]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/websites/tools/tools/default.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Move devtools to other place
[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix
1 { lib, pkgs, config, ... }:
2 let
3 flakeCompat = import ../../../../../lib/flake-compat.nix;
4
5 adminer = pkgs.callPackage ./adminer.nix {};
6 ympd = pkgs.callPackage ./ympd.nix {
7 env = config.myEnv.tools.ympd;
8 };
9 ttrss = pkgs.callPackage ./ttrss.nix {
10 inherit (pkgs.webapps) ttrss ttrss-plugins;
11 env = config.myEnv.tools.ttrss;
12 php = pkgs.php72;
13 inherit config;
14 };
15 kanboard = pkgs.callPackage ./kanboard.nix {
16 inherit config;
17 env = config.myEnv.tools.kanboard;
18 };
19 wallabag = pkgs.callPackage ./wallabag.nix {
20 wallabag = pkgs.webapps.wallabag.override {
21 composerEnv = pkgs.composerEnv.override {
22 php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
23 };
24 };
25 env = config.myEnv.tools.wallabag;
26 inherit config;
27 };
28 yourls = pkgs.callPackage ./yourls.nix {
29 inherit (pkgs.webapps) yourls yourls-plugins;
30 env = config.myEnv.tools.yourls;
31 inherit config;
32 };
33 rompr = pkgs.callPackage ./rompr.nix {
34 inherit (pkgs.webapps) rompr;
35 env = config.myEnv.tools.rompr;
36 };
37 shaarli = pkgs.callPackage ./shaarli.nix {
38 env = config.myEnv.tools.shaarli;
39 inherit config;
40 };
41 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
42 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
43 };
44 ldap = pkgs.callPackage ./ldap.nix {
45 inherit (pkgs.webapps) phpldapadmin;
46 env = config.myEnv.tools.phpldapadmin;
47 inherit config;
48 };
49 grocy = pkgs.callPackage ./grocy.nix {
50 grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
51 };
52 phpbb = pkgs.callPackage ./phpbb.nix {
53 phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
54 e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
55 e.empteintesduweb.monitoranswers e.lr94.autosubscribe
56 e.phpbbmodders.adduser ]);
57 };
58 webhooks = pkgs.callPackage ./webhooks.nix {
59 env = config.myEnv.tools.webhooks;
60 };
61 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
62 env = config.myEnv.tools.dmarc_reports;
63 inherit config;
64 };
65 csp-reports = pkgs.callPackage ./csp_reports.nix {
66 env = config.myEnv.tools.csp_reports;
67 };
68
69 landing = pkgs.callPackage ./landing.nix {};
70
71 cfg = config.myServices.websites.tools.tools;
72 pcfg = config.services.phpfpm.pools;
73 in {
74 imports =
75 builtins.attrValues (flakeCompat ../../../../../flakes/private/paste).nixosModules;
76
77 options.myServices.websites.tools.tools = {
78 enable = lib.mkEnableOption "enable tools website";
79 };
80
81 config = lib.mkIf cfg.enable {
82 secrets.keys =
83 kanboard.keys
84 // ldap.keys
85 // shaarli.keys
86 // ttrss.keys
87 // wallabag.keys
88 // yourls.keys
89 // dmarc-reports.keys
90 // csp-reports.keys
91 // webhooks.keys;
92
93 services.duplyBackup.profiles = {
94 dokuwiki = dokuwiki.backups;
95 grocy = grocy.backups;
96 kanboard = kanboard.backups;
97 rompr = rompr.backups;
98 shaarli = shaarli.backups;
99 ttrss = ttrss.backups;
100 wallabag = wallabag.backups;
101 phpbb = phpbb.backups;
102 };
103
104 services.websites.env.tools.modules =
105 [ "proxy_fcgi" ]
106 ++ adminer.apache.modules
107 ++ ympd.apache.modules
108 ++ ttrss.apache.modules
109 ++ wallabag.apache.modules
110 ++ yourls.apache.modules
111 ++ rompr.apache.modules
112 ++ shaarli.apache.modules
113 ++ dokuwiki.apache.modules
114 ++ dmarc-reports.apache.modules
115 ++ phpbb.apache.modules
116 ++ ldap.apache.modules
117 ++ kanboard.apache.modules;
118
119 services.websites.env.integration.vhostConfs.devtools = {
120 certName = "integration";
121 certMainHost = "devtools.immae.eu";
122 addToCerts = true;
123 hosts = [ "devtools.immae.eu" ];
124 root = "/var/lib/ftp/immae/devtools";
125 extraConfig = [
126 ''
127 Use Apaxy "/var/lib/ftp/immae/devtools" "title"
128 Timeout 600
129 ProxyTimeout 600
130 Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
131 <Directory "/var/lib/ftp/immae/devtools">
132 DirectoryIndex index.php index.htm index.html
133 AllowOverride all
134 Require all granted
135 <FilesMatch "\.php$">
136 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
137 </FilesMatch>
138 </Directory>
139 ''
140 ];
141 };
142
143 services.websites.env.tools.vhostConfs.tools = {
144 certName = "eldiron";
145 addToCerts = true;
146 hosts = ["tools.immae.eu" ];
147 root = landing;
148 extraConfig = [
149 ''
150 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
151 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
152 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
153
154 <Directory "${landing}">
155 DirectoryIndex index.html
156 AllowOverride None
157 Require all granted
158
159 <FilesMatch "\.php$">
160 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
161 </FilesMatch>
162 </Directory>
163 ''
164 (adminer.apache.vhostConf pcfg.adminer.socket)
165 ympd.apache.vhostConf
166 (ttrss.apache.vhostConf pcfg.ttrss.socket)
167 (wallabag.apache.vhostConf pcfg.wallabag.socket)
168 (yourls.apache.vhostConf pcfg.yourls.socket)
169 (rompr.apache.vhostConf pcfg.rompr.socket)
170 (shaarli.apache.vhostConf pcfg.shaarli.socket)
171 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
172 (ldap.apache.vhostConf pcfg.ldap.socket)
173 (kanboard.apache.vhostConf pcfg.kanboard.socket)
174 (grocy.apache.vhostConf pcfg.grocy.socket)
175 (phpbb.apache.vhostConf pcfg.phpbb.socket)
176 (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
177 ''
178 <Location "/paste/">
179 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
180 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
181 ProxyPreserveHost on
182 </Location>
183 <Location "/paste">
184 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
185 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
186 ProxyPreserveHost on
187 </Location>
188
189 Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
190 <Directory "/var/lib/buildbot/outputs/immae/bip39">
191 DirectoryIndex index.html
192 AllowOverride None
193 Require all granted
194 </Directory>
195
196 Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
197 <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
198 Options -Indexes
199 Require all granted
200 AllowOverride None
201 <FilesMatch "\.php$">
202 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
203 </FilesMatch>
204 </Directory>
205 ''
206 ];
207 };
208
209 services.websites.env.tools.vhostConfs.outils = {
210 certName = "eldiron";
211 addToCerts = true;
212 hosts = [ "outils.immae.eu" ];
213 root = null;
214 extraConfig = [
215 ''
216 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
217
218 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
219
220 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
221 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
222
223 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
224 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
225 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
226 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
227
228 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
229
230 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
231
232 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
233
234 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
235
236 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
237 ''
238 ];
239 };
240
241 systemd.services = {
242 phpfpm-dokuwiki = {
243 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
244 wants = dokuwiki.phpFpm.serviceDeps;
245 };
246 phpfpm-phpbb = {
247 after = lib.mkAfter phpbb.phpFpm.serviceDeps;
248 wants = phpbb.phpFpm.serviceDeps;
249 };
250 phpfpm-kanboard = {
251 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
252 wants = kanboard.phpFpm.serviceDeps;
253 };
254 phpfpm-ldap = {
255 after = lib.mkAfter ldap.phpFpm.serviceDeps;
256 wants = ldap.phpFpm.serviceDeps;
257 };
258 phpfpm-shaarli = {
259 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
260 wants = shaarli.phpFpm.serviceDeps;
261 };
262 phpfpm-ttrss = {
263 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
264 wants = ttrss.phpFpm.serviceDeps;
265 };
266 phpfpm-wallabag = {
267 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
268 wants = wallabag.phpFpm.serviceDeps;
269 preStart = lib.mkAfter wallabag.phpFpm.preStart;
270 };
271 phpfpm-yourls = {
272 after = lib.mkAfter yourls.phpFpm.serviceDeps;
273 wants = yourls.phpFpm.serviceDeps;
274 };
275 ympd = {
276 description = "Standalone MPD Web GUI written in C";
277 wantedBy = [ "multi-user.target" ];
278 script = ''
279 export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
280 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
281 '';
282 };
283 tt-rss = {
284 description = "Tiny Tiny RSS feeds update daemon";
285 serviceConfig = {
286 User = "wwwrun";
287 ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
288 StandardOutput = "syslog";
289 StandardError = "syslog";
290 PermissionsStartOnly = true;
291 };
292
293 wantedBy = [ "multi-user.target" ];
294 requires = ["postgresql.service"];
295 after = ["network.target" "postgresql.service"];
296 };
297 };
298
299 services.filesWatcher.ympd = {
300 restart = true;
301 paths = [ config.secrets.fullPaths."mpd" ];
302 };
303
304 services.phpfpm.pools = {
305 tools = {
306 user = "wwwrun";
307 group = "wwwrun";
308 settings = {
309 "listen.owner" = "wwwrun";
310 "listen.group" = "wwwrun";
311 "pm" = "dynamic";
312 "pm.max_children" = "60";
313 "pm.start_servers" = "2";
314 "pm.min_spare_servers" = "1";
315 "pm.max_spare_servers" = "10";
316
317 # Needed to avoid clashes in browser cookies (same domain)
318 "php_value[session.name]" = "ToolsPHPSESSID";
319 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
320 "/run/wrappers/bin/sendmail" landing "/tmp"
321 config.secrets.fullPaths."webapps/webhooks"
322 ];
323 "include" = config.secrets.fullPaths."webapps/tools-csp-reports.conf";
324 };
325 phpEnv = {
326 CONTACT_EMAIL = config.myEnv.tools.contact;
327 };
328 phpPackage = pkgs.php72;
329 };
330 devtools = {
331 user = "wwwrun";
332 group = "wwwrun";
333 settings = {
334 "listen.owner" = "wwwrun";
335 "listen.group" = "wwwrun";
336 "pm" = "dynamic";
337 "pm.max_children" = "60";
338 "pm.start_servers" = "2";
339 "pm.min_spare_servers" = "1";
340 "pm.max_spare_servers" = "10";
341
342 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
343 };
344 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
345 };
346 adminer = adminer.phpFpm;
347 ttrss = {
348 user = "wwwrun";
349 group = "wwwrun";
350 settings = ttrss.phpFpm.pool;
351 phpPackage = pkgs.php72;
352 };
353 wallabag = {
354 user = "wwwrun";
355 group = "wwwrun";
356 settings = wallabag.phpFpm.pool;
357 phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
358 };
359 yourls = {
360 user = "wwwrun";
361 group = "wwwrun";
362 settings = yourls.phpFpm.pool;
363 phpPackage = pkgs.php72;
364 };
365 rompr = {
366 user = "wwwrun";
367 group = "wwwrun";
368 settings = rompr.phpFpm.pool;
369 phpPackage = pkgs.php72;
370 };
371 shaarli = {
372 user = "wwwrun";
373 group = "wwwrun";
374 settings = shaarli.phpFpm.pool;
375 phpPackage = pkgs.php72;
376 };
377 dmarc-reports = {
378 user = "wwwrun";
379 group = "wwwrun";
380 settings = dmarc-reports.phpFpm.pool;
381 phpEnv = dmarc-reports.phpFpm.phpEnv;
382 phpPackage = pkgs.php72;
383 };
384 dokuwiki = {
385 user = "wwwrun";
386 group = "wwwrun";
387 settings = dokuwiki.phpFpm.pool;
388 phpPackage = pkgs.php72;
389 };
390 phpbb = {
391 user = "wwwrun";
392 group = "wwwrun";
393 settings = phpbb.phpFpm.pool;
394 phpPackage = pkgs.php72;
395 };
396 ldap = {
397 user = "wwwrun";
398 group = "wwwrun";
399 settings = ldap.phpFpm.pool;
400 phpPackage = pkgs.php72;
401 };
402 kanboard = {
403 user = "wwwrun";
404 group = "wwwrun";
405 settings = kanboard.phpFpm.pool;
406 phpPackage = pkgs.php72;
407 };
408 grocy = {
409 user = "wwwrun";
410 group = "wwwrun";
411 settings = grocy.phpFpm.pool;
412 phpPackage = pkgs.php72;
413 };
414 };
415
416 system.activationScripts = {
417 adminer = adminer.activationScript;
418 grocy = grocy.activationScript;
419 ttrss = ttrss.activationScript;
420 wallabag = wallabag.activationScript;
421 yourls = yourls.activationScript;
422 rompr = rompr.activationScript;
423 shaarli = shaarli.activationScript;
424 dokuwiki = dokuwiki.activationScript;
425 phpbb = phpbb.activationScript;
426 kanboard = kanboard.activationScript;
427 ldap = ldap.activationScript;
428 };
429
430 services.websites.env.tools.watchPaths = [
431 config.secrets.fullPaths."webapps/tools-shaarli"
432 ];
433 services.filesWatcher.phpfpm-wallabag = {
434 restart = true;
435 paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
436 };
437
438 };
439 }
440
My infrastructure configuration