diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-04-18 16:10:56 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-04-20 01:51:48 +0200 |
commit | d3452fc59b9839846225fd254926c64a9c71f071 (patch) | |
tree | a98a0958b826ac4b2ab137720edf0195c65dd958 /modules/private/websites/piedsjaloux/production.nix | |
parent | 514f9ec3beec470c4445be690673a0ceab9115b4 (diff) | |
download | Nix-d3452fc59b9839846225fd254926c64a9c71f071.tar.gz Nix-d3452fc59b9839846225fd254926c64a9c71f071.tar.zst Nix-d3452fc59b9839846225fd254926c64a9c71f071.zip |
Refactor websites
Diffstat (limited to 'modules/private/websites/piedsjaloux/production.nix')
-rw-r--r-- | modules/private/websites/piedsjaloux/production.nix | 32 |
1 files changed, 21 insertions, 11 deletions
diff --git a/modules/private/websites/piedsjaloux/production.nix b/modules/private/websites/piedsjaloux/production.nix index d3e5c2b..4b2c056 100644 --- a/modules/private/websites/piedsjaloux/production.nix +++ b/modules/private/websites/piedsjaloux/production.nix | |||
@@ -1,16 +1,21 @@ | |||
1 | { lib, pkgs, config, ... }: | 1 | { lib, pkgs, config, ... }: |
2 | let | 2 | let |
3 | secrets = config.myEnv.websites.piedsjaloux.production; | 3 | secrets = config.myEnv.websites.piedsjaloux.production; |
4 | app = pkgs.webapps.piedsjaloux.override { environment = secrets.environment; }; | 4 | app = pkgs.callPackage ./app { |
5 | environment = secrets.environment; | ||
6 | varDir = "/var/lib/piedsjaloux_production"; | ||
7 | secretsPath = config.secrets.fullPaths."websites/piedsjaloux/production"; | ||
8 | }; | ||
5 | cfg = config.myServices.websites.piedsjaloux.production; | 9 | cfg = config.myServices.websites.piedsjaloux.production; |
6 | pcfg = config.services.phpApplication; | 10 | pcfg = config.services.phpApplication; |
11 | texlive = pkgs.texlive.combine { inherit (pkgs.texlive) attachfile preprint scheme-small; }; | ||
7 | in { | 12 | in { |
8 | options.myServices.websites.piedsjaloux.production.enable = lib.mkEnableOption "enable PiedsJaloux's website in production"; | 13 | options.myServices.websites.piedsjaloux.production.enable = lib.mkEnableOption "enable PiedsJaloux's website in production"; |
9 | 14 | ||
10 | config = lib.mkIf cfg.enable { | 15 | config = lib.mkIf cfg.enable { |
11 | services.duplyBackup.profiles.piedsjaloux_prod.rootDir = app.varDir; | 16 | services.duplyBackup.profiles.piedsjaloux_production.rootDir = app.varDir; |
12 | services.webstats.sites = [ { name = "piedsjaloux.fr"; } ]; | 17 | services.webstats.sites = [ { name = "piedsjaloux.fr"; } ]; |
13 | services.phpApplication.apps.piedsjaloux_prod = { | 18 | services.phpApplication.apps.piedsjaloux_production = { |
14 | websiteEnv = "production"; | 19 | websiteEnv = "production"; |
15 | httpdUser = config.services.httpd.Prod.user; | 20 | httpdUser = config.services.httpd.Prod.user; |
16 | httpdGroup = config.services.httpd.Prod.group; | 21 | httpdGroup = config.services.httpd.Prod.group; |
@@ -35,16 +40,21 @@ in { | |||
35 | "pm.max_spare_servers" = "3"; | 40 | "pm.max_spare_servers" = "3"; |
36 | }; | 41 | }; |
37 | phpEnv = { | 42 | phpEnv = { |
38 | PATH = lib.makeBinPath [ pkgs.apg pkgs.unzip ]; | 43 | PATH = lib.makeBinPath [ |
44 | pkgs.apg pkgs.unzip | ||
45 | # below ones don't need to be in the PATH but they’re used in | ||
46 | # secrets | ||
47 | pkgs.imagemagick texlive | ||
48 | ]; | ||
39 | }; | 49 | }; |
40 | phpWatchFiles = [ | 50 | phpWatchFiles = [ |
41 | config.secrets.fullPaths."webapps/${app.environment}-piedsjaloux" | 51 | app.secretsPath |
42 | ]; | 52 | ]; |
43 | }; | 53 | }; |
44 | 54 | ||
45 | secrets.keys = [ | 55 | secrets.keys = [ |
46 | { | 56 | { |
47 | dest = "webapps/${app.environment}-piedsjaloux"; | 57 | dest = "websites/piedsjaloux/production"; |
48 | user = config.services.httpd.Prod.user; | 58 | user = config.services.httpd.Prod.user; |
49 | group = config.services.httpd.Prod.group; | 59 | group = config.services.httpd.Prod.group; |
50 | permissions = "0400"; | 60 | permissions = "0400"; |
@@ -62,18 +72,18 @@ in { | |||
62 | mailer_user: null | 72 | mailer_user: null |
63 | mailer_password: null | 73 | mailer_password: null |
64 | secret: ${secrets.secret} | 74 | secret: ${secrets.secret} |
65 | pdflatex: "${pkgs.texlive.combine { inherit (pkgs.texlive) attachfile preprint scheme-small; }}/bin/pdflatex" | 75 | pdflatex: "${texlive}/bin/pdflatex" |
66 | leapt_im: | 76 | leapt_im: |
67 | binary_path: ${pkgs.imagemagick}/bin | 77 | binary_path: ${pkgs.imagemagick}/bin |
68 | ''; | 78 | ''; |
69 | } | 79 | } |
70 | ]; | 80 | ]; |
71 | 81 | ||
72 | services.websites.env.production.vhostConfs.piedsjaloux_prod = { | 82 | services.websites.env.production.vhostConfs.piedsjaloux_production = { |
73 | certName = "piedsjaloux"; | 83 | certName = "piedsjaloux"; |
74 | certMainHost = "piedsjaloux.fr"; | 84 | certMainHost = "piedsjaloux.fr"; |
75 | hosts = [ "piedsjaloux.fr" "www.piedsjaloux.fr" ]; | 85 | hosts = [ "piedsjaloux.fr" "www.piedsjaloux.fr" ]; |
76 | root = pcfg.webappDirs.piedsjaloux_prod; | 86 | root = pcfg.webappDirs.piedsjaloux_production; |
77 | extraConfig = [ | 87 | extraConfig = [ |
78 | '' | 88 | '' |
79 | RewriteEngine on | 89 | RewriteEngine on |
@@ -81,12 +91,12 @@ in { | |||
81 | RewriteRule ^(.+)$ https://www.piedsjaloux.fr$1 [R=302,L] | 91 | RewriteRule ^(.+)$ https://www.piedsjaloux.fr$1 [R=302,L] |
82 | 92 | ||
83 | <FilesMatch "\.php$"> | 93 | <FilesMatch "\.php$"> |
84 | SetHandler "proxy:unix:${pcfg.phpListenPaths.piedsjaloux_prod}|fcgi://localhost" | 94 | SetHandler "proxy:unix:${pcfg.phpListenPaths.piedsjaloux_production}|fcgi://localhost" |
85 | </FilesMatch> | 95 | </FilesMatch> |
86 | 96 | ||
87 | Use Stats piedsjaloux.fr | 97 | Use Stats piedsjaloux.fr |
88 | 98 | ||
89 | <Directory ${pcfg.webappDirs.piedsjaloux_prod}> | 99 | <Directory ${pcfg.webappDirs.piedsjaloux_production}> |
90 | Options Indexes FollowSymLinks MultiViews Includes | 100 | Options Indexes FollowSymLinks MultiViews Includes |
91 | AllowOverride All | 101 | AllowOverride All |
92 | Require all granted | 102 | Require all granted |