diff options
Diffstat (limited to 'modules/private/websites/tools/dav/davical.nix')
-rw-r--r-- | modules/private/websites/tools/dav/davical.nix | 133 |
1 files changed, 0 insertions, 133 deletions
diff --git a/modules/private/websites/tools/dav/davical.nix b/modules/private/websites/tools/dav/davical.nix deleted file mode 100644 index bc5ecf6..0000000 --- a/modules/private/websites/tools/dav/davical.nix +++ /dev/null | |||
@@ -1,133 +0,0 @@ | |||
1 | { stdenv, fetchurl, gettext, writeText, env, awl, davical, config }: | ||
2 | rec { | ||
3 | activationScript = { | ||
4 | deps = [ "httpd" ]; | ||
5 | text = '' | ||
6 | install -m 0755 -o ${apache.user} -g ${apache.group} -d /var/lib/php/sessions/davical | ||
7 | ''; | ||
8 | }; | ||
9 | keys."webapps/dav-davical" = { | ||
10 | user = apache.user; | ||
11 | group = apache.group; | ||
12 | permissions = "0400"; | ||
13 | text = '' | ||
14 | <?php | ||
15 | $c->pg_connect[] = "dbname=${env.postgresql.database} user=${env.postgresql.user} host=${env.postgresql.socket} password=${env.postgresql.password}"; | ||
16 | |||
17 | $c->readonly_webdav_collections = false; | ||
18 | |||
19 | $c->admin_email ='davical@tools.immae.eu'; | ||
20 | |||
21 | $c->restrict_setup_to_admin = true; | ||
22 | |||
23 | $c->collections_always_exist = false; | ||
24 | |||
25 | $c->external_refresh = 60; | ||
26 | |||
27 | $c->enable_scheduling = true; | ||
28 | |||
29 | $c->iMIP = (object) array("send_email" => true); | ||
30 | |||
31 | $c->authenticate_hook['optional'] = false; | ||
32 | $c->authenticate_hook['call'] = 'LDAP_check'; | ||
33 | $c->authenticate_hook['config'] = array( | ||
34 | 'host' => '${env.ldap.host}', | ||
35 | 'port' => '389', | ||
36 | 'startTLS' => 'yes', | ||
37 | 'bindDN'=> '${env.ldap.dn}', | ||
38 | 'passDN'=> '${env.ldap.password}', | ||
39 | 'protocolVersion' => '3', | ||
40 | 'baseDNUsers'=> array('ou=users,${env.ldap.base}', 'ou=group_users,${env.ldap.base}'), | ||
41 | 'filterUsers' => '${env.ldap.filter}', | ||
42 | 'baseDNGroups' => 'ou=groups,${env.ldap.base}', | ||
43 | 'filterGroups' => 'memberOf=cn=groups,${env.ldap.dn}', | ||
44 | 'mapping_field' => array( | ||
45 | "username" => "uid", | ||
46 | "fullname" => "cn", | ||
47 | "email" => "mail", | ||
48 | "modified" => "modifyTimestamp", | ||
49 | ), | ||
50 | 'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)), | ||
51 | /** used to set default value for all users, will be overcharged by ldap if defined also in mapping_field **/ | ||
52 | // 'default_value' => array("date_format_type" => "E","locale" => "fr_FR"), | ||
53 | 'group_mapping_field' => array( | ||
54 | "username" => "cn", | ||
55 | "updated" => "modifyTimestamp", | ||
56 | "fullname" => "givenName", | ||
57 | "displayname" => "givenName", | ||
58 | "members" => "memberUid", | ||
59 | "email" => "mail", | ||
60 | ), | ||
61 | ); | ||
62 | |||
63 | $c->do_not_sync_from_ldap = array('admin' => true); | ||
64 | include('drivers_ldap.php'); | ||
65 | ''; | ||
66 | }; | ||
67 | webapp = davical.override { davical_config = config.secrets.fullPaths."webapps/dav-davical"; }; | ||
68 | webRoot = "${webapp}/htdocs"; | ||
69 | apache = rec { | ||
70 | user = "wwwrun"; | ||
71 | group = "wwwrun"; | ||
72 | modules = [ "proxy_fcgi" ]; | ||
73 | root = webRoot; | ||
74 | vhostConf = socket: '' | ||
75 | Alias /davical "${root}" | ||
76 | Alias /caldav.php "${root}/caldav.php" | ||
77 | <Directory "${root}"> | ||
78 | DirectoryIndex index.php index.html | ||
79 | AcceptPathInfo On | ||
80 | AllowOverride None | ||
81 | Require all granted | ||
82 | |||
83 | <FilesMatch "\.php$"> | ||
84 | CGIPassAuth on | ||
85 | SetHandler "proxy:unix:${socket}|fcgi://localhost" | ||
86 | </FilesMatch> | ||
87 | |||
88 | RewriteEngine On | ||
89 | <IfModule mod_headers.c> | ||
90 | Header unset Access-Control-Allow-Origin | ||
91 | Header unset Access-Control-Allow-Methods | ||
92 | Header unset Access-Control-Allow-Headers | ||
93 | Header unset Access-Control-Allow-Credentials | ||
94 | Header unset Access-Control-Expose-Headers | ||
95 | |||
96 | Header always set Access-Control-Allow-Origin "*" | ||
97 | Header always set Access-Control-Allow-Methods "GET,POST,OPTIONS,PROPFIND,PROPPATCH,REPORT,PUT,MOVE,DELETE,LOCK,UNLOCK" | ||
98 | Header always set Access-Control-Allow-Headers "User-Agent,Authorization,Content-type,Depth,If-match,If-None-Match,Lock-Token,Timeout,Destination,Overwrite,Prefer,X-client,X-Requested-With" | ||
99 | Header always set Access-Control-Allow-Credentials false | ||
100 | Header always set Access-Control-Expose-Headers "Etag,Preference-Applied" | ||
101 | |||
102 | RewriteCond %{HTTP:Access-Control-Request-Method} !^$ | ||
103 | RewriteCond %{REQUEST_METHOD} OPTIONS | ||
104 | RewriteRule ^(.*)$ $1 [R=200,L] | ||
105 | </IfModule> | ||
106 | </Directory> | ||
107 | ''; | ||
108 | }; | ||
109 | phpFpm = rec { | ||
110 | serviceDeps = [ "postgresql.service" "openldap.service" ]; | ||
111 | basedir = builtins.concatStringsSep ":" [ webapp config.secrets.fullPaths."webapps/dav-davical" awl ]; | ||
112 | pool = { | ||
113 | "listen.owner" = apache.user; | ||
114 | "listen.group" = apache.group; | ||
115 | "pm" = "dynamic"; | ||
116 | "pm.max_children" = "60"; | ||
117 | "pm.start_servers" = "2"; | ||
118 | "pm.min_spare_servers" = "1"; | ||
119 | "pm.max_spare_servers" = "10"; | ||
120 | |||
121 | # Needed to avoid clashes in browser cookies (same domain) | ||
122 | "php_value[session.name]" = "DavicalPHPSESSID"; | ||
123 | "php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/davical"; | ||
124 | "php_admin_value[include_path]" = "${awl}/inc:${webapp}/inc"; | ||
125 | "php_admin_value[session.save_path]" = "/var/lib/php/sessions/davical"; | ||
126 | "php_flag[magic_quotes_gpc]" = "Off"; | ||
127 | "php_flag[register_globals]" = "Off"; | ||
128 | "php_admin_value[error_reporting]" = "E_ALL & ~E_NOTICE"; | ||
129 | "php_admin_value[default_charset]" = "utf-8"; | ||
130 | "php_flag[magic_quotes_runtime]" = "Off"; | ||
131 | }; | ||
132 | }; | ||
133 | } | ||