1 { lib, pkgs, config, ... }:
3 secrets = config.myEnv.websites.nicecoop.gestion-compte;
4 varDir = "/var/lib/nicecoop_gestion-compte/var";
5 parametersPath = "/var/lib/buildbot/outputs/nicecoop/gestion/production/parameters.yml";
6 app = pkgs.callPackage ./gestion-compte {
8 secretsPath = parametersPath;
10 cfg = config.myServices.websites.nicecoop.gestion-compte;
12 options.myServices.websites.nicecoop.gestion-compte.enable = lib.mkEnableOption "enable nicecoop's gestion-compte website";
14 config = lib.mkIf cfg.enable {
15 services.phpfpm.pools.nicecoop_gestion-compte = {
16 user = config.services.httpd.Prod.user;
17 group = config.services.httpd.Prod.group;
19 "listen.owner" = config.services.httpd.Prod.user;
20 "listen.group" = config.services.httpd.Prod.group;
21 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
27 "php_admin_value[upload_max_filesize]" = "20M";
28 "php_admin_value[post_max_size]" = "20M";
29 "php_admin_value[session.save_handler]" = "redis";
30 "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Nicecoop:GestionCompteProduction:'";
32 "pm.max_children" = "20";
33 "pm.start_servers" = "2";
34 "pm.min_spare_servers" = "1";
35 "pm.max_spare_servers" = "3";
37 phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]);
39 system.extraSystemBuilderCmds = let
40 tarball = pkgs.runCommand "production.tar.gz" {} ''
41 tar -P --transform="s@${app}@production_app@" -czf $out ${app}
44 mkdir -p $out/nicecoop/gestion
45 ln -s ${tarball} $out/nicecoop/gestion/production.tar.gz
47 systemd.services.phpfpm-nicecoop_gestion-compte = {
48 after = lib.mkAfter ["mysql.service"];
49 wants = ["mysql.service"];
50 preStart = lib.mkAfter ''
51 /run/wrappers/bin/sudo chown wwwrun:wwwrun ${parametersPath}
53 [ ! -f "${varDir}"/watchedFiles ] \
54 || ! sha512sum -c --status ${varDir}/watchedFiles
57 [ ! -f "${varDir}/currentWebappDir" -o \
58 "${app}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]
61 sha512sum ${parametersPath} > ${varDir}/watchedFiles
64 if watchFilesChanged || appDirChanged; then
65 pushd ${app} > /dev/null
66 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod cache:clear
67 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:database:create -n --if-not-exists
68 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate -n
70 echo -n "${app}" > ${varDir}/currentWebappDir
78 prefix = "${config.services.httpd.Prod.user} cd ${app} && ./bin/console --env=prod";
81 # generate shifts in 27 days (same weekday as yesterday)
82 55 5 * * * ${prefix} app:shift:generate $(date -d "+27 days" +\%Y-\%m-\%d)
84 # free pre-booked shifts
85 55 5 * * * ${prefix} app:shift:free $(date -d "+21 days" +\%Y-\%m-\%d)
87 # send reminder 2 days before shift
88 #0 6 * * * ${prefix} app:shift:reminder $(date -d "+2 days" +\%Y-\%m-\%d)
90 # execute routine for cycle_end/cycle_start, everyday
91 5 6 * * * ${prefix} app:user:cycle_start
93 # send alert on shifts booking (low)
94 #0 10 * * * ${prefix} app:shift:send_alerts --emails creneaux@nicecoop.fr $(date -d "+2 days" +\%Y-\%m-\%d) 1
96 # send a reminder mail to the user who generate the last code but did not validate the change.
97 #45 21 * * * ${prefix} app:code:verify_change --last_run 24
102 system.activationScripts.nicecoop_gestion-compte = {
105 install -m 0700 -o wwwrun -g wwwrun -d ${varDir} ${varDir}/var
109 services.filesWatcher.phpfpm-nicecoop_gestion-compte = {
116 secrets.keys."buildbot/nicecoop/production.yml" = {
119 permissions = "0400";
120 text = builtins.toJSON {
122 host = secrets.mysql.host;
123 port = secrets.mysql.port;
124 name = secrets.mysql.database;
125 user = secrets.mysql.user;
126 password = secrets.mysql.password;
127 version = config.myServices.databases.mariadb.package.mysqlVersion;
129 admipassword = secrets.adminpassword;
131 host = secrets.smtp.host;
132 port = secrets.smtp.port;
133 email = secrets.smtp.email;
134 password = secrets.smtp.password;
136 secret = secrets.secret;
140 # secrets.keys."websites/nicecoop/gestion-compte" = {
141 # user = config.services.httpd.Prod.user;
142 # group = config.services.httpd.Prod.group;
143 # permissions = "0400";
145 # # This file is auto-generated during the composer install
147 # database_host: ${secrets.mysql.host}
148 # database_port: ${secrets.mysql.port}
149 # database_name: ${secrets.mysql.database}
150 # database_user: ${secrets.mysql.user}
151 # database_password: ${secrets.mysql.password}
152 # database_version: ${pkgs.mariadb.mysqlVersion}
153 # super_admin.username: admin
154 # super_admin.initial_password: ${secrets.adminpassword}
155 # mailer_transport: smtp
156 # mailer_host: ${secrets.smtp.host}
157 # mailer_port: ${secrets.smtp.port}
158 # mailer_user: ${secrets.smtp.email}
159 # mailer_password: ${secrets.smtp.password}
160 # mailer_encryption: tls
161 # transactional_mailer_user: ${secrets.smtp.email}
162 # transactional_mailer_user_name: 'espace membre'
163 # emails.base_domain: tools.immae.eu
165 # from_name: 'Contact Nicecoop'
166 # address: ${secrets.smtp.email}
168 # from_name: 'Membres Nicecoop'
169 # address: ${secrets.smtp.email}
171 # from_name: 'Créneaux Nicecoop'
172 # address: ${secrets.smtp.email}
174 # from_name: 'Formation Nicecoop'
175 # address: ${secrets.smtp.email}
177 # from_name: 'Admin Nicecoop'
178 # address: ${secrets.smtp.email}
180 # from_name: 'Ne pas répondre'
181 # address: ${secrets.smtp.email}
183 # - '%emails.contact%'
184 # - '%emails.member%'
186 # - '%emails.formation%'
188 # - '%emails.noreply%'
189 # shift_mailer_user: null
190 # secret: ${secrets.secret}
191 # router.request_context.host: membre.nicecoop.fr
192 # router.request_context.scheme: https
193 # router.request_context.base_url: null
194 # site_name: 'Espace membre @ Nicecoop'
195 # project_name: 'Nicecoop'
196 # project_url: 'https://membre.nicecoop.fr/'
197 # project_url_display: membre.nicecoop.fr
199 # local_currency_name: 'monnaie locale'
200 # place_local_ip_address: '127.0.0.1,192.168.0.x'
201 # wiki_keys_url: null
202 # registration_duration: '1 year'
203 # registration_every_civil_year: false
204 # helloasso_registration_campaign_url: 'https://www.helloasso.com/associations/my-local-coop/adhesions/re-adhesion'
205 # helloasso_campaign_id: null
206 # helloasso_api_key: null
207 # helloasso_api_password: null
208 # helloasso_api_base_url: 'https://api.helloasso.com/v3/'
209 # due_duration_by_cycle: 180
210 # min_shift_duration: 90
211 # cycle_duration: '28 days'
212 # maximum_nb_of_beneficiaries_in_membership: 2
213 # new_users_start_as_beginner: true
214 # allow_extra_shifts: true
215 # max_time_in_advance_to_book_extra_shifts: '3 days'
216 # display_gauge: true
217 # use_fly_and_fixed: false
218 # time_after_which_members_are_late_with_shifts: -9
219 # reserve_new_shift_to_prior_shifter: true
220 # forbid_shift_overlap_time: 30
221 # display_name_shifters: false
222 # use_card_reader_to_validate_shifts: false
223 # max_time_at_end_of_shift: 0
224 # swipe_card_logging: true
225 # display_swipe_cards_settings: true
226 # logging.mattermost.enabled: false
227 # logging.mattermost.level: critical
228 # logging.mattermost.url: 'http://mattermost.yourcoop.local'
229 # logging.mattermost.channel: null
230 # logging.swiftmailer.enabled: false
231 # logging.swiftmailer.level: critical
232 # logging.swiftmailer.recipient: null
233 # code_generation_enabled: true
234 # display_freeze_account: true
235 # display_keys_shop: true
237 # swiftmailer.mailer.default.transport:
238 # class: Swift_SendmailTransport
239 # arguments: ['/run/wrappers/bin/sendmail -bs']
243 services.websites.env.production.vhostConfs.nicecoop_gestion-compte = {
244 certName = "nicecoop";
245 certMainHost = "membre.nicecoop.fr";
246 hosts = ["membre.nicecoop.fr"];
250 <FilesMatch "\.php$">
251 SetHandler "proxy:unix:${config.services.phpfpm.pools.nicecoop_gestion-compte.socket}|fcgi://localhost"
254 <Directory ${app.webRoot}>
255 Options Indexes FollowSymLinks MultiViews Includes