]>
Commit | Line | Data |
---|---|---|
42429ef0 IB |
1 | { lib, pkgs, config, mylibs, ... }: |
2 | let | |
3 | cfg = config.services.myWebsites; | |
4 | in | |
5 | { | |
6 | imports = [ | |
7 | ./websites/chloe.nix | |
8 | ./websites/ludivine.nix | |
9 | ./websites/aten.nix | |
10 | ./websites/piedsjaloux.nix | |
11 | ./websites/connexionswing.nix | |
12 | ]; | |
13 | ||
14 | options.services.myWebsites = { | |
15 | production = { | |
16 | enable = lib.mkEnableOption "enable websites in production"; | |
17 | }; | |
18 | ||
19 | integration = { | |
20 | enable = lib.mkEnableOption "enable websites in integration"; | |
21 | }; | |
22 | ||
23 | apacheConfig = lib.mkOption { | |
24 | type = lib.types.attrsOf (lib.types.submodule { | |
25 | options = { | |
26 | modules = lib.mkOption { | |
27 | type = lib.types.listOf (lib.types.str); | |
28 | default = []; | |
29 | }; | |
30 | extraConfig = lib.mkOption { | |
31 | type = lib.types.nullOr lib.types.lines; | |
32 | default = null; | |
33 | }; | |
34 | }; | |
35 | }); | |
36 | default = {}; | |
37 | description = "Extra global config"; | |
38 | }; | |
39 | ||
40 | }; | |
41 | ||
42 | config = { | |
43 | services.myWebsites.Chloe.production.enable = cfg.production.enable; | |
44 | services.myWebsites.Ludivine.production.enable = cfg.production.enable; | |
45 | services.myWebsites.Aten.production.enable = cfg.production.enable; | |
46 | services.myWebsites.PiedsJaloux.production.enable = cfg.production.enable; | |
47 | services.myWebsites.Connexionswing.production.enable = cfg.production.enable; | |
48 | ||
49 | services.myWebsites.Chloe.integration.enable = cfg.integration.enable; | |
50 | services.myWebsites.Ludivine.integration.enable = cfg.integration.enable; | |
51 | services.myWebsites.Aten.integration.enable = cfg.integration.enable; | |
52 | services.myWebsites.PiedsJaloux.integration.enable = cfg.integration.enable; | |
53 | services.myWebsites.Connexionswing.integration.enable = cfg.integration.enable; | |
54 | ||
55 | services.myWebsites.apacheConfig = { | |
56 | gzip = { | |
57 | modules = [ "deflate" "filter" ]; | |
58 | extraConfig = '' | |
59 | AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript | |
60 | ''; | |
61 | }; | |
62 | macros = { | |
63 | modules = [ "macro" ]; | |
64 | }; | |
65 | ldap = { | |
66 | modules = [ "ldap" "authnz_ldap" ]; | |
67 | # FIXME: starttls | |
68 | extraConfig = assert mylibs.checkEnv "NIXOPS_HTTP_LDAP_PASSWORD"; '' | |
69 | <IfModule ldap_module> | |
70 | LDAPSharedCacheSize 500000 | |
71 | LDAPCacheEntries 1024 | |
72 | LDAPCacheTTL 600 | |
73 | LDAPOpCacheEntries 1024 | |
74 | LDAPOpCacheTTL 600 | |
75 | </IfModule> | |
76 | ||
77 | <Macro LDAPConnect> | |
78 | <IfModule authnz_ldap_module> | |
79 | AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu STARTTLS | |
80 | AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu | |
81 | AuthLDAPBindPassword "${builtins.getEnv "NIXOPS_HTTP_LDAP_PASSWORD"}" | |
82 | AuthType Basic | |
83 | AuthName "Authentification requise (Acces LDAP)" | |
84 | AuthBasicProvider ldap | |
85 | </IfModule> | |
86 | </Macro> | |
87 | ||
88 | <Macro Stats %{domain}> | |
89 | Alias /awstats /var/lib/goaccess/%{domain} | |
90 | <Directory /var/lib/goaccess/%{domain}> | |
91 | DirectoryIndex index.html | |
92 | AllowOverride None | |
93 | Require all granted | |
94 | </Directory> | |
95 | <Location /awstats> | |
96 | Use LDAPConnect | |
97 | Require ldap-group cn=%{domain},ou=stats,cn=httpd,ou=services,dc=immae,dc=eu | |
98 | </Location> | |
99 | </Macro> | |
100 | ''; | |
101 | }; | |
102 | http2 = { | |
103 | modules = [ "http2" ]; | |
104 | extraConfig = '' | |
105 | Protocols h2 http/1.1 | |
106 | ''; | |
107 | }; | |
108 | customLog = { | |
109 | extraConfig = '' | |
110 | LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedVhost | |
111 | ''; | |
112 | }; | |
113 | }; | |
114 | }; | |
115 | } |