modules/private/websites/tools/tools/rompr.nix

   1 { lib, env, rompr }:
   2 rec {
   3   varDir = "/var/lib/rompr";
   4   activationScript = ''
   5     install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
   6       ${varDir}/prefs ${varDir}/albumart ${varDir}/phpSessions
   7   '';
   8   webRoot = rompr;
   9   apache = rec {
  10     user = "wwwrun";
  11     group = "wwwrun";
  12     modules = [ "headers" "mime" "proxy_fcgi" ];
  13     root = webRoot;
  14     vhostConf = socket: ''
  15       Alias /rompr ${root}
  16
  17       <Directory ${root}>
  18         Options Indexes FollowSymLinks
  19         DirectoryIndex index.php
  20         AllowOverride all
  21         Require all granted
  22         Order allow,deny
  23         Allow from all
  24         ErrorDocument 404 /rompr/404.php
  25         AddType image/x-icon .ico
  26
  27         <FilesMatch "\.php$">
  28           SetHandler "proxy:unix:${socket}|fcgi://localhost"
  29         </FilesMatch>
  30       </Directory>
  31
  32       <Directory ${root}/albumart/small>
  33           Header Set Cache-Control "max-age=0, no-store"
  34           Header Set Cache-Control "no-cache, must-revalidate"
  35       </Directory>
  36
  37       <Directory ${root}/albumart/asdownloaded>
  38           Header Set Cache-Control "max-age=0, no-store"
  39           Header Set Cache-Control "no-cache, must-revalidate"
  40       </Directory>
  41
  42       <LocationMatch "^/rompr">
  43         Use LDAPConnect
  44         Require ldap-group   cn=users,cn=mpd,ou=services,dc=immae,dc=eu
  45       </LocationMatch>
  46       '';
  47   };
  48   phpFpm = rec {
  49     basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
  50     pool = {
  51       "listen.owner" = apache.user;
  52       "listen.group" = apache.group;
  53       "pm" = "ondemand";
  54       "pm.max_children" = "60";
  55       "pm.process_idle_timeout" = "60";
  56
  57       # Needed to avoid clashes in browser cookies (same domain)
  58       "php_value[session.name]" = "RomprPHPSESSID";
  59       "php_admin_value[open_basedir]" = "${basedir}:/tmp";
  60       "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
  61       "php_flag[magic_quotes_gpc]" = "Off";
  62       "php_flag[track_vars]" = "On";
  63       "php_flag[register_globals]" = "Off";
  64       "php_admin_flag[allow_url_fopen]" = "On";
  65       "php_value[include_path]" = "${webRoot}";
  66       "php_admin_value[upload_tmp_dir]" = "${varDir}/prefs";
  67       "php_admin_value[post_max_size]" = "32M";
  68       "php_admin_value[upload_max_filesize]" = "32M";
  69       "php_admin_value[memory_limit]" = "256M";
  70     };
  71   };
  72 }