]>
Commit | Line | Data |
---|---|---|
54d97019 IB |
1 | { lib, pkgs, config, ... }: |
2 | let | |
3 | cfg = config.myServices.tools.cloud.farm; | |
4 | apacheUser = config.services.httpd.Prod.user; | |
5 | apacheGroup = config.services.httpd.Prod.group; | |
54d97019 | 6 | toVardir = name: "/var/lib/nextcloud_farm/${name}"; |
792ccef2 | 7 | varDirs = lib.mapAttrsToList (name: v: toVardir name) cfg.instances; |
bbea22c0 | 8 | toPhpBaseDir = name: builtins.concatStringsSep ":" ([ cfg.rootDirs."${name}" (toVardir name) ] ++ cfg.rootDirs."${name}".apps); |
54d97019 IB |
9 | toVhost = name: '' |
10 | SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 | |
11 | SetEnv NEXTCLOUD_CONFIG_DIR "${toVardir name}" | |
792ccef2 | 12 | <Directory ${cfg.rootDirs."${name}"}> |
54d97019 IB |
13 | AcceptPathInfo On |
14 | DirectoryIndex index.php | |
15 | Options FollowSymlinks | |
16 | Require all granted | |
17 | AllowOverride all | |
18 | ||
19 | <IfModule mod_headers.c> | |
20 | Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" | |
21 | </IfModule> | |
22 | <FilesMatch "\.php$"> | |
23 | CGIPassAuth on | |
bbea22c0 | 24 | SetHandler "proxy:unix:${config.services.phpfpm.pools.${"nextcloud_farm_" + name}.socket}|fcgi://localhost" |
54d97019 IB |
25 | </FilesMatch> |
26 | ||
27 | </Directory> | |
28 | ''; | |
792ccef2 IB |
29 | phpPackage = (pkgs.php74.withExtensions({ enabled, all }: enabled ++ [ all.redis all.apcu all.opcache all.imagick ])).override { extraConfig = '' |
30 | apc.enable_cli = 1 | |
31 | ''; | |
32 | }; | |
54d97019 IB |
33 | in |
34 | { | |
35 | options.myServices.tools.cloud.farm = { | |
36 | instances = lib.mkOption { | |
37 | description = "Instances names for the nextcloud Farm"; | |
792ccef2 IB |
38 | default = {}; |
39 | type = lib.types.attrsOf (lib.types.submodule { | |
40 | options = { | |
41 | nextcloud = lib.mkOption { | |
42 | description = "Nextcloud version to use"; | |
43 | default = pkgs.webapps.nextcloud_20; | |
44 | type = lib.types.package; | |
45 | }; | |
46 | apps = lib.mkOption { | |
47 | description = "Applications to use"; | |
48 | default = a: []; | |
49 | #type = functionTo (listOf packages) | |
50 | type = lib.types.unspecified; | |
51 | }; | |
52 | }; | |
53 | }); | |
54 | }; | |
55 | rootDirs = lib.mkOption { | |
56 | description = "Instance root dirs"; | |
57 | readOnly = true; | |
58 | type = lib.types.attrsOf lib.types.package; | |
59 | default = lib.mapAttrs (name: v: (v.nextcloud.override { varDir = null; }).withApps v.apps) cfg.instances; | |
54d97019 IB |
60 | }; |
61 | vhosts = lib.mkOption { | |
62 | description = "Instance vhosts configs"; | |
63 | readOnly = true; | |
64 | type = lib.types.attrsOf lib.types.str; | |
792ccef2 | 65 | default = lib.mapAttrs (name: v: toVhost name) cfg.instances; |
54d97019 IB |
66 | }; |
67 | }; | |
68 | ||
792ccef2 | 69 | config = lib.mkIf (builtins.length (builtins.attrNames cfg.instances) > 0) { |
54d97019 IB |
70 | system.activationScripts.cloud_farm_vardirs = { |
71 | deps = [ "httpd" ]; | |
72 | text = '' | |
73 | install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${builtins.concatStringsSep " " varDirs} | |
54d97019 IB |
74 | ''; |
75 | }; | |
bbea22c0 IB |
76 | systemd.services = lib.mapAttrs' (k: v: lib.nameValuePair ("phpfpm-nextcloud_farm_" + k) { |
77 | after = lib.mkAfter [ "postgresql.service" ]; | |
78 | wants = [ "postgresql.service" ]; | |
79 | }) cfg.instances; | |
80 | services.phpfpm.pools = lib.mapAttrs' (k: v: lib.nameValuePair ("nextcloud_farm_" + k) { | |
54d97019 IB |
81 | user = apacheUser; |
82 | group = apacheGroup; | |
bbea22c0 | 83 | settings = { |
54d97019 IB |
84 | "listen.owner" = apacheUser; |
85 | "listen.group" = apacheGroup; | |
792ccef2 | 86 | "pm" = "dynamic"; |
bbea22c0 IB |
87 | "pm.max_children" = "60"; |
88 | "pm.start_servers" = "3"; | |
89 | "pm.min_spare_servers" = "3"; | |
90 | "pm.max_spare_servers" = "3"; | |
54d97019 IB |
91 | "pm.process_idle_timeout" = "60"; |
92 | ||
93 | "php_admin_value[output_buffering]" = "0"; | |
94 | "php_admin_value[max_execution_time]" = "1800"; | |
95 | "php_admin_value[zend_extension]" = "opcache"; | |
792ccef2 IB |
96 | "php_value[apcu.enable_cli]" = "1"; |
97 | "php_value[apcu.enabled]" = "1"; | |
54d97019 IB |
98 | #already enabled by default? |
99 | #"php_value[opcache.enable]" = "1"; | |
100 | "php_value[opcache.enable_cli]" = "1"; | |
101 | "php_value[opcache.interned_strings_buffer]" = "8"; | |
102 | "php_value[opcache.max_accelerated_files]" = "10000"; | |
103 | "php_value[opcache.memory_consumption]" = "128"; | |
104 | "php_value[opcache.save_comments]" = "1"; | |
105 | "php_value[opcache.revalidate_freq]" = "1"; | |
106 | "php_admin_value[memory_limit]" = "512M"; | |
107 | ||
bbea22c0 IB |
108 | "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:${toPhpBaseDir k}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp"; |
109 | "php_admin_value[session.save_handler]" = "redis"; | |
110 | "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:NextcloudFarm:${k}:'"; | |
54d97019 | 111 | }; |
792ccef2 | 112 | inherit phpPackage; |
bbea22c0 | 113 | }) cfg.instances; |
54d97019 IB |
114 | users.users.root.packages = let |
115 | toOcc = name: pkgs.writeScriptBin "nextcloud-occ-${name}" '' | |
116 | #! ${pkgs.stdenv.shell} | |
792ccef2 | 117 | cd ${cfg.rootDirs."${name}"} |
54d97019 IB |
118 | NEXTCLOUD_CONFIG_DIR="${toVardir name}" \ |
119 | exec \ | |
792ccef2 IB |
120 | sudo -E -u wwwrun ${phpPackage}/bin/php \ |
121 | -c ${phpPackage}/etc/php.ini \ | |
54d97019 IB |
122 | occ $* |
123 | ''; | |
792ccef2 | 124 | in lib.mapAttrsToList (name: v: toOcc name) cfg.instances; |
54d97019 IB |
125 | services.cron = { |
126 | enable = true; | |
127 | systemCronJobs = let | |
128 | toScript = name: pkgs.writeScriptBin "nextcloud-cron" '' | |
129 | #! ${pkgs.stdenv.shell} | |
130 | export LOCALE_ARCHIVE=/run/current-system/sw/lib/locale/locale-archive | |
131 | export PATH=/run/wrappers/bin:$PATH | |
132 | export NEXTCLOUD_CONFIG_DIR="${toVardir name}" | |
792ccef2 | 133 | ${phpPackage}/bin/php -c ${phpPackage}/etc/php.ini -d memory_limit=512M -f ${cfg.rootDirs."${name}"}/cron.php |
54d97019 IB |
134 | ''; |
135 | toLine = name: '' | |
136 | */15 * * * * wwwrun ${toScript name}/bin/nextcloud-cron | |
137 | ''; | |
792ccef2 | 138 | in lib.mapAttrsToList (name: v: toLine name) cfg.instances; |
54d97019 IB |
139 | }; |
140 | }; | |
141 | } |