Move cache clearing of php applications to preStart systemd

[perso/Immae/Config/Nix.git] / nixops / modules / websites / ludivine / ludivinecassal.nix

diff --git a/nixops/modules/websites/ludivine/ludivinecassal.nix b/nixops/modules/websites/ludivine/ludivinecassal.nix
index 244b05ea113911d114881ca11509ff6d075de322..439d3c98e73737904c4ff10a20c06c0ad51ccadd 100644 (file)
--- a/nixops/modules/websites/ludivine/ludivinecassal.nix
+++ b/nixops/modules/websites/ludivine/ludivinecassal.nix
@@ -7,7 +7,7 @@ let
       destDir = "/run/keys/webapps";
       user = apache.user;
       group = apache.group;
-      permissions = "0700";
+      permissions = "0400";
       text = ''
         # This file is auto-generated during the composer install
         parameters:
@@ -40,6 +40,19 @@ let
       '';
     };
     phpFpm = rec {
+      preStart = ''
+        if [ ! -f "${varDir}/currentWebappDir" -o \
+            ! -f "${varDir}/currentKey" -o \
+            "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ] \
+            || ! sha512sum -c --status ${varDir}/currentKey; then
+          pushd ${webappDir} > /dev/null
+          /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup
+          popd > /dev/null
+          echo -n "${webappDir}" > ${varDir}/currentWebappDir
+          sha512sum /run/keys/webapps/${environment}-ludivinecassal > ${varDir}/currentKey
+        fi
+        '';
+      serviceDeps = [ "mysql.service" "${environment}-ludivinecassal-key.service" ];
       socket = "/var/run/phpfpm/ludivinecassal-${environment}.sock";
       pool = ''
         listen = ${socket}
@@ -140,13 +153,6 @@ let
       install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}
       install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}/tmp
       install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
-      if [ ! -f "${varDir}/currentWebappDir" -o \
-          "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then
-        pushd ${webappDir} > /dev/null
-        $wrapperDir/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup
-        popd > /dev/null
-        echo -n "${webappDir}" > ${varDir}/currentWebappDir
-      fi
       '';
     };
     webappDir = composerEnv.buildPackage (