diff options
Diffstat (limited to 'nixops/modules/websites/tellesflorian')
-rw-r--r-- | nixops/modules/websites/tellesflorian/default.nix | 1 | ||||
-rw-r--r-- | nixops/modules/websites/tellesflorian/tellesflorian.nix | 25 |
2 files changed, 19 insertions, 7 deletions
diff --git a/nixops/modules/websites/tellesflorian/default.nix b/nixops/modules/websites/tellesflorian/default.nix index 389c491..97931b9 100644 --- a/nixops/modules/websites/tellesflorian/default.nix +++ b/nixops/modules/websites/tellesflorian/default.nix | |||
@@ -16,6 +16,7 @@ in { | |||
16 | }; | 16 | }; |
17 | 17 | ||
18 | config = lib.mkIf cfg.integration.enable { | 18 | config = lib.mkIf cfg.integration.enable { |
19 | deployment.keys = tellesflorian_dev.keys; | ||
19 | security.acme.certs."eldiron".extraDomains."app.tellesflorian.com" = null; | 20 | security.acme.certs."eldiron".extraDomains."app.tellesflorian.com" = null; |
20 | services.myPhpfpm.poolConfigs.tellesflorian_dev = tellesflorian_dev.phpFpm.pool; | 21 | services.myPhpfpm.poolConfigs.tellesflorian_dev = tellesflorian_dev.phpFpm.pool; |
21 | system.activationScripts.tellesflorian_dev = tellesflorian_dev.activationScript; | 22 | system.activationScripts.tellesflorian_dev = tellesflorian_dev.activationScript; |
diff --git a/nixops/modules/websites/tellesflorian/tellesflorian.nix b/nixops/modules/websites/tellesflorian/tellesflorian.nix index e421581..4c76a76 100644 --- a/nixops/modules/websites/tellesflorian/tellesflorian.nix +++ b/nixops/modules/websites/tellesflorian/tellesflorian.nix | |||
@@ -3,8 +3,12 @@ let | |||
3 | tellesflorian = { config }: rec { | 3 | tellesflorian = { config }: rec { |
4 | environment = config.environment; | 4 | environment = config.environment; |
5 | varDir = "/var/lib/tellesflorian_${environment}"; | 5 | varDir = "/var/lib/tellesflorian_${environment}"; |
6 | configRoot = | 6 | keys."${environment}-tellesflorian" = { |
7 | writeText "parameters.yml" '' | 7 | destDir = "/run/keys/webapps"; |
8 | user = apache.user; | ||
9 | group = apache.group; | ||
10 | permissions = "0700"; | ||
11 | text = '' | ||
8 | # This file is auto-generated during the composer install | 12 | # This file is auto-generated during the composer install |
9 | parameters: | 13 | parameters: |
10 | database_host: ${config.mysql.host} | 14 | database_host: ${config.mysql.host} |
@@ -18,6 +22,7 @@ let | |||
18 | mailer_password: null | 22 | mailer_password: null |
19 | secret: ${config.secret} | 23 | secret: ${config.secret} |
20 | ''; | 24 | ''; |
25 | }; | ||
21 | phpFpm = rec { | 26 | phpFpm = rec { |
22 | socket = "/var/run/phpfpm/floriantelles-${environment}.sock"; | 27 | socket = "/var/run/phpfpm/floriantelles-${environment}.sock"; |
23 | pool = '' | 28 | pool = '' |
@@ -29,7 +34,7 @@ let | |||
29 | php_admin_value[upload_max_filesize] = 20M | 34 | php_admin_value[upload_max_filesize] = 20M |
30 | php_admin_value[post_max_size] = 20M | 35 | php_admin_value[post_max_size] = 20M |
31 | ;php_admin_flag[log_errors] = on | 36 | ;php_admin_flag[log_errors] = on |
32 | php_admin_value[open_basedir] = "${configRoot}:${webappDir}:${varDir}:/tmp" | 37 | php_admin_value[open_basedir] = "/run/keys/webapps/${environment}-tellesflorian:${webappDir}:${varDir}:/tmp" |
33 | php_admin_value[session.save_path] = "${varDir}/phpSessions" | 38 | php_admin_value[session.save_path] = "${varDir}/phpSessions" |
34 | ${if environment == "dev" then '' | 39 | ${if environment == "dev" then '' |
35 | pm = ondemand | 40 | pm = ondemand |
@@ -44,9 +49,15 @@ let | |||
44 | pm.max_spare_servers = 3 | 49 | pm.max_spare_servers = 3 |
45 | ''}''; | 50 | ''}''; |
46 | }; | 51 | }; |
47 | passwords = writeText "tellesflorian_passwords" '' | 52 | keys."${environment}-tellesflorian-passwords" = { |
48 | invite:${config.invite_passwords} | 53 | destDir = "/run/keys/webapps"; |
54 | user = apache.user; | ||
55 | group = apache.group; | ||
56 | permissions = "0700"; | ||
57 | text = '' | ||
58 | invite:${config.invite_passwords} | ||
49 | ''; | 59 | ''; |
60 | }; | ||
50 | apache = rec { | 61 | apache = rec { |
51 | user = "wwwrun"; | 62 | user = "wwwrun"; |
52 | group = "wwwrun"; | 63 | group = "wwwrun"; |
@@ -64,7 +75,7 @@ let | |||
64 | Use LDAPConnect | 75 | Use LDAPConnect |
65 | Require ldap-group cn=app.tellesflorian.com,cn=httpd,ou=services,dc=immae,dc=eu | 76 | Require ldap-group cn=app.tellesflorian.com,cn=httpd,ou=services,dc=immae,dc=eu |
66 | 77 | ||
67 | AuthUserFile "${passwords}" | 78 | AuthUserFile "/run/keys/webapps/${environment}-tellesflorian-passwords" |
68 | Require user "invite" | 79 | Require user "invite" |
69 | 80 | ||
70 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://tellesflorian.com\"></html>" | 81 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://tellesflorian.com\"></html>" |
@@ -145,7 +156,7 @@ let | |||
145 | postInstall = '' | 156 | postInstall = '' |
146 | cd $out | 157 | cd $out |
147 | rm app/config/parameters.yml | 158 | rm app/config/parameters.yml |
148 | ln -sf ${configRoot} app/config/parameters.yml | 159 | ln -sf /run/keys/webapps/${environment}-tellesflorian app/config/parameters.yml |
149 | rm -rf var/{logs,cache} | 160 | rm -rf var/{logs,cache} |
150 | ln -sf ${varDir}/var/{logs,cache,sessions} var/ | 161 | ln -sf ${varDir}/var/{logs,cache,sessions} var/ |
151 | ''; | 162 | ''; |