modules/private/websites/tools/tools/default.nix

   1 { lib, pkgs, config, ... }:
   2 let
   3   adminer = pkgs.callPackage ./adminer.nix {
   4     inherit (pkgs.webapps) adminer;
   5   };
   6   ympd = pkgs.callPackage ./ympd.nix {
   7     env = config.myEnv.tools.ympd;
   8   };
   9   ttrss = pkgs.callPackage ./ttrss.nix {
  10     inherit (pkgs.webapps) ttrss ttrss-plugins;
  11     env = config.myEnv.tools.ttrss;
  12   };
  13   kanboard = pkgs.callPackage ./kanboard.nix  {
  14     env = config.myEnv.tools.kanboard;
  15   };
  16   wallabag = pkgs.callPackage ./wallabag.nix {
  17     inherit (pkgs.webapps) wallabag;
  18     env = config.myEnv.tools.wallabag;
  19   };
  20   yourls = pkgs.callPackage ./yourls.nix {
  21     inherit (pkgs.webapps) yourls yourls-plugins;
  22     env = config.myEnv.tools.yourls;
  23   };
  24   rompr = pkgs.callPackage ./rompr.nix {
  25     inherit (pkgs.webapps) rompr;
  26     env = config.myEnv.tools.rompr;
  27   };
  28   shaarli = pkgs.callPackage ./shaarli.nix {
  29     env = config.myEnv.tools.shaarli;
  30   };
  31   dokuwiki = pkgs.callPackage ./dokuwiki.nix {
  32     inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
  33   };
  34   ldap = pkgs.callPackage ./ldap.nix {
  35     inherit (pkgs.webapps) phpldapadmin;
  36     env = config.myEnv.tools.phpldapadmin;
  37   };
  38   grocy = pkgs.callPackage ./grocy.nix {
  39     inherit (pkgs.webapps) grocy;
  40   };
  41
  42   cfg = config.myServices.websites.tools.tools;
  43   pcfg = config.services.phpfpm.pools;
  44 in {
  45   options.myServices.websites.tools.tools = {
  46     enable = lib.mkEnableOption "enable tools website";
  47   };
  48
  49   config = lib.mkIf cfg.enable {
  50     secrets.keys =
  51       kanboard.keys
  52       ++ ldap.keys
  53       ++ shaarli.keys
  54       ++ ttrss.keys
  55       ++ wallabag.keys
  56       ++ yourls.keys;
  57
  58     services.duplyBackup.profiles = {
  59       dokuwiki = dokuwiki.backups;
  60       grocy = grocy.backups;
  61       kanboard = kanboard.backups;
  62       rompr = rompr.backups;
  63       shaarli = shaarli.backups;
  64       ttrss = ttrss.backups;
  65       wallabag = wallabag.backups;
  66     };
  67
  68     services.websites.env.tools.modules =
  69       [ "proxy_fcgi" ]
  70       ++ adminer.apache.modules
  71       ++ ympd.apache.modules
  72       ++ ttrss.apache.modules
  73       ++ wallabag.apache.modules
  74       ++ yourls.apache.modules
  75       ++ rompr.apache.modules
  76       ++ shaarli.apache.modules
  77       ++ dokuwiki.apache.modules
  78       ++ ldap.apache.modules
  79       ++ kanboard.apache.modules;
  80
  81     services.websites.env.integration.vhostConfs.devtools = {
  82       certName     = "integration";
  83       certMainHost = "devtools.immae.eu";
  84       addToCerts   = true;
  85       hosts        = [ "devtools.immae.eu" ];
  86       root         = "/var/lib/ftp/devtools.immae.eu";
  87       extraConfig  = [
  88         ''
  89           Timeout 600
  90           ProxyTimeout 600
  91           <Directory "/var/lib/ftp/devtools.immae.eu">
  92             DirectoryIndex index.php index.htm index.html
  93             AllowOverride all
  94             Require all granted
  95             <FilesMatch "\.php$">
  96               SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
  97             </FilesMatch>
  98           </Directory>
  99           ''
 100       ];
 101     };
 102
 103     services.websites.env.tools.vhostConfs.tools = {
 104       certName    = "eldiron";
 105       addToCerts  = true;
 106       hosts       = ["tools.immae.eu" ];
 107       root        = "/var/lib/ftp/tools.immae.eu";
 108       extraConfig = [
 109         ''
 110           RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1
 111           RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1
 112           RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse
 113
 114           RewriteEngine On
 115           RewriteCond %{DOCUMENT_ROOT}/homer%{REQUEST_URI} -f
 116           RewriteRule ^(.*)$ /homer$1 [QSA,L]
 117
 118           <Directory "/var/lib/ftp/tools.immae.eu">
 119             DirectoryIndex index.php index.htm index.html
 120             AllowOverride all
 121             Require all granted
 122             <FilesMatch "\.php$">
 123               SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
 124             </FilesMatch>
 125           </Directory>
 126           ''
 127         (adminer.apache.vhostConf pcfg.adminer.socket)
 128         ympd.apache.vhostConf
 129         (ttrss.apache.vhostConf pcfg.ttrss.socket)
 130         (wallabag.apache.vhostConf pcfg.wallabag.socket)
 131         (yourls.apache.vhostConf pcfg.yourls.socket)
 132         (rompr.apache.vhostConf pcfg.rompr.socket)
 133         (shaarli.apache.vhostConf pcfg.shaarli.socket)
 134         (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
 135         (ldap.apache.vhostConf pcfg.ldap.socket)
 136         (kanboard.apache.vhostConf pcfg.kanboard.socket)
 137         (grocy.apache.vhostConf pcfg.grocy.socket)
 138         ''
 139           Alias /paste /var/lib/fiche
 140           <Directory "/var/lib/fiche">
 141             DirectoryIndex index.txt index.html
 142             AllowOverride None
 143             Require all granted
 144             Options -Indexes
 145           </Directory>
 146         ''
 147       ];
 148     };
 149
 150     services.websites.env.tools.vhostConfs.outils = {
 151       certName   = "eldiron";
 152       addToCerts = true;
 153       hosts      = [ "outils.immae.eu" ];
 154       root       = null;
 155       extraConfig = [
 156         ''
 157         RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
 158
 159         RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1
 160
 161         RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
 162         RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1
 163
 164         RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
 165         RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
 166         RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
 167         RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1
 168
 169         RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1
 170
 171         RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1
 172
 173         RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse
 174
 175         RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1
 176
 177         RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
 178         ''
 179       ];
 180     };
 181
 182     systemd.services = {
 183       phpfpm-dokuwiki = {
 184         after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
 185         wants = dokuwiki.phpFpm.serviceDeps;
 186       };
 187       phpfpm-kanboard = {
 188         after = lib.mkAfter kanboard.phpFpm.serviceDeps;
 189         wants = kanboard.phpFpm.serviceDeps;
 190       };
 191       phpfpm-ldap = {
 192         after = lib.mkAfter ldap.phpFpm.serviceDeps;
 193         wants = ldap.phpFpm.serviceDeps;
 194       };
 195       phpfpm-shaarli = {
 196         after = lib.mkAfter shaarli.phpFpm.serviceDeps;
 197         wants = shaarli.phpFpm.serviceDeps;
 198       };
 199       phpfpm-ttrss = {
 200         after = lib.mkAfter ttrss.phpFpm.serviceDeps;
 201         wants = ttrss.phpFpm.serviceDeps;
 202       };
 203       phpfpm-wallabag = {
 204         after = lib.mkAfter wallabag.phpFpm.serviceDeps;
 205         wants = wallabag.phpFpm.serviceDeps;
 206         preStart = lib.mkAfter wallabag.phpFpm.preStart;
 207       };
 208       phpfpm-yourls = {
 209         after = lib.mkAfter yourls.phpFpm.serviceDeps;
 210         wants = yourls.phpFpm.serviceDeps;
 211       };
 212       ympd = {
 213         description = "Standalone MPD Web GUI written in C";
 214         wantedBy = [ "multi-user.target" ];
 215         script = ''
 216           export MPD_PASSWORD=$(cat /var/secrets/mpd)
 217           ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
 218           '';
 219       };
 220       tt-rss = {
 221         description = "Tiny Tiny RSS feeds update daemon";
 222         serviceConfig = {
 223           User = "wwwrun";
 224           ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
 225           StandardOutput = "syslog";
 226           StandardError = "syslog";
 227           PermissionsStartOnly = true;
 228         };
 229
 230         wantedBy = [ "multi-user.target" ];
 231         requires = ["postgresql.service"];
 232         after = ["network.target" "postgresql.service"];
 233       };
 234     };
 235
 236     services.filesWatcher.ympd = {
 237       restart = true;
 238       paths = [ "/var/secrets/mpd" ];
 239     };
 240
 241     services.phpfpm.pools = {
 242       tools = {
 243         user = "wwwrun";
 244         group = "wwwrun";
 245         settings = {
 246           "listen.owner" = "wwwrun";
 247           "listen.group" = "wwwrun";
 248           "pm" = "dynamic";
 249           "pm.max_children" = "60";
 250           "pm.start_servers" = "2";
 251           "pm.min_spare_servers" = "1";
 252           "pm.max_spare_servers" = "10";
 253
 254           # Needed to avoid clashes in browser cookies (same domain)
 255           "php_value[session.name]" = "ToolsPHPSESSID";
 256           "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp";
 257         };
 258       };
 259       devtools = {
 260         user = "wwwrun";
 261         group = "wwwrun";
 262         settings = {
 263           "listen.owner" = "wwwrun";
 264           "listen.group" = "wwwrun";
 265           "pm" = "dynamic";
 266           "pm.max_children" = "60";
 267           "pm.start_servers" = "2";
 268           "pm.min_spare_servers" = "1";
 269           "pm.max_spare_servers" = "10";
 270
 271           "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
 272         };
 273         phpOptions = config.services.phpfpm.phpOptions + ''
 274           extension=${pkgs.php}/lib/php/extensions/mysqli.so
 275           extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
 276           extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
 277           zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
 278           '';
 279       };
 280       adminer = adminer.phpFpm;
 281       ttrss = {
 282         user = "wwwrun";
 283         group = "wwwrun";
 284         settings = ttrss.phpFpm.pool;
 285       };
 286       wallabag = {
 287         user = "wwwrun";
 288         group = "wwwrun";
 289         settings = wallabag.phpFpm.pool;
 290       };
 291       yourls = {
 292         user = "wwwrun";
 293         group = "wwwrun";
 294         settings = yourls.phpFpm.pool;
 295       };
 296       rompr = {
 297         user = "wwwrun";
 298         group = "wwwrun";
 299         settings = rompr.phpFpm.pool;
 300       };
 301       shaarli = {
 302         user = "wwwrun";
 303         group = "wwwrun";
 304         settings = shaarli.phpFpm.pool;
 305       };
 306       dokuwiki = {
 307         user = "wwwrun";
 308         group = "wwwrun";
 309         settings = dokuwiki.phpFpm.pool;
 310       };
 311       ldap = {
 312         user = "wwwrun";
 313         group = "wwwrun";
 314         settings = ldap.phpFpm.pool;
 315         phpPackage = pkgs.php72;
 316       };
 317       kanboard = {
 318         user = "wwwrun";
 319         group = "wwwrun";
 320         settings = kanboard.phpFpm.pool;
 321       };
 322       grocy = {
 323         user = "wwwrun";
 324         group = "wwwrun";
 325         settings = grocy.phpFpm.pool;
 326       };
 327     };
 328
 329     system.activationScripts = {
 330       adminer = adminer.activationScript;
 331       grocy = grocy.activationScript;
 332       ttrss = ttrss.activationScript;
 333       wallabag = wallabag.activationScript;
 334       yourls = yourls.activationScript;
 335       rompr = rompr.activationScript;
 336       shaarli = shaarli.activationScript;
 337       dokuwiki = dokuwiki.activationScript;
 338       kanboard = kanboard.activationScript;
 339       ldap = ldap.activationScript;
 340     };
 341
 342     services.websites.webappDirs = {
 343       _adminer = adminer.webRoot;
 344       "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
 345       "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
 346       "${rompr.apache.webappName}" = rompr.webRoot;
 347       "${shaarli.apache.webappName}" = shaarli.webRoot;
 348       "${ttrss.apache.webappName}" = ttrss.webRoot;
 349       "${wallabag.apache.webappName}" = wallabag.webRoot;
 350       "${yourls.apache.webappName}" = yourls.webRoot;
 351       "${kanboard.apache.webappName}" = kanboard.webRoot;
 352       "${grocy.apache.webappName}" = grocy.webRoot;
 353     };
 354
 355     services.websites.env.tools.watchPaths = [
 356       "/var/secrets/webapps/tools-shaarli"
 357     ];
 358     services.filesWatcher.phpfpm-wallabag = {
 359       restart = true;
 360       paths = [ "/var/secrets/webapps/tools-wallabag" ];
 361     };
 362
 363     services.fiche = {
 364       enable = true;
 365       port = config.myEnv.ports.fiche;
 366       domain = "tools.immae.eu/paste";
 367       https = true;
 368     };
 369   };
 370 }
 371