diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-01-12 12:41:23 +0100 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-01-12 21:59:41 +0100 |
commit | 108891744eaa7410e305871212d5b81c1b67a095 (patch) | |
tree | 90e3f1a87573532ed1c14e233ad7348904ce47f8 /virtual/eldiron.nix | |
parent | 950ca5ee979ae2467f3471216140de2c1d572f4b (diff) | |
download | Nix-108891744eaa7410e305871212d5b81c1b67a095.tar.gz Nix-108891744eaa7410e305871212d5b81c1b67a095.tar.zst Nix-108891744eaa7410e305871212d5b81c1b67a095.zip |
Refactor websites.
This commit refactors websites into module per "vhost".
Diffstat (limited to 'virtual/eldiron.nix')
-rw-r--r-- | virtual/eldiron.nix | 88 |
1 files changed, 5 insertions, 83 deletions
diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix index cefef70..0970521 100644 --- a/virtual/eldiron.nix +++ b/virtual/eldiron.nix | |||
@@ -9,11 +9,6 @@ | |||
9 | # rsync -e "ssh -i /root/.ssh/id_charon_vpn" -aAXvz --delete --numeric-ids --super --rsync-path="sudo rsync" /var/lib/* immae@immae.eu: | 9 | # rsync -e "ssh -i /root/.ssh/id_charon_vpn" -aAXvz --delete --numeric-ids --super --rsync-path="sudo rsync" /var/lib/* immae@immae.eu: |
10 | eldiron = { config, pkgs, mylibs, myconfig, ... }: | 10 | eldiron = { config, pkgs, mylibs, myconfig, ... }: |
11 | with mylibs; | 11 | with mylibs; |
12 | let | ||
13 | mypkgs = pkgs.callPackage ./packages.nix { | ||
14 | inherit checkEnv fetchedGit fetchedGithub; | ||
15 | }; | ||
16 | in | ||
17 | { | 12 | { |
18 | _module.args = { | 13 | _module.args = { |
19 | mylibs = import ../libs.nix; | 14 | mylibs = import ../libs.nix; |
@@ -28,22 +23,20 @@ | |||
28 | 23 | ||
29 | imports = [ | 24 | imports = [ |
30 | ./modules/certificates.nix | 25 | ./modules/certificates.nix |
31 | ./modules/gitolite.nix | 26 | ./modules/gitolite |
32 | ./modules/gitweb | 27 | ./modules/databases |
33 | ./modules/databases.nix | ||
34 | ./modules/websites | 28 | ./modules/websites |
35 | ./modules/websites/phpfpm | ||
36 | ]; | 29 | ]; |
37 | services.myGitolite.enable = true; | 30 | services.myGitolite.enable = true; |
38 | services.myGitweb.enable = true; | ||
39 | services.myDatabases.enable = true; | 31 | services.myDatabases.enable = true; |
40 | services.myWebsites.production.enable = true; | 32 | services.myWebsites.production.enable = true; |
41 | services.myWebsites.integration.enable = true; | 33 | services.myWebsites.integration.enable = true; |
34 | services.myWebsites.tools.enable = true; | ||
42 | 35 | ||
43 | networking = { | 36 | networking = { |
44 | firewall = { | 37 | firewall = { |
45 | enable = true; | 38 | enable = true; |
46 | allowedTCPPorts = [ 22 9418 ]; | 39 | allowedTCPPorts = [ 22 ]; |
47 | }; | 40 | }; |
48 | }; | 41 | }; |
49 | 42 | ||
@@ -67,74 +60,17 @@ | |||
67 | }; | 60 | }; |
68 | }; | 61 | }; |
69 | 62 | ||
70 | environment.systemPackages = let | 63 | environment.systemPackages = [ |
71 | # FIXME: move it to nextcloud | ||
72 | occ = pkgs.writeScriptBin "nextcloud-occ" '' | ||
73 | #! ${pkgs.stdenv.shell} | ||
74 | cd ${mypkgs.nextcloud.webRoot} | ||
75 | NEXTCLOUD_CONFIG_DIR="${mypkgs.nextcloud.webRoot}/config" \ | ||
76 | exec \ | ||
77 | ${pkgs.php}/bin/php \ | ||
78 | -c ${pkgs.php}/etc/php.ini \ | ||
79 | occ $* | ||
80 | ''; | ||
81 | in [ | ||
82 | pkgs.telnet | 64 | pkgs.telnet |
83 | pkgs.htop | 65 | pkgs.htop |
84 | pkgs.vim | 66 | pkgs.vim |
85 | occ | ||
86 | ]; | 67 | ]; |
87 | 68 | ||
88 | security.acme.certs."eldiron".extraDomains = { | ||
89 | "db-1.immae.eu" = null; | ||
90 | "tools.immae.eu" = null; | ||
91 | "cloud.immae.eu" = null; | ||
92 | "dav.immae.eu" = null; | ||
93 | }; | ||
94 | |||
95 | services.openssh.extraConfig = '' | 69 | services.openssh.extraConfig = '' |
96 | AuthorizedKeysCommand /etc/ssh/ldap_authorized_keys | 70 | AuthorizedKeysCommand /etc/ssh/ldap_authorized_keys |
97 | AuthorizedKeysCommandUser nobody | 71 | AuthorizedKeysCommandUser nobody |
98 | ''; | 72 | ''; |
99 | 73 | ||
100 | services.ympd = mypkgs.ympd.config // { enable = false; }; | ||
101 | |||
102 | services.myPhpfpm = { | ||
103 | phpPackage = pkgs.php; | ||
104 | phpOptions = '' | ||
105 | session.save_path = "/var/lib/php/sessions" | ||
106 | session.gc_maxlifetime = 60*60*24*15 | ||
107 | session.cache_expire = 60*24*30 | ||
108 | ''; | ||
109 | extraConfig = '' | ||
110 | log_level = notice | ||
111 | ''; | ||
112 | poolPhpConfigs = { | ||
113 | nextcloud = mypkgs.nextcloud.phpFpm.phpConfig; | ||
114 | }; | ||
115 | poolConfigs = { | ||
116 | adminer = mypkgs.adminer.phpFpm.pool; | ||
117 | nextcloud = mypkgs.nextcloud.phpFpm.pool; | ||
118 | mantisbt = mypkgs.mantisbt.phpFpm.pool; | ||
119 | ttrss = mypkgs.ttrss.phpFpm.pool; | ||
120 | roundcubemail = mypkgs.roundcubemail.phpFpm.pool; | ||
121 | davical = mypkgs.davical.phpFpm.pool; | ||
122 | }; | ||
123 | }; | ||
124 | |||
125 | system.activationScripts = { | ||
126 | nextcloud = mypkgs.nextcloud.activationScript; | ||
127 | ttrss = mypkgs.ttrss.activationScript; | ||
128 | roundcubemail = mypkgs.roundcubemail.activationScript; | ||
129 | httpd = '' | ||
130 | install -d -m 0755 /var/lib/acme/acme-challenge | ||
131 | install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions | ||
132 | install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/adminer | ||
133 | install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/mantisbt | ||
134 | install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/davical | ||
135 | ''; | ||
136 | }; | ||
137 | |||
138 | environment.etc."ssh/ldap_authorized_keys" = let | 74 | environment.etc."ssh/ldap_authorized_keys" = let |
139 | ldap_authorized_keys = | 75 | ldap_authorized_keys = |
140 | assert checkEnv "NIXOPS_SSHD_LDAP_PASSWORD"; | 76 | assert checkEnv "NIXOPS_SSHD_LDAP_PASSWORD"; |
@@ -155,19 +91,5 @@ | |||
155 | source = ldap_authorized_keys; | 91 | source = ldap_authorized_keys; |
156 | }; | 92 | }; |
157 | 93 | ||
158 | systemd.services.tt-rss = { | ||
159 | description = "Tiny Tiny RSS feeds update daemon"; | ||
160 | serviceConfig = { | ||
161 | User = "wwwrun"; | ||
162 | ExecStart = "${pkgs.php}/bin/php ${mypkgs.ttrss.webRoot}/update.php --daemon"; | ||
163 | StandardOutput = "syslog"; | ||
164 | StandardError = "syslog"; | ||
165 | PermissionsStartOnly = true; | ||
166 | }; | ||
167 | |||
168 | wantedBy = [ "multi-user.target" ]; | ||
169 | requires = ["postgresql.service"]; | ||
170 | after = ["network.target" "postgresql.service"]; | ||
171 | }; | ||
172 | }; | 94 | }; |
173 | } | 95 | } |