Move websites/tools to modules

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-05-22 20:01:33 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-05-22 20:01:33 +0200
commit: 4288c2f2431fb782b0d512b1b3749187f2374b6a (patch)
tree: aaf812414f91d6b695a7507265e7572de8dc477c /nixops/modules/websites/tools/dav
parent: f40f5b235b890f46770a22f005f8a0f664cf0562 (diff)
download: Nix-4288c2f2431fb782b0d512b1b3749187f2374b6a.tar.gz
Nix-4288c2f2431fb782b0d512b1b3749187f2374b6a.tar.zst
Nix-4288c2f2431fb782b0d512b1b3749187f2374b6a.zip
2 files changed, 0 insertions, 188 deletions
diff --git a/nixops/modules/websites/tools/dav/davical.nix b/nixops/modules/websites/tools/dav/davical.nix
deleted file mode 100644
index 634359d..0000000
--- a/nixops/modules/websites/tools/dav/davical.nix
+++ /dev/null
@@ -1,133 +0,0 @@
-{ stdenv, fetchurl, gettext, writeText, env, awl, davical }:
-rec {
-  keys = [{
-    dest = "webapps/dav-davical";
-    user = apache.user;
-    group = apache.group;
-    permissions = "0400";
-    text = ''
-      <?php
-      $c->pg_connect[] = "dbname=${env.postgresql.database} user=${env.postgresql.user} host=${env.postgresql.socket} password=${env.postgresql.password}";
-      $c->readonly_webdav_collections = false;
-      $c->admin_email ='davical@tools.immae.eu';
-      $c->restrict_setup_to_admin = true;
-      $c->collections_always_exist = false;
-      $c->external_refresh = 60;
-      $c->enable_scheduling = true;
-      $c->iMIP = (object) array("send_email" => true);
-      $c->authenticate_hook['optional'] = false;
-      $c->authenticate_hook['call'] = 'LDAP_check';
-      $c->authenticate_hook['config'] = array(
-          'host' => 'ldap.immae.eu',
-          'port' => '389',
-          'startTLS' => 'yes',
-          'bindDN'=> 'cn=davical,ou=services,dc=immae,dc=eu',
-          'passDN'=> '${env.ldap.password}',
-          'protocolVersion' => '3',
-          'baseDNUsers'=> array('ou=users,dc=immae,dc=eu', 'ou=group_users,dc=immae,dc=eu'),
-          'filterUsers' => 'memberOf=cn=users,cn=davical,ou=services,dc=immae,dc=eu',
-          'baseDNGroups' => 'ou=groups,dc=immae,dc=eu',
-          'filterGroups' => 'memberOf=cn=groups,cn=davical,ou=services,dc=immae,dc=eu',
-          'mapping_field' => array(
-            "username" => "uid",
-            "fullname" => "cn",
-            "email"    => "mail",
-            "modified" => "modifyTimestamp",
-          ),
-          'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)),
-            /** used to set default value for all users, will be overcharged by ldap if defined also in mapping_field **/
-      //    'default_value' => array("date_format_type" => "E","locale" => "fr_FR"),
-          'group_mapping_field' => array(
-            "username"    => "cn",
-            "updated"     => "modifyTimestamp",
-            "fullname"    => "givenName",
-            "displayname" => "givenName",
-            "members"     => "memberUid",
-            "email"       => "mail",
-          ),
-        );
-      $c->do_not_sync_from_ldap = array('admin' => true);
-      include('drivers_ldap.php');
-    '';
-  }];
-  webapp = davical.override { davical_config = "/var/secrets/webapps/dav-davical"; };
-  webRoot = "${webapp}/htdocs";
-  apache = rec {
-    user = "wwwrun";
-    group = "wwwrun";
-    modules = [ "proxy_fcgi" ];
-    webappName = "tools_davical";
-    root = "/run/current-system/webapps/${webappName}";
-    vhostConf = ''
-      Alias /davical "${root}"
-      Alias /caldav.php  "${root}/caldav.php"
-      <Directory "${root}">
-        DirectoryIndex index.php index.html
-        AcceptPathInfo On
-        AllowOverride None
-        Require all granted
-        <FilesMatch "\.php$">
-          CGIPassAuth on
-          SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
-        </FilesMatch>
-        RewriteEngine On
-        <IfModule mod_headers.c>
-                Header unset Access-Control-Allow-Origin
-                Header unset Access-Control-Allow-Methods
-                Header unset Access-Control-Allow-Headers
-                Header unset Access-Control-Allow-Credentials
-                Header unset Access-Control-Expose-Headers
-                Header always set Access-Control-Allow-Origin "*"
-                Header always set Access-Control-Allow-Methods "GET,POST,OPTIONS,PROPFIND,PROPPATCH,REPORT,PUT,MOVE,DELETE,LOCK,UNLOCK"
-                Header always set Access-Control-Allow-Headers "User-Agent,Authorization,Content-type,Depth,If-match,If-None-Match,Lock-Token,Timeout,Destination,Overwrite,Prefer,X-client,X-Requested-With"
-                Header always set Access-Control-Allow-Credentials false
-                Header always set Access-Control-Expose-Headers "Etag,Preference-Applied"
-                RewriteCond %{HTTP:Access-Control-Request-Method} !^$
-                RewriteCond %{REQUEST_METHOD} OPTIONS
-                RewriteRule ^(.*)$ $1 [R=200,L]
-        </IfModule>
-      </Directory>
-      '';
-  };
-  phpFpm = rec {
-    serviceDeps = [ "postgresql.service" "openldap.service" ];
-    basedir = builtins.concatStringsSep ":" [ webapp "/var/secrets/webapps/dav-davical" awl ];
-    socket = "/var/run/phpfpm/davical.sock";
-    pool = ''
-      listen = ${socket}
-      user = ${apache.user}
-      group = ${apache.group}
-      listen.owner = ${apache.user}
-      listen.group = ${apache.group}
-      pm = dynamic
-      pm.max_children = 60
-      pm.start_servers = 2
-      pm.min_spare_servers = 1
-      pm.max_spare_servers = 10
-      ; Needed to avoid clashes in browser cookies (same domain)
-      php_value[session.name] = DavicalPHPSESSID
-      php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/davical"
-      php_admin_value[include_path] = "${awl}/inc:${webapp}/inc"
-      php_admin_value[session.save_path] = "/var/lib/php/sessions/davical"
-      php_flag[magic_quotes_gpc] = Off
-      php_flag[register_globals] = Off
-      php_admin_value[error_reporting] = "E_ALL & ~E_NOTICE"
-      php_admin_value[default_charset] = "utf-8"
-      php_flag[magic_quotes_runtime] = Off
-      '';
-  };
-}
diff --git a/nixops/modules/websites/tools/dav/default.nix b/nixops/modules/websites/tools/dav/default.nix
deleted file mode 100644
index 78e0ba3..0000000
--- a/nixops/modules/websites/tools/dav/default.nix
+++ /dev/null
@@ -1,55 +0,0 @@
-{ lib, pkgs, config, myconfig,  ... }:
-let
-    infcloud = rec {
-      webappName = "tools_infcloud";
-      root = "/run/current-system/webapps/${webappName}";
-      vhostConf = ''
-          Alias /carddavmate ${root}
-          Alias /caldavzap ${root}
-          Alias /infcloud ${root}
-          <Directory ${root}>
-            AllowOverride All
-            Options FollowSymlinks
-            Require all granted
-            DirectoryIndex index.html
-          </Directory>
-      '';
-    };
-    davical = pkgs.callPackage ./davical.nix {
-      env = myconfig.env.tools.davical;
-      inherit (pkgs.webapps) davical awl;
-    };
-    cfg = config.services.myWebsites.tools.dav;
-in {
-  options.services.myWebsites.tools.dav = {
-    enable = lib.mkEnableOption "enable dav website";
-  };
-  config = lib.mkIf cfg.enable {
-    secrets.keys = davical.keys;
-    services.websites.tools.modules = davical.apache.modules;
-    services.websites.tools.vhostConfs.dav = {
-      certName    = "eldiron";
-      addToCerts  = true;
-      hosts       = ["dav.immae.eu" ];
-      root        = null;
-      extraConfig = [
-        infcloud.vhostConf
-        davical.apache.vhostConf
-      ];
-    };
-    services.phpfpm.poolConfigs = {
-      davical = davical.phpFpm.pool;
-    };
-    system.extraSystemBuilderCmds = ''
-      mkdir -p $out/webapps
-      ln -s ${davical.webRoot} $out/webapps/${davical.apache.webappName}
-      ln -s ${pkgs.webapps.infcloud} $out/webapps/${infcloud.webappName}
-      '';
-  };
-}
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-05-22 20:01:33 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-05-22 20:01:33 +0200
commit	4288c2f2431fb782b0d512b1b3749187f2374b6a (patch)
tree	aaf812414f91d6b695a7507265e7572de8dc477c /nixops/modules/websites/tools/dav
parent	f40f5b235b890f46770a22f005f8a0f664cf0562 (diff)
download	Nix-4288c2f2431fb782b0d512b1b3749187f2374b6a.tar.gz Nix-4288c2f2431fb782b0d512b1b3749187f2374b6a.tar.zst Nix-4288c2f2431fb782b0d512b1b3749187f2374b6a.zip

diff --git a/nixops/modules/websites/tools/dav/davical.nix b/nixops/modules/websites/tools/dav/davical.nix deleted file mode 100644 index 634359d..0000000 --- a/nixops/modules/websites/tools/dav/davical.nix +++ /dev/null
@@ -1,133 +0,0 @@
1	{ stdenv, fetchurl, gettext, writeText, env, awl, davical }:
2	rec {
3	keys = [{
4	dest = "webapps/dav-davical";
5	user = apache.user;
6	group = apache.group;
7	permissions = "0400";
8	text = ''
9	<?php
10	$c->pg_connect[] = "dbname=${env.postgresql.database} user=${env.postgresql.user} host=${env.postgresql.socket} password=${env.postgresql.password}";
11
12	$c->readonly_webdav_collections = false;
13
14	$c->admin_email ='davical@tools.immae.eu';
15
16	$c->restrict_setup_to_admin = true;
17
18	$c->collections_always_exist = false;
19
20	$c->external_refresh = 60;
21
22	$c->enable_scheduling = true;
23
24	$c->iMIP = (object) array("send_email" => true);
25
26	$c->authenticate_hook['optional'] = false;
27	$c->authenticate_hook['call'] = 'LDAP_check';
28	$c->authenticate_hook['config'] = array(
29	'host' => 'ldap.immae.eu',
30	'port' => '389',
31	'startTLS' => 'yes',
32	'bindDN'=> 'cn=davical,ou=services,dc=immae,dc=eu',
33	'passDN'=> '${env.ldap.password}',
34	'protocolVersion' => '3',
35	'baseDNUsers'=> array('ou=users,dc=immae,dc=eu', 'ou=group_users,dc=immae,dc=eu'),
36	'filterUsers' => 'memberOf=cn=users,cn=davical,ou=services,dc=immae,dc=eu',
37	'baseDNGroups' => 'ou=groups,dc=immae,dc=eu',
38	'filterGroups' => 'memberOf=cn=groups,cn=davical,ou=services,dc=immae,dc=eu',
39	'mapping_field' => array(
40	"username" => "uid",
41	"fullname" => "cn",
42	"email" => "mail",
43	"modified" => "modifyTimestamp",
44	),
45	'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)),
46	/ used to set default value for all users, will be overcharged by ldap if defined also in mapping_field /
47	// 'default_value' => array("date_format_type" => "E","locale" => "fr_FR"),
48	'group_mapping_field' => array(
49	"username" => "cn",
50	"updated" => "modifyTimestamp",
51	"fullname" => "givenName",
52	"displayname" => "givenName",
53	"members" => "memberUid",
54	"email" => "mail",
55	),
56	);
57
58	$c->do_not_sync_from_ldap = array('admin' => true);
59	include('drivers_ldap.php');
60	'';
61	}];
62	webapp = davical.override { davical_config = "/var/secrets/webapps/dav-davical"; };
63	webRoot = "${webapp}/htdocs";
64	apache = rec {
65	user = "wwwrun";
66	group = "wwwrun";
67	modules = [ "proxy_fcgi" ];
68	webappName = "tools_davical";
69	root = "/run/current-system/webapps/${webappName}";
70	vhostConf = ''
71	Alias /davical "${root}"
72	Alias /caldav.php "${root}/caldav.php"
73	<Directory "${root}">
74	DirectoryIndex index.php index.html
75	AcceptPathInfo On
76	AllowOverride None
77	Require all granted
78
79	<FilesMatch "\.php$">
80	CGIPassAuth on
81	SetHandler "proxy:unix:${phpFpm.socket}\|fcgi://localhost"
82	</FilesMatch>
83
84	RewriteEngine On
85	<IfModule mod_headers.c>
86	Header unset Access-Control-Allow-Origin
87	Header unset Access-Control-Allow-Methods
88	Header unset Access-Control-Allow-Headers
89	Header unset Access-Control-Allow-Credentials
90	Header unset Access-Control-Expose-Headers
91
92	Header always set Access-Control-Allow-Origin "*"
93	Header always set Access-Control-Allow-Methods "GET,POST,OPTIONS,PROPFIND,PROPPATCH,REPORT,PUT,MOVE,DELETE,LOCK,UNLOCK"
94	Header always set Access-Control-Allow-Headers "User-Agent,Authorization,Content-type,Depth,If-match,If-None-Match,Lock-Token,Timeout,Destination,Overwrite,Prefer,X-client,X-Requested-With"
95	Header always set Access-Control-Allow-Credentials false
96	Header always set Access-Control-Expose-Headers "Etag,Preference-Applied"
97
98	RewriteCond %{HTTP:Access-Control-Request-Method} !^$
99	RewriteCond %{REQUEST_METHOD} OPTIONS
100	RewriteRule ^(.*)$ $1 [R=200,L]
101	</IfModule>
102	</Directory>
103	'';
104	};
105	phpFpm = rec {
106	serviceDeps = [ "postgresql.service" "openldap.service" ];
107	basedir = builtins.concatStringsSep ":" [ webapp "/var/secrets/webapps/dav-davical" awl ];
108	socket = "/var/run/phpfpm/davical.sock";
109	pool = ''
110	listen = ${socket}
111	user = ${apache.user}
112	group = ${apache.group}
113	listen.owner = ${apache.user}
114	listen.group = ${apache.group}
115	pm = dynamic
116	pm.max_children = 60
117	pm.start_servers = 2
118	pm.min_spare_servers = 1
119	pm.max_spare_servers = 10
120
121	; Needed to avoid clashes in browser cookies (same domain)
122	php_value[session.name] = DavicalPHPSESSID
123	php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/davical"
124	php_admin_value[include_path] = "${awl}/inc:${webapp}/inc"
125	php_admin_value[session.save_path] = "/var/lib/php/sessions/davical"
126	php_flag[magic_quotes_gpc] = Off
127	php_flag[register_globals] = Off
128	php_admin_value[error_reporting] = "E_ALL & ~E_NOTICE"
129	php_admin_value[default_charset] = "utf-8"
130	php_flag[magic_quotes_runtime] = Off
131	'';
132	};
133	}


diff --git a/nixops/modules/websites/tools/dav/default.nix b/nixops/modules/websites/tools/dav/default.nix deleted file mode 100644 index 78e0ba3..0000000 --- a/nixops/modules/websites/tools/dav/default.nix +++ /dev/null
@@ -1,55 +0,0 @@
1	{ lib, pkgs, config, myconfig, ... }:
2	let
3	infcloud = rec {
4	webappName = "tools_infcloud";
5	root = "/run/current-system/webapps/${webappName}";
6	vhostConf = ''
7	Alias /carddavmate ${root}
8	Alias /caldavzap ${root}
9	Alias /infcloud ${root}
10	<Directory ${root}>
11	AllowOverride All
12	Options FollowSymlinks
13	Require all granted
14	DirectoryIndex index.html
15	</Directory>
16	'';
17	};
18	davical = pkgs.callPackage ./davical.nix {
19	env = myconfig.env.tools.davical;
20	inherit (pkgs.webapps) davical awl;
21	};
22
23	cfg = config.services.myWebsites.tools.dav;
24	in {
25	options.services.myWebsites.tools.dav = {
26	enable = lib.mkEnableOption "enable dav website";
27	};
28
29	config = lib.mkIf cfg.enable {
30	secrets.keys = davical.keys;
31	services.websites.tools.modules = davical.apache.modules;
32
33	services.websites.tools.vhostConfs.dav = {
34	certName = "eldiron";
35	addToCerts = true;
36	hosts = ["dav.immae.eu" ];
37	root = null;
38	extraConfig = [
39	infcloud.vhostConf
40	davical.apache.vhostConf
41	];
42	};
43
44	services.phpfpm.poolConfigs = {
45	davical = davical.phpFpm.pool;
46	};
47
48	system.extraSystemBuilderCmds = ''
49	mkdir -p $out/webapps
50	ln -s ${davical.webRoot} $out/webapps/${davical.apache.webappName}
51	ln -s ${pkgs.webapps.infcloud} $out/webapps/${infcloud.webappName}
52	'';
53	};
54	}
55