]>
Commit | Line | Data |
---|---|---|
1 | { lib, pkgs, config, ... }: | |
2 | let | |
3 | secrets = config.myEnv.websites.ludivine.integration; | |
4 | cfg = config.myServices.websites.ludivine.integration; | |
5 | pcfg = config.services.phpApplication; | |
6 | webRoot = "/var/lib/ftp/immae/ludivine/web"; | |
7 | in { | |
8 | options.myServices.websites.ludivine.integration.enable = lib.mkEnableOption "enable Ludivine's website in integration"; | |
9 | ||
10 | config = lib.mkIf cfg.enable { | |
11 | services.phpApplication.apps.ludivine_integration = { | |
12 | websiteEnv = "integration"; | |
13 | httpdUser = config.services.httpd.Inte.user; | |
14 | httpdGroup = config.services.httpd.Inte.group; | |
15 | inherit webRoot; | |
16 | varDir = "/var/lib/ftp/immae/ludivine_var"; | |
17 | app = "/var/lib/ftp/immae/ludivine"; | |
18 | varDirPaths = { | |
19 | "tmp" = "0700"; | |
20 | }; | |
21 | serviceDeps = [ "mysql.service" ]; | |
22 | preStartActions = [ | |
23 | "./bin/console --env=dev cache:clear --no-warmup" | |
24 | ]; | |
25 | phpOpenbasedir = [ "/tmp" ]; | |
26 | phpPool = { | |
27 | "php_admin_value[upload_max_filesize]" = "20M"; | |
28 | "php_admin_value[post_max_size]" = "20M"; | |
29 | #"php_admin_flag[log_errors]" = "on"; | |
30 | "pm" = "ondemand"; | |
31 | "pm.max_children" = "5"; | |
32 | "pm.process_idle_timeout" = "60"; | |
33 | }; | |
34 | phpEnv = { | |
35 | PATH = lib.makeBinPath [ | |
36 | # below ones don't need to be in the PATH but they’re used in | |
37 | # secrets | |
38 | pkgs.imagemagick pkgs.sass pkgs.ruby | |
39 | ]; | |
40 | SYMFONY_DEBUG_MODE = "\"yes\""; | |
41 | }; | |
42 | phpWatchFiles = [ | |
43 | config.secrets.fullPaths."websites/ludivine/integration" | |
44 | ]; | |
45 | phpPackage = pkgs.php72; | |
46 | }; | |
47 | ||
48 | secrets.keys."websites/ludivine/integration" = { | |
49 | user = config.services.httpd.Inte.user; | |
50 | group = config.services.httpd.Inte.group; | |
51 | permissions = "0400"; | |
52 | text = '' | |
53 | # This file is auto-generated during the composer install | |
54 | parameters: | |
55 | database_host: ${secrets.mysql.host} | |
56 | database_port: ${secrets.mysql.port} | |
57 | database_name: ${secrets.mysql.database} | |
58 | database_user: ${secrets.mysql.user} | |
59 | database_password: ${secrets.mysql.password} | |
60 | database_server_version: ${pkgs.mariadb.mysqlVersion} | |
61 | mailer_transport: smtp | |
62 | mailer_host: 127.0.0.1 | |
63 | mailer_user: null | |
64 | mailer_password: null | |
65 | secret: ${secrets.secret} | |
66 | ldap_host: ldap.immae.eu | |
67 | ldap_port: 636 | |
68 | ldap_version: 3 | |
69 | ldap_ssl: true | |
70 | ldap_tls: false | |
71 | ldap_user_bind: 'uid={username},ou=users,dc=immae,dc=eu' | |
72 | ldap_base_dn: 'dc=immae,dc=eu' | |
73 | ldap_search_dn: '${secrets.ldap.dn}' | |
74 | ldap_search_password: '${secrets.ldap.password}' | |
75 | ldap_search_filter: '${secrets.ldap.filter}' | |
76 | leapt_im: | |
77 | binary_path: ${pkgs.imagemagick}/bin | |
78 | assetic: | |
79 | sass: ${pkgs.sass}/bin/sass | |
80 | ruby: ${pkgs.ruby}/bin/ruby | |
81 | ''; | |
82 | }; | |
83 | ||
84 | services.websites.env.integration.vhostConfs.ludivine_integration = { | |
85 | certName = "integration"; | |
86 | addToCerts = true; | |
87 | hosts = [ "ludivine.immae.eu" ]; | |
88 | root = webRoot; | |
89 | extraConfig = [ | |
90 | '' | |
91 | <FilesMatch "\.php$"> | |
92 | SetHandler "proxy:unix:${pcfg.phpListenPaths.ludivine_integration}|fcgi://localhost" | |
93 | </FilesMatch> | |
94 | ||
95 | <Location /> | |
96 | Use LDAPConnect | |
97 | Require ldap-group cn=ludivine.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu | |
98 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://ludivinecassal.com\"></html>" | |
99 | </Location> | |
100 | ||
101 | <Directory ${webRoot}> | |
102 | Options Indexes FollowSymLinks MultiViews Includes | |
103 | AllowOverride None | |
104 | Require all granted | |
105 | ||
106 | DirectoryIndex app_dev.php | |
107 | ||
108 | <IfModule mod_negotiation.c> | |
109 | Options -MultiViews | |
110 | </IfModule> | |
111 | ||
112 | <IfModule mod_rewrite.c> | |
113 | RewriteEngine On | |
114 | ||
115 | RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$ | |
116 | RewriteRule ^(.*) - [E=BASE:%1] | |
117 | ||
118 | # Maintenance script | |
119 | RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f | |
120 | RewriteCond %{SCRIPT_FILENAME} !maintenance.php | |
121 | RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L] | |
122 | ErrorDocument 503 /maintenance.php | |
123 | ||
124 | # Sets the HTTP_AUTHORIZATION header removed by Apache | |
125 | RewriteCond %{HTTP:Authorization} . | |
126 | RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] | |
127 | ||
128 | RewriteCond %{ENV:REDIRECT_STATUS} ^$ | |
129 | RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L] | |
130 | ||
131 | # If the requested filename exists, simply serve it. | |
132 | # We only want to let Apache serve files and not directories. | |
133 | RewriteCond %{REQUEST_FILENAME} -f | |
134 | RewriteRule ^ - [L] | |
135 | ||
136 | # Rewrite all other queries to the front controller. | |
137 | RewriteRule ^ %{ENV:BASE}/app_dev.php [L] | |
138 | </IfModule> | |
139 | ||
140 | </Directory> | |
141 | '' | |
142 | ]; | |
143 | }; | |
144 | }; | |
145 | } |