modules/private/websites/ludivinecassal/integration.nix

   1 { lib, pkgs, config,  ... }:
   2 let
   3   secrets = config.myEnv.websites.ludivinecassal.integration;
   4   app = pkgs.webapps.ludivinecassal.override { environment = secrets.environment; };
   5   cfg = config.myServices.websites.ludivinecassal.integration;
   6   pcfg = config.services.phpApplication;
   7 in {
   8   options.myServices.websites.ludivinecassal.integration.enable = lib.mkEnableOption "enable Ludivine's website in integration";
   9
  10   config = lib.mkIf cfg.enable {
  11     services.duplyBackup.profiles.ludivinecassal_dev.rootDir = app.varDir;
  12     services.phpApplication.apps.ludivinecassal_dev = {
  13       websiteEnv = "integration";
  14       httpdUser = config.services.httpd.Inte.user;
  15       httpdGroup = config.services.httpd.Inte.group;
  16       inherit (app) webRoot varDir;
  17       varDirPaths = {
  18         "tmp" = "0700";
  19       };
  20       inherit app;
  21       serviceDeps = [ "mysql.service" ];
  22       preStartActions = [
  23         "./bin/console --env=${app.environment} cache:clear --no-warmup"
  24       ];
  25       phpOpenbasedir = [ "/tmp" ];
  26       phpPool = {
  27         "php_admin_value[upload_max_filesize]" = "20M";
  28         "php_admin_value[post_max_size]" = "20M";
  29         #"php_admin_flag[log_errors]" = "on";
  30         "pm" = "ondemand";
  31         "pm.max_children" = "5";
  32         "pm.process_idle_timeout" = "60";
  33       };
  34       phpEnv = {
  35         SYMFONY_DEBUG_MODE = "yes";
  36       };
  37       phpWatchFiles = [
  38         config.secrets.fullPaths."webapps/${app.environment}-ludivinecassal"
  39       ];
  40     };
  41
  42     secrets.keys = [
  43       {
  44         dest = "webapps/${app.environment}-ludivinecassal";
  45         user = config.services.httpd.Inte.user;
  46         group = config.services.httpd.Inte.group;
  47         permissions = "0400";
  48         text = ''
  49           # This file is auto-generated during the composer install
  50           parameters:
  51               database_host: ${secrets.mysql.host}
  52               database_port: ${secrets.mysql.port}
  53               database_name: ${secrets.mysql.database}
  54               database_user: ${secrets.mysql.user}
  55               database_password: ${secrets.mysql.password}
  56               database_server_version: ${pkgs.mariadb.mysqlVersion}
  57               mailer_transport: smtp
  58               mailer_host: 127.0.0.1
  59               mailer_user: null
  60               mailer_password: null
  61               secret: ${secrets.secret}
  62               ldap_host: ldap.immae.eu
  63               ldap_port: 636
  64               ldap_version: 3
  65               ldap_ssl: true
  66               ldap_tls: false
  67               ldap_user_bind: 'uid={username},ou=users,dc=immae,dc=eu'
  68               ldap_base_dn: 'dc=immae,dc=eu'
  69               ldap_search_dn: '${secrets.ldap.dn}'
  70               ldap_search_password: '${secrets.ldap.password}'
  71               ldap_search_filter: '${secrets.ldap.filter}'
  72           leapt_im:
  73               binary_path: ${pkgs.imagemagick}/bin
  74           assetic:
  75               sass: ${pkgs.sass}/bin/sass
  76               ruby: ${pkgs.ruby}/bin/ruby
  77         '';
  78       }
  79     ];
  80
  81     services.websites.env.integration.vhostConfs.ludivinecassal_dev = {
  82       certName     = "integration";
  83       addToCerts  = true;
  84       hosts       = [ "ludivine.immae.eu" ];
  85       root        = pcfg.webappDirs.ludivinecassal_dev;
  86       extraConfig = [
  87         ''
  88         <FilesMatch "\.php$">
  89           SetHandler "proxy:unix:${pcfg.phpListenPaths.ludivinecassal_dev}|fcgi://localhost"
  90         </FilesMatch>
  91
  92         <Location />
  93           Use LDAPConnect
  94           Require ldap-group   cn=ludivine.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
  95           ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://ludivinecassal.com\"></html>"
  96         </Location>
  97
  98         <Directory ${pcfg.webappDirs.ludivinecassal_dev}>
  99           Options Indexes FollowSymLinks MultiViews Includes
 100           AllowOverride None
 101           Require all granted
 102
 103           DirectoryIndex app_dev.php
 104
 105           <IfModule mod_negotiation.c>
 106           Options -MultiViews
 107           </IfModule>
 108
 109           <IfModule mod_rewrite.c>
 110             RewriteEngine On
 111
 112             RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
 113             RewriteRule ^(.*) - [E=BASE:%1]
 114
 115             # Maintenance script
 116             RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f
 117             RewriteCond %{SCRIPT_FILENAME} !maintenance.php
 118             RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]
 119             ErrorDocument 503 /maintenance.php
 120
 121             # Sets the HTTP_AUTHORIZATION header removed by Apache
 122             RewriteCond %{HTTP:Authorization} .
 123             RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
 124
 125             RewriteCond %{ENV:REDIRECT_STATUS} ^$
 126             RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
 127
 128             # If the requested filename exists, simply serve it.
 129             # We only want to let Apache serve files and not directories.
 130             RewriteCond %{REQUEST_FILENAME} -f
 131             RewriteRule ^ - [L]
 132
 133             # Rewrite all other queries to the front controller.
 134             RewriteRule ^ %{ENV:BASE}/app_dev.php [L]
 135           </IfModule>
 136
 137         </Directory>
 138         ''
 139       ];
 140     };
 141   };
 142 }