diff options
Diffstat (limited to 'nixops/modules/websites/default.nix')
-rw-r--r-- | nixops/modules/websites/default.nix | 236 |
1 files changed, 0 insertions, 236 deletions
diff --git a/nixops/modules/websites/default.nix b/nixops/modules/websites/default.nix deleted file mode 100644 index 1948fe9..0000000 --- a/nixops/modules/websites/default.nix +++ /dev/null | |||
@@ -1,236 +0,0 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | ||
2 | let | ||
3 | cfg = config.services.myWebsites; | ||
4 | www_root = "/run/current-system/webapps/_www"; | ||
5 | theme_root = "/run/current-system/webapps/_theme"; | ||
6 | apacheConfig = { | ||
7 | gzip = { | ||
8 | modules = [ "deflate" "filter" ]; | ||
9 | extraConfig = '' | ||
10 | AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript | ||
11 | ''; | ||
12 | }; | ||
13 | macros = { | ||
14 | modules = [ "macro" ]; | ||
15 | }; | ||
16 | stats = { | ||
17 | extraConfig = '' | ||
18 | <Macro Stats %{domain}> | ||
19 | Alias /webstats ${config.services.webstats.dataDir}/%{domain} | ||
20 | <Directory ${config.services.webstats.dataDir}/%{domain}> | ||
21 | DirectoryIndex index.html | ||
22 | AllowOverride None | ||
23 | Require all granted | ||
24 | </Directory> | ||
25 | <Location /webstats> | ||
26 | Use LDAPConnect | ||
27 | Require ldap-group cn=%{domain},ou=stats,cn=httpd,ou=services,dc=immae,dc=eu | ||
28 | </Location> | ||
29 | </Macro> | ||
30 | ''; | ||
31 | }; | ||
32 | ldap = { | ||
33 | modules = [ "ldap" "authnz_ldap" ]; | ||
34 | extraConfig = '' | ||
35 | <IfModule ldap_module> | ||
36 | LDAPSharedCacheSize 500000 | ||
37 | LDAPCacheEntries 1024 | ||
38 | LDAPCacheTTL 600 | ||
39 | LDAPOpCacheEntries 1024 | ||
40 | LDAPOpCacheTTL 600 | ||
41 | </IfModule> | ||
42 | |||
43 | Include /var/secrets/apache-ldap | ||
44 | ''; | ||
45 | }; | ||
46 | global = { | ||
47 | extraConfig = (pkgs.webapps.apache-default.override { inherit www_root;}).apacheConfig; | ||
48 | }; | ||
49 | apaxy = { | ||
50 | extraConfig = (pkgs.webapps.apache-theme.override { inherit theme_root; }).apacheConfig; | ||
51 | }; | ||
52 | http2 = { | ||
53 | modules = [ "http2" ]; | ||
54 | extraConfig = '' | ||
55 | Protocols h2 http/1.1 | ||
56 | ''; | ||
57 | }; | ||
58 | customLog = { | ||
59 | extraConfig = '' | ||
60 | LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedVhost | ||
61 | ''; | ||
62 | }; | ||
63 | }; | ||
64 | makeModules = lib.lists.flatten (lib.attrsets.mapAttrsToList (n: v: v.modules or []) apacheConfig); | ||
65 | makeExtraConfig = (builtins.filter (x: x != null) (lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) apacheConfig)); | ||
66 | in | ||
67 | { | ||
68 | imports = [ | ||
69 | ./tools/db.nix | ||
70 | ./tools/tools | ||
71 | ./tools/dav | ||
72 | ./tools/cloud.nix | ||
73 | ./tools/git | ||
74 | ./tools/mastodon.nix | ||
75 | ./tools/mediagoblin.nix | ||
76 | ./tools/diaspora.nix | ||
77 | ./tools/ether.nix | ||
78 | ./tools/peertube.nix | ||
79 | ]; | ||
80 | |||
81 | config = { | ||
82 | users.users.wwwrun.extraGroups = [ "keys" ]; | ||
83 | networking.firewall.allowedTCPPorts = [ 80 443 ]; | ||
84 | |||
85 | nixpkgs.overlays = [ (self: super: rec { | ||
86 | #openssl = self.openssl_1_1; | ||
87 | php = php72; | ||
88 | php72 = (super.php72.override { | ||
89 | mysql.connector-c = self.mariadb; | ||
90 | config.php.mysqlnd = false; | ||
91 | config.php.mysqli = false; | ||
92 | }).overrideAttrs(old: rec { | ||
93 | # Didn't manage to build with mysqli + mysql_config connector | ||
94 | configureFlags = old.configureFlags ++ [ | ||
95 | "--with-mysqli=shared,mysqlnd" | ||
96 | ]; | ||
97 | # preConfigure = (old.preConfigure or "") + '' | ||
98 | # export CPPFLAGS="$CPPFLAGS -I${pkgs.mariadb}/include/mysql/server"; | ||
99 | # sed -i -e 's/#include "mysqli_priv.h"/#include "mysqli_priv.h"\n#include <mysql_version.h>/' \ | ||
100 | # ext/mysqli/mysqli.c ext/mysqli/mysqli_prop.c | ||
101 | # ''; | ||
102 | }); | ||
103 | phpPackages = super.php72Packages.override { inherit php; }; | ||
104 | }) ]; | ||
105 | |||
106 | services.myWebsites.tools.databases.enable = true; | ||
107 | services.myWebsites.tools.tools.enable = true; | ||
108 | services.myWebsites.tools.dav.enable = true; | ||
109 | services.myWebsites.tools.cloud.enable = true; | ||
110 | services.myWebsites.tools.git.enable = true; | ||
111 | services.myWebsites.tools.mastodon.enable = true; | ||
112 | services.myWebsites.tools.mediagoblin.enable = true; | ||
113 | services.myWebsites.tools.diaspora.enable = true; | ||
114 | services.myWebsites.tools.etherpad-lite.enable = true; | ||
115 | services.myWebsites.tools.peertube.enable = true; | ||
116 | |||
117 | secrets.keys = [{ | ||
118 | dest = "apache-ldap"; | ||
119 | user = "wwwrun"; | ||
120 | group = "wwwrun"; | ||
121 | permissions = "0400"; | ||
122 | text = '' | ||
123 | <Macro LDAPConnect> | ||
124 | <IfModule authnz_ldap_module> | ||
125 | AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu STARTTLS | ||
126 | AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu | ||
127 | AuthLDAPBindPassword "${myconfig.env.httpd.ldap.password}" | ||
128 | AuthType Basic | ||
129 | AuthName "Authentification requise (Acces LDAP)" | ||
130 | AuthBasicProvider ldap | ||
131 | </IfModule> | ||
132 | </Macro> | ||
133 | ''; | ||
134 | }]; | ||
135 | |||
136 | system.activationScripts = { | ||
137 | httpd = '' | ||
138 | install -d -m 0755 ${config.security.acme.directory}/acme-challenge | ||
139 | install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions | ||
140 | install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/adminer | ||
141 | install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/tmp/adminer | ||
142 | install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/mantisbt | ||
143 | install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/davical | ||
144 | install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/phpldapadmin | ||
145 | ''; | ||
146 | }; | ||
147 | |||
148 | system.extraSystemBuilderCmds = let | ||
149 | adminer = pkgs.callPackage ./commons/adminer.nix {}; | ||
150 | in '' | ||
151 | mkdir -p $out/webapps | ||
152 | ln -s ${pkgs.webapps.apache-default.www} $out/webapps/_www | ||
153 | ln -s ${pkgs.webapps.apache-theme.theme} $out/webapps/_theme | ||
154 | ln -s ${adminer.webRoot} $out/webapps/${adminer.apache.webappName} | ||
155 | ''; | ||
156 | |||
157 | services.phpfpm = { | ||
158 | phpPackage = pkgs.php; | ||
159 | phpOptions = '' | ||
160 | session.save_path = "/var/lib/php/sessions" | ||
161 | post_max_size = 20M | ||
162 | ; 15 days (seconds) | ||
163 | session.gc_maxlifetime = 1296000 | ||
164 | ; 30 days (minutes) | ||
165 | session.cache_expire = 43200 | ||
166 | ''; | ||
167 | extraConfig = '' | ||
168 | log_level = notice | ||
169 | ''; | ||
170 | }; | ||
171 | |||
172 | services.websites.production = { | ||
173 | enable = true; | ||
174 | adminAddr = "httpd@immae.eu"; | ||
175 | httpdName = "Prod"; | ||
176 | ips = | ||
177 | let ips = myconfig.env.servers.eldiron.ips.production; | ||
178 | in [ips.ip4] ++ (ips.ip6 or []); | ||
179 | modules = makeModules; | ||
180 | extraConfig = makeExtraConfig; | ||
181 | fallbackVhost = { | ||
182 | certName = "eldiron"; | ||
183 | hosts = ["eldiron.immae.eu" ]; | ||
184 | root = www_root; | ||
185 | extraConfig = [ "DirectoryIndex index.htm" ]; | ||
186 | }; | ||
187 | }; | ||
188 | |||
189 | services.websites.integration = { | ||
190 | enable = true; | ||
191 | adminAddr = "httpd@immae.eu"; | ||
192 | httpdName = "Inte"; | ||
193 | ips = | ||
194 | let ips = myconfig.env.servers.eldiron.ips.integration; | ||
195 | in [ips.ip4] ++ (ips.ip6 or []); | ||
196 | modules = makeModules; | ||
197 | extraConfig = makeExtraConfig; | ||
198 | fallbackVhost = { | ||
199 | certName = "eldiron"; | ||
200 | hosts = ["eldiron.immae.eu" ]; | ||
201 | root = www_root; | ||
202 | extraConfig = [ "DirectoryIndex index.htm" ]; | ||
203 | }; | ||
204 | }; | ||
205 | |||
206 | services.websites.tools = { | ||
207 | enable = true; | ||
208 | adminAddr = "httpd@immae.eu"; | ||
209 | httpdName = "Tools"; | ||
210 | ips = | ||
211 | let ips = myconfig.env.servers.eldiron.ips.main; | ||
212 | in [ips.ip4] ++ (ips.ip6 or []); | ||
213 | modules = makeModules; | ||
214 | extraConfig = makeExtraConfig ++ | ||
215 | [ '' | ||
216 | RedirectMatch ^/licen[cs]es?_et_tip(ping)?$ https://www.immae.eu/licences_et_tip.html | ||
217 | RedirectMatch ^/licen[cs]es?_and_tip(ping)?$ https://www.immae.eu/licenses_and_tipping.html | ||
218 | RedirectMatch ^/licen[cs]es?$ https://www.immae.eu/licenses_and_tipping.html | ||
219 | RedirectMatch ^/tip(ping)?$ https://www.immae.eu/licenses_and_tipping.html | ||
220 | RedirectMatch ^/(mentions|mentions_legales|legal)$ https://www.immae.eu/mentions.html | ||
221 | RedirectMatch ^/CGU$ https://www.immae.eu/CGU | ||
222 | '' | ||
223 | ]; | ||
224 | nosslVhost = { | ||
225 | enable = true; | ||
226 | host = "nossl.immae.eu"; | ||
227 | }; | ||
228 | fallbackVhost = { | ||
229 | certName = "eldiron"; | ||
230 | hosts = ["eldiron.immae.eu" ]; | ||
231 | root = www_root; | ||
232 | extraConfig = [ "DirectoryIndex index.htm" ]; | ||
233 | }; | ||
234 | }; | ||
235 | }; | ||
236 | } | ||