1 { lib, pkgs, config, ... }:
3 secrets = config.myEnv.websites.nicecoop.gestion-compte-integration;
4 varDir = "/var/lib/nicecoop_gestion-compte_integration/var";
5 parametersPath = "/var/lib/buildbot/outputs/nicecoop/gestion/sandbox/parameters.yml";
6 app = pkgs.callPackage ./gestion-compte {
8 secretsPath = parametersPath;
10 cfg = config.myServices.websites.nicecoop.gestion-compte-integration;
12 options.myServices.websites.nicecoop.gestion-compte-integration.enable = lib.mkEnableOption "enable nicecoop's gestion-compte website";
14 config = lib.mkIf cfg.enable {
15 services.phpfpm.pools.nicecoop_gestion-compte_integration = {
16 user = config.services.httpd.Inte.user;
17 group = config.services.httpd.Inte.group;
19 "listen.owner" = config.services.httpd.Inte.user;
20 "listen.group" = config.services.httpd.Inte.group;
21 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
27 "php_admin_value[upload_max_filesize]" = "20M";
28 "php_admin_value[post_max_size]" = "20M";
29 "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
31 "pm.max_children" = "20";
32 "pm.start_servers" = "2";
33 "pm.min_spare_servers" = "1";
34 "pm.max_spare_servers" = "3";
39 prefix = "${config.services.httpd.Prod.user} cd ${app} && ./bin/console --env=prod";
42 # generate shifts in 80 to 90 days
43 55 5 * * * ${prefix} app:shift:generate --quiet $(date -d "+80 days" +\%Y-\%m-\%d) --to $(date -d "+90 days" +\%Y-\%m-\%d)
45 # free pre-booked shifts
46 55 5 * * * ${prefix} app:shift:free --quiet $(date -d "+21 days" +\%Y-\%m-\%d)
48 # send reminder 2 days before shift
49 0 6 * * * ${prefix} app:shift:reminder --quiet $(date -d "+2 days" +\%Y-\%m-\%d)
51 # execute routine for cycle_end/cycle_start, everyday
52 5 6 * * * ${prefix} app:user:cycle_start --quiet
54 # send alert on shifts booking (low)
55 0 10 * * * ${prefix} app:shift:send_alerts --quiet --emails creneaux@nicecoop.fr $(date -d "+2 days" +\%Y-\%m-\%d) 1
57 # send a reminder mail to the user who generate the last code but did not validate the change.
58 45 21 * * * ${prefix} app:code:verify_change --quiet --last_run 24
62 system.extraSystemBuilderCmds = let
63 tarball = pkgs.runCommand "sandbox.tar.gz" {} ''
64 tar -P --transform="s@${app}@sandbox_app@" -czf $out ${app}
67 mkdir -p $out/nicecoop/gestion
68 ln -s ${tarball} $out/nicecoop/gestion/sandbox.tar.gz
70 systemd.services.phpfpm-nicecoop_gestion-compte_integration = {
71 after = lib.mkAfter ["mysql.service"];
72 wants = ["mysql.service"];
73 preStart = lib.mkAfter ''
74 /run/wrappers/bin/sudo chown wwwrun:wwwrun ${parametersPath}
76 [ ! -f "${varDir}"/watchedFiles ] \
77 || ! sha512sum -c --status ${varDir}/watchedFiles
80 [ ! -f "${varDir}/currentWebappDir" -o \
81 "${app}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]
84 sha512sum ${parametersPath} > ${varDir}/watchedFiles
87 if watchFilesChanged || appDirChanged; then
88 pushd ${app} > /dev/null
89 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod cache:clear
90 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:database:create -n --if-not-exists
91 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate -n
93 echo -n "${app}" > ${varDir}/currentWebappDir
99 system.activationScripts.nicecoop_gestion-compte_integration = {
102 install -m 0700 -o wwwrun -g wwwrun -d ${varDir} ${varDir}/phpSessions ${varDir}/var
106 services.filesWatcher.phpfpm-nicecoop_gestion-compte_integration = {
113 secrets.keys."buildbot/nicecoop/sandbox.yml" = {
116 permissions = "0400";
117 text = builtins.toJSON {
119 host = secrets.mysql.host;
120 port = secrets.mysql.port;
121 name = secrets.mysql.database;
122 user = secrets.mysql.user;
123 password = secrets.mysql.password;
124 version = config.myServices.databases.mariadb.package.mysqlVersion;
126 admipassword = secrets.adminpassword;
128 host = secrets.smtp.host;
129 port = secrets.smtp.port;
130 email = secrets.smtp.email;
131 password = secrets.smtp.password;
133 secret = secrets.secret;
137 services.websites.env.integration.vhostConfs.nicecoop_gestion-compte = {
138 certName = "integration";
140 hosts = ["gestion-compte.nc.immae.dev"];
144 <FilesMatch "\.php$">
145 SetHandler "proxy:unix:${config.services.phpfpm.pools.nicecoop_gestion-compte_integration.socket}|fcgi://localhost"
148 <Directory ${app.webRoot}>
149 Options Indexes FollowSymLinks MultiViews Includes