diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-06-02 09:48:05 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-06-02 11:23:54 +0200 |
commit | 717ccfd957e686d773480df817387aebbe79aa48 (patch) | |
tree | b2f59c57da32dcafefee9ccc5d7e6d32e498721e /modules/private/websites/aten/integration.nix | |
parent | 29f8cb850d74b456d6481a456311bbf5361d328c (diff) | |
download | Nix-717ccfd957e686d773480df817387aebbe79aa48.tar.gz Nix-717ccfd957e686d773480df817387aebbe79aa48.tar.zst Nix-717ccfd957e686d773480df817387aebbe79aa48.zip |
Finish moving aten php configuration to dedicated module
Diffstat (limited to 'modules/private/websites/aten/integration.nix')
-rw-r--r-- | modules/private/websites/aten/integration.nix | 78 |
1 files changed, 59 insertions, 19 deletions
diff --git a/modules/private/websites/aten/integration.nix b/modules/private/websites/aten/integration.nix index 0dbc4fa..38068a7 100644 --- a/modules/private/websites/aten/integration.nix +++ b/modules/private/websites/aten/integration.nix | |||
@@ -1,43 +1,83 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | 1 | { lib, pkgs, config, myconfig, ... }: |
2 | let | 2 | let |
3 | aten = pkgs.callPackage ./builder.nix { | 3 | secrets = myconfig.env.websites.aten.integration; |
4 | inherit (pkgs.webapps) aten; | 4 | app = pkgs.webapps.aten.override { environment = secrets.environment; }; |
5 | config = myconfig.env.websites.aten.integration; | ||
6 | apacheUser = config.services.httpd.Inte.user; | ||
7 | apacheGroup = config.services.httpd.Inte.group; | ||
8 | }; | ||
9 | |||
10 | cfg = config.myServices.websites.aten.integration; | 5 | cfg = config.myServices.websites.aten.integration; |
6 | pcfg = config.services.phpApplication; | ||
11 | in { | 7 | in { |
12 | options.myServices.websites.aten.integration.enable = lib.mkEnableOption "enable Aten's website in integration"; | 8 | options.myServices.websites.aten.integration.enable = lib.mkEnableOption "enable Aten's website in integration"; |
13 | 9 | ||
14 | config = lib.mkIf cfg.enable { | 10 | config = lib.mkIf cfg.enable { |
15 | services.phpApplication.aten_dev = let | 11 | services.phpApplication.apps.aten_dev = { |
16 | app = pkgs.webapps.aten.override { environment = "dev"; }; | ||
17 | in { | ||
18 | websiteEnv = "integration"; | 12 | websiteEnv = "integration"; |
19 | httpdUser = config.services.httpd.Inte.user; | 13 | httpdUser = config.services.httpd.Inte.user; |
20 | httpdGroup = config.services.httpd.Inte.group; | 14 | httpdGroup = config.services.httpd.Inte.group; |
15 | httpdWatchFiles = [ | ||
16 | config.secrets.fullPaths."webapps/${app.environment}-aten" | ||
17 | ]; | ||
21 | inherit (app) webRoot varDir; | 18 | inherit (app) webRoot varDir; |
22 | inherit app; | 19 | inherit app; |
23 | serviceDeps = [ "postgresql.service" ]; | 20 | serviceDeps = [ "postgresql.service" ]; |
24 | preStartActions = [ | 21 | preStartActions = [ |
25 | "APP_ENV=${app.environment} ./bin/console --env=${app.environment} cache:clear --no-warmup" | 22 | "APP_ENV=${app.environment} ./bin/console --env=${app.environment} cache:clear --no-warmup" |
26 | ]; | 23 | ]; |
27 | watchFiles = [ | 24 | phpOpenbasedir = [ "/tmp" ]; |
28 | "${config.secrets.location}/webapps/${app.environment}-aten" | 25 | phpPool = '' |
29 | ]; | 26 | php_admin_value[upload_max_filesize] = 20M |
30 | webappName = "aten_dev"; | 27 | php_admin_value[post_max_size] = 20M |
28 | ;php_admin_flag[log_errors] = on | ||
29 | pm = ondemand | ||
30 | pm.max_children = 5 | ||
31 | pm.process_idle_timeout = 60 | ||
32 | env[SYMFONY_DEBUG_MODE] = "yes" | ||
33 | ''; | ||
31 | }; | 34 | }; |
32 | 35 | ||
33 | secrets.keys = aten.keys; | 36 | secrets.keys = [{ |
34 | services.phpfpm.poolConfigs.aten_dev = aten.phpFpm.pool; | 37 | dest = "webapps/${app.environment}-aten"; |
35 | services.websites.env.integration.vhostConfs.aten = { | 38 | user = config.services.httpd.Inte.user; |
39 | group = config.services.httpd.Inte.user; | ||
40 | permissions = "0400"; | ||
41 | text = '' | ||
42 | SetEnv APP_ENV "${app.environment}" | ||
43 | SetEnv APP_SECRET "${secrets.secret}" | ||
44 | SetEnv DATABASE_URL "${secrets.psql_url}" | ||
45 | ''; | ||
46 | }]; | ||
47 | services.websites.env.integration.vhostConfs.aten_dev = { | ||
36 | certName = "eldiron"; | 48 | certName = "eldiron"; |
37 | addToCerts = true; | 49 | addToCerts = true; |
38 | hosts = [ "dev.aten.pro" ]; | 50 | hosts = [ "dev.aten.pro" ]; |
39 | root = aten.apache.root; | 51 | root = pcfg.webappDirs.aten_dev; |
40 | extraConfig = [ aten.apache.vhostConf ]; | 52 | extraConfig = [ |
53 | '' | ||
54 | <FilesMatch "\.php$"> | ||
55 | SetHandler "proxy:unix:${pcfg.phpListenPaths.aten_dev}|fcgi://localhost" | ||
56 | </FilesMatch> | ||
57 | |||
58 | Include ${config.secrets.fullPaths."webapps/${app.environment}-aten"} | ||
59 | |||
60 | <Location /> | ||
61 | Use LDAPConnect | ||
62 | Require ldap-group cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu | ||
63 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>" | ||
64 | </Location> | ||
65 | |||
66 | <Location /backend> | ||
67 | Use LDAPConnect | ||
68 | Require ldap-group cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu | ||
69 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>" | ||
70 | </Location> | ||
71 | |||
72 | <Directory ${pcfg.webappDirs.aten_dev}> | ||
73 | Options Indexes FollowSymLinks MultiViews Includes | ||
74 | AllowOverride All | ||
75 | Require all granted | ||
76 | DirectoryIndex index.php | ||
77 | FallbackResource /index.php | ||
78 | </Directory> | ||
79 | '' | ||
80 | ]; | ||
41 | }; | 81 | }; |
42 | }; | 82 | }; |
43 | } | 83 | } |