4 files changed, 303 insertions, 0 deletions
diff --git a/virtual/modules/websites/aten/aten.json b/virtual/modules/websites/aten/aten.json
new file mode 100644
index 0000000..53569b6
--- /dev/null
+++ b/virtual/modules/websites/aten/aten.json
@@ -0,0 +1,14 @@
+{
+  "tag": "b99537f-master",
+  "meta": {
+    "name": "aten",
+    "url": "gitolite@git.immae.eu:perso/Immae/Sites/Aten",
+    "branch": "master"
+  },
+  "git": {
+    "url": "gitolite@git.immae.eu:perso/Immae/Sites/Aten",
+    "rev": "b99537fdad41291afb4f1bb8b2e2aa4081c71fae",
+    "sha256": "15mlyik6zivxwry6zc906bqnivxhby27yr8kj4lg5n68pvb877dn",
+    "fetchSubmodules": true
+  }
+}
diff --git a/virtual/modules/websites/aten/aten.nix b/virtual/modules/websites/aten/aten.nix
new file mode 100644
index 0000000..d67f7b7
--- /dev/null
+++ b/virtual/modules/websites/aten/aten.nix
@@ -0,0 +1,126 @@
+{ lib, checkEnv, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages, yarn }:
+let
+  aten = { environment ? "dev" }: rec {
+    varPrefix = "ATEN";
+    varDir = "/var/lib/aten_${environment}";
+    envName= lib.strings.toUpper environment;
+    phpFpm = rec {
+      socket = "/var/run/phpfpm/aten-${environment}.sock";
+      pool = ''
+        listen = ${socket}
+        user = ${apache.user}
+        group = ${apache.group}
+        listen.owner = ${apache.user}
+        listen.group = ${apache.group}
+        php_admin_value[upload_max_filesize] = 20M
+        php_admin_value[post_max_size] = 20M
+        ;php_admin_flag[log_errors] = on
+        php_admin_value[open_basedir] = "${webappDir}:${varDir}:/tmp"
+        php_admin_value[session.save_path] = "${varDir}/phpSessions"
+        ${if environment == "dev" then ''
+        pm = ondemand
+        pm.max_children = 5
+        pm.process_idle_timeout = 60
+        env[SYMFONY_DEBUG_MODE] = "yes"
+        '' else ''
+        pm = dynamic
+        pm.max_children = 20
+        pm.start_servers = 2
+        pm.min_spare_servers = 1
+        pm.max_spare_servers = 3
+        ''}'';
+    };
+    apache = {
+      user = "wwwrun";
+      group = "wwwrun";
+      modules = [ "proxy_fcgi" ];
+      vhostConf =
+        assert checkEnv "NIXOPS_${varPrefix}_${envName}_SECRET";
+        assert checkEnv "NIXOPS_${varPrefix}_${envName}_PSQL_URL";
+      ''
+      <FilesMatch "\.php$">
+        SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+      </FilesMatch>
+      SetEnv APP_ENV      "${environment}"
+      SetEnv APP_SECRET   "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_SECRET"}
+      SetEnv DATABASE_URL "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_PSQL_URL"}
+      ${if environment == "dev" then ''
+      <Location />
+        Use LDAPConnect
+        Require ldap-group   cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
+        ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
+      </Location>
+      <Location /backend>
+        Use LDAPConnect
+        Require ldap-group   cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
+        ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
+      </Location>
+      '' else ''
+      Use Stats aten.pro
+      <Location /backend>
+        Use LDAPConnect
+        Require ldap-group   cn=aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
+        ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
+      </Location>
+      ''}
+      <Directory ${webRoot}>
+        Options Indexes FollowSymLinks MultiViews Includes
+        AllowOverride All
+        Require all granted
+        DirectoryIndex index.php
+        FallbackResource /index.php
+      </Directory>
+      '';
+    };
+    activationScript = {
+      deps = [ "wrappers" ];
+      text = ''
+      install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}
+      install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
+      if [ ! -f "${varDir}/currentWebappDir" -o \
+          "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then
+        pushd ${webappDir} > /dev/null
+        $wrapperDir/sudo -u wwwrun APP_ENV=${environment} ./bin/console --env=${environment} cache:clear --no-warmup
+        popd > /dev/null
+        echo -n "${webappDir}" > ${varDir}/currentWebappDir
+      fi
+      '';
+    };
+    webappDir = stdenv.mkDerivation (fetchedGitPrivate ./aten.json // rec {
+      # FIXME: can we do better than symlink?
+      # FIXME: initial sync
+      # FIXME: backup
+      # FIXME: usage statistics
+      buildPhase = ''
+        export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
+        export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
+        export APP_ENV="${environment}"
+        export DATABASE_URL="${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_PSQL_URL"}"
+        export APP_SECRET="${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_SECRET"}"
+        ${if environment == "dev" then ''
+          composer install
+        '' else ''
+          SYMFONY_ENV=prod composer install --no-dev
+        ''}
+        yarn install
+        yarn run encore production
+        rm -rf var
+        ln -sf ../../../../../${varDir} var
+        '';
+      installPhase = ''
+        cp -a . $out
+        '';
+      buildInputs = [
+        php git cacert phpPackages.composer yarn
+      ];
+    });
+    webRoot = "${webappDir}/public";
+  };
+in
+  aten
diff --git a/virtual/modules/websites/aten/default.nix b/virtual/modules/websites/aten/default.nix
new file mode 100644
index 0000000..d9db75c
--- /dev/null
+++ b/virtual/modules/websites/aten/default.nix
@@ -0,0 +1,64 @@
+{ lib, pkgs, config, mylibs, ... }:
+let
+    aten = pkgs.callPackage ./aten.nix { inherit (mylibs) checkEnv fetchedGitPrivate; };
+    aten_dev  = aten { environment = "dev"; };
+    aten_prod = aten { environment = "prod"; };
+    cfg = config.services.myWebsites.Aten;
+in {
+  options.services.myWebsites.Aten = {
+    production = {
+      enable = lib.mkEnableOption "enable Aten's website in production";
+    };
+    integration = {
+      enable = lib.mkEnableOption "enable Aten's website in integration";
+    };
+  };
+  imports = [
+    ../commons/stats.nix
+  ];
+  config = lib.mkMerge [
+    (lib.mkIf cfg.production.enable {
+      services.myWebsites.commons.stats.enable = true;
+      services.myWebsites.commons.stats.sites = [
+        {
+          name = "aten.pro";
+          conf = ./goaccess.conf;
+        }
+      ];
+      security.acme.certs."aten" = config.services.myCertificates.certConfig // {
+        domain = "aten.pro";
+        extraDomains = {
+          "www.aten.pro" = null;
+        };
+      };
+      services.phpfpm.poolConfigs.aten_prod = aten_prod.phpFpm.pool;
+      system.activationScripts.aten_prod = aten_prod.activationScript;
+      services.myWebsites.apacheConfig.aten_prod.modules = aten_prod.apache.modules;
+      services.myWebsites.production.modules = aten_prod.apache.modules;
+      services.myWebsites.production.vhostConfs.aten = {
+        certName    = "aten";
+        hosts       = [ "aten.pro" "www.aten.pro" ];
+        root        = aten_prod.webRoot;
+        extraConfig = [ aten_prod.apache.vhostConf ];
+      };
+    })
+    (lib.mkIf cfg.integration.enable {
+      security.acme.certs."eldiron".extraDomains."dev.aten.pro" = null;
+      services.phpfpm.poolConfigs.aten_dev = aten_dev.phpFpm.pool;
+      system.activationScripts.aten_dev = aten_dev.activationScript;
+      services.myWebsites.integration.modules = aten_dev.apache.modules;
+      services.myWebsites.integration.vhostConfs.aten = {
+        certName    = "eldiron";
+        hosts       = [ "dev.aten.pro" ];
+        root        = aten_dev.webRoot;
+        extraConfig = [ aten_dev.apache.vhostConf ];
+      };
+    })
+  ];
+}
diff --git a/virtual/modules/websites/aten/goaccess.conf b/virtual/modules/websites/aten/goaccess.conf
new file mode 100644
index 0000000..07cce57
--- /dev/null
+++ b/virtual/modules/websites/aten/goaccess.conf
@@ -0,0 +1,99 @@
+time-format %H:%M:%S
+date-format %d/%b/%Y
+#sur immae.eu
+#log-format %v %h %^[%d:%t %^] "%r" %s %b "%R" "%u" $^
+log-format VCOMBINED
+#= %v:%^ %h %^[%d:%t %^] "%r" %s %b "%R" "%u"
+html-prefs {"theme":"bright","layout":"vertical"}
+exclude-ip 188.165.209.148
+exclude-ip 178.33.252.96
+exclude-ip 2001:41d0:2:9c94::1
+exclude-ip 2001:41d0:2:9c94::
+exclude-ip 176.9.151.89
+exclude-ip 2a01:4f8:160:3445::
+exclude-ip 82.255.56.72
+no-query-string true
+keep-db-files true
+load-from-disk true
+db-path /var/lib/goaccess/aten.pro
+ignore-panel REFERRERS
+ignore-panel KEYPHRASES
+static-file .css
+static-file .js
+static-file .jpg
+static-file .png
+static-file .gif
+static-file .ico
+static-file .jpeg
+static-file .pdf
+static-file .csv
+static-file .mpeg
+static-file .mpg
+static-file .swf
+static-file .woff
+static-file .woff2
+static-file .xls
+static-file .xlsx
+static-file .doc
+static-file .docx
+static-file .ppt
+static-file .pptx
+static-file .txt
+static-file .zip
+static-file .ogg
+static-file .mp3
+static-file .mp4
+static-file .exe
+static-file .iso
+static-file .gz
+static-file .rar
+static-file .svg
+static-file .bmp
+static-file .tar
+static-file .tgz
+static-file .tiff
+static-file .tif
+static-file .ttf
+static-file .flv
+#static-file .less
+#static-file .ac3
+#static-file .avi
+#static-file .bz2
+#static-file .class
+#static-file .cue
+#static-file .dae
+#static-file .dat
+#static-file .dts
+#static-file .ejs
+#static-file .eot
+#static-file .eps
+#static-file .img
+#static-file .jar
+#static-file .map
+#static-file .mid
+#static-file .midi
+#static-file .ogv
+#static-file .webm
+#static-file .mkv
+#static-file .odp
+#static-file .ods
+#static-file .odt
+#static-file .otf
+#static-file .pict
+#static-file .pls
+#static-file .ps
+#static-file .qt
+#static-file .rm
+#static-file .svgz
+#static-file .wav
+#static-file .webp

diff --git a/virtual/modules/websites/aten/aten.json b/virtual/modules/websites/aten/aten.json new file mode 100644 index 0000000..53569b6 --- /dev/null +++ b/virtual/modules/websites/aten/aten.json
@@ -0,0 +1,14 @@
	1	{
	2	"tag": "b99537f-master",
	3	"meta": {
	4	"name": "aten",
	5	"url": "gitolite@git.immae.eu:perso/Immae/Sites/Aten",
	6	"branch": "master"
	7	},
	8	"git": {
	9	"url": "gitolite@git.immae.eu:perso/Immae/Sites/Aten",
	10	"rev": "b99537fdad41291afb4f1bb8b2e2aa4081c71fae",
	11	"sha256": "15mlyik6zivxwry6zc906bqnivxhby27yr8kj4lg5n68pvb877dn",
	12	"fetchSubmodules": true
	13	}
	14	}


diff --git a/virtual/modules/websites/aten/aten.nix b/virtual/modules/websites/aten/aten.nix new file mode 100644 index 0000000..d67f7b7 --- /dev/null +++ b/virtual/modules/websites/aten/aten.nix
@@ -0,0 +1,126 @@
	1	{ lib, checkEnv, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages, yarn }:
	2	let
	3	aten = { environment ? "dev" }: rec {
	4	varPrefix = "ATEN";
	5	varDir = "/var/lib/aten_${environment}";
	6	envName= lib.strings.toUpper environment;
	7	phpFpm = rec {
	8	socket = "/var/run/phpfpm/aten-${environment}.sock";
	9	pool = ''
	10	listen = ${socket}
	11	user = ${apache.user}
	12	group = ${apache.group}
	13	listen.owner = ${apache.user}
	14	listen.group = ${apache.group}
	15	php_admin_value[upload_max_filesize] = 20M
	16	php_admin_value[post_max_size] = 20M
	17	;php_admin_flag[log_errors] = on
	18	php_admin_value[open_basedir] = "${webappDir}:${varDir}:/tmp"
	19	php_admin_value[session.save_path] = "${varDir}/phpSessions"
	20	${if environment == "dev" then ''
	21	pm = ondemand
	22	pm.max_children = 5
	23	pm.process_idle_timeout = 60
	24	env[SYMFONY_DEBUG_MODE] = "yes"
	25	'' else ''
	26	pm = dynamic
	27	pm.max_children = 20
	28	pm.start_servers = 2
	29	pm.min_spare_servers = 1
	30	pm.max_spare_servers = 3
	31	''}'';
	32	};
	33	apache = {
	34	user = "wwwrun";
	35	group = "wwwrun";
	36	modules = [ "proxy_fcgi" ];
	37	vhostConf =
	38	assert checkEnv "NIXOPS_${varPrefix}_${envName}_SECRET";
	39	assert checkEnv "NIXOPS_${varPrefix}_${envName}_PSQL_URL";
	40	''
	41	<FilesMatch "\.php$">
	42	SetHandler "proxy:unix:${phpFpm.socket}\|fcgi://localhost"
	43	</FilesMatch>
	44
	45	SetEnv APP_ENV "${environment}"
	46	SetEnv APP_SECRET "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_SECRET"}
	47	SetEnv DATABASE_URL "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_PSQL_URL"}
	48
	49	${if environment == "dev" then ''
	50	<Location />
	51	Use LDAPConnect
	52	Require ldap-group cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
	53	ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
	54	</Location>
	55
	56	<Location /backend>
	57	Use LDAPConnect
	58	Require ldap-group cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
	59	ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
	60	</Location>
	61	'' else ''
	62	Use Stats aten.pro
	63
	64	<Location /backend>
	65	Use LDAPConnect
	66	Require ldap-group cn=aten.pro,cn=httpd,ou=services,dc=immae,dc=eu
	67	ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://aten.pro\"></html>"
	68	</Location>
	69	''}
	70
	71	<Directory ${webRoot}>
	72	Options Indexes FollowSymLinks MultiViews Includes
	73	AllowOverride All
	74	Require all granted
	75	DirectoryIndex index.php
	76	FallbackResource /index.php
	77	</Directory>
	78	'';
	79	};
	80	activationScript = {
	81	deps = [ "wrappers" ];
	82	text = ''
	83	install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}
	84	install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
	85	if [ ! -f "${varDir}/currentWebappDir" -o \
	86	"${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then
	87	pushd ${webappDir} > /dev/null
	88	$wrapperDir/sudo -u wwwrun APP_ENV=${environment} ./bin/console --env=${environment} cache:clear --no-warmup
	89	popd > /dev/null
	90	echo -n "${webappDir}" > ${varDir}/currentWebappDir
	91	fi
	92	'';
	93	};
	94	webappDir = stdenv.mkDerivation (fetchedGitPrivate ./aten.json // rec {
	95	# FIXME: can we do better than symlink?
	96	# FIXME: initial sync
	97	# FIXME: backup
	98	# FIXME: usage statistics
	99	buildPhase = ''
	100	export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
	101	export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
	102	export APP_ENV="${environment}"
	103	export DATABASE_URL="${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_PSQL_URL"}"
	104	export APP_SECRET="${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_SECRET"}"
	105
	106	${if environment == "dev" then ''
	107	composer install
	108	'' else ''
	109	SYMFONY_ENV=prod composer install --no-dev
	110	''}
	111	yarn install
	112	yarn run encore production
	113	rm -rf var
	114	ln -sf ../../../../../${varDir} var
	115	'';
	116	installPhase = ''
	117	cp -a . $out
	118	'';
	119	buildInputs = [
	120	php git cacert phpPackages.composer yarn
	121	];
	122	});
	123	webRoot = "${webappDir}/public";
	124	};
	125	in
	126	aten


diff --git a/virtual/modules/websites/aten/default.nix b/virtual/modules/websites/aten/default.nix new file mode 100644 index 0000000..d9db75c --- /dev/null +++ b/virtual/modules/websites/aten/default.nix
@@ -0,0 +1,64 @@
	1	{ lib, pkgs, config, mylibs, ... }:
	2	let
	3	aten = pkgs.callPackage ./aten.nix { inherit (mylibs) checkEnv fetchedGitPrivate; };
	4	aten_dev = aten { environment = "dev"; };
	5	aten_prod = aten { environment = "prod"; };
	6
	7	cfg = config.services.myWebsites.Aten;
	8	in {
	9	options.services.myWebsites.Aten = {
	10	production = {
	11	enable = lib.mkEnableOption "enable Aten's website in production";
	12	};
	13	integration = {
	14	enable = lib.mkEnableOption "enable Aten's website in integration";
	15	};
	16	};
	17
	18	imports = [
	19	../commons/stats.nix
	20	];
	21
	22	config = lib.mkMerge [
	23	(lib.mkIf cfg.production.enable {
	24	services.myWebsites.commons.stats.enable = true;
	25	services.myWebsites.commons.stats.sites = [
	26	{
	27	name = "aten.pro";
	28	conf = ./goaccess.conf;
	29	}
	30	];
	31
	32	security.acme.certs."aten" = config.services.myCertificates.certConfig // {
	33	domain = "aten.pro";
	34	extraDomains = {
	35	"www.aten.pro" = null;
	36	};
	37	};
	38
	39	services.phpfpm.poolConfigs.aten_prod = aten_prod.phpFpm.pool;
	40	system.activationScripts.aten_prod = aten_prod.activationScript;
	41	services.myWebsites.apacheConfig.aten_prod.modules = aten_prod.apache.modules;
	42	services.myWebsites.production.modules = aten_prod.apache.modules;
	43	services.myWebsites.production.vhostConfs.aten = {
	44	certName = "aten";
	45	hosts = [ "aten.pro" "www.aten.pro" ];
	46	root = aten_prod.webRoot;
	47	extraConfig = [ aten_prod.apache.vhostConf ];
	48	};
	49	})
	50	(lib.mkIf cfg.integration.enable {
	51	security.acme.certs."eldiron".extraDomains."dev.aten.pro" = null;
	52	services.phpfpm.poolConfigs.aten_dev = aten_dev.phpFpm.pool;
	53	system.activationScripts.aten_dev = aten_dev.activationScript;
	54	services.myWebsites.integration.modules = aten_dev.apache.modules;
	55	services.myWebsites.integration.vhostConfs.aten = {
	56	certName = "eldiron";
	57	hosts = [ "dev.aten.pro" ];
	58	root = aten_dev.webRoot;
	59	extraConfig = [ aten_dev.apache.vhostConf ];
	60	};
	61	})
	62	];
	63	}
	64


diff --git a/virtual/modules/websites/aten/goaccess.conf b/virtual/modules/websites/aten/goaccess.conf new file mode 100644 index 0000000..07cce57 --- /dev/null +++ b/virtual/modules/websites/aten/goaccess.conf
@@ -0,0 +1,99 @@
	1	time-format %H:%M:%S
	2	date-format %d/%b/%Y
	3
	4	#sur immae.eu
	5	#log-format %v %h %^[%d:%t %^] "%r" %s %b "%R" "%u" $^
	6
	7	log-format VCOMBINED
	8	#= %v:%^ %h %^[%d:%t %^] "%r" %s %b "%R" "%u"
	9
	10	html-prefs {"theme":"bright","layout":"vertical"}
	11
	12	exclude-ip 188.165.209.148
	13	exclude-ip 178.33.252.96
	14	exclude-ip 2001:41d0:2:9c94::1
	15	exclude-ip 2001:41d0:2:9c94::
	16	exclude-ip 176.9.151.89
	17	exclude-ip 2a01:4f8:160:3445::
	18	exclude-ip 82.255.56.72
	19
	20	no-query-string true
	21
	22	keep-db-files true
	23	load-from-disk true
	24	db-path /var/lib/goaccess/aten.pro
	25
	26	ignore-panel REFERRERS
	27	ignore-panel KEYPHRASES
	28
	29	static-file .css
	30	static-file .js
	31	static-file .jpg
	32	static-file .png
	33	static-file .gif
	34	static-file .ico
	35	static-file .jpeg
	36	static-file .pdf
	37	static-file .csv
	38	static-file .mpeg
	39	static-file .mpg
	40	static-file .swf
	41	static-file .woff
	42	static-file .woff2
	43	static-file .xls
	44	static-file .xlsx
	45	static-file .doc
	46	static-file .docx
	47	static-file .ppt
	48	static-file .pptx
	49	static-file .txt
	50	static-file .zip
	51	static-file .ogg
	52	static-file .mp3
	53	static-file .mp4
	54	static-file .exe
	55	static-file .iso
	56	static-file .gz
	57	static-file .rar
	58	static-file .svg
	59	static-file .bmp
	60	static-file .tar
	61	static-file .tgz
	62	static-file .tiff
	63	static-file .tif
	64	static-file .ttf
	65	static-file .flv
	66	#static-file .less
	67	#static-file .ac3
	68	#static-file .avi
	69	#static-file .bz2
	70	#static-file .class
	71	#static-file .cue
	72	#static-file .dae
	73	#static-file .dat
	74	#static-file .dts
	75	#static-file .ejs
	76	#static-file .eot
	77	#static-file .eps
	78	#static-file .img
	79	#static-file .jar
	80	#static-file .map
	81	#static-file .mid
	82	#static-file .midi
	83	#static-file .ogv
	84	#static-file .webm
	85	#static-file .mkv
	86	#static-file .odp
	87	#static-file .ods
	88	#static-file .odt
	89	#static-file .otf
	90	#static-file .pict
	91	#static-file .pls
	92	#static-file .ps
	93	#static-file .qt
	94	#static-file .rm
	95	#static-file .svgz
	96	#static-file .wav
	97	#static-file .webp
	98
	99