From f8026b6e4c869aa108f6361c8ccd50890657994d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Sat, 18 May 2019 10:49:00 +0200
Subject: Move personal websites to modules

---
 modules/private/websites/immae/production.nix | 64 +++++++++++++++++++++++++++
 modules/private/websites/immae/release.nix    | 39 ++++++++++++++++
 modules/private/websites/immae/temp.nix       | 36 +++++++++++++++
 3 files changed, 139 insertions(+)
 create mode 100644 modules/private/websites/immae/production.nix
 create mode 100644 modules/private/websites/immae/release.nix
 create mode 100644 modules/private/websites/immae/temp.nix

(limited to 'modules/private/websites/immae')

diff --git a/modules/private/websites/immae/production.nix b/modules/private/websites/immae/production.nix
new file mode 100644
index 0000000..58cf048
--- /dev/null
+++ b/modules/private/websites/immae/production.nix
@@ -0,0 +1,64 @@
+{ lib, pkgs, config, myconfig,  ... }:
+let
+  cfg = config.myServices.websites.immae.production;
+  varDir = "/var/lib/ftp/immae";
+  env = myconfig.env.websites.immae;
+in {
+  options.myServices.websites.immae.production.enable = lib.mkEnableOption "enable Immae's website";
+
+  config = lib.mkIf cfg.enable {
+    services.webstats.sites = [ { name = "www.immae.eu"; } ];
+
+    services.myPhpfpm.poolConfigs.immae = ''
+      listen = /run/phpfpm/immae.sock
+      user = wwwrun
+      group = wwwrun
+      listen.owner = wwwrun
+      listen.group = wwwrun
+
+      pm = ondemand
+      pm.max_children = 5
+      pm.process_idle_timeout = 60
+
+      php_admin_value[open_basedir] = "${varDir}:/tmp"
+      '';
+    services.websites.production.modules = [ "proxy_fcgi" ];
+    services.websites.production.vhostConfs.immae = {
+      certName    = "eldiron";
+      addToCerts  = true;
+      hosts       = [ "www.immae.eu" ];
+      root        = varDir;
+      extraConfig = [
+        ''
+        Use Stats www.immae.eu
+
+        <FilesMatch "\.php$">
+          SetHandler "proxy:unix:/run/phpfpm/immae.sock|fcgi://localhost"
+        </FilesMatch>
+
+        <Directory ${varDir}>
+          DirectoryIndex index.php index.htm index.html
+          Options Indexes FollowSymLinks MultiViews Includes
+          AllowOverride All
+          Require all granted
+        </Directory>
+
+        <Location /blog_old/>
+          Use LDAPConnect
+          Require ldap-group cn=blog,cn=immae.eu,ou=services,dc=immae,dc=eu
+        </Location>
+        ''
+      ];
+    };
+
+    services.websites.production.vhostConfs.bouya = {
+      certName    = "eldiron";
+      addToCerts  = true;
+      hosts       = [ "bouya.org" "www.bouya.org" ];
+      root        = null;
+      extraConfig = [ ''
+        RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://www.normalesup.org/~bouya/
+        '' ];
+    };
+  };
+}
diff --git a/modules/private/websites/immae/release.nix b/modules/private/websites/immae/release.nix
new file mode 100644
index 0000000..68381a6
--- /dev/null
+++ b/modules/private/websites/immae/release.nix
@@ -0,0 +1,39 @@
+{ lib, pkgs, config, myconfig,  ... }:
+let
+  cfg = config.myServices.websites.immae.release;
+  varDir = "/var/lib/ftp/release.immae.eu";
+  env = myconfig.env.websites.release;
+in {
+  options.myServices.websites.immae.release.enable = lib.mkEnableOption "enable Release' website";
+
+  config = lib.mkIf cfg.enable {
+    services.webstats.sites = [ { name = "release.immae.eu"; } ];
+
+    services.websites.production.vhostConfs.release = {
+      certName    = "eldiron";
+      addToCerts  = true;
+      hosts       = [ "release.immae.eu" ];
+      root        = varDir;
+      extraConfig = [
+        ''
+        Use Stats release.immae.eu
+
+        Use Apaxy "${varDir}" "title .duplicity-ignore"
+        <Directory "${varDir}">
+          Use LDAPConnect
+          Options Indexes
+          AllowOverride All
+          Require all granted
+        </Directory>
+
+        <Directory "${varDir}/packages">
+          Use LDAPConnect
+          Options Indexes FollowSymlinks
+          AllowOverride None
+          Require all granted
+        </Directory>
+        ''
+      ];
+    };
+  };
+}
diff --git a/modules/private/websites/immae/temp.nix b/modules/private/websites/immae/temp.nix
new file mode 100644
index 0000000..0b2a3a3
--- /dev/null
+++ b/modules/private/websites/immae/temp.nix
@@ -0,0 +1,36 @@
+{ lib, pkgs, config, myconfig,  ... }:
+let
+  cfg = config.myServices.websites.immae.temp;
+  varDir = "/var/lib/ftp/temp.immae.eu";
+  env = myconfig.env.websites.temp;
+in {
+  options.myServices.websites.immae.temp.enable = lib.mkEnableOption "enable Temp' website";
+
+  config = lib.mkIf cfg.enable {
+    services.websites.production.modules = [ "headers" ];
+    services.websites.production.vhostConfs.temp = {
+      certName    = "eldiron";
+      addToCerts  = true;
+      hosts       = [ "temp.immae.eu" ];
+      root        = varDir;
+      extraConfig = [
+        ''
+        Use Apaxy "${varDir}" "title .duplicity-ignore"
+        <FilesMatch ".+">
+          Header set Content-Disposition attachment
+        </FilesMatch>
+        <Directory "${varDir}">
+          Options -Indexes
+          AllowOverride None
+          Require all granted
+        </Directory>
+
+        <DirectoryMatch "${varDir}/(.+)">
+          Options Indexes
+        </DirectoryMatch>
+        ''
+      ];
+    };
+  };
+}
+
-- 
cgit v1.2.3