aboutsummaryrefslogtreecommitdiff
path: root/modules/private/websites/tools/tools
diff options
context:
space:
mode:
Diffstat (limited to 'modules/private/websites/tools/tools')
-rw-r--r--modules/private/websites/tools/tools/default.nix23
-rw-r--r--modules/private/websites/tools/tools/dmarc_reports.nix6
-rw-r--r--modules/private/websites/tools/tools/kanboard.nix6
-rw-r--r--modules/private/websites/tools/tools/ldap.nix6
-rw-r--r--modules/private/websites/tools/tools/shaarli.nix4
-rw-r--r--modules/private/websites/tools/tools/ttrss.nix6
-rw-r--r--modules/private/websites/tools/tools/wallabag.nix8
-rw-r--r--modules/private/websites/tools/tools/webhooks.nix8
-rw-r--r--modules/private/websites/tools/tools/yourls.nix6
9 files changed, 43 insertions, 30 deletions
diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix
index ac92ef4..ada6253 100644
--- a/modules/private/websites/tools/tools/default.nix
+++ b/modules/private/websites/tools/tools/default.nix
@@ -12,8 +12,10 @@ let
12 inherit (pkgs.webapps) ttrss ttrss-plugins; 12 inherit (pkgs.webapps) ttrss ttrss-plugins;
13 env = config.myEnv.tools.ttrss; 13 env = config.myEnv.tools.ttrss;
14 php = pkgs.php72; 14 php = pkgs.php72;
15 inherit config;
15 }; 16 };
16 kanboard = pkgs.callPackage ./kanboard.nix { 17 kanboard = pkgs.callPackage ./kanboard.nix {
18 inherit config;
17 env = config.myEnv.tools.kanboard; 19 env = config.myEnv.tools.kanboard;
18 }; 20 };
19 wallabag = pkgs.callPackage ./wallabag.nix { 21 wallabag = pkgs.callPackage ./wallabag.nix {
@@ -23,10 +25,12 @@ let
23 }; 25 };
24 }; 26 };
25 env = config.myEnv.tools.wallabag; 27 env = config.myEnv.tools.wallabag;
28 inherit config;
26 }; 29 };
27 yourls = pkgs.callPackage ./yourls.nix { 30 yourls = pkgs.callPackage ./yourls.nix {
28 inherit (pkgs.webapps) yourls yourls-plugins; 31 inherit (pkgs.webapps) yourls yourls-plugins;
29 env = config.myEnv.tools.yourls; 32 env = config.myEnv.tools.yourls;
33 inherit config;
30 }; 34 };
31 rompr = pkgs.callPackage ./rompr.nix { 35 rompr = pkgs.callPackage ./rompr.nix {
32 inherit (pkgs.webapps) rompr; 36 inherit (pkgs.webapps) rompr;
@@ -34,6 +38,7 @@ let
34 }; 38 };
35 shaarli = pkgs.callPackage ./shaarli.nix { 39 shaarli = pkgs.callPackage ./shaarli.nix {
36 env = config.myEnv.tools.shaarli; 40 env = config.myEnv.tools.shaarli;
41 inherit config;
37 }; 42 };
38 dokuwiki = pkgs.callPackage ./dokuwiki.nix { 43 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
39 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins; 44 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
@@ -41,6 +46,7 @@ let
41 ldap = pkgs.callPackage ./ldap.nix { 46 ldap = pkgs.callPackage ./ldap.nix {
42 inherit (pkgs.webapps) phpldapadmin; 47 inherit (pkgs.webapps) phpldapadmin;
43 env = config.myEnv.tools.phpldapadmin; 48 env = config.myEnv.tools.phpldapadmin;
49 inherit config;
44 }; 50 };
45 grocy = pkgs.callPackage ./grocy.nix { 51 grocy = pkgs.callPackage ./grocy.nix {
46 grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; }; 52 grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
@@ -56,6 +62,7 @@ let
56 }; 62 };
57 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix { 63 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
58 env = config.myEnv.tools.dmarc_reports; 64 env = config.myEnv.tools.dmarc_reports;
65 inherit config;
59 }; 66 };
60 csp-reports = pkgs.callPackage ./csp_reports.nix { 67 csp-reports = pkgs.callPackage ./csp_reports.nix {
61 env = config.myEnv.tools.csp_reports; 68 env = config.myEnv.tools.csp_reports;
@@ -188,8 +195,8 @@ in {
188 Require all granted 195 Require all granted
189 </Directory> 196 </Directory>
190 197
191 Alias /webhooks ${config.secrets.location}/webapps/webhooks 198 Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
192 <Directory "${config.secrets.location}/webapps/webhooks"> 199 <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
193 Options -Indexes 200 Options -Indexes
194 Require all granted 201 Require all granted
195 AllowOverride None 202 AllowOverride None
@@ -271,7 +278,7 @@ in {
271 description = "Standalone MPD Web GUI written in C"; 278 description = "Standalone MPD Web GUI written in C";
272 wantedBy = [ "multi-user.target" ]; 279 wantedBy = [ "multi-user.target" ];
273 script = '' 280 script = ''
274 export MPD_PASSWORD=$(cat /var/secrets/mpd) 281 export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
275 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody 282 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
276 ''; 283 '';
277 }; 284 };
@@ -293,7 +300,7 @@ in {
293 300
294 services.filesWatcher.ympd = { 301 services.filesWatcher.ympd = {
295 restart = true; 302 restart = true;
296 paths = [ "/var/secrets/mpd" ]; 303 paths = [ config.secrets.fullPaths."mpd" ];
297 }; 304 };
298 305
299 services.phpfpm.pools = { 306 services.phpfpm.pools = {
@@ -313,9 +320,9 @@ in {
313 "php_value[session.name]" = "ToolsPHPSESSID"; 320 "php_value[session.name]" = "ToolsPHPSESSID";
314 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [ 321 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
315 "/run/wrappers/bin/sendmail" landing "/tmp" 322 "/run/wrappers/bin/sendmail" landing "/tmp"
316 "${config.secrets.location}/webapps/webhooks" 323 config.secrets.fullPaths."webapps/webhooks"
317 ]; 324 ];
318 "include" = "${config.secrets.location}/webapps/tools-csp-reports.conf"; 325 "include" = config.secrets.fullPaths."webapps/tools-csp-reports.conf";
319 }; 326 };
320 phpEnv = { 327 phpEnv = {
321 CONTACT_EMAIL = config.myEnv.tools.contact; 328 CONTACT_EMAIL = config.myEnv.tools.contact;
@@ -438,11 +445,11 @@ in {
438 }; 445 };
439 446
440 services.websites.env.tools.watchPaths = [ 447 services.websites.env.tools.watchPaths = [
441 "/var/secrets/webapps/tools-shaarli" 448 config.secrets.fullPaths."webapps/tools-shaarli"
442 ]; 449 ];
443 services.filesWatcher.phpfpm-wallabag = { 450 services.filesWatcher.phpfpm-wallabag = {
444 restart = true; 451 restart = true;
445 paths = [ "/var/secrets/webapps/tools-wallabag" ]; 452 paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
446 }; 453 };
447 454
448 }; 455 };
diff --git a/modules/private/websites/tools/tools/dmarc_reports.nix b/modules/private/websites/tools/tools/dmarc_reports.nix
index e264e80..5fdf0b6 100644
--- a/modules/private/websites/tools/tools/dmarc_reports.nix
+++ b/modules/private/websites/tools/tools/dmarc_reports.nix
@@ -1,4 +1,4 @@
1{ env }: 1{ env, config }:
2rec { 2rec {
3 keys = [{ 3 keys = [{
4 dest = "webapps/tools-dmarc-reports.php"; 4 dest = "webapps/tools-dmarc-reports.php";
@@ -43,7 +43,7 @@ rec {
43 }; 43 };
44 phpFpm = rec { 44 phpFpm = rec {
45 basedir = builtins.concatStringsSep ":" 45 basedir = builtins.concatStringsSep ":"
46 [ webRoot "/var/secrets/webapps/tools-dmarc-reports.php" ]; 46 [ webRoot config.secrets.fullPaths."webapps/tools-dmarc-reports.php" ];
47 pool = { 47 pool = {
48 "listen.owner" = apache.user; 48 "listen.owner" = apache.user;
49 "listen.group" = apache.group; 49 "listen.group" = apache.group;
@@ -55,7 +55,7 @@ rec {
55 "php_admin_value[open_basedir]" = "${basedir}:/tmp"; 55 "php_admin_value[open_basedir]" = "${basedir}:/tmp";
56 }; 56 };
57 phpEnv = { 57 phpEnv = {
58 SECRETS_FILE = "/var/secrets/webapps/tools-dmarc-reports.php"; 58 SECRETS_FILE = config.secrets.fullPaths."webapps/tools-dmarc-reports.php";
59 }; 59 };
60 }; 60 };
61} 61}
diff --git a/modules/private/websites/tools/tools/kanboard.nix b/modules/private/websites/tools/tools/kanboard.nix
index 0f6fefc..1a70499 100644
--- a/modules/private/websites/tools/tools/kanboard.nix
+++ b/modules/private/websites/tools/tools/kanboard.nix
@@ -1,4 +1,4 @@
1{ env, kanboard }: 1{ env, kanboard, config }:
2rec { 2rec {
3 backups = { 3 backups = {
4 rootDir = varDir; 4 rootDir = varDir;
@@ -42,7 +42,7 @@ rec {
42 ?> 42 ?>
43 ''; 43 '';
44 }]; 44 }];
45 webRoot = kanboard { kanboard_config = "/var/secrets/webapps/tools-kanboard"; }; 45 webRoot = kanboard { kanboard_config = config.secrets.fullPaths."webapps/tools-kanboard"; };
46 apache = rec { 46 apache = rec {
47 user = "wwwrun"; 47 user = "wwwrun";
48 group = "wwwrun"; 48 group = "wwwrun";
@@ -68,7 +68,7 @@ rec {
68 }; 68 };
69 phpFpm = rec { 69 phpFpm = rec {
70 serviceDeps = [ "postgresql.service" "openldap.service" ]; 70 serviceDeps = [ "postgresql.service" "openldap.service" ];
71 basedir = builtins.concatStringsSep ":" [ webRoot varDir "/var/secrets/webapps/tools-kanboard" ]; 71 basedir = builtins.concatStringsSep ":" [ webRoot varDir config.secrets.fullPaths."webapps/tools-kanboard" ];
72 pool = { 72 pool = {
73 "listen.owner" = apache.user; 73 "listen.owner" = apache.user;
74 "listen.group" = apache.group; 74 "listen.group" = apache.group;
diff --git a/modules/private/websites/tools/tools/ldap.nix b/modules/private/websites/tools/tools/ldap.nix
index 0c1a21f..cb90edc 100644
--- a/modules/private/websites/tools/tools/ldap.nix
+++ b/modules/private/websites/tools/tools/ldap.nix
@@ -1,4 +1,4 @@
1{ lib, php, env, writeText, phpldapadmin }: 1{ lib, php, env, writeText, phpldapadmin, config }:
2rec { 2rec {
3 activationScript = { 3 activationScript = {
4 deps = [ "httpd" ]; 4 deps = [ "httpd" ];
@@ -32,7 +32,7 @@ rec {
32 $servers->setValue('login','fallback_dn',true); 32 $servers->setValue('login','fallback_dn',true);
33 ''; 33 '';
34 }]; 34 }];
35 webRoot = phpldapadmin.override { config = "/var/secrets/webapps/tools-ldap"; }; 35 webRoot = phpldapadmin.override { config = config.secrets.fullPaths."webapps/tools-ldap"; };
36 apache = rec { 36 apache = rec {
37 user = "wwwrun"; 37 user = "wwwrun";
38 group = "wwwrun"; 38 group = "wwwrun";
@@ -54,7 +54,7 @@ rec {
54 }; 54 };
55 phpFpm = rec { 55 phpFpm = rec {
56 serviceDeps = [ "openldap.service" ]; 56 serviceDeps = [ "openldap.service" ];
57 basedir = builtins.concatStringsSep ":" [ webRoot "/var/secrets/webapps/tools-ldap" ]; 57 basedir = builtins.concatStringsSep ":" [ webRoot config.secrets.fullPaths."webapps/tools-ldap" ];
58 pool = { 58 pool = {
59 "listen.owner" = apache.user; 59 "listen.owner" = apache.user;
60 "listen.group" = apache.group; 60 "listen.group" = apache.group;
diff --git a/modules/private/websites/tools/tools/shaarli.nix b/modules/private/websites/tools/tools/shaarli.nix
index d11f525..80c6a89 100644
--- a/modules/private/websites/tools/tools/shaarli.nix
+++ b/modules/private/websites/tools/tools/shaarli.nix
@@ -1,4 +1,4 @@
1{ lib, env, stdenv, fetchurl, shaarli }: 1{ lib, env, stdenv, fetchurl, shaarli, config }:
2let 2let
3 varDir = "/var/lib/shaarli"; 3 varDir = "/var/lib/shaarli";
4in rec { 4in rec {
@@ -21,7 +21,7 @@ in rec {
21 vhostConf = socket: '' 21 vhostConf = socket: ''
22 Alias /Shaarli "${root}" 22 Alias /Shaarli "${root}"
23 23
24 Include /var/secrets/webapps/tools-shaarli 24 Include ${config.secrets.fullPaths."webapps/tools-shaarli"}
25 <Location /Shaarli> 25 <Location /Shaarli>
26 Header set Access-Control-Allow-Origin "*" 26 Header set Access-Control-Allow-Origin "*"
27 Header set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" 27 Header set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
diff --git a/modules/private/websites/tools/tools/ttrss.nix b/modules/private/websites/tools/tools/ttrss.nix
index ce1ab8e..eb1d415 100644
--- a/modules/private/websites/tools/tools/ttrss.nix
+++ b/modules/private/websites/tools/tools/ttrss.nix
@@ -1,4 +1,4 @@
1{ php, env, ttrss, ttrss-plugins }: 1{ php, env, ttrss, ttrss-plugins, config }:
2rec { 2rec {
3 backups = { 3 backups = {
4 rootDir = varDir; 4 rootDir = varDir;
@@ -88,7 +88,7 @@ rec {
88 define('LDAP_AUTH_DEBUG', FALSE); 88 define('LDAP_AUTH_DEBUG', FALSE);
89 ''; 89 '';
90 }]; 90 }];
91 webRoot = (ttrss.override { ttrss_config = "/var/secrets/webapps/tools-ttrss"; }).withPlugins (p: [ 91 webRoot = (ttrss.override { ttrss_config = config.secrets.fullPaths."webapps/tools-ttrss"; }).withPlugins (p: [
92 p.auth_ldap p.ff_instagram p.tumblr_gdpr_ua 92 p.auth_ldap p.ff_instagram p.tumblr_gdpr_ua
93 (p.af_feedmod.override { patched = true; }) 93 (p.af_feedmod.override { patched = true; })
94 (p.feediron.override { patched = true; }) 94 (p.feediron.override { patched = true; })
@@ -116,7 +116,7 @@ rec {
116 phpFpm = rec { 116 phpFpm = rec {
117 serviceDeps = [ "postgresql.service" "openldap.service" ]; 117 serviceDeps = [ "postgresql.service" "openldap.service" ];
118 basedir = builtins.concatStringsSep ":" ( 118 basedir = builtins.concatStringsSep ":" (
119 [ webRoot "/var/secrets/webapps/tools-ttrss" varDir ] 119 [ webRoot config.secrets.fullPaths."webapps/tools-ttrss" varDir ]
120 ++ webRoot.plugins); 120 ++ webRoot.plugins);
121 pool = { 121 pool = {
122 "listen.owner" = apache.user; 122 "listen.owner" = apache.user;
diff --git a/modules/private/websites/tools/tools/wallabag.nix b/modules/private/websites/tools/tools/wallabag.nix
index 1cb0645..1a604c7 100644
--- a/modules/private/websites/tools/tools/wallabag.nix
+++ b/modules/private/websites/tools/tools/wallabag.nix
@@ -1,4 +1,4 @@
1{ env, wallabag, mylibs }: 1{ env, wallabag, mylibs, config }:
2rec { 2rec {
3 backups = { 3 backups = {
4 rootDir = varDir; 4 rootDir = varDir;
@@ -69,7 +69,7 @@ rec {
69 arguments: ['/run/wrappers/bin/sendmail -bs'] 69 arguments: ['/run/wrappers/bin/sendmail -bs']
70 ''; 70 '';
71 }]; 71 }];
72 webappDir = wallabag.override { ldap = true; wallabag_config = "/var/secrets/webapps/tools-wallabag"; }; 72 webappDir = wallabag.override { ldap = true; wallabag_config = config.secrets.fullPaths."webapps/tools-wallabag"; };
73 activationScript = '' 73 activationScript = ''
74 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ 74 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
75 ${varDir}/var ${varDir}/data/db ${varDir}/assets/images 75 ${varDir}/var ${varDir}/data/db ${varDir}/assets/images
@@ -125,11 +125,11 @@ rec {
125 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate --no-interaction 125 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate --no-interaction
126 popd > /dev/null 126 popd > /dev/null
127 echo -n "${webappDir}" > ${varDir}/currentWebappDir 127 echo -n "${webappDir}" > ${varDir}/currentWebappDir
128 sha512sum /var/secrets/webapps/tools-wallabag > ${varDir}/currentKey 128 sha512sum ${config.secrets.fullPaths."webapps/tools-wallabag"} > ${varDir}/currentKey
129 fi 129 fi
130 ''; 130 '';
131 serviceDeps = [ "postgresql.service" "openldap.service" ]; 131 serviceDeps = [ "postgresql.service" "openldap.service" ];
132 basedir = builtins.concatStringsSep ":" [ webappDir "/var/secrets/webapps/tools-wallabag" varDir ]; 132 basedir = builtins.concatStringsSep ":" [ webappDir config.secrets.fullPaths."webapps/tools-wallabag" varDir ];
133 pool = { 133 pool = {
134 "listen.owner" = apache.user; 134 "listen.owner" = apache.user;
135 "listen.group" = apache.group; 135 "listen.group" = apache.group;
diff --git a/modules/private/websites/tools/tools/webhooks.nix b/modules/private/websites/tools/tools/webhooks.nix
index 885b68b..8ffb81b 100644
--- a/modules/private/websites/tools/tools/webhooks.nix
+++ b/modules/private/websites/tools/tools/webhooks.nix
@@ -6,5 +6,11 @@
6 group = "wwwrun"; 6 group = "wwwrun";
7 permissions = "0400"; 7 permissions = "0400";
8 text = v; 8 text = v;
9 }) env; 9 }) env ++ [{
10 dest = "webapps/webhooks";
11 isDir = true;
12 user = "wwwrun";
13 group = "wwwrun";
14 permissions = "0500";
15 }];
10} 16}
diff --git a/modules/private/websites/tools/tools/yourls.nix b/modules/private/websites/tools/tools/yourls.nix
index 77ac0a3..0f977f2 100644
--- a/modules/private/websites/tools/tools/yourls.nix
+++ b/modules/private/websites/tools/tools/yourls.nix
@@ -1,4 +1,4 @@
1{ env, yourls, yourls-plugins }: 1{ env, yourls, yourls-plugins, config }:
2rec { 2rec {
3 activationScript = { 3 activationScript = {
4 deps = [ "httpd" ]; 4 deps = [ "httpd" ];
@@ -40,7 +40,7 @@ rec {
40 define( 'LDAPAUTH_USERCACHE_TYPE', 0); 40 define( 'LDAPAUTH_USERCACHE_TYPE', 0);
41 ''; 41 '';
42 }]; 42 }];
43 webRoot = (yourls.override { yourls_config = "/var/secrets/webapps/tools-yourls"; }).withPlugins (p: [p.ldap]); 43 webRoot = (yourls.override { yourls_config = config.secrets.fullPaths."webapps/tools-yourls"; }).withPlugins (p: [p.ldap]);
44 apache = rec { 44 apache = rec {
45 user = "wwwrun"; 45 user = "wwwrun";
46 group = "wwwrun"; 46 group = "wwwrun";
@@ -70,7 +70,7 @@ rec {
70 phpFpm = rec { 70 phpFpm = rec {
71 serviceDeps = [ "mysql.service" "openldap.service" ]; 71 serviceDeps = [ "mysql.service" "openldap.service" ];
72 basedir = builtins.concatStringsSep ":" ( 72 basedir = builtins.concatStringsSep ":" (
73 [ webRoot "/var/secrets/webapps/tools-yourls" ] 73 [ webRoot config.secrets.fullPaths."webapps/tools-yourls" ]
74 ++ webRoot.plugins); 74 ++ webRoot.plugins);
75 pool = { 75 pool = {
76 "listen.owner" = apache.user; 76 "listen.owner" = apache.user;
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-24 13:12:14 +0000