Remove duply-backup

[perso/Immae/Config/Nix.git] / modules / private / websites / immae / temp.nix

{ lib, pkgs, config,  ... }:
let
  cfg = config.myServices.websites.immae.temp;
  varDir = "/var/lib/immae_temp";
  env = config.myEnv.websites.immae.temp;
in {
  options.myServices.websites.immae.temp.enable = lib.mkEnableOption "enable Temp' website";

  config = lib.mkIf cfg.enable {
    services.websites.env.production.vhostConfs.immae_temp = {
      certName    = "immae";
      addToCerts  = true;
      hosts       = [ "temp.immae.eu" ];
      root        = null;
      extraConfig = [ ''
        ProxyVia On
        ProxyRequests Off
        ProxyPreserveHost On
        ProxyPass         / unix:///run/surfer/listen.sock|http://temp.immae.eu/
        ProxyPassReverse  / unix:///run/surfer/listen.sock|http://temp.immae.eu/
        <Proxy *>
          Options FollowSymLinks MultiViews
          AllowOverride None
          Require all granted
        </Proxy>
      '' ];
    };

    secrets.keys."webapps/surfer" = {
      permissions = "0400";
      user = "wwwrun";
      group = "wwwrun";
      text = ''
        CLOUDRON_LDAP_URL=ldaps://${env.ldap.host}
        CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
        TOKENSTORE_FILE=/var/lib/surfer/tokens.json
        CLOUDRON_LDAP_BIND_DN=${env.ldap.dn}
        CLOUDRON_LDAP_BIND_PASSWORD=${env.ldap.password}
        CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
        CLOUDRON_LDAP_FILTER="${env.ldap.filter}"
        LISTEN=/run/surfer/listen.sock
      '';
    };

    systemd.services.surfer = {
      description = "Surfer";
      wantedBy = [ "multi-user.target" ];
      after = [ "network.target" ];

      script = ''
        exec ${pkgs.webapps.surfer}/bin/surfer-server ${varDir}
      '';
      serviceConfig = {
        EnvironmentFile = config.secrets.fullPaths."webapps/surfer";
        User = "wwwrun";
        Group = "wwwrun";
        StateDirectory = "surfer";
        RuntimeDirectory = "surfer";
        Type = "simple";
      };
    };
  };
}