modules/private/websites/evariste/production.nix

   1 { lib, pkgs, config,  ... }:
   2 let
   3   cfg = config.myServices.websites.evariste.production;
   4   nsiVarDir = "/var/lib/ftp/nsievariste";
   5   stmgVarDir = "/var/lib/ftp/stmgevariste";
   6 in {
   7   options.myServices.websites.evariste.production.enable = lib.mkEnableOption "enable NSI/STMG Evariste website";
   8
   9   config = lib.mkIf cfg.enable {
  10     services.webstats.sites = [
  11       { name = "nsievariste.immae.eu"; }
  12       { name = "stmgevariste.immae.eu"; }
  13     ];
  14
  15     services.websites.env.production.modules = [ "proxy_fcgi" ];
  16     system.activationScripts.evariste = {
  17       deps = [ "httpd" ];
  18       text = ''
  19         install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/nsievariste
  20         install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/stmgevariste
  21         '';
  22     };
  23     services.phpfpm.pools.nsievariste = {
  24       listen = "/run/phpfpm/nsievariste.sock";
  25       extraConfig = ''
  26         user = wwwrun
  27         group = wwwrun
  28         listen.owner = wwwrun
  29         listen.group = wwwrun
  30
  31         pm = ondemand
  32         pm.max_children = 5
  33         pm.process_idle_timeout = 60
  34
  35         php_admin_value[open_basedir] = "/var/lib/php/sessions/nsievariste:${nsiVarDir}:/tmp"
  36         php_admin_value[session.save_path] = "/var/lib/php/sessions/nsievariste"
  37         '';
  38     };
  39     services.websites.env.production.vhostConfs.nsievariste = {
  40       certName     = "eldiron";
  41       addToCerts   = true;
  42       hosts        = ["nsievariste.immae.eu" ];
  43       root         = nsiVarDir;
  44       extraConfig  = [
  45         ''
  46         Use Stats nsievariste.immae.eu
  47
  48         <FilesMatch "\.php$">
  49           SetHandler "proxy:unix:/run/phpfpm/nsievariste.sock|fcgi://localhost"
  50         </FilesMatch>
  51
  52         <Directory ${nsiVarDir}>
  53           DirectoryIndex index.php index.htm index.html
  54           Options Indexes FollowSymLinks MultiViews Includes
  55           AllowOverride None
  56           Require all granted
  57         </Directory>
  58           ''
  59       ];
  60     };
  61
  62     services.phpfpm.pools.stmgevariste = {
  63       listen = "/run/phpfpm/stmgevariste.sock";
  64       extraConfig = ''
  65         user = wwwrun
  66         group = wwwrun
  67         listen.owner = wwwrun
  68         listen.group = wwwrun
  69
  70         pm = ondemand
  71         pm.max_children = 5
  72         pm.process_idle_timeout = 60
  73
  74         php_admin_value[open_basedir] = "/var/lib/php/sessions/stmgevariste:${stmgVarDir}:/tmp"
  75         php_admin_value[session.save_path] = "/var/lib/php/sessions/stmgevariste"
  76         '';
  77     };
  78     services.websites.env.production.vhostConfs.stmgevariste = {
  79       certName     = "eldiron";
  80       addToCerts   = true;
  81       hosts        = ["stmgevariste.immae.eu" ];
  82       root         = stmgVarDir;
  83       extraConfig  = [
  84         ''
  85         Use Stats stmgevariste.immae.eu
  86
  87         <FilesMatch "\.php$">
  88           SetHandler "proxy:unix:/run/phpfpm/stmgevariste.sock|fcgi://localhost"
  89         </FilesMatch>
  90
  91         <Directory ${stmgVarDir}>
  92           DirectoryIndex index.php index.htm index.html
  93           Options Indexes FollowSymLinks MultiViews Includes
  94           AllowOverride None
  95           Require all granted
  96         </Directory>
  97           ''
  98       ];
  99     };
 100   };
 101 }