-{ stdenv, fetchurl, gettext, writeText, env }:
-let
- awl = stdenv.mkDerivation rec {
- version = "0.59";
- name = "awl-${version}";
- src = fetchurl {
- url = "https://www.davical.org/downloads/awl_${version}.orig.tar.xz";
- sha256 = "01b7km7ga3ggbpp8axkc55nizgk5c35fl2z93iydb3hwbxmsvnjp";
- };
- unpackCmd = ''
- tar --one-top-level -xf $curSrc
- '';
- installPhase = ''
- mkdir -p $out
- cp -ra dba docs inc scripts tests $out
- '';
- };
- davical = rec {
- keys = [{
- dest = "webapps/dav-davical";
- user = apache.user;
- group = apache.group;
- permissions = "0400";
- text = ''
- <?php
- $c->pg_connect[] = "dbname=${env.postgresql.database} user=${env.postgresql.user} host=${env.postgresql.socket} password=${env.postgresql.password}";
+{ stdenv, fetchurl, gettext, writeText, env, awl, davical }:
+rec {
+ keys = [{
+ dest = "webapps/dav-davical";
+ user = apache.user;
+ group = apache.group;
+ permissions = "0400";
+ text = ''
+ <?php
+ $c->pg_connect[] = "dbname=${env.postgresql.database} user=${env.postgresql.user} host=${env.postgresql.socket} password=${env.postgresql.password}";
- $c->readonly_webdav_collections = false;
+ $c->readonly_webdav_collections = false;
- $c->admin_email ='davical@tools.immae.eu';
+ $c->admin_email ='davical@tools.immae.eu';
- $c->restrict_setup_to_admin = true;
+ $c->restrict_setup_to_admin = true;
- $c->collections_always_exist = false;
+ $c->collections_always_exist = false;
- $c->external_refresh = 60;
+ $c->external_refresh = 60;
- $c->enable_scheduling = true;
+ $c->enable_scheduling = true;
- $c->iMIP = (object) array("send_email" => true);
+ $c->iMIP = (object) array("send_email" => true);
- $c->authenticate_hook['optional'] = false;
- $c->authenticate_hook['call'] = 'LDAP_check';
- $c->authenticate_hook['config'] = array(
- 'host' => 'ldap.immae.eu',
- 'port' => '389',
- 'startTLS' => 'yes',
- 'bindDN'=> 'cn=davical,ou=services,dc=immae,dc=eu',
- 'passDN'=> '${env.ldap.password}',
- 'protocolVersion' => '3',
- 'baseDNUsers'=> array('ou=users,dc=immae,dc=eu', 'ou=group_users,dc=immae,dc=eu'),
- 'filterUsers' => 'memberOf=cn=users,cn=davical,ou=services,dc=immae,dc=eu',
- 'baseDNGroups' => 'ou=groups,dc=immae,dc=eu',
- 'filterGroups' => 'memberOf=cn=groups,cn=davical,ou=services,dc=immae,dc=eu',
- 'mapping_field' => array(
- "username" => "uid",
- "fullname" => "cn",
- "email" => "mail",
- "modified" => "modifyTimestamp",
- ),
- 'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)),
- /** used to set default value for all users, will be overcharged by ldap if defined also in mapping_field **/
- // 'default_value' => array("date_format_type" => "E","locale" => "fr_FR"),
- 'group_mapping_field' => array(
- "username" => "cn",
- "updated" => "modifyTimestamp",
- "fullname" => "givenName",
- "displayname" => "givenName",
- "members" => "memberUid",
- "email" => "mail",
- ),
- );
+ $c->authenticate_hook['optional'] = false;
+ $c->authenticate_hook['call'] = 'LDAP_check';
+ $c->authenticate_hook['config'] = array(
+ 'host' => 'ldap.immae.eu',
+ 'port' => '389',
+ 'startTLS' => 'yes',
+ 'bindDN'=> 'cn=davical,ou=services,dc=immae,dc=eu',
+ 'passDN'=> '${env.ldap.password}',
+ 'protocolVersion' => '3',
+ 'baseDNUsers'=> array('ou=users,dc=immae,dc=eu', 'ou=group_users,dc=immae,dc=eu'),
+ 'filterUsers' => 'memberOf=cn=users,cn=davical,ou=services,dc=immae,dc=eu',
+ 'baseDNGroups' => 'ou=groups,dc=immae,dc=eu',
+ 'filterGroups' => 'memberOf=cn=groups,cn=davical,ou=services,dc=immae,dc=eu',
+ 'mapping_field' => array(
+ "username" => "uid",
+ "fullname" => "cn",
+ "email" => "mail",
+ "modified" => "modifyTimestamp",
+ ),
+ 'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)),
+ /** used to set default value for all users, will be overcharged by ldap if defined also in mapping_field **/
+ // 'default_value' => array("date_format_type" => "E","locale" => "fr_FR"),
+ 'group_mapping_field' => array(
+ "username" => "cn",
+ "updated" => "modifyTimestamp",
+ "fullname" => "givenName",
+ "displayname" => "givenName",
+ "members" => "memberUid",
+ "email" => "mail",
+ ),
+ );
- $c->do_not_sync_from_ldap = array('admin' => true);
- include('drivers_ldap.php');
- '';
- }];
- webapp = stdenv.mkDerivation rec {
- version = "1.1.7";
- name = "davical-${version}";
- src = fetchurl {
- url = "https://www.davical.org/downloads/davical_${version}.orig.tar.xz";
- sha256 = "1ar5m2dxr92b204wkdi8z33ir9vz2jbh5k1p74icpv9ywifvjjp9";
- };
- unpackCmd = ''
- tar --one-top-level -xf $curSrc
- '';
- makeFlags = "all";
- patches = [ ./davical_19eb79ebf9250e5f339675319902458c40ed1755.patch ];
- installPhase = ''
- mkdir -p $out
- cp -ra config dba docs htdocs inc locale po scripts testing zonedb $out
- ln -s /var/secrets/webapps/dav-davical $out/config/config.php
- '';
- buildInputs = [ gettext ];
- };
- webRoot = "${webapp}/htdocs";
- apache = rec {
- user = "wwwrun";
- group = "wwwrun";
- modules = [ "proxy_fcgi" ];
- webappName = "tools_davical";
- root = "/run/current-system/webapps/${webappName}";
- vhostConf = ''
- Alias /davical "${root}"
- Alias /caldav.php "${root}/caldav.php"
- <Directory "${root}">
- DirectoryIndex index.php index.html
- AcceptPathInfo On
- AllowOverride None
- Require all granted
+ $c->do_not_sync_from_ldap = array('admin' => true);
+ include('drivers_ldap.php');
+ '';
+ }];
+ webapp = davical.override { config = "/var/secrets/webapps/dav-davical"; };
+ webRoot = "${webapp}/htdocs";
+ apache = rec {
+ user = "wwwrun";
+ group = "wwwrun";
+ modules = [ "proxy_fcgi" ];
+ webappName = "tools_davical";
+ root = "/run/current-system/webapps/${webappName}";
+ vhostConf = ''
+ Alias /davical "${root}"
+ Alias /caldav.php "${root}/caldav.php"
+ <Directory "${root}">
+ DirectoryIndex index.php index.html
+ AcceptPathInfo On
+ AllowOverride None
+ Require all granted
- <FilesMatch "\.php$">
- CGIPassAuth on
- SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
- </FilesMatch>
+ <FilesMatch "\.php$">
+ CGIPassAuth on
+ SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+ </FilesMatch>
- RewriteEngine On
- <IfModule mod_headers.c>
- Header unset Access-Control-Allow-Origin
- Header unset Access-Control-Allow-Methods
- Header unset Access-Control-Allow-Headers
- Header unset Access-Control-Allow-Credentials
- Header unset Access-Control-Expose-Headers
+ RewriteEngine On
+ <IfModule mod_headers.c>
+ Header unset Access-Control-Allow-Origin
+ Header unset Access-Control-Allow-Methods
+ Header unset Access-Control-Allow-Headers
+ Header unset Access-Control-Allow-Credentials
+ Header unset Access-Control-Expose-Headers
- Header always set Access-Control-Allow-Origin "*"
- Header always set Access-Control-Allow-Methods "GET,POST,OPTIONS,PROPFIND,PROPPATCH,REPORT,PUT,MOVE,DELETE,LOCK,UNLOCK"
- Header always set Access-Control-Allow-Headers "User-Agent,Authorization,Content-type,Depth,If-match,If-None-Match,Lock-Token,Timeout,Destination,Overwrite,Prefer,X-client,X-Requested-With"
- Header always set Access-Control-Allow-Credentials false
- Header always set Access-Control-Expose-Headers "Etag,Preference-Applied"
+ Header always set Access-Control-Allow-Origin "*"
+ Header always set Access-Control-Allow-Methods "GET,POST,OPTIONS,PROPFIND,PROPPATCH,REPORT,PUT,MOVE,DELETE,LOCK,UNLOCK"
+ Header always set Access-Control-Allow-Headers "User-Agent,Authorization,Content-type,Depth,If-match,If-None-Match,Lock-Token,Timeout,Destination,Overwrite,Prefer,X-client,X-Requested-With"
+ Header always set Access-Control-Allow-Credentials false
+ Header always set Access-Control-Expose-Headers "Etag,Preference-Applied"
- RewriteCond %{HTTP:Access-Control-Request-Method} !^$
- RewriteCond %{REQUEST_METHOD} OPTIONS
- RewriteRule ^(.*)$ $1 [R=200,L]
- </IfModule>
- </Directory>
- '';
- };
- phpFpm = rec {
- serviceDeps = [ "postgresql.service" "openldap.service" ];
- basedir = builtins.concatStringsSep ":" [ webapp "/var/secrets/webapps/dav-davical" awl ];
- socket = "/var/run/phpfpm/davical.sock";
- pool = ''
- listen = ${socket}
- user = ${apache.user}
- group = ${apache.group}
- listen.owner = ${apache.user}
- listen.group = ${apache.group}
- pm = dynamic
- pm.max_children = 60
- pm.start_servers = 2
- pm.min_spare_servers = 1
- pm.max_spare_servers = 10
+ RewriteCond %{HTTP:Access-Control-Request-Method} !^$
+ RewriteCond %{REQUEST_METHOD} OPTIONS
+ RewriteRule ^(.*)$ $1 [R=200,L]
+ </IfModule>
+ </Directory>
+ '';
+ };
+ phpFpm = rec {
+ serviceDeps = [ "postgresql.service" "openldap.service" ];
+ basedir = builtins.concatStringsSep ":" [ webapp "/var/secrets/webapps/dav-davical" awl ];
+ socket = "/var/run/phpfpm/davical.sock";
+ pool = ''
+ listen = ${socket}
+ user = ${apache.user}
+ group = ${apache.group}
+ listen.owner = ${apache.user}
+ listen.group = ${apache.group}
+ pm = dynamic
+ pm.max_children = 60
+ pm.start_servers = 2
+ pm.min_spare_servers = 1
+ pm.max_spare_servers = 10
- ; Needed to avoid clashes in browser cookies (same domain)
- php_value[session.name] = DavicalPHPSESSID
- php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/davical"
- php_admin_value[include_path] = "${awl}/inc:${webapp}/inc"
- php_admin_value[session.save_path] = "/var/lib/php/sessions/davical"
- php_flag[magic_quotes_gpc] = Off
- php_flag[register_globals] = Off
- php_admin_value[error_reporting] = "E_ALL & ~E_NOTICE"
- php_admin_value[default_charset] = "utf-8"
- php_flag[magic_quotes_runtime] = Off
- '';
- };
+ ; Needed to avoid clashes in browser cookies (same domain)
+ php_value[session.name] = DavicalPHPSESSID
+ php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/davical"
+ php_admin_value[include_path] = "${awl}/inc:${webapp}/inc"
+ php_admin_value[session.save_path] = "/var/lib/php/sessions/davical"
+ php_flag[magic_quotes_gpc] = Off
+ php_flag[register_globals] = Off
+ php_admin_value[error_reporting] = "E_ALL & ~E_NOTICE"
+ php_admin_value[default_charset] = "utf-8"
+ php_flag[magic_quotes_runtime] = Off
+ '';
};
-in
- davical
+}
projects / perso / Immae / Config / Nix.git / blobdiff