Refactor websites

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2020-04-18 16:10:56 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2020-04-20 01:51:48 +0200
commit: d3452fc59b9839846225fd254926c64a9c71f071 (patch)
tree: a98a0958b826ac4b2ab137720edf0195c65dd958 /modules/private/websites/emilia
parent: 514f9ec3beec470c4445be690673a0ceab9115b4 (diff)
download: Nix-d3452fc59b9839846225fd254926c64a9c71f071.tar.gz
Nix-d3452fc59b9839846225fd254926c64a9c71f071.tar.zst
Nix-d3452fc59b9839846225fd254926c64a9c71f071.zip
4 files changed, 69 insertions, 185 deletions
diff --git a/modules/private/websites/emilia/moodle.nix b/modules/private/websites/emilia/moodle.nix
new file mode 100644
index 0000000..d49faf5
--- /dev/null
+++ b/modules/private/websites/emilia/moodle.nix
@@ -0,0 +1,69 @@
+{ lib, pkgs, config,  ... }:
+let
+  cfg = config.myServices.websites.emilia.moodle;
+  env = config.myEnv.websites.emilia;
+  varDir = "/var/lib/emilia_moodle";
+  siteDir = ./moodle;
+  webappName = "emilia_moodle";
+  webappdir = config.services.websites.webappDirsPaths.emilia_moodle;
+  # php_admin_value[upload_max_filesize] = 50000000
+  # php_admin_value[post_max_size] = 50000000
+  configFile = ''
+    <?php  // Moodle configuration file
+    unset($CFG);
+    global $CFG;
+    $CFG = new stdClass();
+    $CFG->dbtype    = 'pgsql';
+    $CFG->dblibrary = 'native';
+    $CFG->dbhost    = '${env.postgresql.host}';
+    $CFG->dbname    = '${env.postgresql.database}';
+    $CFG->dbuser    = '${env.postgresql.user}';
+    $CFG->dbpass    = '${env.postgresql.password}';
+    $CFG->prefix    = 'mdl_';
+    $CFG->dboptions = array (
+      'dbpersist' => 0,
+      'dbport' => '${env.postgreesql.port}',
+      'dbsocket' => '${env.postgresql.password}',
+    );
+    $CFG->wwwroot   = 'https://www.saison-photo.org';
+    $CFG->dataroot  = '${varDir}';
+    $CFG->admin     = 'admin';
+    $CFG->directorypermissions = 02777;
+    require_once(__DIR__ . '/lib/setup.php');
+    // There is no php closing tag in this file,
+    // it is intentional because it prevents trailing whitespace problems!
+    '';
+  apacheUser = config.services.httpd.Prod.user;
+  apacheGroup = config.services.httpd.Prod.group;
+in {
+  options.myServices.websites.emilia.moodle.enable = lib.mkEnableOption "enable Emilia's website";
+  config = lib.mkIf cfg.enable {
+    services.duplyBackup.profiles.emilia_moodle.rootDir = varDir;
+    system.activationScripts.emilia_moodle = ''
+      install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${varDir}
+      '';
+    services.websites.webappDirs.emilia_moodle = siteDir;
+    services.websites.env.production.vhostConfs.emilia_moodle = {
+      certName     = "emilia";
+      certMainHost = "saison-photo.org";
+      hosts        = [ "saison-photo.org" "www.saison-photo.org" ];
+      root         = webappdir;
+      extraConfig  = [
+        ''
+        <Directory ${webappdir}>
+          DirectoryIndex pause.html
+          Options Indexes FollowSymLinks MultiViews Includes
+          Require all granted
+        </Directory>
+          ''
+      ];
+    };
+  };
+}
diff --git a/modules/private/websites/emilia/production.nix b/modules/private/websites/emilia/production.nix
deleted file mode 100644
index 71b97dd..0000000
--- a/modules/private/websites/emilia/production.nix
+++ /dev/null
@@ -1,69 +0,0 @@
-{ lib, pkgs, config,  ... }:
-let
-    cfg = config.myServices.websites.emilia.production;
-    env = config.myEnv.websites.emilia;
-    varDir = "/var/lib/moodle";
-    siteDir = ./moodle;
-    webappName = "emilia_moodle";
-    root = "/run/current-system/webapps/${webappName}";
-    # php_admin_value[upload_max_filesize] = 50000000
-    # php_admin_value[post_max_size] = 50000000
-    configFile = ''
-      <?php  // Moodle configuration file
-      unset($CFG);
-      global $CFG;
-      $CFG = new stdClass();
-      $CFG->dbtype    = 'pgsql';
-      $CFG->dblibrary = 'native';
-      $CFG->dbhost    = '${env.postgresql.host}';
-      $CFG->dbname    = '${env.postgresql.database}';
-      $CFG->dbuser    = '${env.postgresql.user}';
-      $CFG->dbpass    = '${env.postgresql.password}';
-      $CFG->prefix    = 'mdl_';
-      $CFG->dboptions = array (
-        'dbpersist' => 0,
-        'dbport' => '${env.postgreesql.port}',
-        'dbsocket' => '${env.postgresql.password}',
-      );
-      $CFG->wwwroot   = 'https://www.saison-photo.org';
-      $CFG->dataroot  = '${varDir}';
-      $CFG->admin     = 'admin';
-      $CFG->directorypermissions = 02777;
-      require_once(__DIR__ . '/lib/setup.php');
-      // There is no php closing tag in this file,
-      // it is intentional because it prevents trailing whitespace problems!
-      '';
-in {
-  options.myServices.websites.emilia.production.enable = lib.mkEnableOption "enable Emilia's website";
-  config = lib.mkIf cfg.enable {
-    services.duplyBackup.profiles.emilia_prod = {
-      rootDir = varDir;
-    };
-    system.activationScripts.emilia = ''
-      install -m 0755 -o wwwrun -g wwwrun -d ${varDir}
-      '';
-    myServices.websites.webappDirs."${webappName}" = siteDir;
-    services.websites.env.production.vhostConfs.emilia = {
-      certName     = "emilia";
-      certMainHost = "saison-photo.org";
-      hosts        = [ "saison-photo.org" "www.saison-photo.org" ];
-      root         = root;
-      extraConfig  = [
-        ''
-        <Directory ${root}>
-          DirectoryIndex pause.html
-          Options Indexes FollowSymLinks MultiViews Includes
-          Require all granted
-        </Directory>
-          ''
-      ];
-    };
-  };
-}
diff --git a/modules/private/websites/emilia/richie.json b/modules/private/websites/emilia/richie.json
deleted file mode 100644
index f51d8c1..0000000
--- a/modules/private/websites/emilia/richie.json
+++ /dev/null
@@ -1,14 +0,0 @@
-{
-  "tag": "11490d4-master",
-  "meta": {
-    "name": "richie",
-    "url": "ssh://gitolite@git.immae.eu/perso/Immae/Sites/Richie",
-    "branch": "master"
-  },
-  "git": {
-    "url": "ssh://gitolite@git.immae.eu/perso/Immae/Sites/Richie",
-    "rev": "11490d4591034deca7681aae8d9a22ca6cd8da4a",
-    "sha256": "1rlq5qkbaw9n7yxhyvvimrizwkpqlhhsc8mhipzxlwk1si81fci1",
-    "fetchSubmodules": true
-  }
-}
diff --git a/modules/private/websites/emilia/richie.nix b/modules/private/websites/emilia/richie.nix
deleted file mode 100644
index 98ab1cd..0000000
--- a/modules/private/websites/emilia/richie.nix
+++ /dev/null
@@ -1,102 +0,0 @@
-{ lib, config, pkgs, ... }:
-let
-  cfg = config.myServices.websites.emilia.richie_production;
-  vardir = "/var/lib/richie_production";
-  richieSrc = pkgs.stdenv.mkDerivation (pkgs.mylibs.fetchedGitPrivate ./richie.json // {
-    phases = "installPhase";
-    installPhase = ''
-      cp -a $src $out
-      chmod -R u+w $out
-      ln -sf ${vardir}/files $out/
-      ln -sf ${vardir}/drapeaux $out/images/
-      ln -sf ${vardir}/photos $out/
-      sed -i "s@localedef --list-archive@localedef --list-archive /run/current-system/sw/lib/locale/locale-archive@" $out/admin/parametres.php
-      '';
-  });
-in
-{
-  options.myServices.websites.emilia.richie_production.enable = lib.mkEnableOption "enable Richie's website";
-  config = lib.mkIf cfg.enable {
-    services.duplyBackup.profiles.richie_production.rootDir = vardir;
-    services.webstats.sites = [ { name = "europe-richie.org"; } ];
-    secrets.keys = [{
-      dest = "webapps/prod-richie";
-      user = "wwwrun";
-      group = "wwwrun";
-      permissions = "0400";
-      text = with config.myEnv.websites.richie; ''
-        <?php
-        $hote_sql = '${mysql.host}';
-        $login_sql = '${mysql.user}';
-        $bdd_sql = '${mysql.database}';
-        $mdp_sql = '${mysql.password}';
-        $db = mysqli_connect($hote_sql,$login_sql,$mdp_sql);
-        unset($mdp_sql);
-        $smtp_mailer->Auth('${smtp_mailer.user}', '${smtp_mailer.password}');
-        ?>
-        '';
-    }];
-    myServices.websites.webappDirs.richie_production = richieSrc;
-    system.activationScripts.richie_production = {
-      deps = [ "httpd" ];
-      text = ''
-        install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/richie_production
-        install -m 0755 -o wwwrun -g wwwrun -d ${vardir}
-        '';
-    };
-    services.phpfpm.pools.richie_production = {
-      user = "wwwrun";
-      group = "wwwrun";
-      settings = {
-        "listen.owner" = "wwwrun";
-        "listen.group" = "wwwrun";
-        "pm" = "ondemand";
-        "pm.max_children" = "5";
-        "pm.process_idle_timeout" = "60";
-        "php_admin_value[open_basedir]" = "${vardir}:/var/lib/php/sessions/richie_production:/var/secrets/webapps/prod-richie:${richieSrc}:/tmp";
-        "php_admin_value[session.save_path]" = "/var/lib/php/sessions/richie_production";
-      };
-      phpEnv = {
-        PATH = "/run/current-system/sw/bin:${lib.makeBinPath [ pkgs.imagemagick ]}";
-        BDD_CONNECT = "/var/secrets/webapps/prod-richie";
-      };
-      phpOptions = config.services.phpfpm.phpOptions + ''
-        date.timezone = 'Europe/Paris'
-        extension=${pkgs.php}/lib/php/extensions/mysqli.so
-        '';
-    };
-    services.websites.env.production.modules = [ "proxy_fcgi" ];
-    services.websites.env.production.vhostConfs.richie_production = {
-      certName    = "richie";
-      addToCerts  = true;
-      certMainHost = "europe-richie.org";
-      hosts       = [ "europe-richie.org" "www.europe-richie.org" ];
-      root        = "/run/current-system/webapps/richie_production";
-      extraConfig = [
-        ''
-        Use Stats europe-richie.org
-        ErrorDocument 404 /404.html
-        <LocationMatch "^/files/.*/admin/">
-          Require all denied
-        </LocationMatch>
-        <Directory /run/current-system/webapps/richie_production>
-          DirectoryIndex index.php index.htm index.html
-          Options Indexes FollowSymLinks MultiViews Includes
-          AllowOverride None
-          Require all granted
-          <FilesMatch "\.php$">
-            SetHandler "proxy:unix:${config.services.phpfpm.pools.richie_production.socket}|fcgi://localhost"
-          </FilesMatch>
-        </Directory>
-          ''
-      ];
-    };
-  };
-}
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2020-04-18 16:10:56 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2020-04-20 01:51:48 +0200
commit	d3452fc59b9839846225fd254926c64a9c71f071 (patch)
tree	a98a0958b826ac4b2ab137720edf0195c65dd958 /modules/private/websites/emilia
parent	514f9ec3beec470c4445be690673a0ceab9115b4 (diff)
download	Nix-d3452fc59b9839846225fd254926c64a9c71f071.tar.gz Nix-d3452fc59b9839846225fd254926c64a9c71f071.tar.zst Nix-d3452fc59b9839846225fd254926c64a9c71f071.zip

diff --git a/modules/private/websites/emilia/moodle.nix b/modules/private/websites/emilia/moodle.nix new file mode 100644 index 0000000..d49faf5 --- /dev/null +++ b/modules/private/websites/emilia/moodle.nix
@@ -0,0 +1,69 @@
		1	{ lib, pkgs, config, ... }:
		2	let
		3	cfg = config.myServices.websites.emilia.moodle;
		4	env = config.myEnv.websites.emilia;
		5	varDir = "/var/lib/emilia_moodle";
		6	siteDir = ./moodle;
		7	webappName = "emilia_moodle";
		8	webappdir = config.services.websites.webappDirsPaths.emilia_moodle;
		9	# php_admin_value[upload_max_filesize] = 50000000
		10	# php_admin_value[post_max_size] = 50000000
		11	configFile = ''
		12	<?php // Moodle configuration file
		13
		14	unset($CFG);
		15	global $CFG;
		16	$CFG = new stdClass();
		17
		18	$CFG->dbtype = 'pgsql';
		19	$CFG->dblibrary = 'native';
		20	$CFG->dbhost = '${env.postgresql.host}';
		21	$CFG->dbname = '${env.postgresql.database}';
		22	$CFG->dbuser = '${env.postgresql.user}';
		23	$CFG->dbpass = '${env.postgresql.password}';
		24	$CFG->prefix = 'mdl_';
		25	$CFG->dboptions = array (
		26	'dbpersist' => 0,
		27	'dbport' => '${env.postgreesql.port}',
		28	'dbsocket' => '${env.postgresql.password}',
		29	);
		30
		31	$CFG->wwwroot = 'https://www.saison-photo.org';
		32	$CFG->dataroot = '${varDir}';
		33	$CFG->admin = 'admin';
		34
		35	$CFG->directorypermissions = 02777;
		36
		37	require_once(__DIR__ . '/lib/setup.php');
		38
		39	// There is no php closing tag in this file,
		40	// it is intentional because it prevents trailing whitespace problems!
		41	'';
		42	apacheUser = config.services.httpd.Prod.user;
		43	apacheGroup = config.services.httpd.Prod.group;
		44	in {
		45	options.myServices.websites.emilia.moodle.enable = lib.mkEnableOption "enable Emilia's website";
		46
		47	config = lib.mkIf cfg.enable {
		48	services.duplyBackup.profiles.emilia_moodle.rootDir = varDir;
		49	system.activationScripts.emilia_moodle = ''
		50	install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${varDir}
		51	'';
		52	services.websites.webappDirs.emilia_moodle = siteDir;
		53	services.websites.env.production.vhostConfs.emilia_moodle = {
		54	certName = "emilia";
		55	certMainHost = "saison-photo.org";
		56	hosts = [ "saison-photo.org" "www.saison-photo.org" ];
		57	root = webappdir;
		58	extraConfig = [
		59	''
		60	<Directory ${webappdir}>
		61	DirectoryIndex pause.html
		62	Options Indexes FollowSymLinks MultiViews Includes
		63	Require all granted
		64	</Directory>
		65	''
		66	];
		67	};
		68	};
		69	}


diff --git a/modules/private/websites/emilia/production.nix b/modules/private/websites/emilia/production.nix deleted file mode 100644 index 71b97dd..0000000 --- a/modules/private/websites/emilia/production.nix +++ /dev/null
@@ -1,69 +0,0 @@
1	{ lib, pkgs, config, ... }:
2	let
3	cfg = config.myServices.websites.emilia.production;
4	env = config.myEnv.websites.emilia;
5	varDir = "/var/lib/moodle";
6	siteDir = ./moodle;
7	webappName = "emilia_moodle";
8	root = "/run/current-system/webapps/${webappName}";
9	# php_admin_value[upload_max_filesize] = 50000000
10	# php_admin_value[post_max_size] = 50000000
11	configFile = ''
12	<?php // Moodle configuration file
13
14	unset($CFG);
15	global $CFG;
16	$CFG = new stdClass();
17
18	$CFG->dbtype = 'pgsql';
19	$CFG->dblibrary = 'native';
20	$CFG->dbhost = '${env.postgresql.host}';
21	$CFG->dbname = '${env.postgresql.database}';
22	$CFG->dbuser = '${env.postgresql.user}';
23	$CFG->dbpass = '${env.postgresql.password}';
24	$CFG->prefix = 'mdl_';
25	$CFG->dboptions = array (
26	'dbpersist' => 0,
27	'dbport' => '${env.postgreesql.port}',
28	'dbsocket' => '${env.postgresql.password}',
29	);
30
31	$CFG->wwwroot = 'https://www.saison-photo.org';
32	$CFG->dataroot = '${varDir}';
33	$CFG->admin = 'admin';
34
35	$CFG->directorypermissions = 02777;
36
37	require_once(__DIR__ . '/lib/setup.php');
38
39	// There is no php closing tag in this file,
40	// it is intentional because it prevents trailing whitespace problems!
41	'';
42	in {
43	options.myServices.websites.emilia.production.enable = lib.mkEnableOption "enable Emilia's website";
44
45	config = lib.mkIf cfg.enable {
46	services.duplyBackup.profiles.emilia_prod = {
47	rootDir = varDir;
48	};
49	system.activationScripts.emilia = ''
50	install -m 0755 -o wwwrun -g wwwrun -d ${varDir}
51	'';
52	myServices.websites.webappDirs."${webappName}" = siteDir;
53	services.websites.env.production.vhostConfs.emilia = {
54	certName = "emilia";
55	certMainHost = "saison-photo.org";
56	hosts = [ "saison-photo.org" "www.saison-photo.org" ];
57	root = root;
58	extraConfig = [
59	''
60	<Directory ${root}>
61	DirectoryIndex pause.html
62	Options Indexes FollowSymLinks MultiViews Includes
63	Require all granted
64	</Directory>
65	''
66	];
67	};
68	};
69	}


diff --git a/modules/private/websites/emilia/richie.json b/modules/private/websites/emilia/richie.json deleted file mode 100644 index f51d8c1..0000000 --- a/modules/private/websites/emilia/richie.json +++ /dev/null
@@ -1,14 +0,0 @@
1	{
2	"tag": "11490d4-master",
3	"meta": {
4	"name": "richie",
5	"url": "ssh://gitolite@git.immae.eu/perso/Immae/Sites/Richie",
6	"branch": "master"
7	},
8	"git": {
9	"url": "ssh://gitolite@git.immae.eu/perso/Immae/Sites/Richie",
10	"rev": "11490d4591034deca7681aae8d9a22ca6cd8da4a",
11	"sha256": "1rlq5qkbaw9n7yxhyvvimrizwkpqlhhsc8mhipzxlwk1si81fci1",
12	"fetchSubmodules": true
13	}
14	}


diff --git a/modules/private/websites/emilia/richie.nix b/modules/private/websites/emilia/richie.nix deleted file mode 100644 index 98ab1cd..0000000 --- a/modules/private/websites/emilia/richie.nix +++ /dev/null
@@ -1,102 +0,0 @@
1	{ lib, config, pkgs, ... }:
2	let
3	cfg = config.myServices.websites.emilia.richie_production;
4	vardir = "/var/lib/richie_production";
5	richieSrc = pkgs.stdenv.mkDerivation (pkgs.mylibs.fetchedGitPrivate ./richie.json // {
6	phases = "installPhase";
7	installPhase = ''
8	cp -a $src $out
9	chmod -R u+w $out
10	ln -sf ${vardir}/files $out/
11	ln -sf ${vardir}/drapeaux $out/images/
12	ln -sf ${vardir}/photos $out/
13	sed -i "s@localedef --list-archive@localedef --list-archive /run/current-system/sw/lib/locale/locale-archive@" $out/admin/parametres.php
14	'';
15	});
16	in
17	{
18	options.myServices.websites.emilia.richie_production.enable = lib.mkEnableOption "enable Richie's website";
19	config = lib.mkIf cfg.enable {
20	services.duplyBackup.profiles.richie_production.rootDir = vardir;
21	services.webstats.sites = [ { name = "europe-richie.org"; } ];
22
23	secrets.keys = [{
24	dest = "webapps/prod-richie";
25	user = "wwwrun";
26	group = "wwwrun";
27	permissions = "0400";
28	text = with config.myEnv.websites.richie; ''
29	<?php
30
31	$hote_sql = '${mysql.host}';
32	$login_sql = '${mysql.user}';
33	$bdd_sql = '${mysql.database}';
34	$mdp_sql = '${mysql.password}';
35
36	$db = mysqli_connect($hote_sql,$login_sql,$mdp_sql);
37	unset($mdp_sql);
38
39	$smtp_mailer->Auth('${smtp_mailer.user}', '${smtp_mailer.password}');
40	?>
41	'';
42	}];
43	myServices.websites.webappDirs.richie_production = richieSrc;
44	system.activationScripts.richie_production = {
45	deps = [ "httpd" ];
46	text = ''
47	install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/richie_production
48	install -m 0755 -o wwwrun -g wwwrun -d ${vardir}
49	'';
50	};
51	services.phpfpm.pools.richie_production = {
52	user = "wwwrun";
53	group = "wwwrun";
54	settings = {
55	"listen.owner" = "wwwrun";
56	"listen.group" = "wwwrun";
57
58	"pm" = "ondemand";
59	"pm.max_children" = "5";
60	"pm.process_idle_timeout" = "60";
61
62	"php_admin_value[open_basedir]" = "${vardir}:/var/lib/php/sessions/richie_production:/var/secrets/webapps/prod-richie:${richieSrc}:/tmp";
63	"php_admin_value[session.save_path]" = "/var/lib/php/sessions/richie_production";
64	};
65	phpEnv = {
66	PATH = "/run/current-system/sw/bin:${lib.makeBinPath [ pkgs.imagemagick ]}";
67	BDD_CONNECT = "/var/secrets/webapps/prod-richie";
68	};
69	phpOptions = config.services.phpfpm.phpOptions + ''
70	date.timezone = 'Europe/Paris'
71	extension=${pkgs.php}/lib/php/extensions/mysqli.so
72	'';
73	};
74	services.websites.env.production.modules = [ "proxy_fcgi" ];
75	services.websites.env.production.vhostConfs.richie_production = {
76	certName = "richie";
77	addToCerts = true;
78	certMainHost = "europe-richie.org";
79	hosts = [ "europe-richie.org" "www.europe-richie.org" ];
80	root = "/run/current-system/webapps/richie_production";
81	extraConfig = [
82	''
83	Use Stats europe-richie.org
84	ErrorDocument 404 /404.html
85	<LocationMatch "^/files/.*/admin/">
86	Require all denied
87	</LocationMatch>
88	<Directory /run/current-system/webapps/richie_production>
89	DirectoryIndex index.php index.htm index.html
90	Options Indexes FollowSymLinks MultiViews Includes
91	AllowOverride None
92	Require all granted
93
94	<FilesMatch "\.php$">
95	SetHandler "proxy:unix:${config.services.phpfpm.pools.richie_production.socket}\|fcgi://localhost"
96	</FilesMatch>
97	</Directory>
98	''
99	];
100	};
101	};
102	}