aboutsummaryrefslogtreecommitdiff
path: root/modules/private/websites/tools
diff options
context:
space:
mode:
Diffstat (limited to 'modules/private/websites/tools')
-rw-r--r--modules/private/websites/tools/cloud/default.nix52
-rw-r--r--modules/private/websites/tools/dav/davical.nix45
-rw-r--r--modules/private/websites/tools/dav/default.nix7
-rw-r--r--modules/private/websites/tools/db/default.nix4
-rw-r--r--modules/private/websites/tools/git/default.nix7
-rw-r--r--modules/private/websites/tools/git/mantisbt.nix27
-rw-r--r--modules/private/websites/tools/mail/default.nix15
-rw-r--r--modules/private/websites/tools/mail/rainloop.nix33
-rw-r--r--modules/private/websites/tools/mail/roundcubemail.nix33
-rw-r--r--modules/private/websites/tools/tools/adminer.nix49
-rw-r--r--modules/private/websites/tools/tools/default.nix129
-rw-r--r--modules/private/websites/tools/tools/dokuwiki.nix29
-rw-r--r--modules/private/websites/tools/tools/grocy.nix29
-rw-r--r--modules/private/websites/tools/tools/kanboard.nix29
-rw-r--r--modules/private/websites/tools/tools/ldap.nix29
-rw-r--r--modules/private/websites/tools/tools/rompr.nix47
-rw-r--r--modules/private/websites/tools/tools/shaarli.nix29
-rw-r--r--modules/private/websites/tools/tools/ttrss.nix31
-rw-r--r--modules/private/websites/tools/tools/wallabag.nix33
-rw-r--r--modules/private/websites/tools/tools/yourls.nix29
20 files changed, 333 insertions, 353 deletions
diff --git a/modules/private/websites/tools/cloud/default.nix b/modules/private/websites/tools/cloud/default.nix
index 4785074..b9bb32f 100644
--- a/modules/private/websites/tools/cloud/default.nix
+++ b/modules/private/websites/tools/cloud/default.nix
@@ -10,37 +10,34 @@ let
10 basedir = builtins.concatStringsSep ":" ( 10 basedir = builtins.concatStringsSep ":" (
11 [ nextcloud varDir ] 11 [ nextcloud varDir ]
12 ++ builtins.attrValues pkgs.webapps.nextcloud-apps); 12 ++ builtins.attrValues pkgs.webapps.nextcloud-apps);
13 socket = "/var/run/phpfpm/nextcloud.sock";
14 phpConfig = '' 13 phpConfig = ''
15 extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so 14 extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
16 extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so 15 extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
17 zend_extension=${pkgs.php}/lib/php/extensions/opcache.so 16 zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
18 ''; 17 '';
19 pool = '' 18 pool = {
20 user = wwwrun 19 "listen.owner" = "wwwrun";
21 group = wwwrun 20 "listen.group" = "wwwrun";
22 listen.owner = wwwrun 21 "pm" = "ondemand";
23 listen.group = wwwrun 22 "pm.max_children" = "60";
24 pm = ondemand 23 "pm.process_idle_timeout" = "60";
25 pm.max_children = 60
26 pm.process_idle_timeout = 60
27 24
28 php_admin_value[output_buffering] = 0 25 "php_admin_value[output_buffering]" = "0";
29 php_admin_value[max_execution_time] = 1800 26 "php_admin_value[max_execution_time]" = "1800";
30 php_admin_value[zend_extension] = "opcache" 27 "php_admin_value[zend_extension]" = "opcache";
31 ;already enabled by default? 28 #already enabled by default?
32 ;php_value[opcache.enable] = 1 29 #"php_value[opcache.enable]" = "1";
33 php_value[opcache.enable_cli] = 1 30 "php_value[opcache.enable_cli]" = "1";
34 php_value[opcache.interned_strings_buffer] = 8 31 "php_value[opcache.interned_strings_buffer]" = "8";
35 php_value[opcache.max_accelerated_files] = 10000 32 "php_value[opcache.max_accelerated_files]" = "10000";
36 php_value[opcache.memory_consumption] = 128 33 "php_value[opcache.memory_consumption]" = "128";
37 php_value[opcache.save_comments] = 1 34 "php_value[opcache.save_comments]" = "1";
38 php_value[opcache.revalidate_freq] = 1 35 "php_value[opcache.revalidate_freq]" = "1";
39 php_admin_value[memory_limit] = 512M 36 "php_admin_value[memory_limit]" = "512M";
40 37
41 php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:${basedir}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp" 38 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:${basedir}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp";
42 php_admin_value[session.save_path] = "${varDir}/phpSessions" 39 "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
43 ''; 40 };
44 }; 41 };
45in { 42in {
46 options.myServices.websites.tools.cloud = { 43 options.myServices.websites.tools.cloud = {
@@ -71,7 +68,7 @@ in {
71 </IfModule> 68 </IfModule>
72 <FilesMatch "\.php$"> 69 <FilesMatch "\.php$">
73 CGIPassAuth on 70 CGIPassAuth on
74 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 71 SetHandler "proxy:unix:${config.services.phpfpm.pools.nextcloud.socket}|fcgi://localhost"
75 </FilesMatch> 72 </FilesMatch>
76 73
77 </Directory> 74 </Directory>
@@ -171,8 +168,9 @@ in {
171 ''; 168 '';
172 169
173 services.phpfpm.pools.nextcloud = { 170 services.phpfpm.pools.nextcloud = {
174 listen = phpFpm.socket; 171 user = "wwwrun";
175 extraConfig = phpFpm.pool; 172 group = "wwwrun";
173 settings = phpFpm.pool;
176 phpOptions = config.services.phpfpm.phpOptions + phpFpm.phpConfig; 174 phpOptions = config.services.phpfpm.phpOptions + phpFpm.phpConfig;
177 }; 175 };
178 176
diff --git a/modules/private/websites/tools/dav/davical.nix b/modules/private/websites/tools/dav/davical.nix
index 5eb3fab..9d6cd21 100644
--- a/modules/private/websites/tools/dav/davical.nix
+++ b/modules/private/websites/tools/dav/davical.nix
@@ -73,7 +73,7 @@ rec {
73 modules = [ "proxy_fcgi" ]; 73 modules = [ "proxy_fcgi" ];
74 webappName = "tools_davical"; 74 webappName = "tools_davical";
75 root = "/run/current-system/webapps/${webappName}"; 75 root = "/run/current-system/webapps/${webappName}";
76 vhostConf = '' 76 vhostConf = socket: ''
77 Alias /davical "${root}" 77 Alias /davical "${root}"
78 Alias /caldav.php "${root}/caldav.php" 78 Alias /caldav.php "${root}/caldav.php"
79 <Directory "${root}"> 79 <Directory "${root}">
@@ -84,7 +84,7 @@ rec {
84 84
85 <FilesMatch "\.php$"> 85 <FilesMatch "\.php$">
86 CGIPassAuth on 86 CGIPassAuth on
87 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 87 SetHandler "proxy:unix:${socket}|fcgi://localhost"
88 </FilesMatch> 88 </FilesMatch>
89 89
90 RewriteEngine On 90 RewriteEngine On
@@ -111,28 +111,25 @@ rec {
111 phpFpm = rec { 111 phpFpm = rec {
112 serviceDeps = [ "postgresql.service" "openldap.service" ]; 112 serviceDeps = [ "postgresql.service" "openldap.service" ];
113 basedir = builtins.concatStringsSep ":" [ webapp "/var/secrets/webapps/dav-davical" awl ]; 113 basedir = builtins.concatStringsSep ":" [ webapp "/var/secrets/webapps/dav-davical" awl ];
114 socket = "/var/run/phpfpm/davical.sock"; 114 pool = {
115 pool = '' 115 "listen.owner" = apache.user;
116 user = ${apache.user} 116 "listen.group" = apache.group;
117 group = ${apache.group} 117 "pm" = "dynamic";
118 listen.owner = ${apache.user} 118 "pm.max_children" = "60";
119 listen.group = ${apache.group} 119 "pm.start_servers" = "2";
120 pm = dynamic 120 "pm.min_spare_servers" = "1";
121 pm.max_children = 60 121 "pm.max_spare_servers" = "10";
122 pm.start_servers = 2
123 pm.min_spare_servers = 1
124 pm.max_spare_servers = 10
125 122
126 ; Needed to avoid clashes in browser cookies (same domain) 123 # Needed to avoid clashes in browser cookies (same domain)
127 php_value[session.name] = DavicalPHPSESSID 124 "php_value[session.name]" = "DavicalPHPSESSID";
128 php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/davical" 125 "php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/davical";
129 php_admin_value[include_path] = "${awl}/inc:${webapp}/inc" 126 "php_admin_value[include_path]" = "${awl}/inc:${webapp}/inc";
130 php_admin_value[session.save_path] = "/var/lib/php/sessions/davical" 127 "php_admin_value[session.save_path]" = "/var/lib/php/sessions/davical";
131 php_flag[magic_quotes_gpc] = Off 128 "php_flag[magic_quotes_gpc]" = "Off";
132 php_flag[register_globals] = Off 129 "php_flag[register_globals]" = "Off";
133 php_admin_value[error_reporting] = "E_ALL & ~E_NOTICE" 130 "php_admin_value[error_reporting]" = "E_ALL & ~E_NOTICE";
134 php_admin_value[default_charset] = "utf-8" 131 "php_admin_value[default_charset]" = "utf-8";
135 php_flag[magic_quotes_runtime] = Off 132 "php_flag[magic_quotes_runtime]" = "Off";
136 ''; 133 };
137 }; 134 };
138} 135}
diff --git a/modules/private/websites/tools/dav/default.nix b/modules/private/websites/tools/dav/default.nix
index 0012965..30a562c 100644
--- a/modules/private/websites/tools/dav/default.nix
+++ b/modules/private/websites/tools/dav/default.nix
@@ -38,14 +38,15 @@ in {
38 root = "/run/current-system/webapps/_dav"; 38 root = "/run/current-system/webapps/_dav";
39 extraConfig = [ 39 extraConfig = [
40 infcloud.vhostConf 40 infcloud.vhostConf
41 davical.apache.vhostConf 41 (davical.apache.vhostConf config.services.phpfpm.pools.davical.socket)
42 ]; 42 ];
43 }; 43 };
44 44
45 services.phpfpm.pools = { 45 services.phpfpm.pools = {
46 davical = { 46 davical = {
47 listen = davical.phpFpm.socket; 47 user = config.services.httpd.Tools.user;
48 extraConfig = davical.phpFpm.pool; 48 group = config.services.httpd.Tools.group;
49 settings = davical.phpFpm.pool;
49 }; 50 };
50 }; 51 };
51 52
diff --git a/modules/private/websites/tools/db/default.nix b/modules/private/websites/tools/db/default.nix
index 60592e5..fc8d989 100644
--- a/modules/private/websites/tools/db/default.nix
+++ b/modules/private/websites/tools/db/default.nix
@@ -1,6 +1,6 @@
1{ lib, pkgs, config, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 adminer = pkgs.callPackage ../../commons/adminer.nix {}; 3 adminer = pkgs.callPackage ../../commons/adminer.nix { inherit config; };
4 4
5 cfg = config.myServices.websites.tools.db; 5 cfg = config.myServices.websites.tools.db;
6in { 6in {
@@ -15,7 +15,7 @@ in {
15 addToCerts = true; 15 addToCerts = true;
16 hosts = ["db-1.immae.eu" ]; 16 hosts = ["db-1.immae.eu" ];
17 root = null; 17 root = null;
18 extraConfig = [ adminer.apache.vhostConf ]; 18 extraConfig = [ (adminer.apache.vhostConf null) ];
19 }; 19 };
20 }; 20 };
21} 21}
diff --git a/modules/private/websites/tools/git/default.nix b/modules/private/websites/tools/git/default.nix
index 054e47b..56e4401 100644
--- a/modules/private/websites/tools/git/default.nix
+++ b/modules/private/websites/tools/git/default.nix
@@ -30,7 +30,7 @@ in {
30 root = gitweb.apache.root; 30 root = gitweb.apache.root;
31 extraConfig = [ 31 extraConfig = [
32 gitweb.apache.vhostConf 32 gitweb.apache.vhostConf
33 mantisbt.apache.vhostConf 33 (mantisbt.apache.vhostConf config.services.phpfpm.pools.mantisbt.socket)
34 '' 34 ''
35 RewriteEngine on 35 RewriteEngine on
36 RewriteCond %{REQUEST_URI} ^/releases 36 RewriteCond %{REQUEST_URI} ^/releases
@@ -40,8 +40,9 @@ in {
40 }; 40 };
41 services.phpfpm.pools = { 41 services.phpfpm.pools = {
42 mantisbt = { 42 mantisbt = {
43 listen = mantisbt.phpFpm.socket; 43 user = config.services.httpd.Tools.user;
44 extraConfig = mantisbt.phpFpm.pool; 44 group = config.services.httpd.Tools.group;
45 settings = mantisbt.phpFpm.pool;
45 }; 46 };
46 }; 47 };
47 }; 48 };
diff --git a/modules/private/websites/tools/git/mantisbt.nix b/modules/private/websites/tools/git/mantisbt.nix
index d75b022..50851aa 100644
--- a/modules/private/websites/tools/git/mantisbt.nix
+++ b/modules/private/websites/tools/git/mantisbt.nix
@@ -53,12 +53,12 @@ rec {
53 modules = [ "proxy_fcgi" ]; 53 modules = [ "proxy_fcgi" ];
54 webappName = "tools_mantisbt"; 54 webappName = "tools_mantisbt";
55 root = "/run/current-system/webapps/${webappName}"; 55 root = "/run/current-system/webapps/${webappName}";
56 vhostConf = '' 56 vhostConf = socket: ''
57 Alias /mantisbt "${root}" 57 Alias /mantisbt "${root}"
58 <Directory "${root}"> 58 <Directory "${root}">
59 DirectoryIndex index.php 59 DirectoryIndex index.php
60 <FilesMatch "\.php$"> 60 <FilesMatch "\.php$">
61 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 61 SetHandler "proxy:unix:${socket}|fcgi://localhost"
62 </FilesMatch> 62 </FilesMatch>
63 63
64 AllowOverride All 64 AllowOverride All
@@ -76,20 +76,17 @@ rec {
76 basedir = builtins.concatStringsSep ":" ( 76 basedir = builtins.concatStringsSep ":" (
77 [ webRoot "/var/secrets/webapps/tools-mantisbt" ] 77 [ webRoot "/var/secrets/webapps/tools-mantisbt" ]
78 ++ webRoot.plugins); 78 ++ webRoot.plugins);
79 socket = "/var/run/phpfpm/mantisbt.sock"; 79 pool = {
80 pool = '' 80 "listen.owner" = apache.user;
81 user = ${apache.user} 81 "listen.group" = apache.group;
82 group = ${apache.group} 82 "pm" = "ondemand";
83 listen.owner = ${apache.user} 83 "pm.max_children" = "60";
84 listen.group = ${apache.group} 84 "pm.process_idle_timeout" = "60";
85 pm = ondemand
86 pm.max_children = 60
87 pm.process_idle_timeout = 60
88 85
89 php_admin_value[upload_max_filesize] = 5000000 86 "php_admin_value[upload_max_filesize]" = "5000000";
90 87
91 php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/mantisbt" 88 "php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/mantisbt";
92 php_admin_value[session.save_path] = "/var/lib/php/sessions/mantisbt" 89 "php_admin_value[session.save_path]" = "/var/lib/php/sessions/mantisbt";
93 ''; 90 };
94 }; 91 };
95} 92}
diff --git a/modules/private/websites/tools/mail/default.nix b/modules/private/websites/tools/mail/default.nix
index bb36042..1f7f7bf 100644
--- a/modules/private/websites/tools/mail/default.nix
+++ b/modules/private/websites/tools/mail/default.nix
@@ -6,6 +6,7 @@ let
6 }; 6 };
7 rainloop = pkgs.callPackage ./rainloop.nix {}; 7 rainloop = pkgs.callPackage ./rainloop.nix {};
8 cfg = config.myServices.websites.tools.email; 8 cfg = config.myServices.websites.tools.email;
9 pcfg = config.services.phpfpm.pools;
9in 10in
10{ 11{
11 options.myServices.websites.tools.email = { 12 options.myServices.websites.tools.email = {
@@ -34,8 +35,8 @@ in
34 hosts = ["mail.immae.eu"]; 35 hosts = ["mail.immae.eu"];
35 root = "/run/current-system/webapps/_mail"; 36 root = "/run/current-system/webapps/_mail";
36 extraConfig = [ 37 extraConfig = [
37 rainloop.apache.vhostConf 38 (rainloop.apache.vhostConf pcfg.rainloop.socket)
38 roundcubemail.apache.vhostConf 39 (roundcubemail.apache.vhostConf pcfg.roundcubemail.socket)
39 '' 40 ''
40 <Directory /run/current-system/webapps/_mail> 41 <Directory /run/current-system/webapps/_mail>
41 Require all granted 42 Require all granted
@@ -56,13 +57,15 @@ in
56 }; 57 };
57 58
58 services.phpfpm.pools.roundcubemail = { 59 services.phpfpm.pools.roundcubemail = {
59 listen = roundcubemail.phpFpm.socket; 60 user = "wwwrun";
60 extraConfig = roundcubemail.phpFpm.pool; 61 group = "wwwrun";
62 settings = roundcubemail.phpFpm.pool;
61 phpOptions = config.services.phpfpm.phpOptions + roundcubemail.phpFpm.phpConfig; 63 phpOptions = config.services.phpfpm.phpOptions + roundcubemail.phpFpm.phpConfig;
62 }; 64 };
63 services.phpfpm.pools.rainloop = { 65 services.phpfpm.pools.rainloop = {
64 listen = rainloop.phpFpm.socket; 66 user = "wwwrun";
65 extraConfig = rainloop.phpFpm.pool; 67 group = "wwwrun";
68 settings = rainloop.phpFpm.pool;
66 }; 69 };
67 system.activationScripts = { 70 system.activationScripts = {
68 roundcubemail = roundcubemail.activationScript; 71 roundcubemail = roundcubemail.activationScript;
diff --git a/modules/private/websites/tools/mail/rainloop.nix b/modules/private/websites/tools/mail/rainloop.nix
index 2dad46e..9b1f0c5 100644
--- a/modules/private/websites/tools/mail/rainloop.nix
+++ b/modules/private/websites/tools/mail/rainloop.nix
@@ -16,7 +16,7 @@ rec {
16 modules = [ "proxy_fcgi" ]; 16 modules = [ "proxy_fcgi" ];
17 webappName = "tools_rainloop"; 17 webappName = "tools_rainloop";
18 root = "/run/current-system/webapps/${webappName}"; 18 root = "/run/current-system/webapps/${webappName}";
19 vhostConf = '' 19 vhostConf = socket: ''
20 Alias /rainloop "${root}" 20 Alias /rainloop "${root}"
21 <Directory "${root}"> 21 <Directory "${root}">
22 DirectoryIndex index.php 22 DirectoryIndex index.php
@@ -25,7 +25,7 @@ rec {
25 Require all granted 25 Require all granted
26 26
27 <FilesMatch "\.php$"> 27 <FilesMatch "\.php$">
28 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 28 SetHandler "proxy:unix:${socket}|fcgi://localhost"
29 </FilesMatch> 29 </FilesMatch>
30 </Directory> 30 </Directory>
31 31
@@ -37,22 +37,19 @@ rec {
37 phpFpm = rec { 37 phpFpm = rec {
38 serviceDeps = [ "postgresql.service" ]; 38 serviceDeps = [ "postgresql.service" ];
39 basedir = builtins.concatStringsSep ":" [ webRoot varDir ]; 39 basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
40 socket = "/var/run/phpfpm/rainloop.sock"; 40 pool = {
41 pool = '' 41 "listen.owner" = apache.user;
42 user = ${apache.user} 42 "listen.group" = apache.group;
43 group = ${apache.group} 43 "pm" = "ondemand";
44 listen.owner = ${apache.user} 44 "pm.max_children" = "60";
45 listen.group = ${apache.group} 45 "pm.process_idle_timeout" = "60";
46 pm = ondemand
47 pm.max_children = 60
48 pm.process_idle_timeout = 60
49 46
50 ; Needed to avoid clashes in browser cookies (same domain) 47 # Needed to avoid clashes in browser cookies (same domain)
51 php_value[session.name] = RainloopPHPSESSID 48 "php_value[session.name]" = "RainloopPHPSESSID";
52 php_admin_value[upload_max_filesize] = 200M 49 "php_admin_value[upload_max_filesize]" = "200M";
53 php_admin_value[post_max_size] = 200M 50 "php_admin_value[post_max_size]" = "200M";
54 php_admin_value[open_basedir] = "${basedir}:/tmp" 51 "php_admin_value[open_basedir]" = "${basedir}:/tmp";
55 php_admin_value[session.save_path] = "${varDir}/phpSessions" 52 "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
56 ''; 53 };
57 }; 54 };
58} 55}
diff --git a/modules/private/websites/tools/mail/roundcubemail.nix b/modules/private/websites/tools/mail/roundcubemail.nix
index 35de312..0b35d02 100644
--- a/modules/private/websites/tools/mail/roundcubemail.nix
+++ b/modules/private/websites/tools/mail/roundcubemail.nix
@@ -83,7 +83,7 @@ rec {
83 modules = [ "proxy_fcgi" ]; 83 modules = [ "proxy_fcgi" ];
84 webappName = "tools_roundcubemail"; 84 webappName = "tools_roundcubemail";
85 root = "/run/current-system/webapps/${webappName}"; 85 root = "/run/current-system/webapps/${webappName}";
86 vhostConf = '' 86 vhostConf = socket: ''
87 Alias /roundcube "${root}" 87 Alias /roundcube "${root}"
88 <Directory "${root}"> 88 <Directory "${root}">
89 DirectoryIndex index.php 89 DirectoryIndex index.php
@@ -92,7 +92,7 @@ rec {
92 Require all granted 92 Require all granted
93 93
94 <FilesMatch "\.php$"> 94 <FilesMatch "\.php$">
95 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 95 SetHandler "proxy:unix:${socket}|fcgi://localhost"
96 </FilesMatch> 96 </FilesMatch>
97 </Directory> 97 </Directory>
98 ''; 98 '';
@@ -107,22 +107,19 @@ rec {
107 date.timezone = 'CET' 107 date.timezone = 'CET'
108 extension=${phpPackages.imagick}/lib/php/extensions/imagick.so 108 extension=${phpPackages.imagick}/lib/php/extensions/imagick.so
109 ''; 109 '';
110 socket = "/var/run/phpfpm/roundcubemail.sock"; 110 pool = {
111 pool = '' 111 "listen.owner" = apache.user;
112 user = ${apache.user} 112 "listen.group" = apache.group;
113 group = ${apache.group} 113 "pm" = "ondemand";
114 listen.owner = ${apache.user} 114 "pm.max_children" = "60";
115 listen.group = ${apache.group} 115 "pm.process_idle_timeout" = "60";
116 pm = ondemand
117 pm.max_children = 60
118 pm.process_idle_timeout = 60
119 116
120 ; Needed to avoid clashes in browser cookies (same domain) 117 # Needed to avoid clashes in browser cookies (same domain)
121 php_value[session.name] = RoundcubemailPHPSESSID 118 "php_value[session.name]" = "RoundcubemailPHPSESSID";
122 php_admin_value[upload_max_filesize] = 200M 119 "php_admin_value[upload_max_filesize]" = "200M";
123 php_admin_value[post_max_size] = 200M 120 "php_admin_value[post_max_size]" = "200M";
124 php_admin_value[open_basedir] = "${basedir}:${apacheHttpd}/conf/mime.types:/tmp" 121 "php_admin_value[open_basedir]" = "${basedir}:${apacheHttpd}/conf/mime.types:/tmp";
125 php_admin_value[session.save_path] = "${varDir}/phpSessions" 122 "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
126 ''; 123 };
127 }; 124 };
128} 125}
diff --git a/modules/private/websites/tools/tools/adminer.nix b/modules/private/websites/tools/tools/adminer.nix
index 907e37f..52a132c 100644
--- a/modules/private/websites/tools/tools/adminer.nix
+++ b/modules/private/websites/tools/tools/adminer.nix
@@ -1,4 +1,4 @@
1{ adminer }: 1{ adminer, php73, forcePhpSocket ? null }:
2rec { 2rec {
3 activationScript = { 3 activationScript = {
4 deps = [ "httpd" ]; 4 deps = [ "httpd" ];
@@ -9,22 +9,33 @@ rec {
9 }; 9 };
10 webRoot = adminer; 10 webRoot = adminer;
11 phpFpm = rec { 11 phpFpm = rec {
12 socket = "/var/run/phpfpm/adminer.sock"; 12 user = apache.user;
13 pool = '' 13 group = apache.group;
14 user = ${apache.user} 14 phpPackage = (php73.override {
15 group = ${apache.group} 15 config.php.mysqlnd = true;
16 listen.owner = ${apache.user} 16 config.php.mysqli = false;
17 listen.group = ${apache.group} 17 config.php.pdo-mysql = false;
18 pm = ondemand 18 }).overrideAttrs(old: rec {
19 pm.max_children = 5 19 configureFlags = old.configureFlags ++ [
20 pm.process_idle_timeout = 60 20 "--with-mysqli=shared,mysqlnd"
21 ;php_admin_flag[log_errors] = on 21 ];
22 ; Needed to avoid clashes in browser cookies (same domain) 22 });
23 php_value[session.name] = AdminerPHPSESSID 23 phpOptions = ''
24 php_admin_value[open_basedir] = "${webRoot}:/tmp:/var/lib/php/sessions/adminer:/var/lib/php/tmp/adminer" 24 extension=${phpPackage}/lib/php/extensions/mysqli.so
25 php_admin_value[session.save_path] = "/var/lib/php/sessions/adminer" 25 '';
26 php_admin_value[upload_tmp_dir] = "/var/lib/php/tmp/adminer" 26 settings = {
27 ''; 27 "listen.owner" = apache.user;
28 "listen.group" = apache.group;
29 "pm" = "ondemand";
30 "pm.max_children" = "5";
31 "pm.process_idle_timeout" = "60";
32 #"php_admin_flag[log_errors]" = "on";
33 # Needed to avoid clashes in browser cookies (same domain)
34 "php_value[session.name]" = "AdminerPHPSESSID";
35 "php_admin_value[open_basedir]" = "${webRoot}:/tmp:/var/lib/php/sessions/adminer:/var/lib/php/tmp/adminer";
36 "php_admin_value[session.save_path]" = "/var/lib/php/sessions/adminer";
37 "php_admin_value[upload_tmp_dir]" = "/var/lib/php/tmp/adminer";
38 };
28 }; 39 };
29 apache = rec { 40 apache = rec {
30 user = "wwwrun"; 41 user = "wwwrun";
@@ -32,12 +43,12 @@ rec {
32 modules = [ "proxy_fcgi" ]; 43 modules = [ "proxy_fcgi" ];
33 webappName = "_adminer"; 44 webappName = "_adminer";
34 root = "/run/current-system/webapps/${webappName}"; 45 root = "/run/current-system/webapps/${webappName}";
35 vhostConf = '' 46 vhostConf = socket: ''
36 Alias /adminer ${root} 47 Alias /adminer ${root}
37 <Directory ${root}> 48 <Directory ${root}>
38 DirectoryIndex index.php 49 DirectoryIndex index.php
39 <FilesMatch "\.php$"> 50 <FilesMatch "\.php$">
40 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 51 SetHandler "proxy:unix:${if forcePhpSocket != null then forcePhpSocket else socket}|fcgi://localhost"
41 </FilesMatch> 52 </FilesMatch>
42 53
43 Use LDAPConnect 54 Use LDAPConnect
diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix
index 5dc0981..5e0d446 100644
--- a/modules/private/websites/tools/tools/default.nix
+++ b/modules/private/websites/tools/tools/default.nix
@@ -40,6 +40,7 @@ let
40 }; 40 };
41 41
42 cfg = config.myServices.websites.tools.tools; 42 cfg = config.myServices.websites.tools.tools;
43 pcfg = config.services.phpfpm.pools;
43in { 44in {
44 options.myServices.websites.tools.tools = { 45 options.myServices.websites.tools.tools = {
45 enable = lib.mkEnableOption "enable tools website"; 46 enable = lib.mkEnableOption "enable tools website";
@@ -92,7 +93,7 @@ in {
92 AllowOverride all 93 AllowOverride all
93 Require all granted 94 Require all granted
94 <FilesMatch "\.php$"> 95 <FilesMatch "\.php$">
95 SetHandler "proxy:unix:/var/run/phpfpm/devtools.sock|fcgi://localhost" 96 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
96 </FilesMatch> 97 </FilesMatch>
97 </Directory> 98 </Directory>
98 '' 99 ''
@@ -115,21 +116,21 @@ in {
115 AllowOverride all 116 AllowOverride all
116 Require all granted 117 Require all granted
117 <FilesMatch "\.php$"> 118 <FilesMatch "\.php$">
118 SetHandler "proxy:unix:/var/run/phpfpm/tools.sock|fcgi://localhost" 119 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
119 </FilesMatch> 120 </FilesMatch>
120 </Directory> 121 </Directory>
121 '' 122 ''
122 adminer.apache.vhostConf 123 (adminer.apache.vhostConf pcfg.adminer.socket)
123 ympd.apache.vhostConf 124 ympd.apache.vhostConf
124 ttrss.apache.vhostConf 125 (ttrss.apache.vhostConf pcfg.ttrss.socket)
125 wallabag.apache.vhostConf 126 (wallabag.apache.vhostConf pcfg.wallabag.socket)
126 yourls.apache.vhostConf 127 (yourls.apache.vhostConf pcfg.yourls.socket)
127 rompr.apache.vhostConf 128 (rompr.apache.vhostConf pcfg.rompr.socket)
128 shaarli.apache.vhostConf 129 (shaarli.apache.vhostConf pcfg.shaarli.socket)
129 dokuwiki.apache.vhostConf 130 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
130 ldap.apache.vhostConf 131 (ldap.apache.vhostConf pcfg.ldap.socket)
131 kanboard.apache.vhostConf 132 (kanboard.apache.vhostConf pcfg.kanboard.socket)
132 grocy.apache.vhostConf 133 (grocy.apache.vhostConf pcfg.grocy.socket)
133 ]; 134 ];
134 }; 135 };
135 136
@@ -226,38 +227,36 @@ in {
226 227
227 services.phpfpm.pools = { 228 services.phpfpm.pools = {
228 tools = { 229 tools = {
229 listen = "/var/run/phpfpm/tools.sock"; 230 user = "wwwrun";
230 extraConfig = '' 231 group = "wwwrun";
231 user = wwwrun 232 settings = {
232 group = wwwrun 233 "listen.owner" = "wwwrun";
233 listen.owner = wwwrun 234 "listen.group" = "wwwrun";
234 listen.group = wwwrun 235 "pm" = "dynamic";
235 pm = dynamic 236 "pm.max_children" = "60";
236 pm.max_children = 60 237 "pm.start_servers" = "2";
237 pm.start_servers = 2 238 "pm.min_spare_servers" = "1";
238 pm.min_spare_servers = 1 239 "pm.max_spare_servers" = "10";
239 pm.max_spare_servers = 10
240 240
241 ; Needed to avoid clashes in browser cookies (same domain) 241 # Needed to avoid clashes in browser cookies (same domain)
242 php_value[session.name] = ToolsPHPSESSID 242 "php_value[session.name]" = "ToolsPHPSESSID";
243 php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp" 243 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp";
244 ''; 244 };
245 }; 245 };
246 devtools = { 246 devtools = {
247 listen = "/var/run/phpfpm/devtools.sock"; 247 user = "wwwrun";
248 extraConfig = '' 248 group = "wwwrun";
249 user = wwwrun 249 settings = {
250 group = wwwrun 250 "listen.owner" = "wwwrun";
251 listen.owner = wwwrun 251 "listen.group" = "wwwrun";
252 listen.group = wwwrun 252 "pm" = "dynamic";
253 pm = dynamic 253 "pm.max_children" = "60";
254 pm.max_children = 60 254 "pm.start_servers" = "2";
255 pm.start_servers = 2 255 "pm.min_spare_servers" = "1";
256 pm.min_spare_servers = 1 256 "pm.max_spare_servers" = "10";
257 pm.max_spare_servers = 10
258 257
259 php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp" 258 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
260 ''; 259 };
261 phpOptions = config.services.phpfpm.phpOptions + '' 260 phpOptions = config.services.phpfpm.phpOptions + ''
262 extension=${pkgs.php}/lib/php/extensions/mysqli.so 261 extension=${pkgs.php}/lib/php/extensions/mysqli.so
263 extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so 262 extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
@@ -265,45 +264,51 @@ in {
265 zend_extension=${pkgs.php}/lib/php/extensions/opcache.so 264 zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
266 ''; 265 '';
267 }; 266 };
268 adminer = { 267 adminer = adminer.phpFpm;
269 listen = adminer.phpFpm.socket;
270 extraConfig = adminer.phpFpm.pool;
271 };
272 ttrss = { 268 ttrss = {
273 listen = ttrss.phpFpm.socket; 269 user = "wwwrun";
274 extraConfig = ttrss.phpFpm.pool; 270 group = "wwwrun";
271 settings = ttrss.phpFpm.pool;
275 }; 272 };
276 wallabag = { 273 wallabag = {
277 listen = wallabag.phpFpm.socket; 274 user = "wwwrun";
278 extraConfig = wallabag.phpFpm.pool; 275 group = "wwwrun";
276 settings = wallabag.phpFpm.pool;
279 }; 277 };
280 yourls = { 278 yourls = {
281 listen = yourls.phpFpm.socket; 279 user = "wwwrun";
282 extraConfig = yourls.phpFpm.pool; 280 group = "wwwrun";
281 settings = yourls.phpFpm.pool;
283 }; 282 };
284 rompr = { 283 rompr = {
285 listen = rompr.phpFpm.socket; 284 user = "wwwrun";
286 extraConfig = rompr.phpFpm.pool; 285 group = "wwwrun";
286 settings = rompr.phpFpm.pool;
287 }; 287 };
288 shaarli = { 288 shaarli = {
289 listen = shaarli.phpFpm.socket; 289 user = "wwwrun";
290 extraConfig = shaarli.phpFpm.pool; 290 group = "wwwrun";
291 settings = shaarli.phpFpm.pool;
291 }; 292 };
292 dokuwiki = { 293 dokuwiki = {
293 listen = dokuwiki.phpFpm.socket; 294 user = "wwwrun";
294 extraConfig = dokuwiki.phpFpm.pool; 295 group = "wwwrun";
296 settings = dokuwiki.phpFpm.pool;
295 }; 297 };
296 ldap = { 298 ldap = {
297 listen = ldap.phpFpm.socket; 299 user = "wwwrun";
298 extraConfig = ldap.phpFpm.pool; 300 group = "wwwrun";
301 settings = ldap.phpFpm.pool;
299 }; 302 };
300 kanboard = { 303 kanboard = {
301 listen = kanboard.phpFpm.socket; 304 user = "wwwrun";
302 extraConfig = kanboard.phpFpm.pool; 305 group = "wwwrun";
306 settings = kanboard.phpFpm.pool;
303 }; 307 };
304 grocy = { 308 grocy = {
305 listen = grocy.phpFpm.socket; 309 user = "wwwrun";
306 extraConfig = grocy.phpFpm.pool; 310 group = "wwwrun";
311 settings = grocy.phpFpm.pool;
307 }; 312 };
308 }; 313 };
309 314
diff --git a/modules/private/websites/tools/tools/dokuwiki.nix b/modules/private/websites/tools/tools/dokuwiki.nix
index d66e85d..26c04b7 100644
--- a/modules/private/websites/tools/tools/dokuwiki.nix
+++ b/modules/private/websites/tools/tools/dokuwiki.nix
@@ -26,12 +26,12 @@ rec {
26 modules = [ "proxy_fcgi" ]; 26 modules = [ "proxy_fcgi" ];
27 webappName = "tools_dokuwiki"; 27 webappName = "tools_dokuwiki";
28 root = "/run/current-system/webapps/${webappName}"; 28 root = "/run/current-system/webapps/${webappName}";
29 vhostConf = '' 29 vhostConf = socket: ''
30 Alias /dokuwiki "${root}" 30 Alias /dokuwiki "${root}"
31 <Directory "${root}"> 31 <Directory "${root}">
32 DirectoryIndex index.php 32 DirectoryIndex index.php
33 <FilesMatch "\.php$"> 33 <FilesMatch "\.php$">
34 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 34 SetHandler "proxy:unix:${socket}|fcgi://localhost"
35 </FilesMatch> 35 </FilesMatch>
36 36
37 AllowOverride All 37 AllowOverride All
@@ -44,20 +44,17 @@ rec {
44 serviceDeps = [ "openldap.service" ]; 44 serviceDeps = [ "openldap.service" ];
45 basedir = builtins.concatStringsSep ":" ( 45 basedir = builtins.concatStringsSep ":" (
46 [ webRoot varDir ] ++ webRoot.plugins); 46 [ webRoot varDir ] ++ webRoot.plugins);
47 socket = "/var/run/phpfpm/dokuwiki.sock"; 47 pool = {
48 pool = '' 48 "listen.owner" = apache.user;
49 user = ${apache.user} 49 "listen.group" = apache.group;
50 group = ${apache.group} 50 "pm" = "ondemand";
51 listen.owner = ${apache.user} 51 "pm.max_children" = "60";
52 listen.group = ${apache.group} 52 "pm.process_idle_timeout" = "60";
53 pm = ondemand
54 pm.max_children = 60
55 pm.process_idle_timeout = 60
56 53
57 ; Needed to avoid clashes in browser cookies (same domain) 54 # Needed to avoid clashes in browser cookies (same domain)
58 php_value[session.name] = DokuwikiPHPSESSID 55 "php_value[session.name]" = "DokuwikiPHPSESSID";
59 php_admin_value[open_basedir] = "${basedir}:/tmp" 56 "php_admin_value[open_basedir]" = "${basedir}:/tmp";
60 php_admin_value[session.save_path] = "${varDir}/phpSessions" 57 "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
61 ''; 58 };
62 }; 59 };
63} 60}
diff --git a/modules/private/websites/tools/tools/grocy.nix b/modules/private/websites/tools/tools/grocy.nix
index 1b8da20..a98d8ac 100644
--- a/modules/private/websites/tools/tools/grocy.nix
+++ b/modules/private/websites/tools/tools/grocy.nix
@@ -18,12 +18,12 @@ rec {
18 modules = [ "proxy_fcgi" ]; 18 modules = [ "proxy_fcgi" ];
19 webappName = "tools_grocy"; 19 webappName = "tools_grocy";
20 root = "/run/current-system/webapps/${webappName}"; 20 root = "/run/current-system/webapps/${webappName}";
21 vhostConf = '' 21 vhostConf = socket: ''
22 Alias /grocy "${root}" 22 Alias /grocy "${root}"
23 <Directory "${root}"> 23 <Directory "${root}">
24 DirectoryIndex index.php 24 DirectoryIndex index.php
25 <FilesMatch "\.php$"> 25 <FilesMatch "\.php$">
26 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 26 SetHandler "proxy:unix:${socket}|fcgi://localhost"
27 </FilesMatch> 27 </FilesMatch>
28 28
29 AllowOverride All 29 AllowOverride All
@@ -35,21 +35,18 @@ rec {
35 phpFpm = rec { 35 phpFpm = rec {
36 basedir = builtins.concatStringsSep ":" ( 36 basedir = builtins.concatStringsSep ":" (
37 [ grocy grocy.yarnModules varDir ]); 37 [ grocy grocy.yarnModules varDir ]);
38 socket = "/var/run/phpfpm/grocy.sock"; 38 pool = {
39 pool = '' 39 "listen.owner" = apache.user;
40 user = ${apache.user} 40 "listen.group" = apache.group;
41 group = ${apache.group} 41 "pm" = "ondemand";
42 listen.owner = ${apache.user} 42 "pm.max_children" = "60";
43 listen.group = ${apache.group} 43 "pm.process_idle_timeout" = "60";
44 pm = ondemand
45 pm.max_children = 60
46 pm.process_idle_timeout = 60
47 44
48 ; Needed to avoid clashes in browser cookies (same domain) 45 # Needed to avoid clashes in browser cookies (same domain)
49 php_value[session.name] = grocyPHPSESSID 46 "php_value[session.name]" = "grocyPHPSESSID";
50 php_admin_value[open_basedir] = "${basedir}:/tmp" 47 "php_admin_value[open_basedir]" = "${basedir}:/tmp";
51 php_admin_value[session.save_path] = "${varDir}/phpSessions" 48 "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
52 ''; 49 };
53 }; 50 };
54} 51}
55 52
diff --git a/modules/private/websites/tools/tools/kanboard.nix b/modules/private/websites/tools/tools/kanboard.nix
index 1880cbd..0f6fefc 100644
--- a/modules/private/websites/tools/tools/kanboard.nix
+++ b/modules/private/websites/tools/tools/kanboard.nix
@@ -49,7 +49,7 @@ rec {
49 modules = [ "proxy_fcgi" ]; 49 modules = [ "proxy_fcgi" ];
50 webappName = "tools_kanboard"; 50 webappName = "tools_kanboard";
51 root = "/run/current-system/webapps/${webappName}"; 51 root = "/run/current-system/webapps/${webappName}";
52 vhostConf = '' 52 vhostConf = socket: ''
53 Alias /kanboard "${root}" 53 Alias /kanboard "${root}"
54 <Directory "${root}"> 54 <Directory "${root}">
55 DirectoryIndex index.php 55 DirectoryIndex index.php
@@ -58,7 +58,7 @@ rec {
58 Require all granted 58 Require all granted
59 59
60 <FilesMatch "\.php$"> 60 <FilesMatch "\.php$">
61 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 61 SetHandler "proxy:unix:${socket}|fcgi://localhost"
62 </FilesMatch> 62 </FilesMatch>
63 </Directory> 63 </Directory>
64 <DirectoryMatch "${root}/data"> 64 <DirectoryMatch "${root}/data">
@@ -69,20 +69,17 @@ rec {
69 phpFpm = rec { 69 phpFpm = rec {
70 serviceDeps = [ "postgresql.service" "openldap.service" ]; 70 serviceDeps = [ "postgresql.service" "openldap.service" ];
71 basedir = builtins.concatStringsSep ":" [ webRoot varDir "/var/secrets/webapps/tools-kanboard" ]; 71 basedir = builtins.concatStringsSep ":" [ webRoot varDir "/var/secrets/webapps/tools-kanboard" ];
72 socket = "/var/run/phpfpm/kanboard.sock"; 72 pool = {
73 pool = '' 73 "listen.owner" = apache.user;
74 user = ${apache.user} 74 "listen.group" = apache.group;
75 group = ${apache.group} 75 "pm" = "ondemand";
76 listen.owner = ${apache.user} 76 "pm.max_children" = "60";
77 listen.group = ${apache.group} 77 "pm.process_idle_timeout" = "60";
78 pm = ondemand
79 pm.max_children = 60
80 pm.process_idle_timeout = 60
81 78
82 ; Needed to avoid clashes in browser cookies (same domain) 79 # Needed to avoid clashes in browser cookies (same domain)
83 php_value[session.name] = KanboardPHPSESSID 80 "php_value[session.name]" = "KanboardPHPSESSID";
84 php_admin_value[open_basedir] = "${basedir}:/tmp" 81 "php_admin_value[open_basedir]" = "${basedir}:/tmp";
85 php_admin_value[session.save_path] = "${varDir}/phpSessions" 82 "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
86 ''; 83 };
87 }; 84 };
88} 85}
diff --git a/modules/private/websites/tools/tools/ldap.nix b/modules/private/websites/tools/tools/ldap.nix
index e58a9bd..0c1a21f 100644
--- a/modules/private/websites/tools/tools/ldap.nix
+++ b/modules/private/websites/tools/tools/ldap.nix
@@ -39,12 +39,12 @@ rec {
39 modules = [ "proxy_fcgi" ]; 39 modules = [ "proxy_fcgi" ];
40 webappName = "tools_ldap"; 40 webappName = "tools_ldap";
41 root = "/run/current-system/webapps/${webappName}"; 41 root = "/run/current-system/webapps/${webappName}";
42 vhostConf = '' 42 vhostConf = socket: ''
43 Alias /ldap "${root}" 43 Alias /ldap "${root}"
44 <Directory "${root}"> 44 <Directory "${root}">
45 DirectoryIndex index.php 45 DirectoryIndex index.php
46 <FilesMatch "\.php$"> 46 <FilesMatch "\.php$">
47 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 47 SetHandler "proxy:unix:${socket}|fcgi://localhost"
48 </FilesMatch> 48 </FilesMatch>
49 49
50 AllowOverride None 50 AllowOverride None
@@ -55,20 +55,17 @@ rec {
55 phpFpm = rec { 55 phpFpm = rec {
56 serviceDeps = [ "openldap.service" ]; 56 serviceDeps = [ "openldap.service" ];
57 basedir = builtins.concatStringsSep ":" [ webRoot "/var/secrets/webapps/tools-ldap" ]; 57 basedir = builtins.concatStringsSep ":" [ webRoot "/var/secrets/webapps/tools-ldap" ];
58 socket = "/var/run/phpfpm/ldap.sock"; 58 pool = {
59 pool = '' 59 "listen.owner" = apache.user;
60 user = ${apache.user} 60 "listen.group" = apache.group;
61 group = ${apache.group} 61 "pm" = "ondemand";
62 listen.owner = ${apache.user} 62 "pm.max_children" = "60";
63 listen.group = ${apache.group} 63 "pm.process_idle_timeout" = "60";
64 pm = ondemand
65 pm.max_children = 60
66 pm.process_idle_timeout = 60
67 64
68 ; Needed to avoid clashes in browser cookies (same domain) 65 # Needed to avoid clashes in browser cookies (same domain)
69 php_value[session.name] = LdapPHPSESSID 66 "php_value[session.name]" = "LdapPHPSESSID";
70 php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/phpldapadmin" 67 "php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/phpldapadmin";
71 php_admin_value[session.save_path] = "/var/lib/php/sessions/phpldapadmin" 68 "php_admin_value[session.save_path]" = "/var/lib/php/sessions/phpldapadmin";
72 ''; 69 };
73 }; 70 };
74} 71}
diff --git a/modules/private/websites/tools/tools/rompr.nix b/modules/private/websites/tools/tools/rompr.nix
index 75adabe..106164c 100644
--- a/modules/private/websites/tools/tools/rompr.nix
+++ b/modules/private/websites/tools/tools/rompr.nix
@@ -15,7 +15,7 @@ rec {
15 modules = [ "headers" "mime" "proxy_fcgi" ]; 15 modules = [ "headers" "mime" "proxy_fcgi" ];
16 webappName = "tools_rompr"; 16 webappName = "tools_rompr";
17 root = "/run/current-system/webapps/${webappName}"; 17 root = "/run/current-system/webapps/${webappName}";
18 vhostConf = '' 18 vhostConf = socket: ''
19 Alias /rompr ${root} 19 Alias /rompr ${root}
20 20
21 <Directory ${root}> 21 <Directory ${root}>
@@ -29,7 +29,7 @@ rec {
29 AddType image/x-icon .ico 29 AddType image/x-icon .ico
30 30
31 <FilesMatch "\.php$"> 31 <FilesMatch "\.php$">
32 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 32 SetHandler "proxy:unix:${socket}|fcgi://localhost"
33 </FilesMatch> 33 </FilesMatch>
34 </Directory> 34 </Directory>
35 35
@@ -51,29 +51,26 @@ rec {
51 }; 51 };
52 phpFpm = rec { 52 phpFpm = rec {
53 basedir = builtins.concatStringsSep ":" [ webRoot varDir ]; 53 basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
54 socket = "/var/run/phpfpm/rompr.sock"; 54 pool = {
55 pool = '' 55 "listen.owner" = apache.user;
56 user = ${apache.user} 56 "listen.group" = apache.group;
57 group = ${apache.group} 57 "pm" = "ondemand";
58 listen.owner = ${apache.user} 58 "pm.max_children" = "60";
59 listen.group = ${apache.group} 59 "pm.process_idle_timeout" = "60";
60 pm = ondemand
61 pm.max_children = 60
62 pm.process_idle_timeout = 60
63 60
64 ; Needed to avoid clashes in browser cookies (same domain) 61 # Needed to avoid clashes in browser cookies (same domain)
65 php_value[session.name] = RomprPHPSESSID 62 "php_value[session.name]" = "RomprPHPSESSID";
66 php_admin_value[open_basedir] = "${basedir}:/tmp" 63 "php_admin_value[open_basedir]" = "${basedir}:/tmp";
67 php_admin_value[session.save_path] = "${varDir}/phpSessions" 64 "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
68 php_flag[magic_quotes_gpc] = Off 65 "php_flag[magic_quotes_gpc]" = "Off";
69 php_flag[track_vars] = On 66 "php_flag[track_vars]" = "On";
70 php_flag[register_globals] = Off 67 "php_flag[register_globals]" = "Off";
71 php_admin_flag[allow_url_fopen] = On 68 "php_admin_flag[allow_url_fopen]" = "On";
72 php_value[include_path] = ${webRoot} 69 "php_value[include_path]" = "${webRoot}";
73 php_admin_value[upload_tmp_dir] = "${varDir}/prefs" 70 "php_admin_value[upload_tmp_dir]" = "${varDir}/prefs";
74 php_admin_value[post_max_size] = 32M 71 "php_admin_value[post_max_size]" = "32M";
75 php_admin_value[upload_max_filesize] = 32M 72 "php_admin_value[upload_max_filesize]" = "32M";
76 php_admin_value[memory_limit] = 256M 73 "php_admin_value[memory_limit]" = "256M";
77 ''; 74 };
78 }; 75 };
79} 76}
diff --git a/modules/private/websites/tools/tools/shaarli.nix b/modules/private/websites/tools/tools/shaarli.nix
index 0a75755..950d296 100644
--- a/modules/private/websites/tools/tools/shaarli.nix
+++ b/modules/private/websites/tools/tools/shaarli.nix
@@ -17,7 +17,7 @@ in rec {
17 modules = [ "proxy_fcgi" "rewrite" "env" ]; 17 modules = [ "proxy_fcgi" "rewrite" "env" ];
18 webappName = "tools_shaarli"; 18 webappName = "tools_shaarli";
19 root = "/run/current-system/webapps/${webappName}"; 19 root = "/run/current-system/webapps/${webappName}";
20 vhostConf = '' 20 vhostConf = socket: ''
21 Alias /Shaarli "${root}" 21 Alias /Shaarli "${root}"
22 22
23 Include /var/secrets/webapps/tools-shaarli 23 Include /var/secrets/webapps/tools-shaarli
@@ -27,7 +27,7 @@ in rec {
27 AllowOverride All 27 AllowOverride All
28 Require all granted 28 Require all granted
29 <FilesMatch "\.php$"> 29 <FilesMatch "\.php$">
30 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 30 SetHandler "proxy:unix:${socket}|fcgi://localhost"
31 </FilesMatch> 31 </FilesMatch>
32 </Directory> 32 </Directory>
33 ''; 33 '';
@@ -48,20 +48,17 @@ in rec {
48 phpFpm = rec { 48 phpFpm = rec {
49 serviceDeps = [ "openldap.service" ]; 49 serviceDeps = [ "openldap.service" ];
50 basedir = builtins.concatStringsSep ":" [ webRoot varDir ]; 50 basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
51 socket = "/var/run/phpfpm/shaarli.sock"; 51 pool = {
52 pool = '' 52 "listen.owner" = apache.user;
53 user = ${apache.user} 53 "listen.group" = apache.group;
54 group = ${apache.group} 54 "pm" = "ondemand";
55 listen.owner = ${apache.user} 55 "pm.max_children" = "60";
56 listen.group = ${apache.group} 56 "pm.process_idle_timeout" = "60";
57 pm = ondemand
58 pm.max_children = 60
59 pm.process_idle_timeout = 60
60 57
61 ; Needed to avoid clashes in browser cookies (same domain) 58 # Needed to avoid clashes in browser cookies (same domain)
62 php_value[session.name] = ShaarliPHPSESSID 59 "php_value[session.name]" = "ShaarliPHPSESSID";
63 php_admin_value[open_basedir] = "${basedir}:/tmp" 60 "php_admin_value[open_basedir]" = "${basedir}:/tmp";
64 php_admin_value[session.save_path] = "${varDir}/phpSessions" 61 "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
65 ''; 62 };
66 }; 63 };
67} 64}
diff --git a/modules/private/websites/tools/tools/ttrss.nix b/modules/private/websites/tools/tools/ttrss.nix
index a8b2a93..48876d3 100644
--- a/modules/private/websites/tools/tools/ttrss.nix
+++ b/modules/private/websites/tools/tools/ttrss.nix
@@ -95,12 +95,12 @@ rec {
95 modules = [ "proxy_fcgi" ]; 95 modules = [ "proxy_fcgi" ];
96 webappName = "tools_ttrss"; 96 webappName = "tools_ttrss";
97 root = "/run/current-system/webapps/${webappName}"; 97 root = "/run/current-system/webapps/${webappName}";
98 vhostConf = '' 98 vhostConf = socket: ''
99 Alias /ttrss "${root}" 99 Alias /ttrss "${root}"
100 <Directory "${root}"> 100 <Directory "${root}">
101 DirectoryIndex index.php 101 DirectoryIndex index.php
102 <FilesMatch "\.php$"> 102 <FilesMatch "\.php$">
103 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 103 SetHandler "proxy:unix:${socket}|fcgi://localhost"
104 </FilesMatch> 104 </FilesMatch>
105 105
106 AllowOverride All 106 AllowOverride All
@@ -114,20 +114,17 @@ rec {
114 basedir = builtins.concatStringsSep ":" ( 114 basedir = builtins.concatStringsSep ":" (
115 [ webRoot "/var/secrets/webapps/tools-ttrss" varDir ] 115 [ webRoot "/var/secrets/webapps/tools-ttrss" varDir ]
116 ++ webRoot.plugins); 116 ++ webRoot.plugins);
117 socket = "/var/run/phpfpm/ttrss.sock"; 117 pool = {
118 pool = '' 118 "listen.owner" = apache.user;
119 user = ${apache.user} 119 "listen.group" = apache.group;
120 group = ${apache.group} 120 "pm" = "ondemand";
121 listen.owner = ${apache.user} 121 "pm.max_children" = "60";
122 listen.group = ${apache.group} 122 "pm.process_idle_timeout" = "60";
123 pm = ondemand 123
124 pm.max_children = 60 124 # Needed to avoid clashes in browser cookies (same domain)
125 pm.process_idle_timeout = 60 125 "php_value[session.name]" = "TtrssPHPSESSID";
126 126 "php_admin_value[open_basedir]" = "${basedir}:/tmp";
127 ; Needed to avoid clashes in browser cookies (same domain) 127 "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
128 php_value[session.name] = TtrssPHPSESSID 128 };
129 php_admin_value[open_basedir] = "${basedir}:/tmp"
130 php_admin_value[session.save_path] = "${varDir}/phpSessions"
131 '';
132 }; 129 };
133} 130}
diff --git a/modules/private/websites/tools/tools/wallabag.nix b/modules/private/websites/tools/tools/wallabag.nix
index 014d8a1..00e2dc9 100644
--- a/modules/private/websites/tools/tools/wallabag.nix
+++ b/modules/private/websites/tools/tools/wallabag.nix
@@ -82,7 +82,7 @@ rec {
82 modules = [ "proxy_fcgi" ]; 82 modules = [ "proxy_fcgi" ];
83 webappName = "tools_wallabag"; 83 webappName = "tools_wallabag";
84 root = "/run/current-system/webapps/${webappName}"; 84 root = "/run/current-system/webapps/${webappName}";
85 vhostConf = '' 85 vhostConf = socket: ''
86 Alias /wallabag "${root}" 86 Alias /wallabag "${root}"
87 <Directory "${root}"> 87 <Directory "${root}">
88 AllowOverride None 88 AllowOverride None
@@ -91,7 +91,7 @@ rec {
91 CGIPassAuth On 91 CGIPassAuth On
92 92
93 <FilesMatch "\.php$"> 93 <FilesMatch "\.php$">
94 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 94 SetHandler "proxy:unix:${socket}|fcgi://localhost"
95 </FilesMatch> 95 </FilesMatch>
96 96
97 <IfModule mod_rewrite.c> 97 <IfModule mod_rewrite.c>
@@ -129,22 +129,19 @@ rec {
129 ''; 129 '';
130 serviceDeps = [ "postgresql.service" "openldap.service" ]; 130 serviceDeps = [ "postgresql.service" "openldap.service" ];
131 basedir = builtins.concatStringsSep ":" [ webappDir "/var/secrets/webapps/tools-wallabag" varDir ]; 131 basedir = builtins.concatStringsSep ":" [ webappDir "/var/secrets/webapps/tools-wallabag" varDir ];
132 socket = "/var/run/phpfpm/wallabag.sock"; 132 pool = {
133 pool = '' 133 "listen.owner" = apache.user;
134 user = ${apache.user} 134 "listen.group" = apache.group;
135 group = ${apache.group} 135 "pm" = "dynamic";
136 listen.owner = ${apache.user} 136 "pm.max_children" = "60";
137 listen.group = ${apache.group} 137 "pm.start_servers" = "2";
138 pm = dynamic 138 "pm.min_spare_servers" = "1";
139 pm.max_children = 60 139 "pm.max_spare_servers" = "10";
140 pm.start_servers = 2
141 pm.min_spare_servers = 1
142 pm.max_spare_servers = 10
143 140
144 ; Needed to avoid clashes in browser cookies (same domain) 141 # Needed to avoid clashes in browser cookies (same domain)
145 php_value[session.name] = WallabagPHPSESSID 142 "php_value[session.name]" = "WallabagPHPSESSID";
146 php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:${basedir}:/tmp" 143 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:${basedir}:/tmp";
147 php_value[max_execution_time] = 300 144 "php_value[max_execution_time]" = "300";
148 ''; 145 };
149 }; 146 };
150} 147}
diff --git a/modules/private/websites/tools/tools/yourls.nix b/modules/private/websites/tools/tools/yourls.nix
index 466ceae..cb03b6c 100644
--- a/modules/private/websites/tools/tools/yourls.nix
+++ b/modules/private/websites/tools/tools/yourls.nix
@@ -48,11 +48,11 @@ rec {
48 modules = [ "proxy_fcgi" ]; 48 modules = [ "proxy_fcgi" ];
49 webappName = "tools_yourls"; 49 webappName = "tools_yourls";
50 root = "/run/current-system/webapps/${webappName}"; 50 root = "/run/current-system/webapps/${webappName}";
51 vhostConf = '' 51 vhostConf = socket: ''
52 Alias /url "${root}" 52 Alias /url "${root}"
53 <Directory "${root}"> 53 <Directory "${root}">
54 <FilesMatch "\.php$"> 54 <FilesMatch "\.php$">
55 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 55 SetHandler "proxy:unix:${socket}|fcgi://localhost"
56 </FilesMatch> 56 </FilesMatch>
57 57
58 AllowOverride None 58 AllowOverride None
@@ -73,20 +73,17 @@ rec {
73 basedir = builtins.concatStringsSep ":" ( 73 basedir = builtins.concatStringsSep ":" (
74 [ webRoot "/var/secrets/webapps/tools-yourls" ] 74 [ webRoot "/var/secrets/webapps/tools-yourls" ]
75 ++ webRoot.plugins); 75 ++ webRoot.plugins);
76 socket = "/var/run/phpfpm/yourls.sock"; 76 pool = {
77 pool = '' 77 "listen.owner" = apache.user;
78 user = ${apache.user} 78 "listen.group" = apache.group;
79 group = ${apache.group} 79 "pm" = "ondemand";
80 listen.owner = ${apache.user} 80 "pm.max_children" = "60";
81 listen.group = ${apache.group} 81 "pm.process_idle_timeout" = "60";
82 pm = ondemand
83 pm.max_children = 60
84 pm.process_idle_timeout = 60
85 82
86 ; Needed to avoid clashes in browser cookies (same domain) 83 # Needed to avoid clashes in browser cookies (same domain)
87 php_value[session.name] = YourlsPHPSESSID 84 "php_value[session.name]" = "YourlsPHPSESSID";
88 php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/yourls" 85 "php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/yourls";
89 php_admin_value[session.save_path] = "/var/lib/php/sessions/yourls" 86 "php_admin_value[session.save_path]" = "/var/lib/php/sessions/yourls";
90 ''; 87 };
91 }; 88 };
92} 89}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-12 07:14:15 +0000