{ lib, pkgs, config, ... }:
let
secrets = config.myEnv.websites.nicecoop.gestion-compte-integration;
varDir = "/var/lib/nicecoop_gestion-compte_integration/var";
parametersPath = "/var/lib/buildbot/outputs/nicecoop/gestion/sandbox/parameters.yml";
app = pkgs.callPackage ./gestion-compte {
inherit varDir;
secretsPath = parametersPath;
};
cfg = config.myServices.websites.nicecoop.gestion-compte-integration;
in {
options.myServices.websites.nicecoop.gestion-compte-integration.enable = lib.mkEnableOption "enable nicecoop's gestion-compte website";
config = lib.mkIf cfg.enable {
services.phpfpm.pools.nicecoop_gestion-compte_integration = {
user = config.services.httpd.Inte.user;
group = config.services.httpd.Inte.group;
settings = {
"listen.owner" = config.services.httpd.Inte.user;
"listen.group" = config.services.httpd.Inte.group;
"php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
app
varDir
parametersPath
"/tmp"
];
"php_admin_value[upload_max_filesize]" = "20M";
"php_admin_value[post_max_size]" = "20M";
"php_admin_value[session.save_path]" = "${varDir}/phpSessions";
"pm" = "dynamic";
"pm.max_children" = "20";
"pm.start_servers" = "2";
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "3";
};
};
services.cron = {
systemCronJobs = let
prefix = "${config.services.httpd.Prod.user} cd ${app} && ./bin/console --env=prod";
in [
''
# generate shifts in 80 to 90 days
55 5 * * * ${prefix} app:shift:generate --quiet $(date -d "+80 days" +\%Y-\%m-\%d) --to $(date -d "+90 days" +\%Y-\%m-\%d)
# free pre-booked shifts
55 5 * * * ${prefix} app:shift:free --quiet $(date -d "+21 days" +\%Y-\%m-\%d)
# send reminder 2 days before shift
0 6 * * * ${prefix} app:shift:reminder --quiet $(date -d "+2 days" +\%Y-\%m-\%d)
# execute routine for cycle_end/cycle_start, everyday
5 6 * * * ${prefix} app:user:cycle_start --quiet
# send alert on shifts booking (low)
0 10 * * * ${prefix} app:shift:send_alerts --quiet --emails creneaux@nicecoop.fr $(date -d "+2 days" +\%Y-\%m-\%d) 1
# send a reminder mail to the user who generate the last code but did not validate the change.
45 21 * * * ${prefix} app:code:verify_change --quiet --last_run 24
''
];
};
system.extraSystemBuilderCmds = let
tarball = pkgs.runCommand "sandbox.tar.gz" {} ''
tar -P --transform="s@${app}@sandbox_app@" -czf $out ${app}
'';
in ''
mkdir -p $out/nicecoop/gestion
ln -s ${tarball} $out/nicecoop/gestion/sandbox.tar.gz
'';
systemd.services.phpfpm-nicecoop_gestion-compte_integration = {
after = lib.mkAfter ["mysql.service"];
wants = ["mysql.service"];
preStart = lib.mkAfter ''
/run/wrappers/bin/sudo chown wwwrun:wwwrun ${parametersPath}
watchFilesChanged() {
[ ! -f "${varDir}"/watchedFiles ] \
|| ! sha512sum -c --status ${varDir}/watchedFiles
}
appDirChanged() {
[ ! -f "${varDir}/currentWebappDir" -o \
"${app}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]
}
updateWatchFiles() {
sha512sum ${parametersPath} > ${varDir}/watchedFiles
}
if watchFilesChanged || appDirChanged; then
pushd ${app} > /dev/null
/run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod cache:clear
/run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:database:create -n --if-not-exists
/run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate -n
popd > /dev/null
echo -n "${app}" > ${varDir}/currentWebappDir
updateWatchFiles
fi
'';
};
system.activationScripts.nicecoop_gestion-compte_integration = {
deps = [];
text = ''
install -m 0700 -o wwwrun -g wwwrun -d ${varDir} ${varDir}/phpSessions ${varDir}/var
'';
};
services.filesWatcher.phpfpm-nicecoop_gestion-compte_integration = {
restart = true;
paths = [
parametersPath
];
};
secrets.keys."buildbot/nicecoop/sandbox.yml" = {
user = "buildbot";
group = "buildbot";
permissions = "0400";
text = builtins.toJSON {
database = {
host = secrets.mysql.host;
port = secrets.mysql.port;
name = secrets.mysql.database;
user = secrets.mysql.user;
password = secrets.mysql.password;
version = config.myServices.databases.mariadb.package.mysqlVersion;
};
admipassword = secrets.adminpassword;
smtp = {
host = secrets.smtp.host;
port = secrets.smtp.port;
email = secrets.smtp.email;
password = secrets.smtp.password;
};
secret = secrets.secret;
};
};
services.websites.env.integration.vhostConfs.nicecoop_gestion-compte = {
certName = "integration";
addToCerts = true;
hosts = ["gestion-compte.nc.immae.dev"];
root = app.webRoot;
extraConfig = [
''
SetHandler "proxy:unix:${config.services.phpfpm.pools.nicecoop_gestion-compte_integration.socket}|fcgi://localhost"
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride All
Require all granted
''
];
};
};
}