1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
{ lib, pkgs, config, mylibs, ... }:
let
cfg = config.services.myWebsites;
in
{
imports = [
./websites/chloe.nix
./websites/ludivine.nix
./websites/aten.nix
./websites/piedsjaloux.nix
./websites/connexionswing.nix
];
options.services.myWebsites = {
production = {
enable = lib.mkEnableOption "enable websites in production";
};
integration = {
enable = lib.mkEnableOption "enable websites in integration";
};
apacheConfig = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule {
options = {
modules = lib.mkOption {
type = lib.types.listOf (lib.types.str);
default = [];
};
extraConfig = lib.mkOption {
type = lib.types.nullOr lib.types.lines;
default = null;
};
};
});
default = {};
description = "Extra global config";
};
};
config = {
services.myWebsites.Chloe.production.enable = cfg.production.enable;
services.myWebsites.Ludivine.production.enable = cfg.production.enable;
services.myWebsites.Aten.production.enable = cfg.production.enable;
services.myWebsites.PiedsJaloux.production.enable = cfg.production.enable;
services.myWebsites.Connexionswing.production.enable = cfg.production.enable;
services.myWebsites.Chloe.integration.enable = cfg.integration.enable;
services.myWebsites.Ludivine.integration.enable = cfg.integration.enable;
services.myWebsites.Aten.integration.enable = cfg.integration.enable;
services.myWebsites.PiedsJaloux.integration.enable = cfg.integration.enable;
services.myWebsites.Connexionswing.integration.enable = cfg.integration.enable;
services.myWebsites.apacheConfig = {
gzip = {
modules = [ "deflate" "filter" ];
extraConfig = ''
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
'';
};
macros = {
modules = [ "macro" ];
};
ldap = {
modules = [ "ldap" "authnz_ldap" ];
# FIXME: starttls
extraConfig = assert mylibs.checkEnv "NIXOPS_HTTP_LDAP_PASSWORD"; ''
<IfModule ldap_module>
LDAPSharedCacheSize 500000
LDAPCacheEntries 1024
LDAPCacheTTL 600
LDAPOpCacheEntries 1024
LDAPOpCacheTTL 600
</IfModule>
<Macro LDAPConnect>
<IfModule authnz_ldap_module>
AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu STARTTLS
AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu
AuthLDAPBindPassword "${builtins.getEnv "NIXOPS_HTTP_LDAP_PASSWORD"}"
AuthType Basic
AuthName "Authentification requise (Acces LDAP)"
AuthBasicProvider ldap
</IfModule>
</Macro>
<Macro Stats %{domain}>
Alias /awstats /var/lib/goaccess/%{domain}
<Directory /var/lib/goaccess/%{domain}>
DirectoryIndex index.html
AllowOverride None
Require all granted
</Directory>
<Location /awstats>
Use LDAPConnect
Require ldap-group cn=%{domain},ou=stats,cn=httpd,ou=services,dc=immae,dc=eu
</Location>
</Macro>
'';
};
http2 = {
modules = [ "http2" ];
extraConfig = ''
Protocols h2 http/1.1
'';
};
customLog = {
extraConfig = ''
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedVhost
'';
};
};
};
}
|
