modules/private/websites/tools/tools/adminer.nix

   1 { webapps, php74, myPhpPackages, lib, forcePhpSocket ? null }:
   2 rec {
   3   activationScript = {
   4     deps = [ "httpd" ];
   5     text = ''
   6       install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/adminer
   7       '';
   8   };
   9   webRoot = webapps.adminer;
  10   phpFpm = rec {
  11     user = apache.user;
  12     group = apache.group;
  13     phpPackage = php74.withExtensions ({ enabled, all }: (lib.remove all.mysqli enabled) ++ [myPhpPackages.mysqli_pam]);
  14     settings = {
  15       "listen.owner" = apache.user;
  16       "listen.group" = apache.group;
  17       "pm" = "ondemand";
  18       "pm.max_children" = "5";
  19       "pm.process_idle_timeout" = "60";
  20       #"php_admin_flag[log_errors]" = "on";
  21       # Needed to avoid clashes in browser cookies (same domain)
  22       "php_value[session.name]" = "AdminerPHPSESSID";
  23       "php_admin_value[open_basedir]" = "${webRoot}:/tmp:/var/lib/php/sessions/adminer";
  24       "php_admin_value[session.save_path]" = "/var/lib/php/sessions/adminer";
  25     };
  26   };
  27   apache = rec {
  28     user = "wwwrun";
  29     group = "wwwrun";
  30     modules = [ "proxy_fcgi" ];
  31     root = webRoot;
  32     vhostConf = socket: ''
  33       Alias /adminer ${webRoot}
  34       <Directory ${webRoot}>
  35         DirectoryIndex index.php
  36         <FilesMatch "\.php$">
  37           SetHandler "proxy:unix:${if forcePhpSocket != null then forcePhpSocket else socket}|fcgi://localhost"
  38         </FilesMatch>
  39
  40         Use LDAPConnect
  41         Require ldap-group cn=users,cn=mysql,cn=pam,ou=services,dc=immae,dc=eu
  42         Require ldap-group cn=users,cn=postgresql,cn=pam,ou=services,dc=immae,dc=eu
  43       </Directory>
  44       '';
  45   };
  46 }