systems/eldiron/websites/dav/davical.nix

   1 { stdenv, fetchurl, gettext, writeText, env, awl, davical, config }:
   2 rec {
   3   keys."webapps/dav-davical" = {
   4     user = apache.user;
   5     group = apache.group;
   6     permissions = "0400";
   7     text = ''
   8       <?php
   9       $c->pg_connect[] = "dbname=${env.postgresql.database} user=${env.postgresql.user} host=${env.postgresql.socket} password=${env.postgresql.password}";
  10
  11       $c->readonly_webdav_collections = false;
  12
  13       $c->admin_email ='davical@tools.immae.eu';
  14
  15       $c->restrict_setup_to_admin = true;
  16
  17       $c->collections_always_exist = false;
  18
  19       $c->external_refresh = 60;
  20
  21       $c->enable_scheduling = true;
  22
  23       $c->iMIP = (object) array("send_email" => true);
  24
  25       $c->authenticate_hook['optional'] = false;
  26       $c->authenticate_hook['call'] = 'LDAP_check';
  27       $c->authenticate_hook['config'] = array(
  28           'host' => '${env.ldap.host}',
  29           'port' => '389',
  30           'startTLS' => 'yes',
  31           'bindDN'=> '${env.ldap.dn}',
  32           'passDN'=> '${env.ldap.password}',
  33           'protocolVersion' => '3',
  34           'baseDNUsers'=> array('ou=users,${env.ldap.base}', 'ou=group_users,${env.ldap.base}'),
  35           'filterUsers' => '${env.ldap.filter}',
  36           'baseDNGroups' => 'ou=groups,${env.ldap.base}',
  37           'filterGroups' => 'memberOf=cn=groups,${env.ldap.dn}',
  38           'mapping_field' => array(
  39             "username" => "uid",
  40             "fullname" => "cn",
  41             "email"    => "mail",
  42             "modified" => "modifyTimestamp",
  43           ),
  44           'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)),
  45             /** used to set default value for all users, will be overcharged by ldap if defined also in mapping_field **/
  46       //    'default_value' => array("date_format_type" => "E","locale" => "fr_FR"),
  47           'group_mapping_field' => array(
  48             "username"    => "cn",
  49             "updated"     => "modifyTimestamp",
  50             "fullname"    => "givenName",
  51             "displayname" => "givenName",
  52             "members"     => "memberUid",
  53             "email"       => "mail",
  54           ),
  55         );
  56
  57       $c->do_not_sync_from_ldap = array('admin' => true);
  58       include('drivers_ldap.php');
  59     '';
  60   };
  61   webapp = davical.override { davical_config = config.secrets.fullPaths."webapps/dav-davical"; };
  62   webRoot = "${webapp}/htdocs";
  63   apache = rec {
  64     user = "wwwrun";
  65     group = "wwwrun";
  66     modules = [ "proxy_fcgi" ];
  67     root = webRoot;
  68     vhostConf = socket: ''
  69       Alias /davical "${root}"
  70       Alias /caldav.php  "${root}/caldav.php"
  71       <Directory "${root}">
  72         DirectoryIndex index.php index.html
  73         AcceptPathInfo On
  74         AllowOverride None
  75         Require all granted
  76
  77         <FilesMatch "\.php$">
  78           CGIPassAuth on
  79           SetHandler "proxy:unix:${socket}|fcgi://localhost"
  80         </FilesMatch>
  81
  82         RewriteEngine On
  83         <IfModule mod_headers.c>
  84                 Header unset Access-Control-Allow-Origin
  85                 Header unset Access-Control-Allow-Methods
  86                 Header unset Access-Control-Allow-Headers
  87                 Header unset Access-Control-Allow-Credentials
  88                 Header unset Access-Control-Expose-Headers
  89
  90                 Header always set Access-Control-Allow-Origin "*"
  91                 Header always set Access-Control-Allow-Methods "GET,POST,OPTIONS,PROPFIND,PROPPATCH,REPORT,PUT,MOVE,DELETE,LOCK,UNLOCK"
  92                 Header always set Access-Control-Allow-Headers "User-Agent,Authorization,Content-type,Depth,If-match,If-None-Match,Lock-Token,Timeout,Destination,Overwrite,Prefer,X-client,X-Requested-With"
  93                 Header always set Access-Control-Allow-Credentials false
  94                 Header always set Access-Control-Expose-Headers "Etag,Preference-Applied"
  95
  96                 RewriteCond %{HTTP:Access-Control-Request-Method} !^$
  97                 RewriteCond %{REQUEST_METHOD} OPTIONS
  98                 RewriteRule ^(.*)$ $1 [R=200,L]
  99         </IfModule>
 100       </Directory>
 101       '';
 102   };
 103   phpFpm = rec {
 104     serviceDeps = [ "postgresql.service" "openldap.service" ];
 105     basedir = builtins.concatStringsSep ":" [ webapp config.secrets.fullPaths."webapps/dav-davical" awl ];
 106     pool = {
 107       "listen.owner" = apache.user;
 108       "listen.group" = apache.group;
 109       "pm" = "dynamic";
 110       "pm.max_children" = "60";
 111       "pm.start_servers" = "2";
 112       "pm.min_spare_servers" = "1";
 113       "pm.max_spare_servers" = "10";
 114
 115       # Needed to avoid clashes in browser cookies (same domain)
 116       "php_value[session.name]" = "DavicalPHPSESSID";
 117       "php_admin_value[open_basedir]" = "${basedir}:/tmp";
 118       "php_admin_value[include_path]" = "${awl}/inc:${webapp}/inc";
 119       "php_admin_value[session.save_handler]" = "redis";
 120       "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Davical:'";
 121       "php_flag[magic_quotes_gpc]" = "Off";
 122       "php_flag[register_globals]" = "Off";
 123       "php_admin_value[error_reporting]" = "E_ALL & ~E_NOTICE";
 124       "php_admin_value[default_charset]" = "utf-8";
 125       "php_flag[magic_quotes_runtime]" = "Off";
 126     };
 127   };
 128 }