{ lib, pkgs, config, ... }:
let
adminer = pkgs.callPackage ./adminer.nix {
inherit (pkgs.webapps) adminer;
};
ympd = pkgs.callPackage ./ympd.nix {
env = config.myEnv.tools.ympd;
};
ttrss = pkgs.callPackage ./ttrss.nix {
inherit (pkgs.webapps) ttrss ttrss-plugins;
env = config.myEnv.tools.ttrss;
php = pkgs.php72;
};
kanboard = pkgs.callPackage ./kanboard.nix {
env = config.myEnv.tools.kanboard;
};
wallabag = pkgs.callPackage ./wallabag.nix {
wallabag = pkgs.webapps.wallabag.override {
composerEnv = pkgs.composerEnv.override {
php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
};
};
env = config.myEnv.tools.wallabag;
};
yourls = pkgs.callPackage ./yourls.nix {
inherit (pkgs.webapps) yourls yourls-plugins;
env = config.myEnv.tools.yourls;
};
rompr = pkgs.callPackage ./rompr.nix {
inherit (pkgs.webapps) rompr;
env = config.myEnv.tools.rompr;
};
shaarli = pkgs.callPackage ./shaarli.nix {
env = config.myEnv.tools.shaarli;
};
dokuwiki = pkgs.callPackage ./dokuwiki.nix {
inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
};
ldap = pkgs.callPackage ./ldap.nix {
inherit (pkgs.webapps) phpldapadmin;
env = config.myEnv.tools.phpldapadmin;
};
grocy = pkgs.callPackage ./grocy.nix {
grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
};
phpbb = pkgs.callPackage ./phpbb.nix {
phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
e.empteintesduweb.monitoranswers e.lr94.autosubscribe
e.phpbbmodders.adduser ]);
};
webhooks = pkgs.callPackage ./webhooks.nix {
env = config.myEnv.tools.webhooks;
};
dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
env = config.myEnv.tools.dmarc_reports;
};
csp-reports = pkgs.callPackage ./csp_reports.nix {
env = config.myEnv.tools.csp_reports;
};
landing = pkgs.callPackage ./landing.nix {};
cfg = config.myServices.websites.tools.tools;
pcfg = config.services.phpfpm.pools;
in {
options.myServices.websites.tools.tools = {
enable = lib.mkEnableOption "enable tools website";
};
config = lib.mkIf cfg.enable {
secrets.keys =
kanboard.keys
++ ldap.keys
++ shaarli.keys
++ ttrss.keys
++ wallabag.keys
++ yourls.keys
++ dmarc-reports.keys
++ csp-reports.keys
++ webhooks.keys;
services.duplyBackup.profiles = {
dokuwiki = dokuwiki.backups;
grocy = grocy.backups;
kanboard = kanboard.backups;
rompr = rompr.backups;
shaarli = shaarli.backups;
ttrss = ttrss.backups;
wallabag = wallabag.backups;
phpbb = phpbb.backups;
};
services.websites.env.tools.modules =
[ "proxy_fcgi" ]
++ adminer.apache.modules
++ ympd.apache.modules
++ ttrss.apache.modules
++ wallabag.apache.modules
++ yourls.apache.modules
++ rompr.apache.modules
++ shaarli.apache.modules
++ dokuwiki.apache.modules
++ dmarc-reports.apache.modules
++ phpbb.apache.modules
++ ldap.apache.modules
++ kanboard.apache.modules;
services.websites.env.integration.vhostConfs.devtools = {
certName = "integration";
certMainHost = "devtools.immae.eu";
addToCerts = true;
hosts = [ "devtools.immae.eu" ];
root = "/var/lib/ftp/devtools.immae.eu";
extraConfig = [
''
Timeout 600
ProxyTimeout 600
Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
DirectoryIndex index.php index.htm index.html
AllowOverride all
Require all granted
SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
''
];
};
services.websites.env.tools.vhostConfs.tools = {
certName = "eldiron";
addToCerts = true;
hosts = ["tools.immae.eu" ];
root = landing;
extraConfig = [
''
RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
DirectoryIndex index.html
AllowOverride None
Require all granted
SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
''
(adminer.apache.vhostConf pcfg.adminer.socket)
ympd.apache.vhostConf
(ttrss.apache.vhostConf pcfg.ttrss.socket)
(wallabag.apache.vhostConf pcfg.wallabag.socket)
(yourls.apache.vhostConf pcfg.yourls.socket)
(rompr.apache.vhostConf pcfg.rompr.socket)
(shaarli.apache.vhostConf pcfg.shaarli.socket)
(dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
(ldap.apache.vhostConf pcfg.ldap.socket)
(kanboard.apache.vhostConf pcfg.kanboard.socket)
(grocy.apache.vhostConf pcfg.grocy.socket)
(phpbb.apache.vhostConf pcfg.phpbb.socket)
(dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
''
Alias /paste /var/lib/fiche
DirectoryIndex index.txt index.html
AllowOverride None
Require all granted
Options -Indexes
Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
DirectoryIndex index.html
AllowOverride None
Require all granted
Alias /webhooks ${config.secrets.location}/webapps/webhooks
Options -Indexes
Require all granted
AllowOverride None
SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
''
];
};
services.websites.env.tools.vhostConfs.outils = {
certName = "eldiron";
addToCerts = true;
hosts = [ "outils.immae.eu" ];
root = null;
extraConfig = [
''
RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
''
];
};
systemd.services = {
phpfpm-dokuwiki = {
after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
wants = dokuwiki.phpFpm.serviceDeps;
};
phpfpm-phpbb = {
after = lib.mkAfter phpbb.phpFpm.serviceDeps;
wants = phpbb.phpFpm.serviceDeps;
};
phpfpm-kanboard = {
after = lib.mkAfter kanboard.phpFpm.serviceDeps;
wants = kanboard.phpFpm.serviceDeps;
};
phpfpm-ldap = {
after = lib.mkAfter ldap.phpFpm.serviceDeps;
wants = ldap.phpFpm.serviceDeps;
};
phpfpm-shaarli = {
after = lib.mkAfter shaarli.phpFpm.serviceDeps;
wants = shaarli.phpFpm.serviceDeps;
};
phpfpm-ttrss = {
after = lib.mkAfter ttrss.phpFpm.serviceDeps;
wants = ttrss.phpFpm.serviceDeps;
};
phpfpm-wallabag = {
after = lib.mkAfter wallabag.phpFpm.serviceDeps;
wants = wallabag.phpFpm.serviceDeps;
preStart = lib.mkAfter wallabag.phpFpm.preStart;
};
phpfpm-yourls = {
after = lib.mkAfter yourls.phpFpm.serviceDeps;
wants = yourls.phpFpm.serviceDeps;
};
ympd = {
description = "Standalone MPD Web GUI written in C";
wantedBy = [ "multi-user.target" ];
script = ''
export MPD_PASSWORD=$(cat /var/secrets/mpd)
${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
'';
};
tt-rss = {
description = "Tiny Tiny RSS feeds update daemon";
serviceConfig = {
User = "wwwrun";
ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
StandardOutput = "syslog";
StandardError = "syslog";
PermissionsStartOnly = true;
};
wantedBy = [ "multi-user.target" ];
requires = ["postgresql.service"];
after = ["network.target" "postgresql.service"];
};
};
services.filesWatcher.ympd = {
restart = true;
paths = [ "/var/secrets/mpd" ];
};
services.phpfpm.pools = {
tools = {
user = "wwwrun";
group = "wwwrun";
settings = {
"listen.owner" = "wwwrun";
"listen.group" = "wwwrun";
"pm" = "dynamic";
"pm.max_children" = "60";
"pm.start_servers" = "2";
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "10";
# Needed to avoid clashes in browser cookies (same domain)
"php_value[session.name]" = "ToolsPHPSESSID";
"php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
"/run/wrappers/bin/sendmail" landing "/tmp"
"${config.secrets.location}/webapps/webhooks"
];
"include" = "${config.secrets.location}/webapps/tools-csp-reports.conf";
};
phpEnv = {
CONTACT_EMAIL = config.myEnv.tools.contact;
};
phpPackage = pkgs.php72;
};
devtools = {
user = "wwwrun";
group = "wwwrun";
settings = {
"listen.owner" = "wwwrun";
"listen.group" = "wwwrun";
"pm" = "dynamic";
"pm.max_children" = "60";
"pm.start_servers" = "2";
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "10";
"php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
};
phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
};
adminer = adminer.phpFpm;
ttrss = {
user = "wwwrun";
group = "wwwrun";
settings = ttrss.phpFpm.pool;
phpPackage = pkgs.php72;
};
wallabag = {
user = "wwwrun";
group = "wwwrun";
settings = wallabag.phpFpm.pool;
phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
};
yourls = {
user = "wwwrun";
group = "wwwrun";
settings = yourls.phpFpm.pool;
phpPackage = pkgs.php72;
};
rompr = {
user = "wwwrun";
group = "wwwrun";
settings = rompr.phpFpm.pool;
phpPackage = pkgs.php72;
};
shaarli = {
user = "wwwrun";
group = "wwwrun";
settings = shaarli.phpFpm.pool;
phpPackage = pkgs.php72;
};
dmarc-reports = {
user = "wwwrun";
group = "wwwrun";
settings = dmarc-reports.phpFpm.pool;
phpEnv = dmarc-reports.phpFpm.phpEnv;
phpPackage = pkgs.php72;
};
dokuwiki = {
user = "wwwrun";
group = "wwwrun";
settings = dokuwiki.phpFpm.pool;
phpPackage = pkgs.php72;
};
phpbb = {
user = "wwwrun";
group = "wwwrun";
settings = phpbb.phpFpm.pool;
phpPackage = pkgs.php72;
};
ldap = {
user = "wwwrun";
group = "wwwrun";
settings = ldap.phpFpm.pool;
phpPackage = pkgs.php72;
};
kanboard = {
user = "wwwrun";
group = "wwwrun";
settings = kanboard.phpFpm.pool;
phpPackage = pkgs.php72;
};
grocy = {
user = "wwwrun";
group = "wwwrun";
settings = grocy.phpFpm.pool;
phpPackage = pkgs.php72;
};
};
system.activationScripts = {
adminer = adminer.activationScript;
grocy = grocy.activationScript;
ttrss = ttrss.activationScript;
wallabag = wallabag.activationScript;
yourls = yourls.activationScript;
rompr = rompr.activationScript;
shaarli = shaarli.activationScript;
dokuwiki = dokuwiki.activationScript;
phpbb = phpbb.activationScript;
kanboard = kanboard.activationScript;
ldap = ldap.activationScript;
};
services.websites.webappDirs = {
_adminer = adminer.webRoot;
"${dmarc-reports.apache.webappName}" = dmarc-reports.webRoot;
"${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
"${phpbb.apache.webappName}" = phpbb.webRoot;
"${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
"${rompr.apache.webappName}" = rompr.webRoot;
"${shaarli.apache.webappName}" = shaarli.webRoot;
"${ttrss.apache.webappName}" = ttrss.webRoot;
"${wallabag.apache.webappName}" = wallabag.webRoot;
"${yourls.apache.webappName}" = yourls.webRoot;
"${kanboard.apache.webappName}" = kanboard.webRoot;
"${grocy.apache.webappName}" = grocy.webRoot;
};
services.websites.env.tools.watchPaths = [
"/var/secrets/webapps/tools-shaarli"
];
services.filesWatcher.phpfpm-wallabag = {
restart = true;
paths = [ "/var/secrets/webapps/tools-wallabag" ];
};
services.fiche = {
enable = true;
port = config.myEnv.ports.fiche;
domain = "tools.immae.eu/paste";
https = true;
};
};
}