]>
Commit | Line | Data |
---|---|---|
da30ae4f | 1 | { stdenv, fetchurl, gettext, writeText, env, awl, davical, config }: |
452c2314 | 2 | rec { |
4c4652aa | 3 | keys."webapps/dav-davical" = { |
452c2314 IB |
4 | user = apache.user; |
5 | group = apache.group; | |
6 | permissions = "0400"; | |
7 | text = '' | |
8 | <?php | |
9 | $c->pg_connect[] = "dbname=${env.postgresql.database} user=${env.postgresql.user} host=${env.postgresql.socket} password=${env.postgresql.password}"; | |
d9998b44 | 10 | |
452c2314 | 11 | $c->readonly_webdav_collections = false; |
d9998b44 | 12 | |
452c2314 | 13 | $c->admin_email ='davical@tools.immae.eu'; |
d9998b44 | 14 | |
452c2314 | 15 | $c->restrict_setup_to_admin = true; |
d9998b44 | 16 | |
452c2314 | 17 | $c->collections_always_exist = false; |
d9998b44 | 18 | |
452c2314 | 19 | $c->external_refresh = 60; |
d9998b44 | 20 | |
452c2314 | 21 | $c->enable_scheduling = true; |
d9998b44 | 22 | |
452c2314 | 23 | $c->iMIP = (object) array("send_email" => true); |
d9998b44 | 24 | |
452c2314 IB |
25 | $c->authenticate_hook['optional'] = false; |
26 | $c->authenticate_hook['call'] = 'LDAP_check'; | |
27 | $c->authenticate_hook['config'] = array( | |
ab8f306d | 28 | 'host' => '${env.ldap.host}', |
452c2314 IB |
29 | 'port' => '389', |
30 | 'startTLS' => 'yes', | |
ab8f306d | 31 | 'bindDN'=> '${env.ldap.dn}', |
452c2314 IB |
32 | 'passDN'=> '${env.ldap.password}', |
33 | 'protocolVersion' => '3', | |
ab8f306d IB |
34 | 'baseDNUsers'=> array('ou=users,${env.ldap.base}', 'ou=group_users,${env.ldap.base}'), |
35 | 'filterUsers' => '${env.ldap.filter}', | |
36 | 'baseDNGroups' => 'ou=groups,${env.ldap.base}', | |
37 | 'filterGroups' => 'memberOf=cn=groups,${env.ldap.dn}', | |
452c2314 IB |
38 | 'mapping_field' => array( |
39 | "username" => "uid", | |
40 | "fullname" => "cn", | |
41 | "email" => "mail", | |
42 | "modified" => "modifyTimestamp", | |
43 | ), | |
44 | 'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)), | |
45 | /** used to set default value for all users, will be overcharged by ldap if defined also in mapping_field **/ | |
46 | // 'default_value' => array("date_format_type" => "E","locale" => "fr_FR"), | |
47 | 'group_mapping_field' => array( | |
48 | "username" => "cn", | |
49 | "updated" => "modifyTimestamp", | |
50 | "fullname" => "givenName", | |
51 | "displayname" => "givenName", | |
52 | "members" => "memberUid", | |
53 | "email" => "mail", | |
54 | ), | |
55 | ); | |
d9998b44 | 56 | |
452c2314 IB |
57 | $c->do_not_sync_from_ldap = array('admin' => true); |
58 | include('drivers_ldap.php'); | |
59 | ''; | |
4c4652aa | 60 | }; |
da30ae4f | 61 | webapp = davical.override { davical_config = config.secrets.fullPaths."webapps/dav-davical"; }; |
452c2314 IB |
62 | webRoot = "${webapp}/htdocs"; |
63 | apache = rec { | |
64 | user = "wwwrun"; | |
65 | group = "wwwrun"; | |
66 | modules = [ "proxy_fcgi" ]; | |
750fe5a4 | 67 | root = webRoot; |
5400b9b6 | 68 | vhostConf = socket: '' |
452c2314 IB |
69 | Alias /davical "${root}" |
70 | Alias /caldav.php "${root}/caldav.php" | |
71 | <Directory "${root}"> | |
72 | DirectoryIndex index.php index.html | |
73 | AcceptPathInfo On | |
74 | AllowOverride None | |
75 | Require all granted | |
d9998b44 | 76 | |
452c2314 IB |
77 | <FilesMatch "\.php$"> |
78 | CGIPassAuth on | |
5400b9b6 | 79 | SetHandler "proxy:unix:${socket}|fcgi://localhost" |
452c2314 | 80 | </FilesMatch> |
d9998b44 | 81 | |
452c2314 IB |
82 | RewriteEngine On |
83 | <IfModule mod_headers.c> | |
84 | Header unset Access-Control-Allow-Origin | |
85 | Header unset Access-Control-Allow-Methods | |
86 | Header unset Access-Control-Allow-Headers | |
87 | Header unset Access-Control-Allow-Credentials | |
88 | Header unset Access-Control-Expose-Headers | |
d9998b44 | 89 | |
452c2314 IB |
90 | Header always set Access-Control-Allow-Origin "*" |
91 | Header always set Access-Control-Allow-Methods "GET,POST,OPTIONS,PROPFIND,PROPPATCH,REPORT,PUT,MOVE,DELETE,LOCK,UNLOCK" | |
92 | Header always set Access-Control-Allow-Headers "User-Agent,Authorization,Content-type,Depth,If-match,If-None-Match,Lock-Token,Timeout,Destination,Overwrite,Prefer,X-client,X-Requested-With" | |
93 | Header always set Access-Control-Allow-Credentials false | |
94 | Header always set Access-Control-Expose-Headers "Etag,Preference-Applied" | |
d9998b44 | 95 | |
452c2314 IB |
96 | RewriteCond %{HTTP:Access-Control-Request-Method} !^$ |
97 | RewriteCond %{REQUEST_METHOD} OPTIONS | |
98 | RewriteRule ^(.*)$ $1 [R=200,L] | |
99 | </IfModule> | |
100 | </Directory> | |
101 | ''; | |
102 | }; | |
103 | phpFpm = rec { | |
104 | serviceDeps = [ "postgresql.service" "openldap.service" ]; | |
da30ae4f | 105 | basedir = builtins.concatStringsSep ":" [ webapp config.secrets.fullPaths."webapps/dav-davical" awl ]; |
5400b9b6 IB |
106 | pool = { |
107 | "listen.owner" = apache.user; | |
108 | "listen.group" = apache.group; | |
109 | "pm" = "dynamic"; | |
110 | "pm.max_children" = "60"; | |
111 | "pm.start_servers" = "2"; | |
112 | "pm.min_spare_servers" = "1"; | |
113 | "pm.max_spare_servers" = "10"; | |
d9998b44 | 114 | |
5400b9b6 IB |
115 | # Needed to avoid clashes in browser cookies (same domain) |
116 | "php_value[session.name]" = "DavicalPHPSESSID"; | |
1a64deeb | 117 | "php_admin_value[open_basedir]" = "${basedir}:/tmp"; |
5400b9b6 | 118 | "php_admin_value[include_path]" = "${awl}/inc:${webapp}/inc"; |
1a64deeb IB |
119 | "php_admin_value[session.save_handler]" = "redis"; |
120 | "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Davical:'"; | |
5400b9b6 IB |
121 | "php_flag[magic_quotes_gpc]" = "Off"; |
122 | "php_flag[register_globals]" = "Off"; | |
123 | "php_admin_value[error_reporting]" = "E_ALL & ~E_NOTICE"; | |
124 | "php_admin_value[default_charset]" = "utf-8"; | |
125 | "php_flag[magic_quotes_runtime]" = "Off"; | |
126 | }; | |
d9998b44 | 127 | }; |
452c2314 | 128 | } |