./modules/gitolite.nix
./modules/gitweb.nix
./modules/databases.nix
- ./modules/websites/chloe.nix
- ./modules/websites/ludivine.nix
- ./modules/websites/aten.nix
- ./modules/websites/piedsjaloux.nix
- ./modules/websites/connexionswing.nix
+ ./modules/websites.nix
];
services.myGitolite.enable = true;
services.myGitweb.enable = true;
services.myDatabases.enable = true;
- services.myWebsites.Chloe.production.enable = true;
- services.myWebsites.Chloe.integration.enable = true;
- services.myWebsites.Ludivine.production.enable = true;
- services.myWebsites.Ludivine.integration.enable = true;
- services.myWebsites.Aten.production.enable = true;
- services.myWebsites.Aten.integration.enable = true;
- services.myWebsites.PiedsJaloux.production.enable = true;
- services.myWebsites.PiedsJaloux.integration.enable = true;
- services.myWebsites.Connexionswing.production.enable = true;
- services.myWebsites.Connexionswing.integration.enable = true;
+ services.myWebsites.production.enable = true;
+ services.myWebsites.integration.enable = true;
nixpkgs.config.packageOverrides = oldpkgs: rec {
goaccess = oldpkgs.goaccess.overrideAttrs(old: rec {
install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/ttrss
install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/davical
'';
- redis = ''
- mkdir -p /run/redis
- chown redis /run/redis
- '';
# FIXME: initial sync
goaccess = ''
mkdir -p /var/lib/goaccess
logFormat = "combinedVhost";
listen = [ { ip = "*"; port = 443; } ];
};
- apacheConfig = {
- gzip = {
- modules = [ "deflate" "filter" ];
- extraConfig = ''
- AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
- '';
- };
- ldap = {
- modules = [ "ldap" "authnz_ldap" ];
- extraConfig = assert checkEnv "NIXOPS_HTTP_LDAP_PASSWORD"; ''
- <IfModule ldap_module>
- LDAPSharedCacheSize 500000
- LDAPCacheEntries 1024
- LDAPCacheTTL 600
- LDAPOpCacheEntries 1024
- LDAPOpCacheTTL 600
- </IfModule>
-
- <Macro LDAPConnect>
- <IfModule authnz_ldap_module>
- AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu
- AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu
- AuthLDAPBindPassword "${builtins.getEnv "NIXOPS_HTTP_LDAP_PASSWORD"}"
- AuthType Basic
- AuthName "Authentification requise (Acces LDAP)"
- AuthBasicProvider ldap
- </IfModule>
- </Macro>
-
- <Macro Stats %{domain}>
- Alias /awstats /var/lib/goaccess/%{domain}
- <Directory /var/lib/goaccess/%{domain}>
- DirectoryIndex index.html
- AllowOverride None
- Require all granted
- </Directory>
- <Location /awstats>
- Use LDAPConnect
- Require ldap-group cn=%{domain},ou=stats,cn=httpd,ou=services,dc=immae,dc=eu
- </Location>
- </Macro>
- '';
- };
- http2 = {
- modules = [ "http2" ];
- extraConfig = ''
- Protocols h2 http/1.1
- '';
- };
- customLog = {
- modules = [];
- extraConfig = ''
- LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedVhost
- '';
- };
- };
+ apacheConfig = config.services.myWebsites.apacheConfig;
in rec {
enable = true;
logPerVirtualHost = true;
extraModules = pkgs.lib.lists.unique (
mypkgs.adminer.apache.modules ++
mypkgs.nextcloud.apache.modules ++
- mypkgs.connexionswing_dev.apache.modules ++
- mypkgs.connexionswing_prod.apache.modules ++
- mypkgs.ludivinecassal_dev.apache.modules ++
- mypkgs.ludivinecassal_prod.apache.modules ++
- mypkgs.piedsjaloux_dev.apache.modules ++
- mypkgs.piedsjaloux_prod.apache.modules ++
- mypkgs.chloe_dev.apache.modules ++
- mypkgs.chloe_prod.apache.modules ++
- mypkgs.aten_dev.apache.modules ++
- mypkgs.aten_prod.apache.modules ++
mypkgs.ympd.apache.modules ++
mypkgs.git.web.apache.modules ++
mypkgs.mantisbt.apache.modules ++
mypkgs.ttrss.apache.modules ++
mypkgs.roundcubemail.apache.modules ++
- pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules) apacheConfig) ++
- [ "macro" ]);
+ pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) apacheConfig));
extraConfig = builtins.concatStringsSep "\n"
- (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig) apacheConfig);
+ (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) apacheConfig));
virtualHosts = [
(withConf "eldiron" // {
hostName = "eldiron.immae.eu";
maxclients 1024
'';
};
+ system.activationScripts.redis = ''
+ mkdir -p /run/redis
+ chown redis /run/redis
+ '';
};
}
--- /dev/null
+{ lib, pkgs, config, mylibs, ... }:
+let
+ cfg = config.services.myWebsites;
+in
+{
+ imports = [
+ ./websites/chloe.nix
+ ./websites/ludivine.nix
+ ./websites/aten.nix
+ ./websites/piedsjaloux.nix
+ ./websites/connexionswing.nix
+ ];
+
+ options.services.myWebsites = {
+ production = {
+ enable = lib.mkEnableOption "enable websites in production";
+ };
+
+ integration = {
+ enable = lib.mkEnableOption "enable websites in integration";
+ };
+
+ apacheConfig = lib.mkOption {
+ type = lib.types.attrsOf (lib.types.submodule {
+ options = {
+ modules = lib.mkOption {
+ type = lib.types.listOf (lib.types.str);
+ default = [];
+ };
+ extraConfig = lib.mkOption {
+ type = lib.types.nullOr lib.types.lines;
+ default = null;
+ };
+ };
+ });
+ default = {};
+ description = "Extra global config";
+ };
+
+ };
+
+ config = {
+ services.myWebsites.Chloe.production.enable = cfg.production.enable;
+ services.myWebsites.Ludivine.production.enable = cfg.production.enable;
+ services.myWebsites.Aten.production.enable = cfg.production.enable;
+ services.myWebsites.PiedsJaloux.production.enable = cfg.production.enable;
+ services.myWebsites.Connexionswing.production.enable = cfg.production.enable;
+
+ services.myWebsites.Chloe.integration.enable = cfg.integration.enable;
+ services.myWebsites.Ludivine.integration.enable = cfg.integration.enable;
+ services.myWebsites.Aten.integration.enable = cfg.integration.enable;
+ services.myWebsites.PiedsJaloux.integration.enable = cfg.integration.enable;
+ services.myWebsites.Connexionswing.integration.enable = cfg.integration.enable;
+
+ services.myWebsites.apacheConfig = {
+ gzip = {
+ modules = [ "deflate" "filter" ];
+ extraConfig = ''
+ AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
+ '';
+ };
+ macros = {
+ modules = [ "macro" ];
+ };
+ ldap = {
+ modules = [ "ldap" "authnz_ldap" ];
+ # FIXME: starttls
+ extraConfig = assert mylibs.checkEnv "NIXOPS_HTTP_LDAP_PASSWORD"; ''
+ <IfModule ldap_module>
+ LDAPSharedCacheSize 500000
+ LDAPCacheEntries 1024
+ LDAPCacheTTL 600
+ LDAPOpCacheEntries 1024
+ LDAPOpCacheTTL 600
+ </IfModule>
+
+ <Macro LDAPConnect>
+ <IfModule authnz_ldap_module>
+ AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu STARTTLS
+ AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu
+ AuthLDAPBindPassword "${builtins.getEnv "NIXOPS_HTTP_LDAP_PASSWORD"}"
+ AuthType Basic
+ AuthName "Authentification requise (Acces LDAP)"
+ AuthBasicProvider ldap
+ </IfModule>
+ </Macro>
+
+ <Macro Stats %{domain}>
+ Alias /awstats /var/lib/goaccess/%{domain}
+ <Directory /var/lib/goaccess/%{domain}>
+ DirectoryIndex index.html
+ AllowOverride None
+ Require all granted
+ </Directory>
+ <Location /awstats>
+ Use LDAPConnect
+ Require ldap-group cn=%{domain},ou=stats,cn=httpd,ou=services,dc=immae,dc=eu
+ </Location>
+ </Macro>
+ '';
+ };
+ http2 = {
+ modules = [ "http2" ];
+ extraConfig = ''
+ Protocols h2 http/1.1
+ '';
+ };
+ customLog = {
+ extraConfig = ''
+ LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedVhost
+ '';
+ };
+ };
+ };
+}
services.phpfpm.poolConfigs.aten_prod = aten_prod.phpFpm.pool;
system.activationScripts.aten_prod = aten_prod.activationScript;
+ services.myWebsites.apacheConfig.aten_prod.modules = aten_prod.apache.modules;
})
(lib.mkIf cfg.integration.enable {
security.acme.certs."eldiron".extraDomains."dev.aten.pro" = null;
services.phpfpm.poolConfigs.aten_dev = aten_dev.phpFpm.pool;
system.activationScripts.aten_dev = aten_dev.activationScript;
+ services.myWebsites.apacheConfig.aten_dev.modules = aten_dev.apache.modules;
})
];
}
services.phpfpm.poolConfigs.chloe_prod = chloe_prod.phpFpm.pool;
system.activationScripts.chloe_prod = chloe_prod.activationScript;
+ services.myWebsites.apacheConfig.chloe_prod.modules = chloe_prod.apache.modules;
})
(lib.mkIf cfg.integration.enable {
security.acme.certs."eldiron".extraDomains."chloe.immae.eu" = null;
services.phpfpm.poolConfigs.chloe_dev = chloe_dev.phpFpm.pool;
system.activationScripts.chloe_dev = chloe_dev.activationScript;
+ services.myWebsites.apacheConfig.chloe_dev.modules = chloe_dev.apache.modules;
})
];
}
services.phpfpm.poolConfigs.connexionswing_prod = connexionswing_prod.phpFpm.pool;
system.activationScripts.connexionswing_prod = connexionswing_prod.activationScript;
+ services.myWebsites.apacheConfig.connexionswing_prod.modules = connexionswing_prod.apache.modules;
})
(lib.mkIf cfg.integration.enable {
security.acme.certs."eldiron".extraDomains."sandetludo.immae.eu" = null;
security.acme.certs."eldiron".extraDomains."connexionswing.immae.eu" = null;
services.phpfpm.poolConfigs.connexionswing_dev = connexionswing_dev.phpFpm.pool;
system.activationScripts.connexionswing_dev = connexionswing_dev.activationScript;
+ services.myWebsites.apacheConfig.connexionswing_dev.modules = connexionswing_dev.apache.modules;
})
];
}
services.phpfpm.poolConfigs.ludivinecassal_prod = ludivinecassal_prod.phpFpm.pool;
system.activationScripts.ludivinecassal_prod = ludivinecassal_prod.activationScript;
+ services.myWebsites.apacheConfig.ludivinecassal_prod.modules = ludivinecassal_prod.apache.modules;
})
(lib.mkIf cfg.integration.enable {
security.acme.certs."eldiron".extraDomains."ludivine.immae.eu" = null;
services.phpfpm.poolConfigs.ludivinecassal_dev = ludivinecassal_dev.phpFpm.pool;
system.activationScripts.ludivinecassal_dev = ludivinecassal_dev.activationScript;
+ services.myWebsites.apacheConfig.ludivinecassal_dev.modules = ludivinecassal_dev.apache.modules;
})
];
}
services.phpfpm.poolConfigs.piedsjaloux_prod = piedsjaloux_prod.phpFpm.pool;
system.activationScripts.piedsjaloux_prod = piedsjaloux_prod.activationScript;
+ services.myWebsites.apacheConfig.piedsjaloux_prod.modules = piedsjaloux_prod.apache.modules;
})
(lib.mkIf cfg.integration.enable {
security.acme.certs."eldiron".extraDomains."piedsjaloux.immae.eu" = null;
services.phpfpm.poolConfigs.piedsjaloux_dev = piedsjaloux_dev.phpFpm.pool;
system.activationScripts.piedsjaloux_dev = piedsjaloux_dev.activationScript;
+ services.myWebsites.apacheConfig.piedsjaloux_dev.modules = piedsjaloux_dev.apache.modules;
})
];
}