[perso/Immae/Config/Nix.git] / virtual / modules / websites.nix

{ lib, pkgs, config, mylibs, ... }:
let
  cfg = config.services.myWebsites;
in
{
  imports = [
    ./websites/chloe.nix
    ./websites/ludivine.nix
    ./websites/aten.nix
    ./websites/piedsjaloux.nix
    ./websites/connexionswing.nix
  ];

  options.services.myWebsites = {
    production = {
      enable = lib.mkEnableOption "enable websites in production";
    };

    integration = {
      enable = lib.mkEnableOption "enable websites in integration";
    };

    apacheConfig = lib.mkOption {
      type = lib.types.attrsOf (lib.types.submodule {
        options = {
          modules = lib.mkOption {
            type = lib.types.listOf (lib.types.str);
            default = [];
          };
          extraConfig = lib.mkOption {
            type = lib.types.nullOr lib.types.lines;
            default = null;
          };
        };
      });
      default = {};
      description = "Extra global config";
    };

  };

  config = {
    services.myWebsites.Chloe.production.enable = cfg.production.enable;
    services.myWebsites.Ludivine.production.enable = cfg.production.enable;
    services.myWebsites.Aten.production.enable = cfg.production.enable;
    services.myWebsites.PiedsJaloux.production.enable = cfg.production.enable;
    services.myWebsites.Connexionswing.production.enable = cfg.production.enable;

    services.myWebsites.Chloe.integration.enable = cfg.integration.enable;
    services.myWebsites.Ludivine.integration.enable = cfg.integration.enable;
    services.myWebsites.Aten.integration.enable = cfg.integration.enable;
    services.myWebsites.PiedsJaloux.integration.enable = cfg.integration.enable;
    services.myWebsites.Connexionswing.integration.enable = cfg.integration.enable;

    services.myWebsites.apacheConfig = {
      gzip = {
        modules = [ "deflate" "filter" ];
        extraConfig = ''
          AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
        '';
      };
      macros = {
        modules = [ "macro" ];
      };
      ldap = {
        modules = [ "ldap" "authnz_ldap" ];
        # FIXME: starttls
        extraConfig = assert mylibs.checkEnv "NIXOPS_HTTP_LDAP_PASSWORD"; ''
          <IfModule ldap_module>
            LDAPSharedCacheSize 500000
            LDAPCacheEntries 1024
            LDAPCacheTTL 600
            LDAPOpCacheEntries 1024
            LDAPOpCacheTTL 600
          </IfModule>

          <Macro LDAPConnect>
            <IfModule authnz_ldap_module>
              AuthLDAPURL          ldap://ldap.immae.eu:389/dc=immae,dc=eu STARTTLS
              AuthLDAPBindDN       cn=httpd,ou=services,dc=immae,dc=eu
              AuthLDAPBindPassword "${builtins.getEnv "NIXOPS_HTTP_LDAP_PASSWORD"}"
              AuthType             Basic
              AuthName             "Authentification requise (Acces LDAP)"
              AuthBasicProvider    ldap
            </IfModule>
          </Macro>

          <Macro Stats %{domain}>
            Alias /awstats /var/lib/goaccess/%{domain}
            <Directory /var/lib/goaccess/%{domain}>
              DirectoryIndex index.html
              AllowOverride None
              Require all granted
            </Directory>
            <Location /awstats>
              Use LDAPConnect
              Require ldap-group cn=%{domain},ou=stats,cn=httpd,ou=services,dc=immae,dc=eu
            </Location>
          </Macro>
        '';
      };
      http2 = {
        modules = [ "http2" ];
        extraConfig = ''
          Protocols h2 http/1.1
        '';
      };
      customLog = {
        extraConfig = ''
          LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedVhost
        '';
      };
    };
  };
}
Commit	Line	Data
42429ef0 IB	1	{ lib, pkgs, config, mylibs, ... }:
	2	let
	3	cfg = config.services.myWebsites;
	4	in
	5	{
	6	imports = [
	7	./websites/chloe.nix
	8	./websites/ludivine.nix
	9	./websites/aten.nix
	10	./websites/piedsjaloux.nix
	11	./websites/connexionswing.nix
	12	];
	13
	14	options.services.myWebsites = {
	15	production = {
	16	enable = lib.mkEnableOption "enable websites in production";
	17	};
	18
	19	integration = {
	20	enable = lib.mkEnableOption "enable websites in integration";
	21	};
	22
	23	apacheConfig = lib.mkOption {
	24	type = lib.types.attrsOf (lib.types.submodule {
	25	options = {
	26	modules = lib.mkOption {
	27	type = lib.types.listOf (lib.types.str);
	28	default = [];
	29	};
	30	extraConfig = lib.mkOption {
	31	type = lib.types.nullOr lib.types.lines;
	32	default = null;
	33	};
	34	};
	35	});
	36	default = {};
	37	description = "Extra global config";
	38	};
	39
	40	};
	41
	42	config = {
	43	services.myWebsites.Chloe.production.enable = cfg.production.enable;
	44	services.myWebsites.Ludivine.production.enable = cfg.production.enable;
	45	services.myWebsites.Aten.production.enable = cfg.production.enable;
	46	services.myWebsites.PiedsJaloux.production.enable = cfg.production.enable;
	47	services.myWebsites.Connexionswing.production.enable = cfg.production.enable;
	48
	49	services.myWebsites.Chloe.integration.enable = cfg.integration.enable;
	50	services.myWebsites.Ludivine.integration.enable = cfg.integration.enable;
	51	services.myWebsites.Aten.integration.enable = cfg.integration.enable;
	52	services.myWebsites.PiedsJaloux.integration.enable = cfg.integration.enable;
	53	services.myWebsites.Connexionswing.integration.enable = cfg.integration.enable;
	54
	55	services.myWebsites.apacheConfig = {
	56	gzip = {
	57	modules = [ "deflate" "filter" ];
	58	extraConfig = ''
	59	AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
	60	'';
	61	};
	62	macros = {
	63	modules = [ "macro" ];
	64	};
65	ldap = {
66	modules = [ "ldap" "authnz_ldap" ];
67	# FIXME: starttls
68	extraConfig = assert mylibs.checkEnv "NIXOPS_HTTP_LDAP_PASSWORD"; ''
69	<IfModule ldap_module>
70	LDAPSharedCacheSize 500000
71	LDAPCacheEntries 1024
72	LDAPCacheTTL 600
73	LDAPOpCacheEntries 1024
74	LDAPOpCacheTTL 600
75	</IfModule>
76
77	<Macro LDAPConnect>
78	<IfModule authnz_ldap_module>
79	AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu STARTTLS
80	AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu
81	AuthLDAPBindPassword "${builtins.getEnv "NIXOPS_HTTP_LDAP_PASSWORD"}"
82	AuthType Basic
83	AuthName "Authentification requise (Acces LDAP)"
84	AuthBasicProvider ldap
85	</IfModule>
86	</Macro>
87
88	<Macro Stats %{domain}>
89	Alias /awstats /var/lib/goaccess/%{domain}
90	<Directory /var/lib/goaccess/%{domain}>
91	DirectoryIndex index.html
92	AllowOverride None
93	Require all granted
94	</Directory>
95	<Location /awstats>
96	Use LDAPConnect
97	Require ldap-group cn=%{domain},ou=stats,cn=httpd,ou=services,dc=immae,dc=eu
98	</Location>
99	</Macro>
100	'';
101	};
102	http2 = {
103	modules = [ "http2" ];
104	extraConfig = ''
105	Protocols h2 http/1.1
106	'';
107	};
108	customLog = {
109	extraConfig = ''
110	LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedVhost
111	'';
112	};
113	};
114	};
115	}