From 9a414bd66ff06cade504ac34f13dbeddac48150a Mon Sep 17 00:00:00 2001
From: =?utf8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Tue, 24 Dec 2019 09:41:27 +0100
Subject: [PATCH] Add maison bbc website

---
 modules/private/default.nix                  |  1 +
 modules/private/websites/default.nix         |  1 +
 modules/private/websites/papa/maison_bbc.nix | 68 ++++++++++++++++++++
 modules/websites/default.nix                 | 21 ++++++
 4 files changed, 91 insertions(+)
 create mode 100644 modules/private/websites/papa/maison_bbc.nix

diff --git a/modules/private/default.nix b/modules/private/default.nix
index f768aed..be39993 100644
--- a/modules/private/default.nix
+++ b/modules/private/default.nix
@@ -38,6 +38,7 @@ set = {
   nassimeProd = ./websites/nassime/production.nix;
   naturaloutilProd = ./websites/naturaloutil/production.nix;
   telioTortayProd = ./websites/teliotortay/production.nix;
+  papaMaisonBbc = ./websites/papa/maison_bbc.nix;
   papaSurveillance = ./websites/papa/surveillance.nix;
   piedsjalouxInte = ./websites/piedsjaloux/integration.nix;
   piedsjalouxProd = ./websites/piedsjaloux/production.nix;
diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix
index 3ac4cb5..dcbbef8 100644
--- a/modules/private/websites/default.nix
+++ b/modules/private/websites/default.nix
@@ -259,6 +259,7 @@ in
       telioTortay.production.enable = true;
 
       papa.surveillance.enable = true;
+      papa.maison_bbc.enable = true;
 
       piedsjaloux.integration.enable = true;
       piedsjaloux.production.enable = true;
diff --git a/modules/private/websites/papa/maison_bbc.nix b/modules/private/websites/papa/maison_bbc.nix
new file mode 100644
index 0000000..7295de8
--- /dev/null
+++ b/modules/private/websites/papa/maison_bbc.nix
@@ -0,0 +1,68 @@
+{ lib, pkgs, config, ... }:
+let
+  cfg = config.myServices.websites.papa.maison_bbc;
+  varDir = "/var/lib/ftp/papa/site";
+in {
+  options.myServices.websites.papa.maison_bbc.enable = lib.mkEnableOption "enable Papa Maison bbc website";
+
+  config = lib.mkIf cfg.enable {
+    services.duplyBackup.profiles.papa_maison_bbc.rootDir = varDir;
+    services.webstats.sites = [ { name = "maison.bbc.bouya.org"; } ];
+    services.phpfpm.pools.papa_maison_bbc = {
+      listen = "/run/phpfpm/papa_maison_bbc.sock";
+      extraConfig = ''
+        user = wwwrun
+        group = wwwrun
+        listen.owner = wwwrun
+        listen.group = wwwrun
+
+        pm = ondemand
+        pm.max_children = 5
+        pm.process_idle_timeout = 60
+
+        php_admin_value[open_basedir] = "${varDir}"
+        '';
+      phpOptions = config.services.phpfpm.phpOptions + ''
+        extension=${pkgs.php}/lib/php/extensions/mysqli.so
+        '';
+    };
+
+    services.websites.env.production.modules = [ "proxy_fcgi" ];
+    services.websites.env.production.vhostNoSSLConfs.papa_maison_bbc = {
+      hosts        = [ "maison.bbc.bouya.org" ];
+      root         = varDir;
+      extraConfig  = [
+        ''
+        RedirectMatch 301 ^/((?!(\.well-known|add.php).*$).*)$ https://maison.bbc.bouya.org/$1
+        <Directory ${varDir}>
+          DirectoryIndex index.php index.htm index.html
+          AllowOverride None
+          Require all granted
+          <FilesMatch "\.php$">
+            SetHandler "proxy:unix:/run/phpfpm/papa_maison_bbc.sock|fcgi://localhost"
+          </FilesMatch>
+        </Directory>
+          ''
+      ];
+    };
+    services.websites.env.production.vhostConfs.papa_maison_bbc = {
+      certName     = "papa";
+      addToCerts   = true;
+      hosts        = [ "maison.bbc.bouya.org" ];
+      root         = varDir;
+      extraConfig  = [
+        ''
+        <Directory ${varDir}>
+          DirectoryIndex index.php index.htm index.html
+          AllowOverride None
+          Require all granted
+          <FilesMatch "\.php$">
+            SetHandler "proxy:unix:/run/phpfpm/papa_maison_bbc.sock|fcgi://localhost"
+          </FilesMatch>
+        </Directory>
+          ''
+      ];
+    };
+  };
+}
+
diff --git a/modules/websites/default.nix b/modules/websites/default.nix
index 043fc6e..6ba0d68 100644
--- a/modules/websites/default.nix
+++ b/modules/websites/default.nix
@@ -86,6 +86,17 @@ in
               };
             };
           };
+          vhostNoSSLConfs = mkOption {
+            default = {};
+            description = "List of no ssl vhosts to define for Apache";
+            type = attrsOf (submodule {
+              options = {
+                hosts    = mkOption { type = listOf string; };
+                root     = mkOption { type = nullOr path; };
+                extraConfig = mkOption { type = listOf lines; default = []; };
+              };
+            });
+          };
           vhostConfs = mkOption {
             default = {};
             description = "List of vhosts to define for Apache";
@@ -177,6 +188,15 @@ in
       documentRoot = vhostConf.root;
       extraConfig = builtins.concatStringsSep "\n" vhostConf.extraConfig;
     };
+    toVhostNoSSL = ips: vhostConf: {
+      enableSSL = false;
+      logFormat = "combinedVhost";
+      listen = map (ip: { inherit ip; port = 80; }) ips;
+      hostName = builtins.head vhostConf.hosts;
+      serverAliases = builtins.tail vhostConf.hosts or [];
+      documentRoot = vhostConf.root;
+      extraConfig = builtins.concatStringsSep "\n" vhostConf.extraConfig;
+    };
   in attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
     icfg.httpdName (mkIf icfg.enable {
       enable = true;
@@ -190,6 +210,7 @@ in
       extraConfig = builtins.concatStringsSep "\n" icfg.extraConfig;
       virtualHosts = [ (toVhost icfg.ips icfg.fallbackVhost) ]
         ++ optionals (icfg.nosslVhost.enable) [ (nosslVhost icfg.ips icfg.nosslVhost) ]
+        ++ (attrsets.mapAttrsToList (n: v: toVhostNoSSL icfg.ips v) icfg.vhostNoSSLConfs)
         ++ (attrsets.mapAttrsToList (n: v: toVhost icfg.ips v) icfg.vhostConfs)
         ++ [ (redirectVhost icfg.ips) ];
     })
-- 
2.41.0