]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/websites/tools/tools/default.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Small adjustments for naemon and web server
[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix
1 { lib, pkgs, config, ... }:
2 let
3 adminer = pkgs.callPackage ./adminer.nix {
4 inherit (pkgs.webapps) adminer;
5 };
6 ympd = pkgs.callPackage ./ympd.nix {
7 env = config.myEnv.tools.ympd;
8 };
9 ttrss = pkgs.callPackage ./ttrss.nix {
10 inherit (pkgs.webapps) ttrss ttrss-plugins;
11 env = config.myEnv.tools.ttrss;
12 php = pkgs.php72;
13 };
14 kanboard = pkgs.callPackage ./kanboard.nix {
15 env = config.myEnv.tools.kanboard;
16 };
17 wallabag = pkgs.callPackage ./wallabag.nix {
18 wallabag = pkgs.webapps.wallabag.override {
19 composerEnv = pkgs.composerEnv.override {
20 php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
21 };
22 };
23 env = config.myEnv.tools.wallabag;
24 };
25 yourls = pkgs.callPackage ./yourls.nix {
26 inherit (pkgs.webapps) yourls yourls-plugins;
27 env = config.myEnv.tools.yourls;
28 };
29 rompr = pkgs.callPackage ./rompr.nix {
30 inherit (pkgs.webapps) rompr;
31 env = config.myEnv.tools.rompr;
32 };
33 shaarli = pkgs.callPackage ./shaarli.nix {
34 env = config.myEnv.tools.shaarli;
35 };
36 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
37 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
38 };
39 ldap = pkgs.callPackage ./ldap.nix {
40 inherit (pkgs.webapps) phpldapadmin;
41 env = config.myEnv.tools.phpldapadmin;
42 };
43 grocy = pkgs.callPackage ./grocy.nix {
44 grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
45 };
46 phpbb = pkgs.callPackage ./phpbb.nix {
47 phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
48 e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
49 e.empteintesduweb.monitoranswers e.lr94.autosubscribe
50 e.phpbbmodders.adduser ]);
51 };
52 webhooks = pkgs.callPackage ./webhooks.nix {
53 env = config.myEnv.tools.webhooks;
54 };
55 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
56 env = config.myEnv.tools.dmarc_reports;
57 };
58 csp-reports = pkgs.callPackage ./csp_reports.nix {
59 env = config.myEnv.tools.csp_reports;
60 };
61
62 landing = pkgs.callPackage ./landing.nix {};
63
64 cfg = config.myServices.websites.tools.tools;
65 pcfg = config.services.phpfpm.pools;
66 in {
67 options.myServices.websites.tools.tools = {
68 enable = lib.mkEnableOption "enable tools website";
69 };
70
71 config = lib.mkIf cfg.enable {
72 secrets.keys =
73 kanboard.keys
74 ++ ldap.keys
75 ++ shaarli.keys
76 ++ ttrss.keys
77 ++ wallabag.keys
78 ++ yourls.keys
79 ++ dmarc-reports.keys
80 ++ csp-reports.keys
81 ++ webhooks.keys;
82
83 services.duplyBackup.profiles = {
84 dokuwiki = dokuwiki.backups;
85 grocy = grocy.backups;
86 kanboard = kanboard.backups;
87 rompr = rompr.backups;
88 shaarli = shaarli.backups;
89 ttrss = ttrss.backups;
90 wallabag = wallabag.backups;
91 phpbb = phpbb.backups;
92 };
93
94 services.websites.env.tools.modules =
95 [ "proxy_fcgi" ]
96 ++ adminer.apache.modules
97 ++ ympd.apache.modules
98 ++ ttrss.apache.modules
99 ++ wallabag.apache.modules
100 ++ yourls.apache.modules
101 ++ rompr.apache.modules
102 ++ shaarli.apache.modules
103 ++ dokuwiki.apache.modules
104 ++ dmarc-reports.apache.modules
105 ++ phpbb.apache.modules
106 ++ ldap.apache.modules
107 ++ kanboard.apache.modules;
108
109 services.websites.env.integration.vhostConfs.devtools = {
110 certName = "integration";
111 certMainHost = "devtools.immae.eu";
112 addToCerts = true;
113 hosts = [ "devtools.immae.eu" ];
114 root = "/var/lib/ftp/devtools.immae.eu";
115 extraConfig = [
116 ''
117 Use Apaxy "/var/lib/ftp/devtools.immae.eu" "title"
118 Timeout 600
119 ProxyTimeout 600
120 Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
121 <Directory "/var/lib/ftp/devtools.immae.eu">
122 DirectoryIndex index.php index.htm index.html
123 AllowOverride all
124 Require all granted
125 <FilesMatch "\.php$">
126 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
127 </FilesMatch>
128 </Directory>
129 ''
130 ];
131 };
132
133 services.websites.env.tools.vhostConfs.tools = {
134 certName = "eldiron";
135 addToCerts = true;
136 hosts = ["tools.immae.eu" ];
137 root = landing;
138 extraConfig = [
139 ''
140 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
141 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
142 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
143
144 <Directory "${landing}">
145 DirectoryIndex index.html
146 AllowOverride None
147 Require all granted
148
149 <FilesMatch "\.php$">
150 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
151 </FilesMatch>
152 </Directory>
153 ''
154 (adminer.apache.vhostConf pcfg.adminer.socket)
155 ympd.apache.vhostConf
156 (ttrss.apache.vhostConf pcfg.ttrss.socket)
157 (wallabag.apache.vhostConf pcfg.wallabag.socket)
158 (yourls.apache.vhostConf pcfg.yourls.socket)
159 (rompr.apache.vhostConf pcfg.rompr.socket)
160 (shaarli.apache.vhostConf pcfg.shaarli.socket)
161 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
162 (ldap.apache.vhostConf pcfg.ldap.socket)
163 (kanboard.apache.vhostConf pcfg.kanboard.socket)
164 (grocy.apache.vhostConf pcfg.grocy.socket)
165 (phpbb.apache.vhostConf pcfg.phpbb.socket)
166 (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
167 ''
168 Alias /paste /var/lib/fiche
169 <Directory "/var/lib/fiche">
170 DirectoryIndex index.txt index.html
171 AllowOverride None
172 Require all granted
173 Options -Indexes
174 </Directory>
175
176 Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
177 <Directory "/var/lib/buildbot/outputs/immae/bip39">
178 DirectoryIndex index.html
179 AllowOverride None
180 Require all granted
181 </Directory>
182
183 Alias /webhooks ${config.secrets.location}/webapps/webhooks
184 <Directory "${config.secrets.location}/webapps/webhooks">
185 Options -Indexes
186 Require all granted
187 AllowOverride None
188 <FilesMatch "\.php$">
189 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
190 </FilesMatch>
191 </Directory>
192 ''
193 ];
194 };
195
196 services.websites.env.tools.vhostConfs.outils = {
197 certName = "eldiron";
198 addToCerts = true;
199 hosts = [ "outils.immae.eu" ];
200 root = null;
201 extraConfig = [
202 ''
203 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
204
205 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
206
207 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
208 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
209
210 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
211 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
212 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
213 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
214
215 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
216
217 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
218
219 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
220
221 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
222
223 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
224 ''
225 ];
226 };
227
228 systemd.services = {
229 phpfpm-dokuwiki = {
230 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
231 wants = dokuwiki.phpFpm.serviceDeps;
232 };
233 phpfpm-phpbb = {
234 after = lib.mkAfter phpbb.phpFpm.serviceDeps;
235 wants = phpbb.phpFpm.serviceDeps;
236 };
237 phpfpm-kanboard = {
238 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
239 wants = kanboard.phpFpm.serviceDeps;
240 };
241 phpfpm-ldap = {
242 after = lib.mkAfter ldap.phpFpm.serviceDeps;
243 wants = ldap.phpFpm.serviceDeps;
244 };
245 phpfpm-shaarli = {
246 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
247 wants = shaarli.phpFpm.serviceDeps;
248 };
249 phpfpm-ttrss = {
250 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
251 wants = ttrss.phpFpm.serviceDeps;
252 };
253 phpfpm-wallabag = {
254 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
255 wants = wallabag.phpFpm.serviceDeps;
256 preStart = lib.mkAfter wallabag.phpFpm.preStart;
257 };
258 phpfpm-yourls = {
259 after = lib.mkAfter yourls.phpFpm.serviceDeps;
260 wants = yourls.phpFpm.serviceDeps;
261 };
262 ympd = {
263 description = "Standalone MPD Web GUI written in C";
264 wantedBy = [ "multi-user.target" ];
265 script = ''
266 export MPD_PASSWORD=$(cat /var/secrets/mpd)
267 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
268 '';
269 };
270 tt-rss = {
271 description = "Tiny Tiny RSS feeds update daemon";
272 serviceConfig = {
273 User = "wwwrun";
274 ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
275 StandardOutput = "syslog";
276 StandardError = "syslog";
277 PermissionsStartOnly = true;
278 };
279
280 wantedBy = [ "multi-user.target" ];
281 requires = ["postgresql.service"];
282 after = ["network.target" "postgresql.service"];
283 };
284 };
285
286 services.filesWatcher.ympd = {
287 restart = true;
288 paths = [ "/var/secrets/mpd" ];
289 };
290
291 services.phpfpm.pools = {
292 tools = {
293 user = "wwwrun";
294 group = "wwwrun";
295 settings = {
296 "listen.owner" = "wwwrun";
297 "listen.group" = "wwwrun";
298 "pm" = "dynamic";
299 "pm.max_children" = "60";
300 "pm.start_servers" = "2";
301 "pm.min_spare_servers" = "1";
302 "pm.max_spare_servers" = "10";
303
304 # Needed to avoid clashes in browser cookies (same domain)
305 "php_value[session.name]" = "ToolsPHPSESSID";
306 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
307 "/run/wrappers/bin/sendmail" landing "/tmp"
308 "${config.secrets.location}/webapps/webhooks"
309 ];
310 "include" = "${config.secrets.location}/webapps/tools-csp-reports.conf";
311 };
312 phpEnv = {
313 CONTACT_EMAIL = config.myEnv.tools.contact;
314 };
315 phpPackage = pkgs.php72;
316 };
317 devtools = {
318 user = "wwwrun";
319 group = "wwwrun";
320 settings = {
321 "listen.owner" = "wwwrun";
322 "listen.group" = "wwwrun";
323 "pm" = "dynamic";
324 "pm.max_children" = "60";
325 "pm.start_servers" = "2";
326 "pm.min_spare_servers" = "1";
327 "pm.max_spare_servers" = "10";
328
329 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
330 };
331 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
332 };
333 adminer = adminer.phpFpm;
334 ttrss = {
335 user = "wwwrun";
336 group = "wwwrun";
337 settings = ttrss.phpFpm.pool;
338 phpPackage = pkgs.php72;
339 };
340 wallabag = {
341 user = "wwwrun";
342 group = "wwwrun";
343 settings = wallabag.phpFpm.pool;
344 phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
345 };
346 yourls = {
347 user = "wwwrun";
348 group = "wwwrun";
349 settings = yourls.phpFpm.pool;
350 phpPackage = pkgs.php72;
351 };
352 rompr = {
353 user = "wwwrun";
354 group = "wwwrun";
355 settings = rompr.phpFpm.pool;
356 phpPackage = pkgs.php72;
357 };
358 shaarli = {
359 user = "wwwrun";
360 group = "wwwrun";
361 settings = shaarli.phpFpm.pool;
362 phpPackage = pkgs.php72;
363 };
364 dmarc-reports = {
365 user = "wwwrun";
366 group = "wwwrun";
367 settings = dmarc-reports.phpFpm.pool;
368 phpEnv = dmarc-reports.phpFpm.phpEnv;
369 phpPackage = pkgs.php72;
370 };
371 dokuwiki = {
372 user = "wwwrun";
373 group = "wwwrun";
374 settings = dokuwiki.phpFpm.pool;
375 phpPackage = pkgs.php72;
376 };
377 phpbb = {
378 user = "wwwrun";
379 group = "wwwrun";
380 settings = phpbb.phpFpm.pool;
381 phpPackage = pkgs.php72;
382 };
383 ldap = {
384 user = "wwwrun";
385 group = "wwwrun";
386 settings = ldap.phpFpm.pool;
387 phpPackage = pkgs.php72;
388 };
389 kanboard = {
390 user = "wwwrun";
391 group = "wwwrun";
392 settings = kanboard.phpFpm.pool;
393 phpPackage = pkgs.php72;
394 };
395 grocy = {
396 user = "wwwrun";
397 group = "wwwrun";
398 settings = grocy.phpFpm.pool;
399 phpPackage = pkgs.php72;
400 };
401 };
402
403 system.activationScripts = {
404 adminer = adminer.activationScript;
405 grocy = grocy.activationScript;
406 ttrss = ttrss.activationScript;
407 wallabag = wallabag.activationScript;
408 yourls = yourls.activationScript;
409 rompr = rompr.activationScript;
410 shaarli = shaarli.activationScript;
411 dokuwiki = dokuwiki.activationScript;
412 phpbb = phpbb.activationScript;
413 kanboard = kanboard.activationScript;
414 ldap = ldap.activationScript;
415 };
416
417 services.websites.webappDirs = {
418 _adminer = adminer.webRoot;
419 "${dmarc-reports.apache.webappName}" = dmarc-reports.webRoot;
420 "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
421 "${phpbb.apache.webappName}" = phpbb.webRoot;
422 "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
423 "${rompr.apache.webappName}" = rompr.webRoot;
424 "${shaarli.apache.webappName}" = shaarli.webRoot;
425 "${ttrss.apache.webappName}" = ttrss.webRoot;
426 "${wallabag.apache.webappName}" = wallabag.webRoot;
427 "${yourls.apache.webappName}" = yourls.webRoot;
428 "${kanboard.apache.webappName}" = kanboard.webRoot;
429 "${grocy.apache.webappName}" = grocy.webRoot;
430 };
431
432 services.websites.env.tools.watchPaths = [
433 "/var/secrets/webapps/tools-shaarli"
434 ];
435 services.filesWatcher.phpfpm-wallabag = {
436 restart = true;
437 paths = [ "/var/secrets/webapps/tools-wallabag" ];
438 };
439
440 services.fiche = {
441 enable = true;
442 port = config.myEnv.ports.fiche;
443 domain = "tools.immae.eu/paste";
444 https = true;
445 };
446 };
447 }
448
My infrastructure configuration