--- /dev/null
+{ lib, pkgs, config, ... }:
+let
+ secrets = config.myEnv.websites.chloe.new;
+ cfg = config.myServices.websites.chloe.new;
+ ftpRoot = "/var/lib/chloe_new";
+ phpRoot = "${ftpRoot}/php";
+ webRoot = "${phpRoot}/web";
+ varDir = "${ftpRoot}/var";
+ sessionDir = "${ftpRoot}/sessions";
+ packagePath = "/var/lib/ftp/release.immae.eu/buildbot/Chloe";
+ branch = "test";
+in {
+ options.myServices.websites.chloe.new.enable = lib.mkEnableOption "enable Chloe's new website in integration";
+
+ config = lib.mkIf cfg.enable {
+ services.phpfpm.pools.chloe_new_integration = {
+ user = config.services.httpd.Inte.user;
+ group = config.services.httpd.Inte.group;
+ settings = {
+ "listen.owner" = config.services.httpd.Inte.user;
+ "listen.group" = config.services.httpd.Inte.group;
+ "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
+ ftpRoot
+ config.secrets.fullPaths."websites/chloe/new"
+ "/tmp"
+ ];
+ "php_admin_value[session.save_path]" = sessionDir;
+ "php_admin_value[upload_max_filesize]" = "20M";
+ "php_admin_value[post_max_size]" = "20M";
+ #"php_admin_flag[log_errors]" = "on";
+ "pm" = "ondemand";
+ "pm.max_children" = "5";
+ "pm.process_idle_timeout" = "60";
+ };
+ phpEnv = {
+ SYMFONY_DEBUG_MODE = "\"yes\"";
+ };
+ phpPackage = pkgs.php72;
+ };
+ systemd.services."phpfpm-chloe_new_integration" = {
+ after = lib.mkAfter ["mysql.service"];
+ wants = ["mysql.service"];
+ path = lib.mkAfter [ pkgs.gnutar pkgs.gzip pkgs.php72 ];
+ preStart = let
+ script = pkgs.writeScriptBin "chloe-integration-pre" ''
+ #! ${pkgs.stdenv.shell}
+
+ [ -f ${packagePath}/${branch}.tar.gz ] || exit 1
+
+ cd ${ftpRoot}
+ if ! [ -f .tarball_sum ] || ! sha256sum -c .tarball_sum; then
+ tar -xf ${packagePath}/${branch}.tar.gz --one-top-level=php_new
+ if [ -d php ]; then
+ mv php php_old
+ fi
+ mv php_new php
+ fi
+ cd php
+ rm -rf var/{logs,cache,data,miniatures,tmp}
+ ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/
+ ln -sf ${config.secrets.fullPaths."websites/chloe/new"} app/config/parameters.yml
+ SYMFONY_ENV=dev ./bin/console --env=dev cache:clear --no-warmup
+ sha256sum ${packagePath}/${branch}.tar.gz > ${ftpRoot}/.tarball_sum
+ '';
+ in
+ "/run/wrappers/bin/sudo -u ${config.services.httpd.Inte.user} ${script}/bin/chloe-integration-pre";
+ postStart = let
+ script = pkgs.writeScriptBin "chloe-integration-post" ''
+ #! ${pkgs.stdenv.shell}
+
+ cd ${ftpRoot}
+ if [ -d php_old ]; then
+ rm -rf php_old
+ fi
+ '';
+ in
+ "/run/wrappers/bin/sudo -u ${config.services.httpd.Inte.user} ${script}/bin/chloe-integration-post";
+ serviceConfig.TimeoutStartSec="infinity";
+ };
+ services.filesWatcher.phpfpm-chloe_new_integration = {
+ restart = true;
+ paths = [ "${packagePath}/${branch}.tar.gz" ];
+ };
+
+ system.activationScripts.chloe_new_integration = {
+ deps = ["users"];
+ text = ''
+ install -m 0700 -o ${config.services.httpd.Inte.user} -g ${config.services.httpd.Inte.group} -d ${ftpRoot} ${sessionDir}
+ '';
+ };
+
+ secrets.keys."websites/chloe/new" = {
+ user = config.services.httpd.Inte.user;
+ group = config.services.httpd.Inte.group;
+ permissions = "0400";
+ text = ''
+ # This file is auto-generated during the composer install
+ parameters:
+ database_host: ${secrets.mysql.host}
+ database_port: ${secrets.mysql.port}
+ database_name: ${secrets.mysql.database}
+ database_user: ${secrets.mysql.user}
+ database_password: ${secrets.mysql.password}
+ database_server_version: ${pkgs.mariadb.mysqlVersion}
+ mailer_transport: smtp
+ mailer_host: 127.0.0.1
+ mailer_user: null
+ mailer_password: null
+ secret: ${secrets.secret}
+ ldap_host: ldap.immae.eu
+ ldap_port: 636
+ ldap_version: 3
+ ldap_ssl: true
+ ldap_tls: false
+ ldap_user_bind: 'uid={username},ou=users,dc=immae,dc=eu'
+ ldap_base_dn: 'dc=immae,dc=eu'
+ ldap_search_dn: '${secrets.ldap.dn}'
+ ldap_search_password: '${secrets.ldap.password}'
+ ldap_search_filter: '${secrets.ldap.filter}'
+ leapt_im:
+ binary_path: ${pkgs.imagemagick}/bin
+ assetic:
+ sass: ${pkgs.sass}/bin/sass
+ ruby: ${pkgs.ruby}/bin/ruby
+ '';
+ };
+
+ services.websites.env.integration.vhostConfs.chloe_new_integration = {
+ certName = "integration";
+ addToCerts = true;
+ hosts = [ "new.chc.immae.dev" ];
+ root = webRoot;
+ extraConfig = [
+ ''
+ <FilesMatch "\.php$">
+ SetHandler "proxy:unix:${config.services.phpfpm.pools.chloe_new_integration.socket}|fcgi://localhost"
+ </FilesMatch>
+
+ <Location />
+ Use LDAPConnect
+ Require ldap-group cn=chc.immae.dev,cn=httpd,ou=services,dc=immae,dc=eu
+ </Location>
+
+ <Directory ${webRoot}>
+ Options Indexes FollowSymLinks MultiViews Includes
+ AllowOverride None
+ Require all granted
+
+ DirectoryIndex app_dev.php
+
+ <IfModule mod_negotiation.c>
+ Options -MultiViews
+ </IfModule>
+
+ <IfModule mod_rewrite.c>
+ RewriteEngine On
+
+ RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
+ RewriteRule ^(.*) - [E=BASE:%1]
+
+ # Maintenance script
+ RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f
+ RewriteCond %{SCRIPT_FILENAME} !maintenance.php
+ RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]
+ ErrorDocument 503 /maintenance.php
+
+ # Sets the HTTP_AUTHORIZATION header removed by Apache
+ RewriteCond %{HTTP:Authorization} .
+ RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+
+ RewriteCond %{ENV:REDIRECT_STATUS} ^$
+ RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
+
+ # If the requested filename exists, simply serve it.
+ # We only want to let Apache serve files and not directories.
+ RewriteCond %{REQUEST_FILENAME} -f
+ RewriteRule ^ - [L]
+
+ # Rewrite all other queries to the front controller.
+ RewriteRule ^ %{ENV:BASE}/app_dev.php [L]
+ </IfModule>
+
+ </Directory>
+ ''
+ ];
+ };
+ };
+}
projects / perso / Immae / Config / Nix.git / blobdiff