enableSSL = true;
sslServerCert = "/var/lib/acme/${vhostConf.certName}/cert.pem";
sslServerKey = "/var/lib/acme/${vhostConf.certName}/key.pem";
- sslServerChain = "/var/lib/acme/${vhostConf.certName}/fullchain.pem";
+ sslServerChain = "/var/lib/acme/${vhostConf.certName}/chain.pem";
logFormat = "combinedVhost";
listen = map (ip: { inherit ip; port = 443; }) cfg.ips;
hostName = builtins.head vhostConf.hosts;
./ftp/nassime.nix
./ftp/florian.nix
./ftp/denisejerome.nix
+ ./ftp/leila.nix
./ftp/immae.nix
./ftp/release.nix
./ftp/temp.nix
};
config = {
+ users.users.wwwrun.extraGroups = [ "keys" ];
networking.firewall.allowedTCPPorts = [ 80 443 ];
nixpkgs.overlays = [ (self: super: rec {
+ #openssl = self.openssl_1_1;
php = php72;
php72 = (super.php72.override {
mysql.connector-c = self.mariadb;
services.myWebsites.Jerome.production.enable = cfg.production.enable;
services.myWebsites.Nassime.production.enable = cfg.production.enable;
services.myWebsites.Florian.production.enable = cfg.production.enable;
+ services.myWebsites.Leila.production.enable = cfg.production.enable;
services.myWebsites.DeniseJerome.production.enable = cfg.production.enable;
services.myWebsites.Emilia.production.enable = cfg.production.enable;
services.myWebsites.Capitaines.production.enable = cfg.production.enable;
services.myWebsites.TellesFlorian.integration.enable = true;
services.myWebsites.Florian.integration.enable = true;
+ deployment.keys.apache-ldap = {
+ user = "wwwrun";
+ group = "wwwrun";
+ permissions = "0400";
+ text = ''
+ <Macro LDAPConnect>
+ <IfModule authnz_ldap_module>
+ AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu STARTTLS
+ AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu
+ AuthLDAPBindPassword "${myconfig.env.httpd.ldap.password}"
+ AuthType Basic
+ AuthName "Authentification requise (Acces LDAP)"
+ AuthBasicProvider ldap
+ </IfModule>
+ </Macro>
+ '';
+ };
+
services.myWebsites.apacheConfig = {
gzip = {
modules = [ "deflate" "filter" ];
LDAPOpCacheTTL 600
</IfModule>
- <Macro LDAPConnect>
- <IfModule authnz_ldap_module>
- AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu STARTTLS
- AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu
- AuthLDAPBindPassword "${myconfig.env.httpd.ldap.password}"
- AuthType Basic
- AuthName "Authentification requise (Acces LDAP)"
- AuthBasicProvider ldap
- </IfModule>
- </Macro>
+ Include /run/keys/apache-ldap
'';
};
global = {
install -d -m 0755 /var/lib/acme/acme-challenge
install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions
install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/adminer
+ install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/tmp/adminer
install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/mantisbt
install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/davical
+ install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/phpldapadmin
'';
};
phpOptions = ''
session.save_path = "/var/lib/php/sessions"
post_max_size = 20M
- session.gc_maxlifetime = 60*60*24*15
- session.cache_expire = 60*24*30
+ ; 15 days (seconds)
+ session.gc_maxlifetime = 1296000
+ ; 30 days (minutes)
+ session.cache_expire = 43200
'';
extraConfig = ''
log_level = notice
projects / perso / Immae / Config / Nix.git / blobdiff