X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Fchloe%2Fproduction.nix;h=129400b39b1ff37e136b2b33a104ac2e19669c9c;hb=bbea22c02b6c059a6be1064391f06737ee244ba6;hp=067e8e7a32223ae456103f50a69c4f0a165c38a6;hpb=d3452fc59b9839846225fd254926c64a9c71f071;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/websites/chloe/production.nix b/modules/private/websites/chloe/production.nix
index 067e8e7..129400b 100644
--- a/modules/private/websites/chloe/production.nix
+++ b/modules/private/websites/chloe/production.nix
@@ -9,35 +9,30 @@ let
     varDir = "/var/lib/chloe_production";
   };
   cfg = config.myServices.websites.chloe.production;
-  webappdir = config.services.websites.webappDirsPaths.chloe_production;
 in {
   options.myServices.websites.chloe.production.enable = lib.mkEnableOption "enable Chloe's website in production";
 
   config = lib.mkIf cfg.enable {
-    services.duplyBackup.profiles.chloe_production.rootDir = app.varDir;
-    secrets.keys = [
-      {
-        dest = "websites/chloe/production";
-        user = apacheUser;
-        group = apacheGroup;
-        permissions = "0400";
-        text = ''
-          SetEnv SPIP_CONFIG_DIR     "${./config}"
-          SetEnv SPIP_VAR_DIR        "${app.varDir}"
-          SetEnv SPIP_SITE           "chloe-${app.environment}"
-          SetEnv SPIP_LDAP_BASE      "dc=immae,dc=eu"
-          SetEnv SPIP_LDAP_HOST      "ldaps://ldap.immae.eu"
-          SetEnv SPIP_LDAP_SEARCH_DN "${ccfg.ldap.dn}"
-          SetEnv SPIP_LDAP_SEARCH_PW "${ccfg.ldap.password}"
-          SetEnv SPIP_LDAP_SEARCH    "${ccfg.ldap.filter}"
-          SetEnv SPIP_MYSQL_HOST     "${ccfg.mysql.host}"
-          SetEnv SPIP_MYSQL_PORT     "${ccfg.mysql.port}"
-          SetEnv SPIP_MYSQL_DB       "${ccfg.mysql.database}"
-          SetEnv SPIP_MYSQL_USER     "${ccfg.mysql.user}"
-          SetEnv SPIP_MYSQL_PASSWORD "${ccfg.mysql.password}"
-        '';
-      }
-    ];
+    secrets.keys."websites/chloe/production" = {
+      user = apacheUser;
+      group = apacheGroup;
+      permissions = "0400";
+      text = ''
+        SetEnv SPIP_CONFIG_DIR     "${./config}"
+        SetEnv SPIP_VAR_DIR        "${app.varDir}"
+        SetEnv SPIP_SITE           "chloe-${app.environment}"
+        SetEnv SPIP_LDAP_BASE      "dc=immae,dc=eu"
+        SetEnv SPIP_LDAP_HOST      "ldaps://ldap.immae.eu"
+        SetEnv SPIP_LDAP_SEARCH_DN "${ccfg.ldap.dn}"
+        SetEnv SPIP_LDAP_SEARCH_PW "${ccfg.ldap.password}"
+        SetEnv SPIP_LDAP_SEARCH    "${ccfg.ldap.filter}"
+        SetEnv SPIP_MYSQL_HOST     "${ccfg.mysql.host}"
+        SetEnv SPIP_MYSQL_PORT     "${ccfg.mysql.port}"
+        SetEnv SPIP_MYSQL_DB       "${ccfg.mysql.database}"
+        SetEnv SPIP_MYSQL_USER     "${ccfg.mysql.user}"
+        SetEnv SPIP_MYSQL_PASSWORD "${ccfg.mysql.password}"
+      '';
+    };
     services.webstats.sites = [ { name = "osteopathe-cc.fr"; } ];
 
     systemd.services.phpfpm-chloe_production.after = lib.mkAfter [ "mysql.service" ];
@@ -52,31 +47,28 @@ in {
         "php_admin_value[post_max_size]" = "20M";
         # "php_admin_flag[log_errors]" = "on";
         "php_admin_value[open_basedir]" = "${app.spipConfig}:${./config}:${app}:${app.varDir}:/tmp";
-        "php_admin_value[session.save_path]" = "${app.varDir}/phpSessions";
+        "php_admin_value[session.save_handler]" = "redis";
+        "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Chloe:Production:'";
         "pm" = "dynamic";
         "pm.max_children" = "20";
         "pm.start_servers" = "2";
         "pm.min_spare_servers" = "1";
         "pm.max_spare_servers" = "3";
       };
-      phpOptions = config.services.phpfpm.phpOptions + ''
-        extension=${pkgs.php}/lib/php/extensions/mysqli.so
-      '';
+      phpPackage = pkgs.php72.withExtensions ({ enabled, all }: enabled ++ [all.redis]);
     };
     system.activationScripts.chloe_production = {
       deps = [ "wrappers" ];
       text = ''
         install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local
-        install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions
       '';
     };
-    services.websites.webappDirs.chloe_production = app.webRoot;
     services.websites.env.production.modules = [ "proxy_fcgi" ];
     services.websites.env.production.vhostConfs.chloe = {
       certName     = "chloe";
       certMainHost = "osteopathe-cc.fr";
       hosts        = ["osteopathe-cc.fr" "www.osteopathe-cc.fr" ];
-      root         = webappdir;
+      root         = app.webRoot;
       extraConfig  = [
         ''
           Use Stats osteopathe-cc.fr
@@ -94,16 +86,16 @@ in {
             SetHandler "proxy:unix:${config.services.phpfpm.pools.chloe_production.socket}|fcgi://localhost"
           </FilesMatch>
 
-          <Directory ${webappdir}>
+          <Directory ${app.webRoot}>
             DirectoryIndex index.php index.htm index.html
             Options -Indexes +FollowSymLinks +MultiViews +Includes
-            Include ${webappdir}/htaccess.txt
+            Include ${app.webRoot}/htaccess.txt
 
             AllowOverride AuthConfig FileInfo Limit
             Require all granted
           </Directory>
 
-          <DirectoryMatch "${webappdir}/squelettes">
+          <DirectoryMatch "${app.webRoot}/squelettes">
             Require all denied
           </DirectoryMatch>