]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/websites/tools/dav/davical.nix
Use niv for ldapvi
[perso/Immae/Config/Nix.git] / modules / private / websites / tools / dav / davical.nix
1 { stdenv, fetchurl, gettext, writeText, env, awl, davical }:
2 rec {
3 activationScript = {
4 deps = [ "httpd" ];
5 text = ''
6 install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/davical
7 '';
8 };
9 keys = [{
10 dest = "webapps/dav-davical";
11 user = apache.user;
12 group = apache.group;
13 permissions = "0400";
14 text = ''
15 <?php
16 $c->pg_connect[] = "dbname=${env.postgresql.database} user=${env.postgresql.user} host=${env.postgresql.socket} password=${env.postgresql.password}";
17
18 $c->readonly_webdav_collections = false;
19
20 $c->admin_email ='davical@tools.immae.eu';
21
22 $c->restrict_setup_to_admin = true;
23
24 $c->collections_always_exist = false;
25
26 $c->external_refresh = 60;
27
28 $c->enable_scheduling = true;
29
30 $c->iMIP = (object) array("send_email" => true);
31
32 $c->authenticate_hook['optional'] = false;
33 $c->authenticate_hook['call'] = 'LDAP_check';
34 $c->authenticate_hook['config'] = array(
35 'host' => '${env.ldap.host}',
36 'port' => '389',
37 'startTLS' => 'yes',
38 'bindDN'=> '${env.ldap.dn}',
39 'passDN'=> '${env.ldap.password}',
40 'protocolVersion' => '3',
41 'baseDNUsers'=> array('ou=users,${env.ldap.base}', 'ou=group_users,${env.ldap.base}'),
42 'filterUsers' => '${env.ldap.filter}',
43 'baseDNGroups' => 'ou=groups,${env.ldap.base}',
44 'filterGroups' => 'memberOf=cn=groups,${env.ldap.dn}',
45 'mapping_field' => array(
46 "username" => "uid",
47 "fullname" => "cn",
48 "email" => "mail",
49 "modified" => "modifyTimestamp",
50 ),
51 'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)),
52 /** used to set default value for all users, will be overcharged by ldap if defined also in mapping_field **/
53 // 'default_value' => array("date_format_type" => "E","locale" => "fr_FR"),
54 'group_mapping_field' => array(
55 "username" => "cn",
56 "updated" => "modifyTimestamp",
57 "fullname" => "givenName",
58 "displayname" => "givenName",
59 "members" => "memberUid",
60 "email" => "mail",
61 ),
62 );
63
64 $c->do_not_sync_from_ldap = array('admin' => true);
65 include('drivers_ldap.php');
66 '';
67 }];
68 webapp = davical.override { davical_config = "/var/secrets/webapps/dav-davical"; };
69 webRoot = "${webapp}/htdocs";
70 apache = rec {
71 user = "wwwrun";
72 group = "wwwrun";
73 modules = [ "proxy_fcgi" ];
74 webappName = "tools_davical";
75 root = "/run/current-system/webapps/${webappName}";
76 vhostConf = ''
77 Alias /davical "${root}"
78 Alias /caldav.php "${root}/caldav.php"
79 <Directory "${root}">
80 DirectoryIndex index.php index.html
81 AcceptPathInfo On
82 AllowOverride None
83 Require all granted
84
85 <FilesMatch "\.php$">
86 CGIPassAuth on
87 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
88 </FilesMatch>
89
90 RewriteEngine On
91 <IfModule mod_headers.c>
92 Header unset Access-Control-Allow-Origin
93 Header unset Access-Control-Allow-Methods
94 Header unset Access-Control-Allow-Headers
95 Header unset Access-Control-Allow-Credentials
96 Header unset Access-Control-Expose-Headers
97
98 Header always set Access-Control-Allow-Origin "*"
99 Header always set Access-Control-Allow-Methods "GET,POST,OPTIONS,PROPFIND,PROPPATCH,REPORT,PUT,MOVE,DELETE,LOCK,UNLOCK"
100 Header always set Access-Control-Allow-Headers "User-Agent,Authorization,Content-type,Depth,If-match,If-None-Match,Lock-Token,Timeout,Destination,Overwrite,Prefer,X-client,X-Requested-With"
101 Header always set Access-Control-Allow-Credentials false
102 Header always set Access-Control-Expose-Headers "Etag,Preference-Applied"
103
104 RewriteCond %{HTTP:Access-Control-Request-Method} !^$
105 RewriteCond %{REQUEST_METHOD} OPTIONS
106 RewriteRule ^(.*)$ $1 [R=200,L]
107 </IfModule>
108 </Directory>
109 '';
110 };
111 phpFpm = rec {
112 serviceDeps = [ "postgresql.service" "openldap.service" ];
113 basedir = builtins.concatStringsSep ":" [ webapp "/var/secrets/webapps/dav-davical" awl ];
114 socket = "/var/run/phpfpm/davical.sock";
115 pool = ''
116 listen = ${socket}
117 user = ${apache.user}
118 group = ${apache.group}
119 listen.owner = ${apache.user}
120 listen.group = ${apache.group}
121 pm = dynamic
122 pm.max_children = 60
123 pm.start_servers = 2
124 pm.min_spare_servers = 1
125 pm.max_spare_servers = 10
126
127 ; Needed to avoid clashes in browser cookies (same domain)
128 php_value[session.name] = DavicalPHPSESSID
129 php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/davical"
130 php_admin_value[include_path] = "${awl}/inc:${webapp}/inc"
131 php_admin_value[session.save_path] = "/var/lib/php/sessions/davical"
132 php_flag[magic_quotes_gpc] = Off
133 php_flag[register_globals] = Off
134 php_admin_value[error_reporting] = "E_ALL & ~E_NOTICE"
135 php_admin_value[default_charset] = "utf-8"
136 php_flag[magic_quotes_runtime] = Off
137 '';
138 };
139 }