Move personal websites to modules

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-05-18 10:49:00 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-05-18 10:49:00 +0200
commit: f8026b6e4c869aa108f6361c8ccd50890657994d (patch)
tree: 57cb311e520933bd2ab6ccbae05f2913799eb49e /modules/private/websites/immae
parent: 4aac110f17f0528d90510eec00c9a8df60bcf04f (diff)
download: Nix-f8026b6e4c869aa108f6361c8ccd50890657994d.tar.gz
Nix-f8026b6e4c869aa108f6361c8ccd50890657994d.tar.zst
Nix-f8026b6e4c869aa108f6361c8ccd50890657994d.zip
3 files changed, 139 insertions, 0 deletions
diff --git a/modules/private/websites/immae/production.nix b/modules/private/websites/immae/production.nix
new file mode 100644
index 0000000..58cf048
--- /dev/null
+++ b/modules/private/websites/immae/production.nix
@@ -0,0 +1,64 @@
+{ lib, pkgs, config, myconfig,  ... }:
+let
+  cfg = config.myServices.websites.immae.production;
+  varDir = "/var/lib/ftp/immae";
+  env = myconfig.env.websites.immae;
+in {
+  options.myServices.websites.immae.production.enable = lib.mkEnableOption "enable Immae's website";
+  config = lib.mkIf cfg.enable {
+    services.webstats.sites = [ { name = "www.immae.eu"; } ];
+    services.myPhpfpm.poolConfigs.immae = ''
+      listen = /run/phpfpm/immae.sock
+      user = wwwrun
+      group = wwwrun
+      listen.owner = wwwrun
+      listen.group = wwwrun
+      pm = ondemand
+      pm.max_children = 5
+      pm.process_idle_timeout = 60
+      php_admin_value[open_basedir] = "${varDir}:/tmp"
+      '';
+    services.websites.production.modules = [ "proxy_fcgi" ];
+    services.websites.production.vhostConfs.immae = {
+      certName    = "eldiron";
+      addToCerts  = true;
+      hosts       = [ "www.immae.eu" ];
+      root        = varDir;
+      extraConfig = [
+        ''
+        Use Stats www.immae.eu
+        <FilesMatch "\.php$">
+          SetHandler "proxy:unix:/run/phpfpm/immae.sock|fcgi://localhost"
+        </FilesMatch>
+        <Directory ${varDir}>
+          DirectoryIndex index.php index.htm index.html
+          Options Indexes FollowSymLinks MultiViews Includes
+          AllowOverride All
+          Require all granted
+        </Directory>
+        <Location /blog_old/>
+          Use LDAPConnect
+          Require ldap-group cn=blog,cn=immae.eu,ou=services,dc=immae,dc=eu
+        </Location>
+        ''
+      ];
+    };
+    services.websites.production.vhostConfs.bouya = {
+      certName    = "eldiron";
+      addToCerts  = true;
+      hosts       = [ "bouya.org" "www.bouya.org" ];
+      root        = null;
+      extraConfig = [ ''
+        RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://www.normalesup.org/~bouya/
+        '' ];
+    };
+  };
+}
diff --git a/modules/private/websites/immae/release.nix b/modules/private/websites/immae/release.nix
new file mode 100644
index 0000000..68381a6
--- /dev/null
+++ b/modules/private/websites/immae/release.nix
@@ -0,0 +1,39 @@
+{ lib, pkgs, config, myconfig,  ... }:
+let
+  cfg = config.myServices.websites.immae.release;
+  varDir = "/var/lib/ftp/release.immae.eu";
+  env = myconfig.env.websites.release;
+in {
+  options.myServices.websites.immae.release.enable = lib.mkEnableOption "enable Release' website";
+  config = lib.mkIf cfg.enable {
+    services.webstats.sites = [ { name = "release.immae.eu"; } ];
+    services.websites.production.vhostConfs.release = {
+      certName    = "eldiron";
+      addToCerts  = true;
+      hosts       = [ "release.immae.eu" ];
+      root        = varDir;
+      extraConfig = [
+        ''
+        Use Stats release.immae.eu
+        Use Apaxy "${varDir}" "title .duplicity-ignore"
+        <Directory "${varDir}">
+          Use LDAPConnect
+          Options Indexes
+          AllowOverride All
+          Require all granted
+        </Directory>
+        <Directory "${varDir}/packages">
+          Use LDAPConnect
+          Options Indexes FollowSymlinks
+          AllowOverride None
+          Require all granted
+        </Directory>
+        ''
+      ];
+    };
+  };
+}
diff --git a/modules/private/websites/immae/temp.nix b/modules/private/websites/immae/temp.nix
new file mode 100644
index 0000000..0b2a3a3
--- /dev/null
+++ b/modules/private/websites/immae/temp.nix
@@ -0,0 +1,36 @@
+{ lib, pkgs, config, myconfig,  ... }:
+let
+  cfg = config.myServices.websites.immae.temp;
+  varDir = "/var/lib/ftp/temp.immae.eu";
+  env = myconfig.env.websites.temp;
+in {
+  options.myServices.websites.immae.temp.enable = lib.mkEnableOption "enable Temp' website";
+  config = lib.mkIf cfg.enable {
+    services.websites.production.modules = [ "headers" ];
+    services.websites.production.vhostConfs.temp = {
+      certName    = "eldiron";
+      addToCerts  = true;
+      hosts       = [ "temp.immae.eu" ];
+      root        = varDir;
+      extraConfig = [
+        ''
+        Use Apaxy "${varDir}" "title .duplicity-ignore"
+        <FilesMatch ".+">
+          Header set Content-Disposition attachment
+        </FilesMatch>
+        <Directory "${varDir}">
+          Options -Indexes
+          AllowOverride None
+          Require all granted
+        </Directory>
+        <DirectoryMatch "${varDir}/(.+)">
+          Options Indexes
+        </DirectoryMatch>
+        ''
+      ];
+    };
+  };
+}
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-05-18 10:49:00 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-05-18 10:49:00 +0200
commit	f8026b6e4c869aa108f6361c8ccd50890657994d (patch)
tree	57cb311e520933bd2ab6ccbae05f2913799eb49e /modules/private/websites/immae
parent	4aac110f17f0528d90510eec00c9a8df60bcf04f (diff)
download	Nix-f8026b6e4c869aa108f6361c8ccd50890657994d.tar.gz Nix-f8026b6e4c869aa108f6361c8ccd50890657994d.tar.zst Nix-f8026b6e4c869aa108f6361c8ccd50890657994d.zip

diff --git a/modules/private/websites/immae/production.nix b/modules/private/websites/immae/production.nix new file mode 100644 index 0000000..58cf048 --- /dev/null +++ b/modules/private/websites/immae/production.nix
@@ -0,0 +1,64 @@
	1	{ lib, pkgs, config, myconfig, ... }:
	2	let
	3	cfg = config.myServices.websites.immae.production;
	4	varDir = "/var/lib/ftp/immae";
	5	env = myconfig.env.websites.immae;
	6	in {
	7	options.myServices.websites.immae.production.enable = lib.mkEnableOption "enable Immae's website";
	8
	9	config = lib.mkIf cfg.enable {
	10	services.webstats.sites = [ { name = "www.immae.eu"; } ];
	11
	12	services.myPhpfpm.poolConfigs.immae = ''
	13	listen = /run/phpfpm/immae.sock
	14	user = wwwrun
	15	group = wwwrun
	16	listen.owner = wwwrun
	17	listen.group = wwwrun
	18
	19	pm = ondemand
	20	pm.max_children = 5
	21	pm.process_idle_timeout = 60
	22
	23	php_admin_value[open_basedir] = "${varDir}:/tmp"
	24	'';
	25	services.websites.production.modules = [ "proxy_fcgi" ];
	26	services.websites.production.vhostConfs.immae = {
	27	certName = "eldiron";
	28	addToCerts = true;
	29	hosts = [ "www.immae.eu" ];
	30	root = varDir;
	31	extraConfig = [
	32	''
	33	Use Stats www.immae.eu
	34
	35	<FilesMatch "\.php$">
	36	SetHandler "proxy:unix:/run/phpfpm/immae.sock\|fcgi://localhost"
	37	</FilesMatch>
	38
	39	<Directory ${varDir}>
	40	DirectoryIndex index.php index.htm index.html
	41	Options Indexes FollowSymLinks MultiViews Includes
	42	AllowOverride All
	43	Require all granted
	44	</Directory>
	45
	46	<Location /blog_old/>
	47	Use LDAPConnect
	48	Require ldap-group cn=blog,cn=immae.eu,ou=services,dc=immae,dc=eu
	49	</Location>
	50	''
	51	];
	52	};
	53
	54	services.websites.production.vhostConfs.bouya = {
	55	certName = "eldiron";
	56	addToCerts = true;
	57	hosts = [ "bouya.org" "www.bouya.org" ];
	58	root = null;
	59	extraConfig = [ ''
	60	RedirectMatch 301 ^/((?!\.well-known.$).)$ https://www.normalesup.org/~bouya/
	61	'' ];
	62	};
	63	};
	64	}


diff --git a/modules/private/websites/immae/release.nix b/modules/private/websites/immae/release.nix new file mode 100644 index 0000000..68381a6 --- /dev/null +++ b/modules/private/websites/immae/release.nix
@@ -0,0 +1,39 @@
	1	{ lib, pkgs, config, myconfig, ... }:
	2	let
	3	cfg = config.myServices.websites.immae.release;
	4	varDir = "/var/lib/ftp/release.immae.eu";
	5	env = myconfig.env.websites.release;
	6	in {
	7	options.myServices.websites.immae.release.enable = lib.mkEnableOption "enable Release' website";
	8
	9	config = lib.mkIf cfg.enable {
	10	services.webstats.sites = [ { name = "release.immae.eu"; } ];
	11
	12	services.websites.production.vhostConfs.release = {
	13	certName = "eldiron";
	14	addToCerts = true;
	15	hosts = [ "release.immae.eu" ];
	16	root = varDir;
	17	extraConfig = [
	18	''
	19	Use Stats release.immae.eu
	20
	21	Use Apaxy "${varDir}" "title .duplicity-ignore"
	22	<Directory "${varDir}">
	23	Use LDAPConnect
	24	Options Indexes
	25	AllowOverride All
	26	Require all granted
	27	</Directory>
	28
	29	<Directory "${varDir}/packages">
	30	Use LDAPConnect
	31	Options Indexes FollowSymlinks
	32	AllowOverride None
	33	Require all granted
	34	</Directory>
	35	''
	36	];
	37	};
	38	};
	39	}


diff --git a/modules/private/websites/immae/temp.nix b/modules/private/websites/immae/temp.nix new file mode 100644 index 0000000..0b2a3a3 --- /dev/null +++ b/modules/private/websites/immae/temp.nix
@@ -0,0 +1,36 @@
	1	{ lib, pkgs, config, myconfig, ... }:
	2	let
	3	cfg = config.myServices.websites.immae.temp;
	4	varDir = "/var/lib/ftp/temp.immae.eu";
	5	env = myconfig.env.websites.temp;
	6	in {
	7	options.myServices.websites.immae.temp.enable = lib.mkEnableOption "enable Temp' website";
	8
	9	config = lib.mkIf cfg.enable {
	10	services.websites.production.modules = [ "headers" ];
	11	services.websites.production.vhostConfs.temp = {
	12	certName = "eldiron";
	13	addToCerts = true;
	14	hosts = [ "temp.immae.eu" ];
	15	root = varDir;
	16	extraConfig = [
	17	''
	18	Use Apaxy "${varDir}" "title .duplicity-ignore"
	19	<FilesMatch ".+">
	20	Header set Content-Disposition attachment
	21	</FilesMatch>
	22	<Directory "${varDir}">
	23	Options -Indexes
	24	AllowOverride None
	25	Require all granted
	26	</Directory>
	27
	28	<DirectoryMatch "${varDir}/(.+)">
	29	Options Indexes
	30	</DirectoryMatch>
	31	''
	32	];
	33	};
	34	};
	35	}
	36