[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix

{ lib, pkgs, config, ... }:
let
  adminer = pkgs.callPackage ./adminer.nix {
    inherit (pkgs.webapps) adminer;
  };
  ympd = pkgs.callPackage ./ympd.nix {
    env = config.myEnv.tools.ympd;
  };
  ttrss = pkgs.callPackage ./ttrss.nix {
    inherit (pkgs.webapps) ttrss ttrss-plugins;
    env = config.myEnv.tools.ttrss;
  };
  kanboard = pkgs.callPackage ./kanboard.nix  {
    env = config.myEnv.tools.kanboard;
  };
  wallabag = pkgs.callPackage ./wallabag.nix {
    inherit (pkgs.webapps) wallabag;
    env = config.myEnv.tools.wallabag;
  };
  yourls = pkgs.callPackage ./yourls.nix {
    inherit (pkgs.webapps) yourls yourls-plugins;
    env = config.myEnv.tools.yourls;
  };
  rompr = pkgs.callPackage ./rompr.nix {
    inherit (pkgs.webapps) rompr;
    env = config.myEnv.tools.rompr;
  };
  shaarli = pkgs.callPackage ./shaarli.nix {
    env = config.myEnv.tools.shaarli;
  };
  dokuwiki = pkgs.callPackage ./dokuwiki.nix {
    inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
  };
  ldap = pkgs.callPackage ./ldap.nix {
    inherit (pkgs.webapps) phpldapadmin;
    env = config.myEnv.tools.phpldapadmin;
  };
  grocy = pkgs.callPackage ./grocy.nix {
    inherit (pkgs.webapps) grocy;
  };

  cfg = config.myServices.websites.tools.tools;
  pcfg = config.services.phpfpm.pools;
in {
  options.myServices.websites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    secrets.keys =
      kanboard.keys
      ++ ldap.keys
      ++ shaarli.keys
      ++ ttrss.keys
      ++ wallabag.keys
      ++ yourls.keys;

    services.duplyBackup.profiles = {
      dokuwiki = dokuwiki.backups;
      grocy = grocy.backups;
      kanboard = kanboard.backups;
      rompr = rompr.backups;
      shaarli = shaarli.backups;
      ttrss = ttrss.backups;
      wallabag = wallabag.backups;
    };

    services.websites.env.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    services.websites.env.integration.vhostConfs.devtools = {
      certName     = "integration";
      certMainHost = "devtools.immae.eu";
      addToCerts   = true;
      hosts        = [ "devtools.immae.eu" ];
      root         = "/var/lib/ftp/devtools.immae.eu";
      extraConfig  = [
        ''
          Timeout 600
          ProxyTimeout 600
          <Directory "/var/lib/ftp/devtools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
      ];
    };

    services.websites.env.tools.vhostConfs.tools = {
      certName    = "eldiron";
      addToCerts  = true;
      hosts       = ["tools.immae.eu" ];
      root        = "/var/lib/ftp/tools.immae.eu";
      extraConfig = [
        ''
          RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1
          RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1
          RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

          <Directory "/var/lib/ftp/tools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        (adminer.apache.vhostConf pcfg.adminer.socket)
        ympd.apache.vhostConf
        (ttrss.apache.vhostConf pcfg.ttrss.socket)
        (wallabag.apache.vhostConf pcfg.wallabag.socket)
        (yourls.apache.vhostConf pcfg.yourls.socket)
        (rompr.apache.vhostConf pcfg.rompr.socket)
        (shaarli.apache.vhostConf pcfg.shaarli.socket)
        (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
        (ldap.apache.vhostConf pcfg.ldap.socket)
        (kanboard.apache.vhostConf pcfg.kanboard.socket)
        (grocy.apache.vhostConf pcfg.grocy.socket)
      ];
    };

    services.websites.env.tools.vhostConfs.outils = {
      certName   = "eldiron";
      addToCerts = true;
      hosts      = [ "outils.immae.eu" ];
      root       = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1

        RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

        RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    systemd.services = {
      phpfpm-dokuwiki = {
        after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
        wants = dokuwiki.phpFpm.serviceDeps;
      };
      phpfpm-kanboard = {
        after = lib.mkAfter kanboard.phpFpm.serviceDeps;
        wants = kanboard.phpFpm.serviceDeps;
      };
      phpfpm-ldap = {
        after = lib.mkAfter ldap.phpFpm.serviceDeps;
        wants = ldap.phpFpm.serviceDeps;
      };
      phpfpm-shaarli = {
        after = lib.mkAfter shaarli.phpFpm.serviceDeps;
        wants = shaarli.phpFpm.serviceDeps;
      };
      phpfpm-ttrss = {
        after = lib.mkAfter ttrss.phpFpm.serviceDeps;
        wants = ttrss.phpFpm.serviceDeps;
      };
      phpfpm-wallabag = {
        after = lib.mkAfter wallabag.phpFpm.serviceDeps;
        wants = wallabag.phpFpm.serviceDeps;
        preStart = lib.mkAfter wallabag.phpFpm.preStart;
      };
      phpfpm-yourls = {
        after = lib.mkAfter yourls.phpFpm.serviceDeps;
        wants = yourls.phpFpm.serviceDeps;
      };
      ympd = {
        description = "Standalone MPD Web GUI written in C";
        wantedBy = [ "multi-user.target" ];
        script = ''
          export MPD_PASSWORD=$(cat /var/secrets/mpd)
          ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
          '';
      };
      tt-rss = {
        description = "Tiny Tiny RSS feeds update daemon";
        serviceConfig = {
          User = "wwwrun";
          ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
          StandardOutput = "syslog";
          StandardError = "syslog";
          PermissionsStartOnly = true;
        };

        wantedBy = [ "multi-user.target" ];
        requires = ["postgresql.service"];
        after = ["network.target" "postgresql.service"];
      };
    };

    services.filesWatcher.ympd = {
      restart = true;
      paths = [ "/var/secrets/mpd" ];
    };

    services.phpfpm.pools = {
      tools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          # Needed to avoid clashes in browser cookies (same domain)
          "php_value[session.name]" = "ToolsPHPSESSID";
          "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp";
        };
      };
      devtools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
        };
        phpOptions = config.services.phpfpm.phpOptions + ''
          extension=${pkgs.php}/lib/php/extensions/mysqli.so
          extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
          extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
          zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
          '';
      };
      adminer = adminer.phpFpm;
      ttrss = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ttrss.phpFpm.pool;
      };
      wallabag = {
        user = "wwwrun";
        group = "wwwrun";
        settings = wallabag.phpFpm.pool;
      };
      yourls = {
        user = "wwwrun";
        group = "wwwrun";
        settings = yourls.phpFpm.pool;
      };
      rompr = {
        user = "wwwrun";
        group = "wwwrun";
        settings = rompr.phpFpm.pool;
      };
      shaarli = {
        user = "wwwrun";
        group = "wwwrun";
        settings = shaarli.phpFpm.pool;
      };
      dokuwiki = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dokuwiki.phpFpm.pool;
      };
      ldap = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ldap.phpFpm.pool;
      };
      kanboard = {
        user = "wwwrun";
        group = "wwwrun";
        settings = kanboard.phpFpm.pool;
      };
      grocy = {
        user = "wwwrun";
        group = "wwwrun";
        settings = grocy.phpFpm.pool;
      };
    };

    system.activationScripts = {
      adminer = adminer.activationScript;
      grocy = grocy.activationScript;
      ttrss = ttrss.activationScript;
      wallabag = wallabag.activationScript;
      yourls = yourls.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      kanboard = kanboard.activationScript;
      ldap = ldap.activationScript;
    };

    myServices.websites.webappDirs = {
      _adminer = adminer.webRoot;
      "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
      "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
      "${rompr.apache.webappName}" = rompr.webRoot;
      "${shaarli.apache.webappName}" = shaarli.webRoot;
      "${ttrss.apache.webappName}" = ttrss.webRoot;
      "${wallabag.apache.webappName}" = wallabag.webRoot;
      "${yourls.apache.webappName}" = yourls.webRoot;
      "${kanboard.apache.webappName}" = kanboard.webRoot;
      "${grocy.apache.webappName}" = grocy.webRoot;
    };

    services.websites.env.tools.watchPaths = [
      "/var/secrets/webapps/tools-shaarli"
    ];
    services.filesWatcher.phpfpm-wallabag = {
      restart = true;
      paths = [ "/var/secrets/webapps/tools-wallabag" ];
    };
  };
}
Commit	Line	Data
ab8f306d	1	{ lib, pkgs, config, ... }:
10889174	2	let
4288c2f2 IB	3	adminer = pkgs.callPackage ./adminer.nix {
	4	inherit (pkgs.webapps) adminer;
	5	};
	6	ympd = pkgs.callPackage ./ympd.nix {
ab8f306d	7	env = config.myEnv.tools.ympd;
4288c2f2 IB	8	};
	9	ttrss = pkgs.callPackage ./ttrss.nix {
	10	inherit (pkgs.webapps) ttrss ttrss-plugins;
ab8f306d	11	env = config.myEnv.tools.ttrss;
4288c2f2	12	};
4288c2f2	13	kanboard = pkgs.callPackage ./kanboard.nix {
ab8f306d	14	env = config.myEnv.tools.kanboard;
4288c2f2 IB	15	};
	16	wallabag = pkgs.callPackage ./wallabag.nix {
	17	inherit (pkgs.webapps) wallabag;
ab8f306d	18	env = config.myEnv.tools.wallabag;
4288c2f2 IB	19	};
	20	yourls = pkgs.callPackage ./yourls.nix {
	21	inherit (pkgs.webapps) yourls yourls-plugins;
ab8f306d	22	env = config.myEnv.tools.yourls;
4288c2f2 IB	23	};
	24	rompr = pkgs.callPackage ./rompr.nix {
	25	inherit (pkgs.webapps) rompr;
ab8f306d	26	env = config.myEnv.tools.rompr;
4288c2f2 IB	27	};
4288c2f2 IB	28	shaarli = pkgs.callPackage ./shaarli.nix {
ab8f306d	29	env = config.myEnv.tools.shaarli;
4288c2f2 IB	30	};
	31	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
	32	inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
	33	};
	34	ldap = pkgs.callPackage ./ldap.nix {
	35	inherit (pkgs.webapps) phpldapadmin;
ab8f306d	36	env = config.myEnv.tools.phpldapadmin;
4288c2f2	37	};
c7627e14 IB	38	grocy = pkgs.callPackage ./grocy.nix {
	39	inherit (pkgs.webapps) grocy;
	40	};
10889174	41
4288c2f2	42	cfg = config.myServices.websites.tools.tools;
5400b9b6	43	pcfg = config.services.phpfpm.pools;
10889174	44	in {
4288c2f2	45	options.myServices.websites.tools.tools = {
10889174 IB	46	enable = lib.mkEnableOption "enable tools website";
	47	};
	48
	49	config = lib.mkIf cfg.enable {
1a718805	50	secrets.keys =
a840a21c	51	kanboard.keys
8db8e666	52	++ ldap.keys
8db8e666 IB	53	++ shaarli.keys
	54	++ ttrss.keys
	55	++ wallabag.keys
	56	++ yourls.keys;
98163486	57
d2e703c5	58	services.duplyBackup.profiles = {
6a8252b1	59	dokuwiki = dokuwiki.backups;
c7627e14	60	grocy = grocy.backups;
6a8252b1 IB	61	kanboard = kanboard.backups;
	62	rompr = rompr.backups;
	63	shaarli = shaarli.backups;
	64	ttrss = ttrss.backups;
	65	wallabag = wallabag.backups;
	66	};
	67
29f8cb85	68	services.websites.env.tools.modules =
1922655a IB	69	[ "proxy_fcgi" ]
1922655a IB	70	++ adminer.apache.modules
10889174 IB	71	++ ympd.apache.modules
10889174 IB	72	++ ttrss.apache.modules
133ebaee	73	++ wallabag.apache.modules
bfe3c9c9	74	++ yourls.apache.modules
95b20e17	75	++ rompr.apache.modules
b892dcbe	76	++ shaarli.apache.modules
f80772dc	77	++ dokuwiki.apache.modules
d4ed0eff IB	78	++ ldap.apache.modules
d4ed0eff IB	79	++ kanboard.apache.modules;
10889174	80
29f8cb85	81	services.websites.env.integration.vhostConfs.devtools = {
0f71cd76 IB	82	certName = "integration";
	83	certMainHost = "devtools.immae.eu";
	84	addToCerts = true;
	85	hosts = [ "devtools.immae.eu" ];
	86	root = "/var/lib/ftp/devtools.immae.eu";
	87	extraConfig = [
0aae0181	88	''
9338c832 IB	89	Timeout 600
9338c832 IB	90	ProxyTimeout 600
0aae0181 IB	91	<Directory "/var/lib/ftp/devtools.immae.eu">
	92	DirectoryIndex index.php index.htm index.html
	93	AllowOverride all
	94	Require all granted
	95	<FilesMatch "\.php$">
5400b9b6	96	SetHandler "proxy:unix:${pcfg.devtools.socket}\|fcgi://localhost"
0aae0181 IB	97	</FilesMatch>
	98	</Directory>
	99	''
46f30ecc IB	100	];
	101	};
	102
29f8cb85	103	services.websites.env.tools.vhostConfs.tools = {
10889174	104	certName = "eldiron";
7df420c2	105	addToCerts = true;
10889174	106	hosts = ["tools.immae.eu" ];
1922655a	107	root = "/var/lib/ftp/tools.immae.eu";
10889174	108	extraConfig = [
1922655a	109	''
ea9c6fe8	110	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
afcc5de0	111	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
3f453c7d	112	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
afcc5de0	113
1922655a	114	<Directory "/var/lib/ftp/tools.immae.eu">
0eaac6ba	115	DirectoryIndex index.php index.htm index.html
1922655a IB	116	AllowOverride all
	117	Require all granted
	118	<FilesMatch "\.php$">
5400b9b6	119	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
1922655a IB	120	</FilesMatch>
	121	</Directory>
	122	''
5400b9b6	123	(adminer.apache.vhostConf pcfg.adminer.socket)
10889174	124	ympd.apache.vhostConf
5400b9b6 IB	125	(ttrss.apache.vhostConf pcfg.ttrss.socket)
	126	(wallabag.apache.vhostConf pcfg.wallabag.socket)
	127	(yourls.apache.vhostConf pcfg.yourls.socket)
	128	(rompr.apache.vhostConf pcfg.rompr.socket)
	129	(shaarli.apache.vhostConf pcfg.shaarli.socket)
	130	(dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
	131	(ldap.apache.vhostConf pcfg.ldap.socket)
	132	(kanboard.apache.vhostConf pcfg.kanboard.socket)
	133	(grocy.apache.vhostConf pcfg.grocy.socket)
10889174 IB	134	];
	135	};
	136
29f8cb85	137	services.websites.env.tools.vhostConfs.outils = {
7df420c2 IB	138	certName = "eldiron";
7df420c2 IB	139	addToCerts = true;
0f71cd76	140	hosts = [ "outils.immae.eu" ];
7df420c2	141	root = null;
70606070 IB	142	extraConfig = [
	143	''
	144	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	145
	146	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	147
	148	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	149	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	150
	151	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	152	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	153	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	154	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	155
	156	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	157
afcc5de0 IB	158	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
afcc5de0 IB	159
3f453c7d IB	160	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
3f453c7d IB	161
ea9c6fe8 IB	162	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
ea9c6fe8 IB	163
70606070 IB	164	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	165	''
	166	];
	167	};
	168
f40f5b23 IB	169	systemd.services = {
	170	phpfpm-dokuwiki = {
	171	after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
	172	wants = dokuwiki.phpFpm.serviceDeps;
	173	};
	174	phpfpm-kanboard = {
	175	after = lib.mkAfter kanboard.phpFpm.serviceDeps;
	176	wants = kanboard.phpFpm.serviceDeps;
	177	};
	178	phpfpm-ldap = {
	179	after = lib.mkAfter ldap.phpFpm.serviceDeps;
	180	wants = ldap.phpFpm.serviceDeps;
	181	};
f40f5b23 IB	182	phpfpm-shaarli = {
	183	after = lib.mkAfter shaarli.phpFpm.serviceDeps;
	184	wants = shaarli.phpFpm.serviceDeps;
	185	};
	186	phpfpm-ttrss = {
	187	after = lib.mkAfter ttrss.phpFpm.serviceDeps;
	188	wants = ttrss.phpFpm.serviceDeps;
	189	};
	190	phpfpm-wallabag = {
	191	after = lib.mkAfter wallabag.phpFpm.serviceDeps;
	192	wants = wallabag.phpFpm.serviceDeps;
	193	preStart = lib.mkAfter wallabag.phpFpm.preStart;
	194	};
	195	phpfpm-yourls = {
	196	after = lib.mkAfter yourls.phpFpm.serviceDeps;
	197	wants = yourls.phpFpm.serviceDeps;
	198	};
	199	ympd = {
	200	description = "Standalone MPD Web GUI written in C";
	201	wantedBy = [ "multi-user.target" ];
	202	script = ''
	203	export MPD_PASSWORD=$(cat /var/secrets/mpd)
	204	${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
	205	'';
	206	};
	207	tt-rss = {
	208	description = "Tiny Tiny RSS feeds update daemon";
	209	serviceConfig = {
	210	User = "wwwrun";
	211	ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
	212	StandardOutput = "syslog";
	213	StandardError = "syslog";
	214	PermissionsStartOnly = true;
	215	};
	216
	217	wantedBy = [ "multi-user.target" ];
	218	requires = ["postgresql.service"];
	219	after = ["network.target" "postgresql.service"];
	220	};
	221	};
	222
17f6eae9 IB	223	services.filesWatcher.ympd = {
	224	restart = true;
	225	paths = [ "/var/secrets/mpd" ];
	226	};
	227
441da8aa IB	228	services.phpfpm.pools = {
441da8aa IB	229	tools = {
5400b9b6 IB	230	user = "wwwrun";
	231	group = "wwwrun";
	232	settings = {
	233	"listen.owner" = "wwwrun";
	234	"listen.group" = "wwwrun";
	235	"pm" = "dynamic";
	236	"pm.max_children" = "60";
	237	"pm.start_servers" = "2";
	238	"pm.min_spare_servers" = "1";
	239	"pm.max_spare_servers" = "10";
f40f5b23	240
5400b9b6 IB	241	# Needed to avoid clashes in browser cookies (same domain)
	242	"php_value[session.name]" = "ToolsPHPSESSID";
	243	"php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp";
	244	};
441da8aa IB	245	};
441da8aa IB	246	devtools = {
5400b9b6 IB	247	user = "wwwrun";
	248	group = "wwwrun";
	249	settings = {
	250	"listen.owner" = "wwwrun";
	251	"listen.group" = "wwwrun";
	252	"pm" = "dynamic";
	253	"pm.max_children" = "60";
	254	"pm.start_servers" = "2";
	255	"pm.min_spare_servers" = "1";
	256	"pm.max_spare_servers" = "10";
1922655a	257
5400b9b6 IB	258	"php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
5400b9b6 IB	259	};
441da8aa IB	260	phpOptions = config.services.phpfpm.phpOptions + ''
	261	extension=${pkgs.php}/lib/php/extensions/mysqli.so
	262	extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
	263	extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
	264	zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
	265	'';
	266	};
5400b9b6	267	adminer = adminer.phpFpm;
441da8aa	268	ttrss = {
5400b9b6 IB	269	user = "wwwrun";
	270	group = "wwwrun";
	271	settings = ttrss.phpFpm.pool;
441da8aa IB	272	};
441da8aa IB	273	wallabag = {
5400b9b6 IB	274	user = "wwwrun";
	275	group = "wwwrun";
	276	settings = wallabag.phpFpm.pool;
441da8aa IB	277	};
441da8aa IB	278	yourls = {
5400b9b6 IB	279	user = "wwwrun";
	280	group = "wwwrun";
	281	settings = yourls.phpFpm.pool;
441da8aa IB	282	};
441da8aa IB	283	rompr = {
5400b9b6 IB	284	user = "wwwrun";
	285	group = "wwwrun";
	286	settings = rompr.phpFpm.pool;
441da8aa IB	287	};
441da8aa IB	288	shaarli = {
5400b9b6 IB	289	user = "wwwrun";
	290	group = "wwwrun";
	291	settings = shaarli.phpFpm.pool;
441da8aa IB	292	};
441da8aa IB	293	dokuwiki = {
5400b9b6 IB	294	user = "wwwrun";
	295	group = "wwwrun";
	296	settings = dokuwiki.phpFpm.pool;
441da8aa IB	297	};
441da8aa IB	298	ldap = {
5400b9b6 IB	299	user = "wwwrun";
	300	group = "wwwrun";
	301	settings = ldap.phpFpm.pool;
441da8aa IB	302	};
441da8aa IB	303	kanboard = {
5400b9b6 IB	304	user = "wwwrun";
	305	group = "wwwrun";
	306	settings = kanboard.phpFpm.pool;
441da8aa IB	307	};
441da8aa IB	308	grocy = {
5400b9b6 IB	309	user = "wwwrun";
	310	group = "wwwrun";
	311	settings = grocy.phpFpm.pool;
441da8aa	312	};
10889174 IB	313	};
	314
	315	system.activationScripts = {
4288c2f2	316	adminer = adminer.activationScript;
c7627e14	317	grocy = grocy.activationScript;
10889174	318	ttrss = ttrss.activationScript;
aebd817b	319	wallabag = wallabag.activationScript;
133ebaee	320	yourls = yourls.activationScript;
bfe3c9c9	321	rompr = rompr.activationScript;
95b20e17	322	shaarli = shaarli.activationScript;
b892dcbe	323	dokuwiki = dokuwiki.activationScript;
d4ed0eff	324	kanboard = kanboard.activationScript;
4288c2f2	325	ldap = ldap.activationScript;
10889174 IB	326	};
10889174 IB	327
4288c2f2 IB	328	myServices.websites.webappDirs = {
	329	_adminer = adminer.webRoot;
	330	"${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
	331	"${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
	332	"${rompr.apache.webappName}" = rompr.webRoot;
4288c2f2 IB	333	"${shaarli.apache.webappName}" = shaarli.webRoot;
	334	"${ttrss.apache.webappName}" = ttrss.webRoot;
	335	"${wallabag.apache.webappName}" = wallabag.webRoot;
	336	"${yourls.apache.webappName}" = yourls.webRoot;
4288c2f2	337	"${kanboard.apache.webappName}" = kanboard.webRoot;
c7627e14	338	"${grocy.apache.webappName}" = grocy.webRoot;
4288c2f2	339	};
a95ab089	340
29f8cb85	341	services.websites.env.tools.watchPaths = [
9247b444	342	"/var/secrets/webapps/tools-shaarli"
17f6eae9 IB	343	];
	344	services.filesWatcher.phpfpm-wallabag = {
	345	restart = true;
	346	paths = [ "/var/secrets/webapps/tools-wallabag" ];
	347	};
10889174 IB	348	};
	349	}
	350