diff options
Diffstat (limited to 'modules/private/websites/tools')
20 files changed, 333 insertions, 353 deletions
diff --git a/modules/private/websites/tools/cloud/default.nix b/modules/private/websites/tools/cloud/default.nix index 4785074..b9bb32f 100644 --- a/modules/private/websites/tools/cloud/default.nix +++ b/modules/private/websites/tools/cloud/default.nix | |||
@@ -10,37 +10,34 @@ let | |||
10 | basedir = builtins.concatStringsSep ":" ( | 10 | basedir = builtins.concatStringsSep ":" ( |
11 | [ nextcloud varDir ] | 11 | [ nextcloud varDir ] |
12 | ++ builtins.attrValues pkgs.webapps.nextcloud-apps); | 12 | ++ builtins.attrValues pkgs.webapps.nextcloud-apps); |
13 | socket = "/var/run/phpfpm/nextcloud.sock"; | ||
14 | phpConfig = '' | 13 | phpConfig = '' |
15 | extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so | 14 | extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so |
16 | extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so | 15 | extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so |
17 | zend_extension=${pkgs.php}/lib/php/extensions/opcache.so | 16 | zend_extension=${pkgs.php}/lib/php/extensions/opcache.so |
18 | ''; | 17 | ''; |
19 | pool = '' | 18 | pool = { |
20 | user = wwwrun | 19 | "listen.owner" = "wwwrun"; |
21 | group = wwwrun | 20 | "listen.group" = "wwwrun"; |
22 | listen.owner = wwwrun | 21 | "pm" = "ondemand"; |
23 | listen.group = wwwrun | 22 | "pm.max_children" = "60"; |
24 | pm = ondemand | 23 | "pm.process_idle_timeout" = "60"; |
25 | pm.max_children = 60 | ||
26 | pm.process_idle_timeout = 60 | ||
27 | 24 | ||
28 | php_admin_value[output_buffering] = 0 | 25 | "php_admin_value[output_buffering]" = "0"; |
29 | php_admin_value[max_execution_time] = 1800 | 26 | "php_admin_value[max_execution_time]" = "1800"; |
30 | php_admin_value[zend_extension] = "opcache" | 27 | "php_admin_value[zend_extension]" = "opcache"; |
31 | ;already enabled by default? | 28 | #already enabled by default? |
32 | ;php_value[opcache.enable] = 1 | 29 | #"php_value[opcache.enable]" = "1"; |
33 | php_value[opcache.enable_cli] = 1 | 30 | "php_value[opcache.enable_cli]" = "1"; |
34 | php_value[opcache.interned_strings_buffer] = 8 | 31 | "php_value[opcache.interned_strings_buffer]" = "8"; |
35 | php_value[opcache.max_accelerated_files] = 10000 | 32 | "php_value[opcache.max_accelerated_files]" = "10000"; |
36 | php_value[opcache.memory_consumption] = 128 | 33 | "php_value[opcache.memory_consumption]" = "128"; |
37 | php_value[opcache.save_comments] = 1 | 34 | "php_value[opcache.save_comments]" = "1"; |
38 | php_value[opcache.revalidate_freq] = 1 | 35 | "php_value[opcache.revalidate_freq]" = "1"; |
39 | php_admin_value[memory_limit] = 512M | 36 | "php_admin_value[memory_limit]" = "512M"; |
40 | 37 | ||
41 | php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:${basedir}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp" | 38 | "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:${basedir}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp"; |
42 | php_admin_value[session.save_path] = "${varDir}/phpSessions" | 39 | "php_admin_value[session.save_path]" = "${varDir}/phpSessions"; |
43 | ''; | 40 | }; |
44 | }; | 41 | }; |
45 | in { | 42 | in { |
46 | options.myServices.websites.tools.cloud = { | 43 | options.myServices.websites.tools.cloud = { |
@@ -71,7 +68,7 @@ in { | |||
71 | </IfModule> | 68 | </IfModule> |
72 | <FilesMatch "\.php$"> | 69 | <FilesMatch "\.php$"> |
73 | CGIPassAuth on | 70 | CGIPassAuth on |
74 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | 71 | SetHandler "proxy:unix:${config.services.phpfpm.pools.nextcloud.socket}|fcgi://localhost" |
75 | </FilesMatch> | 72 | </FilesMatch> |
76 | 73 | ||
77 | </Directory> | 74 | </Directory> |
@@ -171,8 +168,9 @@ in { | |||
171 | ''; | 168 | ''; |
172 | 169 | ||
173 | services.phpfpm.pools.nextcloud = { | 170 | services.phpfpm.pools.nextcloud = { |
174 | listen = phpFpm.socket; | 171 | user = "wwwrun"; |
175 | extraConfig = phpFpm.pool; | 172 | group = "wwwrun"; |
173 | settings = phpFpm.pool; | ||
176 | phpOptions = config.services.phpfpm.phpOptions + phpFpm.phpConfig; | 174 | phpOptions = config.services.phpfpm.phpOptions + phpFpm.phpConfig; |
177 | }; | 175 | }; |
178 | 176 | ||
diff --git a/modules/private/websites/tools/dav/davical.nix b/modules/private/websites/tools/dav/davical.nix index 5eb3fab..9d6cd21 100644 --- a/modules/private/websites/tools/dav/davical.nix +++ b/modules/private/websites/tools/dav/davical.nix | |||
@@ -73,7 +73,7 @@ rec { | |||
73 | modules = [ "proxy_fcgi" ]; | 73 | modules = [ "proxy_fcgi" ]; |
74 | webappName = "tools_davical"; | 74 | webappName = "tools_davical"; |
75 | root = "/run/current-system/webapps/${webappName}"; | 75 | root = "/run/current-system/webapps/${webappName}"; |
76 | vhostConf = '' | 76 | vhostConf = socket: '' |
77 | Alias /davical "${root}" | 77 | Alias /davical "${root}" |
78 | Alias /caldav.php "${root}/caldav.php" | 78 | Alias /caldav.php "${root}/caldav.php" |
79 | <Directory "${root}"> | 79 | <Directory "${root}"> |
@@ -84,7 +84,7 @@ rec { | |||
84 | 84 | ||
85 | <FilesMatch "\.php$"> | 85 | <FilesMatch "\.php$"> |
86 | CGIPassAuth on | 86 | CGIPassAuth on |
87 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | 87 | SetHandler "proxy:unix:${socket}|fcgi://localhost" |
88 | </FilesMatch> | 88 | </FilesMatch> |
89 | 89 | ||
90 | RewriteEngine On | 90 | RewriteEngine On |
@@ -111,28 +111,25 @@ rec { | |||
111 | phpFpm = rec { | 111 | phpFpm = rec { |
112 | serviceDeps = [ "postgresql.service" "openldap.service" ]; | 112 | serviceDeps = [ "postgresql.service" "openldap.service" ]; |
113 | basedir = builtins.concatStringsSep ":" [ webapp "/var/secrets/webapps/dav-davical" awl ]; | 113 | basedir = builtins.concatStringsSep ":" [ webapp "/var/secrets/webapps/dav-davical" awl ]; |
114 | socket = "/var/run/phpfpm/davical.sock"; | 114 | pool = { |
115 | pool = '' | 115 | "listen.owner" = apache.user; |
116 | user = ${apache.user} | 116 | "listen.group" = apache.group; |
117 | group = ${apache.group} | 117 | "pm" = "dynamic"; |
118 | listen.owner = ${apache.user} | 118 | "pm.max_children" = "60"; |
119 | listen.group = ${apache.group} | 119 | "pm.start_servers" = "2"; |
120 | pm = dynamic | 120 | "pm.min_spare_servers" = "1"; |
121 | pm.max_children = 60 | 121 | "pm.max_spare_servers" = "10"; |
122 | pm.start_servers = 2 | ||
123 | pm.min_spare_servers = 1 | ||
124 | pm.max_spare_servers = 10 | ||
125 | 122 | ||
126 | ; Needed to avoid clashes in browser cookies (same domain) | 123 | # Needed to avoid clashes in browser cookies (same domain) |
127 | php_value[session.name] = DavicalPHPSESSID | 124 | "php_value[session.name]" = "DavicalPHPSESSID"; |
128 | php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/davical" | 125 | "php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/davical"; |
129 | php_admin_value[include_path] = "${awl}/inc:${webapp}/inc" | 126 | "php_admin_value[include_path]" = "${awl}/inc:${webapp}/inc"; |
130 | php_admin_value[session.save_path] = "/var/lib/php/sessions/davical" | 127 | "php_admin_value[session.save_path]" = "/var/lib/php/sessions/davical"; |
131 | php_flag[magic_quotes_gpc] = Off | 128 | "php_flag[magic_quotes_gpc]" = "Off"; |
132 | php_flag[register_globals] = Off | 129 | "php_flag[register_globals]" = "Off"; |
133 | php_admin_value[error_reporting] = "E_ALL & ~E_NOTICE" | 130 | "php_admin_value[error_reporting]" = "E_ALL & ~E_NOTICE"; |
134 | php_admin_value[default_charset] = "utf-8" | 131 | "php_admin_value[default_charset]" = "utf-8"; |
135 | php_flag[magic_quotes_runtime] = Off | 132 | "php_flag[magic_quotes_runtime]" = "Off"; |
136 | ''; | 133 | }; |
137 | }; | 134 | }; |
138 | } | 135 | } |
diff --git a/modules/private/websites/tools/dav/default.nix b/modules/private/websites/tools/dav/default.nix index 0012965..30a562c 100644 --- a/modules/private/websites/tools/dav/default.nix +++ b/modules/private/websites/tools/dav/default.nix | |||
@@ -38,14 +38,15 @@ in { | |||
38 | root = "/run/current-system/webapps/_dav"; | 38 | root = "/run/current-system/webapps/_dav"; |
39 | extraConfig = [ | 39 | extraConfig = [ |
40 | infcloud.vhostConf | 40 | infcloud.vhostConf |
41 | davical.apache.vhostConf | 41 | (davical.apache.vhostConf config.services.phpfpm.pools.davical.socket) |
42 | ]; | 42 | ]; |
43 | }; | 43 | }; |
44 | 44 | ||
45 | services.phpfpm.pools = { | 45 | services.phpfpm.pools = { |
46 | davical = { | 46 | davical = { |
47 | listen = davical.phpFpm.socket; | 47 | user = config.services.httpd.Tools.user; |
48 | extraConfig = davical.phpFpm.pool; | 48 | group = config.services.httpd.Tools.group; |
49 | settings = davical.phpFpm.pool; | ||
49 | }; | 50 | }; |
50 | }; | 51 | }; |
51 | 52 | ||
diff --git a/modules/private/websites/tools/db/default.nix b/modules/private/websites/tools/db/default.nix index 60592e5..fc8d989 100644 --- a/modules/private/websites/tools/db/default.nix +++ b/modules/private/websites/tools/db/default.nix | |||
@@ -1,6 +1,6 @@ | |||
1 | { lib, pkgs, config, ... }: | 1 | { lib, pkgs, config, ... }: |
2 | let | 2 | let |
3 | adminer = pkgs.callPackage ../../commons/adminer.nix {}; | 3 | adminer = pkgs.callPackage ../../commons/adminer.nix { inherit config; }; |
4 | 4 | ||
5 | cfg = config.myServices.websites.tools.db; | 5 | cfg = config.myServices.websites.tools.db; |
6 | in { | 6 | in { |
@@ -15,7 +15,7 @@ in { | |||
15 | addToCerts = true; | 15 | addToCerts = true; |
16 | hosts = ["db-1.immae.eu" ]; | 16 | hosts = ["db-1.immae.eu" ]; |
17 | root = null; | 17 | root = null; |
18 | extraConfig = [ adminer.apache.vhostConf ]; | 18 | extraConfig = [ (adminer.apache.vhostConf null) ]; |
19 | }; | 19 | }; |
20 | }; | 20 | }; |
21 | } | 21 | } |
diff --git a/modules/private/websites/tools/git/default.nix b/modules/private/websites/tools/git/default.nix index 054e47b..56e4401 100644 --- a/modules/private/websites/tools/git/default.nix +++ b/modules/private/websites/tools/git/default.nix | |||
@@ -30,7 +30,7 @@ in { | |||
30 | root = gitweb.apache.root; | 30 | root = gitweb.apache.root; |
31 | extraConfig = [ | 31 | extraConfig = [ |
32 | gitweb.apache.vhostConf | 32 | gitweb.apache.vhostConf |
33 | mantisbt.apache.vhostConf | 33 | (mantisbt.apache.vhostConf config.services.phpfpm.pools.mantisbt.socket) |
34 | '' | 34 | '' |
35 | RewriteEngine on | 35 | RewriteEngine on |
36 | RewriteCond %{REQUEST_URI} ^/releases | 36 | RewriteCond %{REQUEST_URI} ^/releases |
@@ -40,8 +40,9 @@ in { | |||
40 | }; | 40 | }; |
41 | services.phpfpm.pools = { | 41 | services.phpfpm.pools = { |
42 | mantisbt = { | 42 | mantisbt = { |
43 | listen = mantisbt.phpFpm.socket; | 43 | user = config.services.httpd.Tools.user; |
44 | extraConfig = mantisbt.phpFpm.pool; | 44 | group = config.services.httpd.Tools.group; |
45 | settings = mantisbt.phpFpm.pool; | ||
45 | }; | 46 | }; |
46 | }; | 47 | }; |
47 | }; | 48 | }; |
diff --git a/modules/private/websites/tools/git/mantisbt.nix b/modules/private/websites/tools/git/mantisbt.nix index d75b022..50851aa 100644 --- a/modules/private/websites/tools/git/mantisbt.nix +++ b/modules/private/websites/tools/git/mantisbt.nix | |||
@@ -53,12 +53,12 @@ rec { | |||
53 | modules = [ "proxy_fcgi" ]; | 53 | modules = [ "proxy_fcgi" ]; |
54 | webappName = "tools_mantisbt"; | 54 | webappName = "tools_mantisbt"; |
55 | root = "/run/current-system/webapps/${webappName}"; | 55 | root = "/run/current-system/webapps/${webappName}"; |
56 | vhostConf = '' | 56 | vhostConf = socket: '' |
57 | Alias /mantisbt "${root}" | 57 | Alias /mantisbt "${root}" |
58 | <Directory "${root}"> | 58 | <Directory "${root}"> |
59 | DirectoryIndex index.php | 59 | DirectoryIndex index.php |
60 | <FilesMatch "\.php$"> | 60 | <FilesMatch "\.php$"> |
61 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | 61 | SetHandler "proxy:unix:${socket}|fcgi://localhost" |
62 | </FilesMatch> | 62 | </FilesMatch> |
63 | 63 | ||
64 | AllowOverride All | 64 | AllowOverride All |
@@ -76,20 +76,17 @@ rec { | |||
76 | basedir = builtins.concatStringsSep ":" ( | 76 | basedir = builtins.concatStringsSep ":" ( |
77 | [ webRoot "/var/secrets/webapps/tools-mantisbt" ] | 77 | [ webRoot "/var/secrets/webapps/tools-mantisbt" ] |
78 | ++ webRoot.plugins); | 78 | ++ webRoot.plugins); |
79 | socket = "/var/run/phpfpm/mantisbt.sock"; | 79 | pool = { |
80 | pool = '' | 80 | "listen.owner" = apache.user; |
81 | user = ${apache.user} | 81 | "listen.group" = apache.group; |
82 | group = ${apache.group} | 82 | "pm" = "ondemand"; |
83 | listen.owner = ${apache.user} | 83 | "pm.max_children" = "60"; |
84 | listen.group = ${apache.group} | 84 | "pm.process_idle_timeout" = "60"; |
85 | pm = ondemand | ||
86 | pm.max_children = 60 | ||
87 | pm.process_idle_timeout = 60 | ||
88 | 85 | ||
89 | php_admin_value[upload_max_filesize] = 5000000 | 86 | "php_admin_value[upload_max_filesize]" = "5000000"; |
90 | 87 | ||
91 | php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/mantisbt" | 88 | "php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/mantisbt"; |
92 | php_admin_value[session.save_path] = "/var/lib/php/sessions/mantisbt" | 89 | "php_admin_value[session.save_path]" = "/var/lib/php/sessions/mantisbt"; |
93 | ''; | 90 | }; |
94 | }; | 91 | }; |
95 | } | 92 | } |
diff --git a/modules/private/websites/tools/mail/default.nix b/modules/private/websites/tools/mail/default.nix index bb36042..1f7f7bf 100644 --- a/modules/private/websites/tools/mail/default.nix +++ b/modules/private/websites/tools/mail/default.nix | |||
@@ -6,6 +6,7 @@ let | |||
6 | }; | 6 | }; |
7 | rainloop = pkgs.callPackage ./rainloop.nix {}; | 7 | rainloop = pkgs.callPackage ./rainloop.nix {}; |
8 | cfg = config.myServices.websites.tools.email; | 8 | cfg = config.myServices.websites.tools.email; |
9 | pcfg = config.services.phpfpm.pools; | ||
9 | in | 10 | in |
10 | { | 11 | { |
11 | options.myServices.websites.tools.email = { | 12 | options.myServices.websites.tools.email = { |
@@ -34,8 +35,8 @@ in | |||
34 | hosts = ["mail.immae.eu"]; | 35 | hosts = ["mail.immae.eu"]; |
35 | root = "/run/current-system/webapps/_mail"; | 36 | root = "/run/current-system/webapps/_mail"; |
36 | extraConfig = [ | 37 | extraConfig = [ |
37 | rainloop.apache.vhostConf | 38 | (rainloop.apache.vhostConf pcfg.rainloop.socket) |
38 | roundcubemail.apache.vhostConf | 39 | (roundcubemail.apache.vhostConf pcfg.roundcubemail.socket) |
39 | '' | 40 | '' |
40 | <Directory /run/current-system/webapps/_mail> | 41 | <Directory /run/current-system/webapps/_mail> |
41 | Require all granted | 42 | Require all granted |
@@ -56,13 +57,15 @@ in | |||
56 | }; | 57 | }; |
57 | 58 | ||
58 | services.phpfpm.pools.roundcubemail = { | 59 | services.phpfpm.pools.roundcubemail = { |
59 | listen = roundcubemail.phpFpm.socket; | 60 | user = "wwwrun"; |
60 | extraConfig = roundcubemail.phpFpm.pool; | 61 | group = "wwwrun"; |
62 | settings = roundcubemail.phpFpm.pool; | ||
61 | phpOptions = config.services.phpfpm.phpOptions + roundcubemail.phpFpm.phpConfig; | 63 | phpOptions = config.services.phpfpm.phpOptions + roundcubemail.phpFpm.phpConfig; |
62 | }; | 64 | }; |
63 | services.phpfpm.pools.rainloop = { | 65 | services.phpfpm.pools.rainloop = { |
64 | listen = rainloop.phpFpm.socket; | 66 | user = "wwwrun"; |
65 | extraConfig = rainloop.phpFpm.pool; | 67 | group = "wwwrun"; |
68 | settings = rainloop.phpFpm.pool; | ||
66 | }; | 69 | }; |
67 | system.activationScripts = { | 70 | system.activationScripts = { |
68 | roundcubemail = roundcubemail.activationScript; | 71 | roundcubemail = roundcubemail.activationScript; |
diff --git a/modules/private/websites/tools/mail/rainloop.nix b/modules/private/websites/tools/mail/rainloop.nix index 2dad46e..9b1f0c5 100644 --- a/modules/private/websites/tools/mail/rainloop.nix +++ b/modules/private/websites/tools/mail/rainloop.nix | |||
@@ -16,7 +16,7 @@ rec { | |||
16 | modules = [ "proxy_fcgi" ]; | 16 | modules = [ "proxy_fcgi" ]; |
17 | webappName = "tools_rainloop"; | 17 | webappName = "tools_rainloop"; |
18 | root = "/run/current-system/webapps/${webappName}"; | 18 | root = "/run/current-system/webapps/${webappName}"; |
19 | vhostConf = '' | 19 | vhostConf = socket: '' |
20 | Alias /rainloop "${root}" | 20 | Alias /rainloop "${root}" |
21 | <Directory "${root}"> | 21 | <Directory "${root}"> |
22 | DirectoryIndex index.php | 22 | DirectoryIndex index.php |
@@ -25,7 +25,7 @@ rec { | |||
25 | Require all granted | 25 | Require all granted |
26 | 26 | ||
27 | <FilesMatch "\.php$"> | 27 | <FilesMatch "\.php$"> |
28 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | 28 | SetHandler "proxy:unix:${socket}|fcgi://localhost" |
29 | </FilesMatch> | 29 | </FilesMatch> |
30 | </Directory> | 30 | </Directory> |
31 | 31 | ||
@@ -37,22 +37,19 @@ rec { | |||
37 | phpFpm = rec { | 37 | phpFpm = rec { |
38 | serviceDeps = [ "postgresql.service" ]; | 38 | serviceDeps = [ "postgresql.service" ]; |
39 | basedir = builtins.concatStringsSep ":" [ webRoot varDir ]; | 39 | basedir = builtins.concatStringsSep ":" [ webRoot varDir ]; |
40 | socket = "/var/run/phpfpm/rainloop.sock"; | 40 | pool = { |
41 | pool = '' | 41 | "listen.owner" = apache.user; |
42 | user = ${apache.user} | 42 | "listen.group" = apache.group; |
43 | group = ${apache.group} | 43 | "pm" = "ondemand"; |
44 | listen.owner = ${apache.user} | 44 | "pm.max_children" = "60"; |
45 | listen.group = ${apache.group} | 45 | "pm.process_idle_timeout" = "60"; |
46 | pm = ondemand | ||
47 | pm.max_children = 60 | ||
48 | pm.process_idle_timeout = 60 | ||
49 | 46 | ||
50 | ; Needed to avoid clashes in browser cookies (same domain) | 47 | # Needed to avoid clashes in browser cookies (same domain) |
51 | php_value[session.name] = RainloopPHPSESSID | 48 | "php_value[session.name]" = "RainloopPHPSESSID"; |
52 | php_admin_value[upload_max_filesize] = 200M | 49 | "php_admin_value[upload_max_filesize]" = "200M"; |
53 | php_admin_value[post_max_size] = 200M | 50 | "php_admin_value[post_max_size]" = "200M"; |
54 | php_admin_value[open_basedir] = "${basedir}:/tmp" | 51 | "php_admin_value[open_basedir]" = "${basedir}:/tmp"; |
55 | php_admin_value[session.save_path] = "${varDir}/phpSessions" | 52 | "php_admin_value[session.save_path]" = "${varDir}/phpSessions"; |
56 | ''; | 53 | }; |
57 | }; | 54 | }; |
58 | } | 55 | } |
diff --git a/modules/private/websites/tools/mail/roundcubemail.nix b/modules/private/websites/tools/mail/roundcubemail.nix index 35de312..0b35d02 100644 --- a/modules/private/websites/tools/mail/roundcubemail.nix +++ b/modules/private/websites/tools/mail/roundcubemail.nix | |||
@@ -83,7 +83,7 @@ rec { | |||
83 | modules = [ "proxy_fcgi" ]; | 83 | modules = [ "proxy_fcgi" ]; |
84 | webappName = "tools_roundcubemail"; | 84 | webappName = "tools_roundcubemail"; |
85 | root = "/run/current-system/webapps/${webappName}"; | 85 | root = "/run/current-system/webapps/${webappName}"; |
86 | vhostConf = '' | 86 | vhostConf = socket: '' |
87 | Alias /roundcube "${root}" | 87 | Alias /roundcube "${root}" |
88 | <Directory "${root}"> | 88 | <Directory "${root}"> |
89 | DirectoryIndex index.php | 89 | DirectoryIndex index.php |
@@ -92,7 +92,7 @@ rec { | |||
92 | Require all granted | 92 | Require all granted |
93 | 93 | ||
94 | <FilesMatch "\.php$"> | 94 | <FilesMatch "\.php$"> |
95 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | 95 | SetHandler "proxy:unix:${socket}|fcgi://localhost" |
96 | </FilesMatch> | 96 | </FilesMatch> |
97 | </Directory> | 97 | </Directory> |
98 | ''; | 98 | ''; |
@@ -107,22 +107,19 @@ rec { | |||
107 | date.timezone = 'CET' | 107 | date.timezone = 'CET' |
108 | extension=${phpPackages.imagick}/lib/php/extensions/imagick.so | 108 | extension=${phpPackages.imagick}/lib/php/extensions/imagick.so |
109 | ''; | 109 | ''; |
110 | socket = "/var/run/phpfpm/roundcubemail.sock"; | 110 | pool = { |
111 | pool = '' | 111 | "listen.owner" = apache.user; |
112 | user = ${apache.user} | 112 | "listen.group" = apache.group; |
113 | group = ${apache.group} | 113 | "pm" = "ondemand"; |
114 | listen.owner = ${apache.user} | 114 | "pm.max_children" = "60"; |
115 | listen.group = ${apache.group} | 115 | "pm.process_idle_timeout" = "60"; |
116 | pm = ondemand | ||
117 | pm.max_children = 60 | ||
118 | pm.process_idle_timeout = 60 | ||
119 | 116 | ||
120 | ; Needed to avoid clashes in browser cookies (same domain) | 117 | # Needed to avoid clashes in browser cookies (same domain) |
121 | php_value[session.name] = RoundcubemailPHPSESSID | 118 | "php_value[session.name]" = "RoundcubemailPHPSESSID"; |
122 | php_admin_value[upload_max_filesize] = 200M | 119 | "php_admin_value[upload_max_filesize]" = "200M"; |
123 | php_admin_value[post_max_size] = 200M | 120 | "php_admin_value[post_max_size]" = "200M"; |
124 | php_admin_value[open_basedir] = "${basedir}:${apacheHttpd}/conf/mime.types:/tmp" | 121 | "php_admin_value[open_basedir]" = "${basedir}:${apacheHttpd}/conf/mime.types:/tmp"; |
125 | php_admin_value[session.save_path] = "${varDir}/phpSessions" | 122 | "php_admin_value[session.save_path]" = "${varDir}/phpSessions"; |
126 | ''; | 123 | }; |
127 | }; | 124 | }; |
128 | } | 125 | } |
diff --git a/modules/private/websites/tools/tools/adminer.nix b/modules/private/websites/tools/tools/adminer.nix index 907e37f..52a132c 100644 --- a/modules/private/websites/tools/tools/adminer.nix +++ b/modules/private/websites/tools/tools/adminer.nix | |||
@@ -1,4 +1,4 @@ | |||
1 | { adminer }: | 1 | { adminer, php73, forcePhpSocket ? null }: |
2 | rec { | 2 | rec { |
3 | activationScript = { | 3 | activationScript = { |
4 | deps = [ "httpd" ]; | 4 | deps = [ "httpd" ]; |
@@ -9,22 +9,33 @@ rec { | |||
9 | }; | 9 | }; |
10 | webRoot = adminer; | 10 | webRoot = adminer; |
11 | phpFpm = rec { | 11 | phpFpm = rec { |
12 | socket = "/var/run/phpfpm/adminer.sock"; | 12 | user = apache.user; |
13 | pool = '' | 13 | group = apache.group; |
14 | user = ${apache.user} | 14 | phpPackage = (php73.override { |
15 | group = ${apache.group} | 15 | config.php.mysqlnd = true; |
16 | listen.owner = ${apache.user} | 16 | config.php.mysqli = false; |
17 | listen.group = ${apache.group} | 17 | config.php.pdo-mysql = false; |
18 | pm = ondemand | 18 | }).overrideAttrs(old: rec { |
19 | pm.max_children = 5 | 19 | configureFlags = old.configureFlags ++ [ |
20 | pm.process_idle_timeout = 60 | 20 | "--with-mysqli=shared,mysqlnd" |
21 | ;php_admin_flag[log_errors] = on | 21 | ]; |
22 | ; Needed to avoid clashes in browser cookies (same domain) | 22 | }); |
23 | php_value[session.name] = AdminerPHPSESSID | 23 | phpOptions = '' |
24 | php_admin_value[open_basedir] = "${webRoot}:/tmp:/var/lib/php/sessions/adminer:/var/lib/php/tmp/adminer" | 24 | extension=${phpPackage}/lib/php/extensions/mysqli.so |
25 | php_admin_value[session.save_path] = "/var/lib/php/sessions/adminer" | 25 | ''; |
26 | php_admin_value[upload_tmp_dir] = "/var/lib/php/tmp/adminer" | 26 | settings = { |
27 | ''; | 27 | "listen.owner" = apache.user; |
28 | "listen.group" = apache.group; | ||
29 | "pm" = "ondemand"; | ||
30 | "pm.max_children" = "5"; | ||
31 | "pm.process_idle_timeout" = "60"; | ||
32 | #"php_admin_flag[log_errors]" = "on"; | ||
33 | # Needed to avoid clashes in browser cookies (same domain) | ||
34 | "php_value[session.name]" = "AdminerPHPSESSID"; | ||
35 | "php_admin_value[open_basedir]" = "${webRoot}:/tmp:/var/lib/php/sessions/adminer:/var/lib/php/tmp/adminer"; | ||
36 | "php_admin_value[session.save_path]" = "/var/lib/php/sessions/adminer"; | ||
37 | "php_admin_value[upload_tmp_dir]" = "/var/lib/php/tmp/adminer"; | ||
38 | }; | ||
28 | }; | 39 | }; |
29 | apache = rec { | 40 | apache = rec { |
30 | user = "wwwrun"; | 41 | user = "wwwrun"; |
@@ -32,12 +43,12 @@ rec { | |||
32 | modules = [ "proxy_fcgi" ]; | 43 | modules = [ "proxy_fcgi" ]; |
33 | webappName = "_adminer"; | 44 | webappName = "_adminer"; |
34 | root = "/run/current-system/webapps/${webappName}"; | 45 | root = "/run/current-system/webapps/${webappName}"; |
35 | vhostConf = '' | 46 | vhostConf = socket: '' |
36 | Alias /adminer ${root} | 47 | Alias /adminer ${root} |
37 | <Directory ${root}> | 48 | <Directory ${root}> |
38 | DirectoryIndex index.php | 49 | DirectoryIndex index.php |
39 | <FilesMatch "\.php$"> | 50 | <FilesMatch "\.php$"> |
40 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | 51 | SetHandler "proxy:unix:${if forcePhpSocket != null then forcePhpSocket else socket}|fcgi://localhost" |
41 | </FilesMatch> | 52 | </FilesMatch> |
42 | 53 | ||
43 | Use LDAPConnect | 54 | Use LDAPConnect |
diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix index 5dc0981..5e0d446 100644 --- a/modules/private/websites/tools/tools/default.nix +++ b/modules/private/websites/tools/tools/default.nix | |||
@@ -40,6 +40,7 @@ let | |||
40 | }; | 40 | }; |
41 | 41 | ||
42 | cfg = config.myServices.websites.tools.tools; | 42 | cfg = config.myServices.websites.tools.tools; |
43 | pcfg = config.services.phpfpm.pools; | ||
43 | in { | 44 | in { |
44 | options.myServices.websites.tools.tools = { | 45 | options.myServices.websites.tools.tools = { |
45 | enable = lib.mkEnableOption "enable tools website"; | 46 | enable = lib.mkEnableOption "enable tools website"; |
@@ -92,7 +93,7 @@ in { | |||
92 | AllowOverride all | 93 | AllowOverride all |
93 | Require all granted | 94 | Require all granted |
94 | <FilesMatch "\.php$"> | 95 | <FilesMatch "\.php$"> |
95 | SetHandler "proxy:unix:/var/run/phpfpm/devtools.sock|fcgi://localhost" | 96 | SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost" |
96 | </FilesMatch> | 97 | </FilesMatch> |
97 | </Directory> | 98 | </Directory> |
98 | '' | 99 | '' |
@@ -115,21 +116,21 @@ in { | |||
115 | AllowOverride all | 116 | AllowOverride all |
116 | Require all granted | 117 | Require all granted |
117 | <FilesMatch "\.php$"> | 118 | <FilesMatch "\.php$"> |
118 | SetHandler "proxy:unix:/var/run/phpfpm/tools.sock|fcgi://localhost" | 119 | SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost" |
119 | </FilesMatch> | 120 | </FilesMatch> |
120 | </Directory> | 121 | </Directory> |
121 | '' | 122 | '' |
122 | adminer.apache.vhostConf | 123 | (adminer.apache.vhostConf pcfg.adminer.socket) |
123 | ympd.apache.vhostConf | 124 | ympd.apache.vhostConf |
124 | ttrss.apache.vhostConf | 125 | (ttrss.apache.vhostConf pcfg.ttrss.socket) |
125 | wallabag.apache.vhostConf | 126 | (wallabag.apache.vhostConf pcfg.wallabag.socket) |
126 | yourls.apache.vhostConf | 127 | (yourls.apache.vhostConf pcfg.yourls.socket) |
127 | rompr.apache.vhostConf | 128 | (rompr.apache.vhostConf pcfg.rompr.socket) |
128 | shaarli.apache.vhostConf | 129 | (shaarli.apache.vhostConf pcfg.shaarli.socket) |
129 | dokuwiki.apache.vhostConf | 130 | (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket) |
130 | ldap.apache.vhostConf | 131 | (ldap.apache.vhostConf pcfg.ldap.socket) |
131 | kanboard.apache.vhostConf | 132 | (kanboard.apache.vhostConf pcfg.kanboard.socket) |
132 | grocy.apache.vhostConf | 133 | (grocy.apache.vhostConf pcfg.grocy.socket) |
133 | ]; | 134 | ]; |
134 | }; | 135 | }; |
135 | 136 | ||
@@ -226,38 +227,36 @@ in { | |||
226 | 227 | ||
227 | services.phpfpm.pools = { | 228 | services.phpfpm.pools = { |
228 | tools = { | 229 | tools = { |
229 | listen = "/var/run/phpfpm/tools.sock"; | 230 | user = "wwwrun"; |
230 | extraConfig = '' | 231 | group = "wwwrun"; |
231 | user = wwwrun | 232 | settings = { |
232 | group = wwwrun | 233 | "listen.owner" = "wwwrun"; |
233 | listen.owner = wwwrun | 234 | "listen.group" = "wwwrun"; |
234 | listen.group = wwwrun | 235 | "pm" = "dynamic"; |
235 | pm = dynamic | 236 | "pm.max_children" = "60"; |
236 | pm.max_children = 60 | 237 | "pm.start_servers" = "2"; |
237 | pm.start_servers = 2 | 238 | "pm.min_spare_servers" = "1"; |
238 | pm.min_spare_servers = 1 | 239 | "pm.max_spare_servers" = "10"; |
239 | pm.max_spare_servers = 10 | ||
240 | 240 | ||
241 | ; Needed to avoid clashes in browser cookies (same domain) | 241 | # Needed to avoid clashes in browser cookies (same domain) |
242 | php_value[session.name] = ToolsPHPSESSID | 242 | "php_value[session.name]" = "ToolsPHPSESSID"; |
243 | php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp" | 243 | "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"; |
244 | ''; | 244 | }; |
245 | }; | 245 | }; |
246 | devtools = { | 246 | devtools = { |
247 | listen = "/var/run/phpfpm/devtools.sock"; | 247 | user = "wwwrun"; |
248 | extraConfig = '' | 248 | group = "wwwrun"; |
249 | user = wwwrun | 249 | settings = { |
250 | group = wwwrun | 250 | "listen.owner" = "wwwrun"; |
251 | listen.owner = wwwrun | 251 | "listen.group" = "wwwrun"; |
252 | listen.group = wwwrun | 252 | "pm" = "dynamic"; |
253 | pm = dynamic | 253 | "pm.max_children" = "60"; |
254 | pm.max_children = 60 | 254 | "pm.start_servers" = "2"; |
255 | pm.start_servers = 2 | 255 | "pm.min_spare_servers" = "1"; |
256 | pm.min_spare_servers = 1 | 256 | "pm.max_spare_servers" = "10"; |
257 | pm.max_spare_servers = 10 | ||
258 | 257 | ||
259 | php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp" | 258 | "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp"; |
260 | ''; | 259 | }; |
261 | phpOptions = config.services.phpfpm.phpOptions + '' | 260 | phpOptions = config.services.phpfpm.phpOptions + '' |
262 | extension=${pkgs.php}/lib/php/extensions/mysqli.so | 261 | extension=${pkgs.php}/lib/php/extensions/mysqli.so |
263 | extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so | 262 | extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so |
@@ -265,45 +264,51 @@ in { | |||
265 | zend_extension=${pkgs.php}/lib/php/extensions/opcache.so | 264 | zend_extension=${pkgs.php}/lib/php/extensions/opcache.so |
266 | ''; | 265 | ''; |
267 | }; | 266 | }; |
268 | adminer = { | 267 | adminer = adminer.phpFpm; |
269 | listen = adminer.phpFpm.socket; | ||
270 | extraConfig = adminer.phpFpm.pool; | ||
271 | }; | ||
272 | ttrss = { | 268 | ttrss = { |
273 | listen = ttrss.phpFpm.socket; | 269 | user = "wwwrun"; |
274 | extraConfig = ttrss.phpFpm.pool; | 270 | group = "wwwrun"; |
271 | settings = ttrss.phpFpm.pool; | ||
275 | }; | 272 | }; |
276 | wallabag = { | 273 | wallabag = { |
277 | listen = wallabag.phpFpm.socket; | 274 | user = "wwwrun"; |
278 | extraConfig = wallabag.phpFpm.pool; | 275 | group = "wwwrun"; |
276 | settings = wallabag.phpFpm.pool; | ||
279 | }; | 277 | }; |
280 | yourls = { | 278 | yourls = { |
281 | listen = yourls.phpFpm.socket; | 279 | user = "wwwrun"; |
282 | extraConfig = yourls.phpFpm.pool; | 280 | group = "wwwrun"; |
281 | settings = yourls.phpFpm.pool; | ||
283 | }; | 282 | }; |
284 | rompr = { | 283 | rompr = { |
285 | listen = rompr.phpFpm.socket; | 284 | user = "wwwrun"; |
286 | extraConfig = rompr.phpFpm.pool; | 285 | group = "wwwrun"; |
286 | settings = rompr.phpFpm.pool; | ||
287 | }; | 287 | }; |
288 | shaarli = { | 288 | shaarli = { |
289 | listen = shaarli.phpFpm.socket; | 289 | user = "wwwrun"; |
290 | extraConfig = shaarli.phpFpm.pool; | 290 | group = "wwwrun"; |
291 | settings = shaarli.phpFpm.pool; | ||
291 | }; | 292 | }; |
292 | dokuwiki = { | 293 | dokuwiki = { |
293 | listen = dokuwiki.phpFpm.socket; | 294 | user = "wwwrun"; |
294 | extraConfig = dokuwiki.phpFpm.pool; | 295 | group = "wwwrun"; |
296 | settings = dokuwiki.phpFpm.pool; | ||
295 | }; | 297 | }; |
296 | ldap = { | 298 | ldap = { |
297 | listen = ldap.phpFpm.socket; | 299 | user = "wwwrun"; |
298 | extraConfig = ldap.phpFpm.pool; | 300 | group = "wwwrun"; |
301 | settings = ldap.phpFpm.pool; | ||
299 | }; | 302 | }; |
300 | kanboard = { | 303 | kanboard = { |
301 | listen = kanboard.phpFpm.socket; | 304 | user = "wwwrun"; |
302 | extraConfig = kanboard.phpFpm.pool; | 305 | group = "wwwrun"; |
306 | settings = kanboard.phpFpm.pool; | ||
303 | }; | 307 | }; |
304 | grocy = { | 308 | grocy = { |
305 | listen = grocy.phpFpm.socket; | 309 | user = "wwwrun"; |
306 | extraConfig = grocy.phpFpm.pool; | 310 | group = "wwwrun"; |
311 | settings = grocy.phpFpm.pool; | ||
307 | }; | 312 | }; |
308 | }; | 313 | }; |
309 | 314 | ||
diff --git a/modules/private/websites/tools/tools/dokuwiki.nix b/modules/private/websites/tools/tools/dokuwiki.nix index d66e85d..26c04b7 100644 --- a/modules/private/websites/tools/tools/dokuwiki.nix +++ b/modules/private/websites/tools/tools/dokuwiki.nix | |||
@@ -26,12 +26,12 @@ rec { | |||
26 | modules = [ "proxy_fcgi" ]; | 26 | modules = [ "proxy_fcgi" ]; |
27 | webappName = "tools_dokuwiki"; | 27 | webappName = "tools_dokuwiki"; |
28 | root = "/run/current-system/webapps/${webappName}"; | 28 | root = "/run/current-system/webapps/${webappName}"; |
29 | vhostConf = '' | 29 | vhostConf = socket: '' |
30 | Alias /dokuwiki "${root}" | 30 | Alias /dokuwiki "${root}" |
31 | <Directory "${root}"> | 31 | <Directory "${root}"> |
32 | DirectoryIndex index.php | 32 | DirectoryIndex index.php |
33 | <FilesMatch "\.php$"> | 33 | <FilesMatch "\.php$"> |
34 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | 34 | SetHandler "proxy:unix:${socket}|fcgi://localhost" |
35 | </FilesMatch> | 35 | </FilesMatch> |
36 | 36 | ||
37 | AllowOverride All | 37 | AllowOverride All |
@@ -44,20 +44,17 @@ rec { | |||
44 | serviceDeps = [ "openldap.service" ]; | 44 | serviceDeps = [ "openldap.service" ]; |
45 | basedir = builtins.concatStringsSep ":" ( | 45 | basedir = builtins.concatStringsSep ":" ( |
46 | [ webRoot varDir ] ++ webRoot.plugins); | 46 | [ webRoot varDir ] ++ webRoot.plugins); |
47 | socket = "/var/run/phpfpm/dokuwiki.sock"; | 47 | pool = { |
48 | pool = '' | 48 | "listen.owner" = apache.user; |
49 | user = ${apache.user} | 49 | "listen.group" = apache.group; |
50 | group = ${apache.group} | 50 | "pm" = "ondemand"; |
51 | listen.owner = ${apache.user} | 51 | "pm.max_children" = "60"; |
52 | listen.group = ${apache.group} | 52 | "pm.process_idle_timeout" = "60"; |
53 | pm = ondemand | ||
54 | pm.max_children = 60 | ||
55 | pm.process_idle_timeout = 60 | ||
56 | 53 | ||
57 | ; Needed to avoid clashes in browser cookies (same domain) | 54 | # Needed to avoid clashes in browser cookies (same domain) |
58 | php_value[session.name] = DokuwikiPHPSESSID | 55 | "php_value[session.name]" = "DokuwikiPHPSESSID"; |
59 | php_admin_value[open_basedir] = "${basedir}:/tmp" | 56 | "php_admin_value[open_basedir]" = "${basedir}:/tmp"; |
60 | php_admin_value[session.save_path] = "${varDir}/phpSessions" | 57 | "php_admin_value[session.save_path]" = "${varDir}/phpSessions"; |
61 | ''; | 58 | }; |
62 | }; | 59 | }; |
63 | } | 60 | } |
diff --git a/modules/private/websites/tools/tools/grocy.nix b/modules/private/websites/tools/tools/grocy.nix index 1b8da20..a98d8ac 100644 --- a/modules/private/websites/tools/tools/grocy.nix +++ b/modules/private/websites/tools/tools/grocy.nix | |||
@@ -18,12 +18,12 @@ rec { | |||
18 | modules = [ "proxy_fcgi" ]; | 18 | modules = [ "proxy_fcgi" ]; |
19 | webappName = "tools_grocy"; | 19 | webappName = "tools_grocy"; |
20 | root = "/run/current-system/webapps/${webappName}"; | 20 | root = "/run/current-system/webapps/${webappName}"; |
21 | vhostConf = '' | 21 | vhostConf = socket: '' |
22 | Alias /grocy "${root}" | 22 | Alias /grocy "${root}" |
23 | <Directory "${root}"> | 23 | <Directory "${root}"> |
24 | DirectoryIndex index.php | 24 | DirectoryIndex index.php |
25 | <FilesMatch "\.php$"> | 25 | <FilesMatch "\.php$"> |
26 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | 26 | SetHandler "proxy:unix:${socket}|fcgi://localhost" |
27 | </FilesMatch> | 27 | </FilesMatch> |
28 | 28 | ||
29 | AllowOverride All | 29 | AllowOverride All |
@@ -35,21 +35,18 @@ rec { | |||
35 | phpFpm = rec { | 35 | phpFpm = rec { |
36 | basedir = builtins.concatStringsSep ":" ( | 36 | basedir = builtins.concatStringsSep ":" ( |
37 | [ grocy grocy.yarnModules varDir ]); | 37 | [ grocy grocy.yarnModules varDir ]); |
38 | socket = "/var/run/phpfpm/grocy.sock"; | 38 | pool = { |
39 | pool = '' | 39 | "listen.owner" = apache.user; |
40 | user = ${apache.user} | 40 | "listen.group" = apache.group; |
41 | group = ${apache.group} | 41 | "pm" = "ondemand"; |
42 | listen.owner = ${apache.user} | 42 | "pm.max_children" = "60"; |
43 | listen.group = ${apache.group} | 43 | "pm.process_idle_timeout" = "60"; |
44 | pm = ondemand | ||
45 | pm.max_children = 60 | ||
46 | pm.process_idle_timeout = 60 | ||
47 | 44 | ||
48 | ; Needed to avoid clashes in browser cookies (same domain) | 45 | # Needed to avoid clashes in browser cookies (same domain) |
49 | php_value[session.name] = grocyPHPSESSID | 46 | "php_value[session.name]" = "grocyPHPSESSID"; |
50 | php_admin_value[open_basedir] = "${basedir}:/tmp" | 47 | "php_admin_value[open_basedir]" = "${basedir}:/tmp"; |
51 | php_admin_value[session.save_path] = "${varDir}/phpSessions" | 48 | "php_admin_value[session.save_path]" = "${varDir}/phpSessions"; |
52 | ''; | 49 | }; |
53 | }; | 50 | }; |
54 | } | 51 | } |
55 | 52 | ||
diff --git a/modules/private/websites/tools/tools/kanboard.nix b/modules/private/websites/tools/tools/kanboard.nix index 1880cbd..0f6fefc 100644 --- a/modules/private/websites/tools/tools/kanboard.nix +++ b/modules/private/websites/tools/tools/kanboard.nix | |||
@@ -49,7 +49,7 @@ rec { | |||
49 | modules = [ "proxy_fcgi" ]; | 49 | modules = [ "proxy_fcgi" ]; |
50 | webappName = "tools_kanboard"; | 50 | webappName = "tools_kanboard"; |
51 | root = "/run/current-system/webapps/${webappName}"; | 51 | root = "/run/current-system/webapps/${webappName}"; |
52 | vhostConf = '' | 52 | vhostConf = socket: '' |
53 | Alias /kanboard "${root}" | 53 | Alias /kanboard "${root}" |
54 | <Directory "${root}"> | 54 | <Directory "${root}"> |
55 | DirectoryIndex index.php | 55 | DirectoryIndex index.php |
@@ -58,7 +58,7 @@ rec { | |||
58 | Require all granted | 58 | Require all granted |
59 | 59 | ||
60 | <FilesMatch "\.php$"> | 60 | <FilesMatch "\.php$"> |
61 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | 61 | SetHandler "proxy:unix:${socket}|fcgi://localhost" |
62 | </FilesMatch> | 62 | </FilesMatch> |
63 | </Directory> | 63 | </Directory> |
64 | <DirectoryMatch "${root}/data"> | 64 | <DirectoryMatch "${root}/data"> |
@@ -69,20 +69,17 @@ rec { | |||
69 | phpFpm = rec { | 69 | phpFpm = rec { |
70 | serviceDeps = [ "postgresql.service" "openldap.service" ]; | 70 | serviceDeps = [ "postgresql.service" "openldap.service" ]; |
71 | basedir = builtins.concatStringsSep ":" [ webRoot varDir "/var/secrets/webapps/tools-kanboard" ]; | 71 | basedir = builtins.concatStringsSep ":" [ webRoot varDir "/var/secrets/webapps/tools-kanboard" ]; |
72 | socket = "/var/run/phpfpm/kanboard.sock"; | 72 | pool = { |
73 | pool = '' | 73 | "listen.owner" = apache.user; |
74 | user = ${apache.user} | 74 | "listen.group" = apache.group; |
75 | group = ${apache.group} | 75 | "pm" = "ondemand"; |
76 | listen.owner = ${apache.user} | 76 | "pm.max_children" = "60"; |
77 | listen.group = ${apache.group} | 77 | "pm.process_idle_timeout" = "60"; |
78 | pm = ondemand | ||
79 | pm.max_children = 60 | ||
80 | pm.process_idle_timeout = 60 | ||
81 | 78 | ||
82 | ; Needed to avoid clashes in browser cookies (same domain) | 79 | # Needed to avoid clashes in browser cookies (same domain) |
83 | php_value[session.name] = KanboardPHPSESSID | 80 | "php_value[session.name]" = "KanboardPHPSESSID"; |
84 | php_admin_value[open_basedir] = "${basedir}:/tmp" | 81 | "php_admin_value[open_basedir]" = "${basedir}:/tmp"; |
85 | php_admin_value[session.save_path] = "${varDir}/phpSessions" | 82 | "php_admin_value[session.save_path]" = "${varDir}/phpSessions"; |
86 | ''; | 83 | }; |
87 | }; | 84 | }; |
88 | } | 85 | } |
diff --git a/modules/private/websites/tools/tools/ldap.nix b/modules/private/websites/tools/tools/ldap.nix index e58a9bd..0c1a21f 100644 --- a/modules/private/websites/tools/tools/ldap.nix +++ b/modules/private/websites/tools/tools/ldap.nix | |||
@@ -39,12 +39,12 @@ rec { | |||
39 | modules = [ "proxy_fcgi" ]; | 39 | modules = [ "proxy_fcgi" ]; |
40 | webappName = "tools_ldap"; | 40 | webappName = "tools_ldap"; |
41 | root = "/run/current-system/webapps/${webappName}"; | 41 | root = "/run/current-system/webapps/${webappName}"; |
42 | vhostConf = '' | 42 | vhostConf = socket: '' |
43 | Alias /ldap "${root}" | 43 | Alias /ldap "${root}" |
44 | <Directory "${root}"> | 44 | <Directory "${root}"> |
45 | DirectoryIndex index.php | 45 | DirectoryIndex index.php |
46 | <FilesMatch "\.php$"> | 46 | <FilesMatch "\.php$"> |
47 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | 47 | SetHandler "proxy:unix:${socket}|fcgi://localhost" |
48 | </FilesMatch> | 48 | </FilesMatch> |
49 | 49 | ||
50 | AllowOverride None | 50 | AllowOverride None |
@@ -55,20 +55,17 @@ rec { | |||
55 | phpFpm = rec { | 55 | phpFpm = rec { |
56 | serviceDeps = [ "openldap.service" ]; | 56 | serviceDeps = [ "openldap.service" ]; |
57 | basedir = builtins.concatStringsSep ":" [ webRoot "/var/secrets/webapps/tools-ldap" ]; | 57 | basedir = builtins.concatStringsSep ":" [ webRoot "/var/secrets/webapps/tools-ldap" ]; |
58 | socket = "/var/run/phpfpm/ldap.sock"; | 58 | pool = { |
59 | pool = '' | 59 | "listen.owner" = apache.user; |
60 | user = ${apache.user} | 60 | "listen.group" = apache.group; |
61 | group = ${apache.group} | 61 | "pm" = "ondemand"; |
62 | listen.owner = ${apache.user} | 62 | "pm.max_children" = "60"; |
63 | listen.group = ${apache.group} | 63 | "pm.process_idle_timeout" = "60"; |
64 | pm = ondemand | ||
65 | pm.max_children = 60 | ||
66 | pm.process_idle_timeout = 60 | ||
67 | 64 | ||
68 | ; Needed to avoid clashes in browser cookies (same domain) | 65 | # Needed to avoid clashes in browser cookies (same domain) |
69 | php_value[session.name] = LdapPHPSESSID | 66 | "php_value[session.name]" = "LdapPHPSESSID"; |
70 | php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/phpldapadmin" | 67 | "php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/phpldapadmin"; |
71 | php_admin_value[session.save_path] = "/var/lib/php/sessions/phpldapadmin" | 68 | "php_admin_value[session.save_path]" = "/var/lib/php/sessions/phpldapadmin"; |
72 | ''; | 69 | }; |
73 | }; | 70 | }; |
74 | } | 71 | } |
diff --git a/modules/private/websites/tools/tools/rompr.nix b/modules/private/websites/tools/tools/rompr.nix index 75adabe..106164c 100644 --- a/modules/private/websites/tools/tools/rompr.nix +++ b/modules/private/websites/tools/tools/rompr.nix | |||
@@ -15,7 +15,7 @@ rec { | |||
15 | modules = [ "headers" "mime" "proxy_fcgi" ]; | 15 | modules = [ "headers" "mime" "proxy_fcgi" ]; |
16 | webappName = "tools_rompr"; | 16 | webappName = "tools_rompr"; |
17 | root = "/run/current-system/webapps/${webappName}"; | 17 | root = "/run/current-system/webapps/${webappName}"; |
18 | vhostConf = '' | 18 | vhostConf = socket: '' |
19 | Alias /rompr ${root} | 19 | Alias /rompr ${root} |
20 | 20 | ||
21 | <Directory ${root}> | 21 | <Directory ${root}> |
@@ -29,7 +29,7 @@ rec { | |||
29 | AddType image/x-icon .ico | 29 | AddType image/x-icon .ico |
30 | 30 | ||
31 | <FilesMatch "\.php$"> | 31 | <FilesMatch "\.php$"> |
32 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | 32 | SetHandler "proxy:unix:${socket}|fcgi://localhost" |
33 | </FilesMatch> | 33 | </FilesMatch> |
34 | </Directory> | 34 | </Directory> |
35 | 35 | ||
@@ -51,29 +51,26 @@ rec { | |||
51 | }; | 51 | }; |
52 | phpFpm = rec { | 52 | phpFpm = rec { |
53 | basedir = builtins.concatStringsSep ":" [ webRoot varDir ]; | 53 | basedir = builtins.concatStringsSep ":" [ webRoot varDir ]; |
54 | socket = "/var/run/phpfpm/rompr.sock"; | 54 | pool = { |
55 | pool = '' | 55 | "listen.owner" = apache.user; |
56 | user = ${apache.user} | 56 | "listen.group" = apache.group; |
57 | group = ${apache.group} | 57 | "pm" = "ondemand"; |
58 | listen.owner = ${apache.user} | 58 | "pm.max_children" = "60"; |
59 | listen.group = ${apache.group} | 59 | "pm.process_idle_timeout" = "60"; |
60 | pm = ondemand | ||
61 | pm.max_children = 60 | ||
62 | pm.process_idle_timeout = 60 | ||
63 | 60 | ||
64 | ; Needed to avoid clashes in browser cookies (same domain) | 61 | # Needed to avoid clashes in browser cookies (same domain) |
65 | php_value[session.name] = RomprPHPSESSID | 62 | "php_value[session.name]" = "RomprPHPSESSID"; |
66 | php_admin_value[open_basedir] = "${basedir}:/tmp" | 63 | "php_admin_value[open_basedir]" = "${basedir}:/tmp"; |
67 | php_admin_value[session.save_path] = "${varDir}/phpSessions" | 64 | "php_admin_value[session.save_path]" = "${varDir}/phpSessions"; |
68 | php_flag[magic_quotes_gpc] = Off | 65 | "php_flag[magic_quotes_gpc]" = "Off"; |
69 | php_flag[track_vars] = On | 66 | "php_flag[track_vars]" = "On"; |
70 | php_flag[register_globals] = Off | 67 | "php_flag[register_globals]" = "Off"; |
71 | php_admin_flag[allow_url_fopen] = On | 68 | "php_admin_flag[allow_url_fopen]" = "On"; |
72 | php_value[include_path] = ${webRoot} | 69 | "php_value[include_path]" = "${webRoot}"; |
73 | php_admin_value[upload_tmp_dir] = "${varDir}/prefs" | 70 | "php_admin_value[upload_tmp_dir]" = "${varDir}/prefs"; |
74 | php_admin_value[post_max_size] = 32M | 71 | "php_admin_value[post_max_size]" = "32M"; |
75 | php_admin_value[upload_max_filesize] = 32M | 72 | "php_admin_value[upload_max_filesize]" = "32M"; |
76 | php_admin_value[memory_limit] = 256M | 73 | "php_admin_value[memory_limit]" = "256M"; |
77 | ''; | 74 | }; |
78 | }; | 75 | }; |
79 | } | 76 | } |
diff --git a/modules/private/websites/tools/tools/shaarli.nix b/modules/private/websites/tools/tools/shaarli.nix index 0a75755..950d296 100644 --- a/modules/private/websites/tools/tools/shaarli.nix +++ b/modules/private/websites/tools/tools/shaarli.nix | |||
@@ -17,7 +17,7 @@ in rec { | |||
17 | modules = [ "proxy_fcgi" "rewrite" "env" ]; | 17 | modules = [ "proxy_fcgi" "rewrite" "env" ]; |
18 | webappName = "tools_shaarli"; | 18 | webappName = "tools_shaarli"; |
19 | root = "/run/current-system/webapps/${webappName}"; | 19 | root = "/run/current-system/webapps/${webappName}"; |
20 | vhostConf = '' | 20 | vhostConf = socket: '' |
21 | Alias /Shaarli "${root}" | 21 | Alias /Shaarli "${root}" |
22 | 22 | ||
23 | Include /var/secrets/webapps/tools-shaarli | 23 | Include /var/secrets/webapps/tools-shaarli |
@@ -27,7 +27,7 @@ in rec { | |||
27 | AllowOverride All | 27 | AllowOverride All |
28 | Require all granted | 28 | Require all granted |
29 | <FilesMatch "\.php$"> | 29 | <FilesMatch "\.php$"> |
30 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | 30 | SetHandler "proxy:unix:${socket}|fcgi://localhost" |
31 | </FilesMatch> | 31 | </FilesMatch> |
32 | </Directory> | 32 | </Directory> |
33 | ''; | 33 | ''; |
@@ -48,20 +48,17 @@ in rec { | |||
48 | phpFpm = rec { | 48 | phpFpm = rec { |
49 | serviceDeps = [ "openldap.service" ]; | 49 | serviceDeps = [ "openldap.service" ]; |
50 | basedir = builtins.concatStringsSep ":" [ webRoot varDir ]; | 50 | basedir = builtins.concatStringsSep ":" [ webRoot varDir ]; |
51 | socket = "/var/run/phpfpm/shaarli.sock"; | 51 | pool = { |
52 | pool = '' | 52 | "listen.owner" = apache.user; |
53 | user = ${apache.user} | 53 | "listen.group" = apache.group; |
54 | group = ${apache.group} | 54 | "pm" = "ondemand"; |
55 | listen.owner = ${apache.user} | 55 | "pm.max_children" = "60"; |
56 | listen.group = ${apache.group} | 56 | "pm.process_idle_timeout" = "60"; |
57 | pm = ondemand | ||
58 | pm.max_children = 60 | ||
59 | pm.process_idle_timeout = 60 | ||
60 | 57 | ||
61 | ; Needed to avoid clashes in browser cookies (same domain) | 58 | # Needed to avoid clashes in browser cookies (same domain) |
62 | php_value[session.name] = ShaarliPHPSESSID | 59 | "php_value[session.name]" = "ShaarliPHPSESSID"; |
63 | php_admin_value[open_basedir] = "${basedir}:/tmp" | 60 | "php_admin_value[open_basedir]" = "${basedir}:/tmp"; |
64 | php_admin_value[session.save_path] = "${varDir}/phpSessions" | 61 | "php_admin_value[session.save_path]" = "${varDir}/phpSessions"; |
65 | ''; | 62 | }; |
66 | }; | 63 | }; |
67 | } | 64 | } |
diff --git a/modules/private/websites/tools/tools/ttrss.nix b/modules/private/websites/tools/tools/ttrss.nix index a8b2a93..48876d3 100644 --- a/modules/private/websites/tools/tools/ttrss.nix +++ b/modules/private/websites/tools/tools/ttrss.nix | |||
@@ -95,12 +95,12 @@ rec { | |||
95 | modules = [ "proxy_fcgi" ]; | 95 | modules = [ "proxy_fcgi" ]; |
96 | webappName = "tools_ttrss"; | 96 | webappName = "tools_ttrss"; |
97 | root = "/run/current-system/webapps/${webappName}"; | 97 | root = "/run/current-system/webapps/${webappName}"; |
98 | vhostConf = '' | 98 | vhostConf = socket: '' |
99 | Alias /ttrss "${root}" | 99 | Alias /ttrss "${root}" |
100 | <Directory "${root}"> | 100 | <Directory "${root}"> |
101 | DirectoryIndex index.php | 101 | DirectoryIndex index.php |
102 | <FilesMatch "\.php$"> | 102 | <FilesMatch "\.php$"> |
103 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | 103 | SetHandler "proxy:unix:${socket}|fcgi://localhost" |
104 | </FilesMatch> | 104 | </FilesMatch> |
105 | 105 | ||
106 | AllowOverride All | 106 | AllowOverride All |
@@ -114,20 +114,17 @@ rec { | |||
114 | basedir = builtins.concatStringsSep ":" ( | 114 | basedir = builtins.concatStringsSep ":" ( |
115 | [ webRoot "/var/secrets/webapps/tools-ttrss" varDir ] | 115 | [ webRoot "/var/secrets/webapps/tools-ttrss" varDir ] |
116 | ++ webRoot.plugins); | 116 | ++ webRoot.plugins); |
117 | socket = "/var/run/phpfpm/ttrss.sock"; | 117 | pool = { |
118 | pool = '' | 118 | "listen.owner" = apache.user; |
119 | user = ${apache.user} | 119 | "listen.group" = apache.group; |
120 | group = ${apache.group} | 120 | "pm" = "ondemand"; |
121 | listen.owner = ${apache.user} | 121 | "pm.max_children" = "60"; |
122 | listen.group = ${apache.group} | 122 | "pm.process_idle_timeout" = "60"; |
123 | pm = ondemand | 123 | |
124 | pm.max_children = 60 | 124 | # Needed to avoid clashes in browser cookies (same domain) |
125 | pm.process_idle_timeout = 60 | 125 | "php_value[session.name]" = "TtrssPHPSESSID"; |
126 | 126 | "php_admin_value[open_basedir]" = "${basedir}:/tmp"; | |
127 | ; Needed to avoid clashes in browser cookies (same domain) | 127 | "php_admin_value[session.save_path]" = "${varDir}/phpSessions"; |
128 | php_value[session.name] = TtrssPHPSESSID | 128 | }; |
129 | php_admin_value[open_basedir] = "${basedir}:/tmp" | ||
130 | php_admin_value[session.save_path] = "${varDir}/phpSessions" | ||
131 | ''; | ||
132 | }; | 129 | }; |
133 | } | 130 | } |
diff --git a/modules/private/websites/tools/tools/wallabag.nix b/modules/private/websites/tools/tools/wallabag.nix index 014d8a1..00e2dc9 100644 --- a/modules/private/websites/tools/tools/wallabag.nix +++ b/modules/private/websites/tools/tools/wallabag.nix | |||
@@ -82,7 +82,7 @@ rec { | |||
82 | modules = [ "proxy_fcgi" ]; | 82 | modules = [ "proxy_fcgi" ]; |
83 | webappName = "tools_wallabag"; | 83 | webappName = "tools_wallabag"; |
84 | root = "/run/current-system/webapps/${webappName}"; | 84 | root = "/run/current-system/webapps/${webappName}"; |
85 | vhostConf = '' | 85 | vhostConf = socket: '' |
86 | Alias /wallabag "${root}" | 86 | Alias /wallabag "${root}" |
87 | <Directory "${root}"> | 87 | <Directory "${root}"> |
88 | AllowOverride None | 88 | AllowOverride None |
@@ -91,7 +91,7 @@ rec { | |||
91 | CGIPassAuth On | 91 | CGIPassAuth On |
92 | 92 | ||
93 | <FilesMatch "\.php$"> | 93 | <FilesMatch "\.php$"> |
94 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | 94 | SetHandler "proxy:unix:${socket}|fcgi://localhost" |
95 | </FilesMatch> | 95 | </FilesMatch> |
96 | 96 | ||
97 | <IfModule mod_rewrite.c> | 97 | <IfModule mod_rewrite.c> |
@@ -129,22 +129,19 @@ rec { | |||
129 | ''; | 129 | ''; |
130 | serviceDeps = [ "postgresql.service" "openldap.service" ]; | 130 | serviceDeps = [ "postgresql.service" "openldap.service" ]; |
131 | basedir = builtins.concatStringsSep ":" [ webappDir "/var/secrets/webapps/tools-wallabag" varDir ]; | 131 | basedir = builtins.concatStringsSep ":" [ webappDir "/var/secrets/webapps/tools-wallabag" varDir ]; |
132 | socket = "/var/run/phpfpm/wallabag.sock"; | 132 | pool = { |
133 | pool = '' | 133 | "listen.owner" = apache.user; |
134 | user = ${apache.user} | 134 | "listen.group" = apache.group; |
135 | group = ${apache.group} | 135 | "pm" = "dynamic"; |
136 | listen.owner = ${apache.user} | 136 | "pm.max_children" = "60"; |
137 | listen.group = ${apache.group} | 137 | "pm.start_servers" = "2"; |
138 | pm = dynamic | 138 | "pm.min_spare_servers" = "1"; |
139 | pm.max_children = 60 | 139 | "pm.max_spare_servers" = "10"; |
140 | pm.start_servers = 2 | ||
141 | pm.min_spare_servers = 1 | ||
142 | pm.max_spare_servers = 10 | ||
143 | 140 | ||
144 | ; Needed to avoid clashes in browser cookies (same domain) | 141 | # Needed to avoid clashes in browser cookies (same domain) |
145 | php_value[session.name] = WallabagPHPSESSID | 142 | "php_value[session.name]" = "WallabagPHPSESSID"; |
146 | php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:${basedir}:/tmp" | 143 | "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:${basedir}:/tmp"; |
147 | php_value[max_execution_time] = 300 | 144 | "php_value[max_execution_time]" = "300"; |
148 | ''; | 145 | }; |
149 | }; | 146 | }; |
150 | } | 147 | } |
diff --git a/modules/private/websites/tools/tools/yourls.nix b/modules/private/websites/tools/tools/yourls.nix index 466ceae..cb03b6c 100644 --- a/modules/private/websites/tools/tools/yourls.nix +++ b/modules/private/websites/tools/tools/yourls.nix | |||
@@ -48,11 +48,11 @@ rec { | |||
48 | modules = [ "proxy_fcgi" ]; | 48 | modules = [ "proxy_fcgi" ]; |
49 | webappName = "tools_yourls"; | 49 | webappName = "tools_yourls"; |
50 | root = "/run/current-system/webapps/${webappName}"; | 50 | root = "/run/current-system/webapps/${webappName}"; |
51 | vhostConf = '' | 51 | vhostConf = socket: '' |
52 | Alias /url "${root}" | 52 | Alias /url "${root}" |
53 | <Directory "${root}"> | 53 | <Directory "${root}"> |
54 | <FilesMatch "\.php$"> | 54 | <FilesMatch "\.php$"> |
55 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | 55 | SetHandler "proxy:unix:${socket}|fcgi://localhost" |
56 | </FilesMatch> | 56 | </FilesMatch> |
57 | 57 | ||
58 | AllowOverride None | 58 | AllowOverride None |
@@ -73,20 +73,17 @@ rec { | |||
73 | basedir = builtins.concatStringsSep ":" ( | 73 | basedir = builtins.concatStringsSep ":" ( |
74 | [ webRoot "/var/secrets/webapps/tools-yourls" ] | 74 | [ webRoot "/var/secrets/webapps/tools-yourls" ] |
75 | ++ webRoot.plugins); | 75 | ++ webRoot.plugins); |
76 | socket = "/var/run/phpfpm/yourls.sock"; | 76 | pool = { |
77 | pool = '' | 77 | "listen.owner" = apache.user; |
78 | user = ${apache.user} | 78 | "listen.group" = apache.group; |
79 | group = ${apache.group} | 79 | "pm" = "ondemand"; |
80 | listen.owner = ${apache.user} | 80 | "pm.max_children" = "60"; |
81 | listen.group = ${apache.group} | 81 | "pm.process_idle_timeout" = "60"; |
82 | pm = ondemand | ||
83 | pm.max_children = 60 | ||
84 | pm.process_idle_timeout = 60 | ||
85 | 82 | ||
86 | ; Needed to avoid clashes in browser cookies (same domain) | 83 | # Needed to avoid clashes in browser cookies (same domain) |
87 | php_value[session.name] = YourlsPHPSESSID | 84 | "php_value[session.name]" = "YourlsPHPSESSID"; |
88 | php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/yourls" | 85 | "php_admin_value[open_basedir]" = "${basedir}:/tmp:/var/lib/php/sessions/yourls"; |
89 | php_admin_value[session.save_path] = "/var/lib/php/sessions/yourls" | 86 | "php_admin_value[session.save_path]" = "/var/lib/php/sessions/yourls"; |
90 | ''; | 87 | }; |
91 | }; | 88 | }; |
92 | } | 89 | } |