]> git.immae.eu Git - perso/Immae/Config/Nix.git/blame - modules/private/websites/nicecoop/gestion-compte.nix
projects / perso / Immae / Config / Nix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Fix rsync backup failures
[perso/Immae/Config/Nix.git] / modules / private / websites / nicecoop / gestion-compte.nix
CommitLineData
965b61c2
IB		 1{ lib, pkgs, config, ... }:
2let
3 secrets = config.myEnv.websites.nicecoop.gestion-compte;
4 varDir = "/var/lib/nicecoop_gestion-compte/var";
5 parametersPath = "/var/lib/buildbot/outputs/nicecoop/gestion/production/parameters.yml";
6 app = pkgs.callPackage ./gestion-compte {
7 inherit varDir;
8 secretsPath = parametersPath;
9 };
10 cfg = config.myServices.websites.nicecoop.gestion-compte;
11in {
12 options.myServices.websites.nicecoop.gestion-compte.enable = lib.mkEnableOption "enable nicecoop's gestion-compte website";
13
14 config = lib.mkIf cfg.enable {
15 services.phpfpm.pools.nicecoop_gestion-compte = {
16 user = config.services.httpd.Prod.user;
17 group = config.services.httpd.Prod.group;
18 settings = {
19 "listen.owner" = config.services.httpd.Prod.user;
20 "listen.group" = config.services.httpd.Prod.group;
21 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
22 app
23 varDir
24 parametersPath
25 "/tmp"
26 ];
27 "php_admin_value[upload_max_filesize]" = "20M";
28 "php_admin_value[post_max_size]" = "20M";
bbea22c0
IB		 29 "php_admin_value[session.save_handler]" = "redis";
30 "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Nicecoop:GestionCompteProduction:'";
965b61c2
IB		 31 "pm" = "dynamic";
32 "pm.max_children" = "20";
33 "pm.start_servers" = "2";
34 "pm.min_spare_servers" = "1";
35 "pm.max_spare_servers" = "3";
36 };
bbea22c0 37 phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]);
965b61c2
IB		 38 };
39 system.extraSystemBuilderCmds = let
40 tarball = pkgs.runCommand "production.tar.gz" {} ''
41 tar -P --transform="s@${app}@production_app@" -czf $out ${app}
42 '';
43 in ''
44 mkdir -p $out/nicecoop/gestion
45 ln -s ${tarball} $out/nicecoop/gestion/production.tar.gz
46 '';
47 systemd.services.phpfpm-nicecoop_gestion-compte = {
48 after = lib.mkAfter ["mysql.service"];
49 wants = ["mysql.service"];
50 preStart = lib.mkAfter ''
51 /run/wrappers/bin/sudo chown wwwrun:wwwrun ${parametersPath}
52 watchFilesChanged() {
53 [ ! -f "${varDir}"/watchedFiles ] \
54 || ! sha512sum -c --status ${varDir}/watchedFiles
55 }
56 appDirChanged() {
57 [ ! -f "${varDir}/currentWebappDir" -o \
58 "${app}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]
59 }
60 updateWatchFiles() {
61 sha512sum ${parametersPath} > ${varDir}/watchedFiles
62 }
63
64 if watchFilesChanged || appDirChanged; then
65 pushd ${app} > /dev/null
66 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod cache:clear
67 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:database:create -n --if-not-exists
68 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate -n
69 popd > /dev/null
70 echo -n "${app}" > ${varDir}/currentWebappDir
71 updateWatchFiles
72 fi
73 '';
74 };
75
76 services.cron = {
77 systemCronJobs = let
78 prefix = "${config.services.httpd.Prod.user} cd ${app} && ./bin/console --env=prod";
79 in [
80 ''
81 # generate shifts in 27 days (same weekday as yesterday)
82 55 5 * * * ${prefix} app:shift:generate $(date -d "+27 days" +\%Y-\%m-\%d)
83
84 # free pre-booked shifts
85 55 5 * * * ${prefix} app:shift:free $(date -d "+21 days" +\%Y-\%m-\%d)
86
87 # send reminder 2 days before shift
88 #0 6 * * * ${prefix} app:shift:reminder $(date -d "+2 days" +\%Y-\%m-\%d)
89
90 # execute routine for cycle_end/cycle_start, everyday
91 5 6 * * * ${prefix} app:user:cycle_start
92
93 # send alert on shifts booking (low)
94 #0 10 * * * ${prefix} app:shift:send_alerts --emails creneaux@nicecoop.fr $(date -d "+2 days" +\%Y-\%m-\%d) 1
95
96 # send a reminder mail to the user who generate the last code but did not validate the change.
97 #45 21 * * * ${prefix} app:code:verify_change --last_run 24
98 ''
99 ];
100 };
101
102 system.activationScripts.nicecoop_gestion-compte = {
103 deps = [];
104 text = ''
bbea22c0 105 install -m 0700 -o wwwrun -g wwwrun -d ${varDir} ${varDir}/var
965b61c2
IB		 106 '';
107 };
108
109 services.filesWatcher.phpfpm-nicecoop_gestion-compte = {
110 restart = true;
111 paths = [
112 parametersPath
113 ];
114 };
115
116 secrets.keys."buildbot/nicecoop/production.yml" = {
117 user = "buildbot";
118 group = "buildbot";
119 permissions = "0400";
120 text = builtins.toJSON {
121 database = {
122 host = secrets.mysql.host;
123 port = secrets.mysql.port;
124 name = secrets.mysql.database;
125 user = secrets.mysql.user;
126 password = secrets.mysql.password;
e34b3079 127 version = config.myServices.databases.mariadb.package.mysqlVersion;
965b61c2
IB		 128 };
129 admipassword = secrets.adminpassword;
130 smtp = {
131 host = secrets.smtp.host;
132 port = secrets.smtp.port;
133 email = secrets.smtp.email;
134 password = secrets.smtp.password;
135 };
136 secret = secrets.secret;
137 };
138 };
139
140 # secrets.keys."websites/nicecoop/gestion-compte" = {
141 # user = config.services.httpd.Prod.user;
142 # group = config.services.httpd.Prod.group;
143 # permissions = "0400";
144 # text = ''
145 # # This file is auto-generated during the composer install
146 # parameters:
147 # database_host: ${secrets.mysql.host}
148 # database_port: ${secrets.mysql.port}
149 # database_name: ${secrets.mysql.database}
150 # database_user: ${secrets.mysql.user}
151 # database_password: ${secrets.mysql.password}
152 # database_version: ${pkgs.mariadb.mysqlVersion}
153 # super_admin.username: admin
154 # super_admin.initial_password: ${secrets.adminpassword}
155 # mailer_transport: smtp
156 # mailer_host: ${secrets.smtp.host}
157 # mailer_port: ${secrets.smtp.port}
158 # mailer_user: ${secrets.smtp.email}
159 # mailer_password: ${secrets.smtp.password}
160 # mailer_encryption: tls
161 # transactional_mailer_user: ${secrets.smtp.email}
162 # transactional_mailer_user_name: 'espace membre'
163 # emails.base_domain: tools.immae.eu
164 # emails.contact:
165 # from_name: 'Contact Nicecoop'
166 # address: ${secrets.smtp.email}
167 # emails.member:
168 # from_name: 'Membres Nicecoop'
169 # address: ${secrets.smtp.email}
170 # emails.shift:
171 # from_name: 'Créneaux Nicecoop'
172 # address: ${secrets.smtp.email}
173 # emails.formation:
174 # from_name: 'Formation Nicecoop'
175 # address: ${secrets.smtp.email}
176 # emails.admin:
177 # from_name: 'Admin Nicecoop'
178 # address: ${secrets.smtp.email}
179 # emails.noreply:
180 # from_name: 'Ne pas répondre'
181 # address: ${secrets.smtp.email}
182 # emails.sendable:
183 # - '%emails.contact%'
184 # - '%emails.member%'
185 # - '%emails.shift%'
186 # - '%emails.formation%'
187 # - '%emails.admin%'
188 # - '%emails.noreply%'
189 # shift_mailer_user: null
190 # secret: ${secrets.secret}
191 # router.request_context.host: membre.nicecoop.fr
192 # router.request_context.scheme: https
193 # router.request_context.base_url: null
194 # site_name: 'Espace membre @ Nicecoop'
195 # project_name: 'Nicecoop'
196 # project_url: 'https://membre.nicecoop.fr/'
197 # project_url_display: membre.nicecoop.fr
198 # main_color: null
199 # local_currency_name: 'monnaie locale'
200 # place_local_ip_address: '127.0.0.1,192.168.0.x'
201 # wiki_keys_url: null
202 # registration_duration: '1 year'
203 # registration_every_civil_year: false
204 # helloasso_registration_campaign_url: 'https://www.helloasso.com/associations/my-local-coop/adhesions/re-adhesion'
205 # helloasso_campaign_id: null
206 # helloasso_api_key: null
207 # helloasso_api_password: null
208 # helloasso_api_base_url: 'https://api.helloasso.com/v3/'
209 # due_duration_by_cycle: 180
210 # min_shift_duration: 90
211 # cycle_duration: '28 days'
212 # maximum_nb_of_beneficiaries_in_membership: 2
213 # new_users_start_as_beginner: true
214 # allow_extra_shifts: true
215 # max_time_in_advance_to_book_extra_shifts: '3 days'
216 # display_gauge: true
217 # use_fly_and_fixed: false
218 # time_after_which_members_are_late_with_shifts: -9
219 # reserve_new_shift_to_prior_shifter: true
220 # forbid_shift_overlap_time: 30
221 # display_name_shifters: false
222 # use_card_reader_to_validate_shifts: false
223 # max_time_at_end_of_shift: 0
224 # swipe_card_logging: true
225 # display_swipe_cards_settings: true
226 # logging.mattermost.enabled: false
227 # logging.mattermost.level: critical
228 # logging.mattermost.url: 'http://mattermost.yourcoop.local'
229 # logging.mattermost.channel: null
230 # logging.swiftmailer.enabled: false
231 # logging.swiftmailer.level: critical
232 # logging.swiftmailer.recipient: null
233 # code_generation_enabled: true
234 # display_freeze_account: true
235 # display_keys_shop: true
236 # services:
237 # swiftmailer.mailer.default.transport:
238 # class: Swift_SendmailTransport
239 # arguments: ['/run/wrappers/bin/sendmail -bs']
240 # '';
241 # };
242
243 services.websites.env.production.vhostConfs.nicecoop_gestion-compte = {
244 certName = "nicecoop";
245 certMainHost = "membre.nicecoop.fr";
246 hosts = ["membre.nicecoop.fr"];
247 root = app.webRoot;
248 extraConfig = [
249 ''
250 <FilesMatch "\.php$">
251 SetHandler "proxy:unix:${config.services.phpfpm.pools.nicecoop_gestion-compte.socket}|fcgi://localhost"
252 </FilesMatch>
253
254 <Directory ${app.webRoot}>
255 Options Indexes FollowSymLinks MultiViews Includes
256 AllowOverride All
257 Require all granted
258 </Directory>
259 ''
260 ];
261 };
262 };
263}
My infrastructure configuration