From 42429ef0756d9ee41cf0ff0b38210edb3b1637e5 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Isma=C3=ABl=20Bouya?= Date: Thu, 10 Jan 2019 01:59:32 +0100 Subject: [PATCH] Continue moving websites: apache configuration and modules --- virtual/eldiron.nix | 94 +--------------- virtual/modules/databases.nix | 4 + virtual/modules/websites.nix | 115 ++++++++++++++++++++ virtual/modules/websites/aten.nix | 2 + virtual/modules/websites/chloe.nix | 2 + virtual/modules/websites/connexionswing.nix | 2 + virtual/modules/websites/ludivine.nix | 2 + virtual/modules/websites/piedsjaloux.nix | 2 + 8 files changed, 135 insertions(+), 88 deletions(-) create mode 100644 virtual/modules/websites.nix diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix index 7189c39..efaa068 100644 --- a/virtual/eldiron.nix +++ b/virtual/eldiron.nix @@ -21,25 +21,13 @@ ./modules/gitolite.nix ./modules/gitweb.nix ./modules/databases.nix - ./modules/websites/chloe.nix - ./modules/websites/ludivine.nix - ./modules/websites/aten.nix - ./modules/websites/piedsjaloux.nix - ./modules/websites/connexionswing.nix + ./modules/websites.nix ]; services.myGitolite.enable = true; services.myGitweb.enable = true; services.myDatabases.enable = true; - services.myWebsites.Chloe.production.enable = true; - services.myWebsites.Chloe.integration.enable = true; - services.myWebsites.Ludivine.production.enable = true; - services.myWebsites.Ludivine.integration.enable = true; - services.myWebsites.Aten.production.enable = true; - services.myWebsites.Aten.integration.enable = true; - services.myWebsites.PiedsJaloux.production.enable = true; - services.myWebsites.PiedsJaloux.integration.enable = true; - services.myWebsites.Connexionswing.production.enable = true; - services.myWebsites.Connexionswing.integration.enable = true; + services.myWebsites.production.enable = true; + services.myWebsites.integration.enable = true; nixpkgs.config.packageOverrides = oldpkgs: rec { goaccess = oldpkgs.goaccess.overrideAttrs(old: rec { @@ -153,10 +141,6 @@ install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/ttrss install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/davical ''; - redis = '' - mkdir -p /run/redis - chown redis /run/redis - ''; # FIXME: initial sync goaccess = '' mkdir -p /var/lib/goaccess @@ -205,62 +189,7 @@ logFormat = "combinedVhost"; listen = [ { ip = "*"; port = 443; } ]; }; - apacheConfig = { - gzip = { - modules = [ "deflate" "filter" ]; - extraConfig = '' - AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript - ''; - }; - ldap = { - modules = [ "ldap" "authnz_ldap" ]; - extraConfig = assert checkEnv "NIXOPS_HTTP_LDAP_PASSWORD"; '' - - LDAPSharedCacheSize 500000 - LDAPCacheEntries 1024 - LDAPCacheTTL 600 - LDAPOpCacheEntries 1024 - LDAPOpCacheTTL 600 - - - - - AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu - AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu - AuthLDAPBindPassword "${builtins.getEnv "NIXOPS_HTTP_LDAP_PASSWORD"}" - AuthType Basic - AuthName "Authentification requise (Acces LDAP)" - AuthBasicProvider ldap - - - - - Alias /awstats /var/lib/goaccess/%{domain} - - DirectoryIndex index.html - AllowOverride None - Require all granted - - - Use LDAPConnect - Require ldap-group cn=%{domain},ou=stats,cn=httpd,ou=services,dc=immae,dc=eu - - - ''; - }; - http2 = { - modules = [ "http2" ]; - extraConfig = '' - Protocols h2 http/1.1 - ''; - }; - customLog = { - modules = []; - extraConfig = '' - LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedVhost - ''; - }; - }; + apacheConfig = config.services.myWebsites.apacheConfig; in rec { enable = true; logPerVirtualHost = true; @@ -270,25 +199,14 @@ extraModules = pkgs.lib.lists.unique ( mypkgs.adminer.apache.modules ++ mypkgs.nextcloud.apache.modules ++ - mypkgs.connexionswing_dev.apache.modules ++ - mypkgs.connexionswing_prod.apache.modules ++ - mypkgs.ludivinecassal_dev.apache.modules ++ - mypkgs.ludivinecassal_prod.apache.modules ++ - mypkgs.piedsjaloux_dev.apache.modules ++ - mypkgs.piedsjaloux_prod.apache.modules ++ - mypkgs.chloe_dev.apache.modules ++ - mypkgs.chloe_prod.apache.modules ++ - mypkgs.aten_dev.apache.modules ++ - mypkgs.aten_prod.apache.modules ++ mypkgs.ympd.apache.modules ++ mypkgs.git.web.apache.modules ++ mypkgs.mantisbt.apache.modules ++ mypkgs.ttrss.apache.modules ++ mypkgs.roundcubemail.apache.modules ++ - pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules) apacheConfig) ++ - [ "macro" ]); + pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) apacheConfig)); extraConfig = builtins.concatStringsSep "\n" - (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig) apacheConfig); + (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) apacheConfig)); virtualHosts = [ (withConf "eldiron" // { hostName = "eldiron.immae.eu"; diff --git a/virtual/modules/databases.nix b/virtual/modules/databases.nix index 25bd645..9f8e70d 100644 --- a/virtual/modules/databases.nix +++ b/virtual/modules/databases.nix @@ -129,5 +129,9 @@ in { maxclients 1024 ''; }; + system.activationScripts.redis = '' + mkdir -p /run/redis + chown redis /run/redis + ''; }; } diff --git a/virtual/modules/websites.nix b/virtual/modules/websites.nix new file mode 100644 index 0000000..62f45d9 --- /dev/null +++ b/virtual/modules/websites.nix @@ -0,0 +1,115 @@ +{ lib, pkgs, config, mylibs, ... }: +let + cfg = config.services.myWebsites; +in +{ + imports = [ + ./websites/chloe.nix + ./websites/ludivine.nix + ./websites/aten.nix + ./websites/piedsjaloux.nix + ./websites/connexionswing.nix + ]; + + options.services.myWebsites = { + production = { + enable = lib.mkEnableOption "enable websites in production"; + }; + + integration = { + enable = lib.mkEnableOption "enable websites in integration"; + }; + + apacheConfig = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule { + options = { + modules = lib.mkOption { + type = lib.types.listOf (lib.types.str); + default = []; + }; + extraConfig = lib.mkOption { + type = lib.types.nullOr lib.types.lines; + default = null; + }; + }; + }); + default = {}; + description = "Extra global config"; + }; + + }; + + config = { + services.myWebsites.Chloe.production.enable = cfg.production.enable; + services.myWebsites.Ludivine.production.enable = cfg.production.enable; + services.myWebsites.Aten.production.enable = cfg.production.enable; + services.myWebsites.PiedsJaloux.production.enable = cfg.production.enable; + services.myWebsites.Connexionswing.production.enable = cfg.production.enable; + + services.myWebsites.Chloe.integration.enable = cfg.integration.enable; + services.myWebsites.Ludivine.integration.enable = cfg.integration.enable; + services.myWebsites.Aten.integration.enable = cfg.integration.enable; + services.myWebsites.PiedsJaloux.integration.enable = cfg.integration.enable; + services.myWebsites.Connexionswing.integration.enable = cfg.integration.enable; + + services.myWebsites.apacheConfig = { + gzip = { + modules = [ "deflate" "filter" ]; + extraConfig = '' + AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript + ''; + }; + macros = { + modules = [ "macro" ]; + }; + ldap = { + modules = [ "ldap" "authnz_ldap" ]; + # FIXME: starttls + extraConfig = assert mylibs.checkEnv "NIXOPS_HTTP_LDAP_PASSWORD"; '' + + LDAPSharedCacheSize 500000 + LDAPCacheEntries 1024 + LDAPCacheTTL 600 + LDAPOpCacheEntries 1024 + LDAPOpCacheTTL 600 + + + + + AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu STARTTLS + AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu + AuthLDAPBindPassword "${builtins.getEnv "NIXOPS_HTTP_LDAP_PASSWORD"}" + AuthType Basic + AuthName "Authentification requise (Acces LDAP)" + AuthBasicProvider ldap + + + + + Alias /awstats /var/lib/goaccess/%{domain} + + DirectoryIndex index.html + AllowOverride None + Require all granted + + + Use LDAPConnect + Require ldap-group cn=%{domain},ou=stats,cn=httpd,ou=services,dc=immae,dc=eu + + + ''; + }; + http2 = { + modules = [ "http2" ]; + extraConfig = '' + Protocols h2 http/1.1 + ''; + }; + customLog = { + extraConfig = '' + LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedVhost + ''; + }; + }; + }; +} diff --git a/virtual/modules/websites/aten.nix b/virtual/modules/websites/aten.nix index 88a9857..1a65389 100644 --- a/virtual/modules/websites/aten.nix +++ b/virtual/modules/websites/aten.nix @@ -26,11 +26,13 @@ in { services.phpfpm.poolConfigs.aten_prod = aten_prod.phpFpm.pool; system.activationScripts.aten_prod = aten_prod.activationScript; + services.myWebsites.apacheConfig.aten_prod.modules = aten_prod.apache.modules; }) (lib.mkIf cfg.integration.enable { security.acme.certs."eldiron".extraDomains."dev.aten.pro" = null; services.phpfpm.poolConfigs.aten_dev = aten_dev.phpFpm.pool; system.activationScripts.aten_dev = aten_dev.activationScript; + services.myWebsites.apacheConfig.aten_dev.modules = aten_dev.apache.modules; }) ]; } diff --git a/virtual/modules/websites/chloe.nix b/virtual/modules/websites/chloe.nix index 9b5c5ca..d54c42d 100644 --- a/virtual/modules/websites/chloe.nix +++ b/virtual/modules/websites/chloe.nix @@ -26,11 +26,13 @@ in { services.phpfpm.poolConfigs.chloe_prod = chloe_prod.phpFpm.pool; system.activationScripts.chloe_prod = chloe_prod.activationScript; + services.myWebsites.apacheConfig.chloe_prod.modules = chloe_prod.apache.modules; }) (lib.mkIf cfg.integration.enable { security.acme.certs."eldiron".extraDomains."chloe.immae.eu" = null; services.phpfpm.poolConfigs.chloe_dev = chloe_dev.phpFpm.pool; system.activationScripts.chloe_dev = chloe_dev.activationScript; + services.myWebsites.apacheConfig.chloe_dev.modules = chloe_dev.apache.modules; }) ]; } diff --git a/virtual/modules/websites/connexionswing.nix b/virtual/modules/websites/connexionswing.nix index e4b9c0e..8bf63a8 100644 --- a/virtual/modules/websites/connexionswing.nix +++ b/virtual/modules/websites/connexionswing.nix @@ -28,12 +28,14 @@ in { services.phpfpm.poolConfigs.connexionswing_prod = connexionswing_prod.phpFpm.pool; system.activationScripts.connexionswing_prod = connexionswing_prod.activationScript; + services.myWebsites.apacheConfig.connexionswing_prod.modules = connexionswing_prod.apache.modules; }) (lib.mkIf cfg.integration.enable { security.acme.certs."eldiron".extraDomains."sandetludo.immae.eu" = null; security.acme.certs."eldiron".extraDomains."connexionswing.immae.eu" = null; services.phpfpm.poolConfigs.connexionswing_dev = connexionswing_dev.phpFpm.pool; system.activationScripts.connexionswing_dev = connexionswing_dev.activationScript; + services.myWebsites.apacheConfig.connexionswing_dev.modules = connexionswing_dev.apache.modules; }) ]; } diff --git a/virtual/modules/websites/ludivine.nix b/virtual/modules/websites/ludivine.nix index 9d6b693..f06e41a 100644 --- a/virtual/modules/websites/ludivine.nix +++ b/virtual/modules/websites/ludivine.nix @@ -26,12 +26,14 @@ in { services.phpfpm.poolConfigs.ludivinecassal_prod = ludivinecassal_prod.phpFpm.pool; system.activationScripts.ludivinecassal_prod = ludivinecassal_prod.activationScript; + services.myWebsites.apacheConfig.ludivinecassal_prod.modules = ludivinecassal_prod.apache.modules; }) (lib.mkIf cfg.integration.enable { security.acme.certs."eldiron".extraDomains."ludivine.immae.eu" = null; services.phpfpm.poolConfigs.ludivinecassal_dev = ludivinecassal_dev.phpFpm.pool; system.activationScripts.ludivinecassal_dev = ludivinecassal_dev.activationScript; + services.myWebsites.apacheConfig.ludivinecassal_dev.modules = ludivinecassal_dev.apache.modules; }) ]; } diff --git a/virtual/modules/websites/piedsjaloux.nix b/virtual/modules/websites/piedsjaloux.nix index f2b17ad..285fd18 100644 --- a/virtual/modules/websites/piedsjaloux.nix +++ b/virtual/modules/websites/piedsjaloux.nix @@ -26,11 +26,13 @@ in { services.phpfpm.poolConfigs.piedsjaloux_prod = piedsjaloux_prod.phpFpm.pool; system.activationScripts.piedsjaloux_prod = piedsjaloux_prod.activationScript; + services.myWebsites.apacheConfig.piedsjaloux_prod.modules = piedsjaloux_prod.apache.modules; }) (lib.mkIf cfg.integration.enable { security.acme.certs."eldiron".extraDomains."piedsjaloux.immae.eu" = null; services.phpfpm.poolConfigs.piedsjaloux_dev = piedsjaloux_dev.phpFpm.pool; system.activationScripts.piedsjaloux_dev = piedsjaloux_dev.activationScript; + services.myWebsites.apacheConfig.piedsjaloux_dev.modules = piedsjaloux_dev.apache.modules; }) ]; } -- 2.41.0