aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--nixops/modules/websites/aten/aten.nix249
-rw-r--r--nixops/modules/websites/aten/default.nix21
-rw-r--r--pkgs/default.nix7
-rw-r--r--pkgs/private/default.nix8
-rw-r--r--pkgs/private/webapps/aten/aten.json (renamed from nixops/modules/websites/aten/aten.json)0
-rw-r--r--pkgs/private/webapps/aten/default.nix56
-rw-r--r--pkgs/private/webapps/aten/php-packages.nix (renamed from nixops/modules/websites/aten/php-packages.nix)0
-rw-r--r--pkgs/private/webapps/default.nix4
8 files changed, 183 insertions, 162 deletions
diff --git a/nixops/modules/websites/aten/aten.nix b/nixops/modules/websites/aten/aten.nix
index c35af6f..04876a1 100644
--- a/nixops/modules/websites/aten/aten.nix
+++ b/nixops/modules/websites/aten/aten.nix
@@ -1,157 +1,104 @@
1{ lib, writeText, fetchedGitPrivate, stdenv, runCommand, composerEnv, fetchurl, fetchgit, jq, python, nodejs, libsass, yarn2nixPackage }: 1{ aten, lib, config }: rec {
2let 2 app = aten.override { inherit (config) environment; };
3 aten = { config }: rec { 3 phpFpm = rec {
4 environment = config.environment; 4 preStart = ''
5 varDir = "/var/lib/aten_${environment}"; 5 if [ ! -f "${app.varDir}/currentWebappDir" -o \
6 phpFpm = rec { 6 ! -f "${app.varDir}/currentKey" -o \
7 preStart = '' 7 "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \
8 if [ ! -f "${varDir}/currentWebappDir" -o \ 8 || ! sha512sum -c --status ${app.varDir}/currentKey; then
9 ! -f "${varDir}/currentKey" -o \ 9 pushd ${app} > /dev/null
10 "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ] \ 10 /run/wrappers/bin/sudo -u wwwrun APP_ENV=${app.environment} ./bin/console --env=${app.environment} cache:clear --no-warmup
11 || ! sha512sum -c --status ${varDir}/currentKey; then 11 popd > /dev/null
12 pushd ${webappDir} > /dev/null 12 echo -n "${app}" > ${app.varDir}/currentWebappDir
13 /run/wrappers/bin/sudo -u wwwrun APP_ENV=${environment} ./bin/console --env=${environment} cache:clear --no-warmup 13 sha512sum /var/secrets/webapps/${app.environment}-aten > ${app.varDir}/currentKey
14 popd > /dev/null 14 fi
15 echo -n "${webappDir}" > ${varDir}/currentWebappDir 15 '';
16 sha512sum /var/secrets/webapps/${environment}-aten > ${varDir}/currentKey 16 serviceDeps = [ "postgresql.service" ];
17 fi 17 socket = "/var/run/phpfpm/aten-${app.environment}.sock";
18 ''; 18 pool = ''
19 serviceDeps = [ "postgresql.service" ]; 19 listen = ${socket}
20 socket = "/var/run/phpfpm/aten-${environment}.sock"; 20 user = ${apache.user}
21 pool = '' 21 group = ${apache.group}
22 listen = ${socket} 22 listen.owner = ${apache.user}
23 user = ${apache.user} 23 listen.group = ${apache.group}
24 group = ${apache.group} 24 php_admin_value[upload_max_filesize] = 20M
25 listen.owner = ${apache.user} 25 php_admin_value[post_max_size] = 20M
26 listen.group = ${apache.group} 26 ;php_admin_flag[log_errors] = on
27 php_admin_value[upload_max_filesize] = 20M 27 php_admin_value[open_basedir] = "${app}:${app.varDir}:/tmp"
28 php_admin_value[post_max_size] = 20M 28 php_admin_value[session.save_path] = "${app.varDir}/phpSessions"
29 ;php_admin_flag[log_errors] = on 29 ${if app.environment == "dev" then ''
30 php_admin_value[open_basedir] = "${webappDir}:${varDir}:/tmp" 30 pm = ondemand
31 php_admin_value[session.save_path] = "${varDir}/phpSessions" 31 pm.max_children = 5
32 ${if environment == "dev" then '' 32 pm.process_idle_timeout = 60
33 pm = ondemand 33 env[SYMFONY_DEBUG_MODE] = "yes"
34 pm.max_children = 5 34 '' else ''
35 pm.process_idle_timeout = 60 35 pm = dynamic
36 env[SYMFONY_DEBUG_MODE] = "yes" 36 pm.max_children = 20
37 '' else '' 37 pm.start_servers = 2
38 pm = dynamic 38 pm.min_spare_servers = 1
39 pm.max_children = 20 39 pm.max_spare_servers = 3
40 pm.start_servers = 2 40 ''}'';
41 pm.min_spare_servers = 1 41 };
42 pm.max_spare_servers = 3 42 keys = [{
43 ''}''; 43 dest = "webapps/${app.environment}-aten";
44 }; 44 user = apache.user;
45 keys = [{ 45 group = apache.group;
46 dest = "webapps/${environment}-aten"; 46 permissions = "0400";
47 user = apache.user; 47 text = ''
48 group = apache.group; 48 SetEnv APP_ENV "${app.environment}"
49 permissions = "0400"; 49 SetEnv APP_SECRET "${config.secret}"
50 text = '' 50 SetEnv DATABASE_URL "${config.psql_url}"
51 SetEnv APP_ENV "${environment}" 51 '';
52 SetEnv APP_SECRET "${config.secret}" 52 }];
53 SetEnv DATABASE_URL "${config.psql_url}" 53 apache = rec {
54 ''; 54 user = "wwwrun";
55 }]; 55 group = "wwwrun";
56 apache = rec { 56 modules = [ "proxy_fcgi" ];
57 user = "wwwrun"; 57 webappName = "aten_${app.environment}";
58 group = "wwwrun"; 58 root = "/run/current-system/webapps/${webappName}";
59 modules = [ "proxy_fcgi" ]; 59 vhostConf = ''
60 webappName = "aten_${environment}"; 60 <FilesMatch "\.php$">
61 root = "/run/current-system/webapps/${webappName}"; 61 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
62 vhostConf = '' 62 </FilesMatch>
63 <FilesMatch "\.php$">
64 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
65 </FilesMatch>
66 63
67 Include /var/secrets/webapps/${environment}-aten 64 Include /var/secrets/webapps/${app.environment}-aten
68 65
69 ${if environment == "dev" then '' 66 ${if app.environment == "dev" then ''
70 <Location /> 67 <Location />
71 Use LDAPConnect 68 Use LDAPConnect
72 Require ldap-group cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu 69 Require ldap-group cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
73 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>" 70 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
74 </Location> 71 </Location>
75 72
76 <Location /backend> 73 <Location /backend>
77 Use LDAPConnect 74 Use LDAPConnect
78 Require ldap-group cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu 75 Require ldap-group cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
79 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>" 76 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
80 </Location> 77 </Location>
81 '' else '' 78 '' else ''
82 Use Stats aten.pro 79 Use Stats aten.pro
83 80
84 <Location /backend> 81 <Location /backend>
85 Use LDAPConnect 82 Use LDAPConnect
86 Require ldap-group cn=aten.pro,cn=httpd,ou=services,dc=immae,dc=eu 83 Require ldap-group cn=aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
87 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>" 84 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
88 </Location> 85 </Location>
89 ''} 86 ''}
90 87
91 <Directory ${root}> 88 <Directory ${root}>
92 Options Indexes FollowSymLinks MultiViews Includes 89 Options Indexes FollowSymLinks MultiViews Includes
93 AllowOverride All 90 AllowOverride All
94 Require all granted 91 Require all granted
95 DirectoryIndex index.php 92 DirectoryIndex index.php
96 FallbackResource /index.php 93 FallbackResource /index.php
97 </Directory> 94 </Directory>
98 ''; 95 '';
99 }; 96 };
100 activationScript = { 97 activationScript = {
101 deps = [ "wrappers" ]; 98 deps = [ "wrappers" ];
102 text = '' 99 text = ''
103 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} 100 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir}
104 install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions 101 install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions
105 ''; 102 '';
106 };
107 yarnModules = let
108 info = fetchedGitPrivate ./aten.json;
109 packagejson = runCommand "package.json" { buildInputs = [ jq ]; } ''
110 cat ${info.src}/package.json | jq -r '.version = "v1.0.0"|.name="aten"' > $out
111 '';
112 in
113 yarn2nixPackage.mkYarnModules rec {
114 name = "aten-yarn";
115 pname = name;
116 version = "v1.0.0";
117 packageJSON = packagejson;
118 yarnLock = "${info.src}/yarn.lock";
119 pkgConfig = {
120 all = {
121 buildInputs = [ yarn2nixPackage.src ];
122 };
123 node-sass = {
124 buildInputs = [ libsass python ];
125 postInstall = let
126 nodeHeaders = fetchurl {
127 url = "https://nodejs.org/download/release/v${nodejs.version}/node-v${nodejs.version}-headers.tar.gz";
128 sha256 = "16f20ya3ys6w5w6y6l4536f7jrgk4gz46bf71w1r1xxb26a54m32";
129 };
130 in
131 ''
132 node scripts/build.js --tarball=${nodeHeaders}
133 '';
134 };
135 };
136 };
137 webappDir = composerEnv.buildPackage (
138 import ./php-packages.nix { inherit composerEnv fetchurl fetchgit; } //
139 fetchedGitPrivate ./aten.json //
140 rec {
141 noDev = (environment == "prod");
142 preInstall = ''
143 export SYMFONY_ENV="${environment}"
144 export APP_ENV="${environment}"
145 '';
146 postInstall = ''
147 ln -sf ${yarnModules}/node_modules .
148 yarn run --offline encore production
149 rm -rf var/{log,cache}
150 ln -sf ${varDir}/{log,cache} var/
151 '';
152 buildInputs = [ yarnModules yarn2nixPackage.yarn ];
153 });
154 webRoot = "${webappDir}/public";
155 }; 103 };
156in 104}
157 aten
diff --git a/nixops/modules/websites/aten/default.nix b/nixops/modules/websites/aten/default.nix
index fd3f7cc..efd3619 100644
--- a/nixops/modules/websites/aten/default.nix
+++ b/nixops/modules/websites/aten/default.nix
@@ -1,14 +1,15 @@
1{ lib, pkgs, config, myconfig, mylibs, ... }: 1{ lib, pkgs, config, myconfig, mylibs, ... }:
2let 2let
3 aten = pkgs.callPackage ./aten.nix { inherit (mylibs) fetchedGitPrivate yarn2nixPackage; }; 3 aten_dev = pkgs.callPackage ./aten.nix {
4 aten_dev = aten { 4 inherit (pkgs.private.webapps) aten;
5 config = myconfig.env.websites.aten.integration; 5 config = myconfig.env.websites.aten.integration;
6 }; 6 };
7 aten_prod = aten { 7 aten_prod = pkgs.callPackage ./aten.nix {
8 config = myconfig.env.websites.aten.production; 8 inherit (pkgs.private.webapps) aten;
9 }; 9 config = myconfig.env.websites.aten.production;
10 };
10 11
11 cfg = config.services.myWebsites.Aten; 12 cfg = config.services.myWebsites.Aten;
12in { 13in {
13 options.services.myWebsites.Aten = { 14 options.services.myWebsites.Aten = {
14 production = { 15 production = {
@@ -37,7 +38,7 @@ in {
37 system.activationScripts.aten_prod = aten_prod.activationScript; 38 system.activationScripts.aten_prod = aten_prod.activationScript;
38 system.extraSystemBuilderCmds = '' 39 system.extraSystemBuilderCmds = ''
39 mkdir -p $out/webapps 40 mkdir -p $out/webapps
40 ln -s ${aten_prod.webRoot} $out/webapps/${aten_prod.apache.webappName} 41 ln -s ${aten_prod.app.webRoot} $out/webapps/${aten_prod.apache.webappName}
41 ''; 42 '';
42 services.myWebsites.apacheConfig.aten_prod.modules = aten_prod.apache.modules; 43 services.myWebsites.apacheConfig.aten_prod.modules = aten_prod.apache.modules;
43 services.myWebsites.production.modules = aten_prod.apache.modules; 44 services.myWebsites.production.modules = aten_prod.apache.modules;
@@ -57,7 +58,7 @@ in {
57 system.activationScripts.aten_dev = aten_dev.activationScript; 58 system.activationScripts.aten_dev = aten_dev.activationScript;
58 system.extraSystemBuilderCmds = '' 59 system.extraSystemBuilderCmds = ''
59 mkdir -p $out/webapps 60 mkdir -p $out/webapps
60 ln -s ${aten_dev.webRoot} $out/webapps/${aten_dev.apache.webappName} 61 ln -s ${aten_dev.app.webRoot} $out/webapps/${aten_dev.apache.webappName}
61 ''; 62 '';
62 services.myWebsites.integration.modules = aten_dev.apache.modules; 63 services.myWebsites.integration.modules = aten_dev.apache.modules;
63 services.myWebsites.integration.vhostConfs.aten = { 64 services.myWebsites.integration.vhostConfs.aten = {
diff --git a/pkgs/default.nix b/pkgs/default.nix
index b97b267..18fc3b3 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -1,6 +1,7 @@
1{ pkgs }: 1{ pkgs }:
2with pkgs; 2with pkgs;
3let mylibs = import ../libs.nix { inherit pkgs; }; 3let
4 mylibs = import ../libs.nix { inherit pkgs; };
4in 5in
5rec { 6rec {
6 boinctui = callPackage ../pkgs/boinctui {}; 7 boinctui = callPackage ../pkgs/boinctui {};
@@ -38,4 +39,8 @@ rec {
38 39
39 composerEnv = callPackage ./composer-env {}; 40 composerEnv = callPackage ./composer-env {};
40 webapps = callPackage ./webapps { inherit mylibs composerEnv; }; 41 webapps = callPackage ./webapps { inherit mylibs composerEnv; };
42
43 private = if builtins.pathExists (./. + "/private")
44 then import ./private { inherit pkgs; }
45 else { webapps = {}; };
41} 46}
diff --git a/pkgs/private/default.nix b/pkgs/private/default.nix
new file mode 100644
index 0000000..951a23f
--- /dev/null
+++ b/pkgs/private/default.nix
@@ -0,0 +1,8 @@
1{ pkgs }:
2with pkgs;
3let
4 mylibs = import ../../libs.nix { inherit pkgs; };
5in
6rec {
7 webapps = callPackage ./webapps { inherit mylibs; inherit (pkgs) composerEnv; };
8}
diff --git a/nixops/modules/websites/aten/aten.json b/pkgs/private/webapps/aten/aten.json
index 53569b6..53569b6 100644
--- a/nixops/modules/websites/aten/aten.json
+++ b/pkgs/private/webapps/aten/aten.json
diff --git a/pkgs/private/webapps/aten/default.nix b/pkgs/private/webapps/aten/default.nix
new file mode 100644
index 0000000..e6ca048
--- /dev/null
+++ b/pkgs/private/webapps/aten/default.nix
@@ -0,0 +1,56 @@
1{ environment ? "prod"
2, varDir ? "/var/lib/aten_${environment}"
3, mylibs, composerEnv, fetchgit, runCommand, nodejs, jq, libsass, python, fetchurl }:
4let
5 packagesource = mylibs.fetchedGitPrivate ./aten.json;
6 packagejson = runCommand "package.json" { buildInputs = [ jq ]; } ''
7 cat ${packagesource.src}/package.json | jq -r '.version = "v1.0.0"|.name="aten"' > $out
8 '';
9 yarnModules = mylibs.yarn2nixPackage.mkYarnModules rec {
10 name = "aten-yarn";
11 pname = name;
12 version = "v1.0.0";
13 packageJSON = packagejson;
14 yarnLock = "${packagesource.src}/yarn.lock";
15 pkgConfig = {
16 all = {
17 buildInputs = [ mylibs.yarn2nixPackage.src ];
18 };
19 node-sass = {
20 buildInputs = [ libsass python ];
21 postInstall = let
22 nodeHeaders = fetchurl {
23 url = "https://nodejs.org/download/release/v${nodejs.version}/node-v${nodejs.version}-headers.tar.gz";
24 sha256 = "16f20ya3ys6w5w6y6l4536f7jrgk4gz46bf71w1r1xxb26a54m32";
25 };
26 in
27 ''
28 node scripts/build.js --tarball=${nodeHeaders}
29 '';
30 };
31 };
32 };
33 app = composerEnv.buildPackage (
34 import ./php-packages.nix { inherit composerEnv fetchurl fetchgit; } //
35 packagesource //
36 rec {
37 noDev = (environment == "prod");
38 preInstall = ''
39 export SYMFONY_ENV="${environment}"
40 export APP_ENV="${environment}"
41 '';
42 postInstall = ''
43 ln -sf ${yarnModules}/node_modules .
44 yarn run --offline encore production
45 rm -rf var/{log,cache}
46 ln -sf ${varDir}/{log,cache} var/
47 '';
48 buildInputs = [ yarnModules mylibs.yarn2nixPackage.yarn ];
49 passthru = {
50 inherit varDir;
51 inherit environment;
52 webRoot = "${app}/public";
53 };
54 }
55 );
56in app
diff --git a/nixops/modules/websites/aten/php-packages.nix b/pkgs/private/webapps/aten/php-packages.nix
index 8d86587..8d86587 100644
--- a/nixops/modules/websites/aten/php-packages.nix
+++ b/pkgs/private/webapps/aten/php-packages.nix
diff --git a/pkgs/private/webapps/default.nix b/pkgs/private/webapps/default.nix
new file mode 100644
index 0000000..8c45b89
--- /dev/null
+++ b/pkgs/private/webapps/default.nix
@@ -0,0 +1,4 @@
1{ callPackage, mylibs, composerEnv, lib }:
2rec {
3 aten = callPackage ./aten {};
4}