Migrate php sessions to redis

[perso/Immae/Config/Nix.git] / modules / private / websites / nicecoop / gestion-compte_integration.nix

{ lib, pkgs, config, ... }:
let
  secrets = config.myEnv.websites.nicecoop.gestion-compte-integration;
  varDir = "/var/lib/nicecoop_gestion-compte_integration/var";
  parametersPath = "/var/lib/buildbot/outputs/nicecoop/gestion/sandbox/parameters.yml";
  app = pkgs.callPackage ./gestion-compte {
    inherit varDir;
    secretsPath = parametersPath;
  };
  cfg = config.myServices.websites.nicecoop.gestion-compte-integration;
in {
  options.myServices.websites.nicecoop.gestion-compte-integration.enable = lib.mkEnableOption "enable nicecoop's gestion-compte website";

  config = lib.mkIf cfg.enable {
    services.phpfpm.pools.nicecoop_gestion-compte_integration = {
      user = config.services.httpd.Inte.user;
      group = config.services.httpd.Inte.group;
      settings = {
        "listen.owner" = config.services.httpd.Inte.user;
        "listen.group" = config.services.httpd.Inte.group;
        "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
          app
          varDir
          parametersPath
          "/tmp"
        ];
        "php_admin_value[upload_max_filesize]" = "20M";
        "php_admin_value[post_max_size]" = "20M";
        "php_admin_value[session.save_handler]" = "redis";
        "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Nicecoop:GestionCompteIntegration:'";
        "pm" = "dynamic";
        "pm.max_children" = "20";
        "pm.start_servers" = "2";
        "pm.min_spare_servers" = "1";
        "pm.max_spare_servers" = "3";
      };
      phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]);
    };
    services.cron = {
      systemCronJobs = let
        prefix = "${config.services.httpd.Prod.user} cd ${app} && ./bin/console --env=prod";
      in [
        ''
          # generate shifts in 80 to 90 days
          55 5 * * * ${prefix} app:shift:generate --quiet $(date -d "+80 days" +\%Y-\%m-\%d) --to $(date -d "+90 days" +\%Y-\%m-\%d)

          # free pre-booked shifts
          55 5 * * * ${prefix} app:shift:free --quiet $(date -d "+21 days" +\%Y-\%m-\%d)

          # send reminder 2 days before shift
          0 6 * * * ${prefix} app:shift:reminder --quiet $(date -d "+2 days" +\%Y-\%m-\%d)

          # execute routine for cycle_end/cycle_start, everyday
          5 6 * * * ${prefix} app:user:cycle_start --quiet

          # send alert on shifts booking (low)
          0 10 * * * ${prefix} app:shift:send_alerts --quiet --emails creneaux@nicecoop.fr $(date -d "+2 days" +\%Y-\%m-\%d) 1

          # send a reminder mail to the user who generate the last code but did not validate the change.
          45 21 * * * ${prefix} app:code:verify_change --quiet --last_run 24
        ''
      ];
    };
    system.extraSystemBuilderCmds = let
      tarball = pkgs.runCommand "sandbox.tar.gz" {} ''
        tar -P --transform="s@${app}@sandbox_app@" -czf $out ${app}
      '';
    in ''
      mkdir -p $out/nicecoop/gestion
      ln -s ${tarball} $out/nicecoop/gestion/sandbox.tar.gz
    '';
    systemd.services.phpfpm-nicecoop_gestion-compte_integration = {
      after = lib.mkAfter ["mysql.service"];
      wants = ["mysql.service"];
      preStart = lib.mkAfter ''
        /run/wrappers/bin/sudo chown wwwrun:wwwrun ${parametersPath}
        watchFilesChanged() {
          [ ! -f "${varDir}"/watchedFiles ] \
            || ! sha512sum -c --status ${varDir}/watchedFiles
        }
        appDirChanged() {
          [ ! -f "${varDir}/currentWebappDir" -o \
            "${app}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]
        }
        updateWatchFiles() {
          sha512sum ${parametersPath} > ${varDir}/watchedFiles
        }

        if watchFilesChanged || appDirChanged; then
          pushd ${app} > /dev/null
          /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod cache:clear
          /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:database:create -n --if-not-exists
          /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate -n
          popd > /dev/null
          echo -n "${app}" > ${varDir}/currentWebappDir
          updateWatchFiles
        fi
      '';
    };

    system.activationScripts.nicecoop_gestion-compte_integration = {
      deps = [];
      text = ''
        install -m 0700 -o wwwrun -g wwwrun -d ${varDir} ${varDir}/var
      '';
    };

    services.filesWatcher.phpfpm-nicecoop_gestion-compte_integration = {
      restart = true;
      paths = [
        parametersPath
      ];
    };

    secrets.keys."buildbot/nicecoop/sandbox.yml" = {
      user = "buildbot";
      group = "buildbot";
      permissions = "0400";
      text = builtins.toJSON {
        database = {
          host = secrets.mysql.host;
          port = secrets.mysql.port;
          name = secrets.mysql.database;
          user = secrets.mysql.user;
          password = secrets.mysql.password;
          version = config.myServices.databases.mariadb.package.mysqlVersion;
        };
        admipassword = secrets.adminpassword;
        smtp = {
          host = secrets.smtp.host;
          port = secrets.smtp.port;
          email = secrets.smtp.email;
          password = secrets.smtp.password;
        };
        secret = secrets.secret;
      };
    };

    services.websites.env.integration.vhostConfs.nicecoop_gestion-compte = {
      certName     = "integration";
      addToCerts   = true;
      hosts        = ["gestion-compte.nc.immae.dev"];
      root         = app.webRoot;
      extraConfig  = [
        ''
        <FilesMatch "\.php$">
          SetHandler "proxy:unix:${config.services.phpfpm.pools.nicecoop_gestion-compte_integration.socket}|fcgi://localhost"
        </FilesMatch>

        <Directory ${app.webRoot}>
          Options Indexes FollowSymLinks MultiViews Includes
          AllowOverride All
          Require all granted
        </Directory>
        ''
      ];
    };
  };
}