X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Ftools%2Ftools%2Fdefault.nix;fp=modules%2Fprivate%2Fwebsites%2Ftools%2Ftools%2Fdefault.nix;h=0000000000000000000000000000000000000000;hp=90fcbe1ff11cd0f1ca3718af9bb8cd981573de7d;hb=1a64deeb894dc95e2645a75771732c6cc53a79ad;hpb=fa25ffd4583cc362075cd5e1b4130f33306103f0
diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix
deleted file mode 100644
index 90fcbe1..0000000
--- a/modules/private/websites/tools/tools/default.nix
+++ /dev/null
@@ -1,429 +0,0 @@
-{ lib, pkgs, config, ... }:
-let
- flakeCompat = import ../../../../../lib/flake-compat.nix;
-
- adminer = pkgs.callPackage ./adminer.nix {};
- ympd = pkgs.callPackage ./ympd.nix {
- env = config.myEnv.tools.ympd;
- };
- ttrss = pkgs.callPackage ./ttrss.nix {
- inherit (pkgs.webapps) ttrss ttrss-plugins;
- env = config.myEnv.tools.ttrss;
- php = pkgs.php72;
- inherit config;
- };
- kanboard = pkgs.callPackage ./kanboard.nix {
- inherit config;
- env = config.myEnv.tools.kanboard;
- };
- wallabag = pkgs.callPackage ./wallabag.nix {
- wallabag = pkgs.webapps.wallabag.override {
- composerEnv = pkgs.composerEnv.override {
- php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
- };
- };
- env = config.myEnv.tools.wallabag;
- inherit config;
- };
- yourls = pkgs.callPackage ./yourls.nix {
- inherit (pkgs.webapps) yourls yourls-plugins;
- env = config.myEnv.tools.yourls;
- inherit config;
- };
- rompr = pkgs.callPackage ./rompr.nix {
- inherit (pkgs.webapps) rompr;
- env = config.myEnv.tools.rompr;
- };
- shaarli = pkgs.callPackage ./shaarli.nix {
- env = config.myEnv.tools.shaarli;
- inherit config;
- };
- dokuwiki = pkgs.callPackage ./dokuwiki.nix {
- inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
- };
- ldap = pkgs.callPackage ./ldap.nix {
- inherit (pkgs.webapps) phpldapadmin;
- env = config.myEnv.tools.phpldapadmin;
- inherit config;
- };
- grocy = pkgs.callPackage ./grocy.nix {
- grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
- };
- phpbb = pkgs.callPackage ./phpbb.nix {
- phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
- e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
- e.empteintesduweb.monitoranswers e.lr94.autosubscribe
- e.phpbbmodders.adduser ]);
- };
- webhooks = pkgs.callPackage ./webhooks.nix {
- env = config.myEnv.tools.webhooks;
- };
- dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
- env = config.myEnv.tools.dmarc_reports;
- inherit config;
- };
- csp-reports = pkgs.callPackage ./csp_reports.nix {
- env = config.myEnv.tools.csp_reports;
- };
-
- landing = pkgs.callPackage ./landing.nix {};
-
- cfg = config.myServices.websites.tools.tools;
- pcfg = config.services.phpfpm.pools;
-in {
- imports =
- builtins.attrValues (flakeCompat ../../../../../flakes/private/paste).nixosModules;
-
- options.myServices.websites.tools.tools = {
- enable = lib.mkEnableOption "enable tools website";
- };
-
- config = lib.mkIf cfg.enable {
- secrets.keys =
- kanboard.keys
- // ldap.keys
- // shaarli.keys
- // ttrss.keys
- // wallabag.keys
- // yourls.keys
- // dmarc-reports.keys
- // csp-reports.keys
- // webhooks.keys;
-
- services.websites.env.tools.modules =
- [ "proxy_fcgi" ]
- ++ adminer.apache.modules
- ++ ympd.apache.modules
- ++ ttrss.apache.modules
- ++ wallabag.apache.modules
- ++ yourls.apache.modules
- ++ rompr.apache.modules
- ++ shaarli.apache.modules
- ++ dokuwiki.apache.modules
- ++ dmarc-reports.apache.modules
- ++ phpbb.apache.modules
- ++ ldap.apache.modules
- ++ kanboard.apache.modules;
-
- services.websites.env.integration.vhostConfs.devtools = {
- certName = "integration";
- certMainHost = "tools.immae.dev";
- addToCerts = true;
- hosts = [ "tools.immae.dev" ];
- root = "/var/lib/ftp/immae/devtools";
- extraConfig = [
- ''
- Use Apaxy "/var/lib/ftp/immae/devtools" "title"
- Timeout 600
- ProxyTimeout 600
- Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
-
- DirectoryIndex index.php index.htm index.html
- AllowOverride all
- Require all granted
-
- SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
-
-
- ''
- ];
- };
-
- services.websites.env.tools.vhostConfs.tools = {
- certName = "eldiron";
- addToCerts = true;
- hosts = ["tools.immae.eu" ];
- root = landing;
- extraConfig = [
- ''
- RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
- RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
- RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
-
-
- DirectoryIndex index.html
- AllowOverride None
- Require all granted
-
-
- SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
-
-
- ''
- (adminer.apache.vhostConf pcfg.adminer.socket)
- ympd.apache.vhostConf
- (ttrss.apache.vhostConf pcfg.ttrss.socket)
- (wallabag.apache.vhostConf pcfg.wallabag.socket)
- (yourls.apache.vhostConf pcfg.yourls.socket)
- (rompr.apache.vhostConf pcfg.rompr.socket)
- (shaarli.apache.vhostConf pcfg.shaarli.socket)
- (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
- (ldap.apache.vhostConf pcfg.ldap.socket)
- (kanboard.apache.vhostConf pcfg.kanboard.socket)
- (grocy.apache.vhostConf pcfg.grocy.socket)
- (phpbb.apache.vhostConf pcfg.phpbb.socket)
- (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
- ''
-
- ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
- ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
- ProxyPreserveHost on
-
-
- ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
- ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
- ProxyPreserveHost on
-
-
- Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
-
- DirectoryIndex index.html
- AllowOverride None
- Require all granted
-
-
- Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
-
- Options -Indexes
- Require all granted
- AllowOverride None
-
- SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
-
-
- ''
- ];
- };
-
- services.websites.env.tools.vhostConfs.outils = {
- certName = "eldiron";
- addToCerts = true;
- hosts = [ "outils.immae.eu" ];
- root = null;
- extraConfig = [
- ''
- RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
-
- RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
-
- RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
- RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
-
- RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
- RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
- RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
- RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
-
- RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
-
- RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
-
- RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
-
- RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
-
- RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
- ''
- ];
- };
-
- systemd.services = {
- phpfpm-dokuwiki = {
- after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
- wants = dokuwiki.phpFpm.serviceDeps;
- };
- phpfpm-phpbb = {
- after = lib.mkAfter phpbb.phpFpm.serviceDeps;
- wants = phpbb.phpFpm.serviceDeps;
- };
- phpfpm-kanboard = {
- after = lib.mkAfter kanboard.phpFpm.serviceDeps;
- wants = kanboard.phpFpm.serviceDeps;
- };
- phpfpm-ldap = {
- after = lib.mkAfter ldap.phpFpm.serviceDeps;
- wants = ldap.phpFpm.serviceDeps;
- };
- phpfpm-shaarli = {
- after = lib.mkAfter shaarli.phpFpm.serviceDeps;
- wants = shaarli.phpFpm.serviceDeps;
- };
- phpfpm-ttrss = {
- after = lib.mkAfter ttrss.phpFpm.serviceDeps;
- wants = ttrss.phpFpm.serviceDeps;
- };
- phpfpm-wallabag = {
- after = lib.mkAfter wallabag.phpFpm.serviceDeps;
- wants = wallabag.phpFpm.serviceDeps;
- preStart = lib.mkAfter wallabag.phpFpm.preStart;
- };
- phpfpm-yourls = {
- after = lib.mkAfter yourls.phpFpm.serviceDeps;
- wants = yourls.phpFpm.serviceDeps;
- };
- ympd = {
- description = "Standalone MPD Web GUI written in C";
- wantedBy = [ "multi-user.target" ];
- script = ''
- export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
- ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
- '';
- };
- tt-rss = {
- description = "Tiny Tiny RSS feeds update daemon";
- serviceConfig = {
- User = "wwwrun";
- ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
- StandardOutput = "syslog";
- StandardError = "syslog";
- PermissionsStartOnly = true;
- };
-
- wantedBy = [ "multi-user.target" ];
- requires = ["postgresql.service"];
- after = ["network.target" "postgresql.service"];
- };
- };
-
- services.filesWatcher.ympd = {
- restart = true;
- paths = [ config.secrets.fullPaths."mpd" ];
- };
-
- services.phpfpm.pools = {
- tools = {
- user = "wwwrun";
- group = "wwwrun";
- settings = {
- "listen.owner" = "wwwrun";
- "listen.group" = "wwwrun";
- "pm" = "dynamic";
- "pm.max_children" = "60";
- "pm.start_servers" = "2";
- "pm.min_spare_servers" = "1";
- "pm.max_spare_servers" = "10";
-
- # Needed to avoid clashes in browser cookies (same domain)
- "php_value[session.name]" = "ToolsPHPSESSID";
- "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
- "/run/wrappers/bin/sendmail" landing "/tmp"
- config.secrets.fullPaths."webapps/webhooks"
- ];
- "include" = config.secrets.fullPaths."webapps/tools-csp-reports.conf";
- };
- phpEnv = {
- CONTACT_EMAIL = config.myEnv.tools.contact;
- };
- phpPackage = pkgs.php72;
- };
- devtools = {
- user = "wwwrun";
- group = "wwwrun";
- settings = {
- "listen.owner" = "wwwrun";
- "listen.group" = "wwwrun";
- "pm" = "dynamic";
- "pm.max_children" = "60";
- "pm.start_servers" = "2";
- "pm.min_spare_servers" = "1";
- "pm.max_spare_servers" = "10";
-
- "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
- };
- phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
- };
- adminer = adminer.phpFpm;
- ttrss = {
- user = "wwwrun";
- group = "wwwrun";
- settings = ttrss.phpFpm.pool;
- phpPackage = pkgs.php72;
- };
- wallabag = {
- user = "wwwrun";
- group = "wwwrun";
- settings = wallabag.phpFpm.pool;
- phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
- };
- yourls = {
- user = "wwwrun";
- group = "wwwrun";
- settings = yourls.phpFpm.pool;
- phpPackage = pkgs.php72;
- };
- rompr = {
- user = "wwwrun";
- group = "wwwrun";
- settings = rompr.phpFpm.pool;
- phpPackage = pkgs.php72;
- };
- shaarli = {
- user = "wwwrun";
- group = "wwwrun";
- settings = shaarli.phpFpm.pool;
- phpPackage = pkgs.php72;
- };
- dmarc-reports = {
- user = "wwwrun";
- group = "wwwrun";
- settings = dmarc-reports.phpFpm.pool;
- phpEnv = dmarc-reports.phpFpm.phpEnv;
- phpPackage = pkgs.php72;
- };
- dokuwiki = {
- user = "wwwrun";
- group = "wwwrun";
- settings = dokuwiki.phpFpm.pool;
- phpPackage = pkgs.php72;
- };
- phpbb = {
- user = "wwwrun";
- group = "wwwrun";
- settings = phpbb.phpFpm.pool;
- phpPackage = pkgs.php72;
- };
- ldap = {
- user = "wwwrun";
- group = "wwwrun";
- settings = ldap.phpFpm.pool;
- phpPackage = pkgs.php72;
- };
- kanboard = {
- user = "wwwrun";
- group = "wwwrun";
- settings = kanboard.phpFpm.pool;
- phpPackage = pkgs.php72;
- };
- grocy = {
- user = "wwwrun";
- group = "wwwrun";
- settings = grocy.phpFpm.pool;
- phpPackage = pkgs.php72;
- };
- };
-
- system.activationScripts = {
- adminer = adminer.activationScript;
- grocy = grocy.activationScript;
- ttrss = ttrss.activationScript;
- wallabag = wallabag.activationScript;
- yourls = yourls.activationScript;
- rompr = rompr.activationScript;
- shaarli = shaarli.activationScript;
- dokuwiki = dokuwiki.activationScript;
- phpbb = phpbb.activationScript;
- kanboard = kanboard.activationScript;
- ldap = ldap.activationScript;
- };
-
- services.websites.env.tools.watchPaths = [
- config.secrets.fullPaths."webapps/tools-shaarli"
- ];
- services.filesWatcher.phpfpm-wallabag = {
- restart = true;
- paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
- };
-
- };
-}
-