Rename virtual folder to nixops

[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / tools / ttrss.nix

diff --git a/nixops/modules/websites/tools/tools/ttrss.nix b/nixops/modules/websites/tools/tools/ttrss.nix
new file mode 100644 (file)
index 0000000..76105be
--- /dev/null
+++ b/nixops/modules/websites/tools/tools/ttrss.nix
@@ -0,0 +1,177 @@
+{ lib, php, env, writeText, stdenv, fetchedGit, fetchedGithub }:
+let
+  ttrss = let
+    plugins = {
+      auth_ldap = stdenv.mkDerivation (fetchedGithub ./ttrss-auth-ldap.json // rec {
+        installPhase = ''
+          mkdir $out
+          cp plugins/auth_ldap/init.php $out
+        '';
+      });
+      af_feedmod = stdenv.mkDerivation (fetchedGithub ./ttrss-af_feedmod.json // rec {
+        patches = [ ./ttrss-af-feedmod_type_replace.patch ];
+        installPhase = ''
+          mkdir $out
+          cp init.php $out
+        '';
+      });
+      feediron = stdenv.mkDerivation (fetchedGithub ./ttrss-feediron.json // rec {
+        patches = [ ./ttrss-feediron_json_reformat.patch ];
+        installPhase = ''
+          mkdir $out
+          cp -a . $out
+        '';
+      });
+      ff_instagram = stdenv.mkDerivation (fetchedGithub ./ttrss-ff_instagram.json // rec {
+        installPhase = ''
+          mkdir $out
+          cp -a . $out
+        '';
+      });
+      tumblr_gdpr_ua = stdenv.mkDerivation (fetchedGithub ./ttrss-tumblr_gdpr_ua.json // rec {
+        installPhase = ''
+          mkdir $out
+          cp -a . $out
+        '';
+      });
+    };
+  in rec {
+    varDir = "/var/lib/ttrss";
+    activationScript = {
+      deps = [ "wrappers" ];
+      text = ''
+        install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
+          ${varDir}/lock ${varDir}/cache ${varDir}/feed-icons
+        install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}/cache/export/ \
+          ${varDir}/cache/feeds/ \
+          ${varDir}/cache/images/ \
+          ${varDir}/cache/js/ \
+          ${varDir}/cache/simplepie/ \
+          ${varDir}/cache/upload/
+        touch ${varDir}/feed-icons/index.html
+        install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
+      '';
+    };
+    config = writeText "config.php" ''
+      <?php
+
+        define('PHP_EXECUTABLE', '${php}/bin/php');
+
+        define('LOCK_DIRECTORY', 'lock');
+        define('CACHE_DIR', 'cache');
+        define('ICONS_DIR', 'feed-icons');
+        define('ICONS_URL', 'feed-icons');
+        define('SELF_URL_PATH', 'https://tools.immae.eu/ttrss/');
+
+        define('MYSQL_CHARSET', 'UTF8');
+
+        define('DB_TYPE', 'pgsql');
+        define('DB_HOST', 'db-1.immae.eu');
+        define('DB_USER', 'ttrss');
+        define('DB_NAME', 'ttrss');
+        define('DB_PASS', '${env.postgresql.password}');
+        define('DB_PORT', '5432');
+
+        define('AUTH_AUTO_CREATE', true);
+        define('AUTH_AUTO_LOGIN', true);
+
+        define('SINGLE_USER_MODE', false);
+
+        define('SIMPLE_UPDATE_MODE', false);
+        define('CHECK_FOR_UPDATES', true);
+
+        define('FORCE_ARTICLE_PURGE', 0);
+        define('SESSION_COOKIE_LIFETIME', 60*60*24*120);
+        define('ENABLE_GZIP_OUTPUT', false);
+
+        define('PLUGINS', 'auth_ldap, note, instances');
+
+        define('LOG_DESTINATION', ''');
+        define('CONFIG_VERSION', 26);
+
+
+        define('SPHINX_SERVER', 'localhost:9312');
+        define('SPHINX_INDEX', 'ttrss, delta');
+
+        define('ENABLE_REGISTRATION', false);
+        define('REG_NOTIFY_ADDRESS', 'outils@immae.eu');
+        define('REG_MAX_USERS', 10);
+
+        define('SMTP_SERVER', 'mail.immae.eu:25');
+        define('SMTP_LOGIN', ''');
+        define('SMTP_PASSWORD', ''');
+        define('SMTP_SECURE', 'tls');
+
+        define('SMTP_FROM_NAME', 'Tiny Tiny RSS');
+        define('SMTP_FROM_ADDRESS', 'outils@immae.eu');
+        define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');
+
+        define('LDAP_AUTH_SERVER_URI', 'ldap://ldap.immae.eu:389/');
+        define('LDAP_AUTH_USETLS', TRUE);
+        define('LDAP_AUTH_ALLOW_UNTRUSTED_CERT', TRUE);
+        define('LDAP_AUTH_BASEDN', 'dc=immae,dc=eu');
+        define('LDAP_AUTH_ANONYMOUSBEFOREBIND', FALSE);
+        define('LDAP_AUTH_SEARCHFILTER', '(&(memberOf=cn=users,cn=ttrss,ou=services,dc=immae,dc=eu)(|(cn=???)(uid=???)(&(uid:dn:=???)(ou=ttrss))))');
+
+        define('LDAP_AUTH_BINDDN', 'cn=ttrss,ou=services,dc=immae,dc=eu');
+        define('LDAP_AUTH_BINDPW', '${env.ldap.password}');
+        define('LDAP_AUTH_LOGIN_ATTRIB', 'immaeTtrssLogin');
+
+        define('LDAP_AUTH_LOG_ATTEMPTS', FALSE);
+        define('LDAP_AUTH_DEBUG', FALSE);
+      '';
+    webRoot = stdenv.mkDerivation (fetchedGit ./tt-rss.json // rec {
+      buildPhase = ''
+        rm -rf lock feed-icons cache
+        ln -sf ../../../../../${varDir}/{lock,feed-icons,cache} .
+      '';
+      installPhase = ''
+        cp -a . $out
+        ln -s ${config} $out/config.php
+        ${builtins.concatStringsSep "\n" (
+          lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/plugins/${name}") plugins
+        )}
+      '';
+    });
+    apache = {
+      user = "wwwrun";
+      group = "wwwrun";
+      modules = [ "proxy_fcgi" ];
+      vhostConf = ''
+        Alias /ttrss "${webRoot}"
+        <Directory "${webRoot}">
+          DirectoryIndex index.php
+          <FilesMatch "\.php$">
+            SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+          </FilesMatch>
+
+          AllowOverride All
+          Options FollowSymlinks
+          Require all granted
+        </Directory>
+        '';
+    };
+    phpFpm = rec {
+      basedir = builtins.concatStringsSep ":" (
+        [ webRoot config varDir ]
+        ++ lib.attrsets.mapAttrsToList (name: value: value) plugins);
+      socket = "/var/run/phpfpm/ttrss.sock";
+      pool = ''
+        listen = ${socket}
+        user = ${apache.user}
+        group = ${apache.group}
+        listen.owner = ${apache.user}
+        listen.group = ${apache.group}
+        pm = ondemand
+        pm.max_children = 60
+        pm.process_idle_timeout = 60
+
+        ; Needed to avoid clashes in browser cookies (same domain)
+        php_value[session.name] = TtrssPHPSESSID
+        php_admin_value[open_basedir] = "${basedir}:/tmp"
+        php_admin_value[session.save_path] = "${varDir}/phpSessions"
+        '';
+    };
+  };
+in 
+  ttrss