diff options
-rw-r--r-- | nixops/modules/websites/aten/aten.nix | 249 | ||||
-rw-r--r-- | nixops/modules/websites/aten/default.nix | 21 | ||||
-rw-r--r-- | pkgs/default.nix | 7 | ||||
-rw-r--r-- | pkgs/private/default.nix | 8 | ||||
-rw-r--r-- | pkgs/private/webapps/aten/aten.json (renamed from nixops/modules/websites/aten/aten.json) | 0 | ||||
-rw-r--r-- | pkgs/private/webapps/aten/default.nix | 56 | ||||
-rw-r--r-- | pkgs/private/webapps/aten/php-packages.nix (renamed from nixops/modules/websites/aten/php-packages.nix) | 0 | ||||
-rw-r--r-- | pkgs/private/webapps/default.nix | 4 |
8 files changed, 183 insertions, 162 deletions
diff --git a/nixops/modules/websites/aten/aten.nix b/nixops/modules/websites/aten/aten.nix index c35af6f..04876a1 100644 --- a/nixops/modules/websites/aten/aten.nix +++ b/nixops/modules/websites/aten/aten.nix | |||
@@ -1,157 +1,104 @@ | |||
1 | { lib, writeText, fetchedGitPrivate, stdenv, runCommand, composerEnv, fetchurl, fetchgit, jq, python, nodejs, libsass, yarn2nixPackage }: | 1 | { aten, lib, config }: rec { |
2 | let | 2 | app = aten.override { inherit (config) environment; }; |
3 | aten = { config }: rec { | 3 | phpFpm = rec { |
4 | environment = config.environment; | 4 | preStart = '' |
5 | varDir = "/var/lib/aten_${environment}"; | 5 | if [ ! -f "${app.varDir}/currentWebappDir" -o \ |
6 | phpFpm = rec { | 6 | ! -f "${app.varDir}/currentKey" -o \ |
7 | preStart = '' | 7 | "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \ |
8 | if [ ! -f "${varDir}/currentWebappDir" -o \ | 8 | || ! sha512sum -c --status ${app.varDir}/currentKey; then |
9 | ! -f "${varDir}/currentKey" -o \ | 9 | pushd ${app} > /dev/null |
10 | "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ] \ | 10 | /run/wrappers/bin/sudo -u wwwrun APP_ENV=${app.environment} ./bin/console --env=${app.environment} cache:clear --no-warmup |
11 | || ! sha512sum -c --status ${varDir}/currentKey; then | 11 | popd > /dev/null |
12 | pushd ${webappDir} > /dev/null | 12 | echo -n "${app}" > ${app.varDir}/currentWebappDir |
13 | /run/wrappers/bin/sudo -u wwwrun APP_ENV=${environment} ./bin/console --env=${environment} cache:clear --no-warmup | 13 | sha512sum /var/secrets/webapps/${app.environment}-aten > ${app.varDir}/currentKey |
14 | popd > /dev/null | 14 | fi |
15 | echo -n "${webappDir}" > ${varDir}/currentWebappDir | 15 | ''; |
16 | sha512sum /var/secrets/webapps/${environment}-aten > ${varDir}/currentKey | 16 | serviceDeps = [ "postgresql.service" ]; |
17 | fi | 17 | socket = "/var/run/phpfpm/aten-${app.environment}.sock"; |
18 | ''; | 18 | pool = '' |
19 | serviceDeps = [ "postgresql.service" ]; | 19 | listen = ${socket} |
20 | socket = "/var/run/phpfpm/aten-${environment}.sock"; | 20 | user = ${apache.user} |
21 | pool = '' | 21 | group = ${apache.group} |
22 | listen = ${socket} | 22 | listen.owner = ${apache.user} |
23 | user = ${apache.user} | 23 | listen.group = ${apache.group} |
24 | group = ${apache.group} | 24 | php_admin_value[upload_max_filesize] = 20M |
25 | listen.owner = ${apache.user} | 25 | php_admin_value[post_max_size] = 20M |
26 | listen.group = ${apache.group} | 26 | ;php_admin_flag[log_errors] = on |
27 | php_admin_value[upload_max_filesize] = 20M | 27 | php_admin_value[open_basedir] = "${app}:${app.varDir}:/tmp" |
28 | php_admin_value[post_max_size] = 20M | 28 | php_admin_value[session.save_path] = "${app.varDir}/phpSessions" |
29 | ;php_admin_flag[log_errors] = on | 29 | ${if app.environment == "dev" then '' |
30 | php_admin_value[open_basedir] = "${webappDir}:${varDir}:/tmp" | 30 | pm = ondemand |
31 | php_admin_value[session.save_path] = "${varDir}/phpSessions" | 31 | pm.max_children = 5 |
32 | ${if environment == "dev" then '' | 32 | pm.process_idle_timeout = 60 |
33 | pm = ondemand | 33 | env[SYMFONY_DEBUG_MODE] = "yes" |
34 | pm.max_children = 5 | 34 | '' else '' |
35 | pm.process_idle_timeout = 60 | 35 | pm = dynamic |
36 | env[SYMFONY_DEBUG_MODE] = "yes" | 36 | pm.max_children = 20 |
37 | '' else '' | 37 | pm.start_servers = 2 |
38 | pm = dynamic | 38 | pm.min_spare_servers = 1 |
39 | pm.max_children = 20 | 39 | pm.max_spare_servers = 3 |
40 | pm.start_servers = 2 | 40 | ''}''; |
41 | pm.min_spare_servers = 1 | 41 | }; |
42 | pm.max_spare_servers = 3 | 42 | keys = [{ |
43 | ''}''; | 43 | dest = "webapps/${app.environment}-aten"; |
44 | }; | 44 | user = apache.user; |
45 | keys = [{ | 45 | group = apache.group; |
46 | dest = "webapps/${environment}-aten"; | 46 | permissions = "0400"; |
47 | user = apache.user; | 47 | text = '' |
48 | group = apache.group; | 48 | SetEnv APP_ENV "${app.environment}" |
49 | permissions = "0400"; | 49 | SetEnv APP_SECRET "${config.secret}" |
50 | text = '' | 50 | SetEnv DATABASE_URL "${config.psql_url}" |
51 | SetEnv APP_ENV "${environment}" | 51 | ''; |
52 | SetEnv APP_SECRET "${config.secret}" | 52 | }]; |
53 | SetEnv DATABASE_URL "${config.psql_url}" | 53 | apache = rec { |
54 | ''; | 54 | user = "wwwrun"; |
55 | }]; | 55 | group = "wwwrun"; |
56 | apache = rec { | 56 | modules = [ "proxy_fcgi" ]; |
57 | user = "wwwrun"; | 57 | webappName = "aten_${app.environment}"; |
58 | group = "wwwrun"; | 58 | root = "/run/current-system/webapps/${webappName}"; |
59 | modules = [ "proxy_fcgi" ]; | 59 | vhostConf = '' |
60 | webappName = "aten_${environment}"; | 60 | <FilesMatch "\.php$"> |
61 | root = "/run/current-system/webapps/${webappName}"; | 61 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" |
62 | vhostConf = '' | 62 | </FilesMatch> |
63 | <FilesMatch "\.php$"> | ||
64 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | ||
65 | </FilesMatch> | ||
66 | 63 | ||
67 | Include /var/secrets/webapps/${environment}-aten | 64 | Include /var/secrets/webapps/${app.environment}-aten |
68 | 65 | ||
69 | ${if environment == "dev" then '' | 66 | ${if app.environment == "dev" then '' |
70 | <Location /> | 67 | <Location /> |
71 | Use LDAPConnect | 68 | Use LDAPConnect |
72 | Require ldap-group cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu | 69 | Require ldap-group cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu |
73 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>" | 70 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>" |
74 | </Location> | 71 | </Location> |
75 | 72 | ||
76 | <Location /backend> | 73 | <Location /backend> |
77 | Use LDAPConnect | 74 | Use LDAPConnect |
78 | Require ldap-group cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu | 75 | Require ldap-group cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu |
79 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>" | 76 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>" |
80 | </Location> | 77 | </Location> |
81 | '' else '' | 78 | '' else '' |
82 | Use Stats aten.pro | 79 | Use Stats aten.pro |
83 | 80 | ||
84 | <Location /backend> | 81 | <Location /backend> |
85 | Use LDAPConnect | 82 | Use LDAPConnect |
86 | Require ldap-group cn=aten.pro,cn=httpd,ou=services,dc=immae,dc=eu | 83 | Require ldap-group cn=aten.pro,cn=httpd,ou=services,dc=immae,dc=eu |
87 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>" | 84 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>" |
88 | </Location> | 85 | </Location> |
89 | ''} | 86 | ''} |
90 | 87 | ||
91 | <Directory ${root}> | 88 | <Directory ${root}> |
92 | Options Indexes FollowSymLinks MultiViews Includes | 89 | Options Indexes FollowSymLinks MultiViews Includes |
93 | AllowOverride All | 90 | AllowOverride All |
94 | Require all granted | 91 | Require all granted |
95 | DirectoryIndex index.php | 92 | DirectoryIndex index.php |
96 | FallbackResource /index.php | 93 | FallbackResource /index.php |
97 | </Directory> | 94 | </Directory> |
98 | ''; | 95 | ''; |
99 | }; | 96 | }; |
100 | activationScript = { | 97 | activationScript = { |
101 | deps = [ "wrappers" ]; | 98 | deps = [ "wrappers" ]; |
102 | text = '' | 99 | text = '' |
103 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} | 100 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} |
104 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions | 101 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions |
105 | ''; | 102 | ''; |
106 | }; | ||
107 | yarnModules = let | ||
108 | info = fetchedGitPrivate ./aten.json; | ||
109 | packagejson = runCommand "package.json" { buildInputs = [ jq ]; } '' | ||
110 | cat ${info.src}/package.json | jq -r '.version = "v1.0.0"|.name="aten"' > $out | ||
111 | ''; | ||
112 | in | ||
113 | yarn2nixPackage.mkYarnModules rec { | ||
114 | name = "aten-yarn"; | ||
115 | pname = name; | ||
116 | version = "v1.0.0"; | ||
117 | packageJSON = packagejson; | ||
118 | yarnLock = "${info.src}/yarn.lock"; | ||
119 | pkgConfig = { | ||
120 | all = { | ||
121 | buildInputs = [ yarn2nixPackage.src ]; | ||
122 | }; | ||
123 | node-sass = { | ||
124 | buildInputs = [ libsass python ]; | ||
125 | postInstall = let | ||
126 | nodeHeaders = fetchurl { | ||
127 | url = "https://nodejs.org/download/release/v${nodejs.version}/node-v${nodejs.version}-headers.tar.gz"; | ||
128 | sha256 = "16f20ya3ys6w5w6y6l4536f7jrgk4gz46bf71w1r1xxb26a54m32"; | ||
129 | }; | ||
130 | in | ||
131 | '' | ||
132 | node scripts/build.js --tarball=${nodeHeaders} | ||
133 | ''; | ||
134 | }; | ||
135 | }; | ||
136 | }; | ||
137 | webappDir = composerEnv.buildPackage ( | ||
138 | import ./php-packages.nix { inherit composerEnv fetchurl fetchgit; } // | ||
139 | fetchedGitPrivate ./aten.json // | ||
140 | rec { | ||
141 | noDev = (environment == "prod"); | ||
142 | preInstall = '' | ||
143 | export SYMFONY_ENV="${environment}" | ||
144 | export APP_ENV="${environment}" | ||
145 | ''; | ||
146 | postInstall = '' | ||
147 | ln -sf ${yarnModules}/node_modules . | ||
148 | yarn run --offline encore production | ||
149 | rm -rf var/{log,cache} | ||
150 | ln -sf ${varDir}/{log,cache} var/ | ||
151 | ''; | ||
152 | buildInputs = [ yarnModules yarn2nixPackage.yarn ]; | ||
153 | }); | ||
154 | webRoot = "${webappDir}/public"; | ||
155 | }; | 103 | }; |
156 | in | 104 | } |
157 | aten | ||
diff --git a/nixops/modules/websites/aten/default.nix b/nixops/modules/websites/aten/default.nix index fd3f7cc..efd3619 100644 --- a/nixops/modules/websites/aten/default.nix +++ b/nixops/modules/websites/aten/default.nix | |||
@@ -1,14 +1,15 @@ | |||
1 | { lib, pkgs, config, myconfig, mylibs, ... }: | 1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
2 | let | 2 | let |
3 | aten = pkgs.callPackage ./aten.nix { inherit (mylibs) fetchedGitPrivate yarn2nixPackage; }; | 3 | aten_dev = pkgs.callPackage ./aten.nix { |
4 | aten_dev = aten { | 4 | inherit (pkgs.private.webapps) aten; |
5 | config = myconfig.env.websites.aten.integration; | 5 | config = myconfig.env.websites.aten.integration; |
6 | }; | 6 | }; |
7 | aten_prod = aten { | 7 | aten_prod = pkgs.callPackage ./aten.nix { |
8 | config = myconfig.env.websites.aten.production; | 8 | inherit (pkgs.private.webapps) aten; |
9 | }; | 9 | config = myconfig.env.websites.aten.production; |
10 | }; | ||
10 | 11 | ||
11 | cfg = config.services.myWebsites.Aten; | 12 | cfg = config.services.myWebsites.Aten; |
12 | in { | 13 | in { |
13 | options.services.myWebsites.Aten = { | 14 | options.services.myWebsites.Aten = { |
14 | production = { | 15 | production = { |
@@ -37,7 +38,7 @@ in { | |||
37 | system.activationScripts.aten_prod = aten_prod.activationScript; | 38 | system.activationScripts.aten_prod = aten_prod.activationScript; |
38 | system.extraSystemBuilderCmds = '' | 39 | system.extraSystemBuilderCmds = '' |
39 | mkdir -p $out/webapps | 40 | mkdir -p $out/webapps |
40 | ln -s ${aten_prod.webRoot} $out/webapps/${aten_prod.apache.webappName} | 41 | ln -s ${aten_prod.app.webRoot} $out/webapps/${aten_prod.apache.webappName} |
41 | ''; | 42 | ''; |
42 | services.myWebsites.apacheConfig.aten_prod.modules = aten_prod.apache.modules; | 43 | services.myWebsites.apacheConfig.aten_prod.modules = aten_prod.apache.modules; |
43 | services.myWebsites.production.modules = aten_prod.apache.modules; | 44 | services.myWebsites.production.modules = aten_prod.apache.modules; |
@@ -57,7 +58,7 @@ in { | |||
57 | system.activationScripts.aten_dev = aten_dev.activationScript; | 58 | system.activationScripts.aten_dev = aten_dev.activationScript; |
58 | system.extraSystemBuilderCmds = '' | 59 | system.extraSystemBuilderCmds = '' |
59 | mkdir -p $out/webapps | 60 | mkdir -p $out/webapps |
60 | ln -s ${aten_dev.webRoot} $out/webapps/${aten_dev.apache.webappName} | 61 | ln -s ${aten_dev.app.webRoot} $out/webapps/${aten_dev.apache.webappName} |
61 | ''; | 62 | ''; |
62 | services.myWebsites.integration.modules = aten_dev.apache.modules; | 63 | services.myWebsites.integration.modules = aten_dev.apache.modules; |
63 | services.myWebsites.integration.vhostConfs.aten = { | 64 | services.myWebsites.integration.vhostConfs.aten = { |
diff --git a/pkgs/default.nix b/pkgs/default.nix index b97b267..18fc3b3 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix | |||
@@ -1,6 +1,7 @@ | |||
1 | { pkgs }: | 1 | { pkgs }: |
2 | with pkgs; | 2 | with pkgs; |
3 | let mylibs = import ../libs.nix { inherit pkgs; }; | 3 | let |
4 | mylibs = import ../libs.nix { inherit pkgs; }; | ||
4 | in | 5 | in |
5 | rec { | 6 | rec { |
6 | boinctui = callPackage ../pkgs/boinctui {}; | 7 | boinctui = callPackage ../pkgs/boinctui {}; |
@@ -38,4 +39,8 @@ rec { | |||
38 | 39 | ||
39 | composerEnv = callPackage ./composer-env {}; | 40 | composerEnv = callPackage ./composer-env {}; |
40 | webapps = callPackage ./webapps { inherit mylibs composerEnv; }; | 41 | webapps = callPackage ./webapps { inherit mylibs composerEnv; }; |
42 | |||
43 | private = if builtins.pathExists (./. + "/private") | ||
44 | then import ./private { inherit pkgs; } | ||
45 | else { webapps = {}; }; | ||
41 | } | 46 | } |
diff --git a/pkgs/private/default.nix b/pkgs/private/default.nix new file mode 100644 index 0000000..951a23f --- /dev/null +++ b/pkgs/private/default.nix | |||
@@ -0,0 +1,8 @@ | |||
1 | { pkgs }: | ||
2 | with pkgs; | ||
3 | let | ||
4 | mylibs = import ../../libs.nix { inherit pkgs; }; | ||
5 | in | ||
6 | rec { | ||
7 | webapps = callPackage ./webapps { inherit mylibs; inherit (pkgs) composerEnv; }; | ||
8 | } | ||
diff --git a/nixops/modules/websites/aten/aten.json b/pkgs/private/webapps/aten/aten.json index 53569b6..53569b6 100644 --- a/nixops/modules/websites/aten/aten.json +++ b/pkgs/private/webapps/aten/aten.json | |||
diff --git a/pkgs/private/webapps/aten/default.nix b/pkgs/private/webapps/aten/default.nix new file mode 100644 index 0000000..e6ca048 --- /dev/null +++ b/pkgs/private/webapps/aten/default.nix | |||
@@ -0,0 +1,56 @@ | |||
1 | { environment ? "prod" | ||
2 | , varDir ? "/var/lib/aten_${environment}" | ||
3 | , mylibs, composerEnv, fetchgit, runCommand, nodejs, jq, libsass, python, fetchurl }: | ||
4 | let | ||
5 | packagesource = mylibs.fetchedGitPrivate ./aten.json; | ||
6 | packagejson = runCommand "package.json" { buildInputs = [ jq ]; } '' | ||
7 | cat ${packagesource.src}/package.json | jq -r '.version = "v1.0.0"|.name="aten"' > $out | ||
8 | ''; | ||
9 | yarnModules = mylibs.yarn2nixPackage.mkYarnModules rec { | ||
10 | name = "aten-yarn"; | ||
11 | pname = name; | ||
12 | version = "v1.0.0"; | ||
13 | packageJSON = packagejson; | ||
14 | yarnLock = "${packagesource.src}/yarn.lock"; | ||
15 | pkgConfig = { | ||
16 | all = { | ||
17 | buildInputs = [ mylibs.yarn2nixPackage.src ]; | ||
18 | }; | ||
19 | node-sass = { | ||
20 | buildInputs = [ libsass python ]; | ||
21 | postInstall = let | ||
22 | nodeHeaders = fetchurl { | ||
23 | url = "https://nodejs.org/download/release/v${nodejs.version}/node-v${nodejs.version}-headers.tar.gz"; | ||
24 | sha256 = "16f20ya3ys6w5w6y6l4536f7jrgk4gz46bf71w1r1xxb26a54m32"; | ||
25 | }; | ||
26 | in | ||
27 | '' | ||
28 | node scripts/build.js --tarball=${nodeHeaders} | ||
29 | ''; | ||
30 | }; | ||
31 | }; | ||
32 | }; | ||
33 | app = composerEnv.buildPackage ( | ||
34 | import ./php-packages.nix { inherit composerEnv fetchurl fetchgit; } // | ||
35 | packagesource // | ||
36 | rec { | ||
37 | noDev = (environment == "prod"); | ||
38 | preInstall = '' | ||
39 | export SYMFONY_ENV="${environment}" | ||
40 | export APP_ENV="${environment}" | ||
41 | ''; | ||
42 | postInstall = '' | ||
43 | ln -sf ${yarnModules}/node_modules . | ||
44 | yarn run --offline encore production | ||
45 | rm -rf var/{log,cache} | ||
46 | ln -sf ${varDir}/{log,cache} var/ | ||
47 | ''; | ||
48 | buildInputs = [ yarnModules mylibs.yarn2nixPackage.yarn ]; | ||
49 | passthru = { | ||
50 | inherit varDir; | ||
51 | inherit environment; | ||
52 | webRoot = "${app}/public"; | ||
53 | }; | ||
54 | } | ||
55 | ); | ||
56 | in app | ||
diff --git a/nixops/modules/websites/aten/php-packages.nix b/pkgs/private/webapps/aten/php-packages.nix index 8d86587..8d86587 100644 --- a/nixops/modules/websites/aten/php-packages.nix +++ b/pkgs/private/webapps/aten/php-packages.nix | |||
diff --git a/pkgs/private/webapps/default.nix b/pkgs/private/webapps/default.nix new file mode 100644 index 0000000..8c45b89 --- /dev/null +++ b/pkgs/private/webapps/default.nix | |||
@@ -0,0 +1,4 @@ | |||
1 | { callPackage, mylibs, composerEnv, lib }: | ||
2 | rec { | ||
3 | aten = callPackage ./aten {}; | ||
4 | } | ||