[perso/Immae/Config/Nix.git] / nixops / modules / websites / ftp / immae.nix

{ lib, pkgs, config, myconfig, mylibs, ... }:
let
    cfg = config.services.myWebsites.Immae;
    varDir = "/var/lib/ftp/immae";
    env = myconfig.env.websites.immae;
in {
  options.services.myWebsites.Immae = {
    production = {
      enable = lib.mkEnableOption "enable Immae's website";
    };
  };

  imports = [
    ../commons/stats.nix
  ];

  config = lib.mkIf cfg.production.enable {
    services.myWebsites.commons.stats.enable = true;
    services.myWebsites.commons.stats.sites = [
      { name = "www.immae.eu"; }
    ];

    security.acme.certs."eldiron".extraDomains."www.immae.eu" = null;

    services.myPhpfpm.poolConfigs.immae = ''
      listen = /run/phpfpm/immae.sock
      user = wwwrun
      group = wwwrun
      listen.owner = wwwrun
      listen.group = wwwrun

      pm = ondemand
      pm.max_children = 5
      pm.process_idle_timeout = 60

      php_admin_value[open_basedir] = "${varDir}:/tmp"
      '';
    services.myWebsites.production.modules = [ "proxy_fcgi" ];
    services.myWebsites.production.vhostConfs.immae = {
      certName    = "eldiron";
      hosts       = [ "www.immae.eu" ];
      root        = varDir;
      extraConfig = [
        ''
        Use Stats www.immae.eu

        <FilesMatch "\.php$">
          SetHandler "proxy:unix:/run/phpfpm/immae.sock|fcgi://localhost"
        </FilesMatch>

        <Directory ${varDir}>
          DirectoryIndex index.php index.htm index.html
          Options Indexes FollowSymLinks MultiViews Includes
          AllowOverride All
          Require all granted
        </Directory>

        <Location /blog_old/>
          Use LDAPConnect
          Require ldap-group cn=blog,cn=immae.eu,ou=services,dc=immae,dc=eu
        </Location>
        ''
      ];
    };

    security.acme.certs."eldiron".extraDomains."bouya.org" = null;
    security.acme.certs."eldiron".extraDomains."www.bouya.org" = null;
    services.myWebsites.production.vhostConfs.bouya = {
      certName    = "eldiron";
      hosts       = [ "bouya.org" "www.bouya.org" ];
      root        = null;
      extraConfig = [ ''
        RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://www.normalesup.org/~bouya/
        '' ];
    };
  };
}
Commit	Line	Data
f759f52e IB	1	{ lib, pkgs, config, myconfig, mylibs, ... }:
	2	let
	3	cfg = config.services.myWebsites.Immae;
	4	varDir = "/var/lib/ftp/immae";
	5	env = myconfig.env.websites.immae;
	6	in {
	7	options.services.myWebsites.Immae = {
	8	production = {
	9	enable = lib.mkEnableOption "enable Immae's website";
	10	};
	11	};
	12
	13	imports = [
	14	../commons/stats.nix
	15	];
	16
	17	config = lib.mkIf cfg.production.enable {
	18	services.myWebsites.commons.stats.enable = true;
	19	services.myWebsites.commons.stats.sites = [
b7ee93fc	20	{ name = "www.immae.eu"; }
f759f52e IB	21	];
	22
	23	security.acme.certs."eldiron".extraDomains."www.immae.eu" = null;
	24
	25	services.myPhpfpm.poolConfigs.immae = ''
	26	listen = /run/phpfpm/immae.sock
	27	user = wwwrun
	28	group = wwwrun
	29	listen.owner = wwwrun
	30	listen.group = wwwrun
	31
	32	pm = ondemand
	33	pm.max_children = 5
	34	pm.process_idle_timeout = 60
	35
	36	php_admin_value[open_basedir] = "${varDir}:/tmp"
	37	'';
	38	services.myWebsites.production.modules = [ "proxy_fcgi" ];
	39	services.myWebsites.production.vhostConfs.immae = {
	40	certName = "eldiron";
	41	hosts = [ "www.immae.eu" ];
	42	root = varDir;
	43	extraConfig = [
	44	''
	45	Use Stats www.immae.eu
	46
	47	<FilesMatch "\.php$">
	48	SetHandler "proxy:unix:/run/phpfpm/immae.sock\|fcgi://localhost"
	49	</FilesMatch>
	50
	51	<Directory ${varDir}>
	52	DirectoryIndex index.php index.htm index.html
	53	Options Indexes FollowSymLinks MultiViews Includes
	54	AllowOverride All
	55	Require all granted
	56	</Directory>
	57
	58	<Location /blog_old/>
	59	Use LDAPConnect
	60	Require ldap-group cn=blog,cn=immae.eu,ou=services,dc=immae,dc=eu
	61	</Location>
	62	''
	63	];
	64	};
70606070 IB	65
	66	security.acme.certs."eldiron".extraDomains."bouya.org" = null;
	67	security.acme.certs."eldiron".extraDomains."www.bouya.org" = null;
	68	services.myWebsites.production.vhostConfs.bouya = {
	69	certName = "eldiron";
	70	hosts = [ "bouya.org" "www.bouya.org" ];
	71	root = null;
	72	extraConfig = [ ''
	73	RedirectMatch 301 ^/((?!\.well-known.$).)$ https://www.normalesup.org/~bouya/
	74	'' ];
	75	};
f759f52e IB	76	};
f759f52e IB	77	}