modules/private/websites/tools/tools/yourls.nix

   1 { env, yourls, yourls-plugins }:
   2 rec {
   3   activationScript = {
   4     deps = [ "httpd" ];
   5     text = ''
   6       install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/yourls
   7     '';
   8   };
   9   keys = [{
  10     dest = "webapps/tools-yourls";
  11     user = apache.user;
  12     group = apache.group;
  13     permissions = "0400";
  14     text = ''
  15       <?php
  16       define( 'YOURLS_DB_USER', '${env.mysql.user}' );
  17       define( 'YOURLS_DB_PASS', '${env.mysql.password}' );
  18       define( 'YOURLS_DB_NAME', '${env.mysql.database}' );
  19       define( 'YOURLS_DB_HOST', '${env.mysql.host}' );
  20       define( 'YOURLS_DB_PREFIX', 'yourls_' );
  21       define( 'YOURLS_SITE', 'https://tools.immae.eu/url' );
  22       define( 'YOURLS_HOURS_OFFSET', 0 );
  23       define( 'YOURLS_LANG', ''' );
  24       define( 'YOURLS_UNIQUE_URLS', true );
  25       define( 'YOURLS_PRIVATE', true );
  26       define( 'YOURLS_COOKIEKEY', '${env.cookieKey}' );
  27       $yourls_user_passwords = array();
  28       define( 'YOURLS_DEBUG', false );
  29       define( 'YOURLS_URL_CONVERT', 36 );
  30       $yourls_reserved_URL = array();
  31       define( 'LDAPAUTH_HOST', 'ldaps://${env.ldap.host}' );
  32       define( 'LDAPAUTH_PORT', '636' );
  33       define( 'LDAPAUTH_BASE', '${env.ldap.base}' );
  34       define( 'LDAPAUTH_SEARCH_USER', '${env.ldap.dn}' );
  35       define( 'LDAPAUTH_SEARCH_PASS', '${env.ldap.password}' );
  36
  37       define( 'LDAPAUTH_GROUP_ATTR', 'memberof' );
  38       define( 'LDAPAUTH_GROUP_REQ', 'cn=admin,cn=yourls,ou=services,dc=immae,dc=eu');
  39
  40       define( 'LDAPAUTH_USERCACHE_TYPE', 0);
  41     '';
  42   }];
  43   webRoot = (yourls.override { yourls_config = "/var/secrets/webapps/tools-yourls"; }).withPlugins
  44     (builtins.attrValues yourls-plugins);
  45   apache = rec {
  46     user = "wwwrun";
  47     group = "wwwrun";
  48     modules = [ "proxy_fcgi" ];
  49     webappName = "tools_yourls";
  50     root = "/run/current-system/webapps/${webappName}";
  51     vhostConf = ''
  52       Alias /url "${root}"
  53       <Directory "${root}">
  54         <FilesMatch "\.php$">
  55           SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
  56         </FilesMatch>
  57
  58         AllowOverride None
  59         Require all granted
  60         <IfModule mod_rewrite.c>
  61           RewriteEngine On
  62           RewriteBase /url/
  63           RewriteCond %{REQUEST_FILENAME} !-f
  64           RewriteCond %{REQUEST_FILENAME} !-d
  65           RewriteRule ^.*$ /url/yourls-loader.php [L]
  66         </IfModule>
  67         DirectoryIndex index.php
  68       </Directory>
  69       '';
  70   };
  71   phpFpm = rec {
  72     serviceDeps = [ "mysql.service" "openldap.service" ];
  73     basedir = builtins.concatStringsSep ":" (
  74       [ webRoot "/var/secrets/webapps/tools-yourls" ]
  75       ++ webRoot.plugins);
  76     socket = "/var/run/phpfpm/yourls.sock";
  77     pool = ''
  78       user = ${apache.user}
  79       group = ${apache.group}
  80       listen.owner = ${apache.user}
  81       listen.group = ${apache.group}
  82       pm = ondemand
  83       pm.max_children = 60
  84       pm.process_idle_timeout = 60
  85
  86       ; Needed to avoid clashes in browser cookies (same domain)
  87       php_value[session.name] = YourlsPHPSESSID
  88       php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/yourls"
  89       php_admin_value[session.save_path] = "/var/lib/php/sessions/yourls"
  90       '';
  91   };
  92 }