+++ /dev/null
-{ env, yourls, yourls-plugins }:
-rec {
- activationScript = ''
- install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/yourls
- '';
- keys = [{
- dest = "webapps/tools-yourls";
- user = apache.user;
- group = apache.group;
- permissions = "0400";
- text = ''
- <?php
- define( 'YOURLS_DB_USER', '${env.mysql.user}' );
- define( 'YOURLS_DB_PASS', '${env.mysql.password}' );
- define( 'YOURLS_DB_NAME', '${env.mysql.database}' );
- define( 'YOURLS_DB_HOST', '${env.mysql.host}' );
- define( 'YOURLS_DB_PREFIX', 'yourls_' );
- define( 'YOURLS_SITE', 'https://tools.immae.eu/url' );
- define( 'YOURLS_HOURS_OFFSET', 0 );
- define( 'YOURLS_LANG', ''' );
- define( 'YOURLS_UNIQUE_URLS', true );
- define( 'YOURLS_PRIVATE', true );
- define( 'YOURLS_COOKIEKEY', '${env.cookieKey}' );
- $yourls_user_passwords = array();
- define( 'YOURLS_DEBUG', false );
- define( 'YOURLS_URL_CONVERT', 36 );
- $yourls_reserved_URL = array();
- define( 'LDAPAUTH_HOST', 'ldaps://ldap.immae.eu' );
- define( 'LDAPAUTH_PORT', '636' );
- define( 'LDAPAUTH_BASE', 'dc=immae,dc=eu' );
- define( 'LDAPAUTH_SEARCH_USER', 'cn=yourls,ou=services,dc=immae,dc=eu' );
- define( 'LDAPAUTH_SEARCH_PASS', '${env.ldap.password}' );
-
- define( 'LDAPAUTH_GROUP_ATTR', 'memberof' );
- define( 'LDAPAUTH_GROUP_REQ', 'cn=admin,cn=yourls,ou=services,dc=immae,dc=eu');
-
- define( 'LDAPAUTH_USERCACHE_TYPE', 0);
- '';
- }];
- webRoot = (yourls.override { yourls_config = "/var/secrets/webapps/tools-yourls"; }).withPlugins
- (builtins.attrValues yourls-plugins);
- apache = rec {
- user = "wwwrun";
- group = "wwwrun";
- modules = [ "proxy_fcgi" ];
- webappName = "tools_yourls";
- root = "/run/current-system/webapps/${webappName}";
- vhostConf = ''
- Alias /url "${root}"
- <Directory "${root}">
- <FilesMatch "\.php$">
- SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
- </FilesMatch>
-
- AllowOverride None
- Require all granted
- <IfModule mod_rewrite.c>
- RewriteEngine On
- RewriteBase /url/
- RewriteCond %{REQUEST_FILENAME} !-f
- RewriteCond %{REQUEST_FILENAME} !-d
- RewriteRule ^.*$ /url/yourls-loader.php [L]
- </IfModule>
- DirectoryIndex index.php
- </Directory>
- '';
- };
- phpFpm = rec {
- serviceDeps = [ "mysql.service" "openldap.service" ];
- basedir = builtins.concatStringsSep ":" (
- [ webRoot "/var/secrets/webapps/tools-yourls" ]
- ++ webRoot.plugins);
- socket = "/var/run/phpfpm/yourls.sock";
- pool = ''
- listen = ${socket}
- user = ${apache.user}
- group = ${apache.group}
- listen.owner = ${apache.user}
- listen.group = ${apache.group}
- pm = ondemand
- pm.max_children = 60
- pm.process_idle_timeout = 60
-
- ; Needed to avoid clashes in browser cookies (same domain)
- php_value[session.name] = YourlsPHPSESSID
- php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/yourls"
- php_admin_value[session.save_path] = "/var/lib/php/sessions/yourls"
- '';
- };
-}