6 files changed, 188 insertions, 182 deletions
diff --git a/nixops/modules/websites/connexionswing/connexionswing.nix b/nixops/modules/websites/connexionswing/connexionswing.nix
index 60ddb63..77b839c 100644
--- a/nixops/modules/websites/connexionswing/connexionswing.nix
+++ b/nixops/modules/websites/connexionswing/connexionswing.nix
@@ -1,189 +1,166 @@
-{ pkgs, lib, writeText, fetchedGitPrivate, stdenv, composerEnv, phpPackages, fetchurl, fetchgit }:
+{ connexionswing, pkgs, phpPackages, config }:
-let
+rec {
-  connexionswing = { config }: rec {
+  app = connexionswing.override { inherit (config) environment; };
-    environment = config.environment;
+  keys = [{
-    varDir = "/var/lib/connexionswing_${environment}";
+    dest = "webapps/${app.environment}-connexionswing";
-    keys = [{
+    user = apache.user;
-      dest = "webapps/${environment}-connexionswing";
+    group = apache.group;
-      user = apache.user;
+    permissions = "0400";
-      group = apache.group;
+    text = ''
-      permissions = "0400";
+      # This file is auto-generated during the composer install
-      text = ''
+      parameters:
-        # This file is auto-generated during the composer install
+          database_host: ${config.mysql.host}
-        parameters:
+          database_port: ${config.mysql.port}
-            database_host: ${config.mysql.host}
+          database_name: ${config.mysql.name}
-            database_port: ${config.mysql.port}
+          database_user: ${config.mysql.user}
-            database_name: ${config.mysql.name}
+          database_password: ${config.mysql.password}
-            database_user: ${config.mysql.user}
+          database_server_version: ${pkgs.mariadb.mysqlVersion}
-            database_password: ${config.mysql.password}
+          mailer_transport: sendmail
-            database_server_version: ${pkgs.mariadb.mysqlVersion}
+          mailer_host: null
-            mailer_transport: sendmail
+          mailer_user: null
-            mailer_host: null
+          mailer_password: null
-            mailer_user: null
+          subscription_email: ${config.email}
-            mailer_password: null
+          allow_robots: true
-            subscription_email: ${config.email}
+          secret: ${config.secret}
-            allow_robots: true
+      ${if app.environment == "prod" then ''
-            secret: ${config.secret}
+      services:
-        ${if environment == "prod" then ''
+        swiftmailer.mailer.default.transport:
-        services:
+            class:     Swift_SendmailTransport
-          swiftmailer.mailer.default.transport:
+            arguments: ['/run/wrappers/bin/sendmail -bs']
-              class:     Swift_SendmailTransport
+      '' else ""}
-              arguments: ['/run/wrappers/bin/sendmail -bs']
+    '';
-        '' else ""}
+  }];
+  phpFpm = rec {
+    preStart = ''
+      if [ ! -f "${app.varDir}/currentWebappDir" -o \
+          ! -f "${app.varDir}/currentKey" -o \
+          "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \
+          || ! sha512sum -c --status ${app.varDir}/currentKey; then
+        pushd ${app} > /dev/null
+        /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${app.environment} cache:clear --no-warmup
+        popd > /dev/null
+        echo -n "${app}" > ${app.varDir}/currentWebappDir
+        sha512sum /var/secrets/webapps/${app.environment}-connexionswing > ${app.varDir}/currentKey
+      fi
      '';
-    }];
+    serviceDeps = [ "mysql.service" ];
-    phpFpm = rec {
+    socket = "/var/run/phpfpm/connexionswing-${app.environment}.sock";
-      preStart = ''
+    phpConfig = ''
-        if [ ! -f "${varDir}/currentWebappDir" -o \
+      extension=${phpPackages.imagick}/lib/php/extensions/imagick.so
-            ! -f "${varDir}/currentKey" -o \
+      '';
-            "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ] \
+    pool = ''
-            || ! sha512sum -c --status ${varDir}/currentKey; then
+      listen = ${socket}
-          pushd ${webappDir} > /dev/null
+      user = ${apache.user}
-          /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup
+      group = ${apache.group}
-          popd > /dev/null
+      listen.owner = ${apache.user}
-          echo -n "${webappDir}" > ${varDir}/currentWebappDir
+      listen.group = ${apache.group}
-          sha512sum /var/secrets/webapps/${environment}-connexionswing > ${varDir}/currentKey
+      php_admin_value[upload_max_filesize] = 20M
-        fi
+      php_admin_value[post_max_size] = 20M
-        '';
+      ;php_admin_flag[log_errors] = on
-      serviceDeps = [ "mysql.service" ];
+      php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/secrets/webapps/${app.environment}-connexionswing:${app}:${app.varDir}:/tmp"
-      socket = "/var/run/phpfpm/connexionswing-${environment}.sock";
+      php_admin_value[session.save_path] = "${app.varDir}/phpSessions"
-      phpConfig = ''
+      ${if app.environment == "dev" then ''
-        extension=${phpPackages.imagick}/lib/php/extensions/imagick.so
+      pm = ondemand
-        '';
+      pm.max_children = 5
-      pool = ''
+      pm.process_idle_timeout = 60
-        listen = ${socket}
+      env[SYMFONY_DEBUG_MODE] = "yes"
-        user = ${apache.user}
+      '' else ''
-        group = ${apache.group}
+      pm = dynamic
-        listen.owner = ${apache.user}
+      pm.max_children = 20
-        listen.group = ${apache.group}
+      pm.start_servers = 2
-        php_admin_value[upload_max_filesize] = 20M
+      pm.min_spare_servers = 1
-        php_admin_value[post_max_size] = 20M
+      pm.max_spare_servers = 3
-        ;php_admin_flag[log_errors] = on
+      ''}'';
-        php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/secrets/webapps/${environment}-connexionswing:${webappDir}:${varDir}:/tmp"
+  };
-        php_admin_value[session.save_path] = "${varDir}/phpSessions"
+  apache = rec {
-        ${if environment == "dev" then ''
+    user = "wwwrun";
-        pm = ondemand
+    group = "wwwrun";
-        pm.max_children = 5
+    modules = [ "proxy_fcgi" ];
-        pm.process_idle_timeout = 60
+    webappName = "connexionswing_${app.environment}";
-        env[SYMFONY_DEBUG_MODE] = "yes"
+    root = "/run/current-system/webapps/${webappName}";
-        '' else ''
+    vhostConf = ''
-        pm = dynamic
+    <FilesMatch "\.php$">
-        pm.max_children = 20
+      SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
-        pm.start_servers = 2
+    </FilesMatch>
-        pm.min_spare_servers = 1
-        pm.max_spare_servers = 3
-        ''}'';
-    };
-    apache = rec {
-      user = "wwwrun";
-      group = "wwwrun";
-      modules = [ "proxy_fcgi" ];
-      webappName = "connexionswing_${environment}";
-      root = "/run/current-system/webapps/${webappName}";
-      vhostConf = ''
-      <FilesMatch "\.php$">
-        SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
-      </FilesMatch>
-      <Directory ${varDir}/medias>
+    <Directory ${app.varDir}/medias>
-        Options FollowSymLinks
+      Options FollowSymLinks
-        AllowOverride None
+      AllowOverride None
-        Require all granted
+      Require all granted
-      </Directory>
+    </Directory>
-      <Directory ${varDir}/uploads>
+    <Directory ${app.varDir}/uploads>
-        Options FollowSymLinks
+      Options FollowSymLinks
-        AllowOverride None
+      AllowOverride None
-        Require all granted
+      Require all granted
-      </Directory>
+    </Directory>
-      ${if environment == "dev" then ''
+    ${if app.environment == "dev" then ''
-      <Location />
+    <Location />
-        Use LDAPConnect
+      Use LDAPConnect
-        Require ldap-group   cn=connexionswing.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
+      Require ldap-group   cn=connexionswing.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
-        ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://connexionswing.com\"></html>"
+      ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://connexionswing.com\"></html>"
-      </Location>
+    </Location>
-      <Directory ${root}>
+    <Directory ${root}>
-        Options Indexes FollowSymLinks MultiViews Includes
+      Options Indexes FollowSymLinks MultiViews Includes
-        AllowOverride None
+      AllowOverride None
-        Require all granted
+      Require all granted
-        DirectoryIndex app_dev.php
+      DirectoryIndex app_dev.php
-        <IfModule mod_negotiation.c>
+      <IfModule mod_negotiation.c>
-        Options -MultiViews
+      Options -MultiViews
-        </IfModule>
+      </IfModule>
-        <IfModule mod_rewrite.c>
+      <IfModule mod_rewrite.c>
-          RewriteEngine On
+        RewriteEngine On
-          RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
+        RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
-          RewriteRule ^(.*) - [E=BASE:%1]
+        RewriteRule ^(.*) - [E=BASE:%1]
-          # Maintenance script
+        # Maintenance script
-          RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f
+        RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f
-          RewriteCond %{SCRIPT_FILENAME} !maintenance.php
+        RewriteCond %{SCRIPT_FILENAME} !maintenance.php
-          RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]
+        RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]
-          ErrorDocument 503 /maintenance.php
+        ErrorDocument 503 /maintenance.php
-          # Sets the HTTP_AUTHORIZATION header removed by Apache
+        # Sets the HTTP_AUTHORIZATION header removed by Apache
-          RewriteCond %{HTTP:Authorization} .
+        RewriteCond %{HTTP:Authorization} .
-          RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+        RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
-          RewriteCond %{ENV:REDIRECT_STATUS} ^$
+        RewriteCond %{ENV:REDIRECT_STATUS} ^$
-          RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
+        RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
-          # If the requested filename exists, simply serve it.
+        # If the requested filename exists, simply serve it.
-          # We only want to let Apache serve files and not directories.
+        # We only want to let Apache serve files and not directories.
-          RewriteCond %{REQUEST_FILENAME} -f
+        RewriteCond %{REQUEST_FILENAME} -f
-          RewriteRule ^ - [L]
+        RewriteRule ^ - [L]
-          # Rewrite all other queries to the front controller.
+        # Rewrite all other queries to the front controller.
-          RewriteRule ^ %{ENV:BASE}/app_dev.php [L]
+        RewriteRule ^ %{ENV:BASE}/app_dev.php [L]
-        </IfModule>
+      </IfModule>
-      </Directory>
+    </Directory>
-      '' else ''
+    '' else ''
-      Use Stats connexionswing.com
+    Use Stats connexionswing.com
-      <Directory ${root}>
+    <Directory ${root}>
-        Options Indexes FollowSymLinks MultiViews Includes
+      Options Indexes FollowSymLinks MultiViews Includes
-        AllowOverride All
+      AllowOverride All
-        Require all granted
+      Require all granted
-      </Directory>
+    </Directory>
-      ''}
+    ''}
-      '';
+    '';
-    };
+  };
-    activationScript = {
+  activationScript = {
-      deps = [ "wrappers" ];
+    deps = [ "wrappers" ];
-      text = ''
+    text = ''
-      install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
+    install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} \
-        ${varDir}/medias \
+      ${app.varDir}/medias \
-        ${varDir}/uploads \
+      ${app.varDir}/uploads \
-        ${varDir}/var
+      ${app.varDir}/var
-      install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
+    install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions
-      '';
+    '';
-    };
-    webappDir = composerEnv.buildPackage (
-      import ./php-packages.nix { inherit composerEnv fetchurl fetchgit; } //
-      fetchedGitPrivate ./connexionswing.json //
-      rec {
-        noDev = (environment == "prod");
-        preInstall = ''
-          export SYMFONY_ENV="${environment}"
-          '';
-        postInstall = ''
-          cd $out
-          ${if environment == "prod" then "php ./bin/console assetic:dump --env=prod --no-debug" else ""}
-          rm app/config/parameters.yml
-          ln -sf /var/secrets/webapps/${environment}-connexionswing app/config/parameters.yml
-          rm -rf var/{logs,cache}
-          ln -sf ${varDir}/var/{logs,cache} var/
-          ln -sf ${varDir}/{medias,uploads} web/images/
-          '';
-      });
-    webRoot = "${webappDir}/web";
  };
-in
+}
-  connexionswing
diff --git a/nixops/modules/websites/connexionswing/default.nix b/nixops/modules/websites/connexionswing/default.nix
index 773c8de..2f82428 100644
--- a/nixops/modules/websites/connexionswing/default.nix
+++ b/nixops/modules/websites/connexionswing/default.nix
@@ -1,14 +1,15 @@
 { lib, pkgs, config, mylibs, myconfig, ... }:
 let
-    connexionswing = pkgs.callPackage ./connexionswing.nix { inherit (mylibs) fetchedGitPrivate; };
+  connexionswing_dev  = pkgs.callPackage ./connexionswing.nix {
-    connexionswing_dev  = connexionswing {
+    inherit (pkgs.private.webapps) connexionswing;
-      config = myconfig.env.websites.connexionswing.integration;
+    config = myconfig.env.websites.connexionswing.integration;
-    };
+  };
-    connexionswing_prod = connexionswing {
+  connexionswing_prod = pkgs.callPackage ./connexionswing.nix {
-      config = myconfig.env.websites.connexionswing.production;
+    inherit (pkgs.private.webapps) connexionswing;
-    };
+    config = myconfig.env.websites.connexionswing.production;
+  };
-    cfg = config.services.myWebsites.Connexionswing;
+  cfg = config.services.myWebsites.Connexionswing;
 in {
  options.services.myWebsites.Connexionswing = {
    production = {
@@ -40,7 +41,7 @@ in {
      system.activationScripts.connexionswing_prod = connexionswing_prod.activationScript;
      system.extraSystemBuilderCmds = ''
        mkdir -p $out/webapps
-        ln -s ${connexionswing_prod.webRoot} $out/webapps/${connexionswing_prod.apache.webappName}
+        ln -s ${connexionswing_prod.app.webRoot} $out/webapps/${connexionswing_prod.apache.webappName}
        '';
      services.myWebsites.production.modules = connexionswing_prod.apache.modules;
      services.myWebsites.production.vhostConfs.connexionswing = {
@@ -61,7 +62,7 @@ in {
      system.activationScripts.connexionswing_dev = connexionswing_dev.activationScript;
      system.extraSystemBuilderCmds = ''
        mkdir -p $out/webapps
-        ln -s ${connexionswing_dev.webRoot} $out/webapps/${connexionswing_dev.apache.webappName}
+        ln -s ${connexionswing_dev.app.webRoot} $out/webapps/${connexionswing_dev.apache.webappName}
        '';
      services.myWebsites.integration.modules = connexionswing_dev.apache.modules;
      services.myWebsites.integration.vhostConfs.connexionswing = {
diff --git a/nixops/modules/websites/connexionswing/connexionswing.json b/pkgs/private/webapps/connexionswing/connexionswing.json
index 44d9f0e..44d9f0e 100644
--- a/nixops/modules/websites/connexionswing/connexionswing.json
+++ b/pkgs/private/webapps/connexionswing/connexionswing.json
diff --git a/pkgs/private/webapps/connexionswing/default.nix b/pkgs/private/webapps/connexionswing/default.nix
new file mode 100644
index 0000000..04e296b
--- /dev/null
+++ b/pkgs/private/webapps/connexionswing/default.nix
@@ -0,0 +1,27 @@
+{ environment ? "prod"
+, varDir ? "/var/lib/connexionswing_${environment}"
+, composerEnv, fetchurl, fetchgit, mylibs }:
+let
+  app = composerEnv.buildPackage (
+    import ./php-packages.nix { inherit composerEnv fetchurl fetchgit; } //
+    mylibs.fetchedGitPrivate ./connexionswing.json //
+    rec {
+      noDev = (environment == "prod");
+      preInstall = ''
+          export SYMFONY_ENV="${environment}"
+      '';
+      postInstall = ''
+          cd $out
+          ${if environment == "prod" then "php ./bin/console assetic:dump --env=prod --no-debug" else ""}
+          rm app/config/parameters.yml
+          ln -sf /var/secrets/webapps/${environment}-connexionswing app/config/parameters.yml
+          rm -rf var/{logs,cache}
+          ln -sf ${varDir}/var/{logs,cache} var/
+          ln -sf ${varDir}/{medias,uploads} web/images/
+      '';
+      passthru = {
+        inherit varDir environment;
+        webRoot = "${app}/web";
+      };
+    });
+in app
diff --git a/nixops/modules/websites/connexionswing/php-packages.nix b/pkgs/private/webapps/connexionswing/php-packages.nix
index 581b437..581b437 100644
--- a/nixops/modules/websites/connexionswing/php-packages.nix
+++ b/pkgs/private/webapps/connexionswing/php-packages.nix
diff --git a/pkgs/private/webapps/default.nix b/pkgs/private/webapps/default.nix
index 8c45b89..d11fe92 100644
--- a/pkgs/private/webapps/default.nix
+++ b/pkgs/private/webapps/default.nix
@@ -1,4 +1,5 @@
 { callPackage, mylibs, composerEnv, lib }:
 rec {
  aten = callPackage ./aten {};
+  connexionswing = callPackage ./connexionswing {};
 }

diff --git a/nixops/modules/websites/connexionswing/connexionswing.nix b/nixops/modules/websites/connexionswing/connexionswing.nix index 60ddb63..77b839c 100644 --- a/nixops/modules/websites/connexionswing/connexionswing.nix +++ b/nixops/modules/websites/connexionswing/connexionswing.nix
@@ -1,189 +1,166 @@
1	{ pkgs, lib, writeText, fetchedGitPrivate, stdenv, composerEnv, phpPackages, fetchurl, fetchgit }:	1	{ connexionswing, pkgs, phpPackages, config }:
2	let	2	rec {
3	connexionswing = { config }: rec {	3	app = connexionswing.override { inherit (config) environment; };
4	environment = config.environment;	4	keys = [{
5	varDir = "/var/lib/connexionswing_${environment}";	5	dest = "webapps/${app.environment}-connexionswing";
6	keys = [{	6	user = apache.user;
7	dest = "webapps/${environment}-connexionswing";	7	group = apache.group;
8	user = apache.user;	8	permissions = "0400";
9	group = apache.group;	9	text = ''
10	permissions = "0400";	10	# This file is auto-generated during the composer install
11	text = ''	11	parameters:
12	# This file is auto-generated during the composer install	12	database_host: ${config.mysql.host}
13	parameters:	13	database_port: ${config.mysql.port}
14	database_host: ${config.mysql.host}	14	database_name: ${config.mysql.name}
15	database_port: ${config.mysql.port}	15	database_user: ${config.mysql.user}
16	database_name: ${config.mysql.name}	16	database_password: ${config.mysql.password}
17	database_user: ${config.mysql.user}	17	database_server_version: ${pkgs.mariadb.mysqlVersion}
18	database_password: ${config.mysql.password}	18	mailer_transport: sendmail
19	database_server_version: ${pkgs.mariadb.mysqlVersion}	19	mailer_host: null
20	mailer_transport: sendmail	20	mailer_user: null
21	mailer_host: null	21	mailer_password: null
22	mailer_user: null	22	subscription_email: ${config.email}
23	mailer_password: null	23	allow_robots: true
24	subscription_email: ${config.email}	24	secret: ${config.secret}
25	allow_robots: true	25	${if app.environment == "prod" then ''
26	secret: ${config.secret}	26	services:
27	${if environment == "prod" then ''	27	swiftmailer.mailer.default.transport:
28	services:	28	class: Swift_SendmailTransport
29	swiftmailer.mailer.default.transport:	29	arguments: ['/run/wrappers/bin/sendmail -bs']
30	class: Swift_SendmailTransport	30	'' else ""}
31	arguments: ['/run/wrappers/bin/sendmail -bs']	31	'';
32	'' else ""}	32	}];
		33	phpFpm = rec {
		34	preStart = ''
		35	if [ ! -f "${app.varDir}/currentWebappDir" -o \
		36	! -f "${app.varDir}/currentKey" -o \
		37	"${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \
		38	\|\| ! sha512sum -c --status ${app.varDir}/currentKey; then
		39	pushd ${app} > /dev/null
		40	/run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${app.environment} cache:clear --no-warmup
		41	popd > /dev/null
		42	echo -n "${app}" > ${app.varDir}/currentWebappDir
		43	sha512sum /var/secrets/webapps/${app.environment}-connexionswing > ${app.varDir}/currentKey
		44	fi
33	'';	45	'';
34	}];	46	serviceDeps = [ "mysql.service" ];
35	phpFpm = rec {	47	socket = "/var/run/phpfpm/connexionswing-${app.environment}.sock";
36	preStart = ''	48	phpConfig = ''
37	if [ ! -f "${varDir}/currentWebappDir" -o \	49	extension=${phpPackages.imagick}/lib/php/extensions/imagick.so
38	! -f "${varDir}/currentKey" -o \	50	'';
39	"${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ] \	51	pool = ''
40	\|\| ! sha512sum -c --status ${varDir}/currentKey; then	52	listen = ${socket}
41	pushd ${webappDir} > /dev/null	53	user = ${apache.user}
42	/run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup	54	group = ${apache.group}
43	popd > /dev/null	55	listen.owner = ${apache.user}
44	echo -n "${webappDir}" > ${varDir}/currentWebappDir	56	listen.group = ${apache.group}
45	sha512sum /var/secrets/webapps/${environment}-connexionswing > ${varDir}/currentKey	57	php_admin_value[upload_max_filesize] = 20M
46	fi	58	php_admin_value[post_max_size] = 20M
47	'';	59	;php_admin_flag[log_errors] = on
48	serviceDeps = [ "mysql.service" ];	60	php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/secrets/webapps/${app.environment}-connexionswing:${app}:${app.varDir}:/tmp"
49	socket = "/var/run/phpfpm/connexionswing-${environment}.sock";	61	php_admin_value[session.save_path] = "${app.varDir}/phpSessions"
50	phpConfig = ''	62	${if app.environment == "dev" then ''
51	extension=${phpPackages.imagick}/lib/php/extensions/imagick.so	63	pm = ondemand
52	'';	64	pm.max_children = 5
53	pool = ''	65	pm.process_idle_timeout = 60
54	listen = ${socket}	66	env[SYMFONY_DEBUG_MODE] = "yes"
55	user = ${apache.user}	67	'' else ''
56	group = ${apache.group}	68	pm = dynamic
57	listen.owner = ${apache.user}	69	pm.max_children = 20
58	listen.group = ${apache.group}	70	pm.start_servers = 2
59	php_admin_value[upload_max_filesize] = 20M	71	pm.min_spare_servers = 1
60	php_admin_value[post_max_size] = 20M	72	pm.max_spare_servers = 3
61	;php_admin_flag[log_errors] = on	73	''}'';
62	php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/secrets/webapps/${environment}-connexionswing:${webappDir}:${varDir}:/tmp"	74	};
63	php_admin_value[session.save_path] = "${varDir}/phpSessions"	75	apache = rec {
64	${if environment == "dev" then ''	76	user = "wwwrun";
65	pm = ondemand	77	group = "wwwrun";
66	pm.max_children = 5	78	modules = [ "proxy_fcgi" ];
67	pm.process_idle_timeout = 60	79	webappName = "connexionswing_${app.environment}";
68	env[SYMFONY_DEBUG_MODE] = "yes"	80	root = "/run/current-system/webapps/${webappName}";
69	'' else ''	81	vhostConf = ''
70	pm = dynamic	82	<FilesMatch "\.php$">
71	pm.max_children = 20	83	SetHandler "proxy:unix:${phpFpm.socket}\|fcgi://localhost"
72	pm.start_servers = 2	84	</FilesMatch>
73	pm.min_spare_servers = 1
74	pm.max_spare_servers = 3
75	''}'';
76	};
77	apache = rec {
78	user = "wwwrun";
79	group = "wwwrun";
80	modules = [ "proxy_fcgi" ];
81	webappName = "connexionswing_${environment}";
82	root = "/run/current-system/webapps/${webappName}";
83	vhostConf = ''
84	<FilesMatch "\.php$">
85	SetHandler "proxy:unix:${phpFpm.socket}\|fcgi://localhost"
86	</FilesMatch>
87		85
88	<Directory ${varDir}/medias>	86	<Directory ${app.varDir}/medias>
89	Options FollowSymLinks	87	Options FollowSymLinks
90	AllowOverride None	88	AllowOverride None
91	Require all granted	89	Require all granted
92	</Directory>	90	</Directory>
93		91
94	<Directory ${varDir}/uploads>	92	<Directory ${app.varDir}/uploads>
95	Options FollowSymLinks	93	Options FollowSymLinks
96	AllowOverride None	94	AllowOverride None
97	Require all granted	95	Require all granted
98	</Directory>	96	</Directory>
99		97
100	${if environment == "dev" then ''	98	${if app.environment == "dev" then ''
101	<Location />	99	<Location />
102	Use LDAPConnect	100	Use LDAPConnect
103	Require ldap-group cn=connexionswing.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu	101	Require ldap-group cn=connexionswing.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
104	ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://connexionswing.com\"></html>"	102	ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://connexionswing.com\"></html>"
105	</Location>	103	</Location>
106		104
107	<Directory ${root}>	105	<Directory ${root}>
108	Options Indexes FollowSymLinks MultiViews Includes	106	Options Indexes FollowSymLinks MultiViews Includes
109	AllowOverride None	107	AllowOverride None
110	Require all granted	108	Require all granted
111		109
112	DirectoryIndex app_dev.php	110	DirectoryIndex app_dev.php
113		111
114	<IfModule mod_negotiation.c>	112	<IfModule mod_negotiation.c>
115	Options -MultiViews	113	Options -MultiViews
116	</IfModule>	114	</IfModule>
117		115
118	<IfModule mod_rewrite.c>	116	<IfModule mod_rewrite.c>
119	RewriteEngine On	117	RewriteEngine On
120		118
121	RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$	119	RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
122	RewriteRule ^(.*) - [E=BASE:%1]	120	RewriteRule ^(.*) - [E=BASE:%1]
123		121
124	# Maintenance script	122	# Maintenance script
125	RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f	123	RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f
126	RewriteCond %{SCRIPT_FILENAME} !maintenance.php	124	RewriteCond %{SCRIPT_FILENAME} !maintenance.php
127	RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]	125	RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]
128	ErrorDocument 503 /maintenance.php	126	ErrorDocument 503 /maintenance.php
129		127
130	# Sets the HTTP_AUTHORIZATION header removed by Apache	128	# Sets the HTTP_AUTHORIZATION header removed by Apache
131	RewriteCond %{HTTP:Authorization} .	129	RewriteCond %{HTTP:Authorization} .
132	RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]	130	RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
133		131
134	RewriteCond %{ENV:REDIRECT_STATUS} ^$	132	RewriteCond %{ENV:REDIRECT_STATUS} ^$
135	RewriteRule ^app_dev\.php(?:/(.*)\|$) %{ENV:BASE}/$1 [R=301,L]	133	RewriteRule ^app_dev\.php(?:/(.*)\|$) %{ENV:BASE}/$1 [R=301,L]
136		134
137	# If the requested filename exists, simply serve it.	135	# If the requested filename exists, simply serve it.
138	# We only want to let Apache serve files and not directories.	136	# We only want to let Apache serve files and not directories.
139	RewriteCond %{REQUEST_FILENAME} -f	137	RewriteCond %{REQUEST_FILENAME} -f
140	RewriteRule ^ - [L]	138	RewriteRule ^ - [L]
141		139
142	# Rewrite all other queries to the front controller.	140	# Rewrite all other queries to the front controller.
143	RewriteRule ^ %{ENV:BASE}/app_dev.php [L]	141	RewriteRule ^ %{ENV:BASE}/app_dev.php [L]
144	</IfModule>	142	</IfModule>
145		143
146	</Directory>	144	</Directory>
147	'' else ''	145	'' else ''
148	Use Stats connexionswing.com	146	Use Stats connexionswing.com
149		147
150	<Directory ${root}>	148	<Directory ${root}>
151	Options Indexes FollowSymLinks MultiViews Includes	149	Options Indexes FollowSymLinks MultiViews Includes
152	AllowOverride All	150	AllowOverride All
153	Require all granted	151	Require all granted
154	</Directory>	152	</Directory>
155	''}	153	''}
156	'';	154	'';
157	};	155	};
158	activationScript = {	156	activationScript = {
159	deps = [ "wrappers" ];	157	deps = [ "wrappers" ];
160	text = ''	158	text = ''
161	install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \	159	install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} \
162	${varDir}/medias \	160	${app.varDir}/medias \
163	${varDir}/uploads \	161	${app.varDir}/uploads \
164	${varDir}/var	162	${app.varDir}/var
165	install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions	163	install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions
166	'';	164	'';
167	};
168	webappDir = composerEnv.buildPackage (
169	import ./php-packages.nix { inherit composerEnv fetchurl fetchgit; } //
170	fetchedGitPrivate ./connexionswing.json //
171	rec {
172	noDev = (environment == "prod");
173	preInstall = ''
174	export SYMFONY_ENV="${environment}"
175	'';
176	postInstall = ''
177	cd $out
178	${if environment == "prod" then "php ./bin/console assetic:dump --env=prod --no-debug" else ""}
179	rm app/config/parameters.yml
180	ln -sf /var/secrets/webapps/${environment}-connexionswing app/config/parameters.yml
181	rm -rf var/{logs,cache}
182	ln -sf ${varDir}/var/{logs,cache} var/
183	ln -sf ${varDir}/{medias,uploads} web/images/
184	'';
185	});
186	webRoot = "${webappDir}/web";
187	};	165	};
188	in	166	}
189	connexionswing


diff --git a/nixops/modules/websites/connexionswing/default.nix b/nixops/modules/websites/connexionswing/default.nix index 773c8de..2f82428 100644 --- a/nixops/modules/websites/connexionswing/default.nix +++ b/nixops/modules/websites/connexionswing/default.nix
@@ -1,14 +1,15 @@
1	{ lib, pkgs, config, mylibs, myconfig, ... }:	1	{ lib, pkgs, config, mylibs, myconfig, ... }:
2	let	2	let
3	connexionswing = pkgs.callPackage ./connexionswing.nix { inherit (mylibs) fetchedGitPrivate; };	3	connexionswing_dev = pkgs.callPackage ./connexionswing.nix {
4	connexionswing_dev = connexionswing {	4	inherit (pkgs.private.webapps) connexionswing;
5	config = myconfig.env.websites.connexionswing.integration;	5	config = myconfig.env.websites.connexionswing.integration;
6	};	6	};
7	connexionswing_prod = connexionswing {	7	connexionswing_prod = pkgs.callPackage ./connexionswing.nix {
8	config = myconfig.env.websites.connexionswing.production;	8	inherit (pkgs.private.webapps) connexionswing;
9	};	9	config = myconfig.env.websites.connexionswing.production;
		10	};
10		11
11	cfg = config.services.myWebsites.Connexionswing;	12	cfg = config.services.myWebsites.Connexionswing;
12	in {	13	in {
13	options.services.myWebsites.Connexionswing = {	14	options.services.myWebsites.Connexionswing = {
14	production = {	15	production = {
@@ -40,7 +41,7 @@ in {
40	system.activationScripts.connexionswing_prod = connexionswing_prod.activationScript;	41	system.activationScripts.connexionswing_prod = connexionswing_prod.activationScript;
41	system.extraSystemBuilderCmds = ''	42	system.extraSystemBuilderCmds = ''
42	mkdir -p $out/webapps	43	mkdir -p $out/webapps
43	ln -s ${connexionswing_prod.webRoot} $out/webapps/${connexionswing_prod.apache.webappName}	44	ln -s ${connexionswing_prod.app.webRoot} $out/webapps/${connexionswing_prod.apache.webappName}
44	'';	45	'';
45	services.myWebsites.production.modules = connexionswing_prod.apache.modules;	46	services.myWebsites.production.modules = connexionswing_prod.apache.modules;
46	services.myWebsites.production.vhostConfs.connexionswing = {	47	services.myWebsites.production.vhostConfs.connexionswing = {
@@ -61,7 +62,7 @@ in {
61	system.activationScripts.connexionswing_dev = connexionswing_dev.activationScript;	62	system.activationScripts.connexionswing_dev = connexionswing_dev.activationScript;
62	system.extraSystemBuilderCmds = ''	63	system.extraSystemBuilderCmds = ''
63	mkdir -p $out/webapps	64	mkdir -p $out/webapps
64	ln -s ${connexionswing_dev.webRoot} $out/webapps/${connexionswing_dev.apache.webappName}	65	ln -s ${connexionswing_dev.app.webRoot} $out/webapps/${connexionswing_dev.apache.webappName}
65	'';	66	'';
66	services.myWebsites.integration.modules = connexionswing_dev.apache.modules;	67	services.myWebsites.integration.modules = connexionswing_dev.apache.modules;
67	services.myWebsites.integration.vhostConfs.connexionswing = {	68	services.myWebsites.integration.vhostConfs.connexionswing = {


diff --git a/nixops/modules/websites/connexionswing/connexionswing.json b/pkgs/private/webapps/connexionswing/connexionswing.json index 44d9f0e..44d9f0e 100644 --- a/nixops/modules/websites/connexionswing/connexionswing.json +++ b/pkgs/private/webapps/connexionswing/connexionswing.json


diff --git a/pkgs/private/webapps/connexionswing/default.nix b/pkgs/private/webapps/connexionswing/default.nix new file mode 100644 index 0000000..04e296b --- /dev/null +++ b/pkgs/private/webapps/connexionswing/default.nix
@@ -0,0 +1,27 @@
		1	{ environment ? "prod"
		2	, varDir ? "/var/lib/connexionswing_${environment}"
		3	, composerEnv, fetchurl, fetchgit, mylibs }:
		4	let
		5	app = composerEnv.buildPackage (
		6	import ./php-packages.nix { inherit composerEnv fetchurl fetchgit; } //
		7	mylibs.fetchedGitPrivate ./connexionswing.json //
		8	rec {
		9	noDev = (environment == "prod");
		10	preInstall = ''
		11	export SYMFONY_ENV="${environment}"
		12	'';
		13	postInstall = ''
		14	cd $out
		15	${if environment == "prod" then "php ./bin/console assetic:dump --env=prod --no-debug" else ""}
		16	rm app/config/parameters.yml
		17	ln -sf /var/secrets/webapps/${environment}-connexionswing app/config/parameters.yml
		18	rm -rf var/{logs,cache}
		19	ln -sf ${varDir}/var/{logs,cache} var/
		20	ln -sf ${varDir}/{medias,uploads} web/images/
		21	'';
		22	passthru = {
		23	inherit varDir environment;
		24	webRoot = "${app}/web";
		25	};
		26	});
		27	in app


diff --git a/nixops/modules/websites/connexionswing/php-packages.nix b/pkgs/private/webapps/connexionswing/php-packages.nix index 581b437..581b437 100644 --- a/nixops/modules/websites/connexionswing/php-packages.nix +++ b/pkgs/private/webapps/connexionswing/php-packages.nix


diff --git a/pkgs/private/webapps/default.nix b/pkgs/private/webapps/default.nix index 8c45b89..d11fe92 100644 --- a/pkgs/private/webapps/default.nix +++ b/pkgs/private/webapps/default.nix
@@ -1,4 +1,5 @@
1	{ callPackage, mylibs, composerEnv, lib }:	1	{ callPackage, mylibs, composerEnv, lib }:
2	rec {	2	rec {
3	aten = callPackage ./aten {};	3	aten = callPackage ./aten {};
		4	connexionswing = callPackage ./connexionswing {};
4	}	5	}