modules/private/websites/tools/tools/rompr.nix

   1 { lib, env, rompr }:
   2 rec {
   3   backups = {
   4     rootDir = varDir;
   5   };
   6   varDir = "/var/lib/rompr";
   7   activationScript = ''
   8     install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
   9       ${varDir}/prefs ${varDir}/albumart ${varDir}/phpSessions
  10   '';
  11   webRoot = rompr;
  12   apache = rec {
  13     user = "wwwrun";
  14     group = "wwwrun";
  15     modules = [ "headers" "mime" "proxy_fcgi" ];
  16     webappName = "tools_rompr";
  17     root = "/run/current-system/webapps/${webappName}";
  18     vhostConf = socket: ''
  19       Alias /rompr ${root}
  20
  21       <Directory ${root}>
  22         Options Indexes FollowSymLinks
  23         DirectoryIndex index.php
  24         AllowOverride all
  25         Require all granted
  26         Order allow,deny
  27         Allow from all
  28         ErrorDocument 404 /rompr/404.php
  29         AddType image/x-icon .ico
  30
  31         <FilesMatch "\.php$">
  32           SetHandler "proxy:unix:${socket}|fcgi://localhost"
  33         </FilesMatch>
  34       </Directory>
  35
  36       <Directory ${root}/albumart/small>
  37           Header Set Cache-Control "max-age=0, no-store"
  38           Header Set Cache-Control "no-cache, must-revalidate"
  39       </Directory>
  40
  41       <Directory ${root}/albumart/asdownloaded>
  42           Header Set Cache-Control "max-age=0, no-store"
  43           Header Set Cache-Control "no-cache, must-revalidate"
  44       </Directory>
  45
  46       <LocationMatch "^/rompr">
  47         Use LDAPConnect
  48         Require ldap-group   cn=users,cn=mpd,ou=services,dc=immae,dc=eu
  49       </LocationMatch>
  50       '';
  51   };
  52   phpFpm = rec {
  53     basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
  54     pool = {
  55       "listen.owner" = apache.user;
  56       "listen.group" = apache.group;
  57       "pm" = "ondemand";
  58       "pm.max_children" = "60";
  59       "pm.process_idle_timeout" = "60";
  60
  61       # Needed to avoid clashes in browser cookies (same domain)
  62       "php_value[session.name]" = "RomprPHPSESSID";
  63       "php_admin_value[open_basedir]" = "${basedir}:/tmp";
  64       "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
  65       "php_flag[magic_quotes_gpc]" = "Off";
  66       "php_flag[track_vars]" = "On";
  67       "php_flag[register_globals]" = "Off";
  68       "php_admin_flag[allow_url_fopen]" = "On";
  69       "php_value[include_path]" = "${webRoot}";
  70       "php_admin_value[upload_tmp_dir]" = "${varDir}/prefs";
  71       "php_admin_value[post_max_size]" = "32M";
  72       "php_admin_value[upload_max_filesize]" = "32M";
  73       "php_admin_value[memory_limit]" = "256M";
  74     };
  75   };
  76 }