X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=nixops%2Fmodules%2Fwebsites%2Ftools%2Ftools%2Fyourls.nix;h=df1b3a2e822c95116599afa1af242735dc6b65d0;hb=b44b42a15197813060bf9405d5a07b8b2c699af5;hp=b97dac997ac2c207da301a3992248945f572a6d4;hpb=01f21083a897b86bf148f1d2bb9c8edca4d3786a;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/nixops/modules/websites/tools/tools/yourls.nix b/nixops/modules/websites/tools/tools/yourls.nix
index b97dac9..df1b3a2 100644
--- a/nixops/modules/websites/tools/tools/yourls.nix
+++ b/nixops/modules/websites/tools/tools/yourls.nix
@@ -1,102 +1,90 @@
-{ lib, env, writeText, stdenv, fetchedGithub }:
-let
-  yourls = let
-    plugins = {
-      ldap = stdenv.mkDerivation (fetchedGithub ./yourls-ldap-plugin.json // rec {
-        installPhase = ''
-          mkdir -p $out
-          cp plugin.php $out/
-          '';
-      });
-    };
-  in rec {
-    activationScript = ''
-      install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/yourls
-    '';
-    config = writeText "config.php" ''
-        <?php
-        define( 'YOURLS_DB_USER', '${env.mysql.user}' );
-        define( 'YOURLS_DB_PASS', '${env.mysql.password}' );
-        define( 'YOURLS_DB_NAME', '${env.mysql.database}' );
-        define( 'YOURLS_DB_HOST', 'db-1.immae.eu' );
-        define( 'YOURLS_DB_PREFIX', 'yourls_' );
-        define( 'YOURLS_SITE', 'http://tools.immae.eu/url' );
-        define( 'YOURLS_HOURS_OFFSET', 0 ); 
-        define( 'YOURLS_LANG', ''' ); 
-        define( 'YOURLS_UNIQUE_URLS', true );
-        define( 'YOURLS_PRIVATE', true );
-        define( 'YOURLS_COOKIEKEY', '${env.cookieKey}' );
-        $yourls_user_passwords = array();
-        define( 'YOURLS_DEBUG', false );
-        define( 'YOURLS_URL_CONVERT', 36 );
-        $yourls_reserved_URL = array();
-        define( 'LDAPAUTH_HOST', 'ldaps://ldap.immae.eu' );
-        define( 'LDAPAUTH_PORT', '636' );
-        define( 'LDAPAUTH_BASE', 'dc=immae,dc=eu' );
-        define( 'LDAPAUTH_SEARCH_USER', 'cn=yourls,ou=services,dc=immae,dc=eu' );
-        define( 'LDAPAUTH_SEARCH_PASS', '${env.ldap.password}' );
+{ env, yourls, yourls-plugins }:
+rec {
+  activationScript = ''
+    install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/yourls
+  '';
+  keys = [{
+    dest = "webapps/tools-yourls";
+    user = apache.user;
+    group = apache.group;
+    permissions = "0400";
+    text = ''
+      <?php
+      define( 'YOURLS_DB_USER', '${env.mysql.user}' );
+      define( 'YOURLS_DB_PASS', '${env.mysql.password}' );
+      define( 'YOURLS_DB_NAME', '${env.mysql.database}' );
+      define( 'YOURLS_DB_HOST', '${env.mysql.host}' );
+      define( 'YOURLS_DB_PREFIX', 'yourls_' );
+      define( 'YOURLS_SITE', 'https://tools.immae.eu/url' );
+      define( 'YOURLS_HOURS_OFFSET', 0 ); 
+      define( 'YOURLS_LANG', ''' ); 
+      define( 'YOURLS_UNIQUE_URLS', true );
+      define( 'YOURLS_PRIVATE', true );
+      define( 'YOURLS_COOKIEKEY', '${env.cookieKey}' );
+      $yourls_user_passwords = array();
+      define( 'YOURLS_DEBUG', false );
+      define( 'YOURLS_URL_CONVERT', 36 );
+      $yourls_reserved_URL = array();
+      define( 'LDAPAUTH_HOST', 'ldaps://ldap.immae.eu' );
+      define( 'LDAPAUTH_PORT', '636' );
+      define( 'LDAPAUTH_BASE', 'dc=immae,dc=eu' );
+      define( 'LDAPAUTH_SEARCH_USER', 'cn=yourls,ou=services,dc=immae,dc=eu' );
+      define( 'LDAPAUTH_SEARCH_PASS', '${env.ldap.password}' );
 
-        define( 'LDAPAUTH_GROUP_ATTR', 'memberof' );
-        define( 'LDAPAUTH_GROUP_REQ', 'cn=admin,cn=yourls,ou=services,dc=immae,dc=eu');
+      define( 'LDAPAUTH_GROUP_ATTR', 'memberof' );
+      define( 'LDAPAUTH_GROUP_REQ', 'cn=admin,cn=yourls,ou=services,dc=immae,dc=eu');
 
-        define( 'LDAPAUTH_USERCACHE_TYPE', 0);
-      '';
-    webRoot = stdenv.mkDerivation (fetchedGithub ./yourls.json // rec {
-      installPhase = ''
-        mkdir -p $out
-        cp -a */ *.php $out/
-        cp sample-robots.txt $out/robots.txt
-        ln -sf ${config} $out/includes/config.php
-        ${builtins.concatStringsSep "\n" (
-          lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/user/plugins/${name}") plugins
-        )}
-      '';
-    });
-    apache = {
-      user = "wwwrun";
-      group = "wwwrun";
-      modules = [ "proxy_fcgi" ];
-      vhostConf = ''
-        Alias /url "${webRoot}"
-        <Directory "${webRoot}">
-          <FilesMatch "\.php$">
-            SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
-          </FilesMatch>
+      define( 'LDAPAUTH_USERCACHE_TYPE', 0);
+    '';
+  }];
+  webRoot = (yourls.override { yourls_config = "/var/secrets/webapps/tools-yourls"; }).withPlugins
+    (builtins.attrValues yourls-plugins);
+  apache = rec {
+    user = "wwwrun";
+    group = "wwwrun";
+    modules = [ "proxy_fcgi" ];
+    webappName = "tools_yourls";
+    root = "/run/current-system/webapps/${webappName}";
+    vhostConf = ''
+      Alias /url "${root}"
+      <Directory "${root}">
+        <FilesMatch "\.php$">
+          SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+        </FilesMatch>
 
-          AllowOverride None
-          Require all granted
-          <IfModule mod_rewrite.c>
-            RewriteEngine On
-            RewriteBase /url/
-            RewriteCond %{REQUEST_FILENAME} !-f
-            RewriteCond %{REQUEST_FILENAME} !-d
-            RewriteRule ^.*$ /url/yourls-loader.php [L]
-          </IfModule>
-          DirectoryIndex index.php
-        </Directory>
-        '';
-    };
-    phpFpm = rec {
-      basedir = builtins.concatStringsSep ":" (
-        [ webRoot config ]
-        ++ lib.attrsets.mapAttrsToList (name: value: value) plugins);
-      socket = "/var/run/phpfpm/yourls.sock";
-      pool = ''
-        listen = ${socket}
-        user = ${apache.user}
-        group = ${apache.group}
-        listen.owner = ${apache.user}
-        listen.group = ${apache.group}
-        pm = ondemand
-        pm.max_children = 60
-        pm.process_idle_timeout = 60
+        AllowOverride None
+        Require all granted
+        <IfModule mod_rewrite.c>
+          RewriteEngine On
+          RewriteBase /url/
+          RewriteCond %{REQUEST_FILENAME} !-f
+          RewriteCond %{REQUEST_FILENAME} !-d
+          RewriteRule ^.*$ /url/yourls-loader.php [L]
+        </IfModule>
+        DirectoryIndex index.php
+      </Directory>
+      '';
+  };
+  phpFpm = rec {
+    serviceDeps = [ "mysql.service" "openldap.service" ];
+    basedir = builtins.concatStringsSep ":" (
+      [ webRoot "/var/secrets/webapps/tools-yourls" ]
+      ++ webRoot.plugins);
+    socket = "/var/run/phpfpm/yourls.sock";
+    pool = ''
+      listen = ${socket}
+      user = ${apache.user}
+      group = ${apache.group}
+      listen.owner = ${apache.user}
+      listen.group = ${apache.group}
+      pm = ondemand
+      pm.max_children = 60
+      pm.process_idle_timeout = 60
 
-        ; Needed to avoid clashes in browser cookies (same domain)
-        php_value[session.name] = YourlsPHPSESSID
-        php_admin_value[open_basedir] = "${basedir}:/tmp"
-        php_admin_value[session.save_path] = "/var/lib/php/sessions/yourls"
-        '';
-    };
+      ; Needed to avoid clashes in browser cookies (same domain)
+      php_value[session.name] = YourlsPHPSESSID
+      php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/yourls"
+      php_admin_value[session.save_path] = "/var/lib/php/sessions/yourls"
+      '';
   };
-in 
-  yourls
+}