]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/websites/nicecoop/gestion-compte.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
To merge in nicecoop-installation
[perso/Immae/Config/Nix.git] / modules / private / websites / nicecoop / gestion-compte.nix
1 { lib, pkgs, config, ... }:
2 let
3 secrets = config.myEnv.websites.nicecoop.gestion-compte;
4 varDir = "/var/lib/nicecoop_gestion-compte/var";
5 parametersPath = "/var/lib/buildbot/outputs/nicecoop/gestion/production/parameters.yml";
6 app = pkgs.callPackage ./gestion-compte {
7 inherit varDir;
8 secretsPath = parametersPath;
9 };
10 cfg = config.myServices.websites.nicecoop.gestion-compte;
11 in {
12 options.myServices.websites.nicecoop.gestion-compte.enable = lib.mkEnableOption "enable nicecoop's gestion-compte website";
13
14 config = lib.mkIf cfg.enable {
15 services.phpfpm.pools.nicecoop_gestion-compte = {
16 user = config.services.httpd.Prod.user;
17 group = config.services.httpd.Prod.group;
18 settings = {
19 "listen.owner" = config.services.httpd.Prod.user;
20 "listen.group" = config.services.httpd.Prod.group;
21 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
22 app
23 varDir
24 parametersPath
25 "/tmp"
26 ];
27 "php_admin_value[upload_max_filesize]" = "20M";
28 "php_admin_value[post_max_size]" = "20M";
29 "php_admin_value[session.save_handler]" = "redis";
30 "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Nicecoop:GestionCompteProduction:'";
31 "pm" = "dynamic";
32 "pm.max_children" = "20";
33 "pm.start_servers" = "2";
34 "pm.min_spare_servers" = "1";
35 "pm.max_spare_servers" = "3";
36 };
37 phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]);
38 };
39 system.extraSystemBuilderCmds = let
40 tarball = pkgs.runCommand "production.tar.gz" {} ''
41 tar -P --transform="s@${app}@production_app@" -czf $out ${app}
42 '';
43 in ''
44 mkdir -p $out/nicecoop/gestion
45 ln -s ${tarball} $out/nicecoop/gestion/production.tar.gz
46 '';
47 systemd.services.phpfpm-nicecoop_gestion-compte = {
48 after = lib.mkAfter ["mysql.service"];
49 wants = ["mysql.service"];
50 preStart = lib.mkAfter ''
51 /run/wrappers/bin/sudo chown wwwrun:wwwrun ${parametersPath}
52 watchFilesChanged() {
53 [ ! -f "${varDir}"/watchedFiles ] \
54 || ! sha512sum -c --status ${varDir}/watchedFiles
55 }
56 appDirChanged() {
57 [ ! -f "${varDir}/currentWebappDir" -o \
58 "${app}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]
59 }
60 updateWatchFiles() {
61 sha512sum ${parametersPath} > ${varDir}/watchedFiles
62 }
63
64 if watchFilesChanged || appDirChanged; then
65 pushd ${app} > /dev/null
66 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod cache:clear
67 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:database:create -n --if-not-exists
68 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate -n
69 popd > /dev/null
70 echo -n "${app}" > ${varDir}/currentWebappDir
71 updateWatchFiles
72 fi
73 '';
74 };
75
76 services.cron = {
77 systemCronJobs = let
78 prefix = "${config.services.httpd.Prod.user} cd ${app} && ./bin/console --env=prod";
79 in [
80 ''
81 # generate shifts in 80 to 90 days
82 55 5 * * * ${prefix} app:shift:generate --quiet $(date -d "+80 days" +\%Y-\%m-\%d) --to $(date -d "+90 days" +\%Y-\%m-\%d)
83
84 # free pre-booked shifts
85 55 5 * * * ${prefix} app:shift:free --quiet $(date -d "+21 days" +\%Y-\%m-\%d)
86
87 # send reminder 2 days before shift
88 #0 6 * * * ${prefix} app:shift:reminder --quiet $(date -d "+2 days" +\%Y-\%m-\%d)
89
90 # execute routine for cycle_end/cycle_start, everyday
91 5 6 * * * ${prefix} app:user:cycle_start --quiet
92
93 # Reports the list of late shifters to RH
94 0 0 1 * * ${prefix} app:shift:send_late_shifters --quiet --emails=cebayle@gmail.com
95
96 # send alert on shifts booking (low)
97 #0 10 * * * ${prefix} app:shift:send_alerts --quiet --emails creneaux@nicecoop.fr $(date -d "+2 days" +\%Y-\%m-\%d) 1
98
99 # send a reminder mail to the user who generate the last code but did not validate the change.
100 #45 21 * * * ${prefix} app:code:verify_change --quiet --last_run 24
101 ''
102 ];
103 };
104
105 system.activationScripts.nicecoop_gestion-compte = {
106 deps = [];
107 text = ''
108 install -m 0700 -o wwwrun -g wwwrun -d ${varDir} ${varDir}/var
109 '';
110 };
111
112 services.filesWatcher.phpfpm-nicecoop_gestion-compte = {
113 restart = true;
114 paths = [
115 parametersPath
116 ];
117 };
118
119 secrets.keys."buildbot/nicecoop/production.yml" = {
120 user = "buildbot";
121 group = "buildbot";
122 permissions = "0400";
123 text = builtins.toJSON {
124 database = {
125 host = secrets.mysql.host;
126 port = secrets.mysql.port;
127 name = secrets.mysql.database;
128 user = secrets.mysql.user;
129 password = secrets.mysql.password;
130 version = config.myServices.databases.mariadb.package.mysqlVersion;
131 };
132 admipassword = secrets.adminpassword;
133 smtp = {
134 host = secrets.smtp.host;
135 port = secrets.smtp.port;
136 email = secrets.smtp.email;
137 password = secrets.smtp.password;
138 };
139 secret = secrets.secret;
140 };
141 };
142
143 # secrets.keys."websites/nicecoop/gestion-compte" = {
144 # user = config.services.httpd.Prod.user;
145 # group = config.services.httpd.Prod.group;
146 # permissions = "0400";
147 # text = ''
148 # # This file is auto-generated during the composer install
149 # parameters:
150 # database_host: ${secrets.mysql.host}
151 # database_port: ${secrets.mysql.port}
152 # database_name: ${secrets.mysql.database}
153 # database_user: ${secrets.mysql.user}
154 # database_password: ${secrets.mysql.password}
155 # database_version: ${pkgs.mariadb.mysqlVersion}
156 # super_admin.username: admin
157 # super_admin.initial_password: ${secrets.adminpassword}
158 # mailer_transport: smtp
159 # mailer_host: ${secrets.smtp.host}
160 # mailer_port: ${secrets.smtp.port}
161 # mailer_user: ${secrets.smtp.email}
162 # mailer_password: ${secrets.smtp.password}
163 # mailer_encryption: tls
164 # transactional_mailer_user: ${secrets.smtp.email}
165 # transactional_mailer_user_name: 'espace membre'
166 # emails.base_domain: tools.immae.eu
167 # emails.contact:
168 # from_name: 'Contact Nicecoop'
169 # address: ${secrets.smtp.email}
170 # emails.member:
171 # from_name: 'Membres Nicecoop'
172 # address: ${secrets.smtp.email}
173 # emails.shift:
174 # from_name: 'Créneaux Nicecoop'
175 # address: ${secrets.smtp.email}
176 # emails.formation:
177 # from_name: 'Formation Nicecoop'
178 # address: ${secrets.smtp.email}
179 # emails.admin:
180 # from_name: 'Admin Nicecoop'
181 # address: ${secrets.smtp.email}
182 # emails.noreply:
183 # from_name: 'Ne pas répondre'
184 # address: ${secrets.smtp.email}
185 # emails.sendable:
186 # - '%emails.contact%'
187 # - '%emails.member%'
188 # - '%emails.shift%'
189 # - '%emails.formation%'
190 # - '%emails.admin%'
191 # - '%emails.noreply%'
192 # shift_mailer_user: null
193 # secret: ${secrets.secret}
194 # router.request_context.host: membre.nicecoop.fr
195 # router.request_context.scheme: https
196 # router.request_context.base_url: null
197 # site_name: 'Espace membre @ Nicecoop'
198 # project_name: 'Nicecoop'
199 # project_url: 'https://membre.nicecoop.fr/'
200 # project_url_display: membre.nicecoop.fr
201 # main_color: null
202 # local_currency_name: 'monnaie locale'
203 # place_local_ip_address: '127.0.0.1,192.168.0.x'
204 # wiki_keys_url: null
205 # registration_duration: '1 year'
206 # registration_every_civil_year: false
207 # helloasso_registration_campaign_url: 'https://www.helloasso.com/associations/my-local-coop/adhesions/re-adhesion'
208 # helloasso_campaign_id: null
209 # helloasso_api_key: null
210 # helloasso_api_password: null
211 # helloasso_api_base_url: 'https://api.helloasso.com/v3/'
212 # due_duration_by_cycle: 180
213 # min_shift_duration: 90
214 # cycle_duration: '28 days'
215 # maximum_nb_of_beneficiaries_in_membership: 2
216 # new_users_start_as_beginner: true
217 # allow_extra_shifts: true
218 # max_time_in_advance_to_book_extra_shifts: '3 days'
219 # display_gauge: true
220 # use_fly_and_fixed: false
221 # time_after_which_members_are_late_with_shifts: -9
222 # reserve_new_shift_to_prior_shifter: true
223 # forbid_shift_overlap_time: 30
224 # display_name_shifters: false
225 # use_card_reader_to_validate_shifts: false
226 # max_time_at_end_of_shift: 0
227 # swipe_card_logging: true
228 # display_swipe_cards_settings: true
229 # logging.mattermost.enabled: false
230 # logging.mattermost.level: critical
231 # logging.mattermost.url: 'http://mattermost.yourcoop.local'
232 # logging.mattermost.channel: null
233 # logging.swiftmailer.enabled: false
234 # logging.swiftmailer.level: critical
235 # logging.swiftmailer.recipient: null
236 # code_generation_enabled: true
237 # display_freeze_account: true
238 # display_keys_shop: true
239 # services:
240 # swiftmailer.mailer.default.transport:
241 # class: Swift_SendmailTransport
242 # arguments: ['/run/wrappers/bin/sendmail -bs']
243 # '';
244 # };
245
246 services.websites.env.production.vhostConfs.nicecoop_gestion-compte = {
247 certName = "nicecoop";
248 certMainHost = "membre.nicecoop.fr";
249 hosts = ["membre.nicecoop.fr"];
250 root = app.webRoot;
251 extraConfig = [
252 ''
253 <FilesMatch "\.php$">
254 SetHandler "proxy:unix:${config.services.phpfpm.pools.nicecoop_gestion-compte.socket}|fcgi://localhost"
255 </FilesMatch>
256
257 <Directory ${app.webRoot}>
258 Options Indexes FollowSymLinks MultiViews Includes
259 AllowOverride All
260 Require all granted
261 </Directory>
262 ''
263 ];
264 };
265 };
266 }
My infrastructure configuration