aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--nixops/modules/websites/piedsjaloux/default.nix21
-rw-r--r--nixops/modules/websites/piedsjaloux/piedsjaloux.nix284
-rw-r--r--pkgs/private/webapps/default.nix1
-rw-r--r--pkgs/private/webapps/piedsjaloux/default.nix27
-rw-r--r--pkgs/private/webapps/piedsjaloux/php-packages.nix (renamed from nixops/modules/websites/piedsjaloux/php-packages.nix)0
-rw-r--r--pkgs/private/webapps/piedsjaloux/piedsjaloux.json (renamed from nixops/modules/websites/piedsjaloux/piedsjaloux.json)0
6 files changed, 170 insertions, 163 deletions
diff --git a/nixops/modules/websites/piedsjaloux/default.nix b/nixops/modules/websites/piedsjaloux/default.nix
index 9f9697d..2a1271b 100644
--- a/nixops/modules/websites/piedsjaloux/default.nix
+++ b/nixops/modules/websites/piedsjaloux/default.nix
@@ -1,14 +1,15 @@
1{ lib, pkgs, config, myconfig, mylibs, ... }: 1{ lib, pkgs, config, myconfig, mylibs, ... }:
2let 2let
3 piedsjaloux = pkgs.callPackage ./piedsjaloux.nix { inherit (mylibs) fetchedGitPrivate; }; 3 piedsjaloux_dev = pkgs.callPackage ./piedsjaloux.nix {
4 piedsjaloux_dev = piedsjaloux { 4 inherit (pkgs.private.webapps) piedsjaloux;
5 config = myconfig.env.websites.piedsjaloux.integration; 5 config = myconfig.env.websites.piedsjaloux.integration;
6 }; 6 };
7 piedsjaloux_prod = piedsjaloux { 7 piedsjaloux_prod = pkgs.callPackage ./piedsjaloux.nix {
8 config = myconfig.env.websites.piedsjaloux.production; 8 inherit (pkgs.private.webapps) piedsjaloux;
9 }; 9 config = myconfig.env.websites.piedsjaloux.production;
10 };
10 11
11 cfg = config.services.myWebsites.PiedsJaloux; 12 cfg = config.services.myWebsites.PiedsJaloux;
12in { 13in {
13 options.services.myWebsites.PiedsJaloux = { 14 options.services.myWebsites.PiedsJaloux = {
14 production = { 15 production = {
@@ -37,7 +38,7 @@ in {
37 system.activationScripts.piedsjaloux_prod = piedsjaloux_prod.activationScript; 38 system.activationScripts.piedsjaloux_prod = piedsjaloux_prod.activationScript;
38 system.extraSystemBuilderCmds = '' 39 system.extraSystemBuilderCmds = ''
39 mkdir -p $out/webapps 40 mkdir -p $out/webapps
40 ln -s ${piedsjaloux_prod.webRoot} $out/webapps/${piedsjaloux_prod.apache.webappName} 41 ln -s ${piedsjaloux_prod.app.webRoot} $out/webapps/${piedsjaloux_prod.apache.webappName}
41 ''; 42 '';
42 services.myWebsites.production.modules = piedsjaloux_prod.apache.modules; 43 services.myWebsites.production.modules = piedsjaloux_prod.apache.modules;
43 services.myWebsites.production.vhostConfs.piedsjaloux = { 44 services.myWebsites.production.vhostConfs.piedsjaloux = {
@@ -56,7 +57,7 @@ in {
56 system.activationScripts.piedsjaloux_dev = piedsjaloux_dev.activationScript; 57 system.activationScripts.piedsjaloux_dev = piedsjaloux_dev.activationScript;
57 system.extraSystemBuilderCmds = '' 58 system.extraSystemBuilderCmds = ''
58 mkdir -p $out/webapps 59 mkdir -p $out/webapps
59 ln -s ${piedsjaloux_dev.webRoot} $out/webapps/${piedsjaloux_dev.apache.webappName} 60 ln -s ${piedsjaloux_dev.app.webRoot} $out/webapps/${piedsjaloux_dev.apache.webappName}
60 ''; 61 '';
61 services.myWebsites.integration.modules = piedsjaloux_dev.apache.modules; 62 services.myWebsites.integration.modules = piedsjaloux_dev.apache.modules;
62 services.myWebsites.integration.vhostConfs.piedsjaloux = { 63 services.myWebsites.integration.vhostConfs.piedsjaloux = {
diff --git a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix b/nixops/modules/websites/piedsjaloux/piedsjaloux.nix
index 5461e5d..97f8946 100644
--- a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix
+++ b/nixops/modules/websites/piedsjaloux/piedsjaloux.nix
@@ -1,168 +1,146 @@
1{ pkgs, lib, writeText, fetchedGitPrivate, stdenv, composerEnv, fetchurl, fetchgit, texlive, imagemagick }: 1{ piedsjaloux, config, pkgs, lib, texlive, imagemagick }:
2let 2rec {
3 piedsjaloux = { config }: rec { 3 app = piedsjaloux.override { inherit (config) environment; };
4 environment = config.environment; 4 varDir = "/var/lib/piedsjaloux_${app.environment}";
5 varDir = "/var/lib/piedsjaloux_${environment}"; 5 keys = [{
6 keys = [{ 6 dest = "webapps/${app.environment}-piedsjaloux";
7 dest = "webapps/${environment}-piedsjaloux"; 7 user = apache.user;
8 user = apache.user; 8 group = apache.group;
9 group = apache.group; 9 permissions = "0400";
10 permissions = "0400"; 10 text = ''
11 text = '' 11 # This file is auto-generated during the composer install
12 # This file is auto-generated during the composer install 12 parameters:
13 parameters: 13 database_host: ${config.mysql.host}
14 database_host: ${config.mysql.host} 14 database_port: ${config.mysql.port}
15 database_port: ${config.mysql.port} 15 database_name: ${config.mysql.name}
16 database_name: ${config.mysql.name} 16 database_user: ${config.mysql.user}
17 database_user: ${config.mysql.user} 17 database_password: ${config.mysql.password}
18 database_password: ${config.mysql.password} 18 database_server_version: ${pkgs.mariadb.mysqlVersion}
19 database_server_version: ${pkgs.mariadb.mysqlVersion} 19 mailer_transport: smtp
20 mailer_transport: smtp 20 mailer_host: 127.0.0.1
21 mailer_host: 127.0.0.1 21 mailer_user: null
22 mailer_user: null 22 mailer_password: null
23 mailer_password: null 23 secret: ${config.secret}
24 secret: ${config.secret} 24 pdflatex: "${texlive.combine { inherit (texlive) attachfile preprint scheme-small; }}/bin/pdflatex"
25 pdflatex: "${texlive.combine { inherit (texlive) attachfile preprint scheme-small; }}/bin/pdflatex" 25 leapt_im:
26 leapt_im: 26 binary_path: ${imagemagick}/bin
27 binary_path: ${imagemagick}/bin 27 '';
28 }];
29 phpFpm = rec {
30 preStart = ''
31 if [ ! -f "${app.varDir}/currentWebappDir" -o \
32 ! -f "${app.varDir}/currentKey" -o \
33 "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \
34 || ! sha512sum -c --status ${app.varDir}/currentKey; then
35 pushd ${app} > /dev/null
36 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${app.environment} cache:clear --no-warmup
37 popd > /dev/null
38 echo -n "${app}" > ${app.varDir}/currentWebappDir
39 sha512sum /var/secrets/webapps/${app.environment}-piedsjaloux > ${app.varDir}/currentKey
40 fi
28 ''; 41 '';
29 }]; 42 serviceDeps = [ "mysql.service" ];
30 phpFpm = rec { 43 socket = "/var/run/phpfpm/piedsjaloux-${app.environment}.sock";
31 preStart = '' 44 pool = ''
32 if [ ! -f "${varDir}/currentWebappDir" -o \ 45 listen = ${socket}
33 ! -f "${varDir}/currentKey" -o \ 46 user = ${apache.user}
34 "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ] \ 47 group = ${apache.group}
35 || ! sha512sum -c --status ${varDir}/currentKey; then 48 listen.owner = ${apache.user}
36 pushd ${webappDir} > /dev/null 49 listen.group = ${apache.group}
37 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup 50 php_admin_value[upload_max_filesize] = 20M
38 popd > /dev/null 51 php_admin_value[post_max_size] = 20M
39 echo -n "${webappDir}" > ${varDir}/currentWebappDir 52 ;php_admin_flag[log_errors] = on
40 sha512sum /var/secrets/webapps/${environment}-piedsjaloux > ${varDir}/currentKey 53 php_admin_value[open_basedir] = "/var/secrets/webapps/${app.environment}-piedsjaloux:${app}:${app.varDir}:/tmp"
41 fi 54 php_admin_value[session.save_path] = "${app.varDir}/phpSessions"
42 ''; 55 env[PATH] = ${lib.makeBinPath [ pkgs.apg pkgs.unzip ]}
43 serviceDeps = [ "mysql.service" ]; 56 ${if app.environment == "dev" then ''
44 socket = "/var/run/phpfpm/piedsjaloux-${environment}.sock"; 57 pm = ondemand
45 pool = '' 58 pm.max_children = 5
46 listen = ${socket} 59 pm.process_idle_timeout = 60
47 user = ${apache.user} 60 env[SYMFONY_DEBUG_MODE] = "yes"
48 group = ${apache.group} 61 '' else ''
49 listen.owner = ${apache.user} 62 pm = dynamic
50 listen.group = ${apache.group} 63 pm.max_children = 20
51 php_admin_value[upload_max_filesize] = 20M 64 pm.start_servers = 2
52 php_admin_value[post_max_size] = 20M 65 pm.min_spare_servers = 1
53 ;php_admin_flag[log_errors] = on 66 pm.max_spare_servers = 3
54 php_admin_value[open_basedir] = "/var/secrets/webapps/${environment}-piedsjaloux:${webappDir}:${varDir}:/tmp" 67 ''}'';
55 php_admin_value[session.save_path] = "${varDir}/phpSessions" 68 };
56 env[PATH] = ${lib.makeBinPath [ pkgs.apg pkgs.unzip ]} 69 apache = rec {
57 ${if environment == "dev" then '' 70 user = "wwwrun";
58 pm = ondemand 71 group = "wwwrun";
59 pm.max_children = 5 72 modules = [ "proxy_fcgi" ];
60 pm.process_idle_timeout = 60 73 webappName = "piedsjaloux_${app.environment}";
61 env[SYMFONY_DEBUG_MODE] = "yes" 74 root = "/run/current-system/webapps/${webappName}";
62 '' else '' 75 vhostConf = ''
63 pm = dynamic 76 <FilesMatch "\.php$">
64 pm.max_children = 20 77 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
65 pm.start_servers = 2 78 </FilesMatch>
66 pm.min_spare_servers = 1
67 pm.max_spare_servers = 3
68 ''}'';
69 };
70 apache = rec {
71 user = "wwwrun";
72 group = "wwwrun";
73 modules = [ "proxy_fcgi" ];
74 webappName = "piedsjaloux_${environment}";
75 root = "/run/current-system/webapps/${webappName}";
76 vhostConf = ''
77 <FilesMatch "\.php$">
78 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
79 </FilesMatch>
80 79
81 ${if environment == "dev" then '' 80 ${if app.environment == "dev" then ''
82 <Location /> 81 <Location />
83 Use LDAPConnect 82 Use LDAPConnect
84 Require ldap-group cn=piedsjaloux.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu 83 Require ldap-group cn=piedsjaloux.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
85 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://piedsjaloux.fr\"></html>" 84 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://piedsjaloux.fr\"></html>"
86 </Location> 85 </Location>
87 86
88 <Directory ${root}> 87 <Directory ${root}>
89 Options Indexes FollowSymLinks MultiViews Includes 88 Options Indexes FollowSymLinks MultiViews Includes
90 AllowOverride None 89 AllowOverride None
91 Require all granted 90 Require all granted
92 91
93 DirectoryIndex app_dev.php 92 DirectoryIndex app_dev.php
94 93
95 <IfModule mod_negotiation.c> 94 <IfModule mod_negotiation.c>
96 Options -MultiViews 95 Options -MultiViews
97 </IfModule> 96 </IfModule>
98 97
99 <IfModule mod_rewrite.c> 98 <IfModule mod_rewrite.c>
100 RewriteEngine On 99 RewriteEngine On
101 100
102 RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$ 101 RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
103 RewriteRule ^(.*) - [E=BASE:%1] 102 RewriteRule ^(.*) - [E=BASE:%1]
104 103
105 # Maintenance script 104 # Maintenance script
106 RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f 105 RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f
107 RewriteCond %{SCRIPT_FILENAME} !maintenance.php 106 RewriteCond %{SCRIPT_FILENAME} !maintenance.php
108 RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L] 107 RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]
109 ErrorDocument 503 /maintenance.php 108 ErrorDocument 503 /maintenance.php
110 109
111 # Sets the HTTP_AUTHORIZATION header removed by Apache 110 # Sets the HTTP_AUTHORIZATION header removed by Apache
112 RewriteCond %{HTTP:Authorization} . 111 RewriteCond %{HTTP:Authorization} .
113 RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] 112 RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
114 113
115 RewriteCond %{ENV:REDIRECT_STATUS} ^$ 114 RewriteCond %{ENV:REDIRECT_STATUS} ^$
116 RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L] 115 RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
117 116
118 # If the requested filename exists, simply serve it. 117 # If the requested filename exists, simply serve it.
119 # We only want to let Apache serve files and not directories. 118 # We only want to let Apache serve files and not directories.
120 RewriteCond %{REQUEST_FILENAME} -f 119 RewriteCond %{REQUEST_FILENAME} -f
121 RewriteRule ^ - [L] 120 RewriteRule ^ - [L]
122 121
123 # Rewrite all other queries to the front controller. 122 # Rewrite all other queries to the front controller.
124 RewriteRule ^ %{ENV:BASE}/app_dev.php [L] 123 RewriteRule ^ %{ENV:BASE}/app_dev.php [L]
125 </IfModule> 124 </IfModule>
126 125
127 </Directory> 126 </Directory>
128 '' else '' 127 '' else ''
129 Use Stats piedsjaloux.fr 128 Use Stats piedsjaloux.fr
130 129
131 <Directory ${root}> 130 <Directory ${root}>
132 Options Indexes FollowSymLinks MultiViews Includes 131 Options Indexes FollowSymLinks MultiViews Includes
133 AllowOverride All 132 AllowOverride All
134 Require all granted 133 Require all granted
135 </Directory> 134 </Directory>
136 ''} 135 ''}
137 ''; 136 '';
138 }; 137 };
139 activationScript = { 138 activationScript = {
140 deps = [ "wrappers" ]; 139 deps = [ "wrappers" ];
141 text = '' 140 text = ''
142 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ 141 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} \
143 ${varDir}/tmp 142 ${app.varDir}/tmp
144 install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions 143 install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions
145 ''; 144 '';
146 };
147 webappDir = composerEnv.buildPackage (
148 import ./php-packages.nix { inherit composerEnv fetchurl fetchgit; } //
149 fetchedGitPrivate ./piedsjaloux.json //
150 rec {
151 noDev = (environment == "prod");
152 preInstall = ''
153 export SYMFONY_ENV="${environment}"
154 '';
155 # /!\ miniatures and data need to be in the same physical dir due to a
156 # bug in leapt.im (searches for data/../miniatures)
157 postInstall = ''
158 cd $out
159 rm app/config/parameters.yml
160 ln -sf /var/secrets/webapps/${environment}-piedsjaloux app/config/parameters.yml
161 rm -rf var/{logs,cache,data,miniatures,tmp}
162 ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/
163 '';
164 });
165 webRoot = "${webappDir}/web";
166 }; 145 };
167in 146}
168 piedsjaloux
diff --git a/pkgs/private/webapps/default.nix b/pkgs/private/webapps/default.nix
index 582d9d5..9acff98 100644
--- a/pkgs/private/webapps/default.nix
+++ b/pkgs/private/webapps/default.nix
@@ -3,4 +3,5 @@ rec {
3 aten = callPackage ./aten { inherit composerEnv mylibs; }; 3 aten = callPackage ./aten { inherit composerEnv mylibs; };
4 connexionswing = callPackage ./connexionswing { inherit composerEnv mylibs;}; 4 connexionswing = callPackage ./connexionswing { inherit composerEnv mylibs;};
5 ludivinecassal = callPackage ./ludivinecassal { inherit composerEnv mylibs; }; 5 ludivinecassal = callPackage ./ludivinecassal { inherit composerEnv mylibs; };
6 piedsjaloux = callPackage ./piedsjaloux { inherit composerEnv mylibs; };
6} 7}
diff --git a/pkgs/private/webapps/piedsjaloux/default.nix b/pkgs/private/webapps/piedsjaloux/default.nix
new file mode 100644
index 0000000..f5370db
--- /dev/null
+++ b/pkgs/private/webapps/piedsjaloux/default.nix
@@ -0,0 +1,27 @@
1{ environment ? "prod"
2, varDir ? "/var/lib/piedsjaloux_${environment}"
3, composerEnv, fetchurl, fetchgit, mylibs }:
4let
5 app = composerEnv.buildPackage (
6 import ./php-packages.nix { inherit composerEnv fetchurl fetchgit; } //
7 mylibs.fetchedGitPrivate ./piedsjaloux.json //
8 rec {
9 noDev = (environment == "prod");
10 preInstall = ''
11 export SYMFONY_ENV="${environment}"
12 '';
13 # /!\ miniatures and data need to be in the same physical dir due to a
14 # bug in leapt.im (searches for data/../miniatures)
15 postInstall = ''
16 cd $out
17 rm app/config/parameters.yml
18 ln -sf /var/secrets/webapps/${environment}-piedsjaloux app/config/parameters.yml
19 rm -rf var/{logs,cache,data,miniatures,tmp}
20 ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/
21 '';
22 passthru = {
23 inherit varDir environment;
24 webRoot = "${app}/web";
25 };
26 });
27in app
diff --git a/nixops/modules/websites/piedsjaloux/php-packages.nix b/pkgs/private/webapps/piedsjaloux/php-packages.nix
index 49c5bd2..49c5bd2 100644
--- a/nixops/modules/websites/piedsjaloux/php-packages.nix
+++ b/pkgs/private/webapps/piedsjaloux/php-packages.nix
diff --git a/nixops/modules/websites/piedsjaloux/piedsjaloux.json b/pkgs/private/webapps/piedsjaloux/piedsjaloux.json
index a34c7e8..a34c7e8 100644
--- a/nixops/modules/websites/piedsjaloux/piedsjaloux.json
+++ b/pkgs/private/webapps/piedsjaloux/piedsjaloux.json