]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/websites/connexionswing/integration.nix
Site de Bingo de Denise
[perso/Immae/Config/Nix.git] / modules / private / websites / connexionswing / integration.nix
1 { lib, pkgs, config, ... }:
2 let
3 secrets = config.myEnv.websites.connexionswing.integration;
4 app = pkgs.callPackage ./app {
5 composerEnv = pkgs.composerEnv.override { php = pkgs.php72; };
6 environment = secrets.environment;
7 varDir = "/var/lib/connexionswing_integration";
8 secretsPath = config.secrets.fullPaths."websites/connexionswing/integration";
9 };
10 cfg = config.myServices.websites.connexionswing.integration;
11 pcfg = config.services.phpApplication;
12 in {
13 options.myServices.websites.connexionswing.integration.enable = lib.mkEnableOption "enable Connexionswing's website in integration";
14
15 config = lib.mkIf cfg.enable {
16 services.duplyBackup.profiles.connexionswing_integration.rootDir = app.varDir;
17 services.phpApplication.apps.connexionswing_integration = {
18 websiteEnv = "integration";
19 httpdUser = config.services.httpd.Inte.user;
20 httpdGroup = config.services.httpd.Inte.group;
21 inherit (app) webRoot varDir;
22 varDirPaths = {
23 "medias" = "0700";
24 "uploads" = "0700";
25 "var" = "0700";
26 };
27 inherit app;
28 serviceDeps = [ "mysql.service" ];
29 preStartActions = [
30 "./bin/console --env=${app.environment} cache:clear --no-warmup"
31 ];
32 phpOpenbasedir = [ "/tmp" "/run/wrappers/bin/sendmail" ];
33 phpPool = {
34 "php_admin_value[upload_max_filesize]" = "20M";
35 "php_admin_value[post_max_size]" = "20M";
36 #"php_admin_flag[log_errors]" = "on";
37 "pm" = "ondemand";
38 "pm.max_children" = "5";
39 "pm.process_idle_timeout" = "60";
40 };
41 phpEnv = {
42 SYMFONY_DEBUG_MODE = "\"yes\"";
43 };
44 phpWatchFiles = [
45 config.secrets.fullPaths."websites/connexionswing/integration"
46 ];
47 phpPackage = pkgs.php72;
48 };
49
50 secrets.keys = [
51 {
52 dest = "websites/connexionswing/integration";
53 user = config.services.httpd.Inte.user;
54 group = config.services.httpd.Inte.group;
55 permissions = "0400";
56 text = ''
57 # This file is auto-generated during the composer install
58 parameters:
59 database_host: ${secrets.mysql.host}
60 database_port: ${secrets.mysql.port}
61 database_name: ${secrets.mysql.database}
62 database_user: ${secrets.mysql.user}
63 database_password: ${secrets.mysql.password}
64 database_server_version: ${pkgs.mariadb.mysqlVersion}
65 mailer_transport: sendmail
66 mailer_host: null
67 mailer_user: null
68 mailer_password: null
69 subscription_email: ${secrets.email}
70 allow_robots: true
71 secret: ${secrets.secret}
72 '';
73 }
74 ];
75
76 services.websites.env.integration.vhostConfs.connexionswing_integration = {
77 certName = "integration";
78 addToCerts = true;
79 hosts = ["connexionswing.immae.eu" "sandetludo.immae.eu" ];
80 root = pcfg.webappDirs.connexionswing_integration;
81 extraConfig = [
82 ''
83 <FilesMatch "\.php$">
84 SetHandler "proxy:unix:${pcfg.phpListenPaths.connexionswing_integration}|fcgi://localhost"
85 </FilesMatch>
86
87 <Directory ${app.varDir}/medias>
88 Options FollowSymLinks
89 AllowOverride None
90 Require all granted
91 </Directory>
92
93 <Directory ${app.varDir}/uploads>
94 Options FollowSymLinks
95 AllowOverride None
96 Require all granted
97 </Directory>
98
99 <Location />
100 Use LDAPConnect
101 Require ldap-group cn=connexionswing.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
102 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://connexionswing.com\"></html>"
103 </Location>
104
105 <Directory ${pcfg.webappDirs.connexionswing_integration}>
106 Options Indexes FollowSymLinks MultiViews Includes
107 AllowOverride None
108 Require all granted
109
110 DirectoryIndex app_dev.php
111
112 <IfModule mod_negotiation.c>
113 Options -MultiViews
114 </IfModule>
115
116 <IfModule mod_rewrite.c>
117 RewriteEngine On
118
119 RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
120 RewriteRule ^(.*) - [E=BASE:%1]
121
122 # Maintenance script
123 RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f
124 RewriteCond %{SCRIPT_FILENAME} !maintenance.php
125 RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]
126 ErrorDocument 503 /maintenance.php
127
128 # Sets the HTTP_AUTHORIZATION header removed by Apache
129 RewriteCond %{HTTP:Authorization} .
130 RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
131
132 RewriteCond %{ENV:REDIRECT_STATUS} ^$
133 RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
134
135 # If the requested filename exists, simply serve it.
136 # We only want to let Apache serve files and not directories.
137 RewriteCond %{REQUEST_FILENAME} -f
138 RewriteRule ^ - [L]
139
140 # Rewrite all other queries to the front controller.
141 RewriteRule ^ %{ENV:BASE}/app_dev.php [L]
142 </IfModule>
143
144 </Directory>
145 ''
146 ];
147 };
148 };
149 }