imports = [
./modules/certificates.nix
./modules/gitolite.nix
- ./modules/gitweb.nix
+ ./modules/gitweb
./modules/databases.nix
./modules/websites
./modules/websites/phpfpm
source = ldap_authorized_keys;
};
- services.gitDaemon = {
- enable = true;
- user = "gitolite";
- group = "gitolite";
- basePath = "${mypkgs.git.web.varDir}/repositories";
- };
-
- # FIXME: logrotate
- services.httpd = let
- withConf = domain: {
- enableSSL = true;
- sslServerCert = "/var/lib/acme/${domain}/cert.pem";
- sslServerKey = "/var/lib/acme/${domain}/key.pem";
- sslServerChain = "/var/lib/acme/${domain}/fullchain.pem";
- logFormat = "combinedVhost";
- listen = [
- { ip = "176.9.151.89"; port = 443; }
- ];
- };
- apacheConfig = config.services.myWebsites.apacheConfig;
- in rec {
- enable = true;
- logPerVirtualHost = true;
- multiProcessingModule = "worker";
- adminAddr = "httpd@immae.eu";
- logFormat = "combinedVhost";
- extraModules = pkgs.lib.lists.unique (
- mypkgs.adminer.apache.modules ++
- mypkgs.nextcloud.apache.modules ++
- mypkgs.ympd.apache.modules ++
- mypkgs.git.web.apache.modules ++
- mypkgs.mantisbt.apache.modules ++
- mypkgs.ttrss.apache.modules ++
- mypkgs.roundcubemail.apache.modules ++
- pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) apacheConfig));
- extraConfig = builtins.concatStringsSep "\n"
- (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) apacheConfig));
- virtualHosts = [
- (withConf "eldiron" // {
- hostName = "eldiron.immae.eu";
- documentRoot = ./www;
- extraConfig = ''
- DirectoryIndex index.htm
- '';
- })
- (withConf "eldiron" // {
- hostName = "db-1.immae.eu";
- documentRoot = null;
- extraConfig = builtins.concatStringsSep "\n" [
- mypkgs.adminer.apache.vhostConf
- ];
- })
- (withConf "eldiron" // {
- hostName = "tools.immae.eu";
- documentRoot = null;
- extraConfig = builtins.concatStringsSep "\n" [
- mypkgs.adminer.apache.vhostConf
- mypkgs.ympd.apache.vhostConf
- mypkgs.ttrss.apache.vhostConf
- mypkgs.roundcubemail.apache.vhostConf
- ];
- })
- (withConf "eldiron" // {
- hostName = "dav.immae.eu";
- documentRoot = null;
- extraConfig = builtins.concatStringsSep "\n" [
- mypkgs.infcloud.apache.vhostConf
- mypkgs.davical.apache.vhostConf
- ];
- })
- (withConf "eldiron" // {
- hostName = "cloud.immae.eu";
- documentRoot = mypkgs.nextcloud.webRoot;
- extraConfig = builtins.concatStringsSep "\n" [
- mypkgs.nextcloud.apache.vhostConf
- ];
- })
- (withConf "eldiron" // {
- hostName = "git.immae.eu";
- documentRoot = mypkgs.git.web.webRoot;
- extraConfig = builtins.concatStringsSep "\n" [
- mypkgs.git.web.apache.vhostConf
- mypkgs.mantisbt.apache.vhostConf
- ] + ''
- RewriteEngine on
- RewriteCond %{REQUEST_URI} ^/releases
- RewriteRule /releases(.*) https://release.immae.eu$1 [P,L]
- '';
- })
- { # Should go last, default fallback
- listen = [ { ip = "*"; port = 80; } ];
- hostName = "redirectSSL";
- serverAliases = [ "*" ];
- enableSSL = false;
- logFormat = "combinedVhost";
- documentRoot = "/var/lib/acme/acme-challenge";
- extraConfig = ''
- RewriteEngine on
- RewriteCond "%{REQUEST_URI}" "!^/\.well-known"
- RewriteRule ^(.+) https://%{HTTP_HOST}$1 [R=301]
- # To redirect in specific "VirtualHost *:80", do
- # RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://host/$1
- # rather than rewrite
- '';
- }
- ];
- };
-
systemd.services.tt-rss = {
description = "Tiny Tiny RSS feeds update daemon";
serviceConfig = {