diff options
Diffstat (limited to 'modules/private/websites/tools/tools')
-rw-r--r-- | modules/private/websites/tools/tools/adminer.nix | 49 | ||||
-rw-r--r-- | modules/private/websites/tools/tools/default.nix | 129 | ||||
-rw-r--r-- | modules/private/websites/tools/tools/dokuwiki.nix | 29 | ||||
-rw-r--r-- | modules/private/websites/tools/tools/grocy.nix | 29 | ||||
-rw-r--r-- | modules/private/websites/tools/tools/kanboard.nix | 29 | ||||
-rw-r--r-- | modules/private/websites/tools/tools/ldap.nix | 29 | ||||
-rw-r--r-- | modules/private/websites/tools/tools/rompr.nix | 47 | ||||
-rw-r--r-- | modules/private/websites/tools/tools/shaarli.nix | 29 | ||||
-rw-r--r-- | modules/private/websites/tools/tools/ttrss.nix | 31 | ||||
-rw-r--r-- | modules/private/websites/tools/tools/wallabag.nix | 33 | ||||
-rw-r--r-- | modules/private/websites/tools/tools/yourls.nix | 29 |
11 files changed, 226 insertions, 237 deletions
diff --git a/modules/private/websites/tools/tools/adminer.nix b/modules/private/websites/tools/tools/adminer.nix index 907e37f..52a132c 100644 --- a/modules/private/websites/tools/tools/adminer.nix +++ b/modules/private/websites/tools/tools/adminer.nix | |||
@@ -1,4 +1,4 @@ | |||
1 | { adminer }: | 1 | { adminer, php73, forcePhpSocket ? null }: |
2 | rec { | 2 | rec { |
3 | activationScript = { | 3 | activationScript = { |
4 | deps = [ "httpd" ]; | 4 | deps = [ "httpd" ]; |
@@ -9,22 +9,33 @@ rec { | |||
9 | }; | 9 | }; |
10 | webRoot = adminer; | 10 | webRoot = adminer; |
11 | phpFpm = rec { | 11 | phpFpm = rec { |
12 | socket = "/var/run/phpfpm/adminer.sock"; | 12 | user = apache.user; |
13 | pool = '' | 13 | group = apache.group; |
14 | user = ${apache.user} | 14 | phpPackage = (php73.override { |
15 | group = ${apache.group} | 15 | config.php.mysqlnd = true; |
16 | listen.owner = ${apache.user} | 16 | config.php.mysqli = false; |
17 | listen.group = ${apache.group} | 17 | config.php.pdo-mysql = false; |
18 | pm = ondemand | 18 | }).overrideAttrs(old: rec { |
19 | pm.max_children = 5 | 19 | configureFlags = old.configureFlags ++ [ |
20 | pm.process_idle_timeout = 60 | 20 | "--with-mysqli=shared,mysqlnd" |
21 | ;php_admin_flag[log_errors] = on | 21 | ]; |
22 | ; Needed to avoid clashes in browser cookies (same domain) | 22 | }); |
23 | php_value[session.name] = AdminerPHPSESSID | 23 | phpOptions = '' |
24 | php_admin_value[open_basedir] = "${webRoot}:/tmp:/var/lib/php/sessions/adminer:/var/lib/php/tmp/adminer" | 24 | extension=${phpPackage}/lib/php/extensions/mysqli.so |
25 | php_admin_value[session.save_path] = "/var/lib/php/sessions/adminer" | 25 | ''; |
26 | php_admin_value[upload_tmp_dir] = "/var/lib/php/tmp/adminer" | 26 | settings = { |
27 | ''; | 27 | "listen.owner" = apache.user; |
28 | "listen.group" = apache.group; | ||
29 | "pm" = "ondemand"; | ||
30 | "pm.max_children" = "5"; | ||
31 | "pm.process_idle_timeout" = "60"; | ||
32 | #"php_admin_flag[log_errors]" = "on"; | ||
33 | # Needed to avoid clashes in browser cookies (same domain) | ||
34 | "php_value[session.name]" = "AdminerPHPSESSID"; | ||
35 | "php_admin_value[open_basedir]" = "${webRoot}:/tmp:/var/lib/php/sessions/adminer:/var/lib/php/tmp/adminer"; | ||
36 | "php_admin_value[session.save_path]" = "/var/lib/php/sessions/adminer"; | ||
37 | "php_admin_value[upload_tmp_dir]" = "/var/lib/php/tmp/adminer"; | ||
38 | }; | ||
28 | }; | 39 | }; |
29 | apache = rec { | 40 | apache = rec { |
30 | user = "wwwrun"; | 41 | user = "wwwrun"; |
@@ -32,12 +43,12 @@ rec { | |||
32 | modules = [ "proxy_fcgi" ]; | 43 | modules = [ "proxy_fcgi" ]; |
33 | webappName = "_adminer"; | 44 | webappName = "_adminer"; |
34 | root = "/run/current-system/webapps/${webappName}"; | 45 | root = "/run/current-system/webapps/${webappName}"; |
35 | vhostConf = '' | 46 | vhostConf = socket: '' |
36 | Alias /adminer ${root} | 47 | Alias /adminer ${root} |
37 | <Directory ${root}> | 48 | <Directory ${root}> |
38 | DirectoryIndex index.php | 49 | DirectoryIndex index.php |
39 | <FilesMatch "\.php$"> | 50 | <FilesMatch "\.php$"> |
40 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | 51 | SetHandler "proxy:unix:${if forcePhpSocket != null then forcePhpSocket else socket}|fcgi://localhost" |
41 | </FilesMatch> | 52 | </FilesMatch> |
42 | 53 | ||
43 | Use LDAPConnect | 54 | Use LDAPConnect |
diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix index 5dc0981..5e0d446 100644 --- a/modules/private/websites/tools/tools/default.nix +++ b/modules/private/websites/tools/tools/default.nix | |||
@@ -40,6 +40,7 @@ let | |||
40 | }; | 40 | }; |
41 | 41 | ||
42 | cfg = config.myServices.websites.tools.tools; | 42 | cfg = config.myServices.websites.tools.tools; |
43 | pcfg = config.services.phpfpm.pools; | ||
43 | in { | 44 | in { |
44 | options.myServices.websites.tools.tools = { | 45 | options.myServices.websites.tools.tools = { |
45 | enable = lib.mkEnableOption "enable tools website"; | 46 | enable = lib.mkEnableOption "enable tools website"; |
@@ -92,7 +93,7 @@ in { | |||
92 | AllowOverride all | 93 | AllowOverride all |
93 | Require all granted | 94 | Require all granted |
94 | <FilesMatch "\.php$"> | 95 | <FilesMatch "\.php$"> |
95 | SetHandler "proxy:unix:/var/run/phpfpm/devtools.sock|fcgi://localhost" | 96 | SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost" |
96 | </FilesMatch> | 97 | </FilesMatch> |
97 | </Directory> | 98 | </Directory> |
98 | '' | 99 | '' |
@@ -115,21 +116,21 @@ in { | |||
115 | AllowOverride all | 116 | AllowOverride all |
116 | Require all granted | 117 | Require all granted |
117 | <FilesMatch "\.php$"> | 118 | <FilesMatch "\.php$"> |
118 | SetHandler "proxy:unix:/var/run/phpfpm/tools.sock|fcgi://localhost" | 119 | SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost" |
119 | </FilesMatch> | 120 | </FilesMatch> |
120 | </Directory> | 121 | </Directory> |
121 | '' | 122 | '' |
122 | adminer.apache.vhostConf | 123 | (adminer.apache.vhostConf pcfg.adminer.socket) |
123 | ympd.apache.vhostConf | 124 | ympd.apache.vhostConf |
124 | ttrss.apache.vhostConf | 125 | (ttrss.apache.vhostConf pcfg.ttrss.socket) |
125 | wallabag.apache.vhostConf | 126 | (wallabag.apache.vhostConf pcfg.wallabag.socket) |
126 | yourls.apache.vhostConf | 127 | (yourls.apache.vhostConf pcfg.yourls.socket) |
127 | rompr.apache.vhostConf | 128 | (rompr.apache.vhostConf pcfg.rompr.socket) |
128 | shaarli.apache.vhostConf | 129 | (shaarli.apache.vhostConf pcfg.shaarli.socket) |
129 | dokuwiki.apache.vhostConf | 130 | (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket) |
130 | ldap.apache.vhostConf | 131 | (ldap.apache.vhostConf pcfg.ldap.socket) |
131 | kanboard.apache.vhostConf | 132 | (kanboard.apache.vhostConf pcfg.kanboard.socket) |
132 | grocy.apache.vhostConf | 133 | (grocy.apache.vhostConf pcfg.grocy.socket) |
133 | ]; | 134 | ]; |
134 | }; | 135 | }; |
135 | 136 | ||
@@ -226,38 +227,36 @@ in { | |||
226 | 227 | ||
227 | services.phpfpm.pools = { | 228 | services.phpfpm.pools = { |
228 | tools = { | 229 | tools = { |
229 | listen = "/var/run/phpfpm/tools.sock"; | 230 | user = "wwwrun"; |
230 | extraConfig = '' | 231 | group = "wwwrun"; |
231 | user = wwwrun | 232 | settings = { |
232 | group = wwwrun | 233 | "listen.owner" = "wwwrun"; |
233 | listen.owner = wwwrun | 234 | "listen.group" = "wwwrun"; |
234 | listen.group = wwwrun | 235 | "pm" = "dynamic"; |
235 | pm = dynamic | 236 | "pm.max_children" = "60"; |
236 | pm.max_children = 60 | 237 | "pm.start_servers" = "2"; |
237 | pm.start_servers = 2 | 238 | "pm.min_spare_servers" = "1"; |
238 | pm.min_spare_servers = 1 | 239 | "pm.max_spare_servers" = "10"; |
239 | pm.max_spare_servers = 10 | ||
240 | 240 | ||
241 | ; Needed to avoid clashes in browser cookies (same domain) | 241 | # Needed to avoid clashes in browser cookies (same domain) |
242 | php_value[session.name] = ToolsPHPSESSID | 242 | "php_value[session.name]" = "ToolsPHPSESSID"; |
243 | php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp" | 243 | "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"; |
244 | ''; | 244 | }; |
245 | }; | 245 | }; |
246 | devtools = { | 246 | devtools = { |
247 | listen = "/var/run/phpfpm/devtools.sock"; | 247 | user = "wwwrun"; |
248 | extraConfig = '' | 248 | group = "wwwrun"; |
249 | user = wwwrun | 249 | settings = { |
250 | group = wwwrun | 250 | "listen.owner" = "wwwrun"; |
251 | listen.owner = wwwrun | 251 | "listen.group" = "wwwrun"; |
252 | listen.group = wwwrun | 252 | "pm" = "dynamic"; |
253 | pm = dynamic | 253 | "pm.max_children" = "60"; |
254 | pm.max_children = 60 | 254 | "pm.start_servers" = "2"; |
255 | pm.start_servers = 2 | 255 | "pm.min_spare_servers" = "1"; |
256 | pm.min_spare_servers = 1 | 256 | "pm.max_spare_servers" = "10"; |
257 | pm.max_spare_servers = 10 | ||
258 | 257 | ||
259 | php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp" | 258 | "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp"; |
260 | ''; | 259 | }; |
261 | phpOptions = config.services.phpfpm.phpOptions + '' | 260 | phpOptions = config.services.phpfpm.phpOptions + '' |
262 | extension=${pkgs.php}/lib/php/extensions/mysqli.so | 261 | extension=${pkgs.php}/lib/php/extensions/mysqli.so |
263 | extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so | 262 | extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so |
@@ -265,45 +264,51 @@ in { | |||
265 | zend_extension=${pkgs.php}/lib/php/extensions/opcache.so | 264 | zend_extension=${pkgs.php}/lib/php/extensions/opcache.so |
266 | ''; | 265 | ''; |
267 | }; | 266 | }; |
268 | adminer = { | 267 | adminer = adminer.phpFpm; |
269 | listen = adminer.phpFpm.socket; | ||
270 | extraConfig = adminer.phpFpm.pool; | ||
271 | }; | ||
272 | ttrss = { | 268 | ttrss = { |
273 | listen = ttrss.phpFpm.socket; | 269 | user = "wwwrun"; |
274 | extraConfig = ttrss.phpFpm.pool; | 270 | group = "wwwrun"; |
271 | settings = ttrss.phpFpm.pool; | ||
275 | }; | 272 | }; |
276 | wallabag = { | 273 | wallabag = { |
277 | listen = wallabag.phpFpm.socket; | 274 | user = "wwwrun"; |
278 | extraConfig = wallabag.phpFpm.pool; | 275 | group = "wwwrun"; |
276 | settings = wallabag.phpFpm.pool; | ||
279 | }; | 277 | }; |
280 | yourls = { | 278 | yourls = { |
281 | listen = yourls.phpFpm.socket; | 279 | user = "wwwrun"; |
282 | extraConfig = yourls.phpFpm.pool; | 280 | group = "wwwrun"; |
281 | settings = yourls.phpFpm.pool; | ||
283 | }; | 282 | }; |
284 | rompr = { | 283 | rompr = { |
285 | listen = rompr.phpFpm.socket; | 284 | user = "wwwrun"; |
286 | extraConfig = rompr.phpFpm.pool; | 285 | group = "wwwrun"; |
286 | settings = rompr.phpFpm.pool; | ||
287 | }; | 287 | }; |
288 | shaarli = { | 288 | shaarli = { |
289 | listen = shaarli.phpFpm.socket; | 289 | user = "wwwrun"; |
290 | extraConfig = shaarli.phpFpm.pool; | 290 | group = "wwwrun"; |
291 | settings = shaarli.phpFpm.pool; | ||
291 | }; | 292 | }; |
292 | dokuwiki = { | 293 | dokuwiki = { |
293 | listen = dokuwiki.phpFpm.socket; | 294 | user = "wwwrun"; |
294 | extraConfig = dokuwiki.phpFpm.pool; | 295 | group = "wwwrun"; |
296 | settings = dokuwiki.phpFpm.pool; | ||
295 | }; | 297 | }; |
296 | ldap = { | 298 | ldap = { |
297 | listen = ldap.phpFpm.socket; | 299 | user = "wwwrun"; |
298 | extraConfig = ldap.phpFpm.pool; | 300 | group = "wwwrun"; |
301 | settings = ldap.phpFpm.pool; | ||
299 | }; | 302 | }; |
300 | kanboard = { | 303 | kanboard = { |
301 | listen = kanboard.phpFpm.socket; | 304 | user = "wwwrun"; |
302 | extraConfig = kanboard.phpFpm.pool; | 305 | group = "wwwrun"; |
306 | settings = kanboard.phpFpm.pool; | ||
303 | }; | 307 | }; |
304 | grocy = { | 308 | grocy = { |
305 | listen = grocy.phpFpm.socket; | 309 | user = "wwwrun"; |
306 | extraConfig = grocy.phpFpm.pool; | 310 | group = "wwwrun"; |
311 | settings = grocy.phpFpm.pool; | ||
307 | }; | 312 | }; |
308 | }; | 313 | }; |
309 | 314 | ||
diff --git a/modules/private/websites/tools/tools/dokuwiki.nix b/modules/private/websites/tools/tools/dokuwiki.nix index d66e85d..26c04b7 100644 --- a/modules/private/websites/tools/tools/dokuwiki.nix +++ b/modules/private/websites/tools/tools/dokuwiki.nix | |||
@@ -26,12 +26,12 @@ rec { | |||
26 | modules = [ "proxy_fcgi" ]; | 26 | modules = [ "proxy_fcgi" ]; |
27 | webappName = "tools_dokuwiki"; | 27 | webappName = "tools_dokuwiki"; |
28 | root = "/run/current-system/webapps/${webappName}"; | 28 | root = "/run/current-system/webapps/${webappName}"; |
29 | vhostConf = '' | 29 | vhostConf = socket: '' |
30 | Alias /dokuwiki "${root}" | 30 | Alias /dokuwiki "${root}" |
31 | <Directory "${root}"> | 31 | <Directory "${root}"> |
32 | DirectoryIndex index.php | 32 | DirectoryIndex index.php |
33 | <FilesMatch "\.php$"> | 33 | <FilesMatch "\.php$"> |
34 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | 34 | SetHandler "proxy:unix:${socket}|fcgi://localhost" |
35 | </FilesMatch> | 35 | </FilesMatch> |
36 | 36 | ||
37 | AllowOverride All | 37 | AllowOverride All |
@@ -44,20 +44,17 @@ rec { | |||
44 | serviceDeps = [ "openldap.service" ]; | 44 | serviceDeps = [ "openldap.service" ]; |
45 | basedir = builtins.concatStringsSep ":" ( | 45 | basedir = builtins.concatStringsSep ":" ( |
46 | [ webRoot varDir ] ++ webRoot.plugins); | 46 | [ webRoot varDir ] ++ webRoot.plugins); |
47 | socket = "/var/run/phpfpm/dokuwiki.sock"; | 47 | pool = { |
48 | pool = '' | 48 | "listen.owner" = apache.user; |
49 | user = ${apache.user} | 49 | "listen.group" = apache.group; |
50 | group = ${apache.group} | 50 | "pm" = "ondemand"; |
51 | listen.owner = ${apache.user} | 51 | "pm.max_children" = "60"; |
52 | listen.group = ${apache.group} | 52 | "pm.process_idle_timeout" = "60"; |
53 | pm = ondemand | ||
54 | pm.max_children = 60 | ||
55 | pm.process_idle_timeout = 60 | ||
56 | 53 | ||
57 | ; Needed to avoid clashes in browser cookies (same domain) | 54 | # Needed to avoid clashes in browser cookies (same domain) |
58 | php_value[session.name] = DokuwikiPHPSESSID | 55 | "php_value[session.name]" = "DokuwikiPHPSESSID"; |
59 | php_admin_value[open_basedir] = "${basedir}:/tmp" | 56 | "php_admin_value[open_basedir]" = "${basedir}:/tmp"; |
60 | php_admin_value[session.save_path] = "${varDir}/phpSessions" | 57 | "php_admin_value[session.save_path]" = "${varDir}/phpSessions"; |
61 | ''; | 58 | }; |
62 | }; | 59 | }; |
63 | } | 60 | } |
diff --git a/modules/private/websites/tools/tools/grocy.nix b/modules/private/websites/tools/tools/grocy.nix index 1b8da20..a98d8ac 100644 --- a/modules/private/websites/tools/tools/grocy.nix +++ b/modules/private/websites/tools/tools/grocy.nix | |||
@@ -18,12 +18,12 @@ rec { | |||
18 | modules = [ "proxy_fcgi" ]; | 18 | modules = [ "proxy_fcgi" ]; |
19 | webappName = "tools_grocy"; | 19 | webappName = "tools_grocy"; |
20 | root = "/run/current-system/webapps/${webappName}"; | 20 | root = "/run/current-system/webapps/${webappName}"; |
21 | vhostConf = '' | 21 | vhostConf = socket: '' |
22 | Alias /grocy "${root}" | 22 | Alias /grocy "${root}" |
23 | <Directory "${root}"> | 23 | <Directory "${root}"> |
24 | DirectoryIndex index.php | 24 | DirectoryIndex index.php |
25 | <FilesMatch "\.php$"> | 25 | <FilesMatch "\.php$"> |
26 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | 26 | SetHandler "proxy:unix:${socket}|fcgi://localhost" |
27 | </FilesMatch> | 27 | </FilesMatch> |
28 | 28 | ||
29 | AllowOverride All | 29 | AllowOverride All |
@@ -35,21 +35,18 @@ rec { | |||
35 | phpFpm = rec { | 35 | phpFpm = rec { |
36 | basedir = builtins.concatStringsSep ":" ( | 36 | basedir = builtins.concatStringsSep ":" ( |
37 | [ grocy grocy.yarnModules varDir ]); | 37 | [ grocy grocy.yarnModules varDir ]); |
38 | socket = "/var/run/phpfpm/grocy.sock"; | 38 | pool = { |
39 | pool = '' | 39 | "listen.owner" = apache.user; |
40 | user = ${apache.user} | 40 | "listen.group" = apache.group; |
41 | group = ${apache.group} | 41 | "pm" = "ondemand"; |
42 | listen.owner = ${apache.user} | 42 | "pm.max_children" = "60"; |
43 | listen.group = ${apache.group} | 43 | "pm.process_idle_timeout" = "60"; |
44 | pm = ondemand | ||
45 | pm.max_children = 60 | ||
46 | pm.process_idle_timeout = 60 | ||
47 | 44 | ||
48 | ; Needed to avoid clashes in browser cookies (same domain) | 45 | # Needed to avoid clashes in browser cookies (same domain) |
49 | php_value[session.name] = grocyPHPSESSID | 46 | "php_value[session.name]" = "grocyPHPSESSID"; |
50 | php_admin_value[open_basedir] = "${basedir}:/tmp" | 47 | "php_admin_value[open_basedir]" = "${basedir}:/tmp"; |
51 | php_admin_value[session.save_path] = "${varDir}/phpSessions" | 48 | "php_admin_value[session.save_path]" = "${varDir}/phpSessions"; |
52 | ''; | 49 | }; |
53 | }; | 50 | }; |
54 | } | 51 | } |
55 | 52 | ||
diff --git a/modules/private/websites/tools/tools/kanboard.nix b/modules/private/websites/tools/tools/kanboard.nix index 1880cbd..0f6fefc 100644 --- a/modules/private/websites/tools/tools/kanboard.nix +++ b/modules/private/websites/tools/tools/kanboard.nix | |||
@@ -49,7 +49,7 @@ rec { | |||
49 | modules = [ "proxy_fcgi" ]; | 49 | modules = [ "proxy_fcgi" ]; |
50 | webappName = "tools_kanboard"; | 50 | webappName = "tools_kanboard"; |
51 | root = "/run/current-system/webapps/${webappName}"; | 51 | root = "/run/current-system/webapps/${webappName}"; |
52 | vhostConf = '' | 52 | vhostConf = socket: '' |
53 | Alias /kanboard "${root}" | 53 | Alias /kanboard "${root}" |
54 | <Directory "${root}"> | 54 | <Directory "${root}"> |
55 | DirectoryIndex index.php | 55 | DirectoryIndex index.php |
@@ -58,7 +58,7 @@ rec { | |||
58 | Require all granted | 58 | Require all granted |
59 | 59 | ||
60 | <FilesMatch "\.php$"> | 60 | <FilesMatch "\.php$"> |
61 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | 61 | SetHandler "proxy:unix:${socket}|fcgi://localhost" |
62 | </FilesMatch> | 62 | </FilesMatch> |
63 | </Directory> | 63 | </Directory> |
64 | <DirectoryMatch "${root}/data"> | 64 | <DirectoryMatch "${root}/data"> |
@@ -69,20 +69,17 @@ rec { | |||
69 | phpFpm = rec { | 69 | phpFpm = rec { |
70 | serviceDeps = [ "postgresql.service" "openldap.service" ]; | 70 | serviceDeps = [ "postgresql.service" "openldap.service" ]; |
71 | basedir = builtins.concatStringsSep ":" [ webRoot varDir "/var/secrets/webapps/tools-kanboard" ]; | 71 | basedir = builtins.concatStringsSep ":" [ webRoot varDir "/var/secrets/webapps/tools-kanboard" ]; |
72 | socket = "/var/run/phpfpm/kanboard.sock"; | 72 | pool = { |
73 | pool = '' | 73 | "listen.owner" = apache.user; |
74 | user = ${apache.user} | 74 | "listen.group" = apache.group; |
75 | group = ${apache.group} | 75 | "pm" = "ondemand"; |
76 | listen.owner = ${apache.user} | 76 | "pm.max_children" = "60"; |
77 | listen.group = ${apache.group} | 77 | "pm.process_idle_timeout" = "60"; |
78 | pm = ondemand | ||
79 | pm.max_children = 60 | ||
80 | pm.process_idle_timeout = 60 | ||
81 | 78 | ||
82 | ; Needed to avoid clashes in browser cookies (same domain) | 79 | # Needed to avoid clashes in browser cookies (same domain) |
83 | php_value[session.name] = KanboardPHPSESSID | 80 | "php_value[session.name]" = "KanboardPHPSESSID"; |
84 | php_admin_value[open_basedir] = "${basedir}:/tmp" | 81 | "php_admin_value[open_basedir]" = "${basedir}:/tmp"; |
85 | php_admin_value[session.save_path] = "${varDir}/phpSessions" | 82 | "php_admin_value[session.save_path]" = "${varDir}/phpSessions"; |
86 | ''; | 83 | }; |
87 | }; | 84 | }; |
88 | } | 85 | } |
diff --git a/modules/private/websites/tools/tools/ldap.nix b/modules/private/websites/tools/tools/ldap.nix index e58a9bd..0c1a21f 100644 --- a/modules/private/websites/tools/tools/ldap.nix +++ b/modules/private/websites/tools/tools/ldap.nix | |||
@@ -39,12 +39,12 @@ rec { | |||
39 | modules = [ "proxy_fcgi" ]; | 39 | modules = [ "proxy_fcgi" ]; |
40 | webappName = "tools_ldap"; | 40 | webappName = "tools_ldap"; |
41 | root = "/run/current-system/webapps/${webappName}"; | 41 | root = "/run/current-system/webapps/${webappName}"; |
42 | vhostConf = '' | 42 | vhostConf = socket: '' |
43 | Alias /ldap "${root}" | 43 | Alias /ldap "${root}" |
44 | <Directory "${root}"> | 44 | <Directory "${root}"> |
45 | DirectoryIndex index.php | 45 | DirectoryIndex index.php |
46 | <FilesMatch "\.php$"> | 46 | <FilesMatch "\.php$"> |
47 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | 47 | SetHandler "proxy:unix:${socket}|fcgi://localhost" |
48 | </FilesMatch> | 48 | </FilesMatch> |
49 | 49 | ||
50 | AllowOverride None | 50 | AllowOverride None |
@@ -55,20 +55,17 @@ rec { | |||
55 | phpFpm = rec { | 55 | phpFpm = rec { |
56 | serviceDeps = [ "openldap.service" ]; | 56 | serviceDeps = [ "openldap.service" ]; |
57 | basedir = builtins.concatStringsSep ":" [ webRoot "/var/secrets/webapps/tools-ldap" ]; | 57 | basedir = builtins.concatStringsSep ":" [ webRoot "/var/secrets/webapps/tools-ldap" ]; |
58 | socket = "/var/run/phpfpm/ldap.sock"; | 58 | pool = { |
59 | pool = '' | 59 | "listen.owner" = apache.user; |
60 | user = ${apache.user} | 60 | "listen.group" = apache.group; |
61 | group = ${apache.group} | 61 | "pm" = "ondemand"; |
62 | listen.owner = ${apache.user} | 62 | "pm.max_children" = "60"; |
63 | listen.group = ${apache.group} | 63 | "pm.process_idle_timeout" = "60"; |
64 | pm = ondemand | ||
65 | pm.max_children = 60 | ||
66 | pm.process_idle_timeout = 60 | ||
67 | 64 | ||
68 | ; Needed to avoid clashes in browser cookies (same domain) | 65 | # Needed to avoid clashes in browser cookies (same domain) |
69 | php_value[session.name] = LdapPHPSESSID | 66 | "php_value[session.name]" = "LdapPHPSESSID"; |
70 | php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/phpldapadmin" | 67 | "php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/phpldapadmin"; |
71 | php_admin_value[session.save_path] = "/var/lib/php/sessions/phpldapadmin" | 68 | "php_admin_value[session.save_path]" = "/var/lib/php/sessions/phpldapadmin"; |
72 | ''; | 69 | }; |
73 | }; | 70 | }; |
74 | } | 71 | } |
diff --git a/modules/private/websites/tools/tools/rompr.nix b/modules/private/websites/tools/tools/rompr.nix index 75adabe..106164c 100644 --- a/modules/private/websites/tools/tools/rompr.nix +++ b/modules/private/websites/tools/tools/rompr.nix | |||
@@ -15,7 +15,7 @@ rec { | |||
15 | modules = [ "headers" "mime" "proxy_fcgi" ]; | 15 | modules = [ "headers" "mime" "proxy_fcgi" ]; |
16 | webappName = "tools_rompr"; | 16 | webappName = "tools_rompr"; |
17 | root = "/run/current-system/webapps/${webappName}"; | 17 | root = "/run/current-system/webapps/${webappName}"; |
18 | vhostConf = '' | 18 | vhostConf = socket: '' |
19 | Alias /rompr ${root} | 19 | Alias /rompr ${root} |
20 | 20 | ||
21 | <Directory ${root}> | 21 | <Directory ${root}> |
@@ -29,7 +29,7 @@ rec { | |||
29 | AddType image/x-icon .ico | 29 | AddType image/x-icon .ico |
30 | 30 | ||
31 | <FilesMatch "\.php$"> | 31 | <FilesMatch "\.php$"> |
32 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | 32 | SetHandler "proxy:unix:${socket}|fcgi://localhost" |
33 | </FilesMatch> | 33 | </FilesMatch> |
34 | </Directory> | 34 | </Directory> |
35 | 35 | ||
@@ -51,29 +51,26 @@ rec { | |||
51 | }; | 51 | }; |
52 | phpFpm = rec { | 52 | phpFpm = rec { |
53 | basedir = builtins.concatStringsSep ":" [ webRoot varDir ]; | 53 | basedir = builtins.concatStringsSep ":" [ webRoot varDir ]; |
54 | socket = "/var/run/phpfpm/rompr.sock"; | 54 | pool = { |
55 | pool = '' | 55 | "listen.owner" = apache.user; |
56 | user = ${apache.user} | 56 | "listen.group" = apache.group; |
57 | group = ${apache.group} | 57 | "pm" = "ondemand"; |
58 | listen.owner = ${apache.user} | 58 | "pm.max_children" = "60"; |
59 | listen.group = ${apache.group} | 59 | "pm.process_idle_timeout" = "60"; |
60 | pm = ondemand | ||
61 | pm.max_children = 60 | ||
62 | pm.process_idle_timeout = 60 | ||
63 | 60 | ||
64 | ; Needed to avoid clashes in browser cookies (same domain) | 61 | # Needed to avoid clashes in browser cookies (same domain) |
65 | php_value[session.name] = RomprPHPSESSID | 62 | "php_value[session.name]" = "RomprPHPSESSID"; |
66 | php_admin_value[open_basedir] = "${basedir}:/tmp" | 63 | "php_admin_value[open_basedir]" = "${basedir}:/tmp"; |
67 | php_admin_value[session.save_path] = "${varDir}/phpSessions" | 64 | "php_admin_value[session.save_path]" = "${varDir}/phpSessions"; |
68 | php_flag[magic_quotes_gpc] = Off | 65 | "php_flag[magic_quotes_gpc]" = "Off"; |
69 | php_flag[track_vars] = On | 66 | "php_flag[track_vars]" = "On"; |
70 | php_flag[register_globals] = Off | 67 | "php_flag[register_globals]" = "Off"; |
71 | php_admin_flag[allow_url_fopen] = On | 68 | "php_admin_flag[allow_url_fopen]" = "On"; |
72 | php_value[include_path] = ${webRoot} | 69 | "php_value[include_path]" = "${webRoot}"; |
73 | php_admin_value[upload_tmp_dir] = "${varDir}/prefs" | 70 | "php_admin_value[upload_tmp_dir]" = "${varDir}/prefs"; |
74 | php_admin_value[post_max_size] = 32M | 71 | "php_admin_value[post_max_size]" = "32M"; |
75 | php_admin_value[upload_max_filesize] = 32M | 72 | "php_admin_value[upload_max_filesize]" = "32M"; |
76 | php_admin_value[memory_limit] = 256M | 73 | "php_admin_value[memory_limit]" = "256M"; |
77 | ''; | 74 | }; |
78 | }; | 75 | }; |
79 | } | 76 | } |
diff --git a/modules/private/websites/tools/tools/shaarli.nix b/modules/private/websites/tools/tools/shaarli.nix index 0a75755..950d296 100644 --- a/modules/private/websites/tools/tools/shaarli.nix +++ b/modules/private/websites/tools/tools/shaarli.nix | |||
@@ -17,7 +17,7 @@ in rec { | |||
17 | modules = [ "proxy_fcgi" "rewrite" "env" ]; | 17 | modules = [ "proxy_fcgi" "rewrite" "env" ]; |
18 | webappName = "tools_shaarli"; | 18 | webappName = "tools_shaarli"; |
19 | root = "/run/current-system/webapps/${webappName}"; | 19 | root = "/run/current-system/webapps/${webappName}"; |
20 | vhostConf = '' | 20 | vhostConf = socket: '' |
21 | Alias /Shaarli "${root}" | 21 | Alias /Shaarli "${root}" |
22 | 22 | ||
23 | Include /var/secrets/webapps/tools-shaarli | 23 | Include /var/secrets/webapps/tools-shaarli |
@@ -27,7 +27,7 @@ in rec { | |||
27 | AllowOverride All | 27 | AllowOverride All |
28 | Require all granted | 28 | Require all granted |
29 | <FilesMatch "\.php$"> | 29 | <FilesMatch "\.php$"> |
30 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | 30 | SetHandler "proxy:unix:${socket}|fcgi://localhost" |
31 | </FilesMatch> | 31 | </FilesMatch> |
32 | </Directory> | 32 | </Directory> |
33 | ''; | 33 | ''; |
@@ -48,20 +48,17 @@ in rec { | |||
48 | phpFpm = rec { | 48 | phpFpm = rec { |
49 | serviceDeps = [ "openldap.service" ]; | 49 | serviceDeps = [ "openldap.service" ]; |
50 | basedir = builtins.concatStringsSep ":" [ webRoot varDir ]; | 50 | basedir = builtins.concatStringsSep ":" [ webRoot varDir ]; |
51 | socket = "/var/run/phpfpm/shaarli.sock"; | 51 | pool = { |
52 | pool = '' | 52 | "listen.owner" = apache.user; |
53 | user = ${apache.user} | 53 | "listen.group" = apache.group; |
54 | group = ${apache.group} | 54 | "pm" = "ondemand"; |
55 | listen.owner = ${apache.user} | 55 | "pm.max_children" = "60"; |
56 | listen.group = ${apache.group} | 56 | "pm.process_idle_timeout" = "60"; |
57 | pm = ondemand | ||
58 | pm.max_children = 60 | ||
59 | pm.process_idle_timeout = 60 | ||
60 | 57 | ||
61 | ; Needed to avoid clashes in browser cookies (same domain) | 58 | # Needed to avoid clashes in browser cookies (same domain) |
62 | php_value[session.name] = ShaarliPHPSESSID | 59 | "php_value[session.name]" = "ShaarliPHPSESSID"; |
63 | php_admin_value[open_basedir] = "${basedir}:/tmp" | 60 | "php_admin_value[open_basedir]" = "${basedir}:/tmp"; |
64 | php_admin_value[session.save_path] = "${varDir}/phpSessions" | 61 | "php_admin_value[session.save_path]" = "${varDir}/phpSessions"; |
65 | ''; | 62 | }; |
66 | }; | 63 | }; |
67 | } | 64 | } |
diff --git a/modules/private/websites/tools/tools/ttrss.nix b/modules/private/websites/tools/tools/ttrss.nix index a8b2a93..48876d3 100644 --- a/modules/private/websites/tools/tools/ttrss.nix +++ b/modules/private/websites/tools/tools/ttrss.nix | |||
@@ -95,12 +95,12 @@ rec { | |||
95 | modules = [ "proxy_fcgi" ]; | 95 | modules = [ "proxy_fcgi" ]; |
96 | webappName = "tools_ttrss"; | 96 | webappName = "tools_ttrss"; |
97 | root = "/run/current-system/webapps/${webappName}"; | 97 | root = "/run/current-system/webapps/${webappName}"; |
98 | vhostConf = '' | 98 | vhostConf = socket: '' |
99 | Alias /ttrss "${root}" | 99 | Alias /ttrss "${root}" |
100 | <Directory "${root}"> | 100 | <Directory "${root}"> |
101 | DirectoryIndex index.php | 101 | DirectoryIndex index.php |
102 | <FilesMatch "\.php$"> | 102 | <FilesMatch "\.php$"> |
103 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | 103 | SetHandler "proxy:unix:${socket}|fcgi://localhost" |
104 | </FilesMatch> | 104 | </FilesMatch> |
105 | 105 | ||
106 | AllowOverride All | 106 | AllowOverride All |
@@ -114,20 +114,17 @@ rec { | |||
114 | basedir = builtins.concatStringsSep ":" ( | 114 | basedir = builtins.concatStringsSep ":" ( |
115 | [ webRoot "/var/secrets/webapps/tools-ttrss" varDir ] | 115 | [ webRoot "/var/secrets/webapps/tools-ttrss" varDir ] |
116 | ++ webRoot.plugins); | 116 | ++ webRoot.plugins); |
117 | socket = "/var/run/phpfpm/ttrss.sock"; | 117 | pool = { |
118 | pool = '' | 118 | "listen.owner" = apache.user; |
119 | user = ${apache.user} | 119 | "listen.group" = apache.group; |
120 | group = ${apache.group} | 120 | "pm" = "ondemand"; |
121 | listen.owner = ${apache.user} | 121 | "pm.max_children" = "60"; |
122 | listen.group = ${apache.group} | 122 | "pm.process_idle_timeout" = "60"; |
123 | pm = ondemand | 123 | |
124 | pm.max_children = 60 | 124 | # Needed to avoid clashes in browser cookies (same domain) |
125 | pm.process_idle_timeout = 60 | 125 | "php_value[session.name]" = "TtrssPHPSESSID"; |
126 | 126 | "php_admin_value[open_basedir]" = "${basedir}:/tmp"; | |
127 | ; Needed to avoid clashes in browser cookies (same domain) | 127 | "php_admin_value[session.save_path]" = "${varDir}/phpSessions"; |
128 | php_value[session.name] = TtrssPHPSESSID | 128 | }; |
129 | php_admin_value[open_basedir] = "${basedir}:/tmp" | ||
130 | php_admin_value[session.save_path] = "${varDir}/phpSessions" | ||
131 | ''; | ||
132 | }; | 129 | }; |
133 | } | 130 | } |
diff --git a/modules/private/websites/tools/tools/wallabag.nix b/modules/private/websites/tools/tools/wallabag.nix index 014d8a1..00e2dc9 100644 --- a/modules/private/websites/tools/tools/wallabag.nix +++ b/modules/private/websites/tools/tools/wallabag.nix | |||
@@ -82,7 +82,7 @@ rec { | |||
82 | modules = [ "proxy_fcgi" ]; | 82 | modules = [ "proxy_fcgi" ]; |
83 | webappName = "tools_wallabag"; | 83 | webappName = "tools_wallabag"; |
84 | root = "/run/current-system/webapps/${webappName}"; | 84 | root = "/run/current-system/webapps/${webappName}"; |
85 | vhostConf = '' | 85 | vhostConf = socket: '' |
86 | Alias /wallabag "${root}" | 86 | Alias /wallabag "${root}" |
87 | <Directory "${root}"> | 87 | <Directory "${root}"> |
88 | AllowOverride None | 88 | AllowOverride None |
@@ -91,7 +91,7 @@ rec { | |||
91 | CGIPassAuth On | 91 | CGIPassAuth On |
92 | 92 | ||
93 | <FilesMatch "\.php$"> | 93 | <FilesMatch "\.php$"> |
94 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | 94 | SetHandler "proxy:unix:${socket}|fcgi://localhost" |
95 | </FilesMatch> | 95 | </FilesMatch> |
96 | 96 | ||
97 | <IfModule mod_rewrite.c> | 97 | <IfModule mod_rewrite.c> |
@@ -129,22 +129,19 @@ rec { | |||
129 | ''; | 129 | ''; |
130 | serviceDeps = [ "postgresql.service" "openldap.service" ]; | 130 | serviceDeps = [ "postgresql.service" "openldap.service" ]; |
131 | basedir = builtins.concatStringsSep ":" [ webappDir "/var/secrets/webapps/tools-wallabag" varDir ]; | 131 | basedir = builtins.concatStringsSep ":" [ webappDir "/var/secrets/webapps/tools-wallabag" varDir ]; |
132 | socket = "/var/run/phpfpm/wallabag.sock"; | 132 | pool = { |
133 | pool = '' | 133 | "listen.owner" = apache.user; |
134 | user = ${apache.user} | 134 | "listen.group" = apache.group; |
135 | group = ${apache.group} | 135 | "pm" = "dynamic"; |
136 | listen.owner = ${apache.user} | 136 | "pm.max_children" = "60"; |
137 | listen.group = ${apache.group} | 137 | "pm.start_servers" = "2"; |
138 | pm = dynamic | 138 | "pm.min_spare_servers" = "1"; |
139 | pm.max_children = 60 | 139 | "pm.max_spare_servers" = "10"; |
140 | pm.start_servers = 2 | ||
141 | pm.min_spare_servers = 1 | ||
142 | pm.max_spare_servers = 10 | ||
143 | 140 | ||
144 | ; Needed to avoid clashes in browser cookies (same domain) | 141 | # Needed to avoid clashes in browser cookies (same domain) |
145 | php_value[session.name] = WallabagPHPSESSID | 142 | "php_value[session.name]" = "WallabagPHPSESSID"; |
146 | php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:${basedir}:/tmp" | 143 | "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:${basedir}:/tmp"; |
147 | php_value[max_execution_time] = 300 | 144 | "php_value[max_execution_time]" = "300"; |
148 | ''; | 145 | }; |
149 | }; | 146 | }; |
150 | } | 147 | } |
diff --git a/modules/private/websites/tools/tools/yourls.nix b/modules/private/websites/tools/tools/yourls.nix index 466ceae..cb03b6c 100644 --- a/modules/private/websites/tools/tools/yourls.nix +++ b/modules/private/websites/tools/tools/yourls.nix | |||
@@ -48,11 +48,11 @@ rec { | |||
48 | modules = [ "proxy_fcgi" ]; | 48 | modules = [ "proxy_fcgi" ]; |
49 | webappName = "tools_yourls"; | 49 | webappName = "tools_yourls"; |
50 | root = "/run/current-system/webapps/${webappName}"; | 50 | root = "/run/current-system/webapps/${webappName}"; |
51 | vhostConf = '' | 51 | vhostConf = socket: '' |
52 | Alias /url "${root}" | 52 | Alias /url "${root}" |
53 | <Directory "${root}"> | 53 | <Directory "${root}"> |
54 | <FilesMatch "\.php$"> | 54 | <FilesMatch "\.php$"> |
55 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | 55 | SetHandler "proxy:unix:${socket}|fcgi://localhost" |
56 | </FilesMatch> | 56 | </FilesMatch> |
57 | 57 | ||
58 | AllowOverride None | 58 | AllowOverride None |
@@ -73,20 +73,17 @@ rec { | |||
73 | basedir = builtins.concatStringsSep ":" ( | 73 | basedir = builtins.concatStringsSep ":" ( |
74 | [ webRoot "/var/secrets/webapps/tools-yourls" ] | 74 | [ webRoot "/var/secrets/webapps/tools-yourls" ] |
75 | ++ webRoot.plugins); | 75 | ++ webRoot.plugins); |
76 | socket = "/var/run/phpfpm/yourls.sock"; | 76 | pool = { |
77 | pool = '' | 77 | "listen.owner" = apache.user; |
78 | user = ${apache.user} | 78 | "listen.group" = apache.group; |
79 | group = ${apache.group} | 79 | "pm" = "ondemand"; |
80 | listen.owner = ${apache.user} | 80 | "pm.max_children" = "60"; |
81 | listen.group = ${apache.group} | 81 | "pm.process_idle_timeout" = "60"; |
82 | pm = ondemand | ||
83 | pm.max_children = 60 | ||
84 | pm.process_idle_timeout = 60 | ||
85 | 82 | ||
86 | ; Needed to avoid clashes in browser cookies (same domain) | 83 | # Needed to avoid clashes in browser cookies (same domain) |
87 | php_value[session.name] = YourlsPHPSESSID | 84 | "php_value[session.name]" = "YourlsPHPSESSID"; |
88 | php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/yourls" | 85 | "php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/yourls"; |
89 | php_admin_value[session.save_path] = "/var/lib/php/sessions/yourls" | 86 | "php_admin_value[session.save_path]" = "/var/lib/php/sessions/yourls"; |
90 | ''; | 87 | }; |
91 | }; | 88 | }; |
92 | } | 89 | } |