1 files changed, 67 insertions, 22 deletions
diff --git a/modules/private/websites/aten/production.nix b/modules/private/websites/aten/production.nix
index 0fab309..21ecdcf 100644
--- a/modules/private/websites/aten/production.nix
+++ b/modules/private/websites/aten/production.nix
@@ -1,36 +1,81 @@
 { lib, pkgs, config, myconfig,  ... }:
 let
-  aten = pkgs.callPackage ./builder.nix {
+  secrets = myconfig.env.websites.aten.production;
-    inherit (pkgs.webapps) aten;
+  app = pkgs.webapps.aten.override { environment = secrets.environment; };
-    config = myconfig.env.websites.aten.production;
-    apacheUser = config.services.httpd.Prod.user;
-    apacheGroup = config.services.httpd.Prod.group;
-  };
  cfg = config.myServices.websites.aten.production;
+  pcfg = config.services.phpApplication;
 in {
  options.myServices.websites.aten.production.enable = lib.mkEnableOption "enable Aten's website in production";
  config = lib.mkIf cfg.enable {
-    secrets.keys = aten.keys;
    services.webstats.sites = [ { name = "aten.pro"; } ];
+    services.phpApplication.apps.aten_prod = {
+      websiteEnv = "production";
+      httpdUser = config.services.httpd.Prod.user;
+      httpdGroup = config.services.httpd.Prod.group;
+      httpdWatchFiles = [
+        config.secrets.fullPaths."webapps/${app.environment}-aten"
+      ];
+      inherit (app) webRoot varDir;
+      inherit app;
+      serviceDeps = [ "postgresql.service" ];
+      preStartActions = [
+        "APP_ENV=${app.environment} ./bin/console --env=${app.environment} cache:clear --no-warmup"
+      ];
+      phpOpenbasedir = [ "/tmp" ];
+      phpPool = ''
+        php_admin_value[upload_max_filesize] = 20M
+        php_admin_value[post_max_size] = 20M
+        ;php_admin_flag[log_errors] = on
+        pm = dynamic
+        pm.max_children = 20
+        pm.start_servers = 2
+        pm.min_spare_servers = 1
+        pm.max_spare_servers = 3
+      '';
+    };
-    systemd.services.phpfpm-aten_prod.preStart = lib.mkAfter aten.phpFpm.preStart;
+    secrets.keys = [{
-    systemd.services.phpfpm-aten_prod.after = lib.mkAfter aten.phpFpm.serviceDeps;
+      dest = "webapps/${app.environment}-aten";
-    systemd.services.phpfpm-aten_prod.wants = aten.phpFpm.serviceDeps;
+      user = config.services.httpd.Prod.user;
-    services.phpfpm.poolConfigs.aten_prod = aten.phpFpm.pool;
+      group = config.services.httpd.Prod.user;
-    system.activationScripts.aten_prod = aten.activationScript;
+      permissions = "0400";
-    myServices.websites.webappDirs."${aten.apache.webappName}" = aten.app.webRoot;
+      text = ''
-    services.websites.env.production.modules = aten.apache.modules;
+        SetEnv APP_ENV      "${app.environment}"
-    services.websites.env.production.vhostConfs.aten = {
+        SetEnv APP_SECRET   "${secrets.secret}"
+        SetEnv DATABASE_URL "${secrets.psql_url}"
+        '';
+    }];
+    services.websites.env.production.vhostConfs.aten_prod = {
      certName     = "aten";
      certMainHost = "aten.pro";
-      hosts        = [ "aten.pro" "www.aten.pro" ];
+      hosts       = [ "aten.pro" "www.aten.pro" ];
-      root         = aten.apache.root;
+      root        = pcfg.webappDirs.aten_prod;
-      extraConfig  = [ aten.apache.vhostConf ];
+      extraConfig = [
+        ''
+        <FilesMatch "\.php$">
+          SetHandler "proxy:unix:${pcfg.phpListenPaths.aten_prod}|fcgi://localhost"
+        </FilesMatch>
+        Include ${config.secrets.fullPaths."webapps/${app.environment}-aten"}
+        Use Stats aten.pro
+        <Location /backend>
+          Use LDAPConnect
+          Require ldap-group   cn=aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
+          ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
+        </Location>
+        <Directory ${pcfg.webappDirs.aten_prod}>
+          Options Indexes FollowSymLinks MultiViews Includes
+          AllowOverride All
+          Require all granted
+          DirectoryIndex index.php
+          FallbackResource /index.php
+        </Directory>
+        ''
+      ];
    };
-    services.websites.env.production.watchPaths = [
-      "/var/secrets/webapps/${aten.app.environment}-aten"
-    ];
  };
 }

diff --git a/modules/private/websites/aten/production.nix b/modules/private/websites/aten/production.nix index 0fab309..21ecdcf 100644 --- a/modules/private/websites/aten/production.nix +++ b/modules/private/websites/aten/production.nix
@@ -1,36 +1,81 @@
1	{ lib, pkgs, config, myconfig, ... }:	1	{ lib, pkgs, config, myconfig, ... }:
2	let	2	let
3	aten = pkgs.callPackage ./builder.nix {	3	secrets = myconfig.env.websites.aten.production;
4	inherit (pkgs.webapps) aten;	4	app = pkgs.webapps.aten.override { environment = secrets.environment; };
5	config = myconfig.env.websites.aten.production;
6	apacheUser = config.services.httpd.Prod.user;
7	apacheGroup = config.services.httpd.Prod.group;
8	};
9
10	cfg = config.myServices.websites.aten.production;	5	cfg = config.myServices.websites.aten.production;
		6	pcfg = config.services.phpApplication;
11	in {	7	in {
12	options.myServices.websites.aten.production.enable = lib.mkEnableOption "enable Aten's website in production";	8	options.myServices.websites.aten.production.enable = lib.mkEnableOption "enable Aten's website in production";
13		9
14	config = lib.mkIf cfg.enable {	10	config = lib.mkIf cfg.enable {
15	secrets.keys = aten.keys;
16	services.webstats.sites = [ { name = "aten.pro"; } ];	11	services.webstats.sites = [ { name = "aten.pro"; } ];
		12	services.phpApplication.apps.aten_prod = {
		13	websiteEnv = "production";
		14	httpdUser = config.services.httpd.Prod.user;
		15	httpdGroup = config.services.httpd.Prod.group;
		16	httpdWatchFiles = [
		17	config.secrets.fullPaths."webapps/${app.environment}-aten"
		18	];
		19	inherit (app) webRoot varDir;
		20	inherit app;
		21	serviceDeps = [ "postgresql.service" ];
		22	preStartActions = [
		23	"APP_ENV=${app.environment} ./bin/console --env=${app.environment} cache:clear --no-warmup"
		24	];
		25	phpOpenbasedir = [ "/tmp" ];
		26	phpPool = ''
		27	php_admin_value[upload_max_filesize] = 20M
		28	php_admin_value[post_max_size] = 20M
		29	;php_admin_flag[log_errors] = on
		30	pm = dynamic
		31	pm.max_children = 20
		32	pm.start_servers = 2
		33	pm.min_spare_servers = 1
		34	pm.max_spare_servers = 3
		35	'';
		36	};
17		37
18	systemd.services.phpfpm-aten_prod.preStart = lib.mkAfter aten.phpFpm.preStart;	38	secrets.keys = [{
19	systemd.services.phpfpm-aten_prod.after = lib.mkAfter aten.phpFpm.serviceDeps;	39	dest = "webapps/${app.environment}-aten";
20	systemd.services.phpfpm-aten_prod.wants = aten.phpFpm.serviceDeps;	40	user = config.services.httpd.Prod.user;
21	services.phpfpm.poolConfigs.aten_prod = aten.phpFpm.pool;	41	group = config.services.httpd.Prod.user;
22	system.activationScripts.aten_prod = aten.activationScript;	42	permissions = "0400";
23	myServices.websites.webappDirs."${aten.apache.webappName}" = aten.app.webRoot;	43	text = ''
24	services.websites.env.production.modules = aten.apache.modules;	44	SetEnv APP_ENV "${app.environment}"
25	services.websites.env.production.vhostConfs.aten = {	45	SetEnv APP_SECRET "${secrets.secret}"
		46	SetEnv DATABASE_URL "${secrets.psql_url}"
		47	'';
		48	}];
		49	services.websites.env.production.vhostConfs.aten_prod = {
26	certName = "aten";	50	certName = "aten";
27	certMainHost = "aten.pro";	51	certMainHost = "aten.pro";
28	hosts = [ "aten.pro" "www.aten.pro" ];	52	hosts = [ "aten.pro" "www.aten.pro" ];
29	root = aten.apache.root;	53	root = pcfg.webappDirs.aten_prod;
30	extraConfig = [ aten.apache.vhostConf ];	54	extraConfig = [
		55	''
		56	<FilesMatch "\.php$">
		57	SetHandler "proxy:unix:${pcfg.phpListenPaths.aten_prod}\|fcgi://localhost"
		58	</FilesMatch>
		59
		60	Include ${config.secrets.fullPaths."webapps/${app.environment}-aten"}
		61
		62	Use Stats aten.pro
		63
		64	<Location /backend>
		65	Use LDAPConnect
		66	Require ldap-group cn=aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
		67	ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
		68	</Location>
		69
		70	<Directory ${pcfg.webappDirs.aten_prod}>
		71	Options Indexes FollowSymLinks MultiViews Includes
		72	AllowOverride All
		73	Require all granted
		74	DirectoryIndex index.php
		75	FallbackResource /index.php
		76	</Directory>
		77	''
		78	];
31	};	79	};
32	services.websites.env.production.watchPaths = [
33	"/var/secrets/webapps/${aten.app.environment}-aten"
34	];
35	};	80	};
36	}	81	}