]>
Commit | Line | Data |
---|---|---|
965b61c2 IB |
1 | { lib, pkgs, config, ... }: |
2 | let | |
3 | secrets = config.myEnv.websites.nicecoop.gestion-compte; | |
4 | varDir = "/var/lib/nicecoop_gestion-compte/var"; | |
5 | parametersPath = "/var/lib/buildbot/outputs/nicecoop/gestion/production/parameters.yml"; | |
6 | app = pkgs.callPackage ./gestion-compte { | |
7 | inherit varDir; | |
8 | secretsPath = parametersPath; | |
9 | }; | |
10 | cfg = config.myServices.websites.nicecoop.gestion-compte; | |
11 | in { | |
12 | options.myServices.websites.nicecoop.gestion-compte.enable = lib.mkEnableOption "enable nicecoop's gestion-compte website"; | |
13 | ||
14 | config = lib.mkIf cfg.enable { | |
15 | services.phpfpm.pools.nicecoop_gestion-compte = { | |
16 | user = config.services.httpd.Prod.user; | |
17 | group = config.services.httpd.Prod.group; | |
18 | settings = { | |
19 | "listen.owner" = config.services.httpd.Prod.user; | |
20 | "listen.group" = config.services.httpd.Prod.group; | |
21 | "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [ | |
22 | app | |
23 | varDir | |
24 | parametersPath | |
25 | "/tmp" | |
26 | ]; | |
27 | "php_admin_value[upload_max_filesize]" = "20M"; | |
28 | "php_admin_value[post_max_size]" = "20M"; | |
bbea22c0 IB |
29 | "php_admin_value[session.save_handler]" = "redis"; |
30 | "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Nicecoop:GestionCompteProduction:'"; | |
965b61c2 IB |
31 | "pm" = "dynamic"; |
32 | "pm.max_children" = "20"; | |
33 | "pm.start_servers" = "2"; | |
34 | "pm.min_spare_servers" = "1"; | |
35 | "pm.max_spare_servers" = "3"; | |
36 | }; | |
bbea22c0 | 37 | phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]); |
965b61c2 IB |
38 | }; |
39 | system.extraSystemBuilderCmds = let | |
40 | tarball = pkgs.runCommand "production.tar.gz" {} '' | |
41 | tar -P --transform="s@${app}@production_app@" -czf $out ${app} | |
42 | ''; | |
43 | in '' | |
44 | mkdir -p $out/nicecoop/gestion | |
45 | ln -s ${tarball} $out/nicecoop/gestion/production.tar.gz | |
46 | ''; | |
47 | systemd.services.phpfpm-nicecoop_gestion-compte = { | |
48 | after = lib.mkAfter ["mysql.service"]; | |
49 | wants = ["mysql.service"]; | |
50 | preStart = lib.mkAfter '' | |
51 | /run/wrappers/bin/sudo chown wwwrun:wwwrun ${parametersPath} | |
52 | watchFilesChanged() { | |
53 | [ ! -f "${varDir}"/watchedFiles ] \ | |
54 | || ! sha512sum -c --status ${varDir}/watchedFiles | |
55 | } | |
56 | appDirChanged() { | |
57 | [ ! -f "${varDir}/currentWebappDir" -o \ | |
58 | "${app}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ] | |
59 | } | |
60 | updateWatchFiles() { | |
61 | sha512sum ${parametersPath} > ${varDir}/watchedFiles | |
62 | } | |
63 | ||
64 | if watchFilesChanged || appDirChanged; then | |
65 | pushd ${app} > /dev/null | |
66 | /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod cache:clear | |
67 | /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:database:create -n --if-not-exists | |
68 | /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate -n | |
69 | popd > /dev/null | |
70 | echo -n "${app}" > ${varDir}/currentWebappDir | |
71 | updateWatchFiles | |
72 | fi | |
73 | ''; | |
74 | }; | |
75 | ||
76 | services.cron = { | |
77 | systemCronJobs = let | |
78 | prefix = "${config.services.httpd.Prod.user} cd ${app} && ./bin/console --env=prod"; | |
79 | in [ | |
80 | '' | |
81 | # generate shifts in 27 days (same weekday as yesterday) | |
82 | 55 5 * * * ${prefix} app:shift:generate $(date -d "+27 days" +\%Y-\%m-\%d) | |
83 | ||
84 | # free pre-booked shifts | |
85 | 55 5 * * * ${prefix} app:shift:free $(date -d "+21 days" +\%Y-\%m-\%d) | |
86 | ||
87 | # send reminder 2 days before shift | |
88 | #0 6 * * * ${prefix} app:shift:reminder $(date -d "+2 days" +\%Y-\%m-\%d) | |
89 | ||
90 | # execute routine for cycle_end/cycle_start, everyday | |
91 | 5 6 * * * ${prefix} app:user:cycle_start | |
92 | ||
93 | # send alert on shifts booking (low) | |
94 | #0 10 * * * ${prefix} app:shift:send_alerts --emails creneaux@nicecoop.fr $(date -d "+2 days" +\%Y-\%m-\%d) 1 | |
95 | ||
96 | # send a reminder mail to the user who generate the last code but did not validate the change. | |
97 | #45 21 * * * ${prefix} app:code:verify_change --last_run 24 | |
98 | '' | |
99 | ]; | |
100 | }; | |
101 | ||
102 | system.activationScripts.nicecoop_gestion-compte = { | |
103 | deps = []; | |
104 | text = '' | |
bbea22c0 | 105 | install -m 0700 -o wwwrun -g wwwrun -d ${varDir} ${varDir}/var |
965b61c2 IB |
106 | ''; |
107 | }; | |
108 | ||
109 | services.filesWatcher.phpfpm-nicecoop_gestion-compte = { | |
110 | restart = true; | |
111 | paths = [ | |
112 | parametersPath | |
113 | ]; | |
114 | }; | |
115 | ||
116 | secrets.keys."buildbot/nicecoop/production.yml" = { | |
117 | user = "buildbot"; | |
118 | group = "buildbot"; | |
119 | permissions = "0400"; | |
120 | text = builtins.toJSON { | |
121 | database = { | |
122 | host = secrets.mysql.host; | |
123 | port = secrets.mysql.port; | |
124 | name = secrets.mysql.database; | |
125 | user = secrets.mysql.user; | |
126 | password = secrets.mysql.password; | |
e34b3079 | 127 | version = config.myServices.databases.mariadb.package.mysqlVersion; |
965b61c2 IB |
128 | }; |
129 | admipassword = secrets.adminpassword; | |
130 | smtp = { | |
131 | host = secrets.smtp.host; | |
132 | port = secrets.smtp.port; | |
133 | email = secrets.smtp.email; | |
134 | password = secrets.smtp.password; | |
135 | }; | |
136 | secret = secrets.secret; | |
137 | }; | |
138 | }; | |
139 | ||
140 | # secrets.keys."websites/nicecoop/gestion-compte" = { | |
141 | # user = config.services.httpd.Prod.user; | |
142 | # group = config.services.httpd.Prod.group; | |
143 | # permissions = "0400"; | |
144 | # text = '' | |
145 | # # This file is auto-generated during the composer install | |
146 | # parameters: | |
147 | # database_host: ${secrets.mysql.host} | |
148 | # database_port: ${secrets.mysql.port} | |
149 | # database_name: ${secrets.mysql.database} | |
150 | # database_user: ${secrets.mysql.user} | |
151 | # database_password: ${secrets.mysql.password} | |
152 | # database_version: ${pkgs.mariadb.mysqlVersion} | |
153 | # super_admin.username: admin | |
154 | # super_admin.initial_password: ${secrets.adminpassword} | |
155 | # mailer_transport: smtp | |
156 | # mailer_host: ${secrets.smtp.host} | |
157 | # mailer_port: ${secrets.smtp.port} | |
158 | # mailer_user: ${secrets.smtp.email} | |
159 | # mailer_password: ${secrets.smtp.password} | |
160 | # mailer_encryption: tls | |
161 | # transactional_mailer_user: ${secrets.smtp.email} | |
162 | # transactional_mailer_user_name: 'espace membre' | |
163 | # emails.base_domain: tools.immae.eu | |
164 | # emails.contact: | |
165 | # from_name: 'Contact Nicecoop' | |
166 | # address: ${secrets.smtp.email} | |
167 | # emails.member: | |
168 | # from_name: 'Membres Nicecoop' | |
169 | # address: ${secrets.smtp.email} | |
170 | # emails.shift: | |
171 | # from_name: 'Créneaux Nicecoop' | |
172 | # address: ${secrets.smtp.email} | |
173 | # emails.formation: | |
174 | # from_name: 'Formation Nicecoop' | |
175 | # address: ${secrets.smtp.email} | |
176 | # emails.admin: | |
177 | # from_name: 'Admin Nicecoop' | |
178 | # address: ${secrets.smtp.email} | |
179 | # emails.noreply: | |
180 | # from_name: 'Ne pas répondre' | |
181 | # address: ${secrets.smtp.email} | |
182 | # emails.sendable: | |
183 | # - '%emails.contact%' | |
184 | # - '%emails.member%' | |
185 | # - '%emails.shift%' | |
186 | # - '%emails.formation%' | |
187 | # - '%emails.admin%' | |
188 | # - '%emails.noreply%' | |
189 | # shift_mailer_user: null | |
190 | # secret: ${secrets.secret} | |
191 | # router.request_context.host: membre.nicecoop.fr | |
192 | # router.request_context.scheme: https | |
193 | # router.request_context.base_url: null | |
194 | # site_name: 'Espace membre @ Nicecoop' | |
195 | # project_name: 'Nicecoop' | |
196 | # project_url: 'https://membre.nicecoop.fr/' | |
197 | # project_url_display: membre.nicecoop.fr | |
198 | # main_color: null | |
199 | # local_currency_name: 'monnaie locale' | |
200 | # place_local_ip_address: '127.0.0.1,192.168.0.x' | |
201 | # wiki_keys_url: null | |
202 | # registration_duration: '1 year' | |
203 | # registration_every_civil_year: false | |
204 | # helloasso_registration_campaign_url: 'https://www.helloasso.com/associations/my-local-coop/adhesions/re-adhesion' | |
205 | # helloasso_campaign_id: null | |
206 | # helloasso_api_key: null | |
207 | # helloasso_api_password: null | |
208 | # helloasso_api_base_url: 'https://api.helloasso.com/v3/' | |
209 | # due_duration_by_cycle: 180 | |
210 | # min_shift_duration: 90 | |
211 | # cycle_duration: '28 days' | |
212 | # maximum_nb_of_beneficiaries_in_membership: 2 | |
213 | # new_users_start_as_beginner: true | |
214 | # allow_extra_shifts: true | |
215 | # max_time_in_advance_to_book_extra_shifts: '3 days' | |
216 | # display_gauge: true | |
217 | # use_fly_and_fixed: false | |
218 | # time_after_which_members_are_late_with_shifts: -9 | |
219 | # reserve_new_shift_to_prior_shifter: true | |
220 | # forbid_shift_overlap_time: 30 | |
221 | # display_name_shifters: false | |
222 | # use_card_reader_to_validate_shifts: false | |
223 | # max_time_at_end_of_shift: 0 | |
224 | # swipe_card_logging: true | |
225 | # display_swipe_cards_settings: true | |
226 | # logging.mattermost.enabled: false | |
227 | # logging.mattermost.level: critical | |
228 | # logging.mattermost.url: 'http://mattermost.yourcoop.local' | |
229 | # logging.mattermost.channel: null | |
230 | # logging.swiftmailer.enabled: false | |
231 | # logging.swiftmailer.level: critical | |
232 | # logging.swiftmailer.recipient: null | |
233 | # code_generation_enabled: true | |
234 | # display_freeze_account: true | |
235 | # display_keys_shop: true | |
236 | # services: | |
237 | # swiftmailer.mailer.default.transport: | |
238 | # class: Swift_SendmailTransport | |
239 | # arguments: ['/run/wrappers/bin/sendmail -bs'] | |
240 | # ''; | |
241 | # }; | |
242 | ||
243 | services.websites.env.production.vhostConfs.nicecoop_gestion-compte = { | |
244 | certName = "nicecoop"; | |
245 | certMainHost = "membre.nicecoop.fr"; | |
246 | hosts = ["membre.nicecoop.fr"]; | |
247 | root = app.webRoot; | |
248 | extraConfig = [ | |
249 | '' | |
250 | <FilesMatch "\.php$"> | |
251 | SetHandler "proxy:unix:${config.services.phpfpm.pools.nicecoop_gestion-compte.socket}|fcgi://localhost" | |
252 | </FilesMatch> | |
253 | ||
254 | <Directory ${app.webRoot}> | |
255 | Options Indexes FollowSymLinks MultiViews Includes | |
256 | AllowOverride All | |
257 | Require all granted | |
258 | </Directory> | |
259 | '' | |
260 | ]; | |
261 | }; | |
262 | }; | |
263 | } |