]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - modules/private/websites/leila/production.nix
projects / perso / Immae / Config / Nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Upgrade nixos-unstable
[perso/Immae/Config/Nix.git] / modules / private / websites / leila / production.nix
diff --git a/modules/private/websites/leila/production.nix b/modules/private/websites/leila/production.nix
index e8591c83d78a6627736267c21f2f6d4a2bd76021..8385bc7f081807e8bc4693983f32ee4986cad207 100644 (file)
--- a/modules/private/websites/leila/production.nix
+++ b/modules/private/websites/leila/production.nix
@@ -2,24 +2,33 @@
 let
   cfg = config.myServices.websites.leila.production;
   varDir = "/var/lib/ftp/leila";
+  apacheUser = config.services.httpd.Prod.user;
+  apacheGroup = config.services.httpd.Prod.group;
 in {
   options.myServices.websites.leila.production.enable = lib.mkEnableOption "enable Leila's websites in production";
 
   config = lib.mkIf cfg.enable {
     services.phpfpm.pools.leila = {
-      listen = "/run/phpfpm/leila.sock";
-      extraConfig = ''
-        user = wwwrun
-        group = wwwrun
-        listen.owner = wwwrun
-        listen.group = wwwrun
+      user = apacheUser;
+      group = apacheGroup;
+      settings = {
+        "listen.owner" = apacheUser;
+        "listen.group" = apacheGroup;
 
-        pm = ondemand
-        pm.max_children = 5
-        pm.process_idle_timeout = 60
+        "pm" = "ondemand";
+        "pm.max_children" = "5";
+        "pm.process_idle_timeout" = "60";
 
-        php_admin_value[open_basedir] = "${varDir}:/tmp"
+        "php_admin_value[open_basedir]" = "${varDir}:/tmp";
+        "php_admin_value[max_execution_time]" = "1800";
+      };
+      phpOptions = config.services.phpfpm.phpOptions + ''
+        disable_functions = "mail"
       '';
+      phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.imagick ]);
+      phpEnv = {
+        PATH = lib.makeBinPath [ pkgs.imagemagick ];
+      };
     };
 
     services.webstats.sites = [
@@ -46,7 +55,7 @@ in {
           Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
 
           <FilesMatch "\.php$">
-            SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost"
+            SetHandler "proxy:unix:${config.services.phpfpm.pools.leila.socket}|fcgi://localhost"
           </FilesMatch>
         </Directory>
           ''
@@ -66,7 +75,7 @@ in {
           AllowOverride None
 
           <FilesMatch "\.php$">
-            SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost"
+            SetHandler "proxy:unix:${config.services.phpfpm.pools.leila.socket}|fcgi://localhost"
           </FilesMatch>
         </Directory>
           ''
@@ -89,7 +98,7 @@ in {
           Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
 
           <FilesMatch "\.php$">
-            SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost"
+            SetHandler "proxy:unix:${config.services.phpfpm.pools.leila.socket}|fcgi://localhost"
           </FilesMatch>
         </Directory>
         <Directory ${varDir}>
My infrastructure configuration