modularize apache configuration

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2018-12-31 15:38:09 +0100
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2018-12-31 15:52:05 +0100
commit: 94818b7506f7284e2115863364b571daf0b5f5fc (patch)
tree: dbaa8364924d0242696ba9feba56e840adad57b4
parent: ce6ee3b80a97a6de84431bc8272c10accf9150bb (diff)
download: Nix-94818b7506f7284e2115863364b571daf0b5f5fc.tar.gz
Nix-94818b7506f7284e2115863364b571daf0b5f5fc.tar.zst
Nix-94818b7506f7284e2115863364b571daf0b5f5fc.zip
1 files changed, 51 insertions, 25 deletions
diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix
index b29ad06..4087be8 100644
--- a/virtual/eldiron.nix
+++ b/virtual/eldiron.nix
@@ -114,41 +114,67 @@
        sslServerKey = "/var/lib/acme/${domain}/key.pem";
        sslServerChain = "/var/lib/acme/${domain}/fullchain.pem";
      };
+      apacheConfig = {
+        gzip = {
+          modules = [ "deflate" "filter" ];
+          extraConfig = ''
+            AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
+          '';
+        };
+        ldap = {
+          modules = [ "ldap" "authnz_ldap" ];
+          extraConfig = assert mylibs.checkEnv "NIXOPS_HTTP_LDAP_PASSWORD"; ''
+            <IfModule ldap_module>
+              LDAPSharedCacheSize 500000
+              LDAPCacheEntries 1024
+              LDAPCacheTTL 600
+              LDAPOpCacheEntries 1024
+              LDAPOpCacheTTL 600
+            </IfModule>
+            <Macro LDAPConnect>
+              <IfModule authnz_ldap_module>
+                AuthLDAPURL          ldap://ldap.immae.eu:389/dc=immae,dc=eu
+                AuthLDAPBindDN       cn=httpd,ou=services,dc=immae,dc=eu
+                AuthLDAPBindPassword "${builtins.getEnv "NIXOPS_HTTP_LDAP_PASSWORD"}"
+                AuthType             Basic
+                AuthName             "Authentification requise (Acces LDAP)"
+                AuthBasicProvider    ldap
+              </IfModule>
+            </Macro>
+          '';
+        };
+      };
    in rec {
      enable = true;
      logPerVirtualHost = true;
      multiProcessingModule = "worker";
      adminAddr = "httpd@immae.eu";
      # FIXME: http2
+      # FIXME: voir les autres modules:
+      #    authz_core_module
+      #    reqtimeout_module
+      #    http2_module
+      #    version_module
+      #    proxy_connect_module
+      #    proxy_ftp_module
+      #    proxy_scgi_module
+      #    proxy_ajp_module
+      #    proxy_balancer_module
+      #    proxy_express_module
+      #    lbmethod_byrequests_module
+      #    lbmethod_bytraffic_module
+      #    lbmethod_bybusyness_module
+      #    lbmethod_heartbeat_module
      extraModules = pkgs.lib.lists.unique (
        mypkgs.adminer.apache.modules ++
        mypkgs.connexionswing_dev.apache.modules ++
        mypkgs.connexionswing_prod.apache.modules ++
-        [
+        pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules) apacheConfig) ++
-          "macro"
+        [ "macro" ]);
-          "ldap"
+      extraConfig = builtins.concatStringsSep "\n"
-          "authnz_ldap"
+        (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig) apacheConfig);
-        ]);
-      extraConfig = assert mylibs.checkEnv "NIXOPS_HTTP_LDAP_PASSWORD"; ''
-        <IfModule ldap_module>
-          LDAPSharedCacheSize 500000
-          LDAPCacheEntries 1024
-          LDAPCacheTTL 600
-          LDAPOpCacheEntries 1024
-          LDAPOpCacheTTL 600
-        </IfModule>
-        <Macro LDAPConnect>
-          <IfModule authnz_ldap_module>
-            AuthLDAPURL          ldap://ldap.immae.eu:389/dc=immae,dc=eu
-            AuthLDAPBindDN       cn=httpd,ou=services,dc=immae,dc=eu
-            AuthLDAPBindPassword "${builtins.getEnv "NIXOPS_HTTP_LDAP_PASSWORD"}"
-            AuthType             Basic
-            AuthName             "Authentification requise (Acces LDAP)"
-            AuthBasicProvider    ldap
-          </IfModule>
-        </Macro>
-        '';
      virtualHosts = [
        (withSSL "eldiron" // {
          listen = [ { ip = "*"; port = 443; } ];
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2018-12-31 15:38:09 +0100
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2018-12-31 15:52:05 +0100
commit	94818b7506f7284e2115863364b571daf0b5f5fc (patch)
tree	dbaa8364924d0242696ba9feba56e840adad57b4
parent	ce6ee3b80a97a6de84431bc8272c10accf9150bb (diff)
download	Nix-94818b7506f7284e2115863364b571daf0b5f5fc.tar.gz Nix-94818b7506f7284e2115863364b571daf0b5f5fc.tar.zst Nix-94818b7506f7284e2115863364b571daf0b5f5fc.zip

diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix index b29ad06..4087be8 100644 --- a/virtual/eldiron.nix +++ b/virtual/eldiron.nix
@@ -114,41 +114,67 @@
114	sslServerKey = "/var/lib/acme/${domain}/key.pem";	114	sslServerKey = "/var/lib/acme/${domain}/key.pem";
115	sslServerChain = "/var/lib/acme/${domain}/fullchain.pem";	115	sslServerChain = "/var/lib/acme/${domain}/fullchain.pem";
116	};	116	};
		117	apacheConfig = {
		118	gzip = {
		119	modules = [ "deflate" "filter" ];
		120	extraConfig = ''
		121	AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
		122	'';
		123	};
		124	ldap = {
		125	modules = [ "ldap" "authnz_ldap" ];
		126	extraConfig = assert mylibs.checkEnv "NIXOPS_HTTP_LDAP_PASSWORD"; ''
		127	<IfModule ldap_module>
		128	LDAPSharedCacheSize 500000
		129	LDAPCacheEntries 1024
		130	LDAPCacheTTL 600
		131	LDAPOpCacheEntries 1024
		132	LDAPOpCacheTTL 600
		133	</IfModule>
		134
		135	<Macro LDAPConnect>
		136	<IfModule authnz_ldap_module>
		137	AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu
		138	AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu
		139	AuthLDAPBindPassword "${builtins.getEnv "NIXOPS_HTTP_LDAP_PASSWORD"}"
		140	AuthType Basic
		141	AuthName "Authentification requise (Acces LDAP)"
		142	AuthBasicProvider ldap
		143	</IfModule>
		144	</Macro>
		145	'';
		146	};
		147	};
117	in rec {	148	in rec {
118	enable = true;	149	enable = true;
119	logPerVirtualHost = true;	150	logPerVirtualHost = true;
120	multiProcessingModule = "worker";	151	multiProcessingModule = "worker";
121	adminAddr = "httpd@immae.eu";	152	adminAddr = "httpd@immae.eu";
122	# FIXME: http2	153	# FIXME: http2
		154	# FIXME: voir les autres modules:
		155	# authz_core_module
		156	# reqtimeout_module
		157	# http2_module
		158	# version_module
		159	# proxy_connect_module
		160	# proxy_ftp_module
		161	# proxy_scgi_module
		162	# proxy_ajp_module
		163	# proxy_balancer_module
		164	# proxy_express_module
		165	# lbmethod_byrequests_module
		166	# lbmethod_bytraffic_module
		167	# lbmethod_bybusyness_module
		168	# lbmethod_heartbeat_module
		169
123	extraModules = pkgs.lib.lists.unique (	170	extraModules = pkgs.lib.lists.unique (
124	mypkgs.adminer.apache.modules ++	171	mypkgs.adminer.apache.modules ++
125	mypkgs.connexionswing_dev.apache.modules ++	172	mypkgs.connexionswing_dev.apache.modules ++
126	mypkgs.connexionswing_prod.apache.modules ++	173	mypkgs.connexionswing_prod.apache.modules ++
127	[	174	pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules) apacheConfig) ++
128	"macro"	175	[ "macro" ]);
129	"ldap"	176	extraConfig = builtins.concatStringsSep "\n"
130	"authnz_ldap"	177	(pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig) apacheConfig);
131	]);
132	extraConfig = assert mylibs.checkEnv "NIXOPS_HTTP_LDAP_PASSWORD"; ''
133	<IfModule ldap_module>
134	LDAPSharedCacheSize 500000
135	LDAPCacheEntries 1024
136	LDAPCacheTTL 600
137	LDAPOpCacheEntries 1024
138	LDAPOpCacheTTL 600
139	</IfModule>
140
141	<Macro LDAPConnect>
142	<IfModule authnz_ldap_module>
143	AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu
144	AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu
145	AuthLDAPBindPassword "${builtins.getEnv "NIXOPS_HTTP_LDAP_PASSWORD"}"
146	AuthType Basic
147	AuthName "Authentification requise (Acces LDAP)"
148	AuthBasicProvider ldap
149	</IfModule>
150	</Macro>
151	'';
152	virtualHosts = [	178	virtualHosts = [
153	(withSSL "eldiron" // {	179	(withSSL "eldiron" // {
154	listen = [ { ip = "*"; port = 443; } ];	180	listen = [ { ip = "*"; port = 443; } ];