]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/websites/emilia/richie.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Upgrade nixos
[perso/Immae/Config/Nix.git] / modules / private / websites / emilia / richie.nix
1 { lib, config, pkgs, ... }:
2 let
3 cfg = config.myServices.websites.emilia.richie_production;
4 vardir = "/var/lib/richie_production";
5 richieSrc = pkgs.stdenv.mkDerivation (pkgs.mylibs.fetchedGitPrivate ./richie.json // {
6 phases = "installPhase";
7 installPhase = ''
8 cp -a $src $out
9 chmod -R u+w $out
10 ln -sf ${vardir}/files $out/
11 ln -sf ${vardir}/drapeaux $out/images/
12 ln -sf ${vardir}/photos $out/
13 sed -i "s@localedef --list-archive@localedef --list-archive /run/current-system/sw/lib/locale/locale-archive@" $out/admin/parametres.php
14 '';
15 });
16 in
17 {
18 options.myServices.websites.emilia.richie_production.enable = lib.mkEnableOption "enable Richie's website";
19 config = lib.mkIf cfg.enable {
20 services.duplyBackup.profiles.richie_production.rootDir = vardir;
21 services.webstats.sites = [ { name = "europe-richie.org"; } ];
22
23 secrets.keys = [{
24 dest = "webapps/prod-richie";
25 user = "wwwrun";
26 group = "wwwrun";
27 permissions = "0400";
28 text = with config.myEnv.websites.richie; ''
29 <?php
30
31 $hote_sql = '${mysql.host}';
32 $login_sql = '${mysql.user}';
33 $bdd_sql = '${mysql.database}';
34 $mdp_sql = '${mysql.password}';
35
36 $db = mysqli_connect($hote_sql,$login_sql,$mdp_sql);
37 unset($mdp_sql);
38
39 $smtp_mailer->Auth('${smtp_mailer.user}', '${smtp_mailer.password}');
40 ?>
41 '';
42 }];
43 myServices.websites.webappDirs.richie_production = richieSrc;
44 system.activationScripts.richie_production = {
45 deps = [ "httpd" ];
46 text = ''
47 install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/richie_production
48 install -m 0755 -o wwwrun -g wwwrun -d ${vardir}
49 '';
50 };
51 services.phpfpm.pools.richie_production = {
52 user = "wwwrun";
53 group = "wwwrun";
54 settings = {
55 "listen.owner" = "wwwrun";
56 "listen.group" = "wwwrun";
57
58 "pm" = "ondemand";
59 "pm.max_children" = "5";
60 "pm.process_idle_timeout" = "60";
61
62 "php_admin_value[open_basedir]" = "${vardir}:/var/lib/php/sessions/richie_production:/var/secrets/webapps/prod-richie:${richieSrc}:/tmp";
63 "php_admin_value[session.save_path]" = "/var/lib/php/sessions/richie_production";
64 };
65 phpEnv = {
66 PATH = "/run/current-system/sw/bin:${lib.makeBinPath [ pkgs.imagemagick ]}";
67 BDD_CONNECT = "/var/secrets/webapps/prod-richie";
68 };
69 phpOptions = config.services.phpfpm.phpOptions + ''
70 date.timezone = 'Europe/Paris'
71 extension=${pkgs.php}/lib/php/extensions/mysqli.so
72 '';
73 };
74 services.websites.env.production.modules = [ "proxy_fcgi" ];
75 services.websites.env.production.vhostConfs.richie_production = {
76 certName = "richie";
77 addToCerts = true;
78 certMainHost = "europe-richie.org";
79 hosts = [ "europe-richie.org" "www.europe-richie.org" ];
80 root = "/run/current-system/webapps/richie_production";
81 extraConfig = [
82 ''
83 Use Stats europe-richie.org
84 ErrorDocument 404 /404.html
85 <LocationMatch "^/files/.*/admin/">
86 Require all denied
87 </LocationMatch>
88 <Directory /run/current-system/webapps/richie_production>
89 DirectoryIndex index.php index.htm index.html
90 Options Indexes FollowSymLinks MultiViews Includes
91 AllowOverride None
92 Require all granted
93
94 <FilesMatch "\.php$">
95 SetHandler "proxy:unix:${config.services.phpfpm.pools.richie_production.socket}|fcgi://localhost"
96 </FilesMatch>
97 </Directory>
98 ''
99 ];
100 };
101 };
102 }
My infrastructure configuration