Finish removal of php-application module

[perso/Immae/Config/Nix.git] / modules / private / websites / christophe_carpentier / agorakit.nix

diff --git a/modules/private/websites/christophe_carpentier/agorakit.nix b/modules/private/websites/christophe_carpentier/agorakit.nix
index 26623e5ef18e0a45aaa4f60c7eb3f5f1931f48e4..3b918045b11dced46bad5edc2881da42d55bcd5b 100644 (file)
--- a/modules/private/websites/christophe_carpentier/agorakit.nix
+++ b/modules/private/websites/christophe_carpentier/agorakit.nix
@@ -72,24 +72,13 @@ in {
       '';
     };
 
-    systemd.services.phpfpm-christophe_carpentier_agorakit.preStart = ''
-      if [ ! -e ${varDir}/.filled ]; then
-        cp -r ${app}/oldvars/* ${varDir}
-        chmod -R u+w ${varDir}
-        chown -R ${config.services.httpd.Prod.user}:${config.services.httpd.Prod.group} ${varDir}
-        touch ${varDir}/.filled
-      fi
-    '';
-    services.phpApplication.apps.christophe_carpentier_agorakit = {
-      websiteEnv = "production";
-      httpdUser = config.services.httpd.Prod.user;
-      httpdGroup = config.services.httpd.Prod.group;
-      inherit (app) varDir;
-      inherit app;
-      serviceDeps = [ "mysql.service" ];
-      phpOpenbasedir = [ "/tmp" secretsPath ];
-      phpPackage = pkgs.php74.withExtensions ({ enabled, all }: enabled ++ [all.redis]);
-      phpPool = {
+    services.phpfpm.pools.christophe_carpentier_agorakit = {
+      user = config.services.httpd.Prod.user;
+      group = config.services.httpd.Prod.group;
+      settings = {
+        "listen.owner" = config.services.httpd.Prod.user;
+        "listen.group" = config.services.httpd.Prod.group;
+        "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [app app.varDir "/tmp" secretsPath];
         "php_admin_value[upload_max_filesize]" = "100M";
         "php_admin_value[post_max_size]" = "100M";
         "pm" = "dynamic";
@@ -100,7 +89,28 @@ in {
         "php_admin_value[session.save_handler]" = "redis";
         "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=ChristopheCarpentier:agorakit:'";
       };
+      phpOptions = config.services.phpfpm.phpOptions;
+      phpPackage = pkgs.php74.withExtensions ({ enabled, all }: enabled ++ [all.redis]);
+    };
 
+    systemd.services.phpfpm-christophe_carpentier_agorakit = {
+      after = lib.mkAfter ["mysql.service"];
+      wants = ["mysql.service"];
+      preStart = ''
+        if [ ! -e ${varDir}/.filled ]; then
+          cp -r ${app}/oldvars/* ${varDir}
+          chmod -R u+w ${varDir}
+          chown -R ${config.services.httpd.Prod.user}:${config.services.httpd.Prod.group} ${varDir}
+          touch ${varDir}/.filled
+        fi
+      '';
+    };
+
+    system.activationScripts.christophe_carpentier_agorakit = {
+      deps = [];
+      text = ''
+          install -m 0700 -o ${config.services.httpd.Prod.user} -g ${config.services.httpd.Prod.group} -d ${app.varDir}
+          '';
     };
 
     services.cron = {