nixops/modules/websites/tools/tools/rompr.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87

{ lib, env, stdenv, fetchedGithub }:
let
  rompr = let
  in rec {
    varDir = "/var/lib/rompr";
    activationScript = ''
      install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
        ${varDir}/prefs ${varDir}/albumart ${varDir}/phpSessions
    '';
    webRoot = stdenv.mkDerivation (fetchedGithub ./rompr.json // rec {
      installPhase = ''
        cp -a . $out
        ln -sf ../../../../../../${varDir}/prefs $out/prefs
        ln -sf ../../../../../../${varDir}/albumart $out/albumart
      '';
    });
    apache = rec {
      user = "wwwrun";
      group = "wwwrun";
      modules = [ "headers" "mime" "proxy_fcgi" ];
      webappName = "tools_rompr";
      root = "/run/current-system/webapps/${webappName}";
      vhostConf = ''
        Alias /rompr ${root}

        <Directory ${root}>
          Options Indexes FollowSymLinks
          DirectoryIndex index.php
          AllowOverride all
          Require all granted
          Order allow,deny
          Allow from all
          ErrorDocument 404 /rompr/404.php
          AddType image/x-icon .ico

          <FilesMatch "\.php$">
            SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
          </FilesMatch>
        </Directory>

        <Directory ${root}/albumart/small>
            Header Set Cache-Control "max-age=0, no-store"
            Header Set Cache-Control "no-cache, must-revalidate"
        </Directory>

        <Directory ${root}/albumart/asdownloaded>
            Header Set Cache-Control "max-age=0, no-store"
            Header Set Cache-Control "no-cache, must-revalidate"
        </Directory>

        <LocationMatch "^/rompr">
          Use LDAPConnect
          Require ldap-group   cn=users,cn=mpd,ou=services,dc=immae,dc=eu
        </LocationMatch>
        '';
    };
    phpFpm = rec {
      basedir = builtins.concatStringsSep ":" [ webRoot varDir ];
      socket = "/var/run/phpfpm/rompr.sock";
      pool = ''
        listen = ${socket}
        user = ${apache.user}
        group = ${apache.group}
        listen.owner = ${apache.user}
        listen.group = ${apache.group}
        pm = ondemand
        pm.max_children = 60
        pm.process_idle_timeout = 60

        ; Needed to avoid clashes in browser cookies (same domain)
        php_value[session.name] = RomprPHPSESSID
        php_admin_value[open_basedir] = "${basedir}:/tmp"
        php_admin_value[session.save_path] = "${varDir}/phpSessions"
        php_flag[magic_quotes_gpc] = Off
        php_flag[track_vars] = On
        php_flag[register_globals] = Off
        php_admin_flag[allow_url_fopen] = On
        php_value[include_path] = ${webRoot}
        php_admin_value[upload_tmp_dir] = "${varDir}/prefs"
        php_admin_value[post_max_size] = 32M
        php_admin_value[upload_max_filesize] = 32M
        php_admin_value[memory_limit] = 256M
        '';
    };
  };
in
  rompr