]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - systems/eldiron/websites/tools/default.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Host matrix element frontend on eldiron
[perso/Immae/Config/Nix.git] / systems / eldiron / websites / tools / default.nix
1 { lib, pkgs, config, mypackages-lib, grocy, ... }:
2 let
3 composerEnv = mypackages-lib.composerEnv;
4 adminer = pkgs.callPackage ./adminer.nix { inherit config; };
5 ympd = pkgs.callPackage ./ympd.nix {
6 env = config.myEnv.tools.ympd;
7 inherit config;
8 };
9 ttrss = pkgs.callPackage ./ttrss.nix {
10 ttrss = pkgs.webapps-ttrss;
11 ttrss-plugins = pkgs.webapps-ttrss-plugins;
12 env = config.myEnv.tools.ttrss;
13 php = pkgs.php72;
14 inherit config;
15 };
16 kanboard = pkgs.callPackage ./kanboard.nix {
17 inherit config;
18 env = config.myEnv.tools.kanboard;
19 };
20 wallabag = pkgs.callPackage ./wallabag.nix {
21 wallabag = pkgs.webapps-wallabag.override {
22 composerEnv = composerEnv.override {
23 php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
24 };
25 };
26 env = config.myEnv.tools.wallabag;
27 inherit config;
28 };
29 yourls = pkgs.callPackage ./yourls.nix {
30 yourls = pkgs.webapps-yourls;
31 yourls-plugins = pkgs.webapps-yourls-plugins;
32 env = config.myEnv.tools.yourls;
33 inherit config;
34 };
35 rompr = pkgs.callPackage ./rompr.nix {
36 rompr = pkgs.webapps-rompr;
37 env = config.myEnv.tools.rompr;
38 inherit config;
39 };
40 shaarli = pkgs.callPackage ./shaarli.nix {
41 env = config.myEnv.tools.shaarli;
42 inherit config;
43 };
44 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
45 dokuwiki = pkgs.webapps-dokuwiki;
46 dokuwiki-plugins = pkgs.webapps-dokuwiki-plugins;
47 inherit config;
48 };
49 ldap = pkgs.callPackage ./ldap.nix {
50 phpldapadmin = pkgs.webapps-phpldapadmin;
51 env = config.myEnv.tools.phpldapadmin;
52 inherit config;
53 };
54 grocy' = pkgs.callPackage ./grocy.nix {
55 grocy = grocy.override { composerEnv = composerEnv.override { php = pkgs.php72; }; };
56 };
57 phpbb = pkgs.callPackage ./phpbb.nix {
58 phpbb = (pkgs.webapps-phpbb.withLangs (l: [ l.fr ])).withExts (e: [
59 e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
60 e.empteintesduweb.monitoranswers e.lr94.autosubscribe
61 e.phpbbmodders.adduser ]);
62 };
63 webhooks-bin-env = pkgs.buildEnv {
64 name = "webhook-env";
65 paths = [ pkgs.apprise ];
66 pathsToLink = [ "/bin" ];
67 };
68 webhooks = pkgs.callPackage ./webhooks.nix {
69 env = config.myEnv.tools.webhooks;
70 binEnv = webhooks-bin-env;
71 };
72 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
73 env = config.myEnv.tools.dmarc_reports;
74 inherit config;
75 };
76
77 landing = pkgs.callPackage ./landing.nix { };
78
79 matrix = pkgs.element-web.override {
80 conf = {
81 default_server_config."m.homeserver" = {
82 base_url = "https://immae.ems.host";
83 server_name = "immae.eu";
84 };
85 default_server_config."m.identity_server" = {
86 base_url = "https://vector.im";
87 };
88 room_directory.servers = [ "immae.eu" "matrix.org" ];
89 };
90 };
91
92 cfg = config.myServices.websites.tools.tools;
93 pcfg = config.services.phpfpm.pools;
94 in {
95 options.myServices.websites.tools.tools = {
96 enable = lib.mkEnableOption "enable tools website";
97 };
98
99 config = lib.mkIf cfg.enable {
100 # Services needing to send e-mails
101 myServices.dns.zones."immae.eu".emailPolicies."tools".receive = true;
102 myServices.dns.zones."immae.eu".subdomains =
103 with config.myServices.dns.helpers;
104 {
105 outils = ips servers.eldiron.ips.main;
106 tools = lib.mkMerge [
107 (mailCommon "immae.eu" true)
108 mailSend
109 (ips servers.eldiron.ips.main)
110 ];
111 };
112
113 myServices.chatonsProperties.services = {
114 adminer = adminer.chatonsProperties;
115 dokuwiki = dokuwiki.chatonsProperties;
116 shaarli = shaarli.chatonsProperties;
117 ttrss = ttrss.chatonsProperties;
118 wallabag = wallabag.chatonsProperties;
119 paste = {
120 file.datetime = "2022-08-22T00:15:00";
121 service = {
122 name = "Paste";
123 description = "A simple paster script with syntax highlight";
124 website = "https://tools.immae.eu/paste/";
125 logo = "https://assets.immae.eu/logo.jpg";
126 status.level = "OK";
127 status.description = "OK";
128 registration."" = ["MEMBER" "CLIENT"];
129 registration.load = "OPEN";
130 install.type = "PACKAGE";
131 guide.user = "https://tools.immae.eu/paste/";
132 };
133 software = {
134 name = "Paste";
135 website = "https://tools.immae.eu/paste/";
136 license.url = "https://tools.immae.eu/paste/license";
137 license.name = "MIT License";
138 version = "Unversioned";
139 source.url = "https://tools.immae.eu/paste/abcd123/py";
140 };
141 };
142 };
143 myServices.chatonsProperties.hostings = {
144 dokuwiki = dokuwiki.chatonsHostingProperties;
145 phpbb = phpbb.chatonsHostingProperties;
146 };
147 secrets.keys =
148 kanboard.keys
149 // ldap.keys
150 // shaarli.keys
151 // ttrss.keys
152 // wallabag.keys
153 // yourls.keys
154 // dmarc-reports.keys
155 // webhooks.keys
156 // ({ "webapps/tools-landing-sql-rw" = {
157 user = "wwwrun";
158 group = "wwwrun";
159 permissions = "0400";
160 text = let
161 env = config.myEnv.tools.landing;
162 in ''
163 SetEnv PGUSER "${env.postgresql.user}"
164 SetEnv PGPASSWORD "${env.postgresql.password}"
165 SetEnv PGDATABASE "${env.postgresql.database}"
166 SetEnv PGHOST "${env.postgresql.socket}"
167 '';
168 }; });
169 services.websites.env.tools.modules =
170 [ "proxy_fcgi" ]
171 ++ adminer.apache.modules
172 ++ ympd.apache.modules
173 ++ ttrss.apache.modules
174 ++ wallabag.apache.modules
175 ++ yourls.apache.modules
176 ++ rompr.apache.modules
177 ++ shaarli.apache.modules
178 ++ dokuwiki.apache.modules
179 ++ dmarc-reports.apache.modules
180 ++ phpbb.apache.modules
181 ++ ldap.apache.modules
182 ++ kanboard.apache.modules;
183
184 myServices.dns.zones."immae.dev" = with config.myServices.dns.helpers; {
185 subdomains.tools = ips servers.eldiron.ips.integration;
186 };
187 security.acme.certs.integration.domain = "tools.immae.dev";
188 services.websites.env.integration.vhostConfs.devtools = {
189 certName = "integration";
190 hosts = [ "tools.immae.dev" ];
191 root = "/var/lib/ftp/immae/devtools";
192 extraConfig = [
193 ''
194 Use Apaxy "/var/lib/ftp/immae/devtools" "title"
195 Timeout 600
196 ProxyTimeout 600
197 Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
198 <Directory "/var/lib/ftp/immae/devtools">
199 DirectoryIndex index.php index.htm index.html
200 AllowOverride all
201 Require all granted
202 <FilesMatch "\.php$">
203 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
204 </FilesMatch>
205 </Directory>
206 ''
207 ];
208 };
209
210
211 security.acme.certs.eldiron.extraDomainNames = [ "outils.immae.eu" "tools.immae.eu" ];
212 services.websites.env.tools.vhostConfs.tools = {
213 certName = "eldiron";
214 hosts = ["tools.immae.eu" ];
215 root = landing;
216 extraConfig = [
217 ''
218 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
219 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
220 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
221
222 <Directory "${landing}">
223 Include ${config.secrets.fullPaths."webapps/tools-landing-sql-rw"}
224 DirectoryIndex index.html
225 AllowOverride None
226 Require all granted
227
228 <FilesMatch "\.php$">
229 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
230 </FilesMatch>
231 </Directory>
232 ''
233 (adminer.apache.vhostConf pcfg.adminer.socket)
234 ympd.apache.vhostConf
235 (ttrss.apache.vhostConf pcfg.ttrss.socket)
236 (wallabag.apache.vhostConf pcfg.wallabag.socket)
237 (yourls.apache.vhostConf pcfg.yourls.socket)
238 (rompr.apache.vhostConf pcfg.rompr.socket)
239 (shaarli.apache.vhostConf pcfg.shaarli.socket)
240 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
241 (ldap.apache.vhostConf pcfg.ldap.socket)
242 (kanboard.apache.vhostConf pcfg.kanboard.socket)
243 (grocy'.apache.vhostConf pcfg.grocy.socket)
244 (phpbb.apache.vhostConf pcfg.phpbb.socket)
245 (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
246 ''
247 <Location "/paste/">
248 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
249 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
250 ProxyPreserveHost on
251 </Location>
252 <Location "/paste">
253 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
254 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
255 ProxyPreserveHost on
256 </Location>
257
258 <Location "/ntfy/">
259 SetEnv proxy-nokeepalive 1
260 SetEnv proxy-sendchunked 1
261 LimitRequestBody 102400
262
263 RewriteEngine On
264
265 # FIXME: why is landing prefixed in the url?
266 RewriteCond %{HTTP:Upgrade} websocket [NC]
267 RewriteCond %{HTTP:Connection} upgrade [NC]
268 RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|ws://tools.immae.eu/$2 [P,NE,QSA,L]
269
270 RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|http://tools.immae.eu/$2 [P,NE,QSA,L]
271 </Location>
272 Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
273 <Directory "/var/lib/buildbot/outputs/immae/bip39">
274 DirectoryIndex index.html
275 AllowOverride None
276 Require all granted
277 </Directory>
278
279 Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
280 <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
281 Options -Indexes
282 DirectoryIndex index.php
283 Require all granted
284 AllowOverride None
285 <FilesMatch "\.php$">
286 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
287 </FilesMatch>
288 </Directory>
289
290 Alias /matrix ${matrix}
291 <Directory "${matrix}">
292 DirectoryIndex index.html
293 AllowOverride None
294 Require all granted
295 </Directory>
296 ''
297 ];
298 };
299
300 services.websites.env.tools.vhostConfs.outils = {
301 certName = "eldiron";
302 hosts = [ "outils.immae.eu" ];
303 root = null;
304 extraConfig = [
305 ''
306 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
307
308 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
309
310 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
311 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
312
313 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
314 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
315 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
316 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
317
318 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
319
320 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
321
322 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
323
324 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
325
326 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
327 ''
328 ];
329 };
330
331 systemd.services = {
332 phpfpm-dokuwiki = {
333 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
334 wants = dokuwiki.phpFpm.serviceDeps;
335 };
336 phpfpm-phpbb = {
337 after = lib.mkAfter phpbb.phpFpm.serviceDeps;
338 wants = phpbb.phpFpm.serviceDeps;
339 };
340 phpfpm-kanboard = {
341 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
342 wants = kanboard.phpFpm.serviceDeps;
343 };
344 phpfpm-ldap = {
345 after = lib.mkAfter ldap.phpFpm.serviceDeps;
346 wants = ldap.phpFpm.serviceDeps;
347 };
348 phpfpm-shaarli = {
349 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
350 wants = shaarli.phpFpm.serviceDeps;
351 };
352 phpfpm-ttrss = {
353 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
354 wants = ttrss.phpFpm.serviceDeps;
355 };
356 phpfpm-wallabag = {
357 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
358 wants = wallabag.phpFpm.serviceDeps;
359 preStart = lib.mkAfter wallabag.phpFpm.preStart;
360 };
361 phpfpm-yourls = {
362 after = lib.mkAfter yourls.phpFpm.serviceDeps;
363 wants = yourls.phpFpm.serviceDeps;
364 };
365 ntfy = {
366 description = "send push notifications to your phone or desktop via scripts from any computer";
367 wantedBy = [ "multi-user.target" ];
368 serviceConfig = {
369 ExecStart = "${pkgs.ntfy-sh}/bin/ntfy serve --listen-http '' --listen-unix %t/ntfy/ntfy.sock --cache-file %S/ntfy/cache.db --cache-duration 120h --behind-proxy --attachment-cache-dir %S/ntfy/attachments --base-url https://tools.immae.eu/ntfy";
370 Type = "simple";
371 WorkingDirectory = "%S/ntfy";
372 RuntimeDirectory = "ntfy";
373 StateDirectory = "ntfy";
374 User = "wwwrun";
375 };
376 };
377 ympd = {
378 description = "Standalone MPD Web GUI written in C";
379 wantedBy = [ "multi-user.target" ];
380 script = ''
381 export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
382 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
383 '';
384 };
385 tt-rss = {
386 description = "Tiny Tiny RSS feeds update daemon";
387 serviceConfig = {
388 User = "wwwrun";
389 ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
390 StandardOutput = "syslog";
391 StandardError = "syslog";
392 PermissionsStartOnly = true;
393 };
394
395 wantedBy = [ "multi-user.target" ];
396 requires = ["postgresql.service"];
397 after = ["network.target" "postgresql.service"];
398 };
399 };
400
401 services.filesWatcher.ympd = {
402 restart = true;
403 paths = [ config.secrets.fullPaths."mpd" ];
404 };
405
406 services.paste = {
407 enable = true;
408 webDirectory = "/paste";
409 };
410
411 services.phpfpm.pools = {
412 tools = {
413 user = "wwwrun";
414 group = "wwwrun";
415 settings = {
416 "listen.owner" = "wwwrun";
417 "listen.group" = "wwwrun";
418 "pm" = "dynamic";
419 "pm.max_children" = "60";
420 "pm.start_servers" = "2";
421 "pm.min_spare_servers" = "1";
422 "pm.max_spare_servers" = "10";
423
424 "php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i";
425 "php_admin_value[session.save_handler]" = "redis";
426 "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Tools:'";
427 # Needed to avoid clashes in browser cookies (same domain)
428 "php_value[session.name]" = "ToolsPHPSESSID";
429 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
430 "/run/wrappers/bin/sendmail" landing "/tmp"
431 config.secrets.fullPaths."webapps/webhooks"
432 "${webhooks-bin-env}/bin"
433 ];
434 };
435 phpEnv = {
436 CONTACT_EMAIL = config.myEnv.tools.contact;
437 };
438 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]);
439 };
440 devtools = {
441 user = "wwwrun";
442 group = "wwwrun";
443 settings = {
444 "listen.owner" = "wwwrun";
445 "listen.group" = "wwwrun";
446 "pm" = "dynamic";
447 "pm.max_children" = "60";
448 "pm.start_servers" = "2";
449 "pm.min_spare_servers" = "1";
450 "pm.max_spare_servers" = "10";
451
452 "php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i";
453 "php_admin_value[session.save_handler]" = "redis";
454 "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Devtools:'";
455 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
456 };
457 phpPackage = pkgs.php82.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.sqlite3 all.redis all.apcu all.opcache ]);
458 };
459 adminer = adminer.phpFpm;
460 ttrss = {
461 user = "wwwrun";
462 group = "wwwrun";
463 settings = ttrss.phpFpm.pool;
464 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
465 };
466 wallabag = {
467 user = "wwwrun";
468 group = "wwwrun";
469 settings = wallabag.phpFpm.pool;
470 phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy all.redis]);
471 };
472 yourls = {
473 user = "wwwrun";
474 group = "wwwrun";
475 settings = yourls.phpFpm.pool;
476 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
477 };
478 rompr = {
479 user = "wwwrun";
480 group = "wwwrun";
481 settings = rompr.phpFpm.pool;
482 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
483 };
484 shaarli = {
485 user = "wwwrun";
486 group = "wwwrun";
487 settings = shaarli.phpFpm.pool;
488 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
489 };
490 dmarc-reports = {
491 user = "wwwrun";
492 group = "wwwrun";
493 settings = dmarc-reports.phpFpm.pool;
494 phpEnv = dmarc-reports.phpFpm.phpEnv;
495 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
496 };
497 dokuwiki = {
498 user = "wwwrun";
499 group = "wwwrun";
500 settings = dokuwiki.phpFpm.pool;
501 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
502 };
503 phpbb = {
504 user = "wwwrun";
505 group = "wwwrun";
506 settings = phpbb.phpFpm.pool;
507 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
508 };
509 ldap = {
510 user = "wwwrun";
511 group = "wwwrun";
512 settings = ldap.phpFpm.pool;
513 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
514 };
515 kanboard = {
516 user = "wwwrun";
517 group = "wwwrun";
518 settings = kanboard.phpFpm.pool;
519 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
520 };
521 grocy = {
522 user = "wwwrun";
523 group = "wwwrun";
524 settings = grocy'.phpFpm.pool;
525 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
526 };
527 };
528
529 system.activationScripts = {
530 grocy = grocy'.activationScript;
531 ttrss = ttrss.activationScript;
532 wallabag = wallabag.activationScript;
533 rompr = rompr.activationScript;
534 shaarli = shaarli.activationScript;
535 dokuwiki = dokuwiki.activationScript;
536 phpbb = phpbb.activationScript;
537 kanboard = kanboard.activationScript;
538 };
539
540 services.websites.env.tools.watchPaths = [
541 config.secrets.fullPaths."webapps/tools-shaarli"
542 ];
543 services.filesWatcher.phpfpm-wallabag = {
544 restart = true;
545 paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
546 };
547
548 myServices.monitoring.fromMasterActivatedPlugins = lib.mkMerge [
549 ttrss.monitoringPlugins
550 rompr.monitoringPlugins
551 wallabag.monitoringPlugins
552 yourls.monitoringPlugins
553 ympd.monitoringPlugins
554 dokuwiki.monitoringPlugins
555 shaarli.monitoringPlugins
556 ldap.monitoringPlugins
557 adminer.monitoringPlugins
558 ];
559 myServices.monitoring.fromMasterObjects = lib.mkMerge [
560 ttrss.monitoringObjects
561 rompr.monitoringObjects
562 wallabag.monitoringObjects
563 yourls.monitoringObjects
564 ympd.monitoringObjects
565 dokuwiki.monitoringObjects
566 shaarli.monitoringObjects
567 ldap.monitoringObjects
568 adminer.monitoringObjects
569 ];
570 };
571 }
572
My infrastructure configuration