[perso/Immae/Config/Nix.git] / systems / eldiron / websites / tools / yourls.nix

{ env, yourls, yourls-plugins, config }:
rec {
  keys."webapps/tools-yourls" = {
    user = apache.user;
    group = apache.group;
    permissions = "0400";
    text = ''
      <?php
      define( 'YOURLS_DB_USER', '${env.mysql.user}' );
      define( 'YOURLS_DB_PASS', '${env.mysql.password}' );
      define( 'YOURLS_DB_NAME', '${env.mysql.database}' );
      define( 'YOURLS_DB_HOST', '${env.mysql.host}' );
      define( 'YOURLS_DB_PREFIX', 'yourls_' );
      define( 'YOURLS_SITE', 'https://tools.immae.eu/url' );
      define( 'YOURLS_HOURS_OFFSET', 0 ); 
      define( 'YOURLS_LANG', ''' ); 
      define( 'YOURLS_UNIQUE_URLS', true );
      define( 'YOURLS_PRIVATE', true );
      define( 'YOURLS_COOKIEKEY', '${env.cookieKey}' );
      $yourls_user_passwords = array();
      define( 'YOURLS_DEBUG', false );
      define( 'YOURLS_URL_CONVERT', 36 );
      $yourls_reserved_URL = array();
      define( 'LDAPAUTH_HOST', 'ldaps://${env.ldap.host}' );
      define( 'LDAPAUTH_PORT', '636' );
      define( 'LDAPAUTH_BASE', '${env.ldap.base}' );
      define( 'LDAPAUTH_SEARCH_USER', '${env.ldap.dn}' );
      define( 'LDAPAUTH_SEARCH_PASS', '${env.ldap.password}' );

      define( 'LDAPAUTH_GROUP_ATTR', 'memberof' );
      define( 'LDAPAUTH_GROUP_REQ', 'cn=admin,cn=yourls,ou=services,dc=immae,dc=eu');

      define( 'LDAPAUTH_USERCACHE_TYPE', 0);
    '';
  };
  chatonsProperties = {
    file.datetime = "2022-08-27T18:00:00";
    service = {
      name = "Yourls";
      description = "Your own URL shortener";
      website = "https://tools.immae.eu/url/admin/";
      logo = "https://tools.immae.eu/url/images/favicon.gif";
      status.level = "OK";
      status.description = "OK";
      registration."" = ["MEMBER" "CLIENT"];
      registration.load = "FULL";
      install.type = "PACKAGE";
    };
    software = {
      name = "YOURLS";
      website = "http://yourls.org/";
      license.url = "https://github.com/YOURLS/YOURLS/blob/master/LICENSE";
      license.name = "MIT License";
      version = webRoot.version;
      source.url = "https://github.com/YOURLS/YOURLS";
      modules = map (a: a.pluginName) webRoot.plugins;
    };
  };
  webRoot = (yourls.override { yourls_config = config.secrets.fullPaths."webapps/tools-yourls"; }).withPlugins (p: [p.ldap]);
  apache = rec {
    user = "wwwrun";
    group = "wwwrun";
    modules = [ "proxy_fcgi" ];
    root = webRoot;
    vhostConf = socket: ''
      Alias /url "${root}"
      <Directory "${root}">
        <FilesMatch "\.php$">
          SetHandler "proxy:unix:${socket}|fcgi://localhost"
        </FilesMatch>

        AllowOverride None
        Require all granted
        <IfModule mod_rewrite.c>
          RewriteEngine On
          RewriteBase /url/
          RewriteCond %{REQUEST_FILENAME} !-f
          RewriteCond %{REQUEST_FILENAME} !-d
          RewriteRule ^.*$ /url/yourls-loader.php [L]
        </IfModule>
        DirectoryIndex index.php
      </Directory>
      '';
  };
  phpFpm = rec {
    serviceDeps = [ "mysql.service" "openldap.service" ];
    basedir = builtins.concatStringsSep ":" (
      [ webRoot config.secrets.fullPaths."webapps/tools-yourls" ]
      ++ webRoot.plugins);
    pool = {
      "listen.owner" = apache.user;
      "listen.group" = apache.group;
      "pm" = "ondemand";
      "pm.max_children" = "60";
      "pm.process_idle_timeout" = "60";

      # Needed to avoid clashes in browser cookies (same domain)
      "php_value[session.name]" = "YourlsPHPSESSID";
      "php_admin_value[session.save_handler]" = "redis";
      "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Yourls:'";
      "php_admin_value[open_basedir]" = "${basedir}:/tmp";
    };
  };
  monitoringPlugins = [ "http" ];
  monitoringObjects.service = [
    {
      service_description = "yourl website is running on tools.immae.eu";
      host_name = config.hostEnv.fqdn;
      use = "external-web-service";
      check_command = ["check_https" "tools.immae.eu" "/url/admin/" "<title>YOURLS"];

      servicegroups = "webstatus-webapps";
      _webstatus_name = "YOURLS";
      _webstatus_url = "https://tools.immae.eu/url/admin/";
    }

  ];
}
Commit	Line	Data
da30ae4f	1	{ env, yourls, yourls-plugins, config }:
b44b42a1	2	rec {
4c4652aa	3	keys."webapps/tools-yourls" = {
b44b42a1 IB	4	user = apache.user;
	5	group = apache.group;
	6	permissions = "0400";
	7	text = ''
	8	<?php
	9	define( 'YOURLS_DB_USER', '${env.mysql.user}' );
	10	define( 'YOURLS_DB_PASS', '${env.mysql.password}' );
	11	define( 'YOURLS_DB_NAME', '${env.mysql.database}' );
	12	define( 'YOURLS_DB_HOST', '${env.mysql.host}' );
	13	define( 'YOURLS_DB_PREFIX', 'yourls_' );
	14	define( 'YOURLS_SITE', 'https://tools.immae.eu/url' );
	15	define( 'YOURLS_HOURS_OFFSET', 0 );
	16	define( 'YOURLS_LANG', ''' );
	17	define( 'YOURLS_UNIQUE_URLS', true );
	18	define( 'YOURLS_PRIVATE', true );
	19	define( 'YOURLS_COOKIEKEY', '${env.cookieKey}' );
	20	$yourls_user_passwords = array();
	21	define( 'YOURLS_DEBUG', false );
	22	define( 'YOURLS_URL_CONVERT', 36 );
	23	$yourls_reserved_URL = array();
ab8f306d	24	define( 'LDAPAUTH_HOST', 'ldaps://${env.ldap.host}' );
b44b42a1	25	define( 'LDAPAUTH_PORT', '636' );
ab8f306d IB	26	define( 'LDAPAUTH_BASE', '${env.ldap.base}' );
ab8f306d IB	27	define( 'LDAPAUTH_SEARCH_USER', '${env.ldap.dn}' );
b44b42a1	28	define( 'LDAPAUTH_SEARCH_PASS', '${env.ldap.password}' );
133ebaee	29
b44b42a1 IB	30	define( 'LDAPAUTH_GROUP_ATTR', 'memberof' );
b44b42a1 IB	31	define( 'LDAPAUTH_GROUP_REQ', 'cn=admin,cn=yourls,ou=services,dc=immae,dc=eu');
133ebaee	32
b44b42a1 IB	33	define( 'LDAPAUTH_USERCACHE_TYPE', 0);
b44b42a1 IB	34	'';
4c4652aa	35	};
1a64deeb IB	36	chatonsProperties = {
	37	file.datetime = "2022-08-27T18:00:00";
	38	service = {
	39	name = "Yourls";
	40	description = "Your own URL shortener";
	41	website = "https://tools.immae.eu/url/admin/";
	42	logo = "https://tools.immae.eu/url/images/favicon.gif";
	43	status.level = "OK";
	44	status.description = "OK";
	45	registration."" = ["MEMBER" "CLIENT"];
	46	registration.load = "FULL";
	47	install.type = "PACKAGE";
	48	};
	49	software = {
	50	name = "YOURLS";
	51	website = "http://yourls.org/";
	52	license.url = "https://github.com/YOURLS/YOURLS/blob/master/LICENSE";
	53	license.name = "MIT License";
	54	version = webRoot.version;
	55	source.url = "https://github.com/YOURLS/YOURLS";
	56	modules = map (a: a.pluginName) webRoot.plugins;
	57	};
	58	};
da30ae4f	59	webRoot = (yourls.override { yourls_config = config.secrets.fullPaths."webapps/tools-yourls"; }).withPlugins (p: [p.ldap]);
b44b42a1 IB	60	apache = rec {
	61	user = "wwwrun";
	62	group = "wwwrun";
	63	modules = [ "proxy_fcgi" ];
750fe5a4	64	root = webRoot;
5400b9b6	65	vhostConf = socket: ''
b44b42a1 IB	66	Alias /url "${root}"
	67	<Directory "${root}">
	68	<FilesMatch "\.php$">
5400b9b6	69	SetHandler "proxy:unix:${socket}\|fcgi://localhost"
b44b42a1	70	</FilesMatch>
133ebaee	71
b44b42a1 IB	72	AllowOverride None
	73	Require all granted
	74	<IfModule mod_rewrite.c>
	75	RewriteEngine On
	76	RewriteBase /url/
	77	RewriteCond %{REQUEST_FILENAME} !-f
	78	RewriteCond %{REQUEST_FILENAME} !-d
	79	RewriteRule ^.*$ /url/yourls-loader.php [L]
	80	</IfModule>
	81	DirectoryIndex index.php
	82	</Directory>
	83	'';
	84	};
	85	phpFpm = rec {
	86	serviceDeps = [ "mysql.service" "openldap.service" ];
	87	basedir = builtins.concatStringsSep ":" (
da30ae4f	88	[ webRoot config.secrets.fullPaths."webapps/tools-yourls" ]
b44b42a1	89	++ webRoot.plugins);
5400b9b6 IB	90	pool = {
	91	"listen.owner" = apache.user;
	92	"listen.group" = apache.group;
	93	"pm" = "ondemand";
	94	"pm.max_children" = "60";
	95	"pm.process_idle_timeout" = "60";
133ebaee	96
5400b9b6 IB	97	# Needed to avoid clashes in browser cookies (same domain)
5400b9b6 IB	98	"php_value[session.name]" = "YourlsPHPSESSID";
1a64deeb IB	99	"php_admin_value[session.save_handler]" = "redis";
	100	"php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Yourls:'";
	101	"php_admin_value[open_basedir]" = "${basedir}:/tmp";
5400b9b6	102	};
133ebaee	103	};
1a64deeb IB	104	monitoringPlugins = [ "http" ];
	105	monitoringObjects.service = [
	106	{
	107	service_description = "yourl website is running on tools.immae.eu";
	108	host_name = config.hostEnv.fqdn;
	109	use = "external-web-service";
	110	check_command = ["check_https" "tools.immae.eu" "/url/admin/" "<title>YOURLS"];
	111
	112	servicegroups = "webstatus-webapps";
	113	_webstatus_name = "YOURLS";
	114	_webstatus_url = "https://tools.immae.eu/url/admin/";
	115	}
	116
	117	];
b44b42a1	118	}