-{ lib, env, fetchedGithub, writeText, stdenv, fetchurl }:
+{ env, kanboard }:
rec {
varDir = "/var/lib/kanboard";
activationScript = {
install -TDm644 ${webRoot}/dataold/web.config ${varDir}/data/web.config
'';
};
- keys.tools-kanboard = {
- destDir = "/run/keys/webapps";
+ keys = [{
+ dest = "webapps/tools-kanboard";
user = apache.user;
group = apache.group;
- permissions = "0700";
+ permissions = "0400";
text = ''
<?php
define('MAIL_FROM', 'kanboard@tools.immae.eu');
define('DB_HOSTNAME', '${env.postgresql.socket}');
define('DB_NAME', '${env.postgresql.database}');
+ define('DATA_DIR', '${varDir}');
define('LDAP_AUTH', true);
define('LDAP_SERVER', '${env.ldap.host}');
define('LDAP_START_TLS', true);
define('LDAP_GROUP_ADMIN_DN', 'cn=admins,cn=kanboard,ou=services,dc=immae,dc=eu');
?>
'';
- };
- webRoot = stdenv.mkDerivation (fetchedGithub ./kanboard.json // rec {
- dontBuild = true;
- installPhase = ''
- cp -a . $out
- ln -s /run/keys/webapps/tools-kanboard $out/config.php
- mv $out/data $out/dataold
- ln -s ${varDir}/data $out/data
- '';
- });
+ }];
+ webRoot = kanboard { kanboard_config = "/var/secrets/webapps/tools-kanboard"; };
apache = rec {
user = "wwwrun";
group = "wwwrun";
'';
};
phpFpm = rec {
- serviceDeps = [ "postgresql.service" "openldap.service" "tools-kanboard-key.service" ];
- basedir = builtins.concatStringsSep ":" [ webRoot varDir "/run/keys/webapps/tools-kanboard" ];
+ serviceDeps = [ "postgresql.service" "openldap.service" ];
+ basedir = builtins.concatStringsSep ":" [ webRoot varDir "/var/secrets/webapps/tools-kanboard" ];
socket = "/var/run/phpfpm/kanboard.sock";
pool = ''
listen = ${socket}
projects / perso / Immae / Config / Nix.git / blobdiff