};
systemd.services.redis.serviceConfig.Slice = "redis.slice";
systemd.services.redis.serviceConfig.RuntimeDirectoryMode = lib.mkForce "0755";
+ services.redis.servers."php-sessions" = {
+ enable = true;
+ maxclients = 1024;
+ unixSocketPerm = 777;
+ user = "wwwrun";
+ };
services.spiped = {
enable = true;
# Needed to avoid clashes in browser cookies (same domain)
"php_value[session.name]" = "TaskPHPSESSID";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Task:'";
"php_admin_value[open_basedir]" = "${./www}:/tmp:${server_vardir}:/etc/profiles/per-user/${user}/bin/";
};
phpEnv = {
PATH = "/etc/profiles/per-user/${user}/bin";
};
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]);
};
};
options.myServices.websites.attilax.dolibarr.enable = lib.mkEnableOption "enable Dolibarr website";
config = lib.mkIf cfg.enable {
- system.activationScripts.dolibarr = {
- deps = [ "httpd" "users" ];
- text = ''
- install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/attilax
- '';
- };
services.phpfpm.pools.attilax_dolibarr = {
user = apacheUser;
group = apacheGroup;
"php_admin_value[upload_max_filesize]" = "100M";
"php_admin_value[post_max_size]" = "100M";
- "php_admin_value[open_basedir]" = "/var/lib/php/sessions/attilax:${varDir}:/tmp";
- "php_admin_value[session.save_path]" = "/var/lib/php/sessions/attilax";
+ "php_admin_value[open_basedir]" = "${varDir}:/tmp";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Attilax:Dolibarr:'";
};
phpOptions = config.services.phpfpm.phpOptions + ''
disable_functions = "mail"
'';
- phpPackage = pkgs.php74;
+ phpPackage = pkgs.php74.withExtensions ({ enabled, all }: enabled ++ [all.redis]);
};
services.websites.env.production.modules = [ "proxy_fcgi" ];
services.websites.env.production.vhostConfs.attilax_dolibarr = {
cfg = config.myServices.websites.chloe.new;
ftpRoot = "/var/lib/chloe_new";
webRoot = "${ftpRoot}/wordpress";
- sessionDir = "${ftpRoot}/sessions";
in {
options.myServices.websites.chloe.new.enable = lib.mkEnableOption "enable Chloe's new website in integration";
"listen.group" = config.services.httpd.Inte.group;
"php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
webRoot
- sessionDir
"/tmp"
];
- "php_admin_value[session.save_path]" = sessionDir;
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Chloe:NewIntegration:'";
"php_admin_value[upload_max_filesize]" = "20M";
"php_admin_value[post_max_size]" = "20M";
#"php_admin_flag[log_errors]" = "on";
"pm.max_children" = "5";
"pm.process_idle_timeout" = "60";
};
- phpPackage = pkgs.php74;
+ phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
system.activationScripts.chloe_new_integration = {
deps = ["users"];
text = ''
- install -m 0700 -o ${config.services.httpd.Inte.user} -g ${config.services.httpd.Inte.group} -d ${ftpRoot} ${sessionDir}
+ install -m 0700 -o ${config.services.httpd.Inte.user} -g ${config.services.httpd.Inte.group} -d ${ftpRoot}
'';
};
"php_admin_value[post_max_size]" = "20M";
# "php_admin_flag[log_errors]" = "on";
"php_admin_value[open_basedir]" = "${app.spipConfig}:${./config}:${app}:${app.varDir}:/tmp";
- "php_admin_value[session.save_path]" = "${app.varDir}/phpSessions";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Chloe:Production:'";
"pm" = "dynamic";
"pm.max_children" = "20";
"pm.start_servers" = "2";
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "3";
};
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions ({ enabled, all }: enabled ++ [all.redis]);
};
system.activationScripts.chloe_production = {
deps = [ "wrappers" ];
text = ''
install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local
- install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions
'';
};
services.websites.env.production.modules = [ "proxy_fcgi" ];
deps = [ "httpd" "users" ];
text = ''
install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${varDir}
- install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/christophe_carpentier
'';
};
services.phpfpm.pools.christophe_carpentier_agora_project = {
"pm.max_children" = "5";
"pm.process_idle_timeout" = "60";
- "php_admin_value[open_basedir]" = "/var/lib/php/sessions/christophe_carpentier:${varDir}:/tmp";
- "php_admin_value[session.save_path]" = "/var/lib/php/sessions/christophe_carpentier";
+ "php_admin_value[open_basedir]" = "${varDir}:/tmp";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=ChristopheCarpentier:agora-project:'";
"php_admin_value[upload_max_filesize]" = "20M";
"php_admin_value[post_max_size]" = "20M";
};
inherit app;
serviceDeps = [ "mysql.service" ];
phpOpenbasedir = [ "/tmp" secretsPath ];
- phpPackage = pkgs.php74;
+ phpPackage = pkgs.php74.withExtensions ({ enabled, all }: enabled ++ [all.redis]);
phpPool = {
"php_admin_value[upload_max_filesize]" = "100M";
"php_admin_value[post_max_size]" = "100M";
"pm.start_servers" = "2";
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "3";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=ChristopheCarpentier:agorakit:'";
};
};
deps = [ "httpd" "users" ];
text = ''
install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${varDir}
- install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/christophe_carpentier
'';
};
services.phpfpm.pools.christophe_carpentier_website = {
"pm.max_children" = "5";
"pm.process_idle_timeout" = "60";
- "php_admin_value[open_basedir]" = "/var/lib/php/sessions/christophe_carpentier:${varDir}:/tmp";
- "php_admin_value[session.save_path]" = "/var/lib/php/sessions/christophe_carpentier";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=ChristopheCarpentier:website:'";
+ "php_admin_value[open_basedir]" = "${varDir}:/tmp";
};
phpOptions = config.services.phpfpm.phpOptions + ''
disable_functions = "mail"
'';
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions ({ enabled, all }: enabled ++ [all.redis]);
};
services.websites.env.production.modules = [ "proxy_fcgi" ];
services.websites.env.integration.vhostConfs.christophe_carpentier_website = {
phpRoot = "${ftpRoot}/php";
webRoot = "${phpRoot}/web";
varDir = "${ftpRoot}/var";
- sessionDir = "${ftpRoot}/sessions";
packagePath = "/var/lib/ftp/release.immae.eu/buildbot/Connexionswing";
branch = "test";
in {
config.secrets.fullPaths."websites/connexionswing/integration"
"/tmp"
];
- "php_admin_value[session.save_path]" = sessionDir;
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Connexionswing:Integration:'";
"php_admin_value[upload_max_filesize]" = "20M";
"php_admin_value[post_max_size]" = "20M";
#"php_admin_flag[log_errors]" = "on";
phpEnv = {
SYMFONY_DEBUG_MODE = "\"yes\"";
};
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions ({ enabled, all }: enabled ++ [all.redis]);
};
systemd.services."phpfpm-connexionswing_integration" = {
after = lib.mkAfter ["mysql.service"];
system.activationScripts.connexionswing_integration = {
deps = ["users"];
text = ''
- install -m 0700 -o ${config.services.httpd.Inte.user} -g ${config.services.httpd.Inte.group} -d ${ftpRoot} ${sessionDir}
+ install -m 0700 -o ${config.services.httpd.Inte.user} -g ${config.services.httpd.Inte.group} -d ${ftpRoot}
'';
};
phpRoot = "${ftpRoot}/php";
webRoot = "${phpRoot}/web";
varDir = "${ftpRoot}/var";
- sessionDir = "${ftpRoot}/sessions";
packagePath = "/var/lib/ftp/release.immae.eu/buildbot/Connexionswing";
branch = "master";
in {
"/run/wrappers/bin/sendmail"
"/tmp"
];
- "php_admin_value[session.save_path]" = sessionDir;
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Connexionswing:Production:'";
"php_admin_value[upload_max_filesize]" = "20M";
"php_admin_value[post_max_size]" = "20M";
#"php_admin_flag[log_errors]" = "on";
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "3";
};
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions ({ enabled, all }: enabled ++ [all.redis]);
};
systemd.services."phpfpm-connexionswing_production" = {
after = lib.mkAfter ["mysql.service"];
system.activationScripts.connexionswing_production = {
deps = ["users"];
text = ''
- install -m 0700 -o ${config.services.httpd.Prod.user} -g ${config.services.httpd.Prod.group} -d ${ftpRoot} ${sessionDir}
+ install -m 0700 -o ${config.services.httpd.Prod.user} -g ${config.services.httpd.Prod.group} -d ${ftpRoot}
'';
};
];
services.websites.env.production.modules = [ "proxy_fcgi" ];
- system.activationScripts.denise_evariste = {
- deps = [ "httpd" ];
- text = ''
- install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/denise_nsievariste
- install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/denise_stmgevariste
- '';
- };
services.phpfpm.pools.denise_nsievariste = {
user = apacheUser;
group = apacheGroup;
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "3";
- "php_admin_value[open_basedir]" = "/var/lib/php/sessions/denise_nsievariste:${nsiVarDir}:/tmp";
- "php_admin_value[session.save_path]" = "/var/lib/php/sessions/denise_nsievariste";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Denise:NsiEvariste:'";
+ "php_admin_value[open_basedir]" = "${nsiVarDir}:/tmp";
};
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
services.websites.env.production.vhostConfs.denise_nsievariste = {
certName = "denise_evariste";
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "3";
- "php_admin_value[open_basedir]" = "/var/lib/php/sessions/denise_stmgevariste:${stmgVarDir}:/tmp";
- "php_admin_value[session.save_path]" = "/var/lib/php/sessions/denise_stmgevariste";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Denise:StmgEvariste:'";
+ "php_admin_value[open_basedir]" = "${stmgVarDir}:/tmp";
};
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
services.websites.env.production.vhostConfs.denise_stmgevariste = {
certName = "denise_evariste";
deps = [ "httpd" ];
text = ''
install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/ftp/emilia/atelierfringant
- install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/emilia
'';
};
systemd.services.phpfpm-emilia_atelierfringant.after = lib.mkAfter [ "mysql.service" ];
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "3";
- "php_admin_value[open_basedir]" = "/var/lib/php/sessions/emilia:${varDir}:/tmp";
- "php_admin_value[session.save_path]" = "/var/lib/php/sessions/emilia";
+ "php_admin_value[open_basedir]" = "${varDir}:/tmp";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Emilia:AtelierFringant:'";
};
phpOptions = config.services.phpfpm.phpOptions + ''
disable_functions = "mail"
'';
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
services.websites.env.production.modules = [ "proxy_fcgi" ];
services.websites.env.production.vhostConfs.emilia_atelierfringant = {
phpRoot = "${ftpRoot}/php";
webRoot = "${phpRoot}/web";
varDir = "${ftpRoot}/var";
- sessionDir = "${ftpRoot}/sessions";
packagePath = "/var/lib/ftp/release.immae.eu/buildbot/Florian";
branch = "stabilo_dev";
in {
config.secrets.fullPaths."websites/florian/app"
"/tmp"
];
- "php_admin_value[session.save_path]" = sessionDir;
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Florian:App:'";
"php_admin_value[upload_max_filesize]" = "20M";
"php_admin_value[post_max_size]" = "20M";
#"php_admin_flag[log_errors]" = "on";
phpEnv = {
SYMFONY_DEBUG_MODE = "\"yes\"";
};
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
systemd.services."phpfpm-florian_app" = {
after = lib.mkAfter ["mysql.service"];
system.activationScripts.florian_app = {
deps = ["users"];
text = ''
- install -m 0700 -o ${config.services.httpd.Inte.user} -g ${config.services.httpd.Inte.group} -d ${ftpRoot} ${sessionDir}
+ install -m 0700 -o ${config.services.httpd.Inte.user} -g ${config.services.httpd.Inte.group} -d ${ftpRoot}
'';
};
options.myServices.websites.immae.dolibarr.enable = lib.mkEnableOption "enable Dolibarr website";
config = lib.mkIf cfg.enable {
- system.activationScripts.dolibarr = {
- deps = [ "httpd" "users" ];
- text = ''
- install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/immae
- '';
- };
services.phpfpm.pools.immae_dolibarr = {
user = apacheUser;
group = apacheGroup;
"php_admin_value[upload_max_filesize]" = "100M";
"php_admin_value[post_max_size]" = "100M";
- "php_admin_value[open_basedir]" = "/var/lib/php/sessions/immae:${varDir}:/tmp";
- "php_admin_value[session.save_path]" = "/var/lib/php/sessions/immae";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Immae:Dolibarr:'";
+ "php_admin_value[open_basedir]" = "${varDir}:/tmp";
};
phpOptions = config.services.phpfpm.phpOptions + ''
disable_functions = "mail"
'';
- phpPackage = pkgs.php74;
+ phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
services.websites.env.tools.modules = [ "proxy_fcgi" ];
services.websites.env.tools.vhostConfs.immae_dolibarr = {
phpRoot = "${ftpRoot}/php";
webRoot = "${phpRoot}/public";
varDir = "${ftpRoot}/var";
- sessionDir = "${ftpRoot}/sessions";
packagePath = "/var/lib/ftp/release.immae.eu/buildbot/IsabelleAten";
branch = "test";
in {
config.secrets.fullPaths."websites/isabelle/aten_integration"
"/tmp"
];
- "php_admin_value[session.save_path]" = sessionDir;
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Isabelle:AtenIntegration:'";
"php_admin_value[upload_max_filesize]" = "20M";
"php_admin_value[post_max_size]" = "20M";
#"php_admin_flag[log_errors]" = "on";
phpEnv = {
SYMFONY_DEBUG_MODE = "\"yes\"";
};
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions ({ enabled, all }: enabled ++ [all.redis]);
};
systemd.services."phpfpm-isabelle_aten_integration" = {
after = lib.mkAfter ["postgresql.service"];
system.activationScripts.isabelle_aten_integration = {
deps = ["users"];
text = ''
- install -m 0700 -o ${config.services.httpd.Inte.user} -g ${config.services.httpd.Inte.group} -d ${ftpRoot} ${sessionDir}
+ install -m 0700 -o ${config.services.httpd.Inte.user} -g ${config.services.httpd.Inte.group} -d ${ftpRoot}
'';
};
phpRoot = "${ftpRoot}/php";
webRoot = "${phpRoot}/public";
varDir = "${ftpRoot}/var";
- sessionDir = "${ftpRoot}/sessions";
packagePath = "/var/lib/ftp/release.immae.eu/buildbot/IsabelleAten";
branch = "master";
in {
config.secrets.fullPaths."websites/isabelle/aten_production"
"/tmp"
];
- "php_admin_value[session.save_path]" = sessionDir;
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Isabelle:AtenProduction:'";
"php_admin_value[upload_max_filesize]" = "20M";
"php_admin_value[post_max_size]" = "20M";
#"php_admin_flag[log_errors]" = "on";
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "3";
};
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions ({ enabled, all }: enabled ++ [all.redis]);
};
systemd.services."phpfpm-isabelle_aten_production" = {
after = lib.mkAfter ["postgresql.service"];
system.activationScripts.isabelle_aten_production = {
deps = ["users"];
text = ''
- install -m 0700 -o ${config.services.httpd.Prod.user} -g ${config.services.httpd.Prod.group} -d ${ftpRoot} ${sessionDir}
+ install -m 0700 -o ${config.services.httpd.Prod.user} -g ${config.services.httpd.Prod.group} -d ${ftpRoot}
'';
};
"php_admin_value[post_max_size]" = "20M";
#"php_admin_flag[log_errors]" = "on";
"php_admin_value[open_basedir]" = "${app.spipConfig}:${./config}:${app}:${app.varDir}:/tmp";
- "php_admin_value[session.save_path]" = "${app.varDir}/phpSessions";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Isabelle:Iridologie:'";
"pm" = "dynamic";
"pm.max_children" = "20";
"pm.start_servers" = "2";
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "3";
};
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions ({ enabled, all }: enabled ++ [all.redis]);
};
system.activationScripts.isabelle_iridologie = {
deps = [ "wrappers" ];
text = ''
install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local
- install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions
'';
};
services.websites.env.production.modules = [ "proxy_fcgi" ];
?>
'';
};
- system.activationScripts.jerome_naturaloutil = {
- deps = [ "httpd" ];
- text = ''
- install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/jerome_naturaloutil
- '';
- };
systemd.services.phpfpm-jerome_naturaloutil.after = lib.mkAfter [ "mysql.service" ];
systemd.services.phpfpm-jerome_naturaloutil.wants = [ "mysql.service" ];
services.phpfpm.pools.jerome_naturaloutil = {
"pm.max_children" = "5";
"pm.process_idle_timeout" = "60";
- "php_admin_value[open_basedir]" = "/var/lib/php/sessions/jerome_naturaloutil:${secretsPath}:${varDir}:/tmp";
- "php_admin_value[session.save_path]" = "/var/lib/php/sessions/jerome_naturaloutil";
+ "php_admin_value[open_basedir]" = "${secretsPath}:${varDir}:/tmp";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Jerome:Naturaloutil:'";
};
phpEnv = {
BDD_CONNECT = secretsPath;
};
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
services.websites.env.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ];
services.websites.env.production.vhostConfs.jerome_naturaloutil = {
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "3";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Leila:production:'";
"php_admin_value[open_basedir]" = "${varDir}:/tmp";
"php_admin_value[max_execution_time]" = "1800";
};
phpOptions = config.services.phpfpm.phpOptions + ''
disable_functions = "mail"
'';
- phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.imagick ]);
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.imagick all.redis ]);
phpEnv = {
PATH = lib.makeBinPath [ pkgs.imagemagick ];
};
options.myServices.websites.librezo.dolibarr.enable = lib.mkEnableOption "enable Dolibarr website";
config = lib.mkIf cfg.enable {
- system.activationScripts.dolibarr = {
- deps = [ "httpd" "users" ];
- text = ''
- install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/librezo
- '';
- };
services.phpfpm.pools.librezo_dolibarr = {
user = apacheUser;
group = apacheGroup;
"php_admin_value[upload_max_filesize]" = "100M";
"php_admin_value[post_max_size]" = "100M";
- "php_admin_value[open_basedir]" = "/var/lib/php/sessions/librezo:${varDir}:/tmp";
- "php_admin_value[session.save_path]" = "/var/lib/php/sessions/librezo";
+ "php_admin_value[open_basedir]" = "${varDir}:/tmp";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Librezo:Dolibarr:'";
};
phpOptions = config.services.phpfpm.phpOptions + ''
disable_functions = "mail"
'';
- phpPackage = pkgs.php74;
+ phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
services.websites.env.production.modules = [ "proxy_fcgi" ];
services.websites.env.production.vhostConfs.librezo_dolibarr = {
options.myServices.websites.librezo.dolibarrDev.enable = lib.mkEnableOption "enable Dolibarr website";
config = lib.mkIf cfg.enable {
- system.activationScripts.dolibarr = {
- deps = [ "httpd" "users" ];
- text = ''
- install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/librezo
- '';
- };
services.phpfpm.pools.librezo_dolibarr_dev = {
user = apacheUser;
group = apacheGroup;
"php_admin_value[upload_max_filesize]" = "100M";
"php_admin_value[post_max_size]" = "100M";
- "php_admin_value[open_basedir]" = "/var/lib/php/sessions/librezo:${varDir}:/tmp";
- "php_admin_value[session.save_path]" = "/var/lib/php/sessions/librezo";
+ "php_admin_value[open_basedir]" = "${varDir}:/tmp";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Librezo:DolibarrIntegration:'";
};
phpOptions = config.services.phpfpm.phpOptions + ''
disable_functions = "mail"
'';
- phpPackage = pkgs.php74;
+ phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
services.websites.env.production.modules = [ "proxy_fcgi" ];
services.websites.env.integration.vhostConfs.librezo_dolibarr_dev = {
phpRoot = "${ftpRoot}/php";
webRoot = "${phpRoot}/web";
varDir = "${ftpRoot}/var";
- sessionDir = "${ftpRoot}/sessions";
packagePath = "/var/lib/ftp/release.immae.eu/buildbot/Ludivine";
branch = "test";
in {
config.secrets.fullPaths."websites/ludivine/integration"
"/tmp"
];
- "php_admin_value[session.save_path]" = sessionDir;
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Ludivine:Production:'";
"php_admin_value[upload_max_filesize]" = "20M";
"php_admin_value[post_max_size]" = "20M";
#"php_admin_flag[log_errors]" = "on";
phpEnv = {
SYMFONY_DEBUG_MODE = "\"yes\"";
};
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
systemd.services."phpfpm-ludivine_integration" = {
after = lib.mkAfter ["mysql.service"];
system.activationScripts.ludivine_integration = {
deps = [];
text = ''
- install -m 0700 -o ${config.services.httpd.Inte.user} -g ${config.services.httpd.Inte.group} -d ${ftpRoot} ${sessionDir}
+ install -m 0700 -o ${config.services.httpd.Inte.user} -g ${config.services.httpd.Inte.group} -d ${ftpRoot}
'';
};
phpRoot = "${ftpRoot}/php";
webRoot = "${phpRoot}/web";
varDir = "${ftpRoot}/var";
- sessionDir = "${ftpRoot}/sessions";
packagePath = "/var/lib/ftp/release.immae.eu/buildbot/Ludivine";
branch = "master";
in {
config.secrets.fullPaths."websites/ludivine/production"
"/tmp"
];
- "php_admin_value[session.save_path]" = sessionDir;
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Ludivine:Production:'";
"php_admin_value[upload_max_filesize]" = "20M";
"php_admin_value[post_max_size]" = "20M";
#"php_admin_flag[log_errors]" = "on";
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "3";
};
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
systemd.services."phpfpm-ludivine_production" = {
after = lib.mkAfter ["mysql.service"];
system.activationScripts.ludivine_production = {
deps = [];
text = ''
- install -m 0700 -o ${config.services.httpd.Prod.user} -g ${config.services.httpd.Prod.group} -d ${ftpRoot} ${sessionDir}
+ install -m 0700 -o ${config.services.httpd.Prod.user} -g ${config.services.httpd.Prod.group} -d ${ftpRoot}
'';
};
options.myServices.websites.nicecoop.dolibarrDev.enable = lib.mkEnableOption "enable Dolibarr website";
config = lib.mkIf cfg.enable {
- system.activationScripts.dolibarr = {
- deps = [ "httpd" "users" ];
- text = ''
- install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/nicecoop
- '';
- };
services.phpfpm.pools.nicecoop_dolibarr_dev = {
user = apacheUser;
group = apacheGroup;
"php_admin_value[upload_max_filesize]" = "100M";
"php_admin_value[post_max_size]" = "100M";
- "php_admin_value[open_basedir]" = "/var/lib/php/sessions/nicecoop:${varDir}:/tmp";
- "php_admin_value[session.save_path]" = "/var/lib/php/sessions/nicecoop";
+ "php_admin_value[open_basedir]" = "${varDir}:/tmp";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Nicecoop:DolibarrIntegration:'";
};
phpOptions = config.services.phpfpm.phpOptions + ''
disable_functions = "mail"
'';
- phpPackage = pkgs.php74;
+ phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
services.websites.env.production.modules = [ "proxy_fcgi" ];
services.websites.env.integration.vhostConfs.nicecoop_dolibarr_dev = {
];
"php_admin_value[upload_max_filesize]" = "20M";
"php_admin_value[post_max_size]" = "20M";
- "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Nicecoop:GestionCompteProduction:'";
"pm" = "dynamic";
"pm.max_children" = "20";
"pm.start_servers" = "2";
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "3";
};
+ phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
system.extraSystemBuilderCmds = let
tarball = pkgs.runCommand "production.tar.gz" {} ''
system.activationScripts.nicecoop_gestion-compte = {
deps = [];
text = ''
- install -m 0700 -o wwwrun -g wwwrun -d ${varDir} ${varDir}/phpSessions ${varDir}/var
+ install -m 0700 -o wwwrun -g wwwrun -d ${varDir} ${varDir}/var
'';
};
];
"php_admin_value[upload_max_filesize]" = "20M";
"php_admin_value[post_max_size]" = "20M";
- "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Nicecoop:GestionCompteIntegration:'";
"pm" = "dynamic";
"pm.max_children" = "20";
"pm.start_servers" = "2";
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "3";
};
+ phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
services.cron = {
systemCronJobs = let
system.activationScripts.nicecoop_gestion-compte_integration = {
deps = [];
text = ''
- install -m 0700 -o wwwrun -g wwwrun -d ${varDir} ${varDir}/phpSessions ${varDir}/var
+ install -m 0700 -o wwwrun -g wwwrun -d ${varDir} ${varDir}/var
'';
};
config = lib.mkIf cfg.enable {
services.webstats.sites = [ { name = "altermondia.org"; } ];
- system.activationScripts.patrick_fodella_altermondia = {
- deps = [ "httpd" ];
- text = ''
- install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/patrick_fodella_altermondia
- '';
- };
systemd.services.phpfpm-patrick_fodella_altermondia.after = lib.mkAfter [ "mysql.service" ];
systemd.services.phpfpm-patrick_fodella_altermondia.wants = [ "mysql.service" ];
services.phpfpm.pools.patrick_fodella_altermondia = {
"pm.max_spare_servers" = "3";
"env[BIN_ENV]" = "${binEnv}/bin";
- "php_admin_value[open_basedir]" = "${binEnv}:${builtins.concatStringsSep ":" binEnvPaths}:/var/lib/php/sessions/patrick_fodella_altermondia:${varDir}:/tmp";
- "php_admin_value[session.save_path]" = "/var/lib/php/sessions/patrick_fodella_altermondia";
+ "php_admin_value[open_basedir]" = "${binEnv}:${builtins.concatStringsSep ":" binEnvPaths}:${varDir}:/tmp";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=PatrickFodella:Altermondia:'";
};
phpOptions = config.services.phpfpm.phpOptions + ''
disable_functions = "mail"
'';
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
services.websites.env.production.modules = [ "proxy_fcgi" ];
services.websites.env.production.vhostConfs.patrick_fodella_altermondia = {
config = lib.mkIf cfg.enable {
services.webstats.sites = [ { name = "ecolyeu-pessicart-nice.fr"; } ];
- system.activationScripts.patrick_fodella_ecolyeu = {
- deps = [ "httpd" ];
- text = ''
- install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/patrick_fodella_ecolyeu
- '';
- };
systemd.services.phpfpm-patrick_fodella_ecolyeu.after = lib.mkAfter [ "mysql.service" ];
systemd.services.phpfpm-patrick_fodella_ecolyeu.wants = [ "mysql.service" ];
services.phpfpm.pools.patrick_fodella_ecolyeu = {
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "3";
- "php_admin_value[open_basedir]" = "/var/lib/php/sessions/patrick_fodella_ecolyeu:${varDir}:/tmp";
- "php_admin_value[session.save_path]" = "/var/lib/php/sessions/patrick_fodella_ecolyeu";
+ "php_admin_value[open_basedir]" = "${varDir}:/tmp";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=PatrickFodella:Altermondia:'";
};
phpOptions = config.services.phpfpm.phpOptions + ''
disable_functions = "mail"
'';
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
services.websites.env.production.modules = [ "proxy_fcgi" ];
services.websites.env.production.vhostConfs.patrick_fodella_ecolyeu = {
phpRoot = "${ftpRoot}/php";
webRoot = "${phpRoot}/web";
varDir = "${ftpRoot}/var";
- sessionDir = "${ftpRoot}/sessions";
packagePath = "/var/lib/ftp/release.immae.eu/buildbot/Piedsjaloux";
branch = "test";
in {
config.secrets.fullPaths."websites/piedsjaloux/integration"
"/tmp"
];
- "php_admin_value[session.save_path]" = sessionDir;
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=PiedsJaloux:Integration:'";
"php_admin_value[upload_max_filesize]" = "20M";
"php_admin_value[post_max_size]" = "20M";
#"php_admin_flag[log_errors]" = "on";
phpEnv = {
SYMFONY_DEBUG_MODE = "\"yes\"";
};
- phpPackage = pkgs.php74;
+ phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
systemd.services."phpfpm-piedsjaloux_integration" = {
after = lib.mkAfter ["mysql.service"];
system.activationScripts.piedsjaloux_integration = {
deps = ["users"];
text = ''
- install -m 0700 -o ${config.services.httpd.Inte.user} -g ${config.services.httpd.Inte.group} -d ${ftpRoot} ${sessionDir}
+ install -m 0700 -o ${config.services.httpd.Inte.user} -g ${config.services.httpd.Inte.group} -d ${ftpRoot}
'';
};
phpRoot = "${ftpRoot}/php";
webRoot = "${phpRoot}/web";
varDir = "${ftpRoot}/var";
- sessionDir = "${ftpRoot}/sessions";
packagePath = "/var/lib/ftp/release.immae.eu/buildbot/Piedsjaloux";
branch = "master";
in {
config.secrets.fullPaths."websites/piedsjaloux/production"
"/tmp"
];
- "php_admin_value[session.save_path]" = sessionDir;
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=PiedsJaloux:Production:'";
"php_admin_value[upload_max_filesize]" = "20M";
"php_admin_value[post_max_size]" = "20M";
#"php_admin_flag[log_errors]" = "on";
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "3";
};
- phpPackage = pkgs.php74;
+ phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
systemd.services."phpfpm-piedsjaloux_production" = {
after = lib.mkAfter ["mysql.service"];
system.activationScripts.piedsjaloux_production = {
deps = ["users"];
text = ''
- install -m 0700 -o ${config.services.httpd.Prod.user} -g ${config.services.httpd.Prod.group} -d ${ftpRoot} ${sessionDir}
+ install -m 0700 -o ${config.services.httpd.Prod.user} -g ${config.services.httpd.Prod.group} -d ${ftpRoot}
'';
};
config = lib.mkIf cfg.enable {
services.webstats.sites = [ { name = "ressourcerie-banon.org"; } ];
- system.activationScripts.ressourcerie_banon = {
- deps = [ "httpd" ];
- text = ''
- install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/ressourcerie_banon
- '';
- };
systemd.services.phpfpm-ressourcerie_banon.after = lib.mkAfter [ "mysql.service" ];
systemd.services.phpfpm-ressourcerie_banon.wants = [ "mysql.service" ];
services.phpfpm.pools.ressourcerie_banon = {
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "3";
- "php_admin_value[open_basedir]" = "/var/lib/php/sessions/ressourcerie_banon:${varDir}:/tmp";
- "php_admin_value[session.save_path]" = "/var/lib/php/sessions/ressourcerie_banon";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=RessourcerieBanon:Production:'";
+ "php_admin_value[open_basedir]" = "${varDir}:/tmp";
};
phpOptions = config.services.phpfpm.phpOptions + ''
disable_functions = "mail"
'';
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
services.websites.env.production.modules = [ "proxy_fcgi" ];
services.websites.env.production.vhostConfs.ressourcerie_banon = {
system.activationScripts.richie_production = {
deps = [ "httpd" ];
text = ''
- install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/richie_production
install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${vardir}
'';
};
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "3";
- "php_admin_value[open_basedir]" = "${vardir}:/var/lib/php/sessions/richie_production:${secretPath}:${richieSrc}:/tmp";
- "php_admin_value[session.save_path]" = "/var/lib/php/sessions/richie_production";
+ "php_admin_value[open_basedir]" = "${vardir}:${secretPath}:${richieSrc}:/tmp";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Richie:Production:'";
};
phpEnv = {
PATH = "/run/current-system/sw/bin:${lib.makeBinPath [ pkgs.imagemagick ]}";
phpOptions = config.services.phpfpm.phpOptions + ''
date.timezone = 'Europe/Paris'
'';
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
services.websites.env.production.modules = [ "proxy_fcgi" ];
services.websites.env.production.vhostConfs.richie_production = {
deps = [ "httpd" ];
text = ''
install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/ftp/telio_tortay/logs
- install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/telio_tortay
'';
};
systemd.services.phpfpm-telio_tortay.after = lib.mkAfter [ "mysql.service" ];
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "3";
- "php_admin_value[open_basedir]" = "/var/lib/php/sessions/telio_tortay:${varDir}:/tmp";
- "php_admin_value[session.save_path]" = "/var/lib/php/sessions/telio_tortay";
+ "php_admin_value[open_basedir]" = "${varDir}:/tmp";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=TelioTortay:Production:'";
};
phpOptions = config.services.phpfpm.phpOptions + ''
disable_functions = "mail"
'';
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
services.websites.env.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ];
services.websites.env.production.vhostConfs.telio_tortay = {
"php_admin_value[memory_limit]" = "512M";
"php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:${basedir}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp";
- "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Nextcloud:'";
};
};
in {
in
''
install -m 0755 -o wwwrun -g wwwrun -d ${varDir}
- install -m 0750 -o wwwrun -g wwwrun -d ${varDir}/phpSessions
${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (n: v:
"install -D -m 0644 -o wwwrun -g wwwrun -T ${v} ${varDir}/config/${n}.json"
) confs)}
apacheGroup = config.services.httpd.Prod.group;
toVardir = name: "/var/lib/nextcloud_farm/${name}";
varDirs = lib.mapAttrsToList (name: v: toVardir name) cfg.instances;
- toPhpBaseDir = name: [ cfg.rootDirs."${name}" (toVardir name) ] ++ cfg.rootDirs."${name}".apps;
- phpBaseDir = builtins.concatStringsSep ":" (lib.unique (lib.flatten (lib.mapAttrsToList (name: v: toPhpBaseDir name) cfg.instances)));
+ toPhpBaseDir = name: builtins.concatStringsSep ":" ([ cfg.rootDirs."${name}" (toVardir name) ] ++ cfg.rootDirs."${name}".apps);
toVhost = name: ''
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
SetEnv NEXTCLOUD_CONFIG_DIR "${toVardir name}"
</IfModule>
<FilesMatch "\.php$">
CGIPassAuth on
- SetHandler "proxy:unix:${config.services.phpfpm.pools.nextcloud_farm.socket}|fcgi://localhost"
+ SetHandler "proxy:unix:${config.services.phpfpm.pools.${"nextcloud_farm_" + name}.socket}|fcgi://localhost"
</FilesMatch>
</Directory>
deps = [ "httpd" ];
text = ''
install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${builtins.concatStringsSep " " varDirs}
- install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/nextcloud_farm/phpSessions
'';
};
- systemd.services.phpfpm-nextcloud_farm.after = lib.mkAfter [ "postgresql.service" ];
- systemd.services.phpfpm-nextcloud_farm.wants = [ "postgresql.service" ];
- services.phpfpm.pools.nextcloud_farm = {
+ systemd.services = lib.mapAttrs' (k: v: lib.nameValuePair ("phpfpm-nextcloud_farm_" + k) {
+ after = lib.mkAfter [ "postgresql.service" ];
+ wants = [ "postgresql.service" ];
+ }) cfg.instances;
+ services.phpfpm.pools = lib.mapAttrs' (k: v: lib.nameValuePair ("nextcloud_farm_" + k) {
user = apacheUser;
group = apacheGroup;
- settings = let
- instanceNb = builtins.length (builtins.attrNames cfg.instances);
- in {
+ settings = {
"listen.owner" = apacheUser;
"listen.group" = apacheGroup;
"pm" = "dynamic";
- "pm.max_children" = builtins.toString (60 * instanceNb);
- "pm.start_servers" = builtins.toString (3 * instanceNb);
- "pm.min_spare_servers" = builtins.toString (3 * instanceNb);
- "pm.max_spare_servers" = builtins.toString (5 * instanceNb);
+ "pm.max_children" = "60";
+ "pm.start_servers" = "3";
+ "pm.min_spare_servers" = "3";
+ "pm.max_spare_servers" = "3";
"pm.process_idle_timeout" = "60";
"php_admin_value[output_buffering]" = "0";
"php_value[opcache.revalidate_freq]" = "1";
"php_admin_value[memory_limit]" = "512M";
- "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:${phpBaseDir}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp";
- "php_admin_value[session.save_path]" = "/var/lib/nextcloud_farm/phpSessions";
+ "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:${toPhpBaseDir k}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:NextcloudFarm:${k}:'";
};
inherit phpPackage;
- };
+ }) cfg.instances;
users.users.root.packages = let
toOcc = name: pkgs.writeScriptBin "nextcloud-occ-${name}" ''
#! ${pkgs.stdenv.shell}
{ stdenv, fetchurl, gettext, writeText, env, awl, davical, config }:
rec {
- activationScript = {
- deps = [ "httpd" ];
- text = ''
- install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/davical
- '';
- };
keys."webapps/dav-davical" = {
user = apache.user;
group = apache.group;
# Needed to avoid clashes in browser cookies (same domain)
"php_value[session.name]" = "DavicalPHPSESSID";
- "php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/davical";
+ "php_admin_value[open_basedir]" = "${basedir}:/tmp";
"php_admin_value[include_path]" = "${awl}/inc:${webapp}/inc";
- "php_admin_value[session.save_path]" = "/var/lib/php/sessions/davical";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Davical:'";
"php_flag[magic_quotes_gpc]" = "Off";
"php_flag[register_globals]" = "Off";
"php_admin_value[error_reporting]" = "E_ALL & ~E_NOTICE";
# };
#};
};
- system.activationScripts.davical = davical.activationScript;
secrets.keys = davical.keys;
services.websites.env.tools.modules = davical.apache.modules;
user = config.services.httpd.Tools.user;
group = config.services.httpd.Tools.group;
settings = davical.phpFpm.pool;
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
};
};
gitweb.apache.modules ++
mantisbt.apache.modules;
- system.activationScripts.mantisbt = mantisbt.activationScript;
services.websites.env.tools.vhostConfs.git = {
certName = "eldiron";
addToCerts = true;
user = config.services.httpd.Tools.user;
group = config.services.httpd.Tools.group;
settings = mantisbt.phpFpm.pool;
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
};
};
{ env, mantisbt_2, mantisbt_2-plugins, config }:
rec {
- activationScript = {
- deps = [ "httpd" ];
- text = ''
- install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/mantisbt
- '';
- };
keys."webapps/tools-mantisbt" = {
user = apache.user;
group = apache.group;
"php_admin_value[upload_max_filesize]" = "5000000";
- "php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/mantisbt";
- "php_admin_value[session.save_path]" = "/var/lib/php/sessions/mantisbt";
+ "php_admin_value[open_basedir]" = "${basedir}:/tmp";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:MantisBT:'";
};
};
}
};
};
customVhosts = lib.foldl (o: n: o // n) {} (map toCustomVhost (builtins.attrNames cfg.instances));
- phpPackage = pkgs.php74;
+ phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]);
in
{
options.myServices.tools.kanboard.farm = {
deps = [ "httpd" ];
text = ''
install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${builtins.concatStringsSep " " varDirs}
- install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/kanboard_farm/phpSessions
'';
};
services.phpfpm.pools.kanboard_farm = {
"php_admin_value[memory_limit]" = "512M";
"php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:${phpBaseDir}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp";
- "php_admin_value[session.save_path]" = "/var/lib/kanboard_farm/phpSessions";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:KanboardFarm:'";
};
inherit phpPackage;
};
phpOptions = config.services.phpfpm.phpOptions + ''
date.timezone = 'CET'
'';
- phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.imagick ]);
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.imagick all.redis ]);
};
services.phpfpm.pools.rainloop = {
user = "wwwrun";
group = "wwwrun";
settings = rainloop.phpFpm.pool;
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]);
};
system.activationScripts = {
roundcubemail = roundcubemail.activationScript;
deps = [ "wrappers" ];
text = ''
install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}
- install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/data
'';
};
"php_admin_value[upload_max_filesize]" = "200M";
"php_admin_value[post_max_size]" = "200M";
"php_admin_value[open_basedir]" = "${basedir}:/tmp";
- "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Rainloop:'";
};
};
}
text = ''
install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
${varDir}/cache ${varDir}/logs
- install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
'';
};
keys."webapps/tools-roundcube" = {
"php_admin_value[upload_max_filesize]" = "200M";
"php_admin_value[post_max_size]" = "200M";
"php_admin_value[open_basedir]" = "${basedir}:${apacheHttpd}/conf/mime.types:/tmp";
- "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Roundcubemail:'";
};
};
}
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "10";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:StatusEngine:'";
"php_admin_value[open_basedir]" = "${package}:/tmp:${config.secrets.fullPaths."status_engine_ui"}";
};
- phpPackage = pkgs.php74;
+ phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [ all.redis ]);
};
};
{ webapps, php74, myPhpPackages, lib, forcePhpSocket ? null }:
rec {
- activationScript = {
- deps = [ "httpd" ];
- text = ''
- install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/adminer
- '';
- };
webRoot = webapps.adminer;
phpFpm = rec {
user = apache.user;
group = apache.group;
- phpPackage = php74.withExtensions ({ enabled, all }: (lib.remove all.mysqli enabled) ++ [myPhpPackages.mysqli_pam]);
+ phpPackage = php74.withExtensions ({ enabled, all }: (lib.remove all.mysqli enabled) ++ [myPhpPackages.mysqli_pam all.redis]);
settings = {
"listen.owner" = apache.user;
"listen.group" = apache.group;
#"php_admin_flag[log_errors]" = "on";
# Needed to avoid clashes in browser cookies (same domain)
"php_value[session.name]" = "AdminerPHPSESSID";
- "php_admin_value[open_basedir]" = "${webRoot}:/tmp:/var/lib/php/sessions/adminer";
- "php_admin_value[session.save_path]" = "/var/lib/php/sessions/adminer";
+ "php_admin_value[open_basedir]" = "${webRoot}:/tmp";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Adminer:'";
};
};
apache = rec {
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "10";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Tools:'";
# Needed to avoid clashes in browser cookies (same domain)
"php_value[session.name]" = "ToolsPHPSESSID";
"php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
phpEnv = {
CONTACT_EMAIL = config.myEnv.tools.contact;
};
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]);
};
devtools = {
user = "wwwrun";
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "10";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Devtools:'";
"php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
};
- phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.sqlite3 all.redis all.apcu all.opcache ]);
};
adminer = adminer.phpFpm;
ttrss = {
user = "wwwrun";
group = "wwwrun";
settings = ttrss.phpFpm.pool;
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
wallabag = {
user = "wwwrun";
group = "wwwrun";
settings = wallabag.phpFpm.pool;
- phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
+ phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy all.redis]);
};
yourls = {
user = "wwwrun";
group = "wwwrun";
settings = yourls.phpFpm.pool;
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
rompr = {
user = "wwwrun";
group = "wwwrun";
settings = rompr.phpFpm.pool;
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
shaarli = {
user = "wwwrun";
group = "wwwrun";
settings = shaarli.phpFpm.pool;
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
dmarc-reports = {
user = "wwwrun";
group = "wwwrun";
settings = dmarc-reports.phpFpm.pool;
phpEnv = dmarc-reports.phpFpm.phpEnv;
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
dokuwiki = {
user = "wwwrun";
group = "wwwrun";
settings = dokuwiki.phpFpm.pool;
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
phpbb = {
user = "wwwrun";
group = "wwwrun";
settings = phpbb.phpFpm.pool;
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
ldap = {
user = "wwwrun";
group = "wwwrun";
settings = ldap.phpFpm.pool;
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
kanboard = {
user = "wwwrun";
group = "wwwrun";
settings = kanboard.phpFpm.pool;
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
grocy = {
user = "wwwrun";
group = "wwwrun";
settings = grocy.phpFpm.pool;
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
};
system.activationScripts = {
- adminer = adminer.activationScript;
grocy = grocy.activationScript;
ttrss = ttrss.activationScript;
wallabag = wallabag.activationScript;
- yourls = yourls.activationScript;
rompr = rompr.activationScript;
shaarli = shaarli.activationScript;
dokuwiki = dokuwiki.activationScript;
phpbb = phpbb.activationScript;
kanboard = kanboard.activationScript;
- ldap = ldap.activationScript;
};
services.websites.env.tools.watchPaths = [
"pm.max_children" = "60";
"pm.process_idle_timeout" = "60";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:DmarcReports:'";
# Needed to avoid clashes in browser cookies (same domain)
"php_admin_value[open_basedir]" = "${basedir}:/tmp";
};
chown -R ${apache.user}:${apache.user} ${varDir}/config ${varDir}/data
chmod -R 755 ${varDir}/config ${varDir}/data
fi
- install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
'';
};
chatonsHostingProperties = {
# Needed to avoid clashes in browser cookies (same domain)
"php_value[session.name]" = "DokuwikiPHPSESSID";
"php_admin_value[open_basedir]" = "${basedir}:/tmp";
- "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Dokuwiki:'";
};
};
}
deps = [ "wrappers" ];
text = ''
install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}/data
- install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
'';
};
webRoot = grocy.webRoot;
# Needed to avoid clashes in browser cookies (same domain)
"php_value[session.name]" = "grocyPHPSESSID";
"php_admin_value[open_basedir]" = "${basedir}:/tmp";
- "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Grocy:'";
};
};
}
deps = [ "wrappers" ];
text = ''
install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}/data
- install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
install -TDm644 ${webRoot}/dataold/.htaccess ${varDir}/data/.htaccess
install -TDm644 ${webRoot}/dataold/web.config ${varDir}/data/web.config
'';
# Needed to avoid clashes in browser cookies (same domain)
"php_value[session.name]" = "KanboardPHPSESSID";
"php_admin_value[open_basedir]" = "${basedir}:/tmp";
- "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Kanboard:'";
};
};
}
{ lib, php, env, writeText, phpldapadmin, config }:
rec {
- activationScript = {
- deps = [ "httpd" ];
- text = ''
- install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/phpldapadmin
- '';
- };
keys."webapps/tools-ldap" = {
user = apache.user;
group = apache.group;
# Needed to avoid clashes in browser cookies (same domain)
"php_value[session.name]" = "LdapPHPSESSID";
- "php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/phpldapadmin";
- "php_admin_value[session.save_path]" = "/var/lib/php/sessions/phpldapadmin";
+ "php_admin_value[open_basedir]" = "${basedir}:/tmp";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:PhpLDAPAdmin:'";
};
};
}
cp -a ${phpbb}/vars/* ${varDir}
chown -R ${apache.user}:${apache.user} ${varDir}
fi
- install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
'';
};
chatonsHostingProperties = {
# Needed to avoid clashes in browser cookies (same domain)
"php_value[session.name]" = "PhpBBPHPSESSID";
"php_admin_value[open_basedir]" = "${basedir}:/tmp";
- "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:PhpBB:'";
};
};
}
varDir = "/var/lib/rompr";
activationScript = ''
install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
- ${varDir}/prefs ${varDir}/albumart ${varDir}/phpSessions
+ ${varDir}/prefs ${varDir}/albumart
'';
webRoot = rompr;
apache = rec {
# Needed to avoid clashes in browser cookies (same domain)
"php_value[session.name]" = "RomprPHPSESSID";
"php_admin_value[open_basedir]" = "${basedir}:/tmp";
- "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Rompr:'";
"php_flag[magic_quotes_gpc]" = "Off";
"php_flag[track_vars]" = "On";
"php_flag[register_globals]" = "Off";
in rec {
activationScript = ''
install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
- ${varDir}/cache ${varDir}/pagecache ${varDir}/tmp ${varDir}/data \
- ${varDir}/phpSessions
+ ${varDir}/cache ${varDir}/pagecache ${varDir}/tmp ${varDir}/data
'';
webRoot = shaarli varDir;
apache = rec {
# Needed to avoid clashes in browser cookies (same domain)
"php_value[session.name]" = "ShaarliPHPSESSID";
"php_admin_value[open_basedir]" = "${basedir}:/tmp";
- "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Shaarli:'";
"php_admin_value[upload_max_filesize]" = "200M";
"php_admin_value[post_max_size]" = "200M";
};
${varDir}/cache/simplepie/ \
${varDir}/cache/upload/
touch ${varDir}/feed-icons/index.html
- install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
'';
};
chatonsProperties = {
# Needed to avoid clashes in browser cookies (same domain)
"php_value[session.name]" = "TtrssPHPSESSID";
"php_admin_value[open_basedir]" = "${basedir}:/tmp";
- "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:TTRSS:'";
};
};
}
# Needed to avoid clashes in browser cookies (same domain)
"php_value[session.name]" = "WallabagPHPSESSID";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Wallabag:'";
"php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:${basedir}:/tmp";
"php_value[max_execution_time]" = "300";
};
{ env, yourls, yourls-plugins, config }:
rec {
- activationScript = {
- deps = [ "httpd" ];
- text = ''
- install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/yourls
- '';
- };
keys."webapps/tools-yourls" = {
user = apache.user;
group = apache.group;
# Needed to avoid clashes in browser cookies (same domain)
"php_value[session.name]" = "YourlsPHPSESSID";
- "php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/yourls";
- "php_admin_value[session.save_path]" = "/var/lib/php/sessions/yourls";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Yourls:'";
+ "php_admin_value[open_basedir]" = "${basedir}:/tmp";
};
};
}
Mode to apply to the vardir
'';
};
- phpSession = mkOption {
- type = bool;
- default = true;
- description = "Handle phpsession files separately in vardir";
- };
phpListen = mkOption {
type = nullOr str;
default = null;
"listen.group" = icfg.httpdGroup;
"php_admin_value[open_basedir]" = builtins.concatStringsSep ":" ([icfg.app icfg.varDir] ++ icfg.phpWatchFiles ++ icfg.phpOpenbasedir);
}
- // optionalAttrs (icfg.phpSession) { "php_admin_value[session.save_path]" = "${icfg.varDir}/phpSessions"; }
// icfg.phpPool;
phpOptions = config.services.phpfpm.phpOptions + icfg.phpOptions;
inherit (icfg) phpEnv phpPackage;
deps = [];
text = optionalString (!isNull icfg.varDir) ''
install -m ${icfg.mode} -o ${icfg.httpdUser} -g ${icfg.httpdGroup} -d ${icfg.varDir}
- '' + optionalString (icfg.phpSession) ''
- install -m 0700 -o ${icfg.httpdUser} -g ${icfg.httpdGroup} -d ${icfg.varDir}/phpSessions
'' + builtins.concatStringsSep "\n" (attrsets.mapAttrsToList (n: v: ''
install -m ${v} -o ${icfg.httpdUser} -g ${icfg.httpdGroup} -d ${icfg.varDir}/${n}
'') icfg.varDirPaths);