Squash changes containing private information

[perso/Immae/Config/Nix.git] / systems / eldiron / websites / tools / kanboard.nix

diff --git a/modules/private/websites/tools/tools/kanboard.nix b/systems/eldiron/websites/tools/kanboard.nix
similarity index 56%
rename from modules/private/websites/tools/tools/kanboard.nix
rename to systems/eldiron/websites/tools/kanboard.nix
index 4809a42660e4ffc9a8ceea69b2d573dc92f2e6fb..db39ecdcb087f7047dc9b12667392308f1bc8c2d 100644 (file)
--- a/modules/private/websites/tools/tools/kanboard.nix
+++ b/systems/eldiron/websites/tools/kanboard.nix
@@ -5,7 +5,6 @@ rec {
     deps = [ "wrappers" ];
     text = ''
       install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}/data
-      install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
       install -TDm644 ${webRoot}/dataold/.htaccess ${varDir}/data/.htaccess
       install -TDm644 ${webRoot}/dataold/web.config ${varDir}/data/web.config
     '';
@@ -15,30 +14,28 @@ rec {
     group = apache.group;
     permissions = "0400";
     text = ''
-      <?php
-      define('MAIL_FROM', 'kanboard@tools.immae.eu');
+      SetEnv MAIL_FROM "kanboard@tools.immae.eu"
 
-      define('DB_DRIVER', 'postgres');
-      define('DB_USERNAME', '${env.postgresql.user}');
-      define('DB_PASSWORD', '${env.postgresql.password}');
-      define('DB_HOSTNAME', '${env.postgresql.socket}');
-      define('DB_NAME', '${env.postgresql.database}');
+      SetEnv DB_DRIVER "postgres"
+      SetEnv DB_USERNAME "${env.postgresql.user}"
+      SetEnv DB_PASSWORD "${env.postgresql.password}"
+      SetEnv DB_HOSTNAME "${env.postgresql.socket}"
+      SetEnv DB_NAME "${env.postgresql.database}"
 
-      define('DATA_DIR', '${varDir}');
-      define('LDAP_AUTH', true);
-      define('LDAP_SERVER', '${env.ldap.host}');
-      define('LDAP_START_TLS', true);
+      SetEnv DATA_DIR "${varDir}"
+      SetEnv LDAP_AUTH "true"
+      SetEnv LDAP_SERVER "${env.ldap.host}"
+      SetEnv LDAP_START_TLS "true"
 
-      define('LDAP_BIND_TYPE', 'proxy');
-      define('LDAP_USERNAME', '${env.ldap.dn}');
-      define('LDAP_PASSWORD', '${env.ldap.password}');
-      define('LDAP_USER_BASE_DN', '${env.ldap.base}');
-      define('LDAP_USER_FILTER', '${env.ldap.filter}');
-      define('LDAP_GROUP_ADMIN_DN', '${env.ldap.admin_dn}');
-      ?>
+      SetEnv LDAP_BIND_TYPE "proxy"
+      SetEnv LDAP_USERNAME "${env.ldap.dn}"
+      SetEnv LDAP_PASSWORD "${env.ldap.password}"
+      SetEnv LDAP_USER_BASE_DN "${env.ldap.base}"
+      SetEnv LDAP_USER_FILTER "${env.ldap.filter}"
+      SetEnv LDAP_GROUP_ADMIN_DN "${env.ldap.admin_dn}"
       '';
   };
-  webRoot = kanboard { kanboard_config = config.secrets.fullPaths."webapps/tools-kanboard"; };
+  webRoot = kanboard;
   apache = rec {
     user = "wwwrun";
     group = "wwwrun";
@@ -46,6 +43,9 @@ rec {
     root = webRoot;
     vhostConf = socket: ''
     Alias /kanboard "${root}"
+    <Location /kanboard>
+      Include ${config.secrets.fullPaths."webapps/tools-kanboard"}
+    </Location>
     <Directory "${root}">
       DirectoryIndex index.php
       AllowOverride All
@@ -63,7 +63,7 @@ rec {
   };
   phpFpm = rec {
     serviceDeps = [ "postgresql.service" "openldap.service" ];
-    basedir = builtins.concatStringsSep ":" [ webRoot varDir config.secrets.fullPaths."webapps/tools-kanboard" ];
+    basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
     pool = {
       "listen.owner" = apache.user;
       "listen.group" = apache.group;
@@ -74,7 +74,8 @@ rec {
       # Needed to avoid clashes in browser cookies (same domain)
       "php_value[session.name]" = "KanboardPHPSESSID";
       "php_admin_value[open_basedir]" = "${basedir}:/tmp";
-      "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
+      "php_admin_value[session.save_handler]" = "redis";
+      "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Kanboard:'";
     };
   };
 }