From: Ismaƫl Bouya Date: Sat, 18 May 2019 08:49:00 +0000 (+0200) Subject: Move personal websites to modules X-Git-Tag: nur_publish~7 X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=commitdiff_plain;h=f8026b6e4c869aa108f6361c8ccd50890657994d Move personal websites to modules --- diff --git a/modules/private/default.nix b/modules/private/default.nix index 2030315..16258e4 100644 --- a/modules/private/default.nix +++ b/modules/private/default.nix @@ -1,4 +1,5 @@ -{ +let +set = { # adatped from nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix httpdInte = import ../websites/httpd-service-builder.nix { httpdName = "Inte"; withUsers = false; }; httpdProd = import ../websites/httpd-service-builder.nix { httpdName = "Prod"; withUsers = false; }; @@ -10,5 +11,32 @@ postgresql = ./databases/postgresql.nix; redis = ./databases/redis.nix; + websites = ./websites; + atenInte = ./websites/aten/integration.nix; + atenProd = ./websites/aten/production.nix; + capitainesProd = ./websites/capitaines/production.nix; + chloeInte = ./websites/chloe/integration.nix; + chloeProd = ./websites/chloe/production.nix; + connexionswingInte = ./websites/connexionswing/integration.nix; + connexionswingProd = ./websites/connexionswing/production.nix; + denisejeromeProd = ./websites/denisejerome/production.nix; + emiliaProd = ./websites/emilia/production.nix; + florianApp = ./websites/florian/app.nix; + florianInte = ./websites/florian/integration.nix; + florianProd = ./websites/florian/production.nix; + immaeProd = ./websites/immae/production.nix; + immaeRelease = ./websites/immae/release.nix; + immaeTemp = ./websites/immae/temp.nix; + leilaProd = ./websites/leila/production.nix; + ludivinecassalInte = ./websites/ludivinecassal/integration.nix; + ludivinecassalProd = ./websites/ludivinecassal/production.nix; + nassimeProd = ./websites/nassime/production.nix; + naturaloutilProd = ./websites/naturaloutil/production.nix; + papaSurveillance = ./websites/papa/surveillance.nix; + piedsjalouxInte = ./websites/piedsjaloux/integration.nix; + piedsjalouxProd = ./websites/piedsjaloux/production.nix; + irc = ./irc.nix; -} +}; +in +builtins.listToAttrs (map (attr: { name = "priv${attr}"; value = set.${attr}; }) (builtins.attrNames set)) diff --git a/nixops/modules/websites/aten/aten.nix b/modules/private/websites/aten/builder.nix similarity index 84% rename from nixops/modules/websites/aten/aten.nix rename to modules/private/websites/aten/builder.nix index 04876a1..9a2e1a7 100644 --- a/nixops/modules/websites/aten/aten.nix +++ b/modules/private/websites/aten/builder.nix @@ -1,4 +1,4 @@ -{ aten, lib, config }: rec { +{ apacheUser, apacheGroup, aten, lib, config }: rec { app = aten.override { inherit (config) environment; }; phpFpm = rec { preStart = '' @@ -7,7 +7,7 @@ "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \ || ! sha512sum -c --status ${app.varDir}/currentKey; then pushd ${app} > /dev/null - /run/wrappers/bin/sudo -u wwwrun APP_ENV=${app.environment} ./bin/console --env=${app.environment} cache:clear --no-warmup + /run/wrappers/bin/sudo -u ${apacheUser} APP_ENV=${app.environment} ./bin/console --env=${app.environment} cache:clear --no-warmup popd > /dev/null echo -n "${app}" > ${app.varDir}/currentWebappDir sha512sum /var/secrets/webapps/${app.environment}-aten > ${app.varDir}/currentKey @@ -17,10 +17,10 @@ socket = "/var/run/phpfpm/aten-${app.environment}.sock"; pool = '' listen = ${socket} - user = ${apache.user} - group = ${apache.group} - listen.owner = ${apache.user} - listen.group = ${apache.group} + user = ${apacheUser} + group = ${apacheGroup} + listen.owner = ${apacheUser} + listen.group = ${apacheGroup} php_admin_value[upload_max_filesize] = 20M php_admin_value[post_max_size] = 20M ;php_admin_flag[log_errors] = on @@ -41,8 +41,8 @@ }; keys = [{ dest = "webapps/${app.environment}-aten"; - user = apache.user; - group = apache.group; + user = apacheUser; + group = apacheGroup; permissions = "0400"; text = '' SetEnv APP_ENV "${app.environment}" @@ -51,8 +51,6 @@ ''; }]; apache = rec { - user = "wwwrun"; - group = "wwwrun"; modules = [ "proxy_fcgi" ]; webappName = "aten_${app.environment}"; root = "/run/current-system/webapps/${webappName}"; @@ -97,8 +95,8 @@ activationScript = { deps = [ "wrappers" ]; text = '' - install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} - install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions + install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} + install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions ''; }; } diff --git a/modules/private/websites/aten/integration.nix b/modules/private/websites/aten/integration.nix new file mode 100644 index 0000000..790c5a9 --- /dev/null +++ b/modules/private/websites/aten/integration.nix @@ -0,0 +1,34 @@ +{ lib, pkgs, config, myconfig, ... }: +let + aten = pkgs.callPackage ./builder.nix { + inherit (pkgs.webapps) aten; + config = myconfig.env.websites.aten.integration; + apacheUser = config.services.httpd.Inte.user; + apacheGroup = config.services.httpd.Inte.group; + }; + + cfg = config.myServices.websites.aten.integration; +in { + options.myServices.websites.aten.integration.enable = lib.mkEnableOption "enable Aten's website in integration"; + + config = lib.mkIf cfg.enable { + secrets.keys = aten.keys; + services.myPhpfpm.preStart.aten_dev = aten.phpFpm.preStart; + services.myPhpfpm.serviceDependencies.aten_dev = aten.phpFpm.serviceDeps; + services.myPhpfpm.poolConfigs.aten_dev = aten.phpFpm.pool; + system.activationScripts.aten_dev = aten.activationScript; + system.extraSystemBuilderCmds = '' + mkdir -p $out/webapps + ln -s ${aten.app.webRoot} $out/webapps/${aten.apache.webappName} + ''; + services.websites.integration.modules = aten.apache.modules; + services.websites.integration.vhostConfs.aten = { + certName = "eldiron"; + addToCerts = true; + hosts = [ "dev.aten.pro" ]; + root = aten.apache.root; + extraConfig = [ aten.apache.vhostConf ]; + }; + }; +} + diff --git a/modules/private/websites/aten/production.nix b/modules/private/websites/aten/production.nix new file mode 100644 index 0000000..697f1b8 --- /dev/null +++ b/modules/private/websites/aten/production.nix @@ -0,0 +1,36 @@ +{ lib, pkgs, config, myconfig, ... }: +let + aten = pkgs.callPackage ./builder.nix { + inherit (pkgs.webapps) aten; + config = myconfig.env.websites.aten.production; + apacheUser = config.services.httpd.Prod.user; + apacheGroup = config.services.httpd.Prod.group; + }; + + cfg = config.myServices.websites.aten.production; +in { + options.myServices.websites.aten.production.enable = lib.mkEnableOption "enable Aten's website in production"; + + config = lib.mkIf cfg.enable { + secrets.keys = aten.keys; + services.webstats.sites = [ { name = "aten.pro"; } ]; + + services.myPhpfpm.preStart.aten_prod = aten.phpFpm.preStart; + services.myPhpfpm.serviceDependencies.aten_prod = aten.phpFpm.serviceDeps; + services.myPhpfpm.poolConfigs.aten_prod = aten.phpFpm.pool; + system.activationScripts.aten_prod = aten.activationScript; + system.extraSystemBuilderCmds = '' + mkdir -p $out/webapps + ln -s ${aten.app.webRoot} $out/webapps/${aten.apache.webappName} + ''; + services.websites.production.modules = aten.apache.modules; + services.websites.production.vhostConfs.aten = { + certName = "aten"; + certMainHost = "aten.pro"; + hosts = [ "aten.pro" "www.aten.pro" ]; + root = aten.apache.root; + extraConfig = [ aten.apache.vhostConf ]; + }; + }; +} + diff --git a/nixops/modules/websites/capitaines/mastodon_static/index.html b/modules/private/websites/capitaines/mastodon_static/index.html similarity index 100% rename from nixops/modules/websites/capitaines/mastodon_static/index.html rename to modules/private/websites/capitaines/mastodon_static/index.html diff --git a/nixops/modules/websites/capitaines/mastodon_static/oops.png b/modules/private/websites/capitaines/mastodon_static/oops.png similarity index 100% rename from nixops/modules/websites/capitaines/mastodon_static/oops.png rename to modules/private/websites/capitaines/mastodon_static/oops.png diff --git a/nixops/modules/websites/capitaines/default.nix b/modules/private/websites/capitaines/production.nix similarity index 84% rename from nixops/modules/websites/capitaines/default.nix rename to modules/private/websites/capitaines/production.nix index 4bbf488..fe9c619 100644 --- a/nixops/modules/websites/capitaines/default.nix +++ b/modules/private/websites/capitaines/production.nix @@ -1,18 +1,14 @@ { lib, pkgs, config, myconfig, ... }: let - cfg = config.services.myWebsites.Capitaines; + cfg = config.myServices.websites.capitaines.production; env = myconfig.env.websites.capitaines; webappName = "capitaines_mastodon"; root = "/run/current-system/webapps/${webappName}"; siteDir = ./mastodon_static; in { - options.services.myWebsites.Capitaines = { - production = { - enable = lib.mkEnableOption "enable Capitaines's website"; - }; - }; + options.myServices.websites.capitaines.production.enable = lib.mkEnableOption "enable Capitaines's website"; - config = lib.mkIf cfg.production.enable { + config = lib.mkIf cfg.enable { system.extraSystemBuilderCmds = '' mkdir -p $out/webapps ln -s ${siteDir} $out/webapps/${webappName} diff --git a/nixops/modules/websites/chloe/chloe.nix b/modules/private/websites/chloe/builder.nix similarity index 85% rename from nixops/modules/websites/chloe/chloe.nix rename to modules/private/websites/chloe/builder.nix index 2847b9d..7b72b97 100644 --- a/nixops/modules/websites/chloe/chloe.nix +++ b/modules/private/websites/chloe/builder.nix @@ -1,4 +1,4 @@ -{ chloe, config }: +{ apacheUser, apacheGroup, chloe, config }: rec { app = chloe.override { inherit (config) environment; }; phpFpm = rec { @@ -6,10 +6,10 @@ rec { socket = "/var/run/phpfpm/chloe-${app.environment}.sock"; pool = '' listen = ${socket} - user = ${apache.user} - group = ${apache.group} - listen.owner = ${apache.user} - listen.group = ${apache.group} + user = ${apacheUser} + group = ${apacheGroup} + listen.owner = ${apacheUser} + listen.group = ${apacheGroup} php_admin_value[upload_max_filesize] = 20M php_admin_value[post_max_size] = 20M ;php_admin_flag[log_errors] = on @@ -29,8 +29,8 @@ rec { }; keys = [{ dest = "webapps/${app.environment}-chloe"; - user = apache.user; - group = apache.group; + user = apacheUser; + group = apacheGroup; permissions = "0400"; text = '' SetEnv SPIP_CONFIG_DIR "${configDir}" @@ -49,8 +49,6 @@ rec { ''; }]; apache = rec { - user = "wwwrun"; - group = "wwwrun"; modules = [ "proxy_fcgi" ]; webappName = "chloe_${app.environment}"; root = "/run/current-system/webapps/${webappName}"; @@ -97,9 +95,9 @@ rec { activationScript = { deps = [ "wrappers" ]; text = '' - install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local - install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions + install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local + install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions ''; }; - configDir = ./chloe_config_ + app.environment; + configDir = ./config; } diff --git a/nixops/modules/websites/chloe/chloe_config_dev/chmod.php b/modules/private/websites/chloe/config/chmod.php similarity index 100% rename from nixops/modules/websites/chloe/chloe_config_dev/chmod.php rename to modules/private/websites/chloe/config/chmod.php diff --git a/nixops/modules/websites/chloe/chloe_config_dev/connect.php b/modules/private/websites/chloe/config/connect.php similarity index 100% rename from nixops/modules/websites/chloe/chloe_config_dev/connect.php rename to modules/private/websites/chloe/config/connect.php diff --git a/nixops/modules/websites/chloe/chloe_config_dev/ldap.php b/modules/private/websites/chloe/config/ldap.php similarity index 100% rename from nixops/modules/websites/chloe/chloe_config_dev/ldap.php rename to modules/private/websites/chloe/config/ldap.php diff --git a/modules/private/websites/chloe/integration.nix b/modules/private/websites/chloe/integration.nix new file mode 100644 index 0000000..458e414 --- /dev/null +++ b/modules/private/websites/chloe/integration.nix @@ -0,0 +1,35 @@ +{ lib, pkgs, config, myconfig, ... }: +let + chloe = pkgs.callPackage ./builder.nix { + inherit (pkgs.webapps) chloe; + config = myconfig.env.websites.chloe.integration; + apacheUser = config.services.httpd.Inte.user; + apacheGroup = config.services.httpd.Inte.group; + }; + + cfg = config.myServices.websites.chloe.integration; +in { + options.myServices.websites.chloe.integration.enable = lib.mkEnableOption "enable Chloe's website in integration"; + + config = lib.mkIf cfg.enable { + secrets.keys = chloe.keys; + services.myPhpfpm.serviceDependencies.chloe_dev = chloe.phpFpm.serviceDeps; + services.myPhpfpm.poolConfigs.chloe_dev = chloe.phpFpm.pool; + services.myPhpfpm.poolPhpConfigs.chloe_dev = '' + extension=${pkgs.php}/lib/php/extensions/mysqli.so + ''; + system.activationScripts.chloe_dev = chloe.activationScript; + system.extraSystemBuilderCmds = '' + mkdir -p $out/webapps + ln -s ${chloe.app.webRoot} $out/webapps/${chloe.apache.webappName} + ''; + services.websites.integration.modules = chloe.apache.modules; + services.websites.integration.vhostConfs.chloe = { + certName = "eldiron"; + addToCerts = true; + hosts = ["chloe.immae.eu" ]; + root = chloe.apache.root; + extraConfig = [ chloe.apache.vhostConf ]; + }; + }; +} diff --git a/modules/private/websites/chloe/production.nix b/modules/private/websites/chloe/production.nix new file mode 100644 index 0000000..0eafebd --- /dev/null +++ b/modules/private/websites/chloe/production.nix @@ -0,0 +1,37 @@ +{ lib, pkgs, config, myconfig, ... }: +let + chloe = pkgs.callPackage ./builder.nix { + inherit (pkgs.webapps) chloe; + config = myconfig.env.websites.chloe.production; + apacheUser = config.services.httpd.Prod.user; + apacheGroup = config.services.httpd.Prod.group; + }; + + cfg = config.myServices.websites.chloe.production; +in { + options.myServices.websites.chloe.production.enable = lib.mkEnableOption "enable Chloe's website in production"; + + config = lib.mkIf cfg.enable { + secrets.keys = chloe.keys; + services.webstats.sites = [ { name = "osteopathe-cc.fr"; } ]; + + services.myPhpfpm.serviceDependencies.chloe_prod = chloe.phpFpm.serviceDeps; + services.myPhpfpm.poolConfigs.chloe_prod = chloe.phpFpm.pool; + services.myPhpfpm.poolPhpConfigs.chloe_prod = '' + extension=${pkgs.php}/lib/php/extensions/mysqli.so + ''; + system.activationScripts.chloe_prod = chloe.activationScript; + system.extraSystemBuilderCmds = '' + mkdir -p $out/webapps + ln -s ${chloe.app.webRoot} $out/webapps/${chloe.apache.webappName} + ''; + services.websites.production.modules = chloe.apache.modules; + services.websites.production.vhostConfs.chloe = { + certName = "chloe"; + certMainHost = "osteopathe-cc.fr"; + hosts = ["osteopathe-cc.fr" "www.osteopathe-cc.fr" ]; + root = chloe.apache.root; + extraConfig = [ chloe.apache.vhostConf ]; + }; + }; +} diff --git a/modules/private/websites/commons/adminer.nix b/modules/private/websites/commons/adminer.nix new file mode 100644 index 0000000..98ab461 --- /dev/null +++ b/modules/private/websites/commons/adminer.nix @@ -0,0 +1,21 @@ +{}: +rec { + phpFpm = { + socket = "/var/run/phpfpm/adminer.sock"; + }; + apache = rec { + modules = [ "proxy_fcgi" ]; + webappName = "_adminer"; + root = "/run/current-system/webapps/${webappName}"; + vhostConf = '' + Alias /adminer ${root} + + DirectoryIndex index.php + Require all granted + + SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" + + + ''; + }; +} diff --git a/nixops/modules/websites/connexionswing/connexionswing.nix b/modules/private/websites/connexionswing/builder.nix similarity index 90% rename from nixops/modules/websites/connexionswing/connexionswing.nix rename to modules/private/websites/connexionswing/builder.nix index 77b839c..1224420 100644 --- a/nixops/modules/websites/connexionswing/connexionswing.nix +++ b/modules/private/websites/connexionswing/builder.nix @@ -1,10 +1,10 @@ -{ connexionswing, pkgs, phpPackages, config }: +{ apacheUser, apacheGroup, connexionswing, pkgs, phpPackages, config }: rec { app = connexionswing.override { inherit (config) environment; }; keys = [{ dest = "webapps/${app.environment}-connexionswing"; - user = apache.user; - group = apache.group; + user = apacheUser; + group = apacheGroup; permissions = "0400"; text = '' # This file is auto-generated during the composer install @@ -37,7 +37,7 @@ rec { "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \ || ! sha512sum -c --status ${app.varDir}/currentKey; then pushd ${app} > /dev/null - /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${app.environment} cache:clear --no-warmup + /run/wrappers/bin/sudo -u ${apacheUser} ./bin/console --env=${app.environment} cache:clear --no-warmup popd > /dev/null echo -n "${app}" > ${app.varDir}/currentWebappDir sha512sum /var/secrets/webapps/${app.environment}-connexionswing > ${app.varDir}/currentKey @@ -50,10 +50,10 @@ rec { ''; pool = '' listen = ${socket} - user = ${apache.user} - group = ${apache.group} - listen.owner = ${apache.user} - listen.group = ${apache.group} + user = ${apacheUser} + group = ${apacheGroup} + listen.owner = ${apacheUser} + listen.group = ${apacheGroup} php_admin_value[upload_max_filesize] = 20M php_admin_value[post_max_size] = 20M ;php_admin_flag[log_errors] = on @@ -73,8 +73,6 @@ rec { ''}''; }; apache = rec { - user = "wwwrun"; - group = "wwwrun"; modules = [ "proxy_fcgi" ]; webappName = "connexionswing_${app.environment}"; root = "/run/current-system/webapps/${webappName}"; @@ -156,11 +154,11 @@ rec { activationScript = { deps = [ "wrappers" ]; text = '' - install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} \ + install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} \ ${app.varDir}/medias \ ${app.varDir}/uploads \ ${app.varDir}/var - install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions + install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions ''; }; } diff --git a/modules/private/websites/connexionswing/integration.nix b/modules/private/websites/connexionswing/integration.nix new file mode 100644 index 0000000..c3425bd --- /dev/null +++ b/modules/private/websites/connexionswing/integration.nix @@ -0,0 +1,35 @@ +{ lib, pkgs, config, myconfig, ... }: +let + connexionswing = pkgs.callPackage ./builder.nix { + inherit (pkgs.webapps) connexionswing; + config = myconfig.env.websites.connexionswing.integration; + apacheUser = config.services.httpd.Inte.user; + apacheGroup = config.services.httpd.Inte.group; + }; + + cfg = config.myServices.websites.connexionswing.integration; +in { + options.myServices.websites.connexionswing.integration.enable = lib.mkEnableOption "enable Connexionswing's website in integration"; + + config = lib.mkIf cfg.enable { + secrets.keys = connexionswing.keys; + services.myPhpfpm.preStart.connexionswing_dev = connexionswing.phpFpm.preStart; + services.myPhpfpm.serviceDependencies.connexionswing_dev = connexionswing.phpFpm.serviceDeps; + services.myPhpfpm.poolConfigs.connexionswing_dev = connexionswing.phpFpm.pool; + services.myPhpfpm.poolPhpConfigs.connexionswing_dev = connexionswing.phpFpm.phpConfig; + system.activationScripts.connexionswing_dev = connexionswing.activationScript; + system.extraSystemBuilderCmds = '' + mkdir -p $out/webapps + ln -s ${connexionswing.app.webRoot} $out/webapps/${connexionswing.apache.webappName} + ''; + services.websites.integration.modules = connexionswing.apache.modules; + services.websites.integration.vhostConfs.connexionswing = { + certName = "eldiron"; + addToCerts = true; + hosts = ["connexionswing.immae.eu" "sandetludo.immae.eu" ]; + root = connexionswing.apache.root; + extraConfig = [ connexionswing.apache.vhostConf ]; + }; + }; +} + diff --git a/modules/private/websites/connexionswing/production.nix b/modules/private/websites/connexionswing/production.nix new file mode 100644 index 0000000..8f28f46 --- /dev/null +++ b/modules/private/websites/connexionswing/production.nix @@ -0,0 +1,37 @@ +{ lib, pkgs, config, myconfig, ... }: +let + connexionswing = pkgs.callPackage ./builder.nix { + inherit (pkgs.webapps) connexionswing; + config = myconfig.env.websites.connexionswing.production; + apacheUser = config.services.httpd.Prod.user; + apacheGroup = config.services.httpd.Prod.group; + }; + + cfg = config.myServices.websites.connexionswing.production; +in { + options.myServices.websites.connexionswing.production.enable = lib.mkEnableOption "enable Connexionswing's website in production"; + + config = lib.mkIf cfg.enable { + secrets.keys = connexionswing.keys; + services.webstats.sites = [ { name = "connexionswing.com"; } ]; + + services.myPhpfpm.preStart.connexionswing_prod = connexionswing.phpFpm.preStart; + services.myPhpfpm.serviceDependencies.connexionswing_prod = connexionswing.phpFpm.serviceDeps; + services.myPhpfpm.poolConfigs.connexionswing_prod = connexionswing.phpFpm.pool; + services.myPhpfpm.poolPhpConfigs.connexionswing_prod = connexionswing.phpFpm.phpConfig; + system.activationScripts.connexionswing_prod = connexionswing.activationScript; + system.extraSystemBuilderCmds = '' + mkdir -p $out/webapps + ln -s ${connexionswing.app.webRoot} $out/webapps/${connexionswing.apache.webappName} + ''; + services.websites.production.modules = connexionswing.apache.modules; + services.websites.production.vhostConfs.connexionswing = { + certName = "connexionswing"; + certMainHost = "connexionswing.com"; + hosts = ["connexionswing.com" "sandetludo.com" "www.connexionswing.com" "www.sandetludo.com" ]; + root = connexionswing.apache.root; + extraConfig = [ connexionswing.apache.vhostConf ]; + }; + }; +} + diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix new file mode 100644 index 0000000..80d902e --- /dev/null +++ b/modules/private/websites/default.nix @@ -0,0 +1,39 @@ +{ ... }: +{ + config.myServices.websites.aten.integration.enable = true; + config.myServices.websites.aten.production.enable = true; + + config.myServices.websites.capitaines.production.enable = true; + + config.myServices.websites.chloe.integration.enable = true; + config.myServices.websites.chloe.production.enable = true; + + config.myServices.websites.connexionswing.integration.enable = true; + config.myServices.websites.connexionswing.production.enable = true; + + config.myServices.websites.denisejerome.production.enable = true; + + config.myServices.websites.emilia.production.enable = true; + + config.myServices.websites.florian.app.enable = true; + config.myServices.websites.florian.integration.enable = true; + config.myServices.websites.florian.production.enable = true; + + config.myServices.websites.immae.production.enable = true; + config.myServices.websites.immae.release.enable = true; + config.myServices.websites.immae.temp.enable = true; + + config.myServices.websites.leila.production.enable = true; + + config.myServices.websites.ludivinecassal.integration.enable = true; + config.myServices.websites.ludivinecassal.production.enable = true; + + config.myServices.websites.nassime.production.enable = true; + + config.myServices.websites.naturaloutil.production.enable = true; + + config.myServices.websites.papa.surveillance.enable = true; + + config.myServices.websites.piedsjaloux.integration.enable = true; + config.myServices.websites.piedsjaloux.production.enable = true; +} diff --git a/nixops/modules/websites/ftp/denisejerome.nix b/modules/private/websites/denisejerome/production.nix similarity index 68% rename from nixops/modules/websites/ftp/denisejerome.nix rename to modules/private/websites/denisejerome/production.nix index 884fb62..b5aff94 100644 --- a/nixops/modules/websites/ftp/denisejerome.nix +++ b/modules/private/websites/denisejerome/production.nix @@ -1,16 +1,12 @@ { lib, pkgs, config, myconfig, ... }: let - cfg = config.services.myWebsites.DeniseJerome; - varDir = "/var/lib/ftp/denisejerome"; - env = myconfig.env.websites.denisejerome; + cfg = config.myServices.websites.denisejerome.production; + varDir = "/var/lib/ftp/denisejerome"; + env = myconfig.env.websites.denisejerome; in { - options.services.myWebsites.DeniseJerome = { - production = { - enable = lib.mkEnableOption "enable Denise Jerome's website"; - }; - }; + options.myServices.websites.denisejerome.production.enable = lib.mkEnableOption "enable Denise Jerome's website"; - config = lib.mkIf cfg.production.enable { + config = lib.mkIf cfg.enable { services.webstats.sites = [ { name = "denisejerome.piedsjaloux.fr"; } ]; services.websites.production.vhostConfs.denisejerome = { diff --git a/nixops/modules/websites/emilia/moodle/pause.html b/modules/private/websites/emilia/moodle/pause.html similarity index 100% rename from nixops/modules/websites/emilia/moodle/pause.html rename to modules/private/websites/emilia/moodle/pause.html diff --git a/nixops/modules/websites/emilia/default.nix b/modules/private/websites/emilia/production.nix similarity index 90% rename from nixops/modules/websites/emilia/default.nix rename to modules/private/websites/emilia/production.nix index 47257b7..2e705a1 100644 --- a/nixops/modules/websites/emilia/default.nix +++ b/modules/private/websites/emilia/production.nix @@ -1,6 +1,6 @@ { lib, pkgs, config, myconfig, ... }: let - cfg = config.services.myWebsites.Emilia; + cfg = config.myServices.websites.emilia.production; env = myconfig.env.websites.emilia; varDir = "/var/lib/moodle"; siteDir = ./moodle; @@ -40,13 +40,9 @@ let // it is intentional because it prevents trailing whitespace problems! ''; in { - options.services.myWebsites.Emilia = { - production = { - enable = lib.mkEnableOption "enable Emilia's website"; - }; - }; + options.myServices.websites.emilia.production.enable = lib.mkEnableOption "enable Emilia's website"; - config = lib.mkIf cfg.production.enable { + config = lib.mkIf cfg.enable { system.activationScripts.emilia = '' install -m 0755 -o wwwrun -g wwwrun -d ${varDir} ''; diff --git a/nixops/modules/websites/tellesflorian/default.nix b/modules/private/websites/florian/app.nix similarity index 51% rename from nixops/modules/websites/tellesflorian/default.nix rename to modules/private/websites/florian/app.nix index bbbde07..08506e1 100644 --- a/nixops/modules/websites/tellesflorian/default.nix +++ b/modules/private/websites/florian/app.nix @@ -2,37 +2,35 @@ let adminer = pkgs.callPackage ../commons/adminer.nix {}; - tellesflorian_dev = pkgs.callPackage ./tellesflorian.nix { + tellesflorian = pkgs.callPackage ./builder_app.nix { inherit (pkgs.webapps) tellesflorian; config = myconfig.env.websites.tellesflorian.integration; + apacheUser = config.services.httpd.Inte.user; + apacheGroup = config.services.httpd.Inte.group; }; - cfg = config.services.myWebsites.TellesFlorian; + cfg = config.myServices.websites.florian.app; in { - options.services.myWebsites.TellesFlorian = { - integration = { - enable = lib.mkEnableOption "enable Florian Telles's website in integration"; - }; - }; + options.myServices.websites.florian.app.enable = lib.mkEnableOption "enable Florian's app in integration"; - config = lib.mkIf cfg.integration.enable { - secrets.keys = tellesflorian_dev.keys; - services.myPhpfpm.preStart.tellesflorian_dev = tellesflorian_dev.phpFpm.preStart; - services.myPhpfpm.serviceDependencies.tellesflorian_dev = tellesflorian_dev.phpFpm.serviceDeps; - services.myPhpfpm.poolConfigs.tellesflorian_dev = tellesflorian_dev.phpFpm.pool; - system.activationScripts.tellesflorian_dev = tellesflorian_dev.activationScript; + config = lib.mkIf cfg.enable { + secrets.keys = tellesflorian.keys; + services.myPhpfpm.preStart.tellesflorian_dev = tellesflorian.phpFpm.preStart; + services.myPhpfpm.serviceDependencies.tellesflorian_dev = tellesflorian.phpFpm.serviceDeps; + services.myPhpfpm.poolConfigs.tellesflorian_dev = tellesflorian.phpFpm.pool; + system.activationScripts.tellesflorian_dev = tellesflorian.activationScript; system.extraSystemBuilderCmds = '' mkdir -p $out/webapps - ln -s ${tellesflorian_dev.app.webRoot} $out/webapps/${tellesflorian_dev.apache.webappName} + ln -s ${tellesflorian.app.webRoot} $out/webapps/${tellesflorian.apache.webappName} ''; - services.websites.integration.modules = adminer.apache.modules ++ tellesflorian_dev.apache.modules; + services.websites.integration.modules = adminer.apache.modules ++ tellesflorian.apache.modules; services.websites.integration.vhostConfs.tellesflorian = { certName = "eldiron"; addToCerts = true; hosts = ["app.tellesflorian.com" ]; - root = tellesflorian_dev.apache.root; + root = tellesflorian.apache.root; extraConfig = [ - tellesflorian_dev.apache.vhostConf + tellesflorian.apache.vhostConf adminer.apache.vhostConf ]; }; diff --git a/nixops/modules/websites/tellesflorian/tellesflorian.nix b/modules/private/websites/florian/builder_app.nix similarity index 90% rename from nixops/modules/websites/tellesflorian/tellesflorian.nix rename to modules/private/websites/florian/builder_app.nix index 5955431..e521f6e 100644 --- a/nixops/modules/websites/tellesflorian/tellesflorian.nix +++ b/modules/private/websites/florian/builder_app.nix @@ -1,11 +1,11 @@ -{ tellesflorian, config }: +{ apacheUser, apacheGroup, tellesflorian, config }: rec { app = tellesflorian.override { inherit (config) environment; }; keys = [ { dest = "webapps/${app.environment}-tellesflorian-passwords"; - user = apache.user; - group = apache.group; + user = apacheUser; + group = apacheGroup; permissions = "0400"; text = '' invite:${config.invite_passwords} @@ -13,8 +13,8 @@ rec { } { dest = "webapps/${app.environment}-tellesflorian"; - user = apache.user; - group = apache.group; + user = apacheUser; + group = apacheGroup; permissions = "0400"; text = '' # This file is auto-generated during the composer install @@ -49,10 +49,10 @@ rec { socket = "/var/run/phpfpm/floriantelles-${app.environment}.sock"; pool = '' listen = ${socket} - user = ${apache.user} - group = ${apache.group} - listen.owner = ${apache.user} - listen.group = ${apache.group} + user = ${apacheUser} + group = ${apacheGroup} + listen.owner = ${apacheUser} + listen.group = ${apacheGroup} php_admin_value[upload_max_filesize] = 20M php_admin_value[post_max_size] = 20M ;php_admin_flag[log_errors] = on @@ -72,8 +72,6 @@ rec { ''}''; }; apache = rec { - user = "wwwrun"; - group = "wwwrun"; modules = [ "proxy_fcgi" ]; webappName = "florian_${app.environment}"; root = "/run/current-system/webapps/${webappName}"; @@ -146,9 +144,9 @@ rec { activationScript = { deps = [ "wrappers" ]; text = '' - install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} \ + install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} \ ${app.varDir}/var - install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions + install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions ''; }; } diff --git a/modules/private/websites/florian/integration.nix b/modules/private/websites/florian/integration.nix new file mode 100644 index 0000000..424ebd4 --- /dev/null +++ b/modules/private/websites/florian/integration.nix @@ -0,0 +1,34 @@ +{ lib, pkgs, config, myconfig, ... }: +let + adminer = pkgs.callPackage ../commons/adminer.nix {}; + cfg = config.myServices.websites.florian.integration; + varDir = "/var/lib/ftp/florian"; + env = myconfig.env.websites.florian; +in { + options.myServices.websites.florian.integration.enable = lib.mkEnableOption "enable Florian's website integration"; + + config = lib.mkIf cfg.enable { + security.acme.certs."ftp".extraDomains."florian.immae.eu" = null; + + services.websites.integration.modules = adminer.apache.modules; + services.websites.integration.vhostConfs.florian = { + certName = "eldiron"; + addToCerts = true; + hosts = [ "florian.immae.eu" ]; + root = "${varDir}/florian.immae.eu"; + extraConfig = [ + adminer.apache.vhostConf + '' + ServerAdmin ${env.server_admin} + + + DirectoryIndex index.php index.htm index.html + Options Indexes FollowSymLinks MultiViews Includes + AllowOverride None + Require all granted + + '' + ]; + }; + }; +} diff --git a/modules/private/websites/florian/production.nix b/modules/private/websites/florian/production.nix new file mode 100644 index 0000000..9b310b8 --- /dev/null +++ b/modules/private/websites/florian/production.nix @@ -0,0 +1,34 @@ +{ lib, pkgs, config, myconfig, ... }: +let + adminer = pkgs.callPackage ../commons/adminer.nix {}; + cfg = config.myServices.websites.florian.production; + varDir = "/var/lib/ftp/florian"; + env = myconfig.env.websites.florian; +in { + options.myServices.websites.florian.production.enable = lib.mkEnableOption "enable Florian's website production"; + + config = lib.mkIf cfg.enable { + security.acme.certs."ftp".extraDomains."tellesflorian.com" = null; + + services.websites.production.modules = adminer.apache.modules; + services.websites.production.vhostConfs.florian = { + certName = "florian"; + certMainHost = "tellesflorian.com"; + hosts = [ "tellesflorian.com" "www.tellesflorian.com" ]; + root = "${varDir}/tellesflorian.com"; + extraConfig = [ + adminer.apache.vhostConf + '' + ServerAdmin ${env.server_admin} + + + DirectoryIndex index.php index.htm index.html + Options Indexes FollowSymLinks MultiViews Includes + AllowOverride None + Require all granted + + '' + ]; + }; + }; +} diff --git a/nixops/modules/websites/ftp/immae.nix b/modules/private/websites/immae/production.nix similarity index 84% rename from nixops/modules/websites/ftp/immae.nix rename to modules/private/websites/immae/production.nix index 2ba30a1..58cf048 100644 --- a/nixops/modules/websites/ftp/immae.nix +++ b/modules/private/websites/immae/production.nix @@ -1,16 +1,12 @@ { lib, pkgs, config, myconfig, ... }: let - cfg = config.services.myWebsites.Immae; - varDir = "/var/lib/ftp/immae"; - env = myconfig.env.websites.immae; + cfg = config.myServices.websites.immae.production; + varDir = "/var/lib/ftp/immae"; + env = myconfig.env.websites.immae; in { - options.services.myWebsites.Immae = { - production = { - enable = lib.mkEnableOption "enable Immae's website"; - }; - }; + options.myServices.websites.immae.production.enable = lib.mkEnableOption "enable Immae's website"; - config = lib.mkIf cfg.production.enable { + config = lib.mkIf cfg.enable { services.webstats.sites = [ { name = "www.immae.eu"; } ]; services.myPhpfpm.poolConfigs.immae = '' diff --git a/nixops/modules/websites/ftp/release.nix b/modules/private/websites/immae/release.nix similarity index 72% rename from nixops/modules/websites/ftp/release.nix rename to modules/private/websites/immae/release.nix index db3487f..68381a6 100644 --- a/nixops/modules/websites/ftp/release.nix +++ b/modules/private/websites/immae/release.nix @@ -1,16 +1,12 @@ { lib, pkgs, config, myconfig, ... }: let - cfg = config.services.myWebsites.Release; - varDir = "/var/lib/ftp/release.immae.eu"; - env = myconfig.env.websites.release; + cfg = config.myServices.websites.immae.release; + varDir = "/var/lib/ftp/release.immae.eu"; + env = myconfig.env.websites.release; in { - options.services.myWebsites.Release = { - production = { - enable = lib.mkEnableOption "enable Release' website"; - }; - }; + options.myServices.websites.immae.release.enable = lib.mkEnableOption "enable Release' website"; - config = lib.mkIf cfg.production.enable { + config = lib.mkIf cfg.enable { services.webstats.sites = [ { name = "release.immae.eu"; } ]; services.websites.production.vhostConfs.release = { diff --git a/nixops/modules/websites/ftp/temp.nix b/modules/private/websites/immae/temp.nix similarity index 71% rename from nixops/modules/websites/ftp/temp.nix rename to modules/private/websites/immae/temp.nix index 86dfde3..0b2a3a3 100644 --- a/nixops/modules/websites/ftp/temp.nix +++ b/modules/private/websites/immae/temp.nix @@ -1,16 +1,12 @@ { lib, pkgs, config, myconfig, ... }: let - cfg = config.services.myWebsites.Temp; - varDir = "/var/lib/ftp/temp.immae.eu"; - env = myconfig.env.websites.temp; + cfg = config.myServices.websites.immae.temp; + varDir = "/var/lib/ftp/temp.immae.eu"; + env = myconfig.env.websites.temp; in { - options.services.myWebsites.Temp = { - production = { - enable = lib.mkEnableOption "enable Temp' website"; - }; - }; + options.myServices.websites.immae.temp.enable = lib.mkEnableOption "enable Temp' website"; - config = lib.mkIf cfg.production.enable { + config = lib.mkIf cfg.enable { services.websites.production.modules = [ "headers" ]; services.websites.production.vhostConfs.temp = { certName = "eldiron"; diff --git a/modules/private/websites/leila/production.nix b/modules/private/websites/leila/production.nix new file mode 100644 index 0000000..1ce8eea --- /dev/null +++ b/modules/private/websites/leila/production.nix @@ -0,0 +1,82 @@ +{ lib, pkgs, config, ... }: +let + cfg = config.myServices.websites.leila.production; + varDir = "/var/lib/ftp/leila"; +in { + options.myServices.websites.leila.production.enable = lib.mkEnableOption "enable Leila's website in production"; + + config = lib.mkIf cfg.enable { + services.myPhpfpm.poolConfigs.leila = '' + listen = /run/phpfpm/leila.sock + user = wwwrun + group = wwwrun + listen.owner = wwwrun + listen.group = wwwrun + + pm = ondemand + pm.max_children = 5 + pm.process_idle_timeout = 60 + + php_admin_value[open_basedir] = "${varDir}:/tmp" + ''; + + services.webstats.sites = [ + { name = "leila.bouya.org"; } + { name = "chorale.leila.bouya.org"; } + ]; + + services.websites.production.modules = [ "proxy_fcgi" ]; + services.websites.production.vhostConfs.leila_chorale = { + certName = "leila"; + addToCerts = true; + hosts = [ "chorale.leila.bouya.org" "chorale-vocanta.fr.nf" "www.chorale-vocanta.fr.nf" ]; + root = "${varDir}/Chorale"; + extraConfig = [ + '' + Use Stats chorale.leila.bouya.org + + DirectoryIndex index.php index.htm index.html + Options Indexes FollowSymLinks MultiViews Includes + AllowOverride None + + Use LDAPConnect + Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu + + + SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost" + + + '' + ]; + }; + services.websites.production.vhostConfs.leila = { + certName = "leila"; + certMainHost = "leila.bouya.org"; + hosts = [ "leila.bouya.org" ]; + root = varDir; + extraConfig = [ + '' + Use Stats leila.bouya.org + + DirectoryIndex index.htm index.html + Options Indexes FollowSymLinks MultiViews Includes + AllowOverride None + + Use LDAPConnect + Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu + + + SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost" + + + + DirectoryIndex index.htm index.html + Options Indexes FollowSymLinks MultiViews Includes + AllowOverride None + Require all granted + + '' + ]; + }; + }; +} diff --git a/nixops/modules/websites/ludivine/ludivinecassal.nix b/modules/private/websites/ludivinecassal/builder.nix similarity index 88% rename from nixops/modules/websites/ludivine/ludivinecassal.nix rename to modules/private/websites/ludivinecassal/builder.nix index 39fd088..3167bce 100644 --- a/nixops/modules/websites/ludivine/ludivinecassal.nix +++ b/modules/private/websites/ludivinecassal/builder.nix @@ -1,11 +1,11 @@ -{ config, ludivinecassal, pkgs, ruby, sass, imagemagick }: +{ apacheUser, apacheGroup, config, ludivinecassal, pkgs, ruby, sass, imagemagick }: rec { app = ludivinecassal.override { inherit (config) environment; }; varDir = "/var/lib/ludivinecassal_${app.environment}"; keys = [{ dest = "webapps/${app.environment}-ludivinecassal"; - user = apache.user; - group = apache.group; + user = apacheUser; + group = apacheGroup; permissions = "0400"; text = '' # This file is auto-generated during the composer install @@ -45,7 +45,7 @@ rec { "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \ || ! sha512sum -c --status ${app.varDir}/currentKey; then pushd ${app} > /dev/null - /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${app.environment} cache:clear --no-warmup + /run/wrappers/bin/sudo -u ${apacheUser} ./bin/console --env=${app.environment} cache:clear --no-warmup popd > /dev/null echo -n "${app}" > ${app.varDir}/currentWebappDir sha512sum /var/secrets/webapps/${app.environment}-ludivinecassal > ${app.varDir}/currentKey @@ -55,10 +55,10 @@ rec { socket = "/var/run/phpfpm/ludivinecassal-${app.environment}.sock"; pool = '' listen = ${socket} - user = ${apache.user} - group = ${apache.group} - listen.owner = ${apache.user} - listen.group = ${apache.group} + user = ${apacheUser} + group = ${apacheGroup} + listen.owner = ${apacheUser} + listen.group = ${apacheGroup} php_admin_value[upload_max_filesize] = 20M php_admin_value[post_max_size] = 20M ;php_admin_flag[log_errors] = on @@ -78,8 +78,6 @@ rec { ''}''; }; apache = rec { - user = "wwwrun"; - group = "wwwrun"; modules = [ "proxy_fcgi" ]; webappName = "ludivine_${app.environment}"; root = "/run/current-system/webapps/${webappName}"; @@ -149,9 +147,9 @@ rec { activationScript = { deps = [ "wrappers" ]; text = '' - install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} - install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/tmp - install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions + install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} + install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/tmp + install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions ''; }; } diff --git a/modules/private/websites/ludivinecassal/integration.nix b/modules/private/websites/ludivinecassal/integration.nix new file mode 100644 index 0000000..0be067b --- /dev/null +++ b/modules/private/websites/ludivinecassal/integration.nix @@ -0,0 +1,34 @@ +{ lib, pkgs, config, myconfig, ... }: +let + ludivinecassal = pkgs.callPackage ./builder.nix { + inherit (pkgs.webapps) ludivinecassal; + config = myconfig.env.websites.ludivinecassal.integration; + apacheUser = config.services.httpd.Inte.user; + apacheGroup = config.services.httpd.Inte.group; + }; + + cfg = config.myServices.websites.ludivinecassal.integration; +in { + options.myServices.websites.ludivinecassal.integration.enable = lib.mkEnableOption "enable Ludivine's website in integration"; + + config = lib.mkIf cfg.enable { + secrets.keys = ludivinecassal.keys; + + services.myPhpfpm.preStart.ludivinecassal_dev = ludivinecassal.phpFpm.preStart; + services.myPhpfpm.serviceDependencies.ludivinecassal_dev = ludivinecassal.phpFpm.serviceDeps; + services.myPhpfpm.poolConfigs.ludivinecassal_dev = ludivinecassal.phpFpm.pool; + system.activationScripts.ludivinecassal_dev = ludivinecassal.activationScript; + system.extraSystemBuilderCmds = '' + mkdir -p $out/webapps + ln -s ${ludivinecassal.app.webRoot} $out/webapps/${ludivinecassal.apache.webappName} + ''; + services.websites.integration.modules = ludivinecassal.apache.modules; + services.websites.integration.vhostConfs.ludivine = { + certName = "eldiron"; + addToCerts = true; + hosts = [ "ludivine.immae.eu" ]; + root = ludivinecassal.apache.root; + extraConfig = [ ludivinecassal.apache.vhostConf ]; + }; + }; +} diff --git a/modules/private/websites/ludivinecassal/production.nix b/modules/private/websites/ludivinecassal/production.nix new file mode 100644 index 0000000..c5de698 --- /dev/null +++ b/modules/private/websites/ludivinecassal/production.nix @@ -0,0 +1,35 @@ +{ lib, pkgs, config, myconfig, ... }: +let + ludivinecassal = pkgs.callPackage ./builder.nix { + inherit (pkgs.webapps) ludivinecassal; + config = myconfig.env.websites.ludivinecassal.production; + apacheUser = config.services.httpd.Prod.user; + apacheGroup = config.services.httpd.Prod.group; + }; + + cfg = config.myServices.websites.ludivinecassal.production; +in { + options.myServices.websites.ludivinecassal.production.enable = lib.mkEnableOption "enable Ludivine's website in production"; + + config = lib.mkIf cfg.enable { + secrets.keys = ludivinecassal.keys; + services.webstats.sites = [ { name = "ludivinecassal.com"; } ]; + + services.myPhpfpm.preStart.ludivinecassal_prod = ludivinecassal.phpFpm.preStart; + services.myPhpfpm.serviceDependencies.ludivinecassal_prod = ludivinecassal.phpFpm.serviceDeps; + services.myPhpfpm.poolConfigs.ludivinecassal_prod = ludivinecassal.phpFpm.pool; + system.activationScripts.ludivinecassal_prod = ludivinecassal.activationScript; + system.extraSystemBuilderCmds = '' + mkdir -p $out/webapps + ln -s ${ludivinecassal.app.webRoot} $out/webapps/${ludivinecassal.apache.webappName} + ''; + services.websites.production.modules = ludivinecassal.apache.modules; + services.websites.production.vhostConfs.ludivine = { + certName = "ludivinecassal"; + certMainHost = "ludivinecassal.com"; + hosts = ["ludivinecassal.com" "www.ludivinecassal.com" ]; + root = ludivinecassal.apache.root; + extraConfig = [ ludivinecassal.apache.vhostConf ]; + }; + }; +} diff --git a/nixops/modules/websites/ftp/nassime.nix b/modules/private/websites/nassime/production.nix similarity index 71% rename from nixops/modules/websites/ftp/nassime.nix rename to modules/private/websites/nassime/production.nix index 3c982d3..a109778 100644 --- a/nixops/modules/websites/ftp/nassime.nix +++ b/modules/private/websites/nassime/production.nix @@ -1,16 +1,12 @@ { lib, pkgs, config, myconfig, ... }: let - cfg = config.services.myWebsites.Nassime; - varDir = "/var/lib/ftp/nassime"; - env = myconfig.env.websites.nassime; + cfg = config.myServices.websites.nassime.production; + varDir = "/var/lib/ftp/nassime"; + env = myconfig.env.websites.nassime; in { - options.services.myWebsites.Nassime = { - production = { - enable = lib.mkEnableOption "enable Nassime's website"; - }; - }; + options.myServices.websites.nassime.production.enable = lib.mkEnableOption "enable Nassime's website"; - config = lib.mkIf cfg.production.enable { + config = lib.mkIf cfg.enable { services.webstats.sites = [ { name = "nassime.bouya.org"; } ]; security.acme.certs."ftp".extraDomains."nassime.bouya.org" = null; diff --git a/nixops/modules/websites/ftp/jerome.nix b/modules/private/websites/naturaloutil/production.nix similarity index 88% rename from nixops/modules/websites/ftp/jerome.nix rename to modules/private/websites/naturaloutil/production.nix index d00c42d..b6cf069 100644 --- a/nixops/modules/websites/ftp/jerome.nix +++ b/modules/private/websites/naturaloutil/production.nix @@ -1,17 +1,13 @@ { lib, pkgs, config, myconfig, ... }: let - adminer = pkgs.callPackage ../commons/adminer.nix {}; - cfg = config.services.myWebsites.Jerome; - varDir = "/var/lib/ftp/jerome"; - env = myconfig.env.websites.jerome; + adminer = pkgs.callPackage ../commons/adminer.nix {}; + cfg = config.myServices.websites.naturaloutil.production; + varDir = "/var/lib/ftp/jerome"; + env = myconfig.env.websites.jerome; in { - options.services.myWebsites.Jerome = { - production = { - enable = lib.mkEnableOption "enable Jerome's website"; - }; - }; + options.myServices.websites.naturaloutil.production.enable = lib.mkEnableOption "enable Naturaloutil's website"; - config = lib.mkIf cfg.production.enable { + config = lib.mkIf cfg.enable { services.webstats.sites = [ { name = "naturaloutil.immae.eu"; } ]; security.acme.certs."ftp".extraDomains."naturaloutil.immae.eu" = null; diff --git a/nixops/modules/websites/ftp/papa.nix b/modules/private/websites/papa/surveillance.nix similarity index 82% rename from nixops/modules/websites/ftp/papa.nix rename to modules/private/websites/papa/surveillance.nix index c8d05ef..8e7cd9d 100644 --- a/nixops/modules/websites/ftp/papa.nix +++ b/modules/private/websites/papa/surveillance.nix @@ -1,15 +1,11 @@ { lib, pkgs, config, myconfig, ... }: let - cfg = config.services.myWebsites.Papa; - varDir = "/var/lib/ftp/papa"; + cfg = config.myServices.websites.papa.surveillance; + varDir = "/var/lib/ftp/papa"; in { - options.services.myWebsites.Papa = { - production = { - enable = lib.mkEnableOption "enable Papa's website"; - }; - }; + options.myServices.websites.papa.surveillance.enable = lib.mkEnableOption "enable Papa surveillance's website"; - config = lib.mkIf cfg.production.enable { + config = lib.mkIf cfg.enable { security.acme.certs."ftp".extraDomains."surveillance.maison.bbc.bouya.org" = null; services.cron = { diff --git a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix b/modules/private/websites/piedsjaloux/builder.nix similarity index 89% rename from nixops/modules/websites/piedsjaloux/piedsjaloux.nix rename to modules/private/websites/piedsjaloux/builder.nix index 97f8946..9fcc8fb 100644 --- a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix +++ b/modules/private/websites/piedsjaloux/builder.nix @@ -1,11 +1,11 @@ -{ piedsjaloux, config, pkgs, lib, texlive, imagemagick }: +{ apacheUser, apacheGroup, piedsjaloux, config, pkgs, lib, texlive, imagemagick }: rec { app = piedsjaloux.override { inherit (config) environment; }; varDir = "/var/lib/piedsjaloux_${app.environment}"; keys = [{ dest = "webapps/${app.environment}-piedsjaloux"; - user = apache.user; - group = apache.group; + user = apacheUser; + group = apacheGroup; permissions = "0400"; text = '' # This file is auto-generated during the composer install @@ -33,7 +33,7 @@ rec { "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \ || ! sha512sum -c --status ${app.varDir}/currentKey; then pushd ${app} > /dev/null - /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${app.environment} cache:clear --no-warmup + /run/wrappers/bin/sudo -u ${apacheUser} ./bin/console --env=${app.environment} cache:clear --no-warmup popd > /dev/null echo -n "${app}" > ${app.varDir}/currentWebappDir sha512sum /var/secrets/webapps/${app.environment}-piedsjaloux > ${app.varDir}/currentKey @@ -43,10 +43,10 @@ rec { socket = "/var/run/phpfpm/piedsjaloux-${app.environment}.sock"; pool = '' listen = ${socket} - user = ${apache.user} - group = ${apache.group} - listen.owner = ${apache.user} - listen.group = ${apache.group} + user = ${apacheUser} + group = ${apacheGroup} + listen.owner = ${apacheUser} + listen.group = ${apacheGroup} php_admin_value[upload_max_filesize] = 20M php_admin_value[post_max_size] = 20M ;php_admin_flag[log_errors] = on @@ -67,8 +67,6 @@ rec { ''}''; }; apache = rec { - user = "wwwrun"; - group = "wwwrun"; modules = [ "proxy_fcgi" ]; webappName = "piedsjaloux_${app.environment}"; root = "/run/current-system/webapps/${webappName}"; @@ -138,9 +136,9 @@ rec { activationScript = { deps = [ "wrappers" ]; text = '' - install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} \ + install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} \ ${app.varDir}/tmp - install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions + install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions ''; }; } diff --git a/modules/private/websites/piedsjaloux/integration.nix b/modules/private/websites/piedsjaloux/integration.nix new file mode 100644 index 0000000..6249e85 --- /dev/null +++ b/modules/private/websites/piedsjaloux/integration.nix @@ -0,0 +1,34 @@ +{ lib, pkgs, config, myconfig, ... }: +let + piedsjaloux = pkgs.callPackage ./builder.nix { + inherit (pkgs.webapps) piedsjaloux; + config = myconfig.env.websites.piedsjaloux.integration; + apacheUser = config.services.httpd.Inte.user; + apacheGroup = config.services.httpd.Inte.group; + }; + + cfg = config.myServices.websites.piedsjaloux.integration; +in { + options.myServices.websites.piedsjaloux.integration.enable = lib.mkEnableOption "enable PiedsJaloux's website in integration"; + + config = lib.mkIf cfg.enable { + secrets.keys = piedsjaloux.keys; + services.myPhpfpm.preStart.piedsjaloux_dev = piedsjaloux.phpFpm.preStart; + services.myPhpfpm.serviceDependencies.piedsjaloux_dev = piedsjaloux.phpFpm.serviceDeps; + services.myPhpfpm.poolConfigs.piedsjaloux_dev = piedsjaloux.phpFpm.pool; + system.activationScripts.piedsjaloux_dev = piedsjaloux.activationScript; + system.extraSystemBuilderCmds = '' + mkdir -p $out/webapps + ln -s ${piedsjaloux.app.webRoot} $out/webapps/${piedsjaloux.apache.webappName} + ''; + services.websites.integration.modules = piedsjaloux.apache.modules; + services.websites.integration.vhostConfs.piedsjaloux = { + certName = "eldiron"; + addToCerts = true; + hosts = [ "piedsjaloux.immae.eu" ]; + root = piedsjaloux.apache.root; + extraConfig = [ piedsjaloux.apache.vhostConf ]; + }; + }; +} + diff --git a/modules/private/websites/piedsjaloux/production.nix b/modules/private/websites/piedsjaloux/production.nix new file mode 100644 index 0000000..afa1667 --- /dev/null +++ b/modules/private/websites/piedsjaloux/production.nix @@ -0,0 +1,36 @@ +{ lib, pkgs, config, myconfig, ... }: +let + piedsjaloux = pkgs.callPackage ./builder.nix { + inherit (pkgs.webapps) piedsjaloux; + config = myconfig.env.websites.piedsjaloux.production; + apacheUser = config.services.httpd.Prod.user; + apacheGroup = config.services.httpd.Prod.group; + }; + + cfg = config.myServices.websites.piedsjaloux.production; +in { + options.myServices.websites.piedsjaloux.production.enable = lib.mkEnableOption "enable PiedsJaloux's website in production"; + + config = lib.mkIf cfg.enable { + secrets.keys = piedsjaloux.keys; + services.webstats.sites = [ { name = "piedsjaloux.fr"; } ]; + + services.myPhpfpm.preStart.piedsjaloux_prod = piedsjaloux.phpFpm.preStart; + services.myPhpfpm.serviceDependencies.piedsjaloux_prod = piedsjaloux.phpFpm.serviceDeps; + services.myPhpfpm.poolConfigs.piedsjaloux_prod = piedsjaloux.phpFpm.pool; + system.activationScripts.piedsjaloux_prod = piedsjaloux.activationScript; + system.extraSystemBuilderCmds = '' + mkdir -p $out/webapps + ln -s ${piedsjaloux.app.webRoot} $out/webapps/${piedsjaloux.apache.webappName} + ''; + services.websites.production.modules = piedsjaloux.apache.modules; + services.websites.production.vhostConfs.piedsjaloux = { + certName = "piedsjaloux"; + certMainHost = "piedsjaloux.fr"; + hosts = [ "piedsjaloux.fr" "www.piedsjaloux.fr" ]; + root = piedsjaloux.apache.root; + extraConfig = [ piedsjaloux.apache.vhostConf ]; + }; + }; +} + diff --git a/nixops/modules/websites/aten/default.nix b/nixops/modules/websites/aten/default.nix deleted file mode 100644 index a9e75b6..0000000 --- a/nixops/modules/websites/aten/default.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ lib, pkgs, config, myconfig, ... }: -let - aten_dev = pkgs.callPackage ./aten.nix { - inherit (pkgs.webapps) aten; - config = myconfig.env.websites.aten.integration; - }; - aten_prod = pkgs.callPackage ./aten.nix { - inherit (pkgs.webapps) aten; - config = myconfig.env.websites.aten.production; - }; - - cfg = config.services.myWebsites.Aten; -in { - options.services.myWebsites.Aten = { - production = { - enable = lib.mkEnableOption "enable Aten's website in production"; - }; - integration = { - enable = lib.mkEnableOption "enable Aten's website in integration"; - }; - }; - - config = lib.mkMerge [ - (lib.mkIf cfg.production.enable { - secrets.keys = aten_prod.keys; - services.webstats.sites = [ { name = "aten.pro"; } ]; - - services.myPhpfpm.preStart.aten_prod = aten_prod.phpFpm.preStart; - services.myPhpfpm.serviceDependencies.aten_prod = aten_prod.phpFpm.serviceDeps; - services.myPhpfpm.poolConfigs.aten_prod = aten_prod.phpFpm.pool; - system.activationScripts.aten_prod = aten_prod.activationScript; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${aten_prod.app.webRoot} $out/webapps/${aten_prod.apache.webappName} - ''; - services.websites.production.modules = aten_prod.apache.modules; - services.websites.production.vhostConfs.aten = { - certName = "aten"; - certMainHost = "aten.pro"; - hosts = [ "aten.pro" "www.aten.pro" ]; - root = aten_prod.apache.root; - extraConfig = [ aten_prod.apache.vhostConf ]; - }; - }) - (lib.mkIf cfg.integration.enable { - secrets.keys = aten_dev.keys; - services.myPhpfpm.preStart.aten_dev = aten_dev.phpFpm.preStart; - services.myPhpfpm.serviceDependencies.aten_dev = aten_dev.phpFpm.serviceDeps; - services.myPhpfpm.poolConfigs.aten_dev = aten_dev.phpFpm.pool; - system.activationScripts.aten_dev = aten_dev.activationScript; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${aten_dev.app.webRoot} $out/webapps/${aten_dev.apache.webappName} - ''; - services.websites.integration.modules = aten_dev.apache.modules; - services.websites.integration.vhostConfs.aten = { - certName = "eldiron"; - addToCerts = true; - hosts = [ "dev.aten.pro" ]; - root = aten_dev.apache.root; - extraConfig = [ aten_dev.apache.vhostConf ]; - }; - }) - ]; -} - diff --git a/nixops/modules/websites/chloe/chloe_config_prod/chmod.php b/nixops/modules/websites/chloe/chloe_config_prod/chmod.php deleted file mode 100644 index aae16cd..0000000 --- a/nixops/modules/websites/chloe/chloe_config_prod/chmod.php +++ /dev/null @@ -1,4 +0,0 @@ - \ No newline at end of file diff --git a/nixops/modules/websites/chloe/chloe_config_prod/connect.php b/nixops/modules/websites/chloe/chloe_config_prod/connect.php deleted file mode 100644 index 18b0933..0000000 --- a/nixops/modules/websites/chloe/chloe_config_prod/connect.php +++ /dev/null @@ -1,15 +0,0 @@ - diff --git a/nixops/modules/websites/chloe/chloe_config_prod/ldap.php b/nixops/modules/websites/chloe/chloe_config_prod/ldap.php deleted file mode 100644 index 825b7ed..0000000 --- a/nixops/modules/websites/chloe/chloe_config_prod/ldap.php +++ /dev/null @@ -1,9 +0,0 @@ - array('sAMAccountName','uid','login','userid','cn','sn'),'nom' => 'cn','email' => 'mail','bio' => 'description',); -$GLOBALS['ldap_search'] = getenv("SPIP_LDAP_SEARCH"); -?> diff --git a/nixops/modules/websites/chloe/default.nix b/nixops/modules/websites/chloe/default.nix deleted file mode 100644 index 8e801b5..0000000 --- a/nixops/modules/websites/chloe/default.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ lib, pkgs, config, myconfig, ... }: -let - chloe_dev = pkgs.callPackage ./chloe.nix { - inherit (pkgs.webapps) chloe; - config = myconfig.env.websites.chloe.integration; - }; - chloe_prod = pkgs.callPackage ./chloe.nix { - inherit (pkgs.webapps) chloe; - config = myconfig.env.websites.chloe.production; - }; - - cfg = config.services.myWebsites.Chloe; -in { - options.services.myWebsites.Chloe = { - production = { - enable = lib.mkEnableOption "enable Chloe's website in production"; - }; - integration = { - enable = lib.mkEnableOption "enable Chloe's website in integration"; - }; - }; - - config = lib.mkMerge [ - (lib.mkIf cfg.production.enable { - secrets.keys = chloe_prod.keys; - services.webstats.sites = [ { name = "osteopathe-cc.fr"; } ]; - - services.myPhpfpm.serviceDependencies.chloe_prod = chloe_prod.phpFpm.serviceDeps; - services.myPhpfpm.poolConfigs.chloe_prod = chloe_prod.phpFpm.pool; - services.myPhpfpm.poolPhpConfigs.chloe_prod = '' - extension=${pkgs.php}/lib/php/extensions/mysqli.so - ''; - system.activationScripts.chloe_prod = chloe_prod.activationScript; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${chloe_prod.app.webRoot} $out/webapps/${chloe_prod.apache.webappName} - ''; - services.websites.production.modules = chloe_prod.apache.modules; - services.websites.production.vhostConfs.chloe = { - certName = "chloe"; - certMainHost = "osteopathe-cc.fr"; - hosts = ["osteopathe-cc.fr" "www.osteopathe-cc.fr" ]; - root = chloe_prod.apache.root; - extraConfig = [ chloe_prod.apache.vhostConf ]; - }; - }) - (lib.mkIf cfg.integration.enable { - secrets.keys = chloe_dev.keys; - services.myPhpfpm.serviceDependencies.chloe_dev = chloe_dev.phpFpm.serviceDeps; - services.myPhpfpm.poolConfigs.chloe_dev = chloe_dev.phpFpm.pool; - services.myPhpfpm.poolPhpConfigs.chloe_dev = '' - extension=${pkgs.php}/lib/php/extensions/mysqli.so - ''; - system.activationScripts.chloe_dev = chloe_dev.activationScript; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${chloe_dev.app.webRoot} $out/webapps/${chloe_dev.apache.webappName} - ''; - services.websites.integration.modules = chloe_dev.apache.modules; - services.websites.integration.vhostConfs.chloe = { - certName = "eldiron"; - addToCerts = true; - hosts = ["chloe.immae.eu" ]; - root = chloe_dev.apache.root; - extraConfig = [ chloe_dev.apache.vhostConf ]; - }; - }) - ]; -} diff --git a/nixops/modules/websites/connexionswing/default.nix b/nixops/modules/websites/connexionswing/default.nix deleted file mode 100644 index 20c5166..0000000 --- a/nixops/modules/websites/connexionswing/default.nix +++ /dev/null @@ -1,68 +0,0 @@ -{ lib, pkgs, config, myconfig, ... }: -let - connexionswing_dev = pkgs.callPackage ./connexionswing.nix { - inherit (pkgs.webapps) connexionswing; - config = myconfig.env.websites.connexionswing.integration; - }; - connexionswing_prod = pkgs.callPackage ./connexionswing.nix { - inherit (pkgs.webapps) connexionswing; - config = myconfig.env.websites.connexionswing.production; - }; - - cfg = config.services.myWebsites.Connexionswing; -in { - options.services.myWebsites.Connexionswing = { - production = { - enable = lib.mkEnableOption "enable Connexionswing's website in production"; - }; - integration = { - enable = lib.mkEnableOption "enable Connexionswing's website in integration"; - }; - }; - - config = lib.mkMerge [ - (lib.mkIf cfg.production.enable { - secrets.keys = connexionswing_prod.keys; - services.webstats.sites = [ { name = "connexionswing.com"; } ]; - - services.myPhpfpm.preStart.connexionswing_prod = connexionswing_prod.phpFpm.preStart; - services.myPhpfpm.serviceDependencies.connexionswing_prod = connexionswing_prod.phpFpm.serviceDeps; - services.myPhpfpm.poolConfigs.connexionswing_prod = connexionswing_prod.phpFpm.pool; - services.myPhpfpm.poolPhpConfigs.connexionswing_prod = connexionswing_prod.phpFpm.phpConfig; - system.activationScripts.connexionswing_prod = connexionswing_prod.activationScript; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${connexionswing_prod.app.webRoot} $out/webapps/${connexionswing_prod.apache.webappName} - ''; - services.websites.production.modules = connexionswing_prod.apache.modules; - services.websites.production.vhostConfs.connexionswing = { - certName = "connexionswing"; - certMainHost = "connexionswing.com"; - hosts = ["connexionswing.com" "sandetludo.com" "www.connexionswing.com" "www.sandetludo.com" ]; - root = connexionswing_prod.apache.root; - extraConfig = [ connexionswing_prod.apache.vhostConf ]; - }; - }) - (lib.mkIf cfg.integration.enable { - secrets.keys = connexionswing_dev.keys; - services.myPhpfpm.preStart.connexionswing_dev = connexionswing_dev.phpFpm.preStart; - services.myPhpfpm.serviceDependencies.connexionswing_dev = connexionswing_dev.phpFpm.serviceDeps; - services.myPhpfpm.poolConfigs.connexionswing_dev = connexionswing_dev.phpFpm.pool; - services.myPhpfpm.poolPhpConfigs.connexionswing_dev = connexionswing_dev.phpFpm.phpConfig; - system.activationScripts.connexionswing_dev = connexionswing_dev.activationScript; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${connexionswing_dev.app.webRoot} $out/webapps/${connexionswing_dev.apache.webappName} - ''; - services.websites.integration.modules = connexionswing_dev.apache.modules; - services.websites.integration.vhostConfs.connexionswing = { - certName = "eldiron"; - addToCerts = true; - hosts = ["connexionswing.immae.eu" "sandetludo.immae.eu" ]; - root = connexionswing_dev.apache.root; - extraConfig = [ connexionswing_dev.apache.vhostConf ]; - }; - }) - ]; -} - diff --git a/nixops/modules/websites/default.nix b/nixops/modules/websites/default.nix index 432ad3c..584892a 100644 --- a/nixops/modules/websites/default.nix +++ b/nixops/modules/websites/default.nix @@ -66,23 +66,6 @@ let in { imports = [ - ./chloe - ./ludivine - ./aten - ./piedsjaloux - ./connexionswing - ./tellesflorian - ./emilia - ./capitaines - ./ftp/jerome.nix - ./ftp/nassime.nix - ./ftp/florian.nix - ./ftp/denisejerome.nix - ./ftp/leila.nix - ./ftp/papa.nix - ./ftp/immae.nix - ./ftp/release.nix - ./ftp/temp.nix ./tools/db.nix ./tools/tools ./tools/dav @@ -133,31 +116,6 @@ in services.myWebsites.tools.etherpad-lite.enable = true; services.myWebsites.tools.peertube.enable = true; - services.myWebsites.Chloe.production.enable = true; - services.myWebsites.Ludivine.production.enable = true; - services.myWebsites.Aten.production.enable = true; - services.myWebsites.PiedsJaloux.production.enable = true; - services.myWebsites.Connexionswing.production.enable = true; - services.myWebsites.Jerome.production.enable = true; - services.myWebsites.Nassime.production.enable = true; - services.myWebsites.Florian.production.enable = true; - services.myWebsites.Leila.production.enable = true; - services.myWebsites.Papa.production.enable = true; - services.myWebsites.DeniseJerome.production.enable = true; - services.myWebsites.Emilia.production.enable = true; - services.myWebsites.Capitaines.production.enable = true; - services.myWebsites.Immae.production.enable = true; - services.myWebsites.Release.production.enable = true; - services.myWebsites.Temp.production.enable = true; - - services.myWebsites.Chloe.integration.enable = true; - services.myWebsites.Ludivine.integration.enable = true; - services.myWebsites.Aten.integration.enable = true; - services.myWebsites.PiedsJaloux.integration.enable = true; - services.myWebsites.Connexionswing.integration.enable = true; - services.myWebsites.TellesFlorian.integration.enable = true; - services.myWebsites.Florian.integration.enable = true; - secrets.keys = [{ dest = "apache-ldap"; user = "wwwrun"; diff --git a/nixops/modules/websites/ftp/florian.nix b/nixops/modules/websites/ftp/florian.nix deleted file mode 100644 index ebd461e..0000000 --- a/nixops/modules/websites/ftp/florian.nix +++ /dev/null @@ -1,68 +0,0 @@ -{ lib, pkgs, config, myconfig, ... }: -let - adminer = pkgs.callPackage ../commons/adminer.nix {}; - cfg = config.services.myWebsites.Florian; - varDir = "/var/lib/ftp/florian"; - env = myconfig.env.websites.florian; -in { - options.services.myWebsites.Florian = { - production = { - enable = lib.mkEnableOption "enable Florian's website production"; - }; - integration = { - enable = lib.mkEnableOption "enable Florian's website integration"; - }; - }; - - config = lib.mkMerge [ - (lib.mkIf cfg.production.enable { - security.acme.certs."ftp".extraDomains."tellesflorian.com" = null; - - services.websites.production.modules = adminer.apache.modules; - services.websites.production.vhostConfs.florian = { - certName = "florian"; - certMainHost = "tellesflorian.com"; - hosts = [ "tellesflorian.com" "www.tellesflorian.com" ]; - root = "${varDir}/tellesflorian.com"; - extraConfig = [ - adminer.apache.vhostConf - '' - ServerAdmin ${env.server_admin} - - - DirectoryIndex index.php index.htm index.html - Options Indexes FollowSymLinks MultiViews Includes - AllowOverride None - Require all granted - - '' - ]; - }; - }) - - (lib.mkIf cfg.integration.enable { - security.acme.certs."ftp".extraDomains."florian.immae.eu" = null; - - services.websites.integration.modules = adminer.apache.modules; - services.websites.integration.vhostConfs.florian = { - certName = "eldiron"; - addToCerts = true; - hosts = [ "florian.immae.eu" ]; - root = "${varDir}/florian.immae.eu"; - extraConfig = [ - adminer.apache.vhostConf - '' - ServerAdmin ${env.server_admin} - - - DirectoryIndex index.php index.htm index.html - Options Indexes FollowSymLinks MultiViews Includes - AllowOverride None - Require all granted - - '' - ]; - }; - }) - ]; -} diff --git a/nixops/modules/websites/ftp/leila.nix b/nixops/modules/websites/ftp/leila.nix deleted file mode 100644 index 14bfa20..0000000 --- a/nixops/modules/websites/ftp/leila.nix +++ /dev/null @@ -1,86 +0,0 @@ -{ lib, pkgs, config, ... }: -let - cfg = config.services.myWebsites.Leila; - varDir = "/var/lib/ftp/leila"; -in { - options.services.myWebsites.Leila = { - production = { - enable = lib.mkEnableOption "enable Leila's website in production"; - }; - }; - - config = (lib.mkIf cfg.production.enable { - services.myPhpfpm.poolConfigs.leila = '' - listen = /run/phpfpm/leila.sock - user = wwwrun - group = wwwrun - listen.owner = wwwrun - listen.group = wwwrun - - pm = ondemand - pm.max_children = 5 - pm.process_idle_timeout = 60 - - php_admin_value[open_basedir] = "${varDir}:/tmp" - ''; - - services.webstats.sites = [ - { name = "leila.bouya.org"; } - { name = "chorale.leila.bouya.org"; } - ]; - - services.websites.production.modules = [ "proxy_fcgi" ]; - services.websites.production.vhostConfs.leila_chorale = { - certName = "leila"; - addToCerts = true; - hosts = [ "chorale.leila.bouya.org" "chorale-vocanta.fr.nf" "www.chorale-vocanta.fr.nf" ]; - root = "${varDir}/Chorale"; - extraConfig = [ - '' - Use Stats chorale.leila.bouya.org - - DirectoryIndex index.php index.htm index.html - Options Indexes FollowSymLinks MultiViews Includes - AllowOverride None - - Use LDAPConnect - Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu - - - SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost" - - - '' - ]; - }; - services.websites.production.vhostConfs.leila = { - certName = "leila"; - certMainHost = "leila.bouya.org"; - hosts = [ "leila.bouya.org" ]; - root = varDir; - extraConfig = [ - '' - Use Stats leila.bouya.org - - DirectoryIndex index.htm index.html - Options Indexes FollowSymLinks MultiViews Includes - AllowOverride None - - Use LDAPConnect - Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu - - - SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost" - - - - DirectoryIndex index.htm index.html - Options Indexes FollowSymLinks MultiViews Includes - AllowOverride None - Require all granted - - '' - ]; - }; - }); -} diff --git a/nixops/modules/websites/ludivine/default.nix b/nixops/modules/websites/ludivine/default.nix deleted file mode 100644 index 70d5199..0000000 --- a/nixops/modules/websites/ludivine/default.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ lib, pkgs, config, myconfig, ... }: -let - ludivinecassal_dev = pkgs.callPackage ./ludivinecassal.nix { - inherit (pkgs.webapps) ludivinecassal; - config = myconfig.env.websites.ludivinecassal.integration; - }; - ludivinecassal_prod = pkgs.callPackage ./ludivinecassal.nix { - inherit (pkgs.webapps) ludivinecassal; - config = myconfig.env.websites.ludivinecassal.production; - }; - - cfg = config.services.myWebsites.Ludivine; -in { - options.services.myWebsites.Ludivine = { - production = { - enable = lib.mkEnableOption "enable Ludivine's website in production"; - }; - integration = { - enable = lib.mkEnableOption "enable Ludivine's website in integration"; - }; - }; - - config = lib.mkMerge [ - (lib.mkIf cfg.production.enable { - secrets.keys = ludivinecassal_prod.keys; - services.webstats.sites = [ { name = "ludivinecassal.com"; } ]; - - services.myPhpfpm.preStart.ludivinecassal_prod = ludivinecassal_prod.phpFpm.preStart; - services.myPhpfpm.serviceDependencies.ludivinecassal_prod = ludivinecassal_prod.phpFpm.serviceDeps; - services.myPhpfpm.poolConfigs.ludivinecassal_prod = ludivinecassal_prod.phpFpm.pool; - system.activationScripts.ludivinecassal_prod = ludivinecassal_prod.activationScript; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${ludivinecassal_prod.app.webRoot} $out/webapps/${ludivinecassal_prod.apache.webappName} - ''; - services.websites.production.modules = ludivinecassal_prod.apache.modules; - services.websites.production.vhostConfs.ludivine = { - certName = "ludivinecassal"; - certMainHost = "ludivinecassal.com"; - hosts = ["ludivinecassal.com" "www.ludivinecassal.com" ]; - root = ludivinecassal_prod.apache.root; - extraConfig = [ ludivinecassal_prod.apache.vhostConf ]; - }; - }) - (lib.mkIf cfg.integration.enable { - secrets.keys = ludivinecassal_dev.keys; - - services.myPhpfpm.preStart.ludivinecassal_dev = ludivinecassal_dev.phpFpm.preStart; - services.myPhpfpm.serviceDependencies.ludivinecassal_dev = ludivinecassal_dev.phpFpm.serviceDeps; - services.myPhpfpm.poolConfigs.ludivinecassal_dev = ludivinecassal_dev.phpFpm.pool; - system.activationScripts.ludivinecassal_dev = ludivinecassal_dev.activationScript; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${ludivinecassal_dev.app.webRoot} $out/webapps/${ludivinecassal_dev.apache.webappName} - ''; - services.websites.integration.modules = ludivinecassal_dev.apache.modules; - services.websites.integration.vhostConfs.ludivine = { - certName = "eldiron"; - addToCerts = true; - hosts = [ "ludivine.immae.eu" ]; - root = ludivinecassal_dev.apache.root; - extraConfig = [ ludivinecassal_dev.apache.vhostConf ]; - }; - }) - ]; -} diff --git a/nixops/modules/websites/piedsjaloux/default.nix b/nixops/modules/websites/piedsjaloux/default.nix deleted file mode 100644 index a5ee24f..0000000 --- a/nixops/modules/websites/piedsjaloux/default.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ lib, pkgs, config, myconfig, ... }: -let - piedsjaloux_dev = pkgs.callPackage ./piedsjaloux.nix { - inherit (pkgs.webapps) piedsjaloux; - config = myconfig.env.websites.piedsjaloux.integration; - }; - piedsjaloux_prod = pkgs.callPackage ./piedsjaloux.nix { - inherit (pkgs.webapps) piedsjaloux; - config = myconfig.env.websites.piedsjaloux.production; - }; - - cfg = config.services.myWebsites.PiedsJaloux; -in { - options.services.myWebsites.PiedsJaloux = { - production = { - enable = lib.mkEnableOption "enable PiedsJaloux's website in production"; - }; - integration = { - enable = lib.mkEnableOption "enable PiedsJaloux's website in integration"; - }; - }; - - config = lib.mkMerge [ - (lib.mkIf cfg.production.enable { - secrets.keys = piedsjaloux_prod.keys; - services.webstats.sites = [ { name = "piedsjaloux.fr"; } ]; - - services.myPhpfpm.preStart.piedsjaloux_prod = piedsjaloux_prod.phpFpm.preStart; - services.myPhpfpm.serviceDependencies.piedsjaloux_prod = piedsjaloux_prod.phpFpm.serviceDeps; - services.myPhpfpm.poolConfigs.piedsjaloux_prod = piedsjaloux_prod.phpFpm.pool; - system.activationScripts.piedsjaloux_prod = piedsjaloux_prod.activationScript; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${piedsjaloux_prod.app.webRoot} $out/webapps/${piedsjaloux_prod.apache.webappName} - ''; - services.websites.production.modules = piedsjaloux_prod.apache.modules; - services.websites.production.vhostConfs.piedsjaloux = { - certName = "piedsjaloux"; - certMainHost = "piedsjaloux.fr"; - hosts = [ "piedsjaloux.fr" "www.piedsjaloux.fr" ]; - root = piedsjaloux_prod.apache.root; - extraConfig = [ piedsjaloux_prod.apache.vhostConf ]; - }; - }) - (lib.mkIf cfg.integration.enable { - secrets.keys = piedsjaloux_dev.keys; - services.myPhpfpm.preStart.piedsjaloux_dev = piedsjaloux_dev.phpFpm.preStart; - services.myPhpfpm.serviceDependencies.piedsjaloux_dev = piedsjaloux_dev.phpFpm.serviceDeps; - services.myPhpfpm.poolConfigs.piedsjaloux_dev = piedsjaloux_dev.phpFpm.pool; - system.activationScripts.piedsjaloux_dev = piedsjaloux_dev.activationScript; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${piedsjaloux_dev.app.webRoot} $out/webapps/${piedsjaloux_dev.apache.webappName} - ''; - services.websites.integration.modules = piedsjaloux_dev.apache.modules; - services.websites.integration.vhostConfs.piedsjaloux = { - certName = "eldiron"; - addToCerts = true; - hosts = [ "piedsjaloux.immae.eu" ]; - root = piedsjaloux_dev.apache.root; - extraConfig = [ piedsjaloux_dev.apache.vhostConf ]; - }; - }) - ]; -} -