Add Richie website

[perso/Immae/Config/Nix.git] / modules / private / websites / emilia / richie.nix
diff --git a/modules/private/websites/emilia/richie.nix b/modules/private/websites/emilia/richie.nix

new file mode 100644 (file)

index 0000000..f7b4f8d
--- /dev/null
+++ b/modules/private/websites/emilia/richie.nix
@@ -0,0 +1,101 @@
+{ lib, config, pkgs, ... }:
+let
+  cfg = config.myServices.websites.emilia.richie_production;
+  vardir = "/var/lib/richie_production";
+  richieSrc = pkgs.stdenv.mkDerivation (pkgs.mylibs.fetchedGitPrivate ./richie.json // {
+    phases = "installPhase";
+    installPhase = ''
+      cp -a $src $out
+      chmod -R u+w $out
+      ln -sf ${vardir}/files $out/
+      ln -sf ${vardir}/drapeaux $out/images/
+      ln -sf ${vardir}/photos $out/
+      sed -i "s@localedef --list-archive@localedef --list-archive /run/current-system/sw/lib/locale/locale-archive@" $out/admin/parametres.php
+      '';
+  });
+in
+{
+  options.myServices.websites.emilia.richie_production.enable = lib.mkEnableOption "enable Richie's website";
+  config = lib.mkIf cfg.enable {
+    services.duplyBackup.profiles.richie_production.rootDir = vardir;
+    services.webstats.sites = [ { name = "europe-richie.org"; } ];
+
+    secrets.keys = [{
+      dest = "webapps/prod-richie";
+      user = "wwwrun";
+      group = "wwwrun";
+      permissions = "0400";
+      text = with config.myEnv.websites.richie; ''
+        <?php
+
+        $hote_sql = '${mysql.host}';
+        $login_sql = '${mysql.user}';
+        $bdd_sql = '${mysql.database}';
+        $mdp_sql = '${mysql.password}';
+
+        $db = mysqli_connect($hote_sql,$login_sql,$mdp_sql);
+        unset($mdp_sql);
+
+        $smtp_mailer->Auth('${smtp_mailer.user}', '${smtp_mailer.password}');
+        ?>
+        '';
+    }];
+    myServices.websites.webappDirs.richie_production = richieSrc;
+    system.activationScripts.richie_production = {
+      deps = [ "httpd" ];
+      text = ''
+        install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/richie_production
+        install -m 0755 -o wwwrun -g wwwrun -d ${vardir}
+        '';
+    };
+    services.phpfpm.pools.richie_production = {
+      listen = "/run/phpfpm/richie_production.sock";
+      extraConfig = ''
+        user = wwwrun
+        group = wwwrun
+        listen.owner = wwwrun
+        listen.group = wwwrun
+
+        pm = ondemand
+        pm.max_children = 5
+        pm.process_idle_timeout = 60
+
+        env[PATH] = /run/current-system/sw/bin:${lib.makeBinPath [ pkgs.imagemagick ]}
+        env[BDD_CONNECT] = "/var/secrets/webapps/prod-richie"
+        php_admin_value[open_basedir] = "${vardir}:/var/lib/php/sessions/richie_production:/var/secrets/webapps/prod-richie:${richieSrc}:/tmp"
+        php_admin_value[session.save_path] = "/var/lib/php/sessions/richie_production"
+        '';
+      phpOptions = config.services.phpfpm.phpOptions + ''
+        date.timezone = 'Europe/Paris'
+        extension=${pkgs.php}/lib/php/extensions/mysqli.so
+        '';
+    };
+    services.websites.env.production.modules = [ "proxy_fcgi" ];
+    services.websites.env.production.vhostConfs.richie_production = {
+      certName    = "richie";
+      addToCerts  = true;
+      certMainHost = "europe-richie.org";
+      hosts       = [ "europe-richie.org" "www.europe-richie.org" ];
+      root        = "/run/current-system/webapps/richie_production";
+      extraConfig = [
+        ''
+        Use Stats europe-richie.org
+        ErrorDocument 404 /404.html
+        <LocationMatch "^/files/.*/admin/">
+          Require all denied
+        </LocationMatch>
+        <Directory /run/current-system/webapps/richie_production>
+          DirectoryIndex index.php index.htm index.html
+          Options Indexes FollowSymLinks MultiViews Includes
+          AllowOverride None
+          Require all granted
+
+          <FilesMatch "\.php$">
+            SetHandler "proxy:unix:/run/phpfpm/richie_production.sock|fcgi://localhost"
+          </FilesMatch>
+        </Directory>
+          ''
+      ];
+    };
+  };
+}