aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--virtual/eldiron.nix110
-rw-r--r--virtual/modules/gitolite.nix21
-rw-r--r--virtual/modules/gitweb/default.nix (renamed from virtual/modules/gitweb.nix)11
-rw-r--r--virtual/modules/gitweb/gitweb.nix (renamed from virtual/packages/gitweb.nix)4
-rw-r--r--virtual/modules/websites/default.nix90
-rw-r--r--virtual/packages.nix3
-rw-r--r--virtual/packages/adminer.nix2
-rw-r--r--virtual/packages/gitweb.conf24
8 files changed, 119 insertions, 146 deletions
diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix
index c9075cf..cefef70 100644
--- a/virtual/eldiron.nix
+++ b/virtual/eldiron.nix
@@ -29,7 +29,7 @@
29 imports = [ 29 imports = [
30 ./modules/certificates.nix 30 ./modules/certificates.nix
31 ./modules/gitolite.nix 31 ./modules/gitolite.nix
32 ./modules/gitweb.nix 32 ./modules/gitweb
33 ./modules/databases.nix 33 ./modules/databases.nix
34 ./modules/websites 34 ./modules/websites
35 ./modules/websites/phpfpm 35 ./modules/websites/phpfpm
@@ -155,114 +155,6 @@
155 source = ldap_authorized_keys; 155 source = ldap_authorized_keys;
156 }; 156 };
157 157
158 services.gitDaemon = {
159 enable = true;
160 user = "gitolite";
161 group = "gitolite";
162 basePath = "${mypkgs.git.web.varDir}/repositories";
163 };
164
165 # FIXME: logrotate
166 services.httpd = let
167 withConf = domain: {
168 enableSSL = true;
169 sslServerCert = "/var/lib/acme/${domain}/cert.pem";
170 sslServerKey = "/var/lib/acme/${domain}/key.pem";
171 sslServerChain = "/var/lib/acme/${domain}/fullchain.pem";
172 logFormat = "combinedVhost";
173 listen = [
174 { ip = "176.9.151.89"; port = 443; }
175 ];
176 };
177 apacheConfig = config.services.myWebsites.apacheConfig;
178 in rec {
179 enable = true;
180 logPerVirtualHost = true;
181 multiProcessingModule = "worker";
182 adminAddr = "httpd@immae.eu";
183 logFormat = "combinedVhost";
184 extraModules = pkgs.lib.lists.unique (
185 mypkgs.adminer.apache.modules ++
186 mypkgs.nextcloud.apache.modules ++
187 mypkgs.ympd.apache.modules ++
188 mypkgs.git.web.apache.modules ++
189 mypkgs.mantisbt.apache.modules ++
190 mypkgs.ttrss.apache.modules ++
191 mypkgs.roundcubemail.apache.modules ++
192 pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) apacheConfig));
193 extraConfig = builtins.concatStringsSep "\n"
194 (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) apacheConfig));
195 virtualHosts = [
196 (withConf "eldiron" // {
197 hostName = "eldiron.immae.eu";
198 documentRoot = ./www;
199 extraConfig = ''
200 DirectoryIndex index.htm
201 '';
202 })
203 (withConf "eldiron" // {
204 hostName = "db-1.immae.eu";
205 documentRoot = null;
206 extraConfig = builtins.concatStringsSep "\n" [
207 mypkgs.adminer.apache.vhostConf
208 ];
209 })
210 (withConf "eldiron" // {
211 hostName = "tools.immae.eu";
212 documentRoot = null;
213 extraConfig = builtins.concatStringsSep "\n" [
214 mypkgs.adminer.apache.vhostConf
215 mypkgs.ympd.apache.vhostConf
216 mypkgs.ttrss.apache.vhostConf
217 mypkgs.roundcubemail.apache.vhostConf
218 ];
219 })
220 (withConf "eldiron" // {
221 hostName = "dav.immae.eu";
222 documentRoot = null;
223 extraConfig = builtins.concatStringsSep "\n" [
224 mypkgs.infcloud.apache.vhostConf
225 mypkgs.davical.apache.vhostConf
226 ];
227 })
228 (withConf "eldiron" // {
229 hostName = "cloud.immae.eu";
230 documentRoot = mypkgs.nextcloud.webRoot;
231 extraConfig = builtins.concatStringsSep "\n" [
232 mypkgs.nextcloud.apache.vhostConf
233 ];
234 })
235 (withConf "eldiron" // {
236 hostName = "git.immae.eu";
237 documentRoot = mypkgs.git.web.webRoot;
238 extraConfig = builtins.concatStringsSep "\n" [
239 mypkgs.git.web.apache.vhostConf
240 mypkgs.mantisbt.apache.vhostConf
241 ] + ''
242 RewriteEngine on
243 RewriteCond %{REQUEST_URI} ^/releases
244 RewriteRule /releases(.*) https://release.immae.eu$1 [P,L]
245 '';
246 })
247 { # Should go last, default fallback
248 listen = [ { ip = "*"; port = 80; } ];
249 hostName = "redirectSSL";
250 serverAliases = [ "*" ];
251 enableSSL = false;
252 logFormat = "combinedVhost";
253 documentRoot = "/var/lib/acme/acme-challenge";
254 extraConfig = ''
255 RewriteEngine on
256 RewriteCond "%{REQUEST_URI}" "!^/\.well-known"
257 RewriteRule ^(.+) https://%{HTTP_HOST}$1 [R=301]
258 # To redirect in specific "VirtualHost *:80", do
259 # RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://host/$1
260 # rather than rewrite
261 '';
262 }
263 ];
264 };
265
266 systemd.services.tt-rss = { 158 systemd.services.tt-rss = {
267 description = "Tiny Tiny RSS feeds update daemon"; 159 description = "Tiny Tiny RSS feeds update daemon";
268 serviceConfig = { 160 serviceConfig = {
diff --git a/virtual/modules/gitolite.nix b/virtual/modules/gitolite.nix
index 85c7be1..d6b9c79 100644
--- a/virtual/modules/gitolite.nix
+++ b/virtual/modules/gitolite.nix
@@ -4,6 +4,10 @@ let
4in { 4in {
5 options.services.myGitolite = { 5 options.services.myGitolite = {
6 enable = lib.mkEnableOption "my gitolite service"; 6 enable = lib.mkEnableOption "my gitolite service";
7 gitoliteDir = lib.mkOption {
8 type = lib.types.string;
9 default = "/var/lib/gitolite";
10 };
7 }; 11 };
8 12
9 config = lib.mkIf cfg.enable { 13 config = lib.mkIf cfg.enable {
@@ -20,6 +24,13 @@ in {
20 }); 24 });
21 }; 25 };
22 26
27 services.gitDaemon = {
28 enable = true;
29 user = "gitolite";
30 group = "gitolite";
31 basePath = "${cfg.gitoliteDir}/repositories";
32 };
33
23 system.activationScripts.gitolite = 34 system.activationScripts.gitolite =
24 assert mylibs.checkEnv "NIXOPS_GITOLITE_LDAP_PASSWORD"; 35 assert mylibs.checkEnv "NIXOPS_GITOLITE_LDAP_PASSWORD";
25 let 36 let
@@ -34,12 +45,12 @@ in {
34 in { 45 in {
35 deps = [ "users" ]; 46 deps = [ "users" ];
36 text = '' 47 text = ''
37 if [ -d /var/lib/gitolite ]; then 48 if [ -d ${cfg.gitoliteDir} ]; then
38 ln -sf ${gitolite_ldap_groups} /var/lib/gitolite/gitolite_ldap_groups.sh 49 ln -sf ${gitolite_ldap_groups} ${cfg.gitoliteDir}/gitolite_ldap_groups.sh
39 chmod g+rx /var/lib/gitolite 50 chmod g+rx ${cfg.gitoliteDir}
40 fi 51 fi
41 if [ -f /var/lib/gitolite/projects.list ]; then 52 if [ -f ${cfg.gitoliteDir}/projects.list ]; then
42 chmod g+r /var/lib/gitolite/projects.list 53 chmod g+r ${cfg.gitoliteDir}/projects.list
43 fi 54 fi
44 ''; 55 '';
45 }; 56 };
diff --git a/virtual/modules/gitweb.nix b/virtual/modules/gitweb/default.nix
index f3ef1bd..2a860ba 100644
--- a/virtual/modules/gitweb.nix
+++ b/virtual/modules/gitweb/default.nix
@@ -1,5 +1,7 @@
1{ lib, pkgs, config, mylibs, ... }: 1{ lib, pkgs, config, mylibs, ... }:
2let 2let
3 # FIXME: add buildbot
4 gitweb = pkgs.callPackage ./gitweb.nix { gitoliteDir = config.services.myGitolite.gitoliteDir; };
3 cfg = config.services.myGitweb; 5 cfg = config.services.myGitweb;
4in { 6in {
5 options.services.myGitweb = { 7 options.services.myGitweb = {
@@ -12,10 +14,17 @@ in {
12 nixpkgs.config.packageOverrides = oldpkgs: rec { 14 nixpkgs.config.packageOverrides = oldpkgs: rec {
13 gitweb = oldpkgs.gitweb.overrideAttrs(old: { 15 gitweb = oldpkgs.gitweb.overrideAttrs(old: {
14 installPhase = old.installPhase + '' 16 installPhase = old.installPhase + ''
15 cp -r ${./gitweb/theme} $out/gitweb-theme; 17 cp -r ${./theme} $out/gitweb-theme;
16 ''; 18 '';
17 }); 19 });
18 }; 20 };
19 21
22 services.myWebsites.tools.modules = gitweb.apache.modules;
23 services.myWebsites.tools.vhostConfs.git = {
24 certName = "eldiron";
25 hosts = ["git.immae.eu" ];
26 root = gitweb.webRoot;
27 extraConfig = [ gitweb.apache.vhostConf ];
28 };
20 }; 29 };
21} 30}
diff --git a/virtual/packages/gitweb.nix b/virtual/modules/gitweb/gitweb.nix
index 1c2430a..7b4dcac 100644
--- a/virtual/packages/gitweb.nix
+++ b/virtual/modules/gitweb/gitweb.nix
@@ -1,6 +1,6 @@
1{ gitweb, writeText, gitolite, git }: 1{ gitweb, writeText, gitolite, git, gitoliteDir }:
2rec { 2rec {
3 varDir = "/var/lib/gitolite"; 3 varDir = gitoliteDir;
4 webRoot = gitweb; 4 webRoot = gitweb;
5 config = writeText "gitweb.conf" '' 5 config = writeText "gitweb.conf" ''
6 $git_temp = "/tmp"; 6 $git_temp = "/tmp";
diff --git a/virtual/modules/websites/default.nix b/virtual/modules/websites/default.nix
index a9e62a5..b027b81 100644
--- a/virtual/modules/websites/default.nix
+++ b/virtual/modules/websites/default.nix
@@ -1,5 +1,8 @@
1{ lib, pkgs, config, mylibs, myconfig, ... }: 1{ lib, pkgs, config, mylibs, myconfig, ... }:
2let 2let
3 mypkgs = pkgs.callPackage ../../packages.nix {
4 inherit (mylibs) checkEnv fetchedGit fetchedGithub;
5 };
3 cfg = config.services.myWebsites; 6 cfg = config.services.myWebsites;
4 makeService = name: cfg: let 7 makeService = name: cfg: let
5 toVhost = vhostConf: { 8 toVhost = vhostConf: {
@@ -16,6 +19,28 @@ let
16 documentRoot = vhostConf.root; 19 documentRoot = vhostConf.root;
17 extraConfig = builtins.concatStringsSep "\n" vhostConf.extraConfig; 20 extraConfig = builtins.concatStringsSep "\n" vhostConf.extraConfig;
18 }; 21 };
22 redirectVhost = { # Should go last, catchall http -> https redirect
23 listen = [ { ip = cfg.ip; port = 80; } ];
24 hostName = "redirectSSL";
25 serverAliases = [ "*" ];
26 enableSSL = false;
27 logFormat = "combinedVhost";
28 documentRoot = "/var/lib/acme/acme-challenge";
29 extraConfig = ''
30 RewriteEngine on
31 RewriteCond "%{REQUEST_URI}" "!^/\.well-known"
32 RewriteRule ^(.+) https://%{HTTP_HOST}$1 [R=301]
33 # To redirect in specific "VirtualHost *:80", do
34 # RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://host/$1
35 # rather than rewrite
36 '';
37 };
38 fallbackVhost = toVhost { # Should go first, default choice
39 certName = "eldiron";
40 hosts = ["eldiron.immae.eu" ];
41 root = ../../www;
42 extraConfig = [ "DirectoryIndex index.htm" ];
43 };
19 in rec { 44 in rec {
20 enable = true; 45 enable = true;
21 listen = [ 46 listen = [
@@ -28,7 +53,9 @@ let
28 logFormat = "combinedVhost"; 53 logFormat = "combinedVhost";
29 extraModules = pkgs.lib.lists.unique (pkgs.lib.lists.flatten cfg.modules); 54 extraModules = pkgs.lib.lists.unique (pkgs.lib.lists.flatten cfg.modules);
30 extraConfig = builtins.concatStringsSep "\n" cfg.extraConfig; 55 extraConfig = builtins.concatStringsSep "\n" cfg.extraConfig;
31 virtualHosts = pkgs.lib.attrsets.mapAttrsToList (n: v: toVhost v) cfg.vhostConfs; 56 virtualHosts = [ fallbackVhost ]
57 ++ (pkgs.lib.attrsets.mapAttrsToList (n: v: toVhost v) cfg.vhostConfs)
58 ++ [ redirectVhost ];
32 }; 59 };
33 makeServiceOptions = name: ip: { 60 makeServiceOptions = name: ip: {
34 enable = lib.mkEnableOption "enable websites in ${name}"; 61 enable = lib.mkEnableOption "enable websites in ${name}";
@@ -74,6 +101,7 @@ in
74 options.services.myWebsites = { 101 options.services.myWebsites = {
75 production = makeServiceOptions "production" myconfig.ips.production; 102 production = makeServiceOptions "production" myconfig.ips.production;
76 integration = makeServiceOptions "integration" myconfig.ips.integration; 103 integration = makeServiceOptions "integration" myconfig.ips.integration;
104 tools = makeServiceOptions "tools" myconfig.ips.main;
77 105
78 apacheConfig = lib.mkOption { 106 apacheConfig = lib.mkOption {
79 type = lib.types.attrsOf (lib.types.submodule { 107 type = lib.types.attrsOf (lib.types.submodule {
@@ -208,5 +236,65 @@ in
208 services.httpdInte = makeService "integration" config.services.myWebsites.integration; 236 services.httpdInte = makeService "integration" config.services.myWebsites.integration;
209 services.myWebsites.integration.modules = pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig); 237 services.myWebsites.integration.modules = pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig);
210 services.myWebsites.integration.extraConfig = (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig)); 238 services.myWebsites.integration.extraConfig = (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig));
239
240 services.httpd = makeService "tools" config.services.myWebsites.tools;
241 services.myWebsites.tools.modules =
242 mypkgs.adminer.apache.modules ++
243 mypkgs.nextcloud.apache.modules ++
244 mypkgs.ympd.apache.modules ++
245 mypkgs.mantisbt.apache.modules ++
246 mypkgs.ttrss.apache.modules ++
247 mypkgs.roundcubemail.apache.modules ++
248 pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig);
249 services.myWebsites.tools.extraConfig = (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig));
250 # FIXME: move them all to separate modules
251 services.myWebsites.tools.vhostConfs.eldiron = {
252 certName = "eldiron";
253 hosts = ["eldiron.immae.eu" ];
254 root = ../../www;
255 extraConfig = [ "DirectoryIndex index.htm" ];
256 };
257 services.myWebsites.tools.vhostConfs.db-1 = {
258 certName = "eldiron";
259 hosts = ["db-1.immae.eu" ];
260 root = null;
261 extraConfig = [ mypkgs.adminer.apache.vhostConf ];
262 };
263 services.myWebsites.tools.vhostConfs.tools = {
264 certName = "eldiron";
265 hosts = ["tools.immae.eu" ];
266 root = null;
267 extraConfig = [
268 mypkgs.adminer.apache.vhostConf
269 mypkgs.ympd.apache.vhostConf
270 mypkgs.ttrss.apache.vhostConf
271 mypkgs.roundcubemail.apache.vhostConf
272 ];
273 };
274 services.myWebsites.tools.vhostConfs.dav = {
275 certName = "eldiron";
276 hosts = ["dav.immae.eu" ];
277 root = null;
278 extraConfig = [
279 mypkgs.infcloud.apache.vhostConf
280 mypkgs.davical.apache.vhostConf
281 ];
282 };
283 services.myWebsites.tools.vhostConfs.cloud = {
284 certName = "eldiron";
285 hosts = ["cloud.immae.eu" ];
286 root = mypkgs.nextcloud.webRoot;
287 extraConfig = [
288 mypkgs.nextcloud.apache.vhostConf
289 ];
290 };
291 services.myWebsites.tools.vhostConfs.git.extraConfig = [
292 mypkgs.mantisbt.apache.vhostConf
293 ''
294 RewriteEngine on
295 RewriteCond %{REQUEST_URI} ^/releases
296 RewriteRule /releases(.*) https://release.immae.eu$1 [P,L]
297 ''
298 ];
211 }; 299 };
212} 300}
diff --git a/virtual/packages.nix b/virtual/packages.nix
index fa1b666..1f01ba7 100644
--- a/virtual/packages.nix
+++ b/virtual/packages.nix
@@ -3,7 +3,6 @@ let
3 nextcloud = callPackage ./packages/nextcloud.nix { inherit checkEnv; }; 3 nextcloud = callPackage ./packages/nextcloud.nix { inherit checkEnv; };
4 adminer = callPackage ./packages/adminer.nix {}; 4 adminer = callPackage ./packages/adminer.nix {};
5 ympd = callPackage ./packages/ympd.nix {}; 5 ympd = callPackage ./packages/ympd.nix {};
6 gitweb = callPackage ./packages/gitweb.nix {};
7 mantisbt = callPackage ./packages/mantisbt.nix { inherit checkEnv fetchedGithub; }; 6 mantisbt = callPackage ./packages/mantisbt.nix { inherit checkEnv fetchedGithub; };
8 ttrss = callPackage ./packages/ttrss.nix { inherit checkEnv fetchedGithub fetchedGit; }; 7 ttrss = callPackage ./packages/ttrss.nix { inherit checkEnv fetchedGithub fetchedGit; };
9 roundcubemail = callPackage ./packages/roundcubemail.nix { inherit checkEnv; }; 8 roundcubemail = callPackage ./packages/roundcubemail.nix { inherit checkEnv; };
@@ -19,6 +18,4 @@ in
19 inherit roundcubemail; 18 inherit roundcubemail;
20 inherit infcloud; 19 inherit infcloud;
21 inherit davical; 20 inherit davical;
22 # FIXME: add buildbot
23 git = { web = gitweb; };
24 } 21 }
diff --git a/virtual/packages/adminer.nix b/virtual/packages/adminer.nix
index d2800aa..7094e45 100644
--- a/virtual/packages/adminer.nix
+++ b/virtual/packages/adminer.nix
@@ -39,7 +39,7 @@ let
39 vhostConf = '' 39 vhostConf = ''
40 Alias /adminer ${webRoot} 40 Alias /adminer ${webRoot}
41 <Directory ${webRoot}> 41 <Directory ${webRoot}>
42 DirectoryIndex = index.php 42 DirectoryIndex index.php
43 <FilesMatch "\.php$"> 43 <FilesMatch "\.php$">
44 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 44 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
45 </FilesMatch> 45 </FilesMatch>
diff --git a/virtual/packages/gitweb.conf b/virtual/packages/gitweb.conf
deleted file mode 100644
index 0d5f50d..0000000
--- a/virtual/packages/gitweb.conf
+++ /dev/null
@@ -1,24 +0,0 @@
1$git_temp = "/tmp";
2
3# The directories where your projects are. Must not end with a slash.
4$projectroot = "/srv/git/repositories";
5
6$projects_list = "/srv/git/projects.list";
7$strict_export = "true";
8
9# Base URLs for links displayed in the web interface.
10our @git_base_url_list = qw(ssh://gitolite@git.immae.eu https://git.immae.eu);
11
12$feature{'blame'}{'default'} = [1];
13$feature{'avatar'}{'default'} = ['gravatar'];
14$feature{'highlight'}{'default'} = [1];
15
16@stylesheets = ("gitweb-theme/gitweb.css");
17$logo = "gitweb-theme/git-logo.png";
18$favicon = "gitweb-theme/git-favicon.png";
19
20$javascript = "gitweb-theme/gitweb.js";
21$logo_url = "https://git.immae.eu/";
22$projects_list_group_categories = "true";
23$projects_list_description_width = 60;
24$project_list_default_category = "__Others__";