'';
};
davical = rec {
- keys."dav-davical" = {
- destDir = "/run/keys/webapps";
+ keys = [{
+ dest = "webapps/dav-davical";
user = apache.user;
group = apache.group;
- permissions = "0700";
+ permissions = "0400";
text = ''
<?php
$c->pg_connect[] = "dbname=${env.postgresql.database} user=${env.postgresql.user} host=${env.postgresql.socket} password=${env.postgresql.password}";
$c->do_not_sync_from_ldap = array('admin' => true);
include('drivers_ldap.php');
'';
- };
+ }];
webapp = stdenv.mkDerivation rec {
version = "1.1.7";
name = "davical-${version}";
installPhase = ''
mkdir -p $out
cp -ra config dba docs htdocs inc locale po scripts testing zonedb $out
- ln -s /run/keys/webapps/dav-davical $out/config/config.php
+ ln -s /var/secrets/webapps/dav-davical $out/config/config.php
'';
buildInputs = [ gettext ];
};
'';
};
phpFpm = rec {
- serviceDeps = [ "postgresql.service" "openldap.service" "dav-davical-key.service" ];
- basedir = builtins.concatStringsSep ":" [ webapp "/run/keys/webapps/dav-davical" awl ];
+ serviceDeps = [ "postgresql.service" "openldap.service" ];
+ basedir = builtins.concatStringsSep ":" [ webapp "/var/secrets/webapps/dav-davical" awl ];
socket = "/var/run/phpfpm/davical.sock";
pool = ''
listen = ${socket}
; Needed to avoid clashes in browser cookies (same domain)
php_value[session.name] = DavicalPHPSESSID
- php_admin_value[open_basedir] = "${basedir}:/tmp"
+ php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/davical"
php_admin_value[include_path] = "${awl}/inc:${webapp}/inc"
php_admin_value[session.save_path] = "/var/lib/php/sessions/davical"
php_flag[magic_quotes_gpc] = Off