modules/private/websites/papa/maison_bbc.nix

   1 { lib, pkgs, config, ... }:
   2 let
   3   cfg = config.myServices.websites.papa.maison_bbc;
   4   varDir = "/var/lib/ftp/papa/site";
   5 in {
   6   options.myServices.websites.papa.maison_bbc.enable = lib.mkEnableOption "enable Papa Maison bbc website";
   7
   8   config = lib.mkIf cfg.enable {
   9     services.duplyBackup.profiles.papa_maison_bbc.rootDir = varDir;
  10     services.webstats.sites = [ { name = "maison.bbc.bouya.org"; } ];
  11     services.phpfpm.pools.papa_maison_bbc = {
  12       listen = "/run/phpfpm/papa_maison_bbc.sock";
  13       extraConfig = ''
  14         user = wwwrun
  15         group = wwwrun
  16         listen.owner = wwwrun
  17         listen.group = wwwrun
  18
  19         pm = ondemand
  20         pm.max_children = 5
  21         pm.process_idle_timeout = 60
  22
  23         php_admin_value[open_basedir] = "${varDir}"
  24         '';
  25       phpOptions = config.services.phpfpm.phpOptions + ''
  26         date.timezone = 'Europe/Paris'
  27         extension=${pkgs.php}/lib/php/extensions/mysqli.so
  28         '';
  29     };
  30
  31     services.websites.env.production.modules = [ "proxy_fcgi" ];
  32     services.websites.env.production.vhostNoSSLConfs.papa_maison_bbc = {
  33       hosts        = [ "maison.bbc.bouya.org" ];
  34       root         = varDir;
  35       extraConfig  = [
  36         ''
  37         Alias /.well-known/acme-challenge ${config.security.acme2.certs.papa.webroot}/.well-known/acme-challenge
  38         RedirectMatch 301 ^/((?!(\.well-known|add.php).*$).*)$ https://maison.bbc.bouya.org/$1
  39         <Directory ${varDir}>
  40           DirectoryIndex index.php index.htm index.html
  41           AllowOverride None
  42           Require all granted
  43           <FilesMatch "\.php$">
  44             SetHandler "proxy:unix:/run/phpfpm/papa_maison_bbc.sock|fcgi://localhost"
  45           </FilesMatch>
  46         </Directory>
  47         <Directory "${config.security.acme2.certs.papa.webroot}">
  48           Options Indexes FollowSymLinks
  49           AllowOverride None
  50           Require all granted
  51         </Directory>
  52           ''
  53       ];
  54     };
  55     services.websites.env.production.vhostConfs.papa_maison_bbc = {
  56       certName     = "papa";
  57       addToCerts   = true;
  58       hosts        = [ "maison.bbc.bouya.org" ];
  59       root         = varDir;
  60       extraConfig  = [
  61         ''
  62         <Directory ${varDir}>
  63           DirectoryIndex index.php index.htm index.html
  64           AllowOverride None
  65           Require all granted
  66           <FilesMatch "\.php$">
  67             SetHandler "proxy:unix:/run/phpfpm/papa_maison_bbc.sock|fcgi://localhost"
  68           </FilesMatch>
  69         </Directory>
  70           ''
  71       ];
  72     };
  73   };
  74 }
  75