nassimeProd = ./websites/nassime/production.nix;
naturaloutilProd = ./websites/naturaloutil/production.nix;
telioTortayProd = ./websites/teliotortay/production.nix;
+ papaMaisonBbc = ./websites/papa/maison_bbc.nix;
papaSurveillance = ./websites/papa/surveillance.nix;
piedsjalouxInte = ./websites/piedsjaloux/integration.nix;
piedsjalouxProd = ./websites/piedsjaloux/production.nix;
telioTortay.production.enable = true;
papa.surveillance.enable = true;
+ papa.maison_bbc.enable = true;
piedsjaloux.integration.enable = true;
piedsjaloux.production.enable = true;
--- /dev/null
+{ lib, pkgs, config, ... }:
+let
+ cfg = config.myServices.websites.papa.maison_bbc;
+ varDir = "/var/lib/ftp/papa/site";
+in {
+ options.myServices.websites.papa.maison_bbc.enable = lib.mkEnableOption "enable Papa Maison bbc website";
+
+ config = lib.mkIf cfg.enable {
+ services.duplyBackup.profiles.papa_maison_bbc.rootDir = varDir;
+ services.webstats.sites = [ { name = "maison.bbc.bouya.org"; } ];
+ services.phpfpm.pools.papa_maison_bbc = {
+ listen = "/run/phpfpm/papa_maison_bbc.sock";
+ extraConfig = ''
+ user = wwwrun
+ group = wwwrun
+ listen.owner = wwwrun
+ listen.group = wwwrun
+
+ pm = ondemand
+ pm.max_children = 5
+ pm.process_idle_timeout = 60
+
+ php_admin_value[open_basedir] = "${varDir}"
+ '';
+ phpOptions = config.services.phpfpm.phpOptions + ''
+ extension=${pkgs.php}/lib/php/extensions/mysqli.so
+ '';
+ };
+
+ services.websites.env.production.modules = [ "proxy_fcgi" ];
+ services.websites.env.production.vhostNoSSLConfs.papa_maison_bbc = {
+ hosts = [ "maison.bbc.bouya.org" ];
+ root = varDir;
+ extraConfig = [
+ ''
+ RedirectMatch 301 ^/((?!(\.well-known|add.php).*$).*)$ https://maison.bbc.bouya.org/$1
+ <Directory ${varDir}>
+ DirectoryIndex index.php index.htm index.html
+ AllowOverride None
+ Require all granted
+ <FilesMatch "\.php$">
+ SetHandler "proxy:unix:/run/phpfpm/papa_maison_bbc.sock|fcgi://localhost"
+ </FilesMatch>
+ </Directory>
+ ''
+ ];
+ };
+ services.websites.env.production.vhostConfs.papa_maison_bbc = {
+ certName = "papa";
+ addToCerts = true;
+ hosts = [ "maison.bbc.bouya.org" ];
+ root = varDir;
+ extraConfig = [
+ ''
+ <Directory ${varDir}>
+ DirectoryIndex index.php index.htm index.html
+ AllowOverride None
+ Require all granted
+ <FilesMatch "\.php$">
+ SetHandler "proxy:unix:/run/phpfpm/papa_maison_bbc.sock|fcgi://localhost"
+ </FilesMatch>
+ </Directory>
+ ''
+ ];
+ };
+ };
+}
+
};
};
};
+ vhostNoSSLConfs = mkOption {
+ default = {};
+ description = "List of no ssl vhosts to define for Apache";
+ type = attrsOf (submodule {
+ options = {
+ hosts = mkOption { type = listOf string; };
+ root = mkOption { type = nullOr path; };
+ extraConfig = mkOption { type = listOf lines; default = []; };
+ };
+ });
+ };
vhostConfs = mkOption {
default = {};
description = "List of vhosts to define for Apache";
documentRoot = vhostConf.root;
extraConfig = builtins.concatStringsSep "\n" vhostConf.extraConfig;
};
+ toVhostNoSSL = ips: vhostConf: {
+ enableSSL = false;
+ logFormat = "combinedVhost";
+ listen = map (ip: { inherit ip; port = 80; }) ips;
+ hostName = builtins.head vhostConf.hosts;
+ serverAliases = builtins.tail vhostConf.hosts or [];
+ documentRoot = vhostConf.root;
+ extraConfig = builtins.concatStringsSep "\n" vhostConf.extraConfig;
+ };
in attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
icfg.httpdName (mkIf icfg.enable {
enable = true;
extraConfig = builtins.concatStringsSep "\n" icfg.extraConfig;
virtualHosts = [ (toVhost icfg.ips icfg.fallbackVhost) ]
++ optionals (icfg.nosslVhost.enable) [ (nosslVhost icfg.ips icfg.nosslVhost) ]
+ ++ (attrsets.mapAttrsToList (n: v: toVhostNoSSL icfg.ips v) icfg.vhostNoSSLConfs)
++ (attrsets.mapAttrsToList (n: v: toVhost icfg.ips v) icfg.vhostConfs)
++ [ (redirectVhost icfg.ips) ];
})
projects / perso / Immae / Config / Nix.git / commitdiff
