aboutsummaryrefslogtreecommitdiff
path: root/nixops/modules/websites/tellesflorian/tellesflorian.nix
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2019-04-25 01:37:42 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2019-04-25 01:37:42 +0200
commit1b3154e40a568a296c74759d68827366b5f26da9 (patch)
tree77fb426f72c73c806c95ced7eeb2cc62ece48287 /nixops/modules/websites/tellesflorian/tellesflorian.nix
parentca330baa14da56456ec538b232a91e1c443241bb (diff)
downloadNix-1b3154e40a568a296c74759d68827366b5f26da9.tar.gz
Nix-1b3154e40a568a296c74759d68827366b5f26da9.tar.zst
Nix-1b3154e40a568a296c74759d68827366b5f26da9.zip
Move websites to new secrets
Diffstat (limited to 'nixops/modules/websites/tellesflorian/tellesflorian.nix')
-rw-r--r--nixops/modules/websites/tellesflorian/tellesflorian.nix54
1 files changed, 26 insertions, 28 deletions
diff --git a/nixops/modules/websites/tellesflorian/tellesflorian.nix b/nixops/modules/websites/tellesflorian/tellesflorian.nix
index ba46c0c..afd723c 100644
--- a/nixops/modules/websites/tellesflorian/tellesflorian.nix
+++ b/nixops/modules/websites/tellesflorian/tellesflorian.nix
@@ -3,14 +3,24 @@ let
3 tellesflorian = { config }: rec { 3 tellesflorian = { config }: rec {
4 environment = config.environment; 4 environment = config.environment;
5 varDir = "/var/lib/tellesflorian_${environment}"; 5 varDir = "/var/lib/tellesflorian_${environment}";
6 keys."${environment}-tellesflorian" = { 6 keys = [
7 destDir = "/run/keys/webapps"; 7 {
8 user = apache.user; 8 dest = "webapps/${environment}-tellesflorian-passwords";
9 group = apache.group; 9 user = apache.user;
10 permissions = "0400"; 10 group = apache.group;
11 text = '' 11 permissions = "0400";
12 # This file is auto-generated during the composer install 12 text = ''
13 parameters: 13 invite:${config.invite_passwords}
14 '';
15 }
16 {
17 dest = "webapps/${environment}-tellesflorian";
18 user = apache.user;
19 group = apache.group;
20 permissions = "0400";
21 text = ''
22 # This file is auto-generated during the composer install
23 parameters:
14 database_host: ${config.mysql.host} 24 database_host: ${config.mysql.host}
15 database_port: ${config.mysql.port} 25 database_port: ${config.mysql.port}
16 database_name: ${config.mysql.name} 26 database_name: ${config.mysql.name}
@@ -21,8 +31,9 @@ let
21 mailer_user: null 31 mailer_user: null
22 mailer_password: null 32 mailer_password: null
23 secret: ${config.secret} 33 secret: ${config.secret}
24 ''; 34 '';
25 }; 35 }
36 ];
26 phpFpm = rec { 37 phpFpm = rec {
27 preStart = '' 38 preStart = ''
28 if [ ! -f "${varDir}/currentWebappDir" -o \ 39 if [ ! -f "${varDir}/currentWebappDir" -o \
@@ -33,14 +44,10 @@ let
33 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup 44 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup
34 popd > /dev/null 45 popd > /dev/null
35 echo -n "${webappDir}" > ${varDir}/currentWebappDir 46 echo -n "${webappDir}" > ${varDir}/currentWebappDir
36 sha512sum /run/keys/webapps/${environment}-tellesflorian > ${varDir}/currentKey 47 sha512sum /var/secrets/webapps/${environment}-tellesflorian > ${varDir}/currentKey
37 fi 48 fi
38 ''; 49 '';
39 serviceDeps = [ 50 serviceDeps = [ "mysql.service" ];
40 "mysql.service"
41 "${environment}-tellesflorian-passwords-key.service"
42 "${environment}-tellesflorian-key.service"
43 ];
44 socket = "/var/run/phpfpm/floriantelles-${environment}.sock"; 51 socket = "/var/run/phpfpm/floriantelles-${environment}.sock";
45 pool = '' 52 pool = ''
46 listen = ${socket} 53 listen = ${socket}
@@ -51,7 +58,7 @@ let
51 php_admin_value[upload_max_filesize] = 20M 58 php_admin_value[upload_max_filesize] = 20M
52 php_admin_value[post_max_size] = 20M 59 php_admin_value[post_max_size] = 20M
53 ;php_admin_flag[log_errors] = on 60 ;php_admin_flag[log_errors] = on
54 php_admin_value[open_basedir] = "/run/keys/webapps/${environment}-tellesflorian:${webappDir}:${varDir}:/tmp" 61 php_admin_value[open_basedir] = "/var/secrets/webapps/${environment}-tellesflorian:${webappDir}:${varDir}:/tmp"
55 php_admin_value[session.save_path] = "${varDir}/phpSessions" 62 php_admin_value[session.save_path] = "${varDir}/phpSessions"
56 ${if environment == "dev" then '' 63 ${if environment == "dev" then ''
57 pm = ondemand 64 pm = ondemand
@@ -66,15 +73,6 @@ let
66 pm.max_spare_servers = 3 73 pm.max_spare_servers = 3
67 ''}''; 74 ''}'';
68 }; 75 };
69 keys."${environment}-tellesflorian-passwords" = {
70 destDir = "/run/keys/webapps";
71 user = apache.user;
72 group = apache.group;
73 permissions = "0400";
74 text = ''
75 invite:${config.invite_passwords}
76 '';
77 };
78 apache = rec { 76 apache = rec {
79 user = "wwwrun"; 77 user = "wwwrun";
80 group = "wwwrun"; 78 group = "wwwrun";
@@ -92,7 +90,7 @@ let
92 Use LDAPConnect 90 Use LDAPConnect
93 Require ldap-group cn=app.tellesflorian.com,cn=httpd,ou=services,dc=immae,dc=eu 91 Require ldap-group cn=app.tellesflorian.com,cn=httpd,ou=services,dc=immae,dc=eu
94 92
95 AuthUserFile "/run/keys/webapps/${environment}-tellesflorian-passwords" 93 AuthUserFile "/var/secrets/webapps/${environment}-tellesflorian-passwords"
96 Require user "invite" 94 Require user "invite"
97 95
98 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://tellesflorian.com\"></html>" 96 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://tellesflorian.com\"></html>"
@@ -166,7 +164,7 @@ let
166 postInstall = '' 164 postInstall = ''
167 cd $out 165 cd $out
168 rm app/config/parameters.yml 166 rm app/config/parameters.yml
169 ln -sf /run/keys/webapps/${environment}-tellesflorian app/config/parameters.yml 167 ln -sf /var/secrets/webapps/${environment}-tellesflorian app/config/parameters.yml
170 rm -rf var/{logs,cache} 168 rm -rf var/{logs,cache}
171 ln -sf ${varDir}/var/{logs,cache,sessions} var/ 169 ln -sf ${varDir}/var/{logs,cache,sessions} var/
172 ''; 170 '';
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 02:32:32 +0000