Remove old domains from ressourcerie

[perso/Immae/Config/Nix.git] / modules / private / websites / tools / kanboard / farm.nix

{ lib, pkgs, config, ... }:
let
  cfg = config.myServices.tools.kanboard.farm;
  apacheUser = config.services.httpd.Tools.user;
  apacheGroup = config.services.httpd.Tools.group;
  toVardir = name: "/var/lib/kanboard_farm/${name}";
  varDirs = lib.mapAttrsToList (name: v: toVardir name) cfg.instances;
  toPhpBaseDir = name: [ rootDir (toVardir name) ];
  phpBaseDir = builtins.concatStringsSep ":" (lib.unique (lib.flatten (lib.mapAttrsToList (name: v: toPhpBaseDir name) cfg.instances)));
  rootDir = pkgs.kanboard;

  toVhost = name: ''
    Alias /${name} "${rootDir}"
    <Location /${name}>
      SetEnv DATA_DIR "${toVardir name}"
      SetEnv MAIL_FROM "kanboard@tools.immae.eu"
    </Location>
    '';
  phpPackage = pkgs.php74;
in
{
  options.myServices.tools.kanboard.farm = {
    instances = lib.mkOption {
      description = "Instances names for the kanboard Farm";
      default = {};
      type = lib.types.attrsOf (lib.types.submodule {
        options = {};
      });
    };
    vhosts = lib.mkOption {
      description = "Instance vhosts configs";
      readOnly = true;
      type = lib.types.attrsOf lib.types.str;
      default = lib.mapAttrs (name: v: toVhost name) cfg.instances;
    };
  };

  config = lib.mkIf (builtins.length (builtins.attrNames cfg.instances) > 0) {
    system.activationScripts.kanboard_farm_vardirs = {
      deps = [ "httpd" ];
      text = ''
        install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${builtins.concatStringsSep " " varDirs}
        install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/kanboard_farm/phpSessions
        '';
    };
    services.phpfpm.pools.kanboard_farm = {
      user = apacheUser;
      group = apacheGroup;
      settings = let
        instanceNb = builtins.length (builtins.attrNames cfg.instances);
      in {
        "listen.owner" = apacheUser;
        "listen.group" = apacheGroup;
        "pm" = "dynamic";
        "pm.max_children" = builtins.toString (60 * instanceNb);
        "pm.start_servers" = builtins.toString (2 * instanceNb);
        "pm.min_spare_servers" = builtins.toString (2 * instanceNb);
        "pm.max_spare_servers" = builtins.toString (3 * instanceNb);
        "pm.process_idle_timeout" = "60";

        "php_admin_value[output_buffering]" = "0";
        "php_admin_value[max_execution_time]" = "1800";
        "php_admin_value[zend_extension]" = "opcache";
        "php_value[apcu.enable_cli]" = "1";
        "php_value[apcu.enabled]" = "1";
        #already enabled by default?
        #"php_value[opcache.enable]" = "1";
        "php_value[opcache.enable_cli]" = "1";
        "php_value[opcache.interned_strings_buffer]" = "8";
        "php_value[opcache.max_accelerated_files]" = "10000";
        "php_value[opcache.memory_consumption]" = "128";
        "php_value[opcache.save_comments]" = "1";
        "php_value[opcache.revalidate_freq]" = "1";
        "php_admin_value[memory_limit]" = "512M";

        "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:${phpBaseDir}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp";
        "php_admin_value[session.save_path]" = "/var/lib/kanboard_farm/phpSessions";
      };
      inherit phpPackage;
    };
    services.websites.env.tools.vhostConfs.kanboard = {
      certName = "eldiron";
      addToCerts = true;
      hosts = ["kanboard.immae.eu"];
      root = null;
      extraConfig = [
        ''
        <Directory "${rootDir}">
          DirectoryIndex index.php
          AllowOverride All
          Options FollowSymlinks
          Require all granted

          <FilesMatch "\.php$">
            SetHandler "proxy:unix:${config.services.phpfpm.pools.kanboard_farm.socket}|fcgi://localhost"
          </FilesMatch>
        </Directory>
        <DirectoryMatch "${rootDir}/data">
          Require all denied
        </DirectoryMatch>
          ''
      ] ++ builtins.attrValues cfg.vhosts;
    };
  };
}