modules/private/websites/connexionswing/builder.nix

   1 { apacheUser, apacheGroup, connexionswing, pkgs, phpPackages, mylibs, config }:
   2 rec {
   3   app = connexionswing.override { inherit (config) environment; };
   4   keys = [{
   5     dest = "webapps/${app.environment}-connexionswing";
   6     user = apacheUser;
   7     group = apacheGroup;
   8     permissions = "0400";
   9     text = ''
  10       # This file is auto-generated during the composer install
  11       parameters:
  12           database_host: ${config.mysql.host}
  13           database_port: ${config.mysql.port}
  14           database_name: ${config.mysql.name}
  15           database_user: ${config.mysql.user}
  16           database_password: ${config.mysql.password}
  17           database_server_version: ${pkgs.mariadb.mysqlVersion}
  18           mailer_transport: sendmail
  19           mailer_host: null
  20           mailer_user: null
  21           mailer_password: null
  22           subscription_email: ${config.email}
  23           allow_robots: true
  24           secret: ${config.secret}
  25       ${if app.environment == "prod" then ''
  26       services:
  27         swiftmailer.mailer.default.transport:
  28             class:     Swift_SendmailTransport
  29             arguments: ['/run/wrappers/bin/sendmail -bs']
  30       '' else ""}
  31     '';
  32   }];
  33   phpFpm = rec {
  34     preStart = mylibs.phpFpmPreStart {
  35       inherit app;
  36       inherit (app) varDir;
  37       keyFiles = [
  38         "/var/secrets/webapps/${app.environment}-connexionswing"
  39       ];
  40       actions = [
  41         "/run/wrappers/bin/sudo -u ${apacheUser} ./bin/console --env=${app.environment} cache:clear --no-warmup"
  42       ];
  43     };
  44     serviceDeps = [ "mysql.service" ];
  45     socket = "/var/run/phpfpm/connexionswing-${app.environment}.sock";
  46     phpConfig = ''
  47       extension=${phpPackages.imagick}/lib/php/extensions/imagick.so
  48       '';
  49     pool = ''
  50       user = ${apacheUser}
  51       group = ${apacheGroup}
  52       listen.owner = ${apacheUser}
  53       listen.group = ${apacheGroup}
  54       php_admin_value[upload_max_filesize] = 20M
  55       php_admin_value[post_max_size] = 20M
  56       ;php_admin_flag[log_errors] = on
  57       php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/secrets/webapps/${app.environment}-connexionswing:${app}:${app.varDir}:/tmp"
  58       php_admin_value[session.save_path] = "${app.varDir}/phpSessions"
  59       ${if app.environment == "dev" then ''
  60       pm = ondemand
  61       pm.max_children = 5
  62       pm.process_idle_timeout = 60
  63       env[SYMFONY_DEBUG_MODE] = "yes"
  64       '' else ''
  65       pm = dynamic
  66       pm.max_children = 20
  67       pm.start_servers = 2
  68       pm.min_spare_servers = 1
  69       pm.max_spare_servers = 3
  70       ''}'';
  71   };
  72   apache = rec {
  73     modules = [ "proxy_fcgi" ];
  74     webappName = "connexionswing_${app.environment}";
  75     root = "/run/current-system/webapps/${webappName}";
  76     vhostConf = ''
  77     <FilesMatch "\.php$">
  78       SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
  79     </FilesMatch>
  80
  81     <Directory ${app.varDir}/medias>
  82       Options FollowSymLinks
  83       AllowOverride None
  84       Require all granted
  85     </Directory>
  86
  87     <Directory ${app.varDir}/uploads>
  88       Options FollowSymLinks
  89       AllowOverride None
  90       Require all granted
  91     </Directory>
  92
  93     ${if app.environment == "dev" then ''
  94     <Location />
  95       Use LDAPConnect
  96       Require ldap-group   cn=connexionswing.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
  97       ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://connexionswing.com\"></html>"
  98     </Location>
  99
 100     <Directory ${root}>
 101       Options Indexes FollowSymLinks MultiViews Includes
 102       AllowOverride None
 103       Require all granted
 104
 105       DirectoryIndex app_dev.php
 106
 107       <IfModule mod_negotiation.c>
 108       Options -MultiViews
 109       </IfModule>
 110
 111       <IfModule mod_rewrite.c>
 112         RewriteEngine On
 113
 114         RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
 115         RewriteRule ^(.*) - [E=BASE:%1]
 116
 117         # Maintenance script
 118         RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f
 119         RewriteCond %{SCRIPT_FILENAME} !maintenance.php
 120         RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]
 121         ErrorDocument 503 /maintenance.php
 122
 123         # Sets the HTTP_AUTHORIZATION header removed by Apache
 124         RewriteCond %{HTTP:Authorization} .
 125         RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
 126
 127         RewriteCond %{ENV:REDIRECT_STATUS} ^$
 128         RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
 129
 130         # If the requested filename exists, simply serve it.
 131         # We only want to let Apache serve files and not directories.
 132         RewriteCond %{REQUEST_FILENAME} -f
 133         RewriteRule ^ - [L]
 134
 135         # Rewrite all other queries to the front controller.
 136         RewriteRule ^ %{ENV:BASE}/app_dev.php [L]
 137       </IfModule>
 138
 139     </Directory>
 140     '' else ''
 141     Use Stats connexionswing.com
 142
 143     <Directory ${root}>
 144       Options Indexes FollowSymLinks MultiViews Includes
 145       AllowOverride All
 146       Require all granted
 147     </Directory>
 148     ''}
 149     '';
 150   };
 151   activationScript = {
 152     deps = [ "wrappers" ];
 153     text = ''
 154     install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} \
 155       ${app.varDir}/medias \
 156       ${app.varDir}/uploads \
 157       ${app.varDir}/var
 158     install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions
 159     '';
 160   };
 161 }