X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=nixops%2Fmodules%2Fwebsites%2Ftools%2Ftools%2Fwallabag.nix;h=d6e588285e19eaa4159d633237d04afdcca439ac;hb=fd2d83bd2bf20fafc63daf5041db0151a4b4d17d;hp=1c08bbf63baabfafc74a0ef7279e896b0bbffffd;hpb=591ebd877b8d5465da95fd7e212da5ef747944ca;p=perso%2FImmae%2FConfig%2FNix.git
diff --git a/nixops/modules/websites/tools/tools/wallabag.nix b/nixops/modules/websites/tools/tools/wallabag.nix
index 1c08bbf..d6e5882 100644
--- a/nixops/modules/websites/tools/tools/wallabag.nix
+++ b/nixops/modules/websites/tools/tools/wallabag.nix
@@ -1,8 +1,12 @@
-{ stdenv, fetchurl, writeText, env, composerEnv, phpPackages, php, which }:
-let
- wallabag = rec {
- varDir = "/var/lib/wallabag";
- parameters = writeText "parameters.yml" ''
+{ env, wallabag }:
+rec {
+ varDir = "/var/lib/wallabag";
+ keys = [{
+ dest = "webapps/tools-wallabag";
+ user = apache.user;
+ group = apache.group;
+ permissions = "0400";
+ text = ''
# This file is auto-generated during the composer install
parameters:
database_driver: pdo_pgsql
@@ -24,10 +28,10 @@ let
locale: fr
secret: ${env.secret}
twofactor_auth: true
- twofactor_sender: wallabag@immae.eu
+ twofactor_sender: wallabag@tools.immae.eu
fosuser_registration: false
fosuser_confirmation: true
- from_email: wallabag@immae.eu
+ from_email: wallabag@tools.immae.eu
rss_limit: 50
rabbitmq_host: localhost
rabbitmq_port: 5672
@@ -60,126 +64,85 @@ let
class: Swift_SendmailTransport
arguments: ['/run/wrappers/bin/sendmail -bs']
'';
- webappDir = composerEnv.buildPackage rec {
- packages = {
- "fr3d/ldap-bundle" = {
- targetDir = "";
- src = composerEnv.buildZipPackage {
- name = "fr3d-ldap-bundle-5a8927c11af45fa06331b97221c6da1a4a237475";
- src = fetchurl {
- url = https://api.github.com/repos/Maks3w/FR3DLdapBundle/zipball/5a8927c11af45fa06331b97221c6da1a4a237475;
- sha256 = "168zkd82j200wd6h0a3lq81g5s2pifg889rv27q2g429nppsbfxc";
- };
- };
- };
- "zendframework/zend-ldap" = {
- targetDir = "";
- src = composerEnv.buildZipPackage {
- name = "zendframework-zend-ldap-b63c7884a08d3a6bda60ebcf7d6238cf8ad89f49";
- src = fetchurl {
- url = https://api.github.com/repos/zendframework/zend-ldap/zipball/b63c7884a08d3a6bda60ebcf7d6238cf8ad89f49;
- sha256 = "0mn4yqnb5prqhrbbybmw1i2rx7xf4s4wagbdq9qi55fa0vk3jgw9";
- };
- };
- };
- };
- noDev = true;
- doRemoveVendor = false;
- # Beware when upgrading, I probably messed up with the migrations table
- # (due to a psql bug in wallabag)
- version = "2.3.6";
- name = "wallabag-${version}";
- src = fetchurl {
- url = "https://static.wallabag.org/releases/wallabag-release-${version}.tar.gz";
- sha256 = "0m0dy3r94ks5pfxyb9vbgrsm0vrwdl3jd5wqwg4f5vd107lq90q1";
- };
- unpackPhase = ''
- unpackFile "$src"
- sourceRoot=${version}
- src=$PWD/${version}
- '';
- patches = [ ./wallabag_ldap.patch ];
- preInstall = ''
- export SYMFONY_ENV="prod"
- '';
- postInstall = ''
- rm -rf web/assets var/{cache,logs,sessions} app/config/parameters.yml data
- ln -sf ${parameters} app/config/parameters.yml
- ln -sf ../../../../../../${varDir}/var/{cache,logs,sessions} var
- ln -sf ../../../../../${varDir}/data data
- ln -sf ../../../../../../${varDir}/assets web/assets
+ }];
+ webappDir = wallabag.override { ldap = true; wallabag_config = "/var/secrets/webapps/tools-wallabag"; };
+ activationScript = ''
+ install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
+ ${varDir}/var ${varDir}/data/db ${varDir}/assets/images
+ '';
+ webRoot = "${webappDir}/web";
+ # Domain migration: Table wallabag_entry contains whole
+ # https://tools.immae.eu/wallabag domain name in preview_picture
+ apache = rec {
+ user = "wwwrun";
+ group = "wwwrun";
+ modules = [ "proxy_fcgi" ];
+ webappName = "tools_wallabag";
+ root = "/run/current-system/webapps/${webappName}";
+ vhostConf = ''
+ Alias /wallabag "${root}"
+
+ AllowOverride None
+ Require all granted
+ # For OAuth (apps)
+ CGIPassAuth On
+
+
+ SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+
+
+
+ Options -MultiViews
+ RewriteEngine On
+ RewriteCond %{REQUEST_FILENAME} !-f
+ RewriteRule ^(.*)$ app.php [QSA,L]
+
+
+
+
+ RewriteEngine Off
+
+
+
+ AllowOverride None
+ Require all granted
+
'';
- };
- activationScript = ''
- install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
- ${varDir}/var ${varDir}/data/db ${varDir}/assets/images
+ };
+ phpFpm = rec {
+ preStart = ''
if [ ! -f "${varDir}/currentWebappDir" -o \
- "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then
+ ! -f "${varDir}/currentKey" -o \
+ "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ] \
+ || ! sha512sum -c --status ${varDir}/currentKey; then
pushd ${webappDir} > /dev/null
- $wrapperDir/sudo -u wwwrun ./bin/console --env=prod cache:clear
- $wrapperDir/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate --no-interaction
+ /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod cache:clear
+ rm -rf /var/lib/wallabag/var/cache/pro_
+ /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate --no-interaction
popd > /dev/null
echo -n "${webappDir}" > ${varDir}/currentWebappDir
+ sha512sum /var/secrets/webapps/tools-wallabag > ${varDir}/currentKey
fi
'';
- webRoot = "${webappDir}/web";
- # Domain migration: Table wallabag_entry contains whole
- # https://tools.immae.eu/wallabag domain name in preview_picture
- apache = {
- user = "wwwrun";
- group = "wwwrun";
- modules = [ "proxy_fcgi" ];
- vhostConf = ''
- Alias /wallabag "${webRoot}"
-
- AllowOverride None
- Require all granted
- # For OAuth (apps)
- CGIPassAuth On
+ serviceDeps = [ "postgresql.service" "openldap.service" ];
+ basedir = builtins.concatStringsSep ":" [ webappDir "/var/secrets/webapps/tools-wallabag" varDir ];
+ socket = "/var/run/phpfpm/wallabag.sock";
+ pool = ''
+ listen = ${socket}
+ user = ${apache.user}
+ group = ${apache.group}
+ listen.owner = ${apache.user}
+ listen.group = ${apache.group}
+ pm = dynamic
+ pm.max_children = 60
+ pm.start_servers = 2
+ pm.min_spare_servers = 1
+ pm.max_spare_servers = 10
-
- SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
-
-
-
- Options -MultiViews
- RewriteEngine On
- RewriteCond %{REQUEST_FILENAME} !-f
- RewriteRule ^(.*)$ app.php [QSA,L]
-
-
-
-
- RewriteEngine Off
-
-
-
- AllowOverride None
- Require all granted
-
- '';
- };
- phpFpm = rec {
- basedir = builtins.concatStringsSep ":" [ webappDir parameters varDir ];
- socket = "/var/run/phpfpm/wallabag.sock";
- pool = ''
- listen = ${socket}
- user = ${apache.user}
- group = ${apache.group}
- listen.owner = ${apache.user}
- listen.group = ${apache.group}
- pm = dynamic
- pm.max_children = 60
- pm.start_servers = 2
- pm.min_spare_servers = 1
- pm.max_spare_servers = 10
-
- ; Needed to avoid clashes in browser cookies (same domain)
- php_value[session.name] = WallabagPHPSESSID
- php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:${basedir}:/tmp"
- php_value[max_execution_time] = 300
- '';
- };
+ ; Needed to avoid clashes in browser cookies (same domain)
+ php_value[session.name] = WallabagPHPSESSID
+ php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:${basedir}:/tmp"
+ php_value[max_execution_time] = 300
+ '';
};
-in
- wallabag
+}