]> git.immae.eu Git - perso/Immae/Config/Nix.git/blame_incremental - nixops/modules/websites/tools/tools/wallabag.nix
Move irc services to modules
[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / tools / wallabag.nix
... / ...
CommitLineData
1{ env, wallabag }:
2rec {
3 varDir = "/var/lib/wallabag";
4 keys = [{
5 dest = "webapps/tools-wallabag";
6 user = apache.user;
7 group = apache.group;
8 permissions = "0400";
9 text = ''
10 # This file is auto-generated during the composer install
11 parameters:
12 database_driver: pdo_pgsql
13 database_driver_class: Wallabag\CoreBundle\Doctrine\DBAL\Driver\CustomPostgreSQLDriver
14 database_host: ${env.postgresql.socket}
15 database_port: ${env.postgresql.port}
16 database_name: ${env.postgresql.database}
17 database_user: ${env.postgresql.user}
18 database_password: ${env.postgresql.password}
19 database_path: null
20 database_table_prefix: wallabag_
21 database_socket: null
22 database_charset: utf8
23 domain_name: https://tools.immae.eu/wallabag
24 mailer_transport: sendmail
25 mailer_host: 127.0.0.1
26 mailer_user: null
27 mailer_password: null
28 locale: fr
29 secret: ${env.secret}
30 twofactor_auth: true
31 twofactor_sender: wallabag@tools.immae.eu
32 fosuser_registration: false
33 fosuser_confirmation: true
34 from_email: wallabag@tools.immae.eu
35 rss_limit: 50
36 rabbitmq_host: localhost
37 rabbitmq_port: 5672
38 rabbitmq_user: guest
39 rabbitmq_password: guest
40 rabbitmq_prefetch_count: 10
41 redis_scheme: unix
42 redis_host: null
43 redis_port: null
44 redis_path: ${env.redis.socket}
45 redis_password: null
46 sites_credentials: { }
47 ldap_enabled: true
48 ldap_host: ldap.immae.eu
49 ldap_port: 636
50 ldap_tls: false
51 ldap_ssl: true
52 ldap_bind_requires_dn: true
53 ldap_base: 'dc=immae,dc=eu'
54 ldap_manager_dn: 'cn=wallabag,ou=services,dc=immae,dc=eu'
55 ldap_manager_pw: ${env.ldap.password}
56 ldap_filter: '(&(memberOf=cn=users,cn=wallabag,ou=services,dc=immae,dc=eu))'
57 ldap_admin_filter: '(&(memberOf=cn=admins,cn=wallabag,ou=services,dc=immae,dc=eu)(uid=%s))'
58 ldap_username_attribute: uid
59 ldap_email_attribute: mail
60 ldap_name_attribute: cn
61 ldap_enabled_attribute: null
62 services:
63 swiftmailer.mailer.default.transport:
64 class: Swift_SendmailTransport
65 arguments: ['/run/wrappers/bin/sendmail -bs']
66 '';
67 }];
68 webappDir = wallabag.override { ldap = true; wallabag_config = "/var/secrets/webapps/tools-wallabag"; };
69 activationScript = ''
70 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
71 ${varDir}/var ${varDir}/data/db ${varDir}/assets/images
72 '';
73 webRoot = "${webappDir}/web";
74 # Domain migration: Table wallabag_entry contains whole
75 # https://tools.immae.eu/wallabag domain name in preview_picture
76 apache = rec {
77 user = "wwwrun";
78 group = "wwwrun";
79 modules = [ "proxy_fcgi" ];
80 webappName = "tools_wallabag";
81 root = "/run/current-system/webapps/${webappName}";
82 vhostConf = ''
83 Alias /wallabag "${root}"
84 <Directory "${root}">
85 AllowOverride None
86 Require all granted
87 # For OAuth (apps)
88 CGIPassAuth On
89
90 <FilesMatch "\.php$">
91 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
92 </FilesMatch>
93
94 <IfModule mod_rewrite.c>
95 Options -MultiViews
96 RewriteEngine On
97 RewriteCond %{REQUEST_FILENAME} !-f
98 RewriteRule ^(.*)$ app.php [QSA,L]
99 </IfModule>
100 </Directory>
101 <Directory "${root}/bundles">
102 <IfModule mod_rewrite.c>
103 RewriteEngine Off
104 </IfModule>
105 </Directory>
106 <Directory "${varDir}/assets">
107 AllowOverride None
108 Require all granted
109 </Directory>
110 '';
111 };
112 phpFpm = rec {
113 preStart = ''
114 if [ ! -f "${varDir}/currentWebappDir" -o \
115 ! -f "${varDir}/currentKey" -o \
116 "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ] \
117 || ! sha512sum -c --status ${varDir}/currentKey; then
118 pushd ${webappDir} > /dev/null
119 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod cache:clear
120 rm -rf /var/lib/wallabag/var/cache/pro_
121 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate --no-interaction
122 popd > /dev/null
123 echo -n "${webappDir}" > ${varDir}/currentWebappDir
124 sha512sum /var/secrets/webapps/tools-wallabag > ${varDir}/currentKey
125 fi
126 '';
127 serviceDeps = [ "postgresql.service" "openldap.service" ];
128 basedir = builtins.concatStringsSep ":" [ webappDir "/var/secrets/webapps/tools-wallabag" varDir ];
129 socket = "/var/run/phpfpm/wallabag.sock";
130 pool = ''
131 listen = ${socket}
132 user = ${apache.user}
133 group = ${apache.group}
134 listen.owner = ${apache.user}
135 listen.group = ${apache.group}
136 pm = dynamic
137 pm.max_children = 60
138 pm.start_servers = 2
139 pm.min_spare_servers = 1
140 pm.max_spare_servers = 10
141
142 ; Needed to avoid clashes in browser cookies (same domain)
143 php_value[session.name] = WallabagPHPSESSID
144 php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:${basedir}:/tmp"
145 php_value[max_execution_time] = 300
146 '';
147 };
148}