-{ apacheUser, apacheGroup, chloe, config }:
-rec {
- app = chloe.override { inherit (config) environment; };
- phpFpm = rec {
- serviceDeps = [ "mysql.service" ];
- pool = {
- "listen.owner" = apacheUser;
- "listen.group" = apacheGroup;
- "php_admin_value[upload_max_filesize]" = "20M";
- "php_admin_value[post_max_size]" = "20M";
- # "php_admin_flag[log_errors]" = "on";
- "php_admin_value[open_basedir]" = "${app.spipConfig}:${configDir}:${app}:${app.varDir}:/tmp";
- "php_admin_value[session.save_path]" = "${app.varDir}/phpSessions";
- } // (if app.environment == "dev" then {
- "pm" = "ondemand";
- "pm.max_children" = "5";
- "pm.process_idle_timeout" = "60";
- } else {
- "pm" = "dynamic";
- "pm.max_children" = "20";
- "pm.start_servers" = "2";
- "pm.min_spare_servers" = "1";
- "pm.max_spare_servers" = "3";
- });
- };
- keys = [{
- dest = "webapps/${app.environment}-chloe";
- user = apacheUser;
- group = apacheGroup;
- permissions = "0400";
- text = ''
- SetEnv SPIP_CONFIG_DIR "${configDir}"
- SetEnv SPIP_VAR_DIR "${app.varDir}"
- SetEnv SPIP_SITE "chloe-${app.environment}"
- SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu"
- SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu"
- SetEnv SPIP_LDAP_SEARCH_DN "${config.ldap.dn}"
- SetEnv SPIP_LDAP_SEARCH_PW "${config.ldap.password}"
- SetEnv SPIP_LDAP_SEARCH "${config.ldap.filter}"
- SetEnv SPIP_MYSQL_HOST "${config.mysql.host}"
- SetEnv SPIP_MYSQL_PORT "${config.mysql.port}"
- SetEnv SPIP_MYSQL_DB "${config.mysql.database}"
- SetEnv SPIP_MYSQL_USER "${config.mysql.user}"
- SetEnv SPIP_MYSQL_PASSWORD "${config.mysql.password}"
- '';
- }];
- apache = rec {
- modules = [ "proxy_fcgi" ];
- webappName = "chloe_${app.environment}";
- root = "/run/current-system/webapps/${webappName}";
- vhostConf = socket: ''
- Include /var/secrets/webapps/${app.environment}-chloe
-
- RewriteEngine On
- ${if app.environment == "prod" then ''
- RewriteRule ^/news.rss /spip.php?page=backend&id_rubrique=1
- '' else ""}
-
- <FilesMatch "\.php$">
- SetHandler "proxy:unix:${socket}|fcgi://localhost"
- </FilesMatch>
-
- <Directory ${root}>
- DirectoryIndex index.php index.htm index.html
- Options -Indexes +FollowSymLinks +MultiViews +Includes
- Include ${root}/htaccess.txt
-
- AllowOverride AuthConfig FileInfo Limit
- Require all granted
- </Directory>
-
- <DirectoryMatch "${root}/squelettes">
- Require all denied
- </DirectoryMatch>
-
- <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$">
- Require all denied
- </FilesMatch>
-
- ${if app.environment == "dev" then ''
- <Location />
- Use LDAPConnect
- Require ldap-group cn=chloe.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
- ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://osteopathe-cc.fr\"></html>"
- </Location>
- '' else ''
- Use Stats osteopathe-cc.fr
- ''}
- '';
- };
- activationScript = {
- deps = [ "wrappers" ];
- text = ''
- install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local
- install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions
- '';
- };
- configDir = ./config;
-}