let
wallabag = rec {
varDir = "/var/lib/wallabag";
- parameters = writeText "parameters.yml" ''
- # This file is auto-generated during the composer install
- parameters:
- database_driver: pdo_pgsql
- database_driver_class: Wallabag\CoreBundle\Doctrine\DBAL\Driver\CustomPostgreSQLDriver
- database_host: ${env.postgresql.socket}
- database_port: ${env.postgresql.port}
- database_name: ${env.postgresql.database}
- database_user: ${env.postgresql.user}
- database_password: ${env.postgresql.password}
- database_path: null
- database_table_prefix: wallabag_
- database_socket: null
- database_charset: utf8
- domain_name: https://tools.immae.eu/wallabag
- mailer_transport: sendmail
- mailer_host: 127.0.0.1
- mailer_user: null
- mailer_password: null
- locale: fr
- secret: ${env.secret}
- twofactor_auth: true
- twofactor_sender: wallabag@immae.eu
- fosuser_registration: false
- fosuser_confirmation: true
- from_email: wallabag@immae.eu
- rss_limit: 50
- rabbitmq_host: localhost
- rabbitmq_port: 5672
- rabbitmq_user: guest
- rabbitmq_password: guest
- rabbitmq_prefetch_count: 10
- redis_scheme: unix
- redis_host: null
- redis_port: null
- redis_path: ${env.redis.socket}
- redis_password: null
- sites_credentials: { }
- ldap_enabled: true
- ldap_host: ldap.immae.eu
- ldap_port: 636
- ldap_tls: false
- ldap_ssl: true
- ldap_bind_requires_dn: true
- ldap_base: 'dc=immae,dc=eu'
- ldap_manager_dn: 'cn=wallabag,ou=services,dc=immae,dc=eu'
- ldap_manager_pw: ${env.ldap.password}
- ldap_filter: '(&(memberOf=cn=users,cn=wallabag,ou=services,dc=immae,dc=eu))'
- ldap_admin_filter: '(&(memberOf=cn=admins,cn=wallabag,ou=services,dc=immae,dc=eu)(uid=%s))'
- ldap_username_attribute: uid
- ldap_email_attribute: mail
- ldap_name_attribute: cn
- ldap_enabled_attribute: null
- services:
- swiftmailer.mailer.default.transport:
- class: Swift_SendmailTransport
- arguments: ['/run/wrappers/bin/sendmail -bs']
- '';
+ keys.tools-wallabag = {
+ destDir = "/run/keys/webapps";
+ user = apache.user;
+ group = apache.group;
+ permissions = "0400";
+ text = ''
+ # This file is auto-generated during the composer install
+ parameters:
+ database_driver: pdo_pgsql
+ database_driver_class: Wallabag\CoreBundle\Doctrine\DBAL\Driver\CustomPostgreSQLDriver
+ database_host: ${env.postgresql.socket}
+ database_port: ${env.postgresql.port}
+ database_name: ${env.postgresql.database}
+ database_user: ${env.postgresql.user}
+ database_password: ${env.postgresql.password}
+ database_path: null
+ database_table_prefix: wallabag_
+ database_socket: null
+ database_charset: utf8
+ domain_name: https://tools.immae.eu/wallabag
+ mailer_transport: sendmail
+ mailer_host: 127.0.0.1
+ mailer_user: null
+ mailer_password: null
+ locale: fr
+ secret: ${env.secret}
+ twofactor_auth: true
+ twofactor_sender: wallabag@tools.immae.eu
+ fosuser_registration: false
+ fosuser_confirmation: true
+ from_email: wallabag@tools.immae.eu
+ rss_limit: 50
+ rabbitmq_host: localhost
+ rabbitmq_port: 5672
+ rabbitmq_user: guest
+ rabbitmq_password: guest
+ rabbitmq_prefetch_count: 10
+ redis_scheme: unix
+ redis_host: null
+ redis_port: null
+ redis_path: ${env.redis.socket}
+ redis_password: null
+ sites_credentials: { }
+ ldap_enabled: true
+ ldap_host: ldap.immae.eu
+ ldap_port: 636
+ ldap_tls: false
+ ldap_ssl: true
+ ldap_bind_requires_dn: true
+ ldap_base: 'dc=immae,dc=eu'
+ ldap_manager_dn: 'cn=wallabag,ou=services,dc=immae,dc=eu'
+ ldap_manager_pw: ${env.ldap.password}
+ ldap_filter: '(&(memberOf=cn=users,cn=wallabag,ou=services,dc=immae,dc=eu))'
+ ldap_admin_filter: '(&(memberOf=cn=admins,cn=wallabag,ou=services,dc=immae,dc=eu)(uid=%s))'
+ ldap_username_attribute: uid
+ ldap_email_attribute: mail
+ ldap_name_attribute: cn
+ ldap_enabled_attribute: null
+ services:
+ swiftmailer.mailer.default.transport:
+ class: Swift_SendmailTransport
+ arguments: ['/run/wrappers/bin/sendmail -bs']
+ '';
+ };
webappDir = composerEnv.buildPackage rec {
packages = {
"fr3d/ldap-bundle" = {
'';
postInstall = ''
rm -rf web/assets var/{cache,logs,sessions} app/config/parameters.yml data
- ln -sf ${parameters} app/config/parameters.yml
- ln -sf ../../../../../../${varDir}/var/{cache,logs,sessions} var
- ln -sf ../../../../../${varDir}/data data
- ln -sf ../../../../../../${varDir}/assets web/assets
+ ln -sf /run/keys/webapps/tools-wallabag app/config/parameters.yml
+ ln -sf ${varDir}/var/{cache,logs,sessions} var
+ ln -sf ${varDir}/data data
+ ln -sf ${varDir}/assets web/assets
'';
};
activationScript = ''
install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
${varDir}/var ${varDir}/data/db ${varDir}/assets/images
- if [ ! -f "${varDir}/currentWebappDir" -o \
- "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then
- pushd ${webappDir} > /dev/null
- $wrapperDir/sudo -u wwwrun ./bin/console --env=prod cache:clear
- $wrapperDir/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate --no-interaction
- popd > /dev/null
- echo -n "${webappDir}" > ${varDir}/currentWebappDir
- fi
'';
webRoot = "${webappDir}/web";
# Domain migration: Table wallabag_entry contains whole
'';
};
phpFpm = rec {
- basedir = builtins.concatStringsSep ":" [ webappDir parameters varDir ];
+ preStart = ''
+ if [ ! -f "${varDir}/currentWebappDir" -o \
+ ! -f "${varDir}/currentKey" -o \
+ "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ] \
+ || ! sha512sum -c --status ${varDir}/currentKey; then
+ pushd ${webappDir} > /dev/null
+ /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod cache:clear
+ rm -rf /var/lib/wallabag/var/cache/pro_
+ /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate --no-interaction
+ popd > /dev/null
+ echo -n "${webappDir}" > ${varDir}/currentWebappDir
+ sha512sum /run/keys/webapps/tools-wallabag > ${varDir}/currentKey
+ fi
+ '';
+ serviceDeps = [ "postgresql.service" "openldap.service" "tools-wallabag-key.service" ];
+ basedir = builtins.concatStringsSep ":" [ webappDir "/run/keys/webapps/tools-wallabag" varDir ];
socket = "/var/run/phpfpm/wallabag.sock";
pool = ''
listen = ${socket}