secrets = config.myEnv.websites.chloe.new;
cfg = config.myServices.websites.chloe.new;
ftpRoot = "/var/lib/chloe_new";
- phpRoot = "${ftpRoot}/php";
- webRoot = "${phpRoot}/web";
- varDir = "${ftpRoot}/var";
+ webRoot = "${ftpRoot}/wordpress";
sessionDir = "${ftpRoot}/sessions";
- packagePath = "/var/lib/ftp/release.immae.eu/buildbot/Chloe";
- branch = "test";
in {
options.myServices.websites.chloe.new.enable = lib.mkEnableOption "enable Chloe's new website in integration";
"listen.owner" = config.services.httpd.Inte.user;
"listen.group" = config.services.httpd.Inte.group;
"php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
- ftpRoot
- config.secrets.fullPaths."websites/chloe/new"
+ webRoot
+ sessionDir
"/tmp"
];
"php_admin_value[session.save_path]" = sessionDir;
"pm.max_children" = "5";
"pm.process_idle_timeout" = "60";
};
- phpEnv = {
- SYMFONY_DEBUG_MODE = "\"yes\"";
- };
- phpPackage = pkgs.php72;
- };
- systemd.services."phpfpm-chloe_new_integration" = {
- after = lib.mkAfter ["mysql.service"];
- wants = ["mysql.service"];
- path = lib.mkAfter [ pkgs.gnutar pkgs.gzip pkgs.php72 ];
- preStart = let
- script = pkgs.writeScriptBin "chloe-integration-pre" ''
- #! ${pkgs.stdenv.shell}
-
- [ -f ${packagePath}/${branch}.tar.gz ] || exit 1
-
- cd ${ftpRoot}
- if ! [ -f .tarball_sum ] || ! sha256sum -c .tarball_sum; then
- tar -xf ${packagePath}/${branch}.tar.gz --one-top-level=php_new
- if [ -d php ]; then
- mv php php_old
- fi
- mv php_new php
- fi
- cd php
- rm -rf var/{logs,cache,data,miniatures,tmp}
- ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/
- ln -sf ${config.secrets.fullPaths."websites/chloe/new"} app/config/parameters.yml
- SYMFONY_ENV=dev ./bin/console --env=dev cache:clear --no-warmup
- sha256sum ${packagePath}/${branch}.tar.gz > ${ftpRoot}/.tarball_sum
- '';
- in
- "/run/wrappers/bin/sudo -u ${config.services.httpd.Inte.user} ${script}/bin/chloe-integration-pre";
- postStart = let
- script = pkgs.writeScriptBin "chloe-integration-post" ''
- #! ${pkgs.stdenv.shell}
-
- cd ${ftpRoot}
- if [ -d php_old ]; then
- rm -rf php_old
- fi
- '';
- in
- "/run/wrappers/bin/sudo -u ${config.services.httpd.Inte.user} ${script}/bin/chloe-integration-post";
- serviceConfig.TimeoutStartSec="infinity";
- };
- services.filesWatcher.phpfpm-chloe_new_integration = {
- restart = true;
- paths = [ "${packagePath}/${branch}.tar.gz" ];
+ phpPackage = pkgs.php74;
};
system.activationScripts.chloe_new_integration = {
'';
};
- secrets.keys."websites/chloe/new" = {
- user = config.services.httpd.Inte.user;
- group = config.services.httpd.Inte.group;
- permissions = "0400";
- text = ''
- # This file is auto-generated during the composer install
- parameters:
- database_host: ${secrets.mysql.host}
- database_port: ${secrets.mysql.port}
- database_name: ${secrets.mysql.database}
- database_user: ${secrets.mysql.user}
- database_password: ${secrets.mysql.password}
- database_server_version: ${pkgs.mariadb.mysqlVersion}
- mailer_transport: smtp
- mailer_host: 127.0.0.1
- mailer_user: null
- mailer_password: null
- secret: ${secrets.secret}
- ldap_host: ldap.immae.eu
- ldap_port: 636
- ldap_version: 3
- ldap_ssl: true
- ldap_tls: false
- ldap_user_bind: 'uid={username},ou=users,dc=immae,dc=eu'
- ldap_base_dn: 'dc=immae,dc=eu'
- ldap_search_dn: '${secrets.ldap.dn}'
- ldap_search_password: '${secrets.ldap.password}'
- ldap_search_filter: '${secrets.ldap.filter}'
- leapt_im:
- binary_path: ${pkgs.imagemagick}/bin
- assetic:
- sass: ${pkgs.sass}/bin/sass
- ruby: ${pkgs.ruby}/bin/ruby
- '';
- };
-
services.websites.env.integration.vhostConfs.chloe_new_integration = {
certName = "integration";
addToCerts = true;
hosts = [ "new.chc.immae.dev" ];
root = webRoot;
- extraConfig = [
+ extraConfig = [
''
<FilesMatch "\.php$">
SetHandler "proxy:unix:${config.services.phpfpm.pools.chloe_new_integration.socket}|fcgi://localhost"
Require ldap-group cn=chc.immae.dev,cn=httpd,ou=services,dc=immae,dc=eu
</Location>
+ <Location /xmlrpc.php>
+ AllowOverride None
+ Require all denied
+ </Location>
<Directory ${webRoot}>
+ DirectoryIndex index.php index.htm index.html
Options Indexes FollowSymLinks MultiViews Includes
- AllowOverride None
+ AllowOverride all
Require all granted
-
- DirectoryIndex app_dev.php
-
- <IfModule mod_negotiation.c>
- Options -MultiViews
- </IfModule>
-
- <IfModule mod_rewrite.c>
- RewriteEngine On
-
- RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
- RewriteRule ^(.*) - [E=BASE:%1]
-
- # Maintenance script
- RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f
- RewriteCond %{SCRIPT_FILENAME} !maintenance.php
- RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]
- ErrorDocument 503 /maintenance.php
-
- # Sets the HTTP_AUTHORIZATION header removed by Apache
- RewriteCond %{HTTP:Authorization} .
- RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
-
- RewriteCond %{ENV:REDIRECT_STATUS} ^$
- RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
-
- # If the requested filename exists, simply serve it.
- # We only want to let Apache serve files and not directories.
- RewriteCond %{REQUEST_FILENAME} -f
- RewriteRule ^ - [L]
-
- # Rewrite all other queries to the front controller.
- RewriteRule ^ %{ENV:BASE}/app_dev.php [L]
- </IfModule>
-
</Directory>
- ''
+ ''
];
};
};
projects / perso / Immae / Config / Nix.git / commitdiff
