ludivinecassal = { config }: rec {
environment = config.environment;
varDir = "/var/lib/ludivinecassal_${environment}";
- keys."${environment}-ludivinecassal" = {
- destDir = "/run/keys/webapps";
+ keys = [{
+ dest = "webapps/${environment}-ludivinecassal";
user = apache.user;
group = apache.group;
permissions = "0400";
sass: ${sass}/bin/sass
ruby: ${ruby}/bin/ruby
'';
- };
+ }];
phpFpm = rec {
preStart = ''
if [ ! -f "${varDir}/currentWebappDir" -o \
/run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup
popd > /dev/null
echo -n "${webappDir}" > ${varDir}/currentWebappDir
- sha512sum /run/keys/webapps/${environment}-ludivinecassal > ${varDir}/currentKey
+ sha512sum /var/secrets/webapps/${environment}-ludivinecassal > ${varDir}/currentKey
fi
'';
- serviceDeps = [ "mysql.service" "${environment}-ludivinecassal-key.service" ];
+ serviceDeps = [ "mysql.service" ];
socket = "/var/run/phpfpm/ludivinecassal-${environment}.sock";
pool = ''
listen = ${socket}
php_admin_value[upload_max_filesize] = 20M
php_admin_value[post_max_size] = 20M
;php_admin_flag[log_errors] = on
- php_admin_value[open_basedir] = "/run/keys/webapps/${environment}-ludivinecassal:${webappDir}:${varDir}:/tmp"
+ php_admin_value[open_basedir] = "/var/secrets/webapps/${environment}-ludivinecassal:${webappDir}:${varDir}:/tmp"
php_admin_value[session.save_path] = "${varDir}/phpSessions"
${if environment == "dev" then ''
pm = ondemand
postInstall = ''
rm -rf var/{logs,cache,data,miniatures,tmp}
ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/
- ln -sf /run/keys/webapps/${environment}-ludivinecassal app/config/parameters.yml
+ ln -sf /var/secrets/webapps/${environment}-ludivinecassal app/config/parameters.yml
'';
buildInputs = [ sass ];
});