[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix

{ lib, pkgs, config, ... }:
let
  adminer = pkgs.callPackage ./adminer.nix {
    inherit (pkgs.webapps) adminer;
  };
  ympd = pkgs.callPackage ./ympd.nix {
    env = config.myEnv.tools.ympd;
  };
  ttrss = pkgs.callPackage ./ttrss.nix {
    inherit (pkgs.webapps) ttrss ttrss-plugins;
    env = config.myEnv.tools.ttrss;
  };
  kanboard = pkgs.callPackage ./kanboard.nix  {
    env = config.myEnv.tools.kanboard;
  };
  wallabag = pkgs.callPackage ./wallabag.nix {
    inherit (pkgs.webapps) wallabag;
    env = config.myEnv.tools.wallabag;
  };
  yourls = pkgs.callPackage ./yourls.nix {
    inherit (pkgs.webapps) yourls yourls-plugins;
    env = config.myEnv.tools.yourls;
  };
  rompr = pkgs.callPackage ./rompr.nix {
    inherit (pkgs.webapps) rompr;
    env = config.myEnv.tools.rompr;
  };
  shaarli = pkgs.callPackage ./shaarli.nix {
    env = config.myEnv.tools.shaarli;
  };
  dokuwiki = pkgs.callPackage ./dokuwiki.nix {
    inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
  };
  ldap = pkgs.callPackage ./ldap.nix {
    inherit (pkgs.webapps) phpldapadmin;
    env = config.myEnv.tools.phpldapadmin;
  };
  grocy = pkgs.callPackage ./grocy.nix {
    inherit (pkgs.webapps) grocy;
  };

  cfg = config.myServices.websites.tools.tools;
in {
  options.myServices.websites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    secrets.keys =
      kanboard.keys
      ++ ldap.keys
      ++ shaarli.keys
      ++ ttrss.keys
      ++ wallabag.keys
      ++ yourls.keys;

    services.duplyBackup.profiles = {
      dokuwiki = dokuwiki.backups;
      grocy = grocy.backups;
      kanboard = kanboard.backups;
      rompr = rompr.backups;
      shaarli = shaarli.backups;
      ttrss = ttrss.backups;
      wallabag = wallabag.backups;
    };

    services.websites.env.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    services.websites.env.integration.vhostConfs.devtools = {
      certName     = "integration";
      certMainHost = "devtools.immae.eu";
      addToCerts   = true;
      hosts        = [ "devtools.immae.eu" ];
      root         = "/var/lib/ftp/devtools.immae.eu";
      extraConfig  = [
        ''
          Timeout 600
          ProxyTimeout 600
          <Directory "/var/lib/ftp/devtools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:/var/run/phpfpm/devtools.sock|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
      ];
    };

    services.websites.env.tools.vhostConfs.tools = {
      certName    = "eldiron";
      addToCerts  = true;
      hosts       = ["tools.immae.eu" ];
      root        = "/var/lib/ftp/tools.immae.eu";
      extraConfig = [
        ''
          RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1
          RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1
          RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

          <Directory "/var/lib/ftp/tools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:/var/run/phpfpm/tools.sock|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        adminer.apache.vhostConf
        ympd.apache.vhostConf
        ttrss.apache.vhostConf
        wallabag.apache.vhostConf
        yourls.apache.vhostConf
        rompr.apache.vhostConf
        shaarli.apache.vhostConf
        dokuwiki.apache.vhostConf
        ldap.apache.vhostConf
        kanboard.apache.vhostConf
        grocy.apache.vhostConf
      ];
    };

    services.websites.env.tools.vhostConfs.outils = {
      certName   = "eldiron";
      addToCerts = true;
      hosts      = [ "outils.immae.eu" ];
      root       = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1

        RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

        RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    systemd.services = {
      phpfpm-dokuwiki = {
        after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
        wants = dokuwiki.phpFpm.serviceDeps;
      };
      phpfpm-kanboard = {
        after = lib.mkAfter kanboard.phpFpm.serviceDeps;
        wants = kanboard.phpFpm.serviceDeps;
      };
      phpfpm-ldap = {
        after = lib.mkAfter ldap.phpFpm.serviceDeps;
        wants = ldap.phpFpm.serviceDeps;
      };
      phpfpm-shaarli = {
        after = lib.mkAfter shaarli.phpFpm.serviceDeps;
        wants = shaarli.phpFpm.serviceDeps;
      };
      phpfpm-ttrss = {
        after = lib.mkAfter ttrss.phpFpm.serviceDeps;
        wants = ttrss.phpFpm.serviceDeps;
      };
      phpfpm-wallabag = {
        after = lib.mkAfter wallabag.phpFpm.serviceDeps;
        wants = wallabag.phpFpm.serviceDeps;
        preStart = lib.mkAfter wallabag.phpFpm.preStart;
      };
      phpfpm-yourls = {
        after = lib.mkAfter yourls.phpFpm.serviceDeps;
        wants = yourls.phpFpm.serviceDeps;
      };
      ympd = {
        description = "Standalone MPD Web GUI written in C";
        wantedBy = [ "multi-user.target" ];
        script = ''
          export MPD_PASSWORD=$(cat /var/secrets/mpd)
          ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
          '';
      };
      tt-rss = {
        description = "Tiny Tiny RSS feeds update daemon";
        serviceConfig = {
          User = "wwwrun";
          ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
          StandardOutput = "syslog";
          StandardError = "syslog";
          PermissionsStartOnly = true;
        };

        wantedBy = [ "multi-user.target" ];
        requires = ["postgresql.service"];
        after = ["network.target" "postgresql.service"];
      };
    };

    services.filesWatcher.ympd = {
      restart = true;
      paths = [ "/var/secrets/mpd" ];
    };

    services.phpfpm.pools = {
      tools = {
        listen = "/var/run/phpfpm/tools.sock";
        extraConfig = ''
          user = wwwrun
          group = wwwrun
          listen.owner = wwwrun
          listen.group = wwwrun
          pm = dynamic
          pm.max_children = 60
          pm.start_servers = 2
          pm.min_spare_servers = 1
          pm.max_spare_servers = 10

          ; Needed to avoid clashes in browser cookies (same domain)
          php_value[session.name] = ToolsPHPSESSID
          php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
          '';
      };
      devtools = {
        listen = "/var/run/phpfpm/devtools.sock";
        extraConfig = ''
          user = wwwrun
          group = wwwrun
          listen.owner = wwwrun
          listen.group = wwwrun
          pm = dynamic
          pm.max_children = 60
          pm.start_servers = 2
          pm.min_spare_servers = 1
          pm.max_spare_servers = 10

          php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp"
          '';
        phpOptions = config.services.phpfpm.phpOptions + ''
          extension=${pkgs.php}/lib/php/extensions/mysqli.so
          extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
          extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
          zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
          '';
      };
      adminer = {
        listen = adminer.phpFpm.socket;
        extraConfig = adminer.phpFpm.pool;
      };
      ttrss = {
        listen = ttrss.phpFpm.socket;
        extraConfig = ttrss.phpFpm.pool;
      };
      wallabag = {
        listen = wallabag.phpFpm.socket;
        extraConfig = wallabag.phpFpm.pool;
      };
      yourls = {
        listen = yourls.phpFpm.socket;
        extraConfig = yourls.phpFpm.pool;
      };
      rompr = {
        listen = rompr.phpFpm.socket;
        extraConfig = rompr.phpFpm.pool;
      };
      shaarli = {
        listen = shaarli.phpFpm.socket;
        extraConfig = shaarli.phpFpm.pool;
      };
      dokuwiki = {
        listen = dokuwiki.phpFpm.socket;
        extraConfig = dokuwiki.phpFpm.pool;
      };
      ldap = {
        listen = ldap.phpFpm.socket;
        extraConfig = ldap.phpFpm.pool;
      };
      kanboard = {
        listen = kanboard.phpFpm.socket;
        extraConfig = kanboard.phpFpm.pool;
      };
      grocy = {
        listen = grocy.phpFpm.socket;
        extraConfig = grocy.phpFpm.pool;
      };
    };

    system.activationScripts = {
      adminer = adminer.activationScript;
      grocy = grocy.activationScript;
      ttrss = ttrss.activationScript;
      wallabag = wallabag.activationScript;
      yourls = yourls.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      kanboard = kanboard.activationScript;
      ldap = ldap.activationScript;
    };

    myServices.websites.webappDirs = {
      _adminer = adminer.webRoot;
      "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
      "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
      "${rompr.apache.webappName}" = rompr.webRoot;
      "${shaarli.apache.webappName}" = shaarli.webRoot;
      "${ttrss.apache.webappName}" = ttrss.webRoot;
      "${wallabag.apache.webappName}" = wallabag.webRoot;
      "${yourls.apache.webappName}" = yourls.webRoot;
      "${kanboard.apache.webappName}" = kanboard.webRoot;
      "${grocy.apache.webappName}" = grocy.webRoot;
    };

    services.websites.env.tools.watchPaths = [
      "/var/secrets/webapps/tools-shaarli"
    ];
    services.filesWatcher.phpfpm-wallabag = {
      restart = true;
      paths = [ "/var/secrets/webapps/tools-wallabag" ];
    };
  };
}
Commit	Line	Data
ab8f306d	1	{ lib, pkgs, config, ... }:
10889174	2	let
4288c2f2 IB	3	adminer = pkgs.callPackage ./adminer.nix {
	4	inherit (pkgs.webapps) adminer;
	5	};
	6	ympd = pkgs.callPackage ./ympd.nix {
ab8f306d	7	env = config.myEnv.tools.ympd;
4288c2f2 IB	8	};
	9	ttrss = pkgs.callPackage ./ttrss.nix {
	10	inherit (pkgs.webapps) ttrss ttrss-plugins;
ab8f306d	11	env = config.myEnv.tools.ttrss;
4288c2f2	12	};
4288c2f2	13	kanboard = pkgs.callPackage ./kanboard.nix {
ab8f306d	14	env = config.myEnv.tools.kanboard;
4288c2f2 IB	15	};
	16	wallabag = pkgs.callPackage ./wallabag.nix {
	17	inherit (pkgs.webapps) wallabag;
ab8f306d	18	env = config.myEnv.tools.wallabag;
4288c2f2 IB	19	};
	20	yourls = pkgs.callPackage ./yourls.nix {
	21	inherit (pkgs.webapps) yourls yourls-plugins;
ab8f306d	22	env = config.myEnv.tools.yourls;
4288c2f2 IB	23	};
	24	rompr = pkgs.callPackage ./rompr.nix {
	25	inherit (pkgs.webapps) rompr;
ab8f306d	26	env = config.myEnv.tools.rompr;
4288c2f2 IB	27	};
4288c2f2 IB	28	shaarli = pkgs.callPackage ./shaarli.nix {
ab8f306d	29	env = config.myEnv.tools.shaarli;
4288c2f2 IB	30	};
	31	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
	32	inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
	33	};
	34	ldap = pkgs.callPackage ./ldap.nix {
	35	inherit (pkgs.webapps) phpldapadmin;
ab8f306d	36	env = config.myEnv.tools.phpldapadmin;
4288c2f2	37	};
c7627e14 IB	38	grocy = pkgs.callPackage ./grocy.nix {
	39	inherit (pkgs.webapps) grocy;
	40	};
10889174	41
4288c2f2	42	cfg = config.myServices.websites.tools.tools;
10889174	43	in {
4288c2f2	44	options.myServices.websites.tools.tools = {
10889174 IB	45	enable = lib.mkEnableOption "enable tools website";
	46	};
	47
	48	config = lib.mkIf cfg.enable {
1a718805	49	secrets.keys =
a840a21c	50	kanboard.keys
8db8e666	51	++ ldap.keys
8db8e666 IB	52	++ shaarli.keys
	53	++ ttrss.keys
	54	++ wallabag.keys
	55	++ yourls.keys;
98163486	56
d2e703c5	57	services.duplyBackup.profiles = {
6a8252b1	58	dokuwiki = dokuwiki.backups;
c7627e14	59	grocy = grocy.backups;
6a8252b1 IB	60	kanboard = kanboard.backups;
	61	rompr = rompr.backups;
	62	shaarli = shaarli.backups;
	63	ttrss = ttrss.backups;
	64	wallabag = wallabag.backups;
	65	};
	66
29f8cb85	67	services.websites.env.tools.modules =
1922655a IB	68	[ "proxy_fcgi" ]
1922655a IB	69	++ adminer.apache.modules
10889174 IB	70	++ ympd.apache.modules
10889174 IB	71	++ ttrss.apache.modules
133ebaee	72	++ wallabag.apache.modules
bfe3c9c9	73	++ yourls.apache.modules
95b20e17	74	++ rompr.apache.modules
b892dcbe	75	++ shaarli.apache.modules
f80772dc	76	++ dokuwiki.apache.modules
d4ed0eff IB	77	++ ldap.apache.modules
d4ed0eff IB	78	++ kanboard.apache.modules;
10889174	79
29f8cb85	80	services.websites.env.integration.vhostConfs.devtools = {
0f71cd76 IB	81	certName = "integration";
	82	certMainHost = "devtools.immae.eu";
	83	addToCerts = true;
	84	hosts = [ "devtools.immae.eu" ];
	85	root = "/var/lib/ftp/devtools.immae.eu";
	86	extraConfig = [
0aae0181	87	''
9338c832 IB	88	Timeout 600
9338c832 IB	89	ProxyTimeout 600
0aae0181 IB	90	<Directory "/var/lib/ftp/devtools.immae.eu">
	91	DirectoryIndex index.php index.htm index.html
	92	AllowOverride all
	93	Require all granted
	94	<FilesMatch "\.php$">
	95	SetHandler "proxy:unix:/var/run/phpfpm/devtools.sock\|fcgi://localhost"
	96	</FilesMatch>
	97	</Directory>
	98	''
46f30ecc IB	99	];
	100	};
	101
29f8cb85	102	services.websites.env.tools.vhostConfs.tools = {
10889174	103	certName = "eldiron";
7df420c2	104	addToCerts = true;
10889174	105	hosts = ["tools.immae.eu" ];
1922655a	106	root = "/var/lib/ftp/tools.immae.eu";
10889174	107	extraConfig = [
1922655a	108	''
ea9c6fe8	109	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
afcc5de0	110	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
3f453c7d	111	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
afcc5de0	112
1922655a	113	<Directory "/var/lib/ftp/tools.immae.eu">
0eaac6ba	114	DirectoryIndex index.php index.htm index.html
1922655a IB	115	AllowOverride all
	116	Require all granted
	117	<FilesMatch "\.php$">
	118	SetHandler "proxy:unix:/var/run/phpfpm/tools.sock\|fcgi://localhost"
	119	</FilesMatch>
	120	</Directory>
	121	''
10889174 IB	122	adminer.apache.vhostConf
	123	ympd.apache.vhostConf
	124	ttrss.apache.vhostConf
aebd817b	125	wallabag.apache.vhostConf
133ebaee	126	yourls.apache.vhostConf
bfe3c9c9	127	rompr.apache.vhostConf
95b20e17	128	shaarli.apache.vhostConf
b892dcbe	129	dokuwiki.apache.vhostConf
f80772dc	130	ldap.apache.vhostConf
d4ed0eff	131	kanboard.apache.vhostConf
c7627e14	132	grocy.apache.vhostConf
10889174 IB	133	];
	134	};
	135
29f8cb85	136	services.websites.env.tools.vhostConfs.outils = {
7df420c2 IB	137	certName = "eldiron";
7df420c2 IB	138	addToCerts = true;
0f71cd76	139	hosts = [ "outils.immae.eu" ];
7df420c2	140	root = null;
70606070 IB	141	extraConfig = [
	142	''
	143	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	144
	145	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	146
	147	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	148	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	149
	150	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	151	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	152	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	153	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	154
	155	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	156
afcc5de0 IB	157	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
afcc5de0 IB	158
3f453c7d IB	159	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
3f453c7d IB	160
ea9c6fe8 IB	161	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
ea9c6fe8 IB	162
70606070 IB	163	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	164	''
	165	];
	166	};
	167
f40f5b23 IB	168	systemd.services = {
	169	phpfpm-dokuwiki = {
	170	after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
	171	wants = dokuwiki.phpFpm.serviceDeps;
	172	};
	173	phpfpm-kanboard = {
	174	after = lib.mkAfter kanboard.phpFpm.serviceDeps;
	175	wants = kanboard.phpFpm.serviceDeps;
	176	};
	177	phpfpm-ldap = {
	178	after = lib.mkAfter ldap.phpFpm.serviceDeps;
	179	wants = ldap.phpFpm.serviceDeps;
	180	};
f40f5b23 IB	181	phpfpm-shaarli = {
	182	after = lib.mkAfter shaarli.phpFpm.serviceDeps;
	183	wants = shaarli.phpFpm.serviceDeps;
	184	};
	185	phpfpm-ttrss = {
	186	after = lib.mkAfter ttrss.phpFpm.serviceDeps;
	187	wants = ttrss.phpFpm.serviceDeps;
	188	};
	189	phpfpm-wallabag = {
	190	after = lib.mkAfter wallabag.phpFpm.serviceDeps;
	191	wants = wallabag.phpFpm.serviceDeps;
	192	preStart = lib.mkAfter wallabag.phpFpm.preStart;
	193	};
	194	phpfpm-yourls = {
	195	after = lib.mkAfter yourls.phpFpm.serviceDeps;
	196	wants = yourls.phpFpm.serviceDeps;
	197	};
	198	ympd = {
	199	description = "Standalone MPD Web GUI written in C";
	200	wantedBy = [ "multi-user.target" ];
	201	script = ''
	202	export MPD_PASSWORD=$(cat /var/secrets/mpd)
	203	${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
	204	'';
	205	};
	206	tt-rss = {
	207	description = "Tiny Tiny RSS feeds update daemon";
	208	serviceConfig = {
	209	User = "wwwrun";
	210	ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
	211	StandardOutput = "syslog";
	212	StandardError = "syslog";
	213	PermissionsStartOnly = true;
	214	};
	215
	216	wantedBy = [ "multi-user.target" ];
	217	requires = ["postgresql.service"];
	218	after = ["network.target" "postgresql.service"];
	219	};
	220	};
	221
17f6eae9 IB	222	services.filesWatcher.ympd = {
	223	restart = true;
	224	paths = [ "/var/secrets/mpd" ];
	225	};
	226
441da8aa IB	227	services.phpfpm.pools = {
	228	tools = {
	229	listen = "/var/run/phpfpm/tools.sock";
	230	extraConfig = ''
	231	user = wwwrun
	232	group = wwwrun
	233	listen.owner = wwwrun
	234	listen.group = wwwrun
	235	pm = dynamic
	236	pm.max_children = 60
	237	pm.start_servers = 2
	238	pm.min_spare_servers = 1
	239	pm.max_spare_servers = 10
f40f5b23	240
441da8aa IB	241	; Needed to avoid clashes in browser cookies (same domain)
	242	php_value[session.name] = ToolsPHPSESSID
	243	php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
	244	'';
	245	};
	246	devtools = {
	247	listen = "/var/run/phpfpm/devtools.sock";
	248	extraConfig = ''
	249	user = wwwrun
	250	group = wwwrun
	251	listen.owner = wwwrun
	252	listen.group = wwwrun
	253	pm = dynamic
	254	pm.max_children = 60
	255	pm.start_servers = 2
	256	pm.min_spare_servers = 1
	257	pm.max_spare_servers = 10
1922655a	258
441da8aa IB	259	php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp"
	260	'';
	261	phpOptions = config.services.phpfpm.phpOptions + ''
	262	extension=${pkgs.php}/lib/php/extensions/mysqli.so
	263	extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
	264	extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
	265	zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
	266	'';
	267	};
	268	adminer = {
	269	listen = adminer.phpFpm.socket;
	270	extraConfig = adminer.phpFpm.pool;
	271	};
	272	ttrss = {
	273	listen = ttrss.phpFpm.socket;
	274	extraConfig = ttrss.phpFpm.pool;
	275	};
	276	wallabag = {
	277	listen = wallabag.phpFpm.socket;
	278	extraConfig = wallabag.phpFpm.pool;
	279	};
	280	yourls = {
	281	listen = yourls.phpFpm.socket;
	282	extraConfig = yourls.phpFpm.pool;
	283	};
	284	rompr = {
	285	listen = rompr.phpFpm.socket;
	286	extraConfig = rompr.phpFpm.pool;
	287	};
	288	shaarli = {
	289	listen = shaarli.phpFpm.socket;
	290	extraConfig = shaarli.phpFpm.pool;
	291	};
	292	dokuwiki = {
	293	listen = dokuwiki.phpFpm.socket;
	294	extraConfig = dokuwiki.phpFpm.pool;
	295	};
	296	ldap = {
	297	listen = ldap.phpFpm.socket;
	298	extraConfig = ldap.phpFpm.pool;
	299	};
	300	kanboard = {
	301	listen = kanboard.phpFpm.socket;
	302	extraConfig = kanboard.phpFpm.pool;
	303	};
	304	grocy = {
	305	listen = grocy.phpFpm.socket;
	306	extraConfig = grocy.phpFpm.pool;
	307	};
10889174 IB	308	};
	309
	310	system.activationScripts = {
4288c2f2	311	adminer = adminer.activationScript;
c7627e14	312	grocy = grocy.activationScript;
10889174	313	ttrss = ttrss.activationScript;
aebd817b	314	wallabag = wallabag.activationScript;
133ebaee	315	yourls = yourls.activationScript;
bfe3c9c9	316	rompr = rompr.activationScript;
95b20e17	317	shaarli = shaarli.activationScript;
b892dcbe	318	dokuwiki = dokuwiki.activationScript;
d4ed0eff	319	kanboard = kanboard.activationScript;
4288c2f2	320	ldap = ldap.activationScript;
10889174 IB	321	};
10889174 IB	322
4288c2f2 IB	323	myServices.websites.webappDirs = {
	324	_adminer = adminer.webRoot;
	325	"${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
	326	"${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
	327	"${rompr.apache.webappName}" = rompr.webRoot;
4288c2f2 IB	328	"${shaarli.apache.webappName}" = shaarli.webRoot;
	329	"${ttrss.apache.webappName}" = ttrss.webRoot;
	330	"${wallabag.apache.webappName}" = wallabag.webRoot;
	331	"${yourls.apache.webappName}" = yourls.webRoot;
4288c2f2	332	"${kanboard.apache.webappName}" = kanboard.webRoot;
c7627e14	333	"${grocy.apache.webappName}" = grocy.webRoot;
4288c2f2	334	};
a95ab089	335
29f8cb85	336	services.websites.env.tools.watchPaths = [
9247b444	337	"/var/secrets/webapps/tools-shaarli"
17f6eae9 IB	338	];
	339	services.filesWatcher.phpfpm-wallabag = {
	340	restart = true;
	341	paths = [ "/var/secrets/webapps/tools-wallabag" ];
	342	};
10889174 IB	343	};
	344	}
	345