+++ /dev/null
-{ lib, pkgs, config, ... }:
-let
- cfg = config.myServices.websites.immae.temp;
- varDir = "/var/lib/immae_temp";
- env = config.myEnv.websites.immae.temp;
-in {
- options.myServices.websites.immae.temp.enable = lib.mkEnableOption "enable Temp' website";
-
- config = lib.mkIf cfg.enable {
- services.websites.env.production.vhostConfs.immae_temp = {
- certName = "immae";
- addToCerts = true;
- hosts = [ "temp.immae.eu" ];
- root = null;
- extraConfig = [ ''
- ProxyVia On
- ProxyRequests Off
- ProxyPreserveHost On
- ProxyPass / unix:///run/surfer/listen.sock|http://temp.immae.eu/
- ProxyPassReverse / unix:///run/surfer/listen.sock|http://temp.immae.eu/
- <Proxy *>
- Options FollowSymLinks MultiViews
- AllowOverride None
- Require all granted
- </Proxy>
- '' ];
- };
-
- secrets.keys."webapps/surfer" = {
- permissions = "0400";
- user = "wwwrun";
- group = "wwwrun";
- text = ''
- CLOUDRON_LDAP_URL=ldaps://${env.ldap.host}
- CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
- TOKENSTORE_FILE=/var/lib/surfer/tokens.json
- CLOUDRON_LDAP_BIND_DN=${env.ldap.dn}
- CLOUDRON_LDAP_BIND_PASSWORD=${env.ldap.password}
- CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
- CLOUDRON_LDAP_FILTER="${env.ldap.filter}"
- LISTEN=/run/surfer/listen.sock
- '';
- };
-
- systemd.services.surfer = {
- description = "Surfer";
- wantedBy = [ "multi-user.target" ];
- after = [ "network.target" ];
-
- script = ''
- exec ${pkgs.webapps.surfer}/bin/surfer-server ${varDir}
- '';
- serviceConfig = {
- EnvironmentFile = config.secrets.fullPaths."webapps/surfer";
- User = "wwwrun";
- Group = "wwwrun";
- StateDirectory = "surfer";
- RuntimeDirectory = "surfer";
- Type = "simple";
- };
- };
- };
-}
-