diff options
Diffstat (limited to 'modules/private/websites/tools/tools')
-rw-r--r-- | modules/private/websites/tools/tools/adminer.nix | 47 | ||||
-rw-r--r-- | modules/private/websites/tools/tools/default.nix | 302 | ||||
-rw-r--r-- | modules/private/websites/tools/tools/dokuwiki.nix | 61 | ||||
-rw-r--r-- | modules/private/websites/tools/tools/kanboard.nix | 86 | ||||
-rw-r--r-- | modules/private/websites/tools/tools/ldap.nix | 74 | ||||
-rw-r--r-- | modules/private/websites/tools/tools/rainloop.nix | 59 | ||||
-rw-r--r-- | modules/private/websites/tools/tools/rompr.nix | 77 | ||||
-rw-r--r-- | modules/private/websites/tools/tools/roundcubemail.nix | 121 | ||||
-rw-r--r-- | modules/private/websites/tools/tools/shaarli.nix | 65 | ||||
-rw-r--r-- | modules/private/websites/tools/tools/ttrss.nix | 131 | ||||
-rw-r--r-- | modules/private/websites/tools/tools/wallabag.nix | 148 | ||||
-rw-r--r-- | modules/private/websites/tools/tools/ympd.nix | 40 | ||||
-rw-r--r-- | modules/private/websites/tools/tools/yourls.nix | 93 |
13 files changed, 1304 insertions, 0 deletions
diff --git a/modules/private/websites/tools/tools/adminer.nix b/modules/private/websites/tools/tools/adminer.nix new file mode 100644 index 00000000..cd51e7fe --- /dev/null +++ b/modules/private/websites/tools/tools/adminer.nix | |||
@@ -0,0 +1,47 @@ | |||
1 | { adminer }: | ||
2 | rec { | ||
3 | activationScript = { | ||
4 | deps = [ "httpd" ]; | ||
5 | text = '' | ||
6 | install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/adminer | ||
7 | install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/tmp/adminer | ||
8 | ''; | ||
9 | }; | ||
10 | webRoot = adminer; | ||
11 | phpFpm = rec { | ||
12 | socket = "/var/run/phpfpm/adminer.sock"; | ||
13 | pool = '' | ||
14 | listen = ${socket} | ||
15 | user = ${apache.user} | ||
16 | group = ${apache.group} | ||
17 | listen.owner = ${apache.user} | ||
18 | listen.group = ${apache.group} | ||
19 | pm = ondemand | ||
20 | pm.max_children = 5 | ||
21 | pm.process_idle_timeout = 60 | ||
22 | ;php_admin_flag[log_errors] = on | ||
23 | ; Needed to avoid clashes in browser cookies (same domain) | ||
24 | php_value[session.name] = AdminerPHPSESSID | ||
25 | php_admin_value[open_basedir] = "${webRoot}:/tmp:/var/lib/php/sessions/adminer:/var/lib/php/tmp/adminer" | ||
26 | php_admin_value[session.save_path] = "/var/lib/php/sessions/adminer" | ||
27 | php_admin_value[upload_tmp_dir] = "/var/lib/php/tmp/adminer" | ||
28 | ''; | ||
29 | }; | ||
30 | apache = rec { | ||
31 | user = "wwwrun"; | ||
32 | group = "wwwrun"; | ||
33 | modules = [ "proxy_fcgi" ]; | ||
34 | webappName = "_adminer"; | ||
35 | root = "/run/current-system/webapps/${webappName}"; | ||
36 | vhostConf = '' | ||
37 | Alias /adminer ${root} | ||
38 | <Directory ${root}> | ||
39 | DirectoryIndex index.php | ||
40 | Require all granted | ||
41 | <FilesMatch "\.php$"> | ||
42 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | ||
43 | </FilesMatch> | ||
44 | </Directory> | ||
45 | ''; | ||
46 | }; | ||
47 | } | ||
diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix new file mode 100644 index 00000000..94a2be16 --- /dev/null +++ b/modules/private/websites/tools/tools/default.nix | |||
@@ -0,0 +1,302 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | ||
2 | let | ||
3 | adminer = pkgs.callPackage ./adminer.nix { | ||
4 | inherit (pkgs.webapps) adminer; | ||
5 | }; | ||
6 | ympd = pkgs.callPackage ./ympd.nix { | ||
7 | env = myconfig.env.tools.ympd; | ||
8 | }; | ||
9 | ttrss = pkgs.callPackage ./ttrss.nix { | ||
10 | inherit (pkgs.webapps) ttrss ttrss-plugins; | ||
11 | env = myconfig.env.tools.ttrss; | ||
12 | }; | ||
13 | roundcubemail = pkgs.callPackage ./roundcubemail.nix { | ||
14 | inherit (pkgs.webapps) roundcubemail roundcubemail-plugins roundcubemail-skins; | ||
15 | env = myconfig.env.tools.roundcubemail; | ||
16 | }; | ||
17 | rainloop = pkgs.callPackage ./rainloop.nix {}; | ||
18 | kanboard = pkgs.callPackage ./kanboard.nix { | ||
19 | env = myconfig.env.tools.kanboard; | ||
20 | }; | ||
21 | wallabag = pkgs.callPackage ./wallabag.nix { | ||
22 | inherit (pkgs.webapps) wallabag; | ||
23 | env = myconfig.env.tools.wallabag; | ||
24 | }; | ||
25 | yourls = pkgs.callPackage ./yourls.nix { | ||
26 | inherit (pkgs.webapps) yourls yourls-plugins; | ||
27 | env = myconfig.env.tools.yourls; | ||
28 | }; | ||
29 | rompr = pkgs.callPackage ./rompr.nix { | ||
30 | inherit (pkgs.webapps) rompr; | ||
31 | env = myconfig.env.tools.rompr; | ||
32 | }; | ||
33 | shaarli = pkgs.callPackage ./shaarli.nix { | ||
34 | env = myconfig.env.tools.shaarli; | ||
35 | }; | ||
36 | dokuwiki = pkgs.callPackage ./dokuwiki.nix { | ||
37 | inherit (pkgs.webapps) dokuwiki dokuwiki-plugins; | ||
38 | }; | ||
39 | ldap = pkgs.callPackage ./ldap.nix { | ||
40 | inherit (pkgs.webapps) phpldapadmin; | ||
41 | env = myconfig.env.tools.phpldapadmin; | ||
42 | }; | ||
43 | |||
44 | cfg = config.myServices.websites.tools.tools; | ||
45 | in { | ||
46 | options.myServices.websites.tools.tools = { | ||
47 | enable = lib.mkEnableOption "enable tools website"; | ||
48 | }; | ||
49 | |||
50 | config = lib.mkIf cfg.enable { | ||
51 | secrets.keys = | ||
52 | kanboard.keys | ||
53 | ++ ldap.keys | ||
54 | ++ roundcubemail.keys | ||
55 | ++ shaarli.keys | ||
56 | ++ ttrss.keys | ||
57 | ++ wallabag.keys | ||
58 | ++ yourls.keys; | ||
59 | |||
60 | services.websites.integration.modules = | ||
61 | rainloop.apache.modules; | ||
62 | |||
63 | services.websites.tools.modules = | ||
64 | [ "proxy_fcgi" ] | ||
65 | ++ adminer.apache.modules | ||
66 | ++ ympd.apache.modules | ||
67 | ++ ttrss.apache.modules | ||
68 | ++ roundcubemail.apache.modules | ||
69 | ++ wallabag.apache.modules | ||
70 | ++ yourls.apache.modules | ||
71 | ++ rompr.apache.modules | ||
72 | ++ shaarli.apache.modules | ||
73 | ++ dokuwiki.apache.modules | ||
74 | ++ ldap.apache.modules | ||
75 | ++ kanboard.apache.modules; | ||
76 | |||
77 | services.websites.integration.vhostConfs.devtools = { | ||
78 | certName = "eldiron"; | ||
79 | addToCerts = true; | ||
80 | hosts = ["devtools.immae.eu" ]; | ||
81 | root = "/var/lib/ftp/devtools.immae.eu"; | ||
82 | extraConfig = [ | ||
83 | '' | ||
84 | <Directory "/var/lib/ftp/devtools.immae.eu"> | ||
85 | DirectoryIndex index.php index.htm index.html | ||
86 | AllowOverride all | ||
87 | Require all granted | ||
88 | <FilesMatch "\.php$"> | ||
89 | SetHandler "proxy:unix:/var/run/phpfpm/devtools.sock|fcgi://localhost" | ||
90 | </FilesMatch> | ||
91 | </Directory> | ||
92 | '' | ||
93 | rainloop.apache.vhostConf | ||
94 | ]; | ||
95 | }; | ||
96 | |||
97 | services.websites.tools.vhostConfs.tools = { | ||
98 | certName = "eldiron"; | ||
99 | addToCerts = true; | ||
100 | hosts = ["tools.immae.eu" ]; | ||
101 | root = "/var/lib/ftp/tools.immae.eu"; | ||
102 | extraConfig = [ | ||
103 | '' | ||
104 | <Directory "/var/lib/ftp/tools.immae.eu"> | ||
105 | DirectoryIndex index.php index.htm index.html | ||
106 | AllowOverride all | ||
107 | Require all granted | ||
108 | <FilesMatch "\.php$"> | ||
109 | SetHandler "proxy:unix:/var/run/phpfpm/tools.sock|fcgi://localhost" | ||
110 | </FilesMatch> | ||
111 | </Directory> | ||
112 | '' | ||
113 | adminer.apache.vhostConf | ||
114 | ympd.apache.vhostConf | ||
115 | ttrss.apache.vhostConf | ||
116 | roundcubemail.apache.vhostConf | ||
117 | wallabag.apache.vhostConf | ||
118 | yourls.apache.vhostConf | ||
119 | rompr.apache.vhostConf | ||
120 | shaarli.apache.vhostConf | ||
121 | dokuwiki.apache.vhostConf | ||
122 | ldap.apache.vhostConf | ||
123 | kanboard.apache.vhostConf | ||
124 | ]; | ||
125 | }; | ||
126 | |||
127 | services.websites.tools.vhostConfs.outils = { | ||
128 | certName = "eldiron"; | ||
129 | addToCerts = true; | ||
130 | hosts = [ "outils.immae.eu" ]; | ||
131 | root = null; | ||
132 | extraConfig = [ | ||
133 | '' | ||
134 | RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1 | ||
135 | |||
136 | RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1 | ||
137 | |||
138 | RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1 | ||
139 | RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1 | ||
140 | |||
141 | RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1 | ||
142 | RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1 | ||
143 | RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1 | ||
144 | RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1 | ||
145 | |||
146 | RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1 | ||
147 | |||
148 | RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1 | ||
149 | '' | ||
150 | ]; | ||
151 | }; | ||
152 | |||
153 | systemd.services = { | ||
154 | phpfpm-dokuwiki = { | ||
155 | after = lib.mkAfter dokuwiki.phpFpm.serviceDeps; | ||
156 | wants = dokuwiki.phpFpm.serviceDeps; | ||
157 | }; | ||
158 | phpfpm-kanboard = { | ||
159 | after = lib.mkAfter kanboard.phpFpm.serviceDeps; | ||
160 | wants = kanboard.phpFpm.serviceDeps; | ||
161 | }; | ||
162 | phpfpm-ldap = { | ||
163 | after = lib.mkAfter ldap.phpFpm.serviceDeps; | ||
164 | wants = ldap.phpFpm.serviceDeps; | ||
165 | }; | ||
166 | phpfpm-rainloop = { | ||
167 | after = lib.mkAfter rainloop.phpFpm.serviceDeps; | ||
168 | wants = rainloop.phpFpm.serviceDeps; | ||
169 | }; | ||
170 | phpfpm-roundcubemail = { | ||
171 | after = lib.mkAfter roundcubemail.phpFpm.serviceDeps; | ||
172 | wants = roundcubemail.phpFpm.serviceDeps; | ||
173 | }; | ||
174 | phpfpm-shaarli = { | ||
175 | after = lib.mkAfter shaarli.phpFpm.serviceDeps; | ||
176 | wants = shaarli.phpFpm.serviceDeps; | ||
177 | }; | ||
178 | phpfpm-ttrss = { | ||
179 | after = lib.mkAfter ttrss.phpFpm.serviceDeps; | ||
180 | wants = ttrss.phpFpm.serviceDeps; | ||
181 | }; | ||
182 | phpfpm-wallabag = { | ||
183 | after = lib.mkAfter wallabag.phpFpm.serviceDeps; | ||
184 | wants = wallabag.phpFpm.serviceDeps; | ||
185 | preStart = lib.mkAfter wallabag.phpFpm.preStart; | ||
186 | }; | ||
187 | phpfpm-yourls = { | ||
188 | after = lib.mkAfter yourls.phpFpm.serviceDeps; | ||
189 | wants = yourls.phpFpm.serviceDeps; | ||
190 | }; | ||
191 | ympd = { | ||
192 | description = "Standalone MPD Web GUI written in C"; | ||
193 | wantedBy = [ "multi-user.target" ]; | ||
194 | script = '' | ||
195 | export MPD_PASSWORD=$(cat /var/secrets/mpd) | ||
196 | ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody | ||
197 | ''; | ||
198 | }; | ||
199 | tt-rss = { | ||
200 | description = "Tiny Tiny RSS feeds update daemon"; | ||
201 | serviceConfig = { | ||
202 | User = "wwwrun"; | ||
203 | ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon"; | ||
204 | StandardOutput = "syslog"; | ||
205 | StandardError = "syslog"; | ||
206 | PermissionsStartOnly = true; | ||
207 | }; | ||
208 | |||
209 | wantedBy = [ "multi-user.target" ]; | ||
210 | requires = ["postgresql.service"]; | ||
211 | after = ["network.target" "postgresql.service"]; | ||
212 | }; | ||
213 | }; | ||
214 | |||
215 | services.phpfpm.pools.roundcubemail = { | ||
216 | listen = roundcubemail.phpFpm.socket; | ||
217 | extraConfig = roundcubemail.phpFpm.pool; | ||
218 | phpOptions = config.services.phpfpm.phpOptions + roundcubemail.phpFpm.phpConfig; | ||
219 | }; | ||
220 | |||
221 | services.phpfpm.pools.devtools = { | ||
222 | listen = "/var/run/phpfpm/devtools.sock"; | ||
223 | extraConfig = '' | ||
224 | user = wwwrun | ||
225 | group = wwwrun | ||
226 | listen.owner = wwwrun | ||
227 | listen.group = wwwrun | ||
228 | pm = dynamic | ||
229 | pm.max_children = 60 | ||
230 | pm.start_servers = 2 | ||
231 | pm.min_spare_servers = 1 | ||
232 | pm.max_spare_servers = 10 | ||
233 | |||
234 | php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp" | ||
235 | ''; | ||
236 | phpOptions = config.services.phpfpm.phpOptions + '' | ||
237 | extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so | ||
238 | extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so | ||
239 | zend_extension=${pkgs.php}/lib/php/extensions/opcache.so | ||
240 | ''; | ||
241 | }; | ||
242 | |||
243 | services.phpfpm.poolConfigs = { | ||
244 | adminer = adminer.phpFpm.pool; | ||
245 | ttrss = ttrss.phpFpm.pool; | ||
246 | wallabag = wallabag.phpFpm.pool; | ||
247 | yourls = yourls.phpFpm.pool; | ||
248 | rompr = rompr.phpFpm.pool; | ||
249 | shaarli = shaarli.phpFpm.pool; | ||
250 | dokuwiki = dokuwiki.phpFpm.pool; | ||
251 | ldap = ldap.phpFpm.pool; | ||
252 | rainloop = rainloop.phpFpm.pool; | ||
253 | kanboard = kanboard.phpFpm.pool; | ||
254 | tools = '' | ||
255 | listen = /var/run/phpfpm/tools.sock | ||
256 | user = wwwrun | ||
257 | group = wwwrun | ||
258 | listen.owner = wwwrun | ||
259 | listen.group = wwwrun | ||
260 | pm = dynamic | ||
261 | pm.max_children = 60 | ||
262 | pm.start_servers = 2 | ||
263 | pm.min_spare_servers = 1 | ||
264 | pm.max_spare_servers = 10 | ||
265 | |||
266 | ; Needed to avoid clashes in browser cookies (same domain) | ||
267 | php_value[session.name] = ToolsPHPSESSID | ||
268 | php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp" | ||
269 | ''; | ||
270 | }; | ||
271 | |||
272 | system.activationScripts = { | ||
273 | adminer = adminer.activationScript; | ||
274 | ttrss = ttrss.activationScript; | ||
275 | roundcubemail = roundcubemail.activationScript; | ||
276 | wallabag = wallabag.activationScript; | ||
277 | yourls = yourls.activationScript; | ||
278 | rompr = rompr.activationScript; | ||
279 | shaarli = shaarli.activationScript; | ||
280 | dokuwiki = dokuwiki.activationScript; | ||
281 | rainloop = rainloop.activationScript; | ||
282 | kanboard = kanboard.activationScript; | ||
283 | ldap = ldap.activationScript; | ||
284 | }; | ||
285 | |||
286 | myServices.websites.webappDirs = { | ||
287 | _adminer = adminer.webRoot; | ||
288 | "${dokuwiki.apache.webappName}" = dokuwiki.webRoot; | ||
289 | "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs"; | ||
290 | "${rompr.apache.webappName}" = rompr.webRoot; | ||
291 | "${roundcubemail.apache.webappName}" = roundcubemail.webRoot; | ||
292 | "${shaarli.apache.webappName}" = shaarli.webRoot; | ||
293 | "${ttrss.apache.webappName}" = ttrss.webRoot; | ||
294 | "${wallabag.apache.webappName}" = wallabag.webRoot; | ||
295 | "${yourls.apache.webappName}" = yourls.webRoot; | ||
296 | "${rainloop.apache.webappName}" = rainloop.webRoot; | ||
297 | "${kanboard.apache.webappName}" = kanboard.webRoot; | ||
298 | }; | ||
299 | |||
300 | }; | ||
301 | } | ||
302 | |||
diff --git a/modules/private/websites/tools/tools/dokuwiki.nix b/modules/private/websites/tools/tools/dokuwiki.nix new file mode 100644 index 00000000..c61d15f2 --- /dev/null +++ b/modules/private/websites/tools/tools/dokuwiki.nix | |||
@@ -0,0 +1,61 @@ | |||
1 | { lib, stdenv, dokuwiki, dokuwiki-plugins }: | ||
2 | rec { | ||
3 | varDir = "/var/lib/dokuwiki"; | ||
4 | activationScript = { | ||
5 | deps = [ "wrappers" ]; | ||
6 | text = '' | ||
7 | if [ ! -d ${varDir} ]; then | ||
8 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ | ||
9 | ${varDir}/animals | ||
10 | cp -a ${webRoot}/conf.dist ${varDir}/conf | ||
11 | cp -a ${webRoot}/data.dist ${varDir}/data | ||
12 | cp -a ${webRoot}/ | ||
13 | chown -R ${apache.user}:${apache.user} ${varDir}/config ${varDir}/data | ||
14 | chmod -R 755 ${varDir}/config ${varDir}/data | ||
15 | fi | ||
16 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions | ||
17 | ''; | ||
18 | }; | ||
19 | webRoot = dokuwiki.withPlugins (builtins.attrValues dokuwiki-plugins); | ||
20 | apache = rec { | ||
21 | user = "wwwrun"; | ||
22 | group = "wwwrun"; | ||
23 | modules = [ "proxy_fcgi" ]; | ||
24 | webappName = "tools_dokuwiki"; | ||
25 | root = "/run/current-system/webapps/${webappName}"; | ||
26 | vhostConf = '' | ||
27 | Alias /dokuwiki "${root}" | ||
28 | <Directory "${root}"> | ||
29 | DirectoryIndex index.php | ||
30 | <FilesMatch "\.php$"> | ||
31 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | ||
32 | </FilesMatch> | ||
33 | |||
34 | AllowOverride All | ||
35 | Options +FollowSymlinks | ||
36 | Require all granted | ||
37 | </Directory> | ||
38 | ''; | ||
39 | }; | ||
40 | phpFpm = rec { | ||
41 | serviceDeps = [ "openldap.service" ]; | ||
42 | basedir = builtins.concatStringsSep ":" ( | ||
43 | [ webRoot varDir ] ++ webRoot.plugins); | ||
44 | socket = "/var/run/phpfpm/dokuwiki.sock"; | ||
45 | pool = '' | ||
46 | listen = ${socket} | ||
47 | user = ${apache.user} | ||
48 | group = ${apache.group} | ||
49 | listen.owner = ${apache.user} | ||
50 | listen.group = ${apache.group} | ||
51 | pm = ondemand | ||
52 | pm.max_children = 60 | ||
53 | pm.process_idle_timeout = 60 | ||
54 | |||
55 | ; Needed to avoid clashes in browser cookies (same domain) | ||
56 | php_value[session.name] = DokuwikiPHPSESSID | ||
57 | php_admin_value[open_basedir] = "${basedir}:/tmp" | ||
58 | php_admin_value[session.save_path] = "${varDir}/phpSessions" | ||
59 | ''; | ||
60 | }; | ||
61 | } | ||
diff --git a/modules/private/websites/tools/tools/kanboard.nix b/modules/private/websites/tools/tools/kanboard.nix new file mode 100644 index 00000000..68f92b81 --- /dev/null +++ b/modules/private/websites/tools/tools/kanboard.nix | |||
@@ -0,0 +1,86 @@ | |||
1 | { env, kanboard }: | ||
2 | rec { | ||
3 | varDir = "/var/lib/kanboard"; | ||
4 | activationScript = { | ||
5 | deps = [ "wrappers" ]; | ||
6 | text = '' | ||
7 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}/data | ||
8 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions | ||
9 | install -TDm644 ${webRoot}/dataold/.htaccess ${varDir}/data/.htaccess | ||
10 | install -TDm644 ${webRoot}/dataold/web.config ${varDir}/data/web.config | ||
11 | ''; | ||
12 | }; | ||
13 | keys = [{ | ||
14 | dest = "webapps/tools-kanboard"; | ||
15 | user = apache.user; | ||
16 | group = apache.group; | ||
17 | permissions = "0400"; | ||
18 | text = '' | ||
19 | <?php | ||
20 | define('MAIL_FROM', 'kanboard@tools.immae.eu'); | ||
21 | |||
22 | define('DB_DRIVER', 'postgres'); | ||
23 | define('DB_USERNAME', '${env.postgresql.user}'); | ||
24 | define('DB_PASSWORD', '${env.postgresql.password}'); | ||
25 | define('DB_HOSTNAME', '${env.postgresql.socket}'); | ||
26 | define('DB_NAME', '${env.postgresql.database}'); | ||
27 | |||
28 | define('DATA_DIR', '${varDir}'); | ||
29 | define('LDAP_AUTH', true); | ||
30 | define('LDAP_SERVER', '${env.ldap.host}'); | ||
31 | define('LDAP_START_TLS', true); | ||
32 | |||
33 | define('LDAP_BIND_TYPE', 'proxy'); | ||
34 | define('LDAP_USERNAME', '${env.ldap.dn}'); | ||
35 | define('LDAP_PASSWORD', '${env.ldap.password}'); | ||
36 | define('LDAP_USER_BASE_DN', '${env.ldap.base}'); | ||
37 | define('LDAP_USER_FILTER', '(&(memberOf=cn=users,cn=kanboard,ou=services,dc=immae,dc=eu)(uid=%s))'); | ||
38 | define('LDAP_GROUP_ADMIN_DN', 'cn=admins,cn=kanboard,ou=services,dc=immae,dc=eu'); | ||
39 | ?> | ||
40 | ''; | ||
41 | }]; | ||
42 | webRoot = kanboard { kanboard_config = "/var/secrets/webapps/tools-kanboard"; }; | ||
43 | apache = rec { | ||
44 | user = "wwwrun"; | ||
45 | group = "wwwrun"; | ||
46 | modules = [ "proxy_fcgi" ]; | ||
47 | webappName = "tools_kanboard"; | ||
48 | root = "/run/current-system/webapps/${webappName}"; | ||
49 | vhostConf = '' | ||
50 | Alias /kanboard "${root}" | ||
51 | <Directory "${root}"> | ||
52 | DirectoryIndex index.php | ||
53 | AllowOverride All | ||
54 | Options FollowSymlinks | ||
55 | Require all granted | ||
56 | |||
57 | <FilesMatch "\.php$"> | ||
58 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | ||
59 | </FilesMatch> | ||
60 | </Directory> | ||
61 | <DirectoryMatch "${root}/data"> | ||
62 | Require all denied | ||
63 | </DirectoryMatch> | ||
64 | ''; | ||
65 | }; | ||
66 | phpFpm = rec { | ||
67 | serviceDeps = [ "postgresql.service" "openldap.service" ]; | ||
68 | basedir = builtins.concatStringsSep ":" [ webRoot varDir "/var/secrets/webapps/tools-kanboard" ]; | ||
69 | socket = "/var/run/phpfpm/kanboard.sock"; | ||
70 | pool = '' | ||
71 | listen = ${socket} | ||
72 | user = ${apache.user} | ||
73 | group = ${apache.group} | ||
74 | listen.owner = ${apache.user} | ||
75 | listen.group = ${apache.group} | ||
76 | pm = ondemand | ||
77 | pm.max_children = 60 | ||
78 | pm.process_idle_timeout = 60 | ||
79 | |||
80 | ; Needed to avoid clashes in browser cookies (same domain) | ||
81 | php_value[session.name] = KanboardPHPSESSID | ||
82 | php_admin_value[open_basedir] = "${basedir}:/tmp" | ||
83 | php_admin_value[session.save_path] = "${varDir}/phpSessions" | ||
84 | ''; | ||
85 | }; | ||
86 | } | ||
diff --git a/modules/private/websites/tools/tools/ldap.nix b/modules/private/websites/tools/tools/ldap.nix new file mode 100644 index 00000000..4585ee3c --- /dev/null +++ b/modules/private/websites/tools/tools/ldap.nix | |||
@@ -0,0 +1,74 @@ | |||
1 | { lib, php, env, writeText, phpldapadmin }: | ||
2 | rec { | ||
3 | activationScript = { | ||
4 | deps = [ "httpd" ]; | ||
5 | text = '' | ||
6 | install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/phpldapadmin | ||
7 | ''; | ||
8 | }; | ||
9 | keys = [{ | ||
10 | dest = "webapps/tools-ldap"; | ||
11 | user = apache.user; | ||
12 | group = apache.group; | ||
13 | permissions = "0400"; | ||
14 | text = '' | ||
15 | <?php | ||
16 | $config->custom->appearance['show_clear_password'] = true; | ||
17 | $config->custom->appearance['hide_template_warning'] = true; | ||
18 | $config->custom->appearance['theme'] = "tango"; | ||
19 | $config->custom->appearance['minimalMode'] = true; | ||
20 | |||
21 | $servers = new Datastore(); | ||
22 | |||
23 | $servers->newServer('ldap_pla'); | ||
24 | $servers->setValue('server','name','Immae’s LDAP'); | ||
25 | $servers->setValue('server','host','ldaps://${env.ldap.host}'); | ||
26 | $servers->setValue('login','auth_type','cookie'); | ||
27 | $servers->setValue('login','bind_id','${env.ldap.dn}'); | ||
28 | $servers->setValue('login','bind_pass','${env.ldap.password}'); | ||
29 | $servers->setValue('appearance','password_hash','ssha'); | ||
30 | $servers->setValue('login','attr','uid'); | ||
31 | $servers->setValue('login','fallback_dn',true); | ||
32 | ''; | ||
33 | }]; | ||
34 | webRoot = phpldapadmin.override { config = "/var/secrets/webapps/tools-ldap"; }; | ||
35 | apache = rec { | ||
36 | user = "wwwrun"; | ||
37 | group = "wwwrun"; | ||
38 | modules = [ "proxy_fcgi" ]; | ||
39 | webappName = "tools_ldap"; | ||
40 | root = "/run/current-system/webapps/${webappName}"; | ||
41 | vhostConf = '' | ||
42 | Alias /ldap "${root}" | ||
43 | <Directory "${root}"> | ||
44 | DirectoryIndex index.php | ||
45 | <FilesMatch "\.php$"> | ||
46 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | ||
47 | </FilesMatch> | ||
48 | |||
49 | AllowOverride None | ||
50 | Require all granted | ||
51 | </Directory> | ||
52 | ''; | ||
53 | }; | ||
54 | phpFpm = rec { | ||
55 | serviceDeps = [ "openldap.service" ]; | ||
56 | basedir = builtins.concatStringsSep ":" [ webRoot "/var/secrets/webapps/tools-ldap" ]; | ||
57 | socket = "/var/run/phpfpm/ldap.sock"; | ||
58 | pool = '' | ||
59 | listen = ${socket} | ||
60 | user = ${apache.user} | ||
61 | group = ${apache.group} | ||
62 | listen.owner = ${apache.user} | ||
63 | listen.group = ${apache.group} | ||
64 | pm = ondemand | ||
65 | pm.max_children = 60 | ||
66 | pm.process_idle_timeout = 60 | ||
67 | |||
68 | ; Needed to avoid clashes in browser cookies (same domain) | ||
69 | php_value[session.name] = LdapPHPSESSID | ||
70 | php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/phpldapadmin" | ||
71 | php_admin_value[session.save_path] = "/var/lib/php/sessions/phpldapadmin" | ||
72 | ''; | ||
73 | }; | ||
74 | } | ||
diff --git a/modules/private/websites/tools/tools/rainloop.nix b/modules/private/websites/tools/tools/rainloop.nix new file mode 100644 index 00000000..dbf0f248 --- /dev/null +++ b/modules/private/websites/tools/tools/rainloop.nix | |||
@@ -0,0 +1,59 @@ | |||
1 | { lib, pkgs, writeText, stdenv, fetchurl }: | ||
2 | rec { | ||
3 | varDir = "/var/lib/rainloop"; | ||
4 | activationScript = { | ||
5 | deps = [ "wrappers" ]; | ||
6 | text = '' | ||
7 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} | ||
8 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions | ||
9 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/data | ||
10 | ''; | ||
11 | }; | ||
12 | webRoot = pkgs.rainloop-community.override { dataPath = "${varDir}/data"; }; | ||
13 | apache = rec { | ||
14 | user = "wwwrun"; | ||
15 | group = "wwwrun"; | ||
16 | modules = [ "proxy_fcgi" ]; | ||
17 | webappName = "tools_rainloop"; | ||
18 | root = "/run/current-system/webapps/${webappName}"; | ||
19 | vhostConf = '' | ||
20 | Alias /rainloop "${root}" | ||
21 | <Directory "${root}"> | ||
22 | DirectoryIndex index.php | ||
23 | AllowOverride All | ||
24 | Options -FollowSymlinks | ||
25 | Require all granted | ||
26 | |||
27 | <FilesMatch "\.php$"> | ||
28 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | ||
29 | </FilesMatch> | ||
30 | </Directory> | ||
31 | |||
32 | <DirectoryMatch "${root}/data"> | ||
33 | Require all denied | ||
34 | </DirectoryMatch> | ||
35 | ''; | ||
36 | }; | ||
37 | phpFpm = rec { | ||
38 | serviceDeps = [ "postgresql.service" ]; | ||
39 | basedir = builtins.concatStringsSep ":" [ webRoot varDir ]; | ||
40 | socket = "/var/run/phpfpm/rainloop.sock"; | ||
41 | pool = '' | ||
42 | listen = ${socket} | ||
43 | user = ${apache.user} | ||
44 | group = ${apache.group} | ||
45 | listen.owner = ${apache.user} | ||
46 | listen.group = ${apache.group} | ||
47 | pm = ondemand | ||
48 | pm.max_children = 60 | ||
49 | pm.process_idle_timeout = 60 | ||
50 | |||
51 | ; Needed to avoid clashes in browser cookies (same domain) | ||
52 | php_value[session.name] = RainloopPHPSESSID | ||
53 | php_admin_value[upload_max_filesize] = 200M | ||
54 | php_admin_value[post_max_size] = 200M | ||
55 | php_admin_value[open_basedir] = "${basedir}:/tmp" | ||
56 | php_admin_value[session.save_path] = "${varDir}/phpSessions" | ||
57 | ''; | ||
58 | }; | ||
59 | } | ||
diff --git a/modules/private/websites/tools/tools/rompr.nix b/modules/private/websites/tools/tools/rompr.nix new file mode 100644 index 00000000..fea59fc9 --- /dev/null +++ b/modules/private/websites/tools/tools/rompr.nix | |||
@@ -0,0 +1,77 @@ | |||
1 | { lib, env, rompr }: | ||
2 | rec { | ||
3 | varDir = "/var/lib/rompr"; | ||
4 | activationScript = '' | ||
5 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ | ||
6 | ${varDir}/prefs ${varDir}/albumart ${varDir}/phpSessions | ||
7 | ''; | ||
8 | webRoot = rompr; | ||
9 | apache = rec { | ||
10 | user = "wwwrun"; | ||
11 | group = "wwwrun"; | ||
12 | modules = [ "headers" "mime" "proxy_fcgi" ]; | ||
13 | webappName = "tools_rompr"; | ||
14 | root = "/run/current-system/webapps/${webappName}"; | ||
15 | vhostConf = '' | ||
16 | Alias /rompr ${root} | ||
17 | |||
18 | <Directory ${root}> | ||
19 | Options Indexes FollowSymLinks | ||
20 | DirectoryIndex index.php | ||
21 | AllowOverride all | ||
22 | Require all granted | ||
23 | Order allow,deny | ||
24 | Allow from all | ||
25 | ErrorDocument 404 /rompr/404.php | ||
26 | AddType image/x-icon .ico | ||
27 | |||
28 | <FilesMatch "\.php$"> | ||
29 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | ||
30 | </FilesMatch> | ||
31 | </Directory> | ||
32 | |||
33 | <Directory ${root}/albumart/small> | ||
34 | Header Set Cache-Control "max-age=0, no-store" | ||
35 | Header Set Cache-Control "no-cache, must-revalidate" | ||
36 | </Directory> | ||
37 | |||
38 | <Directory ${root}/albumart/asdownloaded> | ||
39 | Header Set Cache-Control "max-age=0, no-store" | ||
40 | Header Set Cache-Control "no-cache, must-revalidate" | ||
41 | </Directory> | ||
42 | |||
43 | <LocationMatch "^/rompr"> | ||
44 | Use LDAPConnect | ||
45 | Require ldap-group cn=users,cn=mpd,ou=services,dc=immae,dc=eu | ||
46 | </LocationMatch> | ||
47 | ''; | ||
48 | }; | ||
49 | phpFpm = rec { | ||
50 | basedir = builtins.concatStringsSep ":" [ webRoot varDir ]; | ||
51 | socket = "/var/run/phpfpm/rompr.sock"; | ||
52 | pool = '' | ||
53 | listen = ${socket} | ||
54 | user = ${apache.user} | ||
55 | group = ${apache.group} | ||
56 | listen.owner = ${apache.user} | ||
57 | listen.group = ${apache.group} | ||
58 | pm = ondemand | ||
59 | pm.max_children = 60 | ||
60 | pm.process_idle_timeout = 60 | ||
61 | |||
62 | ; Needed to avoid clashes in browser cookies (same domain) | ||
63 | php_value[session.name] = RomprPHPSESSID | ||
64 | php_admin_value[open_basedir] = "${basedir}:/tmp" | ||
65 | php_admin_value[session.save_path] = "${varDir}/phpSessions" | ||
66 | php_flag[magic_quotes_gpc] = Off | ||
67 | php_flag[track_vars] = On | ||
68 | php_flag[register_globals] = Off | ||
69 | php_admin_flag[allow_url_fopen] = On | ||
70 | php_value[include_path] = ${webRoot} | ||
71 | php_admin_value[upload_tmp_dir] = "${varDir}/prefs" | ||
72 | php_admin_value[post_max_size] = 32M | ||
73 | php_admin_value[upload_max_filesize] = 32M | ||
74 | php_admin_value[memory_limit] = 256M | ||
75 | ''; | ||
76 | }; | ||
77 | } | ||
diff --git a/modules/private/websites/tools/tools/roundcubemail.nix b/modules/private/websites/tools/tools/roundcubemail.nix new file mode 100644 index 00000000..8974d1bb --- /dev/null +++ b/modules/private/websites/tools/tools/roundcubemail.nix | |||
@@ -0,0 +1,121 @@ | |||
1 | { env, roundcubemail, roundcubemail-plugins, roundcubemail-skins, phpPackages, apacheHttpd }: | ||
2 | rec { | ||
3 | varDir = "/var/lib/roundcubemail"; | ||
4 | activationScript = { | ||
5 | deps = [ "wrappers" ]; | ||
6 | text = '' | ||
7 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ | ||
8 | ${varDir}/cache ${varDir}/logs | ||
9 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions | ||
10 | ''; | ||
11 | }; | ||
12 | keys = [{ | ||
13 | dest = "webapps/tools-roundcube"; | ||
14 | user = apache.user; | ||
15 | group = apache.group; | ||
16 | permissions = "0400"; | ||
17 | text = '' | ||
18 | <?php | ||
19 | $config['db_dsnw'] = '${env.psql_url}'; | ||
20 | $config['default_host'] = 'ssl://mail.immae.eu'; | ||
21 | $config['imap_conn_options'] = array("ssl" => array("verify_peer" => false)); | ||
22 | $config['smtp_server'] = 'tls://mail.immae.eu'; | ||
23 | $config['smtp_port'] = '25'; | ||
24 | $config['managesieve_host'] = 'mail.immae.eu'; | ||
25 | $config['managesieve_port'] = '4190'; | ||
26 | $config['managesieve_usetls'] = true; | ||
27 | $config['managesieve_conn_options'] = array("ssl" => array("verify_peer" => false)); | ||
28 | |||
29 | $config['imap_cache'] = 'db'; | ||
30 | $config['messages_cache'] = 'db'; | ||
31 | |||
32 | $config['support_url'] = '''; | ||
33 | |||
34 | $config['des_key'] = '${env.secret}'; | ||
35 | |||
36 | $config['skin'] = 'elastic'; | ||
37 | $config['plugins'] = array( | ||
38 | 'attachment_reminder', | ||
39 | 'emoticons', | ||
40 | 'filesystem_attachments', | ||
41 | 'hide_blockquote', | ||
42 | 'identicon', | ||
43 | 'identity_select', | ||
44 | 'jqueryui', | ||
45 | 'managesieve', | ||
46 | 'newmail_notifier', | ||
47 | 'vcard_attachments', | ||
48 | 'zipdownload', | ||
49 | |||
50 | 'automatic_addressbook', | ||
51 | 'message_highlight', | ||
52 | 'carddav', | ||
53 | // Ne marche pas ?: 'ident_switch', | ||
54 | // Ne marche pas ?: 'thunderbird_labels', | ||
55 | ); | ||
56 | |||
57 | $config['language'] = 'fr_FR'; | ||
58 | |||
59 | $config['drafts_mbox'] = 'Mail/Drafts'; | ||
60 | $config['junk_mbox'] = 'Mail/Spam'; | ||
61 | $config['sent_mbox'] = 'Mail/sent'; | ||
62 | $config['trash_mbox'] = '''; | ||
63 | $config['default_folders'] = array('INBOX', 'Mail/Drafts', 'Mail/sent', 'Mail/Spam', '''); | ||
64 | $config['draft_autosave'] = 60; | ||
65 | $config['enable_installer'] = false; | ||
66 | $config['log_driver'] = 'file'; | ||
67 | $config['temp_dir'] = '${varDir}/cache'; | ||
68 | $config['mime_types'] = '${apacheHttpd}/conf/mime.types'; | ||
69 | ''; | ||
70 | }]; | ||
71 | webRoot = (roundcubemail.override { roundcube_config = "/var/secrets/webapps/tools-roundcube"; }).withPlugins | ||
72 | (builtins.attrValues roundcubemail-plugins) (builtins.attrValues roundcubemail-skins); | ||
73 | apache = rec { | ||
74 | user = "wwwrun"; | ||
75 | group = "wwwrun"; | ||
76 | modules = [ "proxy_fcgi" ]; | ||
77 | webappName = "tools_roundcubemail"; | ||
78 | root = "/run/current-system/webapps/${webappName}"; | ||
79 | vhostConf = '' | ||
80 | Alias /roundcube "${root}" | ||
81 | <Directory "${root}"> | ||
82 | DirectoryIndex index.php | ||
83 | AllowOverride All | ||
84 | Options FollowSymlinks | ||
85 | Require all granted | ||
86 | |||
87 | <FilesMatch "\.php$"> | ||
88 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | ||
89 | </FilesMatch> | ||
90 | </Directory> | ||
91 | ''; | ||
92 | }; | ||
93 | phpFpm = rec { | ||
94 | serviceDeps = [ "postgresql.service" ]; | ||
95 | basedir = builtins.concatStringsSep ":" ( | ||
96 | [ webRoot "/var/secrets/webapps/tools-roundcube" varDir ] | ||
97 | ++ webRoot.plugins | ||
98 | ++ webRoot.skins); | ||
99 | phpConfig = '' | ||
100 | date.timezone = 'CET' | ||
101 | extension=${phpPackages.imagick}/lib/php/extensions/imagick.so | ||
102 | ''; | ||
103 | socket = "/var/run/phpfpm/roundcubemail.sock"; | ||
104 | pool = '' | ||
105 | user = ${apache.user} | ||
106 | group = ${apache.group} | ||
107 | listen.owner = ${apache.user} | ||
108 | listen.group = ${apache.group} | ||
109 | pm = ondemand | ||
110 | pm.max_children = 60 | ||
111 | pm.process_idle_timeout = 60 | ||
112 | |||
113 | ; Needed to avoid clashes in browser cookies (same domain) | ||
114 | php_value[session.name] = RoundcubemailPHPSESSID | ||
115 | php_admin_value[upload_max_filesize] = 200M | ||
116 | php_admin_value[post_max_size] = 200M | ||
117 | php_admin_value[open_basedir] = "${basedir}:${apacheHttpd}/conf/mime.types:/tmp" | ||
118 | php_admin_value[session.save_path] = "${varDir}/phpSessions" | ||
119 | ''; | ||
120 | }; | ||
121 | } | ||
diff --git a/modules/private/websites/tools/tools/shaarli.nix b/modules/private/websites/tools/tools/shaarli.nix new file mode 100644 index 00000000..2e89a473 --- /dev/null +++ b/modules/private/websites/tools/tools/shaarli.nix | |||
@@ -0,0 +1,65 @@ | |||
1 | { lib, env, stdenv, fetchurl, shaarli }: | ||
2 | let | ||
3 | varDir = "/var/lib/shaarli"; | ||
4 | in rec { | ||
5 | activationScript = '' | ||
6 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ | ||
7 | ${varDir}/cache ${varDir}/pagecache ${varDir}/tmp ${varDir}/data \ | ||
8 | ${varDir}/phpSessions | ||
9 | ''; | ||
10 | webRoot = shaarli varDir; | ||
11 | apache = rec { | ||
12 | user = "wwwrun"; | ||
13 | group = "wwwrun"; | ||
14 | modules = [ "proxy_fcgi" "rewrite" "env" ]; | ||
15 | webappName = "tools_shaarli"; | ||
16 | root = "/run/current-system/webapps/${webappName}"; | ||
17 | vhostConf = '' | ||
18 | Alias /Shaarli "${root}" | ||
19 | |||
20 | Include /var/secrets/webapps/tools-shaarli | ||
21 | <Directory "${root}"> | ||
22 | DirectoryIndex index.php index.htm index.html | ||
23 | Options Indexes FollowSymLinks MultiViews Includes | ||
24 | AllowOverride All | ||
25 | Require all granted | ||
26 | <FilesMatch "\.php$"> | ||
27 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | ||
28 | </FilesMatch> | ||
29 | </Directory> | ||
30 | ''; | ||
31 | }; | ||
32 | keys = [{ | ||
33 | dest = "webapps/tools-shaarli"; | ||
34 | user = apache.user; | ||
35 | group = apache.group; | ||
36 | permissions = "0400"; | ||
37 | text = '' | ||
38 | SetEnv SHAARLI_LDAP_PASSWORD "${env.ldap.password}" | ||
39 | SetEnv SHAARLI_LDAP_DN "${env.ldap.dn}" | ||
40 | SetEnv SHAARLI_LDAP_HOST "ldaps://${env.ldap.host}" | ||
41 | SetEnv SHAARLI_LDAP_BASE "${env.ldap.base}" | ||
42 | SetEnv SHAARLI_LDAP_FILTER "${env.ldap.search}" | ||
43 | ''; | ||
44 | }]; | ||
45 | phpFpm = rec { | ||
46 | serviceDeps = [ "openldap.service" ]; | ||
47 | basedir = builtins.concatStringsSep ":" [ webRoot varDir ]; | ||
48 | socket = "/var/run/phpfpm/shaarli.sock"; | ||
49 | pool = '' | ||
50 | listen = ${socket} | ||
51 | user = ${apache.user} | ||
52 | group = ${apache.group} | ||
53 | listen.owner = ${apache.user} | ||
54 | listen.group = ${apache.group} | ||
55 | pm = ondemand | ||
56 | pm.max_children = 60 | ||
57 | pm.process_idle_timeout = 60 | ||
58 | |||
59 | ; Needed to avoid clashes in browser cookies (same domain) | ||
60 | php_value[session.name] = ShaarliPHPSESSID | ||
61 | php_admin_value[open_basedir] = "${basedir}:/tmp" | ||
62 | php_admin_value[session.save_path] = "${varDir}/phpSessions" | ||
63 | ''; | ||
64 | }; | ||
65 | } | ||
diff --git a/modules/private/websites/tools/tools/ttrss.nix b/modules/private/websites/tools/tools/ttrss.nix new file mode 100644 index 00000000..05c8cab0 --- /dev/null +++ b/modules/private/websites/tools/tools/ttrss.nix | |||
@@ -0,0 +1,131 @@ | |||
1 | { php, env, ttrss, ttrss-plugins }: | ||
2 | rec { | ||
3 | varDir = "/var/lib/ttrss"; | ||
4 | activationScript = { | ||
5 | deps = [ "wrappers" ]; | ||
6 | text = '' | ||
7 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ | ||
8 | ${varDir}/lock ${varDir}/cache ${varDir}/feed-icons | ||
9 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}/cache/export/ \ | ||
10 | ${varDir}/cache/feeds/ \ | ||
11 | ${varDir}/cache/images/ \ | ||
12 | ${varDir}/cache/js/ \ | ||
13 | ${varDir}/cache/simplepie/ \ | ||
14 | ${varDir}/cache/upload/ | ||
15 | touch ${varDir}/feed-icons/index.html | ||
16 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions | ||
17 | ''; | ||
18 | }; | ||
19 | keys = [{ | ||
20 | dest = "webapps/tools-ttrss"; | ||
21 | user = apache.user; | ||
22 | group = apache.group; | ||
23 | permissions = "0400"; | ||
24 | text = '' | ||
25 | <?php | ||
26 | |||
27 | define('PHP_EXECUTABLE', '${php}/bin/php'); | ||
28 | |||
29 | define('LOCK_DIRECTORY', 'lock'); | ||
30 | define('CACHE_DIR', 'cache'); | ||
31 | define('ICONS_DIR', 'feed-icons'); | ||
32 | define('ICONS_URL', 'feed-icons'); | ||
33 | define('SELF_URL_PATH', 'https://tools.immae.eu/ttrss/'); | ||
34 | |||
35 | define('MYSQL_CHARSET', 'UTF8'); | ||
36 | |||
37 | define('DB_TYPE', 'pgsql'); | ||
38 | define('DB_HOST', '${env.postgresql.socket}'); | ||
39 | define('DB_USER', '${env.postgresql.user}'); | ||
40 | define('DB_NAME', '${env.postgresql.database}'); | ||
41 | define('DB_PASS', '${env.postgresql.password}'); | ||
42 | define('DB_PORT', '${env.postgresql.port}'); | ||
43 | |||
44 | define('AUTH_AUTO_CREATE', true); | ||
45 | define('AUTH_AUTO_LOGIN', true); | ||
46 | |||
47 | define('SINGLE_USER_MODE', false); | ||
48 | |||
49 | define('SIMPLE_UPDATE_MODE', false); | ||
50 | define('CHECK_FOR_UPDATES', true); | ||
51 | |||
52 | define('FORCE_ARTICLE_PURGE', 0); | ||
53 | define('SESSION_COOKIE_LIFETIME', 60*60*24*120); | ||
54 | define('ENABLE_GZIP_OUTPUT', false); | ||
55 | |||
56 | define('PLUGINS', 'auth_ldap, note, instances'); | ||
57 | |||
58 | define('LOG_DESTINATION', '''); | ||
59 | define('CONFIG_VERSION', 26); | ||
60 | |||
61 | |||
62 | define('SPHINX_SERVER', 'localhost:9312'); | ||
63 | define('SPHINX_INDEX', 'ttrss, delta'); | ||
64 | |||
65 | define('ENABLE_REGISTRATION', false); | ||
66 | define('REG_NOTIFY_ADDRESS', 'ttrss@tools.immae.eu'); | ||
67 | define('REG_MAX_USERS', 10); | ||
68 | |||
69 | define('SMTP_FROM_NAME', 'Tiny Tiny RSS'); | ||
70 | define('SMTP_FROM_ADDRESS', 'ttrss@tools.immae.eu'); | ||
71 | define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours'); | ||
72 | |||
73 | define('LDAP_AUTH_SERVER_URI', 'ldap://ldap.immae.eu:389/'); | ||
74 | define('LDAP_AUTH_USETLS', TRUE); | ||
75 | define('LDAP_AUTH_ALLOW_UNTRUSTED_CERT', TRUE); | ||
76 | define('LDAP_AUTH_BASEDN', 'dc=immae,dc=eu'); | ||
77 | define('LDAP_AUTH_ANONYMOUSBEFOREBIND', FALSE); | ||
78 | define('LDAP_AUTH_SEARCHFILTER', '(&(memberOf=cn=users,cn=ttrss,ou=services,dc=immae,dc=eu)(|(cn=???)(uid=???)(&(uid:dn:=???)(ou=ttrss))))'); | ||
79 | |||
80 | define('LDAP_AUTH_BINDDN', 'cn=ttrss,ou=services,dc=immae,dc=eu'); | ||
81 | define('LDAP_AUTH_BINDPW', '${env.ldap.password}'); | ||
82 | define('LDAP_AUTH_LOGIN_ATTRIB', 'immaeTtrssLogin'); | ||
83 | |||
84 | define('LDAP_AUTH_LOG_ATTEMPTS', FALSE); | ||
85 | define('LDAP_AUTH_DEBUG', FALSE); | ||
86 | ''; | ||
87 | }]; | ||
88 | webRoot = (ttrss.override { ttrss_config = "/var/secrets/webapps/tools-ttrss"; }).withPlugins (builtins.attrValues ttrss-plugins); | ||
89 | apache = rec { | ||
90 | user = "wwwrun"; | ||
91 | group = "wwwrun"; | ||
92 | modules = [ "proxy_fcgi" ]; | ||
93 | webappName = "tools_ttrss"; | ||
94 | root = "/run/current-system/webapps/${webappName}"; | ||
95 | vhostConf = '' | ||
96 | Alias /ttrss "${root}" | ||
97 | <Directory "${root}"> | ||
98 | DirectoryIndex index.php | ||
99 | <FilesMatch "\.php$"> | ||
100 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | ||
101 | </FilesMatch> | ||
102 | |||
103 | AllowOverride All | ||
104 | Options FollowSymlinks | ||
105 | Require all granted | ||
106 | </Directory> | ||
107 | ''; | ||
108 | }; | ||
109 | phpFpm = rec { | ||
110 | serviceDeps = [ "postgresql.service" "openldap.service" ]; | ||
111 | basedir = builtins.concatStringsSep ":" ( | ||
112 | [ webRoot "/var/secrets/webapps/tools-ttrss" varDir ] | ||
113 | ++ webRoot.plugins); | ||
114 | socket = "/var/run/phpfpm/ttrss.sock"; | ||
115 | pool = '' | ||
116 | listen = ${socket} | ||
117 | user = ${apache.user} | ||
118 | group = ${apache.group} | ||
119 | listen.owner = ${apache.user} | ||
120 | listen.group = ${apache.group} | ||
121 | pm = ondemand | ||
122 | pm.max_children = 60 | ||
123 | pm.process_idle_timeout = 60 | ||
124 | |||
125 | ; Needed to avoid clashes in browser cookies (same domain) | ||
126 | php_value[session.name] = TtrssPHPSESSID | ||
127 | php_admin_value[open_basedir] = "${basedir}:/tmp" | ||
128 | php_admin_value[session.save_path] = "${varDir}/phpSessions" | ||
129 | ''; | ||
130 | }; | ||
131 | } | ||
diff --git a/modules/private/websites/tools/tools/wallabag.nix b/modules/private/websites/tools/tools/wallabag.nix new file mode 100644 index 00000000..d6e58828 --- /dev/null +++ b/modules/private/websites/tools/tools/wallabag.nix | |||
@@ -0,0 +1,148 @@ | |||
1 | { env, wallabag }: | ||
2 | rec { | ||
3 | varDir = "/var/lib/wallabag"; | ||
4 | keys = [{ | ||
5 | dest = "webapps/tools-wallabag"; | ||
6 | user = apache.user; | ||
7 | group = apache.group; | ||
8 | permissions = "0400"; | ||
9 | text = '' | ||
10 | # This file is auto-generated during the composer install | ||
11 | parameters: | ||
12 | database_driver: pdo_pgsql | ||
13 | database_driver_class: Wallabag\CoreBundle\Doctrine\DBAL\Driver\CustomPostgreSQLDriver | ||
14 | database_host: ${env.postgresql.socket} | ||
15 | database_port: ${env.postgresql.port} | ||
16 | database_name: ${env.postgresql.database} | ||
17 | database_user: ${env.postgresql.user} | ||
18 | database_password: ${env.postgresql.password} | ||
19 | database_path: null | ||
20 | database_table_prefix: wallabag_ | ||
21 | database_socket: null | ||
22 | database_charset: utf8 | ||
23 | domain_name: https://tools.immae.eu/wallabag | ||
24 | mailer_transport: sendmail | ||
25 | mailer_host: 127.0.0.1 | ||
26 | mailer_user: null | ||
27 | mailer_password: null | ||
28 | locale: fr | ||
29 | secret: ${env.secret} | ||
30 | twofactor_auth: true | ||
31 | twofactor_sender: wallabag@tools.immae.eu | ||
32 | fosuser_registration: false | ||
33 | fosuser_confirmation: true | ||
34 | from_email: wallabag@tools.immae.eu | ||
35 | rss_limit: 50 | ||
36 | rabbitmq_host: localhost | ||
37 | rabbitmq_port: 5672 | ||
38 | rabbitmq_user: guest | ||
39 | rabbitmq_password: guest | ||
40 | rabbitmq_prefetch_count: 10 | ||
41 | redis_scheme: unix | ||
42 | redis_host: null | ||
43 | redis_port: null | ||
44 | redis_path: ${env.redis.socket} | ||
45 | redis_password: null | ||
46 | sites_credentials: { } | ||
47 | ldap_enabled: true | ||
48 | ldap_host: ldap.immae.eu | ||
49 | ldap_port: 636 | ||
50 | ldap_tls: false | ||
51 | ldap_ssl: true | ||
52 | ldap_bind_requires_dn: true | ||
53 | ldap_base: 'dc=immae,dc=eu' | ||
54 | ldap_manager_dn: 'cn=wallabag,ou=services,dc=immae,dc=eu' | ||
55 | ldap_manager_pw: ${env.ldap.password} | ||
56 | ldap_filter: '(&(memberOf=cn=users,cn=wallabag,ou=services,dc=immae,dc=eu))' | ||
57 | ldap_admin_filter: '(&(memberOf=cn=admins,cn=wallabag,ou=services,dc=immae,dc=eu)(uid=%s))' | ||
58 | ldap_username_attribute: uid | ||
59 | ldap_email_attribute: mail | ||
60 | ldap_name_attribute: cn | ||
61 | ldap_enabled_attribute: null | ||
62 | services: | ||
63 | swiftmailer.mailer.default.transport: | ||
64 | class: Swift_SendmailTransport | ||
65 | arguments: ['/run/wrappers/bin/sendmail -bs'] | ||
66 | ''; | ||
67 | }]; | ||
68 | webappDir = wallabag.override { ldap = true; wallabag_config = "/var/secrets/webapps/tools-wallabag"; }; | ||
69 | activationScript = '' | ||
70 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ | ||
71 | ${varDir}/var ${varDir}/data/db ${varDir}/assets/images | ||
72 | ''; | ||
73 | webRoot = "${webappDir}/web"; | ||
74 | # Domain migration: Table wallabag_entry contains whole | ||
75 | # https://tools.immae.eu/wallabag domain name in preview_picture | ||
76 | apache = rec { | ||
77 | user = "wwwrun"; | ||
78 | group = "wwwrun"; | ||
79 | modules = [ "proxy_fcgi" ]; | ||
80 | webappName = "tools_wallabag"; | ||
81 | root = "/run/current-system/webapps/${webappName}"; | ||
82 | vhostConf = '' | ||
83 | Alias /wallabag "${root}" | ||
84 | <Directory "${root}"> | ||
85 | AllowOverride None | ||
86 | Require all granted | ||
87 | # For OAuth (apps) | ||
88 | CGIPassAuth On | ||
89 | |||
90 | <FilesMatch "\.php$"> | ||
91 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | ||
92 | </FilesMatch> | ||
93 | |||
94 | <IfModule mod_rewrite.c> | ||
95 | Options -MultiViews | ||
96 | RewriteEngine On | ||
97 | RewriteCond %{REQUEST_FILENAME} !-f | ||
98 | RewriteRule ^(.*)$ app.php [QSA,L] | ||
99 | </IfModule> | ||
100 | </Directory> | ||
101 | <Directory "${root}/bundles"> | ||
102 | <IfModule mod_rewrite.c> | ||
103 | RewriteEngine Off | ||
104 | </IfModule> | ||
105 | </Directory> | ||
106 | <Directory "${varDir}/assets"> | ||
107 | AllowOverride None | ||
108 | Require all granted | ||
109 | </Directory> | ||
110 | ''; | ||
111 | }; | ||
112 | phpFpm = rec { | ||
113 | preStart = '' | ||
114 | if [ ! -f "${varDir}/currentWebappDir" -o \ | ||
115 | ! -f "${varDir}/currentKey" -o \ | ||
116 | "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ] \ | ||
117 | || ! sha512sum -c --status ${varDir}/currentKey; then | ||
118 | pushd ${webappDir} > /dev/null | ||
119 | /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod cache:clear | ||
120 | rm -rf /var/lib/wallabag/var/cache/pro_ | ||
121 | /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate --no-interaction | ||
122 | popd > /dev/null | ||
123 | echo -n "${webappDir}" > ${varDir}/currentWebappDir | ||
124 | sha512sum /var/secrets/webapps/tools-wallabag > ${varDir}/currentKey | ||
125 | fi | ||
126 | ''; | ||
127 | serviceDeps = [ "postgresql.service" "openldap.service" ]; | ||
128 | basedir = builtins.concatStringsSep ":" [ webappDir "/var/secrets/webapps/tools-wallabag" varDir ]; | ||
129 | socket = "/var/run/phpfpm/wallabag.sock"; | ||
130 | pool = '' | ||
131 | listen = ${socket} | ||
132 | user = ${apache.user} | ||
133 | group = ${apache.group} | ||
134 | listen.owner = ${apache.user} | ||
135 | listen.group = ${apache.group} | ||
136 | pm = dynamic | ||
137 | pm.max_children = 60 | ||
138 | pm.start_servers = 2 | ||
139 | pm.min_spare_servers = 1 | ||
140 | pm.max_spare_servers = 10 | ||
141 | |||
142 | ; Needed to avoid clashes in browser cookies (same domain) | ||
143 | php_value[session.name] = WallabagPHPSESSID | ||
144 | php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:${basedir}:/tmp" | ||
145 | php_value[max_execution_time] = 300 | ||
146 | ''; | ||
147 | }; | ||
148 | } | ||
diff --git a/modules/private/websites/tools/tools/ympd.nix b/modules/private/websites/tools/tools/ympd.nix new file mode 100644 index 00000000..b54c4866 --- /dev/null +++ b/modules/private/websites/tools/tools/ympd.nix | |||
@@ -0,0 +1,40 @@ | |||
1 | { env }: | ||
2 | let | ||
3 | ympd = rec { | ||
4 | config = { | ||
5 | webPort = "localhost:${env.listenPort}"; | ||
6 | host = env.mpd.host; | ||
7 | port = env.mpd.port; | ||
8 | }; | ||
9 | apache = { | ||
10 | modules = [ | ||
11 | "proxy_wstunnel" | ||
12 | ]; | ||
13 | vhostConf = '' | ||
14 | <LocationMatch "^/mpd(?!/music.(mp3|ogg))"> | ||
15 | Use LDAPConnect | ||
16 | Require ldap-group cn=users,cn=mpd,ou=services,dc=immae,dc=eu | ||
17 | </LocationMatch> | ||
18 | |||
19 | RedirectMatch permanent "^/mpd$" "/mpd/" | ||
20 | <Location "/mpd/"> | ||
21 | ProxyPass http://${config.webPort}/ | ||
22 | ProxyPassReverse http://${config.webPort}/ | ||
23 | ProxyPreserveHost on | ||
24 | </Location> | ||
25 | <Location "/mpd/ws"> | ||
26 | ProxyPass ws://${config.webPort}/ws | ||
27 | </Location> | ||
28 | <Location "/mpd/music.mp3"> | ||
29 | ProxyPass unix:///run/mpd/mp3.sock|http://tools.immae.eu/ | ||
30 | ProxyPassReverse unix:///run/mpd/mp3.sock|http://tools.immae.eu/ | ||
31 | </Location> | ||
32 | <Location "/mpd/music.ogg"> | ||
33 | ProxyPass unix:///run/mpd/ogg.sock|http://tools.immae.eu/ | ||
34 | ProxyPassReverse unix:///run/mpd/ogg.sock|http://tools.immae.eu/ | ||
35 | </Location> | ||
36 | ''; | ||
37 | }; | ||
38 | }; | ||
39 | in | ||
40 | ympd | ||
diff --git a/modules/private/websites/tools/tools/yourls.nix b/modules/private/websites/tools/tools/yourls.nix new file mode 100644 index 00000000..0a8e8377 --- /dev/null +++ b/modules/private/websites/tools/tools/yourls.nix | |||
@@ -0,0 +1,93 @@ | |||
1 | { env, yourls, yourls-plugins }: | ||
2 | rec { | ||
3 | activationScript = { | ||
4 | deps = [ "httpd" ]; | ||
5 | text = '' | ||
6 | install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/yourls | ||
7 | ''; | ||
8 | }; | ||
9 | keys = [{ | ||
10 | dest = "webapps/tools-yourls"; | ||
11 | user = apache.user; | ||
12 | group = apache.group; | ||
13 | permissions = "0400"; | ||
14 | text = '' | ||
15 | <?php | ||
16 | define( 'YOURLS_DB_USER', '${env.mysql.user}' ); | ||
17 | define( 'YOURLS_DB_PASS', '${env.mysql.password}' ); | ||
18 | define( 'YOURLS_DB_NAME', '${env.mysql.database}' ); | ||
19 | define( 'YOURLS_DB_HOST', '${env.mysql.host}' ); | ||
20 | define( 'YOURLS_DB_PREFIX', 'yourls_' ); | ||
21 | define( 'YOURLS_SITE', 'https://tools.immae.eu/url' ); | ||
22 | define( 'YOURLS_HOURS_OFFSET', 0 ); | ||
23 | define( 'YOURLS_LANG', ''' ); | ||
24 | define( 'YOURLS_UNIQUE_URLS', true ); | ||
25 | define( 'YOURLS_PRIVATE', true ); | ||
26 | define( 'YOURLS_COOKIEKEY', '${env.cookieKey}' ); | ||
27 | $yourls_user_passwords = array(); | ||
28 | define( 'YOURLS_DEBUG', false ); | ||
29 | define( 'YOURLS_URL_CONVERT', 36 ); | ||
30 | $yourls_reserved_URL = array(); | ||
31 | define( 'LDAPAUTH_HOST', 'ldaps://ldap.immae.eu' ); | ||
32 | define( 'LDAPAUTH_PORT', '636' ); | ||
33 | define( 'LDAPAUTH_BASE', 'dc=immae,dc=eu' ); | ||
34 | define( 'LDAPAUTH_SEARCH_USER', 'cn=yourls,ou=services,dc=immae,dc=eu' ); | ||
35 | define( 'LDAPAUTH_SEARCH_PASS', '${env.ldap.password}' ); | ||
36 | |||
37 | define( 'LDAPAUTH_GROUP_ATTR', 'memberof' ); | ||
38 | define( 'LDAPAUTH_GROUP_REQ', 'cn=admin,cn=yourls,ou=services,dc=immae,dc=eu'); | ||
39 | |||
40 | define( 'LDAPAUTH_USERCACHE_TYPE', 0); | ||
41 | ''; | ||
42 | }]; | ||
43 | webRoot = (yourls.override { yourls_config = "/var/secrets/webapps/tools-yourls"; }).withPlugins | ||
44 | (builtins.attrValues yourls-plugins); | ||
45 | apache = rec { | ||
46 | user = "wwwrun"; | ||
47 | group = "wwwrun"; | ||
48 | modules = [ "proxy_fcgi" ]; | ||
49 | webappName = "tools_yourls"; | ||
50 | root = "/run/current-system/webapps/${webappName}"; | ||
51 | vhostConf = '' | ||
52 | Alias /url "${root}" | ||
53 | <Directory "${root}"> | ||
54 | <FilesMatch "\.php$"> | ||
55 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | ||
56 | </FilesMatch> | ||
57 | |||
58 | AllowOverride None | ||
59 | Require all granted | ||
60 | <IfModule mod_rewrite.c> | ||
61 | RewriteEngine On | ||
62 | RewriteBase /url/ | ||
63 | RewriteCond %{REQUEST_FILENAME} !-f | ||
64 | RewriteCond %{REQUEST_FILENAME} !-d | ||
65 | RewriteRule ^.*$ /url/yourls-loader.php [L] | ||
66 | </IfModule> | ||
67 | DirectoryIndex index.php | ||
68 | </Directory> | ||
69 | ''; | ||
70 | }; | ||
71 | phpFpm = rec { | ||
72 | serviceDeps = [ "mysql.service" "openldap.service" ]; | ||
73 | basedir = builtins.concatStringsSep ":" ( | ||
74 | [ webRoot "/var/secrets/webapps/tools-yourls" ] | ||
75 | ++ webRoot.plugins); | ||
76 | socket = "/var/run/phpfpm/yourls.sock"; | ||
77 | pool = '' | ||
78 | listen = ${socket} | ||
79 | user = ${apache.user} | ||
80 | group = ${apache.group} | ||
81 | listen.owner = ${apache.user} | ||
82 | listen.group = ${apache.group} | ||
83 | pm = ondemand | ||
84 | pm.max_children = 60 | ||
85 | pm.process_idle_timeout = 60 | ||
86 | |||
87 | ; Needed to avoid clashes in browser cookies (same domain) | ||
88 | php_value[session.name] = YourlsPHPSESSID | ||
89 | php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/yourls" | ||
90 | php_admin_value[session.save_path] = "/var/lib/php/sessions/yourls" | ||
91 | ''; | ||
92 | }; | ||
93 | } | ||