Move secrets to flakes

[perso/Immae/Config/Nix.git] / modules / private / websites / tools / mail / roundcubemail.nix

diff --git a/modules/private/websites/tools/mail/roundcubemail.nix b/modules/private/websites/tools/mail/roundcubemail.nix
index 8bb60d639db2ef916769bdfb37953ecb93ec0245..7d8e733918237c7f5e8b63489d9076343ef861ec 100644 (file)
--- a/modules/private/websites/tools/mail/roundcubemail.nix
+++ b/modules/private/websites/tools/mail/roundcubemail.nix
@@ -1,4 +1,4 @@
-{ env, roundcubemail, roundcubemail-plugins, roundcubemail-skins, phpPackages, apacheHttpd }:
+{ env, roundcubemail, apacheHttpd, config }:
 rec {
   varDir = "/var/lib/roundcubemail";
   activationScript = {
@@ -14,9 +14,12 @@ rec {
     user = apache.user;
     group = apache.group;
     permissions = "0400";
-    text = ''
+    text =
+      let
+        psql_url = with env.postgresql; "pgsql://${user}:${password}@unix(${socket}:${port})/${database}";
+      in ''
       <?php
-        $config['db_dsnw'] = '${env.psql_url}';
+        $config['db_dsnw'] = '${psql_url}';
         $config['default_host'] = 'ssl://imap.immae.eu';
         $config['username_domain'] = array(
           "imap.immae.eu" => "mail.immae.eu"
@@ -72,15 +75,14 @@ rec {
         $config['mime_types'] = '${apacheHttpd}/conf/mime.types';
     '';
   }];
-  webRoot = (roundcubemail.override { roundcube_config = "/var/secrets/webapps/tools-roundcube"; }).withPlugins
-    (builtins.attrValues roundcubemail-plugins) (builtins.attrValues roundcubemail-skins);
+  webRoot = (roundcubemail.override { roundcube_config = config.secrets.fullPaths."webapps/tools-roundcube"; }).withPlugins (p: [ p.automatic_addressbook p.carddav p.contextmenu p.contextmenu_folder p.html5_notifier p.ident_switch p.message_highlight p.thunderbird_labels ]);
   apache = rec {
     user = "wwwrun";
     group = "wwwrun";
     modules = [ "proxy_fcgi" ];
     webappName = "tools_roundcubemail";
     root = "/run/current-system/webapps/${webappName}";
-    vhostConf = ''
+    vhostConf = socket: ''
     Alias /roundcube "${root}"
     <Directory "${root}">
         DirectoryIndex index.php
@@ -89,7 +91,7 @@ rec {
         Require all granted
 
         <FilesMatch "\.php$">
-          SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+          SetHandler "proxy:unix:${socket}|fcgi://localhost"
         </FilesMatch>
       </Directory>
       '';
@@ -97,29 +99,22 @@ rec {
   phpFpm = rec {
     serviceDeps = [ "postgresql.service" ];
     basedir = builtins.concatStringsSep ":" (
-      [ webRoot "/var/secrets/webapps/tools-roundcube" varDir ]
+      [ webRoot config.secrets.fullPaths."webapps/tools-roundcube" varDir ]
       ++ webRoot.plugins
       ++ webRoot.skins);
-    phpConfig = ''
-      date.timezone = 'CET'
-      extension=${phpPackages.imagick}/lib/php/extensions/imagick.so
-      '';
-    socket = "/var/run/phpfpm/roundcubemail.sock";
-    pool = ''
-      user = ${apache.user}
-      group = ${apache.group}
-      listen.owner = ${apache.user}
-      listen.group = ${apache.group}
-      pm = ondemand
-      pm.max_children = 60
-      pm.process_idle_timeout = 60
+    pool = {
+      "listen.owner" = apache.user;
+      "listen.group" = apache.group;
+      "pm" = "ondemand";
+      "pm.max_children" = "60";
+      "pm.process_idle_timeout" = "60";
 
-      ; Needed to avoid clashes in browser cookies (same domain)
-      php_value[session.name] = RoundcubemailPHPSESSID
-      php_admin_value[upload_max_filesize] = 200M
-      php_admin_value[post_max_size] = 200M
-      php_admin_value[open_basedir] = "${basedir}:${apacheHttpd}/conf/mime.types:/tmp"
-      php_admin_value[session.save_path] = "${varDir}/phpSessions"
-      '';
+      # Needed to avoid clashes in browser cookies (same domain)
+      "php_value[session.name]" = "RoundcubemailPHPSESSID";
+      "php_admin_value[upload_max_filesize]" = "200M";
+      "php_admin_value[post_max_size]" = "200M";
+      "php_admin_value[open_basedir]" = "${basedir}:${apacheHttpd}/conf/mime.types:/tmp";
+      "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
+    };
   };
 }