aboutsummaryrefslogtreecommitdiff
path: root/modules/private/websites/tools/tools/rompr.nix
blob: 9765df5b3e535a8e5e0a9c9ffe20006da052c460 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
{ lib, env, rompr }:
rec {
  backups = {
    rootDir = varDir;
  };
  varDir = "/var/lib/rompr";
  activationScript = ''
    install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
      ${varDir}/prefs ${varDir}/albumart ${varDir}/phpSessions
  '';
  webRoot = rompr;
  apache = rec {
    user = "wwwrun";
    group = "wwwrun";
    modules = [ "headers" "mime" "proxy_fcgi" ];
    root = webRoot;
    vhostConf = socket: ''
      Alias /rompr ${root}

      <Directory ${root}>
        Options Indexes FollowSymLinks
        DirectoryIndex index.php
        AllowOverride all
        Require all granted
        Order allow,deny
        Allow from all
        ErrorDocument 404 /rompr/404.php
        AddType image/x-icon .ico

        <FilesMatch "\.php$">
          SetHandler "proxy:unix:${socket}|fcgi://localhost"
        </FilesMatch>
      </Directory>

      <Directory ${root}/albumart/small>
          Header Set Cache-Control "max-age=0, no-store"
          Header Set Cache-Control "no-cache, must-revalidate"
      </Directory>

      <Directory ${root}/albumart/asdownloaded>
          Header Set Cache-Control "max-age=0, no-store"
          Header Set Cache-Control "no-cache, must-revalidate"
      </Directory>

      <LocationMatch "^/rompr">
        Use LDAPConnect
        Require ldap-group   cn=users,cn=mpd,ou=services,dc=immae,dc=eu
      </LocationMatch>
      '';
  };
  phpFpm = rec {
    basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
    pool = {
      "listen.owner" = apache.user;
      "listen.group" = apache.group;
      "pm" = "ondemand";
      "pm.max_children" = "60";
      "pm.process_idle_timeout" = "60";

      # Needed to avoid clashes in browser cookies (same domain)
      "php_value[session.name]" = "RomprPHPSESSID";
      "php_admin_value[open_basedir]" = "${basedir}:/tmp";
      "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
      "php_flag[magic_quotes_gpc]" = "Off";
      "php_flag[track_vars]" = "On";
      "php_flag[register_globals]" = "Off";
      "php_admin_flag[allow_url_fopen]" = "On";
      "php_value[include_path]" = "${webRoot}";
      "php_admin_value[upload_tmp_dir]" = "${varDir}/prefs";
      "php_admin_value[post_max_size]" = "32M";
      "php_admin_value[upload_max_filesize]" = "32M";
      "php_admin_value[memory_limit]" = "256M";
    };
  };
}