{ stdenv, fetchurl, gettext, writeText, env }: let awl = stdenv.mkDerivation rec { version = "0.59"; name = "awl-${version}"; src = fetchurl { url = "https://www.davical.org/downloads/awl_${version}.orig.tar.xz"; sha256 = "01b7km7ga3ggbpp8axkc55nizgk5c35fl2z93iydb3hwbxmsvnjp"; }; unpackCmd = '' tar --one-top-level -xf $curSrc ''; installPhase = '' mkdir -p $out cp -ra dba docs inc scripts tests $out ''; }; davical = rec { keys."dav-davical" = { destDir = "/run/keys/webapps"; user = apache.user; group = apache.group; permissions = "0700"; text = '' pg_connect[] = "dbname=${env.postgresql.database} user=${env.postgresql.user} host=${env.postgresql.socket} password=${env.postgresql.password}"; $c->readonly_webdav_collections = false; $c->admin_email ='davical@tools.immae.eu'; $c->restrict_setup_to_admin = true; $c->collections_always_exist = false; $c->external_refresh = 60; $c->enable_scheduling = true; $c->iMIP = (object) array("send_email" => true); $c->authenticate_hook['optional'] = false; $c->authenticate_hook['call'] = 'LDAP_check'; $c->authenticate_hook['config'] = array( 'host' => 'ldap.immae.eu', 'port' => '389', 'startTLS' => 'yes', 'bindDN'=> 'cn=davical,ou=services,dc=immae,dc=eu', 'passDN'=> '${env.ldap.password}', 'protocolVersion' => '3', 'baseDNUsers'=> array('ou=users,dc=immae,dc=eu', 'ou=group_users,dc=immae,dc=eu'), 'filterUsers' => 'memberOf=cn=users,cn=davical,ou=services,dc=immae,dc=eu', 'baseDNGroups' => 'ou=groups,dc=immae,dc=eu', 'filterGroups' => 'memberOf=cn=groups,cn=davical,ou=services,dc=immae,dc=eu', 'mapping_field' => array( "username" => "uid", "fullname" => "cn", "email" => "mail", "modified" => "modifyTimestamp", ), 'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)), /** used to set default value for all users, will be overcharged by ldap if defined also in mapping_field **/ // 'default_value' => array("date_format_type" => "E","locale" => "fr_FR"), 'group_mapping_field' => array( "username" => "cn", "updated" => "modifyTimestamp", "fullname" => "givenName", "displayname" => "givenName", "members" => "memberUid", "email" => "mail", ), ); $c->do_not_sync_from_ldap = array('admin' => true); include('drivers_ldap.php'); ''; }; webapp = stdenv.mkDerivation rec { version = "1.1.7"; name = "davical-${version}"; src = fetchurl { url = "https://www.davical.org/downloads/davical_${version}.orig.tar.xz"; sha256 = "1ar5m2dxr92b204wkdi8z33ir9vz2jbh5k1p74icpv9ywifvjjp9"; }; unpackCmd = '' tar --one-top-level -xf $curSrc ''; makeFlags = "all"; patches = [ ./davical_19eb79ebf9250e5f339675319902458c40ed1755.patch ]; installPhase = '' mkdir -p $out cp -ra config dba docs htdocs inc locale po scripts testing zonedb $out ln -s /run/keys/webapps/dav-davical $out/config/config.php ''; buildInputs = [ gettext ]; }; webRoot = "${webapp}/htdocs"; apache = rec { user = "wwwrun"; group = "wwwrun"; modules = [ "proxy_fcgi" ]; webappName = "tools_davical"; root = "/run/current-system/webapps/${webappName}"; vhostConf = '' Alias /davical "${root}" Alias /caldav.php "${root}/caldav.php" DirectoryIndex index.php index.html AcceptPathInfo On AllowOverride None Require all granted CGIPassAuth on SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" RewriteEngine On Header unset Access-Control-Allow-Origin Header unset Access-Control-Allow-Methods Header unset Access-Control-Allow-Headers Header unset Access-Control-Allow-Credentials Header unset Access-Control-Expose-Headers Header always set Access-Control-Allow-Origin "*" Header always set Access-Control-Allow-Methods "GET,POST,OPTIONS,PROPFIND,PROPPATCH,REPORT,PUT,MOVE,DELETE,LOCK,UNLOCK" Header always set Access-Control-Allow-Headers "User-Agent,Authorization,Content-type,Depth,If-match,If-None-Match,Lock-Token,Timeout,Destination,Overwrite,Prefer,X-client,X-Requested-With" Header always set Access-Control-Allow-Credentials false Header always set Access-Control-Expose-Headers "Etag,Preference-Applied" RewriteCond %{HTTP:Access-Control-Request-Method} !^$ RewriteCond %{REQUEST_METHOD} OPTIONS RewriteRule ^(.*)$ $1 [R=200,L] ''; }; phpFpm = rec { serviceDeps = [ "postgresql.service" "openldap.service" "dav-davical-key.service" ]; basedir = builtins.concatStringsSep ":" [ webapp "/run/keys/webapps/dav-davical" awl ]; socket = "/var/run/phpfpm/davical.sock"; pool = '' listen = ${socket} user = ${apache.user} group = ${apache.group} listen.owner = ${apache.user} listen.group = ${apache.group} pm = dynamic pm.max_children = 60 pm.start_servers = 2 pm.min_spare_servers = 1 pm.max_spare_servers = 10 ; Needed to avoid clashes in browser cookies (same domain) php_value[session.name] = DavicalPHPSESSID php_admin_value[open_basedir] = "${basedir}:/tmp" php_admin_value[include_path] = "${awl}/inc:${webapp}/inc" php_admin_value[session.save_path] = "/var/lib/php/sessions/davical" php_flag[magic_quotes_gpc] = Off php_flag[register_globals] = Off php_admin_value[error_reporting] = "E_ALL & ~E_NOTICE" php_admin_value[default_charset] = "utf-8" php_flag[magic_quotes_runtime] = Off ''; }; }; in davical