aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--modules/private/default.nix44
-rw-r--r--modules/private/environment.nix4
-rw-r--r--modules/private/tasks/default.nix2
-rw-r--r--modules/private/websites/_www/googleb6d69446ff4ca3e5.html (renamed from pkgs/private/webapps/apache-default/www/googleb6d69446ff4ca3e5.html)0
-rw-r--r--modules/private/websites/_www/index.htm (renamed from pkgs/private/webapps/apache-default/www/index.htm)0
-rw-r--r--modules/private/websites/_www/maintenance_immae.html (renamed from pkgs/private/webapps/apache-default/www/maintenance_immae.html)0
-rw-r--r--modules/private/websites/_www/nossl.html (renamed from pkgs/private/webapps/apache-default/www/nossl.html)0
-rw-r--r--modules/private/websites/capitaines/landing_pages.nix60
-rw-r--r--modules/private/websites/capitaines/production.nix62
-rw-r--r--modules/private/websites/chloe/app/chloe.json (renamed from pkgs/private/webapps/chloe/chloe.json)0
-rw-r--r--modules/private/websites/chloe/app/default.nix (renamed from pkgs/private/webapps/chloe/default.nix)2
-rw-r--r--modules/private/websites/chloe/builder.nix99
-rw-r--r--modules/private/websites/chloe/integration.nix110
-rw-r--r--modules/private/websites/chloe/production.nix106
-rw-r--r--modules/private/websites/connexionswing/app/connexionswing.json (renamed from pkgs/private/webapps/connexionswing/connexionswing.json)0
-rw-r--r--modules/private/websites/connexionswing/app/default.nix (renamed from pkgs/private/webapps/connexionswing/default.nix)3
-rw-r--r--modules/private/websites/connexionswing/app/php-packages.nix (renamed from pkgs/private/webapps/connexionswing/php-packages.nix)0
-rw-r--r--modules/private/websites/connexionswing/integration.nix26
-rw-r--r--modules/private/websites/connexionswing/production.nix22
-rw-r--r--modules/private/websites/default.nix112
-rw-r--r--modules/private/websites/denise/denisejerome.nix (renamed from modules/private/websites/denisejerome/production.nix)12
-rw-r--r--modules/private/websites/denise/evariste.nix (renamed from modules/private/websites/evariste/production.nix)59
-rw-r--r--modules/private/websites/emilia/moodle.nix69
-rw-r--r--modules/private/websites/emilia/production.nix69
-rw-r--r--modules/private/websites/florian/app.nix30
-rw-r--r--modules/private/websites/florian/app/default.nix (renamed from pkgs/private/webapps/tellesflorian/default.nix)3
-rw-r--r--modules/private/websites/florian/app/php-packages.nix (renamed from pkgs/private/webapps/tellesflorian/php-packages.nix)0
-rw-r--r--modules/private/websites/florian/app/tellesflorian.json (renamed from pkgs/private/webapps/tellesflorian/tellesflorian.json)0
-rw-r--r--modules/private/websites/florian/integration.nix14
-rw-r--r--modules/private/websites/florian/production.nix14
-rw-r--r--modules/private/websites/immae/production.nix21
-rw-r--r--modules/private/websites/immae/release.nix4
-rw-r--r--modules/private/websites/immae/temp.nix4
-rw-r--r--modules/private/websites/isabelle/aten_app/aten.json (renamed from pkgs/private/webapps/aten/aten.json)0
-rw-r--r--modules/private/websites/isabelle/aten_app/default.nix (renamed from pkgs/private/webapps/aten/default.nix)0
-rw-r--r--modules/private/websites/isabelle/aten_app/php-packages.nix (renamed from pkgs/private/webapps/aten/php-packages.nix)0
-rw-r--r--modules/private/websites/isabelle/aten_app/yarn-packages.nix (renamed from pkgs/private/webapps/aten/yarn-packages.nix)0
-rw-r--r--modules/private/websites/isabelle/aten_integration.nix25
-rw-r--r--modules/private/websites/isabelle/aten_production.nix25
-rw-r--r--modules/private/websites/isabelle/iridologie.nix111
-rw-r--r--modules/private/websites/isabelle/iridologie_app/default.nix (renamed from pkgs/private/webapps/iridologie/default.nix)2
-rw-r--r--modules/private/websites/isabelle/iridologie_app/iridologie.json (renamed from pkgs/private/webapps/iridologie/iridologie.json)0
-rw-r--r--modules/private/websites/isabelle/spip_builder.nix96
-rw-r--r--modules/private/websites/jerome/naturaloutil.nix (renamed from modules/private/websites/naturaloutil/production.nix)43
-rw-r--r--modules/private/websites/leila/production.nix10
-rw-r--r--modules/private/websites/ludivine/app/default.nix (renamed from pkgs/private/webapps/ludivinecassal/default.nix)3
-rw-r--r--modules/private/websites/ludivine/app/ludivinecassal.json (renamed from pkgs/private/webapps/ludivinecassal/ludivinecassal.json)0
-rw-r--r--modules/private/websites/ludivine/app/php-packages.nix (renamed from pkgs/private/webapps/ludivinecassal/php-packages.nix)0
-rw-r--r--modules/private/websites/ludivine/integration.nix (renamed from modules/private/websites/ludivinecassal/integration.nix)37
-rw-r--r--modules/private/websites/ludivine/production.nix (renamed from modules/private/websites/ludivinecassal/production.nix)37
-rw-r--r--modules/private/websites/nassime/production.nix13
-rw-r--r--modules/private/websites/papa/maison_bbc.nix10
-rw-r--r--modules/private/websites/papa/surveillance.nix5
-rw-r--r--modules/private/websites/piedsjaloux/app/default.nix (renamed from pkgs/private/webapps/piedsjaloux/default.nix)5
-rw-r--r--modules/private/websites/piedsjaloux/app/php-packages.nix (renamed from pkgs/private/webapps/piedsjaloux/php-packages.nix)0
-rw-r--r--modules/private/websites/piedsjaloux/app/piedsjaloux.json (renamed from pkgs/private/webapps/piedsjaloux/piedsjaloux.json)0
-rw-r--r--modules/private/websites/piedsjaloux/integration.nix34
-rw-r--r--modules/private/websites/piedsjaloux/production.nix32
-rw-r--r--modules/private/websites/richie/production.nix (renamed from modules/private/websites/emilia/richie.nix)36
-rw-r--r--modules/private/websites/richie/richie.json (renamed from modules/private/websites/emilia/richie.json)0
-rw-r--r--modules/private/websites/syden/peertube.nix17
-rw-r--r--modules/private/websites/telio_tortay/production.nix (renamed from modules/private/websites/teliotortay/production.nix)38
-rw-r--r--modules/private/websites/tools/dav/default.nix6
-rw-r--r--modules/private/websites/tools/git/default.nix4
-rw-r--r--modules/private/websites/tools/mail/default.nix2
-rw-r--r--modules/private/websites/tools/mail/mta-sts.nix2
-rw-r--r--modules/private/websites/tools/tools/default.nix2
-rw-r--r--modules/private/websites/tools/vpn/default.nix2
-rw-r--r--pkgs/default.nix6
-rw-r--r--pkgs/private/default.nix12
-rw-r--r--pkgs/private/webapps/apache-default/default.nix21
-rw-r--r--pkgs/private/webapps/default.nix12
-rw-r--r--pkgs/webapps/default.nix4
73 files changed, 845 insertions, 758 deletions
diff --git a/modules/private/default.nix b/modules/private/default.nix
index dafec47..dbb8361 100644
--- a/modules/private/default.nix
+++ b/modules/private/default.nix
@@ -16,36 +16,56 @@ set = {
16 openldapReplication = ./databases/openldap_replication.nix; 16 openldapReplication = ./databases/openldap_replication.nix;
17 17
18 websites = ./websites; 18 websites = ./websites;
19 isabelleAtenInte = ./websites/isabelle/aten_integration.nix; 19
20 isabelleAtenProd = ./websites/isabelle/aten_production.nix; 20
21 isabelleIridologie = ./websites/isabelle/iridologie.nix; 21 # Personal websites
22 capitainesProd = ./websites/capitaines/production.nix; 22 capitainesLandingPages = ./websites/capitaines/landing_pages.nix;
23
23 chloeInte = ./websites/chloe/integration.nix; 24 chloeInte = ./websites/chloe/integration.nix;
24 chloeProd = ./websites/chloe/production.nix; 25 chloeProd = ./websites/chloe/production.nix;
26
25 connexionswingInte = ./websites/connexionswing/integration.nix; 27 connexionswingInte = ./websites/connexionswing/integration.nix;
26 connexionswingProd = ./websites/connexionswing/production.nix; 28 connexionswingProd = ./websites/connexionswing/production.nix;
27 denisejeromeProd = ./websites/denisejerome/production.nix; 29
28 emiliaProd = ./websites/emilia/production.nix; 30 deniseDenisejeromeProd = ./websites/denise/denisejerome.nix;
29 richieProd = ./websites/emilia/richie.nix; 31 deniseEvariste = ./websites/denise/evariste.nix;
32
33 emiliaMoodle = ./websites/emilia/moodle.nix;
34
30 florianApp = ./websites/florian/app.nix; 35 florianApp = ./websites/florian/app.nix;
31 florianInte = ./websites/florian/integration.nix; 36 florianInte = ./websites/florian/integration.nix;
32 florianProd = ./websites/florian/production.nix; 37 florianProd = ./websites/florian/production.nix;
38
33 immaeProd = ./websites/immae/production.nix; 39 immaeProd = ./websites/immae/production.nix;
34 immaeRelease = ./websites/immae/release.nix; 40 immaeRelease = ./websites/immae/release.nix;
35 immaeTemp = ./websites/immae/temp.nix; 41 immaeTemp = ./websites/immae/temp.nix;
42
43 isabelleAtenInte = ./websites/isabelle/aten_integration.nix;
44 isabelleAtenProd = ./websites/isabelle/aten_production.nix;
45 isabelleIridologie = ./websites/isabelle/iridologie.nix;
46
47 jeromeNaturaloutil = ./websites/jerome/naturaloutil.nix;
48
36 leilaProd = ./websites/leila/production.nix; 49 leilaProd = ./websites/leila/production.nix;
37 ludivinecassalInte = ./websites/ludivinecassal/integration.nix; 50
38 ludivinecassalProd = ./websites/ludivinecassal/production.nix; 51 ludivineInte = ./websites/ludivine/integration.nix;
52 ludivineProd = ./websites/ludivine/production.nix;
53
39 nassimeProd = ./websites/nassime/production.nix; 54 nassimeProd = ./websites/nassime/production.nix;
40 naturaloutilProd = ./websites/naturaloutil/production.nix; 55
41 evaristeProd = ./websites/evariste/production.nix;
42 telioTortayProd = ./websites/teliotortay/production.nix;
43 papaMaisonBbc = ./websites/papa/maison_bbc.nix; 56 papaMaisonBbc = ./websites/papa/maison_bbc.nix;
44 papaSurveillance = ./websites/papa/surveillance.nix; 57 papaSurveillance = ./websites/papa/surveillance.nix;
58
45 piedsjalouxInte = ./websites/piedsjaloux/integration.nix; 59 piedsjalouxInte = ./websites/piedsjaloux/integration.nix;
46 piedsjalouxProd = ./websites/piedsjaloux/production.nix; 60 piedsjalouxProd = ./websites/piedsjaloux/production.nix;
61
62 richieProd = ./websites/richie/production.nix;
63
47 sydenPeertube = ./websites/syden/peertube.nix; 64 sydenPeertube = ./websites/syden/peertube.nix;
48 65
66 teliotortayProd = ./websites/telio_tortay/production.nix;
67
68 # Tools
49 cloudTool = ./websites/tools/cloud; 69 cloudTool = ./websites/tools/cloud;
50 davTool = ./websites/tools/dav; 70 davTool = ./websites/tools/dav;
51 vpnTool = ./websites/tools/vpn; 71 vpnTool = ./websites/tools/vpn;
diff --git a/modules/private/environment.nix b/modules/private/environment.nix
index 29ea173..01ab967 100644
--- a/modules/private/environment.nix
+++ b/modules/private/environment.nix
@@ -1133,7 +1133,7 @@ in
1133 }; 1133 };
1134 }; 1134 };
1135 }; 1135 };
1136 telioTortay = mkOption { 1136 telio_tortay = mkOption {
1137 description = "Telio Tortay configuration"; 1137 description = "Telio Tortay configuration";
1138 type = submodule { 1138 type = submodule {
1139 options = { 1139 options = {
@@ -1141,7 +1141,7 @@ in
1141 }; 1141 };
1142 }; 1142 };
1143 }; 1143 };
1144 ludivinecassal = mkOption { 1144 ludivine = mkOption {
1145 description = "Ludivinecassal configurations by environment"; 1145 description = "Ludivinecassal configurations by environment";
1146 type = 1146 type =
1147 let 1147 let
diff --git a/modules/private/tasks/default.nix b/modules/private/tasks/default.nix
index 43d40d6..89b7664 100644
--- a/modules/private/tasks/default.nix
+++ b/modules/private/tasks/default.nix
@@ -193,7 +193,7 @@ in {
193 }; 193 };
194 }; 194 };
195 195
196 myServices.websites.webappDirs._task = ./www; 196 services.websites.webappDirs._task = ./www;
197 197
198 security.acme.certs."task" = config.myServices.certificates.certConfig // { 198 security.acme.certs."task" = config.myServices.certificates.certConfig // {
199 inherit user group; 199 inherit user group;
diff --git a/pkgs/private/webapps/apache-default/www/googleb6d69446ff4ca3e5.html b/modules/private/websites/_www/googleb6d69446ff4ca3e5.html
index ff6dbf3..ff6dbf3 100644
--- a/pkgs/private/webapps/apache-default/www/googleb6d69446ff4ca3e5.html
+++ b/modules/private/websites/_www/googleb6d69446ff4ca3e5.html
diff --git a/pkgs/private/webapps/apache-default/www/index.htm b/modules/private/websites/_www/index.htm
index 0274251..0274251 100644
--- a/pkgs/private/webapps/apache-default/www/index.htm
+++ b/modules/private/websites/_www/index.htm
diff --git a/pkgs/private/webapps/apache-default/www/maintenance_immae.html b/modules/private/websites/_www/maintenance_immae.html
index 90f265f..90f265f 100644
--- a/pkgs/private/webapps/apache-default/www/maintenance_immae.html
+++ b/modules/private/websites/_www/maintenance_immae.html
diff --git a/pkgs/private/webapps/apache-default/www/nossl.html b/modules/private/websites/_www/nossl.html
index 4401a80..4401a80 100644
--- a/pkgs/private/webapps/apache-default/www/nossl.html
+++ b/modules/private/websites/_www/nossl.html
diff --git a/modules/private/websites/capitaines/landing_pages.nix b/modules/private/websites/capitaines/landing_pages.nix
new file mode 100644
index 0000000..b94a398
--- /dev/null
+++ b/modules/private/websites/capitaines/landing_pages.nix
@@ -0,0 +1,60 @@
1{ lib, config, ... }:
2let
3 cfg = config.myServices.websites.capitaines.landing_pages;
4 webappdirs = config.services.websites.webappDirsPaths;
5 certName = "capitaines";
6 domain = "capitaines.fr";
7in {
8 options.myServices.websites.capitaines.landing_pages.enable = lib.mkEnableOption "enable Capitaines's landing pages";
9
10 config = lib.mkIf cfg.enable {
11 services.websites.webappDirs.capitaines_mastodon = ./mastodon_static;
12 services.websites.env.production.vhostConfs.capitaines_mastodon = rec {
13 inherit certName;
14 certMainHost = "mastodon.${domain}";
15 hosts = [ certMainHost ];
16 root = webappdirs.capitaines_mastodon;
17 extraConfig = [
18 ''
19 ErrorDocument 404 /index.html
20 <Directory ${webappdirs.capitaines_mastodon}>
21 DirectoryIndex index.html
22 Options Indexes FollowSymLinks MultiViews Includes
23 Require all granted
24 </Directory>
25 ''
26 ];
27 };
28
29 services.websites.webappDirs.capitaines_discourse = ./discourse_static;
30 services.websites.env.production.vhostConfs.capitaines_discourse = {
31 inherit certName;
32 addToCerts = true;
33 hosts = [ "discourse.${domain}" ];
34 root = webappdirs.capitaines_discourse;
35 extraConfig = [
36 ''
37 ErrorDocument 404 /index.html
38 <Directory ${webappdirs.capitaines_discourse}>
39 DirectoryIndex index.html
40 Options Indexes FollowSymLinks MultiViews Includes
41 Require all granted
42 </Directory>
43 ''
44 ];
45 };
46
47 services.websites.env.production.vhostConfs.capitaines = {
48 inherit certName;
49 addToCerts = true;
50 hosts = [ domain ];
51 root = webappdirs._www;
52 extraConfig = [ ''
53 <Directory ${webappdirs._www}>
54 DirectoryIndex index.htm
55 Require all granted
56 </Directory>
57 '' ];
58 };
59 };
60}
diff --git a/modules/private/websites/capitaines/production.nix b/modules/private/websites/capitaines/production.nix
deleted file mode 100644
index ee1698b..0000000
--- a/modules/private/websites/capitaines/production.nix
+++ /dev/null
@@ -1,62 +0,0 @@
1{ lib, pkgs, config, ... }:
2let
3 cfg = config.myServices.websites.capitaines.production;
4 env = config.myEnv.websites.capitaines;
5in {
6 options.myServices.websites.capitaines.production.enable = lib.mkEnableOption "enable Capitaines's website";
7
8 config = lib.mkIf cfg.enable {
9 myServices.websites.webappDirs.capitaines_mastodon = ./mastodon_static;
10 services.websites.env.production.vhostConfs.capitaines_mastodon = let
11 root = "/run/current-system/webapps/capitaines_mastodon";
12 in {
13 certName = "capitaines";
14 certMainHost = "mastodon.capitaines.fr";
15 hosts = [ "mastodon.capitaines.fr" ];
16 root = root;
17 extraConfig = [
18 ''
19 ErrorDocument 404 /index.html
20 <Directory ${root}>
21 DirectoryIndex index.html
22 Options Indexes FollowSymLinks MultiViews Includes
23 Require all granted
24 </Directory>
25 ''
26 ];
27 };
28
29 myServices.websites.webappDirs.capitaines_discourse = ./discourse_static;
30 services.websites.env.production.vhostConfs.capitaines_discourse = let
31 root = "/run/current-system/webapps/capitaines_discourse";
32 in {
33 certName = "capitaines";
34 addToCerts = true;
35 hosts = [ "discourse.capitaines.fr" ];
36 root = root;
37 extraConfig = [
38 ''
39 ErrorDocument 404 /index.html
40 <Directory ${root}>
41 DirectoryIndex index.html
42 Options Indexes FollowSymLinks MultiViews Includes
43 Require all granted
44 </Directory>
45 ''
46 ];
47 };
48
49 services.websites.env.production.vhostConfs.capitaines = {
50 certName = "capitaines";
51 addToCerts = true;
52 hosts = [ "capitaines.fr" ];
53 root = "/run/current-system/webapps/_www";
54 extraConfig = [ ''
55 <Directory /run/current-system/webapps/_www>
56 DirectoryIndex index.htm
57 Require all granted
58 </Directory>
59 '' ];
60 };
61 };
62}
diff --git a/pkgs/private/webapps/chloe/chloe.json b/modules/private/websites/chloe/app/chloe.json
index 8508c14..8508c14 100644
--- a/pkgs/private/webapps/chloe/chloe.json
+++ b/modules/private/websites/chloe/app/chloe.json
diff --git a/pkgs/private/webapps/chloe/default.nix b/modules/private/websites/chloe/app/default.nix
index f148d4b..92a5e42 100644
--- a/pkgs/private/webapps/chloe/default.nix
+++ b/modules/private/websites/chloe/app/default.nix
@@ -15,5 +15,5 @@ in
15spip.override { 15spip.override {
16 ldap = true; 16 ldap = true;
17 siteName = "chloe"; 17 siteName = "chloe";
18 inherit environment siteDir; 18 inherit environment siteDir varDir;
19} 19}
diff --git a/modules/private/websites/chloe/builder.nix b/modules/private/websites/chloe/builder.nix
deleted file mode 100644
index bce2b4d..0000000
--- a/modules/private/websites/chloe/builder.nix
+++ /dev/null
@@ -1,99 +0,0 @@
1{ apacheUser, apacheGroup, chloe, config }:
2rec {
3 app = chloe.override { inherit (config) environment; };
4 phpFpm = rec {
5 serviceDeps = [ "mysql.service" ];
6 pool = {
7 "listen.owner" = apacheUser;
8 "listen.group" = apacheGroup;
9 "php_admin_value[upload_max_filesize]" = "20M";
10 "php_admin_value[post_max_size]" = "20M";
11 # "php_admin_flag[log_errors]" = "on";
12 "php_admin_value[open_basedir]" = "${app.spipConfig}:${configDir}:${app}:${app.varDir}:/tmp";
13 "php_admin_value[session.save_path]" = "${app.varDir}/phpSessions";
14 } // (if app.environment == "dev" then {
15 "pm" = "ondemand";
16 "pm.max_children" = "5";
17 "pm.process_idle_timeout" = "60";
18 } else {
19 "pm" = "dynamic";
20 "pm.max_children" = "20";
21 "pm.start_servers" = "2";
22 "pm.min_spare_servers" = "1";
23 "pm.max_spare_servers" = "3";
24 });
25 };
26 keys = [{
27 dest = "webapps/${app.environment}-chloe";
28 user = apacheUser;
29 group = apacheGroup;
30 permissions = "0400";
31 text = ''
32 SetEnv SPIP_CONFIG_DIR "${configDir}"
33 SetEnv SPIP_VAR_DIR "${app.varDir}"
34 SetEnv SPIP_SITE "chloe-${app.environment}"
35 SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu"
36 SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu"
37 SetEnv SPIP_LDAP_SEARCH_DN "${config.ldap.dn}"
38 SetEnv SPIP_LDAP_SEARCH_PW "${config.ldap.password}"
39 SetEnv SPIP_LDAP_SEARCH "${config.ldap.filter}"
40 SetEnv SPIP_MYSQL_HOST "${config.mysql.host}"
41 SetEnv SPIP_MYSQL_PORT "${config.mysql.port}"
42 SetEnv SPIP_MYSQL_DB "${config.mysql.database}"
43 SetEnv SPIP_MYSQL_USER "${config.mysql.user}"
44 SetEnv SPIP_MYSQL_PASSWORD "${config.mysql.password}"
45 '';
46 }];
47 apache = rec {
48 modules = [ "proxy_fcgi" ];
49 webappName = "chloe_${app.environment}";
50 root = "/run/current-system/webapps/${webappName}";
51 vhostConf = socket: ''
52 Include /var/secrets/webapps/${app.environment}-chloe
53
54 RewriteEngine On
55 ${if app.environment == "prod" then ''
56 RewriteRule ^/news.rss /spip.php?page=backend&id_rubrique=1
57 '' else ""}
58
59 <FilesMatch "\.php$">
60 SetHandler "proxy:unix:${socket}|fcgi://localhost"
61 </FilesMatch>
62
63 <Directory ${root}>
64 DirectoryIndex index.php index.htm index.html
65 Options -Indexes +FollowSymLinks +MultiViews +Includes
66 Include ${root}/htaccess.txt
67
68 AllowOverride AuthConfig FileInfo Limit
69 Require all granted
70 </Directory>
71
72 <DirectoryMatch "${root}/squelettes">
73 Require all denied
74 </DirectoryMatch>
75
76 <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$">
77 Require all denied
78 </FilesMatch>
79
80 ${if app.environment == "dev" then ''
81 <Location />
82 Use LDAPConnect
83 Require ldap-group cn=chloe.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
84 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://osteopathe-cc.fr\"></html>"
85 </Location>
86 '' else ''
87 Use Stats osteopathe-cc.fr
88 ''}
89 '';
90 };
91 activationScript = {
92 deps = [ "wrappers" ];
93 text = ''
94 install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local
95 install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions
96 '';
97 };
98 configDir = ./config;
99}
diff --git a/modules/private/websites/chloe/integration.nix b/modules/private/websites/chloe/integration.nix
index caf6548..6d16a86 100644
--- a/modules/private/websites/chloe/integration.nix
+++ b/modules/private/websites/chloe/integration.nix
@@ -1,43 +1,115 @@
1{ lib, pkgs, config, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 chloe = pkgs.callPackage ./builder.nix { 3 apacheUser = config.services.httpd.Inte.user;
4 inherit (pkgs.webapps) chloe; 4 apacheGroup = config.services.httpd.Inte.group;
5 config = config.myEnv.websites.chloe.integration; 5 ccfg = config.myEnv.websites.chloe.integration;
6 apacheUser = config.services.httpd.Inte.user; 6 app = pkgs.callPackage ./app {
7 apacheGroup = config.services.httpd.Inte.group; 7 inherit (ccfg) environment;
8 inherit (pkgs.webapps) spip;
9 varDir = "/var/lib/chloe_integration";
8 }; 10 };
9
10 cfg = config.myServices.websites.chloe.integration; 11 cfg = config.myServices.websites.chloe.integration;
12 webappdir = config.services.websites.webappDirsPaths.chloe_integration;
11in { 13in {
12 options.myServices.websites.chloe.integration.enable = lib.mkEnableOption "enable Chloe's website in integration"; 14 options.myServices.websites.chloe.integration.enable = lib.mkEnableOption "enable Chloe's website in integration";
13 15
14 config = lib.mkIf cfg.enable { 16 config = lib.mkIf cfg.enable {
15 services.duplyBackup.profiles.chloe_dev.rootDir = chloe.app.varDir; 17 services.duplyBackup.profiles.chloe_integration.rootDir = app.varDir;
16 secrets.keys = chloe.keys; 18 secrets.keys = [
17 systemd.services.phpfpm-chloe_dev.after = lib.mkAfter chloe.phpFpm.serviceDeps; 19 {
18 systemd.services.phpfpm-chloe_dev.wants = chloe.phpFpm.serviceDeps; 20 dest = "websites/chloe/integration";
19 services.phpfpm.pools.chloe_dev = { 21 user = apacheUser;
22 group = apacheGroup;
23 permissions = "0400";
24 text = ''
25 SetEnv SPIP_CONFIG_DIR "${./config}"
26 SetEnv SPIP_VAR_DIR "${app.varDir}"
27 SetEnv SPIP_SITE "chloe-${app.environment}"
28 SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu"
29 SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu"
30 SetEnv SPIP_LDAP_SEARCH_DN "${ccfg.ldap.dn}"
31 SetEnv SPIP_LDAP_SEARCH_PW "${ccfg.ldap.password}"
32 SetEnv SPIP_LDAP_SEARCH "${ccfg.ldap.filter}"
33 SetEnv SPIP_MYSQL_HOST "${ccfg.mysql.host}"
34 SetEnv SPIP_MYSQL_PORT "${ccfg.mysql.port}"
35 SetEnv SPIP_MYSQL_DB "${ccfg.mysql.database}"
36 SetEnv SPIP_MYSQL_USER "${ccfg.mysql.user}"
37 SetEnv SPIP_MYSQL_PASSWORD "${ccfg.mysql.password}"
38 '';
39 }
40 ];
41 systemd.services.phpfpm-chloe_integration.after = lib.mkAfter [ "mysql.service" ];
42 systemd.services.phpfpm-chloe_integration.wants = [ "mysql.service" ];
43 services.phpfpm.pools.chloe_integration = {
20 user = config.services.httpd.Inte.user; 44 user = config.services.httpd.Inte.user;
21 group = config.services.httpd.Inte.group; 45 group = config.services.httpd.Inte.group;
22 settings = chloe.phpFpm.pool; 46 settings = {
47 "listen.owner" = apacheUser;
48 "listen.group" = apacheGroup;
49 "php_admin_value[upload_max_filesize]" = "20M";
50 "php_admin_value[post_max_size]" = "20M";
51 # "php_admin_flag[log_errors]" = "on";
52 "php_admin_value[open_basedir]" = "${app.spipConfig}:${./config}:${app}:${app.varDir}:/tmp";
53 "php_admin_value[session.save_path]" = "${app.varDir}/phpSessions";
54 "pm" = "ondemand";
55 "pm.max_children" = "5";
56 "pm.process_idle_timeout" = "60";
57 };
23 phpOptions = config.services.phpfpm.phpOptions + '' 58 phpOptions = config.services.phpfpm.phpOptions + ''
24 extension=${pkgs.php}/lib/php/extensions/mysqli.so 59 extension=${pkgs.php}/lib/php/extensions/mysqli.so
25 ''; 60 '';
26 }; 61 };
27 system.activationScripts.chloe_dev = chloe.activationScript; 62 system.activationScripts.chloe_integration = {
28 myServices.websites.webappDirs."${chloe.apache.webappName}" = chloe.app.webRoot; 63 deps = [ "wrappers" ];
29 services.websites.env.integration.modules = chloe.apache.modules; 64 text = ''
30 services.websites.env.integration.vhostConfs.chloe = { 65 install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local
66 install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions
67 '';
68 };
69 services.websites.webappDirs.chloe_integration = app.webRoot;
70 services.websites.env.integration.modules = [ "proxy_fcgi" ];
71 services.websites.env.integration.vhostConfs.chloe_integration = {
31 certName = "integration"; 72 certName = "integration";
32 addToCerts = true; 73 addToCerts = true;
33 hosts = ["chloe.immae.eu" ]; 74 hosts = ["chloe.immae.eu" ];
34 root = chloe.apache.root; 75 root = webappdir;
35 extraConfig = [ 76 extraConfig = [
36 (chloe.apache.vhostConf config.services.phpfpm.pools.chloe_dev.socket) 77 ''
78 Include ${config.secrets.fullPaths."websites/chloe/integration"}
79
80 RewriteEngine On
81
82 <FilesMatch "\.php$">
83 SetHandler "proxy:unix:${config.services.phpfpm.pools.chloe_integration.socket}|fcgi://localhost"
84 </FilesMatch>
85
86 <Directory ${webappdir}>
87 DirectoryIndex index.php index.htm index.html
88 Options -Indexes +FollowSymLinks +MultiViews +Includes
89 Include ${webappdir}/htaccess.txt
90
91 AllowOverride AuthConfig FileInfo Limit
92 Require all granted
93 </Directory>
94
95 <DirectoryMatch "${webappdir}/squelettes">
96 Require all denied
97 </DirectoryMatch>
98
99 <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$">
100 Require all denied
101 </FilesMatch>
102
103 <Location />
104 Use LDAPConnect
105 Require ldap-group cn=chloe.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
106 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://osteopathe-cc.fr\"></html>"
107 </Location>
108 ''
37 ]; 109 ];
38 }; 110 };
39 services.websites.env.integration.watchPaths = [ 111 services.websites.env.integration.watchPaths = [
40 "/var/secrets/webapps/${chloe.app.environment}-chloe" 112 config.secrets.fullPaths."websites/chloe/integration"
41 ]; 113 ];
42 }; 114 };
43} 115}
diff --git a/modules/private/websites/chloe/production.nix b/modules/private/websites/chloe/production.nix
index 83f6c9b..067e8e7 100644
--- a/modules/private/websites/chloe/production.nix
+++ b/modules/private/websites/chloe/production.nix
@@ -1,50 +1,120 @@
1{ lib, pkgs, config, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 chloe = pkgs.callPackage ./builder.nix { 3 apacheUser = config.services.httpd.Prod.user;
4 inherit (pkgs.webapps) chloe; 4 apacheGroup = config.services.httpd.Prod.group;
5 config = config.myEnv.websites.chloe.production; 5 ccfg = config.myEnv.websites.chloe.production;
6 apacheUser = config.services.httpd.Prod.user; 6 app = pkgs.callPackage ./app {
7 apacheGroup = config.services.httpd.Prod.group; 7 inherit (ccfg) environment;
8 inherit (pkgs.webapps) spip;
9 varDir = "/var/lib/chloe_production";
8 }; 10 };
9
10 cfg = config.myServices.websites.chloe.production; 11 cfg = config.myServices.websites.chloe.production;
12 webappdir = config.services.websites.webappDirsPaths.chloe_production;
11in { 13in {
12 options.myServices.websites.chloe.production.enable = lib.mkEnableOption "enable Chloe's website in production"; 14 options.myServices.websites.chloe.production.enable = lib.mkEnableOption "enable Chloe's website in production";
13 15
14 config = lib.mkIf cfg.enable { 16 config = lib.mkIf cfg.enable {
15 services.duplyBackup.profiles.chloe_prod.rootDir = chloe.app.varDir; 17 services.duplyBackup.profiles.chloe_production.rootDir = app.varDir;
16 secrets.keys = chloe.keys; 18 secrets.keys = [
19 {
20 dest = "websites/chloe/production";
21 user = apacheUser;
22 group = apacheGroup;
23 permissions = "0400";
24 text = ''
25 SetEnv SPIP_CONFIG_DIR "${./config}"
26 SetEnv SPIP_VAR_DIR "${app.varDir}"
27 SetEnv SPIP_SITE "chloe-${app.environment}"
28 SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu"
29 SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu"
30 SetEnv SPIP_LDAP_SEARCH_DN "${ccfg.ldap.dn}"
31 SetEnv SPIP_LDAP_SEARCH_PW "${ccfg.ldap.password}"
32 SetEnv SPIP_LDAP_SEARCH "${ccfg.ldap.filter}"
33 SetEnv SPIP_MYSQL_HOST "${ccfg.mysql.host}"
34 SetEnv SPIP_MYSQL_PORT "${ccfg.mysql.port}"
35 SetEnv SPIP_MYSQL_DB "${ccfg.mysql.database}"
36 SetEnv SPIP_MYSQL_USER "${ccfg.mysql.user}"
37 SetEnv SPIP_MYSQL_PASSWORD "${ccfg.mysql.password}"
38 '';
39 }
40 ];
17 services.webstats.sites = [ { name = "osteopathe-cc.fr"; } ]; 41 services.webstats.sites = [ { name = "osteopathe-cc.fr"; } ];
18 42
19 systemd.services.phpfpm-chloe_prod.after = lib.mkAfter chloe.phpFpm.serviceDeps; 43 systemd.services.phpfpm-chloe_production.after = lib.mkAfter [ "mysql.service" ];
20 systemd.services.phpfpm-chloe_prod.wants = chloe.phpFpm.serviceDeps; 44 systemd.services.phpfpm-chloe_production.wants = [ "mysql.service" ];
21 services.phpfpm.pools.chloe_prod = { 45 services.phpfpm.pools.chloe_production = {
22 user = config.services.httpd.Prod.user; 46 user = config.services.httpd.Prod.user;
23 group = config.services.httpd.Prod.group; 47 group = config.services.httpd.Prod.group;
24 settings = chloe.phpFpm.pool; 48 settings = {
49 "listen.owner" = apacheUser;
50 "listen.group" = apacheGroup;
51 "php_admin_value[upload_max_filesize]" = "20M";
52 "php_admin_value[post_max_size]" = "20M";
53 # "php_admin_flag[log_errors]" = "on";
54 "php_admin_value[open_basedir]" = "${app.spipConfig}:${./config}:${app}:${app.varDir}:/tmp";
55 "php_admin_value[session.save_path]" = "${app.varDir}/phpSessions";
56 "pm" = "dynamic";
57 "pm.max_children" = "20";
58 "pm.start_servers" = "2";
59 "pm.min_spare_servers" = "1";
60 "pm.max_spare_servers" = "3";
61 };
25 phpOptions = config.services.phpfpm.phpOptions + '' 62 phpOptions = config.services.phpfpm.phpOptions + ''
26 extension=${pkgs.php}/lib/php/extensions/mysqli.so 63 extension=${pkgs.php}/lib/php/extensions/mysqli.so
27 ''; 64 '';
28 }; 65 };
29 system.activationScripts.chloe_prod = chloe.activationScript; 66 system.activationScripts.chloe_production = {
30 myServices.websites.webappDirs."${chloe.apache.webappName}" = chloe.app.webRoot; 67 deps = [ "wrappers" ];
31 services.websites.env.production.modules = chloe.apache.modules; 68 text = ''
69 install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local
70 install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions
71 '';
72 };
73 services.websites.webappDirs.chloe_production = app.webRoot;
74 services.websites.env.production.modules = [ "proxy_fcgi" ];
32 services.websites.env.production.vhostConfs.chloe = { 75 services.websites.env.production.vhostConfs.chloe = {
33 certName = "chloe"; 76 certName = "chloe";
34 certMainHost = "osteopathe-cc.fr"; 77 certMainHost = "osteopathe-cc.fr";
35 hosts = ["osteopathe-cc.fr" "www.osteopathe-cc.fr" ]; 78 hosts = ["osteopathe-cc.fr" "www.osteopathe-cc.fr" ];
36 root = chloe.apache.root; 79 root = webappdir;
37 extraConfig = [ 80 extraConfig = [
38 '' 81 ''
82 Use Stats osteopathe-cc.fr
83
39 RewriteEngine On 84 RewriteEngine On
40 RewriteCond "%{HTTP_HOST}" "!^www\.osteopathe-cc\.fr$" [NC] 85 RewriteCond "%{HTTP_HOST}" "!^www\.osteopathe-cc\.fr$" [NC]
41 RewriteRule ^(.+)$ https://www.osteopathe-cc.fr$1 [R=302,L] 86 RewriteRule ^(.+)$ https://www.osteopathe-cc.fr$1 [R=302,L]
87
88 Include ${config.secrets.fullPaths."websites/chloe/production"}
89
90 RewriteEngine On
91 RewriteRule ^/news.rss /spip.php?page=backend&id_rubrique=1
92
93 <FilesMatch "\.php$">
94 SetHandler "proxy:unix:${config.services.phpfpm.pools.chloe_production.socket}|fcgi://localhost"
95 </FilesMatch>
96
97 <Directory ${webappdir}>
98 DirectoryIndex index.php index.htm index.html
99 Options -Indexes +FollowSymLinks +MultiViews +Includes
100 Include ${webappdir}/htaccess.txt
101
102 AllowOverride AuthConfig FileInfo Limit
103 Require all granted
104 </Directory>
105
106 <DirectoryMatch "${webappdir}/squelettes">
107 Require all denied
108 </DirectoryMatch>
109
110 <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$">
111 Require all denied
112 </FilesMatch>
42 '' 113 ''
43 (chloe.apache.vhostConf config.services.phpfpm.pools.chloe_prod.socket)
44 ]; 114 ];
45 }; 115 };
46 services.websites.env.production.watchPaths = [ 116 services.websites.env.production.watchPaths = [
47 "/var/secrets/webapps/${chloe.app.environment}-chloe" 117 config.secrets.fullPaths."websites/chloe/production"
48 ]; 118 ];
49 }; 119 };
50} 120}
diff --git a/pkgs/private/webapps/connexionswing/connexionswing.json b/modules/private/websites/connexionswing/app/connexionswing.json
index 7d792ae..7d792ae 100644
--- a/pkgs/private/webapps/connexionswing/connexionswing.json
+++ b/modules/private/websites/connexionswing/app/connexionswing.json
diff --git a/pkgs/private/webapps/connexionswing/default.nix b/modules/private/websites/connexionswing/app/default.nix
index 04e296b..37ce42d 100644
--- a/pkgs/private/webapps/connexionswing/default.nix
+++ b/modules/private/websites/connexionswing/app/default.nix
@@ -1,5 +1,6 @@
1{ environment ? "prod" 1{ environment ? "prod"
2, varDir ? "/var/lib/connexionswing_${environment}" 2, varDir ? "/var/lib/connexionswing_${environment}"
3, secretsPath ? "/var/secrets/webapps/${environment}-connexionswing"
3, composerEnv, fetchurl, fetchgit, mylibs }: 4, composerEnv, fetchurl, fetchgit, mylibs }:
4let 5let
5 app = composerEnv.buildPackage ( 6 app = composerEnv.buildPackage (
@@ -14,7 +15,7 @@ let
14 cd $out 15 cd $out
15 ${if environment == "prod" then "php ./bin/console assetic:dump --env=prod --no-debug" else ""} 16 ${if environment == "prod" then "php ./bin/console assetic:dump --env=prod --no-debug" else ""}
16 rm app/config/parameters.yml 17 rm app/config/parameters.yml
17 ln -sf /var/secrets/webapps/${environment}-connexionswing app/config/parameters.yml 18 ln -sf ${secretsPath} app/config/parameters.yml
18 rm -rf var/{logs,cache} 19 rm -rf var/{logs,cache}
19 ln -sf ${varDir}/var/{logs,cache} var/ 20 ln -sf ${varDir}/var/{logs,cache} var/
20 ln -sf ${varDir}/{medias,uploads} web/images/ 21 ln -sf ${varDir}/{medias,uploads} web/images/
diff --git a/pkgs/private/webapps/connexionswing/php-packages.nix b/modules/private/websites/connexionswing/app/php-packages.nix
index 581b437..581b437 100644
--- a/pkgs/private/webapps/connexionswing/php-packages.nix
+++ b/modules/private/websites/connexionswing/app/php-packages.nix
diff --git a/modules/private/websites/connexionswing/integration.nix b/modules/private/websites/connexionswing/integration.nix
index 4f7b72d..b4de4e1 100644
--- a/modules/private/websites/connexionswing/integration.nix
+++ b/modules/private/websites/connexionswing/integration.nix
@@ -1,15 +1,19 @@
1{ lib, pkgs, config, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 secrets = config.myEnv.websites.connexionswing.integration; 3 secrets = config.myEnv.websites.connexionswing.integration;
4 app = pkgs.webapps.connexionswing.override { environment = secrets.environment; }; 4 app = pkgs.callPackage ./app {
5 environment = secrets.environment;
6 varDir = "/var/lib/connexionswing_integration";
7 secretsPath = config.secrets.fullPaths."websites/connexionswing/integration";
8 };
5 cfg = config.myServices.websites.connexionswing.integration; 9 cfg = config.myServices.websites.connexionswing.integration;
6 pcfg = config.services.phpApplication; 10 pcfg = config.services.phpApplication;
7in { 11in {
8 options.myServices.websites.connexionswing.integration.enable = lib.mkEnableOption "enable Connexionswing's website in integration"; 12 options.myServices.websites.connexionswing.integration.enable = lib.mkEnableOption "enable Connexionswing's website in integration";
9 13
10 config = lib.mkIf cfg.enable { 14 config = lib.mkIf cfg.enable {
11 services.duplyBackup.profiles.connexionswing_dev.rootDir = app.varDir; 15 services.duplyBackup.profiles.connexionswing_integration.rootDir = app.varDir;
12 services.phpApplication.apps.connexionswing_dev = { 16 services.phpApplication.apps.connexionswing_integration = {
13 websiteEnv = "integration"; 17 websiteEnv = "integration";
14 httpdUser = config.services.httpd.Inte.user; 18 httpdUser = config.services.httpd.Inte.user;
15 httpdGroup = config.services.httpd.Inte.group; 19 httpdGroup = config.services.httpd.Inte.group;
@@ -34,16 +38,16 @@ in {
34 "pm.process_idle_timeout" = "60"; 38 "pm.process_idle_timeout" = "60";
35 }; 39 };
36 phpEnv = { 40 phpEnv = {
37 SYMFONY_DEBUG_MODE = "yes"; 41 SYMFONY_DEBUG_MODE = "\"yes\"";
38 }; 42 };
39 phpWatchFiles = [ 43 phpWatchFiles = [
40 config.secrets.fullPaths."webapps/${app.environment}-connexionswing" 44 config.secrets.fullPaths."websites/connexionswing/integration"
41 ]; 45 ];
42 }; 46 };
43 47
44 secrets.keys = [ 48 secrets.keys = [
45 { 49 {
46 dest = "webapps/${app.environment}-connexionswing"; 50 dest = "websites/connexionswing/integration";
47 user = config.services.httpd.Inte.user; 51 user = config.services.httpd.Inte.user;
48 group = config.services.httpd.Inte.group; 52 group = config.services.httpd.Inte.group;
49 permissions = "0400"; 53 permissions = "0400";
@@ -67,15 +71,15 @@ in {
67 } 71 }
68 ]; 72 ];
69 73
70 services.websites.env.integration.vhostConfs.connexionswing_dev = { 74 services.websites.env.integration.vhostConfs.connexionswing_integration = {
71 certName = "integration"; 75 certName = "integration";
72 addToCerts = true; 76 addToCerts = true;
73 hosts = ["connexionswing.immae.eu" "sandetludo.immae.eu" ]; 77 hosts = ["connexionswing.immae.eu" "sandetludo.immae.eu" ];
74 root = pcfg.webappDirs.connexionswing_dev; 78 root = pcfg.webappDirs.connexionswing_integration;
75 extraConfig = [ 79 extraConfig = [
76 '' 80 ''
77 <FilesMatch "\.php$"> 81 <FilesMatch "\.php$">
78 SetHandler "proxy:unix:${pcfg.phpListenPaths.connexionswing_dev}|fcgi://localhost" 82 SetHandler "proxy:unix:${pcfg.phpListenPaths.connexionswing_integration}|fcgi://localhost"
79 </FilesMatch> 83 </FilesMatch>
80 84
81 <Directory ${app.varDir}/medias> 85 <Directory ${app.varDir}/medias>
@@ -96,7 +100,7 @@ in {
96 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://connexionswing.com\"></html>" 100 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://connexionswing.com\"></html>"
97 </Location> 101 </Location>
98 102
99 <Directory ${pcfg.webappDirs.connexionswing_dev}> 103 <Directory ${pcfg.webappDirs.connexionswing_integration}>
100 Options Indexes FollowSymLinks MultiViews Includes 104 Options Indexes FollowSymLinks MultiViews Includes
101 AllowOverride None 105 AllowOverride None
102 Require all granted 106 Require all granted
diff --git a/modules/private/websites/connexionswing/production.nix b/modules/private/websites/connexionswing/production.nix
index 0b52af1..119a15e 100644
--- a/modules/private/websites/connexionswing/production.nix
+++ b/modules/private/websites/connexionswing/production.nix
@@ -1,16 +1,20 @@
1{ lib, pkgs, config, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 secrets = config.myEnv.websites.connexionswing.production; 3 secrets = config.myEnv.websites.connexionswing.production;
4 app = pkgs.webapps.connexionswing.override { environment = secrets.environment; }; 4 app = pkgs.callPackage ./app {
5 environment = secrets.environment;
6 varDir = "/var/lib/connexionswing_production";
7 secretsPath = config.secrets.fullPaths."websites/connexionswing/production";
8 };
5 cfg = config.myServices.websites.connexionswing.production; 9 cfg = config.myServices.websites.connexionswing.production;
6 pcfg = config.services.phpApplication; 10 pcfg = config.services.phpApplication;
7in { 11in {
8 options.myServices.websites.connexionswing.production.enable = lib.mkEnableOption "enable Connexionswing's website in production"; 12 options.myServices.websites.connexionswing.production.enable = lib.mkEnableOption "enable Connexionswing's website in production";
9 13
10 config = lib.mkIf cfg.enable { 14 config = lib.mkIf cfg.enable {
11 services.duplyBackup.profiles.connexionswing_prod.rootDir = app.varDir; 15 services.duplyBackup.profiles.connexionswing_produdction.rootDir = app.varDir;
12 services.webstats.sites = [ { name = "connexionswing.com"; } ]; 16 services.webstats.sites = [ { name = "connexionswing.com"; } ];
13 services.phpApplication.apps.connexionswing_prod = { 17 services.phpApplication.apps.connexionswing_production = {
14 websiteEnv = "production"; 18 websiteEnv = "production";
15 httpdUser = config.services.httpd.Prod.user; 19 httpdUser = config.services.httpd.Prod.user;
16 httpdGroup = config.services.httpd.Prod.group; 20 httpdGroup = config.services.httpd.Prod.group;
@@ -37,13 +41,13 @@ in {
37 "pm.max_spare_servers" = "3"; 41 "pm.max_spare_servers" = "3";
38 }; 42 };
39 phpWatchFiles = [ 43 phpWatchFiles = [
40 config.secrets.fullPaths."webapps/${app.environment}-connexionswing" 44 config.secrets.fullPaths."websites/connexionswing/production"
41 ]; 45 ];
42 }; 46 };
43 47
44 secrets.keys = [ 48 secrets.keys = [
45 { 49 {
46 dest = "webapps/${app.environment}-connexionswing"; 50 dest = "websites/connexionswing/production";
47 user = config.services.httpd.Prod.user; 51 user = config.services.httpd.Prod.user;
48 group = config.services.httpd.Prod.group; 52 group = config.services.httpd.Prod.group;
49 permissions = "0400"; 53 permissions = "0400";
@@ -71,15 +75,15 @@ in {
71 } 75 }
72 ]; 76 ];
73 77
74 services.websites.env.production.vhostConfs.connexionswing_prod = { 78 services.websites.env.production.vhostConfs.connexionswing_production = {
75 certName = "connexionswing"; 79 certName = "connexionswing";
76 certMainHost = "connexionswing.com"; 80 certMainHost = "connexionswing.com";
77 hosts = ["connexionswing.com" "sandetludo.com" "www.connexionswing.com" "www.sandetludo.com" ]; 81 hosts = ["connexionswing.com" "sandetludo.com" "www.connexionswing.com" "www.sandetludo.com" ];
78 root = pcfg.webappDirs.connexionswing_prod; 82 root = pcfg.webappDirs.connexionswing_production;
79 extraConfig = [ 83 extraConfig = [
80 '' 84 ''
81 <FilesMatch "\.php$"> 85 <FilesMatch "\.php$">
82 SetHandler "proxy:unix:${pcfg.phpListenPaths.connexionswing_prod}|fcgi://localhost" 86 SetHandler "proxy:unix:${pcfg.phpListenPaths.connexionswing_production}|fcgi://localhost"
83 </FilesMatch> 87 </FilesMatch>
84 88
85 <Directory ${app.varDir}/medias> 89 <Directory ${app.varDir}/medias>
@@ -96,7 +100,7 @@ in {
96 100
97 Use Stats connexionswing.com 101 Use Stats connexionswing.com
98 102
99 <Directory ${pcfg.webappDirs.connexionswing_prod}> 103 <Directory ${pcfg.webappDirs.connexionswing_production}>
100 Options Indexes FollowSymLinks MultiViews Includes 104 Options Indexes FollowSymLinks MultiViews Includes
101 AllowOverride All 105 AllowOverride All
102 Require all granted 106 Require all granted
diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix
index 3d43b11..5c33e1c 100644
--- a/modules/private/websites/default.nix
+++ b/modules/private/websites/default.nix
@@ -43,7 +43,21 @@ let
43 ''; 43 '';
44 }; 44 };
45 global = { 45 global = {
46 extraConfig = (pkgs.webapps.apache-default.override { inherit www_root;}).apacheConfig; 46 extraConfig = ''
47 ErrorDocument 500 /maintenance_immae.html
48 ErrorDocument 501 /maintenance_immae.html
49 ErrorDocument 502 /maintenance_immae.html
50 ErrorDocument 503 /maintenance_immae.html
51 ErrorDocument 504 /maintenance_immae.html
52 Alias /maintenance_immae.html ${www_root}/maintenance_immae.html
53 ProxyPass /maintenance_immae.html !
54
55 AliasMatch "(.*)/googleb6d69446ff4ca3e5.html" ${www_root}/googleb6d69446ff4ca3e5.html
56 <Directory ${www_root}>
57 AllowOverride None
58 Require all granted
59 </Directory>
60 '';
47 }; 61 };
48 apaxy = { 62 apaxy = {
49 extraConfig = (pkgs.webapps.apache-theme.override { inherit theme_root; }).apacheConfig; 63 extraConfig = (pkgs.webapps.apache-theme.override { inherit theme_root; }).apacheConfig;
@@ -64,17 +78,7 @@ let
64 makeExtraConfig = (builtins.filter (x: x != null) (lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) apacheConfig)); 78 makeExtraConfig = (builtins.filter (x: x != null) (lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) apacheConfig));
65in 79in
66{ 80{
67 options.myServices.websites = { 81 options.myServices.websites.enable = lib.mkEnableOption "enable websites";
68 enable = lib.mkEnableOption "enable websites";
69
70 webappDirs = lib.mkOption {
71 type = lib.types.attrsOf lib.types.path;
72 description = ''
73 Webapp paths to create in /run/current-system/webapps
74 '';
75 default = {};
76 };
77 };
78 82
79 config = lib.mkIf config.myServices.websites.enable { 83 config = lib.mkIf config.myServices.websites.enable {
80 services.duplyBackup.profiles.php = { 84 services.duplyBackup.profiles.php = {
@@ -213,61 +217,75 @@ in
213 }; 217 };
214 }; 218 };
215 219
216 system.extraSystemBuilderCmds = lib.mkIf (builtins.length (builtins.attrValues config.myServices.websites.webappDirs) > 0) '' 220 services.websites.webappDirs = {
217 mkdir -p $out/webapps 221 _www = ./_www;
218 ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (name: path: "ln -s ${path} $out/webapps/${name}") config.myServices.websites.webappDirs)} 222 _theme = pkgs.webapps.apache-theme.theme;
219 ''; 223 };
220
221 myServices.websites = { 224 myServices.websites = {
222 webappDirs = { 225 capitaines.landing_pages.enable = true;
223 _www = pkgs.webapps.apache-default.www;
224 _theme = pkgs.webapps.apache-theme.theme;
225 };
226 226
227 isabelle.aten_integration.enable = true; 227 chloe = {
228 isabelle.aten_production.enable = true; 228 integration.enable = true;
229 isabelle.iridologie.enable = true; 229 production.enable = true;
230 };
230 231
231 capitaines.production.enable = true; 232 connexionswing = {
233 integration.enable = true;
234 production.enable = true;
235 };
232 236
233 chloe.integration.enable = true; 237 denise = {
234 chloe.production.enable = true; 238 evariste.enable = true;
239 denisejerome.enable = true;
240 };
235 241
236 connexionswing.integration.enable = true; 242 emilia.moodle.enable = true;
237 connexionswing.production.enable = true;
238 243
239 denisejerome.production.enable = true; 244 florian = {
245 app.enable = true;
246 integration.enable = true;
247 production.enable = true;
248 };
240 249
241 emilia.production.enable = true; 250 immae = {
242 emilia.richie_production.enable = true; 251 production.enable = true;
252 release.enable = true;
253 temp.enable = true;
254 };
243 255
244 florian.app.enable = true; 256 isabelle = {
245 florian.integration.enable = true; 257 aten_integration.enable = true;
246 florian.production.enable = true; 258 aten_production.enable = true;
259 iridologie.enable = true;
260 };
247 261
248 immae.production.enable = true; 262 jerome.naturaloutil.enable = true;
249 immae.release.enable = true;
250 immae.temp.enable = true;
251 263
252 leila.production.enable = true; 264 leila.production.enable = true;
253 265
254 ludivinecassal.integration.enable = true; 266 ludivine = {
255 ludivinecassal.production.enable = true; 267 integration.enable = true;
268 production.enable = true;
269 };
256 270
257 nassime.production.enable = true; 271 nassime.production.enable = true;
258 272
259 evariste.production.enable = true; 273 papa = {
260 naturaloutil.production.enable = true; 274 surveillance.enable = true;
261 telioTortay.production.enable = true; 275 maison_bbc.enable = true;
276 };
262 277
263 papa.surveillance.enable = true; 278 piedsjaloux = {
264 papa.maison_bbc.enable = true; 279 integration.enable = true;
280 production.enable = true;
281 };
265 282
266 piedsjaloux.integration.enable = true; 283 richie.production.enable = true;
267 piedsjaloux.production.enable = true;
268 284
269 syden.peertube.enable = true; 285 syden.peertube.enable = true;
270 286
287 telio_tortay.production.enable = true;
288
271 tools.cloud.enable = true; 289 tools.cloud.enable = true;
272 tools.dav.enable = true; 290 tools.dav.enable = true;
273 tools.db.enable = true; 291 tools.db.enable = true;
diff --git a/modules/private/websites/denisejerome/production.nix b/modules/private/websites/denise/denisejerome.nix
index 481df5b..a75e591 100644
--- a/modules/private/websites/denisejerome/production.nix
+++ b/modules/private/websites/denise/denisejerome.nix
@@ -1,16 +1,16 @@
1{ lib, pkgs, config, ... }: 1{ lib, config, ... }:
2let 2let
3 cfg = config.myServices.websites.denisejerome.production; 3 cfg = config.myServices.websites.denise.denisejerome;
4 varDir = "/var/lib/ftp/denisejerome"; 4 varDir = "/var/lib/ftp/denise/denisejerome";
5 env = config.myEnv.websites.denisejerome; 5 env = config.myEnv.websites.denisejerome;
6in { 6in {
7 options.myServices.websites.denisejerome.production.enable = lib.mkEnableOption "enable Denise Jerome's website"; 7 options.myServices.websites.denise.denisejerome.enable = lib.mkEnableOption "enable Denise Jerome's website";
8 8
9 config = lib.mkIf cfg.enable { 9 config = lib.mkIf cfg.enable {
10 services.webstats.sites = [ { name = "denisejerome.piedsjaloux.fr"; } ]; 10 services.webstats.sites = [ { name = "denisejerome.piedsjaloux.fr"; } ];
11 11
12 services.websites.env.production.vhostConfs.denisejerome = { 12 services.websites.env.production.vhostConfs.denise_denisejerome = {
13 certName = "denisejerome"; 13 certName = "denise";
14 certMainHost = "denisejerome.piedsjaloux.fr"; 14 certMainHost = "denisejerome.piedsjaloux.fr";
15 hosts = ["denisejerome.piedsjaloux.fr" ]; 15 hosts = ["denisejerome.piedsjaloux.fr" ];
16 root = varDir; 16 root = varDir;
diff --git a/modules/private/websites/evariste/production.nix b/modules/private/websites/denise/evariste.nix
index 43b26c8..460302b 100644
--- a/modules/private/websites/evariste/production.nix
+++ b/modules/private/websites/denise/evariste.nix
@@ -1,10 +1,12 @@
1{ lib, pkgs, config, ... }: 1{ lib, config, ... }:
2let 2let
3 cfg = config.myServices.websites.evariste.production; 3 cfg = config.myServices.websites.denise.evariste;
4 nsiVarDir = "/var/lib/ftp/nsievariste"; 4 nsiVarDir = "/var/lib/ftp/denise/nsievariste";
5 stmgVarDir = "/var/lib/ftp/stmgevariste"; 5 stmgVarDir = "/var/lib/ftp/denise/stmgevariste";
6 apacheUser = config.services.httpd.Prod.user;
7 apacheGroup = config.services.httpd.Prod.group;
6in { 8in {
7 options.myServices.websites.evariste.production.enable = lib.mkEnableOption "enable NSI/STMG Evariste website"; 9 options.myServices.websites.denise.evariste.enable = lib.mkEnableOption "enable NSI/STMG Evariste website";
8 10
9 config = lib.mkIf cfg.enable { 11 config = lib.mkIf cfg.enable {
10 services.webstats.sites = [ 12 services.webstats.sites = [
@@ -13,31 +15,32 @@ in {
13 ]; 15 ];
14 16
15 services.websites.env.production.modules = [ "proxy_fcgi" ]; 17 services.websites.env.production.modules = [ "proxy_fcgi" ];
16 system.activationScripts.evariste = { 18 system.activationScripts.denise_evariste = {
17 deps = [ "httpd" ]; 19 deps = [ "httpd" ];
18 text = '' 20 text = ''
19 install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/nsievariste 21 install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/denise_nsievariste
20 install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/stmgevariste 22 install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/denise_stmgevariste
21 ''; 23 '';
22 }; 24 };
23 services.phpfpm.pools.nsievariste = { 25 services.phpfpm.pools.denise_nsievariste = {
24 user = "wwwrun"; 26 user = apacheUser;
25 group = "wwwrun"; 27 group = apacheGroup;
26 settings = { 28 settings = {
27 "listen.owner" = "wwwrun"; 29 "listen.owner" = apacheUser;
28 "listen.group" = "wwwrun"; 30 "listen.group" = apacheGroup;
29 31
30 "pm" = "ondemand"; 32 "pm" = "ondemand";
31 "pm.max_children" = "5"; 33 "pm.max_children" = "5";
32 "pm.process_idle_timeout" = "60"; 34 "pm.process_idle_timeout" = "60";
33 35
34 "php_admin_value[open_basedir]" = "/var/lib/php/sessions/nsievariste:${nsiVarDir}:/tmp"; 36 "php_admin_value[open_basedir]" = "/var/lib/php/sessions/denise_nsievariste:${nsiVarDir}:/tmp";
35 "php_admin_value[session.save_path]" = "/var/lib/php/sessions/nsievariste"; 37 "php_admin_value[session.save_path]" = "/var/lib/php/sessions/denise_nsievariste";
36 }; 38 };
37 }; 39 };
38 services.websites.env.production.vhostConfs.nsievariste = { 40 services.websites.env.production.vhostConfs.denise_nsievariste = {
39 certName = "eldiron"; 41 certName = "denise_evariste";
40 addToCerts = true; 42 addToCerts = true;
43 certMainHost = "nsievariste.immae.eu";
41 hosts = ["nsievariste.immae.eu" ]; 44 hosts = ["nsievariste.immae.eu" ];
42 root = nsiVarDir; 45 root = nsiVarDir;
43 extraConfig = [ 46 extraConfig = [
@@ -45,7 +48,7 @@ in {
45 Use Stats nsievariste.immae.eu 48 Use Stats nsievariste.immae.eu
46 49
47 <FilesMatch "\.php$"> 50 <FilesMatch "\.php$">
48 SetHandler "proxy:unix:${config.services.phpfpm.pools.nsievariste.socket}|fcgi://localhost" 51 SetHandler "proxy:unix:${config.services.phpfpm.pools.denise_nsievariste.socket}|fcgi://localhost"
49 </FilesMatch> 52 </FilesMatch>
50 53
51 <Directory ${nsiVarDir}> 54 <Directory ${nsiVarDir}>
@@ -58,23 +61,23 @@ in {
58 ]; 61 ];
59 }; 62 };
60 63
61 services.phpfpm.pools.stmgevariste = { 64 services.phpfpm.pools.denise_stmgevariste = {
62 user = "wwwrun"; 65 user = apacheUser;
63 group = "wwwrun"; 66 group = apacheGroup;
64 settings = { 67 settings = {
65 "listen.owner" = "wwwrun"; 68 "listen.owner" = apacheUser;
66 "listen.group" = "wwwrun"; 69 "listen.group" = apacheGroup;
67 70
68 "pm" = "ondemand"; 71 "pm" = "ondemand";
69 "pm.max_children" = "5"; 72 "pm.max_children" = "5";
70 "pm.process_idle_timeout" = "60"; 73 "pm.process_idle_timeout" = "60";
71 74
72 "php_admin_value[open_basedir]" = "/var/lib/php/sessions/stmgevariste:${stmgVarDir}:/tmp"; 75 "php_admin_value[open_basedir]" = "/var/lib/php/sessions/denise_stmgevariste:${stmgVarDir}:/tmp";
73 "php_admin_value[session.save_path]" = "/var/lib/php/sessions/stmgevariste"; 76 "php_admin_value[session.save_path]" = "/var/lib/php/sessions/denise_stmgevariste";
74 }; 77 };
75 }; 78 };
76 services.websites.env.production.vhostConfs.stmgevariste = { 79 services.websites.env.production.vhostConfs.denise_stmgevariste = {
77 certName = "eldiron"; 80 certName = "denise_evariste";
78 addToCerts = true; 81 addToCerts = true;
79 hosts = ["stmgevariste.immae.eu" ]; 82 hosts = ["stmgevariste.immae.eu" ];
80 root = stmgVarDir; 83 root = stmgVarDir;
@@ -83,7 +86,7 @@ in {
83 Use Stats stmgevariste.immae.eu 86 Use Stats stmgevariste.immae.eu
84 87
85 <FilesMatch "\.php$"> 88 <FilesMatch "\.php$">
86 SetHandler "proxy:unix:${config.services.phpfpm.pools.stmgevariste.socket}|fcgi://localhost" 89 SetHandler "proxy:unix:${config.services.phpfpm.pools.denise_stmgevariste.socket}|fcgi://localhost"
87 </FilesMatch> 90 </FilesMatch>
88 91
89 <Directory ${stmgVarDir}> 92 <Directory ${stmgVarDir}>
diff --git a/modules/private/websites/emilia/moodle.nix b/modules/private/websites/emilia/moodle.nix
new file mode 100644
index 0000000..d49faf5
--- /dev/null
+++ b/modules/private/websites/emilia/moodle.nix
@@ -0,0 +1,69 @@
1{ lib, pkgs, config, ... }:
2let
3 cfg = config.myServices.websites.emilia.moodle;
4 env = config.myEnv.websites.emilia;
5 varDir = "/var/lib/emilia_moodle";
6 siteDir = ./moodle;
7 webappName = "emilia_moodle";
8 webappdir = config.services.websites.webappDirsPaths.emilia_moodle;
9 # php_admin_value[upload_max_filesize] = 50000000
10 # php_admin_value[post_max_size] = 50000000
11 configFile = ''
12 <?php // Moodle configuration file
13
14 unset($CFG);
15 global $CFG;
16 $CFG = new stdClass();
17
18 $CFG->dbtype = 'pgsql';
19 $CFG->dblibrary = 'native';
20 $CFG->dbhost = '${env.postgresql.host}';
21 $CFG->dbname = '${env.postgresql.database}';
22 $CFG->dbuser = '${env.postgresql.user}';
23 $CFG->dbpass = '${env.postgresql.password}';
24 $CFG->prefix = 'mdl_';
25 $CFG->dboptions = array (
26 'dbpersist' => 0,
27 'dbport' => '${env.postgreesql.port}',
28 'dbsocket' => '${env.postgresql.password}',
29 );
30
31 $CFG->wwwroot = 'https://www.saison-photo.org';
32 $CFG->dataroot = '${varDir}';
33 $CFG->admin = 'admin';
34
35 $CFG->directorypermissions = 02777;
36
37 require_once(__DIR__ . '/lib/setup.php');
38
39 // There is no php closing tag in this file,
40 // it is intentional because it prevents trailing whitespace problems!
41 '';
42 apacheUser = config.services.httpd.Prod.user;
43 apacheGroup = config.services.httpd.Prod.group;
44in {
45 options.myServices.websites.emilia.moodle.enable = lib.mkEnableOption "enable Emilia's website";
46
47 config = lib.mkIf cfg.enable {
48 services.duplyBackup.profiles.emilia_moodle.rootDir = varDir;
49 system.activationScripts.emilia_moodle = ''
50 install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${varDir}
51 '';
52 services.websites.webappDirs.emilia_moodle = siteDir;
53 services.websites.env.production.vhostConfs.emilia_moodle = {
54 certName = "emilia";
55 certMainHost = "saison-photo.org";
56 hosts = [ "saison-photo.org" "www.saison-photo.org" ];
57 root = webappdir;
58 extraConfig = [
59 ''
60 <Directory ${webappdir}>
61 DirectoryIndex pause.html
62 Options Indexes FollowSymLinks MultiViews Includes
63 Require all granted
64 </Directory>
65 ''
66 ];
67 };
68 };
69}
diff --git a/modules/private/websites/emilia/production.nix b/modules/private/websites/emilia/production.nix
deleted file mode 100644
index 71b97dd..0000000
--- a/modules/private/websites/emilia/production.nix
+++ /dev/null
@@ -1,69 +0,0 @@
1{ lib, pkgs, config, ... }:
2let
3 cfg = config.myServices.websites.emilia.production;
4 env = config.myEnv.websites.emilia;
5 varDir = "/var/lib/moodle";
6 siteDir = ./moodle;
7 webappName = "emilia_moodle";
8 root = "/run/current-system/webapps/${webappName}";
9 # php_admin_value[upload_max_filesize] = 50000000
10 # php_admin_value[post_max_size] = 50000000
11 configFile = ''
12 <?php // Moodle configuration file
13
14 unset($CFG);
15 global $CFG;
16 $CFG = new stdClass();
17
18 $CFG->dbtype = 'pgsql';
19 $CFG->dblibrary = 'native';
20 $CFG->dbhost = '${env.postgresql.host}';
21 $CFG->dbname = '${env.postgresql.database}';
22 $CFG->dbuser = '${env.postgresql.user}';
23 $CFG->dbpass = '${env.postgresql.password}';
24 $CFG->prefix = 'mdl_';
25 $CFG->dboptions = array (
26 'dbpersist' => 0,
27 'dbport' => '${env.postgreesql.port}',
28 'dbsocket' => '${env.postgresql.password}',
29 );
30
31 $CFG->wwwroot = 'https://www.saison-photo.org';
32 $CFG->dataroot = '${varDir}';
33 $CFG->admin = 'admin';
34
35 $CFG->directorypermissions = 02777;
36
37 require_once(__DIR__ . '/lib/setup.php');
38
39 // There is no php closing tag in this file,
40 // it is intentional because it prevents trailing whitespace problems!
41 '';
42in {
43 options.myServices.websites.emilia.production.enable = lib.mkEnableOption "enable Emilia's website";
44
45 config = lib.mkIf cfg.enable {
46 services.duplyBackup.profiles.emilia_prod = {
47 rootDir = varDir;
48 };
49 system.activationScripts.emilia = ''
50 install -m 0755 -o wwwrun -g wwwrun -d ${varDir}
51 '';
52 myServices.websites.webappDirs."${webappName}" = siteDir;
53 services.websites.env.production.vhostConfs.emilia = {
54 certName = "emilia";
55 certMainHost = "saison-photo.org";
56 hosts = [ "saison-photo.org" "www.saison-photo.org" ];
57 root = root;
58 extraConfig = [
59 ''
60 <Directory ${root}>
61 DirectoryIndex pause.html
62 Options Indexes FollowSymLinks MultiViews Includes
63 Require all granted
64 </Directory>
65 ''
66 ];
67 };
68 };
69}
diff --git a/modules/private/websites/florian/app.nix b/modules/private/websites/florian/app.nix
index c65c26f..19a88b0 100644
--- a/modules/private/websites/florian/app.nix
+++ b/modules/private/websites/florian/app.nix
@@ -2,15 +2,19 @@
2let 2let
3 adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; }; 3 adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; };
4 secrets = config.myEnv.websites.tellesflorian.integration; 4 secrets = config.myEnv.websites.tellesflorian.integration;
5 app = pkgs.webapps.tellesflorian.override { environment = secrets.environment; }; 5 app = pkgs.callPackage ./app {
6 environment = secrets.environment;
7 varDir = "/var/lib/florian_app";
8 secretsPath = config.secrets.fullPaths."websites/florian/app";
9 };
6 cfg = config.myServices.websites.florian.app; 10 cfg = config.myServices.websites.florian.app;
7 pcfg = config.services.phpApplication; 11 pcfg = config.services.phpApplication;
8in { 12in {
9 options.myServices.websites.florian.app.enable = lib.mkEnableOption "enable Florian's app in integration"; 13 options.myServices.websites.florian.app.enable = lib.mkEnableOption "enable Florian's app in integration";
10 14
11 config = lib.mkIf cfg.enable { 15 config = lib.mkIf cfg.enable {
12 services.duplyBackup.profiles.tellesflorian_dev.rootDir = app.varDir; 16 services.duplyBackup.profiles.florian_app.rootDir = app.varDir;
13 services.phpApplication.apps.florian_dev = { 17 services.phpApplication.apps.florian_app = {
14 websiteEnv = "integration"; 18 websiteEnv = "integration";
15 httpdUser = config.services.httpd.Inte.user; 19 httpdUser = config.services.httpd.Inte.user;
16 httpdGroup = config.services.httpd.Inte.group; 20 httpdGroup = config.services.httpd.Inte.group;
@@ -33,16 +37,16 @@ in {
33 "pm.process_idle_timeout" = "60"; 37 "pm.process_idle_timeout" = "60";
34 }; 38 };
35 phpEnv = { 39 phpEnv = {
36 SYMFONY_DEBUG_MODE = "yes"; 40 SYMFONY_DEBUG_MODE = "\"yes\"";
37 }; 41 };
38 phpWatchFiles = [ 42 phpWatchFiles = [
39 config.secrets.fullPaths."webapps/${app.environment}-tellesflorian" 43 config.secrets.fullPaths."websites/florian/app"
40 ]; 44 ];
41 }; 45 };
42 46
43 secrets.keys = [ 47 secrets.keys = [
44 { 48 {
45 dest = "webapps/${app.environment}-tellesflorian-passwords"; 49 dest = "websites/florian/app_passwords";
46 user = config.services.httpd.Inte.user; 50 user = config.services.httpd.Inte.user;
47 group = config.services.httpd.Inte.group; 51 group = config.services.httpd.Inte.group;
48 permissions = "0400"; 52 permissions = "0400";
@@ -51,7 +55,7 @@ in {
51 ''; 55 '';
52 } 56 }
53 { 57 {
54 dest = "webapps/${app.environment}-tellesflorian"; 58 dest = "websites/florian/app";
55 user = config.services.httpd.Inte.user; 59 user = config.services.httpd.Inte.user;
56 group = config.services.httpd.Inte.group; 60 group = config.services.httpd.Inte.group;
57 permissions = "0400"; 61 permissions = "0400";
@@ -73,15 +77,15 @@ in {
73 ]; 77 ];
74 78
75 services.websites.env.integration.modules = adminer.apache.modules; 79 services.websites.env.integration.modules = adminer.apache.modules;
76 services.websites.env.integration.vhostConfs.florian_dev = { 80 services.websites.env.integration.vhostConfs.florian_app = {
77 certName = "integration"; 81 certName = "integration";
78 addToCerts = true; 82 addToCerts = true;
79 hosts = [ "app.tellesflorian.com" ]; 83 hosts = [ "app.tellesflorian.com" ];
80 root = pcfg.webappDirs.florian_dev; 84 root = pcfg.webappDirs.florian_app;
81 extraConfig = [ 85 extraConfig = [
82 '' 86 ''
83 <FilesMatch "\.php$"> 87 <FilesMatch "\.php$">
84 SetHandler "proxy:unix:${pcfg.phpListenPaths.florian_dev}|fcgi://localhost" 88 SetHandler "proxy:unix:${pcfg.phpListenPaths.florian_app}|fcgi://localhost"
85 </FilesMatch> 89 </FilesMatch>
86 90
87 <Location /> 91 <Location />
@@ -89,13 +93,13 @@ in {
89 Use LDAPConnect 93 Use LDAPConnect
90 Require ldap-group cn=app.tellesflorian.com,cn=httpd,ou=services,dc=immae,dc=eu 94 Require ldap-group cn=app.tellesflorian.com,cn=httpd,ou=services,dc=immae,dc=eu
91 95
92 AuthUserFile "${config.secrets.fullPaths."webapps/${app.environment}-tellesflorian-passwords"}" 96 AuthUserFile "${config.secrets.fullPaths."websites/florian/app_passwords"}"
93 Require user "invite" 97 Require user "invite"
94 98
95 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://tellesflorian.com\"></html>" 99 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://tellesflorian.com\"></html>"
96 </Location> 100 </Location>
97 101
98 <Directory ${pcfg.webappDirs.florian_dev}> 102 <Directory ${pcfg.webappDirs.florian_app}>
99 Options Indexes FollowSymLinks MultiViews Includes 103 Options Indexes FollowSymLinks MultiViews Includes
100 AllowOverride None 104 AllowOverride None
101 Require all granted 105 Require all granted
diff --git a/pkgs/private/webapps/tellesflorian/default.nix b/modules/private/websites/florian/app/default.nix
index b1ccb98..b31e12d 100644
--- a/pkgs/private/webapps/tellesflorian/default.nix
+++ b/modules/private/websites/florian/app/default.nix
@@ -1,5 +1,6 @@
1{ environment ? "prod" 1{ environment ? "prod"
2, varDir ? "/var/lib/tellesflorian_${environment}" 2, varDir ? "/var/lib/tellesflorian_${environment}"
3, secretsPath ? "/var/secrets/webapps/${environment}-tellesflorian"
3, composerEnv, fetchurl, mylibs }: 4, composerEnv, fetchurl, mylibs }:
4let 5let
5 app = composerEnv.buildPackage ( 6 app = composerEnv.buildPackage (
@@ -13,7 +14,7 @@ let
13 postInstall = '' 14 postInstall = ''
14 cd $out 15 cd $out
15 rm app/config/parameters.yml 16 rm app/config/parameters.yml
16 ln -sf /var/secrets/webapps/${environment}-tellesflorian app/config/parameters.yml 17 ln -sf ${secretsPath} app/config/parameters.yml
17 rm -rf var/{logs,cache} 18 rm -rf var/{logs,cache}
18 ln -sf ${varDir}/var/{logs,cache,sessions} var/ 19 ln -sf ${varDir}/var/{logs,cache,sessions} var/
19 ''; 20 '';
diff --git a/pkgs/private/webapps/tellesflorian/php-packages.nix b/modules/private/websites/florian/app/php-packages.nix
index 0c7e00c..0c7e00c 100644
--- a/pkgs/private/webapps/tellesflorian/php-packages.nix
+++ b/modules/private/websites/florian/app/php-packages.nix
diff --git a/pkgs/private/webapps/tellesflorian/tellesflorian.json b/modules/private/websites/florian/app/tellesflorian.json
index 693336d..693336d 100644
--- a/pkgs/private/webapps/tellesflorian/tellesflorian.json
+++ b/modules/private/websites/florian/app/tellesflorian.json
diff --git a/modules/private/websites/florian/integration.nix b/modules/private/websites/florian/integration.nix
index 4ee160a..5ebe531 100644
--- a/modules/private/websites/florian/integration.nix
+++ b/modules/private/websites/florian/integration.nix
@@ -1,9 +1,9 @@
1{ lib, pkgs, config, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; }; 3 adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; };
4 cfg = config.myServices.websites.florian.integration; 4 cfg = config.myServices.websites.florian.integration;
5 varDir = "/var/lib/ftp/florian"; 5 varDir = "/var/lib/ftp/florian/florian.immae.eu";
6 env = config.myEnv.websites.florian; 6 env = config.myEnv.websites.florian;
7in { 7in {
8 options.myServices.websites.florian.integration.enable = lib.mkEnableOption "enable Florian's website integration"; 8 options.myServices.websites.florian.integration.enable = lib.mkEnableOption "enable Florian's website integration";
9 9
@@ -11,17 +11,17 @@ in {
11 security.acme.certs."ftp".extraDomains."florian.immae.eu" = null; 11 security.acme.certs."ftp".extraDomains."florian.immae.eu" = null;
12 12
13 services.websites.env.integration.modules = adminer.apache.modules; 13 services.websites.env.integration.modules = adminer.apache.modules;
14 services.websites.env.integration.vhostConfs.florian = { 14 services.websites.env.integration.vhostConfs.florian_integration = {
15 certName = "integration"; 15 certName = "integration";
16 addToCerts = true; 16 addToCerts = true;
17 hosts = [ "florian.immae.eu" ]; 17 hosts = [ "florian.immae.eu" ];
18 root = "${varDir}/florian.immae.eu"; 18 root = varDir;
19 extraConfig = [ 19 extraConfig = [
20 (adminer.apache.vhostConf null) 20 (adminer.apache.vhostConf null)
21 '' 21 ''
22 ServerAdmin ${env.server_admin} 22 ServerAdmin ${env.server_admin}
23 23
24 <Directory ${varDir}/florian.immae.eu> 24 <Directory ${varDir}>
25 DirectoryIndex index.php index.htm index.html 25 DirectoryIndex index.php index.htm index.html
26 Options Indexes FollowSymLinks MultiViews Includes 26 Options Indexes FollowSymLinks MultiViews Includes
27 AllowOverride None 27 AllowOverride None
diff --git a/modules/private/websites/florian/production.nix b/modules/private/websites/florian/production.nix
index 16c6022..1c5ffa6 100644
--- a/modules/private/websites/florian/production.nix
+++ b/modules/private/websites/florian/production.nix
@@ -1,9 +1,9 @@
1{ lib, pkgs, config, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; }; 3 adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; };
4 cfg = config.myServices.websites.florian.production; 4 cfg = config.myServices.websites.florian.production;
5 varDir = "/var/lib/ftp/florian"; 5 varDir = "/var/lib/ftp/florian/tellesflorian.com";
6 env = config.myEnv.websites.florian; 6 env = config.myEnv.websites.florian;
7in { 7in {
8 options.myServices.websites.florian.production.enable = lib.mkEnableOption "enable Florian's website production"; 8 options.myServices.websites.florian.production.enable = lib.mkEnableOption "enable Florian's website production";
9 9
@@ -11,17 +11,17 @@ in {
11 security.acme.certs."ftp".extraDomains."tellesflorian.com" = null; 11 security.acme.certs."ftp".extraDomains."tellesflorian.com" = null;
12 12
13 services.websites.env.production.modules = adminer.apache.modules; 13 services.websites.env.production.modules = adminer.apache.modules;
14 services.websites.env.production.vhostConfs.florian = { 14 services.websites.env.production.vhostConfs.florian_production = {
15 certName = "florian"; 15 certName = "florian";
16 certMainHost = "tellesflorian.com"; 16 certMainHost = "tellesflorian.com";
17 hosts = [ "tellesflorian.com" "www.tellesflorian.com" ]; 17 hosts = [ "tellesflorian.com" "www.tellesflorian.com" ];
18 root = "${varDir}/tellesflorian.com"; 18 root = varDir;
19 extraConfig = [ 19 extraConfig = [
20 (adminer.apache.vhostConf null) 20 (adminer.apache.vhostConf null)
21 '' 21 ''
22 ServerAdmin ${env.server_admin} 22 ServerAdmin ${env.server_admin}
23 23
24 <Directory ${varDir}/tellesflorian.com> 24 <Directory ${varDir}>
25 DirectoryIndex index.php index.htm index.html 25 DirectoryIndex index.php index.htm index.html
26 Options Indexes FollowSymLinks MultiViews Includes 26 Options Indexes FollowSymLinks MultiViews Includes
27 AllowOverride None 27 AllowOverride None
diff --git a/modules/private/websites/immae/production.nix b/modules/private/websites/immae/production.nix
index dff1053..dc89ae3 100644
--- a/modules/private/websites/immae/production.nix
+++ b/modules/private/websites/immae/production.nix
@@ -12,12 +12,13 @@ in {
12 config = lib.mkIf cfg.enable { 12 config = lib.mkIf cfg.enable {
13 services.webstats.sites = [ { name = "www.immae.eu"; } ]; 13 services.webstats.sites = [ { name = "www.immae.eu"; } ];
14 14
15 services.websites.env.production.vhostConfs.immae = { 15 services.websites.env.production.vhostConfs.immae_production = {
16 certName = "eldiron"; 16 certName = "immae";
17 addToCerts = true; 17 addToCerts = true;
18 hosts = [ "www.immae.eu" "immae.eu" ]; 18 certMainHost = "www.immae.eu";
19 root = varDir; 19 hosts = [ "www.immae.eu" "immae.eu" ];
20 extraConfig = [ 20 root = varDir;
21 extraConfig = [
21 '' 22 ''
22 Use Stats www.immae.eu 23 Use Stats www.immae.eu
23 24
@@ -68,8 +69,8 @@ in {
68 ]; 69 ];
69 }; 70 };
70 71
71 services.websites.env.production.vhostConfs.immaeFr = { 72 services.websites.env.production.vhostConfs.immae_fr = {
72 certName = "eldiron"; 73 certName = "immae";
73 addToCerts = true; 74 addToCerts = true;
74 hosts = [ "www.immae.fr" "immae.fr" ]; 75 hosts = [ "www.immae.fr" "immae.fr" ];
75 root = null; 76 root = null;
@@ -78,8 +79,8 @@ in {
78 '' ]; 79 '' ];
79 }; 80 };
80 81
81 services.websites.env.production.vhostConfs.bouya = { 82 services.websites.env.production.vhostConfs.immae_bouya = {
82 certName = "eldiron"; 83 certName = "immae";
83 addToCerts = true; 84 addToCerts = true;
84 hosts = [ "bouya.org" "www.bouya.org" ]; 85 hosts = [ "bouya.org" "www.bouya.org" ];
85 root = null; 86 root = null;
diff --git a/modules/private/websites/immae/release.nix b/modules/private/websites/immae/release.nix
index a503c90..d06af87 100644
--- a/modules/private/websites/immae/release.nix
+++ b/modules/private/websites/immae/release.nix
@@ -9,8 +9,8 @@ in {
9 config = lib.mkIf cfg.enable { 9 config = lib.mkIf cfg.enable {
10 services.webstats.sites = [ { name = "release.immae.eu"; } ]; 10 services.webstats.sites = [ { name = "release.immae.eu"; } ];
11 11
12 services.websites.env.production.vhostConfs.release = { 12 services.websites.env.production.vhostConfs.immae_release = {
13 certName = "eldiron"; 13 certName = "immae";
14 addToCerts = true; 14 addToCerts = true;
15 hosts = [ "release.immae.eu" ]; 15 hosts = [ "release.immae.eu" ];
16 root = varDir; 16 root = varDir;
diff --git a/modules/private/websites/immae/temp.nix b/modules/private/websites/immae/temp.nix
index 899bb3a..c24844e 100644
--- a/modules/private/websites/immae/temp.nix
+++ b/modules/private/websites/immae/temp.nix
@@ -8,8 +8,8 @@ in {
8 8
9 config = lib.mkIf cfg.enable { 9 config = lib.mkIf cfg.enable {
10 services.websites.env.production.modules = [ "headers" ]; 10 services.websites.env.production.modules = [ "headers" ];
11 services.websites.env.production.vhostConfs.temp = { 11 services.websites.env.production.vhostConfs.immae_temp = {
12 certName = "eldiron"; 12 certName = "immae";
13 addToCerts = true; 13 addToCerts = true;
14 hosts = [ "temp.immae.eu" ]; 14 hosts = [ "temp.immae.eu" ];
15 root = varDir; 15 root = varDir;
diff --git a/pkgs/private/webapps/aten/aten.json b/modules/private/websites/isabelle/aten_app/aten.json
index 10a315a..10a315a 100644
--- a/pkgs/private/webapps/aten/aten.json
+++ b/modules/private/websites/isabelle/aten_app/aten.json
diff --git a/pkgs/private/webapps/aten/default.nix b/modules/private/websites/isabelle/aten_app/default.nix
index 9c4e29f..9c4e29f 100644
--- a/pkgs/private/webapps/aten/default.nix
+++ b/modules/private/websites/isabelle/aten_app/default.nix
diff --git a/pkgs/private/webapps/aten/php-packages.nix b/modules/private/websites/isabelle/aten_app/php-packages.nix
index 8d86587..8d86587 100644
--- a/pkgs/private/webapps/aten/php-packages.nix
+++ b/modules/private/websites/isabelle/aten_app/php-packages.nix
diff --git a/pkgs/private/webapps/aten/yarn-packages.nix b/modules/private/websites/isabelle/aten_app/yarn-packages.nix
index c16d9dc..c16d9dc 100644
--- a/pkgs/private/webapps/aten/yarn-packages.nix
+++ b/modules/private/websites/isabelle/aten_app/yarn-packages.nix
diff --git a/modules/private/websites/isabelle/aten_integration.nix b/modules/private/websites/isabelle/aten_integration.nix
index fb6eda9..61c35cc 100644
--- a/modules/private/websites/isabelle/aten_integration.nix
+++ b/modules/private/websites/isabelle/aten_integration.nix
@@ -1,20 +1,23 @@
1{ lib, pkgs, config, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 secrets = config.myEnv.websites.isabelle.aten_integration; 3 secrets = config.myEnv.websites.isabelle.aten_integration;
4 app = pkgs.webapps.aten.override { environment = secrets.environment; }; 4 app = pkgs.callPackage ./aten_app {
5 environment = secrets.environment;
6 varDir = "/var/lib/isabelle_aten_integration";
7 };
5 cfg = config.myServices.websites.isabelle.aten_integration; 8 cfg = config.myServices.websites.isabelle.aten_integration;
6 pcfg = config.services.phpApplication; 9 pcfg = config.services.phpApplication;
7in { 10in {
8 options.myServices.websites.isabelle.aten_integration.enable = lib.mkEnableOption "enable Aten's website in integration"; 11 options.myServices.websites.isabelle.aten_integration.enable = lib.mkEnableOption "enable Aten's website in integration";
9 12
10 config = lib.mkIf cfg.enable { 13 config = lib.mkIf cfg.enable {
11 services.duplyBackup.profiles.aten_dev.rootDir = app.varDir; 14 services.duplyBackup.profiles.isabelle_aten_integration.rootDir = app.varDir;
12 services.phpApplication.apps.aten_dev = { 15 services.phpApplication.apps.isabelle_aten_integration = {
13 websiteEnv = "integration"; 16 websiteEnv = "integration";
14 httpdUser = config.services.httpd.Inte.user; 17 httpdUser = config.services.httpd.Inte.user;
15 httpdGroup = config.services.httpd.Inte.group; 18 httpdGroup = config.services.httpd.Inte.group;
16 httpdWatchFiles = [ 19 httpdWatchFiles = [
17 config.secrets.fullPaths."webapps/${app.environment}-aten" 20 config.secrets.fullPaths."websites/isabelle/aten_integration"
18 ]; 21 ];
19 inherit (app) webRoot varDir; 22 inherit (app) webRoot varDir;
20 inherit app; 23 inherit app;
@@ -32,12 +35,12 @@ in {
32 "pm.process_idle_timeout" = "60"; 35 "pm.process_idle_timeout" = "60";
33 }; 36 };
34 phpEnv = { 37 phpEnv = {
35 SYMFONY_DEBUG_MODE = "yes"; 38 SYMFONY_DEBUG_MODE = "\"yes\"";
36 }; 39 };
37 }; 40 };
38 41
39 secrets.keys = [{ 42 secrets.keys = [{
40 dest = "webapps/${app.environment}-aten"; 43 dest = "websites/isabelle/aten_integration";
41 user = config.services.httpd.Inte.user; 44 user = config.services.httpd.Inte.user;
42 group = config.services.httpd.Inte.group; 45 group = config.services.httpd.Inte.group;
43 permissions = "0400"; 46 permissions = "0400";
@@ -52,18 +55,18 @@ in {
52 SetEnv DATABASE_URL "${psql_url}" 55 SetEnv DATABASE_URL "${psql_url}"
53 ''; 56 '';
54 }]; 57 }];
55 services.websites.env.integration.vhostConfs.aten_dev = { 58 services.websites.env.integration.vhostConfs.isabelle_aten_integration = {
56 certName = "integration"; 59 certName = "integration";
57 addToCerts = true; 60 addToCerts = true;
58 hosts = [ "dev.aten.pro" ]; 61 hosts = [ "dev.aten.pro" ];
59 root = pcfg.webappDirs.aten_dev; 62 root = pcfg.webappDirs.isabelle_aten_integration;
60 extraConfig = [ 63 extraConfig = [
61 '' 64 ''
62 <FilesMatch "\.php$"> 65 <FilesMatch "\.php$">
63 SetHandler "proxy:unix:${pcfg.phpListenPaths.aten_dev}|fcgi://localhost" 66 SetHandler "proxy:unix:${pcfg.phpListenPaths.isabelle_aten_integration}|fcgi://localhost"
64 </FilesMatch> 67 </FilesMatch>
65 68
66 Include ${config.secrets.fullPaths."webapps/${app.environment}-aten"} 69 Include ${config.secrets.fullPaths."websites/isabelle/aten_integration"}
67 70
68 <Location /> 71 <Location />
69 Use LDAPConnect 72 Use LDAPConnect
@@ -77,7 +80,7 @@ in {
77 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>" 80 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
78 </Location> 81 </Location>
79 82
80 <Directory ${pcfg.webappDirs.aten_dev}> 83 <Directory ${pcfg.webappDirs.isabelle_aten_integration}>
81 Options Indexes FollowSymLinks MultiViews Includes 84 Options Indexes FollowSymLinks MultiViews Includes
82 AllowOverride All 85 AllowOverride All
83 Require all granted 86 Require all granted
diff --git a/modules/private/websites/isabelle/aten_production.nix b/modules/private/websites/isabelle/aten_production.nix
index cf7e4a2..e34d659 100644
--- a/modules/private/websites/isabelle/aten_production.nix
+++ b/modules/private/websites/isabelle/aten_production.nix
@@ -1,21 +1,24 @@
1{ lib, pkgs, config, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 secrets = config.myEnv.websites.isabelle.aten_production; 3 secrets = config.myEnv.websites.isabelle.aten_production;
4 app = pkgs.webapps.aten.override { environment = secrets.environment; }; 4 app = pkgs.callPackage ./aten_app {
5 environment = secrets.environment;
6 varDir = "/var/lib/isabelle_aten_production";
7 };
5 cfg = config.myServices.websites.isabelle.aten_production; 8 cfg = config.myServices.websites.isabelle.aten_production;
6 pcfg = config.services.phpApplication; 9 pcfg = config.services.phpApplication;
7in { 10in {
8 options.myServices.websites.isabelle.aten_production.enable = lib.mkEnableOption "enable Aten's website in production"; 11 options.myServices.websites.isabelle.aten_production.enable = lib.mkEnableOption "enable Aten's website in production";
9 12
10 config = lib.mkIf cfg.enable { 13 config = lib.mkIf cfg.enable {
11 services.duplyBackup.profiles.aten_prod.rootDir = app.varDir; 14 services.duplyBackup.profiles.isabelle_aten_production.rootDir = app.varDir;
12 services.webstats.sites = [ { name = "aten.pro"; } ]; 15 services.webstats.sites = [ { name = "aten.pro"; } ];
13 services.phpApplication.apps.aten_prod = { 16 services.phpApplication.apps.isabelle_aten_production = {
14 websiteEnv = "production"; 17 websiteEnv = "production";
15 httpdUser = config.services.httpd.Prod.user; 18 httpdUser = config.services.httpd.Prod.user;
16 httpdGroup = config.services.httpd.Prod.group; 19 httpdGroup = config.services.httpd.Prod.group;
17 httpdWatchFiles = [ 20 httpdWatchFiles = [
18 config.secrets.fullPaths."webapps/${app.environment}-aten" 21 config.secrets.fullPaths."websites/isabelle/aten_production"
19 ]; 22 ];
20 inherit (app) webRoot varDir; 23 inherit (app) webRoot varDir;
21 inherit app; 24 inherit app;
@@ -37,7 +40,7 @@ in {
37 }; 40 };
38 41
39 secrets.keys = [{ 42 secrets.keys = [{
40 dest = "webapps/${app.environment}-aten"; 43 dest = "websites/isabelle/aten_production";
41 user = config.services.httpd.Prod.user; 44 user = config.services.httpd.Prod.user;
42 group = config.services.httpd.Prod.group; 45 group = config.services.httpd.Prod.group;
43 permissions = "0400"; 46 permissions = "0400";
@@ -52,18 +55,18 @@ in {
52 SetEnv DATABASE_URL "${psql_url}" 55 SetEnv DATABASE_URL "${psql_url}"
53 ''; 56 '';
54 }]; 57 }];
55 services.websites.env.production.vhostConfs.aten_prod = { 58 services.websites.env.production.vhostConfs.isabelle_aten_production = {
56 certName = "aten"; 59 certName = "isabelle";
57 certMainHost = "aten.pro"; 60 certMainHost = "aten.pro";
58 hosts = [ "aten.pro" "www.aten.pro" ]; 61 hosts = [ "aten.pro" "www.aten.pro" ];
59 root = pcfg.webappDirs.aten_prod; 62 root = pcfg.webappDirs.isabelle_aten_production;
60 extraConfig = [ 63 extraConfig = [
61 '' 64 ''
62 <FilesMatch "\.php$"> 65 <FilesMatch "\.php$">
63 SetHandler "proxy:unix:${pcfg.phpListenPaths.aten_prod}|fcgi://localhost" 66 SetHandler "proxy:unix:${pcfg.phpListenPaths.isabelle_aten_production}|fcgi://localhost"
64 </FilesMatch> 67 </FilesMatch>
65 68
66 Include ${config.secrets.fullPaths."webapps/${app.environment}-aten"} 69 Include ${config.secrets.fullPaths."websites/isabelle/aten_production"}
67 70
68 Use Stats aten.pro 71 Use Stats aten.pro
69 72
@@ -73,7 +76,7 @@ in {
73 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>" 76 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
74 </Location> 77 </Location>
75 78
76 <Directory ${pcfg.webappDirs.aten_prod}> 79 <Directory ${pcfg.webappDirs.isabelle_aten_production}>
77 Options Indexes FollowSymLinks MultiViews Includes 80 Options Indexes FollowSymLinks MultiViews Includes
78 AllowOverride All 81 AllowOverride All
79 Require all granted 82 Require all granted
diff --git a/modules/private/websites/isabelle/iridologie.nix b/modules/private/websites/isabelle/iridologie.nix
index ffbf259..560e605 100644
--- a/modules/private/websites/isabelle/iridologie.nix
+++ b/modules/private/websites/isabelle/iridologie.nix
@@ -1,50 +1,121 @@
1{ lib, pkgs, config, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 iridologie = pkgs.callPackage ./spip_builder.nix { 3 icfg = config.myEnv.websites.isabelle.iridologie;
4 inherit (pkgs.webapps) iridologie; 4 cfg = config.myServices.websites.isabelle.iridologie;
5 config = config.myEnv.websites.isabelle.iridologie; 5 app = pkgs.callPackage ./iridologie_app {
6 apacheUser = config.services.httpd.Prod.user; 6 inherit (icfg) environment;
7 apacheGroup = config.services.httpd.Prod.group; 7 inherit (pkgs.webapps) spip;
8 varDir = "/var/lib/isabelle_iridologie";
8 }; 9 };
9 10
10 cfg = config.myServices.websites.isabelle.iridologie; 11 apacheUser = config.services.httpd.Prod.user;
12 apacheGroup = config.services.httpd.Prod.group;
13 webappdir = config.services.websites.webappDirsPaths.isabelle_iridologie;
14 secretsPath = config.secrets.fullPaths."websites/isabelle/iridologie";
11in { 15in {
12 options.myServices.websites.isabelle.iridologie.enable = lib.mkEnableOption "enable Iridologie's website"; 16 options.myServices.websites.isabelle.iridologie.enable = lib.mkEnableOption "enable Iridologie's website";
13 17
14 config = lib.mkIf cfg.enable { 18 config = lib.mkIf cfg.enable {
15 services.duplyBackup.profiles.iridologie_prod.rootDir = iridologie.app.varDir; 19 services.duplyBackup.profiles.isabelle_iridologie.rootDir = app.varDir;
16 secrets.keys = iridologie.keys; 20 secrets.keys = [
21 {
22 dest = "websites/isabelle/iridologie";
23 user = apacheUser;
24 group = apacheGroup;
25 permissions = "0400";
26 text = ''
27 SetEnv SPIP_CONFIG_DIR "${./config}"
28 SetEnv SPIP_VAR_DIR "${app.varDir}"
29 SetEnv SPIP_SITE "iridologie-${app.environment}"
30 SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu"
31 SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu"
32 SetEnv SPIP_LDAP_SEARCH_DN "${icfg.ldap.dn}"
33 SetEnv SPIP_LDAP_SEARCH_PW "${icfg.ldap.password}"
34 SetEnv SPIP_LDAP_SEARCH "${icfg.ldap.filter}"
35 SetEnv SPIP_MYSQL_HOST "${icfg.mysql.host}"
36 SetEnv SPIP_MYSQL_PORT "${icfg.mysql.port}"
37 SetEnv SPIP_MYSQL_DB "${icfg.mysql.database}"
38 SetEnv SPIP_MYSQL_USER "${icfg.mysql.user}"
39 SetEnv SPIP_MYSQL_PASSWORD "${icfg.mysql.password}"
40 '';
41 }
42 ];
17 services.webstats.sites = [ { name = "iridologie.icommandeur.org"; } ]; 43 services.webstats.sites = [ { name = "iridologie.icommandeur.org"; } ];
18 44
19 systemd.services.phpfpm-iridologie.after = lib.mkAfter iridologie.phpFpm.serviceDeps; 45 systemd.services.phpfpm-isabelle_iridologie.after = lib.mkAfter [ "mysql.service" ];
20 systemd.services.phpfpm-iridologie.wants = iridologie.phpFpm.serviceDeps; 46 systemd.services.phpfpm-isabelle_iridologie.wants = [ "mysql.service" ];
21 services.phpfpm.pools.iridologie = { 47 services.phpfpm.pools.isabelle_iridologie = {
22 user = config.services.httpd.Prod.user; 48 user = config.services.httpd.Prod.user;
23 group = config.services.httpd.Prod.group; 49 group = config.services.httpd.Prod.group;
24 settings = iridologie.phpFpm.pool; 50 settings = {
51 "listen.owner" = "${apacheUser}";
52 "listen.group" = "${apacheGroup}";
53 "php_admin_value[upload_max_filesize]" = "20M";
54 "php_admin_value[post_max_size]" = "20M";
55 #"php_admin_flag[log_errors]" = "on";
56 "php_admin_value[open_basedir]" = "${app.spipConfig}:${./config}:${app}:${app.varDir}:/tmp";
57 "php_admin_value[session.save_path]" = "${app.varDir}/phpSessions";
58 "pm" = "dynamic";
59 "pm.max_children" = "20";
60 "pm.start_servers" = "2";
61 "pm.min_spare_servers" = "1";
62 "pm.max_spare_servers" = "3";
63 };
25 phpOptions = config.services.phpfpm.phpOptions + '' 64 phpOptions = config.services.phpfpm.phpOptions + ''
26 extension=${pkgs.php}/lib/php/extensions/mysqli.so 65 extension=${pkgs.php}/lib/php/extensions/mysqli.so
27 ''; 66 '';
28 }; 67 };
29 system.activationScripts.iridologie = iridologie.activationScript; 68 system.activationScripts.isabelle_iridologie = {
30 myServices.websites.webappDirs."${iridologie.apache.webappName}" = iridologie.app.webRoot; 69 deps = [ "wrappers" ];
31 services.websites.env.production.modules = iridologie.apache.modules; 70 text = ''
32 services.websites.env.production.vhostConfs.iridologie = { 71 install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local
33 certName = "aten"; 72 install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions
73 '';
74 };
75 services.websites.webappDirs.isabelle_iridologie = app.webRoot;
76 services.websites.env.production.modules = [ "proxy_fcgi" ];
77 services.websites.env.production.vhostConfs.isabelle_iridologie = {
78 certName = "isabelle";
34 addToCerts = true; 79 addToCerts = true;
35 hosts = [ "iridologie.icommandeur.org" "icommandeur.org" "www.icommandeur.org" ]; 80 hosts = [ "iridologie.icommandeur.org" "icommandeur.org" "www.icommandeur.org" ];
36 root = iridologie.apache.root; 81 root = webappdir;
37 extraConfig = [ 82 extraConfig = [
38 '' 83 ''
39 RewriteEngine On 84 RewriteEngine On
40 RewriteCond "%{HTTP_HOST}" "!^iridologie\.icommandeur\.org$" [NC] 85 RewriteCond "%{HTTP_HOST}" "!^iridologie\.icommandeur\.org$" [NC]
41 RewriteRule ^(.+)$ https://iridologie.icommandeur.org$1 [R=302,L] 86 RewriteRule ^(.+)$ https://iridologie.icommandeur.org$1 [R=302,L]
87
88 Include ${secretsPath}
89
90 RewriteEngine On
91
92 <FilesMatch "\.php$">
93 SetHandler "proxy:unix:${config.services.phpfpm.pools.isabelle_iridologie.socket}|fcgi://localhost"
94 </FilesMatch>
95
96 <Directory ${webappdir}>
97 DirectoryIndex index.php index.htm index.html
98 Options -Indexes +FollowSymLinks +MultiViews +Includes
99 Include ${webappdir}/htaccess.txt
100
101 AllowOverride AuthConfig FileInfo Limit
102 Require all granted
103 </Directory>
104
105 <DirectoryMatch "${webappdir}/squelettes">
106 Require all denied
107 </DirectoryMatch>
108
109 <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$">
110 Require all denied
111 </FilesMatch>
112
113 Use Stats iridologie.icommandeur.org
42 '' 114 ''
43 (iridologie.apache.vhostConf config.services.phpfpm.pools.iridologie.socket)
44 ]; 115 ];
45 }; 116 };
46 services.websites.env.production.watchPaths = [ 117 services.websites.env.production.watchPaths = [
47 "/var/secrets/webapps/${iridologie.app.environment}-iridologie" 118 secretsPath
48 ]; 119 ];
49 }; 120 };
50} 121}
diff --git a/pkgs/private/webapps/iridologie/default.nix b/modules/private/websites/isabelle/iridologie_app/default.nix
index 8e05736..604d250 100644
--- a/pkgs/private/webapps/iridologie/default.nix
+++ b/modules/private/websites/isabelle/iridologie_app/default.nix
@@ -11,5 +11,5 @@ in
11spip.override { 11spip.override {
12 ldap = true; 12 ldap = true;
13 siteName = "iridologie"; 13 siteName = "iridologie";
14 inherit environment siteDir; 14 inherit environment siteDir varDir;
15} 15}
diff --git a/pkgs/private/webapps/iridologie/iridologie.json b/modules/private/websites/isabelle/iridologie_app/iridologie.json
index 5cc7f91..5cc7f91 100644
--- a/pkgs/private/webapps/iridologie/iridologie.json
+++ b/modules/private/websites/isabelle/iridologie_app/iridologie.json
diff --git a/modules/private/websites/isabelle/spip_builder.nix b/modules/private/websites/isabelle/spip_builder.nix
deleted file mode 100644
index e1130d1..0000000
--- a/modules/private/websites/isabelle/spip_builder.nix
+++ /dev/null
@@ -1,96 +0,0 @@
1{ apacheUser, apacheGroup, iridologie, config }:
2rec {
3 app = iridologie.override { inherit (config) environment; };
4 phpFpm = rec {
5 serviceDeps = [ "mysql.service" ];
6 pool = {
7 "listen.owner" = "${apacheUser}";
8 "listen.group" = "${apacheGroup}";
9 "php_admin_value[upload_max_filesize]" = "20M";
10 "php_admin_value[post_max_size]" = "20M";
11 #"php_admin_flag[log_errors]" = "on";
12 "php_admin_value[open_basedir]" = "${app.spipConfig}:${configDir}:${app}:${app.varDir}:/tmp";
13 "php_admin_value[session.save_path]" = "${app.varDir}/phpSessions";
14 } // (if app.environment == "dev" then {
15 "pm" = "ondemand";
16 "pm.max_children" = "5";
17 "pm.process_idle_timeout" = "60";
18 } else {
19 "pm" = "dynamic";
20 "pm.max_children" = "20";
21 "pm.start_servers" = "2";
22 "pm.min_spare_servers" = "1";
23 "pm.max_spare_servers" = "3";
24 });
25 };
26 keys = [{
27 dest = "webapps/${app.environment}-iridologie";
28 user = apacheUser;
29 group = apacheGroup;
30 permissions = "0400";
31 text = ''
32 SetEnv SPIP_CONFIG_DIR "${configDir}"
33 SetEnv SPIP_VAR_DIR "${app.varDir}"
34 SetEnv SPIP_SITE "iridologie-${app.environment}"
35 SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu"
36 SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu"
37 SetEnv SPIP_LDAP_SEARCH_DN "${config.ldap.dn}"
38 SetEnv SPIP_LDAP_SEARCH_PW "${config.ldap.password}"
39 SetEnv SPIP_LDAP_SEARCH "${config.ldap.filter}"
40 SetEnv SPIP_MYSQL_HOST "${config.mysql.host}"
41 SetEnv SPIP_MYSQL_PORT "${config.mysql.port}"
42 SetEnv SPIP_MYSQL_DB "${config.mysql.database}"
43 SetEnv SPIP_MYSQL_USER "${config.mysql.user}"
44 SetEnv SPIP_MYSQL_PASSWORD "${config.mysql.password}"
45 '';
46 }];
47 apache = rec {
48 modules = [ "proxy_fcgi" ];
49 webappName = "iridologie_${app.environment}";
50 root = "/run/current-system/webapps/${webappName}";
51 vhostConf = socket: ''
52 Include /var/secrets/webapps/${app.environment}-iridologie
53
54 RewriteEngine On
55
56 <FilesMatch "\.php$">
57 SetHandler "proxy:unix:${socket}|fcgi://localhost"
58 </FilesMatch>
59
60 <Directory ${root}>
61 DirectoryIndex index.php index.htm index.html
62 Options -Indexes +FollowSymLinks +MultiViews +Includes
63 Include ${root}/htaccess.txt
64
65 AllowOverride AuthConfig FileInfo Limit
66 Require all granted
67 </Directory>
68
69 <DirectoryMatch "${root}/squelettes">
70 Require all denied
71 </DirectoryMatch>
72
73 <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$">
74 Require all denied
75 </FilesMatch>
76
77 ${if app.environment == "dev" then ''
78 <Location />
79 Use LDAPConnect
80 Require ldap-group cn=isabelle.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
81 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://iridologie.icommandeur.org\"></html>"
82 </Location>
83 '' else ''
84 Use Stats iridologie.icommandeur.org
85 ''}
86 '';
87 };
88 activationScript = {
89 deps = [ "wrappers" ];
90 text = ''
91 install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local
92 install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions
93 '';
94 };
95 configDir = ./config;
96}
diff --git a/modules/private/websites/naturaloutil/production.nix b/modules/private/websites/jerome/naturaloutil.nix
index 1e79141..8bbb49e 100644
--- a/modules/private/websites/naturaloutil/production.nix
+++ b/modules/private/websites/jerome/naturaloutil.nix
@@ -1,11 +1,14 @@
1{ lib, pkgs, config, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; }; 3 adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; };
4 cfg = config.myServices.websites.naturaloutil.production; 4 cfg = config.myServices.websites.jerome.naturaloutil;
5 varDir = "/var/lib/ftp/jerome"; 5 varDir = "/var/lib/ftp/jerome";
6 env = config.myEnv.websites.jerome; 6 env = config.myEnv.websites.jerome;
7 apacheUser = config.services.httpd.Prod.user;
8 apacheGroup = config.services.httpd.Prod.group;
9 secretsPath = config.secrets.fullPaths."websites/jerome/naturaloutil";
7in { 10in {
8 options.myServices.websites.naturaloutil.production.enable = lib.mkEnableOption "enable Naturaloutil's website"; 11 options.myServices.websites.jerome.naturaloutil.enable = lib.mkEnableOption "enable Jerome Naturaloutil's website";
9 12
10 config = lib.mkIf cfg.enable { 13 config = lib.mkIf cfg.enable {
11 services.webstats.sites = [ { name = "naturaloutil.immae.eu"; } ]; 14 services.webstats.sites = [ { name = "naturaloutil.immae.eu"; } ];
@@ -13,9 +16,9 @@ in {
13 security.acme.certs."ftp".extraDomains."naturaloutil.immae.eu" = null; 16 security.acme.certs."ftp".extraDomains."naturaloutil.immae.eu" = null;
14 17
15 secrets.keys = [{ 18 secrets.keys = [{
16 dest = "webapps/prod-naturaloutil"; 19 dest = "websites/jerome/naturaloutil";
17 user = "wwwrun"; 20 user = apacheUser;
18 group = "wwwrun"; 21 group = apacheGroup;
19 permissions = "0400"; 22 permissions = "0400";
20 text = '' 23 text = ''
21 <?php 24 <?php
@@ -33,38 +36,38 @@ in {
33 ?> 36 ?>
34 ''; 37 '';
35 }]; 38 }];
36 system.activationScripts.naturaloutil = { 39 system.activationScripts.jerome_naturaloutil = {
37 deps = [ "httpd" ]; 40 deps = [ "httpd" ];
38 text = '' 41 text = ''
39 install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/naturaloutil 42 install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/jerome_naturaloutil
40 ''; 43 '';
41 }; 44 };
42 systemd.services.phpfpm-jerome.after = lib.mkAfter [ "mysql.service" ]; 45 systemd.services.phpfpm-jerome_naturaloutil.after = lib.mkAfter [ "mysql.service" ];
43 systemd.services.phpfpm-jerome.wants = [ "mysql.service" ]; 46 systemd.services.phpfpm-jerome_naturaloutil.wants = [ "mysql.service" ];
44 services.phpfpm.pools.jerome = { 47 services.phpfpm.pools.jerome_naturaloutil = {
45 user = "wwwrun"; 48 user = apacheUser;
46 group = "wwwrun"; 49 group = apacheGroup;
47 settings = { 50 settings = {
48 "listen.owner" = "wwwrun"; 51 "listen.owner" = apacheUser;
49 "listen.group" = "wwwrun"; 52 "listen.group" = apacheGroup;
50 53
51 "pm" = "ondemand"; 54 "pm" = "ondemand";
52 "pm.max_children" = "5"; 55 "pm.max_children" = "5";
53 "pm.process_idle_timeout" = "60"; 56 "pm.process_idle_timeout" = "60";
54 57
55 "php_admin_value[open_basedir]" = "/var/lib/php/sessions/naturaloutil:/var/secrets/webapps/prod-naturaloutil:${varDir}:/tmp"; 58 "php_admin_value[open_basedir]" = "/var/lib/php/sessions/jerome_naturaloutil:${secretsPath}:${varDir}:/tmp";
56 "php_admin_value[session.save_path]" = "/var/lib/php/sessions/naturaloutil"; 59 "php_admin_value[session.save_path]" = "/var/lib/php/sessions/jerome_naturaloutil";
57 }; 60 };
58 phpEnv = { 61 phpEnv = {
59 BDD_CONNECT = "/var/secrets/webapps/prod-naturaloutil"; 62 BDD_CONNECT = secretsPath;
60 }; 63 };
61 phpOptions = config.services.phpfpm.phpOptions + '' 64 phpOptions = config.services.phpfpm.phpOptions + ''
62 extension=${pkgs.php}/lib/php/extensions/mysqli.so 65 extension=${pkgs.php}/lib/php/extensions/mysqli.so
63 ''; 66 '';
64 }; 67 };
65 services.websites.env.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ]; 68 services.websites.env.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ];
66 services.websites.env.production.vhostConfs.naturaloutil = { 69 services.websites.env.production.vhostConfs.jerome_naturaloutil = {
67 certName = "naturaloutil"; 70 certName = "jerome";
68 certMainHost = "naturaloutil.immae.eu"; 71 certMainHost = "naturaloutil.immae.eu";
69 hosts = ["naturaloutil.immae.eu" ]; 72 hosts = ["naturaloutil.immae.eu" ];
70 root = varDir; 73 root = varDir;
@@ -77,7 +80,7 @@ in {
77 CustomLog "${varDir}/logs/access_log" combined 80 CustomLog "${varDir}/logs/access_log" combined
78 81
79 <FilesMatch "\.php$"> 82 <FilesMatch "\.php$">
80 SetHandler "proxy:unix:${config.services.phpfpm.pools.jerome.socket}|fcgi://localhost" 83 SetHandler "proxy:unix:${config.services.phpfpm.pools.jerome_naturaloutil.socket}|fcgi://localhost"
81 </FilesMatch> 84 </FilesMatch>
82 85
83 <Directory ${varDir}/logs> 86 <Directory ${varDir}/logs>
diff --git a/modules/private/websites/leila/production.nix b/modules/private/websites/leila/production.nix
index 3b289cf..b48da6f 100644
--- a/modules/private/websites/leila/production.nix
+++ b/modules/private/websites/leila/production.nix
@@ -2,16 +2,18 @@
2let 2let
3 cfg = config.myServices.websites.leila.production; 3 cfg = config.myServices.websites.leila.production;
4 varDir = "/var/lib/ftp/leila"; 4 varDir = "/var/lib/ftp/leila";
5 apacheUser = config.services.httpd.Prod.user;
6 apacheGroup = config.services.httpd.Prod.group;
5in { 7in {
6 options.myServices.websites.leila.production.enable = lib.mkEnableOption "enable Leila's websites in production"; 8 options.myServices.websites.leila.production.enable = lib.mkEnableOption "enable Leila's websites in production";
7 9
8 config = lib.mkIf cfg.enable { 10 config = lib.mkIf cfg.enable {
9 services.phpfpm.pools.leila = { 11 services.phpfpm.pools.leila = {
10 user = "wwwrun"; 12 user = apacheUser;
11 group = "wwwrun"; 13 group = apacheGroup;
12 settings = { 14 settings = {
13 "listen.owner" = "wwwrun"; 15 "listen.owner" = apacheUser;
14 "listen.group" = "wwwrun"; 16 "listen.group" = apacheGroup;
15 17
16 "pm" = "ondemand"; 18 "pm" = "ondemand";
17 "pm.max_children" = "5"; 19 "pm.max_children" = "5";
diff --git a/pkgs/private/webapps/ludivinecassal/default.nix b/modules/private/websites/ludivine/app/default.nix
index 3401435..05be0b1 100644
--- a/pkgs/private/webapps/ludivinecassal/default.nix
+++ b/modules/private/websites/ludivine/app/default.nix
@@ -1,5 +1,6 @@
1{ environment ? "prod" 1{ environment ? "prod"
2, varDir ? "/var/lib/ludivinecassal_${environment}" 2, varDir ? "/var/lib/ludivinecassal_${environment}"
3, secretsPath ? "/var/secrets/webapps/${environment}-ludivinecassal"
3, composerEnv, fetchurl, fetchgit, imagemagick, sass, ruby, mylibs }: 4, composerEnv, fetchurl, fetchgit, imagemagick, sass, ruby, mylibs }:
4let 5let
5 app = composerEnv.buildPackage ( 6 app = composerEnv.buildPackage (
@@ -24,7 +25,7 @@ let
24 postInstall = '' 25 postInstall = ''
25 rm -rf var/{logs,cache,data,miniatures,tmp} 26 rm -rf var/{logs,cache,data,miniatures,tmp}
26 ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/ 27 ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/
27 ln -sf /var/secrets/webapps/${environment}-ludivinecassal app/config/parameters.yml 28 ln -sf ${secretsPath} app/config/parameters.yml
28 ''; 29 '';
29 buildInputs = [ sass ]; 30 buildInputs = [ sass ];
30 passthru = { 31 passthru = {
diff --git a/pkgs/private/webapps/ludivinecassal/ludivinecassal.json b/modules/private/websites/ludivine/app/ludivinecassal.json
index f0d23c3..f0d23c3 100644
--- a/pkgs/private/webapps/ludivinecassal/ludivinecassal.json
+++ b/modules/private/websites/ludivine/app/ludivinecassal.json
diff --git a/pkgs/private/webapps/ludivinecassal/php-packages.nix b/modules/private/websites/ludivine/app/php-packages.nix
index 3495c32..3495c32 100644
--- a/pkgs/private/webapps/ludivinecassal/php-packages.nix
+++ b/modules/private/websites/ludivine/app/php-packages.nix
diff --git a/modules/private/websites/ludivinecassal/integration.nix b/modules/private/websites/ludivine/integration.nix
index d304fdf..4e37c0c 100644
--- a/modules/private/websites/ludivinecassal/integration.nix
+++ b/modules/private/websites/ludivine/integration.nix
@@ -1,15 +1,19 @@
1{ lib, pkgs, config, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 secrets = config.myEnv.websites.ludivinecassal.integration; 3 secrets = config.myEnv.websites.ludivine.integration;
4 app = pkgs.webapps.ludivinecassal.override { environment = secrets.environment; }; 4 app = pkgs.callPackage ./app {
5 cfg = config.myServices.websites.ludivinecassal.integration; 5 environment = secrets.environment;
6 varDir = "/var/lib/ludivine_integration";
7 secretsPath = config.secrets.fullPaths."websites/ludivine/integration";
8 };
9 cfg = config.myServices.websites.ludivine.integration;
6 pcfg = config.services.phpApplication; 10 pcfg = config.services.phpApplication;
7in { 11in {
8 options.myServices.websites.ludivinecassal.integration.enable = lib.mkEnableOption "enable Ludivine's website in integration"; 12 options.myServices.websites.ludivine.integration.enable = lib.mkEnableOption "enable Ludivine's website in integration";
9 13
10 config = lib.mkIf cfg.enable { 14 config = lib.mkIf cfg.enable {
11 services.duplyBackup.profiles.ludivinecassal_dev.rootDir = app.varDir; 15 services.duplyBackup.profiles.ludivine_integration.rootDir = app.varDir;
12 services.phpApplication.apps.ludivinecassal_dev = { 16 services.phpApplication.apps.ludivine_integration = {
13 websiteEnv = "integration"; 17 websiteEnv = "integration";
14 httpdUser = config.services.httpd.Inte.user; 18 httpdUser = config.services.httpd.Inte.user;
15 httpdGroup = config.services.httpd.Inte.group; 19 httpdGroup = config.services.httpd.Inte.group;
@@ -32,16 +36,21 @@ in {
32 "pm.process_idle_timeout" = "60"; 36 "pm.process_idle_timeout" = "60";
33 }; 37 };
34 phpEnv = { 38 phpEnv = {
35 SYMFONY_DEBUG_MODE = "yes"; 39 PATH = lib.makeBinPath [
40 # below ones don't need to be in the PATH but they’re used in
41 # secrets
42 pkgs.imagemagick pkgs.sass pkgs.ruby
43 ];
44 SYMFONY_DEBUG_MODE = "\"yes\"";
36 }; 45 };
37 phpWatchFiles = [ 46 phpWatchFiles = [
38 config.secrets.fullPaths."webapps/${app.environment}-ludivinecassal" 47 config.secrets.fullPaths."websites/ludivine/integration"
39 ]; 48 ];
40 }; 49 };
41 50
42 secrets.keys = [ 51 secrets.keys = [
43 { 52 {
44 dest = "webapps/${app.environment}-ludivinecassal"; 53 dest = "websites/ludivine/integration";
45 user = config.services.httpd.Inte.user; 54 user = config.services.httpd.Inte.user;
46 group = config.services.httpd.Inte.group; 55 group = config.services.httpd.Inte.group;
47 permissions = "0400"; 56 permissions = "0400";
@@ -78,15 +87,15 @@ in {
78 } 87 }
79 ]; 88 ];
80 89
81 services.websites.env.integration.vhostConfs.ludivinecassal_dev = { 90 services.websites.env.integration.vhostConfs.ludivine_integration = {
82 certName = "integration"; 91 certName = "integration";
83 addToCerts = true; 92 addToCerts = true;
84 hosts = [ "ludivine.immae.eu" ]; 93 hosts = [ "ludivine.immae.eu" ];
85 root = pcfg.webappDirs.ludivinecassal_dev; 94 root = pcfg.webappDirs.ludivine_integration;
86 extraConfig = [ 95 extraConfig = [
87 '' 96 ''
88 <FilesMatch "\.php$"> 97 <FilesMatch "\.php$">
89 SetHandler "proxy:unix:${pcfg.phpListenPaths.ludivinecassal_dev}|fcgi://localhost" 98 SetHandler "proxy:unix:${pcfg.phpListenPaths.ludivine_integration}|fcgi://localhost"
90 </FilesMatch> 99 </FilesMatch>
91 100
92 <Location /> 101 <Location />
@@ -95,7 +104,7 @@ in {
95 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://ludivinecassal.com\"></html>" 104 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://ludivinecassal.com\"></html>"
96 </Location> 105 </Location>
97 106
98 <Directory ${pcfg.webappDirs.ludivinecassal_dev}> 107 <Directory ${pcfg.webappDirs.ludivine_integration}>
99 Options Indexes FollowSymLinks MultiViews Includes 108 Options Indexes FollowSymLinks MultiViews Includes
100 AllowOverride None 109 AllowOverride None
101 Require all granted 110 Require all granted
diff --git a/modules/private/websites/ludivinecassal/production.nix b/modules/private/websites/ludivine/production.nix
index 5761be7..47450c5 100644
--- a/modules/private/websites/ludivinecassal/production.nix
+++ b/modules/private/websites/ludivine/production.nix
@@ -1,16 +1,20 @@
1{ lib, pkgs, config, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 secrets = config.myEnv.websites.ludivinecassal.production; 3 secrets = config.myEnv.websites.ludivine.production;
4 app = pkgs.webapps.ludivinecassal.override { environment = secrets.environment; }; 4 app = pkgs.callPackage ./app {
5 environment = secrets.environment;
6 varDir = "/var/lib/ludivine_production";
7 secretsPath = config.secrets.fullPaths."websites/ludivine/production";
8 };
5 pcfg = config.services.phpApplication; 9 pcfg = config.services.phpApplication;
6 cfg = config.myServices.websites.ludivinecassal.production; 10 cfg = config.myServices.websites.ludivine.production;
7in { 11in {
8 options.myServices.websites.ludivinecassal.production.enable = lib.mkEnableOption "enable Ludivine's website in production"; 12 options.myServices.websites.ludivine.production.enable = lib.mkEnableOption "enable Ludivine's website in production";
9 13
10 config = lib.mkIf cfg.enable { 14 config = lib.mkIf cfg.enable {
11 services.duplyBackup.profiles.ludivinecassal_prod.rootDir = app.varDir; 15 services.duplyBackup.profiles.ludivine_production.rootDir = app.varDir;
12 services.webstats.sites = [ { name = "ludivinecassal.com"; } ]; 16 services.webstats.sites = [ { name = "ludivinecassal.com"; } ];
13 services.phpApplication.apps.ludivinecassal_prod = { 17 services.phpApplication.apps.ludivine_production = {
14 websiteEnv = "production"; 18 websiteEnv = "production";
15 httpdUser = config.services.httpd.Prod.user; 19 httpdUser = config.services.httpd.Prod.user;
16 httpdGroup = config.services.httpd.Prod.group; 20 httpdGroup = config.services.httpd.Prod.group;
@@ -35,13 +39,20 @@ in {
35 "pm.max_spare_servers" = "3"; 39 "pm.max_spare_servers" = "3";
36 }; 40 };
37 phpWatchFiles = [ 41 phpWatchFiles = [
38 config.secrets.fullPaths."webapps/${app.environment}-ludivinecassal" 42 config.secrets.fullPaths."websites/ludivine/production"
39 ]; 43 ];
44 phpEnv = {
45 PATH = lib.makeBinPath [
46 # below ones don't need to be in the PATH but they’re used in
47 # secrets
48 pkgs.imagemagick pkgs.sass pkgs.ruby
49 ];
50 };
40 }; 51 };
41 52
42 secrets.keys = [ 53 secrets.keys = [
43 { 54 {
44 dest = "webapps/${app.environment}-ludivinecassal"; 55 dest = "websites/ludivine/production";
45 user = config.services.httpd.Prod.user; 56 user = config.services.httpd.Prod.user;
46 group = config.services.httpd.Prod.group; 57 group = config.services.httpd.Prod.group;
47 permissions = "0400"; 58 permissions = "0400";
@@ -78,11 +89,11 @@ in {
78 } 89 }
79 ]; 90 ];
80 91
81 services.websites.env.production.vhostConfs.ludivinecassal_prod = { 92 services.websites.env.production.vhostConfs.ludivine_production = {
82 certName = "ludivinecassal"; 93 certName = "ludivine";
83 certMainHost = "ludivinecassal.com"; 94 certMainHost = "ludivinecassal.com";
84 hosts = ["ludivinecassal.com" "www.ludivinecassal.com" ]; 95 hosts = ["ludivinecassal.com" "www.ludivinecassal.com" ];
85 root = pcfg.webappDirs.ludivinecassal_prod; 96 root = pcfg.webappDirs.ludivine_production;
86 extraConfig = [ 97 extraConfig = [
87 '' 98 ''
88 RewriteEngine on 99 RewriteEngine on
@@ -90,12 +101,12 @@ in {
90 RewriteRule ^(.+)$ https://ludivinecassal.com$1 [R=302,L] 101 RewriteRule ^(.+)$ https://ludivinecassal.com$1 [R=302,L]
91 102
92 <FilesMatch "\.php$"> 103 <FilesMatch "\.php$">
93 SetHandler "proxy:unix:${pcfg.phpListenPaths.ludivinecassal_prod}|fcgi://localhost" 104 SetHandler "proxy:unix:${pcfg.phpListenPaths.ludivine_production}|fcgi://localhost"
94 </FilesMatch> 105 </FilesMatch>
95 106
96 Use Stats ludivinecassal.com 107 Use Stats ludivinecassal.com
97 108
98 <Directory ${pcfg.webappDirs.ludivinecassal_prod}> 109 <Directory ${pcfg.webappDirs.ludivine_production}>
99 Options Indexes FollowSymLinks MultiViews Includes 110 Options Indexes FollowSymLinks MultiViews Includes
100 AllowOverride All 111 AllowOverride All
101 Require all granted 112 Require all granted
diff --git a/modules/private/websites/nassime/production.nix b/modules/private/websites/nassime/production.nix
index f9468f9..1179351 100644
--- a/modules/private/websites/nassime/production.nix
+++ b/modules/private/websites/nassime/production.nix
@@ -3,26 +3,27 @@ let
3 cfg = config.myServices.websites.nassime.production; 3 cfg = config.myServices.websites.nassime.production;
4 varDir = "/var/lib/ftp/nassime"; 4 varDir = "/var/lib/ftp/nassime";
5 env = config.myEnv.websites.nassime; 5 env = config.myEnv.websites.nassime;
6 domain = "nassime.bouya.org";
6in { 7in {
7 options.myServices.websites.nassime.production.enable = lib.mkEnableOption "enable Nassime's website"; 8 options.myServices.websites.nassime.production.enable = lib.mkEnableOption "enable Nassime's website";
8 9
9 config = lib.mkIf cfg.enable { 10 config = lib.mkIf cfg.enable {
10 services.webstats.sites = [ { name = "nassime.bouya.org"; } ]; 11 services.webstats.sites = [ { name = domain; } ];
11 12
12 security.acme.certs."ftp".extraDomains."nassime.bouya.org" = null; 13 security.acme.certs."ftp".extraDomains."${domain}" = null;
13 14
14 services.websites.env.production.vhostConfs.nassime = { 15 services.websites.env.production.vhostConfs.nassime = {
15 certName = "nassime"; 16 certName = "nassime";
16 certMainHost = "nassime.bouya.org"; 17 certMainHost = domain;
17 hosts = ["nassime.bouya.org" ]; 18 hosts = [ domain ];
18 root = varDir; 19 root = varDir;
19 extraConfig = [ 20 extraConfig = [
20 '' 21 ''
21 Use Stats nassime.bouya.org 22 Use Stats ${domain}
22 ServerAdmin ${env.server_admin} 23 ServerAdmin ${env.server_admin}
23 24
24 <Directory ${varDir}> 25 <Directory ${varDir}>
25 DirectoryIndex index.php index.htm index.html 26 DirectoryIndex index.htm index.html
26 Options Indexes FollowSymLinks MultiViews Includes 27 Options Indexes FollowSymLinks MultiViews Includes
27 AllowOverride None 28 AllowOverride None
28 Require all granted 29 Require all granted
diff --git a/modules/private/websites/papa/maison_bbc.nix b/modules/private/websites/papa/maison_bbc.nix
index 9576a9e..d94a027 100644
--- a/modules/private/websites/papa/maison_bbc.nix
+++ b/modules/private/websites/papa/maison_bbc.nix
@@ -2,6 +2,8 @@
2let 2let
3 cfg = config.myServices.websites.papa.maison_bbc; 3 cfg = config.myServices.websites.papa.maison_bbc;
4 varDir = "/var/lib/ftp/papa/site"; 4 varDir = "/var/lib/ftp/papa/site";
5 apacheUser = config.services.httpd.Prod.user;
6 apacheGroup = config.services.httpd.Prod.group;
5in { 7in {
6 options.myServices.websites.papa.maison_bbc.enable = lib.mkEnableOption "enable Papa Maison bbc website"; 8 options.myServices.websites.papa.maison_bbc.enable = lib.mkEnableOption "enable Papa Maison bbc website";
7 9
@@ -9,11 +11,11 @@ in {
9 services.duplyBackup.profiles.papa_maison_bbc.rootDir = varDir; 11 services.duplyBackup.profiles.papa_maison_bbc.rootDir = varDir;
10 services.webstats.sites = [ { name = "maison.bbc.bouya.org"; } ]; 12 services.webstats.sites = [ { name = "maison.bbc.bouya.org"; } ];
11 services.phpfpm.pools.papa_maison_bbc = { 13 services.phpfpm.pools.papa_maison_bbc = {
12 user = "wwwrun"; 14 user = apacheUser;
13 group = "wwwrun"; 15 group = apacheGroup;
14 settings = { 16 settings = {
15 "listen.owner" = "wwwrun"; 17 "listen.owner" = apacheUser;
16 "listen.group" = "wwwrun"; 18 "listen.group" = apacheGroup;
17 19
18 "pm" = "ondemand"; 20 "pm" = "ondemand";
19 "pm.max_children" = "5"; 21 "pm.max_children" = "5";
diff --git a/modules/private/websites/papa/surveillance.nix b/modules/private/websites/papa/surveillance.nix
index 1bb6ac8..a8e5149 100644
--- a/modules/private/websites/papa/surveillance.nix
+++ b/modules/private/websites/papa/surveillance.nix
@@ -2,6 +2,7 @@
2let 2let
3 cfg = config.myServices.websites.papa.surveillance; 3 cfg = config.myServices.websites.papa.surveillance;
4 varDir = "/var/lib/ftp/papa"; 4 varDir = "/var/lib/ftp/papa";
5 apacheUser = config.services.httpd.Prod.user;
5in { 6in {
6 options.myServices.websites.papa.surveillance.enable = lib.mkEnableOption "enable Papa surveillance's website"; 7 options.myServices.websites.papa.surveillance.enable = lib.mkEnableOption "enable Papa surveillance's website";
7 8
@@ -22,12 +23,12 @@ in {
22 in 23 in
23 [ 24 [
24 '' 25 ''
25 0 6 * * * wwwrun ${script} 26 0 6 * * * ${apacheUser} ${script}
26 '' 27 ''
27 ]; 28 ];
28 }; 29 };
29 30
30 services.websites.env.production.vhostConfs.papa = { 31 services.websites.env.production.vhostConfs.papa_surveillance = {
31 certName = "papa"; 32 certName = "papa";
32 certMainHost = "surveillance.maison.bbc.bouya.org"; 33 certMainHost = "surveillance.maison.bbc.bouya.org";
33 hosts = [ "surveillance.maison.bbc.bouya.org" ]; 34 hosts = [ "surveillance.maison.bbc.bouya.org" ];
diff --git a/pkgs/private/webapps/piedsjaloux/default.nix b/modules/private/websites/piedsjaloux/app/default.nix
index f5370db..726d93c 100644
--- a/pkgs/private/webapps/piedsjaloux/default.nix
+++ b/modules/private/websites/piedsjaloux/app/default.nix
@@ -1,5 +1,6 @@
1{ environment ? "prod" 1{ environment ? "prod"
2, varDir ? "/var/lib/piedsjaloux_${environment}" 2, varDir ? "/var/lib/piedsjaloux_${environment}"
3, secretsPath ? "/var/secrets/webapps/${environment}-piedsjaloux"
3, composerEnv, fetchurl, fetchgit, mylibs }: 4, composerEnv, fetchurl, fetchgit, mylibs }:
4let 5let
5 app = composerEnv.buildPackage ( 6 app = composerEnv.buildPackage (
@@ -15,12 +16,12 @@ let
15 postInstall = '' 16 postInstall = ''
16 cd $out 17 cd $out
17 rm app/config/parameters.yml 18 rm app/config/parameters.yml
18 ln -sf /var/secrets/webapps/${environment}-piedsjaloux app/config/parameters.yml 19 ln -sf ${secretsPath} app/config/parameters.yml
19 rm -rf var/{logs,cache,data,miniatures,tmp} 20 rm -rf var/{logs,cache,data,miniatures,tmp}
20 ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/ 21 ln -sf ${varDir}/{logs,cache,data,miniatures,tmp} var/
21 ''; 22 '';
22 passthru = { 23 passthru = {
23 inherit varDir environment; 24 inherit varDir environment secretsPath;
24 webRoot = "${app}/web"; 25 webRoot = "${app}/web";
25 }; 26 };
26 }); 27 });
diff --git a/pkgs/private/webapps/piedsjaloux/php-packages.nix b/modules/private/websites/piedsjaloux/app/php-packages.nix
index a47a816..a47a816 100644
--- a/pkgs/private/webapps/piedsjaloux/php-packages.nix
+++ b/modules/private/websites/piedsjaloux/app/php-packages.nix
diff --git a/pkgs/private/webapps/piedsjaloux/piedsjaloux.json b/modules/private/websites/piedsjaloux/app/piedsjaloux.json
index dc2c083..dc2c083 100644
--- a/pkgs/private/webapps/piedsjaloux/piedsjaloux.json
+++ b/modules/private/websites/piedsjaloux/app/piedsjaloux.json
diff --git a/modules/private/websites/piedsjaloux/integration.nix b/modules/private/websites/piedsjaloux/integration.nix
index 76523ed..d8790cc 100644
--- a/modules/private/websites/piedsjaloux/integration.nix
+++ b/modules/private/websites/piedsjaloux/integration.nix
@@ -1,15 +1,20 @@
1{ lib, pkgs, config, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 secrets = config.myEnv.websites.piedsjaloux.integration; 3 secrets = config.myEnv.websites.piedsjaloux.integration;
4 app = pkgs.webapps.piedsjaloux.override { environment = secrets.environment; }; 4 app = pkgs.callPackage ./app {
5 environment = secrets.environment;
6 varDir = "/var/lib/piedsjaloux_integration";
7 secretsPath = config.secrets.fullPaths."websites/piedsjaloux/integration";
8 };
5 cfg = config.myServices.websites.piedsjaloux.integration; 9 cfg = config.myServices.websites.piedsjaloux.integration;
6 pcfg = config.services.phpApplication; 10 pcfg = config.services.phpApplication;
11 texlive = pkgs.texlive.combine { inherit (pkgs.texlive) attachfile preprint scheme-small; };
7in { 12in {
8 options.myServices.websites.piedsjaloux.integration.enable = lib.mkEnableOption "enable PiedsJaloux's website in integration"; 13 options.myServices.websites.piedsjaloux.integration.enable = lib.mkEnableOption "enable PiedsJaloux's website in integration";
9 14
10 config = lib.mkIf cfg.enable { 15 config = lib.mkIf cfg.enable {
11 services.duplyBackup.profiles.piedsjaloux_dev.rootDir = app.varDir; 16 services.duplyBackup.profiles.piedsjaloux_integration.rootDir = app.varDir;
12 services.phpApplication.apps.piedsjaloux_dev = { 17 services.phpApplication.apps.piedsjaloux_integration = {
13 websiteEnv = "integration"; 18 websiteEnv = "integration";
14 httpdUser = config.services.httpd.Inte.user; 19 httpdUser = config.services.httpd.Inte.user;
15 httpdGroup = config.services.httpd.Inte.group; 20 httpdGroup = config.services.httpd.Inte.group;
@@ -32,17 +37,22 @@ in {
32 "pm.process_idle_timeout" = "60"; 37 "pm.process_idle_timeout" = "60";
33 }; 38 };
34 phpEnv = { 39 phpEnv = {
35 PATH = lib.makeBinPath [ pkgs.apg pkgs.unzip ]; 40 PATH = lib.makeBinPath [
36 SYMFONY_DEBUG_MODE = "yes"; 41 pkgs.apg pkgs.unzip
42 # below ones don't need to be in the PATH but they’re used in
43 # secrets
44 pkgs.imagemagick texlive
45 ];
46 SYMFONY_DEBUG_MODE = "\"yes\"";
37 }; 47 };
38 phpWatchFiles = [ 48 phpWatchFiles = [
39 config.secrets.fullPaths."webapps/${app.environment}-piedsjaloux" 49 app.secretsPath
40 ]; 50 ];
41 }; 51 };
42 52
43 secrets.keys = [ 53 secrets.keys = [
44 { 54 {
45 dest = "webapps/${app.environment}-piedsjaloux"; 55 dest = "websites/piedsjaloux/integration";
46 user = config.services.httpd.Inte.user; 56 user = config.services.httpd.Inte.user;
47 group = config.services.httpd.Inte.group; 57 group = config.services.httpd.Inte.group;
48 permissions = "0400"; 58 permissions = "0400";
@@ -60,22 +70,22 @@ in {
60 mailer_user: null 70 mailer_user: null
61 mailer_password: null 71 mailer_password: null
62 secret: ${secrets.secret} 72 secret: ${secrets.secret}
63 pdflatex: "${pkgs.texlive.combine { inherit (pkgs.texlive) attachfile preprint scheme-small; }}/bin/pdflatex" 73 pdflatex: "${texlive}/bin/pdflatex"
64 leapt_im: 74 leapt_im:
65 binary_path: ${pkgs.imagemagick}/bin 75 binary_path: ${pkgs.imagemagick}/bin
66 ''; 76 '';
67 } 77 }
68 ]; 78 ];
69 79
70 services.websites.env.integration.vhostConfs.piedsjaloux_dev = { 80 services.websites.env.integration.vhostConfs.piedsjaloux_integration = {
71 certName = "integration"; 81 certName = "integration";
72 addToCerts = true; 82 addToCerts = true;
73 hosts = [ "piedsjaloux.immae.eu" ]; 83 hosts = [ "piedsjaloux.immae.eu" ];
74 root = pcfg.webappDirs.piedsjaloux_dev; 84 root = pcfg.webappDirs.piedsjaloux_integration;
75 extraConfig = [ 85 extraConfig = [
76 '' 86 ''
77 <FilesMatch "\.php$"> 87 <FilesMatch "\.php$">
78 SetHandler "proxy:unix:${pcfg.phpListenPaths.piedsjaloux_dev}|fcgi://localhost" 88 SetHandler "proxy:unix:${pcfg.phpListenPaths.piedsjaloux_integration}|fcgi://localhost"
79 </FilesMatch> 89 </FilesMatch>
80 90
81 <Location /> 91 <Location />
@@ -84,7 +94,7 @@ in {
84 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://piedsjaloux.fr\"></html>" 94 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://piedsjaloux.fr\"></html>"
85 </Location> 95 </Location>
86 96
87 <Directory ${pcfg.webappDirs.piedsjaloux_dev}> 97 <Directory ${pcfg.webappDirs.piedsjaloux_integration}>
88 Options Indexes FollowSymLinks MultiViews Includes 98 Options Indexes FollowSymLinks MultiViews Includes
89 AllowOverride None 99 AllowOverride None
90 Require all granted 100 Require all granted
diff --git a/modules/private/websites/piedsjaloux/production.nix b/modules/private/websites/piedsjaloux/production.nix
index d3e5c2b..4b2c056 100644
--- a/modules/private/websites/piedsjaloux/production.nix
+++ b/modules/private/websites/piedsjaloux/production.nix
@@ -1,16 +1,21 @@
1{ lib, pkgs, config, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 secrets = config.myEnv.websites.piedsjaloux.production; 3 secrets = config.myEnv.websites.piedsjaloux.production;
4 app = pkgs.webapps.piedsjaloux.override { environment = secrets.environment; }; 4 app = pkgs.callPackage ./app {
5 environment = secrets.environment;
6 varDir = "/var/lib/piedsjaloux_production";
7 secretsPath = config.secrets.fullPaths."websites/piedsjaloux/production";
8 };
5 cfg = config.myServices.websites.piedsjaloux.production; 9 cfg = config.myServices.websites.piedsjaloux.production;
6 pcfg = config.services.phpApplication; 10 pcfg = config.services.phpApplication;
11 texlive = pkgs.texlive.combine { inherit (pkgs.texlive) attachfile preprint scheme-small; };
7in { 12in {
8 options.myServices.websites.piedsjaloux.production.enable = lib.mkEnableOption "enable PiedsJaloux's website in production"; 13 options.myServices.websites.piedsjaloux.production.enable = lib.mkEnableOption "enable PiedsJaloux's website in production";
9 14
10 config = lib.mkIf cfg.enable { 15 config = lib.mkIf cfg.enable {
11 services.duplyBackup.profiles.piedsjaloux_prod.rootDir = app.varDir; 16 services.duplyBackup.profiles.piedsjaloux_production.rootDir = app.varDir;
12 services.webstats.sites = [ { name = "piedsjaloux.fr"; } ]; 17 services.webstats.sites = [ { name = "piedsjaloux.fr"; } ];
13 services.phpApplication.apps.piedsjaloux_prod = { 18 services.phpApplication.apps.piedsjaloux_production = {
14 websiteEnv = "production"; 19 websiteEnv = "production";
15 httpdUser = config.services.httpd.Prod.user; 20 httpdUser = config.services.httpd.Prod.user;
16 httpdGroup = config.services.httpd.Prod.group; 21 httpdGroup = config.services.httpd.Prod.group;
@@ -35,16 +40,21 @@ in {
35 "pm.max_spare_servers" = "3"; 40 "pm.max_spare_servers" = "3";
36 }; 41 };
37 phpEnv = { 42 phpEnv = {
38 PATH = lib.makeBinPath [ pkgs.apg pkgs.unzip ]; 43 PATH = lib.makeBinPath [
44 pkgs.apg pkgs.unzip
45 # below ones don't need to be in the PATH but they’re used in
46 # secrets
47 pkgs.imagemagick texlive
48 ];
39 }; 49 };
40 phpWatchFiles = [ 50 phpWatchFiles = [
41 config.secrets.fullPaths."webapps/${app.environment}-piedsjaloux" 51 app.secretsPath
42 ]; 52 ];
43 }; 53 };
44 54
45 secrets.keys = [ 55 secrets.keys = [
46 { 56 {
47 dest = "webapps/${app.environment}-piedsjaloux"; 57 dest = "websites/piedsjaloux/production";
48 user = config.services.httpd.Prod.user; 58 user = config.services.httpd.Prod.user;
49 group = config.services.httpd.Prod.group; 59 group = config.services.httpd.Prod.group;
50 permissions = "0400"; 60 permissions = "0400";
@@ -62,18 +72,18 @@ in {
62 mailer_user: null 72 mailer_user: null
63 mailer_password: null 73 mailer_password: null
64 secret: ${secrets.secret} 74 secret: ${secrets.secret}
65 pdflatex: "${pkgs.texlive.combine { inherit (pkgs.texlive) attachfile preprint scheme-small; }}/bin/pdflatex" 75 pdflatex: "${texlive}/bin/pdflatex"
66 leapt_im: 76 leapt_im:
67 binary_path: ${pkgs.imagemagick}/bin 77 binary_path: ${pkgs.imagemagick}/bin
68 ''; 78 '';
69 } 79 }
70 ]; 80 ];
71 81
72 services.websites.env.production.vhostConfs.piedsjaloux_prod = { 82 services.websites.env.production.vhostConfs.piedsjaloux_production = {
73 certName = "piedsjaloux"; 83 certName = "piedsjaloux";
74 certMainHost = "piedsjaloux.fr"; 84 certMainHost = "piedsjaloux.fr";
75 hosts = [ "piedsjaloux.fr" "www.piedsjaloux.fr" ]; 85 hosts = [ "piedsjaloux.fr" "www.piedsjaloux.fr" ];
76 root = pcfg.webappDirs.piedsjaloux_prod; 86 root = pcfg.webappDirs.piedsjaloux_production;
77 extraConfig = [ 87 extraConfig = [
78 '' 88 ''
79 RewriteEngine on 89 RewriteEngine on
@@ -81,12 +91,12 @@ in {
81 RewriteRule ^(.+)$ https://www.piedsjaloux.fr$1 [R=302,L] 91 RewriteRule ^(.+)$ https://www.piedsjaloux.fr$1 [R=302,L]
82 92
83 <FilesMatch "\.php$"> 93 <FilesMatch "\.php$">
84 SetHandler "proxy:unix:${pcfg.phpListenPaths.piedsjaloux_prod}|fcgi://localhost" 94 SetHandler "proxy:unix:${pcfg.phpListenPaths.piedsjaloux_production}|fcgi://localhost"
85 </FilesMatch> 95 </FilesMatch>
86 96
87 Use Stats piedsjaloux.fr 97 Use Stats piedsjaloux.fr
88 98
89 <Directory ${pcfg.webappDirs.piedsjaloux_prod}> 99 <Directory ${pcfg.webappDirs.piedsjaloux_production}>
90 Options Indexes FollowSymLinks MultiViews Includes 100 Options Indexes FollowSymLinks MultiViews Includes
91 AllowOverride All 101 AllowOverride All
92 Require all granted 102 Require all granted
diff --git a/modules/private/websites/emilia/richie.nix b/modules/private/websites/richie/production.nix
index 98ab1cd..d6d19c8 100644
--- a/modules/private/websites/emilia/richie.nix
+++ b/modules/private/websites/richie/production.nix
@@ -1,6 +1,6 @@
1{ lib, config, pkgs, ... }: 1{ lib, config, pkgs, ... }:
2let 2let
3 cfg = config.myServices.websites.emilia.richie_production; 3 cfg = config.myServices.websites.richie.production;
4 vardir = "/var/lib/richie_production"; 4 vardir = "/var/lib/richie_production";
5 richieSrc = pkgs.stdenv.mkDerivation (pkgs.mylibs.fetchedGitPrivate ./richie.json // { 5 richieSrc = pkgs.stdenv.mkDerivation (pkgs.mylibs.fetchedGitPrivate ./richie.json // {
6 phases = "installPhase"; 6 phases = "installPhase";
@@ -13,17 +13,21 @@ let
13 sed -i "s@localedef --list-archive@localedef --list-archive /run/current-system/sw/lib/locale/locale-archive@" $out/admin/parametres.php 13 sed -i "s@localedef --list-archive@localedef --list-archive /run/current-system/sw/lib/locale/locale-archive@" $out/admin/parametres.php
14 ''; 14 '';
15 }); 15 });
16 webappdir = config.services.websites.webappDirsPaths.richie_production;
17 secretPath = config.secrets.fullPaths."websites/richie/production";
18 apacheUser = config.services.httpd.Prod.user;
19 apacheGroup = config.services.httpd.Prod.group;
16in 20in
17{ 21{
18 options.myServices.websites.emilia.richie_production.enable = lib.mkEnableOption "enable Richie's website"; 22 options.myServices.websites.richie.production.enable = lib.mkEnableOption "enable Richie's website";
19 config = lib.mkIf cfg.enable { 23 config = lib.mkIf cfg.enable {
20 services.duplyBackup.profiles.richie_production.rootDir = vardir; 24 services.duplyBackup.profiles.richie_production.rootDir = vardir;
21 services.webstats.sites = [ { name = "europe-richie.org"; } ]; 25 services.webstats.sites = [ { name = "europe-richie.org"; } ];
22 26
23 secrets.keys = [{ 27 secrets.keys = [{
24 dest = "webapps/prod-richie"; 28 dest = "websites/richie/production";
25 user = "wwwrun"; 29 user = apacheUser;
26 group = "wwwrun"; 30 group = apacheGroup;
27 permissions = "0400"; 31 permissions = "0400";
28 text = with config.myEnv.websites.richie; '' 32 text = with config.myEnv.websites.richie; ''
29 <?php 33 <?php
@@ -40,31 +44,31 @@ in
40 ?> 44 ?>
41 ''; 45 '';
42 }]; 46 }];
43 myServices.websites.webappDirs.richie_production = richieSrc; 47 services.websites.webappDirs.richie_production = richieSrc;
44 system.activationScripts.richie_production = { 48 system.activationScripts.richie_production = {
45 deps = [ "httpd" ]; 49 deps = [ "httpd" ];
46 text = '' 50 text = ''
47 install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/richie_production 51 install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/richie_production
48 install -m 0755 -o wwwrun -g wwwrun -d ${vardir} 52 install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${vardir}
49 ''; 53 '';
50 }; 54 };
51 services.phpfpm.pools.richie_production = { 55 services.phpfpm.pools.richie_production = {
52 user = "wwwrun"; 56 user = apacheUser;
53 group = "wwwrun"; 57 group = apacheGroup;
54 settings = { 58 settings = {
55 "listen.owner" = "wwwrun"; 59 "listen.owner" = apacheUser;
56 "listen.group" = "wwwrun"; 60 "listen.group" = apacheGroup;
57 61
58 "pm" = "ondemand"; 62 "pm" = "ondemand";
59 "pm.max_children" = "5"; 63 "pm.max_children" = "5";
60 "pm.process_idle_timeout" = "60"; 64 "pm.process_idle_timeout" = "60";
61 65
62 "php_admin_value[open_basedir]" = "${vardir}:/var/lib/php/sessions/richie_production:/var/secrets/webapps/prod-richie:${richieSrc}:/tmp"; 66 "php_admin_value[open_basedir]" = "${vardir}:/var/lib/php/sessions/richie_production:${secretPath}:${richieSrc}:/tmp";
63 "php_admin_value[session.save_path]" = "/var/lib/php/sessions/richie_production"; 67 "php_admin_value[session.save_path]" = "/var/lib/php/sessions/richie_production";
64 }; 68 };
65 phpEnv = { 69 phpEnv = {
66 PATH = "/run/current-system/sw/bin:${lib.makeBinPath [ pkgs.imagemagick ]}"; 70 PATH = "/run/current-system/sw/bin:${lib.makeBinPath [ pkgs.imagemagick ]}";
67 BDD_CONNECT = "/var/secrets/webapps/prod-richie"; 71 BDD_CONNECT = secretPath;
68 }; 72 };
69 phpOptions = config.services.phpfpm.phpOptions + '' 73 phpOptions = config.services.phpfpm.phpOptions + ''
70 date.timezone = 'Europe/Paris' 74 date.timezone = 'Europe/Paris'
@@ -77,7 +81,7 @@ in
77 addToCerts = true; 81 addToCerts = true;
78 certMainHost = "europe-richie.org"; 82 certMainHost = "europe-richie.org";
79 hosts = [ "europe-richie.org" "www.europe-richie.org" ]; 83 hosts = [ "europe-richie.org" "www.europe-richie.org" ];
80 root = "/run/current-system/webapps/richie_production"; 84 root = webappdir;
81 extraConfig = [ 85 extraConfig = [
82 '' 86 ''
83 Use Stats europe-richie.org 87 Use Stats europe-richie.org
@@ -85,7 +89,7 @@ in
85 <LocationMatch "^/files/.*/admin/"> 89 <LocationMatch "^/files/.*/admin/">
86 Require all denied 90 Require all denied
87 </LocationMatch> 91 </LocationMatch>
88 <Directory /run/current-system/webapps/richie_production> 92 <Directory ${webappdir}>
89 DirectoryIndex index.php index.htm index.html 93 DirectoryIndex index.php index.htm index.html
90 Options Indexes FollowSymLinks MultiViews Includes 94 Options Indexes FollowSymLinks MultiViews Includes
91 AllowOverride None 95 AllowOverride None
diff --git a/modules/private/websites/emilia/richie.json b/modules/private/websites/richie/richie.json
index f51d8c1..f51d8c1 100644
--- a/modules/private/websites/emilia/richie.json
+++ b/modules/private/websites/richie/richie.json
diff --git a/modules/private/websites/syden/peertube.nix b/modules/private/websites/syden/peertube.nix
index 2ad7217..e659875 100644
--- a/modules/private/websites/syden/peertube.nix
+++ b/modules/private/websites/syden/peertube.nix
@@ -23,7 +23,7 @@ in
23 users.groups.peertube.gid = config.ids.gids.peertube; 23 users.groups.peertube.gid = config.ids.gids.peertube;
24 24
25 secrets.keys = [{ 25 secrets.keys = [{
26 dest = "webapps/syden-peertube"; 26 dest = "websites/syden/peertube";
27 user = "peertube"; 27 user = "peertube";
28 group = "peertube"; 28 group = "peertube";
29 permissions = "0640"; 29 permissions = "0640";
@@ -69,7 +69,7 @@ in
69 69
70 services.filesWatcher.syden_peertube = { 70 services.filesWatcher.syden_peertube = {
71 restart = true; 71 restart = true;
72 paths = [ "/var/secrets/webapps/syden-peertube" ]; 72 paths = [ config.secrets.fullPaths."websites/syden/peertube" ];
73 }; 73 };
74 74
75 systemd.services.syden_peertube = { 75 systemd.services.syden_peertube = {
@@ -86,7 +86,7 @@ in
86 86
87 script = '' 87 script = ''
88 install -m 0750 -d ${dataDir}/config 88 install -m 0750 -d ${dataDir}/config
89 ln -sf /var/secrets/webapps/syden-peertube ${dataDir}/config/production.yaml 89 ln -sf ${config.secrets.fullPaths."websites/syden/peertube"} ${dataDir}/config/production.yaml
90 ln -sf ${package}/config/default.yaml ${dataDir}/config/default.yaml 90 ln -sf ${package}/config/default.yaml ${dataDir}/config/default.yaml
91 exec npm run start 91 exec npm run start
92 ''; 92 '';
@@ -109,11 +109,12 @@ in
109 }; 109 };
110 110
111 services.websites.env.production.vhostConfs.syden_peertube = { 111 services.websites.env.production.vhostConfs.syden_peertube = {
112 certName = "eldiron"; 112 certName = "syden";
113 addToCerts = true; 113 addToCerts = true;
114 hosts = [ "syden.immae.eu" ]; 114 certMainHost = "syden.immae.eu";
115 root = null; 115 hosts = [ "syden.immae.eu" ];
116 extraConfig = [ '' 116 root = null;
117 extraConfig = [ ''
117 RewriteEngine On 118 RewriteEngine On
118 119
119 RewriteCond %{REQUEST_URI} ^/socket.io [NC] 120 RewriteCond %{REQUEST_URI} ^/socket.io [NC]
diff --git a/modules/private/websites/teliotortay/production.nix b/modules/private/websites/telio_tortay/production.nix
index 62762ec..130f4db 100644
--- a/modules/private/websites/teliotortay/production.nix
+++ b/modules/private/websites/telio_tortay/production.nix
@@ -1,39 +1,41 @@
1{ lib, pkgs, config, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; }; 3 adminer = pkgs.callPackage ../commons/adminer.nix { inherit config; };
4 cfg = config.myServices.websites.telioTortay.production; 4 cfg = config.myServices.websites.telio_tortay.production;
5 varDir = "/var/lib/ftp/telio_tortay"; 5 varDir = "/var/lib/ftp/telio_tortay";
6 env = config.myEnv.websites.telioTortay; 6 env = config.myEnv.websites.telio_tortay;
7 apacheUser = config.services.httpd.Prod.user;
8 apacheGroup = config.services.httpd.Prod.group;
7in { 9in {
8 options.myServices.websites.telioTortay.production.enable = lib.mkEnableOption "enable Telio Tortay's website"; 10 options.myServices.websites.telio_tortay.production.enable = lib.mkEnableOption "enable Telio Tortay's website";
9 11
10 config = lib.mkIf cfg.enable { 12 config = lib.mkIf cfg.enable {
11 services.webstats.sites = [ { name = "telio-tortay.immae.eu"; } ]; 13 services.webstats.sites = [ { name = "telio-tortay.immae.eu"; } ];
12 14
13 security.acme.certs."ftp".extraDomains."telio-tortay.immae.eu" = null; 15 security.acme.certs."ftp".extraDomains."telio-tortay.immae.eu" = null;
14 16
15 system.activationScripts.telio-tortay = { 17 system.activationScripts.telio_tortay = {
16 deps = [ "httpd" ]; 18 deps = [ "httpd" ];
17 text = '' 19 text = ''
18 install -m 0755 -o wwwrun -g wwwrun -d /var/lib/ftp/telio_tortay/logs 20 install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/ftp/telio_tortay/logs
19 install -m 0755 -o wwwrun -g wwwrun -d /var/lib/php/sessions/telio-tortay 21 install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/telio_tortay
20 ''; 22 '';
21 }; 23 };
22 systemd.services.phpfpm-telio-tortay.after = lib.mkAfter [ "mysql.service" ]; 24 systemd.services.phpfpm-telio_tortay.after = lib.mkAfter [ "mysql.service" ];
23 systemd.services.phpfpm-telio-tortay.wants = [ "mysql.service" ]; 25 systemd.services.phpfpm-telio_tortay.wants = [ "mysql.service" ];
24 services.phpfpm.pools.telio-tortay = { 26 services.phpfpm.pools.telio_tortay = {
25 user = "wwwrun"; 27 user = apacheUser;
26 group = "wwwrun"; 28 group = apacheGroup;
27 settings = { 29 settings = {
28 "listen.owner" = "wwwrun"; 30 "listen.owner" = apacheUser;
29 "listen.group" = "wwwrun"; 31 "listen.group" = apacheGroup;
30 32
31 "pm" = "ondemand"; 33 "pm" = "ondemand";
32 "pm.max_children" = "5"; 34 "pm.max_children" = "5";
33 "pm.process_idle_timeout" = "60"; 35 "pm.process_idle_timeout" = "60";
34 36
35 "php_admin_value[open_basedir]" = "/var/lib/php/sessions/telio-tortay:${varDir}:/tmp"; 37 "php_admin_value[open_basedir]" = "/var/lib/php/sessions/telio_tortay:${varDir}:/tmp";
36 "php_admin_value[session.save_path]" = "/var/lib/php/sessions/telio-tortay"; 38 "php_admin_value[session.save_path]" = "/var/lib/php/sessions/telio_tortay";
37 }; 39 };
38 phpOptions = config.services.phpfpm.phpOptions + '' 40 phpOptions = config.services.phpfpm.phpOptions + ''
39 disable_functions = "mail" 41 disable_functions = "mail"
@@ -41,8 +43,8 @@ in {
41 ''; 43 '';
42 }; 44 };
43 services.websites.env.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ]; 45 services.websites.env.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ];
44 services.websites.env.production.vhostConfs.telio-tortay = { 46 services.websites.env.production.vhostConfs.telio_tortay = {
45 certName = "telio-tortay"; 47 certName = "telio_tortay";
46 certMainHost = "telio-tortay.immae.eu"; 48 certMainHost = "telio-tortay.immae.eu";
47 hosts = ["telio-tortay.immae.eu" "realistesmedia.fr" "www.realistesmedia.fr" ]; 49 hosts = ["telio-tortay.immae.eu" "realistesmedia.fr" "www.realistesmedia.fr" ];
48 root = varDir; 50 root = varDir;
@@ -55,7 +57,7 @@ in {
55 CustomLog "${varDir}/logs/access_log" combined 57 CustomLog "${varDir}/logs/access_log" combined
56 58
57 <FilesMatch "\.php$"> 59 <FilesMatch "\.php$">
58 SetHandler "proxy:unix:${config.services.phpfpm.pools.telio-tortay.socket}|fcgi://localhost" 60 SetHandler "proxy:unix:${config.services.phpfpm.pools.telio_tortay.socket}|fcgi://localhost"
59 </FilesMatch> 61 </FilesMatch>
60 62
61 <Directory ${varDir}/logs> 63 <Directory ${varDir}/logs>
diff --git a/modules/private/websites/tools/dav/default.nix b/modules/private/websites/tools/dav/default.nix
index 30a562c..14e4069 100644
--- a/modules/private/websites/tools/dav/default.nix
+++ b/modules/private/websites/tools/dav/default.nix
@@ -50,9 +50,9 @@ in {
50 }; 50 };
51 }; 51 };
52 52
53 myServices.websites.webappDirs._dav = ./www; 53 services.websites.webappDirs._dav = ./www;
54 myServices.websites.webappDirs."${davical.apache.webappName}" = davical.webRoot; 54 services.websites.webappDirs."${davical.apache.webappName}" = davical.webRoot;
55 myServices.websites.webappDirs."${infcloud.webappName}" = pkgs.webapps.infcloud; 55 services.websites.webappDirs."${infcloud.webappName}" = pkgs.webapps.infcloud;
56 }; 56 };
57} 57}
58 58
diff --git a/modules/private/websites/tools/git/default.nix b/modules/private/websites/tools/git/default.nix
index 56e4401..55f9ecb 100644
--- a/modules/private/websites/tools/git/default.nix
+++ b/modules/private/websites/tools/git/default.nix
@@ -19,8 +19,8 @@ in {
19 services.websites.env.tools.modules = 19 services.websites.env.tools.modules =
20 gitweb.apache.modules ++ 20 gitweb.apache.modules ++
21 mantisbt.apache.modules; 21 mantisbt.apache.modules;
22 myServices.websites.webappDirs."${gitweb.apache.webappName}" = gitweb.webRoot; 22 services.websites.webappDirs."${gitweb.apache.webappName}" = gitweb.webRoot;
23 myServices.websites.webappDirs."${mantisbt.apache.webappName}" = mantisbt.webRoot; 23 services.websites.webappDirs."${mantisbt.apache.webappName}" = mantisbt.webRoot;
24 24
25 system.activationScripts.mantisbt = mantisbt.activationScript; 25 system.activationScripts.mantisbt = mantisbt.activationScript;
26 services.websites.env.tools.vhostConfs.git = { 26 services.websites.env.tools.vhostConfs.git = {
diff --git a/modules/private/websites/tools/mail/default.nix b/modules/private/websites/tools/mail/default.nix
index 1f7f7bf..dda2d45 100644
--- a/modules/private/websites/tools/mail/default.nix
+++ b/modules/private/websites/tools/mail/default.nix
@@ -72,7 +72,7 @@ in
72 rainloop = rainloop.activationScript; 72 rainloop = rainloop.activationScript;
73 }; 73 };
74 74
75 myServices.websites.webappDirs = { 75 services.websites.webappDirs = {
76 _mail = ./www; 76 _mail = ./www;
77 "${roundcubemail.apache.webappName}" = roundcubemail.webRoot; 77 "${roundcubemail.apache.webappName}" = roundcubemail.webRoot;
78 "${rainloop.apache.webappName}" = rainloop.webRoot; 78 "${rainloop.apache.webappName}" = rainloop.webRoot;
diff --git a/modules/private/websites/tools/mail/mta-sts.nix b/modules/private/websites/tools/mail/mta-sts.nix
index ed3fce8..c5d4306 100644
--- a/modules/private/websites/tools/mail/mta-sts.nix
+++ b/modules/private/websites/tools/mail/mta-sts.nix
@@ -34,7 +34,7 @@ let
34in 34in
35{ 35{
36 config = lib.mkIf cfg.enable { 36 config = lib.mkIf cfg.enable {
37 myServices.websites.webappDirs = { 37 services.websites.webappDirs = {
38 _mta-sts = root; 38 _mta-sts = root;
39 }; 39 };
40 40
diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix
index d88763c..be2ee75 100644
--- a/modules/private/websites/tools/tools/default.nix
+++ b/modules/private/websites/tools/tools/default.nix
@@ -335,7 +335,7 @@ in {
335 ldap = ldap.activationScript; 335 ldap = ldap.activationScript;
336 }; 336 };
337 337
338 myServices.websites.webappDirs = { 338 services.websites.webappDirs = {
339 _adminer = adminer.webRoot; 339 _adminer = adminer.webRoot;
340 "${dokuwiki.apache.webappName}" = dokuwiki.webRoot; 340 "${dokuwiki.apache.webappName}" = dokuwiki.webRoot;
341 "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs"; 341 "${ldap.apache.webappName}" = "${ldap.webRoot}/htdocs";
diff --git a/modules/private/websites/tools/vpn/default.nix b/modules/private/websites/tools/vpn/default.nix
index cfe010c..4398a60 100644
--- a/modules/private/websites/tools/vpn/default.nix
+++ b/modules/private/websites/tools/vpn/default.nix
@@ -10,6 +10,6 @@ in {
10 root = "/run/current-system/webapps/_vpn"; 10 root = "/run/current-system/webapps/_vpn";
11 }; 11 };
12 12
13 myServices.websites.webappDirs._vpn = ./www; 13 services.websites.webappDirs._vpn = ./www;
14 }; 14 };
15} 15}
diff --git a/pkgs/default.nix b/pkgs/default.nix
index b02c63e..14d3ed6 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -45,7 +45,7 @@ rec {
45 bitlbee-mastodon = callPackage ./bitlbee-mastodon {}; 45 bitlbee-mastodon = callPackage ./bitlbee-mastodon {};
46 46
47 composerEnv = callPackage ./composer-env {}; 47 composerEnv = callPackage ./composer-env {};
48 webapps = callPackage ./webapps { inherit mylibs composerEnv private; }; 48 webapps = callPackage ./webapps { inherit mylibs composerEnv; };
49 49
50 monitoring-plugins = callPackage ./monitoring-plugins {}; 50 monitoring-plugins = callPackage ./monitoring-plugins {};
51 naemon = callPackage ./naemon { inherit mylibs monitoring-plugins; }; 51 naemon = callPackage ./naemon { inherit mylibs monitoring-plugins; };
@@ -54,10 +54,6 @@ rec {
54 simp_le_0_17 = callPackage ./simp_le {}; 54 simp_le_0_17 = callPackage ./simp_le {};
55 certbot = callPackage ./certbot {}; 55 certbot = callPackage ./certbot {};
56 56
57 private = if builtins.pathExists (./. + "/private")
58 then import ./private { inherit pkgs; }
59 else { webapps = {}; };
60
61 python3PackagesPlus = callPackage ./python-packages { 57 python3PackagesPlus = callPackage ./python-packages {
62 python = python3; 58 python = python3;
63 inherit mylibs; 59 inherit mylibs;
diff --git a/pkgs/private/default.nix b/pkgs/private/default.nix
deleted file mode 100644
index 1abdd29..0000000
--- a/pkgs/private/default.nix
+++ /dev/null
@@ -1,12 +0,0 @@
1{ pkgs }:
2with pkgs;
3let
4 mylibs = import ../../lib { inherit pkgs; };
5in
6rec {
7 webapps = callPackage ./webapps {
8 inherit mylibs;
9 inherit (pkgs) composerEnv;
10 inherit (pkgs.webapps) spip;
11 };
12}
diff --git a/pkgs/private/webapps/apache-default/default.nix b/pkgs/private/webapps/apache-default/default.nix
deleted file mode 100644
index 92f558e..0000000
--- a/pkgs/private/webapps/apache-default/default.nix
+++ /dev/null
@@ -1,21 +0,0 @@
1{ www_root ? null }:
2rec {
3 www = ./www;
4 apacheConfig = let
5 www_root' = if isNull www_root then www else www_root;
6 in ''
7 ErrorDocument 500 /maintenance_immae.html
8 ErrorDocument 501 /maintenance_immae.html
9 ErrorDocument 502 /maintenance_immae.html
10 ErrorDocument 503 /maintenance_immae.html
11 ErrorDocument 504 /maintenance_immae.html
12 Alias /maintenance_immae.html ${www_root'}/maintenance_immae.html
13 ProxyPass /maintenance_immae.html !
14
15 AliasMatch "(.*)/googleb6d69446ff4ca3e5.html" ${www_root'}/googleb6d69446ff4ca3e5.html
16 <Directory ${www_root'}>
17 AllowOverride None
18 Require all granted
19 </Directory>
20 '';
21}
diff --git a/pkgs/private/webapps/default.nix b/pkgs/private/webapps/default.nix
deleted file mode 100644
index 12b690b..0000000
--- a/pkgs/private/webapps/default.nix
+++ /dev/null
@@ -1,12 +0,0 @@
1{ callPackage, mylibs, composerEnv, lib, spip }:
2rec {
3 apache-default = callPackage ./apache-default {};
4
5 aten = callPackage ./aten { inherit composerEnv mylibs; };
6 chloe = callPackage ./chloe { inherit mylibs spip; };
7 iridologie = callPackage ./iridologie { inherit mylibs spip; };
8 connexionswing = callPackage ./connexionswing { inherit composerEnv mylibs;};
9 ludivinecassal = callPackage ./ludivinecassal { inherit composerEnv mylibs; };
10 piedsjaloux = callPackage ./piedsjaloux { inherit composerEnv mylibs; };
11 tellesflorian = callPackage ./tellesflorian { inherit composerEnv mylibs; };
12}
diff --git a/pkgs/webapps/default.nix b/pkgs/webapps/default.nix
index 2f4d739..8cc252d 100644
--- a/pkgs/webapps/default.nix
+++ b/pkgs/webapps/default.nix
@@ -1,4 +1,4 @@
1{ callPackage, mylibs, composerEnv, lib, private }: 1{ callPackage, mylibs, composerEnv, lib }:
2rec { 2rec {
3 adminer = callPackage ./adminer {}; 3 adminer = callPackage ./adminer {};
4 apache-theme = callPackage ./apache-theme {}; 4 apache-theme = callPackage ./apache-theme {};
@@ -113,4 +113,4 @@ rec {
113 in 113 in
114 lib.attrsets.genAttrs names 114 lib.attrsets.genAttrs names
115 (name: callPackage (./yourls/plugins + "/${name}") { inherit mylibs; }); 115 (name: callPackage (./yourls/plugins + "/${name}") { inherit mylibs; });
116} // private.webapps 116}