aboutsummaryrefslogtreecommitdiff
path: root/modules/private/websites/tools/tools
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2019-07-01 22:07:52 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2019-07-01 22:07:52 +0200
commitafcc5de071dfffdc507995d1845372ba40dc1dc2 (patch)
treec96fe6b4d915e7382316a57d0d626760a7fd2876 /modules/private/websites/tools/tools
parent2f16a987d306cdb7bf9b4e80fa4af173373719bd (diff)
downloadNix-afcc5de071dfffdc507995d1845372ba40dc1dc2.tar.gz
Nix-afcc5de071dfffdc507995d1845372ba40dc1dc2.tar.zst
Nix-afcc5de071dfffdc507995d1845372ba40dc1dc2.zip
Implement mta-sts and move mail services to specific domain
Diffstat (limited to 'modules/private/websites/tools/tools')
-rw-r--r--modules/private/websites/tools/tools/default.nix35
-rw-r--r--modules/private/websites/tools/tools/rainloop.nix59
-rw-r--r--modules/private/websites/tools/tools/roundcubemail.nix125
3 files changed, 4 insertions, 215 deletions
diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix
index 9908d99..5b368e0 100644
--- a/modules/private/websites/tools/tools/default.nix
+++ b/modules/private/websites/tools/tools/default.nix
@@ -10,11 +10,6 @@ let
10 inherit (pkgs.webapps) ttrss ttrss-plugins; 10 inherit (pkgs.webapps) ttrss ttrss-plugins;
11 env = myconfig.env.tools.ttrss; 11 env = myconfig.env.tools.ttrss;
12 }; 12 };
13 roundcubemail = pkgs.callPackage ./roundcubemail.nix {
14 inherit (pkgs.webapps) roundcubemail roundcubemail-plugins roundcubemail-skins;
15 env = myconfig.env.tools.roundcubemail;
16 };
17 rainloop = pkgs.callPackage ./rainloop.nix {};
18 kanboard = pkgs.callPackage ./kanboard.nix { 13 kanboard = pkgs.callPackage ./kanboard.nix {
19 env = myconfig.env.tools.kanboard; 14 env = myconfig.env.tools.kanboard;
20 }; 15 };
@@ -51,21 +46,16 @@ in {
51 secrets.keys = 46 secrets.keys =
52 kanboard.keys 47 kanboard.keys
53 ++ ldap.keys 48 ++ ldap.keys
54 ++ roundcubemail.keys
55 ++ shaarli.keys 49 ++ shaarli.keys
56 ++ ttrss.keys 50 ++ ttrss.keys
57 ++ wallabag.keys 51 ++ wallabag.keys
58 ++ yourls.keys; 52 ++ yourls.keys;
59 53
60 services.websites.env.integration.modules =
61 rainloop.apache.modules;
62
63 services.websites.env.tools.modules = 54 services.websites.env.tools.modules =
64 [ "proxy_fcgi" ] 55 [ "proxy_fcgi" ]
65 ++ adminer.apache.modules 56 ++ adminer.apache.modules
66 ++ ympd.apache.modules 57 ++ ympd.apache.modules
67 ++ ttrss.apache.modules 58 ++ ttrss.apache.modules
68 ++ roundcubemail.apache.modules
69 ++ wallabag.apache.modules 59 ++ wallabag.apache.modules
70 ++ yourls.apache.modules 60 ++ yourls.apache.modules
71 ++ rompr.apache.modules 61 ++ rompr.apache.modules
@@ -90,7 +80,6 @@ in {
90 </FilesMatch> 80 </FilesMatch>
91 </Directory> 81 </Directory>
92 '' 82 ''
93 rainloop.apache.vhostConf
94 ]; 83 ];
95 }; 84 };
96 85
@@ -101,6 +90,8 @@ in {
101 root = "/var/lib/ftp/tools.immae.eu"; 90 root = "/var/lib/ftp/tools.immae.eu";
102 extraConfig = [ 91 extraConfig = [
103 '' 92 ''
93 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
94
104 <Directory "/var/lib/ftp/tools.immae.eu"> 95 <Directory "/var/lib/ftp/tools.immae.eu">
105 DirectoryIndex index.php index.htm index.html 96 DirectoryIndex index.php index.htm index.html
106 AllowOverride all 97 AllowOverride all
@@ -113,7 +104,6 @@ in {
113 adminer.apache.vhostConf 104 adminer.apache.vhostConf
114 ympd.apache.vhostConf 105 ympd.apache.vhostConf
115 ttrss.apache.vhostConf 106 ttrss.apache.vhostConf
116 roundcubemail.apache.vhostConf
117 wallabag.apache.vhostConf 107 wallabag.apache.vhostConf
118 yourls.apache.vhostConf 108 yourls.apache.vhostConf
119 rompr.apache.vhostConf 109 rompr.apache.vhostConf
@@ -145,6 +135,8 @@ in {
145 135
146 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1 136 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
147 137
138 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
139
148 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1 140 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
149 '' 141 ''
150 ]; 142 ];
@@ -163,14 +155,6 @@ in {
163 after = lib.mkAfter ldap.phpFpm.serviceDeps; 155 after = lib.mkAfter ldap.phpFpm.serviceDeps;
164 wants = ldap.phpFpm.serviceDeps; 156 wants = ldap.phpFpm.serviceDeps;
165 }; 157 };
166 phpfpm-rainloop = {
167 after = lib.mkAfter rainloop.phpFpm.serviceDeps;
168 wants = rainloop.phpFpm.serviceDeps;
169 };
170 phpfpm-roundcubemail = {
171 after = lib.mkAfter roundcubemail.phpFpm.serviceDeps;
172 wants = roundcubemail.phpFpm.serviceDeps;
173 };
174 phpfpm-shaarli = { 158 phpfpm-shaarli = {
175 after = lib.mkAfter shaarli.phpFpm.serviceDeps; 159 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
176 wants = shaarli.phpFpm.serviceDeps; 160 wants = shaarli.phpFpm.serviceDeps;
@@ -217,12 +201,6 @@ in {
217 paths = [ "/var/secrets/mpd" ]; 201 paths = [ "/var/secrets/mpd" ];
218 }; 202 };
219 203
220 services.phpfpm.pools.roundcubemail = {
221 listen = roundcubemail.phpFpm.socket;
222 extraConfig = roundcubemail.phpFpm.pool;
223 phpOptions = config.services.phpfpm.phpOptions + roundcubemail.phpFpm.phpConfig;
224 };
225
226 services.phpfpm.pools.devtools = { 204 services.phpfpm.pools.devtools = {
227 listen = "/var/run/phpfpm/devtools.sock"; 205 listen = "/var/run/phpfpm/devtools.sock";
228 extraConfig = '' 206 extraConfig = ''
@@ -254,7 +232,6 @@ in {
254 shaarli = shaarli.phpFpm.pool; 232 shaarli = shaarli.phpFpm.pool;
255 dokuwiki = dokuwiki.phpFpm.pool; 233 dokuwiki = dokuwiki.phpFpm.pool;
256 ldap = ldap.phpFpm.pool; 234 ldap = ldap.phpFpm.pool;
257 rainloop = rainloop.phpFpm.pool;
258 kanboard = kanboard.phpFpm.pool; 235 kanboard = kanboard.phpFpm.pool;
259 tools = '' 236 tools = ''
260 listen = /var/run/phpfpm/tools.sock 237 listen = /var/run/phpfpm/tools.sock
@@ -277,13 +254,11 @@ in {
277 system.activationScripts = { 254 system.activationScripts = {
278 adminer = adminer.activationScript; 255 adminer = adminer.activationScript;
279 ttrss = ttrss.activationScript; 256 ttrss = ttrss.activationScript;
280 roundcubemail = roundcubemail.activationScript;
281 wallabag = wallabag.activationScript; 257 wallabag = wallabag.activationScript;
282 yourls = yourls.activationScript; 258 yourls = yourls.activationScript;
283 rompr = rompr.activationScript; 259 rompr = rompr.activationScript;
284 shaarli = shaarli.activationScript; 260 shaarli = shaarli.activationScript;
285 dokuwiki = dokuwiki.activationScript; 261 dokuwiki = dokuwiki.activationScript;
286 rainloop = rainloop.activationScript;
287 kanboard = kanboard.activationScript; 262 kanboard = kanboard.activationScript;
288 ldap = ldap.activationScript; 263 ldap = ldap.activationScript;
289 }; 264 };
@@ -293,12 +268,10 @@ in {
293 "${dokuwiki.apache.webappName}" = dokuwiki.webRoot; 268 "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
294 "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs"; 269 "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
295 "${rompr.apache.webappName}" = rompr.webRoot; 270 "${rompr.apache.webappName}" = rompr.webRoot;
296 "${roundcubemail.apache.webappName}" = roundcubemail.webRoot;
297 "${shaarli.apache.webappName}" = shaarli.webRoot; 271 "${shaarli.apache.webappName}" = shaarli.webRoot;
298 "${ttrss.apache.webappName}" = ttrss.webRoot; 272 "${ttrss.apache.webappName}" = ttrss.webRoot;
299 "${wallabag.apache.webappName}" = wallabag.webRoot; 273 "${wallabag.apache.webappName}" = wallabag.webRoot;
300 "${yourls.apache.webappName}" = yourls.webRoot; 274 "${yourls.apache.webappName}" = yourls.webRoot;
301 "${rainloop.apache.webappName}" = rainloop.webRoot;
302 "${kanboard.apache.webappName}" = kanboard.webRoot; 275 "${kanboard.apache.webappName}" = kanboard.webRoot;
303 }; 276 };
304 277
diff --git a/modules/private/websites/tools/tools/rainloop.nix b/modules/private/websites/tools/tools/rainloop.nix
deleted file mode 100644
index dbf0f24..0000000
--- a/modules/private/websites/tools/tools/rainloop.nix
+++ /dev/null
@@ -1,59 +0,0 @@
1{ lib, pkgs, writeText, stdenv, fetchurl }:
2rec {
3 varDir = "/var/lib/rainloop";
4 activationScript = {
5 deps = [ "wrappers" ];
6 text = ''
7 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}
8 install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
9 install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/data
10 '';
11 };
12 webRoot = pkgs.rainloop-community.override { dataPath = "${varDir}/data"; };
13 apache = rec {
14 user = "wwwrun";
15 group = "wwwrun";
16 modules = [ "proxy_fcgi" ];
17 webappName = "tools_rainloop";
18 root = "/run/current-system/webapps/${webappName}";
19 vhostConf = ''
20 Alias /rainloop "${root}"
21 <Directory "${root}">
22 DirectoryIndex index.php
23 AllowOverride All
24 Options -FollowSymlinks
25 Require all granted
26
27 <FilesMatch "\.php$">
28 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
29 </FilesMatch>
30 </Directory>
31
32 <DirectoryMatch "${root}/data">
33 Require all denied
34 </DirectoryMatch>
35 '';
36 };
37 phpFpm = rec {
38 serviceDeps = [ "postgresql.service" ];
39 basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
40 socket = "/var/run/phpfpm/rainloop.sock";
41 pool = ''
42 listen = ${socket}
43 user = ${apache.user}
44 group = ${apache.group}
45 listen.owner = ${apache.user}
46 listen.group = ${apache.group}
47 pm = ondemand
48 pm.max_children = 60
49 pm.process_idle_timeout = 60
50
51 ; Needed to avoid clashes in browser cookies (same domain)
52 php_value[session.name] = RainloopPHPSESSID
53 php_admin_value[upload_max_filesize] = 200M
54 php_admin_value[post_max_size] = 200M
55 php_admin_value[open_basedir] = "${basedir}:/tmp"
56 php_admin_value[session.save_path] = "${varDir}/phpSessions"
57 '';
58 };
59}
diff --git a/modules/private/websites/tools/tools/roundcubemail.nix b/modules/private/websites/tools/tools/roundcubemail.nix
deleted file mode 100644
index 8bb60d6..0000000
--- a/modules/private/websites/tools/tools/roundcubemail.nix
+++ /dev/null
@@ -1,125 +0,0 @@
1{ env, roundcubemail, roundcubemail-plugins, roundcubemail-skins, phpPackages, apacheHttpd }:
2rec {
3 varDir = "/var/lib/roundcubemail";
4 activationScript = {
5 deps = [ "wrappers" ];
6 text = ''
7 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
8 ${varDir}/cache ${varDir}/logs
9 install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
10 '';
11 };
12 keys = [{
13 dest = "webapps/tools-roundcube";
14 user = apache.user;
15 group = apache.group;
16 permissions = "0400";
17 text = ''
18 <?php
19 $config['db_dsnw'] = '${env.psql_url}';
20 $config['default_host'] = 'ssl://imap.immae.eu';
21 $config['username_domain'] = array(
22 "imap.immae.eu" => "mail.immae.eu"
23 );
24 $config['imap_conn_options'] = array("ssl" => array("verify_peer" => false));
25 $config['smtp_server'] = 'tls://smtp.immae.eu';
26 $config['smtp_port'] = '587';
27 $config['managesieve_host'] = 'imap.immae.eu';
28 $config['managesieve_port'] = '4190';
29 $config['managesieve_usetls'] = true;
30 $config['managesieve_conn_options'] = array("ssl" => array("verify_peer" => false));
31
32 $config['imap_cache'] = 'db';
33 $config['messages_cache'] = 'db';
34
35 $config['support_url'] = ''';
36
37 $config['des_key'] = '${env.secret}';
38
39 $config['skin'] = 'elastic';
40 $config['plugins'] = array(
41 'attachment_reminder',
42 'emoticons',
43 'filesystem_attachments',
44 'hide_blockquote',
45 'identicon',
46 'identity_select',
47 'jqueryui',
48 'markasjunk',
49 'managesieve',
50 'newmail_notifier',
51 'vcard_attachments',
52 'zipdownload',
53
54 'automatic_addressbook',
55 'message_highlight',
56 'carddav',
57 // Ne marche pas ?: 'ident_switch',
58 // Ne marche pas ?: 'thunderbird_labels',
59 );
60
61 $config['language'] = 'fr_FR';
62
63 $config['drafts_mbox'] = 'Drafts';
64 $config['junk_mbox'] = 'Junk';
65 $config['sent_mbox'] = 'Sent';
66 $config['trash_mbox'] = 'Trash';
67 $config['default_folders'] = array('INBOX', 'Drafts', 'Sent', 'Junk', 'Trash');
68 $config['draft_autosave'] = 60;
69 $config['enable_installer'] = false;
70 $config['log_driver'] = 'file';
71 $config['temp_dir'] = '${varDir}/cache';
72 $config['mime_types'] = '${apacheHttpd}/conf/mime.types';
73 '';
74 }];
75 webRoot = (roundcubemail.override { roundcube_config = "/var/secrets/webapps/tools-roundcube"; }).withPlugins
76 (builtins.attrValues roundcubemail-plugins) (builtins.attrValues roundcubemail-skins);
77 apache = rec {
78 user = "wwwrun";
79 group = "wwwrun";
80 modules = [ "proxy_fcgi" ];
81 webappName = "tools_roundcubemail";
82 root = "/run/current-system/webapps/${webappName}";
83 vhostConf = ''
84 Alias /roundcube "${root}"
85 <Directory "${root}">
86 DirectoryIndex index.php
87 AllowOverride All
88 Options FollowSymlinks
89 Require all granted
90
91 <FilesMatch "\.php$">
92 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
93 </FilesMatch>
94 </Directory>
95 '';
96 };
97 phpFpm = rec {
98 serviceDeps = [ "postgresql.service" ];
99 basedir = builtins.concatStringsSep ":" (
100 [ webRoot "/var/secrets/webapps/tools-roundcube" varDir ]
101 ++ webRoot.plugins
102 ++ webRoot.skins);
103 phpConfig = ''
104 date.timezone = 'CET'
105 extension=${phpPackages.imagick}/lib/php/extensions/imagick.so
106 '';
107 socket = "/var/run/phpfpm/roundcubemail.sock";
108 pool = ''
109 user = ${apache.user}
110 group = ${apache.group}
111 listen.owner = ${apache.user}
112 listen.group = ${apache.group}
113 pm = ondemand
114 pm.max_children = 60
115 pm.process_idle_timeout = 60
116
117 ; Needed to avoid clashes in browser cookies (same domain)
118 php_value[session.name] = RoundcubemailPHPSESSID
119 php_admin_value[upload_max_filesize] = 200M
120 php_admin_value[post_max_size] = 200M
121 php_admin_value[open_basedir] = "${basedir}:${apacheHttpd}/conf/mime.types:/tmp"
122 php_admin_value[session.save_path] = "${varDir}/phpSessions"
123 '';
124 };
125}