diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-04-18 16:10:56 +0200 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-04-20 01:51:48 +0200 |
| commit | d3452fc59b9839846225fd254926c64a9c71f071 (patch) | |
| tree | a98a0958b826ac4b2ab137720edf0195c65dd958 | |
| parent | 514f9ec3beec470c4445be690673a0ceab9115b4 (diff) | |
| download | Nix-d3452fc59b9839846225fd254926c64a9c71f071.tar.gz Nix-d3452fc59b9839846225fd254926c64a9c71f071.tar.zst Nix-d3452fc59b9839846225fd254926c64a9c71f071.zip | |
Refactor websites
73 files changed, 845 insertions, 758 deletions
diff --git a/modules/private/default.nix b/modules/private/default.nix index dafec47..dbb8361 100644 --- a/modules/private/default.nix +++ b/modules/private/default.nix | |||
| @@ -16,36 +16,56 @@ set = { | |||
| 16 | openldapReplication = ./databases/openldap_replication.nix; | 16 | openldapReplication = ./databases/openldap_replication.nix; |
| 17 | 17 | ||
| 18 | websites = ./websites; | 18 | websites = ./websites; |
| 19 | isabelleAtenInte = ./websites/isabelle/aten_integration.nix; | 19 | |
| 20 | isabelleAtenProd = ./websites/isabelle/aten_production.nix; | 20 | |
| 21 | isabelleIridologie = ./websites/isabelle/iridologie.nix; | 21 | # Personal websites |
| 22 | capitainesProd = ./websites/capitaines/production.nix; | 22 | capitainesLandingPages = ./websites/capitaines/landing_pages.nix; |
| 23 | |||
| 23 | chloeInte = ./websites/chloe/integration.nix; | 24 | chloeInte = ./websites/chloe/integration.nix; |
| 24 | chloeProd = ./websites/chloe/production.nix; | 25 | chloeProd = ./websites/chloe/production.nix; |
| 26 | |||
| 25 | connexionswingInte = ./websites/connexionswing/integration.nix; | 27 | connexionswingInte = ./websites/connexionswing/integration.nix; |
| 26 | connexionswingProd = ./websites/connexionswing/production.nix; | 28 | connexionswingProd = ./websites/connexionswing/production.nix; |
| 27 | denisejeromeProd = ./websites/denisejerome/production.nix; | 29 | |
| 28 | emiliaProd = ./websites/emilia/production.nix; | 30 | deniseDenisejeromeProd = ./websites/denise/denisejerome.nix; |
| 29 | richieProd = ./websites/emilia/richie.nix; | 31 | deniseEvariste = ./websites/denise/evariste.nix; |
| 32 | |||
| 33 | emiliaMoodle = ./websites/emilia/moodle.nix; | ||
| 34 | |||
| 30 | florianApp = ./websites/florian/app.nix; | 35 | florianApp = ./websites/florian/app.nix; |
| 31 | florianInte = ./websites/florian/integration.nix; | 36 | florianInte = ./websites/florian/integration.nix; |
| 32 | florianProd = ./websites/florian/production.nix; | 37 | florianProd = ./websites/florian/production.nix; |
| 38 | |||
| 33 | immaeProd = ./websites/immae/production.nix; | 39 | immaeProd = ./websites/immae/production.nix; |
| 34 | immaeRelease = ./websites/immae/release.nix; | 40 | immaeRelease = ./websites/immae/release.nix; |
| 35 | immaeTemp = ./websites/immae/temp.nix; | 41 | immaeTemp = ./websites/immae/temp.nix; |
| 42 | |||
| 43 | isabelleAtenInte = ./websites/isabelle/aten_integration.nix; | ||
| 44 | isabelleAtenProd = ./websites/isabelle/aten_production.nix; | ||
| 45 | isabelleIridologie = ./websites/isabelle/iridologie.nix; | ||
| 46 | |||
| 47 | jeromeNaturaloutil = ./websites/jerome/naturaloutil.nix; | ||
| 48 | |||
| 36 | leilaProd = ./websites/leila/production.nix; | 49 | leilaProd = ./websites/leila/production.nix; |
| 37 | ludivinecassalInte = ./websites/ludivinecassal/integration.nix; | 50 | |
| 38 | ludivinecassalProd = ./websites/ludivinecassal/production.nix; | 51 | ludivineInte = ./websites/ludivine/integration.nix; |
| 52 | ludivineProd = ./websites/ludivine/production.nix; | ||
| 53 | |||
| 39 | nassimeProd = ./websites/nassime/production.nix; | 54 | nassimeProd = ./websites/nassime/production.nix; |
| 40 | naturaloutilProd = ./websites/naturaloutil/production.nix; | 55 | |
| 41 | evaristeProd = ./websites/evariste/production.nix; | ||
| 42 | telioTortayProd = ./websites/teliotortay/production.nix; | ||
| 43 | papaMaisonBbc = ./websites/papa/maison_bbc.nix; | 56 | papaMaisonBbc = ./websites/papa/maison_bbc.nix; |
| 44 | papaSurveillance = ./websites/papa/surveillance.nix; | 57 | papaSurveillance = ./websites/papa/surveillance.nix; |
| 58 | |||
| 45 | piedsjalouxInte = ./websites/piedsjaloux/integration.nix; | 59 | piedsjalouxInte = ./websites/piedsjaloux/integration.nix; |
| 46 | piedsjalouxProd = ./websites/piedsjaloux/production.nix; | 60 | piedsjalouxProd = ./websites/piedsjaloux/production.nix; |
| 61 | |||
| 62 | richieProd = ./websites/richie/production.nix; | ||
| 63 | |||
| 47 | sydenPeertube = ./websites/syden/peertube.nix; | 64 | sydenPeertube = ./websites/syden/peertube.nix; |
| 48 | 65 | ||
| 66 | teliotortayProd = ./websites/telio_tortay/production.nix; | ||
| 67 | |||
| 68 | # Tools | ||
| 49 | cloudTool = ./websites/tools/cloud; | 69 | cloudTool = ./websites/tools/cloud; |
| 50 | davTool = ./websites/tools/dav; | 70 | davTool = ./websites/tools/dav; |
| 51 | vpnTool = ./websites/tools/vpn; | 71 | vpnTool = ./websites/tools/vpn; |
diff --git a/modules/private/environment.nix b/modules/private/environment.nix index 29ea173..01ab967 100644 --- a/modules/private/environment.nix +++ b/modules/private/environment.nix | |||
| @@ -1133,7 +1133,7 @@ in | |||
| 1133 | }; | 1133 | }; |
| 1134 | }; | 1134 | }; |
| 1135 | }; | 1135 | }; |
| 1136 | telioTortay = mkOption { | 1136 | telio_tortay = mkOption { |
| 1137 | description = "Telio Tortay configuration"; | 1137 | description = "Telio Tortay configuration"; |
| 1138 | type = submodule { | 1138 | type = submodule { |
| 1139 | options = { | 1139 | options = { |
| @@ -1141,7 +1141,7 @@ in | |||
| 1141 | }; | 1141 | }; |
| 1142 | }; | 1142 | }; |
| 1143 | }; | 1143 | }; |
| 1144 | ludivinecassal = mkOption { | 1144 | ludivine = mkOption { |
| 1145 | description = "Ludivinecassal configurations by environment"; | 1145 | description = "Ludivinecassal configurations by environment"; |
| 1146 | type = | 1146 | type = |
| 1147 | let | 1147 | let |
diff --git a/modules/private/tasks/default.nix b/modules/private/tasks/default.nix index 43d40d6..89b7664 100644 --- a/modules/private/tasks/default.nix +++ b/modules/private/tasks/default.nix | |||
| @@ -193,7 +193,7 @@ in { | |||
| 193 | }; | 193 | }; |
| 194 | }; | 194 | }; |
| 195 | 195 | ||
| 196 | myServices.websites.webappDirs._task = ./www; | 196 | services.websites.webappDirs._task = ./www; |
| 197 | 197 | ||
| 198 | security.acme.certs."task" = config.myServices.certificates.certConfig // { | 198 | security.acme.certs."task" = config.myServices.certificates.certConfig // { |
| 199 | inherit user group; | 199 | inherit user group; |
diff --git a/pkgs/private/webapps/apache-default/www/googleb6d69446ff4ca3e5.html b/modules/private/websites/_www/googleb6d69446ff4ca3e5.html index ff6dbf3..ff6dbf3 100644 --- a/pkgs/private/webapps/apache-default/www/googleb6d69446ff4ca3e5.html +++ b/modules/private/websites/_www/googleb6d69446ff4ca3e5.html | |||
diff --git a/pkgs/private/webapps/apache-default/www/index.htm b/modules/private/websites/_www/index.htm index 0274251..0274251 100644 --- a/pkgs/private/webapps/apache-default/www/index.htm +++ b/modules/private/websites/_www/index.htm | |||
diff --git a/pkgs/private/webapps/apache-default/www/maintenance_immae.html b/modules/private/websites/_www/maintenance_immae.html index 90f265f..90f265f 100644 --- a/pkgs/private/webapps/apache-default/www/maintenance_immae.html +++ b/modules/private/websites/_www/maintenance_immae.html | |||
diff --git a/pkgs/private/webapps/apache-default/www/nossl.html b/modules/private/websites/_www/nossl.html index 4401a80..4401a80 100644 --- a/pkgs/private/webapps/apache-default/www/nossl.html +++ b/modules/private/websites/_www/nossl.html | |||
diff --git a/modules/private/websites/capitaines/landing_pages.nix b/modules/private/websites/capitaines/landing_pages.nix new file mode 100644 index 0000000..b94a398 --- /dev/null +++ b/modules/private/websites/capitaines/landing_pages.nix | |||
| @@ -0,0 +1,60 @@ | |||
| 1 | { lib, config, ... }: | ||
| 2 | let | ||
| 3 | cfg = config.myServices.websites.capitaines.landing_pages; | ||
| 4 | webappdirs = config.services.websites.webappDirsPaths; | ||
| 5 | certName = "capitaines"; | ||
| 6 | domain = "capitaines.fr"; | ||
| 7 | in { | ||
| 8 | options.myServices.websites.capitaines.landing_pages.enable = lib.mkEnableOption "enable Capitaines's landing pages"; | ||
| 9 | |||
| 10 | config = lib.mkIf cfg.enable { | ||
| 11 | services.websites.webappDirs.capitaines_mastodon = ./mastodon_static; | ||
| 12 | services.websites.env.production.vhostConfs.capitaines_mastodon = rec { | ||
| 13 | inherit certName; | ||
| 14 | certMainHost = "mastodon.${domain}"; | ||
| 15 | hosts = [ certMainHost ]; | ||
| 16 | root = webappdirs.capitaines_mastodon; | ||
| 17 | extraConfig = [ | ||
| 18 | '' | ||
| 19 | ErrorDocument 404 /index.html | ||
| 20 | <Directory ${webappdirs.capitaines_mastodon}> | ||
| 21 | DirectoryIndex index.html | ||
| 22 | Options Indexes FollowSymLinks MultiViews Includes | ||
| 23 | Require all granted | ||
| 24 | </Directory> | ||
| 25 | '' | ||
| 26 | ]; | ||
| 27 | }; | ||
| 28 | |||
| 29 | services.websites.webappDirs.capitaines_discourse = ./discourse_static; | ||
| 30 | services.websites.env.production.vhostConfs.capitaines_discourse = { | ||
| 31 | inherit certName; | ||
| 32 | addToCerts = true; | ||
| 33 | hosts = [ "discourse.${domain}" ]; | ||
| 34 | root = webappdirs.capitaines_discourse; | ||
| 35 | extraConfig = [ | ||
| 36 | '' | ||
| 37 | ErrorDocument 404 /index.html | ||
| 38 | <Directory ${webappdirs.capitaines_discourse}> | ||
| 39 | DirectoryIndex index.html | ||
| 40 | Options Indexes FollowSymLinks MultiViews Includes | ||
| 41 | Require all granted | ||
| 42 | </Directory> | ||
| 43 | '' | ||
| 44 | ]; | ||
| 45 | }; | ||
| 46 | |||
| 47 | services.websites.env.production.vhostConfs.capitaines = { | ||
| 48 | inherit certName; | ||
| 49 | addToCerts = true; | ||
| 50 | hosts = [ domain ]; | ||
| 51 | root = webappdirs._www; | ||
| 52 | extraConfig = [ '' | ||
| 53 | <Directory ${webappdirs._www}> | ||
| 54 | DirectoryIndex index.htm | ||
| 55 | Require all granted | ||
| 56 | </Directory> | ||
| 57 | '' ]; | ||
| 58 | }; | ||
| 59 | }; | ||
| 60 | } | ||
diff --git a/modules/private/websites/capitaines/production.nix b/modules/private/websites/capitaines/production.nix deleted file mode 100644 index ee1698b..0000000 --- a/modules/private/websites/capitaines/production.nix +++ /dev/null | |||
| @@ -1,62 +0,0 @@ | |||
| 1 | { lib, pkgs, config, ... }: | ||
| 2 | let | ||
| 3 | cfg = config.myServices.websites.capitaines.production; | ||
| 4 | env = config.myEnv.websites.capitaines; | ||
| 5 | in { | ||
| 6 | options.myServices.websites.capitaines.production.enable = lib.mkEnableOption "enable Capitaines's website"; | ||
| 7 | |||
| 8 | config = lib.mkIf cfg.enable { | ||
| 9 | myServices.websites.webappDirs.capitaines_mastodon = ./mastodon_static; | ||
| 10 | services.websites.env.production.vhostConfs.capitaines_mastodon = let | ||
| 11 | root = "/run/current-system/webapps/capitaines_mastodon"; | ||
| 12 | in { | ||
| 13 | certName = "capitaines"; | ||
| 14 | certMainHost = "mastodon.capitaines.fr"; | ||
| 15 | hosts = [ "mastodon.capitaines.fr" ]; | ||
| 16 | root = root; | ||
| 17 | extraConfig = [ | ||
| 18 | '' | ||
| 19 | ErrorDocument 404 /index.html | ||
| 20 | <Directory ${root}> | ||
| 21 | DirectoryIndex index.html | ||
| 22 | Options Indexes FollowSymLinks MultiViews Includes | ||
| 23 | Require all granted | ||
| 24 | </Directory> | ||
| 25 | '' | ||
| 26 | ]; | ||
| 27 | }; | ||
| 28 | |||
| 29 | myServices.websites.webappDirs.capitaines_discourse = ./discourse_static; | ||
| 30 | services.websites.env.production.vhostConfs.capitaines_discourse = let | ||
| 31 | root = "/run/current-system/webapps/capitaines_discourse"; | ||
| 32 | in { | ||
| 33 | certName = "capitaines"; | ||
| 34 | addToCerts = true; | ||
| 35 | hosts = [ "discourse.capitaines.fr" ]; | ||
| 36 | root = root; | ||
| 37 | extraConfig = [ | ||
| 38 | '' | ||
| 39 | ErrorDocument 404 /index.html | ||
| 40 | <Directory ${root}> | ||
| 41 | DirectoryIndex index.html | ||
| 42 | Options Indexes FollowSymLinks MultiViews Includes | ||
| 43 | Require all granted | ||
| 44 | </Directory> | ||
| 45 | '' | ||
| 46 | ]; | ||
| 47 | }; | ||
| 48 | |||
| 49 | services.websites.env.production.vhostConfs.capitaines = { | ||
| 50 | certName = "capitaines"; | ||
| 51 | addToCerts = true; | ||
| 52 | hosts = [ "capitaines.fr" ]; | ||
| 53 | root = "/run/current-system/webapps/_www"; | ||
| 54 | extraConfig = [ '' | ||
| 55 | <Directory /run/current-system/webapps/_www> | ||
| 56 | DirectoryIndex index.htm | ||
| 57 | Require all granted | ||
| 58 | </Directory> | ||
| 59 | '' ]; | ||
| 60 | }; | ||
| 61 | }; | ||
| 62 | } | ||
diff --git a/pkgs/private/webapps/chloe/chloe.json b/modules/private/websites/chloe/app/chloe.json index 8508c14..8508c14 100644 --- a/pkgs/private/webapps/chloe/chloe.json +++ b/modules/private/websites/chloe/app/chloe.json | |||
diff --git a/pkgs/private/webapps/chloe/default.nix b/modules/private/websites/chloe/app/default.nix index f148d4b..92a5e42 100644 --- a/pkgs/private/webapps/chloe/default.nix +++ b/modules/private/websites/chloe/app/default.nix | |||
| @@ -15,5 +15,5 @@ in | |||
| 15 | spip.override { | 15 | spip.override { |
| 16 | ldap = true; | 16 | ldap = true; |
| 17 | siteName = "chloe"; | 17 | siteName = "chloe"; |
| 18 | inherit environment siteDir; | 18 | inherit environment siteDir varDir; |
| 19 | } | 19 | } |
diff --git a/modules/private/websites/chloe/builder.nix b/modules/private/websites/chloe/builder.nix deleted file mode 100644 index bce2b4d..0000000 --- a/modules/private/websites/chloe/builder.nix +++ /dev/null | |||
| @@ -1,99 +0,0 @@ | |||
| 1 | { apacheUser, apacheGroup, chloe, config }: | ||
| 2 | rec { | ||
| 3 | app = chloe.override { inherit (config) environment; }; | ||
| 4 | phpFpm = rec { | ||
| 5 | serviceDeps = [ "mysql.service" ]; | ||
| 6 | pool = { | ||
| 7 | "listen.owner" = apacheUser; | ||
| 8 | "listen.group" = apacheGroup; | ||
| 9 | "php_admin_value[upload_max_filesize]" = "20M"; | ||
| 10 | "php_admin_value[post_max_size]" = "20M"; | ||
| 11 | # "php_admin_flag[log_errors]" = "on"; | ||
| 12 | "php_admin_value[open_basedir]" = "${app.spipConfig}:${configDir}:${app}:${app.varDir}:/tmp"; | ||
| 13 | "php_admin_value[session.save_path]" = "${app.varDir}/phpSessions"; | ||
| 14 | } // (if app.environment == "dev" then { | ||
| 15 | "pm" = "ondemand"; | ||
| 16 | "pm.max_children" = "5"; | ||
| 17 | "pm.process_idle_timeout" = "60"; | ||
| 18 | } else { | ||
| 19 | "pm" = "dynamic"; | ||
| 20 | "pm.max_children" = "20"; | ||
| 21 | "pm.start_servers" = "2"; | ||
| 22 | "pm.min_spare_servers" = "1"; | ||
| 23 | "pm.max_spare_servers" = "3"; | ||
| 24 | }); | ||
| 25 | }; | ||
| 26 | keys = [{ | ||
| 27 | dest = "webapps/${app.environment}-chloe"; | ||
| 28 | user = apacheUser; | ||
| 29 | group = apacheGroup; | ||
| 30 | permissions = "0400"; | ||
| 31 | text = '' | ||
| 32 | SetEnv SPIP_CONFIG_DIR "${configDir}" | ||
| 33 | SetEnv SPIP_VAR_DIR "${app.varDir}" | ||
| 34 | SetEnv SPIP_SITE "chloe-${app.environment}" | ||
| 35 | SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu" | ||
| 36 | SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu" | ||
| 37 | SetEnv SPIP_LDAP_SEARCH_DN "${config.ldap.dn}" | ||
| 38 | SetEnv SPIP_LDAP_SEARCH_PW "${config.ldap.password}" | ||
| 39 | SetEnv SPIP_LDAP_SEARCH "${config.ldap.filter}" | ||
| 40 | SetEnv SPIP_MYSQL_HOST "${config.mysql.host}" | ||
| 41 | SetEnv SPIP_MYSQL_PORT "${config.mysql.port}" | ||
| 42 | SetEnv SPIP_MYSQL_DB "${config.mysql.database}" | ||
| 43 | SetEnv SPIP_MYSQL_USER "${config.mysql.user}" | ||
| 44 | SetEnv SPIP_MYSQL_PASSWORD "${config.mysql.password}" | ||
| 45 | ''; | ||
| 46 | }]; | ||
| 47 | apache = rec { | ||
| 48 | modules = [ "proxy_fcgi" ]; | ||
| 49 | webappName = "chloe_${app.environment}"; | ||
| 50 | root = "/run/current-system/webapps/${webappName}"; | ||
| 51 | vhostConf = socket: '' | ||
| 52 | Include /var/secrets/webapps/${app.environment}-chloe | ||
| 53 | |||
| 54 | RewriteEngine On | ||
| 55 | ${if app.environment == "prod" then '' | ||
| 56 | RewriteRule ^/news.rss /spip.php?page=backend&id_rubrique=1 | ||
| 57 | '' else ""} | ||
| 58 | |||
| 59 | <FilesMatch "\.php$"> | ||
| 60 | SetHandler "proxy:unix:${socket}|fcgi://localhost" | ||
| 61 | </FilesMatch> | ||
| 62 | |||
| 63 | <Directory ${root}> | ||
| 64 | DirectoryIndex index.php index.htm index.html | ||
| 65 | Options -Indexes +FollowSymLinks +MultiViews +Includes | ||
| 66 | Include ${root}/htaccess.txt | ||
| 67 | |||
| 68 | AllowOverride AuthConfig FileInfo Limit | ||
| 69 | Require all granted | ||
| 70 | </Directory> | ||
| 71 | |||
| 72 | <DirectoryMatch "${root}/squelettes"> | ||
| 73 | Require all denied | ||
| 74 | </DirectoryMatch> | ||
| 75 | |||
| 76 | <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$"> | ||
| 77 | Require all denied | ||
| 78 | </FilesMatch> | ||
| 79 | |||
| 80 | ${if app.environment == "dev" then '' | ||
| 81 | <Location /> | ||
| 82 | Use LDAPConnect | ||
| 83 | Require ldap-group cn=chloe.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu | ||
| 84 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://osteopathe-cc.fr\"></html>" | ||
| 85 | </Location> | ||
| 86 | '' else '' | ||
| 87 | Use Stats osteopathe-cc.fr | ||
| 88 | ''} | ||
| 89 | ''; | ||
| 90 | }; | ||
| 91 | activationScript = { | ||
| 92 | deps = [ "wrappers" ]; | ||
| 93 | text = '' | ||
| 94 | install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local | ||
| 95 | install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions | ||
| 96 | ''; | ||
| 97 | }; | ||
| 98 | configDir = ./config; | ||
| 99 | } | ||
diff --git a/modules/private/websites/chloe/integration.nix b/modules/private/websites/chloe/integration.nix index caf6548..6d16a86 100644 --- a/modules/private/websites/chloe/integration.nix +++ b/modules/private/websites/chloe/integration.nix | |||
| @@ -1,43 +1,115 @@ | |||
| 1 | { lib, pkgs, config, ... }: | 1 | { lib, pkgs, config, ... }: |
| 2 | let | 2 | let |
| 3 | chloe = pkgs.callPackage ./builder.nix { | 3 | apacheUser = config.services.httpd.Inte.user; |
| 4 | inherit (pkgs.webapps) chloe; | 4 | apacheGroup = config.services.httpd.Inte.group; |
| 5 | config = config.myEnv.websites.chloe.integration; | 5 | ccfg = config.myEnv.websites.chloe.integration; |
| 6 | apacheUser = config.services.httpd.Inte.user; | 6 | app = pkgs.callPackage ./app { |
| 7 | apacheGroup = config.services.httpd.Inte.group; | 7 | inherit (ccfg) environment; |
| 8 | inherit (pkgs.webapps) spip; | ||
| 9 | varDir = "/var/lib/chloe_integration"; | ||
| 8 | }; | 10 | }; |
| 9 | |||
| 10 | cfg = config.myServices.websites.chloe.integration; | 11 | cfg = config.myServices.websites.chloe.integration; |
| 12 | webappdir = config.services.websites.webappDirsPaths.chloe_integration; | ||
| 11 | in { | 13 | in { |
| 12 | options.myServices.websites.chloe.integration.enable = lib.mkEnableOption "enable Chloe's website in integration"; | 14 | options.myServices.websites.chloe.integration.enable = lib.mkEnableOption "enable Chloe's website in integration"; |
| 13 | 15 | ||
| 14 | config = lib.mkIf cfg.enable { | 16 | config = lib.mkIf cfg.enable { |
| 15 | services.duplyBackup.profiles.chloe_dev.rootDir = chloe.app.varDir; | 17 | services.duplyBackup.profiles.chloe_integration.rootDir = app.varDir; |
| 16 | secrets.keys = chloe.keys; | 18 | secrets.keys = [ |
| 17 | systemd.services.phpfpm-chloe_dev.after = lib.mkAfter chloe.phpFpm.serviceDeps; | 19 | { |
| 18 | systemd.services.phpfpm-chloe_dev.wants = chloe.phpFpm.serviceDeps; | 20 | dest = "websites/chloe/integration"; |
| 19 | services.phpfpm.pools.chloe_dev = { | 21 | user = apacheUser; |
| 22 | group = apacheGroup; | ||
| 23 | permissions = "0400"; | ||
| 24 | text = '' | ||
| 25 | SetEnv SPIP_CONFIG_DIR "${./config}" | ||
| 26 | SetEnv SPIP_VAR_DIR "${app.varDir}" | ||
| 27 | SetEnv SPIP_SITE "chloe-${app.environment}" | ||
| 28 | SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu" | ||
| 29 | SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu" | ||
| 30 | SetEnv SPIP_LDAP_SEARCH_DN "${ccfg.ldap.dn}" | ||
| 31 | SetEnv SPIP_LDAP_SEARCH_PW "${ccfg.ldap.password}" | ||
| 32 | SetEnv SPIP_LDAP_SEARCH "${ccfg.ldap.filter}" | ||
| 33 | SetEnv SPIP_MYSQL_HOST "${ccfg.mysql.host}" | ||
| 34 | SetEnv SPIP_MYSQL_PORT "${ccfg.mysql.port}" | ||
| 35 | SetEnv SPIP_MYSQL_DB "${ccfg.mysql.database}" | ||
| 36 | SetEnv SPIP_MYSQL_USER "${ccfg.mysql.user}" | ||
| 37 | SetEnv SPIP_MYSQL_PASSWORD "${ccfg.mysql.password}" | ||
| 38 | ''; | ||
| 39 | } | ||
| 40 | ]; | ||
| 41 | systemd.services.phpfpm-chloe_integration.after = lib.mkAfter [ "mysql.service" ]; | ||
| 42 | systemd.services.phpfpm-chloe_integration.wants = [ "mysql.service" ]; | ||
| 43 | services.phpfpm.pools.chloe_integration = { | ||
| 20 | user = config.services.httpd.Inte.user; | 44 | user = config.services.httpd.Inte.user; |
| 21 | group = config.services.httpd.Inte.group; | 45 | group = config.services.httpd.Inte.group; |
| 22 | settings = chloe.phpFpm.pool; | 46 | settings = { |
| 47 | "listen.owner" = apacheUser; | ||
| 48 | "listen.group" = apacheGroup; | ||
| 49 | "php_admin_value[upload_max_filesize]" = "20M"; | ||
| 50 | "php_admin_value[post_max_size]" = "20M"; | ||
| 51 | # "php_admin_flag[log_errors]" = "on"; | ||
| 52 | "php_admin_value[open_basedir]" = "${app.spipConfig}:${./config}:${app}:${app.varDir}:/tmp"; | ||
| 53 | "php_admin_value[session.save_path]" = "${app.varDir}/phpSessions"; | ||
| 54 | "pm" = "ondemand"; | ||
| 55 | "pm.max_children" = "5"; | ||
| 56 | "pm.process_idle_timeout" = "60"; | ||
| 57 | }; | ||
| 23 | phpOptions = config.services.phpfpm.phpOptions + '' | 58 | phpOptions = config.services.phpfpm.phpOptions + '' |
| 24 | extension=${pkgs.php}/lib/php/extensions/mysqli.so | 59 | extension=${pkgs.php}/lib/php/extensions/mysqli.so |
| 25 | ''; | 60 | ''; |
| 26 | }; | 61 | }; |
| 27 | system.activationScripts.chloe_dev = chloe.activationScript; | 62 | system.activationScripts.chloe_integration = { |
| 28 | myServices.websites.webappDirs."${chloe.apache.webappName}" = chloe.app.webRoot; | 63 | deps = [ "wrappers" ]; |
| 29 | services.websites.env.integration.modules = chloe.apache.modules; | 64 | text = '' |
| 30 | services.websites.env.integration.vhostConfs.chloe = { | 65 | install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local |
| 66 | install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions | ||
| 67 | ''; | ||
| 68 | }; | ||
| 69 | services.websites.webappDirs.chloe_integration = app.webRoot; | ||
| 70 | services.websites.env.integration.modules = [ "proxy_fcgi" ]; | ||
| 71 | services.websites.env.integration.vhostConfs.chloe_integration = { | ||
| 31 | certName = "integration"; | 72 | certName = "integration"; |
| 32 | addToCerts = true; | 73 | addToCerts = true; |
| 33 | hosts = ["chloe.immae.eu" ]; | 74 | hosts = ["chloe.immae.eu" ]; |
| 34 | root = chloe.apache.root; | 75 | root = webappdir; |
| 35 | extraConfig = [ | 76 | extraConfig = [ |
| 36 | (chloe.apache.vhostConf config.services.phpfpm.pools.chloe_dev.socket) | 77 | '' |
| 78 | Include ${config.secrets.fullPaths."websites/chloe/integration"} | ||
| 79 | |||
| 80 | RewriteEngine On | ||
| 81 | |||
| 82 | <FilesMatch "\.php$"> | ||
| 83 | SetHandler "proxy:unix:${config.services.phpfpm.pools.chloe_integration.socket}|fcgi://localhost" | ||
| 84 | </FilesMatch> | ||
| 85 | |||
| 86 | <Directory ${webappdir}> | ||
| 87 | DirectoryIndex index.php index.htm index.html | ||
| 88 | Options -Indexes +FollowSymLinks +MultiViews +Includes | ||
| 89 | Include ${webappdir}/htaccess.txt | ||
| 90 | |||
| 91 | AllowOverride AuthConfig FileInfo Limit | ||
| 92 | Require all granted | ||
| 93 | </Directory> | ||
| 94 | |||
| 95 | <DirectoryMatch "${webappdir}/squelettes"> | ||
| 96 | Require all denied | ||
| 97 | </DirectoryMatch> | ||
| 98 | |||
| 99 | <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$"> | ||
| 100 | Require all denied | ||
| 101 | </FilesMatch> | ||
| 102 | |||
| 103 | <Location /> | ||
| 104 | Use LDAPConnect | ||
| 105 | Require ldap-group cn=chloe.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu | ||
| 106 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://osteopathe-cc.fr\"></html>" | ||
| 107 | </Location> | ||
| 108 | '' | ||
| 37 | ]; | 109 | ]; |
| 38 | }; | 110 | }; |
| 39 | services.websites.env.integration.watchPaths = [ | 111 | services.websites.env.integration.watchPaths = [ |
| 40 | "/var/secrets/webapps/${chloe.app.environment}-chloe" | 112 | config.secrets.fullPaths."websites/chloe/integration" |
| 41 | ]; | 113 | ]; |
| 42 | }; | 114 | }; |
| 43 | } | 115 | } |
diff --git a/modules/private/websites/chloe/production.nix b/modules/private/websites/chloe/production.nix index 83f6c9b..067e8e7 100644 --- a/modules/private/websites/chloe/production.nix +++ b/modules/private/websites/chloe/production.nix | |||
| @@ -1,50 +1,120 @@ | |||
| 1 | { lib, pkgs, config, ... }: | 1 | { lib, pkgs, config, ... }: |
| 2 | let | 2 | let |
| 3 | chloe = pkgs.callPackage ./builder.nix { | 3 | apacheUser = config.services.httpd.Prod.user; |
| 4 | inherit (pkgs.webapps) chloe; | 4 | apacheGroup = config.services.httpd.Prod.group; |
| 5 | config = config.myEnv.websites.chloe.production; | 5 | ccfg = config.myEnv.websites.chloe.production; |
| 6 | apacheUser = config.services.httpd.Prod.user; | 6 | app = pkgs.callPackage ./app { |
| 7 | apacheGroup = config.services.httpd.Prod.group; | 7 | inherit (ccfg) environment; |
| 8 | inherit (pkgs.webapps) spip; | ||
| 9 | varDir = "/var/lib/chloe_production"; | ||
| 8 | }; | 10 | }; |
| 9 | |||
| 10 | cfg = config.myServices.websites.chloe.production; | 11 | cfg = config.myServices.websites.chloe.production; |
| 12 | webappdir = config.services.websites.webappDirsPaths.chloe_production; | ||
| 11 | in { | 13 | in { |
| 12 | options.myServices.websites.chloe.production.enable = lib.mkEnableOption "enable Chloe's website in production"; | 14 | options.myServices.websites.chloe.production.enable = lib.mkEnableOption "enable Chloe's website in production"; |
| 13 | 15 | ||
| 14 | config = lib.mkIf cfg.enable { | 16 | config = lib.mkIf cfg.enable { |
| 15 | services.duplyBackup.profiles.chloe_prod.rootDir = chloe.app.varDir; | 17 | services.duplyBackup.profiles.chloe_production.rootDir = app.varDir; |
| 16 | secrets.keys = chloe.keys; | 18 | secrets.keys = [ |
| 19 | { | ||
| 20 | dest = "websites/chloe/production"; | ||
| 21 | user = apacheUser; | ||
| 22 | group = apacheGroup; | ||
| 23 | permissions = "0400"; | ||
| 24 | text = '' | ||
| 25 | SetEnv SPIP_CONFIG_DIR "${./config}" | ||
| 26 | SetEnv SPIP_VAR_DIR "${app.varDir}" | ||
| 27 | SetEnv SPIP_SITE "chloe-${app.environment}" | ||
| 28 | SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu" | ||
| 29 | SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu" | ||
| 30 | SetEnv SPIP_LDAP_SEARCH_DN "${ccfg.ldap.dn}" | ||
| 31 | SetEnv SPIP_LDAP_SEARCH_PW "${ccfg.ldap.password}" | ||
| 32 | SetEnv SPIP_LDAP_SEARCH "${ccfg.ldap.filter}" | ||
| 33 | SetEnv SPIP_MYSQL_HOST "${ccfg.mysql.host}" | ||
| 34 | SetEnv SPIP_MYSQL_PORT "${ccfg.mysql.port}" | ||
| 35 | SetEnv SPIP_MYSQL_DB "${ccfg.mysql.database}" | ||
| 36 | SetEnv SPIP_MYSQL_USER "${ccfg.mysql.user}" | ||
| 37 | SetEnv SPIP_MYSQL_PASSWORD "${ccfg.mysql.password}" | ||
| 38 | ''; | ||
| 39 | } | ||
| 40 | ]; | ||
| 17 | services.webstats.sites = [ { name = "osteopathe-cc.fr"; } ]; | 41 | services.webstats.sites = [ { name = "osteopathe-cc.fr"; } ]; |
| 18 | 42 | ||
| 19 | systemd.services.phpfpm-chloe_prod.after = lib.mkAfter chloe.phpFpm.serviceDeps; | 43 | systemd.services.phpfpm-chloe_production.after = lib.mkAfter [ "mysql.service" ]; |
| 20 | systemd.services.phpfpm-chloe_prod.wants = chloe.phpFpm.serviceDeps; | 44 | systemd.services.phpfpm-chloe_production.wants = [ "mysql.service" ]; |
| 21 | services.phpfpm.pools.chloe_prod = { | 45 | services.phpfpm.pools.chloe_production = { |
| 22 | user = config.services.httpd.Prod.user; | 46 | user = config.services.httpd.Prod.user; |
| 23 | group = config.services.httpd.Prod.group; | 47 | group = config.services.httpd.Prod.group; |
| 24 | settings = chloe.phpFpm.pool; | 48 | settings = { |
| 49 | "listen.owner" = apacheUser; | ||
| 50 | "listen.group" = apacheGroup; | ||
| 51 | "php_admin_value[upload_max_filesize]" = "20M"; | ||
| 52 | "php_admin_value[post_max_size]" = "20M"; | ||
| 53 | # "php_admin_flag[log_errors]" = "on"; | ||
| 54 | "php_admin_value[open_basedir]" = "${app.spipConfig}:${./config}:${app}:${app.varDir}:/tmp"; | ||
| 55 | "php_admin_value[session.save_path]" = "${app.varDir}/phpSessions"; | ||
| 56 | "pm" = "dynamic"; | ||
| 57 | "pm.max_children" = "20"; | ||
| 58 | "pm.start_servers" = "2"; | ||
| 59 | "pm.min_spare_servers" = "1"; | ||
| 60 | "pm.max_spare_servers" = "3"; | ||
| 61 | }; | ||
| 25 | phpOptions = config.services.phpfpm.phpOptions + '' | 62 | phpOptions = config.services.phpfpm.phpOptions + '' |
| 26 | extension=${pkgs.php}/lib/php/extensions/mysqli.so | 63 | extension=${pkgs.php}/lib/php/extensions/mysqli.so |
| 27 | ''; | 64 | ''; |
| 28 | }; | 65 | }; |
| 29 | system.activationScripts.chloe_prod = chloe.activationScript; | 66 | system.activationScripts.chloe_production = { |
| 30 | myServices.websites.webappDirs."${chloe.apache.webappName}" = chloe.app.webRoot; | 67 | deps = [ "wrappers" ]; |
| 31 | services.websites.env.production.modules = chloe.apache.modules; | 68 | text = '' |
| 69 | install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local | ||
| 70 | install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions | ||
| 71 | ''; | ||
| 72 | }; | ||
| 73 | services.websites.webappDirs.chloe_production = app.webRoot; | ||
| 74 | services.websites.env.production.modules = [ "proxy_fcgi" ]; | ||
| 32 | services.websites.env.production.vhostConfs.chloe = { | 75 | services.websites.env.production.vhostConfs.chloe = { |
| 33 | certName = "chloe"; | 76 | certName = "chloe"; |
| 34 | certMainHost = "osteopathe-cc.fr"; | 77 | certMainHost = "osteopathe-cc.fr"; |
| 35 | hosts = ["osteopathe-cc.fr" "www.osteopathe-cc.fr" ]; | 78 | hosts = ["osteopathe-cc.fr" "www.osteopathe-cc.fr" ]; |
| 36 | root = chloe.apache.root; | 79 | root = webappdir; |
| 37 | extraConfig = [ | 80 | extraConfig = [ |
| 38 | '' | 81 | '' |
| 82 | Use Stats osteopathe-cc.fr | ||
| 83 | |||
| 39 | RewriteEngine On | 84 | RewriteEngine On |
| 40 | RewriteCond "%{HTTP_HOST}" "!^www\.osteopathe-cc\.fr$" [NC] | 85 | RewriteCond "%{HTTP_HOST}" "!^www\.osteopathe-cc\.fr$" [NC] |
| 41 | RewriteRule ^(.+)$ https://www.osteopathe-cc.fr$1 [R=302,L] | 86 | RewriteRule ^(.+)$ https://www.osteopathe-cc.fr$1 [R=302,L] |
| 87 | |||
| 88 | Include ${config.secrets.fullPaths."websites/chloe/production"} | ||
| 89 | |||
| 90 | RewriteEngine On | ||
| 91 | RewriteRule ^/news.rss /spip.php?page=backend&id_rubrique=1 | ||
| 92 | |||
| 93 | <FilesMatch "\.php$"> | ||
| 94 | SetHandler "proxy:unix:${config.services.phpfpm.pools.chloe_production.socket}|fcgi://localhost" | ||
| 95 | </FilesMatch> | ||
| 96 | |||
| 97 | <Directory ${webappdir}> | ||
| 98 | DirectoryIndex index.php index.htm index.html | ||
| 99 | Options -Indexes +FollowSymLinks +MultiViews +Includes | ||
| 100 | Include ${webappdir}/htaccess.txt | ||
| 101 | |||
| 102 | AllowOverride AuthConfig FileInfo Limit | ||
| 103 | Require all granted | ||
| 104 | </Directory> | ||
| 105 | |||
| 106 | <DirectoryMatch "${webappdir}/squelettes"> | ||
| 107 | Require all denied | ||
| 108 | </DirectoryMatch> | ||
| 109 | |||
| 110 | <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$"> | ||
| 111 | Require all denied | ||
| 112 | </FilesMatch> | ||
| 42 | '' | 113 | '' |
| 43 | (chloe.apache.vhostConf config.services.phpfpm.pools.chloe_prod.socket) | ||
| 44 | ]; | 114 | ]; |
| 45 | }; | 115 | }; |
| 46 | services.websites.env.production.watchPaths = [ | 116 | services.websites.env.production.watchPaths = [ |
| 47 | "/var/secrets/webapps/${chloe.app.environment}-chloe" | 117 | config.secrets.fullPaths."websites/chloe/production" |
| 48 | ]; | 118 | ]; |
| 49 | }; | 119 | }; |
| 50 | } | 120 | } |
diff --git a/pkgs/private/webapps/connexionswing/connexionswing.json b/modules/private/websites/connexionswing/app/connexionswing.json index 7d792ae..7d792ae 100644 --- a/pkgs/private/webapps/connexionswing/connexionswing.json +++ b/modules/private/websites/connexionswing/app/connexionswing.json | |||
diff --git a/pkgs/private/webapps/connexionswing/default.nix b/modules/private/websites/connexionswing/app/default.nix index 04e296b..37ce42d 100644 --- a/pkgs/private/webapps/connexionswing/default.nix +++ b/modules/private/websites/connexionswing/app/default.nix | |||
| @@ -1,5 +1,6 @@ | |||
| 1 | { environment ? "prod" | 1 | { environment ? "prod" |
| 2 | , varDir ? "/var/lib/connexionswing_${environment}" | 2 | , varDir ? "/var/lib/connexionswing_${environment}" |
| 3 | , secretsPath ? "/var/secrets/webapps/${environment}-connexionswing" | ||
| 3 | , composerEnv, fetchurl, fetchgit, mylibs }: | 4 | , composerEnv, fetchurl, fetchgit, mylibs }: |
| 4 | let | 5 | let |
| 5 | app = composerEnv.buildPackage ( | 6 | app = composerEnv.buildPackage ( |
| @@ -14,7 +15,7 @@ let | |||
| 14 | cd $out | 15 | cd $out |
| 15 | ${if environment == "prod" then "php ./bin/console assetic:dump --env=prod --no-debug" else ""} | 16 | ${if environment == "prod" then "php ./bin/console assetic:dump --env=prod --no-debug" else ""} |
| 16 | rm app/config/parameters.yml | 17 | rm app/config/parameters.yml |
| 17 | ln -sf /var/secrets/webapps/${environment}-connexionswing app/config/parameters.yml | 18 | ln -sf ${secretsPath} app/config/parameters.yml |
| 18 | rm -rf var/{logs,cache} | 19 | rm -rf var/{logs,cache} |
| 19 | ln -sf ${varDir}/var/{logs,cache} var/ | 20 | ln -sf ${varDir}/var/{logs,cache} var/ |
| 20 | ln -sf ${varDir}/{medias,uploads} web/images/ | 21 | ln -sf ${varDir}/{medias,uploads} web/images/ |
diff --git a/pkgs/private/webapps/connexionswing/php-packages.nix b/modules/private/websites/connexionswing/app/php-packages.nix index 581b437..581b437 100644 --- a/pkgs/private/webapps/connexionswing/php-packages.nix +++ b/modules/private/websites/connexionswing/app/php-packages.nix | |||
diff --git a/modules/private/websites/connexionswing/integration.nix b/modules/private/websites/connexionswing/integration.nix index 4f7b72d..b4de4e1 100644 --- a/modules/private/websites/connexionswing/integration.nix +++ b/modules/private/websites/connexionswing/integration.nix | |||
| @@ -1,15 +1,19 @@ | |||
| 1 | { lib, pkgs, config, ... }: | 1 | { lib, pkgs, config, ... }: |
| 2 | let | 2 | let |
| 3 | secrets = config.myEnv.websites.connexionswing.integration; | 3 | secrets = config.myEnv.websites.connexionswing.integration; |
| 4 | app = pkgs.webapps.connexionswing.override { environment = secrets.environment; }; | 4 | app = pkgs.callPackage ./app { |
| 5 | environment = secrets.environment; | ||
| 6 | varDir = "/var/lib/connexionswing_integration"; | ||
| 7 | secretsPath = config.secrets.fullPaths."websites/connexionswing/integration"; | ||
| 8 | }; | ||
| 5 | cfg = config.myServices.websites.connexionswing.integration; | 9 | cfg = config.myServices.websites.connexionswing.integration; |
| 6 | pcfg = config.services.phpApplication; | 10 | pcfg = config.services.phpApplication; |
| 7 | in { | 11 | in { |
| 8 | options.myServices.websites.connexionswing.integration.enable = lib.mkEnableOption "enable Connexionswing's website in integration"; | 12 | options.myServices.websites.connexionswing.integration.enable = lib.mkEnableOption "enable Connexionswing's website in integration"; |
| 9 | 13 | ||
| 10 | config = lib.mkIf cfg.enable { | 14 | config = lib.mkIf cfg.enable { |
| 11 | services.duplyBackup.profiles.connexionswing_dev.rootDir = app.varDir; | 15 | services.duplyBackup.profiles.connexionswing_integration.rootDir = app.varDir; |
| 12 | services.phpApplication.apps.connexionswing_dev = { | 16 | services.phpApplication.apps.connexionswing_integration = { |
| 13 | websiteEnv = "integration"; | 17 | websiteEnv = "integration"; |
| 14 | httpdUser = config.services.httpd.Inte.user; | 18 | httpdUser = config.services.httpd.Inte.user; |
| 15 | httpdGroup = config.services.httpd.Inte.group; | 19 | httpdGroup = config.services.httpd.Inte.group; |
| @@ -34,16 +38,16 @@ in { | |||
| 34 | "pm.process_idle_timeout" = "60"; | 38 | "pm.process_idle_timeout" = "60"; |
| 35 | }; | 39 | }; |
| 36 | phpEnv = { | 40 | phpEnv = { |
| 37 | SYMFONY_DEBUG_MODE = "yes"; | 41 | SYMFONY_DEBUG_MODE = "\"yes\""; |
| 38 | }; | 42 | }; |
| 39 | phpWatchFiles = [ | 43 | phpWatchFiles = [ |
| 40 | config.secrets.fullPaths."webapps/${app.environment}-connexionswing" | 44 | config.secrets.fullPaths."websites/connexionswing/integration" |
| 41 | ]; | 45 | ]; |
| 42 | }; | 46 | }; |
| 43 | 47 | ||
| 44 | secrets.keys = [ | 48 | secrets.keys = [ |
| 45 | { | 49 | { |
| 46 | dest = "webapps/${app.environment}-connexionswing"; | 50 | dest = "websites/connexionswing/integration"; |
| 47 | user = config.services.httpd.Inte.user; | 51 | user = config.services.httpd.Inte.user; |
| 48 | group = config.services.httpd.Inte.group; | 52 | group = config.services.httpd.Inte.group; |
| 49 | permissions = "0400"; | 53 | permissions = "0400"; |
| @@ -67,15 +71,15 @@ in { | |||
| 67 | } | 71 | } |
| 68 | ]; | 72 | ]; |
| 69 | 73 | ||
| 70 | services.websites.env.integration.vhostConfs.connexionswing_dev = { | 74 | services.websites.env.integration.vhostConfs.connexionswing_integration = { |
| 71 | certName = "integration"; | 75 | certName = "integration"; |
| 72 | addToCerts = true; | 76 | addToCerts = true; |
| 73 | hosts = ["connexionswing.immae.eu" "sandetludo.immae.eu" ]; | 77 | hosts = ["connexionswing.immae.eu" "sandetludo.immae.eu" ]; |
| 74 | root = pcfg.webappDirs.connexionswing_dev; | 78 | root = pcfg.webappDirs.connexionswing_integration; |
| 75 | extraConfig = [ | 79 | extraConfig = [ |
| 76 | '' | 80 | '' |
| 77 | <FilesMatch "\.php$"> | 81 | <FilesMatch "\.php$"> |
| 78 | SetHandler "proxy:unix:${pcfg.phpListenPaths.connexionswing_dev}|fcgi://localhost" | 82 | SetHandler "proxy:unix:${pcfg.phpListenPaths.connexionswing_integration}|fcgi://localhost" |
| 79 | </FilesMatch> | 83 | </FilesMatch> |
| 80 | 84 | ||
| 81 | <Directory ${app.varDir}/medias> | 85 | <Directory ${app.varDir}/medias> |
| @@ -96,7 +100,7 @@ in { | |||
| 96 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://connexionswing.com\"></html>" | 100 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://connexionswing.com\"></html>" |
| 97 | </Location> | 101 | </Location> |
| 98 | 102 | ||
| 99 | <Directory ${pcfg.webappDirs.connexionswing_dev}> | 103 | <Directory ${pcfg.webappDirs.connexionswing_integration}> |
| 100 | Options Indexes FollowSymLinks MultiViews Includes | 104 | Options Indexes FollowSymLinks MultiViews Includes |
| 101 | AllowOverride None | 105 | AllowOverride None |
| 102 | Require all granted | 106 | Require all granted |
diff --git a/modules/private/websites/connexionswing/production.nix b/modules/private/websites/connexionswing/production.nix index 0b52af1..119a15e 100644 --- a/modules/private/websites/connexionswing/production.nix +++ b/modules/private/websites/connexionswing/production.nix | |||
| @@ -1,16 +1,20 @@ | |||
| 1 | { lib, pkgs, config, ... }: | 1 | { lib, pkgs, config, ... }: |
| 2 | let | 2 | let |
| 3 | secrets = config.myEnv.websites.connexionswing.production; | 3 | secrets = config.myEnv.websites.connexionswing.production; |
| 4 | app = pkgs.webapps.connexionswing.override { environment = secrets.environment; }; | 4 | app = pkgs.callPackage ./app { |
| 5 | environment = secrets.environment; | ||
| 6 | varDir = "/var/lib/connexionswing_production"; | ||
| 7 | secretsPath = config.secrets.fullPaths."websites/connexionswing/production"; | ||
| 8 | }; | ||
| 5 | cfg = config.myServices.websites.connexionswing.production; | 9 | cfg = config.myServices.websites.connexionswing.production; |
| 6 | pcfg = config.services.phpApplication; | 10 | pcfg = config.services.phpApplication; |
| 7 | in { | 11 | in { |
| 8 | options.myServices.websites.connexionswing.production.enable = lib.mkEnableOption "enable Connexionswing's website in production"; | 12 | options.myServices.websites.connexionswing.production.enable = lib.mkEnableOption "enable Connexionswing's website in production"; |
| 9 | 13 | ||
| 10 | config = lib.mkIf cfg.enable { | 14 | config = lib.mkIf cfg.enable { |
| 11 | services.duplyBackup.profiles.connexionswing_prod.rootDir = app.varDir; | 15 | services.duplyBackup.profiles.connexionswing_produdction.rootDir = app.varDir; |
| 12 | services.webstats.sites = [ { name = "connexionswing.com"; } ]; | 16 | services.webstats.sites = [ { name = "connexionswing.com"; } ]; |
| 13 | services.phpApplication.apps.connexionswing_prod = { | 17 | services.phpApplication.apps.connexionswing_production = { |
| 14 | websiteEnv = "production"; | 18 | websiteEnv = "production"; |
| 15 | httpdUser = config.services.httpd.Prod.user; | 19 | httpdUser = config.services.httpd.Prod.user; |
| 16 | httpdGroup = config.services.httpd.Prod.group; | 20 | httpdGroup = config.services.httpd.Prod.group; |
| @@ -37,13 +41,13 @@ in { | |||
| 37 | "pm.max_spare_servers" = "3"; | 41 | "pm.max_spare_servers" = "3"; |
| 38 | }; | 42 | }; |
| 39 | phpWatchFiles = [ | 43 | phpWatchFiles = [ |
| 40 | config.secrets.fullPaths."webapps/${app.environment}-connexionswing" | 44 | config.secrets.fullPaths."websites/connexionswing/production" |
| 41 | ]; | 45 | ]; |
| 42 | }; | 46 | }; |
| 43 | 47 | ||
| 44 | secrets.keys = [ | 48 | secrets.keys = [ |
| 45 | { | 49 | { |
| 46 | dest = "webapps/${app.environment}-connexionswing"; | 50 | dest = "websites/connexionswing/production"; |
| 47 | user = config.services.httpd.Prod.user; | 51 | user = config.services.httpd.Prod.user; |
| 48 | group = config.services.httpd.Prod.group; | 52 | group = config.services.httpd.Prod.group; |
| 49 | permissions = "0400"; | 53 | permissions = "0400"; |
| @@ -71,15 +75,15 @@ in { | |||
| 71 | } | 75 | } |
| 72 | ]; | 76 | ]; |
| 73 | 77 | ||
| 74 | services.websites.env.production.vhostConfs.connexionswing_prod = { | 78 | services.websites.env.production.vhostConfs.connexionswing_production = { |
| 75 | certName = "connexionswing"; | 79 | certName = "connexionswing"; |
| 76 | certMainHost = "connexionswing.com"; | 80 | certMainHost = "connexionswing.com"; |
| 77 | hosts = ["connexionswing.com" "sandetludo.com" "www.connexionswing.com" "www.sandetludo.com" ]; | 81 | hosts = ["connexionswing.com" "sandetludo.com" "www.connexionswing.com" "www.sandetludo.com" ]; |
| 78 | root = pcfg.webappDirs.connexionswing_prod; | 82 | root = pcfg.webappDirs.connexionswing_production; |
| 79 | extraConfig = [ | 83 | extraConfig = [ |
| 80 | '' | 84 | '' |
| 81 | <FilesMatch "\.php$"> | 85 | <FilesMatch "\.php$"> |
| 82 | SetHandler "proxy:unix:${pcfg.phpListenPaths.connexionswing_prod}|fcgi://localhost" | 86 | SetHandler "proxy:unix:${pcfg.phpListenPaths.connexionswing_production}|fcgi://localhost" |
| 83 | </FilesMatch> | 87 | </FilesMatch> |
| 84 | 88 | ||
| 85 | <Directory ${app.varDir}/medias> | 89 | <Directory ${app.varDir}/medias> |
| @@ -96,7 +100,7 @@ in { | |||
| 96 | 100 | ||
| 97 | Use Stats connexionswing.com | 101 | Use Stats connexionswing.com |
| 98 | 102 | ||
| 99 | <Directory ${pcfg.webappDirs.connexionswing_prod}> | 103 | <Directory ${pcfg.webappDirs.connexionswing_production}> |
| 100 | Options Indexes FollowSymLinks MultiViews Includes | 104 | Options Indexes FollowSymLinks MultiViews Includes |
| 101 | AllowOverride All | 105 | AllowOverride All |
| 102 | Require all granted | 106 | Require all granted |
diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix index 3d43b11..5c33e1c 100644 --- a/modules/private/websites/default.nix +++ b/modules/private/websites/default.nix | |||
| @@ -43,7 +43,21 @@ let | |||
| 43 | ''; | 43 | ''; |
| 44 | }; | 44 | }; |
| 45 | global = { | 45 | global = { |
| 46 | extraConfig = (pkgs.webapps.apache-default.override { inherit www_root;}).apacheConfig; | 46 | extraConfig = '' |
| 47 | ErrorDocument 500 /maintenance_immae.html | ||
| 48 | ErrorDocument 501 /maintenance_immae.html | ||
| 49 | ErrorDocument 502 /maintenance_immae.html | ||
| 50 | ErrorDocument 503 /maintenance_immae.html | ||
| 51 | ErrorDocument 504 /maintenance_immae.html | ||
| 52 | Alias /maintenance_immae.html ${www_root}/maintenance_immae.html | ||
| 53 | ProxyPass /maintenance_immae.html ! | ||
| 54 | |||
| 55 | AliasMatch "(.*)/googleb6d69446ff4ca3e5.html" ${www_root}/googleb6d69446ff4ca3e5.html | ||
| 56 | <Directory ${www_root}> | ||
| 57 | AllowOverride None | ||
| 58 | Require all granted | ||
| 59 | </Directory> | ||
| 60 | ''; | ||
| 47 | }; | 61 | }; |
| 48 | apaxy = { | 62 | apaxy = { |
| 49 | extraConfig = (pkgs.webapps.apache-theme.override { inherit theme_root; }).apacheConfig; | 63 | extraConfig = (pkgs.webapps.apache-theme.override { inherit theme_root; }).apacheConfig; |
| @@ -64,17 +78,7 @@ let | |||
| 64 | makeExtraConfig = (builtins.filter (x: x != null) (lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) apacheConfig)); | 78 | makeExtraConfig = (builtins.filter (x: x != null) (lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) apacheConfig)); |
| 65 | in | 79 | in |
| 66 | { | 80 | { |
| 67 | options.myServices.websites = { | 81 | options.myServices.websites.enable = lib.mkEnableOption "enable websites"; |
| 68 | enable = lib.mkEnableOption "enable websites"; | ||
| 69 | |||
| 70 | webappDirs = lib.mkOption { | ||
| 71 | type = lib.types.attrsOf lib.types.path; | ||
| 72 | description = '' | ||
| 73 | Webapp paths to create in /run/current-system/webapps | ||
| 74 | ''; | ||
| 75 | default = {}; | ||
| 76 | }; | ||
| 77 | }; | ||
| 78 | 82 | ||
| 79 | config = lib.mkIf config.myServices.websites.enable { | 83 | config = lib.mkIf config.myServices.websites.enable { |
| 80 | services.duplyBackup.profiles.php = { | 84 | services.duplyBackup.profiles.php = { |
| @@ -213,61 +217,75 @@ in | |||
| 213 | }; | 217 | }; |
| 214 | }; | 218 | }; |
| 215 | 219 | ||
| 216 | system.extraSystemBuilderCmds = lib.mkIf (builtins.length (builtins.attrValues config.myServices.websites.webappDirs) > 0) '' | 220 | services.websites.webappDirs = { |
| 217 | mkdir -p $out/webapps | 221 | _www = ./_www; |
| 218 | ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (name: path: "ln -s ${path} $out/webapps/${name}") config.myServices.websites.webappDirs)} | 222 | _theme = pkgs.webapps.apache-theme.theme; |
| 219 | ''; | 223 | }; |
| 220 | |||
| 221 | myServices.websites = { | 224 | myServices.websites = { |
| 222 | webappDirs = { | 225 | capitaines.landing_pages.enable = true; |
| 223 | _www = pkgs.webapps.apache-default.www; | ||
| 224 | _theme = pkgs.webapps.apache-theme.theme; | ||
| 225 | }; | ||
| 226 | 226 | ||
| 227 | isabelle.aten_integration.enable = true; | 227 | chloe = { |
| 228 | isabelle.aten_production.enable = true; | 228 | integration.enable = true; |
| 229 | isabelle.iridologie.enable = true; | 229 | production.enable = true; |
| 230 | }; | ||
| 230 | 231 | ||
| 231 | capitaines.production.enable = true; | 232 | connexionswing = { |
| 233 | integration.enable = true; | ||
| 234 | production.enable = true; | ||
| 235 | }; | ||
| 232 | 236 | ||
| 233 | chloe.integration.enable = true; | 237 | denise = { |
| 234 | chloe.production.enable = true; | 238 | evariste.enable = true; |
| 239 | denisejerome.enable = true; | ||
| 240 | }; | ||
| 235 | 241 | ||
| 236 | connexionswing.integration.enable = true; | 242 | emilia.moodle.enable = true; |
| 237 | connexionswing.production.enable = true; | ||
| 238 | 243 | ||
| 239 | denisejerome.production.enable = true; | 244 | florian = { |
| 245 | app.enable = true; | ||
| 246 | integration.enable = true; | ||
| 247 | production.enable = true; | ||
| 248 | }; | ||
| 240 | 249 | ||
| 241 | emilia.production.enable = true; | 250 | immae = { |
| 242 | emilia.richie_production.enable = true; | 251 | production.enable = true; |
| 252 | release.enable = true; | ||
| 253 | temp.enable = true; | ||
| 254 | }; | ||
| 243 | 255 | ||
| 244 | florian.app.enable = true; | 256 | isabelle = { |
| 245 | florian.integration.enable = true; | 257 | aten_integration.enable = true; |
| 246 | florian.production.enable = true; | 258 | aten_production.enable = true; |
| 259 | iridologie.enable = true; | ||
| 260 | }; | ||
| 247 | 261 | ||
| 248 | immae.production.enable = true; | 262 | jerome.naturaloutil.enable = true; |
| 249 | immae.release.enable = true; | ||
| 250 | immae.temp.enable = true; | ||
| 251 | 263 | ||
| 252 | leila.production.enable = true; | 264 | leila.production.enable = true; |
| 253 | 265 | ||
| 254 | ludivinecassal.integration.enable = true; | 266 | ludivine = { |
| 255 | ludivinecassal.production.enable = true; | 267 | integration.enable = true; |
| 268 | production.enable = true; | ||
| 269 | }; | ||
| 256 | 270 | ||
| 257 | nassime.production.enable = true; | 271 | nassime.production.enable = true; |
| 258 | 272 | ||
| 259 | evariste.production.enable = true; | 273 | papa = { |
| 260 | naturaloutil.production.enable = true; | 274 | surveillance.enable = true; |
| 261 | telioTortay.production.enable = true; | 275 | maison_bbc.enable = true; |
| 276 | }; | ||
| 262 | 277 | ||
| 263 | papa.surveillance.enable = true; | 278 | piedsjaloux = { |
| 264 | papa.maison_bbc.enable = true; | 279 | integration.enable = true; |
| 280 | production.enable = true; | ||
| 281 | }; | ||
| 265 | 282 | ||
| 266 | piedsjaloux.integration.enable = true; | 283 | richie.production.enable = true; |
| 267 | piedsjaloux.production.enable = true; | ||
| 268 | 284 | ||
| 269 | syden.peertube.enable = true; | 285 | syden.peertube.enable = true; |
| 270 | 286 | ||
| 287 | telio_tortay.production.enable = true; | ||
| 288 | |||
| 271 | tools.cloud.enable = true; | 289 | tools.cloud.enable = true; |
| 272 | tools.dav.enable = true; | 290 | tools.dav.enable = true; |
| 273 | tools.db.enable = true; | 291 | tools.db.enable = true; |
diff --git a/modules/private/websites/denisejerome/production.nix b/modules/private/websites/denise/denisejerome.nix index 481df5b..a75e591 100644 --- a/modules/private/websites/denisejerome/production.nix +++ b/modules/private/websites/denise/denisejerome.nix | |||
| @@ -1,16 +1,16 @@ | |||
| 1 | { lib, pkgs, config, ... }: | 1 | { lib, config, ... }: |
| 2 | let | 2 | let |
| 3 | cfg = config.myServices.websites.denisejerome.production; | 3 | cfg = config.myServices.websites.denise.denisejerome; |
| 4 | varDir = "/var/lib/ftp/denisejerome"; | 4 | varDir = "/var/lib/ftp/denise/denisejerome"; |
| 5 | env = config.myEnv.websites.denisejerome; | 5 | env = config.myEnv.websites.denisejerome; |
| 6 | in { | 6 | in { |
| 7 | options.myServices.websites.denisejerome.production.enable = lib.mkEnableOption "enable Denise Jerome's website"; | 7 | options.myServices.websites.denise.denisejerome.enable = lib.mkEnableOption "enable Denise Jerome's website"; |
| 8 | 8 | ||
| 9 | config = lib.mkIf cfg.enable { | 9 | config = lib.mkIf cfg.enable { |
| 10 | services.webstats.sites = [ { name = "denisejerome.piedsjaloux.fr"; } ]; | 10 | services.webstats.sites = [ { name = "denisejerome.piedsjaloux.fr"; } ]; |
| 11 | 11 | ||
| 12 | services.websites.env.production.vhostConfs.denisejerome = { | 12 | services.websites.env.production.vhostConfs.denise_denisejerome = { |
| 13 | certName = "denisejerome"; | 13 | certName = "denise"; |
| 14 | certMainHost = "denisejerome.piedsjaloux.fr"; | 14 | certMainHost = "denisejerome.piedsjaloux.fr"; |
| 15 | hosts = ["denisejerome.piedsjaloux.fr" ]; | 15 | hosts = ["denisejerome.piedsjaloux.fr" ]; |
| 16 | root = varDir; | 16 | root = varDir; |
diff --git a/modules/private/websites/evariste/production.nix b/modules/private/websites/denise/evariste.nix index 43b26c8..460302b 100644 --- a/modules/private/websites/evariste/production.nix +++ b/modules/private/websites/denise/evariste.nix | |||
| @@ -1,10 +1,12 @@ | |||
| 1 | { lib, pkgs, config, ... }: | 1 | { lib, config, ... }: |
| 2 | let | 2 | let |
| 3 | cfg = config.myServices.websites.evariste.production; | 3 | cfg = config.myServices.websites.denise.evariste; |
| 4 | nsiVarDir = "/var/lib/ftp/nsievariste"; | 4 | nsiVarDir = "/var/lib/ftp/denise/nsievariste"; |
| 5 | stmgVarDir = "/var/lib/ftp/stmgevariste"; | 5 | stmgVarDir = "/var/lib/ftp/denise/stmgevariste"; |
| 6 | apacheUser = config.services.httpd.Prod.user; | ||
| 7 | apacheGroup = config.services.httpd.Prod.group; | ||
| 6 | in { | 8 | in { |
| 7 | options.myServices.websites.evariste.production.enable = lib.mkEnableOption "enable NSI/STMG Evariste website"; | 9 | options.myServices.websites.denise.evariste.enable = lib.mkEnableOption "enable NSI/STMG Evariste website"; |
| 8 | 10 | ||
| 9 | config = lib.mkIf cfg.enable { | 11 | config = lib.mkIf cfg.enable { |
| 10 | services.webstats.sites = [ | 12 | services.webstats.sites = [ |
| @@ -13,31 +15,32 @@ in { | |||
| 13 | ]; | 15 | ]; |
| 14 | 16 | ||
| 15 | services.websites.env.production.modules = [ "proxy_fcgi" ]; | 17 | services.websites.env.production.modules = [ "proxy_fcgi" ]; |
| 16 | system.activationScripts.evariste = { | 18 | system.activationScripts.denise_evariste = { |
| 17 | deps = [ "httpd" ]; | 19 | deps = [ "httpd" ]; |
| 18 | text = '' | 20 | text = '' |
| 19 | install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/nsievariste | 21 | install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/denise_nsievariste |
| 20 | install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/stmgevariste | 22 | install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/denise_stmgevariste |
| 21 | ''; | 23 | ''; |
| 22 | }; | 24 | }; |
| 23 | services.phpfpm.pools.nsievariste = { | 25 | services.phpfpm.pools.denise_nsievariste = { |
| 24 | user = "wwwrun"; | 26 | user = apacheUser; |
| 25 | group = "wwwrun"; | 27 | group = apacheGroup; |
| 26 | settings = { | 28 | settings = { |
| 27 | "listen.owner" = "wwwrun"; | 29 | "listen.owner" = apacheUser; |
| 28 | "listen.group" = "wwwrun"; | 30 | "listen.group" = apacheGroup; |
| 29 | 31 | ||
| 30 | "pm" = "ondemand"; | 32 | "pm" = "ondemand"; |
| 31 | "pm.max_children" = "5"; | 33 | "pm.max_children" = "5"; |
| 32 | "pm.process_idle_timeout" = "60"; | 34 | "pm.process_idle_timeout" = "60"; |
| 33 | 35 | ||
| 34 | "php_admin_value[open_basedir]" = "/var/lib/php/sessions/nsievariste:${nsiVarDir}:/tmp"; | 36 | "php_admin_value[open_basedir]" = "/var/lib/php/sessions/denise_nsievariste:${nsiVarDir}:/tmp"; |
| 35 | "php_admin_value[session.save_path]" = "/var/lib/php/sessions/nsievariste"; | 37 | "php_admin_value[session.save_path]" = "/var/lib/php/sessions/denise_nsievariste"; |
| 36 | }; | 38 | }; |
| 37 | }; | 39 | }; |
| 38 | services.websites.env.production.vhostConfs.nsievariste = { | 40 | services.websites.env.production.vhostConfs.denise_nsievariste = { |
| 39 | certName = "eldiron"; | 41 | certName = "denise_evariste"; |
| 40 | addToCerts = true; | 42 | addToCerts = true; |
| 43 | certMainHost = "nsievariste.immae.eu"; | ||
| 41 | hosts = ["nsievariste.immae.eu" ]; | 44 | hosts = ["nsievariste.immae.eu" ]; |
| 42 | root = nsiVarDir; | 45 | root = nsiVarDir; |
| 43 | extraConfig = [ | 46 | extraConfig = [ |
| @@ -45,7 +48,7 @@ in { | |||
| 45 | Use Stats nsievariste.immae.eu | 48 | Use Stats nsievariste.immae.eu |
| 46 | 49 | ||
| 47 | <FilesMatch "\.php$"> | 50 | <FilesMatch "\.php$"> |
| 48 | SetHandler "proxy:unix:${config.services.phpfpm.pools.nsievariste.socket}|fcgi://localhost" | 51 | SetHandler "proxy:unix:${config.services.phpfpm.pools.denise_nsievariste.socket}|fcgi://localhost" |
| 49 | </FilesMatch> | 52 | </FilesMatch> |
| 50 | 53 | ||
| 51 | <Directory ${nsiVarDir}> | 54 | <Directory ${nsiVarDir}> |
| @@ -58,23 +61,23 @@ in { | |||
| 58 | ]; | 61 | ]; |
| 59 | }; | 62 | }; |
| 60 | 63 | ||
| 61 | services.phpfpm.pools.stmgevariste = { | 64 | services.phpfpm.pools.denise_stmgevariste = { |
| 62 | user = "wwwrun"; | 65 | user = apacheUser; |
| 63 | group = "wwwrun"; | 66 | group = apacheGroup; |
| 64 | settings = { | 67 | settings = { |
| 65 | "listen.owner" = "wwwrun"; | 68 | "listen.owner" = apacheUser; |
| 66 | "listen.group" = "wwwrun"; | 69 | "listen.group" = apacheGroup; |
| 67 | 70 | ||
| 68 | "pm" = "ondemand"; | 71 | "pm" = "ondemand"; |
| 69 | "pm.max_children" = "5"; | 72 | "pm.max_children" = "5"; |
| 70 | "pm.process_idle_timeout" = "60"; | 73 | "pm.process_idle_timeout" = "60"; |
| 71 | 74 | ||
| 72 | "php_admin_value[open_basedir]" = "/var/lib/php/sessions/stmgevariste:${stmgVarDir}:/tmp"; | 75 | "php_admin_value[open_basedir]" = "/var/lib/php/sessions/denise_stmgevariste:${stmgVarDir}:/tmp"; |
| 73 | "php_admin_value[session.save_path]" = "/var/lib/php/sessions/stmgevariste"; | 76 | "php_admin_value[session.save_path]" = "/var/lib/php/sessions/denise_stmgevariste"; |
| 74 | }; | 77 | }; |
| 75 | }; | 78 | }; |
| 76 | services.websites.env.production.vhostConfs.stmgevariste = { | 79 | services.websites.env.production.vhostConfs.denise_stmgevariste = { |
| 77 | certName = "eldiron"; | 80 | certName = "denise_evariste"; |
| 78 | addToCerts = true; | 81 | addToCerts = true; |
| 79 | hosts = ["stmgevariste.immae.eu" ]; | 82 | hosts = ["stmgevariste.immae.eu" ]; |
| 80 | root = stmgVarDir; | 83 | root = stmgVarDir; |
| @@ -83,7 +86,7 @@ in { | |||
| 83 | Use Stats stmgevariste.immae.eu | 86 | Use Stats stmgevariste.immae.eu |
| 84 | 87 | ||
| 85 | <FilesMatch "\.php$"> | 88 | <FilesMatch "\.php$"> |
| 86 | SetHandler "proxy:unix:${config.services.phpfpm.pools.stmgevariste.socket}|fcgi://localhost" | 89 | SetHandler "proxy:unix:${config.services.phpfpm.pools.denise_stmgevariste.socket}|fcgi://localhost" |
| 87 | </FilesMatch> | 90 | </FilesMatch> |
| 88 | 91 | ||
| 89 | <Directory ${stmgVarDir}> | 92 | <Directory ${stmgVarDir}> |
diff --git a/modules/private/websites/emilia/moodle.nix b/modules/private/websites/emilia/moodle.nix new file mode 100644 index 0000000..d49faf5 --- /dev/null +++ b/modules/private/websites/emilia/moodle.nix | |||
| @@ -0,0 +1,69 @@ | |||
| 1 | { lib, pkgs, config, ... }: | ||
| 2 | let | ||
| 3 | cfg = config.myServices.websites.emilia.moodle; | ||
| 4 | env = config.myEnv.websites.emilia; | ||
| 5 | varDir = "/var/lib/emilia_moodle"; | ||
| 6 | siteDir = ./moodle; | ||
| 7 | webappName = "emilia_moodle"; | ||
| 8 | webappdir = config.services.websites.webappDirsPaths.emilia_moodle; | ||
| 9 | # php_admin_value[upload_max_filesize] = 50000000 | ||
| 10 | # php_admin_value[post_max_size] = 50000000 | ||
| 11 | configFile = '' | ||
| 12 | <?php // Moodle configuration file | ||
| 13 | |||
| 14 | unset($CFG); | ||
| 15 | global $CFG; | ||
| 16 | $CFG = new stdClass(); | ||
| 17 | |||
| 18 | $CFG->dbtype = 'pgsql'; | ||
| 19 | $CFG->dblibrary = 'native'; | ||
| 20 | $CFG->dbhost = '${env.postgresql.host}'; | ||
| 21 | $CFG->dbname = '${env.postgresql.database}'; | ||
| 22 | $CFG->dbuser = '${env.postgresql.user}'; | ||
| 23 | $CFG->dbpass = '${env.postgresql.password}'; | ||
| 24 | $CFG->prefix = 'mdl_'; | ||
| 25 | $CFG->dboptions = array ( | ||
| 26 | 'dbpersist' => 0, | ||
| 27 | 'dbport' => '${env.postgreesql.port}', | ||
| 28 | 'dbsocket' => '${env.postgresql.password}', | ||
| 29 | ); | ||
| 30 | |||
| 31 | $CFG->wwwroot = 'https://www.saison-photo.org'; | ||
| 32 | $CFG->dataroot = '${varDir}'; | ||
| 33 | $CFG->admin = 'admin'; | ||
| 34 | |||
| 35 | $CFG->directorypermissions = 02777; | ||
| 36 | |||
| 37 | require_once(__DIR__ . '/lib/setup.php'); | ||
| 38 | |||
| 39 | // There is no php closing tag in this file, | ||
| 40 | // it is intentional because it prevents trailing whitespace problems! | ||
| 41 | ''; | ||
| 42 | apacheUser = config.services.httpd.Prod.user; | ||
| 43 | apacheGroup = config.services.httpd.Prod.group; | ||
| 44 | in { | ||
| 45 | options.myServices.websites.emilia.moodle.enable = lib.mkEnableOption "enable Emilia's website"; | ||
| 46 | |||
| 47 | config = lib.mkIf cfg.enable { | ||
| 48 | services.duplyBackup.profiles.emilia_moodle.rootDir = varDir; | ||
| 49 | system.activationScripts.emilia_moodle = '' | ||
| 50 | install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${varDir} | ||
| 51 | ''; | ||
| 52 | services.websites.webappDirs.emilia_moodle = siteDir; | ||
| 53 | services.websites.env.production.vhostConfs.emilia_moodle = { | ||
| 54 | certName = "emilia"; | ||
| 55 | certMainHost = "saison-photo.org"; | ||
| 56 | hosts = [ "saison-photo.org" "www.saison-photo.org" ]; | ||
| 57 | root = webappdir; | ||
| 58 | extraConfig = [ | ||
| 59 | '' | ||
| 60 | <Directory ${webappdir}> | ||
| 61 | DirectoryIndex pause.html | ||
| 62 | Options Indexes FollowSymLinks MultiViews Includes | ||
| 63 | Require all granted | ||
| 64 | </Directory> | ||
| 65 | '' | ||
| 66 | ]; | ||
| 67 | }; | ||
| 68 | }; | ||
| 69 | } | ||
diff --git a/modules/private/websites/emilia/production.nix b/modules/private/websites/emilia/production.nix deleted file mode 100644 index 71b97dd..0000000 --- a/modules/private/websites/emilia/production.nix +++ /dev/null | |||
| @@ -1,69 +0,0 @@ | |||
| 1 | { lib, pkgs, config, ... }: | ||
| 2 | let | ||
| 3 | cfg = config.myServices.websites.emilia.production; | ||
| 4 | env = config.myEnv.websites.emilia; | ||
| 5 | varDir = "/var/lib/moodle"; | ||
| 6 | siteDir = ./moodle; | ||
| 7 | webappName = "emilia_moodle"; | ||
| 8 | root = "/run/current-system/webapps/${webappName}"; | ||
| 9 | # php_admin_value[upload_max_filesize] = 50000000 | ||
| 10 | # php_admin_value[post_max_size] = 50000000 | ||
| 11 | configFile = '' | ||
| 12 | <?php // Moodle configuration file | ||
| 13 | |||
| 14 | unset($CFG); | ||
| 15 | global $CFG; | ||
| 16 | $CFG = new stdClass(); | ||
| 17 | |||
| 18 | $CFG->dbtype = 'pgsql'; | ||
| 19 | $CFG->dblibrary = 'native'; | ||
| 20 | $CFG->dbhost = '${env.postgresql.host}'; | ||
| 21 | $CFG->dbname = '${env.postgresql.database}'; | ||
| 22 | $CFG->dbuser = '${env.postgresql.user}'; | ||
| 23 | $CFG->dbpass = '${env.postgresql.password}'; | ||
| 24 | $CFG->prefix = 'mdl_'; | ||
| 25 | $CFG->dboptions = array ( | ||
| 26 | 'dbpersist' => 0, | ||
| 27 | 'dbport' => '${env.postgreesql.port}', | ||
| 28 | 'dbsocket' => '${env.postgresql.password}', | ||
| 29 | ); | ||
| 30 | |||
| 31 | $CFG->wwwroot = 'https://www.saison-photo.org'; | ||
| 32 | $CFG->dataroot = '${varDir}'; | ||
| 33 | $CFG->admin = 'admin'; | ||
| 34 | |||
| 35 | $CFG->directorypermissions = 02777; | ||
| 36 | |||
| 37 | require_once(__DIR__ . '/lib/setup.php'); | ||
| 38 | |||
| 39 | // There is no php closing tag in this file, | ||
| 40 | // it is intentional because it prevents trailing whitespace problems! | ||
| 41 | ''; | ||
| 42 | in { | ||
| 43 | options.myServices.websites.emilia.production.enable = lib.mkEnableOption "enable Emilia's website"; | ||
| 44 | |||
| 45 | config = lib.mkIf cfg.enable { | ||
| 46 | services.duplyBackup.profiles.emilia_prod = { | ||
| 47 | rootDir = varDir; | ||
| 48 | }; | ||
| 49 | system.activationScripts.emilia = '' | ||
| 50 | install -m 0755 -o wwwrun -g wwwrun -d ${varDir} | ||
| 51 | ''; | ||
| 52 | myServices.websites.webappDirs."${webappName}" = siteDir; | ||
| 53 | services.websites.env.production.vhostConfs.emilia = { | ||
| 54 | certName = "emilia"; | ||
| 55 | certMainHost = "saison-photo.org"; | ||
| 56 | hosts = [ "saison-photo.org" "www.saison-photo.org" ]; | ||
| 57 | root = root; | ||
| 58 | extraConfig = [ | ||
| 59 | '' | ||
| 60 | <Directory ${root}> | ||
| 61 | DirectoryIndex pause.html | ||
| 62 | Options Indexes FollowSymLinks MultiViews Includes | ||
| 63 | Require all granted | ||
| 64 | </Directory> | ||
| 65 | '' | ||
| 66 | ]; | ||
| 67 | }; | ||
| 68 | }; | ||
| 69 | } | ||
diff --git a/modules/private/websites/florian/app.nix b/modules/private/websites/florian/app.nix index c65c26f..19a88b0 100644 --- a/modules/private/websites/florian/app.nix +++ b/modules/private/websites/florian/app.nix | |||
| @@ -2,15 +2,19 @@ | |||
| 2 | let | 2 | let |
| 3 | adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; }; | 3 | adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; }; |
| 4 | secrets = config.myEnv.websites.tellesflorian.integration; | 4 | secrets = config.myEnv.websites.tellesflorian.integration; |
| 5 | app = pkgs.webapps.tellesflorian.override { environment = secrets.environment; }; | 5 | app = pkgs.callPackage ./app { |
| 6 | environment = secrets.environment; | ||
| 7 | varDir = "/var/lib/florian_app"; | ||
| 8 | secretsPath = config.secrets.fullPaths."websites/florian/app"; | ||
| 9 | }; | ||
| 6 | cfg = config.myServices.websites.florian.app; | 10 | cfg = config.myServices.websites.florian.app; |
| 7 | pcfg = config.services.phpApplication; | 11 | pcfg = config.services.phpApplication; |
| 8 | in { | 12 | in { |
| 9 | options.myServices.websites.florian.app.enable = lib.mkEnableOption "enable Florian's app in integration"; | 13 | options.myServices.websites.florian.app.enable = lib.mkEnableOption "enable Florian's app in integration"; |
| 10 | 14 | ||
| 11 | config = lib.mkIf cfg.enable { | 15 | config = lib.mkIf cfg.enable { |
| 12 | services.duplyBackup.profiles.tellesflorian_dev.rootDir = app.varDir; | 16 | services.duplyBackup.profiles.florian_app.rootDir = app.varDir; |
| 13 | services.phpApplication.apps.florian_dev = { | 17 | services.phpApplication.apps.florian_app = { |
| 14 | websiteEnv = "integration"; | 18 | websiteEnv = "integration"; |
| 15 | httpdUser = config.services.httpd.Inte.user; | 19 | httpdUser = config.services.httpd.Inte.user; |
| 16 | httpdGroup = config.services.httpd.Inte.group; | 20 | httpdGroup = config.services.httpd.Inte.group; |
| @@ -33,16 +37,16 @@ in { | |||
| 33 | "pm.process_idle_timeout" = "60"; | 37 | "pm.process_idle_timeout" = "60"; |
| 34 | }; | 38 | }; |
| 35 | phpEnv = { | 39 | phpEnv = { |
| 36 | SYMFONY_DEBUG_MODE = "yes"; | 40 | SYMFONY_DEBUG_MODE = "\"yes\""; |
| 37 | }; | 41 | }; |
| 38 | phpWatchFiles = [ | 42 | phpWatchFiles = [ |
| 39 | config.secrets.fullPaths."webapps/${app.environment}-tellesflorian" | 43 | config.secrets.fullPaths."websites/florian/app" |
| 40 | ]; | 44 | ]; |
| 41 | }; | 45 | }; |
| 42 | 46 | ||
| 43 | secrets.keys = [ | 47 | secrets.keys = [ |
| 44 | { | 48 | { |
| 45 | dest = "webapps/${app.environment}-tellesflorian-passwords"; | 49 | dest = "websites/florian/app_passwords"; |
| 46 | user = config.services.httpd.Inte.user; | 50 | user = config.services.httpd.Inte.user; |
| 47 | group = config.services.httpd.Inte.group; | 51 | group = config.services.httpd.Inte.group; |
| 48 | permissions = "0400"; | 52 | permissions = "0400"; |
| @@ -51,7 +55,7 @@ in { | |||
| 51 | ''; | 55 | ''; |
| 52 | } | 56 | } |
| 53 | { | 57 | { |
| 54 | dest = "webapps/${app.environment}-tellesflorian"; | 58 | dest = "websites/florian/app"; |
| 55 | user = config.services.httpd.Inte.user; | 59 | user = config.services.httpd.Inte.user; |
| 56 | group = config.services.httpd.Inte.group; | 60 | group = config.services.httpd.Inte.group; |
| 57 | permissions = "0400"; | 61 | permissions = "0400"; |
| @@ -73,15 +77,15 @@ in { | |||
| 73 | ]; | 77 | ]; |
| 74 | 78 | ||
| 75 | services.websites.env.integration.modules = adminer.apache.modules; | 79 | services.websites.env.integration.modules = adminer.apache.modules; |
| 76 | services.websites.env.integration.vhostConfs.florian_dev = { | 80 | services.websites.env.integration.vhostConfs.florian_app = { |
| 77 | certName = "integration"; | 81 | certName = "integration"; |
| 78 | addToCerts = true; | 82 | addToCerts = true; |
| 79 | hosts = [ "app.tellesflorian.com" ]; | 83 | hosts = [ "app.tellesflorian.com" ]; |
| 80 | root = pcfg.webappDirs.florian_dev; | 84 | root = pcfg.webappDirs.florian_app; |
| 81 | extraConfig = [ | 85 | extraConfig = [ |
| 82 | '' | 86 | '' |
| 83 | <FilesMatch "\.php$"> | 87 | <FilesMatch "\.php$"> |
| 84 | SetHandler "proxy:unix:${pcfg.phpListenPaths.florian_dev}|fcgi://localhost" | 88 | SetHandler "proxy:unix:${pcfg.phpListenPaths.florian_app}|fcgi://localhost" |
| 85 | </FilesMatch> | 89 | </FilesMatch> |
| 86 | 90 | ||
| 87 | <Location /> | 91 | <Location /> |
| @@ -89,13 +93,13 @@ in { | |||
| 89 | Use LDAPConnect | 93 | Use LDAPConnect |
| 90 | Require ldap-group cn=app.tellesflorian.com,cn=httpd,ou=services,dc=immae,dc=eu | 94 | Require ldap-group cn=app.tellesflorian.com,cn=httpd,ou=services,dc=immae,dc=eu |
| 91 | 95 | ||
| 92 | AuthUserFile "${config.secrets.fullPaths."webapps/${app.environment}-tellesflorian-passwords"}" | 96 | AuthUserFile "${config.secrets.fullPaths."websites/florian/app_passwords"}" |
| 93 | Require user "invite" | 97 | Require user "invite" |
| 94 | 98 | ||
| 95 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://tellesflorian.com\"></html>" | 99 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://tellesflorian.com\"></html>" |
| 96 | </Location> | 100 | </Location> |
| 97 | 101 | ||
| 98 | <Directory ${pcfg.webappDirs.florian_dev}> | 102 | <Directory ${pcfg.webappDirs.florian_app}> |
| 99 | Options Indexes FollowSymLinks MultiViews Includes | 103 | Options Indexes FollowSymLinks MultiViews Includes |
| 100 | AllowOverride None | 104 | AllowOverride None |
| 101 | Require all granted | 105 | Require all granted |
diff --git a/pkgs/private/webapps/tellesflorian/default.nix b/modules/private/websites/florian/app/default.nix index b1ccb98..b31e12d 100644 --- a/pkgs/private/webapps/tellesflorian/default.nix +++ b/modules/private/websites/florian/app/default.nix | |||
| @@ -1,5 +1,6 @@ | |||
| 1 | { environment ? "prod" | 1 | { environment ? "prod" |
| 2 | , varDir ? "/var/lib/tellesflorian_${environment}" | 2 | , varDir ? "/var/lib/tellesflorian_${environment}" |
| 3 | , secretsPath ? "/var/secrets/webapps/${environment}-tellesflorian" | ||
| 3 | , composerEnv, fetchurl, mylibs }: | 4 | , composerEnv, fetchurl, mylibs }: |
| 4 | let | 5 | let |
| 5 | app = composerEnv.buildPackage ( | 6 | app = composerEnv.buildPackage ( |
| @@ -13,7 +14,7 @@ let | |||
| 13 | postInstall = '' | 14 | postInstall = '' |
| 14 | cd $out | 15 | cd $out |
| 15 | rm app/config/parameters.yml | 16 | rm app/config/parameters.yml |
| 16 | ln -sf /var/secrets/webapps/${environment}-tellesflorian app/config/parameters.yml | 17 | ln -sf ${secretsPath} app/config/parameters.yml |
| 17 | rm -rf var/{logs,cache} | 18 | rm -rf var/{logs,cache} |
| 18 | ln -sf ${varDir}/var/{logs,cache,sessions} var/ | 19 | ln -sf ${varDir}/var/{logs,cache,sessions} var/ |
| 19 | ''; | 20 | ''; |
diff --git a/pkgs/private/webapps/tellesflorian/php-packages.nix b/modules/private/websites/florian/app/php-packages.nix index 0c7e00c..0c7e00c 100644 --- a/pkgs/private/webapps/tellesflorian/php-packages.nix +++ b/modules/private/websites/florian/app/php-packages.nix | |||
diff --git a/pkgs/private/webapps/tellesflorian/tellesflorian.json b/modules/private/websites/florian/app/tellesflorian.json index 693336d..693336d 100644 --- a/pkgs/private/webapps/tellesflorian/tellesflorian.json +++ b/modules/private/websites/florian/app/tellesflorian.json | |||
diff --git a/modules/private/websites/florian/integration.nix b/modules/private/websites/florian/integration.nix index 4ee160a..5ebe531 100644 --- a/modules/private/websites/florian/integration.nix +++ b/modules/private/websites/florian/integration.nix | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | { lib, pkgs, config, ... }: | 1 | { lib, pkgs, config, ... }: |
| 2 | let | 2 | let |
| 3 | adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; }; | 3 | adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; }; |
| 4 | cfg = config.myServices.websites.florian.integration; | 4 | cfg = config.myServices.websites.florian.integration; |
| 5 | varDir = "/var/lib/ftp/florian"; | 5 | varDir = "/var/lib/ftp/florian/florian.immae.eu"; |
| 6 | env = config.myEnv.websites.florian; | 6 | env = config.myEnv.websites.florian; |
| 7 | in { | 7 | in { |
| 8 | options.myServices.websites.florian.integration.enable = lib.mkEnableOption "enable Florian's website integration"; | 8 | options.myServices.websites.florian.integration.enable = lib.mkEnableOption "enable Florian's website integration"; |
| 9 | 9 | ||
| @@ -11,17 +11,17 @@ in { | |||
| 11 | security.acme.certs."ftp".extraDomains."florian.immae.eu" = null; | 11 | security.acme.certs."ftp".extraDomains."florian.immae.eu" = null; |
| 12 | 12 | ||
| 13 | services.websites.env.integration.modules = adminer.apache.modules; | 13 | services.websites.env.integration.modules = adminer.apache.modules; |
| 14 | services.websites.env.integration.vhostConfs.florian = { | 14 | services.websites.env.integration.vhostConfs.florian_integration = { |
| 15 | certName = "integration"; | 15 | certName = "integration"; |
| 16 | addToCerts = true; | 16 | addToCerts = true; |
| 17 | hosts = [ "florian.immae.eu" ]; | 17 | hosts = [ "florian.immae.eu" ]; |
| 18 | root = "${varDir}/florian.immae.eu"; | 18 | root = varDir; |
| 19 | extraConfig = [ | 19 | extraConfig = [ |
| 20 | (adminer.apache.vhostConf null) | 20 | (adminer.apache.vhostConf null) |
| 21 | '' | 21 | '' |
| 22 | ServerAdmin ${env.server_admin} | 22 | ServerAdmin ${env.server_admin} |
| 23 | 23 | ||
| 24 | <Directory ${varDir}/florian.immae.eu> | 24 | <Directory ${varDir}> |
| 25 | DirectoryIndex index.php index.htm index.html | 25 | DirectoryIndex index.php index.htm index.html |
| 26 | Options Indexes FollowSymLinks MultiViews Includes | 26 | Options Indexes FollowSymLinks MultiViews Includes |
| 27 | AllowOverride None | 27 | AllowOverride None |
diff --git a/modules/private/websites/florian/production.nix b/modules/private/websites/florian/production.nix index 16c6022..1c5ffa6 100644 --- a/modules/private/websites/florian/production.nix +++ b/modules/private/websites/florian/production.nix | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | { lib, pkgs, config, ... }: | 1 | { lib, pkgs, config, ... }: |
| 2 | let | 2 | let |
| 3 | adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; }; | 3 | adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; }; |
| 4 | cfg = config.myServices.websites.florian.production; | 4 | cfg = config.myServices.websites.florian.production; |
| 5 | varDir = "/var/lib/ftp/florian"; | 5 | varDir = "/var/lib/ftp/florian/tellesflorian.com"; |
| 6 | env = config.myEnv.websites.florian; | 6 | env = config.myEnv.websites.florian; |
| 7 | in { | 7 | in { |
| 8 | options.myServices.websites.florian.production.enable = lib.mkEnableOption "enable Florian's website production"; | 8 | options.myServices.websites.florian.production.enable = lib.mkEnableOption "enable Florian's website production"; |
| 9 | 9 | ||
| @@ -11,17 +11,17 @@ in { | |||
| 11 | security.acme.certs."ftp".extraDomains."tellesflorian.com" = null; | 11 | security.acme.certs."ftp".extraDomains."tellesflorian.com" = null; |
| 12 | 12 | ||
| 13 | services.websites.env.production.modules = adminer.apache.modules; | 13 | services.websites.env.production.modules = adminer.apache.modules; |
| 14 | services.websites.env.production.vhostConfs.florian = { | 14 | services.websites.env.production.vhostConfs.florian_production = { |
| 15 | certName = "florian"; | 15 | certName = "florian"; |
| 16 | certMainHost = "tellesflorian.com"; | 16 | certMainHost = "tellesflorian.com"; |
| 17 | hosts = [ "tellesflorian.com" "www.tellesflorian.com" ]; | 17 | hosts = [ "tellesflorian.com" "www.tellesflorian.com" ]; |
| 18 | root = "${varDir}/tellesflorian.com"; | 18 | root = varDir; |
| 19 | extraConfig = [ | 19 | extraConfig = [ |
| 20 | (adminer.apache.vhostConf null) | 20 | (adminer.apache.vhostConf null) |
| 21 | '' | 21 | '' |
| 22 | ServerAdmin ${env.server_admin} | 22 | ServerAdmin ${env.server_admin} |
| 23 | 23 | ||
| 24 | <Directory ${varDir}/tellesflorian.com> | 24 | <Directory ${varDir}> |
| 25 | DirectoryIndex index.php index.htm index.html | 25 | DirectoryIndex index.php index.htm index.html |
| 26 | Options Indexes FollowSymLinks MultiViews Includes | 26 | Options Indexes FollowSymLinks MultiViews Includes |
| 27 | AllowOverride None | 27 | AllowOverride None |
diff --git a/modules/private/websites/immae/production.nix b/modules/private/websites/immae/production.nix index dff1053..dc89ae3 100644 --- a/modules/private/websites/immae/production.nix +++ b/modules/private/websites/immae/production.nix | |||
| @@ -12,12 +12,13 @@ in { | |||
| 12 | config = lib.mkIf cfg.enable { | 12 | config = lib.mkIf cfg.enable { |
| 13 | services.webstats.sites = [ { name = "www.immae.eu"; } ]; | 13 | services.webstats.sites = [ { name = "www.immae.eu"; } ]; |
| 14 | 14 | ||
| 15 | services.websites.env.production.vhostConfs.immae = { | 15 | services.websites.env.production.vhostConfs.immae_production = { |
| 16 | certName = "eldiron"; | 16 | certName = "immae"; |
| 17 | addToCerts = true; | 17 | addToCerts = true; |
| 18 | hosts = [ "www.immae.eu" "immae.eu" ]; | 18 | certMainHost = "www.immae.eu"; |
| 19 | root = varDir; | 19 | hosts = [ "www.immae.eu" "immae.eu" ]; |
| 20 | extraConfig = [ | 20 | root = varDir; |
| 21 | extraConfig = [ | ||
| 21 | '' | 22 | '' |
| 22 | Use Stats www.immae.eu | 23 | Use Stats www.immae.eu |
| 23 | 24 | ||
| @@ -68,8 +69,8 @@ in { | |||
| 68 | ]; | 69 | ]; |
| 69 | }; | 70 | }; |
| 70 | 71 | ||
| 71 | services.websites.env.production.vhostConfs.immaeFr = { | 72 | services.websites.env.production.vhostConfs.immae_fr = { |
| 72 | certName = "eldiron"; | 73 | certName = "immae"; |
| 73 | addToCerts = true; | 74 | addToCerts = true; |
| 74 | hosts = [ "www.immae.fr" "immae.fr" ]; | 75 | hosts = [ "www.immae.fr" "immae.fr" ]; |
| 75 | root = null; | 76 | root = null; |
| @@ -78,8 +79,8 @@ in { | |||
| 78 | '' ]; | 79 | '' ]; |
| 79 | }; | 80 | }; |
| 80 | 81 | ||
| 81 | services.websites.env.production.vhostConfs.bouya = { | 82 | services.websites.env.production.vhostConfs.immae_bouya = { |
| 82 | certName = "eldiron"; | 83 | certName = "immae"; |
| 83 | addToCerts = true; | 84 | addToCerts = true; |
| 84 | hosts = [ "bouya.org" "www.bouya.org" ]; | 85 | hosts = [ "bouya.org" "www.bouya.org" ]; |
| 85 | root = null; | 86 | root = null; |
diff --git a/modules/private/websites/immae/release.nix b/modules/private/websites/immae/release.nix index a503c90..d06af87 100644 --- a/modules/private/websites/immae/release.nix +++ b/modules/private/websites/immae/release.nix | |||
| @@ -9,8 +9,8 @@ in { | |||
| 9 | config = lib.mkIf cfg.enable { | 9 | config = lib.mkIf cfg.enable { |
| 10 | services.webstats.sites = [ { name = "release.immae.eu"; } ]; | 10 | services.webstats.sites = [ { name = "release.immae.eu"; } ]; |
| 11 | 11 | ||
| 12 | services.websites.env.production.vhostConfs.release = { | 12 | services.websites.env.production.vhostConfs.immae_release = { |
| 13 | certName = "eldiron"; | 13 | certName = "immae"; |
| 14 | addToCerts = true; | 14 | addToCerts = true; |
| 15 | hosts = [ "release.immae.eu" ]; | 15 | hosts = [ "release.immae.eu" ]; |
| 16 | root = varDir; | 16 | root = varDir; |
diff --git a/modules/private/websites/immae/temp.nix b/modules/private/websites/immae/temp.nix index 899bb3a..c24844e 100644 --- a/modules/private/websites/immae/temp.nix +++ b/modules/private/websites/immae/temp.nix | |||
| @@ -8,8 +8,8 @@ in { | |||
| 8 | 8 | ||
| 9 | config = lib.mkIf cfg.enable { | 9 | config = lib.mkIf cfg.enable { |
| 10 | services.websites.env.production.modules = [ "headers" ]; | 10 | services.websites.env.production.modules = [ "headers" ]; |
| 11 | services.websites.env.production.vhostConfs.temp = { | 11 | services.websites.env.production.vhostConfs.immae_temp = { |
| 12 | certName = "eldiron"; | 12 | certName = "immae"; |
| 13 | addToCerts = true; | 13 | addToCerts = true; |
| 14 | hosts = [ "temp.immae.eu" ]; | 14 | hosts = [ "temp.immae.eu" ]; |
| 15 | root = varDir; | 15 | root = varDir; |
diff --git a/pkgs/private/webapps/aten/aten.json b/modules/private/websites/isabelle/aten_app/aten.json index 10a315a..10a315a 100644 --- a/pkgs/private/webapps/aten/aten.json +++ b/modules/private/websites/isabelle/aten_app/aten.json | |||
diff --git a/pkgs/private/webapps/aten/default.nix b/modules/private/websites/isabelle/aten_app/default.nix index 9c4e29f..9c4e29f 100644 --- a/pkgs/private/webapps/aten/default.nix +++ b/modules/private/websites/isabelle/aten_app/default.nix | |||
diff --git a/pkgs/private/webapps/aten/php-packages.nix b/modules/private/websites/isabelle/aten_app/php-packages.nix index 8d86587..8d86587 100644 --- a/pkgs/private/webapps/aten/php-packages.nix +++ b/modules/private/websites/isabelle/aten_app/php-packages.nix | |||
diff --git a/pkgs/private/webapps/aten/yarn-packages.nix b/modules/private/websites/isabelle/aten_app/yarn-packages.nix index c16d9dc..c16d9dc 100644 --- a/pkgs/private/webapps/aten/yarn-packages.nix +++ b/modules/private/websites/isabelle/aten_app/yarn-packages.nix | |||
diff --git a/modules/private/websites/isabelle/aten_integration.nix b/modules/private/websites/isabelle/aten_integration.nix index fb6eda9..61c35cc 100644 --- a/modules/private/websites/isabelle/aten_integration.nix +++ b/modules/private/websites/isabelle/aten_integration.nix | |||
| @@ -1,20 +1,23 @@ | |||
| 1 | { lib, pkgs, config, ... }: | 1 | { lib, pkgs, config, ... }: |
| 2 | let | 2 | let |
| 3 | secrets = config.myEnv.websites.isabelle.aten_integration; | 3 | secrets = config.myEnv.websites.isabelle.aten_integration; |
| 4 | app = pkgs.webapps.aten.override { environment = secrets.environment; }; | 4 | app = pkgs.callPackage ./aten_app { |
| 5 | environment = secrets.environment; | ||
| 6 | varDir = "/var/lib/isabelle_aten_integration"; | ||
| 7 | }; | ||
| 5 | cfg = config.myServices.websites.isabelle.aten_integration; | 8 | cfg = config.myServices.websites.isabelle.aten_integration; |
| 6 | pcfg = config.services.phpApplication; | 9 | pcfg = config.services.phpApplication; |
| 7 | in { | 10 | in { |
| 8 | options.myServices.websites.isabelle.aten_integration.enable = lib.mkEnableOption "enable Aten's website in integration"; | 11 | options.myServices.websites.isabelle.aten_integration.enable = lib.mkEnableOption "enable Aten's website in integration"; |
| 9 | 12 | ||
| 10 | config = lib.mkIf cfg.enable { | 13 | config = lib.mkIf cfg.enable { |
| 11 | services.duplyBackup.profiles.aten_dev.rootDir = app.varDir; | 14 | services.duplyBackup.profiles.isabelle_aten_integration.rootDir = app.varDir; |
| 12 | services.phpApplication.apps.aten_dev = { | 15 | services.phpApplication.apps.isabelle_aten_integration = { |
| 13 | websiteEnv = "integration"; | 16 | websiteEnv = "integration"; |
| 14 | httpdUser = config.services.httpd.Inte.user; | 17 | httpdUser = config.services.httpd.Inte.user; |
| 15 | httpdGroup = config.services.httpd.Inte.group; | 18 | httpdGroup = config.services.httpd.Inte.group; |
| 16 | httpdWatchFiles = [ | 19 | httpdWatchFiles = [ |
| 17 | config.secrets.fullPaths."webapps/${app.environment}-aten" | 20 | config.secrets.fullPaths."websites/isabelle/aten_integration" |
| 18 | ]; | 21 | ]; |
| 19 | inherit (app) webRoot varDir; | 22 | inherit (app) webRoot varDir; |
| 20 | inherit app; | 23 | inherit app; |
| @@ -32,12 +35,12 @@ in { | |||
| 32 | "pm.process_idle_timeout" = "60"; | 35 | "pm.process_idle_timeout" = "60"; |
| 33 | }; | 36 | }; |
| 34 | phpEnv = { | 37 | phpEnv = { |
| 35 | SYMFONY_DEBUG_MODE = "yes"; | 38 | SYMFONY_DEBUG_MODE = "\"yes\""; |
| 36 | }; | 39 | }; |
| 37 | }; | 40 | }; |
| 38 | 41 | ||
| 39 | secrets.keys = [{ | 42 | secrets.keys = [{ |
| 40 | dest = "webapps/${app.environment}-aten"; | 43 | dest = "websites/isabelle/aten_integration"; |
| 41 | user = config.services.httpd.Inte.user; | 44 | user = config.services.httpd.Inte.user; |
| 42 | group = config.services.httpd.Inte.group; | 45 | group = config.services.httpd.Inte.group; |
| 43 | permissions = "0400"; | 46 | permissions = "0400"; |
| @@ -52,18 +55,18 @@ in { | |||
| 52 | SetEnv DATABASE_URL "${psql_url}" | 55 | SetEnv DATABASE_URL "${psql_url}" |
| 53 | ''; | 56 | ''; |
| 54 | }]; | 57 | }]; |
| 55 | services.websites.env.integration.vhostConfs.aten_dev = { | 58 | services.websites.env.integration.vhostConfs.isabelle_aten_integration = { |
| 56 | certName = "integration"; | 59 | certName = "integration"; |
| 57 | addToCerts = true; | 60 | addToCerts = true; |
| 58 | hosts = [ "dev.aten.pro" ]; | 61 | hosts = [ "dev.aten.pro" ]; |
| 59 | root = pcfg.webappDirs.aten_dev; | 62 | root = pcfg.webappDirs.isabelle_aten_integration; |
| 60 | extraConfig = [ | 63 | extraConfig = [ |
| 61 | '' | 64 | '' |
| 62 | <FilesMatch "\.php$"> | 65 | <FilesMatch "\.php$"> |
| 63 | SetHandler "proxy:unix:${pcfg.phpListenPaths.aten_dev}|fcgi://localhost" | 66 | SetHandler "proxy:unix:${pcfg.phpListenPaths.isabelle_aten_integration}|fcgi://localhost" |
| 64 | </FilesMatch> | 67 | </FilesMatch> |
| 65 | 68 | ||
| 66 | Include ${config.secrets.fullPaths."webapps/${app.environment}-aten"} | 69 | Include ${config.secrets.fullPaths."websites/isabelle/aten_integration"} |
| 67 | 70 | ||
| 68 | <Location /> | 71 | <Location /> |
| 69 | Use LDAPConnect | 72 | Use LDAPConnect |
| @@ -77,7 +80,7 @@ in { | |||
| 77 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>" | 80 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>" |
| 78 | </Location> | 81 | </Location> |
| 79 | 82 | ||
| 80 | <Directory ${pcfg.webappDirs.aten_dev}> | 83 | <Directory ${pcfg.webappDirs.isabelle_aten_integration}> |
| 81 | Options Indexes FollowSymLinks MultiViews Includes | 84 | Options Indexes FollowSymLinks MultiViews Includes |
| 82 | AllowOverride All | 85 | AllowOverride All |
| 83 | Require all granted | 86 | Require all granted |
diff --git a/modules/private/websites/isabelle/aten_production.nix b/modules/private/websites/isabelle/aten_production.nix index cf7e4a2..e34d659 100644 --- a/modules/private/websites/isabelle/aten_production.nix +++ b/modules/private/websites/isabelle/aten_production.nix | |||
| @@ -1,21 +1,24 @@ | |||
| 1 | { lib, pkgs, config, ... }: | 1 | { lib, pkgs, config, ... }: |
| 2 | let | 2 | let |
| 3 | secrets = config.myEnv.websites.isabelle.aten_production; | 3 | secrets = config.myEnv.websites.isabelle.aten_production; |
| 4 | app = pkgs.webapps.aten.override { environment = secrets.environment; }; | 4 | app = pkgs.callPackage ./aten_app { |
| 5 | environment = secrets.environment; | ||
| 6 | varDir = "/var/lib/isabelle_aten_production"; | ||
| 7 | }; | ||
| 5 | cfg = config.myServices.websites.isabelle.aten_production; | 8 | cfg = config.myServices.websites.isabelle.aten_production; |
| 6 | pcfg = config.services.phpApplication; | 9 | pcfg = config.services.phpApplication; |
| 7 | in { | 10 | in { |
| 8 | options.myServices.websites.isabelle.aten_production.enable = lib.mkEnableOption "enable Aten's website in production"; | 11 | options.myServices.websites.isabelle.aten_production.enable = lib.mkEnableOption "enable Aten's website in production"; |
| 9 | 12 | ||
| 10 | config = lib.mkIf cfg.enable { | 13 | config = lib.mkIf cfg.enable { |
| 11 | services.duplyBackup.profiles.aten_prod.rootDir = app.varDir; | 14 | services.duplyBackup.profiles.isabelle_aten_production.rootDir = app.varDir; |
| 12 | services.webstats.sites = [ { name = "aten.pro"; } ]; | 15 | services.webstats.sites = [ { name = "aten.pro"; } ]; |
| 13 | services.phpApplication.apps.aten_prod = { | 16 | services.phpApplication.apps.isabelle_aten_production = { |
| 14 | websiteEnv = "production"; | 17 | websiteEnv = "production"; |
| 15 | httpdUser = config.services.httpd.Prod.user; | 18 | httpdUser = config.services.httpd.Prod.user; |
| 16 | httpdGroup = config.services.httpd.Prod.group; | 19 | httpdGroup = config.services.httpd.Prod.group; |
| 17 | httpdWatchFiles = [ | 20 | httpdWatchFiles = [ |
| 18 | config.secrets.fullPaths."webapps/${app.environment}-aten" | 21 | config.secrets.fullPaths."websites/isabelle/aten_production" |
| 19 | ]; | 22 | ]; |
| 20 | inherit (app) webRoot varDir; | 23 | inherit (app) webRoot varDir; |
| 21 | inherit app; | 24 | inherit app; |
| @@ -37,7 +40,7 @@ in { | |||
| 37 | }; | 40 | }; |
| 38 | 41 | ||
| 39 | secrets.keys = [{ | 42 | secrets.keys = [{ |
| 40 | dest = "webapps/${app.environment}-aten"; | 43 | dest = "websites/isabelle/aten_production"; |
| 41 | user = config.services.httpd.Prod.user; | 44 | user = config.services.httpd.Prod.user; |
| 42 | group = config.services.httpd.Prod.group; | 45 | group = config.services.httpd.Prod.group; |
| 43 | permissions = "0400"; | 46 | permissions = "0400"; |
| @@ -52,18 +55,18 @@ in { | |||
| 52 | SetEnv DATABASE_URL "${psql_url}" | 55 | SetEnv DATABASE_URL "${psql_url}" |
| 53 | ''; | 56 | ''; |
| 54 | }]; | 57 | }]; |
| 55 | services.websites.env.production.vhostConfs.aten_prod = { | 58 | services.websites.env.production.vhostConfs.isabelle_aten_production = { |
| 56 | certName = "aten"; | 59 | certName = "isabelle"; |
| 57 | certMainHost = "aten.pro"; | 60 | certMainHost = "aten.pro"; |
| 58 | hosts = [ "aten.pro" "www.aten.pro" ]; | 61 | hosts = [ "aten.pro" "www.aten.pro" ]; |
| 59 | root = pcfg.webappDirs.aten_prod; | 62 | root = pcfg.webappDirs.isabelle_aten_production; |
| 60 | extraConfig = [ | 63 | extraConfig = [ |
| 61 | '' | 64 | '' |
| 62 | <FilesMatch "\.php$"> | 65 | <FilesMatch "\.php$"> |
| 63 | SetHandler "proxy:unix:${pcfg.phpListenPaths.aten_prod}|fcgi://localhost" | 66 | SetHandler "proxy:unix:${pcfg.phpListenPaths.isabelle_aten_production}|fcgi://localhost" |
| 64 | </FilesMatch> | 67 | </FilesMatch> |
| 65 | 68 | ||
| 66 | Include ${config.secrets.fullPaths."webapps/${app.environment}-aten"} | 69 | Include ${config.secrets.fullPaths."websites/isabelle/aten_production"} |
| 67 | 70 | ||
| 68 | Use Stats aten.pro | 71 | Use Stats aten.pro |
| 69 | 72 | ||
| @@ -73,7 +76,7 @@ in { | |||
| 73 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>" | 76 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>" |
| 74 | </Location> | 77 | </Location> |
| 75 | 78 | ||
| 76 | <Directory ${pcfg.webappDirs.aten_prod}> | 79 | <Directory ${pcfg.webappDirs.isabelle_aten_production}> |
| 77 | Options Indexes FollowSymLinks MultiViews Includes | 80 | Options Indexes FollowSymLinks MultiViews Includes |
| 78 | AllowOverride All | 81 | AllowOverride All |
| 79 | Require all granted | 82 | Require all granted |
diff --git a/modules/private/websites/isabelle/iridologie.nix b/modules/private/websites/isabelle/iridologie.nix index ffbf259..560e605 100644 --- a/modules/private/websites/isabelle/iridologie.nix +++ b/modules/private/websites/isabelle/iridologie.nix | |||
| @@ -1,50 +1,121 @@ | |||
| 1 | { lib, pkgs, config, ... }: | 1 | { lib, pkgs, config, ... }: |
| 2 | let | 2 | let |
| 3 | iridologie = pkgs.callPackage ./spip_builder.nix { | 3 | icfg = config.myEnv.websites.isabelle.iridologie; |
| 4 | inherit (pkgs.webapps) iridologie; | 4 | cfg = config.myServices.websites.isabelle.iridologie; |
| 5 | config = config.myEnv.websites.isabelle.iridologie; | 5 | app = pkgs.callPackage ./iridologie_app { |
| 6 | apacheUser = config.services.httpd.Prod.user; | 6 | inherit (icfg) environment; |
| 7 | apacheGroup = config.services.httpd.Prod.group; | 7 | inherit (pkgs.webapps) spip; |
| 8 | varDir = "/var/lib/isabelle_iridologie"; | ||
| 8 | }; | 9 | }; |
| 9 | 10 | ||
| 10 | cfg = config.myServices.websites.isabelle.iridologie; | 11 | apacheUser = config.services.httpd.Prod.user; |
| 12 | apacheGroup = config.services.httpd.Prod.group; | ||
| 13 | webappdir = config.services.websites.webappDirsPaths.isabelle_iridologie; | ||
| 14 | secretsPath = config.secrets.fullPaths."websites/isabelle/iridologie"; | ||
| 11 | in { | 15 | in { |
| 12 | options.myServices.websites.isabelle.iridologie.enable = lib.mkEnableOption "enable Iridologie's website"; | 16 | options.myServices.websites.isabelle.iridologie.enable = lib.mkEnableOption "enable Iridologie's website"; |
| 13 | 17 | ||
| 14 | config = lib.mkIf cfg.enable { | 18 | config = lib.mkIf cfg.enable { |
| 15 | services.duplyBackup.profiles.iridologie_prod.rootDir = iridologie.app.varDir; | 19 | services.duplyBackup.profiles.isabelle_iridologie.rootDir = app.varDir; |
| 16 | secrets.keys = iridologie.keys; | 20 | secrets.keys = [ |
| 21 | { | ||
| 22 | dest = "websites/isabelle/iridologie"; | ||
| 23 | user = apacheUser; | ||
| 24 | group = apacheGroup; | ||
| 25 | permissions = "0400"; | ||
| 26 | text = '' | ||
| 27 | SetEnv SPIP_CONFIG_DIR "${./config}" | ||
| 28 | SetEnv SPIP_VAR_DIR "${app.varDir}" | ||
| 29 | SetEnv SPIP_SITE "iridologie-${app.environment}" | ||
| 30 | SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu" | ||
| 31 | SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu" | ||
| 32 | SetEnv SPIP_LDAP_SEARCH_DN "${icfg.ldap.dn}" | ||
| 33 | SetEnv SPIP_LDAP_SEARCH_PW "${icfg.ldap.password}" | ||
| 34 | SetEnv SPIP_LDAP_SEARCH "${icfg.ldap.filter}" | ||
| 35 | SetEnv SPIP_MYSQL_HOST "${icfg.mysql.host}" | ||
| 36 | SetEnv SPIP_MYSQL_PORT "${icfg.mysql.port}" | ||
| 37 | SetEnv SPIP_MYSQL_DB "${icfg.mysql.database}" | ||
| 38 | SetEnv SPIP_MYSQL_USER "${icfg.mysql.user}" | ||
| 39 | SetEnv SPIP_MYSQL_PASSWORD "${icfg.mysql.password}" | ||
| 40 | ''; | ||
| 41 | } | ||
| 42 | ]; | ||
| 17 | services.webstats.sites = [ { name = "iridologie.icommandeur.org"; } ]; | 43 | services.webstats.sites = [ { name = "iridologie.icommandeur.org"; } ]; |
| 18 | 44 | ||
| 19 | systemd.services.phpfpm-iridologie.after = lib.mkAfter iridologie.phpFpm.serviceDeps; | 45 | systemd.services.phpfpm-isabelle_iridologie.after = lib.mkAfter [ "mysql.service" ]; |
| 20 | systemd.services.phpfpm-iridologie.wants = iridologie.phpFpm.serviceDeps; | 46 | systemd.services.phpfpm-isabelle_iridologie.wants = [ "mysql.service" ]; |
| 21 | services.phpfpm.pools.iridologie = { | 47 | services.phpfpm.pools.isabelle_iridologie = { |
| 22 | user = config.services.httpd.Prod.user; | 48 | user = config.services.httpd.Prod.user; |
| 23 | group = config.services.httpd.Prod.group; | 49 | group = config.services.httpd.Prod.group; |
| 24 | settings = iridologie.phpFpm.pool; | 50 | settings = { |
| 51 | "listen.owner" = "${apacheUser}"; | ||
| 52 | "listen.group" = "${apacheGroup}"; | ||
| 53 | "php_admin_value[upload_max_filesize]" = "20M"; | ||
| 54 | "php_admin_value[post_max_size]" = "20M"; | ||
| 55 | #"php_admin_flag[log_errors]" = "on"; | ||
| 56 | "php_admin_value[open_basedir]" = "${app.spipConfig}:${./config}:${app}:${app.varDir}:/tmp"; | ||
| 57 | "php_admin_value[session.save_path]" = "${app.varDir}/phpSessions"; | ||
| 58 | "pm" = "dynamic"; | ||
| 59 | "pm.max_children" = "20"; | ||
| 60 | "pm.start_servers" = "2"; | ||
| 61 | "pm.min_spare_servers" = "1"; | ||
| 62 | "pm.max_spare_servers" = "3"; | ||
| 63 | }; | ||
| 25 | phpOptions = config.services.phpfpm.phpOptions + '' | 64 | phpOptions = config.services.phpfpm.phpOptions + '' |
| 26 | extension=${pkgs.php}/lib/php/extensions/mysqli.so | 65 | extension=${pkgs.php}/lib/php/extensions/mysqli.so |
| 27 | ''; | 66 | ''; |
| 28 | }; | 67 | }; |
| 29 | system.activationScripts.iridologie = iridologie.activationScript; | 68 | system.activationScripts.isabelle_iridologie = { |
| 30 | myServices.websites.webappDirs."${iridologie.apache.webappName}" = iridologie.app.webRoot; | 69 | deps = [ "wrappers" ]; |
| 31 | services.websites.env.production.modules = iridologie.apache.modules; | 70 | text = '' |
| 32 | services.websites.env.production.vhostConfs.iridologie = { | 71 | install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local |
| 33 | certName = "aten"; | 72 | install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions |
| 73 | ''; | ||
| 74 | }; | ||
| 75 | services.websites.webappDirs.isabelle_iridologie = app.webRoot; | ||
| 76 | services.websites.env.production.modules = [ "proxy_fcgi" ]; | ||
| 77 | services.websites.env.production.vhostConfs.isabelle_iridologie = { | ||
| 78 | certName = "isabelle"; | ||
| 34 | addToCerts = true; | 79 | addToCerts = true; |
| 35 | hosts = [ "iridologie.icommandeur.org" "icommandeur.org" "www.icommandeur.org" ]; | 80 | hosts = [ "iridologie.icommandeur.org" "icommandeur.org" "www.icommandeur.org" ]; |
| 36 | root = iridologie.apache.root; | 81 | root = webappdir; |
| 37 | extraConfig = [ | 82 | extraConfig = [ |
| 38 | '' | 83 | '' |
| 39 | RewriteEngine On | 84 | RewriteEngine On |
| 40 | RewriteCond "%{HTTP_HOST}" "!^iridologie\.icommandeur\.org$" [NC] | 85 | RewriteCond "%{HTTP_HOST}" "!^iridologie\.icommandeur\.org$" [NC] |
| 41 | RewriteRule ^(.+)$ https://iridologie.icommandeur.org$1 [R=302,L] | 86 | RewriteRule ^(.+)$ https://iridologie.icommandeur.org$1 [R=302,L] |
| 87 | |||
| 88 | Include ${secretsPath} | ||
| 89 | |||
| 90 | RewriteEngine On | ||
| 91 | |||
| 92 | <FilesMatch "\.php$"> | ||
| 93 | SetHandler "proxy:unix:${config.services.phpfpm.pools.isabelle_iridologie.socket}|fcgi://localhost" | ||
| 94 | </FilesMatch> | ||
| 95 | |||
| 96 | <Directory ${webappdir}> | ||
| 97 | DirectoryIndex index.php index.htm index.html | ||
| 98 | Options -Indexes +FollowSymLinks +MultiViews +Includes | ||
| 99 | Include ${webappdir}/htaccess.txt | ||
| 100 | |||
| 101 | AllowOverride AuthConfig FileInfo Limit | ||
| 102 | Require all granted | ||
| 103 | </Directory> | ||
| 104 | |||
| 105 | <DirectoryMatch "${webappdir}/squelettes"> | ||
| 106 | Require all denied | ||
| 107 | </DirectoryMatch> | ||
| 108 | |||
| 109 | <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$"> | ||
| 110 | Require all denied | ||
| 111 | </FilesMatch> | ||
| 112 | |||
| 113 | Use Stats iridologie.icommandeur.org | ||
| 42 | '' | 114 | '' |
| 43 | (iridologie.apache.vhostConf config.services.phpfpm.pools.iridologie.socket) | ||
| 44 | ]; | 115 | ]; |
| 45 | }; | 116 | }; |
| 46 | services.websites.env.production.watchPaths = [ | 117 | services.websites.env.production.watchPaths = [ |
| 47 | "/var/secrets/webapps/${iridologie.app.environment}-iridologie" | 118 | secretsPath |
| 48 | ]; | 119 | ]; |
| 49 | }; | 120 | }; |
| 50 | } | 121 | } |
diff --git a/pkgs/private/webapps/iridologie/default.nix b/modules/private/websites/isabelle/iridologie_app/default.nix index 8e05736..604d250 100644 --- a/pkgs/private/webapps/iridologie/default.nix +++ b/modules/private/websites/isabelle/iridologie_app/default.nix | |||
| @@ -11,5 +11,5 @@ in | |||
| 11 | spip.override { | 11 | spip.override { |
| 12 | ldap = true; | 12 | ldap = true; |
| 13 | siteName = "iridologie"; | 13 | siteName = "iridologie"; |
| 14 | inherit environment siteDir; | 14 | inherit environment siteDir varDir; |
| 15 | } | 15 | } |
diff --git a/pkgs/private/webapps/iridologie/iridologie.json b/modules/private/websites/isabelle/iridologie_app/iridologie.json index 5cc7f91..5cc7f91 100644 --- a/pkgs/private/webapps/iridologie/iridologie.json +++ b/modules/private/websites/isabelle/iridologie_app/iridologie.json | |||
diff --git a/modules/private/websites/isabelle/spip_builder.nix b/modules/private/websites/isabelle/spip_builder.nix deleted file mode 100644 index e1130d1..0000000 --- a/modules/private/websites/isabelle/spip_builder.nix +++ /dev/null | |||
| @@ -1,96 +0,0 @@ | |||
| 1 | { apacheUser, apacheGroup, iridologie, config }: | ||
| 2 | rec { | ||
| 3 | app = iridologie.override { inherit (config) environment; }; | ||
| 4 | phpFpm = rec { | ||
| 5 | serviceDeps = [ "mysql.service" ]; | ||
| 6 | pool = { | ||
| 7 | "listen.owner" = "${apacheUser}"; | ||
| 8 | "listen.group" = "${apacheGroup}"; | ||
| 9 | "php_admin_value[upload_max_filesize]" = "20M"; | ||
| 10 | "php_admin_value[post_max_size]" = "20M"; | ||
| 11 | #"php_admin_flag[log_errors]" = "on"; | ||
| 12 | "php_admin_value[open_basedir]" = "${app.spipConfig}:${configDir}:${app}:${app.varDir}:/tmp"; | ||
| 13 | "php_admin_value[session.save_path]" = "${app.varDir}/phpSessions"; | ||
| 14 | } // (if app.environment == "dev" then { | ||
| 15 | "pm" = "ondemand"; | ||
| 16 | "pm.max_children" = "5"; | ||
| 17 | "pm.process_idle_timeout" = "60"; | ||
| 18 | } else { | ||
| 19 | "pm" = "dynamic"; | ||
| 20 | "pm.max_children" = "20"; | ||
| 21 | "pm.start_servers" = "2"; | ||
| 22 | "pm.min_spare_servers" = "1"; | ||
| 23 | "pm.max_spare_servers" = "3"; | ||
| 24 | }); | ||
| 25 | }; | ||
| 26 | keys = [{ | ||
| 27 | dest = "webapps/${app.environment}-iridologie"; | ||
| 28 | user = apacheUser; | ||
| 29 | group = apacheGroup; | ||
| 30 | permissions = "0400"; | ||
| 31 | text = '' | ||
| 32 | SetEnv SPIP_CONFIG_DIR "${configDir}" | ||
| 33 | SetEnv SPIP_VAR_DIR "${app.varDir}" | ||
| 34 | SetEnv SPIP_SITE "iridologie-${app.environment}" | ||
| 35 | SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu" | ||
| 36 | SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu" | ||
| 37 | SetEnv SPIP_LDAP_SEARCH_DN "${config.ldap.dn}" | ||
| 38 | SetEnv SPIP_LDAP_SEARCH_PW "${config.ldap.password}" | ||
| 39 | SetEnv SPIP_LDAP_SEARCH "${config.ldap.filter}" | ||
| 40 | SetEnv SPIP_MYSQL_HOST "${config.mysql.host}" | ||
| 41 | SetEnv SPIP_MYSQL_PORT "${config.mysql.port}" | ||
| 42 | SetEnv SPIP_MYSQL_DB "${config.mysql.database}" | ||
| 43 | SetEnv SPIP_MYSQL_USER "${config.mysql.user}" | ||
| 44 | SetEnv SPIP_MYSQL_PASSWORD "${config.mysql.password}" | ||
| 45 | ''; | ||
| 46 | }]; | ||
| 47 | apache = rec { | ||
| 48 | modules = [ "proxy_fcgi" ]; | ||
| 49 | webappName = "iridologie_${app.environment}"; | ||
| 50 | root = "/run/current-system/webapps/${webappName}"; | ||
| 51 | vhostConf = socket: '' | ||
| 52 | Include /var/secrets/webapps/${app.environment}-iridologie | ||
| 53 | |||
| 54 | RewriteEngine On | ||
| 55 | |||
| 56 | <FilesMatch "\.php$"> | ||
| 57 | SetHandler "proxy:unix:${socket}|fcgi://localhost" | ||
| 58 | </FilesMatch> | ||
| 59 | |||
| 60 | <Directory ${root}> | ||
| 61 | DirectoryIndex index.php index.htm index.html | ||
| 62 | Options -Indexes +FollowSymLinks +MultiViews +Includes | ||
| 63 | Include ${root}/htaccess.txt | ||
| 64 | |||
| 65 | AllowOverride AuthConfig FileInfo Limit | ||
| 66 | Require all granted | ||
| 67 | </Directory> | ||
| 68 | |||
| 69 | <DirectoryMatch "${root}/squelettes"> | ||
| 70 | Require all denied | ||
| 71 | </DirectoryMatch> | ||
| 72 | |||
| 73 | <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$"> | ||
| 74 | Require all denied | ||
| 75 | </FilesMatch> | ||
| 76 | |||
| 77 | ${if app.environment == "dev" then '' | ||
| 78 | <Location /> | ||
| 79 | Use LDAPConnect | ||
| 80 | Require ldap-group cn=isabelle.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu | ||
| 81 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://iridologie.icommandeur.org\"></html>" | ||
| 82 | </Location> | ||
| 83 | '' else '' | ||
| 84 | Use Stats iridologie.icommandeur.org | ||
| 85 | ''} | ||
| 86 | ''; | ||
| 87 | }; | ||
| 88 | activationScript = { | ||
| 89 | deps = [ "wrappers" ]; | ||
| 90 | text = '' | ||
| 91 | install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local | ||
| 92 | install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions | ||
| 93 | ''; | ||
| 94 | }; | ||
| 95 | configDir = ./config; | ||
| 96 | } | ||
diff --git a/modules/private/websites/naturaloutil/production.nix b/modules/private/websites/jerome/naturaloutil.nix index 1e79141..8bbb49e 100644 --- a/modules/private/websites/naturaloutil/production.nix +++ b/modules/private/websites/jerome/naturaloutil.nix | |||
| @@ -1,11 +1,14 @@ | |||
| 1 | { lib, pkgs, config, ... }: | 1 | { lib, pkgs, config, ... }: |
| 2 | let | 2 | let |
| 3 | adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; }; | 3 | adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; }; |
| 4 | cfg = config.myServices.websites.naturaloutil.production; | 4 | cfg = config.myServices.websites.jerome.naturaloutil; |
| 5 | varDir = "/var/lib/ftp/jerome"; | 5 | varDir = "/var/lib/ftp/jerome"; |
| 6 | env = config.myEnv.websites.jerome; | 6 | env = config.myEnv.websites.jerome; |
| 7 | apacheUser = config.services.httpd.Prod.user; | ||
| 8 | apacheGroup = config.services.httpd.Prod.group; | ||
| 9 | secretsPath = config.secrets.fullPaths."websites/jerome/naturaloutil"; | ||
| 7 | in { | 10 | in { |
| 8 | options.myServices.websites.naturaloutil.production.enable = lib.mkEnableOption "enable Naturaloutil's website"; | 11 | options.myServices.websites.jerome.naturaloutil.enable = lib.mkEnableOption "enable Jerome Naturaloutil's website"; |
| 9 | 12 | ||
| 10 | config = lib.mkIf cfg.enable { | 13 | config = lib.mkIf cfg.enable { |
| 11 | services.webstats.sites = [ { name = "naturaloutil.immae.eu"; } ]; | 14 | services.webstats.sites = [ { name = "naturaloutil.immae.eu"; } ]; |
| @@ -13,9 +16,9 @@ in { | |||
| 13 | security.acme.certs."ftp".extraDomains."naturaloutil.immae.eu" = null; | 16 | security.acme.certs."ftp".extraDomains."naturaloutil.immae.eu" = null; |
| 14 | 17 | ||
| 15 | secrets.keys = [{ | 18 | secrets.keys = [{ |
| 16 | dest = "webapps/prod-naturaloutil"; | 19 | dest = "websites/jerome/naturaloutil"; |
| 17 | user = "wwwrun"; | 20 | user = apacheUser; |
| 18 | group = "wwwrun"; | 21 | group = apacheGroup; |
| 19 | permissions = "0400"; | 22 | permissions = "0400"; |
| 20 | text = '' | 23 | text = '' |
| 21 | <?php | 24 | <?php |
| @@ -33,38 +36,38 @@ in { | |||
| 33 | ?> | 36 | ?> |
| 34 | ''; | 37 | ''; |
| 35 | }]; | 38 | }]; |
| 36 | system.activationScripts.naturaloutil = { | 39 | system.activationScripts.jerome_naturaloutil = { |
| 37 | deps = [ "httpd" ]; | 40 | deps = [ "httpd" ]; |
| 38 | text = '' | 41 | text = '' |
| 39 | install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/naturaloutil | 42 | install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/jerome_naturaloutil |
| 40 | ''; | 43 | ''; |
| 41 | }; | 44 | }; |
| 42 | systemd.services.phpfpm-jerome.after = lib.mkAfter [ "mysql.service" ]; | 45 | systemd.services.phpfpm-jerome_naturaloutil.after = lib.mkAfter [ "mysql.service" ]; |
| 43 | systemd.services.phpfpm-jerome.wants = [ "mysql.service" ]; | 46 | systemd.services.phpfpm-jerome_naturaloutil.wants = [ "mysql.service" ]; |
| 44 | services.phpfpm.pools.jerome = { | 47 | services.phpfpm.pools.jerome_naturaloutil = { |
| 45 | user = "wwwrun"; | 48 | user = apacheUser; |
| 46 | group = "wwwrun"; | 49 | group = apacheGroup; |
| 47 | settings = { | 50 | settings = { |
| 48 | "listen.owner" = "wwwrun"; | 51 | "listen.owner" = apacheUser; |
| 49 | "listen.group" = "wwwrun"; | 52 | "listen.group" = apacheGroup; |
| 50 | 53 | ||
| 51 | "pm" = "ondemand"; | 54 | "pm" = "ondemand"; |
| 52 | "pm.max_children" = "5"; | 55 | "pm.max_children" = "5"; |
| 53 | "pm.process_idle_timeout" = "60"; | 56 | "pm.process_idle_timeout" = "60"; |
| 54 | 57 | ||
| 55 | "php_admin_value[open_basedir]" = "/var/lib/php/sessions/naturaloutil:/var/secrets/webapps/prod-naturaloutil:${varDir}:/tmp"; | 58 | "php_admin_value[open_basedir]" = "/var/lib/php/sessions/jerome_naturaloutil:${secretsPath}:${varDir}:/tmp"; |
| 56 | "php_admin_value[session.save_path]" = "/var/lib/php/sessions/naturaloutil"; | 59 | "php_admin_value[session.save_path]" = "/var/lib/php/sessions/jerome_naturaloutil"; |
| 57 | }; | 60 | }; |
| 58 | phpEnv = { | 61 | phpEnv = { |
| 59 | BDD_CONNECT = "/var/secrets/webapps/prod-naturaloutil"; | 62 | BDD_CONNECT = secretsPath; |
| 60 | }; | 63 | }; |
| 61 | phpOptions = config.services.phpfpm.phpOptions + '' | 64 | phpOptions = config.services.phpfpm.phpOptions + '' |
| 62 | extension=${pkgs.php}/lib/php/extensions/mysqli.so | 65 | extension=${pkgs.php}/lib/php/extensions/mysqli.so |
| 63 | ''; | 66 | ''; |
| 64 | }; | 67 | }; |
| 65 | services.websites.env.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ]; | 68 | services.websites.env.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ]; |
| 66 | services.websites.env.production.vhostConfs.naturaloutil = { | 69 | services.websites.env.production.vhostConfs.jerome_naturaloutil = { |
| 67 | certName = "naturaloutil"; | 70 | certName = "jerome"; |
| 68 | certMainHost = "naturaloutil.immae.eu"; | 71 | certMainHost = "naturaloutil.immae.eu"; |
| 69 | hosts = ["naturaloutil.immae.eu" ]; | 72 | hosts = ["naturaloutil.immae.eu" ]; |
| 70 | root = varDir; | 73 | root = varDir; |
| @@ -77,7 +80,7 @@ in { | |||
| 77 | CustomLog "${varDir}/logs/access_log" combined | 80 | CustomLog "${varDir}/logs/access_log" combined |
| 78 | 81 | ||
| 79 | <FilesMatch "\.php$"> | 82 | <FilesMatch "\.php$"> |
| 80 | SetHandler "proxy:unix:${config.services.phpfpm.pools.jerome.socket}|fcgi://localhost" | 83 | SetHandler "proxy:unix:${config.services.phpfpm.pools.jerome_naturaloutil.socket}|fcgi://localhost" |
| 81 | </FilesMatch> | 84 | </FilesMatch> |
| 82 | 85 | ||
| 83 | <Directory ${varDir}/logs> | 86 | <Directory ${varDir}/logs> |
diff --git a/modules/private/websites/leila/production.nix b/modules/private/websites/leila/production.nix index 3b289cf..b48da6f 100644 --- a/modules/private/websites/leila/production.nix +++ b/modules/private/websites/leila/production.nix | |||
| @@ -2,16 +2,18 @@ | |||
| 2 | let | 2 | let |
| 3 | cfg = config.myServices.websites.leila.production; | 3 | cfg = config.myServices.websites.leila.production; |
| 4 | varDir = "/var/lib/ftp/leila"; | 4 | varDir = "/var/lib/ftp/leila"; |
| 5 | apacheUser = config.services.httpd.Prod.user; | ||
| 6 | apacheGroup = config.services.httpd.Prod.group; | ||
| 5 | in { | 7 | in { |
| 6 | options.myServices.websites.leila.production.enable = lib.mkEnableOption "enable Leila's websites in production"; | 8 | options.myServices.websites.leila.production.enable = lib.mkEnableOption "enable Leila's websites in production"; |
| 7 | 9 | ||
| 8 | config = lib.mkIf cfg.enable { | 10 | config = lib.mkIf cfg.enable { |
| 9 | services.phpfpm.pools.leila = { | 11 | services.phpfpm.pools.leila = { |
| 10 | user = "wwwrun"; | 12 | user = apacheUser; |
| 11 | group = "wwwrun"; | 13 | group = apacheGroup; |
| 12 | settings = { | 14 | settings = { |
| 13 | "listen.owner" = "wwwrun"; | 15 | "listen.owner" = apacheUser; |
| 14 | "listen.group" = "wwwrun"; | 16 | "listen.group" = apacheGroup; |
| 15 | 17 | ||
| 16 | "pm" = "ondemand"; | 18 | "pm" = "ondemand"; |
| 17 | "pm.max_children" = "5"; | 19 | "pm.max_children" = "5"; |
diff --git a/pkgs/private/webapps/ludivinecassal/default.nix b/modules/private/websites/ludivine/app/default.nix index 3401435..05be0b1 100644 --- a/pkgs/private/webapps/ludivinecassal/default.nix +++ b/modules/private/websites/ludivine/app/default.nix | |||
| @@ -1,5 +1,6 @@ | |||
| 1 | { environment ? "prod" | 1 | { environment ? "prod" |
| 2 | , varDir ? "/var/lib/ludivinecassal_${environment}" | 2 | , varDir ? "/var/lib/ludivinecassal_${environment}" |
| 3 | , secretsPath ? "/var/secrets/webapps/${environment}-ludivinecassal" | ||
| 3 | , composerEnv, fetchurl, fetchgit, imagemagick, sass, ruby, mylibs }: | 4 | , composerEnv, fetchurl, fetchgit, imagemagick, sass, ruby, mylibs }: |
| 4 | let | 5 | let |
| 5 | app = composerEnv.buildPackage ( | 6 | app = composerEnv.buildPackage ( |
| @@ -24,7 +25,7 @@ let | |||
| 24 | postInstall = '' | 25 | postInstall = '' |
| 25 | rm -rf var/{logs,cache,data,miniatures,tmp} | 26 | rm -rf var/{logs,cache,data,miniatures,tmp} |
| 26 | ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/ | 27 | ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/ |
| 27 | ln -sf /var/secrets/webapps/${environment}-ludivinecassal app/config/parameters.yml | 28 | ln -sf ${secretsPath} app/config/parameters.yml |
| 28 | ''; | 29 | ''; |
| 29 | buildInputs = [ sass ]; | 30 | buildInputs = [ sass ]; |
| 30 | passthru = { | 31 | passthru = { |
diff --git a/pkgs/private/webapps/ludivinecassal/ludivinecassal.json b/modules/private/websites/ludivine/app/ludivinecassal.json index f0d23c3..f0d23c3 100644 --- a/pkgs/private/webapps/ludivinecassal/ludivinecassal.json +++ b/modules/private/websites/ludivine/app/ludivinecassal.json | |||
diff --git a/pkgs/private/webapps/ludivinecassal/php-packages.nix b/modules/private/websites/ludivine/app/php-packages.nix index 3495c32..3495c32 100644 --- a/pkgs/private/webapps/ludivinecassal/php-packages.nix +++ b/modules/private/websites/ludivine/app/php-packages.nix | |||
diff --git a/modules/private/websites/ludivinecassal/integration.nix b/modules/private/websites/ludivine/integration.nix index d304fdf..4e37c0c 100644 --- a/modules/private/websites/ludivinecassal/integration.nix +++ b/modules/private/websites/ludivine/integration.nix | |||
| @@ -1,15 +1,19 @@ | |||
| 1 | { lib, pkgs, config, ... }: | 1 | { lib, pkgs, config, ... }: |
| 2 | let | 2 | let |
| 3 | secrets = config.myEnv.websites.ludivinecassal.integration; | 3 | secrets = config.myEnv.websites.ludivine.integration; |
| 4 | app = pkgs.webapps.ludivinecassal.override { environment = secrets.environment; }; | 4 | app = pkgs.callPackage ./app { |
| 5 | cfg = config.myServices.websites.ludivinecassal.integration; | 5 | environment = secrets.environment; |
| 6 | varDir = "/var/lib/ludivine_integration"; | ||
| 7 | secretsPath = config.secrets.fullPaths."websites/ludivine/integration"; | ||
| 8 | }; | ||
| 9 | cfg = config.myServices.websites.ludivine.integration; | ||
| 6 | pcfg = config.services.phpApplication; | 10 | pcfg = config.services.phpApplication; |
| 7 | in { | 11 | in { |
| 8 | options.myServices.websites.ludivinecassal.integration.enable = lib.mkEnableOption "enable Ludivine's website in integration"; | 12 | options.myServices.websites.ludivine.integration.enable = lib.mkEnableOption "enable Ludivine's website in integration"; |
| 9 | 13 | ||
| 10 | config = lib.mkIf cfg.enable { | 14 | config = lib.mkIf cfg.enable { |
| 11 | services.duplyBackup.profiles.ludivinecassal_dev.rootDir = app.varDir; | 15 | services.duplyBackup.profiles.ludivine_integration.rootDir = app.varDir; |
| 12 | services.phpApplication.apps.ludivinecassal_dev = { | 16 | services.phpApplication.apps.ludivine_integration = { |
| 13 | websiteEnv = "integration"; | 17 | websiteEnv = "integration"; |
| 14 | httpdUser = config.services.httpd.Inte.user; | 18 | httpdUser = config.services.httpd.Inte.user; |
| 15 | httpdGroup = config.services.httpd.Inte.group; | 19 | httpdGroup = config.services.httpd.Inte.group; |
| @@ -32,16 +36,21 @@ in { | |||
| 32 | "pm.process_idle_timeout" = "60"; | 36 | "pm.process_idle_timeout" = "60"; |
| 33 | }; | 37 | }; |
| 34 | phpEnv = { | 38 | phpEnv = { |
| 35 | SYMFONY_DEBUG_MODE = "yes"; | 39 | PATH = lib.makeBinPath [ |
| 40 | # below ones don't need to be in the PATH but they’re used in | ||
| 41 | # secrets | ||
| 42 | pkgs.imagemagick pkgs.sass pkgs.ruby | ||
| 43 | ]; | ||
| 44 | SYMFONY_DEBUG_MODE = "\"yes\""; | ||
| 36 | }; | 45 | }; |
| 37 | phpWatchFiles = [ | 46 | phpWatchFiles = [ |
| 38 | config.secrets.fullPaths."webapps/${app.environment}-ludivinecassal" | 47 | config.secrets.fullPaths."websites/ludivine/integration" |
| 39 | ]; | 48 | ]; |
| 40 | }; | 49 | }; |
| 41 | 50 | ||
| 42 | secrets.keys = [ | 51 | secrets.keys = [ |
| 43 | { | 52 | { |
| 44 | dest = "webapps/${app.environment}-ludivinecassal"; | 53 | dest = "websites/ludivine/integration"; |
| 45 | user = config.services.httpd.Inte.user; | 54 | user = config.services.httpd.Inte.user; |
| 46 | group = config.services.httpd.Inte.group; | 55 | group = config.services.httpd.Inte.group; |
| 47 | permissions = "0400"; | 56 | permissions = "0400"; |
| @@ -78,15 +87,15 @@ in { | |||
| 78 | } | 87 | } |
| 79 | ]; | 88 | ]; |
| 80 | 89 | ||
| 81 | services.websites.env.integration.vhostConfs.ludivinecassal_dev = { | 90 | services.websites.env.integration.vhostConfs.ludivine_integration = { |
| 82 | certName = "integration"; | 91 | certName = "integration"; |
| 83 | addToCerts = true; | 92 | addToCerts = true; |
| 84 | hosts = [ "ludivine.immae.eu" ]; | 93 | hosts = [ "ludivine.immae.eu" ]; |
| 85 | root = pcfg.webappDirs.ludivinecassal_dev; | 94 | root = pcfg.webappDirs.ludivine_integration; |
| 86 | extraConfig = [ | 95 | extraConfig = [ |
| 87 | '' | 96 | '' |
| 88 | <FilesMatch "\.php$"> | 97 | <FilesMatch "\.php$"> |
| 89 | SetHandler "proxy:unix:${pcfg.phpListenPaths.ludivinecassal_dev}|fcgi://localhost" | 98 | SetHandler "proxy:unix:${pcfg.phpListenPaths.ludivine_integration}|fcgi://localhost" |
| 90 | </FilesMatch> | 99 | </FilesMatch> |
| 91 | 100 | ||
| 92 | <Location /> | 101 | <Location /> |
| @@ -95,7 +104,7 @@ in { | |||
| 95 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://ludivinecassal.com\"></html>" | 104 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://ludivinecassal.com\"></html>" |
| 96 | </Location> | 105 | </Location> |
| 97 | 106 | ||
| 98 | <Directory ${pcfg.webappDirs.ludivinecassal_dev}> | 107 | <Directory ${pcfg.webappDirs.ludivine_integration}> |
| 99 | Options Indexes FollowSymLinks MultiViews Includes | 108 | Options Indexes FollowSymLinks MultiViews Includes |
| 100 | AllowOverride None | 109 | AllowOverride None |
| 101 | Require all granted | 110 | Require all granted |
diff --git a/modules/private/websites/ludivinecassal/production.nix b/modules/private/websites/ludivine/production.nix index 5761be7..47450c5 100644 --- a/modules/private/websites/ludivinecassal/production.nix +++ b/modules/private/websites/ludivine/production.nix | |||
| @@ -1,16 +1,20 @@ | |||
| 1 | { lib, pkgs, config, ... }: | 1 | { lib, pkgs, config, ... }: |
| 2 | let | 2 | let |
| 3 | secrets = config.myEnv.websites.ludivinecassal.production; | 3 | secrets = config.myEnv.websites.ludivine.production; |
| 4 | app = pkgs.webapps.ludivinecassal.override { environment = secrets.environment; }; | 4 | app = pkgs.callPackage ./app { |
| 5 | environment = secrets.environment; | ||
| 6 | varDir = "/var/lib/ludivine_production"; | ||
| 7 | secretsPath = config.secrets.fullPaths."websites/ludivine/production"; | ||
| 8 | }; | ||
| 5 | pcfg = config.services.phpApplication; | 9 | pcfg = config.services.phpApplication; |
| 6 | cfg = config.myServices.websites.ludivinecassal.production; | 10 | cfg = config.myServices.websites.ludivine.production; |
| 7 | in { | 11 | in { |
| 8 | options.myServices.websites.ludivinecassal.production.enable = lib.mkEnableOption "enable Ludivine's website in production"; | 12 | options.myServices.websites.ludivine.production.enable = lib.mkEnableOption "enable Ludivine's website in production"; |
| 9 | 13 | ||
| 10 | config = lib.mkIf cfg.enable { | 14 | config = lib.mkIf cfg.enable { |
| 11 | services.duplyBackup.profiles.ludivinecassal_prod.rootDir = app.varDir; | 15 | services.duplyBackup.profiles.ludivine_production.rootDir = app.varDir; |
| 12 | services.webstats.sites = [ { name = "ludivinecassal.com"; } ]; | 16 | services.webstats.sites = [ { name = "ludivinecassal.com"; } ]; |
| 13 | services.phpApplication.apps.ludivinecassal_prod = { | 17 | services.phpApplication.apps.ludivine_production = { |
| 14 | websiteEnv = "production"; | 18 | websiteEnv = "production"; |
| 15 | httpdUser = config.services.httpd.Prod.user; | 19 | httpdUser = config.services.httpd.Prod.user; |
| 16 | httpdGroup = config.services.httpd.Prod.group; | 20 | httpdGroup = config.services.httpd.Prod.group; |
| @@ -35,13 +39,20 @@ in { | |||
| 35 | "pm.max_spare_servers" = "3"; | 39 | "pm.max_spare_servers" = "3"; |
| 36 | }; | 40 | }; |
| 37 | phpWatchFiles = [ | 41 | phpWatchFiles = [ |
| 38 | config.secrets.fullPaths."webapps/${app.environment}-ludivinecassal" | 42 | config.secrets.fullPaths."websites/ludivine/production" |
| 39 | ]; | 43 | ]; |
| 44 | phpEnv = { | ||
| 45 | PATH = lib.makeBinPath [ | ||
| 46 | # below ones don't need to be in the PATH but they’re used in | ||
| 47 | # secrets | ||
| 48 | pkgs.imagemagick pkgs.sass pkgs.ruby | ||
| 49 | ]; | ||
| 50 | }; | ||
| 40 | }; | 51 | }; |
| 41 | 52 | ||
| 42 | secrets.keys = [ | 53 | secrets.keys = [ |
| 43 | { | 54 | { |
| 44 | dest = "webapps/${app.environment}-ludivinecassal"; | 55 | dest = "websites/ludivine/production"; |
| 45 | user = config.services.httpd.Prod.user; | 56 | user = config.services.httpd.Prod.user; |
| 46 | group = config.services.httpd.Prod.group; | 57 | group = config.services.httpd.Prod.group; |
| 47 | permissions = "0400"; | 58 | permissions = "0400"; |
| @@ -78,11 +89,11 @@ in { | |||
| 78 | } | 89 | } |
| 79 | ]; | 90 | ]; |
| 80 | 91 | ||
| 81 | services.websites.env.production.vhostConfs.ludivinecassal_prod = { | 92 | services.websites.env.production.vhostConfs.ludivine_production = { |
| 82 | certName = "ludivinecassal"; | 93 | certName = "ludivine"; |
| 83 | certMainHost = "ludivinecassal.com"; | 94 | certMainHost = "ludivinecassal.com"; |
| 84 | hosts = ["ludivinecassal.com" "www.ludivinecassal.com" ]; | 95 | hosts = ["ludivinecassal.com" "www.ludivinecassal.com" ]; |
| 85 | root = pcfg.webappDirs.ludivinecassal_prod; | 96 | root = pcfg.webappDirs.ludivine_production; |
| 86 | extraConfig = [ | 97 | extraConfig = [ |
| 87 | '' | 98 | '' |
| 88 | RewriteEngine on | 99 | RewriteEngine on |
| @@ -90,12 +101,12 @@ in { | |||
| 90 | RewriteRule ^(.+)$ https://ludivinecassal.com$1 [R=302,L] | 101 | RewriteRule ^(.+)$ https://ludivinecassal.com$1 [R=302,L] |
| 91 | 102 | ||
| 92 | <FilesMatch "\.php$"> | 103 | <FilesMatch "\.php$"> |
| 93 | SetHandler "proxy:unix:${pcfg.phpListenPaths.ludivinecassal_prod}|fcgi://localhost" | 104 | SetHandler "proxy:unix:${pcfg.phpListenPaths.ludivine_production}|fcgi://localhost" |
| 94 | </FilesMatch> | 105 | </FilesMatch> |
| 95 | 106 | ||
| 96 | Use Stats ludivinecassal.com | 107 | Use Stats ludivinecassal.com |
| 97 | 108 | ||
| 98 | <Directory ${pcfg.webappDirs.ludivinecassal_prod}> | 109 | <Directory ${pcfg.webappDirs.ludivine_production}> |
| 99 | Options Indexes FollowSymLinks MultiViews Includes | 110 | Options Indexes FollowSymLinks MultiViews Includes |
| 100 | AllowOverride All | 111 | AllowOverride All |
| 101 | Require all granted | 112 | Require all granted |
diff --git a/modules/private/websites/nassime/production.nix b/modules/private/websites/nassime/production.nix index f9468f9..1179351 100644 --- a/modules/private/websites/nassime/production.nix +++ b/modules/private/websites/nassime/production.nix | |||
| @@ -3,26 +3,27 @@ let | |||
| 3 | cfg = config.myServices.websites.nassime.production; | 3 | cfg = config.myServices.websites.nassime.production; |
| 4 | varDir = "/var/lib/ftp/nassime"; | 4 | varDir = "/var/lib/ftp/nassime"; |
| 5 | env = config.myEnv.websites.nassime; | 5 | env = config.myEnv.websites.nassime; |
| 6 | domain = "nassime.bouya.org"; | ||
| 6 | in { | 7 | in { |
| 7 | options.myServices.websites.nassime.production.enable = lib.mkEnableOption "enable Nassime's website"; | 8 | options.myServices.websites.nassime.production.enable = lib.mkEnableOption "enable Nassime's website"; |
| 8 | 9 | ||
| 9 | config = lib.mkIf cfg.enable { | 10 | config = lib.mkIf cfg.enable { |
| 10 | services.webstats.sites = [ { name = "nassime.bouya.org"; } ]; | 11 | services.webstats.sites = [ { name = domain; } ]; |
| 11 | 12 | ||
| 12 | security.acme.certs."ftp".extraDomains."nassime.bouya.org" = null; | 13 | security.acme.certs."ftp".extraDomains."${domain}" = null; |
| 13 | 14 | ||
| 14 | services.websites.env.production.vhostConfs.nassime = { | 15 | services.websites.env.production.vhostConfs.nassime = { |
| 15 | certName = "nassime"; | 16 | certName = "nassime"; |
| 16 | certMainHost = "nassime.bouya.org"; | 17 | certMainHost = domain; |
| 17 | hosts = ["nassime.bouya.org" ]; | 18 | hosts = [ domain ]; |
| 18 | root = varDir; | 19 | root = varDir; |
| 19 | extraConfig = [ | 20 | extraConfig = [ |
| 20 | '' | 21 | '' |
| 21 | Use Stats nassime.bouya.org | 22 | Use Stats ${domain} |
| 22 | ServerAdmin ${env.server_admin} | 23 | ServerAdmin ${env.server_admin} |
| 23 | 24 | ||
| 24 | <Directory ${varDir}> | 25 | <Directory ${varDir}> |
| 25 | DirectoryIndex index.php index.htm index.html | 26 | DirectoryIndex index.htm index.html |
| 26 | Options Indexes FollowSymLinks MultiViews Includes | 27 | Options Indexes FollowSymLinks MultiViews Includes |
| 27 | AllowOverride None | 28 | AllowOverride None |
| 28 | Require all granted | 29 | Require all granted |
diff --git a/modules/private/websites/papa/maison_bbc.nix b/modules/private/websites/papa/maison_bbc.nix index 9576a9e..d94a027 100644 --- a/modules/private/websites/papa/maison_bbc.nix +++ b/modules/private/websites/papa/maison_bbc.nix | |||
| @@ -2,6 +2,8 @@ | |||
| 2 | let | 2 | let |
| 3 | cfg = config.myServices.websites.papa.maison_bbc; | 3 | cfg = config.myServices.websites.papa.maison_bbc; |
| 4 | varDir = "/var/lib/ftp/papa/site"; | 4 | varDir = "/var/lib/ftp/papa/site"; |
| 5 | apacheUser = config.services.httpd.Prod.user; | ||
| 6 | apacheGroup = config.services.httpd.Prod.group; | ||
| 5 | in { | 7 | in { |
| 6 | options.myServices.websites.papa.maison_bbc.enable = lib.mkEnableOption "enable Papa Maison bbc website"; | 8 | options.myServices.websites.papa.maison_bbc.enable = lib.mkEnableOption "enable Papa Maison bbc website"; |
| 7 | 9 | ||
| @@ -9,11 +11,11 @@ in { | |||
| 9 | services.duplyBackup.profiles.papa_maison_bbc.rootDir = varDir; | 11 | services.duplyBackup.profiles.papa_maison_bbc.rootDir = varDir; |
| 10 | services.webstats.sites = [ { name = "maison.bbc.bouya.org"; } ]; | 12 | services.webstats.sites = [ { name = "maison.bbc.bouya.org"; } ]; |
| 11 | services.phpfpm.pools.papa_maison_bbc = { | 13 | services.phpfpm.pools.papa_maison_bbc = { |
| 12 | user = "wwwrun"; | 14 | user = apacheUser; |
| 13 | group = "wwwrun"; | 15 | group = apacheGroup; |
| 14 | settings = { | 16 | settings = { |
| 15 | "listen.owner" = "wwwrun"; | 17 | "listen.owner" = apacheUser; |
| 16 | "listen.group" = "wwwrun"; | 18 | "listen.group" = apacheGroup; |
| 17 | 19 | ||
| 18 | "pm" = "ondemand"; | 20 | "pm" = "ondemand"; |
| 19 | "pm.max_children" = "5"; | 21 | "pm.max_children" = "5"; |
diff --git a/modules/private/websites/papa/surveillance.nix b/modules/private/websites/papa/surveillance.nix index 1bb6ac8..a8e5149 100644 --- a/modules/private/websites/papa/surveillance.nix +++ b/modules/private/websites/papa/surveillance.nix | |||
| @@ -2,6 +2,7 @@ | |||
| 2 | let | 2 | let |
| 3 | cfg = config.myServices.websites.papa.surveillance; | 3 | cfg = config.myServices.websites.papa.surveillance; |
| 4 | varDir = "/var/lib/ftp/papa"; | 4 | varDir = "/var/lib/ftp/papa"; |
| 5 | apacheUser = config.services.httpd.Prod.user; | ||
| 5 | in { | 6 | in { |
| 6 | options.myServices.websites.papa.surveillance.enable = lib.mkEnableOption "enable Papa surveillance's website"; | 7 | options.myServices.websites.papa.surveillance.enable = lib.mkEnableOption "enable Papa surveillance's website"; |
| 7 | 8 | ||
| @@ -22,12 +23,12 @@ in { | |||
| 22 | in | 23 | in |
| 23 | [ | 24 | [ |
| 24 | '' | 25 | '' |
| 25 | 0 6 * * * wwwrun ${script} | 26 | 0 6 * * * ${apacheUser} ${script} |
| 26 | '' | 27 | '' |
| 27 | ]; | 28 | ]; |
| 28 | }; | 29 | }; |
| 29 | 30 | ||
| 30 | services.websites.env.production.vhostConfs.papa = { | 31 | services.websites.env.production.vhostConfs.papa_surveillance = { |
| 31 | certName = "papa"; | 32 | certName = "papa"; |
| 32 | certMainHost = "surveillance.maison.bbc.bouya.org"; | 33 | certMainHost = "surveillance.maison.bbc.bouya.org"; |
| 33 | hosts = [ "surveillance.maison.bbc.bouya.org" ]; | 34 | hosts = [ "surveillance.maison.bbc.bouya.org" ]; |
diff --git a/pkgs/private/webapps/piedsjaloux/default.nix b/modules/private/websites/piedsjaloux/app/default.nix index f5370db..726d93c 100644 --- a/pkgs/private/webapps/piedsjaloux/default.nix +++ b/modules/private/websites/piedsjaloux/app/default.nix | |||
| @@ -1,5 +1,6 @@ | |||
| 1 | { environment ? "prod" | 1 | { environment ? "prod" |
| 2 | , varDir ? "/var/lib/piedsjaloux_${environment}" | 2 | , varDir ? "/var/lib/piedsjaloux_${environment}" |
| 3 | , secretsPath ? "/var/secrets/webapps/${environment}-piedsjaloux" | ||
| 3 | , composerEnv, fetchurl, fetchgit, mylibs }: | 4 | , composerEnv, fetchurl, fetchgit, mylibs }: |
| 4 | let | 5 | let |
| 5 | app = composerEnv.buildPackage ( | 6 | app = composerEnv.buildPackage ( |
| @@ -15,12 +16,12 @@ let | |||
| 15 | postInstall = '' | 16 | postInstall = '' |
| 16 | cd $out | 17 | cd $out |
| 17 | rm app/config/parameters.yml | 18 | rm app/config/parameters.yml |
| 18 | ln -sf /var/secrets/webapps/${environment}-piedsjaloux app/config/parameters.yml | 19 | ln -sf ${secretsPath} app/config/parameters.yml |
| 19 | rm -rf var/{logs,cache,data,miniatures,tmp} | 20 | rm -rf var/{logs,cache,data,miniatures,tmp} |
| 20 | ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/ | 21 | ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/ |
| 21 | ''; | 22 | ''; |
| 22 | passthru = { | 23 | passthru = { |
| 23 | inherit varDir environment; | 24 | inherit varDir environment secretsPath; |
| 24 | webRoot = "${app}/web"; | 25 | webRoot = "${app}/web"; |
| 25 | }; | 26 | }; |
| 26 | }); | 27 | }); |
diff --git a/pkgs/private/webapps/piedsjaloux/php-packages.nix b/modules/private/websites/piedsjaloux/app/php-packages.nix index a47a816..a47a816 100644 --- a/pkgs/private/webapps/piedsjaloux/php-packages.nix +++ b/modules/private/websites/piedsjaloux/app/php-packages.nix | |||
diff --git a/pkgs/private/webapps/piedsjaloux/piedsjaloux.json b/modules/private/websites/piedsjaloux/app/piedsjaloux.json index dc2c083..dc2c083 100644 --- a/pkgs/private/webapps/piedsjaloux/piedsjaloux.json +++ b/modules/private/websites/piedsjaloux/app/piedsjaloux.json | |||
diff --git a/modules/private/websites/piedsjaloux/integration.nix b/modules/private/websites/piedsjaloux/integration.nix index 76523ed..d8790cc 100644 --- a/modules/private/websites/piedsjaloux/integration.nix +++ b/modules/private/websites/piedsjaloux/integration.nix | |||
| @@ -1,15 +1,20 @@ | |||
| 1 | { lib, pkgs, config, ... }: | 1 | { lib, pkgs, config, ... }: |
| 2 | let | 2 | let |
| 3 | secrets = config.myEnv.websites.piedsjaloux.integration; | 3 | secrets = config.myEnv.websites.piedsjaloux.integration; |
| 4 | app = pkgs.webapps.piedsjaloux.override { environment = secrets.environment; }; | 4 | app = pkgs.callPackage ./app { |
| 5 | environment = secrets.environment; | ||
| 6 | varDir = "/var/lib/piedsjaloux_integration"; | ||
| 7 | secretsPath = config.secrets.fullPaths."websites/piedsjaloux/integration"; | ||
| 8 | }; | ||
| 5 | cfg = config.myServices.websites.piedsjaloux.integration; | 9 | cfg = config.myServices.websites.piedsjaloux.integration; |
| 6 | pcfg = config.services.phpApplication; | 10 | pcfg = config.services.phpApplication; |
| 11 | texlive = pkgs.texlive.combine { inherit (pkgs.texlive) attachfile preprint scheme-small; }; | ||
| 7 | in { | 12 | in { |
| 8 | options.myServices.websites.piedsjaloux.integration.enable = lib.mkEnableOption "enable PiedsJaloux's website in integration"; | 13 | options.myServices.websites.piedsjaloux.integration.enable = lib.mkEnableOption "enable PiedsJaloux's website in integration"; |
| 9 | 14 | ||
| 10 | config = lib.mkIf cfg.enable { | 15 | config = lib.mkIf cfg.enable { |
| 11 | services.duplyBackup.profiles.piedsjaloux_dev.rootDir = app.varDir; | 16 | services.duplyBackup.profiles.piedsjaloux_integration.rootDir = app.varDir; |
| 12 | services.phpApplication.apps.piedsjaloux_dev = { | 17 | services.phpApplication.apps.piedsjaloux_integration = { |
| 13 | websiteEnv = "integration"; | 18 | websiteEnv = "integration"; |
| 14 | httpdUser = config.services.httpd.Inte.user; | 19 | httpdUser = config.services.httpd.Inte.user; |
| 15 | httpdGroup = config.services.httpd.Inte.group; | 20 | httpdGroup = config.services.httpd.Inte.group; |
| @@ -32,17 +37,22 @@ in { | |||
| 32 | "pm.process_idle_timeout" = "60"; | 37 | "pm.process_idle_timeout" = "60"; |
| 33 | }; | 38 | }; |
| 34 | phpEnv = { | 39 | phpEnv = { |
| 35 | PATH = lib.makeBinPath [ pkgs.apg pkgs.unzip ]; | 40 | PATH = lib.makeBinPath [ |
| 36 | SYMFONY_DEBUG_MODE = "yes"; | 41 | pkgs.apg pkgs.unzip |
| 42 | # below ones don't need to be in the PATH but they’re used in | ||
| 43 | # secrets | ||
| 44 | pkgs.imagemagick texlive | ||
| 45 | ]; | ||
| 46 | SYMFONY_DEBUG_MODE = "\"yes\""; | ||
| 37 | }; | 47 | }; |
| 38 | phpWatchFiles = [ | 48 | phpWatchFiles = [ |
| 39 | config.secrets.fullPaths."webapps/${app.environment}-piedsjaloux" | 49 | app.secretsPath |
| 40 | ]; | 50 | ]; |
| 41 | }; | 51 | }; |
| 42 | 52 | ||
| 43 | secrets.keys = [ | 53 | secrets.keys = [ |
| 44 | { | 54 | { |
| 45 | dest = "webapps/${app.environment}-piedsjaloux"; | 55 | dest = "websites/piedsjaloux/integration"; |
| 46 | user = config.services.httpd.Inte.user; | 56 | user = config.services.httpd.Inte.user; |
| 47 | group = config.services.httpd.Inte.group; | 57 | group = config.services.httpd.Inte.group; |
| 48 | permissions = "0400"; | 58 | permissions = "0400"; |
| @@ -60,22 +70,22 @@ in { | |||
| 60 | mailer_user: null | 70 | mailer_user: null |
| 61 | mailer_password: null | 71 | mailer_password: null |
| 62 | secret: ${secrets.secret} | 72 | secret: ${secrets.secret} |
| 63 | pdflatex: "${pkgs.texlive.combine { inherit (pkgs.texlive) attachfile preprint scheme-small; }}/bin/pdflatex" | 73 | pdflatex: "${texlive}/bin/pdflatex" |
| 64 | leapt_im: | 74 | leapt_im: |
| 65 | binary_path: ${pkgs.imagemagick}/bin | 75 | binary_path: ${pkgs.imagemagick}/bin |
| 66 | ''; | 76 | ''; |
| 67 | } | 77 | } |
| 68 | ]; | 78 | ]; |
| 69 | 79 | ||
| 70 | services.websites.env.integration.vhostConfs.piedsjaloux_dev = { | 80 | services.websites.env.integration.vhostConfs.piedsjaloux_integration = { |
| 71 | certName = "integration"; | 81 | certName = "integration"; |
| 72 | addToCerts = true; | 82 | addToCerts = true; |
| 73 | hosts = [ "piedsjaloux.immae.eu" ]; | 83 | hosts = [ "piedsjaloux.immae.eu" ]; |
| 74 | root = pcfg.webappDirs.piedsjaloux_dev; | 84 | root = pcfg.webappDirs.piedsjaloux_integration; |
| 75 | extraConfig = [ | 85 | extraConfig = [ |
| 76 | '' | 86 | '' |
| 77 | <FilesMatch "\.php$"> | 87 | <FilesMatch "\.php$"> |
| 78 | SetHandler "proxy:unix:${pcfg.phpListenPaths.piedsjaloux_dev}|fcgi://localhost" | 88 | SetHandler "proxy:unix:${pcfg.phpListenPaths.piedsjaloux_integration}|fcgi://localhost" |
| 79 | </FilesMatch> | 89 | </FilesMatch> |
| 80 | 90 | ||
| 81 | <Location /> | 91 | <Location /> |
| @@ -84,7 +94,7 @@ in { | |||
| 84 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://piedsjaloux.fr\"></html>" | 94 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://piedsjaloux.fr\"></html>" |
| 85 | </Location> | 95 | </Location> |
| 86 | 96 | ||
| 87 | <Directory ${pcfg.webappDirs.piedsjaloux_dev}> | 97 | <Directory ${pcfg.webappDirs.piedsjaloux_integration}> |
| 88 | Options Indexes FollowSymLinks MultiViews Includes | 98 | Options Indexes FollowSymLinks MultiViews Includes |
| 89 | AllowOverride None | 99 | AllowOverride None |
| 90 | Require all granted | 100 | Require all granted |
diff --git a/modules/private/websites/piedsjaloux/production.nix b/modules/private/websites/piedsjaloux/production.nix index d3e5c2b..4b2c056 100644 --- a/modules/private/websites/piedsjaloux/production.nix +++ b/modules/private/websites/piedsjaloux/production.nix | |||
| @@ -1,16 +1,21 @@ | |||
| 1 | { lib, pkgs, config, ... }: | 1 | { lib, pkgs, config, ... }: |
| 2 | let | 2 | let |
| 3 | secrets = config.myEnv.websites.piedsjaloux.production; | 3 | secrets = config.myEnv.websites.piedsjaloux.production; |
| 4 | app = pkgs.webapps.piedsjaloux.override { environment = secrets.environment; }; | 4 | app = pkgs.callPackage ./app { |
| 5 | environment = secrets.environment; | ||
| 6 | varDir = "/var/lib/piedsjaloux_production"; | ||
| 7 | secretsPath = config.secrets.fullPaths."websites/piedsjaloux/production"; | ||
| 8 | }; | ||
| 5 | cfg = config.myServices.websites.piedsjaloux.production; | 9 | cfg = config.myServices.websites.piedsjaloux.production; |
| 6 | pcfg = config.services.phpApplication; | 10 | pcfg = config.services.phpApplication; |
| 11 | texlive = pkgs.texlive.combine { inherit (pkgs.texlive) attachfile preprint scheme-small; }; | ||
| 7 | in { | 12 | in { |
| 8 | options.myServices.websites.piedsjaloux.production.enable = lib.mkEnableOption "enable PiedsJaloux's website in production"; | 13 | options.myServices.websites.piedsjaloux.production.enable = lib.mkEnableOption "enable PiedsJaloux's website in production"; |
| 9 | 14 | ||
| 10 | config = lib.mkIf cfg.enable { | 15 | config = lib.mkIf cfg.enable { |
| 11 | services.duplyBackup.profiles.piedsjaloux_prod.rootDir = app.varDir; | 16 | services.duplyBackup.profiles.piedsjaloux_production.rootDir = app.varDir; |
| 12 | services.webstats.sites = [ { name = "piedsjaloux.fr"; } ]; | 17 | services.webstats.sites = [ { name = "piedsjaloux.fr"; } ]; |
| 13 | services.phpApplication.apps.piedsjaloux_prod = { | 18 | services.phpApplication.apps.piedsjaloux_production = { |
| 14 | websiteEnv = "production"; | 19 | websiteEnv = "production"; |
| 15 | httpdUser = config.services.httpd.Prod.user; | 20 | httpdUser = config.services.httpd.Prod.user; |
| 16 | httpdGroup = config.services.httpd.Prod.group; | 21 | httpdGroup = config.services.httpd.Prod.group; |
| @@ -35,16 +40,21 @@ in { | |||
| 35 | "pm.max_spare_servers" = "3"; | 40 | "pm.max_spare_servers" = "3"; |
| 36 | }; | 41 | }; |
| 37 | phpEnv = { | 42 | phpEnv = { |
| 38 | PATH = lib.makeBinPath [ pkgs.apg pkgs.unzip ]; | 43 | PATH = lib.makeBinPath [ |
| 44 | pkgs.apg pkgs.unzip | ||
| 45 | # below ones don't need to be in the PATH but they’re used in | ||
| 46 | # secrets | ||
| 47 | pkgs.imagemagick texlive | ||
| 48 | ]; | ||
| 39 | }; | 49 | }; |
| 40 | phpWatchFiles = [ | 50 | phpWatchFiles = [ |
| 41 | config.secrets.fullPaths."webapps/${app.environment}-piedsjaloux" | 51 | app.secretsPath |
| 42 | ]; | 52 | ]; |
| 43 | }; | 53 | }; |
| 44 | 54 | ||
| 45 | secrets.keys = [ | 55 | secrets.keys = [ |
| 46 | { | 56 | { |
| 47 | dest = "webapps/${app.environment}-piedsjaloux"; | 57 | dest = "websites/piedsjaloux/production"; |
| 48 | user = config.services.httpd.Prod.user; | 58 | user = config.services.httpd.Prod.user; |
| 49 | group = config.services.httpd.Prod.group; | 59 | group = config.services.httpd.Prod.group; |
| 50 | permissions = "0400"; | 60 | permissions = "0400"; |
| @@ -62,18 +72,18 @@ in { | |||
| 62 | mailer_user: null | 72 | mailer_user: null |
| 63 | mailer_password: null | 73 | mailer_password: null |
| 64 | secret: ${secrets.secret} | 74 | secret: ${secrets.secret} |
| 65 | pdflatex: "${pkgs.texlive.combine { inherit (pkgs.texlive) attachfile preprint scheme-small; }}/bin/pdflatex" | 75 | pdflatex: "${texlive}/bin/pdflatex" |
| 66 | leapt_im: | 76 | leapt_im: |
| 67 | binary_path: ${pkgs.imagemagick}/bin | 77 | binary_path: ${pkgs.imagemagick}/bin |
| 68 | ''; | 78 | ''; |
| 69 | } | 79 | } |
| 70 | ]; | 80 | ]; |
| 71 | 81 | ||
| 72 | services.websites.env.production.vhostConfs.piedsjaloux_prod = { | 82 | services.websites.env.production.vhostConfs.piedsjaloux_production = { |
| 73 | certName = "piedsjaloux"; | 83 | certName = "piedsjaloux"; |
| 74 | certMainHost = "piedsjaloux.fr"; | 84 | certMainHost = "piedsjaloux.fr"; |
| 75 | hosts = [ "piedsjaloux.fr" "www.piedsjaloux.fr" ]; | 85 | hosts = [ "piedsjaloux.fr" "www.piedsjaloux.fr" ]; |
| 76 | root = pcfg.webappDirs.piedsjaloux_prod; | 86 | root = pcfg.webappDirs.piedsjaloux_production; |
| 77 | extraConfig = [ | 87 | extraConfig = [ |
| 78 | '' | 88 | '' |
| 79 | RewriteEngine on | 89 | RewriteEngine on |
| @@ -81,12 +91,12 @@ in { | |||
| 81 | RewriteRule ^(.+)$ https://www.piedsjaloux.fr$1 [R=302,L] | 91 | RewriteRule ^(.+)$ https://www.piedsjaloux.fr$1 [R=302,L] |
| 82 | 92 | ||
| 83 | <FilesMatch "\.php$"> | 93 | <FilesMatch "\.php$"> |
| 84 | SetHandler "proxy:unix:${pcfg.phpListenPaths.piedsjaloux_prod}|fcgi://localhost" | 94 | SetHandler "proxy:unix:${pcfg.phpListenPaths.piedsjaloux_production}|fcgi://localhost" |
| 85 | </FilesMatch> | 95 | </FilesMatch> |
| 86 | 96 | ||
| 87 | Use Stats piedsjaloux.fr | 97 | Use Stats piedsjaloux.fr |
| 88 | 98 | ||
| 89 | <Directory ${pcfg.webappDirs.piedsjaloux_prod}> | 99 | <Directory ${pcfg.webappDirs.piedsjaloux_production}> |
| 90 | Options Indexes FollowSymLinks MultiViews Includes | 100 | Options Indexes FollowSymLinks MultiViews Includes |
| 91 | AllowOverride All | 101 | AllowOverride All |
| 92 | Require all granted | 102 | Require all granted |
diff --git a/modules/private/websites/emilia/richie.nix b/modules/private/websites/richie/production.nix index 98ab1cd..d6d19c8 100644 --- a/modules/private/websites/emilia/richie.nix +++ b/modules/private/websites/richie/production.nix | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | { lib, config, pkgs, ... }: | 1 | { lib, config, pkgs, ... }: |
| 2 | let | 2 | let |
| 3 | cfg = config.myServices.websites.emilia.richie_production; | 3 | cfg = config.myServices.websites.richie.production; |
| 4 | vardir = "/var/lib/richie_production"; | 4 | vardir = "/var/lib/richie_production"; |
| 5 | richieSrc = pkgs.stdenv.mkDerivation (pkgs.mylibs.fetchedGitPrivate ./richie.json // { | 5 | richieSrc = pkgs.stdenv.mkDerivation (pkgs.mylibs.fetchedGitPrivate ./richie.json // { |
| 6 | phases = "installPhase"; | 6 | phases = "installPhase"; |
| @@ -13,17 +13,21 @@ let | |||
| 13 | sed -i "s@localedef --list-archive@localedef --list-archive /run/current-system/sw/lib/locale/locale-archive@" $out/admin/parametres.php | 13 | sed -i "s@localedef --list-archive@localedef --list-archive /run/current-system/sw/lib/locale/locale-archive@" $out/admin/parametres.php |
| 14 | ''; | 14 | ''; |
| 15 | }); | 15 | }); |
| 16 | webappdir = config.services.websites.webappDirsPaths.richie_production; | ||
| 17 | secretPath = config.secrets.fullPaths."websites/richie/production"; | ||
| 18 | apacheUser = config.services.httpd.Prod.user; | ||
| 19 | apacheGroup = config.services.httpd.Prod.group; | ||
| 16 | in | 20 | in |
| 17 | { | 21 | { |
| 18 | options.myServices.websites.emilia.richie_production.enable = lib.mkEnableOption "enable Richie's website"; | 22 | options.myServices.websites.richie.production.enable = lib.mkEnableOption "enable Richie's website"; |
| 19 | config = lib.mkIf cfg.enable { | 23 | config = lib.mkIf cfg.enable { |
| 20 | services.duplyBackup.profiles.richie_production.rootDir = vardir; | 24 | services.duplyBackup.profiles.richie_production.rootDir = vardir; |
| 21 | services.webstats.sites = [ { name = "europe-richie.org"; } ]; | 25 | services.webstats.sites = [ { name = "europe-richie.org"; } ]; |
| 22 | 26 | ||
| 23 | secrets.keys = [{ | 27 | secrets.keys = [{ |
| 24 | dest = "webapps/prod-richie"; | 28 | dest = "websites/richie/production"; |
| 25 | user = "wwwrun"; | 29 | user = apacheUser; |
| 26 | group = "wwwrun"; | 30 | group = apacheGroup; |
| 27 | permissions = "0400"; | 31 | permissions = "0400"; |
| 28 | text = with config.myEnv.websites.richie; '' | 32 | text = with config.myEnv.websites.richie; '' |
| 29 | <?php | 33 | <?php |
| @@ -40,31 +44,31 @@ in | |||
| 40 | ?> | 44 | ?> |
| 41 | ''; | 45 | ''; |
| 42 | }]; | 46 | }]; |
| 43 | myServices.websites.webappDirs.richie_production = richieSrc; | 47 | services.websites.webappDirs.richie_production = richieSrc; |
| 44 | system.activationScripts.richie_production = { | 48 | system.activationScripts.richie_production = { |
| 45 | deps = [ "httpd" ]; | 49 | deps = [ "httpd" ]; |
| 46 | text = '' | 50 | text = '' |
| 47 | install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/richie_production | 51 | install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/richie_production |
| 48 | install -m 0755 -o wwwrun -g wwwrun -d ${vardir} | 52 | install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${vardir} |
| 49 | ''; | 53 | ''; |
| 50 | }; | 54 | }; |
| 51 | services.phpfpm.pools.richie_production = { | 55 | services.phpfpm.pools.richie_production = { |
| 52 | user = "wwwrun"; | 56 | user = apacheUser; |
| 53 | group = "wwwrun"; | 57 | group = apacheGroup; |
| 54 | settings = { | 58 | settings = { |
| 55 | "listen.owner" = "wwwrun"; | 59 | "listen.owner" = apacheUser; |
| 56 | "listen.group" = "wwwrun"; | 60 | "listen.group" = apacheGroup; |
| 57 | 61 | ||
| 58 | "pm" = "ondemand"; | 62 | "pm" = "ondemand"; |
| 59 | "pm.max_children" = "5"; | 63 | "pm.max_children" = "5"; |
| 60 | "pm.process_idle_timeout" = "60"; | 64 | "pm.process_idle_timeout" = "60"; |
| 61 | 65 | ||
| 62 | "php_admin_value[open_basedir]" = "${vardir}:/var/lib/php/sessions/richie_production:/var/secrets/webapps/prod-richie:${richieSrc}:/tmp"; | 66 | "php_admin_value[open_basedir]" = "${vardir}:/var/lib/php/sessions/richie_production:${secretPath}:${richieSrc}:/tmp"; |
| 63 | "php_admin_value[session.save_path]" = "/var/lib/php/sessions/richie_production"; | 67 | "php_admin_value[session.save_path]" = "/var/lib/php/sessions/richie_production"; |
| 64 | }; | 68 | }; |
| 65 | phpEnv = { | 69 | phpEnv = { |
| 66 | PATH = "/run/current-system/sw/bin:${lib.makeBinPath [ pkgs.imagemagick ]}"; | 70 | PATH = "/run/current-system/sw/bin:${lib.makeBinPath [ pkgs.imagemagick ]}"; |
| 67 | BDD_CONNECT = "/var/secrets/webapps/prod-richie"; | 71 | BDD_CONNECT = secretPath; |
| 68 | }; | 72 | }; |
| 69 | phpOptions = config.services.phpfpm.phpOptions + '' | 73 | phpOptions = config.services.phpfpm.phpOptions + '' |
| 70 | date.timezone = 'Europe/Paris' | 74 | date.timezone = 'Europe/Paris' |
| @@ -77,7 +81,7 @@ in | |||
| 77 | addToCerts = true; | 81 | addToCerts = true; |
| 78 | certMainHost = "europe-richie.org"; | 82 | certMainHost = "europe-richie.org"; |
| 79 | hosts = [ "europe-richie.org" "www.europe-richie.org" ]; | 83 | hosts = [ "europe-richie.org" "www.europe-richie.org" ]; |
| 80 | root = "/run/current-system/webapps/richie_production"; | 84 | root = webappdir; |
| 81 | extraConfig = [ | 85 | extraConfig = [ |
| 82 | '' | 86 | '' |
| 83 | Use Stats europe-richie.org | 87 | Use Stats europe-richie.org |
| @@ -85,7 +89,7 @@ in | |||
| 85 | <LocationMatch "^/files/.*/admin/"> | 89 | <LocationMatch "^/files/.*/admin/"> |
| 86 | Require all denied | 90 | Require all denied |
| 87 | </LocationMatch> | 91 | </LocationMatch> |
| 88 | <Directory /run/current-system/webapps/richie_production> | 92 | <Directory ${webappdir}> |
| 89 | DirectoryIndex index.php index.htm index.html | 93 | DirectoryIndex index.php index.htm index.html |
| 90 | Options Indexes FollowSymLinks MultiViews Includes | 94 | Options Indexes FollowSymLinks MultiViews Includes |
| 91 | AllowOverride None | 95 | AllowOverride None |
diff --git a/modules/private/websites/emilia/richie.json b/modules/private/websites/richie/richie.json index f51d8c1..f51d8c1 100644 --- a/modules/private/websites/emilia/richie.json +++ b/modules/private/websites/richie/richie.json | |||
diff --git a/modules/private/websites/syden/peertube.nix b/modules/private/websites/syden/peertube.nix index 2ad7217..e659875 100644 --- a/modules/private/websites/syden/peertube.nix +++ b/modules/private/websites/syden/peertube.nix | |||
| @@ -23,7 +23,7 @@ in | |||
| 23 | users.groups.peertube.gid = config.ids.gids.peertube; | 23 | users.groups.peertube.gid = config.ids.gids.peertube; |
| 24 | 24 | ||
| 25 | secrets.keys = [{ | 25 | secrets.keys = [{ |
| 26 | dest = "webapps/syden-peertube"; | 26 | dest = "websites/syden/peertube"; |
| 27 | user = "peertube"; | 27 | user = "peertube"; |
| 28 | group = "peertube"; | 28 | group = "peertube"; |
| 29 | permissions = "0640"; | 29 | permissions = "0640"; |
| @@ -69,7 +69,7 @@ in | |||
| 69 | 69 | ||
| 70 | services.filesWatcher.syden_peertube = { | 70 | services.filesWatcher.syden_peertube = { |
| 71 | restart = true; | 71 | restart = true; |
| 72 | paths = [ "/var/secrets/webapps/syden-peertube" ]; | 72 | paths = [ config.secrets.fullPaths."websites/syden/peertube" ]; |
| 73 | }; | 73 | }; |
| 74 | 74 | ||
| 75 | systemd.services.syden_peertube = { | 75 | systemd.services.syden_peertube = { |
| @@ -86,7 +86,7 @@ in | |||
| 86 | 86 | ||
| 87 | script = '' | 87 | script = '' |
| 88 | install -m 0750 -d ${dataDir}/config | 88 | install -m 0750 -d ${dataDir}/config |
| 89 | ln -sf /var/secrets/webapps/syden-peertube ${dataDir}/config/production.yaml | 89 | ln -sf ${config.secrets.fullPaths."websites/syden/peertube"} ${dataDir}/config/production.yaml |
| 90 | ln -sf ${package}/config/default.yaml ${dataDir}/config/default.yaml | 90 | ln -sf ${package}/config/default.yaml ${dataDir}/config/default.yaml |
| 91 | exec npm run start | 91 | exec npm run start |
| 92 | ''; | 92 | ''; |
| @@ -109,11 +109,12 @@ in | |||
| 109 | }; | 109 | }; |
| 110 | 110 | ||
| 111 | services.websites.env.production.vhostConfs.syden_peertube = { | 111 | services.websites.env.production.vhostConfs.syden_peertube = { |
| 112 | certName = "eldiron"; | 112 | certName = "syden"; |
| 113 | addToCerts = true; | 113 | addToCerts = true; |
| 114 | hosts = [ "syden.immae.eu" ]; | 114 | certMainHost = "syden.immae.eu"; |
| 115 | root = null; | 115 | hosts = [ "syden.immae.eu" ]; |
| 116 | extraConfig = [ '' | 116 | root = null; |
| 117 | extraConfig = [ '' | ||
| 117 | RewriteEngine On | 118 | RewriteEngine On |
| 118 | 119 | ||
| 119 | RewriteCond %{REQUEST_URI} ^/socket.io [NC] | 120 | RewriteCond %{REQUEST_URI} ^/socket.io [NC] |
diff --git a/modules/private/websites/teliotortay/production.nix b/modules/private/websites/telio_tortay/production.nix index 62762ec..130f4db 100644 --- a/modules/private/websites/teliotortay/production.nix +++ b/modules/private/websites/telio_tortay/production.nix | |||
| @@ -1,39 +1,41 @@ | |||
| 1 | { lib, pkgs, config, ... }: | 1 | { lib, pkgs, config, ... }: |
| 2 | let | 2 | let |
| 3 | adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; }; | 3 | adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; }; |
| 4 | cfg = config.myServices.websites.telioTortay.production; | 4 | cfg = config.myServices.websites.telio_tortay.production; |
| 5 | varDir = "/var/lib/ftp/telio_tortay"; | 5 | varDir = "/var/lib/ftp/telio_tortay"; |
| 6 | env = config.myEnv.websites.telioTortay; | 6 | env = config.myEnv.websites.telio_tortay; |
| 7 | apacheUser = config.services.httpd.Prod.user; | ||
| 8 | apacheGroup = config.services.httpd.Prod.group; | ||
| 7 | in { | 9 | in { |
| 8 | options.myServices.websites.telioTortay.production.enable = lib.mkEnableOption "enable Telio Tortay's website"; | 10 | options.myServices.websites.telio_tortay.production.enable = lib.mkEnableOption "enable Telio Tortay's website"; |
| 9 | 11 | ||
| 10 | config = lib.mkIf cfg.enable { | 12 | config = lib.mkIf cfg.enable { |
| 11 | services.webstats.sites = [ { name = "telio-tortay.immae.eu"; } ]; | 13 | services.webstats.sites = [ { name = "telio-tortay.immae.eu"; } ]; |
| 12 | 14 | ||
| 13 | security.acme.certs."ftp".extraDomains."telio-tortay.immae.eu" = null; | 15 | security.acme.certs."ftp".extraDomains."telio-tortay.immae.eu" = null; |
| 14 | 16 | ||
| 15 | system.activationScripts.telio-tortay = { | 17 | system.activationScripts.telio_tortay = { |
| 16 | deps = [ "httpd" ]; | 18 | deps = [ "httpd" ]; |
| 17 | text = '' | 19 | text = '' |
| 18 | install -m 0755 -o wwwrun -g wwwrun -d /var/lib/ftp/telio_tortay/logs | 20 | install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/ftp/telio_tortay/logs |
| 19 | install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/telio-tortay | 21 | install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/telio_tortay |
| 20 | ''; | 22 | ''; |
| 21 | }; | 23 | }; |
| 22 | systemd.services.phpfpm-telio-tortay.after = lib.mkAfter [ "mysql.service" ]; | 24 | systemd.services.phpfpm-telio_tortay.after = lib.mkAfter [ "mysql.service" ]; |
| 23 | systemd.services.phpfpm-telio-tortay.wants = [ "mysql.service" ]; | 25 | systemd.services.phpfpm-telio_tortay.wants = [ "mysql.service" ]; |
| 24 | services.phpfpm.pools.telio-tortay = { | 26 | services.phpfpm.pools.telio_tortay = { |
| 25 | user = "wwwrun"; | 27 | user = apacheUser; |
| 26 | group = "wwwrun"; | 28 | group = apacheGroup; |
| 27 | settings = { | 29 | settings = { |
| 28 | "listen.owner" = "wwwrun"; | 30 | "listen.owner" = apacheUser; |
| 29 | "listen.group" = "wwwrun"; | 31 | "listen.group" = apacheGroup; |
| 30 | 32 | ||
| 31 | "pm" = "ondemand"; | 33 | "pm" = "ondemand"; |
| 32 | "pm.max_children" = "5"; | 34 | "pm.max_children" = "5"; |
| 33 | "pm.process_idle_timeout" = "60"; | 35 | "pm.process_idle_timeout" = "60"; |
| 34 | 36 | ||
| 35 | "php_admin_value[open_basedir]" = "/var/lib/php/sessions/telio-tortay:${varDir}:/tmp"; | 37 | "php_admin_value[open_basedir]" = "/var/lib/php/sessions/telio_tortay:${varDir}:/tmp"; |
| 36 | "php_admin_value[session.save_path]" = "/var/lib/php/sessions/telio-tortay"; | 38 | "php_admin_value[session.save_path]" = "/var/lib/php/sessions/telio_tortay"; |
| 37 | }; | 39 | }; |
| 38 | phpOptions = config.services.phpfpm.phpOptions + '' | 40 | phpOptions = config.services.phpfpm.phpOptions + '' |
| 39 | disable_functions = "mail" | 41 | disable_functions = "mail" |
| @@ -41,8 +43,8 @@ in { | |||
| 41 | ''; | 43 | ''; |
| 42 | }; | 44 | }; |
| 43 | services.websites.env.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ]; | 45 | services.websites.env.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ]; |
| 44 | services.websites.env.production.vhostConfs.telio-tortay = { | 46 | services.websites.env.production.vhostConfs.telio_tortay = { |
| 45 | certName = "telio-tortay"; | 47 | certName = "telio_tortay"; |
| 46 | certMainHost = "telio-tortay.immae.eu"; | 48 | certMainHost = "telio-tortay.immae.eu"; |
| 47 | hosts = ["telio-tortay.immae.eu" "realistesmedia.fr" "www.realistesmedia.fr" ]; | 49 | hosts = ["telio-tortay.immae.eu" "realistesmedia.fr" "www.realistesmedia.fr" ]; |
| 48 | root = varDir; | 50 | root = varDir; |
| @@ -55,7 +57,7 @@ in { | |||
| 55 | CustomLog "${varDir}/logs/access_log" combined | 57 | CustomLog "${varDir}/logs/access_log" combined |
| 56 | 58 | ||
| 57 | <FilesMatch "\.php$"> | 59 | <FilesMatch "\.php$"> |
| 58 | SetHandler "proxy:unix:${config.services.phpfpm.pools.telio-tortay.socket}|fcgi://localhost" | 60 | SetHandler "proxy:unix:${config.services.phpfpm.pools.telio_tortay.socket}|fcgi://localhost" |
| 59 | </FilesMatch> | 61 | </FilesMatch> |
| 60 | 62 | ||
| 61 | <Directory ${varDir}/logs> | 63 | <Directory ${varDir}/logs> |
diff --git a/modules/private/websites/tools/dav/default.nix b/modules/private/websites/tools/dav/default.nix index 30a562c..14e4069 100644 --- a/modules/private/websites/tools/dav/default.nix +++ b/modules/private/websites/tools/dav/default.nix | |||
| @@ -50,9 +50,9 @@ in { | |||
| 50 | }; | 50 | }; |
| 51 | }; | 51 | }; |
| 52 | 52 | ||
| 53 | myServices.websites.webappDirs._dav = ./www; | 53 | services.websites.webappDirs._dav = ./www; |
| 54 | myServices.websites.webappDirs."${davical.apache.webappName}" = davical.webRoot; | 54 | services.websites.webappDirs."${davical.apache.webappName}" = davical.webRoot; |
| 55 | myServices.websites.webappDirs."${infcloud.webappName}" = pkgs.webapps.infcloud; | 55 | services.websites.webappDirs."${infcloud.webappName}" = pkgs.webapps.infcloud; |
| 56 | }; | 56 | }; |
| 57 | } | 57 | } |
| 58 | 58 | ||
diff --git a/modules/private/websites/tools/git/default.nix b/modules/private/websites/tools/git/default.nix index 56e4401..55f9ecb 100644 --- a/modules/private/websites/tools/git/default.nix +++ b/modules/private/websites/tools/git/default.nix | |||
| @@ -19,8 +19,8 @@ in { | |||
| 19 | services.websites.env.tools.modules = | 19 | services.websites.env.tools.modules = |
| 20 | gitweb.apache.modules ++ | 20 | gitweb.apache.modules ++ |
| 21 | mantisbt.apache.modules; | 21 | mantisbt.apache.modules; |
| 22 | myServices.websites.webappDirs."${gitweb.apache.webappName}" = gitweb.webRoot; | 22 | services.websites.webappDirs."${gitweb.apache.webappName}" = gitweb.webRoot; |
| 23 | myServices.websites.webappDirs."${mantisbt.apache.webappName}" = mantisbt.webRoot; | 23 | services.websites.webappDirs."${mantisbt.apache.webappName}" = mantisbt.webRoot; |
| 24 | 24 | ||
| 25 | system.activationScripts.mantisbt = mantisbt.activationScript; | 25 | system.activationScripts.mantisbt = mantisbt.activationScript; |
| 26 | services.websites.env.tools.vhostConfs.git = { | 26 | services.websites.env.tools.vhostConfs.git = { |
diff --git a/modules/private/websites/tools/mail/default.nix b/modules/private/websites/tools/mail/default.nix index 1f7f7bf..dda2d45 100644 --- a/modules/private/websites/tools/mail/default.nix +++ b/modules/private/websites/tools/mail/default.nix | |||
| @@ -72,7 +72,7 @@ in | |||
| 72 | rainloop = rainloop.activationScript; | 72 | rainloop = rainloop.activationScript; |
| 73 | }; | 73 | }; |
| 74 | 74 | ||
| 75 | myServices.websites.webappDirs = { | 75 | services.websites.webappDirs = { |
| 76 | _mail = ./www; | 76 | _mail = ./www; |
| 77 | "${roundcubemail.apache.webappName}" = roundcubemail.webRoot; | 77 | "${roundcubemail.apache.webappName}" = roundcubemail.webRoot; |
| 78 | "${rainloop.apache.webappName}" = rainloop.webRoot; | 78 | "${rainloop.apache.webappName}" = rainloop.webRoot; |
diff --git a/modules/private/websites/tools/mail/mta-sts.nix b/modules/private/websites/tools/mail/mta-sts.nix index ed3fce8..c5d4306 100644 --- a/modules/private/websites/tools/mail/mta-sts.nix +++ b/modules/private/websites/tools/mail/mta-sts.nix | |||
| @@ -34,7 +34,7 @@ let | |||
| 34 | in | 34 | in |
| 35 | { | 35 | { |
| 36 | config = lib.mkIf cfg.enable { | 36 | config = lib.mkIf cfg.enable { |
| 37 | myServices.websites.webappDirs = { | 37 | services.websites.webappDirs = { |
| 38 | _mta-sts = root; | 38 | _mta-sts = root; |
| 39 | }; | 39 | }; |
| 40 | 40 | ||
diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix index d88763c..be2ee75 100644 --- a/modules/private/websites/tools/tools/default.nix +++ b/modules/private/websites/tools/tools/default.nix | |||
| @@ -335,7 +335,7 @@ in { | |||
| 335 | ldap = ldap.activationScript; | 335 | ldap = ldap.activationScript; |
| 336 | }; | 336 | }; |
| 337 | 337 | ||
| 338 | myServices.websites.webappDirs = { | 338 | services.websites.webappDirs = { |
| 339 | _adminer = adminer.webRoot; | 339 | _adminer = adminer.webRoot; |
| 340 | "${dokuwiki.apache.webappName}" = dokuwiki.webRoot; | 340 | "${dokuwiki.apache.webappName}" = dokuwiki.webRoot; |
| 341 | "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs"; | 341 | "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs"; |
diff --git a/modules/private/websites/tools/vpn/default.nix b/modules/private/websites/tools/vpn/default.nix index cfe010c..4398a60 100644 --- a/modules/private/websites/tools/vpn/default.nix +++ b/modules/private/websites/tools/vpn/default.nix | |||
| @@ -10,6 +10,6 @@ in { | |||
| 10 | root = "/run/current-system/webapps/_vpn"; | 10 | root = "/run/current-system/webapps/_vpn"; |
| 11 | }; | 11 | }; |
| 12 | 12 | ||
| 13 | myServices.websites.webappDirs._vpn = ./www; | 13 | services.websites.webappDirs._vpn = ./www; |
| 14 | }; | 14 | }; |
| 15 | } | 15 | } |
diff --git a/pkgs/default.nix b/pkgs/default.nix index b02c63e..14d3ed6 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix | |||
| @@ -45,7 +45,7 @@ rec { | |||
| 45 | bitlbee-mastodon = callPackage ./bitlbee-mastodon {}; | 45 | bitlbee-mastodon = callPackage ./bitlbee-mastodon {}; |
| 46 | 46 | ||
| 47 | composerEnv = callPackage ./composer-env {}; | 47 | composerEnv = callPackage ./composer-env {}; |
| 48 | webapps = callPackage ./webapps { inherit mylibs composerEnv private; }; | 48 | webapps = callPackage ./webapps { inherit mylibs composerEnv; }; |
| 49 | 49 | ||
| 50 | monitoring-plugins = callPackage ./monitoring-plugins {}; | 50 | monitoring-plugins = callPackage ./monitoring-plugins {}; |
| 51 | naemon = callPackage ./naemon { inherit mylibs monitoring-plugins; }; | 51 | naemon = callPackage ./naemon { inherit mylibs monitoring-plugins; }; |
| @@ -54,10 +54,6 @@ rec { | |||
| 54 | simp_le_0_17 = callPackage ./simp_le {}; | 54 | simp_le_0_17 = callPackage ./simp_le {}; |
| 55 | certbot = callPackage ./certbot {}; | 55 | certbot = callPackage ./certbot {}; |
| 56 | 56 | ||
| 57 | private = if builtins.pathExists (./. + "/private") | ||
| 58 | then import ./private { inherit pkgs; } | ||
| 59 | else { webapps = {}; }; | ||
| 60 | |||
| 61 | python3PackagesPlus = callPackage ./python-packages { | 57 | python3PackagesPlus = callPackage ./python-packages { |
| 62 | python = python3; | 58 | python = python3; |
| 63 | inherit mylibs; | 59 | inherit mylibs; |
diff --git a/pkgs/private/default.nix b/pkgs/private/default.nix deleted file mode 100644 index 1abdd29..0000000 --- a/pkgs/private/default.nix +++ /dev/null | |||
| @@ -1,12 +0,0 @@ | |||
| 1 | { pkgs }: | ||
| 2 | with pkgs; | ||
| 3 | let | ||
| 4 | mylibs = import ../../lib { inherit pkgs; }; | ||
| 5 | in | ||
| 6 | rec { | ||
| 7 | webapps = callPackage ./webapps { | ||
| 8 | inherit mylibs; | ||
| 9 | inherit (pkgs) composerEnv; | ||
| 10 | inherit (pkgs.webapps) spip; | ||
| 11 | }; | ||
| 12 | } | ||
diff --git a/pkgs/private/webapps/apache-default/default.nix b/pkgs/private/webapps/apache-default/default.nix deleted file mode 100644 index 92f558e..0000000 --- a/pkgs/private/webapps/apache-default/default.nix +++ /dev/null | |||
| @@ -1,21 +0,0 @@ | |||
| 1 | { www_root ? null }: | ||
| 2 | rec { | ||
| 3 | www = ./www; | ||
| 4 | apacheConfig = let | ||
| 5 | www_root' = if isNull www_root then www else www_root; | ||
| 6 | in '' | ||
| 7 | ErrorDocument 500 /maintenance_immae.html | ||
| 8 | ErrorDocument 501 /maintenance_immae.html | ||
| 9 | ErrorDocument 502 /maintenance_immae.html | ||
| 10 | ErrorDocument 503 /maintenance_immae.html | ||
| 11 | ErrorDocument 504 /maintenance_immae.html | ||
| 12 | Alias /maintenance_immae.html ${www_root'}/maintenance_immae.html | ||
| 13 | ProxyPass /maintenance_immae.html ! | ||
| 14 | |||
| 15 | AliasMatch "(.*)/googleb6d69446ff4ca3e5.html" ${www_root'}/googleb6d69446ff4ca3e5.html | ||
| 16 | <Directory ${www_root'}> | ||
| 17 | AllowOverride None | ||
| 18 | Require all granted | ||
| 19 | </Directory> | ||
| 20 | ''; | ||
| 21 | } | ||
diff --git a/pkgs/private/webapps/default.nix b/pkgs/private/webapps/default.nix deleted file mode 100644 index 12b690b..0000000 --- a/pkgs/private/webapps/default.nix +++ /dev/null | |||
| @@ -1,12 +0,0 @@ | |||
| 1 | { callPackage, mylibs, composerEnv, lib, spip }: | ||
| 2 | rec { | ||
| 3 | apache-default = callPackage ./apache-default {}; | ||
| 4 | |||
| 5 | aten = callPackage ./aten { inherit composerEnv mylibs; }; | ||
| 6 | chloe = callPackage ./chloe { inherit mylibs spip; }; | ||
| 7 | iridologie = callPackage ./iridologie { inherit mylibs spip; }; | ||
| 8 | connexionswing = callPackage ./connexionswing { inherit composerEnv mylibs;}; | ||
| 9 | ludivinecassal = callPackage ./ludivinecassal { inherit composerEnv mylibs; }; | ||
| 10 | piedsjaloux = callPackage ./piedsjaloux { inherit composerEnv mylibs; }; | ||
| 11 | tellesflorian = callPackage ./tellesflorian { inherit composerEnv mylibs; }; | ||
| 12 | } | ||
diff --git a/pkgs/webapps/default.nix b/pkgs/webapps/default.nix index 2f4d739..8cc252d 100644 --- a/pkgs/webapps/default.nix +++ b/pkgs/webapps/default.nix | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | { callPackage, mylibs, composerEnv, lib, private }: | 1 | { callPackage, mylibs, composerEnv, lib }: |
| 2 | rec { | 2 | rec { |
| 3 | adminer = callPackage ./adminer {}; | 3 | adminer = callPackage ./adminer {}; |
| 4 | apache-theme = callPackage ./apache-theme {}; | 4 | apache-theme = callPackage ./apache-theme {}; |
| @@ -113,4 +113,4 @@ rec { | |||
| 113 | in | 113 | in |
| 114 | lib.attrsets.genAttrs names | 114 | lib.attrsets.genAttrs names |
| 115 | (name: callPackage (./yourls/plugins + "/${name}") { inherit mylibs; }); | 115 | (name: callPackage (./yourls/plugins + "/${name}") { inherit mylibs; }); |
| 116 | } // private.webapps | 116 | } |