From daf64e3f7de98e4267823d14fa34891b27b5f657 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Isma=C3=ABl=20Bouya?= Date: Tue, 14 May 2019 08:47:00 +0200 Subject: [PATCH] Start moving websites configuration to modules --- libs.nix | 2 +- modules/default.nix | 2 + modules/private/default.nix | 2 +- modules/private/httpd-service-builder.nix | 8 +- modules/websites/default.nix | 148 ++++++++ modules/websites/nosslVhost/index.html | 11 + nixops/eldiron.nix | 3 - nixops/modules/buildbot/default.nix | 2 +- nixops/modules/task/default.nix | 4 +- nixops/modules/websites/aten/default.nix | 9 +- .../modules/websites/capitaines/default.nix | 4 +- nixops/modules/websites/chloe/default.nix | 8 +- .../websites/connexionswing/default.nix | 8 +- nixops/modules/websites/default.nix | 341 +++++++----------- nixops/modules/websites/emilia/default.nix | 2 +- nixops/modules/websites/ftp/denisejerome.nix | 2 +- nixops/modules/websites/ftp/florian.nix | 8 +- nixops/modules/websites/ftp/immae.nix | 6 +- nixops/modules/websites/ftp/jerome.nix | 4 +- nixops/modules/websites/ftp/leila.nix | 6 +- nixops/modules/websites/ftp/nassime.nix | 2 +- nixops/modules/websites/ftp/papa.nix | 2 +- nixops/modules/websites/ftp/release.nix | 2 +- nixops/modules/websites/ftp/temp.nix | 4 +- nixops/modules/websites/ludivine/default.nix | 9 +- .../modules/websites/piedsjaloux/default.nix | 8 +- .../websites/tellesflorian/default.nix | 4 +- nixops/modules/websites/tools/cloud.nix | 4 +- nixops/modules/websites/tools/dav/default.nix | 4 +- nixops/modules/websites/tools/db.nix | 4 +- nixops/modules/websites/tools/diaspora.nix | 4 +- nixops/modules/websites/tools/ether.nix | 4 +- nixops/modules/websites/tools/git/default.nix | 4 +- nixops/modules/websites/tools/mastodon.nix | 4 +- nixops/modules/websites/tools/mediagoblin.nix | 4 +- nixops/modules/websites/tools/peertube.nix | 4 +- .../modules/websites/tools/tools/default.nix | 10 +- 37 files changed, 367 insertions(+), 290 deletions(-) create mode 100644 modules/websites/default.nix create mode 100644 modules/websites/nosslVhost/index.html diff --git a/libs.nix b/libs.nix index eb00311..c7d357b 100644 --- a/libs.nix +++ b/libs.nix @@ -77,4 +77,4 @@ rec { } ''; -} +} // (if builtins.pathExists ./lib/private then import ./lib/private else {}) diff --git a/modules/default.nix b/modules/default.nix index 6c49160..acb0bb5 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -8,4 +8,6 @@ mastodon = ./webapps/mastodon.nix; mediagoblin = ./webapps/mediagoblin.nix; peertube = ./webapps/peertube.nix; + + websites = ./websites; } // (if builtins.pathExists ./private then import ./private else {}) diff --git a/modules/private/default.nix b/modules/private/default.nix index ba46374..6c71af3 100644 --- a/modules/private/default.nix +++ b/modules/private/default.nix @@ -1,6 +1,6 @@ { # adatped from nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix - httpdProd = import ./httpd-service-builder.nix { httpdName = "Prod"; withUsers = false; }; httpdInte = import ./httpd-service-builder.nix { httpdName = "Inte"; withUsers = false; }; + httpdProd = import ./httpd-service-builder.nix { httpdName = "Prod"; withUsers = false; }; httpdTools = import ./httpd-service-builder.nix { httpdName = "Tools"; withUsers = true; }; } diff --git a/modules/private/httpd-service-builder.nix b/modules/private/httpd-service-builder.nix index 0f0fe22..d049202 100644 --- a/modules/private/httpd-service-builder.nix +++ b/modules/private/httpd-service-builder.nix @@ -7,7 +7,7 @@ with lib; let - mainCfg = config.services."httpd${httpdName}"; + mainCfg = config.services.httpd."${httpdName}"; httpd = mainCfg.package.out; @@ -438,7 +438,7 @@ in options = { - services."httpd${httpdName}" = { + services.httpd."${httpdName}" = { enable = mkOption { type = types.bool; @@ -655,7 +655,7 @@ in ###### implementation - config = mkIf config.services."httpd${httpdName}".enable { + config = mkIf config.services.httpd."${httpdName}".enable { assertions = [ { assertion = mainCfg.enableSSL == true -> mainCfg.sslServerCert != null @@ -679,7 +679,7 @@ in environment.systemPackages = [httpd] ++ concatMap (svc: svc.extraPath) allSubservices; - services."httpd${httpdName}".phpOptions = + services.httpd."${httpdName}".phpOptions = '' ; Needed for PHP's mail() function. sendmail_path = sendmail -t -i diff --git a/modules/websites/default.nix b/modules/websites/default.nix new file mode 100644 index 0000000..6a18c8a --- /dev/null +++ b/modules/websites/default.nix @@ -0,0 +1,148 @@ +{ lib, config, ... }: with lib; +let + cfg = config.services.websites; +in +{ + options.services.websites = with types; mkOption { + default = {}; + description = "Each type of website to enable will target a distinct httpd server"; + type = attrsOf (submodule { + options = { + enable = mkEnableOption "Enable websites of this type"; + adminAddr = mkOption { + type = str; + description = "Admin e-mail address of the instance"; + }; + httpdName = mkOption { + type = str; + description = "Name of the httpd instance to assign this type to"; + }; + ips = mkOption { + type = listOf string; + default = []; + description = "ips to listen to"; + }; + modules = mkOption { + type = listOf str; + default = []; + description = "Additional modules to load in Apache"; + }; + extraConfig = mkOption { + type = listOf lines; + default = []; + description = "Additional configuration to append to Apache"; + }; + nosslVhost = mkOption { + description = "A default nossl vhost for captive portals"; + default = {}; + type = submodule { + options = { + enable = mkEnableOption "Add default no-ssl vhost for this instance"; + host = mkOption { + type = string; + description = "The hostname to use for this vhost"; + }; + root = mkOption { + type = path; + default = ./nosslVhost; + description = "The root folder to serve"; + }; + indexFile = mkOption { + type = string; + default = "index.html"; + description = "The index file to show."; + }; + }; + }; + }; + fallbackVhost = mkOption { + description = "The fallback vhost that will be defined as first vhost in Apache"; + type = submodule { + options = { + certName = mkOption { type = string; }; + hosts = mkOption { type = listOf string; }; + root = mkOption { type = nullOr path; }; + extraConfig = mkOption { type = listOf lines; default = []; }; + }; + }; + }; + vhostConfs = mkOption { + default = {}; + description = "List of vhosts to define for Apache"; + type = attrsOf (submodule { + options = { + certName = mkOption { type = string; }; + hosts = mkOption { type = listOf string; }; + root = mkOption { type = nullOr path; }; + extraConfig = mkOption { type = listOf lines; default = []; }; + }; + }); + }; + }; + }); + }; + + config.services.httpd = let + redirectVhost = ips: { # Should go last, catchall http -> https redirect + listen = map (ip: { inherit ip; port = 80; }) ips; + hostName = "redirectSSL"; + serverAliases = [ "*" ]; + enableSSL = false; + logFormat = "combinedVhost"; + documentRoot = "/var/lib/acme/acme-challenge"; + extraConfig = '' + RewriteEngine on + RewriteCond "%{REQUEST_URI}" "!^/\.well-known" + RewriteRule ^(.+) https://%{HTTP_HOST}$1 [R=301] + # To redirect in specific "VirtualHost *:80", do + # RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://host/$1 + # rather than rewrite + ''; + }; + nosslVhost = ips: cfg: { + listen = map (ip: { inherit ip; port = 80; }) ips; + hostName = cfg.host; + enableSSL = false; + logFormat = "combinedVhost"; + documentRoot = cfg.root; + extraConfig = '' + + DirectoryIndex ${cfg.indexFile} + AllowOverride None + Require all granted + + RewriteEngine on + RewriteRule ^/(.+) / [L] + + ''; + }; + toVhost = ips: vhostConf: { + enableSSL = true; + sslServerCert = "/var/lib/acme/${vhostConf.certName}/cert.pem"; + sslServerKey = "/var/lib/acme/${vhostConf.certName}/key.pem"; + sslServerChain = "/var/lib/acme/${vhostConf.certName}/chain.pem"; + logFormat = "combinedVhost"; + listen = map (ip: { inherit ip; port = 443; }) ips; + hostName = builtins.head vhostConf.hosts; + serverAliases = builtins.tail vhostConf.hosts or []; + documentRoot = vhostConf.root; + extraConfig = builtins.concatStringsSep "\n" vhostConf.extraConfig; + }; + in attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair + icfg.httpdName (mkIf icfg.enable { + enable = true; + listen = map (ip: { inherit ip; port = 443; }) icfg.ips; + stateDir = "/run/httpd_${name}"; + logPerVirtualHost = true; + multiProcessingModule = "worker"; + inherit (icfg) adminAddr; + logFormat = "combinedVhost"; + extraModules = lists.unique icfg.modules; + extraConfig = builtins.concatStringsSep "\n" icfg.extraConfig; + virtualHosts = [ (toVhost icfg.ips icfg.fallbackVhost) ] + ++ optionals (icfg.nosslVhost.enable) [ (nosslVhost icfg.ips icfg.nosslVhost) ] + ++ (attrsets.mapAttrsToList (n: v: toVhost icfg.ips v) icfg.vhostConfs) + ++ [ (redirectVhost icfg.ips) ]; + }) + ) cfg; +} diff --git a/modules/websites/nosslVhost/index.html b/modules/websites/nosslVhost/index.html new file mode 100644 index 0000000..4401a80 --- /dev/null +++ b/modules/websites/nosslVhost/index.html @@ -0,0 +1,11 @@ + + + + No SSL site + + +

No SSL on this site

+

Use for wifi networks with login page that doesn't work well with + https.

+ + diff --git a/nixops/eldiron.nix b/nixops/eldiron.nix index 7d97377..35ce181 100644 --- a/nixops/eldiron.nix +++ b/nixops/eldiron.nix @@ -48,9 +48,6 @@ ] ++ (builtins.attrValues (import ../modules)); services.myGitolite.enable = true; services.myDatabases.enable = true; - services.myWebsites.production.enable = true; - services.myWebsites.integration.enable = true; - services.myWebsites.tools.enable = true; services.pure-ftpd.enable = true; services.irc.enable = true; services.pub.enable = true; diff --git a/nixops/modules/buildbot/default.nix b/nixops/modules/buildbot/default.nix index c812af9..89a0dea 100644 --- a/nixops/modules/buildbot/default.nix +++ b/nixops/modules/buildbot/default.nix @@ -37,7 +37,7 @@ in extraGroups = [ "keys" ]; }; - services.myWebsites.tools.vhostConfs.git.extraConfig = lib.attrsets.mapAttrsToList (k: project: '' + services.websites.tools.vhostConfs.git.extraConfig = lib.attrsets.mapAttrsToList (k: project: '' RedirectMatch permanent "^/buildbot/${project.name}$" "/buildbot/${project.name}/" RewriteEngine On RewriteRule ^/buildbot/${project.name}/ws(.*)$ unix:///run/buildbot/${project.name}.sock|ws://git.immae.eu/ws$1 [P,NE,QSA,L] diff --git a/nixops/modules/task/default.nix b/nixops/modules/task/default.nix index 8370608..feb3be8 100644 --- a/nixops/modules/task/default.nix +++ b/nixops/modules/task/default.nix @@ -102,8 +102,8 @@ in { ''; }]; security.acme.certs."eldiron".extraDomains.${fqdn} = null; - services.myWebsites.tools.modules = [ "proxy_fcgi" "sed" ]; - services.myWebsites.tools.vhostConfs.task = { + services.websites.tools.modules = [ "proxy_fcgi" "sed" ]; + services.websites.tools.vhostConfs.task = { certName = "eldiron"; hosts = [ "task.immae.eu" ]; root = "/run/current-system/webapps/_task"; diff --git a/nixops/modules/websites/aten/default.nix b/nixops/modules/websites/aten/default.nix index 70bb34b..fd002a5 100644 --- a/nixops/modules/websites/aten/default.nix +++ b/nixops/modules/websites/aten/default.nix @@ -40,9 +40,8 @@ in { mkdir -p $out/webapps ln -s ${aten_prod.app.webRoot} $out/webapps/${aten_prod.apache.webappName} ''; - services.myWebsites.apacheConfig.aten_prod.modules = aten_prod.apache.modules; - services.myWebsites.production.modules = aten_prod.apache.modules; - services.myWebsites.production.vhostConfs.aten = { + services.websites.production.modules = aten_prod.apache.modules; + services.websites.production.vhostConfs.aten = { certName = "aten"; hosts = [ "aten.pro" "www.aten.pro" ]; root = aten_prod.apache.root; @@ -60,8 +59,8 @@ in { mkdir -p $out/webapps ln -s ${aten_dev.app.webRoot} $out/webapps/${aten_dev.apache.webappName} ''; - services.myWebsites.integration.modules = aten_dev.apache.modules; - services.myWebsites.integration.vhostConfs.aten = { + services.websites.integration.modules = aten_dev.apache.modules; + services.websites.integration.vhostConfs.aten = { certName = "eldiron"; hosts = [ "dev.aten.pro" ]; root = aten_dev.apache.root; diff --git a/nixops/modules/websites/capitaines/default.nix b/nixops/modules/websites/capitaines/default.nix index 648cb1b..0d85266 100644 --- a/nixops/modules/websites/capitaines/default.nix +++ b/nixops/modules/websites/capitaines/default.nix @@ -22,7 +22,7 @@ in { ln -s ${siteDir} $out/webapps/${webappName} ''; - services.myWebsites.production.vhostConfs.capitaines_mastodon = { + services.websites.production.vhostConfs.capitaines_mastodon = { certName = "capitaines"; hosts = [ "mastodon.capitaines.fr" ]; root = root; @@ -38,7 +38,7 @@ in { ]; }; - services.myWebsites.production.vhostConfs.capitaines = { + services.websites.production.vhostConfs.capitaines = { certName = "capitaines"; hosts = [ "capitaines.fr" ]; root = "/run/current-system/webapps/_www"; diff --git a/nixops/modules/websites/chloe/default.nix b/nixops/modules/websites/chloe/default.nix index ce67bed..ba72d92 100644 --- a/nixops/modules/websites/chloe/default.nix +++ b/nixops/modules/websites/chloe/default.nix @@ -42,8 +42,8 @@ in { mkdir -p $out/webapps ln -s ${chloe_prod.app.webRoot} $out/webapps/${chloe_prod.apache.webappName} ''; - services.myWebsites.production.modules = chloe_prod.apache.modules; - services.myWebsites.production.vhostConfs.chloe = { + services.websites.production.modules = chloe_prod.apache.modules; + services.websites.production.vhostConfs.chloe = { certName = "chloe"; hosts = ["osteopathe-cc.fr" "www.osteopathe-cc.fr" ]; root = chloe_prod.apache.root; @@ -63,8 +63,8 @@ in { mkdir -p $out/webapps ln -s ${chloe_dev.app.webRoot} $out/webapps/${chloe_dev.apache.webappName} ''; - services.myWebsites.integration.modules = chloe_dev.apache.modules; - services.myWebsites.integration.vhostConfs.chloe = { + services.websites.integration.modules = chloe_dev.apache.modules; + services.websites.integration.vhostConfs.chloe = { certName = "eldiron"; hosts = ["chloe.immae.eu" ]; root = chloe_dev.apache.root; diff --git a/nixops/modules/websites/connexionswing/default.nix b/nixops/modules/websites/connexionswing/default.nix index b19af7e..3643e19 100644 --- a/nixops/modules/websites/connexionswing/default.nix +++ b/nixops/modules/websites/connexionswing/default.nix @@ -43,8 +43,8 @@ in { mkdir -p $out/webapps ln -s ${connexionswing_prod.app.webRoot} $out/webapps/${connexionswing_prod.apache.webappName} ''; - services.myWebsites.production.modules = connexionswing_prod.apache.modules; - services.myWebsites.production.vhostConfs.connexionswing = { + services.websites.production.modules = connexionswing_prod.apache.modules; + services.websites.production.vhostConfs.connexionswing = { certName = "connexionswing"; hosts = ["connexionswing.com" "sandetludo.com" "www.connexionswing.com" "www.sandetludo.com" ]; root = connexionswing_prod.apache.root; @@ -64,8 +64,8 @@ in { mkdir -p $out/webapps ln -s ${connexionswing_dev.app.webRoot} $out/webapps/${connexionswing_dev.apache.webappName} ''; - services.myWebsites.integration.modules = connexionswing_dev.apache.modules; - services.myWebsites.integration.vhostConfs.connexionswing = { + services.websites.integration.modules = connexionswing_dev.apache.modules; + services.websites.integration.vhostConfs.connexionswing = { certName = "eldiron"; hosts = ["connexionswing.immae.eu" "sandetludo.immae.eu" ]; root = connexionswing_dev.apache.root; diff --git a/nixops/modules/websites/default.nix b/nixops/modules/websites/default.nix index 627d01a..5b839af 100644 --- a/nixops/modules/websites/default.nix +++ b/nixops/modules/websites/default.nix @@ -3,104 +3,66 @@ let cfg = config.services.myWebsites; www_root = "/run/current-system/webapps/_www"; theme_root = "/run/current-system/webapps/_theme"; - makeService = name: cfg: let - toVhost = vhostConf: { - enableSSL = true; - sslServerCert = "/var/lib/acme/${vhostConf.certName}/cert.pem"; - sslServerKey = "/var/lib/acme/${vhostConf.certName}/key.pem"; - sslServerChain = "/var/lib/acme/${vhostConf.certName}/chain.pem"; - logFormat = "combinedVhost"; - listen = map (ip: { inherit ip; port = 443; }) cfg.ips; - hostName = builtins.head vhostConf.hosts; - serverAliases = builtins.tail vhostConf.hosts or []; - documentRoot = vhostConf.root; - extraConfig = builtins.concatStringsSep "\n" vhostConf.extraConfig; - }; - nosslVhost = { - listen = map (ip: { inherit ip; port = 80; }) cfg.ips; - hostName = "nossl.immae.eu"; - enableSSL = false; - logFormat = "combinedVhost"; - documentRoot = www_root; + apacheConfig = { + gzip = { + modules = [ "deflate" "filter" ]; extraConfig = '' - - DirectoryIndex nossl.html - AllowOverride None - Require all granted - - RewriteEngine on - RewriteRule ^/(.+) / [L] - - ''; + AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript + ''; + }; + macros = { + modules = [ "macro" ]; }; - redirectVhost = { # Should go last, catchall http -> https redirect - listen = map (ip: { inherit ip; port = 80; }) cfg.ips; - hostName = "redirectSSL"; - serverAliases = [ "*" ]; - enableSSL = false; - logFormat = "combinedVhost"; - documentRoot = "/var/lib/acme/acme-challenge"; + stats = { extraConfig = '' - RewriteEngine on - RewriteCond "%{REQUEST_URI}" "!^/\.well-known" - RewriteRule ^(.+) https://%{HTTP_HOST}$1 [R=301] - # To redirect in specific "VirtualHost *:80", do - # RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://host/$1 - # rather than rewrite + + Alias /webstats ${config.services.webstats.dataDir}/%{domain} + + DirectoryIndex index.html + AllowOverride None + Require all granted + + + Use LDAPConnect + Require ldap-group cn=%{domain},ou=stats,cn=httpd,ou=services,dc=immae,dc=eu + + ''; }; - fallbackVhost = toVhost { # Should go first, default choice - certName = "eldiron"; - hosts = ["eldiron.immae.eu" ]; - root = www_root; - extraConfig = [ "DirectoryIndex index.htm" ]; + ldap = { + modules = [ "ldap" "authnz_ldap" ]; + extraConfig = '' + + LDAPSharedCacheSize 500000 + LDAPCacheEntries 1024 + LDAPCacheTTL 600 + LDAPOpCacheEntries 1024 + LDAPOpCacheTTL 600 + + + Include /var/secrets/apache-ldap + ''; }; - in rec { - enable = true; - listen = map (ip: { inherit ip; port = 443; }) cfg.ips; - stateDir = "/run/httpd_${name}"; - logPerVirtualHost = true; - multiProcessingModule = "worker"; - adminAddr = "httpd@immae.eu"; - logFormat = "combinedVhost"; - extraModules = pkgs.lib.lists.unique (pkgs.lib.lists.flatten cfg.modules); - extraConfig = builtins.concatStringsSep "\n" cfg.extraConfig; - virtualHosts = [ fallbackVhost ] - ++ lib.optionals (name == "tools") [ nosslVhost ] - ++ (pkgs.lib.attrsets.mapAttrsToList (n: v: toVhost v) cfg.vhostConfs) - ++ [ redirectVhost ]; - }; - makeServiceOptions = name: { - enable = lib.mkEnableOption "enable websites in ${name}"; - ips = lib.mkOption { - type = lib.types.listOf lib.types.string; - default = let - ips = myconfig.env.servers.eldiron.ips.${name}; - in - [ips.ip4] ++ (ips.ip6 or []); - description = "${name} ips to listen to"; + global = { + extraConfig = (pkgs.webapps.apache-default.override { inherit www_root;}).apacheConfig; }; - modules = lib.mkOption { - type = lib.types.listOf (lib.types.str); - default = []; + apaxy = { + extraConfig = (pkgs.webapps.apache-theme.override { inherit theme_root; }).apacheConfig; }; - extraConfig = lib.mkOption { - type = lib.types.listOf (lib.types.lines); - default = []; + http2 = { + modules = [ "http2" ]; + extraConfig = '' + Protocols h2 http/1.1 + ''; }; - vhostConfs = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule { - options = { - certName = lib.mkOption { type = lib.types.string; }; - hosts = lib.mkOption { type = lib.types.listOf lib.types.string; }; - root = lib.mkOption { type = lib.types.nullOr lib.types.path; }; - extraConfig = lib.mkOption { type = lib.types.listOf lib.types.lines; default = []; }; - }; - }); + customLog = { + extraConfig = '' + LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedVhost + ''; }; }; - makeModules = cfg: pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig); - makeExtraConfig = cfg: (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig)); + makeModules = lib.lists.flatten (lib.attrsets.mapAttrsToList (n: v: v.modules or []) apacheConfig); + makeExtraConfig = (builtins.filter (x: x != null) (lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) apacheConfig)); in { imports = [ @@ -135,30 +97,6 @@ in ./phpfpm ]; - options.services.myWebsites = { - production = makeServiceOptions "production"; - integration = makeServiceOptions "integration"; - tools = makeServiceOptions "main"; - - apacheConfig = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule { - options = { - modules = lib.mkOption { - type = lib.types.listOf (lib.types.str); - default = []; - }; - extraConfig = lib.mkOption { - type = lib.types.nullOr lib.types.lines; - default = null; - }; - }; - }); - default = {}; - description = "Extra global config"; - }; - - }; - config = { users.users.wwwrun.extraGroups = [ "keys" ]; networking.firewall.allowedTCPPorts = [ 80 443 ]; @@ -195,28 +133,28 @@ in services.myWebsites.tools.etherpad-lite.enable = true; services.myWebsites.tools.peertube.enable = true; - services.myWebsites.Chloe.production.enable = cfg.production.enable; - services.myWebsites.Ludivine.production.enable = cfg.production.enable; - services.myWebsites.Aten.production.enable = cfg.production.enable; - services.myWebsites.PiedsJaloux.production.enable = cfg.production.enable; - services.myWebsites.Connexionswing.production.enable = cfg.production.enable; - services.myWebsites.Jerome.production.enable = cfg.production.enable; - services.myWebsites.Nassime.production.enable = cfg.production.enable; - services.myWebsites.Florian.production.enable = cfg.production.enable; - services.myWebsites.Leila.production.enable = cfg.production.enable; - services.myWebsites.Papa.production.enable = cfg.production.enable; - services.myWebsites.DeniseJerome.production.enable = cfg.production.enable; - services.myWebsites.Emilia.production.enable = cfg.production.enable; - services.myWebsites.Capitaines.production.enable = cfg.production.enable; - services.myWebsites.Immae.production.enable = cfg.production.enable; - services.myWebsites.Release.production.enable = cfg.production.enable; - services.myWebsites.Temp.production.enable = cfg.production.enable; + services.myWebsites.Chloe.production.enable = true; + services.myWebsites.Ludivine.production.enable = true; + services.myWebsites.Aten.production.enable = true; + services.myWebsites.PiedsJaloux.production.enable = true; + services.myWebsites.Connexionswing.production.enable = true; + services.myWebsites.Jerome.production.enable = true; + services.myWebsites.Nassime.production.enable = true; + services.myWebsites.Florian.production.enable = true; + services.myWebsites.Leila.production.enable = true; + services.myWebsites.Papa.production.enable = true; + services.myWebsites.DeniseJerome.production.enable = true; + services.myWebsites.Emilia.production.enable = true; + services.myWebsites.Capitaines.production.enable = true; + services.myWebsites.Immae.production.enable = true; + services.myWebsites.Release.production.enable = true; + services.myWebsites.Temp.production.enable = true; - services.myWebsites.Chloe.integration.enable = cfg.integration.enable; - services.myWebsites.Ludivine.integration.enable = cfg.integration.enable; - services.myWebsites.Aten.integration.enable = cfg.integration.enable; - services.myWebsites.PiedsJaloux.integration.enable = cfg.integration.enable; - services.myWebsites.Connexionswing.integration.enable = cfg.integration.enable; + services.myWebsites.Chloe.integration.enable = true; + services.myWebsites.Ludivine.integration.enable = true; + services.myWebsites.Aten.integration.enable = true; + services.myWebsites.PiedsJaloux.integration.enable = true; + services.myWebsites.Connexionswing.integration.enable = true; services.myWebsites.TellesFlorian.integration.enable = true; services.myWebsites.Florian.integration.enable = true; @@ -239,65 +177,6 @@ in ''; }]; - services.myWebsites.apacheConfig = { - gzip = { - modules = [ "deflate" "filter" ]; - extraConfig = '' - AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript - ''; - }; - macros = { - modules = [ "macro" ]; - }; - stats = { - extraConfig = '' - - Alias /webstats ${config.services.webstats.dataDir}/%{domain} - - DirectoryIndex index.html - AllowOverride None - Require all granted - - - Use LDAPConnect - Require ldap-group cn=%{domain},ou=stats,cn=httpd,ou=services,dc=immae,dc=eu - - - ''; - }; - ldap = { - modules = [ "ldap" "authnz_ldap" ]; - extraConfig = '' - - LDAPSharedCacheSize 500000 - LDAPCacheEntries 1024 - LDAPCacheTTL 600 - LDAPOpCacheEntries 1024 - LDAPOpCacheTTL 600 - - - Include /var/secrets/apache-ldap - ''; - }; - global = { - extraConfig = (pkgs.webapps.apache-default.override { inherit www_root;}).apacheConfig; - }; - apaxy = { - extraConfig = (pkgs.webapps.apache-theme.override { inherit theme_root; }).apacheConfig; - }; - http2 = { - modules = [ "http2" ]; - extraConfig = '' - Protocols h2 http/1.1 - ''; - }; - customLog = { - extraConfig = '' - LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedVhost - ''; - }; - }; - system.activationScripts = { httpd = '' install -d -m 0755 /var/lib/acme/acme-challenge @@ -334,26 +213,68 @@ in ''; }; - services.httpdProd = makeService "production" config.services.myWebsites.production; - services.myWebsites.production.modules = makeModules cfg; - services.myWebsites.production.extraConfig = makeExtraConfig cfg; + services.websites.production = { + enable = true; + adminAddr = "httpd@immae.eu"; + httpdName = "Prod"; + ips = + let ips = myconfig.env.servers.eldiron.ips.production; + in [ips.ip4] ++ (ips.ip6 or []); + modules = makeModules; + extraConfig = makeExtraConfig; + fallbackVhost = { + certName = "eldiron"; + hosts = ["eldiron.immae.eu" ]; + root = www_root; + extraConfig = [ "DirectoryIndex index.htm" ]; + }; + }; - services.httpdInte = makeService "integration" config.services.myWebsites.integration; - services.myWebsites.integration.modules = makeModules cfg; - services.myWebsites.integration.extraConfig = makeExtraConfig cfg; + services.websites.integration = { + enable = true; + adminAddr = "httpd@immae.eu"; + httpdName = "Inte"; + ips = + let ips = myconfig.env.servers.eldiron.ips.integration; + in [ips.ip4] ++ (ips.ip6 or []); + modules = makeModules; + extraConfig = makeExtraConfig; + fallbackVhost = { + certName = "eldiron"; + hosts = ["eldiron.immae.eu" ]; + root = www_root; + extraConfig = [ "DirectoryIndex index.htm" ]; + }; + }; - services.httpdTools = makeService "tools" config.services.myWebsites.tools; - services.myWebsites.tools.modules = makeModules cfg; - services.myWebsites.tools.extraConfig = makeExtraConfig cfg ++ - [ '' - RedirectMatch ^/licen[cs]es?_et_tip(ping)?$ https://www.immae.eu/licences_et_tip.html - RedirectMatch ^/licen[cs]es?_and_tip(ping)?$ https://www.immae.eu/licenses_and_tipping.html - RedirectMatch ^/licen[cs]es?$ https://www.immae.eu/licenses_and_tipping.html - RedirectMatch ^/tip(ping)?$ https://www.immae.eu/licenses_and_tipping.html - RedirectMatch ^/(mentions|mentions_legales|legal)$ https://www.immae.eu/mentions.html - RedirectMatch ^/CGU$ https://www.immae.eu/CGU - '' - ] - ; + services.websites.tools = { + enable = true; + adminAddr = "httpd@immae.eu"; + httpdName = "Tools"; + ips = + let ips = myconfig.env.servers.eldiron.ips.main; + in [ips.ip4] ++ (ips.ip6 or []); + modules = makeModules; + extraConfig = makeExtraConfig ++ + [ '' + RedirectMatch ^/licen[cs]es?_et_tip(ping)?$ https://www.immae.eu/licences_et_tip.html + RedirectMatch ^/licen[cs]es?_and_tip(ping)?$ https://www.immae.eu/licenses_and_tipping.html + RedirectMatch ^/licen[cs]es?$ https://www.immae.eu/licenses_and_tipping.html + RedirectMatch ^/tip(ping)?$ https://www.immae.eu/licenses_and_tipping.html + RedirectMatch ^/(mentions|mentions_legales|legal)$ https://www.immae.eu/mentions.html + RedirectMatch ^/CGU$ https://www.immae.eu/CGU + '' + ]; + nosslVhost = { + enable = true; + host = "nossl.immae.eu"; + }; + fallbackVhost = { + certName = "eldiron"; + hosts = ["eldiron.immae.eu" ]; + root = www_root; + extraConfig = [ "DirectoryIndex index.htm" ]; + }; + }; }; } diff --git a/nixops/modules/websites/emilia/default.nix b/nixops/modules/websites/emilia/default.nix index 97173b9..4e32bec 100644 --- a/nixops/modules/websites/emilia/default.nix +++ b/nixops/modules/websites/emilia/default.nix @@ -61,7 +61,7 @@ in { mkdir -p $out/webapps ln -s ${siteDir} $out/webapps/${webappName} ''; - services.myWebsites.production.vhostConfs.emilia = { + services.websites.production.vhostConfs.emilia = { certName = "emilia"; hosts = [ "saison-photo.org" "www.saison-photo.org" ]; root = root; diff --git a/nixops/modules/websites/ftp/denisejerome.nix b/nixops/modules/websites/ftp/denisejerome.nix index 85aae27..fa31430 100644 --- a/nixops/modules/websites/ftp/denisejerome.nix +++ b/nixops/modules/websites/ftp/denisejerome.nix @@ -17,7 +17,7 @@ in { domain = "denisejerome.piedsjaloux.fr"; }; - services.myWebsites.production.vhostConfs.denisejerome = { + services.websites.production.vhostConfs.denisejerome = { certName = "denisejerome"; hosts = ["denisejerome.piedsjaloux.fr" ]; root = varDir; diff --git a/nixops/modules/websites/ftp/florian.nix b/nixops/modules/websites/ftp/florian.nix index 2c8edbb..8097507 100644 --- a/nixops/modules/websites/ftp/florian.nix +++ b/nixops/modules/websites/ftp/florian.nix @@ -24,8 +24,8 @@ in { }; }; - services.myWebsites.production.modules = adminer.apache.modules; - services.myWebsites.production.vhostConfs.florian = { + services.websites.production.modules = adminer.apache.modules; + services.websites.production.vhostConfs.florian = { certName = "florian"; hosts = [ "tellesflorian.com" "www.tellesflorian.com" ]; root = "${varDir}/tellesflorian.com"; @@ -49,8 +49,8 @@ in { security.acme.certs."ftp".extraDomains."florian.immae.eu" = null; security.acme.certs."eldiron".extraDomains."florian.immae.eu" = null; - services.myWebsites.integration.modules = adminer.apache.modules; - services.myWebsites.integration.vhostConfs.florian = { + services.websites.integration.modules = adminer.apache.modules; + services.websites.integration.vhostConfs.florian = { certName = "eldiron"; hosts = [ "florian.immae.eu" ]; root = "${varDir}/florian.immae.eu"; diff --git a/nixops/modules/websites/ftp/immae.nix b/nixops/modules/websites/ftp/immae.nix index 64f8f31..e188d95 100644 --- a/nixops/modules/websites/ftp/immae.nix +++ b/nixops/modules/websites/ftp/immae.nix @@ -28,8 +28,8 @@ in { php_admin_value[open_basedir] = "${varDir}:/tmp" ''; - services.myWebsites.production.modules = [ "proxy_fcgi" ]; - services.myWebsites.production.vhostConfs.immae = { + services.websites.production.modules = [ "proxy_fcgi" ]; + services.websites.production.vhostConfs.immae = { certName = "eldiron"; hosts = [ "www.immae.eu" ]; root = varDir; @@ -58,7 +58,7 @@ in { security.acme.certs."eldiron".extraDomains."bouya.org" = null; security.acme.certs."eldiron".extraDomains."www.bouya.org" = null; - services.myWebsites.production.vhostConfs.bouya = { + services.websites.production.vhostConfs.bouya = { certName = "eldiron"; hosts = [ "bouya.org" "www.bouya.org" ]; root = null; diff --git a/nixops/modules/websites/ftp/jerome.nix b/nixops/modules/websites/ftp/jerome.nix index 5b86697..a340644 100644 --- a/nixops/modules/websites/ftp/jerome.nix +++ b/nixops/modules/websites/ftp/jerome.nix @@ -58,8 +58,8 @@ in { services.myPhpfpm.poolPhpConfigs.jerome = '' extension=${pkgs.php}/lib/php/extensions/mysqli.so ''; - services.myWebsites.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ]; - services.myWebsites.production.vhostConfs.naturaloutil = { + services.websites.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ]; + services.websites.production.vhostConfs.naturaloutil = { certName = "naturaloutil"; hosts = ["naturaloutil.immae.eu" ]; root = varDir; diff --git a/nixops/modules/websites/ftp/leila.nix b/nixops/modules/websites/ftp/leila.nix index c5c27b1..5185372 100644 --- a/nixops/modules/websites/ftp/leila.nix +++ b/nixops/modules/websites/ftp/leila.nix @@ -38,8 +38,8 @@ in { { name = "chorale.leila.bouya.org"; } ]; - services.myWebsites.production.modules = [ "proxy_fcgi" ]; - services.myWebsites.production.vhostConfs.leila_chorale = { + services.websites.production.modules = [ "proxy_fcgi" ]; + services.websites.production.vhostConfs.leila_chorale = { certName = "leila"; hosts = [ "chorale.leila.bouya.org" "chorale-vocanta.fr.nf" "www.chorale-vocanta.fr.nf" ]; root = "${varDir}/Chorale"; @@ -61,7 +61,7 @@ in { '' ]; }; - services.myWebsites.production.vhostConfs.leila = { + services.websites.production.vhostConfs.leila = { certName = "leila"; hosts = [ "leila.bouya.org" ]; root = varDir; diff --git a/nixops/modules/websites/ftp/nassime.nix b/nixops/modules/websites/ftp/nassime.nix index 0e54786..9ed8a80 100644 --- a/nixops/modules/websites/ftp/nassime.nix +++ b/nixops/modules/websites/ftp/nassime.nix @@ -18,7 +18,7 @@ in { domain = "nassime.bouya.org"; }; - services.myWebsites.production.vhostConfs.nassime = { + services.websites.production.vhostConfs.nassime = { certName = "nassime"; hosts = ["nassime.bouya.org" ]; root = varDir; diff --git a/nixops/modules/websites/ftp/papa.nix b/nixops/modules/websites/ftp/papa.nix index aedae63..cdbc1b0 100644 --- a/nixops/modules/websites/ftp/papa.nix +++ b/nixops/modules/websites/ftp/papa.nix @@ -34,7 +34,7 @@ in { ]; }; - services.myWebsites.production.vhostConfs.papa = { + services.websites.production.vhostConfs.papa = { certName = "papa"; hosts = [ "surveillance.maison.bbc.bouya.org" ]; root = varDir; diff --git a/nixops/modules/websites/ftp/release.nix b/nixops/modules/websites/ftp/release.nix index 4d996e3..2ddd8bc 100644 --- a/nixops/modules/websites/ftp/release.nix +++ b/nixops/modules/websites/ftp/release.nix @@ -15,7 +15,7 @@ in { security.acme.certs."eldiron".extraDomains."release.immae.eu" = null; - services.myWebsites.production.vhostConfs.release = { + services.websites.production.vhostConfs.release = { certName = "eldiron"; hosts = [ "release.immae.eu" ]; root = varDir; diff --git a/nixops/modules/websites/ftp/temp.nix b/nixops/modules/websites/ftp/temp.nix index 087b499..bdd80c0 100644 --- a/nixops/modules/websites/ftp/temp.nix +++ b/nixops/modules/websites/ftp/temp.nix @@ -13,8 +13,8 @@ in { config = lib.mkIf cfg.production.enable { security.acme.certs."eldiron".extraDomains."temp.immae.eu" = null; - services.myWebsites.production.modules = [ "headers" ]; - services.myWebsites.production.vhostConfs.temp = { + services.websites.production.modules = [ "headers" ]; + services.websites.production.vhostConfs.temp = { certName = "eldiron"; hosts = [ "temp.immae.eu" ]; root = varDir; diff --git a/nixops/modules/websites/ludivine/default.nix b/nixops/modules/websites/ludivine/default.nix index df75eff..dfeff0a 100644 --- a/nixops/modules/websites/ludivine/default.nix +++ b/nixops/modules/websites/ludivine/default.nix @@ -40,8 +40,8 @@ in { mkdir -p $out/webapps ln -s ${ludivinecassal_prod.app.webRoot} $out/webapps/${ludivinecassal_prod.apache.webappName} ''; - services.myWebsites.production.modules = ludivinecassal_prod.apache.modules; - services.myWebsites.production.vhostConfs.ludivine = { + services.websites.production.modules = ludivinecassal_prod.apache.modules; + services.websites.production.vhostConfs.ludivine = { certName = "ludivinecassal"; hosts = ["ludivinecassal.com" "www.ludivinecassal.com" ]; root = ludivinecassal_prod.apache.root; @@ -60,9 +60,8 @@ in { mkdir -p $out/webapps ln -s ${ludivinecassal_dev.app.webRoot} $out/webapps/${ludivinecassal_dev.apache.webappName} ''; - services.myWebsites.apacheConfig.ludivinecassal_dev.modules = ludivinecassal_dev.apache.modules; - services.myWebsites.integration.modules = ludivinecassal_dev.apache.modules; - services.myWebsites.integration.vhostConfs.ludivine = { + services.websites.integration.modules = ludivinecassal_dev.apache.modules; + services.websites.integration.vhostConfs.ludivine = { certName = "eldiron"; hosts = [ "ludivine.immae.eu" ]; root = ludivinecassal_dev.apache.root; diff --git a/nixops/modules/websites/piedsjaloux/default.nix b/nixops/modules/websites/piedsjaloux/default.nix index 10c1f6c..6ffb19c 100644 --- a/nixops/modules/websites/piedsjaloux/default.nix +++ b/nixops/modules/websites/piedsjaloux/default.nix @@ -40,8 +40,8 @@ in { mkdir -p $out/webapps ln -s ${piedsjaloux_prod.app.webRoot} $out/webapps/${piedsjaloux_prod.apache.webappName} ''; - services.myWebsites.production.modules = piedsjaloux_prod.apache.modules; - services.myWebsites.production.vhostConfs.piedsjaloux = { + services.websites.production.modules = piedsjaloux_prod.apache.modules; + services.websites.production.vhostConfs.piedsjaloux = { certName = "piedsjaloux"; hosts = [ "piedsjaloux.fr" "www.piedsjaloux.fr" ]; root = piedsjaloux_prod.apache.root; @@ -59,8 +59,8 @@ in { mkdir -p $out/webapps ln -s ${piedsjaloux_dev.app.webRoot} $out/webapps/${piedsjaloux_dev.apache.webappName} ''; - services.myWebsites.integration.modules = piedsjaloux_dev.apache.modules; - services.myWebsites.integration.vhostConfs.piedsjaloux = { + services.websites.integration.modules = piedsjaloux_dev.apache.modules; + services.websites.integration.vhostConfs.piedsjaloux = { certName = "eldiron"; hosts = [ "piedsjaloux.immae.eu" ]; root = piedsjaloux_dev.apache.root; diff --git a/nixops/modules/websites/tellesflorian/default.nix b/nixops/modules/websites/tellesflorian/default.nix index 93ee023..eb02174 100644 --- a/nixops/modules/websites/tellesflorian/default.nix +++ b/nixops/modules/websites/tellesflorian/default.nix @@ -26,8 +26,8 @@ in { mkdir -p $out/webapps ln -s ${tellesflorian_dev.app.webRoot} $out/webapps/${tellesflorian_dev.apache.webappName} ''; - services.myWebsites.integration.modules = adminer.apache.modules ++ tellesflorian_dev.apache.modules; - services.myWebsites.integration.vhostConfs.tellesflorian = { + services.websites.integration.modules = adminer.apache.modules ++ tellesflorian_dev.apache.modules; + services.websites.integration.vhostConfs.tellesflorian = { certName = "eldiron"; hosts = ["app.tellesflorian.com" ]; root = tellesflorian_dev.apache.root; diff --git a/nixops/modules/websites/tools/cloud.nix b/nixops/modules/websites/tools/cloud.nix index 40faec7..69b5fb0 100644 --- a/nixops/modules/websites/tools/cloud.nix +++ b/nixops/modules/websites/tools/cloud.nix @@ -51,9 +51,9 @@ in { config = lib.mkIf cfg.enable { security.acme.certs."eldiron".extraDomains."cloud.immae.eu" = null; - services.myWebsites.tools.modules = [ "proxy_fcgi" ]; + services.websites.tools.modules = [ "proxy_fcgi" ]; - services.myWebsites.tools.vhostConfs.cloud = { + services.websites.tools.vhostConfs.cloud = { certName = "eldiron"; hosts = ["cloud.immae.eu" ]; root = apacheRoot; diff --git a/nixops/modules/websites/tools/dav/default.nix b/nixops/modules/websites/tools/dav/default.nix index 5b5a076..ea2105b 100644 --- a/nixops/modules/websites/tools/dav/default.nix +++ b/nixops/modules/websites/tools/dav/default.nix @@ -30,9 +30,9 @@ in { security.acme.certs."eldiron".extraDomains."dav.immae.eu" = null; secrets.keys = davical.keys; - services.myWebsites.tools.modules = davical.apache.modules; + services.websites.tools.modules = davical.apache.modules; - services.myWebsites.tools.vhostConfs.dav = { + services.websites.tools.vhostConfs.dav = { certName = "eldiron"; hosts = ["dav.immae.eu" ]; root = null; diff --git a/nixops/modules/websites/tools/db.nix b/nixops/modules/websites/tools/db.nix index f7ca585..70650fa 100644 --- a/nixops/modules/websites/tools/db.nix +++ b/nixops/modules/websites/tools/db.nix @@ -11,8 +11,8 @@ in { config = lib.mkIf cfg.enable { security.acme.certs."eldiron".extraDomains."db-1.immae.eu" = null; - services.myWebsites.tools.modules = adminer.apache.modules; - services.myWebsites.tools.vhostConfs.db-1 = { + services.websites.tools.modules = adminer.apache.modules; + services.websites.tools.vhostConfs.db-1 = { certName = "eldiron"; hosts = ["db-1.immae.eu" ]; root = null; diff --git a/nixops/modules/websites/tools/diaspora.nix b/nixops/modules/websites/tools/diaspora.nix index f6097a0..221e01c 100644 --- a/nixops/modules/websites/tools/diaspora.nix +++ b/nixops/modules/websites/tools/diaspora.nix @@ -145,7 +145,7 @@ in { configDir = "/var/secrets/webapps/diaspora"; }; - services.myWebsites.tools.modules = [ + services.websites.tools.modules = [ "headers" "proxy" "proxy_http" ]; security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null; @@ -153,7 +153,7 @@ in { mkdir -p $out/webapps ln -s ${dcfg.workdir}/public/ $out/webapps/tools_diaspora ''; - services.myWebsites.tools.vhostConfs.diaspora = { + services.websites.tools.vhostConfs.diaspora = { certName = "eldiron"; hosts = [ "diaspora.immae.eu" ]; root = root; diff --git a/nixops/modules/websites/tools/ether.nix b/nixops/modules/websites/tools/ether.nix index 0ce5788..6222b22 100644 --- a/nixops/modules/websites/tools/ether.nix +++ b/nixops/modules/websites/tools/ether.nix @@ -133,11 +133,11 @@ in { systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys"; - services.myWebsites.tools.modules = [ + services.websites.tools.modules = [ "headers" "proxy" "proxy_http" "proxy_wstunnel" ]; security.acme.certs."eldiron".extraDomains."ether.immae.eu" = null; - services.myWebsites.tools.vhostConfs.etherpad-lite = { + services.websites.tools.vhostConfs.etherpad-lite = { certName = "eldiron"; hosts = [ "ether.immae.eu" ]; root = null; diff --git a/nixops/modules/websites/tools/git/default.nix b/nixops/modules/websites/tools/git/default.nix index bfcfc62..ea0d971 100644 --- a/nixops/modules/websites/tools/git/default.nix +++ b/nixops/modules/websites/tools/git/default.nix @@ -16,7 +16,7 @@ in { security.acme.certs."eldiron".extraDomains."git.immae.eu" = null; secrets.keys = mantisbt.keys; - services.myWebsites.tools.modules = + services.websites.tools.modules = gitweb.apache.modules ++ mantisbt.apache.modules; system.extraSystemBuilderCmds = '' @@ -25,7 +25,7 @@ in { ln -s ${mantisbt.webRoot} $out/webapps/${mantisbt.apache.webappName} ''; - services.myWebsites.tools.vhostConfs.git = { + services.websites.tools.vhostConfs.git = { certName = "eldiron"; hosts = ["git.immae.eu" ]; root = gitweb.apache.root; diff --git a/nixops/modules/websites/tools/mastodon.nix b/nixops/modules/websites/tools/mastodon.nix index e0f589a..38b2107 100644 --- a/nixops/modules/websites/tools/mastodon.nix +++ b/nixops/modules/websites/tools/mastodon.nix @@ -64,7 +64,7 @@ in { dataDir = "/var/lib/mastodon_immae"; }; - services.myWebsites.tools.modules = [ + services.websites.tools.modules = [ "headers" "proxy" "proxy_wstunnel" "proxy_http" ]; security.acme.certs."eldiron".extraDomains."mastodon.immae.eu" = null; @@ -72,7 +72,7 @@ in { mkdir -p $out/webapps ln -s ${mcfg.workdir}/public/ $out/webapps/tools_mastodon ''; - services.myWebsites.tools.vhostConfs.mastodon = { + services.websites.tools.vhostConfs.mastodon = { certName = "eldiron"; hosts = ["mastodon.immae.eu" ]; root = root; diff --git a/nixops/modules/websites/tools/mediagoblin.nix b/nixops/modules/websites/tools/mediagoblin.nix index 6b26681..8a6f03f 100644 --- a/nixops/modules/websites/tools/mediagoblin.nix +++ b/nixops/modules/websites/tools/mediagoblin.nix @@ -79,12 +79,12 @@ in { configFile = "/var/secrets/webapps/tools-mediagoblin"; }; - services.myWebsites.tools.modules = [ + services.websites.tools.modules = [ "proxy" "proxy_http" ]; users.users.wwwrun.extraGroups = [ "mediagoblin" ]; security.acme.certs."eldiron".extraDomains."mgoblin.immae.eu" = null; - services.myWebsites.tools.vhostConfs.mgoblin = { + services.websites.tools.vhostConfs.mgoblin = { certName = "eldiron"; hosts = ["mgoblin.immae.eu" ]; root = null; diff --git a/nixops/modules/websites/tools/peertube.nix b/nixops/modules/websites/tools/peertube.nix index 0184a30..6cc6d38 100644 --- a/nixops/modules/websites/tools/peertube.nix +++ b/nixops/modules/websites/tools/peertube.nix @@ -150,11 +150,11 @@ in { ''; }]; - services.myWebsites.tools.modules = [ + services.websites.tools.modules = [ "headers" "proxy" "proxy_http" "proxy_wstunnel" ]; security.acme.certs."eldiron".extraDomains."peertube.immae.eu" = null; - services.myWebsites.tools.vhostConfs.peertube = { + services.websites.tools.vhostConfs.peertube = { certName = "eldiron"; hosts = [ "peertube.immae.eu" ]; root = null; diff --git a/nixops/modules/websites/tools/tools/default.nix b/nixops/modules/websites/tools/tools/default.nix index 10feefe..5e84f45 100644 --- a/nixops/modules/websites/tools/tools/default.nix +++ b/nixops/modules/websites/tools/tools/default.nix @@ -58,10 +58,10 @@ in { ++ wallabag.keys ++ yourls.keys; - services.myWebsites.integration.modules = + services.websites.integration.modules = rainloop.apache.modules; - services.myWebsites.tools.modules = + services.websites.tools.modules = [ "proxy_fcgi" ] ++ adminer.apache.modules ++ ympd.apache.modules @@ -84,7 +84,7 @@ in { ''; }; - services.myWebsites.integration.vhostConfs.devtools = { + services.websites.integration.vhostConfs.devtools = { certName = "eldiron"; hosts = ["devtools.immae.eu" ]; root = "/var/lib/ftp/devtools.immae.eu"; @@ -103,7 +103,7 @@ in { ]; }; - services.myWebsites.tools.vhostConfs.tools = { + services.websites.tools.vhostConfs.tools = { certName = "eldiron"; hosts = ["tools.immae.eu" ]; root = "/var/lib/ftp/tools.immae.eu"; @@ -133,7 +133,7 @@ in { }; security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null; - services.myWebsites.tools.vhostConfs.outils = { + services.websites.tools.vhostConfs.outils = { certName = "eldiron"; hosts = [ "outils.immae.eu" ]; root = null; -- 2.41.0