]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/websites/tools/tools/default.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Remove duply-backup
[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix
1 { lib, pkgs, config, ... }:
2 let
3 flakeCompat = import ../../../../../lib/flake-compat.nix;
4
5 adminer = pkgs.callPackage ./adminer.nix {};
6 ympd = pkgs.callPackage ./ympd.nix {
7 env = config.myEnv.tools.ympd;
8 };
9 ttrss = pkgs.callPackage ./ttrss.nix {
10 inherit (pkgs.webapps) ttrss ttrss-plugins;
11 env = config.myEnv.tools.ttrss;
12 php = pkgs.php72;
13 inherit config;
14 };
15 kanboard = pkgs.callPackage ./kanboard.nix {
16 inherit config;
17 env = config.myEnv.tools.kanboard;
18 };
19 wallabag = pkgs.callPackage ./wallabag.nix {
20 wallabag = pkgs.webapps.wallabag.override {
21 composerEnv = pkgs.composerEnv.override {
22 php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
23 };
24 };
25 env = config.myEnv.tools.wallabag;
26 inherit config;
27 };
28 yourls = pkgs.callPackage ./yourls.nix {
29 inherit (pkgs.webapps) yourls yourls-plugins;
30 env = config.myEnv.tools.yourls;
31 inherit config;
32 };
33 rompr = pkgs.callPackage ./rompr.nix {
34 inherit (pkgs.webapps) rompr;
35 env = config.myEnv.tools.rompr;
36 };
37 shaarli = pkgs.callPackage ./shaarli.nix {
38 env = config.myEnv.tools.shaarli;
39 inherit config;
40 };
41 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
42 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
43 };
44 ldap = pkgs.callPackage ./ldap.nix {
45 inherit (pkgs.webapps) phpldapadmin;
46 env = config.myEnv.tools.phpldapadmin;
47 inherit config;
48 };
49 grocy = pkgs.callPackage ./grocy.nix {
50 grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
51 };
52 phpbb = pkgs.callPackage ./phpbb.nix {
53 phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
54 e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
55 e.empteintesduweb.monitoranswers e.lr94.autosubscribe
56 e.phpbbmodders.adduser ]);
57 };
58 webhooks = pkgs.callPackage ./webhooks.nix {
59 env = config.myEnv.tools.webhooks;
60 };
61 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
62 env = config.myEnv.tools.dmarc_reports;
63 inherit config;
64 };
65 csp-reports = pkgs.callPackage ./csp_reports.nix {
66 env = config.myEnv.tools.csp_reports;
67 };
68
69 landing = pkgs.callPackage ./landing.nix {};
70
71 cfg = config.myServices.websites.tools.tools;
72 pcfg = config.services.phpfpm.pools;
73 in {
74 imports =
75 builtins.attrValues (flakeCompat ../../../../../flakes/private/paste).nixosModules;
76
77 options.myServices.websites.tools.tools = {
78 enable = lib.mkEnableOption "enable tools website";
79 };
80
81 config = lib.mkIf cfg.enable {
82 secrets.keys =
83 kanboard.keys
84 // ldap.keys
85 // shaarli.keys
86 // ttrss.keys
87 // wallabag.keys
88 // yourls.keys
89 // dmarc-reports.keys
90 // csp-reports.keys
91 // webhooks.keys;
92
93 services.websites.env.tools.modules =
94 [ "proxy_fcgi" ]
95 ++ adminer.apache.modules
96 ++ ympd.apache.modules
97 ++ ttrss.apache.modules
98 ++ wallabag.apache.modules
99 ++ yourls.apache.modules
100 ++ rompr.apache.modules
101 ++ shaarli.apache.modules
102 ++ dokuwiki.apache.modules
103 ++ dmarc-reports.apache.modules
104 ++ phpbb.apache.modules
105 ++ ldap.apache.modules
106 ++ kanboard.apache.modules;
107
108 services.websites.env.integration.vhostConfs.devtools = {
109 certName = "integration";
110 certMainHost = "devtools.immae.eu";
111 addToCerts = true;
112 hosts = [ "devtools.immae.eu" ];
113 root = "/var/lib/ftp/immae/devtools";
114 extraConfig = [
115 ''
116 Use Apaxy "/var/lib/ftp/immae/devtools" "title"
117 Timeout 600
118 ProxyTimeout 600
119 Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
120 <Directory "/var/lib/ftp/immae/devtools">
121 DirectoryIndex index.php index.htm index.html
122 AllowOverride all
123 Require all granted
124 <FilesMatch "\.php$">
125 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
126 </FilesMatch>
127 </Directory>
128 ''
129 ];
130 };
131
132 services.websites.env.tools.vhostConfs.tools = {
133 certName = "eldiron";
134 addToCerts = true;
135 hosts = ["tools.immae.eu" ];
136 root = landing;
137 extraConfig = [
138 ''
139 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
140 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
141 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
142
143 <Directory "${landing}">
144 DirectoryIndex index.html
145 AllowOverride None
146 Require all granted
147
148 <FilesMatch "\.php$">
149 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
150 </FilesMatch>
151 </Directory>
152 ''
153 (adminer.apache.vhostConf pcfg.adminer.socket)
154 ympd.apache.vhostConf
155 (ttrss.apache.vhostConf pcfg.ttrss.socket)
156 (wallabag.apache.vhostConf pcfg.wallabag.socket)
157 (yourls.apache.vhostConf pcfg.yourls.socket)
158 (rompr.apache.vhostConf pcfg.rompr.socket)
159 (shaarli.apache.vhostConf pcfg.shaarli.socket)
160 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
161 (ldap.apache.vhostConf pcfg.ldap.socket)
162 (kanboard.apache.vhostConf pcfg.kanboard.socket)
163 (grocy.apache.vhostConf pcfg.grocy.socket)
164 (phpbb.apache.vhostConf pcfg.phpbb.socket)
165 (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
166 ''
167 <Location "/paste/">
168 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
169 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
170 ProxyPreserveHost on
171 </Location>
172 <Location "/paste">
173 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
174 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
175 ProxyPreserveHost on
176 </Location>
177
178 Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
179 <Directory "/var/lib/buildbot/outputs/immae/bip39">
180 DirectoryIndex index.html
181 AllowOverride None
182 Require all granted
183 </Directory>
184
185 Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
186 <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
187 Options -Indexes
188 Require all granted
189 AllowOverride None
190 <FilesMatch "\.php$">
191 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
192 </FilesMatch>
193 </Directory>
194 ''
195 ];
196 };
197
198 services.websites.env.tools.vhostConfs.outils = {
199 certName = "eldiron";
200 addToCerts = true;
201 hosts = [ "outils.immae.eu" ];
202 root = null;
203 extraConfig = [
204 ''
205 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
206
207 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
208
209 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
210 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
211
212 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
213 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
214 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
215 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
216
217 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
218
219 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
220
221 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
222
223 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
224
225 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
226 ''
227 ];
228 };
229
230 systemd.services = {
231 phpfpm-dokuwiki = {
232 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
233 wants = dokuwiki.phpFpm.serviceDeps;
234 };
235 phpfpm-phpbb = {
236 after = lib.mkAfter phpbb.phpFpm.serviceDeps;
237 wants = phpbb.phpFpm.serviceDeps;
238 };
239 phpfpm-kanboard = {
240 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
241 wants = kanboard.phpFpm.serviceDeps;
242 };
243 phpfpm-ldap = {
244 after = lib.mkAfter ldap.phpFpm.serviceDeps;
245 wants = ldap.phpFpm.serviceDeps;
246 };
247 phpfpm-shaarli = {
248 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
249 wants = shaarli.phpFpm.serviceDeps;
250 };
251 phpfpm-ttrss = {
252 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
253 wants = ttrss.phpFpm.serviceDeps;
254 };
255 phpfpm-wallabag = {
256 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
257 wants = wallabag.phpFpm.serviceDeps;
258 preStart = lib.mkAfter wallabag.phpFpm.preStart;
259 };
260 phpfpm-yourls = {
261 after = lib.mkAfter yourls.phpFpm.serviceDeps;
262 wants = yourls.phpFpm.serviceDeps;
263 };
264 ympd = {
265 description = "Standalone MPD Web GUI written in C";
266 wantedBy = [ "multi-user.target" ];
267 script = ''
268 export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
269 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
270 '';
271 };
272 tt-rss = {
273 description = "Tiny Tiny RSS feeds update daemon";
274 serviceConfig = {
275 User = "wwwrun";
276 ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
277 StandardOutput = "syslog";
278 StandardError = "syslog";
279 PermissionsStartOnly = true;
280 };
281
282 wantedBy = [ "multi-user.target" ];
283 requires = ["postgresql.service"];
284 after = ["network.target" "postgresql.service"];
285 };
286 };
287
288 services.filesWatcher.ympd = {
289 restart = true;
290 paths = [ config.secrets.fullPaths."mpd" ];
291 };
292
293 services.phpfpm.pools = {
294 tools = {
295 user = "wwwrun";
296 group = "wwwrun";
297 settings = {
298 "listen.owner" = "wwwrun";
299 "listen.group" = "wwwrun";
300 "pm" = "dynamic";
301 "pm.max_children" = "60";
302 "pm.start_servers" = "2";
303 "pm.min_spare_servers" = "1";
304 "pm.max_spare_servers" = "10";
305
306 # Needed to avoid clashes in browser cookies (same domain)
307 "php_value[session.name]" = "ToolsPHPSESSID";
308 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
309 "/run/wrappers/bin/sendmail" landing "/tmp"
310 config.secrets.fullPaths."webapps/webhooks"
311 ];
312 "include" = config.secrets.fullPaths."webapps/tools-csp-reports.conf";
313 };
314 phpEnv = {
315 CONTACT_EMAIL = config.myEnv.tools.contact;
316 };
317 phpPackage = pkgs.php72;
318 };
319 devtools = {
320 user = "wwwrun";
321 group = "wwwrun";
322 settings = {
323 "listen.owner" = "wwwrun";
324 "listen.group" = "wwwrun";
325 "pm" = "dynamic";
326 "pm.max_children" = "60";
327 "pm.start_servers" = "2";
328 "pm.min_spare_servers" = "1";
329 "pm.max_spare_servers" = "10";
330
331 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
332 };
333 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
334 };
335 adminer = adminer.phpFpm;
336 ttrss = {
337 user = "wwwrun";
338 group = "wwwrun";
339 settings = ttrss.phpFpm.pool;
340 phpPackage = pkgs.php72;
341 };
342 wallabag = {
343 user = "wwwrun";
344 group = "wwwrun";
345 settings = wallabag.phpFpm.pool;
346 phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
347 };
348 yourls = {
349 user = "wwwrun";
350 group = "wwwrun";
351 settings = yourls.phpFpm.pool;
352 phpPackage = pkgs.php72;
353 };
354 rompr = {
355 user = "wwwrun";
356 group = "wwwrun";
357 settings = rompr.phpFpm.pool;
358 phpPackage = pkgs.php72;
359 };
360 shaarli = {
361 user = "wwwrun";
362 group = "wwwrun";
363 settings = shaarli.phpFpm.pool;
364 phpPackage = pkgs.php72;
365 };
366 dmarc-reports = {
367 user = "wwwrun";
368 group = "wwwrun";
369 settings = dmarc-reports.phpFpm.pool;
370 phpEnv = dmarc-reports.phpFpm.phpEnv;
371 phpPackage = pkgs.php72;
372 };
373 dokuwiki = {
374 user = "wwwrun";
375 group = "wwwrun";
376 settings = dokuwiki.phpFpm.pool;
377 phpPackage = pkgs.php72;
378 };
379 phpbb = {
380 user = "wwwrun";
381 group = "wwwrun";
382 settings = phpbb.phpFpm.pool;
383 phpPackage = pkgs.php72;
384 };
385 ldap = {
386 user = "wwwrun";
387 group = "wwwrun";
388 settings = ldap.phpFpm.pool;
389 phpPackage = pkgs.php72;
390 };
391 kanboard = {
392 user = "wwwrun";
393 group = "wwwrun";
394 settings = kanboard.phpFpm.pool;
395 phpPackage = pkgs.php72;
396 };
397 grocy = {
398 user = "wwwrun";
399 group = "wwwrun";
400 settings = grocy.phpFpm.pool;
401 phpPackage = pkgs.php72;
402 };
403 };
404
405 system.activationScripts = {
406 adminer = adminer.activationScript;
407 grocy = grocy.activationScript;
408 ttrss = ttrss.activationScript;
409 wallabag = wallabag.activationScript;
410 yourls = yourls.activationScript;
411 rompr = rompr.activationScript;
412 shaarli = shaarli.activationScript;
413 dokuwiki = dokuwiki.activationScript;
414 phpbb = phpbb.activationScript;
415 kanboard = kanboard.activationScript;
416 ldap = ldap.activationScript;
417 };
418
419 services.websites.env.tools.watchPaths = [
420 config.secrets.fullPaths."webapps/tools-shaarli"
421 ];
422 services.filesWatcher.phpfpm-wallabag = {
423 restart = true;
424 paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
425 };
426
427 };
428 }
429
My infrastructure configuration