openldapReplication = ./databases/openldap_replication.nix;
websites = ./websites;
- isabelleAtenInte = ./websites/isabelle/aten_integration.nix;
- isabelleAtenProd = ./websites/isabelle/aten_production.nix;
- isabelleIridologie = ./websites/isabelle/iridologie.nix;
- capitainesProd = ./websites/capitaines/production.nix;
+
+
+ # Personal websites
+ capitainesLandingPages = ./websites/capitaines/landing_pages.nix;
+
chloeInte = ./websites/chloe/integration.nix;
chloeProd = ./websites/chloe/production.nix;
+
connexionswingInte = ./websites/connexionswing/integration.nix;
connexionswingProd = ./websites/connexionswing/production.nix;
- denisejeromeProd = ./websites/denisejerome/production.nix;
- emiliaProd = ./websites/emilia/production.nix;
- richieProd = ./websites/emilia/richie.nix;
+
+ deniseDenisejeromeProd = ./websites/denise/denisejerome.nix;
+ deniseEvariste = ./websites/denise/evariste.nix;
+
+ emiliaMoodle = ./websites/emilia/moodle.nix;
+
florianApp = ./websites/florian/app.nix;
florianInte = ./websites/florian/integration.nix;
florianProd = ./websites/florian/production.nix;
+
immaeProd = ./websites/immae/production.nix;
immaeRelease = ./websites/immae/release.nix;
immaeTemp = ./websites/immae/temp.nix;
+
+ isabelleAtenInte = ./websites/isabelle/aten_integration.nix;
+ isabelleAtenProd = ./websites/isabelle/aten_production.nix;
+ isabelleIridologie = ./websites/isabelle/iridologie.nix;
+
+ jeromeNaturaloutil = ./websites/jerome/naturaloutil.nix;
+
leilaProd = ./websites/leila/production.nix;
- ludivinecassalInte = ./websites/ludivinecassal/integration.nix;
- ludivinecassalProd = ./websites/ludivinecassal/production.nix;
+
+ ludivineInte = ./websites/ludivine/integration.nix;
+ ludivineProd = ./websites/ludivine/production.nix;
+
nassimeProd = ./websites/nassime/production.nix;
- naturaloutilProd = ./websites/naturaloutil/production.nix;
- evaristeProd = ./websites/evariste/production.nix;
- telioTortayProd = ./websites/teliotortay/production.nix;
+
papaMaisonBbc = ./websites/papa/maison_bbc.nix;
papaSurveillance = ./websites/papa/surveillance.nix;
+
piedsjalouxInte = ./websites/piedsjaloux/integration.nix;
piedsjalouxProd = ./websites/piedsjaloux/production.nix;
+
+ richieProd = ./websites/richie/production.nix;
+
sydenPeertube = ./websites/syden/peertube.nix;
+ teliotortayProd = ./websites/telio_tortay/production.nix;
+
+ # Tools
cloudTool = ./websites/tools/cloud;
davTool = ./websites/tools/dav;
vpnTool = ./websites/tools/vpn;
};
};
};
- telioTortay = mkOption {
+ telio_tortay = mkOption {
description = "Telio Tortay configuration";
type = submodule {
options = {
};
};
};
- ludivinecassal = mkOption {
+ ludivine = mkOption {
description = "Ludivinecassal configurations by environment";
type =
let
};
};
- myServices.websites.webappDirs._task = ./www;
+ services.websites.webappDirs._task = ./www;
security.acme.certs."task" = config.myServices.certificates.certConfig // {
inherit user group;
--- /dev/null
+{ lib, config, ... }:
+let
+ cfg = config.myServices.websites.capitaines.landing_pages;
+ webappdirs = config.services.websites.webappDirsPaths;
+ certName = "capitaines";
+ domain = "capitaines.fr";
+in {
+ options.myServices.websites.capitaines.landing_pages.enable = lib.mkEnableOption "enable Capitaines's landing pages";
+
+ config = lib.mkIf cfg.enable {
+ services.websites.webappDirs.capitaines_mastodon = ./mastodon_static;
+ services.websites.env.production.vhostConfs.capitaines_mastodon = rec {
+ inherit certName;
+ certMainHost = "mastodon.${domain}";
+ hosts = [ certMainHost ];
+ root = webappdirs.capitaines_mastodon;
+ extraConfig = [
+ ''
+ ErrorDocument 404 /index.html
+ <Directory ${webappdirs.capitaines_mastodon}>
+ DirectoryIndex index.html
+ Options Indexes FollowSymLinks MultiViews Includes
+ Require all granted
+ </Directory>
+ ''
+ ];
+ };
+
+ services.websites.webappDirs.capitaines_discourse = ./discourse_static;
+ services.websites.env.production.vhostConfs.capitaines_discourse = {
+ inherit certName;
+ addToCerts = true;
+ hosts = [ "discourse.${domain}" ];
+ root = webappdirs.capitaines_discourse;
+ extraConfig = [
+ ''
+ ErrorDocument 404 /index.html
+ <Directory ${webappdirs.capitaines_discourse}>
+ DirectoryIndex index.html
+ Options Indexes FollowSymLinks MultiViews Includes
+ Require all granted
+ </Directory>
+ ''
+ ];
+ };
+
+ services.websites.env.production.vhostConfs.capitaines = {
+ inherit certName;
+ addToCerts = true;
+ hosts = [ domain ];
+ root = webappdirs._www;
+ extraConfig = [ ''
+ <Directory ${webappdirs._www}>
+ DirectoryIndex index.htm
+ Require all granted
+ </Directory>
+ '' ];
+ };
+ };
+}
+++ /dev/null
-{ lib, pkgs, config, ... }:
-let
- cfg = config.myServices.websites.capitaines.production;
- env = config.myEnv.websites.capitaines;
-in {
- options.myServices.websites.capitaines.production.enable = lib.mkEnableOption "enable Capitaines's website";
-
- config = lib.mkIf cfg.enable {
- myServices.websites.webappDirs.capitaines_mastodon = ./mastodon_static;
- services.websites.env.production.vhostConfs.capitaines_mastodon = let
- root = "/run/current-system/webapps/capitaines_mastodon";
- in {
- certName = "capitaines";
- certMainHost = "mastodon.capitaines.fr";
- hosts = [ "mastodon.capitaines.fr" ];
- root = root;
- extraConfig = [
- ''
- ErrorDocument 404 /index.html
- <Directory ${root}>
- DirectoryIndex index.html
- Options Indexes FollowSymLinks MultiViews Includes
- Require all granted
- </Directory>
- ''
- ];
- };
-
- myServices.websites.webappDirs.capitaines_discourse = ./discourse_static;
- services.websites.env.production.vhostConfs.capitaines_discourse = let
- root = "/run/current-system/webapps/capitaines_discourse";
- in {
- certName = "capitaines";
- addToCerts = true;
- hosts = [ "discourse.capitaines.fr" ];
- root = root;
- extraConfig = [
- ''
- ErrorDocument 404 /index.html
- <Directory ${root}>
- DirectoryIndex index.html
- Options Indexes FollowSymLinks MultiViews Includes
- Require all granted
- </Directory>
- ''
- ];
- };
-
- services.websites.env.production.vhostConfs.capitaines = {
- certName = "capitaines";
- addToCerts = true;
- hosts = [ "capitaines.fr" ];
- root = "/run/current-system/webapps/_www";
- extraConfig = [ ''
- <Directory /run/current-system/webapps/_www>
- DirectoryIndex index.htm
- Require all granted
- </Directory>
- '' ];
- };
- };
-}
spip.override {
ldap = true;
siteName = "chloe";
- inherit environment siteDir;
+ inherit environment siteDir varDir;
}
+++ /dev/null
-{ apacheUser, apacheGroup, chloe, config }:
-rec {
- app = chloe.override { inherit (config) environment; };
- phpFpm = rec {
- serviceDeps = [ "mysql.service" ];
- pool = {
- "listen.owner" = apacheUser;
- "listen.group" = apacheGroup;
- "php_admin_value[upload_max_filesize]" = "20M";
- "php_admin_value[post_max_size]" = "20M";
- # "php_admin_flag[log_errors]" = "on";
- "php_admin_value[open_basedir]" = "${app.spipConfig}:${configDir}:${app}:${app.varDir}:/tmp";
- "php_admin_value[session.save_path]" = "${app.varDir}/phpSessions";
- } // (if app.environment == "dev" then {
- "pm" = "ondemand";
- "pm.max_children" = "5";
- "pm.process_idle_timeout" = "60";
- } else {
- "pm" = "dynamic";
- "pm.max_children" = "20";
- "pm.start_servers" = "2";
- "pm.min_spare_servers" = "1";
- "pm.max_spare_servers" = "3";
- });
- };
- keys = [{
- dest = "webapps/${app.environment}-chloe";
- user = apacheUser;
- group = apacheGroup;
- permissions = "0400";
- text = ''
- SetEnv SPIP_CONFIG_DIR "${configDir}"
- SetEnv SPIP_VAR_DIR "${app.varDir}"
- SetEnv SPIP_SITE "chloe-${app.environment}"
- SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu"
- SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu"
- SetEnv SPIP_LDAP_SEARCH_DN "${config.ldap.dn}"
- SetEnv SPIP_LDAP_SEARCH_PW "${config.ldap.password}"
- SetEnv SPIP_LDAP_SEARCH "${config.ldap.filter}"
- SetEnv SPIP_MYSQL_HOST "${config.mysql.host}"
- SetEnv SPIP_MYSQL_PORT "${config.mysql.port}"
- SetEnv SPIP_MYSQL_DB "${config.mysql.database}"
- SetEnv SPIP_MYSQL_USER "${config.mysql.user}"
- SetEnv SPIP_MYSQL_PASSWORD "${config.mysql.password}"
- '';
- }];
- apache = rec {
- modules = [ "proxy_fcgi" ];
- webappName = "chloe_${app.environment}";
- root = "/run/current-system/webapps/${webappName}";
- vhostConf = socket: ''
- Include /var/secrets/webapps/${app.environment}-chloe
-
- RewriteEngine On
- ${if app.environment == "prod" then ''
- RewriteRule ^/news.rss /spip.php?page=backend&id_rubrique=1
- '' else ""}
-
- <FilesMatch "\.php$">
- SetHandler "proxy:unix:${socket}|fcgi://localhost"
- </FilesMatch>
-
- <Directory ${root}>
- DirectoryIndex index.php index.htm index.html
- Options -Indexes +FollowSymLinks +MultiViews +Includes
- Include ${root}/htaccess.txt
-
- AllowOverride AuthConfig FileInfo Limit
- Require all granted
- </Directory>
-
- <DirectoryMatch "${root}/squelettes">
- Require all denied
- </DirectoryMatch>
-
- <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$">
- Require all denied
- </FilesMatch>
-
- ${if app.environment == "dev" then ''
- <Location />
- Use LDAPConnect
- Require ldap-group cn=chloe.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
- ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://osteopathe-cc.fr\"></html>"
- </Location>
- '' else ''
- Use Stats osteopathe-cc.fr
- ''}
- '';
- };
- activationScript = {
- deps = [ "wrappers" ];
- text = ''
- install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local
- install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions
- '';
- };
- configDir = ./config;
-}
{ lib, pkgs, config, ... }:
let
- chloe = pkgs.callPackage ./builder.nix {
- inherit (pkgs.webapps) chloe;
- config = config.myEnv.websites.chloe.integration;
- apacheUser = config.services.httpd.Inte.user;
- apacheGroup = config.services.httpd.Inte.group;
+ apacheUser = config.services.httpd.Inte.user;
+ apacheGroup = config.services.httpd.Inte.group;
+ ccfg = config.myEnv.websites.chloe.integration;
+ app = pkgs.callPackage ./app {
+ inherit (ccfg) environment;
+ inherit (pkgs.webapps) spip;
+ varDir = "/var/lib/chloe_integration";
};
-
cfg = config.myServices.websites.chloe.integration;
+ webappdir = config.services.websites.webappDirsPaths.chloe_integration;
in {
options.myServices.websites.chloe.integration.enable = lib.mkEnableOption "enable Chloe's website in integration";
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.chloe_dev.rootDir = chloe.app.varDir;
- secrets.keys = chloe.keys;
- systemd.services.phpfpm-chloe_dev.after = lib.mkAfter chloe.phpFpm.serviceDeps;
- systemd.services.phpfpm-chloe_dev.wants = chloe.phpFpm.serviceDeps;
- services.phpfpm.pools.chloe_dev = {
+ services.duplyBackup.profiles.chloe_integration.rootDir = app.varDir;
+ secrets.keys = [
+ {
+ dest = "websites/chloe/integration";
+ user = apacheUser;
+ group = apacheGroup;
+ permissions = "0400";
+ text = ''
+ SetEnv SPIP_CONFIG_DIR "${./config}"
+ SetEnv SPIP_VAR_DIR "${app.varDir}"
+ SetEnv SPIP_SITE "chloe-${app.environment}"
+ SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu"
+ SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu"
+ SetEnv SPIP_LDAP_SEARCH_DN "${ccfg.ldap.dn}"
+ SetEnv SPIP_LDAP_SEARCH_PW "${ccfg.ldap.password}"
+ SetEnv SPIP_LDAP_SEARCH "${ccfg.ldap.filter}"
+ SetEnv SPIP_MYSQL_HOST "${ccfg.mysql.host}"
+ SetEnv SPIP_MYSQL_PORT "${ccfg.mysql.port}"
+ SetEnv SPIP_MYSQL_DB "${ccfg.mysql.database}"
+ SetEnv SPIP_MYSQL_USER "${ccfg.mysql.user}"
+ SetEnv SPIP_MYSQL_PASSWORD "${ccfg.mysql.password}"
+ '';
+ }
+ ];
+ systemd.services.phpfpm-chloe_integration.after = lib.mkAfter [ "mysql.service" ];
+ systemd.services.phpfpm-chloe_integration.wants = [ "mysql.service" ];
+ services.phpfpm.pools.chloe_integration = {
user = config.services.httpd.Inte.user;
group = config.services.httpd.Inte.group;
- settings = chloe.phpFpm.pool;
+ settings = {
+ "listen.owner" = apacheUser;
+ "listen.group" = apacheGroup;
+ "php_admin_value[upload_max_filesize]" = "20M";
+ "php_admin_value[post_max_size]" = "20M";
+ # "php_admin_flag[log_errors]" = "on";
+ "php_admin_value[open_basedir]" = "${app.spipConfig}:${./config}:${app}:${app.varDir}:/tmp";
+ "php_admin_value[session.save_path]" = "${app.varDir}/phpSessions";
+ "pm" = "ondemand";
+ "pm.max_children" = "5";
+ "pm.process_idle_timeout" = "60";
+ };
phpOptions = config.services.phpfpm.phpOptions + ''
extension=${pkgs.php}/lib/php/extensions/mysqli.so
'';
};
- system.activationScripts.chloe_dev = chloe.activationScript;
- myServices.websites.webappDirs."${chloe.apache.webappName}" = chloe.app.webRoot;
- services.websites.env.integration.modules = chloe.apache.modules;
- services.websites.env.integration.vhostConfs.chloe = {
+ system.activationScripts.chloe_integration = {
+ deps = [ "wrappers" ];
+ text = ''
+ install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local
+ install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions
+ '';
+ };
+ services.websites.webappDirs.chloe_integration = app.webRoot;
+ services.websites.env.integration.modules = [ "proxy_fcgi" ];
+ services.websites.env.integration.vhostConfs.chloe_integration = {
certName = "integration";
addToCerts = true;
hosts = ["chloe.immae.eu" ];
- root = chloe.apache.root;
+ root = webappdir;
extraConfig = [
- (chloe.apache.vhostConf config.services.phpfpm.pools.chloe_dev.socket)
+ ''
+ Include ${config.secrets.fullPaths."websites/chloe/integration"}
+
+ RewriteEngine On
+
+ <FilesMatch "\.php$">
+ SetHandler "proxy:unix:${config.services.phpfpm.pools.chloe_integration.socket}|fcgi://localhost"
+ </FilesMatch>
+
+ <Directory ${webappdir}>
+ DirectoryIndex index.php index.htm index.html
+ Options -Indexes +FollowSymLinks +MultiViews +Includes
+ Include ${webappdir}/htaccess.txt
+
+ AllowOverride AuthConfig FileInfo Limit
+ Require all granted
+ </Directory>
+
+ <DirectoryMatch "${webappdir}/squelettes">
+ Require all denied
+ </DirectoryMatch>
+
+ <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$">
+ Require all denied
+ </FilesMatch>
+
+ <Location />
+ Use LDAPConnect
+ Require ldap-group cn=chloe.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
+ ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://osteopathe-cc.fr\"></html>"
+ </Location>
+ ''
];
};
services.websites.env.integration.watchPaths = [
- "/var/secrets/webapps/${chloe.app.environment}-chloe"
+ config.secrets.fullPaths."websites/chloe/integration"
];
};
}
{ lib, pkgs, config, ... }:
let
- chloe = pkgs.callPackage ./builder.nix {
- inherit (pkgs.webapps) chloe;
- config = config.myEnv.websites.chloe.production;
- apacheUser = config.services.httpd.Prod.user;
- apacheGroup = config.services.httpd.Prod.group;
+ apacheUser = config.services.httpd.Prod.user;
+ apacheGroup = config.services.httpd.Prod.group;
+ ccfg = config.myEnv.websites.chloe.production;
+ app = pkgs.callPackage ./app {
+ inherit (ccfg) environment;
+ inherit (pkgs.webapps) spip;
+ varDir = "/var/lib/chloe_production";
};
-
cfg = config.myServices.websites.chloe.production;
+ webappdir = config.services.websites.webappDirsPaths.chloe_production;
in {
options.myServices.websites.chloe.production.enable = lib.mkEnableOption "enable Chloe's website in production";
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.chloe_prod.rootDir = chloe.app.varDir;
- secrets.keys = chloe.keys;
+ services.duplyBackup.profiles.chloe_production.rootDir = app.varDir;
+ secrets.keys = [
+ {
+ dest = "websites/chloe/production";
+ user = apacheUser;
+ group = apacheGroup;
+ permissions = "0400";
+ text = ''
+ SetEnv SPIP_CONFIG_DIR "${./config}"
+ SetEnv SPIP_VAR_DIR "${app.varDir}"
+ SetEnv SPIP_SITE "chloe-${app.environment}"
+ SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu"
+ SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu"
+ SetEnv SPIP_LDAP_SEARCH_DN "${ccfg.ldap.dn}"
+ SetEnv SPIP_LDAP_SEARCH_PW "${ccfg.ldap.password}"
+ SetEnv SPIP_LDAP_SEARCH "${ccfg.ldap.filter}"
+ SetEnv SPIP_MYSQL_HOST "${ccfg.mysql.host}"
+ SetEnv SPIP_MYSQL_PORT "${ccfg.mysql.port}"
+ SetEnv SPIP_MYSQL_DB "${ccfg.mysql.database}"
+ SetEnv SPIP_MYSQL_USER "${ccfg.mysql.user}"
+ SetEnv SPIP_MYSQL_PASSWORD "${ccfg.mysql.password}"
+ '';
+ }
+ ];
services.webstats.sites = [ { name = "osteopathe-cc.fr"; } ];
- systemd.services.phpfpm-chloe_prod.after = lib.mkAfter chloe.phpFpm.serviceDeps;
- systemd.services.phpfpm-chloe_prod.wants = chloe.phpFpm.serviceDeps;
- services.phpfpm.pools.chloe_prod = {
+ systemd.services.phpfpm-chloe_production.after = lib.mkAfter [ "mysql.service" ];
+ systemd.services.phpfpm-chloe_production.wants = [ "mysql.service" ];
+ services.phpfpm.pools.chloe_production = {
user = config.services.httpd.Prod.user;
group = config.services.httpd.Prod.group;
- settings = chloe.phpFpm.pool;
+ settings = {
+ "listen.owner" = apacheUser;
+ "listen.group" = apacheGroup;
+ "php_admin_value[upload_max_filesize]" = "20M";
+ "php_admin_value[post_max_size]" = "20M";
+ # "php_admin_flag[log_errors]" = "on";
+ "php_admin_value[open_basedir]" = "${app.spipConfig}:${./config}:${app}:${app.varDir}:/tmp";
+ "php_admin_value[session.save_path]" = "${app.varDir}/phpSessions";
+ "pm" = "dynamic";
+ "pm.max_children" = "20";
+ "pm.start_servers" = "2";
+ "pm.min_spare_servers" = "1";
+ "pm.max_spare_servers" = "3";
+ };
phpOptions = config.services.phpfpm.phpOptions + ''
extension=${pkgs.php}/lib/php/extensions/mysqli.so
'';
};
- system.activationScripts.chloe_prod = chloe.activationScript;
- myServices.websites.webappDirs."${chloe.apache.webappName}" = chloe.app.webRoot;
- services.websites.env.production.modules = chloe.apache.modules;
+ system.activationScripts.chloe_production = {
+ deps = [ "wrappers" ];
+ text = ''
+ install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local
+ install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions
+ '';
+ };
+ services.websites.webappDirs.chloe_production = app.webRoot;
+ services.websites.env.production.modules = [ "proxy_fcgi" ];
services.websites.env.production.vhostConfs.chloe = {
certName = "chloe";
certMainHost = "osteopathe-cc.fr";
hosts = ["osteopathe-cc.fr" "www.osteopathe-cc.fr" ];
- root = chloe.apache.root;
+ root = webappdir;
extraConfig = [
''
+ Use Stats osteopathe-cc.fr
+
RewriteEngine On
RewriteCond "%{HTTP_HOST}" "!^www\.osteopathe-cc\.fr$" [NC]
RewriteRule ^(.+)$ https://www.osteopathe-cc.fr$1 [R=302,L]
+
+ Include ${config.secrets.fullPaths."websites/chloe/production"}
+
+ RewriteEngine On
+ RewriteRule ^/news.rss /spip.php?page=backend&id_rubrique=1
+
+ <FilesMatch "\.php$">
+ SetHandler "proxy:unix:${config.services.phpfpm.pools.chloe_production.socket}|fcgi://localhost"
+ </FilesMatch>
+
+ <Directory ${webappdir}>
+ DirectoryIndex index.php index.htm index.html
+ Options -Indexes +FollowSymLinks +MultiViews +Includes
+ Include ${webappdir}/htaccess.txt
+
+ AllowOverride AuthConfig FileInfo Limit
+ Require all granted
+ </Directory>
+
+ <DirectoryMatch "${webappdir}/squelettes">
+ Require all denied
+ </DirectoryMatch>
+
+ <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$">
+ Require all denied
+ </FilesMatch>
''
- (chloe.apache.vhostConf config.services.phpfpm.pools.chloe_prod.socket)
];
};
services.websites.env.production.watchPaths = [
- "/var/secrets/webapps/${chloe.app.environment}-chloe"
+ config.secrets.fullPaths."websites/chloe/production"
];
};
}
{ environment ? "prod"
, varDir ? "/var/lib/connexionswing_${environment}"
+, secretsPath ? "/var/secrets/webapps/${environment}-connexionswing"
, composerEnv, fetchurl, fetchgit, mylibs }:
let
app = composerEnv.buildPackage (
cd $out
${if environment == "prod" then "php ./bin/console assetic:dump --env=prod --no-debug" else ""}
rm app/config/parameters.yml
- ln -sf /var/secrets/webapps/${environment}-connexionswing app/config/parameters.yml
+ ln -sf ${secretsPath} app/config/parameters.yml
rm -rf var/{logs,cache}
ln -sf ${varDir}/var/{logs,cache} var/
ln -sf ${varDir}/{medias,uploads} web/images/
{ lib, pkgs, config, ... }:
let
secrets = config.myEnv.websites.connexionswing.integration;
- app = pkgs.webapps.connexionswing.override { environment = secrets.environment; };
+ app = pkgs.callPackage ./app {
+ environment = secrets.environment;
+ varDir = "/var/lib/connexionswing_integration";
+ secretsPath = config.secrets.fullPaths."websites/connexionswing/integration";
+ };
cfg = config.myServices.websites.connexionswing.integration;
pcfg = config.services.phpApplication;
in {
options.myServices.websites.connexionswing.integration.enable = lib.mkEnableOption "enable Connexionswing's website in integration";
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.connexionswing_dev.rootDir = app.varDir;
- services.phpApplication.apps.connexionswing_dev = {
+ services.duplyBackup.profiles.connexionswing_integration.rootDir = app.varDir;
+ services.phpApplication.apps.connexionswing_integration = {
websiteEnv = "integration";
httpdUser = config.services.httpd.Inte.user;
httpdGroup = config.services.httpd.Inte.group;
"pm.process_idle_timeout" = "60";
};
phpEnv = {
- SYMFONY_DEBUG_MODE = "yes";
+ SYMFONY_DEBUG_MODE = "\"yes\"";
};
phpWatchFiles = [
- config.secrets.fullPaths."webapps/${app.environment}-connexionswing"
+ config.secrets.fullPaths."websites/connexionswing/integration"
];
};
secrets.keys = [
{
- dest = "webapps/${app.environment}-connexionswing";
+ dest = "websites/connexionswing/integration";
user = config.services.httpd.Inte.user;
group = config.services.httpd.Inte.group;
permissions = "0400";
}
];
- services.websites.env.integration.vhostConfs.connexionswing_dev = {
- certName = "integration";
+ services.websites.env.integration.vhostConfs.connexionswing_integration = {
+ certName = "integration";
addToCerts = true;
hosts = ["connexionswing.immae.eu" "sandetludo.immae.eu" ];
- root = pcfg.webappDirs.connexionswing_dev;
+ root = pcfg.webappDirs.connexionswing_integration;
extraConfig = [
''
<FilesMatch "\.php$">
- SetHandler "proxy:unix:${pcfg.phpListenPaths.connexionswing_dev}|fcgi://localhost"
+ SetHandler "proxy:unix:${pcfg.phpListenPaths.connexionswing_integration}|fcgi://localhost"
</FilesMatch>
<Directory ${app.varDir}/medias>
ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://connexionswing.com\"></html>"
</Location>
- <Directory ${pcfg.webappDirs.connexionswing_dev}>
+ <Directory ${pcfg.webappDirs.connexionswing_integration}>
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride None
Require all granted
{ lib, pkgs, config, ... }:
let
secrets = config.myEnv.websites.connexionswing.production;
- app = pkgs.webapps.connexionswing.override { environment = secrets.environment; };
+ app = pkgs.callPackage ./app {
+ environment = secrets.environment;
+ varDir = "/var/lib/connexionswing_production";
+ secretsPath = config.secrets.fullPaths."websites/connexionswing/production";
+ };
cfg = config.myServices.websites.connexionswing.production;
pcfg = config.services.phpApplication;
in {
options.myServices.websites.connexionswing.production.enable = lib.mkEnableOption "enable Connexionswing's website in production";
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.connexionswing_prod.rootDir = app.varDir;
+ services.duplyBackup.profiles.connexionswing_produdction.rootDir = app.varDir;
services.webstats.sites = [ { name = "connexionswing.com"; } ];
- services.phpApplication.apps.connexionswing_prod = {
+ services.phpApplication.apps.connexionswing_production = {
websiteEnv = "production";
httpdUser = config.services.httpd.Prod.user;
httpdGroup = config.services.httpd.Prod.group;
"pm.max_spare_servers" = "3";
};
phpWatchFiles = [
- config.secrets.fullPaths."webapps/${app.environment}-connexionswing"
+ config.secrets.fullPaths."websites/connexionswing/production"
];
};
secrets.keys = [
{
- dest = "webapps/${app.environment}-connexionswing";
+ dest = "websites/connexionswing/production";
user = config.services.httpd.Prod.user;
group = config.services.httpd.Prod.group;
permissions = "0400";
}
];
- services.websites.env.production.vhostConfs.connexionswing_prod = {
+ services.websites.env.production.vhostConfs.connexionswing_production = {
certName = "connexionswing";
certMainHost = "connexionswing.com";
hosts = ["connexionswing.com" "sandetludo.com" "www.connexionswing.com" "www.sandetludo.com" ];
- root = pcfg.webappDirs.connexionswing_prod;
+ root = pcfg.webappDirs.connexionswing_production;
extraConfig = [
''
<FilesMatch "\.php$">
- SetHandler "proxy:unix:${pcfg.phpListenPaths.connexionswing_prod}|fcgi://localhost"
+ SetHandler "proxy:unix:${pcfg.phpListenPaths.connexionswing_production}|fcgi://localhost"
</FilesMatch>
<Directory ${app.varDir}/medias>
Use Stats connexionswing.com
- <Directory ${pcfg.webappDirs.connexionswing_prod}>
+ <Directory ${pcfg.webappDirs.connexionswing_production}>
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride All
Require all granted
'';
};
global = {
- extraConfig = (pkgs.webapps.apache-default.override { inherit www_root;}).apacheConfig;
+ extraConfig = ''
+ ErrorDocument 500 /maintenance_immae.html
+ ErrorDocument 501 /maintenance_immae.html
+ ErrorDocument 502 /maintenance_immae.html
+ ErrorDocument 503 /maintenance_immae.html
+ ErrorDocument 504 /maintenance_immae.html
+ Alias /maintenance_immae.html ${www_root}/maintenance_immae.html
+ ProxyPass /maintenance_immae.html !
+
+ AliasMatch "(.*)/googleb6d69446ff4ca3e5.html" ${www_root}/googleb6d69446ff4ca3e5.html
+ <Directory ${www_root}>
+ AllowOverride None
+ Require all granted
+ </Directory>
+ '';
};
apaxy = {
extraConfig = (pkgs.webapps.apache-theme.override { inherit theme_root; }).apacheConfig;
makeExtraConfig = (builtins.filter (x: x != null) (lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) apacheConfig));
in
{
- options.myServices.websites = {
- enable = lib.mkEnableOption "enable websites";
-
- webappDirs = lib.mkOption {
- type = lib.types.attrsOf lib.types.path;
- description = ''
- Webapp paths to create in /run/current-system/webapps
- '';
- default = {};
- };
- };
+ options.myServices.websites.enable = lib.mkEnableOption "enable websites";
config = lib.mkIf config.myServices.websites.enable {
services.duplyBackup.profiles.php = {
};
};
- system.extraSystemBuilderCmds = lib.mkIf (builtins.length (builtins.attrValues config.myServices.websites.webappDirs) > 0) ''
- mkdir -p $out/webapps
- ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (name: path: "ln -s ${path} $out/webapps/${name}") config.myServices.websites.webappDirs)}
- '';
-
+ services.websites.webappDirs = {
+ _www = ./_www;
+ _theme = pkgs.webapps.apache-theme.theme;
+ };
myServices.websites = {
- webappDirs = {
- _www = pkgs.webapps.apache-default.www;
- _theme = pkgs.webapps.apache-theme.theme;
- };
+ capitaines.landing_pages.enable = true;
- isabelle.aten_integration.enable = true;
- isabelle.aten_production.enable = true;
- isabelle.iridologie.enable = true;
+ chloe = {
+ integration.enable = true;
+ production.enable = true;
+ };
- capitaines.production.enable = true;
+ connexionswing = {
+ integration.enable = true;
+ production.enable = true;
+ };
- chloe.integration.enable = true;
- chloe.production.enable = true;
+ denise = {
+ evariste.enable = true;
+ denisejerome.enable = true;
+ };
- connexionswing.integration.enable = true;
- connexionswing.production.enable = true;
+ emilia.moodle.enable = true;
- denisejerome.production.enable = true;
+ florian = {
+ app.enable = true;
+ integration.enable = true;
+ production.enable = true;
+ };
- emilia.production.enable = true;
- emilia.richie_production.enable = true;
+ immae = {
+ production.enable = true;
+ release.enable = true;
+ temp.enable = true;
+ };
- florian.app.enable = true;
- florian.integration.enable = true;
- florian.production.enable = true;
+ isabelle = {
+ aten_integration.enable = true;
+ aten_production.enable = true;
+ iridologie.enable = true;
+ };
- immae.production.enable = true;
- immae.release.enable = true;
- immae.temp.enable = true;
+ jerome.naturaloutil.enable = true;
leila.production.enable = true;
- ludivinecassal.integration.enable = true;
- ludivinecassal.production.enable = true;
+ ludivine = {
+ integration.enable = true;
+ production.enable = true;
+ };
nassime.production.enable = true;
- evariste.production.enable = true;
- naturaloutil.production.enable = true;
- telioTortay.production.enable = true;
+ papa = {
+ surveillance.enable = true;
+ maison_bbc.enable = true;
+ };
- papa.surveillance.enable = true;
- papa.maison_bbc.enable = true;
+ piedsjaloux = {
+ integration.enable = true;
+ production.enable = true;
+ };
- piedsjaloux.integration.enable = true;
- piedsjaloux.production.enable = true;
+ richie.production.enable = true;
syden.peertube.enable = true;
+ telio_tortay.production.enable = true;
+
tools.cloud.enable = true;
tools.dav.enable = true;
tools.db.enable = true;
-{ lib, pkgs, config, ... }:
+{ lib, config, ... }:
let
- cfg = config.myServices.websites.denisejerome.production;
- varDir = "/var/lib/ftp/denisejerome";
+ cfg = config.myServices.websites.denise.denisejerome;
+ varDir = "/var/lib/ftp/denise/denisejerome";
env = config.myEnv.websites.denisejerome;
in {
- options.myServices.websites.denisejerome.production.enable = lib.mkEnableOption "enable Denise Jerome's website";
+ options.myServices.websites.denise.denisejerome.enable = lib.mkEnableOption "enable Denise Jerome's website";
config = lib.mkIf cfg.enable {
services.webstats.sites = [ { name = "denisejerome.piedsjaloux.fr"; } ];
- services.websites.env.production.vhostConfs.denisejerome = {
- certName = "denisejerome";
+ services.websites.env.production.vhostConfs.denise_denisejerome = {
+ certName = "denise";
certMainHost = "denisejerome.piedsjaloux.fr";
hosts = ["denisejerome.piedsjaloux.fr" ];
root = varDir;
-{ lib, pkgs, config, ... }:
+{ lib, config, ... }:
let
- cfg = config.myServices.websites.evariste.production;
- nsiVarDir = "/var/lib/ftp/nsievariste";
- stmgVarDir = "/var/lib/ftp/stmgevariste";
+ cfg = config.myServices.websites.denise.evariste;
+ nsiVarDir = "/var/lib/ftp/denise/nsievariste";
+ stmgVarDir = "/var/lib/ftp/denise/stmgevariste";
+ apacheUser = config.services.httpd.Prod.user;
+ apacheGroup = config.services.httpd.Prod.group;
in {
- options.myServices.websites.evariste.production.enable = lib.mkEnableOption "enable NSI/STMG Evariste website";
+ options.myServices.websites.denise.evariste.enable = lib.mkEnableOption "enable NSI/STMG Evariste website";
config = lib.mkIf cfg.enable {
services.webstats.sites = [
];
services.websites.env.production.modules = [ "proxy_fcgi" ];
- system.activationScripts.evariste = {
+ system.activationScripts.denise_evariste = {
deps = [ "httpd" ];
text = ''
- install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/nsievariste
- install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/stmgevariste
+ install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/denise_nsievariste
+ install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/denise_stmgevariste
'';
};
- services.phpfpm.pools.nsievariste = {
- user = "wwwrun";
- group = "wwwrun";
+ services.phpfpm.pools.denise_nsievariste = {
+ user = apacheUser;
+ group = apacheGroup;
settings = {
- "listen.owner" = "wwwrun";
- "listen.group" = "wwwrun";
+ "listen.owner" = apacheUser;
+ "listen.group" = apacheGroup;
"pm" = "ondemand";
"pm.max_children" = "5";
"pm.process_idle_timeout" = "60";
- "php_admin_value[open_basedir]" = "/var/lib/php/sessions/nsievariste:${nsiVarDir}:/tmp";
- "php_admin_value[session.save_path]" = "/var/lib/php/sessions/nsievariste";
+ "php_admin_value[open_basedir]" = "/var/lib/php/sessions/denise_nsievariste:${nsiVarDir}:/tmp";
+ "php_admin_value[session.save_path]" = "/var/lib/php/sessions/denise_nsievariste";
};
};
- services.websites.env.production.vhostConfs.nsievariste = {
- certName = "eldiron";
+ services.websites.env.production.vhostConfs.denise_nsievariste = {
+ certName = "denise_evariste";
addToCerts = true;
+ certMainHost = "nsievariste.immae.eu";
hosts = ["nsievariste.immae.eu" ];
root = nsiVarDir;
extraConfig = [
Use Stats nsievariste.immae.eu
<FilesMatch "\.php$">
- SetHandler "proxy:unix:${config.services.phpfpm.pools.nsievariste.socket}|fcgi://localhost"
+ SetHandler "proxy:unix:${config.services.phpfpm.pools.denise_nsievariste.socket}|fcgi://localhost"
</FilesMatch>
<Directory ${nsiVarDir}>
];
};
- services.phpfpm.pools.stmgevariste = {
- user = "wwwrun";
- group = "wwwrun";
+ services.phpfpm.pools.denise_stmgevariste = {
+ user = apacheUser;
+ group = apacheGroup;
settings = {
- "listen.owner" = "wwwrun";
- "listen.group" = "wwwrun";
+ "listen.owner" = apacheUser;
+ "listen.group" = apacheGroup;
"pm" = "ondemand";
"pm.max_children" = "5";
"pm.process_idle_timeout" = "60";
- "php_admin_value[open_basedir]" = "/var/lib/php/sessions/stmgevariste:${stmgVarDir}:/tmp";
- "php_admin_value[session.save_path]" = "/var/lib/php/sessions/stmgevariste";
+ "php_admin_value[open_basedir]" = "/var/lib/php/sessions/denise_stmgevariste:${stmgVarDir}:/tmp";
+ "php_admin_value[session.save_path]" = "/var/lib/php/sessions/denise_stmgevariste";
};
};
- services.websites.env.production.vhostConfs.stmgevariste = {
- certName = "eldiron";
+ services.websites.env.production.vhostConfs.denise_stmgevariste = {
+ certName = "denise_evariste";
addToCerts = true;
hosts = ["stmgevariste.immae.eu" ];
root = stmgVarDir;
Use Stats stmgevariste.immae.eu
<FilesMatch "\.php$">
- SetHandler "proxy:unix:${config.services.phpfpm.pools.stmgevariste.socket}|fcgi://localhost"
+ SetHandler "proxy:unix:${config.services.phpfpm.pools.denise_stmgevariste.socket}|fcgi://localhost"
</FilesMatch>
<Directory ${stmgVarDir}>
--- /dev/null
+{ lib, pkgs, config, ... }:
+let
+ cfg = config.myServices.websites.emilia.moodle;
+ env = config.myEnv.websites.emilia;
+ varDir = "/var/lib/emilia_moodle";
+ siteDir = ./moodle;
+ webappName = "emilia_moodle";
+ webappdir = config.services.websites.webappDirsPaths.emilia_moodle;
+ # php_admin_value[upload_max_filesize] = 50000000
+ # php_admin_value[post_max_size] = 50000000
+ configFile = ''
+ <?php // Moodle configuration file
+
+ unset($CFG);
+ global $CFG;
+ $CFG = new stdClass();
+
+ $CFG->dbtype = 'pgsql';
+ $CFG->dblibrary = 'native';
+ $CFG->dbhost = '${env.postgresql.host}';
+ $CFG->dbname = '${env.postgresql.database}';
+ $CFG->dbuser = '${env.postgresql.user}';
+ $CFG->dbpass = '${env.postgresql.password}';
+ $CFG->prefix = 'mdl_';
+ $CFG->dboptions = array (
+ 'dbpersist' => 0,
+ 'dbport' => '${env.postgreesql.port}',
+ 'dbsocket' => '${env.postgresql.password}',
+ );
+
+ $CFG->wwwroot = 'https://www.saison-photo.org';
+ $CFG->dataroot = '${varDir}';
+ $CFG->admin = 'admin';
+
+ $CFG->directorypermissions = 02777;
+
+ require_once(__DIR__ . '/lib/setup.php');
+
+ // There is no php closing tag in this file,
+ // it is intentional because it prevents trailing whitespace problems!
+ '';
+ apacheUser = config.services.httpd.Prod.user;
+ apacheGroup = config.services.httpd.Prod.group;
+in {
+ options.myServices.websites.emilia.moodle.enable = lib.mkEnableOption "enable Emilia's website";
+
+ config = lib.mkIf cfg.enable {
+ services.duplyBackup.profiles.emilia_moodle.rootDir = varDir;
+ system.activationScripts.emilia_moodle = ''
+ install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${varDir}
+ '';
+ services.websites.webappDirs.emilia_moodle = siteDir;
+ services.websites.env.production.vhostConfs.emilia_moodle = {
+ certName = "emilia";
+ certMainHost = "saison-photo.org";
+ hosts = [ "saison-photo.org" "www.saison-photo.org" ];
+ root = webappdir;
+ extraConfig = [
+ ''
+ <Directory ${webappdir}>
+ DirectoryIndex pause.html
+ Options Indexes FollowSymLinks MultiViews Includes
+ Require all granted
+ </Directory>
+ ''
+ ];
+ };
+ };
+}
+++ /dev/null
-{ lib, pkgs, config, ... }:
-let
- cfg = config.myServices.websites.emilia.production;
- env = config.myEnv.websites.emilia;
- varDir = "/var/lib/moodle";
- siteDir = ./moodle;
- webappName = "emilia_moodle";
- root = "/run/current-system/webapps/${webappName}";
- # php_admin_value[upload_max_filesize] = 50000000
- # php_admin_value[post_max_size] = 50000000
- configFile = ''
- <?php // Moodle configuration file
-
- unset($CFG);
- global $CFG;
- $CFG = new stdClass();
-
- $CFG->dbtype = 'pgsql';
- $CFG->dblibrary = 'native';
- $CFG->dbhost = '${env.postgresql.host}';
- $CFG->dbname = '${env.postgresql.database}';
- $CFG->dbuser = '${env.postgresql.user}';
- $CFG->dbpass = '${env.postgresql.password}';
- $CFG->prefix = 'mdl_';
- $CFG->dboptions = array (
- 'dbpersist' => 0,
- 'dbport' => '${env.postgreesql.port}',
- 'dbsocket' => '${env.postgresql.password}',
- );
-
- $CFG->wwwroot = 'https://www.saison-photo.org';
- $CFG->dataroot = '${varDir}';
- $CFG->admin = 'admin';
-
- $CFG->directorypermissions = 02777;
-
- require_once(__DIR__ . '/lib/setup.php');
-
- // There is no php closing tag in this file,
- // it is intentional because it prevents trailing whitespace problems!
- '';
-in {
- options.myServices.websites.emilia.production.enable = lib.mkEnableOption "enable Emilia's website";
-
- config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.emilia_prod = {
- rootDir = varDir;
- };
- system.activationScripts.emilia = ''
- install -m 0755 -o wwwrun -g wwwrun -d ${varDir}
- '';
- myServices.websites.webappDirs."${webappName}" = siteDir;
- services.websites.env.production.vhostConfs.emilia = {
- certName = "emilia";
- certMainHost = "saison-photo.org";
- hosts = [ "saison-photo.org" "www.saison-photo.org" ];
- root = root;
- extraConfig = [
- ''
- <Directory ${root}>
- DirectoryIndex pause.html
- Options Indexes FollowSymLinks MultiViews Includes
- Require all granted
- </Directory>
- ''
- ];
- };
- };
-}
let
adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; };
secrets = config.myEnv.websites.tellesflorian.integration;
- app = pkgs.webapps.tellesflorian.override { environment = secrets.environment; };
+ app = pkgs.callPackage ./app {
+ environment = secrets.environment;
+ varDir = "/var/lib/florian_app";
+ secretsPath = config.secrets.fullPaths."websites/florian/app";
+ };
cfg = config.myServices.websites.florian.app;
pcfg = config.services.phpApplication;
in {
options.myServices.websites.florian.app.enable = lib.mkEnableOption "enable Florian's app in integration";
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.tellesflorian_dev.rootDir = app.varDir;
- services.phpApplication.apps.florian_dev = {
+ services.duplyBackup.profiles.florian_app.rootDir = app.varDir;
+ services.phpApplication.apps.florian_app = {
websiteEnv = "integration";
httpdUser = config.services.httpd.Inte.user;
httpdGroup = config.services.httpd.Inte.group;
"pm.process_idle_timeout" = "60";
};
phpEnv = {
- SYMFONY_DEBUG_MODE = "yes";
+ SYMFONY_DEBUG_MODE = "\"yes\"";
};
phpWatchFiles = [
- config.secrets.fullPaths."webapps/${app.environment}-tellesflorian"
+ config.secrets.fullPaths."websites/florian/app"
];
};
secrets.keys = [
{
- dest = "webapps/${app.environment}-tellesflorian-passwords";
+ dest = "websites/florian/app_passwords";
user = config.services.httpd.Inte.user;
group = config.services.httpd.Inte.group;
permissions = "0400";
'';
}
{
- dest = "webapps/${app.environment}-tellesflorian";
+ dest = "websites/florian/app";
user = config.services.httpd.Inte.user;
group = config.services.httpd.Inte.group;
permissions = "0400";
];
services.websites.env.integration.modules = adminer.apache.modules;
- services.websites.env.integration.vhostConfs.florian_dev = {
- certName = "integration";
+ services.websites.env.integration.vhostConfs.florian_app = {
+ certName = "integration";
addToCerts = true;
hosts = [ "app.tellesflorian.com" ];
- root = pcfg.webappDirs.florian_dev;
+ root = pcfg.webappDirs.florian_app;
extraConfig = [
''
<FilesMatch "\.php$">
- SetHandler "proxy:unix:${pcfg.phpListenPaths.florian_dev}|fcgi://localhost"
+ SetHandler "proxy:unix:${pcfg.phpListenPaths.florian_app}|fcgi://localhost"
</FilesMatch>
<Location />
Use LDAPConnect
Require ldap-group cn=app.tellesflorian.com,cn=httpd,ou=services,dc=immae,dc=eu
- AuthUserFile "${config.secrets.fullPaths."webapps/${app.environment}-tellesflorian-passwords"}"
+ AuthUserFile "${config.secrets.fullPaths."websites/florian/app_passwords"}"
Require user "invite"
ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://tellesflorian.com\"></html>"
</Location>
- <Directory ${pcfg.webappDirs.florian_dev}>
+ <Directory ${pcfg.webappDirs.florian_app}>
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride None
Require all granted
{ environment ? "prod"
, varDir ? "/var/lib/tellesflorian_${environment}"
+, secretsPath ? "/var/secrets/webapps/${environment}-tellesflorian"
, composerEnv, fetchurl, mylibs }:
let
app = composerEnv.buildPackage (
postInstall = ''
cd $out
rm app/config/parameters.yml
- ln -sf /var/secrets/webapps/${environment}-tellesflorian app/config/parameters.yml
+ ln -sf ${secretsPath} app/config/parameters.yml
rm -rf var/{logs,cache}
ln -sf ${varDir}/var/{logs,cache,sessions} var/
'';
{ lib, pkgs, config, ... }:
let
- adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; };
- cfg = config.myServices.websites.florian.integration;
- varDir = "/var/lib/ftp/florian";
- env = config.myEnv.websites.florian;
+ adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; };
+ cfg = config.myServices.websites.florian.integration;
+ varDir = "/var/lib/ftp/florian/florian.immae.eu";
+ env = config.myEnv.websites.florian;
in {
options.myServices.websites.florian.integration.enable = lib.mkEnableOption "enable Florian's website integration";
security.acme.certs."ftp".extraDomains."florian.immae.eu" = null;
services.websites.env.integration.modules = adminer.apache.modules;
- services.websites.env.integration.vhostConfs.florian = {
+ services.websites.env.integration.vhostConfs.florian_integration = {
certName = "integration";
addToCerts = true;
hosts = [ "florian.immae.eu" ];
- root = "${varDir}/florian.immae.eu";
+ root = varDir;
extraConfig = [
(adminer.apache.vhostConf null)
''
ServerAdmin ${env.server_admin}
- <Directory ${varDir}/florian.immae.eu>
+ <Directory ${varDir}>
DirectoryIndex index.php index.htm index.html
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride None
{ lib, pkgs, config, ... }:
let
- adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; };
- cfg = config.myServices.websites.florian.production;
- varDir = "/var/lib/ftp/florian";
- env = config.myEnv.websites.florian;
+ adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; };
+ cfg = config.myServices.websites.florian.production;
+ varDir = "/var/lib/ftp/florian/tellesflorian.com";
+ env = config.myEnv.websites.florian;
in {
options.myServices.websites.florian.production.enable = lib.mkEnableOption "enable Florian's website production";
security.acme.certs."ftp".extraDomains."tellesflorian.com" = null;
services.websites.env.production.modules = adminer.apache.modules;
- services.websites.env.production.vhostConfs.florian = {
+ services.websites.env.production.vhostConfs.florian_production = {
certName = "florian";
certMainHost = "tellesflorian.com";
hosts = [ "tellesflorian.com" "www.tellesflorian.com" ];
- root = "${varDir}/tellesflorian.com";
+ root = varDir;
extraConfig = [
(adminer.apache.vhostConf null)
''
ServerAdmin ${env.server_admin}
- <Directory ${varDir}/tellesflorian.com>
+ <Directory ${varDir}>
DirectoryIndex index.php index.htm index.html
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride None
config = lib.mkIf cfg.enable {
services.webstats.sites = [ { name = "www.immae.eu"; } ];
- services.websites.env.production.vhostConfs.immae = {
- certName = "eldiron";
- addToCerts = true;
- hosts = [ "www.immae.eu" "immae.eu" ];
- root = varDir;
- extraConfig = [
+ services.websites.env.production.vhostConfs.immae_production = {
+ certName = "immae";
+ addToCerts = true;
+ certMainHost = "www.immae.eu";
+ hosts = [ "www.immae.eu" "immae.eu" ];
+ root = varDir;
+ extraConfig = [
''
Use Stats www.immae.eu
];
};
- services.websites.env.production.vhostConfs.immaeFr = {
- certName = "eldiron";
+ services.websites.env.production.vhostConfs.immae_fr = {
+ certName = "immae";
addToCerts = true;
hosts = [ "www.immae.fr" "immae.fr" ];
root = null;
'' ];
};
- services.websites.env.production.vhostConfs.bouya = {
- certName = "eldiron";
+ services.websites.env.production.vhostConfs.immae_bouya = {
+ certName = "immae";
addToCerts = true;
hosts = [ "bouya.org" "www.bouya.org" ];
root = null;
config = lib.mkIf cfg.enable {
services.webstats.sites = [ { name = "release.immae.eu"; } ];
- services.websites.env.production.vhostConfs.release = {
- certName = "eldiron";
+ services.websites.env.production.vhostConfs.immae_release = {
+ certName = "immae";
addToCerts = true;
hosts = [ "release.immae.eu" ];
root = varDir;
config = lib.mkIf cfg.enable {
services.websites.env.production.modules = [ "headers" ];
- services.websites.env.production.vhostConfs.temp = {
- certName = "eldiron";
+ services.websites.env.production.vhostConfs.immae_temp = {
+ certName = "immae";
addToCerts = true;
hosts = [ "temp.immae.eu" ];
root = varDir;
{ lib, pkgs, config, ... }:
let
secrets = config.myEnv.websites.isabelle.aten_integration;
- app = pkgs.webapps.aten.override { environment = secrets.environment; };
+ app = pkgs.callPackage ./aten_app {
+ environment = secrets.environment;
+ varDir = "/var/lib/isabelle_aten_integration";
+ };
cfg = config.myServices.websites.isabelle.aten_integration;
pcfg = config.services.phpApplication;
in {
options.myServices.websites.isabelle.aten_integration.enable = lib.mkEnableOption "enable Aten's website in integration";
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.aten_dev.rootDir = app.varDir;
- services.phpApplication.apps.aten_dev = {
+ services.duplyBackup.profiles.isabelle_aten_integration.rootDir = app.varDir;
+ services.phpApplication.apps.isabelle_aten_integration = {
websiteEnv = "integration";
httpdUser = config.services.httpd.Inte.user;
httpdGroup = config.services.httpd.Inte.group;
httpdWatchFiles = [
- config.secrets.fullPaths."webapps/${app.environment}-aten"
+ config.secrets.fullPaths."websites/isabelle/aten_integration"
];
inherit (app) webRoot varDir;
inherit app;
"pm.process_idle_timeout" = "60";
};
phpEnv = {
- SYMFONY_DEBUG_MODE = "yes";
+ SYMFONY_DEBUG_MODE = "\"yes\"";
};
};
secrets.keys = [{
- dest = "webapps/${app.environment}-aten";
+ dest = "websites/isabelle/aten_integration";
user = config.services.httpd.Inte.user;
group = config.services.httpd.Inte.group;
permissions = "0400";
SetEnv DATABASE_URL "${psql_url}"
'';
}];
- services.websites.env.integration.vhostConfs.aten_dev = {
+ services.websites.env.integration.vhostConfs.isabelle_aten_integration = {
certName = "integration";
addToCerts = true;
hosts = [ "dev.aten.pro" ];
- root = pcfg.webappDirs.aten_dev;
+ root = pcfg.webappDirs.isabelle_aten_integration;
extraConfig = [
''
<FilesMatch "\.php$">
- SetHandler "proxy:unix:${pcfg.phpListenPaths.aten_dev}|fcgi://localhost"
+ SetHandler "proxy:unix:${pcfg.phpListenPaths.isabelle_aten_integration}|fcgi://localhost"
</FilesMatch>
- Include ${config.secrets.fullPaths."webapps/${app.environment}-aten"}
+ Include ${config.secrets.fullPaths."websites/isabelle/aten_integration"}
<Location />
Use LDAPConnect
ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
</Location>
- <Directory ${pcfg.webappDirs.aten_dev}>
+ <Directory ${pcfg.webappDirs.isabelle_aten_integration}>
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride All
Require all granted
{ lib, pkgs, config, ... }:
let
secrets = config.myEnv.websites.isabelle.aten_production;
- app = pkgs.webapps.aten.override { environment = secrets.environment; };
+ app = pkgs.callPackage ./aten_app {
+ environment = secrets.environment;
+ varDir = "/var/lib/isabelle_aten_production";
+ };
cfg = config.myServices.websites.isabelle.aten_production;
pcfg = config.services.phpApplication;
in {
options.myServices.websites.isabelle.aten_production.enable = lib.mkEnableOption "enable Aten's website in production";
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.aten_prod.rootDir = app.varDir;
+ services.duplyBackup.profiles.isabelle_aten_production.rootDir = app.varDir;
services.webstats.sites = [ { name = "aten.pro"; } ];
- services.phpApplication.apps.aten_prod = {
+ services.phpApplication.apps.isabelle_aten_production = {
websiteEnv = "production";
httpdUser = config.services.httpd.Prod.user;
httpdGroup = config.services.httpd.Prod.group;
httpdWatchFiles = [
- config.secrets.fullPaths."webapps/${app.environment}-aten"
+ config.secrets.fullPaths."websites/isabelle/aten_production"
];
inherit (app) webRoot varDir;
inherit app;
};
secrets.keys = [{
- dest = "webapps/${app.environment}-aten";
+ dest = "websites/isabelle/aten_production";
user = config.services.httpd.Prod.user;
group = config.services.httpd.Prod.group;
permissions = "0400";
SetEnv DATABASE_URL "${psql_url}"
'';
}];
- services.websites.env.production.vhostConfs.aten_prod = {
- certName = "aten";
+ services.websites.env.production.vhostConfs.isabelle_aten_production = {
+ certName = "isabelle";
certMainHost = "aten.pro";
hosts = [ "aten.pro" "www.aten.pro" ];
- root = pcfg.webappDirs.aten_prod;
+ root = pcfg.webappDirs.isabelle_aten_production;
extraConfig = [
''
<FilesMatch "\.php$">
- SetHandler "proxy:unix:${pcfg.phpListenPaths.aten_prod}|fcgi://localhost"
+ SetHandler "proxy:unix:${pcfg.phpListenPaths.isabelle_aten_production}|fcgi://localhost"
</FilesMatch>
- Include ${config.secrets.fullPaths."webapps/${app.environment}-aten"}
+ Include ${config.secrets.fullPaths."websites/isabelle/aten_production"}
Use Stats aten.pro
ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
</Location>
- <Directory ${pcfg.webappDirs.aten_prod}>
+ <Directory ${pcfg.webappDirs.isabelle_aten_production}>
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride All
Require all granted
{ lib, pkgs, config, ... }:
let
- iridologie = pkgs.callPackage ./spip_builder.nix {
- inherit (pkgs.webapps) iridologie;
- config = config.myEnv.websites.isabelle.iridologie;
- apacheUser = config.services.httpd.Prod.user;
- apacheGroup = config.services.httpd.Prod.group;
+ icfg = config.myEnv.websites.isabelle.iridologie;
+ cfg = config.myServices.websites.isabelle.iridologie;
+ app = pkgs.callPackage ./iridologie_app {
+ inherit (icfg) environment;
+ inherit (pkgs.webapps) spip;
+ varDir = "/var/lib/isabelle_iridologie";
};
- cfg = config.myServices.websites.isabelle.iridologie;
+ apacheUser = config.services.httpd.Prod.user;
+ apacheGroup = config.services.httpd.Prod.group;
+ webappdir = config.services.websites.webappDirsPaths.isabelle_iridologie;
+ secretsPath = config.secrets.fullPaths."websites/isabelle/iridologie";
in {
options.myServices.websites.isabelle.iridologie.enable = lib.mkEnableOption "enable Iridologie's website";
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.iridologie_prod.rootDir = iridologie.app.varDir;
- secrets.keys = iridologie.keys;
+ services.duplyBackup.profiles.isabelle_iridologie.rootDir = app.varDir;
+ secrets.keys = [
+ {
+ dest = "websites/isabelle/iridologie";
+ user = apacheUser;
+ group = apacheGroup;
+ permissions = "0400";
+ text = ''
+ SetEnv SPIP_CONFIG_DIR "${./config}"
+ SetEnv SPIP_VAR_DIR "${app.varDir}"
+ SetEnv SPIP_SITE "iridologie-${app.environment}"
+ SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu"
+ SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu"
+ SetEnv SPIP_LDAP_SEARCH_DN "${icfg.ldap.dn}"
+ SetEnv SPIP_LDAP_SEARCH_PW "${icfg.ldap.password}"
+ SetEnv SPIP_LDAP_SEARCH "${icfg.ldap.filter}"
+ SetEnv SPIP_MYSQL_HOST "${icfg.mysql.host}"
+ SetEnv SPIP_MYSQL_PORT "${icfg.mysql.port}"
+ SetEnv SPIP_MYSQL_DB "${icfg.mysql.database}"
+ SetEnv SPIP_MYSQL_USER "${icfg.mysql.user}"
+ SetEnv SPIP_MYSQL_PASSWORD "${icfg.mysql.password}"
+ '';
+ }
+ ];
services.webstats.sites = [ { name = "iridologie.icommandeur.org"; } ];
- systemd.services.phpfpm-iridologie.after = lib.mkAfter iridologie.phpFpm.serviceDeps;
- systemd.services.phpfpm-iridologie.wants = iridologie.phpFpm.serviceDeps;
- services.phpfpm.pools.iridologie = {
+ systemd.services.phpfpm-isabelle_iridologie.after = lib.mkAfter [ "mysql.service" ];
+ systemd.services.phpfpm-isabelle_iridologie.wants = [ "mysql.service" ];
+ services.phpfpm.pools.isabelle_iridologie = {
user = config.services.httpd.Prod.user;
group = config.services.httpd.Prod.group;
- settings = iridologie.phpFpm.pool;
+ settings = {
+ "listen.owner" = "${apacheUser}";
+ "listen.group" = "${apacheGroup}";
+ "php_admin_value[upload_max_filesize]" = "20M";
+ "php_admin_value[post_max_size]" = "20M";
+ #"php_admin_flag[log_errors]" = "on";
+ "php_admin_value[open_basedir]" = "${app.spipConfig}:${./config}:${app}:${app.varDir}:/tmp";
+ "php_admin_value[session.save_path]" = "${app.varDir}/phpSessions";
+ "pm" = "dynamic";
+ "pm.max_children" = "20";
+ "pm.start_servers" = "2";
+ "pm.min_spare_servers" = "1";
+ "pm.max_spare_servers" = "3";
+ };
phpOptions = config.services.phpfpm.phpOptions + ''
extension=${pkgs.php}/lib/php/extensions/mysqli.so
'';
};
- system.activationScripts.iridologie = iridologie.activationScript;
- myServices.websites.webappDirs."${iridologie.apache.webappName}" = iridologie.app.webRoot;
- services.websites.env.production.modules = iridologie.apache.modules;
- services.websites.env.production.vhostConfs.iridologie = {
- certName = "aten";
+ system.activationScripts.isabelle_iridologie = {
+ deps = [ "wrappers" ];
+ text = ''
+ install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local
+ install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions
+ '';
+ };
+ services.websites.webappDirs.isabelle_iridologie = app.webRoot;
+ services.websites.env.production.modules = [ "proxy_fcgi" ];
+ services.websites.env.production.vhostConfs.isabelle_iridologie = {
+ certName = "isabelle";
addToCerts = true;
hosts = [ "iridologie.icommandeur.org" "icommandeur.org" "www.icommandeur.org" ];
- root = iridologie.apache.root;
+ root = webappdir;
extraConfig = [
''
RewriteEngine On
RewriteCond "%{HTTP_HOST}" "!^iridologie\.icommandeur\.org$" [NC]
RewriteRule ^(.+)$ https://iridologie.icommandeur.org$1 [R=302,L]
+
+ Include ${secretsPath}
+
+ RewriteEngine On
+
+ <FilesMatch "\.php$">
+ SetHandler "proxy:unix:${config.services.phpfpm.pools.isabelle_iridologie.socket}|fcgi://localhost"
+ </FilesMatch>
+
+ <Directory ${webappdir}>
+ DirectoryIndex index.php index.htm index.html
+ Options -Indexes +FollowSymLinks +MultiViews +Includes
+ Include ${webappdir}/htaccess.txt
+
+ AllowOverride AuthConfig FileInfo Limit
+ Require all granted
+ </Directory>
+
+ <DirectoryMatch "${webappdir}/squelettes">
+ Require all denied
+ </DirectoryMatch>
+
+ <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$">
+ Require all denied
+ </FilesMatch>
+
+ Use Stats iridologie.icommandeur.org
''
- (iridologie.apache.vhostConf config.services.phpfpm.pools.iridologie.socket)
];
};
services.websites.env.production.watchPaths = [
- "/var/secrets/webapps/${iridologie.app.environment}-iridologie"
+ secretsPath
];
};
}
spip.override {
ldap = true;
siteName = "iridologie";
- inherit environment siteDir;
+ inherit environment siteDir varDir;
}
+++ /dev/null
-{ apacheUser, apacheGroup, iridologie, config }:
-rec {
- app = iridologie.override { inherit (config) environment; };
- phpFpm = rec {
- serviceDeps = [ "mysql.service" ];
- pool = {
- "listen.owner" = "${apacheUser}";
- "listen.group" = "${apacheGroup}";
- "php_admin_value[upload_max_filesize]" = "20M";
- "php_admin_value[post_max_size]" = "20M";
- #"php_admin_flag[log_errors]" = "on";
- "php_admin_value[open_basedir]" = "${app.spipConfig}:${configDir}:${app}:${app.varDir}:/tmp";
- "php_admin_value[session.save_path]" = "${app.varDir}/phpSessions";
- } // (if app.environment == "dev" then {
- "pm" = "ondemand";
- "pm.max_children" = "5";
- "pm.process_idle_timeout" = "60";
- } else {
- "pm" = "dynamic";
- "pm.max_children" = "20";
- "pm.start_servers" = "2";
- "pm.min_spare_servers" = "1";
- "pm.max_spare_servers" = "3";
- });
- };
- keys = [{
- dest = "webapps/${app.environment}-iridologie";
- user = apacheUser;
- group = apacheGroup;
- permissions = "0400";
- text = ''
- SetEnv SPIP_CONFIG_DIR "${configDir}"
- SetEnv SPIP_VAR_DIR "${app.varDir}"
- SetEnv SPIP_SITE "iridologie-${app.environment}"
- SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu"
- SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu"
- SetEnv SPIP_LDAP_SEARCH_DN "${config.ldap.dn}"
- SetEnv SPIP_LDAP_SEARCH_PW "${config.ldap.password}"
- SetEnv SPIP_LDAP_SEARCH "${config.ldap.filter}"
- SetEnv SPIP_MYSQL_HOST "${config.mysql.host}"
- SetEnv SPIP_MYSQL_PORT "${config.mysql.port}"
- SetEnv SPIP_MYSQL_DB "${config.mysql.database}"
- SetEnv SPIP_MYSQL_USER "${config.mysql.user}"
- SetEnv SPIP_MYSQL_PASSWORD "${config.mysql.password}"
- '';
- }];
- apache = rec {
- modules = [ "proxy_fcgi" ];
- webappName = "iridologie_${app.environment}";
- root = "/run/current-system/webapps/${webappName}";
- vhostConf = socket: ''
- Include /var/secrets/webapps/${app.environment}-iridologie
-
- RewriteEngine On
-
- <FilesMatch "\.php$">
- SetHandler "proxy:unix:${socket}|fcgi://localhost"
- </FilesMatch>
-
- <Directory ${root}>
- DirectoryIndex index.php index.htm index.html
- Options -Indexes +FollowSymLinks +MultiViews +Includes
- Include ${root}/htaccess.txt
-
- AllowOverride AuthConfig FileInfo Limit
- Require all granted
- </Directory>
-
- <DirectoryMatch "${root}/squelettes">
- Require all denied
- </DirectoryMatch>
-
- <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$">
- Require all denied
- </FilesMatch>
-
- ${if app.environment == "dev" then ''
- <Location />
- Use LDAPConnect
- Require ldap-group cn=isabelle.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
- ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://iridologie.icommandeur.org\"></html>"
- </Location>
- '' else ''
- Use Stats iridologie.icommandeur.org
- ''}
- '';
- };
- activationScript = {
- deps = [ "wrappers" ];
- text = ''
- install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local
- install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions
- '';
- };
- configDir = ./config;
-}
{ lib, pkgs, config, ... }:
let
adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; };
- cfg = config.myServices.websites.naturaloutil.production;
+ cfg = config.myServices.websites.jerome.naturaloutil;
varDir = "/var/lib/ftp/jerome";
env = config.myEnv.websites.jerome;
+ apacheUser = config.services.httpd.Prod.user;
+ apacheGroup = config.services.httpd.Prod.group;
+ secretsPath = config.secrets.fullPaths."websites/jerome/naturaloutil";
in {
- options.myServices.websites.naturaloutil.production.enable = lib.mkEnableOption "enable Naturaloutil's website";
+ options.myServices.websites.jerome.naturaloutil.enable = lib.mkEnableOption "enable Jerome Naturaloutil's website";
config = lib.mkIf cfg.enable {
services.webstats.sites = [ { name = "naturaloutil.immae.eu"; } ];
security.acme.certs."ftp".extraDomains."naturaloutil.immae.eu" = null;
secrets.keys = [{
- dest = "webapps/prod-naturaloutil";
- user = "wwwrun";
- group = "wwwrun";
+ dest = "websites/jerome/naturaloutil";
+ user = apacheUser;
+ group = apacheGroup;
permissions = "0400";
text = ''
<?php
?>
'';
}];
- system.activationScripts.naturaloutil = {
+ system.activationScripts.jerome_naturaloutil = {
deps = [ "httpd" ];
text = ''
- install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/naturaloutil
+ install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/jerome_naturaloutil
'';
};
- systemd.services.phpfpm-jerome.after = lib.mkAfter [ "mysql.service" ];
- systemd.services.phpfpm-jerome.wants = [ "mysql.service" ];
- services.phpfpm.pools.jerome = {
- user = "wwwrun";
- group = "wwwrun";
+ systemd.services.phpfpm-jerome_naturaloutil.after = lib.mkAfter [ "mysql.service" ];
+ systemd.services.phpfpm-jerome_naturaloutil.wants = [ "mysql.service" ];
+ services.phpfpm.pools.jerome_naturaloutil = {
+ user = apacheUser;
+ group = apacheGroup;
settings = {
- "listen.owner" = "wwwrun";
- "listen.group" = "wwwrun";
+ "listen.owner" = apacheUser;
+ "listen.group" = apacheGroup;
"pm" = "ondemand";
"pm.max_children" = "5";
"pm.process_idle_timeout" = "60";
- "php_admin_value[open_basedir]" = "/var/lib/php/sessions/naturaloutil:/var/secrets/webapps/prod-naturaloutil:${varDir}:/tmp";
- "php_admin_value[session.save_path]" = "/var/lib/php/sessions/naturaloutil";
+ "php_admin_value[open_basedir]" = "/var/lib/php/sessions/jerome_naturaloutil:${secretsPath}:${varDir}:/tmp";
+ "php_admin_value[session.save_path]" = "/var/lib/php/sessions/jerome_naturaloutil";
};
phpEnv = {
- BDD_CONNECT = "/var/secrets/webapps/prod-naturaloutil";
+ BDD_CONNECT = secretsPath;
};
phpOptions = config.services.phpfpm.phpOptions + ''
extension=${pkgs.php}/lib/php/extensions/mysqli.so
'';
};
services.websites.env.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ];
- services.websites.env.production.vhostConfs.naturaloutil = {
- certName = "naturaloutil";
+ services.websites.env.production.vhostConfs.jerome_naturaloutil = {
+ certName = "jerome";
certMainHost = "naturaloutil.immae.eu";
hosts = ["naturaloutil.immae.eu" ];
root = varDir;
CustomLog "${varDir}/logs/access_log" combined
<FilesMatch "\.php$">
- SetHandler "proxy:unix:${config.services.phpfpm.pools.jerome.socket}|fcgi://localhost"
+ SetHandler "proxy:unix:${config.services.phpfpm.pools.jerome_naturaloutil.socket}|fcgi://localhost"
</FilesMatch>
<Directory ${varDir}/logs>
let
cfg = config.myServices.websites.leila.production;
varDir = "/var/lib/ftp/leila";
+ apacheUser = config.services.httpd.Prod.user;
+ apacheGroup = config.services.httpd.Prod.group;
in {
options.myServices.websites.leila.production.enable = lib.mkEnableOption "enable Leila's websites in production";
config = lib.mkIf cfg.enable {
services.phpfpm.pools.leila = {
- user = "wwwrun";
- group = "wwwrun";
+ user = apacheUser;
+ group = apacheGroup;
settings = {
- "listen.owner" = "wwwrun";
- "listen.group" = "wwwrun";
+ "listen.owner" = apacheUser;
+ "listen.group" = apacheGroup;
"pm" = "ondemand";
"pm.max_children" = "5";
{ environment ? "prod"
, varDir ? "/var/lib/ludivinecassal_${environment}"
+, secretsPath ? "/var/secrets/webapps/${environment}-ludivinecassal"
, composerEnv, fetchurl, fetchgit, imagemagick, sass, ruby, mylibs }:
let
app = composerEnv.buildPackage (
postInstall = ''
rm -rf var/{logs,cache,data,miniatures,tmp}
ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/
- ln -sf /var/secrets/webapps/${environment}-ludivinecassal app/config/parameters.yml
+ ln -sf ${secretsPath} app/config/parameters.yml
'';
buildInputs = [ sass ];
passthru = {
{ lib, pkgs, config, ... }:
let
- secrets = config.myEnv.websites.ludivinecassal.integration;
- app = pkgs.webapps.ludivinecassal.override { environment = secrets.environment; };
- cfg = config.myServices.websites.ludivinecassal.integration;
+ secrets = config.myEnv.websites.ludivine.integration;
+ app = pkgs.callPackage ./app {
+ environment = secrets.environment;
+ varDir = "/var/lib/ludivine_integration";
+ secretsPath = config.secrets.fullPaths."websites/ludivine/integration";
+ };
+ cfg = config.myServices.websites.ludivine.integration;
pcfg = config.services.phpApplication;
in {
- options.myServices.websites.ludivinecassal.integration.enable = lib.mkEnableOption "enable Ludivine's website in integration";
+ options.myServices.websites.ludivine.integration.enable = lib.mkEnableOption "enable Ludivine's website in integration";
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.ludivinecassal_dev.rootDir = app.varDir;
- services.phpApplication.apps.ludivinecassal_dev = {
+ services.duplyBackup.profiles.ludivine_integration.rootDir = app.varDir;
+ services.phpApplication.apps.ludivine_integration = {
websiteEnv = "integration";
httpdUser = config.services.httpd.Inte.user;
httpdGroup = config.services.httpd.Inte.group;
"pm.process_idle_timeout" = "60";
};
phpEnv = {
- SYMFONY_DEBUG_MODE = "yes";
+ PATH = lib.makeBinPath [
+ # below ones don't need to be in the PATH but they’re used in
+ # secrets
+ pkgs.imagemagick pkgs.sass pkgs.ruby
+ ];
+ SYMFONY_DEBUG_MODE = "\"yes\"";
};
phpWatchFiles = [
- config.secrets.fullPaths."webapps/${app.environment}-ludivinecassal"
+ config.secrets.fullPaths."websites/ludivine/integration"
];
};
secrets.keys = [
{
- dest = "webapps/${app.environment}-ludivinecassal";
+ dest = "websites/ludivine/integration";
user = config.services.httpd.Inte.user;
group = config.services.httpd.Inte.group;
permissions = "0400";
}
];
- services.websites.env.integration.vhostConfs.ludivinecassal_dev = {
- certName = "integration";
+ services.websites.env.integration.vhostConfs.ludivine_integration = {
+ certName = "integration";
addToCerts = true;
hosts = [ "ludivine.immae.eu" ];
- root = pcfg.webappDirs.ludivinecassal_dev;
+ root = pcfg.webappDirs.ludivine_integration;
extraConfig = [
''
<FilesMatch "\.php$">
- SetHandler "proxy:unix:${pcfg.phpListenPaths.ludivinecassal_dev}|fcgi://localhost"
+ SetHandler "proxy:unix:${pcfg.phpListenPaths.ludivine_integration}|fcgi://localhost"
</FilesMatch>
<Location />
ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://ludivinecassal.com\"></html>"
</Location>
- <Directory ${pcfg.webappDirs.ludivinecassal_dev}>
+ <Directory ${pcfg.webappDirs.ludivine_integration}>
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride None
Require all granted
{ lib, pkgs, config, ... }:
let
- secrets = config.myEnv.websites.ludivinecassal.production;
- app = pkgs.webapps.ludivinecassal.override { environment = secrets.environment; };
+ secrets = config.myEnv.websites.ludivine.production;
+ app = pkgs.callPackage ./app {
+ environment = secrets.environment;
+ varDir = "/var/lib/ludivine_production";
+ secretsPath = config.secrets.fullPaths."websites/ludivine/production";
+ };
pcfg = config.services.phpApplication;
- cfg = config.myServices.websites.ludivinecassal.production;
+ cfg = config.myServices.websites.ludivine.production;
in {
- options.myServices.websites.ludivinecassal.production.enable = lib.mkEnableOption "enable Ludivine's website in production";
+ options.myServices.websites.ludivine.production.enable = lib.mkEnableOption "enable Ludivine's website in production";
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.ludivinecassal_prod.rootDir = app.varDir;
+ services.duplyBackup.profiles.ludivine_production.rootDir = app.varDir;
services.webstats.sites = [ { name = "ludivinecassal.com"; } ];
- services.phpApplication.apps.ludivinecassal_prod = {
+ services.phpApplication.apps.ludivine_production = {
websiteEnv = "production";
httpdUser = config.services.httpd.Prod.user;
httpdGroup = config.services.httpd.Prod.group;
"pm.max_spare_servers" = "3";
};
phpWatchFiles = [
- config.secrets.fullPaths."webapps/${app.environment}-ludivinecassal"
+ config.secrets.fullPaths."websites/ludivine/production"
];
+ phpEnv = {
+ PATH = lib.makeBinPath [
+ # below ones don't need to be in the PATH but they’re used in
+ # secrets
+ pkgs.imagemagick pkgs.sass pkgs.ruby
+ ];
+ };
};
secrets.keys = [
{
- dest = "webapps/${app.environment}-ludivinecassal";
+ dest = "websites/ludivine/production";
user = config.services.httpd.Prod.user;
group = config.services.httpd.Prod.group;
permissions = "0400";
}
];
- services.websites.env.production.vhostConfs.ludivinecassal_prod = {
- certName = "ludivinecassal";
+ services.websites.env.production.vhostConfs.ludivine_production = {
+ certName = "ludivine";
certMainHost = "ludivinecassal.com";
hosts = ["ludivinecassal.com" "www.ludivinecassal.com" ];
- root = pcfg.webappDirs.ludivinecassal_prod;
+ root = pcfg.webappDirs.ludivine_production;
extraConfig = [
''
RewriteEngine on
RewriteRule ^(.+)$ https://ludivinecassal.com$1 [R=302,L]
<FilesMatch "\.php$">
- SetHandler "proxy:unix:${pcfg.phpListenPaths.ludivinecassal_prod}|fcgi://localhost"
+ SetHandler "proxy:unix:${pcfg.phpListenPaths.ludivine_production}|fcgi://localhost"
</FilesMatch>
Use Stats ludivinecassal.com
- <Directory ${pcfg.webappDirs.ludivinecassal_prod}>
+ <Directory ${pcfg.webappDirs.ludivine_production}>
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride All
Require all granted
cfg = config.myServices.websites.nassime.production;
varDir = "/var/lib/ftp/nassime";
env = config.myEnv.websites.nassime;
+ domain = "nassime.bouya.org";
in {
options.myServices.websites.nassime.production.enable = lib.mkEnableOption "enable Nassime's website";
config = lib.mkIf cfg.enable {
- services.webstats.sites = [ { name = "nassime.bouya.org"; } ];
+ services.webstats.sites = [ { name = domain; } ];
- security.acme.certs."ftp".extraDomains."nassime.bouya.org" = null;
+ security.acme.certs."ftp".extraDomains."${domain}" = null;
services.websites.env.production.vhostConfs.nassime = {
certName = "nassime";
- certMainHost = "nassime.bouya.org";
- hosts = ["nassime.bouya.org" ];
+ certMainHost = domain;
+ hosts = [ domain ];
root = varDir;
extraConfig = [
''
- Use Stats nassime.bouya.org
+ Use Stats ${domain}
ServerAdmin ${env.server_admin}
<Directory ${varDir}>
- DirectoryIndex index.php index.htm index.html
+ DirectoryIndex index.htm index.html
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride None
Require all granted
let
cfg = config.myServices.websites.papa.maison_bbc;
varDir = "/var/lib/ftp/papa/site";
+ apacheUser = config.services.httpd.Prod.user;
+ apacheGroup = config.services.httpd.Prod.group;
in {
options.myServices.websites.papa.maison_bbc.enable = lib.mkEnableOption "enable Papa Maison bbc website";
services.duplyBackup.profiles.papa_maison_bbc.rootDir = varDir;
services.webstats.sites = [ { name = "maison.bbc.bouya.org"; } ];
services.phpfpm.pools.papa_maison_bbc = {
- user = "wwwrun";
- group = "wwwrun";
+ user = apacheUser;
+ group = apacheGroup;
settings = {
- "listen.owner" = "wwwrun";
- "listen.group" = "wwwrun";
+ "listen.owner" = apacheUser;
+ "listen.group" = apacheGroup;
"pm" = "ondemand";
"pm.max_children" = "5";
let
cfg = config.myServices.websites.papa.surveillance;
varDir = "/var/lib/ftp/papa";
+ apacheUser = config.services.httpd.Prod.user;
in {
options.myServices.websites.papa.surveillance.enable = lib.mkEnableOption "enable Papa surveillance's website";
in
[
''
- 0 6 * * * wwwrun ${script}
+ 0 6 * * * ${apacheUser} ${script}
''
];
};
- services.websites.env.production.vhostConfs.papa = {
+ services.websites.env.production.vhostConfs.papa_surveillance = {
certName = "papa";
certMainHost = "surveillance.maison.bbc.bouya.org";
hosts = [ "surveillance.maison.bbc.bouya.org" ];
{ environment ? "prod"
, varDir ? "/var/lib/piedsjaloux_${environment}"
+, secretsPath ? "/var/secrets/webapps/${environment}-piedsjaloux"
, composerEnv, fetchurl, fetchgit, mylibs }:
let
app = composerEnv.buildPackage (
postInstall = ''
cd $out
rm app/config/parameters.yml
- ln -sf /var/secrets/webapps/${environment}-piedsjaloux app/config/parameters.yml
+ ln -sf ${secretsPath} app/config/parameters.yml
rm -rf var/{logs,cache,data,miniatures,tmp}
ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/
'';
passthru = {
- inherit varDir environment;
+ inherit varDir environment secretsPath;
webRoot = "${app}/web";
};
});
{ lib, pkgs, config, ... }:
let
secrets = config.myEnv.websites.piedsjaloux.integration;
- app = pkgs.webapps.piedsjaloux.override { environment = secrets.environment; };
+ app = pkgs.callPackage ./app {
+ environment = secrets.environment;
+ varDir = "/var/lib/piedsjaloux_integration";
+ secretsPath = config.secrets.fullPaths."websites/piedsjaloux/integration";
+ };
cfg = config.myServices.websites.piedsjaloux.integration;
pcfg = config.services.phpApplication;
+ texlive = pkgs.texlive.combine { inherit (pkgs.texlive) attachfile preprint scheme-small; };
in {
options.myServices.websites.piedsjaloux.integration.enable = lib.mkEnableOption "enable PiedsJaloux's website in integration";
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.piedsjaloux_dev.rootDir = app.varDir;
- services.phpApplication.apps.piedsjaloux_dev = {
+ services.duplyBackup.profiles.piedsjaloux_integration.rootDir = app.varDir;
+ services.phpApplication.apps.piedsjaloux_integration = {
websiteEnv = "integration";
httpdUser = config.services.httpd.Inte.user;
httpdGroup = config.services.httpd.Inte.group;
"pm.process_idle_timeout" = "60";
};
phpEnv = {
- PATH = lib.makeBinPath [ pkgs.apg pkgs.unzip ];
- SYMFONY_DEBUG_MODE = "yes";
+ PATH = lib.makeBinPath [
+ pkgs.apg pkgs.unzip
+ # below ones don't need to be in the PATH but they’re used in
+ # secrets
+ pkgs.imagemagick texlive
+ ];
+ SYMFONY_DEBUG_MODE = "\"yes\"";
};
phpWatchFiles = [
- config.secrets.fullPaths."webapps/${app.environment}-piedsjaloux"
+ app.secretsPath
];
};
secrets.keys = [
{
- dest = "webapps/${app.environment}-piedsjaloux";
+ dest = "websites/piedsjaloux/integration";
user = config.services.httpd.Inte.user;
group = config.services.httpd.Inte.group;
permissions = "0400";
mailer_user: null
mailer_password: null
secret: ${secrets.secret}
- pdflatex: "${pkgs.texlive.combine { inherit (pkgs.texlive) attachfile preprint scheme-small; }}/bin/pdflatex"
+ pdflatex: "${texlive}/bin/pdflatex"
leapt_im:
binary_path: ${pkgs.imagemagick}/bin
'';
}
];
- services.websites.env.integration.vhostConfs.piedsjaloux_dev = {
+ services.websites.env.integration.vhostConfs.piedsjaloux_integration = {
certName = "integration";
addToCerts = true;
hosts = [ "piedsjaloux.immae.eu" ];
- root = pcfg.webappDirs.piedsjaloux_dev;
+ root = pcfg.webappDirs.piedsjaloux_integration;
extraConfig = [
''
<FilesMatch "\.php$">
- SetHandler "proxy:unix:${pcfg.phpListenPaths.piedsjaloux_dev}|fcgi://localhost"
+ SetHandler "proxy:unix:${pcfg.phpListenPaths.piedsjaloux_integration}|fcgi://localhost"
</FilesMatch>
<Location />
ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://piedsjaloux.fr\"></html>"
</Location>
- <Directory ${pcfg.webappDirs.piedsjaloux_dev}>
+ <Directory ${pcfg.webappDirs.piedsjaloux_integration}>
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride None
Require all granted
{ lib, pkgs, config, ... }:
let
secrets = config.myEnv.websites.piedsjaloux.production;
- app = pkgs.webapps.piedsjaloux.override { environment = secrets.environment; };
+ app = pkgs.callPackage ./app {
+ environment = secrets.environment;
+ varDir = "/var/lib/piedsjaloux_production";
+ secretsPath = config.secrets.fullPaths."websites/piedsjaloux/production";
+ };
cfg = config.myServices.websites.piedsjaloux.production;
pcfg = config.services.phpApplication;
+ texlive = pkgs.texlive.combine { inherit (pkgs.texlive) attachfile preprint scheme-small; };
in {
options.myServices.websites.piedsjaloux.production.enable = lib.mkEnableOption "enable PiedsJaloux's website in production";
config = lib.mkIf cfg.enable {
- services.duplyBackup.profiles.piedsjaloux_prod.rootDir = app.varDir;
+ services.duplyBackup.profiles.piedsjaloux_production.rootDir = app.varDir;
services.webstats.sites = [ { name = "piedsjaloux.fr"; } ];
- services.phpApplication.apps.piedsjaloux_prod = {
+ services.phpApplication.apps.piedsjaloux_production = {
websiteEnv = "production";
httpdUser = config.services.httpd.Prod.user;
httpdGroup = config.services.httpd.Prod.group;
"pm.max_spare_servers" = "3";
};
phpEnv = {
- PATH = lib.makeBinPath [ pkgs.apg pkgs.unzip ];
+ PATH = lib.makeBinPath [
+ pkgs.apg pkgs.unzip
+ # below ones don't need to be in the PATH but they’re used in
+ # secrets
+ pkgs.imagemagick texlive
+ ];
};
phpWatchFiles = [
- config.secrets.fullPaths."webapps/${app.environment}-piedsjaloux"
+ app.secretsPath
];
};
secrets.keys = [
{
- dest = "webapps/${app.environment}-piedsjaloux";
+ dest = "websites/piedsjaloux/production";
user = config.services.httpd.Prod.user;
group = config.services.httpd.Prod.group;
permissions = "0400";
mailer_user: null
mailer_password: null
secret: ${secrets.secret}
- pdflatex: "${pkgs.texlive.combine { inherit (pkgs.texlive) attachfile preprint scheme-small; }}/bin/pdflatex"
+ pdflatex: "${texlive}/bin/pdflatex"
leapt_im:
binary_path: ${pkgs.imagemagick}/bin
'';
}
];
- services.websites.env.production.vhostConfs.piedsjaloux_prod = {
+ services.websites.env.production.vhostConfs.piedsjaloux_production = {
certName = "piedsjaloux";
certMainHost = "piedsjaloux.fr";
hosts = [ "piedsjaloux.fr" "www.piedsjaloux.fr" ];
- root = pcfg.webappDirs.piedsjaloux_prod;
+ root = pcfg.webappDirs.piedsjaloux_production;
extraConfig = [
''
RewriteEngine on
RewriteRule ^(.+)$ https://www.piedsjaloux.fr$1 [R=302,L]
<FilesMatch "\.php$">
- SetHandler "proxy:unix:${pcfg.phpListenPaths.piedsjaloux_prod}|fcgi://localhost"
+ SetHandler "proxy:unix:${pcfg.phpListenPaths.piedsjaloux_production}|fcgi://localhost"
</FilesMatch>
Use Stats piedsjaloux.fr
- <Directory ${pcfg.webappDirs.piedsjaloux_prod}>
+ <Directory ${pcfg.webappDirs.piedsjaloux_production}>
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride All
Require all granted
{ lib, config, pkgs, ... }:
let
- cfg = config.myServices.websites.emilia.richie_production;
+ cfg = config.myServices.websites.richie.production;
vardir = "/var/lib/richie_production";
richieSrc = pkgs.stdenv.mkDerivation (pkgs.mylibs.fetchedGitPrivate ./richie.json // {
phases = "installPhase";
sed -i "s@localedef --list-archive@localedef --list-archive /run/current-system/sw/lib/locale/locale-archive@" $out/admin/parametres.php
'';
});
+ webappdir = config.services.websites.webappDirsPaths.richie_production;
+ secretPath = config.secrets.fullPaths."websites/richie/production";
+ apacheUser = config.services.httpd.Prod.user;
+ apacheGroup = config.services.httpd.Prod.group;
in
{
- options.myServices.websites.emilia.richie_production.enable = lib.mkEnableOption "enable Richie's website";
+ options.myServices.websites.richie.production.enable = lib.mkEnableOption "enable Richie's website";
config = lib.mkIf cfg.enable {
services.duplyBackup.profiles.richie_production.rootDir = vardir;
services.webstats.sites = [ { name = "europe-richie.org"; } ];
secrets.keys = [{
- dest = "webapps/prod-richie";
- user = "wwwrun";
- group = "wwwrun";
+ dest = "websites/richie/production";
+ user = apacheUser;
+ group = apacheGroup;
permissions = "0400";
text = with config.myEnv.websites.richie; ''
<?php
?>
'';
}];
- myServices.websites.webappDirs.richie_production = richieSrc;
+ services.websites.webappDirs.richie_production = richieSrc;
system.activationScripts.richie_production = {
deps = [ "httpd" ];
text = ''
- install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/richie_production
- install -m 0755 -o wwwrun -g wwwrun -d ${vardir}
+ install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/richie_production
+ install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${vardir}
'';
};
services.phpfpm.pools.richie_production = {
- user = "wwwrun";
- group = "wwwrun";
+ user = apacheUser;
+ group = apacheGroup;
settings = {
- "listen.owner" = "wwwrun";
- "listen.group" = "wwwrun";
+ "listen.owner" = apacheUser;
+ "listen.group" = apacheGroup;
"pm" = "ondemand";
"pm.max_children" = "5";
"pm.process_idle_timeout" = "60";
- "php_admin_value[open_basedir]" = "${vardir}:/var/lib/php/sessions/richie_production:/var/secrets/webapps/prod-richie:${richieSrc}:/tmp";
+ "php_admin_value[open_basedir]" = "${vardir}:/var/lib/php/sessions/richie_production:${secretPath}:${richieSrc}:/tmp";
"php_admin_value[session.save_path]" = "/var/lib/php/sessions/richie_production";
};
phpEnv = {
PATH = "/run/current-system/sw/bin:${lib.makeBinPath [ pkgs.imagemagick ]}";
- BDD_CONNECT = "/var/secrets/webapps/prod-richie";
+ BDD_CONNECT = secretPath;
};
phpOptions = config.services.phpfpm.phpOptions + ''
date.timezone = 'Europe/Paris'
addToCerts = true;
certMainHost = "europe-richie.org";
hosts = [ "europe-richie.org" "www.europe-richie.org" ];
- root = "/run/current-system/webapps/richie_production";
+ root = webappdir;
extraConfig = [
''
Use Stats europe-richie.org
<LocationMatch "^/files/.*/admin/">
Require all denied
</LocationMatch>
- <Directory /run/current-system/webapps/richie_production>
+ <Directory ${webappdir}>
DirectoryIndex index.php index.htm index.html
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride None
users.groups.peertube.gid = config.ids.gids.peertube;
secrets.keys = [{
- dest = "webapps/syden-peertube";
+ dest = "websites/syden/peertube";
user = "peertube";
group = "peertube";
permissions = "0640";
services.filesWatcher.syden_peertube = {
restart = true;
- paths = [ "/var/secrets/webapps/syden-peertube" ];
+ paths = [ config.secrets.fullPaths."websites/syden/peertube" ];
};
systemd.services.syden_peertube = {
script = ''
install -m 0750 -d ${dataDir}/config
- ln -sf /var/secrets/webapps/syden-peertube ${dataDir}/config/production.yaml
+ ln -sf ${config.secrets.fullPaths."websites/syden/peertube"} ${dataDir}/config/production.yaml
ln -sf ${package}/config/default.yaml ${dataDir}/config/default.yaml
exec npm run start
'';
};
services.websites.env.production.vhostConfs.syden_peertube = {
- certName = "eldiron";
- addToCerts = true;
- hosts = [ "syden.immae.eu" ];
- root = null;
- extraConfig = [ ''
+ certName = "syden";
+ addToCerts = true;
+ certMainHost = "syden.immae.eu";
+ hosts = [ "syden.immae.eu" ];
+ root = null;
+ extraConfig = [ ''
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/socket.io [NC]
{ lib, pkgs, config, ... }:
let
adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; };
- cfg = config.myServices.websites.telioTortay.production;
+ cfg = config.myServices.websites.telio_tortay.production;
varDir = "/var/lib/ftp/telio_tortay";
- env = config.myEnv.websites.telioTortay;
+ env = config.myEnv.websites.telio_tortay;
+ apacheUser = config.services.httpd.Prod.user;
+ apacheGroup = config.services.httpd.Prod.group;
in {
- options.myServices.websites.telioTortay.production.enable = lib.mkEnableOption "enable Telio Tortay's website";
+ options.myServices.websites.telio_tortay.production.enable = lib.mkEnableOption "enable Telio Tortay's website";
config = lib.mkIf cfg.enable {
services.webstats.sites = [ { name = "telio-tortay.immae.eu"; } ];
security.acme.certs."ftp".extraDomains."telio-tortay.immae.eu" = null;
- system.activationScripts.telio-tortay = {
+ system.activationScripts.telio_tortay = {
deps = [ "httpd" ];
text = ''
- install -m 0755 -o wwwrun -g wwwrun -d /var/lib/ftp/telio_tortay/logs
- install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/telio-tortay
+ install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/ftp/telio_tortay/logs
+ install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/telio_tortay
'';
};
- systemd.services.phpfpm-telio-tortay.after = lib.mkAfter [ "mysql.service" ];
- systemd.services.phpfpm-telio-tortay.wants = [ "mysql.service" ];
- services.phpfpm.pools.telio-tortay = {
- user = "wwwrun";
- group = "wwwrun";
+ systemd.services.phpfpm-telio_tortay.after = lib.mkAfter [ "mysql.service" ];
+ systemd.services.phpfpm-telio_tortay.wants = [ "mysql.service" ];
+ services.phpfpm.pools.telio_tortay = {
+ user = apacheUser;
+ group = apacheGroup;
settings = {
- "listen.owner" = "wwwrun";
- "listen.group" = "wwwrun";
+ "listen.owner" = apacheUser;
+ "listen.group" = apacheGroup;
"pm" = "ondemand";
"pm.max_children" = "5";
"pm.process_idle_timeout" = "60";
- "php_admin_value[open_basedir]" = "/var/lib/php/sessions/telio-tortay:${varDir}:/tmp";
- "php_admin_value[session.save_path]" = "/var/lib/php/sessions/telio-tortay";
+ "php_admin_value[open_basedir]" = "/var/lib/php/sessions/telio_tortay:${varDir}:/tmp";
+ "php_admin_value[session.save_path]" = "/var/lib/php/sessions/telio_tortay";
};
phpOptions = config.services.phpfpm.phpOptions + ''
disable_functions = "mail"
'';
};
services.websites.env.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ];
- services.websites.env.production.vhostConfs.telio-tortay = {
- certName = "telio-tortay";
+ services.websites.env.production.vhostConfs.telio_tortay = {
+ certName = "telio_tortay";
certMainHost = "telio-tortay.immae.eu";
hosts = ["telio-tortay.immae.eu" "realistesmedia.fr" "www.realistesmedia.fr" ];
root = varDir;
CustomLog "${varDir}/logs/access_log" combined
<FilesMatch "\.php$">
- SetHandler "proxy:unix:${config.services.phpfpm.pools.telio-tortay.socket}|fcgi://localhost"
+ SetHandler "proxy:unix:${config.services.phpfpm.pools.telio_tortay.socket}|fcgi://localhost"
</FilesMatch>
<Directory ${varDir}/logs>
};
};
- myServices.websites.webappDirs._dav = ./www;
- myServices.websites.webappDirs."${davical.apache.webappName}" = davical.webRoot;
- myServices.websites.webappDirs."${infcloud.webappName}" = pkgs.webapps.infcloud;
+ services.websites.webappDirs._dav = ./www;
+ services.websites.webappDirs."${davical.apache.webappName}" = davical.webRoot;
+ services.websites.webappDirs."${infcloud.webappName}" = pkgs.webapps.infcloud;
};
}
services.websites.env.tools.modules =
gitweb.apache.modules ++
mantisbt.apache.modules;
- myServices.websites.webappDirs."${gitweb.apache.webappName}" = gitweb.webRoot;
- myServices.websites.webappDirs."${mantisbt.apache.webappName}" = mantisbt.webRoot;
+ services.websites.webappDirs."${gitweb.apache.webappName}" = gitweb.webRoot;
+ services.websites.webappDirs."${mantisbt.apache.webappName}" = mantisbt.webRoot;
system.activationScripts.mantisbt = mantisbt.activationScript;
services.websites.env.tools.vhostConfs.git = {
rainloop = rainloop.activationScript;
};
- myServices.websites.webappDirs = {
+ services.websites.webappDirs = {
_mail = ./www;
"${roundcubemail.apache.webappName}" = roundcubemail.webRoot;
"${rainloop.apache.webappName}" = rainloop.webRoot;
in
{
config = lib.mkIf cfg.enable {
- myServices.websites.webappDirs = {
+ services.websites.webappDirs = {
_mta-sts = root;
};
ldap = ldap.activationScript;
};
- myServices.websites.webappDirs = {
+ services.websites.webappDirs = {
_adminer = adminer.webRoot;
"${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
"${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
root = "/run/current-system/webapps/_vpn";
};
- myServices.websites.webappDirs._vpn = ./www;
+ services.websites.webappDirs._vpn = ./www;
};
}
bitlbee-mastodon = callPackage ./bitlbee-mastodon {};
composerEnv = callPackage ./composer-env {};
- webapps = callPackage ./webapps { inherit mylibs composerEnv private; };
+ webapps = callPackage ./webapps { inherit mylibs composerEnv; };
monitoring-plugins = callPackage ./monitoring-plugins {};
naemon = callPackage ./naemon { inherit mylibs monitoring-plugins; };
simp_le_0_17 = callPackage ./simp_le {};
certbot = callPackage ./certbot {};
- private = if builtins.pathExists (./. + "/private")
- then import ./private { inherit pkgs; }
- else { webapps = {}; };
-
python3PackagesPlus = callPackage ./python-packages {
python = python3;
inherit mylibs;
+++ /dev/null
-{ pkgs }:
-with pkgs;
-let
- mylibs = import ../../lib { inherit pkgs; };
-in
-rec {
- webapps = callPackage ./webapps {
- inherit mylibs;
- inherit (pkgs) composerEnv;
- inherit (pkgs.webapps) spip;
- };
-}
+++ /dev/null
-{ www_root ? null }:
-rec {
- www = ./www;
- apacheConfig = let
- www_root' = if isNull www_root then www else www_root;
- in ''
- ErrorDocument 500 /maintenance_immae.html
- ErrorDocument 501 /maintenance_immae.html
- ErrorDocument 502 /maintenance_immae.html
- ErrorDocument 503 /maintenance_immae.html
- ErrorDocument 504 /maintenance_immae.html
- Alias /maintenance_immae.html ${www_root'}/maintenance_immae.html
- ProxyPass /maintenance_immae.html !
-
- AliasMatch "(.*)/googleb6d69446ff4ca3e5.html" ${www_root'}/googleb6d69446ff4ca3e5.html
- <Directory ${www_root'}>
- AllowOverride None
- Require all granted
- </Directory>
- '';
-}
+++ /dev/null
-{ callPackage, mylibs, composerEnv, lib, spip }:
-rec {
- apache-default = callPackage ./apache-default {};
-
- aten = callPackage ./aten { inherit composerEnv mylibs; };
- chloe = callPackage ./chloe { inherit mylibs spip; };
- iridologie = callPackage ./iridologie { inherit mylibs spip; };
- connexionswing = callPackage ./connexionswing { inherit composerEnv mylibs;};
- ludivinecassal = callPackage ./ludivinecassal { inherit composerEnv mylibs; };
- piedsjaloux = callPackage ./piedsjaloux { inherit composerEnv mylibs; };
- tellesflorian = callPackage ./tellesflorian { inherit composerEnv mylibs; };
-}
-{ callPackage, mylibs, composerEnv, lib, private }:
+{ callPackage, mylibs, composerEnv, lib }:
rec {
adminer = callPackage ./adminer {};
apache-theme = callPackage ./apache-theme {};
in
lib.attrsets.genAttrs names
(name: callPackage (./yourls/plugins + "/${name}") { inherit mylibs; });
-} // private.webapps
+}
projects / perso / Immae / Config / Nix.git / commitdiff
