]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - modules/private/websites/chloe/production.nix
projects / perso / Immae / Config / Nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Migrate php sessions to redis
[perso/Immae/Config/Nix.git] / modules / private / websites / chloe / production.nix
diff --git a/modules/private/websites/chloe/production.nix b/modules/private/websites/chloe/production.nix
index 92ae05be304f972ec1c932315c7e6581417d3ae7..129400b39b1ff37e136b2b33a104ac2e19669c9c 100644 (file)
--- a/modules/private/websites/chloe/production.nix
+++ b/modules/private/websites/chloe/production.nix
@@ -9,13 +9,10 @@ let
     varDir = "/var/lib/chloe_production";
   };
   cfg = config.myServices.websites.chloe.production;
-  webappdir = config.services.websites.webappDirsPaths.chloe_production;
 in {
   options.myServices.websites.chloe.production.enable = lib.mkEnableOption "enable Chloe's website in production";
 
   config = lib.mkIf cfg.enable {
-    services.duplyBackup.profiles.chloe_production.rootDir = app.varDir;
-    services.duplyBackup.profiles.chloe_production.remotes = ["eriomem" "ovh"];
     secrets.keys."websites/chloe/production" = {
       user = apacheUser;
       group = apacheGroup;
@@ -50,29 +47,28 @@ in {
         "php_admin_value[post_max_size]" = "20M";
         # "php_admin_flag[log_errors]" = "on";
         "php_admin_value[open_basedir]" = "${app.spipConfig}:${./config}:${app}:${app.varDir}:/tmp";
-        "php_admin_value[session.save_path]" = "${app.varDir}/phpSessions";
+        "php_admin_value[session.save_handler]" = "redis";
+        "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Chloe:Production:'";
         "pm" = "dynamic";
         "pm.max_children" = "20";
         "pm.start_servers" = "2";
         "pm.min_spare_servers" = "1";
         "pm.max_spare_servers" = "3";
       };
-      phpPackage = pkgs.php72;
+      phpPackage = pkgs.php72.withExtensions ({ enabled, all }: enabled ++ [all.redis]);
     };
     system.activationScripts.chloe_production = {
       deps = [ "wrappers" ];
       text = ''
         install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local
-        install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions
       '';
     };
-    services.websites.webappDirs.chloe_production = app.webRoot;
     services.websites.env.production.modules = [ "proxy_fcgi" ];
     services.websites.env.production.vhostConfs.chloe = {
       certName     = "chloe";
       certMainHost = "osteopathe-cc.fr";
       hosts        = ["osteopathe-cc.fr" "www.osteopathe-cc.fr" ];
-      root         = webappdir;
+      root         = app.webRoot;
       extraConfig  = [
         ''
           Use Stats osteopathe-cc.fr
@@ -90,16 +86,16 @@ in {
             SetHandler "proxy:unix:${config.services.phpfpm.pools.chloe_production.socket}|fcgi://localhost"
           </FilesMatch>
 
-          <Directory ${webappdir}>
+          <Directory ${app.webRoot}>
             DirectoryIndex index.php index.htm index.html
             Options -Indexes +FollowSymLinks +MultiViews +Includes
-            Include ${webappdir}/htaccess.txt
+            Include ${app.webRoot}/htaccess.txt
 
             AllowOverride AuthConfig FileInfo Limit
             Require all granted
           </Directory>
 
-          <DirectoryMatch "${webappdir}/squelettes">
+          <DirectoryMatch "${app.webRoot}/squelettes">
             Require all denied
           </DirectoryMatch>
 
My infrastructure configuration