aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--nixops/modules/websites/chloe/chloe.nix224
-rw-r--r--nixops/modules/websites/chloe/default.nix21
-rw-r--r--pkgs/private/default.nix6
-rw-r--r--pkgs/private/webapps/chloe/chloe.json (renamed from nixops/modules/websites/chloe/chloe.json)0
-rw-r--r--pkgs/private/webapps/chloe/default.nix19
-rw-r--r--pkgs/private/webapps/default.nix3
-rw-r--r--pkgs/webapps/default.nix1
-rw-r--r--pkgs/webapps/spip/default.nix32
-rw-r--r--pkgs/webapps/spip/spip_ldap_patch.patch (renamed from nixops/modules/websites/commons/spip/spip_ldap_patch.patch)0
-rw-r--r--pkgs/webapps/spip/spip_mes_options.php (renamed from nixops/modules/websites/commons/spip/spip_mes_options.php)0
10 files changed, 166 insertions, 140 deletions
diff --git a/nixops/modules/websites/chloe/chloe.nix b/nixops/modules/websites/chloe/chloe.nix
index e2381d8..2847b9d 100644
--- a/nixops/modules/websites/chloe/chloe.nix
+++ b/nixops/modules/websites/chloe/chloe.nix
@@ -1,137 +1,105 @@
1{ stdenv, lib, fetchzip, fetchurl, fetchedGitPrivate, sassc }: 1{ chloe, config }:
2let 2rec {
3 chloe = { config }: rec { 3 app = chloe.override { inherit (config) environment; };
4 environment = config.environment; 4 phpFpm = rec {
5 phpFpm = rec { 5 serviceDeps = [ "mysql.service" ];
6 serviceDeps = [ "mysql.service" ]; 6 socket = "/var/run/phpfpm/chloe-${app.environment}.sock";
7 socket = "/var/run/phpfpm/chloe-${environment}.sock"; 7 pool = ''
8 pool = '' 8 listen = ${socket}
9 listen = ${socket} 9 user = ${apache.user}
10 user = ${apache.user} 10 group = ${apache.group}
11 group = ${apache.group} 11 listen.owner = ${apache.user}
12 listen.owner = ${apache.user} 12 listen.group = ${apache.group}
13 listen.group = ${apache.group} 13 php_admin_value[upload_max_filesize] = 20M
14 php_admin_value[upload_max_filesize] = 20M 14 php_admin_value[post_max_size] = 20M
15 php_admin_value[post_max_size] = 20M 15 ;php_admin_flag[log_errors] = on
16 ;php_admin_flag[log_errors] = on 16 php_admin_value[open_basedir] = "${app.spipConfig}:${configDir}:${app}:${app.varDir}:/tmp"
17 php_admin_value[open_basedir] = "${../commons/spip/spip_mes_options.php}:${configDir}:${webRoot}:${varDir}:/tmp" 17 php_admin_value[session.save_path] = "${app.varDir}/phpSessions"
18 php_admin_value[session.save_path] = "${varDir}/phpSessions" 18 ${if app.environment == "dev" then ''
19 ${if environment == "dev" then '' 19 pm = ondemand
20 pm = ondemand 20 pm.max_children = 5
21 pm.max_children = 5 21 pm.process_idle_timeout = 60
22 pm.process_idle_timeout = 60 22 '' else ''
23 '' else '' 23 pm = dynamic
24 pm = dynamic 24 pm.max_children = 20
25 pm.max_children = 20 25 pm.start_servers = 2
26 pm.start_servers = 2 26 pm.min_spare_servers = 1
27 pm.min_spare_servers = 1 27 pm.max_spare_servers = 3
28 pm.max_spare_servers = 3 28 ''}'';
29 ''}''; 29 };
30 }; 30 keys = [{
31 keys = [{ 31 dest = "webapps/${app.environment}-chloe";
32 dest = "webapps/${environment}-chloe"; 32 user = apache.user;
33 user = apache.user; 33 group = apache.group;
34 group = apache.group; 34 permissions = "0400";
35 permissions = "0400"; 35 text = ''
36 text = '' 36 SetEnv SPIP_CONFIG_DIR "${configDir}"
37 SetEnv SPIP_CONFIG_DIR "${configDir}" 37 SetEnv SPIP_VAR_DIR "${app.varDir}"
38 SetEnv SPIP_VAR_DIR "${varDir}" 38 SetEnv SPIP_SITE "chloe-${app.environment}"
39 SetEnv SPIP_SITE "chloe-${environment}" 39 SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu"
40 SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu" 40 SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu"
41 SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu" 41 SetEnv SPIP_LDAP_SEARCH_DN "${config.ldap.dn}"
42 SetEnv SPIP_LDAP_SEARCH_DN "${config.ldap.dn}" 42 SetEnv SPIP_LDAP_SEARCH_PW "${config.ldap.password}"
43 SetEnv SPIP_LDAP_SEARCH_PW "${config.ldap.password}" 43 SetEnv SPIP_LDAP_SEARCH "${config.ldap.search}"
44 SetEnv SPIP_LDAP_SEARCH "${config.ldap.search}" 44 SetEnv SPIP_MYSQL_HOST "${config.mysql.host}"
45 SetEnv SPIP_MYSQL_HOST "${config.mysql.host}" 45 SetEnv SPIP_MYSQL_PORT "${config.mysql.port}"
46 SetEnv SPIP_MYSQL_PORT "${config.mysql.port}" 46 SetEnv SPIP_MYSQL_DB "${config.mysql.name}"
47 SetEnv SPIP_MYSQL_DB "${config.mysql.name}" 47 SetEnv SPIP_MYSQL_USER "${config.mysql.user}"
48 SetEnv SPIP_MYSQL_USER "${config.mysql.user}" 48 SetEnv SPIP_MYSQL_PASSWORD "${config.mysql.password}"
49 SetEnv SPIP_MYSQL_PASSWORD "${config.mysql.password}" 49 '';
50 ''; 50 }];
51 }]; 51 apache = rec {
52 apache = rec { 52 user = "wwwrun";
53 user = "wwwrun"; 53 group = "wwwrun";
54 group = "wwwrun"; 54 modules = [ "proxy_fcgi" ];
55 modules = [ "proxy_fcgi" ]; 55 webappName = "chloe_${app.environment}";
56 webappName = "chloe_${environment}"; 56 root = "/run/current-system/webapps/${webappName}";
57 root = "/run/current-system/webapps/${webappName}"; 57 vhostConf = ''
58 vhostConf = '' 58 Include /var/secrets/webapps/${app.environment}-chloe
59 Include /var/secrets/webapps/${environment}-chloe
60 59
61 RewriteEngine On 60 RewriteEngine On
62 ${if environment == "prod" then '' 61 ${if app.environment == "prod" then ''
63 RewriteRule ^/news.rss /spip.php?page=backend&id_rubrique=1 62 RewriteRule ^/news.rss /spip.php?page=backend&id_rubrique=1
64 '' else ""} 63 '' else ""}
65 64
66 <FilesMatch "\.php$"> 65 <FilesMatch "\.php$">
67 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" 66 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
68 </FilesMatch> 67 </FilesMatch>
69 68
70 <Directory ${root}> 69 <Directory ${root}>
71 DirectoryIndex index.php index.htm index.html 70 DirectoryIndex index.php index.htm index.html
72 Options -Indexes +FollowSymLinks +MultiViews +Includes 71 Options -Indexes +FollowSymLinks +MultiViews +Includes
73 Include ${root}/htaccess.txt 72 Include ${root}/htaccess.txt
74 73
75 AllowOverride AuthConfig FileInfo Limit 74 AllowOverride AuthConfig FileInfo Limit
76 Require all granted 75 Require all granted
77 </Directory> 76 </Directory>
78 77
79 <DirectoryMatch "${root}/squelettes"> 78 <DirectoryMatch "${root}/squelettes">
80 Require all denied 79 Require all denied
81 </DirectoryMatch> 80 </DirectoryMatch>
82 81
83 <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$"> 82 <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$">
84 Require all denied 83 Require all denied
85 </FilesMatch> 84 </FilesMatch>
86 85
87 ${if environment == "dev" then '' 86 ${if app.environment == "dev" then ''
88 <Location /> 87 <Location />
89 Use LDAPConnect 88 Use LDAPConnect
90 Require ldap-group cn=chloe.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu 89 Require ldap-group cn=chloe.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
91 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://osteopathe-cc.fr\"></html>" 90 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://osteopathe-cc.fr\"></html>"
92 </Location> 91 </Location>
93 '' else '' 92 '' else ''
94 Use Stats osteopathe-cc.fr 93 Use Stats osteopathe-cc.fr
95 ''} 94 ''}
96 '';
97 };
98 activationScript = {
99 deps = [ "wrappers" ];
100 text = ''
101 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} ${varDir}/IMG ${varDir}/tmp ${varDir}/local
102 install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
103 '';
104 };
105 configDir = ./chloe_config_ + environment;
106 varDir = "/var/lib/chloe_${environment}";
107 siteDir = stdenv.mkDerivation (fetchedGitPrivate ./chloe.json // rec {
108 buildPhase = ''
109 make
110 '';
111 installPhase = ''
112 cp -a . $out
113 '';
114 buildInputs = [ sassc ];
115 });
116 webRoot = stdenv.mkDerivation rec {
117 name = "chloe-${environment}-spip-${version}";
118 version = "3.2.3";
119 src = fetchzip {
120 url = "https://files.spip.net/spip/archives/SPIP-v${version}.zip";
121 sha256 = "1r1mjvsnrp6mvkgjakvi3x4ms8m8k5mp93micbbg8r99fj7qlfkq";
122 };
123 paches = [ ../commons/spip/spip_ldap_patch.patch ];
124 buildPhase = ''
125 rm -rf IMG local tmp config/remove.txt
126 ln -sf ${../commons/spip/spip_mes_options.php} config/mes_options.php
127 echo "Require all denied" > "config/.htaccess"
128 ln -sf ${varDir}/{IMG,local} .
129 ''; 95 '';
130 installPhase = ''
131 cp -a . $out
132 cp -a ${siteDir}/* $out
133 '';
134 };
135 }; 96 };
136in 97 activationScript = {
137 chloe 98 deps = [ "wrappers" ];
99 text = ''
100 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local
101 install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions
102 '';
103 };
104 configDir = ./chloe_config_ + app.environment;
105}
diff --git a/nixops/modules/websites/chloe/default.nix b/nixops/modules/websites/chloe/default.nix
index a542d70..874b81b 100644
--- a/nixops/modules/websites/chloe/default.nix
+++ b/nixops/modules/websites/chloe/default.nix
@@ -1,14 +1,15 @@
1{ lib, pkgs, config, myconfig, mylibs, ... }: 1{ lib, pkgs, config, myconfig, mylibs, ... }:
2let 2let
3 chloe = pkgs.callPackage ./chloe.nix { inherit (mylibs) fetchedGitPrivate; }; 3 chloe_dev = pkgs.callPackage ./chloe.nix {
4 chloe_dev = chloe { 4 inherit (pkgs.private.webapps) chloe;
5 config = myconfig.env.websites.chloe.integration; 5 config = myconfig.env.websites.chloe.integration;
6 }; 6 };
7 chloe_prod = chloe { 7 chloe_prod = pkgs.callPackage ./chloe.nix {
8 config = myconfig.env.websites.chloe.production; 8 inherit (pkgs.private.webapps) chloe;
9 }; 9 config = myconfig.env.websites.chloe.production;
10 };
10 11
11 cfg = config.services.myWebsites.Chloe; 12 cfg = config.services.myWebsites.Chloe;
12in { 13in {
13 options.services.myWebsites.Chloe = { 14 options.services.myWebsites.Chloe = {
14 production = { 15 production = {
@@ -39,7 +40,7 @@ in {
39 system.activationScripts.chloe_prod = chloe_prod.activationScript; 40 system.activationScripts.chloe_prod = chloe_prod.activationScript;
40 system.extraSystemBuilderCmds = '' 41 system.extraSystemBuilderCmds = ''
41 mkdir -p $out/webapps 42 mkdir -p $out/webapps
42 ln -s ${chloe_prod.webRoot} $out/webapps/${chloe_prod.apache.webappName} 43 ln -s ${chloe_prod.app.webRoot} $out/webapps/${chloe_prod.apache.webappName}
43 ''; 44 '';
44 services.myWebsites.production.modules = chloe_prod.apache.modules; 45 services.myWebsites.production.modules = chloe_prod.apache.modules;
45 services.myWebsites.production.vhostConfs.chloe = { 46 services.myWebsites.production.vhostConfs.chloe = {
@@ -60,7 +61,7 @@ in {
60 system.activationScripts.chloe_dev = chloe_dev.activationScript; 61 system.activationScripts.chloe_dev = chloe_dev.activationScript;
61 system.extraSystemBuilderCmds = '' 62 system.extraSystemBuilderCmds = ''
62 mkdir -p $out/webapps 63 mkdir -p $out/webapps
63 ln -s ${chloe_dev.webRoot} $out/webapps/${chloe_dev.apache.webappName} 64 ln -s ${chloe_dev.app.webRoot} $out/webapps/${chloe_dev.apache.webappName}
64 ''; 65 '';
65 services.myWebsites.integration.modules = chloe_dev.apache.modules; 66 services.myWebsites.integration.modules = chloe_dev.apache.modules;
66 services.myWebsites.integration.vhostConfs.chloe = { 67 services.myWebsites.integration.vhostConfs.chloe = {
diff --git a/pkgs/private/default.nix b/pkgs/private/default.nix
index 951a23f..60fabad 100644
--- a/pkgs/private/default.nix
+++ b/pkgs/private/default.nix
@@ -4,5 +4,9 @@ let
4 mylibs = import ../../libs.nix { inherit pkgs; }; 4 mylibs = import ../../libs.nix { inherit pkgs; };
5in 5in
6rec { 6rec {
7 webapps = callPackage ./webapps { inherit mylibs; inherit (pkgs) composerEnv; }; 7 webapps = callPackage ./webapps {
8 inherit mylibs;
9 inherit (pkgs) composerEnv;
10 inherit (pkgs.webapps) spip;
11 };
8} 12}
diff --git a/nixops/modules/websites/chloe/chloe.json b/pkgs/private/webapps/chloe/chloe.json
index 686d751..686d751 100644
--- a/nixops/modules/websites/chloe/chloe.json
+++ b/pkgs/private/webapps/chloe/chloe.json
diff --git a/pkgs/private/webapps/chloe/default.nix b/pkgs/private/webapps/chloe/default.nix
new file mode 100644
index 0000000..f148d4b
--- /dev/null
+++ b/pkgs/private/webapps/chloe/default.nix
@@ -0,0 +1,19 @@
1{ environment ? "prod"
2, varDir ? "/var/lib/chloe_${environment}"
3, spip, stdenv, mylibs, sassc }:
4let
5 siteDir = stdenv.mkDerivation (mylibs.fetchedGitPrivate ./chloe.json // rec {
6 buildPhase = ''
7 make
8 '';
9 installPhase = ''
10 cp -a . $out
11 '';
12 buildInputs = [ sassc ];
13 });
14in
15spip.override {
16 ldap = true;
17 siteName = "chloe";
18 inherit environment siteDir;
19}
diff --git a/pkgs/private/webapps/default.nix b/pkgs/private/webapps/default.nix
index 46ad31c..14fd544 100644
--- a/pkgs/private/webapps/default.nix
+++ b/pkgs/private/webapps/default.nix
@@ -1,6 +1,7 @@
1{ callPackage, mylibs, composerEnv, lib }: 1{ callPackage, mylibs, composerEnv, lib, spip }:
2rec { 2rec {
3 aten = callPackage ./aten { inherit composerEnv mylibs; }; 3 aten = callPackage ./aten { inherit composerEnv mylibs; };
4 chloe = callPackage ./chloe { inherit mylibs spip; };
4 connexionswing = callPackage ./connexionswing { inherit composerEnv mylibs;}; 5 connexionswing = callPackage ./connexionswing { inherit composerEnv mylibs;};
5 ludivinecassal = callPackage ./ludivinecassal { inherit composerEnv mylibs; }; 6 ludivinecassal = callPackage ./ludivinecassal { inherit composerEnv mylibs; };
6 piedsjaloux = callPackage ./piedsjaloux { inherit composerEnv mylibs; }; 7 piedsjaloux = callPackage ./piedsjaloux { inherit composerEnv mylibs; };
diff --git a/pkgs/webapps/default.nix b/pkgs/webapps/default.nix
index 0ef6736..229609f 100644
--- a/pkgs/webapps/default.nix
+++ b/pkgs/webapps/default.nix
@@ -86,6 +86,7 @@ rec {
86 lib.attrsets.genAttrs names 86 lib.attrsets.genAttrs names
87 (name: callPackage (./roundcubemail/plugins + "/${name}") { buildPlugin = roundcubemail.buildPlugin; }); 87 (name: callPackage (./roundcubemail/plugins + "/${name}") { buildPlugin = roundcubemail.buildPlugin; });
88 88
89 spip = callPackage ./spip {};
89 taskwarrior-web = callPackage ./taskwarrior-web { inherit mylibs; }; 90 taskwarrior-web = callPackage ./taskwarrior-web { inherit mylibs; };
90 91
91 ttrss = callPackage ./ttrss { inherit mylibs; }; 92 ttrss = callPackage ./ttrss { inherit mylibs; };
diff --git a/pkgs/webapps/spip/default.nix b/pkgs/webapps/spip/default.nix
new file mode 100644
index 0000000..8099f53
--- /dev/null
+++ b/pkgs/webapps/spip/default.nix
@@ -0,0 +1,32 @@
1{ siteName ? "spip"
2, siteDir ? runCommand "empty" { preferLocalBuild = true; } "mkdir -p $out"
3, environment ? "prod"
4, ldap ? false
5, varDir ? "/var/lib/${siteName}_${environment}"
6, lib, fetchzip, runCommand, stdenv }:
7let
8 app = stdenv.mkDerivation rec {
9 name = "${siteName}-${environment}-spip-${version}";
10 version = "3.2.3";
11 src = fetchzip {
12 url = "https://files.spip.net/spip/archives/SPIP-v${version}.zip";
13 sha256 = "1r1mjvsnrp6mvkgjakvi3x4ms8m8k5mp93micbbg8r99fj7qlfkq";
14 };
15 paches = lib.optionals ldap [ ./spip_ldap_patch.patch ];
16 buildPhase = ''
17 rm -rf IMG local tmp config/remove.txt
18 ln -sf ${./spip_mes_options.php} config/mes_options.php
19 echo "Require all denied" > "config/.htaccess"
20 ln -sf ${varDir}/{IMG,local} .
21 '';
22 installPhase = ''
23 cp -a . $out
24 cp -a ${siteDir}/* $out
25 '';
26 passthru = {
27 inherit siteName siteDir environment varDir;
28 webRoot = app;
29 spipConfig = ./spip_mes_options.php;
30 };
31 };
32in app
diff --git a/nixops/modules/websites/commons/spip/spip_ldap_patch.patch b/pkgs/webapps/spip/spip_ldap_patch.patch
index 653c909..653c909 100644
--- a/nixops/modules/websites/commons/spip/spip_ldap_patch.patch
+++ b/pkgs/webapps/spip/spip_ldap_patch.patch
diff --git a/nixops/modules/websites/commons/spip/spip_mes_options.php b/pkgs/webapps/spip/spip_mes_options.php
index 8db8389..8db8389 100644
--- a/nixops/modules/websites/commons/spip/spip_mes_options.php
+++ b/pkgs/webapps/spip/spip_mes_options.php