{ lib, pkgs, config, ... }:
let
secrets = config.myEnv.websites.nicecoop.gestion-compte;
varDir = "/var/lib/nicecoop_gestion-compte/var";
parametersPath = "/var/lib/buildbot/outputs/nicecoop/gestion/production/parameters.yml";
app = pkgs.callPackage ./gestion-compte {
inherit varDir;
secretsPath = parametersPath;
};
cfg = config.myServices.websites.nicecoop.gestion-compte;
in {
options.myServices.websites.nicecoop.gestion-compte.enable = lib.mkEnableOption "enable nicecoop's gestion-compte website";
config = lib.mkIf cfg.enable {
services.phpfpm.pools.nicecoop_gestion-compte = {
user = config.services.httpd.Prod.user;
group = config.services.httpd.Prod.group;
settings = {
"listen.owner" = config.services.httpd.Prod.user;
"listen.group" = config.services.httpd.Prod.group;
"php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
app
varDir
parametersPath
"/tmp"
];
"php_admin_value[upload_max_filesize]" = "20M";
"php_admin_value[post_max_size]" = "20M";
"php_admin_value[session.save_handler]" = "redis";
"php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Nicecoop:GestionCompteProduction:'";
"pm" = "dynamic";
"pm.max_children" = "20";
"pm.start_servers" = "2";
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "3";
};
phpPackage = pkgs.php74.withExtensions({ enabled, all }: enabled ++ [all.redis]);
};
system.extraSystemBuilderCmds = let
tarball = pkgs.runCommand "production.tar.gz" {} ''
tar -P --transform="s@${app}@production_app@" -czf $out ${app}
'';
in ''
mkdir -p $out/nicecoop/gestion
ln -s ${tarball} $out/nicecoop/gestion/production.tar.gz
'';
systemd.services.phpfpm-nicecoop_gestion-compte = {
after = lib.mkAfter ["mysql.service"];
wants = ["mysql.service"];
preStart = lib.mkAfter ''
/run/wrappers/bin/sudo chown wwwrun:wwwrun ${parametersPath}
watchFilesChanged() {
[ ! -f "${varDir}"/watchedFiles ] \
|| ! sha512sum -c --status ${varDir}/watchedFiles
}
appDirChanged() {
[ ! -f "${varDir}/currentWebappDir" -o \
"${app}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]
}
updateWatchFiles() {
sha512sum ${parametersPath} > ${varDir}/watchedFiles
}
if watchFilesChanged || appDirChanged; then
pushd ${app} > /dev/null
/run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod cache:clear
/run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:database:create -n --if-not-exists
/run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate -n
popd > /dev/null
echo -n "${app}" > ${varDir}/currentWebappDir
updateWatchFiles
fi
'';
};
services.cron = {
systemCronJobs = let
prefix = "${config.services.httpd.Prod.user} cd ${app} && ./bin/console --env=prod";
in [
''
# generate shifts in 27 days (same weekday as yesterday)
55 5 * * * ${prefix} app:shift:generate $(date -d "+27 days" +\%Y-\%m-\%d)
# free pre-booked shifts
55 5 * * * ${prefix} app:shift:free $(date -d "+21 days" +\%Y-\%m-\%d)
# send reminder 2 days before shift
#0 6 * * * ${prefix} app:shift:reminder $(date -d "+2 days" +\%Y-\%m-\%d)
# execute routine for cycle_end/cycle_start, everyday
5 6 * * * ${prefix} app:user:cycle_start
# send alert on shifts booking (low)
#0 10 * * * ${prefix} app:shift:send_alerts --emails creneaux@nicecoop.fr $(date -d "+2 days" +\%Y-\%m-\%d) 1
# send a reminder mail to the user who generate the last code but did not validate the change.
#45 21 * * * ${prefix} app:code:verify_change --last_run 24
''
];
};
system.activationScripts.nicecoop_gestion-compte = {
deps = [];
text = ''
install -m 0700 -o wwwrun -g wwwrun -d ${varDir} ${varDir}/var
'';
};
services.filesWatcher.phpfpm-nicecoop_gestion-compte = {
restart = true;
paths = [
parametersPath
];
};
secrets.keys."buildbot/nicecoop/production.yml" = {
user = "buildbot";
group = "buildbot";
permissions = "0400";
text = builtins.toJSON {
database = {
host = secrets.mysql.host;
port = secrets.mysql.port;
name = secrets.mysql.database;
user = secrets.mysql.user;
password = secrets.mysql.password;
version = config.myServices.databases.mariadb.package.mysqlVersion;
};
admipassword = secrets.adminpassword;
smtp = {
host = secrets.smtp.host;
port = secrets.smtp.port;
email = secrets.smtp.email;
password = secrets.smtp.password;
};
secret = secrets.secret;
};
};
# secrets.keys."websites/nicecoop/gestion-compte" = {
# user = config.services.httpd.Prod.user;
# group = config.services.httpd.Prod.group;
# permissions = "0400";
# text = ''
# # This file is auto-generated during the composer install
# parameters:
# database_host: ${secrets.mysql.host}
# database_port: ${secrets.mysql.port}
# database_name: ${secrets.mysql.database}
# database_user: ${secrets.mysql.user}
# database_password: ${secrets.mysql.password}
# database_version: ${pkgs.mariadb.mysqlVersion}
# super_admin.username: admin
# super_admin.initial_password: ${secrets.adminpassword}
# mailer_transport: smtp
# mailer_host: ${secrets.smtp.host}
# mailer_port: ${secrets.smtp.port}
# mailer_user: ${secrets.smtp.email}
# mailer_password: ${secrets.smtp.password}
# mailer_encryption: tls
# transactional_mailer_user: ${secrets.smtp.email}
# transactional_mailer_user_name: 'espace membre'
# emails.base_domain: tools.immae.eu
# emails.contact:
# from_name: 'Contact Nicecoop'
# address: ${secrets.smtp.email}
# emails.member:
# from_name: 'Membres Nicecoop'
# address: ${secrets.smtp.email}
# emails.shift:
# from_name: 'Créneaux Nicecoop'
# address: ${secrets.smtp.email}
# emails.formation:
# from_name: 'Formation Nicecoop'
# address: ${secrets.smtp.email}
# emails.admin:
# from_name: 'Admin Nicecoop'
# address: ${secrets.smtp.email}
# emails.noreply:
# from_name: 'Ne pas répondre'
# address: ${secrets.smtp.email}
# emails.sendable:
# - '%emails.contact%'
# - '%emails.member%'
# - '%emails.shift%'
# - '%emails.formation%'
# - '%emails.admin%'
# - '%emails.noreply%'
# shift_mailer_user: null
# secret: ${secrets.secret}
# router.request_context.host: membre.nicecoop.fr
# router.request_context.scheme: https
# router.request_context.base_url: null
# site_name: 'Espace membre @ Nicecoop'
# project_name: 'Nicecoop'
# project_url: 'https://membre.nicecoop.fr/'
# project_url_display: membre.nicecoop.fr
# main_color: null
# local_currency_name: 'monnaie locale'
# place_local_ip_address: '127.0.0.1,192.168.0.x'
# wiki_keys_url: null
# registration_duration: '1 year'
# registration_every_civil_year: false
# helloasso_registration_campaign_url: 'https://www.helloasso.com/associations/my-local-coop/adhesions/re-adhesion'
# helloasso_campaign_id: null
# helloasso_api_key: null
# helloasso_api_password: null
# helloasso_api_base_url: 'https://api.helloasso.com/v3/'
# due_duration_by_cycle: 180
# min_shift_duration: 90
# cycle_duration: '28 days'
# maximum_nb_of_beneficiaries_in_membership: 2
# new_users_start_as_beginner: true
# allow_extra_shifts: true
# max_time_in_advance_to_book_extra_shifts: '3 days'
# display_gauge: true
# use_fly_and_fixed: false
# time_after_which_members_are_late_with_shifts: -9
# reserve_new_shift_to_prior_shifter: true
# forbid_shift_overlap_time: 30
# display_name_shifters: false
# use_card_reader_to_validate_shifts: false
# max_time_at_end_of_shift: 0
# swipe_card_logging: true
# display_swipe_cards_settings: true
# logging.mattermost.enabled: false
# logging.mattermost.level: critical
# logging.mattermost.url: 'http://mattermost.yourcoop.local'
# logging.mattermost.channel: null
# logging.swiftmailer.enabled: false
# logging.swiftmailer.level: critical
# logging.swiftmailer.recipient: null
# code_generation_enabled: true
# display_freeze_account: true
# display_keys_shop: true
# services:
# swiftmailer.mailer.default.transport:
# class: Swift_SendmailTransport
# arguments: ['/run/wrappers/bin/sendmail -bs']
# '';
# };
services.websites.env.production.vhostConfs.nicecoop_gestion-compte = {
certName = "nicecoop";
certMainHost = "membre.nicecoop.fr";
hosts = ["membre.nicecoop.fr"];
root = app.webRoot;
extraConfig = [
''
SetHandler "proxy:unix:${config.services.phpfpm.pools.nicecoop_gestion-compte.socket}|fcgi://localhost"
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride All
Require all granted
''
];
};
};
}