]>
Commit | Line | Data |
---|---|---|
54d97019 IB |
1 | { lib, pkgs, config, ... }: |
2 | let | |
3 | cfg = config.myServices.tools.cloud.farm; | |
4 | apacheUser = config.services.httpd.Prod.user; | |
5 | apacheGroup = config.services.httpd.Prod.group; | |
54d97019 | 6 | toVardir = name: "/var/lib/nextcloud_farm/${name}"; |
792ccef2 IB |
7 | varDirs = lib.mapAttrsToList (name: v: toVardir name) cfg.instances; |
8 | toPhpBaseDir = name: [ cfg.rootDirs."${name}" (toVardir name) ] ++ cfg.rootDirs."${name}".apps; | |
9 | phpBaseDir = builtins.concatStringsSep ":" (lib.unique (lib.flatten (lib.mapAttrsToList (name: v: toPhpBaseDir name) cfg.instances))); | |
54d97019 IB |
10 | toVhost = name: '' |
11 | SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 | |
12 | SetEnv NEXTCLOUD_CONFIG_DIR "${toVardir name}" | |
792ccef2 | 13 | <Directory ${cfg.rootDirs."${name}"}> |
54d97019 IB |
14 | AcceptPathInfo On |
15 | DirectoryIndex index.php | |
16 | Options FollowSymlinks | |
17 | Require all granted | |
18 | AllowOverride all | |
19 | ||
20 | <IfModule mod_headers.c> | |
21 | Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" | |
22 | </IfModule> | |
23 | <FilesMatch "\.php$"> | |
24 | CGIPassAuth on | |
25 | SetHandler "proxy:unix:${config.services.phpfpm.pools.nextcloud_farm.socket}|fcgi://localhost" | |
26 | </FilesMatch> | |
27 | ||
28 | </Directory> | |
29 | ''; | |
792ccef2 IB |
30 | phpPackage = (pkgs.php74.withExtensions({ enabled, all }: enabled ++ [ all.redis all.apcu all.opcache all.imagick ])).override { extraConfig = '' |
31 | apc.enable_cli = 1 | |
32 | ''; | |
33 | }; | |
54d97019 IB |
34 | in |
35 | { | |
36 | options.myServices.tools.cloud.farm = { | |
37 | instances = lib.mkOption { | |
38 | description = "Instances names for the nextcloud Farm"; | |
792ccef2 IB |
39 | default = {}; |
40 | type = lib.types.attrsOf (lib.types.submodule { | |
41 | options = { | |
42 | nextcloud = lib.mkOption { | |
43 | description = "Nextcloud version to use"; | |
44 | default = pkgs.webapps.nextcloud_20; | |
45 | type = lib.types.package; | |
46 | }; | |
47 | apps = lib.mkOption { | |
48 | description = "Applications to use"; | |
49 | default = a: []; | |
50 | #type = functionTo (listOf packages) | |
51 | type = lib.types.unspecified; | |
52 | }; | |
53 | }; | |
54 | }); | |
55 | }; | |
56 | rootDirs = lib.mkOption { | |
57 | description = "Instance root dirs"; | |
58 | readOnly = true; | |
59 | type = lib.types.attrsOf lib.types.package; | |
60 | default = lib.mapAttrs (name: v: (v.nextcloud.override { varDir = null; }).withApps v.apps) cfg.instances; | |
54d97019 IB |
61 | }; |
62 | vhosts = lib.mkOption { | |
63 | description = "Instance vhosts configs"; | |
64 | readOnly = true; | |
65 | type = lib.types.attrsOf lib.types.str; | |
792ccef2 | 66 | default = lib.mapAttrs (name: v: toVhost name) cfg.instances; |
54d97019 IB |
67 | }; |
68 | }; | |
69 | ||
792ccef2 | 70 | config = lib.mkIf (builtins.length (builtins.attrNames cfg.instances) > 0) { |
54d97019 IB |
71 | system.activationScripts.cloud_farm_vardirs = { |
72 | deps = [ "httpd" ]; | |
73 | text = '' | |
74 | install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${builtins.concatStringsSep " " varDirs} | |
75 | install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/nextcloud_farm/phpSessions | |
76 | ''; | |
77 | }; | |
78 | systemd.services.phpfpm-nextcloud_farm.after = lib.mkAfter [ "postgresql.service" ]; | |
79 | systemd.services.phpfpm-nextcloud_farm.wants = [ "postgresql.service" ]; | |
80 | services.phpfpm.pools.nextcloud_farm = { | |
81 | user = apacheUser; | |
82 | group = apacheGroup; | |
792ccef2 IB |
83 | settings = let |
84 | instanceNb = builtins.length (builtins.attrNames cfg.instances); | |
85 | in { | |
54d97019 IB |
86 | "listen.owner" = apacheUser; |
87 | "listen.group" = apacheGroup; | |
792ccef2 IB |
88 | "pm" = "dynamic"; |
89 | "pm.max_children" = builtins.toString (60 * instanceNb); | |
90 | "pm.start_servers" = builtins.toString (3 * instanceNb); | |
91 | "pm.min_spare_servers" = builtins.toString (3 * instanceNb); | |
92 | "pm.max_spare_servers" = builtins.toString (5 * instanceNb); | |
54d97019 IB |
93 | "pm.process_idle_timeout" = "60"; |
94 | ||
95 | "php_admin_value[output_buffering]" = "0"; | |
96 | "php_admin_value[max_execution_time]" = "1800"; | |
97 | "php_admin_value[zend_extension]" = "opcache"; | |
792ccef2 IB |
98 | "php_value[apcu.enable_cli]" = "1"; |
99 | "php_value[apcu.enabled]" = "1"; | |
54d97019 IB |
100 | #already enabled by default? |
101 | #"php_value[opcache.enable]" = "1"; | |
102 | "php_value[opcache.enable_cli]" = "1"; | |
103 | "php_value[opcache.interned_strings_buffer]" = "8"; | |
104 | "php_value[opcache.max_accelerated_files]" = "10000"; | |
105 | "php_value[opcache.memory_consumption]" = "128"; | |
106 | "php_value[opcache.save_comments]" = "1"; | |
107 | "php_value[opcache.revalidate_freq]" = "1"; | |
108 | "php_admin_value[memory_limit]" = "512M"; | |
109 | ||
110 | "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:${phpBaseDir}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp"; | |
111 | "php_admin_value[session.save_path]" = "/var/lib/nextcloud_farm/phpSessions"; | |
112 | }; | |
792ccef2 | 113 | inherit phpPackage; |
54d97019 IB |
114 | }; |
115 | users.users.root.packages = let | |
116 | toOcc = name: pkgs.writeScriptBin "nextcloud-occ-${name}" '' | |
117 | #! ${pkgs.stdenv.shell} | |
792ccef2 | 118 | cd ${cfg.rootDirs."${name}"} |
54d97019 IB |
119 | NEXTCLOUD_CONFIG_DIR="${toVardir name}" \ |
120 | exec \ | |
792ccef2 IB |
121 | sudo -E -u wwwrun ${phpPackage}/bin/php \ |
122 | -c ${phpPackage}/etc/php.ini \ | |
54d97019 IB |
123 | occ $* |
124 | ''; | |
792ccef2 | 125 | in lib.mapAttrsToList (name: v: toOcc name) cfg.instances; |
54d97019 IB |
126 | services.cron = { |
127 | enable = true; | |
128 | systemCronJobs = let | |
129 | toScript = name: pkgs.writeScriptBin "nextcloud-cron" '' | |
130 | #! ${pkgs.stdenv.shell} | |
131 | export LOCALE_ARCHIVE=/run/current-system/sw/lib/locale/locale-archive | |
132 | export PATH=/run/wrappers/bin:$PATH | |
133 | export NEXTCLOUD_CONFIG_DIR="${toVardir name}" | |
792ccef2 | 134 | ${phpPackage}/bin/php -c ${phpPackage}/etc/php.ini -d memory_limit=512M -f ${cfg.rootDirs."${name}"}/cron.php |
54d97019 IB |
135 | ''; |
136 | toLine = name: '' | |
137 | */15 * * * * wwwrun ${toScript name}/bin/nextcloud-cron | |
138 | ''; | |
792ccef2 | 139 | in lib.mapAttrsToList (name: v: toLine name) cfg.instances; |
54d97019 IB |
140 | }; |
141 | }; | |
142 | } |