]>
Commit | Line | Data |
---|---|---|
c1767d2e IB |
1 | { lib, pkgs, config, ... }: |
2 | let | |
3 | cfg = config.myServices.tools.kanboard.farm; | |
4 | apacheUser = config.services.httpd.Tools.user; | |
5 | apacheGroup = config.services.httpd.Tools.group; | |
6 | toVardir = name: "/var/lib/kanboard_farm/${name}"; | |
7 | varDirs = lib.mapAttrsToList (name: v: toVardir name) cfg.instances; | |
8 | toPhpBaseDir = name: [ rootDir (toVardir name) ]; | |
9 | phpBaseDir = builtins.concatStringsSep ":" (lib.unique (lib.flatten (lib.mapAttrsToList (name: v: toPhpBaseDir name) cfg.instances))); | |
10 | rootDir = pkgs.kanboard; | |
11 | ||
12 | toVhost = name: '' | |
13 | Alias /${name} "${rootDir}" | |
14 | <Location /${name}> | |
15 | SetEnv DATA_DIR "${toVardir name}" | |
16 | SetEnv MAIL_FROM "kanboard@tools.immae.eu" | |
17 | </Location> | |
18 | ''; | |
f69e0c01 IB |
19 | toCustomVhost = name: lib.optionalAttrs (cfg.instances."${name}".customHost != null) { |
20 | "kanboard_farm_${name}" = { | |
21 | certName = "eldiron"; | |
22 | addToCerts = true; | |
23 | hosts = [cfg.instances."${name}".customHost]; | |
24 | root = null; | |
25 | extraConfig = [ | |
26 | '' | |
27 | Alias / "${rootDir}" | |
28 | <Location /> | |
29 | SetEnv DATA_DIR "${toVardir name}" | |
30 | SetEnv MAIL_FROM "kanboard@tools.immae.eu" | |
31 | </Location> | |
32 | <Directory "${rootDir}"> | |
33 | DirectoryIndex index.php | |
34 | AllowOverride All | |
35 | Options FollowSymlinks | |
36 | Require all granted | |
37 | ||
38 | <FilesMatch "\.php$"> | |
39 | SetHandler "proxy:unix:${config.services.phpfpm.pools.kanboard_farm.socket}|fcgi://localhost" | |
40 | </FilesMatch> | |
41 | </Directory> | |
42 | <DirectoryMatch "${rootDir}/data"> | |
43 | Require all denied | |
44 | </DirectoryMatch> | |
45 | '' | |
46 | ]; | |
47 | }; | |
48 | }; | |
49 | customVhosts = lib.foldl (o: n: o // n) {} (map toCustomVhost (builtins.attrNames cfg.instances)); | |
bbea22c0 | 50 | phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]); |
c1767d2e IB |
51 | in |
52 | { | |
53 | options.myServices.tools.kanboard.farm = { | |
54 | instances = lib.mkOption { | |
55 | description = "Instances names for the kanboard Farm"; | |
56 | default = {}; | |
57 | type = lib.types.attrsOf (lib.types.submodule { | |
f69e0c01 IB |
58 | options = { |
59 | customHost = lib.mkOption { | |
60 | description = "Custom host to use for the kanboard instance"; | |
61 | default = null; | |
62 | type = lib.types.nullOr lib.types.str; | |
63 | }; | |
64 | }; | |
c1767d2e IB |
65 | }); |
66 | }; | |
67 | vhosts = lib.mkOption { | |
68 | description = "Instance vhosts configs"; | |
69 | readOnly = true; | |
70 | type = lib.types.attrsOf lib.types.str; | |
71 | default = lib.mapAttrs (name: v: toVhost name) cfg.instances; | |
72 | }; | |
73 | }; | |
74 | ||
75 | config = lib.mkIf (builtins.length (builtins.attrNames cfg.instances) > 0) { | |
120bcf4d IB |
76 | myServices.chatonsProperties.hostings.kanboard = { |
77 | file.datetime = "2022-08-21T19:40:00"; | |
78 | hosting = { | |
79 | name = "Kanboard"; | |
80 | description = "Kanban project management software"; | |
81 | website = "https://tools.immae.eu/kanboard"; | |
82 | logo = "https://tools.immae.eu/kanboard/assets/img/favicon.png"; | |
83 | type = "INSTANCE"; | |
84 | status.level = "OK"; | |
85 | status.description = "OK"; | |
86 | registration.load = "OPEN"; | |
87 | install.type = "PACKAGE"; | |
88 | }; | |
89 | }; | |
90 | myServices.chatonsProperties.services.kanboard = { | |
91 | file.datetime = "2022-08-21T19:40:00"; | |
92 | service = { | |
93 | name = "Kanboard"; | |
94 | description = "Kanban project management software"; | |
95 | website = "https://tools.immae.eu/kanboard"; | |
96 | logo = "https://tools.immae.eu/kanboard/assets/img/favicon.png"; | |
97 | status.level = "OK"; | |
98 | status.description = "OK"; | |
99 | registration."" = ["MEMBER" "CLIENT"]; | |
100 | registration.load = "OPEN"; | |
101 | install.type = "PACKAGE"; | |
102 | }; | |
103 | software = { | |
104 | name = "Kanboard"; | |
105 | website = "https://kanboard.org/"; | |
106 | license.url = "https://github.com/kanboard/kanboard/blob/main/LICENSE"; | |
107 | license.name = "MIT License"; | |
108 | version = pkgs.kanboard.version; | |
109 | source.url = "https://github.com/kanboard/kanboard"; | |
110 | }; | |
111 | }; | |
c1767d2e IB |
112 | system.activationScripts.kanboard_farm_vardirs = { |
113 | deps = [ "httpd" ]; | |
114 | text = '' | |
115 | install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${builtins.concatStringsSep " " varDirs} | |
c1767d2e IB |
116 | ''; |
117 | }; | |
118 | services.phpfpm.pools.kanboard_farm = { | |
119 | user = apacheUser; | |
120 | group = apacheGroup; | |
121 | settings = let | |
122 | instanceNb = builtins.length (builtins.attrNames cfg.instances); | |
123 | in { | |
124 | "listen.owner" = apacheUser; | |
125 | "listen.group" = apacheGroup; | |
126 | "pm" = "dynamic"; | |
127 | "pm.max_children" = builtins.toString (60 * instanceNb); | |
128 | "pm.start_servers" = builtins.toString (2 * instanceNb); | |
129 | "pm.min_spare_servers" = builtins.toString (2 * instanceNb); | |
130 | "pm.max_spare_servers" = builtins.toString (3 * instanceNb); | |
131 | "pm.process_idle_timeout" = "60"; | |
132 | ||
133 | "php_admin_value[output_buffering]" = "0"; | |
134 | "php_admin_value[max_execution_time]" = "1800"; | |
135 | "php_admin_value[zend_extension]" = "opcache"; | |
136 | "php_value[apcu.enable_cli]" = "1"; | |
137 | "php_value[apcu.enabled]" = "1"; | |
138 | #already enabled by default? | |
139 | #"php_value[opcache.enable]" = "1"; | |
140 | "php_value[opcache.enable_cli]" = "1"; | |
141 | "php_value[opcache.interned_strings_buffer]" = "8"; | |
142 | "php_value[opcache.max_accelerated_files]" = "10000"; | |
143 | "php_value[opcache.memory_consumption]" = "128"; | |
144 | "php_value[opcache.save_comments]" = "1"; | |
145 | "php_value[opcache.revalidate_freq]" = "1"; | |
146 | "php_admin_value[memory_limit]" = "512M"; | |
147 | ||
148 | "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:${phpBaseDir}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp"; | |
bbea22c0 IB |
149 | "php_admin_value[session.save_handler]" = "redis"; |
150 | "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:KanboardFarm:'"; | |
c1767d2e IB |
151 | }; |
152 | inherit phpPackage; | |
153 | }; | |
f69e0c01 IB |
154 | services.websites.env.tools.vhostConfs = { |
155 | kanboard = { | |
156 | certName = "eldiron"; | |
157 | addToCerts = true; | |
158 | hosts = ["kanboard.immae.eu"]; | |
159 | root = null; | |
160 | extraConfig = [ | |
c1767d2e | 161 | '' |
f69e0c01 IB |
162 | <Directory "${rootDir}"> |
163 | DirectoryIndex index.php | |
164 | AllowOverride All | |
165 | Options FollowSymlinks | |
166 | Require all granted | |
167 | ||
168 | <FilesMatch "\.php$"> | |
169 | SetHandler "proxy:unix:${config.services.phpfpm.pools.kanboard_farm.socket}|fcgi://localhost" | |
170 | </FilesMatch> | |
171 | </Directory> | |
172 | <DirectoryMatch "${rootDir}/data"> | |
173 | Require all denied | |
174 | </DirectoryMatch> | |
175 | '' | |
176 | ] ++ builtins.attrValues cfg.vhosts; | |
177 | }; | |
178 | } // customVhosts; | |
c1767d2e IB |
179 | }; |
180 | } |