diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-01-10 01:59:32 +0100 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-01-10 02:09:39 +0100 |
commit | 42429ef0756d9ee41cf0ff0b38210edb3b1637e5 (patch) | |
tree | 8b3cce158c98fa0aba89b42ff3ec4bb8984389e8 /virtual/eldiron.nix | |
parent | 86f6924f021869c1fd8e4e2a7930d50f04f921df (diff) | |
download | Nix-42429ef0756d9ee41cf0ff0b38210edb3b1637e5.tar.gz Nix-42429ef0756d9ee41cf0ff0b38210edb3b1637e5.tar.zst Nix-42429ef0756d9ee41cf0ff0b38210edb3b1637e5.zip |
Continue moving websites: apache configuration and modules
Diffstat (limited to 'virtual/eldiron.nix')
-rw-r--r-- | virtual/eldiron.nix | 94 |
1 files changed, 6 insertions, 88 deletions
diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix index 7189c39..efaa068 100644 --- a/virtual/eldiron.nix +++ b/virtual/eldiron.nix | |||
@@ -21,25 +21,13 @@ | |||
21 | ./modules/gitolite.nix | 21 | ./modules/gitolite.nix |
22 | ./modules/gitweb.nix | 22 | ./modules/gitweb.nix |
23 | ./modules/databases.nix | 23 | ./modules/databases.nix |
24 | ./modules/websites/chloe.nix | 24 | ./modules/websites.nix |
25 | ./modules/websites/ludivine.nix | ||
26 | ./modules/websites/aten.nix | ||
27 | ./modules/websites/piedsjaloux.nix | ||
28 | ./modules/websites/connexionswing.nix | ||
29 | ]; | 25 | ]; |
30 | services.myGitolite.enable = true; | 26 | services.myGitolite.enable = true; |
31 | services.myGitweb.enable = true; | 27 | services.myGitweb.enable = true; |
32 | services.myDatabases.enable = true; | 28 | services.myDatabases.enable = true; |
33 | services.myWebsites.Chloe.production.enable = true; | 29 | services.myWebsites.production.enable = true; |
34 | services.myWebsites.Chloe.integration.enable = true; | 30 | services.myWebsites.integration.enable = true; |
35 | services.myWebsites.Ludivine.production.enable = true; | ||
36 | services.myWebsites.Ludivine.integration.enable = true; | ||
37 | services.myWebsites.Aten.production.enable = true; | ||
38 | services.myWebsites.Aten.integration.enable = true; | ||
39 | services.myWebsites.PiedsJaloux.production.enable = true; | ||
40 | services.myWebsites.PiedsJaloux.integration.enable = true; | ||
41 | services.myWebsites.Connexionswing.production.enable = true; | ||
42 | services.myWebsites.Connexionswing.integration.enable = true; | ||
43 | 31 | ||
44 | nixpkgs.config.packageOverrides = oldpkgs: rec { | 32 | nixpkgs.config.packageOverrides = oldpkgs: rec { |
45 | goaccess = oldpkgs.goaccess.overrideAttrs(old: rec { | 33 | goaccess = oldpkgs.goaccess.overrideAttrs(old: rec { |
@@ -153,10 +141,6 @@ | |||
153 | install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/ttrss | 141 | install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/ttrss |
154 | install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/davical | 142 | install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/davical |
155 | ''; | 143 | ''; |
156 | redis = '' | ||
157 | mkdir -p /run/redis | ||
158 | chown redis /run/redis | ||
159 | ''; | ||
160 | # FIXME: initial sync | 144 | # FIXME: initial sync |
161 | goaccess = '' | 145 | goaccess = '' |
162 | mkdir -p /var/lib/goaccess | 146 | mkdir -p /var/lib/goaccess |
@@ -205,62 +189,7 @@ | |||
205 | logFormat = "combinedVhost"; | 189 | logFormat = "combinedVhost"; |
206 | listen = [ { ip = "*"; port = 443; } ]; | 190 | listen = [ { ip = "*"; port = 443; } ]; |
207 | }; | 191 | }; |
208 | apacheConfig = { | 192 | apacheConfig = config.services.myWebsites.apacheConfig; |
209 | gzip = { | ||
210 | modules = [ "deflate" "filter" ]; | ||
211 | extraConfig = '' | ||
212 | AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript | ||
213 | ''; | ||
214 | }; | ||
215 | ldap = { | ||
216 | modules = [ "ldap" "authnz_ldap" ]; | ||
217 | extraConfig = assert checkEnv "NIXOPS_HTTP_LDAP_PASSWORD"; '' | ||
218 | <IfModule ldap_module> | ||
219 | LDAPSharedCacheSize 500000 | ||
220 | LDAPCacheEntries 1024 | ||
221 | LDAPCacheTTL 600 | ||
222 | LDAPOpCacheEntries 1024 | ||
223 | LDAPOpCacheTTL 600 | ||
224 | </IfModule> | ||
225 | |||
226 | <Macro LDAPConnect> | ||
227 | <IfModule authnz_ldap_module> | ||
228 | AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu | ||
229 | AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu | ||
230 | AuthLDAPBindPassword "${builtins.getEnv "NIXOPS_HTTP_LDAP_PASSWORD"}" | ||
231 | AuthType Basic | ||
232 | AuthName "Authentification requise (Acces LDAP)" | ||
233 | AuthBasicProvider ldap | ||
234 | </IfModule> | ||
235 | </Macro> | ||
236 | |||
237 | <Macro Stats %{domain}> | ||
238 | Alias /awstats /var/lib/goaccess/%{domain} | ||
239 | <Directory /var/lib/goaccess/%{domain}> | ||
240 | DirectoryIndex index.html | ||
241 | AllowOverride None | ||
242 | Require all granted | ||
243 | </Directory> | ||
244 | <Location /awstats> | ||
245 | Use LDAPConnect | ||
246 | Require ldap-group cn=%{domain},ou=stats,cn=httpd,ou=services,dc=immae,dc=eu | ||
247 | </Location> | ||
248 | </Macro> | ||
249 | ''; | ||
250 | }; | ||
251 | http2 = { | ||
252 | modules = [ "http2" ]; | ||
253 | extraConfig = '' | ||
254 | Protocols h2 http/1.1 | ||
255 | ''; | ||
256 | }; | ||
257 | customLog = { | ||
258 | modules = []; | ||
259 | extraConfig = '' | ||
260 | LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedVhost | ||
261 | ''; | ||
262 | }; | ||
263 | }; | ||
264 | in rec { | 193 | in rec { |
265 | enable = true; | 194 | enable = true; |
266 | logPerVirtualHost = true; | 195 | logPerVirtualHost = true; |
@@ -270,25 +199,14 @@ | |||
270 | extraModules = pkgs.lib.lists.unique ( | 199 | extraModules = pkgs.lib.lists.unique ( |
271 | mypkgs.adminer.apache.modules ++ | 200 | mypkgs.adminer.apache.modules ++ |
272 | mypkgs.nextcloud.apache.modules ++ | 201 | mypkgs.nextcloud.apache.modules ++ |
273 | mypkgs.connexionswing_dev.apache.modules ++ | ||
274 | mypkgs.connexionswing_prod.apache.modules ++ | ||
275 | mypkgs.ludivinecassal_dev.apache.modules ++ | ||
276 | mypkgs.ludivinecassal_prod.apache.modules ++ | ||
277 | mypkgs.piedsjaloux_dev.apache.modules ++ | ||
278 | mypkgs.piedsjaloux_prod.apache.modules ++ | ||
279 | mypkgs.chloe_dev.apache.modules ++ | ||
280 | mypkgs.chloe_prod.apache.modules ++ | ||
281 | mypkgs.aten_dev.apache.modules ++ | ||
282 | mypkgs.aten_prod.apache.modules ++ | ||
283 | mypkgs.ympd.apache.modules ++ | 202 | mypkgs.ympd.apache.modules ++ |
284 | mypkgs.git.web.apache.modules ++ | 203 | mypkgs.git.web.apache.modules ++ |
285 | mypkgs.mantisbt.apache.modules ++ | 204 | mypkgs.mantisbt.apache.modules ++ |
286 | mypkgs.ttrss.apache.modules ++ | 205 | mypkgs.ttrss.apache.modules ++ |
287 | mypkgs.roundcubemail.apache.modules ++ | 206 | mypkgs.roundcubemail.apache.modules ++ |
288 | pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules) apacheConfig) ++ | 207 | pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) apacheConfig)); |
289 | [ "macro" ]); | ||
290 | extraConfig = builtins.concatStringsSep "\n" | 208 | extraConfig = builtins.concatStringsSep "\n" |
291 | (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig) apacheConfig); | 209 | (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) apacheConfig)); |
292 | virtualHosts = [ | 210 | virtualHosts = [ |
293 | (withConf "eldiron" // { | 211 | (withConf "eldiron" // { |
294 | hostName = "eldiron.immae.eu"; | 212 | hostName = "eldiron.immae.eu"; |