Move packages fils to module

26 files changed, 1480 insertions, 16 deletions

diff --git a/virtual/modules/websites.nix b/virtual/modules/websites.nix
index cbd7de0..d794c7a 100644
--- a/virtual/modules/websites.nix
+++ b/virtual/modules/websites.nix
@@ -59,11 +59,11 @@ let
 in
 {
   imports = [
-    ./websites/chloe.nix
-    ./websites/ludivine.nix
-    ./websites/aten.nix
-    ./websites/piedsjaloux.nix
-    ./websites/connexionswing.nix
+    ./websites/chloe
+    ./websites/ludivine
+    ./websites/aten
+    ./websites/piedsjaloux
+    ./websites/connexionswing
     # built using:
     # sed -e "s/services\.httpd/services\.httpdProd/g" .nix-defexpr/channels/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix
     # And removed users / groups
diff --git a/virtual/modules/websites/aten/aten.json b/virtual/modules/websites/aten/aten.json
new file mode 100644
index 0000000..53569b6
--- /dev/null
+++ b/virtual/modules/websites/aten/aten.json
@@ -0,0 +1,14 @@
+{
+  "tag": "b99537f-master",
+  "meta": {
+    "name": "aten",
+    "url": "gitolite@git.immae.eu:perso/Immae/Sites/Aten",
+    "branch": "master"
+  },
+  "git": {
+    "url": "gitolite@git.immae.eu:perso/Immae/Sites/Aten",
+    "rev": "b99537fdad41291afb4f1bb8b2e2aa4081c71fae",
+    "sha256": "15mlyik6zivxwry6zc906bqnivxhby27yr8kj4lg5n68pvb877dn",
+    "fetchSubmodules": true
+  }
+}
diff --git a/virtual/modules/websites/aten/aten.nix b/virtual/modules/websites/aten/aten.nix
new file mode 100644
index 0000000..d67f7b7
--- /dev/null
+++ b/virtual/modules/websites/aten/aten.nix
@@ -0,0 +1,126 @@
+{ lib, checkEnv, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages, yarn }:
+let
+  aten = { environment ? "dev" }: rec {
+    varPrefix = "ATEN";
+    varDir = "/var/lib/aten_${environment}";
+    envName= lib.strings.toUpper environment;
+    phpFpm = rec {
+      socket = "/var/run/phpfpm/aten-${environment}.sock";
+      pool = ''
+        listen = ${socket}
+        user = ${apache.user}
+        group = ${apache.group}
+        listen.owner = ${apache.user}
+        listen.group = ${apache.group}
+        php_admin_value[upload_max_filesize] = 20M
+        php_admin_value[post_max_size] = 20M
+        ;php_admin_flag[log_errors] = on
+        php_admin_value[open_basedir] = "${webappDir}:${varDir}:/tmp"
+        php_admin_value[session.save_path] = "${varDir}/phpSessions"
+        ${if environment == "dev" then ''
+        pm = ondemand
+        pm.max_children = 5
+        pm.process_idle_timeout = 60
+        env[SYMFONY_DEBUG_MODE] = "yes"
+        '' else ''
+        pm = dynamic
+        pm.max_children = 20
+        pm.start_servers = 2
+        pm.min_spare_servers = 1
+        pm.max_spare_servers = 3
+        ''}'';
+    };
+    apache = {
+      user = "wwwrun";
+      group = "wwwrun";
+      modules = [ "proxy_fcgi" ];
+      vhostConf =
+        assert checkEnv "NIXOPS_${varPrefix}_${envName}_SECRET";
+        assert checkEnv "NIXOPS_${varPrefix}_${envName}_PSQL_URL";
+      ''
+      <FilesMatch "\.php$">
+        SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+      </FilesMatch>
+
+      SetEnv APP_ENV      "${environment}"
+      SetEnv APP_SECRET   "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_SECRET"}
+      SetEnv DATABASE_URL "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_PSQL_URL"}
+
+      ${if environment == "dev" then ''
+      <Location />
+        Use LDAPConnect
+        Require ldap-group   cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
+        ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
+      </Location>
+
+      <Location /backend>
+        Use LDAPConnect
+        Require ldap-group   cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
+        ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
+      </Location>
+      '' else ''
+      Use Stats aten.pro
+
+      <Location /backend>
+        Use LDAPConnect
+        Require ldap-group   cn=aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
+        ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
+      </Location>
+      ''}
+
+      <Directory ${webRoot}>
+        Options Indexes FollowSymLinks MultiViews Includes
+        AllowOverride All
+        Require all granted
+        DirectoryIndex index.php
+        FallbackResource /index.php
+      </Directory>
+      '';
+    };
+    activationScript = {
+      deps = [ "wrappers" ];
+      text = ''
+      install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}
+      install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
+      if [ ! -f "${varDir}/currentWebappDir" -o \
+          "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then
+        pushd ${webappDir} > /dev/null
+        $wrapperDir/sudo -u wwwrun APP_ENV=${environment} ./bin/console --env=${environment} cache:clear --no-warmup
+        popd > /dev/null
+        echo -n "${webappDir}" > ${varDir}/currentWebappDir
+      fi
+      '';
+    };
+    webappDir = stdenv.mkDerivation (fetchedGitPrivate ./aten.json // rec {
+      # FIXME: can we do better than symlink?
+      # FIXME: initial sync
+      # FIXME: backup
+      # FIXME: usage statistics
+      buildPhase = ''
+        export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
+        export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
+        export APP_ENV="${environment}"
+        export DATABASE_URL="${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_PSQL_URL"}"
+        export APP_SECRET="${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_SECRET"}"
+
+        ${if environment == "dev" then ''
+          composer install
+        '' else ''
+          SYMFONY_ENV=prod composer install --no-dev
+        ''}
+        yarn install
+        yarn run encore production
+        rm -rf var
+        ln -sf ../../../../../${varDir} var
+        '';
+      installPhase = ''
+        cp -a . $out
+        '';
+      buildInputs = [
+        php git cacert phpPackages.composer yarn
+      ];
+    });
+    webRoot = "${webappDir}/public";
+  };
+in
+  aten
diff --git a/virtual/modules/websites/aten.nix b/virtual/modules/websites/aten/default.nix
index 4688db3..d9db75c 100644
--- a/virtual/modules/websites/aten.nix
+++ b/virtual/modules/websites/aten/default.nix
@@ -1,6 +1,6 @@
 { lib, pkgs, config, mylibs, ... }:
 let
-    aten = pkgs.callPackage ../../packages/aten.nix { inherit (mylibs) checkEnv fetchedGitPrivate; };
+    aten = pkgs.callPackage ./aten.nix { inherit (mylibs) checkEnv fetchedGitPrivate; };
     aten_dev  = aten { environment = "dev"; };
     aten_prod = aten { environment = "prod"; };
 
@@ -15,13 +15,17 @@ in {
     };
   };
 
+  imports = [
+    ../commons/stats.nix
+  ];
+
   config = lib.mkMerge [
     (lib.mkIf cfg.production.enable {
       services.myWebsites.commons.stats.enable = true;
       services.myWebsites.commons.stats.sites = [
         {
           name = "aten.pro";
-          conf = ../../packages/aten_goaccess.conf;
+          conf = ./goaccess.conf;
         }
       ];
 
diff --git a/virtual/modules/websites/aten/goaccess.conf b/virtual/modules/websites/aten/goaccess.conf
new file mode 100644
index 0000000..07cce57
--- /dev/null
+++ b/virtual/modules/websites/aten/goaccess.conf
@@ -0,0 +1,99 @@
+time-format %H:%M:%S
+date-format %d/%b/%Y
+
+#sur immae.eu
+#log-format %v %h %^[%d:%t %^] "%r" %s %b "%R" "%u" $^
+
+log-format VCOMBINED
+#= %v:%^ %h %^[%d:%t %^] "%r" %s %b "%R" "%u"
+
+html-prefs {"theme":"bright","layout":"vertical"}
+
+exclude-ip 188.165.209.148
+exclude-ip 178.33.252.96
+exclude-ip 2001:41d0:2:9c94::1
+exclude-ip 2001:41d0:2:9c94::
+exclude-ip 176.9.151.89
+exclude-ip 2a01:4f8:160:3445::
+exclude-ip 82.255.56.72
+
+no-query-string true
+
+keep-db-files true
+load-from-disk true
+db-path /var/lib/goaccess/aten.pro
+
+ignore-panel REFERRERS
+ignore-panel KEYPHRASES
+
+static-file .css
+static-file .js
+static-file .jpg
+static-file .png
+static-file .gif
+static-file .ico
+static-file .jpeg
+static-file .pdf
+static-file .csv
+static-file .mpeg
+static-file .mpg
+static-file .swf
+static-file .woff
+static-file .woff2
+static-file .xls
+static-file .xlsx
+static-file .doc
+static-file .docx
+static-file .ppt
+static-file .pptx
+static-file .txt
+static-file .zip
+static-file .ogg
+static-file .mp3
+static-file .mp4
+static-file .exe
+static-file .iso
+static-file .gz
+static-file .rar
+static-file .svg
+static-file .bmp
+static-file .tar
+static-file .tgz
+static-file .tiff
+static-file .tif
+static-file .ttf
+static-file .flv
+#static-file .less
+#static-file .ac3
+#static-file .avi
+#static-file .bz2
+#static-file .class
+#static-file .cue
+#static-file .dae
+#static-file .dat
+#static-file .dts
+#static-file .ejs
+#static-file .eot
+#static-file .eps
+#static-file .img
+#static-file .jar
+#static-file .map
+#static-file .mid
+#static-file .midi
+#static-file .ogv
+#static-file .webm
+#static-file .mkv
+#static-file .odp
+#static-file .ods
+#static-file .odt
+#static-file .otf
+#static-file .pict
+#static-file .pls
+#static-file .ps
+#static-file .qt
+#static-file .rm
+#static-file .svgz
+#static-file .wav
+#static-file .webp
+
+
diff --git a/virtual/modules/websites/chloe/chloe.json b/virtual/modules/websites/chloe/chloe.json
new file mode 100644
index 0000000..686d751
--- /dev/null
+++ b/virtual/modules/websites/chloe/chloe.json
@@ -0,0 +1,14 @@
+{
+  "tag": "96fc4eb-master",
+  "meta": {
+    "name": "chloe",
+    "url": "gitolite@git.immae.eu:perso/Immae/Sites/Chloe",
+    "branch": "master"
+  },
+  "git": {
+    "url": "gitolite@git.immae.eu:perso/Immae/Sites/Chloe",
+    "rev": "96fc4eb0099a29b0f9a58fb4eaec4bf14ac65f0a",
+    "sha256": "0mf15j6z86j2smm2k360cmm5djhcjbs9949pznwi57kw97vkm1s3",
+    "fetchSubmodules": true
+  }
+}
diff --git a/virtual/modules/websites/chloe/chloe.nix b/virtual/modules/websites/chloe/chloe.nix
new file mode 100644
index 0000000..126d8e7
--- /dev/null
+++ b/virtual/modules/websites/chloe/chloe.nix
@@ -0,0 +1,131 @@
+{ stdenv, lib, checkEnv, fetchzip, fetchurl, fetchedGitPrivate, sassc }:
+let
+  chloe = { environment ? "dev" }: rec {
+    varPrefix = "CHLOE";
+    envName= lib.strings.toUpper environment;
+    phpFpm = rec {
+      socket = "/var/run/phpfpm/chloe-${environment}.sock";
+      pool = 
+      assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD";
+      assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER";
+      assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_DB";
+      assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_DN";
+      assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_PASSWORD";
+      assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH";
+      ''
+        listen = ${socket}
+        user = ${apache.user}
+        group = ${apache.group}
+        listen.owner = ${apache.user}
+        listen.group = ${apache.group}
+        php_admin_value[upload_max_filesize] = 20M
+        php_admin_value[post_max_size] = 20M
+        ;php_admin_flag[log_errors] = on
+        php_admin_value[open_basedir] = "${../commons/spip/spip_mes_options.php}:${configDir}:${webRoot}:${varDir}:/tmp"
+        php_admin_value[session.save_path] = "${varDir}/phpSessions"
+        env[SPIP_CONFIG_DIR] = "${configDir}"
+        env[SPIP_VAR_DIR] = "${varDir}"
+        env[SPIP_SITE] = "chloe-${environment}"
+        env[SPIP_LDAP_BASE] = "dc=immae,dc=eu"
+        env[SPIP_LDAP_HOST] = "ldaps://ldap.immae.eu"
+        env[SPIP_LDAP_SEARCH_DN] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_DN"}"
+        env[SPIP_LDAP_SEARCH_PW] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_PASSWORD"}"
+        env[SPIP_LDAP_SEARCH] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH"}"
+        env[SPIP_MYSQL_HOST] = "db-1.immae.eu"
+        env[SPIP_MYSQL_DB] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_DB"}"
+        env[SPIP_MYSQL_USER] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"}"
+        env[SPIP_MYSQL_PASSWORD] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"}"
+        ${if environment == "dev" then ''
+        pm = ondemand
+        pm.max_children = 5
+        pm.process_idle_timeout = 60
+        '' else ''
+        pm = dynamic
+        pm.max_children = 20
+        pm.start_servers = 2
+        pm.min_spare_servers = 1
+        pm.max_spare_servers = 3
+        ''}'';
+    };
+    apache = {
+      user = "wwwrun";
+      group = "wwwrun";
+      modules = [ "proxy_fcgi" ];
+      vhostConf = ''
+        RewriteEngine On
+        ${if environment == "prod" then ''
+        RewriteRule ^/news.rss  /spip.php?page=backend&id_rubrique=1
+        '' else ""}
+
+        <FilesMatch "\.php$">
+          SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+        </FilesMatch>
+
+        <Directory ${webRoot}>
+          DirectoryIndex index.php index.htm index.html
+          Options -Indexes +FollowSymLinks +MultiViews +Includes
+          Include ${webRoot}/htaccess.txt
+
+          AllowOverride AuthConfig FileInfo Limit
+          Require all granted
+        </Directory>
+
+        <DirectoryMatch "${webRoot}/squelettes">
+          Require all denied
+        </DirectoryMatch>
+
+        <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$">
+          Require all denied
+        </FilesMatch>
+
+        ${if environment == "dev" then ''
+        <Location />
+          Use LDAPConnect
+          Require ldap-group cn=chloe.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
+          ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://osteopathe-cc.fr\"></html>"
+        </Location>
+        '' else ''
+        Use Stats osteopathe-cc.fr
+        ''}
+        '';
+    };
+    activationScript = {
+      deps = [ "wrappers" ];
+      text = ''
+        install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} ${varDir}/IMG ${varDir}/tmp ${varDir}/local
+        install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
+      '';
+    };
+    configDir = ./chloe_config;
+    varDir = "/var/lib/chloe_${environment}";
+    siteDir = stdenv.mkDerivation (fetchedGitPrivate ./chloe.json // rec {
+      buildPhase = ''
+        make
+        '';
+      installPhase = ''
+        cp -a . $out
+        '';
+      buildInputs = [ sassc ];
+    });
+    webRoot = stdenv.mkDerivation rec {
+      name = "chloe-${environment}-spip-${version}";
+      version = "3.2";
+      src = fetchzip {
+        url = "http://files.spip.org/spip/stable/spip-${version}.zip";
+        sha256 = "0cacpxs9nv61i3hzd3nbmplq4mp22s886llhacp3n4923jd6snx5";
+      };
+      paches = [ ../commons/spip/spip_ldap_patch.patch ];
+      buildPhase = ''
+        rm -rf IMG local tmp config/remove.txt
+        ln -sf ${../commons/spip/spip_mes_options.php} config/mes_options.php
+        echo "Require all denied" > "config/.htaccess"
+        ln -sf ../../../../../${varDir}/{IMG,local} .
+      '';
+      installPhase = ''
+        cp -a . $out
+        cp -a ${siteDir}/* $out
+      '';
+    };
+  };
+in
+  chloe
diff --git a/virtual/modules/websites/chloe/chloe_config/chmod.php b/virtual/modules/websites/chloe/chloe_config/chmod.php
new file mode 100644
index 0000000..aae16cd
--- /dev/null
+++ b/virtual/modules/websites/chloe/chloe_config/chmod.php
@@ -0,0 +1,4 @@
+<?php
+if (!defined("_ECRIRE_INC_VERSION")) return;
+if (!defined('_SPIP_CHMOD')) define('_SPIP_CHMOD', 0777);
+?>
\ No newline at end of file
diff --git a/virtual/modules/websites/chloe/chloe_config/connect.php b/virtual/modules/websites/chloe/chloe_config/connect.php
new file mode 100644
index 0000000..2e4439f
--- /dev/null
+++ b/virtual/modules/websites/chloe/chloe_config/connect.php
@@ -0,0 +1,6 @@
+<?php
+if (!defined("_ECRIRE_INC_VERSION")) return;
+define('_MYSQL_SET_SQL_MODE',true);
+$GLOBALS['spip_connect_version'] = 0.7;
+spip_connect_db(getenv("SPIP_MYSQL_HOST"),'',getenv("SPIP_MYSQL_USER"),getenv("SPIP_MYSQL_PASSWORD"),getenv("SPIP_MYSQL_DB"),'mysql', 'spip','ldap.php');
+?>
diff --git a/virtual/modules/websites/chloe/chloe_config/ldap.php b/virtual/modules/websites/chloe/chloe_config/ldap.php
new file mode 100644
index 0000000..825b7ed
--- /dev/null
+++ b/virtual/modules/websites/chloe/chloe_config/ldap.php
@@ -0,0 +1,9 @@
+<?php
+if (!defined("_ECRIRE_INC_VERSION")) return;
+$GLOBALS['ldap_base'] = getenv("SPIP_LDAP_BASE");
+$GLOBALS['ldap_link'] = @ldap_connect(getenv("SPIP_LDAP_HOST"));
+@ldap_set_option($GLOBALS['ldap_link'],LDAP_OPT_PROTOCOL_VERSION,'3');
+@ldap_bind($GLOBALS['ldap_link'],getenv("SPIP_LDAP_SEARCH_DN"), getenv("SPIP_LDAP_SEARCH_PW"));
+$GLOBALS['ldap_champs'] = array('login' => array('sAMAccountName','uid','login','userid','cn','sn'),'nom' => 'cn','email' => 'mail','bio' => 'description',);
+$GLOBALS['ldap_search'] = getenv("SPIP_LDAP_SEARCH");
+?>
diff --git a/virtual/modules/websites/chloe.nix b/virtual/modules/websites/chloe/default.nix
index 3309dd2..72a9b6f 100644
--- a/virtual/modules/websites/chloe.nix
+++ b/virtual/modules/websites/chloe/default.nix
@@ -1,6 +1,6 @@
 { lib, pkgs, config, mylibs, ... }:
 let
-    chloe = pkgs.callPackage ../../packages/chloe.nix { inherit (mylibs) checkEnv fetchedGitPrivate; };
+    chloe = pkgs.callPackage ./chloe.nix { inherit (mylibs) checkEnv fetchedGitPrivate; };
     chloe_dev = chloe { environment = "dev"; };
     chloe_prod = chloe { environment = "prod"; };
 
@@ -15,13 +15,17 @@ in {
     };
   };
 
+  imports = [
+    ../commons/stats.nix
+  ];
+
   config = lib.mkMerge [
     (lib.mkIf cfg.production.enable {
       services.myWebsites.commons.stats.enable = true;
       services.myWebsites.commons.stats.sites = [
         {
           name = "osteopathe-cc.fr";
-          conf = ../../packages/chloe_goaccess.conf;
+          conf = ./goaccess.conf;
         }
       ];
 
diff --git a/virtual/modules/websites/chloe/goaccess.conf b/virtual/modules/websites/chloe/goaccess.conf
new file mode 100644
index 0000000..89cff6d
--- /dev/null
+++ b/virtual/modules/websites/chloe/goaccess.conf
@@ -0,0 +1,99 @@
+time-format %H:%M:%S
+date-format %d/%b/%Y
+
+#sur immae.eu
+#log-format %v %h %^[%d:%t %^] "%r" %s %b "%R" "%u" $^
+
+log-format VCOMBINED
+#= %v:%^ %h %^[%d:%t %^] "%r" %s %b "%R" "%u"
+
+html-prefs {"theme":"bright","layout":"vertical"}
+
+exclude-ip 188.165.209.148
+exclude-ip 178.33.252.96
+exclude-ip 2001:41d0:2:9c94::1
+exclude-ip 2001:41d0:2:9c94::
+exclude-ip 176.9.151.89
+exclude-ip 2a01:4f8:160:3445::
+exclude-ip 82.255.56.72
+
+no-query-string true
+
+keep-db-files true
+load-from-disk true
+db-path /var/lib/goaccess/osteopathe-cc.fr
+
+ignore-panel REFERRERS
+ignore-panel KEYPHRASES
+
+static-file .css
+static-file .js
+static-file .jpg
+static-file .png
+static-file .gif
+static-file .ico
+static-file .jpeg
+static-file .pdf
+static-file .csv
+static-file .mpeg
+static-file .mpg
+static-file .swf
+static-file .woff
+static-file .woff2
+static-file .xls
+static-file .xlsx
+static-file .doc
+static-file .docx
+static-file .ppt
+static-file .pptx
+static-file .txt
+static-file .zip
+static-file .ogg
+static-file .mp3
+static-file .mp4
+static-file .exe
+static-file .iso
+static-file .gz
+static-file .rar
+static-file .svg
+static-file .bmp
+static-file .tar
+static-file .tgz
+static-file .tiff
+static-file .tif
+static-file .ttf
+static-file .flv
+#static-file .less
+#static-file .ac3
+#static-file .avi
+#static-file .bz2
+#static-file .class
+#static-file .cue
+#static-file .dae
+#static-file .dat
+#static-file .dts
+#static-file .ejs
+#static-file .eot
+#static-file .eps
+#static-file .img
+#static-file .jar
+#static-file .map
+#static-file .mid
+#static-file .midi
+#static-file .ogv
+#static-file .webm
+#static-file .mkv
+#static-file .odp
+#static-file .ods
+#static-file .odt
+#static-file .otf
+#static-file .pict
+#static-file .pls
+#static-file .ps
+#static-file .qt
+#static-file .rm
+#static-file .svgz
+#static-file .wav
+#static-file .webp
+
+
diff --git a/virtual/modules/websites/commons/spip/spip_ldap_patch.patch b/virtual/modules/websites/commons/spip/spip_ldap_patch.patch
new file mode 100644
index 0000000..653c909
--- /dev/null
+++ b/virtual/modules/websites/commons/spip/spip_ldap_patch.patch
@@ -0,0 +1,60 @@
+--- old/ecrire/auth/ldap.php    2017-06-08 21:58:17.000000000 +0200
++++ new/ecrire/auth/ldap.php    2017-06-10 02:54:02.687954143 +0200
+@@ -171,24 +171,41 @@
+        $desc = isset($ldap['attributes']) && $ldap['attributes'] ? $ldap['attributes'] : $GLOBALS['ldap_attributes'] ;
+ 
+        $logins = is_array($desc['login']) ? $desc['login'] : array($desc['login']);
++        if (isset($GLOBALS['ldap_search'])) {
++          $search_query = str_replace("%user%", $login_search, $GLOBALS['ldap_search']);
++          $result = @ldap_search($ldap_link, $ldap_base, $search_query, array("dn"));
++          $info = @ldap_get_entries($ldap_link, $result);
++          // Ne pas accepter les resultats si plus d'une entree
++          // (on veut un attribut unique)
+ 
+-       // Tenter une recherche pour essayer de retrouver le DN
+-       foreach ($logins as $att) {
+-               $result = @ldap_search($ldap_link, $ldap_base, "$att=$login_search", array("dn"));
+-               $info = @ldap_get_entries($ldap_link, $result);
+-               // Ne pas accepter les resultats si plus d'une entree
+-               // (on veut un attribut unique)
++          if (is_array($info) and $info['count'] == 1) {
++            $dn = $info[0]['dn'];
++            if (!$checkpass) {
++              return $dn;
++            }
++            if (@ldap_bind($ldap_link, $dn, $pass)) {
++              return $dn;
++            }
++          }
++        } else {
++          // Tenter une recherche pour essayer de retrouver le DN
++          foreach ($logins as $att) {
++                  $result = @ldap_search($ldap_link, $ldap_base, "$att=$login_search", array("dn"));
++                  $info = @ldap_get_entries($ldap_link, $result);
++                  // Ne pas accepter les resultats si plus d'une entree
++                  // (on veut un attribut unique)
+ 
+-               if (is_array($info) and $info['count'] == 1) {
+-                       $dn = $info[0]['dn'];
+-                       if (!$checkpass) {
+-                               return $dn;
+-                       }
+-                       if (@ldap_bind($ldap_link, $dn, $pass)) {
+-                               return $dn;
+-                       }
+-               }
+-       }
++                  if (is_array($info) and $info['count'] == 1) {
++                          $dn = $info[0]['dn'];
++                          if (!$checkpass) {
++                                  return $dn;
++                          }
++                          if (@ldap_bind($ldap_link, $dn, $pass)) {
++                                  return $dn;
++                          }
++                  }
++          }
++        }
+ 
+        if ($checkpass and !isset($dn)) {
+                // Si echec, essayer de deviner le DN
diff --git a/virtual/modules/websites/commons/spip/spip_mes_options.php b/virtual/modules/websites/commons/spip/spip_mes_options.php
new file mode 100644
index 0000000..8db8389
--- /dev/null
+++ b/virtual/modules/websites/commons/spip/spip_mes_options.php
@@ -0,0 +1,18 @@
+<?php // /!\ Important: There must be no blank space before &lt;?php or after ?&gt;
+// This file was inspired from the spip contrib website
+// http://www.spip.net/fr_article3811.html
+
+$config_dir = getenv('SPIP_CONFIG_DIR') . '/';
+$var_dir = getenv('SPIP_VAR_DIR') . '/';
+
+$cookie_prefix = str_replace('.', '_', getenv("SPIP_SITE"));
+$table_prefix = 'spip';
+
+spip_initialisation(
+        $config_dir,
+        _DIR_RACINE . _NOM_PERMANENTS_ACCESSIBLES,
+        $var_dir . _NOM_TEMPORAIRES_INACCESSIBLES,
+        _DIR_RACINE . _NOM_TEMPORAIRES_ACCESSIBLES
+);
+
+?>
diff --git a/virtual/modules/websites/connexionswing/connexionswing.json b/virtual/modules/websites/connexionswing/connexionswing.json
new file mode 100644
index 0000000..146c5f6
--- /dev/null
+++ b/virtual/modules/websites/connexionswing/connexionswing.json
@@ -0,0 +1,14 @@
+{
+  "tag": "0330478-master",
+  "meta": {
+    "name": "connexionswing",
+    "url": "gitolite@git.immae.eu:perso/Immae/Projets/Connexionswing",
+    "branch": "master"
+  },
+  "git": {
+    "url": "gitolite@git.immae.eu:perso/Immae/Projets/Connexionswing",
+    "rev": "0330478cd256e6e36f525d3d0a247bad06de319f",
+    "sha256": "1sh97965winvbmpzqhjidhqry9840fa701wvr4vxywccyg4dyr17",
+    "fetchSubmodules": true
+  }
+}
diff --git a/virtual/modules/websites/connexionswing/connexionswing.nix b/virtual/modules/websites/connexionswing/connexionswing.nix
new file mode 100644
index 0000000..90cca73
--- /dev/null
+++ b/virtual/modules/websites/connexionswing/connexionswing.nix
@@ -0,0 +1,181 @@
+{ lib, checkEnv, writeText, fetchedGitPrivate, stdenv, php, git, cacert }:
+let
+  connexionswing = { environment ? "dev" }: rec {
+    varDir = "/var/lib/connexionswing_${environment}";
+    envName= lib.strings.toUpper environment;
+    configRoot =
+      # FIXME: spool emails in prod for when immae.eu is down?
+      assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_PASSWORD";
+      assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_USER";
+      assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_NAME";
+      assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_SECRET";
+      assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_EMAIL";
+      writeText "parameters.yml" ''
+        # This file is auto-generated during the composer install
+        parameters:
+            database_host: db-1.immae.eu
+            database_port: null
+            database_name: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_NAME"}
+            database_user: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_USER"}
+            database_password: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_PASSWORD"}
+            mailer_transport: smtp
+            mailer_host: mail.immae.eu
+            mailer_user: null
+            mailer_password: null
+            subscription_email: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_EMAIL"}
+            allow_robots: true
+            secret: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_SECRET"}
+      '';
+    phpFpm = rec {
+      socket = "/var/run/phpfpm/connexionswing-${environment}.sock";
+      pool = ''
+        listen = ${socket}
+        user = ${apache.user}
+        group = ${apache.group}
+        listen.owner = ${apache.user}
+        listen.group = ${apache.group}
+        php_admin_value[upload_max_filesize] = 20M
+        php_admin_value[post_max_size] = 20M
+        ;php_admin_flag[log_errors] = on
+        php_admin_value[open_basedir] = "${configRoot}:${webappDir}:${varDir}:/tmp"
+        php_admin_value[session.save_path] = "${varDir}/phpSessions"
+        ${if environment == "dev" then ''
+        pm = ondemand
+        pm.max_children = 5
+        pm.process_idle_timeout = 60
+        env[SYMFONY_DEBUG_MODE] = "yes"
+        '' else ''
+        pm = dynamic
+        pm.max_children = 20
+        pm.start_servers = 2
+        pm.min_spare_servers = 1
+        pm.max_spare_servers = 3
+        ''}'';
+    };
+    apache = {
+      user = "wwwrun";
+      group = "wwwrun";
+      modules = [ "proxy_fcgi" ];
+      vhostConf = ''
+      <FilesMatch "\.php$">
+        SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+      </FilesMatch>
+
+      <Directory ${varDir}/medias>
+        Options FollowSymLinks
+        AllowOverride None
+        Require all granted
+      </Directory>
+
+      <Directory ${varDir}/uploads>
+        Options FollowSymLinks
+        AllowOverride None
+        Require all granted
+      </Directory>
+
+      ${if environment == "dev" then ''
+      <Location />
+        Use LDAPConnect
+        Require ldap-group   cn=connexionswing.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
+        ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://connexionswing.com\"></html>"
+      </Location>
+
+      <Directory ${webRoot}>
+        Options Indexes FollowSymLinks MultiViews Includes
+        AllowOverride None
+        Require all granted
+
+        DirectoryIndex app_dev.php
+
+        <IfModule mod_negotiation.c>
+        Options -MultiViews
+        </IfModule>
+
+        <IfModule mod_rewrite.c>
+          RewriteEngine On
+
+          RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
+          RewriteRule ^(.*) - [E=BASE:%1]
+
+          # Maintenance script
+          RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f
+          RewriteCond %{SCRIPT_FILENAME} !maintenance.php
+          RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]
+          ErrorDocument 503 /maintenance.php
+
+          # Sets the HTTP_AUTHORIZATION header removed by Apache
+          RewriteCond %{HTTP:Authorization} .
+          RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+
+          RewriteCond %{ENV:REDIRECT_STATUS} ^$
+          RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
+
+          # If the requested filename exists, simply serve it.
+          # We only want to let Apache serve files and not directories.
+          RewriteCond %{REQUEST_FILENAME} -f
+          RewriteRule ^ - [L]
+
+          # Rewrite all other queries to the front controller.
+          RewriteRule ^ %{ENV:BASE}/app_dev.php [L]
+        </IfModule>
+
+      </Directory>
+      '' else ''
+      Use Stats connexionswing.com
+
+      <Directory ${webRoot}>
+        Options Indexes FollowSymLinks MultiViews Includes
+        AllowOverride All
+        Require all granted
+      </Directory>
+      ''}
+      '';
+    };
+    activationScript = {
+      deps = [ "wrappers" ];
+      text = ''
+      install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
+        ${varDir}/medias \
+        ${varDir}/uploads \
+        ${varDir}/var
+      install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
+      if [ ! -f "${varDir}/currentWebappDir" -o \
+          "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then
+        pushd ${webappDir} > /dev/null
+        $wrapperDir/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup
+        popd > /dev/null
+        echo -n "${webappDir}" > ${varDir}/currentWebappDir
+      fi
+      '';
+    };
+    webappDir = stdenv.mkDerivation (fetchedGitPrivate ./connexionswing.json // rec {
+      # FIXME: can we do better than symlink?
+      # FIXME: imagick optional
+      # FIXME: initial sync
+      # FIXME: backup
+      # FIXME: replace with pkgs.phpPackages.composer
+      buildPhase = ''
+        export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
+        export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
+
+        ln -sf ../../../../../${varDir}/{medias,uploads} web/images/
+        ln -sf ${configRoot} app/config/parameters.yml
+        sed -i -e "/Incenteev..ParameterHandler..ScriptHandler::buildParameters/d" composer.json
+        ${if environment == "dev" then "php bin/composer install" else ''
+        SYMFONY_ENV=prod php bin/composer install --no-dev
+        ./bin/console assetic:dump --env=prod --no-debug
+        ''}
+        rm -rf var
+        ln -sf ../../../../../${varDir}/var var
+        '';
+      installPhase = ''
+        cp -a . $out
+        '';
+      buildInputs = [
+        php git cacert
+      ];
+    });
+    webRoot = "${webappDir}/web";
+  };
+in
+  connexionswing
diff --git a/virtual/modules/websites/connexionswing.nix b/virtual/modules/websites/connexionswing/default.nix
index 9fc0cec..636b16e 100644
--- a/virtual/modules/websites/connexionswing.nix
+++ b/virtual/modules/websites/connexionswing/default.nix
@@ -1,6 +1,6 @@
 { lib, pkgs, config, mylibs, ... }:
 let
-    connexionswing = pkgs.callPackage ../../packages/connexionswing.nix { inherit (mylibs) checkEnv fetchedGitPrivate; };
+    connexionswing = pkgs.callPackage ./connexionswing.nix { inherit (mylibs) checkEnv fetchedGitPrivate; };
     connexionswing_dev  = connexionswing { environment = "dev"; };
     connexionswing_prod = connexionswing { environment = "prod"; };
 
@@ -15,13 +15,17 @@ in {
     };
   };
 
+  imports = [
+    ../commons/stats.nix
+  ];
+
   config = lib.mkMerge [
     (lib.mkIf cfg.production.enable {
       services.myWebsites.commons.stats.enable = true;
       services.myWebsites.commons.stats.sites = [
         {
           name = "connexionswing.com";
-          conf = ../../packages/connexionswing_goaccess.conf;
+          conf = ./goaccess.conf;
         }
       ];
 
diff --git a/virtual/modules/websites/connexionswing/goaccess.conf b/virtual/modules/websites/connexionswing/goaccess.conf
new file mode 100644
index 0000000..05ad083
--- /dev/null
+++ b/virtual/modules/websites/connexionswing/goaccess.conf
@@ -0,0 +1,99 @@
+time-format %H:%M:%S
+date-format %d/%b/%Y
+
+#sur immae.eu
+#log-format %v %h %^[%d:%t %^] "%r" %s %b "%R" "%u" $^
+
+log-format VCOMBINED
+#= %v:%^ %h %^[%d:%t %^] "%r" %s %b "%R" "%u"
+
+html-prefs {"theme":"bright","layout":"vertical"}
+
+exclude-ip 188.165.209.148
+exclude-ip 178.33.252.96
+exclude-ip 2001:41d0:2:9c94::1
+exclude-ip 2001:41d0:2:9c94::
+exclude-ip 176.9.151.89
+exclude-ip 2a01:4f8:160:3445::
+exclude-ip 82.255.56.72
+
+no-query-string true
+
+keep-db-files true
+load-from-disk true
+db-path /var/lib/goaccess/connexionswing.com
+
+ignore-panel REFERRERS
+ignore-panel KEYPHRASES
+
+static-file .css
+static-file .js
+static-file .jpg
+static-file .png
+static-file .gif
+static-file .ico
+static-file .jpeg
+static-file .pdf
+static-file .csv
+static-file .mpeg
+static-file .mpg
+static-file .swf
+static-file .woff
+static-file .woff2
+static-file .xls
+static-file .xlsx
+static-file .doc
+static-file .docx
+static-file .ppt
+static-file .pptx
+static-file .txt
+static-file .zip
+static-file .ogg
+static-file .mp3
+static-file .mp4
+static-file .exe
+static-file .iso
+static-file .gz
+static-file .rar
+static-file .svg
+static-file .bmp
+static-file .tar
+static-file .tgz
+static-file .tiff
+static-file .tif
+static-file .ttf
+static-file .flv
+#static-file .less
+#static-file .ac3
+#static-file .avi
+#static-file .bz2
+#static-file .class
+#static-file .cue
+#static-file .dae
+#static-file .dat
+#static-file .dts
+#static-file .ejs
+#static-file .eot
+#static-file .eps
+#static-file .img
+#static-file .jar
+#static-file .map
+#static-file .mid
+#static-file .midi
+#static-file .ogv
+#static-file .webm
+#static-file .mkv
+#static-file .odp
+#static-file .ods
+#static-file .odt
+#static-file .otf
+#static-file .pict
+#static-file .pls
+#static-file .ps
+#static-file .qt
+#static-file .rm
+#static-file .svgz
+#static-file .wav
+#static-file .webp
+
+
diff --git a/virtual/modules/websites/ludivine.nix b/virtual/modules/websites/ludivine/default.nix
index b3c1c51..ed719ba 100644
--- a/virtual/modules/websites/ludivine.nix
+++ b/virtual/modules/websites/ludivine/default.nix
@@ -1,6 +1,6 @@
 { lib, pkgs, config, mylibs, ... }:
 let
-    ludivinecassal = pkgs.callPackage ../../packages/ludivinecassal.nix { inherit (mylibs) checkEnv fetchedGitPrivate; };
+    ludivinecassal = pkgs.callPackage ./ludivinecassal.nix { inherit (mylibs) checkEnv fetchedGitPrivate; };
     ludivinecassal_dev  = ludivinecassal { environment = "dev"; };
     ludivinecassal_prod = ludivinecassal { environment = "prod"; };
 
@@ -21,7 +21,7 @@ in {
       services.myWebsites.commons.stats.sites = [
         {
           name = "ludivinecassal.com";
-          conf = ../../packages/ludivinecassal_goaccess.conf;
+          conf = ./goaccess.conf;
         }
       ];
 
diff --git a/virtual/modules/websites/ludivine/goaccess.conf b/virtual/modules/websites/ludivine/goaccess.conf
new file mode 100644
index 0000000..25e5f63
--- /dev/null
+++ b/virtual/modules/websites/ludivine/goaccess.conf
@@ -0,0 +1,99 @@
+time-format %H:%M:%S
+date-format %d/%b/%Y
+
+#sur immae.eu
+#log-format %v %h %^[%d:%t %^] "%r" %s %b "%R" "%u" $^
+
+log-format VCOMBINED
+#= %v:%^ %h %^[%d:%t %^] "%r" %s %b "%R" "%u"
+
+html-prefs {"theme":"bright","layout":"vertical"}
+
+exclude-ip 188.165.209.148
+exclude-ip 178.33.252.96
+exclude-ip 2001:41d0:2:9c94::1
+exclude-ip 2001:41d0:2:9c94::
+exclude-ip 176.9.151.89
+exclude-ip 2a01:4f8:160:3445::
+exclude-ip 82.255.56.72
+
+no-query-string true
+
+keep-db-files true
+load-from-disk true
+db-path /var/lib/goaccess/ludivinecassal.com
+
+ignore-panel REFERRERS
+ignore-panel KEYPHRASES
+
+static-file .css
+static-file .js
+static-file .jpg
+static-file .png
+static-file .gif
+static-file .ico
+static-file .jpeg
+static-file .pdf
+static-file .csv
+static-file .mpeg
+static-file .mpg
+static-file .swf
+static-file .woff
+static-file .woff2
+static-file .xls
+static-file .xlsx
+static-file .doc
+static-file .docx
+static-file .ppt
+static-file .pptx
+static-file .txt
+static-file .zip
+static-file .ogg
+static-file .mp3
+static-file .mp4
+static-file .exe
+static-file .iso
+static-file .gz
+static-file .rar
+static-file .svg
+static-file .bmp
+static-file .tar
+static-file .tgz
+static-file .tiff
+static-file .tif
+static-file .ttf
+static-file .flv
+#static-file .less
+#static-file .ac3
+#static-file .avi
+#static-file .bz2
+#static-file .class
+#static-file .cue
+#static-file .dae
+#static-file .dat
+#static-file .dts
+#static-file .ejs
+#static-file .eot
+#static-file .eps
+#static-file .img
+#static-file .jar
+#static-file .map
+#static-file .mid
+#static-file .midi
+#static-file .ogv
+#static-file .webm
+#static-file .mkv
+#static-file .odp
+#static-file .ods
+#static-file .odt
+#static-file .otf
+#static-file .pict
+#static-file .pls
+#static-file .ps
+#static-file .qt
+#static-file .rm
+#static-file .svgz
+#static-file .wav
+#static-file .webp
+
+
diff --git a/virtual/modules/websites/ludivine/ludivinecassal.json b/virtual/modules/websites/ludivine/ludivinecassal.json
new file mode 100644
index 0000000..89667c0
--- /dev/null
+++ b/virtual/modules/websites/ludivine/ludivinecassal.json
@@ -0,0 +1,14 @@
+{
+  "tag": "4327b82-master",
+  "meta": {
+    "name": "ludivinecassal",
+    "url": "gitolite@git.immae.eu:perso/Immae/Sites/Ludivine",
+    "branch": "master"
+  },
+  "git": {
+    "url": "gitolite@git.immae.eu:perso/Immae/Sites/Ludivine",
+    "rev": "4327b82ec00cc514bfce5aa7155bcdbcc871c065",
+    "sha256": "1c5hnzvyvj45j61v2v5mh1l405ih74f58isr9dq21428kcfc2gyd",
+    "fetchSubmodules": true
+  }
+}
diff --git a/virtual/modules/websites/ludivine/ludivinecassal.nix b/virtual/modules/websites/ludivine/ludivinecassal.nix
new file mode 100644
index 0000000..ac63735
--- /dev/null
+++ b/virtual/modules/websites/ludivine/ludivinecassal.nix
@@ -0,0 +1,181 @@
+{ lib, checkEnv, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages, ruby, sass, imagemagick }:
+let
+  ludivinecassal = { environment ? "dev" }: rec {
+    varPrefix = "LUDIVINECASSAL";
+    varDir = "/var/lib/ludivinecassal_${environment}";
+    envName= lib.strings.toUpper environment;
+    configRoot =
+      assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD";
+      assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER";
+      assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME";
+      assert checkEnv "NIXOPS_${varPrefix}_${envName}_SECRET";
+      assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_PASSWORD";
+      assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH_DN";
+      assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH_FILTER";
+      writeText "parameters.yml" ''
+        # This file is auto-generated during the composer install
+        parameters:
+            database_host: db-1.immae.eu
+            database_port: null
+            database_name: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME"}
+            database_user: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"}
+            database_password: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"}
+            mailer_transport: smtp
+            mailer_host: mail.immae.eu
+            mailer_user: null
+            mailer_password: null
+            secret: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_SECRET"}
+            ldap_host: ldap.immae.eu
+            ldap_port: 636
+            ldap_version: 3
+            ldap_ssl: true
+            ldap_tls: false
+            ldap_user_bind: 'uid={username},ou=users,dc=immae,dc=eu'
+            ldap_base_dn: 'dc=immae,dc=eu'
+            ldap_search_dn: '${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH_DN"}'
+            ldap_search_password: '${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_PASSWORD"}'
+            ldap_search_filter: '${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH_FILTER"}'
+        leapt_im:
+            binary_path: ${imagemagick}/bin
+        assetic:
+            sass: ${sass}/bin/sass
+            ruby: ${ruby}/bin/ruby
+      '';
+    phpFpm = rec {
+      socket = "/var/run/phpfpm/ludivinecassal-${environment}.sock";
+      pool = ''
+        listen = ${socket}
+        user = ${apache.user}
+        group = ${apache.group}
+        listen.owner = ${apache.user}
+        listen.group = ${apache.group}
+        php_admin_value[upload_max_filesize] = 20M
+        php_admin_value[post_max_size] = 20M
+        ;php_admin_flag[log_errors] = on
+        php_admin_value[open_basedir] = "${configRoot}:${webappDir}:${varDir}:/tmp"
+        php_admin_value[session.save_path] = "${varDir}/phpSessions"
+        ${if environment == "dev" then ''
+        pm = ondemand
+        pm.max_children = 5
+        pm.process_idle_timeout = 60
+        env[SYMFONY_DEBUG_MODE] = "yes"
+        '' else ''
+        pm = dynamic
+        pm.max_children = 20
+        pm.start_servers = 2
+        pm.min_spare_servers = 1
+        pm.max_spare_servers = 3
+        ''}'';
+    };
+    apache = {
+      user = "wwwrun";
+      group = "wwwrun";
+      modules = [ "proxy_fcgi" ];
+      vhostConf = ''
+      <FilesMatch "\.php$">
+        SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+      </FilesMatch>
+
+      ${if environment == "dev" then ''
+      <Location />
+        Use LDAPConnect
+        Require ldap-group   cn=ludivine.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
+        ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://ludivinecassal.com\"></html>"
+      </Location>
+
+      <Directory ${webRoot}>
+        Options Indexes FollowSymLinks MultiViews Includes
+        AllowOverride None
+        Require all granted
+
+        DirectoryIndex app_dev.php
+
+        <IfModule mod_negotiation.c>
+        Options -MultiViews
+        </IfModule>
+
+        <IfModule mod_rewrite.c>
+          RewriteEngine On
+
+          RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
+          RewriteRule ^(.*) - [E=BASE:%1]
+
+          # Maintenance script
+          RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f
+          RewriteCond %{SCRIPT_FILENAME} !maintenance.php
+          RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]
+          ErrorDocument 503 /maintenance.php
+
+          # Sets the HTTP_AUTHORIZATION header removed by Apache
+          RewriteCond %{HTTP:Authorization} .
+          RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+
+          RewriteCond %{ENV:REDIRECT_STATUS} ^$
+          RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
+
+          # If the requested filename exists, simply serve it.
+          # We only want to let Apache serve files and not directories.
+          RewriteCond %{REQUEST_FILENAME} -f
+          RewriteRule ^ - [L]
+
+          # Rewrite all other queries to the front controller.
+          RewriteRule ^ %{ENV:BASE}/app_dev.php [L]
+        </IfModule>
+
+      </Directory>
+      '' else ''
+      Use Stats ludivinecassal.com
+
+      <Directory ${webRoot}>
+        Options Indexes FollowSymLinks MultiViews Includes
+        AllowOverride All
+        Require all granted
+      </Directory>
+      ''}
+      '';
+    };
+    activationScript = {
+      deps = [ "wrappers" ];
+      text = ''
+      install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}
+      install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
+      if [ ! -f "${varDir}/currentWebappDir" -o \
+          "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then
+        pushd ${webappDir} > /dev/null
+        $wrapperDir/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup
+        popd > /dev/null
+        echo -n "${webappDir}" > ${varDir}/currentWebappDir
+      fi
+      '';
+    };
+    webappDir = stdenv.mkDerivation (fetchedGitPrivate ./ludivinecassal.json // rec {
+      # FIXME: can we do better than symlink?
+      # FIXME: initial sync
+      # FIXME: backup
+      # FIXME: miniatures and data need to be in the same dir due to a
+      #        bug in leapt.im (searches for data/../miniatures)
+      buildPhase = ''
+        export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
+        export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
+
+        ln -sf ${configRoot} app/config/parameters.yml
+        sed -i -e "/Incenteev..ParameterHandler..ScriptHandler::buildParameters/d" composer.json
+        ${if environment == "dev" then ''
+          composer install
+        '' else ''
+          SYMFONY_ENV=prod composer install --no-dev
+        ''}
+        rm -rf var
+        ln -sf ../../../../../${varDir} var
+        '';
+      installPhase = ''
+        cp -a . $out
+        '';
+      buildInputs = [
+        php git cacert phpPackages.composer sass
+      ];
+    });
+    webRoot = "${webappDir}/web";
+  };
+in
+  ludivinecassal
diff --git a/virtual/modules/websites/piedsjaloux.nix b/virtual/modules/websites/piedsjaloux/default.nix
index 451ae52..bf74173 100644
--- a/virtual/modules/websites/piedsjaloux.nix
+++ b/virtual/modules/websites/piedsjaloux/default.nix
@@ -1,6 +1,6 @@
 { lib, pkgs, config, mylibs, ... }:
 let
-    piedsjaloux = pkgs.callPackage ../../packages/piedsjaloux.nix { inherit (mylibs) checkEnv fetchedGitPrivate; };
+    piedsjaloux = pkgs.callPackage ./piedsjaloux.nix { inherit (mylibs) checkEnv fetchedGitPrivate; };
     piedsjaloux_dev  = piedsjaloux { environment = "dev"; };
     piedsjaloux_prod = piedsjaloux { environment = "prod"; };
 
@@ -16,7 +16,7 @@ in {
   };
 
   imports = [
-    ./commons/stats.nix
+    ../commons/stats.nix
   ];
 
   config = lib.mkMerge [
@@ -25,7 +25,7 @@ in {
       services.myWebsites.commons.stats.sites = [
         {
           name = "piedsjaloux.fr";
-          conf = ../../packages/piedsjaloux_goaccess.conf;
+          conf = ./goaccess.conf;
         }
       ];
 
diff --git a/virtual/modules/websites/piedsjaloux/goaccess.conf b/virtual/modules/websites/piedsjaloux/goaccess.conf
new file mode 100644
index 0000000..3950f7e
--- /dev/null
+++ b/virtual/modules/websites/piedsjaloux/goaccess.conf
@@ -0,0 +1,99 @@
+time-format %H:%M:%S
+date-format %d/%b/%Y
+
+#sur immae.eu
+#log-format %v %h %^[%d:%t %^] "%r" %s %b "%R" "%u" $^
+
+log-format VCOMBINED
+#= %v:%^ %h %^[%d:%t %^] "%r" %s %b "%R" "%u"
+
+html-prefs {"theme":"bright","layout":"vertical"}
+
+exclude-ip 188.165.209.148
+exclude-ip 178.33.252.96
+exclude-ip 2001:41d0:2:9c94::1
+exclude-ip 2001:41d0:2:9c94::
+exclude-ip 176.9.151.89
+exclude-ip 2a01:4f8:160:3445::
+exclude-ip 82.255.56.72
+
+no-query-string true
+
+keep-db-files true
+load-from-disk true
+db-path /var/lib/goaccess/piedsjaloux.fr
+
+ignore-panel REFERRERS
+ignore-panel KEYPHRASES
+
+static-file .css
+static-file .js
+static-file .jpg
+static-file .png
+static-file .gif
+static-file .ico
+static-file .jpeg
+static-file .pdf
+static-file .csv
+static-file .mpeg
+static-file .mpg
+static-file .swf
+static-file .woff
+static-file .woff2
+static-file .xls
+static-file .xlsx
+static-file .doc
+static-file .docx
+static-file .ppt
+static-file .pptx
+static-file .txt
+static-file .zip
+static-file .ogg
+static-file .mp3
+static-file .mp4
+static-file .exe
+static-file .iso
+static-file .gz
+static-file .rar
+static-file .svg
+static-file .bmp
+static-file .tar
+static-file .tgz
+static-file .tiff
+static-file .tif
+static-file .ttf
+static-file .flv
+#static-file .less
+#static-file .ac3
+#static-file .avi
+#static-file .bz2
+#static-file .class
+#static-file .cue
+#static-file .dae
+#static-file .dat
+#static-file .dts
+#static-file .ejs
+#static-file .eot
+#static-file .eps
+#static-file .img
+#static-file .jar
+#static-file .map
+#static-file .mid
+#static-file .midi
+#static-file .ogv
+#static-file .webm
+#static-file .mkv
+#static-file .odp
+#static-file .ods
+#static-file .odt
+#static-file .otf
+#static-file .pict
+#static-file .pls
+#static-file .ps
+#static-file .qt
+#static-file .rm
+#static-file .svgz
+#static-file .wav
+#static-file .webp
+
+
diff --git a/virtual/modules/websites/piedsjaloux/piedsjaloux.json b/virtual/modules/websites/piedsjaloux/piedsjaloux.json
new file mode 100644
index 0000000..c4aae16
--- /dev/null
+++ b/virtual/modules/websites/piedsjaloux/piedsjaloux.json
@@ -0,0 +1,14 @@
+{
+  "tag": "c7a5593-master",
+  "meta": {
+    "name": "piedsjaloux",
+    "url": "gitolite@git.immae.eu:Pieds_jaloux/NewSite",
+    "branch": "master"
+  },
+  "git": {
+    "url": "gitolite@git.immae.eu:Pieds_jaloux/NewSite",
+    "rev": "c7a5593c37040c6f1f57f8163bc13256aabf6b3e",
+    "sha256": "1zvyd90d6xns6ypnp1p3fgbcl30pqwdv335qagbbjak1cn8jaq4l",
+    "fetchSubmodules": true
+  }
+}
diff --git a/virtual/modules/websites/piedsjaloux/piedsjaloux.nix b/virtual/modules/websites/piedsjaloux/piedsjaloux.nix
new file mode 100644
index 0000000..1c3d8b7
--- /dev/null
+++ b/virtual/modules/websites/piedsjaloux/piedsjaloux.nix
@@ -0,0 +1,171 @@
+{ lib, checkEnv, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages, texlive, imagemagick }:
+let
+  piedsjaloux = { environment ? "dev" }: rec {
+    varPrefix = "PIEDSJALOUX";
+    varDir = "/var/lib/piedsjaloux_${environment}";
+    envName= lib.strings.toUpper environment;
+    configRoot =
+      assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD";
+      assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER";
+      assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME";
+      assert checkEnv "NIXOPS_${varPrefix}_${envName}_SECRET";
+      writeText "parameters.yml" ''
+        # This file is auto-generated during the composer install
+        parameters:
+            database_host: db-1.immae.eu
+            database_port: null
+            database_name: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME"}
+            database_user: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"}
+            database_password: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"}
+            mailer_transport: smtp
+            mailer_host: mail.immae.eu
+            mailer_user: null
+            mailer_password: null
+            secret: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_SECRET"}
+            pdflatex: "${texlive.combine { inherit (texlive) attachfile preprint scheme-small; }}/bin/pdflatex"
+        leapt_im:
+            binary_path: ${imagemagick}/bin
+      '';
+    phpFpm = rec {
+      socket = "/var/run/phpfpm/piedsjaloux-${environment}.sock";
+      pool = ''
+        listen = ${socket}
+        user = ${apache.user}
+        group = ${apache.group}
+        listen.owner = ${apache.user}
+        listen.group = ${apache.group}
+        php_admin_value[upload_max_filesize] = 20M
+        php_admin_value[post_max_size] = 20M
+        ;php_admin_flag[log_errors] = on
+        php_admin_value[open_basedir] = "${configRoot}:${webappDir}:${varDir}:/tmp"
+        php_admin_value[session.save_path] = "${varDir}/phpSessions"
+        ${if environment == "dev" then ''
+        pm = ondemand
+        pm.max_children = 5
+        pm.process_idle_timeout = 60
+        env[SYMFONY_DEBUG_MODE] = "yes"
+        '' else ''
+        pm = dynamic
+        pm.max_children = 20
+        pm.start_servers = 2
+        pm.min_spare_servers = 1
+        pm.max_spare_servers = 3
+        ''}'';
+    };
+    apache = {
+      user = "wwwrun";
+      group = "wwwrun";
+      modules = [ "proxy_fcgi" ];
+      vhostConf = ''
+      <FilesMatch "\.php$">
+        SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+      </FilesMatch>
+
+      ${if environment == "dev" then ''
+      <Location />
+        Use LDAPConnect
+        Require ldap-group   cn=piedsjaloux.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
+        ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://piedsjaloux.fr\"></html>"
+      </Location>
+
+      <Directory ${webRoot}>
+        Options Indexes FollowSymLinks MultiViews Includes
+        AllowOverride None
+        Require all granted
+
+        DirectoryIndex app_dev.php
+
+        <IfModule mod_negotiation.c>
+        Options -MultiViews
+        </IfModule>
+
+        <IfModule mod_rewrite.c>
+          RewriteEngine On
+
+          RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
+          RewriteRule ^(.*) - [E=BASE:%1]
+
+          # Maintenance script
+          RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f
+          RewriteCond %{SCRIPT_FILENAME} !maintenance.php
+          RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]
+          ErrorDocument 503 /maintenance.php
+
+          # Sets the HTTP_AUTHORIZATION header removed by Apache
+          RewriteCond %{HTTP:Authorization} .
+          RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+
+          RewriteCond %{ENV:REDIRECT_STATUS} ^$
+          RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
+
+          # If the requested filename exists, simply serve it.
+          # We only want to let Apache serve files and not directories.
+          RewriteCond %{REQUEST_FILENAME} -f
+          RewriteRule ^ - [L]
+
+          # Rewrite all other queries to the front controller.
+          RewriteRule ^ %{ENV:BASE}/app_dev.php [L]
+        </IfModule>
+
+      </Directory>
+      '' else ''
+      Use Stats piedsjaloux.fr
+
+      <Directory ${webRoot}>
+        Options Indexes FollowSymLinks MultiViews Includes
+        AllowOverride All
+        Require all granted
+      </Directory>
+      ''}
+      '';
+    };
+    activationScript = {
+      deps = [ "wrappers" ];
+      text = ''
+      install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
+        ${varDir}/tmp
+      install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
+      if [ ! -f "${varDir}/currentWebappDir" -o \
+          "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then
+        pushd ${webappDir} > /dev/null
+        $wrapperDir/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup
+        popd > /dev/null
+        echo -n "${webappDir}" > ${varDir}/currentWebappDir
+      fi
+      '';
+    };
+    webappDir = stdenv.mkDerivation (fetchedGitPrivate ./piedsjaloux.json // rec {
+      # FIXME: can we do better than symlink?
+      # FIXME: initial sync
+      # FIXME: backup
+      # FIXME: miniatures and data need to be in the same dir due to a
+      #        bug in leapt.im (searches for data/../miniatures)
+      # FIXME: var/bootstrap.php.cache doesn't get created
+      #        (cannot work with var as a symlink since the file
+      #        references ..)
+      # FIXME: configuration change should not trigger a rebuild
+      buildPhase = ''
+        export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
+        export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
+
+        ln -sf ${configRoot} app/config/parameters.yml
+        sed -i -e "/Incenteev..ParameterHandler..ScriptHandler::buildParameters/d" composer.json
+        ${if environment == "dev" then ''
+          composer install
+        '' else ''
+          SYMFONY_ENV=prod composer install --no-dev
+        ''}
+        rm -rf var
+        ln -sf ../../../../../${varDir} var
+        '';
+      installPhase = ''
+        cp -a . $out
+        '';
+      buildInputs = [
+        php git cacert phpPackages.composer
+      ];
+    });
+    webRoot = "${webappDir}/web";
+  };
+in
+  piedsjaloux