diff options
Diffstat (limited to 'virtual/eldiron.nix')
| -rw-r--r-- | virtual/eldiron.nix | 110 |
1 files changed, 1 insertions, 109 deletions
diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix index c9075cf..cefef70 100644 --- a/virtual/eldiron.nix +++ b/virtual/eldiron.nix | |||
| @@ -29,7 +29,7 @@ | |||
| 29 | imports = [ | 29 | imports = [ |
| 30 | ./modules/certificates.nix | 30 | ./modules/certificates.nix |
| 31 | ./modules/gitolite.nix | 31 | ./modules/gitolite.nix |
| 32 | ./modules/gitweb.nix | 32 | ./modules/gitweb |
| 33 | ./modules/databases.nix | 33 | ./modules/databases.nix |
| 34 | ./modules/websites | 34 | ./modules/websites |
| 35 | ./modules/websites/phpfpm | 35 | ./modules/websites/phpfpm |
| @@ -155,114 +155,6 @@ | |||
| 155 | source = ldap_authorized_keys; | 155 | source = ldap_authorized_keys; |
| 156 | }; | 156 | }; |
| 157 | 157 | ||
| 158 | services.gitDaemon = { | ||
| 159 | enable = true; | ||
| 160 | user = "gitolite"; | ||
| 161 | group = "gitolite"; | ||
| 162 | basePath = "${mypkgs.git.web.varDir}/repositories"; | ||
| 163 | }; | ||
| 164 | |||
| 165 | # FIXME: logrotate | ||
| 166 | services.httpd = let | ||
| 167 | withConf = domain: { | ||
| 168 | enableSSL = true; | ||
| 169 | sslServerCert = "/var/lib/acme/${domain}/cert.pem"; | ||
| 170 | sslServerKey = "/var/lib/acme/${domain}/key.pem"; | ||
| 171 | sslServerChain = "/var/lib/acme/${domain}/fullchain.pem"; | ||
| 172 | logFormat = "combinedVhost"; | ||
| 173 | listen = [ | ||
| 174 | { ip = "176.9.151.89"; port = 443; } | ||
| 175 | ]; | ||
| 176 | }; | ||
| 177 | apacheConfig = config.services.myWebsites.apacheConfig; | ||
| 178 | in rec { | ||
| 179 | enable = true; | ||
| 180 | logPerVirtualHost = true; | ||
| 181 | multiProcessingModule = "worker"; | ||
| 182 | adminAddr = "httpd@immae.eu"; | ||
| 183 | logFormat = "combinedVhost"; | ||
| 184 | extraModules = pkgs.lib.lists.unique ( | ||
| 185 | mypkgs.adminer.apache.modules ++ | ||
| 186 | mypkgs.nextcloud.apache.modules ++ | ||
| 187 | mypkgs.ympd.apache.modules ++ | ||
| 188 | mypkgs.git.web.apache.modules ++ | ||
| 189 | mypkgs.mantisbt.apache.modules ++ | ||
| 190 | mypkgs.ttrss.apache.modules ++ | ||
| 191 | mypkgs.roundcubemail.apache.modules ++ | ||
| 192 | pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) apacheConfig)); | ||
| 193 | extraConfig = builtins.concatStringsSep "\n" | ||
| 194 | (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) apacheConfig)); | ||
| 195 | virtualHosts = [ | ||
| 196 | (withConf "eldiron" // { | ||
| 197 | hostName = "eldiron.immae.eu"; | ||
| 198 | documentRoot = ./www; | ||
| 199 | extraConfig = '' | ||
| 200 | DirectoryIndex index.htm | ||
| 201 | ''; | ||
| 202 | }) | ||
| 203 | (withConf "eldiron" // { | ||
| 204 | hostName = "db-1.immae.eu"; | ||
| 205 | documentRoot = null; | ||
| 206 | extraConfig = builtins.concatStringsSep "\n" [ | ||
| 207 | mypkgs.adminer.apache.vhostConf | ||
| 208 | ]; | ||
| 209 | }) | ||
| 210 | (withConf "eldiron" // { | ||
| 211 | hostName = "tools.immae.eu"; | ||
| 212 | documentRoot = null; | ||
| 213 | extraConfig = builtins.concatStringsSep "\n" [ | ||
| 214 | mypkgs.adminer.apache.vhostConf | ||
| 215 | mypkgs.ympd.apache.vhostConf | ||
| 216 | mypkgs.ttrss.apache.vhostConf | ||
| 217 | mypkgs.roundcubemail.apache.vhostConf | ||
| 218 | ]; | ||
| 219 | }) | ||
| 220 | (withConf "eldiron" // { | ||
| 221 | hostName = "dav.immae.eu"; | ||
| 222 | documentRoot = null; | ||
| 223 | extraConfig = builtins.concatStringsSep "\n" [ | ||
| 224 | mypkgs.infcloud.apache.vhostConf | ||
| 225 | mypkgs.davical.apache.vhostConf | ||
| 226 | ]; | ||
| 227 | }) | ||
| 228 | (withConf "eldiron" // { | ||
| 229 | hostName = "cloud.immae.eu"; | ||
| 230 | documentRoot = mypkgs.nextcloud.webRoot; | ||
| 231 | extraConfig = builtins.concatStringsSep "\n" [ | ||
| 232 | mypkgs.nextcloud.apache.vhostConf | ||
| 233 | ]; | ||
| 234 | }) | ||
| 235 | (withConf "eldiron" // { | ||
| 236 | hostName = "git.immae.eu"; | ||
| 237 | documentRoot = mypkgs.git.web.webRoot; | ||
| 238 | extraConfig = builtins.concatStringsSep "\n" [ | ||
| 239 | mypkgs.git.web.apache.vhostConf | ||
| 240 | mypkgs.mantisbt.apache.vhostConf | ||
| 241 | ] + '' | ||
| 242 | RewriteEngine on | ||
| 243 | RewriteCond %{REQUEST_URI} ^/releases | ||
| 244 | RewriteRule /releases(.*) https://release.immae.eu$1 [P,L] | ||
| 245 | ''; | ||
| 246 | }) | ||
| 247 | { # Should go last, default fallback | ||
| 248 | listen = [ { ip = "*"; port = 80; } ]; | ||
| 249 | hostName = "redirectSSL"; | ||
| 250 | serverAliases = [ "*" ]; | ||
| 251 | enableSSL = false; | ||
| 252 | logFormat = "combinedVhost"; | ||
| 253 | documentRoot = "/var/lib/acme/acme-challenge"; | ||
| 254 | extraConfig = '' | ||
| 255 | RewriteEngine on | ||
| 256 | RewriteCond "%{REQUEST_URI}" "!^/\.well-known" | ||
| 257 | RewriteRule ^(.+) https://%{HTTP_HOST}$1 [R=301] | ||
| 258 | # To redirect in specific "VirtualHost *:80", do | ||
| 259 | # RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://host/$1 | ||
| 260 | # rather than rewrite | ||
| 261 | ''; | ||
| 262 | } | ||
| 263 | ]; | ||
| 264 | }; | ||
| 265 | |||
| 266 | systemd.services.tt-rss = { | 158 | systemd.services.tt-rss = { |
| 267 | description = "Tiny Tiny RSS feeds update daemon"; | 159 | description = "Tiny Tiny RSS feeds update daemon"; |
| 268 | serviceConfig = { | 160 | serviceConfig = { |