deeb IB	87	# Services needing to send e-mails
	88	myServices.dns.zones."immae.eu".emailPolicies."tools".receive = true;
	89	myServices.dns.zones."immae.eu".subdomains =
	90	with config.myServices.dns.helpers;
	91	{
	92	outils = ips servers.eldiron.ips.main;
	93	tools = lib.mkMerge [
	94	(mailCommon "immae.eu")
	95	mailSend
	96	(ips servers.eldiron.ips.main)
	97	];
	98	};
	99
	100	myServices.chatonsProperties.services = {
	101	adminer = adminer.chatonsProperties;
	102	dokuwiki = dokuwiki.chatonsProperties;
	103	shaarli = shaarli.chatonsProperties;
	104	ttrss = ttrss.chatonsProperties;
	105	wallabag = wallabag.chatonsProperties;
	106	paste = {
	107	file.datetime = "2022-08-22T00:15:00";
	108	service = {
	109	name = "Paste";
	110	description = "A simple paster script with syntax highlight";
	111	website = "https://tools.immae.eu/paste/";
	112	logo = "https://assets.immae.eu/logo.jpg";
	113	status.level = "OK";
	114	status.description = "OK";
	115	registration."" = ["MEMBER" "CLIENT"];
	116	registration.load = "OPEN";
	117	install.type = "PACKAGE";
	118	guide.user = "https://tools.immae.eu/paste/";
	119	};
	120	software = {
	121	name = "Paste";
	122	website = "https://tools.immae.eu/paste/";
	123	license.url = "https://tools.immae.eu/paste/license";
	124	license.name = "MIT License";
	125	version = "Unversioned";
	126	source.url = "https://tools.immae.eu/paste/abcd123/py";
	127	};
	128	};
	129	};
	130	myServices.chatonsProperties.hostings = {
	131	dokuwiki = dokuwiki.chatonsHostingProperties;
	132	phpbb = phpbb.chatonsHostingProperties;
	133	};
1a718805	134	secrets.keys =
a840a21c	135	kanboard.keys
4c4652aa IB	136	// ldap.keys
	137	// shaarli.keys
	138	// ttrss.keys
	139	// wallabag.keys
	140	// yourls.keys
	141	// dmarc-reports.keys
1a64deeb IB	142	// webhooks.keys
	143	// ({ "webapps/tools-landing-sql-rw" = {
	144	user = "wwwrun";
	145	group = "wwwrun";
	146	permissions = "0400";
	147	text = let
	148	env = config.myEnv.tools.landing;
	149	in ''
	150	SetEnv PGUSER "${env.postgresql.user}"
	151	SetEnv PGPASSWORD "${env.postgresql.password}"
	152	SetEnv PGDATABASE "${env.postgresql.database}"
	153	SetEnv PGHOST "${env.postgresql.socket}"
	154	'';
	155	}; });
29f8cb85	156	services.websites.env.tools.modules =
1922655a IB	157	[ "proxy_fcgi" ]
1922655a IB	158	++ adminer.apache.modules
10889174 IB	159	++ ympd.apache.modules
10889174 IB	160	++ ttrss.apache.modules
133ebaee	161	++ wallabag.apache.modules
bfe3c9c9	162	++ yourls.apache.modules
95b20e17	163	++ rompr.apache.modules
b892dcbe	164	++ shaarli.apache.modules
f80772dc	165	++ dokuwiki.apache.modules
7df5e532	166	++ dmarc-reports.apache.modules
a8ef1adb	167	++ phpbb.apache.modules
d4ed0eff IB	168	++ ldap.apache.modules
d4ed0eff IB	169	++ kanboard.apache.modules;
10889174	170
1a64deeb IB	171	myServices.dns.zones."immae.dev" = with config.myServices.dns.helpers; {
	172	subdomains.tools = ips servers.eldiron.ips.integration;
	173	};
	174	security.acme.certs.integration.domain = "tools.immae.dev";
29f8cb85	175	services.websites.env.integration.vhostConfs.devtools = {
0f71cd76	176	certName = "integration";
7c5e6fe8	177	hosts = [ "tools.immae.dev" ];
41cce84a	178	root = "/var/lib/ftp/immae/devtools";
0f71cd76	179	extraConfig = [
0aae0181	180	''
41cce84a	181	Use Apaxy "/var/lib/ftp/immae/devtools" "title"
9338c832 IB	182	Timeout 600
9338c832 IB	183	ProxyTimeout 600
68c45ad5	184	Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
41cce84a	185	<Directory "/var/lib/ftp/immae/devtools">
0aae0181 IB	186	DirectoryIndex index.php index.htm index.html
	187	AllowOverride all
	188	Require all granted
	189	<FilesMatch "\.php$">
5400b9b6	190	SetHandler "proxy:unix:${pcfg.devtools.socket}\|fcgi://localhost"
0aae0181 IB	191	</FilesMatch>
	192	</Directory>
	193	''
46f30ecc IB	194	];
	195	};
	196
1a64deeb IB	197
1a64deeb IB	198	security.acme.certs.eldiron.extraDomainNames = [ "outils.immae.eu" "tools.immae.eu" ];
29f8cb85	199	services.websites.env.tools.vhostConfs.tools = {
10889174 IB	200	certName = "eldiron";
10889174 IB	201	hosts = ["tools.immae.eu" ];
a8ef1adb	202	root = landing;
10889174	203	extraConfig = [
1922655a	204	''
ea9c6fe8	205	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
afcc5de0	206	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
3f453c7d	207	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
afcc5de0	208
251c0a13	209	<Directory "${landing}">
1a64deeb	210	Include ${config.secrets.fullPaths."webapps/tools-landing-sql-rw"}
251c0a13 IB	211	DirectoryIndex index.html
	212	AllowOverride None
	213	Require all granted
	214
	215	<FilesMatch "\.php$">
	216	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	217	</FilesMatch>
	218	</Directory>
1922655a	219	''
5400b9b6	220	(adminer.apache.vhostConf pcfg.adminer.socket)
10889174	221	ympd.apache.vhostConf
5400b9b6 IB	222	(ttrss.apache.vhostConf pcfg.ttrss.socket)
	223	(wallabag.apache.vhostConf pcfg.wallabag.socket)
	224	(yourls.apache.vhostConf pcfg.yourls.socket)
	225	(rompr.apache.vhostConf pcfg.rompr.socket)
	226	(shaarli.apache.vhostConf pcfg.shaarli.socket)
	227	(dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
	228	(ldap.apache.vhostConf pcfg.ldap.socket)
	229	(kanboard.apache.vhostConf pcfg.kanboard.socket)
1a64deeb	230	(grocy'.apache.vhostConf pcfg.grocy.socket)
a8ef1adb	231	(phpbb.apache.vhostConf pcfg.phpbb.socket)
7df5e532	232	(dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
ea3b46ee	233	''
a9f52ec5 IB	234	<Location "/paste/">
	235	ProxyPass unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	236	ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	237	ProxyPreserveHost on
	238	</Location>
	239	<Location "/paste">
	240	ProxyPass unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	241	ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	242	ProxyPreserveHost on
	243	</Location>
251c0a13	244
1a64deeb IB	245	<Location "/ntfy/">
	246	SetEnv proxy-nokeepalive 1
	247	SetEnv proxy-sendchunked 1
	248	LimitRequestBody 102400
	249
	250	RewriteEngine On
	251
	252	# FIXME: why is landing prefixed in the url?
	253	RewriteCond %{HTTP:Upgrade} websocket [NC]
	254	RewriteCond %{HTTP:Connection} upgrade [NC]
	255	RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock\|ws://tools.immae.eu/$2 [P,NE,QSA,L]
	256
	257	RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock\|http://tools.immae.eu/$2 [P,NE,QSA,L]
	258	</Location>
cb589b2e IB	259	Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
cb589b2e IB	260	<Directory "/var/lib/buildbot/outputs/immae/bip39">
251c0a13 IB	261	DirectoryIndex index.html
	262	AllowOverride None
	263	Require all granted
	264	</Directory>
	265
da30ae4f IB	266	Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
da30ae4f IB	267	<Directory "${config.secrets.fullPaths."webapps/webhooks"}">
251c0a13	268	Options -Indexes
1a64deeb	269	DirectoryIndex index.php
251c0a13 IB	270	Require all granted
	271	AllowOverride None
	272	<FilesMatch "\.php$">
	273	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	274	</FilesMatch>
	275	</Directory>
ea3b46ee	276	''
10889174 IB	277	];
	278	};
	279
29f8cb85	280	services.websites.env.tools.vhostConfs.outils = {
7df420c2	281	certName = "eldiron";
0f71cd76	282	hosts = [ "outils.immae.eu" ];
7df420c2	283	root = null;
70606070 IB	284	extraConfig = [
	285	''
	286	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	287
	288	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	289
	290	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	291	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	292
	293	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	294	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	295	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	296	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	297
	298	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	299
afcc5de0 IB	300	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
afcc5de0 IB	301
3f453c7d IB	302	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
3f453c7d IB	303
ea9c6fe8 IB	304	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
ea9c6fe8 IB	305
70606070 IB	306	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	307	''
	308	];
	309	};
	310
f40f5b23 IB	311	systemd.services = {
	312	phpfpm-dokuwiki = {
	313	after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
	314	wants = dokuwiki.phpFpm.serviceDeps;
	315	};
a8ef1adb IB	316	phpfpm-phpbb = {
	317	after = lib.mkAfter phpbb.phpFpm.serviceDeps;
	318	wants = phpbb.phpFpm.serviceDeps;
	319	};
f40f5b23 IB	320	phpfpm-kanboard = {
	321	after = lib.mkAfter kanboard.phpFpm.serviceDeps;
	322	wants = kanboard.phpFpm.serviceDeps;
	323	};
	324	phpfpm-ldap = {
	325	after = lib.mkAfter ldap.phpFpm.serviceDeps;
	326	wants = ldap.phpFpm.serviceDeps;
	327	};
f40f5b23 IB	328	phpfpm-shaarli = {
	329	after = lib.mkAfter shaarli.phpFpm.serviceDeps;
	330	wants = shaarli.phpFpm.serviceDeps;
	331	};
	332	phpfpm-ttrss = {
	333	after = lib.mkAfter ttrss.phpFpm.serviceDeps;
	334	wants = ttrss.phpFpm.serviceDeps;
	335	};
	336	phpfpm-wallabag = {
	337	after = lib.mkAfter wallabag.phpFpm.serviceDeps;
	338	wants = wallabag.phpFpm.serviceDeps;
	339	preStart = lib.mkAfter wallabag.phpFpm.preStart;
	340	};
	341	phpfpm-yourls = {
	342	after = lib.mkAfter yourls.phpFpm.serviceDeps;
	343	wants = yourls.phpFpm.serviceDeps;
	344	};
1a64deeb IB	345	ntfy = {
	346	description = "send push notifications to your phone or desktop via scripts from any computer";
	347	wantedBy = [ "multi-user.target" ];
	348	serviceConfig = {
	349	ExecStart = "${pkgs.ntfy-sh}/bin/ntfy serve --listen-http '' --listen-unix %t/ntfy/ntfy.sock --cache-file %S/ntfy/cache.db --cache-duration 120h --behind-proxy --attachment-cache-dir %S/ntfy/attachments --base-url https://tools.immae.eu/ntfy";
	350	Type = "simple";
	351	WorkingDirectory = "%S/ntfy";
	352	RuntimeDirectory = "ntfy";
	353	StateDirectory = "ntfy";
	354	User = "wwwrun";
	355	};
	356	};
f40f5b23 IB	357	ympd = {
	358	description = "Standalone MPD Web GUI written in C";
	359	wantedBy = [ "multi-user.target" ];
	360	script = ''
da30ae4f	361	export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
f40f5b23 IB	362	${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
	363	'';
	364	};
	365	tt-rss = {
	366	description = "Tiny Tiny RSS feeds update daemon";
	367	serviceConfig = {
	368	User = "wwwrun";
dcac3ec7	369	ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
f40f5b23 IB	370	StandardOutput = "syslog";
	371	StandardError = "syslog";
	372	PermissionsStartOnly = true;
	373	};
	374
	375	wantedBy = [ "multi-user.target" ];
	376	requires = ["postgresql.service"];
	377	after = ["network.target" "postgresql.service"];
	378	};
	379	};
	380
17f6eae9 IB	381	services.filesWatcher.ympd = {
17f6eae9 IB	382	restart = true;
da30ae4f	383	paths = [ config.secrets.fullPaths."mpd" ];
17f6eae9 IB	384	};
17f6eae9 IB	385
f8df6790 IB	386	services.paste = {
	387	enable = true;
	388	webDirectory = "/paste";
	389	};
	390
441da8aa IB	391	services.phpfpm.pools = {
441da8aa IB	392	tools = {
5400b9b6 IB	393	user = "wwwrun";
	394	group = "wwwrun";
	395	settings = {
	396	"listen.owner" = "wwwrun";
	397	"listen.group" = "wwwrun";
	398	"pm" = "dynamic";
	399	"pm.max_children" = "60";
	400	"pm.start_servers" = "2";
	401	"pm.min_spare_servers" = "1";
	402	"pm.max_spare_servers" = "10";
f40f5b23	403
1a64deeb IB	404	"php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i";
	405	"php_admin_value[session.save_handler]" = "redis";
	406	"php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Tools:'";
5400b9b6 IB	407	# Needed to avoid clashes in browser cookies (same domain)
5400b9b6 IB	408	"php_value[session.name]" = "ToolsPHPSESSID";
251c0a13	409	"php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
a8ef1adb	410	"/run/wrappers/bin/sendmail" landing "/tmp"
da30ae4f	411	config.secrets.fullPaths."webapps/webhooks"
1a64deeb	412	"${webhooks-bin-env}/bin"
251c0a13 IB	413	];
	414	};
	415	phpEnv = {
	416	CONTACT_EMAIL = config.myEnv.tools.contact;
5400b9b6	417	};
1a64deeb	418	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]);
441da8aa IB	419	};
441da8aa IB	420	devtools = {
5400b9b6 IB	421	user = "wwwrun";
	422	group = "wwwrun";
	423	settings = {
	424	"listen.owner" = "wwwrun";
	425	"listen.group" = "wwwrun";
	426	"pm" = "dynamic";
	427	"pm.max_children" = "60";
	428	"pm.start_servers" = "2";
	429	"pm.min_spare_servers" = "1";
	430	"pm.max_spare_servers" = "10";
1922655a	431
1a64deeb IB	432	"php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i";
	433	"php_admin_value[session.save_handler]" = "redis";
	434	"php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Devtools:'";
41cce84a	435	"php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
5400b9b6	436	};
1a64deeb	437	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.sqlite3 all.redis all.apcu all.opcache ]);
441da8aa	438	};
5400b9b6	439	adminer = adminer.phpFpm;
441da8aa	440	ttrss = {
5400b9b6 IB	441	user = "wwwrun";
	442	group = "wwwrun";
	443	settings = ttrss.phpFpm.pool;
1a64deeb	444	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
441da8aa IB	445	};
441da8aa IB	446	wallabag = {
5400b9b6 IB	447	user = "wwwrun";
	448	group = "wwwrun";
	449	settings = wallabag.phpFpm.pool;
1a64deeb	450	phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy all.redis]);
441da8aa IB	451	};
441da8aa IB	452	yourls = {
5400b9b6 IB	453	user = "wwwrun";
	454	group = "wwwrun";
	455	settings = yourls.phpFpm.pool;
1a64deeb	456	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
441da8aa IB	457	};
441da8aa IB	458	rompr = {
5400b9b6 IB	459	user = "wwwrun";
	460	group = "wwwrun";
	461	settings = rompr.phpFpm.pool;
1a64deeb	462	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
441da8aa IB	463	};
441da8aa IB	464	shaarli = {
5400b9b6 IB	465	user = "wwwrun";
	466	group = "wwwrun";
	467	settings = shaarli.phpFpm.pool;
1a64deeb	468	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
441da8aa	469	};
7df5e532 IB	470	dmarc-reports = {
	471	user = "wwwrun";
	472	group = "wwwrun";
	473	settings = dmarc-reports.phpFpm.pool;
	474	phpEnv = dmarc-reports.phpFpm.phpEnv;
1a64deeb	475	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
7df5e532	476	};
441da8aa	477	dokuwiki = {
5400b9b6 IB	478	user = "wwwrun";
	479	group = "wwwrun";
	480	settings = dokuwiki.phpFpm.pool;
1a64deeb	481	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
441da8aa	482	};
a8ef1adb IB	483	phpbb = {
	484	user = "wwwrun";
	485	group = "wwwrun";
	486	settings = phpbb.phpFpm.pool;
1a64deeb	487	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
a8ef1adb	488	};
441da8aa	489	ldap = {
5400b9b6 IB	490	user = "wwwrun";
	491	group = "wwwrun";
	492	settings = ldap.phpFpm.pool;
1a64deeb	493	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
441da8aa IB	494	};
441da8aa IB	495	kanboard = {
5400b9b6 IB	496	user = "wwwrun";
	497	group = "wwwrun";
	498	settings = kanboard.phpFpm.pool;
1a64deeb	499	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
441da8aa IB	500	};
441da8aa IB	501	grocy = {
5400b9b6 IB	502	user = "wwwrun";
5400b9b6 IB	503	group = "wwwrun";
1a64deeb IB	504	settings = grocy'.phpFpm.pool;
1a64deeb IB	505	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
441da8aa	506	};
10889174 IB	507	};
	508
	509	system.activationScripts = {
1a64deeb	510	grocy = grocy'.activationScript;
10889174	511	ttrss = ttrss.activationScript;
aebd817b	512	wallabag = wallabag.activationScript;
bfe3c9c9	513	rompr = rompr.activationScript;
95b20e17	514	shaarli = shaarli.activationScript;
b892dcbe	515	dokuwiki = dokuwiki.activationScript;
a8ef1adb	516	phpbb = phpbb.activationScript;
d4ed0eff	517	kanboard = kanboard.activationScript;
10889174 IB	518	};
10889174 IB	519
29f8cb85	520	services.websites.env.tools.watchPaths = [
da30ae4f	521	config.secrets.fullPaths."webapps/tools-shaarli"
17f6eae9 IB	522	];
	523	services.filesWatcher.phpfpm-wallabag = {
	524	restart = true;
da30ae4f	525	paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
17f6eae9	526	};
ea3b46ee	527
1a64deeb IB	528	myServices.monitoring.fromMasterActivatedPlugins = lib.mkMerge [
	529	ttrss.monitoringPlugins
	530	rompr.monitoringPlugins
	531	wallabag.monitoringPlugins
	532	yourls.monitoringPlugins
	533	ympd.monitoringPlugins
	534	dokuwiki.monitoringPlugins
	535	shaarli.monitoringPlugins
	536	ldap.monitoringPlugins
	537	adminer.monitoringPlugins
	538	];
	539	myServices.monitoring.fromMasterObjects = lib.mkMerge [
	540	ttrss.monitoringObjects
	541	rompr.monitoringObjects
	542	wallabag.monitoringObjects
	543	yourls.monitoringObjects
	544	ympd.monitoringObjects
	545	dokuwiki.monitoringObjects
	546	shaarli.monitoringObjects
	547	ldap.monitoringObjects
	548	adminer.monitoringObjects
	549	];
10889174 IB	550	};
	551	}
	552