Finish moving aten php configuration to dedicated module

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-06-02 09:48:05 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-06-02 11:23:54 +0200
commit: 717ccfd957e686d773480df817387aebbe79aa48 (patch)
tree: b2f59c57da32dcafefee9ccc5d7e6d32e498721e /modules/private/websites/aten/integration.nix
parent: 29f8cb850d74b456d6481a456311bbf5361d328c (diff)
download: Nix-717ccfd957e686d773480df817387aebbe79aa48.tar.gz
Nix-717ccfd957e686d773480df817387aebbe79aa48.tar.zst
Nix-717ccfd957e686d773480df817387aebbe79aa48.zip
1 files changed, 59 insertions, 19 deletions
diff --git a/modules/private/websites/aten/integration.nix b/modules/private/websites/aten/integration.nix
index 0dbc4fa..38068a7 100644
--- a/modules/private/websites/aten/integration.nix
+++ b/modules/private/websites/aten/integration.nix
@@ -1,43 +1,83 @@
 { lib, pkgs, config, myconfig,  ... }:
 let
-  aten = pkgs.callPackage ./builder.nix {
+  secrets = myconfig.env.websites.aten.integration;
-    inherit (pkgs.webapps) aten;
+  app = pkgs.webapps.aten.override { environment = secrets.environment; };
-    config = myconfig.env.websites.aten.integration;
-    apacheUser = config.services.httpd.Inte.user;
-    apacheGroup = config.services.httpd.Inte.group;
-  };
  cfg = config.myServices.websites.aten.integration;
+  pcfg = config.services.phpApplication;
 in {
  options.myServices.websites.aten.integration.enable = lib.mkEnableOption "enable Aten's website in integration";
  config = lib.mkIf cfg.enable {
-    services.phpApplication.aten_dev = let
+    services.phpApplication.apps.aten_dev = {
-      app = pkgs.webapps.aten.override { environment = "dev"; };
-    in {
      websiteEnv = "integration";
      httpdUser = config.services.httpd.Inte.user;
      httpdGroup = config.services.httpd.Inte.group;
+      httpdWatchFiles = [
+        config.secrets.fullPaths."webapps/${app.environment}-aten"
+      ];
      inherit (app) webRoot varDir;
      inherit app;
      serviceDeps = [ "postgresql.service" ];
      preStartActions = [
        "APP_ENV=${app.environment} ./bin/console --env=${app.environment} cache:clear --no-warmup"
      ];
-      watchFiles = [
+      phpOpenbasedir = [ "/tmp" ];
-        "${config.secrets.location}/webapps/${app.environment}-aten"
+      phpPool = ''
-      ];
+        php_admin_value[upload_max_filesize] = 20M
-      webappName = "aten_dev";
+        php_admin_value[post_max_size] = 20M
+        ;php_admin_flag[log_errors] = on
+        pm = ondemand
+        pm.max_children = 5
+        pm.process_idle_timeout = 60
+        env[SYMFONY_DEBUG_MODE] = "yes"
+      '';
    };
-    secrets.keys = aten.keys;
+    secrets.keys = [{
-    services.phpfpm.poolConfigs.aten_dev = aten.phpFpm.pool;
+      dest = "webapps/${app.environment}-aten";
-    services.websites.env.integration.vhostConfs.aten = {
+      user = config.services.httpd.Inte.user;
+      group = config.services.httpd.Inte.user;
+      permissions = "0400";
+      text = ''
+        SetEnv APP_ENV      "${app.environment}"
+        SetEnv APP_SECRET   "${secrets.secret}"
+        SetEnv DATABASE_URL "${secrets.psql_url}"
+        '';
+    }];
+    services.websites.env.integration.vhostConfs.aten_dev = {
      certName    = "eldiron";
      addToCerts  = true;
      hosts       = [ "dev.aten.pro" ];
-      root        = aten.apache.root;
+      root        = pcfg.webappDirs.aten_dev;
-      extraConfig = [ aten.apache.vhostConf ];
+      extraConfig = [
+        ''
+        <FilesMatch "\.php$">
+          SetHandler "proxy:unix:${pcfg.phpListenPaths.aten_dev}|fcgi://localhost"
+        </FilesMatch>
+        Include ${config.secrets.fullPaths."webapps/${app.environment}-aten"}
+        <Location />
+          Use LDAPConnect
+          Require ldap-group   cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
+          ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
+        </Location>
+        <Location /backend>
+          Use LDAPConnect
+          Require ldap-group   cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
+          ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
+        </Location>
+        <Directory ${pcfg.webappDirs.aten_dev}>
+          Options Indexes FollowSymLinks MultiViews Includes
+          AllowOverride All
+          Require all granted
+          DirectoryIndex index.php
+          FallbackResource /index.php
+        </Directory>
+        ''
+      ];
    };
  };
 }
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-06-02 09:48:05 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-06-02 11:23:54 +0200
commit	717ccfd957e686d773480df817387aebbe79aa48 (patch)
tree	b2f59c57da32dcafefee9ccc5d7e6d32e498721e /modules/private/websites/aten/integration.nix
parent	29f8cb850d74b456d6481a456311bbf5361d328c (diff)
download	Nix-717ccfd957e686d773480df817387aebbe79aa48.tar.gz Nix-717ccfd957e686d773480df817387aebbe79aa48.tar.zst Nix-717ccfd957e686d773480df817387aebbe79aa48.zip

diff --git a/modules/private/websites/aten/integration.nix b/modules/private/websites/aten/integration.nix index 0dbc4fa..38068a7 100644 --- a/modules/private/websites/aten/integration.nix +++ b/modules/private/websites/aten/integration.nix
@@ -1,43 +1,83 @@
1	{ lib, pkgs, config, myconfig, ... }:	1	{ lib, pkgs, config, myconfig, ... }:
2	let	2	let
3	aten = pkgs.callPackage ./builder.nix {	3	secrets = myconfig.env.websites.aten.integration;
4	inherit (pkgs.webapps) aten;	4	app = pkgs.webapps.aten.override { environment = secrets.environment; };
5	config = myconfig.env.websites.aten.integration;
6	apacheUser = config.services.httpd.Inte.user;
7	apacheGroup = config.services.httpd.Inte.group;
8	};
9
10	cfg = config.myServices.websites.aten.integration;	5	cfg = config.myServices.websites.aten.integration;
		6	pcfg = config.services.phpApplication;
11	in {	7	in {
12	options.myServices.websites.aten.integration.enable = lib.mkEnableOption "enable Aten's website in integration";	8	options.myServices.websites.aten.integration.enable = lib.mkEnableOption "enable Aten's website in integration";
13		9
14	config = lib.mkIf cfg.enable {	10	config = lib.mkIf cfg.enable {
15	services.phpApplication.aten_dev = let	11	services.phpApplication.apps.aten_dev = {
16	app = pkgs.webapps.aten.override { environment = "dev"; };
17	in {
18	websiteEnv = "integration";	12	websiteEnv = "integration";
19	httpdUser = config.services.httpd.Inte.user;	13	httpdUser = config.services.httpd.Inte.user;
20	httpdGroup = config.services.httpd.Inte.group;	14	httpdGroup = config.services.httpd.Inte.group;
		15	httpdWatchFiles = [
		16	config.secrets.fullPaths."webapps/${app.environment}-aten"
		17	];
21	inherit (app) webRoot varDir;	18	inherit (app) webRoot varDir;
22	inherit app;	19	inherit app;
23	serviceDeps = [ "postgresql.service" ];	20	serviceDeps = [ "postgresql.service" ];
24	preStartActions = [	21	preStartActions = [
25	"APP_ENV=${app.environment} ./bin/console --env=${app.environment} cache:clear --no-warmup"	22	"APP_ENV=${app.environment} ./bin/console --env=${app.environment} cache:clear --no-warmup"
26	];	23	];
27	watchFiles = [	24	phpOpenbasedir = [ "/tmp" ];
28	"${config.secrets.location}/webapps/${app.environment}-aten"	25	phpPool = ''
29	];	26	php_admin_value[upload_max_filesize] = 20M
30	webappName = "aten_dev";	27	php_admin_value[post_max_size] = 20M
		28	;php_admin_flag[log_errors] = on
		29	pm = ondemand
		30	pm.max_children = 5
		31	pm.process_idle_timeout = 60
		32	env[SYMFONY_DEBUG_MODE] = "yes"
		33	'';
31	};	34	};
32		35
33	secrets.keys = aten.keys;	36	secrets.keys = [{
34	services.phpfpm.poolConfigs.aten_dev = aten.phpFpm.pool;	37	dest = "webapps/${app.environment}-aten";
35	services.websites.env.integration.vhostConfs.aten = {	38	user = config.services.httpd.Inte.user;
		39	group = config.services.httpd.Inte.user;
		40	permissions = "0400";
		41	text = ''
		42	SetEnv APP_ENV "${app.environment}"
		43	SetEnv APP_SECRET "${secrets.secret}"
		44	SetEnv DATABASE_URL "${secrets.psql_url}"
		45	'';
		46	}];
		47	services.websites.env.integration.vhostConfs.aten_dev = {
36	certName = "eldiron";	48	certName = "eldiron";
37	addToCerts = true;	49	addToCerts = true;
38	hosts = [ "dev.aten.pro" ];	50	hosts = [ "dev.aten.pro" ];
39	root = aten.apache.root;	51	root = pcfg.webappDirs.aten_dev;
40	extraConfig = [ aten.apache.vhostConf ];	52	extraConfig = [
		53	''
		54	<FilesMatch "\.php$">
		55	SetHandler "proxy:unix:${pcfg.phpListenPaths.aten_dev}\|fcgi://localhost"
		56	</FilesMatch>
		57
		58	Include ${config.secrets.fullPaths."webapps/${app.environment}-aten"}
		59
		60	<Location />
		61	Use LDAPConnect
		62	Require ldap-group cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
		63	ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
		64	</Location>
		65
		66	<Location /backend>
		67	Use LDAPConnect
		68	Require ldap-group cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
		69	ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
		70	</Location>
		71
		72	<Directory ${pcfg.webappDirs.aten_dev}>
		73	Options Indexes FollowSymLinks MultiViews Includes
		74	AllowOverride All
		75	Require all granted
		76	DirectoryIndex index.php
		77	FallbackResource /index.php
		78	</Directory>
		79	''
		80	];
41	};	81	};
42	};	82	};
43	}	83	}