modules/private/websites/evariste/production.nix

   1 { lib, pkgs, config,  ... }:
   2 let
   3   cfg = config.myServices.websites.evariste.production;
   4   nsiVarDir = "/var/lib/ftp/nsievariste";
   5   stmgVarDir = "/var/lib/ftp/stmgevariste";
   6 in {
   7   options.myServices.websites.evariste.production.enable = lib.mkEnableOption "enable NSI/STMG Evariste website";
   8
   9   config = lib.mkIf cfg.enable {
  10     services.webstats.sites = [
  11       { name = "nsievariste.immae.eu"; }
  12       { name = "stmgevariste.immae.eu"; }
  13     ];
  14
  15     services.websites.env.production.modules = [ "proxy_fcgi" ];
  16     system.activationScripts.evariste = {
  17       deps = [ "httpd" ];
  18       text = ''
  19         install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/nsievariste
  20         install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/stmgevariste
  21         '';
  22     };
  23     services.phpfpm.pools.nsievariste = {
  24       user = "wwwrun";
  25       group = "wwwrun";
  26       settings = {
  27         "listen.owner" = "wwwrun";
  28         "listen.group" = "wwwrun";
  29
  30         "pm" = "ondemand";
  31         "pm.max_children" = "5";
  32         "pm.process_idle_timeout" = "60";
  33
  34         "php_admin_value[open_basedir]" = "/var/lib/php/sessions/nsievariste:${nsiVarDir}:/tmp";
  35         "php_admin_value[session.save_path]" = "/var/lib/php/sessions/nsievariste";
  36       };
  37     };
  38     services.websites.env.production.vhostConfs.nsievariste = {
  39       certName     = "eldiron";
  40       addToCerts   = true;
  41       hosts        = ["nsievariste.immae.eu" ];
  42       root         = nsiVarDir;
  43       extraConfig  = [
  44         ''
  45         Use Stats nsievariste.immae.eu
  46
  47         <FilesMatch "\.php$">
  48           SetHandler "proxy:unix:${config.services.phpfpm.pools.nsievariste.socket}|fcgi://localhost"
  49         </FilesMatch>
  50
  51         <Directory ${nsiVarDir}>
  52           DirectoryIndex index.php index.htm index.html
  53           Options Indexes FollowSymLinks MultiViews Includes
  54           AllowOverride None
  55           Require all granted
  56         </Directory>
  57           ''
  58       ];
  59     };
  60
  61     services.phpfpm.pools.stmgevariste = {
  62       user = "wwwrun";
  63       group = "wwwrun";
  64       settings = {
  65         "listen.owner" = "wwwrun";
  66         "listen.group" = "wwwrun";
  67
  68         "pm" = "ondemand";
  69         "pm.max_children" = "5";
  70         "pm.process_idle_timeout" = "60";
  71
  72         "php_admin_value[open_basedir]" = "/var/lib/php/sessions/stmgevariste:${stmgVarDir}:/tmp";
  73         "php_admin_value[session.save_path]" = "/var/lib/php/sessions/stmgevariste";
  74       };
  75     };
  76     services.websites.env.production.vhostConfs.stmgevariste = {
  77       certName     = "eldiron";
  78       addToCerts   = true;
  79       hosts        = ["stmgevariste.immae.eu" ];
  80       root         = stmgVarDir;
  81       extraConfig  = [
  82         ''
  83         Use Stats stmgevariste.immae.eu
  84
  85         <FilesMatch "\.php$">
  86           SetHandler "proxy:unix:${config.services.phpfpm.pools.stmgevariste.socket}|fcgi://localhost"
  87         </FilesMatch>
  88
  89         <Directory ${stmgVarDir}>
  90           DirectoryIndex index.php index.htm index.html
  91           Options Indexes FollowSymLinks MultiViews Includes
  92           AllowOverride None
  93           Require all granted
  94         </Directory>
  95           ''
  96       ];
  97     };
  98   };
  99 }