]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/websites/tools/cloud/farm.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bump Nextcloud to latest version
[perso/Immae/Config/Nix.git] / modules / private / websites / tools / cloud / farm.nix
1 { lib, pkgs, config, ... }:
2 let
3 cfg = config.myServices.tools.cloud.farm;
4 apacheUser = config.services.httpd.Prod.user;
5 apacheGroup = config.services.httpd.Prod.group;
6 toVardir = name: "/var/lib/nextcloud_farm/${name}";
7 varDirs = lib.mapAttrsToList (name: v: toVardir name) cfg.instances;
8 toPhpBaseDir = name: [ cfg.rootDirs."${name}" (toVardir name) ] ++ cfg.rootDirs."${name}".apps;
9 phpBaseDir = builtins.concatStringsSep ":" (lib.unique (lib.flatten (lib.mapAttrsToList (name: v: toPhpBaseDir name) cfg.instances)));
10 toVhost = name: ''
11 SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
12 SetEnv NEXTCLOUD_CONFIG_DIR "${toVardir name}"
13 <Directory ${cfg.rootDirs."${name}"}>
14 AcceptPathInfo On
15 DirectoryIndex index.php
16 Options FollowSymlinks
17 Require all granted
18 AllowOverride all
19
20 <IfModule mod_headers.c>
21 Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
22 </IfModule>
23 <FilesMatch "\.php$">
24 CGIPassAuth on
25 SetHandler "proxy:unix:${config.services.phpfpm.pools.nextcloud_farm.socket}|fcgi://localhost"
26 </FilesMatch>
27
28 </Directory>
29 '';
30 phpPackage = (pkgs.php74.withExtensions({ enabled, all }: enabled ++ [ all.redis all.apcu all.opcache all.imagick ])).override { extraConfig = ''
31 apc.enable_cli = 1
32 '';
33 };
34 in
35 {
36 options.myServices.tools.cloud.farm = {
37 instances = lib.mkOption {
38 description = "Instances names for the nextcloud Farm";
39 default = {};
40 type = lib.types.attrsOf (lib.types.submodule {
41 options = {
42 nextcloud = lib.mkOption {
43 description = "Nextcloud version to use";
44 default = pkgs.webapps.nextcloud_20;
45 type = lib.types.package;
46 };
47 apps = lib.mkOption {
48 description = "Applications to use";
49 default = a: [];
50 #type = functionTo (listOf packages)
51 type = lib.types.unspecified;
52 };
53 };
54 });
55 };
56 rootDirs = lib.mkOption {
57 description = "Instance root dirs";
58 readOnly = true;
59 type = lib.types.attrsOf lib.types.package;
60 default = lib.mapAttrs (name: v: (v.nextcloud.override { varDir = null; }).withApps v.apps) cfg.instances;
61 };
62 vhosts = lib.mkOption {
63 description = "Instance vhosts configs";
64 readOnly = true;
65 type = lib.types.attrsOf lib.types.str;
66 default = lib.mapAttrs (name: v: toVhost name) cfg.instances;
67 };
68 };
69
70 config = lib.mkIf (builtins.length (builtins.attrNames cfg.instances) > 0) {
71 system.activationScripts.cloud_farm_vardirs = {
72 deps = [ "httpd" ];
73 text = ''
74 install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${builtins.concatStringsSep " " varDirs}
75 install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/nextcloud_farm/phpSessions
76 '';
77 };
78 systemd.services.phpfpm-nextcloud_farm.after = lib.mkAfter [ "postgresql.service" ];
79 systemd.services.phpfpm-nextcloud_farm.wants = [ "postgresql.service" ];
80 services.phpfpm.pools.nextcloud_farm = {
81 user = apacheUser;
82 group = apacheGroup;
83 settings = let
84 instanceNb = builtins.length (builtins.attrNames cfg.instances);
85 in {
86 "listen.owner" = apacheUser;
87 "listen.group" = apacheGroup;
88 "pm" = "dynamic";
89 "pm.max_children" = builtins.toString (60 * instanceNb);
90 "pm.start_servers" = builtins.toString (3 * instanceNb);
91 "pm.min_spare_servers" = builtins.toString (3 * instanceNb);
92 "pm.max_spare_servers" = builtins.toString (5 * instanceNb);
93 "pm.process_idle_timeout" = "60";
94
95 "php_admin_value[output_buffering]" = "0";
96 "php_admin_value[max_execution_time]" = "1800";
97 "php_admin_value[zend_extension]" = "opcache";
98 "php_value[apcu.enable_cli]" = "1";
99 "php_value[apcu.enabled]" = "1";
100 #already enabled by default?
101 #"php_value[opcache.enable]" = "1";
102 "php_value[opcache.enable_cli]" = "1";
103 "php_value[opcache.interned_strings_buffer]" = "8";
104 "php_value[opcache.max_accelerated_files]" = "10000";
105 "php_value[opcache.memory_consumption]" = "128";
106 "php_value[opcache.save_comments]" = "1";
107 "php_value[opcache.revalidate_freq]" = "1";
108 "php_admin_value[memory_limit]" = "512M";
109
110 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:${phpBaseDir}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp";
111 "php_admin_value[session.save_path]" = "/var/lib/nextcloud_farm/phpSessions";
112 };
113 inherit phpPackage;
114 };
115 users.users.root.packages = let
116 toOcc = name: pkgs.writeScriptBin "nextcloud-occ-${name}" ''
117 #! ${pkgs.stdenv.shell}
118 cd ${cfg.rootDirs."${name}"}
119 NEXTCLOUD_CONFIG_DIR="${toVardir name}" \
120 exec \
121 sudo -E -u wwwrun ${phpPackage}/bin/php \
122 -c ${phpPackage}/etc/php.ini \
123 occ $*
124 '';
125 in lib.mapAttrsToList (name: v: toOcc name) cfg.instances;
126 services.cron = {
127 enable = true;
128 systemCronJobs = let
129 toScript = name: pkgs.writeScriptBin "nextcloud-cron" ''
130 #! ${pkgs.stdenv.shell}
131 export LOCALE_ARCHIVE=/run/current-system/sw/lib/locale/locale-archive
132 export PATH=/run/wrappers/bin:$PATH
133 export NEXTCLOUD_CONFIG_DIR="${toVardir name}"
134 ${phpPackage}/bin/php -c ${phpPackage}/etc/php.ini -d memory_limit=512M -f ${cfg.rootDirs."${name}"}/cron.php
135 '';
136 toLine = name: ''
137 */15 * * * * wwwrun ${toScript name}/bin/nextcloud-cron
138 '';
139 in lib.mapAttrsToList (name: v: toLine name) cfg.instances;
140 };
141 };
142 }
My infrastructure configuration