];
};
- fileSystems."/var/lib/pub/immae/devtools" = {
- device = "/run/current-system/sw/bin/bindfs#/var/lib/ftp/devtools.immae.eu/";
- fsType = "fuse";
- options = [ "force-user=pub" "create-for-user=wwwrun" "create-for-group=wwwrun" ];
- };
environment.systemPackages = [ pkgs.bindfs ];
services.zrepl = {
apacheUser = config.services.httpd.Inte.user;
apacheGroup = config.services.httpd.Inte.group;
ccfg = config.myEnv.websites.chloe.integration;
- app = pkgs.callPackage ./app {
- inherit (ccfg) environment;
- inherit (pkgs.webapps) spip;
- varDir = "/var/lib/chloe_integration";
- };
+ webRoot = "/var/lib/ftp/immae/chloe";
+ varDir = "/var/lib/ftp/immae/chloe_var";
cfg = config.myServices.websites.chloe.integration;
in {
options.myServices.websites.chloe.integration.enable = lib.mkEnableOption "enable Chloe's website in integration";
permissions = "0400";
text = ''
SetEnv SPIP_CONFIG_DIR "${./config}"
- SetEnv SPIP_VAR_DIR "${app.varDir}"
- SetEnv SPIP_SITE "chloe-${app.environment}"
+ SetEnv SPIP_VAR_DIR "${varDir}"
+ SetEnv SPIP_SITE "chloe-dev"
SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu"
SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu"
SetEnv SPIP_LDAP_SEARCH_DN "${ccfg.ldap.dn}"
"php_admin_value[upload_max_filesize]" = "20M";
"php_admin_value[post_max_size]" = "20M";
# "php_admin_flag[log_errors]" = "on";
- "php_admin_value[open_basedir]" = "${app.spipConfig}:${./config}:${app}:${app.varDir}:/tmp";
- "php_admin_value[session.save_path]" = "${app.varDir}/phpSessions";
+ "php_admin_value[open_basedir]" = "${../../../../pkgs/webapps/spip/spip_mes_options.php}:${./config}:${webRoot}:${varDir}:/tmp";
+ "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
"pm" = "ondemand";
"pm.max_children" = "5";
"pm.process_idle_timeout" = "60";
system.activationScripts.chloe_integration = {
deps = [ "wrappers" ];
text = ''
- install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local
- install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions
+ install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${varDir} ${varDir}/IMG ${varDir}/tmp ${varDir}/local
+ install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${varDir}/phpSessions
'';
};
services.websites.env.integration.modules = [ "proxy_fcgi" ];
certName = "integration";
addToCerts = true;
hosts = ["chloe.immae.eu" ];
- root = app.webRoot;
+ root = webRoot;
extraConfig = [
''
Include ${config.secrets.fullPaths."websites/chloe/integration"}
SetHandler "proxy:unix:${config.services.phpfpm.pools.chloe_integration.socket}|fcgi://localhost"
</FilesMatch>
- <Directory ${app.webRoot}>
+ <Directory ${webRoot}>
DirectoryIndex index.php index.htm index.html
Options -Indexes +FollowSymLinks +MultiViews +Includes
- Include ${app.webRoot}/htaccess.txt
+ Include ${webRoot}/htaccess.txt
AllowOverride AuthConfig FileInfo Limit
Require all granted
</Directory>
- <DirectoryMatch "${app.webRoot}/squelettes">
+ <DirectoryMatch "${webRoot}/squelettes">
Require all denied
</DirectoryMatch>
{ lib, pkgs, config, ... }:
let
secrets = config.myEnv.websites.connexionswing.integration;
- app = pkgs.callPackage ./app {
- composerEnv = pkgs.composerEnv.override { php = pkgs.php72; };
- environment = secrets.environment;
- varDir = "/var/lib/connexionswing_integration";
- secretsPath = config.secrets.fullPaths."websites/connexionswing/integration";
- };
+ webRoot = "/var/lib/ftp/immae/connexionswing/web";
+ varDir = "/var/lib/ftp/immae/connexionswing_var";
cfg = config.myServices.websites.connexionswing.integration;
pcfg = config.services.phpApplication;
in {
websiteEnv = "integration";
httpdUser = config.services.httpd.Inte.user;
httpdGroup = config.services.httpd.Inte.group;
- inherit (app) webRoot varDir;
+ inherit webRoot varDir;
varDirPaths = {
"medias" = "0700";
"uploads" = "0700";
"var" = "0700";
};
- inherit app;
+ app = "/var/lib/ftp/immae/connexionswing";
serviceDeps = [ "mysql.service" ];
preStartActions = [
- "./bin/console --env=${app.environment} cache:clear --no-warmup"
+ "./bin/console --env=dev cache:clear --no-warmup"
];
phpOpenbasedir = [ "/tmp" "/run/wrappers/bin/sendmail" ];
phpPool = {
certName = "integration";
addToCerts = true;
hosts = ["connexionswing.immae.eu" "sandetludo.immae.eu" ];
- root = app.webRoot;
+ root = webRoot;
extraConfig = [
''
<FilesMatch "\.php$">
SetHandler "proxy:unix:${pcfg.phpListenPaths.connexionswing_integration}|fcgi://localhost"
</FilesMatch>
- <Directory ${app.varDir}/medias>
+ <Directory ${varDir}/medias>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
- <Directory ${app.varDir}/uploads>
+ <Directory ${varDir}/uploads>
Options FollowSymLinks
AllowOverride None
Require all granted
ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://connexionswing.com\"></html>"
</Location>
- <Directory ${app.webRoot}>
+ <Directory ${webRoot}>
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride None
Require all granted
let
adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; };
secrets = config.myEnv.websites.tellesflorian.integration;
- app = pkgs.callPackage ./app {
- composerEnv = pkgs.composerEnv.override { php = pkgs.php72; };
- environment = secrets.environment;
- varDir = "/var/lib/florian_app";
- secretsPath = config.secrets.fullPaths."websites/florian/app";
- };
+ webRoot = "/var/lib/ftp/immae/florian/web";
cfg = config.myServices.websites.florian.app;
pcfg = config.services.phpApplication;
in {
websiteEnv = "integration";
httpdUser = config.services.httpd.Inte.user;
httpdGroup = config.services.httpd.Inte.group;
- inherit (app) webRoot varDir;
+ inherit webRoot;
+ varDir = "/var/lib/ftp/immae/florian_var";
varDirPaths = {
"var" = "0700";
};
- inherit app;
+ app = "/var/lib/ftp/immae/florian";
serviceDeps = [ "mysql.service" ];
preStartActions = [
- "./bin/console --env=${app.environment} cache:clear --no-warmup"
+ "./bin/console --env=dev cache:clear --no-warmup"
];
phpOpenbasedir = [ "/tmp" ];
phpPool = {
certName = "integration";
addToCerts = true;
hosts = [ "app.tellesflorian.com" ];
- root = app.webRoot;
+ root = webRoot;
extraConfig = [
''
<FilesMatch "\.php$">
ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://tellesflorian.com\"></html>"
</Location>
- <Directory ${app.webRoot}>
+ <Directory ${webRoot}>
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride None
Require all granted
{ lib, pkgs, config, ... }:
let
secrets = config.myEnv.websites.isabelle.aten_integration;
- app = pkgs.callPackage ./aten_app {
- composerEnv = pkgs.composerEnv.override { php = pkgs.php72; };
- environment = secrets.environment;
- varDir = "/var/lib/isabelle_aten_integration";
- };
+ webRoot = "/var/lib/ftp/immae/aten/public";
cfg = config.myServices.websites.isabelle.aten_integration;
pcfg = config.services.phpApplication;
in {
httpdWatchFiles = [
config.secrets.fullPaths."websites/isabelle/aten_integration"
];
- inherit (app) webRoot varDir;
- inherit app;
+ inherit webRoot;
+ varDir = "/var/lib/ftp/immae/aten_var";
+ app = "/var/lib/ftp/immae/aten";
serviceDeps = [ "postgresql.service" ];
preStartActions = [
- "APP_ENV=${app.environment} ./bin/console --env=${app.environment} cache:clear --no-warmup"
+ "APP_ENV=dev ./bin/console --env=dev cache:clear --no-warmup"
];
phpOpenbasedir = [ "/tmp" ];
phpPool = {
# vendor/doctrine/dbal/lib/Doctrine/DBAL/DriverManager.php#parseDatabaseUrlQuery
psql_url = with secrets.postgresql; "pdo-pgsql://${user}:${password}@invalid:${port}/${database}?host=${socket}";
in ''
- SetEnv APP_ENV "${app.environment}"
+ SetEnv APP_ENV "dev"
SetEnv APP_SECRET "${secrets.secret}"
SetEnv DATABASE_URL "${psql_url}"
'';
certName = "integration";
addToCerts = true;
hosts = [ "dev.aten.pro" ];
- root = app.webRoot;
+ root = webRoot;
extraConfig = [
''
<FilesMatch "\.php$">
ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
</Location>
- <Directory ${app.webRoot}>
+ <Directory ${webRoot}>
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride All
Require all granted
{ lib, pkgs, config, ... }:
let
secrets = config.myEnv.websites.ludivine.integration;
- app = pkgs.callPackage ./app {
- composerEnv = pkgs.composerEnv.override { php = pkgs.php72; };
- environment = secrets.environment;
- varDir = "/var/lib/ludivine_integration";
- secretsPath = config.secrets.fullPaths."websites/ludivine/integration";
- };
cfg = config.myServices.websites.ludivine.integration;
pcfg = config.services.phpApplication;
+ webRoot = "/var/lib/ftp/immae/ludivine/web";
in {
options.myServices.websites.ludivine.integration.enable = lib.mkEnableOption "enable Ludivine's website in integration";
websiteEnv = "integration";
httpdUser = config.services.httpd.Inte.user;
httpdGroup = config.services.httpd.Inte.group;
- inherit (app) webRoot varDir;
+ inherit webRoot;
+ varDir = "/var/lib/ftp/immae/ludivine_var";
+ app = "/var/lib/ftp/immae/ludivine";
varDirPaths = {
"tmp" = "0700";
};
- inherit app;
serviceDeps = [ "mysql.service" ];
preStartActions = [
- "./bin/console --env=${app.environment} cache:clear --no-warmup"
+ "./bin/console --env=dev cache:clear --no-warmup"
];
phpOpenbasedir = [ "/tmp" ];
phpPool = {
certName = "integration";
addToCerts = true;
hosts = [ "ludivine.immae.eu" ];
- root = app.webRoot;
+ root = webRoot;
extraConfig = [
''
<FilesMatch "\.php$">
ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://ludivinecassal.com\"></html>"
</Location>
- <Directory ${app.webRoot}>
+ <Directory ${webRoot}>
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride None
Require all granted
{ lib, pkgs, config, ... }:
let
secrets = config.myEnv.websites.piedsjaloux.integration;
- app = pkgs.callPackage ./app {
- composerEnv = pkgs.composerEnv.override { php = pkgs.php72; };
- environment = secrets.environment;
- varDir = "/var/lib/piedsjaloux_integration";
- secretsPath = config.secrets.fullPaths."websites/piedsjaloux/integration";
- };
+ webRoot = "/var/lib/ftp/immae/piedsjaloux/web";
cfg = config.myServices.websites.piedsjaloux.integration;
pcfg = config.services.phpApplication;
texlive = pkgs.texlive.combine { inherit (pkgs.texlive) attachfile preprint scheme-small; };
websiteEnv = "integration";
httpdUser = config.services.httpd.Inte.user;
httpdGroup = config.services.httpd.Inte.group;
- inherit (app) webRoot varDir;
+ inherit webRoot;
+ varDir = "/var/lib/ftp/immae/piedsjaloux_var";
varDirPaths = {
"tmp" = "0700";
};
- inherit app;
+ app = "/var/lib/ftp/immae/piedsjaloux";
serviceDeps = [ "mysql.service" ];
preStartActions = [
- "./bin/console --env=${app.environment} cache:clear --no-warmup"
+ "./bin/console --env=dev cache:clear --no-warmup"
];
phpOpenbasedir = [ "/tmp" ];
phpPool = {
SYMFONY_DEBUG_MODE = "\"yes\"";
};
phpWatchFiles = [
- app.secretsPath
+ config.secrets.fullPaths."websites/piedsjaloux/integration"
];
phpPackage = pkgs.php72;
};
certName = "integration";
addToCerts = true;
hosts = [ "piedsjaloux.immae.eu" ];
- root = app.webRoot;
+ root = webRoot;
extraConfig = [
''
<FilesMatch "\.php$">
ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://piedsjaloux.fr\"></html>"
</Location>
- <Directory ${app.webRoot}>
+ <Directory ${webRoot}>
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride None
Require all granted
certMainHost = "devtools.immae.eu";
addToCerts = true;
hosts = [ "devtools.immae.eu" ];
- root = "/var/lib/ftp/devtools.immae.eu";
+ root = "/var/lib/ftp/immae/devtools";
extraConfig = [
''
- Use Apaxy "/var/lib/ftp/devtools.immae.eu" "title"
+ Use Apaxy "/var/lib/ftp/immae/devtools" "title"
Timeout 600
ProxyTimeout 600
Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
- <Directory "/var/lib/ftp/devtools.immae.eu">
+ <Directory "/var/lib/ftp/immae/devtools">
DirectoryIndex index.php index.htm index.html
AllowOverride all
Require all granted
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "10";
- "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
+ "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
};
phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
};
projects / perso / Immae / Config / Nix.git / commitdiff
