Move spip and chloe website to pkgs

5 files changed, 107 insertions, 230 deletions

diff --git a/nixops/modules/websites/chloe/chloe.json b/nixops/modules/websites/chloe/chloe.json
deleted file mode 100644
index 686d751..0000000
--- a/nixops/modules/websites/chloe/chloe.json
+++ /dev/null
@@ -1,14 +0,0 @@
-{
-  "tag": "96fc4eb-master",
-  "meta": {
-    "name": "chloe",
-    "url": "gitolite@git.immae.eu:perso/Immae/Sites/Chloe",
-    "branch": "master"
-  },
-  "git": {
-    "url": "gitolite@git.immae.eu:perso/Immae/Sites/Chloe",
-    "rev": "96fc4eb0099a29b0f9a58fb4eaec4bf14ac65f0a",
-    "sha256": "0mf15j6z86j2smm2k360cmm5djhcjbs9949pznwi57kw97vkm1s3",
-    "fetchSubmodules": true
-  }
-}
diff --git a/nixops/modules/websites/chloe/chloe.nix b/nixops/modules/websites/chloe/chloe.nix
index e2381d8..2847b9d 100644
--- a/nixops/modules/websites/chloe/chloe.nix
+++ b/nixops/modules/websites/chloe/chloe.nix
@@ -1,137 +1,105 @@
-{ stdenv, lib, fetchzip, fetchurl, fetchedGitPrivate, sassc }:
-let
-  chloe = { config }: rec {
-    environment = config.environment;
-    phpFpm = rec {
-      serviceDeps = [ "mysql.service" ];
-      socket = "/var/run/phpfpm/chloe-${environment}.sock";
-      pool = ''
-        listen = ${socket}
-        user = ${apache.user}
-        group = ${apache.group}
-        listen.owner = ${apache.user}
-        listen.group = ${apache.group}
-        php_admin_value[upload_max_filesize] = 20M
-        php_admin_value[post_max_size] = 20M
-        ;php_admin_flag[log_errors] = on
-        php_admin_value[open_basedir] = "${../commons/spip/spip_mes_options.php}:${configDir}:${webRoot}:${varDir}:/tmp"
-        php_admin_value[session.save_path] = "${varDir}/phpSessions"
-        ${if environment == "dev" then ''
-        pm = ondemand
-        pm.max_children = 5
-        pm.process_idle_timeout = 60
-        '' else ''
-        pm = dynamic
-        pm.max_children = 20
-        pm.start_servers = 2
-        pm.min_spare_servers = 1
-        pm.max_spare_servers = 3
-        ''}'';
-    };
-    keys = [{
-      dest = "webapps/${environment}-chloe";
-      user = apache.user;
-      group = apache.group;
-      permissions = "0400";
-      text = ''
-        SetEnv SPIP_CONFIG_DIR     "${configDir}"
-        SetEnv SPIP_VAR_DIR        "${varDir}"
-        SetEnv SPIP_SITE           "chloe-${environment}"
-        SetEnv SPIP_LDAP_BASE      "dc=immae,dc=eu"
-        SetEnv SPIP_LDAP_HOST      "ldaps://ldap.immae.eu"
-        SetEnv SPIP_LDAP_SEARCH_DN "${config.ldap.dn}"
-        SetEnv SPIP_LDAP_SEARCH_PW "${config.ldap.password}"
-        SetEnv SPIP_LDAP_SEARCH    "${config.ldap.search}"
-        SetEnv SPIP_MYSQL_HOST     "${config.mysql.host}"
-        SetEnv SPIP_MYSQL_PORT     "${config.mysql.port}"
-        SetEnv SPIP_MYSQL_DB       "${config.mysql.name}"
-        SetEnv SPIP_MYSQL_USER     "${config.mysql.user}"
-        SetEnv SPIP_MYSQL_PASSWORD "${config.mysql.password}"
-      '';
-    }];
-    apache = rec {
-      user = "wwwrun";
-      group = "wwwrun";
-      modules = [ "proxy_fcgi" ];
-      webappName = "chloe_${environment}";
-      root = "/run/current-system/webapps/${webappName}";
-      vhostConf = ''
-        Include /var/secrets/webapps/${environment}-chloe
+{ chloe, config }:
+rec {
+  app = chloe.override { inherit (config) environment; };
+  phpFpm = rec {
+    serviceDeps = [ "mysql.service" ];
+    socket = "/var/run/phpfpm/chloe-${app.environment}.sock";
+    pool = ''
+      listen = ${socket}
+      user = ${apache.user}
+      group = ${apache.group}
+      listen.owner = ${apache.user}
+      listen.group = ${apache.group}
+      php_admin_value[upload_max_filesize] = 20M
+      php_admin_value[post_max_size] = 20M
+      ;php_admin_flag[log_errors] = on
+      php_admin_value[open_basedir] = "${app.spipConfig}:${configDir}:${app}:${app.varDir}:/tmp"
+      php_admin_value[session.save_path] = "${app.varDir}/phpSessions"
+      ${if app.environment == "dev" then ''
+      pm = ondemand
+      pm.max_children = 5
+      pm.process_idle_timeout = 60
+      '' else ''
+      pm = dynamic
+      pm.max_children = 20
+      pm.start_servers = 2
+      pm.min_spare_servers = 1
+      pm.max_spare_servers = 3
+      ''}'';
+  };
+  keys = [{
+    dest = "webapps/${app.environment}-chloe";
+    user = apache.user;
+    group = apache.group;
+    permissions = "0400";
+    text = ''
+      SetEnv SPIP_CONFIG_DIR     "${configDir}"
+      SetEnv SPIP_VAR_DIR        "${app.varDir}"
+      SetEnv SPIP_SITE           "chloe-${app.environment}"
+      SetEnv SPIP_LDAP_BASE      "dc=immae,dc=eu"
+      SetEnv SPIP_LDAP_HOST      "ldaps://ldap.immae.eu"
+      SetEnv SPIP_LDAP_SEARCH_DN "${config.ldap.dn}"
+      SetEnv SPIP_LDAP_SEARCH_PW "${config.ldap.password}"
+      SetEnv SPIP_LDAP_SEARCH    "${config.ldap.search}"
+      SetEnv SPIP_MYSQL_HOST     "${config.mysql.host}"
+      SetEnv SPIP_MYSQL_PORT     "${config.mysql.port}"
+      SetEnv SPIP_MYSQL_DB       "${config.mysql.name}"
+      SetEnv SPIP_MYSQL_USER     "${config.mysql.user}"
+      SetEnv SPIP_MYSQL_PASSWORD "${config.mysql.password}"
+    '';
+  }];
+  apache = rec {
+    user = "wwwrun";
+    group = "wwwrun";
+    modules = [ "proxy_fcgi" ];
+    webappName = "chloe_${app.environment}";
+    root = "/run/current-system/webapps/${webappName}";
+    vhostConf = ''
+      Include /var/secrets/webapps/${app.environment}-chloe
 
-        RewriteEngine On
-        ${if environment == "prod" then ''
-        RewriteRule ^/news.rss  /spip.php?page=backend&id_rubrique=1
-        '' else ""}
+      RewriteEngine On
+      ${if app.environment == "prod" then ''
+      RewriteRule ^/news.rss  /spip.php?page=backend&id_rubrique=1
+      '' else ""}
 
-        <FilesMatch "\.php$">
-          SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
-        </FilesMatch>
+      <FilesMatch "\.php$">
+        SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+      </FilesMatch>
 
-        <Directory ${root}>
-          DirectoryIndex index.php index.htm index.html
-          Options -Indexes +FollowSymLinks +MultiViews +Includes
-          Include ${root}/htaccess.txt
+      <Directory ${root}>
+        DirectoryIndex index.php index.htm index.html
+        Options -Indexes +FollowSymLinks +MultiViews +Includes
+        Include ${root}/htaccess.txt
 
-          AllowOverride AuthConfig FileInfo Limit
-          Require all granted
-        </Directory>
+        AllowOverride AuthConfig FileInfo Limit
+        Require all granted
+      </Directory>
 
-        <DirectoryMatch "${root}/squelettes">
-          Require all denied
-        </DirectoryMatch>
+      <DirectoryMatch "${root}/squelettes">
+        Require all denied
+      </DirectoryMatch>
 
-        <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$">
-          Require all denied
-        </FilesMatch>
+      <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$">
+        Require all denied
+      </FilesMatch>
 
-        ${if environment == "dev" then ''
-        <Location />
-          Use LDAPConnect
-          Require ldap-group cn=chloe.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
-          ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://osteopathe-cc.fr\"></html>"
-        </Location>
-        '' else ''
-        Use Stats osteopathe-cc.fr
-        ''}
-        '';
-    };
-    activationScript = {
-      deps = [ "wrappers" ];
-      text = ''
-        install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} ${varDir}/IMG ${varDir}/tmp ${varDir}/local
-        install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
-      '';
-    };
-    configDir = ./chloe_config_ + environment;
-    varDir = "/var/lib/chloe_${environment}";
-    siteDir = stdenv.mkDerivation (fetchedGitPrivate ./chloe.json // rec {
-      buildPhase = ''
-        make
-        '';
-      installPhase = ''
-        cp -a . $out
-        '';
-      buildInputs = [ sassc ];
-    });
-    webRoot = stdenv.mkDerivation rec {
-      name = "chloe-${environment}-spip-${version}";
-      version = "3.2.3";
-      src = fetchzip {
-        url = "https://files.spip.net/spip/archives/SPIP-v${version}.zip";
-        sha256 = "1r1mjvsnrp6mvkgjakvi3x4ms8m8k5mp93micbbg8r99fj7qlfkq";
-      };
-      paches = [ ../commons/spip/spip_ldap_patch.patch ];
-      buildPhase = ''
-        rm -rf IMG local tmp config/remove.txt
-        ln -sf ${../commons/spip/spip_mes_options.php} config/mes_options.php
-        echo "Require all denied" > "config/.htaccess"
-        ln -sf ${varDir}/{IMG,local} .
+      ${if app.environment == "dev" then ''
+      <Location />
+        Use LDAPConnect
+        Require ldap-group cn=chloe.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
+        ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://osteopathe-cc.fr\"></html>"
+      </Location>
+      '' else ''
+      Use Stats osteopathe-cc.fr
+      ''}
       '';
-      installPhase = ''
-        cp -a . $out
-        cp -a ${siteDir}/* $out
-      '';
-    };
   };
-in
-  chloe
+  activationScript = {
+    deps = [ "wrappers" ];
+    text = ''
+      install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local
+      install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions
+    '';
+  };
+  configDir = ./chloe_config_ + app.environment;
+}
diff --git a/nixops/modules/websites/chloe/default.nix b/nixops/modules/websites/chloe/default.nix
index a542d70..874b81b 100644
--- a/nixops/modules/websites/chloe/default.nix
+++ b/nixops/modules/websites/chloe/default.nix
@@ -1,14 +1,15 @@
 { lib, pkgs, config, myconfig, mylibs, ... }:
 let
-    chloe = pkgs.callPackage ./chloe.nix { inherit (mylibs) fetchedGitPrivate; };
-    chloe_dev  = chloe {
-      config = myconfig.env.websites.chloe.integration;
-    };
-    chloe_prod = chloe {
-      config = myconfig.env.websites.chloe.production;
-    };
+  chloe_dev  = pkgs.callPackage ./chloe.nix {
+    inherit (pkgs.private.webapps) chloe;
+    config = myconfig.env.websites.chloe.integration;
+  };
+  chloe_prod = pkgs.callPackage ./chloe.nix {
+    inherit (pkgs.private.webapps) chloe;
+    config = myconfig.env.websites.chloe.production;
+  };
 
-    cfg = config.services.myWebsites.Chloe;
+  cfg = config.services.myWebsites.Chloe;
 in {
   options.services.myWebsites.Chloe = {
     production = {
@@ -39,7 +40,7 @@ in {
       system.activationScripts.chloe_prod = chloe_prod.activationScript;
       system.extraSystemBuilderCmds = ''
         mkdir -p $out/webapps
-        ln -s ${chloe_prod.webRoot} $out/webapps/${chloe_prod.apache.webappName}
+        ln -s ${chloe_prod.app.webRoot} $out/webapps/${chloe_prod.apache.webappName}
         '';
       services.myWebsites.production.modules = chloe_prod.apache.modules;
       services.myWebsites.production.vhostConfs.chloe = {
@@ -60,7 +61,7 @@ in {
       system.activationScripts.chloe_dev = chloe_dev.activationScript;
       system.extraSystemBuilderCmds = ''
         mkdir -p $out/webapps
-        ln -s ${chloe_dev.webRoot} $out/webapps/${chloe_dev.apache.webappName}
+        ln -s ${chloe_dev.app.webRoot} $out/webapps/${chloe_dev.apache.webappName}
         '';
       services.myWebsites.integration.modules = chloe_dev.apache.modules;
       services.myWebsites.integration.vhostConfs.chloe = {
diff --git a/nixops/modules/websites/commons/spip/spip_ldap_patch.patch b/nixops/modules/websites/commons/spip/spip_ldap_patch.patch
deleted file mode 100644
index 653c909..0000000
--- a/nixops/modules/websites/commons/spip/spip_ldap_patch.patch
+++ /dev/null
@@ -1,60 +0,0 @@
---- old/ecrire/auth/ldap.php    2017-06-08 21:58:17.000000000 +0200
-+++ new/ecrire/auth/ldap.php    2017-06-10 02:54:02.687954143 +0200
-@@ -171,24 +171,41 @@
-        $desc = isset($ldap['attributes']) && $ldap['attributes'] ? $ldap['attributes'] : $GLOBALS['ldap_attributes'] ;
- 
-        $logins = is_array($desc['login']) ? $desc['login'] : array($desc['login']);
-+        if (isset($GLOBALS['ldap_search'])) {
-+          $search_query = str_replace("%user%", $login_search, $GLOBALS['ldap_search']);
-+          $result = @ldap_search($ldap_link, $ldap_base, $search_query, array("dn"));
-+          $info = @ldap_get_entries($ldap_link, $result);
-+          // Ne pas accepter les resultats si plus d'une entree
-+          // (on veut un attribut unique)
- 
--       // Tenter une recherche pour essayer de retrouver le DN
--       foreach ($logins as $att) {
--               $result = @ldap_search($ldap_link, $ldap_base, "$att=$login_search", array("dn"));
--               $info = @ldap_get_entries($ldap_link, $result);
--               // Ne pas accepter les resultats si plus d'une entree
--               // (on veut un attribut unique)
-+          if (is_array($info) and $info['count'] == 1) {
-+            $dn = $info[0]['dn'];
-+            if (!$checkpass) {
-+              return $dn;
-+            }
-+            if (@ldap_bind($ldap_link, $dn, $pass)) {
-+              return $dn;
-+            }
-+          }
-+        } else {
-+          // Tenter une recherche pour essayer de retrouver le DN
-+          foreach ($logins as $att) {
-+                  $result = @ldap_search($ldap_link, $ldap_base, "$att=$login_search", array("dn"));
-+                  $info = @ldap_get_entries($ldap_link, $result);
-+                  // Ne pas accepter les resultats si plus d'une entree
-+                  // (on veut un attribut unique)
- 
--               if (is_array($info) and $info['count'] == 1) {
--                       $dn = $info[0]['dn'];
--                       if (!$checkpass) {
--                               return $dn;
--                       }
--                       if (@ldap_bind($ldap_link, $dn, $pass)) {
--                               return $dn;
--                       }
--               }
--       }
-+                  if (is_array($info) and $info['count'] == 1) {
-+                          $dn = $info[0]['dn'];
-+                          if (!$checkpass) {
-+                                  return $dn;
-+                          }
-+                          if (@ldap_bind($ldap_link, $dn, $pass)) {
-+                                  return $dn;
-+                          }
-+                  }
-+          }
-+        }
- 
-        if ($checkpass and !isset($dn)) {
-                // Si echec, essayer de deviner le DN
diff --git a/nixops/modules/websites/commons/spip/spip_mes_options.php b/nixops/modules/websites/commons/spip/spip_mes_options.php
deleted file mode 100644
index 8db8389..0000000
--- a/nixops/modules/websites/commons/spip/spip_mes_options.php
+++ /dev/null
@@ -1,18 +0,0 @@
-<?php // /!\ Important: There must be no blank space before &lt;?php or after ?&gt;
-// This file was inspired from the spip contrib website
-// http://www.spip.net/fr_article3811.html
-
-$config_dir = getenv('SPIP_CONFIG_DIR') . '/';
-$var_dir = getenv('SPIP_VAR_DIR') . '/';
-
-$cookie_prefix = str_replace('.', '_', getenv("SPIP_SITE"));
-$table_prefix = 'spip';
-
-spip_initialisation(
-        $config_dir,
-        _DIR_RACINE . _NOM_PERMANENTS_ACCESSIBLES,
-        $var_dir . _NOM_TEMPORAIRES_INACCESSIBLES,
-        _DIR_RACINE . _NOM_TEMPORAIRES_ACCESSIBLES
-);
-
-?>