Add Leila’s website

[perso/Immae/Config/Nix.git] / nixops / modules / websites / ftp / leila.nix

diff --git a/nixops/modules/websites/ftp/leila.nix b/nixops/modules/websites/ftp/leila.nix
new file mode 100644 (file)
index 0000000..ae917ba
--- /dev/null
+++ b/nixops/modules/websites/ftp/leila.nix
@@ -0,0 +1,104 @@
+{ lib, config, ... }:
+let
+    cfg = config.services.myWebsites.Leila;
+    varDir = "/var/lib/ftp/leila";
+in {
+  options.services.myWebsites.Leila = {
+    production = {
+      enable = lib.mkEnableOption "enable Leila's website in production";
+    };
+  };
+
+  imports = [
+    ../commons/stats.nix
+  ];
+
+  config = (lib.mkIf cfg.production.enable {
+      security.acme.certs."leila" = config.services.myCertificates.certConfig // {
+        domain = "leila.bouya.org";
+        extraDomains = {
+          "chorale.leila.bouya.org" = null;
+          "chorale-vocanta.fr.nf" = null;
+          "www.chorale-vocanta.fr.nf" = null;
+        };
+      };
+
+      services.myPhpfpm.poolConfigs.leila = ''
+        listen = /run/phpfpm/leila.sock
+        user = wwwrun
+        group = wwwrun
+        listen.owner = wwwrun
+        listen.group = wwwrun
+
+        pm = ondemand
+        pm.max_children = 5
+        pm.process_idle_timeout = 60
+
+        php_admin_value[open_basedir] = "${varDir}:/tmp"
+        '';
+
+      services.myWebsites.commons.stats.enable = true;
+      services.myWebsites.commons.stats.sites = [
+        {
+          name = "leila.bouya.org";
+          conf = ./leila_goaccess.conf;
+        }
+        {
+          name = "chorale.leila.bouya.org";
+          conf = ./leila_chorale_goaccess.conf;
+        }
+      ];
+
+      services.myWebsites.production.modules = [ "proxy_fcgi" ];
+      services.myWebsites.production.vhostConfs.leila_chorale = {
+        certName    = "leila";
+        hosts       = [ "chorale.leila.bouya.org" "chorale-vocanta.fr.nf" "www.chorale-vocanta.fr.nf" ];
+        root        = "${varDir}/Chorale";
+        extraConfig = [
+          ''
+          Use Stats chorale.leila.bouya.org
+          <Directory ${varDir}/Chorale>
+            DirectoryIndex index.php index.htm index.html
+            Options Indexes FollowSymLinks MultiViews Includes
+            AllowOverride None
+
+            Use LDAPConnect
+            Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
+
+            <FilesMatch "\.php$">
+              SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost"
+            </FilesMatch>
+          </Directory>
+            ''
+        ];
+      };
+      services.myWebsites.production.vhostConfs.leila = {
+        certName    = "leila";
+        hosts       = [ "leila.bouya.org" ];
+        root        = varDir;
+        extraConfig = [
+          ''
+          Use Stats leila.bouya.org
+          <Directory ${varDir}/Chorale>
+            DirectoryIndex index.htm index.html
+            Options Indexes FollowSymLinks MultiViews Includes
+            AllowOverride None
+
+            Use LDAPConnect
+            Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
+
+            <FilesMatch "\.php$">
+              SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost"
+            </FilesMatch>
+          </Directory>
+          <Directory ${varDir}>
+            DirectoryIndex index.htm index.html
+            Options Indexes FollowSymLinks MultiViews Includes
+            AllowOverride None
+            Require all granted
+          </Directory>
+            ''
+        ];
+      };
+    });
+}