diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-01-05 23:56:11 +0100 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-01-05 23:56:11 +0100 |
commit | e42ba74f008c33d16efead841a62c543cc001390 (patch) | |
tree | 60306e4d5c60a468a05e6e4a7e935f4c70e7b4d6 /virtual/packages | |
parent | c7f50486428f67b91dea675704288134f835674c (diff) | |
download | Nix-e42ba74f008c33d16efead841a62c543cc001390.tar.gz Nix-e42ba74f008c33d16efead841a62c543cc001390.tar.zst Nix-e42ba74f008c33d16efead841a62c543cc001390.zip |
Add ludivinecassal host
Diffstat (limited to 'virtual/packages')
-rw-r--r-- | virtual/packages/connexionswing.nix | 8 | ||||
-rw-r--r-- | virtual/packages/ludivinecassal.nix | 177 | ||||
-rw-r--r-- | virtual/packages/ludivinecassal_master.json | 14 |
3 files changed, 198 insertions, 1 deletions
diff --git a/virtual/packages/connexionswing.nix b/virtual/packages/connexionswing.nix index f178e49..7f7dc16 100644 --- a/virtual/packages/connexionswing.nix +++ b/virtual/packages/connexionswing.nix | |||
@@ -119,7 +119,13 @@ let | |||
119 | </IfModule> | 119 | </IfModule> |
120 | 120 | ||
121 | </Directory> | 121 | </Directory> |
122 | '' else ""} | 122 | '' else '' |
123 | <Directory ${webRoot}> | ||
124 | Options Indexes FollowSymLinks MultiViews Includes | ||
125 | AllowOverride All | ||
126 | Require all granted | ||
127 | </Directory> | ||
128 | ''} | ||
123 | ''; | 129 | ''; |
124 | }; | 130 | }; |
125 | activationScript = { | 131 | activationScript = { |
diff --git a/virtual/packages/ludivinecassal.nix b/virtual/packages/ludivinecassal.nix new file mode 100644 index 0000000..636306a --- /dev/null +++ b/virtual/packages/ludivinecassal.nix | |||
@@ -0,0 +1,177 @@ | |||
1 | { lib, checkEnv, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages, ruby, sass, imagemagick }: | ||
2 | let | ||
3 | ludivinecassal = { environment ? "dev" }: rec { | ||
4 | varPrefix = "LUDIVINECASSAL"; | ||
5 | varDir = "/var/lib/ludivinecassal_${environment}"; | ||
6 | envName= lib.strings.toUpper environment; | ||
7 | configRoot = | ||
8 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"; | ||
9 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"; | ||
10 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME"; | ||
11 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_SECRET"; | ||
12 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_PASSWORD"; | ||
13 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH_DN"; | ||
14 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH_FILTER"; | ||
15 | writeText "parameters.yml" '' | ||
16 | # This file is auto-generated during the composer install | ||
17 | parameters: | ||
18 | database_host: db-1.immae.eu | ||
19 | database_port: null | ||
20 | database_name: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME"} | ||
21 | database_user: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"} | ||
22 | database_password: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"} | ||
23 | mailer_transport: smtp | ||
24 | mailer_host: mail.immae.eu | ||
25 | mailer_user: null | ||
26 | mailer_password: null | ||
27 | secret: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_SECRET"} | ||
28 | ldap_host: ldap.immae.eu | ||
29 | ldap_port: 636 | ||
30 | ldap_version: 3 | ||
31 | ldap_ssl: true | ||
32 | ldap_tls: false | ||
33 | ldap_user_bind: 'uid={username},ou=users,dc=immae,dc=eu' | ||
34 | ldap_base_dn: 'dc=immae,dc=eu' | ||
35 | ldap_search_dn: '${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH_DN"}' | ||
36 | ldap_search_password: '${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_PASSWORD"}' | ||
37 | ldap_search_filter: '${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH_FILTER"}' | ||
38 | leapt_im: | ||
39 | binary_path: ${imagemagick}/bin | ||
40 | assetic: | ||
41 | sass: ${sass}/bin/sass | ||
42 | ruby: ${ruby}/bin/ruby | ||
43 | ''; | ||
44 | phpFpm = rec { | ||
45 | socket = "/var/run/phpfpm/ludivinecassal-${environment}.sock"; | ||
46 | pool = '' | ||
47 | listen = ${socket} | ||
48 | user = ${apache.user} | ||
49 | group = ${apache.group} | ||
50 | listen.owner = ${apache.user} | ||
51 | listen.group = ${apache.group} | ||
52 | php_admin_value[upload_max_filesize] = 20M | ||
53 | php_admin_value[post_max_size] = 20M | ||
54 | ;php_admin_flag[log_errors] = on | ||
55 | php_admin_value[open_basedir] = "${configRoot}:${webappDir}:${varDir}:/tmp" | ||
56 | ${if environment == "dev" then '' | ||
57 | pm = ondemand | ||
58 | pm.max_children = 5 | ||
59 | pm.process_idle_timeout = 60 | ||
60 | env[SYMFONY_DEBUG_MODE] = "yes" | ||
61 | '' else '' | ||
62 | pm = dynamic | ||
63 | pm.max_children = 20 | ||
64 | pm.start_servers = 2 | ||
65 | pm.min_spare_servers = 1 | ||
66 | pm.max_spare_servers = 3 | ||
67 | ''}''; | ||
68 | }; | ||
69 | apache = { | ||
70 | user = "wwwrun"; | ||
71 | group = "wwwrun"; | ||
72 | modules = [ "proxy_fcgi" ]; | ||
73 | vhostConf = '' | ||
74 | <FilesMatch "\.php$"> | ||
75 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | ||
76 | </FilesMatch> | ||
77 | |||
78 | ${if environment == "dev" then '' | ||
79 | <Location /> | ||
80 | Use LDAPConnect | ||
81 | Require ldap-group cn=ludivine.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu | ||
82 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://ludivinecassal.com\"></html>" | ||
83 | </Location> | ||
84 | |||
85 | <Directory ${webRoot}> | ||
86 | Options Indexes FollowSymLinks MultiViews Includes | ||
87 | AllowOverride None | ||
88 | Require all granted | ||
89 | |||
90 | DirectoryIndex app_dev.php | ||
91 | |||
92 | <IfModule mod_negotiation.c> | ||
93 | Options -MultiViews | ||
94 | </IfModule> | ||
95 | |||
96 | <IfModule mod_rewrite.c> | ||
97 | RewriteEngine On | ||
98 | |||
99 | RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$ | ||
100 | RewriteRule ^(.*) - [E=BASE:%1] | ||
101 | |||
102 | # Maintenance script | ||
103 | RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f | ||
104 | RewriteCond %{SCRIPT_FILENAME} !maintenance.php | ||
105 | RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L] | ||
106 | ErrorDocument 503 /maintenance.php | ||
107 | |||
108 | # Sets the HTTP_AUTHORIZATION header removed by Apache | ||
109 | RewriteCond %{HTTP:Authorization} . | ||
110 | RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] | ||
111 | |||
112 | RewriteCond %{ENV:REDIRECT_STATUS} ^$ | ||
113 | RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L] | ||
114 | |||
115 | # If the requested filename exists, simply serve it. | ||
116 | # We only want to let Apache serve files and not directories. | ||
117 | RewriteCond %{REQUEST_FILENAME} -f | ||
118 | RewriteRule ^ - [L] | ||
119 | |||
120 | # Rewrite all other queries to the front controller. | ||
121 | RewriteRule ^ %{ENV:BASE}/app_dev.php [L] | ||
122 | </IfModule> | ||
123 | |||
124 | </Directory> | ||
125 | '' else '' | ||
126 | <Directory ${webRoot}> | ||
127 | Options Indexes FollowSymLinks MultiViews Includes | ||
128 | AllowOverride All | ||
129 | Require all granted | ||
130 | </Directory> | ||
131 | ''} | ||
132 | ''; | ||
133 | }; | ||
134 | activationScript = { | ||
135 | deps = [ "wrappers" ]; | ||
136 | text = '' | ||
137 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} | ||
138 | if [ ! -f "${varDir}/currentWebappDir" -o \ | ||
139 | "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then | ||
140 | pushd ${webappDir} > /dev/null | ||
141 | $wrapperDir/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup | ||
142 | popd > /dev/null | ||
143 | echo -n "${webappDir}" > ${varDir}/currentWebappDir | ||
144 | fi | ||
145 | ''; | ||
146 | }; | ||
147 | webappDir = stdenv.mkDerivation (fetchedGitPrivate ./ludivinecassal_master.json // rec { | ||
148 | # FIXME: can we do better than symlink? | ||
149 | # FIXME: initial sync | ||
150 | # FIXME: backup | ||
151 | # FIXME: miniatures and data need to be in the same dir due to a | ||
152 | # bug in leapt.im (searches for data/../miniatures) | ||
153 | buildPhase = '' | ||
154 | export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt | ||
155 | export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt | ||
156 | |||
157 | ln -sf ${configRoot} app/config/parameters.yml | ||
158 | sed -i -e "/Incenteev..ParameterHandler..ScriptHandler::buildParameters/d" composer.json | ||
159 | ${if environment == "dev" then '' | ||
160 | composer install | ||
161 | '' else '' | ||
162 | SYMFONY_ENV=prod composer install --no-dev | ||
163 | ''} | ||
164 | rm -rf var | ||
165 | ln -sf ../../../../../${varDir} var | ||
166 | ''; | ||
167 | installPhase = '' | ||
168 | cp -a . $out | ||
169 | ''; | ||
170 | buildInputs = [ | ||
171 | php git cacert phpPackages.composer sass | ||
172 | ]; | ||
173 | }); | ||
174 | webRoot = "${webappDir}/web"; | ||
175 | }; | ||
176 | in | ||
177 | ludivinecassal | ||
diff --git a/virtual/packages/ludivinecassal_master.json b/virtual/packages/ludivinecassal_master.json new file mode 100644 index 0000000..403f9b0 --- /dev/null +++ b/virtual/packages/ludivinecassal_master.json | |||
@@ -0,0 +1,14 @@ | |||
1 | { | ||
2 | "tag": "4327b82-master", | ||
3 | "meta": { | ||
4 | "name": "ludivinecassal_master", | ||
5 | "url": "gitolite@git.immae.eu:perso/Immae/Sites/Ludivine", | ||
6 | "branch": "master" | ||
7 | }, | ||
8 | "git": { | ||
9 | "url": "gitolite@git.immae.eu:perso/Immae/Sites/Ludivine", | ||
10 | "rev": "4327b82ec00cc514bfce5aa7155bcdbcc871c065", | ||
11 | "sha256": "1c5hnzvyvj45j61v2v5mh1l405ih74f58isr9dq21428kcfc2gyd", | ||
12 | "fetchSubmodules": true | ||
13 | } | ||
14 | } | ||