]>
Commit | Line | Data |
---|---|---|
1 | { lib, pkgs, config, ... }: | |
2 | let | |
3 | secrets = config.myEnv.websites.ludivinecassal.integration; | |
4 | app = pkgs.webapps.ludivinecassal.override { environment = secrets.environment; }; | |
5 | cfg = config.myServices.websites.ludivinecassal.integration; | |
6 | pcfg = config.services.phpApplication; | |
7 | in { | |
8 | options.myServices.websites.ludivinecassal.integration.enable = lib.mkEnableOption "enable Ludivine's website in integration"; | |
9 | ||
10 | config = lib.mkIf cfg.enable { | |
11 | services.duplyBackup.profiles.ludivinecassal_dev.rootDir = app.varDir; | |
12 | services.phpApplication.apps.ludivinecassal_dev = { | |
13 | websiteEnv = "integration"; | |
14 | httpdUser = config.services.httpd.Inte.user; | |
15 | httpdGroup = config.services.httpd.Inte.group; | |
16 | inherit (app) webRoot varDir; | |
17 | varDirPaths = { | |
18 | "tmp" = "0700"; | |
19 | }; | |
20 | inherit app; | |
21 | serviceDeps = [ "mysql.service" ]; | |
22 | preStartActions = [ | |
23 | "./bin/console --env=${app.environment} cache:clear --no-warmup" | |
24 | ]; | |
25 | phpOpenbasedir = [ "/tmp" ]; | |
26 | phpPool = { | |
27 | "php_admin_value[upload_max_filesize]" = "20M"; | |
28 | "php_admin_value[post_max_size]" = "20M"; | |
29 | #"php_admin_flag[log_errors]" = "on"; | |
30 | "pm" = "ondemand"; | |
31 | "pm.max_children" = "5"; | |
32 | "pm.process_idle_timeout" = "60"; | |
33 | }; | |
34 | phpEnv = { | |
35 | SYMFONY_DEBUG_MODE = "yes"; | |
36 | }; | |
37 | phpWatchFiles = [ | |
38 | config.secrets.fullPaths."webapps/${app.environment}-ludivinecassal" | |
39 | ]; | |
40 | }; | |
41 | ||
42 | secrets.keys = [ | |
43 | { | |
44 | dest = "webapps/${app.environment}-ludivinecassal"; | |
45 | user = config.services.httpd.Inte.user; | |
46 | group = config.services.httpd.Inte.group; | |
47 | permissions = "0400"; | |
48 | text = '' | |
49 | # This file is auto-generated during the composer install | |
50 | parameters: | |
51 | database_host: ${secrets.mysql.host} | |
52 | database_port: ${secrets.mysql.port} | |
53 | database_name: ${secrets.mysql.database} | |
54 | database_user: ${secrets.mysql.user} | |
55 | database_password: ${secrets.mysql.password} | |
56 | database_server_version: ${pkgs.mariadb.mysqlVersion} | |
57 | mailer_transport: smtp | |
58 | mailer_host: 127.0.0.1 | |
59 | mailer_user: null | |
60 | mailer_password: null | |
61 | secret: ${secrets.secret} | |
62 | ldap_host: ldap.immae.eu | |
63 | ldap_port: 636 | |
64 | ldap_version: 3 | |
65 | ldap_ssl: true | |
66 | ldap_tls: false | |
67 | ldap_user_bind: 'uid={username},ou=users,dc=immae,dc=eu' | |
68 | ldap_base_dn: 'dc=immae,dc=eu' | |
69 | ldap_search_dn: '${secrets.ldap.dn}' | |
70 | ldap_search_password: '${secrets.ldap.password}' | |
71 | ldap_search_filter: '${secrets.ldap.filter}' | |
72 | leapt_im: | |
73 | binary_path: ${pkgs.imagemagick}/bin | |
74 | assetic: | |
75 | sass: ${pkgs.sass}/bin/sass | |
76 | ruby: ${pkgs.ruby}/bin/ruby | |
77 | ''; | |
78 | } | |
79 | ]; | |
80 | ||
81 | services.websites.env.integration.vhostConfs.ludivinecassal_dev = { | |
82 | certName = "integration"; | |
83 | addToCerts = true; | |
84 | hosts = [ "ludivine.immae.eu" ]; | |
85 | root = pcfg.webappDirs.ludivinecassal_dev; | |
86 | extraConfig = [ | |
87 | '' | |
88 | <FilesMatch "\.php$"> | |
89 | SetHandler "proxy:unix:${pcfg.phpListenPaths.ludivinecassal_dev}|fcgi://localhost" | |
90 | </FilesMatch> | |
91 | ||
92 | <Location /> | |
93 | Use LDAPConnect | |
94 | Require ldap-group cn=ludivine.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu | |
95 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://ludivinecassal.com\"></html>" | |
96 | </Location> | |
97 | ||
98 | <Directory ${pcfg.webappDirs.ludivinecassal_dev}> | |
99 | Options Indexes FollowSymLinks MultiViews Includes | |
100 | AllowOverride None | |
101 | Require all granted | |
102 | ||
103 | DirectoryIndex app_dev.php | |
104 | ||
105 | <IfModule mod_negotiation.c> | |
106 | Options -MultiViews | |
107 | </IfModule> | |
108 | ||
109 | <IfModule mod_rewrite.c> | |
110 | RewriteEngine On | |
111 | ||
112 | RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$ | |
113 | RewriteRule ^(.*) - [E=BASE:%1] | |
114 | ||
115 | # Maintenance script | |
116 | RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f | |
117 | RewriteCond %{SCRIPT_FILENAME} !maintenance.php | |
118 | RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L] | |
119 | ErrorDocument 503 /maintenance.php | |
120 | ||
121 | # Sets the HTTP_AUTHORIZATION header removed by Apache | |
122 | RewriteCond %{HTTP:Authorization} . | |
123 | RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] | |
124 | ||
125 | RewriteCond %{ENV:REDIRECT_STATUS} ^$ | |
126 | RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L] | |
127 | ||
128 | # If the requested filename exists, simply serve it. | |
129 | # We only want to let Apache serve files and not directories. | |
130 | RewriteCond %{REQUEST_FILENAME} -f | |
131 | RewriteRule ^ - [L] | |
132 | ||
133 | # Rewrite all other queries to the front controller. | |
134 | RewriteRule ^ %{ENV:BASE}/app_dev.php [L] | |
135 | </IfModule> | |
136 | ||
137 | </Directory> | |
138 | '' | |
139 | ]; | |
140 | }; | |
141 | }; | |
142 | } |