X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=nixops%2Fmodules%2Fwebsites%2Ftools%2Ftools%2Fwallabag.nix;h=0cacad329762b0bbb9fdb9f2f2b878e033f3f5a0;hb=85f5ed68104de9edd8f8e532dc0c2de931e3ca1b;hp=4bda8089a5d3df7c196a25e4f5f71209478defaf;hpb=01f21083a897b86bf148f1d2bb9c8edca4d3786a;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/nixops/modules/websites/tools/tools/wallabag.nix b/nixops/modules/websites/tools/tools/wallabag.nix index 4bda808..0cacad3 100644 --- a/nixops/modules/websites/tools/tools/wallabag.nix +++ b/nixops/modules/websites/tools/tools/wallabag.nix @@ -2,60 +2,70 @@ let wallabag = rec { varDir = "/var/lib/wallabag"; - parameters = writeText "parameters.yml" '' - # This file is auto-generated during the composer install - parameters: - database_driver: pdo_pgsql - database_driver_class: Wallabag\CoreBundle\Doctrine\DBAL\Driver\CustomPostgreSQLDriver - database_host: ${env.postgresql.socket} - database_port: ${env.postgresql.port} - database_name: ${env.postgresql.database} - database_user: ${env.postgresql.user} - database_password: ${env.postgresql.password} - database_path: null - database_table_prefix: wallabag_ - database_socket: null - database_charset: utf8 - domain_name: https://tools.immae.eu/wallabag - mailer_transport: smtp - mailer_host: mail.immae.eu - mailer_user: null - mailer_password: null - locale: fr - secret: ${env.secret} - twofactor_auth: true - twofactor_sender: wallabag@immae.eu - fosuser_registration: false - fosuser_confirmation: true - from_email: wallabag@immae.eu - rss_limit: 50 - rabbitmq_host: localhost - rabbitmq_port: 5672 - rabbitmq_user: guest - rabbitmq_password: guest - rabbitmq_prefetch_count: 10 - redis_scheme: unix - redis_host: null - redis_port: null - redis_path: ${env.redis.socket} - redis_password: null - sites_credentials: { } - ldap_enabled: true - ldap_host: ldap.immae.eu - ldap_port: 636 - ldap_tls: false - ldap_ssl: true - ldap_bind_requires_dn: true - ldap_base: 'dc=immae,dc=eu' - ldap_manager_dn: 'cn=wallabag,ou=services,dc=immae,dc=eu' - ldap_manager_pw: ${env.ldap.password} - ldap_filter: '(&(memberOf=cn=users,cn=wallabag,ou=services,dc=immae,dc=eu))' - ldap_admin_filter: '(&(memberOf=cn=admins,cn=wallabag,ou=services,dc=immae,dc=eu)(uid=%s))' - ldap_username_attribute: uid - ldap_email_attribute: mail - ldap_name_attribute: cn - ldap_enabled_attribute: null - ''; + keys.tools-wallabag = { + destDir = "/run/keys/webapps"; + user = apache.user; + group = apache.group; + permissions = "0400"; + text = '' + # This file is auto-generated during the composer install + parameters: + database_driver: pdo_pgsql + database_driver_class: Wallabag\CoreBundle\Doctrine\DBAL\Driver\CustomPostgreSQLDriver + database_host: ${env.postgresql.socket} + database_port: ${env.postgresql.port} + database_name: ${env.postgresql.database} + database_user: ${env.postgresql.user} + database_password: ${env.postgresql.password} + database_path: null + database_table_prefix: wallabag_ + database_socket: null + database_charset: utf8 + domain_name: https://tools.immae.eu/wallabag + mailer_transport: sendmail + mailer_host: 127.0.0.1 + mailer_user: null + mailer_password: null + locale: fr + secret: ${env.secret} + twofactor_auth: true + twofactor_sender: wallabag@tools.immae.eu + fosuser_registration: false + fosuser_confirmation: true + from_email: wallabag@tools.immae.eu + rss_limit: 50 + rabbitmq_host: localhost + rabbitmq_port: 5672 + rabbitmq_user: guest + rabbitmq_password: guest + rabbitmq_prefetch_count: 10 + redis_scheme: unix + redis_host: null + redis_port: null + redis_path: ${env.redis.socket} + redis_password: null + sites_credentials: { } + ldap_enabled: true + ldap_host: ldap.immae.eu + ldap_port: 636 + ldap_tls: false + ldap_ssl: true + ldap_bind_requires_dn: true + ldap_base: 'dc=immae,dc=eu' + ldap_manager_dn: 'cn=wallabag,ou=services,dc=immae,dc=eu' + ldap_manager_pw: ${env.ldap.password} + ldap_filter: '(&(memberOf=cn=users,cn=wallabag,ou=services,dc=immae,dc=eu))' + ldap_admin_filter: '(&(memberOf=cn=admins,cn=wallabag,ou=services,dc=immae,dc=eu)(uid=%s))' + ldap_username_attribute: uid + ldap_email_attribute: mail + ldap_name_attribute: cn + ldap_enabled_attribute: null + services: + swiftmailer.mailer.default.transport: + class: Swift_SendmailTransport + arguments: ['/run/wrappers/bin/sendmail -bs'] + ''; + }; webappDir = composerEnv.buildPackage rec { packages = { "fr3d/ldap-bundle" = { @@ -100,10 +110,10 @@ let ''; postInstall = '' rm -rf web/assets var/{cache,logs,sessions} app/config/parameters.yml data - ln -sf ${parameters} app/config/parameters.yml - ln -sf ../../../../../../${varDir}/var/{cache,logs,sessions} var - ln -sf ../../../../../${varDir}/data data - ln -sf ../../../../../../${varDir}/assets web/assets + ln -sf /run/keys/webapps/tools-wallabag app/config/parameters.yml + ln -sf ${varDir}/var/{cache,logs,sessions} var + ln -sf ${varDir}/data data + ln -sf ${varDir}/assets web/assets ''; }; activationScript = '' @@ -113,6 +123,7 @@ let "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then pushd ${webappDir} > /dev/null $wrapperDir/sudo -u wwwrun ./bin/console --env=prod cache:clear + rm -rf /var/lib/wallabag/var/cache/pro_ $wrapperDir/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate --no-interaction popd > /dev/null echo -n "${webappDir}" > ${varDir}/currentWebappDir @@ -121,13 +132,15 @@ let webRoot = "${webappDir}/web"; # Domain migration: Table wallabag_entry contains whole # https://tools.immae.eu/wallabag domain name in preview_picture - apache = { + apache = rec { user = "wwwrun"; group = "wwwrun"; modules = [ "proxy_fcgi" ]; + webappName = "tools_wallabag"; + root = "/run/current-system/webapps/${webappName}"; vhostConf = '' - Alias /wallabag "${webRoot}" - + Alias /wallabag "${root}" + AllowOverride None Require all granted # For OAuth (apps) @@ -144,7 +157,7 @@ let RewriteRule ^(.*)$ app.php [QSA,L] - + RewriteEngine Off @@ -156,7 +169,8 @@ let ''; }; phpFpm = rec { - basedir = builtins.concatStringsSep ":" [ webappDir parameters varDir ]; + serviceDeps = [ "postgresql.service" "openldap.service" "tools-wallabag-key.service" ]; + basedir = builtins.concatStringsSep ":" [ webappDir "/run/keys/webapps/tools-wallabag" varDir ]; socket = "/var/run/phpfpm/wallabag.sock"; pool = '' listen = ${socket} @@ -172,7 +186,7 @@ let ; Needed to avoid clashes in browser cookies (same domain) php_value[session.name] = WallabagPHPSESSID - php_admin_value[open_basedir] = "${basedir}:/tmp" + php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:${basedir}:/tmp" php_value[max_execution_time] = 300 ''; };