modules/private/websites/tools/mail/rainloop.nix

   1 { lib, rainloop, writeText, stdenv, fetchurl }:
   2 rec {
   3   varDir = "/var/lib/rainloop";
   4   activationScript = {
   5     deps = [ "wrappers" ];
   6     text = ''
   7       install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}
   8       install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
   9       install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/data
  10     '';
  11   };
  12   webRoot = rainloop.override { dataPath = "${varDir}/data"; };
  13   apache = rec {
  14     user = "wwwrun";
  15     group = "wwwrun";
  16     modules = [ "proxy_fcgi" ];
  17     root = webRoot;
  18     vhostConf = socket: ''
  19     Alias /rainloop "${root}"
  20     <Directory "${root}">
  21       DirectoryIndex index.php
  22       AllowOverride All
  23       Options -FollowSymlinks
  24       Require all granted
  25
  26       <FilesMatch "\.php$">
  27         SetHandler "proxy:unix:${socket}|fcgi://localhost"
  28       </FilesMatch>
  29     </Directory>
  30
  31     <DirectoryMatch "${root}/data">
  32       Require all denied
  33     </DirectoryMatch>
  34     '';
  35   };
  36   phpFpm = rec {
  37     serviceDeps = [ "postgresql.service" ];
  38     basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
  39     pool = {
  40       "listen.owner" = apache.user;
  41       "listen.group" = apache.group;
  42       "pm" = "ondemand";
  43       "pm.max_children" = "60";
  44       "pm.process_idle_timeout" = "60";
  45
  46       # Needed to avoid clashes in browser cookies (same domain)
  47       "php_value[session.name]" = "RainloopPHPSESSID";
  48       "php_admin_value[upload_max_filesize]" = "200M";
  49       "php_admin_value[post_max_size]" = "200M";
  50       "php_admin_value[open_basedir]" = "${basedir}:/tmp";
  51       "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
  52     };
  53   };
  54 }