]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - modules/private/tasks/default.nix
projects / perso / Immae / Config / Nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Use pools instead of deprecated poolConfigs for php
[perso/Immae/Config/Nix.git] / modules / private / tasks / default.nix
diff --git a/modules/private/tasks/default.nix b/modules/private/tasks/default.nix
index c4f065b20f33be7d14ed5a6b420387b3cf187d81..78e07c1adb2862137b0c65a00602863fdd0106f2 100644 (file)
--- a/modules/private/tasks/default.nix
+++ b/modules/private/tasks/default.nix
@@ -170,31 +170,33 @@ in {
         </Location>
         '') env.taskwarrior-web);
     };
-    services.phpfpm.poolConfigs = {
-      tasks = ''
-        listen = /var/run/phpfpm/task.sock
-        user = ${user}
-        group = ${group}
-        listen.owner = wwwrun
-        listen.group = wwwrun
-        pm = dynamic
-        pm.max_children = 60
-        pm.start_servers = 2
-        pm.min_spare_servers = 1
-        pm.max_spare_servers = 10
+    services.phpfpm.pools = {
+      tasks = {
+        listen = "/var/run/phpfpm/task.sock";
+        extraConfig = ''
+          user = ${user}
+          group = ${group}
+          listen.owner = wwwrun
+          listen.group = wwwrun
+          pm = dynamic
+          pm.max_children = 60
+          pm.start_servers = 2
+          pm.min_spare_servers = 1
+          pm.max_spare_servers = 10
 
-        ; Needed to avoid clashes in browser cookies (same domain)
-        env[PATH] = "/etc/profiles/per-user/${user}/bin"
-        php_value[session.name] = TaskPHPSESSID
-        php_admin_value[open_basedir] = "${./www}:/tmp:${server_vardir}:/etc/profiles/per-user/${user}/bin/"
-      '';
+          ; Needed to avoid clashes in browser cookies (same domain)
+          env[PATH] = "/etc/profiles/per-user/${user}/bin"
+          php_value[session.name] = TaskPHPSESSID
+          php_admin_value[open_basedir] = "${./www}:/tmp:${server_vardir}:/etc/profiles/per-user/${user}/bin/"
+        '';
+      };
     };
 
     myServices.websites.webappDirs._task = ./www;
 
-    security.acme.certs."task" = config.myServices.certificates.certConfig // {
+    security.acme2.certs."task" = config.myServices.certificates.certConfig // {
       inherit user group;
-      plugins = [ "fullchain.pem" "key.pem" "cert.pem" "account_key.json" ];
+      plugins = [ "fullchain.pem" "key.pem" "cert.pem" "account_key.json" "account_reg.json" ];
       domain = fqdn;
       postRun = ''
         systemctl restart taskserver.service
@@ -244,9 +246,9 @@ in {
       inherit fqdn;
       listenHost = "::";
       pki.manual.ca.cert = "${server_vardir}/keys/ca.cert";
-      pki.manual.server.cert = "${config.security.acme.directory}/task/fullchain.pem";
-      pki.manual.server.crl = "${config.security.acme.directory}/task/invalid.crl";
-      pki.manual.server.key = "${config.security.acme.directory}/task/key.pem";
+      pki.manual.server.cert = "${config.security.acme2.certs.task.directory}/fullchain.pem";
+      pki.manual.server.crl = "${config.security.acme2.certs.task.directory}/invalid.crl";
+      pki.manual.server.key = "${config.security.acme2.certs.task.directory}/key.pem";
       requestLimit = 104857600;
     };
 
My infrastructure configuration