systems/eldiron/websites/mail/rainloop.nix

   1 { lib, rainloop, writeText, stdenv, fetchurl }:
   2 rec {
   3   varDir = "/var/lib/rainloop";
   4   activationScript = {
   5     deps = [ "wrappers" ];
   6     text = ''
   7       install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}
   8       install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/data
   9     '';
  10   };
  11   webRoot = rainloop.override { dataPath = "${varDir}/data"; };
  12   apache = rec {
  13     user = "wwwrun";
  14     group = "wwwrun";
  15     modules = [ "proxy_fcgi" ];
  16     root = webRoot;
  17     vhostConf = socket: ''
  18     Alias /rainloop "${root}"
  19     <Directory "${root}">
  20       DirectoryIndex index.php
  21       AllowOverride All
  22       Options -FollowSymlinks
  23       Require all denied
  24
  25       <FilesMatch "\.php$">
  26         SetHandler "proxy:unix:${socket}|fcgi://localhost"
  27       </FilesMatch>
  28     </Directory>
  29
  30     <DirectoryMatch "${root}/data">
  31       Require all denied
  32     </DirectoryMatch>
  33     '';
  34   };
  35   phpFpm = rec {
  36     serviceDeps = [ "postgresql.service" ];
  37     basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
  38     pool = {
  39       "listen.owner" = apache.user;
  40       "listen.group" = apache.group;
  41       "pm" = "ondemand";
  42       "pm.max_children" = "60";
  43       "pm.process_idle_timeout" = "60";
  44
  45       # Needed to avoid clashes in browser cookies (same domain)
  46       "php_value[session.name]" = "RainloopPHPSESSID";
  47       "php_admin_value[upload_max_filesize]" = "200M";
  48       "php_admin_value[post_max_size]" = "200M";
  49       "php_admin_value[open_basedir]" = "${basedir}:/tmp";
  50       "php_admin_value[session.save_handler]" = "redis";
  51       "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Rainloop:'";
  52     };
  53   };
  54 }