219 lines
4.8 KiB
Nix
219 lines
4.8 KiB
Nix
{ pkgs
|
|
, utils
|
|
, customPkgs
|
|
}:
|
|
{ serviceName ? "Ttrss"
|
|
, siteName ? "ttrss"
|
|
, subdomain ? "ttrss"
|
|
, domain ? ""
|
|
, ingress ? 18010
|
|
|
|
, user ? "ttrss"
|
|
, group ? "ttrss"
|
|
, documentRoot ? "/usr/share/webapps/ttrss"
|
|
, postgresDatabase ? "ttrss"
|
|
, postgresUser ? "ttrss"
|
|
, postgresPasswordLocation ? "ttrss"
|
|
|
|
, smtp ? {}
|
|
, sso ? {}
|
|
|
|
, distribution ? {}
|
|
|
|
, configPkg ? pkgs.callPackage (import ./config.nix) {}
|
|
, normalizeHeaderPkg ? pkgs.callPackate (import ./normalize-headers.nix) {}
|
|
, updateServicePkg ? pkgs.callPackage (import ./update.nix) {inherit utils;}
|
|
, dbupgradePkg ? pkgs.callPackage (import ./dbupgrade.nix) {}
|
|
}:
|
|
|
|
with pkgs.lib.attrsets;
|
|
let
|
|
mkServices = services: listToAttrs (map (
|
|
x: nameValuePair x.name x
|
|
) services);
|
|
|
|
mkDistribution = services: on: listToAttrs (map (
|
|
x: nameValuePair x.name on
|
|
) services);
|
|
|
|
rtdir = "/run/ttrss";
|
|
lock_directory = "${rtdir}/lock";
|
|
cache_directory = "${rtdir}/cache";
|
|
persistent_dir = "/var/lib/${siteName}";
|
|
feed_icons_directory = "${persistent_dir}/feed-icons";
|
|
in
|
|
rec {
|
|
db = customPkgs.mkPostgresDB {
|
|
name = "${serviceName}PostgresDB";
|
|
|
|
database = postgresDatabase;
|
|
username = postgresUser;
|
|
# TODO: use passwordFile
|
|
password = postgresPasswordLocation;
|
|
};
|
|
|
|
config =
|
|
let
|
|
domain = utils.getDomain distribution "${serviceName}Config";
|
|
in
|
|
configPkg {
|
|
name = "ttrss";
|
|
serviceName = "${serviceName}Config";
|
|
|
|
inherit subdomain;
|
|
inherit documentRoot;
|
|
inherit lock_directory cache_directory feed_icons_directory;
|
|
inherit (phpfpmService) user group;
|
|
inherit domain;
|
|
|
|
db_host = {TtrssPostgresDB}: TtrssPostgresDB.target.properties.hostname;
|
|
db_port = (utils.getTarget distribution "TtrssPostgresDB").containers.postgresql-database.port;
|
|
db_database = postgresDatabase;
|
|
db_username = postgresUser;
|
|
# TODO: use passwordFile
|
|
db_password = postgresPasswordLocation;
|
|
enabled_plugins = [ "auth_remote" "note" ];
|
|
auth_remote_post_logout_url = "https://keycloak.${domain}/realms/${sso.realm}/account";
|
|
|
|
dependsOn = {
|
|
inherit db;
|
|
};
|
|
};
|
|
|
|
dbupgrade = dbupgradePkg {
|
|
name = "${serviceName}DBUpgrade";
|
|
|
|
inherit user;
|
|
binDir = documentRoot;
|
|
|
|
dependsOn = {
|
|
inherit config db;
|
|
};
|
|
};
|
|
|
|
service = customPkgs.mkNginxService {
|
|
name = "${serviceName}Service";
|
|
|
|
inherit siteName;
|
|
inherit user group;
|
|
runtimeDirectory = "/run/nginx";
|
|
|
|
config = {
|
|
port = ingress;
|
|
inherit siteName;
|
|
siteRoot = documentRoot;
|
|
phpFpmSiteSocket = phpfpmService.siteSocket;
|
|
};
|
|
|
|
dependsOn = {
|
|
};
|
|
};
|
|
|
|
phpfpmService = customPkgs.mkPHPFPMService {
|
|
name = "${serviceName}PHPFPMService";
|
|
|
|
inherit siteName;
|
|
runtimeDirectory = rtdir;
|
|
|
|
# Must match haproxy for socket
|
|
inherit user group;
|
|
socketUser = service.user;
|
|
socketGroup = service.group;
|
|
|
|
phpIniConfig = {
|
|
prependFile = normalizeHeaderPkg {
|
|
debug = true;
|
|
};
|
|
};
|
|
|
|
siteConfig = {
|
|
siteRoot = documentRoot;
|
|
};
|
|
};
|
|
|
|
updateService = updateServicePkg {
|
|
name = "${serviceName}UpdateService";
|
|
|
|
inherit documentRoot;
|
|
inherit (phpfpmService) user group;
|
|
readOnlyPaths = [];
|
|
readWritePaths = [
|
|
lock_directory
|
|
cache_directory
|
|
feed_icons_directory
|
|
];
|
|
postgresServiceName = (utils.getTarget distribution "TtrssPostgresDB").containers.postgresql-database.service_name;
|
|
|
|
dependsOn = {
|
|
inherit config db dbupgrade;
|
|
};
|
|
};
|
|
|
|
haproxy = {
|
|
frontend = {
|
|
acl = {
|
|
acl_ttrss = "hdr_beg(host) ttrss.";
|
|
};
|
|
use_backend = "if acl_ttrss";
|
|
};
|
|
backend = {
|
|
servers = [
|
|
{
|
|
name = "ttrss1";
|
|
address = service.nginxSocket;
|
|
balance = "roundrobin";
|
|
check = {
|
|
inter = "5s";
|
|
downinter = "15s";
|
|
fall = "3";
|
|
rise = "3";
|
|
};
|
|
httpcheck = "GET /";
|
|
# captureoutput = {
|
|
# firstport = "3000";
|
|
# secondport = "3001";
|
|
# issocket = true;
|
|
# outputfile = "/tmp/haproxy/ttrss.stream";
|
|
# };
|
|
}
|
|
];
|
|
};
|
|
debugHeaders = "acl_ttrss";
|
|
};
|
|
|
|
keycloakCliConfig = {
|
|
clients = {
|
|
ttrss = {
|
|
roles = ["uma_protection"];
|
|
};
|
|
};
|
|
};
|
|
|
|
services = mkServices [
|
|
db
|
|
config
|
|
dbupgrade
|
|
service
|
|
phpfpmService
|
|
updateService
|
|
];
|
|
|
|
distribute = mkDistribution [
|
|
db
|
|
config
|
|
dbupgrade
|
|
service
|
|
phpfpmService
|
|
updateService
|
|
];
|
|
|
|
directories_modes = {
|
|
"${rtdir}" = "0550";
|
|
"${lock_directory}" = "0770";
|
|
"${cache_directory}" = "0770";
|
|
"${cache_directory}/upload" = "0770";
|
|
"${cache_directory}/images" = "0770";
|
|
"${cache_directory}/export" = "0770";
|
|
"${feed_icons_directory}" = "0770";
|
|
};
|
|
}
|