[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / rompr.nix

{ lib, env, rompr }:
rec {
  backups = {
    rootDir = varDir;
  };
  varDir = "/var/lib/rompr";
  activationScript = ''
    install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
      ${varDir}/prefs ${varDir}/albumart ${varDir}/phpSessions
  '';
  webRoot = rompr;
  apache = rec {
    user = "wwwrun";
    group = "wwwrun";
    modules = [ "headers" "mime" "proxy_fcgi" ];
    root = webRoot;
    vhostConf = socket: ''
      Alias /rompr ${root}

      <Directory ${root}>
        Options Indexes FollowSymLinks
        DirectoryIndex index.php
        AllowOverride all
        Require all granted
        Order allow,deny
        Allow from all
        ErrorDocument 404 /rompr/404.php
        AddType image/x-icon .ico

        <FilesMatch "\.php$">
          SetHandler "proxy:unix:${socket}|fcgi://localhost"
        </FilesMatch>
      </Directory>

      <Directory ${root}/albumart/small>
          Header Set Cache-Control "max-age=0, no-store"
          Header Set Cache-Control "no-cache, must-revalidate"
      </Directory>

      <Directory ${root}/albumart/asdownloaded>
          Header Set Cache-Control "max-age=0, no-store"
          Header Set Cache-Control "no-cache, must-revalidate"
      </Directory>

      <LocationMatch "^/rompr">
        Use LDAPConnect
        Require ldap-group   cn=users,cn=mpd,ou=services,dc=immae,dc=eu
      </LocationMatch>
      '';
  };
  phpFpm = rec {
    basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
    pool = {
      "listen.owner" = apache.user;
      "listen.group" = apache.group;
      "pm" = "ondemand";
      "pm.max_children" = "60";
      "pm.process_idle_timeout" = "60";

      # Needed to avoid clashes in browser cookies (same domain)
      "php_value[session.name]" = "RomprPHPSESSID";
      "php_admin_value[open_basedir]" = "${basedir}:/tmp";
      "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
      "php_flag[magic_quotes_gpc]" = "Off";
      "php_flag[track_vars]" = "On";
      "php_flag[register_globals]" = "Off";
      "php_admin_flag[allow_url_fopen]" = "On";
      "php_value[include_path]" = "${webRoot}";
      "php_admin_value[upload_tmp_dir]" = "${varDir}/prefs";
      "php_admin_value[post_max_size]" = "32M";
      "php_admin_value[upload_max_filesize]" = "32M";
      "php_admin_value[memory_limit]" = "256M";
    };
  };
}
Commit	Line	Data
5dbe7ba1 IB	1	{ lib, env, rompr }:
5dbe7ba1 IB	2	rec {
6a8252b1 IB	3	backups = {
	4	rootDir = varDir;
	5	};
5dbe7ba1 IB	6	varDir = "/var/lib/rompr";
	7	activationScript = ''
	8	install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
	9	${varDir}/prefs ${varDir}/albumart ${varDir}/phpSessions
	10	'';
	11	webRoot = rompr;
	12	apache = rec {
	13	user = "wwwrun";
	14	group = "wwwrun";
	15	modules = [ "headers" "mime" "proxy_fcgi" ];
750fe5a4	16	root = webRoot;
5400b9b6	17	vhostConf = socket: ''
5dbe7ba1	18	Alias /rompr ${root}
bfe3c9c9	19
5dbe7ba1 IB	20	<Directory ${root}>
	21	Options Indexes FollowSymLinks
	22	DirectoryIndex index.php
	23	AllowOverride all
	24	Require all granted
	25	Order allow,deny
	26	Allow from all
	27	ErrorDocument 404 /rompr/404.php
	28	AddType image/x-icon .ico
bfe3c9c9	29
5dbe7ba1	30	<FilesMatch "\.php$">
5400b9b6	31	SetHandler "proxy:unix:${socket}\|fcgi://localhost"
5dbe7ba1 IB	32	</FilesMatch>
5dbe7ba1 IB	33	</Directory>
bfe3c9c9	34
5dbe7ba1 IB	35	<Directory ${root}/albumart/small>
	36	Header Set Cache-Control "max-age=0, no-store"
	37	Header Set Cache-Control "no-cache, must-revalidate"
	38	</Directory>
bfe3c9c9	39
5dbe7ba1 IB	40	<Directory ${root}/albumart/asdownloaded>
	41	Header Set Cache-Control "max-age=0, no-store"
	42	Header Set Cache-Control "no-cache, must-revalidate"
	43	</Directory>
bfe3c9c9	44
5dbe7ba1 IB	45	<LocationMatch "^/rompr">
	46	Use LDAPConnect
	47	Require ldap-group cn=users,cn=mpd,ou=services,dc=immae,dc=eu
	48	</LocationMatch>
	49	'';
	50	};
	51	phpFpm = rec {
	52	basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
5400b9b6 IB	53	pool = {
	54	"listen.owner" = apache.user;
	55	"listen.group" = apache.group;
	56	"pm" = "ondemand";
	57	"pm.max_children" = "60";
	58	"pm.process_idle_timeout" = "60";
bfe3c9c9	59
5400b9b6 IB	60	# Needed to avoid clashes in browser cookies (same domain)
	61	"php_value[session.name]" = "RomprPHPSESSID";
	62	"php_admin_value[open_basedir]" = "${basedir}:/tmp";
	63	"php_admin_value[session.save_path]" = "${varDir}/phpSessions";
	64	"php_flag[magic_quotes_gpc]" = "Off";
	65	"php_flag[track_vars]" = "On";
	66	"php_flag[register_globals]" = "Off";
	67	"php_admin_flag[allow_url_fopen]" = "On";
	68	"php_value[include_path]" = "${webRoot}";
	69	"php_admin_value[upload_tmp_dir]" = "${varDir}/prefs";
	70	"php_admin_value[post_max_size]" = "32M";
	71	"php_admin_value[upload_max_filesize]" = "32M";
	72	"php_admin_value[memory_limit]" = "256M";
	73	};
bfe3c9c9	74	};
5dbe7ba1	75	}