{ lib, env, writeText, stdenv, fetchedGithub }:
let
  yourls = let
    plugins = {
      ldap = stdenv.mkDerivation (fetchedGithub ./yourls-ldap-plugin.json // rec {
        installPhase = ''
          mkdir -p $out
          cp plugin.php $out/
          '';
      });
    };
  in rec {
    activationScript = ''
      install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/yourls
    '';
    keys.tools-yourls = {
      destDir = "/run/keys/webapps";
      user = apache.user;
      group = apache.group;
      permissions = "0400";
      text = ''
        <?php
        define( 'YOURLS_DB_USER', '${env.mysql.user}' );
        define( 'YOURLS_DB_PASS', '${env.mysql.password}' );
        define( 'YOURLS_DB_NAME', '${env.mysql.database}' );
        define( 'YOURLS_DB_HOST', '${env.mysql.host}' );
        define( 'YOURLS_DB_PREFIX', 'yourls_' );
        define( 'YOURLS_SITE', 'https://tools.immae.eu/url' );
        define( 'YOURLS_HOURS_OFFSET', 0 ); 
        define( 'YOURLS_LANG', ''' ); 
        define( 'YOURLS_UNIQUE_URLS', true );
        define( 'YOURLS_PRIVATE', true );
        define( 'YOURLS_COOKIEKEY', '${env.cookieKey}' );
        $yourls_user_passwords = array();
        define( 'YOURLS_DEBUG', false );
        define( 'YOURLS_URL_CONVERT', 36 );
        $yourls_reserved_URL = array();
        define( 'LDAPAUTH_HOST', 'ldaps://ldap.immae.eu' );
        define( 'LDAPAUTH_PORT', '636' );
        define( 'LDAPAUTH_BASE', 'dc=immae,dc=eu' );
        define( 'LDAPAUTH_SEARCH_USER', 'cn=yourls,ou=services,dc=immae,dc=eu' );
        define( 'LDAPAUTH_SEARCH_PASS', '${env.ldap.password}' );

        define( 'LDAPAUTH_GROUP_ATTR', 'memberof' );
        define( 'LDAPAUTH_GROUP_REQ', 'cn=admin,cn=yourls,ou=services,dc=immae,dc=eu');

        define( 'LDAPAUTH_USERCACHE_TYPE', 0);
      '';
    };
    webRoot = stdenv.mkDerivation (fetchedGithub ./yourls.json // rec {
      installPhase = ''
        mkdir -p $out
        cp -a */ *.php $out/
        cp sample-robots.txt $out/robots.txt
        ln -sf /run/keys/webapps/tools-yourls $out/includes/config.php
        ${builtins.concatStringsSep "\n" (
          lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/user/plugins/${name}") plugins
        )}
      '';
    });
    apache = rec {
      user = "wwwrun";
      group = "wwwrun";
      modules = [ "proxy_fcgi" ];
      webappName = "tools_yourls";
      root = "/run/current-system/webapps/${webappName}";
      vhostConf = ''
        Alias /url "${root}"
        <Directory "${root}">
          <FilesMatch "\.php$">
            SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
          </FilesMatch>

          AllowOverride None
          Require all granted
          <IfModule mod_rewrite.c>
            RewriteEngine On
            RewriteBase /url/
            RewriteCond %{REQUEST_FILENAME} !-f
            RewriteCond %{REQUEST_FILENAME} !-d
            RewriteRule ^.*$ /url/yourls-loader.php [L]
          </IfModule>
          DirectoryIndex index.php
        </Directory>
        '';
    };
    phpFpm = rec {
      serviceDeps = [ "mysql.service" "openldap.service" "tools-yourls-key.service" ];
      basedir = builtins.concatStringsSep ":" (
        [ webRoot "/run/keys/webapps/tools-yourls" ]
        ++ lib.attrsets.mapAttrsToList (name: value: value) plugins);
      socket = "/var/run/phpfpm/yourls.sock";
      pool = ''
        listen = ${socket}
        user = ${apache.user}
        group = ${apache.group}
        listen.owner = ${apache.user}
        listen.group = ${apache.group}
        pm = ondemand
        pm.max_children = 60
        pm.process_idle_timeout = 60

        ; Needed to avoid clashes in browser cookies (same domain)
        php_value[session.name] = YourlsPHPSESSID
        php_admin_value[open_basedir] = "${basedir}:/tmp"
        php_admin_value[session.save_path] = "/var/lib/php/sessions/yourls"
        '';
    };
  };
in 
  yourls