Refactor websites.

This commit refactors websites into module per "vhost".
author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-01-12 12:41:23 +0100
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-01-12 21:59:41 +0100
commit: 108891744eaa7410e305871212d5b81c1b67a095 (patch)
tree: 90e3f1a87573532ed1c14e233ad7348904ce47f8 /virtual/modules/websites/tools/tools
parent: 950ca5ee979ae2467f3471216140de2c1d572f4b (diff)
download: Nix-108891744eaa7410e305871212d5b81c1b67a095.tar.gz
Nix-108891744eaa7410e305871212d5b81c1b67a095.tar.zst
Nix-108891744eaa7410e305871212d5b81c1b67a095.zip
12 files changed, 511 insertions, 0 deletions
diff --git a/virtual/modules/websites/tools/tools/default.nix b/virtual/modules/websites/tools/tools/default.nix
new file mode 100644
index 0000000..f29ac11
--- /dev/null
+++ b/virtual/modules/websites/tools/tools/default.nix
@@ -0,0 +1,65 @@
+{ lib, pkgs, config, mylibs, ... }:
+let
+    adminer = pkgs.callPackage ../../commons/adminer.nix {};
+    ympd = pkgs.callPackage ./ympd.nix {};
+    ttrss = pkgs.callPackage ./ttrss.nix { inherit (mylibs) checkEnv fetchedGithub fetchedGit; };
+    roundcubemail = pkgs.callPackage ./roundcubemail.nix { inherit (mylibs) checkEnv; };
+    cfg = config.services.myWebsites.tools.tools;
+in {
+  options.services.myWebsites.tools.tools = {
+    enable = lib.mkEnableOption "enable tools website";
+  };
+  config = lib.mkIf cfg.enable {
+    security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
+    services.myWebsites.tools.modules =
+      adminer.apache.modules
+      ++ ympd.apache.modules
+      ++ ttrss.apache.modules
+      ++ roundcubemail.apache.modules;
+    services.ympd = ympd.config // { enable = false; };
+    services.myWebsites.tools.vhostConfs.tools = {
+      certName    = "eldiron";
+      hosts       = ["tools.immae.eu" ];
+      root        = null;
+      extraConfig = [
+        adminer.apache.vhostConf
+        ympd.apache.vhostConf
+        ttrss.apache.vhostConf
+        roundcubemail.apache.vhostConf
+      ];
+    };
+    services.myPhpfpm.poolConfigs = {
+      adminer = adminer.phpFpm.pool;
+      ttrss = ttrss.phpFpm.pool;
+      roundcubemail = roundcubemail.phpFpm.pool;
+    };
+    system.activationScripts = {
+      ttrss = ttrss.activationScript;
+      roundcubemail = roundcubemail.activationScript;
+    };
+    systemd.services.tt-rss = {
+      description = "Tiny Tiny RSS feeds update daemon";
+      serviceConfig = {
+        User = "wwwrun";
+        ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
+        StandardOutput = "syslog";
+        StandardError = "syslog";
+        PermissionsStartOnly = true;
+      };
+      wantedBy = [ "multi-user.target" ];
+      requires = ["postgresql.service"];
+      after = ["network.target" "postgresql.service"];
+    };
+  };
+}
diff --git a/virtual/modules/websites/tools/tools/roundcubemail.nix b/virtual/modules/websites/tools/tools/roundcubemail.nix
new file mode 100644
index 0000000..1aa2d87
--- /dev/null
+++ b/virtual/modules/websites/tools/tools/roundcubemail.nix
@@ -0,0 +1,110 @@
+{ lib, checkEnv, writeText, stdenv, fetchurl }:
+let
+  roundcubemail = let
+    plugins = {};
+  in rec {
+    varDir = "/var/lib/roundcubemail";
+    # FIXME: initial sync
+    activationScript = {
+      deps = [ "wrappers" ];
+      text = ''
+        install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
+          ${varDir}/cache
+        install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
+      '';
+    };
+    config =
+      # FIXME: LOG_DESTINATION syslog?
+      assert checkEnv "NIXOPS_ROUNDCUBEMAIL_PSQL_URL";
+      assert checkEnv "NIXOPS_ROUNDCUBEMAIL_SECRET";
+      writeText "config.php" ''
+      <?php
+        $config['db_dsnw'] = '${builtins.getEnv "NIXOPS_ROUNDCUBEMAIL_PSQL_URL"}';
+        $config['default_host'] = 'ssl://mail.immae.eu';
+        $config['imap_conn_options'] = array("ssl" => array("verify_peer" => false));
+        $config['smtp_server'] = 'tls://mail.immae.eu';
+        $config['imap_cache'] = 'db';
+        $config['messages_cache'] = 'db';
+        $config['support_url'] = ''';
+        $config['des_key'] = '${builtins.getEnv "NIXOPS_ROUNDCUBEMAIL_SECRET"}';
+        $config['plugins'] = array();
+        $config['language'] = 'fr_FR';
+        $config['drafts_mbox'] = 'Mail/Drafts';
+        $config['junk_mbox'] = 'Mail/Spam';
+        $config['sent_mbox'] = 'Mail/sent';
+        $config['trash_mbox'] = ''';
+        $config['default_folders'] = array('INBOX', 'Mail/Drafts', 'Mail/sent', 'Mail/Spam', ''');
+        $config['draft_autosave'] = 60;
+        $config['enable_installer'] = false;
+        $config['log_driver'] = 'stdout';
+        $config['temp_dir'] = '${varDir}/cache';
+        $config['debug_level'] = 1;
+      '';
+    webRoot = stdenv.mkDerivation rec {
+      version = "1.3.8";
+      name = "roundcubemail-${version}";
+      src= fetchurl {
+        url = "https://github.com/roundcube/roundcubemail/releases/download/${version}/${name}-complete.tar.gz";
+        sha256 = "018djad7ygfl9c9f2l2j42qkg31ml3hs2f01f0dk361zckwk77n4";
+      };
+      buildPhase = ''
+        sed -i \
+          -e "s|RCUBE_INSTALL_PATH . 'temp.*|'${varDir}/cache';|" \
+          config/defaults.inc.php
+      '';
+      installPhase = ''
+        cp -a . $out
+        ln -s ${config} $out/config/config.inc.php
+        ${builtins.concatStringsSep "\n" (
+          lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/plugins/${name}") plugins
+        )}
+      '';
+    };
+    apache = {
+      user = "wwwrun";
+      group = "wwwrun";
+      modules = [ "proxy_fcgi" ];
+      vhostConf = ''
+      Alias /roundcube "${webRoot}"
+      <Directory "${webRoot}">
+          DirectoryIndex index.php
+          AllowOverride All
+          Options FollowSymlinks
+          Require all granted
+          <FilesMatch "\.php$">
+            SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+          </FilesMatch>
+        </Directory>
+        '';
+    };
+    phpFpm = rec {
+      basedir = builtins.concatStringsSep ":" (
+        [ webRoot config varDir ]
+        ++ lib.attrsets.mapAttrsToList (name: value: value) plugins);
+      socket = "/var/run/phpfpm/roundcubemail.sock";
+      pool = ''
+        listen = ${socket}
+        user = ${apache.user}
+        group = ${apache.group}
+        listen.owner = ${apache.user}
+        listen.group = ${apache.group}
+        pm = ondemand
+        pm.max_children = 60
+        pm.process_idle_timeout = 60
+        ; Needed to avoid clashes in browser cookies (same domain)
+        php_value[session.name] = RoundcubemailPHPSESSID
+        php_admin_value[open_basedir] = "${basedir}:/tmp"
+        php_admin_value[session.save_path] = "${varDir}/phpSessions"
+        '';
+    };
+  };
+in 
+  roundcubemail
diff --git a/virtual/modules/websites/tools/tools/tt-rss.json b/virtual/modules/websites/tools/tools/tt-rss.json
new file mode 100644
index 0000000..e2731b0
--- /dev/null
+++ b/virtual/modules/websites/tools/tools/tt-rss.json
@@ -0,0 +1,14 @@
+{
+  "tag": "986ca25-master",
+  "meta": {
+    "name": "tt-rss",
+    "url": "https://git.tt-rss.org/fox/tt-rss.git",
+    "branch": "master"
+  },
+  "git": {
+    "url": "https://git.tt-rss.org/fox/tt-rss.git",
+    "rev": "986ca251f995f7754a0470d3e0c44538a545081f",
+    "sha256": "0xkafkh7l9zazm5d6snlq03kdfxfhkb4c8fdsb32wn8b9bhdzf5s",
+    "fetchSubmodules": true
+  }
+}
diff --git a/virtual/modules/websites/tools/tools/ttrss-af-feedmod_type_replace.patch b/virtual/modules/websites/tools/tools/ttrss-af-feedmod_type_replace.patch
new file mode 100644
index 0000000..d622577
--- /dev/null
+++ b/virtual/modules/websites/tools/tools/ttrss-af-feedmod_type_replace.patch
@@ -0,0 +1,12 @@
+--- a/init.php  2014-06-16 14:21:06.995480038 +0200
+++ b/init.php  2014-06-16 14:22:00.151027654 +0200
+@@ -147,6 +147,9 @@
+                         }
+                     }
+                     break;
+                case 'replace':
+                    $article['content'] = preg_replace("/".$config['pattern']."/",$config['replacement'],$article['content']);
+                    break;
+ 
+                 default:
+                     // unknown type or invalid config
diff --git a/virtual/modules/websites/tools/tools/ttrss-af_feedmod.json b/virtual/modules/websites/tools/tools/ttrss-af_feedmod.json
new file mode 100644
index 0000000..e57fcce
--- /dev/null
+++ b/virtual/modules/websites/tools/tools/ttrss-af_feedmod.json
@@ -0,0 +1,15 @@
+{
+  "tag": "0ea2092-master",
+  "meta": {
+    "name": "ttrss-af_feedmod",
+    "url": "https://github.com/mbirth/ttrss_plugin-af_feedmod",
+    "branch": "master"
+  },
+  "github": {
+    "owner": "mbirth",
+    "repo": "ttrss_plugin-af_feedmod",
+    "rev": "0ea2092dd34067ecd898802cfca3570023d1ecfe",
+    "sha256": "02ibf47zcrsc2rr45wsix8gxyyf371davj8n8i0gj1zdq95klvnv",
+    "fetchSubmodules": true
+  }
+}
diff --git a/virtual/modules/websites/tools/tools/ttrss-auth-ldap.json b/virtual/modules/websites/tools/tools/ttrss-auth-ldap.json
new file mode 100644
index 0000000..c8aaab5
--- /dev/null
+++ b/virtual/modules/websites/tools/tools/ttrss-auth-ldap.json
@@ -0,0 +1,15 @@
+{
+  "tag": "4d751b0-master",
+  "meta": {
+    "name": "ttrss-auth-ldap",
+    "url": "https://github.com/hydrian/TTRSS-Auth-LDAP",
+    "branch": "master"
+  },
+  "github": {
+    "owner": "hydrian",
+    "repo": "TTRSS-Auth-LDAP",
+    "rev": "4d751b095c29a8dbe2dc7bb07777742956136e94",
+    "sha256": "0b9fl86acrzpcv41r7pj3bl8b3n72hpkdywzx9zjyfqv5pskxyim",
+    "fetchSubmodules": true
+  }
+}
diff --git a/virtual/modules/websites/tools/tools/ttrss-feediron.json b/virtual/modules/websites/tools/tools/ttrss-feediron.json
new file mode 100644
index 0000000..5dbec92
--- /dev/null
+++ b/virtual/modules/websites/tools/tools/ttrss-feediron.json
@@ -0,0 +1,15 @@
+{
+  "tag": "407168c-master",
+  "meta": {
+    "name": "ttrss-feediron",
+    "url": "https://github.com/m42e/ttrss_plugin-feediron",
+    "branch": "master"
+  },
+  "github": {
+    "owner": "m42e",
+    "repo": "ttrss_plugin-feediron",
+    "rev": "407168c628880b5ced572cc549db6d50e866d3c8",
+    "sha256": "17b95ifpcph6m03hjd1mhi8gi1hw9yd3fnffmw66fqr5c9l3zd9r",
+    "fetchSubmodules": true
+  }
+}
diff --git a/virtual/modules/websites/tools/tools/ttrss-feediron_json_reformat.patch b/virtual/modules/websites/tools/tools/ttrss-feediron_json_reformat.patch
new file mode 100644
index 0000000..e1c44d9
--- /dev/null
+++ b/virtual/modules/websites/tools/tools/ttrss-feediron_json_reformat.patch
@@ -0,0 +1,18 @@
+diff --git a/init.php b/init.php
+index 3c0f2f9..1aad146 100644
+--- a/init.php
+++ b/init.php
+@@ -600,10 +600,11 @@ class Feediron extends Plugin implements IHandler
+                        return false;
+                }
+ 
+-               $this->host->set($this, 'json_conf', Feediron_Json::format($json_conf));
+                $new_conf = json_encode(json_decode($json_conf), JSON_PRETTY_PRINT);
+                $this->host->set($this, 'json_conf', $new_conf);
+                $json_reply['success'] = true;
+                $json_reply['message'] = __('Configuration saved.');
+-               $json_reply['json_conf'] = Feediron_Json::format($json_conf);
+                $json_reply['json_conf'] = $new_conf;
+                echo json_encode($json_reply);
+        }
+ 
diff --git a/virtual/modules/websites/tools/tools/ttrss-ff_instagram.json b/virtual/modules/websites/tools/tools/ttrss-ff_instagram.json
new file mode 100644
index 0000000..1f241b9
--- /dev/null
+++ b/virtual/modules/websites/tools/tools/ttrss-ff_instagram.json
@@ -0,0 +1,15 @@
+{
+  "tag": "0366ffb-master",
+  "meta": {
+    "name": "ttrss-ff_instagram",
+    "url": "https://github.com/wltb/ff_instagram",
+    "branch": "master"
+  },
+  "github": {
+    "owner": "wltb",
+    "repo": "ff_instagram",
+    "rev": "0366ffb18c4d490c8fbfba2f5f3367a5af23cfe8",
+    "sha256": "0vvzl6wi6jmrqknsfddvckjgsgfizz1d923d1nyrpzjfn6bda1vk",
+    "fetchSubmodules": true
+  }
+}
diff --git a/virtual/modules/websites/tools/tools/ttrss-tumblr_gdpr_ua.json b/virtual/modules/websites/tools/tools/ttrss-tumblr_gdpr_ua.json
new file mode 100644
index 0000000..eafbcfe
--- /dev/null
+++ b/virtual/modules/websites/tools/tools/ttrss-tumblr_gdpr_ua.json
@@ -0,0 +1,15 @@
+{
+  "tag": "287c584-master",
+  "meta": {
+    "name": "ttrss-tumblr_gdpr_ua",
+    "url": "https://github.com/hkockerbeck/ttrss-tumblr-gdpr-ua",
+    "branch": "master"
+  },
+  "github": {
+    "owner": "hkockerbeck",
+    "repo": "ttrss-tumblr-gdpr-ua",
+    "rev": "287c584e68845d524f920156bff0b2eaa6f65117",
+    "sha256": "1fviawgcclqky4k4xv1sqzvpb8i74w9f0pclm09m78s8l85wh9py",
+    "fetchSubmodules": true
+  }
+}
diff --git a/virtual/modules/websites/tools/tools/ttrss.nix b/virtual/modules/websites/tools/tools/ttrss.nix
new file mode 100644
index 0000000..f7b0f61
--- /dev/null
+++ b/virtual/modules/websites/tools/tools/ttrss.nix
@@ -0,0 +1,182 @@
+{ lib, php, checkEnv, writeText, stdenv, fetchedGit, fetchedGithub }:
+let
+  ttrss = let
+    plugins = {
+      auth_ldap = stdenv.mkDerivation (fetchedGithub ./ttrss-auth-ldap.json // rec {
+        installPhase = ''
+          mkdir $out
+          cp plugins/auth_ldap/init.php $out
+        '';
+      });
+      af_feedmod = stdenv.mkDerivation (fetchedGithub ./ttrss-af_feedmod.json // rec {
+        patches = [ ./ttrss-af-feedmod_type_replace.patch ];
+        installPhase = ''
+          mkdir $out
+          cp init.php $out
+        '';
+      });
+      feediron = stdenv.mkDerivation (fetchedGithub ./ttrss-feediron.json // rec {
+        patches = [ ./ttrss-feediron_json_reformat.patch ];
+        installPhase = ''
+          mkdir $out
+          cp -a . $out
+        '';
+      });
+      ff_instagram = stdenv.mkDerivation (fetchedGithub ./ttrss-ff_instagram.json // rec {
+        installPhase = ''
+          mkdir $out
+          cp -a . $out
+        '';
+      });
+      tumblr_gdpr_ua = stdenv.mkDerivation (fetchedGithub ./ttrss-tumblr_gdpr_ua.json // rec {
+        installPhase = ''
+          mkdir $out
+          cp -a . $out
+        '';
+      });
+    };
+  in rec {
+    varDir = "/var/lib/ttrss";
+    # FIXME: initial sync
+    activationScript = {
+      deps = [ "wrappers" ];
+      text = ''
+        install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
+          ${varDir}/lock ${varDir}/cache ${varDir}/feed-icons
+        install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}/cache/export/ \
+          ${varDir}/cache/feeds/ \
+          ${varDir}/cache/images/ \
+          ${varDir}/cache/js/ \
+          ${varDir}/cache/simplepie/ \
+          ${varDir}/cache/upload/
+        touch ${varDir}/feed-icons/index.html
+        install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
+      '';
+    };
+    config =
+      # FIXME: LOG_DESTINATION syslog?
+      assert checkEnv "NIXOPS_TTRSS_DB_PASSWORD";
+      assert checkEnv "NIXOPS_TTRSS_LDAP_PASSWORD";
+      writeText "config.php" ''
+      <?php
+        define('PHP_EXECUTABLE', '${php}/bin/php');
+        define('LOCK_DIRECTORY', 'lock');
+        define('CACHE_DIR', 'cache');
+        define('ICONS_DIR', 'feed-icons');
+        define('ICONS_URL', 'feed-icons');
+        define('SELF_URL_PATH', 'https://tools.immae.eu/ttrss/');
+        define('MYSQL_CHARSET', 'UTF8');
+        define('DB_TYPE', 'pgsql');
+        define('DB_HOST', 'db-1.immae.eu');
+        define('DB_USER', 'ttrss');
+        define('DB_NAME', 'ttrss');
+        define('DB_PASS', '${builtins.getEnv "NIXOPS_TTRSS_DB_PASSWORD"}');
+        define('DB_PORT', '5432');
+        define('AUTH_AUTO_CREATE', true);
+        define('AUTH_AUTO_LOGIN', true);
+        define('SINGLE_USER_MODE', false);
+        define('SIMPLE_UPDATE_MODE', false);
+        define('CHECK_FOR_UPDATES', true);
+        define('FORCE_ARTICLE_PURGE', 0);
+        define('SESSION_COOKIE_LIFETIME', 60*60*24*120);
+        define('ENABLE_GZIP_OUTPUT', false);
+        define('PLUGINS', 'auth_ldap, note, instances');
+        define('LOG_DESTINATION', ''');
+        define('CONFIG_VERSION', 26);
+        define('SPHINX_SERVER', 'localhost:9312');
+        define('SPHINX_INDEX', 'ttrss, delta');
+        define('ENABLE_REGISTRATION', false);
+        define('REG_NOTIFY_ADDRESS', 'outils@immae.eu');
+        define('REG_MAX_USERS', 10);
+        define('SMTP_SERVER', 'mail.immae.eu:25');
+        define('SMTP_LOGIN', ''');
+        define('SMTP_PASSWORD', ''');
+        define('SMTP_SECURE', 'tls');
+        define('SMTP_FROM_NAME', 'Tiny Tiny RSS');
+        define('SMTP_FROM_ADDRESS', 'outils@immae.eu');
+        define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');
+        define('LDAP_AUTH_SERVER_URI', 'ldap://ldap.immae.eu:389/');
+        define('LDAP_AUTH_USETLS', TRUE);
+        define('LDAP_AUTH_ALLOW_UNTRUSTED_CERT', TRUE);
+        define('LDAP_AUTH_BASEDN', 'dc=immae,dc=eu');
+        define('LDAP_AUTH_ANONYMOUSBEFOREBIND', FALSE);
+        define('LDAP_AUTH_SEARCHFILTER', '(&(memberOf=cn=users,cn=ttrss,ou=services,dc=immae,dc=eu)(|(cn=???)(uid=???)(&(uid:dn:=???)(ou=ttrss))))');
+        define('LDAP_AUTH_BINDDN', 'cn=ttrss,ou=services,dc=immae,dc=eu');
+        define('LDAP_AUTH_BINDPW', '${builtins.getEnv "NIXOPS_TTRSS_LDAP_PASSWORD"}');
+        define('LDAP_AUTH_LOGIN_ATTRIB', 'immaeTtrssLogin');
+        define('LDAP_AUTH_LOG_ATTEMPTS', FALSE);
+        define('LDAP_AUTH_DEBUG', FALSE);
+      '';
+    webRoot = stdenv.mkDerivation (fetchedGit ./tt-rss.json // rec {
+      buildPhase = ''
+        rm -rf lock feed-icons cache
+        ln -sf ../../../../../${varDir}/{lock,feed-icons,cache} .
+      '';
+      installPhase = ''
+        cp -a . $out
+        ln -s ${config} $out/config.php
+        ${builtins.concatStringsSep "\n" (
+          lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/plugins/${name}") plugins
+        )}
+      '';
+    });
+    apache = {
+      user = "wwwrun";
+      group = "wwwrun";
+      modules = [ "proxy_fcgi" ];
+      vhostConf = ''
+        Alias /ttrss "${webRoot}"
+        <Directory "${webRoot}">
+          DirectoryIndex index.php
+          <FilesMatch "\.php$">
+            SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+          </FilesMatch>
+          AllowOverride All
+          Options FollowSymlinks
+          Require all granted
+        </Directory>
+        '';
+    };
+    phpFpm = rec {
+      basedir = builtins.concatStringsSep ":" (
+        [ webRoot config varDir ]
+        ++ lib.attrsets.mapAttrsToList (name: value: value) plugins);
+      socket = "/var/run/phpfpm/ttrss.sock";
+      pool = ''
+        listen = ${socket}
+        user = ${apache.user}
+        group = ${apache.group}
+        listen.owner = ${apache.user}
+        listen.group = ${apache.group}
+        pm = ondemand
+        pm.max_children = 60
+        pm.process_idle_timeout = 60
+        ; Needed to avoid clashes in browser cookies (same domain)
+        php_value[session.name] = TtrssPHPSESSID
+        php_admin_value[open_basedir] = "${basedir}:/tmp"
+        php_admin_value[session.save_path] = "${varDir}/phpSessions"
+        '';
+    };
+  };
+in 
+  ttrss
diff --git a/virtual/modules/websites/tools/tools/ympd.nix b/virtual/modules/websites/tools/tools/ympd.nix
new file mode 100644
index 0000000..74bf2e5
--- /dev/null
+++ b/virtual/modules/websites/tools/tools/ympd.nix
@@ -0,0 +1,35 @@
+{}:
+let
+  ympd = rec {
+    config = {
+      webPort = "localhost:18001";
+      mpd = {
+        host = "malige.home.immae.eu";
+        port = 6600;
+      };
+    };
+    apache = {
+      modules = [
+        "proxy_wstunnel"
+        ];
+      vhostConf = ''
+        <LocationMatch "^/mpd">
+          Use LDAPConnect
+          Require ldap-group   cn=users,cn=mpd,ou=services,dc=immae,dc=eu
+          Require local
+        </LocationMatch>
+        RedirectMatch permanent "^/mpd$" "/mpd/"
+        <Location "/mpd/">
+          ProxyPass http://${config.webPort}/
+          ProxyPassReverse http://${config.webPort}/
+          ProxyPreserveHost on
+        </Location>
+        <Location "/mpd/ws">
+          ProxyPass ws://${config.webPort}/ws
+        </Location>
+      '';
+    };
+  };
+in
+  ympd
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-01-12 12:41:23 +0100
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-01-12 21:59:41 +0100
commit	108891744eaa7410e305871212d5b81c1b67a095 (patch)
tree	90e3f1a87573532ed1c14e233ad7348904ce47f8 /virtual/modules/websites/tools/tools
parent	950ca5ee979ae2467f3471216140de2c1d572f4b (diff)
download	Nix-108891744eaa7410e305871212d5b81c1b67a095.tar.gz Nix-108891744eaa7410e305871212d5b81c1b67a095.tar.zst Nix-108891744eaa7410e305871212d5b81c1b67a095.zip

diff --git a/virtual/modules/websites/tools/tools/default.nix b/virtual/modules/websites/tools/tools/default.nix new file mode 100644 index 0000000..f29ac11 --- /dev/null +++ b/virtual/modules/websites/tools/tools/default.nix
@@ -0,0 +1,65 @@
	1	{ lib, pkgs, config, mylibs, ... }:
	2	let
	3	adminer = pkgs.callPackage ../../commons/adminer.nix {};
	4	ympd = pkgs.callPackage ./ympd.nix {};
	5	ttrss = pkgs.callPackage ./ttrss.nix { inherit (mylibs) checkEnv fetchedGithub fetchedGit; };
	6	roundcubemail = pkgs.callPackage ./roundcubemail.nix { inherit (mylibs) checkEnv; };
	7
	8	cfg = config.services.myWebsites.tools.tools;
	9	in {
	10	options.services.myWebsites.tools.tools = {
	11	enable = lib.mkEnableOption "enable tools website";
	12	};
	13
	14	config = lib.mkIf cfg.enable {
	15	security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
	16
	17	services.myWebsites.tools.modules =
	18	adminer.apache.modules
	19	++ ympd.apache.modules
	20	++ ttrss.apache.modules
	21	++ roundcubemail.apache.modules;
	22
	23	services.ympd = ympd.config // { enable = false; };
	24
	25	services.myWebsites.tools.vhostConfs.tools = {
	26	certName = "eldiron";
	27	hosts = ["tools.immae.eu" ];
	28	root = null;
	29	extraConfig = [
	30	adminer.apache.vhostConf
	31	ympd.apache.vhostConf
	32	ttrss.apache.vhostConf
	33	roundcubemail.apache.vhostConf
	34	];
	35	};
	36
	37	services.myPhpfpm.poolConfigs = {
	38	adminer = adminer.phpFpm.pool;
	39	ttrss = ttrss.phpFpm.pool;
	40	roundcubemail = roundcubemail.phpFpm.pool;
	41	};
	42
	43	system.activationScripts = {
	44	ttrss = ttrss.activationScript;
	45	roundcubemail = roundcubemail.activationScript;
	46	};
	47
	48	systemd.services.tt-rss = {
	49	description = "Tiny Tiny RSS feeds update daemon";
	50	serviceConfig = {
	51	User = "wwwrun";
	52	ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
	53	StandardOutput = "syslog";
	54	StandardError = "syslog";
	55	PermissionsStartOnly = true;
	56	};
	57
	58	wantedBy = [ "multi-user.target" ];
	59	requires = ["postgresql.service"];
	60	after = ["network.target" "postgresql.service"];
	61	};
	62
	63	};
	64	}
	65


diff --git a/virtual/modules/websites/tools/tools/roundcubemail.nix b/virtual/modules/websites/tools/tools/roundcubemail.nix new file mode 100644 index 0000000..1aa2d87 --- /dev/null +++ b/virtual/modules/websites/tools/tools/roundcubemail.nix
@@ -0,0 +1,110 @@
	1	{ lib, checkEnv, writeText, stdenv, fetchurl }:
	2	let
	3	roundcubemail = let
	4	plugins = {};
	5	in rec {
	6	varDir = "/var/lib/roundcubemail";
	7	# FIXME: initial sync
	8	activationScript = {
	9	deps = [ "wrappers" ];
	10	text = ''
	11	install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
	12	${varDir}/cache
	13	install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
	14	'';
	15	};
	16	config =
	17	# FIXME: LOG_DESTINATION syslog?
	18	assert checkEnv "NIXOPS_ROUNDCUBEMAIL_PSQL_URL";
	19	assert checkEnv "NIXOPS_ROUNDCUBEMAIL_SECRET";
	20	writeText "config.php" ''
	21	<?php
	22	$config['db_dsnw'] = '${builtins.getEnv "NIXOPS_ROUNDCUBEMAIL_PSQL_URL"}';
	23	$config['default_host'] = 'ssl://mail.immae.eu';
	24	$config['imap_conn_options'] = array("ssl" => array("verify_peer" => false));
	25	$config['smtp_server'] = 'tls://mail.immae.eu';
	26
	27	$config['imap_cache'] = 'db';
	28	$config['messages_cache'] = 'db';
	29
	30	$config['support_url'] = ''';
	31
	32	$config['des_key'] = '${builtins.getEnv "NIXOPS_ROUNDCUBEMAIL_SECRET"}';
	33
	34	$config['plugins'] = array();
	35
	36	$config['language'] = 'fr_FR';
	37
	38	$config['drafts_mbox'] = 'Mail/Drafts';
	39	$config['junk_mbox'] = 'Mail/Spam';
	40	$config['sent_mbox'] = 'Mail/sent';
	41	$config['trash_mbox'] = ''';
	42	$config['default_folders'] = array('INBOX', 'Mail/Drafts', 'Mail/sent', 'Mail/Spam', ''');
	43	$config['draft_autosave'] = 60;
	44	$config['enable_installer'] = false;
	45	$config['log_driver'] = 'stdout';
	46	$config['temp_dir'] = '${varDir}/cache';
	47	$config['debug_level'] = 1;
	48	'';
	49	webRoot = stdenv.mkDerivation rec {
	50	version = "1.3.8";
	51	name = "roundcubemail-${version}";
	52	src= fetchurl {
	53	url = "https://github.com/roundcube/roundcubemail/releases/download/${version}/${name}-complete.tar.gz";
	54	sha256 = "018djad7ygfl9c9f2l2j42qkg31ml3hs2f01f0dk361zckwk77n4";
	55	};
	56	buildPhase = ''
	57	sed -i \
	58	-e "s\|RCUBE_INSTALL_PATH . 'temp.*\|'${varDir}/cache';\|" \
	59	config/defaults.inc.php
	60	'';
	61	installPhase = ''
	62	cp -a . $out
	63	ln -s ${config} $out/config/config.inc.php
	64	${builtins.concatStringsSep "\n" (
	65	lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/plugins/${name}") plugins
	66	)}
	67	'';
	68	};
	69	apache = {
	70	user = "wwwrun";
	71	group = "wwwrun";
	72	modules = [ "proxy_fcgi" ];
	73	vhostConf = ''
	74	Alias /roundcube "${webRoot}"
	75	<Directory "${webRoot}">
	76	DirectoryIndex index.php
	77	AllowOverride All
	78	Options FollowSymlinks
	79	Require all granted
	80
	81	<FilesMatch "\.php$">
	82	SetHandler "proxy:unix:${phpFpm.socket}\|fcgi://localhost"
	83	</FilesMatch>
	84	</Directory>
	85	'';
	86	};
	87	phpFpm = rec {
	88	basedir = builtins.concatStringsSep ":" (
	89	[ webRoot config varDir ]
	90	++ lib.attrsets.mapAttrsToList (name: value: value) plugins);
	91	socket = "/var/run/phpfpm/roundcubemail.sock";
	92	pool = ''
	93	listen = ${socket}
	94	user = ${apache.user}
	95	group = ${apache.group}
	96	listen.owner = ${apache.user}
	97	listen.group = ${apache.group}
	98	pm = ondemand
	99	pm.max_children = 60
	100	pm.process_idle_timeout = 60
	101
	102	; Needed to avoid clashes in browser cookies (same domain)
	103	php_value[session.name] = RoundcubemailPHPSESSID
	104	php_admin_value[open_basedir] = "${basedir}:/tmp"
	105	php_admin_value[session.save_path] = "${varDir}/phpSessions"
	106	'';
	107	};
	108	};
	109	in
	110	roundcubemail


diff --git a/virtual/modules/websites/tools/tools/tt-rss.json b/virtual/modules/websites/tools/tools/tt-rss.json new file mode 100644 index 0000000..e2731b0 --- /dev/null +++ b/virtual/modules/websites/tools/tools/tt-rss.json
@@ -0,0 +1,14 @@
	1	{
	2	"tag": "986ca25-master",
	3	"meta": {
	4	"name": "tt-rss",
	5	"url": "https://git.tt-rss.org/fox/tt-rss.git",
	6	"branch": "master"
	7	},
	8	"git": {
	9	"url": "https://git.tt-rss.org/fox/tt-rss.git",
	10	"rev": "986ca251f995f7754a0470d3e0c44538a545081f",
	11	"sha256": "0xkafkh7l9zazm5d6snlq03kdfxfhkb4c8fdsb32wn8b9bhdzf5s",
	12	"fetchSubmodules": true
	13	}
	14	}


diff --git a/virtual/modules/websites/tools/tools/ttrss-af-feedmod_type_replace.patch b/virtual/modules/websites/tools/tools/ttrss-af-feedmod_type_replace.patch new file mode 100644 index 0000000..d622577 --- /dev/null +++ b/virtual/modules/websites/tools/tools/ttrss-af-feedmod_type_replace.patch
@@ -0,0 +1,12 @@
	1	--- a/init.php 2014-06-16 14:21:06.995480038 +0200
	2	+++ b/init.php 2014-06-16 14:22:00.151027654 +0200
	3	@@ -147,6 +147,9 @@
	4	}
	5	}
	6	break;
	7	+ case 'replace':
	8	+ $article['content'] = preg_replace("/".$config['pattern']."/",$config['replacement'],$article['content']);
	9	+ break;
	10
	11	default:
	12	// unknown type or invalid config


diff --git a/virtual/modules/websites/tools/tools/ttrss-af_feedmod.json b/virtual/modules/websites/tools/tools/ttrss-af_feedmod.json new file mode 100644 index 0000000..e57fcce --- /dev/null +++ b/virtual/modules/websites/tools/tools/ttrss-af_feedmod.json
@@ -0,0 +1,15 @@
	1	{
	2	"tag": "0ea2092-master",
	3	"meta": {
	4	"name": "ttrss-af_feedmod",
	5	"url": "https://github.com/mbirth/ttrss_plugin-af_feedmod",
	6	"branch": "master"
	7	},
	8	"github": {
	9	"owner": "mbirth",
	10	"repo": "ttrss_plugin-af_feedmod",
	11	"rev": "0ea2092dd34067ecd898802cfca3570023d1ecfe",
	12	"sha256": "02ibf47zcrsc2rr45wsix8gxyyf371davj8n8i0gj1zdq95klvnv",
	13	"fetchSubmodules": true
	14	}
	15	}


diff --git a/virtual/modules/websites/tools/tools/ttrss-auth-ldap.json b/virtual/modules/websites/tools/tools/ttrss-auth-ldap.json new file mode 100644 index 0000000..c8aaab5 --- /dev/null +++ b/virtual/modules/websites/tools/tools/ttrss-auth-ldap.json
@@ -0,0 +1,15 @@
	1	{
	2	"tag": "4d751b0-master",
	3	"meta": {
	4	"name": "ttrss-auth-ldap",
	5	"url": "https://github.com/hydrian/TTRSS-Auth-LDAP",
	6	"branch": "master"
	7	},
	8	"github": {
	9	"owner": "hydrian",
	10	"repo": "TTRSS-Auth-LDAP",
	11	"rev": "4d751b095c29a8dbe2dc7bb07777742956136e94",
	12	"sha256": "0b9fl86acrzpcv41r7pj3bl8b3n72hpkdywzx9zjyfqv5pskxyim",
	13	"fetchSubmodules": true
	14	}
	15	}


diff --git a/virtual/modules/websites/tools/tools/ttrss-feediron.json b/virtual/modules/websites/tools/tools/ttrss-feediron.json new file mode 100644 index 0000000..5dbec92 --- /dev/null +++ b/virtual/modules/websites/tools/tools/ttrss-feediron.json
@@ -0,0 +1,15 @@
	1	{
	2	"tag": "407168c-master",
	3	"meta": {
	4	"name": "ttrss-feediron",
	5	"url": "https://github.com/m42e/ttrss_plugin-feediron",
	6	"branch": "master"
	7	},
	8	"github": {
	9	"owner": "m42e",
	10	"repo": "ttrss_plugin-feediron",
	11	"rev": "407168c628880b5ced572cc549db6d50e866d3c8",
	12	"sha256": "17b95ifpcph6m03hjd1mhi8gi1hw9yd3fnffmw66fqr5c9l3zd9r",
	13	"fetchSubmodules": true
	14	}
	15	}


diff --git a/virtual/modules/websites/tools/tools/ttrss-feediron_json_reformat.patch b/virtual/modules/websites/tools/tools/ttrss-feediron_json_reformat.patch new file mode 100644 index 0000000..e1c44d9 --- /dev/null +++ b/virtual/modules/websites/tools/tools/ttrss-feediron_json_reformat.patch
@@ -0,0 +1,18 @@
	1	diff --git a/init.php b/init.php
	2	index 3c0f2f9..1aad146 100644
	3	--- a/init.php
	4	+++ b/init.php
	5	@@ -600,10 +600,11 @@ class Feediron extends Plugin implements IHandler
	6	return false;
	7	}
	8
	9	- $this->host->set($this, 'json_conf', Feediron_Json::format($json_conf));
	10	+ $new_conf = json_encode(json_decode($json_conf), JSON_PRETTY_PRINT);
	11	+ $this->host->set($this, 'json_conf', $new_conf);
	12	$json_reply['success'] = true;
	13	$json_reply['message'] = __('Configuration saved.');
	14	- $json_reply['json_conf'] = Feediron_Json::format($json_conf);
	15	+ $json_reply['json_conf'] = $new_conf;
	16	echo json_encode($json_reply);
	17	}
	18


diff --git a/virtual/modules/websites/tools/tools/ttrss-ff_instagram.json b/virtual/modules/websites/tools/tools/ttrss-ff_instagram.json new file mode 100644 index 0000000..1f241b9 --- /dev/null +++ b/virtual/modules/websites/tools/tools/ttrss-ff_instagram.json
@@ -0,0 +1,15 @@
	1	{
	2	"tag": "0366ffb-master",
	3	"meta": {
	4	"name": "ttrss-ff_instagram",
	5	"url": "https://github.com/wltb/ff_instagram",
	6	"branch": "master"
	7	},
	8	"github": {
	9	"owner": "wltb",
	10	"repo": "ff_instagram",
	11	"rev": "0366ffb18c4d490c8fbfba2f5f3367a5af23cfe8",
	12	"sha256": "0vvzl6wi6jmrqknsfddvckjgsgfizz1d923d1nyrpzjfn6bda1vk",
	13	"fetchSubmodules": true
	14	}
	15	}


diff --git a/virtual/modules/websites/tools/tools/ttrss-tumblr_gdpr_ua.json b/virtual/modules/websites/tools/tools/ttrss-tumblr_gdpr_ua.json new file mode 100644 index 0000000..eafbcfe --- /dev/null +++ b/virtual/modules/websites/tools/tools/ttrss-tumblr_gdpr_ua.json
@@ -0,0 +1,15 @@
	1	{
	2	"tag": "287c584-master",
	3	"meta": {
	4	"name": "ttrss-tumblr_gdpr_ua",
	5	"url": "https://github.com/hkockerbeck/ttrss-tumblr-gdpr-ua",
	6	"branch": "master"
	7	},
	8	"github": {
	9	"owner": "hkockerbeck",
	10	"repo": "ttrss-tumblr-gdpr-ua",
	11	"rev": "287c584e68845d524f920156bff0b2eaa6f65117",
	12	"sha256": "1fviawgcclqky4k4xv1sqzvpb8i74w9f0pclm09m78s8l85wh9py",
	13	"fetchSubmodules": true
	14	}
	15	}


diff --git a/virtual/modules/websites/tools/tools/ttrss.nix b/virtual/modules/websites/tools/tools/ttrss.nix new file mode 100644 index 0000000..f7b0f61 --- /dev/null +++ b/virtual/modules/websites/tools/tools/ttrss.nix
@@ -0,0 +1,182 @@
	1	{ lib, php, checkEnv, writeText, stdenv, fetchedGit, fetchedGithub }:
	2	let
	3	ttrss = let
	4	plugins = {
	5	auth_ldap = stdenv.mkDerivation (fetchedGithub ./ttrss-auth-ldap.json // rec {
	6	installPhase = ''
	7	mkdir $out
	8	cp plugins/auth_ldap/init.php $out
	9	'';
	10	});
	11	af_feedmod = stdenv.mkDerivation (fetchedGithub ./ttrss-af_feedmod.json // rec {
	12	patches = [ ./ttrss-af-feedmod_type_replace.patch ];
	13	installPhase = ''
	14	mkdir $out
	15	cp init.php $out
	16	'';
	17	});
	18	feediron = stdenv.mkDerivation (fetchedGithub ./ttrss-feediron.json // rec {
	19	patches = [ ./ttrss-feediron_json_reformat.patch ];
	20	installPhase = ''
	21	mkdir $out
	22	cp -a . $out
	23	'';
	24	});
	25	ff_instagram = stdenv.mkDerivation (fetchedGithub ./ttrss-ff_instagram.json // rec {
	26	installPhase = ''
	27	mkdir $out
	28	cp -a . $out
	29	'';
	30	});
	31	tumblr_gdpr_ua = stdenv.mkDerivation (fetchedGithub ./ttrss-tumblr_gdpr_ua.json // rec {
	32	installPhase = ''
	33	mkdir $out
	34	cp -a . $out
	35	'';
	36	});
	37	};
	38	in rec {
	39	varDir = "/var/lib/ttrss";
	40	# FIXME: initial sync
	41	activationScript = {
	42	deps = [ "wrappers" ];
	43	text = ''
	44	install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
	45	${varDir}/lock ${varDir}/cache ${varDir}/feed-icons
	46	install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}/cache/export/ \
	47	${varDir}/cache/feeds/ \
	48	${varDir}/cache/images/ \
	49	${varDir}/cache/js/ \
	50	${varDir}/cache/simplepie/ \
	51	${varDir}/cache/upload/
	52	touch ${varDir}/feed-icons/index.html
	53	install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
	54	'';
	55	};
	56	config =
	57	# FIXME: LOG_DESTINATION syslog?
	58	assert checkEnv "NIXOPS_TTRSS_DB_PASSWORD";
	59	assert checkEnv "NIXOPS_TTRSS_LDAP_PASSWORD";
	60	writeText "config.php" ''
	61	<?php
	62
	63	define('PHP_EXECUTABLE', '${php}/bin/php');
	64
	65	define('LOCK_DIRECTORY', 'lock');
	66	define('CACHE_DIR', 'cache');
	67	define('ICONS_DIR', 'feed-icons');
	68	define('ICONS_URL', 'feed-icons');
	69	define('SELF_URL_PATH', 'https://tools.immae.eu/ttrss/');
	70
	71	define('MYSQL_CHARSET', 'UTF8');
	72
	73	define('DB_TYPE', 'pgsql');
	74	define('DB_HOST', 'db-1.immae.eu');
	75	define('DB_USER', 'ttrss');
	76	define('DB_NAME', 'ttrss');
	77	define('DB_PASS', '${builtins.getEnv "NIXOPS_TTRSS_DB_PASSWORD"}');
	78	define('DB_PORT', '5432');
	79
	80	define('AUTH_AUTO_CREATE', true);
	81	define('AUTH_AUTO_LOGIN', true);
	82
	83	define('SINGLE_USER_MODE', false);
	84
	85	define('SIMPLE_UPDATE_MODE', false);
	86	define('CHECK_FOR_UPDATES', true);
	87
	88	define('FORCE_ARTICLE_PURGE', 0);
	89	define('SESSION_COOKIE_LIFETIME', 606024*120);
	90	define('ENABLE_GZIP_OUTPUT', false);
	91
	92	define('PLUGINS', 'auth_ldap, note, instances');
	93
	94	define('LOG_DESTINATION', ''');
	95	define('CONFIG_VERSION', 26);
	96
	97
	98	define('SPHINX_SERVER', 'localhost:9312');
	99	define('SPHINX_INDEX', 'ttrss, delta');
	100
	101	define('ENABLE_REGISTRATION', false);
	102	define('REG_NOTIFY_ADDRESS', 'outils@immae.eu');
	103	define('REG_MAX_USERS', 10);
	104
	105	define('SMTP_SERVER', 'mail.immae.eu:25');
	106	define('SMTP_LOGIN', ''');
	107	define('SMTP_PASSWORD', ''');
	108	define('SMTP_SECURE', 'tls');
	109
	110	define('SMTP_FROM_NAME', 'Tiny Tiny RSS');
	111	define('SMTP_FROM_ADDRESS', 'outils@immae.eu');
	112	define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');
	113
	114	define('LDAP_AUTH_SERVER_URI', 'ldap://ldap.immae.eu:389/');
	115	define('LDAP_AUTH_USETLS', TRUE);
	116	define('LDAP_AUTH_ALLOW_UNTRUSTED_CERT', TRUE);
	117	define('LDAP_AUTH_BASEDN', 'dc=immae,dc=eu');
	118	define('LDAP_AUTH_ANONYMOUSBEFOREBIND', FALSE);
	119	define('LDAP_AUTH_SEARCHFILTER', '(&(memberOf=cn=users,cn=ttrss,ou=services,dc=immae,dc=eu)(\|(cn=???)(uid=???)(&(uid:dn:=???)(ou=ttrss))))');
	120
	121	define('LDAP_AUTH_BINDDN', 'cn=ttrss,ou=services,dc=immae,dc=eu');
	122	define('LDAP_AUTH_BINDPW', '${builtins.getEnv "NIXOPS_TTRSS_LDAP_PASSWORD"}');
	123	define('LDAP_AUTH_LOGIN_ATTRIB', 'immaeTtrssLogin');
	124
	125	define('LDAP_AUTH_LOG_ATTEMPTS', FALSE);
	126	define('LDAP_AUTH_DEBUG', FALSE);
	127	'';
	128	webRoot = stdenv.mkDerivation (fetchedGit ./tt-rss.json // rec {
	129	buildPhase = ''
	130	rm -rf lock feed-icons cache
	131	ln -sf ../../../../../${varDir}/{lock,feed-icons,cache} .
	132	'';
	133	installPhase = ''
	134	cp -a . $out
	135	ln -s ${config} $out/config.php
	136	${builtins.concatStringsSep "\n" (
	137	lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/plugins/${name}") plugins
	138	)}
	139	'';
	140	});
	141	apache = {
	142	user = "wwwrun";
	143	group = "wwwrun";
	144	modules = [ "proxy_fcgi" ];
	145	vhostConf = ''
	146	Alias /ttrss "${webRoot}"
	147	<Directory "${webRoot}">
	148	DirectoryIndex index.php
	149	<FilesMatch "\.php$">
	150	SetHandler "proxy:unix:${phpFpm.socket}\|fcgi://localhost"
	151	</FilesMatch>
	152
	153	AllowOverride All
	154	Options FollowSymlinks
	155	Require all granted
	156	</Directory>
	157	'';
	158	};
	159	phpFpm = rec {
	160	basedir = builtins.concatStringsSep ":" (
	161	[ webRoot config varDir ]
	162	++ lib.attrsets.mapAttrsToList (name: value: value) plugins);
	163	socket = "/var/run/phpfpm/ttrss.sock";
	164	pool = ''
	165	listen = ${socket}
	166	user = ${apache.user}
	167	group = ${apache.group}
	168	listen.owner = ${apache.user}
	169	listen.group = ${apache.group}
	170	pm = ondemand
	171	pm.max_children = 60
	172	pm.process_idle_timeout = 60
	173
	174	; Needed to avoid clashes in browser cookies (same domain)
	175	php_value[session.name] = TtrssPHPSESSID
	176	php_admin_value[open_basedir] = "${basedir}:/tmp"
	177	php_admin_value[session.save_path] = "${varDir}/phpSessions"
	178	'';
	179	};
	180	};
	181	in
	182	ttrss


diff --git a/virtual/modules/websites/tools/tools/ympd.nix b/virtual/modules/websites/tools/tools/ympd.nix new file mode 100644 index 0000000..74bf2e5 --- /dev/null +++ b/virtual/modules/websites/tools/tools/ympd.nix
@@ -0,0 +1,35 @@
	1	{}:
	2	let
	3	ympd = rec {
	4	config = {
	5	webPort = "localhost:18001";
	6	mpd = {
	7	host = "malige.home.immae.eu";
	8	port = 6600;
	9	};
	10	};
	11	apache = {
	12	modules = [
	13	"proxy_wstunnel"
	14	];
	15	vhostConf = ''
	16	<LocationMatch "^/mpd">
	17	Use LDAPConnect
	18	Require ldap-group cn=users,cn=mpd,ou=services,dc=immae,dc=eu
	19	Require local
	20	</LocationMatch>
	21
	22	RedirectMatch permanent "^/mpd$" "/mpd/"
	23	<Location "/mpd/">
	24	ProxyPass http://${config.webPort}/
	25	ProxyPassReverse http://${config.webPort}/
	26	ProxyPreserveHost on
	27	</Location>
	28	<Location "/mpd/ws">
	29	ProxyPass ws://${config.webPort}/ws
	30	</Location>
	31	'';
	32	};
	33	};
	34	in
	35	ympd