]>
Commit | Line | Data |
---|---|---|
1 | { stdenv, fetchurl, gettext, writeText, env, awl, davical }: | |
2 | rec { | |
3 | keys = [{ | |
4 | dest = "webapps/dav-davical"; | |
5 | user = apache.user; | |
6 | group = apache.group; | |
7 | permissions = "0400"; | |
8 | text = '' | |
9 | <?php | |
10 | $c->pg_connect[] = "dbname=${env.postgresql.database} user=${env.postgresql.user} host=${env.postgresql.socket} password=${env.postgresql.password}"; | |
11 | ||
12 | $c->readonly_webdav_collections = false; | |
13 | ||
14 | $c->admin_email ='davical@tools.immae.eu'; | |
15 | ||
16 | $c->restrict_setup_to_admin = true; | |
17 | ||
18 | $c->collections_always_exist = false; | |
19 | ||
20 | $c->external_refresh = 60; | |
21 | ||
22 | $c->enable_scheduling = true; | |
23 | ||
24 | $c->iMIP = (object) array("send_email" => true); | |
25 | ||
26 | $c->authenticate_hook['optional'] = false; | |
27 | $c->authenticate_hook['call'] = 'LDAP_check'; | |
28 | $c->authenticate_hook['config'] = array( | |
29 | 'host' => 'ldap.immae.eu', | |
30 | 'port' => '389', | |
31 | 'startTLS' => 'yes', | |
32 | 'bindDN'=> 'cn=davical,ou=services,dc=immae,dc=eu', | |
33 | 'passDN'=> '${env.ldap.password}', | |
34 | 'protocolVersion' => '3', | |
35 | 'baseDNUsers'=> array('ou=users,dc=immae,dc=eu', 'ou=group_users,dc=immae,dc=eu'), | |
36 | 'filterUsers' => 'memberOf=cn=users,cn=davical,ou=services,dc=immae,dc=eu', | |
37 | 'baseDNGroups' => 'ou=groups,dc=immae,dc=eu', | |
38 | 'filterGroups' => 'memberOf=cn=groups,cn=davical,ou=services,dc=immae,dc=eu', | |
39 | 'mapping_field' => array( | |
40 | "username" => "uid", | |
41 | "fullname" => "cn", | |
42 | "email" => "mail", | |
43 | "modified" => "modifyTimestamp", | |
44 | ), | |
45 | 'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)), | |
46 | /** used to set default value for all users, will be overcharged by ldap if defined also in mapping_field **/ | |
47 | // 'default_value' => array("date_format_type" => "E","locale" => "fr_FR"), | |
48 | 'group_mapping_field' => array( | |
49 | "username" => "cn", | |
50 | "updated" => "modifyTimestamp", | |
51 | "fullname" => "givenName", | |
52 | "displayname" => "givenName", | |
53 | "members" => "memberUid", | |
54 | "email" => "mail", | |
55 | ), | |
56 | ); | |
57 | ||
58 | $c->do_not_sync_from_ldap = array('admin' => true); | |
59 | include('drivers_ldap.php'); | |
60 | ''; | |
61 | }]; | |
62 | webapp = davical.override { davical_config = "/var/secrets/webapps/dav-davical"; }; | |
63 | webRoot = "${webapp}/htdocs"; | |
64 | apache = rec { | |
65 | user = "wwwrun"; | |
66 | group = "wwwrun"; | |
67 | modules = [ "proxy_fcgi" ]; | |
68 | webappName = "tools_davical"; | |
69 | root = "/run/current-system/webapps/${webappName}"; | |
70 | vhostConf = '' | |
71 | Alias /davical "${root}" | |
72 | Alias /caldav.php "${root}/caldav.php" | |
73 | <Directory "${root}"> | |
74 | DirectoryIndex index.php index.html | |
75 | AcceptPathInfo On | |
76 | AllowOverride None | |
77 | Require all granted | |
78 | ||
79 | <FilesMatch "\.php$"> | |
80 | CGIPassAuth on | |
81 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | |
82 | </FilesMatch> | |
83 | ||
84 | RewriteEngine On | |
85 | <IfModule mod_headers.c> | |
86 | Header unset Access-Control-Allow-Origin | |
87 | Header unset Access-Control-Allow-Methods | |
88 | Header unset Access-Control-Allow-Headers | |
89 | Header unset Access-Control-Allow-Credentials | |
90 | Header unset Access-Control-Expose-Headers | |
91 | ||
92 | Header always set Access-Control-Allow-Origin "*" | |
93 | Header always set Access-Control-Allow-Methods "GET,POST,OPTIONS,PROPFIND,PROPPATCH,REPORT,PUT,MOVE,DELETE,LOCK,UNLOCK" | |
94 | Header always set Access-Control-Allow-Headers "User-Agent,Authorization,Content-type,Depth,If-match,If-None-Match,Lock-Token,Timeout,Destination,Overwrite,Prefer,X-client,X-Requested-With" | |
95 | Header always set Access-Control-Allow-Credentials false | |
96 | Header always set Access-Control-Expose-Headers "Etag,Preference-Applied" | |
97 | ||
98 | RewriteCond %{HTTP:Access-Control-Request-Method} !^$ | |
99 | RewriteCond %{REQUEST_METHOD} OPTIONS | |
100 | RewriteRule ^(.*)$ $1 [R=200,L] | |
101 | </IfModule> | |
102 | </Directory> | |
103 | ''; | |
104 | }; | |
105 | phpFpm = rec { | |
106 | serviceDeps = [ "postgresql.service" "openldap.service" ]; | |
107 | basedir = builtins.concatStringsSep ":" [ webapp "/var/secrets/webapps/dav-davical" awl ]; | |
108 | socket = "/var/run/phpfpm/davical.sock"; | |
109 | pool = '' | |
110 | listen = ${socket} | |
111 | user = ${apache.user} | |
112 | group = ${apache.group} | |
113 | listen.owner = ${apache.user} | |
114 | listen.group = ${apache.group} | |
115 | pm = dynamic | |
116 | pm.max_children = 60 | |
117 | pm.start_servers = 2 | |
118 | pm.min_spare_servers = 1 | |
119 | pm.max_spare_servers = 10 | |
120 | ||
121 | ; Needed to avoid clashes in browser cookies (same domain) | |
122 | php_value[session.name] = DavicalPHPSESSID | |
123 | php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/davical" | |
124 | php_admin_value[include_path] = "${awl}/inc:${webapp}/inc" | |
125 | php_admin_value[session.save_path] = "/var/lib/php/sessions/davical" | |
126 | php_flag[magic_quotes_gpc] = Off | |
127 | php_flag[register_globals] = Off | |
128 | php_admin_value[error_reporting] = "E_ALL & ~E_NOTICE" | |
129 | php_admin_value[default_charset] = "utf-8" | |
130 | php_flag[magic_quotes_runtime] = Off | |
131 | ''; | |
132 | }; | |
133 | } |