systems/eldiron/websites/git/mantisbt.nix

   1 { env, mantisbt_2, mantisbt_2-plugins, config, writeText }:
   2 let
   3   mantis_config = {
   4     config_inc = config.secrets.fullPaths."webapps/tools-mantisbt";
   5     custom_constants_inc = writeText "custom_constants_inc.php" ''
   6       <?php
   7       define('TESTING', 60);
   8       ?>
   9     '';
  10     custom_strings_inc = writeText "custom_strings_inc.php" ''
  11       <?php
  12       switch( $g_active_language ) {
  13         case 'french':
  14           $s_status_enum_string = '10:nouveau,20:retour d’informations,30:reçu,40:confirmé,50:affecté,60:à tester,80:traité,90:fermé';
  15           $s_acknowledged_bug_title = 'Recevoir l’anomalie';
  16           $s_acknowledged_bug_button = 'Recevoir l’anomalie';
  17           $s_email_notification_title_for_status_bug_acknowledged = 'L’anomalie suivante a été REÇUE.';
  18
  19           $s_testing_bug_title = "Mettre l’anomalie en test";
  20           $s_testing_bug_button = 'À tester';
  21           $s_email_notification_title_for_status_bug_testing = "L’anomalie suivante est prête à être TESTÉE.";
  22           break;
  23         default: # english
  24           $s_status_enum_string = '10:new,20:feedback,30:acknowledged,40:confirmed,50:assigned,60:testing,80:resolved,90:closed';
  25
  26           $s_testing_bug_title = 'Mark issue Ready for Testing';
  27           $s_testing_bug_button = 'Ready for Testing';
  28
  29           $s_email_notification_title_for_status_bug_testing = 'The following issue is ready for TESTING.';
  30           break;
  31       }
  32       ?>
  33     '';
  34   };
  35 in
  36 rec {
  37   keys."webapps/tools-mantisbt" = {
  38     user = apache.user;
  39     group = apache.group;
  40     permissions = "0400";
  41     text = ''
  42       <?php
  43       $g_admin_checks          = OFF;
  44       $g_reauthentication      = OFF;
  45       $g_reauthentication_expiry = 604800;
  46       $g_path                  = 'https://git.immae.eu/mantisbt/';
  47       $g_hostname              = '${env.postgresql.socket}';
  48       $g_db_username           = '${env.postgresql.user}';
  49       $g_db_password           = '${env.postgresql.password}';
  50       $g_database_name         = '${env.postgresql.database}';
  51       $g_db_type               = 'pgsql';
  52       $g_crypto_master_salt    = '${env.master_salt}';
  53       $g_allow_signup          = OFF;
  54       $g_allow_anonymous_login = ON;
  55       $g_anonymous_account     = 'anonymous';
  56
  57       $g_log_level = LOG_EMAIL_VERBOSE;
  58       $g_phpMailer_method       = PHPMAILER_METHOD_MAIL;
  59       $g_smtp_host              = 'localhost';
  60       $g_smtp_username          = ''';
  61       $g_smtp_password          = ''';
  62       $g_webmaster_email        = 'mantisbt@tools.immae.eu';
  63       $g_from_email             = 'mantisbt@tools.immae.eu';
  64       $g_return_path_email      = 'mantisbt@tools.immae.eu';
  65       $g_from_name              = 'Mantis Bug Tracker at git.immae.eu';
  66       $g_email_receive_own      = ON;
  67       # --- LDAP ---
  68       $g_login_method = LDAP;
  69       $g_ldap_protocol_version = 3;
  70       $g_ldap_server = 'ldaps://${env.ldap.host}:636';
  71       $g_ldap_use_starttls = OFF;
  72       $g_ldap_root_dn = 'ou=users,${env.ldap.base}';
  73       $g_ldap_bind_dn = '${env.ldap.dn}';
  74       $g_ldap_bind_passwd = '${env.ldap.password}';
  75       $g_use_ldap_email = ON;
  76       $g_use_ldap_realname = ON;
  77       $g_ldap_uid_field = 'uid';
  78       $g_ldap_realname_field = 'cn';
  79       $g_ldap_organization = '${env.ldap.filter}';
  80
  81       $g_status_enum_string = '10:new,20:feedback,30:acknowledged,40:confirmed,50:assigned,60:testing,80:resolved,90:closed';
  82       $g_status_colors['testing'] = '#ace7ae';
  83     '';
  84   };
  85   webRoot = (mantisbt_2.override { inherit mantis_config; }).withPlugins (p: [p.slack p.source-integration ]);
  86   apache = rec {
  87     user = "wwwrun";
  88     group = "wwwrun";
  89     modules = [ "proxy_fcgi" ];
  90     root = webRoot;
  91     vhostConf = socket: ''
  92       Alias /mantisbt "${root}"
  93       <Directory "${root}">
  94         DirectoryIndex index.php
  95         <FilesMatch "\.php$">
  96           SetHandler "proxy:unix:${socket}|fcgi://localhost"
  97         </FilesMatch>
  98
  99         AllowOverride All
 100         SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
 101         Options FollowSymlinks
 102         Require all granted
 103       </Directory>
 104       <Directory "${root}/admin">
 105         #Reenable during upgrade
 106         Require all denied
 107       </Directory>
 108       '';
 109   };
 110   phpFpm = rec {
 111     serviceDeps = [ "postgresql.service" "openldap.service" ];
 112     basedir = builtins.concatStringsSep ":" ([ webRoot ] ++
 113       webRoot.plugins ++ builtins.attrValues mantis_config);
 114     pool = {
 115       "listen.owner" = apache.user;
 116       "listen.group" = apache.group;
 117       "pm" = "ondemand";
 118       "pm.max_children" = "60";
 119       "pm.process_idle_timeout" = "60";
 120
 121       "php_admin_value[upload_max_filesize]" = "5000000";
 122
 123       "php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i";
 124       "php_admin_value[open_basedir]" = "${basedir}:/tmp:/run/wrappers/bin/sendmail";
 125       "php_admin_value[session.save_handler]" = "redis";
 126       "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:MantisBT:'";
 127     };
 128   };
 129 }