aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--virtual/eldiron.nix55
1 files changed, 23 insertions, 32 deletions
diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix
index 51e2bb9..d88dd93 100644
--- a/virtual/eldiron.nix
+++ b/virtual/eldiron.nix
@@ -12,8 +12,6 @@
12 }; 12 };
13 in 13 in
14 { 14 {
15 # FIXME: they are not overriden in packages.nix
16 # (see nix-store -q --tree /nix/var/nix/profiles/system)
17 nixpkgs.config.packageOverrides = oldpkgs: rec { 15 nixpkgs.config.packageOverrides = oldpkgs: rec {
18 gitolite = nixpkgs_unstable.gitolite; 16 gitolite = nixpkgs_unstable.gitolite;
19 gitweb = oldpkgs.gitweb.overrideAttrs(old: { 17 gitweb = oldpkgs.gitweb.overrideAttrs(old: {
@@ -234,11 +232,13 @@
234 }; 232 };
235 233
236 services.httpd = let 234 services.httpd = let
237 withSSL = domain: { 235 withConf = domain: {
238 enableSSL = true; 236 enableSSL = true;
239 sslServerCert = "/var/lib/acme/${domain}/cert.pem"; 237 sslServerCert = "/var/lib/acme/${domain}/cert.pem";
240 sslServerKey = "/var/lib/acme/${domain}/key.pem"; 238 sslServerKey = "/var/lib/acme/${domain}/key.pem";
241 sslServerChain = "/var/lib/acme/${domain}/fullchain.pem"; 239 sslServerChain = "/var/lib/acme/${domain}/fullchain.pem";
240 logFormat = "combinedVhost";
241 listen = [ { ip = "*"; port = 443; } ];
242 }; 242 };
243 apacheConfig = { 243 apacheConfig = {
244 gzip = { 244 gzip = {
@@ -270,29 +270,25 @@
270 </Macro> 270 </Macro>
271 ''; 271 '';
272 }; 272 };
273 http2 = {
274 modules = [ "http2" ];
275 extraConfig = ''
276 Protocols h2 http/1.1
277 '';
278 };
279 customLog = {
280 modules = [];
281 extraConfig = ''
282 LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %p" combinedVhost
283 '';
284 };
273 }; 285 };
274 in rec { 286 in rec {
275 enable = true; 287 enable = true;
276 logPerVirtualHost = true; 288 logPerVirtualHost = true;
277 multiProcessingModule = "worker"; 289 multiProcessingModule = "worker";
278 adminAddr = "httpd@immae.eu"; 290 adminAddr = "httpd@immae.eu";
279 # FIXME: http2 291 logFormat = "combinedVhost";
280 # FIXME: voir les autres modules:
281 # authz_core_module
282 # reqtimeout_module
283 # http2_module
284 # version_module
285 # proxy_connect_module
286 # proxy_ftp_module
287 # proxy_scgi_module
288 # proxy_ajp_module
289 # proxy_balancer_module
290 # proxy_express_module
291 # lbmethod_byrequests_module
292 # lbmethod_bytraffic_module
293 # lbmethod_bybusyness_module
294 # lbmethod_heartbeat_module
295
296 extraModules = pkgs.lib.lists.unique ( 292 extraModules = pkgs.lib.lists.unique (
297 mypkgs.adminer.apache.modules ++ 293 mypkgs.adminer.apache.modules ++
298 mypkgs.nextcloud.apache.modules ++ 294 mypkgs.nextcloud.apache.modules ++
@@ -306,24 +302,21 @@
306 extraConfig = builtins.concatStringsSep "\n" 302 extraConfig = builtins.concatStringsSep "\n"
307 (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig) apacheConfig); 303 (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig) apacheConfig);
308 virtualHosts = [ 304 virtualHosts = [
309 (withSSL "eldiron" // { 305 (withConf "eldiron" // {
310 listen = [ { ip = "*"; port = 443; } ];
311 hostName = "eldiron.immae.eu"; 306 hostName = "eldiron.immae.eu";
312 documentRoot = ./www; 307 documentRoot = ./www;
313 extraConfig = '' 308 extraConfig = ''
314 DirectoryIndex index.htm 309 DirectoryIndex index.htm
315 ''; 310 '';
316 }) 311 })
317 (withSSL "eldiron" // { 312 (withConf "eldiron" // {
318 listen = [ { ip = "*"; port = 443; } ];
319 hostName = "db-1.immae.eu"; 313 hostName = "db-1.immae.eu";
320 documentRoot = null; 314 documentRoot = null;
321 extraConfig = builtins.concatStringsSep "\n" [ 315 extraConfig = builtins.concatStringsSep "\n" [
322 mypkgs.adminer.apache.vhostConf 316 mypkgs.adminer.apache.vhostConf
323 ]; 317 ];
324 }) 318 })
325 (withSSL "eldiron" // { 319 (withConf "eldiron" // {
326 listen = [ { ip = "*"; port = 443; } ];
327 hostName = "tools.immae.eu"; 320 hostName = "tools.immae.eu";
328 documentRoot = null; 321 documentRoot = null;
329 extraConfig = builtins.concatStringsSep "\n" [ 322 extraConfig = builtins.concatStringsSep "\n" [
@@ -331,8 +324,7 @@
331 mypkgs.ympd.apache.vhostConf 324 mypkgs.ympd.apache.vhostConf
332 ]; 325 ];
333 }) 326 })
334 (withSSL "eldiron" // { 327 (withConf "eldiron" // {
335 listen = [ { ip = "*"; port = 443; } ];
336 hostName = "connexionswing.immae.eu"; 328 hostName = "connexionswing.immae.eu";
337 serverAliases = [ "sandetludo.immae.eu" ]; 329 serverAliases = [ "sandetludo.immae.eu" ];
338 documentRoot = mypkgs.connexionswing_dev.webRoot; 330 documentRoot = mypkgs.connexionswing_dev.webRoot;
@@ -340,16 +332,14 @@
340 mypkgs.connexionswing_dev.apache.vhostConf 332 mypkgs.connexionswing_dev.apache.vhostConf
341 ]; 333 ];
342 }) 334 })
343 (withSSL "eldiron" // { 335 (withConf "eldiron" // {
344 listen = [ { ip = "*"; port = 443; } ];
345 hostName = "cloud.immae.eu"; 336 hostName = "cloud.immae.eu";
346 documentRoot = mypkgs.nextcloud.webRoot; 337 documentRoot = mypkgs.nextcloud.webRoot;
347 extraConfig = builtins.concatStringsSep "\n" [ 338 extraConfig = builtins.concatStringsSep "\n" [
348 mypkgs.nextcloud.apache.vhostConf 339 mypkgs.nextcloud.apache.vhostConf
349 ]; 340 ];
350 }) 341 })
351 (withSSL "eldiron" // { 342 (withConf "eldiron" // {
352 listen = [ { ip = "*"; port = 443; } ];
353 hostName = "git.immae.eu"; 343 hostName = "git.immae.eu";
354 documentRoot = mypkgs.git.web.webRoot; 344 documentRoot = mypkgs.git.web.webRoot;
355 extraConfig = builtins.concatStringsSep "\n" [ 345 extraConfig = builtins.concatStringsSep "\n" [
@@ -366,6 +356,7 @@
366 hostName = "redirectSSL"; 356 hostName = "redirectSSL";
367 serverAliases = [ "*" ]; 357 serverAliases = [ "*" ];
368 enableSSL = false; 358 enableSSL = false;
359 logFormat = "combinedVhost";
369 documentRoot = "/var/lib/acme/acme-challenge"; 360 documentRoot = "/var/lib/acme/acme-challenge";
370 extraConfig = '' 361 extraConfig = ''
371 RewriteEngine on 362 RewriteEngine on