diff options
37 files changed, 367 insertions, 290 deletions
@@ -77,4 +77,4 @@ rec { | |||
77 | } | 77 | } |
78 | ''; | 78 | ''; |
79 | 79 | ||
80 | } | 80 | } // (if builtins.pathExists ./lib/private then import ./lib/private else {}) |
diff --git a/modules/default.nix b/modules/default.nix index 6c49160..acb0bb5 100644 --- a/modules/default.nix +++ b/modules/default.nix | |||
@@ -8,4 +8,6 @@ | |||
8 | mastodon = ./webapps/mastodon.nix; | 8 | mastodon = ./webapps/mastodon.nix; |
9 | mediagoblin = ./webapps/mediagoblin.nix; | 9 | mediagoblin = ./webapps/mediagoblin.nix; |
10 | peertube = ./webapps/peertube.nix; | 10 | peertube = ./webapps/peertube.nix; |
11 | |||
12 | websites = ./websites; | ||
11 | } // (if builtins.pathExists ./private then import ./private else {}) | 13 | } // (if builtins.pathExists ./private then import ./private else {}) |
diff --git a/modules/private/default.nix b/modules/private/default.nix index ba46374..6c71af3 100644 --- a/modules/private/default.nix +++ b/modules/private/default.nix | |||
@@ -1,6 +1,6 @@ | |||
1 | { | 1 | { |
2 | # adatped from nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix | 2 | # adatped from nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix |
3 | httpdProd = import ./httpd-service-builder.nix { httpdName = "Prod"; withUsers = false; }; | ||
4 | httpdInte = import ./httpd-service-builder.nix { httpdName = "Inte"; withUsers = false; }; | 3 | httpdInte = import ./httpd-service-builder.nix { httpdName = "Inte"; withUsers = false; }; |
4 | httpdProd = import ./httpd-service-builder.nix { httpdName = "Prod"; withUsers = false; }; | ||
5 | httpdTools = import ./httpd-service-builder.nix { httpdName = "Tools"; withUsers = true; }; | 5 | httpdTools = import ./httpd-service-builder.nix { httpdName = "Tools"; withUsers = true; }; |
6 | } | 6 | } |
diff --git a/modules/private/httpd-service-builder.nix b/modules/private/httpd-service-builder.nix index 0f0fe22..d049202 100644 --- a/modules/private/httpd-service-builder.nix +++ b/modules/private/httpd-service-builder.nix | |||
@@ -7,7 +7,7 @@ with lib; | |||
7 | 7 | ||
8 | let | 8 | let |
9 | 9 | ||
10 | mainCfg = config.services."httpd${httpdName}"; | 10 | mainCfg = config.services.httpd."${httpdName}"; |
11 | 11 | ||
12 | httpd = mainCfg.package.out; | 12 | httpd = mainCfg.package.out; |
13 | 13 | ||
@@ -438,7 +438,7 @@ in | |||
438 | 438 | ||
439 | options = { | 439 | options = { |
440 | 440 | ||
441 | services."httpd${httpdName}" = { | 441 | services.httpd."${httpdName}" = { |
442 | 442 | ||
443 | enable = mkOption { | 443 | enable = mkOption { |
444 | type = types.bool; | 444 | type = types.bool; |
@@ -655,7 +655,7 @@ in | |||
655 | 655 | ||
656 | ###### implementation | 656 | ###### implementation |
657 | 657 | ||
658 | config = mkIf config.services."httpd${httpdName}".enable { | 658 | config = mkIf config.services.httpd."${httpdName}".enable { |
659 | 659 | ||
660 | assertions = [ { assertion = mainCfg.enableSSL == true | 660 | assertions = [ { assertion = mainCfg.enableSSL == true |
661 | -> mainCfg.sslServerCert != null | 661 | -> mainCfg.sslServerCert != null |
@@ -679,7 +679,7 @@ in | |||
679 | 679 | ||
680 | environment.systemPackages = [httpd] ++ concatMap (svc: svc.extraPath) allSubservices; | 680 | environment.systemPackages = [httpd] ++ concatMap (svc: svc.extraPath) allSubservices; |
681 | 681 | ||
682 | services."httpd${httpdName}".phpOptions = | 682 | services.httpd."${httpdName}".phpOptions = |
683 | '' | 683 | '' |
684 | ; Needed for PHP's mail() function. | 684 | ; Needed for PHP's mail() function. |
685 | sendmail_path = sendmail -t -i | 685 | sendmail_path = sendmail -t -i |
diff --git a/modules/websites/default.nix b/modules/websites/default.nix new file mode 100644 index 0000000..6a18c8a --- /dev/null +++ b/modules/websites/default.nix | |||
@@ -0,0 +1,148 @@ | |||
1 | { lib, config, ... }: with lib; | ||
2 | let | ||
3 | cfg = config.services.websites; | ||
4 | in | ||
5 | { | ||
6 | options.services.websites = with types; mkOption { | ||
7 | default = {}; | ||
8 | description = "Each type of website to enable will target a distinct httpd server"; | ||
9 | type = attrsOf (submodule { | ||
10 | options = { | ||
11 | enable = mkEnableOption "Enable websites of this type"; | ||
12 | adminAddr = mkOption { | ||
13 | type = str; | ||
14 | description = "Admin e-mail address of the instance"; | ||
15 | }; | ||
16 | httpdName = mkOption { | ||
17 | type = str; | ||
18 | description = "Name of the httpd instance to assign this type to"; | ||
19 | }; | ||
20 | ips = mkOption { | ||
21 | type = listOf string; | ||
22 | default = []; | ||
23 | description = "ips to listen to"; | ||
24 | }; | ||
25 | modules = mkOption { | ||
26 | type = listOf str; | ||
27 | default = []; | ||
28 | description = "Additional modules to load in Apache"; | ||
29 | }; | ||
30 | extraConfig = mkOption { | ||
31 | type = listOf lines; | ||
32 | default = []; | ||
33 | description = "Additional configuration to append to Apache"; | ||
34 | }; | ||
35 | nosslVhost = mkOption { | ||
36 | description = "A default nossl vhost for captive portals"; | ||
37 | default = {}; | ||
38 | type = submodule { | ||
39 | options = { | ||
40 | enable = mkEnableOption "Add default no-ssl vhost for this instance"; | ||
41 | host = mkOption { | ||
42 | type = string; | ||
43 | description = "The hostname to use for this vhost"; | ||
44 | }; | ||
45 | root = mkOption { | ||
46 | type = path; | ||
47 | default = ./nosslVhost; | ||
48 | description = "The root folder to serve"; | ||
49 | }; | ||
50 | indexFile = mkOption { | ||
51 | type = string; | ||
52 | default = "index.html"; | ||
53 | description = "The index file to show."; | ||
54 | }; | ||
55 | }; | ||
56 | }; | ||
57 | }; | ||
58 | fallbackVhost = mkOption { | ||
59 | description = "The fallback vhost that will be defined as first vhost in Apache"; | ||
60 | type = submodule { | ||
61 | options = { | ||
62 | certName = mkOption { type = string; }; | ||
63 | hosts = mkOption { type = listOf string; }; | ||
64 | root = mkOption { type = nullOr path; }; | ||
65 | extraConfig = mkOption { type = listOf lines; default = []; }; | ||
66 | }; | ||
67 | }; | ||
68 | }; | ||
69 | vhostConfs = mkOption { | ||
70 | default = {}; | ||
71 | description = "List of vhosts to define for Apache"; | ||
72 | type = attrsOf (submodule { | ||
73 | options = { | ||
74 | certName = mkOption { type = string; }; | ||
75 | hosts = mkOption { type = listOf string; }; | ||
76 | root = mkOption { type = nullOr path; }; | ||
77 | extraConfig = mkOption { type = listOf lines; default = []; }; | ||
78 | }; | ||
79 | }); | ||
80 | }; | ||
81 | }; | ||
82 | }); | ||
83 | }; | ||
84 | |||
85 | config.services.httpd = let | ||
86 | redirectVhost = ips: { # Should go last, catchall http -> https redirect | ||
87 | listen = map (ip: { inherit ip; port = 80; }) ips; | ||
88 | hostName = "redirectSSL"; | ||
89 | serverAliases = [ "*" ]; | ||
90 | enableSSL = false; | ||
91 | logFormat = "combinedVhost"; | ||
92 | documentRoot = "/var/lib/acme/acme-challenge"; | ||
93 | extraConfig = '' | ||
94 | RewriteEngine on | ||
95 | RewriteCond "%{REQUEST_URI}" "!^/\.well-known" | ||
96 | RewriteRule ^(.+) https://%{HTTP_HOST}$1 [R=301] | ||
97 | # To redirect in specific "VirtualHost *:80", do | ||
98 | # RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://host/$1 | ||
99 | # rather than rewrite | ||
100 | ''; | ||
101 | }; | ||
102 | nosslVhost = ips: cfg: { | ||
103 | listen = map (ip: { inherit ip; port = 80; }) ips; | ||
104 | hostName = cfg.host; | ||
105 | enableSSL = false; | ||
106 | logFormat = "combinedVhost"; | ||
107 | documentRoot = cfg.root; | ||
108 | extraConfig = '' | ||
109 | <Directory ${cfg.root}> | ||
110 | DirectoryIndex ${cfg.indexFile} | ||
111 | AllowOverride None | ||
112 | Require all granted | ||
113 | |||
114 | RewriteEngine on | ||
115 | RewriteRule ^/(.+) / [L] | ||
116 | </Directory> | ||
117 | ''; | ||
118 | }; | ||
119 | toVhost = ips: vhostConf: { | ||
120 | enableSSL = true; | ||
121 | sslServerCert = "/var/lib/acme/${vhostConf.certName}/cert.pem"; | ||
122 | sslServerKey = "/var/lib/acme/${vhostConf.certName}/key.pem"; | ||
123 | sslServerChain = "/var/lib/acme/${vhostConf.certName}/chain.pem"; | ||
124 | logFormat = "combinedVhost"; | ||
125 | listen = map (ip: { inherit ip; port = 443; }) ips; | ||
126 | hostName = builtins.head vhostConf.hosts; | ||
127 | serverAliases = builtins.tail vhostConf.hosts or []; | ||
128 | documentRoot = vhostConf.root; | ||
129 | extraConfig = builtins.concatStringsSep "\n" vhostConf.extraConfig; | ||
130 | }; | ||
131 | in attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair | ||
132 | icfg.httpdName (mkIf icfg.enable { | ||
133 | enable = true; | ||
134 | listen = map (ip: { inherit ip; port = 443; }) icfg.ips; | ||
135 | stateDir = "/run/httpd_${name}"; | ||
136 | logPerVirtualHost = true; | ||
137 | multiProcessingModule = "worker"; | ||
138 | inherit (icfg) adminAddr; | ||
139 | logFormat = "combinedVhost"; | ||
140 | extraModules = lists.unique icfg.modules; | ||
141 | extraConfig = builtins.concatStringsSep "\n" icfg.extraConfig; | ||
142 | virtualHosts = [ (toVhost icfg.ips icfg.fallbackVhost) ] | ||
143 | ++ optionals (icfg.nosslVhost.enable) [ (nosslVhost icfg.ips icfg.nosslVhost) ] | ||
144 | ++ (attrsets.mapAttrsToList (n: v: toVhost icfg.ips v) icfg.vhostConfs) | ||
145 | ++ [ (redirectVhost icfg.ips) ]; | ||
146 | }) | ||
147 | ) cfg; | ||
148 | } | ||
diff --git a/modules/websites/nosslVhost/index.html b/modules/websites/nosslVhost/index.html new file mode 100644 index 0000000..4401a80 --- /dev/null +++ b/modules/websites/nosslVhost/index.html | |||
@@ -0,0 +1,11 @@ | |||
1 | <!DOCTYPE html> | ||
2 | <html> | ||
3 | <head> | ||
4 | <title>No SSL site</title> | ||
5 | </head> | ||
6 | <body> | ||
7 | <h1>No SSL on this site</h1> | ||
8 | <p>Use for wifi networks with login page that doesn't work well with | ||
9 | https.</p> | ||
10 | </body> | ||
11 | </html> | ||
diff --git a/nixops/eldiron.nix b/nixops/eldiron.nix index 7d97377..35ce181 100644 --- a/nixops/eldiron.nix +++ b/nixops/eldiron.nix | |||
@@ -48,9 +48,6 @@ | |||
48 | ] ++ (builtins.attrValues (import ../modules)); | 48 | ] ++ (builtins.attrValues (import ../modules)); |
49 | services.myGitolite.enable = true; | 49 | services.myGitolite.enable = true; |
50 | services.myDatabases.enable = true; | 50 | services.myDatabases.enable = true; |
51 | services.myWebsites.production.enable = true; | ||
52 | services.myWebsites.integration.enable = true; | ||
53 | services.myWebsites.tools.enable = true; | ||
54 | services.pure-ftpd.enable = true; | 51 | services.pure-ftpd.enable = true; |
55 | services.irc.enable = true; | 52 | services.irc.enable = true; |
56 | services.pub.enable = true; | 53 | services.pub.enable = true; |
diff --git a/nixops/modules/buildbot/default.nix b/nixops/modules/buildbot/default.nix index c812af9..89a0dea 100644 --- a/nixops/modules/buildbot/default.nix +++ b/nixops/modules/buildbot/default.nix | |||
@@ -37,7 +37,7 @@ in | |||
37 | extraGroups = [ "keys" ]; | 37 | extraGroups = [ "keys" ]; |
38 | }; | 38 | }; |
39 | 39 | ||
40 | services.myWebsites.tools.vhostConfs.git.extraConfig = lib.attrsets.mapAttrsToList (k: project: '' | 40 | services.websites.tools.vhostConfs.git.extraConfig = lib.attrsets.mapAttrsToList (k: project: '' |
41 | RedirectMatch permanent "^/buildbot/${project.name}$" "/buildbot/${project.name}/" | 41 | RedirectMatch permanent "^/buildbot/${project.name}$" "/buildbot/${project.name}/" |
42 | RewriteEngine On | 42 | RewriteEngine On |
43 | RewriteRule ^/buildbot/${project.name}/ws(.*)$ unix:///run/buildbot/${project.name}.sock|ws://git.immae.eu/ws$1 [P,NE,QSA,L] | 43 | RewriteRule ^/buildbot/${project.name}/ws(.*)$ unix:///run/buildbot/${project.name}.sock|ws://git.immae.eu/ws$1 [P,NE,QSA,L] |
diff --git a/nixops/modules/task/default.nix b/nixops/modules/task/default.nix index 8370608..feb3be8 100644 --- a/nixops/modules/task/default.nix +++ b/nixops/modules/task/default.nix | |||
@@ -102,8 +102,8 @@ in { | |||
102 | ''; | 102 | ''; |
103 | }]; | 103 | }]; |
104 | security.acme.certs."eldiron".extraDomains.${fqdn} = null; | 104 | security.acme.certs."eldiron".extraDomains.${fqdn} = null; |
105 | services.myWebsites.tools.modules = [ "proxy_fcgi" "sed" ]; | 105 | services.websites.tools.modules = [ "proxy_fcgi" "sed" ]; |
106 | services.myWebsites.tools.vhostConfs.task = { | 106 | services.websites.tools.vhostConfs.task = { |
107 | certName = "eldiron"; | 107 | certName = "eldiron"; |
108 | hosts = [ "task.immae.eu" ]; | 108 | hosts = [ "task.immae.eu" ]; |
109 | root = "/run/current-system/webapps/_task"; | 109 | root = "/run/current-system/webapps/_task"; |
diff --git a/nixops/modules/websites/aten/default.nix b/nixops/modules/websites/aten/default.nix index 70bb34b..fd002a5 100644 --- a/nixops/modules/websites/aten/default.nix +++ b/nixops/modules/websites/aten/default.nix | |||
@@ -40,9 +40,8 @@ in { | |||
40 | mkdir -p $out/webapps | 40 | mkdir -p $out/webapps |
41 | ln -s ${aten_prod.app.webRoot} $out/webapps/${aten_prod.apache.webappName} | 41 | ln -s ${aten_prod.app.webRoot} $out/webapps/${aten_prod.apache.webappName} |
42 | ''; | 42 | ''; |
43 | services.myWebsites.apacheConfig.aten_prod.modules = aten_prod.apache.modules; | 43 | services.websites.production.modules = aten_prod.apache.modules; |
44 | services.myWebsites.production.modules = aten_prod.apache.modules; | 44 | services.websites.production.vhostConfs.aten = { |
45 | services.myWebsites.production.vhostConfs.aten = { | ||
46 | certName = "aten"; | 45 | certName = "aten"; |
47 | hosts = [ "aten.pro" "www.aten.pro" ]; | 46 | hosts = [ "aten.pro" "www.aten.pro" ]; |
48 | root = aten_prod.apache.root; | 47 | root = aten_prod.apache.root; |
@@ -60,8 +59,8 @@ in { | |||
60 | mkdir -p $out/webapps | 59 | mkdir -p $out/webapps |
61 | ln -s ${aten_dev.app.webRoot} $out/webapps/${aten_dev.apache.webappName} | 60 | ln -s ${aten_dev.app.webRoot} $out/webapps/${aten_dev.apache.webappName} |
62 | ''; | 61 | ''; |
63 | services.myWebsites.integration.modules = aten_dev.apache.modules; | 62 | services.websites.integration.modules = aten_dev.apache.modules; |
64 | services.myWebsites.integration.vhostConfs.aten = { | 63 | services.websites.integration.vhostConfs.aten = { |
65 | certName = "eldiron"; | 64 | certName = "eldiron"; |
66 | hosts = [ "dev.aten.pro" ]; | 65 | hosts = [ "dev.aten.pro" ]; |
67 | root = aten_dev.apache.root; | 66 | root = aten_dev.apache.root; |
diff --git a/nixops/modules/websites/capitaines/default.nix b/nixops/modules/websites/capitaines/default.nix index 648cb1b..0d85266 100644 --- a/nixops/modules/websites/capitaines/default.nix +++ b/nixops/modules/websites/capitaines/default.nix | |||
@@ -22,7 +22,7 @@ in { | |||
22 | ln -s ${siteDir} $out/webapps/${webappName} | 22 | ln -s ${siteDir} $out/webapps/${webappName} |
23 | ''; | 23 | ''; |
24 | 24 | ||
25 | services.myWebsites.production.vhostConfs.capitaines_mastodon = { | 25 | services.websites.production.vhostConfs.capitaines_mastodon = { |
26 | certName = "capitaines"; | 26 | certName = "capitaines"; |
27 | hosts = [ "mastodon.capitaines.fr" ]; | 27 | hosts = [ "mastodon.capitaines.fr" ]; |
28 | root = root; | 28 | root = root; |
@@ -38,7 +38,7 @@ in { | |||
38 | ]; | 38 | ]; |
39 | }; | 39 | }; |
40 | 40 | ||
41 | services.myWebsites.production.vhostConfs.capitaines = { | 41 | services.websites.production.vhostConfs.capitaines = { |
42 | certName = "capitaines"; | 42 | certName = "capitaines"; |
43 | hosts = [ "capitaines.fr" ]; | 43 | hosts = [ "capitaines.fr" ]; |
44 | root = "/run/current-system/webapps/_www"; | 44 | root = "/run/current-system/webapps/_www"; |
diff --git a/nixops/modules/websites/chloe/default.nix b/nixops/modules/websites/chloe/default.nix index ce67bed..ba72d92 100644 --- a/nixops/modules/websites/chloe/default.nix +++ b/nixops/modules/websites/chloe/default.nix | |||
@@ -42,8 +42,8 @@ in { | |||
42 | mkdir -p $out/webapps | 42 | mkdir -p $out/webapps |
43 | ln -s ${chloe_prod.app.webRoot} $out/webapps/${chloe_prod.apache.webappName} | 43 | ln -s ${chloe_prod.app.webRoot} $out/webapps/${chloe_prod.apache.webappName} |
44 | ''; | 44 | ''; |
45 | services.myWebsites.production.modules = chloe_prod.apache.modules; | 45 | services.websites.production.modules = chloe_prod.apache.modules; |
46 | services.myWebsites.production.vhostConfs.chloe = { | 46 | services.websites.production.vhostConfs.chloe = { |
47 | certName = "chloe"; | 47 | certName = "chloe"; |
48 | hosts = ["osteopathe-cc.fr" "www.osteopathe-cc.fr" ]; | 48 | hosts = ["osteopathe-cc.fr" "www.osteopathe-cc.fr" ]; |
49 | root = chloe_prod.apache.root; | 49 | root = chloe_prod.apache.root; |
@@ -63,8 +63,8 @@ in { | |||
63 | mkdir -p $out/webapps | 63 | mkdir -p $out/webapps |
64 | ln -s ${chloe_dev.app.webRoot} $out/webapps/${chloe_dev.apache.webappName} | 64 | ln -s ${chloe_dev.app.webRoot} $out/webapps/${chloe_dev.apache.webappName} |
65 | ''; | 65 | ''; |
66 | services.myWebsites.integration.modules = chloe_dev.apache.modules; | 66 | services.websites.integration.modules = chloe_dev.apache.modules; |
67 | services.myWebsites.integration.vhostConfs.chloe = { | 67 | services.websites.integration.vhostConfs.chloe = { |
68 | certName = "eldiron"; | 68 | certName = "eldiron"; |
69 | hosts = ["chloe.immae.eu" ]; | 69 | hosts = ["chloe.immae.eu" ]; |
70 | root = chloe_dev.apache.root; | 70 | root = chloe_dev.apache.root; |
diff --git a/nixops/modules/websites/connexionswing/default.nix b/nixops/modules/websites/connexionswing/default.nix index b19af7e..3643e19 100644 --- a/nixops/modules/websites/connexionswing/default.nix +++ b/nixops/modules/websites/connexionswing/default.nix | |||
@@ -43,8 +43,8 @@ in { | |||
43 | mkdir -p $out/webapps | 43 | mkdir -p $out/webapps |
44 | ln -s ${connexionswing_prod.app.webRoot} $out/webapps/${connexionswing_prod.apache.webappName} | 44 | ln -s ${connexionswing_prod.app.webRoot} $out/webapps/${connexionswing_prod.apache.webappName} |
45 | ''; | 45 | ''; |
46 | services.myWebsites.production.modules = connexionswing_prod.apache.modules; | 46 | services.websites.production.modules = connexionswing_prod.apache.modules; |
47 | services.myWebsites.production.vhostConfs.connexionswing = { | 47 | services.websites.production.vhostConfs.connexionswing = { |
48 | certName = "connexionswing"; | 48 | certName = "connexionswing"; |
49 | hosts = ["connexionswing.com" "sandetludo.com" "www.connexionswing.com" "www.sandetludo.com" ]; | 49 | hosts = ["connexionswing.com" "sandetludo.com" "www.connexionswing.com" "www.sandetludo.com" ]; |
50 | root = connexionswing_prod.apache.root; | 50 | root = connexionswing_prod.apache.root; |
@@ -64,8 +64,8 @@ in { | |||
64 | mkdir -p $out/webapps | 64 | mkdir -p $out/webapps |
65 | ln -s ${connexionswing_dev.app.webRoot} $out/webapps/${connexionswing_dev.apache.webappName} | 65 | ln -s ${connexionswing_dev.app.webRoot} $out/webapps/${connexionswing_dev.apache.webappName} |
66 | ''; | 66 | ''; |
67 | services.myWebsites.integration.modules = connexionswing_dev.apache.modules; | 67 | services.websites.integration.modules = connexionswing_dev.apache.modules; |
68 | services.myWebsites.integration.vhostConfs.connexionswing = { | 68 | services.websites.integration.vhostConfs.connexionswing = { |
69 | certName = "eldiron"; | 69 | certName = "eldiron"; |
70 | hosts = ["connexionswing.immae.eu" "sandetludo.immae.eu" ]; | 70 | hosts = ["connexionswing.immae.eu" "sandetludo.immae.eu" ]; |
71 | root = connexionswing_dev.apache.root; | 71 | root = connexionswing_dev.apache.root; |
diff --git a/nixops/modules/websites/default.nix b/nixops/modules/websites/default.nix index 627d01a..5b839af 100644 --- a/nixops/modules/websites/default.nix +++ b/nixops/modules/websites/default.nix | |||
@@ -3,104 +3,66 @@ let | |||
3 | cfg = config.services.myWebsites; | 3 | cfg = config.services.myWebsites; |
4 | www_root = "/run/current-system/webapps/_www"; | 4 | www_root = "/run/current-system/webapps/_www"; |
5 | theme_root = "/run/current-system/webapps/_theme"; | 5 | theme_root = "/run/current-system/webapps/_theme"; |
6 | makeService = name: cfg: let | 6 | apacheConfig = { |
7 | toVhost = vhostConf: { | 7 | gzip = { |
8 | enableSSL = true; | 8 | modules = [ "deflate" "filter" ]; |
9 | sslServerCert = "/var/lib/acme/${vhostConf.certName}/cert.pem"; | ||
10 | sslServerKey = "/var/lib/acme/${vhostConf.certName}/key.pem"; | ||
11 | sslServerChain = "/var/lib/acme/${vhostConf.certName}/chain.pem"; | ||
12 | logFormat = "combinedVhost"; | ||
13 | listen = map (ip: { inherit ip; port = 443; }) cfg.ips; | ||
14 | hostName = builtins.head vhostConf.hosts; | ||
15 | serverAliases = builtins.tail vhostConf.hosts or []; | ||
16 | documentRoot = vhostConf.root; | ||
17 | extraConfig = builtins.concatStringsSep "\n" vhostConf.extraConfig; | ||
18 | }; | ||
19 | nosslVhost = { | ||
20 | listen = map (ip: { inherit ip; port = 80; }) cfg.ips; | ||
21 | hostName = "nossl.immae.eu"; | ||
22 | enableSSL = false; | ||
23 | logFormat = "combinedVhost"; | ||
24 | documentRoot = www_root; | ||
25 | extraConfig = '' | 9 | extraConfig = '' |
26 | <Directory ${www_root}> | 10 | AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript |
27 | DirectoryIndex nossl.html | 11 | ''; |
28 | AllowOverride None | 12 | }; |
29 | Require all granted | 13 | macros = { |
30 | 14 | modules = [ "macro" ]; | |
31 | RewriteEngine on | ||
32 | RewriteRule ^/(.+) / [L] | ||
33 | </Directory> | ||
34 | ''; | ||
35 | }; | 15 | }; |
36 | redirectVhost = { # Should go last, catchall http -> https redirect | 16 | stats = { |
37 | listen = map (ip: { inherit ip; port = 80; }) cfg.ips; | ||
38 | hostName = "redirectSSL"; | ||
39 | serverAliases = [ "*" ]; | ||
40 | enableSSL = false; | ||
41 | logFormat = "combinedVhost"; | ||
42 | documentRoot = "/var/lib/acme/acme-challenge"; | ||
43 | extraConfig = '' | 17 | extraConfig = '' |
44 | RewriteEngine on | 18 | <Macro Stats %{domain}> |
45 | RewriteCond "%{REQUEST_URI}" "!^/\.well-known" | 19 | Alias /webstats ${config.services.webstats.dataDir}/%{domain} |
46 | RewriteRule ^(.+) https://%{HTTP_HOST}$1 [R=301] | 20 | <Directory ${config.services.webstats.dataDir}/%{domain}> |
47 | # To redirect in specific "VirtualHost *:80", do | 21 | DirectoryIndex index.html |
48 | # RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://host/$1 | 22 | AllowOverride None |
49 | # rather than rewrite | 23 | Require all granted |
24 | </Directory> | ||
25 | <Location /webstats> | ||
26 | Use LDAPConnect | ||
27 | Require ldap-group cn=%{domain},ou=stats,cn=httpd,ou=services,dc=immae,dc=eu | ||
28 | </Location> | ||
29 | </Macro> | ||
50 | ''; | 30 | ''; |
51 | }; | 31 | }; |
52 | fallbackVhost = toVhost { # Should go first, default choice | 32 | ldap = { |
53 | certName = "eldiron"; | 33 | modules = [ "ldap" "authnz_ldap" ]; |
54 | hosts = ["eldiron.immae.eu" ]; | 34 | extraConfig = '' |
55 | root = www_root; | 35 | <IfModule ldap_module> |
56 | extraConfig = [ "DirectoryIndex index.htm" ]; | 36 | LDAPSharedCacheSize 500000 |
37 | LDAPCacheEntries 1024 | ||
38 | LDAPCacheTTL 600 | ||
39 | LDAPOpCacheEntries 1024 | ||
40 | LDAPOpCacheTTL 600 | ||
41 | </IfModule> | ||
42 | |||
43 | Include /var/secrets/apache-ldap | ||
44 | ''; | ||
57 | }; | 45 | }; |
58 | in rec { | 46 | global = { |
59 | enable = true; | 47 | extraConfig = (pkgs.webapps.apache-default.override { inherit www_root;}).apacheConfig; |
60 | listen = map (ip: { inherit ip; port = 443; }) cfg.ips; | ||
61 | stateDir = "/run/httpd_${name}"; | ||
62 | logPerVirtualHost = true; | ||
63 | multiProcessingModule = "worker"; | ||
64 | adminAddr = "httpd@immae.eu"; | ||
65 | logFormat = "combinedVhost"; | ||
66 | extraModules = pkgs.lib.lists.unique (pkgs.lib.lists.flatten cfg.modules); | ||
67 | extraConfig = builtins.concatStringsSep "\n" cfg.extraConfig; | ||
68 | virtualHosts = [ fallbackVhost ] | ||
69 | ++ lib.optionals (name == "tools") [ nosslVhost ] | ||
70 | ++ (pkgs.lib.attrsets.mapAttrsToList (n: v: toVhost v) cfg.vhostConfs) | ||
71 | ++ [ redirectVhost ]; | ||
72 | }; | ||
73 | makeServiceOptions = name: { | ||
74 | enable = lib.mkEnableOption "enable websites in ${name}"; | ||
75 | ips = lib.mkOption { | ||
76 | type = lib.types.listOf lib.types.string; | ||
77 | default = let | ||
78 | ips = myconfig.env.servers.eldiron.ips.${name}; | ||
79 | in | ||
80 | [ips.ip4] ++ (ips.ip6 or []); | ||
81 | description = "${name} ips to listen to"; | ||
82 | }; | 48 | }; |
83 | modules = lib.mkOption { | 49 | apaxy = { |
84 | type = lib.types.listOf (lib.types.str); | 50 | extraConfig = (pkgs.webapps.apache-theme.override { inherit theme_root; }).apacheConfig; |
85 | default = []; | ||
86 | }; | 51 | }; |
87 | extraConfig = lib.mkOption { | 52 | http2 = { |
88 | type = lib.types.listOf (lib.types.lines); | 53 | modules = [ "http2" ]; |
89 | default = []; | 54 | extraConfig = '' |
55 | Protocols h2 http/1.1 | ||
56 | ''; | ||
90 | }; | 57 | }; |
91 | vhostConfs = lib.mkOption { | 58 | customLog = { |
92 | type = lib.types.attrsOf (lib.types.submodule { | 59 | extraConfig = '' |
93 | options = { | 60 | LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedVhost |
94 | certName = lib.mkOption { type = lib.types.string; }; | 61 | ''; |
95 | hosts = lib.mkOption { type = lib.types.listOf lib.types.string; }; | ||
96 | root = lib.mkOption { type = lib.types.nullOr lib.types.path; }; | ||
97 | extraConfig = lib.mkOption { type = lib.types.listOf lib.types.lines; default = []; }; | ||
98 | }; | ||
99 | }); | ||
100 | }; | 62 | }; |
101 | }; | 63 | }; |
102 | makeModules = cfg: pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig); | 64 | makeModules = lib.lists.flatten (lib.attrsets.mapAttrsToList (n: v: v.modules or []) apacheConfig); |
103 | makeExtraConfig = cfg: (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig)); | 65 | makeExtraConfig = (builtins.filter (x: x != null) (lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) apacheConfig)); |
104 | in | 66 | in |
105 | { | 67 | { |
106 | imports = [ | 68 | imports = [ |
@@ -135,30 +97,6 @@ in | |||
135 | ./phpfpm | 97 | ./phpfpm |
136 | ]; | 98 | ]; |
137 | 99 | ||
138 | options.services.myWebsites = { | ||
139 | production = makeServiceOptions "production"; | ||
140 | integration = makeServiceOptions "integration"; | ||
141 | tools = makeServiceOptions "main"; | ||
142 | |||
143 | apacheConfig = lib.mkOption { | ||
144 | type = lib.types.attrsOf (lib.types.submodule { | ||
145 | options = { | ||
146 | modules = lib.mkOption { | ||
147 | type = lib.types.listOf (lib.types.str); | ||
148 | default = []; | ||
149 | }; | ||
150 | extraConfig = lib.mkOption { | ||
151 | type = lib.types.nullOr lib.types.lines; | ||
152 | default = null; | ||
153 | }; | ||
154 | }; | ||
155 | }); | ||
156 | default = {}; | ||
157 | description = "Extra global config"; | ||
158 | }; | ||
159 | |||
160 | }; | ||
161 | |||
162 | config = { | 100 | config = { |
163 | users.users.wwwrun.extraGroups = [ "keys" ]; | 101 | users.users.wwwrun.extraGroups = [ "keys" ]; |
164 | networking.firewall.allowedTCPPorts = [ 80 443 ]; | 102 | networking.firewall.allowedTCPPorts = [ 80 443 ]; |
@@ -195,28 +133,28 @@ in | |||
195 | services.myWebsites.tools.etherpad-lite.enable = true; | 133 | services.myWebsites.tools.etherpad-lite.enable = true; |
196 | services.myWebsites.tools.peertube.enable = true; | 134 | services.myWebsites.tools.peertube.enable = true; |
197 | 135 | ||
198 | services.myWebsites.Chloe.production.enable = cfg.production.enable; | 136 | services.myWebsites.Chloe.production.enable = true; |
199 | services.myWebsites.Ludivine.production.enable = cfg.production.enable; | 137 | services.myWebsites.Ludivine.production.enable = true; |
200 | services.myWebsites.Aten.production.enable = cfg.production.enable; | 138 | services.myWebsites.Aten.production.enable = true; |
201 | services.myWebsites.PiedsJaloux.production.enable = cfg.production.enable; | 139 | services.myWebsites.PiedsJaloux.production.enable = true; |
202 | services.myWebsites.Connexionswing.production.enable = cfg.production.enable; | 140 | services.myWebsites.Connexionswing.production.enable = true; |
203 | services.myWebsites.Jerome.production.enable = cfg.production.enable; | 141 | services.myWebsites.Jerome.production.enable = true; |
204 | services.myWebsites.Nassime.production.enable = cfg.production.enable; | 142 | services.myWebsites.Nassime.production.enable = true; |
205 | services.myWebsites.Florian.production.enable = cfg.production.enable; | 143 | services.myWebsites.Florian.production.enable = true; |
206 | services.myWebsites.Leila.production.enable = cfg.production.enable; | 144 | services.myWebsites.Leila.production.enable = true; |
207 | services.myWebsites.Papa.production.enable = cfg.production.enable; | 145 | services.myWebsites.Papa.production.enable = true; |
208 | services.myWebsites.DeniseJerome.production.enable = cfg.production.enable; | 146 | services.myWebsites.DeniseJerome.production.enable = true; |
209 | services.myWebsites.Emilia.production.enable = cfg.production.enable; | 147 | services.myWebsites.Emilia.production.enable = true; |
210 | services.myWebsites.Capitaines.production.enable = cfg.production.enable; | 148 | services.myWebsites.Capitaines.production.enable = true; |
211 | services.myWebsites.Immae.production.enable = cfg.production.enable; | 149 | services.myWebsites.Immae.production.enable = true; |
212 | services.myWebsites.Release.production.enable = cfg.production.enable; | 150 | services.myWebsites.Release.production.enable = true; |
213 | services.myWebsites.Temp.production.enable = cfg.production.enable; | 151 | services.myWebsites.Temp.production.enable = true; |
214 | 152 | ||
215 | services.myWebsites.Chloe.integration.enable = cfg.integration.enable; | 153 | services.myWebsites.Chloe.integration.enable = true; |
216 | services.myWebsites.Ludivine.integration.enable = cfg.integration.enable; | 154 | services.myWebsites.Ludivine.integration.enable = true; |
217 | services.myWebsites.Aten.integration.enable = cfg.integration.enable; | 155 | services.myWebsites.Aten.integration.enable = true; |
218 | services.myWebsites.PiedsJaloux.integration.enable = cfg.integration.enable; | 156 | services.myWebsites.PiedsJaloux.integration.enable = true; |
219 | services.myWebsites.Connexionswing.integration.enable = cfg.integration.enable; | 157 | services.myWebsites.Connexionswing.integration.enable = true; |
220 | services.myWebsites.TellesFlorian.integration.enable = true; | 158 | services.myWebsites.TellesFlorian.integration.enable = true; |
221 | services.myWebsites.Florian.integration.enable = true; | 159 | services.myWebsites.Florian.integration.enable = true; |
222 | 160 | ||
@@ -239,65 +177,6 @@ in | |||
239 | ''; | 177 | ''; |
240 | }]; | 178 | }]; |
241 | 179 | ||
242 | services.myWebsites.apacheConfig = { | ||
243 | gzip = { | ||
244 | modules = [ "deflate" "filter" ]; | ||
245 | extraConfig = '' | ||
246 | AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript | ||
247 | ''; | ||
248 | }; | ||
249 | macros = { | ||
250 | modules = [ "macro" ]; | ||
251 | }; | ||
252 | stats = { | ||
253 | extraConfig = '' | ||
254 | <Macro Stats %{domain}> | ||
255 | Alias /webstats ${config.services.webstats.dataDir}/%{domain} | ||
256 | <Directory ${config.services.webstats.dataDir}/%{domain}> | ||
257 | DirectoryIndex index.html | ||
258 | AllowOverride None | ||
259 | Require all granted | ||
260 | </Directory> | ||
261 | <Location /webstats> | ||
262 | Use LDAPConnect | ||
263 | Require ldap-group cn=%{domain},ou=stats,cn=httpd,ou=services,dc=immae,dc=eu | ||
264 | </Location> | ||
265 | </Macro> | ||
266 | ''; | ||
267 | }; | ||
268 | ldap = { | ||
269 | modules = [ "ldap" "authnz_ldap" ]; | ||
270 | extraConfig = '' | ||
271 | <IfModule ldap_module> | ||
272 | LDAPSharedCacheSize 500000 | ||
273 | LDAPCacheEntries 1024 | ||
274 | LDAPCacheTTL 600 | ||
275 | LDAPOpCacheEntries 1024 | ||
276 | LDAPOpCacheTTL 600 | ||
277 | </IfModule> | ||
278 | |||
279 | Include /var/secrets/apache-ldap | ||
280 | ''; | ||
281 | }; | ||
282 | global = { | ||
283 | extraConfig = (pkgs.webapps.apache-default.override { inherit www_root;}).apacheConfig; | ||
284 | }; | ||
285 | apaxy = { | ||
286 | extraConfig = (pkgs.webapps.apache-theme.override { inherit theme_root; }).apacheConfig; | ||
287 | }; | ||
288 | http2 = { | ||
289 | modules = [ "http2" ]; | ||
290 | extraConfig = '' | ||
291 | Protocols h2 http/1.1 | ||
292 | ''; | ||
293 | }; | ||
294 | customLog = { | ||
295 | extraConfig = '' | ||
296 | LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedVhost | ||
297 | ''; | ||
298 | }; | ||
299 | }; | ||
300 | |||
301 | system.activationScripts = { | 180 | system.activationScripts = { |
302 | httpd = '' | 181 | httpd = '' |
303 | install -d -m 0755 /var/lib/acme/acme-challenge | 182 | install -d -m 0755 /var/lib/acme/acme-challenge |
@@ -334,26 +213,68 @@ in | |||
334 | ''; | 213 | ''; |
335 | }; | 214 | }; |
336 | 215 | ||
337 | services.httpdProd = makeService "production" config.services.myWebsites.production; | 216 | services.websites.production = { |
338 | services.myWebsites.production.modules = makeModules cfg; | 217 | enable = true; |
339 | services.myWebsites.production.extraConfig = makeExtraConfig cfg; | 218 | adminAddr = "httpd@immae.eu"; |
219 | httpdName = "Prod"; | ||
220 | ips = | ||
221 | let ips = myconfig.env.servers.eldiron.ips.production; | ||
222 | in [ips.ip4] ++ (ips.ip6 or []); | ||
223 | modules = makeModules; | ||
224 | extraConfig = makeExtraConfig; | ||
225 | fallbackVhost = { | ||
226 | certName = "eldiron"; | ||
227 | hosts = ["eldiron.immae.eu" ]; | ||
228 | root = www_root; | ||
229 | extraConfig = [ "DirectoryIndex index.htm" ]; | ||
230 | }; | ||
231 | }; | ||
340 | 232 | ||
341 | services.httpdInte = makeService "integration" config.services.myWebsites.integration; | 233 | services.websites.integration = { |
342 | services.myWebsites.integration.modules = makeModules cfg; | 234 | enable = true; |
343 | services.myWebsites.integration.extraConfig = makeExtraConfig cfg; | 235 | adminAddr = "httpd@immae.eu"; |
236 | httpdName = "Inte"; | ||
237 | ips = | ||
238 | let ips = myconfig.env.servers.eldiron.ips.integration; | ||
239 | in [ips.ip4] ++ (ips.ip6 or []); | ||
240 | modules = makeModules; | ||
241 | extraConfig = makeExtraConfig; | ||
242 | fallbackVhost = { | ||
243 | certName = "eldiron"; | ||
244 | hosts = ["eldiron.immae.eu" ]; | ||
245 | root = www_root; | ||
246 | extraConfig = [ "DirectoryIndex index.htm" ]; | ||
247 | }; | ||
248 | }; | ||
344 | 249 | ||
345 | services.httpdTools = makeService "tools" config.services.myWebsites.tools; | 250 | services.websites.tools = { |
346 | services.myWebsites.tools.modules = makeModules cfg; | 251 | enable = true; |
347 | services.myWebsites.tools.extraConfig = makeExtraConfig cfg ++ | 252 | adminAddr = "httpd@immae.eu"; |
348 | [ '' | 253 | httpdName = "Tools"; |
349 | RedirectMatch ^/licen[cs]es?_et_tip(ping)?$ https://www.immae.eu/licences_et_tip.html | 254 | ips = |
350 | RedirectMatch ^/licen[cs]es?_and_tip(ping)?$ https://www.immae.eu/licenses_and_tipping.html | 255 | let ips = myconfig.env.servers.eldiron.ips.main; |
351 | RedirectMatch ^/licen[cs]es?$ https://www.immae.eu/licenses_and_tipping.html | 256 | in [ips.ip4] ++ (ips.ip6 or []); |
352 | RedirectMatch ^/tip(ping)?$ https://www.immae.eu/licenses_and_tipping.html | 257 | modules = makeModules; |
353 | RedirectMatch ^/(mentions|mentions_legales|legal)$ https://www.immae.eu/mentions.html | 258 | extraConfig = makeExtraConfig ++ |
354 | RedirectMatch ^/CGU$ https://www.immae.eu/CGU | 259 | [ '' |
355 | '' | 260 | RedirectMatch ^/licen[cs]es?_et_tip(ping)?$ https://www.immae.eu/licences_et_tip.html |
356 | ] | 261 | RedirectMatch ^/licen[cs]es?_and_tip(ping)?$ https://www.immae.eu/licenses_and_tipping.html |
357 | ; | 262 | RedirectMatch ^/licen[cs]es?$ https://www.immae.eu/licenses_and_tipping.html |
263 | RedirectMatch ^/tip(ping)?$ https://www.immae.eu/licenses_and_tipping.html | ||
264 | RedirectMatch ^/(mentions|mentions_legales|legal)$ https://www.immae.eu/mentions.html | ||
265 | RedirectMatch ^/CGU$ https://www.immae.eu/CGU | ||
266 | '' | ||
267 | ]; | ||
268 | nosslVhost = { | ||
269 | enable = true; | ||
270 | host = "nossl.immae.eu"; | ||
271 | }; | ||
272 | fallbackVhost = { | ||
273 | certName = "eldiron"; | ||
274 | hosts = ["eldiron.immae.eu" ]; | ||
275 | root = www_root; | ||
276 | extraConfig = [ "DirectoryIndex index.htm" ]; | ||
277 | }; | ||
278 | }; | ||
358 | }; | 279 | }; |
359 | } | 280 | } |
diff --git a/nixops/modules/websites/emilia/default.nix b/nixops/modules/websites/emilia/default.nix index 97173b9..4e32bec 100644 --- a/nixops/modules/websites/emilia/default.nix +++ b/nixops/modules/websites/emilia/default.nix | |||
@@ -61,7 +61,7 @@ in { | |||
61 | mkdir -p $out/webapps | 61 | mkdir -p $out/webapps |
62 | ln -s ${siteDir} $out/webapps/${webappName} | 62 | ln -s ${siteDir} $out/webapps/${webappName} |
63 | ''; | 63 | ''; |
64 | services.myWebsites.production.vhostConfs.emilia = { | 64 | services.websites.production.vhostConfs.emilia = { |
65 | certName = "emilia"; | 65 | certName = "emilia"; |
66 | hosts = [ "saison-photo.org" "www.saison-photo.org" ]; | 66 | hosts = [ "saison-photo.org" "www.saison-photo.org" ]; |
67 | root = root; | 67 | root = root; |
diff --git a/nixops/modules/websites/ftp/denisejerome.nix b/nixops/modules/websites/ftp/denisejerome.nix index 85aae27..fa31430 100644 --- a/nixops/modules/websites/ftp/denisejerome.nix +++ b/nixops/modules/websites/ftp/denisejerome.nix | |||
@@ -17,7 +17,7 @@ in { | |||
17 | domain = "denisejerome.piedsjaloux.fr"; | 17 | domain = "denisejerome.piedsjaloux.fr"; |
18 | }; | 18 | }; |
19 | 19 | ||
20 | services.myWebsites.production.vhostConfs.denisejerome = { | 20 | services.websites.production.vhostConfs.denisejerome = { |
21 | certName = "denisejerome"; | 21 | certName = "denisejerome"; |
22 | hosts = ["denisejerome.piedsjaloux.fr" ]; | 22 | hosts = ["denisejerome.piedsjaloux.fr" ]; |
23 | root = varDir; | 23 | root = varDir; |
diff --git a/nixops/modules/websites/ftp/florian.nix b/nixops/modules/websites/ftp/florian.nix index 2c8edbb..8097507 100644 --- a/nixops/modules/websites/ftp/florian.nix +++ b/nixops/modules/websites/ftp/florian.nix | |||
@@ -24,8 +24,8 @@ in { | |||
24 | }; | 24 | }; |
25 | }; | 25 | }; |
26 | 26 | ||
27 | services.myWebsites.production.modules = adminer.apache.modules; | 27 | services.websites.production.modules = adminer.apache.modules; |
28 | services.myWebsites.production.vhostConfs.florian = { | 28 | services.websites.production.vhostConfs.florian = { |
29 | certName = "florian"; | 29 | certName = "florian"; |
30 | hosts = [ "tellesflorian.com" "www.tellesflorian.com" ]; | 30 | hosts = [ "tellesflorian.com" "www.tellesflorian.com" ]; |
31 | root = "${varDir}/tellesflorian.com"; | 31 | root = "${varDir}/tellesflorian.com"; |
@@ -49,8 +49,8 @@ in { | |||
49 | security.acme.certs."ftp".extraDomains."florian.immae.eu" = null; | 49 | security.acme.certs."ftp".extraDomains."florian.immae.eu" = null; |
50 | security.acme.certs."eldiron".extraDomains."florian.immae.eu" = null; | 50 | security.acme.certs."eldiron".extraDomains."florian.immae.eu" = null; |
51 | 51 | ||
52 | services.myWebsites.integration.modules = adminer.apache.modules; | 52 | services.websites.integration.modules = adminer.apache.modules; |
53 | services.myWebsites.integration.vhostConfs.florian = { | 53 | services.websites.integration.vhostConfs.florian = { |
54 | certName = "eldiron"; | 54 | certName = "eldiron"; |
55 | hosts = [ "florian.immae.eu" ]; | 55 | hosts = [ "florian.immae.eu" ]; |
56 | root = "${varDir}/florian.immae.eu"; | 56 | root = "${varDir}/florian.immae.eu"; |
diff --git a/nixops/modules/websites/ftp/immae.nix b/nixops/modules/websites/ftp/immae.nix index 64f8f31..e188d95 100644 --- a/nixops/modules/websites/ftp/immae.nix +++ b/nixops/modules/websites/ftp/immae.nix | |||
@@ -28,8 +28,8 @@ in { | |||
28 | 28 | ||
29 | php_admin_value[open_basedir] = "${varDir}:/tmp" | 29 | php_admin_value[open_basedir] = "${varDir}:/tmp" |
30 | ''; | 30 | ''; |
31 | services.myWebsites.production.modules = [ "proxy_fcgi" ]; | 31 | services.websites.production.modules = [ "proxy_fcgi" ]; |
32 | services.myWebsites.production.vhostConfs.immae = { | 32 | services.websites.production.vhostConfs.immae = { |
33 | certName = "eldiron"; | 33 | certName = "eldiron"; |
34 | hosts = [ "www.immae.eu" ]; | 34 | hosts = [ "www.immae.eu" ]; |
35 | root = varDir; | 35 | root = varDir; |
@@ -58,7 +58,7 @@ in { | |||
58 | 58 | ||
59 | security.acme.certs."eldiron".extraDomains."bouya.org" = null; | 59 | security.acme.certs."eldiron".extraDomains."bouya.org" = null; |
60 | security.acme.certs."eldiron".extraDomains."www.bouya.org" = null; | 60 | security.acme.certs."eldiron".extraDomains."www.bouya.org" = null; |
61 | services.myWebsites.production.vhostConfs.bouya = { | 61 | services.websites.production.vhostConfs.bouya = { |
62 | certName = "eldiron"; | 62 | certName = "eldiron"; |
63 | hosts = [ "bouya.org" "www.bouya.org" ]; | 63 | hosts = [ "bouya.org" "www.bouya.org" ]; |
64 | root = null; | 64 | root = null; |
diff --git a/nixops/modules/websites/ftp/jerome.nix b/nixops/modules/websites/ftp/jerome.nix index 5b86697..a340644 100644 --- a/nixops/modules/websites/ftp/jerome.nix +++ b/nixops/modules/websites/ftp/jerome.nix | |||
@@ -58,8 +58,8 @@ in { | |||
58 | services.myPhpfpm.poolPhpConfigs.jerome = '' | 58 | services.myPhpfpm.poolPhpConfigs.jerome = '' |
59 | extension=${pkgs.php}/lib/php/extensions/mysqli.so | 59 | extension=${pkgs.php}/lib/php/extensions/mysqli.so |
60 | ''; | 60 | ''; |
61 | services.myWebsites.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ]; | 61 | services.websites.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ]; |
62 | services.myWebsites.production.vhostConfs.naturaloutil = { | 62 | services.websites.production.vhostConfs.naturaloutil = { |
63 | certName = "naturaloutil"; | 63 | certName = "naturaloutil"; |
64 | hosts = ["naturaloutil.immae.eu" ]; | 64 | hosts = ["naturaloutil.immae.eu" ]; |
65 | root = varDir; | 65 | root = varDir; |
diff --git a/nixops/modules/websites/ftp/leila.nix b/nixops/modules/websites/ftp/leila.nix index c5c27b1..5185372 100644 --- a/nixops/modules/websites/ftp/leila.nix +++ b/nixops/modules/websites/ftp/leila.nix | |||
@@ -38,8 +38,8 @@ in { | |||
38 | { name = "chorale.leila.bouya.org"; } | 38 | { name = "chorale.leila.bouya.org"; } |
39 | ]; | 39 | ]; |
40 | 40 | ||
41 | services.myWebsites.production.modules = [ "proxy_fcgi" ]; | 41 | services.websites.production.modules = [ "proxy_fcgi" ]; |
42 | services.myWebsites.production.vhostConfs.leila_chorale = { | 42 | services.websites.production.vhostConfs.leila_chorale = { |
43 | certName = "leila"; | 43 | certName = "leila"; |
44 | hosts = [ "chorale.leila.bouya.org" "chorale-vocanta.fr.nf" "www.chorale-vocanta.fr.nf" ]; | 44 | hosts = [ "chorale.leila.bouya.org" "chorale-vocanta.fr.nf" "www.chorale-vocanta.fr.nf" ]; |
45 | root = "${varDir}/Chorale"; | 45 | root = "${varDir}/Chorale"; |
@@ -61,7 +61,7 @@ in { | |||
61 | '' | 61 | '' |
62 | ]; | 62 | ]; |
63 | }; | 63 | }; |
64 | services.myWebsites.production.vhostConfs.leila = { | 64 | services.websites.production.vhostConfs.leila = { |
65 | certName = "leila"; | 65 | certName = "leila"; |
66 | hosts = [ "leila.bouya.org" ]; | 66 | hosts = [ "leila.bouya.org" ]; |
67 | root = varDir; | 67 | root = varDir; |
diff --git a/nixops/modules/websites/ftp/nassime.nix b/nixops/modules/websites/ftp/nassime.nix index 0e54786..9ed8a80 100644 --- a/nixops/modules/websites/ftp/nassime.nix +++ b/nixops/modules/websites/ftp/nassime.nix | |||
@@ -18,7 +18,7 @@ in { | |||
18 | domain = "nassime.bouya.org"; | 18 | domain = "nassime.bouya.org"; |
19 | }; | 19 | }; |
20 | 20 | ||
21 | services.myWebsites.production.vhostConfs.nassime = { | 21 | services.websites.production.vhostConfs.nassime = { |
22 | certName = "nassime"; | 22 | certName = "nassime"; |
23 | hosts = ["nassime.bouya.org" ]; | 23 | hosts = ["nassime.bouya.org" ]; |
24 | root = varDir; | 24 | root = varDir; |
diff --git a/nixops/modules/websites/ftp/papa.nix b/nixops/modules/websites/ftp/papa.nix index aedae63..cdbc1b0 100644 --- a/nixops/modules/websites/ftp/papa.nix +++ b/nixops/modules/websites/ftp/papa.nix | |||
@@ -34,7 +34,7 @@ in { | |||
34 | ]; | 34 | ]; |
35 | }; | 35 | }; |
36 | 36 | ||
37 | services.myWebsites.production.vhostConfs.papa = { | 37 | services.websites.production.vhostConfs.papa = { |
38 | certName = "papa"; | 38 | certName = "papa"; |
39 | hosts = [ "surveillance.maison.bbc.bouya.org" ]; | 39 | hosts = [ "surveillance.maison.bbc.bouya.org" ]; |
40 | root = varDir; | 40 | root = varDir; |
diff --git a/nixops/modules/websites/ftp/release.nix b/nixops/modules/websites/ftp/release.nix index 4d996e3..2ddd8bc 100644 --- a/nixops/modules/websites/ftp/release.nix +++ b/nixops/modules/websites/ftp/release.nix | |||
@@ -15,7 +15,7 @@ in { | |||
15 | 15 | ||
16 | security.acme.certs."eldiron".extraDomains."release.immae.eu" = null; | 16 | security.acme.certs."eldiron".extraDomains."release.immae.eu" = null; |
17 | 17 | ||
18 | services.myWebsites.production.vhostConfs.release = { | 18 | services.websites.production.vhostConfs.release = { |
19 | certName = "eldiron"; | 19 | certName = "eldiron"; |
20 | hosts = [ "release.immae.eu" ]; | 20 | hosts = [ "release.immae.eu" ]; |
21 | root = varDir; | 21 | root = varDir; |
diff --git a/nixops/modules/websites/ftp/temp.nix b/nixops/modules/websites/ftp/temp.nix index 087b499..bdd80c0 100644 --- a/nixops/modules/websites/ftp/temp.nix +++ b/nixops/modules/websites/ftp/temp.nix | |||
@@ -13,8 +13,8 @@ in { | |||
13 | config = lib.mkIf cfg.production.enable { | 13 | config = lib.mkIf cfg.production.enable { |
14 | security.acme.certs."eldiron".extraDomains."temp.immae.eu" = null; | 14 | security.acme.certs."eldiron".extraDomains."temp.immae.eu" = null; |
15 | 15 | ||
16 | services.myWebsites.production.modules = [ "headers" ]; | 16 | services.websites.production.modules = [ "headers" ]; |
17 | services.myWebsites.production.vhostConfs.temp = { | 17 | services.websites.production.vhostConfs.temp = { |
18 | certName = "eldiron"; | 18 | certName = "eldiron"; |
19 | hosts = [ "temp.immae.eu" ]; | 19 | hosts = [ "temp.immae.eu" ]; |
20 | root = varDir; | 20 | root = varDir; |
diff --git a/nixops/modules/websites/ludivine/default.nix b/nixops/modules/websites/ludivine/default.nix index df75eff..dfeff0a 100644 --- a/nixops/modules/websites/ludivine/default.nix +++ b/nixops/modules/websites/ludivine/default.nix | |||
@@ -40,8 +40,8 @@ in { | |||
40 | mkdir -p $out/webapps | 40 | mkdir -p $out/webapps |
41 | ln -s ${ludivinecassal_prod.app.webRoot} $out/webapps/${ludivinecassal_prod.apache.webappName} | 41 | ln -s ${ludivinecassal_prod.app.webRoot} $out/webapps/${ludivinecassal_prod.apache.webappName} |
42 | ''; | 42 | ''; |
43 | services.myWebsites.production.modules = ludivinecassal_prod.apache.modules; | 43 | services.websites.production.modules = ludivinecassal_prod.apache.modules; |
44 | services.myWebsites.production.vhostConfs.ludivine = { | 44 | services.websites.production.vhostConfs.ludivine = { |
45 | certName = "ludivinecassal"; | 45 | certName = "ludivinecassal"; |
46 | hosts = ["ludivinecassal.com" "www.ludivinecassal.com" ]; | 46 | hosts = ["ludivinecassal.com" "www.ludivinecassal.com" ]; |
47 | root = ludivinecassal_prod.apache.root; | 47 | root = ludivinecassal_prod.apache.root; |
@@ -60,9 +60,8 @@ in { | |||
60 | mkdir -p $out/webapps | 60 | mkdir -p $out/webapps |
61 | ln -s ${ludivinecassal_dev.app.webRoot} $out/webapps/${ludivinecassal_dev.apache.webappName} | 61 | ln -s ${ludivinecassal_dev.app.webRoot} $out/webapps/${ludivinecassal_dev.apache.webappName} |
62 | ''; | 62 | ''; |
63 | services.myWebsites.apacheConfig.ludivinecassal_dev.modules = ludivinecassal_dev.apache.modules; | 63 | services.websites.integration.modules = ludivinecassal_dev.apache.modules; |
64 | services.myWebsites.integration.modules = ludivinecassal_dev.apache.modules; | 64 | services.websites.integration.vhostConfs.ludivine = { |
65 | services.myWebsites.integration.vhostConfs.ludivine = { | ||
66 | certName = "eldiron"; | 65 | certName = "eldiron"; |
67 | hosts = [ "ludivine.immae.eu" ]; | 66 | hosts = [ "ludivine.immae.eu" ]; |
68 | root = ludivinecassal_dev.apache.root; | 67 | root = ludivinecassal_dev.apache.root; |
diff --git a/nixops/modules/websites/piedsjaloux/default.nix b/nixops/modules/websites/piedsjaloux/default.nix index 10c1f6c..6ffb19c 100644 --- a/nixops/modules/websites/piedsjaloux/default.nix +++ b/nixops/modules/websites/piedsjaloux/default.nix | |||
@@ -40,8 +40,8 @@ in { | |||
40 | mkdir -p $out/webapps | 40 | mkdir -p $out/webapps |
41 | ln -s ${piedsjaloux_prod.app.webRoot} $out/webapps/${piedsjaloux_prod.apache.webappName} | 41 | ln -s ${piedsjaloux_prod.app.webRoot} $out/webapps/${piedsjaloux_prod.apache.webappName} |
42 | ''; | 42 | ''; |
43 | services.myWebsites.production.modules = piedsjaloux_prod.apache.modules; | 43 | services.websites.production.modules = piedsjaloux_prod.apache.modules; |
44 | services.myWebsites.production.vhostConfs.piedsjaloux = { | 44 | services.websites.production.vhostConfs.piedsjaloux = { |
45 | certName = "piedsjaloux"; | 45 | certName = "piedsjaloux"; |
46 | hosts = [ "piedsjaloux.fr" "www.piedsjaloux.fr" ]; | 46 | hosts = [ "piedsjaloux.fr" "www.piedsjaloux.fr" ]; |
47 | root = piedsjaloux_prod.apache.root; | 47 | root = piedsjaloux_prod.apache.root; |
@@ -59,8 +59,8 @@ in { | |||
59 | mkdir -p $out/webapps | 59 | mkdir -p $out/webapps |
60 | ln -s ${piedsjaloux_dev.app.webRoot} $out/webapps/${piedsjaloux_dev.apache.webappName} | 60 | ln -s ${piedsjaloux_dev.app.webRoot} $out/webapps/${piedsjaloux_dev.apache.webappName} |
61 | ''; | 61 | ''; |
62 | services.myWebsites.integration.modules = piedsjaloux_dev.apache.modules; | 62 | services.websites.integration.modules = piedsjaloux_dev.apache.modules; |
63 | services.myWebsites.integration.vhostConfs.piedsjaloux = { | 63 | services.websites.integration.vhostConfs.piedsjaloux = { |
64 | certName = "eldiron"; | 64 | certName = "eldiron"; |
65 | hosts = [ "piedsjaloux.immae.eu" ]; | 65 | hosts = [ "piedsjaloux.immae.eu" ]; |
66 | root = piedsjaloux_dev.apache.root; | 66 | root = piedsjaloux_dev.apache.root; |
diff --git a/nixops/modules/websites/tellesflorian/default.nix b/nixops/modules/websites/tellesflorian/default.nix index 93ee023..eb02174 100644 --- a/nixops/modules/websites/tellesflorian/default.nix +++ b/nixops/modules/websites/tellesflorian/default.nix | |||
@@ -26,8 +26,8 @@ in { | |||
26 | mkdir -p $out/webapps | 26 | mkdir -p $out/webapps |
27 | ln -s ${tellesflorian_dev.app.webRoot} $out/webapps/${tellesflorian_dev.apache.webappName} | 27 | ln -s ${tellesflorian_dev.app.webRoot} $out/webapps/${tellesflorian_dev.apache.webappName} |
28 | ''; | 28 | ''; |
29 | services.myWebsites.integration.modules = adminer.apache.modules ++ tellesflorian_dev.apache.modules; | 29 | services.websites.integration.modules = adminer.apache.modules ++ tellesflorian_dev.apache.modules; |
30 | services.myWebsites.integration.vhostConfs.tellesflorian = { | 30 | services.websites.integration.vhostConfs.tellesflorian = { |
31 | certName = "eldiron"; | 31 | certName = "eldiron"; |
32 | hosts = ["app.tellesflorian.com" ]; | 32 | hosts = ["app.tellesflorian.com" ]; |
33 | root = tellesflorian_dev.apache.root; | 33 | root = tellesflorian_dev.apache.root; |
diff --git a/nixops/modules/websites/tools/cloud.nix b/nixops/modules/websites/tools/cloud.nix index 40faec7..69b5fb0 100644 --- a/nixops/modules/websites/tools/cloud.nix +++ b/nixops/modules/websites/tools/cloud.nix | |||
@@ -51,9 +51,9 @@ in { | |||
51 | config = lib.mkIf cfg.enable { | 51 | config = lib.mkIf cfg.enable { |
52 | security.acme.certs."eldiron".extraDomains."cloud.immae.eu" = null; | 52 | security.acme.certs."eldiron".extraDomains."cloud.immae.eu" = null; |
53 | 53 | ||
54 | services.myWebsites.tools.modules = [ "proxy_fcgi" ]; | 54 | services.websites.tools.modules = [ "proxy_fcgi" ]; |
55 | 55 | ||
56 | services.myWebsites.tools.vhostConfs.cloud = { | 56 | services.websites.tools.vhostConfs.cloud = { |
57 | certName = "eldiron"; | 57 | certName = "eldiron"; |
58 | hosts = ["cloud.immae.eu" ]; | 58 | hosts = ["cloud.immae.eu" ]; |
59 | root = apacheRoot; | 59 | root = apacheRoot; |
diff --git a/nixops/modules/websites/tools/dav/default.nix b/nixops/modules/websites/tools/dav/default.nix index 5b5a076..ea2105b 100644 --- a/nixops/modules/websites/tools/dav/default.nix +++ b/nixops/modules/websites/tools/dav/default.nix | |||
@@ -30,9 +30,9 @@ in { | |||
30 | security.acme.certs."eldiron".extraDomains."dav.immae.eu" = null; | 30 | security.acme.certs."eldiron".extraDomains."dav.immae.eu" = null; |
31 | 31 | ||
32 | secrets.keys = davical.keys; | 32 | secrets.keys = davical.keys; |
33 | services.myWebsites.tools.modules = davical.apache.modules; | 33 | services.websites.tools.modules = davical.apache.modules; |
34 | 34 | ||
35 | services.myWebsites.tools.vhostConfs.dav = { | 35 | services.websites.tools.vhostConfs.dav = { |
36 | certName = "eldiron"; | 36 | certName = "eldiron"; |
37 | hosts = ["dav.immae.eu" ]; | 37 | hosts = ["dav.immae.eu" ]; |
38 | root = null; | 38 | root = null; |
diff --git a/nixops/modules/websites/tools/db.nix b/nixops/modules/websites/tools/db.nix index f7ca585..70650fa 100644 --- a/nixops/modules/websites/tools/db.nix +++ b/nixops/modules/websites/tools/db.nix | |||
@@ -11,8 +11,8 @@ in { | |||
11 | config = lib.mkIf cfg.enable { | 11 | config = lib.mkIf cfg.enable { |
12 | security.acme.certs."eldiron".extraDomains."db-1.immae.eu" = null; | 12 | security.acme.certs."eldiron".extraDomains."db-1.immae.eu" = null; |
13 | 13 | ||
14 | services.myWebsites.tools.modules = adminer.apache.modules; | 14 | services.websites.tools.modules = adminer.apache.modules; |
15 | services.myWebsites.tools.vhostConfs.db-1 = { | 15 | services.websites.tools.vhostConfs.db-1 = { |
16 | certName = "eldiron"; | 16 | certName = "eldiron"; |
17 | hosts = ["db-1.immae.eu" ]; | 17 | hosts = ["db-1.immae.eu" ]; |
18 | root = null; | 18 | root = null; |
diff --git a/nixops/modules/websites/tools/diaspora.nix b/nixops/modules/websites/tools/diaspora.nix index f6097a0..221e01c 100644 --- a/nixops/modules/websites/tools/diaspora.nix +++ b/nixops/modules/websites/tools/diaspora.nix | |||
@@ -145,7 +145,7 @@ in { | |||
145 | configDir = "/var/secrets/webapps/diaspora"; | 145 | configDir = "/var/secrets/webapps/diaspora"; |
146 | }; | 146 | }; |
147 | 147 | ||
148 | services.myWebsites.tools.modules = [ | 148 | services.websites.tools.modules = [ |
149 | "headers" "proxy" "proxy_http" | 149 | "headers" "proxy" "proxy_http" |
150 | ]; | 150 | ]; |
151 | security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null; | 151 | security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null; |
@@ -153,7 +153,7 @@ in { | |||
153 | mkdir -p $out/webapps | 153 | mkdir -p $out/webapps |
154 | ln -s ${dcfg.workdir}/public/ $out/webapps/tools_diaspora | 154 | ln -s ${dcfg.workdir}/public/ $out/webapps/tools_diaspora |
155 | ''; | 155 | ''; |
156 | services.myWebsites.tools.vhostConfs.diaspora = { | 156 | services.websites.tools.vhostConfs.diaspora = { |
157 | certName = "eldiron"; | 157 | certName = "eldiron"; |
158 | hosts = [ "diaspora.immae.eu" ]; | 158 | hosts = [ "diaspora.immae.eu" ]; |
159 | root = root; | 159 | root = root; |
diff --git a/nixops/modules/websites/tools/ether.nix b/nixops/modules/websites/tools/ether.nix index 0ce5788..6222b22 100644 --- a/nixops/modules/websites/tools/ether.nix +++ b/nixops/modules/websites/tools/ether.nix | |||
@@ -133,11 +133,11 @@ in { | |||
133 | 133 | ||
134 | systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys"; | 134 | systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys"; |
135 | 135 | ||
136 | services.myWebsites.tools.modules = [ | 136 | services.websites.tools.modules = [ |
137 | "headers" "proxy" "proxy_http" "proxy_wstunnel" | 137 | "headers" "proxy" "proxy_http" "proxy_wstunnel" |
138 | ]; | 138 | ]; |
139 | security.acme.certs."eldiron".extraDomains."ether.immae.eu" = null; | 139 | security.acme.certs."eldiron".extraDomains."ether.immae.eu" = null; |
140 | services.myWebsites.tools.vhostConfs.etherpad-lite = { | 140 | services.websites.tools.vhostConfs.etherpad-lite = { |
141 | certName = "eldiron"; | 141 | certName = "eldiron"; |
142 | hosts = [ "ether.immae.eu" ]; | 142 | hosts = [ "ether.immae.eu" ]; |
143 | root = null; | 143 | root = null; |
diff --git a/nixops/modules/websites/tools/git/default.nix b/nixops/modules/websites/tools/git/default.nix index bfcfc62..ea0d971 100644 --- a/nixops/modules/websites/tools/git/default.nix +++ b/nixops/modules/websites/tools/git/default.nix | |||
@@ -16,7 +16,7 @@ in { | |||
16 | security.acme.certs."eldiron".extraDomains."git.immae.eu" = null; | 16 | security.acme.certs."eldiron".extraDomains."git.immae.eu" = null; |
17 | 17 | ||
18 | secrets.keys = mantisbt.keys; | 18 | secrets.keys = mantisbt.keys; |
19 | services.myWebsites.tools.modules = | 19 | services.websites.tools.modules = |
20 | gitweb.apache.modules ++ | 20 | gitweb.apache.modules ++ |
21 | mantisbt.apache.modules; | 21 | mantisbt.apache.modules; |
22 | system.extraSystemBuilderCmds = '' | 22 | system.extraSystemBuilderCmds = '' |
@@ -25,7 +25,7 @@ in { | |||
25 | ln -s ${mantisbt.webRoot} $out/webapps/${mantisbt.apache.webappName} | 25 | ln -s ${mantisbt.webRoot} $out/webapps/${mantisbt.apache.webappName} |
26 | ''; | 26 | ''; |
27 | 27 | ||
28 | services.myWebsites.tools.vhostConfs.git = { | 28 | services.websites.tools.vhostConfs.git = { |
29 | certName = "eldiron"; | 29 | certName = "eldiron"; |
30 | hosts = ["git.immae.eu" ]; | 30 | hosts = ["git.immae.eu" ]; |
31 | root = gitweb.apache.root; | 31 | root = gitweb.apache.root; |
diff --git a/nixops/modules/websites/tools/mastodon.nix b/nixops/modules/websites/tools/mastodon.nix index e0f589a..38b2107 100644 --- a/nixops/modules/websites/tools/mastodon.nix +++ b/nixops/modules/websites/tools/mastodon.nix | |||
@@ -64,7 +64,7 @@ in { | |||
64 | dataDir = "/var/lib/mastodon_immae"; | 64 | dataDir = "/var/lib/mastodon_immae"; |
65 | }; | 65 | }; |
66 | 66 | ||
67 | services.myWebsites.tools.modules = [ | 67 | services.websites.tools.modules = [ |
68 | "headers" "proxy" "proxy_wstunnel" "proxy_http" | 68 | "headers" "proxy" "proxy_wstunnel" "proxy_http" |
69 | ]; | 69 | ]; |
70 | security.acme.certs."eldiron".extraDomains."mastodon.immae.eu" = null; | 70 | security.acme.certs."eldiron".extraDomains."mastodon.immae.eu" = null; |
@@ -72,7 +72,7 @@ in { | |||
72 | mkdir -p $out/webapps | 72 | mkdir -p $out/webapps |
73 | ln -s ${mcfg.workdir}/public/ $out/webapps/tools_mastodon | 73 | ln -s ${mcfg.workdir}/public/ $out/webapps/tools_mastodon |
74 | ''; | 74 | ''; |
75 | services.myWebsites.tools.vhostConfs.mastodon = { | 75 | services.websites.tools.vhostConfs.mastodon = { |
76 | certName = "eldiron"; | 76 | certName = "eldiron"; |
77 | hosts = ["mastodon.immae.eu" ]; | 77 | hosts = ["mastodon.immae.eu" ]; |
78 | root = root; | 78 | root = root; |
diff --git a/nixops/modules/websites/tools/mediagoblin.nix b/nixops/modules/websites/tools/mediagoblin.nix index 6b26681..8a6f03f 100644 --- a/nixops/modules/websites/tools/mediagoblin.nix +++ b/nixops/modules/websites/tools/mediagoblin.nix | |||
@@ -79,12 +79,12 @@ in { | |||
79 | configFile = "/var/secrets/webapps/tools-mediagoblin"; | 79 | configFile = "/var/secrets/webapps/tools-mediagoblin"; |
80 | }; | 80 | }; |
81 | 81 | ||
82 | services.myWebsites.tools.modules = [ | 82 | services.websites.tools.modules = [ |
83 | "proxy" "proxy_http" | 83 | "proxy" "proxy_http" |
84 | ]; | 84 | ]; |
85 | users.users.wwwrun.extraGroups = [ "mediagoblin" ]; | 85 | users.users.wwwrun.extraGroups = [ "mediagoblin" ]; |
86 | security.acme.certs."eldiron".extraDomains."mgoblin.immae.eu" = null; | 86 | security.acme.certs."eldiron".extraDomains."mgoblin.immae.eu" = null; |
87 | services.myWebsites.tools.vhostConfs.mgoblin = { | 87 | services.websites.tools.vhostConfs.mgoblin = { |
88 | certName = "eldiron"; | 88 | certName = "eldiron"; |
89 | hosts = ["mgoblin.immae.eu" ]; | 89 | hosts = ["mgoblin.immae.eu" ]; |
90 | root = null; | 90 | root = null; |
diff --git a/nixops/modules/websites/tools/peertube.nix b/nixops/modules/websites/tools/peertube.nix index 0184a30..6cc6d38 100644 --- a/nixops/modules/websites/tools/peertube.nix +++ b/nixops/modules/websites/tools/peertube.nix | |||
@@ -150,11 +150,11 @@ in { | |||
150 | ''; | 150 | ''; |
151 | }]; | 151 | }]; |
152 | 152 | ||
153 | services.myWebsites.tools.modules = [ | 153 | services.websites.tools.modules = [ |
154 | "headers" "proxy" "proxy_http" "proxy_wstunnel" | 154 | "headers" "proxy" "proxy_http" "proxy_wstunnel" |
155 | ]; | 155 | ]; |
156 | security.acme.certs."eldiron".extraDomains."peertube.immae.eu" = null; | 156 | security.acme.certs."eldiron".extraDomains."peertube.immae.eu" = null; |
157 | services.myWebsites.tools.vhostConfs.peertube = { | 157 | services.websites.tools.vhostConfs.peertube = { |
158 | certName = "eldiron"; | 158 | certName = "eldiron"; |
159 | hosts = [ "peertube.immae.eu" ]; | 159 | hosts = [ "peertube.immae.eu" ]; |
160 | root = null; | 160 | root = null; |
diff --git a/nixops/modules/websites/tools/tools/default.nix b/nixops/modules/websites/tools/tools/default.nix index 10feefe..5e84f45 100644 --- a/nixops/modules/websites/tools/tools/default.nix +++ b/nixops/modules/websites/tools/tools/default.nix | |||
@@ -58,10 +58,10 @@ in { | |||
58 | ++ wallabag.keys | 58 | ++ wallabag.keys |
59 | ++ yourls.keys; | 59 | ++ yourls.keys; |
60 | 60 | ||
61 | services.myWebsites.integration.modules = | 61 | services.websites.integration.modules = |
62 | rainloop.apache.modules; | 62 | rainloop.apache.modules; |
63 | 63 | ||
64 | services.myWebsites.tools.modules = | 64 | services.websites.tools.modules = |
65 | [ "proxy_fcgi" ] | 65 | [ "proxy_fcgi" ] |
66 | ++ adminer.apache.modules | 66 | ++ adminer.apache.modules |
67 | ++ ympd.apache.modules | 67 | ++ ympd.apache.modules |
@@ -84,7 +84,7 @@ in { | |||
84 | ''; | 84 | ''; |
85 | }; | 85 | }; |
86 | 86 | ||
87 | services.myWebsites.integration.vhostConfs.devtools = { | 87 | services.websites.integration.vhostConfs.devtools = { |
88 | certName = "eldiron"; | 88 | certName = "eldiron"; |
89 | hosts = ["devtools.immae.eu" ]; | 89 | hosts = ["devtools.immae.eu" ]; |
90 | root = "/var/lib/ftp/devtools.immae.eu"; | 90 | root = "/var/lib/ftp/devtools.immae.eu"; |
@@ -103,7 +103,7 @@ in { | |||
103 | ]; | 103 | ]; |
104 | }; | 104 | }; |
105 | 105 | ||
106 | services.myWebsites.tools.vhostConfs.tools = { | 106 | services.websites.tools.vhostConfs.tools = { |
107 | certName = "eldiron"; | 107 | certName = "eldiron"; |
108 | hosts = ["tools.immae.eu" ]; | 108 | hosts = ["tools.immae.eu" ]; |
109 | root = "/var/lib/ftp/tools.immae.eu"; | 109 | root = "/var/lib/ftp/tools.immae.eu"; |
@@ -133,7 +133,7 @@ in { | |||
133 | }; | 133 | }; |
134 | 134 | ||
135 | security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null; | 135 | security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null; |
136 | services.myWebsites.tools.vhostConfs.outils = { | 136 | services.websites.tools.vhostConfs.outils = { |
137 | certName = "eldiron"; | 137 | certName = "eldiron"; |
138 | hosts = [ "outils.immae.eu" ]; | 138 | hosts = [ "outils.immae.eu" ]; |
139 | root = null; | 139 | root = null; |