From 252dd7d899b7a0deea1537cc5d2d48b825afffb0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Thu, 13 Dec 2018 21:25:24 +0100 Subject: Initial commit published for NUR --- modules/webapps/diaspora.nix | 171 ++++++++++++++++++++++++ modules/webapps/etherpad-lite.nix | 158 ++++++++++++++++++++++ modules/webapps/mastodon.nix | 223 +++++++++++++++++++++++++++++++ modules/webapps/mediagoblin.nix | 237 +++++++++++++++++++++++++++++++++ modules/webapps/peertube.nix | 105 +++++++++++++++ modules/webapps/webstats/default.nix | 81 +++++++++++ modules/webapps/webstats/goaccess.conf | 99 ++++++++++++++ 7 files changed, 1074 insertions(+) create mode 100644 modules/webapps/diaspora.nix create mode 100644 modules/webapps/etherpad-lite.nix create mode 100644 modules/webapps/mastodon.nix create mode 100644 modules/webapps/mediagoblin.nix create mode 100644 modules/webapps/peertube.nix create mode 100644 modules/webapps/webstats/default.nix create mode 100644 modules/webapps/webstats/goaccess.conf (limited to 'modules/webapps') diff --git a/modules/webapps/diaspora.nix b/modules/webapps/diaspora.nix new file mode 100644 index 00000000..65599b73 --- /dev/null +++ b/modules/webapps/diaspora.nix @@ -0,0 +1,171 @@ +{ lib, pkgs, config, ... }: +let + name = "diaspora"; + cfg = config.services.diaspora; + + uid = config.ids.uids.diaspora; + gid = config.ids.gids.diaspora; +in +{ + options.services.diaspora = { + enable = lib.mkEnableOption "Enable Diaspora’s service"; + user = lib.mkOption { + type = lib.types.str; + default = name; + description = "User account under which Diaspora runs"; + }; + group = lib.mkOption { + type = lib.types.str; + default = name; + description = "Group under which Diaspora runs"; + }; + adminEmail = lib.mkOption { + type = lib.types.str; + example = "admin@example.com"; + description = "Admin e-mail for Diaspora"; + }; + dataDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/${name}"; + description = '' + The directory where Diaspora stores its data. + ''; + }; + socketsDir = lib.mkOption { + type = lib.types.path; + default = "/run/${name}"; + description = '' + The directory where Diaspora puts runtime files and sockets. + ''; + }; + configDir = lib.mkOption { + type = lib.types.path; + description = '' + The configuration path for Diaspora. + ''; + }; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.webapps.diaspora; + description = '' + Diaspora package to use. + ''; + }; + # Output variables + systemdStateDirectory = lib.mkOption { + type = lib.types.str; + # Use ReadWritePaths= instead if varDir is outside of /var/lib + default = assert lib.strings.hasPrefix "/var/lib/" cfg.dataDir; + lib.strings.removePrefix "/var/lib/" cfg.dataDir; + description = '' + Adjusted Diaspora data directory for systemd + ''; + readOnly = true; + }; + systemdRuntimeDirectory = lib.mkOption { + type = lib.types.str; + # Use ReadWritePaths= instead if socketsDir is outside of /run + default = assert lib.strings.hasPrefix "/run/" cfg.socketsDir; + lib.strings.removePrefix "/run/" cfg.socketsDir; + description = '' + Adjusted Diaspora sockets directory for systemd + ''; + readOnly = true; + }; + workdir = lib.mkOption { + type = lib.types.package; + default = cfg.package.override { + varDir = cfg.dataDir; + podmin_email = cfg.adminEmail; + config_dir = cfg.configDir; + }; + description = '' + Adjusted diaspora package with overriden values + ''; + readOnly = true; + }; + sockets = lib.mkOption { + type = lib.types.attrsOf lib.types.path; + default = { + rails = "${cfg.socketsDir}/diaspora.sock"; + eye = "${cfg.socketsDir}/eye.sock"; + }; + readOnly = true; + description = '' + Diaspora sockets + ''; + }; + pids = lib.mkOption { + type = lib.types.attrsOf lib.types.path; + default = { + eye = "${cfg.socketsDir}/eye.pid"; + }; + readOnly = true; + description = '' + Diaspora pids + ''; + }; + }; + + config = lib.mkIf cfg.enable { + users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton { + inherit name; + inherit uid; + group = cfg.group; + description = "Diaspora user"; + home = cfg.dataDir; + packages = [ cfg.workdir.gems pkgs.nodejs cfg.workdir.gems.ruby ]; + useDefaultShell = true; + }); + users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton { + inherit name; + inherit gid; + }); + + systemd.services.diaspora = { + description = "Diaspora"; + wantedBy = [ "multi-user.target" ]; + after = [ + "network.target" "redis.service" "postgresql.service" + ]; + wants = [ + "redis.service" "postgresql.service" + ]; + + environment.RAILS_ENV = "production"; + environment.BUNDLE_PATH = "${cfg.workdir.gems}/${cfg.workdir.gems.ruby.gemPath}"; + environment.BUNDLE_GEMFILE = "${cfg.workdir.gems.confFiles}/Gemfile"; + environment.EYE_SOCK = cfg.sockets.eye; + environment.EYE_PID = cfg.pids.eye; + + path = [ cfg.workdir.gems pkgs.nodejs cfg.workdir.gems.ruby pkgs.curl pkgs.which pkgs.gawk ]; + + preStart = '' + install -m 0755 -d ${cfg.dataDir}/uploads ${cfg.dataDir}/tmp ${cfg.dataDir}/log + install -m 0700 -d ${cfg.dataDir}/tmp/pids + if [ ! -f ${cfg.dataDir}/schedule.yml ]; then + echo "{}" > ${cfg.dataDir}/schedule.yml + fi + ./bin/bundle exec rails db:migrate + ''; + + script = '' + exec ${cfg.workdir}/script/server + ''; + + serviceConfig = { + User = cfg.user; + PrivateTmp = true; + Restart = "always"; + Type = "simple"; + WorkingDirectory = cfg.workdir; + StateDirectory = cfg.systemdStateDirectory; + RuntimeDirectory = cfg.systemdRuntimeDirectory; + StandardInput = "null"; + KillMode = "control-group"; + }; + + unitConfig.RequiresMountsFor = cfg.dataDir; + }; + }; +} diff --git a/modules/webapps/etherpad-lite.nix b/modules/webapps/etherpad-lite.nix new file mode 100644 index 00000000..7f0e2ed4 --- /dev/null +++ b/modules/webapps/etherpad-lite.nix @@ -0,0 +1,158 @@ +{ lib, pkgs, config, ... }: +let + name = "etherpad-lite"; + cfg = config.services.etherpad-lite; + + uid = config.ids.uids.etherpad-lite; + gid = config.ids.gids.etherpad-lite; +in +{ + options.services.etherpad-lite = { + enable = lib.mkEnableOption "Enable Etherpad lite’s service"; + user = lib.mkOption { + type = lib.types.str; + default = name; + description = "User account under which Etherpad lite runs"; + }; + group = lib.mkOption { + type = lib.types.str; + default = name; + description = "Group under which Etherpad lite runs"; + }; + dataDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/${name}"; + description = '' + The directory where Etherpad lite stores its data. + ''; + }; + socketsDir = lib.mkOption { + type = lib.types.path; + default = "/run/${name}"; + description = '' + The directory where Etherpad lite stores its sockets. + ''; + }; + configFile = lib.mkOption { + type = lib.types.path; + description = '' + The config file path for Etherpad lite. + ''; + }; + sessionKeyFile = lib.mkOption { + type = lib.types.path; + description = '' + The Session key file path for Etherpad lite. + ''; + }; + apiKeyFile = lib.mkOption { + type = lib.types.path; + description = '' + The API key file path for Etherpad lite. + ''; + }; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.webapps.etherpad-lite; + description = '' + Etherpad lite package to use. + ''; + }; + modules = lib.mkOption { + type = lib.types.listOf lib.types.package; + default = []; + description = '' + Etherpad lite modules to use. + ''; + }; + # Output variables + workdir = lib.mkOption { + type = lib.types.package; + default = cfg.package.withModules cfg.modules; + description = '' + Adjusted Etherpad lite package with plugins + ''; + readOnly = true; + }; + systemdStateDirectory = lib.mkOption { + type = lib.types.str; + # Use ReadWritePaths= instead if varDir is outside of /var/lib + default = assert lib.strings.hasPrefix "/var/lib/" cfg.dataDir; + lib.strings.removePrefix "/var/lib/" cfg.dataDir; + description = '' + Adjusted Etherpad lite data directory for systemd + ''; + readOnly = true; + }; + systemdRuntimeDirectory = lib.mkOption { + type = lib.types.str; + # Use ReadWritePaths= instead if socketsDir is outside of /run + default = assert lib.strings.hasPrefix "/run/" cfg.socketsDir; + lib.strings.removePrefix "/run/" cfg.socketsDir; + description = '' + Adjusted Etherpad lite sockets directory for systemd + ''; + readOnly = true; + }; + sockets = lib.mkOption { + type = lib.types.attrsOf lib.types.path; + default = { + node = "${cfg.socketsDir}/etherpad-lite.sock"; + }; + readOnly = true; + description = '' + Etherpad lite sockets + ''; + }; + }; + + config = lib.mkIf cfg.enable { + systemd.services.etherpad-lite = { + description = "Etherpad-lite"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "postgresql.service" ]; + wants = [ "postgresql.service" ]; + + environment.NODE_ENV = "production"; + environment.HOME = cfg.workdir; + + path = [ pkgs.nodejs ]; + + script = '' + exec ${pkgs.nodejs}/bin/node ${cfg.workdir}/src/node/server.js \ + --sessionkey ${cfg.sessionKeyFile} \ + --apikey ${cfg.apiKeyFile} \ + --settings ${cfg.configFile} + ''; + + postStart = '' + while [ ! -S ${cfg.sockets.node} ]; do + sleep 0.5 + done + chmod a+w ${cfg.sockets.node} + ''; + serviceConfig = { + DynamicUser = true; + User = cfg.user; + Group = cfg.group; + WorkingDirectory = cfg.workdir; + PrivateTmp = true; + NoNewPrivileges = true; + PrivateDevices = true; + ProtectHome = true; + ProtectControlGroups = true; + ProtectKernelModules = true; + Restart = "always"; + Type = "simple"; + TimeoutSec = 60; + RuntimeDirectory = cfg.systemdRuntimeDirectory; + StateDirectory= cfg.systemdStateDirectory; + ExecStartPre = [ + "+${pkgs.coreutils}/bin/install -d -m 0755 -o ${cfg.user} -g ${cfg.group} ${cfg.dataDir}/ep_initialized" + "+${pkgs.coreutils}/bin/chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir} ${cfg.configFile} ${cfg.sessionKeyFile} ${cfg.apiKeyFile}" + ]; + }; + }; + + }; +} diff --git a/modules/webapps/mastodon.nix b/modules/webapps/mastodon.nix new file mode 100644 index 00000000..6255de91 --- /dev/null +++ b/modules/webapps/mastodon.nix @@ -0,0 +1,223 @@ +{ lib, pkgs, config, ... }: +let + name = "mastodon"; + cfg = config.services.mastodon; + + uid = config.ids.uids.mastodon; + gid = config.ids.gids.mastodon; +in +{ + options.services.mastodon = { + enable = lib.mkEnableOption "Enable Mastodon’s service"; + user = lib.mkOption { + type = lib.types.str; + default = name; + description = "User account under which Mastodon runs"; + }; + group = lib.mkOption { + type = lib.types.str; + default = name; + description = "Group under which Mastodon runs"; + }; + dataDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/${name}"; + description = '' + The directory where Mastodon stores its data. + ''; + }; + socketsPrefix = lib.mkOption { + type = lib.types.string; + default = "live"; + description = '' + The prefix to use for Mastodon sockets. + ''; + }; + socketsDir = lib.mkOption { + type = lib.types.path; + default = "/run/${name}"; + description = '' + The directory where Mastodon puts runtime files and sockets. + ''; + }; + configFile = lib.mkOption { + type = lib.types.path; + description = '' + The configuration file path for Mastodon. + ''; + }; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.webapps.mastodon; + description = '' + Mastodon package to use. + ''; + }; + # Output variables + workdir = lib.mkOption { + type = lib.types.package; + default = cfg.package.override { varDir = cfg.dataDir; }; + description = '' + Adjusted mastodon package with overriden varDir + ''; + readOnly = true; + }; + systemdStateDirectory = lib.mkOption { + type = lib.types.str; + # Use ReadWritePaths= instead if varDir is outside of /var/lib + default = assert lib.strings.hasPrefix "/var/lib/" cfg.dataDir; + lib.strings.removePrefix "/var/lib/" cfg.dataDir; + description = '' + Adjusted Mastodon data directory for systemd + ''; + readOnly = true; + }; + systemdRuntimeDirectory = lib.mkOption { + type = lib.types.str; + # Use ReadWritePaths= instead if socketsDir is outside of /run + default = assert lib.strings.hasPrefix "/run/" cfg.socketsDir; + lib.strings.removePrefix "/run/" cfg.socketsDir; + description = '' + Adjusted Mastodon sockets directory for systemd + ''; + readOnly = true; + }; + sockets = lib.mkOption { + type = lib.types.attrsOf lib.types.path; + default = { + node = "${cfg.socketsDir}/${cfg.socketsPrefix}_node.sock"; + rails = "${cfg.socketsDir}/${cfg.socketsPrefix}_puma.sock"; + }; + readOnly = true; + description = '' + Mastodon sockets + ''; + }; + }; + + config = lib.mkIf cfg.enable { + users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton { + inherit name; + inherit uid; + group = cfg.group; + description = "Mastodon user"; + home = cfg.dataDir; + useDefaultShell = true; + }); + users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton { + inherit name; + inherit gid; + }); + + systemd.services.mastodon-streaming = { + description = "Mastodon Streaming"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "mastodon-web.service" ]; + + environment.NODE_ENV = "production"; + environment.SOCKET = cfg.sockets.node; + + path = [ pkgs.nodejs pkgs.bashInteractive ]; + + script = '' + exec npm run start + ''; + + postStart = '' + while [ ! -S $SOCKET ]; do + sleep 0.5 + done + chmod a+w $SOCKET + ''; + + postStop = '' + rm $SOCKET + ''; + + serviceConfig = { + User = cfg.user; + EnvironmentFile = cfg.configFile; + PrivateTmp = true; + Restart = "always"; + TimeoutSec = 15; + Type = "simple"; + WorkingDirectory = cfg.workdir; + StateDirectory = cfg.systemdStateDirectory; + RuntimeDirectory = cfg.systemdRuntimeDirectory; + RuntimeDirectoryPreserve = "yes"; + }; + + unitConfig.RequiresMountsFor = cfg.dataDir; + }; + + systemd.services.mastodon-web = { + description = "Mastodon Web app"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + environment.RAILS_ENV = "production"; + environment.BUNDLE_PATH = "${cfg.workdir.gems}/${cfg.workdir.gems.ruby.gemPath}"; + environment.BUNDLE_GEMFILE = "${cfg.workdir.gems.confFiles}/Gemfile"; + environment.SOCKET = cfg.sockets.rails; + + path = [ cfg.workdir.gems cfg.workdir.gems.ruby pkgs.file ]; + + preStart = '' + install -m 0755 -d ${cfg.dataDir}/tmp/cache + ./bin/bundle exec rails db:migrate + ''; + + script = '' + exec ./bin/bundle exec puma -C config/puma.rb + ''; + + serviceConfig = { + User = cfg.user; + EnvironmentFile = cfg.configFile; + PrivateTmp = true; + Restart = "always"; + TimeoutSec = 60; + Type = "simple"; + WorkingDirectory = cfg.workdir; + StateDirectory = cfg.systemdStateDirectory; + RuntimeDirectory = cfg.systemdRuntimeDirectory; + RuntimeDirectoryPreserve = "yes"; + }; + + unitConfig.RequiresMountsFor = cfg.dataDir; + }; + + systemd.services.mastodon-sidekiq = { + description = "Mastodon Sidekiq"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "mastodon-web.service" ]; + + environment.RAILS_ENV="production"; + environment.BUNDLE_PATH = "${cfg.workdir.gems}/${cfg.workdir.gems.ruby.gemPath}"; + environment.BUNDLE_GEMFILE = "${cfg.workdir.gems.confFiles}/Gemfile"; + environment.DB_POOL="5"; + + path = [ cfg.workdir.gems cfg.workdir.gems.ruby pkgs.imagemagick pkgs.ffmpeg pkgs.file ]; + + script = '' + exec ./bin/bundle exec sidekiq -c 5 -q default -q mailers -q pull -q push + ''; + + serviceConfig = { + User = cfg.user; + EnvironmentFile = cfg.configFile; + PrivateTmp = true; + Restart = "always"; + TimeoutSec = 15; + Type = "simple"; + WorkingDirectory = cfg.workdir; + StateDirectory = cfg.systemdStateDirectory; + RuntimeDirectory = cfg.systemdRuntimeDirectory; + RuntimeDirectoryPreserve = "yes"; + }; + + unitConfig.RequiresMountsFor = cfg.dataDir; + }; + + }; +} diff --git a/modules/webapps/mediagoblin.nix b/modules/webapps/mediagoblin.nix new file mode 100644 index 00000000..78bbef6f --- /dev/null +++ b/modules/webapps/mediagoblin.nix @@ -0,0 +1,237 @@ +{ lib, pkgs, config, ... }: +let + name = "mediagoblin"; + cfg = config.services.mediagoblin; + + uid = config.ids.uids.mediagoblin; + gid = config.ids.gids.mediagoblin; + + paste_local = pkgs.writeText "paste_local.ini" '' + [DEFAULT] + debug = false + + [pipeline:main] + pipeline = mediagoblin + + [app:mediagoblin] + use = egg:mediagoblin#app + config = ${cfg.configFile} ${cfg.workdir}/mediagoblin.ini + /mgoblin_static = ${cfg.workdir}/mediagoblin/static + + [loggers] + keys = root + + [handlers] + keys = console + + [formatters] + keys = generic + + [logger_root] + level = INFO + handlers = console + + [handler_console] + class = StreamHandler + args = (sys.stderr,) + level = NOTSET + formatter = generic + + [formatter_generic] + format = %(levelname)-7.7s [%(name)s] %(message)s + + [filter:errors] + use = egg:mediagoblin#errors + debug = false + + [server:main] + use = egg:waitress#main + unix_socket = ${cfg.sockets.paster} + unix_socket_perms = 777 + url_scheme = https + ''; +in +{ + options.services.mediagoblin = { + enable = lib.mkEnableOption "Enable Mediagoblin’s service"; + user = lib.mkOption { + type = lib.types.str; + default = name; + description = "User account under which Mediagoblin runs"; + }; + group = lib.mkOption { + type = lib.types.str; + default = name; + description = "Group under which Mediagoblin runs"; + }; + dataDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/${name}"; + description = '' + The directory where Mediagoblin stores its data. + ''; + }; + socketsDir = lib.mkOption { + type = lib.types.path; + default = "/run/${name}"; + description = '' + The directory where Mediagoblin puts runtime files and sockets. + ''; + }; + configFile = lib.mkOption { + type = lib.types.path; + description = '' + The configuration file path for Mediagoblin. + ''; + }; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.webapps.mediagoblin; + description = '' + Mediagoblin package to use. + ''; + }; + plugins = lib.mkOption { + type = lib.types.listOf lib.types.package; + default = []; + description = '' + Mediagoblin plugins to use. + ''; + }; + # Output variables + workdir = lib.mkOption { + type = lib.types.package; + default = cfg.package.withPlugins cfg.plugins; + description = '' + Adjusted Mediagoblin package with plugins + ''; + readOnly = true; + }; + systemdStateDirectory = lib.mkOption { + type = lib.types.str; + # Use ReadWritePaths= instead if varDir is outside of /var/lib + default = assert lib.strings.hasPrefix "/var/lib/" cfg.dataDir; + lib.strings.removePrefix "/var/lib/" cfg.dataDir; + description = '' + Adjusted Mediagoblin data directory for systemd + ''; + readOnly = true; + }; + systemdRuntimeDirectory = lib.mkOption { + type = lib.types.str; + # Use ReadWritePaths= instead if socketsDir is outside of /run + default = assert lib.strings.hasPrefix "/run/" cfg.socketsDir; + lib.strings.removePrefix "/run/" cfg.socketsDir; + description = '' + Adjusted Mediagoblin sockets directory for systemd + ''; + readOnly = true; + }; + sockets = lib.mkOption { + type = lib.types.attrsOf lib.types.path; + default = { + paster = "${cfg.socketsDir}/mediagoblin.sock"; + }; + readOnly = true; + description = '' + Mediagoblin sockets + ''; + }; + pids = lib.mkOption { + type = lib.types.attrsOf lib.types.path; + default = { + paster = "${cfg.socketsDir}/mediagoblin.pid"; + celery = "${cfg.socketsDir}/mediagoblin-celeryd.pid"; + }; + readOnly = true; + description = '' + Mediagoblin pid files + ''; + }; + }; + + config = lib.mkIf cfg.enable { + users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton { + inherit name; + inherit uid; + group = cfg.group; + description = "Mediagoblin user"; + home = cfg.dataDir; + useDefaultShell = true; + }); + users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton { + inherit name; + inherit gid; + }); + + systemd.services.mediagoblin-web = { + description = "Mediagoblin service"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + wants = [ "postgresql.service" "redis.service" ]; + + environment.SCRIPT_NAME = "/mediagoblin/"; + + script = '' + exec ./bin/paster serve \ + ${paste_local} \ + --pid-file=${cfg.pids.paster} + ''; + preStop = '' + exec ./bin/paster serve \ + --pid-file=${cfg.pids.paster} \ + ${paste_local} stop + ''; + preStart = '' + if [ -d ${cfg.dataDir}/plugin_static/ ]; then + rm ${cfg.dataDir}/plugin_static/coreplugin_basic_auth + ln -sf ${cfg.workdir}/mediagoblin/plugins/basic_auth/static ${cfg.dataDir}/plugin_static/coreplugin_basic_auth + fi + ./bin/gmg -cf ${cfg.configFile} dbupdate + ''; + + serviceConfig = { + User = cfg.user; + PrivateTmp = true; + Restart = "always"; + TimeoutSec = 15; + Type = "simple"; + WorkingDirectory = cfg.workdir; + RuntimeDirectory = cfg.systemdRuntimeDirectory; + StateDirectory= cfg.systemdStateDirectory; + PIDFile = cfg.pids.paster; + }; + + unitConfig.RequiresMountsFor = cfg.dataDir; + }; + + systemd.services.mediagoblin-celeryd = { + description = "Mediagoblin service"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "mediagoblin-web.service" ]; + + environment.MEDIAGOBLIN_CONFIG = cfg.configFile; + environment.CELERY_CONFIG_MODULE = "mediagoblin.init.celery.from_celery"; + + script = '' + exec ./bin/celery worker \ + --logfile=${cfg.dataDir}/celery.log \ + --loglevel=INFO + ''; + + serviceConfig = { + User = cfg.user; + PrivateTmp = true; + Restart = "always"; + TimeoutSec = 60; + Type = "simple"; + WorkingDirectory = cfg.workdir; + RuntimeDirectory = cfg.systemdRuntimeDirectory; + StateDirectory= cfg.systemdStateDirectory; + PIDFile = cfg.pids.celery; + }; + + unitConfig.RequiresMountsFor = cfg.dataDir; + }; + }; +} diff --git a/modules/webapps/peertube.nix b/modules/webapps/peertube.nix new file mode 100644 index 00000000..89dcc67a --- /dev/null +++ b/modules/webapps/peertube.nix @@ -0,0 +1,105 @@ +{ lib, pkgs, config, ... }: +let + name = "peertube"; + cfg = config.services.peertube; + + uid = config.ids.uids.peertube; + gid = config.ids.gids.peertube; +in +{ + options.services.peertube = { + enable = lib.mkEnableOption "Enable Peertube’s service"; + user = lib.mkOption { + type = lib.types.str; + default = name; + description = "User account under which Peertube runs"; + }; + group = lib.mkOption { + type = lib.types.str; + default = name; + description = "Group under which Peertube runs"; + }; + dataDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/${name}"; + description = '' + The directory where Peertube stores its data. + ''; + }; + configFile = lib.mkOption { + type = lib.types.path; + description = '' + The configuration file path for Peertube. + ''; + }; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.webapps.peertube; + description = '' + Peertube package to use. + ''; + }; + # Output variables + systemdStateDirectory = lib.mkOption { + type = lib.types.str; + # Use ReadWritePaths= instead if varDir is outside of /var/lib + default = assert lib.strings.hasPrefix "/var/lib/" cfg.dataDir; + lib.strings.removePrefix "/var/lib/" cfg.dataDir; + description = '' + Adjusted Peertube data directory for systemd + ''; + readOnly = true; + }; + }; + + config = lib.mkIf cfg.enable { + users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton { + inherit name; + inherit uid; + group = cfg.group; + description = "Peertube user"; + home = cfg.dataDir; + useDefaultShell = true; + }); + users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton { + inherit name; + inherit gid; + }); + + systemd.services.peertube = { + description = "Peertube"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "postgresql.service" ]; + wants = [ "postgresql.service" ]; + + environment.NODE_CONFIG_DIR = "${cfg.dataDir}/config"; + environment.NODE_ENV = "production"; + environment.HOME = cfg.package; + + path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ]; + + script = '' + install -m 0750 -d ${cfg.dataDir}/config + ln -sf ${cfg.configFile} ${cfg.dataDir}/config/production.yaml + exec npm run start + ''; + + serviceConfig = { + User = cfg.user; + Group = cfg.group; + WorkingDirectory = cfg.package; + StateDirectory = cfg.systemdStateDirectory; + StateDirectoryMode = 0750; + PrivateTmp = true; + ProtectHome = true; + ProtectControlGroups = true; + Restart = "always"; + Type = "simple"; + TimeoutSec = 60; + }; + + unitConfig.RequiresMountsFor = cfg.dataDir; + }; + }; +} + diff --git a/modules/webapps/webstats/default.nix b/modules/webapps/webstats/default.nix new file mode 100644 index 00000000..924d72de --- /dev/null +++ b/modules/webapps/webstats/default.nix @@ -0,0 +1,81 @@ +{ lib, pkgs, config, ... }: +let + name = "goaccess"; + cfg = config.services.webstats; +in { + options.services.webstats = { + dataDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/${name}"; + description = '' + The directory where Goaccess stores its data. + ''; + }; + sites = lib.mkOption { + type = lib.types.listOf (lib.types.submodule { + options = { + conf = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + description = '' + use custom goaccess configuration file instead of the + default one. + ''; + }; + name = lib.mkOption { + type = lib.types.string; + description = '' + Domain name. Corresponds to the Apache file name and the + folder name in which the state will be saved. + ''; + }; + }; + }); + default = []; + description = "Sites to generate stats"; + }; + }; + + config = lib.mkIf (builtins.length cfg.sites > 0) { + users.users.root.packages = [ + pkgs.goaccess + ]; + + services.cron = { + enable = true; + systemCronJobs = let + stats = domain: conf: let + config = if builtins.isNull conf + then pkgs.runCommand "goaccess.conf" { + dbPath = "${cfg.dataDir}/${domain}"; + } "substituteAll ${./goaccess.conf} $out" + else conf; + d = pkgs.writeScriptBin "stats-${domain}" '' + #!${pkgs.stdenv.shell} + set -e + shopt -s nullglob + date_regex=$(LC_ALL=C date -d yesterday +'%d\/%b\/%Y') + TMPFILE=$(mktemp) + trap "rm -f $TMPFILE" EXIT + + mkdir -p ${cfg.dataDir}/${domain} + cat /var/log/httpd/access-${domain}.log | sed -n "/\\[$date_regex/ p" > $TMPFILE + for i in /var/log/httpd/access-${domain}*.gz; do + zcat "$i" | sed -n "/\\[$date_regex/ p" >> $TMPFILE + done + ${pkgs.goaccess}/bin/goaccess $TMPFILE --no-progress -o ${cfg.dataDir}/${domain}/index.html -p ${config} + ''; + in "${d}/bin/stats-${domain}"; + allStats = sites: pkgs.writeScript "stats" '' + #!${pkgs.stdenv.shell} + + mkdir -p ${cfg.dataDir} + ${builtins.concatStringsSep "\n" (map (v: stats v.name v.conf) sites)} + ''; + in + [ + "5 0 * * * root ${allStats cfg.sites}" + ]; + }; + }; +} diff --git a/modules/webapps/webstats/goaccess.conf b/modules/webapps/webstats/goaccess.conf new file mode 100644 index 00000000..49189883 --- /dev/null +++ b/modules/webapps/webstats/goaccess.conf @@ -0,0 +1,99 @@ +time-format %H:%M:%S +date-format %d/%b/%Y + +#sur immae.eu +#log-format %v %h %^[%d:%t %^] "%r" %s %b "%R" "%u" $^ + +log-format VCOMBINED +#= %v:%^ %h %^[%d:%t %^] "%r" %s %b "%R" "%u" + +html-prefs {"theme":"bright","layout":"vertical"} + +exclude-ip 188.165.209.148 +exclude-ip 178.33.252.96 +exclude-ip 2001:41d0:2:9c94::1 +exclude-ip 2001:41d0:2:9c94:: +exclude-ip 176.9.151.89 +exclude-ip 2a01:4f8:160:3445:: +exclude-ip 82.255.56.72 + +no-query-string true + +keep-db-files true +load-from-disk true +db-path @dbPath@ + +ignore-panel REFERRERS +ignore-panel KEYPHRASES + +static-file .css +static-file .js +static-file .jpg +static-file .png +static-file .gif +static-file .ico +static-file .jpeg +static-file .pdf +static-file .csv +static-file .mpeg +static-file .mpg +static-file .swf +static-file .woff +static-file .woff2 +static-file .xls +static-file .xlsx +static-file .doc +static-file .docx +static-file .ppt +static-file .pptx +static-file .txt +static-file .zip +static-file .ogg +static-file .mp3 +static-file .mp4 +static-file .exe +static-file .iso +static-file .gz +static-file .rar +static-file .svg +static-file .bmp +static-file .tar +static-file .tgz +static-file .tiff +static-file .tif +static-file .ttf +static-file .flv +#static-file .less +#static-file .ac3 +#static-file .avi +#static-file .bz2 +#static-file .class +#static-file .cue +#static-file .dae +#static-file .dat +#static-file .dts +#static-file .ejs +#static-file .eot +#static-file .eps +#static-file .img +#static-file .jar +#static-file .map +#static-file .mid +#static-file .midi +#static-file .ogv +#static-file .webm +#static-file .mkv +#static-file .odp +#static-file .ods +#static-file .odt +#static-file .otf +#static-file .pict +#static-file .pls +#static-file .ps +#static-file .qt +#static-file .rm +#static-file .svgz +#static-file .wav +#static-file .webp + + -- cgit v1.2.3