From 108891744eaa7410e305871212d5b81c1b67a095 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Sat, 12 Jan 2019 12:41:23 +0100 Subject: Refactor websites. This commit refactors websites into module per "vhost". --- virtual/modules/websites/commons/adminer.nix | 64 + virtual/modules/websites/default.nix | 93 +- virtual/modules/websites/tools/cloud/default.nix | 45 + .../cloud/nextcloud-config/mimetypealiases.json | 4 + .../cloud/nextcloud-config/mimetypemapping.json | 4 + virtual/modules/websites/tools/cloud/nextcloud.nix | 267 ++++ virtual/modules/websites/tools/dav/davical.nix | 164 +++ ..._19eb79ebf9250e5f339675319902458c40ed1755.patch | 26 + virtual/modules/websites/tools/dav/default.nix | 33 + virtual/modules/websites/tools/dav/infcloud.nix | 38 + .../modules/websites/tools/dav/infcloud_config.js | 1446 ++++++++++++++++++++ virtual/modules/websites/tools/db/default.nix | 23 + virtual/modules/websites/tools/git/default.nix | 46 + .../modules/websites/tools/git/gitweb/gitweb.nix | 64 + .../tools/git/gitweb/theme/git-favicon.png | Bin 0 -> 1125 bytes .../websites/tools/git/gitweb/theme/git-logo.png | Bin 0 -> 2412 bytes .../websites/tools/git/gitweb/theme/gitweb.css | 783 +++++++++++ .../websites/tools/git/gitweb/theme/gitweb.js | 27 + .../tools/git/mantisbt/mantisbt-plugin-slack.json | 15 + .../mantisbt-plugin-source-integration.json | 15 + ...t-plugin-source-integration_Source.API.php.diff | 12 + .../websites/tools/git/mantisbt/mantisbt.nix | 124 ++ .../tools/git/mantisbt/patches/bug_report.php.diff | 20 + .../git/mantisbt/patches/bug_report_page.php.diff | 53 + .../git/mantisbt/patches/bugnote_add.php.diff | 20 + .../git/mantisbt/patches/bugnote_add_inc.php.diff | 52 + virtual/modules/websites/tools/tools/default.nix | 65 + .../modules/websites/tools/tools/roundcubemail.nix | 110 ++ virtual/modules/websites/tools/tools/tt-rss.json | 14 + .../tools/ttrss-af-feedmod_type_replace.patch | 12 + .../websites/tools/tools/ttrss-af_feedmod.json | 15 + .../websites/tools/tools/ttrss-auth-ldap.json | 15 + .../websites/tools/tools/ttrss-feediron.json | 15 + .../tools/tools/ttrss-feediron_json_reformat.patch | 18 + .../websites/tools/tools/ttrss-ff_instagram.json | 15 + .../websites/tools/tools/ttrss-tumblr_gdpr_ua.json | 15 + virtual/modules/websites/tools/tools/ttrss.nix | 182 +++ virtual/modules/websites/tools/tools/ympd.nix | 35 + 38 files changed, 3892 insertions(+), 57 deletions(-) create mode 100644 virtual/modules/websites/commons/adminer.nix create mode 100644 virtual/modules/websites/tools/cloud/default.nix create mode 100644 virtual/modules/websites/tools/cloud/nextcloud-config/mimetypealiases.json create mode 100644 virtual/modules/websites/tools/cloud/nextcloud-config/mimetypemapping.json create mode 100644 virtual/modules/websites/tools/cloud/nextcloud.nix create mode 100644 virtual/modules/websites/tools/dav/davical.nix create mode 100644 virtual/modules/websites/tools/dav/davical_19eb79ebf9250e5f339675319902458c40ed1755.patch create mode 100644 virtual/modules/websites/tools/dav/default.nix create mode 100644 virtual/modules/websites/tools/dav/infcloud.nix create mode 100644 virtual/modules/websites/tools/dav/infcloud_config.js create mode 100644 virtual/modules/websites/tools/db/default.nix create mode 100644 virtual/modules/websites/tools/git/default.nix create mode 100644 virtual/modules/websites/tools/git/gitweb/gitweb.nix create mode 100644 virtual/modules/websites/tools/git/gitweb/theme/git-favicon.png create mode 100644 virtual/modules/websites/tools/git/gitweb/theme/git-logo.png create mode 100644 virtual/modules/websites/tools/git/gitweb/theme/gitweb.css create mode 100644 virtual/modules/websites/tools/git/gitweb/theme/gitweb.js create mode 100644 virtual/modules/websites/tools/git/mantisbt/mantisbt-plugin-slack.json create mode 100644 virtual/modules/websites/tools/git/mantisbt/mantisbt-plugin-source-integration.json create mode 100644 virtual/modules/websites/tools/git/mantisbt/mantisbt-plugin-source-integration_Source.API.php.diff create mode 100644 virtual/modules/websites/tools/git/mantisbt/mantisbt.nix create mode 100644 virtual/modules/websites/tools/git/mantisbt/patches/bug_report.php.diff create mode 100644 virtual/modules/websites/tools/git/mantisbt/patches/bug_report_page.php.diff create mode 100644 virtual/modules/websites/tools/git/mantisbt/patches/bugnote_add.php.diff create mode 100644 virtual/modules/websites/tools/git/mantisbt/patches/bugnote_add_inc.php.diff create mode 100644 virtual/modules/websites/tools/tools/default.nix create mode 100644 virtual/modules/websites/tools/tools/roundcubemail.nix create mode 100644 virtual/modules/websites/tools/tools/tt-rss.json create mode 100644 virtual/modules/websites/tools/tools/ttrss-af-feedmod_type_replace.patch create mode 100644 virtual/modules/websites/tools/tools/ttrss-af_feedmod.json create mode 100644 virtual/modules/websites/tools/tools/ttrss-auth-ldap.json create mode 100644 virtual/modules/websites/tools/tools/ttrss-feediron.json create mode 100644 virtual/modules/websites/tools/tools/ttrss-feediron_json_reformat.patch create mode 100644 virtual/modules/websites/tools/tools/ttrss-ff_instagram.json create mode 100644 virtual/modules/websites/tools/tools/ttrss-tumblr_gdpr_ua.json create mode 100644 virtual/modules/websites/tools/tools/ttrss.nix create mode 100644 virtual/modules/websites/tools/tools/ympd.nix (limited to 'virtual/modules/websites') diff --git a/virtual/modules/websites/commons/adminer.nix b/virtual/modules/websites/commons/adminer.nix new file mode 100644 index 0000000..7094e45 --- /dev/null +++ b/virtual/modules/websites/commons/adminer.nix @@ -0,0 +1,64 @@ +{ stdenv, fetchurl, nginx }: +let + adminer = rec { + webRoot = stdenv.mkDerivation rec { + version = "4.7.0"; + name = "adminer-${version}"; + src = fetchurl { + url = "https://www.adminer.org/static/download/${version}/${name}.php"; + sha256 = "1qq2g7rbfh2vrqfm3g0bz0qs057b049n0mhabnsbd1sgnpvnc5z7"; + }; + phases = "installPhase"; + installPhase = '' + mkdir -p $out + cp $src $out/index.php + ''; + }; + phpFpm = rec { + socket = "/var/run/phpfpm/adminer.sock"; + pool = '' + listen = ${socket} + user = ${apache.user} + group = ${apache.group} + listen.owner = ${apache.user} + listen.group = ${apache.group} + pm = ondemand + pm.max_children = 5 + pm.process_idle_timeout = 60 + ;php_admin_flag[log_errors] = on + ; Needed to avoid clashes in browser cookies (same domain) + php_value[session.name] = AdminerPHPSESSID + php_admin_value[open_basedir] = "${webRoot}:/tmp" + php_admin_value[session.save_path] = "/var/lib/php/sessions/adminer" + ''; + }; + apache = { + user = "wwwrun"; + group = "wwwrun"; + modules = [ "proxy_fcgi" ]; + vhostConf = '' + Alias /adminer ${webRoot} + + DirectoryIndex index.php + + SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" + + + ''; + }; + nginxConf = { + alias = webRoot; + index = "index.php"; + extraConfig = '' + include ${nginx}/conf/fastcgi.conf; + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + fastcgi_param HTTP_PROXY ""; + fastcgi_param SCRIPT_FILENAME ${webRoot}/index.php; + fastcgi_pass unix:${phpFpm.socket}; + fastcgi_index index.php; + fastcgi_intercept_errors on; + ''; + }; + }; +in + adminer diff --git a/virtual/modules/websites/default.nix b/virtual/modules/websites/default.nix index b027b81..6b31381 100644 --- a/virtual/modules/websites/default.nix +++ b/virtual/modules/websites/default.nix @@ -91,11 +91,18 @@ in ./aten ./piedsjaloux ./connexionswing + ./tools/db + ./tools/tools + ./tools/dav + ./tools/cloud + ./tools/git # built using: # sed -e "s/services\.httpd/services\.httpdProd/g" .nix-defexpr/channels/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix # And removed users / groups ./apache/httpd_prod.nix ./apache/httpd_inte.nix + # Adapted from base phpfpm + ./phpfpm ]; options.services.myWebsites = { @@ -155,6 +162,12 @@ in phpPackages = oldpkgs.php72Packages.override { inherit php; }; }; + services.myWebsites.tools.databases.enable = true; + services.myWebsites.tools.tools.enable = true; + services.myWebsites.tools.dav.enable = true; + services.myWebsites.tools.cloud.enable = true; + services.myWebsites.tools.git.enable = true; + services.myWebsites.Chloe.production.enable = cfg.production.enable; services.myWebsites.Ludivine.production.enable = cfg.production.enable; services.myWebsites.Aten.production.enable = cfg.production.enable; @@ -227,6 +240,28 @@ in }; }; + system.activationScripts = { + httpd = '' + install -d -m 0755 /var/lib/acme/acme-challenge + install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions + install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/adminer + install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/mantisbt + install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/davical + ''; + }; + + services.myPhpfpm = { + phpPackage = pkgs.php; + phpOptions = '' + session.save_path = "/var/lib/php/sessions" + session.gc_maxlifetime = 60*60*24*15 + session.cache_expire = 60*24*30 + ''; + extraConfig = '' + log_level = notice + ''; + }; + # FIXME: logrotate # FIXME: ipv6 services.httpdProd = makeService "production" config.services.myWebsites.production; @@ -238,63 +273,7 @@ in services.myWebsites.integration.extraConfig = (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig)); services.httpd = makeService "tools" config.services.myWebsites.tools; - services.myWebsites.tools.modules = - mypkgs.adminer.apache.modules ++ - mypkgs.nextcloud.apache.modules ++ - mypkgs.ympd.apache.modules ++ - mypkgs.mantisbt.apache.modules ++ - mypkgs.ttrss.apache.modules ++ - mypkgs.roundcubemail.apache.modules ++ - pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig); + services.myWebsites.tools.modules = pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig); services.myWebsites.tools.extraConfig = (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig)); - # FIXME: move them all to separate modules - services.myWebsites.tools.vhostConfs.eldiron = { - certName = "eldiron"; - hosts = ["eldiron.immae.eu" ]; - root = ../../www; - extraConfig = [ "DirectoryIndex index.htm" ]; - }; - services.myWebsites.tools.vhostConfs.db-1 = { - certName = "eldiron"; - hosts = ["db-1.immae.eu" ]; - root = null; - extraConfig = [ mypkgs.adminer.apache.vhostConf ]; - }; - services.myWebsites.tools.vhostConfs.tools = { - certName = "eldiron"; - hosts = ["tools.immae.eu" ]; - root = null; - extraConfig = [ - mypkgs.adminer.apache.vhostConf - mypkgs.ympd.apache.vhostConf - mypkgs.ttrss.apache.vhostConf - mypkgs.roundcubemail.apache.vhostConf - ]; - }; - services.myWebsites.tools.vhostConfs.dav = { - certName = "eldiron"; - hosts = ["dav.immae.eu" ]; - root = null; - extraConfig = [ - mypkgs.infcloud.apache.vhostConf - mypkgs.davical.apache.vhostConf - ]; - }; - services.myWebsites.tools.vhostConfs.cloud = { - certName = "eldiron"; - hosts = ["cloud.immae.eu" ]; - root = mypkgs.nextcloud.webRoot; - extraConfig = [ - mypkgs.nextcloud.apache.vhostConf - ]; - }; - services.myWebsites.tools.vhostConfs.git.extraConfig = [ - mypkgs.mantisbt.apache.vhostConf - '' - RewriteEngine on - RewriteCond %{REQUEST_URI} ^/releases - RewriteRule /releases(.*) https://release.immae.eu$1 [P,L] - '' - ]; }; } diff --git a/virtual/modules/websites/tools/cloud/default.nix b/virtual/modules/websites/tools/cloud/default.nix new file mode 100644 index 0000000..7dd5c6e --- /dev/null +++ b/virtual/modules/websites/tools/cloud/default.nix @@ -0,0 +1,45 @@ +{ lib, pkgs, config, mylibs, ... }: +let + nextcloud = pkgs.callPackage ./nextcloud.nix { inherit (mylibs) checkEnv; }; + + cfg = config.services.myWebsites.tools.cloud; +in { + options.services.myWebsites.tools.cloud = { + enable = lib.mkEnableOption "enable cloud website"; + }; + + config = lib.mkIf cfg.enable { + security.acme.certs."eldiron".extraDomains."cloud.immae.eu" = null; + + services.myWebsites.tools.modules = nextcloud.apache.modules; + + services.myWebsites.tools.vhostConfs.cloud = { + certName = "eldiron"; + hosts = ["cloud.immae.eu" ]; + root = nextcloud.webRoot; + extraConfig = [ + nextcloud.apache.vhostConf + ]; + }; + + environment.systemPackages = let + occ = pkgs.writeScriptBin "nextcloud-occ" '' + #! ${pkgs.stdenv.shell} + cd ${nextcloud.webRoot} + NEXTCLOUD_CONFIG_DIR="${nextcloud.webRoot}/config" \ + exec \ + ${pkgs.php}/bin/php \ + -c ${pkgs.php}/etc/php.ini \ + occ $* + ''; + in [ occ ]; + + system.activationScripts.nextcloud = nextcloud.activationScript; + + services.myPhpfpm = { + poolPhpConfigs.nextcloud = nextcloud.phpFpm.phpConfig; + poolConfigs.nextcloud = nextcloud.phpFpm.pool; + }; + + }; +} diff --git a/virtual/modules/websites/tools/cloud/nextcloud-config/mimetypealiases.json b/virtual/modules/websites/tools/cloud/nextcloud-config/mimetypealiases.json new file mode 100644 index 0000000..3806e53 --- /dev/null +++ b/virtual/modules/websites/tools/cloud/nextcloud-config/mimetypealiases.json @@ -0,0 +1,4 @@ +{ + "application/gpx+xml": "gpx", + "x-application/kdbx": "kdbx" +} diff --git a/virtual/modules/websites/tools/cloud/nextcloud-config/mimetypemapping.json b/virtual/modules/websites/tools/cloud/nextcloud-config/mimetypemapping.json new file mode 100644 index 0000000..2db4691 --- /dev/null +++ b/virtual/modules/websites/tools/cloud/nextcloud-config/mimetypemapping.json @@ -0,0 +1,4 @@ +{ + "gpx": ["application/gpx+xml"], + "kdbx": ["x-application/kdbx"] +} diff --git a/virtual/modules/websites/tools/cloud/nextcloud.nix b/virtual/modules/websites/tools/cloud/nextcloud.nix new file mode 100644 index 0000000..b8d8e59 --- /dev/null +++ b/virtual/modules/websites/tools/cloud/nextcloud.nix @@ -0,0 +1,267 @@ +{ stdenv, fetchurl, checkEnv, writeText, lib, phpPackages, php }: +let + nextcloud = let + # FIXME: initial sync + # FIXME: backup + buildApp = { appName, version, url, sha256, installPhase ? "mkdir -p $out && cp -R . $out/" }: + stdenv.mkDerivation rec { + name = "nextcloud-app-${appName}-${version}"; + inherit version; + phases = "unpackPhase installPhase"; + inherit installPhase; + src = fetchurl { inherit url sha256; }; + }; + apps = { + # FIXME: nextcloud complains that he cannot write into config + # directory when an app needs upgrade + # /!\ Attention, just changing the version number is not + # sufficient when the downloaded file doesn’t contain the version + # number in it, sha256 needs to be recomputed + audioplayer = buildApp rec { + appName = "audioplayer"; + version = "2.5.0"; + url = "https://github.com/Rello/${appName}/releases/download/${version}/${appName}-${version}.tar.gz"; + sha256 = "1pg4y51cv3agy28n4gfc8i7x1ya1yijxrmhpblm1n846vhmwdcm8"; + }; + bookmarks = buildApp rec { + appName = "bookmarks"; + version = "0.14.3"; + url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}-${version}.tar.gz"; + sha256 = "0s7lkcl70izlkihnml1par0cac0wvckllyyga3jkb7k9vdg7d40c"; + }; + calendar = buildApp rec { + appName = "calendar"; + version = "1.6.4"; + url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz"; + sha256 = "00dijvcvy7snsjslfbyzvpp9anhms22zp1f0zkj89ln33jmana63"; + }; + contacts = buildApp rec { + appName = "contacts"; + version = "3.0.0"; + url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz"; + sha256 = "0fafy5kgzr5ldr3hxxxgmnw4y3qpjnv5ha1f1dlmqbc65s8frw7s"; + }; + deck = buildApp rec { + appName = "deck"; + version = "0.5.2"; + url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz"; + sha256 = "1kygzixxdkp3dbma009p3pw0fj8wgcqcv39n7pay78lh6zi3nic7"; + }; + files_markdown = buildApp rec { + appName = "files_markdown"; + version = "2.0.5"; + url = "https://github.com/icewind1991/${appName}/releases/download/v${version}/${appName}.tar.gz"; + sha256 = "1dzvy4c6vff2qmkwqw13dx92xdkafaxgnipswjw44mh0ncc2n9ym"; + }; + gpxedit = buildApp rec { + appName = "gpxedit"; + version = "0.0.10"; + url = "https://gitlab.com/eneiluj/gpxedit-oc/wikis/uploads/33d187268c5f6f6a55350d656305701c/${appName}-${version}.tar.gz"; + sha256 = "0ynpaxm0xhvcj8xax6rm1w0p6j57wbqidhi7bhn268n483gwl2sw"; + }; + gpxpod = buildApp rec { + appName = "gpxpod"; + version = "3.0.0"; + url = "https://gitlab.com/eneiluj/gpxpod-oc/-/archive/v${version}/${appName}-oc-v${version}.tar.gz"; + sha256 = "0smpi4r3z7zfl1612fb30cwm1xmpiq95c81zzqiwzjf288iys74k"; + }; + keeweb = buildApp rec { + appName = "keeweb"; + version = "0.4.0"; + url = "https://github.com/jhass/nextcloud-keeweb/releases/download/v${version}/${appName}-${version}.tar.gz"; + sha256 = "0453kkb0a8vfivmibpwpx4bvhyn64jhns6cdfjacmnvbm6d75nj1"; + }; + notes = buildApp rec { + appName = "notes"; + version = "2.5.1"; + url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz"; + sha256 = "1albzqqsdirzyw8vhvs7r0qm2wqp8vm9vmxm4crhncd85bk01hmh"; + }; + ocsms = buildApp rec { + appName = "ocsms"; + version = "2.1.0"; + url = "https://github.com/nextcloud/${appName}/releases/download/${version}/${appName}-${version}.tar.gz"; + sha256 = "19xgs82js4sdf6j9478vg9li7za7csvcaa1hbq9nmrq441sbxk9c"; + }; + spreed = buildApp rec { + appName = "spreed"; + version = "5.0.0"; + url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}-${version}.tar.gz"; + sha256 = "1d48mak1fnf1b28r2687yqamm4pxfg3qyxcj9ny31a6xg2cm0xa7"; + }; + tasks = buildApp rec { + appName = "tasks"; + version = "0.9.8"; + url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz"; + sha256 = "089m124lfsfk09fqj50x9n7zndq97jp5afgb8s001rpmzym4g6ny"; + }; + }; + in rec { + varDir = "/var/lib/nextcloud"; + config_php = + assert checkEnv "NIXOPS_NEXTCLOUD_PASSWORD_SALT"; + assert checkEnv "NIXOPS_NEXTCLOUD_DB_USER"; + assert checkEnv "NIXOPS_NEXTCLOUD_DB_PASSWORD"; + assert checkEnv "NIXOPS_NEXTCLOUD_INSTANCE_ID"; + assert checkEnv "NIXOPS_NEXTCLOUD_SECRET"; + assert checkEnv "NIXOPS_NEXTCLOUD_REDIS_DB_INDEX"; + writeText "config.php" '' + '${builtins.getEnv "NIXOPS_NEXTCLOUD_INSTANCE_ID"}', + 'datadirectory' => '/var/lib/nextcloud/', + 'passwordsalt' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_PASSWORD_SALT"}', + 'debug' => false, + 'dbtype' => 'pgsql', + 'version' => '15.0.0.10', + 'dbname' => 'webapps', + 'dbhost' => '/run/postgresql', + 'dbtableprefix' => 'oc_', + 'dbuser' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_DB_USER"}', + 'dbpassword' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_DB_PASSWORD"}', + 'installed' => true, + 'maxZipInputSize' => 0, + 'allowZipDownload' => true, + 'forcessl' => true, + 'theme' => ${"''"}, + 'maintenance' => false, + 'trusted_domains' => + array ( + 0 => 'cloud.immae.eu', + ), + 'secret' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_SECRET"}', + 'appstoreenabled' => false, + 'appstore.experimental.enabled' => true, + 'loglevel' => 0, + 'trashbin_retention_obligation' => 'auto', + 'htaccess.RewriteBase' => '/', + 'mail_smtpmode' => 'smtp', + 'mail_smtphost' => 'mail.immae.eu', + 'mail_smtpname' => ${"''"}, + 'mail_smtppassword' => ${"''"}, + 'mail_from_address' => 'owncloud', + 'mail_smtpauth' => false, + 'mail_domain' => 'immae.eu', + 'memcache.local' => '\\OC\\Memcache\\APCu', + 'memcache.locking' => '\\OC\\Memcache\\Redis', + 'filelocking.enabled' => true, + 'redis' => + array ( + 'host' => 'localhost', + 'port' => 6379, + 'dbindex' => ${builtins.getEnv "NIXOPS_NEXTCLOUD_REDIS_DB_INDEX"}, + ), + 'overwrite.cli.url' => 'https://cloud.immae.eu', + 'ldapIgnoreNamingRules' => false, + 'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory', + 'config_is_read_only' => true, + ); + ''; + config = stdenv.mkDerivation rec { + name = "nextcloud-config"; + src = ./nextcloud-config; + phases = "installPhase"; + installPhase = '' + mkdir -p $out + cp -r $src/* $out + cp ${config_php} $out/config.php + ''; + }; + webRoot = stdenv.mkDerivation rec { + name = "nextcloud-${version}"; + version = "15.0.0"; + + src = fetchurl { + url = "https://download.nextcloud.com/server/releases/${name}.tar.bz2"; + sha256 = "0y7bk1588n5rmmranmmrkajh50074460hr4v052ahg9mf60wbc2v"; + }; + + installPhase = '' + mkdir -p $out/ + cp -R . $out/ + rm -r $out/config + ln -sf ${config} $out/config + ${builtins.concatStringsSep "\n" ( + lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/apps/${name}") apps + )} + ''; + + meta = { + description = "Sharing solution for files, calendars, contacts and more"; + homepage = https://nextcloud.com; + maintainers = with lib.maintainers; [ schneefux bachp globin fpletz ]; + license = lib.licenses.agpl3Plus; + platforms = with lib.platforms; unix; + }; + }; + activationScript = { + deps = [ ]; + text = '' + install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} + install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions + ''; + }; + apache = { + user = "wwwrun"; + group = "wwwrun"; + modules = [ "proxy_fcgi" ]; + vhostConf = '' + SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 + + AcceptPathInfo On + DirectoryIndex index.php + Options FollowSymlinks + Require all granted + AllowOverride all + + + Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" + + + CGIPassAuth on + SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" + + + + + ''; + }; + phpFpm = rec { + basedir = builtins.concatStringsSep ":" ( + [ webRoot varDir config ] + ++ lib.attrsets.mapAttrsToList (name: value: value) apps); + socket = "/var/run/phpfpm/nextcloud.sock"; + phpConfig = '' + extension=${phpPackages.redis}/lib/php/extensions/redis.so + extension=${phpPackages.apcu}/lib/php/extensions/apcu.so + zend_extension=${php}/lib/php/extensions/opcache.so + ''; + pool = '' + listen = ${socket} + user = ${apache.user} + group = ${apache.group} + listen.owner = ${apache.user} + listen.group = ${apache.group} + pm = ondemand + pm.max_children = 60 + pm.process_idle_timeout = 60 + + php_admin_value[output_buffering] = 0 + php_admin_value[max_execution_time] = 1800 + php_admin_value[zend_extension] = "opcache" + php_value[opcache.enable] = 1 + php_value[opcache.enable_cli] = 1 + php_value[opcache.interned_strings_buffer] = 8 + php_value[opcache.max_accelerated_files] = 10000 + php_value[opcache.memory_consumption] = 128 + php_value[opcache.save_comments] = 1 + php_value[opcache.revalidate_freq] = 1 + php_admin_value[memory_limit] = 512M + + php_admin_value[open_basedir] = "${basedir}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp" + php_admin_value[session.save_path] = "${varDir}/phpSessions" + ''; + }; + }; +in + nextcloud diff --git a/virtual/modules/websites/tools/dav/davical.nix b/virtual/modules/websites/tools/dav/davical.nix new file mode 100644 index 0000000..697bd60 --- /dev/null +++ b/virtual/modules/websites/tools/dav/davical.nix @@ -0,0 +1,164 @@ +{ stdenv, fetchurl, gettext, writeText, checkEnv }: +let + awl = stdenv.mkDerivation rec { + version = "0.59"; + name = "awl-${version}"; + src = fetchurl { + url = "https://www.davical.org/downloads/awl_${version}.orig.tar.xz"; + sha256 = "01b7km7ga3ggbpp8axkc55nizgk5c35fl2z93iydb3hwbxmsvnjp"; + }; + unpackCmd = '' + tar --one-top-level -xf $curSrc + ''; + installPhase = '' + mkdir -p $out + cp -ra dba docs inc scripts tests $out + ''; + }; + # FIXME: e-mail sending + davical = rec { + config = + assert checkEnv "NIXOPS_DAVICAL_DB_PASSWORD"; + assert checkEnv "NIXOPS_DAVICAL_LDAP_PASSWORD"; + writeText "davical_config.php" '' + pg_connect[] = "dbname=davical user=davical_app host=db-1.immae.eu password=${builtins.getEnv "NIXOPS_DAVICAL_DB_PASSWORD"}"; + + $c->readonly_webdav_collections = false; + + $c->admin_email ='davical@immae.eu'; + + $c->restrict_setup_to_admin = true; + + $c->collections_always_exist = false; + + $c->external_refresh = 60; + + $c->enable_scheduling = true; + + $c->iMIP = (object) array("send_email" => true); + + $c->authenticate_hook['optional'] = false; + $c->authenticate_hook['call'] = 'LDAP_check'; + $c->authenticate_hook['config'] = array( + 'host' => 'ldap.immae.eu', + 'port' => '389', + 'startTLS' => 'yes', + 'bindDN'=> 'cn=davical,ou=services,dc=immae,dc=eu', + 'passDN'=> '${builtins.getEnv "NIXOPS_DAVICAL_LDAP_PASSWORD"}', + 'protocolVersion' => '3', + 'baseDNUsers'=> array('ou=users,dc=immae,dc=eu', 'ou=group_users,dc=immae,dc=eu'), + 'filterUsers' => 'memberOf=cn=users,cn=davical,ou=services,dc=immae,dc=eu', + 'baseDNGroups' => 'ou=groups,dc=immae,dc=eu', + 'filterGroups' => 'memberOf=cn=groups,cn=davical,ou=services,dc=immae,dc=eu', + 'mapping_field' => array( + "username" => "uid", + "fullname" => "cn", + "email" => "mail", + "modified" => "modifyTimestamp", + ), + 'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)), + /** used to set default value for all users, will be overcharged by ldap if defined also in mapping_field **/ + // 'default_value' => array("date_format_type" => "E","locale" => "fr_FR"), + 'group_mapping_field' => array( + "username" => "cn", + "updated" => "modifyTimestamp", + "fullname" => "givenName", + "displayname" => "givenName", + "members" => "memberUid", + "email" => "mail", + ), + ); + + $c->do_not_sync_from_ldap = array('admin' => true); + include('drivers_ldap.php'); + ''; + webapp = stdenv.mkDerivation rec { + version = "1.1.7"; + name = "davical-${version}"; + src = fetchurl { + url = "https://www.davical.org/downloads/davical_${version}.orig.tar.xz"; + sha256 = "1ar5m2dxr92b204wkdi8z33ir9vz2jbh5k1p74icpv9ywifvjjp9"; + }; + unpackCmd = '' + tar --one-top-level -xf $curSrc + ''; + makeFlags = "all"; + patches = [ ./davical_19eb79ebf9250e5f339675319902458c40ed1755.patch ]; + installPhase = '' + mkdir -p $out + cp -ra config dba docs htdocs inc locale po scripts testing zonedb $out + ln -s ${config} $out/config/config.php + ''; + buildInputs = [ gettext ]; + }; + webRoot = "${webapp}/htdocs"; + apache = { + user = "wwwrun"; + group = "wwwrun"; + modules = [ "proxy_fcgi" ]; + vhostConf = '' + Alias /davical "${webRoot}" + Alias /caldav.php "${webRoot}/caldav.php" + + DirectoryIndex index.php index.html + AcceptPathInfo On + AllowOverride None + Require all granted + + + CGIPassAuth on + SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" + + + RewriteEngine On + + Header unset Access-Control-Allow-Origin + Header unset Access-Control-Allow-Methods + Header unset Access-Control-Allow-Headers + Header unset Access-Control-Allow-Credentials + Header unset Access-Control-Expose-Headers + + Header always set Access-Control-Allow-Origin "*" + Header always set Access-Control-Allow-Methods "GET,POST,OPTIONS,PROPFIND,PROPPATCH,REPORT,PUT,MOVE,DELETE,LOCK,UNLOCK" + Header always set Access-Control-Allow-Headers "User-Agent,Authorization,Content-type,Depth,If-match,If-None-Match,Lock-Token,Timeout,Destination,Overwrite,Prefer,X-client,X-Requested-With" + Header always set Access-Control-Allow-Credentials false + Header always set Access-Control-Expose-Headers "Etag,Preference-Applied" + + RewriteCond %{HTTP:Access-Control-Request-Method} !^$ + RewriteCond %{REQUEST_METHOD} OPTIONS + RewriteRule ^(.*)$ $1 [R=200,L] + + + ''; + }; + phpFpm = rec { + basedir = builtins.concatStringsSep ":" [ webapp config awl ]; + socket = "/var/run/phpfpm/davical.sock"; + pool = '' + listen = ${socket} + user = ${apache.user} + group = ${apache.group} + listen.owner = ${apache.user} + listen.group = ${apache.group} + pm = dynamic + pm.max_children = 60 + pm.start_servers = 2 + pm.min_spare_servers = 1 + pm.max_spare_servers = 10 + + ; Needed to avoid clashes in browser cookies (same domain) + php_value[session.name] = DavicalPHPSESSID + php_admin_value[open_basedir] = "${basedir}:/tmp" + php_admin_value[include_path] = "${awl}/inc:${webapp}/inc" + php_admin_value[session.save_path] = "/var/lib/php/sessions/davical" + php_flag[magic_quotes_gpc] = Off + php_flag[register_globals] = Off + php_admin_value[error_reporting] = "E_ALL & ~E_NOTICE" + php_admin_value[default_charset] = "utf-8" + php_flag[magic_quotes_runtime] = Off + ''; + }; + }; +in + davical diff --git a/virtual/modules/websites/tools/dav/davical_19eb79ebf9250e5f339675319902458c40ed1755.patch b/virtual/modules/websites/tools/dav/davical_19eb79ebf9250e5f339675319902458c40ed1755.patch new file mode 100644 index 0000000..2a08a5c --- /dev/null +++ b/virtual/modules/websites/tools/dav/davical_19eb79ebf9250e5f339675319902458c40ed1755.patch @@ -0,0 +1,26 @@ +diff --git a/inc/ui/collection-edit.php b/inc/ui/collection-edit.php +index 3af9edd3b8c4ad9074113273175098841af6a28e..8c1d84012b035f7bc7faedcb24916581a02a5d3e 100644 +--- a/inc/ui/collection-edit.php ++++ b/inc/ui/collection-edit.php +@@ -190,7 +190,7 @@ $privilege_xlate = array( + * @param dbrow $row The row object we read from the database. + * @return string The formatted privileges. + */ +-function collection_privilege_format_function( $value, $column, $row ) { ++function collection_privilege_format_function( $value, $column = NULL, $row = NULL ) { + global $privilege_xlate; + + $privs = bits_to_privilege($value, 'calendar'); +diff --git a/inc/ui/principal-edit.php b/inc/ui/principal-edit.php +index 20dee7fa4ca2235ff2f74be0dfb52cbe937ef822..2e37cd596b597bcce1e59d7c02a1c5fc2a7f88ce 100644 +--- a/inc/ui/principal-edit.php ++++ b/inc/ui/principal-edit.php +@@ -454,7 +454,7 @@ EOTEMPLATE; + * @param dbrow $row The row object we read from the database. + * @return string The formatted privileges. + */ +-function principal_privilege_format_function( $value, $column, $row ) { ++function principal_privilege_format_function( $value, $column = NULL, $row = NULL ) { + global $privilege_xlate; + + $privs = bits_to_privilege($value,'*'); diff --git a/virtual/modules/websites/tools/dav/default.nix b/virtual/modules/websites/tools/dav/default.nix new file mode 100644 index 0000000..201da38 --- /dev/null +++ b/virtual/modules/websites/tools/dav/default.nix @@ -0,0 +1,33 @@ +{ lib, pkgs, config, mylibs, ... }: +let + infcloud = pkgs.callPackage ./infcloud.nix {}; + davical = pkgs.callPackage ./davical.nix { inherit (mylibs) checkEnv; }; + + cfg = config.services.myWebsites.tools.dav; +in { + options.services.myWebsites.tools.dav = { + enable = lib.mkEnableOption "enable dav website"; + }; + + config = lib.mkIf cfg.enable { + security.acme.certs."eldiron".extraDomains."dav.immae.eu" = null; + + services.myWebsites.tools.modules = davical.apache.modules; + + services.myWebsites.tools.vhostConfs.dav = { + certName = "eldiron"; + hosts = ["dav.immae.eu" ]; + root = null; + extraConfig = [ + infcloud.apache.vhostConf + davical.apache.vhostConf + ]; + }; + + services.myPhpfpm.poolConfigs = { + davical = davical.phpFpm.pool; + }; + + }; +} + diff --git a/virtual/modules/websites/tools/dav/infcloud.nix b/virtual/modules/websites/tools/dav/infcloud.nix new file mode 100644 index 0000000..876578b --- /dev/null +++ b/virtual/modules/websites/tools/dav/infcloud.nix @@ -0,0 +1,38 @@ +{ stdenv, fetchzip, ed }: +let + infcloud = rec { + webRoot = stdenv.mkDerivation rec { + version = "0.13.1"; + name = "InfCloud-${version}"; + src = fetchzip { + url = "https://www.inf-it.com/InfCloud_${version}.zip"; + sha256 = "1fjhs0cj0b9fhf5ysfz281mknmmg1z551bas143sxfcqlpa5aiiq"; + }; + buildPhase = '' + ./cache_update.sh + rm config.js + ''; + installPhase = '' + cp -a . $out + ln -s ${./infcloud_config.js} $out/config.js + ''; + buildInputs = [ ed ]; + }; + apache = { + user = "wwwrun"; + group = "wwwrun"; + vhostConf = '' + Alias /carddavmate ${webRoot} + Alias /caldavzap ${webRoot} + Alias /infcloud ${webRoot} + + AllowOverride All + Options FollowSymlinks + Require all granted + DirectoryIndex index.html + + ''; + }; + }; +in + infcloud diff --git a/virtual/modules/websites/tools/dav/infcloud_config.js b/virtual/modules/websites/tools/dav/infcloud_config.js new file mode 100644 index 0000000..ba73860 --- /dev/null +++ b/virtual/modules/websites/tools/dav/infcloud_config.js @@ -0,0 +1,1446 @@ +/* +InfCloud - the open source CalDAV/CardDAV Web Client +Copyright (C) 2011-2015 + Jan Mate + Andrej Lezo + Matej Mihalik + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU Affero General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU Affero General Public License for more details. + +You should have received a copy of the GNU Affero General Public License +along with this program. If not, see . +*/ + + +// NOTE: see readme.txt before you start to configure this client! + + +// NOTE: do not forget to execute the cache_update.sh script every time you +// update this configuration file or any other files (otherwise your browser +// will use the previous version of files stored in HTML5 cache). Alternatively +// you can update the cache.manifest manually - edit the second line beginning +// with "#V 20" to anything else (this file simple needs "some" change) + + +// Supported setup types (use ONE of them): +// a.) globalAccountSettings => username and password is hardcoded +// in config.js, automatic login without the login screen +// - advantages: fast login process = no username/password is required +// - disadvantages: username/password is visible in your config.js, so +// this type of setup is recommended ONLY for intranet/home users +// b.) globalNetworkCheckSettings => standard setup with login screen +// - advantages: username/password is required (no visible +// username/password in config.js) +// - disadvantages: if a user enters wrong username/password then +// the browser will show authentication popup window (it is NOT +// possible to disable it in JavaScript; see the next option) +// c.) globalNetworkAccountSettings => advanced setup with login screen +// - advantages: no authentication popup if you enter wrong username/ +// password, dynamic XML configuration generator (you can generate +// different configurations for your users /by modifying the "auth" +// module configuration or the PHP code itself/) +// - disadvantages: requires PHP >= 5.3 and additional configuration, +// only basic http authentication is supported => always use https! +// +// +// What is a "principal URL"? => Check you server documentation! +// - "principal URL" is NOT "collection URL" +// - this client automatically detects collections for "principal URL" +// - PROPER "principal URL" looks like: +// https://server.com:8443/principals/users/USER/ +// https://server.com:8443/caldav.php/USER/ +// - INVALID principal URL looks like: +// https://server.com:8443/principals/users/USER/collection/ +// => this is a collection URL +// https://server.com:8443/caldav.php/USER/collection/ +// => this is a collection URL +// https://server.com:8443/principals/users/USER +// => missing trailing '/' +// https://server.com:8443/caldav.php/USER +// => missing trailing '/' +// /caldav.php/USER/ +// => relative URL instead of full URL +// +// +// List of properties used in globalAccountSettings, globalNetworkCheckSettings +// and globalNetworkAccountSettings variables (+ in the "auth" module): +// - href +// Depending on the setup type set the value to: +// a.) globalAccountSettings: full "principal URL" +// b.) globalNetworkCheckSettings: "principal URL" WITHOUT the "USER/" part +// c.) globalNetworkAccountSettings: "full URL" to the "auth" directory +// This property is supported in: +// globalAccountSettings +// globalNetworkCheckSettings +// globalNetworkAccountSettings +// - userAuth +// - userName +// Set the username you want to login. +// - userPassword +// Set the password for the given username. +// This property is supported in: +// globalAccountSettings +// - timeOut +// This option sets the timeout for jQuery .ajax call (in miliseconds). +// Example: +// timeOut: 90000 +// This property is supported in: +// globalAccountSettings +// globalNetworkCheckSettings +// globalNetworkAccountSettings +// - lockTimeOut +// NOTE: used only if server supports LOCK requests +// This option sets the LOCK timeout value if resource locking +// is used (in miliseconds). +// Example: +// lockTimeOut: 10000 +// This property is supported in: +// globalAccountSettings +// globalNetworkCheckSettings +// globalNetworkAccountSettings (available in auth module only) +// - checkContentType +// This option enables a content-type checking for server response. +// If enabled then only objects with proper content-type are inserted +// into the interface. +// If you cannot see data in the interface you may try to disable it (useful +// if your server returns wrong value in "propstat/prop/getcontenttype"). +// If undefined then content-type checking is enabled. +// Examples: +// checkContentType: true +// checkContentType: false +// This property is supported in: +// globalAccountSettings +// globalNetworkCheckSettings +// globalNetworkAccountSettings (available in auth module only) +// - settingsAccount +// NOTE: server support for custom DAV properties is REQUIRED! +// This option sets the account where the client properties such as: +// loaded collections, enabled collections, ... are saved during +// the logout and resource/collection synchronisation +// NOTE: set it to true ONLY for ONE account! +// Examples: +// settingsAccount: true +// settingsAccount: false +// This property is supported in: +// globalAccountSettings +// globalNetworkCheckSettings +// globalNetworkAccountSettings (available in auth module only) +// - delegation +// NOTE: server support for this functionality is REQUIRED! +// This option allows you to load delegated (shared) collections. +// If set to true (default) then delegation functionality is enabled, +// and the interface allows you to load delegated collections. +// If false then delegation functionality is completely disabled. +// Examples: +// delegation: true +// delegation: false +// This property is supported in: +// globalAccountSettings +// globalNetworkCheckSettings +// globalNetworkAccountSettings (available in auth module only) +// - additionalResources +// This options sets the list of additional resources (e.g. shared resources +// accessible by all users). If the server supports delegation (see +// the delegation option above) there is no reason to use this option! +// Supported values: +// - array of URL encoded resource names (not collections), such as: +// 'company' +// 'shared_resource' +// If empty (default) or undefined then shared resources are not loaded +// using this option, but may be loaded using the delegation option. +// Examples: +// additionalResources=[] +// additionalResources=['public', 'shared_resource'] +// This property is supported in: +// globalNetworkCheckSettings +// - hrefLabel +// This option sets the server name in the resource header (useful if +// you want to see custom resource header above the collections). +// You can use the following variables in the value: +// %H = full hostname (including the port number) +// %h = full hostname (without the port number) +// %D = full domain name +// %d = only the first and second level domain +// %P = principal name +// %p = principal name without the @domain.com part (if present) +// %U = logged user name +// %u = logged user name without the @domain.com part (if present) +// If undefined, empty or or null then '%d/%p [%u]' is used. +// Examples: +// hrefLabel: '%d/%p [%u]' +// hrefLabel: '%D/%u' +// This property is supported in: +// globalAccountSettings +// globalNetworkCheckSettings +// globalNetworkAccountSettings (available in auth module only) +// - forceReadOnly +// This option sets the list of collections as "read-only". +// Supported values: +// - true +// all collections will be "read-only" +// - array of URL encoded +// - collections, such as: +// '/caldav.php/user/calendar/' +// '/caldav.php/user%40domain.com/calendar/' +// - regexes, such as: +// new RegExp('^/caldav.php/user/calendar[0-9]/$', 'i') +// specifies the list of collections marked as "read-only" +// If null (default) or undefined then server detected privileges are used. +// Examples: +// forceReadOnly: null +// forceReadOnly: true +// forceReadOnly: ['/caldav.php/user/calendar/', +// '/caldav.php/user/calendar2/'] +// forceReadOnly: [new RegExp('^/.*/user/calendar[0-9]/$', 'i')] +// This property is supported in: +// globalAccountSettings +// globalNetworkCheckSettings +// globalNetworkAccountSettings (available in auth module only, with +// different syntax for regexes) +// - ignoreAlarms +// This option sets list of calendar collections with disabled +// alarm functionality. +// Supported values: +// - true +// alarm functionality is disabled for all collections +// - array of URL encoded +// - collections, such as: +// '/caldav.php/user/calendar/' +// '/caldav.php/user%40domain.com/calendar/' +// - regexes, such as: +// new RegExp('^/caldav.php/user/calendar[0-9]/$', 'i') +// specifies the list of collections with disabled alarm functionality. +// If false (default) or undefined then alarm functionality is enabled +// for all collections. +// Examples: +// ignoreAlarms: true +// ignoreAlarms: ['/caldav.php/user/calendar/', +// '/caldav.php/user/calendar2/'] +// ignoreAlarms: [new RegExp('^/.*/user/calendar[0-9]/$', 'i')] +// This property is supported in: +// globalAccountSettings +// globalNetworkCheckSettings +// globalNetworkAccountSettings (available in auth module only, with +// different syntax for regexes) +// - backgroundCalendars +// This options defines a list of background calendars. If there is +// at least one event defined for the given day in a background calendar, +// the background color for that day will be pink/light-red. +// Supported values: +// - array of URL encoded +// - collections, such as: +// '/caldav.php/user/calendar/' +// '/caldav.php/user%40domain.com/calendar/' +// - regexes, such as: +// new RegExp('^/caldav.php/user/calendar[0-9]/$', 'i') +// specifies the list of background calendar collections. +// Examples: +// backgroundCalendars: ['/caldav.php/user/calendar/', +// '/caldav.php/user/calendar2/'] +// backgroundCalendars: [new RegExp('^/.*/user/calendar[0-9]/$', 'i')] +// This property is supported in: +// globalAccountSettings +// globalNetworkCheckSettings +// globalNetworkAccountSettings (available in auth module only, with +// different syntax for regexes) +// Special options not present in configuration examples: +// NOTE: use ONLY if you know what are you doing! +// - crossDomain +// This option sets the crossDomain for jQuery .ajax call. If null (default) +// then the value is autodetected /and the result is shown in the console/ +// - withCredentials +// This option sets the withCredentials for jQuery .ajax call. The default +// value is false and there is NO REASON to change it to true! +// NOTE: if true, Access-Control-Allow-Origin "*" (CORS header) not works! + + +// globalAccountSettings +// Use this option if you want to use automatic login (without a login +// screen) with hardcoded username/password in config.js. Otherwise use +// globalNetworkCheckSettings or globalNetworkAccountSettings (see below). +// NOTE: if this option is used the value must be an array of object(s). +// List of properties used in globalAccountSettings variable: +// - href +// Set this option to the full "principal URL". +// NOTE: the last character in the value must be '/' +// - userAuth +// - userName +// Set the username you want to login. +// - userPassword +// Set the password for the given username. +// NOTE: for description of other properties see comments at the beginning +// of this file. +// NOTE: for minimal/fast setup you need to set only the href and userAuth +// options. It is safe/recommended to keep the remaining options unchanged! +// Example: +//var globalAccountSettings=[ +// { +// href: 'https://server1.com:8443/caldav.php/USERNAME1/', +// userAuth: +// { +// userName: 'USERNAME1', +// userPassword: 'PASSWORD1' +// }, +// timeOut: 90000, +// lockTimeOut: 10000, +// checkContentType: true, +// settingsAccount: true, +// delegation: true, +// hrefLabel: null, +// forceReadOnly: null, +// ignoreAlarms: false, +// backgroundCalendars: [] +// }, +// { +// href: 'https://server2.com:8443/caldav.php/USERNAME2/', +// ... +// ... +// } +//]; + + +// globalNetworkCheckSettings +// Use this option if you want to use standard login screen without +// hardcoded username/password in config.js (used by globalAccountSettings). +// NOTE: if this option is used the value must be an object. +// List of properties used in globalAccountSettings variable: +// - href +// Set this option to the "principal URL" WITHOUT the "USERNAME/" +// part (this options uses the username from the login screen). +// NOTE: the last character in the value must be '/' +// NOTE: for description of other properties see comments at the beginning +// of this file. +// NOTE: for minimal/fast setup you need to set only the href option. It is +// safe/recommended to keep the remaining options unchanged! +// Example href values: +// OS X server http example (see misc/readme_osx.txt for server setup): +// href: 'http://osx.server.com:8008/principals/users/' +// OS X server https example (see misc/readme_osx.txt for server setup): +// href: 'https://osx.server.com:8443/principals/users/' +// Cyrus server https example: +// href: 'https://cyrus.server.com/dav/principals/user/' +// Example: +// Davical example which automatically detects the protocol, server name, +// port, ... (client installed into Davical "htdocs" subdirectory; +// works "out of the box", no additional setup required): +var globalNetworkCheckSettings={ + href: location.protocol+'//'+location.hostname+ + (location.port ? ':'+location.port: '')+ + location.pathname.replace(RegExp('/+[^/]+/*(index\.html)?$'),'')+ + '/caldav.php/', + timeOut: 90000, + lockTimeOut: 10000, + checkContentType: true, + settingsAccount: true, + delegation: true, + additionalResources: [], + hrefLabel: null, + forceReadOnly: null, + ignoreAlarms: false, + backgroundCalendars: [] +} + + +// globalNetworkAccountSettings +// Try this option ONLY if you have working setup using +// globalNetworkCheckSettings and want to fix the authentication popup +// window problem (if invalid username/password is entered)! +// If you use this option then your browser sends username/password to the PHP +// "auth" module ("auth" directory) instead of the DAV server itself. +// The "auth" module then validates your username/password against your server, +// and if the authentication is successful, then it sends back a configuration +// XML (requires additional configuration). The resulting XML is handled +// IDENTICALLY as the globalAccountSettings configuration option. +// NOTE: for the "auth" module configuration see readme.txt! +// NOTE: this option invokes a login screen and disallows access until +// the client gets correct XML configuration file from the server! +// List of properties used in globalNetworkAccountSettings variable: +// - href +// Set this option to the "full URL" of the "auth" directory +// NOTE: the last character in the value must be '/' +// NOTE: for description of other properties see comments at the beginning +// of this file. +// Example href values: +// href: 'https://server.com/client/auth/' +// Example: +// Use this configuration if the "auth" module is located in the client +// installation subdirectory (default): +//var globalNetworkAccountSettings={ +// href: location.protocol+'//'+location.hostname+ +// (location.port ? ':'+location.port : '')+ +// location.pathname.replace(RegExp('index\.html$'),'')+ +// 'auth/', +// timeOut: 30000 +//}; + + +// globalUseJqueryAuth +// Use jQuery .ajax() auth or custom header for HTTP basic auth (default). +// Set this option to true if your server uses digest auth (note: you may +// experience auth popups on some browsers). +// If undefined (or empty), custom header for HTTP basic auth is used. +// Example: +//var globalUseJqueryAuth=false; + + +// globalBackgroundSync +// Enable background synchronization even if the browser window/tab has no +// focus. +// If false, synchronization is performed only if the browser window/tab +// is focused. If undefined or not false, then background sync is enabled. +// Example: +var globalBackgroundSync=true; + + +// globalSyncResourcesInterval +// This option defines how often (in miliseconds) are resources/collections +// asynchronously synchronized. +// Example: +var globalSyncResourcesInterval=120000; + + +// globalEnableRefresh +// This option enables or disables the manual synchronization button in +// the interface. If this option is enabled then users can perform server +// synchronization manually. Enabling this option may cause high server +// load (even DDOS) if users will try to manually synchronize data too +// often (instead of waiting for the automatic synchronization). +// If undefined or false, the synchronization button is disabled. +// NOTE: enable this option only if you really know what are you doing! +// Example: +var globalEnableRefresh=false; + + +// globalEnableKbNavigation +// Enable basic keyboard navigation using arrow keys? +// If undefined or not false, keyboard navigation is enabled. +// Example: +var globalEnableKbNavigation=true; + + +// globalSettingsType +// Where to store user settings such as: active view, enabled/selected +// collections, ... (the client store them into DAV property on the server). +// NOTE: not all servers support storing DAV properties (some servers support +// only subset /or none/ of these URLs). +// Supported values: +// - 'principal-URL', '', null or undefined (default) => settings are stored +// to principal-URL (recommended for most servers) +// - 'addressbook-home-set' => settings are are stored to addressbook-home-set +// - 'calendar-home-set' => settings are stored to calendar-home-set +// Example: +//var globalSettingsType=''; + + +// globalCrossServerSettingsURL +// Settings such as enabled/selected collections are stored on the server +// (see the previous option) in form of full URL +// (e.g.: https://user@server:port/principal/collection/), but even if this +// approach is "correct" (you can use the same principal URL with multiple +// different logins, ...) it causes a problem if your server is accessible +// from multiple URLs (e.g. http://server/ and https://server/). If you want +// to store only the "principal/collection/" part of the URL (instead of the +// full URL) then enable this option. +// Example: +//var globalCrossServerSettingsURL=false; + + +// globalInterfaceLanguage +// Default interface language (note: this option is case sensitive): +// cs_CZ (Čeština [Czech]) +// da_DK (Dansk [Danish]; thanks Niels Bo Andersen) +// de_DE (Deutsch [German]; thanks Marten Gajda and Thomas Scheel) +// en_US (English [English/US]) +// es_ES (Español [Spanish]; thanks Damián Vila) +// fr_FR (Français [French]; thanks John Fischer) +// it_IT (Italiano [Italian]; thanks Luca Ferrario) +// ja_JP (日本語 [Japan]; thanks Muimu Nakayama) +// hu_HU (Magyar [Hungarian]) +// nl_NL (Nederlands [Dutch]; thanks Johan Vromans) +// sk_SK (Slovenčina [Slovak]) +// tr_TR (Türkçe [Turkish]; thanks Selcuk Pultar) +// ru_RU (Русский [Russian]; thanks Александр Симонов) +// uk_UA (Українська [Ukrainian]; thanks Serge Yakimchuck) +// zh_CN (中国 [Chinese]; thanks Fandy) +// Example: +var globalInterfaceLanguage='fr_FR'; + + +// globalInterfaceCustomLanguages +// If defined and not empty then only languages listed here are shown +// at the login screen, otherwise (default) all languages are shown +// NOTE: values in the array must refer to an existing localization +// (see the option above) +// Example: +// globalInterfaceCustomLanguages=['en_US', 'sk_SK']; +var globalInterfaceCustomLanguages=[]; + + +// globalSortAlphabet +// Use JavaScript localeCompare() or custom alphabet for data sorting. +// Custom alphabet is used by default because JavaScript localeCompare() +// not supports collation and often returns "wrong" result. If set to null +// then localeCompare() is used. +// Example: +// var globalSortAlphabet=null; +var globalSortAlphabet=' 0123456789'+ + 'AÀÁÂÄÆÃÅĀBCÇĆČDĎEÈÉÊËĒĖĘĚFGĞHIÌÍÎİÏĪĮJKLŁĹĽMNŃÑŇOÒÓÔÖŐŒØÕŌ'+ + 'PQRŔŘSŚŠȘșŞşẞTŤȚțŢţUÙÚÛÜŰŮŪVWXYÝŸZŹŻŽ'+ + 'aàáâäæãåābcçćčdďeèéêëēėęěfgğhiìíîïīįıjklłĺľmnńñňoòóôöőœøõō'+ + 'pqrŕřsśšßtťuùúûüűůūvwxyýÿzźżžАБВГҐДЕЄЖЗИІЇЙКЛМНОПРСТУФХЦЧШЩЮЯ'+ + 'Ьабвгґдеєжзиіїйклмнопрстуфхцчшщюяь'; + + +// globalSearchTransformAlphabet +// To support search without diacritics (e.g. search for 'd' will find: 'Ď', 'ď') +// it is required to define something like "character equivalence". +// key = regex text, value = search character +// Example: +var globalSearchTransformAlphabet={ + '[ÀàÁáÂâÄäÆæÃãÅåĀā]': 'a', '[ÇçĆćČč]': 'c', '[Ďď]': 'd', + '[ÈèÉéÊêËëĒēĖėĘęĚě]': 'e', '[Ğğ]': 'g', '[ÌìÍíÎîİıÏïĪīĮį]': 'i', + '[ŁłĹ弾]': 'l', '[ŃńÑñŇň]': 'n', '[ÒòÓóÔôÖöŐőŒœØøÕõŌō]': 'o', + '[ŔŕŘř]': 'r', '[ŚśŠšȘșŞşẞß]': 's', '[ŤťȚțŢţ]': 't', + '[ÙùÚúÛûÜüŰűŮůŪū]': 'u', '[ÝýŸÿ]': 'y', '[ŹźŻżŽž]': 'z' +}; + +// globalResourceAlphabetSorting +// If more than one resource (server account) is configured, sort the +// resources alphabetically? +// Example: +var globalResourceAlphabetSorting=true; + + +// globalNewVersionNotifyUsers +// Update notification will be shown only to users with login names defined +// in this array. +// If undefined (or empty), update notifications will be shown to all users. +// Example: +// globalNewVersionNotifyUsers=['admin', 'peter']; +var globalNewVersionNotifyUsers=[]; + + +// globalDatepickerFormat +// Set the datepicker format (see +// http://docs.jquery.com/UI/Datepicker/formatDate for valid values). +// NOTE: date format is predefined for each localization - use this option +// ONLY if you want to use custom date format (instead of the localization +// predefined one). +// Example: +//var globalDatepickerFormat='dd.mm.yy'; +var globalDatepickerFormat='yy-mm-dd'; + + +// globalDatepickerFirstDayOfWeek +// Set the datepicker first day of the week: Sunday is 0, Monday is 1, etc. +// Example: +var globalDatepickerFirstDayOfWeek=1; + + +// globalHideInfoMessageAfter +// How long are information messages (such as: success, error) displayed +// (in miliseconds). +// Example: +var globalHideInfoMessageAfter=1800; + + +// globalEditorFadeAnimation +// Set the editor fade in/out animation duration when editing or saving data +// (in miliseconds). +// Example: +var globalEditorFadeAnimation=666; + + + + +// ******* CalDAV (CalDavZAP) related settings ******* // + +// globalEventStartPastLimit, globalEventStartFutureLimit, globalTodoPastLimit +// Number of months pre-loaded from past/future in advance for calendars +// and todo lists (if null then date range synchronization is disabled). +// NOTE: interval synchronization is used only if your server supports +// sync-collection REPORT (e.g. DAViCal). +// NOTE: if you experience problems with data loading and your server has +// no time-range filtering support set these variables to null. +// Example: +var globalEventStartPastLimit=3; +var globalEventStartFutureLimit=3; +var globalTodoPastLimit=1; + + +// globalLoadedCalendarCollections +// This option sets the list of calendar collections (down)loaded after login. +// If empty then all calendar collections for the currently logged user are +// loaded. +// NOTE: settings stored on the server (see settingsAccount) overwrite this +// option. +// Example: +var globalLoadedCalendarCollections=[]; + + +// globalLoadedTodoCollections +// This option sets the list of todo collections (down)loaded after login. +// If empty then all todo collections for the currently logged user are loaded. +// NOTE: settings stored on the server (see settingsAccount) overwrite this +// option. +// Example: +var globalLoadedTodoCollections=[]; + + +// globalActiveCalendarCollections +// This options sets the list of calendar collections checked (enabled +// checkbox => data visible in the interface) by default after login. +// If empty then all loaded calendar collections for the currently logged +// user are checked. +// NOTE: only already (down)loaded collections can be checked (see +// the globalLoadedCalendarCollections option). +// NOTE: settings stored on the server (see settingsAccount) overwrite this +// option. +// Example: +var globalActiveCalendarCollections=[]; + + +// globalActiveTodoCollections +// This options sets the list of todo collections checked (enabled +// checkbox => data visible in the interface) by default after login. +// If empty then all loaded todo collections for the currently logged +// user are checked. +// NOTE: only already (down)loaded collections can be checked (see +// the globalLoadedTodoCollections option). +// NOTE: settings stored on the server (see settingsAccount) overwrite this +// option. +// Example: +var globalActiveTodoCollections=[]; + + +// globalCalendarSelected +// This option sets which calendar collection will be pre-selected +// (if you create a new event) by default after login. +// The value must be URL encoded path to a calendar collection, +// for example: 'USER/calendar/' +// If empty or undefined then the first available calendar collection +// is selected automatically. +// NOTE: only already (down)loaded collections can be pre-selected (see +// the globalLoadedCalendarCollections option). +// NOTE: settings stored on the server (see settingsAccount) overwrite this +// option. +// Example: +//var globalCalendarSelected=''; + + +// globalTodoCalendarSelected +// This option sets which todo collection will be pre-selected +// (if you create a new todo) by default after login. +// The value must be URL encoded path to a todo collection, +// for example: 'USER/todo_calendar/' +// If empty or undefined then the first available todo collection +// is selected automatically. +// NOTE: only already (down)loaded collections can be pre-selected (see +// the globalLoadedTodoCollections option). +// NOTE: settings stored on the server (see settingsAccount) overwrite this +// option. +// Example: +//var globalTodoCalendarSelected=''; + + +// globalActiveView +// This options sets the default fullcalendar view option (the default calendar +// view after the first login). +// Supported values: +// - 'month' +// - 'multiWeek' +// - 'agendaWeek' +// - 'agendaDay' +// NOTE: we use custom and enhanced version of fullcalendar! +// Example: +var globalActiveView='multiWeek'; + + +// globalOpenFormMode +// Open new event form on 'single' or 'double' click. +// If undefined or not 'double', then 'single' is used. +// Example: +var globalOpenFormMode='double'; + + +// globalTodoListFilterSelected +// This options sets the list of filters in todo list that are selected +// after login. +// Supported options: +// - 'filterAction' +// - 'filterProgress' (available only if globalAppleRemindersMode is disabled) +// - 'filterCompleted' +// - 'filterCanceled' (available only if globalAppleRemindersMode is disabled) +// NOTE: settings stored on the server (see settingsAccount) overwrite this +// option. +// Example: +var globalTodoListFilterSelected=['filterAction', 'filterProgress']; + + +// globalCalendarStartOfBusiness, globalCalendarEndOfBusiness +// These options set the start and end of business hours with 0.5 hour +// precision. Non-business hours are faded out in the calendar interface. +// If both variables are set to the same value then no fade out occurs. +// Example: +var globalCalendarStartOfBusiness=8; +var globalCalendarEndOfBusiness=17; + + +// globalDefaultEventDuration +// This option sets the default duration (in minutes) for newly created events. +// If undefined or null, globalCalendarEndOfBusiness value will be taken as +// a default end time instead. +// Example: +var globalDefaultEventDuration=120; + + +// globalAMPMFormat +// This option enables to use 12 hours format (AM/PM) for displaying time. +// NOTE: time format is predefined for each localization - use this option +// ONLY if you want to use custom time format (instead of the localization +// predefined one). +// Example: +//var globalAMPMFormat=false; + + +// globalTimeFormatBasic +// This option defines the time format information for events in month and +// multiweek views. If undefined or null then default value is used. +// If defined as empty string no time information is shown in these views. +// See http://arshaw.com/fullcalendar/docs/utilities/formatDate/ for exact +// formating rules. +// Example: +//var globalTimeFormatBasic=''; + + +// globalTimeFormatAgenda +// This option defines the time format information for events in day and +// week views. If undefined or null then default value is used. +// If defined as empty string no time information is shown in these views. +// See http://arshaw.com/fullcalendar/docs/utilities/formatDate/ for exact +// formating rules. +// Example: +//var globalTimeFormatAgenda=''; + + +// globalDisplayHiddenEvents +// This option defined whether events from unechecked calendars are displayed +// with certain transparency (true) or completely hidden (false). +// Example: +var globalDisplayHiddenEvents=false; + + +// globalTimeZoneSupport +// This option enables timezone support in the client. +// NOTE: timezone cannot be specified for all-day events because these don't +// have start and end time. +// If this option is disabled then local time is used. +// Example: +var globalTimeZoneSupport=true; + + +// globalTimeZone +// If timezone support is enabled, this option sets the default timezone. +// See timezones.js or use the following command to get the list of supported +// timezones (defined in timezones.js): +// grep "'[^']\+': {" timezones.js | sed -Ee "s#(\s*'|':\s*\{)##g" +// Example: +var globalTimeZone='Europe/Paris'; + + +// globalTimeZonesEnabled +// This option sets the list of available timezones in the interface (for the +// list of supported timezones see the comment for the previous configuration +// option). +// NOTE: if there is at least one event/todo with a certain timezone defined, +// that timezone is enabled (even if it is not present in this list). +// Example: +// var globalTimeZonesEnabled=['America/New_York', 'Europe/Berlin']; +var globalTimeZonesEnabled=[]; + + +// globalRewriteTimezoneComponent +// This options sets whether the client will enhance/replace (if you edit an +// event or todo) the timezone information using the official IANA timezone +// database information (recommended). +// Example: +var globalRewriteTimezoneComponent=true; + + +// globalRemoveUnknownTimezone +// This options sets whether the client will remove all non-standard timezone +// names from events and todos (if you edit an event or todo) +// (e.g.: /freeassociation.sourceforge.net/Tzfile/Europe/Vienna) +// Example: +var globalRemoveUnknownTimezone=false; + + +// globalShowHiddenAlarms +// This option sets whether the client will show alarm notifications for +// unchecked calendars. If this option is enabled and you uncheck a calendar +// in the calendar list, alarm notifications will be temporary disabled for +// unchecked calendar(s). +// Example: +var globalShowHiddenAlarms=false; + + +// globalIgnoreCompletedOrCancelledAlarms +// This options sets whether the client will show alarm notifications for +// already completed or cancelled todos. If enabled then alarm notification +// for completed and cancelled todos are disabled. +// Example: +var globalIgnoreCompletedOrCancelledAlarms=true; + + +// globalMozillaSupport +// Mozilla automatically treats custom repeating event calculations as if +// the start day of the week is Monday, despite what day is chosen in settings. +// Set this variable to true to use the same approach, ensuring compatible +// event rendering in special cases. +// Example: +var globalMozillaSupport=false; + + +// globalCalendarColorPropertyXmlns +// This options sets the namespace used for storing the "calendar-color" +// property by the client. +// If true, undefined (or empty) "http://apple.com/ns/ical/" is used (Apple +// compatible). If false, then the calendar color modification functionality +// is completely disabled. +// Example: +//var globalCalendarColorPropertyXmlns=true; + + +// globalWeekendDays +// This option sets the list of days considered as weekend days (these +// are faded out in the calendar interface). Non-weekend days are automatically +// considered as business days. +// Sunday is 0, Monday is 1, etc. +// Example: +var globalWeekendDays=[0, 6]; + + +// globalAppleRemindersMode +// If this option is enabled then then client will use the same approach +// for handling repeating reminders (todos) as Apple. It is STRONGLY +// recommended to enabled this option if you use any Apple clients for +// reminders (todos). +// Supported options: +// - 'iOS6' +// - 'iOS7' +// - true (support of the latest iOS version - 'iOS8') +// - false +// If this option is enabled: +// - RFC todo support is SEVERELY limited and the client mimics the behaviour +// of Apple Reminders.app (to ensure maximum compatibility) +// - when a single instance of repeating todo is edited, it becomes an +// autonomous non-repeating todo with NO relation to the original repeating +// todo +// - capabilities of repeating todos are limited - only the first instance +// is ever visible in the interface +// - support for todo DTSTART attribute is disabled +// - support for todo STATUS attribute other than COMPLETED and NEEDS-ACTION +// is disabled +// - [iOS6 only] support for LOCATION and URL attributes is disabled +// Example: +var globalAppleRemindersMode=true; + + +// globalSubscribedCalendars +// This option specifies a list of remote URLs to ics files (e.g.: used +// for distributing holidays information). Subscribed calendars are +// ALWAYS read-only. Remote servers where ics files are hosted MUST +// return proper CORS headers (see readme.txt) otherwise this functionality +// will not work! +// NOTE: subsribed calendars are NOT "shared" calendars. For "shared" +// calendars see the delegation option in globalAccountSettings, +// globalNetworkCheckSettings and globalNetworkAccountSettings. +// List of properties used in globalSubscribedCalendars variable: +// - hrefLabel +// This options defines the header string above the subcsribed calendars. +// - calendars +// This option specifies an array of remote calendar objects with the +// following properties: +// - href +// Set this option to the "full URL" of the remote calendar +// - userAuth +// NOTE: keep empty if remote authentication is not required! +// - userName +// Set the username you want to login. +// - userPassword +// Set the password for the given username. +// - typeList +// Set the list of objects you want to process from remote calendars; +// two options are available: +// - 'vevent' (show remote events in the interface) +// - 'vtodo' (show remote todos in the interface) +// - ignoreAlarm +// Set this option to true if you want to disable alarm notifications +// from the remote calendar. +// - displayName +// Set this option to the name of the calendar you want to see +// in the interface. +// - color +// Set the calendar color you want to see in the interface. +// Example: +//var globalSubscribedCalendars={ +// hrefLabel: 'Subscribed', +// calendars: [ +// { +// href: 'http://something.com/calendar.ics', +// userAuth: { +// userName: '', +// userPassword: '' +// }, +// typeList: ['vevent', 'vtodo'], +// ignoreAlarm: true, +// displayName: 'Remote Calendar 1', +// color: '#ff0000' +// }, +// { +// href: 'http://calendar.com/calendar2.ics', +// ... +// ... +// } +// ] +//}; + + + +// ******* CardDAV (CardDavMATE) related settings ******* // + + +// globalLoadedAddressbookCollections +// This option sets the list of addressbook collections (down)loaded after +// login. If empty then all addressbook collections for the currently logged +// user are loaded. +// NOTE: settings stored on the server (see settingsAccount) overwrite this +// option. +// Example: +var globalLoadedAddressbookCollections=[]; + + +// globalActiveAddressbookCollections +// This options sets the list of addressbook collections checked (enabled +// checkbox => data visible in the interface) by default after login. +// If empty then all loaded addressbook collections for the currently logged +// user are checked. +// NOTE: only already (down)loaded collections can be checked (see +// the globalLoadedAddressbookCollections option). +// NOTE: settings stored on the server (see settingsAccount) overwrite this +// option. +// Example: +var globalActiveAddressbookCollections=[]; + + +// globalAddressbookSelected +// This option sets which addressbook collection will be pre-selected +// (if you create a new contact) by default after login. +// The value must be URL encoded path to an addressbook collection, +// for example: 'USER/addressbook/' +// If empty or undefined then the first available addressbook collection +// is selected automatically. +// NOTE: only already (down)loaded collections can be pre-selected (see +// the globalLoadedAddressbookCollections option). +// NOTE: settings stored on the server (see settingsAccount) overwrite this +// option. +// Example: +//var globalAddressbookSelected=''; + + +// globalCompatibility +// This options is reserved for various compatibility settings. +// NOTE: if this option is used the value must be an object. +// Currently there is only one supported option: +// - anniversaryOutputFormat +// Different clients use different (and incompatible) approach +// to store anniversary date in vCards. Apple stores this attribute as: +// itemX.X-ABDATE;TYPE=pref:2000-01-01\r\n +// itemX.X-ABLabel:_$!!$_\r\n' +// other clients store this attribute as: +// X-ANNIVERSARY:2000-01-01\r\n +// Choose 'apple' or 'other' (lower case) for your 3rd party client +// compatibility. You can chose both: ['apple', 'other'], but it may +// cause many problems in the future, for example: duplicate anniversary +// dates, invalid/old anniversary date in your clients, ...) +// Examples: +// anniversaryOutputFormat: ['other'] +// anniversaryOutputFormat: ['apple', 'other'] +// Example: +var globalCompatibility={anniversaryOutputFormat: ['apple']}; + + +// globalUriHandler{Tel,Email,Url,Profile} +// These options set the URI handlers for TEL, EMAIL, URL and X-SOCIALPROFILE +// vCard attributes. Set them to null (or comment out) to disable. +// NOTE: for globalUriHandlerTel is recommended to use 'tel:', 'callto:' +// or 'skype:'. The globalUriHandlerUrl value is used only if no URI handler +// is defined in the URL. +// NOTE: it is safe to keep these values unchanged! +// Example: +var globalUriHandlerTel='tel:'; +var globalUriHandlerEmail='mailto:'; +var globalUriHandlerUrl='http://'; +var globalUriHandlerProfile={ + 'twitter': 'http://twitter.com/%u', + 'facebook': 'http://www.facebook.com/%u', + 'flickr': 'http://www.flickr.com/photos/%u', + 'linkedin': 'http://www.linkedin.com/in/%u', + 'myspace': 'http://www.myspace.com/%u', + 'sinaweibo': 'http://weibo.com/n/%u' +}; + + +// globalDefaultAddressCountry +// This option sets the default country for new address fields. +// See common.js or use the following command to get the list of +// all supported country codes (defined in common.js): +// grep -E "'[a-z]{2}':\s+\[" common.js | sed -Ee 's#^\s+|\s+\[\s+# #g' +// Example: +var globalDefaultAddressCountry='fr'; + + +// globalAddressCountryEquivalence +// This option sets the processing of the country field specified +// in the vCard ADR attribute. +// By default the address field in vCard looks like: +// ADR;TYPE=WORK:;;1 Waters Edge;Baytown;LA;30314;USA\r\n +// what cause a problem, because the country field is a plain +// text and can contain any value, e.g.: +// USA +// United States of America +// US +// and because the address format can be completely different for +// each country, e.g.: +// China address example: +// [China] +// [Province] [City] +// [Street] +// [Postal] +// Japan address example: +// [Postal] +// [Prefecture] [County/City] +// [Further Divisions] +// [Japan] +// the client needs to correctly detect the country from the ADR +// attribute. Apple solved this problem by using: +// item1.ADR;TYPE=WORK:;;1 Waters Edge;Baytown;LA;30314;USA\r\n +// item1.X-ABADR:us\r\n +// where the second "related" attribute defines the country code +// for the ADR attribute. This client uses the same approach, but +// if the vCard is created by 3rd party clients and the X-ABADR +// is missing, it is possible to define additional "rules" for +// country matching. These rules are specied by the country code +// (for full list of country codes see the comment for pre previous +// option) and a case insensitive regular expression (which matches +// the plain text value in the country field). +// NOTE: if X-ABADR is not present and the country not matches any +// country defined in this option, then globalDefaultAddressCountry +// is used by default. +// Example: +var globalAddressCountryEquivalence=[ + {country: 'de', regex: '^\\W*Deutschland\\W*$'}, + {country: 'sk', regex: '^\\W*Slovensko\\W*$'} +]; + + +// globalAddressCountryFavorites +// This option defines the list of countries which are shown at the top +// of the country list in the interface (for full list of country codes +// see the comment for pre globalDefaultAddressCountry option). +// Example: +// var globalAddressCountryFavorites=['de','sk']; +var globalAddressCountryFavorites=[]; + + +// globalAddrColorPropertyXmlns +// This options sets the namespace used for storing the "addressbook-color" +// property by the client. +// If true, undefined (or empty) "http://inf-it.com/ns/ab/" is used. +// If false, then the addressbook color modification functionality +// is completely disabled, and addressbook colors in the interface are +// generated automatically. +// Example: +//var globalAddrColorPropertyXmlns=true; + + +// globalContactStoreFN +// This option specifies how the FN (formatted name) is stored into vCard. +// The value for this options must be an array of strings, that can contain +// the following variables: +// prefix +// last +// middle +// first +// suffix +// The string element of the array can contain any other characters (usually +// space or colon). Elements are added into FN only if the there is +// a variable match, for example if: +// last='Lastname' +// first='Firstname' +// middle='' (empty) +// and this option is set to: +// ['last', ' middle', ' first'] (space in the second and third element) +// the resulting value for FN will be: 'Lastname Firstname' and not +// 'Lastname Firstname' (two spaces), because the middle name is empty (so +// the second element is completely ignored /not added into FN/). +// NOTE: this attribute is NOT used by this client, and it is also NOT +// possible to directly edit it in the interface. +// Examples: +// var globalContactStoreFN=[' last', ' middle', ' first']; +// var globalContactStoreFN=['last', ', middle', ' ,first']; +var globalContactStoreFN=['prefix',' last',' middle',' first',' suffix']; + + +// globalGroupContactsByCompanies +// This options specifies how contacts are grouped in the interface. +// By default the interface looks like (very simple example): +// A +// Adams Adam +// Anderson Peter +// B +// Brown John +// Baker Josh +// if grouped by company/deparment the result is: +// Company A [Department X] +// Adams Adam +// Brown John +// Company B [Department Y] +// Anderson Peter +// Baker Josh +// If this option is set to true contacts are grouped by company/department, +// otherwise (default) contacts are grouped by letters of the alphabet. +// If undefined or not true, grouping by alphabet letters is used. +// NOTE: see also the globalCollectionDisplay option below. +var globalGroupContactsByCompanies=false; + + +// globalCollectionDisplay +// This options specifies how data columns in the contact list are displayed. +// +// NOTE: columns are displayed ONLY if there is enought horizontal place in +// the browser window (e.g. if you define 5 columns here, but your browser +// window is not wide enough, you will see only first 3 columns instead of 5). +// +// NOTE: see the globalContactDataMinVisiblePercentage option which defines the +// width for columns. +// +// The value must be an array of columns, where each column is represented by +// an object with the following properties: +// label => the value of this option is a string used as column header +// You can use the following localized variables in the label string: +// - {Name} +// - {FirstName} +// - {LastName} +// - {MiddleName} +// - {NickName} +// - {Prefix} +// - {Suffix} +// - {BirthDay} +// - {PhoneticLastName} +// - {PhoneticFirstName} +// - {JobTitle} +// - {Company} +// - {Department} +// - {Categories} +// - {NoteText} +// - {Address}, {AddressWork}, {AddressHome}, {AddressOther} +// - {Phone}, {PhoneWork}, {PhoneHome}, {PhoneCell}, {PhoneMain}, +// {PhonePager}, {PhoneFax}, {PhoneIphone}, {PhoneOther} +// - {Email}, {EmailWork}, {EmailHome}, {EmailMobileme}, {EmailOther} +// - {URL}, {URLWork}, {URLHome}, {URLHomepage}, {URLOther} +// - {Dates}, {DatesAnniversary}, {DatesOther} +// - {Related}, {RelatedManager}, {RelatedAssistant}, {RelatedFather}, +// {RelatedMother}, {RelatedParent}, {RelatedBrother}, {RelatedSister}, +// {RelatedChild}, {RelatedFriend}, {RelatedSpouse}, {RelatedPartner}, +// {RelatedOther} +// - {Profile}, {ProfileTwitter}, {ProfileFacebook}, {ProfileFlickr}, +// {ProfileLinkedin}, {ProfileMyspace}, {ProfileSinaweibo} +// - {IM}, {IMWork}, {IMHome}, {IMMobileme}, {IMOther}, {IMAim}, {IMIcq}, +// {IMIrc}, {IMJabber}, {IMMsn}, {IMYahoo}, {IMFacebook}, {IMGadugadu}, +// {IMGoogletalk}, {IMQq}, {IMSkype} +// value => the value of this option is an array of format strings, or +// an object with the following properties: +// - company (used for company contacts) +// - personal (used for user contacts) +// where the value of these properties is an array of format strings used +// for company or user contacts (you can have different values in the same +// column for personal and company contacts). +// You can use the following simple variables in the format string: +// - {FirstName} +// - {LastName} +// - {MiddleName} +// - {NickName} +// - {Prefix} +// - {Suffix} +// - {BirthDay} +// - {PhoneticLastName} +// - {PhoneticFirstName} +// - {JobTitle} +// - {Company} +// - {Department} +// - {Categories} +// - {NoteText} +// You can also use parametrized variables, where the parameter is enclosed +// in square bracket. Paramatrized variables are useful to extract data +// such as home phone {Phone[type=home]}, extract the second phone number +// {Phone[:1]} (zero based indexing) or extract the third home phone number +// {Phone[type=home][:2]} from the vCard. +// NOTE: if the parametrized variable matches multiple items, e.g.: +// {Phone[type=work]} (if the contact has multiple work phones) then the +// first one is used! +// +// The following parametrized variables are supported (note: you can use +// all of them also without parameters /the first one will be used/): +// - {Address[type=XXX]} or {Address[:NUM]} or {Address[type=XXX][:NUM]} +// where supported values for XXX are: +// - work +// - home +// - other +// - any other custom value +// - {Phone[type=XXX]} or {Phone[:NUM]} or {Phone[type=XXX][:NUM]} +// where supported values for XXX are: +// - work +// - home +// - cell +// - main +// - pager +// - fax +// - iphone +// - other +// - any other custom value +// - {Email[type=XXX]} or {Email[:NUM]} or {Email[type=XXX][:NUM]} +// where supported values for XXX are: +// - work +// - home +// - mobileme +// - other +// - any other custom value +// - {URL[type=XXX]} or {URL[:NUM]} or {URL[type=XXX][:NUM]} +// where supported values for XXX are: +// - work +// - home +// - homepage +// - other +// - any other custom value +// - {Dates[type=XXX]} or {Dates[:NUM]} or {Dates[type=XXX][:NUM]} +// where supported values for XXX are: +// - anniversary +// - other +// - any other custom value +// - {Related[type=XXX]} or {Related[:NUM]} or {Related[type=XXX][:NUM]} +// where supported values for XXX are: +// - manager +// - assistant +// - father +// - mother +// - parent +// - brother +// - sister +// - child +// - friend +// - spouse +// - partner +// - other +// - any other custom value +// - {Profile[type=XXX]} or {Profile[:NUM]} or {Profile[type=XXX][:NUM]} +// where supported values for XXX are: +// - twitter +// - facebook +// - flickr +// - linkedin +// - myspace +// - sinaweibo +// - any other custom value +// - {IM[type=XXX]} or {IM[service-type=YYY]} or {IM[:NUM]} +// where supported values for XXX are: +// - work +// - home +// - mobileme +// - other +// - any other custom value +// and supported values for YYY are: +// - aim +// - icq +// - irc +// - jabber +// - msn +// - yahoo +// - facebook +// - gadugadu +// - googletalk +// - qq +// - skype +// - any other custom value +// +// NOTE: if you want to use the "any other custom value" option (for XXX +// or YYY above) you MUST double escape the following characters: +// =[]{}\ +// for example: +// - for profile type "=XXX=" use: '{Profile[type=\\=XXX\\=]}' +// - for profile type "\XXX\" use: '{Profile[type=\\\\XXX\\\\]}' +// +// NOTE: if you want to use curly brackets in the format string you must +// double escape it, e.g.: ['{Company}', '\\{{Department}\\}'] +// +// The format string (for the value option) is an array to allow full +// customization of the interface. For example if: +// value: ['{LastName} {MiddleName} {FirstName}'] +// and the person has no middle name, then the result in the column +// will be (without quotes): +// "Parker Peter" (note: two space characters) +// but if you use: +// value: ['{LastName}', ' {MiddleName}', ' {FirstName}'] +// then the result will be (without quotes): +// "Parker Peter" (note: only one space character) +// The reason is that only those elements of the array are appended +// into the result where non-empty substitution was performed (so the +// ' {MiddleName}' element in this case is ignored, because the person +// in the example above has no /more precisely has empty/ middle name). +// +// Examples: +// To specify two columns (named "Company" and "Department / LastName"), +// where the first will display the company name, and the second will display +// department for company contacts (with "Dep -" prefix), and lastname for +// personal contacts (with "Name -" prefix) use: +// var globalCollectionDisplay=[ +// { +// label: 'Company', +// value: ['{Company}'] +// }, +// { +// label: 'Department / LastName', +// value: { +// company: ['Dep - {Department}'], +// personal: ['Name - {LastName}'] +// } +// } +// ]; +// To specify 3 columns (named "Categories", "URL" and "IM"), where the first +// will display categories, second will display the third work URL, and third +// will display ICQ IM use: +// var globalCollectionDisplay=[ +// { +// label: 'Categories', +// value: ['{Categories}'] +// }, +// { +// label: 'URL', +// value: ['{URL[type=WORK][:2]}'] +// }, +// { +// label: 'IM', +// value: ['{IM[service-type=ICQ]}'] +// } +// ]; +// +// Recommended settings if globalGroupContactsByCompanies +// is set to false: +// var globalCollectionDisplay=[ +// { +// label: '{Name}', +// value: ['{LastName}', ' {MiddleName}', ' {FirstName}'] +// }, +// { +// label: '{Company} [{Department}]', +// value: ['{Company}', ' [{Department}]'] +// }, +// { +// label: '{JobTitle}', +// value: ['{JobTitle}'] +// }, +// { +// label: '{Email}', +// value: ['{Email[:0]}'] +// }, +// { +// label: '{Phone} 1', +// value: ['{Phone[:0]}'] +// }, +// { +// label: '{Phone} 2', +// value: ['{Phone[:1]}'] +// }, +// { +// label: '{NoteText}', +// value: ['{NoteText}'] +// } +// ]; +// +// Recommended settings if globalGroupContactsByCompanies +// is set to true: +// var globalCollectionDisplay=[ +// { +// label: '{Name}', +// value: { +// personal: ['{LastName}', ' {MiddleName}', ' {FirstName}'], +// company: ['{Company}', ' [{Department}]'] +// } +// }, +// { +// label: '{JobTitle}', +// value: ['{JobTitle}'] +// }, +// { +// label: '{Email}', +// value: ['{Email[:0]}'] +// }, +// { +// label: '{Phone} 1', +// value: ['{Phone[:0]}'] +// }, +// { +// label: '{Phone} 2', +// value: ['{Phone[:1]}'] +// }, +// { +// label: '{NoteText}', +// value: ['{NoteText}'] +// } +// ]; +// +// NOTE: if left undefined, the recommended settings will be used. + + +// globalCollectionSort +// This options sets the ordering of contacts in the interface. In general +// contacts are ordered alphabetically by an internal "sort string" which +// is created for each contact. Here you can specify how this internal string +// is created. The value is a simple array holding only the values from the +// value property defined in the globalCollectionDisplay option. +// If undefined, the definition from globalCollectionDisplay is used. +// Example: +// var globalCollectionSort = [ +// ['{LastName}'], +// ['{FirstName}'], +// ['{MiddleName}'], +// { +// company: ['{Categories}'], +// personal: ['{Company}'] +// } +// ]; +var globalCollectionSort=[ + ['{LastName}'], + ['{FirstName}'], + ['{MiddleName}'] +]; + + +// globalContactDataMinVisiblePercentage +// This option defines how the width for columns are computed. If you set +// it to 1 then 100% of all data in the column will be visible (the column +// width is determined by the longest string in the column). If you set it +// to 0.95 then 95% of data will fit into the column width, and the remaining +// 5% will be truncated (" ..."). +// Example: +var globalContactDataMinVisiblePercentage=0.95; + + diff --git a/virtual/modules/websites/tools/db/default.nix b/virtual/modules/websites/tools/db/default.nix new file mode 100644 index 0000000..20f77c7 --- /dev/null +++ b/virtual/modules/websites/tools/db/default.nix @@ -0,0 +1,23 @@ +{ lib, pkgs, config, mylibs, ... }: +let + adminer = pkgs.callPackage ../../commons/adminer.nix {}; + + cfg = config.services.myWebsites.tools.databases; +in { + options.services.myWebsites.tools.databases = { + enable = lib.mkEnableOption "enable database's website"; + }; + + config = lib.mkIf cfg.enable { + # FIXME: include it in vhostConf ? + security.acme.certs."eldiron".extraDomains."db-1.immae.eu" = null; + + services.myWebsites.tools.modules = adminer.apache.modules; + services.myWebsites.tools.vhostConfs.db-1 = { + certName = "eldiron"; + hosts = ["db-1.immae.eu" ]; + root = null; + extraConfig = [ adminer.apache.vhostConf ]; + }; + }; +} diff --git a/virtual/modules/websites/tools/git/default.nix b/virtual/modules/websites/tools/git/default.nix new file mode 100644 index 0000000..0a63013 --- /dev/null +++ b/virtual/modules/websites/tools/git/default.nix @@ -0,0 +1,46 @@ +{ lib, pkgs, config, mylibs, ... }: +let + mantisbt = pkgs.callPackage ./mantisbt/mantisbt.nix { inherit (mylibs) checkEnv fetchedGithub; }; + gitweb = pkgs.callPackage ./gitweb/gitweb.nix { gitoliteDir = config.services.myGitolite.gitoliteDir; }; + + cfg = config.services.myWebsites.tools.git; +in { + options.services.myWebsites.tools.git = { + enable = lib.mkEnableOption "enable git's website"; + }; + + config = lib.mkIf cfg.enable { + # FIXME: include it in vhostConf ? + security.acme.certs."eldiron".extraDomains."git.immae.eu" = null; + + nixpkgs.config.packageOverrides = oldpkgs: rec { + gitweb = oldpkgs.gitweb.overrideAttrs(old: { + installPhase = old.installPhase + '' + cp -r ${./gitweb/theme} $out/gitweb-theme; + ''; + }); + }; + + services.myWebsites.tools.modules = + gitweb.apache.modules ++ + mantisbt.apache.modules; + + services.myWebsites.tools.vhostConfs.git = { + certName = "eldiron"; + hosts = ["git.immae.eu" ]; + root = gitweb.webRoot; + extraConfig = [ + gitweb.apache.vhostConf + mantisbt.apache.vhostConf + '' + RewriteEngine on + RewriteCond %{REQUEST_URI} ^/releases + RewriteRule /releases(.*) https://release.immae.eu$1 [P,L] + '' + ]; + }; + services.myPhpfpm.poolConfigs = { + mantisbt = mantisbt.phpFpm.pool; + }; + }; +} diff --git a/virtual/modules/websites/tools/git/gitweb/gitweb.nix b/virtual/modules/websites/tools/git/gitweb/gitweb.nix new file mode 100644 index 0000000..7b4dcac --- /dev/null +++ b/virtual/modules/websites/tools/git/gitweb/gitweb.nix @@ -0,0 +1,64 @@ +{ gitweb, writeText, gitolite, git, gitoliteDir }: +rec { + varDir = gitoliteDir; + webRoot = gitweb; + config = writeText "gitweb.conf" '' + $git_temp = "/tmp"; + + # The directories where your projects are. Must not end with a + # slash. + $projectroot = "${varDir}/repositories"; + + $projects_list = "${varDir}/projects.list"; + $strict_export = "true"; + + # Base URLs for links displayed in the web interface. + our @git_base_url_list = qw(ssh://gitolite@git.immae.eu https://git.immae.eu); + + $feature{'blame'}{'default'} = [1]; + $feature{'avatar'}{'default'} = ['gravatar']; + $feature{'highlight'}{'default'} = [1]; + + @stylesheets = ("gitweb-theme/gitweb.css"); + $logo = "gitweb-theme/git-logo.png"; + $favicon = "gitweb-theme/git-favicon.png"; + $javascript = "gitweb-theme/gitweb.js"; + $logo_url = "https://git.immae.eu/"; + $projects_list_group_categories = "true"; + $projects_list_description_width = 60; + $project_list_default_category = "__Others__"; + ''; + apache = { + user = "wwwrun"; + group = "wwwrun"; + modules = [ "cgid" ]; + vhostConf = '' + SetEnv GIT_PROJECT_ROOT ${varDir}/repositories/ + ScriptAliasMatch \ + "(?x)^/(.*/(HEAD | \ + info/refs | \ + objects/(info/[^/]+ | \ + [0-9a-f]{2}/[0-9a-f]{38} | \ + pack/pack-[0-9a-f]{40}\.(pack|idx)) | \ + git-(upload|receive)-pack))$" \ + ${git}/libexec/git-core/git-http-backend/$1 + + + Require all granted + + + Require all granted + + + DirectoryIndex gitweb.cgi + Require all granted + AllowOverride None + Options ExecCGI FollowSymLinks + + SetHandler cgi-script + SetEnv GITWEB_CONFIG "${config}" + + + ''; + }; +} diff --git a/virtual/modules/websites/tools/git/gitweb/theme/git-favicon.png b/virtual/modules/websites/tools/git/gitweb/theme/git-favicon.png new file mode 100644 index 0000000..4fa44bb Binary files /dev/null and b/virtual/modules/websites/tools/git/gitweb/theme/git-favicon.png differ diff --git a/virtual/modules/websites/tools/git/gitweb/theme/git-logo.png b/virtual/modules/websites/tools/git/gitweb/theme/git-logo.png new file mode 100644 index 0000000..fdaf7b7 Binary files /dev/null and b/virtual/modules/websites/tools/git/gitweb/theme/git-logo.png differ diff --git a/virtual/modules/websites/tools/git/gitweb/theme/gitweb.css b/virtual/modules/websites/tools/git/gitweb/theme/gitweb.css new file mode 100644 index 0000000..83e0742 --- /dev/null +++ b/virtual/modules/websites/tools/git/gitweb/theme/gitweb.css @@ -0,0 +1,783 @@ +/* Reset +------------------------------------------------------------------------- */ + +/* Based on http://meyerweb.com/eric/tools/css/reset/ */ +/* v1.0 | 20080212 */ + +html, body, div, span, applet, object, iframe, h1, h2, h3, h4, h5, h6, p, +blockquote, pre, a, abbr, acronym, address, big, cite, code, del, dfn, em, +font, img, ins, kbd, q, s, samp, small, strike, strong, sub, sup, tt, var, b, +u, i, center, dl, dt, dd, ol, ul, li, fieldset, form, label, legend, table, +caption, tbody, tfoot, thead, tr, th, td { + margin: 0; + padding: 0; + border: 0; + outline: 0; + font-size: 100%; + vertical-align: baseline; + background: transparent; +} + +ol, ul { list-style: none; } + +blockquote, q { quotes: none; } + +blockquote:before, blockquote:after, +q:before, q:after { + content: ''; + content: none; +} + +:focus { outline: 0; } + +ins { text-decoration: none; } + +del { text-decoration: line-through; } + +table { + border-collapse: collapse; + border-spacing: 0; +} + +a { outline: none; } + +/* General +---------------------------------------------------------------------------- */ + +html { + position: relative; + min-height: 100%; +} + +body { + font: 13px Helvetica,arial,freesans,clean,sans-serif; + line-height: 1.4; + margin: 0 0 105px; + background-color: #fff; + color: #000000; +} + +/* Monospaced Fonts */ +.sha1, .mode, .diff_tree .list, .pre, .diff, .patchset { + font-family: 'Consolas','Bitstream Vera Sans Mono',monospace; +} + +a:link, a:visited { + color: #4183C4; + text-decoration: none; +} + +a:hover { + text-decoration: underline; +} + +td.list a[href*='tree'], td.list a[href*='blob'] { + padding-left: 20px; + display: block; + float: left; + height: 16px; + line-height: 16px; +} + +td.list a[href*='tree'] { + background: url() center left no-repeat; +} + +td.list a[href*='blob'] { + background: url() center left no-repeat; +} + +i { + font-style: normal; +} + +td, th { + padding: 5px; +} + +.page_nav br { + display: none; +} + +/* Page Header +---------------------------------------------------------------------------- */ + +.page_header { + height: 50px; + line-height: 50px; + position: relative; + padding: 0 27px; + margin-bottom: 20px; + font-size: 20px; + font-family: Helvetica, Arial, Freesans, Clean, sans-serif; + background: #FFFFFF; /* old browsers */ + background: -moz-linear-gradient(top, #FFFFFF 0%, #F5F5F5 100%); /* firefox */ + background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#FFFFFF), color-stop(100%,#F5F5F5)); /* webkit */ + filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#FFFFFF', endColorstr='#F5F5F5',GradientType=0 ); /* ie */ + background: -o-linear-gradient(top, #FFFFFF 0%, #F5F5F5 100%); + border-bottom: 1px solid #dfdfdf; +} + +.page_header a:link, .page_header a:visited { + color: #4183C4; + text-decoration: none; + padding: 3px; + font-weight: bold; +} + +.page_header a:hover { + font-weight: bold; + padding: 3px; + text-decoration: underline; +} + +.page_header a:first-child { + background: transparent; +} + +.page_header img.logo { + position: relative; + top: 7px; + margin-right: 5px; +} + +/* Page Footer +---------------------------------------------------------------------------- */ + +.page_footer { + position: absolute; + left: 0; + bottom: 0; + width: 100%; + height: 80px; + line-height: 80px; + margin-top: 15px; + background: #f1f1f1; + border-top: 2px solid #ddd; + border-bottom: 1px solid #ddd; +} + +.page_footer_text { + color: #666; + display: inline; + float: left; + margin-left: 25px; + width: 80%; + overflow: hidden; + white-space: nowrap; + text-overflow: ellipsis; +} + +a.rss_logo { + float: right; + padding: 3px 1px; + width: 35px; + line-height: 10px; + border: 1px solid; + border-color: #fcc7a5 #7d3302 #3e1a01 #ff954e; + color: #ffffff; + background-color: #ff6600; + font-weight: bold; + font-family: sans-serif; + font-size: 80%; + text-align: center; + text-decoration: none; + margin-top: 30px; + margin-left: 5px; +} + +a.rss_logo:hover { + background-color: #ee5500; +} + +.rss_logo { + margin-right: 25px; + background: yellow; +} + +.rss_logo:last-child { + margin-right: 5px; +} + +/* Index include +---------------------------------------------------------------------------- */ + +.index_include { + width: 95%; + margin: 0 auto 15px; + background: -moz-linear-gradient(center top , #FFFFFF 0%, #F5F5F5 100%) repeat scroll 0 0 transparent; + border: 1px solid #DFDFDF; + padding: 8px; + -webkit-box-sizing: border-box; + -moz-box-sizing: border-box; + box-sizing: border-box; +} + +/* Elements +---------------------------------------------------------------------------- */ + +.project_list, +.shortlog, +.tree, +.commit_search, +.history { + width: 95%; + margin: 0 auto 15px auto; + border: 1px solid #d8d8d8; + -moz-box-shadow: 0 0 3px rgba(0,0,0,0.2); + -webkit-box-shadow: 0 0 3px rgba(0,0,0,0.2); + box-shadow: 0 0 3px rgba(0,0,0,0.2); +} + +.project_list th, +.shortlog th, +.tree th, +.commit_search th { + color: #afafaf; + font-weight: normal; +} + +.project_list th { + font-weight: bold; +} + +.project_list tr, +.shortlog tr, +.tree tr, +.commit_search tr { + background: #eaeaea; + height: 2.5em; + text-align: left; + color: #545454; +} + +.project_list tr.dark, .project_list tr.light, +.shortlog tr.dark, .shortlog tr.light, +.tree tr.dark, .tree tr.light, +.commit_search tr.dark, .commit_search tr.light, +.history tr.dark, .history tr.light, +.heads tr.dark, .heads tr.light { + background: #F9F9F9; /* old browsers */ + background: -moz-linear-gradient(top, #F9F9F9 0%, #EFEFEF 100%); /* firefox */ + background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#F9F9F9), color-stop(100%,#EFEFEF)); /* webkit */ + filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#F9F9F9', endColorstr='#EFEFEF',GradientType=0 ); /* ie */ + background: -o-linear-gradient(top, #F9F9F9 0%, #EFEFEF 100%); + height: 2.5em; + border-bottom: 1px solid #e1e1e1; +} + +th .header { + background: transparent; + border: 0; + padding: 0; + font-weight: bold; +} + +.tree { + width: 100%; + margin: 0; +} + +.projsearch { + position: absolute; + right: 4%; + top: 15px; +} + +.projsearch a { + display: none; +} + +.commit_search { + background: #eaeaea; +} + +.page_nav, +.list_head, +.page_path, +.search { + width: 94%; + background: #eaeaea; + color: #545454; + border: 1px solid #d8d8d8; + padding: 5px; + margin: 0 auto 15px auto; +} + +.history { + background: #eaeaea; +} + +.title { + margin: 0 auto 15px auto; + padding: 5px; + width: 95%; +} + +.readme { + background: #eaf2f5; + border: 1px solid #bedce7; + -moz-box-sizing: border-box; + -webkit-box-sizing: border-box; + box-sizing: border-box; + margin: 0 auto 15px auto; + padding: 15px; + width: 95%; +} + +.readme h1 { + display: block; + font-size: 2em; + font-weight: bold; + margin-bottom: 0.67em; + margin-top: 0; +} + +.readme h2 { + font-size: 1.5em; + font-weight: bold; + margin-bottom: 0.83em; +} + + +.readme h3 { + font-size: 1.17em; + font-weight: bold; + margin-bottom: 1em; +} + +.readme p { + margin-bottom: 1em; +} + +.readme ul { + list-style: disc; + margin-bottom: 1em; + margin-left: 1.5em; +} + +.readme ul ul { + margin-bottom: 0; +} + +.readme ol { + list-style: decimal; + margin-bottom: 1em; + margin-left: 1.5em; +} + +.readme ol ol { + margin-bottom: 0; +} + +.readme pre { + font-family: monospace; + margin: 1em 0; + white-space: pre; +} + +.readme tt, .readme code, .readme kbd, .readme samp { + font-family: monospace; +} + +.readme blockquote { + margin: 1em; +} + +.projects_list, +.tags { + width: 95%; + background: #f0f0f0; + color: #545454; + border: 1px solid #d8d8d8; + padding: 5px; + margin: 0 auto 15px auto; +} + +.heads { + width: 95%; + color: #545454; + border: 1px solid #d8d8d8; + padding: 5px; + margin: 0 auto 15px auto; +} + +.header { + width: 94%; + margin: 0 auto 15px auto; + background: #eaf2f5; + border: 1px solid #bedce7; + padding: 5px; +} + +.header .age { + float: left; + color: #000; + font-weight: bold; + width: 10em; +} + +.title_text { + width: 94%; + background: #eaf2f5; + border: 1px solid #bedce7; + padding: 5px; + margin: 0 auto 0 auto; +} + +.log_body { + width: 94%; + background: #eaf2f5; + border: 1px solid #bedce7; + border-top: 0; + padding: 5px; + margin: 0 auto 15px auto; +} + +.page_body { + line-height: 1.4em; + width: 94%; + background: #f8f8f8; + border: 1px solid #d8d8d8; + padding: 5px; + margin: 15px auto 15px auto; +} + +.diff_tree { + width: 95%; + background: #f0f0f0; + border: 1px solid #d8d8d8; + padding: 5px; + margin: 0 auto 15px auto; +} + +.page_body > .list_head { + width: 98.5%; +} + +.page_body > .diff_tree { + width: 99.5%; +} + +.patch > .header { + width: 99%; +} + +.author .avatar, +.author_date .avatar { + position: relative; + top: 3px; +} + +.object_header .avatar { + border: 1px solid #D8D8D8; + float: right; +} + +.object_header td, +.object_header th { + vertical-align: top; +} + +/* Refs +---------------------------------------------------------------------------- */ + +span.refs span { + color: #707070; + display: inline-block; + margin: 0; + background-color: #eee; + border: 1px solid #ccc; + border-radius: 3px; + height: 18px; + padding: 0 6px; + text-overflow: ellipsis; +} + +span.refs span.ref { + color: #707070; + display: inline-block; + margin: 0; + background-color: #c4c4ff; + border: 1px solid #7878ff; + border-radius: 3px; + height: 18px; + padding: 0 6px; + text-overflow: ellipsis; + background-image: url(); + background-repeat: no-repeat; + padding-left: 18px; +} + +span.refs span.tag { + color: #707070; + display: inline-block; + margin: 0; + background-color: #ffffab; + border: 1px solid #d9d93b; + border-radius: 3px; + height: 18px; + padding: 0 6px; + text-overflow: ellipsis; + background-image: url(); + background-repeat: no-repeat; + padding-left: 18px; +} + +span.refs span.head { + color: #707070; + display: inline-block; + margin: 0; + background-color: #c4ffc4; + border: 1px solid #78ff78; + border-radius: 3px; + height: 18px; + padding: 0 6px; + text-overflow: ellipsis; + background-image: url(); + background-repeat: no-repeat; + padding-left: 18px; +} + +span.refs a { + color: #4e4e4e; + font: 11px "Bitstream Vera Sans Mono", "DejaVu Sans Mono", Monaco, monospace; + line-height: 18px; +} + +/* Diffs +---------------------------------------------------------------------------- */ + +div.diff.to_file a.path, +div.diff.to_file { + color: #007000; +} + +div.diff.from_file a.path, +div.diff.from_file { + color: #aa0000; +} + +.patch .header { + margin: 0; +} + +.patchset { + overflow-x: auto; + overflow-y: hidden; +} + +.chunk_header { + background: #eaf2f5; + color: #999; +} + +.rem { + background: #ffdddd; +} +.rem .marked { + background: #ffaaaa; +} +.add { + background: #ddffdd; +} +.add .marked { + background: #7dff7d; +} + +.extended_header { + width: 99.5%; +} + +div.chunk_block { + overflow: hidden; +} + +div.chunk_block div.old { + float: left; + width: 50%; + overflow: hidden; + border-right: 5px solid #EAF2F5; +} + +div.chunk_block.rem, +div.chunk_block.add { + background: transparent; +} + +div.chunk_block div.old .add, +div.chunk_block div.old .rem { + padding-right: 3px; +} + +div.chunk_block div.new .add, +div.chunk_block div.new .rem { + padding-left: 3px; +} + +div.chunk_block div.new { + margin-left: 50%; + width: 50%; + border-left: 5px solid #EAF2F5; +} + +/* Category +---------------------------------------------------------------------------- */ + +td.category { + background: #E6F1F6; /* old browsers */ + background: -moz-linear-gradient(top, #C8D8E7 0%, #E6F1F3 100%); /* firefox */ + background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#C8D8E7), color-stop(100%,#E6F1F3)); /* webkit */ + filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#C8D8E7', endColorstr='#E6F1F3',GradientType=0 ); /* ie */ + background: -o-linear-gradient(top, #C8D8E7 0%, #E6F1F3 100%); + font-weight: bold; + border-bottom: 1px solid #D1D1D1; + border-top: 1px solid #D1D1D1; +} + +/* Age +---------------------------------------------------------------------------- */ + +/* noage: "No commits" */ +.project_list td.noage { + color: #cdcdcd; +} + +/* age2: 60*60*24*2 <= age */ +.project_list td.age2, .blame td.age2 { + color: #545454; +} + +/* age1: 60*60*2 <= age < 60*60*24*2 */ +.project_list td.age1 { + color: #009900; +} + +/* age0: age < 60*60*2 */ +.project_list td.age0 { + color: #009900; + font-weight: bold; +} + +/* File status +---------------------------------------------------------------------------- */ + +.diff_tree span.file_status.new { + color: #008000; +} + +table.diff_tree span.file_status.deleted { + color: #c00000; +} + +table.diff_tree span.file_status.moved, +table.diff_tree span.file_status.mode_chnge { + color: #545454; +} + +table.diff_tree span.file_status.copied { + color: #70a070; +} + +span.cntrl { + border: dashed #aaaaaa; + border-width: 1px; + padding: 0px 2px 0px 2px; + margin: 0px 2px 0px 2px; +} + +span.match { + background: #aaffaa; + color: #000; +} + +td.error { + color: red; + background: yellow; +} + +/* blob view */ + +td.pre, div.pre, div.diff { + white-space: pre-wrap; +} + +/* JavaScript-based timezone manipulation */ + +.popup { /* timezone selection UI */ + position: absolute; + /* "top: 0; right: 0;" would be better, if not for bugs in browsers */ + top: 0; left: 0; + border: 1px solid #d8d8d8; + padding: 2px; + background-color: #f0f0f0; + font-style: normal; + color: #545454; + cursor: auto; +} + +.close-button { /* close timezone selection UI without selecting */ + /* float doesn't work within absolutely positioned container, + * if width of container is not set explicitly */ + /* float: right; */ + position: absolute; + top: 0px; right: 0px; + border: 1px solid #ffaaaa; + margin: 1px 1px 1px 1px; + padding-bottom: 2px; + width: 12px; + height: 10px; + font-size: 9px; + font-weight: bold; + text-align: center; + background-color: #ffdddd; + cursor: pointer; +} + +/* Style definition generated by highlight 2.4.5, http://www.andre-simon.de/ */ + +/* Highlighting theme definition: */ + +.num { color:#6ecf36; } +.esc { color:#ff00ff; } +.str { color:#ff00d3; background-color: #edc9ec } +.dstr { color:#818100; } +.slc { color:#838183; font-style:italic; } +.com { color:#838183; font-style:italic; } +.dir { color:#008200; } +.sym { color:#000000; } +.line { color:#555555; } +.kwa { color:#666666; font-weight:bold; } +.kwb { color:#6b3099; } +.kwc { color:#d4663d; } +.kwd { color:#2928ff; } + +/**** Styles supplémentaires *****/ + +.readme div.toc { + float: right; + border: 1px solid black; + background-color: white; +} +.readme div.toc span.toctitle { + display: inline-block; + width: 100%; + text-align: center; + font-weight: bold; +} + +.readme table { + background-color: white; +} + +.readme table thead tr { + background-color: #ccc; +} + +.readme table tbody tr:nth-child(2n) { + background-color: #f8f8f8; +} + +.readme table td, .readme table th { + border: 1px solid black; +} diff --git a/virtual/modules/websites/tools/git/gitweb/theme/gitweb.js b/virtual/modules/websites/tools/git/gitweb/theme/gitweb.js new file mode 100644 index 0000000..72f3cfa --- /dev/null +++ b/virtual/modules/websites/tools/git/gitweb/theme/gitweb.js @@ -0,0 +1,27 @@ +function include(filename, onload) { + var head = document.getElementsByTagName('head')[0]; + var script = document.createElement('script'); + script.src = filename; + script.type = 'text/javascript'; + script.onload = script.onreadystatechange = function() { + if (script.readyState) { + if (script.readyState === 'complete' || script.readyState === 'loaded') { + script.onreadystatechange = null; + onload(); + } + } + else { + onload(); + } + } + head.appendChild(script); +} + +include('static/gitweb.js', function() {}); +include('//code.jquery.com/jquery-3.1.0.min.js', function() { + $("div.title").each(function(index, element) { + if ($(element).text() === "readme" || $(element).text() === " ") { + $(element).hide(); + } + }); +}); diff --git a/virtual/modules/websites/tools/git/mantisbt/mantisbt-plugin-slack.json b/virtual/modules/websites/tools/git/mantisbt/mantisbt-plugin-slack.json new file mode 100644 index 0000000..54ea38b --- /dev/null +++ b/virtual/modules/websites/tools/git/mantisbt/mantisbt-plugin-slack.json @@ -0,0 +1,15 @@ +{ + "tag": "9286d2e-master", + "meta": { + "name": "mantisbt-plugin-slack", + "url": "https://github.com/mantisbt-plugins/Slack", + "branch": "master" + }, + "github": { + "owner": "mantisbt-plugins", + "repo": "Slack", + "rev": "9286d2eeeb8a986ed949e378711fef5f0bf182dc", + "sha256": "0nn0v4jc967giilkzrppi5svd04m2hnals75xxp0iabcdjnih0mn", + "fetchSubmodules": true + } +} diff --git a/virtual/modules/websites/tools/git/mantisbt/mantisbt-plugin-source-integration.json b/virtual/modules/websites/tools/git/mantisbt/mantisbt-plugin-source-integration.json new file mode 100644 index 0000000..e36a68c --- /dev/null +++ b/virtual/modules/websites/tools/git/mantisbt/mantisbt-plugin-source-integration.json @@ -0,0 +1,15 @@ +{ + "tag": "v2.1.5", + "meta": { + "name": "mantisbt-plugin-source-integration", + "url": "https://github.com/mantisbt-plugins/source-integration", + "branch": "refs/tags/v2.1.5" + }, + "github": { + "owner": "mantisbt-plugins", + "repo": "source-integration", + "rev": "a48039a20abc50864e0e68c0c843b27058404386", + "sha256": "07g6q3hivmnd94r47pp0snk5bv4pa3piwclc9qhj612i4wnsazsk", + "fetchSubmodules": true + } +} diff --git a/virtual/modules/websites/tools/git/mantisbt/mantisbt-plugin-source-integration_Source.API.php.diff b/virtual/modules/websites/tools/git/mantisbt/mantisbt-plugin-source-integration_Source.API.php.diff new file mode 100644 index 0000000..c355144 --- /dev/null +++ b/virtual/modules/websites/tools/git/mantisbt/mantisbt-plugin-source-integration_Source.API.php.diff @@ -0,0 +1,12 @@ +--- b/Source/Source.API.php 2017-09-18 00:50:32.000000000 +0200 ++++ a/Source/Source.API.php 2018-03-04 19:00:25.578889039 +0100 +@@ -452,6 +452,9 @@ + # Allow other plugins to post-process commit data + event_signal( 'EVENT_SOURCE_COMMITS', array( $p_changesets ) ); + event_signal( 'EVENT_SOURCE_FIXED', array( $t_fixed_bugs ) ); ++ foreach( $t_fixed_bugs as $t_bug_id => $t_changeset ) { ++ event_signal( 'EVENT_BUG_ACTION', array('RESOLVE', $t_bug_id) ); ++ } + } + + /** diff --git a/virtual/modules/websites/tools/git/mantisbt/mantisbt.nix b/virtual/modules/websites/tools/git/mantisbt/mantisbt.nix new file mode 100644 index 0000000..009c902 --- /dev/null +++ b/virtual/modules/websites/tools/git/mantisbt/mantisbt.nix @@ -0,0 +1,124 @@ +{ lib, checkEnv, writeText, stdenv, fetchurl, fetchedGithub }: +let + # FIXME: check that source-integration and slack still work + mantisbt = let + plugins = { + slack = stdenv.mkDerivation (fetchedGithub ./mantisbt-plugin-slack.json // rec { + installPhase = '' + sed -i -e "s/return '@' . \\\$username;/return \\\$username;/" Slack.php + cp -a . $out + ''; + }); + source-integration = stdenv.mkDerivation (fetchedGithub ./mantisbt-plugin-source-integration.json // rec { + installPhase = '' + mkdir $out + patch -p1 < ${./mantisbt-plugin-source-integration_Source.API.php.diff} + cp -a Source* $out/ + ''; + }); + }; + in rec { + config = + assert checkEnv "NIXOPS_MANTISBT_DB_PASSWORD"; + assert checkEnv "NIXOPS_MANTISBT_MASTER_SALT"; + assert checkEnv "NIXOPS_MANTISBT_LDAP_PASSWORD"; + writeText "config_inc.php" '' + + DirectoryIndex index.php + + SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" + + + AllowOverride All + Options FollowSymlinks + Require all granted + + + #Reenable during upgrade + Require all denied + + ''; + }; + phpFpm = rec { + basedir = builtins.concatStringsSep ":" ( + [ webRoot config ] + ++ lib.attrsets.mapAttrsToList (name: value: value) plugins); + socket = "/var/run/phpfpm/mantisbt.sock"; + pool = '' + listen = ${socket} + user = ${apache.user} + group = ${apache.group} + listen.owner = ${apache.user} + listen.group = ${apache.group} + pm = ondemand + pm.max_children = 60 + pm.process_idle_timeout = 60 + + php_admin_value[upload_max_filesize] = 5000000 + + php_admin_value[open_basedir] = "${basedir}:/tmp" + php_admin_value[session.save_path] = "/var/lib/php/sessions/mantisbt" + ''; + }; + }; +in + mantisbt diff --git a/virtual/modules/websites/tools/git/mantisbt/patches/bug_report.php.diff b/virtual/modules/websites/tools/git/mantisbt/patches/bug_report.php.diff new file mode 100644 index 0000000..a520043 --- /dev/null +++ b/virtual/modules/websites/tools/git/mantisbt/patches/bug_report.php.diff @@ -0,0 +1,20 @@ +--- a/bug_report.php 2018-02-10 21:29:27.000000000 +0100 ++++ b/bug_report.php 2018-03-03 15:04:19.622499678 +0100 +@@ -149,6 +149,17 @@ + access_ensure_project_level( config_get( 'update_bug_assign_threshold' ) ); + } + ++# begin captcha check for anon user ++if ( current_user_is_anonymous() && get_gd_version() > 0 ) { ++ $f_captcha = gpc_get_string( 'captcha', '' ); ++ $f_captcha = utf8_strtolower( trim( $f_captcha ) ); ++ ++ $t_securimage = new Securimage(); ++ if( $t_securimage->check( $f_captcha ) == false ) { ++ trigger_error( ERROR_SIGNUP_NOT_MATCHING_CAPTCHA, ERROR ); ++ } ++} ++ + # if a profile was selected then let's use that information + if( 0 != $t_bug_data->profile_id ) { + if( profile_is_global( $t_bug_data->profile_id ) ) { diff --git a/virtual/modules/websites/tools/git/mantisbt/patches/bug_report_page.php.diff b/virtual/modules/websites/tools/git/mantisbt/patches/bug_report_page.php.diff new file mode 100644 index 0000000..80dea91 --- /dev/null +++ b/virtual/modules/websites/tools/git/mantisbt/patches/bug_report_page.php.diff @@ -0,0 +1,53 @@ +--- a/bug_report_page.php 2018-02-10 21:29:27.000000000 +0100 ++++ b/bug_report_page.php 2018-03-03 15:04:19.622499678 +0100 +@@ -708,7 +708,50 @@ + + + + ++ 0 ) { ++ $t_securimage_path = 'vendor/dapphp/securimage'; ++ $t_securimage_show = $t_securimage_path . '/securimage_show.php'; ++ $t_securimage_play = $t_securimage_path . '/securimage_play.swf?' ++ . http_build_query( array( ++ 'audio_file' => $t_securimage_path . '/securimage_play.php', ++ 'bgColor1=' => '#fff', ++ 'bgColor2=' => '#fff', ++ 'iconColor=' => '#777', ++ 'borderWidth=' => 1, ++ 'borderColor=' => '#000', ++ ) ); ++?> ++ ++ CAPTCHA ++ ++ ++ ++ ++ ++ ++ ++ visual captcha ++
++
++ ++ ++ ++ ++
++ ++ ++ ++ + + + diff --git a/virtual/modules/websites/tools/git/mantisbt/patches/bugnote_add.php.diff b/virtual/modules/websites/tools/git/mantisbt/patches/bugnote_add.php.diff new file mode 100644 index 0000000..4509f0a --- /dev/null +++ b/virtual/modules/websites/tools/git/mantisbt/patches/bugnote_add.php.diff @@ -0,0 +1,20 @@ +--- a/bugnote_add.php 2018-02-10 21:29:27.000000000 +0100 ++++ b/bugnote_add.php 2018-03-03 15:13:12.439919511 +0100 +@@ -44,6 +44,17 @@ + + $t_query = array( 'issue_id' => $f_bug_id ); + ++# begin captcha check for anon user ++if ( current_user_is_anonymous() && get_gd_version() > 0 ) { ++ $f_captcha = gpc_get_string( 'captcha', '' ); ++ $f_captcha = utf8_strtolower( trim( $f_captcha ) ); ++ ++ $t_securimage = new Securimage(); ++ if( $t_securimage->check( $f_captcha ) == false ) { ++ trigger_error( ERROR_SIGNUP_NOT_MATCHING_CAPTCHA, ERROR ); ++ } ++} ++ + if( count( $f_files ) > 0 && is_blank( $f_text ) && helper_duration_to_minutes( $f_duration ) == 0 ) { + $t_payload = array( + 'files' => helper_array_transpose( $f_files ) diff --git a/virtual/modules/websites/tools/git/mantisbt/patches/bugnote_add_inc.php.diff b/virtual/modules/websites/tools/git/mantisbt/patches/bugnote_add_inc.php.diff new file mode 100644 index 0000000..a8589c7 --- /dev/null +++ b/virtual/modules/websites/tools/git/mantisbt/patches/bugnote_add_inc.php.diff @@ -0,0 +1,52 @@ +--- a/bugnote_add_inc.php 2018-02-10 21:29:27.000000000 +0100 ++++ b/bugnote_add_inc.php 2018-03-03 15:14:27.332428557 +0100 +@@ -119,6 +119,49 @@ + + + ++ 0 ) { ++ $t_securimage_path = 'vendor/dapphp/securimage'; ++ $t_securimage_show = $t_securimage_path . '/securimage_show.php'; ++ $t_securimage_play = $t_securimage_path . '/securimage_play.swf?' ++ . http_build_query( array( ++ 'audio_file' => $t_securimage_path . '/securimage_play.php', ++ 'bgColor1=' => '#fff', ++ 'bgColor2=' => '#fff', ++ 'iconColor=' => '#777', ++ 'borderWidth=' => 1, ++ 'borderColor=' => '#000', ++ ) ); ++?> ++ ++ CAPTCHA ++ ++ ++ ++ ++ ++ ++ ++ visual captcha ++
++
++ ++ ++ ++ ++
++ ++ ++ ++ + + array("verify_peer" => false)); + $config['smtp_server'] = 'tls://mail.immae.eu'; + + $config['imap_cache'] = 'db'; + $config['messages_cache'] = 'db'; + + $config['support_url'] = '''; + + $config['des_key'] = '${builtins.getEnv "NIXOPS_ROUNDCUBEMAIL_SECRET"}'; + + $config['plugins'] = array(); + + $config['language'] = 'fr_FR'; + + $config['drafts_mbox'] = 'Mail/Drafts'; + $config['junk_mbox'] = 'Mail/Spam'; + $config['sent_mbox'] = 'Mail/sent'; + $config['trash_mbox'] = '''; + $config['default_folders'] = array('INBOX', 'Mail/Drafts', 'Mail/sent', 'Mail/Spam', '''); + $config['draft_autosave'] = 60; + $config['enable_installer'] = false; + $config['log_driver'] = 'stdout'; + $config['temp_dir'] = '${varDir}/cache'; + $config['debug_level'] = 1; + ''; + webRoot = stdenv.mkDerivation rec { + version = "1.3.8"; + name = "roundcubemail-${version}"; + src= fetchurl { + url = "https://github.com/roundcube/roundcubemail/releases/download/${version}/${name}-complete.tar.gz"; + sha256 = "018djad7ygfl9c9f2l2j42qkg31ml3hs2f01f0dk361zckwk77n4"; + }; + buildPhase = '' + sed -i \ + -e "s|RCUBE_INSTALL_PATH . 'temp.*|'${varDir}/cache';|" \ + config/defaults.inc.php + ''; + installPhase = '' + cp -a . $out + ln -s ${config} $out/config/config.inc.php + ${builtins.concatStringsSep "\n" ( + lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/plugins/${name}") plugins + )} + ''; + }; + apache = { + user = "wwwrun"; + group = "wwwrun"; + modules = [ "proxy_fcgi" ]; + vhostConf = '' + Alias /roundcube "${webRoot}" + + DirectoryIndex index.php + AllowOverride All + Options FollowSymlinks + Require all granted + + + SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" + + + ''; + }; + phpFpm = rec { + basedir = builtins.concatStringsSep ":" ( + [ webRoot config varDir ] + ++ lib.attrsets.mapAttrsToList (name: value: value) plugins); + socket = "/var/run/phpfpm/roundcubemail.sock"; + pool = '' + listen = ${socket} + user = ${apache.user} + group = ${apache.group} + listen.owner = ${apache.user} + listen.group = ${apache.group} + pm = ondemand + pm.max_children = 60 + pm.process_idle_timeout = 60 + + ; Needed to avoid clashes in browser cookies (same domain) + php_value[session.name] = RoundcubemailPHPSESSID + php_admin_value[open_basedir] = "${basedir}:/tmp" + php_admin_value[session.save_path] = "${varDir}/phpSessions" + ''; + }; + }; +in + roundcubemail diff --git a/virtual/modules/websites/tools/tools/tt-rss.json b/virtual/modules/websites/tools/tools/tt-rss.json new file mode 100644 index 0000000..e2731b0 --- /dev/null +++ b/virtual/modules/websites/tools/tools/tt-rss.json @@ -0,0 +1,14 @@ +{ + "tag": "986ca25-master", + "meta": { + "name": "tt-rss", + "url": "https://git.tt-rss.org/fox/tt-rss.git", + "branch": "master" + }, + "git": { + "url": "https://git.tt-rss.org/fox/tt-rss.git", + "rev": "986ca251f995f7754a0470d3e0c44538a545081f", + "sha256": "0xkafkh7l9zazm5d6snlq03kdfxfhkb4c8fdsb32wn8b9bhdzf5s", + "fetchSubmodules": true + } +} diff --git a/virtual/modules/websites/tools/tools/ttrss-af-feedmod_type_replace.patch b/virtual/modules/websites/tools/tools/ttrss-af-feedmod_type_replace.patch new file mode 100644 index 0000000..d622577 --- /dev/null +++ b/virtual/modules/websites/tools/tools/ttrss-af-feedmod_type_replace.patch @@ -0,0 +1,12 @@ +--- a/init.php 2014-06-16 14:21:06.995480038 +0200 ++++ b/init.php 2014-06-16 14:22:00.151027654 +0200 +@@ -147,6 +147,9 @@ + } + } + break; ++ case 'replace': ++ $article['content'] = preg_replace("/".$config['pattern']."/",$config['replacement'],$article['content']); ++ break; + + default: + // unknown type or invalid config diff --git a/virtual/modules/websites/tools/tools/ttrss-af_feedmod.json b/virtual/modules/websites/tools/tools/ttrss-af_feedmod.json new file mode 100644 index 0000000..e57fcce --- /dev/null +++ b/virtual/modules/websites/tools/tools/ttrss-af_feedmod.json @@ -0,0 +1,15 @@ +{ + "tag": "0ea2092-master", + "meta": { + "name": "ttrss-af_feedmod", + "url": "https://github.com/mbirth/ttrss_plugin-af_feedmod", + "branch": "master" + }, + "github": { + "owner": "mbirth", + "repo": "ttrss_plugin-af_feedmod", + "rev": "0ea2092dd34067ecd898802cfca3570023d1ecfe", + "sha256": "02ibf47zcrsc2rr45wsix8gxyyf371davj8n8i0gj1zdq95klvnv", + "fetchSubmodules": true + } +} diff --git a/virtual/modules/websites/tools/tools/ttrss-auth-ldap.json b/virtual/modules/websites/tools/tools/ttrss-auth-ldap.json new file mode 100644 index 0000000..c8aaab5 --- /dev/null +++ b/virtual/modules/websites/tools/tools/ttrss-auth-ldap.json @@ -0,0 +1,15 @@ +{ + "tag": "4d751b0-master", + "meta": { + "name": "ttrss-auth-ldap", + "url": "https://github.com/hydrian/TTRSS-Auth-LDAP", + "branch": "master" + }, + "github": { + "owner": "hydrian", + "repo": "TTRSS-Auth-LDAP", + "rev": "4d751b095c29a8dbe2dc7bb07777742956136e94", + "sha256": "0b9fl86acrzpcv41r7pj3bl8b3n72hpkdywzx9zjyfqv5pskxyim", + "fetchSubmodules": true + } +} diff --git a/virtual/modules/websites/tools/tools/ttrss-feediron.json b/virtual/modules/websites/tools/tools/ttrss-feediron.json new file mode 100644 index 0000000..5dbec92 --- /dev/null +++ b/virtual/modules/websites/tools/tools/ttrss-feediron.json @@ -0,0 +1,15 @@ +{ + "tag": "407168c-master", + "meta": { + "name": "ttrss-feediron", + "url": "https://github.com/m42e/ttrss_plugin-feediron", + "branch": "master" + }, + "github": { + "owner": "m42e", + "repo": "ttrss_plugin-feediron", + "rev": "407168c628880b5ced572cc549db6d50e866d3c8", + "sha256": "17b95ifpcph6m03hjd1mhi8gi1hw9yd3fnffmw66fqr5c9l3zd9r", + "fetchSubmodules": true + } +} diff --git a/virtual/modules/websites/tools/tools/ttrss-feediron_json_reformat.patch b/virtual/modules/websites/tools/tools/ttrss-feediron_json_reformat.patch new file mode 100644 index 0000000..e1c44d9 --- /dev/null +++ b/virtual/modules/websites/tools/tools/ttrss-feediron_json_reformat.patch @@ -0,0 +1,18 @@ +diff --git a/init.php b/init.php +index 3c0f2f9..1aad146 100644 +--- a/init.php ++++ b/init.php +@@ -600,10 +600,11 @@ class Feediron extends Plugin implements IHandler + return false; + } + +- $this->host->set($this, 'json_conf', Feediron_Json::format($json_conf)); ++ $new_conf = json_encode(json_decode($json_conf), JSON_PRETTY_PRINT); ++ $this->host->set($this, 'json_conf', $new_conf); + $json_reply['success'] = true; + $json_reply['message'] = __('Configuration saved.'); +- $json_reply['json_conf'] = Feediron_Json::format($json_conf); ++ $json_reply['json_conf'] = $new_conf; + echo json_encode($json_reply); + } + diff --git a/virtual/modules/websites/tools/tools/ttrss-ff_instagram.json b/virtual/modules/websites/tools/tools/ttrss-ff_instagram.json new file mode 100644 index 0000000..1f241b9 --- /dev/null +++ b/virtual/modules/websites/tools/tools/ttrss-ff_instagram.json @@ -0,0 +1,15 @@ +{ + "tag": "0366ffb-master", + "meta": { + "name": "ttrss-ff_instagram", + "url": "https://github.com/wltb/ff_instagram", + "branch": "master" + }, + "github": { + "owner": "wltb", + "repo": "ff_instagram", + "rev": "0366ffb18c4d490c8fbfba2f5f3367a5af23cfe8", + "sha256": "0vvzl6wi6jmrqknsfddvckjgsgfizz1d923d1nyrpzjfn6bda1vk", + "fetchSubmodules": true + } +} diff --git a/virtual/modules/websites/tools/tools/ttrss-tumblr_gdpr_ua.json b/virtual/modules/websites/tools/tools/ttrss-tumblr_gdpr_ua.json new file mode 100644 index 0000000..eafbcfe --- /dev/null +++ b/virtual/modules/websites/tools/tools/ttrss-tumblr_gdpr_ua.json @@ -0,0 +1,15 @@ +{ + "tag": "287c584-master", + "meta": { + "name": "ttrss-tumblr_gdpr_ua", + "url": "https://github.com/hkockerbeck/ttrss-tumblr-gdpr-ua", + "branch": "master" + }, + "github": { + "owner": "hkockerbeck", + "repo": "ttrss-tumblr-gdpr-ua", + "rev": "287c584e68845d524f920156bff0b2eaa6f65117", + "sha256": "1fviawgcclqky4k4xv1sqzvpb8i74w9f0pclm09m78s8l85wh9py", + "fetchSubmodules": true + } +} diff --git a/virtual/modules/websites/tools/tools/ttrss.nix b/virtual/modules/websites/tools/tools/ttrss.nix new file mode 100644 index 0000000..f7b0f61 --- /dev/null +++ b/virtual/modules/websites/tools/tools/ttrss.nix @@ -0,0 +1,182 @@ +{ lib, php, checkEnv, writeText, stdenv, fetchedGit, fetchedGithub }: +let + ttrss = let + plugins = { + auth_ldap = stdenv.mkDerivation (fetchedGithub ./ttrss-auth-ldap.json // rec { + installPhase = '' + mkdir $out + cp plugins/auth_ldap/init.php $out + ''; + }); + af_feedmod = stdenv.mkDerivation (fetchedGithub ./ttrss-af_feedmod.json // rec { + patches = [ ./ttrss-af-feedmod_type_replace.patch ]; + installPhase = '' + mkdir $out + cp init.php $out + ''; + }); + feediron = stdenv.mkDerivation (fetchedGithub ./ttrss-feediron.json // rec { + patches = [ ./ttrss-feediron_json_reformat.patch ]; + installPhase = '' + mkdir $out + cp -a . $out + ''; + }); + ff_instagram = stdenv.mkDerivation (fetchedGithub ./ttrss-ff_instagram.json // rec { + installPhase = '' + mkdir $out + cp -a . $out + ''; + }); + tumblr_gdpr_ua = stdenv.mkDerivation (fetchedGithub ./ttrss-tumblr_gdpr_ua.json // rec { + installPhase = '' + mkdir $out + cp -a . $out + ''; + }); + }; + in rec { + varDir = "/var/lib/ttrss"; + # FIXME: initial sync + activationScript = { + deps = [ "wrappers" ]; + text = '' + install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ + ${varDir}/lock ${varDir}/cache ${varDir}/feed-icons + install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}/cache/export/ \ + ${varDir}/cache/feeds/ \ + ${varDir}/cache/images/ \ + ${varDir}/cache/js/ \ + ${varDir}/cache/simplepie/ \ + ${varDir}/cache/upload/ + touch ${varDir}/feed-icons/index.html + install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions + ''; + }; + config = + # FIXME: LOG_DESTINATION syslog? + assert checkEnv "NIXOPS_TTRSS_DB_PASSWORD"; + assert checkEnv "NIXOPS_TTRSS_LDAP_PASSWORD"; + writeText "config.php" '' + + DirectoryIndex index.php + + SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" + + + AllowOverride All + Options FollowSymlinks + Require all granted + + ''; + }; + phpFpm = rec { + basedir = builtins.concatStringsSep ":" ( + [ webRoot config varDir ] + ++ lib.attrsets.mapAttrsToList (name: value: value) plugins); + socket = "/var/run/phpfpm/ttrss.sock"; + pool = '' + listen = ${socket} + user = ${apache.user} + group = ${apache.group} + listen.owner = ${apache.user} + listen.group = ${apache.group} + pm = ondemand + pm.max_children = 60 + pm.process_idle_timeout = 60 + + ; Needed to avoid clashes in browser cookies (same domain) + php_value[session.name] = TtrssPHPSESSID + php_admin_value[open_basedir] = "${basedir}:/tmp" + php_admin_value[session.save_path] = "${varDir}/phpSessions" + ''; + }; + }; +in + ttrss diff --git a/virtual/modules/websites/tools/tools/ympd.nix b/virtual/modules/websites/tools/tools/ympd.nix new file mode 100644 index 0000000..74bf2e5 --- /dev/null +++ b/virtual/modules/websites/tools/tools/ympd.nix @@ -0,0 +1,35 @@ +{}: +let + ympd = rec { + config = { + webPort = "localhost:18001"; + mpd = { + host = "malige.home.immae.eu"; + port = 6600; + }; + }; + apache = { + modules = [ + "proxy_wstunnel" + ]; + vhostConf = '' + + Use LDAPConnect + Require ldap-group cn=users,cn=mpd,ou=services,dc=immae,dc=eu + Require local + + + RedirectMatch permanent "^/mpd$" "/mpd/" + + ProxyPass http://${config.webPort}/ + ProxyPassReverse http://${config.webPort}/ + ProxyPreserveHost on + + + ProxyPass ws://${config.webPort}/ws + + ''; + }; + }; +in + ympd -- cgit v1.2.3