]>
Commit | Line | Data |
---|---|---|
1 | { lib, pkgs, config, ... }: | |
2 | let | |
3 | secrets = config.myEnv.websites.chloe.new; | |
4 | cfg = config.myServices.websites.chloe.new; | |
5 | ftpRoot = "/var/lib/chloe_new"; | |
6 | webRoot = "${ftpRoot}/wordpress"; | |
7 | in { | |
8 | options.myServices.websites.chloe.new.enable = lib.mkEnableOption "enable Chloe's new website in integration"; | |
9 | ||
10 | config = lib.mkIf cfg.enable { | |
11 | services.phpfpm.pools.chloe_new_integration = { | |
12 | user = config.services.httpd.Inte.user; | |
13 | group = config.services.httpd.Inte.group; | |
14 | settings = { | |
15 | "listen.owner" = config.services.httpd.Inte.user; | |
16 | "listen.group" = config.services.httpd.Inte.group; | |
17 | "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [ | |
18 | webRoot | |
19 | "/tmp" | |
20 | ]; | |
21 | "php_admin_value[session.save_handler]" = "redis"; | |
22 | "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Chloe:NewIntegration:'"; | |
23 | "php_admin_value[upload_max_filesize]" = "20M"; | |
24 | "php_admin_value[post_max_size]" = "20M"; | |
25 | #"php_admin_flag[log_errors]" = "on"; | |
26 | "pm" = "ondemand"; | |
27 | "pm.max_children" = "5"; | |
28 | "pm.process_idle_timeout" = "60"; | |
29 | }; | |
30 | phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]); | |
31 | }; | |
32 | ||
33 | system.activationScripts.chloe_new_integration = { | |
34 | deps = ["users"]; | |
35 | text = '' | |
36 | install -m 0700 -o ${config.services.httpd.Inte.user} -g ${config.services.httpd.Inte.group} -d ${ftpRoot} | |
37 | ''; | |
38 | }; | |
39 | ||
40 | services.websites.env.integration.vhostConfs.chloe_new_integration = { | |
41 | certName = "integration"; | |
42 | addToCerts = true; | |
43 | hosts = [ "new.chc.immae.dev" ]; | |
44 | root = webRoot; | |
45 | extraConfig = [ | |
46 | '' | |
47 | <FilesMatch "\.php$"> | |
48 | SetHandler "proxy:unix:${config.services.phpfpm.pools.chloe_new_integration.socket}|fcgi://localhost" | |
49 | </FilesMatch> | |
50 | ||
51 | <Location /> | |
52 | Use LDAPConnect | |
53 | Require ldap-group cn=chc.immae.dev,cn=httpd,ou=services,dc=immae,dc=eu | |
54 | </Location> | |
55 | ||
56 | <Location /xmlrpc.php> | |
57 | AllowOverride None | |
58 | Require all denied | |
59 | </Location> | |
60 | <Directory ${webRoot}> | |
61 | DirectoryIndex index.php index.htm index.html | |
62 | Options Indexes FollowSymLinks MultiViews Includes | |
63 | AllowOverride all | |
64 | Require all granted | |
65 | </Directory> | |
66 | '' | |
67 | ]; | |
68 | }; | |
69 | }; | |
70 | } |