]>
Commit | Line | Data |
---|---|---|
9d90e7e2 | 1 | { stdenv, lib, fetchzip, fetchurl, fetchedGitPrivate, sassc }: |
7d8b50d3 | 2 | let |
9d90e7e2 IB |
3 | chloe = { config }: rec { |
4 | environment = config.environment; | |
7d8b50d3 | 5 | phpFpm = rec { |
1b3154e4 | 6 | serviceDeps = [ "mysql.service" ]; |
7d8b50d3 | 7 | socket = "/var/run/phpfpm/chloe-${environment}.sock"; |
9d90e7e2 | 8 | pool = '' |
7d8b50d3 IB |
9 | listen = ${socket} |
10 | user = ${apache.user} | |
11 | group = ${apache.group} | |
12 | listen.owner = ${apache.user} | |
13 | listen.group = ${apache.group} | |
14 | php_admin_value[upload_max_filesize] = 20M | |
15 | php_admin_value[post_max_size] = 20M | |
16 | ;php_admin_flag[log_errors] = on | |
091ae734 | 17 | php_admin_value[open_basedir] = "${../commons/spip/spip_mes_options.php}:${configDir}:${webRoot}:${varDir}:/tmp" |
c8e019b6 | 18 | php_admin_value[session.save_path] = "${varDir}/phpSessions" |
7d8b50d3 IB |
19 | ${if environment == "dev" then '' |
20 | pm = ondemand | |
21 | pm.max_children = 5 | |
22 | pm.process_idle_timeout = 60 | |
23 | '' else '' | |
24 | pm = dynamic | |
25 | pm.max_children = 20 | |
26 | pm.start_servers = 2 | |
27 | pm.min_spare_servers = 1 | |
28 | pm.max_spare_servers = 3 | |
29 | ''}''; | |
30 | }; | |
1b3154e4 IB |
31 | keys = [{ |
32 | dest = "webapps/${environment}-chloe"; | |
906065a0 IB |
33 | user = apache.user; |
34 | group = apache.group; | |
35 | permissions = "0400"; | |
36 | text = '' | |
37 | SetEnv SPIP_CONFIG_DIR "${configDir}" | |
38 | SetEnv SPIP_VAR_DIR "${varDir}" | |
39 | SetEnv SPIP_SITE "chloe-${environment}" | |
40 | SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu" | |
41 | SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu" | |
42 | SetEnv SPIP_LDAP_SEARCH_DN "${config.ldap.dn}" | |
43 | SetEnv SPIP_LDAP_SEARCH_PW "${config.ldap.password}" | |
44 | SetEnv SPIP_LDAP_SEARCH "${config.ldap.search}" | |
45 | SetEnv SPIP_MYSQL_HOST "${config.mysql.host}" | |
46 | SetEnv SPIP_MYSQL_PORT "${config.mysql.port}" | |
47 | SetEnv SPIP_MYSQL_DB "${config.mysql.name}" | |
48 | SetEnv SPIP_MYSQL_USER "${config.mysql.user}" | |
49 | SetEnv SPIP_MYSQL_PASSWORD "${config.mysql.password}" | |
50 | ''; | |
1b3154e4 | 51 | }]; |
e5073add | 52 | apache = rec { |
7d8b50d3 IB |
53 | user = "wwwrun"; |
54 | group = "wwwrun"; | |
55 | modules = [ "proxy_fcgi" ]; | |
e5073add IB |
56 | webappName = "chloe_${environment}"; |
57 | root = "/run/current-system/webapps/${webappName}"; | |
7d8b50d3 | 58 | vhostConf = '' |
1b3154e4 | 59 | Include /var/secrets/webapps/${environment}-chloe |
906065a0 | 60 | |
7d8b50d3 IB |
61 | RewriteEngine On |
62 | ${if environment == "prod" then '' | |
63 | RewriteRule ^/news.rss /spip.php?page=backend&id_rubrique=1 | |
64 | '' else ""} | |
65 | ||
66 | <FilesMatch "\.php$"> | |
67 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | |
68 | </FilesMatch> | |
69 | ||
7da3ceec | 70 | <Directory ${root}> |
7d8b50d3 IB |
71 | DirectoryIndex index.php index.htm index.html |
72 | Options -Indexes +FollowSymLinks +MultiViews +Includes | |
7da3ceec | 73 | Include ${root}/htaccess.txt |
7d8b50d3 IB |
74 | |
75 | AllowOverride AuthConfig FileInfo Limit | |
76 | Require all granted | |
77 | </Directory> | |
78 | ||
7da3ceec | 79 | <DirectoryMatch "${root}/squelettes"> |
7d8b50d3 IB |
80 | Require all denied |
81 | </DirectoryMatch> | |
82 | ||
83 | <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$"> | |
84 | Require all denied | |
85 | </FilesMatch> | |
86 | ||
87 | ${if environment == "dev" then '' | |
88 | <Location /> | |
89 | Use LDAPConnect | |
90 | Require ldap-group cn=chloe.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu | |
91 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://osteopathe-cc.fr\"></html>" | |
92 | </Location> | |
6bd6d033 IB |
93 | '' else '' |
94 | Use Stats osteopathe-cc.fr | |
95 | ''} | |
7d8b50d3 IB |
96 | ''; |
97 | }; | |
98 | activationScript = { | |
99 | deps = [ "wrappers" ]; | |
100 | text = '' | |
07f2f340 | 101 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} ${varDir}/IMG ${varDir}/tmp ${varDir}/local |
c8e019b6 | 102 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions |
7d8b50d3 IB |
103 | ''; |
104 | }; | |
62a0946e | 105 | configDir = ./chloe_config_ + environment; |
7d8b50d3 IB |
106 | varDir = "/var/lib/chloe_${environment}"; |
107 | siteDir = stdenv.mkDerivation (fetchedGitPrivate ./chloe.json // rec { | |
108 | buildPhase = '' | |
109 | make | |
110 | ''; | |
111 | installPhase = '' | |
112 | cp -a . $out | |
113 | ''; | |
114 | buildInputs = [ sassc ]; | |
115 | }); | |
116 | webRoot = stdenv.mkDerivation rec { | |
07f2f340 | 117 | name = "chloe-${environment}-spip-${version}"; |
a718b966 | 118 | version = "3.2.3"; |
7d8b50d3 | 119 | src = fetchzip { |
a718b966 IB |
120 | url = "https://files.spip.net/spip/archives/SPIP-v${version}.zip"; |
121 | sha256 = "1r1mjvsnrp6mvkgjakvi3x4ms8m8k5mp93micbbg8r99fj7qlfkq"; | |
7d8b50d3 | 122 | }; |
091ae734 | 123 | paches = [ ../commons/spip/spip_ldap_patch.patch ]; |
7d8b50d3 IB |
124 | buildPhase = '' |
125 | rm -rf IMG local tmp config/remove.txt | |
091ae734 | 126 | ln -sf ${../commons/spip/spip_mes_options.php} config/mes_options.php |
7d8b50d3 | 127 | echo "Require all denied" > "config/.htaccess" |
3c8d7f87 | 128 | ln -sf ${varDir}/{IMG,local} . |
7d8b50d3 IB |
129 | ''; |
130 | installPhase = '' | |
131 | cp -a . $out | |
132 | cp -a ${siteDir}/* $out | |
133 | ''; | |
134 | }; | |
135 | }; | |
136 | in | |
137 | chloe |