-{ env, wallabag, mylibs }:
+{ env, wallabag, mylibs, config }:
rec {
+ backups = {
+ rootDir = varDir;
+ remotes = [ "eriomem" "ovh" ];
+ };
varDir = "/var/lib/wallabag";
keys = [{
dest = "webapps/tools-wallabag";
redis_password: null
sites_credentials: { }
ldap_enabled: true
- ldap_host: ldap.immae.eu
+ ldap_host: ${env.ldap.host}
ldap_port: 636
ldap_tls: false
ldap_ssl: true
ldap_bind_requires_dn: true
- ldap_base: 'dc=immae,dc=eu'
- ldap_manager_dn: 'cn=wallabag,ou=services,dc=immae,dc=eu'
+ ldap_base: '${env.ldap.base}'
+ ldap_manager_dn: '${env.ldap.dn}'
ldap_manager_pw: ${env.ldap.password}
- ldap_filter: '(&(memberOf=cn=users,cn=wallabag,ou=services,dc=immae,dc=eu))'
- ldap_admin_filter: '(&(memberOf=cn=admins,cn=wallabag,ou=services,dc=immae,dc=eu)(uid=%s))'
+ ldap_filter: '${env.ldap.filter}'
+ ldap_admin_filter: '${env.ldap.admin_filter}'
ldap_username_attribute: uid
ldap_email_attribute: mail
ldap_name_attribute: cn
arguments: ['/run/wrappers/bin/sendmail -bs']
'';
}];
- webappDir = wallabag.override { ldap = true; wallabag_config = "/var/secrets/webapps/tools-wallabag"; };
+ webappDir = wallabag.override { ldap = true; wallabag_config = config.secrets.fullPaths."webapps/tools-wallabag"; };
activationScript = ''
install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
${varDir}/var ${varDir}/data/db ${varDir}/assets/images
modules = [ "proxy_fcgi" ];
webappName = "tools_wallabag";
root = "/run/current-system/webapps/${webappName}";
- vhostConf = ''
+ vhostConf = socket: ''
Alias /wallabag "${root}"
<Directory "${root}">
AllowOverride None
CGIPassAuth On
<FilesMatch "\.php$">
- SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+ SetHandler "proxy:unix:${socket}|fcgi://localhost"
</FilesMatch>
<IfModule mod_rewrite.c>
'';
};
phpFpm = rec {
- preStart = mylibs.phpFpmPreStart {
- app = webappDir;
- inherit varDir;
- keyFiles = [
- "/var/secrets/webapps/tools-wallabag"
- ];
- actions = [
- "/run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod cache:clear"
- "rm -rf /var/lib/wallabag/var/cache/pro_"
- "/run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate --no-interaction"
- ];
- };
+ preStart = ''
+ if [ ! -f "${varDir}/currentWebappDir" -o \
+ ! -f "${varDir}/currentKey" -o \
+ "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ] \
+ || ! sha512sum -c --status ${varDir}/currentKey; then
+ pushd ${webappDir} > /dev/null
+ /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod cache:clear
+ rm -rf /var/lib/wallabag/var/cache/pro_
+ /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate --no-interaction
+ popd > /dev/null
+ echo -n "${webappDir}" > ${varDir}/currentWebappDir
+ sha512sum ${config.secrets.fullPaths."webapps/tools-wallabag"} > ${varDir}/currentKey
+ fi
+ '';
serviceDeps = [ "postgresql.service" "openldap.service" ];
- basedir = builtins.concatStringsSep ":" [ webappDir "/var/secrets/webapps/tools-wallabag" varDir ];
- socket = "/var/run/phpfpm/wallabag.sock";
- pool = ''
- listen = ${socket}
- user = ${apache.user}
- group = ${apache.group}
- listen.owner = ${apache.user}
- listen.group = ${apache.group}
- pm = dynamic
- pm.max_children = 60
- pm.start_servers = 2
- pm.min_spare_servers = 1
- pm.max_spare_servers = 10
+ basedir = builtins.concatStringsSep ":" [ webappDir config.secrets.fullPaths."webapps/tools-wallabag" varDir ];
+ pool = {
+ "listen.owner" = apache.user;
+ "listen.group" = apache.group;
+ "pm" = "dynamic";
+ "pm.max_children" = "60";
+ "pm.start_servers" = "2";
+ "pm.min_spare_servers" = "1";
+ "pm.max_spare_servers" = "10";
- ; Needed to avoid clashes in browser cookies (same domain)
- php_value[session.name] = WallabagPHPSESSID
- php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:${basedir}:/tmp"
- php_value[max_execution_time] = 300
- '';
+ # Needed to avoid clashes in browser cookies (same domain)
+ "php_value[session.name]" = "WallabagPHPSESSID";
+ "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:${basedir}:/tmp";
+ "php_value[max_execution_time]" = "300";
+ };
};
}
projects / perso / Immae / Config / Nix.git / blobdiff