]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/websites/tools/tools/default.nix
projects / perso / Immae / Config / Nix.git / blob
? search:


ada62537fb04021ef6e5ac759bd7622e0fa00b43
[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix
1 { lib, pkgs, config, ... }:
2 let
3 flakeCompat = import ../../../../../lib/flake-compat.nix;
4
5 adminer = pkgs.callPackage ./adminer.nix {
6 inherit (pkgs.webapps) adminer;
7 };
8 ympd = pkgs.callPackage ./ympd.nix {
9 env = config.myEnv.tools.ympd;
10 };
11 ttrss = pkgs.callPackage ./ttrss.nix {
12 inherit (pkgs.webapps) ttrss ttrss-plugins;
13 env = config.myEnv.tools.ttrss;
14 php = pkgs.php72;
15 inherit config;
16 };
17 kanboard = pkgs.callPackage ./kanboard.nix {
18 inherit config;
19 env = config.myEnv.tools.kanboard;
20 };
21 wallabag = pkgs.callPackage ./wallabag.nix {
22 wallabag = pkgs.webapps.wallabag.override {
23 composerEnv = pkgs.composerEnv.override {
24 php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
25 };
26 };
27 env = config.myEnv.tools.wallabag;
28 inherit config;
29 };
30 yourls = pkgs.callPackage ./yourls.nix {
31 inherit (pkgs.webapps) yourls yourls-plugins;
32 env = config.myEnv.tools.yourls;
33 inherit config;
34 };
35 rompr = pkgs.callPackage ./rompr.nix {
36 inherit (pkgs.webapps) rompr;
37 env = config.myEnv.tools.rompr;
38 };
39 shaarli = pkgs.callPackage ./shaarli.nix {
40 env = config.myEnv.tools.shaarli;
41 inherit config;
42 };
43 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
44 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
45 };
46 ldap = pkgs.callPackage ./ldap.nix {
47 inherit (pkgs.webapps) phpldapadmin;
48 env = config.myEnv.tools.phpldapadmin;
49 inherit config;
50 };
51 grocy = pkgs.callPackage ./grocy.nix {
52 grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
53 };
54 phpbb = pkgs.callPackage ./phpbb.nix {
55 phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
56 e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
57 e.empteintesduweb.monitoranswers e.lr94.autosubscribe
58 e.phpbbmodders.adduser ]);
59 };
60 webhooks = pkgs.callPackage ./webhooks.nix {
61 env = config.myEnv.tools.webhooks;
62 };
63 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
64 env = config.myEnv.tools.dmarc_reports;
65 inherit config;
66 };
67 csp-reports = pkgs.callPackage ./csp_reports.nix {
68 env = config.myEnv.tools.csp_reports;
69 };
70
71 landing = pkgs.callPackage ./landing.nix {};
72
73 cfg = config.myServices.websites.tools.tools;
74 pcfg = config.services.phpfpm.pools;
75 in {
76 imports =
77 builtins.attrValues (flakeCompat ../../../../../flakes/private/paste).nixosModules;
78
79 options.myServices.websites.tools.tools = {
80 enable = lib.mkEnableOption "enable tools website";
81 };
82
83 config = lib.mkIf cfg.enable {
84 secrets.keys =
85 kanboard.keys
86 ++ ldap.keys
87 ++ shaarli.keys
88 ++ ttrss.keys
89 ++ wallabag.keys
90 ++ yourls.keys
91 ++ dmarc-reports.keys
92 ++ csp-reports.keys
93 ++ webhooks.keys;
94
95 services.duplyBackup.profiles = {
96 dokuwiki = dokuwiki.backups;
97 grocy = grocy.backups;
98 kanboard = kanboard.backups;
99 rompr = rompr.backups;
100 shaarli = shaarli.backups;
101 ttrss = ttrss.backups;
102 wallabag = wallabag.backups;
103 phpbb = phpbb.backups;
104 };
105
106 services.websites.env.tools.modules =
107 [ "proxy_fcgi" ]
108 ++ adminer.apache.modules
109 ++ ympd.apache.modules
110 ++ ttrss.apache.modules
111 ++ wallabag.apache.modules
112 ++ yourls.apache.modules
113 ++ rompr.apache.modules
114 ++ shaarli.apache.modules
115 ++ dokuwiki.apache.modules
116 ++ dmarc-reports.apache.modules
117 ++ phpbb.apache.modules
118 ++ ldap.apache.modules
119 ++ kanboard.apache.modules;
120
121 services.websites.env.integration.vhostConfs.devtools = {
122 certName = "integration";
123 certMainHost = "devtools.immae.eu";
124 addToCerts = true;
125 hosts = [ "devtools.immae.eu" ];
126 root = "/var/lib/ftp/devtools.immae.eu";
127 extraConfig = [
128 ''
129 Use Apaxy "/var/lib/ftp/devtools.immae.eu" "title"
130 Timeout 600
131 ProxyTimeout 600
132 Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
133 <Directory "/var/lib/ftp/devtools.immae.eu">
134 DirectoryIndex index.php index.htm index.html
135 AllowOverride all
136 Require all granted
137 <FilesMatch "\.php$">
138 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
139 </FilesMatch>
140 </Directory>
141 ''
142 ];
143 };
144
145 services.websites.env.tools.vhostConfs.tools = {
146 certName = "eldiron";
147 addToCerts = true;
148 hosts = ["tools.immae.eu" ];
149 root = landing;
150 extraConfig = [
151 ''
152 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
153 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
154 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
155
156 <Directory "${landing}">
157 DirectoryIndex index.html
158 AllowOverride None
159 Require all granted
160
161 <FilesMatch "\.php$">
162 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
163 </FilesMatch>
164 </Directory>
165 ''
166 (adminer.apache.vhostConf pcfg.adminer.socket)
167 ympd.apache.vhostConf
168 (ttrss.apache.vhostConf pcfg.ttrss.socket)
169 (wallabag.apache.vhostConf pcfg.wallabag.socket)
170 (yourls.apache.vhostConf pcfg.yourls.socket)
171 (rompr.apache.vhostConf pcfg.rompr.socket)
172 (shaarli.apache.vhostConf pcfg.shaarli.socket)
173 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
174 (ldap.apache.vhostConf pcfg.ldap.socket)
175 (kanboard.apache.vhostConf pcfg.kanboard.socket)
176 (grocy.apache.vhostConf pcfg.grocy.socket)
177 (phpbb.apache.vhostConf pcfg.phpbb.socket)
178 (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
179 ''
180 <Location "/paste/">
181 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
182 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
183 ProxyPreserveHost on
184 </Location>
185 <Location "/paste">
186 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
187 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
188 ProxyPreserveHost on
189 </Location>
190
191 Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
192 <Directory "/var/lib/buildbot/outputs/immae/bip39">
193 DirectoryIndex index.html
194 AllowOverride None
195 Require all granted
196 </Directory>
197
198 Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
199 <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
200 Options -Indexes
201 Require all granted
202 AllowOverride None
203 <FilesMatch "\.php$">
204 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
205 </FilesMatch>
206 </Directory>
207 ''
208 ];
209 };
210
211 services.websites.env.tools.vhostConfs.outils = {
212 certName = "eldiron";
213 addToCerts = true;
214 hosts = [ "outils.immae.eu" ];
215 root = null;
216 extraConfig = [
217 ''
218 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
219
220 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
221
222 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
223 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
224
225 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
226 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
227 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
228 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
229
230 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
231
232 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
233
234 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
235
236 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
237
238 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
239 ''
240 ];
241 };
242
243 systemd.services = {
244 phpfpm-dokuwiki = {
245 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
246 wants = dokuwiki.phpFpm.serviceDeps;
247 };
248 phpfpm-phpbb = {
249 after = lib.mkAfter phpbb.phpFpm.serviceDeps;
250 wants = phpbb.phpFpm.serviceDeps;
251 };
252 phpfpm-kanboard = {
253 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
254 wants = kanboard.phpFpm.serviceDeps;
255 };
256 phpfpm-ldap = {
257 after = lib.mkAfter ldap.phpFpm.serviceDeps;
258 wants = ldap.phpFpm.serviceDeps;
259 };
260 phpfpm-shaarli = {
261 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
262 wants = shaarli.phpFpm.serviceDeps;
263 };
264 phpfpm-ttrss = {
265 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
266 wants = ttrss.phpFpm.serviceDeps;
267 };
268 phpfpm-wallabag = {
269 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
270 wants = wallabag.phpFpm.serviceDeps;
271 preStart = lib.mkAfter wallabag.phpFpm.preStart;
272 };
273 phpfpm-yourls = {
274 after = lib.mkAfter yourls.phpFpm.serviceDeps;
275 wants = yourls.phpFpm.serviceDeps;
276 };
277 ympd = {
278 description = "Standalone MPD Web GUI written in C";
279 wantedBy = [ "multi-user.target" ];
280 script = ''
281 export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
282 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
283 '';
284 };
285 tt-rss = {
286 description = "Tiny Tiny RSS feeds update daemon";
287 serviceConfig = {
288 User = "wwwrun";
289 ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
290 StandardOutput = "syslog";
291 StandardError = "syslog";
292 PermissionsStartOnly = true;
293 };
294
295 wantedBy = [ "multi-user.target" ];
296 requires = ["postgresql.service"];
297 after = ["network.target" "postgresql.service"];
298 };
299 };
300
301 services.filesWatcher.ympd = {
302 restart = true;
303 paths = [ config.secrets.fullPaths."mpd" ];
304 };
305
306 services.phpfpm.pools = {
307 tools = {
308 user = "wwwrun";
309 group = "wwwrun";
310 settings = {
311 "listen.owner" = "wwwrun";
312 "listen.group" = "wwwrun";
313 "pm" = "dynamic";
314 "pm.max_children" = "60";
315 "pm.start_servers" = "2";
316 "pm.min_spare_servers" = "1";
317 "pm.max_spare_servers" = "10";
318
319 # Needed to avoid clashes in browser cookies (same domain)
320 "php_value[session.name]" = "ToolsPHPSESSID";
321 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
322 "/run/wrappers/bin/sendmail" landing "/tmp"
323 config.secrets.fullPaths."webapps/webhooks"
324 ];
325 "include" = config.secrets.fullPaths."webapps/tools-csp-reports.conf";
326 };
327 phpEnv = {
328 CONTACT_EMAIL = config.myEnv.tools.contact;
329 };
330 phpPackage = pkgs.php72;
331 };
332 devtools = {
333 user = "wwwrun";
334 group = "wwwrun";
335 settings = {
336 "listen.owner" = "wwwrun";
337 "listen.group" = "wwwrun";
338 "pm" = "dynamic";
339 "pm.max_children" = "60";
340 "pm.start_servers" = "2";
341 "pm.min_spare_servers" = "1";
342 "pm.max_spare_servers" = "10";
343
344 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
345 };
346 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
347 };
348 adminer = adminer.phpFpm;
349 ttrss = {
350 user = "wwwrun";
351 group = "wwwrun";
352 settings = ttrss.phpFpm.pool;
353 phpPackage = pkgs.php72;
354 };
355 wallabag = {
356 user = "wwwrun";
357 group = "wwwrun";
358 settings = wallabag.phpFpm.pool;
359 phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
360 };
361 yourls = {
362 user = "wwwrun";
363 group = "wwwrun";
364 settings = yourls.phpFpm.pool;
365 phpPackage = pkgs.php72;
366 };
367 rompr = {
368 user = "wwwrun";
369 group = "wwwrun";
370 settings = rompr.phpFpm.pool;
371 phpPackage = pkgs.php72;
372 };
373 shaarli = {
374 user = "wwwrun";
375 group = "wwwrun";
376 settings = shaarli.phpFpm.pool;
377 phpPackage = pkgs.php72;
378 };
379 dmarc-reports = {
380 user = "wwwrun";
381 group = "wwwrun";
382 settings = dmarc-reports.phpFpm.pool;
383 phpEnv = dmarc-reports.phpFpm.phpEnv;
384 phpPackage = pkgs.php72;
385 };
386 dokuwiki = {
387 user = "wwwrun";
388 group = "wwwrun";
389 settings = dokuwiki.phpFpm.pool;
390 phpPackage = pkgs.php72;
391 };
392 phpbb = {
393 user = "wwwrun";
394 group = "wwwrun";
395 settings = phpbb.phpFpm.pool;
396 phpPackage = pkgs.php72;
397 };
398 ldap = {
399 user = "wwwrun";
400 group = "wwwrun";
401 settings = ldap.phpFpm.pool;
402 phpPackage = pkgs.php72;
403 };
404 kanboard = {
405 user = "wwwrun";
406 group = "wwwrun";
407 settings = kanboard.phpFpm.pool;
408 phpPackage = pkgs.php72;
409 };
410 grocy = {
411 user = "wwwrun";
412 group = "wwwrun";
413 settings = grocy.phpFpm.pool;
414 phpPackage = pkgs.php72;
415 };
416 };
417
418 system.activationScripts = {
419 adminer = adminer.activationScript;
420 grocy = grocy.activationScript;
421 ttrss = ttrss.activationScript;
422 wallabag = wallabag.activationScript;
423 yourls = yourls.activationScript;
424 rompr = rompr.activationScript;
425 shaarli = shaarli.activationScript;
426 dokuwiki = dokuwiki.activationScript;
427 phpbb = phpbb.activationScript;
428 kanboard = kanboard.activationScript;
429 ldap = ldap.activationScript;
430 };
431
432 services.websites.webappDirs = {
433 _adminer = adminer.webRoot;
434 "${dmarc-reports.apache.webappName}" = dmarc-reports.webRoot;
435 "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
436 "${phpbb.apache.webappName}" = phpbb.webRoot;
437 "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
438 "${rompr.apache.webappName}" = rompr.webRoot;
439 "${shaarli.apache.webappName}" = shaarli.webRoot;
440 "${ttrss.apache.webappName}" = ttrss.webRoot;
441 "${wallabag.apache.webappName}" = wallabag.webRoot;
442 "${yourls.apache.webappName}" = yourls.webRoot;
443 "${kanboard.apache.webappName}" = kanboard.webRoot;
444 "${grocy.apache.webappName}" = grocy.webRoot;
445 };
446
447 services.websites.env.tools.watchPaths = [
448 config.secrets.fullPaths."webapps/tools-shaarli"
449 ];
450 services.filesWatcher.phpfpm-wallabag = {
451 restart = true;
452 paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
453 };
454
455 };
456 }
457
My infrastructure configuration