Squash changes containing private information

There were a lot of changes since the previous commit, but a lot of them contained personnal information about users. All thos changes got stashed into a single commit (history is kept in a different place) and private information was moved in a separate private repository
author: Ismaël Bouya <ismael.bouya@normalesup.org> 2023-10-04 01:35:06 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2023-10-04 02:11:48 +0200
commit: 1a64deeb894dc95e2645a75771732c6cc53a79ad (patch)
tree: 1b9df4838f894577a09b9b260151756272efeb53 /systems/eldiron/websites/immae
parent: fa25ffd4583cc362075cd5e1b4130f33306103f0 (diff)
download: Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.gz
Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.zst
Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.zip
5 files changed, 184 insertions, 0 deletions
diff --git a/systems/eldiron/websites/immae/matrix/client b/systems/eldiron/websites/immae/matrix/client
new file mode 100644
index 0000000..89136a0
--- /dev/null
+++ b/systems/eldiron/websites/immae/matrix/client
@@ -0,0 +1,11 @@
+{
+    "m.homeserver": {
+        "base_url": "https://immae.ems.host"
+    },
+    "m.identity_server": {
+        "base_url": "https://vector.im"
+    },
+    "org.matrix.msc3575.proxy": {
+        "url": "https://immae.ems.host"
+    }
+}
diff --git a/systems/eldiron/websites/immae/matrix/server b/systems/eldiron/websites/immae/matrix/server
new file mode 100644
index 0000000..449155a
--- /dev/null
+++ b/systems/eldiron/websites/immae/matrix/server
@@ -0,0 +1,3 @@
+{
+    "m.server": "immae.ems.host:443"
+}
diff --git a/systems/eldiron/websites/immae/production.nix b/systems/eldiron/websites/immae/production.nix
new file mode 100644
index 0000000..e4060ba
--- /dev/null
+++ b/systems/eldiron/websites/immae/production.nix
@@ -0,0 +1,107 @@
+{ lib, pkgs, config,  ... }:
+let
+  cfg = config.myServices.websites.immae.production;
+  varDir = "/var/lib/buildbot/outputs/immae/blog";
+  historyDir = "/var/lib/buildbot/outputs/immae/history";
+  docsDir = "/var/lib/buildbot/outputs/immae/docs/";
+in {
+  options.myServices.websites.immae.production.enable = lib.mkEnableOption "enable Immae's website";
+  config = lib.mkIf cfg.enable {
+    myServices.dns.zones."immae.eu".subdomains = with config.myServices.dns.helpers;
+      {
+        www = ips servers.eldiron.ips.production;
+        matrix.CNAME = [ "immae.element.io." ];
+      };
+    services.webstats.sites = [ { name = "www.immae.eu"; } ];
+    security.acme.certs.immae.domain = "www.immae.eu";
+    security.acme.certs.immae.extraDomainNames = [ "immae.eu" ];
+    services.websites.env.production.bindMounts."${varDir}" = {};
+    services.websites.env.production.bindMounts."${docsDir}" = {};
+    services.websites.env.production.bindMounts."${historyDir}" = {};
+    services.websites.env.production.vhostConfs.immae_production = {
+      certName     = "immae";
+      hosts        = [ "www.immae.eu" "immae.eu" ];
+      root         = varDir;
+      extraConfig  = [
+        ''
+        Use Stats www.immae.eu
+        Header always set Strict-Transport-Security "max-age=31536000"
+        <LocationMatch /.well-known/(webfinger|host-meta)>
+          Header always set Referrer-Policy "strict-origin-when-cross-origin"
+          RequestHeader set X-Forwarded-Proto "https"
+          RewriteRule ^(.*)$ https://mastodon.immae.eu%{REQUEST_URI} [QSA,L]
+        </LocationMatch>
+        RewriteEngine On
+        RewriteCond "%{REQUEST_URI}" "!^/.well-known/(webfinger|host-meta)"
+        RewriteCond "%{HTTP_HOST}" "!^www\.immae\.eu$" [NC]
+        RewriteRule ^(.+)$ https://www.immae.eu$1 [R=302,L]
+        <Directory ${varDir}>
+          DirectoryIndex index.htm index.html
+          Options Indexes FollowSymLinks MultiViews Includes
+          AllowOverride All
+          Require all granted
+        </Directory>
+        Alias /.well-known/matrix ${./matrix}
+        <Directory ${./matrix}>
+          Options Indexes FollowSymLinks MultiViews Includes
+          AllowOverride None
+          Require all granted
+          Header always set Access-Control-Allow-Origin "*"
+        </Directory>
+        Alias /docs ${docsDir}
+        <Directory ${docsDir}>
+          DirectoryIndex index.htm index.html
+          Options Indexes FollowSymLinks MultiViews Includes
+          AllowOverride All
+          Require all granted
+        </Directory>
+        Alias /eurl ${./sarl}
+        Alias /eurl ${./sarl}
+        <Directory ${./sarl}>
+          DirectoryIndex index.htm index.html
+          Options Indexes FollowSymLinks MultiViews Includes
+          AllowOverride None
+          Require all granted
+        </Directory>
+        Alias /history ${historyDir}
+        <Directory ${historyDir}>
+          DirectoryIndex index.html
+          AllowOverride None
+          Require all granted
+        </Directory>
+        Alias /.well-known/chatonsinfos ${config.myServices.chatonsProperties.propertiesPath}
+        <Directory ${config.myServices.chatonsProperties.propertiesPath}>
+          Options Indexes FollowSymLinks MultiViews Includes
+          AllowOverride None
+          Require all granted
+        </Directory>
+        ''
+      ];
+    };
+    myServices.monitoring.fromMasterActivatedPlugins = [ "http" ];
+    myServices.monitoring.fromMasterObjects.service = [
+      {
+        service_description = "blog website is running on immae.eu";
+        host_name = config.hostEnv.fqdn;
+        use = "external-web-service";
+        check_command = ["check_https" "www.immae.eu" "/blog/" "egrep -ri TODO /etc"];
+        servicegroups = "webstatus-websites";
+        _webstatus_name = "Immae’s Blog";
+        _webstatus_url = "https://www.immae.eu/blog";
+      }
+    ];
+  };
+}
diff --git a/systems/eldiron/websites/immae/release.nix b/systems/eldiron/websites/immae/release.nix
new file mode 100644
index 0000000..4882bac
--- /dev/null
+++ b/systems/eldiron/websites/immae/release.nix
@@ -0,0 +1,40 @@
+{ lib, pkgs, config,  ... }:
+let
+  cfg = config.myServices.websites.immae.release;
+  varDir = "/var/lib/ftp/release.immae.eu";
+in {
+  options.myServices.websites.immae.release.enable = lib.mkEnableOption "enable Release' website";
+  config = lib.mkIf cfg.enable {
+    myServices.dns.zones."immae.eu".subdomains.release = with config.myServices.dns.helpers;
+      ips servers.eldiron.ips.production;
+    services.webstats.sites = [ { name = "release.immae.eu"; } ];
+    security.acme.certs.immae.extraDomainNames = [ "release.immae.eu" ];
+    services.websites.env.production.vhostConfs.immae_release = {
+      certName    = "immae";
+      hosts       = [ "release.immae.eu" ];
+      root        = varDir;
+      extraConfig = [
+        ''
+        Use Stats release.immae.eu
+        Use Apaxy "${varDir}" "title .duplicity-ignore"
+        <Directory "${varDir}">
+          Use LDAPConnect
+          Options Indexes
+          AllowOverride All
+          Require all granted
+        </Directory>
+        <Directory "${varDir}/packages">
+          Use LDAPConnect
+          Options Indexes FollowSymlinks
+          AllowOverride None
+          Require all granted
+        </Directory>
+        ''
+      ];
+    };
+  };
+}
diff --git a/systems/eldiron/websites/immae/sarl/certificates/2021-certificate.crt b/systems/eldiron/websites/immae/sarl/certificates/2021-certificate.crt
new file mode 100644
index 0000000..671534c
--- /dev/null
+++ b/systems/eldiron/websites/immae/sarl/certificates/2021-certificate.crt
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDyzCCArOgAwIBAgIUXNW7Lmte+fa5YxI7Gdznl7ZaLPIwDQYJKoZIhvcNAQEL
+BQAwdTELMAkGA1UEBhMCRlIxGDAWBgNVBAgMD0FscGVzLU1hcml0aW1lczEPMA0G
+A1UEBwwGR3Jhc3NlMRUwEwYDVQQKDAxJbW1hZUV1IEVVUkwxJDAiBgkqhkiG9w0B
+CQEWFWNvbnRhY3RAbWFpbC5pbW1hZS5ldTAeFw0yMTAxMTkwMDI5MDlaFw0yMjAx
+MTkwMDI5MDlaMHUxCzAJBgNVBAYTAkZSMRgwFgYDVQQIDA9BbHBlcy1NYXJpdGlt
+ZXMxDzANBgNVBAcMBkdyYXNzZTEVMBMGA1UECgwMSW1tYWVFdSBFVVJMMSQwIgYJ
+KoZIhvcNAQkBFhVjb250YWN0QG1haWwuaW1tYWUuZXUwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDeyWKvTu2kuJ2HSgRzZZL6yFNHUXGgcl/q8vlRKFI4
+P0yHwcEwDCaCXquqS09WN99H55aNTjHfnu70dZXogyWHGk4vlaUkGiUoCAYK5tFU
+34fzpZuInhBL8nRY0pRV4H2t02jQMyiYowZXTqR86BRocbXZ4TY5EwD/hlrH6iDc
+pIlC7cVnWV4J5qXX9fXALbpXseD9PF0/y2tP5dM658jBL9KdW1PqlPGudvB44Z+a
+pE8XCXF9PGrVBNN7aPmizOb42scx/2XghX1DYCikiUf8m+FGjidxGlXmj4B6Dukp
+b7RxdkY7p97svH91uMQuUvDW5d93ZiatHNeYuAl8yI39AgMBAAGjUzBRMB0GA1Ud
+DgQWBBSgsFwzEybKyLF/Bkuz7FA5SwfwPTAfBgNVHSMEGDAWgBSgsFwzEybKyLF/
+Bkuz7FA5SwfwPTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQDX
+Wij/gDT+7N/pSSVWImiYoe+/KsAJd0TLs39GJkvW0114RXKINYNU8exNY7rKMVCl
+TKePEevSo5CCartNfLXGIr3uqPlR+V3XF6KmyMSiB6k+GukoUtUg2Bp7ESGlpZXi
+wkHYclk0NIzxWyUrzNdflxu3gPU278qFMbUIlbdWNsHtrLbpHypelPQ+IaEbNoWV
+Q+M8Vg6ifsDmhp7TqFXpIoGa6CIxXuknDOidBpeE9kPjVu0kKrjXQULirNl3eEe6
+H1XUQ7lSdt/l3N1cHTj70x2xIi6fdwPQRqhXILrIuST+C0wpPiqPCv1rfcwh0PvU
+mZVZ/+83y3Zuo9lVqkbB
+-----END CERTIFICATE-----
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2023-10-04 01:35:06 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2023-10-04 02:11:48 +0200
commit	1a64deeb894dc95e2645a75771732c6cc53a79ad (patch)
tree	1b9df4838f894577a09b9b260151756272efeb53 /systems/eldiron/websites/immae
parent	fa25ffd4583cc362075cd5e1b4130f33306103f0 (diff)
download	Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.gz Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.zst Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.zip

diff --git a/systems/eldiron/websites/immae/matrix/client b/systems/eldiron/websites/immae/matrix/client new file mode 100644 index 0000000..89136a0 --- /dev/null +++ b/systems/eldiron/websites/immae/matrix/client
@@ -0,0 +1,11 @@
	1	{
	2	"m.homeserver": {
	3	"base_url": "https://immae.ems.host"
	4	},
	5	"m.identity_server": {
	6	"base_url": "https://vector.im"
	7	},
	8	"org.matrix.msc3575.proxy": {
	9	"url": "https://immae.ems.host"
	10	}
	11	}


diff --git a/systems/eldiron/websites/immae/matrix/server b/systems/eldiron/websites/immae/matrix/server new file mode 100644 index 0000000..449155a --- /dev/null +++ b/systems/eldiron/websites/immae/matrix/server
@@ -0,0 +1,3 @@
	1	{
	2	"m.server": "immae.ems.host:443"
	3	}


diff --git a/systems/eldiron/websites/immae/production.nix b/systems/eldiron/websites/immae/production.nix new file mode 100644 index 0000000..e4060ba --- /dev/null +++ b/systems/eldiron/websites/immae/production.nix
@@ -0,0 +1,107 @@
	1	{ lib, pkgs, config, ... }:
	2	let
	3	cfg = config.myServices.websites.immae.production;
	4	varDir = "/var/lib/buildbot/outputs/immae/blog";
	5	historyDir = "/var/lib/buildbot/outputs/immae/history";
	6	docsDir = "/var/lib/buildbot/outputs/immae/docs/";
	7	in {
	8	options.myServices.websites.immae.production.enable = lib.mkEnableOption "enable Immae's website";
	9
	10	config = lib.mkIf cfg.enable {
	11	myServices.dns.zones."immae.eu".subdomains = with config.myServices.dns.helpers;
	12	{
	13	www = ips servers.eldiron.ips.production;
	14	matrix.CNAME = [ "immae.element.io." ];
	15	};
	16	services.webstats.sites = [ { name = "www.immae.eu"; } ];
	17
	18	security.acme.certs.immae.domain = "www.immae.eu";
	19	security.acme.certs.immae.extraDomainNames = [ "immae.eu" ];
	20	services.websites.env.production.bindMounts."${varDir}" = {};
	21	services.websites.env.production.bindMounts."${docsDir}" = {};
	22	services.websites.env.production.bindMounts."${historyDir}" = {};
	23	services.websites.env.production.vhostConfs.immae_production = {
	24	certName = "immae";
	25	hosts = [ "www.immae.eu" "immae.eu" ];
	26	root = varDir;
	27	extraConfig = [
	28	''
	29	Use Stats www.immae.eu
	30	Header always set Strict-Transport-Security "max-age=31536000"
	31
	32	<LocationMatch /.well-known/(webfinger\|host-meta)>
	33	Header always set Referrer-Policy "strict-origin-when-cross-origin"
	34	RequestHeader set X-Forwarded-Proto "https"
	35
	36	RewriteRule ^(.*)$ https://mastodon.immae.eu%{REQUEST_URI} [QSA,L]
	37	</LocationMatch>
	38
	39	RewriteEngine On
	40	RewriteCond "%{REQUEST_URI}" "!^/.well-known/(webfinger\|host-meta)"
	41	RewriteCond "%{HTTP_HOST}" "!^www\.immae\.eu$" [NC]
	42	RewriteRule ^(.+)$ https://www.immae.eu$1 [R=302,L]
	43
	44	<Directory ${varDir}>
	45	DirectoryIndex index.htm index.html
	46	Options Indexes FollowSymLinks MultiViews Includes
	47	AllowOverride All
	48	Require all granted
	49	</Directory>
	50
	51	Alias /.well-known/matrix ${./matrix}
	52	<Directory ${./matrix}>
	53	Options Indexes FollowSymLinks MultiViews Includes
	54	AllowOverride None
	55	Require all granted
	56	Header always set Access-Control-Allow-Origin "*"
	57	</Directory>
	58
	59	Alias /docs ${docsDir}
	60	<Directory ${docsDir}>
	61	DirectoryIndex index.htm index.html
	62	Options Indexes FollowSymLinks MultiViews Includes
	63	AllowOverride All
	64	Require all granted
	65	</Directory>
	66
	67	Alias /eurl ${./sarl}
	68	Alias /eurl ${./sarl}
	69	<Directory ${./sarl}>
	70	DirectoryIndex index.htm index.html
	71	Options Indexes FollowSymLinks MultiViews Includes
	72	AllowOverride None
	73	Require all granted
	74	</Directory>
	75
	76	Alias /history ${historyDir}
	77	<Directory ${historyDir}>
	78	DirectoryIndex index.html
	79	AllowOverride None
	80	Require all granted
	81	</Directory>
	82
	83	Alias /.well-known/chatonsinfos ${config.myServices.chatonsProperties.propertiesPath}
	84	<Directory ${config.myServices.chatonsProperties.propertiesPath}>
	85	Options Indexes FollowSymLinks MultiViews Includes
	86	AllowOverride None
	87	Require all granted
	88	</Directory>
	89	''
	90	];
	91	};
	92
	93	myServices.monitoring.fromMasterActivatedPlugins = [ "http" ];
	94	myServices.monitoring.fromMasterObjects.service = [
	95	{
	96	service_description = "blog website is running on immae.eu";
	97	host_name = config.hostEnv.fqdn;
	98	use = "external-web-service";
	99	check_command = ["check_https" "www.immae.eu" "/blog/" "egrep -ri TODO /etc"];
	100
	101	servicegroups = "webstatus-websites";
	102	_webstatus_name = "Immae’s Blog";
	103	_webstatus_url = "https://www.immae.eu/blog";
	104	}
	105	];
	106	};
	107	}


diff --git a/systems/eldiron/websites/immae/release.nix b/systems/eldiron/websites/immae/release.nix new file mode 100644 index 0000000..4882bac --- /dev/null +++ b/systems/eldiron/websites/immae/release.nix
@@ -0,0 +1,40 @@
	1	{ lib, pkgs, config, ... }:
	2	let
	3	cfg = config.myServices.websites.immae.release;
	4	varDir = "/var/lib/ftp/release.immae.eu";
	5	in {
	6	options.myServices.websites.immae.release.enable = lib.mkEnableOption "enable Release' website";
	7
	8	config = lib.mkIf cfg.enable {
	9	myServices.dns.zones."immae.eu".subdomains.release = with config.myServices.dns.helpers;
	10	ips servers.eldiron.ips.production;
	11	services.webstats.sites = [ { name = "release.immae.eu"; } ];
	12
	13	security.acme.certs.immae.extraDomainNames = [ "release.immae.eu" ];
	14	services.websites.env.production.vhostConfs.immae_release = {
	15	certName = "immae";
	16	hosts = [ "release.immae.eu" ];
	17	root = varDir;
	18	extraConfig = [
	19	''
	20	Use Stats release.immae.eu
	21
	22	Use Apaxy "${varDir}" "title .duplicity-ignore"
	23	<Directory "${varDir}">
	24	Use LDAPConnect
	25	Options Indexes
	26	AllowOverride All
	27	Require all granted
	28	</Directory>
	29
	30	<Directory "${varDir}/packages">
	31	Use LDAPConnect
	32	Options Indexes FollowSymlinks
	33	AllowOverride None
	34	Require all granted
	35	</Directory>
	36	''
	37	];
	38	};
	39	};
	40	}


diff --git a/systems/eldiron/websites/immae/sarl/certificates/2021-certificate.crt b/systems/eldiron/websites/immae/sarl/certificates/2021-certificate.crt new file mode 100644 index 0000000..671534c --- /dev/null +++ b/systems/eldiron/websites/immae/sarl/certificates/2021-certificate.crt
@@ -0,0 +1,23 @@
	1	-----BEGIN CERTIFICATE-----
	2	MIIDyzCCArOgAwIBAgIUXNW7Lmte+fa5YxI7Gdznl7ZaLPIwDQYJKoZIhvcNAQEL
	3	BQAwdTELMAkGA1UEBhMCRlIxGDAWBgNVBAgMD0FscGVzLU1hcml0aW1lczEPMA0G
	4	A1UEBwwGR3Jhc3NlMRUwEwYDVQQKDAxJbW1hZUV1IEVVUkwxJDAiBgkqhkiG9w0B
	5	CQEWFWNvbnRhY3RAbWFpbC5pbW1hZS5ldTAeFw0yMTAxMTkwMDI5MDlaFw0yMjAx
	6	MTkwMDI5MDlaMHUxCzAJBgNVBAYTAkZSMRgwFgYDVQQIDA9BbHBlcy1NYXJpdGlt
	7	ZXMxDzANBgNVBAcMBkdyYXNzZTEVMBMGA1UECgwMSW1tYWVFdSBFVVJMMSQwIgYJ
	8	KoZIhvcNAQkBFhVjb250YWN0QG1haWwuaW1tYWUuZXUwggEiMA0GCSqGSIb3DQEB
	9	AQUAA4IBDwAwggEKAoIBAQDeyWKvTu2kuJ2HSgRzZZL6yFNHUXGgcl/q8vlRKFI4
	10	P0yHwcEwDCaCXquqS09WN99H55aNTjHfnu70dZXogyWHGk4vlaUkGiUoCAYK5tFU
	11	34fzpZuInhBL8nRY0pRV4H2t02jQMyiYowZXTqR86BRocbXZ4TY5EwD/hlrH6iDc
	12	pIlC7cVnWV4J5qXX9fXALbpXseD9PF0/y2tP5dM658jBL9KdW1PqlPGudvB44Z+a
	13	pE8XCXF9PGrVBNN7aPmizOb42scx/2XghX1DYCikiUf8m+FGjidxGlXmj4B6Dukp
	14	b7RxdkY7p97svH91uMQuUvDW5d93ZiatHNeYuAl8yI39AgMBAAGjUzBRMB0GA1Ud
	15	DgQWBBSgsFwzEybKyLF/Bkuz7FA5SwfwPTAfBgNVHSMEGDAWgBSgsFwzEybKyLF/
	16	Bkuz7FA5SwfwPTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQDX
	17	Wij/gDT+7N/pSSVWImiYoe+/KsAJd0TLs39GJkvW0114RXKINYNU8exNY7rKMVCl
	18	TKePEevSo5CCartNfLXGIr3uqPlR+V3XF6KmyMSiB6k+GukoUtUg2Bp7ESGlpZXi
	19	wkHYclk0NIzxWyUrzNdflxu3gPU278qFMbUIlbdWNsHtrLbpHypelPQ+IaEbNoWV
	20	Q+M8Vg6ifsDmhp7TqFXpIoGa6CIxXuknDOidBpeE9kPjVu0kKrjXQULirNl3eEe6
	21	H1XUQ7lSdt/l3N1cHTj70x2xIi6fdwPQRqhXILrIuST+C0wpPiqPCv1rfcwh0PvU
	22	mZVZ/+83y3Zuo9lVqkbB
	23	-----END CERTIFICATE-----