options = {
aten_production = atenSubmodule;
aten_integration = atenSubmodule;
+ iridologie = mkOption {
+ description = "environment configuration";
+ type = submodule {
+ options = {
+ environment = mkOption { type = str; description = "SPIP environment"; };
+ mysql = mkMysqlOptions "Iridologie" {};
+ ldap = mkLdapOptions "Iridologie" {};
+ };
+ };
+ };
};
};
};
description = "environment configuration";
type = submodule {
options = {
- environment = mkOption { type = str; description = "Symfony environment"; };
+ environment = mkOption { type = str; description = "SPIP environment"; };
mysql = mkMysqlOptions "Chloe" {};
ldap = mkLdapOptions "Chloe" {};
};
--- /dev/null
+<?php
+if (!defined("_ECRIRE_INC_VERSION")) return;
+if (!defined('_SPIP_CHMOD')) define('_SPIP_CHMOD', 0777);
+?>
\ No newline at end of file
--- /dev/null
+<?php
+if (!defined("_ECRIRE_INC_VERSION")) return;
+define('_MYSQL_SET_SQL_MODE',true);
+$GLOBALS['spip_connect_version'] = 0.7;
+spip_connect_db(
+ getenv("SPIP_MYSQL_HOST"),
+ getenv("SPIP_MYSQL_PORT"),
+ getenv("SPIP_MYSQL_USER"),
+ getenv("SPIP_MYSQL_PASSWORD"),
+ getenv("SPIP_MYSQL_DB"),
+ 'mysql',
+ 'spip',
+ 'ldap.php'
+);
+?>
--- /dev/null
+<?php
+if (!defined("_ECRIRE_INC_VERSION")) return;
+$GLOBALS['ldap_base'] = getenv("SPIP_LDAP_BASE");
+$GLOBALS['ldap_link'] = @ldap_connect(getenv("SPIP_LDAP_HOST"));
+@ldap_set_option($GLOBALS['ldap_link'],LDAP_OPT_PROTOCOL_VERSION,'3');
+@ldap_bind($GLOBALS['ldap_link'],getenv("SPIP_LDAP_SEARCH_DN"), getenv("SPIP_LDAP_SEARCH_PW"));
+$GLOBALS['ldap_champs'] = array('login' => array('sAMAccountName','uid','login','userid','cn','sn'),'nom' => 'cn','email' => 'mail','bio' => 'description',);
+$GLOBALS['ldap_search'] = getenv("SPIP_LDAP_SEARCH");
+?>
-{ lib, config, ... }:
+{ lib, pkgs, config, ... }:
let
+ iridologie = pkgs.callPackage ./spip_builder.nix {
+ inherit (pkgs.webapps) iridologie;
+ config = config.myEnv.websites.isabelle.iridologie;
+ apacheUser = config.services.httpd.Prod.user;
+ apacheGroup = config.services.httpd.Prod.group;
+ };
+
cfg = config.myServices.websites.isabelle.iridologie;
- varDir = "/var/lib/ftp/isabelle";
in {
options.myServices.websites.isabelle.iridologie.enable = lib.mkEnableOption "enable Iridologie's website";
config = lib.mkIf cfg.enable {
+ services.duplyBackup.profiles.iridologie_prod.rootDir = iridologie.app.varDir;
+ secrets.keys = iridologie.keys;
services.webstats.sites = [ { name = "iridologie.icommandeur.org"; } ];
- system.activationScripts.iridologie = {
- deps = [ "httpd" ];
- text = ''
- install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/iridologie
- '';
- };
- services.phpfpm.pools.iridologie = {
- listen = "/run/phpfpm/iridologie.sock";
- extraConfig = ''
- user = wwwrun
- group = wwwrun
- listen.owner = wwwrun
- listen.group = wwwrun
-
- pm = ondemand
- pm.max_children = 5
- pm.process_idle_timeout = 60
- php_admin_value[open_basedir] = "/var/lib/php/sessions/iridologie:${varDir}:/tmp"
- php_admin_value[session.save_path] = "/var/lib/php/sessions/iridologie"
- '';
+ systemd.services.phpfpm-iridologie.after = lib.mkAfter iridologie.phpFpm.serviceDeps;
+ systemd.services.phpfpm-iridologie.wants = iridologie.phpFpm.serviceDeps;
+ services.phpfpm.pools.iridologie = {
+ listen = iridologie.phpFpm.socket;
+ extraConfig = iridologie.phpFpm.pool;
+ phpOptions = config.services.phpfpm.phpOptions + ''
+ extension=${pkgs.php}/lib/php/extensions/mysqli.so
+ '';
};
- services.websites.env.production.modules = [ "proxy_fcgi" ];
+ system.activationScripts.iridologie = iridologie.activationScript;
+ myServices.websites.webappDirs."${iridologie.apache.webappName}" = iridologie.app.webRoot;
+ services.websites.env.production.modules = iridologie.apache.modules;
services.websites.env.production.vhostConfs.iridologie = {
- certName = "aten";
- addToCerts = true;
- hosts = [ "iridologie.icommandeur.org" "icommandeur.org" "www.icommandeur.org" ];
- root = varDir;
- extraConfig = [
+ certName = "aten";
+ addToCerts = true;
+ hosts = [ "iridologie.icommandeur.org" "icommandeur.org" "www.icommandeur.org" ];
+ root = iridologie.apache.root;
+ extraConfig = [
''
- Use Stats iridologie.icommandeur.org
- RewriteEngine On
- RewriteCond "%{HTTP_HOST}" "!^iridologie\.icommandeur\.org$" [NC]
- RewriteRule ^(.+)$ https://iridologie.icommandeur.org$1 [R=302,L]
-
- <FilesMatch "\.php$">
- SetHandler "proxy:unix:/run/phpfpm/iridologie.sock|fcgi://localhost"
- </FilesMatch>
-
- <Directory ${varDir}>
- DirectoryIndex index.php index.htm index.html
- AllowOverride All
- Require all granted
- </Directory>
+ RewriteEngine On
+ RewriteCond "%{HTTP_HOST}" "!^iridologie\.icommandeur\.org$" [NC]
+ RewriteRule ^(.+)$ https://iridologie.icommandeur.org$1 [R=302,L]
''
+ iridologie.apache.vhostConf
];
};
+ services.websites.env.production.watchPaths = [
+ "/var/secrets/webapps/${iridologie.app.environment}-iridologie"
+ ];
};
}
-
--- /dev/null
+{ apacheUser, apacheGroup, iridologie, config }:
+rec {
+ app = iridologie.override { inherit (config) environment; };
+ phpFpm = rec {
+ serviceDeps = [ "mysql.service" ];
+ socket = "/var/run/phpfpm/iridologie-${app.environment}.sock";
+ pool = ''
+ user = ${apacheUser}
+ group = ${apacheGroup}
+ listen.owner = ${apacheUser}
+ listen.group = ${apacheGroup}
+ php_admin_value[upload_max_filesize] = 20M
+ php_admin_value[post_max_size] = 20M
+ ;php_admin_flag[log_errors] = on
+ php_admin_value[open_basedir] = "${app.spipConfig}:${configDir}:${app}:${app.varDir}:/tmp"
+ php_admin_value[session.save_path] = "${app.varDir}/phpSessions"
+ ${if app.environment == "dev" then ''
+ pm = ondemand
+ pm.max_children = 5
+ pm.process_idle_timeout = 60
+ '' else ''
+ pm = dynamic
+ pm.max_children = 20
+ pm.start_servers = 2
+ pm.min_spare_servers = 1
+ pm.max_spare_servers = 3
+ ''}'';
+ };
+ keys = [{
+ dest = "webapps/${app.environment}-iridologie";
+ user = apacheUser;
+ group = apacheGroup;
+ permissions = "0400";
+ text = ''
+ SetEnv SPIP_CONFIG_DIR "${configDir}"
+ SetEnv SPIP_VAR_DIR "${app.varDir}"
+ SetEnv SPIP_SITE "iridologie-${app.environment}"
+ SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu"
+ SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu"
+ SetEnv SPIP_LDAP_SEARCH_DN "${config.ldap.dn}"
+ SetEnv SPIP_LDAP_SEARCH_PW "${config.ldap.password}"
+ SetEnv SPIP_LDAP_SEARCH "${config.ldap.filter}"
+ SetEnv SPIP_MYSQL_HOST "${config.mysql.host}"
+ SetEnv SPIP_MYSQL_PORT "${config.mysql.port}"
+ SetEnv SPIP_MYSQL_DB "${config.mysql.database}"
+ SetEnv SPIP_MYSQL_USER "${config.mysql.user}"
+ SetEnv SPIP_MYSQL_PASSWORD "${config.mysql.password}"
+ '';
+ }];
+ apache = rec {
+ modules = [ "proxy_fcgi" ];
+ webappName = "iridologie_${app.environment}";
+ root = "/run/current-system/webapps/${webappName}";
+ vhostConf = ''
+ Include /var/secrets/webapps/${app.environment}-iridologie
+
+ RewriteEngine On
+
+ <FilesMatch "\.php$">
+ SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+ </FilesMatch>
+
+ <Directory ${root}>
+ DirectoryIndex index.php index.htm index.html
+ Options -Indexes +FollowSymLinks +MultiViews +Includes
+ Include ${root}/htaccess.txt
+
+ AllowOverride AuthConfig FileInfo Limit
+ Require all granted
+ </Directory>
+
+ <DirectoryMatch "${root}/squelettes">
+ Require all denied
+ </DirectoryMatch>
+
+ <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$">
+ Require all denied
+ </FilesMatch>
+
+ ${if app.environment == "dev" then ''
+ <Location />
+ Use LDAPConnect
+ Require ldap-group cn=isabelle.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
+ ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://iridologie.icommandeur.org\"></html>"
+ </Location>
+ '' else ''
+ Use Stats iridologie.icommandeur.org
+ ''}
+ '';
+ };
+ activationScript = {
+ deps = [ "wrappers" ];
+ text = ''
+ install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local
+ install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions
+ '';
+ };
+ configDir = ./config;
+}
aten = callPackage ./aten { inherit composerEnv mylibs; };
chloe = callPackage ./chloe { inherit mylibs spip; };
+ iridologie = callPackage ./iridologie { inherit mylibs spip; };
connexionswing = callPackage ./connexionswing { inherit composerEnv mylibs;};
ludivinecassal = callPackage ./ludivinecassal { inherit composerEnv mylibs; };
piedsjaloux = callPackage ./piedsjaloux { inherit composerEnv mylibs; };
--- /dev/null
+{ environment ? "prod"
+, varDir ? "/var/lib/iridologie_${environment}"
+, spip, stdenv, mylibs, sassc }:
+let
+ siteDir = stdenv.mkDerivation (mylibs.fetchedGitPrivate ./iridologie.json // rec {
+ installPhase = ''
+ cp -a . $out
+ '';
+ });
+in
+spip.override {
+ ldap = true;
+ siteName = "iridologie";
+ inherit environment siteDir;
+}
--- /dev/null
+{
+ "tag": "01bd963-master",
+ "meta": {
+ "name": "iridologie",
+ "url": "ssh://gitolite@git.immae.eu/perso/Immae/Sites/Iridologie",
+ "branch": "master"
+ },
+ "git": {
+ "url": "ssh://gitolite@git.immae.eu/perso/Immae/Sites/Iridologie",
+ "rev": "01bd96345b523e4e6469fdbbb675abd3e7f4662f",
+ "fetchSubmodules": true
+ }
+}
let
app = stdenv.mkDerivation rec {
name = "${siteName}-${environment}-spip-${version}";
- version = "3.2.3";
+ version = "3.2.7";
src = fetchzip {
url = "https://files.spip.net/spip/archives/SPIP-v${version}.zip";
- sha256 = "1r1mjvsnrp6mvkgjakvi3x4ms8m8k5mp93micbbg8r99fj7qlfkq";
+ sha256 = "0n4kc95nhn524zbb11bpfjs965pm4v026s3m3q44pl8nyms91r33";
};
paches = lib.optionals ldap [ ./spip_ldap_patch.patch ];
buildPhase = ''
projects / perso / Immae / Config / Nix.git / commitdiff
