X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Ftools%2Fgit%2Fmantisbt.nix;h=2ef76afe0637a4edd1b5c4ce48cae2fbf615fe64;hb=c4ce398447c0e71d1a448c3ef42bf8737867ccc5;hp=d0d7a9887d7baaa5d42abcae0d413245edd17c72;hpb=ab8f306d7c2c49b8116e1af7b355ed2384617ed9;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/private/websites/tools/git/mantisbt.nix b/modules/private/websites/tools/git/mantisbt.nix index d0d7a98..2ef76af 100644 --- a/modules/private/websites/tools/git/mantisbt.nix +++ b/modules/private/websites/tools/git/mantisbt.nix @@ -1,4 +1,4 @@ -{ env, mantisbt_2, mantisbt_2-plugins }: +{ env, mantisbt_2, mantisbt_2-plugins, config }: rec { activationScript = { deps = [ "httpd" ]; @@ -6,8 +6,7 @@ rec { install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/mantisbt ''; }; - keys = [{ - dest = "webapps/tools-mantisbt"; + keys."webapps/tools-mantisbt" = { user = apache.user; group = apache.group; permissions = "0400"; @@ -31,7 +30,7 @@ rec { $g_from_email = 'mantisbt@tools.immae.eu'; $g_return_path_email = 'mantisbt@tools.immae.eu'; $g_from_name = 'Mantis Bug Tracker at git.immae.eu'; - $g_email_receive_own = OFF; + $g_email_receive_own = ON; # --- LDAP --- $g_login_method = LDAP; $g_ldap_protocol_version = 3; @@ -45,23 +44,23 @@ rec { $g_ldap_realname_field = 'cn'; $g_ldap_organization = '${env.ldap.filter}'; ''; - }]; - webRoot = (mantisbt_2.override { mantis_config = "/var/secrets/webapps/tools-mantisbt"; }).withPlugins (builtins.attrValues mantisbt_2-plugins); + }; + webRoot = (mantisbt_2.override { mantis_config = config.secrets.fullPaths."webapps/tools-mantisbt"; }).withPlugins (p: [p.slack p.source-integration]); apache = rec { user = "wwwrun"; group = "wwwrun"; modules = [ "proxy_fcgi" ]; - webappName = "tools_mantisbt"; - root = "/run/current-system/webapps/${webappName}"; - vhostConf = '' + root = webRoot; + vhostConf = socket: '' Alias /mantisbt "${root}" DirectoryIndex index.php - SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" + SetHandler "proxy:unix:${socket}|fcgi://localhost" AllowOverride All + SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 Options FollowSymlinks Require all granted @@ -74,23 +73,19 @@ rec { phpFpm = rec { serviceDeps = [ "postgresql.service" "openldap.service" ]; basedir = builtins.concatStringsSep ":" ( - [ webRoot "/var/secrets/webapps/tools-mantisbt" ] + [ webRoot config.secrets.fullPaths."webapps/tools-mantisbt" ] ++ webRoot.plugins); - socket = "/var/run/phpfpm/mantisbt.sock"; - pool = '' - listen = ${socket} - user = ${apache.user} - group = ${apache.group} - listen.owner = ${apache.user} - listen.group = ${apache.group} - pm = ondemand - pm.max_children = 60 - pm.process_idle_timeout = 60 + pool = { + "listen.owner" = apache.user; + "listen.group" = apache.group; + "pm" = "ondemand"; + "pm.max_children" = "60"; + "pm.process_idle_timeout" = "60"; - php_admin_value[upload_max_filesize] = 5000000 + "php_admin_value[upload_max_filesize]" = "5000000"; - php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/mantisbt" - php_admin_value[session.save_path] = "/var/lib/php/sessions/mantisbt" - ''; + "php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/mantisbt"; + "php_admin_value[session.save_path]" = "/var/lib/php/sessions/mantisbt"; + }; }; }