aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2019-05-18 10:49:00 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2019-05-18 10:49:00 +0200
commitf8026b6e4c869aa108f6361c8ccd50890657994d (patch)
tree57cb311e520933bd2ab6ccbae05f2913799eb49e
parent4aac110f17f0528d90510eec00c9a8df60bcf04f (diff)
downloadNix-f8026b6e4c869aa108f6361c8ccd50890657994d.tar.gz
Nix-f8026b6e4c869aa108f6361c8ccd50890657994d.tar.zst
Nix-f8026b6e4c869aa108f6361c8ccd50890657994d.zip
Move personal websites to modules
Diffstat
-rw-r--r--modules/private/default.nix32
-rw-r--r--modules/private/websites/aten/builder.nix (renamed from nixops/modules/websites/aten/aten.nix)22
-rw-r--r--modules/private/websites/aten/integration.nix34
-rw-r--r--modules/private/websites/aten/production.nix36
-rw-r--r--modules/private/websites/capitaines/mastodon_static/index.html (renamed from nixops/modules/websites/capitaines/mastodon_static/index.html)0
-rw-r--r--modules/private/websites/capitaines/mastodon_static/oops.png (renamed from nixops/modules/websites/capitaines/mastodon_static/oops.png)bin120305 -> 120305 bytes
-rw-r--r--modules/private/websites/capitaines/production.nix (renamed from nixops/modules/websites/capitaines/default.nix)10
-rw-r--r--modules/private/websites/chloe/builder.nix (renamed from nixops/modules/websites/chloe/chloe.nix)22
-rw-r--r--modules/private/websites/chloe/config/chmod.php (renamed from nixops/modules/websites/chloe/chloe_config_dev/chmod.php)0
-rw-r--r--modules/private/websites/chloe/config/connect.php (renamed from nixops/modules/websites/chloe/chloe_config_dev/connect.php)0
-rw-r--r--modules/private/websites/chloe/config/ldap.php (renamed from nixops/modules/websites/chloe/chloe_config_dev/ldap.php)0
-rw-r--r--modules/private/websites/chloe/integration.nix35
-rw-r--r--modules/private/websites/chloe/production.nix37
-rw-r--r--modules/private/websites/commons/adminer.nix21
-rw-r--r--modules/private/websites/connexionswing/builder.nix (renamed from nixops/modules/websites/connexionswing/connexionswing.nix)22
-rw-r--r--modules/private/websites/connexionswing/integration.nix35
-rw-r--r--modules/private/websites/connexionswing/production.nix37
-rw-r--r--modules/private/websites/default.nix39
-rw-r--r--modules/private/websites/denisejerome/production.nix (renamed from nixops/modules/websites/ftp/denisejerome.nix)14
-rw-r--r--modules/private/websites/emilia/moodle/pause.html (renamed from nixops/modules/websites/emilia/moodle/pause.html)0
-rw-r--r--modules/private/websites/emilia/production.nix (renamed from nixops/modules/websites/emilia/default.nix)10
-rw-r--r--modules/private/websites/florian/app.nix (renamed from nixops/modules/websites/tellesflorian/default.nix)32
-rw-r--r--modules/private/websites/florian/builder_app.nix (renamed from nixops/modules/websites/tellesflorian/tellesflorian.nix)24
-rw-r--r--modules/private/websites/florian/integration.nix34
-rw-r--r--modules/private/websites/florian/production.nix34
-rw-r--r--modules/private/websites/immae/production.nix (renamed from nixops/modules/websites/ftp/immae.nix)14
-rw-r--r--modules/private/websites/immae/release.nix (renamed from nixops/modules/websites/ftp/release.nix)14
-rw-r--r--modules/private/websites/immae/temp.nix (renamed from nixops/modules/websites/ftp/temp.nix)14
-rw-r--r--modules/private/websites/leila/production.nix82
-rw-r--r--modules/private/websites/ludivinecassal/builder.nix (renamed from nixops/modules/websites/ludivine/ludivinecassal.nix)24
-rw-r--r--modules/private/websites/ludivinecassal/integration.nix34
-rw-r--r--modules/private/websites/ludivinecassal/production.nix35
-rw-r--r--modules/private/websites/nassime/production.nix (renamed from nixops/modules/websites/ftp/nassime.nix)14
-rw-r--r--modules/private/websites/naturaloutil/production.nix (renamed from nixops/modules/websites/ftp/jerome.nix)16
-rw-r--r--modules/private/websites/papa/surveillance.nix (renamed from nixops/modules/websites/ftp/papa.nix)12
-rw-r--r--modules/private/websites/piedsjaloux/builder.nix (renamed from nixops/modules/websites/piedsjaloux/piedsjaloux.nix)22
-rw-r--r--modules/private/websites/piedsjaloux/integration.nix34
-rw-r--r--modules/private/websites/piedsjaloux/production.nix36
-rw-r--r--nixops/modules/websites/aten/default.nix66
-rw-r--r--nixops/modules/websites/chloe/chloe_config_prod/chmod.php4
-rw-r--r--nixops/modules/websites/chloe/chloe_config_prod/connect.php15
-rw-r--r--nixops/modules/websites/chloe/chloe_config_prod/ldap.php9
-rw-r--r--nixops/modules/websites/chloe/default.nix69
-rw-r--r--nixops/modules/websites/connexionswing/default.nix68
-rw-r--r--nixops/modules/websites/default.nix42
-rw-r--r--nixops/modules/websites/ftp/florian.nix68
-rw-r--r--nixops/modules/websites/ftp/leila.nix86
-rw-r--r--nixops/modules/websites/ludivine/default.nix66
-rw-r--r--nixops/modules/websites/piedsjaloux/default.nix66
49 files changed, 711 insertions, 729 deletions
diff --git a/modules/private/default.nix b/modules/private/default.nix
index 2030315..16258e4 100644
--- a/modules/private/default.nix
+++ b/modules/private/default.nix
@@ -1,4 +1,5 @@
1{ 1let
2set = {
2 # adatped from nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix 3 # adatped from nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix
3 httpdInte = import ../websites/httpd-service-builder.nix { httpdName = "Inte"; withUsers = false; }; 4 httpdInte = import ../websites/httpd-service-builder.nix { httpdName = "Inte"; withUsers = false; };
4 httpdProd = import ../websites/httpd-service-builder.nix { httpdName = "Prod"; withUsers = false; }; 5 httpdProd = import ../websites/httpd-service-builder.nix { httpdName = "Prod"; withUsers = false; };
@@ -10,5 +11,32 @@
10 postgresql = ./databases/postgresql.nix; 11 postgresql = ./databases/postgresql.nix;
11 redis = ./databases/redis.nix; 12 redis = ./databases/redis.nix;
12 13
14 websites = ./websites;
15 atenInte = ./websites/aten/integration.nix;
16 atenProd = ./websites/aten/production.nix;
17 capitainesProd = ./websites/capitaines/production.nix;
18 chloeInte = ./websites/chloe/integration.nix;
19 chloeProd = ./websites/chloe/production.nix;
20 connexionswingInte = ./websites/connexionswing/integration.nix;
21 connexionswingProd = ./websites/connexionswing/production.nix;
22 denisejeromeProd = ./websites/denisejerome/production.nix;
23 emiliaProd = ./websites/emilia/production.nix;
24 florianApp = ./websites/florian/app.nix;
25 florianInte = ./websites/florian/integration.nix;
26 florianProd = ./websites/florian/production.nix;
27 immaeProd = ./websites/immae/production.nix;
28 immaeRelease = ./websites/immae/release.nix;
29 immaeTemp = ./websites/immae/temp.nix;
30 leilaProd = ./websites/leila/production.nix;
31 ludivinecassalInte = ./websites/ludivinecassal/integration.nix;
32 ludivinecassalProd = ./websites/ludivinecassal/production.nix;
33 nassimeProd = ./websites/nassime/production.nix;
34 naturaloutilProd = ./websites/naturaloutil/production.nix;
35 papaSurveillance = ./websites/papa/surveillance.nix;
36 piedsjalouxInte = ./websites/piedsjaloux/integration.nix;
37 piedsjalouxProd = ./websites/piedsjaloux/production.nix;
38
13 irc = ./irc.nix; 39 irc = ./irc.nix;
14} 40};
41in
42builtins.listToAttrs (map (attr: { name = "priv${attr}"; value = set.${attr}; }) (builtins.attrNames set))
diff --git a/nixops/modules/websites/aten/aten.nix b/modules/private/websites/aten/builder.nix
index 04876a1..9a2e1a7 100644
--- a/nixops/modules/websites/aten/aten.nix
+++ b/modules/private/websites/aten/builder.nix
@@ -1,4 +1,4 @@
1{ aten, lib, config }: rec { 1{ apacheUser, apacheGroup, aten, lib, config }: rec {
2 app = aten.override { inherit (config) environment; }; 2 app = aten.override { inherit (config) environment; };
3 phpFpm = rec { 3 phpFpm = rec {
4 preStart = '' 4 preStart = ''
@@ -7,7 +7,7 @@
7 "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \ 7 "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \
8 || ! sha512sum -c --status ${app.varDir}/currentKey; then 8 || ! sha512sum -c --status ${app.varDir}/currentKey; then
9 pushd ${app} > /dev/null 9 pushd ${app} > /dev/null
10 /run/wrappers/bin/sudo -u wwwrun APP_ENV=${app.environment} ./bin/console --env=${app.environment} cache:clear --no-warmup 10 /run/wrappers/bin/sudo -u ${apacheUser} APP_ENV=${app.environment} ./bin/console --env=${app.environment} cache:clear --no-warmup
11 popd > /dev/null 11 popd > /dev/null
12 echo -n "${app}" > ${app.varDir}/currentWebappDir 12 echo -n "${app}" > ${app.varDir}/currentWebappDir
13 sha512sum /var/secrets/webapps/${app.environment}-aten > ${app.varDir}/currentKey 13 sha512sum /var/secrets/webapps/${app.environment}-aten > ${app.varDir}/currentKey
@@ -17,10 +17,10 @@
17 socket = "/var/run/phpfpm/aten-${app.environment}.sock"; 17 socket = "/var/run/phpfpm/aten-${app.environment}.sock";
18 pool = '' 18 pool = ''
19 listen = ${socket} 19 listen = ${socket}
20 user = ${apache.user} 20 user = ${apacheUser}
21 group = ${apache.group} 21 group = ${apacheGroup}
22 listen.owner = ${apache.user} 22 listen.owner = ${apacheUser}
23 listen.group = ${apache.group} 23 listen.group = ${apacheGroup}
24 php_admin_value[upload_max_filesize] = 20M 24 php_admin_value[upload_max_filesize] = 20M
25 php_admin_value[post_max_size] = 20M 25 php_admin_value[post_max_size] = 20M
26 ;php_admin_flag[log_errors] = on 26 ;php_admin_flag[log_errors] = on
@@ -41,8 +41,8 @@
41 }; 41 };
42 keys = [{ 42 keys = [{
43 dest = "webapps/${app.environment}-aten"; 43 dest = "webapps/${app.environment}-aten";
44 user = apache.user; 44 user = apacheUser;
45 group = apache.group; 45 group = apacheGroup;
46 permissions = "0400"; 46 permissions = "0400";
47 text = '' 47 text = ''
48 SetEnv APP_ENV "${app.environment}" 48 SetEnv APP_ENV "${app.environment}"
@@ -51,8 +51,6 @@
51 ''; 51 '';
52 }]; 52 }];
53 apache = rec { 53 apache = rec {
54 user = "wwwrun";
55 group = "wwwrun";
56 modules = [ "proxy_fcgi" ]; 54 modules = [ "proxy_fcgi" ];
57 webappName = "aten_${app.environment}"; 55 webappName = "aten_${app.environment}";
58 root = "/run/current-system/webapps/${webappName}"; 56 root = "/run/current-system/webapps/${webappName}";
@@ -97,8 +95,8 @@
97 activationScript = { 95 activationScript = {
98 deps = [ "wrappers" ]; 96 deps = [ "wrappers" ];
99 text = '' 97 text = ''
100 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} 98 install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}
101 install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions 99 install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions
102 ''; 100 '';
103 }; 101 };
104} 102}
diff --git a/modules/private/websites/aten/integration.nix b/modules/private/websites/aten/integration.nix
new file mode 100644
index 0000000..790c5a9
--- /dev/null
+++ b/modules/private/websites/aten/integration.nix
@@ -0,0 +1,34 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 aten = pkgs.callPackage ./builder.nix {
4 inherit (pkgs.webapps) aten;
5 config = myconfig.env.websites.aten.integration;
6 apacheUser = config.services.httpd.Inte.user;
7 apacheGroup = config.services.httpd.Inte.group;
8 };
9
10 cfg = config.myServices.websites.aten.integration;
11in {
12 options.myServices.websites.aten.integration.enable = lib.mkEnableOption "enable Aten's website in integration";
13
14 config = lib.mkIf cfg.enable {
15 secrets.keys = aten.keys;
16 services.myPhpfpm.preStart.aten_dev = aten.phpFpm.preStart;
17 services.myPhpfpm.serviceDependencies.aten_dev = aten.phpFpm.serviceDeps;
18 services.myPhpfpm.poolConfigs.aten_dev = aten.phpFpm.pool;
19 system.activationScripts.aten_dev = aten.activationScript;
20 system.extraSystemBuilderCmds = ''
21 mkdir -p $out/webapps
22 ln -s ${aten.app.webRoot} $out/webapps/${aten.apache.webappName}
23 '';
24 services.websites.integration.modules = aten.apache.modules;
25 services.websites.integration.vhostConfs.aten = {
26 certName = "eldiron";
27 addToCerts = true;
28 hosts = [ "dev.aten.pro" ];
29 root = aten.apache.root;
30 extraConfig = [ aten.apache.vhostConf ];
31 };
32 };
33}
34
diff --git a/modules/private/websites/aten/production.nix b/modules/private/websites/aten/production.nix
new file mode 100644
index 0000000..697f1b8
--- /dev/null
+++ b/modules/private/websites/aten/production.nix
@@ -0,0 +1,36 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 aten = pkgs.callPackage ./builder.nix {
4 inherit (pkgs.webapps) aten;
5 config = myconfig.env.websites.aten.production;
6 apacheUser = config.services.httpd.Prod.user;
7 apacheGroup = config.services.httpd.Prod.group;
8 };
9
10 cfg = config.myServices.websites.aten.production;
11in {
12 options.myServices.websites.aten.production.enable = lib.mkEnableOption "enable Aten's website in production";
13
14 config = lib.mkIf cfg.enable {
15 secrets.keys = aten.keys;
16 services.webstats.sites = [ { name = "aten.pro"; } ];
17
18 services.myPhpfpm.preStart.aten_prod = aten.phpFpm.preStart;
19 services.myPhpfpm.serviceDependencies.aten_prod = aten.phpFpm.serviceDeps;
20 services.myPhpfpm.poolConfigs.aten_prod = aten.phpFpm.pool;
21 system.activationScripts.aten_prod = aten.activationScript;
22 system.extraSystemBuilderCmds = ''
23 mkdir -p $out/webapps
24 ln -s ${aten.app.webRoot} $out/webapps/${aten.apache.webappName}
25 '';
26 services.websites.production.modules = aten.apache.modules;
27 services.websites.production.vhostConfs.aten = {
28 certName = "aten";
29 certMainHost = "aten.pro";
30 hosts = [ "aten.pro" "www.aten.pro" ];
31 root = aten.apache.root;
32 extraConfig = [ aten.apache.vhostConf ];
33 };
34 };
35}
36
diff --git a/nixops/modules/websites/capitaines/mastodon_static/index.html b/modules/private/websites/capitaines/mastodon_static/index.html
index fae4152..fae4152 100644
--- a/nixops/modules/websites/capitaines/mastodon_static/index.html
+++ b/modules/private/websites/capitaines/mastodon_static/index.html
diff --git a/nixops/modules/websites/capitaines/mastodon_static/oops.png b/modules/private/websites/capitaines/mastodon_static/oops.png
index 0abddad..0abddad 100644
--- a/nixops/modules/websites/capitaines/mastodon_static/oops.png
+++ b/modules/private/websites/capitaines/mastodon_static/oops.png
Binary files differ
diff --git a/nixops/modules/websites/capitaines/default.nix b/modules/private/websites/capitaines/production.nix
index 4bbf488..fe9c619 100644
--- a/nixops/modules/websites/capitaines/default.nix
+++ b/modules/private/websites/capitaines/production.nix
@@ -1,18 +1,14 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, myconfig, ... }:
2let 2let
3 cfg = config.services.myWebsites.Capitaines; 3 cfg = config.myServices.websites.capitaines.production;
4 env = myconfig.env.websites.capitaines; 4 env = myconfig.env.websites.capitaines;
5 webappName = "capitaines_mastodon"; 5 webappName = "capitaines_mastodon";
6 root = "/run/current-system/webapps/${webappName}"; 6 root = "/run/current-system/webapps/${webappName}";
7 siteDir = ./mastodon_static; 7 siteDir = ./mastodon_static;
8in { 8in {
9 options.services.myWebsites.Capitaines = { 9 options.myServices.websites.capitaines.production.enable = lib.mkEnableOption "enable Capitaines's website";
10 production = {
11 enable = lib.mkEnableOption "enable Capitaines's website";
12 };
13 };
14 10
15 config = lib.mkIf cfg.production.enable { 11 config = lib.mkIf cfg.enable {
16 system.extraSystemBuilderCmds = '' 12 system.extraSystemBuilderCmds = ''
17 mkdir -p $out/webapps 13 mkdir -p $out/webapps
18 ln -s ${siteDir} $out/webapps/${webappName} 14 ln -s ${siteDir} $out/webapps/${webappName}
diff --git a/nixops/modules/websites/chloe/chloe.nix b/modules/private/websites/chloe/builder.nix
index 2847b9d..7b72b97 100644
--- a/nixops/modules/websites/chloe/chloe.nix
+++ b/modules/private/websites/chloe/builder.nix
@@ -1,4 +1,4 @@
1{ chloe, config }: 1{ apacheUser, apacheGroup, chloe, config }:
2rec { 2rec {
3 app = chloe.override { inherit (config) environment; }; 3 app = chloe.override { inherit (config) environment; };
4 phpFpm = rec { 4 phpFpm = rec {
@@ -6,10 +6,10 @@ rec {
6 socket = "/var/run/phpfpm/chloe-${app.environment}.sock"; 6 socket = "/var/run/phpfpm/chloe-${app.environment}.sock";
7 pool = '' 7 pool = ''
8 listen = ${socket} 8 listen = ${socket}
9 user = ${apache.user} 9 user = ${apacheUser}
10 group = ${apache.group} 10 group = ${apacheGroup}
11 listen.owner = ${apache.user} 11 listen.owner = ${apacheUser}
12 listen.group = ${apache.group} 12 listen.group = ${apacheGroup}
13 php_admin_value[upload_max_filesize] = 20M 13 php_admin_value[upload_max_filesize] = 20M
14 php_admin_value[post_max_size] = 20M 14 php_admin_value[post_max_size] = 20M
15 ;php_admin_flag[log_errors] = on 15 ;php_admin_flag[log_errors] = on
@@ -29,8 +29,8 @@ rec {
29 }; 29 };
30 keys = [{ 30 keys = [{
31 dest = "webapps/${app.environment}-chloe"; 31 dest = "webapps/${app.environment}-chloe";
32 user = apache.user; 32 user = apacheUser;
33 group = apache.group; 33 group = apacheGroup;
34 permissions = "0400"; 34 permissions = "0400";
35 text = '' 35 text = ''
36 SetEnv SPIP_CONFIG_DIR "${configDir}" 36 SetEnv SPIP_CONFIG_DIR "${configDir}"
@@ -49,8 +49,6 @@ rec {
49 ''; 49 '';
50 }]; 50 }];
51 apache = rec { 51 apache = rec {
52 user = "wwwrun";
53 group = "wwwrun";
54 modules = [ "proxy_fcgi" ]; 52 modules = [ "proxy_fcgi" ];
55 webappName = "chloe_${app.environment}"; 53 webappName = "chloe_${app.environment}";
56 root = "/run/current-system/webapps/${webappName}"; 54 root = "/run/current-system/webapps/${webappName}";
@@ -97,9 +95,9 @@ rec {
97 activationScript = { 95 activationScript = {
98 deps = [ "wrappers" ]; 96 deps = [ "wrappers" ];
99 text = '' 97 text = ''
100 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local 98 install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local
101 install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions 99 install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions
102 ''; 100 '';
103 }; 101 };
104 configDir = ./chloe_config_ + app.environment; 102 configDir = ./config;
105} 103}
diff --git a/nixops/modules/websites/chloe/chloe_config_dev/chmod.php b/modules/private/websites/chloe/config/chmod.php
index aae16cd..aae16cd 100644
--- a/nixops/modules/websites/chloe/chloe_config_dev/chmod.php
+++ b/modules/private/websites/chloe/config/chmod.php
diff --git a/nixops/modules/websites/chloe/chloe_config_dev/connect.php b/modules/private/websites/chloe/config/connect.php
index 18b0933..18b0933 100644
--- a/nixops/modules/websites/chloe/chloe_config_dev/connect.php
+++ b/modules/private/websites/chloe/config/connect.php
diff --git a/nixops/modules/websites/chloe/chloe_config_dev/ldap.php b/modules/private/websites/chloe/config/ldap.php
index 825b7ed..825b7ed 100644
--- a/nixops/modules/websites/chloe/chloe_config_dev/ldap.php
+++ b/modules/private/websites/chloe/config/ldap.php
diff --git a/modules/private/websites/chloe/integration.nix b/modules/private/websites/chloe/integration.nix
new file mode 100644
index 0000000..458e414
--- /dev/null
+++ b/modules/private/websites/chloe/integration.nix
@@ -0,0 +1,35 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 chloe = pkgs.callPackage ./builder.nix {
4 inherit (pkgs.webapps) chloe;
5 config = myconfig.env.websites.chloe.integration;
6 apacheUser = config.services.httpd.Inte.user;
7 apacheGroup = config.services.httpd.Inte.group;
8 };
9
10 cfg = config.myServices.websites.chloe.integration;
11in {
12 options.myServices.websites.chloe.integration.enable = lib.mkEnableOption "enable Chloe's website in integration";
13
14 config = lib.mkIf cfg.enable {
15 secrets.keys = chloe.keys;
16 services.myPhpfpm.serviceDependencies.chloe_dev = chloe.phpFpm.serviceDeps;
17 services.myPhpfpm.poolConfigs.chloe_dev = chloe.phpFpm.pool;
18 services.myPhpfpm.poolPhpConfigs.chloe_dev = ''
19 extension=${pkgs.php}/lib/php/extensions/mysqli.so
20 '';
21 system.activationScripts.chloe_dev = chloe.activationScript;
22 system.extraSystemBuilderCmds = ''
23 mkdir -p $out/webapps
24 ln -s ${chloe.app.webRoot} $out/webapps/${chloe.apache.webappName}
25 '';
26 services.websites.integration.modules = chloe.apache.modules;
27 services.websites.integration.vhostConfs.chloe = {
28 certName = "eldiron";
29 addToCerts = true;
30 hosts = ["chloe.immae.eu" ];
31 root = chloe.apache.root;
32 extraConfig = [ chloe.apache.vhostConf ];
33 };
34 };
35}
diff --git a/modules/private/websites/chloe/production.nix b/modules/private/websites/chloe/production.nix
new file mode 100644
index 0000000..0eafebd
--- /dev/null
+++ b/modules/private/websites/chloe/production.nix
@@ -0,0 +1,37 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 chloe = pkgs.callPackage ./builder.nix {
4 inherit (pkgs.webapps) chloe;
5 config = myconfig.env.websites.chloe.production;
6 apacheUser = config.services.httpd.Prod.user;
7 apacheGroup = config.services.httpd.Prod.group;
8 };
9
10 cfg = config.myServices.websites.chloe.production;
11in {
12 options.myServices.websites.chloe.production.enable = lib.mkEnableOption "enable Chloe's website in production";
13
14 config = lib.mkIf cfg.enable {
15 secrets.keys = chloe.keys;
16 services.webstats.sites = [ { name = "osteopathe-cc.fr"; } ];
17
18 services.myPhpfpm.serviceDependencies.chloe_prod = chloe.phpFpm.serviceDeps;
19 services.myPhpfpm.poolConfigs.chloe_prod = chloe.phpFpm.pool;
20 services.myPhpfpm.poolPhpConfigs.chloe_prod = ''
21 extension=${pkgs.php}/lib/php/extensions/mysqli.so
22 '';
23 system.activationScripts.chloe_prod = chloe.activationScript;
24 system.extraSystemBuilderCmds = ''
25 mkdir -p $out/webapps
26 ln -s ${chloe.app.webRoot} $out/webapps/${chloe.apache.webappName}
27 '';
28 services.websites.production.modules = chloe.apache.modules;
29 services.websites.production.vhostConfs.chloe = {
30 certName = "chloe";
31 certMainHost = "osteopathe-cc.fr";
32 hosts = ["osteopathe-cc.fr" "www.osteopathe-cc.fr" ];
33 root = chloe.apache.root;
34 extraConfig = [ chloe.apache.vhostConf ];
35 };
36 };
37}
diff --git a/modules/private/websites/commons/adminer.nix b/modules/private/websites/commons/adminer.nix
new file mode 100644
index 0000000..98ab461
--- /dev/null
+++ b/modules/private/websites/commons/adminer.nix
@@ -0,0 +1,21 @@
1{}:
2rec {
3 phpFpm = {
4 socket = "/var/run/phpfpm/adminer.sock";
5 };
6 apache = rec {
7 modules = [ "proxy_fcgi" ];
8 webappName = "_adminer";
9 root = "/run/current-system/webapps/${webappName}";
10 vhostConf = ''
11 Alias /adminer ${root}
12 <Directory ${root}>
13 DirectoryIndex index.php
14 Require all granted
15 <FilesMatch "\.php$">
16 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
17 </FilesMatch>
18 </Directory>
19 '';
20 };
21}
diff --git a/nixops/modules/websites/connexionswing/connexionswing.nix b/modules/private/websites/connexionswing/builder.nix
index 77b839c..1224420 100644
--- a/nixops/modules/websites/connexionswing/connexionswing.nix
+++ b/modules/private/websites/connexionswing/builder.nix
@@ -1,10 +1,10 @@
1{ connexionswing, pkgs, phpPackages, config }: 1{ apacheUser, apacheGroup, connexionswing, pkgs, phpPackages, config }:
2rec { 2rec {
3 app = connexionswing.override { inherit (config) environment; }; 3 app = connexionswing.override { inherit (config) environment; };
4 keys = [{ 4 keys = [{
5 dest = "webapps/${app.environment}-connexionswing"; 5 dest = "webapps/${app.environment}-connexionswing";
6 user = apache.user; 6 user = apacheUser;
7 group = apache.group; 7 group = apacheGroup;
8 permissions = "0400"; 8 permissions = "0400";
9 text = '' 9 text = ''
10 # This file is auto-generated during the composer install 10 # This file is auto-generated during the composer install
@@ -37,7 +37,7 @@ rec {
37 "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \ 37 "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \
38 || ! sha512sum -c --status ${app.varDir}/currentKey; then 38 || ! sha512sum -c --status ${app.varDir}/currentKey; then
39 pushd ${app} > /dev/null 39 pushd ${app} > /dev/null
40 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${app.environment} cache:clear --no-warmup 40 /run/wrappers/bin/sudo -u ${apacheUser} ./bin/console --env=${app.environment} cache:clear --no-warmup
41 popd > /dev/null 41 popd > /dev/null
42 echo -n "${app}" > ${app.varDir}/currentWebappDir 42 echo -n "${app}" > ${app.varDir}/currentWebappDir
43 sha512sum /var/secrets/webapps/${app.environment}-connexionswing > ${app.varDir}/currentKey 43 sha512sum /var/secrets/webapps/${app.environment}-connexionswing > ${app.varDir}/currentKey
@@ -50,10 +50,10 @@ rec {
50 ''; 50 '';
51 pool = '' 51 pool = ''
52 listen = ${socket} 52 listen = ${socket}
53 user = ${apache.user} 53 user = ${apacheUser}
54 group = ${apache.group} 54 group = ${apacheGroup}
55 listen.owner = ${apache.user} 55 listen.owner = ${apacheUser}
56 listen.group = ${apache.group} 56 listen.group = ${apacheGroup}
57 php_admin_value[upload_max_filesize] = 20M 57 php_admin_value[upload_max_filesize] = 20M
58 php_admin_value[post_max_size] = 20M 58 php_admin_value[post_max_size] = 20M
59 ;php_admin_flag[log_errors] = on 59 ;php_admin_flag[log_errors] = on
@@ -73,8 +73,6 @@ rec {
73 ''}''; 73 ''}'';
74 }; 74 };
75 apache = rec { 75 apache = rec {
76 user = "wwwrun";
77 group = "wwwrun";
78 modules = [ "proxy_fcgi" ]; 76 modules = [ "proxy_fcgi" ];
79 webappName = "connexionswing_${app.environment}"; 77 webappName = "connexionswing_${app.environment}";
80 root = "/run/current-system/webapps/${webappName}"; 78 root = "/run/current-system/webapps/${webappName}";
@@ -156,11 +154,11 @@ rec {
156 activationScript = { 154 activationScript = {
157 deps = [ "wrappers" ]; 155 deps = [ "wrappers" ];
158 text = '' 156 text = ''
159 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} \ 157 install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} \
160 ${app.varDir}/medias \ 158 ${app.varDir}/medias \
161 ${app.varDir}/uploads \ 159 ${app.varDir}/uploads \
162 ${app.varDir}/var 160 ${app.varDir}/var
163 install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions 161 install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions
164 ''; 162 '';
165 }; 163 };
166} 164}
diff --git a/modules/private/websites/connexionswing/integration.nix b/modules/private/websites/connexionswing/integration.nix
new file mode 100644
index 0000000..c3425bd
--- /dev/null
+++ b/modules/private/websites/connexionswing/integration.nix
@@ -0,0 +1,35 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 connexionswing = pkgs.callPackage ./builder.nix {
4 inherit (pkgs.webapps) connexionswing;
5 config = myconfig.env.websites.connexionswing.integration;
6 apacheUser = config.services.httpd.Inte.user;
7 apacheGroup = config.services.httpd.Inte.group;
8 };
9
10 cfg = config.myServices.websites.connexionswing.integration;
11in {
12 options.myServices.websites.connexionswing.integration.enable = lib.mkEnableOption "enable Connexionswing's website in integration";
13
14 config = lib.mkIf cfg.enable {
15 secrets.keys = connexionswing.keys;
16 services.myPhpfpm.preStart.connexionswing_dev = connexionswing.phpFpm.preStart;
17 services.myPhpfpm.serviceDependencies.connexionswing_dev = connexionswing.phpFpm.serviceDeps;
18 services.myPhpfpm.poolConfigs.connexionswing_dev = connexionswing.phpFpm.pool;
19 services.myPhpfpm.poolPhpConfigs.connexionswing_dev = connexionswing.phpFpm.phpConfig;
20 system.activationScripts.connexionswing_dev = connexionswing.activationScript;
21 system.extraSystemBuilderCmds = ''
22 mkdir -p $out/webapps
23 ln -s ${connexionswing.app.webRoot} $out/webapps/${connexionswing.apache.webappName}
24 '';
25 services.websites.integration.modules = connexionswing.apache.modules;
26 services.websites.integration.vhostConfs.connexionswing = {
27 certName = "eldiron";
28 addToCerts = true;
29 hosts = ["connexionswing.immae.eu" "sandetludo.immae.eu" ];
30 root = connexionswing.apache.root;
31 extraConfig = [ connexionswing.apache.vhostConf ];
32 };
33 };
34}
35
diff --git a/modules/private/websites/connexionswing/production.nix b/modules/private/websites/connexionswing/production.nix
new file mode 100644
index 0000000..8f28f46
--- /dev/null
+++ b/modules/private/websites/connexionswing/production.nix
@@ -0,0 +1,37 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 connexionswing = pkgs.callPackage ./builder.nix {
4 inherit (pkgs.webapps) connexionswing;
5 config = myconfig.env.websites.connexionswing.production;
6 apacheUser = config.services.httpd.Prod.user;
7 apacheGroup = config.services.httpd.Prod.group;
8 };
9
10 cfg = config.myServices.websites.connexionswing.production;
11in {
12 options.myServices.websites.connexionswing.production.enable = lib.mkEnableOption "enable Connexionswing's website in production";
13
14 config = lib.mkIf cfg.enable {
15 secrets.keys = connexionswing.keys;
16 services.webstats.sites = [ { name = "connexionswing.com"; } ];
17
18 services.myPhpfpm.preStart.connexionswing_prod = connexionswing.phpFpm.preStart;
19 services.myPhpfpm.serviceDependencies.connexionswing_prod = connexionswing.phpFpm.serviceDeps;
20 services.myPhpfpm.poolConfigs.connexionswing_prod = connexionswing.phpFpm.pool;
21 services.myPhpfpm.poolPhpConfigs.connexionswing_prod = connexionswing.phpFpm.phpConfig;
22 system.activationScripts.connexionswing_prod = connexionswing.activationScript;
23 system.extraSystemBuilderCmds = ''
24 mkdir -p $out/webapps
25 ln -s ${connexionswing.app.webRoot} $out/webapps/${connexionswing.apache.webappName}
26 '';
27 services.websites.production.modules = connexionswing.apache.modules;
28 services.websites.production.vhostConfs.connexionswing = {
29 certName = "connexionswing";
30 certMainHost = "connexionswing.com";
31 hosts = ["connexionswing.com" "sandetludo.com" "www.connexionswing.com" "www.sandetludo.com" ];
32 root = connexionswing.apache.root;
33 extraConfig = [ connexionswing.apache.vhostConf ];
34 };
35 };
36}
37
diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix
new file mode 100644
index 0000000..80d902e
--- /dev/null
+++ b/modules/private/websites/default.nix
@@ -0,0 +1,39 @@
1{ ... }:
2{
3 config.myServices.websites.aten.integration.enable = true;
4 config.myServices.websites.aten.production.enable = true;
5
6 config.myServices.websites.capitaines.production.enable = true;
7
8 config.myServices.websites.chloe.integration.enable = true;
9 config.myServices.websites.chloe.production.enable = true;
10
11 config.myServices.websites.connexionswing.integration.enable = true;
12 config.myServices.websites.connexionswing.production.enable = true;
13
14 config.myServices.websites.denisejerome.production.enable = true;
15
16 config.myServices.websites.emilia.production.enable = true;
17
18 config.myServices.websites.florian.app.enable = true;
19 config.myServices.websites.florian.integration.enable = true;
20 config.myServices.websites.florian.production.enable = true;
21
22 config.myServices.websites.immae.production.enable = true;
23 config.myServices.websites.immae.release.enable = true;
24 config.myServices.websites.immae.temp.enable = true;
25
26 config.myServices.websites.leila.production.enable = true;
27
28 config.myServices.websites.ludivinecassal.integration.enable = true;
29 config.myServices.websites.ludivinecassal.production.enable = true;
30
31 config.myServices.websites.nassime.production.enable = true;
32
33 config.myServices.websites.naturaloutil.production.enable = true;
34
35 config.myServices.websites.papa.surveillance.enable = true;
36
37 config.myServices.websites.piedsjaloux.integration.enable = true;
38 config.myServices.websites.piedsjaloux.production.enable = true;
39}
diff --git a/nixops/modules/websites/ftp/denisejerome.nix b/modules/private/websites/denisejerome/production.nix
index 884fb62..b5aff94 100644
--- a/nixops/modules/websites/ftp/denisejerome.nix
+++ b/modules/private/websites/denisejerome/production.nix
@@ -1,16 +1,12 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, myconfig, ... }:
2let 2let
3 cfg = config.services.myWebsites.DeniseJerome; 3 cfg = config.myServices.websites.denisejerome.production;
4 varDir = "/var/lib/ftp/denisejerome"; 4 varDir = "/var/lib/ftp/denisejerome";
5 env = myconfig.env.websites.denisejerome; 5 env = myconfig.env.websites.denisejerome;
6in { 6in {
7 options.services.myWebsites.DeniseJerome = { 7 options.myServices.websites.denisejerome.production.enable = lib.mkEnableOption "enable Denise Jerome's website";
8 production = {
9 enable = lib.mkEnableOption "enable Denise Jerome's website";
10 };
11 };
12 8
13 config = lib.mkIf cfg.production.enable { 9 config = lib.mkIf cfg.enable {
14 services.webstats.sites = [ { name = "denisejerome.piedsjaloux.fr"; } ]; 10 services.webstats.sites = [ { name = "denisejerome.piedsjaloux.fr"; } ];
15 11
16 services.websites.production.vhostConfs.denisejerome = { 12 services.websites.production.vhostConfs.denisejerome = {
diff --git a/nixops/modules/websites/emilia/moodle/pause.html b/modules/private/websites/emilia/moodle/pause.html
index 8b99c59..8b99c59 100644
--- a/nixops/modules/websites/emilia/moodle/pause.html
+++ b/modules/private/websites/emilia/moodle/pause.html
diff --git a/nixops/modules/websites/emilia/default.nix b/modules/private/websites/emilia/production.nix
index 47257b7..2e705a1 100644
--- a/nixops/modules/websites/emilia/default.nix
+++ b/modules/private/websites/emilia/production.nix
@@ -1,6 +1,6 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, myconfig, ... }:
2let 2let
3 cfg = config.services.myWebsites.Emilia; 3 cfg = config.myServices.websites.emilia.production;
4 env = myconfig.env.websites.emilia; 4 env = myconfig.env.websites.emilia;
5 varDir = "/var/lib/moodle"; 5 varDir = "/var/lib/moodle";
6 siteDir = ./moodle; 6 siteDir = ./moodle;
@@ -40,13 +40,9 @@ let
40 // it is intentional because it prevents trailing whitespace problems! 40 // it is intentional because it prevents trailing whitespace problems!
41 ''; 41 '';
42in { 42in {
43 options.services.myWebsites.Emilia = { 43 options.myServices.websites.emilia.production.enable = lib.mkEnableOption "enable Emilia's website";
44 production = {
45 enable = lib.mkEnableOption "enable Emilia's website";
46 };
47 };
48 44
49 config = lib.mkIf cfg.production.enable { 45 config = lib.mkIf cfg.enable {
50 system.activationScripts.emilia = '' 46 system.activationScripts.emilia = ''
51 install -m 0755 -o wwwrun -g wwwrun -d ${varDir} 47 install -m 0755 -o wwwrun -g wwwrun -d ${varDir}
52 ''; 48 '';
diff --git a/nixops/modules/websites/tellesflorian/default.nix b/modules/private/websites/florian/app.nix
index bbbde07..08506e1 100644
--- a/nixops/modules/websites/tellesflorian/default.nix
+++ b/modules/private/websites/florian/app.nix
@@ -2,37 +2,35 @@
2let 2let
3 adminer = pkgs.callPackage ../commons/adminer.nix {}; 3 adminer = pkgs.callPackage ../commons/adminer.nix {};
4 4
5 tellesflorian_dev = pkgs.callPackage ./tellesflorian.nix { 5 tellesflorian = pkgs.callPackage ./builder_app.nix {
6 inherit (pkgs.webapps) tellesflorian; 6 inherit (pkgs.webapps) tellesflorian;
7 config = myconfig.env.websites.tellesflorian.integration; 7 config = myconfig.env.websites.tellesflorian.integration;
8 apacheUser = config.services.httpd.Inte.user;
9 apacheGroup = config.services.httpd.Inte.group;
8 }; 10 };
9 11
10 cfg = config.services.myWebsites.TellesFlorian; 12 cfg = config.myServices.websites.florian.app;
11in { 13in {
12 options.services.myWebsites.TellesFlorian = { 14 options.myServices.websites.florian.app.enable = lib.mkEnableOption "enable Florian's app in integration";
13 integration = {
14 enable = lib.mkEnableOption "enable Florian Telles's website in integration";
15 };
16 };
17 15
18 config = lib.mkIf cfg.integration.enable { 16 config = lib.mkIf cfg.enable {
19 secrets.keys = tellesflorian_dev.keys; 17 secrets.keys = tellesflorian.keys;
20 services.myPhpfpm.preStart.tellesflorian_dev = tellesflorian_dev.phpFpm.preStart; 18 services.myPhpfpm.preStart.tellesflorian_dev = tellesflorian.phpFpm.preStart;
21 services.myPhpfpm.serviceDependencies.tellesflorian_dev = tellesflorian_dev.phpFpm.serviceDeps; 19 services.myPhpfpm.serviceDependencies.tellesflorian_dev = tellesflorian.phpFpm.serviceDeps;
22 services.myPhpfpm.poolConfigs.tellesflorian_dev = tellesflorian_dev.phpFpm.pool; 20 services.myPhpfpm.poolConfigs.tellesflorian_dev = tellesflorian.phpFpm.pool;
23 system.activationScripts.tellesflorian_dev = tellesflorian_dev.activationScript; 21 system.activationScripts.tellesflorian_dev = tellesflorian.activationScript;
24 system.extraSystemBuilderCmds = '' 22 system.extraSystemBuilderCmds = ''
25 mkdir -p $out/webapps 23 mkdir -p $out/webapps
26 ln -s ${tellesflorian_dev.app.webRoot} $out/webapps/${tellesflorian_dev.apache.webappName} 24 ln -s ${tellesflorian.app.webRoot} $out/webapps/${tellesflorian.apache.webappName}
27 ''; 25 '';
28 services.websites.integration.modules = adminer.apache.modules ++ tellesflorian_dev.apache.modules; 26 services.websites.integration.modules = adminer.apache.modules ++ tellesflorian.apache.modules;
29 services.websites.integration.vhostConfs.tellesflorian = { 27 services.websites.integration.vhostConfs.tellesflorian = {
30 certName = "eldiron"; 28 certName = "eldiron";
31 addToCerts = true; 29 addToCerts = true;
32 hosts = ["app.tellesflorian.com" ]; 30 hosts = ["app.tellesflorian.com" ];
33 root = tellesflorian_dev.apache.root; 31 root = tellesflorian.apache.root;
34 extraConfig = [ 32 extraConfig = [
35 tellesflorian_dev.apache.vhostConf 33 tellesflorian.apache.vhostConf
36 adminer.apache.vhostConf 34 adminer.apache.vhostConf
37 ]; 35 ];
38 }; 36 };
diff --git a/nixops/modules/websites/tellesflorian/tellesflorian.nix b/modules/private/websites/florian/builder_app.nix
index 5955431..e521f6e 100644
--- a/nixops/modules/websites/tellesflorian/tellesflorian.nix
+++ b/modules/private/websites/florian/builder_app.nix
@@ -1,11 +1,11 @@
1{ tellesflorian, config }: 1{ apacheUser, apacheGroup, tellesflorian, config }:
2rec { 2rec {
3 app = tellesflorian.override { inherit (config) environment; }; 3 app = tellesflorian.override { inherit (config) environment; };
4 keys = [ 4 keys = [
5 { 5 {
6 dest = "webapps/${app.environment}-tellesflorian-passwords"; 6 dest = "webapps/${app.environment}-tellesflorian-passwords";
7 user = apache.user; 7 user = apacheUser;
8 group = apache.group; 8 group = apacheGroup;
9 permissions = "0400"; 9 permissions = "0400";
10 text = '' 10 text = ''
11 invite:${config.invite_passwords} 11 invite:${config.invite_passwords}
@@ -13,8 +13,8 @@ rec {
13 } 13 }
14 { 14 {
15 dest = "webapps/${app.environment}-tellesflorian"; 15 dest = "webapps/${app.environment}-tellesflorian";
16 user = apache.user; 16 user = apacheUser;
17 group = apache.group; 17 group = apacheGroup;
18 permissions = "0400"; 18 permissions = "0400";
19 text = '' 19 text = ''
20 # This file is auto-generated during the composer install 20 # This file is auto-generated during the composer install
@@ -49,10 +49,10 @@ rec {
49 socket = "/var/run/phpfpm/floriantelles-${app.environment}.sock"; 49 socket = "/var/run/phpfpm/floriantelles-${app.environment}.sock";
50 pool = '' 50 pool = ''
51 listen = ${socket} 51 listen = ${socket}
52 user = ${apache.user} 52 user = ${apacheUser}
53 group = ${apache.group} 53 group = ${apacheGroup}
54 listen.owner = ${apache.user} 54 listen.owner = ${apacheUser}
55 listen.group = ${apache.group} 55 listen.group = ${apacheGroup}
56 php_admin_value[upload_max_filesize] = 20M 56 php_admin_value[upload_max_filesize] = 20M
57 php_admin_value[post_max_size] = 20M 57 php_admin_value[post_max_size] = 20M
58 ;php_admin_flag[log_errors] = on 58 ;php_admin_flag[log_errors] = on
@@ -72,8 +72,6 @@ rec {
72 ''}''; 72 ''}'';
73 }; 73 };
74 apache = rec { 74 apache = rec {
75 user = "wwwrun";
76 group = "wwwrun";
77 modules = [ "proxy_fcgi" ]; 75 modules = [ "proxy_fcgi" ];
78 webappName = "florian_${app.environment}"; 76 webappName = "florian_${app.environment}";
79 root = "/run/current-system/webapps/${webappName}"; 77 root = "/run/current-system/webapps/${webappName}";
@@ -146,9 +144,9 @@ rec {
146 activationScript = { 144 activationScript = {
147 deps = [ "wrappers" ]; 145 deps = [ "wrappers" ];
148 text = '' 146 text = ''
149 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} \ 147 install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} \
150 ${app.varDir}/var 148 ${app.varDir}/var
151 install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions 149 install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions
152 ''; 150 '';
153 }; 151 };
154} 152}
diff --git a/modules/private/websites/florian/integration.nix b/modules/private/websites/florian/integration.nix
new file mode 100644
index 0000000..424ebd4
--- /dev/null
+++ b/modules/private/websites/florian/integration.nix
@@ -0,0 +1,34 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 adminer = pkgs.callPackage ../commons/adminer.nix {};
4 cfg = config.myServices.websites.florian.integration;
5 varDir = "/var/lib/ftp/florian";
6 env = myconfig.env.websites.florian;
7in {
8 options.myServices.websites.florian.integration.enable = lib.mkEnableOption "enable Florian's website integration";
9
10 config = lib.mkIf cfg.enable {
11 security.acme.certs."ftp".extraDomains."florian.immae.eu" = null;
12
13 services.websites.integration.modules = adminer.apache.modules;
14 services.websites.integration.vhostConfs.florian = {
15 certName = "eldiron";
16 addToCerts = true;
17 hosts = [ "florian.immae.eu" ];
18 root = "${varDir}/florian.immae.eu";
19 extraConfig = [
20 adminer.apache.vhostConf
21 ''
22 ServerAdmin ${env.server_admin}
23
24 <Directory ${varDir}/florian.immae.eu>
25 DirectoryIndex index.php index.htm index.html
26 Options Indexes FollowSymLinks MultiViews Includes
27 AllowOverride None
28 Require all granted
29 </Directory>
30 ''
31 ];
32 };
33 };
34}
diff --git a/modules/private/websites/florian/production.nix b/modules/private/websites/florian/production.nix
new file mode 100644
index 0000000..9b310b8
--- /dev/null
+++ b/modules/private/websites/florian/production.nix
@@ -0,0 +1,34 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 adminer = pkgs.callPackage ../commons/adminer.nix {};
4 cfg = config.myServices.websites.florian.production;
5 varDir = "/var/lib/ftp/florian";
6 env = myconfig.env.websites.florian;
7in {
8 options.myServices.websites.florian.production.enable = lib.mkEnableOption "enable Florian's website production";
9
10 config = lib.mkIf cfg.enable {
11 security.acme.certs."ftp".extraDomains."tellesflorian.com" = null;
12
13 services.websites.production.modules = adminer.apache.modules;
14 services.websites.production.vhostConfs.florian = {
15 certName = "florian";
16 certMainHost = "tellesflorian.com";
17 hosts = [ "tellesflorian.com" "www.tellesflorian.com" ];
18 root = "${varDir}/tellesflorian.com";
19 extraConfig = [
20 adminer.apache.vhostConf
21 ''
22 ServerAdmin ${env.server_admin}
23
24 <Directory ${varDir}/tellesflorian.com>
25 DirectoryIndex index.php index.htm index.html
26 Options Indexes FollowSymLinks MultiViews Includes
27 AllowOverride None
28 Require all granted
29 </Directory>
30 ''
31 ];
32 };
33 };
34}
diff --git a/nixops/modules/websites/ftp/immae.nix b/modules/private/websites/immae/production.nix
index 2ba30a1..58cf048 100644
--- a/nixops/modules/websites/ftp/immae.nix
+++ b/modules/private/websites/immae/production.nix
@@ -1,16 +1,12 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, myconfig, ... }:
2let 2let
3 cfg = config.services.myWebsites.Immae; 3 cfg = config.myServices.websites.immae.production;
4 varDir = "/var/lib/ftp/immae"; 4 varDir = "/var/lib/ftp/immae";
5 env = myconfig.env.websites.immae; 5 env = myconfig.env.websites.immae;
6in { 6in {
7 options.services.myWebsites.Immae = { 7 options.myServices.websites.immae.production.enable = lib.mkEnableOption "enable Immae's website";
8 production = {
9 enable = lib.mkEnableOption "enable Immae's website";
10 };
11 };
12 8
13 config = lib.mkIf cfg.production.enable { 9 config = lib.mkIf cfg.enable {
14 services.webstats.sites = [ { name = "www.immae.eu"; } ]; 10 services.webstats.sites = [ { name = "www.immae.eu"; } ];
15 11
16 services.myPhpfpm.poolConfigs.immae = '' 12 services.myPhpfpm.poolConfigs.immae = ''
diff --git a/nixops/modules/websites/ftp/release.nix b/modules/private/websites/immae/release.nix
index db3487f..68381a6 100644
--- a/nixops/modules/websites/ftp/release.nix
+++ b/modules/private/websites/immae/release.nix
@@ -1,16 +1,12 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, myconfig, ... }:
2let 2let
3 cfg = config.services.myWebsites.Release; 3 cfg = config.myServices.websites.immae.release;
4 varDir = "/var/lib/ftp/release.immae.eu"; 4 varDir = "/var/lib/ftp/release.immae.eu";
5 env = myconfig.env.websites.release; 5 env = myconfig.env.websites.release;
6in { 6in {
7 options.services.myWebsites.Release = { 7 options.myServices.websites.immae.release.enable = lib.mkEnableOption "enable Release' website";
8 production = {
9 enable = lib.mkEnableOption "enable Release' website";
10 };
11 };
12 8
13 config = lib.mkIf cfg.production.enable { 9 config = lib.mkIf cfg.enable {
14 services.webstats.sites = [ { name = "release.immae.eu"; } ]; 10 services.webstats.sites = [ { name = "release.immae.eu"; } ];
15 11
16 services.websites.production.vhostConfs.release = { 12 services.websites.production.vhostConfs.release = {
diff --git a/nixops/modules/websites/ftp/temp.nix b/modules/private/websites/immae/temp.nix
index 86dfde3..0b2a3a3 100644
--- a/nixops/modules/websites/ftp/temp.nix
+++ b/modules/private/websites/immae/temp.nix
@@ -1,16 +1,12 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, myconfig, ... }:
2let 2let
3 cfg = config.services.myWebsites.Temp; 3 cfg = config.myServices.websites.immae.temp;
4 varDir = "/var/lib/ftp/temp.immae.eu"; 4 varDir = "/var/lib/ftp/temp.immae.eu";
5 env = myconfig.env.websites.temp; 5 env = myconfig.env.websites.temp;
6in { 6in {
7 options.services.myWebsites.Temp = { 7 options.myServices.websites.immae.temp.enable = lib.mkEnableOption "enable Temp' website";
8 production = {
9 enable = lib.mkEnableOption "enable Temp' website";
10 };
11 };
12 8
13 config = lib.mkIf cfg.production.enable { 9 config = lib.mkIf cfg.enable {
14 services.websites.production.modules = [ "headers" ]; 10 services.websites.production.modules = [ "headers" ];
15 services.websites.production.vhostConfs.temp = { 11 services.websites.production.vhostConfs.temp = {
16 certName = "eldiron"; 12 certName = "eldiron";
diff --git a/modules/private/websites/leila/production.nix b/modules/private/websites/leila/production.nix
new file mode 100644
index 0000000..1ce8eea
--- /dev/null
+++ b/modules/private/websites/leila/production.nix
@@ -0,0 +1,82 @@
1{ lib, pkgs, config, ... }:
2let
3 cfg = config.myServices.websites.leila.production;
4 varDir = "/var/lib/ftp/leila";
5in {
6 options.myServices.websites.leila.production.enable = lib.mkEnableOption "enable Leila's website in production";
7
8 config = lib.mkIf cfg.enable {
9 services.myPhpfpm.poolConfigs.leila = ''
10 listen = /run/phpfpm/leila.sock
11 user = wwwrun
12 group = wwwrun
13 listen.owner = wwwrun
14 listen.group = wwwrun
15
16 pm = ondemand
17 pm.max_children = 5
18 pm.process_idle_timeout = 60
19
20 php_admin_value[open_basedir] = "${varDir}:/tmp"
21 '';
22
23 services.webstats.sites = [
24 { name = "leila.bouya.org"; }
25 { name = "chorale.leila.bouya.org"; }
26 ];
27
28 services.websites.production.modules = [ "proxy_fcgi" ];
29 services.websites.production.vhostConfs.leila_chorale = {
30 certName = "leila";
31 addToCerts = true;
32 hosts = [ "chorale.leila.bouya.org" "chorale-vocanta.fr.nf" "www.chorale-vocanta.fr.nf" ];
33 root = "${varDir}/Chorale";
34 extraConfig = [
35 ''
36 Use Stats chorale.leila.bouya.org
37 <Directory ${varDir}/Chorale>
38 DirectoryIndex index.php index.htm index.html
39 Options Indexes FollowSymLinks MultiViews Includes
40 AllowOverride None
41
42 Use LDAPConnect
43 Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
44
45 <FilesMatch "\.php$">
46 SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost"
47 </FilesMatch>
48 </Directory>
49 ''
50 ];
51 };
52 services.websites.production.vhostConfs.leila = {
53 certName = "leila";
54 certMainHost = "leila.bouya.org";
55 hosts = [ "leila.bouya.org" ];
56 root = varDir;
57 extraConfig = [
58 ''
59 Use Stats leila.bouya.org
60 <Directory ${varDir}/Chorale>
61 DirectoryIndex index.htm index.html
62 Options Indexes FollowSymLinks MultiViews Includes
63 AllowOverride None
64
65 Use LDAPConnect
66 Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
67
68 <FilesMatch "\.php$">
69 SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost"
70 </FilesMatch>
71 </Directory>
72 <Directory ${varDir}>
73 DirectoryIndex index.htm index.html
74 Options Indexes FollowSymLinks MultiViews Includes
75 AllowOverride None
76 Require all granted
77 </Directory>
78 ''
79 ];
80 };
81 };
82}
diff --git a/nixops/modules/websites/ludivine/ludivinecassal.nix b/modules/private/websites/ludivinecassal/builder.nix
index 39fd088..3167bce 100644
--- a/nixops/modules/websites/ludivine/ludivinecassal.nix
+++ b/modules/private/websites/ludivinecassal/builder.nix
@@ -1,11 +1,11 @@
1{ config, ludivinecassal, pkgs, ruby, sass, imagemagick }: 1{ apacheUser, apacheGroup, config, ludivinecassal, pkgs, ruby, sass, imagemagick }:
2rec { 2rec {
3 app = ludivinecassal.override { inherit (config) environment; }; 3 app = ludivinecassal.override { inherit (config) environment; };
4 varDir = "/var/lib/ludivinecassal_${app.environment}"; 4 varDir = "/var/lib/ludivinecassal_${app.environment}";
5 keys = [{ 5 keys = [{
6 dest = "webapps/${app.environment}-ludivinecassal"; 6 dest = "webapps/${app.environment}-ludivinecassal";
7 user = apache.user; 7 user = apacheUser;
8 group = apache.group; 8 group = apacheGroup;
9 permissions = "0400"; 9 permissions = "0400";
10 text = '' 10 text = ''
11 # This file is auto-generated during the composer install 11 # This file is auto-generated during the composer install
@@ -45,7 +45,7 @@ rec {
45 "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \ 45 "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \
46 || ! sha512sum -c --status ${app.varDir}/currentKey; then 46 || ! sha512sum -c --status ${app.varDir}/currentKey; then
47 pushd ${app} > /dev/null 47 pushd ${app} > /dev/null
48 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${app.environment} cache:clear --no-warmup 48 /run/wrappers/bin/sudo -u ${apacheUser} ./bin/console --env=${app.environment} cache:clear --no-warmup
49 popd > /dev/null 49 popd > /dev/null
50 echo -n "${app}" > ${app.varDir}/currentWebappDir 50 echo -n "${app}" > ${app.varDir}/currentWebappDir
51 sha512sum /var/secrets/webapps/${app.environment}-ludivinecassal > ${app.varDir}/currentKey 51 sha512sum /var/secrets/webapps/${app.environment}-ludivinecassal > ${app.varDir}/currentKey
@@ -55,10 +55,10 @@ rec {
55 socket = "/var/run/phpfpm/ludivinecassal-${app.environment}.sock"; 55 socket = "/var/run/phpfpm/ludivinecassal-${app.environment}.sock";
56 pool = '' 56 pool = ''
57 listen = ${socket} 57 listen = ${socket}
58 user = ${apache.user} 58 user = ${apacheUser}
59 group = ${apache.group} 59 group = ${apacheGroup}
60 listen.owner = ${apache.user} 60 listen.owner = ${apacheUser}
61 listen.group = ${apache.group} 61 listen.group = ${apacheGroup}
62 php_admin_value[upload_max_filesize] = 20M 62 php_admin_value[upload_max_filesize] = 20M
63 php_admin_value[post_max_size] = 20M 63 php_admin_value[post_max_size] = 20M
64 ;php_admin_flag[log_errors] = on 64 ;php_admin_flag[log_errors] = on
@@ -78,8 +78,6 @@ rec {
78 ''}''; 78 ''}'';
79 }; 79 };
80 apache = rec { 80 apache = rec {
81 user = "wwwrun";
82 group = "wwwrun";
83 modules = [ "proxy_fcgi" ]; 81 modules = [ "proxy_fcgi" ];
84 webappName = "ludivine_${app.environment}"; 82 webappName = "ludivine_${app.environment}";
85 root = "/run/current-system/webapps/${webappName}"; 83 root = "/run/current-system/webapps/${webappName}";
@@ -149,9 +147,9 @@ rec {
149 activationScript = { 147 activationScript = {
150 deps = [ "wrappers" ]; 148 deps = [ "wrappers" ];
151 text = '' 149 text = ''
152 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} 150 install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}
153 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/tmp 151 install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/tmp
154 install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions 152 install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions
155 ''; 153 '';
156 }; 154 };
157} 155}
diff --git a/modules/private/websites/ludivinecassal/integration.nix b/modules/private/websites/ludivinecassal/integration.nix
new file mode 100644
index 0000000..0be067b
--- /dev/null
+++ b/modules/private/websites/ludivinecassal/integration.nix
@@ -0,0 +1,34 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 ludivinecassal = pkgs.callPackage ./builder.nix {
4 inherit (pkgs.webapps) ludivinecassal;
5 config = myconfig.env.websites.ludivinecassal.integration;
6 apacheUser = config.services.httpd.Inte.user;
7 apacheGroup = config.services.httpd.Inte.group;
8 };
9
10 cfg = config.myServices.websites.ludivinecassal.integration;
11in {
12 options.myServices.websites.ludivinecassal.integration.enable = lib.mkEnableOption "enable Ludivine's website in integration";
13
14 config = lib.mkIf cfg.enable {
15 secrets.keys = ludivinecassal.keys;
16
17 services.myPhpfpm.preStart.ludivinecassal_dev = ludivinecassal.phpFpm.preStart;
18 services.myPhpfpm.serviceDependencies.ludivinecassal_dev = ludivinecassal.phpFpm.serviceDeps;
19 services.myPhpfpm.poolConfigs.ludivinecassal_dev = ludivinecassal.phpFpm.pool;
20 system.activationScripts.ludivinecassal_dev = ludivinecassal.activationScript;
21 system.extraSystemBuilderCmds = ''
22 mkdir -p $out/webapps
23 ln -s ${ludivinecassal.app.webRoot} $out/webapps/${ludivinecassal.apache.webappName}
24 '';
25 services.websites.integration.modules = ludivinecassal.apache.modules;
26 services.websites.integration.vhostConfs.ludivine = {
27 certName = "eldiron";
28 addToCerts = true;
29 hosts = [ "ludivine.immae.eu" ];
30 root = ludivinecassal.apache.root;
31 extraConfig = [ ludivinecassal.apache.vhostConf ];
32 };
33 };
34}
diff --git a/modules/private/websites/ludivinecassal/production.nix b/modules/private/websites/ludivinecassal/production.nix
new file mode 100644
index 0000000..c5de698
--- /dev/null
+++ b/modules/private/websites/ludivinecassal/production.nix
@@ -0,0 +1,35 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 ludivinecassal = pkgs.callPackage ./builder.nix {
4 inherit (pkgs.webapps) ludivinecassal;
5 config = myconfig.env.websites.ludivinecassal.production;
6 apacheUser = config.services.httpd.Prod.user;
7 apacheGroup = config.services.httpd.Prod.group;
8 };
9
10 cfg = config.myServices.websites.ludivinecassal.production;
11in {
12 options.myServices.websites.ludivinecassal.production.enable = lib.mkEnableOption "enable Ludivine's website in production";
13
14 config = lib.mkIf cfg.enable {
15 secrets.keys = ludivinecassal.keys;
16 services.webstats.sites = [ { name = "ludivinecassal.com"; } ];
17
18 services.myPhpfpm.preStart.ludivinecassal_prod = ludivinecassal.phpFpm.preStart;
19 services.myPhpfpm.serviceDependencies.ludivinecassal_prod = ludivinecassal.phpFpm.serviceDeps;
20 services.myPhpfpm.poolConfigs.ludivinecassal_prod = ludivinecassal.phpFpm.pool;
21 system.activationScripts.ludivinecassal_prod = ludivinecassal.activationScript;
22 system.extraSystemBuilderCmds = ''
23 mkdir -p $out/webapps
24 ln -s ${ludivinecassal.app.webRoot} $out/webapps/${ludivinecassal.apache.webappName}
25 '';
26 services.websites.production.modules = ludivinecassal.apache.modules;
27 services.websites.production.vhostConfs.ludivine = {
28 certName = "ludivinecassal";
29 certMainHost = "ludivinecassal.com";
30 hosts = ["ludivinecassal.com" "www.ludivinecassal.com" ];
31 root = ludivinecassal.apache.root;
32 extraConfig = [ ludivinecassal.apache.vhostConf ];
33 };
34 };
35}
diff --git a/nixops/modules/websites/ftp/nassime.nix b/modules/private/websites/nassime/production.nix
index 3c982d3..a109778 100644
--- a/nixops/modules/websites/ftp/nassime.nix
+++ b/modules/private/websites/nassime/production.nix
@@ -1,16 +1,12 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, myconfig, ... }:
2let 2let
3 cfg = config.services.myWebsites.Nassime; 3 cfg = config.myServices.websites.nassime.production;
4 varDir = "/var/lib/ftp/nassime"; 4 varDir = "/var/lib/ftp/nassime";
5 env = myconfig.env.websites.nassime; 5 env = myconfig.env.websites.nassime;
6in { 6in {
7 options.services.myWebsites.Nassime = { 7 options.myServices.websites.nassime.production.enable = lib.mkEnableOption "enable Nassime's website";
8 production = {
9 enable = lib.mkEnableOption "enable Nassime's website";
10 };
11 };
12 8
13 config = lib.mkIf cfg.production.enable { 9 config = lib.mkIf cfg.enable {
14 services.webstats.sites = [ { name = "nassime.bouya.org"; } ]; 10 services.webstats.sites = [ { name = "nassime.bouya.org"; } ];
15 11
16 security.acme.certs."ftp".extraDomains."nassime.bouya.org" = null; 12 security.acme.certs."ftp".extraDomains."nassime.bouya.org" = null;
diff --git a/nixops/modules/websites/ftp/jerome.nix b/modules/private/websites/naturaloutil/production.nix
index d00c42d..b6cf069 100644
--- a/nixops/modules/websites/ftp/jerome.nix
+++ b/modules/private/websites/naturaloutil/production.nix
@@ -1,17 +1,13 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, myconfig, ... }:
2let 2let
3 adminer = pkgs.callPackage ../commons/adminer.nix {}; 3 adminer = pkgs.callPackage ../commons/adminer.nix {};
4 cfg = config.services.myWebsites.Jerome; 4 cfg = config.myServices.websites.naturaloutil.production;
5 varDir = "/var/lib/ftp/jerome"; 5 varDir = "/var/lib/ftp/jerome";
6 env = myconfig.env.websites.jerome; 6 env = myconfig.env.websites.jerome;
7in { 7in {
8 options.services.myWebsites.Jerome = { 8 options.myServices.websites.naturaloutil.production.enable = lib.mkEnableOption "enable Naturaloutil's website";
9 production = {
10 enable = lib.mkEnableOption "enable Jerome's website";
11 };
12 };
13 9
14 config = lib.mkIf cfg.production.enable { 10 config = lib.mkIf cfg.enable {
15 services.webstats.sites = [ { name = "naturaloutil.immae.eu"; } ]; 11 services.webstats.sites = [ { name = "naturaloutil.immae.eu"; } ];
16 12
17 security.acme.certs."ftp".extraDomains."naturaloutil.immae.eu" = null; 13 security.acme.certs."ftp".extraDomains."naturaloutil.immae.eu" = null;
diff --git a/nixops/modules/websites/ftp/papa.nix b/modules/private/websites/papa/surveillance.nix
index c8d05ef..8e7cd9d 100644
--- a/nixops/modules/websites/ftp/papa.nix
+++ b/modules/private/websites/papa/surveillance.nix
@@ -1,15 +1,11 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, myconfig, ... }:
2let 2let
3 cfg = config.services.myWebsites.Papa; 3 cfg = config.myServices.websites.papa.surveillance;
4 varDir = "/var/lib/ftp/papa"; 4 varDir = "/var/lib/ftp/papa";
5in { 5in {
6 options.services.myWebsites.Papa = { 6 options.myServices.websites.papa.surveillance.enable = lib.mkEnableOption "enable Papa surveillance's website";
7 production = {
8 enable = lib.mkEnableOption "enable Papa's website";
9 };
10 };
11 7
12 config = lib.mkIf cfg.production.enable { 8 config = lib.mkIf cfg.enable {
13 security.acme.certs."ftp".extraDomains."surveillance.maison.bbc.bouya.org" = null; 9 security.acme.certs."ftp".extraDomains."surveillance.maison.bbc.bouya.org" = null;
14 10
15 services.cron = { 11 services.cron = {
diff --git a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix b/modules/private/websites/piedsjaloux/builder.nix
index 97f8946..9fcc8fb 100644
--- a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix
+++ b/modules/private/websites/piedsjaloux/builder.nix
@@ -1,11 +1,11 @@
1{ piedsjaloux, config, pkgs, lib, texlive, imagemagick }: 1{ apacheUser, apacheGroup, piedsjaloux, config, pkgs, lib, texlive, imagemagick }:
2rec { 2rec {
3 app = piedsjaloux.override { inherit (config) environment; }; 3 app = piedsjaloux.override { inherit (config) environment; };
4 varDir = "/var/lib/piedsjaloux_${app.environment}"; 4 varDir = "/var/lib/piedsjaloux_${app.environment}";
5 keys = [{ 5 keys = [{
6 dest = "webapps/${app.environment}-piedsjaloux"; 6 dest = "webapps/${app.environment}-piedsjaloux";
7 user = apache.user; 7 user = apacheUser;
8 group = apache.group; 8 group = apacheGroup;
9 permissions = "0400"; 9 permissions = "0400";
10 text = '' 10 text = ''
11 # This file is auto-generated during the composer install 11 # This file is auto-generated during the composer install
@@ -33,7 +33,7 @@ rec {
33 "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \ 33 "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \
34 || ! sha512sum -c --status ${app.varDir}/currentKey; then 34 || ! sha512sum -c --status ${app.varDir}/currentKey; then
35 pushd ${app} > /dev/null 35 pushd ${app} > /dev/null
36 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${app.environment} cache:clear --no-warmup 36 /run/wrappers/bin/sudo -u ${apacheUser} ./bin/console --env=${app.environment} cache:clear --no-warmup
37 popd > /dev/null 37 popd > /dev/null
38 echo -n "${app}" > ${app.varDir}/currentWebappDir 38 echo -n "${app}" > ${app.varDir}/currentWebappDir
39 sha512sum /var/secrets/webapps/${app.environment}-piedsjaloux > ${app.varDir}/currentKey 39 sha512sum /var/secrets/webapps/${app.environment}-piedsjaloux > ${app.varDir}/currentKey
@@ -43,10 +43,10 @@ rec {
43 socket = "/var/run/phpfpm/piedsjaloux-${app.environment}.sock"; 43 socket = "/var/run/phpfpm/piedsjaloux-${app.environment}.sock";
44 pool = '' 44 pool = ''
45 listen = ${socket} 45 listen = ${socket}
46 user = ${apache.user} 46 user = ${apacheUser}
47 group = ${apache.group} 47 group = ${apacheGroup}
48 listen.owner = ${apache.user} 48 listen.owner = ${apacheUser}
49 listen.group = ${apache.group} 49 listen.group = ${apacheGroup}
50 php_admin_value[upload_max_filesize] = 20M 50 php_admin_value[upload_max_filesize] = 20M
51 php_admin_value[post_max_size] = 20M 51 php_admin_value[post_max_size] = 20M
52 ;php_admin_flag[log_errors] = on 52 ;php_admin_flag[log_errors] = on
@@ -67,8 +67,6 @@ rec {
67 ''}''; 67 ''}'';
68 }; 68 };
69 apache = rec { 69 apache = rec {
70 user = "wwwrun";
71 group = "wwwrun";
72 modules = [ "proxy_fcgi" ]; 70 modules = [ "proxy_fcgi" ];
73 webappName = "piedsjaloux_${app.environment}"; 71 webappName = "piedsjaloux_${app.environment}";
74 root = "/run/current-system/webapps/${webappName}"; 72 root = "/run/current-system/webapps/${webappName}";
@@ -138,9 +136,9 @@ rec {
138 activationScript = { 136 activationScript = {
139 deps = [ "wrappers" ]; 137 deps = [ "wrappers" ];
140 text = '' 138 text = ''
141 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} \ 139 install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} \
142 ${app.varDir}/tmp 140 ${app.varDir}/tmp
143 install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions 141 install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions
144 ''; 142 '';
145 }; 143 };
146} 144}
diff --git a/modules/private/websites/piedsjaloux/integration.nix b/modules/private/websites/piedsjaloux/integration.nix
new file mode 100644
index 0000000..6249e85
--- /dev/null
+++ b/modules/private/websites/piedsjaloux/integration.nix
@@ -0,0 +1,34 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 piedsjaloux = pkgs.callPackage ./builder.nix {
4 inherit (pkgs.webapps) piedsjaloux;
5 config = myconfig.env.websites.piedsjaloux.integration;
6 apacheUser = config.services.httpd.Inte.user;
7 apacheGroup = config.services.httpd.Inte.group;
8 };
9
10 cfg = config.myServices.websites.piedsjaloux.integration;
11in {
12 options.myServices.websites.piedsjaloux.integration.enable = lib.mkEnableOption "enable PiedsJaloux's website in integration";
13
14 config = lib.mkIf cfg.enable {
15 secrets.keys = piedsjaloux.keys;
16 services.myPhpfpm.preStart.piedsjaloux_dev = piedsjaloux.phpFpm.preStart;
17 services.myPhpfpm.serviceDependencies.piedsjaloux_dev = piedsjaloux.phpFpm.serviceDeps;
18 services.myPhpfpm.poolConfigs.piedsjaloux_dev = piedsjaloux.phpFpm.pool;
19 system.activationScripts.piedsjaloux_dev = piedsjaloux.activationScript;
20 system.extraSystemBuilderCmds = ''
21 mkdir -p $out/webapps
22 ln -s ${piedsjaloux.app.webRoot} $out/webapps/${piedsjaloux.apache.webappName}
23 '';
24 services.websites.integration.modules = piedsjaloux.apache.modules;
25 services.websites.integration.vhostConfs.piedsjaloux = {
26 certName = "eldiron";
27 addToCerts = true;
28 hosts = [ "piedsjaloux.immae.eu" ];
29 root = piedsjaloux.apache.root;
30 extraConfig = [ piedsjaloux.apache.vhostConf ];
31 };
32 };
33}
34
diff --git a/modules/private/websites/piedsjaloux/production.nix b/modules/private/websites/piedsjaloux/production.nix
new file mode 100644
index 0000000..afa1667
--- /dev/null
+++ b/modules/private/websites/piedsjaloux/production.nix
@@ -0,0 +1,36 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 piedsjaloux = pkgs.callPackage ./builder.nix {
4 inherit (pkgs.webapps) piedsjaloux;
5 config = myconfig.env.websites.piedsjaloux.production;
6 apacheUser = config.services.httpd.Prod.user;
7 apacheGroup = config.services.httpd.Prod.group;
8 };
9
10 cfg = config.myServices.websites.piedsjaloux.production;
11in {
12 options.myServices.websites.piedsjaloux.production.enable = lib.mkEnableOption "enable PiedsJaloux's website in production";
13
14 config = lib.mkIf cfg.enable {
15 secrets.keys = piedsjaloux.keys;
16 services.webstats.sites = [ { name = "piedsjaloux.fr"; } ];
17
18 services.myPhpfpm.preStart.piedsjaloux_prod = piedsjaloux.phpFpm.preStart;
19 services.myPhpfpm.serviceDependencies.piedsjaloux_prod = piedsjaloux.phpFpm.serviceDeps;
20 services.myPhpfpm.poolConfigs.piedsjaloux_prod = piedsjaloux.phpFpm.pool;
21 system.activationScripts.piedsjaloux_prod = piedsjaloux.activationScript;
22 system.extraSystemBuilderCmds = ''
23 mkdir -p $out/webapps
24 ln -s ${piedsjaloux.app.webRoot} $out/webapps/${piedsjaloux.apache.webappName}
25 '';
26 services.websites.production.modules = piedsjaloux.apache.modules;
27 services.websites.production.vhostConfs.piedsjaloux = {
28 certName = "piedsjaloux";
29 certMainHost = "piedsjaloux.fr";
30 hosts = [ "piedsjaloux.fr" "www.piedsjaloux.fr" ];
31 root = piedsjaloux.apache.root;
32 extraConfig = [ piedsjaloux.apache.vhostConf ];
33 };
34 };
35}
36
diff --git a/nixops/modules/websites/aten/default.nix b/nixops/modules/websites/aten/default.nix
deleted file mode 100644
index a9e75b6..0000000
--- a/nixops/modules/websites/aten/default.nix
+++ /dev/null
@@ -1,66 +0,0 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 aten_dev = pkgs.callPackage ./aten.nix {
4 inherit (pkgs.webapps) aten;
5 config = myconfig.env.websites.aten.integration;
6 };
7 aten_prod = pkgs.callPackage ./aten.nix {
8 inherit (pkgs.webapps) aten;
9 config = myconfig.env.websites.aten.production;
10 };
11
12 cfg = config.services.myWebsites.Aten;
13in {
14 options.services.myWebsites.Aten = {
15 production = {
16 enable = lib.mkEnableOption "enable Aten's website in production";
17 };
18 integration = {
19 enable = lib.mkEnableOption "enable Aten's website in integration";
20 };
21 };
22
23 config = lib.mkMerge [
24 (lib.mkIf cfg.production.enable {
25 secrets.keys = aten_prod.keys;
26 services.webstats.sites = [ { name = "aten.pro"; } ];
27
28 services.myPhpfpm.preStart.aten_prod = aten_prod.phpFpm.preStart;
29 services.myPhpfpm.serviceDependencies.aten_prod = aten_prod.phpFpm.serviceDeps;
30 services.myPhpfpm.poolConfigs.aten_prod = aten_prod.phpFpm.pool;
31 system.activationScripts.aten_prod = aten_prod.activationScript;
32 system.extraSystemBuilderCmds = ''
33 mkdir -p $out/webapps
34 ln -s ${aten_prod.app.webRoot} $out/webapps/${aten_prod.apache.webappName}
35 '';
36 services.websites.production.modules = aten_prod.apache.modules;
37 services.websites.production.vhostConfs.aten = {
38 certName = "aten";
39 certMainHost = "aten.pro";
40 hosts = [ "aten.pro" "www.aten.pro" ];
41 root = aten_prod.apache.root;
42 extraConfig = [ aten_prod.apache.vhostConf ];
43 };
44 })
45 (lib.mkIf cfg.integration.enable {
46 secrets.keys = aten_dev.keys;
47 services.myPhpfpm.preStart.aten_dev = aten_dev.phpFpm.preStart;
48 services.myPhpfpm.serviceDependencies.aten_dev = aten_dev.phpFpm.serviceDeps;
49 services.myPhpfpm.poolConfigs.aten_dev = aten_dev.phpFpm.pool;
50 system.activationScripts.aten_dev = aten_dev.activationScript;
51 system.extraSystemBuilderCmds = ''
52 mkdir -p $out/webapps
53 ln -s ${aten_dev.app.webRoot} $out/webapps/${aten_dev.apache.webappName}
54 '';
55 services.websites.integration.modules = aten_dev.apache.modules;
56 services.websites.integration.vhostConfs.aten = {
57 certName = "eldiron";
58 addToCerts = true;
59 hosts = [ "dev.aten.pro" ];
60 root = aten_dev.apache.root;
61 extraConfig = [ aten_dev.apache.vhostConf ];
62 };
63 })
64 ];
65}
66
diff --git a/nixops/modules/websites/chloe/chloe_config_prod/chmod.php b/nixops/modules/websites/chloe/chloe_config_prod/chmod.php
deleted file mode 100644
index aae16cd..0000000
--- a/nixops/modules/websites/chloe/chloe_config_prod/chmod.php
+++ /dev/null
@@ -1,4 +0,0 @@
1<?php
2if (!defined("_ECRIRE_INC_VERSION")) return;
3if (!defined('_SPIP_CHMOD')) define('_SPIP_CHMOD', 0777);
4?> \ No newline at end of file
diff --git a/nixops/modules/websites/chloe/chloe_config_prod/connect.php b/nixops/modules/websites/chloe/chloe_config_prod/connect.php
deleted file mode 100644
index 18b0933..0000000
--- a/nixops/modules/websites/chloe/chloe_config_prod/connect.php
+++ /dev/null
@@ -1,15 +0,0 @@
1<?php
2if (!defined("_ECRIRE_INC_VERSION")) return;
3define('_MYSQL_SET_SQL_MODE',true);
4$GLOBALS['spip_connect_version'] = 0.7;
5spip_connect_db(
6 getenv("SPIP_MYSQL_HOST"),
7 getenv("SPIP_MYSQL_PORT"),
8 getenv("SPIP_MYSQL_USER"),
9 getenv("SPIP_MYSQL_PASSWORD"),
10 getenv("SPIP_MYSQL_DB"),
11 'mysql',
12 'spip',
13 'ldap.php'
14);
15?>
diff --git a/nixops/modules/websites/chloe/chloe_config_prod/ldap.php b/nixops/modules/websites/chloe/chloe_config_prod/ldap.php
deleted file mode 100644
index 825b7ed..0000000
--- a/nixops/modules/websites/chloe/chloe_config_prod/ldap.php
+++ /dev/null
@@ -1,9 +0,0 @@
1<?php
2if (!defined("_ECRIRE_INC_VERSION")) return;
3$GLOBALS['ldap_base'] = getenv("SPIP_LDAP_BASE");
4$GLOBALS['ldap_link'] = @ldap_connect(getenv("SPIP_LDAP_HOST"));
5@ldap_set_option($GLOBALS['ldap_link'],LDAP_OPT_PROTOCOL_VERSION,'3');
6@ldap_bind($GLOBALS['ldap_link'],getenv("SPIP_LDAP_SEARCH_DN"), getenv("SPIP_LDAP_SEARCH_PW"));
7$GLOBALS['ldap_champs'] = array('login' => array('sAMAccountName','uid','login','userid','cn','sn'),'nom' => 'cn','email' => 'mail','bio' => 'description',);
8$GLOBALS['ldap_search'] = getenv("SPIP_LDAP_SEARCH");
9?>
diff --git a/nixops/modules/websites/chloe/default.nix b/nixops/modules/websites/chloe/default.nix
deleted file mode 100644
index 8e801b5..0000000
--- a/nixops/modules/websites/chloe/default.nix
+++ /dev/null
@@ -1,69 +0,0 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 chloe_dev = pkgs.callPackage ./chloe.nix {
4 inherit (pkgs.webapps) chloe;
5 config = myconfig.env.websites.chloe.integration;
6 };
7 chloe_prod = pkgs.callPackage ./chloe.nix {
8 inherit (pkgs.webapps) chloe;
9 config = myconfig.env.websites.chloe.production;
10 };
11
12 cfg = config.services.myWebsites.Chloe;
13in {
14 options.services.myWebsites.Chloe = {
15 production = {
16 enable = lib.mkEnableOption "enable Chloe's website in production";
17 };
18 integration = {
19 enable = lib.mkEnableOption "enable Chloe's website in integration";
20 };
21 };
22
23 config = lib.mkMerge [
24 (lib.mkIf cfg.production.enable {
25 secrets.keys = chloe_prod.keys;
26 services.webstats.sites = [ { name = "osteopathe-cc.fr"; } ];
27
28 services.myPhpfpm.serviceDependencies.chloe_prod = chloe_prod.phpFpm.serviceDeps;
29 services.myPhpfpm.poolConfigs.chloe_prod = chloe_prod.phpFpm.pool;
30 services.myPhpfpm.poolPhpConfigs.chloe_prod = ''
31 extension=${pkgs.php}/lib/php/extensions/mysqli.so
32 '';
33 system.activationScripts.chloe_prod = chloe_prod.activationScript;
34 system.extraSystemBuilderCmds = ''
35 mkdir -p $out/webapps
36 ln -s ${chloe_prod.app.webRoot} $out/webapps/${chloe_prod.apache.webappName}
37 '';
38 services.websites.production.modules = chloe_prod.apache.modules;
39 services.websites.production.vhostConfs.chloe = {
40 certName = "chloe";
41 certMainHost = "osteopathe-cc.fr";
42 hosts = ["osteopathe-cc.fr" "www.osteopathe-cc.fr" ];
43 root = chloe_prod.apache.root;
44 extraConfig = [ chloe_prod.apache.vhostConf ];
45 };
46 })
47 (lib.mkIf cfg.integration.enable {
48 secrets.keys = chloe_dev.keys;
49 services.myPhpfpm.serviceDependencies.chloe_dev = chloe_dev.phpFpm.serviceDeps;
50 services.myPhpfpm.poolConfigs.chloe_dev = chloe_dev.phpFpm.pool;
51 services.myPhpfpm.poolPhpConfigs.chloe_dev = ''
52 extension=${pkgs.php}/lib/php/extensions/mysqli.so
53 '';
54 system.activationScripts.chloe_dev = chloe_dev.activationScript;
55 system.extraSystemBuilderCmds = ''
56 mkdir -p $out/webapps
57 ln -s ${chloe_dev.app.webRoot} $out/webapps/${chloe_dev.apache.webappName}
58 '';
59 services.websites.integration.modules = chloe_dev.apache.modules;
60 services.websites.integration.vhostConfs.chloe = {
61 certName = "eldiron";
62 addToCerts = true;
63 hosts = ["chloe.immae.eu" ];
64 root = chloe_dev.apache.root;
65 extraConfig = [ chloe_dev.apache.vhostConf ];
66 };
67 })
68 ];
69}
diff --git a/nixops/modules/websites/connexionswing/default.nix b/nixops/modules/websites/connexionswing/default.nix
deleted file mode 100644
index 20c5166..0000000
--- a/nixops/modules/websites/connexionswing/default.nix
+++ /dev/null
@@ -1,68 +0,0 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 connexionswing_dev = pkgs.callPackage ./connexionswing.nix {
4 inherit (pkgs.webapps) connexionswing;
5 config = myconfig.env.websites.connexionswing.integration;
6 };
7 connexionswing_prod = pkgs.callPackage ./connexionswing.nix {
8 inherit (pkgs.webapps) connexionswing;
9 config = myconfig.env.websites.connexionswing.production;
10 };
11
12 cfg = config.services.myWebsites.Connexionswing;
13in {
14 options.services.myWebsites.Connexionswing = {
15 production = {
16 enable = lib.mkEnableOption "enable Connexionswing's website in production";
17 };
18 integration = {
19 enable = lib.mkEnableOption "enable Connexionswing's website in integration";
20 };
21 };
22
23 config = lib.mkMerge [
24 (lib.mkIf cfg.production.enable {
25 secrets.keys = connexionswing_prod.keys;
26 services.webstats.sites = [ { name = "connexionswing.com"; } ];
27
28 services.myPhpfpm.preStart.connexionswing_prod = connexionswing_prod.phpFpm.preStart;
29 services.myPhpfpm.serviceDependencies.connexionswing_prod = connexionswing_prod.phpFpm.serviceDeps;
30 services.myPhpfpm.poolConfigs.connexionswing_prod = connexionswing_prod.phpFpm.pool;
31 services.myPhpfpm.poolPhpConfigs.connexionswing_prod = connexionswing_prod.phpFpm.phpConfig;
32 system.activationScripts.connexionswing_prod = connexionswing_prod.activationScript;
33 system.extraSystemBuilderCmds = ''
34 mkdir -p $out/webapps
35 ln -s ${connexionswing_prod.app.webRoot} $out/webapps/${connexionswing_prod.apache.webappName}
36 '';
37 services.websites.production.modules = connexionswing_prod.apache.modules;
38 services.websites.production.vhostConfs.connexionswing = {
39 certName = "connexionswing";
40 certMainHost = "connexionswing.com";
41 hosts = ["connexionswing.com" "sandetludo.com" "www.connexionswing.com" "www.sandetludo.com" ];
42 root = connexionswing_prod.apache.root;
43 extraConfig = [ connexionswing_prod.apache.vhostConf ];
44 };
45 })
46 (lib.mkIf cfg.integration.enable {
47 secrets.keys = connexionswing_dev.keys;
48 services.myPhpfpm.preStart.connexionswing_dev = connexionswing_dev.phpFpm.preStart;
49 services.myPhpfpm.serviceDependencies.connexionswing_dev = connexionswing_dev.phpFpm.serviceDeps;
50 services.myPhpfpm.poolConfigs.connexionswing_dev = connexionswing_dev.phpFpm.pool;
51 services.myPhpfpm.poolPhpConfigs.connexionswing_dev = connexionswing_dev.phpFpm.phpConfig;
52 system.activationScripts.connexionswing_dev = connexionswing_dev.activationScript;
53 system.extraSystemBuilderCmds = ''
54 mkdir -p $out/webapps
55 ln -s ${connexionswing_dev.app.webRoot} $out/webapps/${connexionswing_dev.apache.webappName}
56 '';
57 services.websites.integration.modules = connexionswing_dev.apache.modules;
58 services.websites.integration.vhostConfs.connexionswing = {
59 certName = "eldiron";
60 addToCerts = true;
61 hosts = ["connexionswing.immae.eu" "sandetludo.immae.eu" ];
62 root = connexionswing_dev.apache.root;
63 extraConfig = [ connexionswing_dev.apache.vhostConf ];
64 };
65 })
66 ];
67}
68
diff --git a/nixops/modules/websites/default.nix b/nixops/modules/websites/default.nix
index 432ad3c..584892a 100644
--- a/nixops/modules/websites/default.nix
+++ b/nixops/modules/websites/default.nix
@@ -66,23 +66,6 @@ let
66in 66in
67{ 67{
68 imports = [ 68 imports = [
69 ./chloe
70 ./ludivine
71 ./aten
72 ./piedsjaloux
73 ./connexionswing
74 ./tellesflorian
75 ./emilia
76 ./capitaines
77 ./ftp/jerome.nix
78 ./ftp/nassime.nix
79 ./ftp/florian.nix
80 ./ftp/denisejerome.nix
81 ./ftp/leila.nix
82 ./ftp/papa.nix
83 ./ftp/immae.nix
84 ./ftp/release.nix
85 ./ftp/temp.nix
86 ./tools/db.nix 69 ./tools/db.nix
87 ./tools/tools 70 ./tools/tools
88 ./tools/dav 71 ./tools/dav
@@ -133,31 +116,6 @@ in
133 services.myWebsites.tools.etherpad-lite.enable = true; 116 services.myWebsites.tools.etherpad-lite.enable = true;
134 services.myWebsites.tools.peertube.enable = true; 117 services.myWebsites.tools.peertube.enable = true;
135 118
136 services.myWebsites.Chloe.production.enable = true;
137 services.myWebsites.Ludivine.production.enable = true;
138 services.myWebsites.Aten.production.enable = true;
139 services.myWebsites.PiedsJaloux.production.enable = true;
140 services.myWebsites.Connexionswing.production.enable = true;
141 services.myWebsites.Jerome.production.enable = true;
142 services.myWebsites.Nassime.production.enable = true;
143 services.myWebsites.Florian.production.enable = true;
144 services.myWebsites.Leila.production.enable = true;
145 services.myWebsites.Papa.production.enable = true;
146 services.myWebsites.DeniseJerome.production.enable = true;
147 services.myWebsites.Emilia.production.enable = true;
148 services.myWebsites.Capitaines.production.enable = true;
149 services.myWebsites.Immae.production.enable = true;
150 services.myWebsites.Release.production.enable = true;
151 services.myWebsites.Temp.production.enable = true;
152
153 services.myWebsites.Chloe.integration.enable = true;
154 services.myWebsites.Ludivine.integration.enable = true;
155 services.myWebsites.Aten.integration.enable = true;
156 services.myWebsites.PiedsJaloux.integration.enable = true;
157 services.myWebsites.Connexionswing.integration.enable = true;
158 services.myWebsites.TellesFlorian.integration.enable = true;
159 services.myWebsites.Florian.integration.enable = true;
160
161 secrets.keys = [{ 119 secrets.keys = [{
162 dest = "apache-ldap"; 120 dest = "apache-ldap";
163 user = "wwwrun"; 121 user = "wwwrun";
diff --git a/nixops/modules/websites/ftp/florian.nix b/nixops/modules/websites/ftp/florian.nix
deleted file mode 100644
index ebd461e..0000000
--- a/nixops/modules/websites/ftp/florian.nix
+++ /dev/null
@@ -1,68 +0,0 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 adminer = pkgs.callPackage ../commons/adminer.nix {};
4 cfg = config.services.myWebsites.Florian;
5 varDir = "/var/lib/ftp/florian";
6 env = myconfig.env.websites.florian;
7in {
8 options.services.myWebsites.Florian = {
9 production = {
10 enable = lib.mkEnableOption "enable Florian's website production";
11 };
12 integration = {
13 enable = lib.mkEnableOption "enable Florian's website integration";
14 };
15 };
16
17 config = lib.mkMerge [
18 (lib.mkIf cfg.production.enable {
19 security.acme.certs."ftp".extraDomains."tellesflorian.com" = null;
20
21 services.websites.production.modules = adminer.apache.modules;
22 services.websites.production.vhostConfs.florian = {
23 certName = "florian";
24 certMainHost = "tellesflorian.com";
25 hosts = [ "tellesflorian.com" "www.tellesflorian.com" ];
26 root = "${varDir}/tellesflorian.com";
27 extraConfig = [
28 adminer.apache.vhostConf
29 ''
30 ServerAdmin ${env.server_admin}
31
32 <Directory ${varDir}/tellesflorian.com>
33 DirectoryIndex index.php index.htm index.html
34 Options Indexes FollowSymLinks MultiViews Includes
35 AllowOverride None
36 Require all granted
37 </Directory>
38 ''
39 ];
40 };
41 })
42
43 (lib.mkIf cfg.integration.enable {
44 security.acme.certs."ftp".extraDomains."florian.immae.eu" = null;
45
46 services.websites.integration.modules = adminer.apache.modules;
47 services.websites.integration.vhostConfs.florian = {
48 certName = "eldiron";
49 addToCerts = true;
50 hosts = [ "florian.immae.eu" ];
51 root = "${varDir}/florian.immae.eu";
52 extraConfig = [
53 adminer.apache.vhostConf
54 ''
55 ServerAdmin ${env.server_admin}
56
57 <Directory ${varDir}/florian.immae.eu>
58 DirectoryIndex index.php index.htm index.html
59 Options Indexes FollowSymLinks MultiViews Includes
60 AllowOverride None
61 Require all granted
62 </Directory>
63 ''
64 ];
65 };
66 })
67 ];
68}
diff --git a/nixops/modules/websites/ftp/leila.nix b/nixops/modules/websites/ftp/leila.nix
deleted file mode 100644
index 14bfa20..0000000
--- a/nixops/modules/websites/ftp/leila.nix
+++ /dev/null
@@ -1,86 +0,0 @@
1{ lib, pkgs, config, ... }:
2let
3 cfg = config.services.myWebsites.Leila;
4 varDir = "/var/lib/ftp/leila";
5in {
6 options.services.myWebsites.Leila = {
7 production = {
8 enable = lib.mkEnableOption "enable Leila's website in production";
9 };
10 };
11
12 config = (lib.mkIf cfg.production.enable {
13 services.myPhpfpm.poolConfigs.leila = ''
14 listen = /run/phpfpm/leila.sock
15 user = wwwrun
16 group = wwwrun
17 listen.owner = wwwrun
18 listen.group = wwwrun
19
20 pm = ondemand
21 pm.max_children = 5
22 pm.process_idle_timeout = 60
23
24 php_admin_value[open_basedir] = "${varDir}:/tmp"
25 '';
26
27 services.webstats.sites = [
28 { name = "leila.bouya.org"; }
29 { name = "chorale.leila.bouya.org"; }
30 ];
31
32 services.websites.production.modules = [ "proxy_fcgi" ];
33 services.websites.production.vhostConfs.leila_chorale = {
34 certName = "leila";
35 addToCerts = true;
36 hosts = [ "chorale.leila.bouya.org" "chorale-vocanta.fr.nf" "www.chorale-vocanta.fr.nf" ];
37 root = "${varDir}/Chorale";
38 extraConfig = [
39 ''
40 Use Stats chorale.leila.bouya.org
41 <Directory ${varDir}/Chorale>
42 DirectoryIndex index.php index.htm index.html
43 Options Indexes FollowSymLinks MultiViews Includes
44 AllowOverride None
45
46 Use LDAPConnect
47 Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
48
49 <FilesMatch "\.php$">
50 SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost"
51 </FilesMatch>
52 </Directory>
53 ''
54 ];
55 };
56 services.websites.production.vhostConfs.leila = {
57 certName = "leila";
58 certMainHost = "leila.bouya.org";
59 hosts = [ "leila.bouya.org" ];
60 root = varDir;
61 extraConfig = [
62 ''
63 Use Stats leila.bouya.org
64 <Directory ${varDir}/Chorale>
65 DirectoryIndex index.htm index.html
66 Options Indexes FollowSymLinks MultiViews Includes
67 AllowOverride None
68
69 Use LDAPConnect
70 Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
71
72 <FilesMatch "\.php$">
73 SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost"
74 </FilesMatch>
75 </Directory>
76 <Directory ${varDir}>
77 DirectoryIndex index.htm index.html
78 Options Indexes FollowSymLinks MultiViews Includes
79 AllowOverride None
80 Require all granted
81 </Directory>
82 ''
83 ];
84 };
85 });
86}
diff --git a/nixops/modules/websites/ludivine/default.nix b/nixops/modules/websites/ludivine/default.nix
deleted file mode 100644
index 70d5199..0000000
--- a/nixops/modules/websites/ludivine/default.nix
+++ /dev/null
@@ -1,66 +0,0 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 ludivinecassal_dev = pkgs.callPackage ./ludivinecassal.nix {
4 inherit (pkgs.webapps) ludivinecassal;
5 config = myconfig.env.websites.ludivinecassal.integration;
6 };
7 ludivinecassal_prod = pkgs.callPackage ./ludivinecassal.nix {
8 inherit (pkgs.webapps) ludivinecassal;
9 config = myconfig.env.websites.ludivinecassal.production;
10 };
11
12 cfg = config.services.myWebsites.Ludivine;
13in {
14 options.services.myWebsites.Ludivine = {
15 production = {
16 enable = lib.mkEnableOption "enable Ludivine's website in production";
17 };
18 integration = {
19 enable = lib.mkEnableOption "enable Ludivine's website in integration";
20 };
21 };
22
23 config = lib.mkMerge [
24 (lib.mkIf cfg.production.enable {
25 secrets.keys = ludivinecassal_prod.keys;
26 services.webstats.sites = [ { name = "ludivinecassal.com"; } ];
27
28 services.myPhpfpm.preStart.ludivinecassal_prod = ludivinecassal_prod.phpFpm.preStart;
29 services.myPhpfpm.serviceDependencies.ludivinecassal_prod = ludivinecassal_prod.phpFpm.serviceDeps;
30 services.myPhpfpm.poolConfigs.ludivinecassal_prod = ludivinecassal_prod.phpFpm.pool;
31 system.activationScripts.ludivinecassal_prod = ludivinecassal_prod.activationScript;
32 system.extraSystemBuilderCmds = ''
33 mkdir -p $out/webapps
34 ln -s ${ludivinecassal_prod.app.webRoot} $out/webapps/${ludivinecassal_prod.apache.webappName}
35 '';
36 services.websites.production.modules = ludivinecassal_prod.apache.modules;
37 services.websites.production.vhostConfs.ludivine = {
38 certName = "ludivinecassal";
39 certMainHost = "ludivinecassal.com";
40 hosts = ["ludivinecassal.com" "www.ludivinecassal.com" ];
41 root = ludivinecassal_prod.apache.root;
42 extraConfig = [ ludivinecassal_prod.apache.vhostConf ];
43 };
44 })
45 (lib.mkIf cfg.integration.enable {
46 secrets.keys = ludivinecassal_dev.keys;
47
48 services.myPhpfpm.preStart.ludivinecassal_dev = ludivinecassal_dev.phpFpm.preStart;
49 services.myPhpfpm.serviceDependencies.ludivinecassal_dev = ludivinecassal_dev.phpFpm.serviceDeps;
50 services.myPhpfpm.poolConfigs.ludivinecassal_dev = ludivinecassal_dev.phpFpm.pool;
51 system.activationScripts.ludivinecassal_dev = ludivinecassal_dev.activationScript;
52 system.extraSystemBuilderCmds = ''
53 mkdir -p $out/webapps
54 ln -s ${ludivinecassal_dev.app.webRoot} $out/webapps/${ludivinecassal_dev.apache.webappName}
55 '';
56 services.websites.integration.modules = ludivinecassal_dev.apache.modules;
57 services.websites.integration.vhostConfs.ludivine = {
58 certName = "eldiron";
59 addToCerts = true;
60 hosts = [ "ludivine.immae.eu" ];
61 root = ludivinecassal_dev.apache.root;
62 extraConfig = [ ludivinecassal_dev.apache.vhostConf ];
63 };
64 })
65 ];
66}
diff --git a/nixops/modules/websites/piedsjaloux/default.nix b/nixops/modules/websites/piedsjaloux/default.nix
deleted file mode 100644
index a5ee24f..0000000
--- a/nixops/modules/websites/piedsjaloux/default.nix
+++ /dev/null
@@ -1,66 +0,0 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 piedsjaloux_dev = pkgs.callPackage ./piedsjaloux.nix {
4 inherit (pkgs.webapps) piedsjaloux;
5 config = myconfig.env.websites.piedsjaloux.integration;
6 };
7 piedsjaloux_prod = pkgs.callPackage ./piedsjaloux.nix {
8 inherit (pkgs.webapps) piedsjaloux;
9 config = myconfig.env.websites.piedsjaloux.production;
10 };
11
12 cfg = config.services.myWebsites.PiedsJaloux;
13in {
14 options.services.myWebsites.PiedsJaloux = {
15 production = {
16 enable = lib.mkEnableOption "enable PiedsJaloux's website in production";
17 };
18 integration = {
19 enable = lib.mkEnableOption "enable PiedsJaloux's website in integration";
20 };
21 };
22
23 config = lib.mkMerge [
24 (lib.mkIf cfg.production.enable {
25 secrets.keys = piedsjaloux_prod.keys;
26 services.webstats.sites = [ { name = "piedsjaloux.fr"; } ];
27
28 services.myPhpfpm.preStart.piedsjaloux_prod = piedsjaloux_prod.phpFpm.preStart;
29 services.myPhpfpm.serviceDependencies.piedsjaloux_prod = piedsjaloux_prod.phpFpm.serviceDeps;
30 services.myPhpfpm.poolConfigs.piedsjaloux_prod = piedsjaloux_prod.phpFpm.pool;
31 system.activationScripts.piedsjaloux_prod = piedsjaloux_prod.activationScript;
32 system.extraSystemBuilderCmds = ''
33 mkdir -p $out/webapps
34 ln -s ${piedsjaloux_prod.app.webRoot} $out/webapps/${piedsjaloux_prod.apache.webappName}
35 '';
36 services.websites.production.modules = piedsjaloux_prod.apache.modules;
37 services.websites.production.vhostConfs.piedsjaloux = {
38 certName = "piedsjaloux";
39 certMainHost = "piedsjaloux.fr";
40 hosts = [ "piedsjaloux.fr" "www.piedsjaloux.fr" ];
41 root = piedsjaloux_prod.apache.root;
42 extraConfig = [ piedsjaloux_prod.apache.vhostConf ];
43 };
44 })
45 (lib.mkIf cfg.integration.enable {
46 secrets.keys = piedsjaloux_dev.keys;
47 services.myPhpfpm.preStart.piedsjaloux_dev = piedsjaloux_dev.phpFpm.preStart;
48 services.myPhpfpm.serviceDependencies.piedsjaloux_dev = piedsjaloux_dev.phpFpm.serviceDeps;
49 services.myPhpfpm.poolConfigs.piedsjaloux_dev = piedsjaloux_dev.phpFpm.pool;
50 system.activationScripts.piedsjaloux_dev = piedsjaloux_dev.activationScript;
51 system.extraSystemBuilderCmds = ''
52 mkdir -p $out/webapps
53 ln -s ${piedsjaloux_dev.app.webRoot} $out/webapps/${piedsjaloux_dev.apache.webappName}
54 '';
55 services.websites.integration.modules = piedsjaloux_dev.apache.modules;
56 services.websites.integration.vhostConfs.piedsjaloux = {
57 certName = "eldiron";
58 addToCerts = true;
59 hosts = [ "piedsjaloux.immae.eu" ];
60 root = piedsjaloux_dev.apache.root;
61 extraConfig = [ piedsjaloux_dev.apache.vhostConf ];
62 };
63 })
64 ];
65}
66
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-25 05:06:58 +0000