Add file manager

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2020-05-05 12:55:05 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2020-05-05 12:55:05 +0200
commit: 91b3d06b6a9147e0e03b49d25cdcecb8a617a4f7 (patch)
tree: 567fcdf23483fdf11a5f27319f4b120e2e64c4c5 /modules/private/websites/immae
parent: 9271611c189a3ed4129d3b98422f86ab3f774f10 (diff)
download: Nix-91b3d06b6a9147e0e03b49d25cdcecb8a617a4f7.tar.gz
Nix-91b3d06b6a9147e0e03b49d25cdcecb8a617a4f7.tar.zst
Nix-91b3d06b6a9147e0e03b49d25cdcecb8a617a4f7.zip
1 files changed, 51 insertions, 15 deletions
diff --git a/modules/private/websites/immae/temp.nix b/modules/private/websites/immae/temp.nix
index c24844e..fd54f5e 100644
--- a/modules/private/websites/immae/temp.nix
+++ b/modules/private/websites/immae/temp.nix
@@ -1,32 +1,68 @@
 { lib, pkgs, config,  ... }:
 let
  cfg = config.myServices.websites.immae.temp;
-  varDir = "/var/lib/ftp/temp.immae.eu";
+  varDir = "/var/lib/immae_temp";
-  env = config.myEnv.websites.temp;
+  env = config.myEnv.websites.immae.temp;
 in {
  options.myServices.websites.immae.temp.enable = lib.mkEnableOption "enable Temp' website";
  config = lib.mkIf cfg.enable {
-    services.websites.env.production.modules = [ "headers" ];
+    services.duplyBackup.profiles.immae_temp.rootDir = varDir;
+    services.duplyBackup.profiles.immae_temp_surfer.rootDir = "/var/lib/surfer";
    services.websites.env.production.vhostConfs.immae_temp = {
      certName    = "immae";
      addToCerts  = true;
      hosts       = [ "temp.immae.eu" ];
-      root        = varDir;
+      root        = null;
-      extraConfig = [
+      extraConfig = [ ''
-        ''
+        ProxyVia On
-        Use Apaxy "${varDir}" "title .duplicity-ignore"
+        ProxyRequests Off
-        <Directory "${varDir}">
+        ProxyPreserveHost On
-          Options -Indexes
+        ProxyPass         / unix:///run/surfer/listen.sock|http://temp.immae.eu/
+        ProxyPassReverse  / unix:///run/surfer/listen.sock|http://temp.immae.eu/
+        <Proxy *>
+          Options FollowSymLinks MultiViews
          AllowOverride None
          Require all granted
-        </Directory>
+        </Proxy>
+      '' ];
+    };
+    secrets.keys = [
+      {
+        dest = "webapps/surfer";
+        permissions = "0400";
+        user = "wwwrun";
+        group = "wwwrun";
+        text = ''
+          CLOUDRON_LDAP_URL=ldaps://${env.ldap.host}
+          CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
+          TOKENSTORE_FILE=/var/lib/surfer/tokens.json
+          CLOUDRON_LDAP_BIND_DN=${env.ldap.dn}
+          CLOUDRON_LDAP_BIND_PASSWORD=${env.ldap.password}
+          CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
+          CLOUDRON_LDAP_FILTER="${env.ldap.filter}"
+          LISTEN=/run/surfer/listen.sock
+        '';
+      }
+    ];
+    systemd.services.surfer = {
+      description = "Surfer";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
-        <DirectoryMatch "${varDir}/(.+)">
+      script = ''
-          Options Indexes
+        exec ${pkgs.webapps.surfer}/bin/surfer-server ${varDir}
-        </DirectoryMatch>
+      '';
-        ''
+      serviceConfig = {
-      ];
+        EnvironmentFile = "/var/secrets/webapps/surfer";
+        User = "wwwrun";
+        Group = "wwwrun";
+        StateDirectory = "surfer";
+        RuntimeDirectory = "surfer";
+        Type = "simple";
+      };
    };
  };
 }
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2020-05-05 12:55:05 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2020-05-05 12:55:05 +0200
commit	91b3d06b6a9147e0e03b49d25cdcecb8a617a4f7 (patch)
tree	567fcdf23483fdf11a5f27319f4b120e2e64c4c5 /modules/private/websites/immae
parent	9271611c189a3ed4129d3b98422f86ab3f774f10 (diff)
download	Nix-91b3d06b6a9147e0e03b49d25cdcecb8a617a4f7.tar.gz Nix-91b3d06b6a9147e0e03b49d25cdcecb8a617a4f7.tar.zst Nix-91b3d06b6a9147e0e03b49d25cdcecb8a617a4f7.zip

diff --git a/modules/private/websites/immae/temp.nix b/modules/private/websites/immae/temp.nix index c24844e..fd54f5e 100644 --- a/modules/private/websites/immae/temp.nix +++ b/modules/private/websites/immae/temp.nix
@@ -1,32 +1,68 @@
1	{ lib, pkgs, config, ... }:	1	{ lib, pkgs, config, ... }:
2	let	2	let
3	cfg = config.myServices.websites.immae.temp;	3	cfg = config.myServices.websites.immae.temp;
4	varDir = "/var/lib/ftp/temp.immae.eu";	4	varDir = "/var/lib/immae_temp";
5	env = config.myEnv.websites.temp;	5	env = config.myEnv.websites.immae.temp;
6	in {	6	in {
7	options.myServices.websites.immae.temp.enable = lib.mkEnableOption "enable Temp' website";	7	options.myServices.websites.immae.temp.enable = lib.mkEnableOption "enable Temp' website";
8		8
9	config = lib.mkIf cfg.enable {	9	config = lib.mkIf cfg.enable {
10	services.websites.env.production.modules = [ "headers" ];	10	services.duplyBackup.profiles.immae_temp.rootDir = varDir;
		11	services.duplyBackup.profiles.immae_temp_surfer.rootDir = "/var/lib/surfer";
11	services.websites.env.production.vhostConfs.immae_temp = {	12	services.websites.env.production.vhostConfs.immae_temp = {
12	certName = "immae";	13	certName = "immae";
13	addToCerts = true;	14	addToCerts = true;
14	hosts = [ "temp.immae.eu" ];	15	hosts = [ "temp.immae.eu" ];
15	root = varDir;	16	root = null;
16	extraConfig = [	17	extraConfig = [ ''
17	''	18	ProxyVia On
18	Use Apaxy "${varDir}" "title .duplicity-ignore"	19	ProxyRequests Off
19	<Directory "${varDir}">	20	ProxyPreserveHost On
20	Options -Indexes	21	ProxyPass / unix:///run/surfer/listen.sock\|http://temp.immae.eu/
		22	ProxyPassReverse / unix:///run/surfer/listen.sock\|http://temp.immae.eu/
		23	<Proxy *>
		24	Options FollowSymLinks MultiViews
21	AllowOverride None	25	AllowOverride None
22	Require all granted	26	Require all granted
23	</Directory>	27	</Proxy>
		28	'' ];
		29	};
		30
		31	secrets.keys = [
		32	{
		33	dest = "webapps/surfer";
		34	permissions = "0400";
		35	user = "wwwrun";
		36	group = "wwwrun";
		37	text = ''
		38	CLOUDRON_LDAP_URL=ldaps://${env.ldap.host}
		39	CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
		40	TOKENSTORE_FILE=/var/lib/surfer/tokens.json
		41	CLOUDRON_LDAP_BIND_DN=${env.ldap.dn}
		42	CLOUDRON_LDAP_BIND_PASSWORD=${env.ldap.password}
		43	CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
		44	CLOUDRON_LDAP_FILTER="${env.ldap.filter}"
		45	LISTEN=/run/surfer/listen.sock
		46	'';
		47	}
		48	];
		49
		50	systemd.services.surfer = {
		51	description = "Surfer";
		52	wantedBy = [ "multi-user.target" ];
		53	after = [ "network.target" ];
24		54
25	<DirectoryMatch "${varDir}/(.+)">	55	script = ''
26	Options Indexes	56	exec ${pkgs.webapps.surfer}/bin/surfer-server ${varDir}
27	</DirectoryMatch>	57	'';
28	''	58	serviceConfig = {
29	];	59	EnvironmentFile = "/var/secrets/webapps/surfer";
		60	User = "wwwrun";
		61	Group = "wwwrun";
		62	StateDirectory = "surfer";
		63	RuntimeDirectory = "surfer";
		64	Type = "simple";
		65	};
30	};	66	};
31	};	67	};
32	}	68	}