From 7da3ceece7fe6c49046e97f37fc353db9b8a981c Mon Sep 17 00:00:00 2001 From: =?utf8?q?Isma=C3=ABl=20Bouya?= Date: Sat, 16 Feb 2019 14:50:08 +0100 Subject: [PATCH] Move production websites to use stable web directories --- nixops/modules/websites/aten/aten.nix | 2 +- nixops/modules/websites/aten/default.nix | 2 +- .../modules/websites/capitaines/default.nix | 10 +++++-- nixops/modules/websites/chloe/chloe.nix | 6 ++--- nixops/modules/websites/chloe/default.nix | 2 +- nixops/modules/websites/commons/adminer.nix | 8 +++--- .../connexionswing/connexionswing.nix | 2 +- .../websites/connexionswing/default.nix | 2 +- nixops/modules/websites/default.nix | 27 +++++++++++++------ nixops/modules/websites/emilia/default.nix | 10 +++++-- nixops/modules/websites/ftp/temp.nix | 2 +- nixops/modules/websites/ludivine/default.nix | 2 +- .../websites/ludivine/ludivinecassal.nix | 2 +- .../modules/websites/piedsjaloux/default.nix | 2 +- .../websites/piedsjaloux/piedsjaloux.nix | 2 +- 15 files changed, 53 insertions(+), 28 deletions(-) diff --git a/nixops/modules/websites/aten/aten.nix b/nixops/modules/websites/aten/aten.nix index f986ec1..e27688d 100644 --- a/nixops/modules/websites/aten/aten.nix +++ b/nixops/modules/websites/aten/aten.nix @@ -66,7 +66,7 @@ let ''} - + Options Indexes FollowSymLinks MultiViews Includes AllowOverride All Require all granted diff --git a/nixops/modules/websites/aten/default.nix b/nixops/modules/websites/aten/default.nix index f586ed5..41c22ce 100644 --- a/nixops/modules/websites/aten/default.nix +++ b/nixops/modules/websites/aten/default.nix @@ -51,7 +51,7 @@ in { services.myWebsites.production.vhostConfs.aten = { certName = "aten"; hosts = [ "aten.pro" "www.aten.pro" ]; - root = aten_prod.webRoot; + root = aten_prod.apache.root; extraConfig = [ aten_prod.apache.vhostConf ]; }; }) diff --git a/nixops/modules/websites/capitaines/default.nix b/nixops/modules/websites/capitaines/default.nix index 7f8f4c6..8073955 100644 --- a/nixops/modules/websites/capitaines/default.nix +++ b/nixops/modules/websites/capitaines/default.nix @@ -2,6 +2,8 @@ let cfg = config.services.myWebsites.Capitaines; env = myconfig.env.websites.capitaines; + webappName = "capitaines_mastodon"; + root = "/run/current-system/webapps/${webappName}"; siteDir = ./mastodon_static; in { options.services.myWebsites.Capitaines = { @@ -14,15 +16,19 @@ in { security.acme.certs."capitaines_mastodon" = config.services.myCertificates.certConfig // { domain = "mastodon.capitaines.fr"; }; + system.extraSystemBuilderCmds = '' + mkdir -p $out/webapps + ln -s ${siteDir} $out/webapps/${webappName} + ''; services.myWebsites.production.vhostConfs.capitaines = { certName = "capitaines_mastodon"; hosts = [ "mastodon.capitaines.fr" ]; - root = siteDir; + root = root; extraConfig = [ '' ErrorDocument 404 /index.html - + DirectoryIndex index.html Options Indexes FollowSymLinks MultiViews Includes Require all granted diff --git a/nixops/modules/websites/chloe/chloe.nix b/nixops/modules/websites/chloe/chloe.nix index 3b92af3..80e5554 100644 --- a/nixops/modules/websites/chloe/chloe.nix +++ b/nixops/modules/websites/chloe/chloe.nix @@ -56,16 +56,16 @@ let SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" - + DirectoryIndex index.php index.htm index.html Options -Indexes +FollowSymLinks +MultiViews +Includes - Include ${if environment == "dev" then root else webRoot}/htaccess.txt + Include ${root}/htaccess.txt AllowOverride AuthConfig FileInfo Limit Require all granted - + Require all denied diff --git a/nixops/modules/websites/chloe/default.nix b/nixops/modules/websites/chloe/default.nix index d647eb9..f561834 100644 --- a/nixops/modules/websites/chloe/default.nix +++ b/nixops/modules/websites/chloe/default.nix @@ -53,7 +53,7 @@ in { services.myWebsites.production.vhostConfs.chloe = { certName = "chloe"; hosts = ["osteopathe-cc.fr" "www.osteopathe-cc.fr" ]; - root = chloe_prod.webRoot; + root = chloe_prod.apache.root; extraConfig = [ chloe_prod.apache.vhostConf ]; }; }) diff --git a/nixops/modules/websites/commons/adminer.nix b/nixops/modules/websites/commons/adminer.nix index 891046f..9c4e132 100644 --- a/nixops/modules/websites/commons/adminer.nix +++ b/nixops/modules/websites/commons/adminer.nix @@ -32,13 +32,15 @@ let php_admin_value[session.save_path] = "/var/lib/php/sessions/adminer" ''; }; - apache = { + apache = rec { user = "wwwrun"; group = "wwwrun"; modules = [ "proxy_fcgi" ]; + webappName = "_adminer"; + root = "/run/current-system/webapps/${webappName}"; vhostConf = '' - Alias /adminer ${webRoot} - + Alias /adminer ${root} + DirectoryIndex index.php Require all granted diff --git a/nixops/modules/websites/connexionswing/connexionswing.nix b/nixops/modules/websites/connexionswing/connexionswing.nix index dff563f..74a1ad0 100644 --- a/nixops/modules/websites/connexionswing/connexionswing.nix +++ b/nixops/modules/websites/connexionswing/connexionswing.nix @@ -129,7 +129,7 @@ let '' else '' Use Stats connexionswing.com - + Options Indexes FollowSymLinks MultiViews Includes AllowOverride All Require all granted diff --git a/nixops/modules/websites/connexionswing/default.nix b/nixops/modules/websites/connexionswing/default.nix index f176762..f98b349 100644 --- a/nixops/modules/websites/connexionswing/default.nix +++ b/nixops/modules/websites/connexionswing/default.nix @@ -53,7 +53,7 @@ in { services.myWebsites.production.vhostConfs.connexionswing = { certName = "connexionswing"; hosts = ["connexionswing.com" "sandetludo.com" "www.connexionswing.com" "www.sandetludo.com" ]; - root = connexionswing_prod.webRoot; + root = connexionswing_prod.apache.root; extraConfig = [ connexionswing_prod.apache.vhostConf ]; }; }) diff --git a/nixops/modules/websites/default.nix b/nixops/modules/websites/default.nix index 3db1cfa..c8f7481 100644 --- a/nixops/modules/websites/default.nix +++ b/nixops/modules/websites/default.nix @@ -1,6 +1,8 @@ { lib, pkgs, config, mylibs, myconfig, ... }: let cfg = config.services.myWebsites; + www_root = "/run/current-system/webapps/_www"; + theme_root = "/run/current-system/webapps/_theme"; makeService = name: cfg: let toVhost = vhostConf: { enableSSL = true; @@ -21,9 +23,9 @@ let hostName = "nossl.immae.eu"; enableSSL = false; logFormat = "combinedVhost"; - documentRoot = ../../www; + documentRoot = www_root; extraConfig = '' - + DirectoryIndex nossl.html AllowOverride None Require all granted @@ -52,7 +54,7 @@ let fallbackVhost = toVhost { # Should go first, default choice certName = "eldiron"; hosts = ["eldiron.immae.eu" ]; - root = ../../www; + root = www_root; extraConfig = [ "DirectoryIndex index.htm" ]; }; in rec { @@ -290,11 +292,11 @@ in ErrorDocument 502 /maintenance_immae.html ErrorDocument 503 /maintenance_immae.html ErrorDocument 504 /maintenance_immae.html - Alias /maintenance_immae.html ${../../www}/maintenance_immae.html + Alias /maintenance_immae.html ${www_root}/maintenance_immae.html ProxyPass /maintenance_immae.html ! - AliasMatch "(.*)/googleb6d69446ff4ca3e5.html" ${../../www}/googleb6d69446ff4ca3e5.html - + AliasMatch "(.*)/googleb6d69446ff4ca3e5.html" ${www_root}/googleb6d69446ff4ca3e5.html + AllowOverride None Require all granted @@ -303,8 +305,8 @@ in apaxy = { extraConfig = '' - Alias /theme ${./apache/theme} - + Alias /theme ${theme_root} + Options -Indexes AllowOverride None Require all granted @@ -407,6 +409,15 @@ in ''; }; + system.extraSystemBuilderCmds = let + adminer = pkgs.callPackage ./commons/adminer.nix {}; + in '' + mkdir -p $out/webapps + ln -s ${../../www} $out/webapps/_www + ln -s ${./apache/theme} $out/webapps/_theme + ln -s ${adminer.webRoot} $out/webapps/${adminer.apache.webappName} + ''; + services.myPhpfpm = { phpPackage = pkgs.php; phpOptions = '' diff --git a/nixops/modules/websites/emilia/default.nix b/nixops/modules/websites/emilia/default.nix index 5783ed0..4002caa 100644 --- a/nixops/modules/websites/emilia/default.nix +++ b/nixops/modules/websites/emilia/default.nix @@ -4,6 +4,8 @@ let env = myconfig.env.websites.emilia; varDir = "/var/lib/moodle"; siteDir = ./moodle; + webappName = "emilia_moodle"; + root = "/run/current-system/webapps/${webappName}"; # php_admin_value[upload_max_filesize] = 50000000 # php_admin_value[post_max_size] = 50000000 configFile = '' @@ -55,13 +57,17 @@ in { system.activationScripts.emilia = '' install -m 0755 -o wwwrun -g wwwrun -d ${varDir} ''; + system.extraSystemBuilderCmds = '' + mkdir -p $out/webapps + ln -s ${siteDir} $out/webapps/${webappName} + ''; services.myWebsites.production.vhostConfs.emilia = { certName = "emilia"; hosts = [ "saison-photo.org" "www.saison-photo.org" ]; - root = siteDir; + root = root; extraConfig = [ '' - + DirectoryIndex pause.html Options Indexes FollowSymLinks MultiViews Includes Require all granted diff --git a/nixops/modules/websites/ftp/temp.nix b/nixops/modules/websites/ftp/temp.nix index 1033121..7f9f681 100644 --- a/nixops/modules/websites/ftp/temp.nix +++ b/nixops/modules/websites/ftp/temp.nix @@ -20,7 +20,7 @@ in { root = varDir; extraConfig = [ '' - Use Apaxy "${varDir}" "title" + Use Apaxy "${varDir}" "title .duplicity-ignore" Header set Content-Disposition attachment diff --git a/nixops/modules/websites/ludivine/default.nix b/nixops/modules/websites/ludivine/default.nix index bcbef51..3dd0ee7 100644 --- a/nixops/modules/websites/ludivine/default.nix +++ b/nixops/modules/websites/ludivine/default.nix @@ -46,7 +46,7 @@ in { services.myWebsites.production.vhostConfs.ludivine = { certName = "ludivinecassal"; hosts = ["ludivinecassal.com" "www.ludivinecassal.com" ]; - root = ludivinecassal_prod.webRoot; + root = ludivinecassal_prod.apache.root; extraConfig = [ ludivinecassal_prod.apache.vhostConf ]; }; }) diff --git a/nixops/modules/websites/ludivine/ludivinecassal.nix b/nixops/modules/websites/ludivine/ludivinecassal.nix index 02614a5..3ffd335 100644 --- a/nixops/modules/websites/ludivine/ludivinecassal.nix +++ b/nixops/modules/websites/ludivine/ludivinecassal.nix @@ -121,7 +121,7 @@ let '' else '' Use Stats ludivinecassal.com - + Options Indexes FollowSymLinks MultiViews Includes AllowOverride All Require all granted diff --git a/nixops/modules/websites/piedsjaloux/default.nix b/nixops/modules/websites/piedsjaloux/default.nix index 584e936..54e063d 100644 --- a/nixops/modules/websites/piedsjaloux/default.nix +++ b/nixops/modules/websites/piedsjaloux/default.nix @@ -50,7 +50,7 @@ in { services.myWebsites.production.vhostConfs.piedsjaloux = { certName = "piedsjaloux"; hosts = [ "piedsjaloux.fr" "www.piedsjaloux.fr" ]; - root = piedsjaloux_prod.webRoot; + root = piedsjaloux_prod.apache.root; extraConfig = [ piedsjaloux_prod.apache.vhostConf ]; }; }) diff --git a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix b/nixops/modules/websites/piedsjaloux/piedsjaloux.nix index a2d9a12..4caf48a 100644 --- a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix +++ b/nixops/modules/websites/piedsjaloux/piedsjaloux.nix @@ -110,7 +110,7 @@ let '' else '' Use Stats piedsjaloux.fr - + Options Indexes FollowSymLinks MultiViews Includes AllowOverride All Require all granted -- 2.41.0