]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - modules/private/websites/leila/production.nix
projects / perso / Immae / Config / Nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Move personal websites to modules
[perso/Immae/Config/Nix.git] / modules / private / websites / leila / production.nix
diff --git a/modules/private/websites/leila/production.nix b/modules/private/websites/leila/production.nix
new file mode 100644 (file)
index 0000000..1ce8eea
--- /dev/null
+++ b/modules/private/websites/leila/production.nix
@@ -0,0 +1,82 @@
+{ lib, pkgs, config, ... }:
+let
+  cfg = config.myServices.websites.leila.production;
+  varDir = "/var/lib/ftp/leila";
+in {
+  options.myServices.websites.leila.production.enable = lib.mkEnableOption "enable Leila's website in production";
+
+  config = lib.mkIf cfg.enable {
+    services.myPhpfpm.poolConfigs.leila = ''
+      listen = /run/phpfpm/leila.sock
+      user = wwwrun
+      group = wwwrun
+      listen.owner = wwwrun
+      listen.group = wwwrun
+
+      pm = ondemand
+      pm.max_children = 5
+      pm.process_idle_timeout = 60
+
+      php_admin_value[open_basedir] = "${varDir}:/tmp"
+      '';
+
+    services.webstats.sites = [
+      { name = "leila.bouya.org"; }
+      { name = "chorale.leila.bouya.org"; }
+    ];
+
+    services.websites.production.modules = [ "proxy_fcgi" ];
+    services.websites.production.vhostConfs.leila_chorale = {
+      certName    = "leila";
+      addToCerts  = true;
+      hosts       = [ "chorale.leila.bouya.org" "chorale-vocanta.fr.nf" "www.chorale-vocanta.fr.nf" ];
+      root        = "${varDir}/Chorale";
+      extraConfig = [
+        ''
+        Use Stats chorale.leila.bouya.org
+        <Directory ${varDir}/Chorale>
+          DirectoryIndex index.php index.htm index.html
+          Options Indexes FollowSymLinks MultiViews Includes
+          AllowOverride None
+
+          Use LDAPConnect
+          Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
+
+          <FilesMatch "\.php$">
+            SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost"
+          </FilesMatch>
+        </Directory>
+          ''
+      ];
+    };
+    services.websites.production.vhostConfs.leila = {
+      certName     = "leila";
+      certMainHost = "leila.bouya.org";
+      hosts        = [ "leila.bouya.org" ];
+      root         = varDir;
+      extraConfig  = [
+        ''
+        Use Stats leila.bouya.org
+        <Directory ${varDir}/Chorale>
+          DirectoryIndex index.htm index.html
+          Options Indexes FollowSymLinks MultiViews Includes
+          AllowOverride None
+
+          Use LDAPConnect
+          Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
+
+          <FilesMatch "\.php$">
+            SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost"
+          </FilesMatch>
+        </Directory>
+        <Directory ${varDir}>
+          DirectoryIndex index.htm index.html
+          Options Indexes FollowSymLinks MultiViews Includes
+          AllowOverride None
+          Require all granted
+        </Directory>
+          ''
+      ];
+    };
+  };
+}
My infrastructure configuration