deps = [ "wrappers" ];
text = ''
install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}/data
- install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
install -TDm644 ${webRoot}/dataold/.htaccess ${varDir}/data/.htaccess
install -TDm644 ${webRoot}/dataold/web.config ${varDir}/data/web.config
'';
group = apache.group;
permissions = "0400";
text = ''
- <?php
- define('MAIL_FROM', 'kanboard@tools.immae.eu');
+ SetEnv MAIL_FROM "kanboard@tools.immae.eu"
- define('DB_DRIVER', 'postgres');
- define('DB_USERNAME', '${env.postgresql.user}');
- define('DB_PASSWORD', '${env.postgresql.password}');
- define('DB_HOSTNAME', '${env.postgresql.socket}');
- define('DB_NAME', '${env.postgresql.database}');
+ SetEnv DB_DRIVER "postgres"
+ SetEnv DB_USERNAME "${env.postgresql.user}"
+ SetEnv DB_PASSWORD "${env.postgresql.password}"
+ SetEnv DB_HOSTNAME "${env.postgresql.socket}"
+ SetEnv DB_NAME "${env.postgresql.database}"
- define('DATA_DIR', '${varDir}');
- define('LDAP_AUTH', true);
- define('LDAP_SERVER', '${env.ldap.host}');
- define('LDAP_START_TLS', true);
+ SetEnv DATA_DIR "${varDir}"
+ SetEnv LDAP_AUTH "true"
+ SetEnv LDAP_SERVER "${env.ldap.host}"
+ SetEnv LDAP_START_TLS "true"
- define('LDAP_BIND_TYPE', 'proxy');
- define('LDAP_USERNAME', '${env.ldap.dn}');
- define('LDAP_PASSWORD', '${env.ldap.password}');
- define('LDAP_USER_BASE_DN', '${env.ldap.base}');
- define('LDAP_USER_FILTER', '${env.ldap.filter}');
- define('LDAP_GROUP_ADMIN_DN', '${env.ldap.admin_dn}');
- ?>
+ SetEnv LDAP_BIND_TYPE "proxy"
+ SetEnv LDAP_USERNAME "${env.ldap.dn}"
+ SetEnv LDAP_PASSWORD "${env.ldap.password}"
+ SetEnv LDAP_USER_BASE_DN "${env.ldap.base}"
+ SetEnv LDAP_USER_FILTER "${env.ldap.filter}"
+ SetEnv LDAP_GROUP_ADMIN_DN "${env.ldap.admin_dn}"
'';
};
- webRoot = kanboard { kanboard_config = config.secrets.fullPaths."webapps/tools-kanboard"; };
+ webRoot = kanboard;
apache = rec {
user = "wwwrun";
group = "wwwrun";
root = webRoot;
vhostConf = socket: ''
Alias /kanboard "${root}"
+ <Location /kanboard>
+ Include ${config.secrets.fullPaths."webapps/tools-kanboard"}
+ </Location>
<Directory "${root}">
DirectoryIndex index.php
AllowOverride All
};
phpFpm = rec {
serviceDeps = [ "postgresql.service" "openldap.service" ];
- basedir = builtins.concatStringsSep ":" [ webRoot varDir config.secrets.fullPaths."webapps/tools-kanboard" ];
+ basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
pool = {
"listen.owner" = apache.user;
"listen.group" = apache.group;
# Needed to avoid clashes in browser cookies (same domain)
"php_value[session.name]" = "KanboardPHPSESSID";
"php_admin_value[open_basedir]" = "${basedir}:/tmp";
- "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Kanboard:'";
};
};
}