nixops/modules/websites/ftp/immae.nix

   1 { lib, pkgs, config, myconfig, mylibs, ... }:
   2 let
   3     cfg = config.services.myWebsites.Immae;
   4     varDir = "/var/lib/ftp/immae";
   5     env = myconfig.env.websites.immae;
   6 in {
   7   options.services.myWebsites.Immae = {
   8     production = {
   9       enable = lib.mkEnableOption "enable Immae's website";
  10     };
  11   };
  12
  13   imports = [
  14     ../commons/stats.nix
  15   ];
  16
  17   config = lib.mkIf cfg.production.enable {
  18     services.myWebsites.commons.stats.enable = true;
  19     services.myWebsites.commons.stats.sites = [
  20       {
  21         name = "www.immae.eu";
  22         conf = ./immae_goaccess.conf;
  23       }
  24     ];
  25
  26     security.acme.certs."eldiron".extraDomains."www.immae.eu" = null;
  27
  28     services.myPhpfpm.poolConfigs.immae = ''
  29       listen = /run/phpfpm/immae.sock
  30       user = wwwrun
  31       group = wwwrun
  32       listen.owner = wwwrun
  33       listen.group = wwwrun
  34
  35       pm = ondemand
  36       pm.max_children = 5
  37       pm.process_idle_timeout = 60
  38
  39       php_admin_value[open_basedir] = "${varDir}:/tmp"
  40       '';
  41     services.myWebsites.production.modules = [ "proxy_fcgi" ];
  42     services.myWebsites.production.vhostConfs.immae = {
  43       certName    = "eldiron";
  44       hosts       = [ "www.immae.eu" ];
  45       root        = varDir;
  46       extraConfig = [
  47         ''
  48         Use Stats www.immae.eu
  49
  50         <FilesMatch "\.php$">
  51           SetHandler "proxy:unix:/run/phpfpm/immae.sock|fcgi://localhost"
  52         </FilesMatch>
  53
  54         <Directory ${varDir}>
  55           DirectoryIndex index.php index.htm index.html
  56           Options Indexes FollowSymLinks MultiViews Includes
  57           AllowOverride All
  58           Require all granted
  59         </Directory>
  60
  61         <Location /blog_old/>
  62           Use LDAPConnect
  63           Require ldap-group cn=blog,cn=immae.eu,ou=services,dc=immae,dc=eu
  64         </Location>
  65         ''
  66       ];
  67     };
  68
  69     security.acme.certs."eldiron".extraDomains."bouya.org" = null;
  70     security.acme.certs."eldiron".extraDomains."www.bouya.org" = null;
  71     services.myWebsites.production.vhostConfs.bouya = {
  72       certName    = "eldiron";
  73       hosts       = [ "bouya.org" "www.bouya.org" ];
  74       root        = null;
  75       extraConfig = [ ''
  76         RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://www.normalesup.org/~bouya/
  77         '' ];
  78     };
  79   };
  80 }