[perso/Immae/Config/Nix.git] / virtual / packages / davical.nix

{ stdenv, fetchurl, gettext, writeText, checkEnv }:
let
  awl = stdenv.mkDerivation rec {
    version = "0.59";
    name = "awl-${version}";
    src = fetchurl {
      url = "https://www.davical.org/downloads/awl_${version}.orig.tar.xz";
      sha256 = "01b7km7ga3ggbpp8axkc55nizgk5c35fl2z93iydb3hwbxmsvnjp";
    };
    unpackCmd = ''
      tar --one-top-level -xf $curSrc
    '';
    installPhase = ''
      mkdir -p $out
      cp -ra dba docs inc scripts tests $out
    '';
  };
  # FIXME: e-mail sending
  davical = rec {
    config =
      assert checkEnv "NIXOPS_DAVICAL_DB_PASSWORD";
      assert checkEnv "NIXOPS_DAVICAL_LDAP_PASSWORD";
      writeText "davical_config.php" ''
        <?php
        $c->pg_connect[] = "dbname=davical user=davical_app host=db-1.immae.eu password=${builtins.getEnv "NIXOPS_DAVICAL_DB_PASSWORD"}";

        $c->readonly_webdav_collections = false;

        $c->admin_email ='davical@immae.eu';

        $c->restrict_setup_to_admin = true;

        $c->collections_always_exist = false;

        $c->external_refresh = 60;

        $c->enable_scheduling = true;

        $c->iMIP = (object) array("send_email" => true);

        $c->authenticate_hook['optional'] = false;
        $c->authenticate_hook['call'] = 'LDAP_check';
        $c->authenticate_hook['config'] = array(
            'host' => 'ldap.immae.eu',
            'port' => '389',
            'startTLS' => 'yes',
            'bindDN'=> 'cn=davical,ou=services,dc=immae,dc=eu',
            'passDN'=> '${builtins.getEnv "NIXOPS_DAVICAL_LDAP_PASSWORD"}',
            'protocolVersion' => '3',
            'baseDNUsers'=> array('ou=users,dc=immae,dc=eu', 'ou=group_users,dc=immae,dc=eu'),
            'filterUsers' => 'memberOf=cn=users,cn=davical,ou=services,dc=immae,dc=eu',
            'baseDNGroups' => 'ou=groups,dc=immae,dc=eu',
            'filterGroups' => 'memberOf=cn=groups,cn=davical,ou=services,dc=immae,dc=eu',
            'mapping_field' => array(
              "username" => "uid",
              "fullname" => "cn",
              "email"    => "mail",
              "modified" => "modifyTimestamp",
            ),
            'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)),
              /** used to set default value for all users, will be overcharged by ldap if defined also in mapping_field **/
        //    'default_value' => array("date_format_type" => "E","locale" => "fr_FR"),
            'group_mapping_field' => array(
              "username"    => "cn",
              "updated"     => "modifyTimestamp",
              "fullname"    => "givenName",
              "displayname" => "givenName",
              "members"     => "memberUid",
              "email"       => "mail",
            ),
          );

        $c->do_not_sync_from_ldap = array('admin' => true);
        include('drivers_ldap.php');
      '';
    webapp = stdenv.mkDerivation rec {
      version = "1.1.7";
      name = "davical-${version}";
      src = fetchurl {
        url = "https://www.davical.org/downloads/davical_${version}.orig.tar.xz";
        sha256 = "1ar5m2dxr92b204wkdi8z33ir9vz2jbh5k1p74icpv9ywifvjjp9";
      };
      unpackCmd = ''
        tar --one-top-level -xf $curSrc
      '';
      makeFlags = "all";
      patches = [ ./davical_19eb79ebf9250e5f339675319902458c40ed1755.patch ];
      installPhase = ''
        mkdir -p $out
        cp -ra config dba docs htdocs inc locale po scripts testing zonedb $out
        ln -s ${config} $out/config/config.php
      '';
      buildInputs = [ gettext ];
    };
    webRoot = "${webapp}/htdocs";
    apache = {
      user = "wwwrun";
      group = "wwwrun";
      vhostConf = ''
        Alias /davical "${webRoot}"
        Alias /caldav.php  "${webRoot}/caldav.php"
        <Directory "${webRoot}">
          DirectoryIndex index.php index.html
          AcceptPathInfo On
          AllowOverride None
          Require all granted

          <FilesMatch "\.php$">
            CGIPassAuth on
            SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
          </FilesMatch>

          RewriteEngine On
          <IfModule mod_headers.c>
                  Header unset Access-Control-Allow-Origin
                  Header unset Access-Control-Allow-Methods
                  Header unset Access-Control-Allow-Headers
                  Header unset Access-Control-Allow-Credentials
                  Header unset Access-Control-Expose-Headers

                  Header always set Access-Control-Allow-Origin "*"
                  Header always set Access-Control-Allow-Methods "GET,POST,OPTIONS,PROPFIND,PROPPATCH,REPORT,PUT,MOVE,DELETE,LOCK,UNLOCK"
                  Header always set Access-Control-Allow-Headers "User-Agent,Authorization,Content-type,Depth,If-match,If-None-Match,Lock-Token,Timeout,Destination,Overwrite,Prefer,X-client,X-Requested-With"
                  Header always set Access-Control-Allow-Credentials false
                  Header always set Access-Control-Expose-Headers "Etag,Preference-Applied"

                  RewriteCond %{HTTP:Access-Control-Request-Method} !^$
                  RewriteCond %{REQUEST_METHOD} OPTIONS
                  RewriteRule ^(.*)$ $1 [R=200,L]
          </IfModule>
        </Directory>
        '';
    };
    phpFpm = rec {
      basedir = builtins.concatStringsSep ":" [ webapp config awl ];
      socket = "/var/run/phpfpm/davical.sock";
      pool = ''
        listen = ${socket}
        user = ${apache.user}
        group = ${apache.group}
        listen.owner = ${apache.user}
        listen.group = ${apache.group}
        pm = dynamic
        pm.max_children = 60
        pm.start_servers = 2
        pm.min_spare_servers = 1
        pm.max_spare_servers = 10

        ; Needed to avoid clashes in browser cookies (same domain)
        php_value[session.name] = DavicalPHPSESSID
        php_admin_value[open_basedir] = "${basedir}:/tmp"
        php_admin_value[include_path] = "${awl}/inc:${webapp}/inc"
        php_admin_value[session.save_path] = "/var/lib/php/sessions/davical"
        php_flag[magic_quotes_gpc] = Off
        php_flag[register_globals] = Off
        php_admin_value[error_reporting] = "E_ALL & ~E_NOTICE"
        php_admin_value[default_charset] = "utf-8"
        php_flag[magic_quotes_runtime] = Off
        '';
    };
  };
in
  davical
Commit	Line	Data
d9998b44 IB	1	{ stdenv, fetchurl, gettext, writeText, checkEnv }:
	2	let
	3	awl = stdenv.mkDerivation rec {
	4	version = "0.59";
	5	name = "awl-${version}";
	6	src = fetchurl {
	7	url = "https://www.davical.org/downloads/awl_${version}.orig.tar.xz";
	8	sha256 = "01b7km7ga3ggbpp8axkc55nizgk5c35fl2z93iydb3hwbxmsvnjp";
	9	};
	10	unpackCmd = ''
	11	tar --one-top-level -xf $curSrc
	12	'';
	13	installPhase = ''
	14	mkdir -p $out
	15	cp -ra dba docs inc scripts tests $out
	16	'';
	17	};
	18	# FIXME: e-mail sending
	19	davical = rec {
	20	config =
	21	assert checkEnv "NIXOPS_DAVICAL_DB_PASSWORD";
	22	assert checkEnv "NIXOPS_DAVICAL_LDAP_PASSWORD";
	23	writeText "davical_config.php" ''
	24	<?php
	25	$c->pg_connect[] = "dbname=davical user=davical_app host=db-1.immae.eu password=${builtins.getEnv "NIXOPS_DAVICAL_DB_PASSWORD"}";
	26
	27	$c->readonly_webdav_collections = false;
	28
	29	$c->admin_email ='davical@immae.eu';
	30
	31	$c->restrict_setup_to_admin = true;
	32
	33	$c->collections_always_exist = false;
	34
	35	$c->external_refresh = 60;
	36
	37	$c->enable_scheduling = true;
	38
	39	$c->iMIP = (object) array("send_email" => true);
	40
	41	$c->authenticate_hook['optional'] = false;
	42	$c->authenticate_hook['call'] = 'LDAP_check';
	43	$c->authenticate_hook['config'] = array(
	44	'host' => 'ldap.immae.eu',
	45	'port' => '389',
	46	'startTLS' => 'yes',
	47	'bindDN'=> 'cn=davical,ou=services,dc=immae,dc=eu',
	48	'passDN'=> '${builtins.getEnv "NIXOPS_DAVICAL_LDAP_PASSWORD"}',
	49	'protocolVersion' => '3',
	50	'baseDNUsers'=> array('ou=users,dc=immae,dc=eu', 'ou=group_users,dc=immae,dc=eu'),
	51	'filterUsers' => 'memberOf=cn=users,cn=davical,ou=services,dc=immae,dc=eu',
	52	'baseDNGroups' => 'ou=groups,dc=immae,dc=eu',
	53	'filterGroups' => 'memberOf=cn=groups,cn=davical,ou=services,dc=immae,dc=eu',
	54	'mapping_field' => array(
	55	"username" => "uid",
	56	"fullname" => "cn",
	57	"email" => "mail",
	58	"modified" => "modifyTimestamp",
	59	),
	60	'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)),
	61	/ used to set default value for all users, will be overcharged by ldap if defined also in mapping_field /
	62	// 'default_value' => array("date_format_type" => "E","locale" => "fr_FR"),
	63	'group_mapping_field' => array(
	64	"username" => "cn",
65	"updated" => "modifyTimestamp",
66	"fullname" => "givenName",
67	"displayname" => "givenName",
68	"members" => "memberUid",
69	"email" => "mail",
70	),
71	);
72
73	$c->do_not_sync_from_ldap = array('admin' => true);
74	include('drivers_ldap.php');
75	'';
76	webapp = stdenv.mkDerivation rec {
77	version = "1.1.7";
78	name = "davical-${version}";
79	src = fetchurl {
80	url = "https://www.davical.org/downloads/davical_${version}.orig.tar.xz";
81	sha256 = "1ar5m2dxr92b204wkdi8z33ir9vz2jbh5k1p74icpv9ywifvjjp9";
82	};
83	unpackCmd = ''
84	tar --one-top-level -xf $curSrc
85	'';
86	makeFlags = "all";
87	patches = [ ./davical_19eb79ebf9250e5f339675319902458c40ed1755.patch ];
88	installPhase = ''
89	mkdir -p $out
90	cp -ra config dba docs htdocs inc locale po scripts testing zonedb $out
91	ln -s ${config} $out/config/config.php
92	'';
93	buildInputs = [ gettext ];
94	};
95	webRoot = "${webapp}/htdocs";
96	apache = {
97	user = "wwwrun";
98	group = "wwwrun";
99	vhostConf = ''
100	Alias /davical "${webRoot}"
101	Alias /caldav.php "${webRoot}/caldav.php"
102	<Directory "${webRoot}">
103	DirectoryIndex index.php index.html
104	AcceptPathInfo On
105	AllowOverride None
106	Require all granted
107
108	<FilesMatch "\.php$">
109	CGIPassAuth on
110	SetHandler "proxy:unix:${phpFpm.socket}\|fcgi://localhost"
111	</FilesMatch>
112
113	RewriteEngine On
114	<IfModule mod_headers.c>
115	Header unset Access-Control-Allow-Origin
116	Header unset Access-Control-Allow-Methods
117	Header unset Access-Control-Allow-Headers
118	Header unset Access-Control-Allow-Credentials
119	Header unset Access-Control-Expose-Headers
120
121	Header always set Access-Control-Allow-Origin "*"
122	Header always set Access-Control-Allow-Methods "GET,POST,OPTIONS,PROPFIND,PROPPATCH,REPORT,PUT,MOVE,DELETE,LOCK,UNLOCK"
123	Header always set Access-Control-Allow-Headers "User-Agent,Authorization,Content-type,Depth,If-match,If-None-Match,Lock-Token,Timeout,Destination,Overwrite,Prefer,X-client,X-Requested-With"
124	Header always set Access-Control-Allow-Credentials false
125	Header always set Access-Control-Expose-Headers "Etag,Preference-Applied"
126
127	RewriteCond %{HTTP:Access-Control-Request-Method} !^$
128	RewriteCond %{REQUEST_METHOD} OPTIONS
129	RewriteRule ^(.*)$ $1 [R=200,L]
130	</IfModule>
131	</Directory>
132	'';
133	};
134	phpFpm = rec {
135	basedir = builtins.concatStringsSep ":" [ webapp config awl ];
136	socket = "/var/run/phpfpm/davical.sock";
137	pool = ''
138	listen = ${socket}
139	user = ${apache.user}
140	group = ${apache.group}
141	listen.owner = ${apache.user}
142	listen.group = ${apache.group}
143	pm = dynamic
144	pm.max_children = 60
145	pm.start_servers = 2
146	pm.min_spare_servers = 1
147	pm.max_spare_servers = 10
148
149	; Needed to avoid clashes in browser cookies (same domain)
150	php_value[session.name] = DavicalPHPSESSID
151	php_admin_value[open_basedir] = "${basedir}:/tmp"
152	php_admin_value[include_path] = "${awl}/inc:${webapp}/inc"
153	php_admin_value[session.save_path] = "/var/lib/php/sessions/davical"
154	php_flag[magic_quotes_gpc] = Off
155	php_flag[register_globals] = Off
156	php_admin_value[error_reporting] = "E_ALL & ~E_NOTICE"
157	php_admin_value[default_charset] = "utf-8"
158	php_flag[magic_quotes_runtime] = Off
159	'';
160	};
161	};
162	in
163	davical