[perso/Immae/Config/Nix.git] / modules / private / websites / immae / production.nix

{ lib, pkgs, config, myconfig,  ... }:
let
  cfg = config.myServices.websites.immae.production;
  varDir = "/var/lib/ftp/immae";
  env = myconfig.env.websites.immae;
in {
  options.myServices.websites.immae.production.enable = lib.mkEnableOption "enable Immae's website";

  config = lib.mkIf cfg.enable {
    services.webstats.sites = [ { name = "www.immae.eu"; } ];

    services.phpfpm.poolConfigs.immae = ''
      listen = /run/phpfpm/immae.sock
      user = wwwrun
      group = wwwrun
      listen.owner = wwwrun
      listen.group = wwwrun

      pm = ondemand
      pm.max_children = 5
      pm.process_idle_timeout = 60

      php_admin_value[open_basedir] = "${varDir}:/tmp"
      '';
    services.websites.env.production.modules = [ "proxy_fcgi" ];
    services.websites.env.production.vhostConfs.immae = {
      certName    = "eldiron";
      addToCerts  = true;
      hosts       = [ "www.immae.eu" ];
      root        = varDir;
      extraConfig = [
        ''
        Use Stats www.immae.eu

        <FilesMatch "\.php$">
          SetHandler "proxy:unix:/run/phpfpm/immae.sock|fcgi://localhost"
        </FilesMatch>

        <Directory ${varDir}>
          DirectoryIndex index.php index.htm index.html
          Options Indexes FollowSymLinks MultiViews Includes
          AllowOverride All
          Require all granted
        </Directory>

        <Location /blog_old/>
          Use LDAPConnect
          Require ldap-group cn=blog,cn=immae.eu,ou=services,dc=immae,dc=eu
        </Location>
        ''
      ];
    };

    services.websites.env.production.vhostConfs.bouya = {
      certName    = "eldiron";
      addToCerts  = true;
      hosts       = [ "bouya.org" "www.bouya.org" ];
      root        = null;
      extraConfig = [ ''
        RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://www.normalesup.org/~bouya/
        '' ];
    };
  };
}