modules/private/websites/leila/production.nix

   1 { lib, pkgs, config, ... }:
   2 let
   3   cfg = config.myServices.websites.leila.production;
   4   varDir = "/var/lib/ftp/leila";
   5 in {
   6   options.myServices.websites.leila.production.enable = lib.mkEnableOption "enable Leila's website in production";
   7
   8   config = lib.mkIf cfg.enable {
   9     services.phpfpm.poolConfigs.leila = ''
  10       listen = /run/phpfpm/leila.sock
  11       user = wwwrun
  12       group = wwwrun
  13       listen.owner = wwwrun
  14       listen.group = wwwrun
  15
  16       pm = ondemand
  17       pm.max_children = 5
  18       pm.process_idle_timeout = 60
  19
  20       php_admin_value[open_basedir] = "${varDir}:/tmp"
  21       '';
  22
  23     services.webstats.sites = [
  24       { name = "leila.bouya.org"; }
  25       { name = "chorale.leila.bouya.org"; }
  26     ];
  27
  28     services.websites.production.modules = [ "proxy_fcgi" ];
  29     services.websites.production.vhostConfs.leila_chorale = {
  30       certName    = "leila";
  31       addToCerts  = true;
  32       hosts       = [ "chorale.leila.bouya.org" "chorale-vocanta.fr.nf" "www.chorale-vocanta.fr.nf" ];
  33       root        = "${varDir}/Chorale";
  34       extraConfig = [
  35         ''
  36         Use Stats chorale.leila.bouya.org
  37         <Directory ${varDir}/Chorale>
  38           DirectoryIndex index.php index.htm index.html
  39           Options Indexes FollowSymLinks MultiViews Includes
  40           AllowOverride None
  41
  42           Use LDAPConnect
  43           Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
  44
  45           <FilesMatch "\.php$">
  46             SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost"
  47           </FilesMatch>
  48         </Directory>
  49           ''
  50       ];
  51     };
  52     services.websites.production.vhostConfs.leila = {
  53       certName     = "leila";
  54       certMainHost = "leila.bouya.org";
  55       hosts        = [ "leila.bouya.org" ];
  56       root         = varDir;
  57       extraConfig  = [
  58         ''
  59         Use Stats leila.bouya.org
  60         <Directory ${varDir}/Chorale>
  61           DirectoryIndex index.htm index.html
  62           Options Indexes FollowSymLinks MultiViews Includes
  63           AllowOverride None
  64
  65           Use LDAPConnect
  66           Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
  67
  68           <FilesMatch "\.php$">
  69             SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost"
  70           </FilesMatch>
  71         </Directory>
  72         <Directory ${varDir}>
  73           DirectoryIndex index.htm index.html
  74           Options Indexes FollowSymLinks MultiViews Includes
  75           AllowOverride None
  76           Require all granted
  77         </Directory>
  78           ''
  79       ];
  80     };
  81   };
  82 }