1 { lib, pkgs, config, ... }:
3 flakeCompat = import ../../../../../lib/flake-compat.nix;
5 adminer = pkgs.callPackage ./adminer.nix {
6 inherit (pkgs.webapps) adminer;
8 ympd = pkgs.callPackage ./ympd.nix {
9 env = config.myEnv.tools.ympd;
11 ttrss = pkgs.callPackage ./ttrss.nix {
12 inherit (pkgs.webapps) ttrss ttrss-plugins;
13 env = config.myEnv.tools.ttrss;
16 kanboard = pkgs.callPackage ./kanboard.nix {
17 env = config.myEnv.tools.kanboard;
19 wallabag = pkgs.callPackage ./wallabag.nix {
20 wallabag = pkgs.webapps.wallabag.override {
21 composerEnv = pkgs.composerEnv.override {
22 php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
25 env = config.myEnv.tools.wallabag;
27 yourls = pkgs.callPackage ./yourls.nix {
28 inherit (pkgs.webapps) yourls yourls-plugins;
29 env = config.myEnv.tools.yourls;
31 rompr = pkgs.callPackage ./rompr.nix {
32 inherit (pkgs.webapps) rompr;
33 env = config.myEnv.tools.rompr;
35 shaarli = pkgs.callPackage ./shaarli.nix {
36 env = config.myEnv.tools.shaarli;
38 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
39 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
41 ldap = pkgs.callPackage ./ldap.nix {
42 inherit (pkgs.webapps) phpldapadmin;
43 env = config.myEnv.tools.phpldapadmin;
45 grocy = pkgs.callPackage ./grocy.nix {
46 grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
48 phpbb = pkgs.callPackage ./phpbb.nix {
49 phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
50 e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
51 e.empteintesduweb.monitoranswers e.lr94.autosubscribe
52 e.phpbbmodders.adduser ]);
54 webhooks = pkgs.callPackage ./webhooks.nix {
55 env = config.myEnv.tools.webhooks;
57 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
58 env = config.myEnv.tools.dmarc_reports;
60 csp-reports = pkgs.callPackage ./csp_reports.nix {
61 env = config.myEnv.tools.csp_reports;
64 landing = pkgs.callPackage ./landing.nix {};
66 cfg = config.myServices.websites.tools.tools;
67 pcfg = config.services.phpfpm.pools;
70 builtins.attrValues (flakeCompat ../../../../../flakes/private/paste).nixosModules;
72 options.myServices.websites.tools.tools = {
73 enable = lib.mkEnableOption "enable tools website";
76 config = lib.mkIf cfg.enable {
88 services.duplyBackup.profiles = {
89 dokuwiki = dokuwiki.backups;
90 grocy = grocy.backups;
91 kanboard = kanboard.backups;
92 rompr = rompr.backups;
93 shaarli = shaarli.backups;
94 ttrss = ttrss.backups;
95 wallabag = wallabag.backups;
96 phpbb = phpbb.backups;
99 services.websites.env.tools.modules =
101 ++ adminer.apache.modules
102 ++ ympd.apache.modules
103 ++ ttrss.apache.modules
104 ++ wallabag.apache.modules
105 ++ yourls.apache.modules
106 ++ rompr.apache.modules
107 ++ shaarli.apache.modules
108 ++ dokuwiki.apache.modules
109 ++ dmarc-reports.apache.modules
110 ++ phpbb.apache.modules
111 ++ ldap.apache.modules
112 ++ kanboard.apache.modules;
114 services.websites.env.integration.vhostConfs.devtools = {
115 certName = "integration";
116 certMainHost = "devtools.immae.eu";
118 hosts = [ "devtools.immae.eu" ];
119 root = "/var/lib/ftp/devtools.immae.eu";
122 Use Apaxy "/var/lib/ftp/devtools.immae.eu" "title"
125 Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
126 <Directory "/var/lib/ftp/devtools.immae.eu">
127 DirectoryIndex index.php index.htm index.html
130 <FilesMatch "\.php$">
131 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
138 services.websites.env.tools.vhostConfs.tools = {
139 certName = "eldiron";
141 hosts = ["tools.immae.eu" ];
145 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
146 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
147 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
149 <Directory "${landing}">
150 DirectoryIndex index.html
154 <FilesMatch "\.php$">
155 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
159 (adminer.apache.vhostConf pcfg.adminer.socket)
160 ympd.apache.vhostConf
161 (ttrss.apache.vhostConf pcfg.ttrss.socket)
162 (wallabag.apache.vhostConf pcfg.wallabag.socket)
163 (yourls.apache.vhostConf pcfg.yourls.socket)
164 (rompr.apache.vhostConf pcfg.rompr.socket)
165 (shaarli.apache.vhostConf pcfg.shaarli.socket)
166 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
167 (ldap.apache.vhostConf pcfg.ldap.socket)
168 (kanboard.apache.vhostConf pcfg.kanboard.socket)
169 (grocy.apache.vhostConf pcfg.grocy.socket)
170 (phpbb.apache.vhostConf pcfg.phpbb.socket)
171 (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
174 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
175 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
179 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
180 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
184 Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
185 <Directory "/var/lib/buildbot/outputs/immae/bip39">
186 DirectoryIndex index.html
191 Alias /webhooks ${config.secrets.location}/webapps/webhooks
192 <Directory "${config.secrets.location}/webapps/webhooks">
196 <FilesMatch "\.php$">
197 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
204 services.websites.env.tools.vhostConfs.outils = {
205 certName = "eldiron";
207 hosts = [ "outils.immae.eu" ];
211 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
213 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
215 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
216 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
218 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
219 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
220 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
221 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
223 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
225 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
227 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
229 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
231 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
238 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
239 wants = dokuwiki.phpFpm.serviceDeps;
242 after = lib.mkAfter phpbb.phpFpm.serviceDeps;
243 wants = phpbb.phpFpm.serviceDeps;
246 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
247 wants = kanboard.phpFpm.serviceDeps;
250 after = lib.mkAfter ldap.phpFpm.serviceDeps;
251 wants = ldap.phpFpm.serviceDeps;
254 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
255 wants = shaarli.phpFpm.serviceDeps;
258 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
259 wants = ttrss.phpFpm.serviceDeps;
262 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
263 wants = wallabag.phpFpm.serviceDeps;
264 preStart = lib.mkAfter wallabag.phpFpm.preStart;
267 after = lib.mkAfter yourls.phpFpm.serviceDeps;
268 wants = yourls.phpFpm.serviceDeps;
271 description = "Standalone MPD Web GUI written in C";
272 wantedBy = [ "multi-user.target" ];
274 export MPD_PASSWORD=$(cat /var/secrets/mpd)
275 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
279 description = "Tiny Tiny RSS feeds update daemon";
282 ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
283 StandardOutput = "syslog";
284 StandardError = "syslog";
285 PermissionsStartOnly = true;
288 wantedBy = [ "multi-user.target" ];
289 requires = ["postgresql.service"];
290 after = ["network.target" "postgresql.service"];
294 services.filesWatcher.ympd = {
296 paths = [ "/var/secrets/mpd" ];
299 services.phpfpm.pools = {
304 "listen.owner" = "wwwrun";
305 "listen.group" = "wwwrun";
307 "pm.max_children" = "60";
308 "pm.start_servers" = "2";
309 "pm.min_spare_servers" = "1";
310 "pm.max_spare_servers" = "10";
312 # Needed to avoid clashes in browser cookies (same domain)
313 "php_value[session.name]" = "ToolsPHPSESSID";
314 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
315 "/run/wrappers/bin/sendmail" landing "/tmp"
316 "${config.secrets.location}/webapps/webhooks"
318 "include" = "${config.secrets.location}/webapps/tools-csp-reports.conf";
321 CONTACT_EMAIL = config.myEnv.tools.contact;
323 phpPackage = pkgs.php72;
329 "listen.owner" = "wwwrun";
330 "listen.group" = "wwwrun";
332 "pm.max_children" = "60";
333 "pm.start_servers" = "2";
334 "pm.min_spare_servers" = "1";
335 "pm.max_spare_servers" = "10";
337 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
339 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
341 adminer = adminer.phpFpm;
345 settings = ttrss.phpFpm.pool;
346 phpPackage = pkgs.php72;
351 settings = wallabag.phpFpm.pool;
352 phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
357 settings = yourls.phpFpm.pool;
358 phpPackage = pkgs.php72;
363 settings = rompr.phpFpm.pool;
364 phpPackage = pkgs.php72;
369 settings = shaarli.phpFpm.pool;
370 phpPackage = pkgs.php72;
375 settings = dmarc-reports.phpFpm.pool;
376 phpEnv = dmarc-reports.phpFpm.phpEnv;
377 phpPackage = pkgs.php72;
382 settings = dokuwiki.phpFpm.pool;
383 phpPackage = pkgs.php72;
388 settings = phpbb.phpFpm.pool;
389 phpPackage = pkgs.php72;
394 settings = ldap.phpFpm.pool;
395 phpPackage = pkgs.php72;
400 settings = kanboard.phpFpm.pool;
401 phpPackage = pkgs.php72;
406 settings = grocy.phpFpm.pool;
407 phpPackage = pkgs.php72;
411 system.activationScripts = {
412 adminer = adminer.activationScript;
413 grocy = grocy.activationScript;
414 ttrss = ttrss.activationScript;
415 wallabag = wallabag.activationScript;
416 yourls = yourls.activationScript;
417 rompr = rompr.activationScript;
418 shaarli = shaarli.activationScript;
419 dokuwiki = dokuwiki.activationScript;
420 phpbb = phpbb.activationScript;
421 kanboard = kanboard.activationScript;
422 ldap = ldap.activationScript;
425 services.websites.webappDirs = {
426 _adminer = adminer.webRoot;
427 "${dmarc-reports.apache.webappName}" = dmarc-reports.webRoot;
428 "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
429 "${phpbb.apache.webappName}" = phpbb.webRoot;
430 "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
431 "${rompr.apache.webappName}" = rompr.webRoot;
432 "${shaarli.apache.webappName}" = shaarli.webRoot;
433 "${ttrss.apache.webappName}" = ttrss.webRoot;
434 "${wallabag.apache.webappName}" = wallabag.webRoot;
435 "${yourls.apache.webappName}" = yourls.webRoot;
436 "${kanboard.apache.webappName}" = kanboard.webRoot;
437 "${grocy.apache.webappName}" = grocy.webRoot;
440 services.websites.env.tools.watchPaths = [
441 "/var/secrets/webapps/tools-shaarli"
443 services.filesWatcher.phpfpm-wallabag = {
445 paths = [ "/var/secrets/webapps/tools-wallabag" ];