aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2019-01-10 01:59:32 +0100
committerIsmaël Bouya <ismael.bouya@normalesup.org>2019-01-10 02:09:39 +0100
commit42429ef0756d9ee41cf0ff0b38210edb3b1637e5 (patch)
tree8b3cce158c98fa0aba89b42ff3ec4bb8984389e8
parent86f6924f021869c1fd8e4e2a7930d50f04f921df (diff)
downloadNix-42429ef0756d9ee41cf0ff0b38210edb3b1637e5.tar.gz
Nix-42429ef0756d9ee41cf0ff0b38210edb3b1637e5.tar.zst
Nix-42429ef0756d9ee41cf0ff0b38210edb3b1637e5.zip
Continue moving websites: apache configuration and modules
-rw-r--r--virtual/eldiron.nix94
-rw-r--r--virtual/modules/databases.nix4
-rw-r--r--virtual/modules/websites.nix115
-rw-r--r--virtual/modules/websites/aten.nix2
-rw-r--r--virtual/modules/websites/chloe.nix2
-rw-r--r--virtual/modules/websites/connexionswing.nix2
-rw-r--r--virtual/modules/websites/ludivine.nix2
-rw-r--r--virtual/modules/websites/piedsjaloux.nix2
8 files changed, 135 insertions, 88 deletions
diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix
index 7189c39..efaa068 100644
--- a/virtual/eldiron.nix
+++ b/virtual/eldiron.nix
@@ -21,25 +21,13 @@
21 ./modules/gitolite.nix 21 ./modules/gitolite.nix
22 ./modules/gitweb.nix 22 ./modules/gitweb.nix
23 ./modules/databases.nix 23 ./modules/databases.nix
24 ./modules/websites/chloe.nix 24 ./modules/websites.nix
25 ./modules/websites/ludivine.nix
26 ./modules/websites/aten.nix
27 ./modules/websites/piedsjaloux.nix
28 ./modules/websites/connexionswing.nix
29 ]; 25 ];
30 services.myGitolite.enable = true; 26 services.myGitolite.enable = true;
31 services.myGitweb.enable = true; 27 services.myGitweb.enable = true;
32 services.myDatabases.enable = true; 28 services.myDatabases.enable = true;
33 services.myWebsites.Chloe.production.enable = true; 29 services.myWebsites.production.enable = true;
34 services.myWebsites.Chloe.integration.enable = true; 30 services.myWebsites.integration.enable = true;
35 services.myWebsites.Ludivine.production.enable = true;
36 services.myWebsites.Ludivine.integration.enable = true;
37 services.myWebsites.Aten.production.enable = true;
38 services.myWebsites.Aten.integration.enable = true;
39 services.myWebsites.PiedsJaloux.production.enable = true;
40 services.myWebsites.PiedsJaloux.integration.enable = true;
41 services.myWebsites.Connexionswing.production.enable = true;
42 services.myWebsites.Connexionswing.integration.enable = true;
43 31
44 nixpkgs.config.packageOverrides = oldpkgs: rec { 32 nixpkgs.config.packageOverrides = oldpkgs: rec {
45 goaccess = oldpkgs.goaccess.overrideAttrs(old: rec { 33 goaccess = oldpkgs.goaccess.overrideAttrs(old: rec {
@@ -153,10 +141,6 @@
153 install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/ttrss 141 install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/ttrss
154 install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/davical 142 install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/davical
155 ''; 143 '';
156 redis = ''
157 mkdir -p /run/redis
158 chown redis /run/redis
159 '';
160 # FIXME: initial sync 144 # FIXME: initial sync
161 goaccess = '' 145 goaccess = ''
162 mkdir -p /var/lib/goaccess 146 mkdir -p /var/lib/goaccess
@@ -205,62 +189,7 @@
205 logFormat = "combinedVhost"; 189 logFormat = "combinedVhost";
206 listen = [ { ip = "*"; port = 443; } ]; 190 listen = [ { ip = "*"; port = 443; } ];
207 }; 191 };
208 apacheConfig = { 192 apacheConfig = config.services.myWebsites.apacheConfig;
209 gzip = {
210 modules = [ "deflate" "filter" ];
211 extraConfig = ''
212 AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
213 '';
214 };
215 ldap = {
216 modules = [ "ldap" "authnz_ldap" ];
217 extraConfig = assert checkEnv "NIXOPS_HTTP_LDAP_PASSWORD"; ''
218 <IfModule ldap_module>
219 LDAPSharedCacheSize 500000
220 LDAPCacheEntries 1024
221 LDAPCacheTTL 600
222 LDAPOpCacheEntries 1024
223 LDAPOpCacheTTL 600
224 </IfModule>
225
226 <Macro LDAPConnect>
227 <IfModule authnz_ldap_module>
228 AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu
229 AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu
230 AuthLDAPBindPassword "${builtins.getEnv "NIXOPS_HTTP_LDAP_PASSWORD"}"
231 AuthType Basic
232 AuthName "Authentification requise (Acces LDAP)"
233 AuthBasicProvider ldap
234 </IfModule>
235 </Macro>
236
237 <Macro Stats %{domain}>
238 Alias /awstats /var/lib/goaccess/%{domain}
239 <Directory /var/lib/goaccess/%{domain}>
240 DirectoryIndex index.html
241 AllowOverride None
242 Require all granted
243 </Directory>
244 <Location /awstats>
245 Use LDAPConnect
246 Require ldap-group cn=%{domain},ou=stats,cn=httpd,ou=services,dc=immae,dc=eu
247 </Location>
248 </Macro>
249 '';
250 };
251 http2 = {
252 modules = [ "http2" ];
253 extraConfig = ''
254 Protocols h2 http/1.1
255 '';
256 };
257 customLog = {
258 modules = [];
259 extraConfig = ''
260 LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedVhost
261 '';
262 };
263 };
264 in rec { 193 in rec {
265 enable = true; 194 enable = true;
266 logPerVirtualHost = true; 195 logPerVirtualHost = true;
@@ -270,25 +199,14 @@
270 extraModules = pkgs.lib.lists.unique ( 199 extraModules = pkgs.lib.lists.unique (
271 mypkgs.adminer.apache.modules ++ 200 mypkgs.adminer.apache.modules ++
272 mypkgs.nextcloud.apache.modules ++ 201 mypkgs.nextcloud.apache.modules ++
273 mypkgs.connexionswing_dev.apache.modules ++
274 mypkgs.connexionswing_prod.apache.modules ++
275 mypkgs.ludivinecassal_dev.apache.modules ++
276 mypkgs.ludivinecassal_prod.apache.modules ++
277 mypkgs.piedsjaloux_dev.apache.modules ++
278 mypkgs.piedsjaloux_prod.apache.modules ++
279 mypkgs.chloe_dev.apache.modules ++
280 mypkgs.chloe_prod.apache.modules ++
281 mypkgs.aten_dev.apache.modules ++
282 mypkgs.aten_prod.apache.modules ++
283 mypkgs.ympd.apache.modules ++ 202 mypkgs.ympd.apache.modules ++
284 mypkgs.git.web.apache.modules ++ 203 mypkgs.git.web.apache.modules ++
285 mypkgs.mantisbt.apache.modules ++ 204 mypkgs.mantisbt.apache.modules ++
286 mypkgs.ttrss.apache.modules ++ 205 mypkgs.ttrss.apache.modules ++
287 mypkgs.roundcubemail.apache.modules ++ 206 mypkgs.roundcubemail.apache.modules ++
288 pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules) apacheConfig) ++ 207 pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) apacheConfig));
289 [ "macro" ]);
290 extraConfig = builtins.concatStringsSep "\n" 208 extraConfig = builtins.concatStringsSep "\n"
291 (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig) apacheConfig); 209 (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) apacheConfig));
292 virtualHosts = [ 210 virtualHosts = [
293 (withConf "eldiron" // { 211 (withConf "eldiron" // {
294 hostName = "eldiron.immae.eu"; 212 hostName = "eldiron.immae.eu";
diff --git a/virtual/modules/databases.nix b/virtual/modules/databases.nix
index 25bd645..9f8e70d 100644
--- a/virtual/modules/databases.nix
+++ b/virtual/modules/databases.nix
@@ -129,5 +129,9 @@ in {
129 maxclients 1024 129 maxclients 1024
130 ''; 130 '';
131 }; 131 };
132 system.activationScripts.redis = ''
133 mkdir -p /run/redis
134 chown redis /run/redis
135 '';
132 }; 136 };
133} 137}
diff --git a/virtual/modules/websites.nix b/virtual/modules/websites.nix
new file mode 100644
index 0000000..62f45d9
--- /dev/null
+++ b/virtual/modules/websites.nix
@@ -0,0 +1,115 @@
1{ lib, pkgs, config, mylibs, ... }:
2let
3 cfg = config.services.myWebsites;
4in
5{
6 imports = [
7 ./websites/chloe.nix
8 ./websites/ludivine.nix
9 ./websites/aten.nix
10 ./websites/piedsjaloux.nix
11 ./websites/connexionswing.nix
12 ];
13
14 options.services.myWebsites = {
15 production = {
16 enable = lib.mkEnableOption "enable websites in production";
17 };
18
19 integration = {
20 enable = lib.mkEnableOption "enable websites in integration";
21 };
22
23 apacheConfig = lib.mkOption {
24 type = lib.types.attrsOf (lib.types.submodule {
25 options = {
26 modules = lib.mkOption {
27 type = lib.types.listOf (lib.types.str);
28 default = [];
29 };
30 extraConfig = lib.mkOption {
31 type = lib.types.nullOr lib.types.lines;
32 default = null;
33 };
34 };
35 });
36 default = {};
37 description = "Extra global config";
38 };
39
40 };
41
42 config = {
43 services.myWebsites.Chloe.production.enable = cfg.production.enable;
44 services.myWebsites.Ludivine.production.enable = cfg.production.enable;
45 services.myWebsites.Aten.production.enable = cfg.production.enable;
46 services.myWebsites.PiedsJaloux.production.enable = cfg.production.enable;
47 services.myWebsites.Connexionswing.production.enable = cfg.production.enable;
48
49 services.myWebsites.Chloe.integration.enable = cfg.integration.enable;
50 services.myWebsites.Ludivine.integration.enable = cfg.integration.enable;
51 services.myWebsites.Aten.integration.enable = cfg.integration.enable;
52 services.myWebsites.PiedsJaloux.integration.enable = cfg.integration.enable;
53 services.myWebsites.Connexionswing.integration.enable = cfg.integration.enable;
54
55 services.myWebsites.apacheConfig = {
56 gzip = {
57 modules = [ "deflate" "filter" ];
58 extraConfig = ''
59 AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
60 '';
61 };
62 macros = {
63 modules = [ "macro" ];
64 };
65 ldap = {
66 modules = [ "ldap" "authnz_ldap" ];
67 # FIXME: starttls
68 extraConfig = assert mylibs.checkEnv "NIXOPS_HTTP_LDAP_PASSWORD"; ''
69 <IfModule ldap_module>
70 LDAPSharedCacheSize 500000
71 LDAPCacheEntries 1024
72 LDAPCacheTTL 600
73 LDAPOpCacheEntries 1024
74 LDAPOpCacheTTL 600
75 </IfModule>
76
77 <Macro LDAPConnect>
78 <IfModule authnz_ldap_module>
79 AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu STARTTLS
80 AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu
81 AuthLDAPBindPassword "${builtins.getEnv "NIXOPS_HTTP_LDAP_PASSWORD"}"
82 AuthType Basic
83 AuthName "Authentification requise (Acces LDAP)"
84 AuthBasicProvider ldap
85 </IfModule>
86 </Macro>
87
88 <Macro Stats %{domain}>
89 Alias /awstats /var/lib/goaccess/%{domain}
90 <Directory /var/lib/goaccess/%{domain}>
91 DirectoryIndex index.html
92 AllowOverride None
93 Require all granted
94 </Directory>
95 <Location /awstats>
96 Use LDAPConnect
97 Require ldap-group cn=%{domain},ou=stats,cn=httpd,ou=services,dc=immae,dc=eu
98 </Location>
99 </Macro>
100 '';
101 };
102 http2 = {
103 modules = [ "http2" ];
104 extraConfig = ''
105 Protocols h2 http/1.1
106 '';
107 };
108 customLog = {
109 extraConfig = ''
110 LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedVhost
111 '';
112 };
113 };
114 };
115}
diff --git a/virtual/modules/websites/aten.nix b/virtual/modules/websites/aten.nix
index 88a9857..1a65389 100644
--- a/virtual/modules/websites/aten.nix
+++ b/virtual/modules/websites/aten.nix
@@ -26,11 +26,13 @@ in {
26 26
27 services.phpfpm.poolConfigs.aten_prod = aten_prod.phpFpm.pool; 27 services.phpfpm.poolConfigs.aten_prod = aten_prod.phpFpm.pool;
28 system.activationScripts.aten_prod = aten_prod.activationScript; 28 system.activationScripts.aten_prod = aten_prod.activationScript;
29 services.myWebsites.apacheConfig.aten_prod.modules = aten_prod.apache.modules;
29 }) 30 })
30 (lib.mkIf cfg.integration.enable { 31 (lib.mkIf cfg.integration.enable {
31 security.acme.certs."eldiron".extraDomains."dev.aten.pro" = null; 32 security.acme.certs."eldiron".extraDomains."dev.aten.pro" = null;
32 services.phpfpm.poolConfigs.aten_dev = aten_dev.phpFpm.pool; 33 services.phpfpm.poolConfigs.aten_dev = aten_dev.phpFpm.pool;
33 system.activationScripts.aten_dev = aten_dev.activationScript; 34 system.activationScripts.aten_dev = aten_dev.activationScript;
35 services.myWebsites.apacheConfig.aten_dev.modules = aten_dev.apache.modules;
34 }) 36 })
35 ]; 37 ];
36} 38}
diff --git a/virtual/modules/websites/chloe.nix b/virtual/modules/websites/chloe.nix
index 9b5c5ca..d54c42d 100644
--- a/virtual/modules/websites/chloe.nix
+++ b/virtual/modules/websites/chloe.nix
@@ -26,11 +26,13 @@ in {
26 26
27 services.phpfpm.poolConfigs.chloe_prod = chloe_prod.phpFpm.pool; 27 services.phpfpm.poolConfigs.chloe_prod = chloe_prod.phpFpm.pool;
28 system.activationScripts.chloe_prod = chloe_prod.activationScript; 28 system.activationScripts.chloe_prod = chloe_prod.activationScript;
29 services.myWebsites.apacheConfig.chloe_prod.modules = chloe_prod.apache.modules;
29 }) 30 })
30 (lib.mkIf cfg.integration.enable { 31 (lib.mkIf cfg.integration.enable {
31 security.acme.certs."eldiron".extraDomains."chloe.immae.eu" = null; 32 security.acme.certs."eldiron".extraDomains."chloe.immae.eu" = null;
32 services.phpfpm.poolConfigs.chloe_dev = chloe_dev.phpFpm.pool; 33 services.phpfpm.poolConfigs.chloe_dev = chloe_dev.phpFpm.pool;
33 system.activationScripts.chloe_dev = chloe_dev.activationScript; 34 system.activationScripts.chloe_dev = chloe_dev.activationScript;
35 services.myWebsites.apacheConfig.chloe_dev.modules = chloe_dev.apache.modules;
34 }) 36 })
35 ]; 37 ];
36} 38}
diff --git a/virtual/modules/websites/connexionswing.nix b/virtual/modules/websites/connexionswing.nix
index e4b9c0e..8bf63a8 100644
--- a/virtual/modules/websites/connexionswing.nix
+++ b/virtual/modules/websites/connexionswing.nix
@@ -28,12 +28,14 @@ in {
28 28
29 services.phpfpm.poolConfigs.connexionswing_prod = connexionswing_prod.phpFpm.pool; 29 services.phpfpm.poolConfigs.connexionswing_prod = connexionswing_prod.phpFpm.pool;
30 system.activationScripts.connexionswing_prod = connexionswing_prod.activationScript; 30 system.activationScripts.connexionswing_prod = connexionswing_prod.activationScript;
31 services.myWebsites.apacheConfig.connexionswing_prod.modules = connexionswing_prod.apache.modules;
31 }) 32 })
32 (lib.mkIf cfg.integration.enable { 33 (lib.mkIf cfg.integration.enable {
33 security.acme.certs."eldiron".extraDomains."sandetludo.immae.eu" = null; 34 security.acme.certs."eldiron".extraDomains."sandetludo.immae.eu" = null;
34 security.acme.certs."eldiron".extraDomains."connexionswing.immae.eu" = null; 35 security.acme.certs."eldiron".extraDomains."connexionswing.immae.eu" = null;
35 services.phpfpm.poolConfigs.connexionswing_dev = connexionswing_dev.phpFpm.pool; 36 services.phpfpm.poolConfigs.connexionswing_dev = connexionswing_dev.phpFpm.pool;
36 system.activationScripts.connexionswing_dev = connexionswing_dev.activationScript; 37 system.activationScripts.connexionswing_dev = connexionswing_dev.activationScript;
38 services.myWebsites.apacheConfig.connexionswing_dev.modules = connexionswing_dev.apache.modules;
37 }) 39 })
38 ]; 40 ];
39} 41}
diff --git a/virtual/modules/websites/ludivine.nix b/virtual/modules/websites/ludivine.nix
index 9d6b693..f06e41a 100644
--- a/virtual/modules/websites/ludivine.nix
+++ b/virtual/modules/websites/ludivine.nix
@@ -26,12 +26,14 @@ in {
26 26
27 services.phpfpm.poolConfigs.ludivinecassal_prod = ludivinecassal_prod.phpFpm.pool; 27 services.phpfpm.poolConfigs.ludivinecassal_prod = ludivinecassal_prod.phpFpm.pool;
28 system.activationScripts.ludivinecassal_prod = ludivinecassal_prod.activationScript; 28 system.activationScripts.ludivinecassal_prod = ludivinecassal_prod.activationScript;
29 services.myWebsites.apacheConfig.ludivinecassal_prod.modules = ludivinecassal_prod.apache.modules;
29 }) 30 })
30 (lib.mkIf cfg.integration.enable { 31 (lib.mkIf cfg.integration.enable {
31 security.acme.certs."eldiron".extraDomains."ludivine.immae.eu" = null; 32 security.acme.certs."eldiron".extraDomains."ludivine.immae.eu" = null;
32 33
33 services.phpfpm.poolConfigs.ludivinecassal_dev = ludivinecassal_dev.phpFpm.pool; 34 services.phpfpm.poolConfigs.ludivinecassal_dev = ludivinecassal_dev.phpFpm.pool;
34 system.activationScripts.ludivinecassal_dev = ludivinecassal_dev.activationScript; 35 system.activationScripts.ludivinecassal_dev = ludivinecassal_dev.activationScript;
36 services.myWebsites.apacheConfig.ludivinecassal_dev.modules = ludivinecassal_dev.apache.modules;
35 }) 37 })
36 ]; 38 ];
37} 39}
diff --git a/virtual/modules/websites/piedsjaloux.nix b/virtual/modules/websites/piedsjaloux.nix
index f2b17ad..285fd18 100644
--- a/virtual/modules/websites/piedsjaloux.nix
+++ b/virtual/modules/websites/piedsjaloux.nix
@@ -26,11 +26,13 @@ in {
26 26
27 services.phpfpm.poolConfigs.piedsjaloux_prod = piedsjaloux_prod.phpFpm.pool; 27 services.phpfpm.poolConfigs.piedsjaloux_prod = piedsjaloux_prod.phpFpm.pool;
28 system.activationScripts.piedsjaloux_prod = piedsjaloux_prod.activationScript; 28 system.activationScripts.piedsjaloux_prod = piedsjaloux_prod.activationScript;
29 services.myWebsites.apacheConfig.piedsjaloux_prod.modules = piedsjaloux_prod.apache.modules;
29 }) 30 })
30 (lib.mkIf cfg.integration.enable { 31 (lib.mkIf cfg.integration.enable {
31 security.acme.certs."eldiron".extraDomains."piedsjaloux.immae.eu" = null; 32 security.acme.certs."eldiron".extraDomains."piedsjaloux.immae.eu" = null;
32 services.phpfpm.poolConfigs.piedsjaloux_dev = piedsjaloux_dev.phpFpm.pool; 33 services.phpfpm.poolConfigs.piedsjaloux_dev = piedsjaloux_dev.phpFpm.pool;
33 system.activationScripts.piedsjaloux_dev = piedsjaloux_dev.activationScript; 34 system.activationScripts.piedsjaloux_dev = piedsjaloux_dev.activationScript;
35 services.myWebsites.apacheConfig.piedsjaloux_dev.modules = piedsjaloux_dev.apache.modules;
34 }) 36 })
35 ]; 37 ];
36} 38}