]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/websites/tools/tools/default.nix
projects / perso / Immae / Config / Nix.git / blob
? search:


7a9a125715341923868830f54ede5a1ed6a9d66e
[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix
1 { lib, pkgs, config, ... }:
2 let
3 adminer = pkgs.callPackage ./adminer.nix {
4 inherit (pkgs.webapps) adminer;
5 };
6 ympd = pkgs.callPackage ./ympd.nix {
7 env = config.myEnv.tools.ympd;
8 };
9 ttrss = pkgs.callPackage ./ttrss.nix {
10 inherit (pkgs.webapps) ttrss ttrss-plugins;
11 env = config.myEnv.tools.ttrss;
12 php = pkgs.php72;
13 };
14 kanboard = pkgs.callPackage ./kanboard.nix {
15 env = config.myEnv.tools.kanboard;
16 };
17 wallabag = pkgs.callPackage ./wallabag.nix {
18 wallabag = pkgs.webapps.wallabag.override {
19 composerEnv = pkgs.composerEnv.override {
20 php = pkgs.php73.withExtensions(e: pkgs.php73.enabledExtensions ++ [e.tidy]);
21 };
22 };
23 env = config.myEnv.tools.wallabag;
24 };
25 yourls = pkgs.callPackage ./yourls.nix {
26 inherit (pkgs.webapps) yourls yourls-plugins;
27 env = config.myEnv.tools.yourls;
28 };
29 rompr = pkgs.callPackage ./rompr.nix {
30 inherit (pkgs.webapps) rompr;
31 env = config.myEnv.tools.rompr;
32 };
33 shaarli = pkgs.callPackage ./shaarli.nix {
34 env = config.myEnv.tools.shaarli;
35 };
36 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
37 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
38 };
39 ldap = pkgs.callPackage ./ldap.nix {
40 inherit (pkgs.webapps) phpldapadmin;
41 env = config.myEnv.tools.phpldapadmin;
42 };
43 grocy = pkgs.callPackage ./grocy.nix {
44 grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
45 };
46 phpbb = pkgs.callPackage ./phpbb.nix {
47 phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
48 e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
49 e.empteintesduweb.monitoranswers e.lr94.autosubscribe
50 e.phpbbmodders.adduser ]);
51 };
52 webhooks = pkgs.callPackage ./webhooks.nix {
53 env = config.myEnv.tools.webhooks;
54 };
55 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
56 env = config.myEnv.tools.dmarc_reports;
57 };
58
59 landing = pkgs.callPackage ./landing.nix {};
60
61 cfg = config.myServices.websites.tools.tools;
62 pcfg = config.services.phpfpm.pools;
63 in {
64 options.myServices.websites.tools.tools = {
65 enable = lib.mkEnableOption "enable tools website";
66 };
67
68 config = lib.mkIf cfg.enable {
69 secrets.keys =
70 kanboard.keys
71 ++ ldap.keys
72 ++ shaarli.keys
73 ++ ttrss.keys
74 ++ wallabag.keys
75 ++ yourls.keys
76 ++ dmarc-reports.keys
77 ++ webhooks.keys;
78
79 services.duplyBackup.profiles = {
80 dokuwiki = dokuwiki.backups;
81 grocy = grocy.backups;
82 kanboard = kanboard.backups;
83 rompr = rompr.backups;
84 shaarli = shaarli.backups;
85 ttrss = ttrss.backups;
86 wallabag = wallabag.backups;
87 phpbb = phpbb.backups;
88 };
89
90 services.websites.env.tools.modules =
91 [ "proxy_fcgi" ]
92 ++ adminer.apache.modules
93 ++ ympd.apache.modules
94 ++ ttrss.apache.modules
95 ++ wallabag.apache.modules
96 ++ yourls.apache.modules
97 ++ rompr.apache.modules
98 ++ shaarli.apache.modules
99 ++ dokuwiki.apache.modules
100 ++ dmarc-reports.apache.modules
101 ++ phpbb.apache.modules
102 ++ ldap.apache.modules
103 ++ kanboard.apache.modules;
104
105 services.websites.env.integration.vhostConfs.devtools = {
106 certName = "integration";
107 certMainHost = "devtools.immae.eu";
108 addToCerts = true;
109 hosts = [ "devtools.immae.eu" ];
110 root = "/var/lib/ftp/devtools.immae.eu";
111 extraConfig = [
112 ''
113 Timeout 600
114 ProxyTimeout 600
115 <Directory "/var/lib/ftp/devtools.immae.eu">
116 DirectoryIndex index.php index.htm index.html
117 AllowOverride all
118 Require all granted
119 <FilesMatch "\.php$">
120 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
121 </FilesMatch>
122 </Directory>
123 ''
124 ];
125 };
126
127 services.websites.env.tools.vhostConfs.tools = {
128 certName = "eldiron";
129 addToCerts = true;
130 hosts = ["tools.immae.eu" ];
131 root = landing;
132 extraConfig = [
133 ''
134 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
135 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
136 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
137
138 <Directory "${landing}">
139 DirectoryIndex index.html
140 AllowOverride None
141 Require all granted
142
143 <FilesMatch "\.php$">
144 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
145 </FilesMatch>
146 </Directory>
147 ''
148 (adminer.apache.vhostConf pcfg.adminer.socket)
149 ympd.apache.vhostConf
150 (ttrss.apache.vhostConf pcfg.ttrss.socket)
151 (wallabag.apache.vhostConf pcfg.wallabag.socket)
152 (yourls.apache.vhostConf pcfg.yourls.socket)
153 (rompr.apache.vhostConf pcfg.rompr.socket)
154 (shaarli.apache.vhostConf pcfg.shaarli.socket)
155 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
156 (ldap.apache.vhostConf pcfg.ldap.socket)
157 (kanboard.apache.vhostConf pcfg.kanboard.socket)
158 (grocy.apache.vhostConf pcfg.grocy.socket)
159 (phpbb.apache.vhostConf pcfg.phpbb.socket)
160 (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
161 ''
162 Alias /paste /var/lib/fiche
163 <Directory "/var/lib/fiche">
164 DirectoryIndex index.txt index.html
165 AllowOverride None
166 Require all granted
167 Options -Indexes
168 </Directory>
169
170 Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
171 <Directory "/var/lib/buildbot/outputs/immae/bip39">
172 DirectoryIndex index.html
173 AllowOverride None
174 Require all granted
175 </Directory>
176
177 Alias /webhooks ${config.secrets.location}/webapps/webhooks
178 <Directory "${config.secrets.location}/webapps/webhooks">
179 Options -Indexes
180 Require all granted
181 AllowOverride None
182 <FilesMatch "\.php$">
183 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
184 </FilesMatch>
185 </Directory>
186 ''
187 ];
188 };
189
190 services.websites.env.tools.vhostConfs.outils = {
191 certName = "eldiron";
192 addToCerts = true;
193 hosts = [ "outils.immae.eu" ];
194 root = null;
195 extraConfig = [
196 ''
197 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
198
199 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
200
201 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
202 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
203
204 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
205 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
206 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
207 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
208
209 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
210
211 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
212
213 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
214
215 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
216
217 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
218 ''
219 ];
220 };
221
222 systemd.services = {
223 phpfpm-dokuwiki = {
224 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
225 wants = dokuwiki.phpFpm.serviceDeps;
226 };
227 phpfpm-phpbb = {
228 after = lib.mkAfter phpbb.phpFpm.serviceDeps;
229 wants = phpbb.phpFpm.serviceDeps;
230 };
231 phpfpm-kanboard = {
232 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
233 wants = kanboard.phpFpm.serviceDeps;
234 };
235 phpfpm-ldap = {
236 after = lib.mkAfter ldap.phpFpm.serviceDeps;
237 wants = ldap.phpFpm.serviceDeps;
238 };
239 phpfpm-shaarli = {
240 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
241 wants = shaarli.phpFpm.serviceDeps;
242 };
243 phpfpm-ttrss = {
244 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
245 wants = ttrss.phpFpm.serviceDeps;
246 };
247 phpfpm-wallabag = {
248 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
249 wants = wallabag.phpFpm.serviceDeps;
250 preStart = lib.mkAfter wallabag.phpFpm.preStart;
251 };
252 phpfpm-yourls = {
253 after = lib.mkAfter yourls.phpFpm.serviceDeps;
254 wants = yourls.phpFpm.serviceDeps;
255 };
256 ympd = {
257 description = "Standalone MPD Web GUI written in C";
258 wantedBy = [ "multi-user.target" ];
259 script = ''
260 export MPD_PASSWORD=$(cat /var/secrets/mpd)
261 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
262 '';
263 };
264 tt-rss = {
265 description = "Tiny Tiny RSS feeds update daemon";
266 serviceConfig = {
267 User = "wwwrun";
268 ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
269 StandardOutput = "syslog";
270 StandardError = "syslog";
271 PermissionsStartOnly = true;
272 };
273
274 wantedBy = [ "multi-user.target" ];
275 requires = ["postgresql.service"];
276 after = ["network.target" "postgresql.service"];
277 };
278 };
279
280 services.filesWatcher.ympd = {
281 restart = true;
282 paths = [ "/var/secrets/mpd" ];
283 };
284
285 services.phpfpm.pools = {
286 tools = {
287 user = "wwwrun";
288 group = "wwwrun";
289 settings = {
290 "listen.owner" = "wwwrun";
291 "listen.group" = "wwwrun";
292 "pm" = "dynamic";
293 "pm.max_children" = "60";
294 "pm.start_servers" = "2";
295 "pm.min_spare_servers" = "1";
296 "pm.max_spare_servers" = "10";
297
298 # Needed to avoid clashes in browser cookies (same domain)
299 "php_value[session.name]" = "ToolsPHPSESSID";
300 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
301 "/run/wrappers/bin/sendmail" landing "/tmp"
302 "${config.secrets.location}/webapps/webhooks"
303 ];
304 };
305 phpEnv = {
306 CONTACT_EMAIL = config.myEnv.tools.contact;
307 };
308 phpPackage = pkgs.php72;
309 };
310 devtools = {
311 user = "wwwrun";
312 group = "wwwrun";
313 settings = {
314 "listen.owner" = "wwwrun";
315 "listen.group" = "wwwrun";
316 "pm" = "dynamic";
317 "pm.max_children" = "60";
318 "pm.start_servers" = "2";
319 "pm.min_spare_servers" = "1";
320 "pm.max_spare_servers" = "10";
321
322 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
323 };
324 phpPackage = pkgs.php72.withExtensions(e: pkgs.php72.enabledExtensions ++ [e.mysqli e.redis e.apcu e.opcache ]);
325 };
326 adminer = adminer.phpFpm;
327 ttrss = {
328 user = "wwwrun";
329 group = "wwwrun";
330 settings = ttrss.phpFpm.pool;
331 phpPackage = pkgs.php72;
332 };
333 wallabag = {
334 user = "wwwrun";
335 group = "wwwrun";
336 settings = wallabag.phpFpm.pool;
337 phpPackage = pkgs.php73.withExtensions(e: pkgs.php73.enabledExtensions ++ [e.tidy]);
338 };
339 yourls = {
340 user = "wwwrun";
341 group = "wwwrun";
342 settings = yourls.phpFpm.pool;
343 phpPackage = pkgs.php72;
344 };
345 rompr = {
346 user = "wwwrun";
347 group = "wwwrun";
348 settings = rompr.phpFpm.pool;
349 phpPackage = pkgs.php72;
350 };
351 shaarli = {
352 user = "wwwrun";
353 group = "wwwrun";
354 settings = shaarli.phpFpm.pool;
355 phpPackage = pkgs.php72;
356 };
357 dmarc-reports = {
358 user = "wwwrun";
359 group = "wwwrun";
360 settings = dmarc-reports.phpFpm.pool;
361 phpEnv = dmarc-reports.phpFpm.phpEnv;
362 phpPackage = pkgs.php72;
363 };
364 dokuwiki = {
365 user = "wwwrun";
366 group = "wwwrun";
367 settings = dokuwiki.phpFpm.pool;
368 phpPackage = pkgs.php72;
369 };
370 phpbb = {
371 user = "wwwrun";
372 group = "wwwrun";
373 settings = phpbb.phpFpm.pool;
374 phpPackage = pkgs.php72;
375 };
376 ldap = {
377 user = "wwwrun";
378 group = "wwwrun";
379 settings = ldap.phpFpm.pool;
380 phpPackage = pkgs.php72;
381 };
382 kanboard = {
383 user = "wwwrun";
384 group = "wwwrun";
385 settings = kanboard.phpFpm.pool;
386 phpPackage = pkgs.php72;
387 };
388 grocy = {
389 user = "wwwrun";
390 group = "wwwrun";
391 settings = grocy.phpFpm.pool;
392 phpPackage = pkgs.php72;
393 };
394 };
395
396 system.activationScripts = {
397 adminer = adminer.activationScript;
398 grocy = grocy.activationScript;
399 ttrss = ttrss.activationScript;
400 wallabag = wallabag.activationScript;
401 yourls = yourls.activationScript;
402 rompr = rompr.activationScript;
403 shaarli = shaarli.activationScript;
404 dokuwiki = dokuwiki.activationScript;
405 phpbb = phpbb.activationScript;
406 kanboard = kanboard.activationScript;
407 ldap = ldap.activationScript;
408 };
409
410 services.websites.webappDirs = {
411 _adminer = adminer.webRoot;
412 "${dmarc-reports.apache.webappName}" = dmarc-reports.webRoot;
413 "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
414 "${phpbb.apache.webappName}" = phpbb.webRoot;
415 "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
416 "${rompr.apache.webappName}" = rompr.webRoot;
417 "${shaarli.apache.webappName}" = shaarli.webRoot;
418 "${ttrss.apache.webappName}" = ttrss.webRoot;
419 "${wallabag.apache.webappName}" = wallabag.webRoot;
420 "${yourls.apache.webappName}" = yourls.webRoot;
421 "${kanboard.apache.webappName}" = kanboard.webRoot;
422 "${grocy.apache.webappName}" = grocy.webRoot;
423 };
424
425 services.websites.env.tools.watchPaths = [
426 "/var/secrets/webapps/tools-shaarli"
427 ];
428 services.filesWatcher.phpfpm-wallabag = {
429 restart = true;
430 paths = [ "/var/secrets/webapps/tools-wallabag" ];
431 };
432
433 services.fiche = {
434 enable = true;
435 port = config.myEnv.ports.fiche;
436 domain = "tools.immae.eu/paste";
437 https = true;
438 };
439 };
440 }
441
My infrastructure configuration