X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=nixops%2Fmodules%2Fwebsites%2Ftools%2Ftools%2Fwallabag.nix;h=d6e588285e19eaa4159d633237d04afdcca439ac;hb=fd2d83bd2bf20fafc63daf5041db0151a4b4d17d;hp=1c08bbf63baabfafc74a0ef7279e896b0bbffffd;hpb=591ebd877b8d5465da95fd7e212da5ef747944ca;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/nixops/modules/websites/tools/tools/wallabag.nix b/nixops/modules/websites/tools/tools/wallabag.nix index 1c08bbf..d6e5882 100644 --- a/nixops/modules/websites/tools/tools/wallabag.nix +++ b/nixops/modules/websites/tools/tools/wallabag.nix @@ -1,8 +1,12 @@ -{ stdenv, fetchurl, writeText, env, composerEnv, phpPackages, php, which }: -let - wallabag = rec { - varDir = "/var/lib/wallabag"; - parameters = writeText "parameters.yml" '' +{ env, wallabag }: +rec { + varDir = "/var/lib/wallabag"; + keys = [{ + dest = "webapps/tools-wallabag"; + user = apache.user; + group = apache.group; + permissions = "0400"; + text = '' # This file is auto-generated during the composer install parameters: database_driver: pdo_pgsql @@ -24,10 +28,10 @@ let locale: fr secret: ${env.secret} twofactor_auth: true - twofactor_sender: wallabag@immae.eu + twofactor_sender: wallabag@tools.immae.eu fosuser_registration: false fosuser_confirmation: true - from_email: wallabag@immae.eu + from_email: wallabag@tools.immae.eu rss_limit: 50 rabbitmq_host: localhost rabbitmq_port: 5672 @@ -60,126 +64,85 @@ let class: Swift_SendmailTransport arguments: ['/run/wrappers/bin/sendmail -bs'] ''; - webappDir = composerEnv.buildPackage rec { - packages = { - "fr3d/ldap-bundle" = { - targetDir = ""; - src = composerEnv.buildZipPackage { - name = "fr3d-ldap-bundle-5a8927c11af45fa06331b97221c6da1a4a237475"; - src = fetchurl { - url = https://api.github.com/repos/Maks3w/FR3DLdapBundle/zipball/5a8927c11af45fa06331b97221c6da1a4a237475; - sha256 = "168zkd82j200wd6h0a3lq81g5s2pifg889rv27q2g429nppsbfxc"; - }; - }; - }; - "zendframework/zend-ldap" = { - targetDir = ""; - src = composerEnv.buildZipPackage { - name = "zendframework-zend-ldap-b63c7884a08d3a6bda60ebcf7d6238cf8ad89f49"; - src = fetchurl { - url = https://api.github.com/repos/zendframework/zend-ldap/zipball/b63c7884a08d3a6bda60ebcf7d6238cf8ad89f49; - sha256 = "0mn4yqnb5prqhrbbybmw1i2rx7xf4s4wagbdq9qi55fa0vk3jgw9"; - }; - }; - }; - }; - noDev = true; - doRemoveVendor = false; - # Beware when upgrading, I probably messed up with the migrations table - # (due to a psql bug in wallabag) - version = "2.3.6"; - name = "wallabag-${version}"; - src = fetchurl { - url = "https://static.wallabag.org/releases/wallabag-release-${version}.tar.gz"; - sha256 = "0m0dy3r94ks5pfxyb9vbgrsm0vrwdl3jd5wqwg4f5vd107lq90q1"; - }; - unpackPhase = '' - unpackFile "$src" - sourceRoot=${version} - src=$PWD/${version} - ''; - patches = [ ./wallabag_ldap.patch ]; - preInstall = '' - export SYMFONY_ENV="prod" - ''; - postInstall = '' - rm -rf web/assets var/{cache,logs,sessions} app/config/parameters.yml data - ln -sf ${parameters} app/config/parameters.yml - ln -sf ../../../../../../${varDir}/var/{cache,logs,sessions} var - ln -sf ../../../../../${varDir}/data data - ln -sf ../../../../../../${varDir}/assets web/assets + }]; + webappDir = wallabag.override { ldap = true; wallabag_config = "/var/secrets/webapps/tools-wallabag"; }; + activationScript = '' + install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ + ${varDir}/var ${varDir}/data/db ${varDir}/assets/images + ''; + webRoot = "${webappDir}/web"; + # Domain migration: Table wallabag_entry contains whole + # https://tools.immae.eu/wallabag domain name in preview_picture + apache = rec { + user = "wwwrun"; + group = "wwwrun"; + modules = [ "proxy_fcgi" ]; + webappName = "tools_wallabag"; + root = "/run/current-system/webapps/${webappName}"; + vhostConf = '' + Alias /wallabag "${root}" + + AllowOverride None + Require all granted + # For OAuth (apps) + CGIPassAuth On + + + SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" + + + + Options -MultiViews + RewriteEngine On + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule ^(.*)$ app.php [QSA,L] + + + + + RewriteEngine Off + + + + AllowOverride None + Require all granted + ''; - }; - activationScript = '' - install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ - ${varDir}/var ${varDir}/data/db ${varDir}/assets/images + }; + phpFpm = rec { + preStart = '' if [ ! -f "${varDir}/currentWebappDir" -o \ - "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then + ! -f "${varDir}/currentKey" -o \ + "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ] \ + || ! sha512sum -c --status ${varDir}/currentKey; then pushd ${webappDir} > /dev/null - $wrapperDir/sudo -u wwwrun ./bin/console --env=prod cache:clear - $wrapperDir/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate --no-interaction + /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod cache:clear + rm -rf /var/lib/wallabag/var/cache/pro_ + /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate --no-interaction popd > /dev/null echo -n "${webappDir}" > ${varDir}/currentWebappDir + sha512sum /var/secrets/webapps/tools-wallabag > ${varDir}/currentKey fi ''; - webRoot = "${webappDir}/web"; - # Domain migration: Table wallabag_entry contains whole - # https://tools.immae.eu/wallabag domain name in preview_picture - apache = { - user = "wwwrun"; - group = "wwwrun"; - modules = [ "proxy_fcgi" ]; - vhostConf = '' - Alias /wallabag "${webRoot}" - - AllowOverride None - Require all granted - # For OAuth (apps) - CGIPassAuth On + serviceDeps = [ "postgresql.service" "openldap.service" ]; + basedir = builtins.concatStringsSep ":" [ webappDir "/var/secrets/webapps/tools-wallabag" varDir ]; + socket = "/var/run/phpfpm/wallabag.sock"; + pool = '' + listen = ${socket} + user = ${apache.user} + group = ${apache.group} + listen.owner = ${apache.user} + listen.group = ${apache.group} + pm = dynamic + pm.max_children = 60 + pm.start_servers = 2 + pm.min_spare_servers = 1 + pm.max_spare_servers = 10 - - SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" - - - - Options -MultiViews - RewriteEngine On - RewriteCond %{REQUEST_FILENAME} !-f - RewriteRule ^(.*)$ app.php [QSA,L] - - - - - RewriteEngine Off - - - - AllowOverride None - Require all granted - - ''; - }; - phpFpm = rec { - basedir = builtins.concatStringsSep ":" [ webappDir parameters varDir ]; - socket = "/var/run/phpfpm/wallabag.sock"; - pool = '' - listen = ${socket} - user = ${apache.user} - group = ${apache.group} - listen.owner = ${apache.user} - listen.group = ${apache.group} - pm = dynamic - pm.max_children = 60 - pm.start_servers = 2 - pm.min_spare_servers = 1 - pm.max_spare_servers = 10 - - ; Needed to avoid clashes in browser cookies (same domain) - php_value[session.name] = WallabagPHPSESSID - php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:${basedir}:/tmp" - php_value[max_execution_time] = 300 - ''; - }; + ; Needed to avoid clashes in browser cookies (same domain) + php_value[session.name] = WallabagPHPSESSID + php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:${basedir}:/tmp" + php_value[max_execution_time] = 300 + ''; }; -in - wallabag +}