[perso/Immae/Config/Nix.git] / modules / private / websites / chloe / new.nix

{ lib, pkgs, config,  ... }:
let
  secrets = config.myEnv.websites.chloe.new;
  cfg = config.myServices.websites.chloe.new;
  ftpRoot = "/var/lib/chloe_new";
  webRoot = "${ftpRoot}/wordpress";
in {
  options.myServices.websites.chloe.new.enable = lib.mkEnableOption "enable Chloe's new website in integration";

  config = lib.mkIf cfg.enable {
    services.phpfpm.pools.chloe_new_integration = {
      user = config.services.httpd.Inte.user;
      group = config.services.httpd.Inte.group;
      settings = {
        "listen.owner" = config.services.httpd.Inte.user;
        "listen.group" = config.services.httpd.Inte.group;
        "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
          webRoot
          "/tmp"
        ];
        "php_admin_value[session.save_handler]" = "redis";
        "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Chloe:NewIntegration:'";
        "php_admin_value[upload_max_filesize]" = "20M";
        "php_admin_value[post_max_size]" = "20M";
        #"php_admin_flag[log_errors]" = "on";
        "pm" = "ondemand";
        "pm.max_children" = "5";
        "pm.process_idle_timeout" = "60";
      };
      phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]);
    };

    system.activationScripts.chloe_new_integration = {
      deps = ["users"];
      text = ''
        install -m 0700 -o ${config.services.httpd.Inte.user} -g ${config.services.httpd.Inte.group} -d ${ftpRoot}
      '';
    };

    services.websites.env.integration.vhostConfs.chloe_new_integration = {
      certName    = "integration";
      addToCerts  = true;
      hosts       = [ "new.chc.immae.dev" ];
      root        = webRoot;
      extraConfig  = [
        ''
        <FilesMatch "\.php$">
          SetHandler "proxy:unix:${config.services.phpfpm.pools.chloe_new_integration.socket}|fcgi://localhost"
        </FilesMatch>

        <Location />
          Use LDAPConnect
          Require ldap-group   cn=chc.immae.dev,cn=httpd,ou=services,dc=immae,dc=eu
        </Location>

        <Location /xmlrpc.php>
          AllowOverride None
          Require all denied
        </Location>
        <Directory ${webRoot}>
          DirectoryIndex index.php index.htm index.html
          Options Indexes FollowSymLinks MultiViews Includes
          AllowOverride all
          Require all granted
        </Directory>
          ''
      ];
    };
  };
}
Commit	Line	Data
2ff9258e IB	1	{ lib, pkgs, config, ... }:
	2	let
	3	secrets = config.myEnv.websites.chloe.new;
	4	cfg = config.myServices.websites.chloe.new;
	5	ftpRoot = "/var/lib/chloe_new";
a8001be4	6	webRoot = "${ftpRoot}/wordpress";
2ff9258e IB	7	in {
	8	options.myServices.websites.chloe.new.enable = lib.mkEnableOption "enable Chloe's new website in integration";
	9
	10	config = lib.mkIf cfg.enable {
	11	services.phpfpm.pools.chloe_new_integration = {
	12	user = config.services.httpd.Inte.user;
	13	group = config.services.httpd.Inte.group;
	14	settings = {
	15	"listen.owner" = config.services.httpd.Inte.user;
	16	"listen.group" = config.services.httpd.Inte.group;
	17	"php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
a8001be4	18	webRoot
2ff9258e IB	19	"/tmp"
2ff9258e IB	20	];
bbea22c0 IB	21	"php_admin_value[session.save_handler]" = "redis";
bbea22c0 IB	22	"php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Chloe:NewIntegration:'";
2ff9258e IB	23	"php_admin_value[upload_max_filesize]" = "20M";
	24	"php_admin_value[post_max_size]" = "20M";
	25	#"php_admin_flag[log_errors]" = "on";
	26	"pm" = "ondemand";
	27	"pm.max_children" = "5";
	28	"pm.process_idle_timeout" = "60";
	29	};
bbea22c0	30	phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]);
2ff9258e IB	31	};
	32
	33	system.activationScripts.chloe_new_integration = {
	34	deps = ["users"];
	35	text = ''
bbea22c0	36	install -m 0700 -o ${config.services.httpd.Inte.user} -g ${config.services.httpd.Inte.group} -d ${ftpRoot}
2ff9258e IB	37	'';
	38	};
	39
2ff9258e IB	40	services.websites.env.integration.vhostConfs.chloe_new_integration = {
	41	certName = "integration";
	42	addToCerts = true;
	43	hosts = [ "new.chc.immae.dev" ];
	44	root = webRoot;
a8001be4	45	extraConfig = [
2ff9258e IB	46	''
	47	<FilesMatch "\.php$">
	48	SetHandler "proxy:unix:${config.services.phpfpm.pools.chloe_new_integration.socket}\|fcgi://localhost"
	49	</FilesMatch>
	50
	51	<Location />
	52	Use LDAPConnect
	53	Require ldap-group cn=chc.immae.dev,cn=httpd,ou=services,dc=immae,dc=eu
	54	</Location>
	55
a8001be4 IB	56	<Location /xmlrpc.php>
	57	AllowOverride None
	58	Require all denied
	59	</Location>
2ff9258e	60	<Directory ${webRoot}>
a8001be4	61	DirectoryIndex index.php index.htm index.html
2ff9258e	62	Options Indexes FollowSymLinks MultiViews Includes
a8001be4	63	AllowOverride all
2ff9258e	64	Require all granted
2ff9258e	65	</Directory>
a8001be4	66	''
2ff9258e IB	67	];
	68	};
	69	};
	70	}