diff options
-rw-r--r-- | nixops/modules/websites/chloe/chloe.nix | 224 | ||||
-rw-r--r-- | nixops/modules/websites/chloe/default.nix | 21 | ||||
-rw-r--r-- | pkgs/private/default.nix | 6 | ||||
-rw-r--r-- | pkgs/private/webapps/chloe/chloe.json (renamed from nixops/modules/websites/chloe/chloe.json) | 0 | ||||
-rw-r--r-- | pkgs/private/webapps/chloe/default.nix | 19 | ||||
-rw-r--r-- | pkgs/private/webapps/default.nix | 3 | ||||
-rw-r--r-- | pkgs/webapps/default.nix | 1 | ||||
-rw-r--r-- | pkgs/webapps/spip/default.nix | 32 | ||||
-rw-r--r-- | pkgs/webapps/spip/spip_ldap_patch.patch (renamed from nixops/modules/websites/commons/spip/spip_ldap_patch.patch) | 0 | ||||
-rw-r--r-- | pkgs/webapps/spip/spip_mes_options.php (renamed from nixops/modules/websites/commons/spip/spip_mes_options.php) | 0 |
10 files changed, 166 insertions, 140 deletions
diff --git a/nixops/modules/websites/chloe/chloe.nix b/nixops/modules/websites/chloe/chloe.nix index e2381d8..2847b9d 100644 --- a/nixops/modules/websites/chloe/chloe.nix +++ b/nixops/modules/websites/chloe/chloe.nix | |||
@@ -1,137 +1,105 @@ | |||
1 | { stdenv, lib, fetchzip, fetchurl, fetchedGitPrivate, sassc }: | 1 | { chloe, config }: |
2 | let | 2 | rec { |
3 | chloe = { config }: rec { | 3 | app = chloe.override { inherit (config) environment; }; |
4 | environment = config.environment; | 4 | phpFpm = rec { |
5 | phpFpm = rec { | 5 | serviceDeps = [ "mysql.service" ]; |
6 | serviceDeps = [ "mysql.service" ]; | 6 | socket = "/var/run/phpfpm/chloe-${app.environment}.sock"; |
7 | socket = "/var/run/phpfpm/chloe-${environment}.sock"; | 7 | pool = '' |
8 | pool = '' | 8 | listen = ${socket} |
9 | listen = ${socket} | 9 | user = ${apache.user} |
10 | user = ${apache.user} | 10 | group = ${apache.group} |
11 | group = ${apache.group} | 11 | listen.owner = ${apache.user} |
12 | listen.owner = ${apache.user} | 12 | listen.group = ${apache.group} |
13 | listen.group = ${apache.group} | 13 | php_admin_value[upload_max_filesize] = 20M |
14 | php_admin_value[upload_max_filesize] = 20M | 14 | php_admin_value[post_max_size] = 20M |
15 | php_admin_value[post_max_size] = 20M | 15 | ;php_admin_flag[log_errors] = on |
16 | ;php_admin_flag[log_errors] = on | 16 | php_admin_value[open_basedir] = "${app.spipConfig}:${configDir}:${app}:${app.varDir}:/tmp" |
17 | php_admin_value[open_basedir] = "${../commons/spip/spip_mes_options.php}:${configDir}:${webRoot}:${varDir}:/tmp" | 17 | php_admin_value[session.save_path] = "${app.varDir}/phpSessions" |
18 | php_admin_value[session.save_path] = "${varDir}/phpSessions" | 18 | ${if app.environment == "dev" then '' |
19 | ${if environment == "dev" then '' | 19 | pm = ondemand |
20 | pm = ondemand | 20 | pm.max_children = 5 |
21 | pm.max_children = 5 | 21 | pm.process_idle_timeout = 60 |
22 | pm.process_idle_timeout = 60 | 22 | '' else '' |
23 | '' else '' | 23 | pm = dynamic |
24 | pm = dynamic | 24 | pm.max_children = 20 |
25 | pm.max_children = 20 | 25 | pm.start_servers = 2 |
26 | pm.start_servers = 2 | 26 | pm.min_spare_servers = 1 |
27 | pm.min_spare_servers = 1 | 27 | pm.max_spare_servers = 3 |
28 | pm.max_spare_servers = 3 | 28 | ''}''; |
29 | ''}''; | 29 | }; |
30 | }; | 30 | keys = [{ |
31 | keys = [{ | 31 | dest = "webapps/${app.environment}-chloe"; |
32 | dest = "webapps/${environment}-chloe"; | 32 | user = apache.user; |
33 | user = apache.user; | 33 | group = apache.group; |
34 | group = apache.group; | 34 | permissions = "0400"; |
35 | permissions = "0400"; | 35 | text = '' |
36 | text = '' | 36 | SetEnv SPIP_CONFIG_DIR "${configDir}" |
37 | SetEnv SPIP_CONFIG_DIR "${configDir}" | 37 | SetEnv SPIP_VAR_DIR "${app.varDir}" |
38 | SetEnv SPIP_VAR_DIR "${varDir}" | 38 | SetEnv SPIP_SITE "chloe-${app.environment}" |
39 | SetEnv SPIP_SITE "chloe-${environment}" | 39 | SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu" |
40 | SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu" | 40 | SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu" |
41 | SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu" | 41 | SetEnv SPIP_LDAP_SEARCH_DN "${config.ldap.dn}" |
42 | SetEnv SPIP_LDAP_SEARCH_DN "${config.ldap.dn}" | 42 | SetEnv SPIP_LDAP_SEARCH_PW "${config.ldap.password}" |
43 | SetEnv SPIP_LDAP_SEARCH_PW "${config.ldap.password}" | 43 | SetEnv SPIP_LDAP_SEARCH "${config.ldap.search}" |
44 | SetEnv SPIP_LDAP_SEARCH "${config.ldap.search}" | 44 | SetEnv SPIP_MYSQL_HOST "${config.mysql.host}" |
45 | SetEnv SPIP_MYSQL_HOST "${config.mysql.host}" | 45 | SetEnv SPIP_MYSQL_PORT "${config.mysql.port}" |
46 | SetEnv SPIP_MYSQL_PORT "${config.mysql.port}" | 46 | SetEnv SPIP_MYSQL_DB "${config.mysql.name}" |
47 | SetEnv SPIP_MYSQL_DB "${config.mysql.name}" | 47 | SetEnv SPIP_MYSQL_USER "${config.mysql.user}" |
48 | SetEnv SPIP_MYSQL_USER "${config.mysql.user}" | 48 | SetEnv SPIP_MYSQL_PASSWORD "${config.mysql.password}" |
49 | SetEnv SPIP_MYSQL_PASSWORD "${config.mysql.password}" | 49 | ''; |
50 | ''; | 50 | }]; |
51 | }]; | 51 | apache = rec { |
52 | apache = rec { | 52 | user = "wwwrun"; |
53 | user = "wwwrun"; | 53 | group = "wwwrun"; |
54 | group = "wwwrun"; | 54 | modules = [ "proxy_fcgi" ]; |
55 | modules = [ "proxy_fcgi" ]; | 55 | webappName = "chloe_${app.environment}"; |
56 | webappName = "chloe_${environment}"; | 56 | root = "/run/current-system/webapps/${webappName}"; |
57 | root = "/run/current-system/webapps/${webappName}"; | 57 | vhostConf = '' |
58 | vhostConf = '' | 58 | Include /var/secrets/webapps/${app.environment}-chloe |
59 | Include /var/secrets/webapps/${environment}-chloe | ||
60 | 59 | ||
61 | RewriteEngine On | 60 | RewriteEngine On |
62 | ${if environment == "prod" then '' | 61 | ${if app.environment == "prod" then '' |
63 | RewriteRule ^/news.rss /spip.php?page=backend&id_rubrique=1 | 62 | RewriteRule ^/news.rss /spip.php?page=backend&id_rubrique=1 |
64 | '' else ""} | 63 | '' else ""} |
65 | 64 | ||
66 | <FilesMatch "\.php$"> | 65 | <FilesMatch "\.php$"> |
67 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | 66 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" |
68 | </FilesMatch> | 67 | </FilesMatch> |
69 | 68 | ||
70 | <Directory ${root}> | 69 | <Directory ${root}> |
71 | DirectoryIndex index.php index.htm index.html | 70 | DirectoryIndex index.php index.htm index.html |
72 | Options -Indexes +FollowSymLinks +MultiViews +Includes | 71 | Options -Indexes +FollowSymLinks +MultiViews +Includes |
73 | Include ${root}/htaccess.txt | 72 | Include ${root}/htaccess.txt |
74 | 73 | ||
75 | AllowOverride AuthConfig FileInfo Limit | 74 | AllowOverride AuthConfig FileInfo Limit |
76 | Require all granted | 75 | Require all granted |
77 | </Directory> | 76 | </Directory> |
78 | 77 | ||
79 | <DirectoryMatch "${root}/squelettes"> | 78 | <DirectoryMatch "${root}/squelettes"> |
80 | Require all denied | 79 | Require all denied |
81 | </DirectoryMatch> | 80 | </DirectoryMatch> |
82 | 81 | ||
83 | <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$"> | 82 | <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$"> |
84 | Require all denied | 83 | Require all denied |
85 | </FilesMatch> | 84 | </FilesMatch> |
86 | 85 | ||
87 | ${if environment == "dev" then '' | 86 | ${if app.environment == "dev" then '' |
88 | <Location /> | 87 | <Location /> |
89 | Use LDAPConnect | 88 | Use LDAPConnect |
90 | Require ldap-group cn=chloe.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu | 89 | Require ldap-group cn=chloe.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu |
91 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://osteopathe-cc.fr\"></html>" | 90 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://osteopathe-cc.fr\"></html>" |
92 | </Location> | 91 | </Location> |
93 | '' else '' | 92 | '' else '' |
94 | Use Stats osteopathe-cc.fr | 93 | Use Stats osteopathe-cc.fr |
95 | ''} | 94 | ''} |
96 | ''; | ||
97 | }; | ||
98 | activationScript = { | ||
99 | deps = [ "wrappers" ]; | ||
100 | text = '' | ||
101 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} ${varDir}/IMG ${varDir}/tmp ${varDir}/local | ||
102 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions | ||
103 | ''; | ||
104 | }; | ||
105 | configDir = ./chloe_config_ + environment; | ||
106 | varDir = "/var/lib/chloe_${environment}"; | ||
107 | siteDir = stdenv.mkDerivation (fetchedGitPrivate ./chloe.json // rec { | ||
108 | buildPhase = '' | ||
109 | make | ||
110 | ''; | ||
111 | installPhase = '' | ||
112 | cp -a . $out | ||
113 | ''; | ||
114 | buildInputs = [ sassc ]; | ||
115 | }); | ||
116 | webRoot = stdenv.mkDerivation rec { | ||
117 | name = "chloe-${environment}-spip-${version}"; | ||
118 | version = "3.2.3"; | ||
119 | src = fetchzip { | ||
120 | url = "https://files.spip.net/spip/archives/SPIP-v${version}.zip"; | ||
121 | sha256 = "1r1mjvsnrp6mvkgjakvi3x4ms8m8k5mp93micbbg8r99fj7qlfkq"; | ||
122 | }; | ||
123 | paches = [ ../commons/spip/spip_ldap_patch.patch ]; | ||
124 | buildPhase = '' | ||
125 | rm -rf IMG local tmp config/remove.txt | ||
126 | ln -sf ${../commons/spip/spip_mes_options.php} config/mes_options.php | ||
127 | echo "Require all denied" > "config/.htaccess" | ||
128 | ln -sf ${varDir}/{IMG,local} . | ||
129 | ''; | 95 | ''; |
130 | installPhase = '' | ||
131 | cp -a . $out | ||
132 | cp -a ${siteDir}/* $out | ||
133 | ''; | ||
134 | }; | ||
135 | }; | 96 | }; |
136 | in | 97 | activationScript = { |
137 | chloe | 98 | deps = [ "wrappers" ]; |
99 | text = '' | ||
100 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local | ||
101 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions | ||
102 | ''; | ||
103 | }; | ||
104 | configDir = ./chloe_config_ + app.environment; | ||
105 | } | ||
diff --git a/nixops/modules/websites/chloe/default.nix b/nixops/modules/websites/chloe/default.nix index a542d70..874b81b 100644 --- a/nixops/modules/websites/chloe/default.nix +++ b/nixops/modules/websites/chloe/default.nix | |||
@@ -1,14 +1,15 @@ | |||
1 | { lib, pkgs, config, myconfig, mylibs, ... }: | 1 | { lib, pkgs, config, myconfig, mylibs, ... }: |
2 | let | 2 | let |
3 | chloe = pkgs.callPackage ./chloe.nix { inherit (mylibs) fetchedGitPrivate; }; | 3 | chloe_dev = pkgs.callPackage ./chloe.nix { |
4 | chloe_dev = chloe { | 4 | inherit (pkgs.private.webapps) chloe; |
5 | config = myconfig.env.websites.chloe.integration; | 5 | config = myconfig.env.websites.chloe.integration; |
6 | }; | 6 | }; |
7 | chloe_prod = chloe { | 7 | chloe_prod = pkgs.callPackage ./chloe.nix { |
8 | config = myconfig.env.websites.chloe.production; | 8 | inherit (pkgs.private.webapps) chloe; |
9 | }; | 9 | config = myconfig.env.websites.chloe.production; |
10 | }; | ||
10 | 11 | ||
11 | cfg = config.services.myWebsites.Chloe; | 12 | cfg = config.services.myWebsites.Chloe; |
12 | in { | 13 | in { |
13 | options.services.myWebsites.Chloe = { | 14 | options.services.myWebsites.Chloe = { |
14 | production = { | 15 | production = { |
@@ -39,7 +40,7 @@ in { | |||
39 | system.activationScripts.chloe_prod = chloe_prod.activationScript; | 40 | system.activationScripts.chloe_prod = chloe_prod.activationScript; |
40 | system.extraSystemBuilderCmds = '' | 41 | system.extraSystemBuilderCmds = '' |
41 | mkdir -p $out/webapps | 42 | mkdir -p $out/webapps |
42 | ln -s ${chloe_prod.webRoot} $out/webapps/${chloe_prod.apache.webappName} | 43 | ln -s ${chloe_prod.app.webRoot} $out/webapps/${chloe_prod.apache.webappName} |
43 | ''; | 44 | ''; |
44 | services.myWebsites.production.modules = chloe_prod.apache.modules; | 45 | services.myWebsites.production.modules = chloe_prod.apache.modules; |
45 | services.myWebsites.production.vhostConfs.chloe = { | 46 | services.myWebsites.production.vhostConfs.chloe = { |
@@ -60,7 +61,7 @@ in { | |||
60 | system.activationScripts.chloe_dev = chloe_dev.activationScript; | 61 | system.activationScripts.chloe_dev = chloe_dev.activationScript; |
61 | system.extraSystemBuilderCmds = '' | 62 | system.extraSystemBuilderCmds = '' |
62 | mkdir -p $out/webapps | 63 | mkdir -p $out/webapps |
63 | ln -s ${chloe_dev.webRoot} $out/webapps/${chloe_dev.apache.webappName} | 64 | ln -s ${chloe_dev.app.webRoot} $out/webapps/${chloe_dev.apache.webappName} |
64 | ''; | 65 | ''; |
65 | services.myWebsites.integration.modules = chloe_dev.apache.modules; | 66 | services.myWebsites.integration.modules = chloe_dev.apache.modules; |
66 | services.myWebsites.integration.vhostConfs.chloe = { | 67 | services.myWebsites.integration.vhostConfs.chloe = { |
diff --git a/pkgs/private/default.nix b/pkgs/private/default.nix index 951a23f..60fabad 100644 --- a/pkgs/private/default.nix +++ b/pkgs/private/default.nix | |||
@@ -4,5 +4,9 @@ let | |||
4 | mylibs = import ../../libs.nix { inherit pkgs; }; | 4 | mylibs = import ../../libs.nix { inherit pkgs; }; |
5 | in | 5 | in |
6 | rec { | 6 | rec { |
7 | webapps = callPackage ./webapps { inherit mylibs; inherit (pkgs) composerEnv; }; | 7 | webapps = callPackage ./webapps { |
8 | inherit mylibs; | ||
9 | inherit (pkgs) composerEnv; | ||
10 | inherit (pkgs.webapps) spip; | ||
11 | }; | ||
8 | } | 12 | } |
diff --git a/nixops/modules/websites/chloe/chloe.json b/pkgs/private/webapps/chloe/chloe.json index 686d751..686d751 100644 --- a/nixops/modules/websites/chloe/chloe.json +++ b/pkgs/private/webapps/chloe/chloe.json | |||
diff --git a/pkgs/private/webapps/chloe/default.nix b/pkgs/private/webapps/chloe/default.nix new file mode 100644 index 0000000..f148d4b --- /dev/null +++ b/pkgs/private/webapps/chloe/default.nix | |||
@@ -0,0 +1,19 @@ | |||
1 | { environment ? "prod" | ||
2 | , varDir ? "/var/lib/chloe_${environment}" | ||
3 | , spip, stdenv, mylibs, sassc }: | ||
4 | let | ||
5 | siteDir = stdenv.mkDerivation (mylibs.fetchedGitPrivate ./chloe.json // rec { | ||
6 | buildPhase = '' | ||
7 | make | ||
8 | ''; | ||
9 | installPhase = '' | ||
10 | cp -a . $out | ||
11 | ''; | ||
12 | buildInputs = [ sassc ]; | ||
13 | }); | ||
14 | in | ||
15 | spip.override { | ||
16 | ldap = true; | ||
17 | siteName = "chloe"; | ||
18 | inherit environment siteDir; | ||
19 | } | ||
diff --git a/pkgs/private/webapps/default.nix b/pkgs/private/webapps/default.nix index 46ad31c..14fd544 100644 --- a/pkgs/private/webapps/default.nix +++ b/pkgs/private/webapps/default.nix | |||
@@ -1,6 +1,7 @@ | |||
1 | { callPackage, mylibs, composerEnv, lib }: | 1 | { callPackage, mylibs, composerEnv, lib, spip }: |
2 | rec { | 2 | rec { |
3 | aten = callPackage ./aten { inherit composerEnv mylibs; }; | 3 | aten = callPackage ./aten { inherit composerEnv mylibs; }; |
4 | chloe = callPackage ./chloe { inherit mylibs spip; }; | ||
4 | connexionswing = callPackage ./connexionswing { inherit composerEnv mylibs;}; | 5 | connexionswing = callPackage ./connexionswing { inherit composerEnv mylibs;}; |
5 | ludivinecassal = callPackage ./ludivinecassal { inherit composerEnv mylibs; }; | 6 | ludivinecassal = callPackage ./ludivinecassal { inherit composerEnv mylibs; }; |
6 | piedsjaloux = callPackage ./piedsjaloux { inherit composerEnv mylibs; }; | 7 | piedsjaloux = callPackage ./piedsjaloux { inherit composerEnv mylibs; }; |
diff --git a/pkgs/webapps/default.nix b/pkgs/webapps/default.nix index 0ef6736..229609f 100644 --- a/pkgs/webapps/default.nix +++ b/pkgs/webapps/default.nix | |||
@@ -86,6 +86,7 @@ rec { | |||
86 | lib.attrsets.genAttrs names | 86 | lib.attrsets.genAttrs names |
87 | (name: callPackage (./roundcubemail/plugins + "/${name}") { buildPlugin = roundcubemail.buildPlugin; }); | 87 | (name: callPackage (./roundcubemail/plugins + "/${name}") { buildPlugin = roundcubemail.buildPlugin; }); |
88 | 88 | ||
89 | spip = callPackage ./spip {}; | ||
89 | taskwarrior-web = callPackage ./taskwarrior-web { inherit mylibs; }; | 90 | taskwarrior-web = callPackage ./taskwarrior-web { inherit mylibs; }; |
90 | 91 | ||
91 | ttrss = callPackage ./ttrss { inherit mylibs; }; | 92 | ttrss = callPackage ./ttrss { inherit mylibs; }; |
diff --git a/pkgs/webapps/spip/default.nix b/pkgs/webapps/spip/default.nix new file mode 100644 index 0000000..8099f53 --- /dev/null +++ b/pkgs/webapps/spip/default.nix | |||
@@ -0,0 +1,32 @@ | |||
1 | { siteName ? "spip" | ||
2 | , siteDir ? runCommand "empty" { preferLocalBuild = true; } "mkdir -p $out" | ||
3 | , environment ? "prod" | ||
4 | , ldap ? false | ||
5 | , varDir ? "/var/lib/${siteName}_${environment}" | ||
6 | , lib, fetchzip, runCommand, stdenv }: | ||
7 | let | ||
8 | app = stdenv.mkDerivation rec { | ||
9 | name = "${siteName}-${environment}-spip-${version}"; | ||
10 | version = "3.2.3"; | ||
11 | src = fetchzip { | ||
12 | url = "https://files.spip.net/spip/archives/SPIP-v${version}.zip"; | ||
13 | sha256 = "1r1mjvsnrp6mvkgjakvi3x4ms8m8k5mp93micbbg8r99fj7qlfkq"; | ||
14 | }; | ||
15 | paches = lib.optionals ldap [ ./spip_ldap_patch.patch ]; | ||
16 | buildPhase = '' | ||
17 | rm -rf IMG local tmp config/remove.txt | ||
18 | ln -sf ${./spip_mes_options.php} config/mes_options.php | ||
19 | echo "Require all denied" > "config/.htaccess" | ||
20 | ln -sf ${varDir}/{IMG,local} . | ||
21 | ''; | ||
22 | installPhase = '' | ||
23 | cp -a . $out | ||
24 | cp -a ${siteDir}/* $out | ||
25 | ''; | ||
26 | passthru = { | ||
27 | inherit siteName siteDir environment varDir; | ||
28 | webRoot = app; | ||
29 | spipConfig = ./spip_mes_options.php; | ||
30 | }; | ||
31 | }; | ||
32 | in app | ||
diff --git a/nixops/modules/websites/commons/spip/spip_ldap_patch.patch b/pkgs/webapps/spip/spip_ldap_patch.patch index 653c909..653c909 100644 --- a/nixops/modules/websites/commons/spip/spip_ldap_patch.patch +++ b/pkgs/webapps/spip/spip_ldap_patch.patch | |||
diff --git a/nixops/modules/websites/commons/spip/spip_mes_options.php b/pkgs/webapps/spip/spip_mes_options.php index 8db8389..8db8389 100644 --- a/nixops/modules/websites/commons/spip/spip_mes_options.php +++ b/pkgs/webapps/spip/spip_mes_options.php | |||