-{ lib, pkgs, config, ... }:
+{ lib, pkgs, config, mypackages-lib, grocy, ... }:
let
- flakeCompat = import ../../../../../lib/flake-compat.nix;
-
- adminer = pkgs.callPackage ./adminer.nix {};
+ composerEnv = mypackages-lib.composerEnv;
+ adminer = pkgs.callPackage ./adminer.nix { inherit config; };
ympd = pkgs.callPackage ./ympd.nix {
env = config.myEnv.tools.ympd;
+ inherit config;
};
ttrss = pkgs.callPackage ./ttrss.nix {
- inherit (pkgs.webapps) ttrss ttrss-plugins;
+ ttrss = pkgs.webapps-ttrss;
+ ttrss-plugins = pkgs.webapps-ttrss-plugins;
env = config.myEnv.tools.ttrss;
php = pkgs.php72;
inherit config;
env = config.myEnv.tools.kanboard;
};
wallabag = pkgs.callPackage ./wallabag.nix {
- wallabag = pkgs.webapps.wallabag.override {
- composerEnv = pkgs.composerEnv.override {
+ wallabag = pkgs.webapps-wallabag.override {
+ composerEnv = composerEnv.override {
php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
};
};
inherit config;
};
yourls = pkgs.callPackage ./yourls.nix {
- inherit (pkgs.webapps) yourls yourls-plugins;
+ yourls = pkgs.webapps-yourls;
+ yourls-plugins = pkgs.webapps-yourls-plugins;
env = config.myEnv.tools.yourls;
inherit config;
};
rompr = pkgs.callPackage ./rompr.nix {
- inherit (pkgs.webapps) rompr;
+ rompr = pkgs.webapps-rompr;
env = config.myEnv.tools.rompr;
+ inherit config;
};
shaarli = pkgs.callPackage ./shaarli.nix {
env = config.myEnv.tools.shaarli;
inherit config;
};
dokuwiki = pkgs.callPackage ./dokuwiki.nix {
- inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
+ dokuwiki = pkgs.webapps-dokuwiki;
+ dokuwiki-plugins = pkgs.webapps-dokuwiki-plugins;
+ inherit config;
};
ldap = pkgs.callPackage ./ldap.nix {
- inherit (pkgs.webapps) phpldapadmin;
+ phpldapadmin = pkgs.webapps-phpldapadmin;
env = config.myEnv.tools.phpldapadmin;
inherit config;
};
- grocy = pkgs.callPackage ./grocy.nix {
- grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
+ grocy' = pkgs.callPackage ./grocy.nix {
+ grocy = grocy.override { composerEnv = composerEnv.override { php = pkgs.php72; }; };
};
phpbb = pkgs.callPackage ./phpbb.nix {
- phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
+ phpbb = (pkgs.webapps-phpbb.withLangs (l: [ l.fr ])).withExts (e: [
e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
e.empteintesduweb.monitoranswers e.lr94.autosubscribe
e.phpbbmodders.adduser ]);
};
+ webhooks-bin-env = pkgs.buildEnv {
+ name = "webhook-env";
+ paths = [ pkgs.apprise ];
+ pathsToLink = [ "/bin" ];
+ };
webhooks = pkgs.callPackage ./webhooks.nix {
env = config.myEnv.tools.webhooks;
+ binEnv = webhooks-bin-env;
};
dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
env = config.myEnv.tools.dmarc_reports;
inherit config;
};
- csp-reports = pkgs.callPackage ./csp_reports.nix {
- env = config.myEnv.tools.csp_reports;
- };
- landing = pkgs.callPackage ./landing.nix {};
+ landing = pkgs.callPackage ./landing.nix { };
cfg = config.myServices.websites.tools.tools;
pcfg = config.services.phpfpm.pools;
in {
- imports =
- builtins.attrValues (flakeCompat ../../../../../flakes/private/paste).nixosModules;
-
options.myServices.websites.tools.tools = {
enable = lib.mkEnableOption "enable tools website";
};
config = lib.mkIf cfg.enable {
+ # Services needing to send e-mails
+ myServices.dns.zones."immae.eu".emailPolicies."tools".receive = true;
+ myServices.dns.zones."immae.eu".subdomains =
+ with config.myServices.dns.helpers;
+ {
+ outils = ips servers.eldiron.ips.main;
+ tools = lib.mkMerge [
+ (mailCommon "immae.eu")
+ mailSend
+ (ips servers.eldiron.ips.main)
+ ];
+ };
+
+ myServices.chatonsProperties.services = {
+ adminer = adminer.chatonsProperties;
+ dokuwiki = dokuwiki.chatonsProperties;
+ shaarli = shaarli.chatonsProperties;
+ ttrss = ttrss.chatonsProperties;
+ wallabag = wallabag.chatonsProperties;
+ paste = {
+ file.datetime = "2022-08-22T00:15:00";
+ service = {
+ name = "Paste";
+ description = "A simple paster script with syntax highlight";
+ website = "https://tools.immae.eu/paste/";
+ logo = "https://assets.immae.eu/logo.jpg";
+ status.level = "OK";
+ status.description = "OK";
+ registration."" = ["MEMBER" "CLIENT"];
+ registration.load = "OPEN";
+ install.type = "PACKAGE";
+ guide.user = "https://tools.immae.eu/paste/";
+ };
+ software = {
+ name = "Paste";
+ website = "https://tools.immae.eu/paste/";
+ license.url = "https://tools.immae.eu/paste/license";
+ license.name = "MIT License";
+ version = "Unversioned";
+ source.url = "https://tools.immae.eu/paste/abcd123/py";
+ };
+ };
+ };
+ myServices.chatonsProperties.hostings = {
+ dokuwiki = dokuwiki.chatonsHostingProperties;
+ phpbb = phpbb.chatonsHostingProperties;
+ };
secrets.keys =
kanboard.keys
// ldap.keys
// wallabag.keys
// yourls.keys
// dmarc-reports.keys
- // csp-reports.keys
- // webhooks.keys;
-
+ // webhooks.keys
+ // ({ "webapps/tools-landing-sql-rw" = {
+ user = "wwwrun";
+ group = "wwwrun";
+ permissions = "0400";
+ text = let
+ env = config.myEnv.tools.landing;
+ in ''
+ SetEnv PGUSER "${env.postgresql.user}"
+ SetEnv PGPASSWORD "${env.postgresql.password}"
+ SetEnv PGDATABASE "${env.postgresql.database}"
+ SetEnv PGHOST "${env.postgresql.socket}"
+ '';
+ }; });
services.websites.env.tools.modules =
[ "proxy_fcgi" ]
++ adminer.apache.modules
++ ldap.apache.modules
++ kanboard.apache.modules;
+ myServices.dns.zones."immae.dev" = with config.myServices.dns.helpers; {
+ subdomains.tools = ips servers.eldiron.ips.integration;
+ };
+ security.acme.certs.integration.domain = "tools.immae.dev";
services.websites.env.integration.vhostConfs.devtools = {
certName = "integration";
- certMainHost = "tools.immae.dev";
- addToCerts = true;
hosts = [ "tools.immae.dev" ];
root = "/var/lib/ftp/immae/devtools";
extraConfig = [
];
};
+
+ security.acme.certs.eldiron.extraDomainNames = [ "outils.immae.eu" "tools.immae.eu" ];
services.websites.env.tools.vhostConfs.tools = {
certName = "eldiron";
- addToCerts = true;
hosts = ["tools.immae.eu" ];
root = landing;
extraConfig = [
RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
<Directory "${landing}">
+ Include ${config.secrets.fullPaths."webapps/tools-landing-sql-rw"}
DirectoryIndex index.html
AllowOverride None
Require all granted
(dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
(ldap.apache.vhostConf pcfg.ldap.socket)
(kanboard.apache.vhostConf pcfg.kanboard.socket)
- (grocy.apache.vhostConf pcfg.grocy.socket)
+ (grocy'.apache.vhostConf pcfg.grocy.socket)
(phpbb.apache.vhostConf pcfg.phpbb.socket)
(dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
''
ProxyPreserveHost on
</Location>
+ <Location "/ntfy/">
+ SetEnv proxy-nokeepalive 1
+ SetEnv proxy-sendchunked 1
+ LimitRequestBody 102400
+
+ RewriteEngine On
+
+ # FIXME: why is landing prefixed in the url?
+ RewriteCond %{HTTP:Upgrade} websocket [NC]
+ RewriteCond %{HTTP:Connection} upgrade [NC]
+ RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|ws://tools.immae.eu/$2 [P,NE,QSA,L]
+
+ RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|http://tools.immae.eu/$2 [P,NE,QSA,L]
+ </Location>
Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
<Directory "/var/lib/buildbot/outputs/immae/bip39">
DirectoryIndex index.html
Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
<Directory "${config.secrets.fullPaths."webapps/webhooks"}">
Options -Indexes
+ DirectoryIndex index.php
Require all granted
AllowOverride None
<FilesMatch "\.php$">
services.websites.env.tools.vhostConfs.outils = {
certName = "eldiron";
- addToCerts = true;
hosts = [ "outils.immae.eu" ];
root = null;
extraConfig = [
after = lib.mkAfter yourls.phpFpm.serviceDeps;
wants = yourls.phpFpm.serviceDeps;
};
+ ntfy = {
+ description = "send push notifications to your phone or desktop via scripts from any computer";
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ ExecStart = "${pkgs.ntfy-sh}/bin/ntfy serve --listen-http '' --listen-unix %t/ntfy/ntfy.sock --cache-file %S/ntfy/cache.db --cache-duration 120h --behind-proxy --attachment-cache-dir %S/ntfy/attachments --base-url https://tools.immae.eu/ntfy";
+ Type = "simple";
+ WorkingDirectory = "%S/ntfy";
+ RuntimeDirectory = "ntfy";
+ StateDirectory = "ntfy";
+ User = "wwwrun";
+ };
+ };
ympd = {
description = "Standalone MPD Web GUI written in C";
wantedBy = [ "multi-user.target" ];
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "10";
+ "php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Tools:'";
# Needed to avoid clashes in browser cookies (same domain)
"php_value[session.name]" = "ToolsPHPSESSID";
"php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
"/run/wrappers/bin/sendmail" landing "/tmp"
config.secrets.fullPaths."webapps/webhooks"
+ "${webhooks-bin-env}/bin"
];
- "include" = config.secrets.fullPaths."webapps/tools-csp-reports.conf";
};
phpEnv = {
CONTACT_EMAIL = config.myEnv.tools.contact;
};
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]);
};
devtools = {
user = "wwwrun";
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "10";
+ "php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Devtools:'";
"php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
};
- phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.sqlite3 all.redis all.apcu all.opcache ]);
};
adminer = adminer.phpFpm;
ttrss = {
user = "wwwrun";
group = "wwwrun";
settings = ttrss.phpFpm.pool;
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
wallabag = {
user = "wwwrun";
group = "wwwrun";
settings = wallabag.phpFpm.pool;
- phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
+ phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy all.redis]);
};
yourls = {
user = "wwwrun";
group = "wwwrun";
settings = yourls.phpFpm.pool;
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
rompr = {
user = "wwwrun";
group = "wwwrun";
settings = rompr.phpFpm.pool;
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
shaarli = {
user = "wwwrun";
group = "wwwrun";
settings = shaarli.phpFpm.pool;
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
dmarc-reports = {
user = "wwwrun";
group = "wwwrun";
settings = dmarc-reports.phpFpm.pool;
phpEnv = dmarc-reports.phpFpm.phpEnv;
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
dokuwiki = {
user = "wwwrun";
group = "wwwrun";
settings = dokuwiki.phpFpm.pool;
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
phpbb = {
user = "wwwrun";
group = "wwwrun";
settings = phpbb.phpFpm.pool;
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
ldap = {
user = "wwwrun";
group = "wwwrun";
settings = ldap.phpFpm.pool;
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
kanboard = {
user = "wwwrun";
group = "wwwrun";
settings = kanboard.phpFpm.pool;
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
grocy = {
user = "wwwrun";
group = "wwwrun";
- settings = grocy.phpFpm.pool;
- phpPackage = pkgs.php72;
+ settings = grocy'.phpFpm.pool;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
};
system.activationScripts = {
- adminer = adminer.activationScript;
- grocy = grocy.activationScript;
+ grocy = grocy'.activationScript;
ttrss = ttrss.activationScript;
wallabag = wallabag.activationScript;
- yourls = yourls.activationScript;
rompr = rompr.activationScript;
shaarli = shaarli.activationScript;
dokuwiki = dokuwiki.activationScript;
phpbb = phpbb.activationScript;
kanboard = kanboard.activationScript;
- ldap = ldap.activationScript;
};
services.websites.env.tools.watchPaths = [
paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
};
+ myServices.monitoring.fromMasterActivatedPlugins = lib.mkMerge [
+ ttrss.monitoringPlugins
+ rompr.monitoringPlugins
+ wallabag.monitoringPlugins
+ yourls.monitoringPlugins
+ ympd.monitoringPlugins
+ dokuwiki.monitoringPlugins
+ shaarli.monitoringPlugins
+ ldap.monitoringPlugins
+ adminer.monitoringPlugins
+ ];
+ myServices.monitoring.fromMasterObjects = lib.mkMerge [
+ ttrss.monitoringObjects
+ rompr.monitoringObjects
+ wallabag.monitoringObjects
+ yourls.monitoringObjects
+ ympd.monitoringObjects
+ dokuwiki.monitoringObjects
+ shaarli.monitoringObjects
+ ldap.monitoringObjects
+ adminer.monitoringObjects
+ ];
};
}