X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=blobdiff_plain;f=nixops%2Fmodules%2Fwebsites%2Ftools%2Ftools%2Fdefault.nix;h=2f34d27f48ed58396f3a94db5b73247d0c613e8c;hp=0b50a7c2c092f74b675aa40bad2b2f931f335af5;hb=b7d2d4e3da7da83bc7f133acaa216375890592b1;hpb=b892dcbeee4319885dc8371977046c9aabfed7e4 diff --git a/nixops/modules/websites/tools/tools/default.nix b/nixops/modules/websites/tools/tools/default.nix index 0b50a7c..2f34d27 100644 --- a/nixops/modules/websites/tools/tools/default.nix +++ b/nixops/modules/websites/tools/tools/default.nix @@ -8,7 +8,15 @@ let inherit (mylibs) fetchedGithub fetchedGit; env = myconfig.env.tools.ttrss; }; - roundcubemail = pkgs.callPackage ./roundcubemail.nix { env = myconfig.env.tools.roundcubemail; }; + roundcubemail = pkgs.callPackage ./roundcubemail.nix { + inherit (mylibs) fetchedGithub; + env = myconfig.env.tools.roundcubemail; + }; + rainloop = pkgs.callPackage ./rainloop.nix {}; + kanboard = pkgs.callPackage ./kanboard.nix { + inherit (mylibs) fetchedGithub; + env = myconfig.env.tools.kanboard; + }; wallabag = pkgs.callPackage ./wallabag.nix { env = myconfig.env.tools.wallabag; }; yourls = pkgs.callPackage ./yourls.nix { inherit (mylibs) fetchedGithub; @@ -24,6 +32,9 @@ let dokuwiki = pkgs.callPackage ./dokuwiki.nix { inherit (mylibs) fetchedGithub; }; + ldap = pkgs.callPackage ./ldap.nix { + env = myconfig.env.tools.phpldapadmin; + }; cfg = config.services.myWebsites.tools.tools; in { @@ -33,9 +44,23 @@ in { config = lib.mkIf cfg.enable { security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null; + security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null; + + deployment.keys = + kanboard.keys + // ldap.keys + // roundcubemail.keys + // shaarli.keys + // ttrss.keys + // wallabag.keys + // yourls.keys; + + services.myWebsites.integration.modules = + rainloop.apache.modules; services.myWebsites.tools.modules = - adminer.apache.modules + [ "proxy_fcgi" ] + ++ adminer.apache.modules ++ ympd.apache.modules ++ ttrss.apache.modules ++ roundcubemail.apache.modules @@ -43,15 +68,36 @@ in { ++ yourls.apache.modules ++ rompr.apache.modules ++ shaarli.apache.modules - ++ dokuwiki.apache.modules; + ++ dokuwiki.apache.modules + ++ ldap.apache.modules + ++ kanboard.apache.modules; services.ympd = ympd.config // { enable = true; }; + services.myWebsites.integration.vhostConfs.devtools = { + certName = "eldiron"; + hosts = ["devtools.immae.eu" ]; + root = null; + extraConfig = [ + rainloop.apache.vhostConf + ]; + }; + services.myWebsites.tools.vhostConfs.tools = { certName = "eldiron"; hosts = ["tools.immae.eu" ]; - root = null; + root = "/var/lib/ftp/tools.immae.eu"; extraConfig = [ + '' + + DirectoryIndex index.php index.htm index.html + AllowOverride all + Require all granted + + SetHandler "proxy:unix:/var/run/phpfpm/tools.sock|fcgi://localhost" + + + '' adminer.apache.vhostConf ympd.apache.vhostConf ttrss.apache.vhostConf @@ -61,9 +107,52 @@ in { rompr.apache.vhostConf shaarli.apache.vhostConf dokuwiki.apache.vhostConf + ldap.apache.vhostConf + kanboard.apache.vhostConf ]; }; + security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null; + services.myWebsites.tools.vhostConfs.outils = { + certName = "eldiron"; + hosts = [ "outils.immae.eu" ]; + root = null; + extraConfig = [ + '' + RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1 + + RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1 + + RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1 + RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1 + + RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1 + RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1 + RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1 + RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1 + + RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1 + + RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1 + '' + ]; + }; + + services.myPhpfpm.serviceDependencies = { + dokuwiki = dokuwiki.phpFpm.serviceDeps; + kanboard = kanboard.phpFpm.serviceDeps; + ldap = ldap.phpFpm.serviceDeps; + rainloop = rainloop.phpFpm.serviceDeps; + roundcubemail = roundcubemail.phpFpm.serviceDeps; + shaarli = shaarli.phpFpm.serviceDeps; + ttrss = ttrss.phpFpm.serviceDeps; + wallabag = wallabag.phpFpm.serviceDeps; + yourls = yourls.phpFpm.serviceDeps; + }; + + services.myPhpfpm.poolPhpConfigs = { + roundcubemail = roundcubemail.phpFpm.phpConfig; + }; services.myPhpfpm.poolConfigs = { adminer = adminer.phpFpm.pool; ttrss = ttrss.phpFpm.pool; @@ -73,6 +162,25 @@ in { rompr = rompr.phpFpm.pool; shaarli = shaarli.phpFpm.pool; dokuwiki = dokuwiki.phpFpm.pool; + ldap = ldap.phpFpm.pool; + rainloop = rainloop.phpFpm.pool; + kanboard = kanboard.phpFpm.pool; + tools = '' + listen = /var/run/phpfpm/tools.sock + user = wwwrun + group = wwwrun + listen.owner = wwwrun + listen.group = wwwrun + pm = dynamic + pm.max_children = 60 + pm.start_servers = 2 + pm.min_spare_servers = 1 + pm.max_spare_servers = 10 + + ; Needed to avoid clashes in browser cookies (same domain) + php_value[session.name] = ToolsPHPSESSID + php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp" + ''; }; system.activationScripts = { @@ -83,8 +191,28 @@ in { rompr = rompr.activationScript; shaarli = shaarli.activationScript; dokuwiki = dokuwiki.activationScript; + rainloop = rainloop.activationScript; + kanboard = kanboard.activationScript; }; + system.extraSystemBuilderCmds = '' + mkdir -p $out/webapps + ln -s ${dokuwiki.webRoot} $out/webapps/${dokuwiki.apache.webappName} + ln -s ${ldap.webRoot}/htdocs $out/webapps/${ldap.apache.webappName} + ln -s ${rompr.webRoot} $out/webapps/${rompr.apache.webappName} + ln -s ${roundcubemail.webRoot} $out/webapps/${roundcubemail.apache.webappName} + ln -s ${shaarli.webRoot} $out/webapps/${shaarli.apache.webappName} + ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName} + ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName} + ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName} + ln -s ${rainloop.webRoot} $out/webapps/${rainloop.apache.webappName} + ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName} + ''; + + nixpkgs.overlays = [ (self: super: rec { + ympd = super.ympd.overrideAttrs(old: mylibs.fetchedGithub ./ympd.json); + }) ]; + systemd.services.tt-rss = { description = "Tiny Tiny RSS feeds update daemon"; serviceConfig = {