modules/private/websites/tools/tools/adminer.nix

   1 { adminer, php74, php74base, myPhpPackages, lib, forcePhpSocket ? null }:
   2 rec {
   3   activationScript = {
   4     deps = [ "httpd" ];
   5     text = ''
   6       install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/adminer
   7       '';
   8   };
   9   webRoot = adminer;
  10   phpFpm = rec {
  11     user = apache.user;
  12     group = apache.group;
  13     phpPackage = php74base.withExtensions (e: (lib.remove e.mysqli php74.enabledExtensions) ++ [myPhpPackages.mysqli_pam]);
  14     settings = {
  15       "listen.owner" = apache.user;
  16       "listen.group" = apache.group;
  17       "pm" = "ondemand";
  18       "pm.max_children" = "5";
  19       "pm.process_idle_timeout" = "60";
  20       #"php_admin_flag[log_errors]" = "on";
  21       # Needed to avoid clashes in browser cookies (same domain)
  22       "php_value[session.name]" = "AdminerPHPSESSID";
  23       "php_admin_value[open_basedir]" = "${webRoot}:/tmp:/var/lib/php/sessions/adminer";
  24       "php_admin_value[session.save_path]" = "/var/lib/php/sessions/adminer";
  25     };
  26   };
  27   apache = rec {
  28     user = "wwwrun";
  29     group = "wwwrun";
  30     modules = [ "proxy_fcgi" ];
  31     webappName = "_adminer";
  32     root = "/run/current-system/webapps/${webappName}";
  33     vhostConf = socket: ''
  34       Alias /adminer ${root}
  35       <Directory ${root}>
  36         DirectoryIndex index.php
  37         <FilesMatch "\.php$">
  38           SetHandler "proxy:unix:${if forcePhpSocket != null then forcePhpSocket else socket}|fcgi://localhost"
  39         </FilesMatch>
  40
  41         Use LDAPConnect
  42         Require ldap-group cn=users,cn=mysql,cn=pam,ou=services,dc=immae,dc=eu
  43         Require ldap-group cn=users,cn=postgresql,cn=pam,ou=services,dc=immae,dc=eu
  44       </Directory>
  45       '';
  46   };
  47 }