From e273ef92ae582984e0896a8c16fab73747c3ab2b Mon Sep 17 00:00:00 2001 From: =?utf8?q?Isma=C3=ABl=20Bouya?= Date: Sun, 30 Dec 2018 11:16:18 +0100 Subject: [PATCH] Prepare production configuration for connexionswing --- virtual/eldiron.nix | 22 ++++++++++++++++++---- virtual/packages.nix | 13 +++++++++++++ 2 files changed, 31 insertions(+), 4 deletions(-) diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix index 2d1c50e..e583948 100644 --- a/virtual/eldiron.nix +++ b/virtual/eldiron.nix @@ -36,7 +36,6 @@ }; }; - # FIXME: how to run it? currently set as timer security.acme.certs = { "eldiron" = { webroot = "/var/lib/acme/acme-challenge"; @@ -44,7 +43,7 @@ domain = "eldiron.immae.eu"; plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ]; postRun = '' - "systemctl reload httpd.service" + systemctl reload httpd.service ''; extraDomains = { "db-1.immae.eu" = null; @@ -53,11 +52,24 @@ "sandetludo.immae.eu" = null; }; }; + # "connexionswing" = { + # webroot = "/var/lib/acme/acme-challenge"; + # email = "ismael@bouya.org"; + # domain = "connexionswing.com"; + # plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ]; + # postRun = '' + # systemctl reload httpd.service + # ''; + # extraDomains = { + # "www.connexionswing.com" = null; + # "sandetludo.com" = null; + # "www.sandetludo.com" = null; + # }; + # }; }; services.ympd = mypkgs.ympd.config // { enable = true; }; - # FIXME: open_basedir services.phpfpm = { extraConfig = '' log_level = notice @@ -65,6 +77,7 @@ poolConfigs = { adminer = mypkgs.adminer.phpFpm.pool; connexionswing_dev = mypkgs.connexionswing_dev.phpFpm.pool; + connexionswing_prod = mypkgs.connexionswing_prod.phpFpm.pool; www = '' listen = /var/run/phpfpm/www.sock user = wwwrun @@ -82,6 +95,7 @@ system.activationScripts = { connexionswing_dev = mypkgs.connexionswing_dev.activationScript; + connexionswing_prod = mypkgs.connexionswing_prod.activationScript; httpd = '' install -d -m 0755 /var/lib/acme/acme-challenge install -d -m 0755 /var/www @@ -104,6 +118,7 @@ extraModules = pkgs.lib.lists.unique ( mypkgs.adminer.apache.modules ++ mypkgs.connexionswing_dev.apache.modules ++ + mypkgs.connexionswing_prod.apache.modules ++ [ "macro" "ldap" @@ -167,7 +182,6 @@ hostName = "redirectSSL"; serverAliases = [ "*" ]; enableSSL = false; - # FIXME: directory needs to exist documentRoot = "/var/lib/acme/acme-challenge"; extraConfig = '' RewriteEngine on diff --git a/virtual/packages.nix b/virtual/packages.nix index cd98b79..ef9feb5 100644 --- a/virtual/packages.nix +++ b/virtual/packages.nix @@ -61,6 +61,18 @@ let SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" + + Options FollowSymLinks + AllowOverride None + Require all granted + + + + Options FollowSymLinks + AllowOverride None + Require all granted + + ${if environment == "dev" then '' Use LDAPConnect @@ -131,6 +143,7 @@ let # FIXME: can we do better than symlink? # FIXME: imagick optional # FIXME: initial sync + # FIXME: backup buildPhase = '' export GIT_SSL_CAINFO=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt -- 2.41.0