]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - modules/private/websites/tools/performance/default.nix
projects / perso / Immae / Config / Nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add status engine website
[perso/Immae/Config/Nix.git] / modules / private / websites / tools / performance / default.nix
diff --git a/modules/private/websites/tools/performance/default.nix b/modules/private/websites/tools/performance/default.nix
new file mode 100644 (file)
index 0000000..df2b58d
--- /dev/null
+++ b/modules/private/websites/tools/performance/default.nix
@@ -0,0 +1,89 @@
+{ pkgs, lib, config, ... }:
+let
+  env = config.myEnv.tools.status_engine;
+  package = pkgs.status_engine.interface.override({ config_file = config.secrets.fullPaths."status_engine_ui"; });
+  apacheRoot = "${package}/public";
+  cfg = config.myServices.websites.tools.performance;
+in
+{
+  options.myServices.websites.tools.performance = {
+    enable = lib.mkEnableOption "Enable performance website";
+  };
+
+  config = lib.mkIf cfg.enable {
+    secrets.keys = [
+      {
+        dest = "status_engine_ui";
+        permissions = "0400";
+        user = "wwwrun";
+        group = "wwwrun";
+        text = ''
+          allow_anonymous: 0
+          anonymous_can_submit_commands: 0
+          urls_without_login:
+            - login
+            - loginstate
+          auth_type: ldap
+          ldap_server: ${env.ldap.host}
+          ldap_use_ssl: 1
+          ldap_port: 636
+          ldap_bind_dn: ${env.ldap.dn}
+          ldap_bind_password: ${env.ldap.password}
+          ldap_base_dn: ${env.ldap.base}
+          ldap_filter: "${env.ldap.filter}"
+          ldap_attribute:
+            - memberOf
+          use_crate: 0
+          use_mysql: 1
+          mysql:
+              host: 127.0.0.1
+              port: ${env.mysql.port}
+              username: ${env.mysql.user}
+              password: ${env.mysql.password}
+              database: ${env.mysql.database}
+          display_perfdata: 1
+          perfdata_backend: mysql
+        '';
+      }
+    ];
+
+    services.websites.env.tools.modules = [ "proxy_fcgi" ];
+
+    services.websites.env.tools.vhostConfs.performance = {
+      certName   = "eldiron";
+      addToCerts = true;
+      hosts      = [ "performance.immae.eu" ];
+      root       = apacheRoot;
+      extraConfig = [
+        ''
+          <Directory ${apacheRoot}>
+            DirectoryIndex index.html
+            AllowOverride None
+            Require all granted
+            <FilesMatch "\.php$">
+              SetHandler "proxy:unix:${config.services.phpfpm.pools.status_engine.socket}|fcgi://localhost"
+            </FilesMatch>
+          </Directory>
+        ''
+      ];
+    };
+
+    services.phpfpm.pools.status_engine = {
+      user = "wwwrun";
+      group = "wwwrun";
+      settings = {
+        "listen.owner" = "wwwrun";
+        "listen.group" = "wwwrun";
+        "pm" = "dynamic";
+        "pm.max_children" = "60";
+        "pm.start_servers" = "2";
+        "pm.min_spare_servers" = "1";
+        "pm.max_spare_servers" = "10";
+
+        "php_admin_value[open_basedir]" = "${package}:/tmp:/var/secrets/status_engine_ui";
+      };
+      phpPackage = pkgs.php74;
+    };
+
+  };
+}
My infrastructure configuration