diff options
Diffstat (limited to 'nixops')
33 files changed, 0 insertions, 2027 deletions
diff --git a/nixops/modules/websites/aten/aten.nix b/nixops/modules/websites/aten/aten.nix deleted file mode 100644 index 04876a1..0000000 --- a/nixops/modules/websites/aten/aten.nix +++ /dev/null | |||
@@ -1,104 +0,0 @@ | |||
1 | { aten, lib, config }: rec { | ||
2 | app = aten.override { inherit (config) environment; }; | ||
3 | phpFpm = rec { | ||
4 | preStart = '' | ||
5 | if [ ! -f "${app.varDir}/currentWebappDir" -o \ | ||
6 | ! -f "${app.varDir}/currentKey" -o \ | ||
7 | "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \ | ||
8 | || ! sha512sum -c --status ${app.varDir}/currentKey; then | ||
9 | pushd ${app} > /dev/null | ||
10 | /run/wrappers/bin/sudo -u wwwrun APP_ENV=${app.environment} ./bin/console --env=${app.environment} cache:clear --no-warmup | ||
11 | popd > /dev/null | ||
12 | echo -n "${app}" > ${app.varDir}/currentWebappDir | ||
13 | sha512sum /var/secrets/webapps/${app.environment}-aten > ${app.varDir}/currentKey | ||
14 | fi | ||
15 | ''; | ||
16 | serviceDeps = [ "postgresql.service" ]; | ||
17 | socket = "/var/run/phpfpm/aten-${app.environment}.sock"; | ||
18 | pool = '' | ||
19 | listen = ${socket} | ||
20 | user = ${apache.user} | ||
21 | group = ${apache.group} | ||
22 | listen.owner = ${apache.user} | ||
23 | listen.group = ${apache.group} | ||
24 | php_admin_value[upload_max_filesize] = 20M | ||
25 | php_admin_value[post_max_size] = 20M | ||
26 | ;php_admin_flag[log_errors] = on | ||
27 | php_admin_value[open_basedir] = "${app}:${app.varDir}:/tmp" | ||
28 | php_admin_value[session.save_path] = "${app.varDir}/phpSessions" | ||
29 | ${if app.environment == "dev" then '' | ||
30 | pm = ondemand | ||
31 | pm.max_children = 5 | ||
32 | pm.process_idle_timeout = 60 | ||
33 | env[SYMFONY_DEBUG_MODE] = "yes" | ||
34 | '' else '' | ||
35 | pm = dynamic | ||
36 | pm.max_children = 20 | ||
37 | pm.start_servers = 2 | ||
38 | pm.min_spare_servers = 1 | ||
39 | pm.max_spare_servers = 3 | ||
40 | ''}''; | ||
41 | }; | ||
42 | keys = [{ | ||
43 | dest = "webapps/${app.environment}-aten"; | ||
44 | user = apache.user; | ||
45 | group = apache.group; | ||
46 | permissions = "0400"; | ||
47 | text = '' | ||
48 | SetEnv APP_ENV "${app.environment}" | ||
49 | SetEnv APP_SECRET "${config.secret}" | ||
50 | SetEnv DATABASE_URL "${config.psql_url}" | ||
51 | ''; | ||
52 | }]; | ||
53 | apache = rec { | ||
54 | user = "wwwrun"; | ||
55 | group = "wwwrun"; | ||
56 | modules = [ "proxy_fcgi" ]; | ||
57 | webappName = "aten_${app.environment}"; | ||
58 | root = "/run/current-system/webapps/${webappName}"; | ||
59 | vhostConf = '' | ||
60 | <FilesMatch "\.php$"> | ||
61 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | ||
62 | </FilesMatch> | ||
63 | |||
64 | Include /var/secrets/webapps/${app.environment}-aten | ||
65 | |||
66 | ${if app.environment == "dev" then '' | ||
67 | <Location /> | ||
68 | Use LDAPConnect | ||
69 | Require ldap-group cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu | ||
70 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>" | ||
71 | </Location> | ||
72 | |||
73 | <Location /backend> | ||
74 | Use LDAPConnect | ||
75 | Require ldap-group cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu | ||
76 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>" | ||
77 | </Location> | ||
78 | '' else '' | ||
79 | Use Stats aten.pro | ||
80 | |||
81 | <Location /backend> | ||
82 | Use LDAPConnect | ||
83 | Require ldap-group cn=aten.pro,cn=httpd,ou=services,dc=immae,dc=eu | ||
84 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>" | ||
85 | </Location> | ||
86 | ''} | ||
87 | |||
88 | <Directory ${root}> | ||
89 | Options Indexes FollowSymLinks MultiViews Includes | ||
90 | AllowOverride All | ||
91 | Require all granted | ||
92 | DirectoryIndex index.php | ||
93 | FallbackResource /index.php | ||
94 | </Directory> | ||
95 | ''; | ||
96 | }; | ||
97 | activationScript = { | ||
98 | deps = [ "wrappers" ]; | ||
99 | text = '' | ||
100 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} | ||
101 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions | ||
102 | ''; | ||
103 | }; | ||
104 | } | ||
diff --git a/nixops/modules/websites/aten/default.nix b/nixops/modules/websites/aten/default.nix deleted file mode 100644 index a9e75b6..0000000 --- a/nixops/modules/websites/aten/default.nix +++ /dev/null | |||
@@ -1,66 +0,0 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | ||
2 | let | ||
3 | aten_dev = pkgs.callPackage ./aten.nix { | ||
4 | inherit (pkgs.webapps) aten; | ||
5 | config = myconfig.env.websites.aten.integration; | ||
6 | }; | ||
7 | aten_prod = pkgs.callPackage ./aten.nix { | ||
8 | inherit (pkgs.webapps) aten; | ||
9 | config = myconfig.env.websites.aten.production; | ||
10 | }; | ||
11 | |||
12 | cfg = config.services.myWebsites.Aten; | ||
13 | in { | ||
14 | options.services.myWebsites.Aten = { | ||
15 | production = { | ||
16 | enable = lib.mkEnableOption "enable Aten's website in production"; | ||
17 | }; | ||
18 | integration = { | ||
19 | enable = lib.mkEnableOption "enable Aten's website in integration"; | ||
20 | }; | ||
21 | }; | ||
22 | |||
23 | config = lib.mkMerge [ | ||
24 | (lib.mkIf cfg.production.enable { | ||
25 | secrets.keys = aten_prod.keys; | ||
26 | services.webstats.sites = [ { name = "aten.pro"; } ]; | ||
27 | |||
28 | services.myPhpfpm.preStart.aten_prod = aten_prod.phpFpm.preStart; | ||
29 | services.myPhpfpm.serviceDependencies.aten_prod = aten_prod.phpFpm.serviceDeps; | ||
30 | services.myPhpfpm.poolConfigs.aten_prod = aten_prod.phpFpm.pool; | ||
31 | system.activationScripts.aten_prod = aten_prod.activationScript; | ||
32 | system.extraSystemBuilderCmds = '' | ||
33 | mkdir -p $out/webapps | ||
34 | ln -s ${aten_prod.app.webRoot} $out/webapps/${aten_prod.apache.webappName} | ||
35 | ''; | ||
36 | services.websites.production.modules = aten_prod.apache.modules; | ||
37 | services.websites.production.vhostConfs.aten = { | ||
38 | certName = "aten"; | ||
39 | certMainHost = "aten.pro"; | ||
40 | hosts = [ "aten.pro" "www.aten.pro" ]; | ||
41 | root = aten_prod.apache.root; | ||
42 | extraConfig = [ aten_prod.apache.vhostConf ]; | ||
43 | }; | ||
44 | }) | ||
45 | (lib.mkIf cfg.integration.enable { | ||
46 | secrets.keys = aten_dev.keys; | ||
47 | services.myPhpfpm.preStart.aten_dev = aten_dev.phpFpm.preStart; | ||
48 | services.myPhpfpm.serviceDependencies.aten_dev = aten_dev.phpFpm.serviceDeps; | ||
49 | services.myPhpfpm.poolConfigs.aten_dev = aten_dev.phpFpm.pool; | ||
50 | system.activationScripts.aten_dev = aten_dev.activationScript; | ||
51 | system.extraSystemBuilderCmds = '' | ||
52 | mkdir -p $out/webapps | ||
53 | ln -s ${aten_dev.app.webRoot} $out/webapps/${aten_dev.apache.webappName} | ||
54 | ''; | ||
55 | services.websites.integration.modules = aten_dev.apache.modules; | ||
56 | services.websites.integration.vhostConfs.aten = { | ||
57 | certName = "eldiron"; | ||
58 | addToCerts = true; | ||
59 | hosts = [ "dev.aten.pro" ]; | ||
60 | root = aten_dev.apache.root; | ||
61 | extraConfig = [ aten_dev.apache.vhostConf ]; | ||
62 | }; | ||
63 | }) | ||
64 | ]; | ||
65 | } | ||
66 | |||
diff --git a/nixops/modules/websites/capitaines/default.nix b/nixops/modules/websites/capitaines/default.nix deleted file mode 100644 index 4bbf488..0000000 --- a/nixops/modules/websites/capitaines/default.nix +++ /dev/null | |||
@@ -1,51 +0,0 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | ||
2 | let | ||
3 | cfg = config.services.myWebsites.Capitaines; | ||
4 | env = myconfig.env.websites.capitaines; | ||
5 | webappName = "capitaines_mastodon"; | ||
6 | root = "/run/current-system/webapps/${webappName}"; | ||
7 | siteDir = ./mastodon_static; | ||
8 | in { | ||
9 | options.services.myWebsites.Capitaines = { | ||
10 | production = { | ||
11 | enable = lib.mkEnableOption "enable Capitaines's website"; | ||
12 | }; | ||
13 | }; | ||
14 | |||
15 | config = lib.mkIf cfg.production.enable { | ||
16 | system.extraSystemBuilderCmds = '' | ||
17 | mkdir -p $out/webapps | ||
18 | ln -s ${siteDir} $out/webapps/${webappName} | ||
19 | ''; | ||
20 | |||
21 | services.websites.production.vhostConfs.capitaines_mastodon = { | ||
22 | certName = "capitaines"; | ||
23 | certMainHost = "mastodon.capitaines.fr"; | ||
24 | hosts = [ "mastodon.capitaines.fr" ]; | ||
25 | root = root; | ||
26 | extraConfig = [ | ||
27 | '' | ||
28 | ErrorDocument 404 /index.html | ||
29 | <Directory ${root}> | ||
30 | DirectoryIndex index.html | ||
31 | Options Indexes FollowSymLinks MultiViews Includes | ||
32 | Require all granted | ||
33 | </Directory> | ||
34 | '' | ||
35 | ]; | ||
36 | }; | ||
37 | |||
38 | services.websites.production.vhostConfs.capitaines = { | ||
39 | certName = "capitaines"; | ||
40 | addToCerts = true; | ||
41 | hosts = [ "capitaines.fr" ]; | ||
42 | root = "/run/current-system/webapps/_www"; | ||
43 | extraConfig = [ '' | ||
44 | <Directory /run/current-system/webapps/_www> | ||
45 | DirectoryIndex index.htm | ||
46 | Require all granted | ||
47 | </Directory> | ||
48 | '' ]; | ||
49 | }; | ||
50 | }; | ||
51 | } | ||
diff --git a/nixops/modules/websites/capitaines/mastodon_static/index.html b/nixops/modules/websites/capitaines/mastodon_static/index.html deleted file mode 100644 index fae4152..0000000 --- a/nixops/modules/websites/capitaines/mastodon_static/index.html +++ /dev/null | |||
@@ -1,29 +0,0 @@ | |||
1 | <!DOCTYPE html> | ||
2 | <html lang='en'> | ||
3 | <head> | ||
4 | <meta content='text/html; charset=UTF-8' http-equiv='Content-Type'> | ||
5 | <title>This instance is now closed - Mastodon</title> | ||
6 | <style> | ||
7 | body { | ||
8 | text-align: center; | ||
9 | background: #282c37; | ||
10 | font-family: sans-serif; | ||
11 | } | ||
12 | img { | ||
13 | max-width: 470px; | ||
14 | width: 100%; | ||
15 | } | ||
16 | h1 { | ||
17 | font-size: 20px; | ||
18 | font-weight: 400; | ||
19 | color: #9baec8; | ||
20 | } | ||
21 | </style> | ||
22 | </head> | ||
23 | <body> | ||
24 | <div> | ||
25 | <img alt='Mastodon' src='/oops.png'> | ||
26 | <h1>Sorry, this instance is closed now.</h1> | ||
27 | </div> | ||
28 | </body> | ||
29 | </html> | ||
diff --git a/nixops/modules/websites/capitaines/mastodon_static/oops.png b/nixops/modules/websites/capitaines/mastodon_static/oops.png deleted file mode 100644 index 0abddad..0000000 --- a/nixops/modules/websites/capitaines/mastodon_static/oops.png +++ /dev/null | |||
Binary files differ | |||
diff --git a/nixops/modules/websites/chloe/chloe.nix b/nixops/modules/websites/chloe/chloe.nix deleted file mode 100644 index 2847b9d..0000000 --- a/nixops/modules/websites/chloe/chloe.nix +++ /dev/null | |||
@@ -1,105 +0,0 @@ | |||
1 | { chloe, config }: | ||
2 | rec { | ||
3 | app = chloe.override { inherit (config) environment; }; | ||
4 | phpFpm = rec { | ||
5 | serviceDeps = [ "mysql.service" ]; | ||
6 | socket = "/var/run/phpfpm/chloe-${app.environment}.sock"; | ||
7 | pool = '' | ||
8 | listen = ${socket} | ||
9 | user = ${apache.user} | ||
10 | group = ${apache.group} | ||
11 | listen.owner = ${apache.user} | ||
12 | listen.group = ${apache.group} | ||
13 | php_admin_value[upload_max_filesize] = 20M | ||
14 | php_admin_value[post_max_size] = 20M | ||
15 | ;php_admin_flag[log_errors] = on | ||
16 | php_admin_value[open_basedir] = "${app.spipConfig}:${configDir}:${app}:${app.varDir}:/tmp" | ||
17 | php_admin_value[session.save_path] = "${app.varDir}/phpSessions" | ||
18 | ${if app.environment == "dev" then '' | ||
19 | pm = ondemand | ||
20 | pm.max_children = 5 | ||
21 | pm.process_idle_timeout = 60 | ||
22 | '' else '' | ||
23 | pm = dynamic | ||
24 | pm.max_children = 20 | ||
25 | pm.start_servers = 2 | ||
26 | pm.min_spare_servers = 1 | ||
27 | pm.max_spare_servers = 3 | ||
28 | ''}''; | ||
29 | }; | ||
30 | keys = [{ | ||
31 | dest = "webapps/${app.environment}-chloe"; | ||
32 | user = apache.user; | ||
33 | group = apache.group; | ||
34 | permissions = "0400"; | ||
35 | text = '' | ||
36 | SetEnv SPIP_CONFIG_DIR "${configDir}" | ||
37 | SetEnv SPIP_VAR_DIR "${app.varDir}" | ||
38 | SetEnv SPIP_SITE "chloe-${app.environment}" | ||
39 | SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu" | ||
40 | SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu" | ||
41 | SetEnv SPIP_LDAP_SEARCH_DN "${config.ldap.dn}" | ||
42 | SetEnv SPIP_LDAP_SEARCH_PW "${config.ldap.password}" | ||
43 | SetEnv SPIP_LDAP_SEARCH "${config.ldap.search}" | ||
44 | SetEnv SPIP_MYSQL_HOST "${config.mysql.host}" | ||
45 | SetEnv SPIP_MYSQL_PORT "${config.mysql.port}" | ||
46 | SetEnv SPIP_MYSQL_DB "${config.mysql.name}" | ||
47 | SetEnv SPIP_MYSQL_USER "${config.mysql.user}" | ||
48 | SetEnv SPIP_MYSQL_PASSWORD "${config.mysql.password}" | ||
49 | ''; | ||
50 | }]; | ||
51 | apache = rec { | ||
52 | user = "wwwrun"; | ||
53 | group = "wwwrun"; | ||
54 | modules = [ "proxy_fcgi" ]; | ||
55 | webappName = "chloe_${app.environment}"; | ||
56 | root = "/run/current-system/webapps/${webappName}"; | ||
57 | vhostConf = '' | ||
58 | Include /var/secrets/webapps/${app.environment}-chloe | ||
59 | |||
60 | RewriteEngine On | ||
61 | ${if app.environment == "prod" then '' | ||
62 | RewriteRule ^/news.rss /spip.php?page=backend&id_rubrique=1 | ||
63 | '' else ""} | ||
64 | |||
65 | <FilesMatch "\.php$"> | ||
66 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | ||
67 | </FilesMatch> | ||
68 | |||
69 | <Directory ${root}> | ||
70 | DirectoryIndex index.php index.htm index.html | ||
71 | Options -Indexes +FollowSymLinks +MultiViews +Includes | ||
72 | Include ${root}/htaccess.txt | ||
73 | |||
74 | AllowOverride AuthConfig FileInfo Limit | ||
75 | Require all granted | ||
76 | </Directory> | ||
77 | |||
78 | <DirectoryMatch "${root}/squelettes"> | ||
79 | Require all denied | ||
80 | </DirectoryMatch> | ||
81 | |||
82 | <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$"> | ||
83 | Require all denied | ||
84 | </FilesMatch> | ||
85 | |||
86 | ${if app.environment == "dev" then '' | ||
87 | <Location /> | ||
88 | Use LDAPConnect | ||
89 | Require ldap-group cn=chloe.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu | ||
90 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://osteopathe-cc.fr\"></html>" | ||
91 | </Location> | ||
92 | '' else '' | ||
93 | Use Stats osteopathe-cc.fr | ||
94 | ''} | ||
95 | ''; | ||
96 | }; | ||
97 | activationScript = { | ||
98 | deps = [ "wrappers" ]; | ||
99 | text = '' | ||
100 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local | ||
101 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions | ||
102 | ''; | ||
103 | }; | ||
104 | configDir = ./chloe_config_ + app.environment; | ||
105 | } | ||
diff --git a/nixops/modules/websites/chloe/chloe_config_dev/chmod.php b/nixops/modules/websites/chloe/chloe_config_dev/chmod.php deleted file mode 100644 index aae16cd..0000000 --- a/nixops/modules/websites/chloe/chloe_config_dev/chmod.php +++ /dev/null | |||
@@ -1,4 +0,0 @@ | |||
1 | <?php | ||
2 | if (!defined("_ECRIRE_INC_VERSION")) return; | ||
3 | if (!defined('_SPIP_CHMOD')) define('_SPIP_CHMOD', 0777); | ||
4 | ?> \ No newline at end of file | ||
diff --git a/nixops/modules/websites/chloe/chloe_config_dev/connect.php b/nixops/modules/websites/chloe/chloe_config_dev/connect.php deleted file mode 100644 index 18b0933..0000000 --- a/nixops/modules/websites/chloe/chloe_config_dev/connect.php +++ /dev/null | |||
@@ -1,15 +0,0 @@ | |||
1 | <?php | ||
2 | if (!defined("_ECRIRE_INC_VERSION")) return; | ||
3 | define('_MYSQL_SET_SQL_MODE',true); | ||
4 | $GLOBALS['spip_connect_version'] = 0.7; | ||
5 | spip_connect_db( | ||
6 | getenv("SPIP_MYSQL_HOST"), | ||
7 | getenv("SPIP_MYSQL_PORT"), | ||
8 | getenv("SPIP_MYSQL_USER"), | ||
9 | getenv("SPIP_MYSQL_PASSWORD"), | ||
10 | getenv("SPIP_MYSQL_DB"), | ||
11 | 'mysql', | ||
12 | 'spip', | ||
13 | 'ldap.php' | ||
14 | ); | ||
15 | ?> | ||
diff --git a/nixops/modules/websites/chloe/chloe_config_dev/ldap.php b/nixops/modules/websites/chloe/chloe_config_dev/ldap.php deleted file mode 100644 index 825b7ed..0000000 --- a/nixops/modules/websites/chloe/chloe_config_dev/ldap.php +++ /dev/null | |||
@@ -1,9 +0,0 @@ | |||
1 | <?php | ||
2 | if (!defined("_ECRIRE_INC_VERSION")) return; | ||
3 | $GLOBALS['ldap_base'] = getenv("SPIP_LDAP_BASE"); | ||
4 | $GLOBALS['ldap_link'] = @ldap_connect(getenv("SPIP_LDAP_HOST")); | ||
5 | @ldap_set_option($GLOBALS['ldap_link'],LDAP_OPT_PROTOCOL_VERSION,'3'); | ||
6 | @ldap_bind($GLOBALS['ldap_link'],getenv("SPIP_LDAP_SEARCH_DN"), getenv("SPIP_LDAP_SEARCH_PW")); | ||
7 | $GLOBALS['ldap_champs'] = array('login' => array('sAMAccountName','uid','login','userid','cn','sn'),'nom' => 'cn','email' => 'mail','bio' => 'description',); | ||
8 | $GLOBALS['ldap_search'] = getenv("SPIP_LDAP_SEARCH"); | ||
9 | ?> | ||
diff --git a/nixops/modules/websites/chloe/chloe_config_prod/chmod.php b/nixops/modules/websites/chloe/chloe_config_prod/chmod.php deleted file mode 100644 index aae16cd..0000000 --- a/nixops/modules/websites/chloe/chloe_config_prod/chmod.php +++ /dev/null | |||
@@ -1,4 +0,0 @@ | |||
1 | <?php | ||
2 | if (!defined("_ECRIRE_INC_VERSION")) return; | ||
3 | if (!defined('_SPIP_CHMOD')) define('_SPIP_CHMOD', 0777); | ||
4 | ?> \ No newline at end of file | ||
diff --git a/nixops/modules/websites/chloe/chloe_config_prod/connect.php b/nixops/modules/websites/chloe/chloe_config_prod/connect.php deleted file mode 100644 index 18b0933..0000000 --- a/nixops/modules/websites/chloe/chloe_config_prod/connect.php +++ /dev/null | |||
@@ -1,15 +0,0 @@ | |||
1 | <?php | ||
2 | if (!defined("_ECRIRE_INC_VERSION")) return; | ||
3 | define('_MYSQL_SET_SQL_MODE',true); | ||
4 | $GLOBALS['spip_connect_version'] = 0.7; | ||
5 | spip_connect_db( | ||
6 | getenv("SPIP_MYSQL_HOST"), | ||
7 | getenv("SPIP_MYSQL_PORT"), | ||
8 | getenv("SPIP_MYSQL_USER"), | ||
9 | getenv("SPIP_MYSQL_PASSWORD"), | ||
10 | getenv("SPIP_MYSQL_DB"), | ||
11 | 'mysql', | ||
12 | 'spip', | ||
13 | 'ldap.php' | ||
14 | ); | ||
15 | ?> | ||
diff --git a/nixops/modules/websites/chloe/chloe_config_prod/ldap.php b/nixops/modules/websites/chloe/chloe_config_prod/ldap.php deleted file mode 100644 index 825b7ed..0000000 --- a/nixops/modules/websites/chloe/chloe_config_prod/ldap.php +++ /dev/null | |||
@@ -1,9 +0,0 @@ | |||
1 | <?php | ||
2 | if (!defined("_ECRIRE_INC_VERSION")) return; | ||
3 | $GLOBALS['ldap_base'] = getenv("SPIP_LDAP_BASE"); | ||
4 | $GLOBALS['ldap_link'] = @ldap_connect(getenv("SPIP_LDAP_HOST")); | ||
5 | @ldap_set_option($GLOBALS['ldap_link'],LDAP_OPT_PROTOCOL_VERSION,'3'); | ||
6 | @ldap_bind($GLOBALS['ldap_link'],getenv("SPIP_LDAP_SEARCH_DN"), getenv("SPIP_LDAP_SEARCH_PW")); | ||
7 | $GLOBALS['ldap_champs'] = array('login' => array('sAMAccountName','uid','login','userid','cn','sn'),'nom' => 'cn','email' => 'mail','bio' => 'description',); | ||
8 | $GLOBALS['ldap_search'] = getenv("SPIP_LDAP_SEARCH"); | ||
9 | ?> | ||
diff --git a/nixops/modules/websites/chloe/default.nix b/nixops/modules/websites/chloe/default.nix deleted file mode 100644 index 8e801b5..0000000 --- a/nixops/modules/websites/chloe/default.nix +++ /dev/null | |||
@@ -1,69 +0,0 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | ||
2 | let | ||
3 | chloe_dev = pkgs.callPackage ./chloe.nix { | ||
4 | inherit (pkgs.webapps) chloe; | ||
5 | config = myconfig.env.websites.chloe.integration; | ||
6 | }; | ||
7 | chloe_prod = pkgs.callPackage ./chloe.nix { | ||
8 | inherit (pkgs.webapps) chloe; | ||
9 | config = myconfig.env.websites.chloe.production; | ||
10 | }; | ||
11 | |||
12 | cfg = config.services.myWebsites.Chloe; | ||
13 | in { | ||
14 | options.services.myWebsites.Chloe = { | ||
15 | production = { | ||
16 | enable = lib.mkEnableOption "enable Chloe's website in production"; | ||
17 | }; | ||
18 | integration = { | ||
19 | enable = lib.mkEnableOption "enable Chloe's website in integration"; | ||
20 | }; | ||
21 | }; | ||
22 | |||
23 | config = lib.mkMerge [ | ||
24 | (lib.mkIf cfg.production.enable { | ||
25 | secrets.keys = chloe_prod.keys; | ||
26 | services.webstats.sites = [ { name = "osteopathe-cc.fr"; } ]; | ||
27 | |||
28 | services.myPhpfpm.serviceDependencies.chloe_prod = chloe_prod.phpFpm.serviceDeps; | ||
29 | services.myPhpfpm.poolConfigs.chloe_prod = chloe_prod.phpFpm.pool; | ||
30 | services.myPhpfpm.poolPhpConfigs.chloe_prod = '' | ||
31 | extension=${pkgs.php}/lib/php/extensions/mysqli.so | ||
32 | ''; | ||
33 | system.activationScripts.chloe_prod = chloe_prod.activationScript; | ||
34 | system.extraSystemBuilderCmds = '' | ||
35 | mkdir -p $out/webapps | ||
36 | ln -s ${chloe_prod.app.webRoot} $out/webapps/${chloe_prod.apache.webappName} | ||
37 | ''; | ||
38 | services.websites.production.modules = chloe_prod.apache.modules; | ||
39 | services.websites.production.vhostConfs.chloe = { | ||
40 | certName = "chloe"; | ||
41 | certMainHost = "osteopathe-cc.fr"; | ||
42 | hosts = ["osteopathe-cc.fr" "www.osteopathe-cc.fr" ]; | ||
43 | root = chloe_prod.apache.root; | ||
44 | extraConfig = [ chloe_prod.apache.vhostConf ]; | ||
45 | }; | ||
46 | }) | ||
47 | (lib.mkIf cfg.integration.enable { | ||
48 | secrets.keys = chloe_dev.keys; | ||
49 | services.myPhpfpm.serviceDependencies.chloe_dev = chloe_dev.phpFpm.serviceDeps; | ||
50 | services.myPhpfpm.poolConfigs.chloe_dev = chloe_dev.phpFpm.pool; | ||
51 | services.myPhpfpm.poolPhpConfigs.chloe_dev = '' | ||
52 | extension=${pkgs.php}/lib/php/extensions/mysqli.so | ||
53 | ''; | ||
54 | system.activationScripts.chloe_dev = chloe_dev.activationScript; | ||
55 | system.extraSystemBuilderCmds = '' | ||
56 | mkdir -p $out/webapps | ||
57 | ln -s ${chloe_dev.app.webRoot} $out/webapps/${chloe_dev.apache.webappName} | ||
58 | ''; | ||
59 | services.websites.integration.modules = chloe_dev.apache.modules; | ||
60 | services.websites.integration.vhostConfs.chloe = { | ||
61 | certName = "eldiron"; | ||
62 | addToCerts = true; | ||
63 | hosts = ["chloe.immae.eu" ]; | ||
64 | root = chloe_dev.apache.root; | ||
65 | extraConfig = [ chloe_dev.apache.vhostConf ]; | ||
66 | }; | ||
67 | }) | ||
68 | ]; | ||
69 | } | ||
diff --git a/nixops/modules/websites/connexionswing/connexionswing.nix b/nixops/modules/websites/connexionswing/connexionswing.nix deleted file mode 100644 index 77b839c..0000000 --- a/nixops/modules/websites/connexionswing/connexionswing.nix +++ /dev/null | |||
@@ -1,166 +0,0 @@ | |||
1 | { connexionswing, pkgs, phpPackages, config }: | ||
2 | rec { | ||
3 | app = connexionswing.override { inherit (config) environment; }; | ||
4 | keys = [{ | ||
5 | dest = "webapps/${app.environment}-connexionswing"; | ||
6 | user = apache.user; | ||
7 | group = apache.group; | ||
8 | permissions = "0400"; | ||
9 | text = '' | ||
10 | # This file is auto-generated during the composer install | ||
11 | parameters: | ||
12 | database_host: ${config.mysql.host} | ||
13 | database_port: ${config.mysql.port} | ||
14 | database_name: ${config.mysql.name} | ||
15 | database_user: ${config.mysql.user} | ||
16 | database_password: ${config.mysql.password} | ||
17 | database_server_version: ${pkgs.mariadb.mysqlVersion} | ||
18 | mailer_transport: sendmail | ||
19 | mailer_host: null | ||
20 | mailer_user: null | ||
21 | mailer_password: null | ||
22 | subscription_email: ${config.email} | ||
23 | allow_robots: true | ||
24 | secret: ${config.secret} | ||
25 | ${if app.environment == "prod" then '' | ||
26 | services: | ||
27 | swiftmailer.mailer.default.transport: | ||
28 | class: Swift_SendmailTransport | ||
29 | arguments: ['/run/wrappers/bin/sendmail -bs'] | ||
30 | '' else ""} | ||
31 | ''; | ||
32 | }]; | ||
33 | phpFpm = rec { | ||
34 | preStart = '' | ||
35 | if [ ! -f "${app.varDir}/currentWebappDir" -o \ | ||
36 | ! -f "${app.varDir}/currentKey" -o \ | ||
37 | "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \ | ||
38 | || ! sha512sum -c --status ${app.varDir}/currentKey; then | ||
39 | pushd ${app} > /dev/null | ||
40 | /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${app.environment} cache:clear --no-warmup | ||
41 | popd > /dev/null | ||
42 | echo -n "${app}" > ${app.varDir}/currentWebappDir | ||
43 | sha512sum /var/secrets/webapps/${app.environment}-connexionswing > ${app.varDir}/currentKey | ||
44 | fi | ||
45 | ''; | ||
46 | serviceDeps = [ "mysql.service" ]; | ||
47 | socket = "/var/run/phpfpm/connexionswing-${app.environment}.sock"; | ||
48 | phpConfig = '' | ||
49 | extension=${phpPackages.imagick}/lib/php/extensions/imagick.so | ||
50 | ''; | ||
51 | pool = '' | ||
52 | listen = ${socket} | ||
53 | user = ${apache.user} | ||
54 | group = ${apache.group} | ||
55 | listen.owner = ${apache.user} | ||
56 | listen.group = ${apache.group} | ||
57 | php_admin_value[upload_max_filesize] = 20M | ||
58 | php_admin_value[post_max_size] = 20M | ||
59 | ;php_admin_flag[log_errors] = on | ||
60 | php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/secrets/webapps/${app.environment}-connexionswing:${app}:${app.varDir}:/tmp" | ||
61 | php_admin_value[session.save_path] = "${app.varDir}/phpSessions" | ||
62 | ${if app.environment == "dev" then '' | ||
63 | pm = ondemand | ||
64 | pm.max_children = 5 | ||
65 | pm.process_idle_timeout = 60 | ||
66 | env[SYMFONY_DEBUG_MODE] = "yes" | ||
67 | '' else '' | ||
68 | pm = dynamic | ||
69 | pm.max_children = 20 | ||
70 | pm.start_servers = 2 | ||
71 | pm.min_spare_servers = 1 | ||
72 | pm.max_spare_servers = 3 | ||
73 | ''}''; | ||
74 | }; | ||
75 | apache = rec { | ||
76 | user = "wwwrun"; | ||
77 | group = "wwwrun"; | ||
78 | modules = [ "proxy_fcgi" ]; | ||
79 | webappName = "connexionswing_${app.environment}"; | ||
80 | root = "/run/current-system/webapps/${webappName}"; | ||
81 | vhostConf = '' | ||
82 | <FilesMatch "\.php$"> | ||
83 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | ||
84 | </FilesMatch> | ||
85 | |||
86 | <Directory ${app.varDir}/medias> | ||
87 | Options FollowSymLinks | ||
88 | AllowOverride None | ||
89 | Require all granted | ||
90 | </Directory> | ||
91 | |||
92 | <Directory ${app.varDir}/uploads> | ||
93 | Options FollowSymLinks | ||
94 | AllowOverride None | ||
95 | Require all granted | ||
96 | </Directory> | ||
97 | |||
98 | ${if app.environment == "dev" then '' | ||
99 | <Location /> | ||
100 | Use LDAPConnect | ||
101 | Require ldap-group cn=connexionswing.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu | ||
102 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://connexionswing.com\"></html>" | ||
103 | </Location> | ||
104 | |||
105 | <Directory ${root}> | ||
106 | Options Indexes FollowSymLinks MultiViews Includes | ||
107 | AllowOverride None | ||
108 | Require all granted | ||
109 | |||
110 | DirectoryIndex app_dev.php | ||
111 | |||
112 | <IfModule mod_negotiation.c> | ||
113 | Options -MultiViews | ||
114 | </IfModule> | ||
115 | |||
116 | <IfModule mod_rewrite.c> | ||
117 | RewriteEngine On | ||
118 | |||
119 | RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$ | ||
120 | RewriteRule ^(.*) - [E=BASE:%1] | ||
121 | |||
122 | # Maintenance script | ||
123 | RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f | ||
124 | RewriteCond %{SCRIPT_FILENAME} !maintenance.php | ||
125 | RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L] | ||
126 | ErrorDocument 503 /maintenance.php | ||
127 | |||
128 | # Sets the HTTP_AUTHORIZATION header removed by Apache | ||
129 | RewriteCond %{HTTP:Authorization} . | ||
130 | RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] | ||
131 | |||
132 | RewriteCond %{ENV:REDIRECT_STATUS} ^$ | ||
133 | RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L] | ||
134 | |||
135 | # If the requested filename exists, simply serve it. | ||
136 | # We only want to let Apache serve files and not directories. | ||
137 | RewriteCond %{REQUEST_FILENAME} -f | ||
138 | RewriteRule ^ - [L] | ||
139 | |||
140 | # Rewrite all other queries to the front controller. | ||
141 | RewriteRule ^ %{ENV:BASE}/app_dev.php [L] | ||
142 | </IfModule> | ||
143 | |||
144 | </Directory> | ||
145 | '' else '' | ||
146 | Use Stats connexionswing.com | ||
147 | |||
148 | <Directory ${root}> | ||
149 | Options Indexes FollowSymLinks MultiViews Includes | ||
150 | AllowOverride All | ||
151 | Require all granted | ||
152 | </Directory> | ||
153 | ''} | ||
154 | ''; | ||
155 | }; | ||
156 | activationScript = { | ||
157 | deps = [ "wrappers" ]; | ||
158 | text = '' | ||
159 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} \ | ||
160 | ${app.varDir}/medias \ | ||
161 | ${app.varDir}/uploads \ | ||
162 | ${app.varDir}/var | ||
163 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions | ||
164 | ''; | ||
165 | }; | ||
166 | } | ||
diff --git a/nixops/modules/websites/connexionswing/default.nix b/nixops/modules/websites/connexionswing/default.nix deleted file mode 100644 index 20c5166..0000000 --- a/nixops/modules/websites/connexionswing/default.nix +++ /dev/null | |||
@@ -1,68 +0,0 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | ||
2 | let | ||
3 | connexionswing_dev = pkgs.callPackage ./connexionswing.nix { | ||
4 | inherit (pkgs.webapps) connexionswing; | ||
5 | config = myconfig.env.websites.connexionswing.integration; | ||
6 | }; | ||
7 | connexionswing_prod = pkgs.callPackage ./connexionswing.nix { | ||
8 | inherit (pkgs.webapps) connexionswing; | ||
9 | config = myconfig.env.websites.connexionswing.production; | ||
10 | }; | ||
11 | |||
12 | cfg = config.services.myWebsites.Connexionswing; | ||
13 | in { | ||
14 | options.services.myWebsites.Connexionswing = { | ||
15 | production = { | ||
16 | enable = lib.mkEnableOption "enable Connexionswing's website in production"; | ||
17 | }; | ||
18 | integration = { | ||
19 | enable = lib.mkEnableOption "enable Connexionswing's website in integration"; | ||
20 | }; | ||
21 | }; | ||
22 | |||
23 | config = lib.mkMerge [ | ||
24 | (lib.mkIf cfg.production.enable { | ||
25 | secrets.keys = connexionswing_prod.keys; | ||
26 | services.webstats.sites = [ { name = "connexionswing.com"; } ]; | ||
27 | |||
28 | services.myPhpfpm.preStart.connexionswing_prod = connexionswing_prod.phpFpm.preStart; | ||
29 | services.myPhpfpm.serviceDependencies.connexionswing_prod = connexionswing_prod.phpFpm.serviceDeps; | ||
30 | services.myPhpfpm.poolConfigs.connexionswing_prod = connexionswing_prod.phpFpm.pool; | ||
31 | services.myPhpfpm.poolPhpConfigs.connexionswing_prod = connexionswing_prod.phpFpm.phpConfig; | ||
32 | system.activationScripts.connexionswing_prod = connexionswing_prod.activationScript; | ||
33 | system.extraSystemBuilderCmds = '' | ||
34 | mkdir -p $out/webapps | ||
35 | ln -s ${connexionswing_prod.app.webRoot} $out/webapps/${connexionswing_prod.apache.webappName} | ||
36 | ''; | ||
37 | services.websites.production.modules = connexionswing_prod.apache.modules; | ||
38 | services.websites.production.vhostConfs.connexionswing = { | ||
39 | certName = "connexionswing"; | ||
40 | certMainHost = "connexionswing.com"; | ||
41 | hosts = ["connexionswing.com" "sandetludo.com" "www.connexionswing.com" "www.sandetludo.com" ]; | ||
42 | root = connexionswing_prod.apache.root; | ||
43 | extraConfig = [ connexionswing_prod.apache.vhostConf ]; | ||
44 | }; | ||
45 | }) | ||
46 | (lib.mkIf cfg.integration.enable { | ||
47 | secrets.keys = connexionswing_dev.keys; | ||
48 | services.myPhpfpm.preStart.connexionswing_dev = connexionswing_dev.phpFpm.preStart; | ||
49 | services.myPhpfpm.serviceDependencies.connexionswing_dev = connexionswing_dev.phpFpm.serviceDeps; | ||
50 | services.myPhpfpm.poolConfigs.connexionswing_dev = connexionswing_dev.phpFpm.pool; | ||
51 | services.myPhpfpm.poolPhpConfigs.connexionswing_dev = connexionswing_dev.phpFpm.phpConfig; | ||
52 | system.activationScripts.connexionswing_dev = connexionswing_dev.activationScript; | ||
53 | system.extraSystemBuilderCmds = '' | ||
54 | mkdir -p $out/webapps | ||
55 | ln -s ${connexionswing_dev.app.webRoot} $out/webapps/${connexionswing_dev.apache.webappName} | ||
56 | ''; | ||
57 | services.websites.integration.modules = connexionswing_dev.apache.modules; | ||
58 | services.websites.integration.vhostConfs.connexionswing = { | ||
59 | certName = "eldiron"; | ||
60 | addToCerts = true; | ||
61 | hosts = ["connexionswing.immae.eu" "sandetludo.immae.eu" ]; | ||
62 | root = connexionswing_dev.apache.root; | ||
63 | extraConfig = [ connexionswing_dev.apache.vhostConf ]; | ||
64 | }; | ||
65 | }) | ||
66 | ]; | ||
67 | } | ||
68 | |||
diff --git a/nixops/modules/websites/default.nix b/nixops/modules/websites/default.nix index 432ad3c..584892a 100644 --- a/nixops/modules/websites/default.nix +++ b/nixops/modules/websites/default.nix | |||
@@ -66,23 +66,6 @@ let | |||
66 | in | 66 | in |
67 | { | 67 | { |
68 | imports = [ | 68 | imports = [ |
69 | ./chloe | ||
70 | ./ludivine | ||
71 | ./aten | ||
72 | ./piedsjaloux | ||
73 | ./connexionswing | ||
74 | ./tellesflorian | ||
75 | ./emilia | ||
76 | ./capitaines | ||
77 | ./ftp/jerome.nix | ||
78 | ./ftp/nassime.nix | ||
79 | ./ftp/florian.nix | ||
80 | ./ftp/denisejerome.nix | ||
81 | ./ftp/leila.nix | ||
82 | ./ftp/papa.nix | ||
83 | ./ftp/immae.nix | ||
84 | ./ftp/release.nix | ||
85 | ./ftp/temp.nix | ||
86 | ./tools/db.nix | 69 | ./tools/db.nix |
87 | ./tools/tools | 70 | ./tools/tools |
88 | ./tools/dav | 71 | ./tools/dav |
@@ -133,31 +116,6 @@ in | |||
133 | services.myWebsites.tools.etherpad-lite.enable = true; | 116 | services.myWebsites.tools.etherpad-lite.enable = true; |
134 | services.myWebsites.tools.peertube.enable = true; | 117 | services.myWebsites.tools.peertube.enable = true; |
135 | 118 | ||
136 | services.myWebsites.Chloe.production.enable = true; | ||
137 | services.myWebsites.Ludivine.production.enable = true; | ||
138 | services.myWebsites.Aten.production.enable = true; | ||
139 | services.myWebsites.PiedsJaloux.production.enable = true; | ||
140 | services.myWebsites.Connexionswing.production.enable = true; | ||
141 | services.myWebsites.Jerome.production.enable = true; | ||
142 | services.myWebsites.Nassime.production.enable = true; | ||
143 | services.myWebsites.Florian.production.enable = true; | ||
144 | services.myWebsites.Leila.production.enable = true; | ||
145 | services.myWebsites.Papa.production.enable = true; | ||
146 | services.myWebsites.DeniseJerome.production.enable = true; | ||
147 | services.myWebsites.Emilia.production.enable = true; | ||
148 | services.myWebsites.Capitaines.production.enable = true; | ||
149 | services.myWebsites.Immae.production.enable = true; | ||
150 | services.myWebsites.Release.production.enable = true; | ||
151 | services.myWebsites.Temp.production.enable = true; | ||
152 | |||
153 | services.myWebsites.Chloe.integration.enable = true; | ||
154 | services.myWebsites.Ludivine.integration.enable = true; | ||
155 | services.myWebsites.Aten.integration.enable = true; | ||
156 | services.myWebsites.PiedsJaloux.integration.enable = true; | ||
157 | services.myWebsites.Connexionswing.integration.enable = true; | ||
158 | services.myWebsites.TellesFlorian.integration.enable = true; | ||
159 | services.myWebsites.Florian.integration.enable = true; | ||
160 | |||
161 | secrets.keys = [{ | 119 | secrets.keys = [{ |
162 | dest = "apache-ldap"; | 120 | dest = "apache-ldap"; |
163 | user = "wwwrun"; | 121 | user = "wwwrun"; |
diff --git a/nixops/modules/websites/emilia/default.nix b/nixops/modules/websites/emilia/default.nix deleted file mode 100644 index 47257b7..0000000 --- a/nixops/modules/websites/emilia/default.nix +++ /dev/null | |||
@@ -1,73 +0,0 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | ||
2 | let | ||
3 | cfg = config.services.myWebsites.Emilia; | ||
4 | env = myconfig.env.websites.emilia; | ||
5 | varDir = "/var/lib/moodle"; | ||
6 | siteDir = ./moodle; | ||
7 | webappName = "emilia_moodle"; | ||
8 | root = "/run/current-system/webapps/${webappName}"; | ||
9 | # php_admin_value[upload_max_filesize] = 50000000 | ||
10 | # php_admin_value[post_max_size] = 50000000 | ||
11 | configFile = '' | ||
12 | <?php // Moodle configuration file | ||
13 | |||
14 | unset($CFG); | ||
15 | global $CFG; | ||
16 | $CFG = new stdClass(); | ||
17 | |||
18 | $CFG->dbtype = 'pgsql'; | ||
19 | $CFG->dblibrary = 'native'; | ||
20 | $CFG->dbhost = '${env.postgresql.host}'; | ||
21 | $CFG->dbname = '${env.postgresql.database}'; | ||
22 | $CFG->dbuser = '${env.postgresql.user}'; | ||
23 | $CFG->dbpass = '${env.postgresql.password}'; | ||
24 | $CFG->prefix = 'mdl_'; | ||
25 | $CFG->dboptions = array ( | ||
26 | 'dbpersist' => 0, | ||
27 | 'dbport' => '${env.postgreesql.port}', | ||
28 | 'dbsocket' => '${env.postgresql.password}', | ||
29 | ); | ||
30 | |||
31 | $CFG->wwwroot = 'https://www.saison-photo.org'; | ||
32 | $CFG->dataroot = '${varDir}'; | ||
33 | $CFG->admin = 'admin'; | ||
34 | |||
35 | $CFG->directorypermissions = 02777; | ||
36 | |||
37 | require_once(__DIR__ . '/lib/setup.php'); | ||
38 | |||
39 | // There is no php closing tag in this file, | ||
40 | // it is intentional because it prevents trailing whitespace problems! | ||
41 | ''; | ||
42 | in { | ||
43 | options.services.myWebsites.Emilia = { | ||
44 | production = { | ||
45 | enable = lib.mkEnableOption "enable Emilia's website"; | ||
46 | }; | ||
47 | }; | ||
48 | |||
49 | config = lib.mkIf cfg.production.enable { | ||
50 | system.activationScripts.emilia = '' | ||
51 | install -m 0755 -o wwwrun -g wwwrun -d ${varDir} | ||
52 | ''; | ||
53 | system.extraSystemBuilderCmds = '' | ||
54 | mkdir -p $out/webapps | ||
55 | ln -s ${siteDir} $out/webapps/${webappName} | ||
56 | ''; | ||
57 | services.websites.production.vhostConfs.emilia = { | ||
58 | certName = "emilia"; | ||
59 | certMainHost = "saison-photo.org"; | ||
60 | hosts = [ "saison-photo.org" "www.saison-photo.org" ]; | ||
61 | root = root; | ||
62 | extraConfig = [ | ||
63 | '' | ||
64 | <Directory ${root}> | ||
65 | DirectoryIndex pause.html | ||
66 | Options Indexes FollowSymLinks MultiViews Includes | ||
67 | Require all granted | ||
68 | </Directory> | ||
69 | '' | ||
70 | ]; | ||
71 | }; | ||
72 | }; | ||
73 | } | ||
diff --git a/nixops/modules/websites/emilia/moodle/pause.html b/nixops/modules/websites/emilia/moodle/pause.html deleted file mode 100644 index 8b99c59..0000000 --- a/nixops/modules/websites/emilia/moodle/pause.html +++ /dev/null | |||
@@ -1,48 +0,0 @@ | |||
1 | <!doctype html> | ||
2 | <html> | ||
3 | <head> | ||
4 | <title>Pause</title> | ||
5 | <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> | ||
6 | <style> | ||
7 | body { | ||
8 | padding-left: 5px; | ||
9 | padding-right: 5px; | ||
10 | text-align: center; | ||
11 | margin: auto; | ||
12 | font: 20px Helvetica, sans-serif; | ||
13 | color: #333; | ||
14 | } | ||
15 | h1 { | ||
16 | margin: 0px; | ||
17 | font-size: 40px; | ||
18 | } | ||
19 | article { | ||
20 | display: block; | ||
21 | max-width: 650px; | ||
22 | margin: 0 auto; | ||
23 | padding-top: 30px; | ||
24 | } | ||
25 | article + article { | ||
26 | border-top: 1px solid lightgrey; | ||
27 | } | ||
28 | article div { | ||
29 | text-align: justify; | ||
30 | } | ||
31 | a { | ||
32 | color: #dc8100; | ||
33 | text-decoration: none; | ||
34 | } | ||
35 | a:hover { | ||
36 | color: #333; | ||
37 | } | ||
38 | </style> | ||
39 | </head> | ||
40 | <body> | ||
41 | <article> | ||
42 | <h1>Site web en pause !</h1> | ||
43 | <div> | ||
44 | <p>Le site et les cours de photographie sont actuellement en pause.</p> | ||
45 | </div> | ||
46 | </article> | ||
47 | </body> | ||
48 | </html> | ||
diff --git a/nixops/modules/websites/ftp/denisejerome.nix b/nixops/modules/websites/ftp/denisejerome.nix deleted file mode 100644 index 884fb62..0000000 --- a/nixops/modules/websites/ftp/denisejerome.nix +++ /dev/null | |||
@@ -1,35 +0,0 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | ||
2 | let | ||
3 | cfg = config.services.myWebsites.DeniseJerome; | ||
4 | varDir = "/var/lib/ftp/denisejerome"; | ||
5 | env = myconfig.env.websites.denisejerome; | ||
6 | in { | ||
7 | options.services.myWebsites.DeniseJerome = { | ||
8 | production = { | ||
9 | enable = lib.mkEnableOption "enable Denise Jerome's website"; | ||
10 | }; | ||
11 | }; | ||
12 | |||
13 | config = lib.mkIf cfg.production.enable { | ||
14 | services.webstats.sites = [ { name = "denisejerome.piedsjaloux.fr"; } ]; | ||
15 | |||
16 | services.websites.production.vhostConfs.denisejerome = { | ||
17 | certName = "denisejerome"; | ||
18 | certMainHost = "denisejerome.piedsjaloux.fr"; | ||
19 | hosts = ["denisejerome.piedsjaloux.fr" ]; | ||
20 | root = varDir; | ||
21 | extraConfig = [ | ||
22 | '' | ||
23 | Use Stats denisejerome.piedsjaloux.fr | ||
24 | |||
25 | <Directory ${varDir}> | ||
26 | DirectoryIndex index.htm index.html | ||
27 | Options Indexes FollowSymLinks MultiViews Includes | ||
28 | AllowOverride AuthConfig | ||
29 | Require all granted | ||
30 | </Directory> | ||
31 | '' | ||
32 | ]; | ||
33 | }; | ||
34 | }; | ||
35 | } | ||
diff --git a/nixops/modules/websites/ftp/florian.nix b/nixops/modules/websites/ftp/florian.nix deleted file mode 100644 index ebd461e..0000000 --- a/nixops/modules/websites/ftp/florian.nix +++ /dev/null | |||
@@ -1,68 +0,0 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | ||
2 | let | ||
3 | adminer = pkgs.callPackage ../commons/adminer.nix {}; | ||
4 | cfg = config.services.myWebsites.Florian; | ||
5 | varDir = "/var/lib/ftp/florian"; | ||
6 | env = myconfig.env.websites.florian; | ||
7 | in { | ||
8 | options.services.myWebsites.Florian = { | ||
9 | production = { | ||
10 | enable = lib.mkEnableOption "enable Florian's website production"; | ||
11 | }; | ||
12 | integration = { | ||
13 | enable = lib.mkEnableOption "enable Florian's website integration"; | ||
14 | }; | ||
15 | }; | ||
16 | |||
17 | config = lib.mkMerge [ | ||
18 | (lib.mkIf cfg.production.enable { | ||
19 | security.acme.certs."ftp".extraDomains."tellesflorian.com" = null; | ||
20 | |||
21 | services.websites.production.modules = adminer.apache.modules; | ||
22 | services.websites.production.vhostConfs.florian = { | ||
23 | certName = "florian"; | ||
24 | certMainHost = "tellesflorian.com"; | ||
25 | hosts = [ "tellesflorian.com" "www.tellesflorian.com" ]; | ||
26 | root = "${varDir}/tellesflorian.com"; | ||
27 | extraConfig = [ | ||
28 | adminer.apache.vhostConf | ||
29 | '' | ||
30 | ServerAdmin ${env.server_admin} | ||
31 | |||
32 | <Directory ${varDir}/tellesflorian.com> | ||
33 | DirectoryIndex index.php index.htm index.html | ||
34 | Options Indexes FollowSymLinks MultiViews Includes | ||
35 | AllowOverride None | ||
36 | Require all granted | ||
37 | </Directory> | ||
38 | '' | ||
39 | ]; | ||
40 | }; | ||
41 | }) | ||
42 | |||
43 | (lib.mkIf cfg.integration.enable { | ||
44 | security.acme.certs."ftp".extraDomains."florian.immae.eu" = null; | ||
45 | |||
46 | services.websites.integration.modules = adminer.apache.modules; | ||
47 | services.websites.integration.vhostConfs.florian = { | ||
48 | certName = "eldiron"; | ||
49 | addToCerts = true; | ||
50 | hosts = [ "florian.immae.eu" ]; | ||
51 | root = "${varDir}/florian.immae.eu"; | ||
52 | extraConfig = [ | ||
53 | adminer.apache.vhostConf | ||
54 | '' | ||
55 | ServerAdmin ${env.server_admin} | ||
56 | |||
57 | <Directory ${varDir}/florian.immae.eu> | ||
58 | DirectoryIndex index.php index.htm index.html | ||
59 | Options Indexes FollowSymLinks MultiViews Includes | ||
60 | AllowOverride None | ||
61 | Require all granted | ||
62 | </Directory> | ||
63 | '' | ||
64 | ]; | ||
65 | }; | ||
66 | }) | ||
67 | ]; | ||
68 | } | ||
diff --git a/nixops/modules/websites/ftp/immae.nix b/nixops/modules/websites/ftp/immae.nix deleted file mode 100644 index 2ba30a1..0000000 --- a/nixops/modules/websites/ftp/immae.nix +++ /dev/null | |||
@@ -1,68 +0,0 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | ||
2 | let | ||
3 | cfg = config.services.myWebsites.Immae; | ||
4 | varDir = "/var/lib/ftp/immae"; | ||
5 | env = myconfig.env.websites.immae; | ||
6 | in { | ||
7 | options.services.myWebsites.Immae = { | ||
8 | production = { | ||
9 | enable = lib.mkEnableOption "enable Immae's website"; | ||
10 | }; | ||
11 | }; | ||
12 | |||
13 | config = lib.mkIf cfg.production.enable { | ||
14 | services.webstats.sites = [ { name = "www.immae.eu"; } ]; | ||
15 | |||
16 | services.myPhpfpm.poolConfigs.immae = '' | ||
17 | listen = /run/phpfpm/immae.sock | ||
18 | user = wwwrun | ||
19 | group = wwwrun | ||
20 | listen.owner = wwwrun | ||
21 | listen.group = wwwrun | ||
22 | |||
23 | pm = ondemand | ||
24 | pm.max_children = 5 | ||
25 | pm.process_idle_timeout = 60 | ||
26 | |||
27 | php_admin_value[open_basedir] = "${varDir}:/tmp" | ||
28 | ''; | ||
29 | services.websites.production.modules = [ "proxy_fcgi" ]; | ||
30 | services.websites.production.vhostConfs.immae = { | ||
31 | certName = "eldiron"; | ||
32 | addToCerts = true; | ||
33 | hosts = [ "www.immae.eu" ]; | ||
34 | root = varDir; | ||
35 | extraConfig = [ | ||
36 | '' | ||
37 | Use Stats www.immae.eu | ||
38 | |||
39 | <FilesMatch "\.php$"> | ||
40 | SetHandler "proxy:unix:/run/phpfpm/immae.sock|fcgi://localhost" | ||
41 | </FilesMatch> | ||
42 | |||
43 | <Directory ${varDir}> | ||
44 | DirectoryIndex index.php index.htm index.html | ||
45 | Options Indexes FollowSymLinks MultiViews Includes | ||
46 | AllowOverride All | ||
47 | Require all granted | ||
48 | </Directory> | ||
49 | |||
50 | <Location /blog_old/> | ||
51 | Use LDAPConnect | ||
52 | Require ldap-group cn=blog,cn=immae.eu,ou=services,dc=immae,dc=eu | ||
53 | </Location> | ||
54 | '' | ||
55 | ]; | ||
56 | }; | ||
57 | |||
58 | services.websites.production.vhostConfs.bouya = { | ||
59 | certName = "eldiron"; | ||
60 | addToCerts = true; | ||
61 | hosts = [ "bouya.org" "www.bouya.org" ]; | ||
62 | root = null; | ||
63 | extraConfig = [ '' | ||
64 | RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://www.normalesup.org/~bouya/ | ||
65 | '' ]; | ||
66 | }; | ||
67 | }; | ||
68 | } | ||
diff --git a/nixops/modules/websites/ftp/jerome.nix b/nixops/modules/websites/ftp/jerome.nix deleted file mode 100644 index d00c42d..0000000 --- a/nixops/modules/websites/ftp/jerome.nix +++ /dev/null | |||
@@ -1,90 +0,0 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | ||
2 | let | ||
3 | adminer = pkgs.callPackage ../commons/adminer.nix {}; | ||
4 | cfg = config.services.myWebsites.Jerome; | ||
5 | varDir = "/var/lib/ftp/jerome"; | ||
6 | env = myconfig.env.websites.jerome; | ||
7 | in { | ||
8 | options.services.myWebsites.Jerome = { | ||
9 | production = { | ||
10 | enable = lib.mkEnableOption "enable Jerome's website"; | ||
11 | }; | ||
12 | }; | ||
13 | |||
14 | config = lib.mkIf cfg.production.enable { | ||
15 | services.webstats.sites = [ { name = "naturaloutil.immae.eu"; } ]; | ||
16 | |||
17 | security.acme.certs."ftp".extraDomains."naturaloutil.immae.eu" = null; | ||
18 | |||
19 | secrets.keys = [{ | ||
20 | dest = "webapps/prod-naturaloutil"; | ||
21 | user = "wwwrun"; | ||
22 | group = "wwwrun"; | ||
23 | permissions = "0400"; | ||
24 | text = '' | ||
25 | <?php | ||
26 | $mysql_user = '${env.mysql.user}' ; | ||
27 | $mysql_server = '${env.mysql.host}' ; | ||
28 | $mysql_base = '${env.mysql.name}' ; | ||
29 | $mysql_password = '${env.mysql.password}' ; | ||
30 | //connect to db | ||
31 | $db = mysqli_init(); | ||
32 | ${if env.mysql.host != "localhost" then '' | ||
33 | mysqli_options ($db, MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, true); | ||
34 | $db->ssl_set(NULL, NULL, "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt", NULL, NULL); | ||
35 | '' else ""} | ||
36 | $database = connect_db($db, $mysql_server, $mysql_base, $mysql_user, $mysql_password); | ||
37 | ?> | ||
38 | ''; | ||
39 | }]; | ||
40 | services.myPhpfpm.serviceDependencies.jerome = [ "mysql.service" ]; | ||
41 | services.myPhpfpm.poolConfigs.jerome = '' | ||
42 | listen = /run/phpfpm/naturaloutil.sock | ||
43 | user = wwwrun | ||
44 | group = wwwrun | ||
45 | listen.owner = wwwrun | ||
46 | listen.group = wwwrun | ||
47 | |||
48 | pm = ondemand | ||
49 | pm.max_children = 5 | ||
50 | pm.process_idle_timeout = 60 | ||
51 | |||
52 | env[BDD_CONNECT] = "/var/secrets/webapps/prod-naturaloutil" | ||
53 | php_admin_value[open_basedir] = "/var/secrets/webapps/prod-naturaloutil:${varDir}:/tmp" | ||
54 | ''; | ||
55 | services.myPhpfpm.poolPhpConfigs.jerome = '' | ||
56 | extension=${pkgs.php}/lib/php/extensions/mysqli.so | ||
57 | ''; | ||
58 | services.websites.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ]; | ||
59 | services.websites.production.vhostConfs.naturaloutil = { | ||
60 | certName = "naturaloutil"; | ||
61 | certMainHost = "naturaloutil.immae.eu"; | ||
62 | hosts = ["naturaloutil.immae.eu" ]; | ||
63 | root = varDir; | ||
64 | extraConfig = [ | ||
65 | adminer.apache.vhostConf | ||
66 | '' | ||
67 | Use Stats naturaloutil.immae.eu | ||
68 | ServerAdmin ${env.server_admin} | ||
69 | ErrorLog "${varDir}/logs/error_log" | ||
70 | CustomLog "${varDir}/logs/access_log" combined | ||
71 | |||
72 | <FilesMatch "\.php$"> | ||
73 | SetHandler "proxy:unix:/run/phpfpm/naturaloutil.sock|fcgi://localhost" | ||
74 | </FilesMatch> | ||
75 | |||
76 | <Directory ${varDir}/logs> | ||
77 | AllowOverride None | ||
78 | Require all denied | ||
79 | </Directory> | ||
80 | <Directory ${varDir}> | ||
81 | DirectoryIndex index.php index.htm index.html | ||
82 | Options Indexes FollowSymLinks MultiViews Includes | ||
83 | AllowOverride None | ||
84 | Require all granted | ||
85 | </Directory> | ||
86 | '' | ||
87 | ]; | ||
88 | }; | ||
89 | }; | ||
90 | } | ||
diff --git a/nixops/modules/websites/ftp/leila.nix b/nixops/modules/websites/ftp/leila.nix deleted file mode 100644 index 14bfa20..0000000 --- a/nixops/modules/websites/ftp/leila.nix +++ /dev/null | |||
@@ -1,86 +0,0 @@ | |||
1 | { lib, pkgs, config, ... }: | ||
2 | let | ||
3 | cfg = config.services.myWebsites.Leila; | ||
4 | varDir = "/var/lib/ftp/leila"; | ||
5 | in { | ||
6 | options.services.myWebsites.Leila = { | ||
7 | production = { | ||
8 | enable = lib.mkEnableOption "enable Leila's website in production"; | ||
9 | }; | ||
10 | }; | ||
11 | |||
12 | config = (lib.mkIf cfg.production.enable { | ||
13 | services.myPhpfpm.poolConfigs.leila = '' | ||
14 | listen = /run/phpfpm/leila.sock | ||
15 | user = wwwrun | ||
16 | group = wwwrun | ||
17 | listen.owner = wwwrun | ||
18 | listen.group = wwwrun | ||
19 | |||
20 | pm = ondemand | ||
21 | pm.max_children = 5 | ||
22 | pm.process_idle_timeout = 60 | ||
23 | |||
24 | php_admin_value[open_basedir] = "${varDir}:/tmp" | ||
25 | ''; | ||
26 | |||
27 | services.webstats.sites = [ | ||
28 | { name = "leila.bouya.org"; } | ||
29 | { name = "chorale.leila.bouya.org"; } | ||
30 | ]; | ||
31 | |||
32 | services.websites.production.modules = [ "proxy_fcgi" ]; | ||
33 | services.websites.production.vhostConfs.leila_chorale = { | ||
34 | certName = "leila"; | ||
35 | addToCerts = true; | ||
36 | hosts = [ "chorale.leila.bouya.org" "chorale-vocanta.fr.nf" "www.chorale-vocanta.fr.nf" ]; | ||
37 | root = "${varDir}/Chorale"; | ||
38 | extraConfig = [ | ||
39 | '' | ||
40 | Use Stats chorale.leila.bouya.org | ||
41 | <Directory ${varDir}/Chorale> | ||
42 | DirectoryIndex index.php index.htm index.html | ||
43 | Options Indexes FollowSymLinks MultiViews Includes | ||
44 | AllowOverride None | ||
45 | |||
46 | Use LDAPConnect | ||
47 | Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu | ||
48 | |||
49 | <FilesMatch "\.php$"> | ||
50 | SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost" | ||
51 | </FilesMatch> | ||
52 | </Directory> | ||
53 | '' | ||
54 | ]; | ||
55 | }; | ||
56 | services.websites.production.vhostConfs.leila = { | ||
57 | certName = "leila"; | ||
58 | certMainHost = "leila.bouya.org"; | ||
59 | hosts = [ "leila.bouya.org" ]; | ||
60 | root = varDir; | ||
61 | extraConfig = [ | ||
62 | '' | ||
63 | Use Stats leila.bouya.org | ||
64 | <Directory ${varDir}/Chorale> | ||
65 | DirectoryIndex index.htm index.html | ||
66 | Options Indexes FollowSymLinks MultiViews Includes | ||
67 | AllowOverride None | ||
68 | |||
69 | Use LDAPConnect | ||
70 | Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu | ||
71 | |||
72 | <FilesMatch "\.php$"> | ||
73 | SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost" | ||
74 | </FilesMatch> | ||
75 | </Directory> | ||
76 | <Directory ${varDir}> | ||
77 | DirectoryIndex index.htm index.html | ||
78 | Options Indexes FollowSymLinks MultiViews Includes | ||
79 | AllowOverride None | ||
80 | Require all granted | ||
81 | </Directory> | ||
82 | '' | ||
83 | ]; | ||
84 | }; | ||
85 | }); | ||
86 | } | ||
diff --git a/nixops/modules/websites/ftp/nassime.nix b/nixops/modules/websites/ftp/nassime.nix deleted file mode 100644 index 3c982d3..0000000 --- a/nixops/modules/websites/ftp/nassime.nix +++ /dev/null | |||
@@ -1,38 +0,0 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | ||
2 | let | ||
3 | cfg = config.services.myWebsites.Nassime; | ||
4 | varDir = "/var/lib/ftp/nassime"; | ||
5 | env = myconfig.env.websites.nassime; | ||
6 | in { | ||
7 | options.services.myWebsites.Nassime = { | ||
8 | production = { | ||
9 | enable = lib.mkEnableOption "enable Nassime's website"; | ||
10 | }; | ||
11 | }; | ||
12 | |||
13 | config = lib.mkIf cfg.production.enable { | ||
14 | services.webstats.sites = [ { name = "nassime.bouya.org"; } ]; | ||
15 | |||
16 | security.acme.certs."ftp".extraDomains."nassime.bouya.org" = null; | ||
17 | |||
18 | services.websites.production.vhostConfs.nassime = { | ||
19 | certName = "nassime"; | ||
20 | certMainHost = "nassime.bouya.org"; | ||
21 | hosts = ["nassime.bouya.org" ]; | ||
22 | root = varDir; | ||
23 | extraConfig = [ | ||
24 | '' | ||
25 | Use Stats nassime.bouya.org | ||
26 | ServerAdmin ${env.server_admin} | ||
27 | |||
28 | <Directory ${varDir}> | ||
29 | DirectoryIndex index.php index.htm index.html | ||
30 | Options Indexes FollowSymLinks MultiViews Includes | ||
31 | AllowOverride None | ||
32 | Require all granted | ||
33 | </Directory> | ||
34 | '' | ||
35 | ]; | ||
36 | }; | ||
37 | }; | ||
38 | } | ||
diff --git a/nixops/modules/websites/ftp/papa.nix b/nixops/modules/websites/ftp/papa.nix deleted file mode 100644 index c8d05ef..0000000 --- a/nixops/modules/websites/ftp/papa.nix +++ /dev/null | |||
@@ -1,53 +0,0 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | ||
2 | let | ||
3 | cfg = config.services.myWebsites.Papa; | ||
4 | varDir = "/var/lib/ftp/papa"; | ||
5 | in { | ||
6 | options.services.myWebsites.Papa = { | ||
7 | production = { | ||
8 | enable = lib.mkEnableOption "enable Papa's website"; | ||
9 | }; | ||
10 | }; | ||
11 | |||
12 | config = lib.mkIf cfg.production.enable { | ||
13 | security.acme.certs."ftp".extraDomains."surveillance.maison.bbc.bouya.org" = null; | ||
14 | |||
15 | services.cron = { | ||
16 | systemCronJobs = let | ||
17 | script = pkgs.writeScript "cleanup-papa" '' | ||
18 | #!${pkgs.stdenv.shell} | ||
19 | d=$(date -d "7 days ago" +%Y%m%d) | ||
20 | for i in /var/lib/ftp/papa/*/20[0-9][0-9][0-9][0-9][0-9][0-9]; do | ||
21 | if [ "$d" -gt $(basename $i) ]; then | ||
22 | rm -rf "$i" | ||
23 | fi | ||
24 | done | ||
25 | ''; | ||
26 | in | ||
27 | [ | ||
28 | '' | ||
29 | 0 6 * * * wwwrun ${script} | ||
30 | '' | ||
31 | ]; | ||
32 | }; | ||
33 | |||
34 | services.websites.production.vhostConfs.papa = { | ||
35 | certName = "papa"; | ||
36 | certMainHost = "surveillance.maison.bbc.bouya.org"; | ||
37 | hosts = [ "surveillance.maison.bbc.bouya.org" ]; | ||
38 | root = varDir; | ||
39 | extraConfig = [ | ||
40 | '' | ||
41 | Use Apaxy "${varDir}" "title .duplicity-ignore" | ||
42 | <Directory ${varDir}> | ||
43 | Use LDAPConnect | ||
44 | Options Indexes | ||
45 | AllowOverride None | ||
46 | Require ldap-group cn=surveillance.maison.bbc.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu | ||
47 | </Directory> | ||
48 | '' | ||
49 | ]; | ||
50 | }; | ||
51 | }; | ||
52 | } | ||
53 | |||
diff --git a/nixops/modules/websites/ftp/release.nix b/nixops/modules/websites/ftp/release.nix deleted file mode 100644 index db3487f..0000000 --- a/nixops/modules/websites/ftp/release.nix +++ /dev/null | |||
@@ -1,43 +0,0 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | ||
2 | let | ||
3 | cfg = config.services.myWebsites.Release; | ||
4 | varDir = "/var/lib/ftp/release.immae.eu"; | ||
5 | env = myconfig.env.websites.release; | ||
6 | in { | ||
7 | options.services.myWebsites.Release = { | ||
8 | production = { | ||
9 | enable = lib.mkEnableOption "enable Release' website"; | ||
10 | }; | ||
11 | }; | ||
12 | |||
13 | config = lib.mkIf cfg.production.enable { | ||
14 | services.webstats.sites = [ { name = "release.immae.eu"; } ]; | ||
15 | |||
16 | services.websites.production.vhostConfs.release = { | ||
17 | certName = "eldiron"; | ||
18 | addToCerts = true; | ||
19 | hosts = [ "release.immae.eu" ]; | ||
20 | root = varDir; | ||
21 | extraConfig = [ | ||
22 | '' | ||
23 | Use Stats release.immae.eu | ||
24 | |||
25 | Use Apaxy "${varDir}" "title .duplicity-ignore" | ||
26 | <Directory "${varDir}"> | ||
27 | Use LDAPConnect | ||
28 | Options Indexes | ||
29 | AllowOverride All | ||
30 | Require all granted | ||
31 | </Directory> | ||
32 | |||
33 | <Directory "${varDir}/packages"> | ||
34 | Use LDAPConnect | ||
35 | Options Indexes FollowSymlinks | ||
36 | AllowOverride None | ||
37 | Require all granted | ||
38 | </Directory> | ||
39 | '' | ||
40 | ]; | ||
41 | }; | ||
42 | }; | ||
43 | } | ||
diff --git a/nixops/modules/websites/ftp/temp.nix b/nixops/modules/websites/ftp/temp.nix deleted file mode 100644 index 86dfde3..0000000 --- a/nixops/modules/websites/ftp/temp.nix +++ /dev/null | |||
@@ -1,40 +0,0 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | ||
2 | let | ||
3 | cfg = config.services.myWebsites.Temp; | ||
4 | varDir = "/var/lib/ftp/temp.immae.eu"; | ||
5 | env = myconfig.env.websites.temp; | ||
6 | in { | ||
7 | options.services.myWebsites.Temp = { | ||
8 | production = { | ||
9 | enable = lib.mkEnableOption "enable Temp' website"; | ||
10 | }; | ||
11 | }; | ||
12 | |||
13 | config = lib.mkIf cfg.production.enable { | ||
14 | services.websites.production.modules = [ "headers" ]; | ||
15 | services.websites.production.vhostConfs.temp = { | ||
16 | certName = "eldiron"; | ||
17 | addToCerts = true; | ||
18 | hosts = [ "temp.immae.eu" ]; | ||
19 | root = varDir; | ||
20 | extraConfig = [ | ||
21 | '' | ||
22 | Use Apaxy "${varDir}" "title .duplicity-ignore" | ||
23 | <FilesMatch ".+"> | ||
24 | Header set Content-Disposition attachment | ||
25 | </FilesMatch> | ||
26 | <Directory "${varDir}"> | ||
27 | Options -Indexes | ||
28 | AllowOverride None | ||
29 | Require all granted | ||
30 | </Directory> | ||
31 | |||
32 | <DirectoryMatch "${varDir}/(.+)"> | ||
33 | Options Indexes | ||
34 | </DirectoryMatch> | ||
35 | '' | ||
36 | ]; | ||
37 | }; | ||
38 | }; | ||
39 | } | ||
40 | |||
diff --git a/nixops/modules/websites/ludivine/default.nix b/nixops/modules/websites/ludivine/default.nix deleted file mode 100644 index 70d5199..0000000 --- a/nixops/modules/websites/ludivine/default.nix +++ /dev/null | |||
@@ -1,66 +0,0 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | ||
2 | let | ||
3 | ludivinecassal_dev = pkgs.callPackage ./ludivinecassal.nix { | ||
4 | inherit (pkgs.webapps) ludivinecassal; | ||
5 | config = myconfig.env.websites.ludivinecassal.integration; | ||
6 | }; | ||
7 | ludivinecassal_prod = pkgs.callPackage ./ludivinecassal.nix { | ||
8 | inherit (pkgs.webapps) ludivinecassal; | ||
9 | config = myconfig.env.websites.ludivinecassal.production; | ||
10 | }; | ||
11 | |||
12 | cfg = config.services.myWebsites.Ludivine; | ||
13 | in { | ||
14 | options.services.myWebsites.Ludivine = { | ||
15 | production = { | ||
16 | enable = lib.mkEnableOption "enable Ludivine's website in production"; | ||
17 | }; | ||
18 | integration = { | ||
19 | enable = lib.mkEnableOption "enable Ludivine's website in integration"; | ||
20 | }; | ||
21 | }; | ||
22 | |||
23 | config = lib.mkMerge [ | ||
24 | (lib.mkIf cfg.production.enable { | ||
25 | secrets.keys = ludivinecassal_prod.keys; | ||
26 | services.webstats.sites = [ { name = "ludivinecassal.com"; } ]; | ||
27 | |||
28 | services.myPhpfpm.preStart.ludivinecassal_prod = ludivinecassal_prod.phpFpm.preStart; | ||
29 | services.myPhpfpm.serviceDependencies.ludivinecassal_prod = ludivinecassal_prod.phpFpm.serviceDeps; | ||
30 | services.myPhpfpm.poolConfigs.ludivinecassal_prod = ludivinecassal_prod.phpFpm.pool; | ||
31 | system.activationScripts.ludivinecassal_prod = ludivinecassal_prod.activationScript; | ||
32 | system.extraSystemBuilderCmds = '' | ||
33 | mkdir -p $out/webapps | ||
34 | ln -s ${ludivinecassal_prod.app.webRoot} $out/webapps/${ludivinecassal_prod.apache.webappName} | ||
35 | ''; | ||
36 | services.websites.production.modules = ludivinecassal_prod.apache.modules; | ||
37 | services.websites.production.vhostConfs.ludivine = { | ||
38 | certName = "ludivinecassal"; | ||
39 | certMainHost = "ludivinecassal.com"; | ||
40 | hosts = ["ludivinecassal.com" "www.ludivinecassal.com" ]; | ||
41 | root = ludivinecassal_prod.apache.root; | ||
42 | extraConfig = [ ludivinecassal_prod.apache.vhostConf ]; | ||
43 | }; | ||
44 | }) | ||
45 | (lib.mkIf cfg.integration.enable { | ||
46 | secrets.keys = ludivinecassal_dev.keys; | ||
47 | |||
48 | services.myPhpfpm.preStart.ludivinecassal_dev = ludivinecassal_dev.phpFpm.preStart; | ||
49 | services.myPhpfpm.serviceDependencies.ludivinecassal_dev = ludivinecassal_dev.phpFpm.serviceDeps; | ||
50 | services.myPhpfpm.poolConfigs.ludivinecassal_dev = ludivinecassal_dev.phpFpm.pool; | ||
51 | system.activationScripts.ludivinecassal_dev = ludivinecassal_dev.activationScript; | ||
52 | system.extraSystemBuilderCmds = '' | ||
53 | mkdir -p $out/webapps | ||
54 | ln -s ${ludivinecassal_dev.app.webRoot} $out/webapps/${ludivinecassal_dev.apache.webappName} | ||
55 | ''; | ||
56 | services.websites.integration.modules = ludivinecassal_dev.apache.modules; | ||
57 | services.websites.integration.vhostConfs.ludivine = { | ||
58 | certName = "eldiron"; | ||
59 | addToCerts = true; | ||
60 | hosts = [ "ludivine.immae.eu" ]; | ||
61 | root = ludivinecassal_dev.apache.root; | ||
62 | extraConfig = [ ludivinecassal_dev.apache.vhostConf ]; | ||
63 | }; | ||
64 | }) | ||
65 | ]; | ||
66 | } | ||
diff --git a/nixops/modules/websites/ludivine/ludivinecassal.nix b/nixops/modules/websites/ludivine/ludivinecassal.nix deleted file mode 100644 index 39fd088..0000000 --- a/nixops/modules/websites/ludivine/ludivinecassal.nix +++ /dev/null | |||
@@ -1,157 +0,0 @@ | |||
1 | { config, ludivinecassal, pkgs, ruby, sass, imagemagick }: | ||
2 | rec { | ||
3 | app = ludivinecassal.override { inherit (config) environment; }; | ||
4 | varDir = "/var/lib/ludivinecassal_${app.environment}"; | ||
5 | keys = [{ | ||
6 | dest = "webapps/${app.environment}-ludivinecassal"; | ||
7 | user = apache.user; | ||
8 | group = apache.group; | ||
9 | permissions = "0400"; | ||
10 | text = '' | ||
11 | # This file is auto-generated during the composer install | ||
12 | parameters: | ||
13 | database_host: ${config.mysql.host} | ||
14 | database_port: ${config.mysql.port} | ||
15 | database_name: ${config.mysql.name} | ||
16 | database_user: ${config.mysql.user} | ||
17 | database_password: ${config.mysql.password} | ||
18 | database_server_version: ${pkgs.mariadb.mysqlVersion} | ||
19 | mailer_transport: smtp | ||
20 | mailer_host: 127.0.0.1 | ||
21 | mailer_user: null | ||
22 | mailer_password: null | ||
23 | secret: ${config.secret} | ||
24 | ldap_host: ldap.immae.eu | ||
25 | ldap_port: 636 | ||
26 | ldap_version: 3 | ||
27 | ldap_ssl: true | ||
28 | ldap_tls: false | ||
29 | ldap_user_bind: 'uid={username},ou=users,dc=immae,dc=eu' | ||
30 | ldap_base_dn: 'dc=immae,dc=eu' | ||
31 | ldap_search_dn: '${config.ldap.dn}' | ||
32 | ldap_search_password: '${config.ldap.password}' | ||
33 | ldap_search_filter: '${config.ldap.search}' | ||
34 | leapt_im: | ||
35 | binary_path: ${imagemagick}/bin | ||
36 | assetic: | ||
37 | sass: ${sass}/bin/sass | ||
38 | ruby: ${ruby}/bin/ruby | ||
39 | ''; | ||
40 | }]; | ||
41 | phpFpm = rec { | ||
42 | preStart = '' | ||
43 | if [ ! -f "${app.varDir}/currentWebappDir" -o \ | ||
44 | ! -f "${app.varDir}/currentKey" -o \ | ||
45 | "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \ | ||
46 | || ! sha512sum -c --status ${app.varDir}/currentKey; then | ||
47 | pushd ${app} > /dev/null | ||
48 | /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${app.environment} cache:clear --no-warmup | ||
49 | popd > /dev/null | ||
50 | echo -n "${app}" > ${app.varDir}/currentWebappDir | ||
51 | sha512sum /var/secrets/webapps/${app.environment}-ludivinecassal > ${app.varDir}/currentKey | ||
52 | fi | ||
53 | ''; | ||
54 | serviceDeps = [ "mysql.service" ]; | ||
55 | socket = "/var/run/phpfpm/ludivinecassal-${app.environment}.sock"; | ||
56 | pool = '' | ||
57 | listen = ${socket} | ||
58 | user = ${apache.user} | ||
59 | group = ${apache.group} | ||
60 | listen.owner = ${apache.user} | ||
61 | listen.group = ${apache.group} | ||
62 | php_admin_value[upload_max_filesize] = 20M | ||
63 | php_admin_value[post_max_size] = 20M | ||
64 | ;php_admin_flag[log_errors] = on | ||
65 | php_admin_value[open_basedir] = "/var/secrets/webapps/${app.environment}-ludivinecassal:${app}:${app.varDir}:/tmp" | ||
66 | php_admin_value[session.save_path] = "${app.varDir}/phpSessions" | ||
67 | ${if app.environment == "dev" then '' | ||
68 | pm = ondemand | ||
69 | pm.max_children = 5 | ||
70 | pm.process_idle_timeout = 60 | ||
71 | env[SYMFONY_DEBUG_MODE] = "yes" | ||
72 | '' else '' | ||
73 | pm = dynamic | ||
74 | pm.max_children = 20 | ||
75 | pm.start_servers = 2 | ||
76 | pm.min_spare_servers = 1 | ||
77 | pm.max_spare_servers = 3 | ||
78 | ''}''; | ||
79 | }; | ||
80 | apache = rec { | ||
81 | user = "wwwrun"; | ||
82 | group = "wwwrun"; | ||
83 | modules = [ "proxy_fcgi" ]; | ||
84 | webappName = "ludivine_${app.environment}"; | ||
85 | root = "/run/current-system/webapps/${webappName}"; | ||
86 | vhostConf = '' | ||
87 | <FilesMatch "\.php$"> | ||
88 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | ||
89 | </FilesMatch> | ||
90 | |||
91 | ${if app.environment == "dev" then '' | ||
92 | <Location /> | ||
93 | Use LDAPConnect | ||
94 | Require ldap-group cn=ludivine.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu | ||
95 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://ludivinecassal.com\"></html>" | ||
96 | </Location> | ||
97 | |||
98 | <Directory ${root}> | ||
99 | Options Indexes FollowSymLinks MultiViews Includes | ||
100 | AllowOverride None | ||
101 | Require all granted | ||
102 | |||
103 | DirectoryIndex app_dev.php | ||
104 | |||
105 | <IfModule mod_negotiation.c> | ||
106 | Options -MultiViews | ||
107 | </IfModule> | ||
108 | |||
109 | <IfModule mod_rewrite.c> | ||
110 | RewriteEngine On | ||
111 | |||
112 | RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$ | ||
113 | RewriteRule ^(.*) - [E=BASE:%1] | ||
114 | |||
115 | # Maintenance script | ||
116 | RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f | ||
117 | RewriteCond %{SCRIPT_FILENAME} !maintenance.php | ||
118 | RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L] | ||
119 | ErrorDocument 503 /maintenance.php | ||
120 | |||
121 | # Sets the HTTP_AUTHORIZATION header removed by Apache | ||
122 | RewriteCond %{HTTP:Authorization} . | ||
123 | RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] | ||
124 | |||
125 | RewriteCond %{ENV:REDIRECT_STATUS} ^$ | ||
126 | RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L] | ||
127 | |||
128 | # If the requested filename exists, simply serve it. | ||
129 | # We only want to let Apache serve files and not directories. | ||
130 | RewriteCond %{REQUEST_FILENAME} -f | ||
131 | RewriteRule ^ - [L] | ||
132 | |||
133 | # Rewrite all other queries to the front controller. | ||
134 | RewriteRule ^ %{ENV:BASE}/app_dev.php [L] | ||
135 | </IfModule> | ||
136 | |||
137 | </Directory> | ||
138 | '' else '' | ||
139 | Use Stats ludivinecassal.com | ||
140 | |||
141 | <Directory ${root}> | ||
142 | Options Indexes FollowSymLinks MultiViews Includes | ||
143 | AllowOverride All | ||
144 | Require all granted | ||
145 | </Directory> | ||
146 | ''} | ||
147 | ''; | ||
148 | }; | ||
149 | activationScript = { | ||
150 | deps = [ "wrappers" ]; | ||
151 | text = '' | ||
152 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} | ||
153 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/tmp | ||
154 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions | ||
155 | ''; | ||
156 | }; | ||
157 | } | ||
diff --git a/nixops/modules/websites/piedsjaloux/default.nix b/nixops/modules/websites/piedsjaloux/default.nix deleted file mode 100644 index a5ee24f..0000000 --- a/nixops/modules/websites/piedsjaloux/default.nix +++ /dev/null | |||
@@ -1,66 +0,0 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | ||
2 | let | ||
3 | piedsjaloux_dev = pkgs.callPackage ./piedsjaloux.nix { | ||
4 | inherit (pkgs.webapps) piedsjaloux; | ||
5 | config = myconfig.env.websites.piedsjaloux.integration; | ||
6 | }; | ||
7 | piedsjaloux_prod = pkgs.callPackage ./piedsjaloux.nix { | ||
8 | inherit (pkgs.webapps) piedsjaloux; | ||
9 | config = myconfig.env.websites.piedsjaloux.production; | ||
10 | }; | ||
11 | |||
12 | cfg = config.services.myWebsites.PiedsJaloux; | ||
13 | in { | ||
14 | options.services.myWebsites.PiedsJaloux = { | ||
15 | production = { | ||
16 | enable = lib.mkEnableOption "enable PiedsJaloux's website in production"; | ||
17 | }; | ||
18 | integration = { | ||
19 | enable = lib.mkEnableOption "enable PiedsJaloux's website in integration"; | ||
20 | }; | ||
21 | }; | ||
22 | |||
23 | config = lib.mkMerge [ | ||
24 | (lib.mkIf cfg.production.enable { | ||
25 | secrets.keys = piedsjaloux_prod.keys; | ||
26 | services.webstats.sites = [ { name = "piedsjaloux.fr"; } ]; | ||
27 | |||
28 | services.myPhpfpm.preStart.piedsjaloux_prod = piedsjaloux_prod.phpFpm.preStart; | ||
29 | services.myPhpfpm.serviceDependencies.piedsjaloux_prod = piedsjaloux_prod.phpFpm.serviceDeps; | ||
30 | services.myPhpfpm.poolConfigs.piedsjaloux_prod = piedsjaloux_prod.phpFpm.pool; | ||
31 | system.activationScripts.piedsjaloux_prod = piedsjaloux_prod.activationScript; | ||
32 | system.extraSystemBuilderCmds = '' | ||
33 | mkdir -p $out/webapps | ||
34 | ln -s ${piedsjaloux_prod.app.webRoot} $out/webapps/${piedsjaloux_prod.apache.webappName} | ||
35 | ''; | ||
36 | services.websites.production.modules = piedsjaloux_prod.apache.modules; | ||
37 | services.websites.production.vhostConfs.piedsjaloux = { | ||
38 | certName = "piedsjaloux"; | ||
39 | certMainHost = "piedsjaloux.fr"; | ||
40 | hosts = [ "piedsjaloux.fr" "www.piedsjaloux.fr" ]; | ||
41 | root = piedsjaloux_prod.apache.root; | ||
42 | extraConfig = [ piedsjaloux_prod.apache.vhostConf ]; | ||
43 | }; | ||
44 | }) | ||
45 | (lib.mkIf cfg.integration.enable { | ||
46 | secrets.keys = piedsjaloux_dev.keys; | ||
47 | services.myPhpfpm.preStart.piedsjaloux_dev = piedsjaloux_dev.phpFpm.preStart; | ||
48 | services.myPhpfpm.serviceDependencies.piedsjaloux_dev = piedsjaloux_dev.phpFpm.serviceDeps; | ||
49 | services.myPhpfpm.poolConfigs.piedsjaloux_dev = piedsjaloux_dev.phpFpm.pool; | ||
50 | system.activationScripts.piedsjaloux_dev = piedsjaloux_dev.activationScript; | ||
51 | system.extraSystemBuilderCmds = '' | ||
52 | mkdir -p $out/webapps | ||
53 | ln -s ${piedsjaloux_dev.app.webRoot} $out/webapps/${piedsjaloux_dev.apache.webappName} | ||
54 | ''; | ||
55 | services.websites.integration.modules = piedsjaloux_dev.apache.modules; | ||
56 | services.websites.integration.vhostConfs.piedsjaloux = { | ||
57 | certName = "eldiron"; | ||
58 | addToCerts = true; | ||
59 | hosts = [ "piedsjaloux.immae.eu" ]; | ||
60 | root = piedsjaloux_dev.apache.root; | ||
61 | extraConfig = [ piedsjaloux_dev.apache.vhostConf ]; | ||
62 | }; | ||
63 | }) | ||
64 | ]; | ||
65 | } | ||
66 | |||
diff --git a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix b/nixops/modules/websites/piedsjaloux/piedsjaloux.nix deleted file mode 100644 index 97f8946..0000000 --- a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix +++ /dev/null | |||
@@ -1,146 +0,0 @@ | |||
1 | { piedsjaloux, config, pkgs, lib, texlive, imagemagick }: | ||
2 | rec { | ||
3 | app = piedsjaloux.override { inherit (config) environment; }; | ||
4 | varDir = "/var/lib/piedsjaloux_${app.environment}"; | ||
5 | keys = [{ | ||
6 | dest = "webapps/${app.environment}-piedsjaloux"; | ||
7 | user = apache.user; | ||
8 | group = apache.group; | ||
9 | permissions = "0400"; | ||
10 | text = '' | ||
11 | # This file is auto-generated during the composer install | ||
12 | parameters: | ||
13 | database_host: ${config.mysql.host} | ||
14 | database_port: ${config.mysql.port} | ||
15 | database_name: ${config.mysql.name} | ||
16 | database_user: ${config.mysql.user} | ||
17 | database_password: ${config.mysql.password} | ||
18 | database_server_version: ${pkgs.mariadb.mysqlVersion} | ||
19 | mailer_transport: smtp | ||
20 | mailer_host: 127.0.0.1 | ||
21 | mailer_user: null | ||
22 | mailer_password: null | ||
23 | secret: ${config.secret} | ||
24 | pdflatex: "${texlive.combine { inherit (texlive) attachfile preprint scheme-small; }}/bin/pdflatex" | ||
25 | leapt_im: | ||
26 | binary_path: ${imagemagick}/bin | ||
27 | ''; | ||
28 | }]; | ||
29 | phpFpm = rec { | ||
30 | preStart = '' | ||
31 | if [ ! -f "${app.varDir}/currentWebappDir" -o \ | ||
32 | ! -f "${app.varDir}/currentKey" -o \ | ||
33 | "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \ | ||
34 | || ! sha512sum -c --status ${app.varDir}/currentKey; then | ||
35 | pushd ${app} > /dev/null | ||
36 | /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${app.environment} cache:clear --no-warmup | ||
37 | popd > /dev/null | ||
38 | echo -n "${app}" > ${app.varDir}/currentWebappDir | ||
39 | sha512sum /var/secrets/webapps/${app.environment}-piedsjaloux > ${app.varDir}/currentKey | ||
40 | fi | ||
41 | ''; | ||
42 | serviceDeps = [ "mysql.service" ]; | ||
43 | socket = "/var/run/phpfpm/piedsjaloux-${app.environment}.sock"; | ||
44 | pool = '' | ||
45 | listen = ${socket} | ||
46 | user = ${apache.user} | ||
47 | group = ${apache.group} | ||
48 | listen.owner = ${apache.user} | ||
49 | listen.group = ${apache.group} | ||
50 | php_admin_value[upload_max_filesize] = 20M | ||
51 | php_admin_value[post_max_size] = 20M | ||
52 | ;php_admin_flag[log_errors] = on | ||
53 | php_admin_value[open_basedir] = "/var/secrets/webapps/${app.environment}-piedsjaloux:${app}:${app.varDir}:/tmp" | ||
54 | php_admin_value[session.save_path] = "${app.varDir}/phpSessions" | ||
55 | env[PATH] = ${lib.makeBinPath [ pkgs.apg pkgs.unzip ]} | ||
56 | ${if app.environment == "dev" then '' | ||
57 | pm = ondemand | ||
58 | pm.max_children = 5 | ||
59 | pm.process_idle_timeout = 60 | ||
60 | env[SYMFONY_DEBUG_MODE] = "yes" | ||
61 | '' else '' | ||
62 | pm = dynamic | ||
63 | pm.max_children = 20 | ||
64 | pm.start_servers = 2 | ||
65 | pm.min_spare_servers = 1 | ||
66 | pm.max_spare_servers = 3 | ||
67 | ''}''; | ||
68 | }; | ||
69 | apache = rec { | ||
70 | user = "wwwrun"; | ||
71 | group = "wwwrun"; | ||
72 | modules = [ "proxy_fcgi" ]; | ||
73 | webappName = "piedsjaloux_${app.environment}"; | ||
74 | root = "/run/current-system/webapps/${webappName}"; | ||
75 | vhostConf = '' | ||
76 | <FilesMatch "\.php$"> | ||
77 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | ||
78 | </FilesMatch> | ||
79 | |||
80 | ${if app.environment == "dev" then '' | ||
81 | <Location /> | ||
82 | Use LDAPConnect | ||
83 | Require ldap-group cn=piedsjaloux.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu | ||
84 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://piedsjaloux.fr\"></html>" | ||
85 | </Location> | ||
86 | |||
87 | <Directory ${root}> | ||
88 | Options Indexes FollowSymLinks MultiViews Includes | ||
89 | AllowOverride None | ||
90 | Require all granted | ||
91 | |||
92 | DirectoryIndex app_dev.php | ||
93 | |||
94 | <IfModule mod_negotiation.c> | ||
95 | Options -MultiViews | ||
96 | </IfModule> | ||
97 | |||
98 | <IfModule mod_rewrite.c> | ||
99 | RewriteEngine On | ||
100 | |||
101 | RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$ | ||
102 | RewriteRule ^(.*) - [E=BASE:%1] | ||
103 | |||
104 | # Maintenance script | ||
105 | RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f | ||
106 | RewriteCond %{SCRIPT_FILENAME} !maintenance.php | ||
107 | RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L] | ||
108 | ErrorDocument 503 /maintenance.php | ||
109 | |||
110 | # Sets the HTTP_AUTHORIZATION header removed by Apache | ||
111 | RewriteCond %{HTTP:Authorization} . | ||
112 | RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] | ||
113 | |||
114 | RewriteCond %{ENV:REDIRECT_STATUS} ^$ | ||
115 | RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L] | ||
116 | |||
117 | # If the requested filename exists, simply serve it. | ||
118 | # We only want to let Apache serve files and not directories. | ||
119 | RewriteCond %{REQUEST_FILENAME} -f | ||
120 | RewriteRule ^ - [L] | ||
121 | |||
122 | # Rewrite all other queries to the front controller. | ||
123 | RewriteRule ^ %{ENV:BASE}/app_dev.php [L] | ||
124 | </IfModule> | ||
125 | |||
126 | </Directory> | ||
127 | '' else '' | ||
128 | Use Stats piedsjaloux.fr | ||
129 | |||
130 | <Directory ${root}> | ||
131 | Options Indexes FollowSymLinks MultiViews Includes | ||
132 | AllowOverride All | ||
133 | Require all granted | ||
134 | </Directory> | ||
135 | ''} | ||
136 | ''; | ||
137 | }; | ||
138 | activationScript = { | ||
139 | deps = [ "wrappers" ]; | ||
140 | text = '' | ||
141 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} \ | ||
142 | ${app.varDir}/tmp | ||
143 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions | ||
144 | ''; | ||
145 | }; | ||
146 | } | ||
diff --git a/nixops/modules/websites/tellesflorian/default.nix b/nixops/modules/websites/tellesflorian/default.nix deleted file mode 100644 index bbbde07..0000000 --- a/nixops/modules/websites/tellesflorian/default.nix +++ /dev/null | |||
@@ -1,40 +0,0 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | ||
2 | let | ||
3 | adminer = pkgs.callPackage ../commons/adminer.nix {}; | ||
4 | |||
5 | tellesflorian_dev = pkgs.callPackage ./tellesflorian.nix { | ||
6 | inherit (pkgs.webapps) tellesflorian; | ||
7 | config = myconfig.env.websites.tellesflorian.integration; | ||
8 | }; | ||
9 | |||
10 | cfg = config.services.myWebsites.TellesFlorian; | ||
11 | in { | ||
12 | options.services.myWebsites.TellesFlorian = { | ||
13 | integration = { | ||
14 | enable = lib.mkEnableOption "enable Florian Telles's website in integration"; | ||
15 | }; | ||
16 | }; | ||
17 | |||
18 | config = lib.mkIf cfg.integration.enable { | ||
19 | secrets.keys = tellesflorian_dev.keys; | ||
20 | services.myPhpfpm.preStart.tellesflorian_dev = tellesflorian_dev.phpFpm.preStart; | ||
21 | services.myPhpfpm.serviceDependencies.tellesflorian_dev = tellesflorian_dev.phpFpm.serviceDeps; | ||
22 | services.myPhpfpm.poolConfigs.tellesflorian_dev = tellesflorian_dev.phpFpm.pool; | ||
23 | system.activationScripts.tellesflorian_dev = tellesflorian_dev.activationScript; | ||
24 | system.extraSystemBuilderCmds = '' | ||
25 | mkdir -p $out/webapps | ||
26 | ln -s ${tellesflorian_dev.app.webRoot} $out/webapps/${tellesflorian_dev.apache.webappName} | ||
27 | ''; | ||
28 | services.websites.integration.modules = adminer.apache.modules ++ tellesflorian_dev.apache.modules; | ||
29 | services.websites.integration.vhostConfs.tellesflorian = { | ||
30 | certName = "eldiron"; | ||
31 | addToCerts = true; | ||
32 | hosts = ["app.tellesflorian.com" ]; | ||
33 | root = tellesflorian_dev.apache.root; | ||
34 | extraConfig = [ | ||
35 | tellesflorian_dev.apache.vhostConf | ||
36 | adminer.apache.vhostConf | ||
37 | ]; | ||
38 | }; | ||
39 | }; | ||
40 | } | ||
diff --git a/nixops/modules/websites/tellesflorian/tellesflorian.nix b/nixops/modules/websites/tellesflorian/tellesflorian.nix deleted file mode 100644 index 5955431..0000000 --- a/nixops/modules/websites/tellesflorian/tellesflorian.nix +++ /dev/null | |||
@@ -1,154 +0,0 @@ | |||
1 | { tellesflorian, config }: | ||
2 | rec { | ||
3 | app = tellesflorian.override { inherit (config) environment; }; | ||
4 | keys = [ | ||
5 | { | ||
6 | dest = "webapps/${app.environment}-tellesflorian-passwords"; | ||
7 | user = apache.user; | ||
8 | group = apache.group; | ||
9 | permissions = "0400"; | ||
10 | text = '' | ||
11 | invite:${config.invite_passwords} | ||
12 | ''; | ||
13 | } | ||
14 | { | ||
15 | dest = "webapps/${app.environment}-tellesflorian"; | ||
16 | user = apache.user; | ||
17 | group = apache.group; | ||
18 | permissions = "0400"; | ||
19 | text = '' | ||
20 | # This file is auto-generated during the composer install | ||
21 | parameters: | ||
22 | database_host: ${config.mysql.host} | ||
23 | database_port: ${config.mysql.port} | ||
24 | database_name: ${config.mysql.name} | ||
25 | database_user: ${config.mysql.user} | ||
26 | database_password: ${config.mysql.password} | ||
27 | mailer_transport: smtp | ||
28 | mailer_host: 127.0.0.1 | ||
29 | mailer_user: null | ||
30 | mailer_password: null | ||
31 | secret: ${config.secret} | ||
32 | ''; | ||
33 | } | ||
34 | ]; | ||
35 | phpFpm = rec { | ||
36 | preStart = '' | ||
37 | if [ ! -f "${app.varDir}/currentWebappDir" -o \ | ||
38 | ! -f "${app.varDir}/currentKey" -o \ | ||
39 | "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \ | ||
40 | || ! sha512sum -c --status ${app.varDir}/currentKey; then | ||
41 | pushd ${app} > /dev/null | ||
42 | /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${app.environment} cache:clear --no-warmup | ||
43 | popd > /dev/null | ||
44 | echo -n "${app}" > ${app.varDir}/currentWebappDir | ||
45 | sha512sum /var/secrets/webapps/${app.environment}-tellesflorian > ${app.varDir}/currentKey | ||
46 | fi | ||
47 | ''; | ||
48 | serviceDeps = [ "mysql.service" ]; | ||
49 | socket = "/var/run/phpfpm/floriantelles-${app.environment}.sock"; | ||
50 | pool = '' | ||
51 | listen = ${socket} | ||
52 | user = ${apache.user} | ||
53 | group = ${apache.group} | ||
54 | listen.owner = ${apache.user} | ||
55 | listen.group = ${apache.group} | ||
56 | php_admin_value[upload_max_filesize] = 20M | ||
57 | php_admin_value[post_max_size] = 20M | ||
58 | ;php_admin_flag[log_errors] = on | ||
59 | php_admin_value[open_basedir] = "/var/secrets/webapps/${app.environment}-tellesflorian:${app}:${app.varDir}:/tmp" | ||
60 | php_admin_value[session.save_path] = "${app.varDir}/phpSessions" | ||
61 | ${if app.environment == "dev" then '' | ||
62 | pm = ondemand | ||
63 | pm.max_children = 5 | ||
64 | pm.process_idle_timeout = 60 | ||
65 | env[SYMFONY_DEBUG_MODE] = "yes" | ||
66 | '' else '' | ||
67 | pm = dynamic | ||
68 | pm.max_children = 20 | ||
69 | pm.start_servers = 2 | ||
70 | pm.min_spare_servers = 1 | ||
71 | pm.max_spare_servers = 3 | ||
72 | ''}''; | ||
73 | }; | ||
74 | apache = rec { | ||
75 | user = "wwwrun"; | ||
76 | group = "wwwrun"; | ||
77 | modules = [ "proxy_fcgi" ]; | ||
78 | webappName = "florian_${app.environment}"; | ||
79 | root = "/run/current-system/webapps/${webappName}"; | ||
80 | vhostConf = '' | ||
81 | <FilesMatch "\.php$"> | ||
82 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | ||
83 | </FilesMatch> | ||
84 | |||
85 | ${if app.environment == "dev" then '' | ||
86 | <Location /> | ||
87 | AuthBasicProvider file ldap | ||
88 | Use LDAPConnect | ||
89 | Require ldap-group cn=app.tellesflorian.com,cn=httpd,ou=services,dc=immae,dc=eu | ||
90 | |||
91 | AuthUserFile "/var/secrets/webapps/${app.environment}-tellesflorian-passwords" | ||
92 | Require user "invite" | ||
93 | |||
94 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://tellesflorian.com\"></html>" | ||
95 | </Location> | ||
96 | |||
97 | <Directory ${root}> | ||
98 | Options Indexes FollowSymLinks MultiViews Includes | ||
99 | AllowOverride None | ||
100 | Require all granted | ||
101 | |||
102 | DirectoryIndex app_dev.php | ||
103 | |||
104 | <IfModule mod_negotiation.c> | ||
105 | Options -MultiViews | ||
106 | </IfModule> | ||
107 | |||
108 | <IfModule mod_rewrite.c> | ||
109 | RewriteEngine On | ||
110 | |||
111 | RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$ | ||
112 | RewriteRule ^(.*) - [E=BASE:%1] | ||
113 | |||
114 | # Maintenance script | ||
115 | RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f | ||
116 | RewriteCond %{SCRIPT_FILENAME} !maintenance.php | ||
117 | RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L] | ||
118 | ErrorDocument 503 /maintenance.php | ||
119 | |||
120 | # Sets the HTTP_AUTHORIZATION header removed by Apache | ||
121 | RewriteCond %{HTTP:Authorization} . | ||
122 | RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] | ||
123 | |||
124 | RewriteCond %{ENV:REDIRECT_STATUS} ^$ | ||
125 | RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L] | ||
126 | |||
127 | # If the requested filename exists, simply serve it. | ||
128 | # We only want to let Apache serve files and not directories. | ||
129 | RewriteCond %{REQUEST_FILENAME} -f | ||
130 | RewriteRule ^ - [L] | ||
131 | |||
132 | # Rewrite all other queries to the front controller. | ||
133 | RewriteRule ^ %{ENV:BASE}/app_dev.php [L] | ||
134 | </IfModule> | ||
135 | |||
136 | </Directory> | ||
137 | '' else '' | ||
138 | <Directory ${root}> | ||
139 | Options Indexes FollowSymLinks MultiViews Includes | ||
140 | AllowOverride All | ||
141 | Require all granted | ||
142 | </Directory> | ||
143 | ''} | ||
144 | ''; | ||
145 | }; | ||
146 | activationScript = { | ||
147 | deps = [ "wrappers" ]; | ||
148 | text = '' | ||
149 | install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} \ | ||
150 | ${app.varDir}/var | ||
151 | install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions | ||
152 | ''; | ||
153 | }; | ||
154 | } | ||