[perso/Immae/Config/Nix.git] / systems / eldiron / websites / tools / rompr.nix

{ lib, env, rompr, config }:
rec {
  varDir = "/var/lib/rompr";
  activationScript = ''
    install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
      ${varDir}/prefs ${varDir}/albumart
  '';
  webRoot = rompr;
  apache = rec {
    user = "wwwrun";
    group = "wwwrun";
    modules = [ "headers" "mime" "proxy_fcgi" ];
    root = webRoot;
    vhostConf = socket: ''
      Alias /rompr ${root}

      <Directory ${root}>
        Options Indexes FollowSymLinks
        DirectoryIndex index.php
        AllowOverride all
        Require all granted
        Order allow,deny
        Allow from all
        ErrorDocument 404 /rompr/404.php
        AddType image/x-icon .ico

        <FilesMatch "\.php$">
          SetHandler "proxy:unix:${socket}|fcgi://localhost"
        </FilesMatch>
      </Directory>

      <Directory ${root}/albumart/small>
          Header Set Cache-Control "max-age=0, no-store"
          Header Set Cache-Control "no-cache, must-revalidate"
      </Directory>

      <Directory ${root}/albumart/asdownloaded>
          Header Set Cache-Control "max-age=0, no-store"
          Header Set Cache-Control "no-cache, must-revalidate"
      </Directory>

      <LocationMatch "^/rompr">
        Use LDAPConnect
        Require ldap-group   cn=users,cn=mpd,ou=services,dc=immae,dc=eu
      </LocationMatch>
      '';
  };
  phpFpm = rec {
    basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
    pool = {
      "listen.owner" = apache.user;
      "listen.group" = apache.group;
      "pm" = "ondemand";
      "pm.max_children" = "60";
      "pm.process_idle_timeout" = "60";

      # Needed to avoid clashes in browser cookies (same domain)
      "php_value[session.name]" = "RomprPHPSESSID";
      "php_admin_value[open_basedir]" = "${basedir}:/tmp";
      "php_admin_value[session.save_handler]" = "redis";
      "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Rompr:'";
      "php_flag[magic_quotes_gpc]" = "Off";
      "php_flag[track_vars]" = "On";
      "php_flag[register_globals]" = "Off";
      "php_admin_flag[allow_url_fopen]" = "On";
      "php_value[include_path]" = "${webRoot}";
      "php_admin_value[upload_tmp_dir]" = "${varDir}/prefs";
      "php_admin_value[post_max_size]" = "32M";
      "php_admin_value[upload_max_filesize]" = "32M";
      "php_admin_value[memory_limit]" = "256M";
    };
  };
  monitoringPlugins = [ "http" ];
  monitoringObjects.service = [
    {
      service_description = "rompr mpd website is running on tools.immae.eu";
      host_name = config.hostEnv.fqdn;
      use = "external-web-service";
      check_command = ["check_https_auth" "tools.immae.eu" "/rompr/" "<title>RompЯ"];

      servicegroups = "webstatus-webapps";
      _webstatus_name = "MPD (ROMPR)";
      _webstatus_url = "https://tools.immae.eu/rompr/";
    }
  ];
}
Commit	Line	Data
1a64deeb	1	{ lib, env, rompr, config }:
5dbe7ba1 IB	2	rec {
	3	varDir = "/var/lib/rompr";
	4	activationScript = ''
	5	install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
1a64deeb	6	${varDir}/prefs ${varDir}/albumart
5dbe7ba1 IB	7	'';
	8	webRoot = rompr;
	9	apache = rec {
	10	user = "wwwrun";
	11	group = "wwwrun";
	12	modules = [ "headers" "mime" "proxy_fcgi" ];
750fe5a4	13	root = webRoot;
5400b9b6	14	vhostConf = socket: ''
5dbe7ba1	15	Alias /rompr ${root}
bfe3c9c9	16
5dbe7ba1 IB	17	<Directory ${root}>
	18	Options Indexes FollowSymLinks
	19	DirectoryIndex index.php
	20	AllowOverride all
	21	Require all granted
	22	Order allow,deny
	23	Allow from all
	24	ErrorDocument 404 /rompr/404.php
	25	AddType image/x-icon .ico
bfe3c9c9	26
5dbe7ba1	27	<FilesMatch "\.php$">
5400b9b6	28	SetHandler "proxy:unix:${socket}\|fcgi://localhost"
5dbe7ba1 IB	29	</FilesMatch>
5dbe7ba1 IB	30	</Directory>
bfe3c9c9	31
5dbe7ba1 IB	32	<Directory ${root}/albumart/small>
	33	Header Set Cache-Control "max-age=0, no-store"
	34	Header Set Cache-Control "no-cache, must-revalidate"
	35	</Directory>
bfe3c9c9	36
5dbe7ba1 IB	37	<Directory ${root}/albumart/asdownloaded>
	38	Header Set Cache-Control "max-age=0, no-store"
	39	Header Set Cache-Control "no-cache, must-revalidate"
	40	</Directory>
bfe3c9c9	41
5dbe7ba1 IB	42	<LocationMatch "^/rompr">
	43	Use LDAPConnect
	44	Require ldap-group cn=users,cn=mpd,ou=services,dc=immae,dc=eu
	45	</LocationMatch>
	46	'';
	47	};
	48	phpFpm = rec {
	49	basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
5400b9b6 IB	50	pool = {
	51	"listen.owner" = apache.user;
	52	"listen.group" = apache.group;
	53	"pm" = "ondemand";
	54	"pm.max_children" = "60";
	55	"pm.process_idle_timeout" = "60";
bfe3c9c9	56
5400b9b6 IB	57	# Needed to avoid clashes in browser cookies (same domain)
	58	"php_value[session.name]" = "RomprPHPSESSID";
	59	"php_admin_value[open_basedir]" = "${basedir}:/tmp";
1a64deeb IB	60	"php_admin_value[session.save_handler]" = "redis";
1a64deeb IB	61	"php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Rompr:'";
5400b9b6 IB	62	"php_flag[magic_quotes_gpc]" = "Off";
	63	"php_flag[track_vars]" = "On";
	64	"php_flag[register_globals]" = "Off";
	65	"php_admin_flag[allow_url_fopen]" = "On";
	66	"php_value[include_path]" = "${webRoot}";
	67	"php_admin_value[upload_tmp_dir]" = "${varDir}/prefs";
	68	"php_admin_value[post_max_size]" = "32M";
	69	"php_admin_value[upload_max_filesize]" = "32M";
	70	"php_admin_value[memory_limit]" = "256M";
	71	};
bfe3c9c9	72	};
1a64deeb IB	73	monitoringPlugins = [ "http" ];
	74	monitoringObjects.service = [
	75	{
	76	service_description = "rompr mpd website is running on tools.immae.eu";
	77	host_name = config.hostEnv.fqdn;
	78	use = "external-web-service";
	79	check_command = ["check_https_auth" "tools.immae.eu" "/rompr/" "<title>RompЯ"];
	80
	81	servicegroups = "webstatus-webapps";
	82	_webstatus_name = "MPD (ROMPR)";
	83	_webstatus_url = "https://tools.immae.eu/rompr/";
	84	}
	85	];
5dbe7ba1	86	}