modules/private/websites/immae/production.nix

   1 { lib, pkgs, config,  ... }:
   2 let
   3   cfg = config.myServices.websites.immae.production;
   4   varDir = "/var/lib/buildbot/outputs/immae/blog";
   5   coursDir = "/var/lib/buildbot/outputs/immae/cours";
   6   rechercheDir = "/var/lib/buildbot/outputs/immae/recherche";
   7   recettesDir = "/var/lib/buildbot/outputs/immae/recettes";
   8   historyDir = "/var/lib/buildbot/outputs/immae/history";
   9   env = config.myEnv.websites.immae;
  10 in {
  11   options.myServices.websites.immae.production.enable = lib.mkEnableOption "enable Immae's website";
  12
  13   config = lib.mkIf cfg.enable {
  14     services.webstats.sites = [ { name = "www.immae.eu"; } ];
  15
  16     services.websites.env.production.vhostConfs.immae_production = {
  17       certName     = "immae";
  18       addToCerts   = true;
  19       certMainHost = "www.immae.eu";
  20       hosts        = [ "www.immae.eu" "immae.eu" ];
  21       root         = varDir;
  22       extraConfig  = [
  23         ''
  24         Use Stats www.immae.eu
  25         Header always set Strict-Transport-Security "max-age=31536000"
  26
  27         <LocationMatch /.well-known/(webfinger|host-meta)>
  28           Header always set Referrer-Policy "strict-origin-when-cross-origin"
  29           RequestHeader set X-Forwarded-Proto "https"
  30
  31           RewriteRule ^(.*)$ https://mastodon.immae.eu%{REQUEST_URI} [QSA,L]
  32         </LocationMatch>
  33
  34         RewriteEngine On
  35         RewriteCond "%{REQUEST_URI}" "!^/.well-known/(webfinger|host-meta)"
  36         RewriteCond "%{HTTP_HOST}" "!^www\.immae\.eu$" [NC]
  37         RewriteRule ^(.+)$ https://www.immae.eu$1 [R=302,L]
  38
  39         <Directory ${varDir}>
  40           DirectoryIndex index.htm index.html
  41           Options Indexes FollowSymLinks MultiViews Includes
  42           AllowOverride All
  43           Require all granted
  44         </Directory>
  45
  46         Alias /.well-known/chatonsinfos ${./chatons}
  47         <Directory ${./chatons}>
  48           Options Indexes FollowSymLinks MultiViews Includes
  49           AllowOverride None
  50           Require all granted
  51         </Directory>
  52
  53         Alias /.well-known/matrix ${./matrix}
  54         <Directory ${./matrix}>
  55           Options Indexes FollowSymLinks MultiViews Includes
  56           AllowOverride None
  57           Require all granted
  58           Header always set Access-Control-Allow-Origin "*"
  59         </Directory>
  60
  61         Alias /cours ${coursDir}
  62         <Directory ${coursDir}>
  63           DirectoryIndex index.htm index.html
  64           Options Indexes FollowSymLinks MultiViews Includes
  65           AllowOverride All
  66           Require all granted
  67         </Directory>
  68
  69         Alias /eurl ${./eurl}
  70         <Directory ${./eurl}>
  71           DirectoryIndex index.htm index.html
  72           Options Indexes FollowSymLinks MultiViews Includes
  73           AllowOverride None
  74           Require all granted
  75         </Directory>
  76
  77         Alias /recherche ${rechercheDir}
  78         <Directory ${rechercheDir}>
  79           DirectoryIndex index.htm index.html
  80           Options Indexes FollowSymLinks MultiViews Includes
  81           AllowOverride All
  82           Require all granted
  83         </Directory>
  84
  85         Alias /recettes ${recettesDir}
  86         <Directory ${recettesDir}>
  87           DirectoryIndex index.htm index.html
  88           Options Indexes FollowSymLinks MultiViews Includes
  89           AllowOverride All
  90           Require all granted
  91         </Directory>
  92
  93         Alias /history ${historyDir}
  94         <Directory ${historyDir}>
  95           DirectoryIndex index.html
  96           AllowOverride None
  97           Require all granted
  98         </Directory>
  99         ''
 100       ];
 101     };
 102
 103     services.websites.env.production.vhostConfs.immae_fr = {
 104       certName    = "immae";
 105       addToCerts  = true;
 106       hosts       = [ "www.immae.fr" "immae.fr" ];
 107       root        = null;
 108       extraConfig = [ ''
 109         RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://www.immae.eu/chapeaux/
 110         '' ];
 111     };
 112
 113     services.websites.env.production.vhostConfs.immae_bouya = {
 114       certName    = "immae";
 115       addToCerts  = true;
 116       hosts       = [ "bouya.org" "www.bouya.org" ];
 117       root        = rechercheDir;
 118       extraConfig = [ ''
 119         <Directory ${rechercheDir}>
 120           DirectoryIndex index.htm index.html
 121           Options Indexes FollowSymLinks MultiViews Includes
 122           AllowOverride All
 123           Require all granted
 124         </Directory>
 125         '' ];
 126     };
 127   };
 128 }