Move devtools to other place

8 files changed, 55 insertions, 82 deletions

diff --git a/modules/private/system/eldiron.nix b/modules/private/system/eldiron.nix
index 5fb9887..39cf86a 100644
--- a/modules/private/system/eldiron.nix
+++ b/modules/private/system/eldiron.nix
@@ -166,11 +166,6 @@
     ];
   };
 
-  fileSystems."/var/lib/pub/immae/devtools" = {
-    device = "/run/current-system/sw/bin/bindfs#/var/lib/ftp/devtools.immae.eu/";
-    fsType = "fuse";
-    options = [ "force-user=pub" "create-for-user=wwwrun" "create-for-group=wwwrun" ];
-  };
   environment.systemPackages = [ pkgs.bindfs ];
 
   services.zrepl = {
diff --git a/modules/private/websites/chloe/integration.nix b/modules/private/websites/chloe/integration.nix
index 7ed3852..aedf3a5 100644
--- a/modules/private/websites/chloe/integration.nix
+++ b/modules/private/websites/chloe/integration.nix
@@ -3,11 +3,8 @@ let
   apacheUser = config.services.httpd.Inte.user;
   apacheGroup = config.services.httpd.Inte.group;
   ccfg = config.myEnv.websites.chloe.integration;
-  app = pkgs.callPackage ./app {
-    inherit (ccfg) environment;
-    inherit (pkgs.webapps) spip;
-    varDir = "/var/lib/chloe_integration";
-  };
+  webRoot = "/var/lib/ftp/immae/chloe";
+  varDir = "/var/lib/ftp/immae/chloe_var";
   cfg = config.myServices.websites.chloe.integration;
 in {
   options.myServices.websites.chloe.integration.enable = lib.mkEnableOption "enable Chloe's website in integration";
@@ -20,8 +17,8 @@ in {
       permissions = "0400";
       text = ''
         SetEnv SPIP_CONFIG_DIR     "${./config}"
-        SetEnv SPIP_VAR_DIR        "${app.varDir}"
-        SetEnv SPIP_SITE           "chloe-${app.environment}"
+        SetEnv SPIP_VAR_DIR        "${varDir}"
+        SetEnv SPIP_SITE           "chloe-dev"
         SetEnv SPIP_LDAP_BASE      "dc=immae,dc=eu"
         SetEnv SPIP_LDAP_HOST      "ldaps://ldap.immae.eu"
         SetEnv SPIP_LDAP_SEARCH_DN "${ccfg.ldap.dn}"
@@ -45,8 +42,8 @@ in {
         "php_admin_value[upload_max_filesize]" = "20M";
         "php_admin_value[post_max_size]" = "20M";
         # "php_admin_flag[log_errors]" = "on";
-        "php_admin_value[open_basedir]" = "${app.spipConfig}:${./config}:${app}:${app.varDir}:/tmp";
-        "php_admin_value[session.save_path]" = "${app.varDir}/phpSessions";
+        "php_admin_value[open_basedir]" = "${../../../../pkgs/webapps/spip/spip_mes_options.php}:${./config}:${webRoot}:${varDir}:/tmp";
+        "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
         "pm" = "ondemand";
         "pm.max_children" = "5";
         "pm.process_idle_timeout" = "60";
@@ -56,8 +53,8 @@ in {
     system.activationScripts.chloe_integration = {
       deps = [ "wrappers" ];
       text = ''
-        install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local
-        install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions
+        install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${varDir} ${varDir}/IMG ${varDir}/tmp ${varDir}/local
+        install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${varDir}/phpSessions
       '';
     };
     services.websites.env.integration.modules = [ "proxy_fcgi" ];
@@ -65,7 +62,7 @@ in {
       certName    = "integration";
       addToCerts  = true;
       hosts       = ["chloe.immae.eu" ];
-      root        = app.webRoot;
+      root        = webRoot;
       extraConfig = [
       ''
         Include ${config.secrets.fullPaths."websites/chloe/integration"}
@@ -76,16 +73,16 @@ in {
           SetHandler "proxy:unix:${config.services.phpfpm.pools.chloe_integration.socket}|fcgi://localhost"
         </FilesMatch>
 
-        <Directory ${app.webRoot}>
+        <Directory ${webRoot}>
           DirectoryIndex index.php index.htm index.html
           Options -Indexes +FollowSymLinks +MultiViews +Includes
-          Include ${app.webRoot}/htaccess.txt
+          Include ${webRoot}/htaccess.txt
 
           AllowOverride AuthConfig FileInfo Limit
           Require all granted
         </Directory>
 
-        <DirectoryMatch "${app.webRoot}/squelettes">
+        <DirectoryMatch "${webRoot}/squelettes">
           Require all denied
         </DirectoryMatch>
 
diff --git a/modules/private/websites/connexionswing/integration.nix b/modules/private/websites/connexionswing/integration.nix
index 93cda00..fe0e4d9 100644
--- a/modules/private/websites/connexionswing/integration.nix
+++ b/modules/private/websites/connexionswing/integration.nix
@@ -1,12 +1,8 @@
 { lib, pkgs, config,  ... }:
 let
   secrets = config.myEnv.websites.connexionswing.integration;
-  app = pkgs.callPackage ./app {
-    composerEnv = pkgs.composerEnv.override { php = pkgs.php72; };
-    environment = secrets.environment;
-    varDir = "/var/lib/connexionswing_integration";
-    secretsPath = config.secrets.fullPaths."websites/connexionswing/integration";
-  };
+  webRoot = "/var/lib/ftp/immae/connexionswing/web";
+  varDir = "/var/lib/ftp/immae/connexionswing_var";
   cfg = config.myServices.websites.connexionswing.integration;
   pcfg = config.services.phpApplication;
 in {
@@ -18,16 +14,16 @@ in {
       websiteEnv = "integration";
       httpdUser = config.services.httpd.Inte.user;
       httpdGroup = config.services.httpd.Inte.group;
-      inherit (app) webRoot varDir;
+      inherit webRoot varDir;
       varDirPaths = {
         "medias" = "0700";
         "uploads" = "0700";
         "var" = "0700";
       };
-      inherit app;
+      app = "/var/lib/ftp/immae/connexionswing";
       serviceDeps = [ "mysql.service" ];
       preStartActions = [
-        "./bin/console --env=${app.environment} cache:clear --no-warmup"
+        "./bin/console --env=dev cache:clear --no-warmup"
       ];
       phpOpenbasedir = [ "/tmp" "/run/wrappers/bin/sendmail" ];
       phpPool = {
@@ -74,20 +70,20 @@ in {
       certName    = "integration";
       addToCerts  = true;
       hosts       = ["connexionswing.immae.eu" "sandetludo.immae.eu" ];
-      root        = app.webRoot;
+      root        = webRoot;
       extraConfig = [
         ''
         <FilesMatch "\.php$">
           SetHandler "proxy:unix:${pcfg.phpListenPaths.connexionswing_integration}|fcgi://localhost"
         </FilesMatch>
 
-        <Directory ${app.varDir}/medias>
+        <Directory ${varDir}/medias>
           Options FollowSymLinks
           AllowOverride None
           Require all granted
         </Directory>
 
-        <Directory ${app.varDir}/uploads>
+        <Directory ${varDir}/uploads>
           Options FollowSymLinks
           AllowOverride None
           Require all granted
@@ -99,7 +95,7 @@ in {
           ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://connexionswing.com\"></html>"
         </Location>
 
-        <Directory ${app.webRoot}>
+        <Directory ${webRoot}>
           Options Indexes FollowSymLinks MultiViews Includes
           AllowOverride None
           Require all granted
diff --git a/modules/private/websites/florian/app.nix b/modules/private/websites/florian/app.nix
index 5e6255c..27810a5 100644
--- a/modules/private/websites/florian/app.nix
+++ b/modules/private/websites/florian/app.nix
@@ -2,12 +2,7 @@
 let
   adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; };
   secrets = config.myEnv.websites.tellesflorian.integration;
-  app = pkgs.callPackage ./app {
-    composerEnv = pkgs.composerEnv.override { php = pkgs.php72; };
-    environment = secrets.environment;
-    varDir = "/var/lib/florian_app";
-    secretsPath = config.secrets.fullPaths."websites/florian/app";
-  };
+  webRoot = "/var/lib/ftp/immae/florian/web";
   cfg = config.myServices.websites.florian.app;
   pcfg = config.services.phpApplication;
 in {
@@ -19,14 +14,15 @@ in {
       websiteEnv = "integration";
       httpdUser = config.services.httpd.Inte.user;
       httpdGroup = config.services.httpd.Inte.group;
-      inherit (app) webRoot varDir;
+      inherit webRoot;
+      varDir = "/var/lib/ftp/immae/florian_var";
       varDirPaths = {
         "var" = "0700";
       };
-      inherit app;
+      app = "/var/lib/ftp/immae/florian";
       serviceDeps = [ "mysql.service" ];
       preStartActions = [
-        "./bin/console --env=${app.environment} cache:clear --no-warmup"
+        "./bin/console --env=dev cache:clear --no-warmup"
       ];
       phpOpenbasedir = [ "/tmp" ];
       phpPool = {
@@ -81,7 +77,7 @@ in {
       certName    = "integration";
       addToCerts  = true;
       hosts       = [ "app.tellesflorian.com" ];
-      root        = app.webRoot;
+      root        = webRoot;
       extraConfig = [
         ''
         <FilesMatch "\.php$">
@@ -99,7 +95,7 @@ in {
           ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://tellesflorian.com\"></html>"
         </Location>
 
-        <Directory ${app.webRoot}>
+        <Directory ${webRoot}>
           Options Indexes FollowSymLinks MultiViews Includes
           AllowOverride None
           Require all granted
diff --git a/modules/private/websites/isabelle/aten_integration.nix b/modules/private/websites/isabelle/aten_integration.nix
index 7e0aaf7..288f20d 100644
--- a/modules/private/websites/isabelle/aten_integration.nix
+++ b/modules/private/websites/isabelle/aten_integration.nix
@@ -1,11 +1,7 @@
 { lib, pkgs, config,  ... }:
 let
   secrets = config.myEnv.websites.isabelle.aten_integration;
-  app = pkgs.callPackage ./aten_app {
-    composerEnv = pkgs.composerEnv.override { php = pkgs.php72; };
-    environment = secrets.environment;
-    varDir = "/var/lib/isabelle_aten_integration";
-  };
+  webRoot = "/var/lib/ftp/immae/aten/public";
   cfg = config.myServices.websites.isabelle.aten_integration;
   pcfg = config.services.phpApplication;
 in {
@@ -20,11 +16,12 @@ in {
       httpdWatchFiles = [
         config.secrets.fullPaths."websites/isabelle/aten_integration"
       ];
-      inherit (app) webRoot varDir;
-      inherit app;
+      inherit webRoot;
+      varDir = "/var/lib/ftp/immae/aten_var";
+      app = "/var/lib/ftp/immae/aten";
       serviceDeps = [ "postgresql.service" ];
       preStartActions = [
-        "APP_ENV=${app.environment} ./bin/console --env=${app.environment} cache:clear --no-warmup"
+        "APP_ENV=dev ./bin/console --env=dev cache:clear --no-warmup"
       ];
       phpOpenbasedir = [ "/tmp" ];
       phpPool = {
@@ -51,7 +48,7 @@ in {
         #   vendor/doctrine/dbal/lib/Doctrine/DBAL/DriverManager.php#parseDatabaseUrlQuery
         psql_url = with secrets.postgresql; "pdo-pgsql://${user}:${password}@invalid:${port}/${database}?host=${socket}";
       in ''
-        SetEnv APP_ENV      "${app.environment}"
+        SetEnv APP_ENV      "dev"
         SetEnv APP_SECRET   "${secrets.secret}"
         SetEnv DATABASE_URL "${psql_url}"
         '';
@@ -60,7 +57,7 @@ in {
       certName    = "integration";
       addToCerts  = true;
       hosts       = [ "dev.aten.pro" ];
-      root        = app.webRoot;
+      root        = webRoot;
       extraConfig = [
         ''
         <FilesMatch "\.php$">
@@ -81,7 +78,7 @@ in {
           ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
         </Location>
 
-        <Directory ${app.webRoot}>
+        <Directory ${webRoot}>
           Options Indexes FollowSymLinks MultiViews Includes
           AllowOverride All
           Require all granted
diff --git a/modules/private/websites/ludivine/integration.nix b/modules/private/websites/ludivine/integration.nix
index 99c9acf..d04295d 100644
--- a/modules/private/websites/ludivine/integration.nix
+++ b/modules/private/websites/ludivine/integration.nix
@@ -1,14 +1,9 @@
 { lib, pkgs, config,  ... }:
 let
   secrets = config.myEnv.websites.ludivine.integration;
-  app = pkgs.callPackage ./app {
-    composerEnv = pkgs.composerEnv.override { php = pkgs.php72; };
-    environment = secrets.environment;
-    varDir = "/var/lib/ludivine_integration";
-    secretsPath = config.secrets.fullPaths."websites/ludivine/integration";
-  };
   cfg = config.myServices.websites.ludivine.integration;
   pcfg = config.services.phpApplication;
+  webRoot = "/var/lib/ftp/immae/ludivine/web";
 in {
   options.myServices.websites.ludivine.integration.enable = lib.mkEnableOption "enable Ludivine's website in integration";
 
@@ -18,14 +13,15 @@ in {
       websiteEnv = "integration";
       httpdUser = config.services.httpd.Inte.user;
       httpdGroup = config.services.httpd.Inte.group;
-      inherit (app) webRoot varDir;
+      inherit webRoot;
+      varDir = "/var/lib/ftp/immae/ludivine_var";
+      app = "/var/lib/ftp/immae/ludivine";
       varDirPaths = {
         "tmp" = "0700";
       };
-      inherit app;
       serviceDeps = [ "mysql.service" ];
       preStartActions = [
-        "./bin/console --env=${app.environment} cache:clear --no-warmup"
+        "./bin/console --env=dev cache:clear --no-warmup"
       ];
       phpOpenbasedir = [ "/tmp" ];
       phpPool = {
@@ -90,7 +86,7 @@ in {
       certName    = "integration";
       addToCerts  = true;
       hosts       = [ "ludivine.immae.eu" ];
-      root        = app.webRoot;
+      root        = webRoot;
       extraConfig = [
         ''
         <FilesMatch "\.php$">
@@ -103,7 +99,7 @@ in {
           ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://ludivinecassal.com\"></html>"
         </Location>
 
-        <Directory ${app.webRoot}>
+        <Directory ${webRoot}>
           Options Indexes FollowSymLinks MultiViews Includes
           AllowOverride None
           Require all granted
diff --git a/modules/private/websites/piedsjaloux/integration.nix b/modules/private/websites/piedsjaloux/integration.nix
index 437b127..64d577e 100644
--- a/modules/private/websites/piedsjaloux/integration.nix
+++ b/modules/private/websites/piedsjaloux/integration.nix
@@ -1,12 +1,7 @@
 { lib, pkgs, config,  ... }:
 let
   secrets = config.myEnv.websites.piedsjaloux.integration;
-  app = pkgs.callPackage ./app {
-    composerEnv = pkgs.composerEnv.override { php = pkgs.php72; };
-    environment = secrets.environment;
-    varDir = "/var/lib/piedsjaloux_integration";
-    secretsPath = config.secrets.fullPaths."websites/piedsjaloux/integration";
-  };
+  webRoot = "/var/lib/ftp/immae/piedsjaloux/web";
   cfg = config.myServices.websites.piedsjaloux.integration;
   pcfg = config.services.phpApplication;
   texlive = pkgs.texlive.combine { inherit (pkgs.texlive) attachfile preprint scheme-small; };
@@ -19,14 +14,15 @@ in {
       websiteEnv = "integration";
       httpdUser = config.services.httpd.Inte.user;
       httpdGroup = config.services.httpd.Inte.group;
-      inherit (app) webRoot varDir;
+      inherit webRoot;
+      varDir = "/var/lib/ftp/immae/piedsjaloux_var";
       varDirPaths = {
         "tmp" = "0700";
       };
-      inherit app;
+      app = "/var/lib/ftp/immae/piedsjaloux";
       serviceDeps = [ "mysql.service" ];
       preStartActions = [
-        "./bin/console --env=${app.environment} cache:clear --no-warmup"
+        "./bin/console --env=dev cache:clear --no-warmup"
       ];
       phpOpenbasedir = [ "/tmp" ];
       phpPool = {
@@ -47,7 +43,7 @@ in {
         SYMFONY_DEBUG_MODE = "\"yes\"";
       };
       phpWatchFiles = [
-        app.secretsPath
+        config.secrets.fullPaths."websites/piedsjaloux/integration"
       ];
       phpPackage = pkgs.php72;
     };
@@ -80,7 +76,7 @@ in {
       certName     = "integration";
       addToCerts  = true;
       hosts       = [ "piedsjaloux.immae.eu" ];
-      root        = app.webRoot;
+      root        = webRoot;
       extraConfig = [
         ''
         <FilesMatch "\.php$">
@@ -93,7 +89,7 @@ in {
           ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://piedsjaloux.fr\"></html>"
         </Location>
 
-        <Directory ${app.webRoot}>
+        <Directory ${webRoot}>
           Options Indexes FollowSymLinks MultiViews Includes
           AllowOverride None
           Require all granted
diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix
index 499ef91..9052473 100644
--- a/modules/private/websites/tools/tools/default.nix
+++ b/modules/private/websites/tools/tools/default.nix
@@ -121,14 +121,14 @@ in {
       certMainHost = "devtools.immae.eu";
       addToCerts   = true;
       hosts        = [ "devtools.immae.eu" ];
-      root         = "/var/lib/ftp/devtools.immae.eu";
+      root         = "/var/lib/ftp/immae/devtools";
       extraConfig  = [
         ''
-          Use Apaxy "/var/lib/ftp/devtools.immae.eu" "title"
+          Use Apaxy "/var/lib/ftp/immae/devtools" "title"
           Timeout 600
           ProxyTimeout 600
           Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
-          <Directory "/var/lib/ftp/devtools.immae.eu">
+          <Directory "/var/lib/ftp/immae/devtools">
             DirectoryIndex index.php index.htm index.html
             AllowOverride all
             Require all granted
@@ -339,7 +339,7 @@ in {
           "pm.min_spare_servers" = "1";
           "pm.max_spare_servers" = "10";
 
-          "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
+          "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
         };
         phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
       };