From 91b3d06b6a9147e0e03b49d25cdcecb8a617a4f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Tue, 5 May 2020 12:55:05 +0200 Subject: Add file manager --- modules/private/environment.nix | 17 +++++++++ modules/private/websites/immae/temp.nix | 66 +++++++++++++++++++++++++-------- 2 files changed, 68 insertions(+), 15 deletions(-) (limited to 'modules') diff --git a/modules/private/environment.nix b/modules/private/environment.nix index 22217b1..7555fe6 100644 --- a/modules/private/environment.nix +++ b/modules/private/environment.nix @@ -1084,6 +1084,23 @@ in description = "Websites configurations"; type = submodule { options = { + immae = mkOption { + description = "Immae configuration by environment"; + type = submodule { + options = { + temp = mkOption { + description = "Temp configuration"; + type = submodule { + options = { + ldap = mkLdapOptions "Immae temp" { + filter = mkOption { type = str; description = "Filter for user access"; }; + }; + }; + }; + }; + }; + }; + }; isabelle = mkOption { description = "Isabelle configurations by environment"; type = diff --git a/modules/private/websites/immae/temp.nix b/modules/private/websites/immae/temp.nix index c24844e..fd54f5e 100644 --- a/modules/private/websites/immae/temp.nix +++ b/modules/private/websites/immae/temp.nix @@ -1,32 +1,68 @@ { lib, pkgs, config, ... }: let cfg = config.myServices.websites.immae.temp; - varDir = "/var/lib/ftp/temp.immae.eu"; - env = config.myEnv.websites.temp; + varDir = "/var/lib/immae_temp"; + env = config.myEnv.websites.immae.temp; in { options.myServices.websites.immae.temp.enable = lib.mkEnableOption "enable Temp' website"; config = lib.mkIf cfg.enable { - services.websites.env.production.modules = [ "headers" ]; + services.duplyBackup.profiles.immae_temp.rootDir = varDir; + services.duplyBackup.profiles.immae_temp_surfer.rootDir = "/var/lib/surfer"; services.websites.env.production.vhostConfs.immae_temp = { certName = "immae"; addToCerts = true; hosts = [ "temp.immae.eu" ]; - root = varDir; - extraConfig = [ - '' - Use Apaxy "${varDir}" "title .duplicity-ignore" - - Options -Indexes + root = null; + extraConfig = [ '' + ProxyVia On + ProxyRequests Off + ProxyPreserveHost On + ProxyPass / unix:///run/surfer/listen.sock|http://temp.immae.eu/ + ProxyPassReverse / unix:///run/surfer/listen.sock|http://temp.immae.eu/ + + Options FollowSymLinks MultiViews AllowOverride None Require all granted - + + '' ]; + }; + + secrets.keys = [ + { + dest = "webapps/surfer"; + permissions = "0400"; + user = "wwwrun"; + group = "wwwrun"; + text = '' + CLOUDRON_LDAP_URL=ldaps://${env.ldap.host} + CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base} + TOKENSTORE_FILE=/var/lib/surfer/tokens.json + CLOUDRON_LDAP_BIND_DN=${env.ldap.dn} + CLOUDRON_LDAP_BIND_PASSWORD=${env.ldap.password} + CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base} + CLOUDRON_LDAP_FILTER="${env.ldap.filter}" + LISTEN=/run/surfer/listen.sock + ''; + } + ]; + + systemd.services.surfer = { + description = "Surfer"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; - - Options Indexes - - '' - ]; + script = '' + exec ${pkgs.webapps.surfer}/bin/surfer-server ${varDir} + ''; + serviceConfig = { + EnvironmentFile = "/var/secrets/webapps/surfer"; + User = "wwwrun"; + Group = "wwwrun"; + StateDirectory = "surfer"; + RuntimeDirectory = "surfer"; + Type = "simple"; + }; }; }; } -- cgit v1.2.3