aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2019-04-15 00:23:03 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2019-04-15 00:44:49 +0200
commita840a21c954be6342603ae7a45dde6c005761696 (patch)
treee2d2c547d5e6a4a74aa3cca53d97e3b39f8b8625
parent981634865c275c1f35e78a27c6d76cd9708fd7ef (diff)
downloadNix-a840a21c954be6342603ae7a45dde6c005761696.tar.gz
Nix-a840a21c954be6342603ae7a45dde6c005761696.tar.zst
Nix-a840a21c954be6342603ae7a45dde6c005761696.zip
Move ttrss, wallabag, ldap and roundcubemail passwords to secure location
Related issue: https://git.immae.eu/mantisbt/view.php?id=122
-rw-r--r--nixops/modules/websites/tools/tools/default.nix20
-rw-r--r--nixops/modules/websites/tools/tools/dokuwiki.nix1
-rw-r--r--nixops/modules/websites/tools/tools/ldap.nix45
-rw-r--r--nixops/modules/websites/tools/tools/rainloop.nix1
-rw-r--r--nixops/modules/websites/tools/tools/roundcubemail.nix101
-rw-r--r--nixops/modules/websites/tools/tools/ttrss.nix103
-rw-r--r--nixops/modules/websites/tools/tools/wallabag.nix127
-rw-r--r--nixops/modules/websites/tools/tools/yourls.nix13
8 files changed, 232 insertions, 179 deletions
diff --git a/nixops/modules/websites/tools/tools/default.nix b/nixops/modules/websites/tools/tools/default.nix
index 14b5934..3d5465f 100644
--- a/nixops/modules/websites/tools/tools/default.nix
+++ b/nixops/modules/websites/tools/tools/default.nix
@@ -46,7 +46,13 @@ in {
46 security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null; 46 security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
47 security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null; 47 security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null;
48 48
49 deployment.keys = kanboard.keys; 49 deployment.keys =
50 kanboard.keys
51 // ldap.keys
52 // roundcubemail.keys
53 // ttrss.keys
54 // wallabag.keys
55 // yourls.keys;
50 56
51 services.myWebsites.integration.modules = 57 services.myWebsites.integration.modules =
52 rainloop.apache.modules; 58 rainloop.apache.modules;
@@ -131,7 +137,17 @@ in {
131 ]; 137 ];
132 }; 138 };
133 139
134 services.myPhpfpm.serviceDependencies.kanboard = kanboard.phpFpm.serviceDeps; 140 services.myPhpfpm.serviceDependencies = {
141 dokuwiki = dokuwiki.phpFpm.serviceDeps;
142 kanboard = kanboard.phpFpm.serviceDeps;
143 ldap = ldap.phpFpm.serviceDeps;
144 rainloop = rainloop.phpFpm.serviceDeps;
145 roundcubemail = roundcubemail.phpFpm.serviceDeps;
146 ttrss = ttrss.phpFpm.serviceDeps;
147 wallabag = wallabag.phpFpm.serviceDeps;
148 yourls = yourls.phpFpm.serviceDeps;
149 };
150
135 services.myPhpfpm.poolPhpConfigs.roundcubemail = roundcubemail.phpFpm.phpConfig; 151 services.myPhpfpm.poolPhpConfigs.roundcubemail = roundcubemail.phpFpm.phpConfig;
136 services.myPhpfpm.poolConfigs = { 152 services.myPhpfpm.poolConfigs = {
137 adminer = adminer.phpFpm.pool; 153 adminer = adminer.phpFpm.pool;
diff --git a/nixops/modules/websites/tools/tools/dokuwiki.nix b/nixops/modules/websites/tools/tools/dokuwiki.nix
index 2f4e8c1..2cd19f1 100644
--- a/nixops/modules/websites/tools/tools/dokuwiki.nix
+++ b/nixops/modules/websites/tools/tools/dokuwiki.nix
@@ -76,6 +76,7 @@ let
76 ''; 76 '';
77 }; 77 };
78 phpFpm = rec { 78 phpFpm = rec {
79 serviceDeps = [ "openldap.service" ];
79 basedir = builtins.concatStringsSep ":" ( 80 basedir = builtins.concatStringsSep ":" (
80 [ webRoot varDir ] 81 [ webRoot varDir ]
81 ++ lib.attrsets.mapAttrsToList (name: value: value) plugins); 82 ++ lib.attrsets.mapAttrsToList (name: value: value) plugins);
diff --git a/nixops/modules/websites/tools/tools/ldap.nix b/nixops/modules/websites/tools/tools/ldap.nix
index 6cde881..9d98837 100644
--- a/nixops/modules/websites/tools/tools/ldap.nix
+++ b/nixops/modules/websites/tools/tools/ldap.nix
@@ -1,24 +1,30 @@
1{ lib, php, env, writeText, stdenv, optipng, fetchurl }: 1{ lib, php, env, writeText, stdenv, optipng, fetchurl }:
2rec { 2rec {
3 config = writeText "config.php" '' 3 keys.tools-ldap = {
4 <?php 4 destDir = "/run/keys/webapps";
5 $config->custom->appearance['show_clear_password'] = true; 5 user = apache.user;
6 $config->custom->appearance['hide_template_warning'] = true; 6 group = apache.group;
7 $config->custom->appearance['theme'] = "tango"; 7 permissions = "0700";
8 $config->custom->appearance['minimalMode'] = true; 8 text = ''
9 <?php
10 $config->custom->appearance['show_clear_password'] = true;
11 $config->custom->appearance['hide_template_warning'] = true;
12 $config->custom->appearance['theme'] = "tango";
13 $config->custom->appearance['minimalMode'] = true;
9 14
10 $servers = new Datastore(); 15 $servers = new Datastore();
11 16
12 $servers->newServer('ldap_pla'); 17 $servers->newServer('ldap_pla');
13 $servers->setValue('server','name','Immae’s LDAP'); 18 $servers->setValue('server','name','Immae&#x2019;s LDAP');
14 $servers->setValue('server','host','ldaps://${env.ldap.host}'); 19 $servers->setValue('server','host','ldaps://${env.ldap.host}');
15 $servers->setValue('login','auth_type','cookie'); 20 $servers->setValue('login','auth_type','cookie');
16 $servers->setValue('login','bind_id','${env.ldap.dn}'); 21 $servers->setValue('login','bind_id','${env.ldap.dn}');
17 $servers->setValue('login','bind_pass','${env.ldap.password}'); 22 $servers->setValue('login','bind_pass','${env.ldap.password}');
18 $servers->setValue('appearance','password_hash','ssha'); 23 $servers->setValue('appearance','password_hash','ssha');
19 $servers->setValue('login','attr','uid'); 24 $servers->setValue('login','attr','uid');
20 $servers->setValue('login','fallback_dn',true); 25 $servers->setValue('login','fallback_dn',true);
21 ''; 26 '';
27 };
22 webRoot = stdenv.mkDerivation rec { 28 webRoot = stdenv.mkDerivation rec {
23 version = "1.2.3"; 29 version = "1.2.3";
24 name = "phpldapadmin-${version}"; 30 name = "phpldapadmin-${version}";
@@ -39,7 +45,7 @@ rec {
39 ''; 45 '';
40 installPhase = '' 46 installPhase = ''
41 cp -a . $out 47 cp -a . $out
42 ln -sf ${config} $out/config/config.php 48 ln -sf /run/keys/webapps/tools-ldap $out/config/config.php
43 ''; 49 '';
44 }; 50 };
45 apache = rec { 51 apache = rec {
@@ -62,7 +68,8 @@ rec {
62 ''; 68 '';
63 }; 69 };
64 phpFpm = rec { 70 phpFpm = rec {
65 basedir = builtins.concatStringsSep ":" [ webRoot config ]; 71 serviceDeps = [ "openldap.service" "tools-ldap-key.service" ];
72 basedir = builtins.concatStringsSep ":" [ webRoot "/run/keys/webapps/tools-ldap" ];
66 socket = "/var/run/phpfpm/ldap.sock"; 73 socket = "/var/run/phpfpm/ldap.sock";
67 pool = '' 74 pool = ''
68 listen = ${socket} 75 listen = ${socket}
diff --git a/nixops/modules/websites/tools/tools/rainloop.nix b/nixops/modules/websites/tools/tools/rainloop.nix
index 7aaa4eb..457e546 100644
--- a/nixops/modules/websites/tools/tools/rainloop.nix
+++ b/nixops/modules/websites/tools/tools/rainloop.nix
@@ -39,6 +39,7 @@ rec {
39 ''; 39 '';
40 }; 40 };
41 phpFpm = rec { 41 phpFpm = rec {
42 serviceDeps = [ "postgresql.service" ];
42 basedir = builtins.concatStringsSep ":" [ webRoot varDir ]; 43 basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
43 socket = "/var/run/phpfpm/rainloop.sock"; 44 socket = "/var/run/phpfpm/rainloop.sock";
44 pool = '' 45 pool = ''
diff --git a/nixops/modules/websites/tools/tools/roundcubemail.nix b/nixops/modules/websites/tools/tools/roundcubemail.nix
index 1e1f95b..3806679 100644
--- a/nixops/modules/websites/tools/tools/roundcubemail.nix
+++ b/nixops/modules/websites/tools/tools/roundcubemail.nix
@@ -78,59 +78,65 @@ let
78 install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions 78 install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
79 ''; 79 '';
80 }; 80 };
81 config = writeText "config.php" '' 81 keys.tools-roundcube = {
82 <?php 82 destDir = "/run/keys/webapps";
83 $config['db_dsnw'] = '${env.psql_url}'; 83 user = apache.user;
84 $config['default_host'] = 'ssl://mail.immae.eu'; 84 group = apache.group;
85 $config['imap_conn_options'] = array("ssl" => array("verify_peer" => false)); 85 permissions = "0700";
86 $config['smtp_server'] = 'tls://mail.immae.eu'; 86 text = ''
87 $config['smtp_port'] = '25'; 87 <?php
88 $config['managesieve_host'] = 'mail.immae.eu'; 88 $config['db_dsnw'] = '${env.psql_url}';
89 $config['managesieve_port'] = '4190'; 89 $config['default_host'] = 'ssl://mail.immae.eu';
90 $config['managesieve_usetls'] = true; 90 $config['imap_conn_options'] = array("ssl" => array("verify_peer" => false));
91 $config['managesieve_conn_options'] = array("ssl" => array("verify_peer" => false)); 91 $config['smtp_server'] = 'tls://mail.immae.eu';
92 $config['smtp_port'] = '25';
93 $config['managesieve_host'] = 'mail.immae.eu';
94 $config['managesieve_port'] = '4190';
95 $config['managesieve_usetls'] = true;
96 $config['managesieve_conn_options'] = array("ssl" => array("verify_peer" => false));
92 97
93 $config['imap_cache'] = 'db'; 98 $config['imap_cache'] = 'db';
94 $config['messages_cache'] = 'db'; 99 $config['messages_cache'] = 'db';
95 100
96 $config['support_url'] = '''; 101 $config['support_url'] = ''';
97 102
98 $config['des_key'] = '${env.secret}'; 103 $config['des_key'] = '${env.secret}';
99 104
100 $config['skin'] = 'elastic'; 105 $config['skin'] = 'elastic';
101 $config['plugins'] = array( 106 $config['plugins'] = array(
102 'attachment_reminder', 107 'attachment_reminder',
103 'emoticons', 108 'emoticons',
104 'filesystem_attachments', 109 'filesystem_attachments',
105 'hide_blockquote', 110 'hide_blockquote',
106 'identicon', 111 'identicon',
107 'identity_select', 112 'identity_select',
108 'jqueryui', 113 'jqueryui',
109 'managesieve', 114 'managesieve',
110 'newmail_notifier', 115 'newmail_notifier',
111 'vcard_attachments', 116 'vcard_attachments',
112 'zipdownload', 117 'zipdownload',
113 118
114 'automatic_addressbook', 119 'automatic_addressbook',
115 'message_highlight', 120 'message_highlight',
116 'carddav', 121 'carddav',
117 // Ne marche pas ?: 'ident_switch', 122 // Ne marche pas ?: 'ident_switch',
118 // Ne marche pas ?: 'thunderbird_labels', 123 // Ne marche pas ?: 'thunderbird_labels',
119 ); 124 );
120 125
121 $config['language'] = 'fr_FR'; 126 $config['language'] = 'fr_FR';
122 127
123 $config['drafts_mbox'] = 'Mail/Drafts'; 128 $config['drafts_mbox'] = 'Mail/Drafts';
124 $config['junk_mbox'] = 'Mail/Spam'; 129 $config['junk_mbox'] = 'Mail/Spam';
125 $config['sent_mbox'] = 'Mail/sent'; 130 $config['sent_mbox'] = 'Mail/sent';
126 $config['trash_mbox'] = '''; 131 $config['trash_mbox'] = ''';
127 $config['default_folders'] = array('INBOX', 'Mail/Drafts', 'Mail/sent', 'Mail/Spam', '''); 132 $config['default_folders'] = array('INBOX', 'Mail/Drafts', 'Mail/sent', 'Mail/Spam', ''');
128 $config['draft_autosave'] = 60; 133 $config['draft_autosave'] = 60;
129 $config['enable_installer'] = false; 134 $config['enable_installer'] = false;
130 $config['log_driver'] = 'file'; 135 $config['log_driver'] = 'file';
131 $config['temp_dir'] = '${varDir}/cache'; 136 $config['temp_dir'] = '${varDir}/cache';
132 $config['mime_types'] = '${apacheHttpd}/conf/mime.types'; 137 $config['mime_types'] = '${apacheHttpd}/conf/mime.types';
133 ''; 138 '';
139 };
134 webRoot = stdenv.mkDerivation rec { 140 webRoot = stdenv.mkDerivation rec {
135 version = "1.4-rc1"; 141 version = "1.4-rc1";
136 name = "roundcubemail-${version}"; 142 name = "roundcubemail-${version}";
@@ -148,7 +154,7 @@ let
148 ''; 154 '';
149 installPhase = '' 155 installPhase = ''
150 cp -a . $out 156 cp -a . $out
151 ln -s ${config} $out/config/config.inc.php 157 ln -s /run/keys/webapps/tools-roundcube $out/config/config.inc.php
152 ${builtins.concatStringsSep "\n" ( 158 ${builtins.concatStringsSep "\n" (
153 lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/plugins/${name}") plugins 159 lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/plugins/${name}") plugins
154 )} 160 )}
@@ -178,8 +184,9 @@ let
178 ''; 184 '';
179 }; 185 };
180 phpFpm = rec { 186 phpFpm = rec {
187 serviceDeps = [ "postgresql.service" "tools-roundcube-key.service" ];
181 basedir = builtins.concatStringsSep ":" ( 188 basedir = builtins.concatStringsSep ":" (
182 [ webRoot config varDir ] 189 [ webRoot "/run/keys/webapps/tools-roundcube" varDir ]
183 ++ lib.attrsets.mapAttrsToList (name: value: value) plugins 190 ++ lib.attrsets.mapAttrsToList (name: value: value) plugins
184 ++ lib.attrsets.mapAttrsToList (name: value: value) skins); 191 ++ lib.attrsets.mapAttrsToList (name: value: value) skins);
185 phpConfig = '' 192 phpConfig = ''
diff --git a/nixops/modules/websites/tools/tools/ttrss.nix b/nixops/modules/websites/tools/tools/ttrss.nix
index ca049e6..6a5efd9 100644
--- a/nixops/modules/websites/tools/tools/ttrss.nix
+++ b/nixops/modules/websites/tools/tools/ttrss.nix
@@ -52,69 +52,75 @@ let
52 install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions 52 install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
53 ''; 53 '';
54 }; 54 };
55 config = writeText "config.php" '' 55 keys.tools-ttrss = {
56 <?php 56 destDir = "/run/keys/webapps";
57 user = apache.user;
58 group = apache.group;
59 permissions = "0700";
60 text = ''
61 <?php
57 62
58 define('PHP_EXECUTABLE', '${php}/bin/php'); 63 define('PHP_EXECUTABLE', '${php}/bin/php');
59 64
60 define('LOCK_DIRECTORY', 'lock'); 65 define('LOCK_DIRECTORY', 'lock');
61 define('CACHE_DIR', 'cache'); 66 define('CACHE_DIR', 'cache');
62 define('ICONS_DIR', 'feed-icons'); 67 define('ICONS_DIR', 'feed-icons');
63 define('ICONS_URL', 'feed-icons'); 68 define('ICONS_URL', 'feed-icons');
64 define('SELF_URL_PATH', 'https://tools.immae.eu/ttrss/'); 69 define('SELF_URL_PATH', 'https://tools.immae.eu/ttrss/');
65 70
66 define('MYSQL_CHARSET', 'UTF8'); 71 define('MYSQL_CHARSET', 'UTF8');
67 72
68 define('DB_TYPE', 'pgsql'); 73 define('DB_TYPE', 'pgsql');
69 define('DB_HOST', '${env.postgresql.socket}'); 74 define('DB_HOST', '${env.postgresql.socket}');
70 define('DB_USER', '${env.postgresql.user}'); 75 define('DB_USER', '${env.postgresql.user}');
71 define('DB_NAME', '${env.postgresql.database}'); 76 define('DB_NAME', '${env.postgresql.database}');
72 define('DB_PASS', '${env.postgresql.password}'); 77 define('DB_PASS', '${env.postgresql.password}');
73 define('DB_PORT', '${env.postgresql.port}'); 78 define('DB_PORT', '${env.postgresql.port}');
74 79
75 define('AUTH_AUTO_CREATE', true); 80 define('AUTH_AUTO_CREATE', true);
76 define('AUTH_AUTO_LOGIN', true); 81 define('AUTH_AUTO_LOGIN', true);
77 82
78 define('SINGLE_USER_MODE', false); 83 define('SINGLE_USER_MODE', false);
79 84
80 define('SIMPLE_UPDATE_MODE', false); 85 define('SIMPLE_UPDATE_MODE', false);
81 define('CHECK_FOR_UPDATES', true); 86 define('CHECK_FOR_UPDATES', true);
82 87
83 define('FORCE_ARTICLE_PURGE', 0); 88 define('FORCE_ARTICLE_PURGE', 0);
84 define('SESSION_COOKIE_LIFETIME', 60*60*24*120); 89 define('SESSION_COOKIE_LIFETIME', 60*60*24*120);
85 define('ENABLE_GZIP_OUTPUT', false); 90 define('ENABLE_GZIP_OUTPUT', false);
86 91
87 define('PLUGINS', 'auth_ldap, note, instances'); 92 define('PLUGINS', 'auth_ldap, note, instances');
88 93
89 define('LOG_DESTINATION', '''); 94 define('LOG_DESTINATION', ''');
90 define('CONFIG_VERSION', 26); 95 define('CONFIG_VERSION', 26);
91 96
92 97
93 define('SPHINX_SERVER', 'localhost:9312'); 98 define('SPHINX_SERVER', 'localhost:9312');
94 define('SPHINX_INDEX', 'ttrss, delta'); 99 define('SPHINX_INDEX', 'ttrss, delta');
95 100
96 define('ENABLE_REGISTRATION', false); 101 define('ENABLE_REGISTRATION', false);
97 define('REG_NOTIFY_ADDRESS', 'ttrss@tools.immae.eu'); 102 define('REG_NOTIFY_ADDRESS', 'ttrss@tools.immae.eu');
98 define('REG_MAX_USERS', 10); 103 define('REG_MAX_USERS', 10);
99 104
100 define('SMTP_FROM_NAME', 'Tiny Tiny RSS'); 105 define('SMTP_FROM_NAME', 'Tiny Tiny RSS');
101 define('SMTP_FROM_ADDRESS', 'ttrss@tools.immae.eu'); 106 define('SMTP_FROM_ADDRESS', 'ttrss@tools.immae.eu');
102 define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours'); 107 define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');
103 108
104 define('LDAP_AUTH_SERVER_URI', 'ldap://ldap.immae.eu:389/'); 109 define('LDAP_AUTH_SERVER_URI', 'ldap://ldap.immae.eu:389/');
105 define('LDAP_AUTH_USETLS', TRUE); 110 define('LDAP_AUTH_USETLS', TRUE);
106 define('LDAP_AUTH_ALLOW_UNTRUSTED_CERT', TRUE); 111 define('LDAP_AUTH_ALLOW_UNTRUSTED_CERT', TRUE);
107 define('LDAP_AUTH_BASEDN', 'dc=immae,dc=eu'); 112 define('LDAP_AUTH_BASEDN', 'dc=immae,dc=eu');
108 define('LDAP_AUTH_ANONYMOUSBEFOREBIND', FALSE); 113 define('LDAP_AUTH_ANONYMOUSBEFOREBIND', FALSE);
109 define('LDAP_AUTH_SEARCHFILTER', '(&(memberOf=cn=users,cn=ttrss,ou=services,dc=immae,dc=eu)(|(cn=???)(uid=???)(&(uid:dn:=???)(ou=ttrss))))'); 114 define('LDAP_AUTH_SEARCHFILTER', '(&(memberOf=cn=users,cn=ttrss,ou=services,dc=immae,dc=eu)(|(cn=???)(uid=???)(&(uid:dn:=???)(ou=ttrss))))');
110 115
111 define('LDAP_AUTH_BINDDN', 'cn=ttrss,ou=services,dc=immae,dc=eu'); 116 define('LDAP_AUTH_BINDDN', 'cn=ttrss,ou=services,dc=immae,dc=eu');
112 define('LDAP_AUTH_BINDPW', '${env.ldap.password}'); 117 define('LDAP_AUTH_BINDPW', '${env.ldap.password}');
113 define('LDAP_AUTH_LOGIN_ATTRIB', 'immaeTtrssLogin'); 118 define('LDAP_AUTH_LOGIN_ATTRIB', 'immaeTtrssLogin');
114 119
115 define('LDAP_AUTH_LOG_ATTEMPTS', FALSE); 120 define('LDAP_AUTH_LOG_ATTEMPTS', FALSE);
116 define('LDAP_AUTH_DEBUG', FALSE); 121 define('LDAP_AUTH_DEBUG', FALSE);
117 ''; 122 '';
123 };
118 webRoot = stdenv.mkDerivation (fetchedGit ./tt-rss.json // rec { 124 webRoot = stdenv.mkDerivation (fetchedGit ./tt-rss.json // rec {
119 buildPhase = '' 125 buildPhase = ''
120 rm -rf lock feed-icons cache 126 rm -rf lock feed-icons cache
@@ -122,7 +128,7 @@ let
122 ''; 128 '';
123 installPhase = '' 129 installPhase = ''
124 cp -a . $out 130 cp -a . $out
125 ln -s ${config} $out/config.php 131 ln -s /run/keys/webapps/tools-ttrss $out/config.php
126 ${builtins.concatStringsSep "\n" ( 132 ${builtins.concatStringsSep "\n" (
127 lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/plugins/${name}") plugins 133 lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/plugins/${name}") plugins
128 )} 134 )}
@@ -149,8 +155,9 @@ let
149 ''; 155 '';
150 }; 156 };
151 phpFpm = rec { 157 phpFpm = rec {
158 serviceDeps = [ "postgresql.service" "openldap.service" "tools-ttrss-key.service" ];
152 basedir = builtins.concatStringsSep ":" ( 159 basedir = builtins.concatStringsSep ":" (
153 [ webRoot config varDir ] 160 [ webRoot "/run/keys/webapps/tools-ttrss" varDir ]
154 ++ lib.attrsets.mapAttrsToList (name: value: value) plugins); 161 ++ lib.attrsets.mapAttrsToList (name: value: value) plugins);
155 socket = "/var/run/phpfpm/ttrss.sock"; 162 socket = "/var/run/phpfpm/ttrss.sock";
156 pool = '' 163 pool = ''
diff --git a/nixops/modules/websites/tools/tools/wallabag.nix b/nixops/modules/websites/tools/tools/wallabag.nix
index 0b28ccb..c808eb1 100644
--- a/nixops/modules/websites/tools/tools/wallabag.nix
+++ b/nixops/modules/websites/tools/tools/wallabag.nix
@@ -2,64 +2,70 @@
2let 2let
3 wallabag = rec { 3 wallabag = rec {
4 varDir = "/var/lib/wallabag"; 4 varDir = "/var/lib/wallabag";
5 parameters = writeText "parameters.yml" '' 5 keys.tools-wallabag = {
6 # This file is auto-generated during the composer install 6 destDir = "/run/keys/webapps";
7 parameters: 7 user = apache.user;
8 database_driver: pdo_pgsql 8 group = apache.group;
9 database_driver_class: Wallabag\CoreBundle\Doctrine\DBAL\Driver\CustomPostgreSQLDriver 9 permissions = "0700";
10 database_host: ${env.postgresql.socket} 10 text = ''
11 database_port: ${env.postgresql.port} 11 # This file is auto-generated during the composer install
12 database_name: ${env.postgresql.database} 12 parameters:
13 database_user: ${env.postgresql.user} 13 database_driver: pdo_pgsql
14 database_password: ${env.postgresql.password} 14 database_driver_class: Wallabag\CoreBundle\Doctrine\DBAL\Driver\CustomPostgreSQLDriver
15 database_path: null 15 database_host: ${env.postgresql.socket}
16 database_table_prefix: wallabag_ 16 database_port: ${env.postgresql.port}
17 database_socket: null 17 database_name: ${env.postgresql.database}
18 database_charset: utf8 18 database_user: ${env.postgresql.user}
19 domain_name: https://tools.immae.eu/wallabag 19 database_password: ${env.postgresql.password}
20 mailer_transport: sendmail 20 database_path: null
21 mailer_host: 127.0.0.1 21 database_table_prefix: wallabag_
22 mailer_user: null 22 database_socket: null
23 mailer_password: null 23 database_charset: utf8
24 locale: fr 24 domain_name: https://tools.immae.eu/wallabag
25 secret: ${env.secret} 25 mailer_transport: sendmail
26 twofactor_auth: true 26 mailer_host: 127.0.0.1
27 twofactor_sender: wallabag@tools.immae.eu 27 mailer_user: null
28 fosuser_registration: false 28 mailer_password: null
29 fosuser_confirmation: true 29 locale: fr
30 from_email: wallabag@tools.immae.eu 30 secret: ${env.secret}
31 rss_limit: 50 31 twofactor_auth: true
32 rabbitmq_host: localhost 32 twofactor_sender: wallabag@tools.immae.eu
33 rabbitmq_port: 5672 33 fosuser_registration: false
34 rabbitmq_user: guest 34 fosuser_confirmation: true
35 rabbitmq_password: guest 35 from_email: wallabag@tools.immae.eu
36 rabbitmq_prefetch_count: 10 36 rss_limit: 50
37 redis_scheme: unix 37 rabbitmq_host: localhost
38 redis_host: null 38 rabbitmq_port: 5672
39 redis_port: null 39 rabbitmq_user: guest
40 redis_path: ${env.redis.socket} 40 rabbitmq_password: guest
41 redis_password: null 41 rabbitmq_prefetch_count: 10
42 sites_credentials: { } 42 redis_scheme: unix
43 ldap_enabled: true 43 redis_host: null
44 ldap_host: ldap.immae.eu 44 redis_port: null
45 ldap_port: 636 45 redis_path: ${env.redis.socket}
46 ldap_tls: false 46 redis_password: null
47 ldap_ssl: true 47 sites_credentials: { }
48 ldap_bind_requires_dn: true 48 ldap_enabled: true
49 ldap_base: 'dc=immae,dc=eu' 49 ldap_host: ldap.immae.eu
50 ldap_manager_dn: 'cn=wallabag,ou=services,dc=immae,dc=eu' 50 ldap_port: 636
51 ldap_manager_pw: ${env.ldap.password} 51 ldap_tls: false
52 ldap_filter: '(&(memberOf=cn=users,cn=wallabag,ou=services,dc=immae,dc=eu))' 52 ldap_ssl: true
53 ldap_admin_filter: '(&(memberOf=cn=admins,cn=wallabag,ou=services,dc=immae,dc=eu)(uid=%s))' 53 ldap_bind_requires_dn: true
54 ldap_username_attribute: uid 54 ldap_base: 'dc=immae,dc=eu'
55 ldap_email_attribute: mail 55 ldap_manager_dn: 'cn=wallabag,ou=services,dc=immae,dc=eu'
56 ldap_name_attribute: cn 56 ldap_manager_pw: ${env.ldap.password}
57 ldap_enabled_attribute: null 57 ldap_filter: '(&(memberOf=cn=users,cn=wallabag,ou=services,dc=immae,dc=eu))'
58 services: 58 ldap_admin_filter: '(&(memberOf=cn=admins,cn=wallabag,ou=services,dc=immae,dc=eu)(uid=%s))'
59 swiftmailer.mailer.default.transport: 59 ldap_username_attribute: uid
60 class: Swift_SendmailTransport 60 ldap_email_attribute: mail
61 arguments: ['/run/wrappers/bin/sendmail -bs'] 61 ldap_name_attribute: cn
62 ''; 62 ldap_enabled_attribute: null
63 services:
64 swiftmailer.mailer.default.transport:
65 class: Swift_SendmailTransport
66 arguments: ['/run/wrappers/bin/sendmail -bs']
67 '';
68 };
63 webappDir = composerEnv.buildPackage rec { 69 webappDir = composerEnv.buildPackage rec {
64 packages = { 70 packages = {
65 "fr3d/ldap-bundle" = { 71 "fr3d/ldap-bundle" = {
@@ -104,7 +110,7 @@ let
104 ''; 110 '';
105 postInstall = '' 111 postInstall = ''
106 rm -rf web/assets var/{cache,logs,sessions} app/config/parameters.yml data 112 rm -rf web/assets var/{cache,logs,sessions} app/config/parameters.yml data
107 ln -sf ${parameters} app/config/parameters.yml 113 ln -sf /run/keys/webapps/tools-wallabag app/config/parameters.yml
108 ln -sf ${varDir}/var/{cache,logs,sessions} var 114 ln -sf ${varDir}/var/{cache,logs,sessions} var
109 ln -sf ${varDir}/data data 115 ln -sf ${varDir}/data data
110 ln -sf ${varDir}/assets web/assets 116 ln -sf ${varDir}/assets web/assets
@@ -163,7 +169,8 @@ let
163 ''; 169 '';
164 }; 170 };
165 phpFpm = rec { 171 phpFpm = rec {
166 basedir = builtins.concatStringsSep ":" [ webappDir parameters varDir ]; 172 serviceDeps = [ "postgresql.service" "openldap.service" "tools-wallabag-key.service" ];
173 basedir = builtins.concatStringsSep ":" [ webappDir "/run/keys/webapps/tools-wallabag" varDir ];
167 socket = "/var/run/phpfpm/wallabag.sock"; 174 socket = "/var/run/phpfpm/wallabag.sock";
168 pool = '' 175 pool = ''
169 listen = ${socket} 176 listen = ${socket}
diff --git a/nixops/modules/websites/tools/tools/yourls.nix b/nixops/modules/websites/tools/tools/yourls.nix
index b12edfa..64ec48a 100644
--- a/nixops/modules/websites/tools/tools/yourls.nix
+++ b/nixops/modules/websites/tools/tools/yourls.nix
@@ -13,7 +13,12 @@ let
13 activationScript = '' 13 activationScript = ''
14 install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/yourls 14 install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/yourls
15 ''; 15 '';
16 config = writeText "config.php" '' 16 keys.tools-yourls = {
17 destDir = "/run/keys/webapps";
18 user = apache.user;
19 group = apache.group;
20 permissions = "0700";
21 text = ''
17 <?php 22 <?php
18 define( 'YOURLS_DB_USER', '${env.mysql.user}' ); 23 define( 'YOURLS_DB_USER', '${env.mysql.user}' );
19 define( 'YOURLS_DB_PASS', '${env.mysql.password}' ); 24 define( 'YOURLS_DB_PASS', '${env.mysql.password}' );
@@ -41,12 +46,13 @@ let
41 46
42 define( 'LDAPAUTH_USERCACHE_TYPE', 0); 47 define( 'LDAPAUTH_USERCACHE_TYPE', 0);
43 ''; 48 '';
49 };
44 webRoot = stdenv.mkDerivation (fetchedGithub ./yourls.json // rec { 50 webRoot = stdenv.mkDerivation (fetchedGithub ./yourls.json // rec {
45 installPhase = '' 51 installPhase = ''
46 mkdir -p $out 52 mkdir -p $out
47 cp -a */ *.php $out/ 53 cp -a */ *.php $out/
48 cp sample-robots.txt $out/robots.txt 54 cp sample-robots.txt $out/robots.txt
49 ln -sf ${config} $out/includes/config.php 55 ln -sf /run/keys/webapps/tools-yourls $out/includes/config.php
50 ${builtins.concatStringsSep "\n" ( 56 ${builtins.concatStringsSep "\n" (
51 lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/user/plugins/${name}") plugins 57 lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/user/plugins/${name}") plugins
52 )} 58 )}
@@ -79,8 +85,9 @@ let
79 ''; 85 '';
80 }; 86 };
81 phpFpm = rec { 87 phpFpm = rec {
88 serviceDeps = [ "mysql.service" "openldap.service" "tools-yourls-key.service" ];
82 basedir = builtins.concatStringsSep ":" ( 89 basedir = builtins.concatStringsSep ":" (
83 [ webRoot config ] 90 [ webRoot "/run/keys/webapps/tools-yourls" ]
84 ++ lib.attrsets.mapAttrsToList (name: value: value) plugins); 91 ++ lib.attrsets.mapAttrsToList (name: value: value) plugins);
85 socket = "/var/run/phpfpm/yourls.sock"; 92 socket = "/var/run/phpfpm/yourls.sock";
86 pool = '' 93 pool = ''