"cloud.immae.eu" = null;
"ludivine.immae.eu" = null;
"dev.aten.pro" = null;
+ "piedsjaloux.immae.eu" = null;
};
};
"ludivinecassal" = {
"www.aten.pro" = null;
};
};
+ "piedsjaloux" = {
+ webroot = "/var/lib/acme/acme-challenge";
+ email = "ismael@bouya.org";
+ domain = "piedsjaloux.fr";
+ plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ];
+ postRun = ''
+ systemctl reload httpd.service
+ '';
+ extraDomains = {
+ "www.piedsjaloux.fr" = null;
+ };
+ };
# "connexionswing" = {
# webroot = "/var/lib/acme/acme-challenge";
# email = "ismael@bouya.org";
connexionswing_prod = mypkgs.connexionswing_prod.phpFpm.pool;
ludivinecassal_dev = mypkgs.ludivinecassal_dev.phpFpm.pool;
ludivinecassal_prod = mypkgs.ludivinecassal_prod.phpFpm.pool;
+ piedsjaloux_dev = mypkgs.piedsjaloux_dev.phpFpm.pool;
+ piedsjaloux_prod = mypkgs.piedsjaloux_prod.phpFpm.pool;
aten_dev = mypkgs.aten_dev.phpFpm.pool;
aten_prod = mypkgs.aten_prod.phpFpm.pool;
nextcloud = mypkgs.nextcloud.phpFpm.pool;
connexionswing_dev = mypkgs.connexionswing_dev.activationScript;
connexionswing_prod = mypkgs.connexionswing_prod.activationScript;
ludivinecassal_dev = mypkgs.ludivinecassal_dev.activationScript;
- ludivinecassal_prod = mypkgs.ludivinecassal_prod.activationScript;
+ ludivinecassal_prod = mypkgs.ludivinecassal_prod.activationScript;
+ piedsjaloux_dev = mypkgs.piedsjaloux_dev.activationScript;
+ piedsjaloux_prod = mypkgs.piedsjaloux_prod.activationScript;
aten_dev = mypkgs.aten_dev.activationScript;
aten_prod = mypkgs.aten_prod.activationScript;
nextcloud = mypkgs.nextcloud.activationScript;
goaccess = ''
mkdir -p /var/lib/goaccess
mkdir -p /var/lib/goaccess/aten.pro
+ mkdir -p /var/lib/goaccess/ludivinecassal.com
+ mkdir -p /var/lib/goaccess/piedsjaloux.fr
'';
};
mypkgs.connexionswing_prod.apache.modules ++
mypkgs.ludivinecassal_dev.apache.modules ++
mypkgs.ludivinecassal_prod.apache.modules ++
+ mypkgs.piedsjaloux_dev.apache.modules ++
+ mypkgs.piedsjaloux_prod.apache.modules ++
mypkgs.aten_dev.apache.modules ++
mypkgs.aten_prod.apache.modules ++
mypkgs.ympd.apache.modules ++
mypkgs.ludivinecassal_prod.apache.vhostConf
];
})
+ (withConf "eldiron" // {
+ hostName = "piedsjaloux.immae.eu";
+ documentRoot = mypkgs.piedsjaloux_dev.webRoot;
+ extraConfig = builtins.concatStringsSep "\n" [
+ mypkgs.piedsjaloux_dev.apache.vhostConf
+ ];
+ })
+ (withConf "piedsjaloux" // {
+ hostName = "piedsjaloux.fr";
+ serverAliases = [ "www.piedsjaloux.fr" ];
+ documentRoot = mypkgs.piedsjaloux_prod.webRoot;
+ extraConfig = builtins.concatStringsSep "\n" [
+ mypkgs.piedsjaloux_prod.apache.vhostConf
+ ];
+ })
(withConf "eldiron" // {
hostName = "dev.aten.pro";
documentRoot = mypkgs.aten_dev.webRoot;
in [
"5 0 * * * root ${stats "aten.pro" ./packages/aten_goaccess.conf}"
"5 0 * * * root ${stats "ludivinecassal.com" ./packages/ludivinecassal_goaccess.conf}"
+ "5 0 * * * root ${stats "piedsjaloux.fr" ./packages/piedsjaloux_goaccess.conf}"
];
};
};
let
connexionswing = callPackage ./packages/connexionswing.nix { inherit checkEnv fetchedGitPrivate; };
ludivinecassal = callPackage ./packages/ludivinecassal.nix { inherit checkEnv fetchedGitPrivate; };
+ piedsjaloux = callPackage ./packages/piedsjaloux.nix { inherit checkEnv fetchedGitPrivate; };
aten = callPackage ./packages/aten.nix { inherit checkEnv fetchedGitPrivate; };
nextcloud = callPackage ./packages/nextcloud.nix { inherit checkEnv; };
adminer = callPackage ./packages/adminer.nix {};
ludivinecassal_prod = ludivinecassal { environment = "prod"; };
aten_dev = aten { environment = "dev"; };
aten_prod = aten { environment = "prod"; };
+ piedsjaloux_dev = piedsjaloux { environment = "dev"; };
+ piedsjaloux_prod = piedsjaloux { environment = "prod"; };
inherit nextcloud;
inherit mantisbt;
# FIXME: add buildbot
assert checkEnv "NIXOPS_${varPrefix}_${envName}_SECRET";
assert checkEnv "NIXOPS_${varPrefix}_${envName}_PSQL_URL";
''
- Use Stats aten.pro
-
<FilesMatch "\.php$">
SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
</FilesMatch>
ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
</Location>
'' else ''
+ Use Stats aten.pro
+
<Location /backend>
Use LDAPConnect
Require ldap-group cn=aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
group = "wwwrun";
modules = [ "proxy_fcgi" ];
vhostConf = ''
- Use Stats ludivinecassal.com
-
<FilesMatch "\.php$">
SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
</FilesMatch>
</Directory>
'' else ''
+ Use Stats ludivinecassal.com
+
<Directory ${webRoot}>
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride All
--- /dev/null
+{
+ "tag": "c7a5593-master",
+ "meta": {
+ "name": "piedsjaloux",
+ "url": "gitolite@git.immae.eu:Pieds_jaloux/NewSite",
+ "branch": "master"
+ },
+ "git": {
+ "url": "gitolite@git.immae.eu:Pieds_jaloux/NewSite",
+ "rev": "c7a5593c37040c6f1f57f8163bc13256aabf6b3e",
+ "sha256": "1zvyd90d6xns6ypnp1p3fgbcl30pqwdv335qagbbjak1cn8jaq4l",
+ "fetchSubmodules": true
+ }
+}
--- /dev/null
+{ lib, checkEnv, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages, texlive, imagemagick }:
+let
+ piedsjaloux = { environment ? "dev" }: rec {
+ varPrefix = "PIEDSJALOUX";
+ varDir = "/var/lib/piedsjaloux_${environment}";
+ envName= lib.strings.toUpper environment;
+ configRoot =
+ assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD";
+ assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER";
+ assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME";
+ assert checkEnv "NIXOPS_${varPrefix}_${envName}_SECRET";
+ writeText "parameters.yml" ''
+ # This file is auto-generated during the composer install
+ parameters:
+ database_host: db-1.immae.eu
+ database_port: null
+ database_name: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME"}
+ database_user: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"}
+ database_password: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"}
+ mailer_transport: smtp
+ mailer_host: mail.immae.eu
+ mailer_user: null
+ mailer_password: null
+ secret: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_SECRET"}
+ pdflatex: "${texlive.combine { inherit (texlive) attachfile preprint scheme-small; }}/bin/pdflatex"
+ leapt_im:
+ binary_path: ${imagemagick}/bin
+ '';
+ phpFpm = rec {
+ socket = "/var/run/phpfpm/piedsjaloux-${environment}.sock";
+ pool = ''
+ listen = ${socket}
+ user = ${apache.user}
+ group = ${apache.group}
+ listen.owner = ${apache.user}
+ listen.group = ${apache.group}
+ php_admin_value[upload_max_filesize] = 20M
+ php_admin_value[post_max_size] = 20M
+ ;php_admin_flag[log_errors] = on
+ php_admin_value[open_basedir] = "${configRoot}:${webappDir}:${varDir}:/tmp"
+ ${if environment == "dev" then ''
+ pm = ondemand
+ pm.max_children = 5
+ pm.process_idle_timeout = 60
+ env[SYMFONY_DEBUG_MODE] = "yes"
+ '' else ''
+ pm = dynamic
+ pm.max_children = 20
+ pm.start_servers = 2
+ pm.min_spare_servers = 1
+ pm.max_spare_servers = 3
+ ''}'';
+ };
+ apache = {
+ user = "wwwrun";
+ group = "wwwrun";
+ modules = [ "proxy_fcgi" ];
+ vhostConf = ''
+ <FilesMatch "\.php$">
+ SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+ </FilesMatch>
+
+ ${if environment == "dev" then ''
+ <Location />
+ Use LDAPConnect
+ Require ldap-group cn=piedsjaloux.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
+ ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://piedsjaloux.fr\"></html>"
+ </Location>
+
+ <Directory ${webRoot}>
+ Options Indexes FollowSymLinks MultiViews Includes
+ AllowOverride None
+ Require all granted
+
+ DirectoryIndex app_dev.php
+
+ <IfModule mod_negotiation.c>
+ Options -MultiViews
+ </IfModule>
+
+ <IfModule mod_rewrite.c>
+ RewriteEngine On
+
+ RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
+ RewriteRule ^(.*) - [E=BASE:%1]
+
+ # Maintenance script
+ RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f
+ RewriteCond %{SCRIPT_FILENAME} !maintenance.php
+ RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]
+ ErrorDocument 503 /maintenance.php
+
+ # Sets the HTTP_AUTHORIZATION header removed by Apache
+ RewriteCond %{HTTP:Authorization} .
+ RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+
+ RewriteCond %{ENV:REDIRECT_STATUS} ^$
+ RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
+
+ # If the requested filename exists, simply serve it.
+ # We only want to let Apache serve files and not directories.
+ RewriteCond %{REQUEST_FILENAME} -f
+ RewriteRule ^ - [L]
+
+ # Rewrite all other queries to the front controller.
+ RewriteRule ^ %{ENV:BASE}/app_dev.php [L]
+ </IfModule>
+
+ </Directory>
+ '' else ''
+ Use Stats piedsjaloux.fr
+
+ <Directory ${webRoot}>
+ Options Indexes FollowSymLinks MultiViews Includes
+ AllowOverride All
+ Require all granted
+ </Directory>
+ ''}
+ '';
+ };
+ activationScript = {
+ deps = [ "wrappers" ];
+ text = ''
+ install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
+ ${varDir}/tmp
+ if [ ! -f "${varDir}/currentWebappDir" -o \
+ "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then
+ pushd ${webappDir} > /dev/null
+ $wrapperDir/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup
+ popd > /dev/null
+ echo -n "${webappDir}" > ${varDir}/currentWebappDir
+ fi
+ '';
+ };
+ webappDir = stdenv.mkDerivation (fetchedGitPrivate ./piedsjaloux.json // rec {
+ # FIXME: can we do better than symlink?
+ # FIXME: initial sync
+ # FIXME: backup
+ # FIXME: miniatures and data need to be in the same dir due to a
+ # bug in leapt.im (searches for data/../miniatures)
+ # FIXME: var/bootstrap.php.cache doesn't get created
+ # (cannot work with var as a symlink since the file
+ # references ..)
+ # FIXME: configuration change should not trigger a rebuild
+ buildPhase = ''
+ export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
+ export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
+
+ ln -sf ${configRoot} app/config/parameters.yml
+ sed -i -e "/Incenteev..ParameterHandler..ScriptHandler::buildParameters/d" composer.json
+ ${if environment == "dev" then ''
+ composer install
+ '' else ''
+ SYMFONY_ENV=prod composer install --no-dev
+ ''}
+ rm -rf var
+ ln -sf ../../../../../${varDir} var
+ '';
+ installPhase = ''
+ cp -a . $out
+ '';
+ buildInputs = [
+ php git cacert phpPackages.composer
+ ];
+ });
+ webRoot = "${webappDir}/web";
+ };
+in
+ piedsjaloux
--- /dev/null
+time-format %H:%M:%S
+date-format %d/%b/%Y
+
+#sur immae.eu
+#log-format %v %h %^[%d:%t %^] "%r" %s %b "%R" "%u" $^
+
+log-format VCOMBINED
+#= %v:%^ %h %^[%d:%t %^] "%r" %s %b "%R" "%u"
+
+html-prefs {"theme":"bright","layout":"vertical"}
+
+exclude-ip 188.165.209.148
+exclude-ip 178.33.252.96
+exclude-ip 2001:41d0:2:9c94::1
+exclude-ip 2001:41d0:2:9c94::
+exclude-ip 176.9.151.89
+exclude-ip 2a01:4f8:160:3445::
+exclude-ip 82.255.56.72
+
+no-query-string true
+
+keep-db-files true
+load-from-disk true
+db-path /var/lib/goaccess/piedsjaloux.fr
+
+ignore-panel REFERRERS
+ignore-panel KEYPHRASES
+
+static-file .css
+static-file .js
+static-file .jpg
+static-file .png
+static-file .gif
+static-file .ico
+static-file .jpeg
+static-file .pdf
+static-file .csv
+static-file .mpeg
+static-file .mpg
+static-file .swf
+static-file .woff
+static-file .woff2
+static-file .xls
+static-file .xlsx
+static-file .doc
+static-file .docx
+static-file .ppt
+static-file .pptx
+static-file .txt
+static-file .zip
+static-file .ogg
+static-file .mp3
+static-file .mp4
+static-file .exe
+static-file .iso
+static-file .gz
+static-file .rar
+static-file .svg
+static-file .bmp
+static-file .tar
+static-file .tgz
+static-file .tiff
+static-file .tif
+static-file .ttf
+static-file .flv
+#static-file .less
+#static-file .ac3
+#static-file .avi
+#static-file .bz2
+#static-file .class
+#static-file .cue
+#static-file .dae
+#static-file .dat
+#static-file .dts
+#static-file .ejs
+#static-file .eot
+#static-file .eps
+#static-file .img
+#static-file .jar
+#static-file .map
+#static-file .mid
+#static-file .midi
+#static-file .ogv
+#static-file .webm
+#static-file .mkv
+#static-file .odp
+#static-file .ods
+#static-file .odt
+#static-file .otf
+#static-file .pict
+#static-file .pls
+#static-file .ps
+#static-file .qt
+#static-file .rm
+#static-file .svgz
+#static-file .wav
+#static-file .webp
+
+