nixops/modules/websites/tools/tools/rompr.nix

   1 { lib, env, rompr }:
   2 rec {
   3   varDir = "/var/lib/rompr";
   4   activationScript = ''
   5     install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
   6       ${varDir}/prefs ${varDir}/albumart ${varDir}/phpSessions
   7   '';
   8   webRoot = rompr;
   9   apache = rec {
  10     user = "wwwrun";
  11     group = "wwwrun";
  12     modules = [ "headers" "mime" "proxy_fcgi" ];
  13     webappName = "tools_rompr";
  14     root = "/run/current-system/webapps/${webappName}";
  15     vhostConf = ''
  16       Alias /rompr ${root}
  17
  18       <Directory ${root}>
  19         Options Indexes FollowSymLinks
  20         DirectoryIndex index.php
  21         AllowOverride all
  22         Require all granted
  23         Order allow,deny
  24         Allow from all
  25         ErrorDocument 404 /rompr/404.php
  26         AddType image/x-icon .ico
  27
  28         <FilesMatch "\.php$">
  29           SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
  30         </FilesMatch>
  31       </Directory>
  32
  33       <Directory ${root}/albumart/small>
  34           Header Set Cache-Control "max-age=0, no-store"
  35           Header Set Cache-Control "no-cache, must-revalidate"
  36       </Directory>
  37
  38       <Directory ${root}/albumart/asdownloaded>
  39           Header Set Cache-Control "max-age=0, no-store"
  40           Header Set Cache-Control "no-cache, must-revalidate"
  41       </Directory>
  42
  43       <LocationMatch "^/rompr">
  44         Use LDAPConnect
  45         Require ldap-group   cn=users,cn=mpd,ou=services,dc=immae,dc=eu
  46       </LocationMatch>
  47       '';
  48   };
  49   phpFpm = rec {
  50     basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
  51     socket = "/var/run/phpfpm/rompr.sock";
  52     pool = ''
  53       listen = ${socket}
  54       user = ${apache.user}
  55       group = ${apache.group}
  56       listen.owner = ${apache.user}
  57       listen.group = ${apache.group}
  58       pm = ondemand
  59       pm.max_children = 60
  60       pm.process_idle_timeout = 60
  61
  62       ; Needed to avoid clashes in browser cookies (same domain)
  63       php_value[session.name] = RomprPHPSESSID
  64       php_admin_value[open_basedir] = "${basedir}:/tmp"
  65       php_admin_value[session.save_path] = "${varDir}/phpSessions"
  66       php_flag[magic_quotes_gpc] = Off
  67       php_flag[track_vars] = On
  68       php_flag[register_globals] = Off
  69       php_admin_flag[allow_url_fopen] = On
  70       php_value[include_path] = ${webRoot}
  71       php_admin_value[upload_tmp_dir] = "${varDir}/prefs"
  72       php_admin_value[post_max_size] = 32M
  73       php_admin_value[upload_max_filesize] = 32M
  74       php_admin_value[memory_limit] = 256M
  75       '';
  76   };
  77 }