Move cache clearing of php applications to preStart systemd

[perso/Immae/Config/Nix.git] / nixops / modules / websites / connexionswing / connexionswing.nix
diff --git a/nixops/modules/websites/connexionswing/connexionswing.nix b/nixops/modules/websites/connexionswing/connexionswing.nix

index 74a1ad0f81be9a9159f08d97770934aac936c064..13d4fbabb228a794b5d9d05a98f2553b08b2e383 100644 (file)
--- a/nixops/modules/websites/connexionswing/connexionswing.nix
+++ b/nixops/modules/websites/connexionswing/connexionswing.nix
@@ -3,8 +3,12 @@ let
    connexionswing = { config }: rec {
      environment = config.environment;
      varDir = "/var/lib/connexionswing_${environment}";
-    configRoot =
-      writeText "parameters.yml" ''
+    keys."${environment}-connexionswing" = {
+      destDir = "/run/keys/webapps";
+      user = apache.user;
+      group = apache.group;
+      permissions = "0400";
+      text = ''
          # This file is auto-generated during the composer install
          parameters:
              database_host: ${config.mysql.host}
@@ -27,7 +31,21 @@ let
                arguments: ['/run/wrappers/bin/sendmail -bs']
          '' else ""}
        '';
+    };
      phpFpm = rec {
+      preStart = ''
+        if [ ! -f "${varDir}/currentWebappDir" -o \
+            ! -f "${varDir}/currentKey" -o \
+            "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ] \
+            || ! sha512sum -c --status ${varDir}/currentKey; then
+          pushd ${webappDir} > /dev/null
+          /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup
+          popd > /dev/null
+          echo -n "${webappDir}" > ${varDir}/currentWebappDir
+          sha512sum /run/keys/webapps/${environment}-connexionswing > ${varDir}/currentKey
+        fi
+        '';
+      serviceDeps = [ "mysql.service" "${environment}-connexionswing-key.service" ];
        socket = "/var/run/phpfpm/connexionswing-${environment}.sock";
        phpConfig = ''
          extension=${phpPackages.imagick}/lib/php/extensions/imagick.so
@@ -41,7 +59,7 @@ let
          php_admin_value[upload_max_filesize] = 20M
          php_admin_value[post_max_size] = 20M
          ;php_admin_flag[log_errors] = on
-        php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:${configRoot}:${webappDir}:${varDir}:/tmp"
+        php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/run/keys/webapps/${environment}-connexionswing:${webappDir}:${varDir}:/tmp"
          php_admin_value[session.save_path] = "${varDir}/phpSessions"
          ${if environment == "dev" then ''
          pm = ondemand
@@ -145,13 +163,6 @@ let
          ${varDir}/uploads \
          ${varDir}/var
        install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
-      if [ ! -f "${varDir}/currentWebappDir" -o \
-          "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then
-        pushd ${webappDir} > /dev/null
-        $wrapperDir/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup
-        popd > /dev/null
-        echo -n "${webappDir}" > ${varDir}/currentWebappDir
-      fi
        '';
      };
      webappDir = composerEnv.buildPackage (
@@ -166,10 +177,10 @@ let
            cd $out
            ${if environment == "prod" then "php ./bin/console assetic:dump --env=prod --no-debug" else ""}
            rm app/config/parameters.yml
-          ln -sf ${configRoot} app/config/parameters.yml
+          ln -sf /run/keys/webapps/${environment}-connexionswing app/config/parameters.yml
            rm -rf var/{logs,cache}
-          ln -sf ../../../../../../${varDir}/var/{logs,cache} var/
-          ln -sf ../../../../../${varDir}/{medias,uploads} web/images/
+          ln -sf ${varDir}/var/{logs,cache} var/
+          ln -sf ${varDir}/{medias,uploads} web/images/
            '';
        });
      webRoot = "${webappDir}/web";