]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/websites/tools/tools/default.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add fiche module (a program to submit paste from command line)
[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix
1 { lib, pkgs, config, ... }:
2 let
3 adminer = pkgs.callPackage ./adminer.nix {
4 inherit (pkgs.webapps) adminer;
5 };
6 ympd = pkgs.callPackage ./ympd.nix {
7 env = config.myEnv.tools.ympd;
8 };
9 ttrss = pkgs.callPackage ./ttrss.nix {
10 inherit (pkgs.webapps) ttrss ttrss-plugins;
11 env = config.myEnv.tools.ttrss;
12 };
13 kanboard = pkgs.callPackage ./kanboard.nix {
14 env = config.myEnv.tools.kanboard;
15 };
16 wallabag = pkgs.callPackage ./wallabag.nix {
17 inherit (pkgs.webapps) wallabag;
18 env = config.myEnv.tools.wallabag;
19 };
20 yourls = pkgs.callPackage ./yourls.nix {
21 inherit (pkgs.webapps) yourls yourls-plugins;
22 env = config.myEnv.tools.yourls;
23 };
24 rompr = pkgs.callPackage ./rompr.nix {
25 inherit (pkgs.webapps) rompr;
26 env = config.myEnv.tools.rompr;
27 };
28 shaarli = pkgs.callPackage ./shaarli.nix {
29 env = config.myEnv.tools.shaarli;
30 };
31 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
32 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
33 };
34 ldap = pkgs.callPackage ./ldap.nix {
35 inherit (pkgs.webapps) phpldapadmin;
36 env = config.myEnv.tools.phpldapadmin;
37 };
38 grocy = pkgs.callPackage ./grocy.nix {
39 inherit (pkgs.webapps) grocy;
40 };
41
42 cfg = config.myServices.websites.tools.tools;
43 pcfg = config.services.phpfpm.pools;
44 in {
45 options.myServices.websites.tools.tools = {
46 enable = lib.mkEnableOption "enable tools website";
47 };
48
49 config = lib.mkIf cfg.enable {
50 secrets.keys =
51 kanboard.keys
52 ++ ldap.keys
53 ++ shaarli.keys
54 ++ ttrss.keys
55 ++ wallabag.keys
56 ++ yourls.keys;
57
58 services.duplyBackup.profiles = {
59 dokuwiki = dokuwiki.backups;
60 grocy = grocy.backups;
61 kanboard = kanboard.backups;
62 rompr = rompr.backups;
63 shaarli = shaarli.backups;
64 ttrss = ttrss.backups;
65 wallabag = wallabag.backups;
66 };
67
68 services.websites.env.tools.modules =
69 [ "proxy_fcgi" ]
70 ++ adminer.apache.modules
71 ++ ympd.apache.modules
72 ++ ttrss.apache.modules
73 ++ wallabag.apache.modules
74 ++ yourls.apache.modules
75 ++ rompr.apache.modules
76 ++ shaarli.apache.modules
77 ++ dokuwiki.apache.modules
78 ++ ldap.apache.modules
79 ++ kanboard.apache.modules;
80
81 services.websites.env.integration.vhostConfs.devtools = {
82 certName = "integration";
83 certMainHost = "devtools.immae.eu";
84 addToCerts = true;
85 hosts = [ "devtools.immae.eu" ];
86 root = "/var/lib/ftp/devtools.immae.eu";
87 extraConfig = [
88 ''
89 Timeout 600
90 ProxyTimeout 600
91 <Directory "/var/lib/ftp/devtools.immae.eu">
92 DirectoryIndex index.php index.htm index.html
93 AllowOverride all
94 Require all granted
95 <FilesMatch "\.php$">
96 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
97 </FilesMatch>
98 </Directory>
99 ''
100 ];
101 };
102
103 services.websites.env.tools.vhostConfs.tools = {
104 certName = "eldiron";
105 addToCerts = true;
106 hosts = ["tools.immae.eu" ];
107 root = "/var/lib/ftp/tools.immae.eu";
108 extraConfig = [
109 ''
110 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
111 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
112 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
113
114 <Directory "/var/lib/ftp/tools.immae.eu">
115 DirectoryIndex index.php index.htm index.html
116 AllowOverride all
117 Require all granted
118 <FilesMatch "\.php$">
119 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
120 </FilesMatch>
121 </Directory>
122 ''
123 (adminer.apache.vhostConf pcfg.adminer.socket)
124 ympd.apache.vhostConf
125 (ttrss.apache.vhostConf pcfg.ttrss.socket)
126 (wallabag.apache.vhostConf pcfg.wallabag.socket)
127 (yourls.apache.vhostConf pcfg.yourls.socket)
128 (rompr.apache.vhostConf pcfg.rompr.socket)
129 (shaarli.apache.vhostConf pcfg.shaarli.socket)
130 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
131 (ldap.apache.vhostConf pcfg.ldap.socket)
132 (kanboard.apache.vhostConf pcfg.kanboard.socket)
133 (grocy.apache.vhostConf pcfg.grocy.socket)
134 ''
135 Alias /paste /var/lib/fiche
136 <Directory "/var/lib/fiche">
137 DirectoryIndex index.txt index.html
138 AllowOverride None
139 Require all granted
140 Options -Indexes
141 </Directory>
142 ''
143 ];
144 };
145
146 services.websites.env.tools.vhostConfs.outils = {
147 certName = "eldiron";
148 addToCerts = true;
149 hosts = [ "outils.immae.eu" ];
150 root = null;
151 extraConfig = [
152 ''
153 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
154
155 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
156
157 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
158 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
159
160 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
161 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
162 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
163 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
164
165 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
166
167 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
168
169 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
170
171 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
172
173 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
174 ''
175 ];
176 };
177
178 systemd.services = {
179 phpfpm-dokuwiki = {
180 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
181 wants = dokuwiki.phpFpm.serviceDeps;
182 };
183 phpfpm-kanboard = {
184 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
185 wants = kanboard.phpFpm.serviceDeps;
186 };
187 phpfpm-ldap = {
188 after = lib.mkAfter ldap.phpFpm.serviceDeps;
189 wants = ldap.phpFpm.serviceDeps;
190 };
191 phpfpm-shaarli = {
192 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
193 wants = shaarli.phpFpm.serviceDeps;
194 };
195 phpfpm-ttrss = {
196 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
197 wants = ttrss.phpFpm.serviceDeps;
198 };
199 phpfpm-wallabag = {
200 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
201 wants = wallabag.phpFpm.serviceDeps;
202 preStart = lib.mkAfter wallabag.phpFpm.preStart;
203 };
204 phpfpm-yourls = {
205 after = lib.mkAfter yourls.phpFpm.serviceDeps;
206 wants = yourls.phpFpm.serviceDeps;
207 };
208 ympd = {
209 description = "Standalone MPD Web GUI written in C";
210 wantedBy = [ "multi-user.target" ];
211 script = ''
212 export MPD_PASSWORD=$(cat /var/secrets/mpd)
213 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
214 '';
215 };
216 tt-rss = {
217 description = "Tiny Tiny RSS feeds update daemon";
218 serviceConfig = {
219 User = "wwwrun";
220 ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
221 StandardOutput = "syslog";
222 StandardError = "syslog";
223 PermissionsStartOnly = true;
224 };
225
226 wantedBy = [ "multi-user.target" ];
227 requires = ["postgresql.service"];
228 after = ["network.target" "postgresql.service"];
229 };
230 };
231
232 services.filesWatcher.ympd = {
233 restart = true;
234 paths = [ "/var/secrets/mpd" ];
235 };
236
237 services.phpfpm.pools = {
238 tools = {
239 user = "wwwrun";
240 group = "wwwrun";
241 settings = {
242 "listen.owner" = "wwwrun";
243 "listen.group" = "wwwrun";
244 "pm" = "dynamic";
245 "pm.max_children" = "60";
246 "pm.start_servers" = "2";
247 "pm.min_spare_servers" = "1";
248 "pm.max_spare_servers" = "10";
249
250 # Needed to avoid clashes in browser cookies (same domain)
251 "php_value[session.name]" = "ToolsPHPSESSID";
252 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp";
253 };
254 };
255 devtools = {
256 user = "wwwrun";
257 group = "wwwrun";
258 settings = {
259 "listen.owner" = "wwwrun";
260 "listen.group" = "wwwrun";
261 "pm" = "dynamic";
262 "pm.max_children" = "60";
263 "pm.start_servers" = "2";
264 "pm.min_spare_servers" = "1";
265 "pm.max_spare_servers" = "10";
266
267 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
268 };
269 phpOptions = config.services.phpfpm.phpOptions + ''
270 extension=${pkgs.php}/lib/php/extensions/mysqli.so
271 extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
272 extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
273 zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
274 '';
275 };
276 adminer = adminer.phpFpm;
277 ttrss = {
278 user = "wwwrun";
279 group = "wwwrun";
280 settings = ttrss.phpFpm.pool;
281 };
282 wallabag = {
283 user = "wwwrun";
284 group = "wwwrun";
285 settings = wallabag.phpFpm.pool;
286 };
287 yourls = {
288 user = "wwwrun";
289 group = "wwwrun";
290 settings = yourls.phpFpm.pool;
291 };
292 rompr = {
293 user = "wwwrun";
294 group = "wwwrun";
295 settings = rompr.phpFpm.pool;
296 };
297 shaarli = {
298 user = "wwwrun";
299 group = "wwwrun";
300 settings = shaarli.phpFpm.pool;
301 };
302 dokuwiki = {
303 user = "wwwrun";
304 group = "wwwrun";
305 settings = dokuwiki.phpFpm.pool;
306 };
307 ldap = {
308 user = "wwwrun";
309 group = "wwwrun";
310 settings = ldap.phpFpm.pool;
311 phpPackage = pkgs.php74;
312 };
313 kanboard = {
314 user = "wwwrun";
315 group = "wwwrun";
316 settings = kanboard.phpFpm.pool;
317 };
318 grocy = {
319 user = "wwwrun";
320 group = "wwwrun";
321 settings = grocy.phpFpm.pool;
322 };
323 };
324
325 system.activationScripts = {
326 adminer = adminer.activationScript;
327 grocy = grocy.activationScript;
328 ttrss = ttrss.activationScript;
329 wallabag = wallabag.activationScript;
330 yourls = yourls.activationScript;
331 rompr = rompr.activationScript;
332 shaarli = shaarli.activationScript;
333 dokuwiki = dokuwiki.activationScript;
334 kanboard = kanboard.activationScript;
335 ldap = ldap.activationScript;
336 };
337
338 myServices.websites.webappDirs = {
339 _adminer = adminer.webRoot;
340 "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
341 "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
342 "${rompr.apache.webappName}" = rompr.webRoot;
343 "${shaarli.apache.webappName}" = shaarli.webRoot;
344 "${ttrss.apache.webappName}" = ttrss.webRoot;
345 "${wallabag.apache.webappName}" = wallabag.webRoot;
346 "${yourls.apache.webappName}" = yourls.webRoot;
347 "${kanboard.apache.webappName}" = kanboard.webRoot;
348 "${grocy.apache.webappName}" = grocy.webRoot;
349 };
350
351 services.websites.env.tools.watchPaths = [
352 "/var/secrets/webapps/tools-shaarli"
353 ];
354 services.filesWatcher.phpfpm-wallabag = {
355 restart = true;
356 paths = [ "/var/secrets/webapps/tools-wallabag" ];
357 };
358
359 services.fiche = {
360 enable = true;
361 port = config.myEnv.ports.fiche;
362 domain = "tools.immae.eu/paste";
363 https = true;
364 };
365 };
366 }
367
My infrastructure configuration