aboutsummaryrefslogtreecommitdiff
path: root/modules/private
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2020-01-11 15:34:31 +0100
committerIsmaël Bouya <ismael.bouya@normalesup.org>2020-01-11 15:34:31 +0100
commit423c3f1caefdf5f125a2acf7456b5ca0273cee4b (patch)
tree079f24a9d16dd83d0779d4f7a4c17e49a0160457 /modules/private
parent619e4f46adc15e409122c4e0fa0e0a0b811bb32f (diff)
downloadNix-423c3f1caefdf5f125a2acf7456b5ca0273cee4b.tar.gz
Nix-423c3f1caefdf5f125a2acf7456b5ca0273cee4b.tar.zst
Nix-423c3f1caefdf5f125a2acf7456b5ca0273cee4b.zip
Add iridologie via spip
Diffstat (limited to 'modules/private')
-rw-r--r--modules/private/environment.nix12
-rw-r--r--modules/private/websites/isabelle/config/chmod.php4
-rw-r--r--modules/private/websites/isabelle/config/connect.php15
-rw-r--r--modules/private/websites/isabelle/config/ldap.php9
-rw-r--r--modules/private/websites/isabelle/iridologie.nix76
-rw-r--r--modules/private/websites/isabelle/spip_builder.nix99
6 files changed, 171 insertions, 44 deletions
diff --git a/modules/private/environment.nix b/modules/private/environment.nix
index 98d50b1..50f153a 100644
--- a/modules/private/environment.nix
+++ b/modules/private/environment.nix
@@ -1005,6 +1005,16 @@ in
1005 options = { 1005 options = {
1006 aten_production = atenSubmodule; 1006 aten_production = atenSubmodule;
1007 aten_integration = atenSubmodule; 1007 aten_integration = atenSubmodule;
1008 iridologie = mkOption {
1009 description = "environment configuration";
1010 type = submodule {
1011 options = {
1012 environment = mkOption { type = str; description = "SPIP environment"; };
1013 mysql = mkMysqlOptions "Iridologie" {};
1014 ldap = mkLdapOptions "Iridologie" {};
1015 };
1016 };
1017 };
1008 }; 1018 };
1009 }; 1019 };
1010 }; 1020 };
@@ -1016,7 +1026,7 @@ in
1016 description = "environment configuration"; 1026 description = "environment configuration";
1017 type = submodule { 1027 type = submodule {
1018 options = { 1028 options = {
1019 environment = mkOption { type = str; description = "Symfony environment"; }; 1029 environment = mkOption { type = str; description = "SPIP environment"; };
1020 mysql = mkMysqlOptions "Chloe" {}; 1030 mysql = mkMysqlOptions "Chloe" {};
1021 ldap = mkLdapOptions "Chloe" {}; 1031 ldap = mkLdapOptions "Chloe" {};
1022 }; 1032 };
diff --git a/modules/private/websites/isabelle/config/chmod.php b/modules/private/websites/isabelle/config/chmod.php
new file mode 100644
index 0000000..aae16cd
--- /dev/null
+++ b/modules/private/websites/isabelle/config/chmod.php
@@ -0,0 +1,4 @@
1<?php
2if (!defined("_ECRIRE_INC_VERSION")) return;
3if (!defined('_SPIP_CHMOD')) define('_SPIP_CHMOD', 0777);
4?> \ No newline at end of file
diff --git a/modules/private/websites/isabelle/config/connect.php b/modules/private/websites/isabelle/config/connect.php
new file mode 100644
index 0000000..18b0933
--- /dev/null
+++ b/modules/private/websites/isabelle/config/connect.php
@@ -0,0 +1,15 @@
1<?php
2if (!defined("_ECRIRE_INC_VERSION")) return;
3define('_MYSQL_SET_SQL_MODE',true);
4$GLOBALS['spip_connect_version'] = 0.7;
5spip_connect_db(
6 getenv("SPIP_MYSQL_HOST"),
7 getenv("SPIP_MYSQL_PORT"),
8 getenv("SPIP_MYSQL_USER"),
9 getenv("SPIP_MYSQL_PASSWORD"),
10 getenv("SPIP_MYSQL_DB"),
11 'mysql',
12 'spip',
13 'ldap.php'
14);
15?>
diff --git a/modules/private/websites/isabelle/config/ldap.php b/modules/private/websites/isabelle/config/ldap.php
new file mode 100644
index 0000000..825b7ed
--- /dev/null
+++ b/modules/private/websites/isabelle/config/ldap.php
@@ -0,0 +1,9 @@
1<?php
2if (!defined("_ECRIRE_INC_VERSION")) return;
3$GLOBALS['ldap_base'] = getenv("SPIP_LDAP_BASE");
4$GLOBALS['ldap_link'] = @ldap_connect(getenv("SPIP_LDAP_HOST"));
5@ldap_set_option($GLOBALS['ldap_link'],LDAP_OPT_PROTOCOL_VERSION,'3');
6@ldap_bind($GLOBALS['ldap_link'],getenv("SPIP_LDAP_SEARCH_DN"), getenv("SPIP_LDAP_SEARCH_PW"));
7$GLOBALS['ldap_champs'] = array('login' => array('sAMAccountName','uid','login','userid','cn','sn'),'nom' => 'cn','email' => 'mail','bio' => 'description',);
8$GLOBALS['ldap_search'] = getenv("SPIP_LDAP_SEARCH");
9?>
diff --git a/modules/private/websites/isabelle/iridologie.nix b/modules/private/websites/isabelle/iridologie.nix
index cb4e300..460bd2a 100644
--- a/modules/private/websites/isabelle/iridologie.nix
+++ b/modules/private/websites/isabelle/iridologie.nix
@@ -1,59 +1,49 @@
1{ lib, config, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 iridologie = pkgs.callPackage ./spip_builder.nix {
4 inherit (pkgs.webapps) iridologie;
5 config = config.myEnv.websites.isabelle.iridologie;
6 apacheUser = config.services.httpd.Prod.user;
7 apacheGroup = config.services.httpd.Prod.group;
8 };
9
3 cfg = config.myServices.websites.isabelle.iridologie; 10 cfg = config.myServices.websites.isabelle.iridologie;
4 varDir = "/var/lib/ftp/isabelle";
5in { 11in {
6 options.myServices.websites.isabelle.iridologie.enable = lib.mkEnableOption "enable Iridologie's website"; 12 options.myServices.websites.isabelle.iridologie.enable = lib.mkEnableOption "enable Iridologie's website";
7 13
8 config = lib.mkIf cfg.enable { 14 config = lib.mkIf cfg.enable {
15 services.duplyBackup.profiles.iridologie_prod.rootDir = iridologie.app.varDir;
16 secrets.keys = iridologie.keys;
9 services.webstats.sites = [ { name = "iridologie.icommandeur.org"; } ]; 17 services.webstats.sites = [ { name = "iridologie.icommandeur.org"; } ];
10 system.activationScripts.iridologie = {
11 deps = [ "httpd" ];
12 text = ''
13 install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/iridologie
14 '';
15 };
16 services.phpfpm.pools.iridologie = {
17 listen = "/run/phpfpm/iridologie.sock";
18 extraConfig = ''
19 user = wwwrun
20 group = wwwrun
21 listen.owner = wwwrun
22 listen.group = wwwrun
23
24 pm = ondemand
25 pm.max_children = 5
26 pm.process_idle_timeout = 60
27 18
28 php_admin_value[open_basedir] = "/var/lib/php/sessions/iridologie:${varDir}:/tmp" 19 systemd.services.phpfpm-iridologie.after = lib.mkAfter iridologie.phpFpm.serviceDeps;
29 php_admin_value[session.save_path] = "/var/lib/php/sessions/iridologie" 20 systemd.services.phpfpm-iridologie.wants = iridologie.phpFpm.serviceDeps;
30 ''; 21 services.phpfpm.pools.iridologie = {
22 listen = iridologie.phpFpm.socket;
23 extraConfig = iridologie.phpFpm.pool;
24 phpOptions = config.services.phpfpm.phpOptions + ''
25 extension=${pkgs.php}/lib/php/extensions/mysqli.so
26 '';
31 }; 27 };
32 services.websites.env.production.modules = [ "proxy_fcgi" ]; 28 system.activationScripts.iridologie = iridologie.activationScript;
29 myServices.websites.webappDirs."${iridologie.apache.webappName}" = iridologie.app.webRoot;
30 services.websites.env.production.modules = iridologie.apache.modules;
33 services.websites.env.production.vhostConfs.iridologie = { 31 services.websites.env.production.vhostConfs.iridologie = {
34 certName = "aten"; 32 certName = "aten";
35 addToCerts = true; 33 addToCerts = true;
36 hosts = [ "iridologie.icommandeur.org" "icommandeur.org" "www.icommandeur.org" ]; 34 hosts = [ "iridologie.icommandeur.org" "icommandeur.org" "www.icommandeur.org" ];
37 root = varDir; 35 root = iridologie.apache.root;
38 extraConfig = [ 36 extraConfig = [
39 '' 37 ''
40 Use Stats iridologie.icommandeur.org 38 RewriteEngine On
41 RewriteEngine On 39 RewriteCond "%{HTTP_HOST}" "!^iridologie\.icommandeur\.org$" [NC]
42 RewriteCond "%{HTTP_HOST}" "!^iridologie\.icommandeur\.org$" [NC] 40 RewriteRule ^(.+)$ https://iridologie.icommandeur.org$1 [R=302,L]
43 RewriteRule ^(.+)$ https://iridologie.icommandeur.org$1 [R=302,L]
44
45 <FilesMatch "\.php$">
46 SetHandler "proxy:unix:/run/phpfpm/iridologie.sock|fcgi://localhost"
47 </FilesMatch>
48
49 <Directory ${varDir}>
50 DirectoryIndex index.php index.htm index.html
51 AllowOverride All
52 Require all granted
53 </Directory>
54 '' 41 ''
42 iridologie.apache.vhostConf
55 ]; 43 ];
56 }; 44 };
45 services.websites.env.production.watchPaths = [
46 "/var/secrets/webapps/${iridologie.app.environment}-iridologie"
47 ];
57 }; 48 };
58} 49}
59
diff --git a/modules/private/websites/isabelle/spip_builder.nix b/modules/private/websites/isabelle/spip_builder.nix
new file mode 100644
index 0000000..2ab5394
--- /dev/null
+++ b/modules/private/websites/isabelle/spip_builder.nix
@@ -0,0 +1,99 @@
1{ apacheUser, apacheGroup, iridologie, config }:
2rec {
3 app = iridologie.override { inherit (config) environment; };
4 phpFpm = rec {
5 serviceDeps = [ "mysql.service" ];
6 socket = "/var/run/phpfpm/iridologie-${app.environment}.sock";
7 pool = ''
8 user = ${apacheUser}
9 group = ${apacheGroup}
10 listen.owner = ${apacheUser}
11 listen.group = ${apacheGroup}
12 php_admin_value[upload_max_filesize] = 20M
13 php_admin_value[post_max_size] = 20M
14 ;php_admin_flag[log_errors] = on
15 php_admin_value[open_basedir] = "${app.spipConfig}:${configDir}:${app}:${app.varDir}:/tmp"
16 php_admin_value[session.save_path] = "${app.varDir}/phpSessions"
17 ${if app.environment == "dev" then ''
18 pm = ondemand
19 pm.max_children = 5
20 pm.process_idle_timeout = 60
21 '' else ''
22 pm = dynamic
23 pm.max_children = 20
24 pm.start_servers = 2
25 pm.min_spare_servers = 1
26 pm.max_spare_servers = 3
27 ''}'';
28 };
29 keys = [{
30 dest = "webapps/${app.environment}-iridologie";
31 user = apacheUser;
32 group = apacheGroup;
33 permissions = "0400";
34 text = ''
35 SetEnv SPIP_CONFIG_DIR "${configDir}"
36 SetEnv SPIP_VAR_DIR "${app.varDir}"
37 SetEnv SPIP_SITE "iridologie-${app.environment}"
38 SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu"
39 SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu"
40 SetEnv SPIP_LDAP_SEARCH_DN "${config.ldap.dn}"
41 SetEnv SPIP_LDAP_SEARCH_PW "${config.ldap.password}"
42 SetEnv SPIP_LDAP_SEARCH "${config.ldap.filter}"
43 SetEnv SPIP_MYSQL_HOST "${config.mysql.host}"
44 SetEnv SPIP_MYSQL_PORT "${config.mysql.port}"
45 SetEnv SPIP_MYSQL_DB "${config.mysql.database}"
46 SetEnv SPIP_MYSQL_USER "${config.mysql.user}"
47 SetEnv SPIP_MYSQL_PASSWORD "${config.mysql.password}"
48 '';
49 }];
50 apache = rec {
51 modules = [ "proxy_fcgi" ];
52 webappName = "iridologie_${app.environment}";
53 root = "/run/current-system/webapps/${webappName}";
54 vhostConf = ''
55 Include /var/secrets/webapps/${app.environment}-iridologie
56
57 RewriteEngine On
58
59 <FilesMatch "\.php$">
60 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
61 </FilesMatch>
62
63 <Directory ${root}>
64 DirectoryIndex index.php index.htm index.html
65 Options -Indexes +FollowSymLinks +MultiViews +Includes
66 Include ${root}/htaccess.txt
67
68 AllowOverride AuthConfig FileInfo Limit
69 Require all granted
70 </Directory>
71
72 <DirectoryMatch "${root}/squelettes">
73 Require all denied
74 </DirectoryMatch>
75
76 <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$">
77 Require all denied
78 </FilesMatch>
79
80 ${if app.environment == "dev" then ''
81 <Location />
82 Use LDAPConnect
83 Require ldap-group cn=isabelle.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
84 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://iridologie.icommandeur.org\"></html>"
85 </Location>
86 '' else ''
87 Use Stats iridologie.icommandeur.org
88 ''}
89 '';
90 };
91 activationScript = {
92 deps = [ "wrappers" ];
93 text = ''
94 install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local
95 install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions
96 '';
97 };
98 configDir = ./config;
99}