modules/private/websites/ludivine/integration.nix

   1 { lib, pkgs, config,  ... }:
   2 let
   3   secrets = config.myEnv.websites.ludivine.integration;
   4   app = pkgs.callPackage ./app {
   5     environment = secrets.environment;
   6     varDir = "/var/lib/ludivine_integration";
   7     secretsPath = config.secrets.fullPaths."websites/ludivine/integration";
   8   };
   9   cfg = config.myServices.websites.ludivine.integration;
  10   pcfg = config.services.phpApplication;
  11 in {
  12   options.myServices.websites.ludivine.integration.enable = lib.mkEnableOption "enable Ludivine's website in integration";
  13
  14   config = lib.mkIf cfg.enable {
  15     services.duplyBackup.profiles.ludivine_integration.rootDir = app.varDir;
  16     services.phpApplication.apps.ludivine_integration = {
  17       websiteEnv = "integration";
  18       httpdUser = config.services.httpd.Inte.user;
  19       httpdGroup = config.services.httpd.Inte.group;
  20       inherit (app) webRoot varDir;
  21       varDirPaths = {
  22         "tmp" = "0700";
  23       };
  24       inherit app;
  25       serviceDeps = [ "mysql.service" ];
  26       preStartActions = [
  27         "./bin/console --env=${app.environment} cache:clear --no-warmup"
  28       ];
  29       phpOpenbasedir = [ "/tmp" ];
  30       phpPool = {
  31         "php_admin_value[upload_max_filesize]" = "20M";
  32         "php_admin_value[post_max_size]" = "20M";
  33         #"php_admin_flag[log_errors]" = "on";
  34         "pm" = "ondemand";
  35         "pm.max_children" = "5";
  36         "pm.process_idle_timeout" = "60";
  37       };
  38       phpEnv = {
  39         PATH = lib.makeBinPath [
  40           # below ones don't need to be in the PATH but they’re used in
  41           # secrets
  42           pkgs.imagemagick pkgs.sass pkgs.ruby
  43         ];
  44         SYMFONY_DEBUG_MODE = "\"yes\"";
  45       };
  46       phpWatchFiles = [
  47         config.secrets.fullPaths."websites/ludivine/integration"
  48       ];
  49     };
  50
  51     secrets.keys = [
  52       {
  53         dest = "websites/ludivine/integration";
  54         user = config.services.httpd.Inte.user;
  55         group = config.services.httpd.Inte.group;
  56         permissions = "0400";
  57         text = ''
  58           # This file is auto-generated during the composer install
  59           parameters:
  60               database_host: ${secrets.mysql.host}
  61               database_port: ${secrets.mysql.port}
  62               database_name: ${secrets.mysql.database}
  63               database_user: ${secrets.mysql.user}
  64               database_password: ${secrets.mysql.password}
  65               database_server_version: ${pkgs.mariadb.mysqlVersion}
  66               mailer_transport: smtp
  67               mailer_host: 127.0.0.1
  68               mailer_user: null
  69               mailer_password: null
  70               secret: ${secrets.secret}
  71               ldap_host: ldap.immae.eu
  72               ldap_port: 636
  73               ldap_version: 3
  74               ldap_ssl: true
  75               ldap_tls: false
  76               ldap_user_bind: 'uid={username},ou=users,dc=immae,dc=eu'
  77               ldap_base_dn: 'dc=immae,dc=eu'
  78               ldap_search_dn: '${secrets.ldap.dn}'
  79               ldap_search_password: '${secrets.ldap.password}'
  80               ldap_search_filter: '${secrets.ldap.filter}'
  81           leapt_im:
  82               binary_path: ${pkgs.imagemagick}/bin
  83           assetic:
  84               sass: ${pkgs.sass}/bin/sass
  85               ruby: ${pkgs.ruby}/bin/ruby
  86         '';
  87       }
  88     ];
  89
  90     services.websites.env.integration.vhostConfs.ludivine_integration = {
  91       certName    = "integration";
  92       addToCerts  = true;
  93       hosts       = [ "ludivine.immae.eu" ];
  94       root        = pcfg.webappDirs.ludivine_integration;
  95       extraConfig = [
  96         ''
  97         <FilesMatch "\.php$">
  98           SetHandler "proxy:unix:${pcfg.phpListenPaths.ludivine_integration}|fcgi://localhost"
  99         </FilesMatch>
 100
 101         <Location />
 102           Use LDAPConnect
 103           Require ldap-group   cn=ludivine.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
 104           ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://ludivinecassal.com\"></html>"
 105         </Location>
 106
 107         <Directory ${pcfg.webappDirs.ludivine_integration}>
 108           Options Indexes FollowSymLinks MultiViews Includes
 109           AllowOverride None
 110           Require all granted
 111
 112           DirectoryIndex app_dev.php
 113
 114           <IfModule mod_negotiation.c>
 115           Options -MultiViews
 116           </IfModule>
 117
 118           <IfModule mod_rewrite.c>
 119             RewriteEngine On
 120
 121             RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
 122             RewriteRule ^(.*) - [E=BASE:%1]
 123
 124             # Maintenance script
 125             RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f
 126             RewriteCond %{SCRIPT_FILENAME} !maintenance.php
 127             RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]
 128             ErrorDocument 503 /maintenance.php
 129
 130             # Sets the HTTP_AUTHORIZATION header removed by Apache
 131             RewriteCond %{HTTP:Authorization} .
 132             RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
 133
 134             RewriteCond %{ENV:REDIRECT_STATUS} ^$
 135             RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
 136
 137             # If the requested filename exists, simply serve it.
 138             # We only want to let Apache serve files and not directories.
 139             RewriteCond %{REQUEST_FILENAME} -f
 140             RewriteRule ^ - [L]
 141
 142             # Rewrite all other queries to the front controller.
 143             RewriteRule ^ %{ENV:BASE}/app_dev.php [L]
 144           </IfModule>
 145
 146         </Directory>
 147         ''
 148       ];
 149     };
 150   };
 151 }