]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/websites/tools/tools/default.nix
projects / perso / Immae / Config / Nix.git / blob
? search:


ac92ef48f33d5407bc58f6665f2d5634ef8e407d
[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix
1 { lib, pkgs, config, ... }:
2 let
3 flakeCompat = import ../../../../../lib/flake-compat.nix;
4
5 adminer = pkgs.callPackage ./adminer.nix {
6 inherit (pkgs.webapps) adminer;
7 };
8 ympd = pkgs.callPackage ./ympd.nix {
9 env = config.myEnv.tools.ympd;
10 };
11 ttrss = pkgs.callPackage ./ttrss.nix {
12 inherit (pkgs.webapps) ttrss ttrss-plugins;
13 env = config.myEnv.tools.ttrss;
14 php = pkgs.php72;
15 };
16 kanboard = pkgs.callPackage ./kanboard.nix {
17 env = config.myEnv.tools.kanboard;
18 };
19 wallabag = pkgs.callPackage ./wallabag.nix {
20 wallabag = pkgs.webapps.wallabag.override {
21 composerEnv = pkgs.composerEnv.override {
22 php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
23 };
24 };
25 env = config.myEnv.tools.wallabag;
26 };
27 yourls = pkgs.callPackage ./yourls.nix {
28 inherit (pkgs.webapps) yourls yourls-plugins;
29 env = config.myEnv.tools.yourls;
30 };
31 rompr = pkgs.callPackage ./rompr.nix {
32 inherit (pkgs.webapps) rompr;
33 env = config.myEnv.tools.rompr;
34 };
35 shaarli = pkgs.callPackage ./shaarli.nix {
36 env = config.myEnv.tools.shaarli;
37 };
38 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
39 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
40 };
41 ldap = pkgs.callPackage ./ldap.nix {
42 inherit (pkgs.webapps) phpldapadmin;
43 env = config.myEnv.tools.phpldapadmin;
44 };
45 grocy = pkgs.callPackage ./grocy.nix {
46 grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
47 };
48 phpbb = pkgs.callPackage ./phpbb.nix {
49 phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
50 e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
51 e.empteintesduweb.monitoranswers e.lr94.autosubscribe
52 e.phpbbmodders.adduser ]);
53 };
54 webhooks = pkgs.callPackage ./webhooks.nix {
55 env = config.myEnv.tools.webhooks;
56 };
57 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
58 env = config.myEnv.tools.dmarc_reports;
59 };
60 csp-reports = pkgs.callPackage ./csp_reports.nix {
61 env = config.myEnv.tools.csp_reports;
62 };
63
64 landing = pkgs.callPackage ./landing.nix {};
65
66 cfg = config.myServices.websites.tools.tools;
67 pcfg = config.services.phpfpm.pools;
68 in {
69 imports =
70 builtins.attrValues (flakeCompat ../../../../../flakes/private/paste).nixosModules;
71
72 options.myServices.websites.tools.tools = {
73 enable = lib.mkEnableOption "enable tools website";
74 };
75
76 config = lib.mkIf cfg.enable {
77 secrets.keys =
78 kanboard.keys
79 ++ ldap.keys
80 ++ shaarli.keys
81 ++ ttrss.keys
82 ++ wallabag.keys
83 ++ yourls.keys
84 ++ dmarc-reports.keys
85 ++ csp-reports.keys
86 ++ webhooks.keys;
87
88 services.duplyBackup.profiles = {
89 dokuwiki = dokuwiki.backups;
90 grocy = grocy.backups;
91 kanboard = kanboard.backups;
92 rompr = rompr.backups;
93 shaarli = shaarli.backups;
94 ttrss = ttrss.backups;
95 wallabag = wallabag.backups;
96 phpbb = phpbb.backups;
97 };
98
99 services.websites.env.tools.modules =
100 [ "proxy_fcgi" ]
101 ++ adminer.apache.modules
102 ++ ympd.apache.modules
103 ++ ttrss.apache.modules
104 ++ wallabag.apache.modules
105 ++ yourls.apache.modules
106 ++ rompr.apache.modules
107 ++ shaarli.apache.modules
108 ++ dokuwiki.apache.modules
109 ++ dmarc-reports.apache.modules
110 ++ phpbb.apache.modules
111 ++ ldap.apache.modules
112 ++ kanboard.apache.modules;
113
114 services.websites.env.integration.vhostConfs.devtools = {
115 certName = "integration";
116 certMainHost = "devtools.immae.eu";
117 addToCerts = true;
118 hosts = [ "devtools.immae.eu" ];
119 root = "/var/lib/ftp/devtools.immae.eu";
120 extraConfig = [
121 ''
122 Use Apaxy "/var/lib/ftp/devtools.immae.eu" "title"
123 Timeout 600
124 ProxyTimeout 600
125 Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
126 <Directory "/var/lib/ftp/devtools.immae.eu">
127 DirectoryIndex index.php index.htm index.html
128 AllowOverride all
129 Require all granted
130 <FilesMatch "\.php$">
131 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
132 </FilesMatch>
133 </Directory>
134 ''
135 ];
136 };
137
138 services.websites.env.tools.vhostConfs.tools = {
139 certName = "eldiron";
140 addToCerts = true;
141 hosts = ["tools.immae.eu" ];
142 root = landing;
143 extraConfig = [
144 ''
145 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
146 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
147 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
148
149 <Directory "${landing}">
150 DirectoryIndex index.html
151 AllowOverride None
152 Require all granted
153
154 <FilesMatch "\.php$">
155 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
156 </FilesMatch>
157 </Directory>
158 ''
159 (adminer.apache.vhostConf pcfg.adminer.socket)
160 ympd.apache.vhostConf
161 (ttrss.apache.vhostConf pcfg.ttrss.socket)
162 (wallabag.apache.vhostConf pcfg.wallabag.socket)
163 (yourls.apache.vhostConf pcfg.yourls.socket)
164 (rompr.apache.vhostConf pcfg.rompr.socket)
165 (shaarli.apache.vhostConf pcfg.shaarli.socket)
166 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
167 (ldap.apache.vhostConf pcfg.ldap.socket)
168 (kanboard.apache.vhostConf pcfg.kanboard.socket)
169 (grocy.apache.vhostConf pcfg.grocy.socket)
170 (phpbb.apache.vhostConf pcfg.phpbb.socket)
171 (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
172 ''
173 <Location "/paste/">
174 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
175 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
176 ProxyPreserveHost on
177 </Location>
178 <Location "/paste">
179 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
180 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
181 ProxyPreserveHost on
182 </Location>
183
184 Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
185 <Directory "/var/lib/buildbot/outputs/immae/bip39">
186 DirectoryIndex index.html
187 AllowOverride None
188 Require all granted
189 </Directory>
190
191 Alias /webhooks ${config.secrets.location}/webapps/webhooks
192 <Directory "${config.secrets.location}/webapps/webhooks">
193 Options -Indexes
194 Require all granted
195 AllowOverride None
196 <FilesMatch "\.php$">
197 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
198 </FilesMatch>
199 </Directory>
200 ''
201 ];
202 };
203
204 services.websites.env.tools.vhostConfs.outils = {
205 certName = "eldiron";
206 addToCerts = true;
207 hosts = [ "outils.immae.eu" ];
208 root = null;
209 extraConfig = [
210 ''
211 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
212
213 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
214
215 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
216 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
217
218 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
219 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
220 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
221 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
222
223 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
224
225 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
226
227 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
228
229 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
230
231 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
232 ''
233 ];
234 };
235
236 systemd.services = {
237 phpfpm-dokuwiki = {
238 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
239 wants = dokuwiki.phpFpm.serviceDeps;
240 };
241 phpfpm-phpbb = {
242 after = lib.mkAfter phpbb.phpFpm.serviceDeps;
243 wants = phpbb.phpFpm.serviceDeps;
244 };
245 phpfpm-kanboard = {
246 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
247 wants = kanboard.phpFpm.serviceDeps;
248 };
249 phpfpm-ldap = {
250 after = lib.mkAfter ldap.phpFpm.serviceDeps;
251 wants = ldap.phpFpm.serviceDeps;
252 };
253 phpfpm-shaarli = {
254 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
255 wants = shaarli.phpFpm.serviceDeps;
256 };
257 phpfpm-ttrss = {
258 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
259 wants = ttrss.phpFpm.serviceDeps;
260 };
261 phpfpm-wallabag = {
262 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
263 wants = wallabag.phpFpm.serviceDeps;
264 preStart = lib.mkAfter wallabag.phpFpm.preStart;
265 };
266 phpfpm-yourls = {
267 after = lib.mkAfter yourls.phpFpm.serviceDeps;
268 wants = yourls.phpFpm.serviceDeps;
269 };
270 ympd = {
271 description = "Standalone MPD Web GUI written in C";
272 wantedBy = [ "multi-user.target" ];
273 script = ''
274 export MPD_PASSWORD=$(cat /var/secrets/mpd)
275 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
276 '';
277 };
278 tt-rss = {
279 description = "Tiny Tiny RSS feeds update daemon";
280 serviceConfig = {
281 User = "wwwrun";
282 ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
283 StandardOutput = "syslog";
284 StandardError = "syslog";
285 PermissionsStartOnly = true;
286 };
287
288 wantedBy = [ "multi-user.target" ];
289 requires = ["postgresql.service"];
290 after = ["network.target" "postgresql.service"];
291 };
292 };
293
294 services.filesWatcher.ympd = {
295 restart = true;
296 paths = [ "/var/secrets/mpd" ];
297 };
298
299 services.phpfpm.pools = {
300 tools = {
301 user = "wwwrun";
302 group = "wwwrun";
303 settings = {
304 "listen.owner" = "wwwrun";
305 "listen.group" = "wwwrun";
306 "pm" = "dynamic";
307 "pm.max_children" = "60";
308 "pm.start_servers" = "2";
309 "pm.min_spare_servers" = "1";
310 "pm.max_spare_servers" = "10";
311
312 # Needed to avoid clashes in browser cookies (same domain)
313 "php_value[session.name]" = "ToolsPHPSESSID";
314 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
315 "/run/wrappers/bin/sendmail" landing "/tmp"
316 "${config.secrets.location}/webapps/webhooks"
317 ];
318 "include" = "${config.secrets.location}/webapps/tools-csp-reports.conf";
319 };
320 phpEnv = {
321 CONTACT_EMAIL = config.myEnv.tools.contact;
322 };
323 phpPackage = pkgs.php72;
324 };
325 devtools = {
326 user = "wwwrun";
327 group = "wwwrun";
328 settings = {
329 "listen.owner" = "wwwrun";
330 "listen.group" = "wwwrun";
331 "pm" = "dynamic";
332 "pm.max_children" = "60";
333 "pm.start_servers" = "2";
334 "pm.min_spare_servers" = "1";
335 "pm.max_spare_servers" = "10";
336
337 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
338 };
339 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
340 };
341 adminer = adminer.phpFpm;
342 ttrss = {
343 user = "wwwrun";
344 group = "wwwrun";
345 settings = ttrss.phpFpm.pool;
346 phpPackage = pkgs.php72;
347 };
348 wallabag = {
349 user = "wwwrun";
350 group = "wwwrun";
351 settings = wallabag.phpFpm.pool;
352 phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
353 };
354 yourls = {
355 user = "wwwrun";
356 group = "wwwrun";
357 settings = yourls.phpFpm.pool;
358 phpPackage = pkgs.php72;
359 };
360 rompr = {
361 user = "wwwrun";
362 group = "wwwrun";
363 settings = rompr.phpFpm.pool;
364 phpPackage = pkgs.php72;
365 };
366 shaarli = {
367 user = "wwwrun";
368 group = "wwwrun";
369 settings = shaarli.phpFpm.pool;
370 phpPackage = pkgs.php72;
371 };
372 dmarc-reports = {
373 user = "wwwrun";
374 group = "wwwrun";
375 settings = dmarc-reports.phpFpm.pool;
376 phpEnv = dmarc-reports.phpFpm.phpEnv;
377 phpPackage = pkgs.php72;
378 };
379 dokuwiki = {
380 user = "wwwrun";
381 group = "wwwrun";
382 settings = dokuwiki.phpFpm.pool;
383 phpPackage = pkgs.php72;
384 };
385 phpbb = {
386 user = "wwwrun";
387 group = "wwwrun";
388 settings = phpbb.phpFpm.pool;
389 phpPackage = pkgs.php72;
390 };
391 ldap = {
392 user = "wwwrun";
393 group = "wwwrun";
394 settings = ldap.phpFpm.pool;
395 phpPackage = pkgs.php72;
396 };
397 kanboard = {
398 user = "wwwrun";
399 group = "wwwrun";
400 settings = kanboard.phpFpm.pool;
401 phpPackage = pkgs.php72;
402 };
403 grocy = {
404 user = "wwwrun";
405 group = "wwwrun";
406 settings = grocy.phpFpm.pool;
407 phpPackage = pkgs.php72;
408 };
409 };
410
411 system.activationScripts = {
412 adminer = adminer.activationScript;
413 grocy = grocy.activationScript;
414 ttrss = ttrss.activationScript;
415 wallabag = wallabag.activationScript;
416 yourls = yourls.activationScript;
417 rompr = rompr.activationScript;
418 shaarli = shaarli.activationScript;
419 dokuwiki = dokuwiki.activationScript;
420 phpbb = phpbb.activationScript;
421 kanboard = kanboard.activationScript;
422 ldap = ldap.activationScript;
423 };
424
425 services.websites.webappDirs = {
426 _adminer = adminer.webRoot;
427 "${dmarc-reports.apache.webappName}" = dmarc-reports.webRoot;
428 "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
429 "${phpbb.apache.webappName}" = phpbb.webRoot;
430 "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
431 "${rompr.apache.webappName}" = rompr.webRoot;
432 "${shaarli.apache.webappName}" = shaarli.webRoot;
433 "${ttrss.apache.webappName}" = ttrss.webRoot;
434 "${wallabag.apache.webappName}" = wallabag.webRoot;
435 "${yourls.apache.webappName}" = yourls.webRoot;
436 "${kanboard.apache.webappName}" = kanboard.webRoot;
437 "${grocy.apache.webappName}" = grocy.webRoot;
438 };
439
440 services.websites.env.tools.watchPaths = [
441 "/var/secrets/webapps/tools-shaarli"
442 ];
443 services.filesWatcher.phpfpm-wallabag = {
444 restart = true;
445 paths = [ "/var/secrets/webapps/tools-wallabag" ];
446 };
447
448 };
449 }
450
My infrastructure configuration