modules/private/websites/papa/surveillance.nix

   1 { lib, pkgs, config,  ... }:
   2 let
   3   cfg = config.myServices.websites.papa.surveillance;
   4   varDir = "/var/lib/ftp/papa";
   5   apacheUser = config.services.httpd.Prod.user;
   6 in {
   7   options.myServices.websites.papa.surveillance.enable = lib.mkEnableOption "enable Papa surveillance's website";
   8
   9   config = lib.mkIf cfg.enable {
  10     security.acme.certs."ftp".extraDomains."surveillance.maison.bbc.bouya.org" = null;
  11
  12     services.cron = {
  13       systemCronJobs = let
  14         script = pkgs.writeScript "cleanup-papa" ''
  15           #!${pkgs.stdenv.shell}
  16           d=$(date -d "7 days ago" +%Y%m%d)
  17           for i in /var/lib/ftp/papa/*/20[0-9][0-9][0-9][0-9][0-9][0-9]; do
  18             if [ "$d" -gt $(basename $i) ]; then
  19               rm -rf "$i"
  20             fi
  21           done
  22           '';
  23       in
  24         [
  25         ''
  26           0 6 * * * ${apacheUser} ${script}
  27         ''
  28       ];
  29     };
  30
  31     services.websites.env.production.vhostConfs.papa_surveillance = {
  32       certName     = "papa";
  33       certMainHost = "surveillance.maison.bbc.bouya.org";
  34       hosts        = [ "surveillance.maison.bbc.bouya.org" ];
  35       root         = varDir;
  36       extraConfig  = [
  37         ''
  38         Use Apaxy "${varDir}" "title .duplicity-ignore"
  39         <Directory ${varDir}>
  40           Use LDAPConnect
  41           Options Indexes
  42           AllowOverride None
  43           Require ldap-group   cn=surveillance.maison.bbc.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
  44         </Directory>
  45           ''
  46       ];
  47     };
  48   };
  49 }
  50