6 files changed, 170 insertions, 163 deletions
diff --git a/nixops/modules/websites/piedsjaloux/default.nix b/nixops/modules/websites/piedsjaloux/default.nix
index 9f9697d..2a1271b 100644
--- a/nixops/modules/websites/piedsjaloux/default.nix
+++ b/nixops/modules/websites/piedsjaloux/default.nix
@@ -1,14 +1,15 @@
 { lib, pkgs, config, myconfig, mylibs, ... }:
 let
-    piedsjaloux = pkgs.callPackage ./piedsjaloux.nix { inherit (mylibs) fetchedGitPrivate; };
+  piedsjaloux_dev  = pkgs.callPackage ./piedsjaloux.nix {
-    piedsjaloux_dev  = piedsjaloux {
+    inherit (pkgs.private.webapps) piedsjaloux;
-      config = myconfig.env.websites.piedsjaloux.integration;
+    config = myconfig.env.websites.piedsjaloux.integration;
-    };
+  };
-    piedsjaloux_prod = piedsjaloux {
+  piedsjaloux_prod = pkgs.callPackage ./piedsjaloux.nix {
-      config = myconfig.env.websites.piedsjaloux.production;
+    inherit (pkgs.private.webapps) piedsjaloux;
-    };
+    config = myconfig.env.websites.piedsjaloux.production;
+  };
-    cfg = config.services.myWebsites.PiedsJaloux;
+  cfg = config.services.myWebsites.PiedsJaloux;
 in {
  options.services.myWebsites.PiedsJaloux = {
    production = {
@@ -37,7 +38,7 @@ in {
      system.activationScripts.piedsjaloux_prod = piedsjaloux_prod.activationScript;
      system.extraSystemBuilderCmds = ''
        mkdir -p $out/webapps
-        ln -s ${piedsjaloux_prod.webRoot} $out/webapps/${piedsjaloux_prod.apache.webappName}
+        ln -s ${piedsjaloux_prod.app.webRoot} $out/webapps/${piedsjaloux_prod.apache.webappName}
        '';
      services.myWebsites.production.modules = piedsjaloux_prod.apache.modules;
      services.myWebsites.production.vhostConfs.piedsjaloux = {
@@ -56,7 +57,7 @@ in {
      system.activationScripts.piedsjaloux_dev = piedsjaloux_dev.activationScript;
      system.extraSystemBuilderCmds = ''
        mkdir -p $out/webapps
-        ln -s ${piedsjaloux_dev.webRoot} $out/webapps/${piedsjaloux_dev.apache.webappName}
+        ln -s ${piedsjaloux_dev.app.webRoot} $out/webapps/${piedsjaloux_dev.apache.webappName}
        '';
      services.myWebsites.integration.modules = piedsjaloux_dev.apache.modules;
      services.myWebsites.integration.vhostConfs.piedsjaloux = {
diff --git a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix b/nixops/modules/websites/piedsjaloux/piedsjaloux.nix
index 5461e5d..97f8946 100644
--- a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix
+++ b/nixops/modules/websites/piedsjaloux/piedsjaloux.nix
@@ -1,168 +1,146 @@
-{ pkgs, lib, writeText, fetchedGitPrivate, stdenv, composerEnv, fetchurl, fetchgit, texlive, imagemagick }:
+{ piedsjaloux, config, pkgs, lib, texlive, imagemagick }:
-let
+rec {
-  piedsjaloux = { config }: rec {
+  app = piedsjaloux.override { inherit (config) environment; };
-    environment = config.environment;
+  varDir = "/var/lib/piedsjaloux_${app.environment}";
-    varDir = "/var/lib/piedsjaloux_${environment}";
+  keys = [{
-    keys = [{
+    dest = "webapps/${app.environment}-piedsjaloux";
-      dest = "webapps/${environment}-piedsjaloux";
+    user = apache.user;
-      user = apache.user;
+    group = apache.group;
-      group = apache.group;
+    permissions = "0400";
-      permissions = "0400";
+    text = ''
-      text = ''
+      # This file is auto-generated during the composer install
-        # This file is auto-generated during the composer install
+      parameters:
-        parameters:
+          database_host: ${config.mysql.host}
-            database_host: ${config.mysql.host}
+          database_port: ${config.mysql.port}
-            database_port: ${config.mysql.port}
+          database_name: ${config.mysql.name}
-            database_name: ${config.mysql.name}
+          database_user: ${config.mysql.user}
-            database_user: ${config.mysql.user}
+          database_password: ${config.mysql.password}
-            database_password: ${config.mysql.password}
+          database_server_version: ${pkgs.mariadb.mysqlVersion}
-            database_server_version: ${pkgs.mariadb.mysqlVersion}
+          mailer_transport: smtp
-            mailer_transport: smtp
+          mailer_host: 127.0.0.1
-            mailer_host: 127.0.0.1
+          mailer_user: null
-            mailer_user: null
+          mailer_password: null
-            mailer_password: null
+          secret: ${config.secret}
-            secret: ${config.secret}
+          pdflatex: "${texlive.combine { inherit (texlive) attachfile preprint scheme-small; }}/bin/pdflatex"
-            pdflatex: "${texlive.combine { inherit (texlive) attachfile preprint scheme-small; }}/bin/pdflatex"
+      leapt_im:
-        leapt_im:
+          binary_path: ${imagemagick}/bin
-            binary_path: ${imagemagick}/bin
+    '';
+  }];
+  phpFpm = rec {
+    preStart = ''
+      if [ ! -f "${app.varDir}/currentWebappDir" -o \
+          ! -f "${app.varDir}/currentKey" -o \
+          "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \
+          || ! sha512sum -c --status ${app.varDir}/currentKey; then
+        pushd ${app} > /dev/null
+        /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${app.environment} cache:clear --no-warmup
+        popd > /dev/null
+        echo -n "${app}" > ${app.varDir}/currentWebappDir
+        sha512sum /var/secrets/webapps/${app.environment}-piedsjaloux > ${app.varDir}/currentKey
+      fi
      '';
-    }];
+    serviceDeps = [ "mysql.service" ];
-    phpFpm = rec {
+    socket = "/var/run/phpfpm/piedsjaloux-${app.environment}.sock";
-      preStart = ''
+    pool = ''
-        if [ ! -f "${varDir}/currentWebappDir" -o \
+      listen = ${socket}
-            ! -f "${varDir}/currentKey" -o \
+      user = ${apache.user}
-            "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ] \
+      group = ${apache.group}
-            || ! sha512sum -c --status ${varDir}/currentKey; then
+      listen.owner = ${apache.user}
-          pushd ${webappDir} > /dev/null
+      listen.group = ${apache.group}
-          /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup
+      php_admin_value[upload_max_filesize] = 20M
-          popd > /dev/null
+      php_admin_value[post_max_size] = 20M
-          echo -n "${webappDir}" > ${varDir}/currentWebappDir
+      ;php_admin_flag[log_errors] = on
-          sha512sum /var/secrets/webapps/${environment}-piedsjaloux > ${varDir}/currentKey
+      php_admin_value[open_basedir] = "/var/secrets/webapps/${app.environment}-piedsjaloux:${app}:${app.varDir}:/tmp"
-        fi
+      php_admin_value[session.save_path] = "${app.varDir}/phpSessions"
-        '';
+      env[PATH] = ${lib.makeBinPath [ pkgs.apg pkgs.unzip ]}
-      serviceDeps = [ "mysql.service" ];
+      ${if app.environment == "dev" then ''
-      socket = "/var/run/phpfpm/piedsjaloux-${environment}.sock";
+      pm = ondemand
-      pool = ''
+      pm.max_children = 5
-        listen = ${socket}
+      pm.process_idle_timeout = 60
-        user = ${apache.user}
+      env[SYMFONY_DEBUG_MODE] = "yes"
-        group = ${apache.group}
+      '' else ''
-        listen.owner = ${apache.user}
+      pm = dynamic
-        listen.group = ${apache.group}
+      pm.max_children = 20
-        php_admin_value[upload_max_filesize] = 20M
+      pm.start_servers = 2
-        php_admin_value[post_max_size] = 20M
+      pm.min_spare_servers = 1
-        ;php_admin_flag[log_errors] = on
+      pm.max_spare_servers = 3
-        php_admin_value[open_basedir] = "/var/secrets/webapps/${environment}-piedsjaloux:${webappDir}:${varDir}:/tmp"
+      ''}'';
-        php_admin_value[session.save_path] = "${varDir}/phpSessions"
+  };
-        env[PATH] = ${lib.makeBinPath [ pkgs.apg pkgs.unzip ]}
+  apache = rec {
-        ${if environment == "dev" then ''
+    user = "wwwrun";
-        pm = ondemand
+    group = "wwwrun";
-        pm.max_children = 5
+    modules = [ "proxy_fcgi" ];
-        pm.process_idle_timeout = 60
+    webappName = "piedsjaloux_${app.environment}";
-        env[SYMFONY_DEBUG_MODE] = "yes"
+    root = "/run/current-system/webapps/${webappName}";
-        '' else ''
+    vhostConf = ''
-        pm = dynamic
+    <FilesMatch "\.php$">
-        pm.max_children = 20
+      SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
-        pm.start_servers = 2
+    </FilesMatch>
-        pm.min_spare_servers = 1
-        pm.max_spare_servers = 3
-        ''}'';
-    };
-    apache = rec {
-      user = "wwwrun";
-      group = "wwwrun";
-      modules = [ "proxy_fcgi" ];
-      webappName = "piedsjaloux_${environment}";
-      root = "/run/current-system/webapps/${webappName}";
-      vhostConf = ''
-      <FilesMatch "\.php$">
-        SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
-      </FilesMatch>
-      ${if environment == "dev" then ''
+    ${if app.environment == "dev" then ''
-      <Location />
+    <Location />
-        Use LDAPConnect
+      Use LDAPConnect
-        Require ldap-group   cn=piedsjaloux.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
+      Require ldap-group   cn=piedsjaloux.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
-        ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://piedsjaloux.fr\"></html>"
+      ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://piedsjaloux.fr\"></html>"
-      </Location>
+    </Location>
-      <Directory ${root}>
+    <Directory ${root}>
-        Options Indexes FollowSymLinks MultiViews Includes
+      Options Indexes FollowSymLinks MultiViews Includes
-        AllowOverride None
+      AllowOverride None
-        Require all granted
+      Require all granted
-        DirectoryIndex app_dev.php
+      DirectoryIndex app_dev.php
-        <IfModule mod_negotiation.c>
+      <IfModule mod_negotiation.c>
-        Options -MultiViews
+      Options -MultiViews
-        </IfModule>
+      </IfModule>
-        <IfModule mod_rewrite.c>
+      <IfModule mod_rewrite.c>
-          RewriteEngine On
+        RewriteEngine On
-          RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
+        RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
-          RewriteRule ^(.*) - [E=BASE:%1]
+        RewriteRule ^(.*) - [E=BASE:%1]
-          # Maintenance script
+        # Maintenance script
-          RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f
+        RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f
-          RewriteCond %{SCRIPT_FILENAME} !maintenance.php
+        RewriteCond %{SCRIPT_FILENAME} !maintenance.php
-          RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]
+        RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]
-          ErrorDocument 503 /maintenance.php
+        ErrorDocument 503 /maintenance.php
-          # Sets the HTTP_AUTHORIZATION header removed by Apache
+        # Sets the HTTP_AUTHORIZATION header removed by Apache
-          RewriteCond %{HTTP:Authorization} .
+        RewriteCond %{HTTP:Authorization} .
-          RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+        RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
-          RewriteCond %{ENV:REDIRECT_STATUS} ^$
+        RewriteCond %{ENV:REDIRECT_STATUS} ^$
-          RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
+        RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
-          # If the requested filename exists, simply serve it.
+        # If the requested filename exists, simply serve it.
-          # We only want to let Apache serve files and not directories.
+        # We only want to let Apache serve files and not directories.
-          RewriteCond %{REQUEST_FILENAME} -f
+        RewriteCond %{REQUEST_FILENAME} -f
-          RewriteRule ^ - [L]
+        RewriteRule ^ - [L]
-          # Rewrite all other queries to the front controller.
+        # Rewrite all other queries to the front controller.
-          RewriteRule ^ %{ENV:BASE}/app_dev.php [L]
+        RewriteRule ^ %{ENV:BASE}/app_dev.php [L]
-        </IfModule>
+      </IfModule>
-      </Directory>
+    </Directory>
-      '' else ''
+    '' else ''
-      Use Stats piedsjaloux.fr
+    Use Stats piedsjaloux.fr
-      <Directory ${root}>
+    <Directory ${root}>
-        Options Indexes FollowSymLinks MultiViews Includes
+      Options Indexes FollowSymLinks MultiViews Includes
-        AllowOverride All
+      AllowOverride All
-        Require all granted
+      Require all granted
-      </Directory>
+    </Directory>
-      ''}
+    ''}
-      '';
+    '';
-    };
+  };
-    activationScript = {
+  activationScript = {
-      deps = [ "wrappers" ];
+    deps = [ "wrappers" ];
-      text = ''
+    text = ''
-      install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
+    install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} \
-        ${varDir}/tmp
+      ${app.varDir}/tmp
-      install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
+    install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions
-      '';
+    '';
-    };
-    webappDir = composerEnv.buildPackage (
-      import ./php-packages.nix { inherit composerEnv fetchurl fetchgit; } //
-      fetchedGitPrivate ./piedsjaloux.json //
-      rec {
-        noDev = (environment == "prod");
-        preInstall = ''
-          export SYMFONY_ENV="${environment}"
-          '';
-        # /!\ miniatures and data need to be in the same physical dir due to a
-        #     bug in leapt.im (searches for data/../miniatures)
-        postInstall = ''
-          cd $out
-          rm app/config/parameters.yml
-          ln -sf /var/secrets/webapps/${environment}-piedsjaloux app/config/parameters.yml
-          rm -rf var/{logs,cache,data,miniatures,tmp}
-          ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/
-          '';
-      });
-    webRoot = "${webappDir}/web";
  };
-in
+}
-  piedsjaloux
diff --git a/pkgs/private/webapps/default.nix b/pkgs/private/webapps/default.nix
index 582d9d5..9acff98 100644
--- a/pkgs/private/webapps/default.nix
+++ b/pkgs/private/webapps/default.nix
@@ -3,4 +3,5 @@ rec {
  aten = callPackage ./aten { inherit composerEnv mylibs; };
  connexionswing = callPackage ./connexionswing { inherit composerEnv mylibs;};
  ludivinecassal = callPackage ./ludivinecassal { inherit composerEnv mylibs; };
+  piedsjaloux = callPackage ./piedsjaloux { inherit composerEnv mylibs; };
 }
diff --git a/pkgs/private/webapps/piedsjaloux/default.nix b/pkgs/private/webapps/piedsjaloux/default.nix
new file mode 100644
index 0000000..f5370db
--- /dev/null
+++ b/pkgs/private/webapps/piedsjaloux/default.nix
@@ -0,0 +1,27 @@
+{ environment ? "prod"
+, varDir ? "/var/lib/piedsjaloux_${environment}"
+, composerEnv, fetchurl, fetchgit, mylibs }:
+let
+  app = composerEnv.buildPackage (
+    import ./php-packages.nix { inherit composerEnv fetchurl fetchgit; } //
+    mylibs.fetchedGitPrivate ./piedsjaloux.json //
+    rec {
+      noDev = (environment == "prod");
+      preInstall = ''
+        export SYMFONY_ENV="${environment}"
+        '';
+      # /!\ miniatures and data need to be in the same physical dir due to a
+      #     bug in leapt.im (searches for data/../miniatures)
+      postInstall = ''
+        cd $out
+        rm app/config/parameters.yml
+        ln -sf /var/secrets/webapps/${environment}-piedsjaloux app/config/parameters.yml
+        rm -rf var/{logs,cache,data,miniatures,tmp}
+        ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/
+        '';
+        passthru = {
+          inherit varDir environment;
+          webRoot = "${app}/web";
+      };
+    });
+in app
diff --git a/nixops/modules/websites/piedsjaloux/php-packages.nix b/pkgs/private/webapps/piedsjaloux/php-packages.nix
index 49c5bd2..49c5bd2 100644
--- a/nixops/modules/websites/piedsjaloux/php-packages.nix
+++ b/pkgs/private/webapps/piedsjaloux/php-packages.nix
diff --git a/nixops/modules/websites/piedsjaloux/piedsjaloux.json b/pkgs/private/webapps/piedsjaloux/piedsjaloux.json
index a34c7e8..a34c7e8 100644
--- a/nixops/modules/websites/piedsjaloux/piedsjaloux.json
+++ b/pkgs/private/webapps/piedsjaloux/piedsjaloux.json

diff --git a/nixops/modules/websites/piedsjaloux/default.nix b/nixops/modules/websites/piedsjaloux/default.nix index 9f9697d..2a1271b 100644 --- a/nixops/modules/websites/piedsjaloux/default.nix +++ b/nixops/modules/websites/piedsjaloux/default.nix
@@ -1,14 +1,15 @@
1	{ lib, pkgs, config, myconfig, mylibs, ... }:	1	{ lib, pkgs, config, myconfig, mylibs, ... }:
2	let	2	let
3	piedsjaloux = pkgs.callPackage ./piedsjaloux.nix { inherit (mylibs) fetchedGitPrivate; };	3	piedsjaloux_dev = pkgs.callPackage ./piedsjaloux.nix {
4	piedsjaloux_dev = piedsjaloux {	4	inherit (pkgs.private.webapps) piedsjaloux;
5	config = myconfig.env.websites.piedsjaloux.integration;	5	config = myconfig.env.websites.piedsjaloux.integration;
6	};	6	};
7	piedsjaloux_prod = piedsjaloux {	7	piedsjaloux_prod = pkgs.callPackage ./piedsjaloux.nix {
8	config = myconfig.env.websites.piedsjaloux.production;	8	inherit (pkgs.private.webapps) piedsjaloux;
9	};	9	config = myconfig.env.websites.piedsjaloux.production;
		10	};
10		11
11	cfg = config.services.myWebsites.PiedsJaloux;	12	cfg = config.services.myWebsites.PiedsJaloux;
12	in {	13	in {
13	options.services.myWebsites.PiedsJaloux = {	14	options.services.myWebsites.PiedsJaloux = {
14	production = {	15	production = {
@@ -37,7 +38,7 @@ in {
37	system.activationScripts.piedsjaloux_prod = piedsjaloux_prod.activationScript;	38	system.activationScripts.piedsjaloux_prod = piedsjaloux_prod.activationScript;
38	system.extraSystemBuilderCmds = ''	39	system.extraSystemBuilderCmds = ''
39	mkdir -p $out/webapps	40	mkdir -p $out/webapps
40	ln -s ${piedsjaloux_prod.webRoot} $out/webapps/${piedsjaloux_prod.apache.webappName}	41	ln -s ${piedsjaloux_prod.app.webRoot} $out/webapps/${piedsjaloux_prod.apache.webappName}
41	'';	42	'';
42	services.myWebsites.production.modules = piedsjaloux_prod.apache.modules;	43	services.myWebsites.production.modules = piedsjaloux_prod.apache.modules;
43	services.myWebsites.production.vhostConfs.piedsjaloux = {	44	services.myWebsites.production.vhostConfs.piedsjaloux = {
@@ -56,7 +57,7 @@ in {
56	system.activationScripts.piedsjaloux_dev = piedsjaloux_dev.activationScript;	57	system.activationScripts.piedsjaloux_dev = piedsjaloux_dev.activationScript;
57	system.extraSystemBuilderCmds = ''	58	system.extraSystemBuilderCmds = ''
58	mkdir -p $out/webapps	59	mkdir -p $out/webapps
59	ln -s ${piedsjaloux_dev.webRoot} $out/webapps/${piedsjaloux_dev.apache.webappName}	60	ln -s ${piedsjaloux_dev.app.webRoot} $out/webapps/${piedsjaloux_dev.apache.webappName}
60	'';	61	'';
61	services.myWebsites.integration.modules = piedsjaloux_dev.apache.modules;	62	services.myWebsites.integration.modules = piedsjaloux_dev.apache.modules;
62	services.myWebsites.integration.vhostConfs.piedsjaloux = {	63	services.myWebsites.integration.vhostConfs.piedsjaloux = {


diff --git a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix b/nixops/modules/websites/piedsjaloux/piedsjaloux.nix index 5461e5d..97f8946 100644 --- a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix +++ b/nixops/modules/websites/piedsjaloux/piedsjaloux.nix
@@ -1,168 +1,146 @@
1	{ pkgs, lib, writeText, fetchedGitPrivate, stdenv, composerEnv, fetchurl, fetchgit, texlive, imagemagick }:	1	{ piedsjaloux, config, pkgs, lib, texlive, imagemagick }:
2	let	2	rec {
3	piedsjaloux = { config }: rec {	3	app = piedsjaloux.override { inherit (config) environment; };
4	environment = config.environment;	4	varDir = "/var/lib/piedsjaloux_${app.environment}";
5	varDir = "/var/lib/piedsjaloux_${environment}";	5	keys = [{
6	keys = [{	6	dest = "webapps/${app.environment}-piedsjaloux";
7	dest = "webapps/${environment}-piedsjaloux";	7	user = apache.user;
8	user = apache.user;	8	group = apache.group;
9	group = apache.group;	9	permissions = "0400";
10	permissions = "0400";	10	text = ''
11	text = ''	11	# This file is auto-generated during the composer install
12	# This file is auto-generated during the composer install	12	parameters:
13	parameters:	13	database_host: ${config.mysql.host}
14	database_host: ${config.mysql.host}	14	database_port: ${config.mysql.port}
15	database_port: ${config.mysql.port}	15	database_name: ${config.mysql.name}
16	database_name: ${config.mysql.name}	16	database_user: ${config.mysql.user}
17	database_user: ${config.mysql.user}	17	database_password: ${config.mysql.password}
18	database_password: ${config.mysql.password}	18	database_server_version: ${pkgs.mariadb.mysqlVersion}
19	database_server_version: ${pkgs.mariadb.mysqlVersion}	19	mailer_transport: smtp
20	mailer_transport: smtp	20	mailer_host: 127.0.0.1
21	mailer_host: 127.0.0.1	21	mailer_user: null
22	mailer_user: null	22	mailer_password: null
23	mailer_password: null	23	secret: ${config.secret}
24	secret: ${config.secret}	24	pdflatex: "${texlive.combine { inherit (texlive) attachfile preprint scheme-small; }}/bin/pdflatex"
25	pdflatex: "${texlive.combine { inherit (texlive) attachfile preprint scheme-small; }}/bin/pdflatex"	25	leapt_im:
26	leapt_im:	26	binary_path: ${imagemagick}/bin
27	binary_path: ${imagemagick}/bin	27	'';
		28	}];
		29	phpFpm = rec {
		30	preStart = ''
		31	if [ ! -f "${app.varDir}/currentWebappDir" -o \
		32	! -f "${app.varDir}/currentKey" -o \
		33	"${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \
		34	\|\| ! sha512sum -c --status ${app.varDir}/currentKey; then
		35	pushd ${app} > /dev/null
		36	/run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${app.environment} cache:clear --no-warmup
		37	popd > /dev/null
		38	echo -n "${app}" > ${app.varDir}/currentWebappDir
		39	sha512sum /var/secrets/webapps/${app.environment}-piedsjaloux > ${app.varDir}/currentKey
		40	fi
28	'';	41	'';
29	}];	42	serviceDeps = [ "mysql.service" ];
30	phpFpm = rec {	43	socket = "/var/run/phpfpm/piedsjaloux-${app.environment}.sock";
31	preStart = ''	44	pool = ''
32	if [ ! -f "${varDir}/currentWebappDir" -o \	45	listen = ${socket}
33	! -f "${varDir}/currentKey" -o \	46	user = ${apache.user}
34	"${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ] \	47	group = ${apache.group}
35	\|\| ! sha512sum -c --status ${varDir}/currentKey; then	48	listen.owner = ${apache.user}
36	pushd ${webappDir} > /dev/null	49	listen.group = ${apache.group}
37	/run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup	50	php_admin_value[upload_max_filesize] = 20M
38	popd > /dev/null	51	php_admin_value[post_max_size] = 20M
39	echo -n "${webappDir}" > ${varDir}/currentWebappDir	52	;php_admin_flag[log_errors] = on
40	sha512sum /var/secrets/webapps/${environment}-piedsjaloux > ${varDir}/currentKey	53	php_admin_value[open_basedir] = "/var/secrets/webapps/${app.environment}-piedsjaloux:${app}:${app.varDir}:/tmp"
41	fi	54	php_admin_value[session.save_path] = "${app.varDir}/phpSessions"
42	'';	55	env[PATH] = ${lib.makeBinPath [ pkgs.apg pkgs.unzip ]}
43	serviceDeps = [ "mysql.service" ];	56	${if app.environment == "dev" then ''
44	socket = "/var/run/phpfpm/piedsjaloux-${environment}.sock";	57	pm = ondemand
45	pool = ''	58	pm.max_children = 5
46	listen = ${socket}	59	pm.process_idle_timeout = 60
47	user = ${apache.user}	60	env[SYMFONY_DEBUG_MODE] = "yes"
48	group = ${apache.group}	61	'' else ''
49	listen.owner = ${apache.user}	62	pm = dynamic
50	listen.group = ${apache.group}	63	pm.max_children = 20
51	php_admin_value[upload_max_filesize] = 20M	64	pm.start_servers = 2
52	php_admin_value[post_max_size] = 20M	65	pm.min_spare_servers = 1
53	;php_admin_flag[log_errors] = on	66	pm.max_spare_servers = 3
54	php_admin_value[open_basedir] = "/var/secrets/webapps/${environment}-piedsjaloux:${webappDir}:${varDir}:/tmp"	67	''}'';
55	php_admin_value[session.save_path] = "${varDir}/phpSessions"	68	};
56	env[PATH] = ${lib.makeBinPath [ pkgs.apg pkgs.unzip ]}	69	apache = rec {
57	${if environment == "dev" then ''	70	user = "wwwrun";
58	pm = ondemand	71	group = "wwwrun";
59	pm.max_children = 5	72	modules = [ "proxy_fcgi" ];
60	pm.process_idle_timeout = 60	73	webappName = "piedsjaloux_${app.environment}";
61	env[SYMFONY_DEBUG_MODE] = "yes"	74	root = "/run/current-system/webapps/${webappName}";
62	'' else ''	75	vhostConf = ''
63	pm = dynamic	76	<FilesMatch "\.php$">
64	pm.max_children = 20	77	SetHandler "proxy:unix:${phpFpm.socket}\|fcgi://localhost"
65	pm.start_servers = 2	78	</FilesMatch>
66	pm.min_spare_servers = 1
67	pm.max_spare_servers = 3
68	''}'';
69	};
70	apache = rec {
71	user = "wwwrun";
72	group = "wwwrun";
73	modules = [ "proxy_fcgi" ];
74	webappName = "piedsjaloux_${environment}";
75	root = "/run/current-system/webapps/${webappName}";
76	vhostConf = ''
77	<FilesMatch "\.php$">
78	SetHandler "proxy:unix:${phpFpm.socket}\|fcgi://localhost"
79	</FilesMatch>
80		79
81	${if environment == "dev" then ''	80	${if app.environment == "dev" then ''
82	<Location />	81	<Location />
83	Use LDAPConnect	82	Use LDAPConnect
84	Require ldap-group cn=piedsjaloux.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu	83	Require ldap-group cn=piedsjaloux.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
85	ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://piedsjaloux.fr\"></html>"	84	ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://piedsjaloux.fr\"></html>"
86	</Location>	85	</Location>
87		86
88	<Directory ${root}>	87	<Directory ${root}>
89	Options Indexes FollowSymLinks MultiViews Includes	88	Options Indexes FollowSymLinks MultiViews Includes
90	AllowOverride None	89	AllowOverride None
91	Require all granted	90	Require all granted
92		91
93	DirectoryIndex app_dev.php	92	DirectoryIndex app_dev.php
94		93
95	<IfModule mod_negotiation.c>	94	<IfModule mod_negotiation.c>
96	Options -MultiViews	95	Options -MultiViews
97	</IfModule>	96	</IfModule>
98		97
99	<IfModule mod_rewrite.c>	98	<IfModule mod_rewrite.c>
100	RewriteEngine On	99	RewriteEngine On
101		100
102	RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$	101	RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
103	RewriteRule ^(.*) - [E=BASE:%1]	102	RewriteRule ^(.*) - [E=BASE:%1]
104		103
105	# Maintenance script	104	# Maintenance script
106	RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f	105	RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f
107	RewriteCond %{SCRIPT_FILENAME} !maintenance.php	106	RewriteCond %{SCRIPT_FILENAME} !maintenance.php
108	RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]	107	RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]
109	ErrorDocument 503 /maintenance.php	108	ErrorDocument 503 /maintenance.php
110		109
111	# Sets the HTTP_AUTHORIZATION header removed by Apache	110	# Sets the HTTP_AUTHORIZATION header removed by Apache
112	RewriteCond %{HTTP:Authorization} .	111	RewriteCond %{HTTP:Authorization} .
113	RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]	112	RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
114		113
115	RewriteCond %{ENV:REDIRECT_STATUS} ^$	114	RewriteCond %{ENV:REDIRECT_STATUS} ^$
116	RewriteRule ^app_dev\.php(?:/(.*)\|$) %{ENV:BASE}/$1 [R=301,L]	115	RewriteRule ^app_dev\.php(?:/(.*)\|$) %{ENV:BASE}/$1 [R=301,L]
117		116
118	# If the requested filename exists, simply serve it.	117	# If the requested filename exists, simply serve it.
119	# We only want to let Apache serve files and not directories.	118	# We only want to let Apache serve files and not directories.
120	RewriteCond %{REQUEST_FILENAME} -f	119	RewriteCond %{REQUEST_FILENAME} -f
121	RewriteRule ^ - [L]	120	RewriteRule ^ - [L]
122		121
123	# Rewrite all other queries to the front controller.	122	# Rewrite all other queries to the front controller.
124	RewriteRule ^ %{ENV:BASE}/app_dev.php [L]	123	RewriteRule ^ %{ENV:BASE}/app_dev.php [L]
125	</IfModule>	124	</IfModule>
126		125
127	</Directory>	126	</Directory>
128	'' else ''	127	'' else ''
129	Use Stats piedsjaloux.fr	128	Use Stats piedsjaloux.fr
130		129
131	<Directory ${root}>	130	<Directory ${root}>
132	Options Indexes FollowSymLinks MultiViews Includes	131	Options Indexes FollowSymLinks MultiViews Includes
133	AllowOverride All	132	AllowOverride All
134	Require all granted	133	Require all granted
135	</Directory>	134	</Directory>
136	''}	135	''}
137	'';	136	'';
138	};	137	};
139	activationScript = {	138	activationScript = {
140	deps = [ "wrappers" ];	139	deps = [ "wrappers" ];
141	text = ''	140	text = ''
142	install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \	141	install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} \
143	${varDir}/tmp	142	${app.varDir}/tmp
144	install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions	143	install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions
145	'';	144	'';
146	};
147	webappDir = composerEnv.buildPackage (
148	import ./php-packages.nix { inherit composerEnv fetchurl fetchgit; } //
149	fetchedGitPrivate ./piedsjaloux.json //
150	rec {
151	noDev = (environment == "prod");
152	preInstall = ''
153	export SYMFONY_ENV="${environment}"
154	'';
155	# /!\ miniatures and data need to be in the same physical dir due to a
156	# bug in leapt.im (searches for data/../miniatures)
157	postInstall = ''
158	cd $out
159	rm app/config/parameters.yml
160	ln -sf /var/secrets/webapps/${environment}-piedsjaloux app/config/parameters.yml
161	rm -rf var/{logs,cache,data,miniatures,tmp}
162	ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/
163	'';
164	});
165	webRoot = "${webappDir}/web";
166	};	145	};
167	in	146	}
168	piedsjaloux


diff --git a/pkgs/private/webapps/default.nix b/pkgs/private/webapps/default.nix index 582d9d5..9acff98 100644 --- a/pkgs/private/webapps/default.nix +++ b/pkgs/private/webapps/default.nix
@@ -3,4 +3,5 @@ rec {
3	aten = callPackage ./aten { inherit composerEnv mylibs; };	3	aten = callPackage ./aten { inherit composerEnv mylibs; };
4	connexionswing = callPackage ./connexionswing { inherit composerEnv mylibs;};	4	connexionswing = callPackage ./connexionswing { inherit composerEnv mylibs;};
5	ludivinecassal = callPackage ./ludivinecassal { inherit composerEnv mylibs; };	5	ludivinecassal = callPackage ./ludivinecassal { inherit composerEnv mylibs; };
		6	piedsjaloux = callPackage ./piedsjaloux { inherit composerEnv mylibs; };
6	}	7	}


diff --git a/pkgs/private/webapps/piedsjaloux/default.nix b/pkgs/private/webapps/piedsjaloux/default.nix new file mode 100644 index 0000000..f5370db --- /dev/null +++ b/pkgs/private/webapps/piedsjaloux/default.nix
@@ -0,0 +1,27 @@
		1	{ environment ? "prod"
		2	, varDir ? "/var/lib/piedsjaloux_${environment}"
		3	, composerEnv, fetchurl, fetchgit, mylibs }:
		4	let
		5	app = composerEnv.buildPackage (
		6	import ./php-packages.nix { inherit composerEnv fetchurl fetchgit; } //
		7	mylibs.fetchedGitPrivate ./piedsjaloux.json //
		8	rec {
		9	noDev = (environment == "prod");
		10	preInstall = ''
		11	export SYMFONY_ENV="${environment}"
		12	'';
		13	# /!\ miniatures and data need to be in the same physical dir due to a
		14	# bug in leapt.im (searches for data/../miniatures)
		15	postInstall = ''
		16	cd $out
		17	rm app/config/parameters.yml
		18	ln -sf /var/secrets/webapps/${environment}-piedsjaloux app/config/parameters.yml
		19	rm -rf var/{logs,cache,data,miniatures,tmp}
		20	ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/
		21	'';
		22	passthru = {
		23	inherit varDir environment;
		24	webRoot = "${app}/web";
		25	};
		26	});
		27	in app


diff --git a/nixops/modules/websites/piedsjaloux/php-packages.nix b/pkgs/private/webapps/piedsjaloux/php-packages.nix index 49c5bd2..49c5bd2 100644 --- a/nixops/modules/websites/piedsjaloux/php-packages.nix +++ b/pkgs/private/webapps/piedsjaloux/php-packages.nix


diff --git a/nixops/modules/websites/piedsjaloux/piedsjaloux.json b/pkgs/private/webapps/piedsjaloux/piedsjaloux.json index a34c7e8..a34c7e8 100644 --- a/nixops/modules/websites/piedsjaloux/piedsjaloux.json +++ b/pkgs/private/webapps/piedsjaloux/piedsjaloux.json