1 { lib, pkgs, config, myconfig, ... }:
3 secrets = myconfig.env.websites.aten.production;
4 app = pkgs.webapps.aten.override { environment = secrets.environment; };
5 cfg = config.myServices.websites.aten.production;
6 pcfg = config.services.phpApplication;
8 options.myServices.websites.aten.production.enable = lib.mkEnableOption "enable Aten's website in production";
10 config = lib.mkIf cfg.enable {
11 services.webstats.sites = [ { name = "aten.pro"; } ];
12 services.phpApplication.apps.aten_prod = {
13 websiteEnv = "production";
14 httpdUser = config.services.httpd.Prod.user;
15 httpdGroup = config.services.httpd.Prod.group;
17 config.secrets.fullPaths."webapps/${app.environment}-aten"
19 inherit (app) webRoot varDir;
21 serviceDeps = [ "postgresql.service" ];
23 "APP_ENV=${app.environment} ./bin/console --env=${app.environment} cache:clear --no-warmup"
25 phpOpenbasedir = [ "/tmp" ];
27 php_admin_value[upload_max_filesize] = 20M
28 php_admin_value[post_max_size] = 20M
29 ;php_admin_flag[log_errors] = on
33 pm.min_spare_servers = 1
34 pm.max_spare_servers = 3
39 dest = "webapps/${app.environment}-aten";
40 user = config.services.httpd.Prod.user;
41 group = config.services.httpd.Prod.user;
44 SetEnv APP_ENV "${app.environment}"
45 SetEnv APP_SECRET "${secrets.secret}"
46 SetEnv DATABASE_URL "${secrets.psql_url}"
49 services.websites.env.production.vhostConfs.aten_prod = {
51 certMainHost = "aten.pro";
52 hosts = [ "aten.pro" "www.aten.pro" ];
53 root = pcfg.webappDirs.aten_prod;
57 SetHandler "proxy:unix:${pcfg.phpListenPaths.aten_prod}|fcgi://localhost"
60 Include ${config.secrets.fullPaths."webapps/${app.environment}-aten"}
66 Require ldap-group cn=aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
67 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
70 <Directory ${pcfg.webappDirs.aten_prod}>
71 Options Indexes FollowSymLinks MultiViews Includes
74 DirectoryIndex index.php
75 FallbackResource /index.php