X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Ftasks%2Fdefault.nix;h=5e1ac1eaa6d4df882db78e5283911a3b443f7f5b;hb=dcac3ec730176549cd52a9a42db2001dc652c30d;hp=b2191c0e025a393555711a240d9b093064102bab;hpb=6a8252b11bb02f3e67857d5a9d733b1affa6a625;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/private/tasks/default.nix b/modules/private/tasks/default.nix index b2191c0..5e1ac1e 100644 --- a/modules/private/tasks/default.nix +++ b/modules/private/tasks/default.nix @@ -1,10 +1,10 @@ -{ lib, pkgs, config, myconfig, ... }: +{ lib, pkgs, config, ... }: let cfg = config.myServices.tasks; server_vardir = config.services.taskserver.dataDir; fqdn = "task.immae.eu"; user = config.services.taskserver.user; - env = myconfig.env.tools.task; + env = config.myEnv.tools.task; group = config.services.taskserver.group; taskserver-user-certs = pkgs.runCommand "taskserver-user-certs" {} '' mkdir -p $out/bin @@ -86,7 +86,7 @@ in { }; config = lib.mkIf cfg.enable { - services.backup.profiles.tasks = { + services.duplyBackup.profiles.tasks = { rootDir = "/var/lib"; excludeFile = '' + /var/lib/taskserver @@ -107,7 +107,7 @@ in { SetEnv TASKD_LDAP_DN "${env.ldap.dn}" SetEnv TASKD_LDAP_PASSWORD "${env.ldap.password}" SetEnv TASKD_LDAP_BASE "${env.ldap.base}" - SetEnv TASKD_LDAP_FILTER "${env.ldap.search}" + SetEnv TASKD_LDAP_FILTER "${env.ldap.filter}" ''; }]; services.websites.env.tools.watchPaths = [ "/var/secrets/webapps/tools-taskwarrior-web" ]; @@ -123,7 +123,7 @@ in { Use LDAPConnect Require ldap-group cn=users,cn=taskwarrior,ou=services,dc=immae,dc=eu - SetHandler "proxy:unix:/var/run/phpfpm/task.sock|fcgi://localhost" + SetHandler "proxy:unix:${config.services.phpfpm.pools.tasks.socket}|fcgi://localhost" Include /var/secrets/webapps/tools-taskwarrior-web @@ -170,31 +170,34 @@ in { '') env.taskwarrior-web); }; - services.phpfpm.poolConfigs = { - tasks = '' - listen = /var/run/phpfpm/task.sock - user = ${user} - group = ${group} - listen.owner = wwwrun - listen.group = wwwrun - pm = dynamic - pm.max_children = 60 - pm.start_servers = 2 - pm.min_spare_servers = 1 - pm.max_spare_servers = 10 + services.phpfpm.pools = { + tasks = { + user = user; + group = group; + settings = { + "listen.owner" = "wwwrun"; + "listen.group" = "wwwrun"; + "pm" = "dynamic"; + "pm.max_children" = "60"; + "pm.start_servers" = "2"; + "pm.min_spare_servers" = "1"; + "pm.max_spare_servers" = "10"; - ; Needed to avoid clashes in browser cookies (same domain) - env[PATH] = "/etc/profiles/per-user/${user}/bin" - php_value[session.name] = TaskPHPSESSID - php_admin_value[open_basedir] = "${./www}:/tmp:${server_vardir}:/etc/profiles/per-user/${user}/bin/" - ''; + # Needed to avoid clashes in browser cookies (same domain) + "php_value[session.name]" = "TaskPHPSESSID"; + "php_admin_value[open_basedir]" = "${./www}:/tmp:${server_vardir}:/etc/profiles/per-user/${user}/bin/"; + }; + phpEnv = { + PATH = "/etc/profiles/per-user/${user}/bin"; + }; + phpPackage = pkgs.php72; + }; }; - myServices.websites.webappDirs._task = ./www; + services.websites.webappDirs._task = ./www; - security.acme.certs."task" = config.services.myCertificates.certConfig // { + security.acme.certs."task" = config.myServices.certificates.certConfig // { inherit user group; - plugins = [ "fullchain.pem" "key.pem" "cert.pem" "account_key.json" ]; domain = fqdn; postRun = '' systemctl restart taskserver.service @@ -244,9 +247,9 @@ in { inherit fqdn; listenHost = "::"; pki.manual.ca.cert = "${server_vardir}/keys/ca.cert"; - pki.manual.server.cert = "${config.security.acme.directory}/task/fullchain.pem"; - pki.manual.server.crl = "${config.security.acme.directory}/task/invalid.crl"; - pki.manual.server.key = "${config.security.acme.directory}/task/key.pem"; + pki.manual.server.cert = "${config.security.acme.certs.task.directory}/fullchain.pem"; + pki.manual.server.crl = "${config.security.acme.certs.task.directory}/invalid.crl"; + pki.manual.server.key = "${config.security.acme.certs.task.directory}/key.pem"; requestLimit = 104857600; };