]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - systems/eldiron/websites/tools/rompr.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Squash changes containing private information
[perso/Immae/Config/Nix.git] / systems / eldiron / websites / tools / rompr.nix
1 { lib, env, rompr, config }:
2 rec {
3 varDir = "/var/lib/rompr";
4 activationScript = ''
5 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
6 ${varDir}/prefs ${varDir}/albumart
7 '';
8 webRoot = rompr;
9 apache = rec {
10 user = "wwwrun";
11 group = "wwwrun";
12 modules = [ "headers" "mime" "proxy_fcgi" ];
13 root = webRoot;
14 vhostConf = socket: ''
15 Alias /rompr ${root}
16
17 <Directory ${root}>
18 Options Indexes FollowSymLinks
19 DirectoryIndex index.php
20 AllowOverride all
21 Require all granted
22 Order allow,deny
23 Allow from all
24 ErrorDocument 404 /rompr/404.php
25 AddType image/x-icon .ico
26
27 <FilesMatch "\.php$">
28 SetHandler "proxy:unix:${socket}|fcgi://localhost"
29 </FilesMatch>
30 </Directory>
31
32 <Directory ${root}/albumart/small>
33 Header Set Cache-Control "max-age=0, no-store"
34 Header Set Cache-Control "no-cache, must-revalidate"
35 </Directory>
36
37 <Directory ${root}/albumart/asdownloaded>
38 Header Set Cache-Control "max-age=0, no-store"
39 Header Set Cache-Control "no-cache, must-revalidate"
40 </Directory>
41
42 <LocationMatch "^/rompr">
43 Use LDAPConnect
44 Require ldap-group cn=users,cn=mpd,ou=services,dc=immae,dc=eu
45 </LocationMatch>
46 '';
47 };
48 phpFpm = rec {
49 basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
50 pool = {
51 "listen.owner" = apache.user;
52 "listen.group" = apache.group;
53 "pm" = "ondemand";
54 "pm.max_children" = "60";
55 "pm.process_idle_timeout" = "60";
56
57 # Needed to avoid clashes in browser cookies (same domain)
58 "php_value[session.name]" = "RomprPHPSESSID";
59 "php_admin_value[open_basedir]" = "${basedir}:/tmp";
60 "php_admin_value[session.save_handler]" = "redis";
61 "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Rompr:'";
62 "php_flag[magic_quotes_gpc]" = "Off";
63 "php_flag[track_vars]" = "On";
64 "php_flag[register_globals]" = "Off";
65 "php_admin_flag[allow_url_fopen]" = "On";
66 "php_value[include_path]" = "${webRoot}";
67 "php_admin_value[upload_tmp_dir]" = "${varDir}/prefs";
68 "php_admin_value[post_max_size]" = "32M";
69 "php_admin_value[upload_max_filesize]" = "32M";
70 "php_admin_value[memory_limit]" = "256M";
71 };
72 };
73 monitoringPlugins = [ "http" ];
74 monitoringObjects.service = [
75 {
76 service_description = "rompr mpd website is running on tools.immae.eu";
77 host_name = config.hostEnv.fqdn;
78 use = "external-web-service";
79 check_command = ["check_https_auth" "tools.immae.eu" "/rompr/" "<title>RompЯ"];
80
81 servicegroups = "webstatus-webapps";
82 _webstatus_name = "MPD (ROMPR)";
83 _webstatus_url = "https://tools.immae.eu/rompr/";
84 }
85 ];
86 }
My infrastructure configuration