From 4288c2f2431fb782b0d512b1b3749187f2374b6a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Wed, 22 May 2019 20:01:33 +0200 Subject: Move websites/tools to modules --- modules/private/websites/tools/tools/shaarli.nix | 65 ++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 modules/private/websites/tools/tools/shaarli.nix (limited to 'modules/private/websites/tools/tools/shaarli.nix') diff --git a/modules/private/websites/tools/tools/shaarli.nix b/modules/private/websites/tools/tools/shaarli.nix new file mode 100644 index 0000000..2e89a47 --- /dev/null +++ b/modules/private/websites/tools/tools/shaarli.nix @@ -0,0 +1,65 @@ +{ lib, env, stdenv, fetchurl, shaarli }: +let + varDir = "/var/lib/shaarli"; +in rec { + activationScript = '' + install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ + ${varDir}/cache ${varDir}/pagecache ${varDir}/tmp ${varDir}/data \ + ${varDir}/phpSessions + ''; + webRoot = shaarli varDir; + apache = rec { + user = "wwwrun"; + group = "wwwrun"; + modules = [ "proxy_fcgi" "rewrite" "env" ]; + webappName = "tools_shaarli"; + root = "/run/current-system/webapps/${webappName}"; + vhostConf = '' + Alias /Shaarli "${root}" + + Include /var/secrets/webapps/tools-shaarli + + DirectoryIndex index.php index.htm index.html + Options Indexes FollowSymLinks MultiViews Includes + AllowOverride All + Require all granted + + SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" + + + ''; + }; + keys = [{ + dest = "webapps/tools-shaarli"; + user = apache.user; + group = apache.group; + permissions = "0400"; + text = '' + SetEnv SHAARLI_LDAP_PASSWORD "${env.ldap.password}" + SetEnv SHAARLI_LDAP_DN "${env.ldap.dn}" + SetEnv SHAARLI_LDAP_HOST "ldaps://${env.ldap.host}" + SetEnv SHAARLI_LDAP_BASE "${env.ldap.base}" + SetEnv SHAARLI_LDAP_FILTER "${env.ldap.search}" + ''; + }]; + phpFpm = rec { + serviceDeps = [ "openldap.service" ]; + basedir = builtins.concatStringsSep ":" [ webRoot varDir ]; + socket = "/var/run/phpfpm/shaarli.sock"; + pool = '' + listen = ${socket} + user = ${apache.user} + group = ${apache.group} + listen.owner = ${apache.user} + listen.group = ${apache.group} + pm = ondemand + pm.max_children = 60 + pm.process_idle_timeout = 60 + + ; Needed to avoid clashes in browser cookies (same domain) + php_value[session.name] = ShaarliPHPSESSID + php_admin_value[open_basedir] = "${basedir}:/tmp" + php_admin_value[session.save_path] = "${varDir}/phpSessions" + ''; + }; +} -- cgit v1.2.3