X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fprivate%2Fwebsites%2Fconnexionswing%2Fintegration.nix;h=2ceaffaea05d479d4af03a21e08d6d9a7d87e2d5;hb=8164ed90c7fdd93fd035bce3dc1b3fc6bde9e30e;hp=c3425bdfd659bc7b4ee4a9c72df24e3a05477a93;hpb=f8026b6e4c869aa108f6361c8ccd50890657994d;p=perso%2FImmae%2FConfig%2FNix.git
diff --git a/modules/private/websites/connexionswing/integration.nix b/modules/private/websites/connexionswing/integration.nix
index c3425bd..2ceaffa 100644
--- a/modules/private/websites/connexionswing/integration.nix
+++ b/modules/private/websites/connexionswing/integration.nix
@@ -1,35 +1,140 @@
{ lib, pkgs, config, myconfig, ... }:
let
- connexionswing = pkgs.callPackage ./builder.nix {
- inherit (pkgs.webapps) connexionswing;
- config = myconfig.env.websites.connexionswing.integration;
- apacheUser = config.services.httpd.Inte.user;
- apacheGroup = config.services.httpd.Inte.group;
- };
-
+ secrets = myconfig.env.websites.connexionswing.integration;
+ app = pkgs.webapps.connexionswing.override { environment = secrets.environment; };
cfg = config.myServices.websites.connexionswing.integration;
+ pcfg = config.services.phpApplication;
in {
options.myServices.websites.connexionswing.integration.enable = lib.mkEnableOption "enable Connexionswing's website in integration";
config = lib.mkIf cfg.enable {
- secrets.keys = connexionswing.keys;
- services.myPhpfpm.preStart.connexionswing_dev = connexionswing.phpFpm.preStart;
- services.myPhpfpm.serviceDependencies.connexionswing_dev = connexionswing.phpFpm.serviceDeps;
- services.myPhpfpm.poolConfigs.connexionswing_dev = connexionswing.phpFpm.pool;
- services.myPhpfpm.poolPhpConfigs.connexionswing_dev = connexionswing.phpFpm.phpConfig;
- system.activationScripts.connexionswing_dev = connexionswing.activationScript;
- system.extraSystemBuilderCmds = ''
- mkdir -p $out/webapps
- ln -s ${connexionswing.app.webRoot} $out/webapps/${connexionswing.apache.webappName}
+ services.phpApplication.apps.connexionswing_dev = {
+ websiteEnv = "integration";
+ httpdUser = config.services.httpd.Inte.user;
+ httpdGroup = config.services.httpd.Inte.group;
+ inherit (app) webRoot varDir;
+ varDirPaths = {
+ "medias" = "0700";
+ "uploads" = "0700";
+ "var" = "0700";
+ };
+ inherit app;
+ serviceDeps = [ "mysql.service" ];
+ preStartActions = [
+ "./bin/console --env=${app.environment} cache:clear --no-warmup"
+ ];
+ phpOpenbasedir = [ "/tmp" "/run/wrappers/bin/sendmail" ];
+ phpPool = ''
+ php_admin_value[upload_max_filesize] = 20M
+ php_admin_value[post_max_size] = 20M
+ ;php_admin_flag[log_errors] = on
+ pm = ondemand
+ pm.max_children = 5
+ pm.process_idle_timeout = 60
+ env[SYMFONY_DEBUG_MODE] = "yes"
'';
- services.websites.integration.modules = connexionswing.apache.modules;
- services.websites.integration.vhostConfs.connexionswing = {
- certName = "eldiron";
+ phpWatchFiles = [
+ config.secrets.fullPaths."webapps/${app.environment}-connexionswing"
+ ];
+ };
+
+ secrets.keys = [
+ {
+ dest = "webapps/${app.environment}-connexionswing";
+ user = config.services.httpd.Inte.user;
+ group = config.services.httpd.Inte.group;
+ permissions = "0400";
+ text = ''
+ # This file is auto-generated during the composer install
+ parameters:
+ database_host: ${secrets.mysql.host}
+ database_port: ${secrets.mysql.port}
+ database_name: ${secrets.mysql.name}
+ database_user: ${secrets.mysql.user}
+ database_password: ${secrets.mysql.password}
+ database_server_version: ${pkgs.mariadb.mysqlVersion}
+ mailer_transport: sendmail
+ mailer_host: null
+ mailer_user: null
+ mailer_password: null
+ subscription_email: ${secrets.email}
+ allow_robots: true
+ secret: ${secrets.secret}
+ '';
+ }
+ ];
+
+ services.websites.env.integration.vhostConfs.connexionswing_dev = {
+ certName = "eldiron";
addToCerts = true;
hosts = ["connexionswing.immae.eu" "sandetludo.immae.eu" ];
- root = connexionswing.apache.root;
- extraConfig = [ connexionswing.apache.vhostConf ];
+ root = pcfg.webappDirs.connexionswing_dev;
+ extraConfig = [
+ ''
+
+ SetHandler "proxy:unix:${pcfg.phpListenPaths.connexionswing_dev}|fcgi://localhost"
+
+
+
+ Options FollowSymLinks
+ AllowOverride None
+ Require all granted
+
+
+
+ Options FollowSymLinks
+ AllowOverride None
+ Require all granted
+
+
+
+ Use LDAPConnect
+ Require ldap-group cn=connexionswing.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
+ ErrorDocument 401 ""
+
+
+
+ Options Indexes FollowSymLinks MultiViews Includes
+ AllowOverride None
+ Require all granted
+
+ DirectoryIndex app_dev.php
+
+
+ Options -MultiViews
+
+
+
+ RewriteEngine On
+
+ RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
+ RewriteRule ^(.*) - [E=BASE:%1]
+
+ # Maintenance script
+ RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f
+ RewriteCond %{SCRIPT_FILENAME} !maintenance.php
+ RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]
+ ErrorDocument 503 /maintenance.php
+
+ # Sets the HTTP_AUTHORIZATION header removed by Apache
+ RewriteCond %{HTTP:Authorization} .
+ RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+
+ RewriteCond %{ENV:REDIRECT_STATUS} ^$
+ RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
+
+ # If the requested filename exists, simply serve it.
+ # We only want to let Apache serve files and not directories.
+ RewriteCond %{REQUEST_FILENAME} -f
+ RewriteRule ^ - [L]
+
+ # Rewrite all other queries to the front controller.
+ RewriteRule ^ %{ENV:BASE}/app_dev.php [L]
+
+
+
+ ''
+ ];
};
};
}
-