aboutsummaryrefslogtreecommitdiff
path: root/systems/eldiron/websites/dav
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2023-10-04 01:35:06 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2023-10-04 02:11:48 +0200
commit1a64deeb894dc95e2645a75771732c6cc53a79ad (patch)
tree1b9df4838f894577a09b9b260151756272efeb53 /systems/eldiron/websites/dav
parentfa25ffd4583cc362075cd5e1b4130f33306103f0 (diff)
downloadNix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.gz
Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.zst
Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.zip
Squash changes containing private information
There were a lot of changes since the previous commit, but a lot of them contained personnal information about users. All thos changes got stashed into a single commit (history is kept in a different place) and private information was moved in a separate private repository
Diffstat (limited to 'systems/eldiron/websites/dav')
-rw-r--r--systems/eldiron/websites/dav/davical.nix128
-rw-r--r--systems/eldiron/websites/dav/default.nix140
-rw-r--r--systems/eldiron/websites/dav/www/index.html42
3 files changed, 310 insertions, 0 deletions
diff --git a/systems/eldiron/websites/dav/davical.nix b/systems/eldiron/websites/dav/davical.nix
new file mode 100644
index 0000000..b418cb8
--- /dev/null
+++ b/systems/eldiron/websites/dav/davical.nix
@@ -0,0 +1,128 @@
1{ stdenv, fetchurl, gettext, writeText, env, awl, davical, config }:
2rec {
3 keys."webapps/dav-davical" = {
4 user = apache.user;
5 group = apache.group;
6 permissions = "0400";
7 text = ''
8 <?php
9 $c->pg_connect[] = "dbname=${env.postgresql.database} user=${env.postgresql.user} host=${env.postgresql.socket} password=${env.postgresql.password}";
10
11 $c->readonly_webdav_collections = false;
12
13 $c->admin_email ='davical@tools.immae.eu';
14
15 $c->restrict_setup_to_admin = true;
16
17 $c->collections_always_exist = false;
18
19 $c->external_refresh = 60;
20
21 $c->enable_scheduling = true;
22
23 $c->iMIP = (object) array("send_email" => true);
24
25 $c->authenticate_hook['optional'] = false;
26 $c->authenticate_hook['call'] = 'LDAP_check';
27 $c->authenticate_hook['config'] = array(
28 'host' => '${env.ldap.host}',
29 'port' => '389',
30 'startTLS' => 'yes',
31 'bindDN'=> '${env.ldap.dn}',
32 'passDN'=> '${env.ldap.password}',
33 'protocolVersion' => '3',
34 'baseDNUsers'=> array('ou=users,${env.ldap.base}', 'ou=group_users,${env.ldap.base}'),
35 'filterUsers' => '${env.ldap.filter}',
36 'baseDNGroups' => 'ou=groups,${env.ldap.base}',
37 'filterGroups' => 'memberOf=cn=groups,${env.ldap.dn}',
38 'mapping_field' => array(
39 "username" => "uid",
40 "fullname" => "cn",
41 "email" => "mail",
42 "modified" => "modifyTimestamp",
43 ),
44 'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)),
45 /** used to set default value for all users, will be overcharged by ldap if defined also in mapping_field **/
46 // 'default_value' => array("date_format_type" => "E","locale" => "fr_FR"),
47 'group_mapping_field' => array(
48 "username" => "cn",
49 "updated" => "modifyTimestamp",
50 "fullname" => "givenName",
51 "displayname" => "givenName",
52 "members" => "memberUid",
53 "email" => "mail",
54 ),
55 );
56
57 $c->do_not_sync_from_ldap = array('admin' => true);
58 include('drivers_ldap.php');
59 '';
60 };
61 webapp = davical.override { davical_config = config.secrets.fullPaths."webapps/dav-davical"; };
62 webRoot = "${webapp}/htdocs";
63 apache = rec {
64 user = "wwwrun";
65 group = "wwwrun";
66 modules = [ "proxy_fcgi" ];
67 root = webRoot;
68 vhostConf = socket: ''
69 Alias /davical "${root}"
70 Alias /caldav.php "${root}/caldav.php"
71 <Directory "${root}">
72 DirectoryIndex index.php index.html
73 AcceptPathInfo On
74 AllowOverride None
75 Require all granted
76
77 <FilesMatch "\.php$">
78 CGIPassAuth on
79 SetHandler "proxy:unix:${socket}|fcgi://localhost"
80 </FilesMatch>
81
82 RewriteEngine On
83 <IfModule mod_headers.c>
84 Header unset Access-Control-Allow-Origin
85 Header unset Access-Control-Allow-Methods
86 Header unset Access-Control-Allow-Headers
87 Header unset Access-Control-Allow-Credentials
88 Header unset Access-Control-Expose-Headers
89
90 Header always set Access-Control-Allow-Origin "*"
91 Header always set Access-Control-Allow-Methods "GET,POST,OPTIONS,PROPFIND,PROPPATCH,REPORT,PUT,MOVE,DELETE,LOCK,UNLOCK"
92 Header always set Access-Control-Allow-Headers "User-Agent,Authorization,Content-type,Depth,If-match,If-None-Match,Lock-Token,Timeout,Destination,Overwrite,Prefer,X-client,X-Requested-With"
93 Header always set Access-Control-Allow-Credentials false
94 Header always set Access-Control-Expose-Headers "Etag,Preference-Applied"
95
96 RewriteCond %{HTTP:Access-Control-Request-Method} !^$
97 RewriteCond %{REQUEST_METHOD} OPTIONS
98 RewriteRule ^(.*)$ $1 [R=200,L]
99 </IfModule>
100 </Directory>
101 '';
102 };
103 phpFpm = rec {
104 serviceDeps = [ "postgresql.service" "openldap.service" ];
105 basedir = builtins.concatStringsSep ":" [ webapp config.secrets.fullPaths."webapps/dav-davical" awl ];
106 pool = {
107 "listen.owner" = apache.user;
108 "listen.group" = apache.group;
109 "pm" = "dynamic";
110 "pm.max_children" = "60";
111 "pm.start_servers" = "2";
112 "pm.min_spare_servers" = "1";
113 "pm.max_spare_servers" = "10";
114
115 # Needed to avoid clashes in browser cookies (same domain)
116 "php_value[session.name]" = "DavicalPHPSESSID";
117 "php_admin_value[open_basedir]" = "${basedir}:/tmp";
118 "php_admin_value[include_path]" = "${awl}/inc:${webapp}/inc";
119 "php_admin_value[session.save_handler]" = "redis";
120 "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Davical:'";
121 "php_flag[magic_quotes_gpc]" = "Off";
122 "php_flag[register_globals]" = "Off";
123 "php_admin_value[error_reporting]" = "E_ALL & ~E_NOTICE";
124 "php_admin_value[default_charset]" = "utf-8";
125 "php_flag[magic_quotes_runtime]" = "Off";
126 };
127 };
128}
diff --git a/systems/eldiron/websites/dav/default.nix b/systems/eldiron/websites/dav/default.nix
new file mode 100644
index 0000000..109715d
--- /dev/null
+++ b/systems/eldiron/websites/dav/default.nix
@@ -0,0 +1,140 @@
1{ lib, pkgs, config, ... }:
2let
3 infcloud = rec {
4 root = pkgs.webapps-infcloud;
5 vhostConf = ''
6 Alias /carddavmate ${root}
7 Alias /caldavzap ${root}
8 Alias /infcloud ${root}
9 <Directory ${root}>
10 AllowOverride All
11 Options FollowSymlinks
12 Require all granted
13 DirectoryIndex index.html
14 </Directory>
15 '';
16 };
17 davical = pkgs.callPackage ./davical.nix {
18 env = config.myEnv.tools.davical;
19 davical = pkgs.webapps-davical;
20 awl = pkgs.webapps-awl;
21 inherit config;
22 };
23
24 cfg = config.myServices.websites.tools.dav;
25in {
26 options.myServices.websites.tools.dav = {
27 enable = lib.mkEnableOption "enable dav website";
28 };
29
30 config = lib.mkIf cfg.enable {
31 myServices.dns.zones."immae.eu".subdomains.dav =
32 with config.myServices.dns.helpers; ips servers.eldiron.ips.main;
33
34 myServices.chatonsProperties.services = {
35 davical = {
36 file.datetime = "2022-08-21T01:33:00";
37 service = {
38 name = "Davical";
39 description = "DAViCal is a server for calendar sharing";
40 website = "https://dav.immae.eu";
41 logo = "https://www.davical.org/images/logo.gif";
42 status.level = "OK";
43 status.description = "OK";
44 registration."" = ["MEMBER" "CLIENT"];
45 registration.load = "OPEN";
46 install.type = "PACKAGE";
47 };
48 software = {
49 name = "Davical";
50 website = "https://www.davical.org/";
51 license.url = "https://gitlab.com/davical-project/davical/-/blob/master/COPYING";
52 license.name = "GNU General Public License Version 2";
53 version = pkgs.webapps-davical.version;
54 source.url = "https://gitlab.com/davical-project/davical/";
55 modules = "infcloud";
56 };
57 };
58 #calendar = {
59 # file.datetime = "2022-08-22T00:00:00";
60 # service = {
61 # name = "Calendar";
62 # description = "Opensource CalDAV web client";
63 # website = "https://dav.immae.eu/caldavzap/";
64 # logo = "https://dav.immae.eu/caldavzap/images/infcloud_logo.svg";
65 # status.level = "OK";
66 # status.description = "OK";
67 # registration."" = ["MEMBER" "CLIENT"];
68 # registration.load = "OPEN";
69 # install.type = "PACKAGE";
70 # };
71 # software = {
72 # name = "InfCloud";
73 # website = "https://inf-it.com/open-source/clients/infcloud/";
74 # license.url = "https://www.gnu.org/licenses/agpl-3.0.en.html";
75 # license.name = "GNU Affero General Public License (version 3.0)";
76 # version = pkgs.webapps-infcloud.version;
77 # source.url = "https://inf-it.com/open-source/clients/infcloud/";
78 # };
79 #};
80 #contacts = {
81 # file.datetime = "2022-08-22T00:00:00";
82 # service = {
83 # name = "Contacts";
84 # description = "Opensource Carddav web client";
85 # website = "https://dav.immae.eu/carddavmate/";
86 # logo = "https://dav.immae.eu/caldavzap/images/infcloud_logo.svg";
87 # status.level = "OK";
88 # status.description = "OK";
89 # registration."" = ["MEMBER" "CLIENT"];
90 # registration.load = "OPEN";
91 # install.type = "PACKAGE";
92 # };
93 # software = {
94 # name = "InfCloud";
95 # website = "https://inf-it.com/open-source/clients/infcloud/";
96 # license.url = "https://www.gnu.org/licenses/agpl-3.0.en.html";
97 # license.name = "GNU Affero General Public License (version 3.0)";
98 # version = pkgs.webapps-infcloud.version;
99 # source.url = "https://inf-it.com/open-source/clients/infcloud/";
100 # };
101 #};
102 };
103 secrets.keys = davical.keys;
104 services.websites.env.tools.modules = davical.apache.modules;
105
106 security.acme.certs.eldiron.extraDomainNames = [ "dav.immae.eu" ];
107 services.websites.env.tools.vhostConfs.dav = {
108 certName = "eldiron";
109 hosts = ["dav.immae.eu" ];
110 root = ./www;
111 extraConfig = [
112 infcloud.vhostConf
113 (davical.apache.vhostConf config.services.phpfpm.pools.davical.socket)
114 ];
115 };
116
117 services.phpfpm.pools = {
118 davical = {
119 user = config.services.websites.env.tools.user;
120 group = config.services.websites.env.tools.group;
121 settings = davical.phpFpm.pool;
122 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
123 };
124 };
125 myServices.monitoring.fromMasterActivatedPlugins = [ "http" ];
126 myServices.monitoring.fromMasterObjects.service = [
127 {
128 service_description = "davical website is running on dav.immae.eu";
129 host_name = config.hostEnv.fqdn;
130 use = "external-web-service";
131 check_command = ["check_https" "dav.immae.eu" "/davical/" "Log On Please"];
132
133 servicegroups = "webstatus-webapps";
134 _webstatus_name = "Davical";
135 _webstatus_url = "https://dav.immae.eu/davical";
136 }
137 ];
138 };
139}
140
diff --git a/systems/eldiron/websites/dav/www/index.html b/systems/eldiron/websites/dav/www/index.html
new file mode 100644
index 0000000..91c25ba
--- /dev/null
+++ b/systems/eldiron/websites/dav/www/index.html
@@ -0,0 +1,42 @@
1<!doctype html>
2<html lang="fr">
3 <head>
4 <meta charset="UTF-8">
5 <meta name="viewport" content="width=device-width, initial-scale=1.0">
6 <title>Dav configuration</title>
7 <style type="text/css">
8 body {
9 padding-top: 1em;
10 padding-left: 5px;
11 padding-right: 5px;
12 text-align: left;
13 margin: auto;
14 font: 20px Helvetica, sans-serif;
15 color: #333;
16 height: 100%;
17 min-height: 100%;
18 }
19 span.code {
20 font-family: monospace;
21 }
22 </style>
23 </head>
24 <body>
25 <p>
26 Dav configuration:
27 <ul>
28 <li>Server: <span class="code">https://dav.immae.eu/caldav.php</span>
29 </li>
30 </ul>
31 </p>
32 <p>Clients:
33 <ul>
34 <li><a href="/infcloud">Infcloud (calendar, address book, todo lists)</a></li>
35 <li><a href="/carddavmate">Carddavmate (address book)</a></li>
36 <li><a href="/caldavzap">Caldavzap (calendar, todo lists)</a></li>
37 <li><a href="/davical">Davical (Manage dav account)</a></li>
38 </ul>
39 </p>
40 </body>
41</html>
42