{ lib, pkgs, config, myconfig, mylibs, ... }: let adminer = pkgs.callPackage ../../commons/adminer.nix {}; ympd = pkgs.callPackage ./ympd.nix { env = myconfig.env.tools.ympd; }; ttrss = pkgs.callPackage ./ttrss.nix { inherit (mylibs) fetchedGithub fetchedGit; env = myconfig.env.tools.ttrss; }; roundcubemail = pkgs.callPackage ./roundcubemail.nix { env = myconfig.env.tools.roundcubemail; }; rainloop = pkgs.callPackage ./rainloop.nix {}; kanboard = pkgs.callPackage ./kanboard.nix { inherit (mylibs) fetchedGithub; env = myconfig.env.tools.kanboard; }; wallabag = pkgs.callPackage ./wallabag.nix { env = myconfig.env.tools.wallabag; }; yourls = pkgs.callPackage ./yourls.nix { inherit (mylibs) fetchedGithub; env = myconfig.env.tools.yourls; }; rompr = pkgs.callPackage ./rompr.nix { inherit (mylibs) fetchedGithub; env = myconfig.env.tools.rompr; }; shaarli = pkgs.callPackage ./shaarli.nix { env = myconfig.env.tools.shaarli; }; dokuwiki = pkgs.callPackage ./dokuwiki.nix { inherit (mylibs) fetchedGithub; }; ldap = pkgs.callPackage ./ldap.nix { env = myconfig.env.tools.phpldapadmin; }; cfg = config.services.myWebsites.tools.tools; in { options.services.myWebsites.tools.tools = { enable = lib.mkEnableOption "enable tools website"; }; config = lib.mkIf cfg.enable { security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null; security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null; services.myWebsites.integration.modules = rainloop.apache.modules; services.myWebsites.tools.modules = [ "proxy_fcgi" ] ++ adminer.apache.modules ++ ympd.apache.modules ++ ttrss.apache.modules ++ roundcubemail.apache.modules ++ wallabag.apache.modules ++ yourls.apache.modules ++ rompr.apache.modules ++ shaarli.apache.modules ++ dokuwiki.apache.modules ++ ldap.apache.modules ++ kanboard.apache.modules; services.ympd = ympd.config // { enable = true; }; services.myWebsites.integration.vhostConfs.devtools = { certName = "eldiron"; hosts = ["devtools.immae.eu" ]; root = null; extraConfig = [ rainloop.apache.vhostConf ]; }; services.myWebsites.tools.vhostConfs.tools = { certName = "eldiron"; hosts = ["tools.immae.eu" ]; root = "/var/lib/ftp/tools.immae.eu"; extraConfig = [ '' DirectoryIndex index.php index.htm index.html AllowOverride all Require all granted SetHandler "proxy:unix:/var/run/phpfpm/tools.sock|fcgi://localhost" '' adminer.apache.vhostConf ympd.apache.vhostConf ttrss.apache.vhostConf roundcubemail.apache.vhostConf wallabag.apache.vhostConf yourls.apache.vhostConf rompr.apache.vhostConf shaarli.apache.vhostConf dokuwiki.apache.vhostConf ldap.apache.vhostConf kanboard.apache.vhostConf ]; }; security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null; services.myWebsites.tools.vhostConfs.outils = { certName = "eldiron"; hosts = [ "outils.immae.eu" ]; root = null; extraConfig = [ '' RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1 '' ]; }; services.myPhpfpm.poolConfigs = { adminer = adminer.phpFpm.pool; ttrss = ttrss.phpFpm.pool; roundcubemail = roundcubemail.phpFpm.pool; wallabag = wallabag.phpFpm.pool; yourls = yourls.phpFpm.pool; rompr = rompr.phpFpm.pool; shaarli = shaarli.phpFpm.pool; dokuwiki = dokuwiki.phpFpm.pool; ldap = ldap.phpFpm.pool; rainloop = rainloop.phpFpm.pool; kanboard = kanboard.phpFpm.pool; tools = '' listen = /var/run/phpfpm/tools.sock user = wwwrun group = wwwrun listen.owner = wwwrun listen.group = wwwrun pm = dynamic pm.max_children = 60 pm.start_servers = 2 pm.min_spare_servers = 1 pm.max_spare_servers = 10 ; Needed to avoid clashes in browser cookies (same domain) php_value[session.name] = ToolsPHPSESSID php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp" ''; }; system.activationScripts = { ttrss = ttrss.activationScript; roundcubemail = roundcubemail.activationScript; wallabag = wallabag.activationScript; yourls = yourls.activationScript; rompr = rompr.activationScript; shaarli = shaarli.activationScript; dokuwiki = dokuwiki.activationScript; rainloop = rainloop.activationScript; kanboard = kanboard.activationScript; }; system.extraSystemBuilderCmds = '' mkdir -p $out/webapps ln -s ${dokuwiki.webRoot} $out/webapps/${dokuwiki.apache.webappName} ln -s ${ldap.webRoot}/htdocs $out/webapps/${ldap.apache.webappName} ln -s ${rompr.webRoot} $out/webapps/${rompr.apache.webappName} ln -s ${roundcubemail.webRoot} $out/webapps/${roundcubemail.apache.webappName} ln -s ${shaarli.webRoot} $out/webapps/${shaarli.apache.webappName} ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName} ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName} ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName} ln -s ${rainloop.webRoot} $out/webapps/${rainloop.apache.webappName} ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName} ''; nixpkgs.overlays = [ (self: super: rec { ympd = super.ympd.overrideAttrs(old: mylibs.fetchedGithub ./ympd.json); }) ]; systemd.services.tt-rss = { description = "Tiny Tiny RSS feeds update daemon"; serviceConfig = { User = "wwwrun"; ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon"; StandardOutput = "syslog"; StandardError = "syslog"; PermissionsStartOnly = true; }; wantedBy = [ "multi-user.target" ]; requires = ["postgresql.service"]; after = ["network.target" "postgresql.service"]; }; }; }