}
'';
-}
+} // (if builtins.pathExists ./lib/private then import ./lib/private else {})
mastodon = ./webapps/mastodon.nix;
mediagoblin = ./webapps/mediagoblin.nix;
peertube = ./webapps/peertube.nix;
+
+ websites = ./websites;
} // (if builtins.pathExists ./private then import ./private else {})
{
# adatped from nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix
- httpdProd = import ./httpd-service-builder.nix { httpdName = "Prod"; withUsers = false; };
httpdInte = import ./httpd-service-builder.nix { httpdName = "Inte"; withUsers = false; };
+ httpdProd = import ./httpd-service-builder.nix { httpdName = "Prod"; withUsers = false; };
httpdTools = import ./httpd-service-builder.nix { httpdName = "Tools"; withUsers = true; };
}
let
- mainCfg = config.services."httpd${httpdName}";
+ mainCfg = config.services.httpd."${httpdName}";
httpd = mainCfg.package.out;
options = {
- services."httpd${httpdName}" = {
+ services.httpd."${httpdName}" = {
enable = mkOption {
type = types.bool;
###### implementation
- config = mkIf config.services."httpd${httpdName}".enable {
+ config = mkIf config.services.httpd."${httpdName}".enable {
assertions = [ { assertion = mainCfg.enableSSL == true
-> mainCfg.sslServerCert != null
environment.systemPackages = [httpd] ++ concatMap (svc: svc.extraPath) allSubservices;
- services."httpd${httpdName}".phpOptions =
+ services.httpd."${httpdName}".phpOptions =
''
; Needed for PHP's mail() function.
sendmail_path = sendmail -t -i
--- /dev/null
+{ lib, config, ... }: with lib;
+let
+ cfg = config.services.websites;
+in
+{
+ options.services.websites = with types; mkOption {
+ default = {};
+ description = "Each type of website to enable will target a distinct httpd server";
+ type = attrsOf (submodule {
+ options = {
+ enable = mkEnableOption "Enable websites of this type";
+ adminAddr = mkOption {
+ type = str;
+ description = "Admin e-mail address of the instance";
+ };
+ httpdName = mkOption {
+ type = str;
+ description = "Name of the httpd instance to assign this type to";
+ };
+ ips = mkOption {
+ type = listOf string;
+ default = [];
+ description = "ips to listen to";
+ };
+ modules = mkOption {
+ type = listOf str;
+ default = [];
+ description = "Additional modules to load in Apache";
+ };
+ extraConfig = mkOption {
+ type = listOf lines;
+ default = [];
+ description = "Additional configuration to append to Apache";
+ };
+ nosslVhost = mkOption {
+ description = "A default nossl vhost for captive portals";
+ default = {};
+ type = submodule {
+ options = {
+ enable = mkEnableOption "Add default no-ssl vhost for this instance";
+ host = mkOption {
+ type = string;
+ description = "The hostname to use for this vhost";
+ };
+ root = mkOption {
+ type = path;
+ default = ./nosslVhost;
+ description = "The root folder to serve";
+ };
+ indexFile = mkOption {
+ type = string;
+ default = "index.html";
+ description = "The index file to show.";
+ };
+ };
+ };
+ };
+ fallbackVhost = mkOption {
+ description = "The fallback vhost that will be defined as first vhost in Apache";
+ type = submodule {
+ options = {
+ certName = mkOption { type = string; };
+ hosts = mkOption { type = listOf string; };
+ root = mkOption { type = nullOr path; };
+ extraConfig = mkOption { type = listOf lines; default = []; };
+ };
+ };
+ };
+ vhostConfs = mkOption {
+ default = {};
+ description = "List of vhosts to define for Apache";
+ type = attrsOf (submodule {
+ options = {
+ certName = mkOption { type = string; };
+ hosts = mkOption { type = listOf string; };
+ root = mkOption { type = nullOr path; };
+ extraConfig = mkOption { type = listOf lines; default = []; };
+ };
+ });
+ };
+ };
+ });
+ };
+
+ config.services.httpd = let
+ redirectVhost = ips: { # Should go last, catchall http -> https redirect
+ listen = map (ip: { inherit ip; port = 80; }) ips;
+ hostName = "redirectSSL";
+ serverAliases = [ "*" ];
+ enableSSL = false;
+ logFormat = "combinedVhost";
+ documentRoot = "/var/lib/acme/acme-challenge";
+ extraConfig = ''
+ RewriteEngine on
+ RewriteCond "%{REQUEST_URI}" "!^/\.well-known"
+ RewriteRule ^(.+) https://%{HTTP_HOST}$1 [R=301]
+ # To redirect in specific "VirtualHost *:80", do
+ # RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://host/$1
+ # rather than rewrite
+ '';
+ };
+ nosslVhost = ips: cfg: {
+ listen = map (ip: { inherit ip; port = 80; }) ips;
+ hostName = cfg.host;
+ enableSSL = false;
+ logFormat = "combinedVhost";
+ documentRoot = cfg.root;
+ extraConfig = ''
+ <Directory ${cfg.root}>
+ DirectoryIndex ${cfg.indexFile}
+ AllowOverride None
+ Require all granted
+
+ RewriteEngine on
+ RewriteRule ^/(.+) / [L]
+ </Directory>
+ '';
+ };
+ toVhost = ips: vhostConf: {
+ enableSSL = true;
+ sslServerCert = "/var/lib/acme/${vhostConf.certName}/cert.pem";
+ sslServerKey = "/var/lib/acme/${vhostConf.certName}/key.pem";
+ sslServerChain = "/var/lib/acme/${vhostConf.certName}/chain.pem";
+ logFormat = "combinedVhost";
+ listen = map (ip: { inherit ip; port = 443; }) ips;
+ hostName = builtins.head vhostConf.hosts;
+ serverAliases = builtins.tail vhostConf.hosts or [];
+ documentRoot = vhostConf.root;
+ extraConfig = builtins.concatStringsSep "\n" vhostConf.extraConfig;
+ };
+ in attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
+ icfg.httpdName (mkIf icfg.enable {
+ enable = true;
+ listen = map (ip: { inherit ip; port = 443; }) icfg.ips;
+ stateDir = "/run/httpd_${name}";
+ logPerVirtualHost = true;
+ multiProcessingModule = "worker";
+ inherit (icfg) adminAddr;
+ logFormat = "combinedVhost";
+ extraModules = lists.unique icfg.modules;
+ extraConfig = builtins.concatStringsSep "\n" icfg.extraConfig;
+ virtualHosts = [ (toVhost icfg.ips icfg.fallbackVhost) ]
+ ++ optionals (icfg.nosslVhost.enable) [ (nosslVhost icfg.ips icfg.nosslVhost) ]
+ ++ (attrsets.mapAttrsToList (n: v: toVhost icfg.ips v) icfg.vhostConfs)
+ ++ [ (redirectVhost icfg.ips) ];
+ })
+ ) cfg;
+}
--- /dev/null
+<!DOCTYPE html>
+<html>
+ <head>
+ <title>No SSL site</title>
+ </head>
+ <body>
+ <h1>No SSL on this site</h1>
+ <p>Use for wifi networks with login page that doesn't work well with
+ https.</p>
+ </body>
+</html>
] ++ (builtins.attrValues (import ../modules));
services.myGitolite.enable = true;
services.myDatabases.enable = true;
- services.myWebsites.production.enable = true;
- services.myWebsites.integration.enable = true;
- services.myWebsites.tools.enable = true;
services.pure-ftpd.enable = true;
services.irc.enable = true;
services.pub.enable = true;
extraGroups = [ "keys" ];
};
- services.myWebsites.tools.vhostConfs.git.extraConfig = lib.attrsets.mapAttrsToList (k: project: ''
+ services.websites.tools.vhostConfs.git.extraConfig = lib.attrsets.mapAttrsToList (k: project: ''
RedirectMatch permanent "^/buildbot/${project.name}$" "/buildbot/${project.name}/"
RewriteEngine On
RewriteRule ^/buildbot/${project.name}/ws(.*)$ unix:///run/buildbot/${project.name}.sock|ws://git.immae.eu/ws$1 [P,NE,QSA,L]
'';
}];
security.acme.certs."eldiron".extraDomains.${fqdn} = null;
- services.myWebsites.tools.modules = [ "proxy_fcgi" "sed" ];
- services.myWebsites.tools.vhostConfs.task = {
+ services.websites.tools.modules = [ "proxy_fcgi" "sed" ];
+ services.websites.tools.vhostConfs.task = {
certName = "eldiron";
hosts = [ "task.immae.eu" ];
root = "/run/current-system/webapps/_task";
mkdir -p $out/webapps
ln -s ${aten_prod.app.webRoot} $out/webapps/${aten_prod.apache.webappName}
'';
- services.myWebsites.apacheConfig.aten_prod.modules = aten_prod.apache.modules;
- services.myWebsites.production.modules = aten_prod.apache.modules;
- services.myWebsites.production.vhostConfs.aten = {
+ services.websites.production.modules = aten_prod.apache.modules;
+ services.websites.production.vhostConfs.aten = {
certName = "aten";
hosts = [ "aten.pro" "www.aten.pro" ];
root = aten_prod.apache.root;
mkdir -p $out/webapps
ln -s ${aten_dev.app.webRoot} $out/webapps/${aten_dev.apache.webappName}
'';
- services.myWebsites.integration.modules = aten_dev.apache.modules;
- services.myWebsites.integration.vhostConfs.aten = {
+ services.websites.integration.modules = aten_dev.apache.modules;
+ services.websites.integration.vhostConfs.aten = {
certName = "eldiron";
hosts = [ "dev.aten.pro" ];
root = aten_dev.apache.root;
ln -s ${siteDir} $out/webapps/${webappName}
'';
- services.myWebsites.production.vhostConfs.capitaines_mastodon = {
+ services.websites.production.vhostConfs.capitaines_mastodon = {
certName = "capitaines";
hosts = [ "mastodon.capitaines.fr" ];
root = root;
];
};
- services.myWebsites.production.vhostConfs.capitaines = {
+ services.websites.production.vhostConfs.capitaines = {
certName = "capitaines";
hosts = [ "capitaines.fr" ];
root = "/run/current-system/webapps/_www";
mkdir -p $out/webapps
ln -s ${chloe_prod.app.webRoot} $out/webapps/${chloe_prod.apache.webappName}
'';
- services.myWebsites.production.modules = chloe_prod.apache.modules;
- services.myWebsites.production.vhostConfs.chloe = {
+ services.websites.production.modules = chloe_prod.apache.modules;
+ services.websites.production.vhostConfs.chloe = {
certName = "chloe";
hosts = ["osteopathe-cc.fr" "www.osteopathe-cc.fr" ];
root = chloe_prod.apache.root;
mkdir -p $out/webapps
ln -s ${chloe_dev.app.webRoot} $out/webapps/${chloe_dev.apache.webappName}
'';
- services.myWebsites.integration.modules = chloe_dev.apache.modules;
- services.myWebsites.integration.vhostConfs.chloe = {
+ services.websites.integration.modules = chloe_dev.apache.modules;
+ services.websites.integration.vhostConfs.chloe = {
certName = "eldiron";
hosts = ["chloe.immae.eu" ];
root = chloe_dev.apache.root;
mkdir -p $out/webapps
ln -s ${connexionswing_prod.app.webRoot} $out/webapps/${connexionswing_prod.apache.webappName}
'';
- services.myWebsites.production.modules = connexionswing_prod.apache.modules;
- services.myWebsites.production.vhostConfs.connexionswing = {
+ services.websites.production.modules = connexionswing_prod.apache.modules;
+ services.websites.production.vhostConfs.connexionswing = {
certName = "connexionswing";
hosts = ["connexionswing.com" "sandetludo.com" "www.connexionswing.com" "www.sandetludo.com" ];
root = connexionswing_prod.apache.root;
mkdir -p $out/webapps
ln -s ${connexionswing_dev.app.webRoot} $out/webapps/${connexionswing_dev.apache.webappName}
'';
- services.myWebsites.integration.modules = connexionswing_dev.apache.modules;
- services.myWebsites.integration.vhostConfs.connexionswing = {
+ services.websites.integration.modules = connexionswing_dev.apache.modules;
+ services.websites.integration.vhostConfs.connexionswing = {
certName = "eldiron";
hosts = ["connexionswing.immae.eu" "sandetludo.immae.eu" ];
root = connexionswing_dev.apache.root;
cfg = config.services.myWebsites;
www_root = "/run/current-system/webapps/_www";
theme_root = "/run/current-system/webapps/_theme";
- makeService = name: cfg: let
- toVhost = vhostConf: {
- enableSSL = true;
- sslServerCert = "/var/lib/acme/${vhostConf.certName}/cert.pem";
- sslServerKey = "/var/lib/acme/${vhostConf.certName}/key.pem";
- sslServerChain = "/var/lib/acme/${vhostConf.certName}/chain.pem";
- logFormat = "combinedVhost";
- listen = map (ip: { inherit ip; port = 443; }) cfg.ips;
- hostName = builtins.head vhostConf.hosts;
- serverAliases = builtins.tail vhostConf.hosts or [];
- documentRoot = vhostConf.root;
- extraConfig = builtins.concatStringsSep "\n" vhostConf.extraConfig;
- };
- nosslVhost = {
- listen = map (ip: { inherit ip; port = 80; }) cfg.ips;
- hostName = "nossl.immae.eu";
- enableSSL = false;
- logFormat = "combinedVhost";
- documentRoot = www_root;
+ apacheConfig = {
+ gzip = {
+ modules = [ "deflate" "filter" ];
extraConfig = ''
- <Directory ${www_root}>
- DirectoryIndex nossl.html
- AllowOverride None
- Require all granted
-
- RewriteEngine on
- RewriteRule ^/(.+) / [L]
- </Directory>
- '';
+ AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
+ '';
+ };
+ macros = {
+ modules = [ "macro" ];
};
- redirectVhost = { # Should go last, catchall http -> https redirect
- listen = map (ip: { inherit ip; port = 80; }) cfg.ips;
- hostName = "redirectSSL";
- serverAliases = [ "*" ];
- enableSSL = false;
- logFormat = "combinedVhost";
- documentRoot = "/var/lib/acme/acme-challenge";
+ stats = {
extraConfig = ''
- RewriteEngine on
- RewriteCond "%{REQUEST_URI}" "!^/\.well-known"
- RewriteRule ^(.+) https://%{HTTP_HOST}$1 [R=301]
- # To redirect in specific "VirtualHost *:80", do
- # RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://host/$1
- # rather than rewrite
+ <Macro Stats %{domain}>
+ Alias /webstats ${config.services.webstats.dataDir}/%{domain}
+ <Directory ${config.services.webstats.dataDir}/%{domain}>
+ DirectoryIndex index.html
+ AllowOverride None
+ Require all granted
+ </Directory>
+ <Location /webstats>
+ Use LDAPConnect
+ Require ldap-group cn=%{domain},ou=stats,cn=httpd,ou=services,dc=immae,dc=eu
+ </Location>
+ </Macro>
'';
};
- fallbackVhost = toVhost { # Should go first, default choice
- certName = "eldiron";
- hosts = ["eldiron.immae.eu" ];
- root = www_root;
- extraConfig = [ "DirectoryIndex index.htm" ];
+ ldap = {
+ modules = [ "ldap" "authnz_ldap" ];
+ extraConfig = ''
+ <IfModule ldap_module>
+ LDAPSharedCacheSize 500000
+ LDAPCacheEntries 1024
+ LDAPCacheTTL 600
+ LDAPOpCacheEntries 1024
+ LDAPOpCacheTTL 600
+ </IfModule>
+
+ Include /var/secrets/apache-ldap
+ '';
};
- in rec {
- enable = true;
- listen = map (ip: { inherit ip; port = 443; }) cfg.ips;
- stateDir = "/run/httpd_${name}";
- logPerVirtualHost = true;
- multiProcessingModule = "worker";
- adminAddr = "httpd@immae.eu";
- logFormat = "combinedVhost";
- extraModules = pkgs.lib.lists.unique (pkgs.lib.lists.flatten cfg.modules);
- extraConfig = builtins.concatStringsSep "\n" cfg.extraConfig;
- virtualHosts = [ fallbackVhost ]
- ++ lib.optionals (name == "tools") [ nosslVhost ]
- ++ (pkgs.lib.attrsets.mapAttrsToList (n: v: toVhost v) cfg.vhostConfs)
- ++ [ redirectVhost ];
- };
- makeServiceOptions = name: {
- enable = lib.mkEnableOption "enable websites in ${name}";
- ips = lib.mkOption {
- type = lib.types.listOf lib.types.string;
- default = let
- ips = myconfig.env.servers.eldiron.ips.${name};
- in
- [ips.ip4] ++ (ips.ip6 or []);
- description = "${name} ips to listen to";
+ global = {
+ extraConfig = (pkgs.webapps.apache-default.override { inherit www_root;}).apacheConfig;
};
- modules = lib.mkOption {
- type = lib.types.listOf (lib.types.str);
- default = [];
+ apaxy = {
+ extraConfig = (pkgs.webapps.apache-theme.override { inherit theme_root; }).apacheConfig;
};
- extraConfig = lib.mkOption {
- type = lib.types.listOf (lib.types.lines);
- default = [];
+ http2 = {
+ modules = [ "http2" ];
+ extraConfig = ''
+ Protocols h2 http/1.1
+ '';
};
- vhostConfs = lib.mkOption {
- type = lib.types.attrsOf (lib.types.submodule {
- options = {
- certName = lib.mkOption { type = lib.types.string; };
- hosts = lib.mkOption { type = lib.types.listOf lib.types.string; };
- root = lib.mkOption { type = lib.types.nullOr lib.types.path; };
- extraConfig = lib.mkOption { type = lib.types.listOf lib.types.lines; default = []; };
- };
- });
+ customLog = {
+ extraConfig = ''
+ LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedVhost
+ '';
};
};
- makeModules = cfg: pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig);
- makeExtraConfig = cfg: (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig));
+ makeModules = lib.lists.flatten (lib.attrsets.mapAttrsToList (n: v: v.modules or []) apacheConfig);
+ makeExtraConfig = (builtins.filter (x: x != null) (lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) apacheConfig));
in
{
imports = [
./phpfpm
];
- options.services.myWebsites = {
- production = makeServiceOptions "production";
- integration = makeServiceOptions "integration";
- tools = makeServiceOptions "main";
-
- apacheConfig = lib.mkOption {
- type = lib.types.attrsOf (lib.types.submodule {
- options = {
- modules = lib.mkOption {
- type = lib.types.listOf (lib.types.str);
- default = [];
- };
- extraConfig = lib.mkOption {
- type = lib.types.nullOr lib.types.lines;
- default = null;
- };
- };
- });
- default = {};
- description = "Extra global config";
- };
-
- };
-
config = {
users.users.wwwrun.extraGroups = [ "keys" ];
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.myWebsites.tools.etherpad-lite.enable = true;
services.myWebsites.tools.peertube.enable = true;
- services.myWebsites.Chloe.production.enable = cfg.production.enable;
- services.myWebsites.Ludivine.production.enable = cfg.production.enable;
- services.myWebsites.Aten.production.enable = cfg.production.enable;
- services.myWebsites.PiedsJaloux.production.enable = cfg.production.enable;
- services.myWebsites.Connexionswing.production.enable = cfg.production.enable;
- services.myWebsites.Jerome.production.enable = cfg.production.enable;
- services.myWebsites.Nassime.production.enable = cfg.production.enable;
- services.myWebsites.Florian.production.enable = cfg.production.enable;
- services.myWebsites.Leila.production.enable = cfg.production.enable;
- services.myWebsites.Papa.production.enable = cfg.production.enable;
- services.myWebsites.DeniseJerome.production.enable = cfg.production.enable;
- services.myWebsites.Emilia.production.enable = cfg.production.enable;
- services.myWebsites.Capitaines.production.enable = cfg.production.enable;
- services.myWebsites.Immae.production.enable = cfg.production.enable;
- services.myWebsites.Release.production.enable = cfg.production.enable;
- services.myWebsites.Temp.production.enable = cfg.production.enable;
+ services.myWebsites.Chloe.production.enable = true;
+ services.myWebsites.Ludivine.production.enable = true;
+ services.myWebsites.Aten.production.enable = true;
+ services.myWebsites.PiedsJaloux.production.enable = true;
+ services.myWebsites.Connexionswing.production.enable = true;
+ services.myWebsites.Jerome.production.enable = true;
+ services.myWebsites.Nassime.production.enable = true;
+ services.myWebsites.Florian.production.enable = true;
+ services.myWebsites.Leila.production.enable = true;
+ services.myWebsites.Papa.production.enable = true;
+ services.myWebsites.DeniseJerome.production.enable = true;
+ services.myWebsites.Emilia.production.enable = true;
+ services.myWebsites.Capitaines.production.enable = true;
+ services.myWebsites.Immae.production.enable = true;
+ services.myWebsites.Release.production.enable = true;
+ services.myWebsites.Temp.production.enable = true;
- services.myWebsites.Chloe.integration.enable = cfg.integration.enable;
- services.myWebsites.Ludivine.integration.enable = cfg.integration.enable;
- services.myWebsites.Aten.integration.enable = cfg.integration.enable;
- services.myWebsites.PiedsJaloux.integration.enable = cfg.integration.enable;
- services.myWebsites.Connexionswing.integration.enable = cfg.integration.enable;
+ services.myWebsites.Chloe.integration.enable = true;
+ services.myWebsites.Ludivine.integration.enable = true;
+ services.myWebsites.Aten.integration.enable = true;
+ services.myWebsites.PiedsJaloux.integration.enable = true;
+ services.myWebsites.Connexionswing.integration.enable = true;
services.myWebsites.TellesFlorian.integration.enable = true;
services.myWebsites.Florian.integration.enable = true;
'';
}];
- services.myWebsites.apacheConfig = {
- gzip = {
- modules = [ "deflate" "filter" ];
- extraConfig = ''
- AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
- '';
- };
- macros = {
- modules = [ "macro" ];
- };
- stats = {
- extraConfig = ''
- <Macro Stats %{domain}>
- Alias /webstats ${config.services.webstats.dataDir}/%{domain}
- <Directory ${config.services.webstats.dataDir}/%{domain}>
- DirectoryIndex index.html
- AllowOverride None
- Require all granted
- </Directory>
- <Location /webstats>
- Use LDAPConnect
- Require ldap-group cn=%{domain},ou=stats,cn=httpd,ou=services,dc=immae,dc=eu
- </Location>
- </Macro>
- '';
- };
- ldap = {
- modules = [ "ldap" "authnz_ldap" ];
- extraConfig = ''
- <IfModule ldap_module>
- LDAPSharedCacheSize 500000
- LDAPCacheEntries 1024
- LDAPCacheTTL 600
- LDAPOpCacheEntries 1024
- LDAPOpCacheTTL 600
- </IfModule>
-
- Include /var/secrets/apache-ldap
- '';
- };
- global = {
- extraConfig = (pkgs.webapps.apache-default.override { inherit www_root;}).apacheConfig;
- };
- apaxy = {
- extraConfig = (pkgs.webapps.apache-theme.override { inherit theme_root; }).apacheConfig;
- };
- http2 = {
- modules = [ "http2" ];
- extraConfig = ''
- Protocols h2 http/1.1
- '';
- };
- customLog = {
- extraConfig = ''
- LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedVhost
- '';
- };
- };
-
system.activationScripts = {
httpd = ''
install -d -m 0755 /var/lib/acme/acme-challenge
'';
};
- services.httpdProd = makeService "production" config.services.myWebsites.production;
- services.myWebsites.production.modules = makeModules cfg;
- services.myWebsites.production.extraConfig = makeExtraConfig cfg;
+ services.websites.production = {
+ enable = true;
+ adminAddr = "httpd@immae.eu";
+ httpdName = "Prod";
+ ips =
+ let ips = myconfig.env.servers.eldiron.ips.production;
+ in [ips.ip4] ++ (ips.ip6 or []);
+ modules = makeModules;
+ extraConfig = makeExtraConfig;
+ fallbackVhost = {
+ certName = "eldiron";
+ hosts = ["eldiron.immae.eu" ];
+ root = www_root;
+ extraConfig = [ "DirectoryIndex index.htm" ];
+ };
+ };
- services.httpdInte = makeService "integration" config.services.myWebsites.integration;
- services.myWebsites.integration.modules = makeModules cfg;
- services.myWebsites.integration.extraConfig = makeExtraConfig cfg;
+ services.websites.integration = {
+ enable = true;
+ adminAddr = "httpd@immae.eu";
+ httpdName = "Inte";
+ ips =
+ let ips = myconfig.env.servers.eldiron.ips.integration;
+ in [ips.ip4] ++ (ips.ip6 or []);
+ modules = makeModules;
+ extraConfig = makeExtraConfig;
+ fallbackVhost = {
+ certName = "eldiron";
+ hosts = ["eldiron.immae.eu" ];
+ root = www_root;
+ extraConfig = [ "DirectoryIndex index.htm" ];
+ };
+ };
- services.httpdTools = makeService "tools" config.services.myWebsites.tools;
- services.myWebsites.tools.modules = makeModules cfg;
- services.myWebsites.tools.extraConfig = makeExtraConfig cfg ++
- [ ''
- RedirectMatch ^/licen[cs]es?_et_tip(ping)?$ https://www.immae.eu/licences_et_tip.html
- RedirectMatch ^/licen[cs]es?_and_tip(ping)?$ https://www.immae.eu/licenses_and_tipping.html
- RedirectMatch ^/licen[cs]es?$ https://www.immae.eu/licenses_and_tipping.html
- RedirectMatch ^/tip(ping)?$ https://www.immae.eu/licenses_and_tipping.html
- RedirectMatch ^/(mentions|mentions_legales|legal)$ https://www.immae.eu/mentions.html
- RedirectMatch ^/CGU$ https://www.immae.eu/CGU
- ''
- ]
- ;
+ services.websites.tools = {
+ enable = true;
+ adminAddr = "httpd@immae.eu";
+ httpdName = "Tools";
+ ips =
+ let ips = myconfig.env.servers.eldiron.ips.main;
+ in [ips.ip4] ++ (ips.ip6 or []);
+ modules = makeModules;
+ extraConfig = makeExtraConfig ++
+ [ ''
+ RedirectMatch ^/licen[cs]es?_et_tip(ping)?$ https://www.immae.eu/licences_et_tip.html
+ RedirectMatch ^/licen[cs]es?_and_tip(ping)?$ https://www.immae.eu/licenses_and_tipping.html
+ RedirectMatch ^/licen[cs]es?$ https://www.immae.eu/licenses_and_tipping.html
+ RedirectMatch ^/tip(ping)?$ https://www.immae.eu/licenses_and_tipping.html
+ RedirectMatch ^/(mentions|mentions_legales|legal)$ https://www.immae.eu/mentions.html
+ RedirectMatch ^/CGU$ https://www.immae.eu/CGU
+ ''
+ ];
+ nosslVhost = {
+ enable = true;
+ host = "nossl.immae.eu";
+ };
+ fallbackVhost = {
+ certName = "eldiron";
+ hosts = ["eldiron.immae.eu" ];
+ root = www_root;
+ extraConfig = [ "DirectoryIndex index.htm" ];
+ };
+ };
};
}
mkdir -p $out/webapps
ln -s ${siteDir} $out/webapps/${webappName}
'';
- services.myWebsites.production.vhostConfs.emilia = {
+ services.websites.production.vhostConfs.emilia = {
certName = "emilia";
hosts = [ "saison-photo.org" "www.saison-photo.org" ];
root = root;
domain = "denisejerome.piedsjaloux.fr";
};
- services.myWebsites.production.vhostConfs.denisejerome = {
+ services.websites.production.vhostConfs.denisejerome = {
certName = "denisejerome";
hosts = ["denisejerome.piedsjaloux.fr" ];
root = varDir;
};
};
- services.myWebsites.production.modules = adminer.apache.modules;
- services.myWebsites.production.vhostConfs.florian = {
+ services.websites.production.modules = adminer.apache.modules;
+ services.websites.production.vhostConfs.florian = {
certName = "florian";
hosts = [ "tellesflorian.com" "www.tellesflorian.com" ];
root = "${varDir}/tellesflorian.com";
security.acme.certs."ftp".extraDomains."florian.immae.eu" = null;
security.acme.certs."eldiron".extraDomains."florian.immae.eu" = null;
- services.myWebsites.integration.modules = adminer.apache.modules;
- services.myWebsites.integration.vhostConfs.florian = {
+ services.websites.integration.modules = adminer.apache.modules;
+ services.websites.integration.vhostConfs.florian = {
certName = "eldiron";
hosts = [ "florian.immae.eu" ];
root = "${varDir}/florian.immae.eu";
php_admin_value[open_basedir] = "${varDir}:/tmp"
'';
- services.myWebsites.production.modules = [ "proxy_fcgi" ];
- services.myWebsites.production.vhostConfs.immae = {
+ services.websites.production.modules = [ "proxy_fcgi" ];
+ services.websites.production.vhostConfs.immae = {
certName = "eldiron";
hosts = [ "www.immae.eu" ];
root = varDir;
security.acme.certs."eldiron".extraDomains."bouya.org" = null;
security.acme.certs."eldiron".extraDomains."www.bouya.org" = null;
- services.myWebsites.production.vhostConfs.bouya = {
+ services.websites.production.vhostConfs.bouya = {
certName = "eldiron";
hosts = [ "bouya.org" "www.bouya.org" ];
root = null;
services.myPhpfpm.poolPhpConfigs.jerome = ''
extension=${pkgs.php}/lib/php/extensions/mysqli.so
'';
- services.myWebsites.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ];
- services.myWebsites.production.vhostConfs.naturaloutil = {
+ services.websites.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ];
+ services.websites.production.vhostConfs.naturaloutil = {
certName = "naturaloutil";
hosts = ["naturaloutil.immae.eu" ];
root = varDir;
{ name = "chorale.leila.bouya.org"; }
];
- services.myWebsites.production.modules = [ "proxy_fcgi" ];
- services.myWebsites.production.vhostConfs.leila_chorale = {
+ services.websites.production.modules = [ "proxy_fcgi" ];
+ services.websites.production.vhostConfs.leila_chorale = {
certName = "leila";
hosts = [ "chorale.leila.bouya.org" "chorale-vocanta.fr.nf" "www.chorale-vocanta.fr.nf" ];
root = "${varDir}/Chorale";
''
];
};
- services.myWebsites.production.vhostConfs.leila = {
+ services.websites.production.vhostConfs.leila = {
certName = "leila";
hosts = [ "leila.bouya.org" ];
root = varDir;
domain = "nassime.bouya.org";
};
- services.myWebsites.production.vhostConfs.nassime = {
+ services.websites.production.vhostConfs.nassime = {
certName = "nassime";
hosts = ["nassime.bouya.org" ];
root = varDir;
];
};
- services.myWebsites.production.vhostConfs.papa = {
+ services.websites.production.vhostConfs.papa = {
certName = "papa";
hosts = [ "surveillance.maison.bbc.bouya.org" ];
root = varDir;
security.acme.certs."eldiron".extraDomains."release.immae.eu" = null;
- services.myWebsites.production.vhostConfs.release = {
+ services.websites.production.vhostConfs.release = {
certName = "eldiron";
hosts = [ "release.immae.eu" ];
root = varDir;
config = lib.mkIf cfg.production.enable {
security.acme.certs."eldiron".extraDomains."temp.immae.eu" = null;
- services.myWebsites.production.modules = [ "headers" ];
- services.myWebsites.production.vhostConfs.temp = {
+ services.websites.production.modules = [ "headers" ];
+ services.websites.production.vhostConfs.temp = {
certName = "eldiron";
hosts = [ "temp.immae.eu" ];
root = varDir;
mkdir -p $out/webapps
ln -s ${ludivinecassal_prod.app.webRoot} $out/webapps/${ludivinecassal_prod.apache.webappName}
'';
- services.myWebsites.production.modules = ludivinecassal_prod.apache.modules;
- services.myWebsites.production.vhostConfs.ludivine = {
+ services.websites.production.modules = ludivinecassal_prod.apache.modules;
+ services.websites.production.vhostConfs.ludivine = {
certName = "ludivinecassal";
hosts = ["ludivinecassal.com" "www.ludivinecassal.com" ];
root = ludivinecassal_prod.apache.root;
mkdir -p $out/webapps
ln -s ${ludivinecassal_dev.app.webRoot} $out/webapps/${ludivinecassal_dev.apache.webappName}
'';
- services.myWebsites.apacheConfig.ludivinecassal_dev.modules = ludivinecassal_dev.apache.modules;
- services.myWebsites.integration.modules = ludivinecassal_dev.apache.modules;
- services.myWebsites.integration.vhostConfs.ludivine = {
+ services.websites.integration.modules = ludivinecassal_dev.apache.modules;
+ services.websites.integration.vhostConfs.ludivine = {
certName = "eldiron";
hosts = [ "ludivine.immae.eu" ];
root = ludivinecassal_dev.apache.root;
mkdir -p $out/webapps
ln -s ${piedsjaloux_prod.app.webRoot} $out/webapps/${piedsjaloux_prod.apache.webappName}
'';
- services.myWebsites.production.modules = piedsjaloux_prod.apache.modules;
- services.myWebsites.production.vhostConfs.piedsjaloux = {
+ services.websites.production.modules = piedsjaloux_prod.apache.modules;
+ services.websites.production.vhostConfs.piedsjaloux = {
certName = "piedsjaloux";
hosts = [ "piedsjaloux.fr" "www.piedsjaloux.fr" ];
root = piedsjaloux_prod.apache.root;
mkdir -p $out/webapps
ln -s ${piedsjaloux_dev.app.webRoot} $out/webapps/${piedsjaloux_dev.apache.webappName}
'';
- services.myWebsites.integration.modules = piedsjaloux_dev.apache.modules;
- services.myWebsites.integration.vhostConfs.piedsjaloux = {
+ services.websites.integration.modules = piedsjaloux_dev.apache.modules;
+ services.websites.integration.vhostConfs.piedsjaloux = {
certName = "eldiron";
hosts = [ "piedsjaloux.immae.eu" ];
root = piedsjaloux_dev.apache.root;
mkdir -p $out/webapps
ln -s ${tellesflorian_dev.app.webRoot} $out/webapps/${tellesflorian_dev.apache.webappName}
'';
- services.myWebsites.integration.modules = adminer.apache.modules ++ tellesflorian_dev.apache.modules;
- services.myWebsites.integration.vhostConfs.tellesflorian = {
+ services.websites.integration.modules = adminer.apache.modules ++ tellesflorian_dev.apache.modules;
+ services.websites.integration.vhostConfs.tellesflorian = {
certName = "eldiron";
hosts = ["app.tellesflorian.com" ];
root = tellesflorian_dev.apache.root;
config = lib.mkIf cfg.enable {
security.acme.certs."eldiron".extraDomains."cloud.immae.eu" = null;
- services.myWebsites.tools.modules = [ "proxy_fcgi" ];
+ services.websites.tools.modules = [ "proxy_fcgi" ];
- services.myWebsites.tools.vhostConfs.cloud = {
+ services.websites.tools.vhostConfs.cloud = {
certName = "eldiron";
hosts = ["cloud.immae.eu" ];
root = apacheRoot;
security.acme.certs."eldiron".extraDomains."dav.immae.eu" = null;
secrets.keys = davical.keys;
- services.myWebsites.tools.modules = davical.apache.modules;
+ services.websites.tools.modules = davical.apache.modules;
- services.myWebsites.tools.vhostConfs.dav = {
+ services.websites.tools.vhostConfs.dav = {
certName = "eldiron";
hosts = ["dav.immae.eu" ];
root = null;
config = lib.mkIf cfg.enable {
security.acme.certs."eldiron".extraDomains."db-1.immae.eu" = null;
- services.myWebsites.tools.modules = adminer.apache.modules;
- services.myWebsites.tools.vhostConfs.db-1 = {
+ services.websites.tools.modules = adminer.apache.modules;
+ services.websites.tools.vhostConfs.db-1 = {
certName = "eldiron";
hosts = ["db-1.immae.eu" ];
root = null;
configDir = "/var/secrets/webapps/diaspora";
};
- services.myWebsites.tools.modules = [
+ services.websites.tools.modules = [
"headers" "proxy" "proxy_http"
];
security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null;
mkdir -p $out/webapps
ln -s ${dcfg.workdir}/public/ $out/webapps/tools_diaspora
'';
- services.myWebsites.tools.vhostConfs.diaspora = {
+ services.websites.tools.vhostConfs.diaspora = {
certName = "eldiron";
hosts = [ "diaspora.immae.eu" ];
root = root;
systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys";
- services.myWebsites.tools.modules = [
+ services.websites.tools.modules = [
"headers" "proxy" "proxy_http" "proxy_wstunnel"
];
security.acme.certs."eldiron".extraDomains."ether.immae.eu" = null;
- services.myWebsites.tools.vhostConfs.etherpad-lite = {
+ services.websites.tools.vhostConfs.etherpad-lite = {
certName = "eldiron";
hosts = [ "ether.immae.eu" ];
root = null;
security.acme.certs."eldiron".extraDomains."git.immae.eu" = null;
secrets.keys = mantisbt.keys;
- services.myWebsites.tools.modules =
+ services.websites.tools.modules =
gitweb.apache.modules ++
mantisbt.apache.modules;
system.extraSystemBuilderCmds = ''
ln -s ${mantisbt.webRoot} $out/webapps/${mantisbt.apache.webappName}
'';
- services.myWebsites.tools.vhostConfs.git = {
+ services.websites.tools.vhostConfs.git = {
certName = "eldiron";
hosts = ["git.immae.eu" ];
root = gitweb.apache.root;
dataDir = "/var/lib/mastodon_immae";
};
- services.myWebsites.tools.modules = [
+ services.websites.tools.modules = [
"headers" "proxy" "proxy_wstunnel" "proxy_http"
];
security.acme.certs."eldiron".extraDomains."mastodon.immae.eu" = null;
mkdir -p $out/webapps
ln -s ${mcfg.workdir}/public/ $out/webapps/tools_mastodon
'';
- services.myWebsites.tools.vhostConfs.mastodon = {
+ services.websites.tools.vhostConfs.mastodon = {
certName = "eldiron";
hosts = ["mastodon.immae.eu" ];
root = root;
configFile = "/var/secrets/webapps/tools-mediagoblin";
};
- services.myWebsites.tools.modules = [
+ services.websites.tools.modules = [
"proxy" "proxy_http"
];
users.users.wwwrun.extraGroups = [ "mediagoblin" ];
security.acme.certs."eldiron".extraDomains."mgoblin.immae.eu" = null;
- services.myWebsites.tools.vhostConfs.mgoblin = {
+ services.websites.tools.vhostConfs.mgoblin = {
certName = "eldiron";
hosts = ["mgoblin.immae.eu" ];
root = null;
'';
}];
- services.myWebsites.tools.modules = [
+ services.websites.tools.modules = [
"headers" "proxy" "proxy_http" "proxy_wstunnel"
];
security.acme.certs."eldiron".extraDomains."peertube.immae.eu" = null;
- services.myWebsites.tools.vhostConfs.peertube = {
+ services.websites.tools.vhostConfs.peertube = {
certName = "eldiron";
hosts = [ "peertube.immae.eu" ];
root = null;
++ wallabag.keys
++ yourls.keys;
- services.myWebsites.integration.modules =
+ services.websites.integration.modules =
rainloop.apache.modules;
- services.myWebsites.tools.modules =
+ services.websites.tools.modules =
[ "proxy_fcgi" ]
++ adminer.apache.modules
++ ympd.apache.modules
'';
};
- services.myWebsites.integration.vhostConfs.devtools = {
+ services.websites.integration.vhostConfs.devtools = {
certName = "eldiron";
hosts = ["devtools.immae.eu" ];
root = "/var/lib/ftp/devtools.immae.eu";
];
};
- services.myWebsites.tools.vhostConfs.tools = {
+ services.websites.tools.vhostConfs.tools = {
certName = "eldiron";
hosts = ["tools.immae.eu" ];
root = "/var/lib/ftp/tools.immae.eu";
};
security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null;
- services.myWebsites.tools.vhostConfs.outils = {
+ services.websites.tools.vhostConfs.outils = {
certName = "eldiron";
hosts = [ "outils.immae.eu" ];
root = null;