Cleanup php session directories

[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / git / mantisbt / mantisbt.nix

diff --git a/nixops/modules/websites/tools/git/mantisbt/mantisbt.nix b/nixops/modules/websites/tools/git/mantisbt/mantisbt.nix
index b1837eb49e2f09a4c587b1fe55a3a24acd538076..b564058c067db6bab7ed86107090e5d3c508f6e3 100644 (file)
--- a/nixops/modules/websites/tools/git/mantisbt/mantisbt.nix
+++ b/nixops/modules/websites/tools/git/mantisbt/mantisbt.nix
@@ -17,41 +17,46 @@ let
       });
     };
   in rec {
-    config = 
-      writeText "config_inc.php" ''
-      <?php
-      $g_hostname              = '${env.postgresql.socket}';
-      $g_db_username           = '${env.postgresql.user}';
-      $g_db_password           = '${env.postgresql.password}';
-      $g_database_name         = '${env.postgresql.database}';
-      $g_db_type               = 'pgsql';
-      $g_crypto_master_salt    = '${env.master_salt}';
-      $g_allow_signup          = OFF;
-      $g_allow_anonymous_login = ON;
-      $g_anonymous_account     = 'anonymous';
+    keys."tools-mantisbt" = {
+      destDir = "/run/keys/webapps";
+      user = apache.user;
+      group = apache.group;
+      permissions = "0400";
+      text = ''
+        <?php
+        $g_hostname              = '${env.postgresql.socket}';
+        $g_db_username           = '${env.postgresql.user}';
+        $g_db_password           = '${env.postgresql.password}';
+        $g_database_name         = '${env.postgresql.database}';
+        $g_db_type               = 'pgsql';
+        $g_crypto_master_salt    = '${env.master_salt}';
+        $g_allow_signup          = OFF;
+        $g_allow_anonymous_login = ON;
+        $g_anonymous_account     = 'anonymous';
 
-      $g_phpMailer_method      = PHPMAILER_METHOD_SENDMAIL;
-      $g_smtp_host             = 'localhost';
-      $g_smtp_username         = ''';
-      $g_smtp_password         = ''';
-      $g_webmaster_email       = 'webmaster@immae.eu';
-      $g_from_email            = 'noreply@immae.eu';
-      $g_return_path_email     = 'webmaster@immae.eu';
-      $g_from_name             = 'Mantis Bug Tracker at immae.eu';
-      $g_email_receive_own     = OFF;
-      # --- LDAP ---
-      $g_login_method = LDAP;
-      $g_ldap_protocol_version = 3;
-      $g_ldap_server = 'ldaps://ldap.immae.eu:636';
-      $g_ldap_root_dn = 'ou=users,dc=immae,dc=eu';
-      $g_ldap_bind_dn = 'cn=mantisbt,ou=services,dc=immae,dc=eu';
-      $g_ldap_bind_passwd = '${env.ldap.password}';
-      $g_use_ldap_email = ON;
-      $g_use_ldap_realname = ON;
-      $g_ldap_uid_field = 'uid'; 
-      $g_ldap_realname_field = 'cn';
-      $g_ldap_organization = '(memberOf=cn=users,cn=mantisbt,ou=services,dc=immae,dc=eu)';
+        $g_phpMailer_method    = PHPMAILER_METHOD_SENDMAIL;
+        $g_smtp_host           = 'localhost';
+        $g_smtp_username               = ''';
+        $g_smtp_password               = ''';
+        $g_webmaster_email     = 'mantisbt@tools.immae.eu';
+        $g_from_email          = 'mantisbt@tools.immae.eu';
+        $g_return_path_email   = 'mantisbt@tools.immae.eu';
+        $g_from_name           = 'Mantis Bug Tracker at git.immae.eu';
+        $g_email_receive_own   = OFF;
+        # --- LDAP ---
+        $g_login_method = LDAP;
+        $g_ldap_protocol_version = 3;
+        $g_ldap_server = 'ldaps://ldap.immae.eu:636';
+        $g_ldap_root_dn = 'ou=users,dc=immae,dc=eu';
+        $g_ldap_bind_dn = 'cn=mantisbt,ou=services,dc=immae,dc=eu';
+        $g_ldap_bind_passwd = '${env.ldap.password}';
+        $g_use_ldap_email = ON;
+        $g_use_ldap_realname = ON;
+        $g_ldap_uid_field = 'uid';
+        $g_ldap_realname_field = 'cn';
+        $g_ldap_organization = '(memberOf=cn=users,cn=mantisbt,ou=services,dc=immae,dc=eu)';
       '';
+    };
     webRoot = stdenv.mkDerivation rec {
       name = "mantisbt-${version}";
       version = "2.11.1";
@@ -67,18 +72,20 @@ let
         ];
       installPhase = ''
         cp -a . $out
-        ln -s ${config} $out/config/config_inc.php
+        ln -s /run/keys/webapps/tools-mantisbt $out/config/config_inc.php
         ln -s ${plugins.slack} $out/plugins/Slack
         ln -s ${plugins.source-integration}/Source* $out/plugins/
       '';
     };
-    apache = {
+    apache = rec {
       user = "wwwrun";
       group = "wwwrun";
       modules = [ "proxy_fcgi" ];
+      webappName = "tools_mantisbt";
+      root = "/run/current-system/webapps/${webappName}";
       vhostConf = ''
-        Alias /mantisbt "${webRoot}"
-        <Directory "${webRoot}">
+        Alias /mantisbt "${root}"
+        <Directory "${root}">
           DirectoryIndex index.php
           <FilesMatch "\.php$">
             SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
@@ -88,15 +95,16 @@ let
           Options FollowSymlinks
           Require all granted
         </Directory>
-        <Directory "${webRoot}/admin">
+        <Directory "${root}/admin">
           #Reenable during upgrade
           Require all denied
         </Directory>
         '';
     };
     phpFpm = rec {
+      serviceDeps = [ "postgresql.service" "openldap.service" "tools-mantisbt-key.service" ];
       basedir = builtins.concatStringsSep ":" (
-        [ webRoot config ]
+        [ webRoot "/run/keys/webapps/tools-mantisbt" ]
         ++ lib.attrsets.mapAttrsToList (name: value: value) plugins);
       socket = "/var/run/phpfpm/mantisbt.sock";
       pool = ''
@@ -111,10 +119,10 @@ let
 
         php_admin_value[upload_max_filesize] = 5000000
 
-        php_admin_value[open_basedir] = "${basedir}:/tmp"
+        php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/mantisbt"
         php_admin_value[session.save_path] = "/var/lib/php/sessions/mantisbt"
         '';
     };
   };
-in 
+in
   mantisbt