christopheCarpentierWebsite = ./websites/christophe_carpentier/website.nix;
christopheCarpentierAgorakit = ./websites/christophe_carpentier/agorakit.nix;
christopheCarpentierAgoraProject = ./websites/christophe_carpentier/agora-project.nix;
+ christopheCarpentierAteliersDuChangement = ./websites/christophe_carpentier/ateliersduchangement.nix;
cipcaSympa = ./websites/cip-ca/sympa.nix;
extraDomainNames = [
"dilion.immae.dev"
"caldance.cs.immae.dev"
- "zulip.carpentier.earth"
- "zulip.tof.carpentier.earth"
- "zulip.dine.carpentier.earth"
- "zulip.quentin.carpentier.earth"
- "zulip.agnes.carpentier.earth"
- "ofn.nc.immae.dev"
-
- "bookstack.cc.immae.dev"
+ "mobilizon.lesateliersduchangement.org"
];
};
systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
auth_basic_user_file ${pkgs.writeText "htpasswd" config.myEnv.websites.caldance.integration.password};
'';
};
- "bookstack.cc.immae.dev" = {
- acmeRoot = config.myServices.certificates.webroot;
- useACMEHost = name;
- forceSSL = true;
- locations."/".proxyPass = "http://localhost:4003";
- };
- "ofn.nc.immae.dev" = {
- acmeRoot = config.myServices.certificates.webroot;
- useACMEHost = name;
- forceSSL = true;
- locations."/".proxyPass = "http://localhost:3000";
- };
- "zulip.carpentier.earth" = {
- acmeRoot = config.myServices.certificates.webroot;
- useACMEHost = name;
- forceSSL = true;
- locations."/".proxyPass = "http://localhost:4002";
- };
- "zulip.tof.carpentier.earth" = {
- acmeRoot = config.myServices.certificates.webroot;
- useACMEHost = name;
- forceSSL = true;
- locations."/".proxyPass = "http://localhost:4002";
- };
- "zulip.dine.carpentier.earth" = {
- acmeRoot = config.myServices.certificates.webroot;
- useACMEHost = name;
- forceSSL = true;
- locations."/".proxyPass = "http://localhost:4002";
- };
- "zulip.quentin.carpentier.earth" = {
- acmeRoot = config.myServices.certificates.webroot;
- useACMEHost = name;
- forceSSL = true;
- locations."/".proxyPass = "http://localhost:4002";
- };
- "zulip.agnes.carpentier.earth" = {
+ "mobilizon.lesateliersduchangement.org" = {
acmeRoot = config.myServices.certificates.webroot;
useACMEHost = name;
forceSSL = true;
- locations."/".proxyPass = "http://localhost:4002";
+ locations."/".proxyPass = "http://localhost:19003";
};
};
};
--- /dev/null
+{ lib, config, pkgs, ... }:
+let
+ cfg = config.myServices.websites.christophe_carpentier.ateliersduchangement;
+ varDir = "/var/lib/ftp/christophe_carpentier/lesateliersduchangement";
+ apacheUser = config.services.httpd.Prod.user;
+ apacheGroup = config.services.httpd.Prod.group;
+in {
+ options.myServices.websites.christophe_carpentier.ateliersduchangement.enable = lib.mkEnableOption "enable Christophe Carpentier's Ateliers du changement website";
+
+ config = lib.mkIf cfg.enable {
+ system.activationScripts.christophe_carpentier_ateliers_du_changement = {
+ deps = [ "httpd" "users" ];
+ text = ''
+ install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${varDir}
+ '';
+ };
+ services.phpfpm.pools.christophe_carpentier_ateliers_du_changement = {
+ user = apacheUser;
+ group = apacheGroup;
+ settings = {
+ "listen.owner" = apacheUser;
+ "listen.group" = apacheGroup;
+
+ "pm" = "ondemand";
+ "pm.max_children" = "5";
+ "pm.process_idle_timeout" = "60";
+
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=ChristopheCarpentier:ateliersduchangement:'";
+ "php_admin_value[open_basedir]" = "${varDir}:/tmp";
+ };
+ phpOptions = config.services.phpfpm.phpOptions + ''
+ disable_functions = "mail"
+ '';
+ phpPackage = pkgs.php74.withExtensions ({ enabled, all }: enabled ++ [all.redis all.gd]);
+ };
+ services.websites.env.production.modules = [ "proxy_fcgi" ];
+ services.websites.env.production.vhostConfs.christophe_carpentier_ateliersduchangement = {
+ certName = "christophe_carpentier";
+ addToCerts = true;
+ hosts = ["lesateliersduchangement.org" "www.lesateliersduchangement.org"];
+ root = varDir;
+ extraConfig = [
+ ''
+ <FilesMatch "\.php$">
+ SetHandler "proxy:unix:${config.services.phpfpm.pools.christophe_carpentier_ateliers_du_changement.socket}|fcgi://localhost"
+ </FilesMatch>
+
+ <Directory ${varDir}>
+ DirectoryIndex index.php index.htm index.html
+ Options Indexes FollowSymLinks MultiViews Includes
+ AllowOverride All
+ Require all granted
+ </Directory>
+ ''
+ ];
+ };
+ };
+}
+
website.enable = true;
agorakit.enable = true;
agora-project.enable = true;
+ ateliersduchangement.enable = true;
};
cip-ca = {