]>
Commit | Line | Data |
---|---|---|
8a964143 | 1 | { lib, pkgs, config, myconfig, ... }: |
2f0f1c48 | 2 | let |
c890321d | 3 | adminer = pkgs.callPackage ../commons/adminer.nix {}; |
1594c8da IB |
4 | secrets = myconfig.env.websites.tellesflorian.integration; |
5 | app = pkgs.webapps.tellesflorian.override { environment = secrets.environment; }; | |
f8026b6e | 6 | cfg = config.myServices.websites.florian.app; |
1594c8da | 7 | pcfg = config.services.phpApplication; |
2f0f1c48 | 8 | in { |
f8026b6e | 9 | options.myServices.websites.florian.app.enable = lib.mkEnableOption "enable Florian's app in integration"; |
2f0f1c48 | 10 | |
f8026b6e | 11 | config = lib.mkIf cfg.enable { |
1594c8da IB |
12 | services.phpApplication.apps.florian_dev = { |
13 | websiteEnv = "integration"; | |
14 | httpdUser = config.services.httpd.Inte.user; | |
15 | httpdGroup = config.services.httpd.Inte.group; | |
16 | inherit (app) webRoot varDir; | |
17 | varDirPaths = { | |
18 | "var" = "0700"; | |
19 | }; | |
20 | inherit app; | |
21 | serviceDeps = [ "mysql.service" ]; | |
22 | preStartActions = [ | |
23 | "./bin/console --env=${app.environment} cache:clear --no-warmup" | |
24 | ]; | |
25 | phpOpenbasedir = [ "/tmp" ]; | |
26 | phpPool = '' | |
27 | php_admin_value[upload_max_filesize] = 20M | |
28 | php_admin_value[post_max_size] = 20M | |
29 | ;php_admin_flag[log_errors] = on | |
30 | pm = ondemand | |
31 | pm.max_children = 5 | |
32 | pm.process_idle_timeout = 60 | |
33 | env[SYMFONY_DEBUG_MODE] = "yes" | |
34 | ''; | |
35 | phpWatchFiles = [ | |
36 | config.secrets.fullPaths."webapps/${app.environment}-tellesflorian" | |
37 | ]; | |
38 | }; | |
39 | ||
40 | secrets.keys = [ | |
41 | { | |
42 | dest = "webapps/${app.environment}-tellesflorian-passwords"; | |
43 | user = config.services.httpd.Inte.user; | |
9f66adf4 | 44 | group = config.services.httpd.Inte.group; |
1594c8da IB |
45 | permissions = "0400"; |
46 | text = '' | |
47 | invite:${secrets.invite_passwords} | |
48 | ''; | |
49 | } | |
50 | { | |
51 | dest = "webapps/${app.environment}-tellesflorian"; | |
52 | user = config.services.httpd.Inte.user; | |
9f66adf4 | 53 | group = config.services.httpd.Inte.group; |
1594c8da IB |
54 | permissions = "0400"; |
55 | text = '' | |
56 | # This file is auto-generated during the composer install | |
57 | parameters: | |
58 | database_host: ${secrets.mysql.host} | |
59 | database_port: ${secrets.mysql.port} | |
60 | database_name: ${secrets.mysql.name} | |
61 | database_user: ${secrets.mysql.user} | |
62 | database_password: ${secrets.mysql.password} | |
63 | mailer_transport: smtp | |
64 | mailer_host: 127.0.0.1 | |
65 | mailer_user: null | |
66 | mailer_password: null | |
67 | secret: ${secrets.secret} | |
68 | ''; | |
69 | } | |
70 | ]; | |
71 | ||
72 | services.websites.env.integration.modules = adminer.apache.modules; | |
73 | services.websites.env.integration.vhostConfs.florian_dev = { | |
74 | certName = "eldiron"; | |
7df420c2 | 75 | addToCerts = true; |
1594c8da IB |
76 | hosts = [ "app.tellesflorian.com" ]; |
77 | root = pcfg.webappDirs.florian_dev; | |
2f0f1c48 | 78 | extraConfig = [ |
1594c8da IB |
79 | '' |
80 | <FilesMatch "\.php$"> | |
81 | SetHandler "proxy:unix:${pcfg.phpListenPaths.florian_dev}|fcgi://localhost" | |
82 | </FilesMatch> | |
83 | ||
84 | <Location /> | |
85 | AuthBasicProvider file ldap | |
86 | Use LDAPConnect | |
87 | Require ldap-group cn=app.tellesflorian.com,cn=httpd,ou=services,dc=immae,dc=eu | |
88 | ||
89 | AuthUserFile "${config.secrets.fullPaths."webapps/${app.environment}-tellesflorian-passwords"}" | |
90 | Require user "invite" | |
91 | ||
92 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://tellesflorian.com\"></html>" | |
93 | </Location> | |
94 | ||
95 | <Directory ${pcfg.webappDirs.florian_dev}> | |
96 | Options Indexes FollowSymLinks MultiViews Includes | |
97 | AllowOverride None | |
98 | Require all granted | |
99 | ||
100 | DirectoryIndex app_dev.php | |
101 | ||
102 | <IfModule mod_negotiation.c> | |
103 | Options -MultiViews | |
104 | </IfModule> | |
105 | ||
106 | <IfModule mod_rewrite.c> | |
107 | RewriteEngine On | |
108 | ||
109 | RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$ | |
110 | RewriteRule ^(.*) - [E=BASE:%1] | |
111 | ||
112 | # Maintenance script | |
113 | RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f | |
114 | RewriteCond %{SCRIPT_FILENAME} !maintenance.php | |
115 | RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L] | |
116 | ErrorDocument 503 /maintenance.php | |
117 | ||
118 | # Sets the HTTP_AUTHORIZATION header removed by Apache | |
119 | RewriteCond %{HTTP:Authorization} . | |
120 | RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] | |
121 | ||
122 | RewriteCond %{ENV:REDIRECT_STATUS} ^$ | |
123 | RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L] | |
124 | ||
125 | # If the requested filename exists, simply serve it. | |
126 | # We only want to let Apache serve files and not directories. | |
127 | RewriteCond %{REQUEST_FILENAME} -f | |
128 | RewriteRule ^ - [L] | |
129 | ||
130 | # Rewrite all other queries to the front controller. | |
131 | RewriteRule ^ %{ENV:BASE}/app_dev.php [L] | |
132 | </IfModule> | |
133 | ||
134 | </Directory> | |
135 | '' | |
2f0f1c48 IB |
136 | adminer.apache.vhostConf |
137 | ]; | |
138 | }; | |
139 | }; | |
140 | } |