aboutsummaryrefslogtreecommitdiff
path: root/nixops
diff options
context:
space:
mode:
Diffstat (limited to 'nixops')
-rw-r--r--nixops/modules/websites/aten/aten.nix104
-rw-r--r--nixops/modules/websites/aten/default.nix66
-rw-r--r--nixops/modules/websites/capitaines/default.nix51
-rw-r--r--nixops/modules/websites/capitaines/mastodon_static/index.html29
-rw-r--r--nixops/modules/websites/capitaines/mastodon_static/oops.pngbin120305 -> 0 bytes
-rw-r--r--nixops/modules/websites/chloe/chloe.nix105
-rw-r--r--nixops/modules/websites/chloe/chloe_config_dev/chmod.php4
-rw-r--r--nixops/modules/websites/chloe/chloe_config_dev/connect.php15
-rw-r--r--nixops/modules/websites/chloe/chloe_config_dev/ldap.php9
-rw-r--r--nixops/modules/websites/chloe/chloe_config_prod/chmod.php4
-rw-r--r--nixops/modules/websites/chloe/chloe_config_prod/connect.php15
-rw-r--r--nixops/modules/websites/chloe/chloe_config_prod/ldap.php9
-rw-r--r--nixops/modules/websites/chloe/default.nix69
-rw-r--r--nixops/modules/websites/connexionswing/connexionswing.nix166
-rw-r--r--nixops/modules/websites/connexionswing/default.nix68
-rw-r--r--nixops/modules/websites/default.nix42
-rw-r--r--nixops/modules/websites/emilia/default.nix73
-rw-r--r--nixops/modules/websites/emilia/moodle/pause.html48
-rw-r--r--nixops/modules/websites/ftp/denisejerome.nix35
-rw-r--r--nixops/modules/websites/ftp/florian.nix68
-rw-r--r--nixops/modules/websites/ftp/immae.nix68
-rw-r--r--nixops/modules/websites/ftp/jerome.nix90
-rw-r--r--nixops/modules/websites/ftp/leila.nix86
-rw-r--r--nixops/modules/websites/ftp/nassime.nix38
-rw-r--r--nixops/modules/websites/ftp/papa.nix53
-rw-r--r--nixops/modules/websites/ftp/release.nix43
-rw-r--r--nixops/modules/websites/ftp/temp.nix40
-rw-r--r--nixops/modules/websites/ludivine/default.nix66
-rw-r--r--nixops/modules/websites/ludivine/ludivinecassal.nix157
-rw-r--r--nixops/modules/websites/piedsjaloux/default.nix66
-rw-r--r--nixops/modules/websites/piedsjaloux/piedsjaloux.nix146
-rw-r--r--nixops/modules/websites/tellesflorian/default.nix40
-rw-r--r--nixops/modules/websites/tellesflorian/tellesflorian.nix154
33 files changed, 0 insertions, 2027 deletions
diff --git a/nixops/modules/websites/aten/aten.nix b/nixops/modules/websites/aten/aten.nix
deleted file mode 100644
index 04876a1..0000000
--- a/nixops/modules/websites/aten/aten.nix
+++ /dev/null
@@ -1,104 +0,0 @@
1{ aten, lib, config }: rec {
2 app = aten.override { inherit (config) environment; };
3 phpFpm = rec {
4 preStart = ''
5 if [ ! -f "${app.varDir}/currentWebappDir" -o \
6 ! -f "${app.varDir}/currentKey" -o \
7 "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \
8 || ! sha512sum -c --status ${app.varDir}/currentKey; then
9 pushd ${app} > /dev/null
10 /run/wrappers/bin/sudo -u wwwrun APP_ENV=${app.environment} ./bin/console --env=${app.environment} cache:clear --no-warmup
11 popd > /dev/null
12 echo -n "${app}" > ${app.varDir}/currentWebappDir
13 sha512sum /var/secrets/webapps/${app.environment}-aten > ${app.varDir}/currentKey
14 fi
15 '';
16 serviceDeps = [ "postgresql.service" ];
17 socket = "/var/run/phpfpm/aten-${app.environment}.sock";
18 pool = ''
19 listen = ${socket}
20 user = ${apache.user}
21 group = ${apache.group}
22 listen.owner = ${apache.user}
23 listen.group = ${apache.group}
24 php_admin_value[upload_max_filesize] = 20M
25 php_admin_value[post_max_size] = 20M
26 ;php_admin_flag[log_errors] = on
27 php_admin_value[open_basedir] = "${app}:${app.varDir}:/tmp"
28 php_admin_value[session.save_path] = "${app.varDir}/phpSessions"
29 ${if app.environment == "dev" then ''
30 pm = ondemand
31 pm.max_children = 5
32 pm.process_idle_timeout = 60
33 env[SYMFONY_DEBUG_MODE] = "yes"
34 '' else ''
35 pm = dynamic
36 pm.max_children = 20
37 pm.start_servers = 2
38 pm.min_spare_servers = 1
39 pm.max_spare_servers = 3
40 ''}'';
41 };
42 keys = [{
43 dest = "webapps/${app.environment}-aten";
44 user = apache.user;
45 group = apache.group;
46 permissions = "0400";
47 text = ''
48 SetEnv APP_ENV "${app.environment}"
49 SetEnv APP_SECRET "${config.secret}"
50 SetEnv DATABASE_URL "${config.psql_url}"
51 '';
52 }];
53 apache = rec {
54 user = "wwwrun";
55 group = "wwwrun";
56 modules = [ "proxy_fcgi" ];
57 webappName = "aten_${app.environment}";
58 root = "/run/current-system/webapps/${webappName}";
59 vhostConf = ''
60 <FilesMatch "\.php$">
61 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
62 </FilesMatch>
63
64 Include /var/secrets/webapps/${app.environment}-aten
65
66 ${if app.environment == "dev" then ''
67 <Location />
68 Use LDAPConnect
69 Require ldap-group cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
70 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
71 </Location>
72
73 <Location /backend>
74 Use LDAPConnect
75 Require ldap-group cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
76 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
77 </Location>
78 '' else ''
79 Use Stats aten.pro
80
81 <Location /backend>
82 Use LDAPConnect
83 Require ldap-group cn=aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
84 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
85 </Location>
86 ''}
87
88 <Directory ${root}>
89 Options Indexes FollowSymLinks MultiViews Includes
90 AllowOverride All
91 Require all granted
92 DirectoryIndex index.php
93 FallbackResource /index.php
94 </Directory>
95 '';
96 };
97 activationScript = {
98 deps = [ "wrappers" ];
99 text = ''
100 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir}
101 install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions
102 '';
103 };
104}
diff --git a/nixops/modules/websites/aten/default.nix b/nixops/modules/websites/aten/default.nix
deleted file mode 100644
index a9e75b6..0000000
--- a/nixops/modules/websites/aten/default.nix
+++ /dev/null
@@ -1,66 +0,0 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 aten_dev = pkgs.callPackage ./aten.nix {
4 inherit (pkgs.webapps) aten;
5 config = myconfig.env.websites.aten.integration;
6 };
7 aten_prod = pkgs.callPackage ./aten.nix {
8 inherit (pkgs.webapps) aten;
9 config = myconfig.env.websites.aten.production;
10 };
11
12 cfg = config.services.myWebsites.Aten;
13in {
14 options.services.myWebsites.Aten = {
15 production = {
16 enable = lib.mkEnableOption "enable Aten's website in production";
17 };
18 integration = {
19 enable = lib.mkEnableOption "enable Aten's website in integration";
20 };
21 };
22
23 config = lib.mkMerge [
24 (lib.mkIf cfg.production.enable {
25 secrets.keys = aten_prod.keys;
26 services.webstats.sites = [ { name = "aten.pro"; } ];
27
28 services.myPhpfpm.preStart.aten_prod = aten_prod.phpFpm.preStart;
29 services.myPhpfpm.serviceDependencies.aten_prod = aten_prod.phpFpm.serviceDeps;
30 services.myPhpfpm.poolConfigs.aten_prod = aten_prod.phpFpm.pool;
31 system.activationScripts.aten_prod = aten_prod.activationScript;
32 system.extraSystemBuilderCmds = ''
33 mkdir -p $out/webapps
34 ln -s ${aten_prod.app.webRoot} $out/webapps/${aten_prod.apache.webappName}
35 '';
36 services.websites.production.modules = aten_prod.apache.modules;
37 services.websites.production.vhostConfs.aten = {
38 certName = "aten";
39 certMainHost = "aten.pro";
40 hosts = [ "aten.pro" "www.aten.pro" ];
41 root = aten_prod.apache.root;
42 extraConfig = [ aten_prod.apache.vhostConf ];
43 };
44 })
45 (lib.mkIf cfg.integration.enable {
46 secrets.keys = aten_dev.keys;
47 services.myPhpfpm.preStart.aten_dev = aten_dev.phpFpm.preStart;
48 services.myPhpfpm.serviceDependencies.aten_dev = aten_dev.phpFpm.serviceDeps;
49 services.myPhpfpm.poolConfigs.aten_dev = aten_dev.phpFpm.pool;
50 system.activationScripts.aten_dev = aten_dev.activationScript;
51 system.extraSystemBuilderCmds = ''
52 mkdir -p $out/webapps
53 ln -s ${aten_dev.app.webRoot} $out/webapps/${aten_dev.apache.webappName}
54 '';
55 services.websites.integration.modules = aten_dev.apache.modules;
56 services.websites.integration.vhostConfs.aten = {
57 certName = "eldiron";
58 addToCerts = true;
59 hosts = [ "dev.aten.pro" ];
60 root = aten_dev.apache.root;
61 extraConfig = [ aten_dev.apache.vhostConf ];
62 };
63 })
64 ];
65}
66
diff --git a/nixops/modules/websites/capitaines/default.nix b/nixops/modules/websites/capitaines/default.nix
deleted file mode 100644
index 4bbf488..0000000
--- a/nixops/modules/websites/capitaines/default.nix
+++ /dev/null
@@ -1,51 +0,0 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 cfg = config.services.myWebsites.Capitaines;
4 env = myconfig.env.websites.capitaines;
5 webappName = "capitaines_mastodon";
6 root = "/run/current-system/webapps/${webappName}";
7 siteDir = ./mastodon_static;
8in {
9 options.services.myWebsites.Capitaines = {
10 production = {
11 enable = lib.mkEnableOption "enable Capitaines's website";
12 };
13 };
14
15 config = lib.mkIf cfg.production.enable {
16 system.extraSystemBuilderCmds = ''
17 mkdir -p $out/webapps
18 ln -s ${siteDir} $out/webapps/${webappName}
19 '';
20
21 services.websites.production.vhostConfs.capitaines_mastodon = {
22 certName = "capitaines";
23 certMainHost = "mastodon.capitaines.fr";
24 hosts = [ "mastodon.capitaines.fr" ];
25 root = root;
26 extraConfig = [
27 ''
28 ErrorDocument 404 /index.html
29 <Directory ${root}>
30 DirectoryIndex index.html
31 Options Indexes FollowSymLinks MultiViews Includes
32 Require all granted
33 </Directory>
34 ''
35 ];
36 };
37
38 services.websites.production.vhostConfs.capitaines = {
39 certName = "capitaines";
40 addToCerts = true;
41 hosts = [ "capitaines.fr" ];
42 root = "/run/current-system/webapps/_www";
43 extraConfig = [ ''
44 <Directory /run/current-system/webapps/_www>
45 DirectoryIndex index.htm
46 Require all granted
47 </Directory>
48 '' ];
49 };
50 };
51}
diff --git a/nixops/modules/websites/capitaines/mastodon_static/index.html b/nixops/modules/websites/capitaines/mastodon_static/index.html
deleted file mode 100644
index fae4152..0000000
--- a/nixops/modules/websites/capitaines/mastodon_static/index.html
+++ /dev/null
@@ -1,29 +0,0 @@
1<!DOCTYPE html>
2<html lang='en'>
3 <head>
4 <meta content='text/html; charset=UTF-8' http-equiv='Content-Type'>
5 <title>This instance is now closed - Mastodon</title>
6 <style>
7 body {
8 text-align: center;
9 background: #282c37;
10 font-family: sans-serif;
11 }
12 img {
13 max-width: 470px;
14 width: 100%;
15 }
16 h1 {
17 font-size: 20px;
18 font-weight: 400;
19 color: #9baec8;
20 }
21 </style>
22 </head>
23 <body>
24 <div>
25 <img alt='Mastodon' src='/oops.png'>
26 <h1>Sorry, this instance is closed now.</h1>
27 </div>
28 </body>
29</html>
diff --git a/nixops/modules/websites/capitaines/mastodon_static/oops.png b/nixops/modules/websites/capitaines/mastodon_static/oops.png
deleted file mode 100644
index 0abddad..0000000
--- a/nixops/modules/websites/capitaines/mastodon_static/oops.png
+++ /dev/null
Binary files differ
diff --git a/nixops/modules/websites/chloe/chloe.nix b/nixops/modules/websites/chloe/chloe.nix
deleted file mode 100644
index 2847b9d..0000000
--- a/nixops/modules/websites/chloe/chloe.nix
+++ /dev/null
@@ -1,105 +0,0 @@
1{ chloe, config }:
2rec {
3 app = chloe.override { inherit (config) environment; };
4 phpFpm = rec {
5 serviceDeps = [ "mysql.service" ];
6 socket = "/var/run/phpfpm/chloe-${app.environment}.sock";
7 pool = ''
8 listen = ${socket}
9 user = ${apache.user}
10 group = ${apache.group}
11 listen.owner = ${apache.user}
12 listen.group = ${apache.group}
13 php_admin_value[upload_max_filesize] = 20M
14 php_admin_value[post_max_size] = 20M
15 ;php_admin_flag[log_errors] = on
16 php_admin_value[open_basedir] = "${app.spipConfig}:${configDir}:${app}:${app.varDir}:/tmp"
17 php_admin_value[session.save_path] = "${app.varDir}/phpSessions"
18 ${if app.environment == "dev" then ''
19 pm = ondemand
20 pm.max_children = 5
21 pm.process_idle_timeout = 60
22 '' else ''
23 pm = dynamic
24 pm.max_children = 20
25 pm.start_servers = 2
26 pm.min_spare_servers = 1
27 pm.max_spare_servers = 3
28 ''}'';
29 };
30 keys = [{
31 dest = "webapps/${app.environment}-chloe";
32 user = apache.user;
33 group = apache.group;
34 permissions = "0400";
35 text = ''
36 SetEnv SPIP_CONFIG_DIR "${configDir}"
37 SetEnv SPIP_VAR_DIR "${app.varDir}"
38 SetEnv SPIP_SITE "chloe-${app.environment}"
39 SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu"
40 SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu"
41 SetEnv SPIP_LDAP_SEARCH_DN "${config.ldap.dn}"
42 SetEnv SPIP_LDAP_SEARCH_PW "${config.ldap.password}"
43 SetEnv SPIP_LDAP_SEARCH "${config.ldap.search}"
44 SetEnv SPIP_MYSQL_HOST "${config.mysql.host}"
45 SetEnv SPIP_MYSQL_PORT "${config.mysql.port}"
46 SetEnv SPIP_MYSQL_DB "${config.mysql.name}"
47 SetEnv SPIP_MYSQL_USER "${config.mysql.user}"
48 SetEnv SPIP_MYSQL_PASSWORD "${config.mysql.password}"
49 '';
50 }];
51 apache = rec {
52 user = "wwwrun";
53 group = "wwwrun";
54 modules = [ "proxy_fcgi" ];
55 webappName = "chloe_${app.environment}";
56 root = "/run/current-system/webapps/${webappName}";
57 vhostConf = ''
58 Include /var/secrets/webapps/${app.environment}-chloe
59
60 RewriteEngine On
61 ${if app.environment == "prod" then ''
62 RewriteRule ^/news.rss /spip.php?page=backend&id_rubrique=1
63 '' else ""}
64
65 <FilesMatch "\.php$">
66 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
67 </FilesMatch>
68
69 <Directory ${root}>
70 DirectoryIndex index.php index.htm index.html
71 Options -Indexes +FollowSymLinks +MultiViews +Includes
72 Include ${root}/htaccess.txt
73
74 AllowOverride AuthConfig FileInfo Limit
75 Require all granted
76 </Directory>
77
78 <DirectoryMatch "${root}/squelettes">
79 Require all denied
80 </DirectoryMatch>
81
82 <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$">
83 Require all denied
84 </FilesMatch>
85
86 ${if app.environment == "dev" then ''
87 <Location />
88 Use LDAPConnect
89 Require ldap-group cn=chloe.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
90 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://osteopathe-cc.fr\"></html>"
91 </Location>
92 '' else ''
93 Use Stats osteopathe-cc.fr
94 ''}
95 '';
96 };
97 activationScript = {
98 deps = [ "wrappers" ];
99 text = ''
100 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local
101 install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions
102 '';
103 };
104 configDir = ./chloe_config_ + app.environment;
105}
diff --git a/nixops/modules/websites/chloe/chloe_config_dev/chmod.php b/nixops/modules/websites/chloe/chloe_config_dev/chmod.php
deleted file mode 100644
index aae16cd..0000000
--- a/nixops/modules/websites/chloe/chloe_config_dev/chmod.php
+++ /dev/null
@@ -1,4 +0,0 @@
1<?php
2if (!defined("_ECRIRE_INC_VERSION")) return;
3if (!defined('_SPIP_CHMOD')) define('_SPIP_CHMOD', 0777);
4?> \ No newline at end of file
diff --git a/nixops/modules/websites/chloe/chloe_config_dev/connect.php b/nixops/modules/websites/chloe/chloe_config_dev/connect.php
deleted file mode 100644
index 18b0933..0000000
--- a/nixops/modules/websites/chloe/chloe_config_dev/connect.php
+++ /dev/null
@@ -1,15 +0,0 @@
1<?php
2if (!defined("_ECRIRE_INC_VERSION")) return;
3define('_MYSQL_SET_SQL_MODE',true);
4$GLOBALS['spip_connect_version'] = 0.7;
5spip_connect_db(
6 getenv("SPIP_MYSQL_HOST"),
7 getenv("SPIP_MYSQL_PORT"),
8 getenv("SPIP_MYSQL_USER"),
9 getenv("SPIP_MYSQL_PASSWORD"),
10 getenv("SPIP_MYSQL_DB"),
11 'mysql',
12 'spip',
13 'ldap.php'
14);
15?>
diff --git a/nixops/modules/websites/chloe/chloe_config_dev/ldap.php b/nixops/modules/websites/chloe/chloe_config_dev/ldap.php
deleted file mode 100644
index 825b7ed..0000000
--- a/nixops/modules/websites/chloe/chloe_config_dev/ldap.php
+++ /dev/null
@@ -1,9 +0,0 @@
1<?php
2if (!defined("_ECRIRE_INC_VERSION")) return;
3$GLOBALS['ldap_base'] = getenv("SPIP_LDAP_BASE");
4$GLOBALS['ldap_link'] = @ldap_connect(getenv("SPIP_LDAP_HOST"));
5@ldap_set_option($GLOBALS['ldap_link'],LDAP_OPT_PROTOCOL_VERSION,'3');
6@ldap_bind($GLOBALS['ldap_link'],getenv("SPIP_LDAP_SEARCH_DN"), getenv("SPIP_LDAP_SEARCH_PW"));
7$GLOBALS['ldap_champs'] = array('login' => array('sAMAccountName','uid','login','userid','cn','sn'),'nom' => 'cn','email' => 'mail','bio' => 'description',);
8$GLOBALS['ldap_search'] = getenv("SPIP_LDAP_SEARCH");
9?>
diff --git a/nixops/modules/websites/chloe/chloe_config_prod/chmod.php b/nixops/modules/websites/chloe/chloe_config_prod/chmod.php
deleted file mode 100644
index aae16cd..0000000
--- a/nixops/modules/websites/chloe/chloe_config_prod/chmod.php
+++ /dev/null
@@ -1,4 +0,0 @@
1<?php
2if (!defined("_ECRIRE_INC_VERSION")) return;
3if (!defined('_SPIP_CHMOD')) define('_SPIP_CHMOD', 0777);
4?> \ No newline at end of file
diff --git a/nixops/modules/websites/chloe/chloe_config_prod/connect.php b/nixops/modules/websites/chloe/chloe_config_prod/connect.php
deleted file mode 100644
index 18b0933..0000000
--- a/nixops/modules/websites/chloe/chloe_config_prod/connect.php
+++ /dev/null
@@ -1,15 +0,0 @@
1<?php
2if (!defined("_ECRIRE_INC_VERSION")) return;
3define('_MYSQL_SET_SQL_MODE',true);
4$GLOBALS['spip_connect_version'] = 0.7;
5spip_connect_db(
6 getenv("SPIP_MYSQL_HOST"),
7 getenv("SPIP_MYSQL_PORT"),
8 getenv("SPIP_MYSQL_USER"),
9 getenv("SPIP_MYSQL_PASSWORD"),
10 getenv("SPIP_MYSQL_DB"),
11 'mysql',
12 'spip',
13 'ldap.php'
14);
15?>
diff --git a/nixops/modules/websites/chloe/chloe_config_prod/ldap.php b/nixops/modules/websites/chloe/chloe_config_prod/ldap.php
deleted file mode 100644
index 825b7ed..0000000
--- a/nixops/modules/websites/chloe/chloe_config_prod/ldap.php
+++ /dev/null
@@ -1,9 +0,0 @@
1<?php
2if (!defined("_ECRIRE_INC_VERSION")) return;
3$GLOBALS['ldap_base'] = getenv("SPIP_LDAP_BASE");
4$GLOBALS['ldap_link'] = @ldap_connect(getenv("SPIP_LDAP_HOST"));
5@ldap_set_option($GLOBALS['ldap_link'],LDAP_OPT_PROTOCOL_VERSION,'3');
6@ldap_bind($GLOBALS['ldap_link'],getenv("SPIP_LDAP_SEARCH_DN"), getenv("SPIP_LDAP_SEARCH_PW"));
7$GLOBALS['ldap_champs'] = array('login' => array('sAMAccountName','uid','login','userid','cn','sn'),'nom' => 'cn','email' => 'mail','bio' => 'description',);
8$GLOBALS['ldap_search'] = getenv("SPIP_LDAP_SEARCH");
9?>
diff --git a/nixops/modules/websites/chloe/default.nix b/nixops/modules/websites/chloe/default.nix
deleted file mode 100644
index 8e801b5..0000000
--- a/nixops/modules/websites/chloe/default.nix
+++ /dev/null
@@ -1,69 +0,0 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 chloe_dev = pkgs.callPackage ./chloe.nix {
4 inherit (pkgs.webapps) chloe;
5 config = myconfig.env.websites.chloe.integration;
6 };
7 chloe_prod = pkgs.callPackage ./chloe.nix {
8 inherit (pkgs.webapps) chloe;
9 config = myconfig.env.websites.chloe.production;
10 };
11
12 cfg = config.services.myWebsites.Chloe;
13in {
14 options.services.myWebsites.Chloe = {
15 production = {
16 enable = lib.mkEnableOption "enable Chloe's website in production";
17 };
18 integration = {
19 enable = lib.mkEnableOption "enable Chloe's website in integration";
20 };
21 };
22
23 config = lib.mkMerge [
24 (lib.mkIf cfg.production.enable {
25 secrets.keys = chloe_prod.keys;
26 services.webstats.sites = [ { name = "osteopathe-cc.fr"; } ];
27
28 services.myPhpfpm.serviceDependencies.chloe_prod = chloe_prod.phpFpm.serviceDeps;
29 services.myPhpfpm.poolConfigs.chloe_prod = chloe_prod.phpFpm.pool;
30 services.myPhpfpm.poolPhpConfigs.chloe_prod = ''
31 extension=${pkgs.php}/lib/php/extensions/mysqli.so
32 '';
33 system.activationScripts.chloe_prod = chloe_prod.activationScript;
34 system.extraSystemBuilderCmds = ''
35 mkdir -p $out/webapps
36 ln -s ${chloe_prod.app.webRoot} $out/webapps/${chloe_prod.apache.webappName}
37 '';
38 services.websites.production.modules = chloe_prod.apache.modules;
39 services.websites.production.vhostConfs.chloe = {
40 certName = "chloe";
41 certMainHost = "osteopathe-cc.fr";
42 hosts = ["osteopathe-cc.fr" "www.osteopathe-cc.fr" ];
43 root = chloe_prod.apache.root;
44 extraConfig = [ chloe_prod.apache.vhostConf ];
45 };
46 })
47 (lib.mkIf cfg.integration.enable {
48 secrets.keys = chloe_dev.keys;
49 services.myPhpfpm.serviceDependencies.chloe_dev = chloe_dev.phpFpm.serviceDeps;
50 services.myPhpfpm.poolConfigs.chloe_dev = chloe_dev.phpFpm.pool;
51 services.myPhpfpm.poolPhpConfigs.chloe_dev = ''
52 extension=${pkgs.php}/lib/php/extensions/mysqli.so
53 '';
54 system.activationScripts.chloe_dev = chloe_dev.activationScript;
55 system.extraSystemBuilderCmds = ''
56 mkdir -p $out/webapps
57 ln -s ${chloe_dev.app.webRoot} $out/webapps/${chloe_dev.apache.webappName}
58 '';
59 services.websites.integration.modules = chloe_dev.apache.modules;
60 services.websites.integration.vhostConfs.chloe = {
61 certName = "eldiron";
62 addToCerts = true;
63 hosts = ["chloe.immae.eu" ];
64 root = chloe_dev.apache.root;
65 extraConfig = [ chloe_dev.apache.vhostConf ];
66 };
67 })
68 ];
69}
diff --git a/nixops/modules/websites/connexionswing/connexionswing.nix b/nixops/modules/websites/connexionswing/connexionswing.nix
deleted file mode 100644
index 77b839c..0000000
--- a/nixops/modules/websites/connexionswing/connexionswing.nix
+++ /dev/null
@@ -1,166 +0,0 @@
1{ connexionswing, pkgs, phpPackages, config }:
2rec {
3 app = connexionswing.override { inherit (config) environment; };
4 keys = [{
5 dest = "webapps/${app.environment}-connexionswing";
6 user = apache.user;
7 group = apache.group;
8 permissions = "0400";
9 text = ''
10 # This file is auto-generated during the composer install
11 parameters:
12 database_host: ${config.mysql.host}
13 database_port: ${config.mysql.port}
14 database_name: ${config.mysql.name}
15 database_user: ${config.mysql.user}
16 database_password: ${config.mysql.password}
17 database_server_version: ${pkgs.mariadb.mysqlVersion}
18 mailer_transport: sendmail
19 mailer_host: null
20 mailer_user: null
21 mailer_password: null
22 subscription_email: ${config.email}
23 allow_robots: true
24 secret: ${config.secret}
25 ${if app.environment == "prod" then ''
26 services:
27 swiftmailer.mailer.default.transport:
28 class: Swift_SendmailTransport
29 arguments: ['/run/wrappers/bin/sendmail -bs']
30 '' else ""}
31 '';
32 }];
33 phpFpm = rec {
34 preStart = ''
35 if [ ! -f "${app.varDir}/currentWebappDir" -o \
36 ! -f "${app.varDir}/currentKey" -o \
37 "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \
38 || ! sha512sum -c --status ${app.varDir}/currentKey; then
39 pushd ${app} > /dev/null
40 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${app.environment} cache:clear --no-warmup
41 popd > /dev/null
42 echo -n "${app}" > ${app.varDir}/currentWebappDir
43 sha512sum /var/secrets/webapps/${app.environment}-connexionswing > ${app.varDir}/currentKey
44 fi
45 '';
46 serviceDeps = [ "mysql.service" ];
47 socket = "/var/run/phpfpm/connexionswing-${app.environment}.sock";
48 phpConfig = ''
49 extension=${phpPackages.imagick}/lib/php/extensions/imagick.so
50 '';
51 pool = ''
52 listen = ${socket}
53 user = ${apache.user}
54 group = ${apache.group}
55 listen.owner = ${apache.user}
56 listen.group = ${apache.group}
57 php_admin_value[upload_max_filesize] = 20M
58 php_admin_value[post_max_size] = 20M
59 ;php_admin_flag[log_errors] = on
60 php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/secrets/webapps/${app.environment}-connexionswing:${app}:${app.varDir}:/tmp"
61 php_admin_value[session.save_path] = "${app.varDir}/phpSessions"
62 ${if app.environment == "dev" then ''
63 pm = ondemand
64 pm.max_children = 5
65 pm.process_idle_timeout = 60
66 env[SYMFONY_DEBUG_MODE] = "yes"
67 '' else ''
68 pm = dynamic
69 pm.max_children = 20
70 pm.start_servers = 2
71 pm.min_spare_servers = 1
72 pm.max_spare_servers = 3
73 ''}'';
74 };
75 apache = rec {
76 user = "wwwrun";
77 group = "wwwrun";
78 modules = [ "proxy_fcgi" ];
79 webappName = "connexionswing_${app.environment}";
80 root = "/run/current-system/webapps/${webappName}";
81 vhostConf = ''
82 <FilesMatch "\.php$">
83 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
84 </FilesMatch>
85
86 <Directory ${app.varDir}/medias>
87 Options FollowSymLinks
88 AllowOverride None
89 Require all granted
90 </Directory>
91
92 <Directory ${app.varDir}/uploads>
93 Options FollowSymLinks
94 AllowOverride None
95 Require all granted
96 </Directory>
97
98 ${if app.environment == "dev" then ''
99 <Location />
100 Use LDAPConnect
101 Require ldap-group cn=connexionswing.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
102 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://connexionswing.com\"></html>"
103 </Location>
104
105 <Directory ${root}>
106 Options Indexes FollowSymLinks MultiViews Includes
107 AllowOverride None
108 Require all granted
109
110 DirectoryIndex app_dev.php
111
112 <IfModule mod_negotiation.c>
113 Options -MultiViews
114 </IfModule>
115
116 <IfModule mod_rewrite.c>
117 RewriteEngine On
118
119 RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
120 RewriteRule ^(.*) - [E=BASE:%1]
121
122 # Maintenance script
123 RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f
124 RewriteCond %{SCRIPT_FILENAME} !maintenance.php
125 RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]
126 ErrorDocument 503 /maintenance.php
127
128 # Sets the HTTP_AUTHORIZATION header removed by Apache
129 RewriteCond %{HTTP:Authorization} .
130 RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
131
132 RewriteCond %{ENV:REDIRECT_STATUS} ^$
133 RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
134
135 # If the requested filename exists, simply serve it.
136 # We only want to let Apache serve files and not directories.
137 RewriteCond %{REQUEST_FILENAME} -f
138 RewriteRule ^ - [L]
139
140 # Rewrite all other queries to the front controller.
141 RewriteRule ^ %{ENV:BASE}/app_dev.php [L]
142 </IfModule>
143
144 </Directory>
145 '' else ''
146 Use Stats connexionswing.com
147
148 <Directory ${root}>
149 Options Indexes FollowSymLinks MultiViews Includes
150 AllowOverride All
151 Require all granted
152 </Directory>
153 ''}
154 '';
155 };
156 activationScript = {
157 deps = [ "wrappers" ];
158 text = ''
159 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} \
160 ${app.varDir}/medias \
161 ${app.varDir}/uploads \
162 ${app.varDir}/var
163 install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions
164 '';
165 };
166}
diff --git a/nixops/modules/websites/connexionswing/default.nix b/nixops/modules/websites/connexionswing/default.nix
deleted file mode 100644
index 20c5166..0000000
--- a/nixops/modules/websites/connexionswing/default.nix
+++ /dev/null
@@ -1,68 +0,0 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 connexionswing_dev = pkgs.callPackage ./connexionswing.nix {
4 inherit (pkgs.webapps) connexionswing;
5 config = myconfig.env.websites.connexionswing.integration;
6 };
7 connexionswing_prod = pkgs.callPackage ./connexionswing.nix {
8 inherit (pkgs.webapps) connexionswing;
9 config = myconfig.env.websites.connexionswing.production;
10 };
11
12 cfg = config.services.myWebsites.Connexionswing;
13in {
14 options.services.myWebsites.Connexionswing = {
15 production = {
16 enable = lib.mkEnableOption "enable Connexionswing's website in production";
17 };
18 integration = {
19 enable = lib.mkEnableOption "enable Connexionswing's website in integration";
20 };
21 };
22
23 config = lib.mkMerge [
24 (lib.mkIf cfg.production.enable {
25 secrets.keys = connexionswing_prod.keys;
26 services.webstats.sites = [ { name = "connexionswing.com"; } ];
27
28 services.myPhpfpm.preStart.connexionswing_prod = connexionswing_prod.phpFpm.preStart;
29 services.myPhpfpm.serviceDependencies.connexionswing_prod = connexionswing_prod.phpFpm.serviceDeps;
30 services.myPhpfpm.poolConfigs.connexionswing_prod = connexionswing_prod.phpFpm.pool;
31 services.myPhpfpm.poolPhpConfigs.connexionswing_prod = connexionswing_prod.phpFpm.phpConfig;
32 system.activationScripts.connexionswing_prod = connexionswing_prod.activationScript;
33 system.extraSystemBuilderCmds = ''
34 mkdir -p $out/webapps
35 ln -s ${connexionswing_prod.app.webRoot} $out/webapps/${connexionswing_prod.apache.webappName}
36 '';
37 services.websites.production.modules = connexionswing_prod.apache.modules;
38 services.websites.production.vhostConfs.connexionswing = {
39 certName = "connexionswing";
40 certMainHost = "connexionswing.com";
41 hosts = ["connexionswing.com" "sandetludo.com" "www.connexionswing.com" "www.sandetludo.com" ];
42 root = connexionswing_prod.apache.root;
43 extraConfig = [ connexionswing_prod.apache.vhostConf ];
44 };
45 })
46 (lib.mkIf cfg.integration.enable {
47 secrets.keys = connexionswing_dev.keys;
48 services.myPhpfpm.preStart.connexionswing_dev = connexionswing_dev.phpFpm.preStart;
49 services.myPhpfpm.serviceDependencies.connexionswing_dev = connexionswing_dev.phpFpm.serviceDeps;
50 services.myPhpfpm.poolConfigs.connexionswing_dev = connexionswing_dev.phpFpm.pool;
51 services.myPhpfpm.poolPhpConfigs.connexionswing_dev = connexionswing_dev.phpFpm.phpConfig;
52 system.activationScripts.connexionswing_dev = connexionswing_dev.activationScript;
53 system.extraSystemBuilderCmds = ''
54 mkdir -p $out/webapps
55 ln -s ${connexionswing_dev.app.webRoot} $out/webapps/${connexionswing_dev.apache.webappName}
56 '';
57 services.websites.integration.modules = connexionswing_dev.apache.modules;
58 services.websites.integration.vhostConfs.connexionswing = {
59 certName = "eldiron";
60 addToCerts = true;
61 hosts = ["connexionswing.immae.eu" "sandetludo.immae.eu" ];
62 root = connexionswing_dev.apache.root;
63 extraConfig = [ connexionswing_dev.apache.vhostConf ];
64 };
65 })
66 ];
67}
68
diff --git a/nixops/modules/websites/default.nix b/nixops/modules/websites/default.nix
index 432ad3c..584892a 100644
--- a/nixops/modules/websites/default.nix
+++ b/nixops/modules/websites/default.nix
@@ -66,23 +66,6 @@ let
66in 66in
67{ 67{
68 imports = [ 68 imports = [
69 ./chloe
70 ./ludivine
71 ./aten
72 ./piedsjaloux
73 ./connexionswing
74 ./tellesflorian
75 ./emilia
76 ./capitaines
77 ./ftp/jerome.nix
78 ./ftp/nassime.nix
79 ./ftp/florian.nix
80 ./ftp/denisejerome.nix
81 ./ftp/leila.nix
82 ./ftp/papa.nix
83 ./ftp/immae.nix
84 ./ftp/release.nix
85 ./ftp/temp.nix
86 ./tools/db.nix 69 ./tools/db.nix
87 ./tools/tools 70 ./tools/tools
88 ./tools/dav 71 ./tools/dav
@@ -133,31 +116,6 @@ in
133 services.myWebsites.tools.etherpad-lite.enable = true; 116 services.myWebsites.tools.etherpad-lite.enable = true;
134 services.myWebsites.tools.peertube.enable = true; 117 services.myWebsites.tools.peertube.enable = true;
135 118
136 services.myWebsites.Chloe.production.enable = true;
137 services.myWebsites.Ludivine.production.enable = true;
138 services.myWebsites.Aten.production.enable = true;
139 services.myWebsites.PiedsJaloux.production.enable = true;
140 services.myWebsites.Connexionswing.production.enable = true;
141 services.myWebsites.Jerome.production.enable = true;
142 services.myWebsites.Nassime.production.enable = true;
143 services.myWebsites.Florian.production.enable = true;
144 services.myWebsites.Leila.production.enable = true;
145 services.myWebsites.Papa.production.enable = true;
146 services.myWebsites.DeniseJerome.production.enable = true;
147 services.myWebsites.Emilia.production.enable = true;
148 services.myWebsites.Capitaines.production.enable = true;
149 services.myWebsites.Immae.production.enable = true;
150 services.myWebsites.Release.production.enable = true;
151 services.myWebsites.Temp.production.enable = true;
152
153 services.myWebsites.Chloe.integration.enable = true;
154 services.myWebsites.Ludivine.integration.enable = true;
155 services.myWebsites.Aten.integration.enable = true;
156 services.myWebsites.PiedsJaloux.integration.enable = true;
157 services.myWebsites.Connexionswing.integration.enable = true;
158 services.myWebsites.TellesFlorian.integration.enable = true;
159 services.myWebsites.Florian.integration.enable = true;
160
161 secrets.keys = [{ 119 secrets.keys = [{
162 dest = "apache-ldap"; 120 dest = "apache-ldap";
163 user = "wwwrun"; 121 user = "wwwrun";
diff --git a/nixops/modules/websites/emilia/default.nix b/nixops/modules/websites/emilia/default.nix
deleted file mode 100644
index 47257b7..0000000
--- a/nixops/modules/websites/emilia/default.nix
+++ /dev/null
@@ -1,73 +0,0 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 cfg = config.services.myWebsites.Emilia;
4 env = myconfig.env.websites.emilia;
5 varDir = "/var/lib/moodle";
6 siteDir = ./moodle;
7 webappName = "emilia_moodle";
8 root = "/run/current-system/webapps/${webappName}";
9 # php_admin_value[upload_max_filesize] = 50000000
10 # php_admin_value[post_max_size] = 50000000
11 configFile = ''
12 <?php // Moodle configuration file
13
14 unset($CFG);
15 global $CFG;
16 $CFG = new stdClass();
17
18 $CFG->dbtype = 'pgsql';
19 $CFG->dblibrary = 'native';
20 $CFG->dbhost = '${env.postgresql.host}';
21 $CFG->dbname = '${env.postgresql.database}';
22 $CFG->dbuser = '${env.postgresql.user}';
23 $CFG->dbpass = '${env.postgresql.password}';
24 $CFG->prefix = 'mdl_';
25 $CFG->dboptions = array (
26 'dbpersist' => 0,
27 'dbport' => '${env.postgreesql.port}',
28 'dbsocket' => '${env.postgresql.password}',
29 );
30
31 $CFG->wwwroot = 'https://www.saison-photo.org';
32 $CFG->dataroot = '${varDir}';
33 $CFG->admin = 'admin';
34
35 $CFG->directorypermissions = 02777;
36
37 require_once(__DIR__ . '/lib/setup.php');
38
39 // There is no php closing tag in this file,
40 // it is intentional because it prevents trailing whitespace problems!
41 '';
42in {
43 options.services.myWebsites.Emilia = {
44 production = {
45 enable = lib.mkEnableOption "enable Emilia's website";
46 };
47 };
48
49 config = lib.mkIf cfg.production.enable {
50 system.activationScripts.emilia = ''
51 install -m 0755 -o wwwrun -g wwwrun -d ${varDir}
52 '';
53 system.extraSystemBuilderCmds = ''
54 mkdir -p $out/webapps
55 ln -s ${siteDir} $out/webapps/${webappName}
56 '';
57 services.websites.production.vhostConfs.emilia = {
58 certName = "emilia";
59 certMainHost = "saison-photo.org";
60 hosts = [ "saison-photo.org" "www.saison-photo.org" ];
61 root = root;
62 extraConfig = [
63 ''
64 <Directory ${root}>
65 DirectoryIndex pause.html
66 Options Indexes FollowSymLinks MultiViews Includes
67 Require all granted
68 </Directory>
69 ''
70 ];
71 };
72 };
73}
diff --git a/nixops/modules/websites/emilia/moodle/pause.html b/nixops/modules/websites/emilia/moodle/pause.html
deleted file mode 100644
index 8b99c59..0000000
--- a/nixops/modules/websites/emilia/moodle/pause.html
+++ /dev/null
@@ -1,48 +0,0 @@
1<!doctype html>
2<html>
3 <head>
4 <title>Pause</title>
5 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
6 <style>
7 body {
8 padding-left: 5px;
9 padding-right: 5px;
10 text-align: center;
11 margin: auto;
12 font: 20px Helvetica, sans-serif;
13 color: #333;
14 }
15 h1 {
16 margin: 0px;
17 font-size: 40px;
18 }
19 article {
20 display: block;
21 max-width: 650px;
22 margin: 0 auto;
23 padding-top: 30px;
24 }
25 article + article {
26 border-top: 1px solid lightgrey;
27 }
28 article div {
29 text-align: justify;
30 }
31 a {
32 color: #dc8100;
33 text-decoration: none;
34 }
35 a:hover {
36 color: #333;
37 }
38 </style>
39 </head>
40 <body>
41 <article>
42 <h1>Site web en pause&nbsp;!</h1>
43 <div>
44 <p>Le site et les cours de photographie sont actuellement en pause.</p>
45 </div>
46 </article>
47 </body>
48</html>
diff --git a/nixops/modules/websites/ftp/denisejerome.nix b/nixops/modules/websites/ftp/denisejerome.nix
deleted file mode 100644
index 884fb62..0000000
--- a/nixops/modules/websites/ftp/denisejerome.nix
+++ /dev/null
@@ -1,35 +0,0 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 cfg = config.services.myWebsites.DeniseJerome;
4 varDir = "/var/lib/ftp/denisejerome";
5 env = myconfig.env.websites.denisejerome;
6in {
7 options.services.myWebsites.DeniseJerome = {
8 production = {
9 enable = lib.mkEnableOption "enable Denise Jerome's website";
10 };
11 };
12
13 config = lib.mkIf cfg.production.enable {
14 services.webstats.sites = [ { name = "denisejerome.piedsjaloux.fr"; } ];
15
16 services.websites.production.vhostConfs.denisejerome = {
17 certName = "denisejerome";
18 certMainHost = "denisejerome.piedsjaloux.fr";
19 hosts = ["denisejerome.piedsjaloux.fr" ];
20 root = varDir;
21 extraConfig = [
22 ''
23 Use Stats denisejerome.piedsjaloux.fr
24
25 <Directory ${varDir}>
26 DirectoryIndex index.htm index.html
27 Options Indexes FollowSymLinks MultiViews Includes
28 AllowOverride AuthConfig
29 Require all granted
30 </Directory>
31 ''
32 ];
33 };
34 };
35}
diff --git a/nixops/modules/websites/ftp/florian.nix b/nixops/modules/websites/ftp/florian.nix
deleted file mode 100644
index ebd461e..0000000
--- a/nixops/modules/websites/ftp/florian.nix
+++ /dev/null
@@ -1,68 +0,0 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 adminer = pkgs.callPackage ../commons/adminer.nix {};
4 cfg = config.services.myWebsites.Florian;
5 varDir = "/var/lib/ftp/florian";
6 env = myconfig.env.websites.florian;
7in {
8 options.services.myWebsites.Florian = {
9 production = {
10 enable = lib.mkEnableOption "enable Florian's website production";
11 };
12 integration = {
13 enable = lib.mkEnableOption "enable Florian's website integration";
14 };
15 };
16
17 config = lib.mkMerge [
18 (lib.mkIf cfg.production.enable {
19 security.acme.certs."ftp".extraDomains."tellesflorian.com" = null;
20
21 services.websites.production.modules = adminer.apache.modules;
22 services.websites.production.vhostConfs.florian = {
23 certName = "florian";
24 certMainHost = "tellesflorian.com";
25 hosts = [ "tellesflorian.com" "www.tellesflorian.com" ];
26 root = "${varDir}/tellesflorian.com";
27 extraConfig = [
28 adminer.apache.vhostConf
29 ''
30 ServerAdmin ${env.server_admin}
31
32 <Directory ${varDir}/tellesflorian.com>
33 DirectoryIndex index.php index.htm index.html
34 Options Indexes FollowSymLinks MultiViews Includes
35 AllowOverride None
36 Require all granted
37 </Directory>
38 ''
39 ];
40 };
41 })
42
43 (lib.mkIf cfg.integration.enable {
44 security.acme.certs."ftp".extraDomains."florian.immae.eu" = null;
45
46 services.websites.integration.modules = adminer.apache.modules;
47 services.websites.integration.vhostConfs.florian = {
48 certName = "eldiron";
49 addToCerts = true;
50 hosts = [ "florian.immae.eu" ];
51 root = "${varDir}/florian.immae.eu";
52 extraConfig = [
53 adminer.apache.vhostConf
54 ''
55 ServerAdmin ${env.server_admin}
56
57 <Directory ${varDir}/florian.immae.eu>
58 DirectoryIndex index.php index.htm index.html
59 Options Indexes FollowSymLinks MultiViews Includes
60 AllowOverride None
61 Require all granted
62 </Directory>
63 ''
64 ];
65 };
66 })
67 ];
68}
diff --git a/nixops/modules/websites/ftp/immae.nix b/nixops/modules/websites/ftp/immae.nix
deleted file mode 100644
index 2ba30a1..0000000
--- a/nixops/modules/websites/ftp/immae.nix
+++ /dev/null
@@ -1,68 +0,0 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 cfg = config.services.myWebsites.Immae;
4 varDir = "/var/lib/ftp/immae";
5 env = myconfig.env.websites.immae;
6in {
7 options.services.myWebsites.Immae = {
8 production = {
9 enable = lib.mkEnableOption "enable Immae's website";
10 };
11 };
12
13 config = lib.mkIf cfg.production.enable {
14 services.webstats.sites = [ { name = "www.immae.eu"; } ];
15
16 services.myPhpfpm.poolConfigs.immae = ''
17 listen = /run/phpfpm/immae.sock
18 user = wwwrun
19 group = wwwrun
20 listen.owner = wwwrun
21 listen.group = wwwrun
22
23 pm = ondemand
24 pm.max_children = 5
25 pm.process_idle_timeout = 60
26
27 php_admin_value[open_basedir] = "${varDir}:/tmp"
28 '';
29 services.websites.production.modules = [ "proxy_fcgi" ];
30 services.websites.production.vhostConfs.immae = {
31 certName = "eldiron";
32 addToCerts = true;
33 hosts = [ "www.immae.eu" ];
34 root = varDir;
35 extraConfig = [
36 ''
37 Use Stats www.immae.eu
38
39 <FilesMatch "\.php$">
40 SetHandler "proxy:unix:/run/phpfpm/immae.sock|fcgi://localhost"
41 </FilesMatch>
42
43 <Directory ${varDir}>
44 DirectoryIndex index.php index.htm index.html
45 Options Indexes FollowSymLinks MultiViews Includes
46 AllowOverride All
47 Require all granted
48 </Directory>
49
50 <Location /blog_old/>
51 Use LDAPConnect
52 Require ldap-group cn=blog,cn=immae.eu,ou=services,dc=immae,dc=eu
53 </Location>
54 ''
55 ];
56 };
57
58 services.websites.production.vhostConfs.bouya = {
59 certName = "eldiron";
60 addToCerts = true;
61 hosts = [ "bouya.org" "www.bouya.org" ];
62 root = null;
63 extraConfig = [ ''
64 RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://www.normalesup.org/~bouya/
65 '' ];
66 };
67 };
68}
diff --git a/nixops/modules/websites/ftp/jerome.nix b/nixops/modules/websites/ftp/jerome.nix
deleted file mode 100644
index d00c42d..0000000
--- a/nixops/modules/websites/ftp/jerome.nix
+++ /dev/null
@@ -1,90 +0,0 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 adminer = pkgs.callPackage ../commons/adminer.nix {};
4 cfg = config.services.myWebsites.Jerome;
5 varDir = "/var/lib/ftp/jerome";
6 env = myconfig.env.websites.jerome;
7in {
8 options.services.myWebsites.Jerome = {
9 production = {
10 enable = lib.mkEnableOption "enable Jerome's website";
11 };
12 };
13
14 config = lib.mkIf cfg.production.enable {
15 services.webstats.sites = [ { name = "naturaloutil.immae.eu"; } ];
16
17 security.acme.certs."ftp".extraDomains."naturaloutil.immae.eu" = null;
18
19 secrets.keys = [{
20 dest = "webapps/prod-naturaloutil";
21 user = "wwwrun";
22 group = "wwwrun";
23 permissions = "0400";
24 text = ''
25 <?php
26 $mysql_user = '${env.mysql.user}' ;
27 $mysql_server = '${env.mysql.host}' ;
28 $mysql_base = '${env.mysql.name}' ;
29 $mysql_password = '${env.mysql.password}' ;
30 //connect to db
31 $db = mysqli_init();
32 ${if env.mysql.host != "localhost" then ''
33 mysqli_options ($db, MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, true);
34 $db->ssl_set(NULL, NULL, "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt", NULL, NULL);
35 '' else ""}
36 $database = connect_db($db, $mysql_server, $mysql_base, $mysql_user, $mysql_password);
37 ?>
38 '';
39 }];
40 services.myPhpfpm.serviceDependencies.jerome = [ "mysql.service" ];
41 services.myPhpfpm.poolConfigs.jerome = ''
42 listen = /run/phpfpm/naturaloutil.sock
43 user = wwwrun
44 group = wwwrun
45 listen.owner = wwwrun
46 listen.group = wwwrun
47
48 pm = ondemand
49 pm.max_children = 5
50 pm.process_idle_timeout = 60
51
52 env[BDD_CONNECT] = "/var/secrets/webapps/prod-naturaloutil"
53 php_admin_value[open_basedir] = "/var/secrets/webapps/prod-naturaloutil:${varDir}:/tmp"
54 '';
55 services.myPhpfpm.poolPhpConfigs.jerome = ''
56 extension=${pkgs.php}/lib/php/extensions/mysqli.so
57 '';
58 services.websites.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ];
59 services.websites.production.vhostConfs.naturaloutil = {
60 certName = "naturaloutil";
61 certMainHost = "naturaloutil.immae.eu";
62 hosts = ["naturaloutil.immae.eu" ];
63 root = varDir;
64 extraConfig = [
65 adminer.apache.vhostConf
66 ''
67 Use Stats naturaloutil.immae.eu
68 ServerAdmin ${env.server_admin}
69 ErrorLog "${varDir}/logs/error_log"
70 CustomLog "${varDir}/logs/access_log" combined
71
72 <FilesMatch "\.php$">
73 SetHandler "proxy:unix:/run/phpfpm/naturaloutil.sock|fcgi://localhost"
74 </FilesMatch>
75
76 <Directory ${varDir}/logs>
77 AllowOverride None
78 Require all denied
79 </Directory>
80 <Directory ${varDir}>
81 DirectoryIndex index.php index.htm index.html
82 Options Indexes FollowSymLinks MultiViews Includes
83 AllowOverride None
84 Require all granted
85 </Directory>
86 ''
87 ];
88 };
89 };
90}
diff --git a/nixops/modules/websites/ftp/leila.nix b/nixops/modules/websites/ftp/leila.nix
deleted file mode 100644
index 14bfa20..0000000
--- a/nixops/modules/websites/ftp/leila.nix
+++ /dev/null
@@ -1,86 +0,0 @@
1{ lib, pkgs, config, ... }:
2let
3 cfg = config.services.myWebsites.Leila;
4 varDir = "/var/lib/ftp/leila";
5in {
6 options.services.myWebsites.Leila = {
7 production = {
8 enable = lib.mkEnableOption "enable Leila's website in production";
9 };
10 };
11
12 config = (lib.mkIf cfg.production.enable {
13 services.myPhpfpm.poolConfigs.leila = ''
14 listen = /run/phpfpm/leila.sock
15 user = wwwrun
16 group = wwwrun
17 listen.owner = wwwrun
18 listen.group = wwwrun
19
20 pm = ondemand
21 pm.max_children = 5
22 pm.process_idle_timeout = 60
23
24 php_admin_value[open_basedir] = "${varDir}:/tmp"
25 '';
26
27 services.webstats.sites = [
28 { name = "leila.bouya.org"; }
29 { name = "chorale.leila.bouya.org"; }
30 ];
31
32 services.websites.production.modules = [ "proxy_fcgi" ];
33 services.websites.production.vhostConfs.leila_chorale = {
34 certName = "leila";
35 addToCerts = true;
36 hosts = [ "chorale.leila.bouya.org" "chorale-vocanta.fr.nf" "www.chorale-vocanta.fr.nf" ];
37 root = "${varDir}/Chorale";
38 extraConfig = [
39 ''
40 Use Stats chorale.leila.bouya.org
41 <Directory ${varDir}/Chorale>
42 DirectoryIndex index.php index.htm index.html
43 Options Indexes FollowSymLinks MultiViews Includes
44 AllowOverride None
45
46 Use LDAPConnect
47 Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
48
49 <FilesMatch "\.php$">
50 SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost"
51 </FilesMatch>
52 </Directory>
53 ''
54 ];
55 };
56 services.websites.production.vhostConfs.leila = {
57 certName = "leila";
58 certMainHost = "leila.bouya.org";
59 hosts = [ "leila.bouya.org" ];
60 root = varDir;
61 extraConfig = [
62 ''
63 Use Stats leila.bouya.org
64 <Directory ${varDir}/Chorale>
65 DirectoryIndex index.htm index.html
66 Options Indexes FollowSymLinks MultiViews Includes
67 AllowOverride None
68
69 Use LDAPConnect
70 Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
71
72 <FilesMatch "\.php$">
73 SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost"
74 </FilesMatch>
75 </Directory>
76 <Directory ${varDir}>
77 DirectoryIndex index.htm index.html
78 Options Indexes FollowSymLinks MultiViews Includes
79 AllowOverride None
80 Require all granted
81 </Directory>
82 ''
83 ];
84 };
85 });
86}
diff --git a/nixops/modules/websites/ftp/nassime.nix b/nixops/modules/websites/ftp/nassime.nix
deleted file mode 100644
index 3c982d3..0000000
--- a/nixops/modules/websites/ftp/nassime.nix
+++ /dev/null
@@ -1,38 +0,0 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 cfg = config.services.myWebsites.Nassime;
4 varDir = "/var/lib/ftp/nassime";
5 env = myconfig.env.websites.nassime;
6in {
7 options.services.myWebsites.Nassime = {
8 production = {
9 enable = lib.mkEnableOption "enable Nassime's website";
10 };
11 };
12
13 config = lib.mkIf cfg.production.enable {
14 services.webstats.sites = [ { name = "nassime.bouya.org"; } ];
15
16 security.acme.certs."ftp".extraDomains."nassime.bouya.org" = null;
17
18 services.websites.production.vhostConfs.nassime = {
19 certName = "nassime";
20 certMainHost = "nassime.bouya.org";
21 hosts = ["nassime.bouya.org" ];
22 root = varDir;
23 extraConfig = [
24 ''
25 Use Stats nassime.bouya.org
26 ServerAdmin ${env.server_admin}
27
28 <Directory ${varDir}>
29 DirectoryIndex index.php index.htm index.html
30 Options Indexes FollowSymLinks MultiViews Includes
31 AllowOverride None
32 Require all granted
33 </Directory>
34 ''
35 ];
36 };
37 };
38}
diff --git a/nixops/modules/websites/ftp/papa.nix b/nixops/modules/websites/ftp/papa.nix
deleted file mode 100644
index c8d05ef..0000000
--- a/nixops/modules/websites/ftp/papa.nix
+++ /dev/null
@@ -1,53 +0,0 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 cfg = config.services.myWebsites.Papa;
4 varDir = "/var/lib/ftp/papa";
5in {
6 options.services.myWebsites.Papa = {
7 production = {
8 enable = lib.mkEnableOption "enable Papa's website";
9 };
10 };
11
12 config = lib.mkIf cfg.production.enable {
13 security.acme.certs."ftp".extraDomains."surveillance.maison.bbc.bouya.org" = null;
14
15 services.cron = {
16 systemCronJobs = let
17 script = pkgs.writeScript "cleanup-papa" ''
18 #!${pkgs.stdenv.shell}
19 d=$(date -d "7 days ago" +%Y%m%d)
20 for i in /var/lib/ftp/papa/*/20[0-9][0-9][0-9][0-9][0-9][0-9]; do
21 if [ "$d" -gt $(basename $i) ]; then
22 rm -rf "$i"
23 fi
24 done
25 '';
26 in
27 [
28 ''
29 0 6 * * * wwwrun ${script}
30 ''
31 ];
32 };
33
34 services.websites.production.vhostConfs.papa = {
35 certName = "papa";
36 certMainHost = "surveillance.maison.bbc.bouya.org";
37 hosts = [ "surveillance.maison.bbc.bouya.org" ];
38 root = varDir;
39 extraConfig = [
40 ''
41 Use Apaxy "${varDir}" "title .duplicity-ignore"
42 <Directory ${varDir}>
43 Use LDAPConnect
44 Options Indexes
45 AllowOverride None
46 Require ldap-group cn=surveillance.maison.bbc.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu
47 </Directory>
48 ''
49 ];
50 };
51 };
52}
53
diff --git a/nixops/modules/websites/ftp/release.nix b/nixops/modules/websites/ftp/release.nix
deleted file mode 100644
index db3487f..0000000
--- a/nixops/modules/websites/ftp/release.nix
+++ /dev/null
@@ -1,43 +0,0 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 cfg = config.services.myWebsites.Release;
4 varDir = "/var/lib/ftp/release.immae.eu";
5 env = myconfig.env.websites.release;
6in {
7 options.services.myWebsites.Release = {
8 production = {
9 enable = lib.mkEnableOption "enable Release' website";
10 };
11 };
12
13 config = lib.mkIf cfg.production.enable {
14 services.webstats.sites = [ { name = "release.immae.eu"; } ];
15
16 services.websites.production.vhostConfs.release = {
17 certName = "eldiron";
18 addToCerts = true;
19 hosts = [ "release.immae.eu" ];
20 root = varDir;
21 extraConfig = [
22 ''
23 Use Stats release.immae.eu
24
25 Use Apaxy "${varDir}" "title .duplicity-ignore"
26 <Directory "${varDir}">
27 Use LDAPConnect
28 Options Indexes
29 AllowOverride All
30 Require all granted
31 </Directory>
32
33 <Directory "${varDir}/packages">
34 Use LDAPConnect
35 Options Indexes FollowSymlinks
36 AllowOverride None
37 Require all granted
38 </Directory>
39 ''
40 ];
41 };
42 };
43}
diff --git a/nixops/modules/websites/ftp/temp.nix b/nixops/modules/websites/ftp/temp.nix
deleted file mode 100644
index 86dfde3..0000000
--- a/nixops/modules/websites/ftp/temp.nix
+++ /dev/null
@@ -1,40 +0,0 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 cfg = config.services.myWebsites.Temp;
4 varDir = "/var/lib/ftp/temp.immae.eu";
5 env = myconfig.env.websites.temp;
6in {
7 options.services.myWebsites.Temp = {
8 production = {
9 enable = lib.mkEnableOption "enable Temp' website";
10 };
11 };
12
13 config = lib.mkIf cfg.production.enable {
14 services.websites.production.modules = [ "headers" ];
15 services.websites.production.vhostConfs.temp = {
16 certName = "eldiron";
17 addToCerts = true;
18 hosts = [ "temp.immae.eu" ];
19 root = varDir;
20 extraConfig = [
21 ''
22 Use Apaxy "${varDir}" "title .duplicity-ignore"
23 <FilesMatch ".+">
24 Header set Content-Disposition attachment
25 </FilesMatch>
26 <Directory "${varDir}">
27 Options -Indexes
28 AllowOverride None
29 Require all granted
30 </Directory>
31
32 <DirectoryMatch "${varDir}/(.+)">
33 Options Indexes
34 </DirectoryMatch>
35 ''
36 ];
37 };
38 };
39}
40
diff --git a/nixops/modules/websites/ludivine/default.nix b/nixops/modules/websites/ludivine/default.nix
deleted file mode 100644
index 70d5199..0000000
--- a/nixops/modules/websites/ludivine/default.nix
+++ /dev/null
@@ -1,66 +0,0 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 ludivinecassal_dev = pkgs.callPackage ./ludivinecassal.nix {
4 inherit (pkgs.webapps) ludivinecassal;
5 config = myconfig.env.websites.ludivinecassal.integration;
6 };
7 ludivinecassal_prod = pkgs.callPackage ./ludivinecassal.nix {
8 inherit (pkgs.webapps) ludivinecassal;
9 config = myconfig.env.websites.ludivinecassal.production;
10 };
11
12 cfg = config.services.myWebsites.Ludivine;
13in {
14 options.services.myWebsites.Ludivine = {
15 production = {
16 enable = lib.mkEnableOption "enable Ludivine's website in production";
17 };
18 integration = {
19 enable = lib.mkEnableOption "enable Ludivine's website in integration";
20 };
21 };
22
23 config = lib.mkMerge [
24 (lib.mkIf cfg.production.enable {
25 secrets.keys = ludivinecassal_prod.keys;
26 services.webstats.sites = [ { name = "ludivinecassal.com"; } ];
27
28 services.myPhpfpm.preStart.ludivinecassal_prod = ludivinecassal_prod.phpFpm.preStart;
29 services.myPhpfpm.serviceDependencies.ludivinecassal_prod = ludivinecassal_prod.phpFpm.serviceDeps;
30 services.myPhpfpm.poolConfigs.ludivinecassal_prod = ludivinecassal_prod.phpFpm.pool;
31 system.activationScripts.ludivinecassal_prod = ludivinecassal_prod.activationScript;
32 system.extraSystemBuilderCmds = ''
33 mkdir -p $out/webapps
34 ln -s ${ludivinecassal_prod.app.webRoot} $out/webapps/${ludivinecassal_prod.apache.webappName}
35 '';
36 services.websites.production.modules = ludivinecassal_prod.apache.modules;
37 services.websites.production.vhostConfs.ludivine = {
38 certName = "ludivinecassal";
39 certMainHost = "ludivinecassal.com";
40 hosts = ["ludivinecassal.com" "www.ludivinecassal.com" ];
41 root = ludivinecassal_prod.apache.root;
42 extraConfig = [ ludivinecassal_prod.apache.vhostConf ];
43 };
44 })
45 (lib.mkIf cfg.integration.enable {
46 secrets.keys = ludivinecassal_dev.keys;
47
48 services.myPhpfpm.preStart.ludivinecassal_dev = ludivinecassal_dev.phpFpm.preStart;
49 services.myPhpfpm.serviceDependencies.ludivinecassal_dev = ludivinecassal_dev.phpFpm.serviceDeps;
50 services.myPhpfpm.poolConfigs.ludivinecassal_dev = ludivinecassal_dev.phpFpm.pool;
51 system.activationScripts.ludivinecassal_dev = ludivinecassal_dev.activationScript;
52 system.extraSystemBuilderCmds = ''
53 mkdir -p $out/webapps
54 ln -s ${ludivinecassal_dev.app.webRoot} $out/webapps/${ludivinecassal_dev.apache.webappName}
55 '';
56 services.websites.integration.modules = ludivinecassal_dev.apache.modules;
57 services.websites.integration.vhostConfs.ludivine = {
58 certName = "eldiron";
59 addToCerts = true;
60 hosts = [ "ludivine.immae.eu" ];
61 root = ludivinecassal_dev.apache.root;
62 extraConfig = [ ludivinecassal_dev.apache.vhostConf ];
63 };
64 })
65 ];
66}
diff --git a/nixops/modules/websites/ludivine/ludivinecassal.nix b/nixops/modules/websites/ludivine/ludivinecassal.nix
deleted file mode 100644
index 39fd088..0000000
--- a/nixops/modules/websites/ludivine/ludivinecassal.nix
+++ /dev/null
@@ -1,157 +0,0 @@
1{ config, ludivinecassal, pkgs, ruby, sass, imagemagick }:
2rec {
3 app = ludivinecassal.override { inherit (config) environment; };
4 varDir = "/var/lib/ludivinecassal_${app.environment}";
5 keys = [{
6 dest = "webapps/${app.environment}-ludivinecassal";
7 user = apache.user;
8 group = apache.group;
9 permissions = "0400";
10 text = ''
11 # This file is auto-generated during the composer install
12 parameters:
13 database_host: ${config.mysql.host}
14 database_port: ${config.mysql.port}
15 database_name: ${config.mysql.name}
16 database_user: ${config.mysql.user}
17 database_password: ${config.mysql.password}
18 database_server_version: ${pkgs.mariadb.mysqlVersion}
19 mailer_transport: smtp
20 mailer_host: 127.0.0.1
21 mailer_user: null
22 mailer_password: null
23 secret: ${config.secret}
24 ldap_host: ldap.immae.eu
25 ldap_port: 636
26 ldap_version: 3
27 ldap_ssl: true
28 ldap_tls: false
29 ldap_user_bind: 'uid={username},ou=users,dc=immae,dc=eu'
30 ldap_base_dn: 'dc=immae,dc=eu'
31 ldap_search_dn: '${config.ldap.dn}'
32 ldap_search_password: '${config.ldap.password}'
33 ldap_search_filter: '${config.ldap.search}'
34 leapt_im:
35 binary_path: ${imagemagick}/bin
36 assetic:
37 sass: ${sass}/bin/sass
38 ruby: ${ruby}/bin/ruby
39 '';
40 }];
41 phpFpm = rec {
42 preStart = ''
43 if [ ! -f "${app.varDir}/currentWebappDir" -o \
44 ! -f "${app.varDir}/currentKey" -o \
45 "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \
46 || ! sha512sum -c --status ${app.varDir}/currentKey; then
47 pushd ${app} > /dev/null
48 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${app.environment} cache:clear --no-warmup
49 popd > /dev/null
50 echo -n "${app}" > ${app.varDir}/currentWebappDir
51 sha512sum /var/secrets/webapps/${app.environment}-ludivinecassal > ${app.varDir}/currentKey
52 fi
53 '';
54 serviceDeps = [ "mysql.service" ];
55 socket = "/var/run/phpfpm/ludivinecassal-${app.environment}.sock";
56 pool = ''
57 listen = ${socket}
58 user = ${apache.user}
59 group = ${apache.group}
60 listen.owner = ${apache.user}
61 listen.group = ${apache.group}
62 php_admin_value[upload_max_filesize] = 20M
63 php_admin_value[post_max_size] = 20M
64 ;php_admin_flag[log_errors] = on
65 php_admin_value[open_basedir] = "/var/secrets/webapps/${app.environment}-ludivinecassal:${app}:${app.varDir}:/tmp"
66 php_admin_value[session.save_path] = "${app.varDir}/phpSessions"
67 ${if app.environment == "dev" then ''
68 pm = ondemand
69 pm.max_children = 5
70 pm.process_idle_timeout = 60
71 env[SYMFONY_DEBUG_MODE] = "yes"
72 '' else ''
73 pm = dynamic
74 pm.max_children = 20
75 pm.start_servers = 2
76 pm.min_spare_servers = 1
77 pm.max_spare_servers = 3
78 ''}'';
79 };
80 apache = rec {
81 user = "wwwrun";
82 group = "wwwrun";
83 modules = [ "proxy_fcgi" ];
84 webappName = "ludivine_${app.environment}";
85 root = "/run/current-system/webapps/${webappName}";
86 vhostConf = ''
87 <FilesMatch "\.php$">
88 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
89 </FilesMatch>
90
91 ${if app.environment == "dev" then ''
92 <Location />
93 Use LDAPConnect
94 Require ldap-group cn=ludivine.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
95 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://ludivinecassal.com\"></html>"
96 </Location>
97
98 <Directory ${root}>
99 Options Indexes FollowSymLinks MultiViews Includes
100 AllowOverride None
101 Require all granted
102
103 DirectoryIndex app_dev.php
104
105 <IfModule mod_negotiation.c>
106 Options -MultiViews
107 </IfModule>
108
109 <IfModule mod_rewrite.c>
110 RewriteEngine On
111
112 RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
113 RewriteRule ^(.*) - [E=BASE:%1]
114
115 # Maintenance script
116 RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f
117 RewriteCond %{SCRIPT_FILENAME} !maintenance.php
118 RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]
119 ErrorDocument 503 /maintenance.php
120
121 # Sets the HTTP_AUTHORIZATION header removed by Apache
122 RewriteCond %{HTTP:Authorization} .
123 RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
124
125 RewriteCond %{ENV:REDIRECT_STATUS} ^$
126 RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
127
128 # If the requested filename exists, simply serve it.
129 # We only want to let Apache serve files and not directories.
130 RewriteCond %{REQUEST_FILENAME} -f
131 RewriteRule ^ - [L]
132
133 # Rewrite all other queries to the front controller.
134 RewriteRule ^ %{ENV:BASE}/app_dev.php [L]
135 </IfModule>
136
137 </Directory>
138 '' else ''
139 Use Stats ludivinecassal.com
140
141 <Directory ${root}>
142 Options Indexes FollowSymLinks MultiViews Includes
143 AllowOverride All
144 Require all granted
145 </Directory>
146 ''}
147 '';
148 };
149 activationScript = {
150 deps = [ "wrappers" ];
151 text = ''
152 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir}
153 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/tmp
154 install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions
155 '';
156 };
157}
diff --git a/nixops/modules/websites/piedsjaloux/default.nix b/nixops/modules/websites/piedsjaloux/default.nix
deleted file mode 100644
index a5ee24f..0000000
--- a/nixops/modules/websites/piedsjaloux/default.nix
+++ /dev/null
@@ -1,66 +0,0 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 piedsjaloux_dev = pkgs.callPackage ./piedsjaloux.nix {
4 inherit (pkgs.webapps) piedsjaloux;
5 config = myconfig.env.websites.piedsjaloux.integration;
6 };
7 piedsjaloux_prod = pkgs.callPackage ./piedsjaloux.nix {
8 inherit (pkgs.webapps) piedsjaloux;
9 config = myconfig.env.websites.piedsjaloux.production;
10 };
11
12 cfg = config.services.myWebsites.PiedsJaloux;
13in {
14 options.services.myWebsites.PiedsJaloux = {
15 production = {
16 enable = lib.mkEnableOption "enable PiedsJaloux's website in production";
17 };
18 integration = {
19 enable = lib.mkEnableOption "enable PiedsJaloux's website in integration";
20 };
21 };
22
23 config = lib.mkMerge [
24 (lib.mkIf cfg.production.enable {
25 secrets.keys = piedsjaloux_prod.keys;
26 services.webstats.sites = [ { name = "piedsjaloux.fr"; } ];
27
28 services.myPhpfpm.preStart.piedsjaloux_prod = piedsjaloux_prod.phpFpm.preStart;
29 services.myPhpfpm.serviceDependencies.piedsjaloux_prod = piedsjaloux_prod.phpFpm.serviceDeps;
30 services.myPhpfpm.poolConfigs.piedsjaloux_prod = piedsjaloux_prod.phpFpm.pool;
31 system.activationScripts.piedsjaloux_prod = piedsjaloux_prod.activationScript;
32 system.extraSystemBuilderCmds = ''
33 mkdir -p $out/webapps
34 ln -s ${piedsjaloux_prod.app.webRoot} $out/webapps/${piedsjaloux_prod.apache.webappName}
35 '';
36 services.websites.production.modules = piedsjaloux_prod.apache.modules;
37 services.websites.production.vhostConfs.piedsjaloux = {
38 certName = "piedsjaloux";
39 certMainHost = "piedsjaloux.fr";
40 hosts = [ "piedsjaloux.fr" "www.piedsjaloux.fr" ];
41 root = piedsjaloux_prod.apache.root;
42 extraConfig = [ piedsjaloux_prod.apache.vhostConf ];
43 };
44 })
45 (lib.mkIf cfg.integration.enable {
46 secrets.keys = piedsjaloux_dev.keys;
47 services.myPhpfpm.preStart.piedsjaloux_dev = piedsjaloux_dev.phpFpm.preStart;
48 services.myPhpfpm.serviceDependencies.piedsjaloux_dev = piedsjaloux_dev.phpFpm.serviceDeps;
49 services.myPhpfpm.poolConfigs.piedsjaloux_dev = piedsjaloux_dev.phpFpm.pool;
50 system.activationScripts.piedsjaloux_dev = piedsjaloux_dev.activationScript;
51 system.extraSystemBuilderCmds = ''
52 mkdir -p $out/webapps
53 ln -s ${piedsjaloux_dev.app.webRoot} $out/webapps/${piedsjaloux_dev.apache.webappName}
54 '';
55 services.websites.integration.modules = piedsjaloux_dev.apache.modules;
56 services.websites.integration.vhostConfs.piedsjaloux = {
57 certName = "eldiron";
58 addToCerts = true;
59 hosts = [ "piedsjaloux.immae.eu" ];
60 root = piedsjaloux_dev.apache.root;
61 extraConfig = [ piedsjaloux_dev.apache.vhostConf ];
62 };
63 })
64 ];
65}
66
diff --git a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix b/nixops/modules/websites/piedsjaloux/piedsjaloux.nix
deleted file mode 100644
index 97f8946..0000000
--- a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix
+++ /dev/null
@@ -1,146 +0,0 @@
1{ piedsjaloux, config, pkgs, lib, texlive, imagemagick }:
2rec {
3 app = piedsjaloux.override { inherit (config) environment; };
4 varDir = "/var/lib/piedsjaloux_${app.environment}";
5 keys = [{
6 dest = "webapps/${app.environment}-piedsjaloux";
7 user = apache.user;
8 group = apache.group;
9 permissions = "0400";
10 text = ''
11 # This file is auto-generated during the composer install
12 parameters:
13 database_host: ${config.mysql.host}
14 database_port: ${config.mysql.port}
15 database_name: ${config.mysql.name}
16 database_user: ${config.mysql.user}
17 database_password: ${config.mysql.password}
18 database_server_version: ${pkgs.mariadb.mysqlVersion}
19 mailer_transport: smtp
20 mailer_host: 127.0.0.1
21 mailer_user: null
22 mailer_password: null
23 secret: ${config.secret}
24 pdflatex: "${texlive.combine { inherit (texlive) attachfile preprint scheme-small; }}/bin/pdflatex"
25 leapt_im:
26 binary_path: ${imagemagick}/bin
27 '';
28 }];
29 phpFpm = rec {
30 preStart = ''
31 if [ ! -f "${app.varDir}/currentWebappDir" -o \
32 ! -f "${app.varDir}/currentKey" -o \
33 "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \
34 || ! sha512sum -c --status ${app.varDir}/currentKey; then
35 pushd ${app} > /dev/null
36 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${app.environment} cache:clear --no-warmup
37 popd > /dev/null
38 echo -n "${app}" > ${app.varDir}/currentWebappDir
39 sha512sum /var/secrets/webapps/${app.environment}-piedsjaloux > ${app.varDir}/currentKey
40 fi
41 '';
42 serviceDeps = [ "mysql.service" ];
43 socket = "/var/run/phpfpm/piedsjaloux-${app.environment}.sock";
44 pool = ''
45 listen = ${socket}
46 user = ${apache.user}
47 group = ${apache.group}
48 listen.owner = ${apache.user}
49 listen.group = ${apache.group}
50 php_admin_value[upload_max_filesize] = 20M
51 php_admin_value[post_max_size] = 20M
52 ;php_admin_flag[log_errors] = on
53 php_admin_value[open_basedir] = "/var/secrets/webapps/${app.environment}-piedsjaloux:${app}:${app.varDir}:/tmp"
54 php_admin_value[session.save_path] = "${app.varDir}/phpSessions"
55 env[PATH] = ${lib.makeBinPath [ pkgs.apg pkgs.unzip ]}
56 ${if app.environment == "dev" then ''
57 pm = ondemand
58 pm.max_children = 5
59 pm.process_idle_timeout = 60
60 env[SYMFONY_DEBUG_MODE] = "yes"
61 '' else ''
62 pm = dynamic
63 pm.max_children = 20
64 pm.start_servers = 2
65 pm.min_spare_servers = 1
66 pm.max_spare_servers = 3
67 ''}'';
68 };
69 apache = rec {
70 user = "wwwrun";
71 group = "wwwrun";
72 modules = [ "proxy_fcgi" ];
73 webappName = "piedsjaloux_${app.environment}";
74 root = "/run/current-system/webapps/${webappName}";
75 vhostConf = ''
76 <FilesMatch "\.php$">
77 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
78 </FilesMatch>
79
80 ${if app.environment == "dev" then ''
81 <Location />
82 Use LDAPConnect
83 Require ldap-group cn=piedsjaloux.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
84 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://piedsjaloux.fr\"></html>"
85 </Location>
86
87 <Directory ${root}>
88 Options Indexes FollowSymLinks MultiViews Includes
89 AllowOverride None
90 Require all granted
91
92 DirectoryIndex app_dev.php
93
94 <IfModule mod_negotiation.c>
95 Options -MultiViews
96 </IfModule>
97
98 <IfModule mod_rewrite.c>
99 RewriteEngine On
100
101 RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
102 RewriteRule ^(.*) - [E=BASE:%1]
103
104 # Maintenance script
105 RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f
106 RewriteCond %{SCRIPT_FILENAME} !maintenance.php
107 RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]
108 ErrorDocument 503 /maintenance.php
109
110 # Sets the HTTP_AUTHORIZATION header removed by Apache
111 RewriteCond %{HTTP:Authorization} .
112 RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
113
114 RewriteCond %{ENV:REDIRECT_STATUS} ^$
115 RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
116
117 # If the requested filename exists, simply serve it.
118 # We only want to let Apache serve files and not directories.
119 RewriteCond %{REQUEST_FILENAME} -f
120 RewriteRule ^ - [L]
121
122 # Rewrite all other queries to the front controller.
123 RewriteRule ^ %{ENV:BASE}/app_dev.php [L]
124 </IfModule>
125
126 </Directory>
127 '' else ''
128 Use Stats piedsjaloux.fr
129
130 <Directory ${root}>
131 Options Indexes FollowSymLinks MultiViews Includes
132 AllowOverride All
133 Require all granted
134 </Directory>
135 ''}
136 '';
137 };
138 activationScript = {
139 deps = [ "wrappers" ];
140 text = ''
141 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} \
142 ${app.varDir}/tmp
143 install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions
144 '';
145 };
146}
diff --git a/nixops/modules/websites/tellesflorian/default.nix b/nixops/modules/websites/tellesflorian/default.nix
deleted file mode 100644
index bbbde07..0000000
--- a/nixops/modules/websites/tellesflorian/default.nix
+++ /dev/null
@@ -1,40 +0,0 @@
1{ lib, pkgs, config, myconfig, ... }:
2let
3 adminer = pkgs.callPackage ../commons/adminer.nix {};
4
5 tellesflorian_dev = pkgs.callPackage ./tellesflorian.nix {
6 inherit (pkgs.webapps) tellesflorian;
7 config = myconfig.env.websites.tellesflorian.integration;
8 };
9
10 cfg = config.services.myWebsites.TellesFlorian;
11in {
12 options.services.myWebsites.TellesFlorian = {
13 integration = {
14 enable = lib.mkEnableOption "enable Florian Telles's website in integration";
15 };
16 };
17
18 config = lib.mkIf cfg.integration.enable {
19 secrets.keys = tellesflorian_dev.keys;
20 services.myPhpfpm.preStart.tellesflorian_dev = tellesflorian_dev.phpFpm.preStart;
21 services.myPhpfpm.serviceDependencies.tellesflorian_dev = tellesflorian_dev.phpFpm.serviceDeps;
22 services.myPhpfpm.poolConfigs.tellesflorian_dev = tellesflorian_dev.phpFpm.pool;
23 system.activationScripts.tellesflorian_dev = tellesflorian_dev.activationScript;
24 system.extraSystemBuilderCmds = ''
25 mkdir -p $out/webapps
26 ln -s ${tellesflorian_dev.app.webRoot} $out/webapps/${tellesflorian_dev.apache.webappName}
27 '';
28 services.websites.integration.modules = adminer.apache.modules ++ tellesflorian_dev.apache.modules;
29 services.websites.integration.vhostConfs.tellesflorian = {
30 certName = "eldiron";
31 addToCerts = true;
32 hosts = ["app.tellesflorian.com" ];
33 root = tellesflorian_dev.apache.root;
34 extraConfig = [
35 tellesflorian_dev.apache.vhostConf
36 adminer.apache.vhostConf
37 ];
38 };
39 };
40}
diff --git a/nixops/modules/websites/tellesflorian/tellesflorian.nix b/nixops/modules/websites/tellesflorian/tellesflorian.nix
deleted file mode 100644
index 5955431..0000000
--- a/nixops/modules/websites/tellesflorian/tellesflorian.nix
+++ /dev/null
@@ -1,154 +0,0 @@
1{ tellesflorian, config }:
2rec {
3 app = tellesflorian.override { inherit (config) environment; };
4 keys = [
5 {
6 dest = "webapps/${app.environment}-tellesflorian-passwords";
7 user = apache.user;
8 group = apache.group;
9 permissions = "0400";
10 text = ''
11 invite:${config.invite_passwords}
12 '';
13 }
14 {
15 dest = "webapps/${app.environment}-tellesflorian";
16 user = apache.user;
17 group = apache.group;
18 permissions = "0400";
19 text = ''
20 # This file is auto-generated during the composer install
21 parameters:
22 database_host: ${config.mysql.host}
23 database_port: ${config.mysql.port}
24 database_name: ${config.mysql.name}
25 database_user: ${config.mysql.user}
26 database_password: ${config.mysql.password}
27 mailer_transport: smtp
28 mailer_host: 127.0.0.1
29 mailer_user: null
30 mailer_password: null
31 secret: ${config.secret}
32 '';
33 }
34 ];
35 phpFpm = rec {
36 preStart = ''
37 if [ ! -f "${app.varDir}/currentWebappDir" -o \
38 ! -f "${app.varDir}/currentKey" -o \
39 "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \
40 || ! sha512sum -c --status ${app.varDir}/currentKey; then
41 pushd ${app} > /dev/null
42 /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${app.environment} cache:clear --no-warmup
43 popd > /dev/null
44 echo -n "${app}" > ${app.varDir}/currentWebappDir
45 sha512sum /var/secrets/webapps/${app.environment}-tellesflorian > ${app.varDir}/currentKey
46 fi
47 '';
48 serviceDeps = [ "mysql.service" ];
49 socket = "/var/run/phpfpm/floriantelles-${app.environment}.sock";
50 pool = ''
51 listen = ${socket}
52 user = ${apache.user}
53 group = ${apache.group}
54 listen.owner = ${apache.user}
55 listen.group = ${apache.group}
56 php_admin_value[upload_max_filesize] = 20M
57 php_admin_value[post_max_size] = 20M
58 ;php_admin_flag[log_errors] = on
59 php_admin_value[open_basedir] = "/var/secrets/webapps/${app.environment}-tellesflorian:${app}:${app.varDir}:/tmp"
60 php_admin_value[session.save_path] = "${app.varDir}/phpSessions"
61 ${if app.environment == "dev" then ''
62 pm = ondemand
63 pm.max_children = 5
64 pm.process_idle_timeout = 60
65 env[SYMFONY_DEBUG_MODE] = "yes"
66 '' else ''
67 pm = dynamic
68 pm.max_children = 20
69 pm.start_servers = 2
70 pm.min_spare_servers = 1
71 pm.max_spare_servers = 3
72 ''}'';
73 };
74 apache = rec {
75 user = "wwwrun";
76 group = "wwwrun";
77 modules = [ "proxy_fcgi" ];
78 webappName = "florian_${app.environment}";
79 root = "/run/current-system/webapps/${webappName}";
80 vhostConf = ''
81 <FilesMatch "\.php$">
82 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
83 </FilesMatch>
84
85 ${if app.environment == "dev" then ''
86 <Location />
87 AuthBasicProvider file ldap
88 Use LDAPConnect
89 Require ldap-group cn=app.tellesflorian.com,cn=httpd,ou=services,dc=immae,dc=eu
90
91 AuthUserFile "/var/secrets/webapps/${app.environment}-tellesflorian-passwords"
92 Require user "invite"
93
94 ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://tellesflorian.com\"></html>"
95 </Location>
96
97 <Directory ${root}>
98 Options Indexes FollowSymLinks MultiViews Includes
99 AllowOverride None
100 Require all granted
101
102 DirectoryIndex app_dev.php
103
104 <IfModule mod_negotiation.c>
105 Options -MultiViews
106 </IfModule>
107
108 <IfModule mod_rewrite.c>
109 RewriteEngine On
110
111 RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
112 RewriteRule ^(.*) - [E=BASE:%1]
113
114 # Maintenance script
115 RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f
116 RewriteCond %{SCRIPT_FILENAME} !maintenance.php
117 RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]
118 ErrorDocument 503 /maintenance.php
119
120 # Sets the HTTP_AUTHORIZATION header removed by Apache
121 RewriteCond %{HTTP:Authorization} .
122 RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
123
124 RewriteCond %{ENV:REDIRECT_STATUS} ^$
125 RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
126
127 # If the requested filename exists, simply serve it.
128 # We only want to let Apache serve files and not directories.
129 RewriteCond %{REQUEST_FILENAME} -f
130 RewriteRule ^ - [L]
131
132 # Rewrite all other queries to the front controller.
133 RewriteRule ^ %{ENV:BASE}/app_dev.php [L]
134 </IfModule>
135
136 </Directory>
137 '' else ''
138 <Directory ${root}>
139 Options Indexes FollowSymLinks MultiViews Includes
140 AllowOverride All
141 Require all granted
142 </Directory>
143 ''}
144 '';
145 };
146 activationScript = {
147 deps = [ "wrappers" ];
148 text = ''
149 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} \
150 ${app.varDir}/var
151 install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions
152 '';
153 };
154}