-{ lib, pkgs, config, myconfig, ... }:
+{ lib, pkgs, config, ... }:
let
adminer = pkgs.callPackage ./adminer.nix {
inherit (pkgs.webapps) adminer;
};
ympd = pkgs.callPackage ./ympd.nix {
- env = myconfig.env.tools.ympd;
+ env = config.myEnv.tools.ympd;
};
ttrss = pkgs.callPackage ./ttrss.nix {
inherit (pkgs.webapps) ttrss ttrss-plugins;
- env = myconfig.env.tools.ttrss;
+ env = config.myEnv.tools.ttrss;
};
- roundcubemail = pkgs.callPackage ./roundcubemail.nix {
- inherit (pkgs.webapps) roundcubemail roundcubemail-plugins roundcubemail-skins;
- env = myconfig.env.tools.roundcubemail;
- };
- rainloop = pkgs.callPackage ./rainloop.nix {};
kanboard = pkgs.callPackage ./kanboard.nix {
- env = myconfig.env.tools.kanboard;
+ env = config.myEnv.tools.kanboard;
};
wallabag = pkgs.callPackage ./wallabag.nix {
inherit (pkgs.webapps) wallabag;
- env = myconfig.env.tools.wallabag;
+ env = config.myEnv.tools.wallabag;
};
yourls = pkgs.callPackage ./yourls.nix {
inherit (pkgs.webapps) yourls yourls-plugins;
- env = myconfig.env.tools.yourls;
+ env = config.myEnv.tools.yourls;
};
rompr = pkgs.callPackage ./rompr.nix {
inherit (pkgs.webapps) rompr;
- env = myconfig.env.tools.rompr;
+ env = config.myEnv.tools.rompr;
};
shaarli = pkgs.callPackage ./shaarli.nix {
- env = myconfig.env.tools.shaarli;
+ env = config.myEnv.tools.shaarli;
};
dokuwiki = pkgs.callPackage ./dokuwiki.nix {
inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
};
ldap = pkgs.callPackage ./ldap.nix {
inherit (pkgs.webapps) phpldapadmin;
- env = myconfig.env.tools.phpldapadmin;
+ env = config.myEnv.tools.phpldapadmin;
+ };
+ grocy = pkgs.callPackage ./grocy.nix {
+ inherit (pkgs.webapps) grocy;
};
cfg = config.myServices.websites.tools.tools;
+ pcfg = config.services.phpfpm.pools;
in {
options.myServices.websites.tools.tools = {
enable = lib.mkEnableOption "enable tools website";
secrets.keys =
kanboard.keys
++ ldap.keys
- ++ roundcubemail.keys
++ shaarli.keys
++ ttrss.keys
++ wallabag.keys
++ yourls.keys;
- services.websites.env.integration.modules =
- rainloop.apache.modules;
+ services.duplyBackup.profiles = {
+ dokuwiki = dokuwiki.backups;
+ grocy = grocy.backups;
+ kanboard = kanboard.backups;
+ rompr = rompr.backups;
+ shaarli = shaarli.backups;
+ ttrss = ttrss.backups;
+ wallabag = wallabag.backups;
+ };
services.websites.env.tools.modules =
[ "proxy_fcgi" ]
++ adminer.apache.modules
++ ympd.apache.modules
++ ttrss.apache.modules
- ++ roundcubemail.apache.modules
++ wallabag.apache.modules
++ yourls.apache.modules
++ rompr.apache.modules
++ kanboard.apache.modules;
services.websites.env.integration.vhostConfs.devtools = {
- certName = "eldiron";
- addToCerts = true;
- hosts = ["devtools.immae.eu" ];
- root = "/var/lib/ftp/devtools.immae.eu";
- extraConfig = [
+ certName = "integration";
+ certMainHost = "devtools.immae.eu";
+ addToCerts = true;
+ hosts = [ "devtools.immae.eu" ];
+ root = "/var/lib/ftp/devtools.immae.eu";
+ extraConfig = [
''
+ Timeout 600
+ ProxyTimeout 600
<Directory "/var/lib/ftp/devtools.immae.eu">
DirectoryIndex index.php index.htm index.html
AllowOverride all
Require all granted
<FilesMatch "\.php$">
- SetHandler "proxy:unix:/var/run/phpfpm/devtools.sock|fcgi://localhost"
+ SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
</FilesMatch>
</Directory>
''
- rainloop.apache.vhostConf
];
};
root = "/var/lib/ftp/tools.immae.eu";
extraConfig = [
''
+ RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
+ RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
+ RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
+
<Directory "/var/lib/ftp/tools.immae.eu">
DirectoryIndex index.php index.htm index.html
AllowOverride all
Require all granted
<FilesMatch "\.php$">
- SetHandler "proxy:unix:/var/run/phpfpm/tools.sock|fcgi://localhost"
+ SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
</FilesMatch>
</Directory>
''
- adminer.apache.vhostConf
+ (adminer.apache.vhostConf pcfg.adminer.socket)
ympd.apache.vhostConf
- ttrss.apache.vhostConf
- roundcubemail.apache.vhostConf
- wallabag.apache.vhostConf
- yourls.apache.vhostConf
- rompr.apache.vhostConf
- shaarli.apache.vhostConf
- dokuwiki.apache.vhostConf
- ldap.apache.vhostConf
- kanboard.apache.vhostConf
+ (ttrss.apache.vhostConf pcfg.ttrss.socket)
+ (wallabag.apache.vhostConf pcfg.wallabag.socket)
+ (yourls.apache.vhostConf pcfg.yourls.socket)
+ (rompr.apache.vhostConf pcfg.rompr.socket)
+ (shaarli.apache.vhostConf pcfg.shaarli.socket)
+ (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
+ (ldap.apache.vhostConf pcfg.ldap.socket)
+ (kanboard.apache.vhostConf pcfg.kanboard.socket)
+ (grocy.apache.vhostConf pcfg.grocy.socket)
];
};
RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
+ RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
+
+ RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
+
+ RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
+
RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
''
];
after = lib.mkAfter ldap.phpFpm.serviceDeps;
wants = ldap.phpFpm.serviceDeps;
};
- phpfpm-rainloop = {
- after = lib.mkAfter rainloop.phpFpm.serviceDeps;
- wants = rainloop.phpFpm.serviceDeps;
- };
- phpfpm-roundcubemail = {
- after = lib.mkAfter roundcubemail.phpFpm.serviceDeps;
- wants = roundcubemail.phpFpm.serviceDeps;
- };
phpfpm-shaarli = {
after = lib.mkAfter shaarli.phpFpm.serviceDeps;
wants = shaarli.phpFpm.serviceDeps;
paths = [ "/var/secrets/mpd" ];
};
- services.phpfpm.pools.roundcubemail = {
- listen = roundcubemail.phpFpm.socket;
- extraConfig = roundcubemail.phpFpm.pool;
- phpOptions = config.services.phpfpm.phpOptions + roundcubemail.phpFpm.phpConfig;
- };
-
- services.phpfpm.pools.devtools = {
- listen = "/var/run/phpfpm/devtools.sock";
- extraConfig = ''
- user = wwwrun
- group = wwwrun
- listen.owner = wwwrun
- listen.group = wwwrun
- pm = dynamic
- pm.max_children = 60
- pm.start_servers = 2
- pm.min_spare_servers = 1
- pm.max_spare_servers = 10
-
- php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp"
- '';
- phpOptions = config.services.phpfpm.phpOptions + ''
- extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
- extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
- zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
- '';
- };
+ services.phpfpm.pools = {
+ tools = {
+ user = "wwwrun";
+ group = "wwwrun";
+ settings = {
+ "listen.owner" = "wwwrun";
+ "listen.group" = "wwwrun";
+ "pm" = "dynamic";
+ "pm.max_children" = "60";
+ "pm.start_servers" = "2";
+ "pm.min_spare_servers" = "1";
+ "pm.max_spare_servers" = "10";
- services.phpfpm.poolConfigs = {
- adminer = adminer.phpFpm.pool;
- ttrss = ttrss.phpFpm.pool;
- wallabag = wallabag.phpFpm.pool;
- yourls = yourls.phpFpm.pool;
- rompr = rompr.phpFpm.pool;
- shaarli = shaarli.phpFpm.pool;
- dokuwiki = dokuwiki.phpFpm.pool;
- ldap = ldap.phpFpm.pool;
- rainloop = rainloop.phpFpm.pool;
- kanboard = kanboard.phpFpm.pool;
- tools = ''
- listen = /var/run/phpfpm/tools.sock
- user = wwwrun
- group = wwwrun
- listen.owner = wwwrun
- listen.group = wwwrun
- pm = dynamic
- pm.max_children = 60
- pm.start_servers = 2
- pm.min_spare_servers = 1
- pm.max_spare_servers = 10
+ # Needed to avoid clashes in browser cookies (same domain)
+ "php_value[session.name]" = "ToolsPHPSESSID";
+ "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp";
+ };
+ };
+ devtools = {
+ user = "wwwrun";
+ group = "wwwrun";
+ settings = {
+ "listen.owner" = "wwwrun";
+ "listen.group" = "wwwrun";
+ "pm" = "dynamic";
+ "pm.max_children" = "60";
+ "pm.start_servers" = "2";
+ "pm.min_spare_servers" = "1";
+ "pm.max_spare_servers" = "10";
- ; Needed to avoid clashes in browser cookies (same domain)
- php_value[session.name] = ToolsPHPSESSID
- php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
- '';
+ "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
+ };
+ phpOptions = config.services.phpfpm.phpOptions + ''
+ extension=${pkgs.php}/lib/php/extensions/mysqli.so
+ extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
+ extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
+ zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
+ '';
+ };
+ adminer = adminer.phpFpm;
+ ttrss = {
+ user = "wwwrun";
+ group = "wwwrun";
+ settings = ttrss.phpFpm.pool;
+ };
+ wallabag = {
+ user = "wwwrun";
+ group = "wwwrun";
+ settings = wallabag.phpFpm.pool;
+ };
+ yourls = {
+ user = "wwwrun";
+ group = "wwwrun";
+ settings = yourls.phpFpm.pool;
+ };
+ rompr = {
+ user = "wwwrun";
+ group = "wwwrun";
+ settings = rompr.phpFpm.pool;
+ };
+ shaarli = {
+ user = "wwwrun";
+ group = "wwwrun";
+ settings = shaarli.phpFpm.pool;
+ };
+ dokuwiki = {
+ user = "wwwrun";
+ group = "wwwrun";
+ settings = dokuwiki.phpFpm.pool;
+ };
+ ldap = {
+ user = "wwwrun";
+ group = "wwwrun";
+ settings = ldap.phpFpm.pool;
+ };
+ kanboard = {
+ user = "wwwrun";
+ group = "wwwrun";
+ settings = kanboard.phpFpm.pool;
+ };
+ grocy = {
+ user = "wwwrun";
+ group = "wwwrun";
+ settings = grocy.phpFpm.pool;
+ };
};
system.activationScripts = {
adminer = adminer.activationScript;
+ grocy = grocy.activationScript;
ttrss = ttrss.activationScript;
- roundcubemail = roundcubemail.activationScript;
wallabag = wallabag.activationScript;
yourls = yourls.activationScript;
rompr = rompr.activationScript;
shaarli = shaarli.activationScript;
dokuwiki = dokuwiki.activationScript;
- rainloop = rainloop.activationScript;
kanboard = kanboard.activationScript;
ldap = ldap.activationScript;
};
"${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
"${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
"${rompr.apache.webappName}" = rompr.webRoot;
- "${roundcubemail.apache.webappName}" = roundcubemail.webRoot;
"${shaarli.apache.webappName}" = shaarli.webRoot;
"${ttrss.apache.webappName}" = ttrss.webRoot;
"${wallabag.apache.webappName}" = wallabag.webRoot;
"${yourls.apache.webappName}" = yourls.webRoot;
- "${rainloop.apache.webappName}" = rainloop.webRoot;
"${kanboard.apache.webappName}" = kanboard.webRoot;
+ "${grocy.apache.webappName}" = grocy.webRoot;
};
services.websites.env.tools.watchPaths = [
- "/var/secrets/webapps/tools-wallabag"
+ "/var/secrets/webapps/tools-shaarli"
];
services.filesWatcher.phpfpm-wallabag = {
restart = true;
projects / perso / Immae / Config / Nix.git / blobdiff