]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/websites/tools/tools/default.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Upgrade nixos
[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix
1 { lib, pkgs, config, ... }:
2 let
3 adminer = pkgs.callPackage ./adminer.nix {
4 inherit (pkgs.webapps) adminer;
5 };
6 ympd = pkgs.callPackage ./ympd.nix {
7 env = config.myEnv.tools.ympd;
8 };
9 ttrss = pkgs.callPackage ./ttrss.nix {
10 inherit (pkgs.webapps) ttrss ttrss-plugins;
11 env = config.myEnv.tools.ttrss;
12 };
13 kanboard = pkgs.callPackage ./kanboard.nix {
14 env = config.myEnv.tools.kanboard;
15 };
16 wallabag = pkgs.callPackage ./wallabag.nix {
17 inherit (pkgs.webapps) wallabag;
18 env = config.myEnv.tools.wallabag;
19 };
20 yourls = pkgs.callPackage ./yourls.nix {
21 inherit (pkgs.webapps) yourls yourls-plugins;
22 env = config.myEnv.tools.yourls;
23 };
24 rompr = pkgs.callPackage ./rompr.nix {
25 inherit (pkgs.webapps) rompr;
26 env = config.myEnv.tools.rompr;
27 };
28 shaarli = pkgs.callPackage ./shaarli.nix {
29 env = config.myEnv.tools.shaarli;
30 };
31 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
32 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
33 };
34 ldap = pkgs.callPackage ./ldap.nix {
35 inherit (pkgs.webapps) phpldapadmin;
36 env = config.myEnv.tools.phpldapadmin;
37 };
38 grocy = pkgs.callPackage ./grocy.nix {
39 inherit (pkgs.webapps) grocy;
40 };
41
42 cfg = config.myServices.websites.tools.tools;
43 pcfg = config.services.phpfpm.pools;
44 in {
45 options.myServices.websites.tools.tools = {
46 enable = lib.mkEnableOption "enable tools website";
47 };
48
49 config = lib.mkIf cfg.enable {
50 secrets.keys =
51 kanboard.keys
52 ++ ldap.keys
53 ++ shaarli.keys
54 ++ ttrss.keys
55 ++ wallabag.keys
56 ++ yourls.keys;
57
58 services.duplyBackup.profiles = {
59 dokuwiki = dokuwiki.backups;
60 grocy = grocy.backups;
61 kanboard = kanboard.backups;
62 rompr = rompr.backups;
63 shaarli = shaarli.backups;
64 ttrss = ttrss.backups;
65 wallabag = wallabag.backups;
66 };
67
68 services.websites.env.tools.modules =
69 [ "proxy_fcgi" ]
70 ++ adminer.apache.modules
71 ++ ympd.apache.modules
72 ++ ttrss.apache.modules
73 ++ wallabag.apache.modules
74 ++ yourls.apache.modules
75 ++ rompr.apache.modules
76 ++ shaarli.apache.modules
77 ++ dokuwiki.apache.modules
78 ++ ldap.apache.modules
79 ++ kanboard.apache.modules;
80
81 services.websites.env.integration.vhostConfs.devtools = {
82 certName = "integration";
83 certMainHost = "devtools.immae.eu";
84 addToCerts = true;
85 hosts = [ "devtools.immae.eu" ];
86 root = "/var/lib/ftp/devtools.immae.eu";
87 extraConfig = [
88 ''
89 Timeout 600
90 ProxyTimeout 600
91 <Directory "/var/lib/ftp/devtools.immae.eu">
92 DirectoryIndex index.php index.htm index.html
93 AllowOverride all
94 Require all granted
95 <FilesMatch "\.php$">
96 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
97 </FilesMatch>
98 </Directory>
99 ''
100 ];
101 };
102
103 services.websites.env.tools.vhostConfs.tools = {
104 certName = "eldiron";
105 addToCerts = true;
106 hosts = ["tools.immae.eu" ];
107 root = "/var/lib/ftp/tools.immae.eu";
108 extraConfig = [
109 ''
110 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
111 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
112 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
113
114 <Directory "/var/lib/ftp/tools.immae.eu">
115 DirectoryIndex index.php index.htm index.html
116 AllowOverride all
117 Require all granted
118 <FilesMatch "\.php$">
119 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
120 </FilesMatch>
121 </Directory>
122 ''
123 (adminer.apache.vhostConf pcfg.adminer.socket)
124 ympd.apache.vhostConf
125 (ttrss.apache.vhostConf pcfg.ttrss.socket)
126 (wallabag.apache.vhostConf pcfg.wallabag.socket)
127 (yourls.apache.vhostConf pcfg.yourls.socket)
128 (rompr.apache.vhostConf pcfg.rompr.socket)
129 (shaarli.apache.vhostConf pcfg.shaarli.socket)
130 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
131 (ldap.apache.vhostConf pcfg.ldap.socket)
132 (kanboard.apache.vhostConf pcfg.kanboard.socket)
133 (grocy.apache.vhostConf pcfg.grocy.socket)
134 ];
135 };
136
137 services.websites.env.tools.vhostConfs.outils = {
138 certName = "eldiron";
139 addToCerts = true;
140 hosts = [ "outils.immae.eu" ];
141 root = null;
142 extraConfig = [
143 ''
144 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
145
146 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
147
148 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
149 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
150
151 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
152 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
153 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
154 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
155
156 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
157
158 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
159
160 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
161
162 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
163
164 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
165 ''
166 ];
167 };
168
169 systemd.services = {
170 phpfpm-dokuwiki = {
171 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
172 wants = dokuwiki.phpFpm.serviceDeps;
173 };
174 phpfpm-kanboard = {
175 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
176 wants = kanboard.phpFpm.serviceDeps;
177 };
178 phpfpm-ldap = {
179 after = lib.mkAfter ldap.phpFpm.serviceDeps;
180 wants = ldap.phpFpm.serviceDeps;
181 };
182 phpfpm-shaarli = {
183 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
184 wants = shaarli.phpFpm.serviceDeps;
185 };
186 phpfpm-ttrss = {
187 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
188 wants = ttrss.phpFpm.serviceDeps;
189 };
190 phpfpm-wallabag = {
191 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
192 wants = wallabag.phpFpm.serviceDeps;
193 preStart = lib.mkAfter wallabag.phpFpm.preStart;
194 };
195 phpfpm-yourls = {
196 after = lib.mkAfter yourls.phpFpm.serviceDeps;
197 wants = yourls.phpFpm.serviceDeps;
198 };
199 ympd = {
200 description = "Standalone MPD Web GUI written in C";
201 wantedBy = [ "multi-user.target" ];
202 script = ''
203 export MPD_PASSWORD=$(cat /var/secrets/mpd)
204 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
205 '';
206 };
207 tt-rss = {
208 description = "Tiny Tiny RSS feeds update daemon";
209 serviceConfig = {
210 User = "wwwrun";
211 ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
212 StandardOutput = "syslog";
213 StandardError = "syslog";
214 PermissionsStartOnly = true;
215 };
216
217 wantedBy = [ "multi-user.target" ];
218 requires = ["postgresql.service"];
219 after = ["network.target" "postgresql.service"];
220 };
221 };
222
223 services.filesWatcher.ympd = {
224 restart = true;
225 paths = [ "/var/secrets/mpd" ];
226 };
227
228 services.phpfpm.pools = {
229 tools = {
230 user = "wwwrun";
231 group = "wwwrun";
232 settings = {
233 "listen.owner" = "wwwrun";
234 "listen.group" = "wwwrun";
235 "pm" = "dynamic";
236 "pm.max_children" = "60";
237 "pm.start_servers" = "2";
238 "pm.min_spare_servers" = "1";
239 "pm.max_spare_servers" = "10";
240
241 # Needed to avoid clashes in browser cookies (same domain)
242 "php_value[session.name]" = "ToolsPHPSESSID";
243 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp";
244 };
245 };
246 devtools = {
247 user = "wwwrun";
248 group = "wwwrun";
249 settings = {
250 "listen.owner" = "wwwrun";
251 "listen.group" = "wwwrun";
252 "pm" = "dynamic";
253 "pm.max_children" = "60";
254 "pm.start_servers" = "2";
255 "pm.min_spare_servers" = "1";
256 "pm.max_spare_servers" = "10";
257
258 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
259 };
260 phpOptions = config.services.phpfpm.phpOptions + ''
261 extension=${pkgs.php}/lib/php/extensions/mysqli.so
262 extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
263 extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
264 zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
265 '';
266 };
267 adminer = adminer.phpFpm;
268 ttrss = {
269 user = "wwwrun";
270 group = "wwwrun";
271 settings = ttrss.phpFpm.pool;
272 };
273 wallabag = {
274 user = "wwwrun";
275 group = "wwwrun";
276 settings = wallabag.phpFpm.pool;
277 };
278 yourls = {
279 user = "wwwrun";
280 group = "wwwrun";
281 settings = yourls.phpFpm.pool;
282 };
283 rompr = {
284 user = "wwwrun";
285 group = "wwwrun";
286 settings = rompr.phpFpm.pool;
287 };
288 shaarli = {
289 user = "wwwrun";
290 group = "wwwrun";
291 settings = shaarli.phpFpm.pool;
292 };
293 dokuwiki = {
294 user = "wwwrun";
295 group = "wwwrun";
296 settings = dokuwiki.phpFpm.pool;
297 };
298 ldap = {
299 user = "wwwrun";
300 group = "wwwrun";
301 settings = ldap.phpFpm.pool;
302 };
303 kanboard = {
304 user = "wwwrun";
305 group = "wwwrun";
306 settings = kanboard.phpFpm.pool;
307 };
308 grocy = {
309 user = "wwwrun";
310 group = "wwwrun";
311 settings = grocy.phpFpm.pool;
312 };
313 };
314
315 system.activationScripts = {
316 adminer = adminer.activationScript;
317 grocy = grocy.activationScript;
318 ttrss = ttrss.activationScript;
319 wallabag = wallabag.activationScript;
320 yourls = yourls.activationScript;
321 rompr = rompr.activationScript;
322 shaarli = shaarli.activationScript;
323 dokuwiki = dokuwiki.activationScript;
324 kanboard = kanboard.activationScript;
325 ldap = ldap.activationScript;
326 };
327
328 myServices.websites.webappDirs = {
329 _adminer = adminer.webRoot;
330 "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
331 "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
332 "${rompr.apache.webappName}" = rompr.webRoot;
333 "${shaarli.apache.webappName}" = shaarli.webRoot;
334 "${ttrss.apache.webappName}" = ttrss.webRoot;
335 "${wallabag.apache.webappName}" = wallabag.webRoot;
336 "${yourls.apache.webappName}" = yourls.webRoot;
337 "${kanboard.apache.webappName}" = kanboard.webRoot;
338 "${grocy.apache.webappName}" = grocy.webRoot;
339 };
340
341 services.websites.env.tools.watchPaths = [
342 "/var/secrets/webapps/tools-shaarli"
343 ];
344 services.filesWatcher.phpfpm-wallabag = {
345 restart = true;
346 paths = [ "/var/secrets/webapps/tools-wallabag" ];
347 };
348 };
349 }
350
My infrastructure configuration