aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--libs.nix2
-rw-r--r--modules/default.nix2
-rw-r--r--modules/private/default.nix2
-rw-r--r--modules/private/httpd-service-builder.nix8
-rw-r--r--modules/websites/default.nix148
-rw-r--r--modules/websites/nosslVhost/index.html11
-rw-r--r--nixops/eldiron.nix3
-rw-r--r--nixops/modules/buildbot/default.nix2
-rw-r--r--nixops/modules/task/default.nix4
-rw-r--r--nixops/modules/websites/aten/default.nix9
-rw-r--r--nixops/modules/websites/capitaines/default.nix4
-rw-r--r--nixops/modules/websites/chloe/default.nix8
-rw-r--r--nixops/modules/websites/connexionswing/default.nix8
-rw-r--r--nixops/modules/websites/default.nix341
-rw-r--r--nixops/modules/websites/emilia/default.nix2
-rw-r--r--nixops/modules/websites/ftp/denisejerome.nix2
-rw-r--r--nixops/modules/websites/ftp/florian.nix8
-rw-r--r--nixops/modules/websites/ftp/immae.nix6
-rw-r--r--nixops/modules/websites/ftp/jerome.nix4
-rw-r--r--nixops/modules/websites/ftp/leila.nix6
-rw-r--r--nixops/modules/websites/ftp/nassime.nix2
-rw-r--r--nixops/modules/websites/ftp/papa.nix2
-rw-r--r--nixops/modules/websites/ftp/release.nix2
-rw-r--r--nixops/modules/websites/ftp/temp.nix4
-rw-r--r--nixops/modules/websites/ludivine/default.nix9
-rw-r--r--nixops/modules/websites/piedsjaloux/default.nix8
-rw-r--r--nixops/modules/websites/tellesflorian/default.nix4
-rw-r--r--nixops/modules/websites/tools/cloud.nix4
-rw-r--r--nixops/modules/websites/tools/dav/default.nix4
-rw-r--r--nixops/modules/websites/tools/db.nix4
-rw-r--r--nixops/modules/websites/tools/diaspora.nix4
-rw-r--r--nixops/modules/websites/tools/ether.nix4
-rw-r--r--nixops/modules/websites/tools/git/default.nix4
-rw-r--r--nixops/modules/websites/tools/mastodon.nix4
-rw-r--r--nixops/modules/websites/tools/mediagoblin.nix4
-rw-r--r--nixops/modules/websites/tools/peertube.nix4
-rw-r--r--nixops/modules/websites/tools/tools/default.nix10
37 files changed, 367 insertions, 290 deletions
diff --git a/libs.nix b/libs.nix
index eb00311..c7d357b 100644
--- a/libs.nix
+++ b/libs.nix
@@ -77,4 +77,4 @@ rec {
77 } 77 }
78 ''; 78 '';
79 79
80} 80} // (if builtins.pathExists ./lib/private then import ./lib/private else {})
diff --git a/modules/default.nix b/modules/default.nix
index 6c49160..acb0bb5 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -8,4 +8,6 @@
8 mastodon = ./webapps/mastodon.nix; 8 mastodon = ./webapps/mastodon.nix;
9 mediagoblin = ./webapps/mediagoblin.nix; 9 mediagoblin = ./webapps/mediagoblin.nix;
10 peertube = ./webapps/peertube.nix; 10 peertube = ./webapps/peertube.nix;
11
12 websites = ./websites;
11} // (if builtins.pathExists ./private then import ./private else {}) 13} // (if builtins.pathExists ./private then import ./private else {})
diff --git a/modules/private/default.nix b/modules/private/default.nix
index ba46374..6c71af3 100644
--- a/modules/private/default.nix
+++ b/modules/private/default.nix
@@ -1,6 +1,6 @@
1{ 1{
2 # adatped from nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix 2 # adatped from nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix
3 httpdProd = import ./httpd-service-builder.nix { httpdName = "Prod"; withUsers = false; };
4 httpdInte = import ./httpd-service-builder.nix { httpdName = "Inte"; withUsers = false; }; 3 httpdInte = import ./httpd-service-builder.nix { httpdName = "Inte"; withUsers = false; };
4 httpdProd = import ./httpd-service-builder.nix { httpdName = "Prod"; withUsers = false; };
5 httpdTools = import ./httpd-service-builder.nix { httpdName = "Tools"; withUsers = true; }; 5 httpdTools = import ./httpd-service-builder.nix { httpdName = "Tools"; withUsers = true; };
6} 6}
diff --git a/modules/private/httpd-service-builder.nix b/modules/private/httpd-service-builder.nix
index 0f0fe22..d049202 100644
--- a/modules/private/httpd-service-builder.nix
+++ b/modules/private/httpd-service-builder.nix
@@ -7,7 +7,7 @@ with lib;
7 7
8let 8let
9 9
10 mainCfg = config.services."httpd${httpdName}"; 10 mainCfg = config.services.httpd."${httpdName}";
11 11
12 httpd = mainCfg.package.out; 12 httpd = mainCfg.package.out;
13 13
@@ -438,7 +438,7 @@ in
438 438
439 options = { 439 options = {
440 440
441 services."httpd${httpdName}" = { 441 services.httpd."${httpdName}" = {
442 442
443 enable = mkOption { 443 enable = mkOption {
444 type = types.bool; 444 type = types.bool;
@@ -655,7 +655,7 @@ in
655 655
656 ###### implementation 656 ###### implementation
657 657
658 config = mkIf config.services."httpd${httpdName}".enable { 658 config = mkIf config.services.httpd."${httpdName}".enable {
659 659
660 assertions = [ { assertion = mainCfg.enableSSL == true 660 assertions = [ { assertion = mainCfg.enableSSL == true
661 -> mainCfg.sslServerCert != null 661 -> mainCfg.sslServerCert != null
@@ -679,7 +679,7 @@ in
679 679
680 environment.systemPackages = [httpd] ++ concatMap (svc: svc.extraPath) allSubservices; 680 environment.systemPackages = [httpd] ++ concatMap (svc: svc.extraPath) allSubservices;
681 681
682 services."httpd${httpdName}".phpOptions = 682 services.httpd."${httpdName}".phpOptions =
683 '' 683 ''
684 ; Needed for PHP's mail() function. 684 ; Needed for PHP's mail() function.
685 sendmail_path = sendmail -t -i 685 sendmail_path = sendmail -t -i
diff --git a/modules/websites/default.nix b/modules/websites/default.nix
new file mode 100644
index 0000000..6a18c8a
--- /dev/null
+++ b/modules/websites/default.nix
@@ -0,0 +1,148 @@
1{ lib, config, ... }: with lib;
2let
3 cfg = config.services.websites;
4in
5{
6 options.services.websites = with types; mkOption {
7 default = {};
8 description = "Each type of website to enable will target a distinct httpd server";
9 type = attrsOf (submodule {
10 options = {
11 enable = mkEnableOption "Enable websites of this type";
12 adminAddr = mkOption {
13 type = str;
14 description = "Admin e-mail address of the instance";
15 };
16 httpdName = mkOption {
17 type = str;
18 description = "Name of the httpd instance to assign this type to";
19 };
20 ips = mkOption {
21 type = listOf string;
22 default = [];
23 description = "ips to listen to";
24 };
25 modules = mkOption {
26 type = listOf str;
27 default = [];
28 description = "Additional modules to load in Apache";
29 };
30 extraConfig = mkOption {
31 type = listOf lines;
32 default = [];
33 description = "Additional configuration to append to Apache";
34 };
35 nosslVhost = mkOption {
36 description = "A default nossl vhost for captive portals";
37 default = {};
38 type = submodule {
39 options = {
40 enable = mkEnableOption "Add default no-ssl vhost for this instance";
41 host = mkOption {
42 type = string;
43 description = "The hostname to use for this vhost";
44 };
45 root = mkOption {
46 type = path;
47 default = ./nosslVhost;
48 description = "The root folder to serve";
49 };
50 indexFile = mkOption {
51 type = string;
52 default = "index.html";
53 description = "The index file to show.";
54 };
55 };
56 };
57 };
58 fallbackVhost = mkOption {
59 description = "The fallback vhost that will be defined as first vhost in Apache";
60 type = submodule {
61 options = {
62 certName = mkOption { type = string; };
63 hosts = mkOption { type = listOf string; };
64 root = mkOption { type = nullOr path; };
65 extraConfig = mkOption { type = listOf lines; default = []; };
66 };
67 };
68 };
69 vhostConfs = mkOption {
70 default = {};
71 description = "List of vhosts to define for Apache";
72 type = attrsOf (submodule {
73 options = {
74 certName = mkOption { type = string; };
75 hosts = mkOption { type = listOf string; };
76 root = mkOption { type = nullOr path; };
77 extraConfig = mkOption { type = listOf lines; default = []; };
78 };
79 });
80 };
81 };
82 });
83 };
84
85 config.services.httpd = let
86 redirectVhost = ips: { # Should go last, catchall http -> https redirect
87 listen = map (ip: { inherit ip; port = 80; }) ips;
88 hostName = "redirectSSL";
89 serverAliases = [ "*" ];
90 enableSSL = false;
91 logFormat = "combinedVhost";
92 documentRoot = "/var/lib/acme/acme-challenge";
93 extraConfig = ''
94 RewriteEngine on
95 RewriteCond "%{REQUEST_URI}" "!^/\.well-known"
96 RewriteRule ^(.+) https://%{HTTP_HOST}$1 [R=301]
97 # To redirect in specific "VirtualHost *:80", do
98 # RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://host/$1
99 # rather than rewrite
100 '';
101 };
102 nosslVhost = ips: cfg: {
103 listen = map (ip: { inherit ip; port = 80; }) ips;
104 hostName = cfg.host;
105 enableSSL = false;
106 logFormat = "combinedVhost";
107 documentRoot = cfg.root;
108 extraConfig = ''
109 <Directory ${cfg.root}>
110 DirectoryIndex ${cfg.indexFile}
111 AllowOverride None
112 Require all granted
113
114 RewriteEngine on
115 RewriteRule ^/(.+) / [L]
116 </Directory>
117 '';
118 };
119 toVhost = ips: vhostConf: {
120 enableSSL = true;
121 sslServerCert = "/var/lib/acme/${vhostConf.certName}/cert.pem";
122 sslServerKey = "/var/lib/acme/${vhostConf.certName}/key.pem";
123 sslServerChain = "/var/lib/acme/${vhostConf.certName}/chain.pem";
124 logFormat = "combinedVhost";
125 listen = map (ip: { inherit ip; port = 443; }) ips;
126 hostName = builtins.head vhostConf.hosts;
127 serverAliases = builtins.tail vhostConf.hosts or [];
128 documentRoot = vhostConf.root;
129 extraConfig = builtins.concatStringsSep "\n" vhostConf.extraConfig;
130 };
131 in attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
132 icfg.httpdName (mkIf icfg.enable {
133 enable = true;
134 listen = map (ip: { inherit ip; port = 443; }) icfg.ips;
135 stateDir = "/run/httpd_${name}";
136 logPerVirtualHost = true;
137 multiProcessingModule = "worker";
138 inherit (icfg) adminAddr;
139 logFormat = "combinedVhost";
140 extraModules = lists.unique icfg.modules;
141 extraConfig = builtins.concatStringsSep "\n" icfg.extraConfig;
142 virtualHosts = [ (toVhost icfg.ips icfg.fallbackVhost) ]
143 ++ optionals (icfg.nosslVhost.enable) [ (nosslVhost icfg.ips icfg.nosslVhost) ]
144 ++ (attrsets.mapAttrsToList (n: v: toVhost icfg.ips v) icfg.vhostConfs)
145 ++ [ (redirectVhost icfg.ips) ];
146 })
147 ) cfg;
148}
diff --git a/modules/websites/nosslVhost/index.html b/modules/websites/nosslVhost/index.html
new file mode 100644
index 0000000..4401a80
--- /dev/null
+++ b/modules/websites/nosslVhost/index.html
@@ -0,0 +1,11 @@
1<!DOCTYPE html>
2<html>
3 <head>
4 <title>No SSL site</title>
5 </head>
6 <body>
7 <h1>No SSL on this site</h1>
8 <p>Use for wifi networks with login page that doesn't work well with
9 https.</p>
10 </body>
11</html>
diff --git a/nixops/eldiron.nix b/nixops/eldiron.nix
index 7d97377..35ce181 100644
--- a/nixops/eldiron.nix
+++ b/nixops/eldiron.nix
@@ -48,9 +48,6 @@
48 ] ++ (builtins.attrValues (import ../modules)); 48 ] ++ (builtins.attrValues (import ../modules));
49 services.myGitolite.enable = true; 49 services.myGitolite.enable = true;
50 services.myDatabases.enable = true; 50 services.myDatabases.enable = true;
51 services.myWebsites.production.enable = true;
52 services.myWebsites.integration.enable = true;
53 services.myWebsites.tools.enable = true;
54 services.pure-ftpd.enable = true; 51 services.pure-ftpd.enable = true;
55 services.irc.enable = true; 52 services.irc.enable = true;
56 services.pub.enable = true; 53 services.pub.enable = true;
diff --git a/nixops/modules/buildbot/default.nix b/nixops/modules/buildbot/default.nix
index c812af9..89a0dea 100644
--- a/nixops/modules/buildbot/default.nix
+++ b/nixops/modules/buildbot/default.nix
@@ -37,7 +37,7 @@ in
37 extraGroups = [ "keys" ]; 37 extraGroups = [ "keys" ];
38 }; 38 };
39 39
40 services.myWebsites.tools.vhostConfs.git.extraConfig = lib.attrsets.mapAttrsToList (k: project: '' 40 services.websites.tools.vhostConfs.git.extraConfig = lib.attrsets.mapAttrsToList (k: project: ''
41 RedirectMatch permanent "^/buildbot/${project.name}$" "/buildbot/${project.name}/" 41 RedirectMatch permanent "^/buildbot/${project.name}$" "/buildbot/${project.name}/"
42 RewriteEngine On 42 RewriteEngine On
43 RewriteRule ^/buildbot/${project.name}/ws(.*)$ unix:///run/buildbot/${project.name}.sock|ws://git.immae.eu/ws$1 [P,NE,QSA,L] 43 RewriteRule ^/buildbot/${project.name}/ws(.*)$ unix:///run/buildbot/${project.name}.sock|ws://git.immae.eu/ws$1 [P,NE,QSA,L]
diff --git a/nixops/modules/task/default.nix b/nixops/modules/task/default.nix
index 8370608..feb3be8 100644
--- a/nixops/modules/task/default.nix
+++ b/nixops/modules/task/default.nix
@@ -102,8 +102,8 @@ in {
102 ''; 102 '';
103 }]; 103 }];
104 security.acme.certs."eldiron".extraDomains.${fqdn} = null; 104 security.acme.certs."eldiron".extraDomains.${fqdn} = null;
105 services.myWebsites.tools.modules = [ "proxy_fcgi" "sed" ]; 105 services.websites.tools.modules = [ "proxy_fcgi" "sed" ];
106 services.myWebsites.tools.vhostConfs.task = { 106 services.websites.tools.vhostConfs.task = {
107 certName = "eldiron"; 107 certName = "eldiron";
108 hosts = [ "task.immae.eu" ]; 108 hosts = [ "task.immae.eu" ];
109 root = "/run/current-system/webapps/_task"; 109 root = "/run/current-system/webapps/_task";
diff --git a/nixops/modules/websites/aten/default.nix b/nixops/modules/websites/aten/default.nix
index 70bb34b..fd002a5 100644
--- a/nixops/modules/websites/aten/default.nix
+++ b/nixops/modules/websites/aten/default.nix
@@ -40,9 +40,8 @@ in {
40 mkdir -p $out/webapps 40 mkdir -p $out/webapps
41 ln -s ${aten_prod.app.webRoot} $out/webapps/${aten_prod.apache.webappName} 41 ln -s ${aten_prod.app.webRoot} $out/webapps/${aten_prod.apache.webappName}
42 ''; 42 '';
43 services.myWebsites.apacheConfig.aten_prod.modules = aten_prod.apache.modules; 43 services.websites.production.modules = aten_prod.apache.modules;
44 services.myWebsites.production.modules = aten_prod.apache.modules; 44 services.websites.production.vhostConfs.aten = {
45 services.myWebsites.production.vhostConfs.aten = {
46 certName = "aten"; 45 certName = "aten";
47 hosts = [ "aten.pro" "www.aten.pro" ]; 46 hosts = [ "aten.pro" "www.aten.pro" ];
48 root = aten_prod.apache.root; 47 root = aten_prod.apache.root;
@@ -60,8 +59,8 @@ in {
60 mkdir -p $out/webapps 59 mkdir -p $out/webapps
61 ln -s ${aten_dev.app.webRoot} $out/webapps/${aten_dev.apache.webappName} 60 ln -s ${aten_dev.app.webRoot} $out/webapps/${aten_dev.apache.webappName}
62 ''; 61 '';
63 services.myWebsites.integration.modules = aten_dev.apache.modules; 62 services.websites.integration.modules = aten_dev.apache.modules;
64 services.myWebsites.integration.vhostConfs.aten = { 63 services.websites.integration.vhostConfs.aten = {
65 certName = "eldiron"; 64 certName = "eldiron";
66 hosts = [ "dev.aten.pro" ]; 65 hosts = [ "dev.aten.pro" ];
67 root = aten_dev.apache.root; 66 root = aten_dev.apache.root;
diff --git a/nixops/modules/websites/capitaines/default.nix b/nixops/modules/websites/capitaines/default.nix
index 648cb1b..0d85266 100644
--- a/nixops/modules/websites/capitaines/default.nix
+++ b/nixops/modules/websites/capitaines/default.nix
@@ -22,7 +22,7 @@ in {
22 ln -s ${siteDir} $out/webapps/${webappName} 22 ln -s ${siteDir} $out/webapps/${webappName}
23 ''; 23 '';
24 24
25 services.myWebsites.production.vhostConfs.capitaines_mastodon = { 25 services.websites.production.vhostConfs.capitaines_mastodon = {
26 certName = "capitaines"; 26 certName = "capitaines";
27 hosts = [ "mastodon.capitaines.fr" ]; 27 hosts = [ "mastodon.capitaines.fr" ];
28 root = root; 28 root = root;
@@ -38,7 +38,7 @@ in {
38 ]; 38 ];
39 }; 39 };
40 40
41 services.myWebsites.production.vhostConfs.capitaines = { 41 services.websites.production.vhostConfs.capitaines = {
42 certName = "capitaines"; 42 certName = "capitaines";
43 hosts = [ "capitaines.fr" ]; 43 hosts = [ "capitaines.fr" ];
44 root = "/run/current-system/webapps/_www"; 44 root = "/run/current-system/webapps/_www";
diff --git a/nixops/modules/websites/chloe/default.nix b/nixops/modules/websites/chloe/default.nix
index ce67bed..ba72d92 100644
--- a/nixops/modules/websites/chloe/default.nix
+++ b/nixops/modules/websites/chloe/default.nix
@@ -42,8 +42,8 @@ in {
42 mkdir -p $out/webapps 42 mkdir -p $out/webapps
43 ln -s ${chloe_prod.app.webRoot} $out/webapps/${chloe_prod.apache.webappName} 43 ln -s ${chloe_prod.app.webRoot} $out/webapps/${chloe_prod.apache.webappName}
44 ''; 44 '';
45 services.myWebsites.production.modules = chloe_prod.apache.modules; 45 services.websites.production.modules = chloe_prod.apache.modules;
46 services.myWebsites.production.vhostConfs.chloe = { 46 services.websites.production.vhostConfs.chloe = {
47 certName = "chloe"; 47 certName = "chloe";
48 hosts = ["osteopathe-cc.fr" "www.osteopathe-cc.fr" ]; 48 hosts = ["osteopathe-cc.fr" "www.osteopathe-cc.fr" ];
49 root = chloe_prod.apache.root; 49 root = chloe_prod.apache.root;
@@ -63,8 +63,8 @@ in {
63 mkdir -p $out/webapps 63 mkdir -p $out/webapps
64 ln -s ${chloe_dev.app.webRoot} $out/webapps/${chloe_dev.apache.webappName} 64 ln -s ${chloe_dev.app.webRoot} $out/webapps/${chloe_dev.apache.webappName}
65 ''; 65 '';
66 services.myWebsites.integration.modules = chloe_dev.apache.modules; 66 services.websites.integration.modules = chloe_dev.apache.modules;
67 services.myWebsites.integration.vhostConfs.chloe = { 67 services.websites.integration.vhostConfs.chloe = {
68 certName = "eldiron"; 68 certName = "eldiron";
69 hosts = ["chloe.immae.eu" ]; 69 hosts = ["chloe.immae.eu" ];
70 root = chloe_dev.apache.root; 70 root = chloe_dev.apache.root;
diff --git a/nixops/modules/websites/connexionswing/default.nix b/nixops/modules/websites/connexionswing/default.nix
index b19af7e..3643e19 100644
--- a/nixops/modules/websites/connexionswing/default.nix
+++ b/nixops/modules/websites/connexionswing/default.nix
@@ -43,8 +43,8 @@ in {
43 mkdir -p $out/webapps 43 mkdir -p $out/webapps
44 ln -s ${connexionswing_prod.app.webRoot} $out/webapps/${connexionswing_prod.apache.webappName} 44 ln -s ${connexionswing_prod.app.webRoot} $out/webapps/${connexionswing_prod.apache.webappName}
45 ''; 45 '';
46 services.myWebsites.production.modules = connexionswing_prod.apache.modules; 46 services.websites.production.modules = connexionswing_prod.apache.modules;
47 services.myWebsites.production.vhostConfs.connexionswing = { 47 services.websites.production.vhostConfs.connexionswing = {
48 certName = "connexionswing"; 48 certName = "connexionswing";
49 hosts = ["connexionswing.com" "sandetludo.com" "www.connexionswing.com" "www.sandetludo.com" ]; 49 hosts = ["connexionswing.com" "sandetludo.com" "www.connexionswing.com" "www.sandetludo.com" ];
50 root = connexionswing_prod.apache.root; 50 root = connexionswing_prod.apache.root;
@@ -64,8 +64,8 @@ in {
64 mkdir -p $out/webapps 64 mkdir -p $out/webapps
65 ln -s ${connexionswing_dev.app.webRoot} $out/webapps/${connexionswing_dev.apache.webappName} 65 ln -s ${connexionswing_dev.app.webRoot} $out/webapps/${connexionswing_dev.apache.webappName}
66 ''; 66 '';
67 services.myWebsites.integration.modules = connexionswing_dev.apache.modules; 67 services.websites.integration.modules = connexionswing_dev.apache.modules;
68 services.myWebsites.integration.vhostConfs.connexionswing = { 68 services.websites.integration.vhostConfs.connexionswing = {
69 certName = "eldiron"; 69 certName = "eldiron";
70 hosts = ["connexionswing.immae.eu" "sandetludo.immae.eu" ]; 70 hosts = ["connexionswing.immae.eu" "sandetludo.immae.eu" ];
71 root = connexionswing_dev.apache.root; 71 root = connexionswing_dev.apache.root;
diff --git a/nixops/modules/websites/default.nix b/nixops/modules/websites/default.nix
index 627d01a..5b839af 100644
--- a/nixops/modules/websites/default.nix
+++ b/nixops/modules/websites/default.nix
@@ -3,104 +3,66 @@ let
3 cfg = config.services.myWebsites; 3 cfg = config.services.myWebsites;
4 www_root = "/run/current-system/webapps/_www"; 4 www_root = "/run/current-system/webapps/_www";
5 theme_root = "/run/current-system/webapps/_theme"; 5 theme_root = "/run/current-system/webapps/_theme";
6 makeService = name: cfg: let 6 apacheConfig = {
7 toVhost = vhostConf: { 7 gzip = {
8 enableSSL = true; 8 modules = [ "deflate" "filter" ];
9 sslServerCert = "/var/lib/acme/${vhostConf.certName}/cert.pem";
10 sslServerKey = "/var/lib/acme/${vhostConf.certName}/key.pem";
11 sslServerChain = "/var/lib/acme/${vhostConf.certName}/chain.pem";
12 logFormat = "combinedVhost";
13 listen = map (ip: { inherit ip; port = 443; }) cfg.ips;
14 hostName = builtins.head vhostConf.hosts;
15 serverAliases = builtins.tail vhostConf.hosts or [];
16 documentRoot = vhostConf.root;
17 extraConfig = builtins.concatStringsSep "\n" vhostConf.extraConfig;
18 };
19 nosslVhost = {
20 listen = map (ip: { inherit ip; port = 80; }) cfg.ips;
21 hostName = "nossl.immae.eu";
22 enableSSL = false;
23 logFormat = "combinedVhost";
24 documentRoot = www_root;
25 extraConfig = '' 9 extraConfig = ''
26 <Directory ${www_root}> 10 AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
27 DirectoryIndex nossl.html 11 '';
28 AllowOverride None 12 };
29 Require all granted 13 macros = {
30 14 modules = [ "macro" ];
31 RewriteEngine on
32 RewriteRule ^/(.+) / [L]
33 </Directory>
34 '';
35 }; 15 };
36 redirectVhost = { # Should go last, catchall http -> https redirect 16 stats = {
37 listen = map (ip: { inherit ip; port = 80; }) cfg.ips;
38 hostName = "redirectSSL";
39 serverAliases = [ "*" ];
40 enableSSL = false;
41 logFormat = "combinedVhost";
42 documentRoot = "/var/lib/acme/acme-challenge";
43 extraConfig = '' 17 extraConfig = ''
44 RewriteEngine on 18 <Macro Stats %{domain}>
45 RewriteCond "%{REQUEST_URI}" "!^/\.well-known" 19 Alias /webstats ${config.services.webstats.dataDir}/%{domain}
46 RewriteRule ^(.+) https://%{HTTP_HOST}$1 [R=301] 20 <Directory ${config.services.webstats.dataDir}/%{domain}>
47 # To redirect in specific "VirtualHost *:80", do 21 DirectoryIndex index.html
48 # RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://host/$1 22 AllowOverride None
49 # rather than rewrite 23 Require all granted
24 </Directory>
25 <Location /webstats>
26 Use LDAPConnect
27 Require ldap-group cn=%{domain},ou=stats,cn=httpd,ou=services,dc=immae,dc=eu
28 </Location>
29 </Macro>
50 ''; 30 '';
51 }; 31 };
52 fallbackVhost = toVhost { # Should go first, default choice 32 ldap = {
53 certName = "eldiron"; 33 modules = [ "ldap" "authnz_ldap" ];
54 hosts = ["eldiron.immae.eu" ]; 34 extraConfig = ''
55 root = www_root; 35 <IfModule ldap_module>
56 extraConfig = [ "DirectoryIndex index.htm" ]; 36 LDAPSharedCacheSize 500000
37 LDAPCacheEntries 1024
38 LDAPCacheTTL 600
39 LDAPOpCacheEntries 1024
40 LDAPOpCacheTTL 600
41 </IfModule>
42
43 Include /var/secrets/apache-ldap
44 '';
57 }; 45 };
58 in rec { 46 global = {
59 enable = true; 47 extraConfig = (pkgs.webapps.apache-default.override { inherit www_root;}).apacheConfig;
60 listen = map (ip: { inherit ip; port = 443; }) cfg.ips;
61 stateDir = "/run/httpd_${name}";
62 logPerVirtualHost = true;
63 multiProcessingModule = "worker";
64 adminAddr = "httpd@immae.eu";
65 logFormat = "combinedVhost";
66 extraModules = pkgs.lib.lists.unique (pkgs.lib.lists.flatten cfg.modules);
67 extraConfig = builtins.concatStringsSep "\n" cfg.extraConfig;
68 virtualHosts = [ fallbackVhost ]
69 ++ lib.optionals (name == "tools") [ nosslVhost ]
70 ++ (pkgs.lib.attrsets.mapAttrsToList (n: v: toVhost v) cfg.vhostConfs)
71 ++ [ redirectVhost ];
72 };
73 makeServiceOptions = name: {
74 enable = lib.mkEnableOption "enable websites in ${name}";
75 ips = lib.mkOption {
76 type = lib.types.listOf lib.types.string;
77 default = let
78 ips = myconfig.env.servers.eldiron.ips.${name};
79 in
80 [ips.ip4] ++ (ips.ip6 or []);
81 description = "${name} ips to listen to";
82 }; 48 };
83 modules = lib.mkOption { 49 apaxy = {
84 type = lib.types.listOf (lib.types.str); 50 extraConfig = (pkgs.webapps.apache-theme.override { inherit theme_root; }).apacheConfig;
85 default = [];
86 }; 51 };
87 extraConfig = lib.mkOption { 52 http2 = {
88 type = lib.types.listOf (lib.types.lines); 53 modules = [ "http2" ];
89 default = []; 54 extraConfig = ''
55 Protocols h2 http/1.1
56 '';
90 }; 57 };
91 vhostConfs = lib.mkOption { 58 customLog = {
92 type = lib.types.attrsOf (lib.types.submodule { 59 extraConfig = ''
93 options = { 60 LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedVhost
94 certName = lib.mkOption { type = lib.types.string; }; 61 '';
95 hosts = lib.mkOption { type = lib.types.listOf lib.types.string; };
96 root = lib.mkOption { type = lib.types.nullOr lib.types.path; };
97 extraConfig = lib.mkOption { type = lib.types.listOf lib.types.lines; default = []; };
98 };
99 });
100 }; 62 };
101 }; 63 };
102 makeModules = cfg: pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig); 64 makeModules = lib.lists.flatten (lib.attrsets.mapAttrsToList (n: v: v.modules or []) apacheConfig);
103 makeExtraConfig = cfg: (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig)); 65 makeExtraConfig = (builtins.filter (x: x != null) (lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) apacheConfig));
104in 66in
105{ 67{
106 imports = [ 68 imports = [
@@ -135,30 +97,6 @@ in
135 ./phpfpm 97 ./phpfpm
136 ]; 98 ];
137 99
138 options.services.myWebsites = {
139 production = makeServiceOptions "production";
140 integration = makeServiceOptions "integration";
141 tools = makeServiceOptions "main";
142
143 apacheConfig = lib.mkOption {
144 type = lib.types.attrsOf (lib.types.submodule {
145 options = {
146 modules = lib.mkOption {
147 type = lib.types.listOf (lib.types.str);
148 default = [];
149 };
150 extraConfig = lib.mkOption {
151 type = lib.types.nullOr lib.types.lines;
152 default = null;
153 };
154 };
155 });
156 default = {};
157 description = "Extra global config";
158 };
159
160 };
161
162 config = { 100 config = {
163 users.users.wwwrun.extraGroups = [ "keys" ]; 101 users.users.wwwrun.extraGroups = [ "keys" ];
164 networking.firewall.allowedTCPPorts = [ 80 443 ]; 102 networking.firewall.allowedTCPPorts = [ 80 443 ];
@@ -195,28 +133,28 @@ in
195 services.myWebsites.tools.etherpad-lite.enable = true; 133 services.myWebsites.tools.etherpad-lite.enable = true;
196 services.myWebsites.tools.peertube.enable = true; 134 services.myWebsites.tools.peertube.enable = true;
197 135
198 services.myWebsites.Chloe.production.enable = cfg.production.enable; 136 services.myWebsites.Chloe.production.enable = true;
199 services.myWebsites.Ludivine.production.enable = cfg.production.enable; 137 services.myWebsites.Ludivine.production.enable = true;
200 services.myWebsites.Aten.production.enable = cfg.production.enable; 138 services.myWebsites.Aten.production.enable = true;
201 services.myWebsites.PiedsJaloux.production.enable = cfg.production.enable; 139 services.myWebsites.PiedsJaloux.production.enable = true;
202 services.myWebsites.Connexionswing.production.enable = cfg.production.enable; 140 services.myWebsites.Connexionswing.production.enable = true;
203 services.myWebsites.Jerome.production.enable = cfg.production.enable; 141 services.myWebsites.Jerome.production.enable = true;
204 services.myWebsites.Nassime.production.enable = cfg.production.enable; 142 services.myWebsites.Nassime.production.enable = true;
205 services.myWebsites.Florian.production.enable = cfg.production.enable; 143 services.myWebsites.Florian.production.enable = true;
206 services.myWebsites.Leila.production.enable = cfg.production.enable; 144 services.myWebsites.Leila.production.enable = true;
207 services.myWebsites.Papa.production.enable = cfg.production.enable; 145 services.myWebsites.Papa.production.enable = true;
208 services.myWebsites.DeniseJerome.production.enable = cfg.production.enable; 146 services.myWebsites.DeniseJerome.production.enable = true;
209 services.myWebsites.Emilia.production.enable = cfg.production.enable; 147 services.myWebsites.Emilia.production.enable = true;
210 services.myWebsites.Capitaines.production.enable = cfg.production.enable; 148 services.myWebsites.Capitaines.production.enable = true;
211 services.myWebsites.Immae.production.enable = cfg.production.enable; 149 services.myWebsites.Immae.production.enable = true;
212 services.myWebsites.Release.production.enable = cfg.production.enable; 150 services.myWebsites.Release.production.enable = true;
213 services.myWebsites.Temp.production.enable = cfg.production.enable; 151 services.myWebsites.Temp.production.enable = true;
214 152
215 services.myWebsites.Chloe.integration.enable = cfg.integration.enable; 153 services.myWebsites.Chloe.integration.enable = true;
216 services.myWebsites.Ludivine.integration.enable = cfg.integration.enable; 154 services.myWebsites.Ludivine.integration.enable = true;
217 services.myWebsites.Aten.integration.enable = cfg.integration.enable; 155 services.myWebsites.Aten.integration.enable = true;
218 services.myWebsites.PiedsJaloux.integration.enable = cfg.integration.enable; 156 services.myWebsites.PiedsJaloux.integration.enable = true;
219 services.myWebsites.Connexionswing.integration.enable = cfg.integration.enable; 157 services.myWebsites.Connexionswing.integration.enable = true;
220 services.myWebsites.TellesFlorian.integration.enable = true; 158 services.myWebsites.TellesFlorian.integration.enable = true;
221 services.myWebsites.Florian.integration.enable = true; 159 services.myWebsites.Florian.integration.enable = true;
222 160
@@ -239,65 +177,6 @@ in
239 ''; 177 '';
240 }]; 178 }];
241 179
242 services.myWebsites.apacheConfig = {
243 gzip = {
244 modules = [ "deflate" "filter" ];
245 extraConfig = ''
246 AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
247 '';
248 };
249 macros = {
250 modules = [ "macro" ];
251 };
252 stats = {
253 extraConfig = ''
254 <Macro Stats %{domain}>
255 Alias /webstats ${config.services.webstats.dataDir}/%{domain}
256 <Directory ${config.services.webstats.dataDir}/%{domain}>
257 DirectoryIndex index.html
258 AllowOverride None
259 Require all granted
260 </Directory>
261 <Location /webstats>
262 Use LDAPConnect
263 Require ldap-group cn=%{domain},ou=stats,cn=httpd,ou=services,dc=immae,dc=eu
264 </Location>
265 </Macro>
266 '';
267 };
268 ldap = {
269 modules = [ "ldap" "authnz_ldap" ];
270 extraConfig = ''
271 <IfModule ldap_module>
272 LDAPSharedCacheSize 500000
273 LDAPCacheEntries 1024
274 LDAPCacheTTL 600
275 LDAPOpCacheEntries 1024
276 LDAPOpCacheTTL 600
277 </IfModule>
278
279 Include /var/secrets/apache-ldap
280 '';
281 };
282 global = {
283 extraConfig = (pkgs.webapps.apache-default.override { inherit www_root;}).apacheConfig;
284 };
285 apaxy = {
286 extraConfig = (pkgs.webapps.apache-theme.override { inherit theme_root; }).apacheConfig;
287 };
288 http2 = {
289 modules = [ "http2" ];
290 extraConfig = ''
291 Protocols h2 http/1.1
292 '';
293 };
294 customLog = {
295 extraConfig = ''
296 LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedVhost
297 '';
298 };
299 };
300
301 system.activationScripts = { 180 system.activationScripts = {
302 httpd = '' 181 httpd = ''
303 install -d -m 0755 /var/lib/acme/acme-challenge 182 install -d -m 0755 /var/lib/acme/acme-challenge
@@ -334,26 +213,68 @@ in
334 ''; 213 '';
335 }; 214 };
336 215
337 services.httpdProd = makeService "production" config.services.myWebsites.production; 216 services.websites.production = {
338 services.myWebsites.production.modules = makeModules cfg; 217 enable = true;
339 services.myWebsites.production.extraConfig = makeExtraConfig cfg; 218 adminAddr = "httpd@immae.eu";
219 httpdName = "Prod";
220 ips =
221 let ips = myconfig.env.servers.eldiron.ips.production;
222 in [ips.ip4] ++ (ips.ip6 or []);
223 modules = makeModules;
224 extraConfig = makeExtraConfig;
225 fallbackVhost = {
226 certName = "eldiron";
227 hosts = ["eldiron.immae.eu" ];
228 root = www_root;
229 extraConfig = [ "DirectoryIndex index.htm" ];
230 };
231 };
340 232
341 services.httpdInte = makeService "integration" config.services.myWebsites.integration; 233 services.websites.integration = {
342 services.myWebsites.integration.modules = makeModules cfg; 234 enable = true;
343 services.myWebsites.integration.extraConfig = makeExtraConfig cfg; 235 adminAddr = "httpd@immae.eu";
236 httpdName = "Inte";
237 ips =
238 let ips = myconfig.env.servers.eldiron.ips.integration;
239 in [ips.ip4] ++ (ips.ip6 or []);
240 modules = makeModules;
241 extraConfig = makeExtraConfig;
242 fallbackVhost = {
243 certName = "eldiron";
244 hosts = ["eldiron.immae.eu" ];
245 root = www_root;
246 extraConfig = [ "DirectoryIndex index.htm" ];
247 };
248 };
344 249
345 services.httpdTools = makeService "tools" config.services.myWebsites.tools; 250 services.websites.tools = {
346 services.myWebsites.tools.modules = makeModules cfg; 251 enable = true;
347 services.myWebsites.tools.extraConfig = makeExtraConfig cfg ++ 252 adminAddr = "httpd@immae.eu";
348 [ '' 253 httpdName = "Tools";
349 RedirectMatch ^/licen[cs]es?_et_tip(ping)?$ https://www.immae.eu/licences_et_tip.html 254 ips =
350 RedirectMatch ^/licen[cs]es?_and_tip(ping)?$ https://www.immae.eu/licenses_and_tipping.html 255 let ips = myconfig.env.servers.eldiron.ips.main;
351 RedirectMatch ^/licen[cs]es?$ https://www.immae.eu/licenses_and_tipping.html 256 in [ips.ip4] ++ (ips.ip6 or []);
352 RedirectMatch ^/tip(ping)?$ https://www.immae.eu/licenses_and_tipping.html 257 modules = makeModules;
353 RedirectMatch ^/(mentions|mentions_legales|legal)$ https://www.immae.eu/mentions.html 258 extraConfig = makeExtraConfig ++
354 RedirectMatch ^/CGU$ https://www.immae.eu/CGU 259 [ ''
355 '' 260 RedirectMatch ^/licen[cs]es?_et_tip(ping)?$ https://www.immae.eu/licences_et_tip.html
356 ] 261 RedirectMatch ^/licen[cs]es?_and_tip(ping)?$ https://www.immae.eu/licenses_and_tipping.html
357 ; 262 RedirectMatch ^/licen[cs]es?$ https://www.immae.eu/licenses_and_tipping.html
263 RedirectMatch ^/tip(ping)?$ https://www.immae.eu/licenses_and_tipping.html
264 RedirectMatch ^/(mentions|mentions_legales|legal)$ https://www.immae.eu/mentions.html
265 RedirectMatch ^/CGU$ https://www.immae.eu/CGU
266 ''
267 ];
268 nosslVhost = {
269 enable = true;
270 host = "nossl.immae.eu";
271 };
272 fallbackVhost = {
273 certName = "eldiron";
274 hosts = ["eldiron.immae.eu" ];
275 root = www_root;
276 extraConfig = [ "DirectoryIndex index.htm" ];
277 };
278 };
358 }; 279 };
359} 280}
diff --git a/nixops/modules/websites/emilia/default.nix b/nixops/modules/websites/emilia/default.nix
index 97173b9..4e32bec 100644
--- a/nixops/modules/websites/emilia/default.nix
+++ b/nixops/modules/websites/emilia/default.nix
@@ -61,7 +61,7 @@ in {
61 mkdir -p $out/webapps 61 mkdir -p $out/webapps
62 ln -s ${siteDir} $out/webapps/${webappName} 62 ln -s ${siteDir} $out/webapps/${webappName}
63 ''; 63 '';
64 services.myWebsites.production.vhostConfs.emilia = { 64 services.websites.production.vhostConfs.emilia = {
65 certName = "emilia"; 65 certName = "emilia";
66 hosts = [ "saison-photo.org" "www.saison-photo.org" ]; 66 hosts = [ "saison-photo.org" "www.saison-photo.org" ];
67 root = root; 67 root = root;
diff --git a/nixops/modules/websites/ftp/denisejerome.nix b/nixops/modules/websites/ftp/denisejerome.nix
index 85aae27..fa31430 100644
--- a/nixops/modules/websites/ftp/denisejerome.nix
+++ b/nixops/modules/websites/ftp/denisejerome.nix
@@ -17,7 +17,7 @@ in {
17 domain = "denisejerome.piedsjaloux.fr"; 17 domain = "denisejerome.piedsjaloux.fr";
18 }; 18 };
19 19
20 services.myWebsites.production.vhostConfs.denisejerome = { 20 services.websites.production.vhostConfs.denisejerome = {
21 certName = "denisejerome"; 21 certName = "denisejerome";
22 hosts = ["denisejerome.piedsjaloux.fr" ]; 22 hosts = ["denisejerome.piedsjaloux.fr" ];
23 root = varDir; 23 root = varDir;
diff --git a/nixops/modules/websites/ftp/florian.nix b/nixops/modules/websites/ftp/florian.nix
index 2c8edbb..8097507 100644
--- a/nixops/modules/websites/ftp/florian.nix
+++ b/nixops/modules/websites/ftp/florian.nix
@@ -24,8 +24,8 @@ in {
24 }; 24 };
25 }; 25 };
26 26
27 services.myWebsites.production.modules = adminer.apache.modules; 27 services.websites.production.modules = adminer.apache.modules;
28 services.myWebsites.production.vhostConfs.florian = { 28 services.websites.production.vhostConfs.florian = {
29 certName = "florian"; 29 certName = "florian";
30 hosts = [ "tellesflorian.com" "www.tellesflorian.com" ]; 30 hosts = [ "tellesflorian.com" "www.tellesflorian.com" ];
31 root = "${varDir}/tellesflorian.com"; 31 root = "${varDir}/tellesflorian.com";
@@ -49,8 +49,8 @@ in {
49 security.acme.certs."ftp".extraDomains."florian.immae.eu" = null; 49 security.acme.certs."ftp".extraDomains."florian.immae.eu" = null;
50 security.acme.certs."eldiron".extraDomains."florian.immae.eu" = null; 50 security.acme.certs."eldiron".extraDomains."florian.immae.eu" = null;
51 51
52 services.myWebsites.integration.modules = adminer.apache.modules; 52 services.websites.integration.modules = adminer.apache.modules;
53 services.myWebsites.integration.vhostConfs.florian = { 53 services.websites.integration.vhostConfs.florian = {
54 certName = "eldiron"; 54 certName = "eldiron";
55 hosts = [ "florian.immae.eu" ]; 55 hosts = [ "florian.immae.eu" ];
56 root = "${varDir}/florian.immae.eu"; 56 root = "${varDir}/florian.immae.eu";
diff --git a/nixops/modules/websites/ftp/immae.nix b/nixops/modules/websites/ftp/immae.nix
index 64f8f31..e188d95 100644
--- a/nixops/modules/websites/ftp/immae.nix
+++ b/nixops/modules/websites/ftp/immae.nix
@@ -28,8 +28,8 @@ in {
28 28
29 php_admin_value[open_basedir] = "${varDir}:/tmp" 29 php_admin_value[open_basedir] = "${varDir}:/tmp"
30 ''; 30 '';
31 services.myWebsites.production.modules = [ "proxy_fcgi" ]; 31 services.websites.production.modules = [ "proxy_fcgi" ];
32 services.myWebsites.production.vhostConfs.immae = { 32 services.websites.production.vhostConfs.immae = {
33 certName = "eldiron"; 33 certName = "eldiron";
34 hosts = [ "www.immae.eu" ]; 34 hosts = [ "www.immae.eu" ];
35 root = varDir; 35 root = varDir;
@@ -58,7 +58,7 @@ in {
58 58
59 security.acme.certs."eldiron".extraDomains."bouya.org" = null; 59 security.acme.certs."eldiron".extraDomains."bouya.org" = null;
60 security.acme.certs."eldiron".extraDomains."www.bouya.org" = null; 60 security.acme.certs."eldiron".extraDomains."www.bouya.org" = null;
61 services.myWebsites.production.vhostConfs.bouya = { 61 services.websites.production.vhostConfs.bouya = {
62 certName = "eldiron"; 62 certName = "eldiron";
63 hosts = [ "bouya.org" "www.bouya.org" ]; 63 hosts = [ "bouya.org" "www.bouya.org" ];
64 root = null; 64 root = null;
diff --git a/nixops/modules/websites/ftp/jerome.nix b/nixops/modules/websites/ftp/jerome.nix
index 5b86697..a340644 100644
--- a/nixops/modules/websites/ftp/jerome.nix
+++ b/nixops/modules/websites/ftp/jerome.nix
@@ -58,8 +58,8 @@ in {
58 services.myPhpfpm.poolPhpConfigs.jerome = '' 58 services.myPhpfpm.poolPhpConfigs.jerome = ''
59 extension=${pkgs.php}/lib/php/extensions/mysqli.so 59 extension=${pkgs.php}/lib/php/extensions/mysqli.so
60 ''; 60 '';
61 services.myWebsites.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ]; 61 services.websites.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ];
62 services.myWebsites.production.vhostConfs.naturaloutil = { 62 services.websites.production.vhostConfs.naturaloutil = {
63 certName = "naturaloutil"; 63 certName = "naturaloutil";
64 hosts = ["naturaloutil.immae.eu" ]; 64 hosts = ["naturaloutil.immae.eu" ];
65 root = varDir; 65 root = varDir;
diff --git a/nixops/modules/websites/ftp/leila.nix b/nixops/modules/websites/ftp/leila.nix
index c5c27b1..5185372 100644
--- a/nixops/modules/websites/ftp/leila.nix
+++ b/nixops/modules/websites/ftp/leila.nix
@@ -38,8 +38,8 @@ in {
38 { name = "chorale.leila.bouya.org"; } 38 { name = "chorale.leila.bouya.org"; }
39 ]; 39 ];
40 40
41 services.myWebsites.production.modules = [ "proxy_fcgi" ]; 41 services.websites.production.modules = [ "proxy_fcgi" ];
42 services.myWebsites.production.vhostConfs.leila_chorale = { 42 services.websites.production.vhostConfs.leila_chorale = {
43 certName = "leila"; 43 certName = "leila";
44 hosts = [ "chorale.leila.bouya.org" "chorale-vocanta.fr.nf" "www.chorale-vocanta.fr.nf" ]; 44 hosts = [ "chorale.leila.bouya.org" "chorale-vocanta.fr.nf" "www.chorale-vocanta.fr.nf" ];
45 root = "${varDir}/Chorale"; 45 root = "${varDir}/Chorale";
@@ -61,7 +61,7 @@ in {
61 '' 61 ''
62 ]; 62 ];
63 }; 63 };
64 services.myWebsites.production.vhostConfs.leila = { 64 services.websites.production.vhostConfs.leila = {
65 certName = "leila"; 65 certName = "leila";
66 hosts = [ "leila.bouya.org" ]; 66 hosts = [ "leila.bouya.org" ];
67 root = varDir; 67 root = varDir;
diff --git a/nixops/modules/websites/ftp/nassime.nix b/nixops/modules/websites/ftp/nassime.nix
index 0e54786..9ed8a80 100644
--- a/nixops/modules/websites/ftp/nassime.nix
+++ b/nixops/modules/websites/ftp/nassime.nix
@@ -18,7 +18,7 @@ in {
18 domain = "nassime.bouya.org"; 18 domain = "nassime.bouya.org";
19 }; 19 };
20 20
21 services.myWebsites.production.vhostConfs.nassime = { 21 services.websites.production.vhostConfs.nassime = {
22 certName = "nassime"; 22 certName = "nassime";
23 hosts = ["nassime.bouya.org" ]; 23 hosts = ["nassime.bouya.org" ];
24 root = varDir; 24 root = varDir;
diff --git a/nixops/modules/websites/ftp/papa.nix b/nixops/modules/websites/ftp/papa.nix
index aedae63..cdbc1b0 100644
--- a/nixops/modules/websites/ftp/papa.nix
+++ b/nixops/modules/websites/ftp/papa.nix
@@ -34,7 +34,7 @@ in {
34 ]; 34 ];
35 }; 35 };
36 36
37 services.myWebsites.production.vhostConfs.papa = { 37 services.websites.production.vhostConfs.papa = {
38 certName = "papa"; 38 certName = "papa";
39 hosts = [ "surveillance.maison.bbc.bouya.org" ]; 39 hosts = [ "surveillance.maison.bbc.bouya.org" ];
40 root = varDir; 40 root = varDir;
diff --git a/nixops/modules/websites/ftp/release.nix b/nixops/modules/websites/ftp/release.nix
index 4d996e3..2ddd8bc 100644
--- a/nixops/modules/websites/ftp/release.nix
+++ b/nixops/modules/websites/ftp/release.nix
@@ -15,7 +15,7 @@ in {
15 15
16 security.acme.certs."eldiron".extraDomains."release.immae.eu" = null; 16 security.acme.certs."eldiron".extraDomains."release.immae.eu" = null;
17 17
18 services.myWebsites.production.vhostConfs.release = { 18 services.websites.production.vhostConfs.release = {
19 certName = "eldiron"; 19 certName = "eldiron";
20 hosts = [ "release.immae.eu" ]; 20 hosts = [ "release.immae.eu" ];
21 root = varDir; 21 root = varDir;
diff --git a/nixops/modules/websites/ftp/temp.nix b/nixops/modules/websites/ftp/temp.nix
index 087b499..bdd80c0 100644
--- a/nixops/modules/websites/ftp/temp.nix
+++ b/nixops/modules/websites/ftp/temp.nix
@@ -13,8 +13,8 @@ in {
13 config = lib.mkIf cfg.production.enable { 13 config = lib.mkIf cfg.production.enable {
14 security.acme.certs."eldiron".extraDomains."temp.immae.eu" = null; 14 security.acme.certs."eldiron".extraDomains."temp.immae.eu" = null;
15 15
16 services.myWebsites.production.modules = [ "headers" ]; 16 services.websites.production.modules = [ "headers" ];
17 services.myWebsites.production.vhostConfs.temp = { 17 services.websites.production.vhostConfs.temp = {
18 certName = "eldiron"; 18 certName = "eldiron";
19 hosts = [ "temp.immae.eu" ]; 19 hosts = [ "temp.immae.eu" ];
20 root = varDir; 20 root = varDir;
diff --git a/nixops/modules/websites/ludivine/default.nix b/nixops/modules/websites/ludivine/default.nix
index df75eff..dfeff0a 100644
--- a/nixops/modules/websites/ludivine/default.nix
+++ b/nixops/modules/websites/ludivine/default.nix
@@ -40,8 +40,8 @@ in {
40 mkdir -p $out/webapps 40 mkdir -p $out/webapps
41 ln -s ${ludivinecassal_prod.app.webRoot} $out/webapps/${ludivinecassal_prod.apache.webappName} 41 ln -s ${ludivinecassal_prod.app.webRoot} $out/webapps/${ludivinecassal_prod.apache.webappName}
42 ''; 42 '';
43 services.myWebsites.production.modules = ludivinecassal_prod.apache.modules; 43 services.websites.production.modules = ludivinecassal_prod.apache.modules;
44 services.myWebsites.production.vhostConfs.ludivine = { 44 services.websites.production.vhostConfs.ludivine = {
45 certName = "ludivinecassal"; 45 certName = "ludivinecassal";
46 hosts = ["ludivinecassal.com" "www.ludivinecassal.com" ]; 46 hosts = ["ludivinecassal.com" "www.ludivinecassal.com" ];
47 root = ludivinecassal_prod.apache.root; 47 root = ludivinecassal_prod.apache.root;
@@ -60,9 +60,8 @@ in {
60 mkdir -p $out/webapps 60 mkdir -p $out/webapps
61 ln -s ${ludivinecassal_dev.app.webRoot} $out/webapps/${ludivinecassal_dev.apache.webappName} 61 ln -s ${ludivinecassal_dev.app.webRoot} $out/webapps/${ludivinecassal_dev.apache.webappName}
62 ''; 62 '';
63 services.myWebsites.apacheConfig.ludivinecassal_dev.modules = ludivinecassal_dev.apache.modules; 63 services.websites.integration.modules = ludivinecassal_dev.apache.modules;
64 services.myWebsites.integration.modules = ludivinecassal_dev.apache.modules; 64 services.websites.integration.vhostConfs.ludivine = {
65 services.myWebsites.integration.vhostConfs.ludivine = {
66 certName = "eldiron"; 65 certName = "eldiron";
67 hosts = [ "ludivine.immae.eu" ]; 66 hosts = [ "ludivine.immae.eu" ];
68 root = ludivinecassal_dev.apache.root; 67 root = ludivinecassal_dev.apache.root;
diff --git a/nixops/modules/websites/piedsjaloux/default.nix b/nixops/modules/websites/piedsjaloux/default.nix
index 10c1f6c..6ffb19c 100644
--- a/nixops/modules/websites/piedsjaloux/default.nix
+++ b/nixops/modules/websites/piedsjaloux/default.nix
@@ -40,8 +40,8 @@ in {
40 mkdir -p $out/webapps 40 mkdir -p $out/webapps
41 ln -s ${piedsjaloux_prod.app.webRoot} $out/webapps/${piedsjaloux_prod.apache.webappName} 41 ln -s ${piedsjaloux_prod.app.webRoot} $out/webapps/${piedsjaloux_prod.apache.webappName}
42 ''; 42 '';
43 services.myWebsites.production.modules = piedsjaloux_prod.apache.modules; 43 services.websites.production.modules = piedsjaloux_prod.apache.modules;
44 services.myWebsites.production.vhostConfs.piedsjaloux = { 44 services.websites.production.vhostConfs.piedsjaloux = {
45 certName = "piedsjaloux"; 45 certName = "piedsjaloux";
46 hosts = [ "piedsjaloux.fr" "www.piedsjaloux.fr" ]; 46 hosts = [ "piedsjaloux.fr" "www.piedsjaloux.fr" ];
47 root = piedsjaloux_prod.apache.root; 47 root = piedsjaloux_prod.apache.root;
@@ -59,8 +59,8 @@ in {
59 mkdir -p $out/webapps 59 mkdir -p $out/webapps
60 ln -s ${piedsjaloux_dev.app.webRoot} $out/webapps/${piedsjaloux_dev.apache.webappName} 60 ln -s ${piedsjaloux_dev.app.webRoot} $out/webapps/${piedsjaloux_dev.apache.webappName}
61 ''; 61 '';
62 services.myWebsites.integration.modules = piedsjaloux_dev.apache.modules; 62 services.websites.integration.modules = piedsjaloux_dev.apache.modules;
63 services.myWebsites.integration.vhostConfs.piedsjaloux = { 63 services.websites.integration.vhostConfs.piedsjaloux = {
64 certName = "eldiron"; 64 certName = "eldiron";
65 hosts = [ "piedsjaloux.immae.eu" ]; 65 hosts = [ "piedsjaloux.immae.eu" ];
66 root = piedsjaloux_dev.apache.root; 66 root = piedsjaloux_dev.apache.root;
diff --git a/nixops/modules/websites/tellesflorian/default.nix b/nixops/modules/websites/tellesflorian/default.nix
index 93ee023..eb02174 100644
--- a/nixops/modules/websites/tellesflorian/default.nix
+++ b/nixops/modules/websites/tellesflorian/default.nix
@@ -26,8 +26,8 @@ in {
26 mkdir -p $out/webapps 26 mkdir -p $out/webapps
27 ln -s ${tellesflorian_dev.app.webRoot} $out/webapps/${tellesflorian_dev.apache.webappName} 27 ln -s ${tellesflorian_dev.app.webRoot} $out/webapps/${tellesflorian_dev.apache.webappName}
28 ''; 28 '';
29 services.myWebsites.integration.modules = adminer.apache.modules ++ tellesflorian_dev.apache.modules; 29 services.websites.integration.modules = adminer.apache.modules ++ tellesflorian_dev.apache.modules;
30 services.myWebsites.integration.vhostConfs.tellesflorian = { 30 services.websites.integration.vhostConfs.tellesflorian = {
31 certName = "eldiron"; 31 certName = "eldiron";
32 hosts = ["app.tellesflorian.com" ]; 32 hosts = ["app.tellesflorian.com" ];
33 root = tellesflorian_dev.apache.root; 33 root = tellesflorian_dev.apache.root;
diff --git a/nixops/modules/websites/tools/cloud.nix b/nixops/modules/websites/tools/cloud.nix
index 40faec7..69b5fb0 100644
--- a/nixops/modules/websites/tools/cloud.nix
+++ b/nixops/modules/websites/tools/cloud.nix
@@ -51,9 +51,9 @@ in {
51 config = lib.mkIf cfg.enable { 51 config = lib.mkIf cfg.enable {
52 security.acme.certs."eldiron".extraDomains."cloud.immae.eu" = null; 52 security.acme.certs."eldiron".extraDomains."cloud.immae.eu" = null;
53 53
54 services.myWebsites.tools.modules = [ "proxy_fcgi" ]; 54 services.websites.tools.modules = [ "proxy_fcgi" ];
55 55
56 services.myWebsites.tools.vhostConfs.cloud = { 56 services.websites.tools.vhostConfs.cloud = {
57 certName = "eldiron"; 57 certName = "eldiron";
58 hosts = ["cloud.immae.eu" ]; 58 hosts = ["cloud.immae.eu" ];
59 root = apacheRoot; 59 root = apacheRoot;
diff --git a/nixops/modules/websites/tools/dav/default.nix b/nixops/modules/websites/tools/dav/default.nix
index 5b5a076..ea2105b 100644
--- a/nixops/modules/websites/tools/dav/default.nix
+++ b/nixops/modules/websites/tools/dav/default.nix
@@ -30,9 +30,9 @@ in {
30 security.acme.certs."eldiron".extraDomains."dav.immae.eu" = null; 30 security.acme.certs."eldiron".extraDomains."dav.immae.eu" = null;
31 31
32 secrets.keys = davical.keys; 32 secrets.keys = davical.keys;
33 services.myWebsites.tools.modules = davical.apache.modules; 33 services.websites.tools.modules = davical.apache.modules;
34 34
35 services.myWebsites.tools.vhostConfs.dav = { 35 services.websites.tools.vhostConfs.dav = {
36 certName = "eldiron"; 36 certName = "eldiron";
37 hosts = ["dav.immae.eu" ]; 37 hosts = ["dav.immae.eu" ];
38 root = null; 38 root = null;
diff --git a/nixops/modules/websites/tools/db.nix b/nixops/modules/websites/tools/db.nix
index f7ca585..70650fa 100644
--- a/nixops/modules/websites/tools/db.nix
+++ b/nixops/modules/websites/tools/db.nix
@@ -11,8 +11,8 @@ in {
11 config = lib.mkIf cfg.enable { 11 config = lib.mkIf cfg.enable {
12 security.acme.certs."eldiron".extraDomains."db-1.immae.eu" = null; 12 security.acme.certs."eldiron".extraDomains."db-1.immae.eu" = null;
13 13
14 services.myWebsites.tools.modules = adminer.apache.modules; 14 services.websites.tools.modules = adminer.apache.modules;
15 services.myWebsites.tools.vhostConfs.db-1 = { 15 services.websites.tools.vhostConfs.db-1 = {
16 certName = "eldiron"; 16 certName = "eldiron";
17 hosts = ["db-1.immae.eu" ]; 17 hosts = ["db-1.immae.eu" ];
18 root = null; 18 root = null;
diff --git a/nixops/modules/websites/tools/diaspora.nix b/nixops/modules/websites/tools/diaspora.nix
index f6097a0..221e01c 100644
--- a/nixops/modules/websites/tools/diaspora.nix
+++ b/nixops/modules/websites/tools/diaspora.nix
@@ -145,7 +145,7 @@ in {
145 configDir = "/var/secrets/webapps/diaspora"; 145 configDir = "/var/secrets/webapps/diaspora";
146 }; 146 };
147 147
148 services.myWebsites.tools.modules = [ 148 services.websites.tools.modules = [
149 "headers" "proxy" "proxy_http" 149 "headers" "proxy" "proxy_http"
150 ]; 150 ];
151 security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null; 151 security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null;
@@ -153,7 +153,7 @@ in {
153 mkdir -p $out/webapps 153 mkdir -p $out/webapps
154 ln -s ${dcfg.workdir}/public/ $out/webapps/tools_diaspora 154 ln -s ${dcfg.workdir}/public/ $out/webapps/tools_diaspora
155 ''; 155 '';
156 services.myWebsites.tools.vhostConfs.diaspora = { 156 services.websites.tools.vhostConfs.diaspora = {
157 certName = "eldiron"; 157 certName = "eldiron";
158 hosts = [ "diaspora.immae.eu" ]; 158 hosts = [ "diaspora.immae.eu" ];
159 root = root; 159 root = root;
diff --git a/nixops/modules/websites/tools/ether.nix b/nixops/modules/websites/tools/ether.nix
index 0ce5788..6222b22 100644
--- a/nixops/modules/websites/tools/ether.nix
+++ b/nixops/modules/websites/tools/ether.nix
@@ -133,11 +133,11 @@ in {
133 133
134 systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys"; 134 systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys";
135 135
136 services.myWebsites.tools.modules = [ 136 services.websites.tools.modules = [
137 "headers" "proxy" "proxy_http" "proxy_wstunnel" 137 "headers" "proxy" "proxy_http" "proxy_wstunnel"
138 ]; 138 ];
139 security.acme.certs."eldiron".extraDomains."ether.immae.eu" = null; 139 security.acme.certs."eldiron".extraDomains."ether.immae.eu" = null;
140 services.myWebsites.tools.vhostConfs.etherpad-lite = { 140 services.websites.tools.vhostConfs.etherpad-lite = {
141 certName = "eldiron"; 141 certName = "eldiron";
142 hosts = [ "ether.immae.eu" ]; 142 hosts = [ "ether.immae.eu" ];
143 root = null; 143 root = null;
diff --git a/nixops/modules/websites/tools/git/default.nix b/nixops/modules/websites/tools/git/default.nix
index bfcfc62..ea0d971 100644
--- a/nixops/modules/websites/tools/git/default.nix
+++ b/nixops/modules/websites/tools/git/default.nix
@@ -16,7 +16,7 @@ in {
16 security.acme.certs."eldiron".extraDomains."git.immae.eu" = null; 16 security.acme.certs."eldiron".extraDomains."git.immae.eu" = null;
17 17
18 secrets.keys = mantisbt.keys; 18 secrets.keys = mantisbt.keys;
19 services.myWebsites.tools.modules = 19 services.websites.tools.modules =
20 gitweb.apache.modules ++ 20 gitweb.apache.modules ++
21 mantisbt.apache.modules; 21 mantisbt.apache.modules;
22 system.extraSystemBuilderCmds = '' 22 system.extraSystemBuilderCmds = ''
@@ -25,7 +25,7 @@ in {
25 ln -s ${mantisbt.webRoot} $out/webapps/${mantisbt.apache.webappName} 25 ln -s ${mantisbt.webRoot} $out/webapps/${mantisbt.apache.webappName}
26 ''; 26 '';
27 27
28 services.myWebsites.tools.vhostConfs.git = { 28 services.websites.tools.vhostConfs.git = {
29 certName = "eldiron"; 29 certName = "eldiron";
30 hosts = ["git.immae.eu" ]; 30 hosts = ["git.immae.eu" ];
31 root = gitweb.apache.root; 31 root = gitweb.apache.root;
diff --git a/nixops/modules/websites/tools/mastodon.nix b/nixops/modules/websites/tools/mastodon.nix
index e0f589a..38b2107 100644
--- a/nixops/modules/websites/tools/mastodon.nix
+++ b/nixops/modules/websites/tools/mastodon.nix
@@ -64,7 +64,7 @@ in {
64 dataDir = "/var/lib/mastodon_immae"; 64 dataDir = "/var/lib/mastodon_immae";
65 }; 65 };
66 66
67 services.myWebsites.tools.modules = [ 67 services.websites.tools.modules = [
68 "headers" "proxy" "proxy_wstunnel" "proxy_http" 68 "headers" "proxy" "proxy_wstunnel" "proxy_http"
69 ]; 69 ];
70 security.acme.certs."eldiron".extraDomains."mastodon.immae.eu" = null; 70 security.acme.certs."eldiron".extraDomains."mastodon.immae.eu" = null;
@@ -72,7 +72,7 @@ in {
72 mkdir -p $out/webapps 72 mkdir -p $out/webapps
73 ln -s ${mcfg.workdir}/public/ $out/webapps/tools_mastodon 73 ln -s ${mcfg.workdir}/public/ $out/webapps/tools_mastodon
74 ''; 74 '';
75 services.myWebsites.tools.vhostConfs.mastodon = { 75 services.websites.tools.vhostConfs.mastodon = {
76 certName = "eldiron"; 76 certName = "eldiron";
77 hosts = ["mastodon.immae.eu" ]; 77 hosts = ["mastodon.immae.eu" ];
78 root = root; 78 root = root;
diff --git a/nixops/modules/websites/tools/mediagoblin.nix b/nixops/modules/websites/tools/mediagoblin.nix
index 6b26681..8a6f03f 100644
--- a/nixops/modules/websites/tools/mediagoblin.nix
+++ b/nixops/modules/websites/tools/mediagoblin.nix
@@ -79,12 +79,12 @@ in {
79 configFile = "/var/secrets/webapps/tools-mediagoblin"; 79 configFile = "/var/secrets/webapps/tools-mediagoblin";
80 }; 80 };
81 81
82 services.myWebsites.tools.modules = [ 82 services.websites.tools.modules = [
83 "proxy" "proxy_http" 83 "proxy" "proxy_http"
84 ]; 84 ];
85 users.users.wwwrun.extraGroups = [ "mediagoblin" ]; 85 users.users.wwwrun.extraGroups = [ "mediagoblin" ];
86 security.acme.certs."eldiron".extraDomains."mgoblin.immae.eu" = null; 86 security.acme.certs."eldiron".extraDomains."mgoblin.immae.eu" = null;
87 services.myWebsites.tools.vhostConfs.mgoblin = { 87 services.websites.tools.vhostConfs.mgoblin = {
88 certName = "eldiron"; 88 certName = "eldiron";
89 hosts = ["mgoblin.immae.eu" ]; 89 hosts = ["mgoblin.immae.eu" ];
90 root = null; 90 root = null;
diff --git a/nixops/modules/websites/tools/peertube.nix b/nixops/modules/websites/tools/peertube.nix
index 0184a30..6cc6d38 100644
--- a/nixops/modules/websites/tools/peertube.nix
+++ b/nixops/modules/websites/tools/peertube.nix
@@ -150,11 +150,11 @@ in {
150 ''; 150 '';
151 }]; 151 }];
152 152
153 services.myWebsites.tools.modules = [ 153 services.websites.tools.modules = [
154 "headers" "proxy" "proxy_http" "proxy_wstunnel" 154 "headers" "proxy" "proxy_http" "proxy_wstunnel"
155 ]; 155 ];
156 security.acme.certs."eldiron".extraDomains."peertube.immae.eu" = null; 156 security.acme.certs."eldiron".extraDomains."peertube.immae.eu" = null;
157 services.myWebsites.tools.vhostConfs.peertube = { 157 services.websites.tools.vhostConfs.peertube = {
158 certName = "eldiron"; 158 certName = "eldiron";
159 hosts = [ "peertube.immae.eu" ]; 159 hosts = [ "peertube.immae.eu" ];
160 root = null; 160 root = null;
diff --git a/nixops/modules/websites/tools/tools/default.nix b/nixops/modules/websites/tools/tools/default.nix
index 10feefe..5e84f45 100644
--- a/nixops/modules/websites/tools/tools/default.nix
+++ b/nixops/modules/websites/tools/tools/default.nix
@@ -58,10 +58,10 @@ in {
58 ++ wallabag.keys 58 ++ wallabag.keys
59 ++ yourls.keys; 59 ++ yourls.keys;
60 60
61 services.myWebsites.integration.modules = 61 services.websites.integration.modules =
62 rainloop.apache.modules; 62 rainloop.apache.modules;
63 63
64 services.myWebsites.tools.modules = 64 services.websites.tools.modules =
65 [ "proxy_fcgi" ] 65 [ "proxy_fcgi" ]
66 ++ adminer.apache.modules 66 ++ adminer.apache.modules
67 ++ ympd.apache.modules 67 ++ ympd.apache.modules
@@ -84,7 +84,7 @@ in {
84 ''; 84 '';
85 }; 85 };
86 86
87 services.myWebsites.integration.vhostConfs.devtools = { 87 services.websites.integration.vhostConfs.devtools = {
88 certName = "eldiron"; 88 certName = "eldiron";
89 hosts = ["devtools.immae.eu" ]; 89 hosts = ["devtools.immae.eu" ];
90 root = "/var/lib/ftp/devtools.immae.eu"; 90 root = "/var/lib/ftp/devtools.immae.eu";
@@ -103,7 +103,7 @@ in {
103 ]; 103 ];
104 }; 104 };
105 105
106 services.myWebsites.tools.vhostConfs.tools = { 106 services.websites.tools.vhostConfs.tools = {
107 certName = "eldiron"; 107 certName = "eldiron";
108 hosts = ["tools.immae.eu" ]; 108 hosts = ["tools.immae.eu" ];
109 root = "/var/lib/ftp/tools.immae.eu"; 109 root = "/var/lib/ftp/tools.immae.eu";
@@ -133,7 +133,7 @@ in {
133 }; 133 };
134 134
135 security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null; 135 security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null;
136 services.myWebsites.tools.vhostConfs.outils = { 136 services.websites.tools.vhostConfs.outils = {
137 certName = "eldiron"; 137 certName = "eldiron";
138 hosts = [ "outils.immae.eu" ]; 138 hosts = [ "outils.immae.eu" ];
139 root = null; 139 root = null;