modules/private/websites/papa/surveillance.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

{ lib, pkgs, config, myconfig,  ... }:
let
  cfg = config.myServices.websites.papa.surveillance;
  varDir = "/var/lib/ftp/papa";
in {
  options.myServices.websites.papa.surveillance.enable = lib.mkEnableOption "enable Papa surveillance's website";

  config = lib.mkIf cfg.enable {
    security.acme.certs."ftp".extraDomains."surveillance.maison.bbc.bouya.org" = null;

    services.cron = {
      systemCronJobs = let
        script = pkgs.writeScript "cleanup-papa" ''
          #!${pkgs.stdenv.shell}
          d=$(date -d "7 days ago" +%Y%m%d)
          for i in /var/lib/ftp/papa/*/20[0-9][0-9][0-9][0-9][0-9][0-9]; do
            if [ "$d" -gt $(basename $i) ]; then
              rm -rf "$i"
            fi
          done
          '';
      in
        [
        ''
          0 6 * * * wwwrun ${script}
        ''
      ];
    };

    services.websites.production.vhostConfs.papa = {
      certName     = "papa";
      certMainHost = "surveillance.maison.bbc.bouya.org";
      hosts        = [ "surveillance.maison.bbc.bouya.org" ];
      root         = varDir;
      extraConfig  = [
        ''
        Use Apaxy "${varDir}" "title .duplicity-ignore"
        <Directory ${varDir}>
          Use LDAPConnect
          Options Indexes
          AllowOverride None
          Require ldap-group   cn=surveillance.maison.bbc.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
        </Directory>
          ''
      ];
    };
  };
}