X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=systems%2Feldiron%2Fwebsites%2Fgit%2Fmantisbt.nix;fp=systems%2Feldiron%2Fwebsites%2Fgit%2Fmantisbt.nix;h=3bd78e13980f31212655c5ca1e9953bca82025c2;hb=1a64deeb894dc95e2645a75771732c6cc53a79ad;hp=0000000000000000000000000000000000000000;hpb=fa25ffd4583cc362075cd5e1b4130f33306103f0;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/systems/eldiron/websites/git/mantisbt.nix b/systems/eldiron/websites/git/mantisbt.nix
new file mode 100644
index 0000000..3bd78e1
--- /dev/null
+++ b/systems/eldiron/websites/git/mantisbt.nix
@@ -0,0 +1,86 @@
+{ env, mantisbt_2, mantisbt_2-plugins, config }:
+rec {
+  keys."webapps/tools-mantisbt" = {
+    user = apache.user;
+    group = apache.group;
+    permissions = "0400";
+    text = ''
+      <?php
+      $g_hostname              = '${env.postgresql.socket}';
+      $g_db_username           = '${env.postgresql.user}';
+      $g_db_password           = '${env.postgresql.password}';
+      $g_database_name         = '${env.postgresql.database}';
+      $g_db_type               = 'pgsql';
+      $g_crypto_master_salt    = '${env.master_salt}';
+      $g_allow_signup          = OFF;
+      $g_allow_anonymous_login = ON;
+      $g_anonymous_account     = 'anonymous';
+
+      $g_phpMailer_method	= PHPMAILER_METHOD_SENDMAIL;
+      $g_smtp_host		= 'localhost';
+      $g_smtp_username		= ''';
+      $g_smtp_password		= ''';
+      $g_webmaster_email	= 'mantisbt@tools.immae.eu';
+      $g_from_email		= 'mantisbt@tools.immae.eu';
+      $g_return_path_email	= 'mantisbt@tools.immae.eu';
+      $g_from_name		= 'Mantis Bug Tracker at git.immae.eu';
+      $g_email_receive_own	= ON;
+      # --- LDAP ---
+      $g_login_method = LDAP;
+      $g_ldap_protocol_version = 3;
+      $g_ldap_server = 'ldaps://${env.ldap.host}:636';
+      $g_ldap_root_dn = 'ou=users,${env.ldap.base}';
+      $g_ldap_bind_dn = '${env.ldap.dn}';
+      $g_ldap_bind_passwd = '${env.ldap.password}';
+      $g_use_ldap_email = ON;
+      $g_use_ldap_realname = ON;
+      $g_ldap_uid_field = 'uid';
+      $g_ldap_realname_field = 'cn';
+      $g_ldap_organization = '${env.ldap.filter}';
+    '';
+  };
+  webRoot = (mantisbt_2.override { mantis_config = config.secrets.fullPaths."webapps/tools-mantisbt"; }).withPlugins (p: [p.slack p.source-integration]);
+  apache = rec {
+    user = "wwwrun";
+    group = "wwwrun";
+    modules = [ "proxy_fcgi" ];
+    root = webRoot;
+    vhostConf = socket: ''
+      Alias /mantisbt "${root}"
+      <Directory "${root}">
+        DirectoryIndex index.php
+        <FilesMatch "\.php$">
+          SetHandler "proxy:unix:${socket}|fcgi://localhost"
+        </FilesMatch>
+
+        AllowOverride All
+        SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
+        Options FollowSymlinks
+        Require all granted
+      </Directory>
+      <Directory "${root}/admin">
+        #Reenable during upgrade
+        Require all denied
+      </Directory>
+      '';
+  };
+  phpFpm = rec {
+    serviceDeps = [ "postgresql.service" "openldap.service" ];
+    basedir = builtins.concatStringsSep ":" (
+      [ webRoot config.secrets.fullPaths."webapps/tools-mantisbt" ]
+      ++ webRoot.plugins);
+    pool = {
+      "listen.owner" = apache.user;
+      "listen.group" = apache.group;
+      "pm" = "ondemand";
+      "pm.max_children" = "60";
+      "pm.process_idle_timeout" = "60";
+
+      "php_admin_value[upload_max_filesize]" = "5000000";
+
+      "php_admin_value[open_basedir]" = "${basedir}:/tmp";
+      "php_admin_value[session.save_handler]" = "redis";
+      "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:MantisBT:'";
+    };
+  };
+}