]>
Commit | Line | Data |
---|---|---|
965b61c2 IB |
1 | { lib, pkgs, config, ... }: |
2 | let | |
3 | secrets = config.myEnv.websites.nicecoop.gestion-compte; | |
4 | varDir = "/var/lib/nicecoop_gestion-compte/var"; | |
5 | parametersPath = "/var/lib/buildbot/outputs/nicecoop/gestion/production/parameters.yml"; | |
6 | app = pkgs.callPackage ./gestion-compte { | |
7 | inherit varDir; | |
8 | secretsPath = parametersPath; | |
9 | }; | |
10 | cfg = config.myServices.websites.nicecoop.gestion-compte; | |
11 | in { | |
12 | options.myServices.websites.nicecoop.gestion-compte.enable = lib.mkEnableOption "enable nicecoop's gestion-compte website"; | |
13 | ||
14 | config = lib.mkIf cfg.enable { | |
15 | services.phpfpm.pools.nicecoop_gestion-compte = { | |
16 | user = config.services.httpd.Prod.user; | |
17 | group = config.services.httpd.Prod.group; | |
18 | settings = { | |
19 | "listen.owner" = config.services.httpd.Prod.user; | |
20 | "listen.group" = config.services.httpd.Prod.group; | |
21 | "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [ | |
22 | app | |
23 | varDir | |
24 | parametersPath | |
25 | "/tmp" | |
26 | ]; | |
27 | "php_admin_value[upload_max_filesize]" = "20M"; | |
28 | "php_admin_value[post_max_size]" = "20M"; | |
bbea22c0 IB |
29 | "php_admin_value[session.save_handler]" = "redis"; |
30 | "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Nicecoop:GestionCompteProduction:'"; | |
965b61c2 IB |
31 | "pm" = "dynamic"; |
32 | "pm.max_children" = "20"; | |
33 | "pm.start_servers" = "2"; | |
34 | "pm.min_spare_servers" = "1"; | |
35 | "pm.max_spare_servers" = "3"; | |
36 | }; | |
bbea22c0 | 37 | phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]); |
965b61c2 IB |
38 | }; |
39 | system.extraSystemBuilderCmds = let | |
40 | tarball = pkgs.runCommand "production.tar.gz" {} '' | |
41 | tar -P --transform="s@${app}@production_app@" -czf $out ${app} | |
42 | ''; | |
43 | in '' | |
44 | mkdir -p $out/nicecoop/gestion | |
45 | ln -s ${tarball} $out/nicecoop/gestion/production.tar.gz | |
46 | ''; | |
47 | systemd.services.phpfpm-nicecoop_gestion-compte = { | |
48 | after = lib.mkAfter ["mysql.service"]; | |
49 | wants = ["mysql.service"]; | |
50 | preStart = lib.mkAfter '' | |
51 | /run/wrappers/bin/sudo chown wwwrun:wwwrun ${parametersPath} | |
52 | watchFilesChanged() { | |
53 | [ ! -f "${varDir}"/watchedFiles ] \ | |
54 | || ! sha512sum -c --status ${varDir}/watchedFiles | |
55 | } | |
56 | appDirChanged() { | |
57 | [ ! -f "${varDir}/currentWebappDir" -o \ | |
58 | "${app}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ] | |
59 | } | |
60 | updateWatchFiles() { | |
61 | sha512sum ${parametersPath} > ${varDir}/watchedFiles | |
62 | } | |
63 | ||
64 | if watchFilesChanged || appDirChanged; then | |
65 | pushd ${app} > /dev/null | |
66 | /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod cache:clear | |
67 | /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:database:create -n --if-not-exists | |
68 | /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate -n | |
69 | popd > /dev/null | |
70 | echo -n "${app}" > ${varDir}/currentWebappDir | |
71 | updateWatchFiles | |
72 | fi | |
73 | ''; | |
74 | }; | |
75 | ||
76 | services.cron = { | |
77 | systemCronJobs = let | |
78 | prefix = "${config.services.httpd.Prod.user} cd ${app} && ./bin/console --env=prod"; | |
79 | in [ | |
80 | '' | |
69280400 IB |
81 | # generate shifts in 80 to 90 days |
82 | 55 5 * * * ${prefix} app:shift:generate --quiet $(date -d "+80 days" +\%Y-\%m-\%d) --to $(date -d "+90 days" +\%Y-\%m-\%d) | |
965b61c2 IB |
83 | |
84 | # free pre-booked shifts | |
69280400 | 85 | 55 5 * * * ${prefix} app:shift:free --quiet $(date -d "+21 days" +\%Y-\%m-\%d) |
965b61c2 IB |
86 | |
87 | # send reminder 2 days before shift | |
69280400 | 88 | #0 6 * * * ${prefix} app:shift:reminder --quiet $(date -d "+2 days" +\%Y-\%m-\%d) |
965b61c2 IB |
89 | |
90 | # execute routine for cycle_end/cycle_start, everyday | |
69280400 IB |
91 | 5 6 * * * ${prefix} app:user:cycle_start --quiet |
92 | ||
93 | # Reports the list of late shifters to RH | |
94 | 0 0 1 * * ${prefix} app:shift:send_late_shifters --quiet --emails=cebayle@gmail.com | |
965b61c2 IB |
95 | |
96 | # send alert on shifts booking (low) | |
69280400 | 97 | #0 10 * * * ${prefix} app:shift:send_alerts --quiet --emails creneaux@nicecoop.fr $(date -d "+2 days" +\%Y-\%m-\%d) 1 |
965b61c2 IB |
98 | |
99 | # send a reminder mail to the user who generate the last code but did not validate the change. | |
69280400 | 100 | #45 21 * * * ${prefix} app:code:verify_change --quiet --last_run 24 |
965b61c2 IB |
101 | '' |
102 | ]; | |
103 | }; | |
104 | ||
105 | system.activationScripts.nicecoop_gestion-compte = { | |
106 | deps = []; | |
107 | text = '' | |
bbea22c0 | 108 | install -m 0700 -o wwwrun -g wwwrun -d ${varDir} ${varDir}/var |
965b61c2 IB |
109 | ''; |
110 | }; | |
111 | ||
112 | services.filesWatcher.phpfpm-nicecoop_gestion-compte = { | |
113 | restart = true; | |
114 | paths = [ | |
115 | parametersPath | |
116 | ]; | |
117 | }; | |
118 | ||
119 | secrets.keys."buildbot/nicecoop/production.yml" = { | |
120 | user = "buildbot"; | |
121 | group = "buildbot"; | |
122 | permissions = "0400"; | |
123 | text = builtins.toJSON { | |
124 | database = { | |
125 | host = secrets.mysql.host; | |
126 | port = secrets.mysql.port; | |
127 | name = secrets.mysql.database; | |
128 | user = secrets.mysql.user; | |
129 | password = secrets.mysql.password; | |
e34b3079 | 130 | version = config.myServices.databases.mariadb.package.mysqlVersion; |
965b61c2 IB |
131 | }; |
132 | admipassword = secrets.adminpassword; | |
133 | smtp = { | |
134 | host = secrets.smtp.host; | |
135 | port = secrets.smtp.port; | |
136 | email = secrets.smtp.email; | |
137 | password = secrets.smtp.password; | |
138 | }; | |
139 | secret = secrets.secret; | |
140 | }; | |
141 | }; | |
142 | ||
143 | # secrets.keys."websites/nicecoop/gestion-compte" = { | |
144 | # user = config.services.httpd.Prod.user; | |
145 | # group = config.services.httpd.Prod.group; | |
146 | # permissions = "0400"; | |
147 | # text = '' | |
148 | # # This file is auto-generated during the composer install | |
149 | # parameters: | |
150 | # database_host: ${secrets.mysql.host} | |
151 | # database_port: ${secrets.mysql.port} | |
152 | # database_name: ${secrets.mysql.database} | |
153 | # database_user: ${secrets.mysql.user} | |
154 | # database_password: ${secrets.mysql.password} | |
155 | # database_version: ${pkgs.mariadb.mysqlVersion} | |
156 | # super_admin.username: admin | |
157 | # super_admin.initial_password: ${secrets.adminpassword} | |
158 | # mailer_transport: smtp | |
159 | # mailer_host: ${secrets.smtp.host} | |
160 | # mailer_port: ${secrets.smtp.port} | |
161 | # mailer_user: ${secrets.smtp.email} | |
162 | # mailer_password: ${secrets.smtp.password} | |
163 | # mailer_encryption: tls | |
164 | # transactional_mailer_user: ${secrets.smtp.email} | |
165 | # transactional_mailer_user_name: 'espace membre' | |
166 | # emails.base_domain: tools.immae.eu | |
167 | # emails.contact: | |
168 | # from_name: 'Contact Nicecoop' | |
169 | # address: ${secrets.smtp.email} | |
170 | # emails.member: | |
171 | # from_name: 'Membres Nicecoop' | |
172 | # address: ${secrets.smtp.email} | |
173 | # emails.shift: | |
174 | # from_name: 'Créneaux Nicecoop' | |
175 | # address: ${secrets.smtp.email} | |
176 | # emails.formation: | |
177 | # from_name: 'Formation Nicecoop' | |
178 | # address: ${secrets.smtp.email} | |
179 | # emails.admin: | |
180 | # from_name: 'Admin Nicecoop' | |
181 | # address: ${secrets.smtp.email} | |
182 | # emails.noreply: | |
183 | # from_name: 'Ne pas répondre' | |
184 | # address: ${secrets.smtp.email} | |
185 | # emails.sendable: | |
186 | # - '%emails.contact%' | |
187 | # - '%emails.member%' | |
188 | # - '%emails.shift%' | |
189 | # - '%emails.formation%' | |
190 | # - '%emails.admin%' | |
191 | # - '%emails.noreply%' | |
192 | # shift_mailer_user: null | |
193 | # secret: ${secrets.secret} | |
194 | # router.request_context.host: membre.nicecoop.fr | |
195 | # router.request_context.scheme: https | |
196 | # router.request_context.base_url: null | |
197 | # site_name: 'Espace membre @ Nicecoop' | |
198 | # project_name: 'Nicecoop' | |
199 | # project_url: 'https://membre.nicecoop.fr/' | |
200 | # project_url_display: membre.nicecoop.fr | |
201 | # main_color: null | |
202 | # local_currency_name: 'monnaie locale' | |
203 | # place_local_ip_address: '127.0.0.1,192.168.0.x' | |
204 | # wiki_keys_url: null | |
205 | # registration_duration: '1 year' | |
206 | # registration_every_civil_year: false | |
207 | # helloasso_registration_campaign_url: 'https://www.helloasso.com/associations/my-local-coop/adhesions/re-adhesion' | |
208 | # helloasso_campaign_id: null | |
209 | # helloasso_api_key: null | |
210 | # helloasso_api_password: null | |
211 | # helloasso_api_base_url: 'https://api.helloasso.com/v3/' | |
212 | # due_duration_by_cycle: 180 | |
213 | # min_shift_duration: 90 | |
214 | # cycle_duration: '28 days' | |
215 | # maximum_nb_of_beneficiaries_in_membership: 2 | |
216 | # new_users_start_as_beginner: true | |
217 | # allow_extra_shifts: true | |
218 | # max_time_in_advance_to_book_extra_shifts: '3 days' | |
219 | # display_gauge: true | |
220 | # use_fly_and_fixed: false | |
221 | # time_after_which_members_are_late_with_shifts: -9 | |
222 | # reserve_new_shift_to_prior_shifter: true | |
223 | # forbid_shift_overlap_time: 30 | |
224 | # display_name_shifters: false | |
225 | # use_card_reader_to_validate_shifts: false | |
226 | # max_time_at_end_of_shift: 0 | |
227 | # swipe_card_logging: true | |
228 | # display_swipe_cards_settings: true | |
229 | # logging.mattermost.enabled: false | |
230 | # logging.mattermost.level: critical | |
231 | # logging.mattermost.url: 'http://mattermost.yourcoop.local' | |
232 | # logging.mattermost.channel: null | |
233 | # logging.swiftmailer.enabled: false | |
234 | # logging.swiftmailer.level: critical | |
235 | # logging.swiftmailer.recipient: null | |
236 | # code_generation_enabled: true | |
237 | # display_freeze_account: true | |
238 | # display_keys_shop: true | |
239 | # services: | |
240 | # swiftmailer.mailer.default.transport: | |
241 | # class: Swift_SendmailTransport | |
242 | # arguments: ['/run/wrappers/bin/sendmail -bs'] | |
243 | # ''; | |
244 | # }; | |
245 | ||
246 | services.websites.env.production.vhostConfs.nicecoop_gestion-compte = { | |
247 | certName = "nicecoop"; | |
248 | certMainHost = "membre.nicecoop.fr"; | |
249 | hosts = ["membre.nicecoop.fr"]; | |
250 | root = app.webRoot; | |
251 | extraConfig = [ | |
252 | '' | |
253 | <FilesMatch "\.php$"> | |
254 | SetHandler "proxy:unix:${config.services.phpfpm.pools.nicecoop_gestion-compte.socket}|fcgi://localhost" | |
255 | </FilesMatch> | |
256 | ||
257 | <Directory ${app.webRoot}> | |
258 | Options Indexes FollowSymLinks MultiViews Includes | |
259 | AllowOverride All | |
260 | Require all granted | |
261 | </Directory> | |
262 | '' | |
263 | ]; | |
264 | }; | |
265 | }; | |
266 | } |