{ lib, writeText, fetchedGitPrivate, stdenv, composerEnv, fetchurl, fetchgit, binutils, python, nodejs, libsass, yarn2nix }:
let
aten = { config }: rec {
environment = config.environment;
varDir = "/var/lib/aten_${environment}";
phpFpm = rec {
socket = "/var/run/phpfpm/aten-${environment}.sock";
pool = ''
listen = ${socket}
user = ${apache.user}
group = ${apache.group}
listen.owner = ${apache.user}
listen.group = ${apache.group}
php_admin_value[upload_max_filesize] = 20M
php_admin_value[post_max_size] = 20M
;php_admin_flag[log_errors] = on
php_admin_value[open_basedir] = "${webappDir}:${varDir}:/tmp"
php_admin_value[session.save_path] = "${varDir}/phpSessions"
${if environment == "dev" then ''
pm = ondemand
pm.max_children = 5
pm.process_idle_timeout = 60
env[SYMFONY_DEBUG_MODE] = "yes"
'' else ''
pm = dynamic
pm.max_children = 20
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
''}'';
};
apache = {
user = "wwwrun";
group = "wwwrun";
modules = [ "proxy_fcgi" ];
vhostConf = ''
SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
SetEnv APP_ENV "${environment}"
SetEnv APP_SECRET "${config.secret}"
SetEnv DATABASE_URL "${config.psql_url}"
${if environment == "dev" then ''
Use LDAPConnect
Require ldap-group cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
ErrorDocument 401 ""
Use LDAPConnect
Require ldap-group cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
ErrorDocument 401 ""
'' else ''
Use Stats aten.pro
Use LDAPConnect
Require ldap-group cn=aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
ErrorDocument 401 ""
''}
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride All
Require all granted
DirectoryIndex index.php
FallbackResource /index.php
'';
};
activationScript = {
deps = [ "wrappers" ];
text = ''
install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}
install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
if [ ! -f "${varDir}/currentWebappDir" -o \
"${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then
pushd ${webappDir} > /dev/null
$wrapperDir/sudo -u wwwrun APP_ENV=${environment} ./bin/console --env=${environment} cache:clear --no-warmup
popd > /dev/null
echo -n "${webappDir}" > ${varDir}/currentWebappDir
fi
'';
};
yarnModules = let
info = fetchedGitPrivate ./aten.json;
in
yarn2nix.mkYarnModules {
name = "aten-yarn-modules";
packageJSON = "${info.src}/package.json";
yarnLock = "${info.src}/yarn.lock";
pkgConfig = {
node-sass = {
buildInputs = [ binutils libsass python ];
postInstall = let
nodeHeaders = fetchurl {
url = "https://nodejs.org/download/release/v${nodejs.version}/node-v${nodejs.version}-headers.tar.gz";
sha256 = "12zzsf8my43b8qnlacp871ih5vqafl2vlpqp51xp6h3gckn2frwy";
};
in
''
export AR=${binutils.bintools}/bin/ar
node scripts/build.js --tarball=${nodeHeaders}
'';
};
};
};
webappDir = composerEnv.buildPackage (
import ./php-packages.nix { inherit composerEnv fetchurl fetchgit; } //
fetchedGitPrivate ./aten.json //
rec {
noDev = (environment == "prod");
preInstall = ''
export SYMFONY_ENV="${environment}"
export APP_ENV="${environment}"
export DATABASE_URL="${config.psql_url}"
export APP_SECRET="${config.secret}"
'';
postInstall = ''
cd $out
ln -sf ${yarnModules}/node_modules .
yarn run --offline encore production
rm -rf var/{log,cache}
ln -sf ../../../../../../../${varDir}/{log,cache} var/
'';
buildInputs = [ yarn2nix.yarn ];
});
webRoot = "${webappDir}/public";
};
in
aten