]>
Commit | Line | Data |
---|---|---|
a97118c4 IB |
1 | { pkgs, lib, config, ... }: |
2 | let | |
3 | env = config.myEnv.tools.status_engine; | |
4 | package = pkgs.status_engine.interface.override({ config_file = config.secrets.fullPaths."status_engine_ui"; }); | |
5 | apacheRoot = "${package}/public"; | |
6 | cfg = config.myServices.websites.tools.performance; | |
7 | in | |
8 | { | |
9 | options.myServices.websites.tools.performance = { | |
10 | enable = lib.mkEnableOption "Enable performance website"; | |
11 | }; | |
12 | ||
13 | config = lib.mkIf cfg.enable { | |
4c4652aa IB |
14 | secrets.keys = { |
15 | status_engine_ui = { | |
a97118c4 IB |
16 | permissions = "0400"; |
17 | user = "wwwrun"; | |
18 | group = "wwwrun"; | |
19 | text = '' | |
20 | allow_anonymous: 0 | |
21 | anonymous_can_submit_commands: 0 | |
22 | urls_without_login: | |
23 | - login | |
24 | - loginstate | |
25 | auth_type: ldap | |
26 | ldap_server: ${env.ldap.host} | |
27 | ldap_use_ssl: 1 | |
28 | ldap_port: 636 | |
29 | ldap_bind_dn: ${env.ldap.dn} | |
30 | ldap_bind_password: ${env.ldap.password} | |
31 | ldap_base_dn: ${env.ldap.base} | |
32 | ldap_filter: "${env.ldap.filter}" | |
33 | ldap_attribute: | |
34 | - memberOf | |
35 | use_crate: 0 | |
36 | use_mysql: 1 | |
37 | mysql: | |
38 | host: 127.0.0.1 | |
39 | port: ${env.mysql.port} | |
40 | username: ${env.mysql.user} | |
41 | password: ${env.mysql.password} | |
42 | database: ${env.mysql.database} | |
43 | display_perfdata: 1 | |
44 | perfdata_backend: mysql | |
45 | ''; | |
4c4652aa IB |
46 | }; |
47 | }; | |
a97118c4 IB |
48 | |
49 | services.websites.env.tools.modules = [ "proxy_fcgi" ]; | |
50 | ||
51 | services.websites.env.tools.vhostConfs.performance = { | |
52 | certName = "eldiron"; | |
53 | addToCerts = true; | |
54 | hosts = [ "performance.immae.eu" ]; | |
55 | root = apacheRoot; | |
56 | extraConfig = [ | |
57 | '' | |
58 | <Directory ${apacheRoot}> | |
59 | DirectoryIndex index.html | |
60 | AllowOverride None | |
61 | Require all granted | |
62 | <FilesMatch "\.php$"> | |
63 | SetHandler "proxy:unix:${config.services.phpfpm.pools.status_engine.socket}|fcgi://localhost" | |
64 | </FilesMatch> | |
65 | </Directory> | |
66 | '' | |
67 | ]; | |
68 | }; | |
69 | ||
70 | services.phpfpm.pools.status_engine = { | |
71 | user = "wwwrun"; | |
72 | group = "wwwrun"; | |
73 | settings = { | |
74 | "listen.owner" = "wwwrun"; | |
75 | "listen.group" = "wwwrun"; | |
76 | "pm" = "dynamic"; | |
77 | "pm.max_children" = "60"; | |
78 | "pm.start_servers" = "2"; | |
79 | "pm.min_spare_servers" = "1"; | |
80 | "pm.max_spare_servers" = "10"; | |
81 | ||
da30ae4f | 82 | "php_admin_value[open_basedir]" = "${package}:/tmp:${config.secrets.fullPaths."status_engine_ui"}"; |
a97118c4 IB |
83 | }; |
84 | phpPackage = pkgs.php74; | |
85 | }; | |
86 | ||
87 | }; | |
88 | } |