]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - modules/private/websites/tools/dav/davical.nix
projects / perso / Immae / Config / Nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Move secrets to flakes
[perso/Immae/Config/Nix.git] / modules / private / websites / tools / dav / davical.nix
diff --git a/modules/private/websites/tools/dav/davical.nix b/modules/private/websites/tools/dav/davical.nix
index 5eb3fab71e5f43c4a0190e7cbb10f4041d805df4..eeac1b5643d97171665c518deecdf83ae6b0d059 100644 (file)
--- a/modules/private/websites/tools/dav/davical.nix
+++ b/modules/private/websites/tools/dav/davical.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, gettext, writeText, env, awl, davical }:
+{ stdenv, fetchurl, gettext, writeText, env, awl, davical, config }:
 rec {
   activationScript = {
     deps = [ "httpd" ];
@@ -65,7 +65,7 @@ rec {
       include('drivers_ldap.php');
     '';
   }];
-  webapp = davical.override { davical_config = "/var/secrets/webapps/dav-davical"; };
+  webapp = davical.override { davical_config = config.secrets.fullPaths."webapps/dav-davical"; };
   webRoot = "${webapp}/htdocs";
   apache = rec {
     user = "wwwrun";
@@ -73,7 +73,7 @@ rec {
     modules = [ "proxy_fcgi" ];
     webappName = "tools_davical";
     root = "/run/current-system/webapps/${webappName}";
-    vhostConf = ''
+    vhostConf = socket: ''
       Alias /davical "${root}"
       Alias /caldav.php  "${root}/caldav.php"
       <Directory "${root}">
@@ -84,7 +84,7 @@ rec {
 
         <FilesMatch "\.php$">
           CGIPassAuth on
-          SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+          SetHandler "proxy:unix:${socket}|fcgi://localhost"
         </FilesMatch>
 
         RewriteEngine On
@@ -110,29 +110,26 @@ rec {
   };
   phpFpm = rec {
     serviceDeps = [ "postgresql.service" "openldap.service" ];
-    basedir = builtins.concatStringsSep ":" [ webapp "/var/secrets/webapps/dav-davical" awl ];
-    socket = "/var/run/phpfpm/davical.sock";
-    pool = ''
-      user = ${apache.user}
-      group = ${apache.group}
-      listen.owner = ${apache.user}
-      listen.group = ${apache.group}
-      pm = dynamic
-      pm.max_children = 60
-      pm.start_servers = 2
-      pm.min_spare_servers = 1
-      pm.max_spare_servers = 10
+    basedir = builtins.concatStringsSep ":" [ webapp config.secrets.fullPaths."webapps/dav-davical" awl ];
+    pool = {
+      "listen.owner" = apache.user;
+      "listen.group" = apache.group;
+      "pm" = "dynamic";
+      "pm.max_children" = "60";
+      "pm.start_servers" = "2";
+      "pm.min_spare_servers" = "1";
+      "pm.max_spare_servers" = "10";
 
-      ; Needed to avoid clashes in browser cookies (same domain)
-      php_value[session.name] = DavicalPHPSESSID
-      php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/davical"
-      php_admin_value[include_path] = "${awl}/inc:${webapp}/inc"
-      php_admin_value[session.save_path] = "/var/lib/php/sessions/davical"
-      php_flag[magic_quotes_gpc] = Off
-      php_flag[register_globals] = Off
-      php_admin_value[error_reporting] = "E_ALL & ~E_NOTICE"
-      php_admin_value[default_charset] = "utf-8"
-      php_flag[magic_quotes_runtime] = Off
-      '';
+      # Needed to avoid clashes in browser cookies (same domain)
+      "php_value[session.name]" = "DavicalPHPSESSID";
+      "php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/davical";
+      "php_admin_value[include_path]" = "${awl}/inc:${webapp}/inc";
+      "php_admin_value[session.save_path]" = "/var/lib/php/sessions/davical";
+      "php_flag[magic_quotes_gpc]" = "Off";
+      "php_flag[register_globals]" = "Off";
+      "php_admin_value[error_reporting]" = "E_ALL & ~E_NOTICE";
+      "php_admin_value[default_charset]" = "utf-8";
+      "php_flag[magic_quotes_runtime]" = "Off";
+    };
   };
 }
My infrastructure configuration