]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - modules/private/websites/tools/tools/shaarli.nix
projects / perso / Immae / Config / Nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Use attrs for secrets instead of lists
[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / shaarli.nix
diff --git a/modules/private/websites/tools/tools/shaarli.nix b/modules/private/websites/tools/tools/shaarli.nix
index 0f1ae7bcc84f2c4702e0f953fde335b523616232..b7126cc018441d1f47291c7ff30988ec60d7e76f 100644 (file)
--- a/modules/private/websites/tools/tools/shaarli.nix
+++ b/modules/private/websites/tools/tools/shaarli.nix
@@ -1,9 +1,10 @@
-{ lib, env, stdenv, fetchurl, shaarli }:
+{ lib, env, stdenv, fetchurl, shaarli, config }:
 let
   varDir = "/var/lib/shaarli";
 in rec {
   backups = {
     rootDir = varDir;
+    remotes = [ "eriomem" "ovh" ];
   };
   activationScript = ''
     install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
@@ -17,23 +18,27 @@ in rec {
     modules =  [ "proxy_fcgi" "rewrite" "env" ];
     webappName = "tools_shaarli";
     root = "/run/current-system/webapps/${webappName}";
-    vhostConf = ''
+    vhostConf = socket: ''
       Alias /Shaarli "${root}"
 
-      Include /var/secrets/webapps/tools-shaarli
+      Include ${config.secrets.fullPaths."webapps/tools-shaarli"}
+      <Location /Shaarli>
+        Header set Access-Control-Allow-Origin "*"
+        Header set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
+        Header set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization, Client-Security-Token, Accept-Encoding"
+      </Location>
       <Directory "${root}">
         DirectoryIndex index.php index.htm index.html
         Options Indexes FollowSymLinks MultiViews Includes
         AllowOverride All
         Require all granted
         <FilesMatch "\.php$">
-          SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+          SetHandler "proxy:unix:${socket}|fcgi://localhost"
         </FilesMatch>
       </Directory>
       '';
   };
-  keys = [{
-    dest = "webapps/tools-shaarli";
+  keys."webapps/tools-shaarli" = {
     user = apache.user;
     group = apache.group;
     permissions = "0400";
@@ -44,25 +49,23 @@ in rec {
       SetEnv SHAARLI_LDAP_BASE     "${env.ldap.base}"
       SetEnv SHAARLI_LDAP_FILTER   "${env.ldap.filter}"
       '';
-  }];
+  };
   phpFpm = rec {
     serviceDeps = [ "openldap.service" ];
     basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
-    socket = "/var/run/phpfpm/shaarli.sock";
-    pool = ''
-        listen = ${socket}
-        user = ${apache.user}
-        group = ${apache.group}
-        listen.owner = ${apache.user}
-        listen.group = ${apache.group}
-        pm = ondemand
-        pm.max_children = 60
-        pm.process_idle_timeout = 60
+    pool = {
+      "listen.owner" = apache.user;
+      "listen.group" = apache.group;
+      "pm" = "ondemand";
+      "pm.max_children" = "60";
+      "pm.process_idle_timeout" = "60";
 
-        ; Needed to avoid clashes in browser cookies (same domain)
-        php_value[session.name] = ShaarliPHPSESSID
-        php_admin_value[open_basedir] = "${basedir}:/tmp"
-        php_admin_value[session.save_path] = "${varDir}/phpSessions"
-    '';
+      # Needed to avoid clashes in browser cookies (same domain)
+      "php_value[session.name]" = "ShaarliPHPSESSID";
+      "php_admin_value[open_basedir]" = "${basedir}:/tmp";
+      "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
+      "php_admin_value[upload_max_filesize]" = "200M";
+      "php_admin_value[post_max_size]" = "200M";
+    };
   };
 }
My infrastructure configuration