diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-07-01 22:07:52 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-07-01 22:07:52 +0200 |
commit | afcc5de071dfffdc507995d1845372ba40dc1dc2 (patch) | |
tree | c96fe6b4d915e7382316a57d0d626760a7fd2876 /modules/private/websites/tools/tools | |
parent | 2f16a987d306cdb7bf9b4e80fa4af173373719bd (diff) | |
download | Nix-afcc5de071dfffdc507995d1845372ba40dc1dc2.tar.gz Nix-afcc5de071dfffdc507995d1845372ba40dc1dc2.tar.zst Nix-afcc5de071dfffdc507995d1845372ba40dc1dc2.zip |
Implement mta-sts and move mail services to specific domain
Diffstat (limited to 'modules/private/websites/tools/tools')
-rw-r--r-- | modules/private/websites/tools/tools/default.nix | 35 | ||||
-rw-r--r-- | modules/private/websites/tools/tools/rainloop.nix | 59 | ||||
-rw-r--r-- | modules/private/websites/tools/tools/roundcubemail.nix | 125 |
3 files changed, 4 insertions, 215 deletions
diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix index 9908d99..5b368e0 100644 --- a/modules/private/websites/tools/tools/default.nix +++ b/modules/private/websites/tools/tools/default.nix | |||
@@ -10,11 +10,6 @@ let | |||
10 | inherit (pkgs.webapps) ttrss ttrss-plugins; | 10 | inherit (pkgs.webapps) ttrss ttrss-plugins; |
11 | env = myconfig.env.tools.ttrss; | 11 | env = myconfig.env.tools.ttrss; |
12 | }; | 12 | }; |
13 | roundcubemail = pkgs.callPackage ./roundcubemail.nix { | ||
14 | inherit (pkgs.webapps) roundcubemail roundcubemail-plugins roundcubemail-skins; | ||
15 | env = myconfig.env.tools.roundcubemail; | ||
16 | }; | ||
17 | rainloop = pkgs.callPackage ./rainloop.nix {}; | ||
18 | kanboard = pkgs.callPackage ./kanboard.nix { | 13 | kanboard = pkgs.callPackage ./kanboard.nix { |
19 | env = myconfig.env.tools.kanboard; | 14 | env = myconfig.env.tools.kanboard; |
20 | }; | 15 | }; |
@@ -51,21 +46,16 @@ in { | |||
51 | secrets.keys = | 46 | secrets.keys = |
52 | kanboard.keys | 47 | kanboard.keys |
53 | ++ ldap.keys | 48 | ++ ldap.keys |
54 | ++ roundcubemail.keys | ||
55 | ++ shaarli.keys | 49 | ++ shaarli.keys |
56 | ++ ttrss.keys | 50 | ++ ttrss.keys |
57 | ++ wallabag.keys | 51 | ++ wallabag.keys |
58 | ++ yourls.keys; | 52 | ++ yourls.keys; |
59 | 53 | ||
60 | services.websites.env.integration.modules = | ||
61 | rainloop.apache.modules; | ||
62 | |||
63 | services.websites.env.tools.modules = | 54 | services.websites.env.tools.modules = |
64 | [ "proxy_fcgi" ] | 55 | [ "proxy_fcgi" ] |
65 | ++ adminer.apache.modules | 56 | ++ adminer.apache.modules |
66 | ++ ympd.apache.modules | 57 | ++ ympd.apache.modules |
67 | ++ ttrss.apache.modules | 58 | ++ ttrss.apache.modules |
68 | ++ roundcubemail.apache.modules | ||
69 | ++ wallabag.apache.modules | 59 | ++ wallabag.apache.modules |
70 | ++ yourls.apache.modules | 60 | ++ yourls.apache.modules |
71 | ++ rompr.apache.modules | 61 | ++ rompr.apache.modules |
@@ -90,7 +80,6 @@ in { | |||
90 | </FilesMatch> | 80 | </FilesMatch> |
91 | </Directory> | 81 | </Directory> |
92 | '' | 82 | '' |
93 | rainloop.apache.vhostConf | ||
94 | ]; | 83 | ]; |
95 | }; | 84 | }; |
96 | 85 | ||
@@ -101,6 +90,8 @@ in { | |||
101 | root = "/var/lib/ftp/tools.immae.eu"; | 90 | root = "/var/lib/ftp/tools.immae.eu"; |
102 | extraConfig = [ | 91 | extraConfig = [ |
103 | '' | 92 | '' |
93 | RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1 | ||
94 | |||
104 | <Directory "/var/lib/ftp/tools.immae.eu"> | 95 | <Directory "/var/lib/ftp/tools.immae.eu"> |
105 | DirectoryIndex index.php index.htm index.html | 96 | DirectoryIndex index.php index.htm index.html |
106 | AllowOverride all | 97 | AllowOverride all |
@@ -113,7 +104,6 @@ in { | |||
113 | adminer.apache.vhostConf | 104 | adminer.apache.vhostConf |
114 | ympd.apache.vhostConf | 105 | ympd.apache.vhostConf |
115 | ttrss.apache.vhostConf | 106 | ttrss.apache.vhostConf |
116 | roundcubemail.apache.vhostConf | ||
117 | wallabag.apache.vhostConf | 107 | wallabag.apache.vhostConf |
118 | yourls.apache.vhostConf | 108 | yourls.apache.vhostConf |
119 | rompr.apache.vhostConf | 109 | rompr.apache.vhostConf |
@@ -145,6 +135,8 @@ in { | |||
145 | 135 | ||
146 | RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1 | 136 | RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1 |
147 | 137 | ||
138 | RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1 | ||
139 | |||
148 | RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1 | 140 | RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1 |
149 | '' | 141 | '' |
150 | ]; | 142 | ]; |
@@ -163,14 +155,6 @@ in { | |||
163 | after = lib.mkAfter ldap.phpFpm.serviceDeps; | 155 | after = lib.mkAfter ldap.phpFpm.serviceDeps; |
164 | wants = ldap.phpFpm.serviceDeps; | 156 | wants = ldap.phpFpm.serviceDeps; |
165 | }; | 157 | }; |
166 | phpfpm-rainloop = { | ||
167 | after = lib.mkAfter rainloop.phpFpm.serviceDeps; | ||
168 | wants = rainloop.phpFpm.serviceDeps; | ||
169 | }; | ||
170 | phpfpm-roundcubemail = { | ||
171 | after = lib.mkAfter roundcubemail.phpFpm.serviceDeps; | ||
172 | wants = roundcubemail.phpFpm.serviceDeps; | ||
173 | }; | ||
174 | phpfpm-shaarli = { | 158 | phpfpm-shaarli = { |
175 | after = lib.mkAfter shaarli.phpFpm.serviceDeps; | 159 | after = lib.mkAfter shaarli.phpFpm.serviceDeps; |
176 | wants = shaarli.phpFpm.serviceDeps; | 160 | wants = shaarli.phpFpm.serviceDeps; |
@@ -217,12 +201,6 @@ in { | |||
217 | paths = [ "/var/secrets/mpd" ]; | 201 | paths = [ "/var/secrets/mpd" ]; |
218 | }; | 202 | }; |
219 | 203 | ||
220 | services.phpfpm.pools.roundcubemail = { | ||
221 | listen = roundcubemail.phpFpm.socket; | ||
222 | extraConfig = roundcubemail.phpFpm.pool; | ||
223 | phpOptions = config.services.phpfpm.phpOptions + roundcubemail.phpFpm.phpConfig; | ||
224 | }; | ||
225 | |||
226 | services.phpfpm.pools.devtools = { | 204 | services.phpfpm.pools.devtools = { |
227 | listen = "/var/run/phpfpm/devtools.sock"; | 205 | listen = "/var/run/phpfpm/devtools.sock"; |
228 | extraConfig = '' | 206 | extraConfig = '' |
@@ -254,7 +232,6 @@ in { | |||
254 | shaarli = shaarli.phpFpm.pool; | 232 | shaarli = shaarli.phpFpm.pool; |
255 | dokuwiki = dokuwiki.phpFpm.pool; | 233 | dokuwiki = dokuwiki.phpFpm.pool; |
256 | ldap = ldap.phpFpm.pool; | 234 | ldap = ldap.phpFpm.pool; |
257 | rainloop = rainloop.phpFpm.pool; | ||
258 | kanboard = kanboard.phpFpm.pool; | 235 | kanboard = kanboard.phpFpm.pool; |
259 | tools = '' | 236 | tools = '' |
260 | listen = /var/run/phpfpm/tools.sock | 237 | listen = /var/run/phpfpm/tools.sock |
@@ -277,13 +254,11 @@ in { | |||
277 | system.activationScripts = { | 254 | system.activationScripts = { |
278 | adminer = adminer.activationScript; | 255 | adminer = adminer.activationScript; |
279 | ttrss = ttrss.activationScript; | 256 | ttrss = ttrss.activationScript; |
280 | roundcubemail = roundcubemail.activationScript; | ||
281 | wallabag = wallabag.activationScript; | 257 | wallabag = wallabag.activationScript; |
282 | yourls = yourls.activationScript; | 258 | yourls = yourls.activationScript; |
283 | rompr = rompr.activationScript; | 259 | rompr = rompr.activationScript; |
284 | shaarli = shaarli.activationScript; | 260 | shaarli = shaarli.activationScript; |
285 | dokuwiki = dokuwiki.activationScript; | 261 | dokuwiki = dokuwiki.activationScript; |
286 | rainloop = rainloop.activationScript; | ||
287 | kanboard = kanboard.activationScript; | 262 | kanboard = kanboard.activationScript; |
288 | ldap = ldap.activationScript; | 263 | ldap = ldap.activationScript; |
289 | }; | 264 | }; |
@@ -293,12 +268,10 @@ in { | |||
293 | "${dokuwiki.apache.webappName}" = dokuwiki.webRoot; | 268 | "${dokuwiki.apache.webappName}" = dokuwiki.webRoot; |
294 | "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs"; | 269 | "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs"; |
295 | "${rompr.apache.webappName}" = rompr.webRoot; | 270 | "${rompr.apache.webappName}" = rompr.webRoot; |
296 | "${roundcubemail.apache.webappName}" = roundcubemail.webRoot; | ||
297 | "${shaarli.apache.webappName}" = shaarli.webRoot; | 271 | "${shaarli.apache.webappName}" = shaarli.webRoot; |
298 | "${ttrss.apache.webappName}" = ttrss.webRoot; | 272 | "${ttrss.apache.webappName}" = ttrss.webRoot; |
299 | "${wallabag.apache.webappName}" = wallabag.webRoot; | 273 | "${wallabag.apache.webappName}" = wallabag.webRoot; |
300 | "${yourls.apache.webappName}" = yourls.webRoot; | 274 | "${yourls.apache.webappName}" = yourls.webRoot; |
301 | "${rainloop.apache.webappName}" = rainloop.webRoot; | ||
302 | "${kanboard.apache.webappName}" = kanboard.webRoot; | 275 | "${kanboard.apache.webappName}" = kanboard.webRoot; |
303 | }; | 276 | }; |
304 | 277 | ||
diff --git a/modules/private/websites/tools/tools/rainloop.nix b/modules/private/websites/tools/tools/rainloop.nix deleted file mode 100644 index dbf0f24..0000000 --- a/modules/private/websites/tools/tools/rainloop.nix +++ /dev/null | |||
@@ -1,59 +0,0 @@ | |||
1 | { lib, pkgs, writeText, stdenv, fetchurl }: | ||
2 | rec { | ||
3 | varDir = "/var/lib/rainloop"; | ||
4 | activationScript = { | ||
5 | deps = [ "wrappers" ]; | ||
6 | text = '' | ||
7 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} | ||
8 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions | ||
9 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/data | ||
10 | ''; | ||
11 | }; | ||
12 | webRoot = pkgs.rainloop-community.override { dataPath = "${varDir}/data"; }; | ||
13 | apache = rec { | ||
14 | user = "wwwrun"; | ||
15 | group = "wwwrun"; | ||
16 | modules = [ "proxy_fcgi" ]; | ||
17 | webappName = "tools_rainloop"; | ||
18 | root = "/run/current-system/webapps/${webappName}"; | ||
19 | vhostConf = '' | ||
20 | Alias /rainloop "${root}" | ||
21 | <Directory "${root}"> | ||
22 | DirectoryIndex index.php | ||
23 | AllowOverride All | ||
24 | Options -FollowSymlinks | ||
25 | Require all granted | ||
26 | |||
27 | <FilesMatch "\.php$"> | ||
28 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | ||
29 | </FilesMatch> | ||
30 | </Directory> | ||
31 | |||
32 | <DirectoryMatch "${root}/data"> | ||
33 | Require all denied | ||
34 | </DirectoryMatch> | ||
35 | ''; | ||
36 | }; | ||
37 | phpFpm = rec { | ||
38 | serviceDeps = [ "postgresql.service" ]; | ||
39 | basedir = builtins.concatStringsSep ":" [ webRoot varDir ]; | ||
40 | socket = "/var/run/phpfpm/rainloop.sock"; | ||
41 | pool = '' | ||
42 | listen = ${socket} | ||
43 | user = ${apache.user} | ||
44 | group = ${apache.group} | ||
45 | listen.owner = ${apache.user} | ||
46 | listen.group = ${apache.group} | ||
47 | pm = ondemand | ||
48 | pm.max_children = 60 | ||
49 | pm.process_idle_timeout = 60 | ||
50 | |||
51 | ; Needed to avoid clashes in browser cookies (same domain) | ||
52 | php_value[session.name] = RainloopPHPSESSID | ||
53 | php_admin_value[upload_max_filesize] = 200M | ||
54 | php_admin_value[post_max_size] = 200M | ||
55 | php_admin_value[open_basedir] = "${basedir}:/tmp" | ||
56 | php_admin_value[session.save_path] = "${varDir}/phpSessions" | ||
57 | ''; | ||
58 | }; | ||
59 | } | ||
diff --git a/modules/private/websites/tools/tools/roundcubemail.nix b/modules/private/websites/tools/tools/roundcubemail.nix deleted file mode 100644 index 8bb60d6..0000000 --- a/modules/private/websites/tools/tools/roundcubemail.nix +++ /dev/null | |||
@@ -1,125 +0,0 @@ | |||
1 | { env, roundcubemail, roundcubemail-plugins, roundcubemail-skins, phpPackages, apacheHttpd }: | ||
2 | rec { | ||
3 | varDir = "/var/lib/roundcubemail"; | ||
4 | activationScript = { | ||
5 | deps = [ "wrappers" ]; | ||
6 | text = '' | ||
7 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ | ||
8 | ${varDir}/cache ${varDir}/logs | ||
9 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions | ||
10 | ''; | ||
11 | }; | ||
12 | keys = [{ | ||
13 | dest = "webapps/tools-roundcube"; | ||
14 | user = apache.user; | ||
15 | group = apache.group; | ||
16 | permissions = "0400"; | ||
17 | text = '' | ||
18 | <?php | ||
19 | $config['db_dsnw'] = '${env.psql_url}'; | ||
20 | $config['default_host'] = 'ssl://imap.immae.eu'; | ||
21 | $config['username_domain'] = array( | ||
22 | "imap.immae.eu" => "mail.immae.eu" | ||
23 | ); | ||
24 | $config['imap_conn_options'] = array("ssl" => array("verify_peer" => false)); | ||
25 | $config['smtp_server'] = 'tls://smtp.immae.eu'; | ||
26 | $config['smtp_port'] = '587'; | ||
27 | $config['managesieve_host'] = 'imap.immae.eu'; | ||
28 | $config['managesieve_port'] = '4190'; | ||
29 | $config['managesieve_usetls'] = true; | ||
30 | $config['managesieve_conn_options'] = array("ssl" => array("verify_peer" => false)); | ||
31 | |||
32 | $config['imap_cache'] = 'db'; | ||
33 | $config['messages_cache'] = 'db'; | ||
34 | |||
35 | $config['support_url'] = '''; | ||
36 | |||
37 | $config['des_key'] = '${env.secret}'; | ||
38 | |||
39 | $config['skin'] = 'elastic'; | ||
40 | $config['plugins'] = array( | ||
41 | 'attachment_reminder', | ||
42 | 'emoticons', | ||
43 | 'filesystem_attachments', | ||
44 | 'hide_blockquote', | ||
45 | 'identicon', | ||
46 | 'identity_select', | ||
47 | 'jqueryui', | ||
48 | 'markasjunk', | ||
49 | 'managesieve', | ||
50 | 'newmail_notifier', | ||
51 | 'vcard_attachments', | ||
52 | 'zipdownload', | ||
53 | |||
54 | 'automatic_addressbook', | ||
55 | 'message_highlight', | ||
56 | 'carddav', | ||
57 | // Ne marche pas ?: 'ident_switch', | ||
58 | // Ne marche pas ?: 'thunderbird_labels', | ||
59 | ); | ||
60 | |||
61 | $config['language'] = 'fr_FR'; | ||
62 | |||
63 | $config['drafts_mbox'] = 'Drafts'; | ||
64 | $config['junk_mbox'] = 'Junk'; | ||
65 | $config['sent_mbox'] = 'Sent'; | ||
66 | $config['trash_mbox'] = 'Trash'; | ||
67 | $config['default_folders'] = array('INBOX', 'Drafts', 'Sent', 'Junk', 'Trash'); | ||
68 | $config['draft_autosave'] = 60; | ||
69 | $config['enable_installer'] = false; | ||
70 | $config['log_driver'] = 'file'; | ||
71 | $config['temp_dir'] = '${varDir}/cache'; | ||
72 | $config['mime_types'] = '${apacheHttpd}/conf/mime.types'; | ||
73 | ''; | ||
74 | }]; | ||
75 | webRoot = (roundcubemail.override { roundcube_config = "/var/secrets/webapps/tools-roundcube"; }).withPlugins | ||
76 | (builtins.attrValues roundcubemail-plugins) (builtins.attrValues roundcubemail-skins); | ||
77 | apache = rec { | ||
78 | user = "wwwrun"; | ||
79 | group = "wwwrun"; | ||
80 | modules = [ "proxy_fcgi" ]; | ||
81 | webappName = "tools_roundcubemail"; | ||
82 | root = "/run/current-system/webapps/${webappName}"; | ||
83 | vhostConf = '' | ||
84 | Alias /roundcube "${root}" | ||
85 | <Directory "${root}"> | ||
86 | DirectoryIndex index.php | ||
87 | AllowOverride All | ||
88 | Options FollowSymlinks | ||
89 | Require all granted | ||
90 | |||
91 | <FilesMatch "\.php$"> | ||
92 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | ||
93 | </FilesMatch> | ||
94 | </Directory> | ||
95 | ''; | ||
96 | }; | ||
97 | phpFpm = rec { | ||
98 | serviceDeps = [ "postgresql.service" ]; | ||
99 | basedir = builtins.concatStringsSep ":" ( | ||
100 | [ webRoot "/var/secrets/webapps/tools-roundcube" varDir ] | ||
101 | ++ webRoot.plugins | ||
102 | ++ webRoot.skins); | ||
103 | phpConfig = '' | ||
104 | date.timezone = 'CET' | ||
105 | extension=${phpPackages.imagick}/lib/php/extensions/imagick.so | ||
106 | ''; | ||
107 | socket = "/var/run/phpfpm/roundcubemail.sock"; | ||
108 | pool = '' | ||
109 | user = ${apache.user} | ||
110 | group = ${apache.group} | ||
111 | listen.owner = ${apache.user} | ||
112 | listen.group = ${apache.group} | ||
113 | pm = ondemand | ||
114 | pm.max_children = 60 | ||
115 | pm.process_idle_timeout = 60 | ||
116 | |||
117 | ; Needed to avoid clashes in browser cookies (same domain) | ||
118 | php_value[session.name] = RoundcubemailPHPSESSID | ||
119 | php_admin_value[upload_max_filesize] = 200M | ||
120 | php_admin_value[post_max_size] = 200M | ||
121 | php_admin_value[open_basedir] = "${basedir}:${apacheHttpd}/conf/mime.types:/tmp" | ||
122 | php_admin_value[session.save_path] = "${varDir}/phpSessions" | ||
123 | ''; | ||
124 | }; | ||
125 | } | ||