1 { lib, pkgs, config, ... }:
3 adminer = pkgs.callPackage ./adminer.nix {
4 inherit (pkgs.webapps) adminer;
6 ympd = pkgs.callPackage ./ympd.nix {
7 env = config.myEnv.tools.ympd;
9 ttrss = pkgs.callPackage ./ttrss.nix {
10 inherit (pkgs.webapps) ttrss ttrss-plugins;
11 env = config.myEnv.tools.ttrss;
14 kanboard = pkgs.callPackage ./kanboard.nix {
15 env = config.myEnv.tools.kanboard;
17 wallabag = pkgs.callPackage ./wallabag.nix {
18 wallabag = pkgs.webapps.wallabag.override {
19 composerEnv = pkgs.composerEnv.override {
20 php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
23 env = config.myEnv.tools.wallabag;
25 yourls = pkgs.callPackage ./yourls.nix {
26 inherit (pkgs.webapps) yourls yourls-plugins;
27 env = config.myEnv.tools.yourls;
29 rompr = pkgs.callPackage ./rompr.nix {
30 inherit (pkgs.webapps) rompr;
31 env = config.myEnv.tools.rompr;
33 shaarli = pkgs.callPackage ./shaarli.nix {
34 env = config.myEnv.tools.shaarli;
36 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
37 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
39 ldap = pkgs.callPackage ./ldap.nix {
40 inherit (pkgs.webapps) phpldapadmin;
41 env = config.myEnv.tools.phpldapadmin;
43 grocy = pkgs.callPackage ./grocy.nix {
44 grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
46 phpbb = pkgs.callPackage ./phpbb.nix {
47 phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
48 e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
49 e.empteintesduweb.monitoranswers e.lr94.autosubscribe
50 e.phpbbmodders.adduser ]);
52 webhooks = pkgs.callPackage ./webhooks.nix {
53 env = config.myEnv.tools.webhooks;
55 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
56 env = config.myEnv.tools.dmarc_reports;
58 csp-reports = pkgs.callPackage ./csp_reports.nix {
59 env = config.myEnv.tools.csp_reports;
62 landing = pkgs.callPackage ./landing.nix {};
64 cfg = config.myServices.websites.tools.tools;
65 pcfg = config.services.phpfpm.pools;
67 options.myServices.websites.tools.tools = {
68 enable = lib.mkEnableOption "enable tools website";
71 config = lib.mkIf cfg.enable {
83 services.duplyBackup.profiles = {
84 dokuwiki = dokuwiki.backups;
85 grocy = grocy.backups;
86 kanboard = kanboard.backups;
87 rompr = rompr.backups;
88 shaarli = shaarli.backups;
89 ttrss = ttrss.backups;
90 wallabag = wallabag.backups;
91 phpbb = phpbb.backups;
94 services.websites.env.tools.modules =
96 ++ adminer.apache.modules
97 ++ ympd.apache.modules
98 ++ ttrss.apache.modules
99 ++ wallabag.apache.modules
100 ++ yourls.apache.modules
101 ++ rompr.apache.modules
102 ++ shaarli.apache.modules
103 ++ dokuwiki.apache.modules
104 ++ dmarc-reports.apache.modules
105 ++ phpbb.apache.modules
106 ++ ldap.apache.modules
107 ++ kanboard.apache.modules;
109 services.websites.env.integration.vhostConfs.devtools = {
110 certName = "integration";
111 certMainHost = "devtools.immae.eu";
113 hosts = [ "devtools.immae.eu" ];
114 root = "/var/lib/ftp/devtools.immae.eu";
119 Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
120 <Directory "/var/lib/ftp/devtools.immae.eu">
121 DirectoryIndex index.php index.htm index.html
124 <FilesMatch "\.php$">
125 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
132 services.websites.env.tools.vhostConfs.tools = {
133 certName = "eldiron";
135 hosts = ["tools.immae.eu" ];
139 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
140 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
141 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
143 <Directory "${landing}">
144 DirectoryIndex index.html
148 <FilesMatch "\.php$">
149 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
153 (adminer.apache.vhostConf pcfg.adminer.socket)
154 ympd.apache.vhostConf
155 (ttrss.apache.vhostConf pcfg.ttrss.socket)
156 (wallabag.apache.vhostConf pcfg.wallabag.socket)
157 (yourls.apache.vhostConf pcfg.yourls.socket)
158 (rompr.apache.vhostConf pcfg.rompr.socket)
159 (shaarli.apache.vhostConf pcfg.shaarli.socket)
160 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
161 (ldap.apache.vhostConf pcfg.ldap.socket)
162 (kanboard.apache.vhostConf pcfg.kanboard.socket)
163 (grocy.apache.vhostConf pcfg.grocy.socket)
164 (phpbb.apache.vhostConf pcfg.phpbb.socket)
165 (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
167 Alias /paste /var/lib/fiche
168 <Directory "/var/lib/fiche">
169 DirectoryIndex index.txt index.html
175 Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
176 <Directory "/var/lib/buildbot/outputs/immae/bip39">
177 DirectoryIndex index.html
182 Alias /webhooks ${config.secrets.location}/webapps/webhooks
183 <Directory "${config.secrets.location}/webapps/webhooks">
187 <FilesMatch "\.php$">
188 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
195 services.websites.env.tools.vhostConfs.outils = {
196 certName = "eldiron";
198 hosts = [ "outils.immae.eu" ];
202 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
204 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
206 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
207 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
209 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
210 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
211 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
212 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
214 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
216 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
218 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
220 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
222 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
229 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
230 wants = dokuwiki.phpFpm.serviceDeps;
233 after = lib.mkAfter phpbb.phpFpm.serviceDeps;
234 wants = phpbb.phpFpm.serviceDeps;
237 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
238 wants = kanboard.phpFpm.serviceDeps;
241 after = lib.mkAfter ldap.phpFpm.serviceDeps;
242 wants = ldap.phpFpm.serviceDeps;
245 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
246 wants = shaarli.phpFpm.serviceDeps;
249 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
250 wants = ttrss.phpFpm.serviceDeps;
253 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
254 wants = wallabag.phpFpm.serviceDeps;
255 preStart = lib.mkAfter wallabag.phpFpm.preStart;
258 after = lib.mkAfter yourls.phpFpm.serviceDeps;
259 wants = yourls.phpFpm.serviceDeps;
262 description = "Standalone MPD Web GUI written in C";
263 wantedBy = [ "multi-user.target" ];
265 export MPD_PASSWORD=$(cat /var/secrets/mpd)
266 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
270 description = "Tiny Tiny RSS feeds update daemon";
273 ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
274 StandardOutput = "syslog";
275 StandardError = "syslog";
276 PermissionsStartOnly = true;
279 wantedBy = [ "multi-user.target" ];
280 requires = ["postgresql.service"];
281 after = ["network.target" "postgresql.service"];
285 services.filesWatcher.ympd = {
287 paths = [ "/var/secrets/mpd" ];
290 services.phpfpm.pools = {
295 "listen.owner" = "wwwrun";
296 "listen.group" = "wwwrun";
298 "pm.max_children" = "60";
299 "pm.start_servers" = "2";
300 "pm.min_spare_servers" = "1";
301 "pm.max_spare_servers" = "10";
303 # Needed to avoid clashes in browser cookies (same domain)
304 "php_value[session.name]" = "ToolsPHPSESSID";
305 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
306 "/run/wrappers/bin/sendmail" landing "/tmp"
307 "${config.secrets.location}/webapps/webhooks"
309 "include" = "${config.secrets.location}/webapps/tools-csp-reports.conf";
312 CONTACT_EMAIL = config.myEnv.tools.contact;
314 phpPackage = pkgs.php72;
320 "listen.owner" = "wwwrun";
321 "listen.group" = "wwwrun";
323 "pm.max_children" = "60";
324 "pm.start_servers" = "2";
325 "pm.min_spare_servers" = "1";
326 "pm.max_spare_servers" = "10";
328 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
330 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
332 adminer = adminer.phpFpm;
336 settings = ttrss.phpFpm.pool;
337 phpPackage = pkgs.php72;
342 settings = wallabag.phpFpm.pool;
343 phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
348 settings = yourls.phpFpm.pool;
349 phpPackage = pkgs.php72;
354 settings = rompr.phpFpm.pool;
355 phpPackage = pkgs.php72;
360 settings = shaarli.phpFpm.pool;
361 phpPackage = pkgs.php72;
366 settings = dmarc-reports.phpFpm.pool;
367 phpEnv = dmarc-reports.phpFpm.phpEnv;
368 phpPackage = pkgs.php72;
373 settings = dokuwiki.phpFpm.pool;
374 phpPackage = pkgs.php72;
379 settings = phpbb.phpFpm.pool;
380 phpPackage = pkgs.php72;
385 settings = ldap.phpFpm.pool;
386 phpPackage = pkgs.php72;
391 settings = kanboard.phpFpm.pool;
392 phpPackage = pkgs.php72;
397 settings = grocy.phpFpm.pool;
398 phpPackage = pkgs.php72;
402 system.activationScripts = {
403 adminer = adminer.activationScript;
404 grocy = grocy.activationScript;
405 ttrss = ttrss.activationScript;
406 wallabag = wallabag.activationScript;
407 yourls = yourls.activationScript;
408 rompr = rompr.activationScript;
409 shaarli = shaarli.activationScript;
410 dokuwiki = dokuwiki.activationScript;
411 phpbb = phpbb.activationScript;
412 kanboard = kanboard.activationScript;
413 ldap = ldap.activationScript;
416 services.websites.webappDirs = {
417 _adminer = adminer.webRoot;
418 "${dmarc-reports.apache.webappName}" = dmarc-reports.webRoot;
419 "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
420 "${phpbb.apache.webappName}" = phpbb.webRoot;
421 "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
422 "${rompr.apache.webappName}" = rompr.webRoot;
423 "${shaarli.apache.webappName}" = shaarli.webRoot;
424 "${ttrss.apache.webappName}" = ttrss.webRoot;
425 "${wallabag.apache.webappName}" = wallabag.webRoot;
426 "${yourls.apache.webappName}" = yourls.webRoot;
427 "${kanboard.apache.webappName}" = kanboard.webRoot;
428 "${grocy.apache.webappName}" = grocy.webRoot;
431 services.websites.env.tools.watchPaths = [
432 "/var/secrets/webapps/tools-shaarli"
434 services.filesWatcher.phpfpm-wallabag = {
436 paths = [ "/var/secrets/webapps/tools-wallabag" ];
441 port = config.myEnv.ports.fiche;
442 domain = "tools.immae.eu/paste";