]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/websites/tools/tools/default.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Migrate manual scripts from tools.immae.eu
[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix
1 { lib, pkgs, config, ... }:
2 let
3 adminer = pkgs.callPackage ./adminer.nix {
4 inherit (pkgs.webapps) adminer;
5 };
6 ympd = pkgs.callPackage ./ympd.nix {
7 env = config.myEnv.tools.ympd;
8 };
9 ttrss = pkgs.callPackage ./ttrss.nix {
10 inherit (pkgs.webapps) ttrss ttrss-plugins;
11 env = config.myEnv.tools.ttrss;
12 };
13 kanboard = pkgs.callPackage ./kanboard.nix {
14 env = config.myEnv.tools.kanboard;
15 };
16 wallabag = pkgs.callPackage ./wallabag.nix {
17 inherit (pkgs.webapps) wallabag;
18 env = config.myEnv.tools.wallabag;
19 };
20 yourls = pkgs.callPackage ./yourls.nix {
21 inherit (pkgs.webapps) yourls yourls-plugins;
22 env = config.myEnv.tools.yourls;
23 };
24 rompr = pkgs.callPackage ./rompr.nix {
25 inherit (pkgs.webapps) rompr;
26 env = config.myEnv.tools.rompr;
27 };
28 shaarli = pkgs.callPackage ./shaarli.nix {
29 env = config.myEnv.tools.shaarli;
30 };
31 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
32 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
33 };
34 ldap = pkgs.callPackage ./ldap.nix {
35 inherit (pkgs.webapps) phpldapadmin;
36 env = config.myEnv.tools.phpldapadmin;
37 };
38 grocy = pkgs.callPackage ./grocy.nix {
39 inherit (pkgs.webapps) grocy;
40 };
41 webhooks = pkgs.callPackage ./webhooks.nix {
42 env = config.myEnv.tools.webhooks;
43 };
44
45 landing = pkgs.callPackage ./landing.nix {};
46
47 cfg = config.myServices.websites.tools.tools;
48 pcfg = config.services.phpfpm.pools;
49 in {
50 options.myServices.websites.tools.tools = {
51 enable = lib.mkEnableOption "enable tools website";
52 };
53
54 config = lib.mkIf cfg.enable {
55 secrets.keys =
56 kanboard.keys
57 ++ ldap.keys
58 ++ shaarli.keys
59 ++ ttrss.keys
60 ++ wallabag.keys
61 ++ yourls.keys
62 ++ webhooks.keys;
63
64 services.duplyBackup.profiles = {
65 dokuwiki = dokuwiki.backups;
66 grocy = grocy.backups;
67 kanboard = kanboard.backups;
68 rompr = rompr.backups;
69 shaarli = shaarli.backups;
70 ttrss = ttrss.backups;
71 wallabag = wallabag.backups;
72 };
73
74 services.websites.env.tools.modules =
75 [ "proxy_fcgi" ]
76 ++ adminer.apache.modules
77 ++ ympd.apache.modules
78 ++ ttrss.apache.modules
79 ++ wallabag.apache.modules
80 ++ yourls.apache.modules
81 ++ rompr.apache.modules
82 ++ shaarli.apache.modules
83 ++ dokuwiki.apache.modules
84 ++ ldap.apache.modules
85 ++ kanboard.apache.modules;
86
87 services.websites.env.integration.vhostConfs.devtools = {
88 certName = "integration";
89 certMainHost = "devtools.immae.eu";
90 addToCerts = true;
91 hosts = [ "devtools.immae.eu" ];
92 root = "/var/lib/ftp/devtools.immae.eu";
93 extraConfig = [
94 ''
95 Timeout 600
96 ProxyTimeout 600
97 <Directory "/var/lib/ftp/devtools.immae.eu">
98 DirectoryIndex index.php index.htm index.html
99 AllowOverride all
100 Require all granted
101 <FilesMatch "\.php$">
102 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
103 </FilesMatch>
104 </Directory>
105 ''
106 ];
107 };
108
109 services.websites.env.tools.vhostConfs.tools = {
110 certName = "eldiron";
111 addToCerts = true;
112 hosts = ["tools.immae.eu" ];
113 root = "/var/lib/ftp/tools.immae.eu";
114 extraConfig = [
115 ''
116 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
117 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
118 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
119
120 Alias /landing ${landing}
121 <Directory "${landing}">
122 DirectoryIndex index.html
123 AllowOverride None
124 Require all granted
125
126 <FilesMatch "\.php$">
127 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
128 </FilesMatch>
129 </Directory>
130
131 <Directory "/var/lib/ftp/tools.immae.eu">
132 DirectoryIndex index.php index.htm index.html
133 AllowOverride all
134 Require all granted
135 <FilesMatch "\.php$">
136 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
137 </FilesMatch>
138
139 RewriteEngine On
140 RewriteCond ${landing}%{REQUEST_URI} -f
141 RewriteRule ^(.*)$ /landing/$1 [L]
142 RewriteRule ^$ /landing/ [L]
143 </Directory>
144 ''
145 (adminer.apache.vhostConf pcfg.adminer.socket)
146 ympd.apache.vhostConf
147 (ttrss.apache.vhostConf pcfg.ttrss.socket)
148 (wallabag.apache.vhostConf pcfg.wallabag.socket)
149 (yourls.apache.vhostConf pcfg.yourls.socket)
150 (rompr.apache.vhostConf pcfg.rompr.socket)
151 (shaarli.apache.vhostConf pcfg.shaarli.socket)
152 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
153 (ldap.apache.vhostConf pcfg.ldap.socket)
154 (kanboard.apache.vhostConf pcfg.kanboard.socket)
155 (grocy.apache.vhostConf pcfg.grocy.socket)
156 ''
157 Alias /paste /var/lib/fiche
158 <Directory "/var/lib/fiche">
159 DirectoryIndex index.txt index.html
160 AllowOverride None
161 Require all granted
162 Options -Indexes
163 </Directory>
164
165 Alias /BIP39 /var/lib/buildbot/outputs/bip39
166 <Directory "/var/lib/buildbot/outputs/bip39">
167 DirectoryIndex index.html
168 AllowOverride None
169 Require all granted
170 </Directory>
171
172 Alias /webhooks ${config.secrets.location}/webapps/webhooks
173 <Directory "${config.secrets.location}/webapps/webhooks">
174 Options -Indexes
175 Require all granted
176 AllowOverride None
177 <FilesMatch "\.php$">
178 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
179 </FilesMatch>
180 </Directory>
181 ''
182 ];
183 };
184
185 services.websites.env.tools.vhostConfs.outils = {
186 certName = "eldiron";
187 addToCerts = true;
188 hosts = [ "outils.immae.eu" ];
189 root = null;
190 extraConfig = [
191 ''
192 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
193
194 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
195
196 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
197 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
198
199 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
200 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
201 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
202 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
203
204 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
205
206 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
207
208 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
209
210 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
211
212 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
213 ''
214 ];
215 };
216
217 systemd.services = {
218 phpfpm-dokuwiki = {
219 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
220 wants = dokuwiki.phpFpm.serviceDeps;
221 };
222 phpfpm-kanboard = {
223 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
224 wants = kanboard.phpFpm.serviceDeps;
225 };
226 phpfpm-ldap = {
227 after = lib.mkAfter ldap.phpFpm.serviceDeps;
228 wants = ldap.phpFpm.serviceDeps;
229 };
230 phpfpm-shaarli = {
231 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
232 wants = shaarli.phpFpm.serviceDeps;
233 };
234 phpfpm-ttrss = {
235 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
236 wants = ttrss.phpFpm.serviceDeps;
237 };
238 phpfpm-wallabag = {
239 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
240 wants = wallabag.phpFpm.serviceDeps;
241 preStart = lib.mkAfter wallabag.phpFpm.preStart;
242 };
243 phpfpm-yourls = {
244 after = lib.mkAfter yourls.phpFpm.serviceDeps;
245 wants = yourls.phpFpm.serviceDeps;
246 };
247 ympd = {
248 description = "Standalone MPD Web GUI written in C";
249 wantedBy = [ "multi-user.target" ];
250 script = ''
251 export MPD_PASSWORD=$(cat /var/secrets/mpd)
252 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
253 '';
254 };
255 tt-rss = {
256 description = "Tiny Tiny RSS feeds update daemon";
257 serviceConfig = {
258 User = "wwwrun";
259 ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
260 StandardOutput = "syslog";
261 StandardError = "syslog";
262 PermissionsStartOnly = true;
263 };
264
265 wantedBy = [ "multi-user.target" ];
266 requires = ["postgresql.service"];
267 after = ["network.target" "postgresql.service"];
268 };
269 };
270
271 services.filesWatcher.ympd = {
272 restart = true;
273 paths = [ "/var/secrets/mpd" ];
274 };
275
276 services.phpfpm.pools = {
277 tools = {
278 user = "wwwrun";
279 group = "wwwrun";
280 settings = {
281 "listen.owner" = "wwwrun";
282 "listen.group" = "wwwrun";
283 "pm" = "dynamic";
284 "pm.max_children" = "60";
285 "pm.start_servers" = "2";
286 "pm.min_spare_servers" = "1";
287 "pm.max_spare_servers" = "10";
288
289 # Needed to avoid clashes in browser cookies (same domain)
290 "php_value[session.name]" = "ToolsPHPSESSID";
291 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
292 "/run/wrappers/bin/sendmail" "/var/lib/ftp/tools.immae.eu"
293 landing "/tmp" "${config.secrets.location}/webapps/webhooks"
294 ];
295 };
296 phpEnv = {
297 CONTACT_EMAIL = config.myEnv.tools.contact;
298 };
299 };
300 devtools = {
301 user = "wwwrun";
302 group = "wwwrun";
303 settings = {
304 "listen.owner" = "wwwrun";
305 "listen.group" = "wwwrun";
306 "pm" = "dynamic";
307 "pm.max_children" = "60";
308 "pm.start_servers" = "2";
309 "pm.min_spare_servers" = "1";
310 "pm.max_spare_servers" = "10";
311
312 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
313 };
314 phpOptions = config.services.phpfpm.phpOptions + ''
315 extension=${pkgs.php}/lib/php/extensions/mysqli.so
316 extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
317 extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
318 zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
319 '';
320 };
321 adminer = adminer.phpFpm;
322 ttrss = {
323 user = "wwwrun";
324 group = "wwwrun";
325 settings = ttrss.phpFpm.pool;
326 };
327 wallabag = {
328 user = "wwwrun";
329 group = "wwwrun";
330 settings = wallabag.phpFpm.pool;
331 };
332 yourls = {
333 user = "wwwrun";
334 group = "wwwrun";
335 settings = yourls.phpFpm.pool;
336 };
337 rompr = {
338 user = "wwwrun";
339 group = "wwwrun";
340 settings = rompr.phpFpm.pool;
341 };
342 shaarli = {
343 user = "wwwrun";
344 group = "wwwrun";
345 settings = shaarli.phpFpm.pool;
346 };
347 dokuwiki = {
348 user = "wwwrun";
349 group = "wwwrun";
350 settings = dokuwiki.phpFpm.pool;
351 };
352 ldap = {
353 user = "wwwrun";
354 group = "wwwrun";
355 settings = ldap.phpFpm.pool;
356 phpPackage = pkgs.php72;
357 };
358 kanboard = {
359 user = "wwwrun";
360 group = "wwwrun";
361 settings = kanboard.phpFpm.pool;
362 };
363 grocy = {
364 user = "wwwrun";
365 group = "wwwrun";
366 settings = grocy.phpFpm.pool;
367 };
368 };
369
370 system.activationScripts = {
371 adminer = adminer.activationScript;
372 grocy = grocy.activationScript;
373 ttrss = ttrss.activationScript;
374 wallabag = wallabag.activationScript;
375 yourls = yourls.activationScript;
376 rompr = rompr.activationScript;
377 shaarli = shaarli.activationScript;
378 dokuwiki = dokuwiki.activationScript;
379 kanboard = kanboard.activationScript;
380 ldap = ldap.activationScript;
381 };
382
383 services.websites.webappDirs = {
384 _adminer = adminer.webRoot;
385 "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
386 "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
387 "${rompr.apache.webappName}" = rompr.webRoot;
388 "${shaarli.apache.webappName}" = shaarli.webRoot;
389 "${ttrss.apache.webappName}" = ttrss.webRoot;
390 "${wallabag.apache.webappName}" = wallabag.webRoot;
391 "${yourls.apache.webappName}" = yourls.webRoot;
392 "${kanboard.apache.webappName}" = kanboard.webRoot;
393 "${grocy.apache.webappName}" = grocy.webRoot;
394 };
395
396 services.websites.env.tools.watchPaths = [
397 "/var/secrets/webapps/tools-shaarli"
398 ];
399 services.filesWatcher.phpfpm-wallabag = {
400 restart = true;
401 paths = [ "/var/secrets/webapps/tools-wallabag" ];
402 };
403
404 services.fiche = {
405 enable = true;
406 port = config.myEnv.ports.fiche;
407 domain = "tools.immae.eu/paste";
408 https = true;
409 };
410 };
411 }
412
My infrastructure configuration