[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / tools / rompr.nix

{ lib, env, stdenv, fetchedGithub }:
let
  rompr = let
  in rec {
    varDir = "/var/lib/rompr";
    activationScript = ''
      install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
        ${varDir}/prefs ${varDir}/albumart ${varDir}/phpSessions
    '';
    webRoot = stdenv.mkDerivation (fetchedGithub ./rompr.json // rec {
      installPhase = ''
        cp -a . $out
        ln -sf ${varDir}/prefs $out/prefs
        ln -sf ${varDir}/albumart $out/albumart
      '';
    });
    apache = rec {
      user = "wwwrun";
      group = "wwwrun";
      modules = [ "headers" "mime" "proxy_fcgi" ];
      webappName = "tools_rompr";
      root = "/run/current-system/webapps/${webappName}";
      vhostConf = ''
        Alias /rompr ${root}

        <Directory ${root}>
          Options Indexes FollowSymLinks
          DirectoryIndex index.php
          AllowOverride all
          Require all granted
          Order allow,deny
          Allow from all
          ErrorDocument 404 /rompr/404.php
          AddType image/x-icon .ico

          <FilesMatch "\.php$">
            SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
          </FilesMatch>
        </Directory>

        <Directory ${root}/albumart/small>
            Header Set Cache-Control "max-age=0, no-store"
            Header Set Cache-Control "no-cache, must-revalidate"
        </Directory>

        <Directory ${root}/albumart/asdownloaded>
            Header Set Cache-Control "max-age=0, no-store"
            Header Set Cache-Control "no-cache, must-revalidate"
        </Directory>

        <LocationMatch "^/rompr">
          Use LDAPConnect
          Require ldap-group   cn=users,cn=mpd,ou=services,dc=immae,dc=eu
        </LocationMatch>
        '';
    };
    phpFpm = rec {
      basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
      socket = "/var/run/phpfpm/rompr.sock";
      pool = ''
        listen = ${socket}
        user = ${apache.user}
        group = ${apache.group}
        listen.owner = ${apache.user}
        listen.group = ${apache.group}
        pm = ondemand
        pm.max_children = 60
        pm.process_idle_timeout = 60

        ; Needed to avoid clashes in browser cookies (same domain)
        php_value[session.name] = RomprPHPSESSID
        php_admin_value[open_basedir] = "${basedir}:/tmp"
        php_admin_value[session.save_path] = "${varDir}/phpSessions"
        php_flag[magic_quotes_gpc] = Off
        php_flag[track_vars] = On
        php_flag[register_globals] = Off
        php_admin_flag[allow_url_fopen] = On
        php_value[include_path] = ${webRoot}
        php_admin_value[upload_tmp_dir] = "${varDir}/prefs"
        php_admin_value[post_max_size] = 32M
        php_admin_value[upload_max_filesize] = 32M
        php_admin_value[memory_limit] = 256M
        '';
    };
  };
in
  rompr
Commit	Line	Data
bfe3c9c9 IB	1	{ lib, env, stdenv, fetchedGithub }:
	2	let
	3	rompr = let
	4	in rec {
	5	varDir = "/var/lib/rompr";
	6	activationScript = ''
	7	install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
	8	${varDir}/prefs ${varDir}/albumart ${varDir}/phpSessions
	9	'';
	10	webRoot = stdenv.mkDerivation (fetchedGithub ./rompr.json // rec {
	11	installPhase = ''
	12	cp -a . $out
3c8d7f87 IB	13	ln -sf ${varDir}/prefs $out/prefs
3c8d7f87 IB	14	ln -sf ${varDir}/albumart $out/albumart
bfe3c9c9 IB	15	'';
bfe3c9c9 IB	16	});
a95ab089	17	apache = rec {
bfe3c9c9 IB	18	user = "wwwrun";
	19	group = "wwwrun";
	20	modules = [ "headers" "mime" "proxy_fcgi" ];
a95ab089 IB	21	webappName = "tools_rompr";
a95ab089 IB	22	root = "/run/current-system/webapps/${webappName}";
bfe3c9c9	23	vhostConf = ''
a95ab089	24	Alias /rompr ${root}
bfe3c9c9	25
a95ab089	26	<Directory ${root}>
bfe3c9c9 IB	27	Options Indexes FollowSymLinks
	28	DirectoryIndex index.php
	29	AllowOverride all
	30	Require all granted
	31	Order allow,deny
	32	Allow from all
	33	ErrorDocument 404 /rompr/404.php
	34	AddType image/x-icon .ico
	35
	36	<FilesMatch "\.php$">
	37	SetHandler "proxy:unix:${phpFpm.socket}\|fcgi://localhost"
	38	</FilesMatch>
	39	</Directory>
	40
a95ab089	41	<Directory ${root}/albumart/small>
bfe3c9c9 IB	42	Header Set Cache-Control "max-age=0, no-store"
	43	Header Set Cache-Control "no-cache, must-revalidate"
	44	</Directory>
	45
a95ab089	46	<Directory ${root}/albumart/asdownloaded>
bfe3c9c9 IB	47	Header Set Cache-Control "max-age=0, no-store"
	48	Header Set Cache-Control "no-cache, must-revalidate"
	49	</Directory>
	50
	51	<LocationMatch "^/rompr">
	52	Use LDAPConnect
	53	Require ldap-group cn=users,cn=mpd,ou=services,dc=immae,dc=eu
bfe3c9c9 IB	54	</LocationMatch>
	55	'';
	56	};
	57	phpFpm = rec {
	58	basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
	59	socket = "/var/run/phpfpm/rompr.sock";
	60	pool = ''
	61	listen = ${socket}
	62	user = ${apache.user}
	63	group = ${apache.group}
	64	listen.owner = ${apache.user}
	65	listen.group = ${apache.group}
	66	pm = ondemand
	67	pm.max_children = 60
	68	pm.process_idle_timeout = 60
	69
	70	; Needed to avoid clashes in browser cookies (same domain)
	71	php_value[session.name] = RomprPHPSESSID
	72	php_admin_value[open_basedir] = "${basedir}:/tmp"
	73	php_admin_value[session.save_path] = "${varDir}/phpSessions"
	74	php_flag[magic_quotes_gpc] = Off
	75	php_flag[track_vars] = On
	76	php_flag[register_globals] = Off
	77	php_admin_flag[allow_url_fopen] = On
	78	php_value[include_path] = ${webRoot}
	79	php_admin_value[upload_tmp_dir] = "${varDir}/prefs"
	80	php_admin_value[post_max_size] = 32M
	81	php_admin_value[upload_max_filesize] = 32M
	82	php_admin_value[memory_limit] = 256M
	83	'';
	84	};
	85	};
	86	in
	87	rompr