Squash changes containing private information

There were a lot of changes since the previous commit, but a lot of them contained personnal information about users. All thos changes got stashed into a single commit (history is kept in a different place) and private information was moved in a separate private repository
author: Ismaël Bouya <ismael.bouya@normalesup.org> 2023-10-04 01:35:06 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2023-10-04 02:11:48 +0200
commit: 1a64deeb894dc95e2645a75771732c6cc53a79ad (patch)
tree: 1b9df4838f894577a09b9b260151756272efeb53 /modules/private/websites/denise
parent: fa25ffd4583cc362075cd5e1b4130f33306103f0 (diff)
download: Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.gz
Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.zst
Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.zip
6 files changed, 0 insertions, 386 deletions
diff --git a/modules/private/websites/denise/aventuriers.nix b/modules/private/websites/denise/aventuriers.nix
deleted file mode 100644
index 2bbf7bf..0000000
--- a/modules/private/websites/denise/aventuriers.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ lib, config, pkgs, ... }:
-let
-  cfg = config.myServices.websites.denise.aventuriers;
-  varDir = "/var/lib/buildbot/outputs/denise/aventuriers";
-in {
-  options.myServices.websites.denise.aventuriers.enable = lib.mkEnableOption "enable Denise's Aventuriers website";
-  config = lib.mkIf cfg.enable {
-    services.websites.env.production.vhostConfs.denise_aventuriers = {
-      certName     = "denise";
-      addToCerts   = true;
-      hosts        = [ "aventuriers.syanni.eu" ];
-      root         = varDir;
-      extraConfig  = [
-        ''
-          <Directory ${varDir}>
-            DirectoryIndex aventuriers.html
-            Options Indexes FollowSymLinks MultiViews Includes
-            AllowOverride None
-            Require all granted
-          </Directory>
-          ''
-      ];
-    };
-  };
-}
diff --git a/modules/private/websites/denise/bingo.nix b/modules/private/websites/denise/bingo.nix
deleted file mode 100644
index 9130462..0000000
--- a/modules/private/websites/denise/bingo.nix
+++ /dev/null
@@ -1,100 +0,0 @@
-{ lib, config, pkgs, ... }:
-let
-  cfg = config.myServices.websites.denise.bingo;
-  varDir = "/var/lib/buildbot/outputs/denise/bingo";
-  varDirBeta = "/var/lib/buildbot/outputs/denise/bingo_beta";
-  socket = "/run/denise_bingo/socket.sock";
-  socket_beta = "/run/denise_bingo_beta/socket.sock";
-in {
-  options.myServices.websites.denise.bingo.enable = lib.mkEnableOption "enable Denise's bingo website";
-  config = lib.mkIf cfg.enable {
-    services.websites.env.production.vhostConfs.denise_bingo = {
-      certName     = "denise";
-      addToCerts   = true;
-      hosts        = [ "bingo.syanni.eu" ];
-      root         = null;
-      extraConfig  = [
-        ''
-        ProxyPreserveHost on
-        ProxyVia On
-        ProxyRequests Off
-        ProxyPassMatch ^/.well-known/acme-challenge !
-        ProxyPass / unix://${socket}|http://bingo.syanni.eu/
-        ProxyPassReverse / unix://${socket}|http://bingo.syanni.eu/
-          ''
-      ];
-    };
-    systemd.services.denise-bingo = {
-      description = "Denise bingo website";
-      after = [ "network.target" ];
-      wantedBy = [ "multi-user.target" ];
-      serviceConfig = {
-        Type = "simple";
-        WorkingDirectory = varDir;
-        ExecStart = let
-          python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.matplotlib p.unidecode ]);
-        in
-          "${python}/bin/gunicorn -w4 -p /run/denise_bingo/gunicorn.pid --bind unix:${socket} app:app";
-        User = "wwwrun";
-        Restart = "always";
-        RestartSec = "5s";
-        PIDFile = "/run/denise_bingo/gunicorn.pid";
-        RuntimeDirectory = "denise_bingo";
-        StandardOutput = "journal";
-        StandardError = "inherit";
-      };
-    };
-    security.sudo.extraRules = [
-      {
-        commands = [
-          { options = [ "NOPASSWD" ]; command = "${pkgs.systemd}/bin/systemctl restart denise-bingo-beta.service"; }
-          { options = [ "NOPASSWD" ]; command = "${pkgs.systemd}/bin/systemctl restart denise-bingo.service"; }
-        ];
-        users = ["buildbot"];
-        runAs = "root";
-      }
-    ];
-    services.websites.env.integration.vhostConfs.denise_bingo_beta = {
-      certName     = "denise";
-      addToCerts   = true;
-      hosts        = [ "beta.bingo.syanni.eu" ];
-      root         = null;
-      extraConfig  = [
-        ''
-        ProxyPreserveHost on
-        ProxyVia On
-        ProxyRequests Off
-        ProxyPassMatch ^/.well-known/acme-challenge !
-        ProxyPass / unix://${socket_beta}|http://beta.bingo.syanni.eu/
-        ProxyPassReverse / unix://${socket_beta}|http://beta.bingo.syanni.eu/
-          ''
-      ];
-    };
-    systemd.services.denise-bingo-beta = {
-      description = "Denise bingo beta website";
-      after = [ "network.target" ];
-      wantedBy = [ "multi-user.target" ];
-      serviceConfig = {
-        Type = "simple";
-        WorkingDirectory = varDirBeta;
-        ExecStart = let
-          python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask ]);
-        in
-          "${python}/bin/gunicorn -w4 -p /run/denise_bingo_beta/gunicorn.pid --bind unix:${socket_beta} app:app";
-        User = "wwwrun";
-        Restart = "always";
-        RestartSec = "5s";
-        PIDFile = "/run/denise_bingo_beta/gunicorn.pid";
-        RuntimeDirectory = "denise_bingo_beta";
-        StandardOutput = "journal";
-        StandardError = "inherit";
-      };
-    };
-  };
-}
diff --git a/modules/private/websites/denise/denisejerome.nix b/modules/private/websites/denise/denisejerome.nix
deleted file mode 100644
index a75e591..0000000
--- a/modules/private/websites/denise/denisejerome.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-{ lib, config, ... }:
-let
-  cfg = config.myServices.websites.denise.denisejerome;
-  varDir = "/var/lib/ftp/denise/denisejerome";
-  env = config.myEnv.websites.denisejerome;
-in {
-  options.myServices.websites.denise.denisejerome.enable = lib.mkEnableOption "enable Denise Jerome's website";
-  config = lib.mkIf cfg.enable {
-    services.webstats.sites = [ { name = "denisejerome.piedsjaloux.fr"; } ];
-    services.websites.env.production.vhostConfs.denise_denisejerome = {
-      certName     = "denise";
-      certMainHost = "denisejerome.piedsjaloux.fr";
-      hosts        = ["denisejerome.piedsjaloux.fr" ];
-      root         = varDir;
-      extraConfig  = [
-        ''
-        Use Stats denisejerome.piedsjaloux.fr
-        <Directory ${varDir}>
-          DirectoryIndex index.htm index.html
-          Options Indexes FollowSymLinks MultiViews Includes
-          AllowOverride AuthConfig
-          Require all granted
-        </Directory>
-          ''
-      ];
-    };
-  };
-}
diff --git a/modules/private/websites/denise/evariste.nix b/modules/private/websites/denise/evariste.nix
deleted file mode 100644
index 42f9b2e..0000000
--- a/modules/private/websites/denise/evariste.nix
+++ /dev/null
@@ -1,104 +0,0 @@
-{ lib, config, pkgs, ... }:
-let
-  cfg = config.myServices.websites.denise.evariste;
-  nsiVarDir = "/var/lib/ftp/denise/nsievariste";
-  stmgVarDir = "/var/lib/ftp/denise/stmgevariste";
-  apacheUser = config.services.httpd.Prod.user;
-  apacheGroup = config.services.httpd.Prod.group;
-in {
-  options.myServices.websites.denise.evariste.enable = lib.mkEnableOption "enable NSI/STMG Evariste website";
-  config = lib.mkIf cfg.enable {
-    services.webstats.sites = [
-      { name = "nsievariste.immae.eu"; }
-      { name = "stmgevariste.immae.eu"; }
-    ];
-    services.websites.env.production.modules = [ "proxy_fcgi" ];
-    system.activationScripts.denise_evariste = {
-      deps = [ "httpd" ];
-      text = ''
-        install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/denise_nsievariste
-        install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/denise_stmgevariste
-        '';
-    };
-    services.phpfpm.pools.denise_nsievariste = {
-      user = apacheUser;
-      group = apacheGroup;
-      settings = {
-        "listen.owner" = apacheUser;
-        "listen.group" = apacheGroup;
-        "pm" = "ondemand";
-        "pm.max_children" = "5";
-        "pm.process_idle_timeout" = "60";
-        "php_admin_value[open_basedir]" = "/var/lib/php/sessions/denise_nsievariste:${nsiVarDir}:/tmp";
-        "php_admin_value[session.save_path]" = "/var/lib/php/sessions/denise_nsievariste";
-      };
-      phpPackage = pkgs.php72;
-    };
-    services.websites.env.production.vhostConfs.denise_nsievariste = {
-      certName     = "denise_evariste";
-      addToCerts   = true;
-      certMainHost = "nsievariste.immae.eu";
-      hosts        = ["nsievariste.immae.eu" ];
-      root         = nsiVarDir;
-      extraConfig  = [
-        ''
-        Use Stats nsievariste.immae.eu
-        <FilesMatch "\.php$">
-          SetHandler "proxy:unix:${config.services.phpfpm.pools.denise_nsievariste.socket}|fcgi://localhost"
-        </FilesMatch>
-        <Directory ${nsiVarDir}>
-          DirectoryIndex index.php index.htm index.html
-          Options Indexes FollowSymLinks MultiViews Includes
-          AllowOverride None
-          Require all granted
-        </Directory>
-          ''
-      ];
-    };
-    services.phpfpm.pools.denise_stmgevariste = {
-      user = apacheUser;
-      group = apacheGroup;
-      settings = {
-        "listen.owner" = apacheUser;
-        "listen.group" = apacheGroup;
-        "pm" = "ondemand";
-        "pm.max_children" = "5";
-        "pm.process_idle_timeout" = "60";
-        "php_admin_value[open_basedir]" = "/var/lib/php/sessions/denise_stmgevariste:${stmgVarDir}:/tmp";
-        "php_admin_value[session.save_path]" = "/var/lib/php/sessions/denise_stmgevariste";
-      };
-      phpPackage = pkgs.php72;
-    };
-    services.websites.env.production.vhostConfs.denise_stmgevariste = {
-      certName     = "denise_evariste";
-      addToCerts   = true;
-      hosts        = ["stmgevariste.immae.eu" ];
-      root         = stmgVarDir;
-      extraConfig  = [
-        ''
-        Use Stats stmgevariste.immae.eu
-        <FilesMatch "\.php$">
-          SetHandler "proxy:unix:${config.services.phpfpm.pools.denise_stmgevariste.socket}|fcgi://localhost"
-        </FilesMatch>
-        <Directory ${stmgVarDir}>
-          DirectoryIndex index.php index.htm index.html
-          Options Indexes FollowSymLinks MultiViews Includes
-          AllowOverride None
-          Require all granted
-        </Directory>
-          ''
-      ];
-    };
-  };
-}
diff --git a/modules/private/websites/denise/oms.nix b/modules/private/websites/denise/oms.nix
deleted file mode 100644
index 2f18037..0000000
--- a/modules/private/websites/denise/oms.nix
+++ /dev/null
@@ -1,100 +0,0 @@
-{ lib, config, pkgs, ... }:
-let
-  cfg = config.myServices.websites.denise.oms;
-  varDir = "/var/lib/buildbot/outputs/denise/oms";
-  varDirBeta = "/var/lib/buildbot/outputs/denise/oms_beta";
-  socket = "/run/denise_oms/socket.sock";
-  socket_beta = "/run/denise_oms_beta/socket.sock";
-in {
-  options.myServices.websites.denise.oms.enable = lib.mkEnableOption "enable Denise's OMS website";
-  config = lib.mkIf cfg.enable {
-    services.websites.env.production.vhostConfs.denise_oms = {
-      certName     = "denise";
-      addToCerts   = true;
-      hosts        = [ "oms.syanni.eu" ];
-      root         = null;
-      extraConfig  = [
-        ''
-        ProxyPreserveHost on
-        ProxyVia On
-        ProxyRequests Off
-        ProxyPassMatch ^/.well-known/acme-challenge !
-        ProxyPass / unix://${socket}|http://oms.syanni.eu/
-        ProxyPassReverse / unix://${socket}|http://oms.syanni.eu/
-          ''
-      ];
-    };
-    systemd.services.denise-oms = {
-      description = "Denise OMS website";
-      after = [ "network.target" ];
-      wantedBy = [ "multi-user.target" ];
-      serviceConfig = {
-        Type = "simple";
-        WorkingDirectory = varDir;
-        ExecStart = let
-          python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.matplotlib p.unidecode ]);
-        in
-          "${python}/bin/gunicorn -w4 -p /run/denise_oms/gunicorn.pid --bind unix:${socket} app:app";
-        User = "wwwrun";
-        Restart = "always";
-        RestartSec = "5s";
-        PIDFile = "/run/denise_oms/gunicorn.pid";
-        RuntimeDirectory = "denise_oms";
-        StandardOutput = "journal";
-        StandardError = "inherit";
-      };
-    };
-    security.sudo.extraRules = [
-      {
-        commands = [
-          { options = [ "NOPASSWD" ]; command = "${pkgs.systemd}/bin/systemctl restart denise-oms-beta.service"; }
-          { options = [ "NOPASSWD" ]; command = "${pkgs.systemd}/bin/systemctl restart denise-oms.service"; }
-        ];
-        users = ["buildbot"];
-        runAs = "root";
-      }
-    ];
-    services.websites.env.integration.vhostConfs.denise_oms_beta = {
-      certName     = "denise";
-      addToCerts   = true;
-      hosts        = [ "beta.oms.syanni.eu" ];
-      root         = null;
-      extraConfig  = [
-        ''
-        ProxyPreserveHost on
-        ProxyVia On
-        ProxyRequests Off
-        ProxyPassMatch ^/.well-known/acme-challenge !
-        ProxyPass / unix://${socket_beta}|http://beta.oms.syanni.eu/
-        ProxyPassReverse / unix://${socket_beta}|http://beta.oms.syanni.eu/
-          ''
-      ];
-    };
-    systemd.services.denise-oms-beta = {
-      description = "Denise OMS beta website";
-      after = [ "network.target" ];
-      wantedBy = [ "multi-user.target" ];
-      serviceConfig = {
-        Type = "simple";
-        WorkingDirectory = varDirBeta;
-        ExecStart = let
-          python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.matplotlib p.unidecode ]);
-        in
-          "${python}/bin/gunicorn -w4 -p /run/denise_oms_beta/gunicorn.pid --bind unix:${socket_beta} app:app";
-        User = "wwwrun";
-        Restart = "always";
-        RestartSec = "5s";
-        PIDFile = "/run/denise_oms_beta/gunicorn.pid";
-        RuntimeDirectory = "denise_oms_beta";
-        StandardOutput = "journal";
-        StandardError = "inherit";
-      };
-    };
-  };
-}
diff --git a/modules/private/websites/denise/production.nix b/modules/private/websites/denise/production.nix
deleted file mode 100644
index 9b28e9e..0000000
--- a/modules/private/websites/denise/production.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ lib, config, pkgs, ... }:
-let
-  cfg = config.myServices.websites.denise.production;
-in {
-  options.myServices.websites.denise.production.enable = lib.mkEnableOption "enable Denise's website";
-  config = lib.mkIf cfg.enable {
-    services.websites.env.production.vhostConfs.denise_production = {
-      certName     = "denise";
-      addToCerts   = true;
-      hosts        = [ "syanni.eu" "www.syanni.eu" ];
-      root         = ../_www;
-      extraConfig  = [
-        ''
-        <Directory ${../_www}>
-          DirectoryIndex index.htm index.html
-          Options Indexes FollowSymLinks MultiViews Includes
-          AllowOverride AuthConfig
-          Require all granted
-        </Directory>
-          ''
-      ];
-    };
-  };
-}
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2023-10-04 01:35:06 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2023-10-04 02:11:48 +0200
commit	1a64deeb894dc95e2645a75771732c6cc53a79ad (patch)
tree	1b9df4838f894577a09b9b260151756272efeb53 /modules/private/websites/denise
parent	fa25ffd4583cc362075cd5e1b4130f33306103f0 (diff)
download	Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.gz Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.zst Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.zip

diff --git a/modules/private/websites/denise/aventuriers.nix b/modules/private/websites/denise/aventuriers.nix deleted file mode 100644 index 2bbf7bf..0000000 --- a/modules/private/websites/denise/aventuriers.nix +++ /dev/null
@@ -1,26 +0,0 @@
1	{ lib, config, pkgs, ... }:
2	let
3	cfg = config.myServices.websites.denise.aventuriers;
4	varDir = "/var/lib/buildbot/outputs/denise/aventuriers";
5	in {
6	options.myServices.websites.denise.aventuriers.enable = lib.mkEnableOption "enable Denise's Aventuriers website";
7
8	config = lib.mkIf cfg.enable {
9	services.websites.env.production.vhostConfs.denise_aventuriers = {
10	certName = "denise";
11	addToCerts = true;
12	hosts = [ "aventuriers.syanni.eu" ];
13	root = varDir;
14	extraConfig = [
15	''
16	<Directory ${varDir}>
17	DirectoryIndex aventuriers.html
18	Options Indexes FollowSymLinks MultiViews Includes
19	AllowOverride None
20	Require all granted
21	</Directory>
22	''
23	];
24	};
25	};
26	}


diff --git a/modules/private/websites/denise/bingo.nix b/modules/private/websites/denise/bingo.nix deleted file mode 100644 index 9130462..0000000 --- a/modules/private/websites/denise/bingo.nix +++ /dev/null
@@ -1,100 +0,0 @@
1	{ lib, config, pkgs, ... }:
2	let
3	cfg = config.myServices.websites.denise.bingo;
4	varDir = "/var/lib/buildbot/outputs/denise/bingo";
5	varDirBeta = "/var/lib/buildbot/outputs/denise/bingo_beta";
6	socket = "/run/denise_bingo/socket.sock";
7	socket_beta = "/run/denise_bingo_beta/socket.sock";
8	in {
9	options.myServices.websites.denise.bingo.enable = lib.mkEnableOption "enable Denise's bingo website";
10
11	config = lib.mkIf cfg.enable {
12	services.websites.env.production.vhostConfs.denise_bingo = {
13	certName = "denise";
14	addToCerts = true;
15	hosts = [ "bingo.syanni.eu" ];
16	root = null;
17	extraConfig = [
18	''
19	ProxyPreserveHost on
20	ProxyVia On
21	ProxyRequests Off
22	ProxyPassMatch ^/.well-known/acme-challenge !
23	ProxyPass / unix://${socket}\|http://bingo.syanni.eu/
24	ProxyPassReverse / unix://${socket}\|http://bingo.syanni.eu/
25	''
26	];
27	};
28
29	systemd.services.denise-bingo = {
30	description = "Denise bingo website";
31	after = [ "network.target" ];
32	wantedBy = [ "multi-user.target" ];
33
34	serviceConfig = {
35	Type = "simple";
36	WorkingDirectory = varDir;
37	ExecStart = let
38	python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.matplotlib p.unidecode ]);
39	in
40	"${python}/bin/gunicorn -w4 -p /run/denise_bingo/gunicorn.pid --bind unix:${socket} app:app";
41	User = "wwwrun";
42	Restart = "always";
43	RestartSec = "5s";
44	PIDFile = "/run/denise_bingo/gunicorn.pid";
45	RuntimeDirectory = "denise_bingo";
46	StandardOutput = "journal";
47	StandardError = "inherit";
48	};
49	};
50
51	security.sudo.extraRules = [
52	{
53	commands = [
54	{ options = [ "NOPASSWD" ]; command = "${pkgs.systemd}/bin/systemctl restart denise-bingo-beta.service"; }
55	{ options = [ "NOPASSWD" ]; command = "${pkgs.systemd}/bin/systemctl restart denise-bingo.service"; }
56	];
57	users = ["buildbot"];
58	runAs = "root";
59	}
60	];
61	services.websites.env.integration.vhostConfs.denise_bingo_beta = {
62	certName = "denise";
63	addToCerts = true;
64	hosts = [ "beta.bingo.syanni.eu" ];
65	root = null;
66	extraConfig = [
67	''
68	ProxyPreserveHost on
69	ProxyVia On
70	ProxyRequests Off
71	ProxyPassMatch ^/.well-known/acme-challenge !
72	ProxyPass / unix://${socket_beta}\|http://beta.bingo.syanni.eu/
73	ProxyPassReverse / unix://${socket_beta}\|http://beta.bingo.syanni.eu/
74	''
75	];
76	};
77
78	systemd.services.denise-bingo-beta = {
79	description = "Denise bingo beta website";
80	after = [ "network.target" ];
81	wantedBy = [ "multi-user.target" ];
82
83	serviceConfig = {
84	Type = "simple";
85	WorkingDirectory = varDirBeta;
86	ExecStart = let
87	python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask ]);
88	in
89	"${python}/bin/gunicorn -w4 -p /run/denise_bingo_beta/gunicorn.pid --bind unix:${socket_beta} app:app";
90	User = "wwwrun";
91	Restart = "always";
92	RestartSec = "5s";
93	PIDFile = "/run/denise_bingo_beta/gunicorn.pid";
94	RuntimeDirectory = "denise_bingo_beta";
95	StandardOutput = "journal";
96	StandardError = "inherit";
97	};
98	};
99	};
100	}


diff --git a/modules/private/websites/denise/denisejerome.nix b/modules/private/websites/denise/denisejerome.nix deleted file mode 100644 index a75e591..0000000 --- a/modules/private/websites/denise/denisejerome.nix +++ /dev/null
@@ -1,31 +0,0 @@
1	{ lib, config, ... }:
2	let
3	cfg = config.myServices.websites.denise.denisejerome;
4	varDir = "/var/lib/ftp/denise/denisejerome";
5	env = config.myEnv.websites.denisejerome;
6	in {
7	options.myServices.websites.denise.denisejerome.enable = lib.mkEnableOption "enable Denise Jerome's website";
8
9	config = lib.mkIf cfg.enable {
10	services.webstats.sites = [ { name = "denisejerome.piedsjaloux.fr"; } ];
11
12	services.websites.env.production.vhostConfs.denise_denisejerome = {
13	certName = "denise";
14	certMainHost = "denisejerome.piedsjaloux.fr";
15	hosts = ["denisejerome.piedsjaloux.fr" ];
16	root = varDir;
17	extraConfig = [
18	''
19	Use Stats denisejerome.piedsjaloux.fr
20
21	<Directory ${varDir}>
22	DirectoryIndex index.htm index.html
23	Options Indexes FollowSymLinks MultiViews Includes
24	AllowOverride AuthConfig
25	Require all granted
26	</Directory>
27	''
28	];
29	};
30	};
31	}


diff --git a/modules/private/websites/denise/evariste.nix b/modules/private/websites/denise/evariste.nix deleted file mode 100644 index 42f9b2e..0000000 --- a/modules/private/websites/denise/evariste.nix +++ /dev/null
@@ -1,104 +0,0 @@
1	{ lib, config, pkgs, ... }:
2	let
3	cfg = config.myServices.websites.denise.evariste;
4	nsiVarDir = "/var/lib/ftp/denise/nsievariste";
5	stmgVarDir = "/var/lib/ftp/denise/stmgevariste";
6	apacheUser = config.services.httpd.Prod.user;
7	apacheGroup = config.services.httpd.Prod.group;
8	in {
9	options.myServices.websites.denise.evariste.enable = lib.mkEnableOption "enable NSI/STMG Evariste website";
10
11	config = lib.mkIf cfg.enable {
12	services.webstats.sites = [
13	{ name = "nsievariste.immae.eu"; }
14	{ name = "stmgevariste.immae.eu"; }
15	];
16
17	services.websites.env.production.modules = [ "proxy_fcgi" ];
18	system.activationScripts.denise_evariste = {
19	deps = [ "httpd" ];
20	text = ''
21	install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/denise_nsievariste
22	install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/denise_stmgevariste
23	'';
24	};
25	services.phpfpm.pools.denise_nsievariste = {
26	user = apacheUser;
27	group = apacheGroup;
28	settings = {
29	"listen.owner" = apacheUser;
30	"listen.group" = apacheGroup;
31
32	"pm" = "ondemand";
33	"pm.max_children" = "5";
34	"pm.process_idle_timeout" = "60";
35
36	"php_admin_value[open_basedir]" = "/var/lib/php/sessions/denise_nsievariste:${nsiVarDir}:/tmp";
37	"php_admin_value[session.save_path]" = "/var/lib/php/sessions/denise_nsievariste";
38	};
39	phpPackage = pkgs.php72;
40	};
41	services.websites.env.production.vhostConfs.denise_nsievariste = {
42	certName = "denise_evariste";
43	addToCerts = true;
44	certMainHost = "nsievariste.immae.eu";
45	hosts = ["nsievariste.immae.eu" ];
46	root = nsiVarDir;
47	extraConfig = [
48	''
49	Use Stats nsievariste.immae.eu
50
51	<FilesMatch "\.php$">
52	SetHandler "proxy:unix:${config.services.phpfpm.pools.denise_nsievariste.socket}\|fcgi://localhost"
53	</FilesMatch>
54
55	<Directory ${nsiVarDir}>
56	DirectoryIndex index.php index.htm index.html
57	Options Indexes FollowSymLinks MultiViews Includes
58	AllowOverride None
59	Require all granted
60	</Directory>
61	''
62	];
63	};
64
65	services.phpfpm.pools.denise_stmgevariste = {
66	user = apacheUser;
67	group = apacheGroup;
68	settings = {
69	"listen.owner" = apacheUser;
70	"listen.group" = apacheGroup;
71
72	"pm" = "ondemand";
73	"pm.max_children" = "5";
74	"pm.process_idle_timeout" = "60";
75
76	"php_admin_value[open_basedir]" = "/var/lib/php/sessions/denise_stmgevariste:${stmgVarDir}:/tmp";
77	"php_admin_value[session.save_path]" = "/var/lib/php/sessions/denise_stmgevariste";
78	};
79	phpPackage = pkgs.php72;
80	};
81	services.websites.env.production.vhostConfs.denise_stmgevariste = {
82	certName = "denise_evariste";
83	addToCerts = true;
84	hosts = ["stmgevariste.immae.eu" ];
85	root = stmgVarDir;
86	extraConfig = [
87	''
88	Use Stats stmgevariste.immae.eu
89
90	<FilesMatch "\.php$">
91	SetHandler "proxy:unix:${config.services.phpfpm.pools.denise_stmgevariste.socket}\|fcgi://localhost"
92	</FilesMatch>
93
94	<Directory ${stmgVarDir}>
95	DirectoryIndex index.php index.htm index.html
96	Options Indexes FollowSymLinks MultiViews Includes
97	AllowOverride None
98	Require all granted
99	</Directory>
100	''
101	];
102	};
103	};
104	}


diff --git a/modules/private/websites/denise/oms.nix b/modules/private/websites/denise/oms.nix deleted file mode 100644 index 2f18037..0000000 --- a/modules/private/websites/denise/oms.nix +++ /dev/null
@@ -1,100 +0,0 @@
1	{ lib, config, pkgs, ... }:
2	let
3	cfg = config.myServices.websites.denise.oms;
4	varDir = "/var/lib/buildbot/outputs/denise/oms";
5	varDirBeta = "/var/lib/buildbot/outputs/denise/oms_beta";
6	socket = "/run/denise_oms/socket.sock";
7	socket_beta = "/run/denise_oms_beta/socket.sock";
8	in {
9	options.myServices.websites.denise.oms.enable = lib.mkEnableOption "enable Denise's OMS website";
10
11	config = lib.mkIf cfg.enable {
12	services.websites.env.production.vhostConfs.denise_oms = {
13	certName = "denise";
14	addToCerts = true;
15	hosts = [ "oms.syanni.eu" ];
16	root = null;
17	extraConfig = [
18	''
19	ProxyPreserveHost on
20	ProxyVia On
21	ProxyRequests Off
22	ProxyPassMatch ^/.well-known/acme-challenge !
23	ProxyPass / unix://${socket}\|http://oms.syanni.eu/
24	ProxyPassReverse / unix://${socket}\|http://oms.syanni.eu/
25	''
26	];
27	};
28
29	systemd.services.denise-oms = {
30	description = "Denise OMS website";
31	after = [ "network.target" ];
32	wantedBy = [ "multi-user.target" ];
33
34	serviceConfig = {
35	Type = "simple";
36	WorkingDirectory = varDir;
37	ExecStart = let
38	python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.matplotlib p.unidecode ]);
39	in
40	"${python}/bin/gunicorn -w4 -p /run/denise_oms/gunicorn.pid --bind unix:${socket} app:app";
41	User = "wwwrun";
42	Restart = "always";
43	RestartSec = "5s";
44	PIDFile = "/run/denise_oms/gunicorn.pid";
45	RuntimeDirectory = "denise_oms";
46	StandardOutput = "journal";
47	StandardError = "inherit";
48	};
49	};
50
51	security.sudo.extraRules = [
52	{
53	commands = [
54	{ options = [ "NOPASSWD" ]; command = "${pkgs.systemd}/bin/systemctl restart denise-oms-beta.service"; }
55	{ options = [ "NOPASSWD" ]; command = "${pkgs.systemd}/bin/systemctl restart denise-oms.service"; }
56	];
57	users = ["buildbot"];
58	runAs = "root";
59	}
60	];
61	services.websites.env.integration.vhostConfs.denise_oms_beta = {
62	certName = "denise";
63	addToCerts = true;
64	hosts = [ "beta.oms.syanni.eu" ];
65	root = null;
66	extraConfig = [
67	''
68	ProxyPreserveHost on
69	ProxyVia On
70	ProxyRequests Off
71	ProxyPassMatch ^/.well-known/acme-challenge !
72	ProxyPass / unix://${socket_beta}\|http://beta.oms.syanni.eu/
73	ProxyPassReverse / unix://${socket_beta}\|http://beta.oms.syanni.eu/
74	''
75	];
76	};
77
78	systemd.services.denise-oms-beta = {
79	description = "Denise OMS beta website";
80	after = [ "network.target" ];
81	wantedBy = [ "multi-user.target" ];
82
83	serviceConfig = {
84	Type = "simple";
85	WorkingDirectory = varDirBeta;
86	ExecStart = let
87	python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.matplotlib p.unidecode ]);
88	in
89	"${python}/bin/gunicorn -w4 -p /run/denise_oms_beta/gunicorn.pid --bind unix:${socket_beta} app:app";
90	User = "wwwrun";
91	Restart = "always";
92	RestartSec = "5s";
93	PIDFile = "/run/denise_oms_beta/gunicorn.pid";
94	RuntimeDirectory = "denise_oms_beta";
95	StandardOutput = "journal";
96	StandardError = "inherit";
97	};
98	};
99	};
100	}


diff --git a/modules/private/websites/denise/production.nix b/modules/private/websites/denise/production.nix deleted file mode 100644 index 9b28e9e..0000000 --- a/modules/private/websites/denise/production.nix +++ /dev/null
@@ -1,25 +0,0 @@
1	{ lib, config, pkgs, ... }:
2	let
3	cfg = config.myServices.websites.denise.production;
4	in {
5	options.myServices.websites.denise.production.enable = lib.mkEnableOption "enable Denise's website";
6
7	config = lib.mkIf cfg.enable {
8	services.websites.env.production.vhostConfs.denise_production = {
9	certName = "denise";
10	addToCerts = true;
11	hosts = [ "syanni.eu" "www.syanni.eu" ];
12	root = ../_www;
13	extraConfig = [
14	''
15	<Directory ${../_www}>
16	DirectoryIndex index.htm index.html
17	Options Indexes FollowSymLinks MultiViews Includes
18	AllowOverride AuthConfig
19	Require all granted
20	</Directory>
21	''
22	];
23	};
24	};
25	}