]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/websites/tools/tools/default.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Remove overlay that overrides the php version
[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix
1 { lib, pkgs, config, ... }:
2 let
3 adminer = pkgs.callPackage ./adminer.nix {
4 inherit (pkgs.webapps) adminer;
5 };
6 ympd = pkgs.callPackage ./ympd.nix {
7 env = config.myEnv.tools.ympd;
8 };
9 ttrss = pkgs.callPackage ./ttrss.nix {
10 inherit (pkgs.webapps) ttrss ttrss-plugins;
11 env = config.myEnv.tools.ttrss;
12 php = pkgs.php72;
13 };
14 kanboard = pkgs.callPackage ./kanboard.nix {
15 env = config.myEnv.tools.kanboard;
16 };
17 wallabag = pkgs.callPackage ./wallabag.nix {
18 wallabag = pkgs.webapps.wallabag.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
19 env = config.myEnv.tools.wallabag;
20 };
21 yourls = pkgs.callPackage ./yourls.nix {
22 inherit (pkgs.webapps) yourls yourls-plugins;
23 env = config.myEnv.tools.yourls;
24 };
25 rompr = pkgs.callPackage ./rompr.nix {
26 inherit (pkgs.webapps) rompr;
27 env = config.myEnv.tools.rompr;
28 };
29 shaarli = pkgs.callPackage ./shaarli.nix {
30 env = config.myEnv.tools.shaarli;
31 };
32 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
33 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
34 };
35 ldap = pkgs.callPackage ./ldap.nix {
36 inherit (pkgs.webapps) phpldapadmin;
37 env = config.myEnv.tools.phpldapadmin;
38 };
39 grocy = pkgs.callPackage ./grocy.nix {
40 grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
41 };
42 phpbb = pkgs.callPackage ./phpbb.nix {
43 phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
44 e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
45 e.empteintesduweb.monitoranswers e.lr94.autosubscribe
46 e.phpbbmodders.adduser ]);
47 };
48 webhooks = pkgs.callPackage ./webhooks.nix {
49 env = config.myEnv.tools.webhooks;
50 };
51 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
52 env = config.myEnv.tools.dmarc_reports;
53 };
54
55 landing = pkgs.callPackage ./landing.nix {};
56
57 cfg = config.myServices.websites.tools.tools;
58 pcfg = config.services.phpfpm.pools;
59 in {
60 options.myServices.websites.tools.tools = {
61 enable = lib.mkEnableOption "enable tools website";
62 };
63
64 config = lib.mkIf cfg.enable {
65 secrets.keys =
66 kanboard.keys
67 ++ ldap.keys
68 ++ shaarli.keys
69 ++ ttrss.keys
70 ++ wallabag.keys
71 ++ yourls.keys
72 ++ dmarc-reports.keys
73 ++ webhooks.keys;
74
75 services.duplyBackup.profiles = {
76 dokuwiki = dokuwiki.backups;
77 grocy = grocy.backups;
78 kanboard = kanboard.backups;
79 rompr = rompr.backups;
80 shaarli = shaarli.backups;
81 ttrss = ttrss.backups;
82 wallabag = wallabag.backups;
83 phpbb = phpbb.backups;
84 };
85
86 services.websites.env.tools.modules =
87 [ "proxy_fcgi" ]
88 ++ adminer.apache.modules
89 ++ ympd.apache.modules
90 ++ ttrss.apache.modules
91 ++ wallabag.apache.modules
92 ++ yourls.apache.modules
93 ++ rompr.apache.modules
94 ++ shaarli.apache.modules
95 ++ dokuwiki.apache.modules
96 ++ dmarc-reports.apache.modules
97 ++ phpbb.apache.modules
98 ++ ldap.apache.modules
99 ++ kanboard.apache.modules;
100
101 services.websites.env.integration.vhostConfs.devtools = {
102 certName = "integration";
103 certMainHost = "devtools.immae.eu";
104 addToCerts = true;
105 hosts = [ "devtools.immae.eu" ];
106 root = "/var/lib/ftp/devtools.immae.eu";
107 extraConfig = [
108 ''
109 Timeout 600
110 ProxyTimeout 600
111 <Directory "/var/lib/ftp/devtools.immae.eu">
112 DirectoryIndex index.php index.htm index.html
113 AllowOverride all
114 Require all granted
115 <FilesMatch "\.php$">
116 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
117 </FilesMatch>
118 </Directory>
119 ''
120 ];
121 };
122
123 services.websites.env.tools.vhostConfs.tools = {
124 certName = "eldiron";
125 addToCerts = true;
126 hosts = ["tools.immae.eu" ];
127 root = landing;
128 extraConfig = [
129 ''
130 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
131 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
132 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
133
134 <Directory "${landing}">
135 DirectoryIndex index.html
136 AllowOverride None
137 Require all granted
138
139 <FilesMatch "\.php$">
140 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
141 </FilesMatch>
142 </Directory>
143 ''
144 (adminer.apache.vhostConf pcfg.adminer.socket)
145 ympd.apache.vhostConf
146 (ttrss.apache.vhostConf pcfg.ttrss.socket)
147 (wallabag.apache.vhostConf pcfg.wallabag.socket)
148 (yourls.apache.vhostConf pcfg.yourls.socket)
149 (rompr.apache.vhostConf pcfg.rompr.socket)
150 (shaarli.apache.vhostConf pcfg.shaarli.socket)
151 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
152 (ldap.apache.vhostConf pcfg.ldap.socket)
153 (kanboard.apache.vhostConf pcfg.kanboard.socket)
154 (grocy.apache.vhostConf pcfg.grocy.socket)
155 (phpbb.apache.vhostConf pcfg.phpbb.socket)
156 (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
157 ''
158 Alias /paste /var/lib/fiche
159 <Directory "/var/lib/fiche">
160 DirectoryIndex index.txt index.html
161 AllowOverride None
162 Require all granted
163 Options -Indexes
164 </Directory>
165
166 Alias /BIP39 /var/lib/buildbot/outputs/bip39
167 <Directory "/var/lib/buildbot/outputs/bip39">
168 DirectoryIndex index.html
169 AllowOverride None
170 Require all granted
171 </Directory>
172
173 Alias /webhooks ${config.secrets.location}/webapps/webhooks
174 <Directory "${config.secrets.location}/webapps/webhooks">
175 Options -Indexes
176 Require all granted
177 AllowOverride None
178 <FilesMatch "\.php$">
179 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
180 </FilesMatch>
181 </Directory>
182 ''
183 ];
184 };
185
186 services.websites.env.tools.vhostConfs.outils = {
187 certName = "eldiron";
188 addToCerts = true;
189 hosts = [ "outils.immae.eu" ];
190 root = null;
191 extraConfig = [
192 ''
193 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
194
195 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
196
197 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
198 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
199
200 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
201 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
202 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
203 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
204
205 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
206
207 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
208
209 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
210
211 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
212
213 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
214 ''
215 ];
216 };
217
218 systemd.services = {
219 phpfpm-dokuwiki = {
220 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
221 wants = dokuwiki.phpFpm.serviceDeps;
222 };
223 phpfpm-phpbb = {
224 after = lib.mkAfter phpbb.phpFpm.serviceDeps;
225 wants = phpbb.phpFpm.serviceDeps;
226 };
227 phpfpm-kanboard = {
228 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
229 wants = kanboard.phpFpm.serviceDeps;
230 };
231 phpfpm-ldap = {
232 after = lib.mkAfter ldap.phpFpm.serviceDeps;
233 wants = ldap.phpFpm.serviceDeps;
234 };
235 phpfpm-shaarli = {
236 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
237 wants = shaarli.phpFpm.serviceDeps;
238 };
239 phpfpm-ttrss = {
240 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
241 wants = ttrss.phpFpm.serviceDeps;
242 };
243 phpfpm-wallabag = {
244 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
245 wants = wallabag.phpFpm.serviceDeps;
246 preStart = lib.mkAfter wallabag.phpFpm.preStart;
247 };
248 phpfpm-yourls = {
249 after = lib.mkAfter yourls.phpFpm.serviceDeps;
250 wants = yourls.phpFpm.serviceDeps;
251 };
252 ympd = {
253 description = "Standalone MPD Web GUI written in C";
254 wantedBy = [ "multi-user.target" ];
255 script = ''
256 export MPD_PASSWORD=$(cat /var/secrets/mpd)
257 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
258 '';
259 };
260 tt-rss = {
261 description = "Tiny Tiny RSS feeds update daemon";
262 serviceConfig = {
263 User = "wwwrun";
264 ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
265 StandardOutput = "syslog";
266 StandardError = "syslog";
267 PermissionsStartOnly = true;
268 };
269
270 wantedBy = [ "multi-user.target" ];
271 requires = ["postgresql.service"];
272 after = ["network.target" "postgresql.service"];
273 };
274 };
275
276 services.filesWatcher.ympd = {
277 restart = true;
278 paths = [ "/var/secrets/mpd" ];
279 };
280
281 services.phpfpm.pools = {
282 tools = {
283 user = "wwwrun";
284 group = "wwwrun";
285 settings = {
286 "listen.owner" = "wwwrun";
287 "listen.group" = "wwwrun";
288 "pm" = "dynamic";
289 "pm.max_children" = "60";
290 "pm.start_servers" = "2";
291 "pm.min_spare_servers" = "1";
292 "pm.max_spare_servers" = "10";
293
294 # Needed to avoid clashes in browser cookies (same domain)
295 "php_value[session.name]" = "ToolsPHPSESSID";
296 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
297 "/run/wrappers/bin/sendmail" landing "/tmp"
298 "${config.secrets.location}/webapps/webhooks"
299 ];
300 };
301 phpEnv = {
302 CONTACT_EMAIL = config.myEnv.tools.contact;
303 };
304 phpPackage = pkgs.php72;
305 };
306 devtools = {
307 user = "wwwrun";
308 group = "wwwrun";
309 settings = {
310 "listen.owner" = "wwwrun";
311 "listen.group" = "wwwrun";
312 "pm" = "dynamic";
313 "pm.max_children" = "60";
314 "pm.start_servers" = "2";
315 "pm.min_spare_servers" = "1";
316 "pm.max_spare_servers" = "10";
317
318 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
319 };
320 phpOptions = config.services.phpfpm.phpOptions + ''
321 extension=${pkgs.php72}/lib/php/extensions/mysqli.so
322 extension=${pkgs.php72Packages.redis}/lib/php/extensions/redis.so
323 extension=${pkgs.php72Packages.apcu}/lib/php/extensions/apcu.so
324 zend_extension=${pkgs.php72}/lib/php/extensions/opcache.so
325 '';
326 phpPackage = pkgs.php72;
327 };
328 adminer = adminer.phpFpm;
329 ttrss = {
330 user = "wwwrun";
331 group = "wwwrun";
332 settings = ttrss.phpFpm.pool;
333 phpPackage = pkgs.php72;
334 };
335 wallabag = {
336 user = "wwwrun";
337 group = "wwwrun";
338 settings = wallabag.phpFpm.pool;
339 phpPackage = pkgs.php72;
340 };
341 yourls = {
342 user = "wwwrun";
343 group = "wwwrun";
344 settings = yourls.phpFpm.pool;
345 phpPackage = pkgs.php72;
346 };
347 rompr = {
348 user = "wwwrun";
349 group = "wwwrun";
350 settings = rompr.phpFpm.pool;
351 phpPackage = pkgs.php72;
352 };
353 shaarli = {
354 user = "wwwrun";
355 group = "wwwrun";
356 settings = shaarli.phpFpm.pool;
357 phpPackage = pkgs.php72;
358 };
359 dmarc-reports = {
360 user = "wwwrun";
361 group = "wwwrun";
362 settings = dmarc-reports.phpFpm.pool;
363 phpEnv = dmarc-reports.phpFpm.phpEnv;
364 phpOptions = config.services.phpfpm.phpOptions + ''
365 extension=${pkgs.php72}/lib/php/extensions/mysqli.so
366 '';
367 phpPackage = pkgs.php72;
368 };
369 dokuwiki = {
370 user = "wwwrun";
371 group = "wwwrun";
372 settings = dokuwiki.phpFpm.pool;
373 phpPackage = pkgs.php72;
374 };
375 phpbb = {
376 user = "wwwrun";
377 group = "wwwrun";
378 settings = phpbb.phpFpm.pool;
379 phpPackage = pkgs.php72;
380 };
381 ldap = {
382 user = "wwwrun";
383 group = "wwwrun";
384 settings = ldap.phpFpm.pool;
385 phpPackage = pkgs.php72;
386 };
387 kanboard = {
388 user = "wwwrun";
389 group = "wwwrun";
390 settings = kanboard.phpFpm.pool;
391 phpPackage = pkgs.php72;
392 };
393 grocy = {
394 user = "wwwrun";
395 group = "wwwrun";
396 settings = grocy.phpFpm.pool;
397 phpPackage = pkgs.php72;
398 };
399 };
400
401 system.activationScripts = {
402 adminer = adminer.activationScript;
403 grocy = grocy.activationScript;
404 ttrss = ttrss.activationScript;
405 wallabag = wallabag.activationScript;
406 yourls = yourls.activationScript;
407 rompr = rompr.activationScript;
408 shaarli = shaarli.activationScript;
409 dokuwiki = dokuwiki.activationScript;
410 phpbb = phpbb.activationScript;
411 kanboard = kanboard.activationScript;
412 ldap = ldap.activationScript;
413 };
414
415 services.websites.webappDirs = {
416 _adminer = adminer.webRoot;
417 "${dmarc-reports.apache.webappName}" = dmarc-reports.webRoot;
418 "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
419 "${phpbb.apache.webappName}" = phpbb.webRoot;
420 "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
421 "${rompr.apache.webappName}" = rompr.webRoot;
422 "${shaarli.apache.webappName}" = shaarli.webRoot;
423 "${ttrss.apache.webappName}" = ttrss.webRoot;
424 "${wallabag.apache.webappName}" = wallabag.webRoot;
425 "${yourls.apache.webappName}" = yourls.webRoot;
426 "${kanboard.apache.webappName}" = kanboard.webRoot;
427 "${grocy.apache.webappName}" = grocy.webRoot;
428 };
429
430 services.websites.env.tools.watchPaths = [
431 "/var/secrets/webapps/tools-shaarli"
432 ];
433 services.filesWatcher.phpfpm-wallabag = {
434 restart = true;
435 paths = [ "/var/secrets/webapps/tools-wallabag" ];
436 };
437
438 services.fiche = {
439 enable = true;
440 port = config.myEnv.ports.fiche;
441 domain = "tools.immae.eu/paste";
442 https = true;
443 };
444 };
445 }
446
My infrastructure configuration