2 files changed, 79 insertions, 0 deletions
diff --git a/nixops/modules/websites/tools/tools/default.nix b/nixops/modules/websites/tools/tools/default.nix
index 076d465..b1fd8f2 100644
--- a/nixops/modules/websites/tools/tools/default.nix
+++ b/nixops/modules/websites/tools/tools/default.nix
@@ -9,6 +9,7 @@ let
      env = myconfig.env.tools.ttrss;
    };
    roundcubemail = pkgs.callPackage ./roundcubemail.nix { env = myconfig.env.tools.roundcubemail; };
+    rainloop = pkgs.callPackage ./rainloop.nix  {};
    kanboard = pkgs.callPackage ./kanboard.nix  {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.kanboard;
@@ -40,6 +41,10 @@ in {
  config = lib.mkIf cfg.enable {
    security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
+    security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null;
+    services.myWebsites.integration.modules =
+      rainloop.apache.modules;
    services.myWebsites.tools.modules =
      [ "proxy_fcgi" ]
@@ -57,6 +62,15 @@ in {
    services.ympd = ympd.config // { enable = true; };
+    services.myWebsites.integration.vhostConfs.devtools = {
+      certName    = "eldiron";
+      hosts       = ["devtools.immae.eu" ];
+      root        = null;
+      extraConfig = [
+        rainloop.apache.vhostConf
+      ];
+    };
    services.myWebsites.tools.vhostConfs.tools = {
      certName    = "eldiron";
      hosts       = ["tools.immae.eu" ];
@@ -122,6 +136,7 @@ in {
      shaarli = shaarli.phpFpm.pool;
      dokuwiki = dokuwiki.phpFpm.pool;
      ldap = ldap.phpFpm.pool;
+      rainloop = rainloop.phpFpm.pool;
      kanboard = kanboard.phpFpm.pool;
      tools = ''
        listen = /var/run/phpfpm/tools.sock
@@ -149,6 +164,7 @@ in {
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
+      rainloop = rainloop.activationScript;
      kanboard = kanboard.activationScript;
    };
@@ -162,6 +178,7 @@ in {
      ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName}
      ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName}
      ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName}
+      ln -s ${rainloop.webRoot} $out/webapps/${rainloop.apache.webappName}
      ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName}
      '';
diff --git a/nixops/modules/websites/tools/tools/rainloop.nix b/nixops/modules/websites/tools/tools/rainloop.nix
new file mode 100644
index 0000000..7aaa4eb
--- /dev/null
+++ b/nixops/modules/websites/tools/tools/rainloop.nix
@@ -0,0 +1,62 @@
+{ lib, pkgs, writeText, stdenv, fetchurl }:
+rec {
+  varDir = "/var/lib/rainloop";
+  activationScript = {
+    deps = [ "wrappers" ];
+    text = ''
+      install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}
+      install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
+      install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/data
+    '';
+  };
+  webRoot = pkgs.rainloop-community.overrideAttrs(old: {
+    installPhase = old.installPhase + ''
+      ln -sf ${varDir}/data $out/data
+      '';
+  });
+  apache = rec {
+    user = "wwwrun";
+    group = "wwwrun";
+    modules = [ "proxy_fcgi" ];
+    webappName = "tools_rainloop";
+    root = "/run/current-system/webapps/${webappName}";
+    vhostConf = ''
+    Alias /rainloop "${root}"
+    <Directory "${root}">
+      DirectoryIndex index.php
+      AllowOverride All
+      Options -FollowSymlinks
+      Require all granted
+      <FilesMatch "\.php$">
+        SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+      </FilesMatch>
+    </Directory>
+    <DirectoryMatch "${root}/data">
+      Require all denied
+    </DirectoryMatch>
+    '';
+  };
+  phpFpm = rec {
+    basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
+    socket = "/var/run/phpfpm/rainloop.sock";
+    pool = ''
+      listen = ${socket}
+      user = ${apache.user}
+      group = ${apache.group}
+      listen.owner = ${apache.user}
+      listen.group = ${apache.group}
+      pm = ondemand
+      pm.max_children = 60
+      pm.process_idle_timeout = 60
+      ; Needed to avoid clashes in browser cookies (same domain)
+      php_value[session.name] = RainloopPHPSESSID
+      php_admin_value[upload_max_filesize] = 200M
+      php_admin_value[post_max_size] = 200M
+      php_admin_value[open_basedir] = "${basedir}:/tmp"
+      php_admin_value[session.save_path] = "${varDir}/phpSessions"
+      '';
+  };
+}

diff --git a/nixops/modules/websites/tools/tools/default.nix b/nixops/modules/websites/tools/tools/default.nix index 076d465..b1fd8f2 100644 --- a/nixops/modules/websites/tools/tools/default.nix +++ b/nixops/modules/websites/tools/tools/default.nix
@@ -9,6 +9,7 @@ let
9	env = myconfig.env.tools.ttrss;	9	env = myconfig.env.tools.ttrss;
10	};	10	};
11	roundcubemail = pkgs.callPackage ./roundcubemail.nix { env = myconfig.env.tools.roundcubemail; };	11	roundcubemail = pkgs.callPackage ./roundcubemail.nix { env = myconfig.env.tools.roundcubemail; };
		12	rainloop = pkgs.callPackage ./rainloop.nix {};
12	kanboard = pkgs.callPackage ./kanboard.nix {	13	kanboard = pkgs.callPackage ./kanboard.nix {
13	inherit (mylibs) fetchedGithub;	14	inherit (mylibs) fetchedGithub;
14	env = myconfig.env.tools.kanboard;	15	env = myconfig.env.tools.kanboard;
@@ -40,6 +41,10 @@ in {
40		41
41	config = lib.mkIf cfg.enable {	42	config = lib.mkIf cfg.enable {
42	security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;	43	security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
		44	security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null;
		45
		46	services.myWebsites.integration.modules =
		47	rainloop.apache.modules;
43		48
44	services.myWebsites.tools.modules =	49	services.myWebsites.tools.modules =
45	[ "proxy_fcgi" ]	50	[ "proxy_fcgi" ]
@@ -57,6 +62,15 @@ in {
57		62
58	services.ympd = ympd.config // { enable = true; };	63	services.ympd = ympd.config // { enable = true; };
59		64
		65	services.myWebsites.integration.vhostConfs.devtools = {
		66	certName = "eldiron";
		67	hosts = ["devtools.immae.eu" ];
		68	root = null;
		69	extraConfig = [
		70	rainloop.apache.vhostConf
		71	];
		72	};
		73
60	services.myWebsites.tools.vhostConfs.tools = {	74	services.myWebsites.tools.vhostConfs.tools = {
61	certName = "eldiron";	75	certName = "eldiron";
62	hosts = ["tools.immae.eu" ];	76	hosts = ["tools.immae.eu" ];
@@ -122,6 +136,7 @@ in {
122	shaarli = shaarli.phpFpm.pool;	136	shaarli = shaarli.phpFpm.pool;
123	dokuwiki = dokuwiki.phpFpm.pool;	137	dokuwiki = dokuwiki.phpFpm.pool;
124	ldap = ldap.phpFpm.pool;	138	ldap = ldap.phpFpm.pool;
		139	rainloop = rainloop.phpFpm.pool;
125	kanboard = kanboard.phpFpm.pool;	140	kanboard = kanboard.phpFpm.pool;
126	tools = ''	141	tools = ''
127	listen = /var/run/phpfpm/tools.sock	142	listen = /var/run/phpfpm/tools.sock
@@ -149,6 +164,7 @@ in {
149	rompr = rompr.activationScript;	164	rompr = rompr.activationScript;
150	shaarli = shaarli.activationScript;	165	shaarli = shaarli.activationScript;
151	dokuwiki = dokuwiki.activationScript;	166	dokuwiki = dokuwiki.activationScript;
		167	rainloop = rainloop.activationScript;
152	kanboard = kanboard.activationScript;	168	kanboard = kanboard.activationScript;
153	};	169	};
154		170
@@ -162,6 +178,7 @@ in {
162	ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName}	178	ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName}
163	ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName}	179	ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName}
164	ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName}	180	ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName}
		181	ln -s ${rainloop.webRoot} $out/webapps/${rainloop.apache.webappName}
165	ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName}	182	ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName}
166	'';	183	'';
167		184


diff --git a/nixops/modules/websites/tools/tools/rainloop.nix b/nixops/modules/websites/tools/tools/rainloop.nix new file mode 100644 index 0000000..7aaa4eb --- /dev/null +++ b/nixops/modules/websites/tools/tools/rainloop.nix
@@ -0,0 +1,62 @@
		1	{ lib, pkgs, writeText, stdenv, fetchurl }:
		2	rec {
		3	varDir = "/var/lib/rainloop";
		4	activationScript = {
		5	deps = [ "wrappers" ];
		6	text = ''
		7	install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}
		8	install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
		9	install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/data
		10	'';
		11	};
		12	webRoot = pkgs.rainloop-community.overrideAttrs(old: {
		13	installPhase = old.installPhase + ''
		14	ln -sf ${varDir}/data $out/data
		15	'';
		16	});
		17	apache = rec {
		18	user = "wwwrun";
		19	group = "wwwrun";
		20	modules = [ "proxy_fcgi" ];
		21	webappName = "tools_rainloop";
		22	root = "/run/current-system/webapps/${webappName}";
		23	vhostConf = ''
		24	Alias /rainloop "${root}"
		25	<Directory "${root}">
		26	DirectoryIndex index.php
		27	AllowOverride All
		28	Options -FollowSymlinks
		29	Require all granted
		30
		31	<FilesMatch "\.php$">
		32	SetHandler "proxy:unix:${phpFpm.socket}\|fcgi://localhost"
		33	</FilesMatch>
		34	</Directory>
		35
		36	<DirectoryMatch "${root}/data">
		37	Require all denied
		38	</DirectoryMatch>
		39	'';
		40	};
		41	phpFpm = rec {
		42	basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
		43	socket = "/var/run/phpfpm/rainloop.sock";
		44	pool = ''
		45	listen = ${socket}
		46	user = ${apache.user}
		47	group = ${apache.group}
		48	listen.owner = ${apache.user}
		49	listen.group = ${apache.group}
		50	pm = ondemand
		51	pm.max_children = 60
		52	pm.process_idle_timeout = 60
		53
		54	; Needed to avoid clashes in browser cookies (same domain)
		55	php_value[session.name] = RainloopPHPSESSID
		56	php_admin_value[upload_max_filesize] = 200M
		57	php_admin_value[post_max_size] = 200M
		58	php_admin_value[open_basedir] = "${basedir}:/tmp"
		59	php_admin_value[session.save_path] = "${varDir}/phpSessions"
		60	'';
		61	};
		62	}