{ lib, pkgs, config, ... }:
let
cfg = config.myServices.websites.christophe_carpentier.agorakit;
env = config.myEnv.websites.christophe_carpentier.agorakit;
varDir = "/var/lib/christophe_carpentier_agorakit";
secretsPath = config.secrets.fullPaths."websites/christophe_carpentier/env";
app = pkgs.callPackage ./agorakit { inherit varDir secretsPath; };
apacheUser = config.services.httpd.Prod.user;
apacheGroup = config.services.httpd.Prod.group;
in {
options.myServices.websites.christophe_carpentier.agorakit.enable = lib.mkEnableOption "enable Christophe Carpentier's Agorakit";
config = lib.mkIf cfg.enable {
secrets.keys."websites/christophe_carpentier/env" = {
user = config.services.httpd.Prod.user;
group = config.services.httpd.Prod.group;
permissions = "0400";
text = ''
APP_ENV=production
APP_DEBUG=false
APP_KEY=${env.appkey}
APP_NAME='Agorakit'
APP_URL=https://agorakit.artisansdunous.fr
APP_LOG=daily
APP_DEFAULT_LOCALE=fr
DB_HOST=${env.mysql.host}
DB_DATABASE=${env.mysql.database}
DB_USERNAME=${env.mysql.user}
DB_PASSWORD=${env.mysql.password}
CACHE_DRIVER=file
SESSION_DRIVER=file
QUEUE_DRIVER=sync
MAIL_DRIVER=smtp
MAIL_HOST=${env.smtp.host}
MAIL_PORT=${env.smtp.port}
MAIL_USERNAME=${env.smtp.email}
MAIL_PASSWORD=${env.smtp.password}
MAIL_ENCRYPTION=tls
MAIL_FROM=${env.smtp.email}
MAIL_FROM_NAME=Agorakit
MAIL_NOREPLY=${env.smtp.email}
# OVH doesn't allow it
INBOX_DRIVER=null
#INBOX_HOST=${env.smtp.host}
INBOX_USERNAME=${env.smtp.email}
INBOX_PASSWORD=${env.smtp.password}
INBOX_PREFIX=${builtins.elemAt (builtins.split "@" env.smtp.email) 0}+
INBOX_SUFFIX=@${builtins.elemAt (builtins.split "@" env.smtp.email) 2}
TWITTER_ID=null
TWITTER_SECRET=null
TWITTER_URL=null
FACEBOOK_ID=null
FACEBOOK_SECRET=null
FACEBOOK_URL=null
GOOGLE_ID=null
GOOGLE_SECRET=null
GOOGLE_URL=null
GITHUB_ID=null
GITHUB_SECRET=null
GITHUB_URL=null
MAX_FILE_SIZE=100000
'';
};
systemd.services.phpfpm-christophe_carpentier_agorakit.preStart = ''
if [ ! -e ${varDir}/.filled ]; then
cp -r ${app}/oldvars/* ${varDir}
chmod -R u+w ${varDir}
chown -R ${config.services.httpd.Prod.user}:${config.services.httpd.Prod.group} ${varDir}
touch ${varDir}/.filled
fi
'';
services.phpApplication.apps.christophe_carpentier_agorakit = {
websiteEnv = "production";
httpdUser = config.services.httpd.Prod.user;
httpdGroup = config.services.httpd.Prod.group;
inherit (app) varDir;
inherit app;
serviceDeps = [ "mysql.service" ];
phpOpenbasedir = [ "/tmp" secretsPath ];
phpPackage = pkgs.php74.withExtensions ({ enabled, all }: enabled ++ [all.redis]);
phpPool = {
"php_admin_value[upload_max_filesize]" = "100M";
"php_admin_value[post_max_size]" = "100M";
"pm" = "dynamic";
"pm.max_children" = "20";
"pm.start_servers" = "2";
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "3";
"php_admin_value[session.save_handler]" = "redis";
"php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=ChristopheCarpentier:agorakit:'";
};
};
services.cron = {
systemCronJobs = [
''
*/5 * * * * ${apacheUser} cd ${app} && ${pkgs.php74}/bin/php artisan schedule:run >/dev/null 2>/dev/null
''
];
};
services.websites.env.production.vhostConfs.christophe_agorakit = {
certName = "christophe_carpentier";
certMainHost = "agorakit.artisansdunous.fr";
hosts = [ "agorakit.artisansdunous.fr" ];
root = "${app}/public";
extraConfig = [
''
SetHandler "proxy:unix:${config.services.phpfpm.pools.christophe_carpentier_agorakit.socket}|fcgi://localhost"
DirectoryIndex index.php index.htm index.html
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride All
Require all granted
''
];
};
};
}