]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - modules/private/websites/tools/dav/davical.nix
projects / perso / Immae / Config / Nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Squash changes containing private information
[perso/Immae/Config/Nix.git] / modules / private / websites / tools / dav / davical.nix
diff --git a/modules/private/websites/tools/dav/davical.nix b/modules/private/websites/tools/dav/davical.nix
deleted file mode 100644 (file)
index bc5ecf6..0000000
--- a/modules/private/websites/tools/dav/davical.nix
+++ /dev/null
@@ -1,133 +0,0 @@
-{ stdenv, fetchurl, gettext, writeText, env, awl, davical, config }:
-rec {
-  activationScript = {
-    deps = [ "httpd" ];
-    text = ''
-      install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/davical
-      '';
-  };
-  keys."webapps/dav-davical" = {
-    user = apache.user;
-    group = apache.group;
-    permissions = "0400";
-    text = ''
-      <?php
-      $c->pg_connect[] = "dbname=${env.postgresql.database} user=${env.postgresql.user} host=${env.postgresql.socket} password=${env.postgresql.password}";
-
-      $c->readonly_webdav_collections = false;
-
-      $c->admin_email ='davical@tools.immae.eu';
-
-      $c->restrict_setup_to_admin = true;
-
-      $c->collections_always_exist = false;
-
-      $c->external_refresh = 60;
-
-      $c->enable_scheduling = true;
-
-      $c->iMIP = (object) array("send_email" => true);
-
-      $c->authenticate_hook['optional'] = false;
-      $c->authenticate_hook['call'] = 'LDAP_check';
-      $c->authenticate_hook['config'] = array(
-          'host' => '${env.ldap.host}',
-          'port' => '389',
-          'startTLS' => 'yes',
-          'bindDN'=> '${env.ldap.dn}',
-          'passDN'=> '${env.ldap.password}',
-          'protocolVersion' => '3',
-          'baseDNUsers'=> array('ou=users,${env.ldap.base}', 'ou=group_users,${env.ldap.base}'),
-          'filterUsers' => '${env.ldap.filter}',
-          'baseDNGroups' => 'ou=groups,${env.ldap.base}',
-          'filterGroups' => 'memberOf=cn=groups,${env.ldap.dn}',
-          'mapping_field' => array(
-            "username" => "uid",
-            "fullname" => "cn",
-            "email"    => "mail",
-            "modified" => "modifyTimestamp",
-          ),
-          'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)),
-            /** used to set default value for all users, will be overcharged by ldap if defined also in mapping_field **/
-      //    'default_value' => array("date_format_type" => "E","locale" => "fr_FR"),
-          'group_mapping_field' => array(
-            "username"    => "cn",
-            "updated"     => "modifyTimestamp",
-            "fullname"    => "givenName",
-            "displayname" => "givenName",
-            "members"     => "memberUid",
-            "email"       => "mail",
-          ),
-        );
-
-      $c->do_not_sync_from_ldap = array('admin' => true);
-      include('drivers_ldap.php');
-    '';
-  };
-  webapp = davical.override { davical_config = config.secrets.fullPaths."webapps/dav-davical"; };
-  webRoot = "${webapp}/htdocs";
-  apache = rec {
-    user = "wwwrun";
-    group = "wwwrun";
-    modules = [ "proxy_fcgi" ];
-    root = webRoot;
-    vhostConf = socket: ''
-      Alias /davical "${root}"
-      Alias /caldav.php  "${root}/caldav.php"
-      <Directory "${root}">
-        DirectoryIndex index.php index.html
-        AcceptPathInfo On
-        AllowOverride None
-        Require all granted
-
-        <FilesMatch "\.php$">
-          CGIPassAuth on
-          SetHandler "proxy:unix:${socket}|fcgi://localhost"
-        </FilesMatch>
-
-        RewriteEngine On
-        <IfModule mod_headers.c>
-                Header unset Access-Control-Allow-Origin
-                Header unset Access-Control-Allow-Methods
-                Header unset Access-Control-Allow-Headers
-                Header unset Access-Control-Allow-Credentials
-                Header unset Access-Control-Expose-Headers
-
-                Header always set Access-Control-Allow-Origin "*"
-                Header always set Access-Control-Allow-Methods "GET,POST,OPTIONS,PROPFIND,PROPPATCH,REPORT,PUT,MOVE,DELETE,LOCK,UNLOCK"
-                Header always set Access-Control-Allow-Headers "User-Agent,Authorization,Content-type,Depth,If-match,If-None-Match,Lock-Token,Timeout,Destination,Overwrite,Prefer,X-client,X-Requested-With"
-                Header always set Access-Control-Allow-Credentials false
-                Header always set Access-Control-Expose-Headers "Etag,Preference-Applied"
-
-                RewriteCond %{HTTP:Access-Control-Request-Method} !^$
-                RewriteCond %{REQUEST_METHOD} OPTIONS
-                RewriteRule ^(.*)$ $1 [R=200,L]
-        </IfModule>
-      </Directory>
-      '';
-  };
-  phpFpm = rec {
-    serviceDeps = [ "postgresql.service" "openldap.service" ];
-    basedir = builtins.concatStringsSep ":" [ webapp config.secrets.fullPaths."webapps/dav-davical" awl ];
-    pool = {
-      "listen.owner" = apache.user;
-      "listen.group" = apache.group;
-      "pm" = "dynamic";
-      "pm.max_children" = "60";
-      "pm.start_servers" = "2";
-      "pm.min_spare_servers" = "1";
-      "pm.max_spare_servers" = "10";
-
-      # Needed to avoid clashes in browser cookies (same domain)
-      "php_value[session.name]" = "DavicalPHPSESSID";
-      "php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/davical";
-      "php_admin_value[include_path]" = "${awl}/inc:${webapp}/inc";
-      "php_admin_value[session.save_path]" = "/var/lib/php/sessions/davical";
-      "php_flag[magic_quotes_gpc]" = "Off";
-      "php_flag[register_globals]" = "Off";
-      "php_admin_value[error_reporting]" = "E_ALL & ~E_NOTICE";
-      "php_admin_value[default_charset]" = "utf-8";
-      "php_flag[magic_quotes_runtime]" = "Off";
-    };
-  };
-}
My infrastructure configuration