pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / web-apps / baikal.nix
at 25.11-pre 4.1 kB view raw
1{ 2 config, 3 lib, 4 pkgs, 5 ... 6}: 7 8let 9 common-name = "baikal"; 10 cfg = config.services.baikal; 11in 12{ 13 meta.maintainers = [ lib.maintainers.wrvsrx ]; 14 options = { 15 services.baikal = { 16 enable = lib.mkEnableOption "baikal"; 17 user = lib.mkOption { 18 type = lib.types.str; 19 default = common-name; 20 description = '' 21 User account under which the web-application run. 22 ''; 23 }; 24 group = lib.mkOption { 25 type = lib.types.str; 26 default = common-name; 27 description = '' 28 Group account under which the web-application run. 29 ''; 30 }; 31 pool = lib.mkOption { 32 type = lib.types.str; 33 default = common-name; 34 description = '' 35 Name of existing phpfpm pool that is used to run web-application. 36 If not specified a pool will be created automatically with 37 default values. 38 ''; 39 }; 40 virtualHost = lib.mkOption { 41 type = lib.types.nullOr lib.types.str; 42 default = common-name; 43 description = '' 44 Name of the nginx virtualhost to use and setup. If null, do not setup any virtualhost. 45 ''; 46 }; 47 phpPackage = lib.mkOption { 48 type = lib.types.package; 49 default = pkgs.php; 50 defaultText = "pkgs.php"; 51 description = '' 52 php package to use for php fpm daemon. 53 ''; 54 }; 55 package = lib.mkOption { 56 type = lib.types.package; 57 default = pkgs.baikal; 58 defaultText = "pkgs.baikal"; 59 description = '' 60 Baikal package to use. 61 ''; 62 }; 63 64 }; 65 }; 66 config = lib.mkIf cfg.enable { 67 services.phpfpm.pools = lib.mkIf (cfg.pool == "${common-name}") { 68 ${common-name} = { 69 inherit (cfg) user phpPackage; 70 phpEnv = { 71 "BAIKAL_PATH_CONFIG" = "/var/lib/baikal/config/"; 72 "BAIKAL_PATH_SPECIFIC" = "/var/lib/baikal/specific/"; 73 }; 74 settings = lib.mapAttrs (name: lib.mkDefault) { 75 "listen.owner" = "nginx"; 76 "listen.group" = "nginx"; 77 "listen.mode" = "0600"; 78 "pm" = "dynamic"; 79 "pm.max_children" = 75; 80 "pm.start_servers" = 1; 81 "pm.min_spare_servers" = 1; 82 "pm.max_spare_servers" = 4; 83 "pm.max_requests" = 500; 84 "pm.process_idle_timeout" = 30; 85 "catch_workers_output" = 1; 86 }; 87 }; 88 }; 89 services.nginx = lib.mkIf (cfg.virtualHost != null) { 90 enable = true; 91 virtualHosts."${cfg.virtualHost}" = { 92 root = "${cfg.package}/share/php/baikal/html"; 93 locations = { 94 "/" = { 95 index = "index.php"; 96 }; 97 "/.well-known/".extraConfig = '' 98 rewrite ^/.well-known/caldav /dav.php redirect; 99 rewrite ^/.well-known/carddav /dav.php redirect; 100 ''; 101 "~ /(\.ht|Core|Specific|config)".extraConfig = '' 102 deny all; 103 return 404; 104 ''; 105 "~ ^(.+\.php)(.*)$".extraConfig = '' 106 try_files $fastcgi_script_name =404; 107 include ${config.services.nginx.package}/conf/fastcgi.conf; 108 fastcgi_split_path_info ^(.+\.php)(.*)$; 109 fastcgi_pass unix:${config.services.phpfpm.pools.${cfg.pool}.socket}; 110 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 111 fastcgi_param PATH_INFO $fastcgi_path_info; 112 ''; 113 }; 114 }; 115 }; 116 117 users.users.${cfg.user} = lib.mkIf (cfg.user == common-name) { 118 description = "baikal service user"; 119 isSystemUser = true; 120 inherit (cfg) group; 121 }; 122 123 users.groups.${cfg.group} = lib.mkIf (cfg.group == common-name) { }; 124 125 systemd.tmpfiles.settings."baikal" = builtins.listToAttrs ( 126 map 127 (x: { 128 name = "/var/lib/baikal/${x}"; 129 value.d = { 130 mode = "0700"; 131 inherit (cfg) user group; 132 }; 133 }) 134 [ 135 "config" 136 "specific" 137 "specific/db" 138 ] 139 ); 140 }; 141}