Move httpd service to module

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-01-12 10:24:15 +0100
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-01-12 10:24:15 +0100
commit: 950ca5ee979ae2467f3471216140de2c1d572f4b (patch)
tree: 5fa7210645008d7fb03a0a5081066949bdfe35ad /virtual/modules
parent: 912921a74c8c67663048de66c6d11e1ae63dc10e (diff)
download: Nix-950ca5ee979ae2467f3471216140de2c1d572f4b.tar.gz
Nix-950ca5ee979ae2467f3471216140de2c1d572f4b.tar.zst
Nix-950ca5ee979ae2467f3471216140de2c1d572f4b.zip
4 files changed, 179 insertions, 7 deletions
diff --git a/virtual/modules/gitolite.nix b/virtual/modules/gitolite.nix
index 85c7be1..d6b9c79 100644
--- a/virtual/modules/gitolite.nix
+++ b/virtual/modules/gitolite.nix
@@ -4,6 +4,10 @@ let
 in {
  options.services.myGitolite = {
    enable = lib.mkEnableOption "my gitolite service";
+    gitoliteDir = lib.mkOption {
+      type = lib.types.string;
+      default = "/var/lib/gitolite";
+    };
  };
  config = lib.mkIf cfg.enable {
@@ -20,6 +24,13 @@ in {
      });
    };
+    services.gitDaemon = {
+      enable = true;
+      user = "gitolite";
+      group = "gitolite";
+      basePath = "${cfg.gitoliteDir}/repositories";
+    };
    system.activationScripts.gitolite =
      assert mylibs.checkEnv "NIXOPS_GITOLITE_LDAP_PASSWORD";
      let
@@ -34,12 +45,12 @@ in {
    in {
      deps = [ "users" ];
      text = ''
-        if [ -d /var/lib/gitolite ]; then
+        if [ -d ${cfg.gitoliteDir} ]; then
-          ln -sf ${gitolite_ldap_groups} /var/lib/gitolite/gitolite_ldap_groups.sh
+          ln -sf ${gitolite_ldap_groups} ${cfg.gitoliteDir}/gitolite_ldap_groups.sh
-          chmod g+rx /var/lib/gitolite
+          chmod g+rx ${cfg.gitoliteDir}
        fi
-        if [ -f /var/lib/gitolite/projects.list ]; then
+        if [ -f ${cfg.gitoliteDir}/projects.list ]; then
-          chmod g+r /var/lib/gitolite/projects.list
+          chmod g+r ${cfg.gitoliteDir}/projects.list
        fi
      '';
    };
diff --git a/virtual/modules/gitweb.nix b/virtual/modules/gitweb/default.nix
index f3ef1bd..2a860ba 100644
--- a/virtual/modules/gitweb.nix
+++ b/virtual/modules/gitweb/default.nix
@@ -1,5 +1,7 @@
 { lib, pkgs, config, mylibs, ... }:
 let
+    # FIXME: add buildbot
+    gitweb = pkgs.callPackage ./gitweb.nix { gitoliteDir = config.services.myGitolite.gitoliteDir; };
    cfg = config.services.myGitweb;
 in {
  options.services.myGitweb = {
@@ -12,10 +14,17 @@ in {
    nixpkgs.config.packageOverrides = oldpkgs: rec {
      gitweb = oldpkgs.gitweb.overrideAttrs(old: {
        installPhase = old.installPhase + ''
-          cp -r ${./gitweb/theme} $out/gitweb-theme;
+          cp -r ${./theme} $out/gitweb-theme;
          '';
      });
    };
+    services.myWebsites.tools.modules = gitweb.apache.modules;
+    services.myWebsites.tools.vhostConfs.git = {
+      certName    = "eldiron";
+      hosts       = ["git.immae.eu" ];
+      root        = gitweb.webRoot;
+      extraConfig = [ gitweb.apache.vhostConf ];
+    };
  };
 }
diff --git a/virtual/modules/gitweb/gitweb.nix b/virtual/modules/gitweb/gitweb.nix
new file mode 100644
index 0000000..7b4dcac
--- /dev/null
+++ b/virtual/modules/gitweb/gitweb.nix
@@ -0,0 +1,64 @@
+{ gitweb, writeText, gitolite, git, gitoliteDir }:
+rec {
+  varDir = gitoliteDir;
+  webRoot = gitweb;
+  config = writeText "gitweb.conf" ''
+    $git_temp = "/tmp";
+    # The directories where your projects are. Must not end with a
+    # slash.
+    $projectroot = "${varDir}/repositories";
+    $projects_list = "${varDir}/projects.list";
+    $strict_export = "true";
+    # Base URLs for links displayed in the web interface.
+    our @git_base_url_list = qw(ssh://gitolite@git.immae.eu https://git.immae.eu);
+    $feature{'blame'}{'default'} = [1];
+    $feature{'avatar'}{'default'} = ['gravatar'];
+    $feature{'highlight'}{'default'} = [1];
+    @stylesheets = ("gitweb-theme/gitweb.css");
+    $logo = "gitweb-theme/git-logo.png";
+    $favicon = "gitweb-theme/git-favicon.png";
+    $javascript = "gitweb-theme/gitweb.js";
+    $logo_url = "https://git.immae.eu/";
+    $projects_list_group_categories = "true";
+    $projects_list_description_width = 60;
+    $project_list_default_category = "__Others__";
+    '';
+  apache = {
+    user = "wwwrun";
+    group = "wwwrun";
+    modules = [ "cgid" ];
+    vhostConf = ''
+      SetEnv GIT_PROJECT_ROOT ${varDir}/repositories/
+      ScriptAliasMatch \
+                  "(?x)^/(.*/(HEAD | \
+                                  info/refs | \
+                                  objects/(info/[^/]+ | \
+                                          [0-9a-f]{2}/[0-9a-f]{38} | \
+                                          pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
+                                  git-(upload|receive)-pack))$" \
+                  ${git}/libexec/git-core/git-http-backend/$1
+      <Directory "${gitolite}">
+        Require all granted
+      </Directory>
+      <Directory "${git}/libexec/git-core">
+        Require all granted
+      </Directory>
+      <Directory "${webRoot}">
+        DirectoryIndex gitweb.cgi
+        Require all granted
+        AllowOverride None
+        Options ExecCGI FollowSymLinks
+        <Files gitweb.cgi>
+          SetHandler cgi-script
+          SetEnv  GITWEB_CONFIG  "${config}"
+        </Files>
+      </Directory>
+      '';
+  };
+}
diff --git a/virtual/modules/websites/default.nix b/virtual/modules/websites/default.nix
index a9e62a5..b027b81 100644
--- a/virtual/modules/websites/default.nix
+++ b/virtual/modules/websites/default.nix
@@ -1,5 +1,8 @@
 { lib, pkgs, config, mylibs, myconfig, ... }:
 let
+  mypkgs = pkgs.callPackage ../../packages.nix {
+    inherit (mylibs) checkEnv fetchedGit fetchedGithub;
+  };
  cfg = config.services.myWebsites;
  makeService = name: cfg: let
    toVhost = vhostConf: {
@@ -16,6 +19,28 @@ let
      documentRoot = vhostConf.root;
      extraConfig = builtins.concatStringsSep "\n" vhostConf.extraConfig;
    };
+    redirectVhost = { # Should go last, catchall http -> https redirect
+      listen = [ { ip = cfg.ip; port = 80; } ];
+      hostName = "redirectSSL";
+      serverAliases = [ "*" ];
+      enableSSL = false;
+      logFormat = "combinedVhost";
+      documentRoot = "/var/lib/acme/acme-challenge";
+      extraConfig = ''
+        RewriteEngine on
+        RewriteCond "%{REQUEST_URI}"   "!^/\.well-known"
+        RewriteRule ^(.+)              https://%{HTTP_HOST}$1  [R=301]
+        # To redirect in specific "VirtualHost *:80", do
+        #   RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://host/$1
+        # rather than rewrite
+      '';
+    };
+    fallbackVhost = toVhost { # Should go first, default choice
+      certName    = "eldiron";
+      hosts       = ["eldiron.immae.eu" ];
+      root        = ../../www;
+      extraConfig = [ "DirectoryIndex index.htm" ];
+    };
  in rec {
    enable = true;
    listen = [
@@ -28,7 +53,9 @@ let
    logFormat = "combinedVhost";
    extraModules = pkgs.lib.lists.unique (pkgs.lib.lists.flatten cfg.modules);
    extraConfig = builtins.concatStringsSep "\n" cfg.extraConfig;
-    virtualHosts = pkgs.lib.attrsets.mapAttrsToList (n: v: toVhost v) cfg.vhostConfs;
+    virtualHosts = [ fallbackVhost ]
+      ++ (pkgs.lib.attrsets.mapAttrsToList (n: v: toVhost v) cfg.vhostConfs)
+      ++ [ redirectVhost ];
  };
  makeServiceOptions = name: ip: {
    enable = lib.mkEnableOption "enable websites in ${name}";
@@ -74,6 +101,7 @@ in
  options.services.myWebsites = {
    production = makeServiceOptions "production" myconfig.ips.production;
    integration = makeServiceOptions "integration" myconfig.ips.integration;
+    tools = makeServiceOptions "tools" myconfig.ips.main;
    apacheConfig = lib.mkOption {
      type = lib.types.attrsOf (lib.types.submodule {
@@ -208,5 +236,65 @@ in
    services.httpdInte = makeService "integration" config.services.myWebsites.integration;
    services.myWebsites.integration.modules = pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig);
    services.myWebsites.integration.extraConfig = (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig));
+    services.httpd = makeService "tools" config.services.myWebsites.tools;
+    services.myWebsites.tools.modules =
+      mypkgs.adminer.apache.modules ++
+      mypkgs.nextcloud.apache.modules ++
+      mypkgs.ympd.apache.modules ++
+      mypkgs.mantisbt.apache.modules ++
+      mypkgs.ttrss.apache.modules ++
+      mypkgs.roundcubemail.apache.modules ++
+      pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig);
+    services.myWebsites.tools.extraConfig = (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig));
+    # FIXME: move them all to separate modules
+    services.myWebsites.tools.vhostConfs.eldiron = {
+      certName    = "eldiron";
+      hosts       = ["eldiron.immae.eu" ];
+      root        = ../../www;
+      extraConfig = [ "DirectoryIndex index.htm" ];
+    };
+    services.myWebsites.tools.vhostConfs.db-1 = {
+      certName    = "eldiron";
+      hosts       = ["db-1.immae.eu" ];
+      root        = null;
+      extraConfig = [ mypkgs.adminer.apache.vhostConf ];
+    };
+    services.myWebsites.tools.vhostConfs.tools = {
+      certName    = "eldiron";
+      hosts       = ["tools.immae.eu" ];
+      root        = null;
+      extraConfig = [
+        mypkgs.adminer.apache.vhostConf
+        mypkgs.ympd.apache.vhostConf
+        mypkgs.ttrss.apache.vhostConf
+        mypkgs.roundcubemail.apache.vhostConf
+      ];
+    };
+    services.myWebsites.tools.vhostConfs.dav = {
+      certName    = "eldiron";
+      hosts       = ["dav.immae.eu" ];
+      root        = null;
+      extraConfig = [
+        mypkgs.infcloud.apache.vhostConf
+        mypkgs.davical.apache.vhostConf
+      ];
+    };
+    services.myWebsites.tools.vhostConfs.cloud = {
+      certName    = "eldiron";
+      hosts       = ["cloud.immae.eu" ];
+      root        = mypkgs.nextcloud.webRoot;
+      extraConfig = [
+        mypkgs.nextcloud.apache.vhostConf
+      ];
+    };
+    services.myWebsites.tools.vhostConfs.git.extraConfig = [
+      mypkgs.mantisbt.apache.vhostConf
+      ''
+        RewriteEngine on
+        RewriteCond %{REQUEST_URI}       ^/releases
+        RewriteRule /releases(.*)        https://release.immae.eu$1 [P,L]
+        ''
+    ];
  };
 }
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-01-12 10:24:15 +0100
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-01-12 10:24:15 +0100
commit	950ca5ee979ae2467f3471216140de2c1d572f4b (patch)
tree	5fa7210645008d7fb03a0a5081066949bdfe35ad /virtual/modules
parent	912921a74c8c67663048de66c6d11e1ae63dc10e (diff)
download	Nix-950ca5ee979ae2467f3471216140de2c1d572f4b.tar.gz Nix-950ca5ee979ae2467f3471216140de2c1d572f4b.tar.zst Nix-950ca5ee979ae2467f3471216140de2c1d572f4b.zip

diff --git a/virtual/modules/gitolite.nix b/virtual/modules/gitolite.nix index 85c7be1..d6b9c79 100644 --- a/virtual/modules/gitolite.nix +++ b/virtual/modules/gitolite.nix
@@ -4,6 +4,10 @@ let
4	in {	4	in {
5	options.services.myGitolite = {	5	options.services.myGitolite = {
6	enable = lib.mkEnableOption "my gitolite service";	6	enable = lib.mkEnableOption "my gitolite service";
		7	gitoliteDir = lib.mkOption {
		8	type = lib.types.string;
		9	default = "/var/lib/gitolite";
		10	};
7	};	11	};
8		12
9	config = lib.mkIf cfg.enable {	13	config = lib.mkIf cfg.enable {
@@ -20,6 +24,13 @@ in {
20	});	24	});
21	};	25	};
22		26
		27	services.gitDaemon = {
		28	enable = true;
		29	user = "gitolite";
		30	group = "gitolite";
		31	basePath = "${cfg.gitoliteDir}/repositories";
		32	};
		33
23	system.activationScripts.gitolite =	34	system.activationScripts.gitolite =
24	assert mylibs.checkEnv "NIXOPS_GITOLITE_LDAP_PASSWORD";	35	assert mylibs.checkEnv "NIXOPS_GITOLITE_LDAP_PASSWORD";
25	let	36	let
@@ -34,12 +45,12 @@ in {
34	in {	45	in {
35	deps = [ "users" ];	46	deps = [ "users" ];
36	text = ''	47	text = ''
37	if [ -d /var/lib/gitolite ]; then	48	if [ -d ${cfg.gitoliteDir} ]; then
38	ln -sf ${gitolite_ldap_groups} /var/lib/gitolite/gitolite_ldap_groups.sh	49	ln -sf ${gitolite_ldap_groups} ${cfg.gitoliteDir}/gitolite_ldap_groups.sh
39	chmod g+rx /var/lib/gitolite	50	chmod g+rx ${cfg.gitoliteDir}
40	fi	51	fi
41	if [ -f /var/lib/gitolite/projects.list ]; then	52	if [ -f ${cfg.gitoliteDir}/projects.list ]; then
42	chmod g+r /var/lib/gitolite/projects.list	53	chmod g+r ${cfg.gitoliteDir}/projects.list
43	fi	54	fi
44	'';	55	'';
45	};	56	};


diff --git a/virtual/modules/gitweb.nix b/virtual/modules/gitweb/default.nix index f3ef1bd..2a860ba 100644 --- a/virtual/modules/gitweb.nix +++ b/virtual/modules/gitweb/default.nix
@@ -1,5 +1,7 @@
1	{ lib, pkgs, config, mylibs, ... }:	1	{ lib, pkgs, config, mylibs, ... }:
2	let	2	let
		3	# FIXME: add buildbot
		4	gitweb = pkgs.callPackage ./gitweb.nix { gitoliteDir = config.services.myGitolite.gitoliteDir; };
3	cfg = config.services.myGitweb;	5	cfg = config.services.myGitweb;
4	in {	6	in {
5	options.services.myGitweb = {	7	options.services.myGitweb = {
@@ -12,10 +14,17 @@ in {
12	nixpkgs.config.packageOverrides = oldpkgs: rec {	14	nixpkgs.config.packageOverrides = oldpkgs: rec {
13	gitweb = oldpkgs.gitweb.overrideAttrs(old: {	15	gitweb = oldpkgs.gitweb.overrideAttrs(old: {
14	installPhase = old.installPhase + ''	16	installPhase = old.installPhase + ''
15	cp -r ${./gitweb/theme} $out/gitweb-theme;	17	cp -r ${./theme} $out/gitweb-theme;
16	'';	18	'';
17	});	19	});
18	};	20	};
19		21
		22	services.myWebsites.tools.modules = gitweb.apache.modules;
		23	services.myWebsites.tools.vhostConfs.git = {
		24	certName = "eldiron";
		25	hosts = ["git.immae.eu" ];
		26	root = gitweb.webRoot;
		27	extraConfig = [ gitweb.apache.vhostConf ];
		28	};
20	};	29	};
21	}	30	}


diff --git a/virtual/modules/gitweb/gitweb.nix b/virtual/modules/gitweb/gitweb.nix new file mode 100644 index 0000000..7b4dcac --- /dev/null +++ b/virtual/modules/gitweb/gitweb.nix
@@ -0,0 +1,64 @@
		1	{ gitweb, writeText, gitolite, git, gitoliteDir }:
		2	rec {
		3	varDir = gitoliteDir;
		4	webRoot = gitweb;
		5	config = writeText "gitweb.conf" ''
		6	$git_temp = "/tmp";
		7
		8	# The directories where your projects are. Must not end with a
		9	# slash.
		10	$projectroot = "${varDir}/repositories";
		11
		12	$projects_list = "${varDir}/projects.list";
		13	$strict_export = "true";
		14
		15	# Base URLs for links displayed in the web interface.
		16	our @git_base_url_list = qw(ssh://gitolite@git.immae.eu https://git.immae.eu);
		17
		18	$feature{'blame'}{'default'} = [1];
		19	$feature{'avatar'}{'default'} = ['gravatar'];
		20	$feature{'highlight'}{'default'} = [1];
		21
		22	@stylesheets = ("gitweb-theme/gitweb.css");
		23	$logo = "gitweb-theme/git-logo.png";
		24	$favicon = "gitweb-theme/git-favicon.png";
		25	$javascript = "gitweb-theme/gitweb.js";
		26	$logo_url = "https://git.immae.eu/";
		27	$projects_list_group_categories = "true";
		28	$projects_list_description_width = 60;
		29	$project_list_default_category = "__Others__";
		30	'';
		31	apache = {
		32	user = "wwwrun";
		33	group = "wwwrun";
		34	modules = [ "cgid" ];
		35	vhostConf = ''
		36	SetEnv GIT_PROJECT_ROOT ${varDir}/repositories/
		37	ScriptAliasMatch \
		38	"(?x)^/(.*/(HEAD \| \
		39	info/refs \| \
		40	objects/(info/[^/]+ \| \
		41	[0-9a-f]{2}/[0-9a-f]{38} \| \
		42	pack/pack-[0-9a-f]{40}\.(pack\|idx)) \| \
		43	git-(upload\|receive)-pack))$" \
		44	${git}/libexec/git-core/git-http-backend/$1
		45
		46	<Directory "${gitolite}">
		47	Require all granted
		48	</Directory>
		49	<Directory "${git}/libexec/git-core">
		50	Require all granted
		51	</Directory>
		52	<Directory "${webRoot}">
		53	DirectoryIndex gitweb.cgi
		54	Require all granted
		55	AllowOverride None
		56	Options ExecCGI FollowSymLinks
		57	<Files gitweb.cgi>
		58	SetHandler cgi-script
		59	SetEnv GITWEB_CONFIG "${config}"
		60	</Files>
		61	</Directory>
		62	'';
		63	};
		64	}


diff --git a/virtual/modules/websites/default.nix b/virtual/modules/websites/default.nix index a9e62a5..b027b81 100644 --- a/virtual/modules/websites/default.nix +++ b/virtual/modules/websites/default.nix
@@ -1,5 +1,8 @@
1	{ lib, pkgs, config, mylibs, myconfig, ... }:	1	{ lib, pkgs, config, mylibs, myconfig, ... }:
2	let	2	let
		3	mypkgs = pkgs.callPackage ../../packages.nix {
		4	inherit (mylibs) checkEnv fetchedGit fetchedGithub;
		5	};
3	cfg = config.services.myWebsites;	6	cfg = config.services.myWebsites;
4	makeService = name: cfg: let	7	makeService = name: cfg: let
5	toVhost = vhostConf: {	8	toVhost = vhostConf: {
@@ -16,6 +19,28 @@ let
16	documentRoot = vhostConf.root;	19	documentRoot = vhostConf.root;
17	extraConfig = builtins.concatStringsSep "\n" vhostConf.extraConfig;	20	extraConfig = builtins.concatStringsSep "\n" vhostConf.extraConfig;
18	};	21	};
		22	redirectVhost = { # Should go last, catchall http -> https redirect
		23	listen = [ { ip = cfg.ip; port = 80; } ];
		24	hostName = "redirectSSL";
		25	serverAliases = [ "*" ];
		26	enableSSL = false;
		27	logFormat = "combinedVhost";
		28	documentRoot = "/var/lib/acme/acme-challenge";
		29	extraConfig = ''
		30	RewriteEngine on
		31	RewriteCond "%{REQUEST_URI}" "!^/\.well-known"
		32	RewriteRule ^(.+) https://%{HTTP_HOST}$1 [R=301]
		33	# To redirect in specific "VirtualHost *:80", do
		34	# RedirectMatch 301 ^/((?!\.well-known.$).)$ https://host/$1
		35	# rather than rewrite
		36	'';
		37	};
		38	fallbackVhost = toVhost { # Should go first, default choice
		39	certName = "eldiron";
		40	hosts = ["eldiron.immae.eu" ];
		41	root = ../../www;
		42	extraConfig = [ "DirectoryIndex index.htm" ];
		43	};
19	in rec {	44	in rec {
20	enable = true;	45	enable = true;
21	listen = [	46	listen = [
@@ -28,7 +53,9 @@ let
28	logFormat = "combinedVhost";	53	logFormat = "combinedVhost";
29	extraModules = pkgs.lib.lists.unique (pkgs.lib.lists.flatten cfg.modules);	54	extraModules = pkgs.lib.lists.unique (pkgs.lib.lists.flatten cfg.modules);
30	extraConfig = builtins.concatStringsSep "\n" cfg.extraConfig;	55	extraConfig = builtins.concatStringsSep "\n" cfg.extraConfig;
31	virtualHosts = pkgs.lib.attrsets.mapAttrsToList (n: v: toVhost v) cfg.vhostConfs;	56	virtualHosts = [ fallbackVhost ]
		57	++ (pkgs.lib.attrsets.mapAttrsToList (n: v: toVhost v) cfg.vhostConfs)
		58	++ [ redirectVhost ];
32	};	59	};
33	makeServiceOptions = name: ip: {	60	makeServiceOptions = name: ip: {
34	enable = lib.mkEnableOption "enable websites in ${name}";	61	enable = lib.mkEnableOption "enable websites in ${name}";
@@ -74,6 +101,7 @@ in
74	options.services.myWebsites = {	101	options.services.myWebsites = {
75	production = makeServiceOptions "production" myconfig.ips.production;	102	production = makeServiceOptions "production" myconfig.ips.production;
76	integration = makeServiceOptions "integration" myconfig.ips.integration;	103	integration = makeServiceOptions "integration" myconfig.ips.integration;
		104	tools = makeServiceOptions "tools" myconfig.ips.main;
77		105
78	apacheConfig = lib.mkOption {	106	apacheConfig = lib.mkOption {
79	type = lib.types.attrsOf (lib.types.submodule {	107	type = lib.types.attrsOf (lib.types.submodule {
@@ -208,5 +236,65 @@ in
208	services.httpdInte = makeService "integration" config.services.myWebsites.integration;	236	services.httpdInte = makeService "integration" config.services.myWebsites.integration;
209	services.myWebsites.integration.modules = pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig);	237	services.myWebsites.integration.modules = pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig);
210	services.myWebsites.integration.extraConfig = (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig));	238	services.myWebsites.integration.extraConfig = (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig));
		239
		240	services.httpd = makeService "tools" config.services.myWebsites.tools;
		241	services.myWebsites.tools.modules =
		242	mypkgs.adminer.apache.modules ++
		243	mypkgs.nextcloud.apache.modules ++
		244	mypkgs.ympd.apache.modules ++
		245	mypkgs.mantisbt.apache.modules ++
		246	mypkgs.ttrss.apache.modules ++
		247	mypkgs.roundcubemail.apache.modules ++
		248	pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig);
		249	services.myWebsites.tools.extraConfig = (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig));
		250	# FIXME: move them all to separate modules
		251	services.myWebsites.tools.vhostConfs.eldiron = {
		252	certName = "eldiron";
		253	hosts = ["eldiron.immae.eu" ];
		254	root = ../../www;
		255	extraConfig = [ "DirectoryIndex index.htm" ];
		256	};
		257	services.myWebsites.tools.vhostConfs.db-1 = {
		258	certName = "eldiron";
		259	hosts = ["db-1.immae.eu" ];
		260	root = null;
		261	extraConfig = [ mypkgs.adminer.apache.vhostConf ];
		262	};
		263	services.myWebsites.tools.vhostConfs.tools = {
		264	certName = "eldiron";
		265	hosts = ["tools.immae.eu" ];
		266	root = null;
		267	extraConfig = [
		268	mypkgs.adminer.apache.vhostConf
		269	mypkgs.ympd.apache.vhostConf
		270	mypkgs.ttrss.apache.vhostConf
		271	mypkgs.roundcubemail.apache.vhostConf
		272	];
		273	};
		274	services.myWebsites.tools.vhostConfs.dav = {
		275	certName = "eldiron";
		276	hosts = ["dav.immae.eu" ];
		277	root = null;
		278	extraConfig = [
		279	mypkgs.infcloud.apache.vhostConf
		280	mypkgs.davical.apache.vhostConf
		281	];
		282	};
		283	services.myWebsites.tools.vhostConfs.cloud = {
		284	certName = "eldiron";
		285	hosts = ["cloud.immae.eu" ];
		286	root = mypkgs.nextcloud.webRoot;
		287	extraConfig = [
		288	mypkgs.nextcloud.apache.vhostConf
		289	];
		290	};
		291	services.myWebsites.tools.vhostConfs.git.extraConfig = [
		292	mypkgs.mantisbt.apache.vhostConf
		293	''
		294	RewriteEngine on
		295	RewriteCond %{REQUEST_URI} ^/releases
		296	RewriteRule /releases(.*) https://release.immae.eu$1 [P,L]
		297	''
		298	];
211	};	299	};
212	}	300	}