config = lib.mkMerge [
(lib.mkIf cfg.production.enable {
+ deployment.keys = ludivinecassal_prod.keys;
services.myWebsites.commons.stats.enable = true;
services.myWebsites.commons.stats.sites = [
{
};
})
(lib.mkIf cfg.integration.enable {
+ deployment.keys = ludivinecassal_dev.keys;
security.acme.certs."eldiron".extraDomains."ludivine.immae.eu" = null;
services.myPhpfpm.poolConfigs.ludivinecassal_dev = ludivinecassal_dev.phpFpm.pool;
ludivinecassal = { config }: rec {
environment = config.environment;
varDir = "/var/lib/ludivinecassal_${environment}";
- configRoot =
- writeText "parameters.yml" ''
+ keys."${environment}-ludivinecassal" = {
+ destDir = "/run/keys/webapps";
+ user = apache.user;
+ group = apache.group;
+ permissions = "0700";
+ text = ''
# This file is auto-generated during the composer install
parameters:
database_host: ${config.mysql.host}
sass: ${sass}/bin/sass
ruby: ${ruby}/bin/ruby
'';
+ };
phpFpm = rec {
socket = "/var/run/phpfpm/ludivinecassal-${environment}.sock";
pool = ''
php_admin_value[upload_max_filesize] = 20M
php_admin_value[post_max_size] = 20M
;php_admin_flag[log_errors] = on
- php_admin_value[open_basedir] = "${configRoot}:${webappDir}:${varDir}:/tmp"
+ php_admin_value[open_basedir] = "/run/keys/webapps/${environment}-ludivinecassal:${webappDir}:${varDir}:/tmp"
php_admin_value[session.save_path] = "${varDir}/phpSessions"
${if environment == "dev" then ''
pm = ondemand
noDev = (environment == "prod");
preInstall = ''
export SYMFONY_ENV="${environment}"
- ln -sf ${configRoot} app/config/parameters.yml
+ cp app/config/parameters.yml.dist app/config/parameters.yml
+ cat >> app/config/parameters.yml <<EOF
+ leapt_im:
+ binary_path: ${imagemagick}/bin
+ assetic:
+ sass: ${sass}/bin/sass
+ ruby: ${ruby}/bin/ruby
+ EOF
sed -i -e "/Incenteev..ParameterHandler..ScriptHandler::buildParameters/d" composer.json
'';
# /!\ miniatures and data need to be in the same physical dir due to a
postInstall = ''
rm -rf var/{logs,cache,data,miniatures,tmp}
ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/
+ ln -sf /run/keys/webapps/${environment}-ludivinecassal app/config/parameters.yml
'';
buildInputs = [ sass ];
});
config = lib.mkMerge [
(lib.mkIf cfg.production.enable {
+ deployment.keys = piedsjaloux_prod.keys;
services.myWebsites.commons.stats.enable = true;
services.myWebsites.commons.stats.sites = [
{
};
})
(lib.mkIf cfg.integration.enable {
+ deployment.keys = piedsjaloux_dev.keys;
security.acme.certs."eldiron".extraDomains."piedsjaloux.immae.eu" = null;
services.myPhpfpm.poolConfigs.piedsjaloux_dev = piedsjaloux_dev.phpFpm.pool;
system.activationScripts.piedsjaloux_dev = piedsjaloux_dev.activationScript;
piedsjaloux = { config }: rec {
environment = config.environment;
varDir = "/var/lib/piedsjaloux_${environment}";
- configRoot =
- writeText "parameters.yml" ''
+ keys."${environment}-piedsjaloux" = {
+ destDir = "/run/keys/webapps";
+ user = apache.user;
+ group = apache.group;
+ permissions = "0700";
+ text = ''
# This file is auto-generated during the composer install
parameters:
database_host: ${config.mysql.host}
leapt_im:
binary_path: ${imagemagick}/bin
'';
+ };
phpFpm = rec {
socket = "/var/run/phpfpm/piedsjaloux-${environment}.sock";
pool = ''
php_admin_value[upload_max_filesize] = 20M
php_admin_value[post_max_size] = 20M
;php_admin_flag[log_errors] = on
- php_admin_value[open_basedir] = "${configRoot}:${webappDir}:${varDir}:/tmp"
+ php_admin_value[open_basedir] = "/run/keys/webapps/${environment}-piedsjaloux:${webappDir}:${varDir}:/tmp"
php_admin_value[session.save_path] = "${varDir}/phpSessions"
env[PATH] = ${lib.makeBinPath [ pkgs.apg pkgs.unzip ]}
${if environment == "dev" then ''
postInstall = ''
cd $out
rm app/config/parameters.yml
- ln -sf ${configRoot} app/config/parameters.yml
+ ln -sf /run/keys/webapps/${environment}-piedsjaloux app/config/parameters.yml
rm -rf var/{logs,cache,data,miniatures,tmp}
ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/
'';
};
config = lib.mkIf cfg.integration.enable {
+ deployment.keys = tellesflorian_dev.keys;
security.acme.certs."eldiron".extraDomains."app.tellesflorian.com" = null;
services.myPhpfpm.poolConfigs.tellesflorian_dev = tellesflorian_dev.phpFpm.pool;
system.activationScripts.tellesflorian_dev = tellesflorian_dev.activationScript;
tellesflorian = { config }: rec {
environment = config.environment;
varDir = "/var/lib/tellesflorian_${environment}";
- configRoot =
- writeText "parameters.yml" ''
+ keys."${environment}-tellesflorian" = {
+ destDir = "/run/keys/webapps";
+ user = apache.user;
+ group = apache.group;
+ permissions = "0700";
+ text = ''
# This file is auto-generated during the composer install
parameters:
database_host: ${config.mysql.host}
mailer_password: null
secret: ${config.secret}
'';
+ };
phpFpm = rec {
socket = "/var/run/phpfpm/floriantelles-${environment}.sock";
pool = ''
php_admin_value[upload_max_filesize] = 20M
php_admin_value[post_max_size] = 20M
;php_admin_flag[log_errors] = on
- php_admin_value[open_basedir] = "${configRoot}:${webappDir}:${varDir}:/tmp"
+ php_admin_value[open_basedir] = "/run/keys/webapps/${environment}-tellesflorian:${webappDir}:${varDir}:/tmp"
php_admin_value[session.save_path] = "${varDir}/phpSessions"
${if environment == "dev" then ''
pm = ondemand
pm.max_spare_servers = 3
''}'';
};
- passwords = writeText "tellesflorian_passwords" ''
- invite:${config.invite_passwords}
+ keys."${environment}-tellesflorian-passwords" = {
+ destDir = "/run/keys/webapps";
+ user = apache.user;
+ group = apache.group;
+ permissions = "0700";
+ text = ''
+ invite:${config.invite_passwords}
'';
+ };
apache = rec {
user = "wwwrun";
group = "wwwrun";
Use LDAPConnect
Require ldap-group cn=app.tellesflorian.com,cn=httpd,ou=services,dc=immae,dc=eu
- AuthUserFile "${passwords}"
+ AuthUserFile "/run/keys/webapps/${environment}-tellesflorian-passwords"
Require user "invite"
ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://tellesflorian.com\"></html>"
postInstall = ''
cd $out
rm app/config/parameters.yml
- ln -sf ${configRoot} app/config/parameters.yml
+ ln -sf /run/keys/webapps/${environment}-tellesflorian app/config/parameters.yml
rm -rf var/{logs,cache}
ln -sf ${varDir}/var/{logs,cache,sessions} var/
'';
projects / perso / Immae / Config / Nix.git / commitdiff
