]>
Commit | Line | Data |
---|---|---|
a1bb33c4 IB |
1 | { |
2 | network = { | |
3 | description = "Immae's network"; | |
4 | enableRollback = true; | |
5 | }; | |
6 | ||
4d4f13f4 IB |
7 | eldiron = { config, pkgs, mylibs, ... }: |
8 | with mylibs; | |
5c101474 | 9 | let |
712ccefd | 10 | mypkgs = pkgs.callPackage ./packages.nix { |
eb770e14 | 11 | inherit checkEnv fetchedGit fetchedGitPrivate fetchedGithub; |
5c101474 | 12 | }; |
ab5d04b8 IB |
13 | in |
14 | { | |
4d4f13f4 IB |
15 | _module.args = { |
16 | mylibs = import ../libs.nix; | |
17 | }; | |
18 | ||
19 | imports = [ | |
20 | ./modules/gitolite.nix | |
21 | ./modules/gitweb.nix | |
22 | ./modules/databases.nix | |
23 | ]; | |
24 | services.myGitolite.enable = true; | |
25 | services.myGitweb.enable = true; | |
26 | services.myDatabases.enable = true; | |
27 | ||
91493dc0 | 28 | nixpkgs.config.packageOverrides = oldpkgs: rec { |
6f0d92b4 IB |
29 | goaccess = oldpkgs.goaccess.overrideAttrs(old: rec { |
30 | name = "goaccess-${version}"; | |
31 | version = "1.3"; | |
32 | src = pkgs.fetchurl { | |
33 | url = "https://tar.goaccess.io/${name}.tar.gz"; | |
34 | sha256 = "16vv3pj7pbraq173wlxa89jjsd279004j4kgzlrsk1dz4if5qxwc"; | |
35 | }; | |
36 | configureFlags = old.configureFlags ++ [ "--enable-tcb=btree" ]; | |
37 | buildInputs = old.buildInputs ++ [ pkgs.tokyocabinet pkgs.bzip2 ]; | |
38 | }); | |
91493dc0 IB |
39 | }; |
40 | ||
a1bb33c4 IB |
41 | networking = { |
42 | firewall = { | |
43 | enable = true; | |
4d4f13f4 | 44 | allowedTCPPorts = [ 22 80 443 9418 ]; |
a1bb33c4 IB |
45 | }; |
46 | }; | |
47 | ||
48 | deployment = { | |
49 | targetEnv = "hetzner"; | |
50 | hetzner = { | |
51 | #robotUser = "defined in HETZNER_ROBOT_USER"; | |
52 | #robotPass = "defined in HETZNER_ROBOT_PASS"; | |
53 | mainIPv4 = "176.9.151.89"; | |
54 | partitions = '' | |
55 | clearpart --all --initlabel --drives=sda,sdb | |
56 | ||
57 | part swap1 --recommended --label=swap1 --fstype=swap --ondisk=sda | |
58 | part swap2 --recommended --label=swap2 --fstype=swap --ondisk=sdb | |
59 | ||
60 | part raid.1 --grow --ondisk=sda | |
61 | part raid.2 --grow --ondisk=sdb | |
62 | ||
63 | raid / --level=1 --device=md0 --fstype=ext4 --label=root raid.1 raid.2 | |
64 | ''; | |
65 | }; | |
66 | }; | |
67 | ||
66b5bbf6 IB |
68 | environment.systemPackages = let |
69 | # FIXME: move it to nextcloud | |
70 | occ = pkgs.writeScriptBin "nextcloud-occ" '' | |
71 | #! ${pkgs.stdenv.shell} | |
72 | cd ${mypkgs.nextcloud.webRoot} | |
73 | NEXTCLOUD_CONFIG_DIR="${mypkgs.nextcloud.webRoot}/config" \ | |
74 | exec \ | |
75 | ${config.services.phpfpm.phpPackage}/bin/php \ | |
76 | -c ${config.services.phpfpm.phpPackage}/etc/php.ini \ | |
77 | occ $* | |
78 | ''; | |
79 | in [ | |
ce6ee3b8 | 80 | pkgs.telnet |
beeed847 | 81 | pkgs.htop |
ce6ee3b8 | 82 | pkgs.vim |
6f0d92b4 | 83 | pkgs.goaccess |
66b5bbf6 | 84 | occ |
ce6ee3b8 IB |
85 | ]; |
86 | ||
6bd6d033 IB |
87 | # FIXME: doesn't work with httpd? |
88 | security.acme.preliminarySelfsigned = true; | |
a1bb33c4 | 89 | security.acme.certs = { |
6bd6d033 IB |
90 | # FIXME: /!\ To create a new certificate, create it before using |
91 | # it in httpd | |
a1bb33c4 IB |
92 | "eldiron" = { |
93 | webroot = "/var/lib/acme/acme-challenge"; | |
94 | email = "ismael@bouya.org"; | |
95 | domain = "eldiron.immae.eu"; | |
e379fd29 IB |
96 | plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ]; |
97 | postRun = '' | |
e273ef92 | 98 | systemctl reload httpd.service |
e379fd29 | 99 | ''; |
beeed847 | 100 | allowKeysForGroup = true; |
a1bb33c4 IB |
101 | extraDomains = { |
102 | "db-1.immae.eu" = null; | |
e379fd29 | 103 | "tools.immae.eu" = null; |
65fe7543 IB |
104 | "connexionswing.immae.eu" = null; |
105 | "sandetludo.immae.eu" = null; | |
66b5bbf6 | 106 | "cloud.immae.eu" = null; |
e42ba74f | 107 | "ludivine.immae.eu" = null; |
6c672f34 | 108 | "dev.aten.pro" = null; |
34e2fd14 | 109 | "piedsjaloux.immae.eu" = null; |
7d8b50d3 | 110 | "chloe.immae.eu" = null; |
43b726ed | 111 | "dav.immae.eu" = null; |
e42ba74f IB |
112 | }; |
113 | }; | |
114 | "ludivinecassal" = { | |
115 | webroot = "/var/lib/acme/acme-challenge"; | |
116 | email = "ismael@bouya.org"; | |
117 | domain = "ludivinecassal.com"; | |
118 | plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ]; | |
119 | postRun = '' | |
120 | systemctl reload httpd.service | |
121 | ''; | |
122 | extraDomains = { | |
123 | "www.ludivinecassal.com" = null; | |
a1bb33c4 IB |
124 | }; |
125 | }; | |
6c672f34 IB |
126 | "aten" = { |
127 | webroot = "/var/lib/acme/acme-challenge"; | |
128 | email = "ismael@bouya.org"; | |
129 | domain = "aten.pro"; | |
130 | plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ]; | |
131 | postRun = '' | |
132 | systemctl reload httpd.service | |
133 | ''; | |
134 | extraDomains = { | |
135 | "www.aten.pro" = null; | |
136 | }; | |
137 | }; | |
34e2fd14 IB |
138 | "piedsjaloux" = { |
139 | webroot = "/var/lib/acme/acme-challenge"; | |
140 | email = "ismael@bouya.org"; | |
141 | domain = "piedsjaloux.fr"; | |
142 | plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ]; | |
143 | postRun = '' | |
144 | systemctl reload httpd.service | |
145 | ''; | |
146 | extraDomains = { | |
147 | "www.piedsjaloux.fr" = null; | |
148 | }; | |
149 | }; | |
6bd6d033 IB |
150 | "chloe" = { |
151 | webroot = "/var/lib/acme/acme-challenge"; | |
152 | email = "ismael@bouya.org"; | |
153 | domain = "osteopathe-cc.fr"; | |
154 | plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ]; | |
155 | postRun = '' | |
156 | systemctl reload httpd.service | |
157 | ''; | |
158 | extraDomains = { | |
159 | "www.osteopathe-cc.fr" = null; | |
160 | }; | |
161 | }; | |
527e32ad IB |
162 | "connexionswing" = { |
163 | webroot = "/var/lib/acme/acme-challenge"; | |
164 | email = "ismael@bouya.org"; | |
165 | domain = "connexionswing.com"; | |
166 | plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ]; | |
167 | postRun = '' | |
168 | systemctl reload httpd.service | |
169 | ''; | |
170 | extraDomains = { | |
171 | "www.connexionswing.com" = null; | |
172 | "sandetludo.com" = null; | |
173 | "www.sandetludo.com" = null; | |
174 | }; | |
175 | }; | |
a1bb33c4 IB |
176 | }; |
177 | ||
5566d26d IB |
178 | services.openssh.extraConfig = '' |
179 | AuthorizedKeysCommand /etc/ssh/ldap_authorized_keys | |
180 | AuthorizedKeysCommandUser nobody | |
181 | ''; | |
182 | ||
beeed847 | 183 | services.ympd = mypkgs.ympd.config // { enable = false; }; |
a05f8abe | 184 | |
58d1a782 | 185 | services.phpfpm = { |
beeed847 | 186 | # FIXME: move session files to separate dirs |
66b5bbf6 IB |
187 | # /!\ phppackage is used in nextcloud configuation |
188 | phpOptions = '' | |
c8e019b6 IB |
189 | session.save_path = "/var/lib/php/sessions" |
190 | session.gc_maxlifetime = 60*60*24*15 | |
191 | session.cache_expire = 60*24*30 | |
66b5bbf6 IB |
192 | ; For nextcloud |
193 | extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so | |
194 | ; For nextcloud | |
195 | extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so | |
ec9ff2b8 IB |
196 | ; For nextcloud |
197 | zend_extension=${pkgs.php}/lib/php/extensions/opcache.so | |
66b5bbf6 | 198 | ''; |
58d1a782 IB |
199 | extraConfig = '' |
200 | log_level = notice | |
201 | ''; | |
202 | poolConfigs = { | |
27e22b76 | 203 | adminer = mypkgs.adminer.phpFpm.pool; |
65fe7543 | 204 | connexionswing_dev = mypkgs.connexionswing_dev.phpFpm.pool; |
e273ef92 | 205 | connexionswing_prod = mypkgs.connexionswing_prod.phpFpm.pool; |
e42ba74f IB |
206 | ludivinecassal_dev = mypkgs.ludivinecassal_dev.phpFpm.pool; |
207 | ludivinecassal_prod = mypkgs.ludivinecassal_prod.phpFpm.pool; | |
34e2fd14 IB |
208 | piedsjaloux_dev = mypkgs.piedsjaloux_dev.phpFpm.pool; |
209 | piedsjaloux_prod = mypkgs.piedsjaloux_prod.phpFpm.pool; | |
7d8b50d3 IB |
210 | chloe_dev = mypkgs.chloe_dev.phpFpm.pool; |
211 | chloe_prod = mypkgs.chloe_prod.phpFpm.pool; | |
6c672f34 IB |
212 | aten_dev = mypkgs.aten_dev.phpFpm.pool; |
213 | aten_prod = mypkgs.aten_prod.phpFpm.pool; | |
66b5bbf6 | 214 | nextcloud = mypkgs.nextcloud.phpFpm.pool; |
50d8fa14 | 215 | mantisbt = mypkgs.mantisbt.phpFpm.pool; |
eb770e14 | 216 | ttrss = mypkgs.ttrss.phpFpm.pool; |
d252d718 | 217 | roundcubemail = mypkgs.roundcubemail.phpFpm.pool; |
d9998b44 | 218 | davical = mypkgs.davical.phpFpm.pool; |
58d1a782 IB |
219 | }; |
220 | }; | |
221 | ||
65fe7543 IB |
222 | system.activationScripts = { |
223 | connexionswing_dev = mypkgs.connexionswing_dev.activationScript; | |
e273ef92 | 224 | connexionswing_prod = mypkgs.connexionswing_prod.activationScript; |
e42ba74f | 225 | ludivinecassal_dev = mypkgs.ludivinecassal_dev.activationScript; |
34e2fd14 IB |
226 | ludivinecassal_prod = mypkgs.ludivinecassal_prod.activationScript; |
227 | piedsjaloux_dev = mypkgs.piedsjaloux_dev.activationScript; | |
228 | piedsjaloux_prod = mypkgs.piedsjaloux_prod.activationScript; | |
7d8b50d3 IB |
229 | chloe_dev = mypkgs.chloe_dev.activationScript; |
230 | chloe_prod = mypkgs.chloe_prod.activationScript; | |
6c672f34 IB |
231 | aten_dev = mypkgs.aten_dev.activationScript; |
232 | aten_prod = mypkgs.aten_prod.activationScript; | |
66b5bbf6 | 233 | nextcloud = mypkgs.nextcloud.activationScript; |
eb770e14 | 234 | ttrss = mypkgs.ttrss.activationScript; |
d252d718 | 235 | roundcubemail = mypkgs.roundcubemail.activationScript; |
5dd28b43 IB |
236 | httpd = '' |
237 | install -d -m 0755 /var/lib/acme/acme-challenge | |
c8e019b6 IB |
238 | install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions |
239 | install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/adminer | |
240 | install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/mantisbt | |
eb770e14 | 241 | install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/ttrss |
1635a4ae | 242 | install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/davical |
5dd28b43 | 243 | ''; |
60f67ae3 IB |
244 | redis = '' |
245 | mkdir -p /run/redis | |
246 | chown redis /run/redis | |
247 | ''; | |
6bd6d033 | 248 | # FIXME: initial sync |
6f0d92b4 IB |
249 | goaccess = '' |
250 | mkdir -p /var/lib/goaccess | |
251 | mkdir -p /var/lib/goaccess/aten.pro | |
34e2fd14 IB |
252 | mkdir -p /var/lib/goaccess/ludivinecassal.com |
253 | mkdir -p /var/lib/goaccess/piedsjaloux.fr | |
6bd6d033 | 254 | mkdir -p /var/lib/goaccess/osteopathe-cc.fr |
527e32ad | 255 | mkdir -p /var/lib/goaccess/connexionswing.com |
6f0d92b4 | 256 | ''; |
5566d26d IB |
257 | }; |
258 | ||
259 | environment.etc."ssh/ldap_authorized_keys" = let | |
260 | ldap_authorized_keys = | |
5c101474 IB |
261 | assert checkEnv "NIXOPS_SSHD_LDAP_PASSWORD"; |
262 | wrap { | |
5566d26d IB |
263 | name = "ldap_authorized_keys"; |
264 | file = ./ldap_authorized_keys.sh; | |
265 | vars = { | |
266 | LDAP_PASS = builtins.getEnv "NIXOPS_SSHD_LDAP_PASSWORD"; | |
267 | GITOLITE_SHELL = "${pkgs.gitolite}/bin/gitolite-shell"; | |
268 | ECHO = "${pkgs.coreutils}/bin/echo"; | |
269 | }; | |
270 | paths = [ pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.gnused pkgs.coreutils ]; | |
271 | }; | |
272 | in { | |
273 | enable = true; | |
274 | mode = "0755"; | |
275 | user = "root"; | |
276 | source = ldap_authorized_keys; | |
65fe7543 IB |
277 | }; |
278 | ||
7611e4e2 IB |
279 | services.gitDaemon = { |
280 | enable = true; | |
281 | user = "gitolite"; | |
282 | group = "gitolite"; | |
283 | basePath = "${mypkgs.git.web.varDir}/repositories"; | |
284 | }; | |
285 | ||
beeed847 | 286 | # FIXME: logrotate |
58d1a782 | 287 | services.httpd = let |
b7cd7e4b | 288 | withConf = domain: { |
58d1a782 | 289 | enableSSL = true; |
5dd28b43 | 290 | sslServerCert = "/var/lib/acme/${domain}/cert.pem"; |
58d1a782 IB |
291 | sslServerKey = "/var/lib/acme/${domain}/key.pem"; |
292 | sslServerChain = "/var/lib/acme/${domain}/fullchain.pem"; | |
b7cd7e4b IB |
293 | logFormat = "combinedVhost"; |
294 | listen = [ { ip = "*"; port = 443; } ]; | |
58d1a782 | 295 | }; |
94818b75 IB |
296 | apacheConfig = { |
297 | gzip = { | |
298 | modules = [ "deflate" "filter" ]; | |
299 | extraConfig = '' | |
300 | AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript | |
301 | ''; | |
302 | }; | |
303 | ldap = { | |
304 | modules = [ "ldap" "authnz_ldap" ]; | |
5c101474 | 305 | extraConfig = assert checkEnv "NIXOPS_HTTP_LDAP_PASSWORD"; '' |
94818b75 IB |
306 | <IfModule ldap_module> |
307 | LDAPSharedCacheSize 500000 | |
308 | LDAPCacheEntries 1024 | |
309 | LDAPCacheTTL 600 | |
310 | LDAPOpCacheEntries 1024 | |
311 | LDAPOpCacheTTL 600 | |
312 | </IfModule> | |
313 | ||
314 | <Macro LDAPConnect> | |
315 | <IfModule authnz_ldap_module> | |
316 | AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu | |
317 | AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu | |
318 | AuthLDAPBindPassword "${builtins.getEnv "NIXOPS_HTTP_LDAP_PASSWORD"}" | |
319 | AuthType Basic | |
320 | AuthName "Authentification requise (Acces LDAP)" | |
321 | AuthBasicProvider ldap | |
322 | </IfModule> | |
323 | </Macro> | |
6f0d92b4 IB |
324 | |
325 | <Macro Stats %{domain}> | |
326 | Alias /awstats /var/lib/goaccess/%{domain} | |
327 | <Directory /var/lib/goaccess/%{domain}> | |
328 | DirectoryIndex index.html | |
329 | AllowOverride None | |
330 | Require all granted | |
331 | </Directory> | |
332 | <Location /awstats> | |
333 | Use LDAPConnect | |
334 | Require ldap-group cn=%{domain},ou=stats,cn=httpd,ou=services,dc=immae,dc=eu | |
335 | </Location> | |
336 | </Macro> | |
94818b75 IB |
337 | ''; |
338 | }; | |
b7cd7e4b IB |
339 | http2 = { |
340 | modules = [ "http2" ]; | |
341 | extraConfig = '' | |
342 | Protocols h2 http/1.1 | |
343 | ''; | |
344 | }; | |
345 | customLog = { | |
346 | modules = []; | |
347 | extraConfig = '' | |
6f0d92b4 | 348 | LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedVhost |
b7cd7e4b IB |
349 | ''; |
350 | }; | |
94818b75 | 351 | }; |
58d1a782 | 352 | in rec { |
a1bb33c4 | 353 | enable = true; |
58d1a782 IB |
354 | logPerVirtualHost = true; |
355 | multiProcessingModule = "worker"; | |
356 | adminAddr = "httpd@immae.eu"; | |
b7cd7e4b | 357 | logFormat = "combinedVhost"; |
25fd1d16 IB |
358 | extraModules = pkgs.lib.lists.unique ( |
359 | mypkgs.adminer.apache.modules ++ | |
66b5bbf6 | 360 | mypkgs.nextcloud.apache.modules ++ |
65fe7543 | 361 | mypkgs.connexionswing_dev.apache.modules ++ |
e273ef92 | 362 | mypkgs.connexionswing_prod.apache.modules ++ |
e42ba74f IB |
363 | mypkgs.ludivinecassal_dev.apache.modules ++ |
364 | mypkgs.ludivinecassal_prod.apache.modules ++ | |
34e2fd14 IB |
365 | mypkgs.piedsjaloux_dev.apache.modules ++ |
366 | mypkgs.piedsjaloux_prod.apache.modules ++ | |
7d8b50d3 IB |
367 | mypkgs.chloe_dev.apache.modules ++ |
368 | mypkgs.chloe_prod.apache.modules ++ | |
6c672f34 IB |
369 | mypkgs.aten_dev.apache.modules ++ |
370 | mypkgs.aten_prod.apache.modules ++ | |
5f3e023d | 371 | mypkgs.ympd.apache.modules ++ |
cf80b4f2 | 372 | mypkgs.git.web.apache.modules ++ |
50d8fa14 | 373 | mypkgs.mantisbt.apache.modules ++ |
eb770e14 | 374 | mypkgs.ttrss.apache.modules ++ |
d252d718 | 375 | mypkgs.roundcubemail.apache.modules ++ |
94818b75 IB |
376 | pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules) apacheConfig) ++ |
377 | [ "macro" ]); | |
378 | extraConfig = builtins.concatStringsSep "\n" | |
379 | (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig) apacheConfig); | |
58d1a782 | 380 | virtualHosts = [ |
b7cd7e4b | 381 | (withConf "eldiron" // { |
58d1a782 | 382 | hostName = "eldiron.immae.eu"; |
1d4ccb2c IB |
383 | documentRoot = ./www; |
384 | extraConfig = '' | |
385 | DirectoryIndex index.htm | |
386 | ''; | |
58d1a782 | 387 | }) |
b7cd7e4b | 388 | (withConf "eldiron" // { |
58d1a782 IB |
389 | hostName = "db-1.immae.eu"; |
390 | documentRoot = null; | |
27e22b76 | 391 | extraConfig = builtins.concatStringsSep "\n" [ |
1bb2ff2c | 392 | mypkgs.adminer.apache.vhostConf |
27e22b76 | 393 | ]; |
58d1a782 | 394 | }) |
b7cd7e4b | 395 | (withConf "eldiron" // { |
e379fd29 IB |
396 | hostName = "tools.immae.eu"; |
397 | documentRoot = null; | |
398 | extraConfig = builtins.concatStringsSep "\n" [ | |
1bb2ff2c | 399 | mypkgs.adminer.apache.vhostConf |
a05f8abe | 400 | mypkgs.ympd.apache.vhostConf |
eb770e14 | 401 | mypkgs.ttrss.apache.vhostConf |
d252d718 | 402 | mypkgs.roundcubemail.apache.vhostConf |
43b726ed IB |
403 | ]; |
404 | }) | |
405 | (withConf "eldiron" // { | |
406 | hostName = "dav.immae.eu"; | |
407 | documentRoot = null; | |
408 | extraConfig = builtins.concatStringsSep "\n" [ | |
1635a4ae | 409 | mypkgs.infcloud.apache.vhostConf |
d9998b44 | 410 | mypkgs.davical.apache.vhostConf |
e379fd29 IB |
411 | ]; |
412 | }) | |
b7cd7e4b | 413 | (withConf "eldiron" // { |
65fe7543 IB |
414 | hostName = "connexionswing.immae.eu"; |
415 | serverAliases = [ "sandetludo.immae.eu" ]; | |
416 | documentRoot = mypkgs.connexionswing_dev.webRoot; | |
417 | extraConfig = builtins.concatStringsSep "\n" [ | |
418 | mypkgs.connexionswing_dev.apache.vhostConf | |
419 | ]; | |
420 | }) | |
527e32ad IB |
421 | (withConf "connexionswing" // { |
422 | hostName = "connexionswing.com"; | |
423 | serverAliases = [ "sandetludo.com" "www.connexionswing.com" "www.sandetludo.com" ]; | |
424 | documentRoot = mypkgs.connexionswing_prod.webRoot; | |
425 | extraConfig = builtins.concatStringsSep "\n" [ | |
426 | mypkgs.connexionswing_prod.apache.vhostConf | |
427 | ]; | |
428 | }) | |
e42ba74f IB |
429 | (withConf "eldiron" // { |
430 | hostName = "ludivine.immae.eu"; | |
431 | documentRoot = mypkgs.ludivinecassal_dev.webRoot; | |
432 | extraConfig = builtins.concatStringsSep "\n" [ | |
433 | mypkgs.ludivinecassal_dev.apache.vhostConf | |
434 | ]; | |
435 | }) | |
436 | (withConf "ludivinecassal" // { | |
437 | hostName = "ludivinecassal.com"; | |
438 | serverAliases = [ "www.ludivinecassal.com" ]; | |
439 | documentRoot = mypkgs.ludivinecassal_prod.webRoot; | |
440 | extraConfig = builtins.concatStringsSep "\n" [ | |
441 | mypkgs.ludivinecassal_prod.apache.vhostConf | |
442 | ]; | |
443 | }) | |
34e2fd14 IB |
444 | (withConf "eldiron" // { |
445 | hostName = "piedsjaloux.immae.eu"; | |
446 | documentRoot = mypkgs.piedsjaloux_dev.webRoot; | |
447 | extraConfig = builtins.concatStringsSep "\n" [ | |
448 | mypkgs.piedsjaloux_dev.apache.vhostConf | |
449 | ]; | |
450 | }) | |
451 | (withConf "piedsjaloux" // { | |
452 | hostName = "piedsjaloux.fr"; | |
453 | serverAliases = [ "www.piedsjaloux.fr" ]; | |
454 | documentRoot = mypkgs.piedsjaloux_prod.webRoot; | |
455 | extraConfig = builtins.concatStringsSep "\n" [ | |
456 | mypkgs.piedsjaloux_prod.apache.vhostConf | |
457 | ]; | |
458 | }) | |
7d8b50d3 IB |
459 | (withConf "eldiron" // { |
460 | hostName = "chloe.immae.eu"; | |
461 | documentRoot = mypkgs.chloe_dev.webRoot; | |
462 | extraConfig = builtins.concatStringsSep "\n" [ | |
463 | mypkgs.chloe_dev.apache.vhostConf | |
464 | ]; | |
465 | }) | |
6bd6d033 | 466 | (withConf "chloe" // { |
7d8b50d3 IB |
467 | hostName = "osteopathe-cc.fr"; |
468 | serverAliases = [ "www.osteopathe-cc.fr" ]; | |
469 | documentRoot = mypkgs.chloe_prod.webRoot; | |
470 | extraConfig = builtins.concatStringsSep "\n" [ | |
471 | mypkgs.chloe_prod.apache.vhostConf | |
472 | ]; | |
473 | }) | |
6c672f34 IB |
474 | (withConf "eldiron" // { |
475 | hostName = "dev.aten.pro"; | |
476 | documentRoot = mypkgs.aten_dev.webRoot; | |
477 | extraConfig = builtins.concatStringsSep "\n" [ | |
478 | mypkgs.aten_dev.apache.vhostConf | |
479 | ]; | |
480 | }) | |
481 | (withConf "aten" // { | |
482 | hostName = "aten.pro"; | |
483 | serverAliases = [ "www.aten.pro" ]; | |
484 | documentRoot = mypkgs.aten_prod.webRoot; | |
485 | extraConfig = builtins.concatStringsSep "\n" [ | |
486 | mypkgs.aten_prod.apache.vhostConf | |
487 | ]; | |
488 | }) | |
b7cd7e4b | 489 | (withConf "eldiron" // { |
66b5bbf6 IB |
490 | hostName = "cloud.immae.eu"; |
491 | documentRoot = mypkgs.nextcloud.webRoot; | |
492 | extraConfig = builtins.concatStringsSep "\n" [ | |
493 | mypkgs.nextcloud.apache.vhostConf | |
494 | ]; | |
495 | }) | |
b7cd7e4b | 496 | (withConf "eldiron" // { |
cf80b4f2 IB |
497 | hostName = "git.immae.eu"; |
498 | documentRoot = mypkgs.git.web.webRoot; | |
499 | extraConfig = builtins.concatStringsSep "\n" [ | |
500 | mypkgs.git.web.apache.vhostConf | |
50d8fa14 | 501 | mypkgs.mantisbt.apache.vhostConf |
cf80b4f2 IB |
502 | ] + '' |
503 | RewriteEngine on | |
504 | RewriteCond %{REQUEST_URI} ^/releases | |
505 | RewriteRule /releases(.*) https://release.immae.eu$1 [P,L] | |
506 | ''; | |
507 | }) | |
58d1a782 IB |
508 | { # Should go last, default fallback |
509 | listen = [ { ip = "*"; port = 80; } ]; | |
510 | hostName = "redirectSSL"; | |
511 | serverAliases = [ "*" ]; | |
512 | enableSSL = false; | |
b7cd7e4b | 513 | logFormat = "combinedVhost"; |
58d1a782 IB |
514 | documentRoot = "/var/lib/acme/acme-challenge"; |
515 | extraConfig = '' | |
516 | RewriteEngine on | |
517 | RewriteCond "%{REQUEST_URI}" "!^/\.well-known" | |
518 | RewriteRule ^(.+) https://%{HTTP_HOST}$1 [R=301] | |
519 | # To redirect in specific "VirtualHost *:80", do | |
520 | # RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://host/$1 | |
521 | # rather than rewrite | |
522 | ''; | |
523 | } | |
43b726ed | 524 | ]; |
58d1a782 IB |
525 | }; |
526 | ||
6f0d92b4 IB |
527 | services.cron = { |
528 | enable = true; | |
529 | systemCronJobs = let | |
6bd6d033 | 530 | stats = domain: conf: let |
0facadb8 IB |
531 | d = pkgs.writeScriptBin "stats-${domain}" '' |
532 | #!${pkgs.stdenv.shell} | |
533 | set -e | |
534 | shopt -s nullglob | |
535 | date_regex=$(LC_ALL=C date -d yesterday +'%d\/%b\/%Y') | |
536 | TMPFILE=$(mktemp) | |
537 | trap "rm -f $TMPFILE" EXIT | |
538 | ||
539 | cat /var/log/httpd/access_log-${domain} | sed -n "/\\[$date_regex/ p" > $TMPFILE | |
540 | for i in /var/log/httpd/access_log-${domain}*.gz; do | |
541 | zcat "$i" | sed -n "/\\[$date_regex/ p" >> $TMPFILE | |
542 | done | |
543 | goaccess $TMPFILE --no-progress -o /var/lib/goaccess/${domain}/index.html -p ${conf} | |
544 | ''; | |
6bd6d033 | 545 | in "${d}/bin/stats-${domain}"; |
56991aa7 IB |
546 | # FIXME: running several goaccess simultaneously seems to be |
547 | # bugged? | |
6f0d92b4 IB |
548 | in [ |
549 | "5 0 * * * root ${stats "aten.pro" ./packages/aten_goaccess.conf}" | |
56991aa7 IB |
550 | "6 0 * * * root ${stats "ludivinecassal.com" ./packages/ludivinecassal_goaccess.conf}" |
551 | "7 0 * * * root ${stats "piedsjaloux.fr" ./packages/piedsjaloux_goaccess.conf}" | |
552 | "8 0 * * * root ${stats "osteopathe-cc.fr" ./packages/chloe_goaccess.conf}" | |
553 | "9 0 * * * root ${stats "connexionswing.com" ./packages/connexionswing_goaccess.conf}" | |
6f0d92b4 IB |
554 | ]; |
555 | }; | |
eb770e14 IB |
556 | |
557 | systemd.services.tt-rss = { | |
558 | description = "Tiny Tiny RSS feeds update daemon"; | |
559 | serviceConfig = { | |
560 | User = "wwwrun"; | |
561 | ExecStart = "${pkgs.php}/bin/php ${mypkgs.ttrss.webRoot}/update.php --daemon"; | |
562 | StandardOutput = "syslog"; | |
563 | StandardError = "syslog"; | |
564 | PermissionsStartOnly = true; | |
565 | }; | |
566 | ||
567 | wantedBy = [ "multi-user.target" ]; | |
568 | requires = ["postgresql.service"]; | |
569 | after = ["network.target" "postgresql.service"]; | |
570 | }; | |
a1bb33c4 IB |
571 | }; |
572 | } |