{ lib, env, stdenv, fetchurl }:

let
  varDir = "/var/lib/shaarli";
  shaarli = stdenv.mkDerivation rec {
    name = "shaarli-${version}";
    version = "0.10.2";

    src = fetchurl {
      url = "https://github.com/shaarli/Shaarli/releases/download/v${version}/shaarli-v${version}-full.tar.gz";
      sha256 = "0h8sspj7siy3vgpi2i3gdrjcr5935fr4dfwq2zwd70sjx2sh9s78";
    };

    outputs = [ "out" "doc" ];

    patches = [ ./shaarli_ldap.patch ];

    installPhase = ''
      rm -r {cache,pagecache,tmp,data}/
      ln -sf ${varDir}/{cache,pagecache,tmp,data} .
      mkdir -p $doc/share/doc
      mv doc/ $doc/share/doc/shaarli
      mkdir $out/
      cp -R ./* $out
      cp .htaccess $out/
    '';

    meta = with stdenv.lib; {
      description = "The personal, minimalist, super-fast, database free, bookmarking service";
      license = licenses.gpl3Plus;
      homepage = https://github.com/shaarli/Shaarli;
      maintainers = with maintainers; [ schneefux ];
      platforms = platforms.all;
    };
  };
in rec {
  activationScript = ''
    install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
      ${varDir}/cache ${varDir}/pagecache ${varDir}/tmp ${varDir}/data \
      ${varDir}/phpSessions
    '';
  webRoot = shaarli;
  apache = rec {
    user = "wwwrun";
    group = "wwwrun";
    modules =  [ "proxy_fcgi" "rewrite" "env" ];
    webappName = "tools_shaarli";
    root = "/run/current-system/webapps/${webappName}";
    vhostConf = ''
      Alias /Shaarli "${root}"

      Include /run/keys/webapps/tools-shaarli
      <Directory "${root}">
        DirectoryIndex index.php index.htm index.html
        Options Indexes FollowSymLinks MultiViews Includes
        AllowOverride All
        Require all granted
        <FilesMatch "\.php$">
          SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
        </FilesMatch>
      </Directory>
      '';
  };
  keys.tools-shaarli = {
    destDir = "/run/keys/webapps";
    user = apache.user;
    group = apache.group;
    permissions = "0700";
    text = ''
      SetEnv SHAARLI_LDAP_PASSWORD "${env.ldap.password}"
      SetEnv SHAARLI_LDAP_DN       "${env.ldap.dn}"
      SetEnv SHAARLI_LDAP_HOST     "ldaps://${env.ldap.host}"
      SetEnv SHAARLI_LDAP_BASE     "${env.ldap.base}"
      SetEnv SHAARLI_LDAP_FILTER   "${env.ldap.search}"
      '';
  };
  phpFpm = rec {
    serviceDeps = [ "openldap.service" ];
    basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
    socket = "/var/run/phpfpm/shaarli.sock";
    pool = ''
        listen = ${socket}
        user = ${apache.user}
        group = ${apache.group}
        listen.owner = ${apache.user}
        listen.group = ${apache.group}
        pm = ondemand
        pm.max_children = 60
        pm.process_idle_timeout = 60

        ; Needed to avoid clashes in browser cookies (same domain)
        php_value[session.name] = ShaarliPHPSESSID
        php_admin_value[open_basedir] = "${basedir}:/tmp"
        php_admin_value[session.save_path] = "${varDir}/phpSessions"
    '';
  };
}