summaryrefslogtreecommitdiff
path: root/modules/private/websites/tools/tools
diff options
context:
space:
mode:
Diffstat (limited to 'modules/private/websites/tools/tools')
-rw-r--r--modules/private/websites/tools/tools/adminer.nix47
-rw-r--r--modules/private/websites/tools/tools/default.nix302
-rw-r--r--modules/private/websites/tools/tools/dokuwiki.nix61
-rw-r--r--modules/private/websites/tools/tools/kanboard.nix86
-rw-r--r--modules/private/websites/tools/tools/ldap.nix74
-rw-r--r--modules/private/websites/tools/tools/rainloop.nix59
-rw-r--r--modules/private/websites/tools/tools/rompr.nix77
-rw-r--r--modules/private/websites/tools/tools/roundcubemail.nix121
-rw-r--r--modules/private/websites/tools/tools/shaarli.nix65
-rw-r--r--modules/private/websites/tools/tools/ttrss.nix131
-rw-r--r--modules/private/websites/tools/tools/wallabag.nix148
-rw-r--r--modules/private/websites/tools/tools/ympd.nix40
-rw-r--r--modules/private/websites/tools/tools/yourls.nix93
13 files changed, 1304 insertions, 0 deletions
diff --git a/modules/private/websites/tools/tools/adminer.nix b/modules/private/websites/tools/tools/adminer.nix
new file mode 100644
index 00000000..cd51e7fe
--- /dev/null
+++ b/modules/private/websites/tools/tools/adminer.nix
@@ -0,0 +1,47 @@
1{ adminer }:
2rec {
3 activationScript = {
4 deps = [ "httpd" ];
5 text = ''
6 install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/adminer
7 install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/tmp/adminer
8 '';
9 };
10 webRoot = adminer;
11 phpFpm = rec {
12 socket = "/var/run/phpfpm/adminer.sock";
13 pool = ''
14 listen = ${socket}
15 user = ${apache.user}
16 group = ${apache.group}
17 listen.owner = ${apache.user}
18 listen.group = ${apache.group}
19 pm = ondemand
20 pm.max_children = 5
21 pm.process_idle_timeout = 60
22 ;php_admin_flag[log_errors] = on
23 ; Needed to avoid clashes in browser cookies (same domain)
24 php_value[session.name] = AdminerPHPSESSID
25 php_admin_value[open_basedir] = "${webRoot}:/tmp:/var/lib/php/sessions/adminer:/var/lib/php/tmp/adminer"
26 php_admin_value[session.save_path] = "/var/lib/php/sessions/adminer"
27 php_admin_value[upload_tmp_dir] = "/var/lib/php/tmp/adminer"
28 '';
29 };
30 apache = rec {
31 user = "wwwrun";
32 group = "wwwrun";
33 modules = [ "proxy_fcgi" ];
34 webappName = "_adminer";
35 root = "/run/current-system/webapps/${webappName}";
36 vhostConf = ''
37 Alias /adminer ${root}
38 <Directory ${root}>
39 DirectoryIndex index.php
40 Require all granted
41 <FilesMatch "\.php$">
42 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
43 </FilesMatch>
44 </Directory>
45 '';
46 };
47}
diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix
new file mode 100644
index 00000000..94a2be16
--- /dev/null
+++ b/modules/private/websites/tools/tools/default.nix
@@ -0,0 +1,302 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 adminer = pkgs.callPackage ./adminer.nix {
4 inherit (pkgs.webapps) adminer;
5 };
6 ympd = pkgs.callPackage ./ympd.nix {
7 env = myconfig.env.tools.ympd;
8 };
9 ttrss = pkgs.callPackage ./ttrss.nix {
10 inherit (pkgs.webapps) ttrss ttrss-plugins;
11 env = myconfig.env.tools.ttrss;
12 };
13 roundcubemail = pkgs.callPackage ./roundcubemail.nix {
14 inherit (pkgs.webapps) roundcubemail roundcubemail-plugins roundcubemail-skins;
15 env = myconfig.env.tools.roundcubemail;
16 };
17 rainloop = pkgs.callPackage ./rainloop.nix {};
18 kanboard = pkgs.callPackage ./kanboard.nix {
19 env = myconfig.env.tools.kanboard;
20 };
21 wallabag = pkgs.callPackage ./wallabag.nix {
22 inherit (pkgs.webapps) wallabag;
23 env = myconfig.env.tools.wallabag;
24 };
25 yourls = pkgs.callPackage ./yourls.nix {
26 inherit (pkgs.webapps) yourls yourls-plugins;
27 env = myconfig.env.tools.yourls;
28 };
29 rompr = pkgs.callPackage ./rompr.nix {
30 inherit (pkgs.webapps) rompr;
31 env = myconfig.env.tools.rompr;
32 };
33 shaarli = pkgs.callPackage ./shaarli.nix {
34 env = myconfig.env.tools.shaarli;
35 };
36 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
37 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
38 };
39 ldap = pkgs.callPackage ./ldap.nix {
40 inherit (pkgs.webapps) phpldapadmin;
41 env = myconfig.env.tools.phpldapadmin;
42 };
43
44 cfg = config.myServices.websites.tools.tools;
45in {
46 options.myServices.websites.tools.tools = {
47 enable = lib.mkEnableOption "enable tools website";
48 };
49
50 config = lib.mkIf cfg.enable {
51 secrets.keys =
52 kanboard.keys
53 ++ ldap.keys
54 ++ roundcubemail.keys
55 ++ shaarli.keys
56 ++ ttrss.keys
57 ++ wallabag.keys
58 ++ yourls.keys;
59
60 services.websites.integration.modules =
61 rainloop.apache.modules;
62
63 services.websites.tools.modules =
64 [ "proxy_fcgi" ]
65 ++ adminer.apache.modules
66 ++ ympd.apache.modules
67 ++ ttrss.apache.modules
68 ++ roundcubemail.apache.modules
69 ++ wallabag.apache.modules
70 ++ yourls.apache.modules
71 ++ rompr.apache.modules
72 ++ shaarli.apache.modules
73 ++ dokuwiki.apache.modules
74 ++ ldap.apache.modules
75 ++ kanboard.apache.modules;
76
77 services.websites.integration.vhostConfs.devtools = {
78 certName = "eldiron";
79 addToCerts = true;
80 hosts = ["devtools.immae.eu" ];
81 root = "/var/lib/ftp/devtools.immae.eu";
82 extraConfig = [
83 ''
84 <Directory "/var/lib/ftp/devtools.immae.eu">
85 DirectoryIndex index.php index.htm index.html
86 AllowOverride all
87 Require all granted
88 <FilesMatch "\.php$">
89 SetHandler "proxy:unix:/var/run/phpfpm/devtools.sock|fcgi://localhost"
90 </FilesMatch>
91 </Directory>
92 ''
93 rainloop.apache.vhostConf
94 ];
95 };
96
97 services.websites.tools.vhostConfs.tools = {
98 certName = "eldiron";
99 addToCerts = true;
100 hosts = ["tools.immae.eu" ];
101 root = "/var/lib/ftp/tools.immae.eu";
102 extraConfig = [
103 ''
104 <Directory "/var/lib/ftp/tools.immae.eu">
105 DirectoryIndex index.php index.htm index.html
106 AllowOverride all
107 Require all granted
108 <FilesMatch "\.php$">
109 SetHandler "proxy:unix:/var/run/phpfpm/tools.sock|fcgi://localhost"
110 </FilesMatch>
111 </Directory>
112 ''
113 adminer.apache.vhostConf
114 ympd.apache.vhostConf
115 ttrss.apache.vhostConf
116 roundcubemail.apache.vhostConf
117 wallabag.apache.vhostConf
118 yourls.apache.vhostConf
119 rompr.apache.vhostConf
120 shaarli.apache.vhostConf
121 dokuwiki.apache.vhostConf
122 ldap.apache.vhostConf
123 kanboard.apache.vhostConf
124 ];
125 };
126
127 services.websites.tools.vhostConfs.outils = {
128 certName = "eldiron";
129 addToCerts = true;
130 hosts = [ "outils.immae.eu" ];
131 root = null;
132 extraConfig = [
133 ''
134 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
135
136 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
137
138 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
139 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
140
141 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
142 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
143 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
144 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
145
146 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
147
148 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
149 ''
150 ];
151 };
152
153 systemd.services = {
154 phpfpm-dokuwiki = {
155 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
156 wants = dokuwiki.phpFpm.serviceDeps;
157 };
158 phpfpm-kanboard = {
159 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
160 wants = kanboard.phpFpm.serviceDeps;
161 };
162 phpfpm-ldap = {
163 after = lib.mkAfter ldap.phpFpm.serviceDeps;
164 wants = ldap.phpFpm.serviceDeps;
165 };
166 phpfpm-rainloop = {
167 after = lib.mkAfter rainloop.phpFpm.serviceDeps;
168 wants = rainloop.phpFpm.serviceDeps;
169 };
170 phpfpm-roundcubemail = {
171 after = lib.mkAfter roundcubemail.phpFpm.serviceDeps;
172 wants = roundcubemail.phpFpm.serviceDeps;
173 };
174 phpfpm-shaarli = {
175 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
176 wants = shaarli.phpFpm.serviceDeps;
177 };
178 phpfpm-ttrss = {
179 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
180 wants = ttrss.phpFpm.serviceDeps;
181 };
182 phpfpm-wallabag = {
183 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
184 wants = wallabag.phpFpm.serviceDeps;
185 preStart = lib.mkAfter wallabag.phpFpm.preStart;
186 };
187 phpfpm-yourls = {
188 after = lib.mkAfter yourls.phpFpm.serviceDeps;
189 wants = yourls.phpFpm.serviceDeps;
190 };
191 ympd = {
192 description = "Standalone MPD Web GUI written in C";
193 wantedBy = [ "multi-user.target" ];
194 script = ''
195 export MPD_PASSWORD=$(cat /var/secrets/mpd)
196 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
197 '';
198 };
199 tt-rss = {
200 description = "Tiny Tiny RSS feeds update daemon";
201 serviceConfig = {
202 User = "wwwrun";
203 ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
204 StandardOutput = "syslog";
205 StandardError = "syslog";
206 PermissionsStartOnly = true;
207 };
208
209 wantedBy = [ "multi-user.target" ];
210 requires = ["postgresql.service"];
211 after = ["network.target" "postgresql.service"];
212 };
213 };
214
215 services.phpfpm.pools.roundcubemail = {
216 listen = roundcubemail.phpFpm.socket;
217 extraConfig = roundcubemail.phpFpm.pool;
218 phpOptions = config.services.phpfpm.phpOptions + roundcubemail.phpFpm.phpConfig;
219 };
220
221 services.phpfpm.pools.devtools = {
222 listen = "/var/run/phpfpm/devtools.sock";
223 extraConfig = ''
224 user = wwwrun
225 group = wwwrun
226 listen.owner = wwwrun
227 listen.group = wwwrun
228 pm = dynamic
229 pm.max_children = 60
230 pm.start_servers = 2
231 pm.min_spare_servers = 1
232 pm.max_spare_servers = 10
233
234 php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp"
235 '';
236 phpOptions = config.services.phpfpm.phpOptions + ''
237 extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
238 extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
239 zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
240 '';
241 };
242
243 services.phpfpm.poolConfigs = {
244 adminer = adminer.phpFpm.pool;
245 ttrss = ttrss.phpFpm.pool;
246 wallabag = wallabag.phpFpm.pool;
247 yourls = yourls.phpFpm.pool;
248 rompr = rompr.phpFpm.pool;
249 shaarli = shaarli.phpFpm.pool;
250 dokuwiki = dokuwiki.phpFpm.pool;
251 ldap = ldap.phpFpm.pool;
252 rainloop = rainloop.phpFpm.pool;
253 kanboard = kanboard.phpFpm.pool;
254 tools = ''
255 listen = /var/run/phpfpm/tools.sock
256 user = wwwrun
257 group = wwwrun
258 listen.owner = wwwrun
259 listen.group = wwwrun
260 pm = dynamic
261 pm.max_children = 60
262 pm.start_servers = 2
263 pm.min_spare_servers = 1
264 pm.max_spare_servers = 10
265
266 ; Needed to avoid clashes in browser cookies (same domain)
267 php_value[session.name] = ToolsPHPSESSID
268 php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
269 '';
270 };
271
272 system.activationScripts = {
273 adminer = adminer.activationScript;
274 ttrss = ttrss.activationScript;
275 roundcubemail = roundcubemail.activationScript;
276 wallabag = wallabag.activationScript;
277 yourls = yourls.activationScript;
278 rompr = rompr.activationScript;
279 shaarli = shaarli.activationScript;
280 dokuwiki = dokuwiki.activationScript;
281 rainloop = rainloop.activationScript;
282 kanboard = kanboard.activationScript;
283 ldap = ldap.activationScript;
284 };
285
286 myServices.websites.webappDirs = {
287 _adminer = adminer.webRoot;
288 "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
289 "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
290 "${rompr.apache.webappName}" = rompr.webRoot;
291 "${roundcubemail.apache.webappName}" = roundcubemail.webRoot;
292 "${shaarli.apache.webappName}" = shaarli.webRoot;
293 "${ttrss.apache.webappName}" = ttrss.webRoot;
294 "${wallabag.apache.webappName}" = wallabag.webRoot;
295 "${yourls.apache.webappName}" = yourls.webRoot;
296 "${rainloop.apache.webappName}" = rainloop.webRoot;
297 "${kanboard.apache.webappName}" = kanboard.webRoot;
298 };
299
300 };
301}
302
diff --git a/modules/private/websites/tools/tools/dokuwiki.nix b/modules/private/websites/tools/tools/dokuwiki.nix
new file mode 100644
index 00000000..c61d15f2
--- /dev/null
+++ b/modules/private/websites/tools/tools/dokuwiki.nix
@@ -0,0 +1,61 @@
1{ lib, stdenv, dokuwiki, dokuwiki-plugins }:
2rec {
3 varDir = "/var/lib/dokuwiki";
4 activationScript = {
5 deps = [ "wrappers" ];
6 text = ''
7 if [ ! -d ${varDir} ]; then
8 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
9 ${varDir}/animals
10 cp -a ${webRoot}/conf.dist ${varDir}/conf
11 cp -a ${webRoot}/data.dist ${varDir}/data
12 cp -a ${webRoot}/
13 chown -R ${apache.user}:${apache.user} ${varDir}/config ${varDir}/data
14 chmod -R 755 ${varDir}/config ${varDir}/data
15 fi
16 install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
17 '';
18 };
19 webRoot = dokuwiki.withPlugins (builtins.attrValues dokuwiki-plugins);
20 apache = rec {
21 user = "wwwrun";
22 group = "wwwrun";
23 modules = [ "proxy_fcgi" ];
24 webappName = "tools_dokuwiki";
25 root = "/run/current-system/webapps/${webappName}";
26 vhostConf = ''
27 Alias /dokuwiki "${root}"
28 <Directory "${root}">
29 DirectoryIndex index.php
30 <FilesMatch "\.php$">
31 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
32 </FilesMatch>
33
34 AllowOverride All
35 Options +FollowSymlinks
36 Require all granted
37 </Directory>
38 '';
39 };
40 phpFpm = rec {
41 serviceDeps = [ "openldap.service" ];
42 basedir = builtins.concatStringsSep ":" (
43 [ webRoot varDir ] ++ webRoot.plugins);
44 socket = "/var/run/phpfpm/dokuwiki.sock";
45 pool = ''
46 listen = ${socket}
47 user = ${apache.user}
48 group = ${apache.group}
49 listen.owner = ${apache.user}
50 listen.group = ${apache.group}
51 pm = ondemand
52 pm.max_children = 60
53 pm.process_idle_timeout = 60
54
55 ; Needed to avoid clashes in browser cookies (same domain)
56 php_value[session.name] = DokuwikiPHPSESSID
57 php_admin_value[open_basedir] = "${basedir}:/tmp"
58 php_admin_value[session.save_path] = "${varDir}/phpSessions"
59 '';
60 };
61}
diff --git a/modules/private/websites/tools/tools/kanboard.nix b/modules/private/websites/tools/tools/kanboard.nix
new file mode 100644
index 00000000..68f92b81
--- /dev/null
+++ b/modules/private/websites/tools/tools/kanboard.nix
@@ -0,0 +1,86 @@
1{ env, kanboard }:
2rec {
3 varDir = "/var/lib/kanboard";
4 activationScript = {
5 deps = [ "wrappers" ];
6 text = ''
7 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}/data
8 install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
9 install -TDm644 ${webRoot}/dataold/.htaccess ${varDir}/data/.htaccess
10 install -TDm644 ${webRoot}/dataold/web.config ${varDir}/data/web.config
11 '';
12 };
13 keys = [{
14 dest = "webapps/tools-kanboard";
15 user = apache.user;
16 group = apache.group;
17 permissions = "0400";
18 text = ''
19 <?php
20 define('MAIL_FROM', 'kanboard@tools.immae.eu');
21
22 define('DB_DRIVER', 'postgres');
23 define('DB_USERNAME', '${env.postgresql.user}');
24 define('DB_PASSWORD', '${env.postgresql.password}');
25 define('DB_HOSTNAME', '${env.postgresql.socket}');
26 define('DB_NAME', '${env.postgresql.database}');
27
28 define('DATA_DIR', '${varDir}');
29 define('LDAP_AUTH', true);
30 define('LDAP_SERVER', '${env.ldap.host}');
31 define('LDAP_START_TLS', true);
32
33 define('LDAP_BIND_TYPE', 'proxy');
34 define('LDAP_USERNAME', '${env.ldap.dn}');
35 define('LDAP_PASSWORD', '${env.ldap.password}');
36 define('LDAP_USER_BASE_DN', '${env.ldap.base}');
37 define('LDAP_USER_FILTER', '(&(memberOf=cn=users,cn=kanboard,ou=services,dc=immae,dc=eu)(uid=%s))');
38 define('LDAP_GROUP_ADMIN_DN', 'cn=admins,cn=kanboard,ou=services,dc=immae,dc=eu');
39 ?>
40 '';
41 }];
42 webRoot = kanboard { kanboard_config = "/var/secrets/webapps/tools-kanboard"; };
43 apache = rec {
44 user = "wwwrun";
45 group = "wwwrun";
46 modules = [ "proxy_fcgi" ];
47 webappName = "tools_kanboard";
48 root = "/run/current-system/webapps/${webappName}";
49 vhostConf = ''
50 Alias /kanboard "${root}"
51 <Directory "${root}">
52 DirectoryIndex index.php
53 AllowOverride All
54 Options FollowSymlinks
55 Require all granted
56
57 <FilesMatch "\.php$">
58 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
59 </FilesMatch>
60 </Directory>
61 <DirectoryMatch "${root}/data">
62 Require all denied
63 </DirectoryMatch>
64 '';
65 };
66 phpFpm = rec {
67 serviceDeps = [ "postgresql.service" "openldap.service" ];
68 basedir = builtins.concatStringsSep ":" [ webRoot varDir "/var/secrets/webapps/tools-kanboard" ];
69 socket = "/var/run/phpfpm/kanboard.sock";
70 pool = ''
71 listen = ${socket}
72 user = ${apache.user}
73 group = ${apache.group}
74 listen.owner = ${apache.user}
75 listen.group = ${apache.group}
76 pm = ondemand
77 pm.max_children = 60
78 pm.process_idle_timeout = 60
79
80 ; Needed to avoid clashes in browser cookies (same domain)
81 php_value[session.name] = KanboardPHPSESSID
82 php_admin_value[open_basedir] = "${basedir}:/tmp"
83 php_admin_value[session.save_path] = "${varDir}/phpSessions"
84 '';
85 };
86}
diff --git a/modules/private/websites/tools/tools/ldap.nix b/modules/private/websites/tools/tools/ldap.nix
new file mode 100644
index 00000000..4585ee3c
--- /dev/null
+++ b/modules/private/websites/tools/tools/ldap.nix
@@ -0,0 +1,74 @@
1{ lib, php, env, writeText, phpldapadmin }:
2rec {
3 activationScript = {
4 deps = [ "httpd" ];
5 text = ''
6 install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/phpldapadmin
7 '';
8 };
9 keys = [{
10 dest = "webapps/tools-ldap";
11 user = apache.user;
12 group = apache.group;
13 permissions = "0400";
14 text = ''
15 <?php
16 $config->custom->appearance['show_clear_password'] = true;
17 $config->custom->appearance['hide_template_warning'] = true;
18 $config->custom->appearance['theme'] = "tango";
19 $config->custom->appearance['minimalMode'] = true;
20
21 $servers = new Datastore();
22
23 $servers->newServer('ldap_pla');
24 $servers->setValue('server','name','Immae&#x2019;s LDAP');
25 $servers->setValue('server','host','ldaps://${env.ldap.host}');
26 $servers->setValue('login','auth_type','cookie');
27 $servers->setValue('login','bind_id','${env.ldap.dn}');
28 $servers->setValue('login','bind_pass','${env.ldap.password}');
29 $servers->setValue('appearance','password_hash','ssha');
30 $servers->setValue('login','attr','uid');
31 $servers->setValue('login','fallback_dn',true);
32 '';
33 }];
34 webRoot = phpldapadmin.override { config = "/var/secrets/webapps/tools-ldap"; };
35 apache = rec {
36 user = "wwwrun";
37 group = "wwwrun";
38 modules = [ "proxy_fcgi" ];
39 webappName = "tools_ldap";
40 root = "/run/current-system/webapps/${webappName}";
41 vhostConf = ''
42 Alias /ldap "${root}"
43 <Directory "${root}">
44 DirectoryIndex index.php
45 <FilesMatch "\.php$">
46 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
47 </FilesMatch>
48
49 AllowOverride None
50 Require all granted
51 </Directory>
52 '';
53 };
54 phpFpm = rec {
55 serviceDeps = [ "openldap.service" ];
56 basedir = builtins.concatStringsSep ":" [ webRoot "/var/secrets/webapps/tools-ldap" ];
57 socket = "/var/run/phpfpm/ldap.sock";
58 pool = ''
59 listen = ${socket}
60 user = ${apache.user}
61 group = ${apache.group}
62 listen.owner = ${apache.user}
63 listen.group = ${apache.group}
64 pm = ondemand
65 pm.max_children = 60
66 pm.process_idle_timeout = 60
67
68 ; Needed to avoid clashes in browser cookies (same domain)
69 php_value[session.name] = LdapPHPSESSID
70 php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/phpldapadmin"
71 php_admin_value[session.save_path] = "/var/lib/php/sessions/phpldapadmin"
72 '';
73 };
74}
diff --git a/modules/private/websites/tools/tools/rainloop.nix b/modules/private/websites/tools/tools/rainloop.nix
new file mode 100644
index 00000000..dbf0f248
--- /dev/null
+++ b/modules/private/websites/tools/tools/rainloop.nix
@@ -0,0 +1,59 @@
1{ lib, pkgs, writeText, stdenv, fetchurl }:
2rec {
3 varDir = "/var/lib/rainloop";
4 activationScript = {
5 deps = [ "wrappers" ];
6 text = ''
7 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}
8 install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
9 install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/data
10 '';
11 };
12 webRoot = pkgs.rainloop-community.override { dataPath = "${varDir}/data"; };
13 apache = rec {
14 user = "wwwrun";
15 group = "wwwrun";
16 modules = [ "proxy_fcgi" ];
17 webappName = "tools_rainloop";
18 root = "/run/current-system/webapps/${webappName}";
19 vhostConf = ''
20 Alias /rainloop "${root}"
21 <Directory "${root}">
22 DirectoryIndex index.php
23 AllowOverride All
24 Options -FollowSymlinks
25 Require all granted
26
27 <FilesMatch "\.php$">
28 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
29 </FilesMatch>
30 </Directory>
31
32 <DirectoryMatch "${root}/data">
33 Require all denied
34 </DirectoryMatch>
35 '';
36 };
37 phpFpm = rec {
38 serviceDeps = [ "postgresql.service" ];
39 basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
40 socket = "/var/run/phpfpm/rainloop.sock";
41 pool = ''
42 listen = ${socket}
43 user = ${apache.user}
44 group = ${apache.group}
45 listen.owner = ${apache.user}
46 listen.group = ${apache.group}
47 pm = ondemand
48 pm.max_children = 60
49 pm.process_idle_timeout = 60
50
51 ; Needed to avoid clashes in browser cookies (same domain)
52 php_value[session.name] = RainloopPHPSESSID
53 php_admin_value[upload_max_filesize] = 200M
54 php_admin_value[post_max_size] = 200M
55 php_admin_value[open_basedir] = "${basedir}:/tmp"
56 php_admin_value[session.save_path] = "${varDir}/phpSessions"
57 '';
58 };
59}
diff --git a/modules/private/websites/tools/tools/rompr.nix b/modules/private/websites/tools/tools/rompr.nix
new file mode 100644
index 00000000..fea59fc9
--- /dev/null
+++ b/modules/private/websites/tools/tools/rompr.nix
@@ -0,0 +1,77 @@
1{ lib, env, rompr }:
2rec {
3 varDir = "/var/lib/rompr";
4 activationScript = ''
5 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
6 ${varDir}/prefs ${varDir}/albumart ${varDir}/phpSessions
7 '';
8 webRoot = rompr;
9 apache = rec {
10 user = "wwwrun";
11 group = "wwwrun";
12 modules = [ "headers" "mime" "proxy_fcgi" ];
13 webappName = "tools_rompr";
14 root = "/run/current-system/webapps/${webappName}";
15 vhostConf = ''
16 Alias /rompr ${root}
17
18 <Directory ${root}>
19 Options Indexes FollowSymLinks
20 DirectoryIndex index.php
21 AllowOverride all
22 Require all granted
23 Order allow,deny
24 Allow from all
25 ErrorDocument 404 /rompr/404.php
26 AddType image/x-icon .ico
27
28 <FilesMatch "\.php$">
29 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
30 </FilesMatch>
31 </Directory>
32
33 <Directory ${root}/albumart/small>
34 Header Set Cache-Control "max-age=0, no-store"
35 Header Set Cache-Control "no-cache, must-revalidate"
36 </Directory>
37
38 <Directory ${root}/albumart/asdownloaded>
39 Header Set Cache-Control "max-age=0, no-store"
40 Header Set Cache-Control "no-cache, must-revalidate"
41 </Directory>
42
43 <LocationMatch "^/rompr">
44 Use LDAPConnect
45 Require ldap-group cn=users,cn=mpd,ou=services,dc=immae,dc=eu
46 </LocationMatch>
47 '';
48 };
49 phpFpm = rec {
50 basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
51 socket = "/var/run/phpfpm/rompr.sock";
52 pool = ''
53 listen = ${socket}
54 user = ${apache.user}
55 group = ${apache.group}
56 listen.owner = ${apache.user}
57 listen.group = ${apache.group}
58 pm = ondemand
59 pm.max_children = 60
60 pm.process_idle_timeout = 60
61
62 ; Needed to avoid clashes in browser cookies (same domain)
63 php_value[session.name] = RomprPHPSESSID
64 php_admin_value[open_basedir] = "${basedir}:/tmp"
65 php_admin_value[session.save_path] = "${varDir}/phpSessions"
66 php_flag[magic_quotes_gpc] = Off
67 php_flag[track_vars] = On
68 php_flag[register_globals] = Off
69 php_admin_flag[allow_url_fopen] = On
70 php_value[include_path] = ${webRoot}
71 php_admin_value[upload_tmp_dir] = "${varDir}/prefs"
72 php_admin_value[post_max_size] = 32M
73 php_admin_value[upload_max_filesize] = 32M
74 php_admin_value[memory_limit] = 256M
75 '';
76 };
77}
diff --git a/modules/private/websites/tools/tools/roundcubemail.nix b/modules/private/websites/tools/tools/roundcubemail.nix
new file mode 100644
index 00000000..8974d1bb
--- /dev/null
+++ b/modules/private/websites/tools/tools/roundcubemail.nix
@@ -0,0 +1,121 @@
1{ env, roundcubemail, roundcubemail-plugins, roundcubemail-skins, phpPackages, apacheHttpd }:
2rec {
3 varDir = "/var/lib/roundcubemail";
4 activationScript = {
5 deps = [ "wrappers" ];
6 text = ''
7 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
8 ${varDir}/cache ${varDir}/logs
9 install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
10 '';
11 };
12 keys = [{
13 dest = "webapps/tools-roundcube";
14 user = apache.user;
15 group = apache.group;
16 permissions = "0400";
17 text = ''
18 <?php
19 $config['db_dsnw'] = '${env.psql_url}';
20 $config['default_host'] = 'ssl://mail.immae.eu';
21 $config['imap_conn_options'] = array("ssl" => array("verify_peer" => false));
22 $config['smtp_server'] = 'tls://mail.immae.eu';
23 $config['smtp_port'] = '25';
24 $config['managesieve_host'] = 'mail.immae.eu';
25 $config['managesieve_port'] = '4190';
26 $config['managesieve_usetls'] = true;
27 $config['managesieve_conn_options'] = array("ssl" => array("verify_peer" => false));
28
29 $config['imap_cache'] = 'db';
30 $config['messages_cache'] = 'db';
31
32 $config['support_url'] = ''';
33
34 $config['des_key'] = '${env.secret}';
35
36 $config['skin'] = 'elastic';
37 $config['plugins'] = array(
38 'attachment_reminder',
39 'emoticons',
40 'filesystem_attachments',
41 'hide_blockquote',
42 'identicon',
43 'identity_select',
44 'jqueryui',
45 'managesieve',
46 'newmail_notifier',
47 'vcard_attachments',
48 'zipdownload',
49
50 'automatic_addressbook',
51 'message_highlight',
52 'carddav',
53 // Ne marche pas ?: 'ident_switch',
54 // Ne marche pas ?: 'thunderbird_labels',
55 );
56
57 $config['language'] = 'fr_FR';
58
59 $config['drafts_mbox'] = 'Mail/Drafts';
60 $config['junk_mbox'] = 'Mail/Spam';
61 $config['sent_mbox'] = 'Mail/sent';
62 $config['trash_mbox'] = ''';
63 $config['default_folders'] = array('INBOX', 'Mail/Drafts', 'Mail/sent', 'Mail/Spam', ''');
64 $config['draft_autosave'] = 60;
65 $config['enable_installer'] = false;
66 $config['log_driver'] = 'file';
67 $config['temp_dir'] = '${varDir}/cache';
68 $config['mime_types'] = '${apacheHttpd}/conf/mime.types';
69 '';
70 }];
71 webRoot = (roundcubemail.override { roundcube_config = "/var/secrets/webapps/tools-roundcube"; }).withPlugins
72 (builtins.attrValues roundcubemail-plugins) (builtins.attrValues roundcubemail-skins);
73 apache = rec {
74 user = "wwwrun";
75 group = "wwwrun";
76 modules = [ "proxy_fcgi" ];
77 webappName = "tools_roundcubemail";
78 root = "/run/current-system/webapps/${webappName}";
79 vhostConf = ''
80 Alias /roundcube "${root}"
81 <Directory "${root}">
82 DirectoryIndex index.php
83 AllowOverride All
84 Options FollowSymlinks
85 Require all granted
86
87 <FilesMatch "\.php$">
88 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
89 </FilesMatch>
90 </Directory>
91 '';
92 };
93 phpFpm = rec {
94 serviceDeps = [ "postgresql.service" ];
95 basedir = builtins.concatStringsSep ":" (
96 [ webRoot "/var/secrets/webapps/tools-roundcube" varDir ]
97 ++ webRoot.plugins
98 ++ webRoot.skins);
99 phpConfig = ''
100 date.timezone = 'CET'
101 extension=${phpPackages.imagick}/lib/php/extensions/imagick.so
102 '';
103 socket = "/var/run/phpfpm/roundcubemail.sock";
104 pool = ''
105 user = ${apache.user}
106 group = ${apache.group}
107 listen.owner = ${apache.user}
108 listen.group = ${apache.group}
109 pm = ondemand
110 pm.max_children = 60
111 pm.process_idle_timeout = 60
112
113 ; Needed to avoid clashes in browser cookies (same domain)
114 php_value[session.name] = RoundcubemailPHPSESSID
115 php_admin_value[upload_max_filesize] = 200M
116 php_admin_value[post_max_size] = 200M
117 php_admin_value[open_basedir] = "${basedir}:${apacheHttpd}/conf/mime.types:/tmp"
118 php_admin_value[session.save_path] = "${varDir}/phpSessions"
119 '';
120 };
121}
diff --git a/modules/private/websites/tools/tools/shaarli.nix b/modules/private/websites/tools/tools/shaarli.nix
new file mode 100644
index 00000000..2e89a473
--- /dev/null
+++ b/modules/private/websites/tools/tools/shaarli.nix
@@ -0,0 +1,65 @@
1{ lib, env, stdenv, fetchurl, shaarli }:
2let
3 varDir = "/var/lib/shaarli";
4in rec {
5 activationScript = ''
6 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
7 ${varDir}/cache ${varDir}/pagecache ${varDir}/tmp ${varDir}/data \
8 ${varDir}/phpSessions
9 '';
10 webRoot = shaarli varDir;
11 apache = rec {
12 user = "wwwrun";
13 group = "wwwrun";
14 modules = [ "proxy_fcgi" "rewrite" "env" ];
15 webappName = "tools_shaarli";
16 root = "/run/current-system/webapps/${webappName}";
17 vhostConf = ''
18 Alias /Shaarli "${root}"
19
20 Include /var/secrets/webapps/tools-shaarli
21 <Directory "${root}">
22 DirectoryIndex index.php index.htm index.html
23 Options Indexes FollowSymLinks MultiViews Includes
24 AllowOverride All
25 Require all granted
26 <FilesMatch "\.php$">
27 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
28 </FilesMatch>
29 </Directory>
30 '';
31 };
32 keys = [{
33 dest = "webapps/tools-shaarli";
34 user = apache.user;
35 group = apache.group;
36 permissions = "0400";
37 text = ''
38 SetEnv SHAARLI_LDAP_PASSWORD "${env.ldap.password}"
39 SetEnv SHAARLI_LDAP_DN "${env.ldap.dn}"
40 SetEnv SHAARLI_LDAP_HOST "ldaps://${env.ldap.host}"
41 SetEnv SHAARLI_LDAP_BASE "${env.ldap.base}"
42 SetEnv SHAARLI_LDAP_FILTER "${env.ldap.search}"
43 '';
44 }];
45 phpFpm = rec {
46 serviceDeps = [ "openldap.service" ];
47 basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
48 socket = "/var/run/phpfpm/shaarli.sock";
49 pool = ''
50 listen = ${socket}
51 user = ${apache.user}
52 group = ${apache.group}
53 listen.owner = ${apache.user}
54 listen.group = ${apache.group}
55 pm = ondemand
56 pm.max_children = 60
57 pm.process_idle_timeout = 60
58
59 ; Needed to avoid clashes in browser cookies (same domain)
60 php_value[session.name] = ShaarliPHPSESSID
61 php_admin_value[open_basedir] = "${basedir}:/tmp"
62 php_admin_value[session.save_path] = "${varDir}/phpSessions"
63 '';
64 };
65}
diff --git a/modules/private/websites/tools/tools/ttrss.nix b/modules/private/websites/tools/tools/ttrss.nix
new file mode 100644
index 00000000..05c8cab0
--- /dev/null
+++ b/modules/private/websites/tools/tools/ttrss.nix
@@ -0,0 +1,131 @@
1{ php, env, ttrss, ttrss-plugins }:
2rec {
3 varDir = "/var/lib/ttrss";
4 activationScript = {
5 deps = [ "wrappers" ];
6 text = ''
7 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
8 ${varDir}/lock ${varDir}/cache ${varDir}/feed-icons
9 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}/cache/export/ \
10 ${varDir}/cache/feeds/ \
11 ${varDir}/cache/images/ \
12 ${varDir}/cache/js/ \
13 ${varDir}/cache/simplepie/ \
14 ${varDir}/cache/upload/
15 touch ${varDir}/feed-icons/index.html
16 install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
17 '';
18 };
19 keys = [{
20 dest = "webapps/tools-ttrss";
21 user = apache.user;
22 group = apache.group;
23 permissions = "0400";
24 text = ''
25 <?php
26
27 define('PHP_EXECUTABLE', '${php}/bin/php');
28
29 define('LOCK_DIRECTORY', 'lock');
30 define('CACHE_DIR', 'cache');
31 define('ICONS_DIR', 'feed-icons');
32 define('ICONS_URL', 'feed-icons');
33 define('SELF_URL_PATH', 'https://tools.immae.eu/ttrss/');
34
35 define('MYSQL_CHARSET', 'UTF8');
36
37 define('DB_TYPE', 'pgsql');
38 define('DB_HOST', '${env.postgresql.socket}');
39 define('DB_USER', '${env.postgresql.user}');
40 define('DB_NAME', '${env.postgresql.database}');
41 define('DB_PASS', '${env.postgresql.password}');
42 define('DB_PORT', '${env.postgresql.port}');
43
44 define('AUTH_AUTO_CREATE', true);
45 define('AUTH_AUTO_LOGIN', true);
46
47 define('SINGLE_USER_MODE', false);
48
49 define('SIMPLE_UPDATE_MODE', false);
50 define('CHECK_FOR_UPDATES', true);
51
52 define('FORCE_ARTICLE_PURGE', 0);
53 define('SESSION_COOKIE_LIFETIME', 60*60*24*120);
54 define('ENABLE_GZIP_OUTPUT', false);
55
56 define('PLUGINS', 'auth_ldap, note, instances');
57
58 define('LOG_DESTINATION', ''');
59 define('CONFIG_VERSION', 26);
60
61
62 define('SPHINX_SERVER', 'localhost:9312');
63 define('SPHINX_INDEX', 'ttrss, delta');
64
65 define('ENABLE_REGISTRATION', false);
66 define('REG_NOTIFY_ADDRESS', 'ttrss@tools.immae.eu');
67 define('REG_MAX_USERS', 10);
68
69 define('SMTP_FROM_NAME', 'Tiny Tiny RSS');
70 define('SMTP_FROM_ADDRESS', 'ttrss@tools.immae.eu');
71 define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');
72
73 define('LDAP_AUTH_SERVER_URI', 'ldap://ldap.immae.eu:389/');
74 define('LDAP_AUTH_USETLS', TRUE);
75 define('LDAP_AUTH_ALLOW_UNTRUSTED_CERT', TRUE);
76 define('LDAP_AUTH_BASEDN', 'dc=immae,dc=eu');
77 define('LDAP_AUTH_ANONYMOUSBEFOREBIND', FALSE);
78 define('LDAP_AUTH_SEARCHFILTER', '(&(memberOf=cn=users,cn=ttrss,ou=services,dc=immae,dc=eu)(|(cn=???)(uid=???)(&(uid:dn:=???)(ou=ttrss))))');
79
80 define('LDAP_AUTH_BINDDN', 'cn=ttrss,ou=services,dc=immae,dc=eu');
81 define('LDAP_AUTH_BINDPW', '${env.ldap.password}');
82 define('LDAP_AUTH_LOGIN_ATTRIB', 'immaeTtrssLogin');
83
84 define('LDAP_AUTH_LOG_ATTEMPTS', FALSE);
85 define('LDAP_AUTH_DEBUG', FALSE);
86 '';
87 }];
88 webRoot = (ttrss.override { ttrss_config = "/var/secrets/webapps/tools-ttrss"; }).withPlugins (builtins.attrValues ttrss-plugins);
89 apache = rec {
90 user = "wwwrun";
91 group = "wwwrun";
92 modules = [ "proxy_fcgi" ];
93 webappName = "tools_ttrss";
94 root = "/run/current-system/webapps/${webappName}";
95 vhostConf = ''
96 Alias /ttrss "${root}"
97 <Directory "${root}">
98 DirectoryIndex index.php
99 <FilesMatch "\.php$">
100 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
101 </FilesMatch>
102
103 AllowOverride All
104 Options FollowSymlinks
105 Require all granted
106 </Directory>
107 '';
108 };
109 phpFpm = rec {
110 serviceDeps = [ "postgresql.service" "openldap.service" ];
111 basedir = builtins.concatStringsSep ":" (
112 [ webRoot "/var/secrets/webapps/tools-ttrss" varDir ]
113 ++ webRoot.plugins);
114 socket = "/var/run/phpfpm/ttrss.sock";
115 pool = ''
116 listen = ${socket}
117 user = ${apache.user}
118 group = ${apache.group}
119 listen.owner = ${apache.user}
120 listen.group = ${apache.group}
121 pm = ondemand
122 pm.max_children = 60
123 pm.process_idle_timeout = 60
124
125 ; Needed to avoid clashes in browser cookies (same domain)
126 php_value[session.name] = TtrssPHPSESSID
127 php_admin_value[open_basedir] = "${basedir}:/tmp"
128 php_admin_value[session.save_path] = "${varDir}/phpSessions"
129 '';
130 };
131}
diff --git a/modules/private/websites/tools/tools/wallabag.nix b/modules/private/websites/tools/tools/wallabag.nix
new file mode 100644
index 00000000..d6e58828
--- /dev/null
+++ b/modules/private/websites/tools/tools/wallabag.nix
@@ -0,0 +1,148 @@
1{ env, wallabag }:
2rec {
3 varDir = "/var/lib/wallabag";
4 keys = [{
5 dest = "webapps/tools-wallabag";
6 user = apache.user;
7 group = apache.group;
8 permissions = "0400";
9 text = ''
10 # This file is auto-generated during the composer install
11 parameters:
12 database_driver: pdo_pgsql
13 database_driver_class: Wallabag\CoreBundle\Doctrine\DBAL\Driver\CustomPostgreSQLDriver
14 database_host: ${env.postgresql.socket}
15 database_port: ${env.postgresql.port}
16 database_name: ${env.postgresql.database}
17 database_user: ${env.postgresql.user}
18 database_password: ${env.postgresql.password}
19 database_path: null
20 database_table_prefix: wallabag_
21 database_socket: null
22 database_charset: utf8
23 domain_name: https://tools.immae.eu/wallabag
24 mailer_transport: sendmail
25 mailer_host: 127.0.0.1
26 mailer_user: null
27 mailer_password: null
28 locale: fr
29 secret: ${env.secret}
30 twofactor_auth: true
31 twofactor_sender: wallabag@tools.immae.eu
32 fosuser_registration: false
33 fosuser_confirmation: true
34 from_email: wallabag@tools.immae.eu
35 rss_limit: 50
36 rabbitmq_host: localhost
37 rabbitmq_port: 5672
38 rabbitmq_user: guest
39 rabbitmq_password: guest
40 rabbitmq_prefetch_count: 10
41 redis_scheme: unix
42 redis_host: null
43 redis_port: null
44 redis_path: ${env.redis.socket}
45 redis_password: null
46 sites_credentials: { }
47 ldap_enabled: true
48 ldap_host: ldap.immae.eu
49 ldap_port: 636
50 ldap_tls: false
51 ldap_ssl: true
52 ldap_bind_requires_dn: true
53 ldap_base: 'dc=immae,dc=eu'
54 ldap_manager_dn: 'cn=wallabag,ou=services,dc=immae,dc=eu'
55 ldap_manager_pw: ${env.ldap.password}
56 ldap_filter: '(&(memberOf=cn=users,cn=wallabag,ou=services,dc=immae,dc=eu))'
57 ldap_admin_filter: '(&(memberOf=cn=admins,cn=wallabag,ou=services,dc=immae,dc=eu)(uid=%s))'
58 ldap_username_attribute: uid
59 ldap_email_attribute: mail
60 ldap_name_attribute: cn
61 ldap_enabled_attribute: null
62 services:
63 swiftmailer.mailer.default.transport:
64 class: Swift_SendmailTransport
65 arguments: ['/run/wrappers/bin/sendmail -bs']
66 '';
67 }];
68 webappDir = wallabag.override { ldap = true; wallabag_config = "/var/secrets/webapps/tools-wallabag"; };
69 activationScript = ''
70 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
71 ${varDir}/var ${varDir}/data/db ${varDir}/assets/images
72 '';
73 webRoot = "${webappDir}/web";
74 # Domain migration: Table wallabag_entry contains whole
75 # https://tools.immae.eu/wallabag domain name in preview_picture
76 apache = rec {
77 user = "wwwrun";
78 group = "wwwrun";
79 modules = [ "proxy_fcgi" ];
80 webappName = "tools_wallabag";
81 root = "/run/current-system/webapps/${webappName}";
82 vhostConf = ''
83 Alias /wallabag "${root}"
84 <Directory "${root}">
85 AllowOverride None
86 Require all granted
87 # For OAuth (apps)
88 CGIPassAuth On
89
90 <FilesMatch "\.php$">
91 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
92 </FilesMatch>
93
94 <IfModule mod_rewrite.c>
95 Options -MultiViews
96 RewriteEngine On
97 RewriteCond %{REQUEST_FILENAME} !-f
98 RewriteRule ^(.*)$ app.php [QSA,L]
99 </IfModule>
100 </Directory>
101 <Directory "${root}/bundles">
102 <IfModule mod_rewrite.c>
103 RewriteEngine Off
104 </IfModule>
105 </Directory>
106 <Directory "${varDir}/assets">
107 AllowOverride None
108 Require all granted
109 </Directory>
110 '';
111 };
112 phpFpm = rec {
113 preStart = ''
114 if [ ! -f "${varDir}/currentWebappDir" -o \
115 ! -f "${varDir}/currentKey" -o \
116 "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ] \
117 || ! sha512sum -c --status ${varDir}/currentKey; then
118 pushd ${webappDir} > /dev/null
119 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod cache:clear
120 rm -rf /var/lib/wallabag/var/cache/pro_
121 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate --no-interaction
122 popd > /dev/null
123 echo -n "${webappDir}" > ${varDir}/currentWebappDir
124 sha512sum /var/secrets/webapps/tools-wallabag > ${varDir}/currentKey
125 fi
126 '';
127 serviceDeps = [ "postgresql.service" "openldap.service" ];
128 basedir = builtins.concatStringsSep ":" [ webappDir "/var/secrets/webapps/tools-wallabag" varDir ];
129 socket = "/var/run/phpfpm/wallabag.sock";
130 pool = ''
131 listen = ${socket}
132 user = ${apache.user}
133 group = ${apache.group}
134 listen.owner = ${apache.user}
135 listen.group = ${apache.group}
136 pm = dynamic
137 pm.max_children = 60
138 pm.start_servers = 2
139 pm.min_spare_servers = 1
140 pm.max_spare_servers = 10
141
142 ; Needed to avoid clashes in browser cookies (same domain)
143 php_value[session.name] = WallabagPHPSESSID
144 php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:${basedir}:/tmp"
145 php_value[max_execution_time] = 300
146 '';
147 };
148}
diff --git a/modules/private/websites/tools/tools/ympd.nix b/modules/private/websites/tools/tools/ympd.nix
new file mode 100644
index 00000000..b54c4866
--- /dev/null
+++ b/modules/private/websites/tools/tools/ympd.nix
@@ -0,0 +1,40 @@
1{ env }:
2let
3 ympd = rec {
4 config = {
5 webPort = "localhost:${env.listenPort}";
6 host = env.mpd.host;
7 port = env.mpd.port;
8 };
9 apache = {
10 modules = [
11 "proxy_wstunnel"
12 ];
13 vhostConf = ''
14 <LocationMatch "^/mpd(?!/music.(mp3|ogg))">
15 Use LDAPConnect
16 Require ldap-group cn=users,cn=mpd,ou=services,dc=immae,dc=eu
17 </LocationMatch>
18
19 RedirectMatch permanent "^/mpd$" "/mpd/"
20 <Location "/mpd/">
21 ProxyPass http://${config.webPort}/
22 ProxyPassReverse http://${config.webPort}/
23 ProxyPreserveHost on
24 </Location>
25 <Location "/mpd/ws">
26 ProxyPass ws://${config.webPort}/ws
27 </Location>
28 <Location "/mpd/music.mp3">
29 ProxyPass unix:///run/mpd/mp3.sock|http://tools.immae.eu/
30 ProxyPassReverse unix:///run/mpd/mp3.sock|http://tools.immae.eu/
31 </Location>
32 <Location "/mpd/music.ogg">
33 ProxyPass unix:///run/mpd/ogg.sock|http://tools.immae.eu/
34 ProxyPassReverse unix:///run/mpd/ogg.sock|http://tools.immae.eu/
35 </Location>
36 '';
37 };
38 };
39in
40 ympd
diff --git a/modules/private/websites/tools/tools/yourls.nix b/modules/private/websites/tools/tools/yourls.nix
new file mode 100644
index 00000000..0a8e8377
--- /dev/null
+++ b/modules/private/websites/tools/tools/yourls.nix
@@ -0,0 +1,93 @@
1{ env, yourls, yourls-plugins }:
2rec {
3 activationScript = {
4 deps = [ "httpd" ];
5 text = ''
6 install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/yourls
7 '';
8 };
9 keys = [{
10 dest = "webapps/tools-yourls";
11 user = apache.user;
12 group = apache.group;
13 permissions = "0400";
14 text = ''
15 <?php
16 define( 'YOURLS_DB_USER', '${env.mysql.user}' );
17 define( 'YOURLS_DB_PASS', '${env.mysql.password}' );
18 define( 'YOURLS_DB_NAME', '${env.mysql.database}' );
19 define( 'YOURLS_DB_HOST', '${env.mysql.host}' );
20 define( 'YOURLS_DB_PREFIX', 'yourls_' );
21 define( 'YOURLS_SITE', 'https://tools.immae.eu/url' );
22 define( 'YOURLS_HOURS_OFFSET', 0 );
23 define( 'YOURLS_LANG', ''' );
24 define( 'YOURLS_UNIQUE_URLS', true );
25 define( 'YOURLS_PRIVATE', true );
26 define( 'YOURLS_COOKIEKEY', '${env.cookieKey}' );
27 $yourls_user_passwords = array();
28 define( 'YOURLS_DEBUG', false );
29 define( 'YOURLS_URL_CONVERT', 36 );
30 $yourls_reserved_URL = array();
31 define( 'LDAPAUTH_HOST', 'ldaps://ldap.immae.eu' );
32 define( 'LDAPAUTH_PORT', '636' );
33 define( 'LDAPAUTH_BASE', 'dc=immae,dc=eu' );
34 define( 'LDAPAUTH_SEARCH_USER', 'cn=yourls,ou=services,dc=immae,dc=eu' );
35 define( 'LDAPAUTH_SEARCH_PASS', '${env.ldap.password}' );
36
37 define( 'LDAPAUTH_GROUP_ATTR', 'memberof' );
38 define( 'LDAPAUTH_GROUP_REQ', 'cn=admin,cn=yourls,ou=services,dc=immae,dc=eu');
39
40 define( 'LDAPAUTH_USERCACHE_TYPE', 0);
41 '';
42 }];
43 webRoot = (yourls.override { yourls_config = "/var/secrets/webapps/tools-yourls"; }).withPlugins
44 (builtins.attrValues yourls-plugins);
45 apache = rec {
46 user = "wwwrun";
47 group = "wwwrun";
48 modules = [ "proxy_fcgi" ];
49 webappName = "tools_yourls";
50 root = "/run/current-system/webapps/${webappName}";
51 vhostConf = ''
52 Alias /url "${root}"
53 <Directory "${root}">
54 <FilesMatch "\.php$">
55 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
56 </FilesMatch>
57
58 AllowOverride None
59 Require all granted
60 <IfModule mod_rewrite.c>
61 RewriteEngine On
62 RewriteBase /url/
63 RewriteCond %{REQUEST_FILENAME} !-f
64 RewriteCond %{REQUEST_FILENAME} !-d
65 RewriteRule ^.*$ /url/yourls-loader.php [L]
66 </IfModule>
67 DirectoryIndex index.php
68 </Directory>
69 '';
70 };
71 phpFpm = rec {
72 serviceDeps = [ "mysql.service" "openldap.service" ];
73 basedir = builtins.concatStringsSep ":" (
74 [ webRoot "/var/secrets/webapps/tools-yourls" ]
75 ++ webRoot.plugins);
76 socket = "/var/run/phpfpm/yourls.sock";
77 pool = ''
78 listen = ${socket}
79 user = ${apache.user}
80 group = ${apache.group}
81 listen.owner = ${apache.user}
82 listen.group = ${apache.group}
83 pm = ondemand
84 pm.max_children = 60
85 pm.process_idle_timeout = 60
86
87 ; Needed to avoid clashes in browser cookies (same domain)
88 php_value[session.name] = YourlsPHPSESSID
89 php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/yourls"
90 php_admin_value[session.save_path] = "/var/lib/php/sessions/yourls"
91 '';
92 };
93}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-26 04:25:54 +0000