1 { lib, pkgs, config, ... }:
3 adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; };
4 secrets = config.myEnv.websites.tellesflorian.integration;
5 webRoot = "/var/lib/ftp/immae/florian/web";
6 cfg = config.myServices.websites.florian.app;
7 pcfg = config.services.phpApplication;
9 options.myServices.websites.florian.app.enable = lib.mkEnableOption "enable Florian's app in integration";
11 config = lib.mkIf cfg.enable {
12 services.phpApplication.apps.florian_app = {
13 websiteEnv = "integration";
14 httpdUser = config.services.httpd.Inte.user;
15 httpdGroup = config.services.httpd.Inte.group;
17 varDir = "/var/lib/ftp/immae/florian_var";
21 app = "/var/lib/ftp/immae/florian";
22 serviceDeps = [ "mysql.service" ];
24 "./bin/console --env=dev cache:clear --no-warmup"
26 phpOpenbasedir = [ "/tmp" ];
28 "php_admin_value[upload_max_filesize]" = "20M";
29 "php_admin_value[post_max_size]" = "20M";
30 #"php_admin_flag[log_errors]" = "on";
32 "pm.max_children" = "5";
33 "pm.process_idle_timeout" = "60";
36 SYMFONY_DEBUG_MODE = "\"yes\"";
39 config.secrets.fullPaths."websites/florian/app"
41 phpPackage = pkgs.php72;
45 "websites/florian/app_passwords" = {
46 user = config.services.httpd.Inte.user;
47 group = config.services.httpd.Inte.group;
50 invite:${secrets.invite_passwords}
53 "websites/florian/app" = {
54 user = config.services.httpd.Inte.user;
55 group = config.services.httpd.Inte.group;
58 # This file is auto-generated during the composer install
60 database_host: ${secrets.mysql.host}
61 database_port: ${secrets.mysql.port}
62 database_name: ${secrets.mysql.database}
63 database_user: ${secrets.mysql.user}
64 database_password: ${secrets.mysql.password}
65 mailer_transport: smtp
66 mailer_host: 127.0.0.1
69 secret: ${secrets.secret}
74 services.websites.env.integration.modules = adminer.apache.modules;
75 services.websites.env.integration.vhostConfs.florian_app = {
76 certName = "integration";
78 hosts = [ "app.tellesflorian.com" ];
83 SetHandler "proxy:unix:${pcfg.phpListenPaths.florian_app}|fcgi://localhost"
87 AuthBasicProvider file ldap
89 Require ldap-group cn=app.tellesflorian.com,cn=httpd,ou=services,dc=immae,dc=eu
91 AuthUserFile "${config.secrets.fullPaths."websites/florian/app_passwords"}"
94 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://tellesflorian.com\"></html>"
97 <Directory ${webRoot}>
98 Options Indexes FollowSymLinks MultiViews Includes
102 DirectoryIndex app_dev.php
104 <IfModule mod_negotiation.c>
108 <IfModule mod_rewrite.c>
111 RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
112 RewriteRule ^(.*) - [E=BASE:%1]
115 RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f
116 RewriteCond %{SCRIPT_FILENAME} !maintenance.php
117 RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]
118 ErrorDocument 503 /maintenance.php
120 # Sets the HTTP_AUTHORIZATION header removed by Apache
121 RewriteCond %{HTTP:Authorization} .
122 RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
124 RewriteCond %{ENV:REDIRECT_STATUS} ^$
125 RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
127 # If the requested filename exists, simply serve it.
128 # We only want to let Apache serve files and not directories.
129 RewriteCond %{REQUEST_FILENAME} -f
132 # Rewrite all other queries to the front controller.
133 RewriteRule ^ %{ENV:BASE}/app_dev.php [L]
138 (adminer.apache.vhostConf null)