{ lib, pkgs, config, myconfig, ... }:
let
adminer = pkgs.callPackage ./adminer.nix {
inherit (pkgs.webapps) adminer;
};
ympd = pkgs.callPackage ./ympd.nix {
env = myconfig.env.tools.ympd;
};
ttrss = pkgs.callPackage ./ttrss.nix {
inherit (pkgs.webapps) ttrss ttrss-plugins;
env = myconfig.env.tools.ttrss;
};
roundcubemail = pkgs.callPackage ./roundcubemail.nix {
inherit (pkgs.webapps) roundcubemail roundcubemail-plugins roundcubemail-skins;
env = myconfig.env.tools.roundcubemail;
};
rainloop = pkgs.callPackage ./rainloop.nix {};
kanboard = pkgs.callPackage ./kanboard.nix {
env = myconfig.env.tools.kanboard;
};
wallabag = pkgs.callPackage ./wallabag.nix {
inherit (pkgs.webapps) wallabag;
env = myconfig.env.tools.wallabag;
};
yourls = pkgs.callPackage ./yourls.nix {
inherit (pkgs.webapps) yourls yourls-plugins;
env = myconfig.env.tools.yourls;
};
rompr = pkgs.callPackage ./rompr.nix {
inherit (pkgs.webapps) rompr;
env = myconfig.env.tools.rompr;
};
shaarli = pkgs.callPackage ./shaarli.nix {
env = myconfig.env.tools.shaarli;
};
dokuwiki = pkgs.callPackage ./dokuwiki.nix {
inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
};
ldap = pkgs.callPackage ./ldap.nix {
inherit (pkgs.webapps) phpldapadmin;
env = myconfig.env.tools.phpldapadmin;
};
cfg = config.myServices.websites.tools.tools;
in {
options.myServices.websites.tools.tools = {
enable = lib.mkEnableOption "enable tools website";
};
config = lib.mkIf cfg.enable {
secrets.keys =
kanboard.keys
++ ldap.keys
++ roundcubemail.keys
++ shaarli.keys
++ ttrss.keys
++ wallabag.keys
++ yourls.keys;
services.websites.integration.modules =
rainloop.apache.modules;
services.websites.tools.modules =
[ "proxy_fcgi" ]
++ adminer.apache.modules
++ ympd.apache.modules
++ ttrss.apache.modules
++ roundcubemail.apache.modules
++ wallabag.apache.modules
++ yourls.apache.modules
++ rompr.apache.modules
++ shaarli.apache.modules
++ dokuwiki.apache.modules
++ ldap.apache.modules
++ kanboard.apache.modules;
services.websites.integration.vhostConfs.devtools = {
certName = "eldiron";
addToCerts = true;
hosts = ["devtools.immae.eu" ];
root = "/var/lib/ftp/devtools.immae.eu";
extraConfig = [
''
DirectoryIndex index.php index.htm index.html
AllowOverride all
Require all granted
SetHandler "proxy:unix:/var/run/phpfpm/devtools.sock|fcgi://localhost"
''
rainloop.apache.vhostConf
];
};
services.websites.tools.vhostConfs.tools = {
certName = "eldiron";
addToCerts = true;
hosts = ["tools.immae.eu" ];
root = "/var/lib/ftp/tools.immae.eu";
extraConfig = [
''
DirectoryIndex index.php index.htm index.html
AllowOverride all
Require all granted
SetHandler "proxy:unix:/var/run/phpfpm/tools.sock|fcgi://localhost"
''
adminer.apache.vhostConf
ympd.apache.vhostConf
ttrss.apache.vhostConf
roundcubemail.apache.vhostConf
wallabag.apache.vhostConf
yourls.apache.vhostConf
rompr.apache.vhostConf
shaarli.apache.vhostConf
dokuwiki.apache.vhostConf
ldap.apache.vhostConf
kanboard.apache.vhostConf
];
};
services.websites.tools.vhostConfs.outils = {
certName = "eldiron";
addToCerts = true;
hosts = [ "outils.immae.eu" ];
root = null;
extraConfig = [
''
RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
''
];
};
systemd.services = {
phpfpm-dokuwiki = {
after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
wants = dokuwiki.phpFpm.serviceDeps;
};
phpfpm-kanboard = {
after = lib.mkAfter kanboard.phpFpm.serviceDeps;
wants = kanboard.phpFpm.serviceDeps;
};
phpfpm-ldap = {
after = lib.mkAfter ldap.phpFpm.serviceDeps;
wants = ldap.phpFpm.serviceDeps;
};
phpfpm-rainloop = {
after = lib.mkAfter rainloop.phpFpm.serviceDeps;
wants = rainloop.phpFpm.serviceDeps;
};
phpfpm-roundcubemail = {
after = lib.mkAfter roundcubemail.phpFpm.serviceDeps;
wants = roundcubemail.phpFpm.serviceDeps;
};
phpfpm-shaarli = {
after = lib.mkAfter shaarli.phpFpm.serviceDeps;
wants = shaarli.phpFpm.serviceDeps;
};
phpfpm-ttrss = {
after = lib.mkAfter ttrss.phpFpm.serviceDeps;
wants = ttrss.phpFpm.serviceDeps;
};
phpfpm-wallabag = {
after = lib.mkAfter wallabag.phpFpm.serviceDeps;
wants = wallabag.phpFpm.serviceDeps;
preStart = lib.mkAfter wallabag.phpFpm.preStart;
};
phpfpm-yourls = {
after = lib.mkAfter yourls.phpFpm.serviceDeps;
wants = yourls.phpFpm.serviceDeps;
};
ympd = {
description = "Standalone MPD Web GUI written in C";
wantedBy = [ "multi-user.target" ];
script = ''
export MPD_PASSWORD=$(cat /var/secrets/mpd)
${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
'';
};
tt-rss = {
description = "Tiny Tiny RSS feeds update daemon";
serviceConfig = {
User = "wwwrun";
ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
StandardOutput = "syslog";
StandardError = "syslog";
PermissionsStartOnly = true;
};
wantedBy = [ "multi-user.target" ];
requires = ["postgresql.service"];
after = ["network.target" "postgresql.service"];
};
};
services.phpfpm.pools.roundcubemail = {
listen = roundcubemail.phpFpm.socket;
extraConfig = roundcubemail.phpFpm.pool;
phpOptions = config.services.phpfpm.phpOptions + roundcubemail.phpFpm.phpConfig;
};
services.phpfpm.pools.devtools = {
listen = "/var/run/phpfpm/devtools.sock";
extraConfig = ''
user = wwwrun
group = wwwrun
listen.owner = wwwrun
listen.group = wwwrun
pm = dynamic
pm.max_children = 60
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 10
php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp"
'';
phpOptions = config.services.phpfpm.phpOptions + ''
extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
'';
};
services.phpfpm.poolConfigs = {
adminer = adminer.phpFpm.pool;
ttrss = ttrss.phpFpm.pool;
wallabag = wallabag.phpFpm.pool;
yourls = yourls.phpFpm.pool;
rompr = rompr.phpFpm.pool;
shaarli = shaarli.phpFpm.pool;
dokuwiki = dokuwiki.phpFpm.pool;
ldap = ldap.phpFpm.pool;
rainloop = rainloop.phpFpm.pool;
kanboard = kanboard.phpFpm.pool;
tools = ''
listen = /var/run/phpfpm/tools.sock
user = wwwrun
group = wwwrun
listen.owner = wwwrun
listen.group = wwwrun
pm = dynamic
pm.max_children = 60
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 10
; Needed to avoid clashes in browser cookies (same domain)
php_value[session.name] = ToolsPHPSESSID
php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
'';
};
system.activationScripts = {
adminer = adminer.activationScript;
ttrss = ttrss.activationScript;
roundcubemail = roundcubemail.activationScript;
wallabag = wallabag.activationScript;
yourls = yourls.activationScript;
rompr = rompr.activationScript;
shaarli = shaarli.activationScript;
dokuwiki = dokuwiki.activationScript;
rainloop = rainloop.activationScript;
kanboard = kanboard.activationScript;
ldap = ldap.activationScript;
};
myServices.websites.webappDirs = {
_adminer = adminer.webRoot;
"${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
"${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
"${rompr.apache.webappName}" = rompr.webRoot;
"${roundcubemail.apache.webappName}" = roundcubemail.webRoot;
"${shaarli.apache.webappName}" = shaarli.webRoot;
"${ttrss.apache.webappName}" = ttrss.webRoot;
"${wallabag.apache.webappName}" = wallabag.webRoot;
"${yourls.apache.webappName}" = yourls.webRoot;
"${rainloop.apache.webappName}" = rainloop.webRoot;
"${kanboard.apache.webappName}" = kanboard.webRoot;
};
};
}