aboutsummaryrefslogtreecommitdiff
path: root/modules/private/websites
diff options
context:
space:
mode:
Diffstat (limited to 'modules/private/websites')
-rw-r--r--modules/private/websites/connexionswing/app/default.nix4
-rw-r--r--modules/private/websites/default.nix8
-rw-r--r--modules/private/websites/florian/app/default.nix4
-rw-r--r--modules/private/websites/immae/temp.nix2
-rw-r--r--modules/private/websites/ludivine/app/default.nix4
-rw-r--r--modules/private/websites/piedsjaloux/app/default.nix4
-rw-r--r--modules/private/websites/tools/cloud/default.nix2
-rw-r--r--modules/private/websites/tools/dav/davical.nix6
-rw-r--r--modules/private/websites/tools/dav/default.nix1
-rw-r--r--modules/private/websites/tools/diaspora/default.nix9
-rw-r--r--modules/private/websites/tools/ether/default.nix6
-rw-r--r--modules/private/websites/tools/git/default.nix1
-rw-r--r--modules/private/websites/tools/git/mantisbt.nix6
-rw-r--r--modules/private/websites/tools/mail/default.nix1
-rw-r--r--modules/private/websites/tools/mail/roundcubemail.nix6
-rw-r--r--modules/private/websites/tools/mastodon/default.nix2
-rw-r--r--modules/private/websites/tools/mgoblin/default.nix2
-rw-r--r--modules/private/websites/tools/peertube/default.nix2
-rw-r--r--modules/private/websites/tools/performance/default.nix2
-rw-r--r--modules/private/websites/tools/tools/default.nix23
-rw-r--r--modules/private/websites/tools/tools/dmarc_reports.nix6
-rw-r--r--modules/private/websites/tools/tools/kanboard.nix6
-rw-r--r--modules/private/websites/tools/tools/ldap.nix6
-rw-r--r--modules/private/websites/tools/tools/shaarli.nix4
-rw-r--r--modules/private/websites/tools/tools/ttrss.nix6
-rw-r--r--modules/private/websites/tools/tools/wallabag.nix8
-rw-r--r--modules/private/websites/tools/tools/webhooks.nix8
-rw-r--r--modules/private/websites/tools/tools/yourls.nix6
28 files changed, 80 insertions, 65 deletions
diff --git a/modules/private/websites/connexionswing/app/default.nix b/modules/private/websites/connexionswing/app/default.nix
index 31e88db..b14b03b 100644
--- a/modules/private/websites/connexionswing/app/default.nix
+++ b/modules/private/websites/connexionswing/app/default.nix
@@ -1,6 +1,4 @@
1{ environment ? "prod" 1{ environment, varDir, secretsPath
2, varDir ? "/var/lib/connexionswing_${environment}"
3, secretsPath ? "/var/secrets/webapps/${environment}-connexionswing"
4, composerEnv, fetchurl, fetchgit, sources }: 2, composerEnv, fetchurl, fetchgit, sources }:
5let 3let
6 app = composerEnv.buildPackage ( 4 app = composerEnv.buildPackage (
diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix
index 809f615..8fb6a4d 100644
--- a/modules/private/websites/default.nix
+++ b/modules/private/websites/default.nix
@@ -52,7 +52,7 @@ let
52 LDAPOpCacheTTL 600 52 LDAPOpCacheTTL 600
53 </IfModule> 53 </IfModule>
54 54
55 Include /var/secrets/apache-ldap 55 Include ${config.secrets.fullPaths."apache-ldap"}
56 ''; 56 '';
57 }; 57 };
58 global = { 58 global = {
@@ -149,9 +149,9 @@ in
149 }; 149 };
150 }; 150 };
151 151
152 services.filesWatcher.httpdProd.paths = [ "/var/secrets/apache-ldap" ]; 152 services.filesWatcher.httpdProd.paths = [ config.secrets.fullPaths."apache-ldap" ];
153 services.filesWatcher.httpdInte.paths = [ "/var/secrets/apache-ldap" ]; 153 services.filesWatcher.httpdInte.paths = [ config.secrets.fullPaths."apache-ldap" ];
154 services.filesWatcher.httpdTools.paths = [ "/var/secrets/apache-ldap" ]; 154 services.filesWatcher.httpdTools.paths = [ config.secrets.fullPaths."apache-ldap" ];
155 155
156 services.websites.env.production = { 156 services.websites.env.production = {
157 enable = true; 157 enable = true;
diff --git a/modules/private/websites/florian/app/default.nix b/modules/private/websites/florian/app/default.nix
index 2ef0e86..28a7ec1 100644
--- a/modules/private/websites/florian/app/default.nix
+++ b/modules/private/websites/florian/app/default.nix
@@ -1,6 +1,4 @@
1{ environment ? "prod" 1{ environment, varDir, secretsPath
2, varDir ? "/var/lib/tellesflorian_${environment}"
3, secretsPath ? "/var/secrets/webapps/${environment}-tellesflorian"
4, composerEnv, fetchurl, sources }: 2, composerEnv, fetchurl, sources }:
5let 3let
6 app = composerEnv.buildPackage ( 4 app = composerEnv.buildPackage (
diff --git a/modules/private/websites/immae/temp.nix b/modules/private/websites/immae/temp.nix
index fd54f5e..8518283 100644
--- a/modules/private/websites/immae/temp.nix
+++ b/modules/private/websites/immae/temp.nix
@@ -56,7 +56,7 @@ in {
56 exec ${pkgs.webapps.surfer}/bin/surfer-server ${varDir} 56 exec ${pkgs.webapps.surfer}/bin/surfer-server ${varDir}
57 ''; 57 '';
58 serviceConfig = { 58 serviceConfig = {
59 EnvironmentFile = "/var/secrets/webapps/surfer"; 59 EnvironmentFile = config.secrets.fullPaths."webapps/surfer";
60 User = "wwwrun"; 60 User = "wwwrun";
61 Group = "wwwrun"; 61 Group = "wwwrun";
62 StateDirectory = "surfer"; 62 StateDirectory = "surfer";
diff --git a/modules/private/websites/ludivine/app/default.nix b/modules/private/websites/ludivine/app/default.nix
index 6e751b0..323b6e0 100644
--- a/modules/private/websites/ludivine/app/default.nix
+++ b/modules/private/websites/ludivine/app/default.nix
@@ -1,6 +1,4 @@
1{ environment ? "prod" 1{ environment, varDir, secretsPath
2, varDir ? "/var/lib/ludivinecassal_${environment}"
3, secretsPath ? "/var/secrets/webapps/${environment}-ludivinecassal"
4, composerEnv, fetchurl, fetchgit, imagemagick, sass, ruby, sources }: 2, composerEnv, fetchurl, fetchgit, imagemagick, sass, ruby, sources }:
5let 3let
6 app = composerEnv.buildPackage ( 4 app = composerEnv.buildPackage (
diff --git a/modules/private/websites/piedsjaloux/app/default.nix b/modules/private/websites/piedsjaloux/app/default.nix
index a3d48bd..4525a18 100644
--- a/modules/private/websites/piedsjaloux/app/default.nix
+++ b/modules/private/websites/piedsjaloux/app/default.nix
@@ -1,6 +1,4 @@
1{ environment ? "prod" 1{ environment, varDir, secretsPath
2, varDir ? "/var/lib/piedsjaloux_${environment}"
3, secretsPath ? "/var/secrets/webapps/${environment}-piedsjaloux"
4, composerEnv, fetchurl, fetchgit, sources }: 2, composerEnv, fetchurl, fetchgit, sources }:
5let 3let
6 app = composerEnv.buildPackage ( 4 app = composerEnv.buildPackage (
diff --git a/modules/private/websites/tools/cloud/default.nix b/modules/private/websites/tools/cloud/default.nix
index c374940..471858a 100644
--- a/modules/private/websites/tools/cloud/default.nix
+++ b/modules/private/websites/tools/cloud/default.nix
@@ -157,7 +157,7 @@ in {
157 ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (n: v: 157 ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (n: v:
158 "install -D -m 0644 -o wwwrun -g wwwrun -T ${v} ${varDir}/config/${n}.json" 158 "install -D -m 0644 -o wwwrun -g wwwrun -T ${v} ${varDir}/config/${n}.json"
159 ) confs)} 159 ) confs)}
160 #install -D -m 0600 -o wwwrun -g wwwrun -T /var/secrets/webapps/tools-nextcloud ${varDir}/config/config.php 160 #install -D -m 0600 -o wwwrun -g wwwrun -T ${config.secrets.fullPaths."webapps/tools-nextcloud"} ${varDir}/config/config.php
161 ''; 161 '';
162 }; 162 };
163 # FIXME: add a warning when config.php changes 163 # FIXME: add a warning when config.php changes
diff --git a/modules/private/websites/tools/dav/davical.nix b/modules/private/websites/tools/dav/davical.nix
index 9d6cd21..eeac1b5 100644
--- a/modules/private/websites/tools/dav/davical.nix
+++ b/modules/private/websites/tools/dav/davical.nix
@@ -1,4 +1,4 @@
1{ stdenv, fetchurl, gettext, writeText, env, awl, davical }: 1{ stdenv, fetchurl, gettext, writeText, env, awl, davical, config }:
2rec { 2rec {
3 activationScript = { 3 activationScript = {
4 deps = [ "httpd" ]; 4 deps = [ "httpd" ];
@@ -65,7 +65,7 @@ rec {
65 include('drivers_ldap.php'); 65 include('drivers_ldap.php');
66 ''; 66 '';
67 }]; 67 }];
68 webapp = davical.override { davical_config = "/var/secrets/webapps/dav-davical"; }; 68 webapp = davical.override { davical_config = config.secrets.fullPaths."webapps/dav-davical"; };
69 webRoot = "${webapp}/htdocs"; 69 webRoot = "${webapp}/htdocs";
70 apache = rec { 70 apache = rec {
71 user = "wwwrun"; 71 user = "wwwrun";
@@ -110,7 +110,7 @@ rec {
110 }; 110 };
111 phpFpm = rec { 111 phpFpm = rec {
112 serviceDeps = [ "postgresql.service" "openldap.service" ]; 112 serviceDeps = [ "postgresql.service" "openldap.service" ];
113 basedir = builtins.concatStringsSep ":" [ webapp "/var/secrets/webapps/dav-davical" awl ]; 113 basedir = builtins.concatStringsSep ":" [ webapp config.secrets.fullPaths."webapps/dav-davical" awl ];
114 pool = { 114 pool = {
115 "listen.owner" = apache.user; 115 "listen.owner" = apache.user;
116 "listen.group" = apache.group; 116 "listen.group" = apache.group;
diff --git a/modules/private/websites/tools/dav/default.nix b/modules/private/websites/tools/dav/default.nix
index f53cf58..c54e152 100644
--- a/modules/private/websites/tools/dav/default.nix
+++ b/modules/private/websites/tools/dav/default.nix
@@ -18,6 +18,7 @@ let
18 davical = pkgs.callPackage ./davical.nix { 18 davical = pkgs.callPackage ./davical.nix {
19 env = config.myEnv.tools.davical; 19 env = config.myEnv.tools.davical;
20 inherit (pkgs.webapps) davical awl; 20 inherit (pkgs.webapps) davical awl;
21 inherit config;
21 }; 22 };
22 23
23 cfg = config.myServices.websites.tools.dav; 24 cfg = config.myServices.websites.tools.dav;
diff --git a/modules/private/websites/tools/diaspora/default.nix b/modules/private/websites/tools/diaspora/default.nix
index 5d2b19f..663fe88 100644
--- a/modules/private/websites/tools/diaspora/default.nix
+++ b/modules/private/websites/tools/diaspora/default.nix
@@ -18,6 +18,13 @@ in {
18 18
19 secrets.keys = [ 19 secrets.keys = [
20 { 20 {
21 dest = "webapps/diaspora";
22 isDir = true;
23 user = "diaspora";
24 group = "diaspora";
25 permissions = "0500";
26 }
27 {
21 dest = "webapps/diaspora/diaspora.yml"; 28 dest = "webapps/diaspora/diaspora.yml";
22 user = "diaspora"; 29 user = "diaspora";
23 group = "diaspora"; 30 group = "diaspora";
@@ -146,7 +153,7 @@ in {
146 package = pkgs.webapps.diaspora.override { ldap = true; }; 153 package = pkgs.webapps.diaspora.override { ldap = true; };
147 dataDir = "/var/lib/diaspora_immae"; 154 dataDir = "/var/lib/diaspora_immae";
148 adminEmail = "diaspora@tools.immae.eu"; 155 adminEmail = "diaspora@tools.immae.eu";
149 configDir = "/var/secrets/webapps/diaspora"; 156 configDir = config.secrets.fullPaths."webapps/diaspora";
150 }; 157 };
151 158
152 services.filesWatcher.diaspora = { 159 services.filesWatcher.diaspora = {
diff --git a/modules/private/websites/tools/ether/default.nix b/modules/private/websites/tools/ether/default.nix
index 3350a4a..64e411d 100644
--- a/modules/private/websites/tools/ether/default.nix
+++ b/modules/private/websites/tools/ether/default.nix
@@ -166,9 +166,9 @@ in {
166 p.ep_timesliderdiff 166 p.ep_timesliderdiff
167 ]); 167 ]);
168 modules = []; 168 modules = [];
169 sessionKeyFile = "/var/secrets/webapps/tools-etherpad-sessionkey"; 169 sessionKeyFile = config.secrets.fullPaths."webapps/tools-etherpad-sessionkey";
170 apiKeyFile = "/var/secrets/webapps/tools-etherpad-apikey"; 170 apiKeyFile = config.secrets.fullPaths."webapps/tools-etherpad-apikey";
171 configFile = "/var/secrets/webapps/tools-etherpad"; 171 configFile = config.secrets.fullPaths."webapps/tools-etherpad";
172 }; 172 };
173 173
174 systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys"; 174 systemd.services.etherpad-lite.serviceConfig.SupplementaryGroups = "keys";
diff --git a/modules/private/websites/tools/git/default.nix b/modules/private/websites/tools/git/default.nix
index 8b1afa8..755bab0 100644
--- a/modules/private/websites/tools/git/default.nix
+++ b/modules/private/websites/tools/git/default.nix
@@ -3,6 +3,7 @@ let
3 mantisbt = pkgs.callPackage ./mantisbt.nix { 3 mantisbt = pkgs.callPackage ./mantisbt.nix {
4 inherit (pkgs.webapps) mantisbt_2 mantisbt_2-plugins; 4 inherit (pkgs.webapps) mantisbt_2 mantisbt_2-plugins;
5 env = config.myEnv.tools.mantisbt; 5 env = config.myEnv.tools.mantisbt;
6 inherit config;
6 }; 7 };
7 gitweb = pkgs.callPackage ./gitweb.nix { 8 gitweb = pkgs.callPackage ./gitweb.nix {
8 gitoliteDir = config.myServices.gitolite.gitoliteDir; 9 gitoliteDir = config.myServices.gitolite.gitoliteDir;
diff --git a/modules/private/websites/tools/git/mantisbt.nix b/modules/private/websites/tools/git/mantisbt.nix
index 9996d23..e6a8da7 100644
--- a/modules/private/websites/tools/git/mantisbt.nix
+++ b/modules/private/websites/tools/git/mantisbt.nix
@@ -1,4 +1,4 @@
1{ env, mantisbt_2, mantisbt_2-plugins }: 1{ env, mantisbt_2, mantisbt_2-plugins, config }:
2rec { 2rec {
3 activationScript = { 3 activationScript = {
4 deps = [ "httpd" ]; 4 deps = [ "httpd" ];
@@ -46,7 +46,7 @@ rec {
46 $g_ldap_organization = '${env.ldap.filter}'; 46 $g_ldap_organization = '${env.ldap.filter}';
47 ''; 47 '';
48 }]; 48 }];
49 webRoot = (mantisbt_2.override { mantis_config = "/var/secrets/webapps/tools-mantisbt"; }).withPlugins (p: [p.slack p.source-integration]); 49 webRoot = (mantisbt_2.override { mantis_config = config.secrets.fullPaths."webapps/tools-mantisbt"; }).withPlugins (p: [p.slack p.source-integration]);
50 apache = rec { 50 apache = rec {
51 user = "wwwrun"; 51 user = "wwwrun";
52 group = "wwwrun"; 52 group = "wwwrun";
@@ -75,7 +75,7 @@ rec {
75 phpFpm = rec { 75 phpFpm = rec {
76 serviceDeps = [ "postgresql.service" "openldap.service" ]; 76 serviceDeps = [ "postgresql.service" "openldap.service" ];
77 basedir = builtins.concatStringsSep ":" ( 77 basedir = builtins.concatStringsSep ":" (
78 [ webRoot "/var/secrets/webapps/tools-mantisbt" ] 78 [ webRoot config.secrets.fullPaths."webapps/tools-mantisbt" ]
79 ++ webRoot.plugins); 79 ++ webRoot.plugins);
80 pool = { 80 pool = {
81 "listen.owner" = apache.user; 81 "listen.owner" = apache.user;
diff --git a/modules/private/websites/tools/mail/default.nix b/modules/private/websites/tools/mail/default.nix
index 4636a6c..033a587 100644
--- a/modules/private/websites/tools/mail/default.nix
+++ b/modules/private/websites/tools/mail/default.nix
@@ -3,6 +3,7 @@ let
3 roundcubemail = pkgs.callPackage ./roundcubemail.nix { 3 roundcubemail = pkgs.callPackage ./roundcubemail.nix {
4 inherit (pkgs.webapps) roundcubemail; 4 inherit (pkgs.webapps) roundcubemail;
5 env = config.myEnv.tools.roundcubemail; 5 env = config.myEnv.tools.roundcubemail;
6 inherit config;
6 }; 7 };
7 rainloop = pkgs.callPackage ./rainloop.nix { 8 rainloop = pkgs.callPackage ./rainloop.nix {
8 rainloop = pkgs.rainloop-community; 9 rainloop = pkgs.rainloop-community;
diff --git a/modules/private/websites/tools/mail/roundcubemail.nix b/modules/private/websites/tools/mail/roundcubemail.nix
index bb7dee9..7d8e733 100644
--- a/modules/private/websites/tools/mail/roundcubemail.nix
+++ b/modules/private/websites/tools/mail/roundcubemail.nix
@@ -1,4 +1,4 @@
1{ env, roundcubemail, apacheHttpd }: 1{ env, roundcubemail, apacheHttpd, config }:
2rec { 2rec {
3 varDir = "/var/lib/roundcubemail"; 3 varDir = "/var/lib/roundcubemail";
4 activationScript = { 4 activationScript = {
@@ -75,7 +75,7 @@ rec {
75 $config['mime_types'] = '${apacheHttpd}/conf/mime.types'; 75 $config['mime_types'] = '${apacheHttpd}/conf/mime.types';
76 ''; 76 '';
77 }]; 77 }];
78 webRoot = (roundcubemail.override { roundcube_config = "/var/secrets/webapps/tools-roundcube"; }).withPlugins (p: [ p.automatic_addressbook p.carddav p.contextmenu p.contextmenu_folder p.html5_notifier p.ident_switch p.message_highlight p.thunderbird_labels ]); 78 webRoot = (roundcubemail.override { roundcube_config = config.secrets.fullPaths."webapps/tools-roundcube"; }).withPlugins (p: [ p.automatic_addressbook p.carddav p.contextmenu p.contextmenu_folder p.html5_notifier p.ident_switch p.message_highlight p.thunderbird_labels ]);
79 apache = rec { 79 apache = rec {
80 user = "wwwrun"; 80 user = "wwwrun";
81 group = "wwwrun"; 81 group = "wwwrun";
@@ -99,7 +99,7 @@ rec {
99 phpFpm = rec { 99 phpFpm = rec {
100 serviceDeps = [ "postgresql.service" ]; 100 serviceDeps = [ "postgresql.service" ];
101 basedir = builtins.concatStringsSep ":" ( 101 basedir = builtins.concatStringsSep ":" (
102 [ webRoot "/var/secrets/webapps/tools-roundcube" varDir ] 102 [ webRoot config.secrets.fullPaths."webapps/tools-roundcube" varDir ]
103 ++ webRoot.plugins 103 ++ webRoot.plugins
104 ++ webRoot.skins); 104 ++ webRoot.skins);
105 pool = { 105 pool = {
diff --git a/modules/private/websites/tools/mastodon/default.nix b/modules/private/websites/tools/mastodon/default.nix
index 80d7431..cea8710 100644
--- a/modules/private/websites/tools/mastodon/default.nix
+++ b/modules/private/websites/tools/mastodon/default.nix
@@ -62,7 +62,7 @@ in {
62 }]; 62 }];
63 services.mastodon = { 63 services.mastodon = {
64 enable = true; 64 enable = true;
65 configFile = "/var/secrets/webapps/tools-mastodon"; 65 configFile = config.secrets.fullPaths."webapps/tools-mastodon";
66 socketsPrefix = "live_immae"; 66 socketsPrefix = "live_immae";
67 dataDir = "/var/lib/mastodon_immae"; 67 dataDir = "/var/lib/mastodon_immae";
68 }; 68 };
diff --git a/modules/private/websites/tools/mgoblin/default.nix b/modules/private/websites/tools/mgoblin/default.nix
index 719d3d3..6d6a5a4 100644
--- a/modules/private/websites/tools/mgoblin/default.nix
+++ b/modules/private/websites/tools/mgoblin/default.nix
@@ -84,7 +84,7 @@ in {
84 services.mediagoblin = { 84 services.mediagoblin = {
85 enable = true; 85 enable = true;
86 package = pkgs.webapps.mediagoblin.withPlugins (p: [p.basicsearch]); 86 package = pkgs.webapps.mediagoblin.withPlugins (p: [p.basicsearch]);
87 configFile = "/var/secrets/webapps/tools-mediagoblin"; 87 configFile = config.secrets.fullPaths."webapps/tools-mediagoblin";
88 }; 88 };
89 services.filesWatcher.mediagoblin-web = { 89 services.filesWatcher.mediagoblin-web = {
90 restart = true; 90 restart = true;
diff --git a/modules/private/websites/tools/peertube/default.nix b/modules/private/websites/tools/peertube/default.nix
index d2cbe40..7dcc998 100644
--- a/modules/private/websites/tools/peertube/default.nix
+++ b/modules/private/websites/tools/peertube/default.nix
@@ -14,7 +14,7 @@ in {
14 }; 14 };
15 services.peertube = { 15 services.peertube = {
16 enable = true; 16 enable = true;
17 configFile = "/var/secrets/webapps/tools-peertube"; 17 configFile = config.secrets.fullPaths."webapps/tools-peertube";
18 }; 18 };
19 users.users.peertube.extraGroups = [ "keys" ]; 19 users.users.peertube.extraGroups = [ "keys" ];
20 20
diff --git a/modules/private/websites/tools/performance/default.nix b/modules/private/websites/tools/performance/default.nix
index df2b58d..5afd639 100644
--- a/modules/private/websites/tools/performance/default.nix
+++ b/modules/private/websites/tools/performance/default.nix
@@ -80,7 +80,7 @@ in
80 "pm.min_spare_servers" = "1"; 80 "pm.min_spare_servers" = "1";
81 "pm.max_spare_servers" = "10"; 81 "pm.max_spare_servers" = "10";
82 82
83 "php_admin_value[open_basedir]" = "${package}:/tmp:/var/secrets/status_engine_ui"; 83 "php_admin_value[open_basedir]" = "${package}:/tmp:${config.secrets.fullPaths."status_engine_ui"}";
84 }; 84 };
85 phpPackage = pkgs.php74; 85 phpPackage = pkgs.php74;
86 }; 86 };
diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix
index ac92ef4..ada6253 100644
--- a/modules/private/websites/tools/tools/default.nix
+++ b/modules/private/websites/tools/tools/default.nix
@@ -12,8 +12,10 @@ let
12 inherit (pkgs.webapps) ttrss ttrss-plugins; 12 inherit (pkgs.webapps) ttrss ttrss-plugins;
13 env = config.myEnv.tools.ttrss; 13 env = config.myEnv.tools.ttrss;
14 php = pkgs.php72; 14 php = pkgs.php72;
15 inherit config;
15 }; 16 };
16 kanboard = pkgs.callPackage ./kanboard.nix { 17 kanboard = pkgs.callPackage ./kanboard.nix {
18 inherit config;
17 env = config.myEnv.tools.kanboard; 19 env = config.myEnv.tools.kanboard;
18 }; 20 };
19 wallabag = pkgs.callPackage ./wallabag.nix { 21 wallabag = pkgs.callPackage ./wallabag.nix {
@@ -23,10 +25,12 @@ let
23 }; 25 };
24 }; 26 };
25 env = config.myEnv.tools.wallabag; 27 env = config.myEnv.tools.wallabag;
28 inherit config;
26 }; 29 };
27 yourls = pkgs.callPackage ./yourls.nix { 30 yourls = pkgs.callPackage ./yourls.nix {
28 inherit (pkgs.webapps) yourls yourls-plugins; 31 inherit (pkgs.webapps) yourls yourls-plugins;
29 env = config.myEnv.tools.yourls; 32 env = config.myEnv.tools.yourls;
33 inherit config;
30 }; 34 };
31 rompr = pkgs.callPackage ./rompr.nix { 35 rompr = pkgs.callPackage ./rompr.nix {
32 inherit (pkgs.webapps) rompr; 36 inherit (pkgs.webapps) rompr;
@@ -34,6 +38,7 @@ let
34 }; 38 };
35 shaarli = pkgs.callPackage ./shaarli.nix { 39 shaarli = pkgs.callPackage ./shaarli.nix {
36 env = config.myEnv.tools.shaarli; 40 env = config.myEnv.tools.shaarli;
41 inherit config;
37 }; 42 };
38 dokuwiki = pkgs.callPackage ./dokuwiki.nix { 43 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
39 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins; 44 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
@@ -41,6 +46,7 @@ let
41 ldap = pkgs.callPackage ./ldap.nix { 46 ldap = pkgs.callPackage ./ldap.nix {
42 inherit (pkgs.webapps) phpldapadmin; 47 inherit (pkgs.webapps) phpldapadmin;
43 env = config.myEnv.tools.phpldapadmin; 48 env = config.myEnv.tools.phpldapadmin;
49 inherit config;
44 }; 50 };
45 grocy = pkgs.callPackage ./grocy.nix { 51 grocy = pkgs.callPackage ./grocy.nix {
46 grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; }; 52 grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
@@ -56,6 +62,7 @@ let
56 }; 62 };
57 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix { 63 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
58 env = config.myEnv.tools.dmarc_reports; 64 env = config.myEnv.tools.dmarc_reports;
65 inherit config;
59 }; 66 };
60 csp-reports = pkgs.callPackage ./csp_reports.nix { 67 csp-reports = pkgs.callPackage ./csp_reports.nix {
61 env = config.myEnv.tools.csp_reports; 68 env = config.myEnv.tools.csp_reports;
@@ -188,8 +195,8 @@ in {
188 Require all granted 195 Require all granted
189 </Directory> 196 </Directory>
190 197
191 Alias /webhooks ${config.secrets.location}/webapps/webhooks 198 Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
192 <Directory "${config.secrets.location}/webapps/webhooks"> 199 <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
193 Options -Indexes 200 Options -Indexes
194 Require all granted 201 Require all granted
195 AllowOverride None 202 AllowOverride None
@@ -271,7 +278,7 @@ in {
271 description = "Standalone MPD Web GUI written in C"; 278 description = "Standalone MPD Web GUI written in C";
272 wantedBy = [ "multi-user.target" ]; 279 wantedBy = [ "multi-user.target" ];
273 script = '' 280 script = ''
274 export MPD_PASSWORD=$(cat /var/secrets/mpd) 281 export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
275 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody 282 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
276 ''; 283 '';
277 }; 284 };
@@ -293,7 +300,7 @@ in {
293 300
294 services.filesWatcher.ympd = { 301 services.filesWatcher.ympd = {
295 restart = true; 302 restart = true;
296 paths = [ "/var/secrets/mpd" ]; 303 paths = [ config.secrets.fullPaths."mpd" ];
297 }; 304 };
298 305
299 services.phpfpm.pools = { 306 services.phpfpm.pools = {
@@ -313,9 +320,9 @@ in {
313 "php_value[session.name]" = "ToolsPHPSESSID"; 320 "php_value[session.name]" = "ToolsPHPSESSID";
314 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [ 321 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
315 "/run/wrappers/bin/sendmail" landing "/tmp" 322 "/run/wrappers/bin/sendmail" landing "/tmp"
316 "${config.secrets.location}/webapps/webhooks" 323 config.secrets.fullPaths."webapps/webhooks"
317 ]; 324 ];
318 "include" = "${config.secrets.location}/webapps/tools-csp-reports.conf"; 325 "include" = config.secrets.fullPaths."webapps/tools-csp-reports.conf";
319 }; 326 };
320 phpEnv = { 327 phpEnv = {
321 CONTACT_EMAIL = config.myEnv.tools.contact; 328 CONTACT_EMAIL = config.myEnv.tools.contact;
@@ -438,11 +445,11 @@ in {
438 }; 445 };
439 446
440 services.websites.env.tools.watchPaths = [ 447 services.websites.env.tools.watchPaths = [
441 "/var/secrets/webapps/tools-shaarli" 448 config.secrets.fullPaths."webapps/tools-shaarli"
442 ]; 449 ];
443 services.filesWatcher.phpfpm-wallabag = { 450 services.filesWatcher.phpfpm-wallabag = {
444 restart = true; 451 restart = true;
445 paths = [ "/var/secrets/webapps/tools-wallabag" ]; 452 paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
446 }; 453 };
447 454
448 }; 455 };
diff --git a/modules/private/websites/tools/tools/dmarc_reports.nix b/modules/private/websites/tools/tools/dmarc_reports.nix
index e264e80..5fdf0b6 100644
--- a/modules/private/websites/tools/tools/dmarc_reports.nix
+++ b/modules/private/websites/tools/tools/dmarc_reports.nix
@@ -1,4 +1,4 @@
1{ env }: 1{ env, config }:
2rec { 2rec {
3 keys = [{ 3 keys = [{
4 dest = "webapps/tools-dmarc-reports.php"; 4 dest = "webapps/tools-dmarc-reports.php";
@@ -43,7 +43,7 @@ rec {
43 }; 43 };
44 phpFpm = rec { 44 phpFpm = rec {
45 basedir = builtins.concatStringsSep ":" 45 basedir = builtins.concatStringsSep ":"
46 [ webRoot "/var/secrets/webapps/tools-dmarc-reports.php" ]; 46 [ webRoot config.secrets.fullPaths."webapps/tools-dmarc-reports.php" ];
47 pool = { 47 pool = {
48 "listen.owner" = apache.user; 48 "listen.owner" = apache.user;
49 "listen.group" = apache.group; 49 "listen.group" = apache.group;
@@ -55,7 +55,7 @@ rec {
55 "php_admin_value[open_basedir]" = "${basedir}:/tmp"; 55 "php_admin_value[open_basedir]" = "${basedir}:/tmp";
56 }; 56 };
57 phpEnv = { 57 phpEnv = {
58 SECRETS_FILE = "/var/secrets/webapps/tools-dmarc-reports.php"; 58 SECRETS_FILE = config.secrets.fullPaths."webapps/tools-dmarc-reports.php";
59 }; 59 };
60 }; 60 };
61} 61}
diff --git a/modules/private/websites/tools/tools/kanboard.nix b/modules/private/websites/tools/tools/kanboard.nix
index 0f6fefc..1a70499 100644
--- a/modules/private/websites/tools/tools/kanboard.nix
+++ b/modules/private/websites/tools/tools/kanboard.nix
@@ -1,4 +1,4 @@
1{ env, kanboard }: 1{ env, kanboard, config }:
2rec { 2rec {
3 backups = { 3 backups = {
4 rootDir = varDir; 4 rootDir = varDir;
@@ -42,7 +42,7 @@ rec {
42 ?> 42 ?>
43 ''; 43 '';
44 }]; 44 }];
45 webRoot = kanboard { kanboard_config = "/var/secrets/webapps/tools-kanboard"; }; 45 webRoot = kanboard { kanboard_config = config.secrets.fullPaths."webapps/tools-kanboard"; };
46 apache = rec { 46 apache = rec {
47 user = "wwwrun"; 47 user = "wwwrun";
48 group = "wwwrun"; 48 group = "wwwrun";
@@ -68,7 +68,7 @@ rec {
68 }; 68 };
69 phpFpm = rec { 69 phpFpm = rec {
70 serviceDeps = [ "postgresql.service" "openldap.service" ]; 70 serviceDeps = [ "postgresql.service" "openldap.service" ];
71 basedir = builtins.concatStringsSep ":" [ webRoot varDir "/var/secrets/webapps/tools-kanboard" ]; 71 basedir = builtins.concatStringsSep ":" [ webRoot varDir config.secrets.fullPaths."webapps/tools-kanboard" ];
72 pool = { 72 pool = {
73 "listen.owner" = apache.user; 73 "listen.owner" = apache.user;
74 "listen.group" = apache.group; 74 "listen.group" = apache.group;
diff --git a/modules/private/websites/tools/tools/ldap.nix b/modules/private/websites/tools/tools/ldap.nix
index 0c1a21f..cb90edc 100644
--- a/modules/private/websites/tools/tools/ldap.nix
+++ b/modules/private/websites/tools/tools/ldap.nix
@@ -1,4 +1,4 @@
1{ lib, php, env, writeText, phpldapadmin }: 1{ lib, php, env, writeText, phpldapadmin, config }:
2rec { 2rec {
3 activationScript = { 3 activationScript = {
4 deps = [ "httpd" ]; 4 deps = [ "httpd" ];
@@ -32,7 +32,7 @@ rec {
32 $servers->setValue('login','fallback_dn',true); 32 $servers->setValue('login','fallback_dn',true);
33 ''; 33 '';
34 }]; 34 }];
35 webRoot = phpldapadmin.override { config = "/var/secrets/webapps/tools-ldap"; }; 35 webRoot = phpldapadmin.override { config = config.secrets.fullPaths."webapps/tools-ldap"; };
36 apache = rec { 36 apache = rec {
37 user = "wwwrun"; 37 user = "wwwrun";
38 group = "wwwrun"; 38 group = "wwwrun";
@@ -54,7 +54,7 @@ rec {
54 }; 54 };
55 phpFpm = rec { 55 phpFpm = rec {
56 serviceDeps = [ "openldap.service" ]; 56 serviceDeps = [ "openldap.service" ];
57 basedir = builtins.concatStringsSep ":" [ webRoot "/var/secrets/webapps/tools-ldap" ]; 57 basedir = builtins.concatStringsSep ":" [ webRoot config.secrets.fullPaths."webapps/tools-ldap" ];
58 pool = { 58 pool = {
59 "listen.owner" = apache.user; 59 "listen.owner" = apache.user;
60 "listen.group" = apache.group; 60 "listen.group" = apache.group;
diff --git a/modules/private/websites/tools/tools/shaarli.nix b/modules/private/websites/tools/tools/shaarli.nix
index d11f525..80c6a89 100644
--- a/modules/private/websites/tools/tools/shaarli.nix
+++ b/modules/private/websites/tools/tools/shaarli.nix
@@ -1,4 +1,4 @@
1{ lib, env, stdenv, fetchurl, shaarli }: 1{ lib, env, stdenv, fetchurl, shaarli, config }:
2let 2let
3 varDir = "/var/lib/shaarli"; 3 varDir = "/var/lib/shaarli";
4in rec { 4in rec {
@@ -21,7 +21,7 @@ in rec {
21 vhostConf = socket: '' 21 vhostConf = socket: ''
22 Alias /Shaarli "${root}" 22 Alias /Shaarli "${root}"
23 23
24 Include /var/secrets/webapps/tools-shaarli 24 Include ${config.secrets.fullPaths."webapps/tools-shaarli"}
25 <Location /Shaarli> 25 <Location /Shaarli>
26 Header set Access-Control-Allow-Origin "*" 26 Header set Access-Control-Allow-Origin "*"
27 Header set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" 27 Header set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
diff --git a/modules/private/websites/tools/tools/ttrss.nix b/modules/private/websites/tools/tools/ttrss.nix
index ce1ab8e..eb1d415 100644
--- a/modules/private/websites/tools/tools/ttrss.nix
+++ b/modules/private/websites/tools/tools/ttrss.nix
@@ -1,4 +1,4 @@
1{ php, env, ttrss, ttrss-plugins }: 1{ php, env, ttrss, ttrss-plugins, config }:
2rec { 2rec {
3 backups = { 3 backups = {
4 rootDir = varDir; 4 rootDir = varDir;
@@ -88,7 +88,7 @@ rec {
88 define('LDAP_AUTH_DEBUG', FALSE); 88 define('LDAP_AUTH_DEBUG', FALSE);
89 ''; 89 '';
90 }]; 90 }];
91 webRoot = (ttrss.override { ttrss_config = "/var/secrets/webapps/tools-ttrss"; }).withPlugins (p: [ 91 webRoot = (ttrss.override { ttrss_config = config.secrets.fullPaths."webapps/tools-ttrss"; }).withPlugins (p: [
92 p.auth_ldap p.ff_instagram p.tumblr_gdpr_ua 92 p.auth_ldap p.ff_instagram p.tumblr_gdpr_ua
93 (p.af_feedmod.override { patched = true; }) 93 (p.af_feedmod.override { patched = true; })
94 (p.feediron.override { patched = true; }) 94 (p.feediron.override { patched = true; })
@@ -116,7 +116,7 @@ rec {
116 phpFpm = rec { 116 phpFpm = rec {
117 serviceDeps = [ "postgresql.service" "openldap.service" ]; 117 serviceDeps = [ "postgresql.service" "openldap.service" ];
118 basedir = builtins.concatStringsSep ":" ( 118 basedir = builtins.concatStringsSep ":" (
119 [ webRoot "/var/secrets/webapps/tools-ttrss" varDir ] 119 [ webRoot config.secrets.fullPaths."webapps/tools-ttrss" varDir ]
120 ++ webRoot.plugins); 120 ++ webRoot.plugins);
121 pool = { 121 pool = {
122 "listen.owner" = apache.user; 122 "listen.owner" = apache.user;
diff --git a/modules/private/websites/tools/tools/wallabag.nix b/modules/private/websites/tools/tools/wallabag.nix
index 1cb0645..1a604c7 100644
--- a/modules/private/websites/tools/tools/wallabag.nix
+++ b/modules/private/websites/tools/tools/wallabag.nix
@@ -1,4 +1,4 @@
1{ env, wallabag, mylibs }: 1{ env, wallabag, mylibs, config }:
2rec { 2rec {
3 backups = { 3 backups = {
4 rootDir = varDir; 4 rootDir = varDir;
@@ -69,7 +69,7 @@ rec {
69 arguments: ['/run/wrappers/bin/sendmail -bs'] 69 arguments: ['/run/wrappers/bin/sendmail -bs']
70 ''; 70 '';
71 }]; 71 }];
72 webappDir = wallabag.override { ldap = true; wallabag_config = "/var/secrets/webapps/tools-wallabag"; }; 72 webappDir = wallabag.override { ldap = true; wallabag_config = config.secrets.fullPaths."webapps/tools-wallabag"; };
73 activationScript = '' 73 activationScript = ''
74 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ 74 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
75 ${varDir}/var ${varDir}/data/db ${varDir}/assets/images 75 ${varDir}/var ${varDir}/data/db ${varDir}/assets/images
@@ -125,11 +125,11 @@ rec {
125 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate --no-interaction 125 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate --no-interaction
126 popd > /dev/null 126 popd > /dev/null
127 echo -n "${webappDir}" > ${varDir}/currentWebappDir 127 echo -n "${webappDir}" > ${varDir}/currentWebappDir
128 sha512sum /var/secrets/webapps/tools-wallabag > ${varDir}/currentKey 128 sha512sum ${config.secrets.fullPaths."webapps/tools-wallabag"} > ${varDir}/currentKey
129 fi 129 fi
130 ''; 130 '';
131 serviceDeps = [ "postgresql.service" "openldap.service" ]; 131 serviceDeps = [ "postgresql.service" "openldap.service" ];
132 basedir = builtins.concatStringsSep ":" [ webappDir "/var/secrets/webapps/tools-wallabag" varDir ]; 132 basedir = builtins.concatStringsSep ":" [ webappDir config.secrets.fullPaths."webapps/tools-wallabag" varDir ];
133 pool = { 133 pool = {
134 "listen.owner" = apache.user; 134 "listen.owner" = apache.user;
135 "listen.group" = apache.group; 135 "listen.group" = apache.group;
diff --git a/modules/private/websites/tools/tools/webhooks.nix b/modules/private/websites/tools/tools/webhooks.nix
index 885b68b..8ffb81b 100644
--- a/modules/private/websites/tools/tools/webhooks.nix
+++ b/modules/private/websites/tools/tools/webhooks.nix
@@ -6,5 +6,11 @@
6 group = "wwwrun"; 6 group = "wwwrun";
7 permissions = "0400"; 7 permissions = "0400";
8 text = v; 8 text = v;
9 }) env; 9 }) env ++ [{
10 dest = "webapps/webhooks";
11 isDir = true;
12 user = "wwwrun";
13 group = "wwwrun";
14 permissions = "0500";
15 }];
10} 16}
diff --git a/modules/private/websites/tools/tools/yourls.nix b/modules/private/websites/tools/tools/yourls.nix
index 77ac0a3..0f977f2 100644
--- a/modules/private/websites/tools/tools/yourls.nix
+++ b/modules/private/websites/tools/tools/yourls.nix
@@ -1,4 +1,4 @@
1{ env, yourls, yourls-plugins }: 1{ env, yourls, yourls-plugins, config }:
2rec { 2rec {
3 activationScript = { 3 activationScript = {
4 deps = [ "httpd" ]; 4 deps = [ "httpd" ];
@@ -40,7 +40,7 @@ rec {
40 define( 'LDAPAUTH_USERCACHE_TYPE', 0); 40 define( 'LDAPAUTH_USERCACHE_TYPE', 0);
41 ''; 41 '';
42 }]; 42 }];
43 webRoot = (yourls.override { yourls_config = "/var/secrets/webapps/tools-yourls"; }).withPlugins (p: [p.ldap]); 43 webRoot = (yourls.override { yourls_config = config.secrets.fullPaths."webapps/tools-yourls"; }).withPlugins (p: [p.ldap]);
44 apache = rec { 44 apache = rec {
45 user = "wwwrun"; 45 user = "wwwrun";
46 group = "wwwrun"; 46 group = "wwwrun";
@@ -70,7 +70,7 @@ rec {
70 phpFpm = rec { 70 phpFpm = rec {
71 serviceDeps = [ "mysql.service" "openldap.service" ]; 71 serviceDeps = [ "mysql.service" "openldap.service" ];
72 basedir = builtins.concatStringsSep ":" ( 72 basedir = builtins.concatStringsSep ":" (
73 [ webRoot "/var/secrets/webapps/tools-yourls" ] 73 [ webRoot config.secrets.fullPaths."webapps/tools-yourls" ]
74 ++ webRoot.plugins); 74 ++ webRoot.plugins);
75 pool = { 75 pool = {
76 "listen.owner" = apache.user; 76 "listen.owner" = apache.user;
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-28 14:24:19 +0000