1 { lib, pkgs, config, ... }:
3 secrets = config.myEnv.websites.nicecoop.gestion-compte;
4 varDir = "/var/lib/nicecoop_gestion-compte/var";
5 parametersPath = "/var/lib/buildbot/outputs/nicecoop/gestion/production/parameters.yml";
6 app = pkgs.callPackage ./gestion-compte {
8 secretsPath = parametersPath;
10 cfg = config.myServices.websites.nicecoop.gestion-compte;
12 options.myServices.websites.nicecoop.gestion-compte.enable = lib.mkEnableOption "enable nicecoop's gestion-compte website";
14 config = lib.mkIf cfg.enable {
15 services.phpfpm.pools.nicecoop_gestion-compte = {
16 user = config.services.httpd.Prod.user;
17 group = config.services.httpd.Prod.group;
19 "listen.owner" = config.services.httpd.Prod.user;
20 "listen.group" = config.services.httpd.Prod.group;
21 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
27 "php_admin_value[upload_max_filesize]" = "20M";
28 "php_admin_value[post_max_size]" = "20M";
29 "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
31 "pm.max_children" = "20";
32 "pm.start_servers" = "2";
33 "pm.min_spare_servers" = "1";
34 "pm.max_spare_servers" = "3";
37 system.extraSystemBuilderCmds = let
38 tarball = pkgs.runCommand "production.tar.gz" {} ''
39 tar -P --transform="s@${app}@production_app@" -czf $out ${app}
42 mkdir -p $out/nicecoop/gestion
43 ln -s ${tarball} $out/nicecoop/gestion/production.tar.gz
45 systemd.services.phpfpm-nicecoop_gestion-compte = {
46 after = lib.mkAfter ["mysql.service"];
47 wants = ["mysql.service"];
48 preStart = lib.mkAfter ''
49 /run/wrappers/bin/sudo chown wwwrun:wwwrun ${parametersPath}
51 [ ! -f "${varDir}"/watchedFiles ] \
52 || ! sha512sum -c --status ${varDir}/watchedFiles
55 [ ! -f "${varDir}/currentWebappDir" -o \
56 "${app}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]
59 sha512sum ${parametersPath} > ${varDir}/watchedFiles
62 if watchFilesChanged || appDirChanged; then
63 pushd ${app} > /dev/null
64 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod cache:clear
65 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:database:create -n --if-not-exists
66 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate -n
68 echo -n "${app}" > ${varDir}/currentWebappDir
76 prefix = "${config.services.httpd.Prod.user} cd ${app} && ./bin/console --env=prod";
79 # generate shifts in 27 days (same weekday as yesterday)
80 55 5 * * * ${prefix} app:shift:generate $(date -d "+27 days" +\%Y-\%m-\%d)
82 # free pre-booked shifts
83 55 5 * * * ${prefix} app:shift:free $(date -d "+21 days" +\%Y-\%m-\%d)
85 # send reminder 2 days before shift
86 #0 6 * * * ${prefix} app:shift:reminder $(date -d "+2 days" +\%Y-\%m-\%d)
88 # execute routine for cycle_end/cycle_start, everyday
89 5 6 * * * ${prefix} app:user:cycle_start
91 # send alert on shifts booking (low)
92 #0 10 * * * ${prefix} app:shift:send_alerts --emails creneaux@nicecoop.fr $(date -d "+2 days" +\%Y-\%m-\%d) 1
94 # send a reminder mail to the user who generate the last code but did not validate the change.
95 #45 21 * * * ${prefix} app:code:verify_change --last_run 24
100 system.activationScripts.nicecoop_gestion-compte = {
103 install -m 0700 -o wwwrun -g wwwrun -d ${varDir} ${varDir}/phpSessions ${varDir}/var
107 services.filesWatcher.phpfpm-nicecoop_gestion-compte = {
114 secrets.keys."buildbot/nicecoop/production.yml" = {
117 permissions = "0400";
118 text = builtins.toJSON {
120 host = secrets.mysql.host;
121 port = secrets.mysql.port;
122 name = secrets.mysql.database;
123 user = secrets.mysql.user;
124 password = secrets.mysql.password;
125 version = pkgs.mariadb.mysqlVersion;
127 admipassword = secrets.adminpassword;
129 host = secrets.smtp.host;
130 port = secrets.smtp.port;
131 email = secrets.smtp.email;
132 password = secrets.smtp.password;
134 secret = secrets.secret;
138 # secrets.keys."websites/nicecoop/gestion-compte" = {
139 # user = config.services.httpd.Prod.user;
140 # group = config.services.httpd.Prod.group;
141 # permissions = "0400";
143 # # This file is auto-generated during the composer install
145 # database_host: ${secrets.mysql.host}
146 # database_port: ${secrets.mysql.port}
147 # database_name: ${secrets.mysql.database}
148 # database_user: ${secrets.mysql.user}
149 # database_password: ${secrets.mysql.password}
150 # database_version: ${pkgs.mariadb.mysqlVersion}
151 # super_admin.username: admin
152 # super_admin.initial_password: ${secrets.adminpassword}
153 # mailer_transport: smtp
154 # mailer_host: ${secrets.smtp.host}
155 # mailer_port: ${secrets.smtp.port}
156 # mailer_user: ${secrets.smtp.email}
157 # mailer_password: ${secrets.smtp.password}
158 # mailer_encryption: tls
159 # transactional_mailer_user: ${secrets.smtp.email}
160 # transactional_mailer_user_name: 'espace membre'
161 # emails.base_domain: tools.immae.eu
163 # from_name: 'Contact Nicecoop'
164 # address: ${secrets.smtp.email}
166 # from_name: 'Membres Nicecoop'
167 # address: ${secrets.smtp.email}
169 # from_name: 'Créneaux Nicecoop'
170 # address: ${secrets.smtp.email}
172 # from_name: 'Formation Nicecoop'
173 # address: ${secrets.smtp.email}
175 # from_name: 'Admin Nicecoop'
176 # address: ${secrets.smtp.email}
178 # from_name: 'Ne pas répondre'
179 # address: ${secrets.smtp.email}
181 # - '%emails.contact%'
182 # - '%emails.member%'
184 # - '%emails.formation%'
186 # - '%emails.noreply%'
187 # shift_mailer_user: null
188 # secret: ${secrets.secret}
189 # router.request_context.host: membre.nicecoop.fr
190 # router.request_context.scheme: https
191 # router.request_context.base_url: null
192 # site_name: 'Espace membre @ Nicecoop'
193 # project_name: 'Nicecoop'
194 # project_url: 'https://membre.nicecoop.fr/'
195 # project_url_display: membre.nicecoop.fr
197 # local_currency_name: 'monnaie locale'
198 # place_local_ip_address: '127.0.0.1,192.168.0.x'
199 # wiki_keys_url: null
200 # registration_duration: '1 year'
201 # registration_every_civil_year: false
202 # helloasso_registration_campaign_url: 'https://www.helloasso.com/associations/my-local-coop/adhesions/re-adhesion'
203 # helloasso_campaign_id: null
204 # helloasso_api_key: null
205 # helloasso_api_password: null
206 # helloasso_api_base_url: 'https://api.helloasso.com/v3/'
207 # due_duration_by_cycle: 180
208 # min_shift_duration: 90
209 # cycle_duration: '28 days'
210 # maximum_nb_of_beneficiaries_in_membership: 2
211 # new_users_start_as_beginner: true
212 # allow_extra_shifts: true
213 # max_time_in_advance_to_book_extra_shifts: '3 days'
214 # display_gauge: true
215 # use_fly_and_fixed: false
216 # time_after_which_members_are_late_with_shifts: -9
217 # reserve_new_shift_to_prior_shifter: true
218 # forbid_shift_overlap_time: 30
219 # display_name_shifters: false
220 # use_card_reader_to_validate_shifts: false
221 # max_time_at_end_of_shift: 0
222 # swipe_card_logging: true
223 # display_swipe_cards_settings: true
224 # logging.mattermost.enabled: false
225 # logging.mattermost.level: critical
226 # logging.mattermost.url: 'http://mattermost.yourcoop.local'
227 # logging.mattermost.channel: null
228 # logging.swiftmailer.enabled: false
229 # logging.swiftmailer.level: critical
230 # logging.swiftmailer.recipient: null
231 # code_generation_enabled: true
232 # display_freeze_account: true
233 # display_keys_shop: true
235 # swiftmailer.mailer.default.transport:
236 # class: Swift_SendmailTransport
237 # arguments: ['/run/wrappers/bin/sendmail -bs']
241 services.websites.env.production.vhostConfs.nicecoop_gestion-compte = {
242 certName = "nicecoop";
243 certMainHost = "membre.nicecoop.fr";
244 hosts = ["membre.nicecoop.fr"];
248 <FilesMatch "\.php$">
249 SetHandler "proxy:unix:${config.services.phpfpm.pools.nicecoop_gestion-compte.socket}|fcgi://localhost"
252 <Directory ${app.webRoot}>
253 Options Indexes FollowSymLinks MultiViews Includes