modules/private/websites/tools/tools/shaarli.nix

   1 { lib, env, stdenv, fetchurl, shaarli, config }:
   2 let
   3   varDir = "/var/lib/shaarli";
   4 in rec {
   5   activationScript = ''
   6     install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
   7       ${varDir}/cache ${varDir}/pagecache ${varDir}/tmp ${varDir}/data \
   8       ${varDir}/phpSessions
   9     '';
  10   webRoot = shaarli varDir;
  11   apache = rec {
  12     user = "wwwrun";
  13     group = "wwwrun";
  14     modules =  [ "proxy_fcgi" "rewrite" "env" ];
  15     root = webRoot;
  16     vhostConf = socket: ''
  17       Alias /Shaarli "${root}"
  18
  19       Include ${config.secrets.fullPaths."webapps/tools-shaarli"}
  20       <Location /Shaarli>
  21         Header set Access-Control-Allow-Origin "*"
  22         Header set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
  23         Header set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization, Client-Security-Token, Accept-Encoding"
  24       </Location>
  25       <Directory "${root}">
  26         DirectoryIndex index.php index.htm index.html
  27         Options Indexes FollowSymLinks MultiViews Includes
  28         AllowOverride All
  29         Require all granted
  30         <FilesMatch "\.php$">
  31           SetHandler "proxy:unix:${socket}|fcgi://localhost"
  32         </FilesMatch>
  33       </Directory>
  34       '';
  35   };
  36   keys."webapps/tools-shaarli" = {
  37     user = apache.user;
  38     group = apache.group;
  39     permissions = "0400";
  40     text = ''
  41       SetEnv SHAARLI_LDAP_PASSWORD "${env.ldap.password}"
  42       SetEnv SHAARLI_LDAP_DN       "${env.ldap.dn}"
  43       SetEnv SHAARLI_LDAP_HOST     "ldaps://${env.ldap.host}"
  44       SetEnv SHAARLI_LDAP_BASE     "${env.ldap.base}"
  45       SetEnv SHAARLI_LDAP_FILTER   "${env.ldap.filter}"
  46       '';
  47   };
  48   phpFpm = rec {
  49     serviceDeps = [ "openldap.service" ];
  50     basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
  51     pool = {
  52       "listen.owner" = apache.user;
  53       "listen.group" = apache.group;
  54       "pm" = "ondemand";
  55       "pm.max_children" = "60";
  56       "pm.process_idle_timeout" = "60";
  57
  58       # Needed to avoid clashes in browser cookies (same domain)
  59       "php_value[session.name]" = "ShaarliPHPSESSID";
  60       "php_admin_value[open_basedir]" = "${basedir}:/tmp";
  61       "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
  62       "php_admin_value[upload_max_filesize]" = "200M";
  63       "php_admin_value[post_max_size]" = "200M";
  64     };
  65   };
  66 }