1 { lib, pkgs, config, ... }:
3 cfg = config.myServices.websites.christophe_carpentier.agorakit;
4 env = config.myEnv.websites.christophe_carpentier.agorakit;
5 varDir = "/var/lib/christophe_carpentier_agorakit";
6 secretsPath = config.secrets.fullPaths."websites/christophe_carpentier/env";
7 app = pkgs.callPackage ./agorakit { inherit varDir secretsPath; };
8 apacheUser = config.services.httpd.Prod.user;
9 apacheGroup = config.services.httpd.Prod.group;
11 options.myServices.websites.christophe_carpentier.agorakit.enable = lib.mkEnableOption "enable Christophe Carpentier's Agorakit";
13 config = lib.mkIf cfg.enable {
14 secrets.keys."websites/christophe_carpentier/env" = {
15 user = config.services.httpd.Prod.user;
16 group = config.services.httpd.Prod.group;
23 APP_URL=https://agorakit.artisansdunous.fr
27 DB_HOST=${env.mysql.host}
28 DB_DATABASE=${env.mysql.database}
29 DB_USERNAME=${env.mysql.user}
30 DB_PASSWORD=${env.mysql.password}
37 MAIL_HOST=${env.smtp.host}
38 MAIL_PORT=${env.smtp.port}
39 MAIL_USERNAME=${env.smtp.email}
40 MAIL_PASSWORD=${env.smtp.password}
43 MAIL_FROM=${env.smtp.email}
44 MAIL_FROM_NAME=Agorakit
45 MAIL_NOREPLY=${env.smtp.email}
47 # OVH doesn't allow it
49 #INBOX_HOST=${env.smtp.host}
50 INBOX_USERNAME=${env.smtp.email}
51 INBOX_PASSWORD=${env.smtp.password}
52 INBOX_PREFIX=${builtins.elemAt (builtins.split "@" env.smtp.email) 0}+
53 INBOX_SUFFIX=@${builtins.elemAt (builtins.split "@" env.smtp.email) 2}
75 services.phpfpm.pools.christophe_carpentier_agorakit = {
76 user = config.services.httpd.Prod.user;
77 group = config.services.httpd.Prod.group;
79 "listen.owner" = config.services.httpd.Prod.user;
80 "listen.group" = config.services.httpd.Prod.group;
81 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [app app.varDir "/tmp" secretsPath];
82 "php_admin_value[upload_max_filesize]" = "100M";
83 "php_admin_value[post_max_size]" = "100M";
85 "pm.max_children" = "20";
86 "pm.start_servers" = "2";
87 "pm.min_spare_servers" = "1";
88 "pm.max_spare_servers" = "3";
89 "php_admin_value[session.save_handler]" = "redis";
90 "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=ChristopheCarpentier:agorakit:'";
92 phpOptions = config.services.phpfpm.phpOptions;
93 phpPackage = pkgs.php74.withExtensions ({ enabled, all }: enabled ++ [all.redis]);
96 systemd.services.phpfpm-christophe_carpentier_agorakit = {
97 after = lib.mkAfter ["mysql.service"];
98 wants = ["mysql.service"];
100 if [ ! -e ${varDir}/.filled ]; then
101 cp -r ${app}/oldvars/* ${varDir}
102 chmod -R u+w ${varDir}
103 chown -R ${config.services.httpd.Prod.user}:${config.services.httpd.Prod.group} ${varDir}
104 touch ${varDir}/.filled
109 system.activationScripts.christophe_carpentier_agorakit = {
112 install -m 0700 -o ${config.services.httpd.Prod.user} -g ${config.services.httpd.Prod.group} -d ${app.varDir}
119 */5 * * * * ${apacheUser} cd ${app} && ${pkgs.php74}/bin/php artisan schedule:run >/dev/null 2>/dev/null
124 services.websites.env.production.vhostConfs.christophe_agorakit = {
125 certName = "christophe_carpentier";
126 certMainHost = "agorakit.artisansdunous.fr";
127 hosts = [ "agorakit.artisansdunous.fr" ];
128 root = "${app}/public";
131 <FilesMatch "\.php$">
132 SetHandler "proxy:unix:${config.services.phpfpm.pools.christophe_carpentier_agorakit.socket}|fcgi://localhost"
135 <Directory ${app}/public>
136 DirectoryIndex index.php index.htm index.html
137 Options Indexes FollowSymLinks MultiViews Includes