diff options
-rw-r--r-- | virtual/eldiron.nix | 55 |
1 files changed, 23 insertions, 32 deletions
diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix index 51e2bb9..d88dd93 100644 --- a/virtual/eldiron.nix +++ b/virtual/eldiron.nix | |||
@@ -12,8 +12,6 @@ | |||
12 | }; | 12 | }; |
13 | in | 13 | in |
14 | { | 14 | { |
15 | # FIXME: they are not overriden in packages.nix | ||
16 | # (see nix-store -q --tree /nix/var/nix/profiles/system) | ||
17 | nixpkgs.config.packageOverrides = oldpkgs: rec { | 15 | nixpkgs.config.packageOverrides = oldpkgs: rec { |
18 | gitolite = nixpkgs_unstable.gitolite; | 16 | gitolite = nixpkgs_unstable.gitolite; |
19 | gitweb = oldpkgs.gitweb.overrideAttrs(old: { | 17 | gitweb = oldpkgs.gitweb.overrideAttrs(old: { |
@@ -234,11 +232,13 @@ | |||
234 | }; | 232 | }; |
235 | 233 | ||
236 | services.httpd = let | 234 | services.httpd = let |
237 | withSSL = domain: { | 235 | withConf = domain: { |
238 | enableSSL = true; | 236 | enableSSL = true; |
239 | sslServerCert = "/var/lib/acme/${domain}/cert.pem"; | 237 | sslServerCert = "/var/lib/acme/${domain}/cert.pem"; |
240 | sslServerKey = "/var/lib/acme/${domain}/key.pem"; | 238 | sslServerKey = "/var/lib/acme/${domain}/key.pem"; |
241 | sslServerChain = "/var/lib/acme/${domain}/fullchain.pem"; | 239 | sslServerChain = "/var/lib/acme/${domain}/fullchain.pem"; |
240 | logFormat = "combinedVhost"; | ||
241 | listen = [ { ip = "*"; port = 443; } ]; | ||
242 | }; | 242 | }; |
243 | apacheConfig = { | 243 | apacheConfig = { |
244 | gzip = { | 244 | gzip = { |
@@ -270,29 +270,25 @@ | |||
270 | </Macro> | 270 | </Macro> |
271 | ''; | 271 | ''; |
272 | }; | 272 | }; |
273 | http2 = { | ||
274 | modules = [ "http2" ]; | ||
275 | extraConfig = '' | ||
276 | Protocols h2 http/1.1 | ||
277 | ''; | ||
278 | }; | ||
279 | customLog = { | ||
280 | modules = []; | ||
281 | extraConfig = '' | ||
282 | LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %p" combinedVhost | ||
283 | ''; | ||
284 | }; | ||
273 | }; | 285 | }; |
274 | in rec { | 286 | in rec { |
275 | enable = true; | 287 | enable = true; |
276 | logPerVirtualHost = true; | 288 | logPerVirtualHost = true; |
277 | multiProcessingModule = "worker"; | 289 | multiProcessingModule = "worker"; |
278 | adminAddr = "httpd@immae.eu"; | 290 | adminAddr = "httpd@immae.eu"; |
279 | # FIXME: http2 | 291 | logFormat = "combinedVhost"; |
280 | # FIXME: voir les autres modules: | ||
281 | # authz_core_module | ||
282 | # reqtimeout_module | ||
283 | # http2_module | ||
284 | # version_module | ||
285 | # proxy_connect_module | ||
286 | # proxy_ftp_module | ||
287 | # proxy_scgi_module | ||
288 | # proxy_ajp_module | ||
289 | # proxy_balancer_module | ||
290 | # proxy_express_module | ||
291 | # lbmethod_byrequests_module | ||
292 | # lbmethod_bytraffic_module | ||
293 | # lbmethod_bybusyness_module | ||
294 | # lbmethod_heartbeat_module | ||
295 | |||
296 | extraModules = pkgs.lib.lists.unique ( | 292 | extraModules = pkgs.lib.lists.unique ( |
297 | mypkgs.adminer.apache.modules ++ | 293 | mypkgs.adminer.apache.modules ++ |
298 | mypkgs.nextcloud.apache.modules ++ | 294 | mypkgs.nextcloud.apache.modules ++ |
@@ -306,24 +302,21 @@ | |||
306 | extraConfig = builtins.concatStringsSep "\n" | 302 | extraConfig = builtins.concatStringsSep "\n" |
307 | (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig) apacheConfig); | 303 | (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig) apacheConfig); |
308 | virtualHosts = [ | 304 | virtualHosts = [ |
309 | (withSSL "eldiron" // { | 305 | (withConf "eldiron" // { |
310 | listen = [ { ip = "*"; port = 443; } ]; | ||
311 | hostName = "eldiron.immae.eu"; | 306 | hostName = "eldiron.immae.eu"; |
312 | documentRoot = ./www; | 307 | documentRoot = ./www; |
313 | extraConfig = '' | 308 | extraConfig = '' |
314 | DirectoryIndex index.htm | 309 | DirectoryIndex index.htm |
315 | ''; | 310 | ''; |
316 | }) | 311 | }) |
317 | (withSSL "eldiron" // { | 312 | (withConf "eldiron" // { |
318 | listen = [ { ip = "*"; port = 443; } ]; | ||
319 | hostName = "db-1.immae.eu"; | 313 | hostName = "db-1.immae.eu"; |
320 | documentRoot = null; | 314 | documentRoot = null; |
321 | extraConfig = builtins.concatStringsSep "\n" [ | 315 | extraConfig = builtins.concatStringsSep "\n" [ |
322 | mypkgs.adminer.apache.vhostConf | 316 | mypkgs.adminer.apache.vhostConf |
323 | ]; | 317 | ]; |
324 | }) | 318 | }) |
325 | (withSSL "eldiron" // { | 319 | (withConf "eldiron" // { |
326 | listen = [ { ip = "*"; port = 443; } ]; | ||
327 | hostName = "tools.immae.eu"; | 320 | hostName = "tools.immae.eu"; |
328 | documentRoot = null; | 321 | documentRoot = null; |
329 | extraConfig = builtins.concatStringsSep "\n" [ | 322 | extraConfig = builtins.concatStringsSep "\n" [ |
@@ -331,8 +324,7 @@ | |||
331 | mypkgs.ympd.apache.vhostConf | 324 | mypkgs.ympd.apache.vhostConf |
332 | ]; | 325 | ]; |
333 | }) | 326 | }) |
334 | (withSSL "eldiron" // { | 327 | (withConf "eldiron" // { |
335 | listen = [ { ip = "*"; port = 443; } ]; | ||
336 | hostName = "connexionswing.immae.eu"; | 328 | hostName = "connexionswing.immae.eu"; |
337 | serverAliases = [ "sandetludo.immae.eu" ]; | 329 | serverAliases = [ "sandetludo.immae.eu" ]; |
338 | documentRoot = mypkgs.connexionswing_dev.webRoot; | 330 | documentRoot = mypkgs.connexionswing_dev.webRoot; |
@@ -340,16 +332,14 @@ | |||
340 | mypkgs.connexionswing_dev.apache.vhostConf | 332 | mypkgs.connexionswing_dev.apache.vhostConf |
341 | ]; | 333 | ]; |
342 | }) | 334 | }) |
343 | (withSSL "eldiron" // { | 335 | (withConf "eldiron" // { |
344 | listen = [ { ip = "*"; port = 443; } ]; | ||
345 | hostName = "cloud.immae.eu"; | 336 | hostName = "cloud.immae.eu"; |
346 | documentRoot = mypkgs.nextcloud.webRoot; | 337 | documentRoot = mypkgs.nextcloud.webRoot; |
347 | extraConfig = builtins.concatStringsSep "\n" [ | 338 | extraConfig = builtins.concatStringsSep "\n" [ |
348 | mypkgs.nextcloud.apache.vhostConf | 339 | mypkgs.nextcloud.apache.vhostConf |
349 | ]; | 340 | ]; |
350 | }) | 341 | }) |
351 | (withSSL "eldiron" // { | 342 | (withConf "eldiron" // { |
352 | listen = [ { ip = "*"; port = 443; } ]; | ||
353 | hostName = "git.immae.eu"; | 343 | hostName = "git.immae.eu"; |
354 | documentRoot = mypkgs.git.web.webRoot; | 344 | documentRoot = mypkgs.git.web.webRoot; |
355 | extraConfig = builtins.concatStringsSep "\n" [ | 345 | extraConfig = builtins.concatStringsSep "\n" [ |
@@ -366,6 +356,7 @@ | |||
366 | hostName = "redirectSSL"; | 356 | hostName = "redirectSSL"; |
367 | serverAliases = [ "*" ]; | 357 | serverAliases = [ "*" ]; |
368 | enableSSL = false; | 358 | enableSSL = false; |
359 | logFormat = "combinedVhost"; | ||
369 | documentRoot = "/var/lib/acme/acme-challenge"; | 360 | documentRoot = "/var/lib/acme/acme-challenge"; |
370 | extraConfig = '' | 361 | extraConfig = '' |
371 | RewriteEngine on | 362 | RewriteEngine on |