pyrox.dev
1{
2 config,
3 lib,
4 pkgs,
5 ...
6}:
7
8let
9 common-name = "baikal";
10 cfg = config.services.baikal;
11in
12{
13 meta.maintainers = [ lib.maintainers.wrvsrx ];
14 options = {
15 services.baikal = {
16 enable = lib.mkEnableOption "baikal";
17 user = lib.mkOption {
18 type = lib.types.str;
19 default = common-name;
20 description = ''
21 User account under which the web-application run.
22 '';
23 };
24 group = lib.mkOption {
25 type = lib.types.str;
26 default = common-name;
27 description = ''
28 Group account under which the web-application run.
29 '';
30 };
31 pool = lib.mkOption {
32 type = lib.types.str;
33 default = common-name;
34 description = ''
35 Name of existing phpfpm pool that is used to run web-application.
36 If not specified a pool will be created automatically with
37 default values.
38 '';
39 };
40 virtualHost = lib.mkOption {
41 type = lib.types.nullOr lib.types.str;
42 default = common-name;
43 description = ''
44 Name of the nginx virtualhost to use and setup. If null, do not setup any virtualhost.
45 '';
46 };
47 phpPackage = lib.mkPackageOption pkgs "php" { };
48 package = lib.mkPackageOption pkgs "baikal" { };
49 };
50 };
51 config = lib.mkIf cfg.enable {
52 services.phpfpm.pools = lib.mkIf (cfg.pool == "${common-name}") {
53 ${common-name} = {
54 inherit (cfg) user phpPackage;
55 phpEnv = {
56 "BAIKAL_PATH_CONFIG" = "/var/lib/baikal/config/";
57 "BAIKAL_PATH_SPECIFIC" = "/var/lib/baikal/specific/";
58 };
59 settings = lib.mapAttrs (name: lib.mkDefault) {
60 "listen.owner" = "nginx";
61 "listen.group" = "nginx";
62 "listen.mode" = "0600";
63 "pm" = "dynamic";
64 "pm.max_children" = 75;
65 "pm.start_servers" = 1;
66 "pm.min_spare_servers" = 1;
67 "pm.max_spare_servers" = 4;
68 "pm.max_requests" = 500;
69 "pm.process_idle_timeout" = 30;
70 "catch_workers_output" = 1;
71 };
72 };
73 };
74 services.nginx = lib.mkIf (cfg.virtualHost != null) {
75 enable = true;
76 virtualHosts."${cfg.virtualHost}" = {
77 root = "${cfg.package}/share/php/baikal/html";
78 locations = {
79 "/" = {
80 index = "index.php";
81 };
82 "/.well-known/".extraConfig = ''
83 rewrite ^/.well-known/caldav /dav.php redirect;
84 rewrite ^/.well-known/carddav /dav.php redirect;
85 '';
86 "~ /(\.ht|Core|Specific|config)".extraConfig = ''
87 deny all;
88 return 404;
89 '';
90 "~ ^(.+\.php)(.*)$".extraConfig = ''
91 try_files $fastcgi_script_name =404;
92 include ${config.services.nginx.package}/conf/fastcgi.conf;
93 fastcgi_split_path_info ^(.+\.php)(.*)$;
94 fastcgi_pass unix:${config.services.phpfpm.pools.${cfg.pool}.socket};
95 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
96 fastcgi_param PATH_INFO $fastcgi_path_info;
97 '';
98 };
99 };
100 };
101
102 users.users.${cfg.user} = lib.mkIf (cfg.user == common-name) {
103 description = "baikal service user";
104 isSystemUser = true;
105 inherit (cfg) group;
106 };
107
108 users.groups.${cfg.group} = lib.mkIf (cfg.group == common-name) { };
109
110 systemd.tmpfiles.settings."baikal" = builtins.listToAttrs (
111 map
112 (x: {
113 name = "/var/lib/baikal/${x}";
114 value.d = {
115 mode = "0700";
116 inherit (cfg) user group;
117 };
118 })
119 [
120 "config"
121 "specific"
122 "specific/db"
123 ]
124 );
125 };
126}