]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - virtual/modules/websites/default.nix
projects / perso / Immae / Config / Nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add mastodon service
[perso/Immae/Config/Nix.git] / virtual / modules / websites / default.nix
diff --git a/virtual/modules/websites/default.nix b/virtual/modules/websites/default.nix
index a9e62a56ebb1851a4d87f4dbdb192e1de8d14ba1..d88f57149f138c18e6ba47e89ccb14c711336b2e 100644 (file)
--- a/virtual/modules/websites/default.nix
+++ b/virtual/modules/websites/default.nix
@@ -1,5 +1,8 @@
 { lib, pkgs, config, mylibs, myconfig, ... }:
 let
+  mypkgs = pkgs.callPackage ../../packages.nix {
+    inherit (mylibs) checkEnv fetchedGit fetchedGithub;
+  };
   cfg = config.services.myWebsites;
   makeService = name: cfg: let
     toVhost = vhostConf: {
@@ -16,6 +19,28 @@ let
       documentRoot = vhostConf.root;
       extraConfig = builtins.concatStringsSep "\n" vhostConf.extraConfig;
     };
+    redirectVhost = { # Should go last, catchall http -> https redirect
+      listen = [ { ip = cfg.ip; port = 80; } ];
+      hostName = "redirectSSL";
+      serverAliases = [ "*" ];
+      enableSSL = false;
+      logFormat = "combinedVhost";
+      documentRoot = "/var/lib/acme/acme-challenge";
+      extraConfig = ''
+        RewriteEngine on
+        RewriteCond "%{REQUEST_URI}"   "!^/\.well-known"
+        RewriteRule ^(.+)              https://%{HTTP_HOST}$1  [R=301]
+        # To redirect in specific "VirtualHost *:80", do
+        #   RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://host/$1
+        # rather than rewrite
+      '';
+    };
+    fallbackVhost = toVhost { # Should go first, default choice
+      certName    = "eldiron";
+      hosts       = ["eldiron.immae.eu" ];
+      root        = ../../www;
+      extraConfig = [ "DirectoryIndex index.htm" ];
+    };
   in rec {
     enable = true;
     listen = [
@@ -28,7 +53,9 @@ let
     logFormat = "combinedVhost";
     extraModules = pkgs.lib.lists.unique (pkgs.lib.lists.flatten cfg.modules);
     extraConfig = builtins.concatStringsSep "\n" cfg.extraConfig;
-    virtualHosts = pkgs.lib.attrsets.mapAttrsToList (n: v: toVhost v) cfg.vhostConfs;
+    virtualHosts = [ fallbackVhost ]
+      ++ (pkgs.lib.attrsets.mapAttrsToList (n: v: toVhost v) cfg.vhostConfs)
+      ++ [ redirectVhost ];
   };
   makeServiceOptions = name: ip: {
     enable = lib.mkEnableOption "enable websites in ${name}";
@@ -64,16 +91,25 @@ in
     ./aten
     ./piedsjaloux
     ./connexionswing
+    ./tools/db
+    ./tools/tools
+    ./tools/dav
+    ./tools/cloud
+    ./tools/git
+    ./tools/mastodon
     # built using:
     # sed -e "s/services\.httpd/services\.httpdProd/g" .nix-defexpr/channels/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix
     # And removed users / groups
     ./apache/httpd_prod.nix
     ./apache/httpd_inte.nix
+    # Adapted from base phpfpm
+    ./phpfpm
   ];
 
   options.services.myWebsites = {
     production = makeServiceOptions "production" myconfig.ips.production;
     integration = makeServiceOptions "integration" myconfig.ips.integration;
+    tools = makeServiceOptions "tools" myconfig.ips.main;
 
     apacheConfig = lib.mkOption {
       type = lib.types.attrsOf (lib.types.submodule {
@@ -127,6 +163,13 @@ in
       phpPackages = oldpkgs.php72Packages.override { inherit php; };
     };
 
+    services.myWebsites.tools.databases.enable = true;
+    services.myWebsites.tools.tools.enable = true;
+    services.myWebsites.tools.dav.enable = true;
+    services.myWebsites.tools.cloud.enable = true;
+    services.myWebsites.tools.git.enable = true;
+    services.myWebsites.tools.mastodon.enable = true;
+
     services.myWebsites.Chloe.production.enable = cfg.production.enable;
     services.myWebsites.Ludivine.production.enable = cfg.production.enable;
     services.myWebsites.Aten.production.enable = cfg.production.enable;
@@ -199,6 +242,28 @@ in
       };
     };
 
+    system.activationScripts = {
+      httpd = ''
+        install -d -m 0755 /var/lib/acme/acme-challenge
+        install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions
+        install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/adminer
+        install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/mantisbt
+        install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/davical
+        '';
+    };
+
+    services.myPhpfpm = {
+      phpPackage = pkgs.php;
+      phpOptions = ''
+        session.save_path = "/var/lib/php/sessions"
+        session.gc_maxlifetime = 60*60*24*15
+        session.cache_expire = 60*24*30
+        '';
+      extraConfig = ''
+        log_level = notice
+        '';
+    };
+
     # FIXME: logrotate
     # FIXME: ipv6
     services.httpdProd = makeService "production" config.services.myWebsites.production;
@@ -208,5 +273,9 @@ in
     services.httpdInte = makeService "integration" config.services.myWebsites.integration;
     services.myWebsites.integration.modules = pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig);
     services.myWebsites.integration.extraConfig = (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig));
+
+    services.httpd = makeService "tools" config.services.myWebsites.tools;
+    services.myWebsites.tools.modules = pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig);
+    services.myWebsites.tools.extraConfig = (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig));
   };
 }
My infrastructure configuration