Rename virtual folder to nixops

[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / tools / rompr.nix

diff --git a/nixops/modules/websites/tools/tools/rompr.nix b/nixops/modules/websites/tools/tools/rompr.nix
new file mode 100644 (file)
index 0000000..055334e
--- /dev/null
+++ b/nixops/modules/websites/tools/tools/rompr.nix
@@ -0,0 +1,86 @@
+{ lib, env, stdenv, fetchedGithub }:
+let
+  rompr = let
+  in rec {
+    varDir = "/var/lib/rompr";
+    activationScript = ''
+      install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
+        ${varDir}/prefs ${varDir}/albumart ${varDir}/phpSessions
+    '';
+    webRoot = stdenv.mkDerivation (fetchedGithub ./rompr.json // rec {
+      installPhase = ''
+        cp -a . $out
+        ln -sf ../../../../../../${varDir}/prefs $out/prefs
+        ln -sf ../../../../../../${varDir}/albumart $out/albumart
+      '';
+    });
+    apache = {
+      user = "wwwrun";
+      group = "wwwrun";
+      modules = [ "headers" "mime" "proxy_fcgi" ];
+      vhostConf = ''
+        Alias /rompr ${webRoot}
+
+        <Directory ${webRoot}>
+          Options Indexes FollowSymLinks
+          DirectoryIndex index.php
+          AllowOverride all
+          Require all granted
+          Order allow,deny
+          Allow from all
+          ErrorDocument 404 /rompr/404.php
+          AddType image/x-icon .ico
+
+          <FilesMatch "\.php$">
+            SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+          </FilesMatch>
+        </Directory>
+
+        <Directory ${webRoot}/albumart/small>
+            Header Set Cache-Control "max-age=0, no-store"
+            Header Set Cache-Control "no-cache, must-revalidate"
+        </Directory>
+
+        <Directory ${webRoot}/albumart/asdownloaded>
+            Header Set Cache-Control "max-age=0, no-store"
+            Header Set Cache-Control "no-cache, must-revalidate"
+        </Directory>
+
+        <LocationMatch "^/rompr">
+          Use LDAPConnect
+          Require ldap-group   cn=users,cn=mpd,ou=services,dc=immae,dc=eu
+          Require local
+        </LocationMatch>
+        '';
+    };
+    phpFpm = rec {
+      basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
+      socket = "/var/run/phpfpm/rompr.sock";
+      pool = ''
+        listen = ${socket}
+        user = ${apache.user}
+        group = ${apache.group}
+        listen.owner = ${apache.user}
+        listen.group = ${apache.group}
+        pm = ondemand
+        pm.max_children = 60
+        pm.process_idle_timeout = 60
+
+        ; Needed to avoid clashes in browser cookies (same domain)
+        php_value[session.name] = RomprPHPSESSID
+        php_admin_value[open_basedir] = "${basedir}:/tmp"
+        php_admin_value[session.save_path] = "${varDir}/phpSessions"
+        php_flag[magic_quotes_gpc] = Off
+        php_flag[track_vars] = On
+        php_flag[register_globals] = Off
+        php_admin_flag[allow_url_fopen] = On
+        php_value[include_path] = ${webRoot}
+        php_admin_value[upload_tmp_dir] = "${varDir}/prefs"
+        php_admin_value[post_max_size] = 32M
+        php_admin_value[upload_max_filesize] = 32M
+        php_admin_value[memory_limit] = 256M
+        '';
+    };
+  };
+in
+  rompr