Squash changes containing private information

[perso/Immae/Config/Nix.git] / modules / private / websites / florian / app.nix

diff --git a/modules/private/websites/florian/app.nix b/modules/private/websites/florian/app.nix
deleted file mode 100644 (file)
index 2df344f..0000000
--- a/modules/private/websites/florian/app.nix
+++ /dev/null
@@ -1,142 +0,0 @@
-{ lib, pkgs, config,  ... }:
-let
-  adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; };
-  secrets = config.myEnv.websites.tellesflorian.integration;
-  webRoot = "/var/lib/ftp/immae/florian/web";
-  cfg = config.myServices.websites.florian.app;
-  pcfg = config.services.phpApplication;
-in {
-  options.myServices.websites.florian.app.enable = lib.mkEnableOption "enable Florian's app in integration";
-
-  config = lib.mkIf cfg.enable {
-    services.phpApplication.apps.florian_app = {
-      websiteEnv = "integration";
-      httpdUser = config.services.httpd.Inte.user;
-      httpdGroup = config.services.httpd.Inte.group;
-      inherit webRoot;
-      varDir = "/var/lib/ftp/immae/florian_var";
-      varDirPaths = {
-        "var" = "0700";
-      };
-      app = "/var/lib/ftp/immae/florian";
-      serviceDeps = [ "mysql.service" ];
-      preStartActions = [
-        "./bin/console --env=dev cache:clear --no-warmup"
-      ];
-      phpOpenbasedir = [ "/tmp" ];
-      phpPool = {
-        "php_admin_value[upload_max_filesize]" = "20M";
-        "php_admin_value[post_max_size]" = "20M";
-        #"php_admin_flag[log_errors]" = "on";
-        "pm" = "ondemand";
-        "pm.max_children" = "5";
-        "pm.process_idle_timeout" = "60";
-      };
-      phpEnv = {
-        SYMFONY_DEBUG_MODE = "\"yes\"";
-      };
-      phpWatchFiles = [
-        config.secrets.fullPaths."websites/florian/app"
-      ];
-      phpPackage = pkgs.php72;
-    };
-
-    secrets.keys = {
-      "websites/florian/app_passwords" = {
-        user = config.services.httpd.Inte.user;
-        group = config.services.httpd.Inte.group;
-        permissions = "0400";
-        text = ''
-          invite:${secrets.invite_passwords}
-        '';
-      };
-      "websites/florian/app" = {
-        user = config.services.httpd.Inte.user;
-        group = config.services.httpd.Inte.group;
-        permissions = "0400";
-        text = ''
-          # This file is auto-generated during the composer install
-          parameters:
-            database_host: ${secrets.mysql.host}
-            database_port: ${secrets.mysql.port}
-            database_name: ${secrets.mysql.database}
-            database_user: ${secrets.mysql.user}
-            database_password: ${secrets.mysql.password}
-            mailer_transport: smtp
-            mailer_host: 127.0.0.1
-            mailer_user: null
-            mailer_password: null
-            secret: ${secrets.secret}
-        '';
-      };
-    };
-
-    services.websites.env.integration.modules = adminer.apache.modules;
-    services.websites.env.integration.vhostConfs.florian_app = {
-      certName    = "integration";
-      addToCerts  = true;
-      hosts       = [ "app.tellesflorian.com" ];
-      root        = webRoot;
-      extraConfig = [
-        ''
-        <FilesMatch "\.php$">
-          SetHandler "proxy:unix:${pcfg.phpListenPaths.florian_app}|fcgi://localhost"
-        </FilesMatch>
-
-        <Location />
-          AuthBasicProvider file ldap
-          Use LDAPConnect
-          Require ldap-group   cn=app.tellesflorian.com,cn=httpd,ou=services,dc=immae,dc=eu
-
-          AuthUserFile "${config.secrets.fullPaths."websites/florian/app_passwords"}"
-          Require user "invite"
-
-          ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://tellesflorian.com\"></html>"
-        </Location>
-
-        <Directory ${webRoot}>
-          Options Indexes FollowSymLinks MultiViews Includes
-          AllowOverride None
-          Require all granted
-
-          DirectoryIndex app_dev.php
-
-          <IfModule mod_negotiation.c>
-          Options -MultiViews
-          </IfModule>
-
-          <IfModule mod_rewrite.c>
-            RewriteEngine On
-
-            RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
-            RewriteRule ^(.*) - [E=BASE:%1]
-
-            # Maintenance script
-            RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f
-            RewriteCond %{SCRIPT_FILENAME} !maintenance.php
-            RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]
-            ErrorDocument 503 /maintenance.php
-
-            # Sets the HTTP_AUTHORIZATION header removed by Apache
-            RewriteCond %{HTTP:Authorization} .
-            RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
-
-            RewriteCond %{ENV:REDIRECT_STATUS} ^$
-            RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
-
-            # If the requested filename exists, simply serve it.
-            # We only want to let Apache serve files and not directories.
-            RewriteCond %{REQUEST_FILENAME} -f
-            RewriteRule ^ - [L]
-
-            # Rewrite all other queries to the front controller.
-            RewriteRule ^ %{ENV:BASE}/app_dev.php [L]
-          </IfModule>
-
-        </Directory>
-        ''
-        (adminer.apache.vhostConf null)
-      ];
-    };
-  };
-}