]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - systems/eldiron/websites/tools/default.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bump php in devtools
[perso/Immae/Config/Nix.git] / systems / eldiron / websites / tools / default.nix
1 { lib, pkgs, config, mypackages-lib, grocy, ... }:
2 let
3 composerEnv = mypackages-lib.composerEnv;
4 adminer = pkgs.callPackage ./adminer.nix { inherit config; };
5 ympd = pkgs.callPackage ./ympd.nix {
6 env = config.myEnv.tools.ympd;
7 inherit config;
8 };
9 ttrss = pkgs.callPackage ./ttrss.nix {
10 ttrss = pkgs.webapps-ttrss;
11 ttrss-plugins = pkgs.webapps-ttrss-plugins;
12 env = config.myEnv.tools.ttrss;
13 php = pkgs.php72;
14 inherit config;
15 };
16 kanboard = pkgs.callPackage ./kanboard.nix {
17 inherit config;
18 env = config.myEnv.tools.kanboard;
19 };
20 wallabag = pkgs.callPackage ./wallabag.nix {
21 wallabag = pkgs.webapps-wallabag.override {
22 composerEnv = composerEnv.override {
23 php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
24 };
25 };
26 env = config.myEnv.tools.wallabag;
27 inherit config;
28 };
29 yourls = pkgs.callPackage ./yourls.nix {
30 yourls = pkgs.webapps-yourls;
31 yourls-plugins = pkgs.webapps-yourls-plugins;
32 env = config.myEnv.tools.yourls;
33 inherit config;
34 };
35 rompr = pkgs.callPackage ./rompr.nix {
36 rompr = pkgs.webapps-rompr;
37 env = config.myEnv.tools.rompr;
38 inherit config;
39 };
40 shaarli = pkgs.callPackage ./shaarli.nix {
41 env = config.myEnv.tools.shaarli;
42 inherit config;
43 };
44 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
45 dokuwiki = pkgs.webapps-dokuwiki;
46 dokuwiki-plugins = pkgs.webapps-dokuwiki-plugins;
47 inherit config;
48 };
49 ldap = pkgs.callPackage ./ldap.nix {
50 phpldapadmin = pkgs.webapps-phpldapadmin;
51 env = config.myEnv.tools.phpldapadmin;
52 inherit config;
53 };
54 grocy' = pkgs.callPackage ./grocy.nix {
55 grocy = grocy.override { composerEnv = composerEnv.override { php = pkgs.php72; }; };
56 };
57 phpbb = pkgs.callPackage ./phpbb.nix {
58 phpbb = (pkgs.webapps-phpbb.withLangs (l: [ l.fr ])).withExts (e: [
59 e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
60 e.empteintesduweb.monitoranswers e.lr94.autosubscribe
61 e.phpbbmodders.adduser ]);
62 };
63 webhooks-bin-env = pkgs.buildEnv {
64 name = "webhook-env";
65 paths = [ pkgs.apprise ];
66 pathsToLink = [ "/bin" ];
67 };
68 webhooks = pkgs.callPackage ./webhooks.nix {
69 env = config.myEnv.tools.webhooks;
70 binEnv = webhooks-bin-env;
71 };
72 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
73 env = config.myEnv.tools.dmarc_reports;
74 inherit config;
75 };
76
77 landing = pkgs.callPackage ./landing.nix { };
78
79 cfg = config.myServices.websites.tools.tools;
80 pcfg = config.services.phpfpm.pools;
81 in {
82 options.myServices.websites.tools.tools = {
83 enable = lib.mkEnableOption "enable tools website";
84 };
85
86 config = lib.mkIf cfg.enable {
87 # Services needing to send e-mails
88 myServices.dns.zones."immae.eu".emailPolicies."tools".receive = true;
89 myServices.dns.zones."immae.eu".subdomains =
90 with config.myServices.dns.helpers;
91 {
92 outils = ips servers.eldiron.ips.main;
93 tools = lib.mkMerge [
94 (mailCommon "immae.eu" true)
95 mailSend
96 (ips servers.eldiron.ips.main)
97 ];
98 };
99
100 myServices.chatonsProperties.services = {
101 adminer = adminer.chatonsProperties;
102 dokuwiki = dokuwiki.chatonsProperties;
103 shaarli = shaarli.chatonsProperties;
104 ttrss = ttrss.chatonsProperties;
105 wallabag = wallabag.chatonsProperties;
106 paste = {
107 file.datetime = "2022-08-22T00:15:00";
108 service = {
109 name = "Paste";
110 description = "A simple paster script with syntax highlight";
111 website = "https://tools.immae.eu/paste/";
112 logo = "https://assets.immae.eu/logo.jpg";
113 status.level = "OK";
114 status.description = "OK";
115 registration."" = ["MEMBER" "CLIENT"];
116 registration.load = "OPEN";
117 install.type = "PACKAGE";
118 guide.user = "https://tools.immae.eu/paste/";
119 };
120 software = {
121 name = "Paste";
122 website = "https://tools.immae.eu/paste/";
123 license.url = "https://tools.immae.eu/paste/license";
124 license.name = "MIT License";
125 version = "Unversioned";
126 source.url = "https://tools.immae.eu/paste/abcd123/py";
127 };
128 };
129 };
130 myServices.chatonsProperties.hostings = {
131 dokuwiki = dokuwiki.chatonsHostingProperties;
132 phpbb = phpbb.chatonsHostingProperties;
133 };
134 secrets.keys =
135 kanboard.keys
136 // ldap.keys
137 // shaarli.keys
138 // ttrss.keys
139 // wallabag.keys
140 // yourls.keys
141 // dmarc-reports.keys
142 // webhooks.keys
143 // ({ "webapps/tools-landing-sql-rw" = {
144 user = "wwwrun";
145 group = "wwwrun";
146 permissions = "0400";
147 text = let
148 env = config.myEnv.tools.landing;
149 in ''
150 SetEnv PGUSER "${env.postgresql.user}"
151 SetEnv PGPASSWORD "${env.postgresql.password}"
152 SetEnv PGDATABASE "${env.postgresql.database}"
153 SetEnv PGHOST "${env.postgresql.socket}"
154 '';
155 }; });
156 services.websites.env.tools.modules =
157 [ "proxy_fcgi" ]
158 ++ adminer.apache.modules
159 ++ ympd.apache.modules
160 ++ ttrss.apache.modules
161 ++ wallabag.apache.modules
162 ++ yourls.apache.modules
163 ++ rompr.apache.modules
164 ++ shaarli.apache.modules
165 ++ dokuwiki.apache.modules
166 ++ dmarc-reports.apache.modules
167 ++ phpbb.apache.modules
168 ++ ldap.apache.modules
169 ++ kanboard.apache.modules;
170
171 myServices.dns.zones."immae.dev" = with config.myServices.dns.helpers; {
172 subdomains.tools = ips servers.eldiron.ips.integration;
173 };
174 security.acme.certs.integration.domain = "tools.immae.dev";
175 services.websites.env.integration.vhostConfs.devtools = {
176 certName = "integration";
177 hosts = [ "tools.immae.dev" ];
178 root = "/var/lib/ftp/immae/devtools";
179 extraConfig = [
180 ''
181 Use Apaxy "/var/lib/ftp/immae/devtools" "title"
182 Timeout 600
183 ProxyTimeout 600
184 Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
185 <Directory "/var/lib/ftp/immae/devtools">
186 DirectoryIndex index.php index.htm index.html
187 AllowOverride all
188 Require all granted
189 <FilesMatch "\.php$">
190 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
191 </FilesMatch>
192 </Directory>
193 ''
194 ];
195 };
196
197
198 security.acme.certs.eldiron.extraDomainNames = [ "outils.immae.eu" "tools.immae.eu" ];
199 services.websites.env.tools.vhostConfs.tools = {
200 certName = "eldiron";
201 hosts = ["tools.immae.eu" ];
202 root = landing;
203 extraConfig = [
204 ''
205 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
206 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
207 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
208
209 <Directory "${landing}">
210 Include ${config.secrets.fullPaths."webapps/tools-landing-sql-rw"}
211 DirectoryIndex index.html
212 AllowOverride None
213 Require all granted
214
215 <FilesMatch "\.php$">
216 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
217 </FilesMatch>
218 </Directory>
219 ''
220 (adminer.apache.vhostConf pcfg.adminer.socket)
221 ympd.apache.vhostConf
222 (ttrss.apache.vhostConf pcfg.ttrss.socket)
223 (wallabag.apache.vhostConf pcfg.wallabag.socket)
224 (yourls.apache.vhostConf pcfg.yourls.socket)
225 (rompr.apache.vhostConf pcfg.rompr.socket)
226 (shaarli.apache.vhostConf pcfg.shaarli.socket)
227 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
228 (ldap.apache.vhostConf pcfg.ldap.socket)
229 (kanboard.apache.vhostConf pcfg.kanboard.socket)
230 (grocy'.apache.vhostConf pcfg.grocy.socket)
231 (phpbb.apache.vhostConf pcfg.phpbb.socket)
232 (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
233 ''
234 <Location "/paste/">
235 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
236 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
237 ProxyPreserveHost on
238 </Location>
239 <Location "/paste">
240 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
241 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
242 ProxyPreserveHost on
243 </Location>
244
245 <Location "/ntfy/">
246 SetEnv proxy-nokeepalive 1
247 SetEnv proxy-sendchunked 1
248 LimitRequestBody 102400
249
250 RewriteEngine On
251
252 # FIXME: why is landing prefixed in the url?
253 RewriteCond %{HTTP:Upgrade} websocket [NC]
254 RewriteCond %{HTTP:Connection} upgrade [NC]
255 RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|ws://tools.immae.eu/$2 [P,NE,QSA,L]
256
257 RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|http://tools.immae.eu/$2 [P,NE,QSA,L]
258 </Location>
259 Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
260 <Directory "/var/lib/buildbot/outputs/immae/bip39">
261 DirectoryIndex index.html
262 AllowOverride None
263 Require all granted
264 </Directory>
265
266 Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
267 <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
268 Options -Indexes
269 DirectoryIndex index.php
270 Require all granted
271 AllowOverride None
272 <FilesMatch "\.php$">
273 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
274 </FilesMatch>
275 </Directory>
276 ''
277 ];
278 };
279
280 services.websites.env.tools.vhostConfs.outils = {
281 certName = "eldiron";
282 hosts = [ "outils.immae.eu" ];
283 root = null;
284 extraConfig = [
285 ''
286 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
287
288 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
289
290 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
291 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
292
293 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
294 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
295 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
296 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
297
298 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
299
300 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
301
302 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
303
304 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
305
306 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
307 ''
308 ];
309 };
310
311 systemd.services = {
312 phpfpm-dokuwiki = {
313 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
314 wants = dokuwiki.phpFpm.serviceDeps;
315 };
316 phpfpm-phpbb = {
317 after = lib.mkAfter phpbb.phpFpm.serviceDeps;
318 wants = phpbb.phpFpm.serviceDeps;
319 };
320 phpfpm-kanboard = {
321 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
322 wants = kanboard.phpFpm.serviceDeps;
323 };
324 phpfpm-ldap = {
325 after = lib.mkAfter ldap.phpFpm.serviceDeps;
326 wants = ldap.phpFpm.serviceDeps;
327 };
328 phpfpm-shaarli = {
329 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
330 wants = shaarli.phpFpm.serviceDeps;
331 };
332 phpfpm-ttrss = {
333 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
334 wants = ttrss.phpFpm.serviceDeps;
335 };
336 phpfpm-wallabag = {
337 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
338 wants = wallabag.phpFpm.serviceDeps;
339 preStart = lib.mkAfter wallabag.phpFpm.preStart;
340 };
341 phpfpm-yourls = {
342 after = lib.mkAfter yourls.phpFpm.serviceDeps;
343 wants = yourls.phpFpm.serviceDeps;
344 };
345 ntfy = {
346 description = "send push notifications to your phone or desktop via scripts from any computer";
347 wantedBy = [ "multi-user.target" ];
348 serviceConfig = {
349 ExecStart = "${pkgs.ntfy-sh}/bin/ntfy serve --listen-http '' --listen-unix %t/ntfy/ntfy.sock --cache-file %S/ntfy/cache.db --cache-duration 120h --behind-proxy --attachment-cache-dir %S/ntfy/attachments --base-url https://tools.immae.eu/ntfy";
350 Type = "simple";
351 WorkingDirectory = "%S/ntfy";
352 RuntimeDirectory = "ntfy";
353 StateDirectory = "ntfy";
354 User = "wwwrun";
355 };
356 };
357 ympd = {
358 description = "Standalone MPD Web GUI written in C";
359 wantedBy = [ "multi-user.target" ];
360 script = ''
361 export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
362 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
363 '';
364 };
365 tt-rss = {
366 description = "Tiny Tiny RSS feeds update daemon";
367 serviceConfig = {
368 User = "wwwrun";
369 ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
370 StandardOutput = "syslog";
371 StandardError = "syslog";
372 PermissionsStartOnly = true;
373 };
374
375 wantedBy = [ "multi-user.target" ];
376 requires = ["postgresql.service"];
377 after = ["network.target" "postgresql.service"];
378 };
379 };
380
381 services.filesWatcher.ympd = {
382 restart = true;
383 paths = [ config.secrets.fullPaths."mpd" ];
384 };
385
386 services.paste = {
387 enable = true;
388 webDirectory = "/paste";
389 };
390
391 services.phpfpm.pools = {
392 tools = {
393 user = "wwwrun";
394 group = "wwwrun";
395 settings = {
396 "listen.owner" = "wwwrun";
397 "listen.group" = "wwwrun";
398 "pm" = "dynamic";
399 "pm.max_children" = "60";
400 "pm.start_servers" = "2";
401 "pm.min_spare_servers" = "1";
402 "pm.max_spare_servers" = "10";
403
404 "php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i";
405 "php_admin_value[session.save_handler]" = "redis";
406 "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Tools:'";
407 # Needed to avoid clashes in browser cookies (same domain)
408 "php_value[session.name]" = "ToolsPHPSESSID";
409 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
410 "/run/wrappers/bin/sendmail" landing "/tmp"
411 config.secrets.fullPaths."webapps/webhooks"
412 "${webhooks-bin-env}/bin"
413 ];
414 };
415 phpEnv = {
416 CONTACT_EMAIL = config.myEnv.tools.contact;
417 };
418 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]);
419 };
420 devtools = {
421 user = "wwwrun";
422 group = "wwwrun";
423 settings = {
424 "listen.owner" = "wwwrun";
425 "listen.group" = "wwwrun";
426 "pm" = "dynamic";
427 "pm.max_children" = "60";
428 "pm.start_servers" = "2";
429 "pm.min_spare_servers" = "1";
430 "pm.max_spare_servers" = "10";
431
432 "php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i";
433 "php_admin_value[session.save_handler]" = "redis";
434 "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Devtools:'";
435 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
436 };
437 phpPackage = pkgs.php82.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.sqlite3 all.redis all.apcu all.opcache ]);
438 };
439 adminer = adminer.phpFpm;
440 ttrss = {
441 user = "wwwrun";
442 group = "wwwrun";
443 settings = ttrss.phpFpm.pool;
444 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
445 };
446 wallabag = {
447 user = "wwwrun";
448 group = "wwwrun";
449 settings = wallabag.phpFpm.pool;
450 phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy all.redis]);
451 };
452 yourls = {
453 user = "wwwrun";
454 group = "wwwrun";
455 settings = yourls.phpFpm.pool;
456 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
457 };
458 rompr = {
459 user = "wwwrun";
460 group = "wwwrun";
461 settings = rompr.phpFpm.pool;
462 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
463 };
464 shaarli = {
465 user = "wwwrun";
466 group = "wwwrun";
467 settings = shaarli.phpFpm.pool;
468 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
469 };
470 dmarc-reports = {
471 user = "wwwrun";
472 group = "wwwrun";
473 settings = dmarc-reports.phpFpm.pool;
474 phpEnv = dmarc-reports.phpFpm.phpEnv;
475 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
476 };
477 dokuwiki = {
478 user = "wwwrun";
479 group = "wwwrun";
480 settings = dokuwiki.phpFpm.pool;
481 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
482 };
483 phpbb = {
484 user = "wwwrun";
485 group = "wwwrun";
486 settings = phpbb.phpFpm.pool;
487 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
488 };
489 ldap = {
490 user = "wwwrun";
491 group = "wwwrun";
492 settings = ldap.phpFpm.pool;
493 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
494 };
495 kanboard = {
496 user = "wwwrun";
497 group = "wwwrun";
498 settings = kanboard.phpFpm.pool;
499 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
500 };
501 grocy = {
502 user = "wwwrun";
503 group = "wwwrun";
504 settings = grocy'.phpFpm.pool;
505 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
506 };
507 };
508
509 system.activationScripts = {
510 grocy = grocy'.activationScript;
511 ttrss = ttrss.activationScript;
512 wallabag = wallabag.activationScript;
513 rompr = rompr.activationScript;
514 shaarli = shaarli.activationScript;
515 dokuwiki = dokuwiki.activationScript;
516 phpbb = phpbb.activationScript;
517 kanboard = kanboard.activationScript;
518 };
519
520 services.websites.env.tools.watchPaths = [
521 config.secrets.fullPaths."webapps/tools-shaarli"
522 ];
523 services.filesWatcher.phpfpm-wallabag = {
524 restart = true;
525 paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
526 };
527
528 myServices.monitoring.fromMasterActivatedPlugins = lib.mkMerge [
529 ttrss.monitoringPlugins
530 rompr.monitoringPlugins
531 wallabag.monitoringPlugins
532 yourls.monitoringPlugins
533 ympd.monitoringPlugins
534 dokuwiki.monitoringPlugins
535 shaarli.monitoringPlugins
536 ldap.monitoringPlugins
537 adminer.monitoringPlugins
538 ];
539 myServices.monitoring.fromMasterObjects = lib.mkMerge [
540 ttrss.monitoringObjects
541 rompr.monitoringObjects
542 wallabag.monitoringObjects
543 yourls.monitoringObjects
544 ympd.monitoringObjects
545 dokuwiki.monitoringObjects
546 shaarli.monitoringObjects
547 ldap.monitoringObjects
548 adminer.monitoringObjects
549 ];
550 };
551 }
552
My infrastructure configuration