Refactor websites

1 files changed, 21 insertions, 11 deletions

diff --git a/modules/private/websites/piedsjaloux/production.nix b/modules/private/websites/piedsjaloux/production.nix
index d3e5c2b..4b2c056 100644
--- a/modules/private/websites/piedsjaloux/production.nix
+++ b/modules/private/websites/piedsjaloux/production.nix
@@ -1,16 +1,21 @@
 { lib, pkgs, config,  ... }:
 let
   secrets = config.myEnv.websites.piedsjaloux.production;
-  app = pkgs.webapps.piedsjaloux.override { environment = secrets.environment; };
+  app = pkgs.callPackage ./app {
+    environment = secrets.environment;
+    varDir = "/var/lib/piedsjaloux_production";
+    secretsPath = config.secrets.fullPaths."websites/piedsjaloux/production";
+  };
   cfg = config.myServices.websites.piedsjaloux.production;
   pcfg = config.services.phpApplication;
+  texlive = pkgs.texlive.combine { inherit (pkgs.texlive) attachfile preprint scheme-small; };
 in {
   options.myServices.websites.piedsjaloux.production.enable = lib.mkEnableOption "enable PiedsJaloux's website in production";
 
   config = lib.mkIf cfg.enable {
-    services.duplyBackup.profiles.piedsjaloux_prod.rootDir = app.varDir;
+    services.duplyBackup.profiles.piedsjaloux_production.rootDir = app.varDir;
     services.webstats.sites = [ { name = "piedsjaloux.fr"; } ];
-    services.phpApplication.apps.piedsjaloux_prod = {
+    services.phpApplication.apps.piedsjaloux_production = {
       websiteEnv = "production";
       httpdUser = config.services.httpd.Prod.user;
       httpdGroup = config.services.httpd.Prod.group;
@@ -35,16 +40,21 @@ in {
         "pm.max_spare_servers" = "3";
       };
       phpEnv = {
-        PATH = lib.makeBinPath [ pkgs.apg pkgs.unzip ];
+        PATH = lib.makeBinPath [
+          pkgs.apg pkgs.unzip
+          # below ones don't need to be in the PATH but they’re used in
+          # secrets
+          pkgs.imagemagick texlive
+        ];
       };
       phpWatchFiles = [
-        config.secrets.fullPaths."webapps/${app.environment}-piedsjaloux"
+        app.secretsPath
       ];
     };
 
     secrets.keys = [
       {
-        dest = "webapps/${app.environment}-piedsjaloux";
+        dest = "websites/piedsjaloux/production";
         user = config.services.httpd.Prod.user;
         group = config.services.httpd.Prod.group;
         permissions = "0400";
@@ -62,18 +72,18 @@ in {
               mailer_user: null
               mailer_password: null
               secret: ${secrets.secret}
-              pdflatex: "${pkgs.texlive.combine { inherit (pkgs.texlive) attachfile preprint scheme-small; }}/bin/pdflatex"
+              pdflatex: "${texlive}/bin/pdflatex"
           leapt_im:
               binary_path: ${pkgs.imagemagick}/bin
         '';
       }
     ];
 
-    services.websites.env.production.vhostConfs.piedsjaloux_prod = {
+    services.websites.env.production.vhostConfs.piedsjaloux_production = {
       certName     = "piedsjaloux";
       certMainHost = "piedsjaloux.fr";
       hosts        = [ "piedsjaloux.fr" "www.piedsjaloux.fr" ];
-      root         = pcfg.webappDirs.piedsjaloux_prod;
+      root         = pcfg.webappDirs.piedsjaloux_production;
       extraConfig  = [
         ''
         RewriteEngine on
@@ -81,12 +91,12 @@ in {
         RewriteRule ^(.+)$ https://www.piedsjaloux.fr$1 [R=302,L]
 
         <FilesMatch "\.php$">
-          SetHandler "proxy:unix:${pcfg.phpListenPaths.piedsjaloux_prod}|fcgi://localhost"
+          SetHandler "proxy:unix:${pcfg.phpListenPaths.piedsjaloux_production}|fcgi://localhost"
         </FilesMatch>
 
         Use Stats piedsjaloux.fr
 
-        <Directory ${pcfg.webappDirs.piedsjaloux_prod}>
+        <Directory ${pcfg.webappDirs.piedsjaloux_production}>
           Options Indexes FollowSymLinks MultiViews Includes
           AllowOverride All
           Require all granted