install -TDm644 ${webRoot}/dataold/web.config ${varDir}/data/web.config
'';
};
- config = writeText "config.php" ''
- <?php
- define('MAIL_FROM', 'kanboard@tools.immae.eu');
+ keys.tools-kanboard = {
+ destDir = "/run/keys/webapps";
+ user = apache.user;
+ group = apache.group;
+ permissions = "0400";
+ text = ''
+ <?php
+ define('MAIL_FROM', 'kanboard@tools.immae.eu');
- define('DB_DRIVER', 'postgres');
- define('DB_USERNAME', '${env.postgresql.user}');
- define('DB_PASSWORD', '${env.postgresql.password}');
- define('DB_HOSTNAME', '${env.postgresql.socket}');
- define('DB_NAME', '${env.postgresql.database}');
+ define('DB_DRIVER', 'postgres');
+ define('DB_USERNAME', '${env.postgresql.user}');
+ define('DB_PASSWORD', '${env.postgresql.password}');
+ define('DB_HOSTNAME', '${env.postgresql.socket}');
+ define('DB_NAME', '${env.postgresql.database}');
- define('LDAP_AUTH', true);
- define('LDAP_SERVER', '${env.ldap.host}');
- define('LDAP_START_TLS', true);
+ define('LDAP_AUTH', true);
+ define('LDAP_SERVER', '${env.ldap.host}');
+ define('LDAP_START_TLS', true);
- define('LDAP_BIND_TYPE', 'proxy');
- define('LDAP_USERNAME', '${env.ldap.dn}');
- define('LDAP_PASSWORD', '${env.ldap.password}');
- define('LDAP_USER_BASE_DN', '${env.ldap.base}');
- define('LDAP_USER_FILTER', '(&(memberOf=cn=users,cn=kanboard,ou=services,dc=immae,dc=eu)(uid=%s))');
- define('LDAP_GROUP_ADMIN_DN', 'cn=admins,cn=kanboard,ou=services,dc=immae,dc=eu');
- ?>
- '';
+ define('LDAP_BIND_TYPE', 'proxy');
+ define('LDAP_USERNAME', '${env.ldap.dn}');
+ define('LDAP_PASSWORD', '${env.ldap.password}');
+ define('LDAP_USER_BASE_DN', '${env.ldap.base}');
+ define('LDAP_USER_FILTER', '(&(memberOf=cn=users,cn=kanboard,ou=services,dc=immae,dc=eu)(uid=%s))');
+ define('LDAP_GROUP_ADMIN_DN', 'cn=admins,cn=kanboard,ou=services,dc=immae,dc=eu');
+ ?>
+ '';
+ };
webRoot = stdenv.mkDerivation (fetchedGithub ./kanboard.json // rec {
dontBuild = true;
installPhase = ''
cp -a . $out
- ln -s ${config} $out/config.php
+ ln -s /run/keys/webapps/tools-kanboard $out/config.php
mv $out/data $out/dataold
ln -s ${varDir}/data $out/data
'';
'';
};
phpFpm = rec {
- basedir = builtins.concatStringsSep ":" [ webRoot varDir config ];
+ serviceDeps = [ "postgresql.service" "openldap.service" "tools-kanboard-key.service" ];
+ basedir = builtins.concatStringsSep ":" [ webRoot varDir "/run/keys/webapps/tools-kanboard" ];
socket = "/var/run/phpfpm/kanboard.sock";
pool = ''
listen = ${socket}