with import ../libs.nix;
let
mypkgs = pkgs.callPackage ./packages.nix {
- inherit checkEnv fetchedGitPrivate fetchedGithub;
+ inherit checkEnv fetchedGit fetchedGitPrivate fetchedGithub;
};
in
{
aten_prod = mypkgs.aten_prod.phpFpm.pool;
nextcloud = mypkgs.nextcloud.phpFpm.pool;
mantisbt = mypkgs.mantisbt.phpFpm.pool;
+ ttrss = mypkgs.ttrss.phpFpm.pool;
};
};
aten_dev = mypkgs.aten_dev.activationScript;
aten_prod = mypkgs.aten_prod.activationScript;
nextcloud = mypkgs.nextcloud.activationScript;
+ ttrss = mypkgs.ttrss.activationScript;
httpd = ''
install -d -m 0755 /var/lib/acme/acme-challenge
install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions
install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/adminer
install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/mantisbt
+ install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/ttrss
'';
redis = ''
mkdir -p /run/redis
mypkgs.ympd.apache.modules ++
mypkgs.git.web.apache.modules ++
mypkgs.mantisbt.apache.modules ++
+ mypkgs.ttrss.apache.modules ++
pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules) apacheConfig) ++
[ "macro" ]);
extraConfig = builtins.concatStringsSep "\n"
extraConfig = builtins.concatStringsSep "\n" [
mypkgs.adminer.apache.vhostConf
mypkgs.ympd.apache.vhostConf
+ mypkgs.ttrss.apache.vhostConf
];
})
(withConf "eldiron" // {
"5 0 * * * root ${stats "osteopathe-cc.fr" ./packages/chloe_goaccess.conf}"
];
};
+
+ systemd.services.tt-rss = {
+ description = "Tiny Tiny RSS feeds update daemon";
+ serviceConfig = {
+ User = "wwwrun";
+ ExecStart = "${pkgs.php}/bin/php ${mypkgs.ttrss.webRoot}/update.php --daemon";
+ StandardOutput = "syslog";
+ StandardError = "syslog";
+ PermissionsStartOnly = true;
+ };
+
+ wantedBy = [ "multi-user.target" ];
+ requires = ["postgresql.service"];
+ after = ["network.target" "postgresql.service"];
+ };
};
}
--- /dev/null
+{ lib, php, checkEnv, writeText, stdenv, fetchedGit, fetchedGithub }:
+let
+ ttrss = let
+ plugins = {
+ auth_ldap = stdenv.mkDerivation (fetchedGithub ./ttrss-auth-ldap.json // rec {
+ installPhase = ''
+ mkdir $out
+ cp plugins/auth_ldap/init.php $out
+ '';
+ });
+ af_feedmod = stdenv.mkDerivation (fetchedGithub ./ttrss-af_feedmod.json // rec {
+ patches = [ ./ttrss-af-feedmod_type_replace.patch ];
+ installPhase = ''
+ mkdir $out
+ cp init.php $out
+ '';
+ });
+ feediron = stdenv.mkDerivation (fetchedGithub ./ttrss-feediron.json // rec {
+ patches = [ ./ttrss-feediron_json_reformat.patch ];
+ installPhase = ''
+ mkdir $out
+ cp -a . $out
+ '';
+ });
+ ff_instagram = stdenv.mkDerivation (fetchedGithub ./ttrss-ff_instagram.json // rec {
+ installPhase = ''
+ mkdir $out
+ cp -a . $out
+ '';
+ });
+ tumblr_gdpr_ua = stdenv.mkDerivation (fetchedGithub ./ttrss-tumblr_gdpr_ua.json // rec {
+ installPhase = ''
+ mkdir $out
+ cp -a . $out
+ '';
+ });
+ };
+ in rec {
+ varDir = "/var/lib/ttrss";
+ # FIXME: initial sync
+ activationScript = {
+ deps = [ "wrappers" ];
+ text = ''
+ install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
+ ${varDir}/lock ${varDir}/cache ${varDir}/feed-icons
+ install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}/cache/export/ \
+ ${varDir}/cache/feeds/ \
+ ${varDir}/cache/images/ \
+ ${varDir}/cache/js/ \
+ ${varDir}/cache/simplepie/ \
+ ${varDir}/cache/upload/
+ touch ${varDir}/feed-icons/index.html
+ install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
+ '';
+ };
+ config =
+ # FIXME: LOG_DESTINATION syslog?
+ assert checkEnv "NIXOPS_TTRSS_DB_PASSWORD";
+ assert checkEnv "NIXOPS_TTRSS_LDAP_PASSWORD";
+ writeText "config.php" ''
+ <?php
+
+ define('PHP_EXECUTABLE', '${php}/bin/php');
+
+ define('LOCK_DIRECTORY', 'lock');
+ define('CACHE_DIR', 'cache');
+ define('ICONS_DIR', 'feed-icons');
+ define('ICONS_URL', 'feed-icons');
+ define('SELF_URL_PATH', 'https://tools.immae.eu/ttrss/');
+
+ define('MYSQL_CHARSET', 'UTF8');
+
+ define('DB_TYPE', 'pgsql');
+ define('DB_HOST', 'db-1.immae.eu');
+ define('DB_USER', 'ttrss');
+ define('DB_NAME', 'ttrss');
+ define('DB_PASS', '${builtins.getEnv "NIXOPS_TTRSS_DB_PASSWORD"}');
+ define('DB_PORT', '5432');
+
+ define('AUTH_AUTO_CREATE', true);
+ define('AUTH_AUTO_LOGIN', true);
+
+ define('SINGLE_USER_MODE', false);
+
+ define('SIMPLE_UPDATE_MODE', false);
+ define('CHECK_FOR_UPDATES', true);
+
+ define('FORCE_ARTICLE_PURGE', 0);
+ define('SESSION_COOKIE_LIFETIME', 60*60*24*120);
+ define('ENABLE_GZIP_OUTPUT', false);
+
+ define('PLUGINS', 'auth_ldap, note, instances');
+
+ define('LOG_DESTINATION', ''');
+ define('CONFIG_VERSION', 26);
+
+
+ define('SPHINX_SERVER', 'localhost:9312');
+ define('SPHINX_INDEX', 'ttrss, delta');
+
+ define('ENABLE_REGISTRATION', false);
+ define('REG_NOTIFY_ADDRESS', 'outils@immae.eu');
+ define('REG_MAX_USERS', 10);
+
+ define('SMTP_SERVER', 'mail.immae.eu:25');
+ define('SMTP_LOGIN', ''');
+ define('SMTP_PASSWORD', ''');
+ define('SMTP_SECURE', 'tls');
+
+ define('SMTP_FROM_NAME', 'Tiny Tiny RSS');
+ define('SMTP_FROM_ADDRESS', 'outils@immae.eu');
+ define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');
+
+ define('LDAP_AUTH_SERVER_URI', 'ldap://ldap.immae.eu:389/');
+ define('LDAP_AUTH_USETLS', TRUE);
+ define('LDAP_AUTH_ALLOW_UNTRUSTED_CERT', TRUE);
+ define('LDAP_AUTH_BASEDN', 'dc=immae,dc=eu');
+ define('LDAP_AUTH_ANONYMOUSBEFOREBIND', FALSE);
+ define('LDAP_AUTH_SEARCHFILTER', '(&(memberOf=cn=users,cn=ttrss,ou=services,dc=immae,dc=eu)(|(cn=???)(uid=???)(&(uid:dn:=???)(ou=ttrss))))');
+
+ define('LDAP_AUTH_BINDDN', 'cn=ttrss,ou=services,dc=immae,dc=eu');
+ define('LDAP_AUTH_BINDPW', '${builtins.getEnv "NIXOPS_TTRSS_LDAP_PASSWORD"}');
+ define('LDAP_AUTH_LOGIN_ATTRIB', 'immaeTtrssLogin');
+
+ define('LDAP_AUTH_LOG_ATTEMPTS', FALSE);
+ define('LDAP_AUTH_DEBUG', FALSE);
+ '';
+ webRoot = stdenv.mkDerivation (fetchedGit ./tt-rss.json // rec {
+ buildPhase = ''
+ rm -rf lock feed-icons cache
+ ln -sf ../../../../../${varDir}/{lock,feed-icons,cache} .
+ '';
+ installPhase = ''
+ cp -a . $out
+ ln -s ${config} $out/config.php
+ ${builtins.concatStringsSep "\n" (
+ lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/plugins/${name}") plugins
+ )}
+ '';
+ });
+ apache = {
+ user = "wwwrun";
+ group = "wwwrun";
+ modules = [ "proxy_fcgi" ];
+ vhostConf = ''
+ Alias /ttrss "${webRoot}"
+ <Directory "${webRoot}">
+ DirectoryIndex index.php
+ <FilesMatch "\.php$">
+ SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+ </FilesMatch>
+
+ AllowOverride All
+ Options FollowSymlinks
+ Require all granted
+ </Directory>
+ '';
+ };
+ phpFpm = rec {
+ basedir = builtins.concatStringsSep ":" (
+ [ webRoot config varDir ]
+ ++ lib.attrsets.mapAttrsToList (name: value: value) plugins);
+ socket = "/var/run/phpfpm/ttrss.sock";
+ pool = ''
+ listen = ${socket}
+ user = ${apache.user}
+ group = ${apache.group}
+ listen.owner = ${apache.user}
+ listen.group = ${apache.group}
+ pm = ondemand
+ pm.max_children = 60
+ pm.process_idle_timeout = 60
+
+ ; Needed to avoid clashes in browser cookies (same domain)
+ php_value[session.name] = TtrssPHPSESSID
+ php_admin_value[open_basedir] = "${basedir}:/tmp"
+ php_admin_value[session.save_path] = "${varDir}/phpSessions"
+ '';
+ };
+ };
+in
+ ttrss
projects / perso / Immae / Config / Nix.git / commitdiff
