aboutsummaryrefslogtreecommitdiff
path: root/modules/private/websites
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2020-03-25 11:57:48 +0100
committerIsmaël Bouya <ismael.bouya@normalesup.org>2020-04-03 16:25:07 +0200
commit5400b9b6f65451d41a9106fae6fc00f97d83f4ef (patch)
tree6ed072da7b1f17ac3994ffea052aa0c0822f8446 /modules/private/websites
parent441da8aac378f401625e82caf281fa0e26128310 (diff)
downloadNix-5400b9b6f65451d41a9106fae6fc00f97d83f4ef.tar.gz
Nix-5400b9b6f65451d41a9106fae6fc00f97d83f4ef.tar.zst
Nix-5400b9b6f65451d41a9106fae6fc00f97d83f4ef.zip
Upgrade nixos
Diffstat (limited to 'modules/private/websites')
-rw-r--r--modules/private/websites/chloe/builder.nix45
-rw-r--r--modules/private/websites/chloe/integration.nix9
-rw-r--r--modules/private/websites/chloe/production.nix7
-rw-r--r--modules/private/websites/commons/adminer.nix27
-rw-r--r--modules/private/websites/connexionswing/integration.nix20
-rw-r--r--modules/private/websites/connexionswing/production.nix20
-rw-r--r--modules/private/websites/default.nix10
-rw-r--r--modules/private/websites/emilia/richie.nix31
-rw-r--r--modules/private/websites/evariste/production.nix50
-rw-r--r--modules/private/websites/florian/app.nix24
-rw-r--r--modules/private/websites/florian/integration.nix6
-rw-r--r--modules/private/websites/florian/production.nix6
-rw-r--r--modules/private/websites/isabelle/aten_integration.nix20
-rw-r--r--modules/private/websites/isabelle/aten_production.nix20
-rw-r--r--modules/private/websites/isabelle/iridologie.nix7
-rw-r--r--modules/private/websites/isabelle/spip_builder.nix45
-rw-r--r--modules/private/websites/leila/production.nix27
-rw-r--r--modules/private/websites/ludivinecassal/integration.nix20
-rw-r--r--modules/private/websites/ludivinecassal/production.nix20
-rw-r--r--modules/private/websites/nassime/production.nix2
-rw-r--r--modules/private/websites/naturaloutil/production.nix35
-rw-r--r--modules/private/websites/papa/maison_bbc.nix29
-rw-r--r--modules/private/websites/papa/surveillance.nix2
-rw-r--r--modules/private/websites/piedsjaloux/integration.nix22
-rw-r--r--modules/private/websites/piedsjaloux/production.nix24
-rw-r--r--modules/private/websites/teliotortay/production.nix31
-rw-r--r--modules/private/websites/tools/cloud/default.nix52
-rw-r--r--modules/private/websites/tools/dav/davical.nix45
-rw-r--r--modules/private/websites/tools/dav/default.nix7
-rw-r--r--modules/private/websites/tools/db/default.nix4
-rw-r--r--modules/private/websites/tools/git/default.nix7
-rw-r--r--modules/private/websites/tools/git/mantisbt.nix27
-rw-r--r--modules/private/websites/tools/mail/default.nix15
-rw-r--r--modules/private/websites/tools/mail/rainloop.nix33
-rw-r--r--modules/private/websites/tools/mail/roundcubemail.nix33
-rw-r--r--modules/private/websites/tools/tools/adminer.nix49
-rw-r--r--modules/private/websites/tools/tools/default.nix129
-rw-r--r--modules/private/websites/tools/tools/dokuwiki.nix29
-rw-r--r--modules/private/websites/tools/tools/grocy.nix29
-rw-r--r--modules/private/websites/tools/tools/kanboard.nix29
-rw-r--r--modules/private/websites/tools/tools/ldap.nix29
-rw-r--r--modules/private/websites/tools/tools/rompr.nix47
-rw-r--r--modules/private/websites/tools/tools/shaarli.nix29
-rw-r--r--modules/private/websites/tools/tools/ttrss.nix31
-rw-r--r--modules/private/websites/tools/tools/wallabag.nix33
-rw-r--r--modules/private/websites/tools/tools/yourls.nix29
46 files changed, 607 insertions, 638 deletions
diff --git a/modules/private/websites/chloe/builder.nix b/modules/private/websites/chloe/builder.nix
index f21caeb..bce2b4d 100644
--- a/modules/private/websites/chloe/builder.nix
+++ b/modules/private/websites/chloe/builder.nix
@@ -3,28 +3,25 @@ rec {
3 app = chloe.override { inherit (config) environment; }; 3 app = chloe.override { inherit (config) environment; };
4 phpFpm = rec { 4 phpFpm = rec {
5 serviceDeps = [ "mysql.service" ]; 5 serviceDeps = [ "mysql.service" ];
6 socket = "/var/run/phpfpm/chloe-${app.environment}.sock"; 6 pool = {
7 pool = '' 7 "listen.owner" = apacheUser;
8 user = ${apacheUser} 8 "listen.group" = apacheGroup;
9 group = ${apacheGroup} 9 "php_admin_value[upload_max_filesize]" = "20M";
10 listen.owner = ${apacheUser} 10 "php_admin_value[post_max_size]" = "20M";
11 listen.group = ${apacheGroup} 11 # "php_admin_flag[log_errors]" = "on";
12 php_admin_value[upload_max_filesize] = 20M 12 "php_admin_value[open_basedir]" = "${app.spipConfig}:${configDir}:${app}:${app.varDir}:/tmp";
13 php_admin_value[post_max_size] = 20M 13 "php_admin_value[session.save_path]" = "${app.varDir}/phpSessions";
14 ;php_admin_flag[log_errors] = on 14 } // (if app.environment == "dev" then {
15 php_admin_value[open_basedir] = "${app.spipConfig}:${configDir}:${app}:${app.varDir}:/tmp" 15 "pm" = "ondemand";
16 php_admin_value[session.save_path] = "${app.varDir}/phpSessions" 16 "pm.max_children" = "5";
17 ${if app.environment == "dev" then '' 17 "pm.process_idle_timeout" = "60";
18 pm = ondemand 18 } else {
19 pm.max_children = 5 19 "pm" = "dynamic";
20 pm.process_idle_timeout = 60 20 "pm.max_children" = "20";
21 '' else '' 21 "pm.start_servers" = "2";
22 pm = dynamic 22 "pm.min_spare_servers" = "1";
23 pm.max_children = 20 23 "pm.max_spare_servers" = "3";
24 pm.start_servers = 2 24 });
25 pm.min_spare_servers = 1
26 pm.max_spare_servers = 3
27 ''}'';
28 }; 25 };
29 keys = [{ 26 keys = [{
30 dest = "webapps/${app.environment}-chloe"; 27 dest = "webapps/${app.environment}-chloe";
@@ -51,7 +48,7 @@ rec {
51 modules = [ "proxy_fcgi" ]; 48 modules = [ "proxy_fcgi" ];
52 webappName = "chloe_${app.environment}"; 49 webappName = "chloe_${app.environment}";
53 root = "/run/current-system/webapps/${webappName}"; 50 root = "/run/current-system/webapps/${webappName}";
54 vhostConf = '' 51 vhostConf = socket: ''
55 Include /var/secrets/webapps/${app.environment}-chloe 52 Include /var/secrets/webapps/${app.environment}-chloe
56 53
57 RewriteEngine On 54 RewriteEngine On
@@ -60,7 +57,7 @@ rec {
60 '' else ""} 57 '' else ""}
61 58
62 <FilesMatch "\.php$"> 59 <FilesMatch "\.php$">
63 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 60 SetHandler "proxy:unix:${socket}|fcgi://localhost"
64 </FilesMatch> 61 </FilesMatch>
65 62
66 <Directory ${root}> 63 <Directory ${root}>
diff --git a/modules/private/websites/chloe/integration.nix b/modules/private/websites/chloe/integration.nix
index 6276eb7..caf6548 100644
--- a/modules/private/websites/chloe/integration.nix
+++ b/modules/private/websites/chloe/integration.nix
@@ -17,8 +17,9 @@ in {
17 systemd.services.phpfpm-chloe_dev.after = lib.mkAfter chloe.phpFpm.serviceDeps; 17 systemd.services.phpfpm-chloe_dev.after = lib.mkAfter chloe.phpFpm.serviceDeps;
18 systemd.services.phpfpm-chloe_dev.wants = chloe.phpFpm.serviceDeps; 18 systemd.services.phpfpm-chloe_dev.wants = chloe.phpFpm.serviceDeps;
19 services.phpfpm.pools.chloe_dev = { 19 services.phpfpm.pools.chloe_dev = {
20 listen = chloe.phpFpm.socket; 20 user = config.services.httpd.Inte.user;
21 extraConfig = chloe.phpFpm.pool; 21 group = config.services.httpd.Inte.group;
22 settings = chloe.phpFpm.pool;
22 phpOptions = config.services.phpfpm.phpOptions + '' 23 phpOptions = config.services.phpfpm.phpOptions + ''
23 extension=${pkgs.php}/lib/php/extensions/mysqli.so 24 extension=${pkgs.php}/lib/php/extensions/mysqli.so
24 ''; 25 '';
@@ -31,7 +32,9 @@ in {
31 addToCerts = true; 32 addToCerts = true;
32 hosts = ["chloe.immae.eu" ]; 33 hosts = ["chloe.immae.eu" ];
33 root = chloe.apache.root; 34 root = chloe.apache.root;
34 extraConfig = [ chloe.apache.vhostConf ]; 35 extraConfig = [
36 (chloe.apache.vhostConf config.services.phpfpm.pools.chloe_dev.socket)
37 ];
35 }; 38 };
36 services.websites.env.integration.watchPaths = [ 39 services.websites.env.integration.watchPaths = [
37 "/var/secrets/webapps/${chloe.app.environment}-chloe" 40 "/var/secrets/webapps/${chloe.app.environment}-chloe"
diff --git a/modules/private/websites/chloe/production.nix b/modules/private/websites/chloe/production.nix
index 578bf91..83f6c9b 100644
--- a/modules/private/websites/chloe/production.nix
+++ b/modules/private/websites/chloe/production.nix
@@ -19,8 +19,9 @@ in {
19 systemd.services.phpfpm-chloe_prod.after = lib.mkAfter chloe.phpFpm.serviceDeps; 19 systemd.services.phpfpm-chloe_prod.after = lib.mkAfter chloe.phpFpm.serviceDeps;
20 systemd.services.phpfpm-chloe_prod.wants = chloe.phpFpm.serviceDeps; 20 systemd.services.phpfpm-chloe_prod.wants = chloe.phpFpm.serviceDeps;
21 services.phpfpm.pools.chloe_prod = { 21 services.phpfpm.pools.chloe_prod = {
22 listen = chloe.phpFpm.socket; 22 user = config.services.httpd.Prod.user;
23 extraConfig = chloe.phpFpm.pool; 23 group = config.services.httpd.Prod.group;
24 settings = chloe.phpFpm.pool;
24 phpOptions = config.services.phpfpm.phpOptions + '' 25 phpOptions = config.services.phpfpm.phpOptions + ''
25 extension=${pkgs.php}/lib/php/extensions/mysqli.so 26 extension=${pkgs.php}/lib/php/extensions/mysqli.so
26 ''; 27 '';
@@ -39,7 +40,7 @@ in {
39 RewriteCond "%{HTTP_HOST}" "!^www\.osteopathe-cc\.fr$" [NC] 40 RewriteCond "%{HTTP_HOST}" "!^www\.osteopathe-cc\.fr$" [NC]
40 RewriteRule ^(.+)$ https://www.osteopathe-cc.fr$1 [R=302,L] 41 RewriteRule ^(.+)$ https://www.osteopathe-cc.fr$1 [R=302,L]
41 '' 42 ''
42 chloe.apache.vhostConf 43 (chloe.apache.vhostConf config.services.phpfpm.pools.chloe_prod.socket)
43 ]; 44 ];
44 }; 45 };
45 services.websites.env.production.watchPaths = [ 46 services.websites.env.production.watchPaths = [
diff --git a/modules/private/websites/commons/adminer.nix b/modules/private/websites/commons/adminer.nix
index d591c90..1803468 100644
--- a/modules/private/websites/commons/adminer.nix
+++ b/modules/private/websites/commons/adminer.nix
@@ -1,24 +1,5 @@
1{}: 1{ config, callPackage }:
2rec { 2callPackage ../tools/tools/adminer.nix {
3 phpFpm = { 3 adminer = null;
4 socket = "/var/run/phpfpm/adminer.sock"; 4 forcePhpSocket = config.services.phpfpm.pools.adminer.socket;
5 };
6 apache = rec {
7 modules = [ "proxy_fcgi" ];
8 webappName = "_adminer";
9 root = "/run/current-system/webapps/${webappName}";
10 vhostConf = ''
11 Alias /adminer ${root}
12 <Directory ${root}>
13 DirectoryIndex index.php
14 <FilesMatch "\.php$">
15 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
16 </FilesMatch>
17
18 Use LDAPConnect
19 Require ldap-group cn=users,cn=mysql,cn=pam,ou=services,dc=immae,dc=eu
20 Require ldap-group cn=users,cn=postgresql,cn=pam,ou=services,dc=immae,dc=eu
21 </Directory>
22 '';
23 };
24} 5}
diff --git a/modules/private/websites/connexionswing/integration.nix b/modules/private/websites/connexionswing/integration.nix
index 81cff8f..4f7b72d 100644
--- a/modules/private/websites/connexionswing/integration.nix
+++ b/modules/private/websites/connexionswing/integration.nix
@@ -25,15 +25,17 @@ in {
25 "./bin/console --env=${app.environment} cache:clear --no-warmup" 25 "./bin/console --env=${app.environment} cache:clear --no-warmup"
26 ]; 26 ];
27 phpOpenbasedir = [ "/tmp" "/run/wrappers/bin/sendmail" ]; 27 phpOpenbasedir = [ "/tmp" "/run/wrappers/bin/sendmail" ];
28 phpPool = '' 28 phpPool = {
29 php_admin_value[upload_max_filesize] = 20M 29 "php_admin_value[upload_max_filesize]" = "20M";
30 php_admin_value[post_max_size] = 20M 30 "php_admin_value[post_max_size]" = "20M";
31 ;php_admin_flag[log_errors] = on 31 #"php_admin_flag[log_errors]" = "on";
32 pm = ondemand 32 "pm" = "ondemand";
33 pm.max_children = 5 33 "pm.max_children" = "5";
34 pm.process_idle_timeout = 60 34 "pm.process_idle_timeout" = "60";
35 env[SYMFONY_DEBUG_MODE] = "yes" 35 };
36 ''; 36 phpEnv = {
37 SYMFONY_DEBUG_MODE = "yes";
38 };
37 phpWatchFiles = [ 39 phpWatchFiles = [
38 config.secrets.fullPaths."webapps/${app.environment}-connexionswing" 40 config.secrets.fullPaths."webapps/${app.environment}-connexionswing"
39 ]; 41 ];
diff --git a/modules/private/websites/connexionswing/production.nix b/modules/private/websites/connexionswing/production.nix
index fa31931..0b52af1 100644
--- a/modules/private/websites/connexionswing/production.nix
+++ b/modules/private/websites/connexionswing/production.nix
@@ -26,16 +26,16 @@ in {
26 "./bin/console --env=${app.environment} cache:clear --no-warmup" 26 "./bin/console --env=${app.environment} cache:clear --no-warmup"
27 ]; 27 ];
28 phpOpenbasedir = [ "/tmp" "/run/wrappers/bin/sendmail" ]; 28 phpOpenbasedir = [ "/tmp" "/run/wrappers/bin/sendmail" ];
29 phpPool = '' 29 phpPool = {
30 php_admin_value[upload_max_filesize] = 20M 30 "php_admin_value[upload_max_filesize]" = "20M";
31 php_admin_value[post_max_size] = 20M 31 "php_admin_value[post_max_size]" = "20M";
32 ;php_admin_flag[log_errors] = on 32 #"php_admin_flag[log_errors]" = "on";
33 pm = dynamic 33 "pm" = "dynamic";
34 pm.max_children = 20 34 "pm.max_children" = "20";
35 pm.start_servers = 2 35 "pm.start_servers" = "2";
36 pm.min_spare_servers = 1 36 "pm.min_spare_servers" = "1";
37 pm.max_spare_servers = 3 37 "pm.max_spare_servers" = "3";
38 ''; 38 };
39 phpWatchFiles = [ 39 phpWatchFiles = [
40 config.secrets.fullPaths."webapps/${app.environment}-connexionswing" 40 config.secrets.fullPaths."webapps/${app.environment}-connexionswing"
41 ]; 41 ];
diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix
index 5c0e655..529ec5c 100644
--- a/modules/private/websites/default.nix
+++ b/modules/private/websites/default.nix
@@ -87,9 +87,9 @@ in
87 #openssl = self.openssl_1_1; 87 #openssl = self.openssl_1_1;
88 php = php72; 88 php = php72;
89 php72 = (super.php72.override { 89 php72 = (super.php72.override {
90 mysql.connector-c = self.mariadb; 90 config.php.mysqlnd = true;
91 config.php.mysqlnd = false;
92 config.php.mysqli = false; 91 config.php.mysqli = false;
92 config.php.mhash = true; # Is it needed?
93 }).overrideAttrs(old: rec { 93 }).overrideAttrs(old: rec {
94 # Didn't manage to build with mysqli + mysql_config connector 94 # Didn't manage to build with mysqli + mysql_config connector
95 configureFlags = old.configureFlags ++ [ 95 configureFlags = old.configureFlags ++ [
@@ -140,9 +140,9 @@ in
140 ; 30 days (minutes) 140 ; 30 days (minutes)
141 session.cache_expire = 43200 141 session.cache_expire = 43200
142 ''; 142 '';
143 extraConfig = '' 143 settings = {
144 log_level = notice 144 log_level = "notice";
145 ''; 145 };
146 }; 146 };
147 147
148 services.filesWatcher.httpdProd.paths = [ "/var/secrets/apache-ldap" ]; 148 services.filesWatcher.httpdProd.paths = [ "/var/secrets/apache-ldap" ];
diff --git a/modules/private/websites/emilia/richie.nix b/modules/private/websites/emilia/richie.nix
index f7b4f8d..98ab1cd 100644
--- a/modules/private/websites/emilia/richie.nix
+++ b/modules/private/websites/emilia/richie.nix
@@ -49,22 +49,23 @@ in
49 ''; 49 '';
50 }; 50 };
51 services.phpfpm.pools.richie_production = { 51 services.phpfpm.pools.richie_production = {
52 listen = "/run/phpfpm/richie_production.sock"; 52 user = "wwwrun";
53 extraConfig = '' 53 group = "wwwrun";
54 user = wwwrun 54 settings = {
55 group = wwwrun 55 "listen.owner" = "wwwrun";
56 listen.owner = wwwrun 56 "listen.group" = "wwwrun";
57 listen.group = wwwrun
58 57
59 pm = ondemand 58 "pm" = "ondemand";
60 pm.max_children = 5 59 "pm.max_children" = "5";
61 pm.process_idle_timeout = 60 60 "pm.process_idle_timeout" = "60";
62 61
63 env[PATH] = /run/current-system/sw/bin:${lib.makeBinPath [ pkgs.imagemagick ]} 62 "php_admin_value[open_basedir]" = "${vardir}:/var/lib/php/sessions/richie_production:/var/secrets/webapps/prod-richie:${richieSrc}:/tmp";
64 env[BDD_CONNECT] = "/var/secrets/webapps/prod-richie" 63 "php_admin_value[session.save_path]" = "/var/lib/php/sessions/richie_production";
65 php_admin_value[open_basedir] = "${vardir}:/var/lib/php/sessions/richie_production:/var/secrets/webapps/prod-richie:${richieSrc}:/tmp" 64 };
66 php_admin_value[session.save_path] = "/var/lib/php/sessions/richie_production" 65 phpEnv = {
67 ''; 66 PATH = "/run/current-system/sw/bin:${lib.makeBinPath [ pkgs.imagemagick ]}";
67 BDD_CONNECT = "/var/secrets/webapps/prod-richie";
68 };
68 phpOptions = config.services.phpfpm.phpOptions + '' 69 phpOptions = config.services.phpfpm.phpOptions + ''
69 date.timezone = 'Europe/Paris' 70 date.timezone = 'Europe/Paris'
70 extension=${pkgs.php}/lib/php/extensions/mysqli.so 71 extension=${pkgs.php}/lib/php/extensions/mysqli.so
@@ -91,7 +92,7 @@ in
91 Require all granted 92 Require all granted
92 93
93 <FilesMatch "\.php$"> 94 <FilesMatch "\.php$">
94 SetHandler "proxy:unix:/run/phpfpm/richie_production.sock|fcgi://localhost" 95 SetHandler "proxy:unix:${config.services.phpfpm.pools.richie_production.socket}|fcgi://localhost"
95 </FilesMatch> 96 </FilesMatch>
96 </Directory> 97 </Directory>
97 '' 98 ''
diff --git a/modules/private/websites/evariste/production.nix b/modules/private/websites/evariste/production.nix
index 00e6fe1..43b26c8 100644
--- a/modules/private/websites/evariste/production.nix
+++ b/modules/private/websites/evariste/production.nix
@@ -21,20 +21,19 @@ in {
21 ''; 21 '';
22 }; 22 };
23 services.phpfpm.pools.nsievariste = { 23 services.phpfpm.pools.nsievariste = {
24 listen = "/run/phpfpm/nsievariste.sock"; 24 user = "wwwrun";
25 extraConfig = '' 25 group = "wwwrun";
26 user = wwwrun 26 settings = {
27 group = wwwrun 27 "listen.owner" = "wwwrun";
28 listen.owner = wwwrun 28 "listen.group" = "wwwrun";
29 listen.group = wwwrun
30 29
31 pm = ondemand 30 "pm" = "ondemand";
32 pm.max_children = 5 31 "pm.max_children" = "5";
33 pm.process_idle_timeout = 60 32 "pm.process_idle_timeout" = "60";
34 33
35 php_admin_value[open_basedir] = "/var/lib/php/sessions/nsievariste:${nsiVarDir}:/tmp" 34 "php_admin_value[open_basedir]" = "/var/lib/php/sessions/nsievariste:${nsiVarDir}:/tmp";
36 php_admin_value[session.save_path] = "/var/lib/php/sessions/nsievariste" 35 "php_admin_value[session.save_path]" = "/var/lib/php/sessions/nsievariste";
37 ''; 36 };
38 }; 37 };
39 services.websites.env.production.vhostConfs.nsievariste = { 38 services.websites.env.production.vhostConfs.nsievariste = {
40 certName = "eldiron"; 39 certName = "eldiron";
@@ -46,7 +45,7 @@ in {
46 Use Stats nsievariste.immae.eu 45 Use Stats nsievariste.immae.eu
47 46
48 <FilesMatch "\.php$"> 47 <FilesMatch "\.php$">
49 SetHandler "proxy:unix:/run/phpfpm/nsievariste.sock|fcgi://localhost" 48 SetHandler "proxy:unix:${config.services.phpfpm.pools.nsievariste.socket}|fcgi://localhost"
50 </FilesMatch> 49 </FilesMatch>
51 50
52 <Directory ${nsiVarDir}> 51 <Directory ${nsiVarDir}>
@@ -60,20 +59,19 @@ in {
60 }; 59 };
61 60
62 services.phpfpm.pools.stmgevariste = { 61 services.phpfpm.pools.stmgevariste = {
63 listen = "/run/phpfpm/stmgevariste.sock"; 62 user = "wwwrun";
64 extraConfig = '' 63 group = "wwwrun";
65 user = wwwrun 64 settings = {
66 group = wwwrun 65 "listen.owner" = "wwwrun";
67 listen.owner = wwwrun 66 "listen.group" = "wwwrun";
68 listen.group = wwwrun
69 67
70 pm = ondemand 68 "pm" = "ondemand";
71 pm.max_children = 5 69 "pm.max_children" = "5";
72 pm.process_idle_timeout = 60 70 "pm.process_idle_timeout" = "60";
73 71
74 php_admin_value[open_basedir] = "/var/lib/php/sessions/stmgevariste:${stmgVarDir}:/tmp" 72 "php_admin_value[open_basedir]" = "/var/lib/php/sessions/stmgevariste:${stmgVarDir}:/tmp";
75 php_admin_value[session.save_path] = "/var/lib/php/sessions/stmgevariste" 73 "php_admin_value[session.save_path]" = "/var/lib/php/sessions/stmgevariste";
76 ''; 74 };
77 }; 75 };
78 services.websites.env.production.vhostConfs.stmgevariste = { 76 services.websites.env.production.vhostConfs.stmgevariste = {
79 certName = "eldiron"; 77 certName = "eldiron";
@@ -85,7 +83,7 @@ in {
85 Use Stats stmgevariste.immae.eu 83 Use Stats stmgevariste.immae.eu
86 84
87 <FilesMatch "\.php$"> 85 <FilesMatch "\.php$">
88 SetHandler "proxy:unix:/run/phpfpm/stmgevariste.sock|fcgi://localhost" 86 SetHandler "proxy:unix:${config.services.phpfpm.pools.stmgevariste.socket}|fcgi://localhost"
89 </FilesMatch> 87 </FilesMatch>
90 88
91 <Directory ${stmgVarDir}> 89 <Directory ${stmgVarDir}>
diff --git a/modules/private/websites/florian/app.nix b/modules/private/websites/florian/app.nix
index e262c59..c65c26f 100644
--- a/modules/private/websites/florian/app.nix
+++ b/modules/private/websites/florian/app.nix
@@ -1,6 +1,6 @@
1{ lib, pkgs, config, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 adminer = pkgs.callPackage ../commons/adminer.nix {}; 3 adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; };
4 secrets = config.myEnv.websites.tellesflorian.integration; 4 secrets = config.myEnv.websites.tellesflorian.integration;
5 app = pkgs.webapps.tellesflorian.override { environment = secrets.environment; }; 5 app = pkgs.webapps.tellesflorian.override { environment = secrets.environment; };
6 cfg = config.myServices.websites.florian.app; 6 cfg = config.myServices.websites.florian.app;
@@ -24,15 +24,17 @@ in {
24 "./bin/console --env=${app.environment} cache:clear --no-warmup" 24 "./bin/console --env=${app.environment} cache:clear --no-warmup"
25 ]; 25 ];
26 phpOpenbasedir = [ "/tmp" ]; 26 phpOpenbasedir = [ "/tmp" ];
27 phpPool = '' 27 phpPool = {
28 php_admin_value[upload_max_filesize] = 20M 28 "php_admin_value[upload_max_filesize]" = "20M";
29 php_admin_value[post_max_size] = 20M 29 "php_admin_value[post_max_size]" = "20M";
30 ;php_admin_flag[log_errors] = on 30 #"php_admin_flag[log_errors]" = "on";
31 pm = ondemand 31 "pm" = "ondemand";
32 pm.max_children = 5 32 "pm.max_children" = "5";
33 pm.process_idle_timeout = 60 33 "pm.process_idle_timeout" = "60";
34 env[SYMFONY_DEBUG_MODE] = "yes" 34 };
35 ''; 35 phpEnv = {
36 SYMFONY_DEBUG_MODE = "yes";
37 };
36 phpWatchFiles = [ 38 phpWatchFiles = [
37 config.secrets.fullPaths."webapps/${app.environment}-tellesflorian" 39 config.secrets.fullPaths."webapps/${app.environment}-tellesflorian"
38 ]; 40 ];
@@ -134,7 +136,7 @@ in {
134 136
135 </Directory> 137 </Directory>
136 '' 138 ''
137 adminer.apache.vhostConf 139 (adminer.apache.vhostConf null)
138 ]; 140 ];
139 }; 141 };
140 }; 142 };
diff --git a/modules/private/websites/florian/integration.nix b/modules/private/websites/florian/integration.nix
index 57c4006..4ee160a 100644
--- a/modules/private/websites/florian/integration.nix
+++ b/modules/private/websites/florian/integration.nix
@@ -1,6 +1,6 @@
1{ lib, pkgs, config, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 adminer = pkgs.callPackage ../commons/adminer.nix {}; 3 adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; };
4 cfg = config.myServices.websites.florian.integration; 4 cfg = config.myServices.websites.florian.integration;
5 varDir = "/var/lib/ftp/florian"; 5 varDir = "/var/lib/ftp/florian";
6 env = config.myEnv.websites.florian; 6 env = config.myEnv.websites.florian;
@@ -8,7 +8,7 @@ in {
8 options.myServices.websites.florian.integration.enable = lib.mkEnableOption "enable Florian's website integration"; 8 options.myServices.websites.florian.integration.enable = lib.mkEnableOption "enable Florian's website integration";
9 9
10 config = lib.mkIf cfg.enable { 10 config = lib.mkIf cfg.enable {
11 security.acme2.certs."ftp".extraDomains."florian.immae.eu" = null; 11 security.acme.certs."ftp".extraDomains."florian.immae.eu" = null;
12 12
13 services.websites.env.integration.modules = adminer.apache.modules; 13 services.websites.env.integration.modules = adminer.apache.modules;
14 services.websites.env.integration.vhostConfs.florian = { 14 services.websites.env.integration.vhostConfs.florian = {
@@ -17,7 +17,7 @@ in {
17 hosts = [ "florian.immae.eu" ]; 17 hosts = [ "florian.immae.eu" ];
18 root = "${varDir}/florian.immae.eu"; 18 root = "${varDir}/florian.immae.eu";
19 extraConfig = [ 19 extraConfig = [
20 adminer.apache.vhostConf 20 (adminer.apache.vhostConf null)
21 '' 21 ''
22 ServerAdmin ${env.server_admin} 22 ServerAdmin ${env.server_admin}
23 23
diff --git a/modules/private/websites/florian/production.nix b/modules/private/websites/florian/production.nix
index 1abc715..16c6022 100644
--- a/modules/private/websites/florian/production.nix
+++ b/modules/private/websites/florian/production.nix
@@ -1,6 +1,6 @@
1{ lib, pkgs, config, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 adminer = pkgs.callPackage ../commons/adminer.nix {}; 3 adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; };
4 cfg = config.myServices.websites.florian.production; 4 cfg = config.myServices.websites.florian.production;
5 varDir = "/var/lib/ftp/florian"; 5 varDir = "/var/lib/ftp/florian";
6 env = config.myEnv.websites.florian; 6 env = config.myEnv.websites.florian;
@@ -8,7 +8,7 @@ in {
8 options.myServices.websites.florian.production.enable = lib.mkEnableOption "enable Florian's website production"; 8 options.myServices.websites.florian.production.enable = lib.mkEnableOption "enable Florian's website production";
9 9
10 config = lib.mkIf cfg.enable { 10 config = lib.mkIf cfg.enable {
11 security.acme2.certs."ftp".extraDomains."tellesflorian.com" = null; 11 security.acme.certs."ftp".extraDomains."tellesflorian.com" = null;
12 12
13 services.websites.env.production.modules = adminer.apache.modules; 13 services.websites.env.production.modules = adminer.apache.modules;
14 services.websites.env.production.vhostConfs.florian = { 14 services.websites.env.production.vhostConfs.florian = {
@@ -17,7 +17,7 @@ in {
17 hosts = [ "tellesflorian.com" "www.tellesflorian.com" ]; 17 hosts = [ "tellesflorian.com" "www.tellesflorian.com" ];
18 root = "${varDir}/tellesflorian.com"; 18 root = "${varDir}/tellesflorian.com";
19 extraConfig = [ 19 extraConfig = [
20 adminer.apache.vhostConf 20 (adminer.apache.vhostConf null)
21 '' 21 ''
22 ServerAdmin ${env.server_admin} 22 ServerAdmin ${env.server_admin}
23 23
diff --git a/modules/private/websites/isabelle/aten_integration.nix b/modules/private/websites/isabelle/aten_integration.nix
index a2a087c..fb6eda9 100644
--- a/modules/private/websites/isabelle/aten_integration.nix
+++ b/modules/private/websites/isabelle/aten_integration.nix
@@ -23,15 +23,17 @@ in {
23 "APP_ENV=${app.environment} ./bin/console --env=${app.environment} cache:clear --no-warmup" 23 "APP_ENV=${app.environment} ./bin/console --env=${app.environment} cache:clear --no-warmup"
24 ]; 24 ];
25 phpOpenbasedir = [ "/tmp" ]; 25 phpOpenbasedir = [ "/tmp" ];
26 phpPool = '' 26 phpPool = {
27 php_admin_value[upload_max_filesize] = 20M 27 "php_admin_value[upload_max_filesize]" = "20M";
28 php_admin_value[post_max_size] = 20M 28 "php_admin_value[post_max_size]" = "20M";
29 ;php_admin_flag[log_errors] = on 29 #"php_admin_flag[log_errors]" = "on";
30 pm = ondemand 30 "pm" = "ondemand";
31 pm.max_children = 5 31 "pm.max_children" = "5";
32 pm.process_idle_timeout = 60 32 "pm.process_idle_timeout" = "60";
33 env[SYMFONY_DEBUG_MODE] = "yes" 33 };
34 ''; 34 phpEnv = {
35 SYMFONY_DEBUG_MODE = "yes";
36 };
35 }; 37 };
36 38
37 secrets.keys = [{ 39 secrets.keys = [{
diff --git a/modules/private/websites/isabelle/aten_production.nix b/modules/private/websites/isabelle/aten_production.nix
index 8e33f0f..cf7e4a2 100644
--- a/modules/private/websites/isabelle/aten_production.nix
+++ b/modules/private/websites/isabelle/aten_production.nix
@@ -24,16 +24,16 @@ in {
24 "APP_ENV=${app.environment} ./bin/console --env=${app.environment} cache:clear --no-warmup" 24 "APP_ENV=${app.environment} ./bin/console --env=${app.environment} cache:clear --no-warmup"
25 ]; 25 ];
26 phpOpenbasedir = [ "/tmp" ]; 26 phpOpenbasedir = [ "/tmp" ];
27 phpPool = '' 27 phpPool = {
28 php_admin_value[upload_max_filesize] = 20M 28 "php_admin_value[upload_max_filesize]" = "20M";
29 php_admin_value[post_max_size] = 20M 29 "php_admin_value[post_max_size]" = "20M";
30 ;php_admin_flag[log_errors] = on 30 #"php_admin_flag[log_errors]" = "on";
31 pm = dynamic 31 "pm" = "dynamic";
32 pm.max_children = 20 32 "pm.max_children" = "20";
33 pm.start_servers = 2 33 "pm.start_servers" = "2";
34 pm.min_spare_servers = 1 34 "pm.min_spare_servers" = "1";
35 pm.max_spare_servers = 3 35 "pm.max_spare_servers" = "3";
36 ''; 36 };
37 }; 37 };
38 38
39 secrets.keys = [{ 39 secrets.keys = [{
diff --git a/modules/private/websites/isabelle/iridologie.nix b/modules/private/websites/isabelle/iridologie.nix
index 460bd2a..ffbf259 100644
--- a/modules/private/websites/isabelle/iridologie.nix
+++ b/modules/private/websites/isabelle/iridologie.nix
@@ -19,8 +19,9 @@ in {
19 systemd.services.phpfpm-iridologie.after = lib.mkAfter iridologie.phpFpm.serviceDeps; 19 systemd.services.phpfpm-iridologie.after = lib.mkAfter iridologie.phpFpm.serviceDeps;
20 systemd.services.phpfpm-iridologie.wants = iridologie.phpFpm.serviceDeps; 20 systemd.services.phpfpm-iridologie.wants = iridologie.phpFpm.serviceDeps;
21 services.phpfpm.pools.iridologie = { 21 services.phpfpm.pools.iridologie = {
22 listen = iridologie.phpFpm.socket; 22 user = config.services.httpd.Prod.user;
23 extraConfig = iridologie.phpFpm.pool; 23 group = config.services.httpd.Prod.group;
24 settings = iridologie.phpFpm.pool;
24 phpOptions = config.services.phpfpm.phpOptions + '' 25 phpOptions = config.services.phpfpm.phpOptions + ''
25 extension=${pkgs.php}/lib/php/extensions/mysqli.so 26 extension=${pkgs.php}/lib/php/extensions/mysqli.so
26 ''; 27 '';
@@ -39,7 +40,7 @@ in {
39 RewriteCond "%{HTTP_HOST}" "!^iridologie\.icommandeur\.org$" [NC] 40 RewriteCond "%{HTTP_HOST}" "!^iridologie\.icommandeur\.org$" [NC]
40 RewriteRule ^(.+)$ https://iridologie.icommandeur.org$1 [R=302,L] 41 RewriteRule ^(.+)$ https://iridologie.icommandeur.org$1 [R=302,L]
41 '' 42 ''
42 iridologie.apache.vhostConf 43 (iridologie.apache.vhostConf config.services.phpfpm.pools.iridologie.socket)
43 ]; 44 ];
44 }; 45 };
45 services.websites.env.production.watchPaths = [ 46 services.websites.env.production.watchPaths = [
diff --git a/modules/private/websites/isabelle/spip_builder.nix b/modules/private/websites/isabelle/spip_builder.nix
index 2ab5394..e1130d1 100644
--- a/modules/private/websites/isabelle/spip_builder.nix
+++ b/modules/private/websites/isabelle/spip_builder.nix
@@ -3,28 +3,25 @@ rec {
3 app = iridologie.override { inherit (config) environment; }; 3 app = iridologie.override { inherit (config) environment; };
4 phpFpm = rec { 4 phpFpm = rec {
5 serviceDeps = [ "mysql.service" ]; 5 serviceDeps = [ "mysql.service" ];
6 socket = "/var/run/phpfpm/iridologie-${app.environment}.sock"; 6 pool = {
7 pool = '' 7 "listen.owner" = "${apacheUser}";
8 user = ${apacheUser} 8 "listen.group" = "${apacheGroup}";
9 group = ${apacheGroup} 9 "php_admin_value[upload_max_filesize]" = "20M";
10 listen.owner = ${apacheUser} 10 "php_admin_value[post_max_size]" = "20M";
11 listen.group = ${apacheGroup} 11 #"php_admin_flag[log_errors]" = "on";
12 php_admin_value[upload_max_filesize] = 20M 12 "php_admin_value[open_basedir]" = "${app.spipConfig}:${configDir}:${app}:${app.varDir}:/tmp";
13 php_admin_value[post_max_size] = 20M 13 "php_admin_value[session.save_path]" = "${app.varDir}/phpSessions";
14 ;php_admin_flag[log_errors] = on 14 } // (if app.environment == "dev" then {
15 php_admin_value[open_basedir] = "${app.spipConfig}:${configDir}:${app}:${app.varDir}:/tmp" 15 "pm" = "ondemand";
16 php_admin_value[session.save_path] = "${app.varDir}/phpSessions" 16 "pm.max_children" = "5";
17 ${if app.environment == "dev" then '' 17 "pm.process_idle_timeout" = "60";
18 pm = ondemand 18 } else {
19 pm.max_children = 5 19 "pm" = "dynamic";
20 pm.process_idle_timeout = 60 20 "pm.max_children" = "20";
21 '' else '' 21 "pm.start_servers" = "2";
22 pm = dynamic 22 "pm.min_spare_servers" = "1";
23 pm.max_children = 20 23 "pm.max_spare_servers" = "3";
24 pm.start_servers = 2 24 });
25 pm.min_spare_servers = 1
26 pm.max_spare_servers = 3
27 ''}'';
28 }; 25 };
29 keys = [{ 26 keys = [{
30 dest = "webapps/${app.environment}-iridologie"; 27 dest = "webapps/${app.environment}-iridologie";
@@ -51,13 +48,13 @@ rec {
51 modules = [ "proxy_fcgi" ]; 48 modules = [ "proxy_fcgi" ];
52 webappName = "iridologie_${app.environment}"; 49 webappName = "iridologie_${app.environment}";
53 root = "/run/current-system/webapps/${webappName}"; 50 root = "/run/current-system/webapps/${webappName}";
54 vhostConf = '' 51 vhostConf = socket: ''
55 Include /var/secrets/webapps/${app.environment}-iridologie 52 Include /var/secrets/webapps/${app.environment}-iridologie
56 53
57 RewriteEngine On 54 RewriteEngine On
58 55
59 <FilesMatch "\.php$"> 56 <FilesMatch "\.php$">
60 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 57 SetHandler "proxy:unix:${socket}|fcgi://localhost"
61 </FilesMatch> 58 </FilesMatch>
62 59
63 <Directory ${root}> 60 <Directory ${root}>
diff --git a/modules/private/websites/leila/production.nix b/modules/private/websites/leila/production.nix
index e8591c8..3b289cf 100644
--- a/modules/private/websites/leila/production.nix
+++ b/modules/private/websites/leila/production.nix
@@ -7,19 +7,18 @@ in {
7 7
8 config = lib.mkIf cfg.enable { 8 config = lib.mkIf cfg.enable {
9 services.phpfpm.pools.leila = { 9 services.phpfpm.pools.leila = {
10 listen = "/run/phpfpm/leila.sock"; 10 user = "wwwrun";
11 extraConfig = '' 11 group = "wwwrun";
12 user = wwwrun 12 settings = {
13 group = wwwrun 13 "listen.owner" = "wwwrun";
14 listen.owner = wwwrun 14 "listen.group" = "wwwrun";
15 listen.group = wwwrun
16 15
17 pm = ondemand 16 "pm" = "ondemand";
18 pm.max_children = 5 17 "pm.max_children" = "5";
19 pm.process_idle_timeout = 60 18 "pm.process_idle_timeout" = "60";
20 19
21 php_admin_value[open_basedir] = "${varDir}:/tmp" 20 "php_admin_value[open_basedir]" = "${varDir}:/tmp";
22 ''; 21 };
23 }; 22 };
24 23
25 services.webstats.sites = [ 24 services.webstats.sites = [
@@ -46,7 +45,7 @@ in {
46 Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu 45 Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
47 46
48 <FilesMatch "\.php$"> 47 <FilesMatch "\.php$">
49 SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost" 48 SetHandler "proxy:unix:${config.services.phpfpm.pools.leila.socket}|fcgi://localhost"
50 </FilesMatch> 49 </FilesMatch>
51 </Directory> 50 </Directory>
52 '' 51 ''
@@ -66,7 +65,7 @@ in {
66 AllowOverride None 65 AllowOverride None
67 66
68 <FilesMatch "\.php$"> 67 <FilesMatch "\.php$">
69 SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost" 68 SetHandler "proxy:unix:${config.services.phpfpm.pools.leila.socket}|fcgi://localhost"
70 </FilesMatch> 69 </FilesMatch>
71 </Directory> 70 </Directory>
72 '' 71 ''
@@ -89,7 +88,7 @@ in {
89 Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu 88 Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
90 89
91 <FilesMatch "\.php$"> 90 <FilesMatch "\.php$">
92 SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost" 91 SetHandler "proxy:unix:${config.services.phpfpm.pools.leila.socket}|fcgi://localhost"
93 </FilesMatch> 92 </FilesMatch>
94 </Directory> 93 </Directory>
95 <Directory ${varDir}> 94 <Directory ${varDir}>
diff --git a/modules/private/websites/ludivinecassal/integration.nix b/modules/private/websites/ludivinecassal/integration.nix
index 1cbfd12..d304fdf 100644
--- a/modules/private/websites/ludivinecassal/integration.nix
+++ b/modules/private/websites/ludivinecassal/integration.nix
@@ -23,15 +23,17 @@ in {
23 "./bin/console --env=${app.environment} cache:clear --no-warmup" 23 "./bin/console --env=${app.environment} cache:clear --no-warmup"
24 ]; 24 ];
25 phpOpenbasedir = [ "/tmp" ]; 25 phpOpenbasedir = [ "/tmp" ];
26 phpPool = '' 26 phpPool = {
27 php_admin_value[upload_max_filesize] = 20M 27 "php_admin_value[upload_max_filesize]" = "20M";
28 php_admin_value[post_max_size] = 20M 28 "php_admin_value[post_max_size]" = "20M";
29 ;php_admin_flag[log_errors] = on 29 #"php_admin_flag[log_errors]" = "on";
30 pm = ondemand 30 "pm" = "ondemand";
31 pm.max_children = 5 31 "pm.max_children" = "5";
32 pm.process_idle_timeout = 60 32 "pm.process_idle_timeout" = "60";
33 env[SYMFONY_DEBUG_MODE] = "yes" 33 };
34 ''; 34 phpEnv = {
35 SYMFONY_DEBUG_MODE = "yes";
36 };
35 phpWatchFiles = [ 37 phpWatchFiles = [
36 config.secrets.fullPaths."webapps/${app.environment}-ludivinecassal" 38 config.secrets.fullPaths."webapps/${app.environment}-ludivinecassal"
37 ]; 39 ];
diff --git a/modules/private/websites/ludivinecassal/production.nix b/modules/private/websites/ludivinecassal/production.nix
index 7cf00f0..5761be7 100644
--- a/modules/private/websites/ludivinecassal/production.nix
+++ b/modules/private/websites/ludivinecassal/production.nix
@@ -24,16 +24,16 @@ in {
24 "./bin/console --env=${app.environment} cache:clear --no-warmup" 24 "./bin/console --env=${app.environment} cache:clear --no-warmup"
25 ]; 25 ];
26 phpOpenbasedir = [ "/tmp" ]; 26 phpOpenbasedir = [ "/tmp" ];
27 phpPool = '' 27 phpPool = {
28 php_admin_value[upload_max_filesize] = 20M 28 "php_admin_value[upload_max_filesize]" = "20M";
29 php_admin_value[post_max_size] = 20M 29 "php_admin_value[post_max_size]" = "20M";
30 ;php_admin_flag[log_errors] = on 30 #"php_admin_flag[log_errors]" = "on";
31 pm = dynamic 31 "pm" = "dynamic";
32 pm.max_children = 20 32 "pm.max_children" = "20";
33 pm.start_servers = 2 33 "pm.start_servers" = "2";
34 pm.min_spare_servers = 1 34 "pm.min_spare_servers" = "1";
35 pm.max_spare_servers = 3 35 "pm.max_spare_servers" = "3";
36 ''; 36 };
37 phpWatchFiles = [ 37 phpWatchFiles = [
38 config.secrets.fullPaths."webapps/${app.environment}-ludivinecassal" 38 config.secrets.fullPaths."webapps/${app.environment}-ludivinecassal"
39 ]; 39 ];
diff --git a/modules/private/websites/nassime/production.nix b/modules/private/websites/nassime/production.nix
index 293519f..f9468f9 100644
--- a/modules/private/websites/nassime/production.nix
+++ b/modules/private/websites/nassime/production.nix
@@ -9,7 +9,7 @@ in {
9 config = lib.mkIf cfg.enable { 9 config = lib.mkIf cfg.enable {
10 services.webstats.sites = [ { name = "nassime.bouya.org"; } ]; 10 services.webstats.sites = [ { name = "nassime.bouya.org"; } ];
11 11
12 security.acme2.certs."ftp".extraDomains."nassime.bouya.org" = null; 12 security.acme.certs."ftp".extraDomains."nassime.bouya.org" = null;
13 13
14 services.websites.env.production.vhostConfs.nassime = { 14 services.websites.env.production.vhostConfs.nassime = {
15 certName = "nassime"; 15 certName = "nassime";
diff --git a/modules/private/websites/naturaloutil/production.nix b/modules/private/websites/naturaloutil/production.nix
index a276c47..1e79141 100644
--- a/modules/private/websites/naturaloutil/production.nix
+++ b/modules/private/websites/naturaloutil/production.nix
@@ -1,6 +1,6 @@
1{ lib, pkgs, config, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 adminer = pkgs.callPackage ../commons/adminer.nix {}; 3 adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; };
4 cfg = config.myServices.websites.naturaloutil.production; 4 cfg = config.myServices.websites.naturaloutil.production;
5 varDir = "/var/lib/ftp/jerome"; 5 varDir = "/var/lib/ftp/jerome";
6 env = config.myEnv.websites.jerome; 6 env = config.myEnv.websites.jerome;
@@ -10,7 +10,7 @@ in {
10 config = lib.mkIf cfg.enable { 10 config = lib.mkIf cfg.enable {
11 services.webstats.sites = [ { name = "naturaloutil.immae.eu"; } ]; 11 services.webstats.sites = [ { name = "naturaloutil.immae.eu"; } ];
12 12
13 security.acme2.certs."ftp".extraDomains."naturaloutil.immae.eu" = null; 13 security.acme.certs."ftp".extraDomains."naturaloutil.immae.eu" = null;
14 14
15 secrets.keys = [{ 15 secrets.keys = [{
16 dest = "webapps/prod-naturaloutil"; 16 dest = "webapps/prod-naturaloutil";
@@ -42,21 +42,22 @@ in {
42 systemd.services.phpfpm-jerome.after = lib.mkAfter [ "mysql.service" ]; 42 systemd.services.phpfpm-jerome.after = lib.mkAfter [ "mysql.service" ];
43 systemd.services.phpfpm-jerome.wants = [ "mysql.service" ]; 43 systemd.services.phpfpm-jerome.wants = [ "mysql.service" ];
44 services.phpfpm.pools.jerome = { 44 services.phpfpm.pools.jerome = {
45 listen = "/run/phpfpm/naturaloutil.sock"; 45 user = "wwwrun";
46 extraConfig = '' 46 group = "wwwrun";
47 user = wwwrun 47 settings = {
48 group = wwwrun 48 "listen.owner" = "wwwrun";
49 listen.owner = wwwrun 49 "listen.group" = "wwwrun";
50 listen.group = wwwrun
51 50
52 pm = ondemand 51 "pm" = "ondemand";
53 pm.max_children = 5 52 "pm.max_children" = "5";
54 pm.process_idle_timeout = 60 53 "pm.process_idle_timeout" = "60";
55 54
56 env[BDD_CONNECT] = "/var/secrets/webapps/prod-naturaloutil" 55 "php_admin_value[open_basedir]" = "/var/lib/php/sessions/naturaloutil:/var/secrets/webapps/prod-naturaloutil:${varDir}:/tmp";
57 php_admin_value[open_basedir] = "/var/lib/php/sessions/naturaloutil:/var/secrets/webapps/prod-naturaloutil:${varDir}:/tmp" 56 "php_admin_value[session.save_path]" = "/var/lib/php/sessions/naturaloutil";
58 php_admin_value[session.save_path] = "/var/lib/php/sessions/naturaloutil" 57 };
59 ''; 58 phpEnv = {
59 BDD_CONNECT = "/var/secrets/webapps/prod-naturaloutil";
60 };
60 phpOptions = config.services.phpfpm.phpOptions + '' 61 phpOptions = config.services.phpfpm.phpOptions + ''
61 extension=${pkgs.php}/lib/php/extensions/mysqli.so 62 extension=${pkgs.php}/lib/php/extensions/mysqli.so
62 ''; 63 '';
@@ -68,7 +69,7 @@ in {
68 hosts = ["naturaloutil.immae.eu" ]; 69 hosts = ["naturaloutil.immae.eu" ];
69 root = varDir; 70 root = varDir;
70 extraConfig = [ 71 extraConfig = [
71 adminer.apache.vhostConf 72 (adminer.apache.vhostConf null)
72 '' 73 ''
73 Use Stats naturaloutil.immae.eu 74 Use Stats naturaloutil.immae.eu
74 ServerAdmin ${env.server_admin} 75 ServerAdmin ${env.server_admin}
@@ -76,7 +77,7 @@ in {
76 CustomLog "${varDir}/logs/access_log" combined 77 CustomLog "${varDir}/logs/access_log" combined
77 78
78 <FilesMatch "\.php$"> 79 <FilesMatch "\.php$">
79 SetHandler "proxy:unix:/run/phpfpm/naturaloutil.sock|fcgi://localhost" 80 SetHandler "proxy:unix:${config.services.phpfpm.pools.jerome.socket}|fcgi://localhost"
80 </FilesMatch> 81 </FilesMatch>
81 82
82 <Directory ${varDir}/logs> 83 <Directory ${varDir}/logs>
diff --git a/modules/private/websites/papa/maison_bbc.nix b/modules/private/websites/papa/maison_bbc.nix
index eb61b6d..11e7937 100644
--- a/modules/private/websites/papa/maison_bbc.nix
+++ b/modules/private/websites/papa/maison_bbc.nix
@@ -9,19 +9,18 @@ in {
9 services.duplyBackup.profiles.papa_maison_bbc.rootDir = varDir; 9 services.duplyBackup.profiles.papa_maison_bbc.rootDir = varDir;
10 services.webstats.sites = [ { name = "maison.bbc.bouya.org"; } ]; 10 services.webstats.sites = [ { name = "maison.bbc.bouya.org"; } ];
11 services.phpfpm.pools.papa_maison_bbc = { 11 services.phpfpm.pools.papa_maison_bbc = {
12 listen = "/run/phpfpm/papa_maison_bbc.sock"; 12 user = "wwwrun";
13 extraConfig = '' 13 group = "wwwrun";
14 user = wwwrun 14 settings = {
15 group = wwwrun 15 "listen.owner" = "wwwrun";
16 listen.owner = wwwrun 16 "listen.group" = "wwwrun";
17 listen.group = wwwrun
18 17
19 pm = ondemand 18 "pm" = "ondemand";
20 pm.max_children = 5 19 "pm.max_children" = "5";
21 pm.process_idle_timeout = 60 20 "pm.process_idle_timeout" = "60";
22 21
23 php_admin_value[open_basedir] = "${varDir}" 22 "php_admin_value[open_basedir]" = varDir;
24 ''; 23 };
25 phpOptions = config.services.phpfpm.phpOptions + '' 24 phpOptions = config.services.phpfpm.phpOptions + ''
26 date.timezone = 'Europe/Paris' 25 date.timezone = 'Europe/Paris'
27 extension=${pkgs.php}/lib/php/extensions/mysqli.so 26 extension=${pkgs.php}/lib/php/extensions/mysqli.so
@@ -34,17 +33,17 @@ in {
34 root = varDir; 33 root = varDir;
35 extraConfig = [ 34 extraConfig = [
36 '' 35 ''
37 Alias /.well-known/acme-challenge ${config.security.acme2.certs.papa.webroot}/.well-known/acme-challenge 36 Alias /.well-known/acme-challenge ${config.security.acme.certs.papa.webroot}/.well-known/acme-challenge
38 RedirectMatch 301 ^/((?!(\.well-known|add.php).*$).*)$ https://maison.bbc.bouya.org/$1 37 RedirectMatch 301 ^/((?!(\.well-known|add.php).*$).*)$ https://maison.bbc.bouya.org/$1
39 <Directory ${varDir}> 38 <Directory ${varDir}>
40 DirectoryIndex index.php index.htm index.html 39 DirectoryIndex index.php index.htm index.html
41 AllowOverride None 40 AllowOverride None
42 Require all granted 41 Require all granted
43 <FilesMatch "\.php$"> 42 <FilesMatch "\.php$">
44 SetHandler "proxy:unix:/run/phpfpm/papa_maison_bbc.sock|fcgi://localhost" 43 SetHandler "proxy:unix:${config.services.phpfpm.pools.papa_maison_bbc.socket}|fcgi://localhost"
45 </FilesMatch> 44 </FilesMatch>
46 </Directory> 45 </Directory>
47 <Directory "${config.security.acme2.certs.papa.webroot}"> 46 <Directory "${config.security.acme.certs.papa.webroot}">
48 Options Indexes FollowSymLinks 47 Options Indexes FollowSymLinks
49 AllowOverride None 48 AllowOverride None
50 Require all granted 49 Require all granted
@@ -64,7 +63,7 @@ in {
64 AllowOverride None 63 AllowOverride None
65 Require all granted 64 Require all granted
66 <FilesMatch "\.php$"> 65 <FilesMatch "\.php$">
67 SetHandler "proxy:unix:/run/phpfpm/papa_maison_bbc.sock|fcgi://localhost" 66 SetHandler "proxy:unix:${config.services.phpfpm.pools.papa_maison_bbc.socket}|fcgi://localhost"
68 </FilesMatch> 67 </FilesMatch>
69 </Directory> 68 </Directory>
70 '' 69 ''
diff --git a/modules/private/websites/papa/surveillance.nix b/modules/private/websites/papa/surveillance.nix
index f6e1772..1bb6ac8 100644
--- a/modules/private/websites/papa/surveillance.nix
+++ b/modules/private/websites/papa/surveillance.nix
@@ -6,7 +6,7 @@ in {
6 options.myServices.websites.papa.surveillance.enable = lib.mkEnableOption "enable Papa surveillance's website"; 6 options.myServices.websites.papa.surveillance.enable = lib.mkEnableOption "enable Papa surveillance's website";
7 7
8 config = lib.mkIf cfg.enable { 8 config = lib.mkIf cfg.enable {
9 security.acme2.certs."ftp".extraDomains."surveillance.maison.bbc.bouya.org" = null; 9 security.acme.certs."ftp".extraDomains."surveillance.maison.bbc.bouya.org" = null;
10 10
11 services.cron = { 11 services.cron = {
12 systemCronJobs = let 12 systemCronJobs = let
diff --git a/modules/private/websites/piedsjaloux/integration.nix b/modules/private/websites/piedsjaloux/integration.nix
index 5907bc8..76523ed 100644
--- a/modules/private/websites/piedsjaloux/integration.nix
+++ b/modules/private/websites/piedsjaloux/integration.nix
@@ -23,16 +23,18 @@ in {
23 "./bin/console --env=${app.environment} cache:clear --no-warmup" 23 "./bin/console --env=${app.environment} cache:clear --no-warmup"
24 ]; 24 ];
25 phpOpenbasedir = [ "/tmp" ]; 25 phpOpenbasedir = [ "/tmp" ];
26 phpPool = '' 26 phpPool = {
27 php_admin_value[upload_max_filesize] = 20M 27 "php_admin_value[upload_max_filesize]" = "20M";
28 php_admin_value[post_max_size] = 20M 28 "php_admin_value[post_max_size]" = "20M";
29 ;php_admin_flag[log_errors] = on 29 #"php_admin_flag[log_errors]" = "on";
30 env[PATH] = ${lib.makeBinPath [ pkgs.apg pkgs.unzip ]} 30 "pm" = "ondemand";
31 pm = ondemand 31 "pm.max_children" = "5";
32 pm.max_children = 5 32 "pm.process_idle_timeout" = "60";
33 pm.process_idle_timeout = 60 33 };
34 env[SYMFONY_DEBUG_MODE] = "yes" 34 phpEnv = {
35 ''; 35 PATH = lib.makeBinPath [ pkgs.apg pkgs.unzip ];
36 SYMFONY_DEBUG_MODE = "yes";
37 };
36 phpWatchFiles = [ 38 phpWatchFiles = [
37 config.secrets.fullPaths."webapps/${app.environment}-piedsjaloux" 39 config.secrets.fullPaths."webapps/${app.environment}-piedsjaloux"
38 ]; 40 ];
diff --git a/modules/private/websites/piedsjaloux/production.nix b/modules/private/websites/piedsjaloux/production.nix
index e4e29c7..d3e5c2b 100644
--- a/modules/private/websites/piedsjaloux/production.nix
+++ b/modules/private/websites/piedsjaloux/production.nix
@@ -24,17 +24,19 @@ in {
24 "./bin/console --env=${app.environment} cache:clear --no-warmup" 24 "./bin/console --env=${app.environment} cache:clear --no-warmup"
25 ]; 25 ];
26 phpOpenbasedir = [ "/tmp" ]; 26 phpOpenbasedir = [ "/tmp" ];
27 phpPool = '' 27 phpPool = {
28 php_admin_value[upload_max_filesize] = 20M 28 "php_admin_value[upload_max_filesize]" = "20M";
29 php_admin_value[post_max_size] = 20M 29 "php_admin_value[post_max_size]" = "20M";
30 ;php_admin_flag[log_errors] = on 30 #"php_admin_flag[log_errors]" = "on";
31 env[PATH] = ${lib.makeBinPath [ pkgs.apg pkgs.unzip ]} 31 "pm" = "dynamic";
32 pm = dynamic 32 "pm.max_children" = "20";
33 pm.max_children = 20 33 "pm.start_servers" = "2";
34 pm.start_servers = 2 34 "pm.min_spare_servers" = "1";
35 pm.min_spare_servers = 1 35 "pm.max_spare_servers" = "3";
36 pm.max_spare_servers = 3 36 };
37 ''; 37 phpEnv = {
38 PATH = lib.makeBinPath [ pkgs.apg pkgs.unzip ];
39 };
38 phpWatchFiles = [ 40 phpWatchFiles = [
39 config.secrets.fullPaths."webapps/${app.environment}-piedsjaloux" 41 config.secrets.fullPaths."webapps/${app.environment}-piedsjaloux"
40 ]; 42 ];
diff --git a/modules/private/websites/teliotortay/production.nix b/modules/private/websites/teliotortay/production.nix
index 2c62d10..62762ec 100644
--- a/modules/private/websites/teliotortay/production.nix
+++ b/modules/private/websites/teliotortay/production.nix
@@ -1,6 +1,6 @@
1{ lib, pkgs, config, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 adminer = pkgs.callPackage ../commons/adminer.nix {}; 3 adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; };
4 cfg = config.myServices.websites.telioTortay.production; 4 cfg = config.myServices.websites.telioTortay.production;
5 varDir = "/var/lib/ftp/telio_tortay"; 5 varDir = "/var/lib/ftp/telio_tortay";
6 env = config.myEnv.websites.telioTortay; 6 env = config.myEnv.websites.telioTortay;
@@ -10,7 +10,7 @@ in {
10 config = lib.mkIf cfg.enable { 10 config = lib.mkIf cfg.enable {
11 services.webstats.sites = [ { name = "telio-tortay.immae.eu"; } ]; 11 services.webstats.sites = [ { name = "telio-tortay.immae.eu"; } ];
12 12
13 security.acme2.certs."ftp".extraDomains."telio-tortay.immae.eu" = null; 13 security.acme.certs."ftp".extraDomains."telio-tortay.immae.eu" = null;
14 14
15 system.activationScripts.telio-tortay = { 15 system.activationScripts.telio-tortay = {
16 deps = [ "httpd" ]; 16 deps = [ "httpd" ];
@@ -22,20 +22,19 @@ in {
22 systemd.services.phpfpm-telio-tortay.after = lib.mkAfter [ "mysql.service" ]; 22 systemd.services.phpfpm-telio-tortay.after = lib.mkAfter [ "mysql.service" ];
23 systemd.services.phpfpm-telio-tortay.wants = [ "mysql.service" ]; 23 systemd.services.phpfpm-telio-tortay.wants = [ "mysql.service" ];
24 services.phpfpm.pools.telio-tortay = { 24 services.phpfpm.pools.telio-tortay = {
25 listen = "/run/phpfpm/telio-tortay.sock"; 25 user = "wwwrun";
26 extraConfig = '' 26 group = "wwwrun";
27 user = wwwrun 27 settings = {
28 group = wwwrun 28 "listen.owner" = "wwwrun";
29 listen.owner = wwwrun 29 "listen.group" = "wwwrun";
30 listen.group = wwwrun
31 30
32 pm = ondemand 31 "pm" = "ondemand";
33 pm.max_children = 5 32 "pm.max_children" = "5";
34 pm.process_idle_timeout = 60 33 "pm.process_idle_timeout" = "60";
35 34
36 php_admin_value[open_basedir] = "/var/lib/php/sessions/telio-tortay:${varDir}:/tmp" 35 "php_admin_value[open_basedir]" = "/var/lib/php/sessions/telio-tortay:${varDir}:/tmp";
37 php_admin_value[session.save_path] = "/var/lib/php/sessions/telio-tortay" 36 "php_admin_value[session.save_path]" = "/var/lib/php/sessions/telio-tortay";
38 ''; 37 };
39 phpOptions = config.services.phpfpm.phpOptions + '' 38 phpOptions = config.services.phpfpm.phpOptions + ''
40 disable_functions = "mail" 39 disable_functions = "mail"
41 extension=${pkgs.php}/lib/php/extensions/mysqli.so 40 extension=${pkgs.php}/lib/php/extensions/mysqli.so
@@ -48,7 +47,7 @@ in {
48 hosts = ["telio-tortay.immae.eu" "realistesmedia.fr" "www.realistesmedia.fr" ]; 47 hosts = ["telio-tortay.immae.eu" "realistesmedia.fr" "www.realistesmedia.fr" ];
49 root = varDir; 48 root = varDir;
50 extraConfig = [ 49 extraConfig = [
51 adminer.apache.vhostConf 50 (adminer.apache.vhostConf null)
52 '' 51 ''
53 Use Stats telio-tortay.immae.eu 52 Use Stats telio-tortay.immae.eu
54 ServerAdmin ${env.server_admin} 53 ServerAdmin ${env.server_admin}
@@ -56,7 +55,7 @@ in {
56 CustomLog "${varDir}/logs/access_log" combined 55 CustomLog "${varDir}/logs/access_log" combined
57 56
58 <FilesMatch "\.php$"> 57 <FilesMatch "\.php$">
59 SetHandler "proxy:unix:/run/phpfpm/telio-tortay.sock|fcgi://localhost" 58 SetHandler "proxy:unix:${config.services.phpfpm.pools.telio-tortay.socket}|fcgi://localhost"
60 </FilesMatch> 59 </FilesMatch>
61 60
62 <Directory ${varDir}/logs> 61 <Directory ${varDir}/logs>
diff --git a/modules/private/websites/tools/cloud/default.nix b/modules/private/websites/tools/cloud/default.nix
index 4785074..b9bb32f 100644
--- a/modules/private/websites/tools/cloud/default.nix
+++ b/modules/private/websites/tools/cloud/default.nix
@@ -10,37 +10,34 @@ let
10 basedir = builtins.concatStringsSep ":" ( 10 basedir = builtins.concatStringsSep ":" (
11 [ nextcloud varDir ] 11 [ nextcloud varDir ]
12 ++ builtins.attrValues pkgs.webapps.nextcloud-apps); 12 ++ builtins.attrValues pkgs.webapps.nextcloud-apps);
13 socket = "/var/run/phpfpm/nextcloud.sock";
14 phpConfig = '' 13 phpConfig = ''
15 extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so 14 extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
16 extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so 15 extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
17 zend_extension=${pkgs.php}/lib/php/extensions/opcache.so 16 zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
18 ''; 17 '';
19 pool = '' 18 pool = {
20 user = wwwrun 19 "listen.owner" = "wwwrun";
21 group = wwwrun 20 "listen.group" = "wwwrun";
22 listen.owner = wwwrun 21 "pm" = "ondemand";
23 listen.group = wwwrun 22 "pm.max_children" = "60";
24 pm = ondemand 23 "pm.process_idle_timeout" = "60";
25 pm.max_children = 60
26 pm.process_idle_timeout = 60
27 24
28 php_admin_value[output_buffering] = 0 25 "php_admin_value[output_buffering]" = "0";
29 php_admin_value[max_execution_time] = 1800 26 "php_admin_value[max_execution_time]" = "1800";
30 php_admin_value[zend_extension] = "opcache" 27 "php_admin_value[zend_extension]" = "opcache";
31 ;already enabled by default? 28 #already enabled by default?
32 ;php_value[opcache.enable] = 1 29 #"php_value[opcache.enable]" = "1";
33 php_value[opcache.enable_cli] = 1 30 "php_value[opcache.enable_cli]" = "1";
34 php_value[opcache.interned_strings_buffer] = 8 31 "php_value[opcache.interned_strings_buffer]" = "8";
35 php_value[opcache.max_accelerated_files] = 10000 32 "php_value[opcache.max_accelerated_files]" = "10000";
36 php_value[opcache.memory_consumption] = 128 33 "php_value[opcache.memory_consumption]" = "128";
37 php_value[opcache.save_comments] = 1 34 "php_value[opcache.save_comments]" = "1";
38 php_value[opcache.revalidate_freq] = 1 35 "php_value[opcache.revalidate_freq]" = "1";
39 php_admin_value[memory_limit] = 512M 36 "php_admin_value[memory_limit]" = "512M";
40 37
41 php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:${basedir}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp" 38 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:${basedir}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp";
42 php_admin_value[session.save_path] = "${varDir}/phpSessions" 39 "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
43 ''; 40 };
44 }; 41 };
45in { 42in {
46 options.myServices.websites.tools.cloud = { 43 options.myServices.websites.tools.cloud = {
@@ -71,7 +68,7 @@ in {
71 </IfModule> 68 </IfModule>
72 <FilesMatch "\.php$"> 69 <FilesMatch "\.php$">
73 CGIPassAuth on 70 CGIPassAuth on
74 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 71 SetHandler "proxy:unix:${config.services.phpfpm.pools.nextcloud.socket}|fcgi://localhost"
75 </FilesMatch> 72 </FilesMatch>
76 73
77 </Directory> 74 </Directory>
@@ -171,8 +168,9 @@ in {
171 ''; 168 '';
172 169
173 services.phpfpm.pools.nextcloud = { 170 services.phpfpm.pools.nextcloud = {
174 listen = phpFpm.socket; 171 user = "wwwrun";
175 extraConfig = phpFpm.pool; 172 group = "wwwrun";
173 settings = phpFpm.pool;
176 phpOptions = config.services.phpfpm.phpOptions + phpFpm.phpConfig; 174 phpOptions = config.services.phpfpm.phpOptions + phpFpm.phpConfig;
177 }; 175 };
178 176
diff --git a/modules/private/websites/tools/dav/davical.nix b/modules/private/websites/tools/dav/davical.nix
index 5eb3fab..9d6cd21 100644
--- a/modules/private/websites/tools/dav/davical.nix
+++ b/modules/private/websites/tools/dav/davical.nix
@@ -73,7 +73,7 @@ rec {
73 modules = [ "proxy_fcgi" ]; 73 modules = [ "proxy_fcgi" ];
74 webappName = "tools_davical"; 74 webappName = "tools_davical";
75 root = "/run/current-system/webapps/${webappName}"; 75 root = "/run/current-system/webapps/${webappName}";
76 vhostConf = '' 76 vhostConf = socket: ''
77 Alias /davical "${root}" 77 Alias /davical "${root}"
78 Alias /caldav.php "${root}/caldav.php" 78 Alias /caldav.php "${root}/caldav.php"
79 <Directory "${root}"> 79 <Directory "${root}">
@@ -84,7 +84,7 @@ rec {
84 84
85 <FilesMatch "\.php$"> 85 <FilesMatch "\.php$">
86 CGIPassAuth on 86 CGIPassAuth on
87 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 87 SetHandler "proxy:unix:${socket}|fcgi://localhost"
88 </FilesMatch> 88 </FilesMatch>
89 89
90 RewriteEngine On 90 RewriteEngine On
@@ -111,28 +111,25 @@ rec {
111 phpFpm = rec { 111 phpFpm = rec {
112 serviceDeps = [ "postgresql.service" "openldap.service" ]; 112 serviceDeps = [ "postgresql.service" "openldap.service" ];
113 basedir = builtins.concatStringsSep ":" [ webapp "/var/secrets/webapps/dav-davical" awl ]; 113 basedir = builtins.concatStringsSep ":" [ webapp "/var/secrets/webapps/dav-davical" awl ];
114 socket = "/var/run/phpfpm/davical.sock"; 114 pool = {
115 pool = '' 115 "listen.owner" = apache.user;
116 user = ${apache.user} 116 "listen.group" = apache.group;
117 group = ${apache.group} 117 "pm" = "dynamic";
118 listen.owner = ${apache.user} 118 "pm.max_children" = "60";
119 listen.group = ${apache.group} 119 "pm.start_servers" = "2";
120 pm = dynamic 120 "pm.min_spare_servers" = "1";
121 pm.max_children = 60 121 "pm.max_spare_servers" = "10";
122 pm.start_servers = 2
123 pm.min_spare_servers = 1
124 pm.max_spare_servers = 10
125 122
126 ; Needed to avoid clashes in browser cookies (same domain) 123 # Needed to avoid clashes in browser cookies (same domain)
127 php_value[session.name] = DavicalPHPSESSID 124 "php_value[session.name]" = "DavicalPHPSESSID";
128 php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/davical" 125 "php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/davical";
129 php_admin_value[include_path] = "${awl}/inc:${webapp}/inc" 126 "php_admin_value[include_path]" = "${awl}/inc:${webapp}/inc";
130 php_admin_value[session.save_path] = "/var/lib/php/sessions/davical" 127 "php_admin_value[session.save_path]" = "/var/lib/php/sessions/davical";
131 php_flag[magic_quotes_gpc] = Off 128 "php_flag[magic_quotes_gpc]" = "Off";
132 php_flag[register_globals] = Off 129 "php_flag[register_globals]" = "Off";
133 php_admin_value[error_reporting] = "E_ALL & ~E_NOTICE" 130 "php_admin_value[error_reporting]" = "E_ALL & ~E_NOTICE";
134 php_admin_value[default_charset] = "utf-8" 131 "php_admin_value[default_charset]" = "utf-8";
135 php_flag[magic_quotes_runtime] = Off 132 "php_flag[magic_quotes_runtime]" = "Off";
136 ''; 133 };
137 }; 134 };
138} 135}
diff --git a/modules/private/websites/tools/dav/default.nix b/modules/private/websites/tools/dav/default.nix
index 0012965..30a562c 100644
--- a/modules/private/websites/tools/dav/default.nix
+++ b/modules/private/websites/tools/dav/default.nix
@@ -38,14 +38,15 @@ in {
38 root = "/run/current-system/webapps/_dav"; 38 root = "/run/current-system/webapps/_dav";
39 extraConfig = [ 39 extraConfig = [
40 infcloud.vhostConf 40 infcloud.vhostConf
41 davical.apache.vhostConf 41 (davical.apache.vhostConf config.services.phpfpm.pools.davical.socket)
42 ]; 42 ];
43 }; 43 };
44 44
45 services.phpfpm.pools = { 45 services.phpfpm.pools = {
46 davical = { 46 davical = {
47 listen = davical.phpFpm.socket; 47 user = config.services.httpd.Tools.user;
48 extraConfig = davical.phpFpm.pool; 48 group = config.services.httpd.Tools.group;
49 settings = davical.phpFpm.pool;
49 }; 50 };
50 }; 51 };
51 52
diff --git a/modules/private/websites/tools/db/default.nix b/modules/private/websites/tools/db/default.nix
index 60592e5..fc8d989 100644
--- a/modules/private/websites/tools/db/default.nix
+++ b/modules/private/websites/tools/db/default.nix
@@ -1,6 +1,6 @@
1{ lib, pkgs, config, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 adminer = pkgs.callPackage ../../commons/adminer.nix {}; 3 adminer = pkgs.callPackage ../../commons/adminer.nix { inherit config; };
4 4
5 cfg = config.myServices.websites.tools.db; 5 cfg = config.myServices.websites.tools.db;
6in { 6in {
@@ -15,7 +15,7 @@ in {
15 addToCerts = true; 15 addToCerts = true;
16 hosts = ["db-1.immae.eu" ]; 16 hosts = ["db-1.immae.eu" ];
17 root = null; 17 root = null;
18 extraConfig = [ adminer.apache.vhostConf ]; 18 extraConfig = [ (adminer.apache.vhostConf null) ];
19 }; 19 };
20 }; 20 };
21} 21}
diff --git a/modules/private/websites/tools/git/default.nix b/modules/private/websites/tools/git/default.nix
index 054e47b..56e4401 100644
--- a/modules/private/websites/tools/git/default.nix
+++ b/modules/private/websites/tools/git/default.nix
@@ -30,7 +30,7 @@ in {
30 root = gitweb.apache.root; 30 root = gitweb.apache.root;
31 extraConfig = [ 31 extraConfig = [
32 gitweb.apache.vhostConf 32 gitweb.apache.vhostConf
33 mantisbt.apache.vhostConf 33 (mantisbt.apache.vhostConf config.services.phpfpm.pools.mantisbt.socket)
34 '' 34 ''
35 RewriteEngine on 35 RewriteEngine on
36 RewriteCond %{REQUEST_URI} ^/releases 36 RewriteCond %{REQUEST_URI} ^/releases
@@ -40,8 +40,9 @@ in {
40 }; 40 };
41 services.phpfpm.pools = { 41 services.phpfpm.pools = {
42 mantisbt = { 42 mantisbt = {
43 listen = mantisbt.phpFpm.socket; 43 user = config.services.httpd.Tools.user;
44 extraConfig = mantisbt.phpFpm.pool; 44 group = config.services.httpd.Tools.group;
45 settings = mantisbt.phpFpm.pool;
45 }; 46 };
46 }; 47 };
47 }; 48 };
diff --git a/modules/private/websites/tools/git/mantisbt.nix b/modules/private/websites/tools/git/mantisbt.nix
index d75b022..50851aa 100644
--- a/modules/private/websites/tools/git/mantisbt.nix
+++ b/modules/private/websites/tools/git/mantisbt.nix
@@ -53,12 +53,12 @@ rec {
53 modules = [ "proxy_fcgi" ]; 53 modules = [ "proxy_fcgi" ];
54 webappName = "tools_mantisbt"; 54 webappName = "tools_mantisbt";
55 root = "/run/current-system/webapps/${webappName}"; 55 root = "/run/current-system/webapps/${webappName}";
56 vhostConf = '' 56 vhostConf = socket: ''
57 Alias /mantisbt "${root}" 57 Alias /mantisbt "${root}"
58 <Directory "${root}"> 58 <Directory "${root}">
59 DirectoryIndex index.php 59 DirectoryIndex index.php
60 <FilesMatch "\.php$"> 60 <FilesMatch "\.php$">
61 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 61 SetHandler "proxy:unix:${socket}|fcgi://localhost"
62 </FilesMatch> 62 </FilesMatch>
63 63
64 AllowOverride All 64 AllowOverride All
@@ -76,20 +76,17 @@ rec {
76 basedir = builtins.concatStringsSep ":" ( 76 basedir = builtins.concatStringsSep ":" (
77 [ webRoot "/var/secrets/webapps/tools-mantisbt" ] 77 [ webRoot "/var/secrets/webapps/tools-mantisbt" ]
78 ++ webRoot.plugins); 78 ++ webRoot.plugins);
79 socket = "/var/run/phpfpm/mantisbt.sock"; 79 pool = {
80 pool = '' 80 "listen.owner" = apache.user;
81 user = ${apache.user} 81 "listen.group" = apache.group;
82 group = ${apache.group} 82 "pm" = "ondemand";
83 listen.owner = ${apache.user} 83 "pm.max_children" = "60";
84 listen.group = ${apache.group} 84 "pm.process_idle_timeout" = "60";
85 pm = ondemand
86 pm.max_children = 60
87 pm.process_idle_timeout = 60
88 85
89 php_admin_value[upload_max_filesize] = 5000000 86 "php_admin_value[upload_max_filesize]" = "5000000";
90 87
91 php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/mantisbt" 88 "php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/mantisbt";
92 php_admin_value[session.save_path] = "/var/lib/php/sessions/mantisbt" 89 "php_admin_value[session.save_path]" = "/var/lib/php/sessions/mantisbt";
93 ''; 90 };
94 }; 91 };
95} 92}
diff --git a/modules/private/websites/tools/mail/default.nix b/modules/private/websites/tools/mail/default.nix
index bb36042..1f7f7bf 100644
--- a/modules/private/websites/tools/mail/default.nix
+++ b/modules/private/websites/tools/mail/default.nix
@@ -6,6 +6,7 @@ let
6 }; 6 };
7 rainloop = pkgs.callPackage ./rainloop.nix {}; 7 rainloop = pkgs.callPackage ./rainloop.nix {};
8 cfg = config.myServices.websites.tools.email; 8 cfg = config.myServices.websites.tools.email;
9 pcfg = config.services.phpfpm.pools;
9in 10in
10{ 11{
11 options.myServices.websites.tools.email = { 12 options.myServices.websites.tools.email = {
@@ -34,8 +35,8 @@ in
34 hosts = ["mail.immae.eu"]; 35 hosts = ["mail.immae.eu"];
35 root = "/run/current-system/webapps/_mail"; 36 root = "/run/current-system/webapps/_mail";
36 extraConfig = [ 37 extraConfig = [
37 rainloop.apache.vhostConf 38 (rainloop.apache.vhostConf pcfg.rainloop.socket)
38 roundcubemail.apache.vhostConf 39 (roundcubemail.apache.vhostConf pcfg.roundcubemail.socket)
39 '' 40 ''
40 <Directory /run/current-system/webapps/_mail> 41 <Directory /run/current-system/webapps/_mail>
41 Require all granted 42 Require all granted
@@ -56,13 +57,15 @@ in
56 }; 57 };
57 58
58 services.phpfpm.pools.roundcubemail = { 59 services.phpfpm.pools.roundcubemail = {
59 listen = roundcubemail.phpFpm.socket; 60 user = "wwwrun";
60 extraConfig = roundcubemail.phpFpm.pool; 61 group = "wwwrun";
62 settings = roundcubemail.phpFpm.pool;
61 phpOptions = config.services.phpfpm.phpOptions + roundcubemail.phpFpm.phpConfig; 63 phpOptions = config.services.phpfpm.phpOptions + roundcubemail.phpFpm.phpConfig;
62 }; 64 };
63 services.phpfpm.pools.rainloop = { 65 services.phpfpm.pools.rainloop = {
64 listen = rainloop.phpFpm.socket; 66 user = "wwwrun";
65 extraConfig = rainloop.phpFpm.pool; 67 group = "wwwrun";
68 settings = rainloop.phpFpm.pool;
66 }; 69 };
67 system.activationScripts = { 70 system.activationScripts = {
68 roundcubemail = roundcubemail.activationScript; 71 roundcubemail = roundcubemail.activationScript;
diff --git a/modules/private/websites/tools/mail/rainloop.nix b/modules/private/websites/tools/mail/rainloop.nix
index 2dad46e..9b1f0c5 100644
--- a/modules/private/websites/tools/mail/rainloop.nix
+++ b/modules/private/websites/tools/mail/rainloop.nix
@@ -16,7 +16,7 @@ rec {
16 modules = [ "proxy_fcgi" ]; 16 modules = [ "proxy_fcgi" ];
17 webappName = "tools_rainloop"; 17 webappName = "tools_rainloop";
18 root = "/run/current-system/webapps/${webappName}"; 18 root = "/run/current-system/webapps/${webappName}";
19 vhostConf = '' 19 vhostConf = socket: ''
20 Alias /rainloop "${root}" 20 Alias /rainloop "${root}"
21 <Directory "${root}"> 21 <Directory "${root}">
22 DirectoryIndex index.php 22 DirectoryIndex index.php
@@ -25,7 +25,7 @@ rec {
25 Require all granted 25 Require all granted
26 26
27 <FilesMatch "\.php$"> 27 <FilesMatch "\.php$">
28 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 28 SetHandler "proxy:unix:${socket}|fcgi://localhost"
29 </FilesMatch> 29 </FilesMatch>
30 </Directory> 30 </Directory>
31 31
@@ -37,22 +37,19 @@ rec {
37 phpFpm = rec { 37 phpFpm = rec {
38 serviceDeps = [ "postgresql.service" ]; 38 serviceDeps = [ "postgresql.service" ];
39 basedir = builtins.concatStringsSep ":" [ webRoot varDir ]; 39 basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
40 socket = "/var/run/phpfpm/rainloop.sock"; 40 pool = {
41 pool = '' 41 "listen.owner" = apache.user;
42 user = ${apache.user} 42 "listen.group" = apache.group;
43 group = ${apache.group} 43 "pm" = "ondemand";
44 listen.owner = ${apache.user} 44 "pm.max_children" = "60";
45 listen.group = ${apache.group} 45 "pm.process_idle_timeout" = "60";
46 pm = ondemand
47 pm.max_children = 60
48 pm.process_idle_timeout = 60
49 46
50 ; Needed to avoid clashes in browser cookies (same domain) 47 # Needed to avoid clashes in browser cookies (same domain)
51 php_value[session.name] = RainloopPHPSESSID 48 "php_value[session.name]" = "RainloopPHPSESSID";
52 php_admin_value[upload_max_filesize] = 200M 49 "php_admin_value[upload_max_filesize]" = "200M";
53 php_admin_value[post_max_size] = 200M 50 "php_admin_value[post_max_size]" = "200M";
54 php_admin_value[open_basedir] = "${basedir}:/tmp" 51 "php_admin_value[open_basedir]" = "${basedir}:/tmp";
55 php_admin_value[session.save_path] = "${varDir}/phpSessions" 52 "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
56 ''; 53 };
57 }; 54 };
58} 55}
diff --git a/modules/private/websites/tools/mail/roundcubemail.nix b/modules/private/websites/tools/mail/roundcubemail.nix
index 35de312..0b35d02 100644
--- a/modules/private/websites/tools/mail/roundcubemail.nix
+++ b/modules/private/websites/tools/mail/roundcubemail.nix
@@ -83,7 +83,7 @@ rec {
83 modules = [ "proxy_fcgi" ]; 83 modules = [ "proxy_fcgi" ];
84 webappName = "tools_roundcubemail"; 84 webappName = "tools_roundcubemail";
85 root = "/run/current-system/webapps/${webappName}"; 85 root = "/run/current-system/webapps/${webappName}";
86 vhostConf = '' 86 vhostConf = socket: ''
87 Alias /roundcube "${root}" 87 Alias /roundcube "${root}"
88 <Directory "${root}"> 88 <Directory "${root}">
89 DirectoryIndex index.php 89 DirectoryIndex index.php
@@ -92,7 +92,7 @@ rec {
92 Require all granted 92 Require all granted
93 93
94 <FilesMatch "\.php$"> 94 <FilesMatch "\.php$">
95 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 95 SetHandler "proxy:unix:${socket}|fcgi://localhost"
96 </FilesMatch> 96 </FilesMatch>
97 </Directory> 97 </Directory>
98 ''; 98 '';
@@ -107,22 +107,19 @@ rec {
107 date.timezone = 'CET' 107 date.timezone = 'CET'
108 extension=${phpPackages.imagick}/lib/php/extensions/imagick.so 108 extension=${phpPackages.imagick}/lib/php/extensions/imagick.so
109 ''; 109 '';
110 socket = "/var/run/phpfpm/roundcubemail.sock"; 110 pool = {
111 pool = '' 111 "listen.owner" = apache.user;
112 user = ${apache.user} 112 "listen.group" = apache.group;
113 group = ${apache.group} 113 "pm" = "ondemand";
114 listen.owner = ${apache.user} 114 "pm.max_children" = "60";
115 listen.group = ${apache.group} 115 "pm.process_idle_timeout" = "60";
116 pm = ondemand
117 pm.max_children = 60
118 pm.process_idle_timeout = 60
119 116
120 ; Needed to avoid clashes in browser cookies (same domain) 117 # Needed to avoid clashes in browser cookies (same domain)
121 php_value[session.name] = RoundcubemailPHPSESSID 118 "php_value[session.name]" = "RoundcubemailPHPSESSID";
122 php_admin_value[upload_max_filesize] = 200M 119 "php_admin_value[upload_max_filesize]" = "200M";
123 php_admin_value[post_max_size] = 200M 120 "php_admin_value[post_max_size]" = "200M";
124 php_admin_value[open_basedir] = "${basedir}:${apacheHttpd}/conf/mime.types:/tmp" 121 "php_admin_value[open_basedir]" = "${basedir}:${apacheHttpd}/conf/mime.types:/tmp";
125 php_admin_value[session.save_path] = "${varDir}/phpSessions" 122 "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
126 ''; 123 };
127 }; 124 };
128} 125}
diff --git a/modules/private/websites/tools/tools/adminer.nix b/modules/private/websites/tools/tools/adminer.nix
index 907e37f..52a132c 100644
--- a/modules/private/websites/tools/tools/adminer.nix
+++ b/modules/private/websites/tools/tools/adminer.nix
@@ -1,4 +1,4 @@
1{ adminer }: 1{ adminer, php73, forcePhpSocket ? null }:
2rec { 2rec {
3 activationScript = { 3 activationScript = {
4 deps = [ "httpd" ]; 4 deps = [ "httpd" ];
@@ -9,22 +9,33 @@ rec {
9 }; 9 };
10 webRoot = adminer; 10 webRoot = adminer;
11 phpFpm = rec { 11 phpFpm = rec {
12 socket = "/var/run/phpfpm/adminer.sock"; 12 user = apache.user;
13 pool = '' 13 group = apache.group;
14 user = ${apache.user} 14 phpPackage = (php73.override {
15 group = ${apache.group} 15 config.php.mysqlnd = true;
16 listen.owner = ${apache.user} 16 config.php.mysqli = false;
17 listen.group = ${apache.group} 17 config.php.pdo-mysql = false;
18 pm = ondemand 18 }).overrideAttrs(old: rec {
19 pm.max_children = 5 19 configureFlags = old.configureFlags ++ [
20 pm.process_idle_timeout = 60 20 "--with-mysqli=shared,mysqlnd"
21 ;php_admin_flag[log_errors] = on 21 ];
22 ; Needed to avoid clashes in browser cookies (same domain) 22 });
23 php_value[session.name] = AdminerPHPSESSID 23 phpOptions = ''
24 php_admin_value[open_basedir] = "${webRoot}:/tmp:/var/lib/php/sessions/adminer:/var/lib/php/tmp/adminer" 24 extension=${phpPackage}/lib/php/extensions/mysqli.so
25 php_admin_value[session.save_path] = "/var/lib/php/sessions/adminer" 25 '';
26 php_admin_value[upload_tmp_dir] = "/var/lib/php/tmp/adminer" 26 settings = {
27 ''; 27 "listen.owner" = apache.user;
28 "listen.group" = apache.group;
29 "pm" = "ondemand";
30 "pm.max_children" = "5";
31 "pm.process_idle_timeout" = "60";
32 #"php_admin_flag[log_errors]" = "on";
33 # Needed to avoid clashes in browser cookies (same domain)
34 "php_value[session.name]" = "AdminerPHPSESSID";
35 "php_admin_value[open_basedir]" = "${webRoot}:/tmp:/var/lib/php/sessions/adminer:/var/lib/php/tmp/adminer";
36 "php_admin_value[session.save_path]" = "/var/lib/php/sessions/adminer";
37 "php_admin_value[upload_tmp_dir]" = "/var/lib/php/tmp/adminer";
38 };
28 }; 39 };
29 apache = rec { 40 apache = rec {
30 user = "wwwrun"; 41 user = "wwwrun";
@@ -32,12 +43,12 @@ rec {
32 modules = [ "proxy_fcgi" ]; 43 modules = [ "proxy_fcgi" ];
33 webappName = "_adminer"; 44 webappName = "_adminer";
34 root = "/run/current-system/webapps/${webappName}"; 45 root = "/run/current-system/webapps/${webappName}";
35 vhostConf = '' 46 vhostConf = socket: ''
36 Alias /adminer ${root} 47 Alias /adminer ${root}
37 <Directory ${root}> 48 <Directory ${root}>
38 DirectoryIndex index.php 49 DirectoryIndex index.php
39 <FilesMatch "\.php$"> 50 <FilesMatch "\.php$">
40 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 51 SetHandler "proxy:unix:${if forcePhpSocket != null then forcePhpSocket else socket}|fcgi://localhost"
41 </FilesMatch> 52 </FilesMatch>
42 53
43 Use LDAPConnect 54 Use LDAPConnect
diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix
index 5dc0981..5e0d446 100644
--- a/modules/private/websites/tools/tools/default.nix
+++ b/modules/private/websites/tools/tools/default.nix
@@ -40,6 +40,7 @@ let
40 }; 40 };
41 41
42 cfg = config.myServices.websites.tools.tools; 42 cfg = config.myServices.websites.tools.tools;
43 pcfg = config.services.phpfpm.pools;
43in { 44in {
44 options.myServices.websites.tools.tools = { 45 options.myServices.websites.tools.tools = {
45 enable = lib.mkEnableOption "enable tools website"; 46 enable = lib.mkEnableOption "enable tools website";
@@ -92,7 +93,7 @@ in {
92 AllowOverride all 93 AllowOverride all
93 Require all granted 94 Require all granted
94 <FilesMatch "\.php$"> 95 <FilesMatch "\.php$">
95 SetHandler "proxy:unix:/var/run/phpfpm/devtools.sock|fcgi://localhost" 96 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
96 </FilesMatch> 97 </FilesMatch>
97 </Directory> 98 </Directory>
98 '' 99 ''
@@ -115,21 +116,21 @@ in {
115 AllowOverride all 116 AllowOverride all
116 Require all granted 117 Require all granted
117 <FilesMatch "\.php$"> 118 <FilesMatch "\.php$">
118 SetHandler "proxy:unix:/var/run/phpfpm/tools.sock|fcgi://localhost" 119 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
119 </FilesMatch> 120 </FilesMatch>
120 </Directory> 121 </Directory>
121 '' 122 ''
122 adminer.apache.vhostConf 123 (adminer.apache.vhostConf pcfg.adminer.socket)
123 ympd.apache.vhostConf 124 ympd.apache.vhostConf
124 ttrss.apache.vhostConf 125 (ttrss.apache.vhostConf pcfg.ttrss.socket)
125 wallabag.apache.vhostConf 126 (wallabag.apache.vhostConf pcfg.wallabag.socket)
126 yourls.apache.vhostConf 127 (yourls.apache.vhostConf pcfg.yourls.socket)
127 rompr.apache.vhostConf 128 (rompr.apache.vhostConf pcfg.rompr.socket)
128 shaarli.apache.vhostConf 129 (shaarli.apache.vhostConf pcfg.shaarli.socket)
129 dokuwiki.apache.vhostConf 130 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
130 ldap.apache.vhostConf 131 (ldap.apache.vhostConf pcfg.ldap.socket)
131 kanboard.apache.vhostConf 132 (kanboard.apache.vhostConf pcfg.kanboard.socket)
132 grocy.apache.vhostConf 133 (grocy.apache.vhostConf pcfg.grocy.socket)
133 ]; 134 ];
134 }; 135 };
135 136
@@ -226,38 +227,36 @@ in {
226 227
227 services.phpfpm.pools = { 228 services.phpfpm.pools = {
228 tools = { 229 tools = {
229 listen = "/var/run/phpfpm/tools.sock"; 230 user = "wwwrun";
230 extraConfig = '' 231 group = "wwwrun";
231 user = wwwrun 232 settings = {
232 group = wwwrun 233 "listen.owner" = "wwwrun";
233 listen.owner = wwwrun 234 "listen.group" = "wwwrun";
234 listen.group = wwwrun 235 "pm" = "dynamic";
235 pm = dynamic 236 "pm.max_children" = "60";
236 pm.max_children = 60 237 "pm.start_servers" = "2";
237 pm.start_servers = 2 238 "pm.min_spare_servers" = "1";
238 pm.min_spare_servers = 1 239 "pm.max_spare_servers" = "10";
239 pm.max_spare_servers = 10
240 240
241 ; Needed to avoid clashes in browser cookies (same domain) 241 # Needed to avoid clashes in browser cookies (same domain)
242 php_value[session.name] = ToolsPHPSESSID 242 "php_value[session.name]" = "ToolsPHPSESSID";
243 php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp" 243 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp";
244 ''; 244 };
245 }; 245 };
246 devtools = { 246 devtools = {
247 listen = "/var/run/phpfpm/devtools.sock"; 247 user = "wwwrun";
248 extraConfig = '' 248 group = "wwwrun";
249 user = wwwrun 249 settings = {
250 group = wwwrun 250 "listen.owner" = "wwwrun";
251 listen.owner = wwwrun 251 "listen.group" = "wwwrun";
252 listen.group = wwwrun 252 "pm" = "dynamic";
253 pm = dynamic 253 "pm.max_children" = "60";
254 pm.max_children = 60 254 "pm.start_servers" = "2";
255 pm.start_servers = 2 255 "pm.min_spare_servers" = "1";
256 pm.min_spare_servers = 1 256 "pm.max_spare_servers" = "10";
257 pm.max_spare_servers = 10
258 257
259 php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp" 258 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
260 ''; 259 };
261 phpOptions = config.services.phpfpm.phpOptions + '' 260 phpOptions = config.services.phpfpm.phpOptions + ''
262 extension=${pkgs.php}/lib/php/extensions/mysqli.so 261 extension=${pkgs.php}/lib/php/extensions/mysqli.so
263 extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so 262 extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
@@ -265,45 +264,51 @@ in {
265 zend_extension=${pkgs.php}/lib/php/extensions/opcache.so 264 zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
266 ''; 265 '';
267 }; 266 };
268 adminer = { 267 adminer = adminer.phpFpm;
269 listen = adminer.phpFpm.socket;
270 extraConfig = adminer.phpFpm.pool;
271 };
272 ttrss = { 268 ttrss = {
273 listen = ttrss.phpFpm.socket; 269 user = "wwwrun";
274 extraConfig = ttrss.phpFpm.pool; 270 group = "wwwrun";
271 settings = ttrss.phpFpm.pool;
275 }; 272 };
276 wallabag = { 273 wallabag = {
277 listen = wallabag.phpFpm.socket; 274 user = "wwwrun";
278 extraConfig = wallabag.phpFpm.pool; 275 group = "wwwrun";
276 settings = wallabag.phpFpm.pool;
279 }; 277 };
280 yourls = { 278 yourls = {
281 listen = yourls.phpFpm.socket; 279 user = "wwwrun";
282 extraConfig = yourls.phpFpm.pool; 280 group = "wwwrun";
281 settings = yourls.phpFpm.pool;
283 }; 282 };
284 rompr = { 283 rompr = {
285 listen = rompr.phpFpm.socket; 284 user = "wwwrun";
286 extraConfig = rompr.phpFpm.pool; 285 group = "wwwrun";
286 settings = rompr.phpFpm.pool;
287 }; 287 };
288 shaarli = { 288 shaarli = {
289 listen = shaarli.phpFpm.socket; 289 user = "wwwrun";
290 extraConfig = shaarli.phpFpm.pool; 290 group = "wwwrun";
291 settings = shaarli.phpFpm.pool;
291 }; 292 };
292 dokuwiki = { 293 dokuwiki = {
293 listen = dokuwiki.phpFpm.socket; 294 user = "wwwrun";
294 extraConfig = dokuwiki.phpFpm.pool; 295 group = "wwwrun";
296 settings = dokuwiki.phpFpm.pool;
295 }; 297 };
296 ldap = { 298 ldap = {
297 listen = ldap.phpFpm.socket; 299 user = "wwwrun";
298 extraConfig = ldap.phpFpm.pool; 300 group = "wwwrun";
301 settings = ldap.phpFpm.pool;
299 }; 302 };
300 kanboard = { 303 kanboard = {
301 listen = kanboard.phpFpm.socket; 304 user = "wwwrun";
302 extraConfig = kanboard.phpFpm.pool; 305 group = "wwwrun";
306 settings = kanboard.phpFpm.pool;
303 }; 307 };
304 grocy = { 308 grocy = {
305 listen = grocy.phpFpm.socket; 309 user = "wwwrun";
306 extraConfig = grocy.phpFpm.pool; 310 group = "wwwrun";
311 settings = grocy.phpFpm.pool;
307 }; 312 };
308 }; 313 };
309 314
diff --git a/modules/private/websites/tools/tools/dokuwiki.nix b/modules/private/websites/tools/tools/dokuwiki.nix
index d66e85d..26c04b7 100644
--- a/modules/private/websites/tools/tools/dokuwiki.nix
+++ b/modules/private/websites/tools/tools/dokuwiki.nix
@@ -26,12 +26,12 @@ rec {
26 modules = [ "proxy_fcgi" ]; 26 modules = [ "proxy_fcgi" ];
27 webappName = "tools_dokuwiki"; 27 webappName = "tools_dokuwiki";
28 root = "/run/current-system/webapps/${webappName}"; 28 root = "/run/current-system/webapps/${webappName}";
29 vhostConf = '' 29 vhostConf = socket: ''
30 Alias /dokuwiki "${root}" 30 Alias /dokuwiki "${root}"
31 <Directory "${root}"> 31 <Directory "${root}">
32 DirectoryIndex index.php 32 DirectoryIndex index.php
33 <FilesMatch "\.php$"> 33 <FilesMatch "\.php$">
34 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 34 SetHandler "proxy:unix:${socket}|fcgi://localhost"
35 </FilesMatch> 35 </FilesMatch>
36 36
37 AllowOverride All 37 AllowOverride All
@@ -44,20 +44,17 @@ rec {
44 serviceDeps = [ "openldap.service" ]; 44 serviceDeps = [ "openldap.service" ];
45 basedir = builtins.concatStringsSep ":" ( 45 basedir = builtins.concatStringsSep ":" (
46 [ webRoot varDir ] ++ webRoot.plugins); 46 [ webRoot varDir ] ++ webRoot.plugins);
47 socket = "/var/run/phpfpm/dokuwiki.sock"; 47 pool = {
48 pool = '' 48 "listen.owner" = apache.user;
49 user = ${apache.user} 49 "listen.group" = apache.group;
50 group = ${apache.group} 50 "pm" = "ondemand";
51 listen.owner = ${apache.user} 51 "pm.max_children" = "60";
52 listen.group = ${apache.group} 52 "pm.process_idle_timeout" = "60";
53 pm = ondemand
54 pm.max_children = 60
55 pm.process_idle_timeout = 60
56 53
57 ; Needed to avoid clashes in browser cookies (same domain) 54 # Needed to avoid clashes in browser cookies (same domain)
58 php_value[session.name] = DokuwikiPHPSESSID 55 "php_value[session.name]" = "DokuwikiPHPSESSID";
59 php_admin_value[open_basedir] = "${basedir}:/tmp" 56 "php_admin_value[open_basedir]" = "${basedir}:/tmp";
60 php_admin_value[session.save_path] = "${varDir}/phpSessions" 57 "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
61 ''; 58 };
62 }; 59 };
63} 60}
diff --git a/modules/private/websites/tools/tools/grocy.nix b/modules/private/websites/tools/tools/grocy.nix
index 1b8da20..a98d8ac 100644
--- a/modules/private/websites/tools/tools/grocy.nix
+++ b/modules/private/websites/tools/tools/grocy.nix
@@ -18,12 +18,12 @@ rec {
18 modules = [ "proxy_fcgi" ]; 18 modules = [ "proxy_fcgi" ];
19 webappName = "tools_grocy"; 19 webappName = "tools_grocy";
20 root = "/run/current-system/webapps/${webappName}"; 20 root = "/run/current-system/webapps/${webappName}";
21 vhostConf = '' 21 vhostConf = socket: ''
22 Alias /grocy "${root}" 22 Alias /grocy "${root}"
23 <Directory "${root}"> 23 <Directory "${root}">
24 DirectoryIndex index.php 24 DirectoryIndex index.php
25 <FilesMatch "\.php$"> 25 <FilesMatch "\.php$">
26 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 26 SetHandler "proxy:unix:${socket}|fcgi://localhost"
27 </FilesMatch> 27 </FilesMatch>
28 28
29 AllowOverride All 29 AllowOverride All
@@ -35,21 +35,18 @@ rec {
35 phpFpm = rec { 35 phpFpm = rec {
36 basedir = builtins.concatStringsSep ":" ( 36 basedir = builtins.concatStringsSep ":" (
37 [ grocy grocy.yarnModules varDir ]); 37 [ grocy grocy.yarnModules varDir ]);
38 socket = "/var/run/phpfpm/grocy.sock"; 38 pool = {
39 pool = '' 39 "listen.owner" = apache.user;
40 user = ${apache.user} 40 "listen.group" = apache.group;
41 group = ${apache.group} 41 "pm" = "ondemand";
42 listen.owner = ${apache.user} 42 "pm.max_children" = "60";
43 listen.group = ${apache.group} 43 "pm.process_idle_timeout" = "60";
44 pm = ondemand
45 pm.max_children = 60
46 pm.process_idle_timeout = 60
47 44
48 ; Needed to avoid clashes in browser cookies (same domain) 45 # Needed to avoid clashes in browser cookies (same domain)
49 php_value[session.name] = grocyPHPSESSID 46 "php_value[session.name]" = "grocyPHPSESSID";
50 php_admin_value[open_basedir] = "${basedir}:/tmp" 47 "php_admin_value[open_basedir]" = "${basedir}:/tmp";
51 php_admin_value[session.save_path] = "${varDir}/phpSessions" 48 "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
52 ''; 49 };
53 }; 50 };
54} 51}
55 52
diff --git a/modules/private/websites/tools/tools/kanboard.nix b/modules/private/websites/tools/tools/kanboard.nix
index 1880cbd..0f6fefc 100644
--- a/modules/private/websites/tools/tools/kanboard.nix
+++ b/modules/private/websites/tools/tools/kanboard.nix
@@ -49,7 +49,7 @@ rec {
49 modules = [ "proxy_fcgi" ]; 49 modules = [ "proxy_fcgi" ];
50 webappName = "tools_kanboard"; 50 webappName = "tools_kanboard";
51 root = "/run/current-system/webapps/${webappName}"; 51 root = "/run/current-system/webapps/${webappName}";
52 vhostConf = '' 52 vhostConf = socket: ''
53 Alias /kanboard "${root}" 53 Alias /kanboard "${root}"
54 <Directory "${root}"> 54 <Directory "${root}">
55 DirectoryIndex index.php 55 DirectoryIndex index.php
@@ -58,7 +58,7 @@ rec {
58 Require all granted 58 Require all granted
59 59
60 <FilesMatch "\.php$"> 60 <FilesMatch "\.php$">
61 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 61 SetHandler "proxy:unix:${socket}|fcgi://localhost"
62 </FilesMatch> 62 </FilesMatch>
63 </Directory> 63 </Directory>
64 <DirectoryMatch "${root}/data"> 64 <DirectoryMatch "${root}/data">
@@ -69,20 +69,17 @@ rec {
69 phpFpm = rec { 69 phpFpm = rec {
70 serviceDeps = [ "postgresql.service" "openldap.service" ]; 70 serviceDeps = [ "postgresql.service" "openldap.service" ];
71 basedir = builtins.concatStringsSep ":" [ webRoot varDir "/var/secrets/webapps/tools-kanboard" ]; 71 basedir = builtins.concatStringsSep ":" [ webRoot varDir "/var/secrets/webapps/tools-kanboard" ];
72 socket = "/var/run/phpfpm/kanboard.sock"; 72 pool = {
73 pool = '' 73 "listen.owner" = apache.user;
74 user = ${apache.user} 74 "listen.group" = apache.group;
75 group = ${apache.group} 75 "pm" = "ondemand";
76 listen.owner = ${apache.user} 76 "pm.max_children" = "60";
77 listen.group = ${apache.group} 77 "pm.process_idle_timeout" = "60";
78 pm = ondemand
79 pm.max_children = 60
80 pm.process_idle_timeout = 60
81 78
82 ; Needed to avoid clashes in browser cookies (same domain) 79 # Needed to avoid clashes in browser cookies (same domain)
83 php_value[session.name] = KanboardPHPSESSID 80 "php_value[session.name]" = "KanboardPHPSESSID";
84 php_admin_value[open_basedir] = "${basedir}:/tmp" 81 "php_admin_value[open_basedir]" = "${basedir}:/tmp";
85 php_admin_value[session.save_path] = "${varDir}/phpSessions" 82 "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
86 ''; 83 };
87 }; 84 };
88} 85}
diff --git a/modules/private/websites/tools/tools/ldap.nix b/modules/private/websites/tools/tools/ldap.nix
index e58a9bd..0c1a21f 100644
--- a/modules/private/websites/tools/tools/ldap.nix
+++ b/modules/private/websites/tools/tools/ldap.nix
@@ -39,12 +39,12 @@ rec {
39 modules = [ "proxy_fcgi" ]; 39 modules = [ "proxy_fcgi" ];
40 webappName = "tools_ldap"; 40 webappName = "tools_ldap";
41 root = "/run/current-system/webapps/${webappName}"; 41 root = "/run/current-system/webapps/${webappName}";
42 vhostConf = '' 42 vhostConf = socket: ''
43 Alias /ldap "${root}" 43 Alias /ldap "${root}"
44 <Directory "${root}"> 44 <Directory "${root}">
45 DirectoryIndex index.php 45 DirectoryIndex index.php
46 <FilesMatch "\.php$"> 46 <FilesMatch "\.php$">
47 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 47 SetHandler "proxy:unix:${socket}|fcgi://localhost"
48 </FilesMatch> 48 </FilesMatch>
49 49
50 AllowOverride None 50 AllowOverride None
@@ -55,20 +55,17 @@ rec {
55 phpFpm = rec { 55 phpFpm = rec {
56 serviceDeps = [ "openldap.service" ]; 56 serviceDeps = [ "openldap.service" ];
57 basedir = builtins.concatStringsSep ":" [ webRoot "/var/secrets/webapps/tools-ldap" ]; 57 basedir = builtins.concatStringsSep ":" [ webRoot "/var/secrets/webapps/tools-ldap" ];
58 socket = "/var/run/phpfpm/ldap.sock"; 58 pool = {
59 pool = '' 59 "listen.owner" = apache.user;
60 user = ${apache.user} 60 "listen.group" = apache.group;
61 group = ${apache.group} 61 "pm" = "ondemand";
62 listen.owner = ${apache.user} 62 "pm.max_children" = "60";
63 listen.group = ${apache.group} 63 "pm.process_idle_timeout" = "60";
64 pm = ondemand
65 pm.max_children = 60
66 pm.process_idle_timeout = 60
67 64
68 ; Needed to avoid clashes in browser cookies (same domain) 65 # Needed to avoid clashes in browser cookies (same domain)
69 php_value[session.name] = LdapPHPSESSID 66 "php_value[session.name]" = "LdapPHPSESSID";
70 php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/phpldapadmin" 67 "php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/phpldapadmin";
71 php_admin_value[session.save_path] = "/var/lib/php/sessions/phpldapadmin" 68 "php_admin_value[session.save_path]" = "/var/lib/php/sessions/phpldapadmin";
72 ''; 69 };
73 }; 70 };
74} 71}
diff --git a/modules/private/websites/tools/tools/rompr.nix b/modules/private/websites/tools/tools/rompr.nix
index 75adabe..106164c 100644
--- a/modules/private/websites/tools/tools/rompr.nix
+++ b/modules/private/websites/tools/tools/rompr.nix
@@ -15,7 +15,7 @@ rec {
15 modules = [ "headers" "mime" "proxy_fcgi" ]; 15 modules = [ "headers" "mime" "proxy_fcgi" ];
16 webappName = "tools_rompr"; 16 webappName = "tools_rompr";
17 root = "/run/current-system/webapps/${webappName}"; 17 root = "/run/current-system/webapps/${webappName}";
18 vhostConf = '' 18 vhostConf = socket: ''
19 Alias /rompr ${root} 19 Alias /rompr ${root}
20 20
21 <Directory ${root}> 21 <Directory ${root}>
@@ -29,7 +29,7 @@ rec {
29 AddType image/x-icon .ico 29 AddType image/x-icon .ico
30 30
31 <FilesMatch "\.php$"> 31 <FilesMatch "\.php$">
32 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 32 SetHandler "proxy:unix:${socket}|fcgi://localhost"
33 </FilesMatch> 33 </FilesMatch>
34 </Directory> 34 </Directory>
35 35
@@ -51,29 +51,26 @@ rec {
51 }; 51 };
52 phpFpm = rec { 52 phpFpm = rec {
53 basedir = builtins.concatStringsSep ":" [ webRoot varDir ]; 53 basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
54 socket = "/var/run/phpfpm/rompr.sock"; 54 pool = {
55 pool = '' 55 "listen.owner" = apache.user;
56 user = ${apache.user} 56 "listen.group" = apache.group;
57 group = ${apache.group} 57 "pm" = "ondemand";
58 listen.owner = ${apache.user} 58 "pm.max_children" = "60";
59 listen.group = ${apache.group} 59 "pm.process_idle_timeout" = "60";
60 pm = ondemand
61 pm.max_children = 60
62 pm.process_idle_timeout = 60
63 60
64 ; Needed to avoid clashes in browser cookies (same domain) 61 # Needed to avoid clashes in browser cookies (same domain)
65 php_value[session.name] = RomprPHPSESSID 62 "php_value[session.name]" = "RomprPHPSESSID";
66 php_admin_value[open_basedir] = "${basedir}:/tmp" 63 "php_admin_value[open_basedir]" = "${basedir}:/tmp";
67 php_admin_value[session.save_path] = "${varDir}/phpSessions" 64 "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
68 php_flag[magic_quotes_gpc] = Off 65 "php_flag[magic_quotes_gpc]" = "Off";
69 php_flag[track_vars] = On 66 "php_flag[track_vars]" = "On";
70 php_flag[register_globals] = Off 67 "php_flag[register_globals]" = "Off";
71 php_admin_flag[allow_url_fopen] = On 68 "php_admin_flag[allow_url_fopen]" = "On";
72 php_value[include_path] = ${webRoot} 69 "php_value[include_path]" = "${webRoot}";
73 php_admin_value[upload_tmp_dir] = "${varDir}/prefs" 70 "php_admin_value[upload_tmp_dir]" = "${varDir}/prefs";
74 php_admin_value[post_max_size] = 32M 71 "php_admin_value[post_max_size]" = "32M";
75 php_admin_value[upload_max_filesize] = 32M 72 "php_admin_value[upload_max_filesize]" = "32M";
76 php_admin_value[memory_limit] = 256M 73 "php_admin_value[memory_limit]" = "256M";
77 ''; 74 };
78 }; 75 };
79} 76}
diff --git a/modules/private/websites/tools/tools/shaarli.nix b/modules/private/websites/tools/tools/shaarli.nix
index 0a75755..950d296 100644
--- a/modules/private/websites/tools/tools/shaarli.nix
+++ b/modules/private/websites/tools/tools/shaarli.nix
@@ -17,7 +17,7 @@ in rec {
17 modules = [ "proxy_fcgi" "rewrite" "env" ]; 17 modules = [ "proxy_fcgi" "rewrite" "env" ];
18 webappName = "tools_shaarli"; 18 webappName = "tools_shaarli";
19 root = "/run/current-system/webapps/${webappName}"; 19 root = "/run/current-system/webapps/${webappName}";
20 vhostConf = '' 20 vhostConf = socket: ''
21 Alias /Shaarli "${root}" 21 Alias /Shaarli "${root}"
22 22
23 Include /var/secrets/webapps/tools-shaarli 23 Include /var/secrets/webapps/tools-shaarli
@@ -27,7 +27,7 @@ in rec {
27 AllowOverride All 27 AllowOverride All
28 Require all granted 28 Require all granted
29 <FilesMatch "\.php$"> 29 <FilesMatch "\.php$">
30 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 30 SetHandler "proxy:unix:${socket}|fcgi://localhost"
31 </FilesMatch> 31 </FilesMatch>
32 </Directory> 32 </Directory>
33 ''; 33 '';
@@ -48,20 +48,17 @@ in rec {
48 phpFpm = rec { 48 phpFpm = rec {
49 serviceDeps = [ "openldap.service" ]; 49 serviceDeps = [ "openldap.service" ];
50 basedir = builtins.concatStringsSep ":" [ webRoot varDir ]; 50 basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
51 socket = "/var/run/phpfpm/shaarli.sock"; 51 pool = {
52 pool = '' 52 "listen.owner" = apache.user;
53 user = ${apache.user} 53 "listen.group" = apache.group;
54 group = ${apache.group} 54 "pm" = "ondemand";
55 listen.owner = ${apache.user} 55 "pm.max_children" = "60";
56 listen.group = ${apache.group} 56 "pm.process_idle_timeout" = "60";
57 pm = ondemand
58 pm.max_children = 60
59 pm.process_idle_timeout = 60
60 57
61 ; Needed to avoid clashes in browser cookies (same domain) 58 # Needed to avoid clashes in browser cookies (same domain)
62 php_value[session.name] = ShaarliPHPSESSID 59 "php_value[session.name]" = "ShaarliPHPSESSID";
63 php_admin_value[open_basedir] = "${basedir}:/tmp" 60 "php_admin_value[open_basedir]" = "${basedir}:/tmp";
64 php_admin_value[session.save_path] = "${varDir}/phpSessions" 61 "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
65 ''; 62 };
66 }; 63 };
67} 64}
diff --git a/modules/private/websites/tools/tools/ttrss.nix b/modules/private/websites/tools/tools/ttrss.nix
index a8b2a93..48876d3 100644
--- a/modules/private/websites/tools/tools/ttrss.nix
+++ b/modules/private/websites/tools/tools/ttrss.nix
@@ -95,12 +95,12 @@ rec {
95 modules = [ "proxy_fcgi" ]; 95 modules = [ "proxy_fcgi" ];
96 webappName = "tools_ttrss"; 96 webappName = "tools_ttrss";
97 root = "/run/current-system/webapps/${webappName}"; 97 root = "/run/current-system/webapps/${webappName}";
98 vhostConf = '' 98 vhostConf = socket: ''
99 Alias /ttrss "${root}" 99 Alias /ttrss "${root}"
100 <Directory "${root}"> 100 <Directory "${root}">
101 DirectoryIndex index.php 101 DirectoryIndex index.php
102 <FilesMatch "\.php$"> 102 <FilesMatch "\.php$">
103 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 103 SetHandler "proxy:unix:${socket}|fcgi://localhost"
104 </FilesMatch> 104 </FilesMatch>
105 105
106 AllowOverride All 106 AllowOverride All
@@ -114,20 +114,17 @@ rec {
114 basedir = builtins.concatStringsSep ":" ( 114 basedir = builtins.concatStringsSep ":" (
115 [ webRoot "/var/secrets/webapps/tools-ttrss" varDir ] 115 [ webRoot "/var/secrets/webapps/tools-ttrss" varDir ]
116 ++ webRoot.plugins); 116 ++ webRoot.plugins);
117 socket = "/var/run/phpfpm/ttrss.sock"; 117 pool = {
118 pool = '' 118 "listen.owner" = apache.user;
119 user = ${apache.user} 119 "listen.group" = apache.group;
120 group = ${apache.group} 120 "pm" = "ondemand";
121 listen.owner = ${apache.user} 121 "pm.max_children" = "60";
122 listen.group = ${apache.group} 122 "pm.process_idle_timeout" = "60";
123 pm = ondemand 123
124 pm.max_children = 60 124 # Needed to avoid clashes in browser cookies (same domain)
125 pm.process_idle_timeout = 60 125 "php_value[session.name]" = "TtrssPHPSESSID";
126 126 "php_admin_value[open_basedir]" = "${basedir}:/tmp";
127 ; Needed to avoid clashes in browser cookies (same domain) 127 "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
128 php_value[session.name] = TtrssPHPSESSID 128 };
129 php_admin_value[open_basedir] = "${basedir}:/tmp"
130 php_admin_value[session.save_path] = "${varDir}/phpSessions"
131 '';
132 }; 129 };
133} 130}
diff --git a/modules/private/websites/tools/tools/wallabag.nix b/modules/private/websites/tools/tools/wallabag.nix
index 014d8a1..00e2dc9 100644
--- a/modules/private/websites/tools/tools/wallabag.nix
+++ b/modules/private/websites/tools/tools/wallabag.nix
@@ -82,7 +82,7 @@ rec {
82 modules = [ "proxy_fcgi" ]; 82 modules = [ "proxy_fcgi" ];
83 webappName = "tools_wallabag"; 83 webappName = "tools_wallabag";
84 root = "/run/current-system/webapps/${webappName}"; 84 root = "/run/current-system/webapps/${webappName}";
85 vhostConf = '' 85 vhostConf = socket: ''
86 Alias /wallabag "${root}" 86 Alias /wallabag "${root}"
87 <Directory "${root}"> 87 <Directory "${root}">
88 AllowOverride None 88 AllowOverride None
@@ -91,7 +91,7 @@ rec {
91 CGIPassAuth On 91 CGIPassAuth On
92 92
93 <FilesMatch "\.php$"> 93 <FilesMatch "\.php$">
94 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 94 SetHandler "proxy:unix:${socket}|fcgi://localhost"
95 </FilesMatch> 95 </FilesMatch>
96 96
97 <IfModule mod_rewrite.c> 97 <IfModule mod_rewrite.c>
@@ -129,22 +129,19 @@ rec {
129 ''; 129 '';
130 serviceDeps = [ "postgresql.service" "openldap.service" ]; 130 serviceDeps = [ "postgresql.service" "openldap.service" ];
131 basedir = builtins.concatStringsSep ":" [ webappDir "/var/secrets/webapps/tools-wallabag" varDir ]; 131 basedir = builtins.concatStringsSep ":" [ webappDir "/var/secrets/webapps/tools-wallabag" varDir ];
132 socket = "/var/run/phpfpm/wallabag.sock"; 132 pool = {
133 pool = '' 133 "listen.owner" = apache.user;
134 user = ${apache.user} 134 "listen.group" = apache.group;
135 group = ${apache.group} 135 "pm" = "dynamic";
136 listen.owner = ${apache.user} 136 "pm.max_children" = "60";
137 listen.group = ${apache.group} 137 "pm.start_servers" = "2";
138 pm = dynamic 138 "pm.min_spare_servers" = "1";
139 pm.max_children = 60 139 "pm.max_spare_servers" = "10";
140 pm.start_servers = 2
141 pm.min_spare_servers = 1
142 pm.max_spare_servers = 10
143 140
144 ; Needed to avoid clashes in browser cookies (same domain) 141 # Needed to avoid clashes in browser cookies (same domain)
145 php_value[session.name] = WallabagPHPSESSID 142 "php_value[session.name]" = "WallabagPHPSESSID";
146 php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:${basedir}:/tmp" 143 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:${basedir}:/tmp";
147 php_value[max_execution_time] = 300 144 "php_value[max_execution_time]" = "300";
148 ''; 145 };
149 }; 146 };
150} 147}
diff --git a/modules/private/websites/tools/tools/yourls.nix b/modules/private/websites/tools/tools/yourls.nix
index 466ceae..cb03b6c 100644
--- a/modules/private/websites/tools/tools/yourls.nix
+++ b/modules/private/websites/tools/tools/yourls.nix
@@ -48,11 +48,11 @@ rec {
48 modules = [ "proxy_fcgi" ]; 48 modules = [ "proxy_fcgi" ];
49 webappName = "tools_yourls"; 49 webappName = "tools_yourls";
50 root = "/run/current-system/webapps/${webappName}"; 50 root = "/run/current-system/webapps/${webappName}";
51 vhostConf = '' 51 vhostConf = socket: ''
52 Alias /url "${root}" 52 Alias /url "${root}"
53 <Directory "${root}"> 53 <Directory "${root}">
54 <FilesMatch "\.php$"> 54 <FilesMatch "\.php$">
55 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 55 SetHandler "proxy:unix:${socket}|fcgi://localhost"
56 </FilesMatch> 56 </FilesMatch>
57 57
58 AllowOverride None 58 AllowOverride None
@@ -73,20 +73,17 @@ rec {
73 basedir = builtins.concatStringsSep ":" ( 73 basedir = builtins.concatStringsSep ":" (
74 [ webRoot "/var/secrets/webapps/tools-yourls" ] 74 [ webRoot "/var/secrets/webapps/tools-yourls" ]
75 ++ webRoot.plugins); 75 ++ webRoot.plugins);
76 socket = "/var/run/phpfpm/yourls.sock"; 76 pool = {
77 pool = '' 77 "listen.owner" = apache.user;
78 user = ${apache.user} 78 "listen.group" = apache.group;
79 group = ${apache.group} 79 "pm" = "ondemand";
80 listen.owner = ${apache.user} 80 "pm.max_children" = "60";
81 listen.group = ${apache.group} 81 "pm.process_idle_timeout" = "60";
82 pm = ondemand
83 pm.max_children = 60
84 pm.process_idle_timeout = 60
85 82
86 ; Needed to avoid clashes in browser cookies (same domain) 83 # Needed to avoid clashes in browser cookies (same domain)
87 php_value[session.name] = YourlsPHPSESSID 84 "php_value[session.name]" = "YourlsPHPSESSID";
88 php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/yourls" 85 "php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/yourls";
89 php_admin_value[session.save_path] = "/var/lib/php/sessions/yourls" 86 "php_admin_value[session.save_path]" = "/var/lib/php/sessions/yourls";
90 ''; 87 };
91 }; 88 };
92} 89}
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-03 01:01:55 +0000