-{ stdenv, lib, fetchzip, fetchurl, fetchedGitPrivate, sassc }:
-let
- chloe = { config }: rec {
- environment = config.environment;
- phpFpm = rec {
- serviceDeps = [ "mysql.service" ];
- socket = "/var/run/phpfpm/chloe-${environment}.sock";
- pool = ''
- listen = ${socket}
- user = ${apache.user}
- group = ${apache.group}
- listen.owner = ${apache.user}
- listen.group = ${apache.group}
- php_admin_value[upload_max_filesize] = 20M
- php_admin_value[post_max_size] = 20M
- ;php_admin_flag[log_errors] = on
- php_admin_value[open_basedir] = "${../commons/spip/spip_mes_options.php}:${configDir}:${webRoot}:${varDir}:/tmp"
- php_admin_value[session.save_path] = "${varDir}/phpSessions"
- ${if environment == "dev" then ''
- pm = ondemand
- pm.max_children = 5
- pm.process_idle_timeout = 60
- '' else ''
- pm = dynamic
- pm.max_children = 20
- pm.start_servers = 2
- pm.min_spare_servers = 1
- pm.max_spare_servers = 3
- ''}'';
- };
- keys = [{
- dest = "webapps/${environment}-chloe";
- user = apache.user;
- group = apache.group;
- permissions = "0400";
- text = ''
- SetEnv SPIP_CONFIG_DIR "${configDir}"
- SetEnv SPIP_VAR_DIR "${varDir}"
- SetEnv SPIP_SITE "chloe-${environment}"
- SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu"
- SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu"
- SetEnv SPIP_LDAP_SEARCH_DN "${config.ldap.dn}"
- SetEnv SPIP_LDAP_SEARCH_PW "${config.ldap.password}"
- SetEnv SPIP_LDAP_SEARCH "${config.ldap.search}"
- SetEnv SPIP_MYSQL_HOST "${config.mysql.host}"
- SetEnv SPIP_MYSQL_PORT "${config.mysql.port}"
- SetEnv SPIP_MYSQL_DB "${config.mysql.name}"
- SetEnv SPIP_MYSQL_USER "${config.mysql.user}"
- SetEnv SPIP_MYSQL_PASSWORD "${config.mysql.password}"
- '';
- }];
- apache = rec {
- user = "wwwrun";
- group = "wwwrun";
- modules = [ "proxy_fcgi" ];
- webappName = "chloe_${environment}";
- root = "/run/current-system/webapps/${webappName}";
- vhostConf = ''
- Include /var/secrets/webapps/${environment}-chloe
+{ chloe, config }:
+rec {
+ app = chloe.override { inherit (config) environment; };
+ phpFpm = rec {
+ serviceDeps = [ "mysql.service" ];
+ socket = "/var/run/phpfpm/chloe-${app.environment}.sock";
+ pool = ''
+ listen = ${socket}
+ user = ${apache.user}
+ group = ${apache.group}
+ listen.owner = ${apache.user}
+ listen.group = ${apache.group}
+ php_admin_value[upload_max_filesize] = 20M
+ php_admin_value[post_max_size] = 20M
+ ;php_admin_flag[log_errors] = on
+ php_admin_value[open_basedir] = "${app.spipConfig}:${configDir}:${app}:${app.varDir}:/tmp"
+ php_admin_value[session.save_path] = "${app.varDir}/phpSessions"
+ ${if app.environment == "dev" then ''
+ pm = ondemand
+ pm.max_children = 5
+ pm.process_idle_timeout = 60
+ '' else ''
+ pm = dynamic
+ pm.max_children = 20
+ pm.start_servers = 2
+ pm.min_spare_servers = 1
+ pm.max_spare_servers = 3
+ ''}'';
+ };
+ keys = [{
+ dest = "webapps/${app.environment}-chloe";
+ user = apache.user;
+ group = apache.group;
+ permissions = "0400";
+ text = ''
+ SetEnv SPIP_CONFIG_DIR "${configDir}"
+ SetEnv SPIP_VAR_DIR "${app.varDir}"
+ SetEnv SPIP_SITE "chloe-${app.environment}"
+ SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu"
+ SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu"
+ SetEnv SPIP_LDAP_SEARCH_DN "${config.ldap.dn}"
+ SetEnv SPIP_LDAP_SEARCH_PW "${config.ldap.password}"
+ SetEnv SPIP_LDAP_SEARCH "${config.ldap.search}"
+ SetEnv SPIP_MYSQL_HOST "${config.mysql.host}"
+ SetEnv SPIP_MYSQL_PORT "${config.mysql.port}"
+ SetEnv SPIP_MYSQL_DB "${config.mysql.name}"
+ SetEnv SPIP_MYSQL_USER "${config.mysql.user}"
+ SetEnv SPIP_MYSQL_PASSWORD "${config.mysql.password}"
+ '';
+ }];
+ apache = rec {
+ user = "wwwrun";
+ group = "wwwrun";
+ modules = [ "proxy_fcgi" ];
+ webappName = "chloe_${app.environment}";
+ root = "/run/current-system/webapps/${webappName}";
+ vhostConf = ''
+ Include /var/secrets/webapps/${app.environment}-chloe
- RewriteEngine On
- ${if environment == "prod" then ''
- RewriteRule ^/news.rss /spip.php?page=backend&id_rubrique=1
- '' else ""}
+ RewriteEngine On
+ ${if app.environment == "prod" then ''
+ RewriteRule ^/news.rss /spip.php?page=backend&id_rubrique=1
+ '' else ""}
- <FilesMatch "\.php$">
- SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
- </FilesMatch>
+ <FilesMatch "\.php$">
+ SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+ </FilesMatch>
- <Directory ${root}>
- DirectoryIndex index.php index.htm index.html
- Options -Indexes +FollowSymLinks +MultiViews +Includes
- Include ${root}/htaccess.txt
+ <Directory ${root}>
+ DirectoryIndex index.php index.htm index.html
+ Options -Indexes +FollowSymLinks +MultiViews +Includes
+ Include ${root}/htaccess.txt
- AllowOverride AuthConfig FileInfo Limit
- Require all granted
- </Directory>
+ AllowOverride AuthConfig FileInfo Limit
+ Require all granted
+ </Directory>
- <DirectoryMatch "${root}/squelettes">
- Require all denied
- </DirectoryMatch>
+ <DirectoryMatch "${root}/squelettes">
+ Require all denied
+ </DirectoryMatch>
- <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$">
- Require all denied
- </FilesMatch>
+ <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$">
+ Require all denied
+ </FilesMatch>
- ${if environment == "dev" then ''
- <Location />
- Use LDAPConnect
- Require ldap-group cn=chloe.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
- ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://osteopathe-cc.fr\"></html>"
- </Location>
- '' else ''
- Use Stats osteopathe-cc.fr
- ''}
- '';
- };
- activationScript = {
- deps = [ "wrappers" ];
- text = ''
- install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} ${varDir}/IMG ${varDir}/tmp ${varDir}/local
- install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
- '';
- };
- configDir = ./chloe_config_ + environment;
- varDir = "/var/lib/chloe_${environment}";
- siteDir = stdenv.mkDerivation (fetchedGitPrivate ./chloe.json // rec {
- buildPhase = ''
- make
- '';
- installPhase = ''
- cp -a . $out
- '';
- buildInputs = [ sassc ];
- });
- webRoot = stdenv.mkDerivation rec {
- name = "chloe-${environment}-spip-${version}";
- version = "3.2.3";
- src = fetchzip {
- url = "https://files.spip.net/spip/archives/SPIP-v${version}.zip";
- sha256 = "1r1mjvsnrp6mvkgjakvi3x4ms8m8k5mp93micbbg8r99fj7qlfkq";
- };
- paches = [ ../commons/spip/spip_ldap_patch.patch ];
- buildPhase = ''
- rm -rf IMG local tmp config/remove.txt
- ln -sf ${../commons/spip/spip_mes_options.php} config/mes_options.php
- echo "Require all denied" > "config/.htaccess"
- ln -sf ${varDir}/{IMG,local} .
+ ${if app.environment == "dev" then ''
+ <Location />
+ Use LDAPConnect
+ Require ldap-group cn=chloe.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
+ ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://osteopathe-cc.fr\"></html>"
+ </Location>
+ '' else ''
+ Use Stats osteopathe-cc.fr
+ ''}
'';
- installPhase = ''
- cp -a . $out
- cp -a ${siteDir}/* $out
- '';
- };
};
-in
- chloe
+ activationScript = {
+ deps = [ "wrappers" ];
+ text = ''
+ install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local
+ install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions
+ '';
+ };
+ configDir = ./chloe_config_ + app.environment;
+}
{ lib, pkgs, config, myconfig, mylibs, ... }:
let
- chloe = pkgs.callPackage ./chloe.nix { inherit (mylibs) fetchedGitPrivate; };
- chloe_dev = chloe {
- config = myconfig.env.websites.chloe.integration;
- };
- chloe_prod = chloe {
- config = myconfig.env.websites.chloe.production;
- };
+ chloe_dev = pkgs.callPackage ./chloe.nix {
+ inherit (pkgs.private.webapps) chloe;
+ config = myconfig.env.websites.chloe.integration;
+ };
+ chloe_prod = pkgs.callPackage ./chloe.nix {
+ inherit (pkgs.private.webapps) chloe;
+ config = myconfig.env.websites.chloe.production;
+ };
- cfg = config.services.myWebsites.Chloe;
+ cfg = config.services.myWebsites.Chloe;
in {
options.services.myWebsites.Chloe = {
production = {
system.activationScripts.chloe_prod = chloe_prod.activationScript;
system.extraSystemBuilderCmds = ''
mkdir -p $out/webapps
- ln -s ${chloe_prod.webRoot} $out/webapps/${chloe_prod.apache.webappName}
+ ln -s ${chloe_prod.app.webRoot} $out/webapps/${chloe_prod.apache.webappName}
'';
services.myWebsites.production.modules = chloe_prod.apache.modules;
services.myWebsites.production.vhostConfs.chloe = {
system.activationScripts.chloe_dev = chloe_dev.activationScript;
system.extraSystemBuilderCmds = ''
mkdir -p $out/webapps
- ln -s ${chloe_dev.webRoot} $out/webapps/${chloe_dev.apache.webappName}
+ ln -s ${chloe_dev.app.webRoot} $out/webapps/${chloe_dev.apache.webappName}
'';
services.myWebsites.integration.modules = chloe_dev.apache.modules;
services.myWebsites.integration.vhostConfs.chloe = {
projects / perso / Immae / Config / Nix.git / commitdiff
