modules/private/websites/immae/production.nix

   1 { lib, pkgs, config,  ... }:
   2 let
   3   cfg = config.myServices.websites.immae.production;
   4   varDir = "/var/lib/buildbot/outputs/immaeEu";
   5   coursDir = "/var/lib/buildbot/outputs/cours";
   6   rechercheDir = "/var/lib/buildbot/outputs/recherche";
   7   env = config.myEnv.websites.immae;
   8 in {
   9   options.myServices.websites.immae.production.enable = lib.mkEnableOption "enable Immae's website";
  10
  11   config = lib.mkIf cfg.enable {
  12     services.webstats.sites = [ { name = "www.immae.eu"; } ];
  13
  14     services.websites.env.production.vhostConfs.immae = {
  15       certName    = "eldiron";
  16       addToCerts  = true;
  17       hosts       = [ "www.immae.eu" "immae.eu" ];
  18       root        = varDir;
  19       extraConfig = [
  20         ''
  21         Use Stats www.immae.eu
  22
  23         <LocationMatch /.well-known/(webfinger|host-meta)>
  24           Header always set Referrer-Policy "strict-origin-when-cross-origin"
  25           Header always set Strict-Transport-Security "max-age=31536000"
  26           RequestHeader set X-Forwarded-Proto "https"
  27
  28           RewriteRule ^(.*)$ https://mastodon.immae.eu%{REQUEST_URI} [QSA,L]
  29         </LocationMatch>
  30
  31         RewriteEngine On
  32         RewriteCond "%{REQUEST_URI}" "!^/.well-known/(webfinger|host-meta)"
  33         RewriteCond "%{HTTP_HOST}" "!^www\.immae\.eu$" [NC]
  34         RewriteRule ^(.+)$ https://www.immae.eu$1 [R=302,L]
  35
  36         <Directory ${varDir}>
  37           DirectoryIndex index.htm index.html
  38           Options Indexes FollowSymLinks MultiViews Includes
  39           AllowOverride All
  40           Require all granted
  41         </Directory>
  42
  43         Alias /cours ${coursDir}
  44         <Directory ${coursDir}>
  45           DirectoryIndex index.htm index.html
  46           Options Indexes FollowSymLinks MultiViews Includes
  47           AllowOverride All
  48           Require all granted
  49         </Directory>
  50
  51         Alias /recherche ${rechercheDir}
  52         <Directory ${rechercheDir}>
  53           DirectoryIndex index.htm index.html
  54           Options Indexes FollowSymLinks MultiViews Includes
  55           AllowOverride All
  56           Require all granted
  57         </Directory>
  58         ''
  59       ];
  60     };
  61
  62     services.websites.env.production.vhostConfs.immaeFr = {
  63       certName    = "eldiron";
  64       addToCerts  = true;
  65       hosts       = [ "www.immae.fr" "immae.fr" ];
  66       root        = null;
  67       extraConfig = [ ''
  68         RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://www.immae.eu/chapeaux/
  69         '' ];
  70     };
  71
  72     services.websites.env.production.vhostConfs.bouya = {
  73       certName    = "eldiron";
  74       addToCerts  = true;
  75       hosts       = [ "bouya.org" "www.bouya.org" ];
  76       root        = null;
  77       extraConfig = [ ''
  78         RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://www.normalesup.org/~bouya/
  79         '' ];
  80     };
  81   };
  82 }