X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=systems%2Feldiron%2Fwebsites%2Fkanboard%2Ffarm.nix;h=a70d0d6f60570b3bd061e38825ebae2f76a7e99b;hb=1a64deeb894dc95e2645a75771732c6cc53a79ad;hpb=fa25ffd4583cc362075cd5e1b4130f33306103f0;p=perso%2FImmae%2FConfig%2FNix.git
diff --git a/systems/eldiron/websites/kanboard/farm.nix b/systems/eldiron/websites/kanboard/farm.nix
new file mode 100644
index 0000000..a70d0d6
--- /dev/null
+++ b/systems/eldiron/websites/kanboard/farm.nix
@@ -0,0 +1,183 @@
+{ lib, pkgs, config, ... }:
+let
+ cfg = config.myServices.tools.kanboard.farm;
+ apacheUser = config.services.websites.env.tools.user;
+ apacheGroup = config.services.websites.env.tools.group;
+ toVardir = name: "/var/lib/kanboard_farm/${name}";
+ varDirs = lib.mapAttrsToList (name: v: toVardir name) cfg.instances;
+ toPhpBaseDir = name: [ rootDir (toVardir name) ];
+ phpBaseDir = builtins.concatStringsSep ":" (lib.unique (lib.flatten (lib.mapAttrsToList (name: v: toPhpBaseDir name) cfg.instances)));
+ rootDir = pkgs.kanboard;
+
+ toVhost = name: ''
+ Alias /${name} "${rootDir}"
+
+ SetEnv DATA_DIR "${toVardir name}"
+ SetEnv MAIL_FROM "kanboard@tools.immae.eu"
+
+ '';
+ toCustomVhost = name: lib.optionalAttrs (cfg.instances."${name}".customHost != null) {
+ "kanboard_farm_${name}" = {
+ certName = "eldiron";
+ hosts = [cfg.instances."${name}".customHost];
+ root = null;
+ extraConfig = [
+ ''
+ Alias / "${rootDir}"
+
+ SetEnv DATA_DIR "${toVardir name}"
+ SetEnv MAIL_FROM "kanboard@tools.immae.eu"
+
+
+ DirectoryIndex index.php
+ AllowOverride All
+ Options FollowSymlinks
+ Require all granted
+
+
+ SetHandler "proxy:unix:${config.services.phpfpm.pools.kanboard_farm.socket}|fcgi://localhost"
+
+
+
+ Require all denied
+
+ ''
+ ];
+ };
+ };
+ customHosts = lib.filter (n: n != null) (map (n: cfg.instances."${n}".customHost) (builtins.attrNames cfg.instances));
+ customVhosts = lib.foldl (o: n: o // n) {} (map toCustomVhost (builtins.attrNames cfg.instances));
+ phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]);
+in
+{
+ options.myServices.tools.kanboard.farm = {
+ instances = lib.mkOption {
+ description = "Instances names for the kanboard Farm";
+ default = {};
+ type = lib.types.attrsOf (lib.types.submodule {
+ options = {
+ customHost = lib.mkOption {
+ description = "Custom host to use for the kanboard instance";
+ default = null;
+ type = lib.types.nullOr lib.types.str;
+ };
+ };
+ });
+ };
+ vhosts = lib.mkOption {
+ description = "Instance vhosts configs";
+ readOnly = true;
+ type = lib.types.attrsOf lib.types.str;
+ default = lib.mapAttrs (name: v: toVhost name) cfg.instances;
+ };
+ };
+
+ config = lib.mkIf (builtins.length (builtins.attrNames cfg.instances) > 0) {
+ myServices.dns.zones."immae.eu".subdomains.kanboard =
+ with config.myServices.dns.helpers; ips servers.eldiron.ips.main;
+
+ myServices.chatonsProperties.hostings.kanboard = {
+ file.datetime = "2022-08-21T19:40:00";
+ hosting = {
+ name = "Kanboard";
+ description = "Kanban project management software";
+ website = "https://tools.immae.eu/kanboard";
+ logo = "https://tools.immae.eu/kanboard/assets/img/favicon.png";
+ type = "INSTANCE";
+ status.level = "OK";
+ status.description = "OK";
+ registration.load = "OPEN";
+ install.type = "PACKAGE";
+ };
+ };
+ myServices.chatonsProperties.services.kanboard = {
+ file.datetime = "2022-08-21T19:40:00";
+ service = {
+ name = "Kanboard";
+ description = "Kanban project management software";
+ website = "https://tools.immae.eu/kanboard";
+ logo = "https://tools.immae.eu/kanboard/assets/img/favicon.png";
+ status.level = "OK";
+ status.description = "OK";
+ registration."" = ["MEMBER" "CLIENT"];
+ registration.load = "OPEN";
+ install.type = "PACKAGE";
+ };
+ software = {
+ name = "Kanboard";
+ website = "https://kanboard.org/";
+ license.url = "https://github.com/kanboard/kanboard/blob/main/LICENSE";
+ license.name = "MIT License";
+ version = pkgs.kanboard.version;
+ source.url = "https://github.com/kanboard/kanboard";
+ };
+ };
+ system.activationScripts.kanboard_farm_vardirs = {
+ deps = [ "httpd" ];
+ text = ''
+ install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${builtins.concatStringsSep " " varDirs}
+ '';
+ };
+ services.phpfpm.pools.kanboard_farm = {
+ user = apacheUser;
+ group = apacheGroup;
+ settings = let
+ instanceNb = builtins.length (builtins.attrNames cfg.instances);
+ in {
+ "listen.owner" = apacheUser;
+ "listen.group" = apacheGroup;
+ "pm" = "dynamic";
+ "pm.max_children" = builtins.toString (60 * instanceNb);
+ "pm.start_servers" = builtins.toString (2 * instanceNb);
+ "pm.min_spare_servers" = builtins.toString (2 * instanceNb);
+ "pm.max_spare_servers" = builtins.toString (3 * instanceNb);
+ "pm.process_idle_timeout" = "60";
+
+ "php_admin_value[output_buffering]" = "0";
+ "php_admin_value[max_execution_time]" = "1800";
+ "php_admin_value[zend_extension]" = "opcache";
+ "php_value[apcu.enable_cli]" = "1";
+ "php_value[apcu.enabled]" = "1";
+ #already enabled by default?
+ #"php_value[opcache.enable]" = "1";
+ "php_value[opcache.enable_cli]" = "1";
+ "php_value[opcache.interned_strings_buffer]" = "8";
+ "php_value[opcache.max_accelerated_files]" = "10000";
+ "php_value[opcache.memory_consumption]" = "128";
+ "php_value[opcache.save_comments]" = "1";
+ "php_value[opcache.revalidate_freq]" = "1";
+ "php_admin_value[memory_limit]" = "512M";
+
+ "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:${phpBaseDir}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:KanboardFarm:'";
+ };
+ inherit phpPackage;
+ };
+ security.acme.certs.eldiron.extraDomainNames = customHosts ++ [ "kanboard.immae.eu" ];
+ services.websites.env.tools.vhostConfs = {
+ kanboard = {
+ certName = "eldiron";
+ hosts = ["kanboard.immae.eu"];
+ root = null;
+ extraConfig = [
+ ''
+
+ DirectoryIndex index.php
+ AllowOverride All
+ Options FollowSymlinks
+ Require all granted
+
+
+ SetHandler "proxy:unix:${config.services.phpfpm.pools.kanboard_farm.socket}|fcgi://localhost"
+
+
+
+ Require all denied
+
+ ''
+ ] ++ builtins.attrValues cfg.vhosts;
+ };
+ } // customVhosts;
+ };
+}