From 46f30ecca2e18c5abc7b270656e2b24f40e029ea Mon Sep 17 00:00:00 2001
From: =?utf8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Sun, 7 Apr 2019 20:55:15 +0200
Subject: [PATCH] Add rainloop in devtools

Related issue: https://git.immae.eu/mantisbt/view.php?id=126
---
 .../modules/websites/tools/tools/default.nix  | 17 +++++
 .../modules/websites/tools/tools/rainloop.nix | 62 +++++++++++++++++++
 2 files changed, 79 insertions(+)
 create mode 100644 nixops/modules/websites/tools/tools/rainloop.nix

diff --git a/nixops/modules/websites/tools/tools/default.nix b/nixops/modules/websites/tools/tools/default.nix
index 076d465..b1fd8f2 100644
--- a/nixops/modules/websites/tools/tools/default.nix
+++ b/nixops/modules/websites/tools/tools/default.nix
@@ -9,6 +9,7 @@ let
       env = myconfig.env.tools.ttrss;
     };
     roundcubemail = pkgs.callPackage ./roundcubemail.nix { env = myconfig.env.tools.roundcubemail; };
+    rainloop = pkgs.callPackage ./rainloop.nix  {};
     kanboard = pkgs.callPackage ./kanboard.nix  {
       inherit (mylibs) fetchedGithub;
       env = myconfig.env.tools.kanboard;
@@ -40,6 +41,10 @@ in {
 
   config = lib.mkIf cfg.enable {
     security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
+    security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null;
+
+    services.myWebsites.integration.modules =
+      rainloop.apache.modules;
 
     services.myWebsites.tools.modules =
       [ "proxy_fcgi" ]
@@ -57,6 +62,15 @@ in {
 
     services.ympd = ympd.config // { enable = true; };
 
+    services.myWebsites.integration.vhostConfs.devtools = {
+      certName    = "eldiron";
+      hosts       = ["devtools.immae.eu" ];
+      root        = null;
+      extraConfig = [
+        rainloop.apache.vhostConf
+      ];
+    };
+
     services.myWebsites.tools.vhostConfs.tools = {
       certName    = "eldiron";
       hosts       = ["tools.immae.eu" ];
@@ -122,6 +136,7 @@ in {
       shaarli = shaarli.phpFpm.pool;
       dokuwiki = dokuwiki.phpFpm.pool;
       ldap = ldap.phpFpm.pool;
+      rainloop = rainloop.phpFpm.pool;
       kanboard = kanboard.phpFpm.pool;
       tools = ''
         listen = /var/run/phpfpm/tools.sock
@@ -149,6 +164,7 @@ in {
       rompr = rompr.activationScript;
       shaarli = shaarli.activationScript;
       dokuwiki = dokuwiki.activationScript;
+      rainloop = rainloop.activationScript;
       kanboard = kanboard.activationScript;
     };
 
@@ -162,6 +178,7 @@ in {
       ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName}
       ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName}
       ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName}
+      ln -s ${rainloop.webRoot} $out/webapps/${rainloop.apache.webappName}
       ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName}
       '';
 
diff --git a/nixops/modules/websites/tools/tools/rainloop.nix b/nixops/modules/websites/tools/tools/rainloop.nix
new file mode 100644
index 0000000..7aaa4eb
--- /dev/null
+++ b/nixops/modules/websites/tools/tools/rainloop.nix
@@ -0,0 +1,62 @@
+{ lib, pkgs, writeText, stdenv, fetchurl }:
+rec {
+  varDir = "/var/lib/rainloop";
+  activationScript = {
+    deps = [ "wrappers" ];
+    text = ''
+      install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}
+      install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
+      install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/data
+    '';
+  };
+  webRoot = pkgs.rainloop-community.overrideAttrs(old: {
+    installPhase = old.installPhase + ''
+      ln -sf ${varDir}/data $out/data
+      '';
+  });
+  apache = rec {
+    user = "wwwrun";
+    group = "wwwrun";
+    modules = [ "proxy_fcgi" ];
+    webappName = "tools_rainloop";
+    root = "/run/current-system/webapps/${webappName}";
+    vhostConf = ''
+    Alias /rainloop "${root}"
+    <Directory "${root}">
+      DirectoryIndex index.php
+      AllowOverride All
+      Options -FollowSymlinks
+      Require all granted
+
+      <FilesMatch "\.php$">
+        SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+      </FilesMatch>
+    </Directory>
+
+    <DirectoryMatch "${root}/data">
+      Require all denied
+    </DirectoryMatch>
+    '';
+  };
+  phpFpm = rec {
+    basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
+    socket = "/var/run/phpfpm/rainloop.sock";
+    pool = ''
+      listen = ${socket}
+      user = ${apache.user}
+      group = ${apache.group}
+      listen.owner = ${apache.user}
+      listen.group = ${apache.group}
+      pm = ondemand
+      pm.max_children = 60
+      pm.process_idle_timeout = 60
+
+      ; Needed to avoid clashes in browser cookies (same domain)
+      php_value[session.name] = RainloopPHPSESSID
+      php_admin_value[upload_max_filesize] = 200M
+      php_admin_value[post_max_size] = 200M
+      php_admin_value[open_basedir] = "${basedir}:/tmp"
+      php_admin_value[session.save_path] = "${varDir}/phpSessions"
+      '';
+  };
+}
-- 
2.41.0