]>
Commit | Line | Data |
---|---|---|
1 | { lib, pkgs, config, ... }: | |
2 | let | |
3 | secrets = config.myEnv.websites.nicecoop.gestion-compte; | |
4 | varDir = "/var/lib/nicecoop_gestion-compte/var"; | |
5 | parametersPath = "/var/lib/buildbot/outputs/nicecoop/gestion/production/parameters.yml"; | |
6 | app = pkgs.callPackage ./gestion-compte { | |
7 | inherit varDir; | |
8 | secretsPath = parametersPath; | |
9 | }; | |
10 | cfg = config.myServices.websites.nicecoop.gestion-compte; | |
11 | in { | |
12 | options.myServices.websites.nicecoop.gestion-compte.enable = lib.mkEnableOption "enable nicecoop's gestion-compte website"; | |
13 | ||
14 | config = lib.mkIf cfg.enable { | |
15 | services.phpfpm.pools.nicecoop_gestion-compte = { | |
16 | user = config.services.httpd.Prod.user; | |
17 | group = config.services.httpd.Prod.group; | |
18 | settings = { | |
19 | "listen.owner" = config.services.httpd.Prod.user; | |
20 | "listen.group" = config.services.httpd.Prod.group; | |
21 | "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [ | |
22 | app | |
23 | varDir | |
24 | parametersPath | |
25 | "/tmp" | |
26 | ]; | |
27 | "php_admin_value[upload_max_filesize]" = "20M"; | |
28 | "php_admin_value[post_max_size]" = "20M"; | |
29 | "php_admin_value[session.save_path]" = "${varDir}/phpSessions"; | |
30 | "pm" = "dynamic"; | |
31 | "pm.max_children" = "20"; | |
32 | "pm.start_servers" = "2"; | |
33 | "pm.min_spare_servers" = "1"; | |
34 | "pm.max_spare_servers" = "3"; | |
35 | }; | |
36 | }; | |
37 | system.extraSystemBuilderCmds = let | |
38 | tarball = pkgs.runCommand "production.tar.gz" {} '' | |
39 | tar -P --transform="s@${app}@production_app@" -czf $out ${app} | |
40 | ''; | |
41 | in '' | |
42 | mkdir -p $out/nicecoop/gestion | |
43 | ln -s ${tarball} $out/nicecoop/gestion/production.tar.gz | |
44 | ''; | |
45 | systemd.services.phpfpm-nicecoop_gestion-compte = { | |
46 | after = lib.mkAfter ["mysql.service"]; | |
47 | wants = ["mysql.service"]; | |
48 | preStart = lib.mkAfter '' | |
49 | /run/wrappers/bin/sudo chown wwwrun:wwwrun ${parametersPath} | |
50 | watchFilesChanged() { | |
51 | [ ! -f "${varDir}"/watchedFiles ] \ | |
52 | || ! sha512sum -c --status ${varDir}/watchedFiles | |
53 | } | |
54 | appDirChanged() { | |
55 | [ ! -f "${varDir}/currentWebappDir" -o \ | |
56 | "${app}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ] | |
57 | } | |
58 | updateWatchFiles() { | |
59 | sha512sum ${parametersPath} > ${varDir}/watchedFiles | |
60 | } | |
61 | ||
62 | if watchFilesChanged || appDirChanged; then | |
63 | pushd ${app} > /dev/null | |
64 | /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod cache:clear | |
65 | /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:database:create -n --if-not-exists | |
66 | /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate -n | |
67 | popd > /dev/null | |
68 | echo -n "${app}" > ${varDir}/currentWebappDir | |
69 | updateWatchFiles | |
70 | fi | |
71 | ''; | |
72 | }; | |
73 | ||
74 | services.cron = { | |
75 | systemCronJobs = let | |
76 | prefix = "${config.services.httpd.Prod.user} cd ${app} && ./bin/console --env=prod"; | |
77 | in [ | |
78 | '' | |
79 | # generate shifts in 27 days (same weekday as yesterday) | |
80 | 55 5 * * * ${prefix} app:shift:generate $(date -d "+27 days" +\%Y-\%m-\%d) | |
81 | ||
82 | # free pre-booked shifts | |
83 | 55 5 * * * ${prefix} app:shift:free $(date -d "+21 days" +\%Y-\%m-\%d) | |
84 | ||
85 | # send reminder 2 days before shift | |
86 | #0 6 * * * ${prefix} app:shift:reminder $(date -d "+2 days" +\%Y-\%m-\%d) | |
87 | ||
88 | # execute routine for cycle_end/cycle_start, everyday | |
89 | 5 6 * * * ${prefix} app:user:cycle_start | |
90 | ||
91 | # send alert on shifts booking (low) | |
92 | #0 10 * * * ${prefix} app:shift:send_alerts --emails creneaux@nicecoop.fr $(date -d "+2 days" +\%Y-\%m-\%d) 1 | |
93 | ||
94 | # send a reminder mail to the user who generate the last code but did not validate the change. | |
95 | #45 21 * * * ${prefix} app:code:verify_change --last_run 24 | |
96 | '' | |
97 | ]; | |
98 | }; | |
99 | ||
100 | system.activationScripts.nicecoop_gestion-compte = { | |
101 | deps = []; | |
102 | text = '' | |
103 | install -m 0700 -o wwwrun -g wwwrun -d ${varDir} ${varDir}/phpSessions ${varDir}/var | |
104 | ''; | |
105 | }; | |
106 | ||
107 | services.filesWatcher.phpfpm-nicecoop_gestion-compte = { | |
108 | restart = true; | |
109 | paths = [ | |
110 | parametersPath | |
111 | ]; | |
112 | }; | |
113 | ||
114 | secrets.keys."buildbot/nicecoop/production.yml" = { | |
115 | user = "buildbot"; | |
116 | group = "buildbot"; | |
117 | permissions = "0400"; | |
118 | text = builtins.toJSON { | |
119 | database = { | |
120 | host = secrets.mysql.host; | |
121 | port = secrets.mysql.port; | |
122 | name = secrets.mysql.database; | |
123 | user = secrets.mysql.user; | |
124 | password = secrets.mysql.password; | |
125 | version = pkgs.mariadb.mysqlVersion; | |
126 | }; | |
127 | admipassword = secrets.adminpassword; | |
128 | smtp = { | |
129 | host = secrets.smtp.host; | |
130 | port = secrets.smtp.port; | |
131 | email = secrets.smtp.email; | |
132 | password = secrets.smtp.password; | |
133 | }; | |
134 | secret = secrets.secret; | |
135 | }; | |
136 | }; | |
137 | ||
138 | # secrets.keys."websites/nicecoop/gestion-compte" = { | |
139 | # user = config.services.httpd.Prod.user; | |
140 | # group = config.services.httpd.Prod.group; | |
141 | # permissions = "0400"; | |
142 | # text = '' | |
143 | # # This file is auto-generated during the composer install | |
144 | # parameters: | |
145 | # database_host: ${secrets.mysql.host} | |
146 | # database_port: ${secrets.mysql.port} | |
147 | # database_name: ${secrets.mysql.database} | |
148 | # database_user: ${secrets.mysql.user} | |
149 | # database_password: ${secrets.mysql.password} | |
150 | # database_version: ${pkgs.mariadb.mysqlVersion} | |
151 | # super_admin.username: admin | |
152 | # super_admin.initial_password: ${secrets.adminpassword} | |
153 | # mailer_transport: smtp | |
154 | # mailer_host: ${secrets.smtp.host} | |
155 | # mailer_port: ${secrets.smtp.port} | |
156 | # mailer_user: ${secrets.smtp.email} | |
157 | # mailer_password: ${secrets.smtp.password} | |
158 | # mailer_encryption: tls | |
159 | # transactional_mailer_user: ${secrets.smtp.email} | |
160 | # transactional_mailer_user_name: 'espace membre' | |
161 | # emails.base_domain: tools.immae.eu | |
162 | # emails.contact: | |
163 | # from_name: 'Contact Nicecoop' | |
164 | # address: ${secrets.smtp.email} | |
165 | # emails.member: | |
166 | # from_name: 'Membres Nicecoop' | |
167 | # address: ${secrets.smtp.email} | |
168 | # emails.shift: | |
169 | # from_name: 'Créneaux Nicecoop' | |
170 | # address: ${secrets.smtp.email} | |
171 | # emails.formation: | |
172 | # from_name: 'Formation Nicecoop' | |
173 | # address: ${secrets.smtp.email} | |
174 | # emails.admin: | |
175 | # from_name: 'Admin Nicecoop' | |
176 | # address: ${secrets.smtp.email} | |
177 | # emails.noreply: | |
178 | # from_name: 'Ne pas répondre' | |
179 | # address: ${secrets.smtp.email} | |
180 | # emails.sendable: | |
181 | # - '%emails.contact%' | |
182 | # - '%emails.member%' | |
183 | # - '%emails.shift%' | |
184 | # - '%emails.formation%' | |
185 | # - '%emails.admin%' | |
186 | # - '%emails.noreply%' | |
187 | # shift_mailer_user: null | |
188 | # secret: ${secrets.secret} | |
189 | # router.request_context.host: membre.nicecoop.fr | |
190 | # router.request_context.scheme: https | |
191 | # router.request_context.base_url: null | |
192 | # site_name: 'Espace membre @ Nicecoop' | |
193 | # project_name: 'Nicecoop' | |
194 | # project_url: 'https://membre.nicecoop.fr/' | |
195 | # project_url_display: membre.nicecoop.fr | |
196 | # main_color: null | |
197 | # local_currency_name: 'monnaie locale' | |
198 | # place_local_ip_address: '127.0.0.1,192.168.0.x' | |
199 | # wiki_keys_url: null | |
200 | # registration_duration: '1 year' | |
201 | # registration_every_civil_year: false | |
202 | # helloasso_registration_campaign_url: 'https://www.helloasso.com/associations/my-local-coop/adhesions/re-adhesion' | |
203 | # helloasso_campaign_id: null | |
204 | # helloasso_api_key: null | |
205 | # helloasso_api_password: null | |
206 | # helloasso_api_base_url: 'https://api.helloasso.com/v3/' | |
207 | # due_duration_by_cycle: 180 | |
208 | # min_shift_duration: 90 | |
209 | # cycle_duration: '28 days' | |
210 | # maximum_nb_of_beneficiaries_in_membership: 2 | |
211 | # new_users_start_as_beginner: true | |
212 | # allow_extra_shifts: true | |
213 | # max_time_in_advance_to_book_extra_shifts: '3 days' | |
214 | # display_gauge: true | |
215 | # use_fly_and_fixed: false | |
216 | # time_after_which_members_are_late_with_shifts: -9 | |
217 | # reserve_new_shift_to_prior_shifter: true | |
218 | # forbid_shift_overlap_time: 30 | |
219 | # display_name_shifters: false | |
220 | # use_card_reader_to_validate_shifts: false | |
221 | # max_time_at_end_of_shift: 0 | |
222 | # swipe_card_logging: true | |
223 | # display_swipe_cards_settings: true | |
224 | # logging.mattermost.enabled: false | |
225 | # logging.mattermost.level: critical | |
226 | # logging.mattermost.url: 'http://mattermost.yourcoop.local' | |
227 | # logging.mattermost.channel: null | |
228 | # logging.swiftmailer.enabled: false | |
229 | # logging.swiftmailer.level: critical | |
230 | # logging.swiftmailer.recipient: null | |
231 | # code_generation_enabled: true | |
232 | # display_freeze_account: true | |
233 | # display_keys_shop: true | |
234 | # services: | |
235 | # swiftmailer.mailer.default.transport: | |
236 | # class: Swift_SendmailTransport | |
237 | # arguments: ['/run/wrappers/bin/sendmail -bs'] | |
238 | # ''; | |
239 | # }; | |
240 | ||
241 | services.websites.env.production.vhostConfs.nicecoop_gestion-compte = { | |
242 | certName = "nicecoop"; | |
243 | certMainHost = "membre.nicecoop.fr"; | |
244 | hosts = ["membre.nicecoop.fr"]; | |
245 | root = app.webRoot; | |
246 | extraConfig = [ | |
247 | '' | |
248 | <FilesMatch "\.php$"> | |
249 | SetHandler "proxy:unix:${config.services.phpfpm.pools.nicecoop_gestion-compte.socket}|fcgi://localhost" | |
250 | </FilesMatch> | |
251 | ||
252 | <Directory ${app.webRoot}> | |
253 | Options Indexes FollowSymLinks MultiViews Includes | |
254 | AllowOverride All | |
255 | Require all granted | |
256 | </Directory> | |
257 | '' | |
258 | ]; | |
259 | }; | |
260 | }; | |
261 | } |