+++ /dev/null
-{ chloe, config }:
-rec {
- app = chloe.override { inherit (config) environment; };
- phpFpm = rec {
- serviceDeps = [ "mysql.service" ];
- socket = "/var/run/phpfpm/chloe-${app.environment}.sock";
- pool = ''
- listen = ${socket}
- user = ${apache.user}
- group = ${apache.group}
- listen.owner = ${apache.user}
- listen.group = ${apache.group}
- php_admin_value[upload_max_filesize] = 20M
- php_admin_value[post_max_size] = 20M
- ;php_admin_flag[log_errors] = on
- php_admin_value[open_basedir] = "${app.spipConfig}:${configDir}:${app}:${app.varDir}:/tmp"
- php_admin_value[session.save_path] = "${app.varDir}/phpSessions"
- ${if app.environment == "dev" then ''
- pm = ondemand
- pm.max_children = 5
- pm.process_idle_timeout = 60
- '' else ''
- pm = dynamic
- pm.max_children = 20
- pm.start_servers = 2
- pm.min_spare_servers = 1
- pm.max_spare_servers = 3
- ''}'';
- };
- keys = [{
- dest = "webapps/${app.environment}-chloe";
- user = apache.user;
- group = apache.group;
- permissions = "0400";
- text = ''
- SetEnv SPIP_CONFIG_DIR "${configDir}"
- SetEnv SPIP_VAR_DIR "${app.varDir}"
- SetEnv SPIP_SITE "chloe-${app.environment}"
- SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu"
- SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu"
- SetEnv SPIP_LDAP_SEARCH_DN "${config.ldap.dn}"
- SetEnv SPIP_LDAP_SEARCH_PW "${config.ldap.password}"
- SetEnv SPIP_LDAP_SEARCH "${config.ldap.search}"
- SetEnv SPIP_MYSQL_HOST "${config.mysql.host}"
- SetEnv SPIP_MYSQL_PORT "${config.mysql.port}"
- SetEnv SPIP_MYSQL_DB "${config.mysql.name}"
- SetEnv SPIP_MYSQL_USER "${config.mysql.user}"
- SetEnv SPIP_MYSQL_PASSWORD "${config.mysql.password}"
- '';
- }];
- apache = rec {
- user = "wwwrun";
- group = "wwwrun";
- modules = [ "proxy_fcgi" ];
- webappName = "chloe_${app.environment}";
- root = "/run/current-system/webapps/${webappName}";
- vhostConf = ''
- Include /var/secrets/webapps/${app.environment}-chloe
-
- RewriteEngine On
- ${if app.environment == "prod" then ''
- RewriteRule ^/news.rss /spip.php?page=backend&id_rubrique=1
- '' else ""}
-
- <FilesMatch "\.php$">
- SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
- </FilesMatch>
-
- <Directory ${root}>
- DirectoryIndex index.php index.htm index.html
- Options -Indexes +FollowSymLinks +MultiViews +Includes
- Include ${root}/htaccess.txt
-
- AllowOverride AuthConfig FileInfo Limit
- Require all granted
- </Directory>
-
- <DirectoryMatch "${root}/squelettes">
- Require all denied
- </DirectoryMatch>
-
- <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$">
- Require all denied
- </FilesMatch>
-
- ${if app.environment == "dev" then ''
- <Location />
- Use LDAPConnect
- Require ldap-group cn=chloe.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
- ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://osteopathe-cc.fr\"></html>"
- </Location>
- '' else ''
- Use Stats osteopathe-cc.fr
- ''}
- '';
- };
- activationScript = {
- deps = [ "wrappers" ];
- text = ''
- install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local
- install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions
- '';
- };
- configDir = ./chloe_config_ + app.environment;
-}
projects / perso / Immae / Config / Nix.git / blobdiff