Upgrade nixos

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2020-03-25 11:57:48 +0100
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2020-04-03 16:25:07 +0200
commit: 5400b9b6f65451d41a9106fae6fc00f97d83f4ef (patch)
tree: 6ed072da7b1f17ac3994ffea052aa0c0822f8446 /modules/private/tasks/default.nix
parent: 441da8aac378f401625e82caf281fa0e26128310 (diff)
download: Nix-5400b9b6f65451d41a9106fae6fc00f97d83f4ef.tar.gz
Nix-5400b9b6f65451d41a9106fae6fc00f97d83f4ef.tar.zst
Nix-5400b9b6f65451d41a9106fae6fc00f97d83f4ef.zip
1 files changed, 22 insertions, 21 deletions
diff --git a/modules/private/tasks/default.nix b/modules/private/tasks/default.nix
index 78e07c1..42cc8d2 100644
--- a/modules/private/tasks/default.nix
+++ b/modules/private/tasks/default.nix
@@ -123,7 +123,7 @@ in {
          Use LDAPConnect
          Require ldap-group cn=users,cn=taskwarrior,ou=services,dc=immae,dc=eu
          <FilesMatch "\.php$">
-            SetHandler "proxy:unix:/var/run/phpfpm/task.sock|fcgi://localhost"
+            SetHandler "proxy:unix:${config.services.phpfpm.pools.tasks.socket}|fcgi://localhost"
          </FilesMatch>
          Include /var/secrets/webapps/tools-taskwarrior-web
        </Directory>
@@ -172,29 +172,30 @@ in {
    };
    services.phpfpm.pools = {
      tasks = {
-        listen = "/var/run/phpfpm/task.sock";
+        user = user;
-        extraConfig = ''
+        group = group;
-          user = ${user}
+        settings = {
-          group = ${group}
+          "listen.owner" = "wwwrun";
-          listen.owner = wwwrun
+          "listen.group" = "wwwrun";
-          listen.group = wwwrun
+          "pm" = "dynamic";
-          pm = dynamic
+          "pm.max_children" = "60";
-          pm.max_children = 60
+          "pm.start_servers" = "2";
-          pm.start_servers = 2
+          "pm.min_spare_servers" = "1";
-          pm.min_spare_servers = 1
+          "pm.max_spare_servers" = "10";
-          pm.max_spare_servers = 10
-          ; Needed to avoid clashes in browser cookies (same domain)
+          # Needed to avoid clashes in browser cookies (same domain)
-          env[PATH] = "/etc/profiles/per-user/${user}/bin"
+          "php_value[session.name]" = "TaskPHPSESSID";
-          php_value[session.name] = TaskPHPSESSID
+          "php_admin_value[open_basedir]" = "${./www}:/tmp:${server_vardir}:/etc/profiles/per-user/${user}/bin/";
-          php_admin_value[open_basedir] = "${./www}:/tmp:${server_vardir}:/etc/profiles/per-user/${user}/bin/"
+        };
-        '';
+        phpEnv = {
+          PATH = "/etc/profiles/per-user/${user}/bin";
+        };
      };
    };
    myServices.websites.webappDirs._task = ./www;
-    security.acme2.certs."task" = config.myServices.certificates.certConfig // {
+    security.acme.certs."task" = config.myServices.certificates.certConfig // {
      inherit user group;
      plugins = [ "fullchain.pem" "key.pem" "cert.pem" "account_key.json" "account_reg.json" ];
      domain = fqdn;
@@ -246,9 +247,9 @@ in {
      inherit fqdn;
      listenHost = "::";
      pki.manual.ca.cert = "${server_vardir}/keys/ca.cert";
-      pki.manual.server.cert = "${config.security.acme2.certs.task.directory}/fullchain.pem";
+      pki.manual.server.cert = "${config.security.acme.certs.task.directory}/fullchain.pem";
-      pki.manual.server.crl = "${config.security.acme2.certs.task.directory}/invalid.crl";
+      pki.manual.server.crl = "${config.security.acme.certs.task.directory}/invalid.crl";
-      pki.manual.server.key = "${config.security.acme2.certs.task.directory}/key.pem";
+      pki.manual.server.key = "${config.security.acme.certs.task.directory}/key.pem";
      requestLimit = 104857600;
    };
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2020-03-25 11:57:48 +0100
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2020-04-03 16:25:07 +0200
commit	5400b9b6f65451d41a9106fae6fc00f97d83f4ef (patch)
tree	6ed072da7b1f17ac3994ffea052aa0c0822f8446 /modules/private/tasks/default.nix
parent	441da8aac378f401625e82caf281fa0e26128310 (diff)
download	Nix-5400b9b6f65451d41a9106fae6fc00f97d83f4ef.tar.gz Nix-5400b9b6f65451d41a9106fae6fc00f97d83f4ef.tar.zst Nix-5400b9b6f65451d41a9106fae6fc00f97d83f4ef.zip

diff --git a/modules/private/tasks/default.nix b/modules/private/tasks/default.nix index 78e07c1..42cc8d2 100644 --- a/modules/private/tasks/default.nix +++ b/modules/private/tasks/default.nix
@@ -123,7 +123,7 @@ in {
123	Use LDAPConnect	123	Use LDAPConnect
124	Require ldap-group cn=users,cn=taskwarrior,ou=services,dc=immae,dc=eu	124	Require ldap-group cn=users,cn=taskwarrior,ou=services,dc=immae,dc=eu
125	<FilesMatch "\.php$">	125	<FilesMatch "\.php$">
126	SetHandler "proxy:unix:/var/run/phpfpm/task.sock\|fcgi://localhost"	126	SetHandler "proxy:unix:${config.services.phpfpm.pools.tasks.socket}\|fcgi://localhost"
127	</FilesMatch>	127	</FilesMatch>
128	Include /var/secrets/webapps/tools-taskwarrior-web	128	Include /var/secrets/webapps/tools-taskwarrior-web
129	</Directory>	129	</Directory>
@@ -172,29 +172,30 @@ in {
172	};	172	};
173	services.phpfpm.pools = {	173	services.phpfpm.pools = {
174	tasks = {	174	tasks = {
175	listen = "/var/run/phpfpm/task.sock";	175	user = user;
176	extraConfig = ''	176	group = group;
177	user = ${user}	177	settings = {
178	group = ${group}	178	"listen.owner" = "wwwrun";
179	listen.owner = wwwrun	179	"listen.group" = "wwwrun";
180	listen.group = wwwrun	180	"pm" = "dynamic";
181	pm = dynamic	181	"pm.max_children" = "60";
182	pm.max_children = 60	182	"pm.start_servers" = "2";
183	pm.start_servers = 2	183	"pm.min_spare_servers" = "1";
184	pm.min_spare_servers = 1	184	"pm.max_spare_servers" = "10";
185	pm.max_spare_servers = 10
186		185
187	; Needed to avoid clashes in browser cookies (same domain)	186	# Needed to avoid clashes in browser cookies (same domain)
188	env[PATH] = "/etc/profiles/per-user/${user}/bin"	187	"php_value[session.name]" = "TaskPHPSESSID";
189	php_value[session.name] = TaskPHPSESSID	188	"php_admin_value[open_basedir]" = "${./www}:/tmp:${server_vardir}:/etc/profiles/per-user/${user}/bin/";
190	php_admin_value[open_basedir] = "${./www}:/tmp:${server_vardir}:/etc/profiles/per-user/${user}/bin/"	189	};
191	'';	190	phpEnv = {
		191	PATH = "/etc/profiles/per-user/${user}/bin";
		192	};
192	};	193	};
193	};	194	};
194		195
195	myServices.websites.webappDirs._task = ./www;	196	myServices.websites.webappDirs._task = ./www;
196		197
197	security.acme2.certs."task" = config.myServices.certificates.certConfig // {	198	security.acme.certs."task" = config.myServices.certificates.certConfig // {
198	inherit user group;	199	inherit user group;
199	plugins = [ "fullchain.pem" "key.pem" "cert.pem" "account_key.json" "account_reg.json" ];	200	plugins = [ "fullchain.pem" "key.pem" "cert.pem" "account_key.json" "account_reg.json" ];
200	domain = fqdn;	201	domain = fqdn;
@@ -246,9 +247,9 @@ in {
246	inherit fqdn;	247	inherit fqdn;
247	listenHost = "::";	248	listenHost = "::";
248	pki.manual.ca.cert = "${server_vardir}/keys/ca.cert";	249	pki.manual.ca.cert = "${server_vardir}/keys/ca.cert";
249	pki.manual.server.cert = "${config.security.acme2.certs.task.directory}/fullchain.pem";	250	pki.manual.server.cert = "${config.security.acme.certs.task.directory}/fullchain.pem";
250	pki.manual.server.crl = "${config.security.acme2.certs.task.directory}/invalid.crl";	251	pki.manual.server.crl = "${config.security.acme.certs.task.directory}/invalid.crl";
251	pki.manual.server.key = "${config.security.acme2.certs.task.directory}/key.pem";	252	pki.manual.server.key = "${config.security.acme.certs.task.directory}/key.pem";
252	requestLimit = 104857600;	253	requestLimit = 104857600;
253	};	254	};
254		255