[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / wallabag.nix

{ env, wallabag, mylibs }:
rec {
  varDir = "/var/lib/wallabag";
  keys = [{
    dest = "webapps/tools-wallabag";
    user = apache.user;
    group = apache.group;
    permissions = "0400";
    text = ''
      # This file is auto-generated during the composer install
      parameters:
          database_driver: pdo_pgsql
          database_driver_class: Wallabag\CoreBundle\Doctrine\DBAL\Driver\CustomPostgreSQLDriver
          database_host: ${env.postgresql.socket}
          database_port: ${env.postgresql.port}
          database_name: ${env.postgresql.database}
          database_user: ${env.postgresql.user}
          database_password: ${env.postgresql.password}
          database_path: null
          database_table_prefix: wallabag_
          database_socket: null
          database_charset: utf8
          domain_name: https://tools.immae.eu/wallabag
          mailer_transport: sendmail
          mailer_host: 127.0.0.1
          mailer_user: null
          mailer_password: null
          locale: fr
          secret: ${env.secret}
          twofactor_auth: true
          twofactor_sender: wallabag@tools.immae.eu
          fosuser_registration: false
          fosuser_confirmation: true
          from_email: wallabag@tools.immae.eu
          rss_limit: 50
          rabbitmq_host: localhost
          rabbitmq_port: 5672
          rabbitmq_user: guest
          rabbitmq_password: guest
          rabbitmq_prefetch_count: 10
          redis_scheme: unix
          redis_host: null
          redis_port: null
          redis_path: ${env.redis.socket}
          redis_password: null
          sites_credentials: {  }
          ldap_enabled: true
          ldap_host: ldap.immae.eu
          ldap_port: 636
          ldap_tls: false
          ldap_ssl: true
          ldap_bind_requires_dn: true
          ldap_base: 'dc=immae,dc=eu'
          ldap_manager_dn: 'cn=wallabag,ou=services,dc=immae,dc=eu'
          ldap_manager_pw: ${env.ldap.password}
          ldap_filter: '(&(memberOf=cn=users,cn=wallabag,ou=services,dc=immae,dc=eu))'
          ldap_admin_filter: '(&(memberOf=cn=admins,cn=wallabag,ou=services,dc=immae,dc=eu)(uid=%s))'
          ldap_username_attribute: uid
          ldap_email_attribute: mail
          ldap_name_attribute: cn
          ldap_enabled_attribute: null
      services:
          swiftmailer.mailer.default.transport:
              class:     Swift_SendmailTransport
              arguments: ['/run/wrappers/bin/sendmail -bs']
      '';
  }];
  webappDir = wallabag.override { ldap = true; wallabag_config = "/var/secrets/webapps/tools-wallabag"; };
  activationScript = ''
    install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
      ${varDir}/var ${varDir}/data/db ${varDir}/assets/images
    '';
  webRoot = "${webappDir}/web";
  # Domain migration: Table wallabag_entry contains whole
  # https://tools.immae.eu/wallabag domain name in preview_picture
  apache = rec {
    user = "wwwrun";
    group = "wwwrun";
    modules = [ "proxy_fcgi" ];
    webappName = "tools_wallabag";
    root = "/run/current-system/webapps/${webappName}";
    vhostConf = ''
      Alias /wallabag "${root}"
      <Directory "${root}">
        AllowOverride None
        Require all granted
        # For OAuth (apps)
        CGIPassAuth On

        <FilesMatch "\.php$">
          SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
        </FilesMatch>

        <IfModule mod_rewrite.c>
          Options -MultiViews
          RewriteEngine On
          RewriteCond %{REQUEST_FILENAME} !-f
          RewriteRule ^(.*)$ app.php [QSA,L]
        </IfModule>
      </Directory>
      <Directory "${root}/bundles">
        <IfModule mod_rewrite.c>
          RewriteEngine Off
        </IfModule>
      </Directory>
      <Directory "${varDir}/assets">
        AllowOverride None
        Require all granted
      </Directory>
      '';
  };
  phpFpm = rec {
    preStart = mylibs.phpFpmPreStart {
      app = webappDir;
      inherit varDir;
      keyFiles = [
        "/var/secrets/webapps/tools-wallabag"
      ];
      actions = [
        "/run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod cache:clear"
        "rm -rf /var/lib/wallabag/var/cache/pro_"
        "/run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate --no-interaction"
      ];
    };
    serviceDeps = [ "postgresql.service" "openldap.service" ];
    basedir = builtins.concatStringsSep ":" [ webappDir "/var/secrets/webapps/tools-wallabag" varDir ];
    socket = "/var/run/phpfpm/wallabag.sock";
    pool = ''
      listen = ${socket}
      user = ${apache.user}
      group = ${apache.group}
      listen.owner = ${apache.user}
      listen.group = ${apache.group}
      pm = dynamic
      pm.max_children = 60
      pm.start_servers = 2
      pm.min_spare_servers = 1
      pm.max_spare_servers = 10

      ; Needed to avoid clashes in browser cookies (same domain)
      php_value[session.name] = WallabagPHPSESSID
      php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:${basedir}:/tmp"
      php_value[max_execution_time] = 300
      '';
  };
}
Commit	Line	Data
4360f70d	1	{ env, wallabag, mylibs }:
fd2d83bd IB	2	rec {
	3	varDir = "/var/lib/wallabag";
	4	keys = [{
	5	dest = "webapps/tools-wallabag";
	6	user = apache.user;
	7	group = apache.group;
	8	permissions = "0400";
	9	text = ''
	10	# This file is auto-generated during the composer install
	11	parameters:
	12	database_driver: pdo_pgsql
	13	database_driver_class: Wallabag\CoreBundle\Doctrine\DBAL\Driver\CustomPostgreSQLDriver
	14	database_host: ${env.postgresql.socket}
	15	database_port: ${env.postgresql.port}
	16	database_name: ${env.postgresql.database}
	17	database_user: ${env.postgresql.user}
	18	database_password: ${env.postgresql.password}
	19	database_path: null
	20	database_table_prefix: wallabag_
	21	database_socket: null
	22	database_charset: utf8
	23	domain_name: https://tools.immae.eu/wallabag
	24	mailer_transport: sendmail
	25	mailer_host: 127.0.0.1
	26	mailer_user: null
	27	mailer_password: null
	28	locale: fr
	29	secret: ${env.secret}
	30	twofactor_auth: true
	31	twofactor_sender: wallabag@tools.immae.eu
	32	fosuser_registration: false
	33	fosuser_confirmation: true
	34	from_email: wallabag@tools.immae.eu
	35	rss_limit: 50
	36	rabbitmq_host: localhost
	37	rabbitmq_port: 5672
	38	rabbitmq_user: guest
	39	rabbitmq_password: guest
	40	rabbitmq_prefetch_count: 10
	41	redis_scheme: unix
	42	redis_host: null
	43	redis_port: null
	44	redis_path: ${env.redis.socket}
	45	redis_password: null
	46	sites_credentials: { }
	47	ldap_enabled: true
	48	ldap_host: ldap.immae.eu
	49	ldap_port: 636
	50	ldap_tls: false
	51	ldap_ssl: true
	52	ldap_bind_requires_dn: true
	53	ldap_base: 'dc=immae,dc=eu'
	54	ldap_manager_dn: 'cn=wallabag,ou=services,dc=immae,dc=eu'
	55	ldap_manager_pw: ${env.ldap.password}
	56	ldap_filter: '(&(memberOf=cn=users,cn=wallabag,ou=services,dc=immae,dc=eu))'
	57	ldap_admin_filter: '(&(memberOf=cn=admins,cn=wallabag,ou=services,dc=immae,dc=eu)(uid=%s))'
	58	ldap_username_attribute: uid
	59	ldap_email_attribute: mail
	60	ldap_name_attribute: cn
	61	ldap_enabled_attribute: null
	62	services:
	63	swiftmailer.mailer.default.transport:
	64	class: Swift_SendmailTransport
	65	arguments: ['/run/wrappers/bin/sendmail -bs']
a3d281ea	66	'';
fd2d83bd IB	67	}];
	68	webappDir = wallabag.override { ldap = true; wallabag_config = "/var/secrets/webapps/tools-wallabag"; };
	69	activationScript = ''
	70	install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
	71	${varDir}/var ${varDir}/data/db ${varDir}/assets/images
	72	'';
	73	webRoot = "${webappDir}/web";
	74	# Domain migration: Table wallabag_entry contains whole
	75	# https://tools.immae.eu/wallabag domain name in preview_picture
	76	apache = rec {
	77	user = "wwwrun";
	78	group = "wwwrun";
	79	modules = [ "proxy_fcgi" ];
	80	webappName = "tools_wallabag";
	81	root = "/run/current-system/webapps/${webappName}";
	82	vhostConf = ''
	83	Alias /wallabag "${root}"
	84	<Directory "${root}">
	85	AllowOverride None
	86	Require all granted
	87	# For OAuth (apps)
	88	CGIPassAuth On
aebd817b	89
fd2d83bd IB	90	<FilesMatch "\.php$">
	91	SetHandler "proxy:unix:${phpFpm.socket}\|fcgi://localhost"
	92	</FilesMatch>
aebd817b	93
fd2d83bd IB	94	<IfModule mod_rewrite.c>
	95	Options -MultiViews
	96	RewriteEngine On
	97	RewriteCond %{REQUEST_FILENAME} !-f
	98	RewriteRule ^(.*)$ app.php [QSA,L]
	99	</IfModule>
	100	</Directory>
	101	<Directory "${root}/bundles">
	102	<IfModule mod_rewrite.c>
	103	RewriteEngine Off
	104	</IfModule>
	105	</Directory>
	106	<Directory "${varDir}/assets">
	107	AllowOverride None
	108	Require all granted
	109	</Directory>
	110	'';
	111	};
	112	phpFpm = rec {
4360f70d IB	113	preStart = mylibs.phpFpmPreStart {
	114	app = webappDir;
	115	inherit varDir;
	116	keyFiles = [
	117	"/var/secrets/webapps/tools-wallabag"
	118	];
	119	actions = [
	120	"/run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod cache:clear"
	121	"rm -rf /var/lib/wallabag/var/cache/pro_"
	122	"/run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate --no-interaction"
	123	];
	124	};
fd2d83bd IB	125	serviceDeps = [ "postgresql.service" "openldap.service" ];
	126	basedir = builtins.concatStringsSep ":" [ webappDir "/var/secrets/webapps/tools-wallabag" varDir ];
	127	socket = "/var/run/phpfpm/wallabag.sock";
	128	pool = ''
	129	listen = ${socket}
	130	user = ${apache.user}
	131	group = ${apache.group}
	132	listen.owner = ${apache.user}
	133	listen.group = ${apache.group}
	134	pm = dynamic
	135	pm.max_children = 60
	136	pm.start_servers = 2
	137	pm.min_spare_servers = 1
	138	pm.max_spare_servers = 10
aebd817b	139
fd2d83bd IB	140	; Needed to avoid clashes in browser cookies (same domain)
	141	php_value[session.name] = WallabagPHPSESSID
	142	php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:${basedir}:/tmp"
	143	php_value[max_execution_time] = 300
	144	'';
aebd817b	145	};
fd2d83bd	146	}