diff options
Diffstat (limited to 'virtual/eldiron.nix')
-rw-r--r-- | virtual/eldiron.nix | 110 |
1 files changed, 1 insertions, 109 deletions
diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix index c9075cf..cefef70 100644 --- a/virtual/eldiron.nix +++ b/virtual/eldiron.nix | |||
@@ -29,7 +29,7 @@ | |||
29 | imports = [ | 29 | imports = [ |
30 | ./modules/certificates.nix | 30 | ./modules/certificates.nix |
31 | ./modules/gitolite.nix | 31 | ./modules/gitolite.nix |
32 | ./modules/gitweb.nix | 32 | ./modules/gitweb |
33 | ./modules/databases.nix | 33 | ./modules/databases.nix |
34 | ./modules/websites | 34 | ./modules/websites |
35 | ./modules/websites/phpfpm | 35 | ./modules/websites/phpfpm |
@@ -155,114 +155,6 @@ | |||
155 | source = ldap_authorized_keys; | 155 | source = ldap_authorized_keys; |
156 | }; | 156 | }; |
157 | 157 | ||
158 | services.gitDaemon = { | ||
159 | enable = true; | ||
160 | user = "gitolite"; | ||
161 | group = "gitolite"; | ||
162 | basePath = "${mypkgs.git.web.varDir}/repositories"; | ||
163 | }; | ||
164 | |||
165 | # FIXME: logrotate | ||
166 | services.httpd = let | ||
167 | withConf = domain: { | ||
168 | enableSSL = true; | ||
169 | sslServerCert = "/var/lib/acme/${domain}/cert.pem"; | ||
170 | sslServerKey = "/var/lib/acme/${domain}/key.pem"; | ||
171 | sslServerChain = "/var/lib/acme/${domain}/fullchain.pem"; | ||
172 | logFormat = "combinedVhost"; | ||
173 | listen = [ | ||
174 | { ip = "176.9.151.89"; port = 443; } | ||
175 | ]; | ||
176 | }; | ||
177 | apacheConfig = config.services.myWebsites.apacheConfig; | ||
178 | in rec { | ||
179 | enable = true; | ||
180 | logPerVirtualHost = true; | ||
181 | multiProcessingModule = "worker"; | ||
182 | adminAddr = "httpd@immae.eu"; | ||
183 | logFormat = "combinedVhost"; | ||
184 | extraModules = pkgs.lib.lists.unique ( | ||
185 | mypkgs.adminer.apache.modules ++ | ||
186 | mypkgs.nextcloud.apache.modules ++ | ||
187 | mypkgs.ympd.apache.modules ++ | ||
188 | mypkgs.git.web.apache.modules ++ | ||
189 | mypkgs.mantisbt.apache.modules ++ | ||
190 | mypkgs.ttrss.apache.modules ++ | ||
191 | mypkgs.roundcubemail.apache.modules ++ | ||
192 | pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) apacheConfig)); | ||
193 | extraConfig = builtins.concatStringsSep "\n" | ||
194 | (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) apacheConfig)); | ||
195 | virtualHosts = [ | ||
196 | (withConf "eldiron" // { | ||
197 | hostName = "eldiron.immae.eu"; | ||
198 | documentRoot = ./www; | ||
199 | extraConfig = '' | ||
200 | DirectoryIndex index.htm | ||
201 | ''; | ||
202 | }) | ||
203 | (withConf "eldiron" // { | ||
204 | hostName = "db-1.immae.eu"; | ||
205 | documentRoot = null; | ||
206 | extraConfig = builtins.concatStringsSep "\n" [ | ||
207 | mypkgs.adminer.apache.vhostConf | ||
208 | ]; | ||
209 | }) | ||
210 | (withConf "eldiron" // { | ||
211 | hostName = "tools.immae.eu"; | ||
212 | documentRoot = null; | ||
213 | extraConfig = builtins.concatStringsSep "\n" [ | ||
214 | mypkgs.adminer.apache.vhostConf | ||
215 | mypkgs.ympd.apache.vhostConf | ||
216 | mypkgs.ttrss.apache.vhostConf | ||
217 | mypkgs.roundcubemail.apache.vhostConf | ||
218 | ]; | ||
219 | }) | ||
220 | (withConf "eldiron" // { | ||
221 | hostName = "dav.immae.eu"; | ||
222 | documentRoot = null; | ||
223 | extraConfig = builtins.concatStringsSep "\n" [ | ||
224 | mypkgs.infcloud.apache.vhostConf | ||
225 | mypkgs.davical.apache.vhostConf | ||
226 | ]; | ||
227 | }) | ||
228 | (withConf "eldiron" // { | ||
229 | hostName = "cloud.immae.eu"; | ||
230 | documentRoot = mypkgs.nextcloud.webRoot; | ||
231 | extraConfig = builtins.concatStringsSep "\n" [ | ||
232 | mypkgs.nextcloud.apache.vhostConf | ||
233 | ]; | ||
234 | }) | ||
235 | (withConf "eldiron" // { | ||
236 | hostName = "git.immae.eu"; | ||
237 | documentRoot = mypkgs.git.web.webRoot; | ||
238 | extraConfig = builtins.concatStringsSep "\n" [ | ||
239 | mypkgs.git.web.apache.vhostConf | ||
240 | mypkgs.mantisbt.apache.vhostConf | ||
241 | ] + '' | ||
242 | RewriteEngine on | ||
243 | RewriteCond %{REQUEST_URI} ^/releases | ||
244 | RewriteRule /releases(.*) https://release.immae.eu$1 [P,L] | ||
245 | ''; | ||
246 | }) | ||
247 | { # Should go last, default fallback | ||
248 | listen = [ { ip = "*"; port = 80; } ]; | ||
249 | hostName = "redirectSSL"; | ||
250 | serverAliases = [ "*" ]; | ||
251 | enableSSL = false; | ||
252 | logFormat = "combinedVhost"; | ||
253 | documentRoot = "/var/lib/acme/acme-challenge"; | ||
254 | extraConfig = '' | ||
255 | RewriteEngine on | ||
256 | RewriteCond "%{REQUEST_URI}" "!^/\.well-known" | ||
257 | RewriteRule ^(.+) https://%{HTTP_HOST}$1 [R=301] | ||
258 | # To redirect in specific "VirtualHost *:80", do | ||
259 | # RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://host/$1 | ||
260 | # rather than rewrite | ||
261 | ''; | ||
262 | } | ||
263 | ]; | ||
264 | }; | ||
265 | |||
266 | systemd.services.tt-rss = { | 158 | systemd.services.tt-rss = { |
267 | description = "Tiny Tiny RSS feeds update daemon"; | 159 | description = "Tiny Tiny RSS feeds update daemon"; |
268 | serviceConfig = { | 160 | serviceConfig = { |