[perso/Immae/Config/Nix.git] / systems / eldiron / websites / performance / default.nix

{ pkgs, lib, config, ... }:
let
  env = config.myEnv.tools.status_engine;
  package = pkgs.status-engine-interface.override({ config_file = config.secrets.fullPaths."status_engine_ui"; });
  apacheRoot = "${package}/public";
  cfg = config.myServices.websites.tools.performance;
in
{
  options.myServices.websites.tools.performance = {
    enable = lib.mkEnableOption "Enable performance website";
  };

  config = lib.mkIf cfg.enable {
    myServices.dns.zones."immae.eu".subdomains.performance =
      with config.myServices.dns.helpers; ips servers.eldiron.ips.main;

    secrets.keys = {
      status_engine_ui = {
        permissions = "0400";
        user = "wwwrun";
        group = "wwwrun";
        text = ''
          allow_anonymous: 0
          anonymous_can_submit_commands: 0
          urls_without_login:
            - login
            - loginstate
          auth_type: ldap
          ldap_server: ${env.ldap.host}
          ldap_use_ssl: 1
          ldap_port: 636
          ldap_bind_dn: ${env.ldap.dn}
          ldap_bind_password: ${env.ldap.password}
          ldap_base_dn: ${env.ldap.base}
          ldap_filter: "${env.ldap.filter}"
          ldap_attribute:
            - memberOf
          use_crate: 0
          use_mysql: 1
          mysql:
              host: 127.0.0.1
              port: ${builtins.toString env.mysql.port}
              username: ${env.mysql.user}
              password: ${env.mysql.password}
              database: ${env.mysql.database}
          display_perfdata: 1
          perfdata_backend: mysql
        '';
      };
    };

    services.websites.env.tools.modules = [ "proxy_fcgi" ];

    security.acme.certs.eldiron.extraDomainNames = [ "performance.immae.eu" ];
    services.websites.env.tools.vhostConfs.performance = {
      certName   = "eldiron";
      hosts      = [ "performance.immae.eu" ];
      root       = apacheRoot;
      extraConfig = [
        ''
          <Directory ${apacheRoot}>
            DirectoryIndex index.html
            AllowOverride None
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${config.services.phpfpm.pools.status_engine.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
        ''
      ];
    };

    services.phpfpm.pools.status_engine = {
      user = "wwwrun";
      group = "wwwrun";
      settings = {
        "listen.owner" = "wwwrun";
        "listen.group" = "wwwrun";
        "pm" = "dynamic";
        "pm.max_children" = "60";
        "pm.start_servers" = "2";
        "pm.min_spare_servers" = "1";
        "pm.max_spare_servers" = "10";

        "php_admin_value[session.save_handler]" = "redis";
        "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:StatusEngine:'";
        "php_admin_value[open_basedir]" = "${package}:/tmp:${config.secrets.fullPaths."status_engine_ui"}";
      };
      phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [ all.redis ]);
    };

  };
}
Commit	Line	Data
a97118c4 IB	1	{ pkgs, lib, config, ... }:
	2	let
	3	env = config.myEnv.tools.status_engine;
1a64deeb	4	package = pkgs.status-engine-interface.override({ config_file = config.secrets.fullPaths."status_engine_ui"; });
a97118c4 IB	5	apacheRoot = "${package}/public";
	6	cfg = config.myServices.websites.tools.performance;
	7	in
	8	{
	9	options.myServices.websites.tools.performance = {
	10	enable = lib.mkEnableOption "Enable performance website";
	11	};
	12
	13	config = lib.mkIf cfg.enable {
1a64deeb IB	14	myServices.dns.zones."immae.eu".subdomains.performance =
	15	with config.myServices.dns.helpers; ips servers.eldiron.ips.main;
	16
4c4652aa IB	17	secrets.keys = {
4c4652aa IB	18	status_engine_ui = {
a97118c4 IB	19	permissions = "0400";
	20	user = "wwwrun";
	21	group = "wwwrun";
	22	text = ''
	23	allow_anonymous: 0
	24	anonymous_can_submit_commands: 0
	25	urls_without_login:
	26	- login
	27	- loginstate
	28	auth_type: ldap
	29	ldap_server: ${env.ldap.host}
	30	ldap_use_ssl: 1
	31	ldap_port: 636
	32	ldap_bind_dn: ${env.ldap.dn}
	33	ldap_bind_password: ${env.ldap.password}
	34	ldap_base_dn: ${env.ldap.base}
	35	ldap_filter: "${env.ldap.filter}"
	36	ldap_attribute:
	37	- memberOf
	38	use_crate: 0
	39	use_mysql: 1
	40	mysql:
	41	host: 127.0.0.1
1a64deeb	42	port: ${builtins.toString env.mysql.port}
a97118c4 IB	43	username: ${env.mysql.user}
	44	password: ${env.mysql.password}
	45	database: ${env.mysql.database}
	46	display_perfdata: 1
	47	perfdata_backend: mysql
	48	'';
4c4652aa IB	49	};
4c4652aa IB	50	};
a97118c4 IB	51
	52	services.websites.env.tools.modules = [ "proxy_fcgi" ];
	53
1a64deeb	54	security.acme.certs.eldiron.extraDomainNames = [ "performance.immae.eu" ];
a97118c4 IB	55	services.websites.env.tools.vhostConfs.performance = {
a97118c4 IB	56	certName = "eldiron";
a97118c4 IB	57	hosts = [ "performance.immae.eu" ];
	58	root = apacheRoot;
	59	extraConfig = [
	60	''
	61	<Directory ${apacheRoot}>
	62	DirectoryIndex index.html
	63	AllowOverride None
	64	Require all granted
	65	<FilesMatch "\.php$">
	66	SetHandler "proxy:unix:${config.services.phpfpm.pools.status_engine.socket}\|fcgi://localhost"
	67	</FilesMatch>
	68	</Directory>
	69	''
	70	];
	71	};
	72
	73	services.phpfpm.pools.status_engine = {
	74	user = "wwwrun";
	75	group = "wwwrun";
	76	settings = {
	77	"listen.owner" = "wwwrun";
	78	"listen.group" = "wwwrun";
	79	"pm" = "dynamic";
	80	"pm.max_children" = "60";
	81	"pm.start_servers" = "2";
	82	"pm.min_spare_servers" = "1";
	83	"pm.max_spare_servers" = "10";
	84
1a64deeb IB	85	"php_admin_value[session.save_handler]" = "redis";
1a64deeb IB	86	"php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:StatusEngine:'";
da30ae4f	87	"php_admin_value[open_basedir]" = "${package}:/tmp:${config.secrets.fullPaths."status_engine_ui"}";
a97118c4	88	};
1a64deeb	89	phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [ all.redis ]);
a97118c4 IB	90	};
	91
	92	};
	93	}