diff --git a/containers/baikal.nix b/containers/baikal.nix index 7115535..c893028 100644 --- a/containers/baikal.nix +++ b/containers/baikal.nix @@ -34,11 +34,10 @@ nglib.makeSystem { rm -r /var/www/config /var/www/Specific - mkdir -p /var/baikal/specific /var/baikal/config - chown www-data:www-data -R /var/baikal + mkdir -p /var/baikal/specific /var/baikal/config /var/webdav ln -s /var/baikal/specific /var/www/Specific ln -s /var/baikal/config /var/www/config - ls -lahR /var/baikal + chown www-data:www-data -R /var/baikal /var/webdav while :; do sleep 2073600; done ''; @@ -49,6 +48,7 @@ nglib.makeSystem { ensureSomething.create."documentRoot" = { dst = "/var/www"; type = "directory"; + persistent = true; }; }; @@ -78,6 +78,20 @@ nglib.makeSystem { services.apache2 = { enable = true; envsubst = true; + # package = + # pkgs.apacheHttpd.override + # { aprutil = + # pkgs.aprutil.overrideAttrs + # (old: + # { configureFlags = + # old.configureFlags ++ + # [ "--with-sqlite3" ]; + # buildInputs = + # old.buildInputs ++ + # [ pkgs.sqlite.dev + # ]; + # } ); + # }; configuration = [ { LoadModule = [ @@ -89,6 +103,19 @@ nglib.makeSystem { [ "mime_module" "modules/mod_mime.so" ] [ "proxy_module" "modules/mod_proxy.so" ] [ "proxy_fcgi_module" "modules/mod_proxy_fcgi.so" ] + + [ "rewrite_module" "modules/mod_rewrite.so" ] + [ "alias_module" "modules/mod_alias.so" ] + + [ "authn_core_module" "modules/mod_authn_core.so" ] + [ "dav_module" "modules/mod_dav.so" ] + [ "dav_fs_module" "modules/mod_dav_fs.so" ] + [ "auth_digest_module" "modules/mod_auth_digest.so" ] + [ "auth_basic_module" "modules/mod_auth_basic.so" ] + [ "dbd_module" "modules/mod_dbd.so" ] + [ "authn_dbd_module" "modules/mod_authn_dbd.so" ] + [ "authz_user_module" "modules/mod_authz_user.so" ] + [ "authz_host_module" "modules/mod_authz_host.so" ] ]; } { @@ -130,19 +157,54 @@ nglib.makeSystem { VirtualHost = { "*:80" = { + DocumentRoot = "/var/www/html/"; + RewriteEngine = "on"; + RewriteRule = + [ [ "/.well-known/carddav" "/dav.php" "[R=308,L]" ] + [ "/.well-known/caldav" "/dav.php" "[R=308,L]" ] + # [ "^/dav(.*)$" "/webdav/%{LA-U:REMOTE_USER}" "" ] + ]; + ProxyPassMatch = [ "^/(.*\.php(/.*)?)$" - "unix:${config.services.php-fpm.pools.main.socket}|fcgi://./var/www/" + "unix:${config.services.php-fpm.pools.main.socket}|fcgi://./var/www/html/" ]; + # DBDriver = "sqlite3"; + # DBDParams = "/var/baikal/specific/db.sqlite"; + + # DBDMin = 4; + # DBDKeep = 8; + # DBDMax = 20; + # DBDExptime = 300; + + # Alias = + # [ [ "/webdav" "/var/webdav" ] + # ]; + Directory = { - "/var/www" = { + "/var/www/html" = { Require = [ "all" "granted" ]; AllowOverride = [ "all" ]; Options = [ "-Indexes" "+FollowSymlinks" ]; DirectoryIndex = "index.php"; }; + + # "/var/webdav" = { + # DAV = "on"; + # AuthType = "Digest"; + # AuthName = "BaikalDAV"; + + # Require = "valid-user"; + + # AuthDigestProvider = [ "dbd" ]; + # AuthDBDUserRealmQuery = "\"SELECT digesta1 FROM users WHERE username = %s\""; + # AuthDBDUserPWQuery = "\"SELECT digesta1 FROM users WHERE username = %s\""; + + # Options = [ "+Indexes" "+FollowSymLinks" "+MultiViews" ]; + # AllowOverride = [ "all" ]; + # }; }; }; };