nixops/modules/websites/tools/tools/rompr.nix

   1 { lib, env, stdenv, fetchedGithub }:
   2 let
   3   rompr = let
   4   in rec {
   5     varDir = "/var/lib/rompr";
   6     activationScript = ''
   7       install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
   8         ${varDir}/prefs ${varDir}/albumart ${varDir}/phpSessions
   9     '';
  10     webRoot = stdenv.mkDerivation (fetchedGithub ./rompr.json // rec {
  11       installPhase = ''
  12         cp -a . $out
  13         ln -sf ${varDir}/prefs $out/prefs
  14         ln -sf ${varDir}/albumart $out/albumart
  15       '';
  16     });
  17     apache = rec {
  18       user = "wwwrun";
  19       group = "wwwrun";
  20       modules = [ "headers" "mime" "proxy_fcgi" ];
  21       webappName = "tools_rompr";
  22       root = "/run/current-system/webapps/${webappName}";
  23       vhostConf = ''
  24         Alias /rompr ${root}
  25
  26         <Directory ${root}>
  27           Options Indexes FollowSymLinks
  28           DirectoryIndex index.php
  29           AllowOverride all
  30           Require all granted
  31           Order allow,deny
  32           Allow from all
  33           ErrorDocument 404 /rompr/404.php
  34           AddType image/x-icon .ico
  35
  36           <FilesMatch "\.php$">
  37             SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
  38           </FilesMatch>
  39         </Directory>
  40
  41         <Directory ${root}/albumart/small>
  42             Header Set Cache-Control "max-age=0, no-store"
  43             Header Set Cache-Control "no-cache, must-revalidate"
  44         </Directory>
  45
  46         <Directory ${root}/albumart/asdownloaded>
  47             Header Set Cache-Control "max-age=0, no-store"
  48             Header Set Cache-Control "no-cache, must-revalidate"
  49         </Directory>
  50
  51         <LocationMatch "^/rompr">
  52           Use LDAPConnect
  53           Require ldap-group   cn=users,cn=mpd,ou=services,dc=immae,dc=eu
  54         </LocationMatch>
  55         '';
  56     };
  57     phpFpm = rec {
  58       basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
  59       socket = "/var/run/phpfpm/rompr.sock";
  60       pool = ''
  61         listen = ${socket}
  62         user = ${apache.user}
  63         group = ${apache.group}
  64         listen.owner = ${apache.user}
  65         listen.group = ${apache.group}
  66         pm = ondemand
  67         pm.max_children = 60
  68         pm.process_idle_timeout = 60
  69
  70         ; Needed to avoid clashes in browser cookies (same domain)
  71         php_value[session.name] = RomprPHPSESSID
  72         php_admin_value[open_basedir] = "${basedir}:/tmp"
  73         php_admin_value[session.save_path] = "${varDir}/phpSessions"
  74         php_flag[magic_quotes_gpc] = Off
  75         php_flag[track_vars] = On
  76         php_flag[register_globals] = Off
  77         php_admin_flag[allow_url_fopen] = On
  78         php_value[include_path] = ${webRoot}
  79         php_admin_value[upload_tmp_dir] = "${varDir}/prefs"
  80         php_admin_value[post_max_size] = 32M
  81         php_admin_value[upload_max_filesize] = 32M
  82         php_admin_value[memory_limit] = 256M
  83         '';
  84     };
  85   };
  86 in
  87   rompr