{ webapps, php74, myPhpPackages, lib, forcePhpSocket ? null }:
rec {
  webRoot = webapps.adminer;
  phpFpm = rec {
    user = apache.user;
    group = apache.group;
    phpPackage = php74.withExtensions ({ enabled, all }: (lib.remove all.mysqli enabled) ++ [myPhpPackages.mysqli_pam all.redis]);
    settings = {
      "listen.owner" = apache.user;
      "listen.group" = apache.group;
      "pm" = "ondemand";
      "pm.max_children" = "5";
      "pm.process_idle_timeout" = "60";
      #"php_admin_flag[log_errors]" = "on";
      # Needed to avoid clashes in browser cookies (same domain)
      "php_value[session.name]" = "AdminerPHPSESSID";
      "php_admin_value[open_basedir]" = "${webRoot}:/tmp";
      "php_admin_value[session.save_handler]" = "redis";
      "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Adminer:'";
    };
  };
  apache = rec {
    user = "wwwrun";
    group = "wwwrun";
    modules = [ "proxy_fcgi" ];
    root = webRoot;
    vhostConf = socket: ''
      Alias /adminer ${webRoot}
      <Directory ${webRoot}>
        DirectoryIndex index.php
        <FilesMatch "\.php$">
          SetHandler "proxy:unix:${if forcePhpSocket != null then forcePhpSocket else socket}|fcgi://localhost"
        </FilesMatch>

        Use LDAPConnect
        Require ldap-group cn=users,cn=mysql,cn=pam,ou=services,dc=immae,dc=eu
        Require ldap-group cn=users,cn=postgresql,cn=pam,ou=services,dc=immae,dc=eu
      </Directory>
      '';
  };
}