diff options
Diffstat (limited to 'modules/private/websites/tools/tools')
9 files changed, 43 insertions, 30 deletions
diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix index ac92ef4..ada6253 100644 --- a/modules/private/websites/tools/tools/default.nix +++ b/modules/private/websites/tools/tools/default.nix | |||
@@ -12,8 +12,10 @@ let | |||
12 | inherit (pkgs.webapps) ttrss ttrss-plugins; | 12 | inherit (pkgs.webapps) ttrss ttrss-plugins; |
13 | env = config.myEnv.tools.ttrss; | 13 | env = config.myEnv.tools.ttrss; |
14 | php = pkgs.php72; | 14 | php = pkgs.php72; |
15 | inherit config; | ||
15 | }; | 16 | }; |
16 | kanboard = pkgs.callPackage ./kanboard.nix { | 17 | kanboard = pkgs.callPackage ./kanboard.nix { |
18 | inherit config; | ||
17 | env = config.myEnv.tools.kanboard; | 19 | env = config.myEnv.tools.kanboard; |
18 | }; | 20 | }; |
19 | wallabag = pkgs.callPackage ./wallabag.nix { | 21 | wallabag = pkgs.callPackage ./wallabag.nix { |
@@ -23,10 +25,12 @@ let | |||
23 | }; | 25 | }; |
24 | }; | 26 | }; |
25 | env = config.myEnv.tools.wallabag; | 27 | env = config.myEnv.tools.wallabag; |
28 | inherit config; | ||
26 | }; | 29 | }; |
27 | yourls = pkgs.callPackage ./yourls.nix { | 30 | yourls = pkgs.callPackage ./yourls.nix { |
28 | inherit (pkgs.webapps) yourls yourls-plugins; | 31 | inherit (pkgs.webapps) yourls yourls-plugins; |
29 | env = config.myEnv.tools.yourls; | 32 | env = config.myEnv.tools.yourls; |
33 | inherit config; | ||
30 | }; | 34 | }; |
31 | rompr = pkgs.callPackage ./rompr.nix { | 35 | rompr = pkgs.callPackage ./rompr.nix { |
32 | inherit (pkgs.webapps) rompr; | 36 | inherit (pkgs.webapps) rompr; |
@@ -34,6 +38,7 @@ let | |||
34 | }; | 38 | }; |
35 | shaarli = pkgs.callPackage ./shaarli.nix { | 39 | shaarli = pkgs.callPackage ./shaarli.nix { |
36 | env = config.myEnv.tools.shaarli; | 40 | env = config.myEnv.tools.shaarli; |
41 | inherit config; | ||
37 | }; | 42 | }; |
38 | dokuwiki = pkgs.callPackage ./dokuwiki.nix { | 43 | dokuwiki = pkgs.callPackage ./dokuwiki.nix { |
39 | inherit (pkgs.webapps) dokuwiki dokuwiki-plugins; | 44 | inherit (pkgs.webapps) dokuwiki dokuwiki-plugins; |
@@ -41,6 +46,7 @@ let | |||
41 | ldap = pkgs.callPackage ./ldap.nix { | 46 | ldap = pkgs.callPackage ./ldap.nix { |
42 | inherit (pkgs.webapps) phpldapadmin; | 47 | inherit (pkgs.webapps) phpldapadmin; |
43 | env = config.myEnv.tools.phpldapadmin; | 48 | env = config.myEnv.tools.phpldapadmin; |
49 | inherit config; | ||
44 | }; | 50 | }; |
45 | grocy = pkgs.callPackage ./grocy.nix { | 51 | grocy = pkgs.callPackage ./grocy.nix { |
46 | grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; }; | 52 | grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; }; |
@@ -56,6 +62,7 @@ let | |||
56 | }; | 62 | }; |
57 | dmarc-reports = pkgs.callPackage ./dmarc_reports.nix { | 63 | dmarc-reports = pkgs.callPackage ./dmarc_reports.nix { |
58 | env = config.myEnv.tools.dmarc_reports; | 64 | env = config.myEnv.tools.dmarc_reports; |
65 | inherit config; | ||
59 | }; | 66 | }; |
60 | csp-reports = pkgs.callPackage ./csp_reports.nix { | 67 | csp-reports = pkgs.callPackage ./csp_reports.nix { |
61 | env = config.myEnv.tools.csp_reports; | 68 | env = config.myEnv.tools.csp_reports; |
@@ -188,8 +195,8 @@ in { | |||
188 | Require all granted | 195 | Require all granted |
189 | </Directory> | 196 | </Directory> |
190 | 197 | ||
191 | Alias /webhooks ${config.secrets.location}/webapps/webhooks | 198 | Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"} |
192 | <Directory "${config.secrets.location}/webapps/webhooks"> | 199 | <Directory "${config.secrets.fullPaths."webapps/webhooks"}"> |
193 | Options -Indexes | 200 | Options -Indexes |
194 | Require all granted | 201 | Require all granted |
195 | AllowOverride None | 202 | AllowOverride None |
@@ -271,7 +278,7 @@ in { | |||
271 | description = "Standalone MPD Web GUI written in C"; | 278 | description = "Standalone MPD Web GUI written in C"; |
272 | wantedBy = [ "multi-user.target" ]; | 279 | wantedBy = [ "multi-user.target" ]; |
273 | script = '' | 280 | script = '' |
274 | export MPD_PASSWORD=$(cat /var/secrets/mpd) | 281 | export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"}) |
275 | ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody | 282 | ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody |
276 | ''; | 283 | ''; |
277 | }; | 284 | }; |
@@ -293,7 +300,7 @@ in { | |||
293 | 300 | ||
294 | services.filesWatcher.ympd = { | 301 | services.filesWatcher.ympd = { |
295 | restart = true; | 302 | restart = true; |
296 | paths = [ "/var/secrets/mpd" ]; | 303 | paths = [ config.secrets.fullPaths."mpd" ]; |
297 | }; | 304 | }; |
298 | 305 | ||
299 | services.phpfpm.pools = { | 306 | services.phpfpm.pools = { |
@@ -313,9 +320,9 @@ in { | |||
313 | "php_value[session.name]" = "ToolsPHPSESSID"; | 320 | "php_value[session.name]" = "ToolsPHPSESSID"; |
314 | "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [ | 321 | "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [ |
315 | "/run/wrappers/bin/sendmail" landing "/tmp" | 322 | "/run/wrappers/bin/sendmail" landing "/tmp" |
316 | "${config.secrets.location}/webapps/webhooks" | 323 | config.secrets.fullPaths."webapps/webhooks" |
317 | ]; | 324 | ]; |
318 | "include" = "${config.secrets.location}/webapps/tools-csp-reports.conf"; | 325 | "include" = config.secrets.fullPaths."webapps/tools-csp-reports.conf"; |
319 | }; | 326 | }; |
320 | phpEnv = { | 327 | phpEnv = { |
321 | CONTACT_EMAIL = config.myEnv.tools.contact; | 328 | CONTACT_EMAIL = config.myEnv.tools.contact; |
@@ -438,11 +445,11 @@ in { | |||
438 | }; | 445 | }; |
439 | 446 | ||
440 | services.websites.env.tools.watchPaths = [ | 447 | services.websites.env.tools.watchPaths = [ |
441 | "/var/secrets/webapps/tools-shaarli" | 448 | config.secrets.fullPaths."webapps/tools-shaarli" |
442 | ]; | 449 | ]; |
443 | services.filesWatcher.phpfpm-wallabag = { | 450 | services.filesWatcher.phpfpm-wallabag = { |
444 | restart = true; | 451 | restart = true; |
445 | paths = [ "/var/secrets/webapps/tools-wallabag" ]; | 452 | paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ]; |
446 | }; | 453 | }; |
447 | 454 | ||
448 | }; | 455 | }; |
diff --git a/modules/private/websites/tools/tools/dmarc_reports.nix b/modules/private/websites/tools/tools/dmarc_reports.nix index e264e80..5fdf0b6 100644 --- a/modules/private/websites/tools/tools/dmarc_reports.nix +++ b/modules/private/websites/tools/tools/dmarc_reports.nix | |||
@@ -1,4 +1,4 @@ | |||
1 | { env }: | 1 | { env, config }: |
2 | rec { | 2 | rec { |
3 | keys = [{ | 3 | keys = [{ |
4 | dest = "webapps/tools-dmarc-reports.php"; | 4 | dest = "webapps/tools-dmarc-reports.php"; |
@@ -43,7 +43,7 @@ rec { | |||
43 | }; | 43 | }; |
44 | phpFpm = rec { | 44 | phpFpm = rec { |
45 | basedir = builtins.concatStringsSep ":" | 45 | basedir = builtins.concatStringsSep ":" |
46 | [ webRoot "/var/secrets/webapps/tools-dmarc-reports.php" ]; | 46 | [ webRoot config.secrets.fullPaths."webapps/tools-dmarc-reports.php" ]; |
47 | pool = { | 47 | pool = { |
48 | "listen.owner" = apache.user; | 48 | "listen.owner" = apache.user; |
49 | "listen.group" = apache.group; | 49 | "listen.group" = apache.group; |
@@ -55,7 +55,7 @@ rec { | |||
55 | "php_admin_value[open_basedir]" = "${basedir}:/tmp"; | 55 | "php_admin_value[open_basedir]" = "${basedir}:/tmp"; |
56 | }; | 56 | }; |
57 | phpEnv = { | 57 | phpEnv = { |
58 | SECRETS_FILE = "/var/secrets/webapps/tools-dmarc-reports.php"; | 58 | SECRETS_FILE = config.secrets.fullPaths."webapps/tools-dmarc-reports.php"; |
59 | }; | 59 | }; |
60 | }; | 60 | }; |
61 | } | 61 | } |
diff --git a/modules/private/websites/tools/tools/kanboard.nix b/modules/private/websites/tools/tools/kanboard.nix index 0f6fefc..1a70499 100644 --- a/modules/private/websites/tools/tools/kanboard.nix +++ b/modules/private/websites/tools/tools/kanboard.nix | |||
@@ -1,4 +1,4 @@ | |||
1 | { env, kanboard }: | 1 | { env, kanboard, config }: |
2 | rec { | 2 | rec { |
3 | backups = { | 3 | backups = { |
4 | rootDir = varDir; | 4 | rootDir = varDir; |
@@ -42,7 +42,7 @@ rec { | |||
42 | ?> | 42 | ?> |
43 | ''; | 43 | ''; |
44 | }]; | 44 | }]; |
45 | webRoot = kanboard { kanboard_config = "/var/secrets/webapps/tools-kanboard"; }; | 45 | webRoot = kanboard { kanboard_config = config.secrets.fullPaths."webapps/tools-kanboard"; }; |
46 | apache = rec { | 46 | apache = rec { |
47 | user = "wwwrun"; | 47 | user = "wwwrun"; |
48 | group = "wwwrun"; | 48 | group = "wwwrun"; |
@@ -68,7 +68,7 @@ rec { | |||
68 | }; | 68 | }; |
69 | phpFpm = rec { | 69 | phpFpm = rec { |
70 | serviceDeps = [ "postgresql.service" "openldap.service" ]; | 70 | serviceDeps = [ "postgresql.service" "openldap.service" ]; |
71 | basedir = builtins.concatStringsSep ":" [ webRoot varDir "/var/secrets/webapps/tools-kanboard" ]; | 71 | basedir = builtins.concatStringsSep ":" [ webRoot varDir config.secrets.fullPaths."webapps/tools-kanboard" ]; |
72 | pool = { | 72 | pool = { |
73 | "listen.owner" = apache.user; | 73 | "listen.owner" = apache.user; |
74 | "listen.group" = apache.group; | 74 | "listen.group" = apache.group; |
diff --git a/modules/private/websites/tools/tools/ldap.nix b/modules/private/websites/tools/tools/ldap.nix index 0c1a21f..cb90edc 100644 --- a/modules/private/websites/tools/tools/ldap.nix +++ b/modules/private/websites/tools/tools/ldap.nix | |||
@@ -1,4 +1,4 @@ | |||
1 | { lib, php, env, writeText, phpldapadmin }: | 1 | { lib, php, env, writeText, phpldapadmin, config }: |
2 | rec { | 2 | rec { |
3 | activationScript = { | 3 | activationScript = { |
4 | deps = [ "httpd" ]; | 4 | deps = [ "httpd" ]; |
@@ -32,7 +32,7 @@ rec { | |||
32 | $servers->setValue('login','fallback_dn',true); | 32 | $servers->setValue('login','fallback_dn',true); |
33 | ''; | 33 | ''; |
34 | }]; | 34 | }]; |
35 | webRoot = phpldapadmin.override { config = "/var/secrets/webapps/tools-ldap"; }; | 35 | webRoot = phpldapadmin.override { config = config.secrets.fullPaths."webapps/tools-ldap"; }; |
36 | apache = rec { | 36 | apache = rec { |
37 | user = "wwwrun"; | 37 | user = "wwwrun"; |
38 | group = "wwwrun"; | 38 | group = "wwwrun"; |
@@ -54,7 +54,7 @@ rec { | |||
54 | }; | 54 | }; |
55 | phpFpm = rec { | 55 | phpFpm = rec { |
56 | serviceDeps = [ "openldap.service" ]; | 56 | serviceDeps = [ "openldap.service" ]; |
57 | basedir = builtins.concatStringsSep ":" [ webRoot "/var/secrets/webapps/tools-ldap" ]; | 57 | basedir = builtins.concatStringsSep ":" [ webRoot config.secrets.fullPaths."webapps/tools-ldap" ]; |
58 | pool = { | 58 | pool = { |
59 | "listen.owner" = apache.user; | 59 | "listen.owner" = apache.user; |
60 | "listen.group" = apache.group; | 60 | "listen.group" = apache.group; |
diff --git a/modules/private/websites/tools/tools/shaarli.nix b/modules/private/websites/tools/tools/shaarli.nix index d11f525..80c6a89 100644 --- a/modules/private/websites/tools/tools/shaarli.nix +++ b/modules/private/websites/tools/tools/shaarli.nix | |||
@@ -1,4 +1,4 @@ | |||
1 | { lib, env, stdenv, fetchurl, shaarli }: | 1 | { lib, env, stdenv, fetchurl, shaarli, config }: |
2 | let | 2 | let |
3 | varDir = "/var/lib/shaarli"; | 3 | varDir = "/var/lib/shaarli"; |
4 | in rec { | 4 | in rec { |
@@ -21,7 +21,7 @@ in rec { | |||
21 | vhostConf = socket: '' | 21 | vhostConf = socket: '' |
22 | Alias /Shaarli "${root}" | 22 | Alias /Shaarli "${root}" |
23 | 23 | ||
24 | Include /var/secrets/webapps/tools-shaarli | 24 | Include ${config.secrets.fullPaths."webapps/tools-shaarli"} |
25 | <Location /Shaarli> | 25 | <Location /Shaarli> |
26 | Header set Access-Control-Allow-Origin "*" | 26 | Header set Access-Control-Allow-Origin "*" |
27 | Header set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" | 27 | Header set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" |
diff --git a/modules/private/websites/tools/tools/ttrss.nix b/modules/private/websites/tools/tools/ttrss.nix index ce1ab8e..eb1d415 100644 --- a/modules/private/websites/tools/tools/ttrss.nix +++ b/modules/private/websites/tools/tools/ttrss.nix | |||
@@ -1,4 +1,4 @@ | |||
1 | { php, env, ttrss, ttrss-plugins }: | 1 | { php, env, ttrss, ttrss-plugins, config }: |
2 | rec { | 2 | rec { |
3 | backups = { | 3 | backups = { |
4 | rootDir = varDir; | 4 | rootDir = varDir; |
@@ -88,7 +88,7 @@ rec { | |||
88 | define('LDAP_AUTH_DEBUG', FALSE); | 88 | define('LDAP_AUTH_DEBUG', FALSE); |
89 | ''; | 89 | ''; |
90 | }]; | 90 | }]; |
91 | webRoot = (ttrss.override { ttrss_config = "/var/secrets/webapps/tools-ttrss"; }).withPlugins (p: [ | 91 | webRoot = (ttrss.override { ttrss_config = config.secrets.fullPaths."webapps/tools-ttrss"; }).withPlugins (p: [ |
92 | p.auth_ldap p.ff_instagram p.tumblr_gdpr_ua | 92 | p.auth_ldap p.ff_instagram p.tumblr_gdpr_ua |
93 | (p.af_feedmod.override { patched = true; }) | 93 | (p.af_feedmod.override { patched = true; }) |
94 | (p.feediron.override { patched = true; }) | 94 | (p.feediron.override { patched = true; }) |
@@ -116,7 +116,7 @@ rec { | |||
116 | phpFpm = rec { | 116 | phpFpm = rec { |
117 | serviceDeps = [ "postgresql.service" "openldap.service" ]; | 117 | serviceDeps = [ "postgresql.service" "openldap.service" ]; |
118 | basedir = builtins.concatStringsSep ":" ( | 118 | basedir = builtins.concatStringsSep ":" ( |
119 | [ webRoot "/var/secrets/webapps/tools-ttrss" varDir ] | 119 | [ webRoot config.secrets.fullPaths."webapps/tools-ttrss" varDir ] |
120 | ++ webRoot.plugins); | 120 | ++ webRoot.plugins); |
121 | pool = { | 121 | pool = { |
122 | "listen.owner" = apache.user; | 122 | "listen.owner" = apache.user; |
diff --git a/modules/private/websites/tools/tools/wallabag.nix b/modules/private/websites/tools/tools/wallabag.nix index 1cb0645..1a604c7 100644 --- a/modules/private/websites/tools/tools/wallabag.nix +++ b/modules/private/websites/tools/tools/wallabag.nix | |||
@@ -1,4 +1,4 @@ | |||
1 | { env, wallabag, mylibs }: | 1 | { env, wallabag, mylibs, config }: |
2 | rec { | 2 | rec { |
3 | backups = { | 3 | backups = { |
4 | rootDir = varDir; | 4 | rootDir = varDir; |
@@ -69,7 +69,7 @@ rec { | |||
69 | arguments: ['/run/wrappers/bin/sendmail -bs'] | 69 | arguments: ['/run/wrappers/bin/sendmail -bs'] |
70 | ''; | 70 | ''; |
71 | }]; | 71 | }]; |
72 | webappDir = wallabag.override { ldap = true; wallabag_config = "/var/secrets/webapps/tools-wallabag"; }; | 72 | webappDir = wallabag.override { ldap = true; wallabag_config = config.secrets.fullPaths."webapps/tools-wallabag"; }; |
73 | activationScript = '' | 73 | activationScript = '' |
74 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ | 74 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ |
75 | ${varDir}/var ${varDir}/data/db ${varDir}/assets/images | 75 | ${varDir}/var ${varDir}/data/db ${varDir}/assets/images |
@@ -125,11 +125,11 @@ rec { | |||
125 | /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate --no-interaction | 125 | /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate --no-interaction |
126 | popd > /dev/null | 126 | popd > /dev/null |
127 | echo -n "${webappDir}" > ${varDir}/currentWebappDir | 127 | echo -n "${webappDir}" > ${varDir}/currentWebappDir |
128 | sha512sum /var/secrets/webapps/tools-wallabag > ${varDir}/currentKey | 128 | sha512sum ${config.secrets.fullPaths."webapps/tools-wallabag"} > ${varDir}/currentKey |
129 | fi | 129 | fi |
130 | ''; | 130 | ''; |
131 | serviceDeps = [ "postgresql.service" "openldap.service" ]; | 131 | serviceDeps = [ "postgresql.service" "openldap.service" ]; |
132 | basedir = builtins.concatStringsSep ":" [ webappDir "/var/secrets/webapps/tools-wallabag" varDir ]; | 132 | basedir = builtins.concatStringsSep ":" [ webappDir config.secrets.fullPaths."webapps/tools-wallabag" varDir ]; |
133 | pool = { | 133 | pool = { |
134 | "listen.owner" = apache.user; | 134 | "listen.owner" = apache.user; |
135 | "listen.group" = apache.group; | 135 | "listen.group" = apache.group; |
diff --git a/modules/private/websites/tools/tools/webhooks.nix b/modules/private/websites/tools/tools/webhooks.nix index 885b68b..8ffb81b 100644 --- a/modules/private/websites/tools/tools/webhooks.nix +++ b/modules/private/websites/tools/tools/webhooks.nix | |||
@@ -6,5 +6,11 @@ | |||
6 | group = "wwwrun"; | 6 | group = "wwwrun"; |
7 | permissions = "0400"; | 7 | permissions = "0400"; |
8 | text = v; | 8 | text = v; |
9 | }) env; | 9 | }) env ++ [{ |
10 | dest = "webapps/webhooks"; | ||
11 | isDir = true; | ||
12 | user = "wwwrun"; | ||
13 | group = "wwwrun"; | ||
14 | permissions = "0500"; | ||
15 | }]; | ||
10 | } | 16 | } |
diff --git a/modules/private/websites/tools/tools/yourls.nix b/modules/private/websites/tools/tools/yourls.nix index 77ac0a3..0f977f2 100644 --- a/modules/private/websites/tools/tools/yourls.nix +++ b/modules/private/websites/tools/tools/yourls.nix | |||
@@ -1,4 +1,4 @@ | |||
1 | { env, yourls, yourls-plugins }: | 1 | { env, yourls, yourls-plugins, config }: |
2 | rec { | 2 | rec { |
3 | activationScript = { | 3 | activationScript = { |
4 | deps = [ "httpd" ]; | 4 | deps = [ "httpd" ]; |
@@ -40,7 +40,7 @@ rec { | |||
40 | define( 'LDAPAUTH_USERCACHE_TYPE', 0); | 40 | define( 'LDAPAUTH_USERCACHE_TYPE', 0); |
41 | ''; | 41 | ''; |
42 | }]; | 42 | }]; |
43 | webRoot = (yourls.override { yourls_config = "/var/secrets/webapps/tools-yourls"; }).withPlugins (p: [p.ldap]); | 43 | webRoot = (yourls.override { yourls_config = config.secrets.fullPaths."webapps/tools-yourls"; }).withPlugins (p: [p.ldap]); |
44 | apache = rec { | 44 | apache = rec { |
45 | user = "wwwrun"; | 45 | user = "wwwrun"; |
46 | group = "wwwrun"; | 46 | group = "wwwrun"; |
@@ -70,7 +70,7 @@ rec { | |||
70 | phpFpm = rec { | 70 | phpFpm = rec { |
71 | serviceDeps = [ "mysql.service" "openldap.service" ]; | 71 | serviceDeps = [ "mysql.service" "openldap.service" ]; |
72 | basedir = builtins.concatStringsSep ":" ( | 72 | basedir = builtins.concatStringsSep ":" ( |
73 | [ webRoot "/var/secrets/webapps/tools-yourls" ] | 73 | [ webRoot config.secrets.fullPaths."webapps/tools-yourls" ] |
74 | ++ webRoot.plugins); | 74 | ++ webRoot.plugins); |
75 | pool = { | 75 | pool = { |
76 | "listen.owner" = apache.user; | 76 | "listen.owner" = apache.user; |