aboutsummaryrefslogtreecommitdiff
path: root/modules/private/websites
diff options
context:
space:
mode:
Diffstat (limited to 'modules/private/websites')
-rw-r--r--modules/private/websites/default.nix1
-rw-r--r--modules/private/websites/tools/performance/default.nix89
2 files changed, 90 insertions, 0 deletions
diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix
index 864d5d9..f84567e 100644
--- a/modules/private/websites/default.nix
+++ b/modules/private/websites/default.nix
@@ -295,6 +295,7 @@ in
295 tools.mastodon.enable = true; 295 tools.mastodon.enable = true;
296 tools.mediagoblin.enable = true; 296 tools.mediagoblin.enable = true;
297 tools.peertube.enable = true; 297 tools.peertube.enable = true;
298 tools.performance.enable = true;
298 tools.tools.enable = true; 299 tools.tools.enable = true;
299 tools.email.enable = true; 300 tools.email.enable = true;
300 301
diff --git a/modules/private/websites/tools/performance/default.nix b/modules/private/websites/tools/performance/default.nix
new file mode 100644
index 0000000..df2b58d
--- /dev/null
+++ b/modules/private/websites/tools/performance/default.nix
@@ -0,0 +1,89 @@
1{ pkgs, lib, config, ... }:
2let
3 env = config.myEnv.tools.status_engine;
4 package = pkgs.status_engine.interface.override({ config_file = config.secrets.fullPaths."status_engine_ui"; });
5 apacheRoot = "${package}/public";
6 cfg = config.myServices.websites.tools.performance;
7in
8{
9 options.myServices.websites.tools.performance = {
10 enable = lib.mkEnableOption "Enable performance website";
11 };
12
13 config = lib.mkIf cfg.enable {
14 secrets.keys = [
15 {
16 dest = "status_engine_ui";
17 permissions = "0400";
18 user = "wwwrun";
19 group = "wwwrun";
20 text = ''
21 allow_anonymous: 0
22 anonymous_can_submit_commands: 0
23 urls_without_login:
24 - login
25 - loginstate
26 auth_type: ldap
27 ldap_server: ${env.ldap.host}
28 ldap_use_ssl: 1
29 ldap_port: 636
30 ldap_bind_dn: ${env.ldap.dn}
31 ldap_bind_password: ${env.ldap.password}
32 ldap_base_dn: ${env.ldap.base}
33 ldap_filter: "${env.ldap.filter}"
34 ldap_attribute:
35 - memberOf
36 use_crate: 0
37 use_mysql: 1
38 mysql:
39 host: 127.0.0.1
40 port: ${env.mysql.port}
41 username: ${env.mysql.user}
42 password: ${env.mysql.password}
43 database: ${env.mysql.database}
44 display_perfdata: 1
45 perfdata_backend: mysql
46 '';
47 }
48 ];
49
50 services.websites.env.tools.modules = [ "proxy_fcgi" ];
51
52 services.websites.env.tools.vhostConfs.performance = {
53 certName = "eldiron";
54 addToCerts = true;
55 hosts = [ "performance.immae.eu" ];
56 root = apacheRoot;
57 extraConfig = [
58 ''
59 <Directory ${apacheRoot}>
60 DirectoryIndex index.html
61 AllowOverride None
62 Require all granted
63 <FilesMatch "\.php$">
64 SetHandler "proxy:unix:${config.services.phpfpm.pools.status_engine.socket}|fcgi://localhost"
65 </FilesMatch>
66 </Directory>
67 ''
68 ];
69 };
70
71 services.phpfpm.pools.status_engine = {
72 user = "wwwrun";
73 group = "wwwrun";
74 settings = {
75 "listen.owner" = "wwwrun";
76 "listen.group" = "wwwrun";
77 "pm" = "dynamic";
78 "pm.max_children" = "60";
79 "pm.start_servers" = "2";
80 "pm.min_spare_servers" = "1";
81 "pm.max_spare_servers" = "10";
82
83 "php_admin_value[open_basedir]" = "${package}:/tmp:/var/secrets/status_engine_ui";
84 };
85 phpPackage = pkgs.php74;
86 };
87
88 };
89}