modules/private/websites/tools/tools/adminer.nix

   1 { webapps, php74, myPhpPackages, lib, forcePhpSocket ? null }:
   2 rec {
   3   webRoot = webapps.adminer;
   4   phpFpm = rec {
   5     user = apache.user;
   6     group = apache.group;
   7     phpPackage = php74.withExtensions ({ enabled, all }: (lib.remove all.mysqli enabled) ++ [myPhpPackages.mysqli_pam all.redis]);
   8     settings = {
   9       "listen.owner" = apache.user;
  10       "listen.group" = apache.group;
  11       "pm" = "ondemand";
  12       "pm.max_children" = "5";
  13       "pm.process_idle_timeout" = "60";
  14       #"php_admin_flag[log_errors]" = "on";
  15       # Needed to avoid clashes in browser cookies (same domain)
  16       "php_value[session.name]" = "AdminerPHPSESSID";
  17       "php_admin_value[open_basedir]" = "${webRoot}:/tmp";
  18       "php_admin_value[session.save_handler]" = "redis";
  19       "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Adminer:'";
  20     };
  21   };
  22   apache = rec {
  23     user = "wwwrun";
  24     group = "wwwrun";
  25     modules = [ "proxy_fcgi" ];
  26     root = webRoot;
  27     vhostConf = socket: ''
  28       Alias /adminer ${webRoot}
  29       <Directory ${webRoot}>
  30         DirectoryIndex index.php
  31         <FilesMatch "\.php$">
  32           SetHandler "proxy:unix:${if forcePhpSocket != null then forcePhpSocket else socket}|fcgi://localhost"
  33         </FilesMatch>
  34
  35         Use LDAPConnect
  36         Require ldap-group cn=users,cn=mysql,cn=pam,ou=services,dc=immae,dc=eu
  37         Require ldap-group cn=users,cn=postgresql,cn=pam,ou=services,dc=immae,dc=eu
  38       </Directory>
  39       '';
  40   };
  41 }