4 files changed, 91 insertions, 0 deletions
diff --git a/modules/private/default.nix b/modules/private/default.nix
index f768aed..be39993 100644
--- a/modules/private/default.nix
+++ b/modules/private/default.nix
@@ -38,6 +38,7 @@ set = {
  nassimeProd = ./websites/nassime/production.nix;
  naturaloutilProd = ./websites/naturaloutil/production.nix;
  telioTortayProd = ./websites/teliotortay/production.nix;
+  papaMaisonBbc = ./websites/papa/maison_bbc.nix;
  papaSurveillance = ./websites/papa/surveillance.nix;
  piedsjalouxInte = ./websites/piedsjaloux/integration.nix;
  piedsjalouxProd = ./websites/piedsjaloux/production.nix;
diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix
index 3ac4cb5..dcbbef8 100644
--- a/modules/private/websites/default.nix
+++ b/modules/private/websites/default.nix
@@ -259,6 +259,7 @@ in
      telioTortay.production.enable = true;
      papa.surveillance.enable = true;
+      papa.maison_bbc.enable = true;
      piedsjaloux.integration.enable = true;
      piedsjaloux.production.enable = true;
diff --git a/modules/private/websites/papa/maison_bbc.nix b/modules/private/websites/papa/maison_bbc.nix
new file mode 100644
index 0000000..7295de8
--- /dev/null
+++ b/modules/private/websites/papa/maison_bbc.nix
@@ -0,0 +1,68 @@
+{ lib, pkgs, config, ... }:
+let
+  cfg = config.myServices.websites.papa.maison_bbc;
+  varDir = "/var/lib/ftp/papa/site";
+in {
+  options.myServices.websites.papa.maison_bbc.enable = lib.mkEnableOption "enable Papa Maison bbc website";
+  config = lib.mkIf cfg.enable {
+    services.duplyBackup.profiles.papa_maison_bbc.rootDir = varDir;
+    services.webstats.sites = [ { name = "maison.bbc.bouya.org"; } ];
+    services.phpfpm.pools.papa_maison_bbc = {
+      listen = "/run/phpfpm/papa_maison_bbc.sock";
+      extraConfig = ''
+        user = wwwrun
+        group = wwwrun
+        listen.owner = wwwrun
+        listen.group = wwwrun
+        pm = ondemand
+        pm.max_children = 5
+        pm.process_idle_timeout = 60
+        php_admin_value[open_basedir] = "${varDir}"
+        '';
+      phpOptions = config.services.phpfpm.phpOptions + ''
+        extension=${pkgs.php}/lib/php/extensions/mysqli.so
+        '';
+    };
+    services.websites.env.production.modules = [ "proxy_fcgi" ];
+    services.websites.env.production.vhostNoSSLConfs.papa_maison_bbc = {
+      hosts        = [ "maison.bbc.bouya.org" ];
+      root         = varDir;
+      extraConfig  = [
+        ''
+        RedirectMatch 301 ^/((?!(\.well-known|add.php).*$).*)$ https://maison.bbc.bouya.org/$1
+        <Directory ${varDir}>
+          DirectoryIndex index.php index.htm index.html
+          AllowOverride None
+          Require all granted
+          <FilesMatch "\.php$">
+            SetHandler "proxy:unix:/run/phpfpm/papa_maison_bbc.sock|fcgi://localhost"
+          </FilesMatch>
+        </Directory>
+          ''
+      ];
+    };
+    services.websites.env.production.vhostConfs.papa_maison_bbc = {
+      certName     = "papa";
+      addToCerts   = true;
+      hosts        = [ "maison.bbc.bouya.org" ];
+      root         = varDir;
+      extraConfig  = [
+        ''
+        <Directory ${varDir}>
+          DirectoryIndex index.php index.htm index.html
+          AllowOverride None
+          Require all granted
+          <FilesMatch "\.php$">
+            SetHandler "proxy:unix:/run/phpfpm/papa_maison_bbc.sock|fcgi://localhost"
+          </FilesMatch>
+        </Directory>
+          ''
+      ];
+    };
+  };
+}
diff --git a/modules/websites/default.nix b/modules/websites/default.nix
index 043fc6e..6ba0d68 100644
--- a/modules/websites/default.nix
+++ b/modules/websites/default.nix
@@ -86,6 +86,17 @@ in
              };
            };
          };
+          vhostNoSSLConfs = mkOption {
+            default = {};
+            description = "List of no ssl vhosts to define for Apache";
+            type = attrsOf (submodule {
+              options = {
+                hosts    = mkOption { type = listOf string; };
+                root     = mkOption { type = nullOr path; };
+                extraConfig = mkOption { type = listOf lines; default = []; };
+              };
+            });
+          };
          vhostConfs = mkOption {
            default = {};
            description = "List of vhosts to define for Apache";
@@ -177,6 +188,15 @@ in
      documentRoot = vhostConf.root;
      extraConfig = builtins.concatStringsSep "\n" vhostConf.extraConfig;
    };
+    toVhostNoSSL = ips: vhostConf: {
+      enableSSL = false;
+      logFormat = "combinedVhost";
+      listen = map (ip: { inherit ip; port = 80; }) ips;
+      hostName = builtins.head vhostConf.hosts;
+      serverAliases = builtins.tail vhostConf.hosts or [];
+      documentRoot = vhostConf.root;
+      extraConfig = builtins.concatStringsSep "\n" vhostConf.extraConfig;
+    };
  in attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
    icfg.httpdName (mkIf icfg.enable {
      enable = true;
@@ -190,6 +210,7 @@ in
      extraConfig = builtins.concatStringsSep "\n" icfg.extraConfig;
      virtualHosts = [ (toVhost icfg.ips icfg.fallbackVhost) ]
        ++ optionals (icfg.nosslVhost.enable) [ (nosslVhost icfg.ips icfg.nosslVhost) ]
+        ++ (attrsets.mapAttrsToList (n: v: toVhostNoSSL icfg.ips v) icfg.vhostNoSSLConfs)
        ++ (attrsets.mapAttrsToList (n: v: toVhost icfg.ips v) icfg.vhostConfs)
        ++ [ (redirectVhost icfg.ips) ];
    })

diff --git a/modules/private/default.nix b/modules/private/default.nix index f768aed..be39993 100644 --- a/modules/private/default.nix +++ b/modules/private/default.nix
@@ -38,6 +38,7 @@ set = {
38	nassimeProd = ./websites/nassime/production.nix;	38	nassimeProd = ./websites/nassime/production.nix;
39	naturaloutilProd = ./websites/naturaloutil/production.nix;	39	naturaloutilProd = ./websites/naturaloutil/production.nix;
40	telioTortayProd = ./websites/teliotortay/production.nix;	40	telioTortayProd = ./websites/teliotortay/production.nix;
		41	papaMaisonBbc = ./websites/papa/maison_bbc.nix;
41	papaSurveillance = ./websites/papa/surveillance.nix;	42	papaSurveillance = ./websites/papa/surveillance.nix;
42	piedsjalouxInte = ./websites/piedsjaloux/integration.nix;	43	piedsjalouxInte = ./websites/piedsjaloux/integration.nix;
43	piedsjalouxProd = ./websites/piedsjaloux/production.nix;	44	piedsjalouxProd = ./websites/piedsjaloux/production.nix;


diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix index 3ac4cb5..dcbbef8 100644 --- a/modules/private/websites/default.nix +++ b/modules/private/websites/default.nix
@@ -259,6 +259,7 @@ in
259	telioTortay.production.enable = true;	259	telioTortay.production.enable = true;
260		260
261	papa.surveillance.enable = true;	261	papa.surveillance.enable = true;
		262	papa.maison_bbc.enable = true;
262		263
263	piedsjaloux.integration.enable = true;	264	piedsjaloux.integration.enable = true;
264	piedsjaloux.production.enable = true;	265	piedsjaloux.production.enable = true;


diff --git a/modules/private/websites/papa/maison_bbc.nix b/modules/private/websites/papa/maison_bbc.nix new file mode 100644 index 0000000..7295de8 --- /dev/null +++ b/modules/private/websites/papa/maison_bbc.nix
@@ -0,0 +1,68 @@
		1	{ lib, pkgs, config, ... }:
		2	let
		3	cfg = config.myServices.websites.papa.maison_bbc;
		4	varDir = "/var/lib/ftp/papa/site";
		5	in {
		6	options.myServices.websites.papa.maison_bbc.enable = lib.mkEnableOption "enable Papa Maison bbc website";
		7
		8	config = lib.mkIf cfg.enable {
		9	services.duplyBackup.profiles.papa_maison_bbc.rootDir = varDir;
		10	services.webstats.sites = [ { name = "maison.bbc.bouya.org"; } ];
		11	services.phpfpm.pools.papa_maison_bbc = {
		12	listen = "/run/phpfpm/papa_maison_bbc.sock";
		13	extraConfig = ''
		14	user = wwwrun
		15	group = wwwrun
		16	listen.owner = wwwrun
		17	listen.group = wwwrun
		18
		19	pm = ondemand
		20	pm.max_children = 5
		21	pm.process_idle_timeout = 60
		22
		23	php_admin_value[open_basedir] = "${varDir}"
		24	'';
		25	phpOptions = config.services.phpfpm.phpOptions + ''
		26	extension=${pkgs.php}/lib/php/extensions/mysqli.so
		27	'';
		28	};
		29
		30	services.websites.env.production.modules = [ "proxy_fcgi" ];
		31	services.websites.env.production.vhostNoSSLConfs.papa_maison_bbc = {
		32	hosts = [ "maison.bbc.bouya.org" ];
		33	root = varDir;
		34	extraConfig = [
		35	''
		36	RedirectMatch 301 ^/((?!(\.well-known\|add.php).$).)$ https://maison.bbc.bouya.org/$1
		37	<Directory ${varDir}>
		38	DirectoryIndex index.php index.htm index.html
		39	AllowOverride None
		40	Require all granted
		41	<FilesMatch "\.php$">
		42	SetHandler "proxy:unix:/run/phpfpm/papa_maison_bbc.sock\|fcgi://localhost"
		43	</FilesMatch>
		44	</Directory>
		45	''
		46	];
		47	};
		48	services.websites.env.production.vhostConfs.papa_maison_bbc = {
		49	certName = "papa";
		50	addToCerts = true;
		51	hosts = [ "maison.bbc.bouya.org" ];
		52	root = varDir;
		53	extraConfig = [
		54	''
		55	<Directory ${varDir}>
		56	DirectoryIndex index.php index.htm index.html
		57	AllowOverride None
		58	Require all granted
		59	<FilesMatch "\.php$">
		60	SetHandler "proxy:unix:/run/phpfpm/papa_maison_bbc.sock\|fcgi://localhost"
		61	</FilesMatch>
		62	</Directory>
		63	''
		64	];
		65	};
		66	};
		67	}
		68


diff --git a/modules/websites/default.nix b/modules/websites/default.nix index 043fc6e..6ba0d68 100644 --- a/modules/websites/default.nix +++ b/modules/websites/default.nix
@@ -86,6 +86,17 @@ in
86	};	86	};
87	};	87	};
88	};	88	};
		89	vhostNoSSLConfs = mkOption {
		90	default = {};
		91	description = "List of no ssl vhosts to define for Apache";
		92	type = attrsOf (submodule {
		93	options = {
		94	hosts = mkOption { type = listOf string; };
		95	root = mkOption { type = nullOr path; };
		96	extraConfig = mkOption { type = listOf lines; default = []; };
		97	};
		98	});
		99	};
89	vhostConfs = mkOption {	100	vhostConfs = mkOption {
90	default = {};	101	default = {};
91	description = "List of vhosts to define for Apache";	102	description = "List of vhosts to define for Apache";
@@ -177,6 +188,15 @@ in
177	documentRoot = vhostConf.root;	188	documentRoot = vhostConf.root;
178	extraConfig = builtins.concatStringsSep "\n" vhostConf.extraConfig;	189	extraConfig = builtins.concatStringsSep "\n" vhostConf.extraConfig;
179	};	190	};
		191	toVhostNoSSL = ips: vhostConf: {
		192	enableSSL = false;
		193	logFormat = "combinedVhost";
		194	listen = map (ip: { inherit ip; port = 80; }) ips;
		195	hostName = builtins.head vhostConf.hosts;
		196	serverAliases = builtins.tail vhostConf.hosts or [];
		197	documentRoot = vhostConf.root;
		198	extraConfig = builtins.concatStringsSep "\n" vhostConf.extraConfig;
		199	};
180	in attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair	200	in attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
181	icfg.httpdName (mkIf icfg.enable {	201	icfg.httpdName (mkIf icfg.enable {
182	enable = true;	202	enable = true;
@@ -190,6 +210,7 @@ in
190	extraConfig = builtins.concatStringsSep "\n" icfg.extraConfig;	210	extraConfig = builtins.concatStringsSep "\n" icfg.extraConfig;
191	virtualHosts = [ (toVhost icfg.ips icfg.fallbackVhost) ]	211	virtualHosts = [ (toVhost icfg.ips icfg.fallbackVhost) ]
192	++ optionals (icfg.nosslVhost.enable) [ (nosslVhost icfg.ips icfg.nosslVhost) ]	212	++ optionals (icfg.nosslVhost.enable) [ (nosslVhost icfg.ips icfg.nosslVhost) ]
		213	++ (attrsets.mapAttrsToList (n: v: toVhostNoSSL icfg.ips v) icfg.vhostNoSSLConfs)
193	++ (attrsets.mapAttrsToList (n: v: toVhost icfg.ips v) icfg.vhostConfs)	214	++ (attrsets.mapAttrsToList (n: v: toVhost icfg.ips v) icfg.vhostConfs)
194	++ [ (redirectVhost icfg.ips) ];	215	++ [ (redirectVhost icfg.ips) ];
195	})	216	})