Ateliers du changement

author Ismaël Bouya <ismael.bouya@normalesup.org>

Sun, 9 Apr 2023 09:50:02 +0000 (11:50 +0200)

committer Ismaël Bouya <ismael.bouya@normalesup.org>

Sun, 9 Apr 2023 15:18:10 +0000 (17:18 +0200)
author Ismaël Bouya <ismael.bouya@normalesup.org>
Sun, 9 Apr 2023 09:50:02 +0000 (11:50 +0200)
committer Ismaël Bouya <ismael.bouya@normalesup.org>
Sun, 9 Apr 2023 15:18:10 +0000 (17:18 +0200)
diff --git a/modules/private/default.nix b/modules/private/default.nix

index 09ed090e3365a796d70d2977a62852f4d66e9639..28b6c8fee9567126795d29a2e65b20f6a8472f24 100644 (file)
--- a/modules/private/default.nix
+++ b/modules/private/default.nix
@@ -34,6 +34,7 @@ set = {
    christopheCarpentierWebsite = ./websites/christophe_carpentier/website.nix;
    christopheCarpentierAgorakit = ./websites/christophe_carpentier/agorakit.nix;
    christopheCarpentierAgoraProject = ./websites/christophe_carpentier/agora-project.nix;
+  christopheCarpentierAteliersDuChangement = ./websites/christophe_carpentier/ateliersduchangement.nix;
  
    cipcaSympa = ./websites/cip-ca/sympa.nix;
  
diff --git a/modules/private/system/dilion.nix b/modules/private/system/dilion.nix

index d3d18f592552160567dd8e94e1970303ef870705..d0174198a0325cd79df63a47491fd65981643944 100644 (file)
--- a/modules/private/system/dilion.nix
+++ b/modules/private/system/dilion.nix
@@ -179,15 +179,8 @@
      extraDomainNames = [
        "dilion.immae.dev"
        "caldance.cs.immae.dev"
-      "zulip.carpentier.earth"
-      "zulip.tof.carpentier.earth"
-      "zulip.dine.carpentier.earth"
-      "zulip.quentin.carpentier.earth"
-      "zulip.agnes.carpentier.earth"
  
-      "ofn.nc.immae.dev"
-
-      "bookstack.cc.immae.dev"
+      "mobilizon.lesateliersduchangement.org"
      ];
    };
    systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
@@ -220,47 +213,11 @@
            auth_basic_user_file ${pkgs.writeText "htpasswd" config.myEnv.websites.caldance.integration.password};
          '';
        };
-      "bookstack.cc.immae.dev" = {
-        acmeRoot = config.myServices.certificates.webroot;
-        useACMEHost = name;
-        forceSSL = true;
-        locations."/".proxyPass = "http://localhost:4003";
-      };
-      "ofn.nc.immae.dev" = {
-        acmeRoot = config.myServices.certificates.webroot;
-        useACMEHost = name;
-        forceSSL = true;
-        locations."/".proxyPass = "http://localhost:3000";
-      };
-      "zulip.carpentier.earth" = {
-        acmeRoot = config.myServices.certificates.webroot;
-        useACMEHost = name;
-        forceSSL = true;
-        locations."/".proxyPass = "http://localhost:4002";
-      };
-      "zulip.tof.carpentier.earth" = {
-        acmeRoot = config.myServices.certificates.webroot;
-        useACMEHost = name;
-        forceSSL = true;
-        locations."/".proxyPass = "http://localhost:4002";
-      };
-      "zulip.dine.carpentier.earth" = {
-        acmeRoot = config.myServices.certificates.webroot;
-        useACMEHost = name;
-        forceSSL = true;
-        locations."/".proxyPass = "http://localhost:4002";
-      };
-      "zulip.quentin.carpentier.earth" = {
-        acmeRoot = config.myServices.certificates.webroot;
-        useACMEHost = name;
-        forceSSL = true;
-        locations."/".proxyPass = "http://localhost:4002";
-      };
-      "zulip.agnes.carpentier.earth" = {
+      "mobilizon.lesateliersduchangement.org" = {
          acmeRoot = config.myServices.certificates.webroot;
          useACMEHost = name;
          forceSSL = true;
-        locations."/".proxyPass = "http://localhost:4002";
+        locations."/".proxyPass = "http://localhost:19003";
        };
      };
    };
diff --git a/modules/private/websites/christophe_carpentier/ateliersduchangement.nix b/modules/private/websites/christophe_carpentier/ateliersduchangement.nix

new file mode 100644 (file)

index 0000000..13a001e
--- /dev/null
+++ b/modules/private/websites/christophe_carpentier/ateliersduchangement.nix
@@ -0,0 +1,60 @@
+{ lib, config, pkgs, ... }:
+let
+  cfg = config.myServices.websites.christophe_carpentier.ateliersduchangement;
+  varDir = "/var/lib/ftp/christophe_carpentier/lesateliersduchangement";
+  apacheUser = config.services.httpd.Prod.user;
+  apacheGroup = config.services.httpd.Prod.group;
+in {
+  options.myServices.websites.christophe_carpentier.ateliersduchangement.enable = lib.mkEnableOption "enable Christophe Carpentier's Ateliers du changement website";
+
+  config = lib.mkIf cfg.enable {
+    system.activationScripts.christophe_carpentier_ateliers_du_changement = {
+      deps = [ "httpd" "users" ];
+      text = ''
+        install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${varDir}
+      '';
+    };
+    services.phpfpm.pools.christophe_carpentier_ateliers_du_changement = {
+      user = apacheUser;
+      group = apacheGroup;
+      settings = {
+        "listen.owner" = apacheUser;
+        "listen.group" = apacheGroup;
+
+        "pm" = "ondemand";
+        "pm.max_children" = "5";
+        "pm.process_idle_timeout" = "60";
+
+        "php_admin_value[session.save_handler]" = "redis";
+        "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=ChristopheCarpentier:ateliersduchangement:'";
+        "php_admin_value[open_basedir]" = "${varDir}:/tmp";
+      };
+      phpOptions = config.services.phpfpm.phpOptions + ''
+        disable_functions = "mail"
+      '';
+      phpPackage = pkgs.php74.withExtensions ({ enabled, all }: enabled ++ [all.redis all.gd]);
+    };
+    services.websites.env.production.modules = [ "proxy_fcgi" ];
+    services.websites.env.production.vhostConfs.christophe_carpentier_ateliersduchangement = {
+      certName     = "christophe_carpentier";
+      addToCerts   = true;
+      hosts        = ["lesateliersduchangement.org" "www.lesateliersduchangement.org"];
+      root         = varDir;
+      extraConfig  = [
+        ''
+        <FilesMatch "\.php$">
+          SetHandler "proxy:unix:${config.services.phpfpm.pools.christophe_carpentier_ateliers_du_changement.socket}|fcgi://localhost"
+        </FilesMatch>
+
+        <Directory ${varDir}>
+          DirectoryIndex index.php index.htm index.html
+          Options Indexes FollowSymLinks MultiViews Includes
+          AllowOverride All
+          Require all granted
+        </Directory>
+          ''
+      ];
+    };
+  };
+}
+
diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix

index 47a41ab8847a2eda79ae1b3327b0f1a36e13ee9f..2fdd18f8350b4524efe4ad8d1085bdab8d546680 100644 (file)
--- a/modules/private/websites/default.nix
+++ b/modules/private/websites/default.nix
@@ -250,6 +250,7 @@ in
          website.enable = true;
          agorakit.enable = true;
          agora-project.enable = true;
+        ateliersduchangement.enable = true;
        };
  
        cip-ca = {
author	Ismaël Bouya <ismael.bouya@normalesup.org>
	Sun, 9 Apr 2023 09:50:02 +0000 (11:50 +0200)
committer	Ismaël Bouya <ismael.bouya@normalesup.org>
	Sun, 9 Apr 2023 15:18:10 +0000 (17:18 +0200)
modules/private/default.nix		patch \| blob \| blame \| history
modules/private/system/dilion.nix		patch \| blob \| blame \| history
modules/private/websites/christophe_carpentier/ateliersduchangement.nix	[new file with mode: 0644]	patch \| blob
modules/private/websites/default.nix		patch \| blob \| blame \| history