blob: fd54f5e0d86708383b6972b3684dcf2b28e534ab (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
{ lib, pkgs, config, ... }:
let
cfg = config.myServices.websites.immae.temp;
varDir = "/var/lib/immae_temp";
env = config.myEnv.websites.immae.temp;
in {
options.myServices.websites.immae.temp.enable = lib.mkEnableOption "enable Temp' website";
config = lib.mkIf cfg.enable {
services.duplyBackup.profiles.immae_temp.rootDir = varDir;
services.duplyBackup.profiles.immae_temp_surfer.rootDir = "/var/lib/surfer";
services.websites.env.production.vhostConfs.immae_temp = {
certName = "immae";
addToCerts = true;
hosts = [ "temp.immae.eu" ];
root = null;
extraConfig = [ ''
ProxyVia On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / unix:///run/surfer/listen.sock|http://temp.immae.eu/
ProxyPassReverse / unix:///run/surfer/listen.sock|http://temp.immae.eu/
<Proxy *>
Options FollowSymLinks MultiViews
AllowOverride None
Require all granted
</Proxy>
'' ];
};
secrets.keys = [
{
dest = "webapps/surfer";
permissions = "0400";
user = "wwwrun";
group = "wwwrun";
text = ''
CLOUDRON_LDAP_URL=ldaps://${env.ldap.host}
CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
TOKENSTORE_FILE=/var/lib/surfer/tokens.json
CLOUDRON_LDAP_BIND_DN=${env.ldap.dn}
CLOUDRON_LDAP_BIND_PASSWORD=${env.ldap.password}
CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base}
CLOUDRON_LDAP_FILTER="${env.ldap.filter}"
LISTEN=/run/surfer/listen.sock
'';
}
];
systemd.services.surfer = {
description = "Surfer";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
script = ''
exec ${pkgs.webapps.surfer}/bin/surfer-server ${varDir}
'';
serviceConfig = {
EnvironmentFile = "/var/secrets/webapps/surfer";
User = "wwwrun";
Group = "wwwrun";
StateDirectory = "surfer";
RuntimeDirectory = "surfer";
Type = "simple";
};
};
};
}
|
