]>
Commit | Line | Data |
---|---|---|
1 | { env, wallabag }: | |
2 | rec { | |
3 | varDir = "/var/lib/wallabag"; | |
4 | keys = [{ | |
5 | dest = "webapps/tools-wallabag"; | |
6 | user = apache.user; | |
7 | group = apache.group; | |
8 | permissions = "0400"; | |
9 | text = '' | |
10 | # This file is auto-generated during the composer install | |
11 | parameters: | |
12 | database_driver: pdo_pgsql | |
13 | database_driver_class: Wallabag\CoreBundle\Doctrine\DBAL\Driver\CustomPostgreSQLDriver | |
14 | database_host: ${env.postgresql.socket} | |
15 | database_port: ${env.postgresql.port} | |
16 | database_name: ${env.postgresql.database} | |
17 | database_user: ${env.postgresql.user} | |
18 | database_password: ${env.postgresql.password} | |
19 | database_path: null | |
20 | database_table_prefix: wallabag_ | |
21 | database_socket: null | |
22 | database_charset: utf8 | |
23 | domain_name: https://tools.immae.eu/wallabag | |
24 | mailer_transport: sendmail | |
25 | mailer_host: 127.0.0.1 | |
26 | mailer_user: null | |
27 | mailer_password: null | |
28 | locale: fr | |
29 | secret: ${env.secret} | |
30 | twofactor_auth: true | |
31 | twofactor_sender: wallabag@tools.immae.eu | |
32 | fosuser_registration: false | |
33 | fosuser_confirmation: true | |
34 | from_email: wallabag@tools.immae.eu | |
35 | rss_limit: 50 | |
36 | rabbitmq_host: localhost | |
37 | rabbitmq_port: 5672 | |
38 | rabbitmq_user: guest | |
39 | rabbitmq_password: guest | |
40 | rabbitmq_prefetch_count: 10 | |
41 | redis_scheme: unix | |
42 | redis_host: null | |
43 | redis_port: null | |
44 | redis_path: ${env.redis.socket} | |
45 | redis_password: null | |
46 | sites_credentials: { } | |
47 | ldap_enabled: true | |
48 | ldap_host: ldap.immae.eu | |
49 | ldap_port: 636 | |
50 | ldap_tls: false | |
51 | ldap_ssl: true | |
52 | ldap_bind_requires_dn: true | |
53 | ldap_base: 'dc=immae,dc=eu' | |
54 | ldap_manager_dn: 'cn=wallabag,ou=services,dc=immae,dc=eu' | |
55 | ldap_manager_pw: ${env.ldap.password} | |
56 | ldap_filter: '(&(memberOf=cn=users,cn=wallabag,ou=services,dc=immae,dc=eu))' | |
57 | ldap_admin_filter: '(&(memberOf=cn=admins,cn=wallabag,ou=services,dc=immae,dc=eu)(uid=%s))' | |
58 | ldap_username_attribute: uid | |
59 | ldap_email_attribute: mail | |
60 | ldap_name_attribute: cn | |
61 | ldap_enabled_attribute: null | |
62 | services: | |
63 | swiftmailer.mailer.default.transport: | |
64 | class: Swift_SendmailTransport | |
65 | arguments: ['/run/wrappers/bin/sendmail -bs'] | |
66 | ''; | |
67 | }]; | |
68 | webappDir = wallabag.override { ldap = true; wallabag_config = "/var/secrets/webapps/tools-wallabag"; }; | |
69 | activationScript = '' | |
70 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ | |
71 | ${varDir}/var ${varDir}/data/db ${varDir}/assets/images | |
72 | ''; | |
73 | webRoot = "${webappDir}/web"; | |
74 | # Domain migration: Table wallabag_entry contains whole | |
75 | # https://tools.immae.eu/wallabag domain name in preview_picture | |
76 | apache = rec { | |
77 | user = "wwwrun"; | |
78 | group = "wwwrun"; | |
79 | modules = [ "proxy_fcgi" ]; | |
80 | webappName = "tools_wallabag"; | |
81 | root = "/run/current-system/webapps/${webappName}"; | |
82 | vhostConf = '' | |
83 | Alias /wallabag "${root}" | |
84 | <Directory "${root}"> | |
85 | AllowOverride None | |
86 | Require all granted | |
87 | # For OAuth (apps) | |
88 | CGIPassAuth On | |
89 | ||
90 | <FilesMatch "\.php$"> | |
91 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | |
92 | </FilesMatch> | |
93 | ||
94 | <IfModule mod_rewrite.c> | |
95 | Options -MultiViews | |
96 | RewriteEngine On | |
97 | RewriteCond %{REQUEST_FILENAME} !-f | |
98 | RewriteRule ^(.*)$ app.php [QSA,L] | |
99 | </IfModule> | |
100 | </Directory> | |
101 | <Directory "${root}/bundles"> | |
102 | <IfModule mod_rewrite.c> | |
103 | RewriteEngine Off | |
104 | </IfModule> | |
105 | </Directory> | |
106 | <Directory "${varDir}/assets"> | |
107 | AllowOverride None | |
108 | Require all granted | |
109 | </Directory> | |
110 | ''; | |
111 | }; | |
112 | phpFpm = rec { | |
113 | preStart = '' | |
114 | if [ ! -f "${varDir}/currentWebappDir" -o \ | |
115 | ! -f "${varDir}/currentKey" -o \ | |
116 | "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ] \ | |
117 | || ! sha512sum -c --status ${varDir}/currentKey; then | |
118 | pushd ${webappDir} > /dev/null | |
119 | /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod cache:clear | |
120 | rm -rf /var/lib/wallabag/var/cache/pro_ | |
121 | /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate --no-interaction | |
122 | popd > /dev/null | |
123 | echo -n "${webappDir}" > ${varDir}/currentWebappDir | |
124 | sha512sum /var/secrets/webapps/tools-wallabag > ${varDir}/currentKey | |
125 | fi | |
126 | ''; | |
127 | serviceDeps = [ "postgresql.service" "openldap.service" ]; | |
128 | basedir = builtins.concatStringsSep ":" [ webappDir "/var/secrets/webapps/tools-wallabag" varDir ]; | |
129 | socket = "/var/run/phpfpm/wallabag.sock"; | |
130 | pool = '' | |
131 | listen = ${socket} | |
132 | user = ${apache.user} | |
133 | group = ${apache.group} | |
134 | listen.owner = ${apache.user} | |
135 | listen.group = ${apache.group} | |
136 | pm = dynamic | |
137 | pm.max_children = 60 | |
138 | pm.start_servers = 2 | |
139 | pm.min_spare_servers = 1 | |
140 | pm.max_spare_servers = 10 | |
141 | ||
142 | ; Needed to avoid clashes in browser cookies (same domain) | |
143 | php_value[session.name] = WallabagPHPSESSID | |
144 | php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:${basedir}:/tmp" | |
145 | php_value[max_execution_time] = 300 | |
146 | ''; | |
147 | }; | |
148 | } |