nixops/modules/websites/ftp/immae.nix

   1 { lib, pkgs, config, myconfig,  ... }:
   2 let
   3     cfg = config.services.myWebsites.Immae;
   4     varDir = "/var/lib/ftp/immae";
   5     env = myconfig.env.websites.immae;
   6 in {
   7   options.services.myWebsites.Immae = {
   8     production = {
   9       enable = lib.mkEnableOption "enable Immae's website";
  10     };
  11   };
  12
  13   config = lib.mkIf cfg.production.enable {
  14     services.webstats.sites = [ { name = "www.immae.eu"; } ];
  15
  16     services.myPhpfpm.poolConfigs.immae = ''
  17       listen = /run/phpfpm/immae.sock
  18       user = wwwrun
  19       group = wwwrun
  20       listen.owner = wwwrun
  21       listen.group = wwwrun
  22
  23       pm = ondemand
  24       pm.max_children = 5
  25       pm.process_idle_timeout = 60
  26
  27       php_admin_value[open_basedir] = "${varDir}:/tmp"
  28       '';
  29     services.websites.production.modules = [ "proxy_fcgi" ];
  30     services.websites.production.vhostConfs.immae = {
  31       certName    = "eldiron";
  32       addToCerts  = true;
  33       hosts       = [ "www.immae.eu" ];
  34       root        = varDir;
  35       extraConfig = [
  36         ''
  37         Use Stats www.immae.eu
  38
  39         <FilesMatch "\.php$">
  40           SetHandler "proxy:unix:/run/phpfpm/immae.sock|fcgi://localhost"
  41         </FilesMatch>
  42
  43         <Directory ${varDir}>
  44           DirectoryIndex index.php index.htm index.html
  45           Options Indexes FollowSymLinks MultiViews Includes
  46           AllowOverride All
  47           Require all granted
  48         </Directory>
  49
  50         <Location /blog_old/>
  51           Use LDAPConnect
  52           Require ldap-group cn=blog,cn=immae.eu,ou=services,dc=immae,dc=eu
  53         </Location>
  54         ''
  55       ];
  56     };
  57
  58     services.websites.production.vhostConfs.bouya = {
  59       certName    = "eldiron";
  60       addToCerts  = true;
  61       hosts       = [ "bouya.org" "www.bouya.org" ];
  62       root        = null;
  63       extraConfig = [ ''
  64         RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://www.normalesup.org/~bouya/
  65         '' ];
  66     };
  67   };
  68 }