virtual/modules/websites/tools/tools/rompr.nix

   1 { lib, env, stdenv, fetchedGithub }:
   2 let
   3   rompr = let
   4   in rec {
   5     varDir = "/var/lib/rompr";
   6     activationScript = ''
   7       install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
   8         ${varDir}/prefs ${varDir}/albumart ${varDir}/phpSessions
   9     '';
  10     webRoot = stdenv.mkDerivation (fetchedGithub ./rompr.json // rec {
  11       installPhase = ''
  12         cp -a . $out
  13         ln -sf ../../../../../../${varDir}/prefs $out/prefs
  14         ln -sf ../../../../../../${varDir}/albumart $out/albumart
  15       '';
  16     });
  17     apache = {
  18       user = "wwwrun";
  19       group = "wwwrun";
  20       modules = [ "headers" "mime" "proxy_fcgi" ];
  21       vhostConf = ''
  22         Alias /rompr ${webRoot}
  23
  24         <Directory ${webRoot}>
  25           Options Indexes FollowSymLinks
  26           DirectoryIndex index.php
  27           AllowOverride all
  28           Require all granted
  29           Order allow,deny
  30           Allow from all
  31           ErrorDocument 404 /rompr/404.php
  32           AddType image/x-icon .ico
  33
  34           <FilesMatch "\.php$">
  35             SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
  36           </FilesMatch>
  37         </Directory>
  38
  39         <Directory ${webRoot}/albumart/small>
  40             Header Set Cache-Control "max-age=0, no-store"
  41             Header Set Cache-Control "no-cache, must-revalidate"
  42         </Directory>
  43
  44         <Directory ${webRoot}/albumart/asdownloaded>
  45             Header Set Cache-Control "max-age=0, no-store"
  46             Header Set Cache-Control "no-cache, must-revalidate"
  47         </Directory>
  48
  49         <LocationMatch "^/rompr">
  50           Use LDAPConnect
  51           Require ldap-group   cn=users,cn=mpd,ou=services,dc=immae,dc=eu
  52           Require local
  53         </LocationMatch>
  54         '';
  55     };
  56     phpFpm = rec {
  57       basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
  58       socket = "/var/run/phpfpm/rompr.sock";
  59       pool = ''
  60         listen = ${socket}
  61         user = ${apache.user}
  62         group = ${apache.group}
  63         listen.owner = ${apache.user}
  64         listen.group = ${apache.group}
  65         pm = ondemand
  66         pm.max_children = 60
  67         pm.process_idle_timeout = 60
  68
  69         ; Needed to avoid clashes in browser cookies (same domain)
  70         php_value[session.name] = RomprPHPSESSID
  71         php_admin_value[open_basedir] = "${basedir}:/tmp"
  72         php_admin_value[session.save_path] = "${varDir}/phpSessions"
  73         php_flag[magic_quotes_gpc] = Off
  74         php_flag[track_vars] = On
  75         php_flag[register_globals] = Off
  76         php_admin_flag[allow_url_fopen] = On
  77         php_value[include_path] = ${webRoot}
  78         php_admin_value[upload_tmp_dir] = "${varDir}/prefs"
  79         php_admin_value[post_max_size] = 32M
  80         php_admin_value[upload_max_filesize] = 32M
  81         php_admin_value[memory_limit] = 256M
  82         '';
  83     };
  84   };
  85 in
  86   rompr