1 { lib, pkgs, config, mypackages-lib, grocy, ... }:
3 composerEnv = mypackages-lib.composerEnv;
4 adminer = pkgs.callPackage ./adminer.nix { inherit config; };
5 ympd = pkgs.callPackage ./ympd.nix {
6 env = config.myEnv.tools.ympd;
9 ttrss = pkgs.callPackage ./ttrss.nix {
10 ttrss = pkgs.webapps-ttrss;
11 ttrss-plugins = pkgs.webapps-ttrss-plugins;
12 env = config.myEnv.tools.ttrss;
16 kanboard = pkgs.callPackage ./kanboard.nix {
18 env = config.myEnv.tools.kanboard;
20 wallabag = pkgs.callPackage ./wallabag.nix {
21 wallabag = pkgs.webapps-wallabag.override {
22 composerEnv = composerEnv.override {
23 php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
26 env = config.myEnv.tools.wallabag;
29 yourls = pkgs.callPackage ./yourls.nix {
30 yourls = pkgs.webapps-yourls;
31 yourls-plugins = pkgs.webapps-yourls-plugins;
32 env = config.myEnv.tools.yourls;
35 rompr = pkgs.callPackage ./rompr.nix {
36 rompr = pkgs.webapps-rompr;
37 env = config.myEnv.tools.rompr;
40 shaarli = pkgs.callPackage ./shaarli.nix {
41 env = config.myEnv.tools.shaarli;
44 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
45 dokuwiki = pkgs.webapps-dokuwiki;
46 dokuwiki-plugins = pkgs.webapps-dokuwiki-plugins;
49 ldap = pkgs.callPackage ./ldap.nix {
50 phpldapadmin = pkgs.webapps-phpldapadmin;
51 env = config.myEnv.tools.phpldapadmin;
54 grocy' = pkgs.callPackage ./grocy.nix {
55 grocy = grocy.override { composerEnv = composerEnv.override { php = pkgs.php72; }; };
57 phpbb = pkgs.callPackage ./phpbb.nix {
58 phpbb = (pkgs.webapps-phpbb.withLangs (l: [ l.fr ])).withExts (e: [
59 e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
60 e.empteintesduweb.monitoranswers e.lr94.autosubscribe
61 e.phpbbmodders.adduser ]);
63 webhooks-bin-env = pkgs.buildEnv {
65 paths = [ pkgs.apprise ];
66 pathsToLink = [ "/bin" ];
68 webhooks = pkgs.callPackage ./webhooks.nix {
69 env = config.myEnv.tools.webhooks;
70 binEnv = webhooks-bin-env;
72 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
73 env = config.myEnv.tools.dmarc_reports;
77 landing = pkgs.callPackage ./landing.nix { };
79 matrix = pkgs.element-web.override {
81 default_server_config."m.homeserver" = {
82 base_url = "https://immae.ems.host";
83 server_name = "immae.eu";
85 default_server_config."m.identity_server" = {
86 base_url = "https://vector.im";
88 room_directory.servers = [ "immae.eu" "matrix.org" ];
92 cfg = config.myServices.websites.tools.tools;
93 pcfg = config.services.phpfpm.pools;
95 options.myServices.websites.tools.tools = {
96 enable = lib.mkEnableOption "enable tools website";
99 config = lib.mkIf cfg.enable {
100 # Services needing to send e-mails
101 myServices.dns.zones."immae.eu".emailPolicies."tools".receive = true;
102 myServices.dns.zones."immae.eu".subdomains =
103 with config.myServices.dns.helpers;
105 outils = ips servers.eldiron.ips.main;
106 tools = lib.mkMerge [
107 (mailCommon "immae.eu" true)
109 (ips servers.eldiron.ips.main)
113 myServices.chatonsProperties.services = {
114 adminer = adminer.chatonsProperties;
115 dokuwiki = dokuwiki.chatonsProperties;
116 shaarli = shaarli.chatonsProperties;
117 ttrss = ttrss.chatonsProperties;
118 wallabag = wallabag.chatonsProperties;
120 file.datetime = "2022-08-22T00:15:00";
123 description = "A simple paster script with syntax highlight";
124 website = "https://tools.immae.eu/paste/";
125 logo = "https://assets.immae.eu/logo.jpg";
127 status.description = "OK";
128 registration."" = ["MEMBER" "CLIENT"];
129 registration.load = "OPEN";
130 install.type = "PACKAGE";
131 guide.user = "https://tools.immae.eu/paste/";
135 website = "https://tools.immae.eu/paste/";
136 license.url = "https://tools.immae.eu/paste/license";
137 license.name = "MIT License";
138 version = "Unversioned";
139 source.url = "https://tools.immae.eu/paste/abcd123/py";
143 myServices.chatonsProperties.hostings = {
144 dokuwiki = dokuwiki.chatonsHostingProperties;
145 phpbb = phpbb.chatonsHostingProperties;
154 // dmarc-reports.keys
156 // ({ "webapps/tools-landing-sql-rw" = {
159 permissions = "0400";
161 env = config.myEnv.tools.landing;
163 SetEnv PGUSER "${env.postgresql.user}"
164 SetEnv PGPASSWORD "${env.postgresql.password}"
165 SetEnv PGDATABASE "${env.postgresql.database}"
166 SetEnv PGHOST "${env.postgresql.socket}"
169 services.websites.env.tools.modules =
171 ++ adminer.apache.modules
172 ++ ympd.apache.modules
173 ++ ttrss.apache.modules
174 ++ wallabag.apache.modules
175 ++ yourls.apache.modules
176 ++ rompr.apache.modules
177 ++ shaarli.apache.modules
178 ++ dokuwiki.apache.modules
179 ++ dmarc-reports.apache.modules
180 ++ phpbb.apache.modules
181 ++ ldap.apache.modules
182 ++ kanboard.apache.modules;
184 myServices.dns.zones."immae.dev" = with config.myServices.dns.helpers; {
185 subdomains.tools = ips servers.eldiron.ips.integration;
187 security.acme.certs.integration.domain = "tools.immae.dev";
188 services.websites.env.integration.vhostConfs.devtools = {
189 certName = "integration";
190 hosts = [ "tools.immae.dev" ];
191 root = "/var/lib/ftp/immae/devtools";
194 Use Apaxy "/var/lib/ftp/immae/devtools" "title"
197 Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
198 <Directory "/var/lib/ftp/immae/devtools">
199 DirectoryIndex index.php index.htm index.html
202 <FilesMatch "\.php$">
203 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
211 security.acme.certs.eldiron.extraDomainNames = [ "outils.immae.eu" "tools.immae.eu" ];
212 services.websites.env.tools.vhostConfs.tools = {
213 certName = "eldiron";
214 hosts = ["tools.immae.eu" ];
218 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
219 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
220 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
222 <Directory "${landing}">
223 Include ${config.secrets.fullPaths."webapps/tools-landing-sql-rw"}
224 DirectoryIndex index.html
228 <FilesMatch "\.php$">
229 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
233 (adminer.apache.vhostConf pcfg.adminer.socket)
234 ympd.apache.vhostConf
235 (ttrss.apache.vhostConf pcfg.ttrss.socket)
236 (wallabag.apache.vhostConf pcfg.wallabag.socket)
237 (yourls.apache.vhostConf pcfg.yourls.socket)
238 (rompr.apache.vhostConf pcfg.rompr.socket)
239 (shaarli.apache.vhostConf pcfg.shaarli.socket)
240 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
241 (ldap.apache.vhostConf pcfg.ldap.socket)
242 (kanboard.apache.vhostConf pcfg.kanboard.socket)
243 (grocy'.apache.vhostConf pcfg.grocy.socket)
244 (phpbb.apache.vhostConf pcfg.phpbb.socket)
245 (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
248 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
249 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
253 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
254 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
259 SetEnv proxy-nokeepalive 1
260 SetEnv proxy-sendchunked 1
261 LimitRequestBody 102400
265 # FIXME: why is landing prefixed in the url?
266 RewriteCond %{HTTP:Upgrade} websocket [NC]
267 RewriteCond %{HTTP:Connection} upgrade [NC]
268 RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|ws://tools.immae.eu/$2 [P,NE,QSA,L]
270 RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|http://tools.immae.eu/$2 [P,NE,QSA,L]
272 Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
273 <Directory "/var/lib/buildbot/outputs/immae/bip39">
274 DirectoryIndex index.html
279 Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
280 <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
282 DirectoryIndex index.php
285 <FilesMatch "\.php$">
286 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
290 Alias /matrix ${matrix}
291 <Directory "${matrix}">
292 DirectoryIndex index.html
300 services.websites.env.tools.vhostConfs.outils = {
301 certName = "eldiron";
302 hosts = [ "outils.immae.eu" ];
306 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
308 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
310 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
311 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
313 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
314 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
315 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
316 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
318 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
320 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
322 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
324 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
326 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
333 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
334 wants = dokuwiki.phpFpm.serviceDeps;
337 after = lib.mkAfter phpbb.phpFpm.serviceDeps;
338 wants = phpbb.phpFpm.serviceDeps;
341 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
342 wants = kanboard.phpFpm.serviceDeps;
345 after = lib.mkAfter ldap.phpFpm.serviceDeps;
346 wants = ldap.phpFpm.serviceDeps;
349 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
350 wants = shaarli.phpFpm.serviceDeps;
353 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
354 wants = ttrss.phpFpm.serviceDeps;
357 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
358 wants = wallabag.phpFpm.serviceDeps;
359 preStart = lib.mkAfter wallabag.phpFpm.preStart;
362 after = lib.mkAfter yourls.phpFpm.serviceDeps;
363 wants = yourls.phpFpm.serviceDeps;
366 description = "send push notifications to your phone or desktop via scripts from any computer";
367 wantedBy = [ "multi-user.target" ];
369 ExecStart = "${pkgs.ntfy-sh}/bin/ntfy serve --listen-http '' --listen-unix %t/ntfy/ntfy.sock --cache-file %S/ntfy/cache.db --cache-duration 120h --behind-proxy --attachment-cache-dir %S/ntfy/attachments --base-url https://tools.immae.eu/ntfy";
371 WorkingDirectory = "%S/ntfy";
372 RuntimeDirectory = "ntfy";
373 StateDirectory = "ntfy";
378 description = "Standalone MPD Web GUI written in C";
379 wantedBy = [ "multi-user.target" ];
381 export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
382 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
386 description = "Tiny Tiny RSS feeds update daemon";
389 ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
390 StandardOutput = "syslog";
391 StandardError = "syslog";
392 PermissionsStartOnly = true;
395 wantedBy = [ "multi-user.target" ];
396 requires = ["postgresql.service"];
397 after = ["network.target" "postgresql.service"];
401 services.filesWatcher.ympd = {
403 paths = [ config.secrets.fullPaths."mpd" ];
408 webDirectory = "/paste";
411 services.phpfpm.pools = {
416 "listen.owner" = "wwwrun";
417 "listen.group" = "wwwrun";
419 "pm.max_children" = "60";
420 "pm.start_servers" = "2";
421 "pm.min_spare_servers" = "1";
422 "pm.max_spare_servers" = "10";
424 "php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i";
425 "php_admin_value[session.save_handler]" = "redis";
426 "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Tools:'";
427 # Needed to avoid clashes in browser cookies (same domain)
428 "php_value[session.name]" = "ToolsPHPSESSID";
429 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
430 "/run/wrappers/bin/sendmail" landing "/tmp"
431 config.secrets.fullPaths."webapps/webhooks"
432 "${webhooks-bin-env}/bin"
436 CONTACT_EMAIL = config.myEnv.tools.contact;
438 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]);
444 "listen.owner" = "wwwrun";
445 "listen.group" = "wwwrun";
447 "pm.max_children" = "60";
448 "pm.start_servers" = "2";
449 "pm.min_spare_servers" = "1";
450 "pm.max_spare_servers" = "10";
452 "php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i";
453 "php_admin_value[session.save_handler]" = "redis";
454 "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Devtools:'";
455 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
457 phpPackage = pkgs.php82.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.sqlite3 all.redis all.apcu all.opcache ]);
459 adminer = adminer.phpFpm;
463 settings = ttrss.phpFpm.pool;
464 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
469 settings = wallabag.phpFpm.pool;
470 phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy all.redis]);
475 settings = yourls.phpFpm.pool;
476 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
481 settings = rompr.phpFpm.pool;
482 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
487 settings = shaarli.phpFpm.pool;
488 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
493 settings = dmarc-reports.phpFpm.pool;
494 phpEnv = dmarc-reports.phpFpm.phpEnv;
495 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
500 settings = dokuwiki.phpFpm.pool;
501 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
506 settings = phpbb.phpFpm.pool;
507 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
512 settings = ldap.phpFpm.pool;
513 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
518 settings = kanboard.phpFpm.pool;
519 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
524 settings = grocy'.phpFpm.pool;
525 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
529 system.activationScripts = {
530 grocy = grocy'.activationScript;
531 ttrss = ttrss.activationScript;
532 wallabag = wallabag.activationScript;
533 rompr = rompr.activationScript;
534 shaarli = shaarli.activationScript;
535 dokuwiki = dokuwiki.activationScript;
536 phpbb = phpbb.activationScript;
537 kanboard = kanboard.activationScript;
540 services.websites.env.tools.watchPaths = [
541 config.secrets.fullPaths."webapps/tools-shaarli"
543 services.filesWatcher.phpfpm-wallabag = {
545 paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
548 myServices.monitoring.fromMasterActivatedPlugins = lib.mkMerge [
549 ttrss.monitoringPlugins
550 rompr.monitoringPlugins
551 wallabag.monitoringPlugins
552 yourls.monitoringPlugins
553 ympd.monitoringPlugins
554 dokuwiki.monitoringPlugins
555 shaarli.monitoringPlugins
556 ldap.monitoringPlugins
557 adminer.monitoringPlugins
559 myServices.monitoring.fromMasterObjects = lib.mkMerge [
560 ttrss.monitoringObjects
561 rompr.monitoringObjects
562 wallabag.monitoringObjects
563 yourls.monitoringObjects
564 ympd.monitoringObjects
565 dokuwiki.monitoringObjects
566 shaarli.monitoringObjects
567 ldap.monitoringObjects
568 adminer.monitoringObjects