4 files changed, 324 insertions, 0 deletions
diff --git a/systems/eldiron/websites/git/cgit_js.html b/systems/eldiron/websites/git/cgit_js.html
new file mode 100644
index 0000000..4101071
--- /dev/null
+++ b/systems/eldiron/websites/git/cgit_js.html
@@ -0,0 +1,16 @@
+<script src="https://assets.immae.eu/jquery/3.5.1/jquery.min.js"></script>
+<script type="application/javascript">
+  $(document).ready(function() {
+    const linksObject = {
+      "/github/fretlink": "Fretlink Open-source Github forks",
+      "/github": "Github forks",
+      "/perso/Denise": "Denise",
+      "/perso/Immae": "Immae",
+    }
+    function toRow(href, name) {
+      return `<a href='/cgit${href}'>${name}</a>`;
+    }
+    const links = Object.keys(linksObject).map(function(k) { return toRow(k, linksObject[k]); }).join("");
+    $("table.tabs a.active[href='/cgit/']").after(links);
+  });
+</script>
diff --git a/systems/eldiron/websites/git/default.nix b/systems/eldiron/websites/git/default.nix
new file mode 100644
index 0000000..46ba34d
--- /dev/null
+++ b/systems/eldiron/websites/git/default.nix
@@ -0,0 +1,98 @@
+{ lib, pkgs, config, ... }:
+let
+    mantisbt = pkgs.callPackage ./mantisbt.nix {
+      mantisbt_2 = pkgs.webapps-mantisbt_2;
+      mantisbt_2-plugins = pkgs.webapps-mantisbt_2-plugins;
+      env = config.myEnv.tools.mantisbt;
+      inherit config;
+    };
+    gitweb = pkgs.callPackage ./gitweb.nix {
+      gitoliteDir = config.myServices.gitolite.gitoliteDir;
+    };
+    cfg = config.myServices.websites.tools.git;
+in {
+  options.myServices.websites.tools.git = {
+    enable = lib.mkEnableOption "enable git's website";
+  };
+  config = lib.mkIf cfg.enable {
+    myServices.chatonsProperties.services.mantisbt = {
+      file.datetime = "2022-08-21T10:08:00";
+      service = {
+        name = "MantisBT";
+        description = "Mantis Bug Tracker";
+        website = "https://git.immae.eu/mantisbt";
+        logo = "https://git.immae.eu/mantisbt/images/favicon.ico";
+        status.level = "OK";
+        status.description = "OK";
+        registration."" = ["MEMBER" "CLIENT"];
+        registration.load = "OPEN";
+        install.type = "PACKAGE";
+        guide.user = "https://www.immae.eu/docs/forge-logicielle.html";
+      };
+      software = {
+        name = "MantisBT";
+        website = "https://mantisbt.org/";
+        license.url = "https://opensource.org/licenses/gpl-license";
+        license.name = "GNU General Public License";
+        version = mantisbt.webRoot.version;
+        source.url = "https://github.com/mantisbt/mantisbt";
+        modules = mantisbt.webRoot.pluginNames;
+      };
+    };
+    secrets.keys = mantisbt.keys;
+    services.websites.env.tools.modules =
+      gitweb.apache.modules ++
+      mantisbt.apache.modules;
+    security.acme.certs.eldiron.extraDomainNames = [ "git.immae.eu" ];
+    services.websites.env.tools.vhostConfs.git = {
+      certName    = "eldiron";
+      hosts       = ["git.immae.eu" ];
+      root        = gitweb.apache.root;
+      extraConfig = [
+        gitweb.apache.vhostConf
+        (mantisbt.apache.vhostConf config.services.phpfpm.pools.mantisbt.socket)
+        ''
+          RewriteEngine on
+          RewriteCond %{REQUEST_URI}       ^/releases
+          RewriteRule /releases(.*)        https://release.immae.eu$1 [P,L]
+          ''
+      ];
+    };
+    services.phpfpm.pools = {
+      mantisbt = {
+        user = config.services.websites.env.tools.user;
+        group = config.services.websites.env.tools.group;
+        settings = mantisbt.phpFpm.pool;
+        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
+      };
+    };
+    myServices.monitoring.fromMasterActivatedPlugins = [ "http" ];
+    myServices.monitoring.fromMasterObjects.service = [
+      {
+        service_description = "gitweb website is running on git.immae.eu";
+        host_name = config.hostEnv.fqdn;
+        use = "external-web-service";
+        check_command = ["check_https" "git.immae.eu" "/cgit" "<title>Immae’s git"];
+        servicegroups = "webstatus-webapps";
+        _webstatus_name = "Git";
+        _webstatus_url = "https://git.immae.eu/";
+      }
+      {
+        service_description = "mantisbt website is running on git.immae.eu";
+        host_name = config.hostEnv.fqdn;
+        use = "external-web-service";
+        check_command = ["check_https" "git.immae.eu" "/mantisbt/" "<title>My View - MantisBT"];
+        servicegroups = "webstatus-webapps";
+        _webstatus_name = "Mantisbt";
+        _webstatus_url = "https://git.immae.eu/mantisbt";
+      }
+    ];
+  };
+}
diff --git a/systems/eldiron/websites/git/gitweb.nix b/systems/eldiron/websites/git/gitweb.nix
new file mode 100644
index 0000000..40f99e0
--- /dev/null
+++ b/systems/eldiron/websites/git/gitweb.nix
@@ -0,0 +1,124 @@
+{ gitweb, writeText, stdenv, coreutils, writeScript, gitolite, git, cgit, gitoliteDir, mailcap, highlight }:
+rec {
+  varDir = gitoliteDir;
+  config = writeText "gitweb.conf" ''
+    $git_temp = "/tmp";
+    # The directories where your projects are. Must not end with a
+    # slash.
+    $projectroot = "${varDir}/repositories";
+    $projects_list = "${varDir}/projects.list";
+    $strict_export = "true";
+    # Base URLs for links displayed in the web interface.
+    our @git_base_url_list = qw(ssh://gitolite@git.immae.eu https://git.immae.eu);
+    $feature{'blame'}{'default'} = [1];
+    $feature{'avatar'}{'default'} = ['gravatar'];
+    $feature{'highlight'}{'default'} = [1];
+    @stylesheets = ("gitweb-theme/gitweb.css");
+    $logo = "gitweb-theme/git-logo.png";
+    $favicon = "gitweb-theme/git-favicon.png";
+    $javascript = "gitweb-theme/gitweb.js";
+    $logo_url = "https://git.immae.eu/";
+    $projects_list_group_categories = "true";
+    $projects_list_description_width = 60;
+    $project_list_default_category = "__Others__";
+    $highlight_bin = "${highlight}/bin/highlight";
+    '';
+  aboutFilter = writeScript "about-filter.sh" ''
+    #!${stdenv.shell}
+    if [ -f "$CGIT_REPO_PATH/README.html" ]; then
+      cat "$CGIT_REPO_PATH/README.html"
+    else
+      ${cgit}/lib/cgit/filters/about-formatting.sh "$@"
+    fi
+  '';
+  cgitConfig = writeText "cgitrc" ''
+    css=/cgit-css/cgit.css
+    logo=/cgit-css/cgit.png
+    favicon=/cgit-css/favicon.ico
+    head-include=${./cgit_js.html}
+    root-title=Immae’s git
+    root-desc=To go back to the old interface: https://git.immae.eu/?old
+    readme=:README.md
+    readme=:readme.md
+    readme=:README
+    readme=:DOCUMENTATION.md
+    about-filter=${aboutFilter}
+    #${cgit}/lib/cgit/filters/about-formatting.sh
+    source-filter=${cgit}/lib/cgit/filters/syntax-highlighting.py
+    enable-blame=1
+    enable-index-links=1
+    enable-commit-graph=1
+    enable-log-filecount=1
+    enable-log-linecount=1
+    enable-html-serving=1
+    # Allow using gitweb.* keys
+    enable-git-config=1
+    side-by-side-diffs=1
+    snapshots=tar.gz tar.zst zip
+    mimetype-file=${mailcap}/etc/mime.types
+    section=__Others__
+    clone-url=ssh://gitolite@git.immae.eu/$CGIT_REPO_URL https://git.immae.eu/$CGIT_REPO_URL
+    #section-from-path=1
+    project-list=${varDir}/projects.list
+    scan-path=${varDir}/repositories
+    '';
+  apache = rec {
+    user = "wwwrun";
+    group = "wwwrun";
+    modules = [ "cgid" ];
+    root = gitweb;
+    vhostConf = ''
+      SetEnv GIT_PROJECT_ROOT ${varDir}/repositories/
+      ScriptAliasMatch \
+                  "(?x)^/(.*/(HEAD | \
+                                  info/refs | \
+                                  objects/(info/[^/]+ | \
+                                          [0-9a-f]{2}/[0-9a-f]{38} | \
+                                          pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
+                                  git-(upload|receive)-pack))$" \
+                  ${git}/libexec/git-core/git-http-backend/$1
+      <Directory "${git}/libexec/git-core">
+        Require all granted
+      </Directory>
+      <Directory "${root}">
+        DirectoryIndex gitweb.cgi
+        Require all granted
+        AllowOverride None
+        Options ExecCGI FollowSymLinks
+        <Files gitweb.cgi>
+          SetHandler cgi-script
+          SetEnv  GITWEB_CONFIG  "${config}"
+        </Files>
+      </Directory>
+      SetEnv CGIT_CONFIG ${cgitConfig}
+      ScriptAlias /cgit "${cgit}/cgit/cgit.cgi/"
+      Alias /cgit-css "${cgit}/cgit"
+      <Directory "${cgit}/cgit/">
+        AllowOverride None
+        Options ExecCGI FollowSymlinks
+        Require all granted
+      </Directory>
+      RewriteEngine On
+      RewriteCond %{QUERY_STRING} ^$
+      RewriteRule ^/?$ /cgit [L,R=302]
+      RewriteCond %{REQUEST_URI} ^(.*)(\.git)?/?$
+      RewriteCond ${varDir}/repositories/%1.git/HEAD -f
+      RewriteRule ^(.+)$ /cgit$1 [L,R=302]
+      '';
+  };
+}
diff --git a/systems/eldiron/websites/git/mantisbt.nix b/systems/eldiron/websites/git/mantisbt.nix
new file mode 100644
index 0000000..3bd78e1
--- /dev/null
+++ b/systems/eldiron/websites/git/mantisbt.nix
@@ -0,0 +1,86 @@
+{ env, mantisbt_2, mantisbt_2-plugins, config }:
+rec {
+  keys."webapps/tools-mantisbt" = {
+    user = apache.user;
+    group = apache.group;
+    permissions = "0400";
+    text = ''
+      <?php
+      $g_hostname              = '${env.postgresql.socket}';
+      $g_db_username           = '${env.postgresql.user}';
+      $g_db_password           = '${env.postgresql.password}';
+      $g_database_name         = '${env.postgresql.database}';
+      $g_db_type               = 'pgsql';
+      $g_crypto_master_salt    = '${env.master_salt}';
+      $g_allow_signup          = OFF;
+      $g_allow_anonymous_login = ON;
+      $g_anonymous_account     = 'anonymous';
+      $g_phpMailer_method       = PHPMAILER_METHOD_SENDMAIL;
+      $g_smtp_host              = 'localhost';
+      $g_smtp_username          = ''';
+      $g_smtp_password          = ''';
+      $g_webmaster_email        = 'mantisbt@tools.immae.eu';
+      $g_from_email             = 'mantisbt@tools.immae.eu';
+      $g_return_path_email      = 'mantisbt@tools.immae.eu';
+      $g_from_name              = 'Mantis Bug Tracker at git.immae.eu';
+      $g_email_receive_own      = ON;
+      # --- LDAP ---
+      $g_login_method = LDAP;
+      $g_ldap_protocol_version = 3;
+      $g_ldap_server = 'ldaps://${env.ldap.host}:636';
+      $g_ldap_root_dn = 'ou=users,${env.ldap.base}';
+      $g_ldap_bind_dn = '${env.ldap.dn}';
+      $g_ldap_bind_passwd = '${env.ldap.password}';
+      $g_use_ldap_email = ON;
+      $g_use_ldap_realname = ON;
+      $g_ldap_uid_field = 'uid';
+      $g_ldap_realname_field = 'cn';
+      $g_ldap_organization = '${env.ldap.filter}';
+    '';
+  };
+  webRoot = (mantisbt_2.override { mantis_config = config.secrets.fullPaths."webapps/tools-mantisbt"; }).withPlugins (p: [p.slack p.source-integration]);
+  apache = rec {
+    user = "wwwrun";
+    group = "wwwrun";
+    modules = [ "proxy_fcgi" ];
+    root = webRoot;
+    vhostConf = socket: ''
+      Alias /mantisbt "${root}"
+      <Directory "${root}">
+        DirectoryIndex index.php
+        <FilesMatch "\.php$">
+          SetHandler "proxy:unix:${socket}|fcgi://localhost"
+        </FilesMatch>
+        AllowOverride All
+        SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
+        Options FollowSymlinks
+        Require all granted
+      </Directory>
+      <Directory "${root}/admin">
+        #Reenable during upgrade
+        Require all denied
+      </Directory>
+      '';
+  };
+  phpFpm = rec {
+    serviceDeps = [ "postgresql.service" "openldap.service" ];
+    basedir = builtins.concatStringsSep ":" (
+      [ webRoot config.secrets.fullPaths."webapps/tools-mantisbt" ]
+      ++ webRoot.plugins);
+    pool = {
+      "listen.owner" = apache.user;
+      "listen.group" = apache.group;
+      "pm" = "ondemand";
+      "pm.max_children" = "60";
+      "pm.process_idle_timeout" = "60";
+      "php_admin_value[upload_max_filesize]" = "5000000";
+      "php_admin_value[open_basedir]" = "${basedir}:/tmp";
+      "php_admin_value[session.save_handler]" = "redis";
+      "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:MantisBT:'";
+    };
+  };
+}

diff --git a/systems/eldiron/websites/git/cgit_js.html b/systems/eldiron/websites/git/cgit_js.html new file mode 100644 index 0000000..4101071 --- /dev/null +++ b/systems/eldiron/websites/git/cgit_js.html
@@ -0,0 +1,16 @@
	1	<script src="https://assets.immae.eu/jquery/3.5.1/jquery.min.js"></script>
	2	<script type="application/javascript">
	3	$(document).ready(function() {
	4	const linksObject = {
	5	"/github/fretlink": "Fretlink Open-source Github forks",
	6	"/github": "Github forks",
	7	"/perso/Denise": "Denise",
	8	"/perso/Immae": "Immae",
	9	}
	10	function toRow(href, name) {
	11	return `<a href='/cgit${href}'>${name}</a>`;
	12	}
	13	const links = Object.keys(linksObject).map(function(k) { return toRow(k, linksObject[k]); }).join("");
	14	$("table.tabs a.active[href='/cgit/']").after(links);
	15	});
	16	</script>


diff --git a/systems/eldiron/websites/git/default.nix b/systems/eldiron/websites/git/default.nix new file mode 100644 index 0000000..46ba34d --- /dev/null +++ b/systems/eldiron/websites/git/default.nix
@@ -0,0 +1,98 @@
	1	{ lib, pkgs, config, ... }:
	2	let
	3	mantisbt = pkgs.callPackage ./mantisbt.nix {
	4	mantisbt_2 = pkgs.webapps-mantisbt_2;
	5	mantisbt_2-plugins = pkgs.webapps-mantisbt_2-plugins;
	6	env = config.myEnv.tools.mantisbt;
	7	inherit config;
	8	};
	9	gitweb = pkgs.callPackage ./gitweb.nix {
	10	gitoliteDir = config.myServices.gitolite.gitoliteDir;
	11	};
	12
	13	cfg = config.myServices.websites.tools.git;
	14	in {
	15	options.myServices.websites.tools.git = {
	16	enable = lib.mkEnableOption "enable git's website";
	17	};
	18
	19	config = lib.mkIf cfg.enable {
	20	myServices.chatonsProperties.services.mantisbt = {
	21	file.datetime = "2022-08-21T10:08:00";
	22	service = {
	23	name = "MantisBT";
	24	description = "Mantis Bug Tracker";
	25	website = "https://git.immae.eu/mantisbt";
	26	logo = "https://git.immae.eu/mantisbt/images/favicon.ico";
	27	status.level = "OK";
	28	status.description = "OK";
	29	registration."" = ["MEMBER" "CLIENT"];
	30	registration.load = "OPEN";
	31	install.type = "PACKAGE";
	32	guide.user = "https://www.immae.eu/docs/forge-logicielle.html";
	33	};
	34	software = {
	35	name = "MantisBT";
	36	website = "https://mantisbt.org/";
	37	license.url = "https://opensource.org/licenses/gpl-license";
	38	license.name = "GNU General Public License";
	39	version = mantisbt.webRoot.version;
	40	source.url = "https://github.com/mantisbt/mantisbt";
	41	modules = mantisbt.webRoot.pluginNames;
	42	};
	43	};
	44	secrets.keys = mantisbt.keys;
	45	services.websites.env.tools.modules =
	46	gitweb.apache.modules ++
	47	mantisbt.apache.modules;
	48
	49	security.acme.certs.eldiron.extraDomainNames = [ "git.immae.eu" ];
	50	services.websites.env.tools.vhostConfs.git = {
	51	certName = "eldiron";
	52	hosts = ["git.immae.eu" ];
	53	root = gitweb.apache.root;
	54	extraConfig = [
	55	gitweb.apache.vhostConf
	56	(mantisbt.apache.vhostConf config.services.phpfpm.pools.mantisbt.socket)
	57	''
	58	RewriteEngine on
	59	RewriteCond %{REQUEST_URI} ^/releases
	60	RewriteRule /releases(.*) https://release.immae.eu$1 [P,L]
	61	''
	62	];
	63	};
	64	services.phpfpm.pools = {
	65	mantisbt = {
	66	user = config.services.websites.env.tools.user;
	67	group = config.services.websites.env.tools.group;
	68	settings = mantisbt.phpFpm.pool;
	69	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
	70	};
	71	};
	72
	73	myServices.monitoring.fromMasterActivatedPlugins = [ "http" ];
	74	myServices.monitoring.fromMasterObjects.service = [
	75	{
	76	service_description = "gitweb website is running on git.immae.eu";
	77	host_name = config.hostEnv.fqdn;
	78	use = "external-web-service";
	79	check_command = ["check_https" "git.immae.eu" "/cgit" "<title>Immae’s git"];
	80
	81	servicegroups = "webstatus-webapps";
	82	_webstatus_name = "Git";
	83	_webstatus_url = "https://git.immae.eu/";
	84	}
	85
	86	{
	87	service_description = "mantisbt website is running on git.immae.eu";
	88	host_name = config.hostEnv.fqdn;
	89	use = "external-web-service";
	90	check_command = ["check_https" "git.immae.eu" "/mantisbt/" "<title>My View - MantisBT"];
	91
	92	servicegroups = "webstatus-webapps";
	93	_webstatus_name = "Mantisbt";
	94	_webstatus_url = "https://git.immae.eu/mantisbt";
	95	}
	96	];
	97	};
	98	}


diff --git a/systems/eldiron/websites/git/gitweb.nix b/systems/eldiron/websites/git/gitweb.nix new file mode 100644 index 0000000..40f99e0 --- /dev/null +++ b/systems/eldiron/websites/git/gitweb.nix
@@ -0,0 +1,124 @@
	1	{ gitweb, writeText, stdenv, coreutils, writeScript, gitolite, git, cgit, gitoliteDir, mailcap, highlight }:
	2	rec {
	3	varDir = gitoliteDir;
	4	config = writeText "gitweb.conf" ''
	5	$git_temp = "/tmp";
	6
	7	# The directories where your projects are. Must not end with a
	8	# slash.
	9	$projectroot = "${varDir}/repositories";
	10
	11	$projects_list = "${varDir}/projects.list";
	12	$strict_export = "true";
	13
	14	# Base URLs for links displayed in the web interface.
	15	our @git_base_url_list = qw(ssh://gitolite@git.immae.eu https://git.immae.eu);
	16
	17	$feature{'blame'}{'default'} = [1];
	18	$feature{'avatar'}{'default'} = ['gravatar'];
	19	$feature{'highlight'}{'default'} = [1];
	20
	21	@stylesheets = ("gitweb-theme/gitweb.css");
	22	$logo = "gitweb-theme/git-logo.png";
	23	$favicon = "gitweb-theme/git-favicon.png";
	24	$javascript = "gitweb-theme/gitweb.js";
	25	$logo_url = "https://git.immae.eu/";
	26	$projects_list_group_categories = "true";
	27	$projects_list_description_width = 60;
	28	$project_list_default_category = "__Others__";
	29	$highlight_bin = "${highlight}/bin/highlight";
	30	'';
	31	aboutFilter = writeScript "about-filter.sh" ''
	32	#!${stdenv.shell}
	33
	34	if [ -f "$CGIT_REPO_PATH/README.html" ]; then
	35	cat "$CGIT_REPO_PATH/README.html"
	36	else
	37	${cgit}/lib/cgit/filters/about-formatting.sh "$@"
	38	fi
	39	'';
	40	cgitConfig = writeText "cgitrc" ''
	41	css=/cgit-css/cgit.css
	42	logo=/cgit-css/cgit.png
	43	favicon=/cgit-css/favicon.ico
	44	head-include=${./cgit_js.html}
	45
	46	root-title=Immae’s git
	47	root-desc=To go back to the old interface: https://git.immae.eu/?old
	48	readme=:README.md
	49	readme=:readme.md
	50	readme=:README
	51	readme=:DOCUMENTATION.md
	52	about-filter=${aboutFilter}
	53	#${cgit}/lib/cgit/filters/about-formatting.sh
	54	source-filter=${cgit}/lib/cgit/filters/syntax-highlighting.py
	55
	56	enable-blame=1
	57	enable-index-links=1
	58	enable-commit-graph=1
	59	enable-log-filecount=1
	60	enable-log-linecount=1
	61
	62	enable-html-serving=1
	63	# Allow using gitweb.* keys
	64	enable-git-config=1
	65
	66	side-by-side-diffs=1
	67	snapshots=tar.gz tar.zst zip
	68	mimetype-file=${mailcap}/etc/mime.types
	69
	70	section=__Others__
	71	clone-url=ssh://gitolite@git.immae.eu/$CGIT_REPO_URL https://git.immae.eu/$CGIT_REPO_URL
	72	#section-from-path=1
	73	project-list=${varDir}/projects.list
	74	scan-path=${varDir}/repositories
	75	'';
	76	apache = rec {
	77	user = "wwwrun";
	78	group = "wwwrun";
	79	modules = [ "cgid" ];
	80	root = gitweb;
	81	vhostConf = ''
	82	SetEnv GIT_PROJECT_ROOT ${varDir}/repositories/
	83	ScriptAliasMatch \
	84	"(?x)^/(.*/(HEAD \| \
	85	info/refs \| \
	86	objects/(info/[^/]+ \| \
	87	[0-9a-f]{2}/[0-9a-f]{38} \| \
	88	pack/pack-[0-9a-f]{40}\.(pack\|idx)) \| \
	89	git-(upload\|receive)-pack))$" \
	90	${git}/libexec/git-core/git-http-backend/$1
	91
	92	<Directory "${git}/libexec/git-core">
	93	Require all granted
	94	</Directory>
	95	<Directory "${root}">
	96	DirectoryIndex gitweb.cgi
	97	Require all granted
	98	AllowOverride None
	99	Options ExecCGI FollowSymLinks
	100	<Files gitweb.cgi>
	101	SetHandler cgi-script
	102	SetEnv GITWEB_CONFIG "${config}"
	103	</Files>
	104	</Directory>
	105
	106	SetEnv CGIT_CONFIG ${cgitConfig}
	107	ScriptAlias /cgit "${cgit}/cgit/cgit.cgi/"
	108	Alias /cgit-css "${cgit}/cgit"
	109	<Directory "${cgit}/cgit/">
	110	AllowOverride None
	111	Options ExecCGI FollowSymlinks
	112	Require all granted
	113	</Directory>
	114
	115	RewriteEngine On
	116	RewriteCond %{QUERY_STRING} ^$
	117	RewriteRule ^/?$ /cgit [L,R=302]
	118
	119	RewriteCond %{REQUEST_URI} ^(.*)(\.git)?/?$
	120	RewriteCond ${varDir}/repositories/%1.git/HEAD -f
	121	RewriteRule ^(.+)$ /cgit$1 [L,R=302]
	122	'';
	123	};
	124	}


diff --git a/systems/eldiron/websites/git/mantisbt.nix b/systems/eldiron/websites/git/mantisbt.nix new file mode 100644 index 0000000..3bd78e1 --- /dev/null +++ b/systems/eldiron/websites/git/mantisbt.nix
@@ -0,0 +1,86 @@
	1	{ env, mantisbt_2, mantisbt_2-plugins, config }:
	2	rec {
	3	keys."webapps/tools-mantisbt" = {
	4	user = apache.user;
	5	group = apache.group;
	6	permissions = "0400";
	7	text = ''
	8	<?php
	9	$g_hostname = '${env.postgresql.socket}';
	10	$g_db_username = '${env.postgresql.user}';
	11	$g_db_password = '${env.postgresql.password}';
	12	$g_database_name = '${env.postgresql.database}';
	13	$g_db_type = 'pgsql';
	14	$g_crypto_master_salt = '${env.master_salt}';
	15	$g_allow_signup = OFF;
	16	$g_allow_anonymous_login = ON;
	17	$g_anonymous_account = 'anonymous';
	18
	19	$g_phpMailer_method = PHPMAILER_METHOD_SENDMAIL;
	20	$g_smtp_host = 'localhost';
	21	$g_smtp_username = ''';
	22	$g_smtp_password = ''';
	23	$g_webmaster_email = 'mantisbt@tools.immae.eu';
	24	$g_from_email = 'mantisbt@tools.immae.eu';
	25	$g_return_path_email = 'mantisbt@tools.immae.eu';
	26	$g_from_name = 'Mantis Bug Tracker at git.immae.eu';
	27	$g_email_receive_own = ON;
	28	# --- LDAP ---
	29	$g_login_method = LDAP;
	30	$g_ldap_protocol_version = 3;
	31	$g_ldap_server = 'ldaps://${env.ldap.host}:636';
	32	$g_ldap_root_dn = 'ou=users,${env.ldap.base}';
	33	$g_ldap_bind_dn = '${env.ldap.dn}';
	34	$g_ldap_bind_passwd = '${env.ldap.password}';
	35	$g_use_ldap_email = ON;
	36	$g_use_ldap_realname = ON;
	37	$g_ldap_uid_field = 'uid';
	38	$g_ldap_realname_field = 'cn';
	39	$g_ldap_organization = '${env.ldap.filter}';
	40	'';
	41	};
	42	webRoot = (mantisbt_2.override { mantis_config = config.secrets.fullPaths."webapps/tools-mantisbt"; }).withPlugins (p: [p.slack p.source-integration]);
	43	apache = rec {
	44	user = "wwwrun";
	45	group = "wwwrun";
	46	modules = [ "proxy_fcgi" ];
	47	root = webRoot;
	48	vhostConf = socket: ''
	49	Alias /mantisbt "${root}"
	50	<Directory "${root}">
	51	DirectoryIndex index.php
	52	<FilesMatch "\.php$">
	53	SetHandler "proxy:unix:${socket}\|fcgi://localhost"
	54	</FilesMatch>
	55
	56	AllowOverride All
	57	SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
	58	Options FollowSymlinks
	59	Require all granted
	60	</Directory>
	61	<Directory "${root}/admin">
	62	#Reenable during upgrade
	63	Require all denied
	64	</Directory>
	65	'';
	66	};
	67	phpFpm = rec {
	68	serviceDeps = [ "postgresql.service" "openldap.service" ];
	69	basedir = builtins.concatStringsSep ":" (
	70	[ webRoot config.secrets.fullPaths."webapps/tools-mantisbt" ]
	71	++ webRoot.plugins);
	72	pool = {
	73	"listen.owner" = apache.user;
	74	"listen.group" = apache.group;
	75	"pm" = "ondemand";
	76	"pm.max_children" = "60";
	77	"pm.process_idle_timeout" = "60";
	78
	79	"php_admin_value[upload_max_filesize]" = "5000000";
	80
	81	"php_admin_value[open_basedir]" = "${basedir}:/tmp";
	82	"php_admin_value[session.save_handler]" = "redis";
	83	"php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:MantisBT:'";
	84	};
	85	};
	86	}