From 982dc1fabf71cc91ef4409848dd1952c7e6f479f Mon Sep 17 00:00:00 2001
From: =?utf8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Thu, 17 Sep 2020 17:22:48 +0200
Subject: [PATCH] =?utf8?q?Add=20Patrick=20Fodella=E2=80=99s=20website?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

---
 modules/private/default.nix                   |  2 +
 modules/private/websites/default.nix          |  2 +
 .../websites/patrick_fodella/production.nix   | 72 +++++++++++++++++++
 nixops/secrets                                |  2 +-
 4 files changed, 77 insertions(+), 1 deletion(-)
 create mode 100644 modules/private/websites/patrick_fodella/production.nix

diff --git a/modules/private/default.nix b/modules/private/default.nix
index 9ea136e..b821488 100644
--- a/modules/private/default.nix
+++ b/modules/private/default.nix
@@ -63,6 +63,8 @@ set = {
   papaMaisonBbc = ./websites/papa/maison_bbc.nix;
   papaSurveillance = ./websites/papa/surveillance.nix;
 
+  patrickFodellaProd = ./websites/patrick_fodella/production.nix;
+
   piedsjalouxInte = ./websites/piedsjaloux/integration.nix;
   piedsjalouxProd = ./websites/piedsjaloux/production.nix;
 
diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix
index 9467055..90a8c1a 100644
--- a/modules/private/websites/default.nix
+++ b/modules/private/websites/default.nix
@@ -284,6 +284,8 @@ in
         maison_bbc.enable = true;
       };
 
+      patrick_fodella.production.enable = true;
+
       piedsjaloux = {
         integration.enable = true;
         production.enable = true;
diff --git a/modules/private/websites/patrick_fodella/production.nix b/modules/private/websites/patrick_fodella/production.nix
new file mode 100644
index 0000000..2812cf7
--- /dev/null
+++ b/modules/private/websites/patrick_fodella/production.nix
@@ -0,0 +1,72 @@
+{ lib, pkgs, config,  ... }:
+let
+  cfg = config.myServices.websites.patrick_fodella.production;
+  varDir = "/var/lib/ftp/patrick_fodella";
+  apacheUser = config.services.httpd.Prod.user;
+  apacheGroup = config.services.httpd.Prod.group;
+in {
+  options.myServices.websites.patrick_fodella.production.enable = lib.mkEnableOption "enable Patrick Fodella's website";
+
+  config = lib.mkIf cfg.enable {
+    services.webstats.sites = [ { name = "ecolyeu-pessicart-nice.fr"; } ];
+
+    system.activationScripts.patrick_fodella = {
+      deps = [ "httpd" ];
+      text = ''
+        install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/patrick_fodella
+        '';
+    };
+    systemd.services.phpfpm-patrick_fodella.after = lib.mkAfter [ "mysql.service" ];
+    systemd.services.phpfpm-patrick_fodella.wants = [ "mysql.service" ];
+    services.phpfpm.pools.patrick_fodella = {
+      user = apacheUser;
+      group = apacheGroup;
+      settings = {
+        "listen.owner" = apacheUser;
+        "listen.group" = apacheGroup;
+
+        "pm" = "ondemand";
+        "pm.max_children" = "5";
+        "pm.process_idle_timeout" = "60";
+
+        "php_admin_value[open_basedir]" = "/var/lib/php/sessions/patrick_fodella:${varDir}:/tmp";
+        "php_admin_value[session.save_path]" = "/var/lib/php/sessions/patrick_fodella";
+      };
+      phpOptions = config.services.phpfpm.phpOptions + ''
+        disable_functions = "mail"
+      '';
+      phpPackage = pkgs.php72;
+    };
+    services.websites.env.production.modules = [ "proxy_fcgi" ];
+    services.websites.env.production.vhostConfs.patrick_fodella = {
+      certName     = "patrick_fodella";
+      certMainHost = "ecolyeu-pessicart-nice.fr";
+      hosts        = ["ecolyeu-pessicart-nice.fr" "www.ecolyeu-pessicart-nice.fr" ];
+      root         = varDir;
+      extraConfig  = [
+        ''
+        Use Stats ecolyeu-pessicart-nice.fr
+
+        RewriteEngine on
+        RewriteCond "%{HTTP_HOST}" "!^www\.ecolyeu-pessicart-nice\.fr$" [NC]
+        RewriteRule ^(.+)$ https://www.ecolyeu-pessicart-nice.fr$1 [R=302,L]
+
+        <FilesMatch "\.php$">
+          SetHandler "proxy:unix:${config.services.phpfpm.pools.patrick_fodella.socket}|fcgi://localhost"
+        </FilesMatch>
+
+        <Location /xmlrpc.php>
+          AllowOverride None
+          Require all denied
+        </Location>
+        <Directory ${varDir}>
+          DirectoryIndex index.php index.htm index.html
+          Options Indexes FollowSymLinks MultiViews Includes
+          AllowOverride all
+          Require all granted
+        </Directory>
+          ''
+      ];
+    };
+  };
+}
diff --git a/nixops/secrets b/nixops/secrets
index cfb6165..4ce3c27 160000
--- a/nixops/secrets
+++ b/nixops/secrets
@@ -1 +1 @@
-Subproject commit cfb6165e897cdf8c58b267c7222328e2a645db00
+Subproject commit 4ce3c27d2e3db66640a5478aae93b813b7005061
-- 
2.41.0