X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Fimmae%2Fproduction.nix;h=ff9cf9df3910f5558d450f3f95ce0baf84ea0f60;hb=57a421133a011d99d4fbfc5342686a68a890f573;hp=f19823a5c0677436253e6859d10c653c49fc77a9;hpb=641efb7d7320412da92a70f7415e8ebdd4e324c8;p=perso%2FImmae%2FConfig%2FNix.git
diff --git a/modules/private/websites/immae/production.nix b/modules/private/websites/immae/production.nix
index f19823a..ff9cf9d 100644
--- a/modules/private/websites/immae/production.nix
+++ b/modules/private/websites/immae/production.nix
@@ -1,68 +1,127 @@
-{ lib, pkgs, config, myconfig, ... }:
+{ lib, pkgs, config, ... }:
let
cfg = config.myServices.websites.immae.production;
- varDir = "/var/lib/ftp/immae";
- env = myconfig.env.websites.immae;
+ varDir = "/var/lib/buildbot/outputs/immae/blog";
+ coursDir = "/var/lib/buildbot/outputs/immae/cours";
+ rechercheDir = "/var/lib/buildbot/outputs/immae/recherche";
+ recettesDir = "/var/lib/buildbot/outputs/immae/recettes";
+ historyDir = "/var/lib/buildbot/outputs/immae/history";
+ env = config.myEnv.websites.immae;
in {
options.myServices.websites.immae.production.enable = lib.mkEnableOption "enable Immae's website";
config = lib.mkIf cfg.enable {
services.webstats.sites = [ { name = "www.immae.eu"; } ];
- services.phpfpm.pools.immae = {
- listen = "/run/phpfpm/immae.sock";
- extraConfig = ''
- user = wwwrun
- group = wwwrun
- listen.owner = wwwrun
- listen.group = wwwrun
-
- pm = ondemand
- pm.max_children = 5
- pm.process_idle_timeout = 60
-
- php_admin_value[open_basedir] = "${varDir}:/tmp"
- '';
- phpOptions = config.services.phpfpm.phpOptions + ''
- extension=${pkgs.php}/lib/php/extensions/mysqli.so
- '';
- };
- services.websites.env.production.modules = [ "proxy_fcgi" ];
- services.websites.env.production.vhostConfs.immae = {
- certName = "eldiron";
- addToCerts = true;
- hosts = [ "www.immae.eu" ];
- root = varDir;
- extraConfig = [
+ services.websites.env.production.vhostConfs.immae_production = {
+ certName = "immae";
+ addToCerts = true;
+ certMainHost = "www.immae.eu";
+ hosts = [ "www.immae.eu" "immae.eu" ];
+ root = varDir;
+ extraConfig = [
''
Use Stats www.immae.eu
+ Header always set Strict-Transport-Security "max-age=31536000"
+
+
+ Header always set Referrer-Policy "strict-origin-when-cross-origin"
+ RequestHeader set X-Forwarded-Proto "https"
+
+ RewriteRule ^(.*)$ https://mastodon.immae.eu%{REQUEST_URI} [QSA,L]
+
-
- SetHandler "proxy:unix:/run/phpfpm/immae.sock|fcgi://localhost"
-
+ RewriteEngine On
+ RewriteCond "%{REQUEST_URI}" "!^/.well-known/(webfinger|host-meta)"
+ RewriteCond "%{HTTP_HOST}" "!^www\.immae\.eu$" [NC]
+ RewriteRule ^(.+)$ https://www.immae.eu$1 [R=302,L]
- DirectoryIndex index.php index.htm index.html
+ DirectoryIndex index.htm index.html
+ Options Indexes FollowSymLinks MultiViews Includes
+ AllowOverride All
+ Require all granted
+
+
+ Alias /.well-known/chatonsinfos ${./chatons}
+
+ Options Indexes FollowSymLinks MultiViews Includes
+ AllowOverride None
+ Require all granted
+
+
+ Alias /.well-known/matrix ${./matrix}
+
+ Options Indexes FollowSymLinks MultiViews Includes
+ AllowOverride None
+ Require all granted
+ Header always set Access-Control-Allow-Origin "*"
+
+
+ Alias /cours ${coursDir}
+
+ DirectoryIndex index.htm index.html
+ Options Indexes FollowSymLinks MultiViews Includes
+ AllowOverride All
+ Require all granted
+
+
+ Alias /eurl ${./eurl}
+
+ DirectoryIndex index.htm index.html
+ Options Indexes FollowSymLinks MultiViews Includes
+ AllowOverride None
+ Require all granted
+
+
+ Alias /recherche ${rechercheDir}
+
+ DirectoryIndex index.htm index.html
+ Options Indexes FollowSymLinks MultiViews Includes
+ AllowOverride All
+ Require all granted
+
+
+ Alias /recettes ${recettesDir}
+
+ DirectoryIndex index.htm index.html
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride All
Require all granted
-
- Use LDAPConnect
- Require ldap-group cn=blog,cn=immae.eu,ou=services,dc=immae,dc=eu
-
+ Alias /history ${historyDir}
+
+ DirectoryIndex index.html
+ AllowOverride None
+ Require all granted
+
''
];
};
- services.websites.env.production.vhostConfs.bouya = {
- certName = "eldiron";
+ services.websites.env.production.vhostConfs.immae_fr = {
+ certName = "immae";
addToCerts = true;
- hosts = [ "bouya.org" "www.bouya.org" ];
+ hosts = [ "www.immae.fr" "immae.fr" ];
root = null;
extraConfig = [ ''
- RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://www.normalesup.org/~bouya/
+ RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://www.immae.eu/chapeaux/
+ '' ];
+ };
+
+ services.websites.env.production.vhostConfs.immae_bouya = {
+ certName = "immae";
+ addToCerts = true;
+ hosts = [ "bouya.org" "www.bouya.org" ];
+ root = rechercheDir;
+ extraConfig = [ ''
+
+ DirectoryIndex index.htm index.html
+ Options Indexes FollowSymLinks MultiViews Includes
+ AllowOverride All
+ Require all granted
+
'' ];
};
};