tellesflorian = { config }: rec {
environment = config.environment;
varDir = "/var/lib/tellesflorian_${environment}";
- keys."${environment}-tellesflorian" = {
- destDir = "/run/keys/webapps";
- user = apache.user;
- group = apache.group;
- permissions = "0400";
- text = ''
- # This file is auto-generated during the composer install
- parameters:
+ keys = [
+ {
+ dest = "webapps/${environment}-tellesflorian-passwords";
+ user = apache.user;
+ group = apache.group;
+ permissions = "0400";
+ text = ''
+ invite:${config.invite_passwords}
+ '';
+ }
+ {
+ dest = "webapps/${environment}-tellesflorian";
+ user = apache.user;
+ group = apache.group;
+ permissions = "0400";
+ text = ''
+ # This file is auto-generated during the composer install
+ parameters:
database_host: ${config.mysql.host}
database_port: ${config.mysql.port}
database_name: ${config.mysql.name}
mailer_user: null
mailer_password: null
secret: ${config.secret}
- '';
- };
+ '';
+ }
+ ];
phpFpm = rec {
preStart = ''
if [ ! -f "${varDir}/currentWebappDir" -o \
/run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup
popd > /dev/null
echo -n "${webappDir}" > ${varDir}/currentWebappDir
- sha512sum /run/keys/webapps/${environment}-tellesflorian > ${varDir}/currentKey
+ sha512sum /var/secrets/webapps/${environment}-tellesflorian > ${varDir}/currentKey
fi
'';
- serviceDeps = [
- "mysql.service"
- "${environment}-tellesflorian-passwords-key.service"
- "${environment}-tellesflorian-key.service"
- ];
+ serviceDeps = [ "mysql.service" ];
socket = "/var/run/phpfpm/floriantelles-${environment}.sock";
pool = ''
listen = ${socket}
php_admin_value[upload_max_filesize] = 20M
php_admin_value[post_max_size] = 20M
;php_admin_flag[log_errors] = on
- php_admin_value[open_basedir] = "/run/keys/webapps/${environment}-tellesflorian:${webappDir}:${varDir}:/tmp"
+ php_admin_value[open_basedir] = "/var/secrets/webapps/${environment}-tellesflorian:${webappDir}:${varDir}:/tmp"
php_admin_value[session.save_path] = "${varDir}/phpSessions"
${if environment == "dev" then ''
pm = ondemand
pm.max_spare_servers = 3
''}'';
};
- keys."${environment}-tellesflorian-passwords" = {
- destDir = "/run/keys/webapps";
- user = apache.user;
- group = apache.group;
- permissions = "0400";
- text = ''
- invite:${config.invite_passwords}
- '';
- };
apache = rec {
user = "wwwrun";
group = "wwwrun";
Use LDAPConnect
Require ldap-group cn=app.tellesflorian.com,cn=httpd,ou=services,dc=immae,dc=eu
- AuthUserFile "/run/keys/webapps/${environment}-tellesflorian-passwords"
+ AuthUserFile "/var/secrets/webapps/${environment}-tellesflorian-passwords"
Require user "invite"
ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://tellesflorian.com\"></html>"
postInstall = ''
cd $out
rm app/config/parameters.yml
- ln -sf /run/keys/webapps/${environment}-tellesflorian app/config/parameters.yml
+ ln -sf /var/secrets/webapps/${environment}-tellesflorian app/config/parameters.yml
rm -rf var/{logs,cache}
ln -sf ${varDir}/var/{logs,cache,sessions} var/
'';
projects / perso / Immae / Config / Nix.git / blobdiff