mailTool = ./websites/tools/mail;
statsTool = ./websites/tools/stats;
visioTool = ./websites/tools/visio;
+ kanboadFarmTool = ./websites/tools/kanboard/farm.nix;
# Games
codenamesGame = ./websites/tools/games/codenames;
};
};
+ myServices.tools.kanboard.farm.instances.tonnelle = null;
myServices.websites = {
bakeer.cloud.enable = true;
capitaines.landing_pages.enable = true;
--- /dev/null
+{ lib, pkgs, config, ... }:
+let
+ cfg = config.myServices.tools.kanboard.farm;
+ apacheUser = config.services.httpd.Tools.user;
+ apacheGroup = config.services.httpd.Tools.group;
+ toVardir = name: "/var/lib/kanboard_farm/${name}";
+ varDirs = lib.mapAttrsToList (name: v: toVardir name) cfg.instances;
+ toPhpBaseDir = name: [ rootDir (toVardir name) ];
+ phpBaseDir = builtins.concatStringsSep ":" (lib.unique (lib.flatten (lib.mapAttrsToList (name: v: toPhpBaseDir name) cfg.instances)));
+ rootDir = pkgs.kanboard;
+
+ toVhost = name: ''
+ Alias /${name} "${rootDir}"
+ <Location /${name}>
+ SetEnv DATA_DIR "${toVardir name}"
+ SetEnv MAIL_FROM "kanboard@tools.immae.eu"
+ </Location>
+ '';
+ phpPackage = pkgs.php74;
+in
+{
+ options.myServices.tools.kanboard.farm = {
+ instances = lib.mkOption {
+ description = "Instances names for the kanboard Farm";
+ default = {};
+ type = lib.types.attrsOf (lib.types.submodule {
+ options = {};
+ });
+ };
+ vhosts = lib.mkOption {
+ description = "Instance vhosts configs";
+ readOnly = true;
+ type = lib.types.attrsOf lib.types.str;
+ default = lib.mapAttrs (name: v: toVhost name) cfg.instances;
+ };
+ };
+
+ config = lib.mkIf (builtins.length (builtins.attrNames cfg.instances) > 0) {
+ system.activationScripts.kanboard_farm_vardirs = {
+ deps = [ "httpd" ];
+ text = ''
+ install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${builtins.concatStringsSep " " varDirs}
+ install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/kanboard_farm/phpSessions
+ '';
+ };
+ services.phpfpm.pools.kanboard_farm = {
+ user = apacheUser;
+ group = apacheGroup;
+ settings = let
+ instanceNb = builtins.length (builtins.attrNames cfg.instances);
+ in {
+ "listen.owner" = apacheUser;
+ "listen.group" = apacheGroup;
+ "pm" = "dynamic";
+ "pm.max_children" = builtins.toString (60 * instanceNb);
+ "pm.start_servers" = builtins.toString (2 * instanceNb);
+ "pm.min_spare_servers" = builtins.toString (2 * instanceNb);
+ "pm.max_spare_servers" = builtins.toString (3 * instanceNb);
+ "pm.process_idle_timeout" = "60";
+
+ "php_admin_value[output_buffering]" = "0";
+ "php_admin_value[max_execution_time]" = "1800";
+ "php_admin_value[zend_extension]" = "opcache";
+ "php_value[apcu.enable_cli]" = "1";
+ "php_value[apcu.enabled]" = "1";
+ #already enabled by default?
+ #"php_value[opcache.enable]" = "1";
+ "php_value[opcache.enable_cli]" = "1";
+ "php_value[opcache.interned_strings_buffer]" = "8";
+ "php_value[opcache.max_accelerated_files]" = "10000";
+ "php_value[opcache.memory_consumption]" = "128";
+ "php_value[opcache.save_comments]" = "1";
+ "php_value[opcache.revalidate_freq]" = "1";
+ "php_admin_value[memory_limit]" = "512M";
+
+ "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:${phpBaseDir}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp";
+ "php_admin_value[session.save_path]" = "/var/lib/kanboard_farm/phpSessions";
+ };
+ inherit phpPackage;
+ };
+ services.websites.env.tools.vhostConfs.kanboard = {
+ certName = "eldiron";
+ addToCerts = true;
+ hosts = ["kanboard.immae.eu"];
+ root = null;
+ extraConfig = [
+ ''
+ <Directory "${rootDir}">
+ DirectoryIndex index.php
+ AllowOverride All
+ Options FollowSymlinks
+ Require all granted
+
+ <FilesMatch "\.php$">
+ SetHandler "proxy:unix:${config.services.phpfpm.pools.kanboard_farm.socket}|fcgi://localhost"
+ </FilesMatch>
+ </Directory>
+ <DirectoryMatch "${rootDir}/data">
+ Require all denied
+ </DirectoryMatch>
+ ''
+ ] ++ builtins.attrValues cfg.vhosts;
+ };
+ };
+}
group = apache.group;
permissions = "0400";
text = ''
- <?php
- define('MAIL_FROM', 'kanboard@tools.immae.eu');
+ SetEnv MAIL_FROM "kanboard@tools.immae.eu"
- define('DB_DRIVER', 'postgres');
- define('DB_USERNAME', '${env.postgresql.user}');
- define('DB_PASSWORD', '${env.postgresql.password}');
- define('DB_HOSTNAME', '${env.postgresql.socket}');
- define('DB_NAME', '${env.postgresql.database}');
+ SetEnv DB_DRIVER "postgres"
+ SetEnv DB_USERNAME "${env.postgresql.user}"
+ SetEnv DB_PASSWORD "${env.postgresql.password}"
+ SetEnv DB_HOSTNAME "${env.postgresql.socket}"
+ SetEnv DB_NAME "${env.postgresql.database}"
- define('DATA_DIR', '${varDir}');
- define('LDAP_AUTH', true);
- define('LDAP_SERVER', '${env.ldap.host}');
- define('LDAP_START_TLS', true);
+ SetEnv DATA_DIR "${varDir}"
+ SetEnv LDAP_AUTH "true"
+ SetEnv LDAP_SERVER "${env.ldap.host}"
+ SetEnv LDAP_START_TLS "true"
- define('LDAP_BIND_TYPE', 'proxy');
- define('LDAP_USERNAME', '${env.ldap.dn}');
- define('LDAP_PASSWORD', '${env.ldap.password}');
- define('LDAP_USER_BASE_DN', '${env.ldap.base}');
- define('LDAP_USER_FILTER', '${env.ldap.filter}');
- define('LDAP_GROUP_ADMIN_DN', '${env.ldap.admin_dn}');
- ?>
+ SetEnv LDAP_BIND_TYPE "proxy"
+ SetEnv LDAP_USERNAME "${env.ldap.dn}"
+ SetEnv LDAP_PASSWORD "${env.ldap.password}"
+ SetEnv LDAP_USER_BASE_DN "${env.ldap.base}"
+ SetEnv LDAP_USER_FILTER "${env.ldap.filter}"
+ SetEnv LDAP_GROUP_ADMIN_DN "${env.ldap.admin_dn}"
'';
};
- webRoot = kanboard { kanboard_config = config.secrets.fullPaths."webapps/tools-kanboard"; };
+ webRoot = kanboard;
apache = rec {
user = "wwwrun";
group = "wwwrun";
root = webRoot;
vhostConf = socket: ''
Alias /kanboard "${root}"
+ <Location /kanboard>
+ Include ${config.secrets.fullPaths."webapps/tools-kanboard"}
+ </Location>
<Directory "${root}">
DirectoryIndex index.php
AllowOverride All
};
phpFpm = rec {
serviceDeps = [ "postgresql.service" "openldap.service" ];
- basedir = builtins.concatStringsSep ":" [ webRoot varDir config.secrets.fullPaths."webapps/tools-kanboard" ];
+ basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
pool = {
"listen.owner" = apache.user;
"listen.group" = apache.group;
self: super: {
- kanboard = { kanboard_config ? "/etc/kanboard/config.php" }:
- super.kanboard.overrideAttrs(old: rec {
- name = "kanboard-${version}";
- version = "1.2.9";
- src = self.fetchFromGitHub {
- owner = "kanboard";
- repo = "kanboard";
- rev = "c4152316b14936556edf3bcc4d11f16ba31b8ae7";
- sha256 = "1hdr95cpxgdzrzhffs63gdl0g7122ma2zg8bkqwp42p5xphx0xan";
- };
- installPhase = ''
- cp -a . $out
- ln -s ${kanboard_config} $out/config.php
- mv $out/data $out/dataold
- '';
- });
+ kanboard = super.kanboard.overrideAttrs(old: rec {
+ name = "kanboard-${version}";
+ version = "1.2.21";
+ src = self.fetchFromGitHub {
+ owner = "kanboard";
+ repo = "kanboard";
+ rev = "ee18479b7e019e6415d7b095da629932ee1b3fd5";
+ sha256 = "00pnpq5qgxpb2f9la58ycvx5kx3pmcvpssh6lwgpcdk04yciw8nh";
+ };
+ installPhase = ''
+ cp -a . $out
+ mv $out/data $out/dataold
+ '';
+ });
}