diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2023-10-04 01:35:06 +0200 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2023-10-04 02:11:48 +0200 |
| commit | 1a64deeb894dc95e2645a75771732c6cc53a79ad (patch) | |
| tree | 1b9df4838f894577a09b9b260151756272efeb53 /systems/eldiron/websites/mail/rainloop.nix | |
| parent | fa25ffd4583cc362075cd5e1b4130f33306103f0 (diff) | |
| download | Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.gz Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.zst Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.zip | |
Squash changes containing private information
There were a lot of changes since the previous commit, but a lot of them
contained personnal information about users. All thos changes got
stashed into a single commit (history is kept in a different place) and
private information was moved in a separate private repository
Diffstat (limited to 'systems/eldiron/websites/mail/rainloop.nix')
| -rw-r--r-- | systems/eldiron/websites/mail/rainloop.nix | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/systems/eldiron/websites/mail/rainloop.nix b/systems/eldiron/websites/mail/rainloop.nix new file mode 100644 index 0000000..f821005 --- /dev/null +++ b/systems/eldiron/websites/mail/rainloop.nix | |||
| @@ -0,0 +1,54 @@ | |||
| 1 | { lib, rainloop, writeText, stdenv, fetchurl }: | ||
| 2 | rec { | ||
| 3 | varDir = "/var/lib/rainloop"; | ||
| 4 | activationScript = { | ||
| 5 | deps = [ "wrappers" ]; | ||
| 6 | text = '' | ||
| 7 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} | ||
| 8 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/data | ||
| 9 | ''; | ||
| 10 | }; | ||
| 11 | webRoot = rainloop.override { dataPath = "${varDir}/data"; }; | ||
| 12 | apache = rec { | ||
| 13 | user = "wwwrun"; | ||
| 14 | group = "wwwrun"; | ||
| 15 | modules = [ "proxy_fcgi" ]; | ||
| 16 | root = webRoot; | ||
| 17 | vhostConf = socket: '' | ||
| 18 | Alias /rainloop "${root}" | ||
| 19 | <Directory "${root}"> | ||
| 20 | DirectoryIndex index.php | ||
| 21 | AllowOverride All | ||
| 22 | Options -FollowSymlinks | ||
| 23 | Require all denied | ||
| 24 | |||
| 25 | <FilesMatch "\.php$"> | ||
| 26 | SetHandler "proxy:unix:${socket}|fcgi://localhost" | ||
| 27 | </FilesMatch> | ||
| 28 | </Directory> | ||
| 29 | |||
| 30 | <DirectoryMatch "${root}/data"> | ||
| 31 | Require all denied | ||
| 32 | </DirectoryMatch> | ||
| 33 | ''; | ||
| 34 | }; | ||
| 35 | phpFpm = rec { | ||
| 36 | serviceDeps = [ "postgresql.service" ]; | ||
| 37 | basedir = builtins.concatStringsSep ":" [ webRoot varDir ]; | ||
| 38 | pool = { | ||
| 39 | "listen.owner" = apache.user; | ||
| 40 | "listen.group" = apache.group; | ||
| 41 | "pm" = "ondemand"; | ||
| 42 | "pm.max_children" = "60"; | ||
| 43 | "pm.process_idle_timeout" = "60"; | ||
| 44 | |||
| 45 | # Needed to avoid clashes in browser cookies (same domain) | ||
| 46 | "php_value[session.name]" = "RainloopPHPSESSID"; | ||
| 47 | "php_admin_value[upload_max_filesize]" = "200M"; | ||
| 48 | "php_admin_value[post_max_size]" = "200M"; | ||
| 49 | "php_admin_value[open_basedir]" = "${basedir}:/tmp"; | ||
| 50 | "php_admin_value[session.save_handler]" = "redis"; | ||
| 51 | "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Rainloop:'"; | ||
| 52 | }; | ||
| 53 | }; | ||
| 54 | } | ||