diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2023-10-04 01:35:06 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2023-10-04 02:11:48 +0200 |
commit | 1a64deeb894dc95e2645a75771732c6cc53a79ad (patch) | |
tree | 1b9df4838f894577a09b9b260151756272efeb53 /systems/eldiron/websites/mail/rainloop.nix | |
parent | fa25ffd4583cc362075cd5e1b4130f33306103f0 (diff) | |
download | Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.gz Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.zst Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.zip |
Squash changes containing private information
There were a lot of changes since the previous commit, but a lot of them
contained personnal information about users. All thos changes got
stashed into a single commit (history is kept in a different place) and
private information was moved in a separate private repository
Diffstat (limited to 'systems/eldiron/websites/mail/rainloop.nix')
-rw-r--r-- | systems/eldiron/websites/mail/rainloop.nix | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/systems/eldiron/websites/mail/rainloop.nix b/systems/eldiron/websites/mail/rainloop.nix new file mode 100644 index 0000000..f821005 --- /dev/null +++ b/systems/eldiron/websites/mail/rainloop.nix | |||
@@ -0,0 +1,54 @@ | |||
1 | { lib, rainloop, writeText, stdenv, fetchurl }: | ||
2 | rec { | ||
3 | varDir = "/var/lib/rainloop"; | ||
4 | activationScript = { | ||
5 | deps = [ "wrappers" ]; | ||
6 | text = '' | ||
7 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} | ||
8 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/data | ||
9 | ''; | ||
10 | }; | ||
11 | webRoot = rainloop.override { dataPath = "${varDir}/data"; }; | ||
12 | apache = rec { | ||
13 | user = "wwwrun"; | ||
14 | group = "wwwrun"; | ||
15 | modules = [ "proxy_fcgi" ]; | ||
16 | root = webRoot; | ||
17 | vhostConf = socket: '' | ||
18 | Alias /rainloop "${root}" | ||
19 | <Directory "${root}"> | ||
20 | DirectoryIndex index.php | ||
21 | AllowOverride All | ||
22 | Options -FollowSymlinks | ||
23 | Require all denied | ||
24 | |||
25 | <FilesMatch "\.php$"> | ||
26 | SetHandler "proxy:unix:${socket}|fcgi://localhost" | ||
27 | </FilesMatch> | ||
28 | </Directory> | ||
29 | |||
30 | <DirectoryMatch "${root}/data"> | ||
31 | Require all denied | ||
32 | </DirectoryMatch> | ||
33 | ''; | ||
34 | }; | ||
35 | phpFpm = rec { | ||
36 | serviceDeps = [ "postgresql.service" ]; | ||
37 | basedir = builtins.concatStringsSep ":" [ webRoot varDir ]; | ||
38 | pool = { | ||
39 | "listen.owner" = apache.user; | ||
40 | "listen.group" = apache.group; | ||
41 | "pm" = "ondemand"; | ||
42 | "pm.max_children" = "60"; | ||
43 | "pm.process_idle_timeout" = "60"; | ||
44 | |||
45 | # Needed to avoid clashes in browser cookies (same domain) | ||
46 | "php_value[session.name]" = "RainloopPHPSESSID"; | ||
47 | "php_admin_value[upload_max_filesize]" = "200M"; | ||
48 | "php_admin_value[post_max_size]" = "200M"; | ||
49 | "php_admin_value[open_basedir]" = "${basedir}:/tmp"; | ||
50 | "php_admin_value[session.save_handler]" = "redis"; | ||
51 | "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Rainloop:'"; | ||
52 | }; | ||
53 | }; | ||
54 | } | ||