]>
Commit | Line | Data |
---|---|---|
da30ae4f | 1 | { php, env, ttrss, ttrss-plugins, config }: |
86663f17 IB |
2 | rec { |
3 | varDir = "/var/lib/ttrss"; | |
4 | activationScript = { | |
5 | deps = [ "wrappers" ]; | |
6 | text = '' | |
7 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ | |
8 | ${varDir}/lock ${varDir}/cache ${varDir}/feed-icons | |
9 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}/cache/export/ \ | |
10 | ${varDir}/cache/feeds/ \ | |
11 | ${varDir}/cache/images/ \ | |
12 | ${varDir}/cache/js/ \ | |
13 | ${varDir}/cache/simplepie/ \ | |
14 | ${varDir}/cache/upload/ | |
15 | touch ${varDir}/feed-icons/index.html | |
86663f17 IB |
16 | ''; |
17 | }; | |
1a64deeb IB |
18 | chatonsProperties = { |
19 | file.datetime = "2022-08-21T22:50:00"; | |
20 | service = { | |
21 | name = "RSS"; | |
22 | description = "Tiny Tiny RSS is a free and open source web-based news feed (RSS/Atom) reader and aggregator"; | |
23 | website = "https://tools.immae.eu/ttrss/"; | |
24 | logo = "https://tools.immae.eu/ttrss/images/favicon.png"; | |
25 | status.level = "OK"; | |
26 | status.description = "OK"; | |
27 | registration."" = ["MEMBER" "CLIENT"]; | |
28 | registration.load = "OPEN"; | |
29 | install.type = "PACKAGE"; | |
30 | }; | |
31 | software = { | |
32 | name = "Tiny Tiny RSS"; | |
33 | website = "https://tt-rss.org/"; | |
34 | license.url = "https://www.gnu.org/copyleft/gpl.html"; | |
35 | license.name = "GNU General Public License Version 3"; | |
36 | version = webRoot.version; | |
37 | source.url = "https://git.tt-rss.org/fox/tt-rss.git/"; | |
38 | modules = map (p: p.pluginName) webRoot.plugins; | |
39 | }; | |
40 | }; | |
4c4652aa | 41 | keys."webapps/tools-ttrss" = { |
86663f17 IB |
42 | user = apache.user; |
43 | group = apache.group; | |
44 | permissions = "0400"; | |
1a64deeb | 45 | keyDependencies = [ php ]; |
86663f17 IB |
46 | text = '' |
47 | <?php | |
48 | ||
49 | define('PHP_EXECUTABLE', '${php}/bin/php'); | |
50 | ||
51 | define('LOCK_DIRECTORY', 'lock'); | |
52 | define('CACHE_DIR', 'cache'); | |
53 | define('ICONS_DIR', 'feed-icons'); | |
54 | define('ICONS_URL', 'feed-icons'); | |
55 | define('SELF_URL_PATH', 'https://tools.immae.eu/ttrss/'); | |
56 | ||
57 | define('MYSQL_CHARSET', 'UTF8'); | |
58 | ||
59 | define('DB_TYPE', 'pgsql'); | |
60 | define('DB_HOST', '${env.postgresql.socket}'); | |
61 | define('DB_USER', '${env.postgresql.user}'); | |
62 | define('DB_NAME', '${env.postgresql.database}'); | |
63 | define('DB_PASS', '${env.postgresql.password}'); | |
64 | define('DB_PORT', '${env.postgresql.port}'); | |
65 | ||
66 | define('AUTH_AUTO_CREATE', true); | |
67 | define('AUTH_AUTO_LOGIN', true); | |
68 | ||
69 | define('SINGLE_USER_MODE', false); | |
70 | ||
71 | define('SIMPLE_UPDATE_MODE', false); | |
72 | define('CHECK_FOR_UPDATES', true); | |
73 | ||
74 | define('FORCE_ARTICLE_PURGE', 0); | |
75 | define('SESSION_COOKIE_LIFETIME', 60*60*24*120); | |
76 | define('ENABLE_GZIP_OUTPUT', false); | |
77 | ||
78 | define('PLUGINS', 'auth_ldap, note, instances'); | |
79 | ||
80 | define('LOG_DESTINATION', '''); | |
81 | define('CONFIG_VERSION', 26); | |
82 | ||
1a64deeb | 83 | define('DAEMON_UPDATE_LOGIN_LIMIT', 0); |
86663f17 IB |
84 | |
85 | define('SPHINX_SERVER', 'localhost:9312'); | |
86 | define('SPHINX_INDEX', 'ttrss, delta'); | |
87 | ||
88 | define('ENABLE_REGISTRATION', false); | |
89 | define('REG_NOTIFY_ADDRESS', 'ttrss@tools.immae.eu'); | |
90 | define('REG_MAX_USERS', 10); | |
91 | ||
92 | define('SMTP_FROM_NAME', 'Tiny Tiny RSS'); | |
93 | define('SMTP_FROM_ADDRESS', 'ttrss@tools.immae.eu'); | |
94 | define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours'); | |
95 | ||
ab8f306d | 96 | define('LDAP_AUTH_SERVER_URI', 'ldap://${env.ldap.host}:389/'); |
86663f17 IB |
97 | define('LDAP_AUTH_USETLS', TRUE); |
98 | define('LDAP_AUTH_ALLOW_UNTRUSTED_CERT', TRUE); | |
ab8f306d | 99 | define('LDAP_AUTH_BASEDN', '${env.ldap.base}'); |
86663f17 | 100 | define('LDAP_AUTH_ANONYMOUSBEFOREBIND', FALSE); |
ab8f306d | 101 | define('LDAP_AUTH_SEARCHFILTER', '${env.ldap.filter}'); |
86663f17 | 102 | |
ab8f306d | 103 | define('LDAP_AUTH_BINDDN', '${env.ldap.dn}'); |
86663f17 IB |
104 | define('LDAP_AUTH_BINDPW', '${env.ldap.password}'); |
105 | define('LDAP_AUTH_LOGIN_ATTRIB', 'immaeTtrssLogin'); | |
106 | ||
107 | define('LDAP_AUTH_LOG_ATTEMPTS', FALSE); | |
108 | define('LDAP_AUTH_DEBUG', FALSE); | |
eb770e14 | 109 | ''; |
4c4652aa | 110 | }; |
da30ae4f | 111 | webRoot = (ttrss.override { ttrss_config = config.secrets.fullPaths."webapps/tools-ttrss"; }).withPlugins (p: [ |
34c7b88e IB |
112 | p.auth_ldap p.ff_instagram p.tumblr_gdpr_ua |
113 | (p.af_feedmod.override { patched = true; }) | |
114 | (p.feediron.override { patched = true; }) | |
115 | ]); | |
86663f17 IB |
116 | apache = rec { |
117 | user = "wwwrun"; | |
118 | group = "wwwrun"; | |
119 | modules = [ "proxy_fcgi" ]; | |
750fe5a4 | 120 | root = webRoot; |
5400b9b6 | 121 | vhostConf = socket: '' |
86663f17 IB |
122 | Alias /ttrss "${root}" |
123 | <Directory "${root}"> | |
124 | DirectoryIndex index.php | |
125 | <FilesMatch "\.php$"> | |
5400b9b6 | 126 | SetHandler "proxy:unix:${socket}|fcgi://localhost" |
86663f17 IB |
127 | </FilesMatch> |
128 | ||
129 | AllowOverride All | |
130 | Options FollowSymlinks | |
131 | Require all granted | |
132 | </Directory> | |
eb770e14 | 133 | ''; |
86663f17 IB |
134 | }; |
135 | phpFpm = rec { | |
136 | serviceDeps = [ "postgresql.service" "openldap.service" ]; | |
137 | basedir = builtins.concatStringsSep ":" ( | |
da30ae4f | 138 | [ webRoot config.secrets.fullPaths."webapps/tools-ttrss" varDir ] |
86663f17 | 139 | ++ webRoot.plugins); |
5400b9b6 IB |
140 | pool = { |
141 | "listen.owner" = apache.user; | |
142 | "listen.group" = apache.group; | |
143 | "pm" = "ondemand"; | |
144 | "pm.max_children" = "60"; | |
145 | "pm.process_idle_timeout" = "60"; | |
146 | ||
147 | # Needed to avoid clashes in browser cookies (same domain) | |
148 | "php_value[session.name]" = "TtrssPHPSESSID"; | |
149 | "php_admin_value[open_basedir]" = "${basedir}:/tmp"; | |
1a64deeb IB |
150 | "php_admin_value[session.save_handler]" = "redis"; |
151 | "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:TTRSS:'"; | |
5400b9b6 | 152 | }; |
eb770e14 | 153 | }; |
1a64deeb IB |
154 | monitoringPlugins = [ "http" ]; |
155 | monitoringObjects.service = [ | |
156 | { | |
157 | service_description = "ttrss website is running on tools.immae.eu"; | |
158 | host_name = config.hostEnv.fqdn; | |
159 | use = "external-web-service"; | |
160 | check_command = ["check_https" "tools.immae.eu" "/ttrss/" "<title>Tiny Tiny RSS"]; | |
161 | ||
162 | servicegroups = "webstatus-webapps"; | |
163 | _webstatus_name = "TT-RSS"; | |
164 | _webstatus_url = "https://tools.immae.eu/ttrss/"; | |
165 | } | |
166 | ]; | |
86663f17 | 167 | } |