+{ lib, env, writeText, stdenv, fetchedGithub }:
+let
+ yourls = let
+ plugins = {
+ ldap = stdenv.mkDerivation (fetchedGithub ./yourls-ldap-plugin.json // rec {
+ installPhase = ''
+ mkdir -p $out
+ cp plugin.php $out/
+ '';
+ });
+ };
+ in rec {
+ activationScript = ''
+ install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/yourls
+ '';
+ config = writeText "config.php" ''
+ <?php
+ define( 'YOURLS_DB_USER', '${env.mysql.user}' );
+ define( 'YOURLS_DB_PASS', '${env.mysql.password}' );
+ define( 'YOURLS_DB_NAME', '${env.mysql.database}' );
+ define( 'YOURLS_DB_HOST', 'db-1.immae.eu' );
+ define( 'YOURLS_DB_PREFIX', 'yourls_' );
+ define( 'YOURLS_SITE', 'http://tools.immae.eu/url' );
+ define( 'YOURLS_HOURS_OFFSET', 0 );
+ define( 'YOURLS_LANG', ''' );
+ define( 'YOURLS_UNIQUE_URLS', true );
+ define( 'YOURLS_PRIVATE', true );
+ define( 'YOURLS_COOKIEKEY', '${env.cookieKey}' );
+ $yourls_user_passwords = array();
+ define( 'YOURLS_DEBUG', false );
+ define( 'YOURLS_URL_CONVERT', 36 );
+ $yourls_reserved_URL = array();
+ define( 'LDAPAUTH_HOST', 'ldaps://ldap.immae.eu' );
+ define( 'LDAPAUTH_PORT', '636' );
+ define( 'LDAPAUTH_BASE', 'dc=immae,dc=eu' );
+ define( 'LDAPAUTH_SEARCH_USER', 'cn=yourls,ou=services,dc=immae,dc=eu' );
+ define( 'LDAPAUTH_SEARCH_PASS', '${env.ldap.password}' );
+
+ define( 'LDAPAUTH_GROUP_ATTR', 'memberof' );
+ define( 'LDAPAUTH_GROUP_REQ', 'cn=admin,cn=yourls,ou=services,dc=immae,dc=eu');
+
+ define( 'LDAPAUTH_USERCACHE_TYPE', 0);
+ '';
+ webRoot = stdenv.mkDerivation (fetchedGithub ./yourls.json // rec {
+ installPhase = ''
+ mkdir -p $out
+ cp -a */ *.php $out/
+ cp sample-robots.txt $out/robots.txt
+ ln -sf ${config} $out/includes/config.php
+ ${builtins.concatStringsSep "\n" (
+ lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/user/plugins/${name}") plugins
+ )}
+ '';
+ });
+ apache = {
+ user = "wwwrun";
+ group = "wwwrun";
+ modules = [ "proxy_fcgi" ];
+ vhostConf = ''
+ Alias /url "${webRoot}"
+ <Directory "${webRoot}">
+ <FilesMatch "\.php$">
+ SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+ </FilesMatch>
+
+ AllowOverride None
+ Require all granted
+ <IfModule mod_rewrite.c>
+ RewriteEngine On
+ RewriteBase /url/
+ RewriteCond %{REQUEST_FILENAME} !-f
+ RewriteCond %{REQUEST_FILENAME} !-d
+ RewriteRule ^.*$ /url/yourls-loader.php [L]
+ </IfModule>
+ DirectoryIndex index.php
+ </Directory>
+ '';
+ };
+ phpFpm = rec {
+ basedir = builtins.concatStringsSep ":" (
+ [ webRoot config ]
+ ++ lib.attrsets.mapAttrsToList (name: value: value) plugins);
+ socket = "/var/run/phpfpm/yourls.sock";
+ pool = ''
+ listen = ${socket}
+ user = ${apache.user}
+ group = ${apache.group}
+ listen.owner = ${apache.user}
+ listen.group = ${apache.group}
+ pm = ondemand
+ pm.max_children = 60
+ pm.process_idle_timeout = 60
+
+ ; Needed to avoid clashes in browser cookies (same domain)
+ php_value[session.name] = YourlsPHPSESSID
+ php_admin_value[open_basedir] = "${basedir}:/tmp"
+ php_admin_value[session.save_path] = "/var/lib/php/sessions/yourls"
+ '';
+ };
+ };
+in
+ yourls