X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Fimmae%2Ftemp.nix;h=fd54f5e0d86708383b6972b3684dcf2b28e534ab;hp=c24844e25f75d8d250f830b3927ea96fa927e61a;hb=91b3d06b6a9147e0e03b49d25cdcecb8a617a4f7;hpb=9271611c189a3ed4129d3b98422f86ab3f774f10

diff --git a/modules/private/websites/immae/temp.nix b/modules/private/websites/immae/temp.nix
index c24844e..fd54f5e 100644
--- a/modules/private/websites/immae/temp.nix
+++ b/modules/private/websites/immae/temp.nix
@@ -1,32 +1,68 @@
 { lib, pkgs, config,  ... }:
 let
   cfg = config.myServices.websites.immae.temp;
-  varDir = "/var/lib/ftp/temp.immae.eu";
-  env = config.myEnv.websites.temp;
+  varDir = "/var/lib/immae_temp";
+  env = config.myEnv.websites.immae.temp;
 in {
   options.myServices.websites.immae.temp.enable = lib.mkEnableOption "enable Temp' website";
 
   config = lib.mkIf cfg.enable {
-    services.websites.env.production.modules = [ "headers" ];
+    services.duplyBackup.profiles.immae_temp.rootDir = varDir;
+    services.duplyBackup.profiles.immae_temp_surfer.rootDir = "/var/lib/surfer";
     services.websites.env.production.vhostConfs.immae_temp = {
       certName    = "immae";
       addToCerts  = true;
       hosts       = [ "temp.immae.eu" ];
-      root        = varDir;
-      extraConfig = [
-        ''
-        Use Apaxy "${varDir}" "title .duplicity-ignore"
-        <Directory "${varDir}">
-          Options -Indexes
+      root        = null;
+      extraConfig = [ ''
+        ProxyVia On
+        ProxyRequests Off
+        ProxyPreserveHost On
+        ProxyPass         / unix:///run/surfer/listen.sock|http://temp.immae.eu/
+        ProxyPassReverse  / unix:///run/surfer/listen.sock|http://temp.immae.eu/
+        <Proxy *>
+          Options FollowSymLinks MultiViews
           AllowOverride None
           Require all granted
-        </Directory>
+        </Proxy>
+      '' ];
+    };
+
+    secrets.keys = [
+      {
+        dest = "webapps/surfer";
+        permissions = "0400";
+        user = "wwwrun";
+        group = "wwwrun";
+        text = ''
+          CLOUDRON_LDAP_URL=ldaps://${env.ldap.host}
+          CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
+          TOKENSTORE_FILE=/var/lib/surfer/tokens.json
+          CLOUDRON_LDAP_BIND_DN=${env.ldap.dn}
+          CLOUDRON_LDAP_BIND_PASSWORD=${env.ldap.password}
+          CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
+          CLOUDRON_LDAP_FILTER="${env.ldap.filter}"
+          LISTEN=/run/surfer/listen.sock
+        '';
+      }
+    ];
+
+    systemd.services.surfer = {
+      description = "Surfer";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
 
-        <DirectoryMatch "${varDir}/(.+)">
-          Options Indexes
-        </DirectoryMatch>
-        ''
-      ];
+      script = ''
+        exec ${pkgs.webapps.surfer}/bin/surfer-server ${varDir}
+      '';
+      serviceConfig = {
+        EnvironmentFile = "/var/secrets/webapps/surfer";
+        User = "wwwrun";
+        Group = "wwwrun";
+        StateDirectory = "surfer";
+        RuntimeDirectory = "surfer";
+        Type = "simple";
+      };
     };
   };
 }