"ludivine.immae.eu" = null;
"dev.aten.pro" = null;
"piedsjaloux.immae.eu" = null;
+ "chloe.immae.eu" = null;
};
};
"ludivinecassal" = {
ludivinecassal_prod = mypkgs.ludivinecassal_prod.phpFpm.pool;
piedsjaloux_dev = mypkgs.piedsjaloux_dev.phpFpm.pool;
piedsjaloux_prod = mypkgs.piedsjaloux_prod.phpFpm.pool;
+ chloe_dev = mypkgs.chloe_dev.phpFpm.pool;
+ chloe_prod = mypkgs.chloe_prod.phpFpm.pool;
aten_dev = mypkgs.aten_dev.phpFpm.pool;
aten_prod = mypkgs.aten_prod.phpFpm.pool;
nextcloud = mypkgs.nextcloud.phpFpm.pool;
ludivinecassal_prod = mypkgs.ludivinecassal_prod.activationScript;
piedsjaloux_dev = mypkgs.piedsjaloux_dev.activationScript;
piedsjaloux_prod = mypkgs.piedsjaloux_prod.activationScript;
+ chloe_dev = mypkgs.chloe_dev.activationScript;
+ chloe_prod = mypkgs.chloe_prod.activationScript;
aten_dev = mypkgs.aten_dev.activationScript;
aten_prod = mypkgs.aten_prod.activationScript;
nextcloud = mypkgs.nextcloud.activationScript;
mypkgs.ludivinecassal_prod.apache.modules ++
mypkgs.piedsjaloux_dev.apache.modules ++
mypkgs.piedsjaloux_prod.apache.modules ++
+ mypkgs.chloe_dev.apache.modules ++
+ mypkgs.chloe_prod.apache.modules ++
mypkgs.aten_dev.apache.modules ++
mypkgs.aten_prod.apache.modules ++
mypkgs.ympd.apache.modules ++
mypkgs.piedsjaloux_prod.apache.vhostConf
];
})
+ (withConf "eldiron" // {
+ hostName = "chloe.immae.eu";
+ documentRoot = mypkgs.chloe_dev.webRoot;
+ extraConfig = builtins.concatStringsSep "\n" [
+ mypkgs.chloe_dev.apache.vhostConf
+ ];
+ })
+ (withConf "eldiron" // {
+ hostName = "osteopathe-cc.fr";
+ serverAliases = [ "www.osteopathe-cc.fr" ];
+ documentRoot = mypkgs.chloe_prod.webRoot;
+ extraConfig = builtins.concatStringsSep "\n" [
+ mypkgs.chloe_prod.apache.vhostConf
+ ];
+ })
(withConf "eldiron" // {
hostName = "dev.aten.pro";
documentRoot = mypkgs.aten_dev.webRoot;
ludivinecassal = callPackage ./packages/ludivinecassal.nix { inherit checkEnv fetchedGitPrivate; };
piedsjaloux = callPackage ./packages/piedsjaloux.nix { inherit checkEnv fetchedGitPrivate; };
aten = callPackage ./packages/aten.nix { inherit checkEnv fetchedGitPrivate; };
+ chloe = callPackage ./packages/chloe.nix { inherit checkEnv fetchedGitPrivate; };
nextcloud = callPackage ./packages/nextcloud.nix { inherit checkEnv; };
adminer = callPackage ./packages/adminer.nix {};
ympd = callPackage ./packages/ympd.nix {};
aten_prod = aten { environment = "prod"; };
piedsjaloux_dev = piedsjaloux { environment = "dev"; };
piedsjaloux_prod = piedsjaloux { environment = "prod"; };
+ chloe_dev = chloe { environment = "dev"; };
+ chloe_prod = chloe { environment = "prod"; };
inherit nextcloud;
inherit mantisbt;
# FIXME: add buildbot
--- /dev/null
+{
+ "tag": "1a2ef9a-master",
+ "meta": {
+ "name": "chloe",
+ "url": "gitolite@git.immae.eu:perso/Immae/Sites/Chloe",
+ "branch": "master"
+ },
+ "git": {
+ "url": "gitolite@git.immae.eu:perso/Immae/Sites/Chloe",
+ "rev": "1a2ef9acee91792e8096854919f0a2f005a3f481",
+ "sha256": "1h10d2bgvpkm7yi7sbshfi3h50fx202jgnfwiarq5wm947f9phrn",
+ "fetchSubmodules": true
+ }
+}
--- /dev/null
+{ stdenv, lib, checkEnv, fetchzip, fetchurl, fetchedGitPrivate, sassc }:
+let
+ chloe = { environment ? "dev" }: rec {
+ varPrefix = "CHLOE";
+ envName= lib.strings.toUpper environment;
+ phpFpm = rec {
+ socket = "/var/run/phpfpm/chloe-${environment}.sock";
+ pool =
+ assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD";
+ assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER";
+ assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_DB";
+ assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_DN";
+ assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_PASSWORD";
+ assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH";
+ ''
+ listen = ${socket}
+ user = ${apache.user}
+ group = ${apache.group}
+ listen.owner = ${apache.user}
+ listen.group = ${apache.group}
+ php_admin_value[upload_max_filesize] = 20M
+ php_admin_value[post_max_size] = 20M
+ ;php_admin_flag[log_errors] = on
+ php_admin_value[open_basedir] = "${./spip_mes_options.php}:${configDir}:${webRoot}:${varDir}:/tmp"
+ env[SPIP_CONFIG_DIR] = "${configDir}"
+ env[SPIP_LDAP_BASE] = "dc=immae,dc=eu"
+ env[SPIP_LDAP_HOST] = "ldaps://ldap.immae.eu"
+ env[SPIP_LDAP_SEARCH_DN] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_DN"}"
+ env[SPIP_LDAP_SEARCH_PW] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_PASSWORD"}"
+ env[SPIP_LDAP_SEARCH] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH"}"
+ env[SPIP_MYSQL_HOST] = "db-1.immae.eu"
+ env[SPIP_MYSQL_DB] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_DB"}"
+ env[SPIP_MYSQL_USER] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"}"
+ env[SPIP_MYSQL_PASSWORD] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"}"
+ ${if environment == "dev" then ''
+ pm = ondemand
+ pm.max_children = 5
+ pm.process_idle_timeout = 60
+ '' else ''
+ pm = dynamic
+ pm.max_children = 20
+ pm.start_servers = 2
+ pm.min_spare_servers = 1
+ pm.max_spare_servers = 3
+ ''}'';
+ };
+ apache = {
+ user = "wwwrun";
+ group = "wwwrun";
+ modules = [ "proxy_fcgi" ];
+ vhostConf = ''
+ RewriteEngine On
+ ${if environment == "prod" then ''
+ RewriteRule ^/news.rss /spip.php?page=backend&id_rubrique=1
+ '' else ""}
+
+ <FilesMatch "\.php$">
+ SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+ </FilesMatch>
+
+ <Directory ${webRoot}>
+ DirectoryIndex index.php index.htm index.html
+ Options -Indexes +FollowSymLinks +MultiViews +Includes
+ Include ${webRoot}/htaccess.txt
+
+ AllowOverride AuthConfig FileInfo Limit
+ Require all granted
+ </Directory>
+
+ <DirectoryMatch "${varDir}/tmp">
+ Require all denied
+ </DirectoryMatch>
+
+ <DirectoryMatch "${webRoot}/squelettes">
+ Require all denied
+ </DirectoryMatch>
+
+ <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$">
+ Require all denied
+ </FilesMatch>
+
+ ${if environment == "dev" then ''
+ <Location />
+ Use LDAPConnect
+ Require ldap-group cn=chloe.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
+ ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://osteopathe-cc.fr\"></html>"
+ </Location>
+ '' else ""}
+ '';
+ };
+ activationScript = {
+ deps = [ "wrappers" ];
+ text = ''
+ install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} ${varDir}/tmp ${varDir}/local
+ '';
+ };
+ configDir = ./chloe_config;
+ varDir = "/var/lib/chloe_${environment}";
+ siteDir = stdenv.mkDerivation (fetchedGitPrivate ./chloe.json // rec {
+ buildPhase = ''
+ make
+ '';
+ installPhase = ''
+ cp -a . $out
+ '';
+ buildInputs = [ sassc ];
+ });
+ webRoot = stdenv.mkDerivation rec {
+ name = "spip-${version}";
+ version = "3.2";
+ src = fetchzip {
+ url = "http://files.spip.org/spip/stable/${name}.zip";
+ sha256 = "0cacpxs9nv61i3hzd3nbmplq4mp22s886llhacp3n4923jd6snx5";
+ };
+ paches = [ ./spip_ldap_patch.patch ];
+ buildPhase = ''
+ rm -rf IMG local tmp config/remove.txt
+ ln -sf ${./spip_mes_options.php} config/mes_options.php
+ echo "Require all denied" > "config/.htaccess"
+ ln -sf ../../../../../${varDir}/{IMG,local,tmp} .
+ '';
+ installPhase = ''
+ cp -a . $out
+ cp -a ${siteDir}/* $out
+ '';
+ };
+ };
+in
+ chloe
--- /dev/null
+<?php
+if (!defined("_ECRIRE_INC_VERSION")) return;
+if (!defined('_SPIP_CHMOD')) define('_SPIP_CHMOD', 0777);
+?>
\ No newline at end of file
--- /dev/null
+<?php
+if (!defined("_ECRIRE_INC_VERSION")) return;
+define('_MYSQL_SET_SQL_MODE',true);
+$GLOBALS['spip_connect_version'] = 0.7;
+spip_connect_db(getenv("SPIP_MYSQL_HOST"),'',getenv("SPIP_MYSQL_USER"),getenv("SPIP_MYSQL_PASSWORD"),getenv("SPIP_MYSQL_DB"),'mysql', 'spip','ldap.php');
+?>
--- /dev/null
+<?php
+if (!defined("_ECRIRE_INC_VERSION")) return;
+$GLOBALS['ldap_base'] = getenv("SPIP_LDAP_BASE");
+$GLOBALS['ldap_link'] = @ldap_connect(getenv("SPIP_LDAP_HOST"));
+@ldap_set_option($GLOBALS['ldap_link'],LDAP_OPT_PROTOCOL_VERSION,'3');
+@ldap_bind($GLOBALS['ldap_link'],getenv("SPIP_LDAP_SEARCH_DN"), getenv("SPIP_LDAP_SEARCH_PW"));
+$GLOBALS['ldap_champs'] = array('login' => array('sAMAccountName','uid','login','userid','cn','sn'),'nom' => 'cn','email' => 'mail','bio' => 'description',);
+$GLOBALS['ldap_search'] = getenv("SPIP_LDAP_SEARCH");
+?>
--- /dev/null
+--- old/ecrire/auth/ldap.php 2017-06-08 21:58:17.000000000 +0200
++++ new/ecrire/auth/ldap.php 2017-06-10 02:54:02.687954143 +0200
+@@ -171,24 +171,41 @@
+ $desc = isset($ldap['attributes']) && $ldap['attributes'] ? $ldap['attributes'] : $GLOBALS['ldap_attributes'] ;
+
+ $logins = is_array($desc['login']) ? $desc['login'] : array($desc['login']);
++ if (isset($GLOBALS['ldap_search'])) {
++ $search_query = str_replace("%user%", $login_search, $GLOBALS['ldap_search']);
++ $result = @ldap_search($ldap_link, $ldap_base, $search_query, array("dn"));
++ $info = @ldap_get_entries($ldap_link, $result);
++ // Ne pas accepter les resultats si plus d'une entree
++ // (on veut un attribut unique)
+
+- // Tenter une recherche pour essayer de retrouver le DN
+- foreach ($logins as $att) {
+- $result = @ldap_search($ldap_link, $ldap_base, "$att=$login_search", array("dn"));
+- $info = @ldap_get_entries($ldap_link, $result);
+- // Ne pas accepter les resultats si plus d'une entree
+- // (on veut un attribut unique)
++ if (is_array($info) and $info['count'] == 1) {
++ $dn = $info[0]['dn'];
++ if (!$checkpass) {
++ return $dn;
++ }
++ if (@ldap_bind($ldap_link, $dn, $pass)) {
++ return $dn;
++ }
++ }
++ } else {
++ // Tenter une recherche pour essayer de retrouver le DN
++ foreach ($logins as $att) {
++ $result = @ldap_search($ldap_link, $ldap_base, "$att=$login_search", array("dn"));
++ $info = @ldap_get_entries($ldap_link, $result);
++ // Ne pas accepter les resultats si plus d'une entree
++ // (on veut un attribut unique)
+
+- if (is_array($info) and $info['count'] == 1) {
+- $dn = $info[0]['dn'];
+- if (!$checkpass) {
+- return $dn;
+- }
+- if (@ldap_bind($ldap_link, $dn, $pass)) {
+- return $dn;
+- }
+- }
+- }
++ if (is_array($info) and $info['count'] == 1) {
++ $dn = $info[0]['dn'];
++ if (!$checkpass) {
++ return $dn;
++ }
++ if (@ldap_bind($ldap_link, $dn, $pass)) {
++ return $dn;
++ }
++ }
++ }
++ }
+
+ if ($checkpass and !isset($dn)) {
+ // Si echec, essayer de deviner le DN
--- /dev/null
+<?php // /!\ Important: There must be no blank space before <?php or after ?>
+// This file was inspired from the spip contrib website
+// http://www.spip.net/fr_article3811.html
+
+$config_dir = getenv('SPIP_CONFIG_DIR') . '/';
+
+$cookie_prefix = str_replace('.', '_', $site);
+$table_prefix = 'spip';
+
+spip_initialisation(
+ $config_dir,
+ _DIR_RACINE . _NOM_PERMANENTS_ACCESSIBLES,
+ _DIR_RACINE . _NOM_TEMPORAIRES_INACCESSIBLES,
+ _DIR_RACINE . _NOM_TEMPORAIRES_ACCESSIBLES
+);
+
+?>