/run/wrappers/bin/sudo -u wwwrun APP_ENV=${environment} ./bin/console --env=${environment} cache:clear --no-warmup
popd > /dev/null
echo -n "${webappDir}" > ${varDir}/currentWebappDir
- sha512sum /run/keys/webapps/${environment}-aten > ${varDir}/currentKey
+ sha512sum /var/secrets/webapps/${environment}-aten > ${varDir}/currentKey
fi
'';
- serviceDeps = [ "postgresql.service" "${environment}-aten-key.service" ];
+ serviceDeps = [ "postgresql.service" ];
socket = "/var/run/phpfpm/aten-${environment}.sock";
pool = ''
listen = ${socket}
pm.max_spare_servers = 3
''}'';
};
- keys."${environment}-aten" = {
- destDir = "/run/keys/webapps";
+ keys = [{
+ dest = "webapps/${environment}-aten";
user = apache.user;
group = apache.group;
permissions = "0400";
SetEnv APP_SECRET "${config.secret}"
SetEnv DATABASE_URL "${config.psql_url}"
'';
- };
+ }];
apache = rec {
user = "wwwrun";
group = "wwwrun";
SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
</FilesMatch>
- Include /run/keys/webapps/${environment}-aten
+ Include /var/secrets/webapps/${environment}-aten
${if environment == "dev" then ''
<Location />
config = lib.mkMerge [
(lib.mkIf cfg.production.enable {
- deployment.keys = aten_prod.keys;
+ mySecrets.keys = aten_prod.keys;
services.myWebsites.commons.stats.enable = true;
services.myWebsites.commons.stats.sites = [
{
};
})
(lib.mkIf cfg.integration.enable {
- deployment.keys = aten_dev.keys;
+ mySecrets.keys = aten_dev.keys;
security.acme.certs."eldiron".extraDomains."dev.aten.pro" = null;
services.myPhpfpm.preStart.aten_dev = aten_dev.phpFpm.preStart;
services.myPhpfpm.serviceDependencies.aten_dev = aten_dev.phpFpm.serviceDeps;
chloe = { config }: rec {
environment = config.environment;
phpFpm = rec {
- serviceDeps = [ "mysql.service" "${environment}-chloe-key.service" ];
+ serviceDeps = [ "mysql.service" ];
socket = "/var/run/phpfpm/chloe-${environment}.sock";
pool = ''
listen = ${socket}
pm.max_spare_servers = 3
''}'';
};
- keys."${environment}-chloe" = {
- destDir = "/run/keys/webapps";
+ keys = [{
+ dest = "webapps/${environment}-chloe";
user = apache.user;
group = apache.group;
permissions = "0400";
SetEnv SPIP_MYSQL_USER "${config.mysql.user}"
SetEnv SPIP_MYSQL_PASSWORD "${config.mysql.password}"
'';
- };
+ }];
apache = rec {
user = "wwwrun";
group = "wwwrun";
webappName = "chloe_${environment}";
root = "/run/current-system/webapps/${webappName}";
vhostConf = ''
- Include /run/keys/webapps/${environment}-chloe
+ Include /var/secrets/webapps/${environment}-chloe
RewriteEngine On
${if environment == "prod" then ''
config = lib.mkMerge [
(lib.mkIf cfg.production.enable {
- deployment.keys = chloe_prod.keys;
+ mySecrets.keys = chloe_prod.keys;
services.myWebsites.commons.stats.enable = true;
services.myWebsites.commons.stats.sites = [
{
};
})
(lib.mkIf cfg.integration.enable {
- deployment.keys = chloe_dev.keys;
+ mySecrets.keys = chloe_dev.keys;
security.acme.certs."eldiron".extraDomains."chloe.immae.eu" = null;
services.myPhpfpm.serviceDependencies.chloe_dev = chloe_dev.phpFpm.serviceDeps;
services.myPhpfpm.poolConfigs.chloe_dev = chloe_dev.phpFpm.pool;
connexionswing = { config }: rec {
environment = config.environment;
varDir = "/var/lib/connexionswing_${environment}";
- keys."${environment}-connexionswing" = {
- destDir = "/run/keys/webapps";
+ keys = [{
+ dest = "webapps/${environment}-connexionswing";
user = apache.user;
group = apache.group;
permissions = "0400";
arguments: ['/run/wrappers/bin/sendmail -bs']
'' else ""}
'';
- };
+ }];
phpFpm = rec {
preStart = ''
if [ ! -f "${varDir}/currentWebappDir" -o \
/run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup
popd > /dev/null
echo -n "${webappDir}" > ${varDir}/currentWebappDir
- sha512sum /run/keys/webapps/${environment}-connexionswing > ${varDir}/currentKey
+ sha512sum /var/secrets/webapps/${environment}-connexionswing > ${varDir}/currentKey
fi
'';
- serviceDeps = [ "mysql.service" "${environment}-connexionswing-key.service" ];
+ serviceDeps = [ "mysql.service" ];
socket = "/var/run/phpfpm/connexionswing-${environment}.sock";
phpConfig = ''
extension=${phpPackages.imagick}/lib/php/extensions/imagick.so
php_admin_value[upload_max_filesize] = 20M
php_admin_value[post_max_size] = 20M
;php_admin_flag[log_errors] = on
- php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/run/keys/webapps/${environment}-connexionswing:${webappDir}:${varDir}:/tmp"
+ php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/secrets/webapps/${environment}-connexionswing:${webappDir}:${varDir}:/tmp"
php_admin_value[session.save_path] = "${varDir}/phpSessions"
${if environment == "dev" then ''
pm = ondemand
cd $out
${if environment == "prod" then "php ./bin/console assetic:dump --env=prod --no-debug" else ""}
rm app/config/parameters.yml
- ln -sf /run/keys/webapps/${environment}-connexionswing app/config/parameters.yml
+ ln -sf /var/secrets/webapps/${environment}-connexionswing app/config/parameters.yml
rm -rf var/{logs,cache}
ln -sf ${varDir}/var/{logs,cache} var/
ln -sf ${varDir}/{medias,uploads} web/images/
config = lib.mkMerge [
(lib.mkIf cfg.production.enable {
- deployment.keys = connexionswing_prod.keys;
+ mySecrets.keys = connexionswing_prod.keys;
services.myWebsites.commons.stats.enable = true;
services.myWebsites.commons.stats.sites = [
{
};
})
(lib.mkIf cfg.integration.enable {
- deployment.keys = connexionswing_dev.keys;
+ mySecrets.keys = connexionswing_dev.keys;
security.acme.certs."eldiron".extraDomains."sandetludo.immae.eu" = null;
security.acme.certs."eldiron".extraDomains."connexionswing.immae.eu" = null;
services.myPhpfpm.preStart.connexionswing_dev = connexionswing_dev.phpFpm.preStart;
domain = "naturaloutil.immae.eu";
};
- deployment.keys."prod-naturaloutil" = {
- destDir = "/run/keys/webapps";
+ mySecrets.keys = [{
+ dest = "webapps/prod-naturaloutil";
user = "wwwrun";
group = "wwwrun";
permissions = "0400";
$database = connect_db($db, $mysql_server, $mysql_base, $mysql_user, $mysql_password);
?>
'';
- };
- services.myPhpfpm.serviceDependencies.jerome = [ "mysql.service" "prod-naturaloutil-key.service" ];
+ }];
+ services.myPhpfpm.serviceDependencies.jerome = [ "mysql.service" ];
services.myPhpfpm.poolConfigs.jerome = ''
listen = /run/phpfpm/naturaloutil.sock
user = wwwrun
pm.max_children = 5
pm.process_idle_timeout = 60
- env[BDD_CONNECT] = "/run/keys/webapps/prod-naturaloutil"
- php_admin_value[open_basedir] = "/run/keys/webapps/prod-naturaloutil:${varDir}:/tmp"
+ env[BDD_CONNECT] = "/var/secrets/webapps/prod-naturaloutil"
+ php_admin_value[open_basedir] = "/var/secrets/webapps/prod-naturaloutil:${varDir}:/tmp"
'';
services.myPhpfpm.poolPhpConfigs.jerome = ''
extension=${pkgs.php}/lib/php/extensions/mysqli.so
config = lib.mkMerge [
(lib.mkIf cfg.production.enable {
- deployment.keys = ludivinecassal_prod.keys;
+ mySecrets.keys = ludivinecassal_prod.keys;
services.myWebsites.commons.stats.enable = true;
services.myWebsites.commons.stats.sites = [
{
};
})
(lib.mkIf cfg.integration.enable {
- deployment.keys = ludivinecassal_dev.keys;
+ mySecrets.keys = ludivinecassal_dev.keys;
security.acme.certs."eldiron".extraDomains."ludivine.immae.eu" = null;
services.myPhpfpm.preStart.ludivinecassal_dev = ludivinecassal_dev.phpFpm.preStart;
ludivinecassal = { config }: rec {
environment = config.environment;
varDir = "/var/lib/ludivinecassal_${environment}";
- keys."${environment}-ludivinecassal" = {
- destDir = "/run/keys/webapps";
+ keys = [{
+ dest = "webapps/${environment}-ludivinecassal";
user = apache.user;
group = apache.group;
permissions = "0400";
sass: ${sass}/bin/sass
ruby: ${ruby}/bin/ruby
'';
- };
+ }];
phpFpm = rec {
preStart = ''
if [ ! -f "${varDir}/currentWebappDir" -o \
/run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup
popd > /dev/null
echo -n "${webappDir}" > ${varDir}/currentWebappDir
- sha512sum /run/keys/webapps/${environment}-ludivinecassal > ${varDir}/currentKey
+ sha512sum /var/secrets/webapps/${environment}-ludivinecassal > ${varDir}/currentKey
fi
'';
- serviceDeps = [ "mysql.service" "${environment}-ludivinecassal-key.service" ];
+ serviceDeps = [ "mysql.service" ];
socket = "/var/run/phpfpm/ludivinecassal-${environment}.sock";
pool = ''
listen = ${socket}
php_admin_value[upload_max_filesize] = 20M
php_admin_value[post_max_size] = 20M
;php_admin_flag[log_errors] = on
- php_admin_value[open_basedir] = "/run/keys/webapps/${environment}-ludivinecassal:${webappDir}:${varDir}:/tmp"
+ php_admin_value[open_basedir] = "/var/secrets/webapps/${environment}-ludivinecassal:${webappDir}:${varDir}:/tmp"
php_admin_value[session.save_path] = "${varDir}/phpSessions"
${if environment == "dev" then ''
pm = ondemand
postInstall = ''
rm -rf var/{logs,cache,data,miniatures,tmp}
ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/
- ln -sf /run/keys/webapps/${environment}-ludivinecassal app/config/parameters.yml
+ ln -sf /var/secrets/webapps/${environment}-ludivinecassal app/config/parameters.yml
'';
buildInputs = [ sass ];
});
config = lib.mkMerge [
(lib.mkIf cfg.production.enable {
- deployment.keys = piedsjaloux_prod.keys;
+ mySecrets.keys = piedsjaloux_prod.keys;
services.myWebsites.commons.stats.enable = true;
services.myWebsites.commons.stats.sites = [
{
};
})
(lib.mkIf cfg.integration.enable {
- deployment.keys = piedsjaloux_dev.keys;
+ mySecrets.keys = piedsjaloux_dev.keys;
security.acme.certs."eldiron".extraDomains."piedsjaloux.immae.eu" = null;
services.myPhpfpm.preStart.piedsjaloux_dev = piedsjaloux_dev.phpFpm.preStart;
services.myPhpfpm.serviceDependencies.piedsjaloux_dev = piedsjaloux_dev.phpFpm.serviceDeps;
piedsjaloux = { config }: rec {
environment = config.environment;
varDir = "/var/lib/piedsjaloux_${environment}";
- keys."${environment}-piedsjaloux" = {
- destDir = "/run/keys/webapps";
+ keys = [{
+ dest = "webapps/${environment}-piedsjaloux";
user = apache.user;
group = apache.group;
permissions = "0400";
leapt_im:
binary_path: ${imagemagick}/bin
'';
- };
+ }];
phpFpm = rec {
preStart = ''
if [ ! -f "${varDir}/currentWebappDir" -o \
/run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup
popd > /dev/null
echo -n "${webappDir}" > ${varDir}/currentWebappDir
- sha512sum /run/keys/webapps/${environment}-piedsjaloux > ${varDir}/currentKey
+ sha512sum /var/secrets/webapps/${environment}-piedsjaloux > ${varDir}/currentKey
fi
'';
- serviceDeps = [ "mysql.service" "${environment}-piedsjaloux-key.service" ];
+ serviceDeps = [ "mysql.service" ];
socket = "/var/run/phpfpm/piedsjaloux-${environment}.sock";
pool = ''
listen = ${socket}
php_admin_value[upload_max_filesize] = 20M
php_admin_value[post_max_size] = 20M
;php_admin_flag[log_errors] = on
- php_admin_value[open_basedir] = "/run/keys/webapps/${environment}-piedsjaloux:${webappDir}:${varDir}:/tmp"
+ php_admin_value[open_basedir] = "/var/secrets/webapps/${environment}-piedsjaloux:${webappDir}:${varDir}:/tmp"
php_admin_value[session.save_path] = "${varDir}/phpSessions"
env[PATH] = ${lib.makeBinPath [ pkgs.apg pkgs.unzip ]}
${if environment == "dev" then ''
postInstall = ''
cd $out
rm app/config/parameters.yml
- ln -sf /run/keys/webapps/${environment}-piedsjaloux app/config/parameters.yml
+ ln -sf /var/secrets/webapps/${environment}-piedsjaloux app/config/parameters.yml
rm -rf var/{logs,cache,data,miniatures,tmp}
ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/
'';
};
config = lib.mkIf cfg.integration.enable {
- deployment.keys = tellesflorian_dev.keys;
+ mySecrets.keys = tellesflorian_dev.keys;
security.acme.certs."eldiron".extraDomains."app.tellesflorian.com" = null;
services.myPhpfpm.preStart.tellesflorian_dev = tellesflorian_dev.phpFpm.preStart;
services.myPhpfpm.serviceDependencies.tellesflorian_dev = tellesflorian_dev.phpFpm.serviceDeps;
tellesflorian = { config }: rec {
environment = config.environment;
varDir = "/var/lib/tellesflorian_${environment}";
- keys."${environment}-tellesflorian" = {
- destDir = "/run/keys/webapps";
- user = apache.user;
- group = apache.group;
- permissions = "0400";
- text = ''
- # This file is auto-generated during the composer install
- parameters:
+ keys = [
+ {
+ dest = "webapps/${environment}-tellesflorian-passwords";
+ user = apache.user;
+ group = apache.group;
+ permissions = "0400";
+ text = ''
+ invite:${config.invite_passwords}
+ '';
+ }
+ {
+ dest = "webapps/${environment}-tellesflorian";
+ user = apache.user;
+ group = apache.group;
+ permissions = "0400";
+ text = ''
+ # This file is auto-generated during the composer install
+ parameters:
database_host: ${config.mysql.host}
database_port: ${config.mysql.port}
database_name: ${config.mysql.name}
mailer_user: null
mailer_password: null
secret: ${config.secret}
- '';
- };
+ '';
+ }
+ ];
phpFpm = rec {
preStart = ''
if [ ! -f "${varDir}/currentWebappDir" -o \
/run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup
popd > /dev/null
echo -n "${webappDir}" > ${varDir}/currentWebappDir
- sha512sum /run/keys/webapps/${environment}-tellesflorian > ${varDir}/currentKey
+ sha512sum /var/secrets/webapps/${environment}-tellesflorian > ${varDir}/currentKey
fi
'';
- serviceDeps = [
- "mysql.service"
- "${environment}-tellesflorian-passwords-key.service"
- "${environment}-tellesflorian-key.service"
- ];
+ serviceDeps = [ "mysql.service" ];
socket = "/var/run/phpfpm/floriantelles-${environment}.sock";
pool = ''
listen = ${socket}
php_admin_value[upload_max_filesize] = 20M
php_admin_value[post_max_size] = 20M
;php_admin_flag[log_errors] = on
- php_admin_value[open_basedir] = "/run/keys/webapps/${environment}-tellesflorian:${webappDir}:${varDir}:/tmp"
+ php_admin_value[open_basedir] = "/var/secrets/webapps/${environment}-tellesflorian:${webappDir}:${varDir}:/tmp"
php_admin_value[session.save_path] = "${varDir}/phpSessions"
${if environment == "dev" then ''
pm = ondemand
pm.max_spare_servers = 3
''}'';
};
- keys."${environment}-tellesflorian-passwords" = {
- destDir = "/run/keys/webapps";
- user = apache.user;
- group = apache.group;
- permissions = "0400";
- text = ''
- invite:${config.invite_passwords}
- '';
- };
apache = rec {
user = "wwwrun";
group = "wwwrun";
Use LDAPConnect
Require ldap-group cn=app.tellesflorian.com,cn=httpd,ou=services,dc=immae,dc=eu
- AuthUserFile "/run/keys/webapps/${environment}-tellesflorian-passwords"
+ AuthUserFile "/var/secrets/webapps/${environment}-tellesflorian-passwords"
Require user "invite"
ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://tellesflorian.com\"></html>"
postInstall = ''
cd $out
rm app/config/parameters.yml
- ln -sf /run/keys/webapps/${environment}-tellesflorian app/config/parameters.yml
+ ln -sf /var/secrets/webapps/${environment}-tellesflorian app/config/parameters.yml
rm -rf var/{logs,cache}
ln -sf ${varDir}/var/{logs,cache,sessions} var/
'';
projects / perso / Immae / Config / Nix.git / commitdiff
