--- /dev/null
+{ lib, config, pkgs, ... }:
+let
+ cfg = config.myServices.websites.emilia.richie_production;
+ vardir = "/var/lib/richie_production";
+ richieSrc = pkgs.stdenv.mkDerivation (pkgs.mylibs.fetchedGitPrivate ./richie.json // {
+ phases = "installPhase";
+ installPhase = ''
+ cp -a $src $out
+ chmod -R u+w $out
+ ln -sf ${vardir}/files $out/
+ ln -sf ${vardir}/drapeaux $out/images/
+ ln -sf ${vardir}/photos $out/
+ sed -i "s@localedef --list-archive@localedef --list-archive /run/current-system/sw/lib/locale/locale-archive@" $out/admin/parametres.php
+ '';
+ });
+in
+{
+ options.myServices.websites.emilia.richie_production.enable = lib.mkEnableOption "enable Richie's website";
+ config = lib.mkIf cfg.enable {
+ services.duplyBackup.profiles.richie_production.rootDir = vardir;
+ services.webstats.sites = [ { name = "europe-richie.org"; } ];
+
+ secrets.keys = [{
+ dest = "webapps/prod-richie";
+ user = "wwwrun";
+ group = "wwwrun";
+ permissions = "0400";
+ text = with config.myEnv.websites.richie; ''
+ <?php
+
+ $hote_sql = '${mysql.host}';
+ $login_sql = '${mysql.user}';
+ $bdd_sql = '${mysql.database}';
+ $mdp_sql = '${mysql.password}';
+
+ $db = mysqli_connect($hote_sql,$login_sql,$mdp_sql);
+ unset($mdp_sql);
+
+ $smtp_mailer->Auth('${smtp_mailer.user}', '${smtp_mailer.password}');
+ ?>
+ '';
+ }];
+ myServices.websites.webappDirs.richie_production = richieSrc;
+ system.activationScripts.richie_production = {
+ deps = [ "httpd" ];
+ text = ''
+ install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/richie_production
+ install -m 0755 -o wwwrun -g wwwrun -d ${vardir}
+ '';
+ };
+ services.phpfpm.pools.richie_production = {
+ listen = "/run/phpfpm/richie_production.sock";
+ extraConfig = ''
+ user = wwwrun
+ group = wwwrun
+ listen.owner = wwwrun
+ listen.group = wwwrun
+
+ pm = ondemand
+ pm.max_children = 5
+ pm.process_idle_timeout = 60
+
+ env[PATH] = /run/current-system/sw/bin:${lib.makeBinPath [ pkgs.imagemagick ]}
+ env[BDD_CONNECT] = "/var/secrets/webapps/prod-richie"
+ php_admin_value[open_basedir] = "${vardir}:/var/lib/php/sessions/richie_production:/var/secrets/webapps/prod-richie:${richieSrc}:/tmp"
+ php_admin_value[session.save_path] = "/var/lib/php/sessions/richie_production"
+ '';
+ phpOptions = config.services.phpfpm.phpOptions + ''
+ date.timezone = 'Europe/Paris'
+ extension=${pkgs.php}/lib/php/extensions/mysqli.so
+ '';
+ };
+ services.websites.env.production.modules = [ "proxy_fcgi" ];
+ services.websites.env.production.vhostConfs.richie_production = {
+ certName = "richie";
+ addToCerts = true;
+ certMainHost = "europe-richie.org";
+ hosts = [ "europe-richie.org" "www.europe-richie.org" ];
+ root = "/run/current-system/webapps/richie_production";
+ extraConfig = [
+ ''
+ Use Stats europe-richie.org
+ ErrorDocument 404 /404.html
+ <LocationMatch "^/files/.*/admin/">
+ Require all denied
+ </LocationMatch>
+ <Directory /run/current-system/webapps/richie_production>
+ DirectoryIndex index.php index.htm index.html
+ Options Indexes FollowSymLinks MultiViews Includes
+ AllowOverride None
+ Require all granted
+
+ <FilesMatch "\.php$">
+ SetHandler "proxy:unix:/run/phpfpm/richie_production.sock|fcgi://localhost"
+ </FilesMatch>
+ </Directory>
+ ''
+ ];
+ };
+ };
+}