]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - nixops/modules/websites/tools/dav/davical.nix
projects / perso / Immae / Config / Nix.git / blob
? search:


4e464ebfda106da940bfeaf1749795a8604728d5
[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / dav / davical.nix
1 { stdenv, fetchurl, gettext, writeText, env }:
2 let
3 awl = stdenv.mkDerivation rec {
4 version = "0.59";
5 name = "awl-${version}";
6 src = fetchurl {
7 url = "https://www.davical.org/downloads/awl_${version}.orig.tar.xz";
8 sha256 = "01b7km7ga3ggbpp8axkc55nizgk5c35fl2z93iydb3hwbxmsvnjp";
9 };
10 unpackCmd = ''
11 tar --one-top-level -xf $curSrc
12 '';
13 installPhase = ''
14 mkdir -p $out
15 cp -ra dba docs inc scripts tests $out
16 '';
17 };
18 davical = rec {
19 keys."dav-davical" = {
20 destDir = "/run/keys/webapps";
21 user = apache.user;
22 group = apache.group;
23 permissions = "0700";
24 text = ''
25 <?php
26 $c->pg_connect[] = "dbname=${env.postgresql.database} user=${env.postgresql.user} host=${env.postgresql.socket} password=${env.postgresql.password}";
27
28 $c->readonly_webdav_collections = false;
29
30 $c->admin_email ='davical@tools.immae.eu';
31
32 $c->restrict_setup_to_admin = true;
33
34 $c->collections_always_exist = false;
35
36 $c->external_refresh = 60;
37
38 $c->enable_scheduling = true;
39
40 $c->iMIP = (object) array("send_email" => true);
41
42 $c->authenticate_hook['optional'] = false;
43 $c->authenticate_hook['call'] = 'LDAP_check';
44 $c->authenticate_hook['config'] = array(
45 'host' => 'ldap.immae.eu',
46 'port' => '389',
47 'startTLS' => 'yes',
48 'bindDN'=> 'cn=davical,ou=services,dc=immae,dc=eu',
49 'passDN'=> '${env.ldap.password}',
50 'protocolVersion' => '3',
51 'baseDNUsers'=> array('ou=users,dc=immae,dc=eu', 'ou=group_users,dc=immae,dc=eu'),
52 'filterUsers' => 'memberOf=cn=users,cn=davical,ou=services,dc=immae,dc=eu',
53 'baseDNGroups' => 'ou=groups,dc=immae,dc=eu',
54 'filterGroups' => 'memberOf=cn=groups,cn=davical,ou=services,dc=immae,dc=eu',
55 'mapping_field' => array(
56 "username" => "uid",
57 "fullname" => "cn",
58 "email" => "mail",
59 "modified" => "modifyTimestamp",
60 ),
61 'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)),
62 /** used to set default value for all users, will be overcharged by ldap if defined also in mapping_field **/
63 // 'default_value' => array("date_format_type" => "E","locale" => "fr_FR"),
64 'group_mapping_field' => array(
65 "username" => "cn",
66 "updated" => "modifyTimestamp",
67 "fullname" => "givenName",
68 "displayname" => "givenName",
69 "members" => "memberUid",
70 "email" => "mail",
71 ),
72 );
73
74 $c->do_not_sync_from_ldap = array('admin' => true);
75 include('drivers_ldap.php');
76 '';
77 };
78 webapp = stdenv.mkDerivation rec {
79 version = "1.1.7";
80 name = "davical-${version}";
81 src = fetchurl {
82 url = "https://www.davical.org/downloads/davical_${version}.orig.tar.xz";
83 sha256 = "1ar5m2dxr92b204wkdi8z33ir9vz2jbh5k1p74icpv9ywifvjjp9";
84 };
85 unpackCmd = ''
86 tar --one-top-level -xf $curSrc
87 '';
88 makeFlags = "all";
89 patches = [ ./davical_19eb79ebf9250e5f339675319902458c40ed1755.patch ];
90 installPhase = ''
91 mkdir -p $out
92 cp -ra config dba docs htdocs inc locale po scripts testing zonedb $out
93 ln -s /run/keys/webapps/dav-davical $out/config/config.php
94 '';
95 buildInputs = [ gettext ];
96 };
97 webRoot = "${webapp}/htdocs";
98 apache = rec {
99 user = "wwwrun";
100 group = "wwwrun";
101 modules = [ "proxy_fcgi" ];
102 webappName = "tools_davical";
103 root = "/run/current-system/webapps/${webappName}";
104 vhostConf = ''
105 Alias /davical "${root}"
106 Alias /caldav.php "${root}/caldav.php"
107 <Directory "${root}">
108 DirectoryIndex index.php index.html
109 AcceptPathInfo On
110 AllowOverride None
111 Require all granted
112
113 <FilesMatch "\.php$">
114 CGIPassAuth on
115 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
116 </FilesMatch>
117
118 RewriteEngine On
119 <IfModule mod_headers.c>
120 Header unset Access-Control-Allow-Origin
121 Header unset Access-Control-Allow-Methods
122 Header unset Access-Control-Allow-Headers
123 Header unset Access-Control-Allow-Credentials
124 Header unset Access-Control-Expose-Headers
125
126 Header always set Access-Control-Allow-Origin "*"
127 Header always set Access-Control-Allow-Methods "GET,POST,OPTIONS,PROPFIND,PROPPATCH,REPORT,PUT,MOVE,DELETE,LOCK,UNLOCK"
128 Header always set Access-Control-Allow-Headers "User-Agent,Authorization,Content-type,Depth,If-match,If-None-Match,Lock-Token,Timeout,Destination,Overwrite,Prefer,X-client,X-Requested-With"
129 Header always set Access-Control-Allow-Credentials false
130 Header always set Access-Control-Expose-Headers "Etag,Preference-Applied"
131
132 RewriteCond %{HTTP:Access-Control-Request-Method} !^$
133 RewriteCond %{REQUEST_METHOD} OPTIONS
134 RewriteRule ^(.*)$ $1 [R=200,L]
135 </IfModule>
136 </Directory>
137 '';
138 };
139 phpFpm = rec {
140 serviceDeps = [ "postgresql.service" "openldap.service" "dav-davical-key.service" ];
141 basedir = builtins.concatStringsSep ":" [ webapp "/run/keys/webapps/dav-davical" awl ];
142 socket = "/var/run/phpfpm/davical.sock";
143 pool = ''
144 listen = ${socket}
145 user = ${apache.user}
146 group = ${apache.group}
147 listen.owner = ${apache.user}
148 listen.group = ${apache.group}
149 pm = dynamic
150 pm.max_children = 60
151 pm.start_servers = 2
152 pm.min_spare_servers = 1
153 pm.max_spare_servers = 10
154
155 ; Needed to avoid clashes in browser cookies (same domain)
156 php_value[session.name] = DavicalPHPSESSID
157 php_admin_value[open_basedir] = "${basedir}:/tmp"
158 php_admin_value[include_path] = "${awl}/inc:${webapp}/inc"
159 php_admin_value[session.save_path] = "/var/lib/php/sessions/davical"
160 php_flag[magic_quotes_gpc] = Off
161 php_flag[register_globals] = Off
162 php_admin_value[error_reporting] = "E_ALL & ~E_NOTICE"
163 php_admin_value[default_charset] = "utf-8"
164 php_flag[magic_quotes_runtime] = Off
165 '';
166 };
167 };
168 in
169 davical
My infrastructure configuration