sslServerKey = "/var/lib/acme/${vhostConf.certName}/key.pem";
sslServerChain = "/var/lib/acme/${vhostConf.certName}/fullchain.pem";
logFormat = "combinedVhost";
- listen = [
- { ip = cfg.ip; port = 443; }
- ];
+ listen = map (ip: { inherit ip; port = 443; }) cfg.ips;
hostName = builtins.head vhostConf.hosts;
serverAliases = builtins.tail vhostConf.hosts or [];
documentRoot = vhostConf.root;
extraConfig = builtins.concatStringsSep "\n" vhostConf.extraConfig;
};
nosslVhost = {
- listen = [ { ip = cfg.ip; port = 80; } ];
+ listen = map (ip: { inherit ip; port = 80; }) cfg.ips;
hostName = "nossl.immae.eu";
enableSSL = false;
logFormat = "combinedVhost";
'';
};
redirectVhost = { # Should go last, catchall http -> https redirect
- listen = [ { ip = cfg.ip; port = 80; } ];
+ listen = map (ip: { inherit ip; port = 80; }) cfg.ips;
hostName = "redirectSSL";
serverAliases = [ "*" ];
enableSSL = false;
};
in rec {
enable = true;
- listen = [
- { ip = cfg.ip; port = 443; }
- ];
+ listen = map (ip: { inherit ip; port = 443; }) cfg.ips;
stateDir = "/run/httpd_${name}";
logPerVirtualHost = true;
multiProcessingModule = "worker";
++ (pkgs.lib.attrsets.mapAttrsToList (n: v: toVhost v) cfg.vhostConfs)
++ [ redirectVhost ];
};
- makeServiceOptions = name: ip: {
+ makeServiceOptions = name: {
enable = lib.mkEnableOption "enable websites in ${name}";
- ip = lib.mkOption {
- type = lib.types.string;
- default = ip;
- description = "${name} ip to listen to";
+ ips = lib.mkOption {
+ type = lib.types.listOf lib.types.string;
+ default = let
+ ips = myconfig.env.servers.eldiron.ips.${name};
+ in
+ [ips.ip4] ++ (ips.ip6 or []);
+ description = "${name} ips to listen to";
};
modules = lib.mkOption {
type = lib.types.listOf (lib.types.str);
./ftp/nassime.nix
./ftp/florian.nix
./ftp/denisejerome.nix
+ ./ftp/leila.nix
./ftp/immae.nix
./ftp/release.nix
./ftp/temp.nix
];
options.services.myWebsites = {
- production = makeServiceOptions "production" myconfig.ips.production;
- integration = makeServiceOptions "integration" myconfig.ips.integration;
- tools = makeServiceOptions "tools" myconfig.ips.main;
+ production = makeServiceOptions "production";
+ integration = makeServiceOptions "integration";
+ tools = makeServiceOptions "main";
apacheConfig = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule {
};
config = {
- networking = {
- firewall = {
- enable = true;
- allowedTCPPorts = [ 80 443 ];
- };
- interfaces."eth0".ipv4.addresses = [
- # 176.9.151.89 declared in nixops -> infra / tools
- { address = myconfig.ips.production; prefixLength = 32; }
- { address = myconfig.ips.integration; prefixLength = 32; }
- ];
- };
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
- nixpkgs.config.packageOverrides = oldpkgs: rec {
+ nixpkgs.overlays = [ (self: super: rec {
+ #openssl = self.openssl_1_1;
php = php72;
- php72 = (oldpkgs.php72.override {
- mysql.connector-c = pkgs.mariadb;
+ php72 = (super.php72.override {
+ mysql.connector-c = self.mariadb;
config.php.mysqlnd = false;
config.php.mysqli = false;
}).overrideAttrs(old: rec {
# ext/mysqli/mysqli.c ext/mysqli/mysqli_prop.c
# '';
});
- phpPackages = oldpkgs.php72Packages.override { inherit php; };
+ phpPackages = super.php72Packages.override { inherit php; };
composerEnv = import ./commons/composer-env.nix {
- inherit (pkgs) stdenv writeTextFile fetchurl php unzip;
+ inherit (self) stdenv writeTextFile fetchurl php unzip;
};
- };
+ }) ];
services.myWebsites.tools.databases.enable = true;
services.myWebsites.tools.tools.enable = true;
services.myWebsites.Jerome.production.enable = cfg.production.enable;
services.myWebsites.Nassime.production.enable = cfg.production.enable;
services.myWebsites.Florian.production.enable = cfg.production.enable;
+ services.myWebsites.Leila.production.enable = cfg.production.enable;
services.myWebsites.DeniseJerome.production.enable = cfg.production.enable;
services.myWebsites.Emilia.production.enable = cfg.production.enable;
services.myWebsites.Capitaines.production.enable = cfg.production.enable;