Move production websites to use stable web directories

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-02-16 14:50:08 +0100
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-02-16 14:50:08 +0100
commit: 7da3ceece7fe6c49046e97f37fc353db9b8a981c (patch)
tree: 623849d979508b007b1b6e4e42976b64e30b2cf1 /nixops
parent: e5073addbe397afd596613af469f3308a07c1801 (diff)
download: Nix-7da3ceece7fe6c49046e97f37fc353db9b8a981c.tar.gz
Nix-7da3ceece7fe6c49046e97f37fc353db9b8a981c.tar.zst
Nix-7da3ceece7fe6c49046e97f37fc353db9b8a981c.zip
15 files changed, 53 insertions, 28 deletions
diff --git a/nixops/modules/websites/aten/aten.nix b/nixops/modules/websites/aten/aten.nix
index f986ec1..e27688d 100644
--- a/nixops/modules/websites/aten/aten.nix
+++ b/nixops/modules/websites/aten/aten.nix
@@ -66,7 +66,7 @@ let
      </Location>
      ''}
-      <Directory ${if environment == "dev" then root else webRoot}>
+      <Directory ${root}>
        Options Indexes FollowSymLinks MultiViews Includes
        AllowOverride All
        Require all granted
diff --git a/nixops/modules/websites/aten/default.nix b/nixops/modules/websites/aten/default.nix
index f586ed5..41c22ce 100644
--- a/nixops/modules/websites/aten/default.nix
+++ b/nixops/modules/websites/aten/default.nix
@@ -51,7 +51,7 @@ in {
      services.myWebsites.production.vhostConfs.aten = {
        certName    = "aten";
        hosts       = [ "aten.pro" "www.aten.pro" ];
-        root        = aten_prod.webRoot;
+        root        = aten_prod.apache.root;
        extraConfig = [ aten_prod.apache.vhostConf ];
      };
    })
diff --git a/nixops/modules/websites/capitaines/default.nix b/nixops/modules/websites/capitaines/default.nix
index 7f8f4c6..8073955 100644
--- a/nixops/modules/websites/capitaines/default.nix
+++ b/nixops/modules/websites/capitaines/default.nix
@@ -2,6 +2,8 @@
 let
    cfg = config.services.myWebsites.Capitaines;
    env = myconfig.env.websites.capitaines;
+    webappName = "capitaines_mastodon";
+    root = "/run/current-system/webapps/${webappName}";
    siteDir = ./mastodon_static;
 in {
  options.services.myWebsites.Capitaines = {
@@ -14,15 +16,19 @@ in {
    security.acme.certs."capitaines_mastodon" = config.services.myCertificates.certConfig // {
      domain = "mastodon.capitaines.fr";
    };
+    system.extraSystemBuilderCmds = ''
+      mkdir -p $out/webapps
+      ln -s ${siteDir} $out/webapps/${webappName}
+      '';
    services.myWebsites.production.vhostConfs.capitaines = {
      certName    = "capitaines_mastodon";
      hosts       = [ "mastodon.capitaines.fr" ];
-      root        = siteDir;
+      root        = root;
      extraConfig = [
        ''
        ErrorDocument 404 /index.html
-        <Directory ${siteDir}>
+        <Directory ${root}>
          DirectoryIndex index.html
          Options Indexes FollowSymLinks MultiViews Includes
          Require all granted
diff --git a/nixops/modules/websites/chloe/chloe.nix b/nixops/modules/websites/chloe/chloe.nix
index 3b92af3..80e5554 100644
--- a/nixops/modules/websites/chloe/chloe.nix
+++ b/nixops/modules/websites/chloe/chloe.nix
@@ -56,16 +56,16 @@ let
          SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
        </FilesMatch>
-        <Directory ${if environment == "dev" then root else webRoot}>
+        <Directory ${root}>
          DirectoryIndex index.php index.htm index.html
          Options -Indexes +FollowSymLinks +MultiViews +Includes
-          Include ${if environment == "dev" then root else webRoot}/htaccess.txt
+          Include ${root}/htaccess.txt
          AllowOverride AuthConfig FileInfo Limit
          Require all granted
        </Directory>
-        <DirectoryMatch "${if environment == "dev" then root else webRoot}/squelettes">
+        <DirectoryMatch "${root}/squelettes">
          Require all denied
        </DirectoryMatch>
diff --git a/nixops/modules/websites/chloe/default.nix b/nixops/modules/websites/chloe/default.nix
index d647eb9..f561834 100644
--- a/nixops/modules/websites/chloe/default.nix
+++ b/nixops/modules/websites/chloe/default.nix
@@ -53,7 +53,7 @@ in {
      services.myWebsites.production.vhostConfs.chloe = {
        certName    = "chloe";
        hosts       = ["osteopathe-cc.fr" "www.osteopathe-cc.fr" ];
-        root        = chloe_prod.webRoot;
+        root        = chloe_prod.apache.root;
        extraConfig = [ chloe_prod.apache.vhostConf ];
      };
    })
diff --git a/nixops/modules/websites/commons/adminer.nix b/nixops/modules/websites/commons/adminer.nix
index 891046f..9c4e132 100644
--- a/nixops/modules/websites/commons/adminer.nix
+++ b/nixops/modules/websites/commons/adminer.nix
@@ -32,13 +32,15 @@ let
        php_admin_value[session.save_path] = "/var/lib/php/sessions/adminer"
        '';
    };
-    apache = {
+    apache = rec {
      user = "wwwrun";
      group = "wwwrun";
      modules = [ "proxy_fcgi" ];
+      webappName = "_adminer";
+      root = "/run/current-system/webapps/${webappName}";
      vhostConf = ''
-        Alias /adminer ${webRoot}
+        Alias /adminer ${root}
-        <Directory ${webRoot}>
+        <Directory ${root}>
          DirectoryIndex index.php
          Require all granted
          <FilesMatch "\.php$">
diff --git a/nixops/modules/websites/connexionswing/connexionswing.nix b/nixops/modules/websites/connexionswing/connexionswing.nix
index dff563f..74a1ad0 100644
--- a/nixops/modules/websites/connexionswing/connexionswing.nix
+++ b/nixops/modules/websites/connexionswing/connexionswing.nix
@@ -129,7 +129,7 @@ let
      '' else ''
      Use Stats connexionswing.com
-      <Directory ${webRoot}>
+      <Directory ${root}>
        Options Indexes FollowSymLinks MultiViews Includes
        AllowOverride All
        Require all granted
diff --git a/nixops/modules/websites/connexionswing/default.nix b/nixops/modules/websites/connexionswing/default.nix
index f176762..f98b349 100644
--- a/nixops/modules/websites/connexionswing/default.nix
+++ b/nixops/modules/websites/connexionswing/default.nix
@@ -53,7 +53,7 @@ in {
      services.myWebsites.production.vhostConfs.connexionswing = {
        certName    = "connexionswing";
        hosts       = ["connexionswing.com" "sandetludo.com" "www.connexionswing.com" "www.sandetludo.com" ];
-        root        = connexionswing_prod.webRoot;
+        root        = connexionswing_prod.apache.root;
        extraConfig = [ connexionswing_prod.apache.vhostConf ];
      };
    })
diff --git a/nixops/modules/websites/default.nix b/nixops/modules/websites/default.nix
index 3db1cfa..c8f7481 100644
--- a/nixops/modules/websites/default.nix
+++ b/nixops/modules/websites/default.nix
@@ -1,6 +1,8 @@
 { lib, pkgs, config, mylibs, myconfig, ... }:
 let
  cfg = config.services.myWebsites;
+  www_root = "/run/current-system/webapps/_www";
+  theme_root = "/run/current-system/webapps/_theme";
  makeService = name: cfg: let
    toVhost = vhostConf: {
      enableSSL = true;
@@ -21,9 +23,9 @@ let
      hostName = "nossl.immae.eu";
      enableSSL = false;
      logFormat = "combinedVhost";
-      documentRoot = ../../www;
+      documentRoot = www_root;
      extraConfig = ''
-        <Directory ${../../www}>
+        <Directory ${www_root}>
          DirectoryIndex nossl.html
          AllowOverride None
          Require all granted
@@ -52,7 +54,7 @@ let
    fallbackVhost = toVhost { # Should go first, default choice
      certName    = "eldiron";
      hosts       = ["eldiron.immae.eu" ];
-      root        = ../../www;
+      root        = www_root;
      extraConfig = [ "DirectoryIndex index.htm" ];
    };
  in rec {
@@ -290,11 +292,11 @@ in
          ErrorDocument 502 /maintenance_immae.html
          ErrorDocument 503 /maintenance_immae.html
          ErrorDocument 504 /maintenance_immae.html
-          Alias /maintenance_immae.html ${../../www}/maintenance_immae.html
+          Alias /maintenance_immae.html ${www_root}/maintenance_immae.html
          ProxyPass /maintenance_immae.html !
-          AliasMatch "(.*)/googleb6d69446ff4ca3e5.html" ${../../www}/googleb6d69446ff4ca3e5.html
+          AliasMatch "(.*)/googleb6d69446ff4ca3e5.html" ${www_root}/googleb6d69446ff4ca3e5.html
-          <Directory ${../../www}>
+          <Directory ${www_root}>
            AllowOverride None
            Require all granted
          </Directory>
@@ -303,8 +305,8 @@ in
      apaxy = {
        extraConfig = ''
          <Macro Apaxy %{folder} %{ignored}>
-            Alias /theme ${./apache/theme}
+            Alias /theme ${theme_root}
-            <Directory ${./apache/theme}>
+            <Directory ${theme_root}>
              Options -Indexes
              AllowOverride None
              Require all granted
@@ -407,6 +409,15 @@ in
        '';
    };
+    system.extraSystemBuilderCmds = let
+      adminer = pkgs.callPackage ./commons/adminer.nix {};
+    in ''
+      mkdir -p $out/webapps
+      ln -s ${../../www} $out/webapps/_www
+      ln -s ${./apache/theme} $out/webapps/_theme
+      ln -s ${adminer.webRoot} $out/webapps/${adminer.apache.webappName}
+      '';
    services.myPhpfpm = {
      phpPackage = pkgs.php;
      phpOptions = ''
diff --git a/nixops/modules/websites/emilia/default.nix b/nixops/modules/websites/emilia/default.nix
index 5783ed0..4002caa 100644
--- a/nixops/modules/websites/emilia/default.nix
+++ b/nixops/modules/websites/emilia/default.nix
@@ -4,6 +4,8 @@ let
    env = myconfig.env.websites.emilia;
    varDir = "/var/lib/moodle";
    siteDir = ./moodle;
+    webappName = "emilia_moodle";
+    root = "/run/current-system/webapps/${webappName}";
    # php_admin_value[upload_max_filesize] = 50000000
    # php_admin_value[post_max_size] = 50000000
    configFile = ''
@@ -55,13 +57,17 @@ in {
    system.activationScripts.emilia = ''
      install -m 0755 -o wwwrun -g wwwrun -d ${varDir}
      '';
+    system.extraSystemBuilderCmds = ''
+      mkdir -p $out/webapps
+      ln -s ${siteDir} $out/webapps/${webappName}
+      '';
    services.myWebsites.production.vhostConfs.emilia = {
      certName    = "emilia";
      hosts       = [ "saison-photo.org" "www.saison-photo.org" ];
-      root        = siteDir;
+      root        = root;
      extraConfig = [
        ''
-        <Directory ${siteDir}>
+        <Directory ${root}>
          DirectoryIndex pause.html
          Options Indexes FollowSymLinks MultiViews Includes
          Require all granted
diff --git a/nixops/modules/websites/ftp/temp.nix b/nixops/modules/websites/ftp/temp.nix
index 1033121..7f9f681 100644
--- a/nixops/modules/websites/ftp/temp.nix
+++ b/nixops/modules/websites/ftp/temp.nix
@@ -20,7 +20,7 @@ in {
      root        = varDir;
      extraConfig = [
        ''
-        Use Apaxy "${varDir}" "title"
+        Use Apaxy "${varDir}" "title .duplicity-ignore"
        <FilesMatch ".+">
          Header set Content-Disposition attachment
        </FilesMatch>
diff --git a/nixops/modules/websites/ludivine/default.nix b/nixops/modules/websites/ludivine/default.nix
index bcbef51..3dd0ee7 100644
--- a/nixops/modules/websites/ludivine/default.nix
+++ b/nixops/modules/websites/ludivine/default.nix
@@ -46,7 +46,7 @@ in {
      services.myWebsites.production.vhostConfs.ludivine = {
        certName    = "ludivinecassal";
        hosts       = ["ludivinecassal.com" "www.ludivinecassal.com" ];
-        root        = ludivinecassal_prod.webRoot;
+        root        = ludivinecassal_prod.apache.root;
        extraConfig = [ ludivinecassal_prod.apache.vhostConf ];
      };
    })
diff --git a/nixops/modules/websites/ludivine/ludivinecassal.nix b/nixops/modules/websites/ludivine/ludivinecassal.nix
index 02614a5..3ffd335 100644
--- a/nixops/modules/websites/ludivine/ludivinecassal.nix
+++ b/nixops/modules/websites/ludivine/ludivinecassal.nix
@@ -121,7 +121,7 @@ let
      '' else ''
      Use Stats ludivinecassal.com
-      <Directory ${webRoot}>
+      <Directory ${root}>
        Options Indexes FollowSymLinks MultiViews Includes
        AllowOverride All
        Require all granted
diff --git a/nixops/modules/websites/piedsjaloux/default.nix b/nixops/modules/websites/piedsjaloux/default.nix
index 584e936..54e063d 100644
--- a/nixops/modules/websites/piedsjaloux/default.nix
+++ b/nixops/modules/websites/piedsjaloux/default.nix
@@ -50,7 +50,7 @@ in {
      services.myWebsites.production.vhostConfs.piedsjaloux = {
        certName    = "piedsjaloux";
        hosts       = [ "piedsjaloux.fr" "www.piedsjaloux.fr" ];
-        root        = piedsjaloux_prod.webRoot;
+        root        = piedsjaloux_prod.apache.root;
        extraConfig = [ piedsjaloux_prod.apache.vhostConf ];
      };
    })
diff --git a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix b/nixops/modules/websites/piedsjaloux/piedsjaloux.nix
index a2d9a12..4caf48a 100644
--- a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix
+++ b/nixops/modules/websites/piedsjaloux/piedsjaloux.nix
@@ -110,7 +110,7 @@ let
      '' else ''
      Use Stats piedsjaloux.fr
-      <Directory ${webRoot}>
+      <Directory ${root}>
        Options Indexes FollowSymLinks MultiViews Includes
        AllowOverride All
        Require all granted
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-02-16 14:50:08 +0100
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-02-16 14:50:08 +0100
commit	7da3ceece7fe6c49046e97f37fc353db9b8a981c (patch)
tree	623849d979508b007b1b6e4e42976b64e30b2cf1 /nixops
parent	e5073addbe397afd596613af469f3308a07c1801 (diff)
download	Nix-7da3ceece7fe6c49046e97f37fc353db9b8a981c.tar.gz Nix-7da3ceece7fe6c49046e97f37fc353db9b8a981c.tar.zst Nix-7da3ceece7fe6c49046e97f37fc353db9b8a981c.zip