modules/private/websites/christophe_carpentier/agorakit.nix

   1 { lib, pkgs, config,  ... }:
   2 let
   3   cfg = config.myServices.websites.christophe_carpentier.agorakit;
   4   env = config.myEnv.websites.christophe_carpentier.agorakit;
   5   varDir = "/var/lib/christophe_carpentier_agorakit";
   6   secretsPath = config.secrets.fullPaths."websites/christophe_carpentier/env";
   7   app = pkgs.callPackage ./agorakit { inherit varDir secretsPath; };
   8   apacheUser = config.services.httpd.Prod.user;
   9   apacheGroup = config.services.httpd.Prod.group;
  10 in {
  11   options.myServices.websites.christophe_carpentier.agorakit.enable = lib.mkEnableOption "enable Christophe Carpentier's Agorakit";
  12
  13   config = lib.mkIf cfg.enable {
  14     secrets.keys."websites/christophe_carpentier/env" = {
  15       user = config.services.httpd.Prod.user;
  16       group = config.services.httpd.Prod.group;
  17       permissions = "0400";
  18       text = ''
  19         APP_ENV=production
  20         APP_DEBUG=false
  21         APP_KEY=${env.appkey}
  22         APP_NAME='Agorakit'
  23         APP_URL=https://agorakit.artisansdunous.fr
  24         APP_LOG=daily
  25         APP_DEFAULT_LOCALE=fr
  26
  27         DB_HOST=${env.mysql.host}
  28         DB_DATABASE=${env.mysql.database}
  29         DB_USERNAME=${env.mysql.user}
  30         DB_PASSWORD=${env.mysql.password}
  31
  32         CACHE_DRIVER=file
  33         SESSION_DRIVER=file
  34         QUEUE_DRIVER=sync
  35
  36         MAIL_DRIVER=smtp
  37         MAIL_HOST=${env.smtp.host}
  38         MAIL_PORT=${env.smtp.port}
  39         MAIL_USERNAME=${env.smtp.email}
  40         MAIL_PASSWORD=${env.smtp.password}
  41         MAIL_ENCRYPTION=tls
  42
  43         MAIL_FROM=${env.smtp.email}
  44         MAIL_FROM_NAME=Agorakit
  45         MAIL_NOREPLY=${env.smtp.email}
  46
  47         # OVH doesn't allow it
  48         INBOX_DRIVER=null
  49         #INBOX_HOST=${env.smtp.host}
  50         INBOX_USERNAME=${env.smtp.email}
  51         INBOX_PASSWORD=${env.smtp.password}
  52         INBOX_PREFIX=${builtins.elemAt (builtins.split "@" env.smtp.email) 0}+
  53         INBOX_SUFFIX=@${builtins.elemAt (builtins.split "@" env.smtp.email) 2}
  54
  55         TWITTER_ID=null
  56         TWITTER_SECRET=null
  57         TWITTER_URL=null
  58
  59         FACEBOOK_ID=null
  60         FACEBOOK_SECRET=null
  61         FACEBOOK_URL=null
  62
  63         GOOGLE_ID=null
  64         GOOGLE_SECRET=null
  65         GOOGLE_URL=null
  66
  67         GITHUB_ID=null
  68         GITHUB_SECRET=null
  69         GITHUB_URL=null
  70
  71         MAX_FILE_SIZE=100000
  72       '';
  73     };
  74
  75     systemd.services.phpfpm-christophe_carpentier_agorakit.preStart = ''
  76       if [ ! -e ${varDir}/.filled ]; then
  77         cp -r ${app}/oldvars/* ${varDir}
  78         chmod -R u+w ${varDir}
  79         chown -R ${config.services.httpd.Prod.user}:${config.services.httpd.Prod.group} ${varDir}
  80         touch ${varDir}/.filled
  81       fi
  82     '';
  83     services.phpApplication.apps.christophe_carpentier_agorakit = {
  84       websiteEnv = "production";
  85       httpdUser = config.services.httpd.Prod.user;
  86       httpdGroup = config.services.httpd.Prod.group;
  87       inherit (app) varDir;
  88       inherit app;
  89       serviceDeps = [ "mysql.service" ];
  90       phpOpenbasedir = [ "/tmp" secretsPath ];
  91       phpPackage = pkgs.php74.withExtensions ({ enabled, all }: enabled ++ [all.redis]);
  92       phpPool = {
  93         "php_admin_value[upload_max_filesize]" = "100M";
  94         "php_admin_value[post_max_size]" = "100M";
  95         "pm" = "dynamic";
  96         "pm.max_children" = "20";
  97         "pm.start_servers" = "2";
  98         "pm.min_spare_servers" = "1";
  99         "pm.max_spare_servers" = "3";
 100         "php_admin_value[session.save_handler]" = "redis";
 101         "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=ChristopheCarpentier:agorakit:'";
 102       };
 103
 104     };
 105
 106     services.cron = {
 107       systemCronJobs =  [
 108         ''
 109           */5 * * * * ${apacheUser} cd ${app} && ${pkgs.php74}/bin/php artisan schedule:run >/dev/null 2>/dev/null
 110         ''
 111       ];
 112     };
 113
 114     services.websites.env.production.vhostConfs.christophe_agorakit = {
 115       certName    = "christophe_carpentier";
 116       certMainHost = "agorakit.artisansdunous.fr";
 117       hosts       = [ "agorakit.artisansdunous.fr" ];
 118       root        = "${app}/public";
 119       extraConfig = [
 120         ''
 121         <FilesMatch "\.php$">
 122           SetHandler "proxy:unix:${config.services.phpfpm.pools.christophe_carpentier_agorakit.socket}|fcgi://localhost"
 123         </FilesMatch>
 124
 125         <Directory ${app}/public>
 126           DirectoryIndex index.php index.htm index.html
 127           Options Indexes FollowSymLinks MultiViews Includes
 128           AllowOverride All
 129           Require all granted
 130         </Directory>
 131           ''
 132       ];
 133     };
 134   };
 135 }
 136