From aebd817b115c1a26a4ec70e5cab9af55ea2c1294 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Mon, 21 Jan 2019 03:23:49 +0100 Subject: Add wallabag --- virtual/modules/websites/tools/tools/wallabag.nix | 160 ++++++++++++++++++++++ 1 file changed, 160 insertions(+) create mode 100644 virtual/modules/websites/tools/tools/wallabag.nix (limited to 'virtual/modules/websites/tools/tools/wallabag.nix') diff --git a/virtual/modules/websites/tools/tools/wallabag.nix b/virtual/modules/websites/tools/tools/wallabag.nix new file mode 100644 index 0000000..92787b8 --- /dev/null +++ b/virtual/modules/websites/tools/tools/wallabag.nix @@ -0,0 +1,160 @@ +{ stdenv, fetchurl, writeText, checkEnv, phpPackages, php, which }: +let + wallabag = rec { + varDir = "/var/lib/wallabag"; + parameters = + assert checkEnv "NIXOPS_WALLABAG_SQL_PASSWORD"; + assert checkEnv "NIXOPS_WALLABAG_SECRET"; + assert checkEnv "NIXOPS_WALLABAG_LDAP_PASSWORD"; + writeText "parameters.yml" '' + # This file is auto-generated during the composer install + parameters: + database_driver: pdo_pgsql + database_driver_class: Wallabag\CoreBundle\Doctrine\DBAL\Driver\CustomPostgreSQLDriver + database_host: db-1.immae.eu + database_port: null + database_name: webapps + database_user: wallabag + database_password: ${builtins.getEnv "NIXOPS_WALLABAG_SQL_PASSWORD"} + database_path: null + database_table_prefix: wallabag_ + database_socket: null + database_charset: utf8 + domain_name: https://tools.immae.eu/wallabag + mailer_transport: smtp + mailer_host: mail.immae.eu + mailer_user: null + mailer_password: null + locale: fr + secret: ${builtins.getEnv "NIXOPS_WALLABAG_SECRET"} + twofactor_auth: true + twofactor_sender: wallabag@immae.eu + fosuser_registration: false + fosuser_confirmation: true + from_email: wallabag@immae.eu + rss_limit: 50 + rabbitmq_host: localhost + rabbitmq_port: 5672 + rabbitmq_user: guest + rabbitmq_password: guest + rabbitmq_prefetch_count: 10 + redis_scheme: tcp + redis_host: localhost + redis_port: 6379 + redis_path: null + redis_password: null + sites_credentials: { } + ldap_enabled: true + ldap_host: ldap.immae.eu + ldap_port: 636 + ldap_tls: false + ldap_ssl: true + ldap_bind_requires_dn: true + ldap_base: 'dc=immae,dc=eu' + ldap_manager_dn: 'cn=wallabag,ou=services,dc=immae,dc=eu' + ldap_manager_pw: ${builtins.getEnv "NIXOPS_WALLABAG_LDAP_PASSWORD"} + ldap_filter: '(&(memberOf=cn=users,cn=wallabag,ou=services,dc=immae,dc=eu))' + ldap_admin_filter: '(&(memberOf=cn=admins,cn=wallabag,ou=services,dc=immae,dc=eu)(uid=%s))' + ldap_username_attribute: uid + ldap_email_attribute: mail + ldap_name_attribute: cn + ldap_enabled_attribute: null + ''; + webappDir = stdenv.mkDerivation rec { + # Beware when upgrading, I probably messed up with the migrations table + # (due to a psql bug in wallabag) + version = "2.3.2"; + name = "wallabag-${version}"; + src = fetchurl { + url = "https://static.wallabag.org/releases/wallabag-release-${version}.tar.gz"; + sha256 = "17yczdvgl43j6wa7hksxi2b51afvyd56vdya6hbbv68iiba4jyh4"; + }; + patches = [ ./wallabag_ldap.patch ]; + dontBuild = "true"; + installPhase = '' + cp -a . $out + cd $out + export SYMFONY_ENV=prod + php -d memory_limit=-1 ${phpPackages.composer}/libexec/composer/composer.phar require --update-no-dev -o --prefer-dist fr3d/ldap-bundle + rm -rf web/assets var/cache app/config/parameters.yml data + mv var var_old + ln -sf ${parameters} app/config/parameters.yml + ln -sf ../../../../../${varDir}/var var + ln -sf ../../../../../${varDir}/data data + ln -sf ../../../../../../${varDir}/assets web/assets + ''; + buildInputs = [ php phpPackages.composer ]; + }; + activationScript = '' + install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ + ${varDir}/var ${varDir}/data/db ${varDir}/assets/images + if [ ! -f "${varDir}/currentWebappDir" -o \ + "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then + pushd ${webappDir} > /dev/null + $wrapperDir/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate --no-interaction + $wrapperDir/sudo -u wwwrun ./bin/console --env=prod cache:clear + popd > /dev/null + echo -n "${webappDir}" > ${varDir}/currentWebappDir + fi + ''; + webRoot = "${webappDir}/web"; + apache = { + user = "wwwrun"; + group = "wwwrun"; + modules = [ "proxy_fcgi" ]; + vhostConf = '' + # FIXME + Alias /assets "${varDir}/assets" + Alias /wallabag "${webRoot}" + + AllowOverride None + Require all granted + # For OAuth (apps) + CGIPassAuth On + + + SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" + + + + Options -MultiViews + RewriteEngine On + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule ^(.*)$ app.php [QSA,L] + + + + + RewriteEngine Off + + + + AllowOverride None + Require all granted + + ''; + }; + phpFpm = rec { + basedir = builtins.concatStringsSep ":" [ webappDir parameters varDir ]; + socket = "/var/run/phpfpm/wallabag.sock"; + pool = '' + listen = ${socket} + user = ${apache.user} + group = ${apache.group} + listen.owner = ${apache.user} + listen.group = ${apache.group} + pm = dynamic + pm.max_children = 60 + pm.start_servers = 2 + pm.min_spare_servers = 1 + pm.max_spare_servers = 10 + + ; Needed to avoid clashes in browser cookies (same domain) + php_value[session.name] = WallabagPHPSESSID + php_admin_value[open_basedir] = "${basedir}:/tmp" + php_value[max_execution_time] = 300 + ''; + }; + }; +in + wallabag -- cgit v1.2.3