};
};
- # FIXME: how to run it? currently set as timer
security.acme.certs = {
"eldiron" = {
webroot = "/var/lib/acme/acme-challenge";
domain = "eldiron.immae.eu";
plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ];
postRun = ''
- "systemctl reload httpd.service"
+ systemctl reload httpd.service
'';
extraDomains = {
"db-1.immae.eu" = null;
"sandetludo.immae.eu" = null;
};
};
+ # "connexionswing" = {
+ # webroot = "/var/lib/acme/acme-challenge";
+ # email = "ismael@bouya.org";
+ # domain = "connexionswing.com";
+ # plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ];
+ # postRun = ''
+ # systemctl reload httpd.service
+ # '';
+ # extraDomains = {
+ # "www.connexionswing.com" = null;
+ # "sandetludo.com" = null;
+ # "www.sandetludo.com" = null;
+ # };
+ # };
};
services.ympd = mypkgs.ympd.config // { enable = true; };
- # FIXME: open_basedir
services.phpfpm = {
extraConfig = ''
log_level = notice
poolConfigs = {
adminer = mypkgs.adminer.phpFpm.pool;
connexionswing_dev = mypkgs.connexionswing_dev.phpFpm.pool;
+ connexionswing_prod = mypkgs.connexionswing_prod.phpFpm.pool;
www = ''
listen = /var/run/phpfpm/www.sock
user = wwwrun
system.activationScripts = {
connexionswing_dev = mypkgs.connexionswing_dev.activationScript;
+ connexionswing_prod = mypkgs.connexionswing_prod.activationScript;
httpd = ''
install -d -m 0755 /var/lib/acme/acme-challenge
install -d -m 0755 /var/www
extraModules = pkgs.lib.lists.unique (
mypkgs.adminer.apache.modules ++
mypkgs.connexionswing_dev.apache.modules ++
+ mypkgs.connexionswing_prod.apache.modules ++
[
"macro"
"ldap"
hostName = "redirectSSL";
serverAliases = [ "*" ];
enableSSL = false;
- # FIXME: directory needs to exist
documentRoot = "/var/lib/acme/acme-challenge";
extraConfig = ''
RewriteEngine on
SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
</FilesMatch>
+ <Directory ${varDir}/medias>
+ Options FollowSymLinks
+ AllowOverride None
+ Require all granted
+ </Directory>
+
+ <Directory ${varDir}/uploads>
+ Options FollowSymLinks
+ AllowOverride None
+ Require all granted
+ </Directory>
+
${if environment == "dev" then ''
<Location />
Use LDAPConnect
# FIXME: can we do better than symlink?
# FIXME: imagick optional
# FIXME: initial sync
+ # FIXME: backup
buildPhase = ''
export GIT_SSL_CAINFO=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt