X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Ftools%2Ftools%2Fdefault.nix;h=bffcf84f81afee20ec092aa4ef997a9f3b9bafc6;hp=5ca9851175025f18ac6f7bfe723171eac588ffe6;hb=f5761aac8dbfb4af91c232f2b52d1353c899abda;hpb=29f8cb850d74b456d6481a456311bbf5361d328c
diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix
index 5ca9851..bffcf84 100644
--- a/modules/private/websites/tools/tools/default.nix
+++ b/modules/private/websites/tools/tools/default.nix
@@ -1,47 +1,61 @@
-{ lib, pkgs, config, myconfig, ... }:
+{ lib, pkgs, config, ... }:
let
adminer = pkgs.callPackage ./adminer.nix {
inherit (pkgs.webapps) adminer;
};
ympd = pkgs.callPackage ./ympd.nix {
- env = myconfig.env.tools.ympd;
+ env = config.myEnv.tools.ympd;
};
ttrss = pkgs.callPackage ./ttrss.nix {
inherit (pkgs.webapps) ttrss ttrss-plugins;
- env = myconfig.env.tools.ttrss;
+ env = config.myEnv.tools.ttrss;
+ php = pkgs.php72;
};
- roundcubemail = pkgs.callPackage ./roundcubemail.nix {
- inherit (pkgs.webapps) roundcubemail roundcubemail-plugins roundcubemail-skins;
- env = myconfig.env.tools.roundcubemail;
- };
- rainloop = pkgs.callPackage ./rainloop.nix {};
kanboard = pkgs.callPackage ./kanboard.nix {
- env = myconfig.env.tools.kanboard;
+ env = config.myEnv.tools.kanboard;
};
wallabag = pkgs.callPackage ./wallabag.nix {
- inherit (pkgs.webapps) wallabag;
- env = myconfig.env.tools.wallabag;
+ wallabag = pkgs.webapps.wallabag.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
+ env = config.myEnv.tools.wallabag;
};
yourls = pkgs.callPackage ./yourls.nix {
inherit (pkgs.webapps) yourls yourls-plugins;
- env = myconfig.env.tools.yourls;
+ env = config.myEnv.tools.yourls;
};
rompr = pkgs.callPackage ./rompr.nix {
inherit (pkgs.webapps) rompr;
- env = myconfig.env.tools.rompr;
+ env = config.myEnv.tools.rompr;
};
shaarli = pkgs.callPackage ./shaarli.nix {
- env = myconfig.env.tools.shaarli;
+ env = config.myEnv.tools.shaarli;
};
dokuwiki = pkgs.callPackage ./dokuwiki.nix {
inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
};
ldap = pkgs.callPackage ./ldap.nix {
inherit (pkgs.webapps) phpldapadmin;
- env = myconfig.env.tools.phpldapadmin;
+ env = config.myEnv.tools.phpldapadmin;
+ };
+ grocy = pkgs.callPackage ./grocy.nix {
+ grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
+ };
+ phpbb = pkgs.callPackage ./phpbb.nix {
+ phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
+ e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
+ e.empteintesduweb.monitoranswers e.lr94.autosubscribe
+ e.phpbbmodders.adduser ]);
+ };
+ webhooks = pkgs.callPackage ./webhooks.nix {
+ env = config.myEnv.tools.webhooks;
};
+ dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
+ env = config.myEnv.tools.dmarc_reports;
+ };
+
+ landing = pkgs.callPackage ./landing.nix {};
cfg = config.myServices.websites.tools.tools;
+ pcfg = config.services.phpfpm.pools;
in {
options.myServices.websites.tools.tools = {
enable = lib.mkEnableOption "enable tools website";
@@ -51,46 +65,58 @@ in {
secrets.keys =
kanboard.keys
++ ldap.keys
- ++ roundcubemail.keys
++ shaarli.keys
++ ttrss.keys
++ wallabag.keys
- ++ yourls.keys;
+ ++ yourls.keys
+ ++ dmarc-reports.keys
+ ++ webhooks.keys;
- services.websites.env.integration.modules =
- rainloop.apache.modules;
+ services.duplyBackup.profiles = {
+ dokuwiki = dokuwiki.backups;
+ grocy = grocy.backups;
+ kanboard = kanboard.backups;
+ rompr = rompr.backups;
+ shaarli = shaarli.backups;
+ ttrss = ttrss.backups;
+ wallabag = wallabag.backups;
+ phpbb = phpbb.backups;
+ };
services.websites.env.tools.modules =
[ "proxy_fcgi" ]
++ adminer.apache.modules
++ ympd.apache.modules
++ ttrss.apache.modules
- ++ roundcubemail.apache.modules
++ wallabag.apache.modules
++ yourls.apache.modules
++ rompr.apache.modules
++ shaarli.apache.modules
++ dokuwiki.apache.modules
+ ++ dmarc-reports.apache.modules
+ ++ phpbb.apache.modules
++ ldap.apache.modules
++ kanboard.apache.modules;
services.websites.env.integration.vhostConfs.devtools = {
- certName = "eldiron";
- addToCerts = true;
- hosts = ["devtools.immae.eu" ];
- root = "/var/lib/ftp/devtools.immae.eu";
- extraConfig = [
+ certName = "integration";
+ certMainHost = "devtools.immae.eu";
+ addToCerts = true;
+ hosts = [ "devtools.immae.eu" ];
+ root = "/var/lib/ftp/devtools.immae.eu";
+ extraConfig = [
''
+ Timeout 600
+ ProxyTimeout 600
DirectoryIndex index.php index.htm index.html
AllowOverride all
Require all granted
- SetHandler "proxy:unix:/var/run/phpfpm/devtools.sock|fcgi://localhost"
+ SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
''
- rainloop.apache.vhostConf
];
};
@@ -98,29 +124,62 @@ in {
certName = "eldiron";
addToCerts = true;
hosts = ["tools.immae.eu" ];
- root = "/var/lib/ftp/tools.immae.eu";
+ root = landing;
extraConfig = [
''
-
- DirectoryIndex index.php index.htm index.html
- AllowOverride all
+ RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
+ RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
+ RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
+
+
+ DirectoryIndex index.html
+ AllowOverride None
Require all granted
+
- SetHandler "proxy:unix:/var/run/phpfpm/tools.sock|fcgi://localhost"
+ SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
''
- adminer.apache.vhostConf
+ (adminer.apache.vhostConf pcfg.adminer.socket)
ympd.apache.vhostConf
- ttrss.apache.vhostConf
- roundcubemail.apache.vhostConf
- wallabag.apache.vhostConf
- yourls.apache.vhostConf
- rompr.apache.vhostConf
- shaarli.apache.vhostConf
- dokuwiki.apache.vhostConf
- ldap.apache.vhostConf
- kanboard.apache.vhostConf
+ (ttrss.apache.vhostConf pcfg.ttrss.socket)
+ (wallabag.apache.vhostConf pcfg.wallabag.socket)
+ (yourls.apache.vhostConf pcfg.yourls.socket)
+ (rompr.apache.vhostConf pcfg.rompr.socket)
+ (shaarli.apache.vhostConf pcfg.shaarli.socket)
+ (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
+ (ldap.apache.vhostConf pcfg.ldap.socket)
+ (kanboard.apache.vhostConf pcfg.kanboard.socket)
+ (grocy.apache.vhostConf pcfg.grocy.socket)
+ (phpbb.apache.vhostConf pcfg.phpbb.socket)
+ (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
+ ''
+ Alias /paste /var/lib/fiche
+
+ DirectoryIndex index.txt index.html
+ AllowOverride None
+ Require all granted
+ Options -Indexes
+
+
+ Alias /BIP39 /var/lib/buildbot/outputs/bip39
+
+ DirectoryIndex index.html
+ AllowOverride None
+ Require all granted
+
+
+ Alias /webhooks ${config.secrets.location}/webapps/webhooks
+
+ Options -Indexes
+ Require all granted
+ AllowOverride None
+
+ SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
+
+
+ ''
];
};
@@ -145,6 +204,12 @@ in {
RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
+ RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
+
+ RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
+
+ RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
+
RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
''
];
@@ -155,6 +220,10 @@ in {
after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
wants = dokuwiki.phpFpm.serviceDeps;
};
+ phpfpm-phpbb = {
+ after = lib.mkAfter phpbb.phpFpm.serviceDeps;
+ wants = phpbb.phpFpm.serviceDeps;
+ };
phpfpm-kanboard = {
after = lib.mkAfter kanboard.phpFpm.serviceDeps;
wants = kanboard.phpFpm.serviceDeps;
@@ -163,14 +232,6 @@ in {
after = lib.mkAfter ldap.phpFpm.serviceDeps;
wants = ldap.phpFpm.serviceDeps;
};
- phpfpm-rainloop = {
- after = lib.mkAfter rainloop.phpFpm.serviceDeps;
- wants = rainloop.phpFpm.serviceDeps;
- };
- phpfpm-roundcubemail = {
- after = lib.mkAfter roundcubemail.phpFpm.serviceDeps;
- wants = roundcubemail.phpFpm.serviceDeps;
- };
phpfpm-shaarli = {
after = lib.mkAfter shaarli.phpFpm.serviceDeps;
wants = shaarli.phpFpm.serviceDeps;
@@ -200,7 +261,7 @@ in {
description = "Tiny Tiny RSS feeds update daemon";
serviceConfig = {
User = "wwwrun";
- ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
+ ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
StandardOutput = "syslog";
StandardError = "syslog";
PermissionsStartOnly = true;
@@ -217,98 +278,160 @@ in {
paths = [ "/var/secrets/mpd" ];
};
- services.phpfpm.pools.roundcubemail = {
- listen = roundcubemail.phpFpm.socket;
- extraConfig = roundcubemail.phpFpm.pool;
- phpOptions = config.services.phpfpm.phpOptions + roundcubemail.phpFpm.phpConfig;
- };
-
- services.phpfpm.pools.devtools = {
- listen = "/var/run/phpfpm/devtools.sock";
- extraConfig = ''
- user = wwwrun
- group = wwwrun
- listen.owner = wwwrun
- listen.group = wwwrun
- pm = dynamic
- pm.max_children = 60
- pm.start_servers = 2
- pm.min_spare_servers = 1
- pm.max_spare_servers = 10
+ services.phpfpm.pools = {
+ tools = {
+ user = "wwwrun";
+ group = "wwwrun";
+ settings = {
+ "listen.owner" = "wwwrun";
+ "listen.group" = "wwwrun";
+ "pm" = "dynamic";
+ "pm.max_children" = "60";
+ "pm.start_servers" = "2";
+ "pm.min_spare_servers" = "1";
+ "pm.max_spare_servers" = "10";
- php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp"
- '';
- phpOptions = config.services.phpfpm.phpOptions + ''
- extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
- extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
- zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
- '';
- };
-
- services.phpfpm.poolConfigs = {
- adminer = adminer.phpFpm.pool;
- ttrss = ttrss.phpFpm.pool;
- wallabag = wallabag.phpFpm.pool;
- yourls = yourls.phpFpm.pool;
- rompr = rompr.phpFpm.pool;
- shaarli = shaarli.phpFpm.pool;
- dokuwiki = dokuwiki.phpFpm.pool;
- ldap = ldap.phpFpm.pool;
- rainloop = rainloop.phpFpm.pool;
- kanboard = kanboard.phpFpm.pool;
- tools = ''
- listen = /var/run/phpfpm/tools.sock
- user = wwwrun
- group = wwwrun
- listen.owner = wwwrun
- listen.group = wwwrun
- pm = dynamic
- pm.max_children = 60
- pm.start_servers = 2
- pm.min_spare_servers = 1
- pm.max_spare_servers = 10
+ # Needed to avoid clashes in browser cookies (same domain)
+ "php_value[session.name]" = "ToolsPHPSESSID";
+ "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
+ "/run/wrappers/bin/sendmail" landing "/tmp"
+ "${config.secrets.location}/webapps/webhooks"
+ ];
+ };
+ phpEnv = {
+ CONTACT_EMAIL = config.myEnv.tools.contact;
+ };
+ phpPackage = pkgs.php72;
+ };
+ devtools = {
+ user = "wwwrun";
+ group = "wwwrun";
+ settings = {
+ "listen.owner" = "wwwrun";
+ "listen.group" = "wwwrun";
+ "pm" = "dynamic";
+ "pm.max_children" = "60";
+ "pm.start_servers" = "2";
+ "pm.min_spare_servers" = "1";
+ "pm.max_spare_servers" = "10";
- ; Needed to avoid clashes in browser cookies (same domain)
- php_value[session.name] = ToolsPHPSESSID
- php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
- '';
+ "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
+ };
+ phpPackage = pkgs.php72.withExtensions(e: pkgs.php72.enabledExtensions ++ [e.mysqli e.redis e.apcu e.opcache ]);
+ };
+ adminer = adminer.phpFpm;
+ ttrss = {
+ user = "wwwrun";
+ group = "wwwrun";
+ settings = ttrss.phpFpm.pool;
+ phpPackage = pkgs.php72;
+ };
+ wallabag = {
+ user = "wwwrun";
+ group = "wwwrun";
+ settings = wallabag.phpFpm.pool;
+ phpPackage = pkgs.php72;
+ };
+ yourls = {
+ user = "wwwrun";
+ group = "wwwrun";
+ settings = yourls.phpFpm.pool;
+ phpPackage = pkgs.php72;
+ };
+ rompr = {
+ user = "wwwrun";
+ group = "wwwrun";
+ settings = rompr.phpFpm.pool;
+ phpPackage = pkgs.php72;
+ };
+ shaarli = {
+ user = "wwwrun";
+ group = "wwwrun";
+ settings = shaarli.phpFpm.pool;
+ phpPackage = pkgs.php72;
+ };
+ dmarc-reports = {
+ user = "wwwrun";
+ group = "wwwrun";
+ settings = dmarc-reports.phpFpm.pool;
+ phpEnv = dmarc-reports.phpFpm.phpEnv;
+ phpPackage = pkgs.php72;
+ };
+ dokuwiki = {
+ user = "wwwrun";
+ group = "wwwrun";
+ settings = dokuwiki.phpFpm.pool;
+ phpPackage = pkgs.php72;
+ };
+ phpbb = {
+ user = "wwwrun";
+ group = "wwwrun";
+ settings = phpbb.phpFpm.pool;
+ phpPackage = pkgs.php72;
+ };
+ ldap = {
+ user = "wwwrun";
+ group = "wwwrun";
+ settings = ldap.phpFpm.pool;
+ phpPackage = pkgs.php72;
+ };
+ kanboard = {
+ user = "wwwrun";
+ group = "wwwrun";
+ settings = kanboard.phpFpm.pool;
+ phpPackage = pkgs.php72;
+ };
+ grocy = {
+ user = "wwwrun";
+ group = "wwwrun";
+ settings = grocy.phpFpm.pool;
+ phpPackage = pkgs.php72;
+ };
};
system.activationScripts = {
adminer = adminer.activationScript;
+ grocy = grocy.activationScript;
ttrss = ttrss.activationScript;
- roundcubemail = roundcubemail.activationScript;
wallabag = wallabag.activationScript;
yourls = yourls.activationScript;
rompr = rompr.activationScript;
shaarli = shaarli.activationScript;
dokuwiki = dokuwiki.activationScript;
- rainloop = rainloop.activationScript;
+ phpbb = phpbb.activationScript;
kanboard = kanboard.activationScript;
ldap = ldap.activationScript;
};
- myServices.websites.webappDirs = {
+ services.websites.webappDirs = {
_adminer = adminer.webRoot;
+ "${dmarc-reports.apache.webappName}" = dmarc-reports.webRoot;
"${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
+ "${phpbb.apache.webappName}" = phpbb.webRoot;
"${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
"${rompr.apache.webappName}" = rompr.webRoot;
- "${roundcubemail.apache.webappName}" = roundcubemail.webRoot;
"${shaarli.apache.webappName}" = shaarli.webRoot;
"${ttrss.apache.webappName}" = ttrss.webRoot;
"${wallabag.apache.webappName}" = wallabag.webRoot;
"${yourls.apache.webappName}" = yourls.webRoot;
- "${rainloop.apache.webappName}" = rainloop.webRoot;
"${kanboard.apache.webappName}" = kanboard.webRoot;
+ "${grocy.apache.webappName}" = grocy.webRoot;
};
services.websites.env.tools.watchPaths = [
- "/var/secrets/webapps/tools-wallabag"
+ "/var/secrets/webapps/tools-shaarli"
];
services.filesWatcher.phpfpm-wallabag = {
restart = true;
paths = [ "/var/secrets/webapps/tools-wallabag" ];
};
+
+ services.fiche = {
+ enable = true;
+ port = config.myEnv.ports.fiche;
+ domain = "tools.immae.eu/paste";
+ https = true;
+ };
};
}