Add Aten website

diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix
index d76977c1f918f711c3309961e437f0d64298b36f..68eddf607446c5630f46ac13b9659271893c6377 100644 (file)
--- a/virtual/eldiron.nix
+++ b/virtual/eldiron.nix
@@ -107,7 +107,7 @@
           "sandetludo.immae.eu" = null;
           "cloud.immae.eu" = null;
           "ludivine.immae.eu" = null;
-          "ludivinecassal.com" = null;
+          "dev.aten.pro" = null;
         };
       };
       "ludivinecassal" = {
@@ -122,6 +122,18 @@
           "www.ludivinecassal.com" = null;
         };
       };
+      "aten" = {
+        webroot = "/var/lib/acme/acme-challenge";
+        email = "ismael@bouya.org";
+        domain = "aten.pro";
+        plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ];
+        postRun = ''
+          systemctl reload httpd.service
+        '';
+        extraDomains = {
+          "www.aten.pro" = null;
+        };
+      };
       # "connexionswing" = {
       #   webroot = "/var/lib/acme/acme-challenge";
       #   email = "ismael@bouya.org";
@@ -190,6 +202,8 @@
         connexionswing_prod = mypkgs.connexionswing_prod.phpFpm.pool;
         ludivinecassal_dev = mypkgs.ludivinecassal_dev.phpFpm.pool;
         ludivinecassal_prod = mypkgs.ludivinecassal_prod.phpFpm.pool;
+        aten_dev = mypkgs.aten_dev.phpFpm.pool;
+        aten_prod = mypkgs.aten_prod.phpFpm.pool;
         nextcloud = mypkgs.nextcloud.phpFpm.pool;
         mantisbt = mypkgs.mantisbt.phpFpm.pool;
       };
@@ -200,6 +214,8 @@
       connexionswing_prod = mypkgs.connexionswing_prod.activationScript;
       ludivinecassal_dev  = mypkgs.ludivinecassal_dev.activationScript;
       ludivinecassal_prod  = mypkgs.ludivinecassal_prod.activationScript;
+      aten_dev  = mypkgs.aten_dev.activationScript;
+      aten_prod = mypkgs.aten_prod.activationScript;
       nextcloud = mypkgs.nextcloud.activationScript;
       httpd = ''
         install -d -m 0755 /var/lib/acme/acme-challenge
@@ -325,6 +341,8 @@
         mypkgs.connexionswing_prod.apache.modules ++
         mypkgs.ludivinecassal_dev.apache.modules ++
         mypkgs.ludivinecassal_prod.apache.modules ++
+        mypkgs.aten_dev.apache.modules ++
+        mypkgs.aten_prod.apache.modules ++
         mypkgs.ympd.apache.modules ++
         mypkgs.git.web.apache.modules ++
         mypkgs.mantisbt.apache.modules ++
@@ -378,6 +396,21 @@
             mypkgs.ludivinecassal_prod.apache.vhostConf
           ];
         })
+        (withConf "eldiron" // {
+          hostName = "dev.aten.pro";
+          documentRoot = mypkgs.aten_dev.webRoot;
+          extraConfig = builtins.concatStringsSep "\n" [
+            mypkgs.aten_dev.apache.vhostConf
+          ];
+        })
+        (withConf "aten" // {
+          hostName = "aten.pro";
+          serverAliases = [ "www.aten.pro" ];
+          documentRoot = mypkgs.aten_prod.webRoot;
+          extraConfig = builtins.concatStringsSep "\n" [
+            mypkgs.aten_prod.apache.vhostConf
+          ];
+        })
         (withConf "eldiron" // {
           hostName = "cloud.immae.eu";
           documentRoot = mypkgs.nextcloud.webRoot;

diff --git a/virtual/packages.nix b/virtual/packages.nix
index 557bc6b12cc1f5250fd54d5a266ab4e114955cb0..60a333afb9df3b951a34ffbd6cc53e69a5d7bce8 100644 (file)
--- a/virtual/packages.nix
+++ b/virtual/packages.nix
@@ -2,6 +2,7 @@
 let
   connexionswing = callPackage ./packages/connexionswing.nix { inherit checkEnv fetchedGitPrivate; };
   ludivinecassal = callPackage ./packages/ludivinecassal.nix { inherit checkEnv fetchedGitPrivate; };
+  aten = callPackage ./packages/aten.nix { inherit checkEnv fetchedGitPrivate; };
   nextcloud = callPackage ./packages/nextcloud.nix { inherit checkEnv; };
   adminer = callPackage ./packages/adminer.nix {};
   ympd = callPackage ./packages/ympd.nix {};
@@ -15,6 +16,8 @@ in
     connexionswing_prod = connexionswing { environment = "prod"; };
     ludivinecassal_dev  = ludivinecassal { environment = "dev"; };
     ludivinecassal_prod = ludivinecassal { environment = "prod"; };
+    aten_dev  = aten { environment = "dev"; };
+    aten_prod = aten { environment = "prod"; };
     inherit nextcloud;
     inherit mantisbt;
     # FIXME: add buildbot

diff --git a/virtual/packages/aten.json b/virtual/packages/aten.json
new file mode 100644 (file)
index 0000000..53569b6
--- /dev/null
+++ b/virtual/packages/aten.json
@@ -0,0 +1,14 @@
+{
+  "tag": "b99537f-master",
+  "meta": {
+    "name": "aten",
+    "url": "gitolite@git.immae.eu:perso/Immae/Sites/Aten",
+    "branch": "master"
+  },
+  "git": {
+    "url": "gitolite@git.immae.eu:perso/Immae/Sites/Aten",
+    "rev": "b99537fdad41291afb4f1bb8b2e2aa4081c71fae",
+    "sha256": "15mlyik6zivxwry6zc906bqnivxhby27yr8kj4lg5n68pvb877dn",
+    "fetchSubmodules": true
+  }
+}

diff --git a/virtual/packages/aten.nix b/virtual/packages/aten.nix
new file mode 100644 (file)
index 0000000..016676f
--- /dev/null
+++ b/virtual/packages/aten.nix
@@ -0,0 +1,122 @@
+{ lib, checkEnv, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages, yarn }:
+let
+  aten = { environment ? "dev" }: rec {
+    varPrefix = "ATEN";
+    varDir = "/var/lib/aten_${environment}";
+    envName= lib.strings.toUpper environment;
+    phpFpm = rec {
+      socket = "/var/run/phpfpm/aten-${environment}.sock";
+      pool = ''
+        listen = ${socket}
+        user = ${apache.user}
+        group = ${apache.group}
+        listen.owner = ${apache.user}
+        listen.group = ${apache.group}
+        php_admin_value[upload_max_filesize] = 20M
+        php_admin_value[post_max_size] = 20M
+        ;php_admin_flag[log_errors] = on
+        php_admin_value[open_basedir] = "${webappDir}:${varDir}:/tmp"
+        ${if environment == "dev" then ''
+        pm = ondemand
+        pm.max_children = 5
+        pm.process_idle_timeout = 60
+        env[SYMFONY_DEBUG_MODE] = "yes"
+        '' else ''
+        pm = dynamic
+        pm.max_children = 20
+        pm.start_servers = 2
+        pm.min_spare_servers = 1
+        pm.max_spare_servers = 3
+        ''}'';
+    };
+    apache = {
+      user = "wwwrun";
+      group = "wwwrun";
+      modules = [ "proxy_fcgi" ];
+      vhostConf =
+        assert checkEnv "NIXOPS_${varPrefix}_${envName}_SECRET";
+        assert checkEnv "NIXOPS_${varPrefix}_${envName}_PSQL_URL";
+      ''
+      <FilesMatch "\.php$">
+        SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+      </FilesMatch>
+
+      SetEnv APP_ENV      "${environment}"
+      SetEnv APP_SECRET   "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_SECRET"}
+      SetEnv DATABASE_URL "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_PSQL_URL"}
+
+      ${if environment == "dev" then ''
+      <Location />
+        Use LDAPConnect
+        Require ldap-group   cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
+        ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
+      </Location>
+
+      <Location /backend>
+        Use LDAPConnect
+        Require ldap-group   cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
+        ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
+      </Location>
+      '' else ''
+      <Location /backend>
+        Use LDAPConnect
+        Require ldap-group   cn=aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
+        ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
+      </Location>
+      ''}
+
+      <Directory ${webRoot}>
+        Options Indexes FollowSymLinks MultiViews Includes
+        AllowOverride All
+        Require all granted
+        DirectoryIndex index.php
+        FallbackResource /index.php
+      </Directory>
+      '';
+    };
+    activationScript = {
+      deps = [ "wrappers" ];
+      text = ''
+      install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}
+      if [ ! -f "${varDir}/currentWebappDir" -o \
+          "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then
+        pushd ${webappDir} > /dev/null
+        $wrapperDir/sudo -u wwwrun APP_ENV=${environment} ./bin/console --env=${environment} cache:clear --no-warmup
+        popd > /dev/null
+        echo -n "${webappDir}" > ${varDir}/currentWebappDir
+      fi
+      '';
+    };
+    webappDir = stdenv.mkDerivation (fetchedGitPrivate ./aten.json // rec {
+      # FIXME: can we do better than symlink?
+      # FIXME: initial sync
+      # FIXME: backup
+      # FIXME: usage statistics
+      buildPhase = ''
+        export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
+        export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
+        export APP_ENV="${environment}"
+        export DATABASE_URL="${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_PSQL_URL"}"
+        export APP_SECRET="${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_SECRET"}"
+
+        ${if environment == "dev" then ''
+          composer install
+        '' else ''
+          SYMFONY_ENV=prod composer install --no-dev
+        ''}
+        yarn install
+        yarn run encore production
+        rm -rf var
+        ln -sf ../../../../../${varDir} var
+        '';
+      installPhase = ''
+        cp -a . $out
+        '';
+      buildInputs = [
+        php git cacert phpPackages.composer yarn
+      ];
+    });
+    webRoot = "${webappDir}/public";
+  };
+in
+  aten