-{ lib, pkgs, config, myconfig, ... }:
+{ lib, pkgs, config, ... }:
let
- adminer = pkgs.callPackage ../commons/adminer.nix {};
-
- tellesflorian = pkgs.callPackage ./builder_app.nix {
- inherit (pkgs.webapps) tellesflorian;
- config = myconfig.env.websites.tellesflorian.integration;
- apacheUser = config.services.httpd.Inte.user;
- apacheGroup = config.services.httpd.Inte.group;
- };
-
+ adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; };
+ secrets = config.myEnv.websites.tellesflorian.integration;
+ app = pkgs.webapps.tellesflorian.override { environment = secrets.environment; };
cfg = config.myServices.websites.florian.app;
+ pcfg = config.services.phpApplication;
in {
options.myServices.websites.florian.app.enable = lib.mkEnableOption "enable Florian's app in integration";
config = lib.mkIf cfg.enable {
- secrets.keys = tellesflorian.keys;
- systemd.services.phpfpm-tellesflorian_dev.after = lib.mkAfter tellesflorian.phpFpm.serviceDeps;
- systemd.services.phpfpm-tellesflorian_dev.wants = tellesflorian.phpFpm.serviceDeps;
- systemd.services.phpfpm-tellesflorian_dev.preStart = lib.mkAfter tellesflorian.phpFpm.preStart;
- services.phpfpm.poolConfigs.tellesflorian_dev = tellesflorian.phpFpm.pool;
- system.activationScripts.tellesflorian_dev = tellesflorian.activationScript;
- system.extraSystemBuilderCmds = ''
- mkdir -p $out/webapps
- ln -s ${tellesflorian.app.webRoot} $out/webapps/${tellesflorian.apache.webappName}
- '';
- services.websites.integration.modules = adminer.apache.modules ++ tellesflorian.apache.modules;
- services.websites.integration.vhostConfs.tellesflorian = {
- certName = "eldiron";
+ services.duplyBackup.profiles.tellesflorian_dev.rootDir = app.varDir;
+ services.phpApplication.apps.florian_dev = {
+ websiteEnv = "integration";
+ httpdUser = config.services.httpd.Inte.user;
+ httpdGroup = config.services.httpd.Inte.group;
+ inherit (app) webRoot varDir;
+ varDirPaths = {
+ "var" = "0700";
+ };
+ inherit app;
+ serviceDeps = [ "mysql.service" ];
+ preStartActions = [
+ "./bin/console --env=${app.environment} cache:clear --no-warmup"
+ ];
+ phpOpenbasedir = [ "/tmp" ];
+ phpPool = {
+ "php_admin_value[upload_max_filesize]" = "20M";
+ "php_admin_value[post_max_size]" = "20M";
+ #"php_admin_flag[log_errors]" = "on";
+ "pm" = "ondemand";
+ "pm.max_children" = "5";
+ "pm.process_idle_timeout" = "60";
+ };
+ phpEnv = {
+ SYMFONY_DEBUG_MODE = "yes";
+ };
+ phpWatchFiles = [
+ config.secrets.fullPaths."webapps/${app.environment}-tellesflorian"
+ ];
+ };
+
+ secrets.keys = [
+ {
+ dest = "webapps/${app.environment}-tellesflorian-passwords";
+ user = config.services.httpd.Inte.user;
+ group = config.services.httpd.Inte.group;
+ permissions = "0400";
+ text = ''
+ invite:${secrets.invite_passwords}
+ '';
+ }
+ {
+ dest = "webapps/${app.environment}-tellesflorian";
+ user = config.services.httpd.Inte.user;
+ group = config.services.httpd.Inte.group;
+ permissions = "0400";
+ text = ''
+ # This file is auto-generated during the composer install
+ parameters:
+ database_host: ${secrets.mysql.host}
+ database_port: ${secrets.mysql.port}
+ database_name: ${secrets.mysql.database}
+ database_user: ${secrets.mysql.user}
+ database_password: ${secrets.mysql.password}
+ mailer_transport: smtp
+ mailer_host: 127.0.0.1
+ mailer_user: null
+ mailer_password: null
+ secret: ${secrets.secret}
+ '';
+ }
+ ];
+
+ services.websites.env.integration.modules = adminer.apache.modules;
+ services.websites.env.integration.vhostConfs.florian_dev = {
+ certName = "integration";
addToCerts = true;
- hosts = ["app.tellesflorian.com" ];
- root = tellesflorian.apache.root;
+ hosts = [ "app.tellesflorian.com" ];
+ root = pcfg.webappDirs.florian_dev;
extraConfig = [
- tellesflorian.apache.vhostConf
- adminer.apache.vhostConf
+ ''
+ <FilesMatch "\.php$">
+ SetHandler "proxy:unix:${pcfg.phpListenPaths.florian_dev}|fcgi://localhost"
+ </FilesMatch>
+
+ <Location />
+ AuthBasicProvider file ldap
+ Use LDAPConnect
+ Require ldap-group cn=app.tellesflorian.com,cn=httpd,ou=services,dc=immae,dc=eu
+
+ AuthUserFile "${config.secrets.fullPaths."webapps/${app.environment}-tellesflorian-passwords"}"
+ Require user "invite"
+
+ ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://tellesflorian.com\"></html>"
+ </Location>
+
+ <Directory ${pcfg.webappDirs.florian_dev}>
+ Options Indexes FollowSymLinks MultiViews Includes
+ AllowOverride None
+ Require all granted
+
+ DirectoryIndex app_dev.php
+
+ <IfModule mod_negotiation.c>
+ Options -MultiViews
+ </IfModule>
+
+ <IfModule mod_rewrite.c>
+ RewriteEngine On
+
+ RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
+ RewriteRule ^(.*) - [E=BASE:%1]
+
+ # Maintenance script
+ RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f
+ RewriteCond %{SCRIPT_FILENAME} !maintenance.php
+ RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]
+ ErrorDocument 503 /maintenance.php
+
+ # Sets the HTTP_AUTHORIZATION header removed by Apache
+ RewriteCond %{HTTP:Authorization} .
+ RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+
+ RewriteCond %{ENV:REDIRECT_STATUS} ^$
+ RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
+
+ # If the requested filename exists, simply serve it.
+ # We only want to let Apache serve files and not directories.
+ RewriteCond %{REQUEST_FILENAME} -f
+ RewriteRule ^ - [L]
+
+ # Rewrite all other queries to the front controller.
+ RewriteRule ^ %{ENV:BASE}/app_dev.php [L]
+ </IfModule>
+
+ </Directory>
+ ''
+ (adminer.apache.vhostConf null)
];
};
};
projects / perso / Immae / Config / Nix.git / blobdiff