]>
Commit | Line | Data |
---|---|---|
1 | { lib, pkgs, config, ... }: | |
2 | let | |
3 | adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; }; | |
4 | secrets = config.myEnv.websites.tellesflorian.integration; | |
5 | webRoot = "/var/lib/ftp/immae/florian/web"; | |
6 | cfg = config.myServices.websites.florian.app; | |
7 | pcfg = config.services.phpApplication; | |
8 | in { | |
9 | options.myServices.websites.florian.app.enable = lib.mkEnableOption "enable Florian's app in integration"; | |
10 | ||
11 | config = lib.mkIf cfg.enable { | |
12 | services.duplyBackup.profiles.florian_app.rootDir = app.varDir; | |
13 | services.phpApplication.apps.florian_app = { | |
14 | websiteEnv = "integration"; | |
15 | httpdUser = config.services.httpd.Inte.user; | |
16 | httpdGroup = config.services.httpd.Inte.group; | |
17 | inherit webRoot; | |
18 | varDir = "/var/lib/ftp/immae/florian_var"; | |
19 | varDirPaths = { | |
20 | "var" = "0700"; | |
21 | }; | |
22 | app = "/var/lib/ftp/immae/florian"; | |
23 | serviceDeps = [ "mysql.service" ]; | |
24 | preStartActions = [ | |
25 | "./bin/console --env=dev cache:clear --no-warmup" | |
26 | ]; | |
27 | phpOpenbasedir = [ "/tmp" ]; | |
28 | phpPool = { | |
29 | "php_admin_value[upload_max_filesize]" = "20M"; | |
30 | "php_admin_value[post_max_size]" = "20M"; | |
31 | #"php_admin_flag[log_errors]" = "on"; | |
32 | "pm" = "ondemand"; | |
33 | "pm.max_children" = "5"; | |
34 | "pm.process_idle_timeout" = "60"; | |
35 | }; | |
36 | phpEnv = { | |
37 | SYMFONY_DEBUG_MODE = "\"yes\""; | |
38 | }; | |
39 | phpWatchFiles = [ | |
40 | config.secrets.fullPaths."websites/florian/app" | |
41 | ]; | |
42 | phpPackage = pkgs.php72; | |
43 | }; | |
44 | ||
45 | secrets.keys = { | |
46 | "websites/florian/app_passwords" = { | |
47 | user = config.services.httpd.Inte.user; | |
48 | group = config.services.httpd.Inte.group; | |
49 | permissions = "0400"; | |
50 | text = '' | |
51 | invite:${secrets.invite_passwords} | |
52 | ''; | |
53 | }; | |
54 | "websites/florian/app" = { | |
55 | user = config.services.httpd.Inte.user; | |
56 | group = config.services.httpd.Inte.group; | |
57 | permissions = "0400"; | |
58 | text = '' | |
59 | # This file is auto-generated during the composer install | |
60 | parameters: | |
61 | database_host: ${secrets.mysql.host} | |
62 | database_port: ${secrets.mysql.port} | |
63 | database_name: ${secrets.mysql.database} | |
64 | database_user: ${secrets.mysql.user} | |
65 | database_password: ${secrets.mysql.password} | |
66 | mailer_transport: smtp | |
67 | mailer_host: 127.0.0.1 | |
68 | mailer_user: null | |
69 | mailer_password: null | |
70 | secret: ${secrets.secret} | |
71 | ''; | |
72 | }; | |
73 | }; | |
74 | ||
75 | services.websites.env.integration.modules = adminer.apache.modules; | |
76 | services.websites.env.integration.vhostConfs.florian_app = { | |
77 | certName = "integration"; | |
78 | addToCerts = true; | |
79 | hosts = [ "app.tellesflorian.com" ]; | |
80 | root = webRoot; | |
81 | extraConfig = [ | |
82 | '' | |
83 | <FilesMatch "\.php$"> | |
84 | SetHandler "proxy:unix:${pcfg.phpListenPaths.florian_app}|fcgi://localhost" | |
85 | </FilesMatch> | |
86 | ||
87 | <Location /> | |
88 | AuthBasicProvider file ldap | |
89 | Use LDAPConnect | |
90 | Require ldap-group cn=app.tellesflorian.com,cn=httpd,ou=services,dc=immae,dc=eu | |
91 | ||
92 | AuthUserFile "${config.secrets.fullPaths."websites/florian/app_passwords"}" | |
93 | Require user "invite" | |
94 | ||
95 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://tellesflorian.com\"></html>" | |
96 | </Location> | |
97 | ||
98 | <Directory ${webRoot}> | |
99 | Options Indexes FollowSymLinks MultiViews Includes | |
100 | AllowOverride None | |
101 | Require all granted | |
102 | ||
103 | DirectoryIndex app_dev.php | |
104 | ||
105 | <IfModule mod_negotiation.c> | |
106 | Options -MultiViews | |
107 | </IfModule> | |
108 | ||
109 | <IfModule mod_rewrite.c> | |
110 | RewriteEngine On | |
111 | ||
112 | RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$ | |
113 | RewriteRule ^(.*) - [E=BASE:%1] | |
114 | ||
115 | # Maintenance script | |
116 | RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f | |
117 | RewriteCond %{SCRIPT_FILENAME} !maintenance.php | |
118 | RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L] | |
119 | ErrorDocument 503 /maintenance.php | |
120 | ||
121 | # Sets the HTTP_AUTHORIZATION header removed by Apache | |
122 | RewriteCond %{HTTP:Authorization} . | |
123 | RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] | |
124 | ||
125 | RewriteCond %{ENV:REDIRECT_STATUS} ^$ | |
126 | RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L] | |
127 | ||
128 | # If the requested filename exists, simply serve it. | |
129 | # We only want to let Apache serve files and not directories. | |
130 | RewriteCond %{REQUEST_FILENAME} -f | |
131 | RewriteRule ^ - [L] | |
132 | ||
133 | # Rewrite all other queries to the front controller. | |
134 | RewriteRule ^ %{ENV:BASE}/app_dev.php [L] | |
135 | </IfModule> | |
136 | ||
137 | </Directory> | |
138 | '' | |
139 | (adminer.apache.vhostConf null) | |
140 | ]; | |
141 | }; | |
142 | }; | |
143 | } |