X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Ftools%2Ftools%2Fttrss.nix;h=eb1d415f73d399f8927702b62a04517301b82631;hb=da30ae4ffdd153a1eb32fb86f9ca9a65aa19e4e2;hp=05c8cab04452831878754e25e9594892105b4c8b;hpb=4288c2f2431fb782b0d512b1b3749187f2374b6a;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/private/websites/tools/tools/ttrss.nix b/modules/private/websites/tools/tools/ttrss.nix index 05c8cab..eb1d415 100644 --- a/modules/private/websites/tools/tools/ttrss.nix +++ b/modules/private/websites/tools/tools/ttrss.nix @@ -1,5 +1,8 @@ -{ php, env, ttrss, ttrss-plugins }: +{ php, env, ttrss, ttrss-plugins, config }: rec { + backups = { + rootDir = varDir; + }; varDir = "/var/lib/ttrss"; activationScript = { deps = [ "wrappers" ]; @@ -70,14 +73,14 @@ rec { define('SMTP_FROM_ADDRESS', 'ttrss@tools.immae.eu'); define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours'); - define('LDAP_AUTH_SERVER_URI', 'ldap://ldap.immae.eu:389/'); + define('LDAP_AUTH_SERVER_URI', 'ldap://${env.ldap.host}:389/'); define('LDAP_AUTH_USETLS', TRUE); define('LDAP_AUTH_ALLOW_UNTRUSTED_CERT', TRUE); - define('LDAP_AUTH_BASEDN', 'dc=immae,dc=eu'); + define('LDAP_AUTH_BASEDN', '${env.ldap.base}'); define('LDAP_AUTH_ANONYMOUSBEFOREBIND', FALSE); - define('LDAP_AUTH_SEARCHFILTER', '(&(memberOf=cn=users,cn=ttrss,ou=services,dc=immae,dc=eu)(|(cn=???)(uid=???)(&(uid:dn:=???)(ou=ttrss))))'); + define('LDAP_AUTH_SEARCHFILTER', '${env.ldap.filter}'); - define('LDAP_AUTH_BINDDN', 'cn=ttrss,ou=services,dc=immae,dc=eu'); + define('LDAP_AUTH_BINDDN', '${env.ldap.dn}'); define('LDAP_AUTH_BINDPW', '${env.ldap.password}'); define('LDAP_AUTH_LOGIN_ATTRIB', 'immaeTtrssLogin'); @@ -85,19 +88,23 @@ rec { define('LDAP_AUTH_DEBUG', FALSE); ''; }]; - webRoot = (ttrss.override { ttrss_config = "/var/secrets/webapps/tools-ttrss"; }).withPlugins (builtins.attrValues ttrss-plugins); + webRoot = (ttrss.override { ttrss_config = config.secrets.fullPaths."webapps/tools-ttrss"; }).withPlugins (p: [ + p.auth_ldap p.ff_instagram p.tumblr_gdpr_ua + (p.af_feedmod.override { patched = true; }) + (p.feediron.override { patched = true; }) + ]); apache = rec { user = "wwwrun"; group = "wwwrun"; modules = [ "proxy_fcgi" ]; webappName = "tools_ttrss"; root = "/run/current-system/webapps/${webappName}"; - vhostConf = '' + vhostConf = socket: '' Alias /ttrss "${root}" DirectoryIndex index.php - SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" + SetHandler "proxy:unix:${socket}|fcgi://localhost" AllowOverride All @@ -109,23 +116,19 @@ rec { phpFpm = rec { serviceDeps = [ "postgresql.service" "openldap.service" ]; basedir = builtins.concatStringsSep ":" ( - [ webRoot "/var/secrets/webapps/tools-ttrss" varDir ] + [ webRoot config.secrets.fullPaths."webapps/tools-ttrss" varDir ] ++ webRoot.plugins); - socket = "/var/run/phpfpm/ttrss.sock"; - pool = '' - listen = ${socket} - user = ${apache.user} - group = ${apache.group} - listen.owner = ${apache.user} - listen.group = ${apache.group} - pm = ondemand - pm.max_children = 60 - pm.process_idle_timeout = 60 - - ; Needed to avoid clashes in browser cookies (same domain) - php_value[session.name] = TtrssPHPSESSID - php_admin_value[open_basedir] = "${basedir}:/tmp" - php_admin_value[session.save_path] = "${varDir}/phpSessions" - ''; + pool = { + "listen.owner" = apache.user; + "listen.group" = apache.group; + "pm" = "ondemand"; + "pm.max_children" = "60"; + "pm.process_idle_timeout" = "60"; + + # Needed to avoid clashes in browser cookies (same domain) + "php_value[session.name]" = "TtrssPHPSESSID"; + "php_admin_value[open_basedir]" = "${basedir}:/tmp"; + "php_admin_value[session.save_path]" = "${varDir}/phpSessions"; + }; }; }