{ lib, php, env, writeText, stdenv, fetchedGit, fetchedGithub }:
let
ttrss = let
plugins = {
auth_ldap = stdenv.mkDerivation (fetchedGithub ./ttrss-auth-ldap.json // rec {
installPhase = ''
mkdir $out
cp plugins/auth_ldap/init.php $out
'';
});
af_feedmod = stdenv.mkDerivation (fetchedGithub ./ttrss-af_feedmod.json // rec {
patches = [ ./ttrss-af-feedmod_type_replace.patch ];
installPhase = ''
mkdir $out
cp init.php $out
'';
});
feediron = stdenv.mkDerivation (fetchedGithub ./ttrss-feediron.json // rec {
patches = [ ./ttrss-feediron_json_reformat.patch ];
installPhase = ''
mkdir $out
cp -a . $out
'';
});
ff_instagram = stdenv.mkDerivation (fetchedGithub ./ttrss-ff_instagram.json // rec {
installPhase = ''
mkdir $out
cp -a . $out
'';
});
tumblr_gdpr_ua = stdenv.mkDerivation (fetchedGithub ./ttrss-tumblr_gdpr_ua.json // rec {
installPhase = ''
mkdir $out
cp -a . $out
'';
});
};
in rec {
varDir = "/var/lib/ttrss";
activationScript = {
deps = [ "wrappers" ];
text = ''
install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
${varDir}/lock ${varDir}/cache ${varDir}/feed-icons
install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}/cache/export/ \
${varDir}/cache/feeds/ \
${varDir}/cache/images/ \
${varDir}/cache/js/ \
${varDir}/cache/simplepie/ \
${varDir}/cache/upload/
touch ${varDir}/feed-icons/index.html
install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
'';
};
keys = [{
dest = "webapps/tools-ttrss";
user = apache.user;
group = apache.group;
permissions = "0400";
text = ''
<?php
define('PHP_EXECUTABLE', '${php}/bin/php');
define('LOCK_DIRECTORY', 'lock');
define('CACHE_DIR', 'cache');
define('ICONS_DIR', 'feed-icons');
define('ICONS_URL', 'feed-icons');
define('SELF_URL_PATH', 'https://tools.immae.eu/ttrss/');
define('MYSQL_CHARSET', 'UTF8');
define('DB_TYPE', 'pgsql');
define('DB_HOST', '${env.postgresql.socket}');
define('DB_USER', '${env.postgresql.user}');
define('DB_NAME', '${env.postgresql.database}');
define('DB_PASS', '${env.postgresql.password}');
define('DB_PORT', '${env.postgresql.port}');
define('AUTH_AUTO_CREATE', true);
define('AUTH_AUTO_LOGIN', true);
define('SINGLE_USER_MODE', false);
define('SIMPLE_UPDATE_MODE', false);
define('CHECK_FOR_UPDATES', true);
define('FORCE_ARTICLE_PURGE', 0);
define('SESSION_COOKIE_LIFETIME', 60*60*24*120);
define('ENABLE_GZIP_OUTPUT', false);
define('PLUGINS', 'auth_ldap, note, instances');
define('LOG_DESTINATION', ''');
define('CONFIG_VERSION', 26);
define('SPHINX_SERVER', 'localhost:9312');
define('SPHINX_INDEX', 'ttrss, delta');
define('ENABLE_REGISTRATION', false);
define('REG_NOTIFY_ADDRESS', 'ttrss@tools.immae.eu');
define('REG_MAX_USERS', 10);
define('SMTP_FROM_NAME', 'Tiny Tiny RSS');
define('SMTP_FROM_ADDRESS', 'ttrss@tools.immae.eu');
define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');
define('LDAP_AUTH_SERVER_URI', 'ldap://ldap.immae.eu:389/');
define('LDAP_AUTH_USETLS', TRUE);
define('LDAP_AUTH_ALLOW_UNTRUSTED_CERT', TRUE);
define('LDAP_AUTH_BASEDN', 'dc=immae,dc=eu');
define('LDAP_AUTH_ANONYMOUSBEFOREBIND', FALSE);
define('LDAP_AUTH_SEARCHFILTER', '(&(memberOf=cn=users,cn=ttrss,ou=services,dc=immae,dc=eu)(|(cn=???)(uid=???)(&(uid:dn:=???)(ou=ttrss))))');
define('LDAP_AUTH_BINDDN', 'cn=ttrss,ou=services,dc=immae,dc=eu');
define('LDAP_AUTH_BINDPW', '${env.ldap.password}');
define('LDAP_AUTH_LOGIN_ATTRIB', 'immaeTtrssLogin');
define('LDAP_AUTH_LOG_ATTEMPTS', FALSE);
define('LDAP_AUTH_DEBUG', FALSE);
'';
}];
webRoot = stdenv.mkDerivation (fetchedGit ./tt-rss.json // rec {
buildPhase = ''
rm -rf lock feed-icons cache
ln -sf ${varDir}/{lock,feed-icons,cache} .
'';
installPhase = ''
cp -a . $out
ln -s /var/secrets/webapps/tools-ttrss $out/config.php
${builtins.concatStringsSep "\n" (
lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/plugins/${name}") plugins
)}
'';
});
apache = rec {
user = "wwwrun";
group = "wwwrun";
modules = [ "proxy_fcgi" ];
webappName = "tools_ttrss";
root = "/run/current-system/webapps/${webappName}";
vhostConf = ''
Alias /ttrss "${root}"
<Directory "${root}">
DirectoryIndex index.php
<FilesMatch "\.php$">
SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
</FilesMatch>
AllowOverride All
Options FollowSymlinks
Require all granted
</Directory>
'';
};
phpFpm = rec {
serviceDeps = [ "postgresql.service" "openldap.service" ];
basedir = builtins.concatStringsSep ":" (
[ webRoot "/var/secrets/webapps/tools-ttrss" varDir ]
++ lib.attrsets.mapAttrsToList (name: value: value) plugins);
socket = "/var/run/phpfpm/ttrss.sock";
pool = ''
listen = ${socket}
user = ${apache.user}
group = ${apache.group}
listen.owner = ${apache.user}
listen.group = ${apache.group}
pm = ondemand
pm.max_children = 60
pm.process_idle_timeout = 60
; Needed to avoid clashes in browser cookies (same domain)
php_value[session.name] = TtrssPHPSESSID
php_admin_value[open_basedir] = "${basedir}:/tmp"
php_admin_value[session.save_path] = "${varDir}/phpSessions"
'';
};
};
in
ttrss
