[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / yourls.nix

{ env, yourls, yourls-plugins }:
rec {
  activationScript = {
    deps = [ "httpd" ];
    text = ''
      install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/yourls
    '';
  };
  keys = [{
    dest = "webapps/tools-yourls";
    user = apache.user;
    group = apache.group;
    permissions = "0400";
    text = ''
      <?php
      define( 'YOURLS_DB_USER', '${env.mysql.user}' );
      define( 'YOURLS_DB_PASS', '${env.mysql.password}' );
      define( 'YOURLS_DB_NAME', '${env.mysql.database}' );
      define( 'YOURLS_DB_HOST', '${env.mysql.host}' );
      define( 'YOURLS_DB_PREFIX', 'yourls_' );
      define( 'YOURLS_SITE', 'https://tools.immae.eu/url' );
      define( 'YOURLS_HOURS_OFFSET', 0 ); 
      define( 'YOURLS_LANG', ''' ); 
      define( 'YOURLS_UNIQUE_URLS', true );
      define( 'YOURLS_PRIVATE', true );
      define( 'YOURLS_COOKIEKEY', '${env.cookieKey}' );
      $yourls_user_passwords = array();
      define( 'YOURLS_DEBUG', false );
      define( 'YOURLS_URL_CONVERT', 36 );
      $yourls_reserved_URL = array();
      define( 'LDAPAUTH_HOST', 'ldaps://${env.ldap.host}' );
      define( 'LDAPAUTH_PORT', '636' );
      define( 'LDAPAUTH_BASE', '${env.ldap.base}' );
      define( 'LDAPAUTH_SEARCH_USER', '${env.ldap.dn}' );
      define( 'LDAPAUTH_SEARCH_PASS', '${env.ldap.password}' );

      define( 'LDAPAUTH_GROUP_ATTR', 'memberof' );
      define( 'LDAPAUTH_GROUP_REQ', 'cn=admin,cn=yourls,ou=services,dc=immae,dc=eu');

      define( 'LDAPAUTH_USERCACHE_TYPE', 0);
    '';
  }];
  webRoot = (yourls.override { yourls_config = "/var/secrets/webapps/tools-yourls"; }).withPlugins
    (builtins.attrValues yourls-plugins);
  apache = rec {
    user = "wwwrun";
    group = "wwwrun";
    modules = [ "proxy_fcgi" ];
    webappName = "tools_yourls";
    root = "/run/current-system/webapps/${webappName}";
    vhostConf = socket: ''
      Alias /url "${root}"
      <Directory "${root}">
        <FilesMatch "\.php$">
          SetHandler "proxy:unix:${socket}|fcgi://localhost"
        </FilesMatch>

        AllowOverride None
        Require all granted
        <IfModule mod_rewrite.c>
          RewriteEngine On
          RewriteBase /url/
          RewriteCond %{REQUEST_FILENAME} !-f
          RewriteCond %{REQUEST_FILENAME} !-d
          RewriteRule ^.*$ /url/yourls-loader.php [L]
        </IfModule>
        DirectoryIndex index.php
      </Directory>
      '';
  };
  phpFpm = rec {
    serviceDeps = [ "mysql.service" "openldap.service" ];
    basedir = builtins.concatStringsSep ":" (
      [ webRoot "/var/secrets/webapps/tools-yourls" ]
      ++ webRoot.plugins);
    pool = {
      "listen.owner" = apache.user;
      "listen.group" = apache.group;
      "pm" = "ondemand";
      "pm.max_children" = "60";
      "pm.process_idle_timeout" = "60";

      # Needed to avoid clashes in browser cookies (same domain)
      "php_value[session.name]" = "YourlsPHPSESSID";
      "php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/yourls";
      "php_admin_value[session.save_path]" = "/var/lib/php/sessions/yourls";
    };
  };
}
Commit	Line	Data
b44b42a1 IB	1	{ env, yourls, yourls-plugins }:
b44b42a1 IB	2	rec {
4288c2f2 IB	3	activationScript = {
	4	deps = [ "httpd" ];
	5	text = ''
	6	install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/yourls
	7	'';
	8	};
b44b42a1 IB	9	keys = [{
	10	dest = "webapps/tools-yourls";
	11	user = apache.user;
	12	group = apache.group;
	13	permissions = "0400";
	14	text = ''
	15	<?php
	16	define( 'YOURLS_DB_USER', '${env.mysql.user}' );
	17	define( 'YOURLS_DB_PASS', '${env.mysql.password}' );
	18	define( 'YOURLS_DB_NAME', '${env.mysql.database}' );
	19	define( 'YOURLS_DB_HOST', '${env.mysql.host}' );
	20	define( 'YOURLS_DB_PREFIX', 'yourls_' );
	21	define( 'YOURLS_SITE', 'https://tools.immae.eu/url' );
	22	define( 'YOURLS_HOURS_OFFSET', 0 );
	23	define( 'YOURLS_LANG', ''' );
	24	define( 'YOURLS_UNIQUE_URLS', true );
	25	define( 'YOURLS_PRIVATE', true );
	26	define( 'YOURLS_COOKIEKEY', '${env.cookieKey}' );
	27	$yourls_user_passwords = array();
	28	define( 'YOURLS_DEBUG', false );
	29	define( 'YOURLS_URL_CONVERT', 36 );
	30	$yourls_reserved_URL = array();
ab8f306d	31	define( 'LDAPAUTH_HOST', 'ldaps://${env.ldap.host}' );
b44b42a1	32	define( 'LDAPAUTH_PORT', '636' );
ab8f306d IB	33	define( 'LDAPAUTH_BASE', '${env.ldap.base}' );
ab8f306d IB	34	define( 'LDAPAUTH_SEARCH_USER', '${env.ldap.dn}' );
b44b42a1	35	define( 'LDAPAUTH_SEARCH_PASS', '${env.ldap.password}' );
133ebaee	36
b44b42a1 IB	37	define( 'LDAPAUTH_GROUP_ATTR', 'memberof' );
b44b42a1 IB	38	define( 'LDAPAUTH_GROUP_REQ', 'cn=admin,cn=yourls,ou=services,dc=immae,dc=eu');
133ebaee	39
b44b42a1 IB	40	define( 'LDAPAUTH_USERCACHE_TYPE', 0);
	41	'';
	42	}];
	43	webRoot = (yourls.override { yourls_config = "/var/secrets/webapps/tools-yourls"; }).withPlugins
	44	(builtins.attrValues yourls-plugins);
	45	apache = rec {
	46	user = "wwwrun";
	47	group = "wwwrun";
	48	modules = [ "proxy_fcgi" ];
	49	webappName = "tools_yourls";
	50	root = "/run/current-system/webapps/${webappName}";
5400b9b6	51	vhostConf = socket: ''
b44b42a1 IB	52	Alias /url "${root}"
	53	<Directory "${root}">
	54	<FilesMatch "\.php$">
5400b9b6	55	SetHandler "proxy:unix:${socket}\|fcgi://localhost"
b44b42a1	56	</FilesMatch>
133ebaee	57
b44b42a1 IB	58	AllowOverride None
	59	Require all granted
	60	<IfModule mod_rewrite.c>
	61	RewriteEngine On
	62	RewriteBase /url/
	63	RewriteCond %{REQUEST_FILENAME} !-f
	64	RewriteCond %{REQUEST_FILENAME} !-d
	65	RewriteRule ^.*$ /url/yourls-loader.php [L]
	66	</IfModule>
	67	DirectoryIndex index.php
	68	</Directory>
	69	'';
	70	};
	71	phpFpm = rec {
	72	serviceDeps = [ "mysql.service" "openldap.service" ];
	73	basedir = builtins.concatStringsSep ":" (
	74	[ webRoot "/var/secrets/webapps/tools-yourls" ]
	75	++ webRoot.plugins);
5400b9b6 IB	76	pool = {
	77	"listen.owner" = apache.user;
	78	"listen.group" = apache.group;
	79	"pm" = "ondemand";
	80	"pm.max_children" = "60";
	81	"pm.process_idle_timeout" = "60";
133ebaee	82
5400b9b6 IB	83	# Needed to avoid clashes in browser cookies (same domain)
	84	"php_value[session.name]" = "YourlsPHPSESSID";
	85	"php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/yourls";
	86	"php_admin_value[session.save_path]" = "/var/lib/php/sessions/yourls";
	87	};
133ebaee	88	};
b44b42a1	89	}