Move Aten packages to pkgs

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-05-11 12:16:57 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-05-11 12:16:57 +0200
commit: 1bd8b03eeaafa9345282d8aaf6499bc80adf062f (patch)
tree: a80e655fbf0dad25c29c41a7f880a4c3574edebf /nixops/modules/websites/aten/aten.nix
parent: 9eae2b47b7b315b05a0e010f3003bd875685e260 (diff)
download: Nix-1bd8b03eeaafa9345282d8aaf6499bc80adf062f.tar.gz
Nix-1bd8b03eeaafa9345282d8aaf6499bc80adf062f.tar.zst
Nix-1bd8b03eeaafa9345282d8aaf6499bc80adf062f.zip
1 files changed, 98 insertions, 151 deletions
diff --git a/nixops/modules/websites/aten/aten.nix b/nixops/modules/websites/aten/aten.nix
index c35af6f..04876a1 100644
--- a/nixops/modules/websites/aten/aten.nix
+++ b/nixops/modules/websites/aten/aten.nix
@@ -1,157 +1,104 @@
-{ lib, writeText, fetchedGitPrivate, stdenv, runCommand, composerEnv, fetchurl, fetchgit, jq, python, nodejs, libsass, yarn2nixPackage }:
+{ aten, lib, config }: rec {
-let
+  app = aten.override { inherit (config) environment; };
-  aten = { config }: rec {
+  phpFpm = rec {
-    environment = config.environment;
+    preStart = ''
-    varDir = "/var/lib/aten_${environment}";
+      if [ ! -f "${app.varDir}/currentWebappDir" -o \
-    phpFpm = rec {
+          ! -f "${app.varDir}/currentKey" -o \
-      preStart = ''
+          "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \
-        if [ ! -f "${varDir}/currentWebappDir" -o \
+          || ! sha512sum -c --status ${app.varDir}/currentKey; then
-            ! -f "${varDir}/currentKey" -o \
+        pushd ${app} > /dev/null
-            "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ] \
+        /run/wrappers/bin/sudo -u wwwrun APP_ENV=${app.environment} ./bin/console --env=${app.environment} cache:clear --no-warmup
-            || ! sha512sum -c --status ${varDir}/currentKey; then
+        popd > /dev/null
-          pushd ${webappDir} > /dev/null
+        echo -n "${app}" > ${app.varDir}/currentWebappDir
-          /run/wrappers/bin/sudo -u wwwrun APP_ENV=${environment} ./bin/console --env=${environment} cache:clear --no-warmup
+        sha512sum /var/secrets/webapps/${app.environment}-aten > ${app.varDir}/currentKey
-          popd > /dev/null
+      fi
-          echo -n "${webappDir}" > ${varDir}/currentWebappDir
+      '';
-          sha512sum /var/secrets/webapps/${environment}-aten > ${varDir}/currentKey
+    serviceDeps = [ "postgresql.service" ];
-        fi
+    socket = "/var/run/phpfpm/aten-${app.environment}.sock";
-        '';
+    pool = ''
-      serviceDeps = [ "postgresql.service" ];
+      listen = ${socket}
-      socket = "/var/run/phpfpm/aten-${environment}.sock";
+      user = ${apache.user}
-      pool = ''
+      group = ${apache.group}
-        listen = ${socket}
+      listen.owner = ${apache.user}
-        user = ${apache.user}
+      listen.group = ${apache.group}
-        group = ${apache.group}
+      php_admin_value[upload_max_filesize] = 20M
-        listen.owner = ${apache.user}
+      php_admin_value[post_max_size] = 20M
-        listen.group = ${apache.group}
+      ;php_admin_flag[log_errors] = on
-        php_admin_value[upload_max_filesize] = 20M
+      php_admin_value[open_basedir] = "${app}:${app.varDir}:/tmp"
-        php_admin_value[post_max_size] = 20M
+      php_admin_value[session.save_path] = "${app.varDir}/phpSessions"
-        ;php_admin_flag[log_errors] = on
+      ${if app.environment == "dev" then ''
-        php_admin_value[open_basedir] = "${webappDir}:${varDir}:/tmp"
+      pm = ondemand
-        php_admin_value[session.save_path] = "${varDir}/phpSessions"
+      pm.max_children = 5
-        ${if environment == "dev" then ''
+      pm.process_idle_timeout = 60
-        pm = ondemand
+      env[SYMFONY_DEBUG_MODE] = "yes"
-        pm.max_children = 5
+      '' else ''
-        pm.process_idle_timeout = 60
+      pm = dynamic
-        env[SYMFONY_DEBUG_MODE] = "yes"
+      pm.max_children = 20
-        '' else ''
+      pm.start_servers = 2
-        pm = dynamic
+      pm.min_spare_servers = 1
-        pm.max_children = 20
+      pm.max_spare_servers = 3
-        pm.start_servers = 2
+      ''}'';
-        pm.min_spare_servers = 1
+  };
-        pm.max_spare_servers = 3
+  keys = [{
-        ''}'';
+    dest = "webapps/${app.environment}-aten";
-    };
+    user = apache.user;
-    keys = [{
+    group = apache.group;
-      dest = "webapps/${environment}-aten";
+    permissions = "0400";
-      user = apache.user;
+    text = ''
-      group = apache.group;
+      SetEnv APP_ENV      "${app.environment}"
-      permissions = "0400";
+      SetEnv APP_SECRET   "${config.secret}"
-      text = ''
+      SetEnv DATABASE_URL "${config.psql_url}"
-        SetEnv APP_ENV      "${environment}"
+      '';
-        SetEnv APP_SECRET   "${config.secret}"
+  }];
-        SetEnv DATABASE_URL "${config.psql_url}"
+  apache = rec {
-        '';
+    user = "wwwrun";
-    }];
+    group = "wwwrun";
-    apache = rec {
+    modules = [ "proxy_fcgi" ];
-      user = "wwwrun";
+    webappName = "aten_${app.environment}";
-      group = "wwwrun";
+    root = "/run/current-system/webapps/${webappName}";
-      modules = [ "proxy_fcgi" ];
+    vhostConf = ''
-      webappName = "aten_${environment}";
+    <FilesMatch "\.php$">
-      root = "/run/current-system/webapps/${webappName}";
+      SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
-      vhostConf = ''
+    </FilesMatch>
-      <FilesMatch "\.php$">
-        SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
-      </FilesMatch>
-      Include /var/secrets/webapps/${environment}-aten
+    Include /var/secrets/webapps/${app.environment}-aten
-      ${if environment == "dev" then ''
+    ${if app.environment == "dev" then ''
-      <Location />
+    <Location />
-        Use LDAPConnect
+      Use LDAPConnect
-        Require ldap-group   cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
+      Require ldap-group   cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
-        ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
+      ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
-      </Location>
+    </Location>
-      <Location /backend>
+    <Location /backend>
-        Use LDAPConnect
+      Use LDAPConnect
-        Require ldap-group   cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
+      Require ldap-group   cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
-        ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
+      ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
-      </Location>
+    </Location>
-      '' else ''
+    '' else ''
-      Use Stats aten.pro
+    Use Stats aten.pro
-      <Location /backend>
+    <Location /backend>
-        Use LDAPConnect
+      Use LDAPConnect
-        Require ldap-group   cn=aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
+      Require ldap-group   cn=aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
-        ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
+      ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
-      </Location>
+    </Location>
-      ''}
+    ''}
-      <Directory ${root}>
+    <Directory ${root}>
-        Options Indexes FollowSymLinks MultiViews Includes
+      Options Indexes FollowSymLinks MultiViews Includes
-        AllowOverride All
+      AllowOverride All
-        Require all granted
+      Require all granted
-        DirectoryIndex index.php
+      DirectoryIndex index.php
-        FallbackResource /index.php
+      FallbackResource /index.php
-      </Directory>
+    </Directory>
-      '';
+    '';
-    };
+  };
-    activationScript = {
+  activationScript = {
-      deps = [ "wrappers" ];
+    deps = [ "wrappers" ];
-      text = ''
+    text = ''
-      install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}
+    install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir}
-      install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
+    install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions
-      '';
+    '';
-    };
-    yarnModules = let
-        info = fetchedGitPrivate ./aten.json;
-        packagejson = runCommand "package.json" { buildInputs = [ jq ]; } ''
-          cat ${info.src}/package.json | jq -r '.version = "v1.0.0"|.name="aten"' > $out
-          '';
-      in
-        yarn2nixPackage.mkYarnModules rec {
-          name = "aten-yarn";
-          pname = name;
-          version = "v1.0.0";
-          packageJSON = packagejson;
-          yarnLock = "${info.src}/yarn.lock";
-          pkgConfig = {
-            all = {
-              buildInputs = [ yarn2nixPackage.src ];
-            };
-            node-sass = {
-              buildInputs = [ libsass python ];
-              postInstall = let
-                nodeHeaders = fetchurl {
-                  url = "https://nodejs.org/download/release/v${nodejs.version}/node-v${nodejs.version}-headers.tar.gz";
-                  sha256 = "16f20ya3ys6w5w6y6l4536f7jrgk4gz46bf71w1r1xxb26a54m32";
-                };
-              in
-                ''
-                  node scripts/build.js --tarball=${nodeHeaders}
-                '';
-            };
-          };
-        };
-    webappDir = composerEnv.buildPackage (
-      import ./php-packages.nix { inherit composerEnv fetchurl fetchgit; } //
-      fetchedGitPrivate ./aten.json //
-      rec {
-        noDev = (environment == "prod");
-        preInstall = ''
-          export SYMFONY_ENV="${environment}"
-          export APP_ENV="${environment}"
-          '';
-        postInstall = ''
-          ln -sf ${yarnModules}/node_modules .
-          yarn run --offline encore production
-          rm -rf var/{log,cache}
-          ln -sf ${varDir}/{log,cache} var/
-          '';
-        buildInputs = [ yarnModules yarn2nixPackage.yarn ];
-      });
-    webRoot = "${webappDir}/public";
  };
-in
+}
-  aten
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-05-11 12:16:57 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-05-11 12:16:57 +0200
commit	1bd8b03eeaafa9345282d8aaf6499bc80adf062f (patch)
tree	a80e655fbf0dad25c29c41a7f880a4c3574edebf /nixops/modules/websites/aten/aten.nix
parent	9eae2b47b7b315b05a0e010f3003bd875685e260 (diff)
download	Nix-1bd8b03eeaafa9345282d8aaf6499bc80adf062f.tar.gz Nix-1bd8b03eeaafa9345282d8aaf6499bc80adf062f.tar.zst Nix-1bd8b03eeaafa9345282d8aaf6499bc80adf062f.zip

diff --git a/nixops/modules/websites/aten/aten.nix b/nixops/modules/websites/aten/aten.nix index c35af6f..04876a1 100644 --- a/nixops/modules/websites/aten/aten.nix +++ b/nixops/modules/websites/aten/aten.nix
@@ -1,157 +1,104 @@
1	{ lib, writeText, fetchedGitPrivate, stdenv, runCommand, composerEnv, fetchurl, fetchgit, jq, python, nodejs, libsass, yarn2nixPackage }:	1	{ aten, lib, config }: rec {
2	let	2	app = aten.override { inherit (config) environment; };
3	aten = { config }: rec {	3	phpFpm = rec {
4	environment = config.environment;	4	preStart = ''
5	varDir = "/var/lib/aten_${environment}";	5	if [ ! -f "${app.varDir}/currentWebappDir" -o \
6	phpFpm = rec {	6	! -f "${app.varDir}/currentKey" -o \
7	preStart = ''	7	"${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \
8	if [ ! -f "${varDir}/currentWebappDir" -o \	8	\|\| ! sha512sum -c --status ${app.varDir}/currentKey; then
9	! -f "${varDir}/currentKey" -o \	9	pushd ${app} > /dev/null
10	"${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ] \	10	/run/wrappers/bin/sudo -u wwwrun APP_ENV=${app.environment} ./bin/console --env=${app.environment} cache:clear --no-warmup
11	\|\| ! sha512sum -c --status ${varDir}/currentKey; then	11	popd > /dev/null
12	pushd ${webappDir} > /dev/null	12	echo -n "${app}" > ${app.varDir}/currentWebappDir
13	/run/wrappers/bin/sudo -u wwwrun APP_ENV=${environment} ./bin/console --env=${environment} cache:clear --no-warmup	13	sha512sum /var/secrets/webapps/${app.environment}-aten > ${app.varDir}/currentKey
14	popd > /dev/null	14	fi
15	echo -n "${webappDir}" > ${varDir}/currentWebappDir	15	'';
16	sha512sum /var/secrets/webapps/${environment}-aten > ${varDir}/currentKey	16	serviceDeps = [ "postgresql.service" ];
17	fi	17	socket = "/var/run/phpfpm/aten-${app.environment}.sock";
18	'';	18	pool = ''
19	serviceDeps = [ "postgresql.service" ];	19	listen = ${socket}
20	socket = "/var/run/phpfpm/aten-${environment}.sock";	20	user = ${apache.user}
21	pool = ''	21	group = ${apache.group}
22	listen = ${socket}	22	listen.owner = ${apache.user}
23	user = ${apache.user}	23	listen.group = ${apache.group}
24	group = ${apache.group}	24	php_admin_value[upload_max_filesize] = 20M
25	listen.owner = ${apache.user}	25	php_admin_value[post_max_size] = 20M
26	listen.group = ${apache.group}	26	;php_admin_flag[log_errors] = on
27	php_admin_value[upload_max_filesize] = 20M	27	php_admin_value[open_basedir] = "${app}:${app.varDir}:/tmp"
28	php_admin_value[post_max_size] = 20M	28	php_admin_value[session.save_path] = "${app.varDir}/phpSessions"
29	;php_admin_flag[log_errors] = on	29	${if app.environment == "dev" then ''
30	php_admin_value[open_basedir] = "${webappDir}:${varDir}:/tmp"	30	pm = ondemand
31	php_admin_value[session.save_path] = "${varDir}/phpSessions"	31	pm.max_children = 5
32	${if environment == "dev" then ''	32	pm.process_idle_timeout = 60
33	pm = ondemand	33	env[SYMFONY_DEBUG_MODE] = "yes"
34	pm.max_children = 5	34	'' else ''
35	pm.process_idle_timeout = 60	35	pm = dynamic
36	env[SYMFONY_DEBUG_MODE] = "yes"	36	pm.max_children = 20
37	'' else ''	37	pm.start_servers = 2
38	pm = dynamic	38	pm.min_spare_servers = 1
39	pm.max_children = 20	39	pm.max_spare_servers = 3
40	pm.start_servers = 2	40	''}'';
41	pm.min_spare_servers = 1	41	};
42	pm.max_spare_servers = 3	42	keys = [{
43	''}'';	43	dest = "webapps/${app.environment}-aten";
44	};	44	user = apache.user;
45	keys = [{	45	group = apache.group;
46	dest = "webapps/${environment}-aten";	46	permissions = "0400";
47	user = apache.user;	47	text = ''
48	group = apache.group;	48	SetEnv APP_ENV "${app.environment}"
49	permissions = "0400";	49	SetEnv APP_SECRET "${config.secret}"
50	text = ''	50	SetEnv DATABASE_URL "${config.psql_url}"
51	SetEnv APP_ENV "${environment}"	51	'';
52	SetEnv APP_SECRET "${config.secret}"	52	}];
53	SetEnv DATABASE_URL "${config.psql_url}"	53	apache = rec {
54	'';	54	user = "wwwrun";
55	}];	55	group = "wwwrun";
56	apache = rec {	56	modules = [ "proxy_fcgi" ];
57	user = "wwwrun";	57	webappName = "aten_${app.environment}";
58	group = "wwwrun";	58	root = "/run/current-system/webapps/${webappName}";
59	modules = [ "proxy_fcgi" ];	59	vhostConf = ''
60	webappName = "aten_${environment}";	60	<FilesMatch "\.php$">
61	root = "/run/current-system/webapps/${webappName}";	61	SetHandler "proxy:unix:${phpFpm.socket}\|fcgi://localhost"
62	vhostConf = ''	62	</FilesMatch>
63	<FilesMatch "\.php$">
64	SetHandler "proxy:unix:${phpFpm.socket}\|fcgi://localhost"
65	</FilesMatch>
66		63
67	Include /var/secrets/webapps/${environment}-aten	64	Include /var/secrets/webapps/${app.environment}-aten
68		65
69	${if environment == "dev" then ''	66	${if app.environment == "dev" then ''
70	<Location />	67	<Location />
71	Use LDAPConnect	68	Use LDAPConnect
72	Require ldap-group cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu	69	Require ldap-group cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
73	ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"	70	ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
74	</Location>	71	</Location>
75		72
76	<Location /backend>	73	<Location /backend>
77	Use LDAPConnect	74	Use LDAPConnect
78	Require ldap-group cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu	75	Require ldap-group cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
79	ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"	76	ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
80	</Location>	77	</Location>
81	'' else ''	78	'' else ''
82	Use Stats aten.pro	79	Use Stats aten.pro
83		80
84	<Location /backend>	81	<Location /backend>
85	Use LDAPConnect	82	Use LDAPConnect
86	Require ldap-group cn=aten.pro,cn=httpd,ou=services,dc=immae,dc=eu	83	Require ldap-group cn=aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
87	ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"	84	ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
88	</Location>	85	</Location>
89	''}	86	''}
90		87
91	<Directory ${root}>	88	<Directory ${root}>
92	Options Indexes FollowSymLinks MultiViews Includes	89	Options Indexes FollowSymLinks MultiViews Includes
93	AllowOverride All	90	AllowOverride All
94	Require all granted	91	Require all granted
95	DirectoryIndex index.php	92	DirectoryIndex index.php
96	FallbackResource /index.php	93	FallbackResource /index.php
97	</Directory>	94	</Directory>
98	'';	95	'';
99	};	96	};
100	activationScript = {	97	activationScript = {
101	deps = [ "wrappers" ];	98	deps = [ "wrappers" ];
102	text = ''	99	text = ''
103	install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}	100	install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir}
104	install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions	101	install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions
105	'';	102	'';
106	};
107	yarnModules = let
108	info = fetchedGitPrivate ./aten.json;
109	packagejson = runCommand "package.json" { buildInputs = [ jq ]; } ''
110	cat ${info.src}/package.json \| jq -r '.version = "v1.0.0"\|.name="aten"' > $out
111	'';
112	in
113	yarn2nixPackage.mkYarnModules rec {
114	name = "aten-yarn";
115	pname = name;
116	version = "v1.0.0";
117	packageJSON = packagejson;
118	yarnLock = "${info.src}/yarn.lock";
119	pkgConfig = {
120	all = {
121	buildInputs = [ yarn2nixPackage.src ];
122	};
123	node-sass = {
124	buildInputs = [ libsass python ];
125	postInstall = let
126	nodeHeaders = fetchurl {
127	url = "https://nodejs.org/download/release/v${nodejs.version}/node-v${nodejs.version}-headers.tar.gz";
128	sha256 = "16f20ya3ys6w5w6y6l4536f7jrgk4gz46bf71w1r1xxb26a54m32";
129	};
130	in
131	''
132	node scripts/build.js --tarball=${nodeHeaders}
133	'';
134	};
135	};
136	};
137	webappDir = composerEnv.buildPackage (
138	import ./php-packages.nix { inherit composerEnv fetchurl fetchgit; } //
139	fetchedGitPrivate ./aten.json //
140	rec {
141	noDev = (environment == "prod");
142	preInstall = ''
143	export SYMFONY_ENV="${environment}"
144	export APP_ENV="${environment}"
145	'';
146	postInstall = ''
147	ln -sf ${yarnModules}/node_modules .
148	yarn run --offline encore production
149	rm -rf var/{log,cache}
150	ln -sf ${varDir}/{log,cache} var/
151	'';
152	buildInputs = [ yarnModules yarn2nixPackage.yarn ];
153	});
154	webRoot = "${webappDir}/public";
155	};	103	};
156	in	104	}
157	aten