diff options
Diffstat (limited to 'systems/eldiron/websites/kanboard/farm.nix')
-rw-r--r-- | systems/eldiron/websites/kanboard/farm.nix | 183 |
1 files changed, 183 insertions, 0 deletions
diff --git a/systems/eldiron/websites/kanboard/farm.nix b/systems/eldiron/websites/kanboard/farm.nix new file mode 100644 index 0000000..a70d0d6 --- /dev/null +++ b/systems/eldiron/websites/kanboard/farm.nix | |||
@@ -0,0 +1,183 @@ | |||
1 | { lib, pkgs, config, ... }: | ||
2 | let | ||
3 | cfg = config.myServices.tools.kanboard.farm; | ||
4 | apacheUser = config.services.websites.env.tools.user; | ||
5 | apacheGroup = config.services.websites.env.tools.group; | ||
6 | toVardir = name: "/var/lib/kanboard_farm/${name}"; | ||
7 | varDirs = lib.mapAttrsToList (name: v: toVardir name) cfg.instances; | ||
8 | toPhpBaseDir = name: [ rootDir (toVardir name) ]; | ||
9 | phpBaseDir = builtins.concatStringsSep ":" (lib.unique (lib.flatten (lib.mapAttrsToList (name: v: toPhpBaseDir name) cfg.instances))); | ||
10 | rootDir = pkgs.kanboard; | ||
11 | |||
12 | toVhost = name: '' | ||
13 | Alias /${name} "${rootDir}" | ||
14 | <Location /${name}> | ||
15 | SetEnv DATA_DIR "${toVardir name}" | ||
16 | SetEnv MAIL_FROM "kanboard@tools.immae.eu" | ||
17 | </Location> | ||
18 | ''; | ||
19 | toCustomVhost = name: lib.optionalAttrs (cfg.instances."${name}".customHost != null) { | ||
20 | "kanboard_farm_${name}" = { | ||
21 | certName = "eldiron"; | ||
22 | hosts = [cfg.instances."${name}".customHost]; | ||
23 | root = null; | ||
24 | extraConfig = [ | ||
25 | '' | ||
26 | Alias / "${rootDir}" | ||
27 | <Location /> | ||
28 | SetEnv DATA_DIR "${toVardir name}" | ||
29 | SetEnv MAIL_FROM "kanboard@tools.immae.eu" | ||
30 | </Location> | ||
31 | <Directory "${rootDir}"> | ||
32 | DirectoryIndex index.php | ||
33 | AllowOverride All | ||
34 | Options FollowSymlinks | ||
35 | Require all granted | ||
36 | |||
37 | <FilesMatch "\.php$"> | ||
38 | SetHandler "proxy:unix:${config.services.phpfpm.pools.kanboard_farm.socket}|fcgi://localhost" | ||
39 | </FilesMatch> | ||
40 | </Directory> | ||
41 | <DirectoryMatch "${rootDir}/data"> | ||
42 | Require all denied | ||
43 | </DirectoryMatch> | ||
44 | '' | ||
45 | ]; | ||
46 | }; | ||
47 | }; | ||
48 | customHosts = lib.filter (n: n != null) (map (n: cfg.instances."${n}".customHost) (builtins.attrNames cfg.instances)); | ||
49 | customVhosts = lib.foldl (o: n: o // n) {} (map toCustomVhost (builtins.attrNames cfg.instances)); | ||
50 | phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]); | ||
51 | in | ||
52 | { | ||
53 | options.myServices.tools.kanboard.farm = { | ||
54 | instances = lib.mkOption { | ||
55 | description = "Instances names for the kanboard Farm"; | ||
56 | default = {}; | ||
57 | type = lib.types.attrsOf (lib.types.submodule { | ||
58 | options = { | ||
59 | customHost = lib.mkOption { | ||
60 | description = "Custom host to use for the kanboard instance"; | ||
61 | default = null; | ||
62 | type = lib.types.nullOr lib.types.str; | ||
63 | }; | ||
64 | }; | ||
65 | }); | ||
66 | }; | ||
67 | vhosts = lib.mkOption { | ||
68 | description = "Instance vhosts configs"; | ||
69 | readOnly = true; | ||
70 | type = lib.types.attrsOf lib.types.str; | ||
71 | default = lib.mapAttrs (name: v: toVhost name) cfg.instances; | ||
72 | }; | ||
73 | }; | ||
74 | |||
75 | config = lib.mkIf (builtins.length (builtins.attrNames cfg.instances) > 0) { | ||
76 | myServices.dns.zones."immae.eu".subdomains.kanboard = | ||
77 | with config.myServices.dns.helpers; ips servers.eldiron.ips.main; | ||
78 | |||
79 | myServices.chatonsProperties.hostings.kanboard = { | ||
80 | file.datetime = "2022-08-21T19:40:00"; | ||
81 | hosting = { | ||
82 | name = "Kanboard"; | ||
83 | description = "Kanban project management software"; | ||
84 | website = "https://tools.immae.eu/kanboard"; | ||
85 | logo = "https://tools.immae.eu/kanboard/assets/img/favicon.png"; | ||
86 | type = "INSTANCE"; | ||
87 | status.level = "OK"; | ||
88 | status.description = "OK"; | ||
89 | registration.load = "OPEN"; | ||
90 | install.type = "PACKAGE"; | ||
91 | }; | ||
92 | }; | ||
93 | myServices.chatonsProperties.services.kanboard = { | ||
94 | file.datetime = "2022-08-21T19:40:00"; | ||
95 | service = { | ||
96 | name = "Kanboard"; | ||
97 | description = "Kanban project management software"; | ||
98 | website = "https://tools.immae.eu/kanboard"; | ||
99 | logo = "https://tools.immae.eu/kanboard/assets/img/favicon.png"; | ||
100 | status.level = "OK"; | ||
101 | status.description = "OK"; | ||
102 | registration."" = ["MEMBER" "CLIENT"]; | ||
103 | registration.load = "OPEN"; | ||
104 | install.type = "PACKAGE"; | ||
105 | }; | ||
106 | software = { | ||
107 | name = "Kanboard"; | ||
108 | website = "https://kanboard.org/"; | ||
109 | license.url = "https://github.com/kanboard/kanboard/blob/main/LICENSE"; | ||
110 | license.name = "MIT License"; | ||
111 | version = pkgs.kanboard.version; | ||
112 | source.url = "https://github.com/kanboard/kanboard"; | ||
113 | }; | ||
114 | }; | ||
115 | system.activationScripts.kanboard_farm_vardirs = { | ||
116 | deps = [ "httpd" ]; | ||
117 | text = '' | ||
118 | install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${builtins.concatStringsSep " " varDirs} | ||
119 | ''; | ||
120 | }; | ||
121 | services.phpfpm.pools.kanboard_farm = { | ||
122 | user = apacheUser; | ||
123 | group = apacheGroup; | ||
124 | settings = let | ||
125 | instanceNb = builtins.length (builtins.attrNames cfg.instances); | ||
126 | in { | ||
127 | "listen.owner" = apacheUser; | ||
128 | "listen.group" = apacheGroup; | ||
129 | "pm" = "dynamic"; | ||
130 | "pm.max_children" = builtins.toString (60 * instanceNb); | ||
131 | "pm.start_servers" = builtins.toString (2 * instanceNb); | ||
132 | "pm.min_spare_servers" = builtins.toString (2 * instanceNb); | ||
133 | "pm.max_spare_servers" = builtins.toString (3 * instanceNb); | ||
134 | "pm.process_idle_timeout" = "60"; | ||
135 | |||
136 | "php_admin_value[output_buffering]" = "0"; | ||
137 | "php_admin_value[max_execution_time]" = "1800"; | ||
138 | "php_admin_value[zend_extension]" = "opcache"; | ||
139 | "php_value[apcu.enable_cli]" = "1"; | ||
140 | "php_value[apcu.enabled]" = "1"; | ||
141 | #already enabled by default? | ||
142 | #"php_value[opcache.enable]" = "1"; | ||
143 | "php_value[opcache.enable_cli]" = "1"; | ||
144 | "php_value[opcache.interned_strings_buffer]" = "8"; | ||
145 | "php_value[opcache.max_accelerated_files]" = "10000"; | ||
146 | "php_value[opcache.memory_consumption]" = "128"; | ||
147 | "php_value[opcache.save_comments]" = "1"; | ||
148 | "php_value[opcache.revalidate_freq]" = "1"; | ||
149 | "php_admin_value[memory_limit]" = "512M"; | ||
150 | |||
151 | "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:${phpBaseDir}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp"; | ||
152 | "php_admin_value[session.save_handler]" = "redis"; | ||
153 | "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:KanboardFarm:'"; | ||
154 | }; | ||
155 | inherit phpPackage; | ||
156 | }; | ||
157 | security.acme.certs.eldiron.extraDomainNames = customHosts ++ [ "kanboard.immae.eu" ]; | ||
158 | services.websites.env.tools.vhostConfs = { | ||
159 | kanboard = { | ||
160 | certName = "eldiron"; | ||
161 | hosts = ["kanboard.immae.eu"]; | ||
162 | root = null; | ||
163 | extraConfig = [ | ||
164 | '' | ||
165 | <Directory "${rootDir}"> | ||
166 | DirectoryIndex index.php | ||
167 | AllowOverride All | ||
168 | Options FollowSymlinks | ||
169 | Require all granted | ||
170 | |||
171 | <FilesMatch "\.php$"> | ||
172 | SetHandler "proxy:unix:${config.services.phpfpm.pools.kanboard_farm.socket}|fcgi://localhost" | ||
173 | </FilesMatch> | ||
174 | </Directory> | ||
175 | <DirectoryMatch "${rootDir}/data"> | ||
176 | Require all denied | ||
177 | </DirectoryMatch> | ||
178 | '' | ||
179 | ] ++ builtins.attrValues cfg.vhosts; | ||
180 | }; | ||
181 | } // customVhosts; | ||
182 | }; | ||
183 | } | ||