From 7667c367033b15582cf383da62446f78e66a59ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Sat, 11 May 2019 16:55:50 +0200 Subject: Move spip and chloe website to pkgs --- nixops/modules/websites/chloe/chloe.json | 14 -- nixops/modules/websites/chloe/chloe.nix | 224 +++++++++------------ nixops/modules/websites/chloe/default.nix | 21 +- .../websites/commons/spip/spip_ldap_patch.patch | 60 ------ .../websites/commons/spip/spip_mes_options.php | 18 -- pkgs/private/default.nix | 6 +- pkgs/private/webapps/chloe/chloe.json | 14 ++ pkgs/private/webapps/chloe/default.nix | 19 ++ pkgs/private/webapps/default.nix | 3 +- pkgs/webapps/default.nix | 1 + pkgs/webapps/spip/default.nix | 32 +++ pkgs/webapps/spip/spip_ldap_patch.patch | 60 ++++++ pkgs/webapps/spip/spip_mes_options.php | 18 ++ 13 files changed, 258 insertions(+), 232 deletions(-) delete mode 100644 nixops/modules/websites/chloe/chloe.json delete mode 100644 nixops/modules/websites/commons/spip/spip_ldap_patch.patch delete mode 100644 nixops/modules/websites/commons/spip/spip_mes_options.php create mode 100644 pkgs/private/webapps/chloe/chloe.json create mode 100644 pkgs/private/webapps/chloe/default.nix create mode 100644 pkgs/webapps/spip/default.nix create mode 100644 pkgs/webapps/spip/spip_ldap_patch.patch create mode 100644 pkgs/webapps/spip/spip_mes_options.php diff --git a/nixops/modules/websites/chloe/chloe.json b/nixops/modules/websites/chloe/chloe.json deleted file mode 100644 index 686d751..0000000 --- a/nixops/modules/websites/chloe/chloe.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "tag": "96fc4eb-master", - "meta": { - "name": "chloe", - "url": "gitolite@git.immae.eu:perso/Immae/Sites/Chloe", - "branch": "master" - }, - "git": { - "url": "gitolite@git.immae.eu:perso/Immae/Sites/Chloe", - "rev": "96fc4eb0099a29b0f9a58fb4eaec4bf14ac65f0a", - "sha256": "0mf15j6z86j2smm2k360cmm5djhcjbs9949pznwi57kw97vkm1s3", - "fetchSubmodules": true - } -} diff --git a/nixops/modules/websites/chloe/chloe.nix b/nixops/modules/websites/chloe/chloe.nix index e2381d8..2847b9d 100644 --- a/nixops/modules/websites/chloe/chloe.nix +++ b/nixops/modules/websites/chloe/chloe.nix @@ -1,137 +1,105 @@ -{ stdenv, lib, fetchzip, fetchurl, fetchedGitPrivate, sassc }: -let - chloe = { config }: rec { - environment = config.environment; - phpFpm = rec { - serviceDeps = [ "mysql.service" ]; - socket = "/var/run/phpfpm/chloe-${environment}.sock"; - pool = '' - listen = ${socket} - user = ${apache.user} - group = ${apache.group} - listen.owner = ${apache.user} - listen.group = ${apache.group} - php_admin_value[upload_max_filesize] = 20M - php_admin_value[post_max_size] = 20M - ;php_admin_flag[log_errors] = on - php_admin_value[open_basedir] = "${../commons/spip/spip_mes_options.php}:${configDir}:${webRoot}:${varDir}:/tmp" - php_admin_value[session.save_path] = "${varDir}/phpSessions" - ${if environment == "dev" then '' - pm = ondemand - pm.max_children = 5 - pm.process_idle_timeout = 60 - '' else '' - pm = dynamic - pm.max_children = 20 - pm.start_servers = 2 - pm.min_spare_servers = 1 - pm.max_spare_servers = 3 - ''}''; - }; - keys = [{ - dest = "webapps/${environment}-chloe"; - user = apache.user; - group = apache.group; - permissions = "0400"; - text = '' - SetEnv SPIP_CONFIG_DIR "${configDir}" - SetEnv SPIP_VAR_DIR "${varDir}" - SetEnv SPIP_SITE "chloe-${environment}" - SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu" - SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu" - SetEnv SPIP_LDAP_SEARCH_DN "${config.ldap.dn}" - SetEnv SPIP_LDAP_SEARCH_PW "${config.ldap.password}" - SetEnv SPIP_LDAP_SEARCH "${config.ldap.search}" - SetEnv SPIP_MYSQL_HOST "${config.mysql.host}" - SetEnv SPIP_MYSQL_PORT "${config.mysql.port}" - SetEnv SPIP_MYSQL_DB "${config.mysql.name}" - SetEnv SPIP_MYSQL_USER "${config.mysql.user}" - SetEnv SPIP_MYSQL_PASSWORD "${config.mysql.password}" - ''; - }]; - apache = rec { - user = "wwwrun"; - group = "wwwrun"; - modules = [ "proxy_fcgi" ]; - webappName = "chloe_${environment}"; - root = "/run/current-system/webapps/${webappName}"; - vhostConf = '' - Include /var/secrets/webapps/${environment}-chloe +{ chloe, config }: +rec { + app = chloe.override { inherit (config) environment; }; + phpFpm = rec { + serviceDeps = [ "mysql.service" ]; + socket = "/var/run/phpfpm/chloe-${app.environment}.sock"; + pool = '' + listen = ${socket} + user = ${apache.user} + group = ${apache.group} + listen.owner = ${apache.user} + listen.group = ${apache.group} + php_admin_value[upload_max_filesize] = 20M + php_admin_value[post_max_size] = 20M + ;php_admin_flag[log_errors] = on + php_admin_value[open_basedir] = "${app.spipConfig}:${configDir}:${app}:${app.varDir}:/tmp" + php_admin_value[session.save_path] = "${app.varDir}/phpSessions" + ${if app.environment == "dev" then '' + pm = ondemand + pm.max_children = 5 + pm.process_idle_timeout = 60 + '' else '' + pm = dynamic + pm.max_children = 20 + pm.start_servers = 2 + pm.min_spare_servers = 1 + pm.max_spare_servers = 3 + ''}''; + }; + keys = [{ + dest = "webapps/${app.environment}-chloe"; + user = apache.user; + group = apache.group; + permissions = "0400"; + text = '' + SetEnv SPIP_CONFIG_DIR "${configDir}" + SetEnv SPIP_VAR_DIR "${app.varDir}" + SetEnv SPIP_SITE "chloe-${app.environment}" + SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu" + SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu" + SetEnv SPIP_LDAP_SEARCH_DN "${config.ldap.dn}" + SetEnv SPIP_LDAP_SEARCH_PW "${config.ldap.password}" + SetEnv SPIP_LDAP_SEARCH "${config.ldap.search}" + SetEnv SPIP_MYSQL_HOST "${config.mysql.host}" + SetEnv SPIP_MYSQL_PORT "${config.mysql.port}" + SetEnv SPIP_MYSQL_DB "${config.mysql.name}" + SetEnv SPIP_MYSQL_USER "${config.mysql.user}" + SetEnv SPIP_MYSQL_PASSWORD "${config.mysql.password}" + ''; + }]; + apache = rec { + user = "wwwrun"; + group = "wwwrun"; + modules = [ "proxy_fcgi" ]; + webappName = "chloe_${app.environment}"; + root = "/run/current-system/webapps/${webappName}"; + vhostConf = '' + Include /var/secrets/webapps/${app.environment}-chloe - RewriteEngine On - ${if environment == "prod" then '' - RewriteRule ^/news.rss /spip.php?page=backend&id_rubrique=1 - '' else ""} + RewriteEngine On + ${if app.environment == "prod" then '' + RewriteRule ^/news.rss /spip.php?page=backend&id_rubrique=1 + '' else ""} - - SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" - + + SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" + - - DirectoryIndex index.php index.htm index.html - Options -Indexes +FollowSymLinks +MultiViews +Includes - Include ${root}/htaccess.txt + + DirectoryIndex index.php index.htm index.html + Options -Indexes +FollowSymLinks +MultiViews +Includes + Include ${root}/htaccess.txt - AllowOverride AuthConfig FileInfo Limit - Require all granted - + AllowOverride AuthConfig FileInfo Limit + Require all granted + - - Require all denied - + + Require all denied + - - Require all denied - + + Require all denied + - ${if environment == "dev" then '' - - Use LDAPConnect - Require ldap-group cn=chloe.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu - ErrorDocument 401 "" - - '' else '' - Use Stats osteopathe-cc.fr - ''} - ''; - }; - activationScript = { - deps = [ "wrappers" ]; - text = '' - install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} ${varDir}/IMG ${varDir}/tmp ${varDir}/local - install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions - ''; - }; - configDir = ./chloe_config_ + environment; - varDir = "/var/lib/chloe_${environment}"; - siteDir = stdenv.mkDerivation (fetchedGitPrivate ./chloe.json // rec { - buildPhase = '' - make - ''; - installPhase = '' - cp -a . $out - ''; - buildInputs = [ sassc ]; - }); - webRoot = stdenv.mkDerivation rec { - name = "chloe-${environment}-spip-${version}"; - version = "3.2.3"; - src = fetchzip { - url = "https://files.spip.net/spip/archives/SPIP-v${version}.zip"; - sha256 = "1r1mjvsnrp6mvkgjakvi3x4ms8m8k5mp93micbbg8r99fj7qlfkq"; - }; - paches = [ ../commons/spip/spip_ldap_patch.patch ]; - buildPhase = '' - rm -rf IMG local tmp config/remove.txt - ln -sf ${../commons/spip/spip_mes_options.php} config/mes_options.php - echo "Require all denied" > "config/.htaccess" - ln -sf ${varDir}/{IMG,local} . + ${if app.environment == "dev" then '' + + Use LDAPConnect + Require ldap-group cn=chloe.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu + ErrorDocument 401 "" + + '' else '' + Use Stats osteopathe-cc.fr + ''} ''; - installPhase = '' - cp -a . $out - cp -a ${siteDir}/* $out - ''; - }; }; -in - chloe + activationScript = { + deps = [ "wrappers" ]; + text = '' + install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local + install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions + ''; + }; + configDir = ./chloe_config_ + app.environment; +} diff --git a/nixops/modules/websites/chloe/default.nix b/nixops/modules/websites/chloe/default.nix index a542d70..874b81b 100644 --- a/nixops/modules/websites/chloe/default.nix +++ b/nixops/modules/websites/chloe/default.nix @@ -1,14 +1,15 @@ { lib, pkgs, config, myconfig, mylibs, ... }: let - chloe = pkgs.callPackage ./chloe.nix { inherit (mylibs) fetchedGitPrivate; }; - chloe_dev = chloe { - config = myconfig.env.websites.chloe.integration; - }; - chloe_prod = chloe { - config = myconfig.env.websites.chloe.production; - }; + chloe_dev = pkgs.callPackage ./chloe.nix { + inherit (pkgs.private.webapps) chloe; + config = myconfig.env.websites.chloe.integration; + }; + chloe_prod = pkgs.callPackage ./chloe.nix { + inherit (pkgs.private.webapps) chloe; + config = myconfig.env.websites.chloe.production; + }; - cfg = config.services.myWebsites.Chloe; + cfg = config.services.myWebsites.Chloe; in { options.services.myWebsites.Chloe = { production = { @@ -39,7 +40,7 @@ in { system.activationScripts.chloe_prod = chloe_prod.activationScript; system.extraSystemBuilderCmds = '' mkdir -p $out/webapps - ln -s ${chloe_prod.webRoot} $out/webapps/${chloe_prod.apache.webappName} + ln -s ${chloe_prod.app.webRoot} $out/webapps/${chloe_prod.apache.webappName} ''; services.myWebsites.production.modules = chloe_prod.apache.modules; services.myWebsites.production.vhostConfs.chloe = { @@ -60,7 +61,7 @@ in { system.activationScripts.chloe_dev = chloe_dev.activationScript; system.extraSystemBuilderCmds = '' mkdir -p $out/webapps - ln -s ${chloe_dev.webRoot} $out/webapps/${chloe_dev.apache.webappName} + ln -s ${chloe_dev.app.webRoot} $out/webapps/${chloe_dev.apache.webappName} ''; services.myWebsites.integration.modules = chloe_dev.apache.modules; services.myWebsites.integration.vhostConfs.chloe = { diff --git a/nixops/modules/websites/commons/spip/spip_ldap_patch.patch b/nixops/modules/websites/commons/spip/spip_ldap_patch.patch deleted file mode 100644 index 653c909..0000000 --- a/nixops/modules/websites/commons/spip/spip_ldap_patch.patch +++ /dev/null @@ -1,60 +0,0 @@ ---- old/ecrire/auth/ldap.php 2017-06-08 21:58:17.000000000 +0200 -+++ new/ecrire/auth/ldap.php 2017-06-10 02:54:02.687954143 +0200 -@@ -171,24 +171,41 @@ - $desc = isset($ldap['attributes']) && $ldap['attributes'] ? $ldap['attributes'] : $GLOBALS['ldap_attributes'] ; - - $logins = is_array($desc['login']) ? $desc['login'] : array($desc['login']); -+ if (isset($GLOBALS['ldap_search'])) { -+ $search_query = str_replace("%user%", $login_search, $GLOBALS['ldap_search']); -+ $result = @ldap_search($ldap_link, $ldap_base, $search_query, array("dn")); -+ $info = @ldap_get_entries($ldap_link, $result); -+ // Ne pas accepter les resultats si plus d'une entree -+ // (on veut un attribut unique) - -- // Tenter une recherche pour essayer de retrouver le DN -- foreach ($logins as $att) { -- $result = @ldap_search($ldap_link, $ldap_base, "$att=$login_search", array("dn")); -- $info = @ldap_get_entries($ldap_link, $result); -- // Ne pas accepter les resultats si plus d'une entree -- // (on veut un attribut unique) -+ if (is_array($info) and $info['count'] == 1) { -+ $dn = $info[0]['dn']; -+ if (!$checkpass) { -+ return $dn; -+ } -+ if (@ldap_bind($ldap_link, $dn, $pass)) { -+ return $dn; -+ } -+ } -+ } else { -+ // Tenter une recherche pour essayer de retrouver le DN -+ foreach ($logins as $att) { -+ $result = @ldap_search($ldap_link, $ldap_base, "$att=$login_search", array("dn")); -+ $info = @ldap_get_entries($ldap_link, $result); -+ // Ne pas accepter les resultats si plus d'une entree -+ // (on veut un attribut unique) - -- if (is_array($info) and $info['count'] == 1) { -- $dn = $info[0]['dn']; -- if (!$checkpass) { -- return $dn; -- } -- if (@ldap_bind($ldap_link, $dn, $pass)) { -- return $dn; -- } -- } -- } -+ if (is_array($info) and $info['count'] == 1) { -+ $dn = $info[0]['dn']; -+ if (!$checkpass) { -+ return $dn; -+ } -+ if (@ldap_bind($ldap_link, $dn, $pass)) { -+ return $dn; -+ } -+ } -+ } -+ } - - if ($checkpass and !isset($dn)) { - // Si echec, essayer de deviner le DN diff --git a/nixops/modules/websites/commons/spip/spip_mes_options.php b/nixops/modules/websites/commons/spip/spip_mes_options.php deleted file mode 100644 index 8db8389..0000000 --- a/nixops/modules/websites/commons/spip/spip_mes_options.php +++ /dev/null @@ -1,18 +0,0 @@ - diff --git a/pkgs/private/default.nix b/pkgs/private/default.nix index 951a23f..60fabad 100644 --- a/pkgs/private/default.nix +++ b/pkgs/private/default.nix @@ -4,5 +4,9 @@ let mylibs = import ../../libs.nix { inherit pkgs; }; in rec { - webapps = callPackage ./webapps { inherit mylibs; inherit (pkgs) composerEnv; }; + webapps = callPackage ./webapps { + inherit mylibs; + inherit (pkgs) composerEnv; + inherit (pkgs.webapps) spip; + }; } diff --git a/pkgs/private/webapps/chloe/chloe.json b/pkgs/private/webapps/chloe/chloe.json new file mode 100644 index 0000000..686d751 --- /dev/null +++ b/pkgs/private/webapps/chloe/chloe.json @@ -0,0 +1,14 @@ +{ + "tag": "96fc4eb-master", + "meta": { + "name": "chloe", + "url": "gitolite@git.immae.eu:perso/Immae/Sites/Chloe", + "branch": "master" + }, + "git": { + "url": "gitolite@git.immae.eu:perso/Immae/Sites/Chloe", + "rev": "96fc4eb0099a29b0f9a58fb4eaec4bf14ac65f0a", + "sha256": "0mf15j6z86j2smm2k360cmm5djhcjbs9949pznwi57kw97vkm1s3", + "fetchSubmodules": true + } +} diff --git a/pkgs/private/webapps/chloe/default.nix b/pkgs/private/webapps/chloe/default.nix new file mode 100644 index 0000000..f148d4b --- /dev/null +++ b/pkgs/private/webapps/chloe/default.nix @@ -0,0 +1,19 @@ +{ environment ? "prod" +, varDir ? "/var/lib/chloe_${environment}" +, spip, stdenv, mylibs, sassc }: +let + siteDir = stdenv.mkDerivation (mylibs.fetchedGitPrivate ./chloe.json // rec { + buildPhase = '' + make + ''; + installPhase = '' + cp -a . $out + ''; + buildInputs = [ sassc ]; + }); +in +spip.override { + ldap = true; + siteName = "chloe"; + inherit environment siteDir; +} diff --git a/pkgs/private/webapps/default.nix b/pkgs/private/webapps/default.nix index 46ad31c..14fd544 100644 --- a/pkgs/private/webapps/default.nix +++ b/pkgs/private/webapps/default.nix @@ -1,6 +1,7 @@ -{ callPackage, mylibs, composerEnv, lib }: +{ callPackage, mylibs, composerEnv, lib, spip }: rec { aten = callPackage ./aten { inherit composerEnv mylibs; }; + chloe = callPackage ./chloe { inherit mylibs spip; }; connexionswing = callPackage ./connexionswing { inherit composerEnv mylibs;}; ludivinecassal = callPackage ./ludivinecassal { inherit composerEnv mylibs; }; piedsjaloux = callPackage ./piedsjaloux { inherit composerEnv mylibs; }; diff --git a/pkgs/webapps/default.nix b/pkgs/webapps/default.nix index 0ef6736..229609f 100644 --- a/pkgs/webapps/default.nix +++ b/pkgs/webapps/default.nix @@ -86,6 +86,7 @@ rec { lib.attrsets.genAttrs names (name: callPackage (./roundcubemail/plugins + "/${name}") { buildPlugin = roundcubemail.buildPlugin; }); + spip = callPackage ./spip {}; taskwarrior-web = callPackage ./taskwarrior-web { inherit mylibs; }; ttrss = callPackage ./ttrss { inherit mylibs; }; diff --git a/pkgs/webapps/spip/default.nix b/pkgs/webapps/spip/default.nix new file mode 100644 index 0000000..8099f53 --- /dev/null +++ b/pkgs/webapps/spip/default.nix @@ -0,0 +1,32 @@ +{ siteName ? "spip" +, siteDir ? runCommand "empty" { preferLocalBuild = true; } "mkdir -p $out" +, environment ? "prod" +, ldap ? false +, varDir ? "/var/lib/${siteName}_${environment}" +, lib, fetchzip, runCommand, stdenv }: +let + app = stdenv.mkDerivation rec { + name = "${siteName}-${environment}-spip-${version}"; + version = "3.2.3"; + src = fetchzip { + url = "https://files.spip.net/spip/archives/SPIP-v${version}.zip"; + sha256 = "1r1mjvsnrp6mvkgjakvi3x4ms8m8k5mp93micbbg8r99fj7qlfkq"; + }; + paches = lib.optionals ldap [ ./spip_ldap_patch.patch ]; + buildPhase = '' + rm -rf IMG local tmp config/remove.txt + ln -sf ${./spip_mes_options.php} config/mes_options.php + echo "Require all denied" > "config/.htaccess" + ln -sf ${varDir}/{IMG,local} . + ''; + installPhase = '' + cp -a . $out + cp -a ${siteDir}/* $out + ''; + passthru = { + inherit siteName siteDir environment varDir; + webRoot = app; + spipConfig = ./spip_mes_options.php; + }; + }; +in app diff --git a/pkgs/webapps/spip/spip_ldap_patch.patch b/pkgs/webapps/spip/spip_ldap_patch.patch new file mode 100644 index 0000000..653c909 --- /dev/null +++ b/pkgs/webapps/spip/spip_ldap_patch.patch @@ -0,0 +1,60 @@ +--- old/ecrire/auth/ldap.php 2017-06-08 21:58:17.000000000 +0200 ++++ new/ecrire/auth/ldap.php 2017-06-10 02:54:02.687954143 +0200 +@@ -171,24 +171,41 @@ + $desc = isset($ldap['attributes']) && $ldap['attributes'] ? $ldap['attributes'] : $GLOBALS['ldap_attributes'] ; + + $logins = is_array($desc['login']) ? $desc['login'] : array($desc['login']); ++ if (isset($GLOBALS['ldap_search'])) { ++ $search_query = str_replace("%user%", $login_search, $GLOBALS['ldap_search']); ++ $result = @ldap_search($ldap_link, $ldap_base, $search_query, array("dn")); ++ $info = @ldap_get_entries($ldap_link, $result); ++ // Ne pas accepter les resultats si plus d'une entree ++ // (on veut un attribut unique) + +- // Tenter une recherche pour essayer de retrouver le DN +- foreach ($logins as $att) { +- $result = @ldap_search($ldap_link, $ldap_base, "$att=$login_search", array("dn")); +- $info = @ldap_get_entries($ldap_link, $result); +- // Ne pas accepter les resultats si plus d'une entree +- // (on veut un attribut unique) ++ if (is_array($info) and $info['count'] == 1) { ++ $dn = $info[0]['dn']; ++ if (!$checkpass) { ++ return $dn; ++ } ++ if (@ldap_bind($ldap_link, $dn, $pass)) { ++ return $dn; ++ } ++ } ++ } else { ++ // Tenter une recherche pour essayer de retrouver le DN ++ foreach ($logins as $att) { ++ $result = @ldap_search($ldap_link, $ldap_base, "$att=$login_search", array("dn")); ++ $info = @ldap_get_entries($ldap_link, $result); ++ // Ne pas accepter les resultats si plus d'une entree ++ // (on veut un attribut unique) + +- if (is_array($info) and $info['count'] == 1) { +- $dn = $info[0]['dn']; +- if (!$checkpass) { +- return $dn; +- } +- if (@ldap_bind($ldap_link, $dn, $pass)) { +- return $dn; +- } +- } +- } ++ if (is_array($info) and $info['count'] == 1) { ++ $dn = $info[0]['dn']; ++ if (!$checkpass) { ++ return $dn; ++ } ++ if (@ldap_bind($ldap_link, $dn, $pass)) { ++ return $dn; ++ } ++ } ++ } ++ } + + if ($checkpass and !isset($dn)) { + // Si echec, essayer de deviner le DN diff --git a/pkgs/webapps/spip/spip_mes_options.php b/pkgs/webapps/spip/spip_mes_options.php new file mode 100644 index 0000000..8db8389 --- /dev/null +++ b/pkgs/webapps/spip/spip_mes_options.php @@ -0,0 +1,18 @@ + -- cgit v1.2.3