modules/private/websites/ressourcerie_banon/production.nix

   1 { lib, pkgs, config,  ... }:
   2 let
   3   cfg = config.myServices.websites.ressourcerie_banon.production;
   4   varDir = "/var/lib/ftp/ressourcerie_banon";
   5   apacheUser = config.services.httpd.Prod.user;
   6   apacheGroup = config.services.httpd.Prod.group;
   7 in {
   8   options.myServices.websites.ressourcerie_banon.production.enable = lib.mkEnableOption "enable Ressourcerie Banon's website";
   9
  10   config = lib.mkIf cfg.enable {
  11     services.webstats.sites = [ { name = "ressourcerie-banon.org"; } ];
  12
  13     systemd.services.phpfpm-ressourcerie_banon.after = lib.mkAfter [ "mysql.service" ];
  14     systemd.services.phpfpm-ressourcerie_banon.wants = [ "mysql.service" ];
  15     services.phpfpm.pools.ressourcerie_banon = {
  16       user = apacheUser;
  17       group = apacheGroup;
  18       settings = {
  19         "listen.owner" = apacheUser;
  20         "listen.group" = apacheGroup;
  21
  22         "pm" = "dynamic";
  23         "pm.max_children" = "20";
  24         "pm.start_servers" = "2";
  25         "pm.min_spare_servers" = "1";
  26         "pm.max_spare_servers" = "3";
  27
  28         "php_admin_value[session.save_handler]" = "redis";
  29         "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=RessourcerieBanon:Production:'";
  30         "php_admin_value[open_basedir]" = "${varDir}:/tmp";
  31       };
  32       phpOptions = config.services.phpfpm.phpOptions + ''
  33         disable_functions = "mail"
  34       '';
  35       phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
  36     };
  37     services.websites.env.production.modules = [ "proxy_fcgi" ];
  38     services.websites.env.production.vhostConfs.ressourcerie_banon = {
  39       certName     = "ressourcerie_banon";
  40       certMainHost = "ressourcerie-banon.org";
  41       hosts        = ["ressourcerie-banon.org" "www.ressourcerie-banon.org" "le-garage-autonome.org"
  42       "www.le-garage-autonome.org"];
  43       root         = varDir;
  44       extraConfig  = [
  45         ''
  46         Use Stats ressourcerie-banon.org
  47
  48         RewriteEngine on
  49         RewriteCond "%{HTTP_HOST}" "!^ressourcerie-banon\.org$" [NC]
  50         RewriteRule ^(.+)$ https://ressourcerie-banon.org$1 [R=302,L]
  51
  52         <FilesMatch "\.php$">
  53           SetHandler "proxy:unix:${config.services.phpfpm.pools.ressourcerie_banon.socket}|fcgi://localhost"
  54         </FilesMatch>
  55
  56         <Directory ${varDir}>
  57           DirectoryIndex index.php index.htm index.html
  58           Options Indexes FollowSymLinks MultiViews Includes
  59           AllowOverride all
  60           Require all granted
  61         </Directory>
  62           ''
  63       ];
  64     };
  65   };
  66 }
  67