{ lib, pkgs, config, ... }: let secrets = config.myEnv.websites.ludivine.integration; app = pkgs.callPackage ./app { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; environment = secrets.environment; varDir = "/var/lib/ludivine_integration"; secretsPath = config.secrets.fullPaths."websites/ludivine/integration"; }; cfg = config.myServices.websites.ludivine.integration; pcfg = config.services.phpApplication; in { options.myServices.websites.ludivine.integration.enable = lib.mkEnableOption "enable Ludivine's website in integration"; config = lib.mkIf cfg.enable { services.duplyBackup.profiles.ludivine_integration.rootDir = app.varDir; services.phpApplication.apps.ludivine_integration = { websiteEnv = "integration"; httpdUser = config.services.httpd.Inte.user; httpdGroup = config.services.httpd.Inte.group; inherit (app) webRoot varDir; varDirPaths = { "tmp" = "0700"; }; inherit app; serviceDeps = [ "mysql.service" ]; preStartActions = [ "./bin/console --env=${app.environment} cache:clear --no-warmup" ]; phpOpenbasedir = [ "/tmp" ]; phpPool = { "php_admin_value[upload_max_filesize]" = "20M"; "php_admin_value[post_max_size]" = "20M"; #"php_admin_flag[log_errors]" = "on"; "pm" = "ondemand"; "pm.max_children" = "5"; "pm.process_idle_timeout" = "60"; }; phpEnv = { PATH = lib.makeBinPath [ # below ones don't need to be in the PATH but they’re used in # secrets pkgs.imagemagick pkgs.sass pkgs.ruby ]; SYMFONY_DEBUG_MODE = "\"yes\""; }; phpWatchFiles = [ config.secrets.fullPaths."websites/ludivine/integration" ]; phpPackage = pkgs.php72; }; secrets.keys = [ { dest = "websites/ludivine/integration"; user = config.services.httpd.Inte.user; group = config.services.httpd.Inte.group; permissions = "0400"; text = '' # This file is auto-generated during the composer install parameters: database_host: ${secrets.mysql.host} database_port: ${secrets.mysql.port} database_name: ${secrets.mysql.database} database_user: ${secrets.mysql.user} database_password: ${secrets.mysql.password} database_server_version: ${pkgs.mariadb.mysqlVersion} mailer_transport: smtp mailer_host: 127.0.0.1 mailer_user: null mailer_password: null secret: ${secrets.secret} ldap_host: ldap.immae.eu ldap_port: 636 ldap_version: 3 ldap_ssl: true ldap_tls: false ldap_user_bind: 'uid={username},ou=users,dc=immae,dc=eu' ldap_base_dn: 'dc=immae,dc=eu' ldap_search_dn: '${secrets.ldap.dn}' ldap_search_password: '${secrets.ldap.password}' ldap_search_filter: '${secrets.ldap.filter}' leapt_im: binary_path: ${pkgs.imagemagick}/bin assetic: sass: ${pkgs.sass}/bin/sass ruby: ${pkgs.ruby}/bin/ruby ''; } ]; services.websites.env.integration.vhostConfs.ludivine_integration = { certName = "integration"; addToCerts = true; hosts = [ "ludivine.immae.eu" ]; root = pcfg.webappDirs.ludivine_integration; extraConfig = [ '' SetHandler "proxy:unix:${pcfg.phpListenPaths.ludivine_integration}|fcgi://localhost" Use LDAPConnect Require ldap-group cn=ludivine.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu ErrorDocument 401 "" Options Indexes FollowSymLinks MultiViews Includes AllowOverride None Require all granted DirectoryIndex app_dev.php Options -MultiViews RewriteEngine On RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$ RewriteRule ^(.*) - [E=BASE:%1] # Maintenance script RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f RewriteCond %{SCRIPT_FILENAME} !maintenance.php RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L] ErrorDocument 503 /maintenance.php # Sets the HTTP_AUTHORIZATION header removed by Apache RewriteCond %{HTTP:Authorization} . RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteCond %{ENV:REDIRECT_STATUS} ^$ RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L] # If the requested filename exists, simply serve it. # We only want to let Apache serve files and not directories. RewriteCond %{REQUEST_FILENAME} -f RewriteRule ^ - [L] # Rewrite all other queries to the front controller. RewriteRule ^ %{ENV:BASE}/app_dev.php [L] '' ]; }; }; }