[perso/Immae/Config/Nix.git] / modules / private / websites / tools / performance / default.nix

{ pkgs, lib, config, ... }:
let
  env = config.myEnv.tools.status_engine;
  package = pkgs.status_engine.interface.override({ config_file = config.secrets.fullPaths."status_engine_ui"; });
  apacheRoot = "${package}/public";
  cfg = config.myServices.websites.tools.performance;
in
{
  options.myServices.websites.tools.performance = {
    enable = lib.mkEnableOption "Enable performance website";
  };

  config = lib.mkIf cfg.enable {
    secrets.keys = {
      status_engine_ui = {
        permissions = "0400";
        user = "wwwrun";
        group = "wwwrun";
        text = ''
          allow_anonymous: 0
          anonymous_can_submit_commands: 0
          urls_without_login:
            - login
            - loginstate
          auth_type: ldap
          ldap_server: ${env.ldap.host}
          ldap_use_ssl: 1
          ldap_port: 636
          ldap_bind_dn: ${env.ldap.dn}
          ldap_bind_password: ${env.ldap.password}
          ldap_base_dn: ${env.ldap.base}
          ldap_filter: "${env.ldap.filter}"
          ldap_attribute:
            - memberOf
          use_crate: 0
          use_mysql: 1
          mysql:
              host: 127.0.0.1
              port: ${env.mysql.port}
              username: ${env.mysql.user}
              password: ${env.mysql.password}
              database: ${env.mysql.database}
          display_perfdata: 1
          perfdata_backend: mysql
        '';
      };
    };

    services.websites.env.tools.modules = [ "proxy_fcgi" ];

    services.websites.env.tools.vhostConfs.performance = {
      certName   = "eldiron";
      addToCerts = true;
      hosts      = [ "performance.immae.eu" ];
      root       = apacheRoot;
      extraConfig = [
        ''
          <Directory ${apacheRoot}>
            DirectoryIndex index.html
            AllowOverride None
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${config.services.phpfpm.pools.status_engine.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
        ''
      ];
    };

    services.phpfpm.pools.status_engine = {
      user = "wwwrun";
      group = "wwwrun";
      settings = {
        "listen.owner" = "wwwrun";
        "listen.group" = "wwwrun";
        "pm" = "dynamic";
        "pm.max_children" = "60";
        "pm.start_servers" = "2";
        "pm.min_spare_servers" = "1";
        "pm.max_spare_servers" = "10";

        "php_admin_value[open_basedir]" = "${package}:/tmp:${config.secrets.fullPaths."status_engine_ui"}";
      };
      phpPackage = pkgs.php74;
    };

  };
}
Commit	Line	Data
a97118c4 IB	1	{ pkgs, lib, config, ... }:
	2	let
	3	env = config.myEnv.tools.status_engine;
	4	package = pkgs.status_engine.interface.override({ config_file = config.secrets.fullPaths."status_engine_ui"; });
	5	apacheRoot = "${package}/public";
	6	cfg = config.myServices.websites.tools.performance;
	7	in
	8	{
	9	options.myServices.websites.tools.performance = {
	10	enable = lib.mkEnableOption "Enable performance website";
	11	};
	12
	13	config = lib.mkIf cfg.enable {
4c4652aa IB	14	secrets.keys = {
4c4652aa IB	15	status_engine_ui = {
a97118c4 IB	16	permissions = "0400";
	17	user = "wwwrun";
	18	group = "wwwrun";
	19	text = ''
	20	allow_anonymous: 0
	21	anonymous_can_submit_commands: 0
	22	urls_without_login:
	23	- login
	24	- loginstate
	25	auth_type: ldap
	26	ldap_server: ${env.ldap.host}
	27	ldap_use_ssl: 1
	28	ldap_port: 636
	29	ldap_bind_dn: ${env.ldap.dn}
	30	ldap_bind_password: ${env.ldap.password}
	31	ldap_base_dn: ${env.ldap.base}
	32	ldap_filter: "${env.ldap.filter}"
	33	ldap_attribute:
	34	- memberOf
	35	use_crate: 0
	36	use_mysql: 1
	37	mysql:
	38	host: 127.0.0.1
	39	port: ${env.mysql.port}
	40	username: ${env.mysql.user}
	41	password: ${env.mysql.password}
	42	database: ${env.mysql.database}
	43	display_perfdata: 1
	44	perfdata_backend: mysql
	45	'';
4c4652aa IB	46	};
4c4652aa IB	47	};
a97118c4 IB	48
	49	services.websites.env.tools.modules = [ "proxy_fcgi" ];
	50
	51	services.websites.env.tools.vhostConfs.performance = {
	52	certName = "eldiron";
	53	addToCerts = true;
	54	hosts = [ "performance.immae.eu" ];
	55	root = apacheRoot;
	56	extraConfig = [
	57	''
	58	<Directory ${apacheRoot}>
	59	DirectoryIndex index.html
	60	AllowOverride None
	61	Require all granted
	62	<FilesMatch "\.php$">
	63	SetHandler "proxy:unix:${config.services.phpfpm.pools.status_engine.socket}\|fcgi://localhost"
	64	</FilesMatch>
	65	</Directory>
	66	''
	67	];
	68	};
	69
	70	services.phpfpm.pools.status_engine = {
	71	user = "wwwrun";
	72	group = "wwwrun";
	73	settings = {
	74	"listen.owner" = "wwwrun";
	75	"listen.group" = "wwwrun";
	76	"pm" = "dynamic";
	77	"pm.max_children" = "60";
	78	"pm.start_servers" = "2";
	79	"pm.min_spare_servers" = "1";
	80	"pm.max_spare_servers" = "10";
	81
da30ae4f	82	"php_admin_value[open_basedir]" = "${package}:/tmp:${config.secrets.fullPaths."status_engine_ui"}";
a97118c4 IB	83	};
	84	phpPackage = pkgs.php74;
	85	};
	86
	87	};
	88	}