]>
Commit | Line | Data |
---|---|---|
1 | { lib, pkgs, config, myconfig, ... }: | |
2 | let | |
3 | secrets = myconfig.env.websites.ludivinecassal.integration; | |
4 | app = pkgs.webapps.ludivinecassal.override { environment = secrets.environment; }; | |
5 | cfg = config.myServices.websites.ludivinecassal.integration; | |
6 | pcfg = config.services.phpApplication; | |
7 | in { | |
8 | options.myServices.websites.ludivinecassal.integration.enable = lib.mkEnableOption "enable Ludivine's website in integration"; | |
9 | ||
10 | config = lib.mkIf cfg.enable { | |
11 | services.duplyBackup.profiles.ludivinecassal_dev.rootDir = app.varDir; | |
12 | services.phpApplication.apps.ludivinecassal_dev = { | |
13 | websiteEnv = "integration"; | |
14 | httpdUser = config.services.httpd.Inte.user; | |
15 | httpdGroup = config.services.httpd.Inte.group; | |
16 | inherit (app) webRoot varDir; | |
17 | varDirPaths = { | |
18 | "tmp" = "0700"; | |
19 | }; | |
20 | inherit app; | |
21 | serviceDeps = [ "mysql.service" ]; | |
22 | preStartActions = [ | |
23 | "./bin/console --env=${app.environment} cache:clear --no-warmup" | |
24 | ]; | |
25 | phpOpenbasedir = [ "/tmp" ]; | |
26 | phpPool = '' | |
27 | php_admin_value[upload_max_filesize] = 20M | |
28 | php_admin_value[post_max_size] = 20M | |
29 | ;php_admin_flag[log_errors] = on | |
30 | pm = ondemand | |
31 | pm.max_children = 5 | |
32 | pm.process_idle_timeout = 60 | |
33 | env[SYMFONY_DEBUG_MODE] = "yes" | |
34 | ''; | |
35 | phpWatchFiles = [ | |
36 | config.secrets.fullPaths."webapps/${app.environment}-ludivinecassal" | |
37 | ]; | |
38 | }; | |
39 | ||
40 | secrets.keys = [ | |
41 | { | |
42 | dest = "webapps/${app.environment}-ludivinecassal"; | |
43 | user = config.services.httpd.Inte.user; | |
44 | group = config.services.httpd.Inte.group; | |
45 | permissions = "0400"; | |
46 | text = '' | |
47 | # This file is auto-generated during the composer install | |
48 | parameters: | |
49 | database_host: ${secrets.mysql.host} | |
50 | database_port: ${secrets.mysql.port} | |
51 | database_name: ${secrets.mysql.name} | |
52 | database_user: ${secrets.mysql.user} | |
53 | database_password: ${secrets.mysql.password} | |
54 | database_server_version: ${pkgs.mariadb.mysqlVersion} | |
55 | mailer_transport: smtp | |
56 | mailer_host: 127.0.0.1 | |
57 | mailer_user: null | |
58 | mailer_password: null | |
59 | secret: ${secrets.secret} | |
60 | ldap_host: ldap.immae.eu | |
61 | ldap_port: 636 | |
62 | ldap_version: 3 | |
63 | ldap_ssl: true | |
64 | ldap_tls: false | |
65 | ldap_user_bind: 'uid={username},ou=users,dc=immae,dc=eu' | |
66 | ldap_base_dn: 'dc=immae,dc=eu' | |
67 | ldap_search_dn: '${secrets.ldap.dn}' | |
68 | ldap_search_password: '${secrets.ldap.password}' | |
69 | ldap_search_filter: '${secrets.ldap.search}' | |
70 | leapt_im: | |
71 | binary_path: ${pkgs.imagemagick}/bin | |
72 | assetic: | |
73 | sass: ${pkgs.sass}/bin/sass | |
74 | ruby: ${pkgs.ruby}/bin/ruby | |
75 | ''; | |
76 | } | |
77 | ]; | |
78 | ||
79 | services.websites.env.integration.vhostConfs.ludivinecassal_dev = { | |
80 | certName = "eldiron"; | |
81 | addToCerts = true; | |
82 | hosts = [ "ludivine.immae.eu" ]; | |
83 | root = pcfg.webappDirs.ludivinecassal_dev; | |
84 | extraConfig = [ | |
85 | '' | |
86 | <FilesMatch "\.php$"> | |
87 | SetHandler "proxy:unix:${pcfg.phpListenPaths.ludivinecassal_dev}|fcgi://localhost" | |
88 | </FilesMatch> | |
89 | ||
90 | <Location /> | |
91 | Use LDAPConnect | |
92 | Require ldap-group cn=ludivine.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu | |
93 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://ludivinecassal.com\"></html>" | |
94 | </Location> | |
95 | ||
96 | <Directory ${pcfg.webappDirs.ludivinecassal_dev}> | |
97 | Options Indexes FollowSymLinks MultiViews Includes | |
98 | AllowOverride None | |
99 | Require all granted | |
100 | ||
101 | DirectoryIndex app_dev.php | |
102 | ||
103 | <IfModule mod_negotiation.c> | |
104 | Options -MultiViews | |
105 | </IfModule> | |
106 | ||
107 | <IfModule mod_rewrite.c> | |
108 | RewriteEngine On | |
109 | ||
110 | RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$ | |
111 | RewriteRule ^(.*) - [E=BASE:%1] | |
112 | ||
113 | # Maintenance script | |
114 | RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f | |
115 | RewriteCond %{SCRIPT_FILENAME} !maintenance.php | |
116 | RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L] | |
117 | ErrorDocument 503 /maintenance.php | |
118 | ||
119 | # Sets the HTTP_AUTHORIZATION header removed by Apache | |
120 | RewriteCond %{HTTP:Authorization} . | |
121 | RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] | |
122 | ||
123 | RewriteCond %{ENV:REDIRECT_STATUS} ^$ | |
124 | RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L] | |
125 | ||
126 | # If the requested filename exists, simply serve it. | |
127 | # We only want to let Apache serve files and not directories. | |
128 | RewriteCond %{REQUEST_FILENAME} -f | |
129 | RewriteRule ^ - [L] | |
130 | ||
131 | # Rewrite all other queries to the front controller. | |
132 | RewriteRule ^ %{ENV:BASE}/app_dev.php [L] | |
133 | </IfModule> | |
134 | ||
135 | </Directory> | |
136 | '' | |
137 | ]; | |
138 | }; | |
139 | }; | |
140 | } |