]>
Commit | Line | Data |
---|---|---|
1a64deeb IB |
1 | { lib, pkgs, config, ... }: |
2 | let | |
3 | cfg = config.myServices.tools.kanboard.farm; | |
4 | apacheUser = config.services.websites.env.tools.user; | |
5 | apacheGroup = config.services.websites.env.tools.group; | |
6 | toVardir = name: "/var/lib/kanboard_farm/${name}"; | |
7 | varDirs = lib.mapAttrsToList (name: v: toVardir name) cfg.instances; | |
8 | toPhpBaseDir = name: [ rootDir (toVardir name) ]; | |
9 | phpBaseDir = builtins.concatStringsSep ":" (lib.unique (lib.flatten (lib.mapAttrsToList (name: v: toPhpBaseDir name) cfg.instances))); | |
10 | rootDir = pkgs.kanboard; | |
11 | ||
12 | toVhost = name: '' | |
13 | Alias /${name} "${rootDir}" | |
14 | <Location /${name}> | |
15 | SetEnv DATA_DIR "${toVardir name}" | |
16 | SetEnv MAIL_FROM "kanboard@tools.immae.eu" | |
17 | </Location> | |
18 | ''; | |
19 | toCustomVhost = name: lib.optionalAttrs (cfg.instances."${name}".customHost != null) { | |
20 | "kanboard_farm_${name}" = { | |
21 | certName = "eldiron"; | |
22 | hosts = [cfg.instances."${name}".customHost]; | |
23 | root = null; | |
24 | extraConfig = [ | |
25 | '' | |
26 | Alias / "${rootDir}" | |
27 | <Location /> | |
28 | SetEnv DATA_DIR "${toVardir name}" | |
29 | SetEnv MAIL_FROM "kanboard@tools.immae.eu" | |
30 | </Location> | |
31 | <Directory "${rootDir}"> | |
32 | DirectoryIndex index.php | |
33 | AllowOverride All | |
34 | Options FollowSymlinks | |
35 | Require all granted | |
36 | ||
37 | <FilesMatch "\.php$"> | |
38 | SetHandler "proxy:unix:${config.services.phpfpm.pools.kanboard_farm.socket}|fcgi://localhost" | |
39 | </FilesMatch> | |
40 | </Directory> | |
41 | <DirectoryMatch "${rootDir}/data"> | |
42 | Require all denied | |
43 | </DirectoryMatch> | |
44 | '' | |
45 | ]; | |
46 | }; | |
47 | }; | |
48 | customHosts = lib.filter (n: n != null) (map (n: cfg.instances."${n}".customHost) (builtins.attrNames cfg.instances)); | |
49 | customVhosts = lib.foldl (o: n: o // n) {} (map toCustomVhost (builtins.attrNames cfg.instances)); | |
50 | phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]); | |
51 | in | |
52 | { | |
53 | options.myServices.tools.kanboard.farm = { | |
54 | instances = lib.mkOption { | |
55 | description = "Instances names for the kanboard Farm"; | |
56 | default = {}; | |
57 | type = lib.types.attrsOf (lib.types.submodule { | |
58 | options = { | |
59 | customHost = lib.mkOption { | |
60 | description = "Custom host to use for the kanboard instance"; | |
61 | default = null; | |
62 | type = lib.types.nullOr lib.types.str; | |
63 | }; | |
64 | }; | |
65 | }); | |
66 | }; | |
67 | vhosts = lib.mkOption { | |
68 | description = "Instance vhosts configs"; | |
69 | readOnly = true; | |
70 | type = lib.types.attrsOf lib.types.str; | |
71 | default = lib.mapAttrs (name: v: toVhost name) cfg.instances; | |
72 | }; | |
73 | }; | |
74 | ||
75 | config = lib.mkIf (builtins.length (builtins.attrNames cfg.instances) > 0) { | |
76 | myServices.dns.zones."immae.eu".subdomains.kanboard = | |
77 | with config.myServices.dns.helpers; ips servers.eldiron.ips.main; | |
78 | ||
79 | myServices.chatonsProperties.hostings.kanboard = { | |
80 | file.datetime = "2022-08-21T19:40:00"; | |
81 | hosting = { | |
82 | name = "Kanboard"; | |
83 | description = "Kanban project management software"; | |
84 | website = "https://tools.immae.eu/kanboard"; | |
85 | logo = "https://tools.immae.eu/kanboard/assets/img/favicon.png"; | |
86 | type = "INSTANCE"; | |
87 | status.level = "OK"; | |
88 | status.description = "OK"; | |
89 | registration.load = "OPEN"; | |
90 | install.type = "PACKAGE"; | |
91 | }; | |
92 | }; | |
93 | myServices.chatonsProperties.services.kanboard = { | |
94 | file.datetime = "2022-08-21T19:40:00"; | |
95 | service = { | |
96 | name = "Kanboard"; | |
97 | description = "Kanban project management software"; | |
98 | website = "https://tools.immae.eu/kanboard"; | |
99 | logo = "https://tools.immae.eu/kanboard/assets/img/favicon.png"; | |
100 | status.level = "OK"; | |
101 | status.description = "OK"; | |
102 | registration."" = ["MEMBER" "CLIENT"]; | |
103 | registration.load = "OPEN"; | |
104 | install.type = "PACKAGE"; | |
105 | }; | |
106 | software = { | |
107 | name = "Kanboard"; | |
108 | website = "https://kanboard.org/"; | |
109 | license.url = "https://github.com/kanboard/kanboard/blob/main/LICENSE"; | |
110 | license.name = "MIT License"; | |
111 | version = pkgs.kanboard.version; | |
112 | source.url = "https://github.com/kanboard/kanboard"; | |
113 | }; | |
114 | }; | |
115 | system.activationScripts.kanboard_farm_vardirs = { | |
116 | deps = [ "httpd" ]; | |
117 | text = '' | |
118 | install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${builtins.concatStringsSep " " varDirs} | |
119 | ''; | |
120 | }; | |
121 | services.phpfpm.pools.kanboard_farm = { | |
122 | user = apacheUser; | |
123 | group = apacheGroup; | |
124 | settings = let | |
125 | instanceNb = builtins.length (builtins.attrNames cfg.instances); | |
126 | in { | |
127 | "listen.owner" = apacheUser; | |
128 | "listen.group" = apacheGroup; | |
129 | "pm" = "dynamic"; | |
130 | "pm.max_children" = builtins.toString (60 * instanceNb); | |
131 | "pm.start_servers" = builtins.toString (2 * instanceNb); | |
132 | "pm.min_spare_servers" = builtins.toString (2 * instanceNb); | |
133 | "pm.max_spare_servers" = builtins.toString (3 * instanceNb); | |
134 | "pm.process_idle_timeout" = "60"; | |
135 | ||
136 | "php_admin_value[output_buffering]" = "0"; | |
137 | "php_admin_value[max_execution_time]" = "1800"; | |
138 | "php_admin_value[zend_extension]" = "opcache"; | |
139 | "php_value[apcu.enable_cli]" = "1"; | |
140 | "php_value[apcu.enabled]" = "1"; | |
141 | #already enabled by default? | |
142 | #"php_value[opcache.enable]" = "1"; | |
143 | "php_value[opcache.enable_cli]" = "1"; | |
144 | "php_value[opcache.interned_strings_buffer]" = "8"; | |
145 | "php_value[opcache.max_accelerated_files]" = "10000"; | |
146 | "php_value[opcache.memory_consumption]" = "128"; | |
147 | "php_value[opcache.save_comments]" = "1"; | |
148 | "php_value[opcache.revalidate_freq]" = "1"; | |
149 | "php_admin_value[memory_limit]" = "512M"; | |
150 | ||
151 | "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:${phpBaseDir}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp"; | |
152 | "php_admin_value[session.save_handler]" = "redis"; | |
153 | "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:KanboardFarm:'"; | |
154 | }; | |
155 | inherit phpPackage; | |
156 | }; | |
157 | security.acme.certs.eldiron.extraDomainNames = customHosts ++ [ "kanboard.immae.eu" ]; | |
158 | services.websites.env.tools.vhostConfs = { | |
159 | kanboard = { | |
160 | certName = "eldiron"; | |
161 | hosts = ["kanboard.immae.eu"]; | |
162 | root = null; | |
163 | extraConfig = [ | |
164 | '' | |
165 | <Directory "${rootDir}"> | |
166 | DirectoryIndex index.php | |
167 | AllowOverride All | |
168 | Options FollowSymlinks | |
169 | Require all granted | |
170 | ||
171 | <FilesMatch "\.php$"> | |
172 | SetHandler "proxy:unix:${config.services.phpfpm.pools.kanboard_farm.socket}|fcgi://localhost" | |
173 | </FilesMatch> | |
174 | </Directory> | |
175 | <DirectoryMatch "${rootDir}/data"> | |
176 | Require all denied | |
177 | </DirectoryMatch> | |
178 | '' | |
179 | ] ++ builtins.attrValues cfg.vhosts; | |
180 | }; | |
181 | } // customVhosts; | |
182 | }; | |
183 | } |