]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - virtual/packages/connexionswing.nix
projects / perso / Immae / Config / Nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Move each php session to a private destination
[perso/Immae/Config/Nix.git] / virtual / packages / connexionswing.nix
diff --git a/virtual/packages/connexionswing.nix b/virtual/packages/connexionswing.nix
index a0f5fa60fcdf8284124302dee40dae116f32ea89..199c89327f0dc78b1e68d1dd76de4b4ea633de3e 100644 (file)
--- a/virtual/packages/connexionswing.nix
+++ b/virtual/packages/connexionswing.nix
@@ -1,5 +1,4 @@
-with import ../../libs.nix;
-with nixpkgs_unstable;
+{ lib, checkEnv, writeText, fetchedGitPrivate, stdenv, php, git, cacert }:
 let
   connexionswing = { environment ? "dev" }: rec {
     varDir = "/var/lib/connexionswing_${environment}";
@@ -11,7 +10,7 @@ let
       assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_NAME";
       assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_SECRET";
       assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_EMAIL";
-      pkgs.writeText "parameters.yml" ''
+      writeText "parameters.yml" ''
         # This file is auto-generated during the composer install
         parameters:
             database_host: db-1.immae.eu
@@ -39,6 +38,7 @@ let
         php_admin_value[post_max_size] = 20M
         ;php_admin_flag[log_errors] = on
         php_admin_value[open_basedir] = "${configRoot}:${webappDir}:${varDir}:/tmp"
+        php_admin_value[session.save_path] = "${varDir}/phpSessions"
         ${if environment == "dev" then ''
         pm = ondemand
         pm.max_children = 5
@@ -120,7 +120,13 @@ let
         </IfModule>
 
       </Directory>
-      '' else ""}
+      '' else ''
+      <Directory ${webRoot}>
+        Options Indexes FollowSymLinks MultiViews Includes
+        AllowOverride All
+        Require all granted
+      </Directory>
+      ''}
       '';
     };
     activationScript = {
@@ -130,6 +136,7 @@ let
         ${varDir}/medias \
         ${varDir}/uploads \
         ${varDir}/var
+      install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
       if [ ! -f "${varDir}/currentWebappDir" -o \
           "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then
         pushd ${webappDir} > /dev/null
@@ -139,14 +146,15 @@ let
       fi
       '';
     };
-    webappDir = pkgs.stdenv.mkDerivation (fetchedGitPrivate ./connexionswing_master.json // rec {
+    webappDir = stdenv.mkDerivation (fetchedGitPrivate ./connexionswing_master.json // rec {
       # FIXME: can we do better than symlink?
       # FIXME: imagick optional
       # FIXME: initial sync
       # FIXME: backup
+      # FIXME: replace with pkgs.phpPackages.composer
       buildPhase = ''
-        export GIT_SSL_CAINFO=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
-        export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
+        export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
+        export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
 
         ln -sf ../../../../../${varDir}/{medias,uploads} web/images/
         ln -sf ${configRoot} app/config/parameters.yml
@@ -161,10 +169,10 @@ let
         cp -a . $out
         '';
       buildInputs = [
-        pkgs.php pkgs.git pkgs.cacert
+        php git cacert
       ];
     });
     webRoot = "${webappDir}/web";
   };
-in 
+in
   connexionswing
My infrastructure configuration