{ lib, php, checkEnv, writeText, stdenv, fetchedGit, fetchedGithub }:
let
ttrss = let
plugins = {
auth_ldap = stdenv.mkDerivation (fetchedGithub ./ttrss-auth-ldap.json // rec {
installPhase = ''
mkdir $out
cp plugins/auth_ldap/init.php $out
'';
});
af_feedmod = stdenv.mkDerivation (fetchedGithub ./ttrss-af_feedmod.json // rec {
patches = [ ./ttrss-af-feedmod_type_replace.patch ];
installPhase = ''
mkdir $out
cp init.php $out
'';
});
feediron = stdenv.mkDerivation (fetchedGithub ./ttrss-feediron.json // rec {
patches = [ ./ttrss-feediron_json_reformat.patch ];
installPhase = ''
mkdir $out
cp -a . $out
'';
});
ff_instagram = stdenv.mkDerivation (fetchedGithub ./ttrss-ff_instagram.json // rec {
installPhase = ''
mkdir $out
cp -a . $out
'';
});
tumblr_gdpr_ua = stdenv.mkDerivation (fetchedGithub ./ttrss-tumblr_gdpr_ua.json // rec {
installPhase = ''
mkdir $out
cp -a . $out
'';
});
};
in rec {
varDir = "/var/lib/ttrss";
# FIXME: initial sync
activationScript = {
deps = [ "wrappers" ];
text = ''
install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
${varDir}/lock ${varDir}/cache ${varDir}/feed-icons
install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}/cache/export/ \
${varDir}/cache/feeds/ \
${varDir}/cache/images/ \
${varDir}/cache/js/ \
${varDir}/cache/simplepie/ \
${varDir}/cache/upload/
touch ${varDir}/feed-icons/index.html
install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
'';
};
config =
# FIXME: LOG_DESTINATION syslog?
assert checkEnv "NIXOPS_TTRSS_DB_PASSWORD";
assert checkEnv "NIXOPS_TTRSS_LDAP_PASSWORD";
writeText "config.php" ''
<?php
define('PHP_EXECUTABLE', '${php}/bin/php');
define('LOCK_DIRECTORY', 'lock');
define('CACHE_DIR', 'cache');
define('ICONS_DIR', 'feed-icons');
define('ICONS_URL', 'feed-icons');
define('SELF_URL_PATH', 'https://tools.immae.eu/ttrss/');
define('MYSQL_CHARSET', 'UTF8');
define('DB_TYPE', 'pgsql');
define('DB_HOST', 'db-1.immae.eu');
define('DB_USER', 'ttrss');
define('DB_NAME', 'ttrss');
define('DB_PASS', '${builtins.getEnv "NIXOPS_TTRSS_DB_PASSWORD"}');
define('DB_PORT', '5432');
define('AUTH_AUTO_CREATE', true);
define('AUTH_AUTO_LOGIN', true);
define('SINGLE_USER_MODE', false);
define('SIMPLE_UPDATE_MODE', false);
define('CHECK_FOR_UPDATES', true);
define('FORCE_ARTICLE_PURGE', 0);
define('SESSION_COOKIE_LIFETIME', 60*60*24*120);
define('ENABLE_GZIP_OUTPUT', false);
define('PLUGINS', 'auth_ldap, note, instances');
define('LOG_DESTINATION', ''');
define('CONFIG_VERSION', 26);
define('SPHINX_SERVER', 'localhost:9312');
define('SPHINX_INDEX', 'ttrss, delta');
define('ENABLE_REGISTRATION', false);
define('REG_NOTIFY_ADDRESS', 'outils@immae.eu');
define('REG_MAX_USERS', 10);
define('SMTP_SERVER', 'mail.immae.eu:25');
define('SMTP_LOGIN', ''');
define('SMTP_PASSWORD', ''');
define('SMTP_SECURE', 'tls');
define('SMTP_FROM_NAME', 'Tiny Tiny RSS');
define('SMTP_FROM_ADDRESS', 'outils@immae.eu');
define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');
define('LDAP_AUTH_SERVER_URI', 'ldap://ldap.immae.eu:389/');
define('LDAP_AUTH_USETLS', TRUE);
define('LDAP_AUTH_ALLOW_UNTRUSTED_CERT', TRUE);
define('LDAP_AUTH_BASEDN', 'dc=immae,dc=eu');
define('LDAP_AUTH_ANONYMOUSBEFOREBIND', FALSE);
define('LDAP_AUTH_SEARCHFILTER', '(&(memberOf=cn=users,cn=ttrss,ou=services,dc=immae,dc=eu)(|(cn=???)(uid=???)(&(uid:dn:=???)(ou=ttrss))))');
define('LDAP_AUTH_BINDDN', 'cn=ttrss,ou=services,dc=immae,dc=eu');
define('LDAP_AUTH_BINDPW', '${builtins.getEnv "NIXOPS_TTRSS_LDAP_PASSWORD"}');
define('LDAP_AUTH_LOGIN_ATTRIB', 'immaeTtrssLogin');
define('LDAP_AUTH_LOG_ATTEMPTS', FALSE);
define('LDAP_AUTH_DEBUG', FALSE);
'';
webRoot = stdenv.mkDerivation (fetchedGit ./tt-rss.json // rec {
buildPhase = ''
rm -rf lock feed-icons cache
ln -sf ../../../../../${varDir}/{lock,feed-icons,cache} .
'';
installPhase = ''
cp -a . $out
ln -s ${config} $out/config.php
${builtins.concatStringsSep "\n" (
lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/plugins/${name}") plugins
)}
'';
});
apache = {
user = "wwwrun";
group = "wwwrun";
modules = [ "proxy_fcgi" ];
vhostConf = ''
Alias /ttrss "${webRoot}"
<Directory "${webRoot}">
DirectoryIndex index.php
<FilesMatch "\.php$">
SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
</FilesMatch>
AllowOverride All
Options FollowSymlinks
Require all granted
</Directory>
'';
};
phpFpm = rec {
basedir = builtins.concatStringsSep ":" (
[ webRoot config varDir ]
++ lib.attrsets.mapAttrsToList (name: value: value) plugins);
socket = "/var/run/phpfpm/ttrss.sock";
pool = ''
listen = ${socket}
user = ${apache.user}
group = ${apache.group}
listen.owner = ${apache.user}
listen.group = ${apache.group}
pm = ondemand
pm.max_children = 60
pm.process_idle_timeout = 60
; Needed to avoid clashes in browser cookies (same domain)
php_value[session.name] = TtrssPHPSESSID
php_admin_value[open_basedir] = "${basedir}:/tmp"
php_admin_value[session.save_path] = "${varDir}/phpSessions"
'';
};
};
in
ttrss
