X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fwebsites%2Fdefault.nix;h=0a78c134ae56211dd4bf82c20f7dd91e7a6c0b4f;hb=ce95026934c4ea8c647365f68eb195459fcdff08;hp=d5a0f635b0354db0ae775c7a5b877dded3db133d;hpb=e7b890d0999fe54a99f84fe92d625d9d488358dc;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/websites/default.nix b/modules/websites/default.nix
index d5a0f63..0a78c13 100644
--- a/modules/websites/default.nix
+++ b/modules/websites/default.nix
@@ -1,4 +1,4 @@
-{ lib, config, ... }: with lib;
+{ lib, config, pkgs, ... }: with lib;
 let
   cfg = config.services.websites;
 in
@@ -201,6 +201,7 @@ in
       logPerVirtualHost = true;
       multiProcessingModule = "worker";
       # https://ssl-config.mozilla.org/#server=apache&version=2.4.41&config=intermediate&openssl=1.0.2t&guideline=5.4
+      # test with https://www.ssllabs.com/ssltest/analyze.html?d=www.immae.eu&s=176.9.151.154&latest
       sslProtocols = "all -SSLv3 -TLSv1 -TLSv1.1";
       sslCiphers = builtins.concatStringsSep ":" [
         "ECDHE-ECDSA-AES128-GCM-SHA256" "ECDHE-RSA-AES128-GCM-SHA256"
@@ -274,4 +275,42 @@ in
         (name: path: "ln -s ${path} $out/${cfg.webappDirsName}/${name}") cfg.webappDirs)
     }
   '';
+
+  config.systemd.services = let
+    package = httpdName: config.services.httpd.${httpdName}.package.out;
+    cfgFile = httpdName: config.services.httpd.${httpdName}.configFile;
+    serviceChange = attrsets.mapAttrs' (name: icfg:
+      attrsets.nameValuePair
+      "httpd${icfg.httpdName}" {
+        stopIfChanged = false;
+        serviceConfig.ExecStart =
+          lib.mkForce "@${package icfg.httpdName}/bin/httpd httpd -f /etc/httpd/httpd_${icfg.httpdName}.conf";
+        serviceConfig.ExecStop =
+          lib.mkForce "${package icfg.httpdName}/bin/httpd -f /etc/httpd/httpd_${icfg.httpdName}.conf -k graceful-stop";
+        serviceConfig.ExecReload =
+          lib.mkForce "${package icfg.httpdName}/bin/httpd -f /etc/httpd/httpd_${icfg.httpdName}.conf -k graceful";
+      }
+      ) cfg.env;
+    serviceReload = attrsets.mapAttrs' (name: icfg:
+      attrsets.nameValuePair
+      "httpd${icfg.httpdName}-config-reload" {
+        wants = [ "httpd${icfg.httpdName}.service" ];
+        wantedBy = [ "multi-user.target" ];
+        restartTriggers = [ (cfgFile icfg.httpdName) ];
+        # commented, because can cause extra delays during activate for this config:
+        #      services.nginx.virtualHosts."_".locations."/".proxyPass = "http://blabla:3000";
+        # stopIfChanged = false;
+        serviceConfig.Type = "oneshot";
+        serviceConfig.TimeoutSec = 60;
+        script = ''
+          if ${pkgs.systemd}/bin/systemctl -q is-active httpd${icfg.httpdName}.service ; then
+            ${package icfg.httpdName}/bin/httpd -f /etc/httpd/httpd_${icfg.httpdName}.conf -t && \
+              ${pkgs.systemd}/bin/systemctl reload httpd${icfg.httpdName}.service
+          fi
+        '';
+        serviceConfig.RemainAfterExit = true;
+      }
+      ) cfg.env;
+  in
+    serviceChange // serviceReload;
 }