From: Ismaël Bouya <ismael.bouya@normalesup.org>
Date: Tue, 24 Mar 2020 23:34:28 +0000 (+0100)
Subject: Add evariste website
X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=commitdiff_plain;h=ab97f6e7a32d37e3aefc260d8b8ed35a40261518

Add evariste website
---

diff --git a/modules/private/default.nix b/modules/private/default.nix
index 3996eac..ece6907 100644
--- a/modules/private/default.nix
+++ b/modules/private/default.nix
@@ -38,6 +38,7 @@ set = {
   ludivinecassalProd = ./websites/ludivinecassal/production.nix;
   nassimeProd = ./websites/nassime/production.nix;
   naturaloutilProd = ./websites/naturaloutil/production.nix;
+  evaristeProd = ./websites/evariste/production.nix;
   telioTortayProd = ./websites/teliotortay/production.nix;
   papaMaisonBbc = ./websites/papa/maison_bbc.nix;
   papaSurveillance = ./websites/papa/surveillance.nix;
diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix
index 90f24a4..5c0e655 100644
--- a/modules/private/websites/default.nix
+++ b/modules/private/websites/default.nix
@@ -256,6 +256,7 @@ in
 
       nassime.production.enable = true;
 
+      evariste.production.enable = true;
       naturaloutil.production.enable = true;
       telioTortay.production.enable = true;
 
diff --git a/modules/private/websites/evariste/production.nix b/modules/private/websites/evariste/production.nix
new file mode 100644
index 0000000..00e6fe1
--- /dev/null
+++ b/modules/private/websites/evariste/production.nix
@@ -0,0 +1,101 @@
+{ lib, pkgs, config,  ... }:
+let
+  cfg = config.myServices.websites.evariste.production;
+  nsiVarDir = "/var/lib/ftp/nsievariste";
+  stmgVarDir = "/var/lib/ftp/stmgevariste";
+in {
+  options.myServices.websites.evariste.production.enable = lib.mkEnableOption "enable NSI/STMG Evariste website";
+
+  config = lib.mkIf cfg.enable {
+    services.webstats.sites = [
+      { name = "nsievariste.immae.eu"; }
+      { name = "stmgevariste.immae.eu"; }
+    ];
+
+    services.websites.env.production.modules = [ "proxy_fcgi" ];
+    system.activationScripts.evariste = {
+      deps = [ "httpd" ];
+      text = ''
+        install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/nsievariste
+        install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/stmgevariste
+        '';
+    };
+    services.phpfpm.pools.nsievariste = {
+      listen = "/run/phpfpm/nsievariste.sock";
+      extraConfig = ''
+        user = wwwrun
+        group = wwwrun
+        listen.owner = wwwrun
+        listen.group = wwwrun
+
+        pm = ondemand
+        pm.max_children = 5
+        pm.process_idle_timeout = 60
+
+        php_admin_value[open_basedir] = "/var/lib/php/sessions/nsievariste:${nsiVarDir}:/tmp"
+        php_admin_value[session.save_path] = "/var/lib/php/sessions/nsievariste"
+        '';
+    };
+    services.websites.env.production.vhostConfs.nsievariste = {
+      certName     = "eldiron";
+      addToCerts   = true;
+      hosts        = ["nsievariste.immae.eu" ];
+      root         = nsiVarDir;
+      extraConfig  = [
+        ''
+        Use Stats nsievariste.immae.eu
+
+        <FilesMatch "\.php$">
+          SetHandler "proxy:unix:/run/phpfpm/nsievariste.sock|fcgi://localhost"
+        </FilesMatch>
+
+        <Directory ${nsiVarDir}>
+          DirectoryIndex index.php index.htm index.html
+          Options Indexes FollowSymLinks MultiViews Includes
+          AllowOverride None
+          Require all granted
+        </Directory>
+          ''
+      ];
+    };
+
+    services.phpfpm.pools.stmgevariste = {
+      listen = "/run/phpfpm/stmgevariste.sock";
+      extraConfig = ''
+        user = wwwrun
+        group = wwwrun
+        listen.owner = wwwrun
+        listen.group = wwwrun
+
+        pm = ondemand
+        pm.max_children = 5
+        pm.process_idle_timeout = 60
+
+        php_admin_value[open_basedir] = "/var/lib/php/sessions/stmgevariste:${stmgVarDir}:/tmp"
+        php_admin_value[session.save_path] = "/var/lib/php/sessions/stmgevariste"
+        '';
+    };
+    services.websites.env.production.vhostConfs.stmgevariste = {
+      certName     = "eldiron";
+      addToCerts   = true;
+      hosts        = ["stmgevariste.immae.eu" ];
+      root         = stmgVarDir;
+      extraConfig  = [
+        ''
+        Use Stats stmgevariste.immae.eu
+
+        <FilesMatch "\.php$">
+          SetHandler "proxy:unix:/run/phpfpm/stmgevariste.sock|fcgi://localhost"
+        </FilesMatch>
+
+        <Directory ${stmgVarDir}>
+          DirectoryIndex index.php index.htm index.html
+          Options Indexes FollowSymLinks MultiViews Includes
+          AllowOverride None
+          Require all granted
+        </Directory>
+          ''
+      ];
+    };
+  };
+}