From 29f8cb850d74b456d6481a456311bbf5361d328c Mon Sep 17 00:00:00 2001 From: =?utf8?q?Isma=C3=ABl=20Bouya?= Date: Sat, 1 Jun 2019 12:51:51 +0200 Subject: [PATCH] Refactor websites options --- modules/private/buildbot/default.nix | 4 +- modules/private/certificates.nix | 2 +- modules/private/tasks/default.nix | 6 +- modules/private/websites/aten/integration.nix | 2 +- modules/private/websites/aten/production.nix | 6 +- .../websites/capitaines/production.nix | 4 +- .../private/websites/chloe/integration.nix | 6 +- modules/private/websites/chloe/production.nix | 6 +- .../websites/connexionswing/integration.nix | 4 +- .../websites/connexionswing/production.nix | 4 +- modules/private/websites/default.nix | 6 +- .../websites/denisejerome/production.nix | 2 +- .../private/websites/emilia/production.nix | 2 +- modules/private/websites/florian/app.nix | 4 +- .../private/websites/florian/integration.nix | 4 +- .../private/websites/florian/production.nix | 4 +- modules/private/websites/immae/production.nix | 6 +- modules/private/websites/immae/release.nix | 2 +- modules/private/websites/immae/temp.nix | 4 +- modules/private/websites/leila/production.nix | 6 +- .../websites/ludivinecassal/integration.nix | 4 +- .../websites/ludivinecassal/production.nix | 4 +- .../private/websites/nassime/production.nix | 2 +- .../websites/naturaloutil/production.nix | 4 +- .../private/websites/papa/surveillance.nix | 2 +- .../websites/piedsjaloux/integration.nix | 4 +- .../websites/piedsjaloux/production.nix | 4 +- .../private/websites/tools/cloud/default.nix | 4 +- .../private/websites/tools/dav/default.nix | 4 +- modules/private/websites/tools/db/default.nix | 4 +- .../websites/tools/diaspora/default.nix | 4 +- .../private/websites/tools/ether/default.nix | 4 +- .../private/websites/tools/git/default.nix | 4 +- .../websites/tools/mastodon/default.nix | 4 +- .../websites/tools/mgoblin/default.nix | 4 +- .../websites/tools/peertube/default.nix | 4 +- .../private/websites/tools/tools/default.nix | 12 +- modules/websites/default.nix | 229 ++++++++++-------- modules/websites/php-application.nix | 4 +- 39 files changed, 202 insertions(+), 187 deletions(-) diff --git a/modules/private/buildbot/default.nix b/modules/private/buildbot/default.nix index d023a83..f307606 100644 --- a/modules/private/buildbot/default.nix +++ b/modules/private/buildbot/default.nix @@ -37,11 +37,11 @@ in extraGroups = [ "keys" ]; }; - services.websites.tools.watchPaths = lib.attrsets.mapAttrsToList + services.websites.env.tools.watchPaths = lib.attrsets.mapAttrsToList (k: project: "/var/secrets/buildbot/${project.name}/webhook-httpd-include") myconfig.env.buildbot.projects; - services.websites.tools.vhostConfs.git.extraConfig = lib.attrsets.mapAttrsToList (k: project: '' + services.websites.env.tools.vhostConfs.git.extraConfig = lib.attrsets.mapAttrsToList (k: project: '' RedirectMatch permanent "^/buildbot/${project.name}$" "/buildbot/${project.name}/" RewriteEngine On RewriteRule ^/buildbot/${project.name}/ws(.*)$ unix:///run/buildbot/${project.name}.sock|ws://git.immae.eu/ws$1 [P,NE,QSA,L] diff --git a/modules/private/certificates.nix b/modules/private/certificates.nix index 43f6a23..2e40b3c 100644 --- a/modules/private/certificates.nix +++ b/modules/private/certificates.nix @@ -15,7 +15,7 @@ }; config = { - services.websitesCerts = config.services.myCertificates.certConfig; + services.websites.certs = config.services.myCertificates.certConfig; myServices.databasesCerts = config.services.myCertificates.certConfig; myServices.ircCerts = config.services.myCertificates.certConfig; diff --git a/modules/private/tasks/default.nix b/modules/private/tasks/default.nix index 83a1b61..a2da0c3 100644 --- a/modules/private/tasks/default.nix +++ b/modules/private/tasks/default.nix @@ -101,9 +101,9 @@ in { SetEnv TASKD_LDAP_FILTER "${env.ldap.search}" ''; }]; - services.websites.tools.watchPaths = [ "/var/secrets/webapps/tools-taskwarrior-web" ]; - services.websites.tools.modules = [ "proxy_fcgi" "sed" ]; - services.websites.tools.vhostConfs.task = { + services.websites.env.tools.watchPaths = [ "/var/secrets/webapps/tools-taskwarrior-web" ]; + services.websites.env.tools.modules = [ "proxy_fcgi" "sed" ]; + services.websites.env.tools.vhostConfs.task = { certName = "eldiron"; addToCerts = true; hosts = [ "task.immae.eu" ]; diff --git a/modules/private/websites/aten/integration.nix b/modules/private/websites/aten/integration.nix index f8d8b53..0dbc4fa 100644 --- a/modules/private/websites/aten/integration.nix +++ b/modules/private/websites/aten/integration.nix @@ -32,7 +32,7 @@ in { secrets.keys = aten.keys; services.phpfpm.poolConfigs.aten_dev = aten.phpFpm.pool; - services.websites.integration.vhostConfs.aten = { + services.websites.env.integration.vhostConfs.aten = { certName = "eldiron"; addToCerts = true; hosts = [ "dev.aten.pro" ]; diff --git a/modules/private/websites/aten/production.nix b/modules/private/websites/aten/production.nix index 1a55e8a..0fab309 100644 --- a/modules/private/websites/aten/production.nix +++ b/modules/private/websites/aten/production.nix @@ -21,15 +21,15 @@ in { services.phpfpm.poolConfigs.aten_prod = aten.phpFpm.pool; system.activationScripts.aten_prod = aten.activationScript; myServices.websites.webappDirs."${aten.apache.webappName}" = aten.app.webRoot; - services.websites.production.modules = aten.apache.modules; - services.websites.production.vhostConfs.aten = { + services.websites.env.production.modules = aten.apache.modules; + services.websites.env.production.vhostConfs.aten = { certName = "aten"; certMainHost = "aten.pro"; hosts = [ "aten.pro" "www.aten.pro" ]; root = aten.apache.root; extraConfig = [ aten.apache.vhostConf ]; }; - services.websites.production.watchPaths = [ + services.websites.env.production.watchPaths = [ "/var/secrets/webapps/${aten.app.environment}-aten" ]; }; diff --git a/modules/private/websites/capitaines/production.nix b/modules/private/websites/capitaines/production.nix index 57d8787..995e2cc 100644 --- a/modules/private/websites/capitaines/production.nix +++ b/modules/private/websites/capitaines/production.nix @@ -11,7 +11,7 @@ in { config = lib.mkIf cfg.enable { myServices.websites.webappDirs."${webappName}" = siteDir; - services.websites.production.vhostConfs.capitaines_mastodon = { + services.websites.env.production.vhostConfs.capitaines_mastodon = { certName = "capitaines"; certMainHost = "mastodon.capitaines.fr"; hosts = [ "mastodon.capitaines.fr" ]; @@ -28,7 +28,7 @@ in { ]; }; - services.websites.production.vhostConfs.capitaines = { + services.websites.env.production.vhostConfs.capitaines = { certName = "capitaines"; addToCerts = true; hosts = [ "capitaines.fr" ]; diff --git a/modules/private/websites/chloe/integration.nix b/modules/private/websites/chloe/integration.nix index 25ec4db..1f7ac31 100644 --- a/modules/private/websites/chloe/integration.nix +++ b/modules/private/websites/chloe/integration.nix @@ -24,15 +24,15 @@ in { }; system.activationScripts.chloe_dev = chloe.activationScript; myServices.websites.webappDirs."${chloe.apache.webappName}" = chloe.app.webRoot; - services.websites.integration.modules = chloe.apache.modules; - services.websites.integration.vhostConfs.chloe = { + services.websites.env.integration.modules = chloe.apache.modules; + services.websites.env.integration.vhostConfs.chloe = { certName = "eldiron"; addToCerts = true; hosts = ["chloe.immae.eu" ]; root = chloe.apache.root; extraConfig = [ chloe.apache.vhostConf ]; }; - services.websites.integration.watchPaths = [ + services.websites.env.integration.watchPaths = [ "/var/secrets/webapps/${chloe.app.environment}-chloe" ]; }; diff --git a/modules/private/websites/chloe/production.nix b/modules/private/websites/chloe/production.nix index 6e0c34d..6cfdb7f 100644 --- a/modules/private/websites/chloe/production.nix +++ b/modules/private/websites/chloe/production.nix @@ -26,15 +26,15 @@ in { }; system.activationScripts.chloe_prod = chloe.activationScript; myServices.websites.webappDirs."${chloe.apache.webappName}" = chloe.app.webRoot; - services.websites.production.modules = chloe.apache.modules; - services.websites.production.vhostConfs.chloe = { + services.websites.env.production.modules = chloe.apache.modules; + services.websites.env.production.vhostConfs.chloe = { certName = "chloe"; certMainHost = "osteopathe-cc.fr"; hosts = ["osteopathe-cc.fr" "www.osteopathe-cc.fr" ]; root = chloe.apache.root; extraConfig = [ chloe.apache.vhostConf ]; }; - services.websites.production.watchPaths = [ + services.websites.env.production.watchPaths = [ "/var/secrets/webapps/${chloe.app.environment}-chloe" ]; }; diff --git a/modules/private/websites/connexionswing/integration.nix b/modules/private/websites/connexionswing/integration.nix index 7d77ac7..795d532 100644 --- a/modules/private/websites/connexionswing/integration.nix +++ b/modules/private/websites/connexionswing/integration.nix @@ -23,8 +23,8 @@ in { }; system.activationScripts.connexionswing_dev = connexionswing.activationScript; myServices.websites.webappDirs."${connexionswing.apache.webappName}" = connexionswing.app.webRoot; - services.websites.integration.modules = connexionswing.apache.modules; - services.websites.integration.vhostConfs.connexionswing = { + services.websites.env.integration.modules = connexionswing.apache.modules; + services.websites.env.integration.vhostConfs.connexionswing = { certName = "eldiron"; addToCerts = true; hosts = ["connexionswing.immae.eu" "sandetludo.immae.eu" ]; diff --git a/modules/private/websites/connexionswing/production.nix b/modules/private/websites/connexionswing/production.nix index f4cb377..07647da 100644 --- a/modules/private/websites/connexionswing/production.nix +++ b/modules/private/websites/connexionswing/production.nix @@ -25,8 +25,8 @@ in { }; system.activationScripts.connexionswing_prod = connexionswing.activationScript; myServices.websites.webappDirs."${connexionswing.apache.webappName}" = connexionswing.app.webRoot; - services.websites.production.modules = connexionswing.apache.modules; - services.websites.production.vhostConfs.connexionswing = { + services.websites.env.production.modules = connexionswing.apache.modules; + services.websites.env.production.vhostConfs.connexionswing = { certName = "connexionswing"; certMainHost = "connexionswing.com"; hosts = ["connexionswing.com" "sandetludo.com" "www.connexionswing.com" "www.sandetludo.com" ]; diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix index c3d941c..0d420ea 100644 --- a/modules/private/websites/default.nix +++ b/modules/private/websites/default.nix @@ -142,7 +142,7 @@ in services.filesWatcher.httpdInte.paths = [ "/var/secrets/apache-ldap" ]; services.filesWatcher.httpdTools.paths = [ "/var/secrets/apache-ldap" ]; - services.websites.production = { + services.websites.env.production = { enable = true; adminAddr = "httpd@immae.eu"; httpdName = "Prod"; @@ -159,7 +159,7 @@ in }; }; - services.websites.integration = { + services.websites.env.integration = { enable = true; adminAddr = "httpd@immae.eu"; httpdName = "Inte"; @@ -176,7 +176,7 @@ in }; }; - services.websites.tools = { + services.websites.env.tools = { enable = true; adminAddr = "httpd@immae.eu"; httpdName = "Tools"; diff --git a/modules/private/websites/denisejerome/production.nix b/modules/private/websites/denisejerome/production.nix index b5aff94..f93ad37 100644 --- a/modules/private/websites/denisejerome/production.nix +++ b/modules/private/websites/denisejerome/production.nix @@ -9,7 +9,7 @@ in { config = lib.mkIf cfg.enable { services.webstats.sites = [ { name = "denisejerome.piedsjaloux.fr"; } ]; - services.websites.production.vhostConfs.denisejerome = { + services.websites.env.production.vhostConfs.denisejerome = { certName = "denisejerome"; certMainHost = "denisejerome.piedsjaloux.fr"; hosts = ["denisejerome.piedsjaloux.fr" ]; diff --git a/modules/private/websites/emilia/production.nix b/modules/private/websites/emilia/production.nix index 13f008f..422bfd4 100644 --- a/modules/private/websites/emilia/production.nix +++ b/modules/private/websites/emilia/production.nix @@ -47,7 +47,7 @@ in { install -m 0755 -o wwwrun -g wwwrun -d ${varDir} ''; myServices.websites.webappDirs."${webappName}" = siteDir; - services.websites.production.vhostConfs.emilia = { + services.websites.env.production.vhostConfs.emilia = { certName = "emilia"; certMainHost = "saison-photo.org"; hosts = [ "saison-photo.org" "www.saison-photo.org" ]; diff --git a/modules/private/websites/florian/app.nix b/modules/private/websites/florian/app.nix index 55fb3cb..00fe644 100644 --- a/modules/private/websites/florian/app.nix +++ b/modules/private/websites/florian/app.nix @@ -21,8 +21,8 @@ in { services.phpfpm.poolConfigs.tellesflorian_dev = tellesflorian.phpFpm.pool; system.activationScripts.tellesflorian_dev = tellesflorian.activationScript; myServices.websites.webappDirs."${tellesflorian.apache.webappName}" = tellesflorian.app.webRoot; - services.websites.integration.modules = adminer.apache.modules ++ tellesflorian.apache.modules; - services.websites.integration.vhostConfs.tellesflorian = { + services.websites.env.integration.modules = adminer.apache.modules ++ tellesflorian.apache.modules; + services.websites.env.integration.vhostConfs.tellesflorian = { certName = "eldiron"; addToCerts = true; hosts = ["app.tellesflorian.com" ]; diff --git a/modules/private/websites/florian/integration.nix b/modules/private/websites/florian/integration.nix index 424ebd4..e444e69 100644 --- a/modules/private/websites/florian/integration.nix +++ b/modules/private/websites/florian/integration.nix @@ -10,8 +10,8 @@ in { config = lib.mkIf cfg.enable { security.acme.certs."ftp".extraDomains."florian.immae.eu" = null; - services.websites.integration.modules = adminer.apache.modules; - services.websites.integration.vhostConfs.florian = { + services.websites.env.integration.modules = adminer.apache.modules; + services.websites.env.integration.vhostConfs.florian = { certName = "eldiron"; addToCerts = true; hosts = [ "florian.immae.eu" ]; diff --git a/modules/private/websites/florian/production.nix b/modules/private/websites/florian/production.nix index 9b310b8..44a262e 100644 --- a/modules/private/websites/florian/production.nix +++ b/modules/private/websites/florian/production.nix @@ -10,8 +10,8 @@ in { config = lib.mkIf cfg.enable { security.acme.certs."ftp".extraDomains."tellesflorian.com" = null; - services.websites.production.modules = adminer.apache.modules; - services.websites.production.vhostConfs.florian = { + services.websites.env.production.modules = adminer.apache.modules; + services.websites.env.production.vhostConfs.florian = { certName = "florian"; certMainHost = "tellesflorian.com"; hosts = [ "tellesflorian.com" "www.tellesflorian.com" ]; diff --git a/modules/private/websites/immae/production.nix b/modules/private/websites/immae/production.nix index c3cabb6..3c851e6 100644 --- a/modules/private/websites/immae/production.nix +++ b/modules/private/websites/immae/production.nix @@ -22,8 +22,8 @@ in { php_admin_value[open_basedir] = "${varDir}:/tmp" ''; - services.websites.production.modules = [ "proxy_fcgi" ]; - services.websites.production.vhostConfs.immae = { + services.websites.env.production.modules = [ "proxy_fcgi" ]; + services.websites.env.production.vhostConfs.immae = { certName = "eldiron"; addToCerts = true; hosts = [ "www.immae.eu" ]; @@ -51,7 +51,7 @@ in { ]; }; - services.websites.production.vhostConfs.bouya = { + services.websites.env.production.vhostConfs.bouya = { certName = "eldiron"; addToCerts = true; hosts = [ "bouya.org" "www.bouya.org" ]; diff --git a/modules/private/websites/immae/release.nix b/modules/private/websites/immae/release.nix index 68381a6..5cc35ee 100644 --- a/modules/private/websites/immae/release.nix +++ b/modules/private/websites/immae/release.nix @@ -9,7 +9,7 @@ in { config = lib.mkIf cfg.enable { services.webstats.sites = [ { name = "release.immae.eu"; } ]; - services.websites.production.vhostConfs.release = { + services.websites.env.production.vhostConfs.release = { certName = "eldiron"; addToCerts = true; hosts = [ "release.immae.eu" ]; diff --git a/modules/private/websites/immae/temp.nix b/modules/private/websites/immae/temp.nix index 0b2a3a3..288c8cc 100644 --- a/modules/private/websites/immae/temp.nix +++ b/modules/private/websites/immae/temp.nix @@ -7,8 +7,8 @@ in { options.myServices.websites.immae.temp.enable = lib.mkEnableOption "enable Temp' website"; config = lib.mkIf cfg.enable { - services.websites.production.modules = [ "headers" ]; - services.websites.production.vhostConfs.temp = { + services.websites.env.production.modules = [ "headers" ]; + services.websites.env.production.vhostConfs.temp = { certName = "eldiron"; addToCerts = true; hosts = [ "temp.immae.eu" ]; diff --git a/modules/private/websites/leila/production.nix b/modules/private/websites/leila/production.nix index 69c8c49..52cf8cf 100644 --- a/modules/private/websites/leila/production.nix +++ b/modules/private/websites/leila/production.nix @@ -25,8 +25,8 @@ in { { name = "chorale.leila.bouya.org"; } ]; - services.websites.production.modules = [ "proxy_fcgi" ]; - services.websites.production.vhostConfs.leila_chorale = { + services.websites.env.production.modules = [ "proxy_fcgi" ]; + services.websites.env.production.vhostConfs.leila_chorale = { certName = "leila"; addToCerts = true; hosts = [ "chorale.leila.bouya.org" "chorale-vocanta.fr.nf" "www.chorale-vocanta.fr.nf" ]; @@ -49,7 +49,7 @@ in { '' ]; }; - services.websites.production.vhostConfs.leila = { + services.websites.env.production.vhostConfs.leila = { certName = "leila"; certMainHost = "leila.bouya.org"; hosts = [ "leila.bouya.org" ]; diff --git a/modules/private/websites/ludivinecassal/integration.nix b/modules/private/websites/ludivinecassal/integration.nix index f0ef3a6..bc05d9b 100644 --- a/modules/private/websites/ludivinecassal/integration.nix +++ b/modules/private/websites/ludivinecassal/integration.nix @@ -20,8 +20,8 @@ in { services.phpfpm.poolConfigs.ludivinecassal_dev = ludivinecassal.phpFpm.pool; system.activationScripts.ludivinecassal_dev = ludivinecassal.activationScript; myServices.websites.webappDirs."${ludivinecassal.apache.webappName}" = ludivinecassal.app.webRoot; - services.websites.integration.modules = ludivinecassal.apache.modules; - services.websites.integration.vhostConfs.ludivine = { + services.websites.env.integration.modules = ludivinecassal.apache.modules; + services.websites.env.integration.vhostConfs.ludivine = { certName = "eldiron"; addToCerts = true; hosts = [ "ludivine.immae.eu" ]; diff --git a/modules/private/websites/ludivinecassal/production.nix b/modules/private/websites/ludivinecassal/production.nix index 6a22d98..9d8407d 100644 --- a/modules/private/websites/ludivinecassal/production.nix +++ b/modules/private/websites/ludivinecassal/production.nix @@ -21,8 +21,8 @@ in { services.phpfpm.poolConfigs.ludivinecassal_prod = ludivinecassal.phpFpm.pool; system.activationScripts.ludivinecassal_prod = ludivinecassal.activationScript; myServices.websites.webappDirs."${ludivinecassal.apache.webappName}" = ludivinecassal.app.webRoot; - services.websites.production.modules = ludivinecassal.apache.modules; - services.websites.production.vhostConfs.ludivine = { + services.websites.env.production.modules = ludivinecassal.apache.modules; + services.websites.env.production.vhostConfs.ludivine = { certName = "ludivinecassal"; certMainHost = "ludivinecassal.com"; hosts = ["ludivinecassal.com" "www.ludivinecassal.com" ]; diff --git a/modules/private/websites/nassime/production.nix b/modules/private/websites/nassime/production.nix index a109778..f2a4142 100644 --- a/modules/private/websites/nassime/production.nix +++ b/modules/private/websites/nassime/production.nix @@ -11,7 +11,7 @@ in { security.acme.certs."ftp".extraDomains."nassime.bouya.org" = null; - services.websites.production.vhostConfs.nassime = { + services.websites.env.production.vhostConfs.nassime = { certName = "nassime"; certMainHost = "nassime.bouya.org"; hosts = ["nassime.bouya.org" ]; diff --git a/modules/private/websites/naturaloutil/production.nix b/modules/private/websites/naturaloutil/production.nix index f59957d..93940d5 100644 --- a/modules/private/websites/naturaloutil/production.nix +++ b/modules/private/websites/naturaloutil/production.nix @@ -61,8 +61,8 @@ in { extension=${pkgs.php}/lib/php/extensions/mysqli.so ''; }; - services.websites.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ]; - services.websites.production.vhostConfs.naturaloutil = { + services.websites.env.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ]; + services.websites.env.production.vhostConfs.naturaloutil = { certName = "naturaloutil"; certMainHost = "naturaloutil.immae.eu"; hosts = ["naturaloutil.immae.eu" ]; diff --git a/modules/private/websites/papa/surveillance.nix b/modules/private/websites/papa/surveillance.nix index 8e7cd9d..ca6bf9e 100644 --- a/modules/private/websites/papa/surveillance.nix +++ b/modules/private/websites/papa/surveillance.nix @@ -27,7 +27,7 @@ in { ]; }; - services.websites.production.vhostConfs.papa = { + services.websites.env.production.vhostConfs.papa = { certName = "papa"; certMainHost = "surveillance.maison.bbc.bouya.org"; hosts = [ "surveillance.maison.bbc.bouya.org" ]; diff --git a/modules/private/websites/piedsjaloux/integration.nix b/modules/private/websites/piedsjaloux/integration.nix index 5f574e1..8007c91 100644 --- a/modules/private/websites/piedsjaloux/integration.nix +++ b/modules/private/websites/piedsjaloux/integration.nix @@ -19,8 +19,8 @@ in { services.phpfpm.poolConfigs.piedsjaloux_dev = piedsjaloux.phpFpm.pool; system.activationScripts.piedsjaloux_dev = piedsjaloux.activationScript; myServices.websites.webappDirs."${piedsjaloux.apache.webappName}" = piedsjaloux.app.webRoot; - services.websites.integration.modules = piedsjaloux.apache.modules; - services.websites.integration.vhostConfs.piedsjaloux = { + services.websites.env.integration.modules = piedsjaloux.apache.modules; + services.websites.env.integration.vhostConfs.piedsjaloux = { certName = "eldiron"; addToCerts = true; hosts = [ "piedsjaloux.immae.eu" ]; diff --git a/modules/private/websites/piedsjaloux/production.nix b/modules/private/websites/piedsjaloux/production.nix index e3bd2dd..30066a5 100644 --- a/modules/private/websites/piedsjaloux/production.nix +++ b/modules/private/websites/piedsjaloux/production.nix @@ -21,8 +21,8 @@ in { services.phpfpm.poolConfigs.piedsjaloux_prod = piedsjaloux.phpFpm.pool; system.activationScripts.piedsjaloux_prod = piedsjaloux.activationScript; myServices.websites.webappDirs."${piedsjaloux.apache.webappName}" = piedsjaloux.app.webRoot; - services.websites.production.modules = piedsjaloux.apache.modules; - services.websites.production.vhostConfs.piedsjaloux = { + services.websites.env.production.modules = piedsjaloux.apache.modules; + services.websites.env.production.vhostConfs.piedsjaloux = { certName = "piedsjaloux"; certMainHost = "piedsjaloux.fr"; hosts = [ "piedsjaloux.fr" "www.piedsjaloux.fr" ]; diff --git a/modules/private/websites/tools/cloud/default.nix b/modules/private/websites/tools/cloud/default.nix index ceb8f77..fffe04c 100644 --- a/modules/private/websites/tools/cloud/default.nix +++ b/modules/private/websites/tools/cloud/default.nix @@ -48,9 +48,9 @@ in { }; config = lib.mkIf cfg.enable { - services.websites.tools.modules = [ "proxy_fcgi" ]; + services.websites.env.tools.modules = [ "proxy_fcgi" ]; - services.websites.tools.vhostConfs.cloud = { + services.websites.env.tools.vhostConfs.cloud = { certName = "eldiron"; addToCerts = true; hosts = ["cloud.immae.eu" ]; diff --git a/modules/private/websites/tools/dav/default.nix b/modules/private/websites/tools/dav/default.nix index fb0baae..5a0f470 100644 --- a/modules/private/websites/tools/dav/default.nix +++ b/modules/private/websites/tools/dav/default.nix @@ -29,9 +29,9 @@ in { config = lib.mkIf cfg.enable { system.activationScripts.davical = davical.activationScript; secrets.keys = davical.keys; - services.websites.tools.modules = davical.apache.modules; + services.websites.env.tools.modules = davical.apache.modules; - services.websites.tools.vhostConfs.dav = { + services.websites.env.tools.vhostConfs.dav = { certName = "eldiron"; addToCerts = true; hosts = ["dav.immae.eu" ]; diff --git a/modules/private/websites/tools/db/default.nix b/modules/private/websites/tools/db/default.nix index 361e204..60592e5 100644 --- a/modules/private/websites/tools/db/default.nix +++ b/modules/private/websites/tools/db/default.nix @@ -9,8 +9,8 @@ in { }; config = lib.mkIf cfg.enable { - services.websites.tools.modules = adminer.apache.modules; - services.websites.tools.vhostConfs.db-1 = { + services.websites.env.tools.modules = adminer.apache.modules; + services.websites.env.tools.vhostConfs.db-1 = { certName = "eldiron"; addToCerts = true; hosts = ["db-1.immae.eu" ]; diff --git a/modules/private/websites/tools/diaspora/default.nix b/modules/private/websites/tools/diaspora/default.nix index 6742a81..17a6a09 100644 --- a/modules/private/websites/tools/diaspora/default.nix +++ b/modules/private/websites/tools/diaspora/default.nix @@ -150,14 +150,14 @@ in { paths = [ dcfg.configDir ]; }; - services.websites.tools.modules = [ + services.websites.env.tools.modules = [ "headers" "proxy" "proxy_http" ]; system.extraSystemBuilderCmds = '' mkdir -p $out/webapps ln -s ${dcfg.workdir}/public/ $out/webapps/tools_diaspora ''; - services.websites.tools.vhostConfs.diaspora = { + services.websites.env.tools.vhostConfs.diaspora = { certName = "eldiron"; addToCerts = true; hosts = [ "diaspora.immae.eu" ]; diff --git a/modules/private/websites/tools/ether/default.nix b/modules/private/websites/tools/ether/default.nix index 3e68d54..c038528 100644 --- a/modules/private/websites/tools/ether/default.nix +++ b/modules/private/websites/tools/ether/default.nix @@ -138,10 +138,10 @@ in { paths = [ ecfg.sessionKeyFile ecfg.apiKeyFile ecfg.configFile ]; }; - services.websites.tools.modules = [ + services.websites.env.tools.modules = [ "headers" "proxy" "proxy_http" "proxy_wstunnel" ]; - services.websites.tools.vhostConfs.etherpad-lite = { + services.websites.env.tools.vhostConfs.etherpad-lite = { certName = "eldiron"; addToCerts = true; hosts = [ "ether.immae.eu" ]; diff --git a/modules/private/websites/tools/git/default.nix b/modules/private/websites/tools/git/default.nix index 75d0240..d66d151 100644 --- a/modules/private/websites/tools/git/default.nix +++ b/modules/private/websites/tools/git/default.nix @@ -16,14 +16,14 @@ in { config = lib.mkIf cfg.enable { secrets.keys = mantisbt.keys; - services.websites.tools.modules = + services.websites.env.tools.modules = gitweb.apache.modules ++ mantisbt.apache.modules; myServices.websites.webappDirs."${gitweb.apache.webappName}" = gitweb.webRoot; myServices.websites.webappDirs."${mantisbt.apache.webappName}" = mantisbt.webRoot; system.activationScripts.mantisbt = mantisbt.activationScript; - services.websites.tools.vhostConfs.git = { + services.websites.env.tools.vhostConfs.git = { certName = "eldiron"; addToCerts = true; hosts = ["git.immae.eu" ]; diff --git a/modules/private/websites/tools/mastodon/default.nix b/modules/private/websites/tools/mastodon/default.nix index 1a4b387..d67ae2b 100644 --- a/modules/private/websites/tools/mastodon/default.nix +++ b/modules/private/websites/tools/mastodon/default.nix @@ -77,14 +77,14 @@ in { }; - services.websites.tools.modules = [ + services.websites.env.tools.modules = [ "headers" "proxy" "proxy_wstunnel" "proxy_http" ]; system.extraSystemBuilderCmds = '' mkdir -p $out/webapps ln -s ${mcfg.workdir}/public/ $out/webapps/tools_mastodon ''; - services.websites.tools.vhostConfs.mastodon = { + services.websites.env.tools.vhostConfs.mastodon = { certName = "eldiron"; addToCerts = true; hosts = ["mastodon.immae.eu" ]; diff --git a/modules/private/websites/tools/mgoblin/default.nix b/modules/private/websites/tools/mgoblin/default.nix index 1d398db..b99b95e 100644 --- a/modules/private/websites/tools/mgoblin/default.nix +++ b/modules/private/websites/tools/mgoblin/default.nix @@ -87,11 +87,11 @@ in { paths = [ mcfg.configFile ]; }; - services.websites.tools.modules = [ + services.websites.env.tools.modules = [ "proxy" "proxy_http" ]; users.users.wwwrun.extraGroups = [ "mediagoblin" ]; - services.websites.tools.vhostConfs.mgoblin = { + services.websites.env.tools.vhostConfs.mgoblin = { certName = "eldiron"; addToCerts = true; hosts = ["mgoblin.immae.eu" ]; diff --git a/modules/private/websites/tools/peertube/default.nix b/modules/private/websites/tools/peertube/default.nix index dd28530..f34acaa 100644 --- a/modules/private/websites/tools/peertube/default.nix +++ b/modules/private/websites/tools/peertube/default.nix @@ -150,7 +150,7 @@ in { ''; }]; - services.websites.tools.modules = [ + services.websites.env.tools.modules = [ "headers" "proxy" "proxy_http" "proxy_wstunnel" ]; services.filesWatcher.peertube = { @@ -158,7 +158,7 @@ in { paths = [ pcfg.configFile ]; }; - services.websites.tools.vhostConfs.peertube = { + services.websites.env.tools.vhostConfs.peertube = { certName = "eldiron"; addToCerts = true; hosts = [ "peertube.immae.eu" ]; diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix index d75def4..5ca9851 100644 --- a/modules/private/websites/tools/tools/default.nix +++ b/modules/private/websites/tools/tools/default.nix @@ -57,10 +57,10 @@ in { ++ wallabag.keys ++ yourls.keys; - services.websites.integration.modules = + services.websites.env.integration.modules = rainloop.apache.modules; - services.websites.tools.modules = + services.websites.env.tools.modules = [ "proxy_fcgi" ] ++ adminer.apache.modules ++ ympd.apache.modules @@ -74,7 +74,7 @@ in { ++ ldap.apache.modules ++ kanboard.apache.modules; - services.websites.integration.vhostConfs.devtools = { + services.websites.env.integration.vhostConfs.devtools = { certName = "eldiron"; addToCerts = true; hosts = ["devtools.immae.eu" ]; @@ -94,7 +94,7 @@ in { ]; }; - services.websites.tools.vhostConfs.tools = { + services.websites.env.tools.vhostConfs.tools = { certName = "eldiron"; addToCerts = true; hosts = ["tools.immae.eu" ]; @@ -124,7 +124,7 @@ in { ]; }; - services.websites.tools.vhostConfs.outils = { + services.websites.env.tools.vhostConfs.outils = { certName = "eldiron"; addToCerts = true; hosts = [ "outils.immae.eu" ]; @@ -302,7 +302,7 @@ in { "${kanboard.apache.webappName}" = kanboard.webRoot; }; - services.websites.tools.watchPaths = [ + services.websites.env.tools.watchPaths = [ "/var/secrets/webapps/tools-wallabag" ]; services.filesWatcher.phpfpm-wallabag = { diff --git a/modules/websites/default.nix b/modules/websites/default.nix index 2e1d23a..ef79cb3 100644 --- a/modules/websites/default.nix +++ b/modules/websites/default.nix @@ -1,119 +1,131 @@ { lib, config, ... }: with lib; let - cfg = { - certs = config.services.websitesCerts; - webappDirs = config.services.websitesWebappDirs; - env = config.services.websites; - }; + cfg = config.services.websites; in { - options.services.websitesCerts = mkOption { - description = "Default websites configuration for certificates as accepted by acme"; - }; - options.services.websitesWebappDirs = mkOption { - description = '' - Defines a symlink between /run/current-system/webapps and a store - app directory to be used in http configuration. Permits to avoid - restarting httpd when only the folder name changes. - ''; - type = types.attrsOf types.path; - default = {}; - }; - # TODO: ajouter /run/current-system/webapps (RO) et webapps (RW) - options.services.websites = with types; mkOption { - default = {}; - description = "Each type of website to enable will target a distinct httpd server"; - type = attrsOf (submodule { - options = { - enable = mkEnableOption "Enable websites of this type"; - adminAddr = mkOption { - type = str; - description = "Admin e-mail address of the instance"; - }; - httpdName = mkOption { - type = str; - description = "Name of the httpd instance to assign this type to"; - }; - ips = mkOption { - type = listOf string; - default = []; - description = "ips to listen to"; - }; - modules = mkOption { - type = listOf str; - default = []; - description = "Additional modules to load in Apache"; - }; - extraConfig = mkOption { - type = listOf lines; - default = []; - description = "Additional configuration to append to Apache"; - }; - nosslVhost = mkOption { - description = "A default nossl vhost for captive portals"; - default = {}; - type = submodule { - options = { - enable = mkEnableOption "Add default no-ssl vhost for this instance"; - host = mkOption { - type = string; - description = "The hostname to use for this vhost"; - }; - root = mkOption { - type = path; - default = ./nosslVhost; - description = "The root folder to serve"; - }; - indexFile = mkOption { - type = string; - default = "index.html"; - description = "The index file to show."; + options.services.websites = with types; { + certs = mkOption { + description = "Default websites configuration for certificates as accepted by acme"; + }; + webappDirs = mkOption { + description = '' + Defines a symlink between /run/current-system/webapps and a store + app directory to be used in http configuration. Permits to avoid + restarting httpd when only the folder name changes. + ''; + type = types.attrsOf types.path; + default = {}; + }; + webappDirsName = mkOption { + type = str; + default = "webapps"; + description = '' + Name of the webapp dir to create in /run/current-system + ''; + }; + webappDirsPath = mkOption { + type = str; + readOnly = true; + description = '' + Full path of the webapp dir + ''; + default = "/run/current-system/${cfg.webappDirsName}"; + }; + env = mkOption { + default = {}; + description = "Each type of website to enable will target a distinct httpd server"; + type = attrsOf (submodule { + options = { + enable = mkEnableOption "Enable websites of this type"; + adminAddr = mkOption { + type = str; + description = "Admin e-mail address of the instance"; + }; + httpdName = mkOption { + type = str; + description = "Name of the httpd instance to assign this type to"; + }; + ips = mkOption { + type = listOf string; + default = []; + description = "ips to listen to"; + }; + modules = mkOption { + type = listOf str; + default = []; + description = "Additional modules to load in Apache"; + }; + extraConfig = mkOption { + type = listOf lines; + default = []; + description = "Additional configuration to append to Apache"; + }; + nosslVhost = mkOption { + description = "A default nossl vhost for captive portals"; + default = {}; + type = submodule { + options = { + enable = mkEnableOption "Add default no-ssl vhost for this instance"; + host = mkOption { + type = string; + description = "The hostname to use for this vhost"; + }; + root = mkOption { + type = path; + default = ./nosslVhost; + description = "The root folder to serve"; + }; + indexFile = mkOption { + type = string; + default = "index.html"; + description = "The index file to show."; + }; }; }; }; - }; - fallbackVhost = mkOption { - description = "The fallback vhost that will be defined as first vhost in Apache"; - type = submodule { - options = { - certName = mkOption { type = string; }; - hosts = mkOption { type = listOf string; }; - root = mkOption { type = nullOr path; }; - extraConfig = mkOption { type = listOf lines; default = []; }; + fallbackVhost = mkOption { + description = "The fallback vhost that will be defined as first vhost in Apache"; + type = submodule { + options = { + certName = mkOption { type = string; }; + hosts = mkOption { type = listOf string; }; + root = mkOption { type = nullOr path; }; + extraConfig = mkOption { type = listOf lines; default = []; }; + }; }; }; - }; - vhostConfs = mkOption { - default = {}; - description = "List of vhosts to define for Apache"; - type = attrsOf (submodule { - options = { - certName = mkOption { type = string; }; - addToCerts = mkOption { - type = bool; - default = false; - description = "Use these to certificates. Is ignored (considered true) if certMainHost is not null"; - }; - certMainHost = mkOption { - type = nullOr string; - description = "Use that host as 'main host' for acme certs"; - default = null; + vhostConfs = mkOption { + default = {}; + description = "List of vhosts to define for Apache"; + type = attrsOf (submodule { + options = { + certName = mkOption { type = string; }; + addToCerts = mkOption { + type = bool; + default = false; + description = "Use these to certificates. Is ignored (considered true) if certMainHost is not null"; + }; + certMainHost = mkOption { + type = nullOr string; + description = "Use that host as 'main host' for acme certs"; + default = null; + }; + hosts = mkOption { type = listOf string; }; + root = mkOption { type = nullOr path; }; + extraConfig = mkOption { type = listOf lines; default = []; }; }; - hosts = mkOption { type = listOf string; }; - root = mkOption { type = nullOr path; }; - extraConfig = mkOption { type = listOf lines; default = []; }; - }; - }); - }; - watchPaths = mkOption { - type = listOf string; - default = []; - description = '' - Paths to watch that should trigger a reload of httpd - ''; + }); + }; + watchPaths = mkOption { + type = listOf string; + default = []; + description = '' + Paths to watch that should trigger a reload of httpd + ''; + }; }; - }; - }); + }); + }; }; config.services.httpd = let @@ -226,7 +238,10 @@ in ) groupedCerts; config.system.extraSystemBuilderCmds = lib.mkIf (builtins.length (builtins.attrValues cfg.webappDirs) > 0) '' - mkdir -p $out/webapps - ${builtins.concatStringsSep "\n" (attrsets.mapAttrsToList (name: path: "ln -s ${path} $out/webapps/${name}") cfg.webappDirs)} + mkdir -p $out/${cfg.webappDirsName} + ${builtins.concatStringsSep "\n" + (attrsets.mapAttrsToList + (name: path: "ln -s ${path} $out/${cfg.webappDirsName}/${name}") cfg.webappDirs) + } ''; } diff --git a/modules/websites/php-application.nix b/modules/websites/php-application.nix index 7bbae50..765d406 100644 --- a/modules/websites/php-application.nix +++ b/modules/websites/php-application.nix @@ -97,14 +97,14 @@ in }; config = { - services.websites = attrsets.mapAttrs' (name: cfgs: attrsets.nameValuePair + services.websites.env = attrsets.mapAttrs' (name: cfgs: attrsets.nameValuePair name { modules = [ "proxy_fcgi" ]; watchPaths = builtins.concatLists (map (c: c.watchFiles) cfgs); } ) cfgByEnv; - services.websitesWebappDirs = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair + services.websites.webappDirs = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair icfg.webappName icfg.webRoot ) (attrsets.filterAttrs (n: v: !isNull v.webappName && !isNull v.webRoot) cfg); -- 2.41.0