-{ lib, pkgs, config, myconfig, ... }:
+{ lib, pkgs, config, ... }:
let
cfg = config.myServices.tasks;
server_vardir = config.services.taskserver.dataDir;
fqdn = "task.immae.eu";
user = config.services.taskserver.user;
- env = myconfig.env.tools.task;
+ env = config.myEnv.tools.task;
group = config.services.taskserver.group;
taskserver-user-certs = pkgs.runCommand "taskserver-user-certs" {} ''
mkdir -p $out/bin
};
config = lib.mkIf cfg.enable {
+ services.duplyBackup.profiles.tasks = {
+ rootDir = "/var/lib";
+ excludeFile = ''
+ + /var/lib/taskserver
+ + /var/lib/taskwarrior-web
+ - /var/lib
+ '';
+ };
+
secrets.keys = [{
dest = "webapps/tools-taskwarrior-web";
user = "wwwrun";
SetEnv TASKD_LDAP_DN "${env.ldap.dn}"
SetEnv TASKD_LDAP_PASSWORD "${env.ldap.password}"
SetEnv TASKD_LDAP_BASE "${env.ldap.base}"
- SetEnv TASKD_LDAP_FILTER "${env.ldap.search}"
+ SetEnv TASKD_LDAP_FILTER "${env.ldap.filter}"
'';
}];
- services.websites.tools.watchPaths = [ "/var/secrets/webapps/tools-taskwarrior-web" ];
- services.websites.tools.modules = [ "proxy_fcgi" "sed" ];
- services.websites.tools.vhostConfs.task = {
+ services.websites.env.tools.watchPaths = [ "/var/secrets/webapps/tools-taskwarrior-web" ];
+ services.websites.env.tools.modules = [ "proxy_fcgi" "sed" ];
+ services.websites.env.tools.vhostConfs.task = {
certName = "eldiron";
addToCerts = true;
hosts = [ "task.immae.eu" ];
</Location>
'') env.taskwarrior-web);
};
- services.phpfpm.poolConfigs = {
- tasks = ''
- listen = /var/run/phpfpm/task.sock
- user = ${user}
- group = ${group}
- listen.owner = wwwrun
- listen.group = wwwrun
- pm = dynamic
- pm.max_children = 60
- pm.start_servers = 2
- pm.min_spare_servers = 1
- pm.max_spare_servers = 10
+ services.phpfpm.pools = {
+ tasks = {
+ listen = "/var/run/phpfpm/task.sock";
+ extraConfig = ''
+ user = ${user}
+ group = ${group}
+ listen.owner = wwwrun
+ listen.group = wwwrun
+ pm = dynamic
+ pm.max_children = 60
+ pm.start_servers = 2
+ pm.min_spare_servers = 1
+ pm.max_spare_servers = 10
- ; Needed to avoid clashes in browser cookies (same domain)
- env[PATH] = "/etc/profiles/per-user/${user}/bin"
- php_value[session.name] = TaskPHPSESSID
- php_admin_value[open_basedir] = "${./www}:/tmp:${server_vardir}:/etc/profiles/per-user/${user}/bin/"
- '';
+ ; Needed to avoid clashes in browser cookies (same domain)
+ env[PATH] = "/etc/profiles/per-user/${user}/bin"
+ php_value[session.name] = TaskPHPSESSID
+ php_admin_value[open_basedir] = "${./www}:/tmp:${server_vardir}:/etc/profiles/per-user/${user}/bin/"
+ '';
+ };
};
myServices.websites.webappDirs._task = ./www;
- security.acme.certs."task" = config.services.myCertificates.certConfig // {
+ security.acme2.certs."task" = config.myServices.certificates.certConfig // {
inherit user group;
- plugins = [ "fullchain.pem" "key.pem" "cert.pem" "account_key.json" ];
+ plugins = [ "fullchain.pem" "key.pem" "cert.pem" "account_key.json" "account_reg.json" ];
domain = fqdn;
postRun = ''
systemctl restart taskserver.service
inherit fqdn;
listenHost = "::";
pki.manual.ca.cert = "${server_vardir}/keys/ca.cert";
- pki.manual.server.cert = "${config.security.acme.directory}/task/fullchain.pem";
- pki.manual.server.crl = "${config.security.acme.directory}/task/invalid.crl";
- pki.manual.server.key = "${config.security.acme.directory}/task/key.pem";
+ pki.manual.server.cert = "${config.security.acme2.certs.task.directory}/fullchain.pem";
+ pki.manual.server.crl = "${config.security.acme2.certs.task.directory}/invalid.crl";
+ pki.manual.server.key = "${config.security.acme2.certs.task.directory}/key.pem";
requestLimit = 104857600;
};
projects / perso / Immae / Config / Nix.git / blobdiff