1 { lib, pkgs, config, ... }:
3 secrets = config.myEnv.websites.nicecoop.gestion-compte-integration;
4 varDir = "/var/lib/nicecoop_gestion-compte_integration/var";
5 parametersPath = "/var/lib/buildbot/outputs/nicecoop/gestion/sandbox/parameters.yml";
6 app = pkgs.callPackage ./gestion-compte {
8 secretsPath = parametersPath;
10 cfg = config.myServices.websites.nicecoop.gestion-compte-integration;
12 options.myServices.websites.nicecoop.gestion-compte-integration.enable = lib.mkEnableOption "enable nicecoop's gestion-compte website";
14 config = lib.mkIf cfg.enable {
15 services.phpfpm.pools.nicecoop_gestion-compte_integration = {
16 user = config.services.httpd.Inte.user;
17 group = config.services.httpd.Inte.group;
19 "listen.owner" = config.services.httpd.Inte.user;
20 "listen.group" = config.services.httpd.Inte.group;
21 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
27 "php_admin_value[upload_max_filesize]" = "20M";
28 "php_admin_value[post_max_size]" = "20M";
29 "php_admin_value[session.save_handler]" = "redis";
30 "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Nicecoop:GestionCompteIntegration:'";
32 "pm.max_children" = "20";
33 "pm.start_servers" = "2";
34 "pm.min_spare_servers" = "1";
35 "pm.max_spare_servers" = "3";
37 phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]);
41 prefix = "${config.services.httpd.Prod.user} cd ${app} && ./bin/console --env=prod";
44 # generate shifts in 80 to 90 days
45 55 5 * * * ${prefix} app:shift:generate --quiet $(date -d "+80 days" +\%Y-\%m-\%d) --to $(date -d "+90 days" +\%Y-\%m-\%d)
47 # free pre-booked shifts
48 55 5 * * * ${prefix} app:shift:free --quiet $(date -d "+21 days" +\%Y-\%m-\%d)
50 # send reminder 2 days before shift
51 0 6 * * * ${prefix} app:shift:reminder --quiet $(date -d "+2 days" +\%Y-\%m-\%d)
53 # execute routine for cycle_end/cycle_start, everyday
54 5 6 * * * ${prefix} app:user:cycle_start --quiet
56 # send alert on shifts booking (low)
57 0 10 * * * ${prefix} app:shift:send_alerts --quiet --emails creneaux@nicecoop.fr $(date -d "+2 days" +\%Y-\%m-\%d) 1
59 # send a reminder mail to the user who generate the last code but did not validate the change.
60 45 21 * * * ${prefix} app:code:verify_change --quiet --last_run 24
64 system.extraSystemBuilderCmds = let
65 tarball = pkgs.runCommand "sandbox.tar.gz" {} ''
66 tar -P --transform="s@${app}@sandbox_app@" -czf $out ${app}
69 mkdir -p $out/nicecoop/gestion
70 ln -s ${tarball} $out/nicecoop/gestion/sandbox.tar.gz
72 systemd.services.phpfpm-nicecoop_gestion-compte_integration = {
73 after = lib.mkAfter ["mysql.service"];
74 wants = ["mysql.service"];
75 preStart = lib.mkAfter ''
76 /run/wrappers/bin/sudo chown wwwrun:wwwrun ${parametersPath}
78 [ ! -f "${varDir}"/watchedFiles ] \
79 || ! sha512sum -c --status ${varDir}/watchedFiles
82 [ ! -f "${varDir}/currentWebappDir" -o \
83 "${app}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]
86 sha512sum ${parametersPath} > ${varDir}/watchedFiles
89 if watchFilesChanged || appDirChanged; then
90 pushd ${app} > /dev/null
91 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod cache:clear
92 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:database:create -n --if-not-exists
93 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate -n
95 echo -n "${app}" > ${varDir}/currentWebappDir
101 system.activationScripts.nicecoop_gestion-compte_integration = {
104 install -m 0700 -o wwwrun -g wwwrun -d ${varDir} ${varDir}/var
108 services.filesWatcher.phpfpm-nicecoop_gestion-compte_integration = {
115 secrets.keys."buildbot/nicecoop/sandbox.yml" = {
118 permissions = "0400";
119 text = builtins.toJSON {
121 host = secrets.mysql.host;
122 port = secrets.mysql.port;
123 name = secrets.mysql.database;
124 user = secrets.mysql.user;
125 password = secrets.mysql.password;
126 version = config.myServices.databases.mariadb.package.mysqlVersion;
128 admipassword = secrets.adminpassword;
130 host = secrets.smtp.host;
131 port = secrets.smtp.port;
132 email = secrets.smtp.email;
133 password = secrets.smtp.password;
135 secret = secrets.secret;
139 services.websites.env.integration.vhostConfs.nicecoop_gestion-compte = {
140 certName = "integration";
142 hosts = ["gestion-compte.nc.immae.dev"];
146 <FilesMatch "\.php$">
147 SetHandler "proxy:unix:${config.services.phpfpm.pools.nicecoop_gestion-compte_integration.socket}|fcgi://localhost"
150 <Directory ${app.webRoot}>
151 Options Indexes FollowSymLinks MultiViews Includes