]>
Commit | Line | Data |
---|---|---|
1 | { lib, pkgs, config, ... }: | |
2 | let | |
3 | cfg = config.myServices.tools.cloud.farm; | |
4 | apacheUser = config.services.httpd.Prod.user; | |
5 | apacheGroup = config.services.httpd.Prod.group; | |
6 | toVardir = name: "/var/lib/nextcloud_farm/${name}"; | |
7 | varDirs = lib.mapAttrsToList (name: v: toVardir name) cfg.instances; | |
8 | toPhpBaseDir = name: [ cfg.rootDirs."${name}" (toVardir name) ] ++ cfg.rootDirs."${name}".apps; | |
9 | phpBaseDir = builtins.concatStringsSep ":" (lib.unique (lib.flatten (lib.mapAttrsToList (name: v: toPhpBaseDir name) cfg.instances))); | |
10 | toVhost = name: '' | |
11 | SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 | |
12 | SetEnv NEXTCLOUD_CONFIG_DIR "${toVardir name}" | |
13 | <Directory ${cfg.rootDirs."${name}"}> | |
14 | AcceptPathInfo On | |
15 | DirectoryIndex index.php | |
16 | Options FollowSymlinks | |
17 | Require all granted | |
18 | AllowOverride all | |
19 | ||
20 | <IfModule mod_headers.c> | |
21 | Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" | |
22 | </IfModule> | |
23 | <FilesMatch "\.php$"> | |
24 | CGIPassAuth on | |
25 | SetHandler "proxy:unix:${config.services.phpfpm.pools.nextcloud_farm.socket}|fcgi://localhost" | |
26 | </FilesMatch> | |
27 | ||
28 | </Directory> | |
29 | ''; | |
30 | phpPackage = (pkgs.php74.withExtensions({ enabled, all }: enabled ++ [ all.redis all.apcu all.opcache all.imagick ])).override { extraConfig = '' | |
31 | apc.enable_cli = 1 | |
32 | ''; | |
33 | }; | |
34 | in | |
35 | { | |
36 | options.myServices.tools.cloud.farm = { | |
37 | instances = lib.mkOption { | |
38 | description = "Instances names for the nextcloud Farm"; | |
39 | default = {}; | |
40 | type = lib.types.attrsOf (lib.types.submodule { | |
41 | options = { | |
42 | nextcloud = lib.mkOption { | |
43 | description = "Nextcloud version to use"; | |
44 | default = pkgs.webapps.nextcloud_20; | |
45 | type = lib.types.package; | |
46 | }; | |
47 | apps = lib.mkOption { | |
48 | description = "Applications to use"; | |
49 | default = a: []; | |
50 | #type = functionTo (listOf packages) | |
51 | type = lib.types.unspecified; | |
52 | }; | |
53 | }; | |
54 | }); | |
55 | }; | |
56 | rootDirs = lib.mkOption { | |
57 | description = "Instance root dirs"; | |
58 | readOnly = true; | |
59 | type = lib.types.attrsOf lib.types.package; | |
60 | default = lib.mapAttrs (name: v: (v.nextcloud.override { varDir = null; }).withApps v.apps) cfg.instances; | |
61 | }; | |
62 | vhosts = lib.mkOption { | |
63 | description = "Instance vhosts configs"; | |
64 | readOnly = true; | |
65 | type = lib.types.attrsOf lib.types.str; | |
66 | default = lib.mapAttrs (name: v: toVhost name) cfg.instances; | |
67 | }; | |
68 | }; | |
69 | ||
70 | config = lib.mkIf (builtins.length (builtins.attrNames cfg.instances) > 0) { | |
71 | system.activationScripts.cloud_farm_vardirs = { | |
72 | deps = [ "httpd" ]; | |
73 | text = '' | |
74 | install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${builtins.concatStringsSep " " varDirs} | |
75 | install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/nextcloud_farm/phpSessions | |
76 | ''; | |
77 | }; | |
78 | systemd.services.phpfpm-nextcloud_farm.after = lib.mkAfter [ "postgresql.service" ]; | |
79 | systemd.services.phpfpm-nextcloud_farm.wants = [ "postgresql.service" ]; | |
80 | services.phpfpm.pools.nextcloud_farm = { | |
81 | user = apacheUser; | |
82 | group = apacheGroup; | |
83 | settings = let | |
84 | instanceNb = builtins.length (builtins.attrNames cfg.instances); | |
85 | in { | |
86 | "listen.owner" = apacheUser; | |
87 | "listen.group" = apacheGroup; | |
88 | "pm" = "dynamic"; | |
89 | "pm.max_children" = builtins.toString (60 * instanceNb); | |
90 | "pm.start_servers" = builtins.toString (3 * instanceNb); | |
91 | "pm.min_spare_servers" = builtins.toString (3 * instanceNb); | |
92 | "pm.max_spare_servers" = builtins.toString (5 * instanceNb); | |
93 | "pm.process_idle_timeout" = "60"; | |
94 | ||
95 | "php_admin_value[output_buffering]" = "0"; | |
96 | "php_admin_value[max_execution_time]" = "1800"; | |
97 | "php_admin_value[zend_extension]" = "opcache"; | |
98 | "php_value[apcu.enable_cli]" = "1"; | |
99 | "php_value[apcu.enabled]" = "1"; | |
100 | #already enabled by default? | |
101 | #"php_value[opcache.enable]" = "1"; | |
102 | "php_value[opcache.enable_cli]" = "1"; | |
103 | "php_value[opcache.interned_strings_buffer]" = "8"; | |
104 | "php_value[opcache.max_accelerated_files]" = "10000"; | |
105 | "php_value[opcache.memory_consumption]" = "128"; | |
106 | "php_value[opcache.save_comments]" = "1"; | |
107 | "php_value[opcache.revalidate_freq]" = "1"; | |
108 | "php_admin_value[memory_limit]" = "512M"; | |
109 | ||
110 | "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:${phpBaseDir}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp"; | |
111 | "php_admin_value[session.save_path]" = "/var/lib/nextcloud_farm/phpSessions"; | |
112 | }; | |
113 | inherit phpPackage; | |
114 | }; | |
115 | users.users.root.packages = let | |
116 | toOcc = name: pkgs.writeScriptBin "nextcloud-occ-${name}" '' | |
117 | #! ${pkgs.stdenv.shell} | |
118 | cd ${cfg.rootDirs."${name}"} | |
119 | NEXTCLOUD_CONFIG_DIR="${toVardir name}" \ | |
120 | exec \ | |
121 | sudo -E -u wwwrun ${phpPackage}/bin/php \ | |
122 | -c ${phpPackage}/etc/php.ini \ | |
123 | occ $* | |
124 | ''; | |
125 | in lib.mapAttrsToList (name: v: toOcc name) cfg.instances; | |
126 | services.cron = { | |
127 | enable = true; | |
128 | systemCronJobs = let | |
129 | toScript = name: pkgs.writeScriptBin "nextcloud-cron" '' | |
130 | #! ${pkgs.stdenv.shell} | |
131 | export LOCALE_ARCHIVE=/run/current-system/sw/lib/locale/locale-archive | |
132 | export PATH=/run/wrappers/bin:$PATH | |
133 | export NEXTCLOUD_CONFIG_DIR="${toVardir name}" | |
134 | ${phpPackage}/bin/php -c ${phpPackage}/etc/php.ini -d memory_limit=512M -f ${cfg.rootDirs."${name}"}/cron.php | |
135 | ''; | |
136 | toLine = name: '' | |
137 | */15 * * * * wwwrun ${toScript name}/bin/nextcloud-cron | |
138 | ''; | |
139 | in lib.mapAttrsToList (name: v: toLine name) cfg.instances; | |
140 | }; | |
141 | }; | |
142 | } |