aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--nixops/modules/websites/connexionswing/connexionswing.nix321
-rw-r--r--nixops/modules/websites/connexionswing/default.nix21
-rw-r--r--pkgs/private/webapps/connexionswing/connexionswing.json (renamed from nixops/modules/websites/connexionswing/connexionswing.json)0
-rw-r--r--pkgs/private/webapps/connexionswing/default.nix27
-rw-r--r--pkgs/private/webapps/connexionswing/php-packages.nix (renamed from nixops/modules/websites/connexionswing/php-packages.nix)0
-rw-r--r--pkgs/private/webapps/default.nix1
6 files changed, 188 insertions, 182 deletions
diff --git a/nixops/modules/websites/connexionswing/connexionswing.nix b/nixops/modules/websites/connexionswing/connexionswing.nix
index 60ddb63..77b839c 100644
--- a/nixops/modules/websites/connexionswing/connexionswing.nix
+++ b/nixops/modules/websites/connexionswing/connexionswing.nix
@@ -1,189 +1,166 @@
1{ pkgs, lib, writeText, fetchedGitPrivate, stdenv, composerEnv, phpPackages, fetchurl, fetchgit }: 1{ connexionswing, pkgs, phpPackages, config }:
2let 2rec {
3 connexionswing = { config }: rec { 3 app = connexionswing.override { inherit (config) environment; };
4 environment = config.environment; 4 keys = [{
5 varDir = "/var/lib/connexionswing_${environment}"; 5 dest = "webapps/${app.environment}-connexionswing";
6 keys = [{ 6 user = apache.user;
7 dest = "webapps/${environment}-connexionswing"; 7 group = apache.group;
8 user = apache.user; 8 permissions = "0400";
9 group = apache.group; 9 text = ''
10 permissions = "0400"; 10 # This file is auto-generated during the composer install
11 text = '' 11 parameters:
12 # This file is auto-generated during the composer install 12 database_host: ${config.mysql.host}
13 parameters: 13 database_port: ${config.mysql.port}
14 database_host: ${config.mysql.host} 14 database_name: ${config.mysql.name}
15 database_port: ${config.mysql.port} 15 database_user: ${config.mysql.user}
16 database_name: ${config.mysql.name} 16 database_password: ${config.mysql.password}
17 database_user: ${config.mysql.user} 17 database_server_version: ${pkgs.mariadb.mysqlVersion}
18 database_password: ${config.mysql.password} 18 mailer_transport: sendmail
19 database_server_version: ${pkgs.mariadb.mysqlVersion} 19 mailer_host: null
20 mailer_transport: sendmail 20 mailer_user: null
21 mailer_host: null 21 mailer_password: null
22 mailer_user: null 22 subscription_email: ${config.email}
23 mailer_password: null 23 allow_robots: true
24 subscription_email: ${config.email} 24 secret: ${config.secret}
25 allow_robots: true 25 ${if app.environment == "prod" then ''
26 secret: ${config.secret} 26 services:
27 ${if environment == "prod" then '' 27 swiftmailer.mailer.default.transport:
28 services: 28 class: Swift_SendmailTransport
29 swiftmailer.mailer.default.transport: 29 arguments: ['/run/wrappers/bin/sendmail -bs']
30 class: Swift_SendmailTransport 30 '' else ""}
31 arguments: ['/run/wrappers/bin/sendmail -bs'] 31 '';
32 '' else ""} 32 }];
33 phpFpm = rec {
34 preStart = ''
35 if [ ! -f "${app.varDir}/currentWebappDir" -o \
36 ! -f "${app.varDir}/currentKey" -o \
37 "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \
38 || ! sha512sum -c --status ${app.varDir}/currentKey; then
39 pushd ${app} > /dev/null
40 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${app.environment} cache:clear --no-warmup
41 popd > /dev/null
42 echo -n "${app}" > ${app.varDir}/currentWebappDir
43 sha512sum /var/secrets/webapps/${app.environment}-connexionswing > ${app.varDir}/currentKey
44 fi
33 ''; 45 '';
34 }]; 46 serviceDeps = [ "mysql.service" ];
35 phpFpm = rec { 47 socket = "/var/run/phpfpm/connexionswing-${app.environment}.sock";
36 preStart = '' 48 phpConfig = ''
37 if [ ! -f "${varDir}/currentWebappDir" -o \ 49 extension=${phpPackages.imagick}/lib/php/extensions/imagick.so
38 ! -f "${varDir}/currentKey" -o \ 50 '';
39 "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ] \ 51 pool = ''
40 || ! sha512sum -c --status ${varDir}/currentKey; then 52 listen = ${socket}
41 pushd ${webappDir} > /dev/null 53 user = ${apache.user}
42 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup 54 group = ${apache.group}
43 popd > /dev/null 55 listen.owner = ${apache.user}
44 echo -n "${webappDir}" > ${varDir}/currentWebappDir 56 listen.group = ${apache.group}
45 sha512sum /var/secrets/webapps/${environment}-connexionswing > ${varDir}/currentKey 57 php_admin_value[upload_max_filesize] = 20M
46 fi 58 php_admin_value[post_max_size] = 20M
47 ''; 59 ;php_admin_flag[log_errors] = on
48 serviceDeps = [ "mysql.service" ]; 60 php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/secrets/webapps/${app.environment}-connexionswing:${app}:${app.varDir}:/tmp"
49 socket = "/var/run/phpfpm/connexionswing-${environment}.sock"; 61 php_admin_value[session.save_path] = "${app.varDir}/phpSessions"
50 phpConfig = '' 62 ${if app.environment == "dev" then ''
51 extension=${phpPackages.imagick}/lib/php/extensions/imagick.so 63 pm = ondemand
52 ''; 64 pm.max_children = 5
53 pool = '' 65 pm.process_idle_timeout = 60
54 listen = ${socket} 66 env[SYMFONY_DEBUG_MODE] = "yes"
55 user = ${apache.user} 67 '' else ''
56 group = ${apache.group} 68 pm = dynamic
57 listen.owner = ${apache.user} 69 pm.max_children = 20
58 listen.group = ${apache.group} 70 pm.start_servers = 2
59 php_admin_value[upload_max_filesize] = 20M 71 pm.min_spare_servers = 1
60 php_admin_value[post_max_size] = 20M 72 pm.max_spare_servers = 3
61 ;php_admin_flag[log_errors] = on 73 ''}'';
62 php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/secrets/webapps/${environment}-connexionswing:${webappDir}:${varDir}:/tmp" 74 };
63 php_admin_value[session.save_path] = "${varDir}/phpSessions" 75 apache = rec {
64 ${if environment == "dev" then '' 76 user = "wwwrun";
65 pm = ondemand 77 group = "wwwrun";
66 pm.max_children = 5 78 modules = [ "proxy_fcgi" ];
67 pm.process_idle_timeout = 60 79 webappName = "connexionswing_${app.environment}";
68 env[SYMFONY_DEBUG_MODE] = "yes" 80 root = "/run/current-system/webapps/${webappName}";
69 '' else '' 81 vhostConf = ''
70 pm = dynamic 82 <FilesMatch "\.php$">
71 pm.max_children = 20 83 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
72 pm.start_servers = 2 84 </FilesMatch>
73 pm.min_spare_servers = 1
74 pm.max_spare_servers = 3
75 ''}'';
76 };
77 apache = rec {
78 user = "wwwrun";
79 group = "wwwrun";
80 modules = [ "proxy_fcgi" ];
81 webappName = "connexionswing_${environment}";
82 root = "/run/current-system/webapps/${webappName}";
83 vhostConf = ''
84 <FilesMatch "\.php$">
85 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
86 </FilesMatch>
87 85
88 <Directory ${varDir}/medias> 86 <Directory ${app.varDir}/medias>
89 Options FollowSymLinks 87 Options FollowSymLinks
90 AllowOverride None 88 AllowOverride None
91 Require all granted 89 Require all granted
92 </Directory> 90 </Directory>
93 91
94 <Directory ${varDir}/uploads> 92 <Directory ${app.varDir}/uploads>
95 Options FollowSymLinks 93 Options FollowSymLinks
96 AllowOverride None 94 AllowOverride None
97 Require all granted 95 Require all granted
98 </Directory> 96 </Directory>
99 97
100 ${if environment == "dev" then '' 98 ${if app.environment == "dev" then ''
101 <Location /> 99 <Location />
102 Use LDAPConnect 100 Use LDAPConnect
103 Require ldap-group cn=connexionswing.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu 101 Require ldap-group cn=connexionswing.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
104 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://connexionswing.com\"></html>" 102 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://connexionswing.com\"></html>"
105 </Location> 103 </Location>
106 104
107 <Directory ${root}> 105 <Directory ${root}>
108 Options Indexes FollowSymLinks MultiViews Includes 106 Options Indexes FollowSymLinks MultiViews Includes
109 AllowOverride None 107 AllowOverride None
110 Require all granted 108 Require all granted
111 109
112 DirectoryIndex app_dev.php 110 DirectoryIndex app_dev.php
113 111
114 <IfModule mod_negotiation.c> 112 <IfModule mod_negotiation.c>
115 Options -MultiViews 113 Options -MultiViews
116 </IfModule> 114 </IfModule>
117 115
118 <IfModule mod_rewrite.c> 116 <IfModule mod_rewrite.c>
119 RewriteEngine On 117 RewriteEngine On
120 118
121 RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$ 119 RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
122 RewriteRule ^(.*) - [E=BASE:%1] 120 RewriteRule ^(.*) - [E=BASE:%1]
123 121
124 # Maintenance script 122 # Maintenance script
125 RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f 123 RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f
126 RewriteCond %{SCRIPT_FILENAME} !maintenance.php 124 RewriteCond %{SCRIPT_FILENAME} !maintenance.php
127 RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L] 125 RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]
128 ErrorDocument 503 /maintenance.php 126 ErrorDocument 503 /maintenance.php
129 127
130 # Sets the HTTP_AUTHORIZATION header removed by Apache 128 # Sets the HTTP_AUTHORIZATION header removed by Apache
131 RewriteCond %{HTTP:Authorization} . 129 RewriteCond %{HTTP:Authorization} .
132 RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] 130 RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
133 131
134 RewriteCond %{ENV:REDIRECT_STATUS} ^$ 132 RewriteCond %{ENV:REDIRECT_STATUS} ^$
135 RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L] 133 RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
136 134
137 # If the requested filename exists, simply serve it. 135 # If the requested filename exists, simply serve it.
138 # We only want to let Apache serve files and not directories. 136 # We only want to let Apache serve files and not directories.
139 RewriteCond %{REQUEST_FILENAME} -f 137 RewriteCond %{REQUEST_FILENAME} -f
140 RewriteRule ^ - [L] 138 RewriteRule ^ - [L]
141 139
142 # Rewrite all other queries to the front controller. 140 # Rewrite all other queries to the front controller.
143 RewriteRule ^ %{ENV:BASE}/app_dev.php [L] 141 RewriteRule ^ %{ENV:BASE}/app_dev.php [L]
144 </IfModule> 142 </IfModule>
145 143
146 </Directory> 144 </Directory>
147 '' else '' 145 '' else ''
148 Use Stats connexionswing.com 146 Use Stats connexionswing.com
149 147
150 <Directory ${root}> 148 <Directory ${root}>
151 Options Indexes FollowSymLinks MultiViews Includes 149 Options Indexes FollowSymLinks MultiViews Includes
152 AllowOverride All 150 AllowOverride All
153 Require all granted 151 Require all granted
154 </Directory> 152 </Directory>
155 ''} 153 ''}
156 ''; 154 '';
157 }; 155 };
158 activationScript = { 156 activationScript = {
159 deps = [ "wrappers" ]; 157 deps = [ "wrappers" ];
160 text = '' 158 text = ''
161 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ 159 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} \
162 ${varDir}/medias \ 160 ${app.varDir}/medias \
163 ${varDir}/uploads \ 161 ${app.varDir}/uploads \
164 ${varDir}/var 162 ${app.varDir}/var
165 install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions 163 install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions
166 ''; 164 '';
167 };
168 webappDir = composerEnv.buildPackage (
169 import ./php-packages.nix { inherit composerEnv fetchurl fetchgit; } //
170 fetchedGitPrivate ./connexionswing.json //
171 rec {
172 noDev = (environment == "prod");
173 preInstall = ''
174 export SYMFONY_ENV="${environment}"
175 '';
176 postInstall = ''
177 cd $out
178 ${if environment == "prod" then "php ./bin/console assetic:dump --env=prod --no-debug" else ""}
179 rm app/config/parameters.yml
180 ln -sf /var/secrets/webapps/${environment}-connexionswing app/config/parameters.yml
181 rm -rf var/{logs,cache}
182 ln -sf ${varDir}/var/{logs,cache} var/
183 ln -sf ${varDir}/{medias,uploads} web/images/
184 '';
185 });
186 webRoot = "${webappDir}/web";
187 }; 165 };
188in 166}
189 connexionswing
diff --git a/nixops/modules/websites/connexionswing/default.nix b/nixops/modules/websites/connexionswing/default.nix
index 773c8de..2f82428 100644
--- a/nixops/modules/websites/connexionswing/default.nix
+++ b/nixops/modules/websites/connexionswing/default.nix
@@ -1,14 +1,15 @@
1{ lib, pkgs, config, mylibs, myconfig, ... }: 1{ lib, pkgs, config, mylibs, myconfig, ... }:
2let 2let
3 connexionswing = pkgs.callPackage ./connexionswing.nix { inherit (mylibs) fetchedGitPrivate; }; 3 connexionswing_dev = pkgs.callPackage ./connexionswing.nix {
4 connexionswing_dev = connexionswing { 4 inherit (pkgs.private.webapps) connexionswing;
5 config = myconfig.env.websites.connexionswing.integration; 5 config = myconfig.env.websites.connexionswing.integration;
6 }; 6 };
7 connexionswing_prod = connexionswing { 7 connexionswing_prod = pkgs.callPackage ./connexionswing.nix {
8 config = myconfig.env.websites.connexionswing.production; 8 inherit (pkgs.private.webapps) connexionswing;
9 }; 9 config = myconfig.env.websites.connexionswing.production;
10 };
10 11
11 cfg = config.services.myWebsites.Connexionswing; 12 cfg = config.services.myWebsites.Connexionswing;
12in { 13in {
13 options.services.myWebsites.Connexionswing = { 14 options.services.myWebsites.Connexionswing = {
14 production = { 15 production = {
@@ -40,7 +41,7 @@ in {
40 system.activationScripts.connexionswing_prod = connexionswing_prod.activationScript; 41 system.activationScripts.connexionswing_prod = connexionswing_prod.activationScript;
41 system.extraSystemBuilderCmds = '' 42 system.extraSystemBuilderCmds = ''
42 mkdir -p $out/webapps 43 mkdir -p $out/webapps
43 ln -s ${connexionswing_prod.webRoot} $out/webapps/${connexionswing_prod.apache.webappName} 44 ln -s ${connexionswing_prod.app.webRoot} $out/webapps/${connexionswing_prod.apache.webappName}
44 ''; 45 '';
45 services.myWebsites.production.modules = connexionswing_prod.apache.modules; 46 services.myWebsites.production.modules = connexionswing_prod.apache.modules;
46 services.myWebsites.production.vhostConfs.connexionswing = { 47 services.myWebsites.production.vhostConfs.connexionswing = {
@@ -61,7 +62,7 @@ in {
61 system.activationScripts.connexionswing_dev = connexionswing_dev.activationScript; 62 system.activationScripts.connexionswing_dev = connexionswing_dev.activationScript;
62 system.extraSystemBuilderCmds = '' 63 system.extraSystemBuilderCmds = ''
63 mkdir -p $out/webapps 64 mkdir -p $out/webapps
64 ln -s ${connexionswing_dev.webRoot} $out/webapps/${connexionswing_dev.apache.webappName} 65 ln -s ${connexionswing_dev.app.webRoot} $out/webapps/${connexionswing_dev.apache.webappName}
65 ''; 66 '';
66 services.myWebsites.integration.modules = connexionswing_dev.apache.modules; 67 services.myWebsites.integration.modules = connexionswing_dev.apache.modules;
67 services.myWebsites.integration.vhostConfs.connexionswing = { 68 services.myWebsites.integration.vhostConfs.connexionswing = {
diff --git a/nixops/modules/websites/connexionswing/connexionswing.json b/pkgs/private/webapps/connexionswing/connexionswing.json
index 44d9f0e..44d9f0e 100644
--- a/nixops/modules/websites/connexionswing/connexionswing.json
+++ b/pkgs/private/webapps/connexionswing/connexionswing.json
diff --git a/pkgs/private/webapps/connexionswing/default.nix b/pkgs/private/webapps/connexionswing/default.nix
new file mode 100644
index 0000000..04e296b
--- /dev/null
+++ b/pkgs/private/webapps/connexionswing/default.nix
@@ -0,0 +1,27 @@
1{ environment ? "prod"
2, varDir ? "/var/lib/connexionswing_${environment}"
3, composerEnv, fetchurl, fetchgit, mylibs }:
4let
5 app = composerEnv.buildPackage (
6 import ./php-packages.nix { inherit composerEnv fetchurl fetchgit; } //
7 mylibs.fetchedGitPrivate ./connexionswing.json //
8 rec {
9 noDev = (environment == "prod");
10 preInstall = ''
11 export SYMFONY_ENV="${environment}"
12 '';
13 postInstall = ''
14 cd $out
15 ${if environment == "prod" then "php ./bin/console assetic:dump --env=prod --no-debug" else ""}
16 rm app/config/parameters.yml
17 ln -sf /var/secrets/webapps/${environment}-connexionswing app/config/parameters.yml
18 rm -rf var/{logs,cache}
19 ln -sf ${varDir}/var/{logs,cache} var/
20 ln -sf ${varDir}/{medias,uploads} web/images/
21 '';
22 passthru = {
23 inherit varDir environment;
24 webRoot = "${app}/web";
25 };
26 });
27in app
diff --git a/nixops/modules/websites/connexionswing/php-packages.nix b/pkgs/private/webapps/connexionswing/php-packages.nix
index 581b437..581b437 100644
--- a/nixops/modules/websites/connexionswing/php-packages.nix
+++ b/pkgs/private/webapps/connexionswing/php-packages.nix
diff --git a/pkgs/private/webapps/default.nix b/pkgs/private/webapps/default.nix
index 8c45b89..d11fe92 100644
--- a/pkgs/private/webapps/default.nix
+++ b/pkgs/private/webapps/default.nix
@@ -1,4 +1,5 @@
1{ callPackage, mylibs, composerEnv, lib }: 1{ callPackage, mylibs, composerEnv, lib }:
2rec { 2rec {
3 aten = callPackage ./aten {}; 3 aten = callPackage ./aten {};
4 connexionswing = callPackage ./connexionswing {};
4} 5}