Move websites/tools to modules

[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / rompr.nix

diff --git a/modules/private/websites/tools/tools/rompr.nix b/modules/private/websites/tools/tools/rompr.nix
new file mode 100644 (file)
index 0000000..fea59fc
--- /dev/null
+++ b/modules/private/websites/tools/tools/rompr.nix
@@ -0,0 +1,77 @@
+{ lib, env, rompr }:
+rec {
+  varDir = "/var/lib/rompr";
+  activationScript = ''
+    install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
+      ${varDir}/prefs ${varDir}/albumart ${varDir}/phpSessions
+  '';
+  webRoot = rompr;
+  apache = rec {
+    user = "wwwrun";
+    group = "wwwrun";
+    modules = [ "headers" "mime" "proxy_fcgi" ];
+    webappName = "tools_rompr";
+    root = "/run/current-system/webapps/${webappName}";
+    vhostConf = ''
+      Alias /rompr ${root}
+
+      <Directory ${root}>
+        Options Indexes FollowSymLinks
+        DirectoryIndex index.php
+        AllowOverride all
+        Require all granted
+        Order allow,deny
+        Allow from all
+        ErrorDocument 404 /rompr/404.php
+        AddType image/x-icon .ico
+
+        <FilesMatch "\.php$">
+          SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+        </FilesMatch>
+      </Directory>
+
+      <Directory ${root}/albumart/small>
+          Header Set Cache-Control "max-age=0, no-store"
+          Header Set Cache-Control "no-cache, must-revalidate"
+      </Directory>
+
+      <Directory ${root}/albumart/asdownloaded>
+          Header Set Cache-Control "max-age=0, no-store"
+          Header Set Cache-Control "no-cache, must-revalidate"
+      </Directory>
+
+      <LocationMatch "^/rompr">
+        Use LDAPConnect
+        Require ldap-group   cn=users,cn=mpd,ou=services,dc=immae,dc=eu
+      </LocationMatch>
+      '';
+  };
+  phpFpm = rec {
+    basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
+    socket = "/var/run/phpfpm/rompr.sock";
+    pool = ''
+      listen = ${socket}
+      user = ${apache.user}
+      group = ${apache.group}
+      listen.owner = ${apache.user}
+      listen.group = ${apache.group}
+      pm = ondemand
+      pm.max_children = 60
+      pm.process_idle_timeout = 60
+
+      ; Needed to avoid clashes in browser cookies (same domain)
+      php_value[session.name] = RomprPHPSESSID
+      php_admin_value[open_basedir] = "${basedir}:/tmp"
+      php_admin_value[session.save_path] = "${varDir}/phpSessions"
+      php_flag[magic_quotes_gpc] = Off
+      php_flag[track_vars] = On
+      php_flag[register_globals] = Off
+      php_admin_flag[allow_url_fopen] = On
+      php_value[include_path] = ${webRoot}
+      php_admin_value[upload_tmp_dir] = "${varDir}/prefs"
+      php_admin_value[post_max_size] = 32M
+      php_admin_value[upload_max_filesize] = 32M
+      php_admin_value[memory_limit] = 256M
+      '';
+  };
+}