[perso/Immae/Config/Nix.git] / modules / private / websites / connexionswing / integration.nix

{ lib, pkgs, config,  ... }:
let
  secrets = config.myEnv.websites.connexionswing.integration;
  app = pkgs.webapps.connexionswing.override { environment = secrets.environment; };
  cfg = config.myServices.websites.connexionswing.integration;
  pcfg = config.services.phpApplication;
in {
  options.myServices.websites.connexionswing.integration.enable = lib.mkEnableOption "enable Connexionswing's website in integration";

  config = lib.mkIf cfg.enable {
    services.duplyBackup.profiles.connexionswing_dev.rootDir = app.varDir;
    services.phpApplication.apps.connexionswing_dev = {
      websiteEnv = "integration";
      httpdUser = config.services.httpd.Inte.user;
      httpdGroup = config.services.httpd.Inte.group;
      inherit (app) webRoot varDir;
      varDirPaths = {
        "medias" = "0700";
        "uploads" = "0700";
        "var" = "0700";
      };
      inherit app;
      serviceDeps = [ "mysql.service" ];
      preStartActions = [
        "./bin/console --env=${app.environment} cache:clear --no-warmup"
      ];
      phpOpenbasedir = [ "/tmp" "/run/wrappers/bin/sendmail" ];
      phpPool = ''
        php_admin_value[upload_max_filesize] = 20M
        php_admin_value[post_max_size] = 20M
        ;php_admin_flag[log_errors] = on
        pm = ondemand
        pm.max_children = 5
        pm.process_idle_timeout = 60
        env[SYMFONY_DEBUG_MODE] = "yes"
      '';
      phpWatchFiles = [
        config.secrets.fullPaths."webapps/${app.environment}-connexionswing"
      ];
    };

    secrets.keys = [
      {
        dest = "webapps/${app.environment}-connexionswing";
        user = config.services.httpd.Inte.user;
        group = config.services.httpd.Inte.group;
        permissions = "0400";
        text = ''
          # This file is auto-generated during the composer install
          parameters:
              database_host: ${secrets.mysql.host}
              database_port: ${secrets.mysql.port}
              database_name: ${secrets.mysql.database}
              database_user: ${secrets.mysql.user}
              database_password: ${secrets.mysql.password}
              database_server_version: ${pkgs.mariadb.mysqlVersion}
              mailer_transport: sendmail
              mailer_host: null
              mailer_user: null
              mailer_password: null
              subscription_email: ${secrets.email}
              allow_robots: true
              secret: ${secrets.secret}
        '';
      }
    ];

    services.websites.env.integration.vhostConfs.connexionswing_dev = {
      certName     = "eldiron";
      addToCerts  = true;
      hosts       = ["connexionswing.immae.eu" "sandetludo.immae.eu" ];
      root        = pcfg.webappDirs.connexionswing_dev;
      extraConfig = [
        ''
        <FilesMatch "\.php$">
          SetHandler "proxy:unix:${pcfg.phpListenPaths.connexionswing_dev}|fcgi://localhost"
        </FilesMatch>

        <Directory ${app.varDir}/medias>
          Options FollowSymLinks
          AllowOverride None
          Require all granted
        </Directory>

        <Directory ${app.varDir}/uploads>
          Options FollowSymLinks
          AllowOverride None
          Require all granted
        </Directory>

        <Location />
          Use LDAPConnect
          Require ldap-group   cn=connexionswing.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
          ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://connexionswing.com\"></html>"
        </Location>

        <Directory ${pcfg.webappDirs.connexionswing_dev}>
          Options Indexes FollowSymLinks MultiViews Includes
          AllowOverride None
          Require all granted

          DirectoryIndex app_dev.php

          <IfModule mod_negotiation.c>
          Options -MultiViews
          </IfModule>

          <IfModule mod_rewrite.c>
            RewriteEngine On

            RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
            RewriteRule ^(.*) - [E=BASE:%1]

            # Maintenance script
            RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f
            RewriteCond %{SCRIPT_FILENAME} !maintenance.php
            RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]
            ErrorDocument 503 /maintenance.php

            # Sets the HTTP_AUTHORIZATION header removed by Apache
            RewriteCond %{HTTP:Authorization} .
            RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

            RewriteCond %{ENV:REDIRECT_STATUS} ^$
            RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]

            # If the requested filename exists, simply serve it.
            # We only want to let Apache serve files and not directories.
            RewriteCond %{REQUEST_FILENAME} -f
            RewriteRule ^ - [L]

            # Rewrite all other queries to the front controller.
            RewriteRule ^ %{ENV:BASE}/app_dev.php [L]
          </IfModule>

        </Directory>
        ''
      ];
    };
  };
}
Commit	Line	Data
	1	{ lib, pkgs, config, ... }:
	2	let
	3	secrets = config.myEnv.websites.connexionswing.integration;
	4	app = pkgs.webapps.connexionswing.override { environment = secrets.environment; };
	5	cfg = config.myServices.websites.connexionswing.integration;
	6	pcfg = config.services.phpApplication;
	7	in {
	8	options.myServices.websites.connexionswing.integration.enable = lib.mkEnableOption "enable Connexionswing's website in integration";
	9
	10	config = lib.mkIf cfg.enable {
	11	services.duplyBackup.profiles.connexionswing_dev.rootDir = app.varDir;
	12	services.phpApplication.apps.connexionswing_dev = {
	13	websiteEnv = "integration";
	14	httpdUser = config.services.httpd.Inte.user;
	15	httpdGroup = config.services.httpd.Inte.group;
	16	inherit (app) webRoot varDir;
	17	varDirPaths = {
	18	"medias" = "0700";
	19	"uploads" = "0700";
	20	"var" = "0700";
	21	};
	22	inherit app;
	23	serviceDeps = [ "mysql.service" ];
	24	preStartActions = [
	25	"./bin/console --env=${app.environment} cache:clear --no-warmup"
	26	];
	27	phpOpenbasedir = [ "/tmp" "/run/wrappers/bin/sendmail" ];
	28	phpPool = ''
	29	php_admin_value[upload_max_filesize] = 20M
	30	php_admin_value[post_max_size] = 20M
	31	;php_admin_flag[log_errors] = on
	32	pm = ondemand
	33	pm.max_children = 5
	34	pm.process_idle_timeout = 60
	35	env[SYMFONY_DEBUG_MODE] = "yes"
	36	'';
	37	phpWatchFiles = [
	38	config.secrets.fullPaths."webapps/${app.environment}-connexionswing"
	39	];
	40	};
	41
	42	secrets.keys = [
	43	{
	44	dest = "webapps/${app.environment}-connexionswing";
	45	user = config.services.httpd.Inte.user;
	46	group = config.services.httpd.Inte.group;
	47	permissions = "0400";
	48	text = ''
	49	# This file is auto-generated during the composer install
	50	parameters:
	51	database_host: ${secrets.mysql.host}
	52	database_port: ${secrets.mysql.port}
	53	database_name: ${secrets.mysql.database}
	54	database_user: ${secrets.mysql.user}
	55	database_password: ${secrets.mysql.password}
	56	database_server_version: ${pkgs.mariadb.mysqlVersion}
	57	mailer_transport: sendmail
	58	mailer_host: null
	59	mailer_user: null
	60	mailer_password: null
	61	subscription_email: ${secrets.email}
	62	allow_robots: true
	63	secret: ${secrets.secret}
	64	'';
	65	}
	66	];
	67
	68	services.websites.env.integration.vhostConfs.connexionswing_dev = {
	69	certName = "eldiron";
	70	addToCerts = true;
	71	hosts = ["connexionswing.immae.eu" "sandetludo.immae.eu" ];
	72	root = pcfg.webappDirs.connexionswing_dev;
	73	extraConfig = [
	74	''
	75	<FilesMatch "\.php$">
	76	SetHandler "proxy:unix:${pcfg.phpListenPaths.connexionswing_dev}\|fcgi://localhost"
	77	</FilesMatch>
	78
	79	<Directory ${app.varDir}/medias>
	80	Options FollowSymLinks
	81	AllowOverride None
	82	Require all granted
	83	</Directory>
	84
	85	<Directory ${app.varDir}/uploads>
	86	Options FollowSymLinks
	87	AllowOverride None
	88	Require all granted
	89	</Directory>
	90
	91	<Location />
	92	Use LDAPConnect
	93	Require ldap-group cn=connexionswing.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
	94	ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://connexionswing.com\"></html>"
	95	</Location>
	96
	97	<Directory ${pcfg.webappDirs.connexionswing_dev}>
	98	Options Indexes FollowSymLinks MultiViews Includes
	99	AllowOverride None
	100	Require all granted
	101
	102	DirectoryIndex app_dev.php
	103
	104	<IfModule mod_negotiation.c>
	105	Options -MultiViews
	106	</IfModule>
	107
	108	<IfModule mod_rewrite.c>
	109	RewriteEngine On
	110
	111	RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
	112	RewriteRule ^(.*) - [E=BASE:%1]
	113
	114	# Maintenance script
	115	RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f
	116	RewriteCond %{SCRIPT_FILENAME} !maintenance.php
	117	RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]
	118	ErrorDocument 503 /maintenance.php
	119
	120	# Sets the HTTP_AUTHORIZATION header removed by Apache
	121	RewriteCond %{HTTP:Authorization} .
	122	RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
	123
	124	RewriteCond %{ENV:REDIRECT_STATUS} ^$
	125	RewriteRule ^app_dev\.php(?:/(.*)\|$) %{ENV:BASE}/$1 [R=301,L]
	126
	127	# If the requested filename exists, simply serve it.
	128	# We only want to let Apache serve files and not directories.
	129	RewriteCond %{REQUEST_FILENAME} -f
	130	RewriteRule ^ - [L]
	131
	132	# Rewrite all other queries to the front controller.
	133	RewriteRule ^ %{ENV:BASE}/app_dev.php [L]
	134	</IfModule>
	135
	136	</Directory>
	137	''
	138	];
	139	};
	140	};
	141	}