]> git.immae.eu Git - perso/Immae/Config/Nix.git/commitdiff
projects / perso / Immae / Config / Nix.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9338c83)
Add Richie website
authorIsmaël Bouya <ismael.bouya@normalesup.org>
Tue, 24 Dec 2019 07:26:39 +0000 (08:26 +0100)
committerIsmaël Bouya <ismael.bouya@normalesup.org>
Tue, 24 Dec 2019 07:26:39 +0000 (08:26 +0100)
modules/private/default.nix patch | blob | blame | history
modules/private/environment.nix patch | blob | blame | history
modules/private/websites/default.nix patch | blob | blame | history
modules/private/websites/emilia/richie.json [new file with mode: 0644] patch | blob
modules/private/websites/emilia/richie.nix [new file with mode: 0644] patch | blob

diff --git a/modules/private/default.nix b/modules/private/default.nix
index 70d4b799c8a4329d6a88a99c50190ab840e22d41..f768aedf7842192e2815b0908ef701b011a983a6 100644 (file)
--- a/modules/private/default.nix
+++ b/modules/private/default.nix
@@ -25,6 +25,7 @@ set = {
   connexionswingProd = ./websites/connexionswing/production.nix;
   denisejeromeProd = ./websites/denisejerome/production.nix;
   emiliaProd = ./websites/emilia/production.nix;
+  richieProd = ./websites/emilia/richie.nix;
   florianApp = ./websites/florian/app.nix;
   florianInte = ./websites/florian/integration.nix;
   florianProd = ./websites/florian/production.nix;
diff --git a/modules/private/environment.nix b/modules/private/environment.nix
index 2aa8b5e272c9a9f9924e447cbed7be0594bcaa9a..f0e39e9ca3d70aa64acfc030f588587f4fdee3ea 100644 (file)
--- a/modules/private/environment.nix
+++ b/modules/private/environment.nix
@@ -1104,6 +1104,23 @@ in
                   };
                 };
           };
+          richie = mkOption {
+            description = "Europe Richie configurations by environment";
+            type = submodule {
+              options = {
+                mysql = mkMysqlOptions "Richie";
+                smtp_mailer = mkOption {
+                  description = "SMTP mailer configuration";
+                  type = submodule {
+                    options = {
+                      user = mkOption { type = str; description = "Username"; };
+                      password = mkOption { type = str; description = "Password"; };
+                    };
+                  };
+                };
+              };
+            };
+          };
           tellesflorian = mkOption {
             description = "Tellesflorian configurations by environment";
             type =
diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix
index 16f02a75b6887be092d36c0513a77c4fe7a2fb6e..3ac4cb548153f2af390c612d34572be381b728e4 100644 (file)
--- a/modules/private/websites/default.nix
+++ b/modules/private/websites/default.nix
@@ -238,6 +238,7 @@ in
       denisejerome.production.enable = true;
 
       emilia.production.enable = true;
+      emilia.richie_production.enable = true;
 
       florian.app.enable = true;
       florian.integration.enable = true;
diff --git a/modules/private/websites/emilia/richie.json b/modules/private/websites/emilia/richie.json
new file mode 100644 (file)
index 0000000..63aab6e
--- /dev/null
+++ b/modules/private/websites/emilia/richie.json
@@ -0,0 +1,14 @@
+{
+  "tag": "3e7b523-master",
+  "meta": {
+    "name": "richie",
+    "url": "ssh://gitolite@git.immae.eu/perso/Immae/Sites/Richie",
+    "branch": "master"
+  },
+  "git": {
+    "url": "ssh://gitolite@git.immae.eu/perso/Immae/Sites/Richie",
+    "rev": "3e7b523dd1b47da10ec3c5b1b61df4034397a7b9",
+    "sha256": "04922nwprx6l0jn11mfcaxsfsxa96lq7dm170lk6q25fqr0ipa67",
+    "fetchSubmodules": true
+  }
+}
diff --git a/modules/private/websites/emilia/richie.nix b/modules/private/websites/emilia/richie.nix
new file mode 100644 (file)
index 0000000..f7b4f8d
--- /dev/null
+++ b/modules/private/websites/emilia/richie.nix
@@ -0,0 +1,101 @@
+{ lib, config, pkgs, ... }:
+let
+  cfg = config.myServices.websites.emilia.richie_production;
+  vardir = "/var/lib/richie_production";
+  richieSrc = pkgs.stdenv.mkDerivation (pkgs.mylibs.fetchedGitPrivate ./richie.json // {
+    phases = "installPhase";
+    installPhase = ''
+      cp -a $src $out
+      chmod -R u+w $out
+      ln -sf ${vardir}/files $out/
+      ln -sf ${vardir}/drapeaux $out/images/
+      ln -sf ${vardir}/photos $out/
+      sed -i "s@localedef --list-archive@localedef --list-archive /run/current-system/sw/lib/locale/locale-archive@" $out/admin/parametres.php
+      '';
+  });
+in
+{
+  options.myServices.websites.emilia.richie_production.enable = lib.mkEnableOption "enable Richie's website";
+  config = lib.mkIf cfg.enable {
+    services.duplyBackup.profiles.richie_production.rootDir = vardir;
+    services.webstats.sites = [ { name = "europe-richie.org"; } ];
+
+    secrets.keys = [{
+      dest = "webapps/prod-richie";
+      user = "wwwrun";
+      group = "wwwrun";
+      permissions = "0400";
+      text = with config.myEnv.websites.richie; ''
+        <?php
+
+        $hote_sql = '${mysql.host}';
+        $login_sql = '${mysql.user}';
+        $bdd_sql = '${mysql.database}';
+        $mdp_sql = '${mysql.password}';
+
+        $db = mysqli_connect($hote_sql,$login_sql,$mdp_sql);
+        unset($mdp_sql);
+
+        $smtp_mailer->Auth('${smtp_mailer.user}', '${smtp_mailer.password}');
+        ?>
+        '';
+    }];
+    myServices.websites.webappDirs.richie_production = richieSrc;
+    system.activationScripts.richie_production = {
+      deps = [ "httpd" ];
+      text = ''
+        install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/richie_production
+        install -m 0755 -o wwwrun -g wwwrun -d ${vardir}
+        '';
+    };
+    services.phpfpm.pools.richie_production = {
+      listen = "/run/phpfpm/richie_production.sock";
+      extraConfig = ''
+        user = wwwrun
+        group = wwwrun
+        listen.owner = wwwrun
+        listen.group = wwwrun
+
+        pm = ondemand
+        pm.max_children = 5
+        pm.process_idle_timeout = 60
+
+        env[PATH] = /run/current-system/sw/bin:${lib.makeBinPath [ pkgs.imagemagick ]}
+        env[BDD_CONNECT] = "/var/secrets/webapps/prod-richie"
+        php_admin_value[open_basedir] = "${vardir}:/var/lib/php/sessions/richie_production:/var/secrets/webapps/prod-richie:${richieSrc}:/tmp"
+        php_admin_value[session.save_path] = "/var/lib/php/sessions/richie_production"
+        '';
+      phpOptions = config.services.phpfpm.phpOptions + ''
+        date.timezone = 'Europe/Paris'
+        extension=${pkgs.php}/lib/php/extensions/mysqli.so
+        '';
+    };
+    services.websites.env.production.modules = [ "proxy_fcgi" ];
+    services.websites.env.production.vhostConfs.richie_production = {
+      certName    = "richie";
+      addToCerts  = true;
+      certMainHost = "europe-richie.org";
+      hosts       = [ "europe-richie.org" "www.europe-richie.org" ];
+      root        = "/run/current-system/webapps/richie_production";
+      extraConfig = [
+        ''
+        Use Stats europe-richie.org
+        ErrorDocument 404 /404.html
+        <LocationMatch "^/files/.*/admin/">
+          Require all denied
+        </LocationMatch>
+        <Directory /run/current-system/webapps/richie_production>
+          DirectoryIndex index.php index.htm index.html
+          Options Indexes FollowSymLinks MultiViews Includes
+          AllowOverride None
+          Require all granted
+
+          <FilesMatch "\.php$">
+            SetHandler "proxy:unix:/run/phpfpm/richie_production.sock|fcgi://localhost"
+          </FilesMatch>
+        </Directory>
+          ''
+      ];
+    };
+  };
+}
My infrastructure configuration