diff options
Diffstat (limited to 'modules/private/websites')
-rw-r--r-- | modules/private/websites/default.nix | 1 | ||||
-rw-r--r-- | modules/private/websites/tools/performance/default.nix | 89 |
2 files changed, 90 insertions, 0 deletions
diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix index 864d5d9..f84567e 100644 --- a/modules/private/websites/default.nix +++ b/modules/private/websites/default.nix | |||
@@ -295,6 +295,7 @@ in | |||
295 | tools.mastodon.enable = true; | 295 | tools.mastodon.enable = true; |
296 | tools.mediagoblin.enable = true; | 296 | tools.mediagoblin.enable = true; |
297 | tools.peertube.enable = true; | 297 | tools.peertube.enable = true; |
298 | tools.performance.enable = true; | ||
298 | tools.tools.enable = true; | 299 | tools.tools.enable = true; |
299 | tools.email.enable = true; | 300 | tools.email.enable = true; |
300 | 301 | ||
diff --git a/modules/private/websites/tools/performance/default.nix b/modules/private/websites/tools/performance/default.nix new file mode 100644 index 0000000..df2b58d --- /dev/null +++ b/modules/private/websites/tools/performance/default.nix | |||
@@ -0,0 +1,89 @@ | |||
1 | { pkgs, lib, config, ... }: | ||
2 | let | ||
3 | env = config.myEnv.tools.status_engine; | ||
4 | package = pkgs.status_engine.interface.override({ config_file = config.secrets.fullPaths."status_engine_ui"; }); | ||
5 | apacheRoot = "${package}/public"; | ||
6 | cfg = config.myServices.websites.tools.performance; | ||
7 | in | ||
8 | { | ||
9 | options.myServices.websites.tools.performance = { | ||
10 | enable = lib.mkEnableOption "Enable performance website"; | ||
11 | }; | ||
12 | |||
13 | config = lib.mkIf cfg.enable { | ||
14 | secrets.keys = [ | ||
15 | { | ||
16 | dest = "status_engine_ui"; | ||
17 | permissions = "0400"; | ||
18 | user = "wwwrun"; | ||
19 | group = "wwwrun"; | ||
20 | text = '' | ||
21 | allow_anonymous: 0 | ||
22 | anonymous_can_submit_commands: 0 | ||
23 | urls_without_login: | ||
24 | - login | ||
25 | - loginstate | ||
26 | auth_type: ldap | ||
27 | ldap_server: ${env.ldap.host} | ||
28 | ldap_use_ssl: 1 | ||
29 | ldap_port: 636 | ||
30 | ldap_bind_dn: ${env.ldap.dn} | ||
31 | ldap_bind_password: ${env.ldap.password} | ||
32 | ldap_base_dn: ${env.ldap.base} | ||
33 | ldap_filter: "${env.ldap.filter}" | ||
34 | ldap_attribute: | ||
35 | - memberOf | ||
36 | use_crate: 0 | ||
37 | use_mysql: 1 | ||
38 | mysql: | ||
39 | host: 127.0.0.1 | ||
40 | port: ${env.mysql.port} | ||
41 | username: ${env.mysql.user} | ||
42 | password: ${env.mysql.password} | ||
43 | database: ${env.mysql.database} | ||
44 | display_perfdata: 1 | ||
45 | perfdata_backend: mysql | ||
46 | ''; | ||
47 | } | ||
48 | ]; | ||
49 | |||
50 | services.websites.env.tools.modules = [ "proxy_fcgi" ]; | ||
51 | |||
52 | services.websites.env.tools.vhostConfs.performance = { | ||
53 | certName = "eldiron"; | ||
54 | addToCerts = true; | ||
55 | hosts = [ "performance.immae.eu" ]; | ||
56 | root = apacheRoot; | ||
57 | extraConfig = [ | ||
58 | '' | ||
59 | <Directory ${apacheRoot}> | ||
60 | DirectoryIndex index.html | ||
61 | AllowOverride None | ||
62 | Require all granted | ||
63 | <FilesMatch "\.php$"> | ||
64 | SetHandler "proxy:unix:${config.services.phpfpm.pools.status_engine.socket}|fcgi://localhost" | ||
65 | </FilesMatch> | ||
66 | </Directory> | ||
67 | '' | ||
68 | ]; | ||
69 | }; | ||
70 | |||
71 | services.phpfpm.pools.status_engine = { | ||
72 | user = "wwwrun"; | ||
73 | group = "wwwrun"; | ||
74 | settings = { | ||
75 | "listen.owner" = "wwwrun"; | ||
76 | "listen.group" = "wwwrun"; | ||
77 | "pm" = "dynamic"; | ||
78 | "pm.max_children" = "60"; | ||
79 | "pm.start_servers" = "2"; | ||
80 | "pm.min_spare_servers" = "1"; | ||
81 | "pm.max_spare_servers" = "10"; | ||
82 | |||
83 | "php_admin_value[open_basedir]" = "${package}:/tmp:/var/secrets/status_engine_ui"; | ||
84 | }; | ||
85 | phpPackage = pkgs.php74; | ||
86 | }; | ||
87 | |||
88 | }; | ||
89 | } | ||