modules/private/websites/leila/production.nix

   1 { lib, pkgs, config, ... }:
   2 let
   3   cfg = config.myServices.websites.leila.production;
   4   varDir = "/var/lib/ftp/leila";
   5 in {
   6   options.myServices.websites.leila.production.enable = lib.mkEnableOption "enable Leila's websites in production";
   7
   8   config = lib.mkIf cfg.enable {
   9     services.phpfpm.pools.leila = {
  10       listen = "/run/phpfpm/leila.sock";
  11       extraConfig = ''
  12         user = wwwrun
  13         group = wwwrun
  14         listen.owner = wwwrun
  15         listen.group = wwwrun
  16
  17         pm = ondemand
  18         pm.max_children = 5
  19         pm.process_idle_timeout = 60
  20
  21         php_admin_value[open_basedir] = "${varDir}:/tmp"
  22       '';
  23     };
  24
  25     services.webstats.sites = [
  26       { name = "leila.bouya.org"; }
  27       { name = "chorale.leila.bouya.org"; }
  28       { name = "syrwennecreation.bouya.org"; }
  29     ];
  30
  31     services.websites.env.production.modules = [ "proxy_fcgi" ];
  32     services.websites.env.production.vhostConfs.leila_chorale = {
  33       certName    = "leila";
  34       addToCerts  = true;
  35       hosts       = [ "chorale.leila.bouya.org" "chorale-vocanta.fr.nf" "www.chorale-vocanta.fr.nf" ];
  36       root        = "${varDir}/Chorale";
  37       extraConfig = [
  38         ''
  39         Use Stats chorale.leila.bouya.org
  40         <Directory ${varDir}/Chorale>
  41           DirectoryIndex index.php index.htm index.html
  42           Options Indexes FollowSymLinks MultiViews Includes
  43           AllowOverride None
  44
  45           Use LDAPConnect
  46           Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
  47
  48           <FilesMatch "\.php$">
  49             SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost"
  50           </FilesMatch>
  51         </Directory>
  52           ''
  53       ];
  54     };
  55     services.websites.env.production.vhostConfs.leila_syrwenne = {
  56       certName    = "leila";
  57       addToCerts  = true;
  58       hosts       = [ "syrwennecreation.bouya.org" ];
  59       root        = "${varDir}/Syrwennecreation";
  60       extraConfig = [
  61         ''
  62         Use Stats syrwennecreation.bouya.org
  63         <Directory ${varDir}/Syrwennecreation>
  64           DirectoryIndex index.php index.htm index.html
  65           Options Indexes FollowSymLinks MultiViews Includes
  66           AllowOverride None
  67
  68           <FilesMatch "\.php$">
  69             SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost"
  70           </FilesMatch>
  71         </Directory>
  72           ''
  73       ];
  74     };
  75     services.websites.env.production.vhostConfs.leila = {
  76       certName     = "leila";
  77       certMainHost = "leila.bouya.org";
  78       hosts        = [ "leila.bouya.org" ];
  79       root         = varDir;
  80       extraConfig  = [
  81         ''
  82         Use Stats leila.bouya.org
  83         <Directory ${varDir}/Chorale>
  84           DirectoryIndex index.htm index.html
  85           Options Indexes FollowSymLinks MultiViews Includes
  86           AllowOverride None
  87
  88           Use LDAPConnect
  89           Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
  90
  91           <FilesMatch "\.php$">
  92             SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost"
  93           </FilesMatch>
  94         </Directory>
  95         <Directory ${varDir}>
  96           DirectoryIndex index.htm index.html
  97           Options Indexes FollowSymLinks MultiViews Includes
  98           AllowOverride None
  99           Require all granted
 100         </Directory>
 101           ''
 102       ];
 103     };
 104   };
 105 }