{ lib, pkgs, config, ... }:
let
cfg = config.myServices.websites.papa.maison_bbc;
varDir = "/var/lib/ftp/papa/site";
apacheUser = config.services.httpd.Prod.user;
apacheGroup = config.services.httpd.Prod.group;
in {
options.myServices.websites.papa.maison_bbc.enable = lib.mkEnableOption "enable Papa Maison bbc website";
config = lib.mkIf cfg.enable {
services.duplyBackup.profiles.papa_maison_bbc.rootDir = varDir;
services.webstats.sites = [ { name = "maison.bbc.bouya.org"; } ];
services.phpfpm.pools.papa_maison_bbc = {
user = apacheUser;
group = apacheGroup;
settings = {
"listen.owner" = apacheUser;
"listen.group" = apacheGroup;
"pm" = "ondemand";
"pm.max_children" = "5";
"pm.process_idle_timeout" = "60";
"php_admin_value[open_basedir]" = varDir;
};
phpOptions = config.services.phpfpm.phpOptions + ''
date.timezone = 'Europe/Paris'
'';
phpPackage = pkgs.php72;
};
services.websites.env.production.modules = [ "proxy_fcgi" ];
services.websites.env.production.vhostNoSSLConfs.papa_maison_bbc = {
hosts = [ "maison.bbc.bouya.org" ];
root = varDir;
extraConfig = [
''
Alias /.well-known/acme-challenge ${config.security.acme.certs.papa.webroot}/.well-known/acme-challenge
RedirectMatch 301 ^/((?!(\.well-known|add.php).*$).*)$ https://maison.bbc.bouya.org/$1
DirectoryIndex index.php index.htm index.html
AllowOverride None
Require all granted
SetHandler "proxy:unix:${config.services.phpfpm.pools.papa_maison_bbc.socket}|fcgi://localhost"
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
''
];
};
services.websites.env.production.vhostConfs.papa_maison_bbc = {
certName = "papa";
addToCerts = true;
hosts = [ "maison.bbc.bouya.org" ];
root = varDir;
forceSSL = false;
extraConfig = [
''
DirectoryIndex index.php index.htm index.html
AllowOverride None
Require all granted
SetHandler "proxy:unix:${config.services.phpfpm.pools.papa_maison_bbc.socket}|fcgi://localhost"
''
];
};
};
}