-{ lib, pkgs, config, myconfig, ... }:
+{ lib, pkgs, config, ... }:
let
www_root = "/run/current-system/webapps/_www";
theme_root = "/run/current-system/webapps/_theme";
apacheConfig = {
+ cache = {
+ # This setting permits to ignore time-based cache for files in the
+ # nix store:
+ # If a client requires an If-Modified-Since from timestamp 1, then
+ # this header is removed, and if the response contains a
+ # too old Last-Modified tag, then it is removed too
+ extraConfig = ''
+ <If "%{HTTP:If-Modified-Since} =~ /01 Jan 1970 00:00:01/" >
+ RequestHeader unset If-Modified-Since
+ </If>
+ Header unset Last-Modified "expr=%{LAST_MODIFIED} < 19991231235959"
+ '';
+ };
gzip = {
modules = [ "deflate" "filter" ];
extraConfig = ''
'';
};
global = {
- extraConfig = (pkgs.webapps.apache-default.override { inherit www_root;}).apacheConfig;
+ extraConfig = ''
+ ErrorDocument 500 /maintenance_immae.html
+ ErrorDocument 501 /maintenance_immae.html
+ ErrorDocument 502 /maintenance_immae.html
+ ErrorDocument 503 /maintenance_immae.html
+ ErrorDocument 504 /maintenance_immae.html
+ Alias /maintenance_immae.html ${www_root}/maintenance_immae.html
+ ProxyPass /maintenance_immae.html !
+
+ AliasMatch "(.*)/googleb6d69446ff4ca3e5.html" ${www_root}/googleb6d69446ff4ca3e5.html
+ <Directory ${www_root}>
+ AllowOverride None
+ Require all granted
+ </Directory>
+ '';
};
apaxy = {
extraConfig = (pkgs.webapps.apache-theme.override { inherit theme_root; }).apacheConfig;
};
makeModules = lib.lists.flatten (lib.attrsets.mapAttrsToList (n: v: v.modules or []) apacheConfig);
makeExtraConfig = (builtins.filter (x: x != null) (lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) apacheConfig));
+ moomin = let
+ lines = lib.splitString "\n" (lib.fileContents ./moomin.txt);
+ pad = width: str: let
+ padWidth = width - lib.stringLength str;
+ padding = lib.concatStrings (lib.genList (lib.const "0") padWidth);
+ in lib.optionalString (padWidth > 0) padding + str;
+ in
+ lib.imap0 (i: e: ''Header always set "X-Moomin-${pad 2 (builtins.toString i)}" "${e}"'') lines;
in
{
- options.myServices.websites.webappDirs = lib.mkOption {
- type = lib.types.attrsOf lib.types.path;
- description = ''
- Webapp paths to create in /run/current-system/webapps
- '';
- default = {};
- };
+ options.myServices.websites.enable = lib.mkEnableOption "enable websites";
- config = {
+ config = lib.mkIf config.myServices.websites.enable {
+ services.duplyBackup.profiles.php = {
+ rootDir = "/var/lib/php";
+ remotes = [ "eriomem" "ovh" ];
+ };
users.users.wwwrun.extraGroups = [ "keys" ];
networking.firewall.allowedTCPPorts = [ 80 443 ];
- nixpkgs.overlays = [ (self: super: rec {
- #openssl = self.openssl_1_1;
- php = php72;
- php72 = (super.php72.override {
- mysql.connector-c = self.mariadb;
- config.php.mysqlnd = false;
- config.php.mysqli = false;
- }).overrideAttrs(old: rec {
- # Didn't manage to build with mysqli + mysql_config connector
- configureFlags = old.configureFlags ++ [
- "--with-mysqli=shared,mysqlnd"
- ];
- # preConfigure = (old.preConfigure or "") + ''
- # export CPPFLAGS="$CPPFLAGS -I${pkgs.mariadb}/include/mysql/server";
- # sed -i -e 's/#include "mysqli_priv.h"/#include "mysqli_priv.h"\n#include <mysql_version.h>/' \
- # ext/mysqli/mysqli.c ext/mysqli/mysqli_prop.c
- # '';
- });
- phpPackages = super.php72Packages.override { inherit php; };
- }) ];
-
secrets.keys = [{
dest = "apache-ldap";
user = "wwwrun";
<IfModule authnz_ldap_module>
AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu STARTTLS
AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu
- AuthLDAPBindPassword "${myconfig.env.httpd.ldap.password}"
+ AuthLDAPBindPassword "${config.myEnv.httpd.ldap.password}"
AuthType Basic
AuthName "Authentification requise (Acces LDAP)"
AuthBasicProvider ldap
system.activationScripts = {
httpd = ''
- install -d -m 0755 ${config.security.acme.directory}/acme-challenge
+ install -d -m 0755 /var/lib/acme/acme-challenges
install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions
'';
};
services.phpfpm = {
- phpPackage = pkgs.php;
phpOptions = ''
session.save_path = "/var/lib/php/sessions"
post_max_size = 20M
; 30 days (minutes)
session.cache_expire = 43200
'';
- extraConfig = ''
- log_level = notice
- '';
+ settings = {
+ log_level = "notice";
+ };
};
services.filesWatcher.httpdProd.paths = [ "/var/secrets/apache-ldap" ];
adminAddr = "httpd@immae.eu";
httpdName = "Prod";
ips =
- let ips = myconfig.env.servers.eldiron.ips.production;
+ let ips = config.myEnv.servers.eldiron.ips.production;
in [ips.ip4] ++ (ips.ip6 or []);
modules = makeModules;
extraConfig = makeExtraConfig;
adminAddr = "httpd@immae.eu";
httpdName = "Inte";
ips =
- let ips = myconfig.env.servers.eldiron.ips.integration;
+ let ips = config.myEnv.servers.eldiron.ips.integration;
in [ips.ip4] ++ (ips.ip6 or []);
modules = makeModules;
- extraConfig = makeExtraConfig;
+ extraConfig = makeExtraConfig ++ moomin;
fallbackVhost = {
certName = "eldiron";
hosts = ["eldiron.immae.eu" ];
adminAddr = "httpd@immae.eu";
httpdName = "Tools";
ips =
- let ips = myconfig.env.servers.eldiron.ips.main;
+ let ips = config.myEnv.servers.eldiron.ips.main;
in [ips.ip4] ++ (ips.ip6 or []);
modules = makeModules;
extraConfig = makeExtraConfig ++
};
};
- system.extraSystemBuilderCmds = lib.mkIf (builtins.length (builtins.attrValues config.myServices.websites.webappDirs) > 0) ''
- mkdir -p $out/webapps
- ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (name: path: "ln -s ${path} $out/webapps/${name}") config.myServices.websites.webappDirs)}
- '';
-
+ services.websites.webappDirs = {
+ _www = ./_www;
+ _theme = pkgs.webapps.apache-theme.theme;
+ };
myServices.websites = {
- webappDirs = {
- _www = pkgs.webapps.apache-default.www;
- _theme = pkgs.webapps.apache-theme.theme;
+ capitaines.landing_pages.enable = true;
+
+ chloe = {
+ integration.enable = true;
+ production.enable = true;
};
- aten.integration.enable = true;
- aten.production.enable = true;
+ cip-ca = {
+ sympa.enable = true;
+ };
- capitaines.production.enable = true;
+ connexionswing = {
+ integration.enable = true;
+ production.enable = true;
+ };
- chloe.integration.enable = true;
- chloe.production.enable = true;
+ denise = {
+ evariste.enable = true;
+ denisejerome.enable = true;
+ oms.enable = true;
+ aventuriers.enable = true;
+ production.enable = true;
+ };
- connexionswing.integration.enable = true;
- connexionswing.production.enable = true;
+ emilia.moodle.enable = true;
- denisejerome.production.enable = true;
+ florian = {
+ app.enable = true;
+ integration.enable = true;
+ production.enable = true;
+ };
- emilia.production.enable = true;
+ immae = {
+ production.enable = true;
+ release.enable = true;
+ temp.enable = true;
+ };
- florian.app.enable = true;
- florian.integration.enable = true;
- florian.production.enable = true;
+ isabelle = {
+ aten_integration.enable = true;
+ aten_production.enable = true;
+ iridologie.enable = true;
+ };
- immae.production.enable = true;
- immae.release.enable = true;
- immae.temp.enable = true;
+ jerome.naturaloutil.enable = true;
leila.production.enable = true;
- ludivinecassal.integration.enable = true;
- ludivinecassal.production.enable = true;
+ ludivine = {
+ integration.enable = true;
+ production.enable = true;
+ };
nassime.production.enable = true;
- naturaloutil.production.enable = true;
+ nathanael.villon.enable = true;
+
+ papa = {
+ surveillance.enable = true;
+ maison_bbc.enable = true;
+ };
+
+ patrick_fodella.production.enable = true;
- papa.surveillance.enable = true;
+ piedsjaloux = {
+ integration.enable = true;
+ production.enable = true;
+ };
+
+ richie.production.enable = true;
- piedsjaloux.integration.enable = true;
- piedsjaloux.production.enable = true;
+ syden.peertube.enable = true;
+ telio_tortay.production.enable = true;
+
+ tools.assets.enable = true;
tools.cloud.enable = true;
+ tools.commento.enable = true;
tools.dav.enable = true;
tools.db.enable = true;
tools.diaspora.enable = true;
tools.mastodon.enable = true;
tools.mediagoblin.enable = true;
tools.peertube.enable = true;
+ tools.performance.enable = true;
tools.tools.enable = true;
tools.email.enable = true;
+
+ games.codenames.enable = true;
};
};
}
projects / perso / Immae / Config / Nix.git / blobdiff