piedsjaloux = { config }: rec {
environment = config.environment;
varDir = "/var/lib/piedsjaloux_${environment}";
- configRoot =
- writeText "parameters.yml" ''
+ keys = [{
+ dest = "webapps/${environment}-piedsjaloux";
+ user = apache.user;
+ group = apache.group;
+ permissions = "0400";
+ text = ''
# This file is auto-generated during the composer install
parameters:
database_host: ${config.mysql.host}
leapt_im:
binary_path: ${imagemagick}/bin
'';
+ }];
phpFpm = rec {
+ preStart = ''
+ if [ ! -f "${varDir}/currentWebappDir" -o \
+ ! -f "${varDir}/currentKey" -o \
+ "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ] \
+ || ! sha512sum -c --status ${varDir}/currentKey; then
+ pushd ${webappDir} > /dev/null
+ /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup
+ popd > /dev/null
+ echo -n "${webappDir}" > ${varDir}/currentWebappDir
+ sha512sum /var/secrets/webapps/${environment}-piedsjaloux > ${varDir}/currentKey
+ fi
+ '';
+ serviceDeps = [ "mysql.service" ];
socket = "/var/run/phpfpm/piedsjaloux-${environment}.sock";
pool = ''
listen = ${socket}
php_admin_value[upload_max_filesize] = 20M
php_admin_value[post_max_size] = 20M
;php_admin_flag[log_errors] = on
- php_admin_value[open_basedir] = "${configRoot}:${webappDir}:${varDir}:/tmp"
+ php_admin_value[open_basedir] = "/var/secrets/webapps/${environment}-piedsjaloux:${webappDir}:${varDir}:/tmp"
php_admin_value[session.save_path] = "${varDir}/phpSessions"
env[PATH] = ${lib.makeBinPath [ pkgs.apg pkgs.unzip ]}
${if environment == "dev" then ''
pm.max_spare_servers = 3
''}'';
};
- apache = {
+ apache = rec {
user = "wwwrun";
group = "wwwrun";
modules = [ "proxy_fcgi" ];
+ webappName = "piedsjaloux_${environment}";
+ root = "/run/current-system/webapps/${webappName}";
vhostConf = ''
<FilesMatch "\.php$">
SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://piedsjaloux.fr\"></html>"
</Location>
- <Directory ${webRoot}>
+ <Directory ${root}>
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride None
Require all granted
'' else ''
Use Stats piedsjaloux.fr
- <Directory ${webRoot}>
+ <Directory ${root}>
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride All
Require all granted
install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
${varDir}/tmp
install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
- if [ ! -f "${varDir}/currentWebappDir" -o \
- "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then
- pushd ${webappDir} > /dev/null
- $wrapperDir/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup
- popd > /dev/null
- echo -n "${webappDir}" > ${varDir}/currentWebappDir
- fi
'';
};
webappDir = composerEnv.buildPackage (
postInstall = ''
cd $out
rm app/config/parameters.yml
- ln -sf ${configRoot} app/config/parameters.yml
+ ln -sf /var/secrets/webapps/${environment}-piedsjaloux app/config/parameters.yml
rm -rf var/{logs,cache,data,miniatures,tmp}
- ln -sf ../../../../../../../${varDir}/{logs,cache,data,miniatures,tmp} var/
+ ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/
'';
});
webRoot = "${webappDir}/web";
projects / perso / Immae / Config / Nix.git / blobdiff