diff options
-rw-r--r-- | modules/private/system/eldiron.nix | 5 | ||||
-rw-r--r-- | modules/private/websites/chloe/integration.nix | 27 | ||||
-rw-r--r-- | modules/private/websites/connexionswing/integration.nix | 22 | ||||
-rw-r--r-- | modules/private/websites/florian/app.nix | 18 | ||||
-rw-r--r-- | modules/private/websites/isabelle/aten_integration.nix | 19 | ||||
-rw-r--r-- | modules/private/websites/ludivine/integration.nix | 18 | ||||
-rw-r--r-- | modules/private/websites/piedsjaloux/integration.nix | 20 | ||||
-rw-r--r-- | modules/private/websites/tools/tools/default.nix | 8 |
8 files changed, 55 insertions, 82 deletions
diff --git a/modules/private/system/eldiron.nix b/modules/private/system/eldiron.nix index 5fb9887..39cf86a 100644 --- a/modules/private/system/eldiron.nix +++ b/modules/private/system/eldiron.nix | |||
@@ -166,11 +166,6 @@ | |||
166 | ]; | 166 | ]; |
167 | }; | 167 | }; |
168 | 168 | ||
169 | fileSystems."/var/lib/pub/immae/devtools" = { | ||
170 | device = "/run/current-system/sw/bin/bindfs#/var/lib/ftp/devtools.immae.eu/"; | ||
171 | fsType = "fuse"; | ||
172 | options = [ "force-user=pub" "create-for-user=wwwrun" "create-for-group=wwwrun" ]; | ||
173 | }; | ||
174 | environment.systemPackages = [ pkgs.bindfs ]; | 169 | environment.systemPackages = [ pkgs.bindfs ]; |
175 | 170 | ||
176 | services.zrepl = { | 171 | services.zrepl = { |
diff --git a/modules/private/websites/chloe/integration.nix b/modules/private/websites/chloe/integration.nix index 7ed3852..aedf3a5 100644 --- a/modules/private/websites/chloe/integration.nix +++ b/modules/private/websites/chloe/integration.nix | |||
@@ -3,11 +3,8 @@ let | |||
3 | apacheUser = config.services.httpd.Inte.user; | 3 | apacheUser = config.services.httpd.Inte.user; |
4 | apacheGroup = config.services.httpd.Inte.group; | 4 | apacheGroup = config.services.httpd.Inte.group; |
5 | ccfg = config.myEnv.websites.chloe.integration; | 5 | ccfg = config.myEnv.websites.chloe.integration; |
6 | app = pkgs.callPackage ./app { | 6 | webRoot = "/var/lib/ftp/immae/chloe"; |
7 | inherit (ccfg) environment; | 7 | varDir = "/var/lib/ftp/immae/chloe_var"; |
8 | inherit (pkgs.webapps) spip; | ||
9 | varDir = "/var/lib/chloe_integration"; | ||
10 | }; | ||
11 | cfg = config.myServices.websites.chloe.integration; | 8 | cfg = config.myServices.websites.chloe.integration; |
12 | in { | 9 | in { |
13 | options.myServices.websites.chloe.integration.enable = lib.mkEnableOption "enable Chloe's website in integration"; | 10 | options.myServices.websites.chloe.integration.enable = lib.mkEnableOption "enable Chloe's website in integration"; |
@@ -20,8 +17,8 @@ in { | |||
20 | permissions = "0400"; | 17 | permissions = "0400"; |
21 | text = '' | 18 | text = '' |
22 | SetEnv SPIP_CONFIG_DIR "${./config}" | 19 | SetEnv SPIP_CONFIG_DIR "${./config}" |
23 | SetEnv SPIP_VAR_DIR "${app.varDir}" | 20 | SetEnv SPIP_VAR_DIR "${varDir}" |
24 | SetEnv SPIP_SITE "chloe-${app.environment}" | 21 | SetEnv SPIP_SITE "chloe-dev" |
25 | SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu" | 22 | SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu" |
26 | SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu" | 23 | SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu" |
27 | SetEnv SPIP_LDAP_SEARCH_DN "${ccfg.ldap.dn}" | 24 | SetEnv SPIP_LDAP_SEARCH_DN "${ccfg.ldap.dn}" |
@@ -45,8 +42,8 @@ in { | |||
45 | "php_admin_value[upload_max_filesize]" = "20M"; | 42 | "php_admin_value[upload_max_filesize]" = "20M"; |
46 | "php_admin_value[post_max_size]" = "20M"; | 43 | "php_admin_value[post_max_size]" = "20M"; |
47 | # "php_admin_flag[log_errors]" = "on"; | 44 | # "php_admin_flag[log_errors]" = "on"; |
48 | "php_admin_value[open_basedir]" = "${app.spipConfig}:${./config}:${app}:${app.varDir}:/tmp"; | 45 | "php_admin_value[open_basedir]" = "${../../../../pkgs/webapps/spip/spip_mes_options.php}:${./config}:${webRoot}:${varDir}:/tmp"; |
49 | "php_admin_value[session.save_path]" = "${app.varDir}/phpSessions"; | 46 | "php_admin_value[session.save_path]" = "${varDir}/phpSessions"; |
50 | "pm" = "ondemand"; | 47 | "pm" = "ondemand"; |
51 | "pm.max_children" = "5"; | 48 | "pm.max_children" = "5"; |
52 | "pm.process_idle_timeout" = "60"; | 49 | "pm.process_idle_timeout" = "60"; |
@@ -56,8 +53,8 @@ in { | |||
56 | system.activationScripts.chloe_integration = { | 53 | system.activationScripts.chloe_integration = { |
57 | deps = [ "wrappers" ]; | 54 | deps = [ "wrappers" ]; |
58 | text = '' | 55 | text = '' |
59 | install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local | 56 | install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${varDir} ${varDir}/IMG ${varDir}/tmp ${varDir}/local |
60 | install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions | 57 | install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${varDir}/phpSessions |
61 | ''; | 58 | ''; |
62 | }; | 59 | }; |
63 | services.websites.env.integration.modules = [ "proxy_fcgi" ]; | 60 | services.websites.env.integration.modules = [ "proxy_fcgi" ]; |
@@ -65,7 +62,7 @@ in { | |||
65 | certName = "integration"; | 62 | certName = "integration"; |
66 | addToCerts = true; | 63 | addToCerts = true; |
67 | hosts = ["chloe.immae.eu" ]; | 64 | hosts = ["chloe.immae.eu" ]; |
68 | root = app.webRoot; | 65 | root = webRoot; |
69 | extraConfig = [ | 66 | extraConfig = [ |
70 | '' | 67 | '' |
71 | Include ${config.secrets.fullPaths."websites/chloe/integration"} | 68 | Include ${config.secrets.fullPaths."websites/chloe/integration"} |
@@ -76,16 +73,16 @@ in { | |||
76 | SetHandler "proxy:unix:${config.services.phpfpm.pools.chloe_integration.socket}|fcgi://localhost" | 73 | SetHandler "proxy:unix:${config.services.phpfpm.pools.chloe_integration.socket}|fcgi://localhost" |
77 | </FilesMatch> | 74 | </FilesMatch> |
78 | 75 | ||
79 | <Directory ${app.webRoot}> | 76 | <Directory ${webRoot}> |
80 | DirectoryIndex index.php index.htm index.html | 77 | DirectoryIndex index.php index.htm index.html |
81 | Options -Indexes +FollowSymLinks +MultiViews +Includes | 78 | Options -Indexes +FollowSymLinks +MultiViews +Includes |
82 | Include ${app.webRoot}/htaccess.txt | 79 | Include ${webRoot}/htaccess.txt |
83 | 80 | ||
84 | AllowOverride AuthConfig FileInfo Limit | 81 | AllowOverride AuthConfig FileInfo Limit |
85 | Require all granted | 82 | Require all granted |
86 | </Directory> | 83 | </Directory> |
87 | 84 | ||
88 | <DirectoryMatch "${app.webRoot}/squelettes"> | 85 | <DirectoryMatch "${webRoot}/squelettes"> |
89 | Require all denied | 86 | Require all denied |
90 | </DirectoryMatch> | 87 | </DirectoryMatch> |
91 | 88 | ||
diff --git a/modules/private/websites/connexionswing/integration.nix b/modules/private/websites/connexionswing/integration.nix index 93cda00..fe0e4d9 100644 --- a/modules/private/websites/connexionswing/integration.nix +++ b/modules/private/websites/connexionswing/integration.nix | |||
@@ -1,12 +1,8 @@ | |||
1 | { lib, pkgs, config, ... }: | 1 | { lib, pkgs, config, ... }: |
2 | let | 2 | let |
3 | secrets = config.myEnv.websites.connexionswing.integration; | 3 | secrets = config.myEnv.websites.connexionswing.integration; |
4 | app = pkgs.callPackage ./app { | 4 | webRoot = "/var/lib/ftp/immae/connexionswing/web"; |
5 | composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; | 5 | varDir = "/var/lib/ftp/immae/connexionswing_var"; |
6 | environment = secrets.environment; | ||
7 | varDir = "/var/lib/connexionswing_integration"; | ||
8 | secretsPath = config.secrets.fullPaths."websites/connexionswing/integration"; | ||
9 | }; | ||
10 | cfg = config.myServices.websites.connexionswing.integration; | 6 | cfg = config.myServices.websites.connexionswing.integration; |
11 | pcfg = config.services.phpApplication; | 7 | pcfg = config.services.phpApplication; |
12 | in { | 8 | in { |
@@ -18,16 +14,16 @@ in { | |||
18 | websiteEnv = "integration"; | 14 | websiteEnv = "integration"; |
19 | httpdUser = config.services.httpd.Inte.user; | 15 | httpdUser = config.services.httpd.Inte.user; |
20 | httpdGroup = config.services.httpd.Inte.group; | 16 | httpdGroup = config.services.httpd.Inte.group; |
21 | inherit (app) webRoot varDir; | 17 | inherit webRoot varDir; |
22 | varDirPaths = { | 18 | varDirPaths = { |
23 | "medias" = "0700"; | 19 | "medias" = "0700"; |
24 | "uploads" = "0700"; | 20 | "uploads" = "0700"; |
25 | "var" = "0700"; | 21 | "var" = "0700"; |
26 | }; | 22 | }; |
27 | inherit app; | 23 | app = "/var/lib/ftp/immae/connexionswing"; |
28 | serviceDeps = [ "mysql.service" ]; | 24 | serviceDeps = [ "mysql.service" ]; |
29 | preStartActions = [ | 25 | preStartActions = [ |
30 | "./bin/console --env=${app.environment} cache:clear --no-warmup" | 26 | "./bin/console --env=dev cache:clear --no-warmup" |
31 | ]; | 27 | ]; |
32 | phpOpenbasedir = [ "/tmp" "/run/wrappers/bin/sendmail" ]; | 28 | phpOpenbasedir = [ "/tmp" "/run/wrappers/bin/sendmail" ]; |
33 | phpPool = { | 29 | phpPool = { |
@@ -74,20 +70,20 @@ in { | |||
74 | certName = "integration"; | 70 | certName = "integration"; |
75 | addToCerts = true; | 71 | addToCerts = true; |
76 | hosts = ["connexionswing.immae.eu" "sandetludo.immae.eu" ]; | 72 | hosts = ["connexionswing.immae.eu" "sandetludo.immae.eu" ]; |
77 | root = app.webRoot; | 73 | root = webRoot; |
78 | extraConfig = [ | 74 | extraConfig = [ |
79 | '' | 75 | '' |
80 | <FilesMatch "\.php$"> | 76 | <FilesMatch "\.php$"> |
81 | SetHandler "proxy:unix:${pcfg.phpListenPaths.connexionswing_integration}|fcgi://localhost" | 77 | SetHandler "proxy:unix:${pcfg.phpListenPaths.connexionswing_integration}|fcgi://localhost" |
82 | </FilesMatch> | 78 | </FilesMatch> |
83 | 79 | ||
84 | <Directory ${app.varDir}/medias> | 80 | <Directory ${varDir}/medias> |
85 | Options FollowSymLinks | 81 | Options FollowSymLinks |
86 | AllowOverride None | 82 | AllowOverride None |
87 | Require all granted | 83 | Require all granted |
88 | </Directory> | 84 | </Directory> |
89 | 85 | ||
90 | <Directory ${app.varDir}/uploads> | 86 | <Directory ${varDir}/uploads> |
91 | Options FollowSymLinks | 87 | Options FollowSymLinks |
92 | AllowOverride None | 88 | AllowOverride None |
93 | Require all granted | 89 | Require all granted |
@@ -99,7 +95,7 @@ in { | |||
99 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://connexionswing.com\"></html>" | 95 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://connexionswing.com\"></html>" |
100 | </Location> | 96 | </Location> |
101 | 97 | ||
102 | <Directory ${app.webRoot}> | 98 | <Directory ${webRoot}> |
103 | Options Indexes FollowSymLinks MultiViews Includes | 99 | Options Indexes FollowSymLinks MultiViews Includes |
104 | AllowOverride None | 100 | AllowOverride None |
105 | Require all granted | 101 | Require all granted |
diff --git a/modules/private/websites/florian/app.nix b/modules/private/websites/florian/app.nix index 5e6255c..27810a5 100644 --- a/modules/private/websites/florian/app.nix +++ b/modules/private/websites/florian/app.nix | |||
@@ -2,12 +2,7 @@ | |||
2 | let | 2 | let |
3 | adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; }; | 3 | adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; }; |
4 | secrets = config.myEnv.websites.tellesflorian.integration; | 4 | secrets = config.myEnv.websites.tellesflorian.integration; |
5 | app = pkgs.callPackage ./app { | 5 | webRoot = "/var/lib/ftp/immae/florian/web"; |
6 | composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; | ||
7 | environment = secrets.environment; | ||
8 | varDir = "/var/lib/florian_app"; | ||
9 | secretsPath = config.secrets.fullPaths."websites/florian/app"; | ||
10 | }; | ||
11 | cfg = config.myServices.websites.florian.app; | 6 | cfg = config.myServices.websites.florian.app; |
12 | pcfg = config.services.phpApplication; | 7 | pcfg = config.services.phpApplication; |
13 | in { | 8 | in { |
@@ -19,14 +14,15 @@ in { | |||
19 | websiteEnv = "integration"; | 14 | websiteEnv = "integration"; |
20 | httpdUser = config.services.httpd.Inte.user; | 15 | httpdUser = config.services.httpd.Inte.user; |
21 | httpdGroup = config.services.httpd.Inte.group; | 16 | httpdGroup = config.services.httpd.Inte.group; |
22 | inherit (app) webRoot varDir; | 17 | inherit webRoot; |
18 | varDir = "/var/lib/ftp/immae/florian_var"; | ||
23 | varDirPaths = { | 19 | varDirPaths = { |
24 | "var" = "0700"; | 20 | "var" = "0700"; |
25 | }; | 21 | }; |
26 | inherit app; | 22 | app = "/var/lib/ftp/immae/florian"; |
27 | serviceDeps = [ "mysql.service" ]; | 23 | serviceDeps = [ "mysql.service" ]; |
28 | preStartActions = [ | 24 | preStartActions = [ |
29 | "./bin/console --env=${app.environment} cache:clear --no-warmup" | 25 | "./bin/console --env=dev cache:clear --no-warmup" |
30 | ]; | 26 | ]; |
31 | phpOpenbasedir = [ "/tmp" ]; | 27 | phpOpenbasedir = [ "/tmp" ]; |
32 | phpPool = { | 28 | phpPool = { |
@@ -81,7 +77,7 @@ in { | |||
81 | certName = "integration"; | 77 | certName = "integration"; |
82 | addToCerts = true; | 78 | addToCerts = true; |
83 | hosts = [ "app.tellesflorian.com" ]; | 79 | hosts = [ "app.tellesflorian.com" ]; |
84 | root = app.webRoot; | 80 | root = webRoot; |
85 | extraConfig = [ | 81 | extraConfig = [ |
86 | '' | 82 | '' |
87 | <FilesMatch "\.php$"> | 83 | <FilesMatch "\.php$"> |
@@ -99,7 +95,7 @@ in { | |||
99 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://tellesflorian.com\"></html>" | 95 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://tellesflorian.com\"></html>" |
100 | </Location> | 96 | </Location> |
101 | 97 | ||
102 | <Directory ${app.webRoot}> | 98 | <Directory ${webRoot}> |
103 | Options Indexes FollowSymLinks MultiViews Includes | 99 | Options Indexes FollowSymLinks MultiViews Includes |
104 | AllowOverride None | 100 | AllowOverride None |
105 | Require all granted | 101 | Require all granted |
diff --git a/modules/private/websites/isabelle/aten_integration.nix b/modules/private/websites/isabelle/aten_integration.nix index 7e0aaf7..288f20d 100644 --- a/modules/private/websites/isabelle/aten_integration.nix +++ b/modules/private/websites/isabelle/aten_integration.nix | |||
@@ -1,11 +1,7 @@ | |||
1 | { lib, pkgs, config, ... }: | 1 | { lib, pkgs, config, ... }: |
2 | let | 2 | let |
3 | secrets = config.myEnv.websites.isabelle.aten_integration; | 3 | secrets = config.myEnv.websites.isabelle.aten_integration; |
4 | app = pkgs.callPackage ./aten_app { | 4 | webRoot = "/var/lib/ftp/immae/aten/public"; |
5 | composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; | ||
6 | environment = secrets.environment; | ||
7 | varDir = "/var/lib/isabelle_aten_integration"; | ||
8 | }; | ||
9 | cfg = config.myServices.websites.isabelle.aten_integration; | 5 | cfg = config.myServices.websites.isabelle.aten_integration; |
10 | pcfg = config.services.phpApplication; | 6 | pcfg = config.services.phpApplication; |
11 | in { | 7 | in { |
@@ -20,11 +16,12 @@ in { | |||
20 | httpdWatchFiles = [ | 16 | httpdWatchFiles = [ |
21 | config.secrets.fullPaths."websites/isabelle/aten_integration" | 17 | config.secrets.fullPaths."websites/isabelle/aten_integration" |
22 | ]; | 18 | ]; |
23 | inherit (app) webRoot varDir; | 19 | inherit webRoot; |
24 | inherit app; | 20 | varDir = "/var/lib/ftp/immae/aten_var"; |
21 | app = "/var/lib/ftp/immae/aten"; | ||
25 | serviceDeps = [ "postgresql.service" ]; | 22 | serviceDeps = [ "postgresql.service" ]; |
26 | preStartActions = [ | 23 | preStartActions = [ |
27 | "APP_ENV=${app.environment} ./bin/console --env=${app.environment} cache:clear --no-warmup" | 24 | "APP_ENV=dev ./bin/console --env=dev cache:clear --no-warmup" |
28 | ]; | 25 | ]; |
29 | phpOpenbasedir = [ "/tmp" ]; | 26 | phpOpenbasedir = [ "/tmp" ]; |
30 | phpPool = { | 27 | phpPool = { |
@@ -51,7 +48,7 @@ in { | |||
51 | # vendor/doctrine/dbal/lib/Doctrine/DBAL/DriverManager.php#parseDatabaseUrlQuery | 48 | # vendor/doctrine/dbal/lib/Doctrine/DBAL/DriverManager.php#parseDatabaseUrlQuery |
52 | psql_url = with secrets.postgresql; "pdo-pgsql://${user}:${password}@invalid:${port}/${database}?host=${socket}"; | 49 | psql_url = with secrets.postgresql; "pdo-pgsql://${user}:${password}@invalid:${port}/${database}?host=${socket}"; |
53 | in '' | 50 | in '' |
54 | SetEnv APP_ENV "${app.environment}" | 51 | SetEnv APP_ENV "dev" |
55 | SetEnv APP_SECRET "${secrets.secret}" | 52 | SetEnv APP_SECRET "${secrets.secret}" |
56 | SetEnv DATABASE_URL "${psql_url}" | 53 | SetEnv DATABASE_URL "${psql_url}" |
57 | ''; | 54 | ''; |
@@ -60,7 +57,7 @@ in { | |||
60 | certName = "integration"; | 57 | certName = "integration"; |
61 | addToCerts = true; | 58 | addToCerts = true; |
62 | hosts = [ "dev.aten.pro" ]; | 59 | hosts = [ "dev.aten.pro" ]; |
63 | root = app.webRoot; | 60 | root = webRoot; |
64 | extraConfig = [ | 61 | extraConfig = [ |
65 | '' | 62 | '' |
66 | <FilesMatch "\.php$"> | 63 | <FilesMatch "\.php$"> |
@@ -81,7 +78,7 @@ in { | |||
81 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>" | 78 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>" |
82 | </Location> | 79 | </Location> |
83 | 80 | ||
84 | <Directory ${app.webRoot}> | 81 | <Directory ${webRoot}> |
85 | Options Indexes FollowSymLinks MultiViews Includes | 82 | Options Indexes FollowSymLinks MultiViews Includes |
86 | AllowOverride All | 83 | AllowOverride All |
87 | Require all granted | 84 | Require all granted |
diff --git a/modules/private/websites/ludivine/integration.nix b/modules/private/websites/ludivine/integration.nix index 99c9acf..d04295d 100644 --- a/modules/private/websites/ludivine/integration.nix +++ b/modules/private/websites/ludivine/integration.nix | |||
@@ -1,14 +1,9 @@ | |||
1 | { lib, pkgs, config, ... }: | 1 | { lib, pkgs, config, ... }: |
2 | let | 2 | let |
3 | secrets = config.myEnv.websites.ludivine.integration; | 3 | secrets = config.myEnv.websites.ludivine.integration; |
4 | app = pkgs.callPackage ./app { | ||
5 | composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; | ||
6 | environment = secrets.environment; | ||
7 | varDir = "/var/lib/ludivine_integration"; | ||
8 | secretsPath = config.secrets.fullPaths."websites/ludivine/integration"; | ||
9 | }; | ||
10 | cfg = config.myServices.websites.ludivine.integration; | 4 | cfg = config.myServices.websites.ludivine.integration; |
11 | pcfg = config.services.phpApplication; | 5 | pcfg = config.services.phpApplication; |
6 | webRoot = "/var/lib/ftp/immae/ludivine/web"; | ||
12 | in { | 7 | in { |
13 | options.myServices.websites.ludivine.integration.enable = lib.mkEnableOption "enable Ludivine's website in integration"; | 8 | options.myServices.websites.ludivine.integration.enable = lib.mkEnableOption "enable Ludivine's website in integration"; |
14 | 9 | ||
@@ -18,14 +13,15 @@ in { | |||
18 | websiteEnv = "integration"; | 13 | websiteEnv = "integration"; |
19 | httpdUser = config.services.httpd.Inte.user; | 14 | httpdUser = config.services.httpd.Inte.user; |
20 | httpdGroup = config.services.httpd.Inte.group; | 15 | httpdGroup = config.services.httpd.Inte.group; |
21 | inherit (app) webRoot varDir; | 16 | inherit webRoot; |
17 | varDir = "/var/lib/ftp/immae/ludivine_var"; | ||
18 | app = "/var/lib/ftp/immae/ludivine"; | ||
22 | varDirPaths = { | 19 | varDirPaths = { |
23 | "tmp" = "0700"; | 20 | "tmp" = "0700"; |
24 | }; | 21 | }; |
25 | inherit app; | ||
26 | serviceDeps = [ "mysql.service" ]; | 22 | serviceDeps = [ "mysql.service" ]; |
27 | preStartActions = [ | 23 | preStartActions = [ |
28 | "./bin/console --env=${app.environment} cache:clear --no-warmup" | 24 | "./bin/console --env=dev cache:clear --no-warmup" |
29 | ]; | 25 | ]; |
30 | phpOpenbasedir = [ "/tmp" ]; | 26 | phpOpenbasedir = [ "/tmp" ]; |
31 | phpPool = { | 27 | phpPool = { |
@@ -90,7 +86,7 @@ in { | |||
90 | certName = "integration"; | 86 | certName = "integration"; |
91 | addToCerts = true; | 87 | addToCerts = true; |
92 | hosts = [ "ludivine.immae.eu" ]; | 88 | hosts = [ "ludivine.immae.eu" ]; |
93 | root = app.webRoot; | 89 | root = webRoot; |
94 | extraConfig = [ | 90 | extraConfig = [ |
95 | '' | 91 | '' |
96 | <FilesMatch "\.php$"> | 92 | <FilesMatch "\.php$"> |
@@ -103,7 +99,7 @@ in { | |||
103 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://ludivinecassal.com\"></html>" | 99 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://ludivinecassal.com\"></html>" |
104 | </Location> | 100 | </Location> |
105 | 101 | ||
106 | <Directory ${app.webRoot}> | 102 | <Directory ${webRoot}> |
107 | Options Indexes FollowSymLinks MultiViews Includes | 103 | Options Indexes FollowSymLinks MultiViews Includes |
108 | AllowOverride None | 104 | AllowOverride None |
109 | Require all granted | 105 | Require all granted |
diff --git a/modules/private/websites/piedsjaloux/integration.nix b/modules/private/websites/piedsjaloux/integration.nix index 437b127..64d577e 100644 --- a/modules/private/websites/piedsjaloux/integration.nix +++ b/modules/private/websites/piedsjaloux/integration.nix | |||
@@ -1,12 +1,7 @@ | |||
1 | { lib, pkgs, config, ... }: | 1 | { lib, pkgs, config, ... }: |
2 | let | 2 | let |
3 | secrets = config.myEnv.websites.piedsjaloux.integration; | 3 | secrets = config.myEnv.websites.piedsjaloux.integration; |
4 | app = pkgs.callPackage ./app { | 4 | webRoot = "/var/lib/ftp/immae/piedsjaloux/web"; |
5 | composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; | ||
6 | environment = secrets.environment; | ||
7 | varDir = "/var/lib/piedsjaloux_integration"; | ||
8 | secretsPath = config.secrets.fullPaths."websites/piedsjaloux/integration"; | ||
9 | }; | ||
10 | cfg = config.myServices.websites.piedsjaloux.integration; | 5 | cfg = config.myServices.websites.piedsjaloux.integration; |
11 | pcfg = config.services.phpApplication; | 6 | pcfg = config.services.phpApplication; |
12 | texlive = pkgs.texlive.combine { inherit (pkgs.texlive) attachfile preprint scheme-small; }; | 7 | texlive = pkgs.texlive.combine { inherit (pkgs.texlive) attachfile preprint scheme-small; }; |
@@ -19,14 +14,15 @@ in { | |||
19 | websiteEnv = "integration"; | 14 | websiteEnv = "integration"; |
20 | httpdUser = config.services.httpd.Inte.user; | 15 | httpdUser = config.services.httpd.Inte.user; |
21 | httpdGroup = config.services.httpd.Inte.group; | 16 | httpdGroup = config.services.httpd.Inte.group; |
22 | inherit (app) webRoot varDir; | 17 | inherit webRoot; |
18 | varDir = "/var/lib/ftp/immae/piedsjaloux_var"; | ||
23 | varDirPaths = { | 19 | varDirPaths = { |
24 | "tmp" = "0700"; | 20 | "tmp" = "0700"; |
25 | }; | 21 | }; |
26 | inherit app; | 22 | app = "/var/lib/ftp/immae/piedsjaloux"; |
27 | serviceDeps = [ "mysql.service" ]; | 23 | serviceDeps = [ "mysql.service" ]; |
28 | preStartActions = [ | 24 | preStartActions = [ |
29 | "./bin/console --env=${app.environment} cache:clear --no-warmup" | 25 | "./bin/console --env=dev cache:clear --no-warmup" |
30 | ]; | 26 | ]; |
31 | phpOpenbasedir = [ "/tmp" ]; | 27 | phpOpenbasedir = [ "/tmp" ]; |
32 | phpPool = { | 28 | phpPool = { |
@@ -47,7 +43,7 @@ in { | |||
47 | SYMFONY_DEBUG_MODE = "\"yes\""; | 43 | SYMFONY_DEBUG_MODE = "\"yes\""; |
48 | }; | 44 | }; |
49 | phpWatchFiles = [ | 45 | phpWatchFiles = [ |
50 | app.secretsPath | 46 | config.secrets.fullPaths."websites/piedsjaloux/integration" |
51 | ]; | 47 | ]; |
52 | phpPackage = pkgs.php72; | 48 | phpPackage = pkgs.php72; |
53 | }; | 49 | }; |
@@ -80,7 +76,7 @@ in { | |||
80 | certName = "integration"; | 76 | certName = "integration"; |
81 | addToCerts = true; | 77 | addToCerts = true; |
82 | hosts = [ "piedsjaloux.immae.eu" ]; | 78 | hosts = [ "piedsjaloux.immae.eu" ]; |
83 | root = app.webRoot; | 79 | root = webRoot; |
84 | extraConfig = [ | 80 | extraConfig = [ |
85 | '' | 81 | '' |
86 | <FilesMatch "\.php$"> | 82 | <FilesMatch "\.php$"> |
@@ -93,7 +89,7 @@ in { | |||
93 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://piedsjaloux.fr\"></html>" | 89 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://piedsjaloux.fr\"></html>" |
94 | </Location> | 90 | </Location> |
95 | 91 | ||
96 | <Directory ${app.webRoot}> | 92 | <Directory ${webRoot}> |
97 | Options Indexes FollowSymLinks MultiViews Includes | 93 | Options Indexes FollowSymLinks MultiViews Includes |
98 | AllowOverride None | 94 | AllowOverride None |
99 | Require all granted | 95 | Require all granted |
diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix index 499ef91..9052473 100644 --- a/modules/private/websites/tools/tools/default.nix +++ b/modules/private/websites/tools/tools/default.nix | |||
@@ -121,14 +121,14 @@ in { | |||
121 | certMainHost = "devtools.immae.eu"; | 121 | certMainHost = "devtools.immae.eu"; |
122 | addToCerts = true; | 122 | addToCerts = true; |
123 | hosts = [ "devtools.immae.eu" ]; | 123 | hosts = [ "devtools.immae.eu" ]; |
124 | root = "/var/lib/ftp/devtools.immae.eu"; | 124 | root = "/var/lib/ftp/immae/devtools"; |
125 | extraConfig = [ | 125 | extraConfig = [ |
126 | '' | 126 | '' |
127 | Use Apaxy "/var/lib/ftp/devtools.immae.eu" "title" | 127 | Use Apaxy "/var/lib/ftp/immae/devtools" "title" |
128 | Timeout 600 | 128 | Timeout 600 |
129 | ProxyTimeout 600 | 129 | ProxyTimeout 600 |
130 | Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}" | 130 | Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}" |
131 | <Directory "/var/lib/ftp/devtools.immae.eu"> | 131 | <Directory "/var/lib/ftp/immae/devtools"> |
132 | DirectoryIndex index.php index.htm index.html | 132 | DirectoryIndex index.php index.htm index.html |
133 | AllowOverride all | 133 | AllowOverride all |
134 | Require all granted | 134 | Require all granted |
@@ -339,7 +339,7 @@ in { | |||
339 | "pm.min_spare_servers" = "1"; | 339 | "pm.min_spare_servers" = "1"; |
340 | "pm.max_spare_servers" = "10"; | 340 | "pm.max_spare_servers" = "10"; |
341 | 341 | ||
342 | "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp"; | 342 | "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp"; |
343 | }; | 343 | }; |
344 | phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]); | 344 | phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]); |
345 | }; | 345 | }; |