From c0c7c8b59e1a4f61463402fe12950438136cac22 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Isma=C3=ABl=20Bouya?= Date: Thu, 30 Sep 2021 00:20:41 +0200 Subject: [PATCH] Add website for AtelierFringant --- modules/private/default.nix | 1 + modules/private/websites/default.nix | 5 +- .../websites/emilia/atelierfringant.nix | 65 +++++++++++++++++++ nixops/secrets | 2 +- 4 files changed, 71 insertions(+), 2 deletions(-) create mode 100644 modules/private/websites/emilia/atelierfringant.nix diff --git a/modules/private/default.nix b/modules/private/default.nix index 6b64e60..5bb6507 100644 --- a/modules/private/default.nix +++ b/modules/private/default.nix @@ -40,6 +40,7 @@ set = { deniseProduction = ./websites/denise/production.nix; emiliaMoodle = ./websites/emilia/moodle.nix; + emiliaAtelierFringant = ./websites/emilia/atelierfringant.nix; florianApp = ./websites/florian/app.nix; florianInte = ./websites/florian/integration.nix; diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix index ba2dde0..809f615 100644 --- a/modules/private/websites/default.nix +++ b/modules/private/websites/default.nix @@ -248,7 +248,10 @@ in production.enable = true; }; - emilia.moodle.enable = false; + emilia = { + moodle.enable = false; + atelierfringant.enable = true; + }; florian = { app.enable = true; diff --git a/modules/private/websites/emilia/atelierfringant.nix b/modules/private/websites/emilia/atelierfringant.nix new file mode 100644 index 0000000..b47452f --- /dev/null +++ b/modules/private/websites/emilia/atelierfringant.nix @@ -0,0 +1,65 @@ +{ lib, pkgs, config, ... }: +let + cfg = config.myServices.websites.emilia.atelierfringant; + varDir = "/var/lib/ftp/emilia/atelierfringant"; + apacheUser = config.services.httpd.Prod.user; + apacheGroup = config.services.httpd.Prod.group; +in { + options.myServices.websites.emilia.atelierfringant.enable = lib.mkEnableOption "enable Émilia's website"; + + config = lib.mkIf cfg.enable { + system.activationScripts.emilia_atelierfringant = { + deps = [ "httpd" ]; + text = '' + install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/ftp/emilia/atelierfringant + install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/emilia + ''; + }; + systemd.services.phpfpm-emilia_atelierfringant.after = lib.mkAfter [ "mysql.service" ]; + systemd.services.phpfpm-emilia_atelierfringant.wants = [ "mysql.service" ]; + services.phpfpm.pools.emilia_atelierfringant = { + user = apacheUser; + group = apacheGroup; + settings = { + "listen.owner" = apacheUser; + "listen.group" = apacheGroup; + + "pm" = "ondemand"; + "pm.max_children" = "5"; + "pm.process_idle_timeout" = "60"; + + "php_admin_value[open_basedir]" = "/var/lib/php/sessions/emilia:${varDir}:/tmp"; + "php_admin_value[session.save_path]" = "/var/lib/php/sessions/emilia"; + }; + phpOptions = config.services.phpfpm.phpOptions + '' + disable_functions = "mail" + ''; + phpPackage = pkgs.php72; + }; + services.websites.env.production.modules = [ "proxy_fcgi" ]; + services.websites.env.production.vhostConfs.emilia_atelierfringant = { + certName = "emilia"; + certMainHost = "atelierfringant.org"; + hosts = ["atelierfringant.org" "www.atelierfringant.org" ]; + root = varDir; + extraConfig = [ + '' + + SetHandler "proxy:unix:${config.services.phpfpm.pools.emilia_atelierfringant.socket}|fcgi://localhost" + + + + AllowOverride None + Require all denied + + + DirectoryIndex index.php index.htm index.html + Options Indexes FollowSymLinks MultiViews Includes + AllowOverride all + Require all granted + + '' + ]; + }; + }; +} diff --git a/nixops/secrets b/nixops/secrets index e241d6e..d5068b2 160000 --- a/nixops/secrets +++ b/nixops/secrets @@ -1 +1 @@ -Subproject commit e241d6ee177132dc1847b37b900d0897a984a2e2 +Subproject commit d5068b2f6e4a8aa7e6e487b34eef0d90e7f547ca -- 2.41.0