Move personal websites to modules

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-05-18 10:49:00 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-05-18 10:49:00 +0200
commit: f8026b6e4c869aa108f6361c8ccd50890657994d (patch)
tree: 57cb311e520933bd2ab6ccbae05f2913799eb49e /nixops/modules/websites/ftp
parent: 4aac110f17f0528d90510eec00c9a8df60bcf04f (diff)
download: Nix-f8026b6e4c869aa108f6361c8ccd50890657994d.tar.gz
Nix-f8026b6e4c869aa108f6361c8ccd50890657994d.tar.zst
Nix-f8026b6e4c869aa108f6361c8ccd50890657994d.zip
9 files changed, 0 insertions, 521 deletions
diff --git a/nixops/modules/websites/ftp/denisejerome.nix b/nixops/modules/websites/ftp/denisejerome.nix
deleted file mode 100644
index 884fb62..0000000
--- a/nixops/modules/websites/ftp/denisejerome.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-{ lib, pkgs, config, myconfig,  ... }:
-let
-    cfg = config.services.myWebsites.DeniseJerome;
-    varDir = "/var/lib/ftp/denisejerome";
-    env = myconfig.env.websites.denisejerome;
-in {
-  options.services.myWebsites.DeniseJerome = {
-    production = {
-      enable = lib.mkEnableOption "enable Denise Jerome's website";
-    };
-  };
-  config = lib.mkIf cfg.production.enable {
-    services.webstats.sites = [ { name = "denisejerome.piedsjaloux.fr"; } ];
-    services.websites.production.vhostConfs.denisejerome = {
-      certName     = "denisejerome";
-      certMainHost = "denisejerome.piedsjaloux.fr";
-      hosts        = ["denisejerome.piedsjaloux.fr" ];
-      root         = varDir;
-      extraConfig  = [
-        ''
-        Use Stats denisejerome.piedsjaloux.fr
-        <Directory ${varDir}>
-          DirectoryIndex index.htm index.html
-          Options Indexes FollowSymLinks MultiViews Includes
-          AllowOverride AuthConfig
-          Require all granted
-        </Directory>
-          ''
-      ];
-    };
-  };
-}
diff --git a/nixops/modules/websites/ftp/florian.nix b/nixops/modules/websites/ftp/florian.nix
deleted file mode 100644
index ebd461e..0000000
--- a/nixops/modules/websites/ftp/florian.nix
+++ /dev/null
@@ -1,68 +0,0 @@
-{ lib, pkgs, config, myconfig,  ... }:
-let
-    adminer = pkgs.callPackage ../commons/adminer.nix {};
-    cfg = config.services.myWebsites.Florian;
-    varDir = "/var/lib/ftp/florian";
-    env = myconfig.env.websites.florian;
-in {
-  options.services.myWebsites.Florian = {
-    production = {
-      enable = lib.mkEnableOption "enable Florian's website production";
-    };
-    integration = {
-      enable = lib.mkEnableOption "enable Florian's website integration";
-    };
-  };
-  config = lib.mkMerge [
-    (lib.mkIf cfg.production.enable {
-      security.acme.certs."ftp".extraDomains."tellesflorian.com" = null;
-      services.websites.production.modules = adminer.apache.modules;
-      services.websites.production.vhostConfs.florian = {
-        certName     = "florian";
-        certMainHost = "tellesflorian.com";
-        hosts        = [ "tellesflorian.com" "www.tellesflorian.com" ];
-        root         = "${varDir}/tellesflorian.com";
-        extraConfig  = [
-          adminer.apache.vhostConf
-          ''
-          ServerAdmin ${env.server_admin}
-          <Directory ${varDir}/tellesflorian.com>
-            DirectoryIndex index.php index.htm index.html
-            Options Indexes FollowSymLinks MultiViews Includes
-            AllowOverride None
-            Require all granted
-          </Directory>
-            ''
-        ];
-      };
-    })
-    (lib.mkIf cfg.integration.enable {
-      security.acme.certs."ftp".extraDomains."florian.immae.eu" = null;
-      services.websites.integration.modules = adminer.apache.modules;
-      services.websites.integration.vhostConfs.florian = {
-        certName    = "eldiron";
-        addToCerts  = true;
-        hosts       = [ "florian.immae.eu" ];
-        root        = "${varDir}/florian.immae.eu";
-        extraConfig = [
-          adminer.apache.vhostConf
-          ''
-          ServerAdmin ${env.server_admin}
-          <Directory ${varDir}/florian.immae.eu>
-            DirectoryIndex index.php index.htm index.html
-            Options Indexes FollowSymLinks MultiViews Includes
-            AllowOverride None
-            Require all granted
-          </Directory>
-            ''
-        ];
-      };
-    })
-  ];
-}
diff --git a/nixops/modules/websites/ftp/immae.nix b/nixops/modules/websites/ftp/immae.nix
deleted file mode 100644
index 2ba30a1..0000000
--- a/nixops/modules/websites/ftp/immae.nix
+++ /dev/null
@@ -1,68 +0,0 @@
-{ lib, pkgs, config, myconfig,  ... }:
-let
-    cfg = config.services.myWebsites.Immae;
-    varDir = "/var/lib/ftp/immae";
-    env = myconfig.env.websites.immae;
-in {
-  options.services.myWebsites.Immae = {
-    production = {
-      enable = lib.mkEnableOption "enable Immae's website";
-    };
-  };
-  config = lib.mkIf cfg.production.enable {
-    services.webstats.sites = [ { name = "www.immae.eu"; } ];
-    services.myPhpfpm.poolConfigs.immae = ''
-      listen = /run/phpfpm/immae.sock
-      user = wwwrun
-      group = wwwrun
-      listen.owner = wwwrun
-      listen.group = wwwrun
-      pm = ondemand
-      pm.max_children = 5
-      pm.process_idle_timeout = 60
-      php_admin_value[open_basedir] = "${varDir}:/tmp"
-      '';
-    services.websites.production.modules = [ "proxy_fcgi" ];
-    services.websites.production.vhostConfs.immae = {
-      certName    = "eldiron";
-      addToCerts  = true;
-      hosts       = [ "www.immae.eu" ];
-      root        = varDir;
-      extraConfig = [
-        ''
-        Use Stats www.immae.eu
-        <FilesMatch "\.php$">
-          SetHandler "proxy:unix:/run/phpfpm/immae.sock|fcgi://localhost"
-        </FilesMatch>
-        <Directory ${varDir}>
-          DirectoryIndex index.php index.htm index.html
-          Options Indexes FollowSymLinks MultiViews Includes
-          AllowOverride All
-          Require all granted
-        </Directory>
-        <Location /blog_old/>
-          Use LDAPConnect
-          Require ldap-group cn=blog,cn=immae.eu,ou=services,dc=immae,dc=eu
-        </Location>
-        ''
-      ];
-    };
-    services.websites.production.vhostConfs.bouya = {
-      certName    = "eldiron";
-      addToCerts  = true;
-      hosts       = [ "bouya.org" "www.bouya.org" ];
-      root        = null;
-      extraConfig = [ ''
-        RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://www.normalesup.org/~bouya/
-        '' ];
-    };
-  };
-}
diff --git a/nixops/modules/websites/ftp/jerome.nix b/nixops/modules/websites/ftp/jerome.nix
deleted file mode 100644
index d00c42d..0000000
--- a/nixops/modules/websites/ftp/jerome.nix
+++ /dev/null
@@ -1,90 +0,0 @@
-{ lib, pkgs, config, myconfig,  ... }:
-let
-    adminer = pkgs.callPackage ../commons/adminer.nix {};
-    cfg = config.services.myWebsites.Jerome;
-    varDir = "/var/lib/ftp/jerome";
-    env = myconfig.env.websites.jerome;
-in {
-  options.services.myWebsites.Jerome = {
-    production = {
-      enable = lib.mkEnableOption "enable Jerome's website";
-    };
-  };
-  config = lib.mkIf cfg.production.enable {
-    services.webstats.sites = [ { name = "naturaloutil.immae.eu"; } ];
-    security.acme.certs."ftp".extraDomains."naturaloutil.immae.eu" = null;
-    secrets.keys = [{
-      dest = "webapps/prod-naturaloutil";
-      user = "wwwrun";
-      group = "wwwrun";
-      permissions = "0400";
-      text = ''
-        <?php
-        $mysql_user = '${env.mysql.user}' ;
-        $mysql_server = '${env.mysql.host}' ;
-        $mysql_base = '${env.mysql.name}' ;
-        $mysql_password = '${env.mysql.password}' ;
-        //connect to db
-        $db = mysqli_init();
-        ${if env.mysql.host != "localhost" then ''
-        mysqli_options ($db, MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, true);
-        $db->ssl_set(NULL, NULL, "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt", NULL, NULL);
-        '' else ""}
-        $database = connect_db($db, $mysql_server, $mysql_base, $mysql_user, $mysql_password);
-        ?>
-      '';
-    }];
-    services.myPhpfpm.serviceDependencies.jerome = [ "mysql.service" ];
-    services.myPhpfpm.poolConfigs.jerome = ''
-      listen = /run/phpfpm/naturaloutil.sock
-      user = wwwrun
-      group = wwwrun
-      listen.owner = wwwrun
-      listen.group = wwwrun
-      pm = ondemand
-      pm.max_children = 5
-      pm.process_idle_timeout = 60
-      env[BDD_CONNECT] = "/var/secrets/webapps/prod-naturaloutil"
-      php_admin_value[open_basedir] = "/var/secrets/webapps/prod-naturaloutil:${varDir}:/tmp"
-      '';
-    services.myPhpfpm.poolPhpConfigs.jerome = ''
-      extension=${pkgs.php}/lib/php/extensions/mysqli.so
-      '';
-    services.websites.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ];
-    services.websites.production.vhostConfs.naturaloutil = {
-      certName     = "naturaloutil";
-      certMainHost = "naturaloutil.immae.eu";
-      hosts        = ["naturaloutil.immae.eu" ];
-      root         = varDir;
-      extraConfig  = [
-        adminer.apache.vhostConf
-        ''
-        Use Stats naturaloutil.immae.eu
-        ServerAdmin ${env.server_admin}
-        ErrorLog "${varDir}/logs/error_log"
-        CustomLog "${varDir}/logs/access_log" combined
-        <FilesMatch "\.php$">
-          SetHandler "proxy:unix:/run/phpfpm/naturaloutil.sock|fcgi://localhost"
-        </FilesMatch>
-        <Directory ${varDir}/logs>
-          AllowOverride None
-          Require all denied
-        </Directory>
-        <Directory ${varDir}>
-          DirectoryIndex index.php index.htm index.html
-          Options Indexes FollowSymLinks MultiViews Includes
-          AllowOverride None
-          Require all granted
-        </Directory>
-          ''
-      ];
-    };
-  };
-}
diff --git a/nixops/modules/websites/ftp/leila.nix b/nixops/modules/websites/ftp/leila.nix
deleted file mode 100644
index 14bfa20..0000000
--- a/nixops/modules/websites/ftp/leila.nix
+++ /dev/null
@@ -1,86 +0,0 @@
-{ lib, pkgs, config, ... }:
-let
-    cfg = config.services.myWebsites.Leila;
-    varDir = "/var/lib/ftp/leila";
-in {
-  options.services.myWebsites.Leila = {
-    production = {
-      enable = lib.mkEnableOption "enable Leila's website in production";
-    };
-  };
-  config = (lib.mkIf cfg.production.enable {
-      services.myPhpfpm.poolConfigs.leila = ''
-        listen = /run/phpfpm/leila.sock
-        user = wwwrun
-        group = wwwrun
-        listen.owner = wwwrun
-        listen.group = wwwrun
-        pm = ondemand
-        pm.max_children = 5
-        pm.process_idle_timeout = 60
-        php_admin_value[open_basedir] = "${varDir}:/tmp"
-        '';
-      services.webstats.sites = [
-        { name = "leila.bouya.org"; }
-        { name = "chorale.leila.bouya.org"; }
-      ];
-      services.websites.production.modules = [ "proxy_fcgi" ];
-      services.websites.production.vhostConfs.leila_chorale = {
-        certName    = "leila";
-        addToCerts  = true;
-        hosts       = [ "chorale.leila.bouya.org" "chorale-vocanta.fr.nf" "www.chorale-vocanta.fr.nf" ];
-        root        = "${varDir}/Chorale";
-        extraConfig = [
-          ''
-          Use Stats chorale.leila.bouya.org
-          <Directory ${varDir}/Chorale>
-            DirectoryIndex index.php index.htm index.html
-            Options Indexes FollowSymLinks MultiViews Includes
-            AllowOverride None
-            Use LDAPConnect
-            Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
-            <FilesMatch "\.php$">
-              SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost"
-            </FilesMatch>
-          </Directory>
-            ''
-        ];
-      };
-      services.websites.production.vhostConfs.leila = {
-        certName     = "leila";
-        certMainHost = "leila.bouya.org";
-        hosts        = [ "leila.bouya.org" ];
-        root         = varDir;
-        extraConfig  = [
-          ''
-          Use Stats leila.bouya.org
-          <Directory ${varDir}/Chorale>
-            DirectoryIndex index.htm index.html
-            Options Indexes FollowSymLinks MultiViews Includes
-            AllowOverride None
-            Use LDAPConnect
-            Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
-            <FilesMatch "\.php$">
-              SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost"
-            </FilesMatch>
-          </Directory>
-          <Directory ${varDir}>
-            DirectoryIndex index.htm index.html
-            Options Indexes FollowSymLinks MultiViews Includes
-            AllowOverride None
-            Require all granted
-          </Directory>
-            ''
-        ];
-      };
-    });
-}
diff --git a/nixops/modules/websites/ftp/nassime.nix b/nixops/modules/websites/ftp/nassime.nix
deleted file mode 100644
index 3c982d3..0000000
--- a/nixops/modules/websites/ftp/nassime.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-{ lib, pkgs, config, myconfig,  ... }:
-let
-    cfg = config.services.myWebsites.Nassime;
-    varDir = "/var/lib/ftp/nassime";
-    env = myconfig.env.websites.nassime;
-in {
-  options.services.myWebsites.Nassime = {
-    production = {
-      enable = lib.mkEnableOption "enable Nassime's website";
-    };
-  };
-  config = lib.mkIf cfg.production.enable {
-    services.webstats.sites = [ { name = "nassime.bouya.org"; } ];
-    security.acme.certs."ftp".extraDomains."nassime.bouya.org" = null;
-    services.websites.production.vhostConfs.nassime = {
-      certName     = "nassime";
-      certMainHost = "nassime.bouya.org";
-      hosts        = ["nassime.bouya.org" ];
-      root         = varDir;
-      extraConfig  = [
-        ''
-        Use Stats nassime.bouya.org
-        ServerAdmin ${env.server_admin}
-        <Directory ${varDir}>
-          DirectoryIndex index.php index.htm index.html
-          Options Indexes FollowSymLinks MultiViews Includes
-          AllowOverride None
-          Require all granted
-        </Directory>
-          ''
-      ];
-    };
-  };
-}
diff --git a/nixops/modules/websites/ftp/papa.nix b/nixops/modules/websites/ftp/papa.nix
deleted file mode 100644
index c8d05ef..0000000
--- a/nixops/modules/websites/ftp/papa.nix
+++ /dev/null
@@ -1,53 +0,0 @@
-{ lib, pkgs, config, myconfig,  ... }:
-let
-    cfg = config.services.myWebsites.Papa;
-    varDir = "/var/lib/ftp/papa";
-in {
-  options.services.myWebsites.Papa = {
-    production = {
-      enable = lib.mkEnableOption "enable Papa's website";
-    };
-  };
-  config = lib.mkIf cfg.production.enable {
-    security.acme.certs."ftp".extraDomains."surveillance.maison.bbc.bouya.org" = null;
-    services.cron = {
-      systemCronJobs = let
-        script = pkgs.writeScript "cleanup-papa" ''
-          #!${pkgs.stdenv.shell}
-          d=$(date -d "7 days ago" +%Y%m%d)
-          for i in /var/lib/ftp/papa/*/20[0-9][0-9][0-9][0-9][0-9][0-9]; do
-            if [ "$d" -gt $(basename $i) ]; then
-              rm -rf "$i"
-            fi
-          done
-          '';
-      in
-        [
-        ''
-          0 6 * * * wwwrun ${script}
-        ''
-      ];
-    };
-    services.websites.production.vhostConfs.papa = {
-      certName     = "papa";
-      certMainHost = "surveillance.maison.bbc.bouya.org";
-      hosts        = [ "surveillance.maison.bbc.bouya.org" ];
-      root         = varDir;
-      extraConfig  = [
-        ''
-        Use Apaxy "${varDir}" "title .duplicity-ignore"
-        <Directory ${varDir}>
-          Use LDAPConnect
-          Options Indexes
-          AllowOverride None
-          Require ldap-group   cn=surveillance.maison.bbc.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
-        </Directory>
-          ''
-      ];
-    };
-  };
-}
diff --git a/nixops/modules/websites/ftp/release.nix b/nixops/modules/websites/ftp/release.nix
deleted file mode 100644
index db3487f..0000000
--- a/nixops/modules/websites/ftp/release.nix
+++ /dev/null
@@ -1,43 +0,0 @@
-{ lib, pkgs, config, myconfig,  ... }:
-let
-    cfg = config.services.myWebsites.Release;
-    varDir = "/var/lib/ftp/release.immae.eu";
-    env = myconfig.env.websites.release;
-in {
-  options.services.myWebsites.Release = {
-    production = {
-      enable = lib.mkEnableOption "enable Release' website";
-    };
-  };
-  config = lib.mkIf cfg.production.enable {
-    services.webstats.sites = [ { name = "release.immae.eu"; } ];
-    services.websites.production.vhostConfs.release = {
-      certName    = "eldiron";
-      addToCerts  = true;
-      hosts       = [ "release.immae.eu" ];
-      root        = varDir;
-      extraConfig = [
-        ''
-        Use Stats release.immae.eu
-        Use Apaxy "${varDir}" "title .duplicity-ignore"
-        <Directory "${varDir}">
-          Use LDAPConnect
-          Options Indexes
-          AllowOverride All
-          Require all granted
-        </Directory>
-        <Directory "${varDir}/packages">
-          Use LDAPConnect
-          Options Indexes FollowSymlinks
-          AllowOverride None
-          Require all granted
-        </Directory>
-        ''
-      ];
-    };
-  };
-}
diff --git a/nixops/modules/websites/ftp/temp.nix b/nixops/modules/websites/ftp/temp.nix
deleted file mode 100644
index 86dfde3..0000000
--- a/nixops/modules/websites/ftp/temp.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ lib, pkgs, config, myconfig,  ... }:
-let
-    cfg = config.services.myWebsites.Temp;
-    varDir = "/var/lib/ftp/temp.immae.eu";
-    env = myconfig.env.websites.temp;
-in {
-  options.services.myWebsites.Temp = {
-    production = {
-      enable = lib.mkEnableOption "enable Temp' website";
-    };
-  };
-  config = lib.mkIf cfg.production.enable {
-    services.websites.production.modules = [ "headers" ];
-    services.websites.production.vhostConfs.temp = {
-      certName    = "eldiron";
-      addToCerts  = true;
-      hosts       = [ "temp.immae.eu" ];
-      root        = varDir;
-      extraConfig = [
-        ''
-        Use Apaxy "${varDir}" "title .duplicity-ignore"
-        <FilesMatch ".+">
-          Header set Content-Disposition attachment
-        </FilesMatch>
-        <Directory "${varDir}">
-          Options -Indexes
-          AllowOverride None
-          Require all granted
-        </Directory>
-        <DirectoryMatch "${varDir}/(.+)">
-          Options Indexes
-        </DirectoryMatch>
-        ''
-      ];
-    };
-  };
-}
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-05-18 10:49:00 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-05-18 10:49:00 +0200
commit	f8026b6e4c869aa108f6361c8ccd50890657994d (patch)
tree	57cb311e520933bd2ab6ccbae05f2913799eb49e /nixops/modules/websites/ftp
parent	4aac110f17f0528d90510eec00c9a8df60bcf04f (diff)
download	Nix-f8026b6e4c869aa108f6361c8ccd50890657994d.tar.gz Nix-f8026b6e4c869aa108f6361c8ccd50890657994d.tar.zst Nix-f8026b6e4c869aa108f6361c8ccd50890657994d.zip

diff --git a/nixops/modules/websites/ftp/denisejerome.nix b/nixops/modules/websites/ftp/denisejerome.nix deleted file mode 100644 index 884fb62..0000000 --- a/nixops/modules/websites/ftp/denisejerome.nix +++ /dev/null
@@ -1,35 +0,0 @@
1	{ lib, pkgs, config, myconfig, ... }:
2	let
3	cfg = config.services.myWebsites.DeniseJerome;
4	varDir = "/var/lib/ftp/denisejerome";
5	env = myconfig.env.websites.denisejerome;
6	in {
7	options.services.myWebsites.DeniseJerome = {
8	production = {
9	enable = lib.mkEnableOption "enable Denise Jerome's website";
10	};
11	};
12
13	config = lib.mkIf cfg.production.enable {
14	services.webstats.sites = [ { name = "denisejerome.piedsjaloux.fr"; } ];
15
16	services.websites.production.vhostConfs.denisejerome = {
17	certName = "denisejerome";
18	certMainHost = "denisejerome.piedsjaloux.fr";
19	hosts = ["denisejerome.piedsjaloux.fr" ];
20	root = varDir;
21	extraConfig = [
22	''
23	Use Stats denisejerome.piedsjaloux.fr
24
25	<Directory ${varDir}>
26	DirectoryIndex index.htm index.html
27	Options Indexes FollowSymLinks MultiViews Includes
28	AllowOverride AuthConfig
29	Require all granted
30	</Directory>
31	''
32	];
33	};
34	};
35	}


diff --git a/nixops/modules/websites/ftp/florian.nix b/nixops/modules/websites/ftp/florian.nix deleted file mode 100644 index ebd461e..0000000 --- a/nixops/modules/websites/ftp/florian.nix +++ /dev/null
@@ -1,68 +0,0 @@
1	{ lib, pkgs, config, myconfig, ... }:
2	let
3	adminer = pkgs.callPackage ../commons/adminer.nix {};
4	cfg = config.services.myWebsites.Florian;
5	varDir = "/var/lib/ftp/florian";
6	env = myconfig.env.websites.florian;
7	in {
8	options.services.myWebsites.Florian = {
9	production = {
10	enable = lib.mkEnableOption "enable Florian's website production";
11	};
12	integration = {
13	enable = lib.mkEnableOption "enable Florian's website integration";
14	};
15	};
16
17	config = lib.mkMerge [
18	(lib.mkIf cfg.production.enable {
19	security.acme.certs."ftp".extraDomains."tellesflorian.com" = null;
20
21	services.websites.production.modules = adminer.apache.modules;
22	services.websites.production.vhostConfs.florian = {
23	certName = "florian";
24	certMainHost = "tellesflorian.com";
25	hosts = [ "tellesflorian.com" "www.tellesflorian.com" ];
26	root = "${varDir}/tellesflorian.com";
27	extraConfig = [
28	adminer.apache.vhostConf
29	''
30	ServerAdmin ${env.server_admin}
31
32	<Directory ${varDir}/tellesflorian.com>
33	DirectoryIndex index.php index.htm index.html
34	Options Indexes FollowSymLinks MultiViews Includes
35	AllowOverride None
36	Require all granted
37	</Directory>
38	''
39	];
40	};
41	})
42
43	(lib.mkIf cfg.integration.enable {
44	security.acme.certs."ftp".extraDomains."florian.immae.eu" = null;
45
46	services.websites.integration.modules = adminer.apache.modules;
47	services.websites.integration.vhostConfs.florian = {
48	certName = "eldiron";
49	addToCerts = true;
50	hosts = [ "florian.immae.eu" ];
51	root = "${varDir}/florian.immae.eu";
52	extraConfig = [
53	adminer.apache.vhostConf
54	''
55	ServerAdmin ${env.server_admin}
56
57	<Directory ${varDir}/florian.immae.eu>
58	DirectoryIndex index.php index.htm index.html
59	Options Indexes FollowSymLinks MultiViews Includes
60	AllowOverride None
61	Require all granted
62	</Directory>
63	''
64	];
65	};
66	})
67	];
68	}


diff --git a/nixops/modules/websites/ftp/immae.nix b/nixops/modules/websites/ftp/immae.nix deleted file mode 100644 index 2ba30a1..0000000 --- a/nixops/modules/websites/ftp/immae.nix +++ /dev/null
@@ -1,68 +0,0 @@
1	{ lib, pkgs, config, myconfig, ... }:
2	let
3	cfg = config.services.myWebsites.Immae;
4	varDir = "/var/lib/ftp/immae";
5	env = myconfig.env.websites.immae;
6	in {
7	options.services.myWebsites.Immae = {
8	production = {
9	enable = lib.mkEnableOption "enable Immae's website";
10	};
11	};
12
13	config = lib.mkIf cfg.production.enable {
14	services.webstats.sites = [ { name = "www.immae.eu"; } ];
15
16	services.myPhpfpm.poolConfigs.immae = ''
17	listen = /run/phpfpm/immae.sock
18	user = wwwrun
19	group = wwwrun
20	listen.owner = wwwrun
21	listen.group = wwwrun
22
23	pm = ondemand
24	pm.max_children = 5
25	pm.process_idle_timeout = 60
26
27	php_admin_value[open_basedir] = "${varDir}:/tmp"
28	'';
29	services.websites.production.modules = [ "proxy_fcgi" ];
30	services.websites.production.vhostConfs.immae = {
31	certName = "eldiron";
32	addToCerts = true;
33	hosts = [ "www.immae.eu" ];
34	root = varDir;
35	extraConfig = [
36	''
37	Use Stats www.immae.eu
38
39	<FilesMatch "\.php$">
40	SetHandler "proxy:unix:/run/phpfpm/immae.sock\|fcgi://localhost"
41	</FilesMatch>
42
43	<Directory ${varDir}>
44	DirectoryIndex index.php index.htm index.html
45	Options Indexes FollowSymLinks MultiViews Includes
46	AllowOverride All
47	Require all granted
48	</Directory>
49
50	<Location /blog_old/>
51	Use LDAPConnect
52	Require ldap-group cn=blog,cn=immae.eu,ou=services,dc=immae,dc=eu
53	</Location>
54	''
55	];
56	};
57
58	services.websites.production.vhostConfs.bouya = {
59	certName = "eldiron";
60	addToCerts = true;
61	hosts = [ "bouya.org" "www.bouya.org" ];
62	root = null;
63	extraConfig = [ ''
64	RedirectMatch 301 ^/((?!\.well-known.$).)$ https://www.normalesup.org/~bouya/
65	'' ];
66	};
67	};
68	}


diff --git a/nixops/modules/websites/ftp/jerome.nix b/nixops/modules/websites/ftp/jerome.nix deleted file mode 100644 index d00c42d..0000000 --- a/nixops/modules/websites/ftp/jerome.nix +++ /dev/null
@@ -1,90 +0,0 @@
1	{ lib, pkgs, config, myconfig, ... }:
2	let
3	adminer = pkgs.callPackage ../commons/adminer.nix {};
4	cfg = config.services.myWebsites.Jerome;
5	varDir = "/var/lib/ftp/jerome";
6	env = myconfig.env.websites.jerome;
7	in {
8	options.services.myWebsites.Jerome = {
9	production = {
10	enable = lib.mkEnableOption "enable Jerome's website";
11	};
12	};
13
14	config = lib.mkIf cfg.production.enable {
15	services.webstats.sites = [ { name = "naturaloutil.immae.eu"; } ];
16
17	security.acme.certs."ftp".extraDomains."naturaloutil.immae.eu" = null;
18
19	secrets.keys = [{
20	dest = "webapps/prod-naturaloutil";
21	user = "wwwrun";
22	group = "wwwrun";
23	permissions = "0400";
24	text = ''
25	<?php
26	$mysql_user = '${env.mysql.user}' ;
27	$mysql_server = '${env.mysql.host}' ;
28	$mysql_base = '${env.mysql.name}' ;
29	$mysql_password = '${env.mysql.password}' ;
30	//connect to db
31	$db = mysqli_init();
32	${if env.mysql.host != "localhost" then ''
33	mysqli_options ($db, MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, true);
34	$db->ssl_set(NULL, NULL, "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt", NULL, NULL);
35	'' else ""}
36	$database = connect_db($db, $mysql_server, $mysql_base, $mysql_user, $mysql_password);
37	?>
38	'';
39	}];
40	services.myPhpfpm.serviceDependencies.jerome = [ "mysql.service" ];
41	services.myPhpfpm.poolConfigs.jerome = ''
42	listen = /run/phpfpm/naturaloutil.sock
43	user = wwwrun
44	group = wwwrun
45	listen.owner = wwwrun
46	listen.group = wwwrun
47
48	pm = ondemand
49	pm.max_children = 5
50	pm.process_idle_timeout = 60
51
52	env[BDD_CONNECT] = "/var/secrets/webapps/prod-naturaloutil"
53	php_admin_value[open_basedir] = "/var/secrets/webapps/prod-naturaloutil:${varDir}:/tmp"
54	'';
55	services.myPhpfpm.poolPhpConfigs.jerome = ''
56	extension=${pkgs.php}/lib/php/extensions/mysqli.so
57	'';
58	services.websites.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ];
59	services.websites.production.vhostConfs.naturaloutil = {
60	certName = "naturaloutil";
61	certMainHost = "naturaloutil.immae.eu";
62	hosts = ["naturaloutil.immae.eu" ];
63	root = varDir;
64	extraConfig = [
65	adminer.apache.vhostConf
66	''
67	Use Stats naturaloutil.immae.eu
68	ServerAdmin ${env.server_admin}
69	ErrorLog "${varDir}/logs/error_log"
70	CustomLog "${varDir}/logs/access_log" combined
71
72	<FilesMatch "\.php$">
73	SetHandler "proxy:unix:/run/phpfpm/naturaloutil.sock\|fcgi://localhost"
74	</FilesMatch>
75
76	<Directory ${varDir}/logs>
77	AllowOverride None
78	Require all denied
79	</Directory>
80	<Directory ${varDir}>
81	DirectoryIndex index.php index.htm index.html
82	Options Indexes FollowSymLinks MultiViews Includes
83	AllowOverride None
84	Require all granted
85	</Directory>
86	''
87	];
88	};
89	};
90	}


diff --git a/nixops/modules/websites/ftp/leila.nix b/nixops/modules/websites/ftp/leila.nix deleted file mode 100644 index 14bfa20..0000000 --- a/nixops/modules/websites/ftp/leila.nix +++ /dev/null
@@ -1,86 +0,0 @@
1	{ lib, pkgs, config, ... }:
2	let
3	cfg = config.services.myWebsites.Leila;
4	varDir = "/var/lib/ftp/leila";
5	in {
6	options.services.myWebsites.Leila = {
7	production = {
8	enable = lib.mkEnableOption "enable Leila's website in production";
9	};
10	};
11
12	config = (lib.mkIf cfg.production.enable {
13	services.myPhpfpm.poolConfigs.leila = ''
14	listen = /run/phpfpm/leila.sock
15	user = wwwrun
16	group = wwwrun
17	listen.owner = wwwrun
18	listen.group = wwwrun
19
20	pm = ondemand
21	pm.max_children = 5
22	pm.process_idle_timeout = 60
23
24	php_admin_value[open_basedir] = "${varDir}:/tmp"
25	'';
26
27	services.webstats.sites = [
28	{ name = "leila.bouya.org"; }
29	{ name = "chorale.leila.bouya.org"; }
30	];
31
32	services.websites.production.modules = [ "proxy_fcgi" ];
33	services.websites.production.vhostConfs.leila_chorale = {
34	certName = "leila";
35	addToCerts = true;
36	hosts = [ "chorale.leila.bouya.org" "chorale-vocanta.fr.nf" "www.chorale-vocanta.fr.nf" ];
37	root = "${varDir}/Chorale";
38	extraConfig = [
39	''
40	Use Stats chorale.leila.bouya.org
41	<Directory ${varDir}/Chorale>
42	DirectoryIndex index.php index.htm index.html
43	Options Indexes FollowSymLinks MultiViews Includes
44	AllowOverride None
45
46	Use LDAPConnect
47	Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
48
49	<FilesMatch "\.php$">
50	SetHandler "proxy:unix:/run/phpfpm/leila.sock\|fcgi://localhost"
51	</FilesMatch>
52	</Directory>
53	''
54	];
55	};
56	services.websites.production.vhostConfs.leila = {
57	certName = "leila";
58	certMainHost = "leila.bouya.org";
59	hosts = [ "leila.bouya.org" ];
60	root = varDir;
61	extraConfig = [
62	''
63	Use Stats leila.bouya.org
64	<Directory ${varDir}/Chorale>
65	DirectoryIndex index.htm index.html
66	Options Indexes FollowSymLinks MultiViews Includes
67	AllowOverride None
68
69	Use LDAPConnect
70	Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
71
72	<FilesMatch "\.php$">
73	SetHandler "proxy:unix:/run/phpfpm/leila.sock\|fcgi://localhost"
74	</FilesMatch>
75	</Directory>
76	<Directory ${varDir}>
77	DirectoryIndex index.htm index.html
78	Options Indexes FollowSymLinks MultiViews Includes
79	AllowOverride None
80	Require all granted
81	</Directory>
82	''
83	];
84	};
85	});
86	}


diff --git a/nixops/modules/websites/ftp/nassime.nix b/nixops/modules/websites/ftp/nassime.nix deleted file mode 100644 index 3c982d3..0000000 --- a/nixops/modules/websites/ftp/nassime.nix +++ /dev/null
@@ -1,38 +0,0 @@
1	{ lib, pkgs, config, myconfig, ... }:
2	let
3	cfg = config.services.myWebsites.Nassime;
4	varDir = "/var/lib/ftp/nassime";
5	env = myconfig.env.websites.nassime;
6	in {
7	options.services.myWebsites.Nassime = {
8	production = {
9	enable = lib.mkEnableOption "enable Nassime's website";
10	};
11	};
12
13	config = lib.mkIf cfg.production.enable {
14	services.webstats.sites = [ { name = "nassime.bouya.org"; } ];
15
16	security.acme.certs."ftp".extraDomains."nassime.bouya.org" = null;
17
18	services.websites.production.vhostConfs.nassime = {
19	certName = "nassime";
20	certMainHost = "nassime.bouya.org";
21	hosts = ["nassime.bouya.org" ];
22	root = varDir;
23	extraConfig = [
24	''
25	Use Stats nassime.bouya.org
26	ServerAdmin ${env.server_admin}
27
28	<Directory ${varDir}>
29	DirectoryIndex index.php index.htm index.html
30	Options Indexes FollowSymLinks MultiViews Includes
31	AllowOverride None
32	Require all granted
33	</Directory>
34	''
35	];
36	};
37	};
38	}


diff --git a/nixops/modules/websites/ftp/papa.nix b/nixops/modules/websites/ftp/papa.nix deleted file mode 100644 index c8d05ef..0000000 --- a/nixops/modules/websites/ftp/papa.nix +++ /dev/null
@@ -1,53 +0,0 @@
1	{ lib, pkgs, config, myconfig, ... }:
2	let
3	cfg = config.services.myWebsites.Papa;
4	varDir = "/var/lib/ftp/papa";
5	in {
6	options.services.myWebsites.Papa = {
7	production = {
8	enable = lib.mkEnableOption "enable Papa's website";
9	};
10	};
11
12	config = lib.mkIf cfg.production.enable {
13	security.acme.certs."ftp".extraDomains."surveillance.maison.bbc.bouya.org" = null;
14
15	services.cron = {
16	systemCronJobs = let
17	script = pkgs.writeScript "cleanup-papa" ''
18	#!${pkgs.stdenv.shell}
19	d=$(date -d "7 days ago" +%Y%m%d)
20	for i in /var/lib/ftp/papa/*/20[0-9][0-9][0-9][0-9][0-9][0-9]; do
21	if [ "$d" -gt $(basename $i) ]; then
22	rm -rf "$i"
23	fi
24	done
25	'';
26	in
27	[
28	''
29	0 6 * * * wwwrun ${script}
30	''
31	];
32	};
33
34	services.websites.production.vhostConfs.papa = {
35	certName = "papa";
36	certMainHost = "surveillance.maison.bbc.bouya.org";
37	hosts = [ "surveillance.maison.bbc.bouya.org" ];
38	root = varDir;
39	extraConfig = [
40	''
41	Use Apaxy "${varDir}" "title .duplicity-ignore"
42	<Directory ${varDir}>
43	Use LDAPConnect
44	Options Indexes
45	AllowOverride None
46	Require ldap-group cn=surveillance.maison.bbc.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
47	</Directory>
48	''
49	];
50	};
51	};
52	}
53


diff --git a/nixops/modules/websites/ftp/release.nix b/nixops/modules/websites/ftp/release.nix deleted file mode 100644 index db3487f..0000000 --- a/nixops/modules/websites/ftp/release.nix +++ /dev/null
@@ -1,43 +0,0 @@
1	{ lib, pkgs, config, myconfig, ... }:
2	let
3	cfg = config.services.myWebsites.Release;
4	varDir = "/var/lib/ftp/release.immae.eu";
5	env = myconfig.env.websites.release;
6	in {
7	options.services.myWebsites.Release = {
8	production = {
9	enable = lib.mkEnableOption "enable Release' website";
10	};
11	};
12
13	config = lib.mkIf cfg.production.enable {
14	services.webstats.sites = [ { name = "release.immae.eu"; } ];
15
16	services.websites.production.vhostConfs.release = {
17	certName = "eldiron";
18	addToCerts = true;
19	hosts = [ "release.immae.eu" ];
20	root = varDir;
21	extraConfig = [
22	''
23	Use Stats release.immae.eu
24
25	Use Apaxy "${varDir}" "title .duplicity-ignore"
26	<Directory "${varDir}">
27	Use LDAPConnect
28	Options Indexes
29	AllowOverride All
30	Require all granted
31	</Directory>
32
33	<Directory "${varDir}/packages">
34	Use LDAPConnect
35	Options Indexes FollowSymlinks
36	AllowOverride None
37	Require all granted
38	</Directory>
39	''
40	];
41	};
42	};
43	}


diff --git a/nixops/modules/websites/ftp/temp.nix b/nixops/modules/websites/ftp/temp.nix deleted file mode 100644 index 86dfde3..0000000 --- a/nixops/modules/websites/ftp/temp.nix +++ /dev/null
@@ -1,40 +0,0 @@
1	{ lib, pkgs, config, myconfig, ... }:
2	let
3	cfg = config.services.myWebsites.Temp;
4	varDir = "/var/lib/ftp/temp.immae.eu";
5	env = myconfig.env.websites.temp;
6	in {
7	options.services.myWebsites.Temp = {
8	production = {
9	enable = lib.mkEnableOption "enable Temp' website";
10	};
11	};
12
13	config = lib.mkIf cfg.production.enable {
14	services.websites.production.modules = [ "headers" ];
15	services.websites.production.vhostConfs.temp = {
16	certName = "eldiron";
17	addToCerts = true;
18	hosts = [ "temp.immae.eu" ];
19	root = varDir;
20	extraConfig = [
21	''
22	Use Apaxy "${varDir}" "title .duplicity-ignore"
23	<FilesMatch ".+">
24	Header set Content-Disposition attachment
25	</FilesMatch>
26	<Directory "${varDir}">
27	Options -Indexes
28	AllowOverride None
29	Require all granted
30	</Directory>
31
32	<DirectoryMatch "${varDir}/(.+)">
33	Options Indexes
34	</DirectoryMatch>
35	''
36	];
37	};
38	};
39	}
40