aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2019-01-05 23:56:11 +0100
committerIsmaël Bouya <ismael.bouya@normalesup.org>2019-01-05 23:56:11 +0100
commite42ba74f008c33d16efead841a62c543cc001390 (patch)
tree60306e4d5c60a468a05e6e4a7e935f4c70e7b4d6
parentc7f50486428f67b91dea675704288134f835674c (diff)
downloadNix-e42ba74f008c33d16efead841a62c543cc001390.tar.gz
Nix-e42ba74f008c33d16efead841a62c543cc001390.tar.zst
Nix-e42ba74f008c33d16efead841a62c543cc001390.zip
Add ludivinecassal host
-rw-r--r--virtual/eldiron.nix37
-rw-r--r--virtual/packages.nix3
-rw-r--r--virtual/packages/connexionswing.nix8
-rw-r--r--virtual/packages/ludivinecassal.nix177
-rw-r--r--virtual/packages/ludivinecassal_master.json14
5 files changed, 238 insertions, 1 deletions
diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix
index 71ff57d..d76977c 100644
--- a/virtual/eldiron.nix
+++ b/virtual/eldiron.nix
@@ -89,6 +89,8 @@
89 ]; 89 ];
90 90
91 security.acme.certs = { 91 security.acme.certs = {
92 # /!\ To create a new certificate, add first the domain to an
93 # existing certificate, deploy, and then use it in httpd.
92 "eldiron" = { 94 "eldiron" = {
93 webroot = "/var/lib/acme/acme-challenge"; 95 webroot = "/var/lib/acme/acme-challenge";
94 email = "ismael@bouya.org"; 96 email = "ismael@bouya.org";
@@ -104,6 +106,20 @@
104 "connexionswing.immae.eu" = null; 106 "connexionswing.immae.eu" = null;
105 "sandetludo.immae.eu" = null; 107 "sandetludo.immae.eu" = null;
106 "cloud.immae.eu" = null; 108 "cloud.immae.eu" = null;
109 "ludivine.immae.eu" = null;
110 "ludivinecassal.com" = null;
111 };
112 };
113 "ludivinecassal" = {
114 webroot = "/var/lib/acme/acme-challenge";
115 email = "ismael@bouya.org";
116 domain = "ludivinecassal.com";
117 plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ];
118 postRun = ''
119 systemctl reload httpd.service
120 '';
121 extraDomains = {
122 "www.ludivinecassal.com" = null;
107 }; 123 };
108 }; 124 };
109 # "connexionswing" = { 125 # "connexionswing" = {
@@ -172,6 +188,8 @@
172 adminer = mypkgs.adminer.phpFpm.pool; 188 adminer = mypkgs.adminer.phpFpm.pool;
173 connexionswing_dev = mypkgs.connexionswing_dev.phpFpm.pool; 189 connexionswing_dev = mypkgs.connexionswing_dev.phpFpm.pool;
174 connexionswing_prod = mypkgs.connexionswing_prod.phpFpm.pool; 190 connexionswing_prod = mypkgs.connexionswing_prod.phpFpm.pool;
191 ludivinecassal_dev = mypkgs.ludivinecassal_dev.phpFpm.pool;
192 ludivinecassal_prod = mypkgs.ludivinecassal_prod.phpFpm.pool;
175 nextcloud = mypkgs.nextcloud.phpFpm.pool; 193 nextcloud = mypkgs.nextcloud.phpFpm.pool;
176 mantisbt = mypkgs.mantisbt.phpFpm.pool; 194 mantisbt = mypkgs.mantisbt.phpFpm.pool;
177 }; 195 };
@@ -180,6 +198,8 @@
180 system.activationScripts = { 198 system.activationScripts = {
181 connexionswing_dev = mypkgs.connexionswing_dev.activationScript; 199 connexionswing_dev = mypkgs.connexionswing_dev.activationScript;
182 connexionswing_prod = mypkgs.connexionswing_prod.activationScript; 200 connexionswing_prod = mypkgs.connexionswing_prod.activationScript;
201 ludivinecassal_dev = mypkgs.ludivinecassal_dev.activationScript;
202 ludivinecassal_prod = mypkgs.ludivinecassal_prod.activationScript;
183 nextcloud = mypkgs.nextcloud.activationScript; 203 nextcloud = mypkgs.nextcloud.activationScript;
184 httpd = '' 204 httpd = ''
185 install -d -m 0755 /var/lib/acme/acme-challenge 205 install -d -m 0755 /var/lib/acme/acme-challenge
@@ -303,6 +323,8 @@
303 mypkgs.nextcloud.apache.modules ++ 323 mypkgs.nextcloud.apache.modules ++
304 mypkgs.connexionswing_dev.apache.modules ++ 324 mypkgs.connexionswing_dev.apache.modules ++
305 mypkgs.connexionswing_prod.apache.modules ++ 325 mypkgs.connexionswing_prod.apache.modules ++
326 mypkgs.ludivinecassal_dev.apache.modules ++
327 mypkgs.ludivinecassal_prod.apache.modules ++
306 mypkgs.ympd.apache.modules ++ 328 mypkgs.ympd.apache.modules ++
307 mypkgs.git.web.apache.modules ++ 329 mypkgs.git.web.apache.modules ++
308 mypkgs.mantisbt.apache.modules ++ 330 mypkgs.mantisbt.apache.modules ++
@@ -342,6 +364,21 @@
342 ]; 364 ];
343 }) 365 })
344 (withConf "eldiron" // { 366 (withConf "eldiron" // {
367 hostName = "ludivine.immae.eu";
368 documentRoot = mypkgs.ludivinecassal_dev.webRoot;
369 extraConfig = builtins.concatStringsSep "\n" [
370 mypkgs.ludivinecassal_dev.apache.vhostConf
371 ];
372 })
373 (withConf "ludivinecassal" // {
374 hostName = "ludivinecassal.com";
375 serverAliases = [ "www.ludivinecassal.com" ];
376 documentRoot = mypkgs.ludivinecassal_prod.webRoot;
377 extraConfig = builtins.concatStringsSep "\n" [
378 mypkgs.ludivinecassal_prod.apache.vhostConf
379 ];
380 })
381 (withConf "eldiron" // {
345 hostName = "cloud.immae.eu"; 382 hostName = "cloud.immae.eu";
346 documentRoot = mypkgs.nextcloud.webRoot; 383 documentRoot = mypkgs.nextcloud.webRoot;
347 extraConfig = builtins.concatStringsSep "\n" [ 384 extraConfig = builtins.concatStringsSep "\n" [
diff --git a/virtual/packages.nix b/virtual/packages.nix
index 03c8b89..557bc6b 100644
--- a/virtual/packages.nix
+++ b/virtual/packages.nix
@@ -1,6 +1,7 @@
1{ callPackage, checkEnv, fetchedGitPrivate, fetchedGithub }: 1{ callPackage, checkEnv, fetchedGitPrivate, fetchedGithub }:
2let 2let
3 connexionswing = callPackage ./packages/connexionswing.nix { inherit checkEnv fetchedGitPrivate; }; 3 connexionswing = callPackage ./packages/connexionswing.nix { inherit checkEnv fetchedGitPrivate; };
4 ludivinecassal = callPackage ./packages/ludivinecassal.nix { inherit checkEnv fetchedGitPrivate; };
4 nextcloud = callPackage ./packages/nextcloud.nix { inherit checkEnv; }; 5 nextcloud = callPackage ./packages/nextcloud.nix { inherit checkEnv; };
5 adminer = callPackage ./packages/adminer.nix {}; 6 adminer = callPackage ./packages/adminer.nix {};
6 ympd = callPackage ./packages/ympd.nix {}; 7 ympd = callPackage ./packages/ympd.nix {};
@@ -12,6 +13,8 @@ in
12 inherit ympd; 13 inherit ympd;
13 connexionswing_dev = connexionswing { environment = "dev"; }; 14 connexionswing_dev = connexionswing { environment = "dev"; };
14 connexionswing_prod = connexionswing { environment = "prod"; }; 15 connexionswing_prod = connexionswing { environment = "prod"; };
16 ludivinecassal_dev = ludivinecassal { environment = "dev"; };
17 ludivinecassal_prod = ludivinecassal { environment = "prod"; };
15 inherit nextcloud; 18 inherit nextcloud;
16 inherit mantisbt; 19 inherit mantisbt;
17 # FIXME: add buildbot 20 # FIXME: add buildbot
diff --git a/virtual/packages/connexionswing.nix b/virtual/packages/connexionswing.nix
index f178e49..7f7dc16 100644
--- a/virtual/packages/connexionswing.nix
+++ b/virtual/packages/connexionswing.nix
@@ -119,7 +119,13 @@ let
119 </IfModule> 119 </IfModule>
120 120
121 </Directory> 121 </Directory>
122 '' else ""} 122 '' else ''
123 <Directory ${webRoot}>
124 Options Indexes FollowSymLinks MultiViews Includes
125 AllowOverride All
126 Require all granted
127 </Directory>
128 ''}
123 ''; 129 '';
124 }; 130 };
125 activationScript = { 131 activationScript = {
diff --git a/virtual/packages/ludivinecassal.nix b/virtual/packages/ludivinecassal.nix
new file mode 100644
index 0000000..636306a
--- /dev/null
+++ b/virtual/packages/ludivinecassal.nix
@@ -0,0 +1,177 @@
1{ lib, checkEnv, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages, ruby, sass, imagemagick }:
2let
3 ludivinecassal = { environment ? "dev" }: rec {
4 varPrefix = "LUDIVINECASSAL";
5 varDir = "/var/lib/ludivinecassal_${environment}";
6 envName= lib.strings.toUpper environment;
7 configRoot =
8 assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD";
9 assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER";
10 assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME";
11 assert checkEnv "NIXOPS_${varPrefix}_${envName}_SECRET";
12 assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_PASSWORD";
13 assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH_DN";
14 assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH_FILTER";
15 writeText "parameters.yml" ''
16 # This file is auto-generated during the composer install
17 parameters:
18 database_host: db-1.immae.eu
19 database_port: null
20 database_name: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME"}
21 database_user: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"}
22 database_password: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"}
23 mailer_transport: smtp
24 mailer_host: mail.immae.eu
25 mailer_user: null
26 mailer_password: null
27 secret: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_SECRET"}
28 ldap_host: ldap.immae.eu
29 ldap_port: 636
30 ldap_version: 3
31 ldap_ssl: true
32 ldap_tls: false
33 ldap_user_bind: 'uid={username},ou=users,dc=immae,dc=eu'
34 ldap_base_dn: 'dc=immae,dc=eu'
35 ldap_search_dn: '${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH_DN"}'
36 ldap_search_password: '${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_PASSWORD"}'
37 ldap_search_filter: '${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH_FILTER"}'
38 leapt_im:
39 binary_path: ${imagemagick}/bin
40 assetic:
41 sass: ${sass}/bin/sass
42 ruby: ${ruby}/bin/ruby
43 '';
44 phpFpm = rec {
45 socket = "/var/run/phpfpm/ludivinecassal-${environment}.sock";
46 pool = ''
47 listen = ${socket}
48 user = ${apache.user}
49 group = ${apache.group}
50 listen.owner = ${apache.user}
51 listen.group = ${apache.group}
52 php_admin_value[upload_max_filesize] = 20M
53 php_admin_value[post_max_size] = 20M
54 ;php_admin_flag[log_errors] = on
55 php_admin_value[open_basedir] = "${configRoot}:${webappDir}:${varDir}:/tmp"
56 ${if environment == "dev" then ''
57 pm = ondemand
58 pm.max_children = 5
59 pm.process_idle_timeout = 60
60 env[SYMFONY_DEBUG_MODE] = "yes"
61 '' else ''
62 pm = dynamic
63 pm.max_children = 20
64 pm.start_servers = 2
65 pm.min_spare_servers = 1
66 pm.max_spare_servers = 3
67 ''}'';
68 };
69 apache = {
70 user = "wwwrun";
71 group = "wwwrun";
72 modules = [ "proxy_fcgi" ];
73 vhostConf = ''
74 <FilesMatch "\.php$">
75 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
76 </FilesMatch>
77
78 ${if environment == "dev" then ''
79 <Location />
80 Use LDAPConnect
81 Require ldap-group cn=ludivine.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
82 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://ludivinecassal.com\"></html>"
83 </Location>
84
85 <Directory ${webRoot}>
86 Options Indexes FollowSymLinks MultiViews Includes
87 AllowOverride None
88 Require all granted
89
90 DirectoryIndex app_dev.php
91
92 <IfModule mod_negotiation.c>
93 Options -MultiViews
94 </IfModule>
95
96 <IfModule mod_rewrite.c>
97 RewriteEngine On
98
99 RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
100 RewriteRule ^(.*) - [E=BASE:%1]
101
102 # Maintenance script
103 RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f
104 RewriteCond %{SCRIPT_FILENAME} !maintenance.php
105 RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]
106 ErrorDocument 503 /maintenance.php
107
108 # Sets the HTTP_AUTHORIZATION header removed by Apache
109 RewriteCond %{HTTP:Authorization} .
110 RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
111
112 RewriteCond %{ENV:REDIRECT_STATUS} ^$
113 RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
114
115 # If the requested filename exists, simply serve it.
116 # We only want to let Apache serve files and not directories.
117 RewriteCond %{REQUEST_FILENAME} -f
118 RewriteRule ^ - [L]
119
120 # Rewrite all other queries to the front controller.
121 RewriteRule ^ %{ENV:BASE}/app_dev.php [L]
122 </IfModule>
123
124 </Directory>
125 '' else ''
126 <Directory ${webRoot}>
127 Options Indexes FollowSymLinks MultiViews Includes
128 AllowOverride All
129 Require all granted
130 </Directory>
131 ''}
132 '';
133 };
134 activationScript = {
135 deps = [ "wrappers" ];
136 text = ''
137 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}
138 if [ ! -f "${varDir}/currentWebappDir" -o \
139 "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then
140 pushd ${webappDir} > /dev/null
141 $wrapperDir/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup
142 popd > /dev/null
143 echo -n "${webappDir}" > ${varDir}/currentWebappDir
144 fi
145 '';
146 };
147 webappDir = stdenv.mkDerivation (fetchedGitPrivate ./ludivinecassal_master.json // rec {
148 # FIXME: can we do better than symlink?
149 # FIXME: initial sync
150 # FIXME: backup
151 # FIXME: miniatures and data need to be in the same dir due to a
152 # bug in leapt.im (searches for data/../miniatures)
153 buildPhase = ''
154 export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
155 export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
156
157 ln -sf ${configRoot} app/config/parameters.yml
158 sed -i -e "/Incenteev..ParameterHandler..ScriptHandler::buildParameters/d" composer.json
159 ${if environment == "dev" then ''
160 composer install
161 '' else ''
162 SYMFONY_ENV=prod composer install --no-dev
163 ''}
164 rm -rf var
165 ln -sf ../../../../../${varDir} var
166 '';
167 installPhase = ''
168 cp -a . $out
169 '';
170 buildInputs = [
171 php git cacert phpPackages.composer sass
172 ];
173 });
174 webRoot = "${webappDir}/web";
175 };
176in
177 ludivinecassal
diff --git a/virtual/packages/ludivinecassal_master.json b/virtual/packages/ludivinecassal_master.json
new file mode 100644
index 0000000..403f9b0
--- /dev/null
+++ b/virtual/packages/ludivinecassal_master.json
@@ -0,0 +1,14 @@
1{
2 "tag": "4327b82-master",
3 "meta": {
4 "name": "ludivinecassal_master",
5 "url": "gitolite@git.immae.eu:perso/Immae/Sites/Ludivine",
6 "branch": "master"
7 },
8 "git": {
9 "url": "gitolite@git.immae.eu:perso/Immae/Sites/Ludivine",
10 "rev": "4327b82ec00cc514bfce5aa7155bcdbcc871c065",
11 "sha256": "1c5hnzvyvj45j61v2v5mh1l405ih74f58isr9dq21428kcfc2gyd",
12 "fetchSubmodules": true
13 }
14}