modules/private/websites/tools/tools/rompr.nix

   1 { lib, env, rompr }:
   2 rec {
   3   backups = {
   4     rootDir = varDir;
   5   };
   6   varDir = "/var/lib/rompr";
   7   activationScript = ''
   8     install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
   9       ${varDir}/prefs ${varDir}/albumart ${varDir}/phpSessions
  10   '';
  11   webRoot = rompr;
  12   apache = rec {
  13     user = "wwwrun";
  14     group = "wwwrun";
  15     modules = [ "headers" "mime" "proxy_fcgi" ];
  16     webappName = "tools_rompr";
  17     root = "/run/current-system/webapps/${webappName}";
  18     vhostConf = ''
  19       Alias /rompr ${root}
  20
  21       <Directory ${root}>
  22         Options Indexes FollowSymLinks
  23         DirectoryIndex index.php
  24         AllowOverride all
  25         Require all granted
  26         Order allow,deny
  27         Allow from all
  28         ErrorDocument 404 /rompr/404.php
  29         AddType image/x-icon .ico
  30
  31         <FilesMatch "\.php$">
  32           SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
  33         </FilesMatch>
  34       </Directory>
  35
  36       <Directory ${root}/albumart/small>
  37           Header Set Cache-Control "max-age=0, no-store"
  38           Header Set Cache-Control "no-cache, must-revalidate"
  39       </Directory>
  40
  41       <Directory ${root}/albumart/asdownloaded>
  42           Header Set Cache-Control "max-age=0, no-store"
  43           Header Set Cache-Control "no-cache, must-revalidate"
  44       </Directory>
  45
  46       <LocationMatch "^/rompr">
  47         Use LDAPConnect
  48         Require ldap-group   cn=users,cn=mpd,ou=services,dc=immae,dc=eu
  49       </LocationMatch>
  50       '';
  51   };
  52   phpFpm = rec {
  53     basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
  54     socket = "/var/run/phpfpm/rompr.sock";
  55     pool = ''
  56       user = ${apache.user}
  57       group = ${apache.group}
  58       listen.owner = ${apache.user}
  59       listen.group = ${apache.group}
  60       pm = ondemand
  61       pm.max_children = 60
  62       pm.process_idle_timeout = 60
  63
  64       ; Needed to avoid clashes in browser cookies (same domain)
  65       php_value[session.name] = RomprPHPSESSID
  66       php_admin_value[open_basedir] = "${basedir}:/tmp"
  67       php_admin_value[session.save_path] = "${varDir}/phpSessions"
  68       php_flag[magic_quotes_gpc] = Off
  69       php_flag[track_vars] = On
  70       php_flag[register_globals] = Off
  71       php_admin_flag[allow_url_fopen] = On
  72       php_value[include_path] = ${webRoot}
  73       php_admin_value[upload_tmp_dir] = "${varDir}/prefs"
  74       php_admin_value[post_max_size] = 32M
  75       php_admin_value[upload_max_filesize] = 32M
  76       php_admin_value[memory_limit] = 256M
  77       '';
  78   };
  79 }