[perso/Immae/Config/Nix.git] / modules / private / websites / aten / builder.nix

{ apacheUser, apacheGroup, aten, lib, mylibs, config }: rec {
  app = aten.override { inherit (config) environment; };
  phpFpm = rec {
    preStart = mylibs.phpFpmPreStart {
      inherit app;
      inherit (app) varDir;
      keyFiles = [
        "/var/secrets/webapps/${app.environment}-aten"
      ];
      actions = [
        "/run/wrappers/bin/sudo -u ${apacheUser} APP_ENV=${app.environment} ./bin/console --env=${app.environment} cache:clear --no-warmup"
      ];
    };
    serviceDeps = [ "postgresql.service" ];
    socket = "/var/run/phpfpm/aten-${app.environment}.sock";
    pool = ''
      listen = ${socket}
      user = ${apacheUser}
      group = ${apacheGroup}
      listen.owner = ${apacheUser}
      listen.group = ${apacheGroup}
      php_admin_value[upload_max_filesize] = 20M
      php_admin_value[post_max_size] = 20M
      ;php_admin_flag[log_errors] = on
      php_admin_value[open_basedir] = "${app}:${app.varDir}:/tmp"
      php_admin_value[session.save_path] = "${app.varDir}/phpSessions"
      ${if app.environment == "dev" then ''
      pm = ondemand
      pm.max_children = 5
      pm.process_idle_timeout = 60
      env[SYMFONY_DEBUG_MODE] = "yes"
      '' else ''
      pm = dynamic
      pm.max_children = 20
      pm.start_servers = 2
      pm.min_spare_servers = 1
      pm.max_spare_servers = 3
      ''}'';
  };
  keys = [{
    dest = "webapps/${app.environment}-aten";
    user = apacheUser;
    group = apacheGroup;
    permissions = "0400";
    text = ''
      SetEnv APP_ENV      "${app.environment}"
      SetEnv APP_SECRET   "${config.secret}"
      SetEnv DATABASE_URL "${config.psql_url}"
      '';
  }];
  apache = rec {
    modules = [ "proxy_fcgi" ];
    webappName = "aten_${app.environment}";
    root = "/run/current-system/webapps/${webappName}";
    vhostConf = ''
    <FilesMatch "\.php$">
      SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
    </FilesMatch>

    Include /var/secrets/webapps/${app.environment}-aten

    ${if app.environment == "dev" then ''
    <Location />
      Use LDAPConnect
      Require ldap-group   cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
      ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
    </Location>

    <Location /backend>
      Use LDAPConnect
      Require ldap-group   cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
      ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
    </Location>
    '' else ''
    Use Stats aten.pro

    <Location /backend>
      Use LDAPConnect
      Require ldap-group   cn=aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
      ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
    </Location>
    ''}

    <Directory ${root}>
      Options Indexes FollowSymLinks MultiViews Includes
      AllowOverride All
      Require all granted
      DirectoryIndex index.php
      FallbackResource /index.php
    </Directory>
    '';
  };
  activationScript = {
    deps = [ "wrappers" ];
    text = ''
    install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}
    install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions
    '';
  };
}
Commit	Line	Data
4360f70d	1	{ apacheUser, apacheGroup, aten, lib, mylibs, config }: rec {
1bd8b03e IB	2	app = aten.override { inherit (config) environment; };
1bd8b03e IB	3	phpFpm = rec {
4360f70d IB	4	preStart = mylibs.phpFpmPreStart {
	5	inherit app;
	6	inherit (app) varDir;
	7	keyFiles = [
	8	"/var/secrets/webapps/${app.environment}-aten"
	9	];
	10	actions = [
	11	"/run/wrappers/bin/sudo -u ${apacheUser} APP_ENV=${app.environment} ./bin/console --env=${app.environment} cache:clear --no-warmup"
	12	];
	13	};
1bd8b03e IB	14	serviceDeps = [ "postgresql.service" ];
	15	socket = "/var/run/phpfpm/aten-${app.environment}.sock";
	16	pool = ''
	17	listen = ${socket}
f8026b6e IB	18	user = ${apacheUser}
	19	group = ${apacheGroup}
	20	listen.owner = ${apacheUser}
	21	listen.group = ${apacheGroup}
1bd8b03e IB	22	php_admin_value[upload_max_filesize] = 20M
	23	php_admin_value[post_max_size] = 20M
	24	;php_admin_flag[log_errors] = on
	25	php_admin_value[open_basedir] = "${app}:${app.varDir}:/tmp"
	26	php_admin_value[session.save_path] = "${app.varDir}/phpSessions"
	27	${if app.environment == "dev" then ''
	28	pm = ondemand
	29	pm.max_children = 5
	30	pm.process_idle_timeout = 60
	31	env[SYMFONY_DEBUG_MODE] = "yes"
	32	'' else ''
	33	pm = dynamic
	34	pm.max_children = 20
	35	pm.start_servers = 2
	36	pm.min_spare_servers = 1
	37	pm.max_spare_servers = 3
	38	''}'';
	39	};
	40	keys = [{
	41	dest = "webapps/${app.environment}-aten";
f8026b6e IB	42	user = apacheUser;
f8026b6e IB	43	group = apacheGroup;
1bd8b03e IB	44	permissions = "0400";
	45	text = ''
	46	SetEnv APP_ENV "${app.environment}"
	47	SetEnv APP_SECRET "${config.secret}"
	48	SetEnv DATABASE_URL "${config.psql_url}"
	49	'';
	50	}];
	51	apache = rec {
1bd8b03e IB	52	modules = [ "proxy_fcgi" ];
	53	webappName = "aten_${app.environment}";
	54	root = "/run/current-system/webapps/${webappName}";
	55	vhostConf = ''
	56	<FilesMatch "\.php$">
	57	SetHandler "proxy:unix:${phpFpm.socket}\|fcgi://localhost"
	58	</FilesMatch>
6c672f34	59
1bd8b03e	60	Include /var/secrets/webapps/${app.environment}-aten
6c672f34	61
1bd8b03e IB	62	${if app.environment == "dev" then ''
	63	<Location />
	64	Use LDAPConnect
	65	Require ldap-group cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
	66	ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
	67	</Location>
6c672f34	68
1bd8b03e IB	69	<Location /backend>
	70	Use LDAPConnect
	71	Require ldap-group cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
	72	ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
	73	</Location>
	74	'' else ''
	75	Use Stats aten.pro
34e2fd14	76
1bd8b03e IB	77	<Location /backend>
	78	Use LDAPConnect
	79	Require ldap-group cn=aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
	80	ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
	81	</Location>
	82	''}
6c672f34	83
1bd8b03e IB	84	<Directory ${root}>
	85	Options Indexes FollowSymLinks MultiViews Includes
	86	AllowOverride All
	87	Require all granted
	88	DirectoryIndex index.php
	89	FallbackResource /index.php
	90	</Directory>
	91	'';
	92	};
	93	activationScript = {
	94	deps = [ "wrappers" ];
	95	text = ''
f8026b6e IB	96	install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}
f8026b6e IB	97	install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions
1bd8b03e	98	'';
6c672f34	99	};
1bd8b03e	100	}