X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fprivate%2Fwebsites%2Frichie%2Fproduction.nix;fp=modules%2Fprivate%2Fwebsites%2Femilia%2Frichie.nix;h=d6d19c8966e69b376ce6a6843c6c60494dab7731;hb=d3452fc59b9839846225fd254926c64a9c71f071;hp=98ab1cd0056e985f257bb3c93632f54198f05713;hpb=514f9ec3beec470c4445be690673a0ceab9115b4;p=perso%2FImmae%2FConfig%2FNix.git
diff --git a/modules/private/websites/emilia/richie.nix b/modules/private/websites/richie/production.nix
similarity index 73%
rename from modules/private/websites/emilia/richie.nix
rename to modules/private/websites/richie/production.nix
index 98ab1cd..d6d19c8 100644
--- a/modules/private/websites/emilia/richie.nix
+++ b/modules/private/websites/richie/production.nix
@@ -1,6 +1,6 @@
{ lib, config, pkgs, ... }:
let
- cfg = config.myServices.websites.emilia.richie_production;
+ cfg = config.myServices.websites.richie.production;
vardir = "/var/lib/richie_production";
richieSrc = pkgs.stdenv.mkDerivation (pkgs.mylibs.fetchedGitPrivate ./richie.json // {
phases = "installPhase";
@@ -13,17 +13,21 @@ let
sed -i "s@localedef --list-archive@localedef --list-archive /run/current-system/sw/lib/locale/locale-archive@" $out/admin/parametres.php
'';
});
+ webappdir = config.services.websites.webappDirsPaths.richie_production;
+ secretPath = config.secrets.fullPaths."websites/richie/production";
+ apacheUser = config.services.httpd.Prod.user;
+ apacheGroup = config.services.httpd.Prod.group;
in
{
- options.myServices.websites.emilia.richie_production.enable = lib.mkEnableOption "enable Richie's website";
+ options.myServices.websites.richie.production.enable = lib.mkEnableOption "enable Richie's website";
config = lib.mkIf cfg.enable {
services.duplyBackup.profiles.richie_production.rootDir = vardir;
services.webstats.sites = [ { name = "europe-richie.org"; } ];
secrets.keys = [{
- dest = "webapps/prod-richie";
- user = "wwwrun";
- group = "wwwrun";
+ dest = "websites/richie/production";
+ user = apacheUser;
+ group = apacheGroup;
permissions = "0400";
text = with config.myEnv.websites.richie; ''
'';
}];
- myServices.websites.webappDirs.richie_production = richieSrc;
+ services.websites.webappDirs.richie_production = richieSrc;
system.activationScripts.richie_production = {
deps = [ "httpd" ];
text = ''
- install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/richie_production
- install -m 0755 -o wwwrun -g wwwrun -d ${vardir}
+ install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/richie_production
+ install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${vardir}
'';
};
services.phpfpm.pools.richie_production = {
- user = "wwwrun";
- group = "wwwrun";
+ user = apacheUser;
+ group = apacheGroup;
settings = {
- "listen.owner" = "wwwrun";
- "listen.group" = "wwwrun";
+ "listen.owner" = apacheUser;
+ "listen.group" = apacheGroup;
"pm" = "ondemand";
"pm.max_children" = "5";
"pm.process_idle_timeout" = "60";
- "php_admin_value[open_basedir]" = "${vardir}:/var/lib/php/sessions/richie_production:/var/secrets/webapps/prod-richie:${richieSrc}:/tmp";
+ "php_admin_value[open_basedir]" = "${vardir}:/var/lib/php/sessions/richie_production:${secretPath}:${richieSrc}:/tmp";
"php_admin_value[session.save_path]" = "/var/lib/php/sessions/richie_production";
};
phpEnv = {
PATH = "/run/current-system/sw/bin:${lib.makeBinPath [ pkgs.imagemagick ]}";
- BDD_CONNECT = "/var/secrets/webapps/prod-richie";
+ BDD_CONNECT = secretPath;
};
phpOptions = config.services.phpfpm.phpOptions + ''
date.timezone = 'Europe/Paris'
@@ -77,7 +81,7 @@ in
addToCerts = true;
certMainHost = "europe-richie.org";
hosts = [ "europe-richie.org" "www.europe-richie.org" ];
- root = "/run/current-system/webapps/richie_production";
+ root = webappdir;
extraConfig = [
''
Use Stats europe-richie.org
@@ -85,7 +89,7 @@ in
Require all denied
-
+
DirectoryIndex index.php index.htm index.html
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride None