]>
Commit | Line | Data |
---|---|---|
a97118c4 IB |
1 | { pkgs, lib, config, ... }: |
2 | let | |
3 | env = config.myEnv.tools.status_engine; | |
1a64deeb | 4 | package = pkgs.status-engine-interface.override({ config_file = config.secrets.fullPaths."status_engine_ui"; }); |
a97118c4 IB |
5 | apacheRoot = "${package}/public"; |
6 | cfg = config.myServices.websites.tools.performance; | |
7 | in | |
8 | { | |
9 | options.myServices.websites.tools.performance = { | |
10 | enable = lib.mkEnableOption "Enable performance website"; | |
11 | }; | |
12 | ||
13 | config = lib.mkIf cfg.enable { | |
1a64deeb IB |
14 | myServices.dns.zones."immae.eu".subdomains.performance = |
15 | with config.myServices.dns.helpers; ips servers.eldiron.ips.main; | |
16 | ||
4c4652aa IB |
17 | secrets.keys = { |
18 | status_engine_ui = { | |
a97118c4 IB |
19 | permissions = "0400"; |
20 | user = "wwwrun"; | |
21 | group = "wwwrun"; | |
22 | text = '' | |
23 | allow_anonymous: 0 | |
24 | anonymous_can_submit_commands: 0 | |
25 | urls_without_login: | |
26 | - login | |
27 | - loginstate | |
28 | auth_type: ldap | |
29 | ldap_server: ${env.ldap.host} | |
30 | ldap_use_ssl: 1 | |
31 | ldap_port: 636 | |
32 | ldap_bind_dn: ${env.ldap.dn} | |
33 | ldap_bind_password: ${env.ldap.password} | |
34 | ldap_base_dn: ${env.ldap.base} | |
35 | ldap_filter: "${env.ldap.filter}" | |
36 | ldap_attribute: | |
37 | - memberOf | |
38 | use_crate: 0 | |
39 | use_mysql: 1 | |
40 | mysql: | |
41 | host: 127.0.0.1 | |
1a64deeb | 42 | port: ${builtins.toString env.mysql.port} |
a97118c4 IB |
43 | username: ${env.mysql.user} |
44 | password: ${env.mysql.password} | |
45 | database: ${env.mysql.database} | |
46 | display_perfdata: 1 | |
47 | perfdata_backend: mysql | |
48 | ''; | |
4c4652aa IB |
49 | }; |
50 | }; | |
a97118c4 IB |
51 | |
52 | services.websites.env.tools.modules = [ "proxy_fcgi" ]; | |
53 | ||
1a64deeb | 54 | security.acme.certs.eldiron.extraDomainNames = [ "performance.immae.eu" ]; |
a97118c4 IB |
55 | services.websites.env.tools.vhostConfs.performance = { |
56 | certName = "eldiron"; | |
a97118c4 IB |
57 | hosts = [ "performance.immae.eu" ]; |
58 | root = apacheRoot; | |
59 | extraConfig = [ | |
60 | '' | |
61 | <Directory ${apacheRoot}> | |
62 | DirectoryIndex index.html | |
63 | AllowOverride None | |
64 | Require all granted | |
65 | <FilesMatch "\.php$"> | |
66 | SetHandler "proxy:unix:${config.services.phpfpm.pools.status_engine.socket}|fcgi://localhost" | |
67 | </FilesMatch> | |
68 | </Directory> | |
69 | '' | |
70 | ]; | |
71 | }; | |
72 | ||
73 | services.phpfpm.pools.status_engine = { | |
74 | user = "wwwrun"; | |
75 | group = "wwwrun"; | |
76 | settings = { | |
77 | "listen.owner" = "wwwrun"; | |
78 | "listen.group" = "wwwrun"; | |
79 | "pm" = "dynamic"; | |
80 | "pm.max_children" = "60"; | |
81 | "pm.start_servers" = "2"; | |
82 | "pm.min_spare_servers" = "1"; | |
83 | "pm.max_spare_servers" = "10"; | |
84 | ||
1a64deeb IB |
85 | "php_admin_value[session.save_handler]" = "redis"; |
86 | "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:StatusEngine:'"; | |
da30ae4f | 87 | "php_admin_value[open_basedir]" = "${package}:/tmp:${config.secrets.fullPaths."status_engine_ui"}"; |
a97118c4 | 88 | }; |
1a64deeb | 89 | phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [ all.redis ]); |
a97118c4 IB |
90 | }; |
91 | ||
92 | }; | |
93 | } |