]>
Commit | Line | Data |
---|---|---|
1 | { lib, pkgs, config, ... }: | |
2 | let | |
3 | adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; }; | |
4 | secrets = config.myEnv.websites.tellesflorian.integration; | |
5 | app = pkgs.callPackage ./app { | |
6 | composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; | |
7 | environment = secrets.environment; | |
8 | varDir = "/var/lib/florian_app"; | |
9 | secretsPath = config.secrets.fullPaths."websites/florian/app"; | |
10 | }; | |
11 | cfg = config.myServices.websites.florian.app; | |
12 | pcfg = config.services.phpApplication; | |
13 | in { | |
14 | options.myServices.websites.florian.app.enable = lib.mkEnableOption "enable Florian's app in integration"; | |
15 | ||
16 | config = lib.mkIf cfg.enable { | |
17 | services.duplyBackup.profiles.florian_app.rootDir = app.varDir; | |
18 | services.phpApplication.apps.florian_app = { | |
19 | websiteEnv = "integration"; | |
20 | httpdUser = config.services.httpd.Inte.user; | |
21 | httpdGroup = config.services.httpd.Inte.group; | |
22 | inherit (app) webRoot varDir; | |
23 | varDirPaths = { | |
24 | "var" = "0700"; | |
25 | }; | |
26 | inherit app; | |
27 | serviceDeps = [ "mysql.service" ]; | |
28 | preStartActions = [ | |
29 | "./bin/console --env=${app.environment} cache:clear --no-warmup" | |
30 | ]; | |
31 | phpOpenbasedir = [ "/tmp" ]; | |
32 | phpPool = { | |
33 | "php_admin_value[upload_max_filesize]" = "20M"; | |
34 | "php_admin_value[post_max_size]" = "20M"; | |
35 | #"php_admin_flag[log_errors]" = "on"; | |
36 | "pm" = "ondemand"; | |
37 | "pm.max_children" = "5"; | |
38 | "pm.process_idle_timeout" = "60"; | |
39 | }; | |
40 | phpEnv = { | |
41 | SYMFONY_DEBUG_MODE = "\"yes\""; | |
42 | }; | |
43 | phpWatchFiles = [ | |
44 | config.secrets.fullPaths."websites/florian/app" | |
45 | ]; | |
46 | phpPackage = pkgs.php72; | |
47 | }; | |
48 | ||
49 | secrets.keys = [ | |
50 | { | |
51 | dest = "websites/florian/app_passwords"; | |
52 | user = config.services.httpd.Inte.user; | |
53 | group = config.services.httpd.Inte.group; | |
54 | permissions = "0400"; | |
55 | text = '' | |
56 | invite:${secrets.invite_passwords} | |
57 | ''; | |
58 | } | |
59 | { | |
60 | dest = "websites/florian/app"; | |
61 | user = config.services.httpd.Inte.user; | |
62 | group = config.services.httpd.Inte.group; | |
63 | permissions = "0400"; | |
64 | text = '' | |
65 | # This file is auto-generated during the composer install | |
66 | parameters: | |
67 | database_host: ${secrets.mysql.host} | |
68 | database_port: ${secrets.mysql.port} | |
69 | database_name: ${secrets.mysql.database} | |
70 | database_user: ${secrets.mysql.user} | |
71 | database_password: ${secrets.mysql.password} | |
72 | mailer_transport: smtp | |
73 | mailer_host: 127.0.0.1 | |
74 | mailer_user: null | |
75 | mailer_password: null | |
76 | secret: ${secrets.secret} | |
77 | ''; | |
78 | } | |
79 | ]; | |
80 | ||
81 | services.websites.env.integration.modules = adminer.apache.modules; | |
82 | services.websites.env.integration.vhostConfs.florian_app = { | |
83 | certName = "integration"; | |
84 | addToCerts = true; | |
85 | hosts = [ "app.tellesflorian.com" ]; | |
86 | root = pcfg.webappDirs.florian_app; | |
87 | extraConfig = [ | |
88 | '' | |
89 | <FilesMatch "\.php$"> | |
90 | SetHandler "proxy:unix:${pcfg.phpListenPaths.florian_app}|fcgi://localhost" | |
91 | </FilesMatch> | |
92 | ||
93 | <Location /> | |
94 | AuthBasicProvider file ldap | |
95 | Use LDAPConnect | |
96 | Require ldap-group cn=app.tellesflorian.com,cn=httpd,ou=services,dc=immae,dc=eu | |
97 | ||
98 | AuthUserFile "${config.secrets.fullPaths."websites/florian/app_passwords"}" | |
99 | Require user "invite" | |
100 | ||
101 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://tellesflorian.com\"></html>" | |
102 | </Location> | |
103 | ||
104 | <Directory ${pcfg.webappDirs.florian_app}> | |
105 | Options Indexes FollowSymLinks MultiViews Includes | |
106 | AllowOverride None | |
107 | Require all granted | |
108 | ||
109 | DirectoryIndex app_dev.php | |
110 | ||
111 | <IfModule mod_negotiation.c> | |
112 | Options -MultiViews | |
113 | </IfModule> | |
114 | ||
115 | <IfModule mod_rewrite.c> | |
116 | RewriteEngine On | |
117 | ||
118 | RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$ | |
119 | RewriteRule ^(.*) - [E=BASE:%1] | |
120 | ||
121 | # Maintenance script | |
122 | RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f | |
123 | RewriteCond %{SCRIPT_FILENAME} !maintenance.php | |
124 | RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L] | |
125 | ErrorDocument 503 /maintenance.php | |
126 | ||
127 | # Sets the HTTP_AUTHORIZATION header removed by Apache | |
128 | RewriteCond %{HTTP:Authorization} . | |
129 | RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] | |
130 | ||
131 | RewriteCond %{ENV:REDIRECT_STATUS} ^$ | |
132 | RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L] | |
133 | ||
134 | # If the requested filename exists, simply serve it. | |
135 | # We only want to let Apache serve files and not directories. | |
136 | RewriteCond %{REQUEST_FILENAME} -f | |
137 | RewriteRule ^ - [L] | |
138 | ||
139 | # Rewrite all other queries to the front controller. | |
140 | RewriteRule ^ %{ENV:BASE}/app_dev.php [L] | |
141 | </IfModule> | |
142 | ||
143 | </Directory> | |
144 | '' | |
145 | (adminer.apache.vhostConf null) | |
146 | ]; | |
147 | }; | |
148 | }; | |
149 | } |