Add surveillance for papa

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-05-01 13:49:37 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-05-01 15:44:24 +0200
commit: 97953ca44b0438d6b366d610678906944ea63835 (patch)
tree: 54ee38dd7353d2843a7ebe92ae223cbf102c4d38 /nixops
parent: 11234d0798eeb56b2a09bfc66925e782ace465e3 (diff)
download: Nix-97953ca44b0438d6b366d610678906944ea63835.tar.gz
Nix-97953ca44b0438d6b366d610678906944ea63835.tar.zst
Nix-97953ca44b0438d6b366d610678906944ea63835.zip
2 files changed, 57 insertions, 0 deletions
diff --git a/nixops/modules/websites/default.nix b/nixops/modules/websites/default.nix
index b0bc7a4..6a0a19f 100644
--- a/nixops/modules/websites/default.nix
+++ b/nixops/modules/websites/default.nix
@@ -117,6 +117,7 @@ in
    ./ftp/florian.nix
    ./ftp/denisejerome.nix
    ./ftp/leila.nix
+    ./ftp/papa.nix
    ./ftp/immae.nix
    ./ftp/release.nix
    ./ftp/temp.nix
@@ -214,6 +215,7 @@ in
    services.myWebsites.Nassime.production.enable = cfg.production.enable;
    services.myWebsites.Florian.production.enable = cfg.production.enable;
    services.myWebsites.Leila.production.enable = cfg.production.enable;
+    services.myWebsites.Papa.production.enable = cfg.production.enable;
    services.myWebsites.DeniseJerome.production.enable = cfg.production.enable;
    services.myWebsites.Emilia.production.enable = cfg.production.enable;
    services.myWebsites.Capitaines.production.enable = cfg.production.enable;
diff --git a/nixops/modules/websites/ftp/papa.nix b/nixops/modules/websites/ftp/papa.nix
new file mode 100644
index 0000000..ca1aabe
--- /dev/null
+++ b/nixops/modules/websites/ftp/papa.nix
@@ -0,0 +1,55 @@
+{ lib, pkgs, config, myconfig, mylibs, ... }:
+let
+    cfg = config.services.myWebsites.Papa;
+    varDir = "/var/lib/ftp/papa";
+in {
+  options.services.myWebsites.Papa = {
+    production = {
+      enable = lib.mkEnableOption "enable Papa's website";
+    };
+  };
+  config = lib.mkIf cfg.production.enable {
+    security.acme.certs."ftp".extraDomains."surveillance.maison.bbc.bouya.org" = null;
+    security.acme.certs."papa" = config.services.myCertificates.certConfig // {
+      domain = "surveillance.maison.bbc.bouya.org";
+    };
+    services.cron = {
+      systemCronJobs = let
+        script = pkgs.writeScript "cleanup-papa" ''
+          #!${pkgs.stdenv.shell}
+          d=$(date -d "7 days ago" +%Y%m%d)
+          for i in /var/lib/ftp/papa/*/20[0-9][0-9][0-9][0-9][0-9][0-9]; do
+            if [ "$d" -gt $(basename $i) ]; then
+              rm -rf "$i"
+            fi
+          done
+          '';
+      in
+        [
+        ''
+          0 6 * * * wwwrun ${script}
+        ''
+      ];
+    };
+    services.myWebsites.production.vhostConfs.papa = {
+      certName    = "papa";
+      hosts       = [ "surveillance.maison.bbc.bouya.org" ];
+      root        = varDir;
+      extraConfig = [
+        ''
+        Use Apaxy "${varDir}" "title .duplicity-ignore"
+        <Directory ${varDir}>
+          Use LDAPConnect
+          Options Indexes
+          AllowOverride None
+          Require ldap-group   cn=surveillance.maison.bbc.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
+        </Directory>
+          ''
+      ];
+    };
+  };
+}
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-05-01 13:49:37 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-05-01 15:44:24 +0200
commit	97953ca44b0438d6b366d610678906944ea63835 (patch)
tree	54ee38dd7353d2843a7ebe92ae223cbf102c4d38 /nixops
parent	11234d0798eeb56b2a09bfc66925e782ace465e3 (diff)
download	Nix-97953ca44b0438d6b366d610678906944ea63835.tar.gz Nix-97953ca44b0438d6b366d610678906944ea63835.tar.zst Nix-97953ca44b0438d6b366d610678906944ea63835.zip

diff --git a/nixops/modules/websites/default.nix b/nixops/modules/websites/default.nix index b0bc7a4..6a0a19f 100644 --- a/nixops/modules/websites/default.nix +++ b/nixops/modules/websites/default.nix
@@ -117,6 +117,7 @@ in
117	./ftp/florian.nix	117	./ftp/florian.nix
118	./ftp/denisejerome.nix	118	./ftp/denisejerome.nix
119	./ftp/leila.nix	119	./ftp/leila.nix
		120	./ftp/papa.nix
120	./ftp/immae.nix	121	./ftp/immae.nix
121	./ftp/release.nix	122	./ftp/release.nix
122	./ftp/temp.nix	123	./ftp/temp.nix
@@ -214,6 +215,7 @@ in
214	services.myWebsites.Nassime.production.enable = cfg.production.enable;	215	services.myWebsites.Nassime.production.enable = cfg.production.enable;
215	services.myWebsites.Florian.production.enable = cfg.production.enable;	216	services.myWebsites.Florian.production.enable = cfg.production.enable;
216	services.myWebsites.Leila.production.enable = cfg.production.enable;	217	services.myWebsites.Leila.production.enable = cfg.production.enable;
		218	services.myWebsites.Papa.production.enable = cfg.production.enable;
217	services.myWebsites.DeniseJerome.production.enable = cfg.production.enable;	219	services.myWebsites.DeniseJerome.production.enable = cfg.production.enable;
218	services.myWebsites.Emilia.production.enable = cfg.production.enable;	220	services.myWebsites.Emilia.production.enable = cfg.production.enable;
219	services.myWebsites.Capitaines.production.enable = cfg.production.enable;	221	services.myWebsites.Capitaines.production.enable = cfg.production.enable;


diff --git a/nixops/modules/websites/ftp/papa.nix b/nixops/modules/websites/ftp/papa.nix new file mode 100644 index 0000000..ca1aabe --- /dev/null +++ b/nixops/modules/websites/ftp/papa.nix
@@ -0,0 +1,55 @@
		1	{ lib, pkgs, config, myconfig, mylibs, ... }:
		2	let
		3	cfg = config.services.myWebsites.Papa;
		4	varDir = "/var/lib/ftp/papa";
		5	in {
		6	options.services.myWebsites.Papa = {
		7	production = {
		8	enable = lib.mkEnableOption "enable Papa's website";
		9	};
		10	};
		11
		12	config = lib.mkIf cfg.production.enable {
		13	security.acme.certs."ftp".extraDomains."surveillance.maison.bbc.bouya.org" = null;
		14	security.acme.certs."papa" = config.services.myCertificates.certConfig // {
		15	domain = "surveillance.maison.bbc.bouya.org";
		16	};
		17
		18	services.cron = {
		19	systemCronJobs = let
		20	script = pkgs.writeScript "cleanup-papa" ''
		21	#!${pkgs.stdenv.shell}
		22	d=$(date -d "7 days ago" +%Y%m%d)
		23	for i in /var/lib/ftp/papa/*/20[0-9][0-9][0-9][0-9][0-9][0-9]; do
		24	if [ "$d" -gt $(basename $i) ]; then
		25	rm -rf "$i"
		26	fi
		27	done
		28	'';
		29	in
		30	[
		31	''
		32	0 6 * * * wwwrun ${script}
		33	''
		34	];
		35	};
		36
		37	services.myWebsites.production.vhostConfs.papa = {
		38	certName = "papa";
		39	hosts = [ "surveillance.maison.bbc.bouya.org" ];
		40	root = varDir;
		41	extraConfig = [
		42	''
		43	Use Apaxy "${varDir}" "title .duplicity-ignore"
		44	<Directory ${varDir}>
		45	Use LDAPConnect
		46	Options Indexes
		47	AllowOverride None
		48	Require ldap-group cn=surveillance.maison.bbc.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
		49	</Directory>
		50	''
		51	];
		52	};
		53	};
		54	}
		55