blob: 9a2e1a7de24709054f410b8d0f538335cd0d0238 (
plain) (
tree)
|
|
{ apacheUser, apacheGroup, aten, lib, config }: rec {
app = aten.override { inherit (config) environment; };
phpFpm = rec {
preStart = ''
if [ ! -f "${app.varDir}/currentWebappDir" -o \
! -f "${app.varDir}/currentKey" -o \
"${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \
|| ! sha512sum -c --status ${app.varDir}/currentKey; then
pushd ${app} > /dev/null
/run/wrappers/bin/sudo -u ${apacheUser} APP_ENV=${app.environment} ./bin/console --env=${app.environment} cache:clear --no-warmup
popd > /dev/null
echo -n "${app}" > ${app.varDir}/currentWebappDir
sha512sum /var/secrets/webapps/${app.environment}-aten > ${app.varDir}/currentKey
fi
'';
serviceDeps = [ "postgresql.service" ];
socket = "/var/run/phpfpm/aten-${app.environment}.sock";
pool = ''
listen = ${socket}
user = ${apacheUser}
group = ${apacheGroup}
listen.owner = ${apacheUser}
listen.group = ${apacheGroup}
php_admin_value[upload_max_filesize] = 20M
php_admin_value[post_max_size] = 20M
;php_admin_flag[log_errors] = on
php_admin_value[open_basedir] = "${app}:${app.varDir}:/tmp"
php_admin_value[session.save_path] = "${app.varDir}/phpSessions"
${if app.environment == "dev" then ''
pm = ondemand
pm.max_children = 5
pm.process_idle_timeout = 60
env[SYMFONY_DEBUG_MODE] = "yes"
'' else ''
pm = dynamic
pm.max_children = 20
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
''}'';
};
keys = [{
dest = "webapps/${app.environment}-aten";
user = apacheUser;
group = apacheGroup;
permissions = "0400";
text = ''
SetEnv APP_ENV "${app.environment}"
SetEnv APP_SECRET "${config.secret}"
SetEnv DATABASE_URL "${config.psql_url}"
'';
}];
apache = rec {
modules = [ "proxy_fcgi" ];
webappName = "aten_${app.environment}";
root = "/run/current-system/webapps/${webappName}";
vhostConf = ''
<FilesMatch "\.php$">
SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
</FilesMatch>
Include /var/secrets/webapps/${app.environment}-aten
${if app.environment == "dev" then ''
<Location />
Use LDAPConnect
Require ldap-group cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
</Location>
<Location /backend>
Use LDAPConnect
Require ldap-group cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
</Location>
'' else ''
Use Stats aten.pro
<Location /backend>
Use LDAPConnect
Require ldap-group cn=aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
</Location>
''}
<Directory ${root}>
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride All
Require all granted
DirectoryIndex index.php
FallbackResource /index.php
</Directory>
'';
};
activationScript = {
deps = [ "wrappers" ];
text = ''
install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}
install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions
'';
};
}
|