modules/private/websites/papa/surveillance.nix

   1 { lib, pkgs, config,  ... }:
   2 let
   3   cfg = config.myServices.websites.papa.surveillance;
   4   varDir = "/var/lib/ftp/papa";
   5 in {
   6   options.myServices.websites.papa.surveillance.enable = lib.mkEnableOption "enable Papa surveillance's website";
   7
   8   config = lib.mkIf cfg.enable {
   9     security.acme2.certs."ftp".extraDomains."surveillance.maison.bbc.bouya.org" = null;
  10
  11     services.cron = {
  12       systemCronJobs = let
  13         script = pkgs.writeScript "cleanup-papa" ''
  14           #!${pkgs.stdenv.shell}
  15           d=$(date -d "7 days ago" +%Y%m%d)
  16           for i in /var/lib/ftp/papa/*/20[0-9][0-9][0-9][0-9][0-9][0-9]; do
  17             if [ "$d" -gt $(basename $i) ]; then
  18               rm -rf "$i"
  19             fi
  20           done
  21           '';
  22       in
  23         [
  24         ''
  25           0 6 * * * wwwrun ${script}
  26         ''
  27       ];
  28     };
  29
  30     services.websites.env.production.vhostConfs.papa = {
  31       certName     = "papa";
  32       certMainHost = "surveillance.maison.bbc.bouya.org";
  33       hosts        = [ "surveillance.maison.bbc.bouya.org" ];
  34       root         = varDir;
  35       extraConfig  = [
  36         ''
  37         Use Apaxy "${varDir}" "title .duplicity-ignore"
  38         <Directory ${varDir}>
  39           Use LDAPConnect
  40           Options Indexes
  41           AllowOverride None
  42           Require ldap-group   cn=surveillance.maison.bbc.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
  43         </Directory>
  44           ''
  45       ];
  46     };
  47   };
  48 }
  49