diff options
Diffstat (limited to 'nixops/modules/websites/tools/dav/davical.nix')
-rw-r--r-- | nixops/modules/websites/tools/dav/davical.nix | 272 |
1 files changed, 118 insertions, 154 deletions
diff --git a/nixops/modules/websites/tools/dav/davical.nix b/nixops/modules/websites/tools/dav/davical.nix index 1e3893f..6b37f11 100644 --- a/nixops/modules/websites/tools/dav/davical.nix +++ b/nixops/modules/websites/tools/dav/davical.nix | |||
@@ -1,169 +1,133 @@ | |||
1 | { stdenv, fetchurl, gettext, writeText, env }: | 1 | { stdenv, fetchurl, gettext, writeText, env, awl, davical }: |
2 | let | 2 | rec { |
3 | awl = stdenv.mkDerivation rec { | 3 | keys = [{ |
4 | version = "0.59"; | 4 | dest = "webapps/dav-davical"; |
5 | name = "awl-${version}"; | 5 | user = apache.user; |
6 | src = fetchurl { | 6 | group = apache.group; |
7 | url = "https://www.davical.org/downloads/awl_${version}.orig.tar.xz"; | 7 | permissions = "0400"; |
8 | sha256 = "01b7km7ga3ggbpp8axkc55nizgk5c35fl2z93iydb3hwbxmsvnjp"; | 8 | text = '' |
9 | }; | 9 | <?php |
10 | unpackCmd = '' | 10 | $c->pg_connect[] = "dbname=${env.postgresql.database} user=${env.postgresql.user} host=${env.postgresql.socket} password=${env.postgresql.password}"; |
11 | tar --one-top-level -xf $curSrc | ||
12 | ''; | ||
13 | installPhase = '' | ||
14 | mkdir -p $out | ||
15 | cp -ra dba docs inc scripts tests $out | ||
16 | ''; | ||
17 | }; | ||
18 | davical = rec { | ||
19 | keys = [{ | ||
20 | dest = "webapps/dav-davical"; | ||
21 | user = apache.user; | ||
22 | group = apache.group; | ||
23 | permissions = "0400"; | ||
24 | text = '' | ||
25 | <?php | ||
26 | $c->pg_connect[] = "dbname=${env.postgresql.database} user=${env.postgresql.user} host=${env.postgresql.socket} password=${env.postgresql.password}"; | ||
27 | 11 | ||
28 | $c->readonly_webdav_collections = false; | 12 | $c->readonly_webdav_collections = false; |
29 | 13 | ||
30 | $c->admin_email ='davical@tools.immae.eu'; | 14 | $c->admin_email ='davical@tools.immae.eu'; |
31 | 15 | ||
32 | $c->restrict_setup_to_admin = true; | 16 | $c->restrict_setup_to_admin = true; |
33 | 17 | ||
34 | $c->collections_always_exist = false; | 18 | $c->collections_always_exist = false; |
35 | 19 | ||
36 | $c->external_refresh = 60; | 20 | $c->external_refresh = 60; |
37 | 21 | ||
38 | $c->enable_scheduling = true; | 22 | $c->enable_scheduling = true; |
39 | 23 | ||
40 | $c->iMIP = (object) array("send_email" => true); | 24 | $c->iMIP = (object) array("send_email" => true); |
41 | 25 | ||
42 | $c->authenticate_hook['optional'] = false; | 26 | $c->authenticate_hook['optional'] = false; |
43 | $c->authenticate_hook['call'] = 'LDAP_check'; | 27 | $c->authenticate_hook['call'] = 'LDAP_check'; |
44 | $c->authenticate_hook['config'] = array( | 28 | $c->authenticate_hook['config'] = array( |
45 | 'host' => 'ldap.immae.eu', | 29 | 'host' => 'ldap.immae.eu', |
46 | 'port' => '389', | 30 | 'port' => '389', |
47 | 'startTLS' => 'yes', | 31 | 'startTLS' => 'yes', |
48 | 'bindDN'=> 'cn=davical,ou=services,dc=immae,dc=eu', | 32 | 'bindDN'=> 'cn=davical,ou=services,dc=immae,dc=eu', |
49 | 'passDN'=> '${env.ldap.password}', | 33 | 'passDN'=> '${env.ldap.password}', |
50 | 'protocolVersion' => '3', | 34 | 'protocolVersion' => '3', |
51 | 'baseDNUsers'=> array('ou=users,dc=immae,dc=eu', 'ou=group_users,dc=immae,dc=eu'), | 35 | 'baseDNUsers'=> array('ou=users,dc=immae,dc=eu', 'ou=group_users,dc=immae,dc=eu'), |
52 | 'filterUsers' => 'memberOf=cn=users,cn=davical,ou=services,dc=immae,dc=eu', | 36 | 'filterUsers' => 'memberOf=cn=users,cn=davical,ou=services,dc=immae,dc=eu', |
53 | 'baseDNGroups' => 'ou=groups,dc=immae,dc=eu', | 37 | 'baseDNGroups' => 'ou=groups,dc=immae,dc=eu', |
54 | 'filterGroups' => 'memberOf=cn=groups,cn=davical,ou=services,dc=immae,dc=eu', | 38 | 'filterGroups' => 'memberOf=cn=groups,cn=davical,ou=services,dc=immae,dc=eu', |
55 | 'mapping_field' => array( | 39 | 'mapping_field' => array( |
56 | "username" => "uid", | 40 | "username" => "uid", |
57 | "fullname" => "cn", | 41 | "fullname" => "cn", |
58 | "email" => "mail", | 42 | "email" => "mail", |
59 | "modified" => "modifyTimestamp", | 43 | "modified" => "modifyTimestamp", |
60 | ), | 44 | ), |
61 | 'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)), | 45 | 'format_updated'=> array('Y' => array(0,4),'m' => array(4,2),'d'=> array(6,2),'H' => array(8,2),'M'=>array(10,2),'S' => array(12,2)), |
62 | /** used to set default value for all users, will be overcharged by ldap if defined also in mapping_field **/ | 46 | /** used to set default value for all users, will be overcharged by ldap if defined also in mapping_field **/ |
63 | // 'default_value' => array("date_format_type" => "E","locale" => "fr_FR"), | 47 | // 'default_value' => array("date_format_type" => "E","locale" => "fr_FR"), |
64 | 'group_mapping_field' => array( | 48 | 'group_mapping_field' => array( |
65 | "username" => "cn", | 49 | "username" => "cn", |
66 | "updated" => "modifyTimestamp", | 50 | "updated" => "modifyTimestamp", |
67 | "fullname" => "givenName", | 51 | "fullname" => "givenName", |
68 | "displayname" => "givenName", | 52 | "displayname" => "givenName", |
69 | "members" => "memberUid", | 53 | "members" => "memberUid", |
70 | "email" => "mail", | 54 | "email" => "mail", |
71 | ), | 55 | ), |
72 | ); | 56 | ); |
73 | 57 | ||
74 | $c->do_not_sync_from_ldap = array('admin' => true); | 58 | $c->do_not_sync_from_ldap = array('admin' => true); |
75 | include('drivers_ldap.php'); | 59 | include('drivers_ldap.php'); |
76 | ''; | 60 | ''; |
77 | }]; | 61 | }]; |
78 | webapp = stdenv.mkDerivation rec { | 62 | webapp = davical.override { config = "/var/secrets/webapps/dav-davical"; }; |
79 | version = "1.1.7"; | 63 | webRoot = "${webapp}/htdocs"; |
80 | name = "davical-${version}"; | 64 | apache = rec { |
81 | src = fetchurl { | 65 | user = "wwwrun"; |
82 | url = "https://www.davical.org/downloads/davical_${version}.orig.tar.xz"; | 66 | group = "wwwrun"; |
83 | sha256 = "1ar5m2dxr92b204wkdi8z33ir9vz2jbh5k1p74icpv9ywifvjjp9"; | 67 | modules = [ "proxy_fcgi" ]; |
84 | }; | 68 | webappName = "tools_davical"; |
85 | unpackCmd = '' | 69 | root = "/run/current-system/webapps/${webappName}"; |
86 | tar --one-top-level -xf $curSrc | 70 | vhostConf = '' |
87 | ''; | 71 | Alias /davical "${root}" |
88 | makeFlags = "all"; | 72 | Alias /caldav.php "${root}/caldav.php" |
89 | patches = [ ./davical_19eb79ebf9250e5f339675319902458c40ed1755.patch ]; | 73 | <Directory "${root}"> |
90 | installPhase = '' | 74 | DirectoryIndex index.php index.html |
91 | mkdir -p $out | 75 | AcceptPathInfo On |
92 | cp -ra config dba docs htdocs inc locale po scripts testing zonedb $out | 76 | AllowOverride None |
93 | ln -s /var/secrets/webapps/dav-davical $out/config/config.php | 77 | Require all granted |
94 | ''; | ||
95 | buildInputs = [ gettext ]; | ||
96 | }; | ||
97 | webRoot = "${webapp}/htdocs"; | ||
98 | apache = rec { | ||
99 | user = "wwwrun"; | ||
100 | group = "wwwrun"; | ||
101 | modules = [ "proxy_fcgi" ]; | ||
102 | webappName = "tools_davical"; | ||
103 | root = "/run/current-system/webapps/${webappName}"; | ||
104 | vhostConf = '' | ||
105 | Alias /davical "${root}" | ||
106 | Alias /caldav.php "${root}/caldav.php" | ||
107 | <Directory "${root}"> | ||
108 | DirectoryIndex index.php index.html | ||
109 | AcceptPathInfo On | ||
110 | AllowOverride None | ||
111 | Require all granted | ||
112 | 78 | ||
113 | <FilesMatch "\.php$"> | 79 | <FilesMatch "\.php$"> |
114 | CGIPassAuth on | 80 | CGIPassAuth on |
115 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | 81 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" |
116 | </FilesMatch> | 82 | </FilesMatch> |
117 | 83 | ||
118 | RewriteEngine On | 84 | RewriteEngine On |
119 | <IfModule mod_headers.c> | 85 | <IfModule mod_headers.c> |
120 | Header unset Access-Control-Allow-Origin | 86 | Header unset Access-Control-Allow-Origin |
121 | Header unset Access-Control-Allow-Methods | 87 | Header unset Access-Control-Allow-Methods |
122 | Header unset Access-Control-Allow-Headers | 88 | Header unset Access-Control-Allow-Headers |
123 | Header unset Access-Control-Allow-Credentials | 89 | Header unset Access-Control-Allow-Credentials |
124 | Header unset Access-Control-Expose-Headers | 90 | Header unset Access-Control-Expose-Headers |
125 | 91 | ||
126 | Header always set Access-Control-Allow-Origin "*" | 92 | Header always set Access-Control-Allow-Origin "*" |
127 | Header always set Access-Control-Allow-Methods "GET,POST,OPTIONS,PROPFIND,PROPPATCH,REPORT,PUT,MOVE,DELETE,LOCK,UNLOCK" | 93 | Header always set Access-Control-Allow-Methods "GET,POST,OPTIONS,PROPFIND,PROPPATCH,REPORT,PUT,MOVE,DELETE,LOCK,UNLOCK" |
128 | Header always set Access-Control-Allow-Headers "User-Agent,Authorization,Content-type,Depth,If-match,If-None-Match,Lock-Token,Timeout,Destination,Overwrite,Prefer,X-client,X-Requested-With" | 94 | Header always set Access-Control-Allow-Headers "User-Agent,Authorization,Content-type,Depth,If-match,If-None-Match,Lock-Token,Timeout,Destination,Overwrite,Prefer,X-client,X-Requested-With" |
129 | Header always set Access-Control-Allow-Credentials false | 95 | Header always set Access-Control-Allow-Credentials false |
130 | Header always set Access-Control-Expose-Headers "Etag,Preference-Applied" | 96 | Header always set Access-Control-Expose-Headers "Etag,Preference-Applied" |
131 | 97 | ||
132 | RewriteCond %{HTTP:Access-Control-Request-Method} !^$ | 98 | RewriteCond %{HTTP:Access-Control-Request-Method} !^$ |
133 | RewriteCond %{REQUEST_METHOD} OPTIONS | 99 | RewriteCond %{REQUEST_METHOD} OPTIONS |
134 | RewriteRule ^(.*)$ $1 [R=200,L] | 100 | RewriteRule ^(.*)$ $1 [R=200,L] |
135 | </IfModule> | 101 | </IfModule> |
136 | </Directory> | 102 | </Directory> |
137 | ''; | 103 | ''; |
138 | }; | 104 | }; |
139 | phpFpm = rec { | 105 | phpFpm = rec { |
140 | serviceDeps = [ "postgresql.service" "openldap.service" ]; | 106 | serviceDeps = [ "postgresql.service" "openldap.service" ]; |
141 | basedir = builtins.concatStringsSep ":" [ webapp "/var/secrets/webapps/dav-davical" awl ]; | 107 | basedir = builtins.concatStringsSep ":" [ webapp "/var/secrets/webapps/dav-davical" awl ]; |
142 | socket = "/var/run/phpfpm/davical.sock"; | 108 | socket = "/var/run/phpfpm/davical.sock"; |
143 | pool = '' | 109 | pool = '' |
144 | listen = ${socket} | 110 | listen = ${socket} |
145 | user = ${apache.user} | 111 | user = ${apache.user} |
146 | group = ${apache.group} | 112 | group = ${apache.group} |
147 | listen.owner = ${apache.user} | 113 | listen.owner = ${apache.user} |
148 | listen.group = ${apache.group} | 114 | listen.group = ${apache.group} |
149 | pm = dynamic | 115 | pm = dynamic |
150 | pm.max_children = 60 | 116 | pm.max_children = 60 |
151 | pm.start_servers = 2 | 117 | pm.start_servers = 2 |
152 | pm.min_spare_servers = 1 | 118 | pm.min_spare_servers = 1 |
153 | pm.max_spare_servers = 10 | 119 | pm.max_spare_servers = 10 |
154 | 120 | ||
155 | ; Needed to avoid clashes in browser cookies (same domain) | 121 | ; Needed to avoid clashes in browser cookies (same domain) |
156 | php_value[session.name] = DavicalPHPSESSID | 122 | php_value[session.name] = DavicalPHPSESSID |
157 | php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/davical" | 123 | php_admin_value[open_basedir] = "${basedir}:/tmp:/var/lib/php/sessions/davical" |
158 | php_admin_value[include_path] = "${awl}/inc:${webapp}/inc" | 124 | php_admin_value[include_path] = "${awl}/inc:${webapp}/inc" |
159 | php_admin_value[session.save_path] = "/var/lib/php/sessions/davical" | 125 | php_admin_value[session.save_path] = "/var/lib/php/sessions/davical" |
160 | php_flag[magic_quotes_gpc] = Off | 126 | php_flag[magic_quotes_gpc] = Off |
161 | php_flag[register_globals] = Off | 127 | php_flag[register_globals] = Off |
162 | php_admin_value[error_reporting] = "E_ALL & ~E_NOTICE" | 128 | php_admin_value[error_reporting] = "E_ALL & ~E_NOTICE" |
163 | php_admin_value[default_charset] = "utf-8" | 129 | php_admin_value[default_charset] = "utf-8" |
164 | php_flag[magic_quotes_runtime] = Off | 130 | php_flag[magic_quotes_runtime] = Off |
165 | ''; | 131 | ''; |
166 | }; | ||
167 | }; | 132 | }; |
168 | in | 133 | } |
169 | davical | ||