X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=nixops%2Fmodules%2Fwebsites%2Ftools%2Fdav%2Fdavical.nix;h=634359dabe0b0afa2a62133a5acaaba596885152;hb=f61d1c7cb908ab83cffe962cc73f1a86e692b6e5;hp=4d0639f3ed6346384bccc1cc9d906655277bfecc;hpb=01f21083a897b86bf148f1d2bb9c8edca4d3786a;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/nixops/modules/websites/tools/dav/davical.nix b/nixops/modules/websites/tools/dav/davical.nix index 4d0639f..634359d 100644 --- a/nixops/modules/websites/tools/dav/davical.nix +++ b/nixops/modules/websites/tools/dav/davical.nix @@ -1,160 +1,133 @@ -{ stdenv, fetchurl, gettext, writeText, env }: -let - awl = stdenv.mkDerivation rec { - version = "0.59"; - name = "awl-${version}"; - src = fetchurl { - url = "https://www.davical.org/downloads/awl_${version}.orig.tar.xz"; - sha256 = "01b7km7ga3ggbpp8axkc55nizgk5c35fl2z93iydb3hwbxmsvnjp"; - }; - unpackCmd = '' - tar --one-top-level -xf $curSrc - ''; - installPhase = '' - mkdir -p $out - cp -ra dba docs inc scripts tests $out - ''; - }; - davical = rec { - config = writeText "davical_config.php" '' - pg_connect[] = "dbname=davical user=davical_app host=db-1.immae.eu password=${env.postgresql.password}"; +{ stdenv, fetchurl, gettext, writeText, env, awl, davical }: +rec { + keys = [{ + dest = "webapps/dav-davical"; + user = apache.user; + group = apache.group; + permissions = "0400"; + text = '' + pg_connect[] = "dbname=${env.postgresql.database} user=${env.postgresql.user} host=${env.postgresql.socket} password=${env.postgresql.password}"; - $c->readonly_webdav_collections = false; + $c->readonly_webdav_collections = false; - $c->admin_email ='davical@immae.eu'; + $c->admin_email ='davical@tools.immae.eu'; - $c->restrict_setup_to_admin = true; + $c->restrict_setup_to_admin = true; - $c->collections_always_exist = false; + $c->collections_always_exist = false; - $c->external_refresh = 60; + $c->external_refresh = 60; - $c->enable_scheduling = true; + $c->enable_scheduling = true; - $c->iMIP = (object) array("send_email" => true); + $c->iMIP = (object) array("send_email" => true); - $c->authenticate_hook['optional'] = false; - $c->authenticate_hook['call'] = 'LDAP_check'; - $c->authenticate_hook['config'] = array( - 'host' => 'ldap.immae.eu', - 'port' => '389', - 'startTLS' => 'yes', - 'bindDN'=> 'cn=davical,ou=services,dc=immae,dc=eu', - 'passDN'=> '${env.ldap.password}', - 'protocolVersion' => '3', - 'baseDNUsers'=> array('ou=users,dc=immae,dc=eu', 'ou=group_users,dc=immae,dc=eu'), - 'filterUsers' => 'memberOf=cn=users,cn=davical,ou=services,dc=immae,dc=eu', - 'baseDNGroups' => 'ou=groups,dc=immae,dc=eu', - 'filterGroups' => 'memberOf=cn=groups,cn=davical,ou=services,dc=immae,dc=eu', - 'mapping_field' => array( - "username" => "uid", - "fullname" => "cn", - "email" => "mail", - "modified" => "modifyTimestamp", - ), - 'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)), - /** used to set default value for all users, will be overcharged by ldap if defined also in mapping_field **/ - // 'default_value' => array("date_format_type" => "E","locale" => "fr_FR"), - 'group_mapping_field' => array( - "username" => "cn", - "updated" => "modifyTimestamp", - "fullname" => "givenName", - "displayname" => "givenName", - "members" => "memberUid", - "email" => "mail", - ), - ); + $c->authenticate_hook['optional'] = false; + $c->authenticate_hook['call'] = 'LDAP_check'; + $c->authenticate_hook['config'] = array( + 'host' => 'ldap.immae.eu', + 'port' => '389', + 'startTLS' => 'yes', + 'bindDN'=> 'cn=davical,ou=services,dc=immae,dc=eu', + 'passDN'=> '${env.ldap.password}', + 'protocolVersion' => '3', + 'baseDNUsers'=> array('ou=users,dc=immae,dc=eu', 'ou=group_users,dc=immae,dc=eu'), + 'filterUsers' => 'memberOf=cn=users,cn=davical,ou=services,dc=immae,dc=eu', + 'baseDNGroups' => 'ou=groups,dc=immae,dc=eu', + 'filterGroups' => 'memberOf=cn=groups,cn=davical,ou=services,dc=immae,dc=eu', + 'mapping_field' => array( + "username" => "uid", + "fullname" => "cn", + "email" => "mail", + "modified" => "modifyTimestamp", + ), + 'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)), + /** used to set default value for all users, will be overcharged by ldap if defined also in mapping_field **/ + // 'default_value' => array("date_format_type" => "E","locale" => "fr_FR"), + 'group_mapping_field' => array( + "username" => "cn", + "updated" => "modifyTimestamp", + "fullname" => "givenName", + "displayname" => "givenName", + "members" => "memberUid", + "email" => "mail", + ), + ); - $c->do_not_sync_from_ldap = array('admin' => true); - include('drivers_ldap.php'); - ''; - webapp = stdenv.mkDerivation rec { - version = "1.1.7"; - name = "davical-${version}"; - src = fetchurl { - url = "https://www.davical.org/downloads/davical_${version}.orig.tar.xz"; - sha256 = "1ar5m2dxr92b204wkdi8z33ir9vz2jbh5k1p74icpv9ywifvjjp9"; - }; - unpackCmd = '' - tar --one-top-level -xf $curSrc - ''; - makeFlags = "all"; - patches = [ ./davical_19eb79ebf9250e5f339675319902458c40ed1755.patch ]; - installPhase = '' - mkdir -p $out - cp -ra config dba docs htdocs inc locale po scripts testing zonedb $out - ln -s ${config} $out/config/config.php - ''; - buildInputs = [ gettext ]; - }; - webRoot = "${webapp}/htdocs"; - apache = { - user = "wwwrun"; - group = "wwwrun"; - modules = [ "proxy_fcgi" ]; - vhostConf = '' - Alias /davical "${webRoot}" - Alias /caldav.php "${webRoot}/caldav.php" - - DirectoryIndex index.php index.html - AcceptPathInfo On - AllowOverride None - Require all granted + $c->do_not_sync_from_ldap = array('admin' => true); + include('drivers_ldap.php'); + ''; + }]; + webapp = davical.override { davical_config = "/var/secrets/webapps/dav-davical"; }; + webRoot = "${webapp}/htdocs"; + apache = rec { + user = "wwwrun"; + group = "wwwrun"; + modules = [ "proxy_fcgi" ]; + webappName = "tools_davical"; + root = "/run/current-system/webapps/${webappName}"; + vhostConf = '' + Alias /davical "${root}" + Alias /caldav.php "${root}/caldav.php" + + DirectoryIndex index.php index.html + AcceptPathInfo On + AllowOverride None + Require all granted - - CGIPassAuth on - SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" - + + CGIPassAuth on + SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" + - RewriteEngine On - - Header unset Access-Control-Allow-Origin - Header unset Access-Control-Allow-Methods - Header unset Access-Control-Allow-Headers - Header unset Access-Control-Allow-Credentials - Header unset Access-Control-Expose-Headers + RewriteEngine On + + Header unset Access-Control-Allow-Origin + Header unset Access-Control-Allow-Methods + Header unset Access-Control-Allow-Headers + Header unset Access-Control-Allow-Credentials + Header unset Access-Control-Expose-Headers - Header always set Access-Control-Allow-Origin "*" - Header always set Access-Control-Allow-Methods "GET,POST,OPTIONS,PROPFIND,PROPPATCH,REPORT,PUT,MOVE,DELETE,LOCK,UNLOCK" - Header always set Access-Control-Allow-Headers "User-Agent,Authorization,Content-type,Depth,If-match,If-None-Match,Lock-Token,Timeout,Destination,Overwrite,Prefer,X-client,X-Requested-With" - Header always set Access-Control-Allow-Credentials false - Header always set Access-Control-Expose-Headers "Etag,Preference-Applied" + Header always set Access-Control-Allow-Origin "*" + Header always set Access-Control-Allow-Methods "GET,POST,OPTIONS,PROPFIND,PROPPATCH,REPORT,PUT,MOVE,DELETE,LOCK,UNLOCK" + Header always set Access-Control-Allow-Headers "User-Agent,Authorization,Content-type,Depth,If-match,If-None-Match,Lock-Token,Timeout,Destination,Overwrite,Prefer,X-client,X-Requested-With" + Header always set Access-Control-Allow-Credentials false + Header always set Access-Control-Expose-Headers "Etag,Preference-Applied" - RewriteCond %{HTTP:Access-Control-Request-Method} !^$ - RewriteCond %{REQUEST_METHOD} OPTIONS - RewriteRule ^(.*)$ $1 [R=200,L] - - - ''; - }; - phpFpm = rec { - basedir = builtins.concatStringsSep ":" [ webapp config awl ]; - socket = "/var/run/phpfpm/davical.sock"; - pool = '' - listen = ${socket} - user = ${apache.user} - group = ${apache.group} - listen.owner = ${apache.user} - listen.group = ${apache.group} - pm = dynamic - pm.max_children = 60 - pm.start_servers = 2 - pm.min_spare_servers = 1 - pm.max_spare_servers = 10 + RewriteCond %{HTTP:Access-Control-Request-Method} !^$ + RewriteCond %{REQUEST_METHOD} OPTIONS + RewriteRule ^(.*)$ $1 [R=200,L] + + + ''; + }; + phpFpm = rec { + serviceDeps = [ "postgresql.service" "openldap.service" ]; + basedir = builtins.concatStringsSep ":" [ webapp "/var/secrets/webapps/dav-davical" awl ]; + socket = "/var/run/phpfpm/davical.sock"; + pool = '' + listen = ${socket} + user = ${apache.user} + group = ${apache.group} + listen.owner = ${apache.user} + listen.group = ${apache.group} + pm = dynamic + pm.max_children = 60 + pm.start_servers = 2 + pm.min_spare_servers = 1 + pm.max_spare_servers = 10 - ; Needed to avoid clashes in browser cookies (same domain) - php_value[session.name] = DavicalPHPSESSID - php_admin_value[open_basedir] = "${basedir}:/tmp" - php_admin_value[include_path] = "${awl}/inc:${webapp}/inc" - php_admin_value[session.save_path] = "/var/lib/php/sessions/davical" - php_flag[magic_quotes_gpc] = Off - php_flag[register_globals] = Off - php_admin_value[error_reporting] = "E_ALL & ~E_NOTICE" - php_admin_value[default_charset] = "utf-8" - php_flag[magic_quotes_runtime] = Off - ''; - }; + ; Needed to avoid clashes in browser cookies (same domain) + php_value[session.name] = DavicalPHPSESSID + php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/davical" + php_admin_value[include_path] = "${awl}/inc:${webapp}/inc" + php_admin_value[session.save_path] = "/var/lib/php/sessions/davical" + php_flag[magic_quotes_gpc] = Off + php_flag[register_globals] = Off + php_admin_value[error_reporting] = "E_ALL & ~E_NOTICE" + php_admin_value[default_charset] = "utf-8" + php_flag[magic_quotes_runtime] = Off + ''; }; -in - davical +}