nixops/modules/websites/ftp/leila.nix

   1 { lib, pkgs, config, ... }:
   2 let
   3     cfg = config.services.myWebsites.Leila;
   4     varDir = "/var/lib/ftp/leila";
   5 in {
   6   options.services.myWebsites.Leila = {
   7     production = {
   8       enable = lib.mkEnableOption "enable Leila's website in production";
   9     };
  10   };
  11
  12   config = (lib.mkIf cfg.production.enable {
  13       services.myPhpfpm.poolConfigs.leila = ''
  14         listen = /run/phpfpm/leila.sock
  15         user = wwwrun
  16         group = wwwrun
  17         listen.owner = wwwrun
  18         listen.group = wwwrun
  19
  20         pm = ondemand
  21         pm.max_children = 5
  22         pm.process_idle_timeout = 60
  23
  24         php_admin_value[open_basedir] = "${varDir}:/tmp"
  25         '';
  26
  27       services.webstats.sites = [
  28         { name = "leila.bouya.org"; }
  29         { name = "chorale.leila.bouya.org"; }
  30       ];
  31
  32       services.websites.production.modules = [ "proxy_fcgi" ];
  33       services.websites.production.vhostConfs.leila_chorale = {
  34         certName    = "leila";
  35         addToCerts  = true;
  36         hosts       = [ "chorale.leila.bouya.org" "chorale-vocanta.fr.nf" "www.chorale-vocanta.fr.nf" ];
  37         root        = "${varDir}/Chorale";
  38         extraConfig = [
  39           ''
  40           Use Stats chorale.leila.bouya.org
  41           <Directory ${varDir}/Chorale>
  42             DirectoryIndex index.php index.htm index.html
  43             Options Indexes FollowSymLinks MultiViews Includes
  44             AllowOverride None
  45
  46             Use LDAPConnect
  47             Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
  48
  49             <FilesMatch "\.php$">
  50               SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost"
  51             </FilesMatch>
  52           </Directory>
  53             ''
  54         ];
  55       };
  56       services.websites.production.vhostConfs.leila = {
  57         certName     = "leila";
  58         certMainHost = "leila.bouya.org";
  59         hosts        = [ "leila.bouya.org" ];
  60         root         = varDir;
  61         extraConfig  = [
  62           ''
  63           Use Stats leila.bouya.org
  64           <Directory ${varDir}/Chorale>
  65             DirectoryIndex index.htm index.html
  66             Options Indexes FollowSymLinks MultiViews Includes
  67             AllowOverride None
  68
  69             Use LDAPConnect
  70             Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
  71
  72             <FilesMatch "\.php$">
  73               SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost"
  74             </FilesMatch>
  75           </Directory>
  76           <Directory ${varDir}>
  77             DirectoryIndex index.htm index.html
  78             Options Indexes FollowSymLinks MultiViews Includes
  79             AllowOverride None
  80             Require all granted
  81           </Directory>
  82             ''
  83         ];
  84       };
  85     });
  86 }