From 4288c2f2431fb782b0d512b1b3749187f2374b6a Mon Sep 17 00:00:00 2001 From: =?utf8?q?Isma=C3=ABl=20Bouya?= Date: Wed, 22 May 2019 20:01:33 +0200 Subject: [PATCH] Move websites/tools to modules --- modules/private/default.nix | 11 + modules/private/websites/aten/integration.nix | 5 +- modules/private/websites/aten/production.nix | 5 +- .../websites/capitaines/production.nix | 5 +- .../private/websites/chloe/integration.nix | 5 +- modules/private/websites/chloe/production.nix | 5 +- .../websites/connexionswing/integration.nix | 5 +- .../websites/connexionswing/production.nix | 5 +- modules/private/websites/default.nix | 274 ++++++++++++++++-- .../private/websites/emilia/production.nix | 5 +- modules/private/websites/florian/app.nix | 5 +- .../websites/ludivinecassal/integration.nix | 5 +- .../websites/ludivinecassal/production.nix | 5 +- .../websites/naturaloutil/production.nix | 9 +- .../websites/piedsjaloux/integration.nix | 5 +- .../websites/piedsjaloux/production.nix | 5 +- .../private/websites/tools/cloud/default.nix | 4 +- .../private}/websites/tools/dav/davical.nix | 6 + .../private}/websites/tools/dav/default.nix | 12 +- .../private/websites/tools/db/default.nix | 6 +- .../websites/tools/diaspora/default.nix | 4 +- .../private/websites/tools/ether/default.nix | 4 +- .../private}/websites/tools/git/default.nix | 12 +- .../private}/websites/tools/git/gitweb.nix | 0 .../private}/websites/tools/git/mantisbt.nix | 6 + .../websites/tools/mastodon/default.nix | 4 +- .../websites/tools/mgoblin/default.nix | 4 +- .../websites/tools/peertube/default.nix | 4 +- .../private/websites/tools/tools}/adminer.nix | 11 +- .../private}/websites/tools/tools/default.nix | 110 +++---- .../websites/tools/tools/dokuwiki.nix | 0 .../websites/tools/tools/kanboard.nix | 0 .../private}/websites/tools/tools/ldap.nix | 6 + .../websites/tools/tools/rainloop.nix | 0 .../private}/websites/tools/tools/rompr.nix | 0 .../websites/tools/tools/roundcubemail.nix | 0 .../private}/websites/tools/tools/shaarli.nix | 0 .../private}/websites/tools/tools/ttrss.nix | 0 .../websites/tools/tools/wallabag.nix | 0 .../private}/websites/tools/tools/ympd.nix | 0 .../private}/websites/tools/tools/yourls.nix | 9 +- nixops/eldiron.nix | 1 - nixops/modules/task/default.nix | 4 +- nixops/modules/websites/default.nix | 236 --------------- 44 files changed, 398 insertions(+), 404 deletions(-) rename nixops/modules/websites/tools/cloud.nix => modules/private/websites/tools/cloud/default.nix (98%) rename {nixops/modules => modules/private}/websites/tools/dav/davical.nix (96%) rename {nixops/modules => modules/private}/websites/tools/dav/default.nix (78%) rename nixops/modules/websites/tools/db.nix => modules/private/websites/tools/db/default.nix (72%) rename nixops/modules/websites/tools/diaspora.nix => modules/private/websites/tools/diaspora/default.nix (98%) rename nixops/modules/websites/tools/ether.nix => modules/private/websites/tools/ether/default.nix (98%) rename {nixops/modules => modules/private}/websites/tools/git/default.nix (76%) rename {nixops/modules => modules/private}/websites/tools/git/gitweb.nix (100%) rename {nixops/modules => modules/private}/websites/tools/git/mantisbt.nix (94%) rename nixops/modules/websites/tools/mastodon.nix => modules/private/websites/tools/mastodon/default.nix (97%) rename nixops/modules/websites/tools/mediagoblin.nix => modules/private/websites/tools/mgoblin/default.nix (97%) rename nixops/modules/websites/tools/peertube.nix => modules/private/websites/tools/peertube/default.nix (98%) rename {nixops/modules/websites/commons => modules/private/websites/tools/tools}/adminer.nix (80%) rename {nixops/modules => modules/private}/websites/tools/tools/default.nix (77%) rename {nixops/modules => modules/private}/websites/tools/tools/dokuwiki.nix (100%) rename {nixops/modules => modules/private}/websites/tools/tools/kanboard.nix (100%) rename {nixops/modules => modules/private}/websites/tools/tools/ldap.nix (93%) rename {nixops/modules => modules/private}/websites/tools/tools/rainloop.nix (100%) rename {nixops/modules => modules/private}/websites/tools/tools/rompr.nix (100%) rename {nixops/modules => modules/private}/websites/tools/tools/roundcubemail.nix (100%) rename {nixops/modules => modules/private}/websites/tools/tools/shaarli.nix (100%) rename {nixops/modules => modules/private}/websites/tools/tools/ttrss.nix (100%) rename {nixops/modules => modules/private}/websites/tools/tools/wallabag.nix (100%) rename {nixops/modules => modules/private}/websites/tools/tools/ympd.nix (100%) rename {nixops/modules => modules/private}/websites/tools/tools/yourls.nix (94%) delete mode 100644 nixops/modules/websites/default.nix diff --git a/modules/private/default.nix b/modules/private/default.nix index 16258e4..242eeb9 100644 --- a/modules/private/default.nix +++ b/modules/private/default.nix @@ -36,6 +36,17 @@ set = { piedsjalouxInte = ./websites/piedsjaloux/integration.nix; piedsjalouxProd = ./websites/piedsjaloux/production.nix; + cloudTool = ./websites/tools/cloud; + davTool = ./websites/tools/dav; + dbTool = ./websites/tools/db; + diasporaTool = ./websites/tools/diaspora; + etherTool = ./websites/tools/ether; + gitTool = ./websites/tools/git; + mastodonTool = ./websites/tools/mastodon; + mgoblinTool = ./websites/tools/mgoblin; + peertubeTool = ./websites/tools/peertube; + toolsTool = ./websites/tools/tools; + irc = ./irc.nix; }; in diff --git a/modules/private/websites/aten/integration.nix b/modules/private/websites/aten/integration.nix index 5ccc0c1..748e388 100644 --- a/modules/private/websites/aten/integration.nix +++ b/modules/private/websites/aten/integration.nix @@ -18,10 +18,7 @@ in { systemd.services.phpfpm-aten_dev.wants = aten.phpFpm.serviceDeps; services.phpfpm.poolConfigs.aten_dev = aten.phpFpm.pool; system.activationScripts.aten_dev = aten.activationScript; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${aten.app.webRoot} $out/webapps/${aten.apache.webappName} - ''; + myServices.websites.webappDirs."${aten.apache.webappName}" = aten.app.webRoot; services.websites.integration.modules = aten.apache.modules; services.websites.integration.vhostConfs.aten = { certName = "eldiron"; diff --git a/modules/private/websites/aten/production.nix b/modules/private/websites/aten/production.nix index 7938241..7a4adb5 100644 --- a/modules/private/websites/aten/production.nix +++ b/modules/private/websites/aten/production.nix @@ -20,10 +20,7 @@ in { systemd.services.phpfpm-aten_prod.wants = aten.phpFpm.serviceDeps; services.phpfpm.poolConfigs.aten_prod = aten.phpFpm.pool; system.activationScripts.aten_prod = aten.activationScript; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${aten.app.webRoot} $out/webapps/${aten.apache.webappName} - ''; + myServices.websites.webappDirs."${aten.apache.webappName}" = aten.app.webRoot; services.websites.production.modules = aten.apache.modules; services.websites.production.vhostConfs.aten = { certName = "aten"; diff --git a/modules/private/websites/capitaines/production.nix b/modules/private/websites/capitaines/production.nix index fe9c619..57d8787 100644 --- a/modules/private/websites/capitaines/production.nix +++ b/modules/private/websites/capitaines/production.nix @@ -9,10 +9,7 @@ in { options.myServices.websites.capitaines.production.enable = lib.mkEnableOption "enable Capitaines's website"; config = lib.mkIf cfg.enable { - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${siteDir} $out/webapps/${webappName} - ''; + myServices.websites.webappDirs."${webappName}" = siteDir; services.websites.production.vhostConfs.capitaines_mastodon = { certName = "capitaines"; diff --git a/modules/private/websites/chloe/integration.nix b/modules/private/websites/chloe/integration.nix index d49a85c..c42a428 100644 --- a/modules/private/websites/chloe/integration.nix +++ b/modules/private/websites/chloe/integration.nix @@ -23,10 +23,7 @@ in { ''; }; system.activationScripts.chloe_dev = chloe.activationScript; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${chloe.app.webRoot} $out/webapps/${chloe.apache.webappName} - ''; + myServices.websites.webappDirs."${chloe.apache.webappName}" = chloe.app.webRoot; services.websites.integration.modules = chloe.apache.modules; services.websites.integration.vhostConfs.chloe = { certName = "eldiron"; diff --git a/modules/private/websites/chloe/production.nix b/modules/private/websites/chloe/production.nix index d4b2299..0bf2d8f 100644 --- a/modules/private/websites/chloe/production.nix +++ b/modules/private/websites/chloe/production.nix @@ -25,10 +25,7 @@ in { ''; }; system.activationScripts.chloe_prod = chloe.activationScript; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${chloe.app.webRoot} $out/webapps/${chloe.apache.webappName} - ''; + myServices.websites.webappDirs."${chloe.apache.webappName}" = chloe.app.webRoot; services.websites.production.modules = chloe.apache.modules; services.websites.production.vhostConfs.chloe = { certName = "chloe"; diff --git a/modules/private/websites/connexionswing/integration.nix b/modules/private/websites/connexionswing/integration.nix index 6570977..1d8488a 100644 --- a/modules/private/websites/connexionswing/integration.nix +++ b/modules/private/websites/connexionswing/integration.nix @@ -22,10 +22,7 @@ in { phpOptions = config.services.phpfpm.phpOptions + connexionswing.phpFpm.phpConfig; }; system.activationScripts.connexionswing_dev = connexionswing.activationScript; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${connexionswing.app.webRoot} $out/webapps/${connexionswing.apache.webappName} - ''; + myServices.websites.webappDirs."${connexionswing.apache.webappName}" = connexionswing.app.webRoot; services.websites.integration.modules = connexionswing.apache.modules; services.websites.integration.vhostConfs.connexionswing = { certName = "eldiron"; diff --git a/modules/private/websites/connexionswing/production.nix b/modules/private/websites/connexionswing/production.nix index b51c549..555f129 100644 --- a/modules/private/websites/connexionswing/production.nix +++ b/modules/private/websites/connexionswing/production.nix @@ -24,10 +24,7 @@ in { phpOptions = config.services.phpfpm.phpOptions + connexionswing.phpFpm.phpConfig; }; system.activationScripts.connexionswing_prod = connexionswing.activationScript; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${connexionswing.app.webRoot} $out/webapps/${connexionswing.apache.webappName} - ''; + myServices.websites.webappDirs."${connexionswing.apache.webappName}" = connexionswing.app.webRoot; services.websites.production.modules = connexionswing.apache.modules; services.websites.production.vhostConfs.connexionswing = { certName = "connexionswing"; diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix index 80d902e..8b02977 100644 --- a/modules/private/websites/default.nix +++ b/modules/private/websites/default.nix @@ -1,39 +1,265 @@ -{ ... }: +{ lib, pkgs, config, myconfig, ... }: +let + www_root = "/run/current-system/webapps/_www"; + theme_root = "/run/current-system/webapps/_theme"; + apacheConfig = { + gzip = { + modules = [ "deflate" "filter" ]; + extraConfig = '' + AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript + ''; + }; + macros = { + modules = [ "macro" ]; + }; + stats = { + extraConfig = '' + + Alias /webstats ${config.services.webstats.dataDir}/%{domain} + + DirectoryIndex index.html + AllowOverride None + Require all granted + + + Use LDAPConnect + Require ldap-group cn=%{domain},ou=stats,cn=httpd,ou=services,dc=immae,dc=eu + + + ''; + }; + ldap = { + modules = [ "ldap" "authnz_ldap" ]; + extraConfig = '' + + LDAPSharedCacheSize 500000 + LDAPCacheEntries 1024 + LDAPCacheTTL 600 + LDAPOpCacheEntries 1024 + LDAPOpCacheTTL 600 + + + Include /var/secrets/apache-ldap + ''; + }; + global = { + extraConfig = (pkgs.webapps.apache-default.override { inherit www_root;}).apacheConfig; + }; + apaxy = { + extraConfig = (pkgs.webapps.apache-theme.override { inherit theme_root; }).apacheConfig; + }; + http2 = { + modules = [ "http2" ]; + extraConfig = '' + Protocols h2 http/1.1 + ''; + }; + customLog = { + extraConfig = '' + LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedVhost + ''; + }; + }; + makeModules = lib.lists.flatten (lib.attrsets.mapAttrsToList (n: v: v.modules or []) apacheConfig); + makeExtraConfig = (builtins.filter (x: x != null) (lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) apacheConfig)); +in { - config.myServices.websites.aten.integration.enable = true; - config.myServices.websites.aten.production.enable = true; + options.myServices.websites.webappDirs = lib.mkOption { + type = lib.types.attrsOf lib.types.path; + description = '' + Webapp paths to create in /run/current-system/webapps + ''; + default = {}; + }; + + config = { + users.users.wwwrun.extraGroups = [ "keys" ]; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + nixpkgs.overlays = [ (self: super: rec { + #openssl = self.openssl_1_1; + php = php72; + php72 = (super.php72.override { + mysql.connector-c = self.mariadb; + config.php.mysqlnd = false; + config.php.mysqli = false; + }).overrideAttrs(old: rec { + # Didn't manage to build with mysqli + mysql_config connector + configureFlags = old.configureFlags ++ [ + "--with-mysqli=shared,mysqlnd" + ]; + # preConfigure = (old.preConfigure or "") + '' + # export CPPFLAGS="$CPPFLAGS -I${pkgs.mariadb}/include/mysql/server"; + # sed -i -e 's/#include "mysqli_priv.h"/#include "mysqli_priv.h"\n#include /' \ + # ext/mysqli/mysqli.c ext/mysqli/mysqli_prop.c + # ''; + }); + phpPackages = super.php72Packages.override { inherit php; }; + }) ]; + + secrets.keys = [{ + dest = "apache-ldap"; + user = "wwwrun"; + group = "wwwrun"; + permissions = "0400"; + text = '' + + + AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu STARTTLS + AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu + AuthLDAPBindPassword "${myconfig.env.httpd.ldap.password}" + AuthType Basic + AuthName "Authentification requise (Acces LDAP)" + AuthBasicProvider ldap + + + ''; + }]; + + system.activationScripts = { + httpd = '' + install -d -m 0755 ${config.security.acme.directory}/acme-challenge + install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions + ''; + }; + + services.phpfpm = { + phpPackage = pkgs.php; + phpOptions = '' + session.save_path = "/var/lib/php/sessions" + post_max_size = 20M + ; 15 days (seconds) + session.gc_maxlifetime = 1296000 + ; 30 days (minutes) + session.cache_expire = 43200 + ''; + extraConfig = '' + log_level = notice + ''; + }; + + services.websites.production = { + enable = true; + adminAddr = "httpd@immae.eu"; + httpdName = "Prod"; + ips = + let ips = myconfig.env.servers.eldiron.ips.production; + in [ips.ip4] ++ (ips.ip6 or []); + modules = makeModules; + extraConfig = makeExtraConfig; + fallbackVhost = { + certName = "eldiron"; + hosts = ["eldiron.immae.eu" ]; + root = www_root; + extraConfig = [ "DirectoryIndex index.htm" ]; + }; + }; + + services.websites.integration = { + enable = true; + adminAddr = "httpd@immae.eu"; + httpdName = "Inte"; + ips = + let ips = myconfig.env.servers.eldiron.ips.integration; + in [ips.ip4] ++ (ips.ip6 or []); + modules = makeModules; + extraConfig = makeExtraConfig; + fallbackVhost = { + certName = "eldiron"; + hosts = ["eldiron.immae.eu" ]; + root = www_root; + extraConfig = [ "DirectoryIndex index.htm" ]; + }; + }; + + services.websites.tools = { + enable = true; + adminAddr = "httpd@immae.eu"; + httpdName = "Tools"; + ips = + let ips = myconfig.env.servers.eldiron.ips.main; + in [ips.ip4] ++ (ips.ip6 or []); + modules = makeModules; + extraConfig = makeExtraConfig ++ + [ '' + RedirectMatch ^/licen[cs]es?_et_tip(ping)?$ https://www.immae.eu/licences_et_tip.html + RedirectMatch ^/licen[cs]es?_and_tip(ping)?$ https://www.immae.eu/licenses_and_tipping.html + RedirectMatch ^/licen[cs]es?$ https://www.immae.eu/licenses_and_tipping.html + RedirectMatch ^/tip(ping)?$ https://www.immae.eu/licenses_and_tipping.html + RedirectMatch ^/(mentions|mentions_legales|legal)$ https://www.immae.eu/mentions.html + RedirectMatch ^/CGU$ https://www.immae.eu/CGU + '' + ]; + nosslVhost = { + enable = true; + host = "nossl.immae.eu"; + }; + fallbackVhost = { + certName = "eldiron"; + hosts = ["eldiron.immae.eu" ]; + root = www_root; + extraConfig = [ "DirectoryIndex index.htm" ]; + }; + }; + + system.extraSystemBuilderCmds = lib.mkIf (builtins.length (builtins.attrValues config.myServices.websites.webappDirs) > 0) '' + mkdir -p $out/webapps + ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (name: path: "ln -s ${path} $out/webapps/${name}") config.myServices.websites.webappDirs)} + ''; + + myServices.websites = { + webappDirs = { + _www = pkgs.webapps.apache-default.www; + _theme = pkgs.webapps.apache-theme.theme; + }; + + aten.integration.enable = true; + aten.production.enable = true; + + capitaines.production.enable = true; - config.myServices.websites.capitaines.production.enable = true; + chloe.integration.enable = true; + chloe.production.enable = true; - config.myServices.websites.chloe.integration.enable = true; - config.myServices.websites.chloe.production.enable = true; + connexionswing.integration.enable = true; + connexionswing.production.enable = true; - config.myServices.websites.connexionswing.integration.enable = true; - config.myServices.websites.connexionswing.production.enable = true; + denisejerome.production.enable = true; - config.myServices.websites.denisejerome.production.enable = true; + emilia.production.enable = true; - config.myServices.websites.emilia.production.enable = true; + florian.app.enable = true; + florian.integration.enable = true; + florian.production.enable = true; - config.myServices.websites.florian.app.enable = true; - config.myServices.websites.florian.integration.enable = true; - config.myServices.websites.florian.production.enable = true; + immae.production.enable = true; + immae.release.enable = true; + immae.temp.enable = true; - config.myServices.websites.immae.production.enable = true; - config.myServices.websites.immae.release.enable = true; - config.myServices.websites.immae.temp.enable = true; + leila.production.enable = true; - config.myServices.websites.leila.production.enable = true; + ludivinecassal.integration.enable = true; + ludivinecassal.production.enable = true; - config.myServices.websites.ludivinecassal.integration.enable = true; - config.myServices.websites.ludivinecassal.production.enable = true; + nassime.production.enable = true; - config.myServices.websites.nassime.production.enable = true; + naturaloutil.production.enable = true; - config.myServices.websites.naturaloutil.production.enable = true; + papa.surveillance.enable = true; - config.myServices.websites.papa.surveillance.enable = true; + piedsjaloux.integration.enable = true; + piedsjaloux.production.enable = true; - config.myServices.websites.piedsjaloux.integration.enable = true; - config.myServices.websites.piedsjaloux.production.enable = true; + tools.cloud.enable = true; + tools.dav.enable = true; + tools.db.enable = true; + tools.diaspora.enable = true; + tools.etherpad-lite.enable = true; + tools.git.enable = true; + tools.mastodon.enable = true; + tools.mediagoblin.enable = true; + tools.peertube.enable = true; + tools.tools.enable = true; + }; + }; } diff --git a/modules/private/websites/emilia/production.nix b/modules/private/websites/emilia/production.nix index 2e705a1..13f008f 100644 --- a/modules/private/websites/emilia/production.nix +++ b/modules/private/websites/emilia/production.nix @@ -46,10 +46,7 @@ in { system.activationScripts.emilia = '' install -m 0755 -o wwwrun -g wwwrun -d ${varDir} ''; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${siteDir} $out/webapps/${webappName} - ''; + myServices.websites.webappDirs."${webappName}" = siteDir; services.websites.production.vhostConfs.emilia = { certName = "emilia"; certMainHost = "saison-photo.org"; diff --git a/modules/private/websites/florian/app.nix b/modules/private/websites/florian/app.nix index 905c66a..3a6d152 100644 --- a/modules/private/websites/florian/app.nix +++ b/modules/private/websites/florian/app.nix @@ -20,10 +20,7 @@ in { systemd.services.phpfpm-tellesflorian_dev.preStart = lib.mkAfter tellesflorian.phpFpm.preStart; services.phpfpm.poolConfigs.tellesflorian_dev = tellesflorian.phpFpm.pool; system.activationScripts.tellesflorian_dev = tellesflorian.activationScript; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${tellesflorian.app.webRoot} $out/webapps/${tellesflorian.apache.webappName} - ''; + myServices.websites.webappDirs."${tellesflorian.apache.webappName}" = tellesflorian.app.webRoot; services.websites.integration.modules = adminer.apache.modules ++ tellesflorian.apache.modules; services.websites.integration.vhostConfs.tellesflorian = { certName = "eldiron"; diff --git a/modules/private/websites/ludivinecassal/integration.nix b/modules/private/websites/ludivinecassal/integration.nix index a53f1fe..ed0dc9f 100644 --- a/modules/private/websites/ludivinecassal/integration.nix +++ b/modules/private/websites/ludivinecassal/integration.nix @@ -19,10 +19,7 @@ in { systemd.services.phpfpm-ludivinecassal_dev.preStart = lib.mkAfter ludivinecassal.phpFpm.preStart; services.phpfpm.poolConfigs.ludivinecassal_dev = ludivinecassal.phpFpm.pool; system.activationScripts.ludivinecassal_dev = ludivinecassal.activationScript; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${ludivinecassal.app.webRoot} $out/webapps/${ludivinecassal.apache.webappName} - ''; + myServices.websites.webappDirs."${ludivinecassal.apache.webappName}" = ludivinecassal.app.webRoot; services.websites.integration.modules = ludivinecassal.apache.modules; services.websites.integration.vhostConfs.ludivine = { certName = "eldiron"; diff --git a/modules/private/websites/ludivinecassal/production.nix b/modules/private/websites/ludivinecassal/production.nix index 8fe6812..3df5613 100644 --- a/modules/private/websites/ludivinecassal/production.nix +++ b/modules/private/websites/ludivinecassal/production.nix @@ -20,10 +20,7 @@ in { systemd.services.phpfpm-ludivinecassal_prod.preStart = lib.mkAfter ludivinecassal.phpFpm.preStart; services.phpfpm.poolConfigs.ludivinecassal_prod = ludivinecassal.phpFpm.pool; system.activationScripts.ludivinecassal_prod = ludivinecassal.activationScript; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${ludivinecassal.app.webRoot} $out/webapps/${ludivinecassal.apache.webappName} - ''; + myServices.websites.webappDirs."${ludivinecassal.apache.webappName}" = ludivinecassal.app.webRoot; services.websites.production.modules = ludivinecassal.apache.modules; services.websites.production.vhostConfs.ludivine = { certName = "ludivinecassal"; diff --git a/modules/private/websites/naturaloutil/production.nix b/modules/private/websites/naturaloutil/production.nix index 2315b30..f59957d 100644 --- a/modules/private/websites/naturaloutil/production.nix +++ b/modules/private/websites/naturaloutil/production.nix @@ -33,6 +33,12 @@ in { ?> ''; }]; + system.activationScripts.naturaloutil = { + deps = [ "httpd" ]; + text = '' + install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/naturaloutil + ''; + }; systemd.services.phpfpm-jerome.after = lib.mkAfter [ "mysql.service" ]; systemd.services.phpfpm-jerome.wants = [ "mysql.service" ]; services.phpfpm.pools.jerome = { @@ -48,7 +54,8 @@ in { pm.process_idle_timeout = 60 env[BDD_CONNECT] = "/var/secrets/webapps/prod-naturaloutil" - php_admin_value[open_basedir] = "/var/secrets/webapps/prod-naturaloutil:${varDir}:/tmp" + php_admin_value[open_basedir] = "/var/lib/php/sessions/naturaloutil:/var/secrets/webapps/prod-naturaloutil:${varDir}:/tmp" + php_admin_value[session.save_path] = "/var/lib/php/sessions/naturaloutil" ''; phpOptions = config.services.phpfpm.phpOptions + '' extension=${pkgs.php}/lib/php/extensions/mysqli.so diff --git a/modules/private/websites/piedsjaloux/integration.nix b/modules/private/websites/piedsjaloux/integration.nix index 83b428a..5f574e1 100644 --- a/modules/private/websites/piedsjaloux/integration.nix +++ b/modules/private/websites/piedsjaloux/integration.nix @@ -18,10 +18,7 @@ in { systemd.services.phpfpm-piedsjaloux_dev.preStart = lib.mkAfter piedsjaloux.phpFpm.preStart; services.phpfpm.poolConfigs.piedsjaloux_dev = piedsjaloux.phpFpm.pool; system.activationScripts.piedsjaloux_dev = piedsjaloux.activationScript; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${piedsjaloux.app.webRoot} $out/webapps/${piedsjaloux.apache.webappName} - ''; + myServices.websites.webappDirs."${piedsjaloux.apache.webappName}" = piedsjaloux.app.webRoot; services.websites.integration.modules = piedsjaloux.apache.modules; services.websites.integration.vhostConfs.piedsjaloux = { certName = "eldiron"; diff --git a/modules/private/websites/piedsjaloux/production.nix b/modules/private/websites/piedsjaloux/production.nix index 0efd56b..e3bd2dd 100644 --- a/modules/private/websites/piedsjaloux/production.nix +++ b/modules/private/websites/piedsjaloux/production.nix @@ -20,10 +20,7 @@ in { systemd.services.phpfpm-piedsjaloux_prod.preStart = lib.mkAfter piedsjaloux.phpFpm.preStart; services.phpfpm.poolConfigs.piedsjaloux_prod = piedsjaloux.phpFpm.pool; system.activationScripts.piedsjaloux_prod = piedsjaloux.activationScript; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${piedsjaloux.app.webRoot} $out/webapps/${piedsjaloux.apache.webappName} - ''; + myServices.websites.webappDirs."${piedsjaloux.apache.webappName}" = piedsjaloux.app.webRoot; services.websites.production.modules = piedsjaloux.apache.modules; services.websites.production.vhostConfs.piedsjaloux = { certName = "piedsjaloux"; diff --git a/nixops/modules/websites/tools/cloud.nix b/modules/private/websites/tools/cloud/default.nix similarity index 98% rename from nixops/modules/websites/tools/cloud.nix rename to modules/private/websites/tools/cloud/default.nix index 5d2ca40..ceb8f77 100644 --- a/nixops/modules/websites/tools/cloud.nix +++ b/modules/private/websites/tools/cloud/default.nix @@ -5,7 +5,7 @@ let varDir = "/var/lib/nextcloud"; webappName = "tools_nextcloud"; apacheRoot = "/run/current-system/webapps/${webappName}"; - cfg = config.services.myWebsites.tools.cloud; + cfg = config.myServices.websites.tools.cloud; phpFpm = rec { basedir = builtins.concatStringsSep ":" ( [ nextcloud varDir ] @@ -43,7 +43,7 @@ let ''; }; in { - options.services.myWebsites.tools.cloud = { + options.myServices.websites.tools.cloud = { enable = lib.mkEnableOption "enable cloud website"; }; diff --git a/nixops/modules/websites/tools/dav/davical.nix b/modules/private/websites/tools/dav/davical.nix similarity index 96% rename from nixops/modules/websites/tools/dav/davical.nix rename to modules/private/websites/tools/dav/davical.nix index 634359d..98cebee 100644 --- a/nixops/modules/websites/tools/dav/davical.nix +++ b/modules/private/websites/tools/dav/davical.nix @@ -1,5 +1,11 @@ { stdenv, fetchurl, gettext, writeText, env, awl, davical }: rec { + activationScript = { + deps = [ "httpd" ]; + text = '' + install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/davical + ''; + }; keys = [{ dest = "webapps/dav-davical"; user = apache.user; diff --git a/nixops/modules/websites/tools/dav/default.nix b/modules/private/websites/tools/dav/default.nix similarity index 78% rename from nixops/modules/websites/tools/dav/default.nix rename to modules/private/websites/tools/dav/default.nix index 78e0ba3..fb0baae 100644 --- a/nixops/modules/websites/tools/dav/default.nix +++ b/modules/private/websites/tools/dav/default.nix @@ -20,13 +20,14 @@ let inherit (pkgs.webapps) davical awl; }; - cfg = config.services.myWebsites.tools.dav; + cfg = config.myServices.websites.tools.dav; in { - options.services.myWebsites.tools.dav = { + options.myServices.websites.tools.dav = { enable = lib.mkEnableOption "enable dav website"; }; config = lib.mkIf cfg.enable { + system.activationScripts.davical = davical.activationScript; secrets.keys = davical.keys; services.websites.tools.modules = davical.apache.modules; @@ -45,11 +46,8 @@ in { davical = davical.phpFpm.pool; }; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${davical.webRoot} $out/webapps/${davical.apache.webappName} - ln -s ${pkgs.webapps.infcloud} $out/webapps/${infcloud.webappName} - ''; + myServices.websites.webappDirs."${davical.apache.webappName}" = davical.webRoot; + myServices.websites.webappDirs."${infcloud.webappName}" = pkgs.webapps.infcloud; }; } diff --git a/nixops/modules/websites/tools/db.nix b/modules/private/websites/tools/db/default.nix similarity index 72% rename from nixops/modules/websites/tools/db.nix rename to modules/private/websites/tools/db/default.nix index 7c15c23..361e204 100644 --- a/nixops/modules/websites/tools/db.nix +++ b/modules/private/websites/tools/db/default.nix @@ -1,10 +1,10 @@ { lib, pkgs, config, ... }: let - adminer = pkgs.callPackage ../commons/adminer.nix {}; + adminer = pkgs.callPackage ../../commons/adminer.nix {}; - cfg = config.services.myWebsites.tools.databases; + cfg = config.myServices.websites.tools.db; in { - options.services.myWebsites.tools.databases = { + options.myServices.websites.tools.db = { enable = lib.mkEnableOption "enable database's website"; }; diff --git a/nixops/modules/websites/tools/diaspora.nix b/modules/private/websites/tools/diaspora/default.nix similarity index 98% rename from nixops/modules/websites/tools/diaspora.nix rename to modules/private/websites/tools/diaspora/default.nix index ee5507d..efa1fab 100644 --- a/nixops/modules/websites/tools/diaspora.nix +++ b/modules/private/websites/tools/diaspora/default.nix @@ -2,10 +2,10 @@ let env = myconfig.env.tools.diaspora; root = "/run/current-system/webapps/tools_diaspora"; - cfg = config.services.myWebsites.tools.diaspora; + cfg = config.myServices.websites.tools.diaspora; dcfg = config.services.diaspora; in { - options.services.myWebsites.tools.diaspora = { + options.myServices.websites.tools.diaspora = { enable = lib.mkEnableOption "enable diaspora's website"; }; diff --git a/nixops/modules/websites/tools/ether.nix b/modules/private/websites/tools/ether/default.nix similarity index 98% rename from nixops/modules/websites/tools/ether.nix rename to modules/private/websites/tools/ether/default.nix index 8c9bbb1..ebcbf61 100644 --- a/nixops/modules/websites/tools/ether.nix +++ b/modules/private/websites/tools/ether/default.nix @@ -1,13 +1,13 @@ { lib, pkgs, config, myconfig, ... }: let env = myconfig.env.tools.etherpad-lite; - cfg = config.services.myWebsites.tools.etherpad-lite; + cfg = config.myServices.websites.tools.etherpad-lite; # Make sure we’re not rebuilding whole libreoffice just because of a # dependency libreoffice = (import { overlays = []; }).libreoffice-fresh; ecfg = config.services.etherpad-lite; in { - options.services.myWebsites.tools.etherpad-lite = { + options.myServices.websites.tools.etherpad-lite = { enable = lib.mkEnableOption "enable etherpad's website"; }; diff --git a/nixops/modules/websites/tools/git/default.nix b/modules/private/websites/tools/git/default.nix similarity index 76% rename from nixops/modules/websites/tools/git/default.nix rename to modules/private/websites/tools/git/default.nix index 495c5ea..3e8b605 100644 --- a/nixops/modules/websites/tools/git/default.nix +++ b/modules/private/websites/tools/git/default.nix @@ -6,9 +6,9 @@ let }; gitweb = pkgs.callPackage ./gitweb.nix { gitoliteDir = config.services.myGitolite.gitoliteDir; }; - cfg = config.services.myWebsites.tools.git; + cfg = config.myServices.websites.tools.git; in { - options.services.myWebsites.tools.git = { + options.myServices.websites.tools.git = { enable = lib.mkEnableOption "enable git's website"; }; @@ -17,12 +17,10 @@ in { services.websites.tools.modules = gitweb.apache.modules ++ mantisbt.apache.modules; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${gitweb.webRoot} $out/webapps/${gitweb.apache.webappName} - ln -s ${mantisbt.webRoot} $out/webapps/${mantisbt.apache.webappName} - ''; + myServices.websites.webappDirs."${gitweb.apache.webappName}" = gitweb.webRoot; + myServices.websites.webappDirs."${mantisbt.apache.webappName}" = mantisbt.webRoot; + system.activationScripts.mantisbt = mantisbt.activationScript; services.websites.tools.vhostConfs.git = { certName = "eldiron"; addToCerts = true; diff --git a/nixops/modules/websites/tools/git/gitweb.nix b/modules/private/websites/tools/git/gitweb.nix similarity index 100% rename from nixops/modules/websites/tools/git/gitweb.nix rename to modules/private/websites/tools/git/gitweb.nix diff --git a/nixops/modules/websites/tools/git/mantisbt.nix b/modules/private/websites/tools/git/mantisbt.nix similarity index 94% rename from nixops/modules/websites/tools/git/mantisbt.nix rename to modules/private/websites/tools/git/mantisbt.nix index 0c459a7..a1b830e 100644 --- a/nixops/modules/websites/tools/git/mantisbt.nix +++ b/modules/private/websites/tools/git/mantisbt.nix @@ -1,5 +1,11 @@ { env, mantisbt_2, mantisbt_2-plugins }: rec { + activationScript = { + deps = [ "httpd" ]; + text = '' + install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/mantisbt + ''; + }; keys = [{ dest = "webapps/tools-mantisbt"; user = apache.user; diff --git a/nixops/modules/websites/tools/mastodon.nix b/modules/private/websites/tools/mastodon/default.nix similarity index 97% rename from nixops/modules/websites/tools/mastodon.nix rename to modules/private/websites/tools/mastodon/default.nix index ffd59dd..d742a33 100644 --- a/nixops/modules/websites/tools/mastodon.nix +++ b/modules/private/websites/tools/mastodon/default.nix @@ -2,10 +2,10 @@ let env = myconfig.env.tools.mastodon; root = "/run/current-system/webapps/tools_mastodon"; - cfg = config.services.myWebsites.tools.mastodon; + cfg = config.myServices.websites.tools.mastodon; mcfg = config.services.mastodon; in { - options.services.myWebsites.tools.mastodon = { + options.myServices.websites.tools.mastodon = { enable = lib.mkEnableOption "enable mastodon's website"; }; diff --git a/nixops/modules/websites/tools/mediagoblin.nix b/modules/private/websites/tools/mgoblin/default.nix similarity index 97% rename from nixops/modules/websites/tools/mediagoblin.nix rename to modules/private/websites/tools/mgoblin/default.nix index eb56b35..5da81f6 100644 --- a/nixops/modules/websites/tools/mediagoblin.nix +++ b/modules/private/websites/tools/mgoblin/default.nix @@ -1,10 +1,10 @@ { lib, pkgs, config, myconfig, ... }: let env = myconfig.env.tools.mediagoblin; - cfg = config.services.myWebsites.tools.mediagoblin; + cfg = config.myServices.websites.tools.mediagoblin; mcfg = config.services.mediagoblin; in { - options.services.myWebsites.tools.mediagoblin = { + options.myServices.websites.tools.mediagoblin = { enable = lib.mkEnableOption "enable mediagoblin's website"; }; diff --git a/nixops/modules/websites/tools/peertube.nix b/modules/private/websites/tools/peertube/default.nix similarity index 98% rename from nixops/modules/websites/tools/peertube.nix rename to modules/private/websites/tools/peertube/default.nix index 12ab3c4..dee1b81 100644 --- a/nixops/modules/websites/tools/peertube.nix +++ b/modules/private/websites/tools/peertube/default.nix @@ -1,10 +1,10 @@ { lib, pkgs, config, myconfig, ... }: let env = myconfig.env.tools.peertube; - cfg = config.services.myWebsites.tools.peertube; + cfg = config.myServices.websites.tools.peertube; pcfg = config.services.peertube; in { - options.services.myWebsites.tools.peertube = { + options.myServices.websites.tools.peertube = { enable = lib.mkEnableOption "enable Peertube's website"; }; diff --git a/nixops/modules/websites/commons/adminer.nix b/modules/private/websites/tools/tools/adminer.nix similarity index 80% rename from nixops/modules/websites/commons/adminer.nix rename to modules/private/websites/tools/tools/adminer.nix index e911347..cd51e7f 100644 --- a/nixops/modules/websites/commons/adminer.nix +++ b/modules/private/websites/tools/tools/adminer.nix @@ -1,6 +1,13 @@ -{ stdenv, fetchurl, webapps }: +{ adminer }: rec { - webRoot = webapps.adminer; + activationScript = { + deps = [ "httpd" ]; + text = '' + install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/adminer + install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/tmp/adminer + ''; + }; + webRoot = adminer; phpFpm = rec { socket = "/var/run/phpfpm/adminer.sock"; pool = '' diff --git a/nixops/modules/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix similarity index 77% rename from nixops/modules/websites/tools/tools/default.nix rename to modules/private/websites/tools/tools/default.nix index 642755f..94a2be1 100644 --- a/nixops/modules/websites/tools/tools/default.nix +++ b/modules/private/websites/tools/tools/default.nix @@ -1,47 +1,49 @@ { lib, pkgs, config, myconfig, ... }: let - adminer = pkgs.callPackage ../../commons/adminer.nix {}; - ympd = pkgs.callPackage ./ympd.nix { - env = myconfig.env.tools.ympd; - }; - ttrss = pkgs.callPackage ./ttrss.nix { - inherit (pkgs.webapps) ttrss ttrss-plugins; - env = myconfig.env.tools.ttrss; - }; - roundcubemail = pkgs.callPackage ./roundcubemail.nix { - inherit (pkgs.webapps) roundcubemail roundcubemail-plugins roundcubemail-skins; - env = myconfig.env.tools.roundcubemail; - }; - rainloop = pkgs.callPackage ./rainloop.nix {}; - kanboard = pkgs.callPackage ./kanboard.nix { - env = myconfig.env.tools.kanboard; - }; - wallabag = pkgs.callPackage ./wallabag.nix { - inherit (pkgs.webapps) wallabag; - env = myconfig.env.tools.wallabag; - }; - yourls = pkgs.callPackage ./yourls.nix { - inherit (pkgs.webapps) yourls yourls-plugins; - env = myconfig.env.tools.yourls; - }; - rompr = pkgs.callPackage ./rompr.nix { - inherit (pkgs.webapps) rompr; - env = myconfig.env.tools.rompr; - }; - shaarli = pkgs.callPackage ./shaarli.nix { - env = myconfig.env.tools.shaarli; - }; - dokuwiki = pkgs.callPackage ./dokuwiki.nix { - inherit (pkgs.webapps) dokuwiki dokuwiki-plugins; - }; - ldap = pkgs.callPackage ./ldap.nix { - inherit (pkgs.webapps) phpldapadmin; - env = myconfig.env.tools.phpldapadmin; - }; + adminer = pkgs.callPackage ./adminer.nix { + inherit (pkgs.webapps) adminer; + }; + ympd = pkgs.callPackage ./ympd.nix { + env = myconfig.env.tools.ympd; + }; + ttrss = pkgs.callPackage ./ttrss.nix { + inherit (pkgs.webapps) ttrss ttrss-plugins; + env = myconfig.env.tools.ttrss; + }; + roundcubemail = pkgs.callPackage ./roundcubemail.nix { + inherit (pkgs.webapps) roundcubemail roundcubemail-plugins roundcubemail-skins; + env = myconfig.env.tools.roundcubemail; + }; + rainloop = pkgs.callPackage ./rainloop.nix {}; + kanboard = pkgs.callPackage ./kanboard.nix { + env = myconfig.env.tools.kanboard; + }; + wallabag = pkgs.callPackage ./wallabag.nix { + inherit (pkgs.webapps) wallabag; + env = myconfig.env.tools.wallabag; + }; + yourls = pkgs.callPackage ./yourls.nix { + inherit (pkgs.webapps) yourls yourls-plugins; + env = myconfig.env.tools.yourls; + }; + rompr = pkgs.callPackage ./rompr.nix { + inherit (pkgs.webapps) rompr; + env = myconfig.env.tools.rompr; + }; + shaarli = pkgs.callPackage ./shaarli.nix { + env = myconfig.env.tools.shaarli; + }; + dokuwiki = pkgs.callPackage ./dokuwiki.nix { + inherit (pkgs.webapps) dokuwiki dokuwiki-plugins; + }; + ldap = pkgs.callPackage ./ldap.nix { + inherit (pkgs.webapps) phpldapadmin; + env = myconfig.env.tools.phpldapadmin; + }; - cfg = config.services.myWebsites.tools.tools; + cfg = config.myServices.websites.tools.tools; in { - options.services.myWebsites.tools.tools = { + options.myServices.websites.tools.tools = { enable = lib.mkEnableOption "enable tools website"; }; @@ -268,6 +270,7 @@ in { }; system.activationScripts = { + adminer = adminer.activationScript; ttrss = ttrss.activationScript; roundcubemail = roundcubemail.activationScript; wallabag = wallabag.activationScript; @@ -277,21 +280,22 @@ in { dokuwiki = dokuwiki.activationScript; rainloop = rainloop.activationScript; kanboard = kanboard.activationScript; + ldap = ldap.activationScript; }; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${dokuwiki.webRoot} $out/webapps/${dokuwiki.apache.webappName} - ln -s ${ldap.webRoot}/htdocs $out/webapps/${ldap.apache.webappName} - ln -s ${rompr.webRoot} $out/webapps/${rompr.apache.webappName} - ln -s ${roundcubemail.webRoot} $out/webapps/${roundcubemail.apache.webappName} - ln -s ${shaarli.webRoot} $out/webapps/${shaarli.apache.webappName} - ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName} - ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName} - ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName} - ln -s ${rainloop.webRoot} $out/webapps/${rainloop.apache.webappName} - ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName} - ''; + myServices.websites.webappDirs = { + _adminer = adminer.webRoot; + "${dokuwiki.apache.webappName}" = dokuwiki.webRoot; + "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs"; + "${rompr.apache.webappName}" = rompr.webRoot; + "${roundcubemail.apache.webappName}" = roundcubemail.webRoot; + "${shaarli.apache.webappName}" = shaarli.webRoot; + "${ttrss.apache.webappName}" = ttrss.webRoot; + "${wallabag.apache.webappName}" = wallabag.webRoot; + "${yourls.apache.webappName}" = yourls.webRoot; + "${rainloop.apache.webappName}" = rainloop.webRoot; + "${kanboard.apache.webappName}" = kanboard.webRoot; + }; }; } diff --git a/nixops/modules/websites/tools/tools/dokuwiki.nix b/modules/private/websites/tools/tools/dokuwiki.nix similarity index 100% rename from nixops/modules/websites/tools/tools/dokuwiki.nix rename to modules/private/websites/tools/tools/dokuwiki.nix diff --git a/nixops/modules/websites/tools/tools/kanboard.nix b/modules/private/websites/tools/tools/kanboard.nix similarity index 100% rename from nixops/modules/websites/tools/tools/kanboard.nix rename to modules/private/websites/tools/tools/kanboard.nix diff --git a/nixops/modules/websites/tools/tools/ldap.nix b/modules/private/websites/tools/tools/ldap.nix similarity index 93% rename from nixops/modules/websites/tools/tools/ldap.nix rename to modules/private/websites/tools/tools/ldap.nix index 8ee39f6..4585ee3 100644 --- a/nixops/modules/websites/tools/tools/ldap.nix +++ b/modules/private/websites/tools/tools/ldap.nix @@ -1,5 +1,11 @@ { lib, php, env, writeText, phpldapadmin }: rec { + activationScript = { + deps = [ "httpd" ]; + text = '' + install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/phpldapadmin + ''; + }; keys = [{ dest = "webapps/tools-ldap"; user = apache.user; diff --git a/nixops/modules/websites/tools/tools/rainloop.nix b/modules/private/websites/tools/tools/rainloop.nix similarity index 100% rename from nixops/modules/websites/tools/tools/rainloop.nix rename to modules/private/websites/tools/tools/rainloop.nix diff --git a/nixops/modules/websites/tools/tools/rompr.nix b/modules/private/websites/tools/tools/rompr.nix similarity index 100% rename from nixops/modules/websites/tools/tools/rompr.nix rename to modules/private/websites/tools/tools/rompr.nix diff --git a/nixops/modules/websites/tools/tools/roundcubemail.nix b/modules/private/websites/tools/tools/roundcubemail.nix similarity index 100% rename from nixops/modules/websites/tools/tools/roundcubemail.nix rename to modules/private/websites/tools/tools/roundcubemail.nix diff --git a/nixops/modules/websites/tools/tools/shaarli.nix b/modules/private/websites/tools/tools/shaarli.nix similarity index 100% rename from nixops/modules/websites/tools/tools/shaarli.nix rename to modules/private/websites/tools/tools/shaarli.nix diff --git a/nixops/modules/websites/tools/tools/ttrss.nix b/modules/private/websites/tools/tools/ttrss.nix similarity index 100% rename from nixops/modules/websites/tools/tools/ttrss.nix rename to modules/private/websites/tools/tools/ttrss.nix diff --git a/nixops/modules/websites/tools/tools/wallabag.nix b/modules/private/websites/tools/tools/wallabag.nix similarity index 100% rename from nixops/modules/websites/tools/tools/wallabag.nix rename to modules/private/websites/tools/tools/wallabag.nix diff --git a/nixops/modules/websites/tools/tools/ympd.nix b/modules/private/websites/tools/tools/ympd.nix similarity index 100% rename from nixops/modules/websites/tools/tools/ympd.nix rename to modules/private/websites/tools/tools/ympd.nix diff --git a/nixops/modules/websites/tools/tools/yourls.nix b/modules/private/websites/tools/tools/yourls.nix similarity index 94% rename from nixops/modules/websites/tools/tools/yourls.nix rename to modules/private/websites/tools/tools/yourls.nix index df1b3a2..0a8e837 100644 --- a/nixops/modules/websites/tools/tools/yourls.nix +++ b/modules/private/websites/tools/tools/yourls.nix @@ -1,8 +1,11 @@ { env, yourls, yourls-plugins }: rec { - activationScript = '' - install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/yourls - ''; + activationScript = { + deps = [ "httpd" ]; + text = '' + install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/yourls + ''; + }; keys = [{ dest = "webapps/tools-yourls"; user = apache.user; diff --git a/nixops/eldiron.nix b/nixops/eldiron.nix index a0c5c7c..59ff85a 100644 --- a/nixops/eldiron.nix +++ b/nixops/eldiron.nix @@ -36,7 +36,6 @@ ./modules/certificates.nix ./modules/gitolite ./modules/mpd.nix - ./modules/websites ./modules/mail.nix ./modules/ftp.nix ./modules/pub diff --git a/nixops/modules/task/default.nix b/nixops/modules/task/default.nix index e620318..9aeaa3f 100644 --- a/nixops/modules/task/default.nix +++ b/nixops/modules/task/default.nix @@ -180,9 +180,7 @@ in { ''; }; - system.extraSystemBuilderCmds = '' - ln -s ${./www} $out/webapps/_task - ''; + myServices.websites.webappDirs._task = ./www; security.acme.certs."task" = config.services.myCertificates.certConfig // { inherit user group; diff --git a/nixops/modules/websites/default.nix b/nixops/modules/websites/default.nix deleted file mode 100644 index 1948fe9..0000000 --- a/nixops/modules/websites/default.nix +++ /dev/null @@ -1,236 +0,0 @@ -{ lib, pkgs, config, myconfig, ... }: -let - cfg = config.services.myWebsites; - www_root = "/run/current-system/webapps/_www"; - theme_root = "/run/current-system/webapps/_theme"; - apacheConfig = { - gzip = { - modules = [ "deflate" "filter" ]; - extraConfig = '' - AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript - ''; - }; - macros = { - modules = [ "macro" ]; - }; - stats = { - extraConfig = '' - - Alias /webstats ${config.services.webstats.dataDir}/%{domain} - - DirectoryIndex index.html - AllowOverride None - Require all granted - - - Use LDAPConnect - Require ldap-group cn=%{domain},ou=stats,cn=httpd,ou=services,dc=immae,dc=eu - - - ''; - }; - ldap = { - modules = [ "ldap" "authnz_ldap" ]; - extraConfig = '' - - LDAPSharedCacheSize 500000 - LDAPCacheEntries 1024 - LDAPCacheTTL 600 - LDAPOpCacheEntries 1024 - LDAPOpCacheTTL 600 - - - Include /var/secrets/apache-ldap - ''; - }; - global = { - extraConfig = (pkgs.webapps.apache-default.override { inherit www_root;}).apacheConfig; - }; - apaxy = { - extraConfig = (pkgs.webapps.apache-theme.override { inherit theme_root; }).apacheConfig; - }; - http2 = { - modules = [ "http2" ]; - extraConfig = '' - Protocols h2 http/1.1 - ''; - }; - customLog = { - extraConfig = '' - LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedVhost - ''; - }; - }; - makeModules = lib.lists.flatten (lib.attrsets.mapAttrsToList (n: v: v.modules or []) apacheConfig); - makeExtraConfig = (builtins.filter (x: x != null) (lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) apacheConfig)); -in -{ - imports = [ - ./tools/db.nix - ./tools/tools - ./tools/dav - ./tools/cloud.nix - ./tools/git - ./tools/mastodon.nix - ./tools/mediagoblin.nix - ./tools/diaspora.nix - ./tools/ether.nix - ./tools/peertube.nix - ]; - - config = { - users.users.wwwrun.extraGroups = [ "keys" ]; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - - nixpkgs.overlays = [ (self: super: rec { - #openssl = self.openssl_1_1; - php = php72; - php72 = (super.php72.override { - mysql.connector-c = self.mariadb; - config.php.mysqlnd = false; - config.php.mysqli = false; - }).overrideAttrs(old: rec { - # Didn't manage to build with mysqli + mysql_config connector - configureFlags = old.configureFlags ++ [ - "--with-mysqli=shared,mysqlnd" - ]; - # preConfigure = (old.preConfigure or "") + '' - # export CPPFLAGS="$CPPFLAGS -I${pkgs.mariadb}/include/mysql/server"; - # sed -i -e 's/#include "mysqli_priv.h"/#include "mysqli_priv.h"\n#include /' \ - # ext/mysqli/mysqli.c ext/mysqli/mysqli_prop.c - # ''; - }); - phpPackages = super.php72Packages.override { inherit php; }; - }) ]; - - services.myWebsites.tools.databases.enable = true; - services.myWebsites.tools.tools.enable = true; - services.myWebsites.tools.dav.enable = true; - services.myWebsites.tools.cloud.enable = true; - services.myWebsites.tools.git.enable = true; - services.myWebsites.tools.mastodon.enable = true; - services.myWebsites.tools.mediagoblin.enable = true; - services.myWebsites.tools.diaspora.enable = true; - services.myWebsites.tools.etherpad-lite.enable = true; - services.myWebsites.tools.peertube.enable = true; - - secrets.keys = [{ - dest = "apache-ldap"; - user = "wwwrun"; - group = "wwwrun"; - permissions = "0400"; - text = '' - - - AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu STARTTLS - AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu - AuthLDAPBindPassword "${myconfig.env.httpd.ldap.password}" - AuthType Basic - AuthName "Authentification requise (Acces LDAP)" - AuthBasicProvider ldap - - - ''; - }]; - - system.activationScripts = { - httpd = '' - install -d -m 0755 ${config.security.acme.directory}/acme-challenge - install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions - install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/adminer - install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/tmp/adminer - install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/mantisbt - install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/davical - install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/phpldapadmin - ''; - }; - - system.extraSystemBuilderCmds = let - adminer = pkgs.callPackage ./commons/adminer.nix {}; - in '' - mkdir -p $out/webapps - ln -s ${pkgs.webapps.apache-default.www} $out/webapps/_www - ln -s ${pkgs.webapps.apache-theme.theme} $out/webapps/_theme - ln -s ${adminer.webRoot} $out/webapps/${adminer.apache.webappName} - ''; - - services.phpfpm = { - phpPackage = pkgs.php; - phpOptions = '' - session.save_path = "/var/lib/php/sessions" - post_max_size = 20M - ; 15 days (seconds) - session.gc_maxlifetime = 1296000 - ; 30 days (minutes) - session.cache_expire = 43200 - ''; - extraConfig = '' - log_level = notice - ''; - }; - - services.websites.production = { - enable = true; - adminAddr = "httpd@immae.eu"; - httpdName = "Prod"; - ips = - let ips = myconfig.env.servers.eldiron.ips.production; - in [ips.ip4] ++ (ips.ip6 or []); - modules = makeModules; - extraConfig = makeExtraConfig; - fallbackVhost = { - certName = "eldiron"; - hosts = ["eldiron.immae.eu" ]; - root = www_root; - extraConfig = [ "DirectoryIndex index.htm" ]; - }; - }; - - services.websites.integration = { - enable = true; - adminAddr = "httpd@immae.eu"; - httpdName = "Inte"; - ips = - let ips = myconfig.env.servers.eldiron.ips.integration; - in [ips.ip4] ++ (ips.ip6 or []); - modules = makeModules; - extraConfig = makeExtraConfig; - fallbackVhost = { - certName = "eldiron"; - hosts = ["eldiron.immae.eu" ]; - root = www_root; - extraConfig = [ "DirectoryIndex index.htm" ]; - }; - }; - - services.websites.tools = { - enable = true; - adminAddr = "httpd@immae.eu"; - httpdName = "Tools"; - ips = - let ips = myconfig.env.servers.eldiron.ips.main; - in [ips.ip4] ++ (ips.ip6 or []); - modules = makeModules; - extraConfig = makeExtraConfig ++ - [ '' - RedirectMatch ^/licen[cs]es?_et_tip(ping)?$ https://www.immae.eu/licences_et_tip.html - RedirectMatch ^/licen[cs]es?_and_tip(ping)?$ https://www.immae.eu/licenses_and_tipping.html - RedirectMatch ^/licen[cs]es?$ https://www.immae.eu/licenses_and_tipping.html - RedirectMatch ^/tip(ping)?$ https://www.immae.eu/licenses_and_tipping.html - RedirectMatch ^/(mentions|mentions_legales|legal)$ https://www.immae.eu/mentions.html - RedirectMatch ^/CGU$ https://www.immae.eu/CGU - '' - ]; - nosslVhost = { - enable = true; - host = "nossl.immae.eu"; - }; - fallbackVhost = { - certName = "eldiron"; - hosts = ["eldiron.immae.eu" ]; - root = www_root; - extraConfig = [ "DirectoryIndex index.htm" ]; - }; - }; - }; -} -- 2.41.0