connexionswing_dev = mypkgs.connexionswing_dev.phpFpm.pool;
connexionswing_prod = mypkgs.connexionswing_prod.phpFpm.pool;
nextcloud = mypkgs.nextcloud.phpFpm.pool;
+ mantisbt = mypkgs.mantisbt.phpFpm.pool;
};
};
mypkgs.connexionswing_prod.apache.modules ++
mypkgs.ympd.apache.modules ++
mypkgs.git.web.apache.modules ++
+ mypkgs.mantisbt.apache.modules ++
pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules) apacheConfig) ++
[ "macro" ]);
extraConfig = builtins.concatStringsSep "\n"
documentRoot = mypkgs.git.web.webRoot;
extraConfig = builtins.concatStringsSep "\n" [
mypkgs.git.web.apache.vhostConf
+ mypkgs.mantisbt.apache.vhostConf
] + ''
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/releases
authentication = ''
local all postgres ident
local all all md5
+ host all all samehost md5
host all all 178.33.252.96/32 md5
host all all 188.165.209.148/32 md5
#host all all all pam
adminer = import ./packages/adminer.nix;
ympd = import ./packages/ympd.nix;
gitweb = import ./packages/gitweb.nix;
+ mantisbt = import ./packages/mantisbt.nix;
in
{
inherit adminer;
connexionswing_dev = connexionswing { environment = "dev"; };
connexionswing_prod = connexionswing { environment = "prod"; };
inherit nextcloud;
+ inherit mantisbt;
git = { web = gitweb; };
}
--- /dev/null
+--- a/bug_report.php 2018-02-10 21:29:27.000000000 +0100
++++ b/bug_report.php 2018-03-03 15:04:19.622499678 +0100
+@@ -149,6 +149,17 @@
+ access_ensure_project_level( config_get( 'update_bug_assign_threshold' ) );
+ }
+
++# begin captcha check for anon user
++if ( current_user_is_anonymous() && get_gd_version() > 0 ) {
++ $f_captcha = gpc_get_string( 'captcha', '' );
++ $f_captcha = utf8_strtolower( trim( $f_captcha ) );
++
++ $t_securimage = new Securimage();
++ if( $t_securimage->check( $f_captcha ) == false ) {
++ trigger_error( ERROR_SIGNUP_NOT_MATCHING_CAPTCHA, ERROR );
++ }
++}
++
+ # if a profile was selected then let's use that information
+ if( 0 != $t_bug_data->profile_id ) {
+ if( profile_is_global( $t_bug_data->profile_id ) ) {
--- /dev/null
+--- a/bug_report_page.php 2018-02-10 21:29:27.000000000 +0100
++++ b/bug_report_page.php 2018-03-03 15:04:19.622499678 +0100
+@@ -708,7 +708,50 @@
+ <span class="lbl padding-6"><?php echo lang_get( 'check_report_more_bugs' ) ?></span>
+ </label>
+ </td>
+ </tr>
++<?php
++ # captcha image requires GD library and related option to ON
++ if( current_user_is_anonymous() && get_gd_version() > 0 ) {
++ $t_securimage_path = 'vendor/dapphp/securimage';
++ $t_securimage_show = $t_securimage_path . '/securimage_show.php';
++ $t_securimage_play = $t_securimage_path . '/securimage_play.swf?'
++ . http_build_query( array(
++ 'audio_file' => $t_securimage_path . '/securimage_play.php',
++ 'bgColor1=' => '#fff',
++ 'bgColor2=' => '#fff',
++ 'iconColor=' => '#777',
++ 'borderWidth=' => 1,
++ 'borderColor=' => '#000',
++ ) );
++?>
++ <tr>
++ <th class="category">CAPTCHA</th>
++ <td>
++
++ <label for="captcha-field" class="block clearfix">
++ <strong><?php echo lang_get( 'signup_captcha_request_label' ); ?></strong>
++ </label>
++ <span id="captcha-input" class="input">
++ <?php print_captcha_input( 'captcha' ); ?>
++
++ <span id="captcha-image" class="captcha-image" style="padding-right:3px;">
++ <img src="<?php echo $t_securimage_show; ?>" alt="visual captcha" />
++ <ul id="captcha-refresh"><li><a href="#"><?php
++ echo lang_get( 'signup_captcha_refresh' );
++ ?></a></li></ul>
++ </span>
++
++ <object type="application/x-shockwave-flash" width="19" height="19"
++ data="<?php echo $t_securimage_play; ?>">
++ <param name="movie" value="<?php echo $t_securimage_play; ?>" />
++ </object>
++ </span>
++ </td>
++ </tr>
++<?php
++ }
++?>
++
+ </table>
+ </div>
+ </div>
--- /dev/null
+--- a/bugnote_add.php 2018-02-10 21:29:27.000000000 +0100
++++ b/bugnote_add.php 2018-03-03 15:13:12.439919511 +0100
+@@ -44,6 +44,17 @@
+
+ $t_query = array( 'issue_id' => $f_bug_id );
+
++# begin captcha check for anon user
++if ( current_user_is_anonymous() && get_gd_version() > 0 ) {
++ $f_captcha = gpc_get_string( 'captcha', '' );
++ $f_captcha = utf8_strtolower( trim( $f_captcha ) );
++
++ $t_securimage = new Securimage();
++ if( $t_securimage->check( $f_captcha ) == false ) {
++ trigger_error( ERROR_SIGNUP_NOT_MATCHING_CAPTCHA, ERROR );
++ }
++}
++
+ if( count( $f_files ) > 0 && is_blank( $f_text ) && helper_duration_to_minutes( $f_duration ) == 0 ) {
+ $t_payload = array(
+ 'files' => helper_array_transpose( $f_files )
--- /dev/null
+--- a/bugnote_add_inc.php 2018-02-10 21:29:27.000000000 +0100
++++ b/bugnote_add_inc.php 2018-03-03 15:14:27.332428557 +0100
+@@ -119,6 +119,49 @@
+ <textarea name="bugnote_text" id="bugnote_text" class="<?php echo $t_bugnote_class ?>" rows="7"></textarea>
+ </td>
+ </tr>
++<?php
++ # captcha image requires GD library and related option to ON
++ if( current_user_is_anonymous() && get_gd_version() > 0 ) {
++ $t_securimage_path = 'vendor/dapphp/securimage';
++ $t_securimage_show = $t_securimage_path . '/securimage_show.php';
++ $t_securimage_play = $t_securimage_path . '/securimage_play.swf?'
++ . http_build_query( array(
++ 'audio_file' => $t_securimage_path . '/securimage_play.php',
++ 'bgColor1=' => '#fff',
++ 'bgColor2=' => '#fff',
++ 'iconColor=' => '#777',
++ 'borderWidth=' => 1,
++ 'borderColor=' => '#000',
++ ) );
++?>
++ <tr>
++ <th class="category">CAPTCHA</th>
++ <td>
++
++ <label for="captcha-field" class="block clearfix">
++ <strong><?php echo lang_get( 'signup_captcha_request_label' ); ?></strong>
++ </label>
++ <span id="captcha-input" class="input">
++ <?php print_captcha_input( 'captcha' ); ?>
++
++ <span id="captcha-image" class="captcha-image" style="padding-right:3px;">
++ <img src="<?php echo $t_securimage_show; ?>" alt="visual captcha" />
++ <ul id="captcha-refresh"><li><a href="#"><?php
++ echo lang_get( 'signup_captcha_refresh' );
++ ?></a></li></ul>
++ </span>
++
++ <object type="application/x-shockwave-flash" width="19" height="19"
++ data="<?php echo $t_securimage_play; ?>">
++ <param name="movie" value="<?php echo $t_securimage_play; ?>" />
++ </object>
++ </span>
++ </td>
++ </tr>
++<?php
++ }
++?>
++
+
+ <?php
+ if( config_get( 'time_tracking_enabled' ) ) {
--- /dev/null
+{
+ "tag": "9286d2e-master",
+ "meta": {
+ "name": "mantisbt-plugin-slack",
+ "url": "https://github.com/mantisbt-plugins/Slack",
+ "branch": "master"
+ },
+ "github": {
+ "owner": "mantisbt-plugins",
+ "repo": "Slack",
+ "rev": "9286d2eeeb8a986ed949e378711fef5f0bf182dc",
+ "sha256": "0nn0v4jc967giilkzrppi5svd04m2hnals75xxp0iabcdjnih0mn",
+ "fetchSubmodules": true
+ }
+}
--- /dev/null
+{
+ "tag": "v2.1.5",
+ "meta": {
+ "name": "mantisbt-plugin-source-integration",
+ "url": "https://github.com/mantisbt-plugins/source-integration",
+ "branch": "refs/tags/v2.1.5"
+ },
+ "github": {
+ "owner": "mantisbt-plugins",
+ "repo": "source-integration",
+ "rev": "a48039a20abc50864e0e68c0c843b27058404386",
+ "sha256": "07g6q3hivmnd94r47pp0snk5bv4pa3piwclc9qhj612i4wnsazsk",
+ "fetchSubmodules": true
+ }
+}
--- /dev/null
+--- b/Source/Source.API.php 2017-09-18 00:50:32.000000000 +0200
++++ a/Source/Source.API.php 2018-03-04 19:00:25.578889039 +0100
+@@ -452,6 +452,9 @@
+ # Allow other plugins to post-process commit data
+ event_signal( 'EVENT_SOURCE_COMMITS', array( $p_changesets ) );
+ event_signal( 'EVENT_SOURCE_FIXED', array( $t_fixed_bugs ) );
++ foreach( $t_fixed_bugs as $t_bug_id => $t_changeset ) {
++ event_signal( 'EVENT_BUG_ACTION', array('RESOLVE', $t_bug_id) );
++ }
+ }
+
+ /**
--- /dev/null
+with import ../../libs.nix;
+with nixpkgs_unstable;
+let
+ # FIXME: check that source-integration and slack still work
+ mantisbt = let
+ plugins = {
+ slack = stdenv.mkDerivation (fetchedGithub ./mantisbt-plugin-slack.json // rec {
+ installPhase = ''
+ sed -i -e "s/return '@' . \\\$username;/return \\\$username;/" Slack.php
+ cp -a . $out
+ '';
+ });
+ source-integration = stdenv.mkDerivation (fetchedGithub ./mantisbt-plugin-source-integration.json // rec {
+ installPhase = ''
+ mkdir $out
+ patch -p1 < ${./mantisbt-plugin-source-integration_Source.API.php.diff}
+ cp -a Source* $out/
+ '';
+ });
+ };
+ in rec {
+ config =
+ assert checkEnv "NIXOPS_MANTISBT_DB_PASSWORD";
+ assert checkEnv "NIXOPS_MANTISBT_MASTER_SALT";
+ assert checkEnv "NIXOPS_MANTISBT_LDAP_PASSWORD";
+ pkgs.writeText "config_inc.php" ''
+ <?php
+ $g_hostname = 'db-1.immae.eu';
+ $g_db_username = 'mantisbt';
+ $g_db_password = '${builtins.getEnv "NIXOPS_MANTISBT_DB_PASSWORD"}';
+ $g_database_name = 'mantisbt';
+ $g_db_type = 'pgsql';
+ $g_crypto_master_salt = '${builtins.getEnv "NIXOPS_MANTISBT_MASTER_SALT"}';
+ $g_allow_signup = OFF;
+ $g_allow_anonymous_login = ON;
+ $g_anonymous_account = 'anonymous';
+
+ $g_phpMailer_method = PHPMAILER_METHOD_SMTP;
+ $g_smtp_host = 'mail.immae.eu';
+ $g_smtp_username = ''';
+ $g_smtp_password = ''';
+ $g_webmaster_email = 'webmaster@immae.eu';
+ $g_from_email = 'noreply@immae.eu';
+ $g_return_path_email = 'webmaster@immae.eu';
+ $g_from_name = 'Mantis Bug Tracker at immae.eu';
+ $g_email_receive_own = OFF;
+ # --- LDAP ---
+ $g_login_method = LDAP;
+ $g_ldap_protocol_version = 3;
+ $g_ldap_server = 'ldaps://ldap.immae.eu:636';
+ $g_ldap_root_dn = 'ou=users,dc=immae,dc=eu';
+ $g_ldap_bind_dn = 'cn=mantisbt,ou=services,dc=immae,dc=eu';
+ $g_ldap_bind_passwd = '${builtins.getEnv "NIXOPS_MANTISBT_LDAP_PASSWORD"}';
+ $g_use_ldap_email = ON;
+ $g_use_ldap_realname = ON;
+ $g_ldap_uid_field = 'uid';
+ $g_ldap_realname_field = 'cn';
+ $g_ldap_organization = '(memberOf=cn=users,cn=mantisbt,ou=services,dc=immae,dc=eu)';
+ '';
+ webRoot = stdenv.mkDerivation rec {
+ name = "mantisbt-${version}";
+ version = "2.11.1";
+ src = fetchurl {
+ url = "https://downloads.sourceforge.net/project/mantisbt/mantis-stable/${version}/${name}.tar.gz";
+ sha256 = "0jnrqz6r2hf53v0k1lh3il7hlfiphn61r9wgg6mzyywkjxwq07md";
+ };
+ patches = [
+ ./mantisbt-patches/bug_report.php.diff
+ ./mantisbt-patches/bug_report_page.php.diff
+ ./mantisbt-patches/bugnote_add.php.diff
+ ./mantisbt-patches/bugnote_add_inc.php.diff
+ ];
+ installPhase = ''
+ cp -a . $out
+ ln -s ${config} $out/config/config_inc.php
+ ln -s ${plugins.slack} $out/plugins/Slack
+ ln -s ${plugins.source-integration}/Source* $out/plugins/
+ '';
+ };
+ apache = {
+ user = "wwwrun";
+ group = "wwwrun";
+ modules = [ "proxy_fcgi" ];
+ vhostConf = ''
+ Alias /mantisbt "${webRoot}"
+ <Directory "${webRoot}">
+ DirectoryIndex index.php
+ <FilesMatch "\.php$">
+ SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+ </FilesMatch>
+
+ AllowOverride All
+ Options FollowSymlinks
+ Require all granted
+ </Directory>
+ <Directory "${webRoot}/admin">
+ #Reenable during upgrade
+ Require all denied
+ </Directory>
+ '';
+ };
+ phpFpm = rec {
+ basedir = builtins.concatStringsSep ":" (
+ [ webRoot config ]
+ ++ pkgs.lib.attrsets.mapAttrsToList (name: value: value) plugins);
+ socket = "/var/run/phpfpm/mantisbt.sock";
+ pool = ''
+ listen = ${socket}
+ user = ${apache.user}
+ group = ${apache.group}
+ listen.owner = ${apache.user}
+ listen.group = ${apache.group}
+ pm = ondemand
+ pm.max_children = 60
+ pm.process_idle_timeout = 60
+
+ php_admin_value[upload_max_filesize] = 5000000
+
+ php_admin_value[open_basedir] = "${basedir}:/tmp"
+ '';
+ };
+ };
+in
+ mantisbt