aboutsummaryrefslogblamecommitdiff
path: root/modules/private/websites/immae/temp.nix
blob: fd54f5e0d86708383b6972b3684dcf2b28e534ab (plain) (tree)
1
2
3
4
5
6
7
8
9
                            
   
                                              

                                         
    
                                                                                            
 
                                

                                                                                

                                                              
                         
                                        








                                                                                

                             


























                                                          
 










                                                               



      
{ lib, pkgs, config,  ... }:
let
  cfg = config.myServices.websites.immae.temp;
  varDir = "/var/lib/immae_temp";
  env = config.myEnv.websites.immae.temp;
in {
  options.myServices.websites.immae.temp.enable = lib.mkEnableOption "enable Temp' website";

  config = lib.mkIf cfg.enable {
    services.duplyBackup.profiles.immae_temp.rootDir = varDir;
    services.duplyBackup.profiles.immae_temp_surfer.rootDir = "/var/lib/surfer";
    services.websites.env.production.vhostConfs.immae_temp = {
      certName    = "immae";
      addToCerts  = true;
      hosts       = [ "temp.immae.eu" ];
      root        = null;
      extraConfig = [ ''
        ProxyVia On
        ProxyRequests Off
        ProxyPreserveHost On
        ProxyPass         / unix:///run/surfer/listen.sock|http://temp.immae.eu/
        ProxyPassReverse  / unix:///run/surfer/listen.sock|http://temp.immae.eu/
        <Proxy *>
          Options FollowSymLinks MultiViews
          AllowOverride None
          Require all granted
        </Proxy>
      '' ];
    };

    secrets.keys = [
      {
        dest = "webapps/surfer";
        permissions = "0400";
        user = "wwwrun";
        group = "wwwrun";
        text = ''
          CLOUDRON_LDAP_URL=ldaps://${env.ldap.host}
          CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
          TOKENSTORE_FILE=/var/lib/surfer/tokens.json
          CLOUDRON_LDAP_BIND_DN=${env.ldap.dn}
          CLOUDRON_LDAP_BIND_PASSWORD=${env.ldap.password}
          CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
          CLOUDRON_LDAP_FILTER="${env.ldap.filter}"
          LISTEN=/run/surfer/listen.sock
        '';
      }
    ];

    systemd.services.surfer = {
      description = "Surfer";
      wantedBy = [ "multi-user.target" ];
      after = [ "network.target" ];

      script = ''
        exec ${pkgs.webapps.surfer}/bin/surfer-server ${varDir}
      '';
      serviceConfig = {
        EnvironmentFile = "/var/secrets/webapps/surfer";
        User = "wwwrun";
        Group = "wwwrun";
        StateDirectory = "surfer";
        RuntimeDirectory = "surfer";
        Type = "simple";
      };
    };
  };
}