tellesflorian = { config }: rec {
environment = config.environment;
varDir = "/var/lib/tellesflorian_${environment}";
- configRoot =
- writeText "parameters.yml" ''
- # This file is auto-generated during the composer install
- parameters:
- database_host: db-1.immae.eu
- database_port: null
+ keys = [
+ {
+ dest = "webapps/${environment}-tellesflorian-passwords";
+ user = apache.user;
+ group = apache.group;
+ permissions = "0400";
+ text = ''
+ invite:${config.invite_passwords}
+ '';
+ }
+ {
+ dest = "webapps/${environment}-tellesflorian";
+ user = apache.user;
+ group = apache.group;
+ permissions = "0400";
+ text = ''
+ # This file is auto-generated during the composer install
+ parameters:
+ database_host: ${config.mysql.host}
+ database_port: ${config.mysql.port}
database_name: ${config.mysql.name}
database_user: ${config.mysql.user}
database_password: ${config.mysql.password}
mailer_transport: smtp
- mailer_host: mail.immae.eu
+ mailer_host: 127.0.0.1
mailer_user: null
mailer_password: null
secret: ${config.secret}
- '';
+ '';
+ }
+ ];
phpFpm = rec {
+ preStart = ''
+ if [ ! -f "${varDir}/currentWebappDir" -o \
+ ! -f "${varDir}/currentKey" -o \
+ "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ] \
+ || ! sha512sum -c --status ${varDir}/currentKey; then
+ pushd ${webappDir} > /dev/null
+ /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup
+ popd > /dev/null
+ echo -n "${webappDir}" > ${varDir}/currentWebappDir
+ sha512sum /var/secrets/webapps/${environment}-tellesflorian > ${varDir}/currentKey
+ fi
+ '';
+ serviceDeps = [ "mysql.service" ];
socket = "/var/run/phpfpm/floriantelles-${environment}.sock";
pool = ''
listen = ${socket}
php_admin_value[upload_max_filesize] = 20M
php_admin_value[post_max_size] = 20M
;php_admin_flag[log_errors] = on
- php_admin_value[open_basedir] = "${configRoot}:${webappDir}:${varDir}:/tmp"
+ php_admin_value[open_basedir] = "/var/secrets/webapps/${environment}-tellesflorian:${webappDir}:${varDir}:/tmp"
php_admin_value[session.save_path] = "${varDir}/phpSessions"
${if environment == "dev" then ''
pm = ondemand
pm.max_spare_servers = 3
''}'';
};
- passwords = writeText "tellesflorian_passwords" ''
- invite:${config.invite_passwords}
- '';
- apache = {
+ apache = rec {
user = "wwwrun";
group = "wwwrun";
modules = [ "proxy_fcgi" ];
+ webappName = "florian_${environment}";
+ root = "/run/current-system/webapps/${webappName}";
vhostConf = ''
<FilesMatch "\.php$">
SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
Use LDAPConnect
Require ldap-group cn=app.tellesflorian.com,cn=httpd,ou=services,dc=immae,dc=eu
- AuthUserFile "${passwords}"
+ AuthUserFile "/var/secrets/webapps/${environment}-tellesflorian-passwords"
Require user "invite"
ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://tellesflorian.com\"></html>"
</Location>
- <Directory ${webRoot}>
+ <Directory ${root}>
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride None
Require all granted
</Directory>
'' else ''
- <Directory ${webRoot}>
+ <Directory ${root}>
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride All
Require all granted
install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
${varDir}/var
install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
- if [ ! -f "${varDir}/currentWebappDir" -o \
- "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then
- pushd ${webappDir} > /dev/null
- $wrapperDir/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup
- popd > /dev/null
- echo -n "${webappDir}" > ${varDir}/currentWebappDir
- fi
'';
};
webappDir = composerEnv.buildPackage (
postInstall = ''
cd $out
rm app/config/parameters.yml
- ln -sf ${configRoot} app/config/parameters.yml
+ ln -sf /var/secrets/webapps/${environment}-tellesflorian app/config/parameters.yml
rm -rf var/{logs,cache}
- ln -sf ../../../../../../${varDir}/var/{logs,cache,sessions} var/
+ ln -sf ${varDir}/var/{logs,cache,sessions} var/
'';
});
webRoot = "${webappDir}/web";