From 108891744eaa7410e305871212d5b81c1b67a095 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Sat, 12 Jan 2019 12:41:23 +0100 Subject: Refactor websites. This commit refactors websites into module per "vhost". --- virtual/modules/websites/tools/cloud/default.nix | 45 ++++ .../cloud/nextcloud-config/mimetypealiases.json | 4 + .../cloud/nextcloud-config/mimetypemapping.json | 4 + virtual/modules/websites/tools/cloud/nextcloud.nix | 267 +++++++++++++++++++++ 4 files changed, 320 insertions(+) create mode 100644 virtual/modules/websites/tools/cloud/default.nix create mode 100644 virtual/modules/websites/tools/cloud/nextcloud-config/mimetypealiases.json create mode 100644 virtual/modules/websites/tools/cloud/nextcloud-config/mimetypemapping.json create mode 100644 virtual/modules/websites/tools/cloud/nextcloud.nix (limited to 'virtual/modules/websites/tools/cloud') diff --git a/virtual/modules/websites/tools/cloud/default.nix b/virtual/modules/websites/tools/cloud/default.nix new file mode 100644 index 0000000..7dd5c6e --- /dev/null +++ b/virtual/modules/websites/tools/cloud/default.nix @@ -0,0 +1,45 @@ +{ lib, pkgs, config, mylibs, ... }: +let + nextcloud = pkgs.callPackage ./nextcloud.nix { inherit (mylibs) checkEnv; }; + + cfg = config.services.myWebsites.tools.cloud; +in { + options.services.myWebsites.tools.cloud = { + enable = lib.mkEnableOption "enable cloud website"; + }; + + config = lib.mkIf cfg.enable { + security.acme.certs."eldiron".extraDomains."cloud.immae.eu" = null; + + services.myWebsites.tools.modules = nextcloud.apache.modules; + + services.myWebsites.tools.vhostConfs.cloud = { + certName = "eldiron"; + hosts = ["cloud.immae.eu" ]; + root = nextcloud.webRoot; + extraConfig = [ + nextcloud.apache.vhostConf + ]; + }; + + environment.systemPackages = let + occ = pkgs.writeScriptBin "nextcloud-occ" '' + #! ${pkgs.stdenv.shell} + cd ${nextcloud.webRoot} + NEXTCLOUD_CONFIG_DIR="${nextcloud.webRoot}/config" \ + exec \ + ${pkgs.php}/bin/php \ + -c ${pkgs.php}/etc/php.ini \ + occ $* + ''; + in [ occ ]; + + system.activationScripts.nextcloud = nextcloud.activationScript; + + services.myPhpfpm = { + poolPhpConfigs.nextcloud = nextcloud.phpFpm.phpConfig; + poolConfigs.nextcloud = nextcloud.phpFpm.pool; + }; + + }; +} diff --git a/virtual/modules/websites/tools/cloud/nextcloud-config/mimetypealiases.json b/virtual/modules/websites/tools/cloud/nextcloud-config/mimetypealiases.json new file mode 100644 index 0000000..3806e53 --- /dev/null +++ b/virtual/modules/websites/tools/cloud/nextcloud-config/mimetypealiases.json @@ -0,0 +1,4 @@ +{ + "application/gpx+xml": "gpx", + "x-application/kdbx": "kdbx" +} diff --git a/virtual/modules/websites/tools/cloud/nextcloud-config/mimetypemapping.json b/virtual/modules/websites/tools/cloud/nextcloud-config/mimetypemapping.json new file mode 100644 index 0000000..2db4691 --- /dev/null +++ b/virtual/modules/websites/tools/cloud/nextcloud-config/mimetypemapping.json @@ -0,0 +1,4 @@ +{ + "gpx": ["application/gpx+xml"], + "kdbx": ["x-application/kdbx"] +} diff --git a/virtual/modules/websites/tools/cloud/nextcloud.nix b/virtual/modules/websites/tools/cloud/nextcloud.nix new file mode 100644 index 0000000..b8d8e59 --- /dev/null +++ b/virtual/modules/websites/tools/cloud/nextcloud.nix @@ -0,0 +1,267 @@ +{ stdenv, fetchurl, checkEnv, writeText, lib, phpPackages, php }: +let + nextcloud = let + # FIXME: initial sync + # FIXME: backup + buildApp = { appName, version, url, sha256, installPhase ? "mkdir -p $out && cp -R . $out/" }: + stdenv.mkDerivation rec { + name = "nextcloud-app-${appName}-${version}"; + inherit version; + phases = "unpackPhase installPhase"; + inherit installPhase; + src = fetchurl { inherit url sha256; }; + }; + apps = { + # FIXME: nextcloud complains that he cannot write into config + # directory when an app needs upgrade + # /!\ Attention, just changing the version number is not + # sufficient when the downloaded file doesn’t contain the version + # number in it, sha256 needs to be recomputed + audioplayer = buildApp rec { + appName = "audioplayer"; + version = "2.5.0"; + url = "https://github.com/Rello/${appName}/releases/download/${version}/${appName}-${version}.tar.gz"; + sha256 = "1pg4y51cv3agy28n4gfc8i7x1ya1yijxrmhpblm1n846vhmwdcm8"; + }; + bookmarks = buildApp rec { + appName = "bookmarks"; + version = "0.14.3"; + url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}-${version}.tar.gz"; + sha256 = "0s7lkcl70izlkihnml1par0cac0wvckllyyga3jkb7k9vdg7d40c"; + }; + calendar = buildApp rec { + appName = "calendar"; + version = "1.6.4"; + url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz"; + sha256 = "00dijvcvy7snsjslfbyzvpp9anhms22zp1f0zkj89ln33jmana63"; + }; + contacts = buildApp rec { + appName = "contacts"; + version = "3.0.0"; + url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz"; + sha256 = "0fafy5kgzr5ldr3hxxxgmnw4y3qpjnv5ha1f1dlmqbc65s8frw7s"; + }; + deck = buildApp rec { + appName = "deck"; + version = "0.5.2"; + url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz"; + sha256 = "1kygzixxdkp3dbma009p3pw0fj8wgcqcv39n7pay78lh6zi3nic7"; + }; + files_markdown = buildApp rec { + appName = "files_markdown"; + version = "2.0.5"; + url = "https://github.com/icewind1991/${appName}/releases/download/v${version}/${appName}.tar.gz"; + sha256 = "1dzvy4c6vff2qmkwqw13dx92xdkafaxgnipswjw44mh0ncc2n9ym"; + }; + gpxedit = buildApp rec { + appName = "gpxedit"; + version = "0.0.10"; + url = "https://gitlab.com/eneiluj/gpxedit-oc/wikis/uploads/33d187268c5f6f6a55350d656305701c/${appName}-${version}.tar.gz"; + sha256 = "0ynpaxm0xhvcj8xax6rm1w0p6j57wbqidhi7bhn268n483gwl2sw"; + }; + gpxpod = buildApp rec { + appName = "gpxpod"; + version = "3.0.0"; + url = "https://gitlab.com/eneiluj/gpxpod-oc/-/archive/v${version}/${appName}-oc-v${version}.tar.gz"; + sha256 = "0smpi4r3z7zfl1612fb30cwm1xmpiq95c81zzqiwzjf288iys74k"; + }; + keeweb = buildApp rec { + appName = "keeweb"; + version = "0.4.0"; + url = "https://github.com/jhass/nextcloud-keeweb/releases/download/v${version}/${appName}-${version}.tar.gz"; + sha256 = "0453kkb0a8vfivmibpwpx4bvhyn64jhns6cdfjacmnvbm6d75nj1"; + }; + notes = buildApp rec { + appName = "notes"; + version = "2.5.1"; + url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz"; + sha256 = "1albzqqsdirzyw8vhvs7r0qm2wqp8vm9vmxm4crhncd85bk01hmh"; + }; + ocsms = buildApp rec { + appName = "ocsms"; + version = "2.1.0"; + url = "https://github.com/nextcloud/${appName}/releases/download/${version}/${appName}-${version}.tar.gz"; + sha256 = "19xgs82js4sdf6j9478vg9li7za7csvcaa1hbq9nmrq441sbxk9c"; + }; + spreed = buildApp rec { + appName = "spreed"; + version = "5.0.0"; + url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}-${version}.tar.gz"; + sha256 = "1d48mak1fnf1b28r2687yqamm4pxfg3qyxcj9ny31a6xg2cm0xa7"; + }; + tasks = buildApp rec { + appName = "tasks"; + version = "0.9.8"; + url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz"; + sha256 = "089m124lfsfk09fqj50x9n7zndq97jp5afgb8s001rpmzym4g6ny"; + }; + }; + in rec { + varDir = "/var/lib/nextcloud"; + config_php = + assert checkEnv "NIXOPS_NEXTCLOUD_PASSWORD_SALT"; + assert checkEnv "NIXOPS_NEXTCLOUD_DB_USER"; + assert checkEnv "NIXOPS_NEXTCLOUD_DB_PASSWORD"; + assert checkEnv "NIXOPS_NEXTCLOUD_INSTANCE_ID"; + assert checkEnv "NIXOPS_NEXTCLOUD_SECRET"; + assert checkEnv "NIXOPS_NEXTCLOUD_REDIS_DB_INDEX"; + writeText "config.php" '' + '${builtins.getEnv "NIXOPS_NEXTCLOUD_INSTANCE_ID"}', + 'datadirectory' => '/var/lib/nextcloud/', + 'passwordsalt' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_PASSWORD_SALT"}', + 'debug' => false, + 'dbtype' => 'pgsql', + 'version' => '15.0.0.10', + 'dbname' => 'webapps', + 'dbhost' => '/run/postgresql', + 'dbtableprefix' => 'oc_', + 'dbuser' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_DB_USER"}', + 'dbpassword' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_DB_PASSWORD"}', + 'installed' => true, + 'maxZipInputSize' => 0, + 'allowZipDownload' => true, + 'forcessl' => true, + 'theme' => ${"''"}, + 'maintenance' => false, + 'trusted_domains' => + array ( + 0 => 'cloud.immae.eu', + ), + 'secret' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_SECRET"}', + 'appstoreenabled' => false, + 'appstore.experimental.enabled' => true, + 'loglevel' => 0, + 'trashbin_retention_obligation' => 'auto', + 'htaccess.RewriteBase' => '/', + 'mail_smtpmode' => 'smtp', + 'mail_smtphost' => 'mail.immae.eu', + 'mail_smtpname' => ${"''"}, + 'mail_smtppassword' => ${"''"}, + 'mail_from_address' => 'owncloud', + 'mail_smtpauth' => false, + 'mail_domain' => 'immae.eu', + 'memcache.local' => '\\OC\\Memcache\\APCu', + 'memcache.locking' => '\\OC\\Memcache\\Redis', + 'filelocking.enabled' => true, + 'redis' => + array ( + 'host' => 'localhost', + 'port' => 6379, + 'dbindex' => ${builtins.getEnv "NIXOPS_NEXTCLOUD_REDIS_DB_INDEX"}, + ), + 'overwrite.cli.url' => 'https://cloud.immae.eu', + 'ldapIgnoreNamingRules' => false, + 'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory', + 'config_is_read_only' => true, + ); + ''; + config = stdenv.mkDerivation rec { + name = "nextcloud-config"; + src = ./nextcloud-config; + phases = "installPhase"; + installPhase = '' + mkdir -p $out + cp -r $src/* $out + cp ${config_php} $out/config.php + ''; + }; + webRoot = stdenv.mkDerivation rec { + name = "nextcloud-${version}"; + version = "15.0.0"; + + src = fetchurl { + url = "https://download.nextcloud.com/server/releases/${name}.tar.bz2"; + sha256 = "0y7bk1588n5rmmranmmrkajh50074460hr4v052ahg9mf60wbc2v"; + }; + + installPhase = '' + mkdir -p $out/ + cp -R . $out/ + rm -r $out/config + ln -sf ${config} $out/config + ${builtins.concatStringsSep "\n" ( + lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/apps/${name}") apps + )} + ''; + + meta = { + description = "Sharing solution for files, calendars, contacts and more"; + homepage = https://nextcloud.com; + maintainers = with lib.maintainers; [ schneefux bachp globin fpletz ]; + license = lib.licenses.agpl3Plus; + platforms = with lib.platforms; unix; + }; + }; + activationScript = { + deps = [ ]; + text = '' + install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} + install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions + ''; + }; + apache = { + user = "wwwrun"; + group = "wwwrun"; + modules = [ "proxy_fcgi" ]; + vhostConf = '' + SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 + + AcceptPathInfo On + DirectoryIndex index.php + Options FollowSymlinks + Require all granted + AllowOverride all + + + Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" + + + CGIPassAuth on + SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" + + + + + ''; + }; + phpFpm = rec { + basedir = builtins.concatStringsSep ":" ( + [ webRoot varDir config ] + ++ lib.attrsets.mapAttrsToList (name: value: value) apps); + socket = "/var/run/phpfpm/nextcloud.sock"; + phpConfig = '' + extension=${phpPackages.redis}/lib/php/extensions/redis.so + extension=${phpPackages.apcu}/lib/php/extensions/apcu.so + zend_extension=${php}/lib/php/extensions/opcache.so + ''; + pool = '' + listen = ${socket} + user = ${apache.user} + group = ${apache.group} + listen.owner = ${apache.user} + listen.group = ${apache.group} + pm = ondemand + pm.max_children = 60 + pm.process_idle_timeout = 60 + + php_admin_value[output_buffering] = 0 + php_admin_value[max_execution_time] = 1800 + php_admin_value[zend_extension] = "opcache" + php_value[opcache.enable] = 1 + php_value[opcache.enable_cli] = 1 + php_value[opcache.interned_strings_buffer] = 8 + php_value[opcache.max_accelerated_files] = 10000 + php_value[opcache.memory_consumption] = 128 + php_value[opcache.save_comments] = 1 + php_value[opcache.revalidate_freq] = 1 + php_admin_value[memory_limit] = 512M + + php_admin_value[open_basedir] = "${basedir}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp" + php_admin_value[session.save_path] = "${varDir}/phpSessions" + ''; + }; + }; +in + nextcloud -- cgit v1.2.3