X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fwebsites%2Fludivine%2Fintegration.nix;fp=modules%2Fprivate%2Fwebsites%2Fludivine%2Fintegration.nix;h=4e37c0cb846fe3eee7166b02ae57041d19e6f838;hb=d3452fc59b9839846225fd254926c64a9c71f071;hp=0000000000000000000000000000000000000000;hpb=514f9ec3beec470c4445be690673a0ceab9115b4;p=perso%2FImmae%2FConfig%2FNix.git
diff --git a/modules/private/websites/ludivine/integration.nix b/modules/private/websites/ludivine/integration.nix
new file mode 100644
index 0000000..4e37c0c
--- /dev/null
+++ b/modules/private/websites/ludivine/integration.nix
@@ -0,0 +1,151 @@
+{ lib, pkgs, config, ... }:
+let
+ secrets = config.myEnv.websites.ludivine.integration;
+ app = pkgs.callPackage ./app {
+ environment = secrets.environment;
+ varDir = "/var/lib/ludivine_integration";
+ secretsPath = config.secrets.fullPaths."websites/ludivine/integration";
+ };
+ cfg = config.myServices.websites.ludivine.integration;
+ pcfg = config.services.phpApplication;
+in {
+ options.myServices.websites.ludivine.integration.enable = lib.mkEnableOption "enable Ludivine's website in integration";
+
+ config = lib.mkIf cfg.enable {
+ services.duplyBackup.profiles.ludivine_integration.rootDir = app.varDir;
+ services.phpApplication.apps.ludivine_integration = {
+ websiteEnv = "integration";
+ httpdUser = config.services.httpd.Inte.user;
+ httpdGroup = config.services.httpd.Inte.group;
+ inherit (app) webRoot varDir;
+ varDirPaths = {
+ "tmp" = "0700";
+ };
+ inherit app;
+ serviceDeps = [ "mysql.service" ];
+ preStartActions = [
+ "./bin/console --env=${app.environment} cache:clear --no-warmup"
+ ];
+ phpOpenbasedir = [ "/tmp" ];
+ phpPool = {
+ "php_admin_value[upload_max_filesize]" = "20M";
+ "php_admin_value[post_max_size]" = "20M";
+ #"php_admin_flag[log_errors]" = "on";
+ "pm" = "ondemand";
+ "pm.max_children" = "5";
+ "pm.process_idle_timeout" = "60";
+ };
+ phpEnv = {
+ PATH = lib.makeBinPath [
+ # below ones don't need to be in the PATH but theyâre used in
+ # secrets
+ pkgs.imagemagick pkgs.sass pkgs.ruby
+ ];
+ SYMFONY_DEBUG_MODE = "\"yes\"";
+ };
+ phpWatchFiles = [
+ config.secrets.fullPaths."websites/ludivine/integration"
+ ];
+ };
+
+ secrets.keys = [
+ {
+ dest = "websites/ludivine/integration";
+ user = config.services.httpd.Inte.user;
+ group = config.services.httpd.Inte.group;
+ permissions = "0400";
+ text = ''
+ # This file is auto-generated during the composer install
+ parameters:
+ database_host: ${secrets.mysql.host}
+ database_port: ${secrets.mysql.port}
+ database_name: ${secrets.mysql.database}
+ database_user: ${secrets.mysql.user}
+ database_password: ${secrets.mysql.password}
+ database_server_version: ${pkgs.mariadb.mysqlVersion}
+ mailer_transport: smtp
+ mailer_host: 127.0.0.1
+ mailer_user: null
+ mailer_password: null
+ secret: ${secrets.secret}
+ ldap_host: ldap.immae.eu
+ ldap_port: 636
+ ldap_version: 3
+ ldap_ssl: true
+ ldap_tls: false
+ ldap_user_bind: 'uid={username},ou=users,dc=immae,dc=eu'
+ ldap_base_dn: 'dc=immae,dc=eu'
+ ldap_search_dn: '${secrets.ldap.dn}'
+ ldap_search_password: '${secrets.ldap.password}'
+ ldap_search_filter: '${secrets.ldap.filter}'
+ leapt_im:
+ binary_path: ${pkgs.imagemagick}/bin
+ assetic:
+ sass: ${pkgs.sass}/bin/sass
+ ruby: ${pkgs.ruby}/bin/ruby
+ '';
+ }
+ ];
+
+ services.websites.env.integration.vhostConfs.ludivine_integration = {
+ certName = "integration";
+ addToCerts = true;
+ hosts = [ "ludivine.immae.eu" ];
+ root = pcfg.webappDirs.ludivine_integration;
+ extraConfig = [
+ ''
+
+ SetHandler "proxy:unix:${pcfg.phpListenPaths.ludivine_integration}|fcgi://localhost"
+
+
+
+ Use LDAPConnect
+ Require ldap-group cn=ludivine.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
+ ErrorDocument 401 ""
+
+
+
+ Options Indexes FollowSymLinks MultiViews Includes
+ AllowOverride None
+ Require all granted
+
+ DirectoryIndex app_dev.php
+
+
+ Options -MultiViews
+
+
+
+ RewriteEngine On
+
+ RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
+ RewriteRule ^(.*) - [E=BASE:%1]
+
+ # Maintenance script
+ RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f
+ RewriteCond %{SCRIPT_FILENAME} !maintenance.php
+ RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]
+ ErrorDocument 503 /maintenance.php
+
+ # Sets the HTTP_AUTHORIZATION header removed by Apache
+ RewriteCond %{HTTP:Authorization} .
+ RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+
+ RewriteCond %{ENV:REDIRECT_STATUS} ^$
+ RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
+
+ # If the requested filename exists, simply serve it.
+ # We only want to let Apache serve files and not directories.
+ RewriteCond %{REQUEST_FILENAME} -f
+ RewriteRule ^ - [L]
+
+ # Rewrite all other queries to the front controller.
+ RewriteRule ^ %{ENV:BASE}/app_dev.php [L]
+
+
+
+ ''
+ ];
+ };
+ };
+}