{ pkgs, lib, config, ... }: let env = config.myEnv.tools.status_engine; package = pkgs.status_engine.interface.override({ config_file = config.secrets.fullPaths."status_engine_ui"; }); apacheRoot = "${package}/public"; cfg = config.myServices.websites.tools.performance; in { options.myServices.websites.tools.performance = { enable = lib.mkEnableOption "Enable performance website"; }; config = lib.mkIf cfg.enable { secrets.keys = [ { dest = "status_engine_ui"; permissions = "0400"; user = "wwwrun"; group = "wwwrun"; text = '' allow_anonymous: 0 anonymous_can_submit_commands: 0 urls_without_login: - login - loginstate auth_type: ldap ldap_server: ${env.ldap.host} ldap_use_ssl: 1 ldap_port: 636 ldap_bind_dn: ${env.ldap.dn} ldap_bind_password: ${env.ldap.password} ldap_base_dn: ${env.ldap.base} ldap_filter: "${env.ldap.filter}" ldap_attribute: - memberOf use_crate: 0 use_mysql: 1 mysql: host: 127.0.0.1 port: ${env.mysql.port} username: ${env.mysql.user} password: ${env.mysql.password} database: ${env.mysql.database} display_perfdata: 1 perfdata_backend: mysql ''; } ]; services.websites.env.tools.modules = [ "proxy_fcgi" ]; services.websites.env.tools.vhostConfs.performance = { certName = "eldiron"; addToCerts = true; hosts = [ "performance.immae.eu" ]; root = apacheRoot; extraConfig = [ '' DirectoryIndex index.html AllowOverride None Require all granted SetHandler "proxy:unix:${config.services.phpfpm.pools.status_engine.socket}|fcgi://localhost" '' ]; }; services.phpfpm.pools.status_engine = { user = "wwwrun"; group = "wwwrun"; settings = { "listen.owner" = "wwwrun"; "listen.group" = "wwwrun"; "pm" = "dynamic"; "pm.max_children" = "60"; "pm.start_servers" = "2"; "pm.min_spare_servers" = "1"; "pm.max_spare_servers" = "10"; "php_admin_value[open_basedir]" = "${package}:/tmp:/var/secrets/status_engine_ui"; }; phpPackage = pkgs.php74; }; }; }