X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=nixops%2Fmodules%2Fwebsites%2Faten%2Faten.nix;h=6059eb6b85fd64eb07ae1d59c0054b1be88c9d83;hb=85f5ed68104de9edd8f8e532dc0c2de931e3ca1b;hp=69e1d4c37409cee35bf0ee9cf415da9e53666aea;hpb=01f21083a897b86bf148f1d2bb9c8edca4d3786a;p=perso%2FImmae%2FConfig%2FNix.git
diff --git a/nixops/modules/websites/aten/aten.nix b/nixops/modules/websites/aten/aten.nix
index 69e1d4c..6059eb6 100644
--- a/nixops/modules/websites/aten/aten.nix
+++ b/nixops/modules/websites/aten/aten.nix
@@ -1,9 +1,10 @@
-{ lib, writeText, fetchedGitPrivate, stdenv, composerEnv, fetchurl, fetchgit, binutils, python, nodejs, libsass, yarn2nix }:
+{ lib, writeText, fetchedGitPrivate, stdenv, runCommand, composerEnv, fetchurl, fetchgit, jq, python, nodejs, libsass, yarn2nixPackage }:
let
aten = { config }: rec {
environment = config.environment;
varDir = "/var/lib/aten_${environment}";
phpFpm = rec {
+ serviceDeps = [ "postgresql.service" "${environment}-aten-key.service" ];
socket = "/var/run/phpfpm/aten-${environment}.sock";
pool = ''
listen = ${socket}
@@ -29,18 +30,29 @@ let
pm.max_spare_servers = 3
''}'';
};
- apache = {
+ keys."${environment}-aten" = {
+ destDir = "/run/keys/webapps";
+ user = apache.user;
+ group = apache.group;
+ permissions = "0400";
+ text = ''
+ SetEnv APP_ENV "${environment}"
+ SetEnv APP_SECRET "${config.secret}"
+ SetEnv DATABASE_URL "${config.psql_url}"
+ '';
+ };
+ apache = rec {
user = "wwwrun";
group = "wwwrun";
modules = [ "proxy_fcgi" ];
+ webappName = "aten_${environment}";
+ root = "/run/current-system/webapps/${webappName}";
vhostConf = ''
SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
- SetEnv APP_ENV "${environment}"
- SetEnv APP_SECRET "${config.secret}"
- SetEnv DATABASE_URL "${config.psql_url}"
+ Include /run/keys/webapps/${environment}-aten
${if environment == "dev" then ''
@@ -64,7 +76,7 @@ let
''}
-
+
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride All
Require all granted
@@ -89,22 +101,26 @@ let
};
yarnModules = let
info = fetchedGitPrivate ./aten.json;
+ packagejson = runCommand "package.json" { buildInputs = [ jq ]; } ''
+ cat ${info.src}/package.json | jq -r '.version = "v1.0.0"|.name="aten"' > $out
+ '';
in
- yarn2nix.mkYarnModules {
- name = "aten-yarn-modules";
- packageJSON = "${info.src}/package.json";
+ yarn2nixPackage.mkYarnModules rec {
+ name = "aten-yarn";
+ pname = name;
+ version = "v1.0.0";
+ packageJSON = packagejson;
yarnLock = "${info.src}/yarn.lock";
pkgConfig = {
node-sass = {
- buildInputs = [ binutils libsass python ];
+ buildInputs = [ libsass python ];
postInstall = let
nodeHeaders = fetchurl {
url = "https://nodejs.org/download/release/v${nodejs.version}/node-v${nodejs.version}-headers.tar.gz";
- sha256 = "12zzsf8my43b8qnlacp871ih5vqafl2vlpqp51xp6h3gckn2frwy";
+ sha256 = "16f20ya3ys6w5w6y6l4536f7jrgk4gz46bf71w1r1xxb26a54m32";
};
in
''
- export AR=${binutils.bintools}/bin/ar
node scripts/build.js --tarball=${nodeHeaders}
'';
};
@@ -118,17 +134,14 @@ let
preInstall = ''
export SYMFONY_ENV="${environment}"
export APP_ENV="${environment}"
- export DATABASE_URL="${config.psql_url}"
- export APP_SECRET="${config.secret}"
'';
postInstall = ''
- cd $out
ln -sf ${yarnModules}/node_modules .
yarn run --offline encore production
rm -rf var/{log,cache}
- ln -sf ../../../../../../../${varDir}/{log,cache} var/
+ ln -sf ${varDir}/{log,cache} var/
'';
- buildInputs = [ yarn2nix.yarn ];
+ buildInputs = [ yarnModules yarn2nixPackage.yarn ];
});
webRoot = "${webappDir}/public";
};