Add Richie website

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-12-24 08:26:39 +0100
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-12-24 08:26:39 +0100
commit: 91b75ffe45f2a5d7e148c92f53a4ba90ede8df77 (patch)
tree: 0952edf96a444857a617cfc416f051cf483c944c /modules
parent: 9338c8325026fcba24c3214ced611c4993e7b8fe (diff)
download: Nix-91b75ffe45f2a5d7e148c92f53a4ba90ede8df77.tar.gz
Nix-91b75ffe45f2a5d7e148c92f53a4ba90ede8df77.tar.zst
Nix-91b75ffe45f2a5d7e148c92f53a4ba90ede8df77.zip
5 files changed, 134 insertions, 0 deletions
diff --git a/modules/private/default.nix b/modules/private/default.nix
index 70d4b79..f768aed 100644
--- a/modules/private/default.nix
+++ b/modules/private/default.nix
@@ -25,6 +25,7 @@ set = {
  connexionswingProd = ./websites/connexionswing/production.nix;
  denisejeromeProd = ./websites/denisejerome/production.nix;
  emiliaProd = ./websites/emilia/production.nix;
+  richieProd = ./websites/emilia/richie.nix;
  florianApp = ./websites/florian/app.nix;
  florianInte = ./websites/florian/integration.nix;
  florianProd = ./websites/florian/production.nix;
diff --git a/modules/private/environment.nix b/modules/private/environment.nix
index 2aa8b5e..f0e39e9 100644
--- a/modules/private/environment.nix
+++ b/modules/private/environment.nix
@@ -1104,6 +1104,23 @@ in
                  };
                };
          };
+          richie = mkOption {
+            description = "Europe Richie configurations by environment";
+            type = submodule {
+              options = {
+                mysql = mkMysqlOptions "Richie";
+                smtp_mailer = mkOption {
+                  description = "SMTP mailer configuration";
+                  type = submodule {
+                    options = {
+                      user = mkOption { type = str; description = "Username"; };
+                      password = mkOption { type = str; description = "Password"; };
+                    };
+                  };
+                };
+              };
+            };
+          };
          tellesflorian = mkOption {
            description = "Tellesflorian configurations by environment";
            type =
diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix
index 16f02a7..3ac4cb5 100644
--- a/modules/private/websites/default.nix
+++ b/modules/private/websites/default.nix
@@ -238,6 +238,7 @@ in
      denisejerome.production.enable = true;
      emilia.production.enable = true;
+      emilia.richie_production.enable = true;
      florian.app.enable = true;
      florian.integration.enable = true;
diff --git a/modules/private/websites/emilia/richie.json b/modules/private/websites/emilia/richie.json
new file mode 100644
index 0000000..63aab6e
--- /dev/null
+++ b/modules/private/websites/emilia/richie.json
@@ -0,0 +1,14 @@
+{
+  "tag": "3e7b523-master",
+  "meta": {
+    "name": "richie",
+    "url": "ssh://gitolite@git.immae.eu/perso/Immae/Sites/Richie",
+    "branch": "master"
+  },
+  "git": {
+    "url": "ssh://gitolite@git.immae.eu/perso/Immae/Sites/Richie",
+    "rev": "3e7b523dd1b47da10ec3c5b1b61df4034397a7b9",
+    "sha256": "04922nwprx6l0jn11mfcaxsfsxa96lq7dm170lk6q25fqr0ipa67",
+    "fetchSubmodules": true
+  }
+}
diff --git a/modules/private/websites/emilia/richie.nix b/modules/private/websites/emilia/richie.nix
new file mode 100644
index 0000000..f7b4f8d
--- /dev/null
+++ b/modules/private/websites/emilia/richie.nix
@@ -0,0 +1,101 @@
+{ lib, config, pkgs, ... }:
+let
+  cfg = config.myServices.websites.emilia.richie_production;
+  vardir = "/var/lib/richie_production";
+  richieSrc = pkgs.stdenv.mkDerivation (pkgs.mylibs.fetchedGitPrivate ./richie.json // {
+    phases = "installPhase";
+    installPhase = ''
+      cp -a $src $out
+      chmod -R u+w $out
+      ln -sf ${vardir}/files $out/
+      ln -sf ${vardir}/drapeaux $out/images/
+      ln -sf ${vardir}/photos $out/
+      sed -i "s@localedef --list-archive@localedef --list-archive /run/current-system/sw/lib/locale/locale-archive@" $out/admin/parametres.php
+      '';
+  });
+in
+{
+  options.myServices.websites.emilia.richie_production.enable = lib.mkEnableOption "enable Richie's website";
+  config = lib.mkIf cfg.enable {
+    services.duplyBackup.profiles.richie_production.rootDir = vardir;
+    services.webstats.sites = [ { name = "europe-richie.org"; } ];
+    secrets.keys = [{
+      dest = "webapps/prod-richie";
+      user = "wwwrun";
+      group = "wwwrun";
+      permissions = "0400";
+      text = with config.myEnv.websites.richie; ''
+        <?php
+        $hote_sql = '${mysql.host}';
+        $login_sql = '${mysql.user}';
+        $bdd_sql = '${mysql.database}';
+        $mdp_sql = '${mysql.password}';
+        $db = mysqli_connect($hote_sql,$login_sql,$mdp_sql);
+        unset($mdp_sql);
+        $smtp_mailer->Auth('${smtp_mailer.user}', '${smtp_mailer.password}');
+        ?>
+        '';
+    }];
+    myServices.websites.webappDirs.richie_production = richieSrc;
+    system.activationScripts.richie_production = {
+      deps = [ "httpd" ];
+      text = ''
+        install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/richie_production
+        install -m 0755 -o wwwrun -g wwwrun -d ${vardir}
+        '';
+    };
+    services.phpfpm.pools.richie_production = {
+      listen = "/run/phpfpm/richie_production.sock";
+      extraConfig = ''
+        user = wwwrun
+        group = wwwrun
+        listen.owner = wwwrun
+        listen.group = wwwrun
+        pm = ondemand
+        pm.max_children = 5
+        pm.process_idle_timeout = 60
+        env[PATH] = /run/current-system/sw/bin:${lib.makeBinPath [ pkgs.imagemagick ]}
+        env[BDD_CONNECT] = "/var/secrets/webapps/prod-richie"
+        php_admin_value[open_basedir] = "${vardir}:/var/lib/php/sessions/richie_production:/var/secrets/webapps/prod-richie:${richieSrc}:/tmp"
+        php_admin_value[session.save_path] = "/var/lib/php/sessions/richie_production"
+        '';
+      phpOptions = config.services.phpfpm.phpOptions + ''
+        date.timezone = 'Europe/Paris'
+        extension=${pkgs.php}/lib/php/extensions/mysqli.so
+        '';
+    };
+    services.websites.env.production.modules = [ "proxy_fcgi" ];
+    services.websites.env.production.vhostConfs.richie_production = {
+      certName    = "richie";
+      addToCerts  = true;
+      certMainHost = "europe-richie.org";
+      hosts       = [ "europe-richie.org" "www.europe-richie.org" ];
+      root        = "/run/current-system/webapps/richie_production";
+      extraConfig = [
+        ''
+        Use Stats europe-richie.org
+        ErrorDocument 404 /404.html
+        <LocationMatch "^/files/.*/admin/">
+          Require all denied
+        </LocationMatch>
+        <Directory /run/current-system/webapps/richie_production>
+          DirectoryIndex index.php index.htm index.html
+          Options Indexes FollowSymLinks MultiViews Includes
+          AllowOverride None
+          Require all granted
+          <FilesMatch "\.php$">
+            SetHandler "proxy:unix:/run/phpfpm/richie_production.sock|fcgi://localhost"
+          </FilesMatch>
+        </Directory>
+          ''
+      ];
+    };
+  };
+}
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-12-24 08:26:39 +0100
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-12-24 08:26:39 +0100
commit	91b75ffe45f2a5d7e148c92f53a4ba90ede8df77 (patch)
tree	0952edf96a444857a617cfc416f051cf483c944c /modules
parent	9338c8325026fcba24c3214ced611c4993e7b8fe (diff)
download	Nix-91b75ffe45f2a5d7e148c92f53a4ba90ede8df77.tar.gz Nix-91b75ffe45f2a5d7e148c92f53a4ba90ede8df77.tar.zst Nix-91b75ffe45f2a5d7e148c92f53a4ba90ede8df77.zip

diff --git a/modules/private/default.nix b/modules/private/default.nix index 70d4b79..f768aed 100644 --- a/modules/private/default.nix +++ b/modules/private/default.nix
@@ -25,6 +25,7 @@ set = {
25	connexionswingProd = ./websites/connexionswing/production.nix;	25	connexionswingProd = ./websites/connexionswing/production.nix;
26	denisejeromeProd = ./websites/denisejerome/production.nix;	26	denisejeromeProd = ./websites/denisejerome/production.nix;
27	emiliaProd = ./websites/emilia/production.nix;	27	emiliaProd = ./websites/emilia/production.nix;
		28	richieProd = ./websites/emilia/richie.nix;
28	florianApp = ./websites/florian/app.nix;	29	florianApp = ./websites/florian/app.nix;
29	florianInte = ./websites/florian/integration.nix;	30	florianInte = ./websites/florian/integration.nix;
30	florianProd = ./websites/florian/production.nix;	31	florianProd = ./websites/florian/production.nix;


diff --git a/modules/private/environment.nix b/modules/private/environment.nix index 2aa8b5e..f0e39e9 100644 --- a/modules/private/environment.nix +++ b/modules/private/environment.nix
@@ -1104,6 +1104,23 @@ in
1104	};	1104	};
1105	};	1105	};
1106	};	1106	};
		1107	richie = mkOption {
		1108	description = "Europe Richie configurations by environment";
		1109	type = submodule {
		1110	options = {
		1111	mysql = mkMysqlOptions "Richie";
		1112	smtp_mailer = mkOption {
		1113	description = "SMTP mailer configuration";
		1114	type = submodule {
		1115	options = {
		1116	user = mkOption { type = str; description = "Username"; };
		1117	password = mkOption { type = str; description = "Password"; };
		1118	};
		1119	};
		1120	};
		1121	};
		1122	};
		1123	};
1107	tellesflorian = mkOption {	1124	tellesflorian = mkOption {
1108	description = "Tellesflorian configurations by environment";	1125	description = "Tellesflorian configurations by environment";
1109	type =	1126	type =


diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix index 16f02a7..3ac4cb5 100644 --- a/modules/private/websites/default.nix +++ b/modules/private/websites/default.nix
@@ -238,6 +238,7 @@ in
238	denisejerome.production.enable = true;	238	denisejerome.production.enable = true;
239		239
240	emilia.production.enable = true;	240	emilia.production.enable = true;
		241	emilia.richie_production.enable = true;
241		242
242	florian.app.enable = true;	243	florian.app.enable = true;
243	florian.integration.enable = true;	244	florian.integration.enable = true;


diff --git a/modules/private/websites/emilia/richie.json b/modules/private/websites/emilia/richie.json new file mode 100644 index 0000000..63aab6e --- /dev/null +++ b/modules/private/websites/emilia/richie.json
@@ -0,0 +1,14 @@
		1	{
		2	"tag": "3e7b523-master",
		3	"meta": {
		4	"name": "richie",
		5	"url": "ssh://gitolite@git.immae.eu/perso/Immae/Sites/Richie",
		6	"branch": "master"
		7	},
		8	"git": {
		9	"url": "ssh://gitolite@git.immae.eu/perso/Immae/Sites/Richie",
		10	"rev": "3e7b523dd1b47da10ec3c5b1b61df4034397a7b9",
		11	"sha256": "04922nwprx6l0jn11mfcaxsfsxa96lq7dm170lk6q25fqr0ipa67",
		12	"fetchSubmodules": true
		13	}
		14	}


diff --git a/modules/private/websites/emilia/richie.nix b/modules/private/websites/emilia/richie.nix new file mode 100644 index 0000000..f7b4f8d --- /dev/null +++ b/modules/private/websites/emilia/richie.nix
@@ -0,0 +1,101 @@
		1	{ lib, config, pkgs, ... }:
		2	let
		3	cfg = config.myServices.websites.emilia.richie_production;
		4	vardir = "/var/lib/richie_production";
		5	richieSrc = pkgs.stdenv.mkDerivation (pkgs.mylibs.fetchedGitPrivate ./richie.json // {
		6	phases = "installPhase";
		7	installPhase = ''
		8	cp -a $src $out
		9	chmod -R u+w $out
		10	ln -sf ${vardir}/files $out/
		11	ln -sf ${vardir}/drapeaux $out/images/
		12	ln -sf ${vardir}/photos $out/
		13	sed -i "s@localedef --list-archive@localedef --list-archive /run/current-system/sw/lib/locale/locale-archive@" $out/admin/parametres.php
		14	'';
		15	});
		16	in
		17	{
		18	options.myServices.websites.emilia.richie_production.enable = lib.mkEnableOption "enable Richie's website";
		19	config = lib.mkIf cfg.enable {
		20	services.duplyBackup.profiles.richie_production.rootDir = vardir;
		21	services.webstats.sites = [ { name = "europe-richie.org"; } ];
		22
		23	secrets.keys = [{
		24	dest = "webapps/prod-richie";
		25	user = "wwwrun";
		26	group = "wwwrun";
		27	permissions = "0400";
		28	text = with config.myEnv.websites.richie; ''
		29	<?php
		30
		31	$hote_sql = '${mysql.host}';
		32	$login_sql = '${mysql.user}';
		33	$bdd_sql = '${mysql.database}';
		34	$mdp_sql = '${mysql.password}';
		35
		36	$db = mysqli_connect($hote_sql,$login_sql,$mdp_sql);
		37	unset($mdp_sql);
		38
		39	$smtp_mailer->Auth('${smtp_mailer.user}', '${smtp_mailer.password}');
		40	?>
		41	'';
		42	}];
		43	myServices.websites.webappDirs.richie_production = richieSrc;
		44	system.activationScripts.richie_production = {
		45	deps = [ "httpd" ];
		46	text = ''
		47	install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/richie_production
		48	install -m 0755 -o wwwrun -g wwwrun -d ${vardir}
		49	'';
		50	};
		51	services.phpfpm.pools.richie_production = {
		52	listen = "/run/phpfpm/richie_production.sock";
		53	extraConfig = ''
		54	user = wwwrun
		55	group = wwwrun
		56	listen.owner = wwwrun
		57	listen.group = wwwrun
		58
		59	pm = ondemand
		60	pm.max_children = 5
		61	pm.process_idle_timeout = 60
		62
		63	env[PATH] = /run/current-system/sw/bin:${lib.makeBinPath [ pkgs.imagemagick ]}
		64	env[BDD_CONNECT] = "/var/secrets/webapps/prod-richie"
		65	php_admin_value[open_basedir] = "${vardir}:/var/lib/php/sessions/richie_production:/var/secrets/webapps/prod-richie:${richieSrc}:/tmp"
		66	php_admin_value[session.save_path] = "/var/lib/php/sessions/richie_production"
		67	'';
		68	phpOptions = config.services.phpfpm.phpOptions + ''
		69	date.timezone = 'Europe/Paris'
		70	extension=${pkgs.php}/lib/php/extensions/mysqli.so
		71	'';
		72	};
		73	services.websites.env.production.modules = [ "proxy_fcgi" ];
		74	services.websites.env.production.vhostConfs.richie_production = {
		75	certName = "richie";
		76	addToCerts = true;
		77	certMainHost = "europe-richie.org";
		78	hosts = [ "europe-richie.org" "www.europe-richie.org" ];
		79	root = "/run/current-system/webapps/richie_production";
		80	extraConfig = [
		81	''
		82	Use Stats europe-richie.org
		83	ErrorDocument 404 /404.html
		84	<LocationMatch "^/files/.*/admin/">
		85	Require all denied
		86	</LocationMatch>
		87	<Directory /run/current-system/webapps/richie_production>
		88	DirectoryIndex index.php index.htm index.html
		89	Options Indexes FollowSymLinks MultiViews Includes
		90	AllowOverride None
		91	Require all granted
		92
		93	<FilesMatch "\.php$">
		94	SetHandler "proxy:unix:/run/phpfpm/richie_production.sock\|fcgi://localhost"
		95	</FilesMatch>
		96	</Directory>
		97	''
		98	];
		99	};
		100	};
		101	}