--- /dev/null
+{ lib, pkgs, config, ... }:
+let
+ cfg = config.myServices.websites.leila.production;
+ varDir = "/var/lib/ftp/leila";
+in {
+ options.myServices.websites.leila.production.enable = lib.mkEnableOption "enable Leila's website in production";
+
+ config = lib.mkIf cfg.enable {
+ services.myPhpfpm.poolConfigs.leila = ''
+ listen = /run/phpfpm/leila.sock
+ user = wwwrun
+ group = wwwrun
+ listen.owner = wwwrun
+ listen.group = wwwrun
+
+ pm = ondemand
+ pm.max_children = 5
+ pm.process_idle_timeout = 60
+
+ php_admin_value[open_basedir] = "${varDir}:/tmp"
+ '';
+
+ services.webstats.sites = [
+ { name = "leila.bouya.org"; }
+ { name = "chorale.leila.bouya.org"; }
+ ];
+
+ services.websites.production.modules = [ "proxy_fcgi" ];
+ services.websites.production.vhostConfs.leila_chorale = {
+ certName = "leila";
+ addToCerts = true;
+ hosts = [ "chorale.leila.bouya.org" "chorale-vocanta.fr.nf" "www.chorale-vocanta.fr.nf" ];
+ root = "${varDir}/Chorale";
+ extraConfig = [
+ ''
+ Use Stats chorale.leila.bouya.org
+ <Directory ${varDir}/Chorale>
+ DirectoryIndex index.php index.htm index.html
+ Options Indexes FollowSymLinks MultiViews Includes
+ AllowOverride None
+
+ Use LDAPConnect
+ Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
+
+ <FilesMatch "\.php$">
+ SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost"
+ </FilesMatch>
+ </Directory>
+ ''
+ ];
+ };
+ services.websites.production.vhostConfs.leila = {
+ certName = "leila";
+ certMainHost = "leila.bouya.org";
+ hosts = [ "leila.bouya.org" ];
+ root = varDir;
+ extraConfig = [
+ ''
+ Use Stats leila.bouya.org
+ <Directory ${varDir}/Chorale>
+ DirectoryIndex index.htm index.html
+ Options Indexes FollowSymLinks MultiViews Includes
+ AllowOverride None
+
+ Use LDAPConnect
+ Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
+
+ <FilesMatch "\.php$">
+ SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost"
+ </FilesMatch>
+ </Directory>
+ <Directory ${varDir}>
+ DirectoryIndex index.htm index.html
+ Options Indexes FollowSymLinks MultiViews Includes
+ AllowOverride None
+ Require all granted
+ </Directory>
+ ''
+ ];
+ };
+ };
+}