-{ stdenv, fetchurl, gettext, writeText, env, awl, davical }:
+{ stdenv, fetchurl, gettext, writeText, env, awl, davical, config }:
rec {
activationScript = {
deps = [ "httpd" ];
$c->authenticate_hook['optional'] = false;
$c->authenticate_hook['call'] = 'LDAP_check';
$c->authenticate_hook['config'] = array(
- 'host' => 'ldap.immae.eu',
+ 'host' => '${env.ldap.host}',
'port' => '389',
'startTLS' => 'yes',
- 'bindDN'=> 'cn=davical,ou=services,dc=immae,dc=eu',
+ 'bindDN'=> '${env.ldap.dn}',
'passDN'=> '${env.ldap.password}',
'protocolVersion' => '3',
- 'baseDNUsers'=> array('ou=users,dc=immae,dc=eu', 'ou=group_users,dc=immae,dc=eu'),
- 'filterUsers' => 'memberOf=cn=users,cn=davical,ou=services,dc=immae,dc=eu',
- 'baseDNGroups' => 'ou=groups,dc=immae,dc=eu',
- 'filterGroups' => 'memberOf=cn=groups,cn=davical,ou=services,dc=immae,dc=eu',
+ 'baseDNUsers'=> array('ou=users,${env.ldap.base}', 'ou=group_users,${env.ldap.base}'),
+ 'filterUsers' => '${env.ldap.filter}',
+ 'baseDNGroups' => 'ou=groups,${env.ldap.base}',
+ 'filterGroups' => 'memberOf=cn=groups,${env.ldap.dn}',
'mapping_field' => array(
"username" => "uid",
"fullname" => "cn",
include('drivers_ldap.php');
'';
}];
- webapp = davical.override { davical_config = "/var/secrets/webapps/dav-davical"; };
+ webapp = davical.override { davical_config = config.secrets.fullPaths."webapps/dav-davical"; };
webRoot = "${webapp}/htdocs";
apache = rec {
user = "wwwrun";
modules = [ "proxy_fcgi" ];
webappName = "tools_davical";
root = "/run/current-system/webapps/${webappName}";
- vhostConf = ''
+ vhostConf = socket: ''
Alias /davical "${root}"
Alias /caldav.php "${root}/caldav.php"
<Directory "${root}">
<FilesMatch "\.php$">
CGIPassAuth on
- SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+ SetHandler "proxy:unix:${socket}|fcgi://localhost"
</FilesMatch>
RewriteEngine On
};
phpFpm = rec {
serviceDeps = [ "postgresql.service" "openldap.service" ];
- basedir = builtins.concatStringsSep ":" [ webapp "/var/secrets/webapps/dav-davical" awl ];
- socket = "/var/run/phpfpm/davical.sock";
- pool = ''
- listen = ${socket}
- user = ${apache.user}
- group = ${apache.group}
- listen.owner = ${apache.user}
- listen.group = ${apache.group}
- pm = dynamic
- pm.max_children = 60
- pm.start_servers = 2
- pm.min_spare_servers = 1
- pm.max_spare_servers = 10
+ basedir = builtins.concatStringsSep ":" [ webapp config.secrets.fullPaths."webapps/dav-davical" awl ];
+ pool = {
+ "listen.owner" = apache.user;
+ "listen.group" = apache.group;
+ "pm" = "dynamic";
+ "pm.max_children" = "60";
+ "pm.start_servers" = "2";
+ "pm.min_spare_servers" = "1";
+ "pm.max_spare_servers" = "10";
- ; Needed to avoid clashes in browser cookies (same domain)
- php_value[session.name] = DavicalPHPSESSID
- php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/davical"
- php_admin_value[include_path] = "${awl}/inc:${webapp}/inc"
- php_admin_value[session.save_path] = "/var/lib/php/sessions/davical"
- php_flag[magic_quotes_gpc] = Off
- php_flag[register_globals] = Off
- php_admin_value[error_reporting] = "E_ALL & ~E_NOTICE"
- php_admin_value[default_charset] = "utf-8"
- php_flag[magic_quotes_runtime] = Off
- '';
+ # Needed to avoid clashes in browser cookies (same domain)
+ "php_value[session.name]" = "DavicalPHPSESSID";
+ "php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/davical";
+ "php_admin_value[include_path]" = "${awl}/inc:${webapp}/inc";
+ "php_admin_value[session.save_path]" = "/var/lib/php/sessions/davical";
+ "php_flag[magic_quotes_gpc]" = "Off";
+ "php_flag[register_globals]" = "Off";
+ "php_admin_value[error_reporting]" = "E_ALL & ~E_NOTICE";
+ "php_admin_value[default_charset]" = "utf-8";
+ "php_flag[magic_quotes_runtime]" = "Off";
+ };
};
}