]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - modules/private/tasks/default.nix
projects / perso / Immae / Config / Nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Upgrade nixos
[perso/Immae/Config/Nix.git] / modules / private / tasks / default.nix
diff --git a/modules/private/tasks/default.nix b/modules/private/tasks/default.nix
index 78e07c1adb2862137b0c65a00602863fdd0106f2..42cc8d282588e4778bdcc76973146e3b27dfb1a2 100644 (file)
--- a/modules/private/tasks/default.nix
+++ b/modules/private/tasks/default.nix
@@ -123,7 +123,7 @@ in {
           Use LDAPConnect
           Require ldap-group cn=users,cn=taskwarrior,ou=services,dc=immae,dc=eu
           <FilesMatch "\.php$">
-            SetHandler "proxy:unix:/var/run/phpfpm/task.sock|fcgi://localhost"
+            SetHandler "proxy:unix:${config.services.phpfpm.pools.tasks.socket}|fcgi://localhost"
           </FilesMatch>
           Include /var/secrets/webapps/tools-taskwarrior-web
         </Directory>
@@ -172,29 +172,30 @@ in {
     };
     services.phpfpm.pools = {
       tasks = {
-        listen = "/var/run/phpfpm/task.sock";
-        extraConfig = ''
-          user = ${user}
-          group = ${group}
-          listen.owner = wwwrun
-          listen.group = wwwrun
-          pm = dynamic
-          pm.max_children = 60
-          pm.start_servers = 2
-          pm.min_spare_servers = 1
-          pm.max_spare_servers = 10
+        user = user;
+        group = group;
+        settings = {
+          "listen.owner" = "wwwrun";
+          "listen.group" = "wwwrun";
+          "pm" = "dynamic";
+          "pm.max_children" = "60";
+          "pm.start_servers" = "2";
+          "pm.min_spare_servers" = "1";
+          "pm.max_spare_servers" = "10";
 
-          ; Needed to avoid clashes in browser cookies (same domain)
-          env[PATH] = "/etc/profiles/per-user/${user}/bin"
-          php_value[session.name] = TaskPHPSESSID
-          php_admin_value[open_basedir] = "${./www}:/tmp:${server_vardir}:/etc/profiles/per-user/${user}/bin/"
-        '';
+          # Needed to avoid clashes in browser cookies (same domain)
+          "php_value[session.name]" = "TaskPHPSESSID";
+          "php_admin_value[open_basedir]" = "${./www}:/tmp:${server_vardir}:/etc/profiles/per-user/${user}/bin/";
+        };
+        phpEnv = {
+          PATH = "/etc/profiles/per-user/${user}/bin";
+        };
       };
     };
 
     myServices.websites.webappDirs._task = ./www;
 
-    security.acme2.certs."task" = config.myServices.certificates.certConfig // {
+    security.acme.certs."task" = config.myServices.certificates.certConfig // {
       inherit user group;
       plugins = [ "fullchain.pem" "key.pem" "cert.pem" "account_key.json" "account_reg.json" ];
       domain = fqdn;
@@ -246,9 +247,9 @@ in {
       inherit fqdn;
       listenHost = "::";
       pki.manual.ca.cert = "${server_vardir}/keys/ca.cert";
-      pki.manual.server.cert = "${config.security.acme2.certs.task.directory}/fullchain.pem";
-      pki.manual.server.crl = "${config.security.acme2.certs.task.directory}/invalid.crl";
-      pki.manual.server.key = "${config.security.acme2.certs.task.directory}/key.pem";
+      pki.manual.server.cert = "${config.security.acme.certs.task.directory}/fullchain.pem";
+      pki.manual.server.crl = "${config.security.acme.certs.task.directory}/invalid.crl";
+      pki.manual.server.key = "${config.security.acme.certs.task.directory}/key.pem";
       requestLimit = 104857600;
     };
 
My infrastructure configuration