From 1a64deeb894dc95e2645a75771732c6cc53a79ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Wed, 4 Oct 2023 01:35:06 +0200 Subject: Squash changes containing private information There were a lot of changes since the previous commit, but a lot of them contained personnal information about users. All thos changes got stashed into a single commit (history is kept in a different place) and private information was moved in a separate private repository --- modules/private/websites/denise/aventuriers.nix | 26 ------ modules/private/websites/denise/bingo.nix | 100 ---------------------- modules/private/websites/denise/denisejerome.nix | 31 ------- modules/private/websites/denise/evariste.nix | 104 ----------------------- modules/private/websites/denise/oms.nix | 100 ---------------------- modules/private/websites/denise/production.nix | 25 ------ 6 files changed, 386 deletions(-) delete mode 100644 modules/private/websites/denise/aventuriers.nix delete mode 100644 modules/private/websites/denise/bingo.nix delete mode 100644 modules/private/websites/denise/denisejerome.nix delete mode 100644 modules/private/websites/denise/evariste.nix delete mode 100644 modules/private/websites/denise/oms.nix delete mode 100644 modules/private/websites/denise/production.nix (limited to 'modules/private/websites/denise') diff --git a/modules/private/websites/denise/aventuriers.nix b/modules/private/websites/denise/aventuriers.nix deleted file mode 100644 index 2bbf7bf..0000000 --- a/modules/private/websites/denise/aventuriers.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ lib, config, pkgs, ... }: -let - cfg = config.myServices.websites.denise.aventuriers; - varDir = "/var/lib/buildbot/outputs/denise/aventuriers"; -in { - options.myServices.websites.denise.aventuriers.enable = lib.mkEnableOption "enable Denise's Aventuriers website"; - - config = lib.mkIf cfg.enable { - services.websites.env.production.vhostConfs.denise_aventuriers = { - certName = "denise"; - addToCerts = true; - hosts = [ "aventuriers.syanni.eu" ]; - root = varDir; - extraConfig = [ - '' - - DirectoryIndex aventuriers.html - Options Indexes FollowSymLinks MultiViews Includes - AllowOverride None - Require all granted - - '' - ]; - }; - }; -} diff --git a/modules/private/websites/denise/bingo.nix b/modules/private/websites/denise/bingo.nix deleted file mode 100644 index 9130462..0000000 --- a/modules/private/websites/denise/bingo.nix +++ /dev/null @@ -1,100 +0,0 @@ -{ lib, config, pkgs, ... }: -let - cfg = config.myServices.websites.denise.bingo; - varDir = "/var/lib/buildbot/outputs/denise/bingo"; - varDirBeta = "/var/lib/buildbot/outputs/denise/bingo_beta"; - socket = "/run/denise_bingo/socket.sock"; - socket_beta = "/run/denise_bingo_beta/socket.sock"; -in { - options.myServices.websites.denise.bingo.enable = lib.mkEnableOption "enable Denise's bingo website"; - - config = lib.mkIf cfg.enable { - services.websites.env.production.vhostConfs.denise_bingo = { - certName = "denise"; - addToCerts = true; - hosts = [ "bingo.syanni.eu" ]; - root = null; - extraConfig = [ - '' - ProxyPreserveHost on - ProxyVia On - ProxyRequests Off - ProxyPassMatch ^/.well-known/acme-challenge ! - ProxyPass / unix://${socket}|http://bingo.syanni.eu/ - ProxyPassReverse / unix://${socket}|http://bingo.syanni.eu/ - '' - ]; - }; - - systemd.services.denise-bingo = { - description = "Denise bingo website"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - - serviceConfig = { - Type = "simple"; - WorkingDirectory = varDir; - ExecStart = let - python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.matplotlib p.unidecode ]); - in - "${python}/bin/gunicorn -w4 -p /run/denise_bingo/gunicorn.pid --bind unix:${socket} app:app"; - User = "wwwrun"; - Restart = "always"; - RestartSec = "5s"; - PIDFile = "/run/denise_bingo/gunicorn.pid"; - RuntimeDirectory = "denise_bingo"; - StandardOutput = "journal"; - StandardError = "inherit"; - }; - }; - - security.sudo.extraRules = [ - { - commands = [ - { options = [ "NOPASSWD" ]; command = "${pkgs.systemd}/bin/systemctl restart denise-bingo-beta.service"; } - { options = [ "NOPASSWD" ]; command = "${pkgs.systemd}/bin/systemctl restart denise-bingo.service"; } - ]; - users = ["buildbot"]; - runAs = "root"; - } - ]; - services.websites.env.integration.vhostConfs.denise_bingo_beta = { - certName = "denise"; - addToCerts = true; - hosts = [ "beta.bingo.syanni.eu" ]; - root = null; - extraConfig = [ - '' - ProxyPreserveHost on - ProxyVia On - ProxyRequests Off - ProxyPassMatch ^/.well-known/acme-challenge ! - ProxyPass / unix://${socket_beta}|http://beta.bingo.syanni.eu/ - ProxyPassReverse / unix://${socket_beta}|http://beta.bingo.syanni.eu/ - '' - ]; - }; - - systemd.services.denise-bingo-beta = { - description = "Denise bingo beta website"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - - serviceConfig = { - Type = "simple"; - WorkingDirectory = varDirBeta; - ExecStart = let - python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask ]); - in - "${python}/bin/gunicorn -w4 -p /run/denise_bingo_beta/gunicorn.pid --bind unix:${socket_beta} app:app"; - User = "wwwrun"; - Restart = "always"; - RestartSec = "5s"; - PIDFile = "/run/denise_bingo_beta/gunicorn.pid"; - RuntimeDirectory = "denise_bingo_beta"; - StandardOutput = "journal"; - StandardError = "inherit"; - }; - }; - }; -} diff --git a/modules/private/websites/denise/denisejerome.nix b/modules/private/websites/denise/denisejerome.nix deleted file mode 100644 index a75e591..0000000 --- a/modules/private/websites/denise/denisejerome.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ lib, config, ... }: -let - cfg = config.myServices.websites.denise.denisejerome; - varDir = "/var/lib/ftp/denise/denisejerome"; - env = config.myEnv.websites.denisejerome; -in { - options.myServices.websites.denise.denisejerome.enable = lib.mkEnableOption "enable Denise Jerome's website"; - - config = lib.mkIf cfg.enable { - services.webstats.sites = [ { name = "denisejerome.piedsjaloux.fr"; } ]; - - services.websites.env.production.vhostConfs.denise_denisejerome = { - certName = "denise"; - certMainHost = "denisejerome.piedsjaloux.fr"; - hosts = ["denisejerome.piedsjaloux.fr" ]; - root = varDir; - extraConfig = [ - '' - Use Stats denisejerome.piedsjaloux.fr - - - DirectoryIndex index.htm index.html - Options Indexes FollowSymLinks MultiViews Includes - AllowOverride AuthConfig - Require all granted - - '' - ]; - }; - }; -} diff --git a/modules/private/websites/denise/evariste.nix b/modules/private/websites/denise/evariste.nix deleted file mode 100644 index 42f9b2e..0000000 --- a/modules/private/websites/denise/evariste.nix +++ /dev/null @@ -1,104 +0,0 @@ -{ lib, config, pkgs, ... }: -let - cfg = config.myServices.websites.denise.evariste; - nsiVarDir = "/var/lib/ftp/denise/nsievariste"; - stmgVarDir = "/var/lib/ftp/denise/stmgevariste"; - apacheUser = config.services.httpd.Prod.user; - apacheGroup = config.services.httpd.Prod.group; -in { - options.myServices.websites.denise.evariste.enable = lib.mkEnableOption "enable NSI/STMG Evariste website"; - - config = lib.mkIf cfg.enable { - services.webstats.sites = [ - { name = "nsievariste.immae.eu"; } - { name = "stmgevariste.immae.eu"; } - ]; - - services.websites.env.production.modules = [ "proxy_fcgi" ]; - system.activationScripts.denise_evariste = { - deps = [ "httpd" ]; - text = '' - install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/denise_nsievariste - install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/denise_stmgevariste - ''; - }; - services.phpfpm.pools.denise_nsievariste = { - user = apacheUser; - group = apacheGroup; - settings = { - "listen.owner" = apacheUser; - "listen.group" = apacheGroup; - - "pm" = "ondemand"; - "pm.max_children" = "5"; - "pm.process_idle_timeout" = "60"; - - "php_admin_value[open_basedir]" = "/var/lib/php/sessions/denise_nsievariste:${nsiVarDir}:/tmp"; - "php_admin_value[session.save_path]" = "/var/lib/php/sessions/denise_nsievariste"; - }; - phpPackage = pkgs.php72; - }; - services.websites.env.production.vhostConfs.denise_nsievariste = { - certName = "denise_evariste"; - addToCerts = true; - certMainHost = "nsievariste.immae.eu"; - hosts = ["nsievariste.immae.eu" ]; - root = nsiVarDir; - extraConfig = [ - '' - Use Stats nsievariste.immae.eu - - - SetHandler "proxy:unix:${config.services.phpfpm.pools.denise_nsievariste.socket}|fcgi://localhost" - - - - DirectoryIndex index.php index.htm index.html - Options Indexes FollowSymLinks MultiViews Includes - AllowOverride None - Require all granted - - '' - ]; - }; - - services.phpfpm.pools.denise_stmgevariste = { - user = apacheUser; - group = apacheGroup; - settings = { - "listen.owner" = apacheUser; - "listen.group" = apacheGroup; - - "pm" = "ondemand"; - "pm.max_children" = "5"; - "pm.process_idle_timeout" = "60"; - - "php_admin_value[open_basedir]" = "/var/lib/php/sessions/denise_stmgevariste:${stmgVarDir}:/tmp"; - "php_admin_value[session.save_path]" = "/var/lib/php/sessions/denise_stmgevariste"; - }; - phpPackage = pkgs.php72; - }; - services.websites.env.production.vhostConfs.denise_stmgevariste = { - certName = "denise_evariste"; - addToCerts = true; - hosts = ["stmgevariste.immae.eu" ]; - root = stmgVarDir; - extraConfig = [ - '' - Use Stats stmgevariste.immae.eu - - - SetHandler "proxy:unix:${config.services.phpfpm.pools.denise_stmgevariste.socket}|fcgi://localhost" - - - - DirectoryIndex index.php index.htm index.html - Options Indexes FollowSymLinks MultiViews Includes - AllowOverride None - Require all granted - - '' - ]; - }; - }; -} diff --git a/modules/private/websites/denise/oms.nix b/modules/private/websites/denise/oms.nix deleted file mode 100644 index 2f18037..0000000 --- a/modules/private/websites/denise/oms.nix +++ /dev/null @@ -1,100 +0,0 @@ -{ lib, config, pkgs, ... }: -let - cfg = config.myServices.websites.denise.oms; - varDir = "/var/lib/buildbot/outputs/denise/oms"; - varDirBeta = "/var/lib/buildbot/outputs/denise/oms_beta"; - socket = "/run/denise_oms/socket.sock"; - socket_beta = "/run/denise_oms_beta/socket.sock"; -in { - options.myServices.websites.denise.oms.enable = lib.mkEnableOption "enable Denise's OMS website"; - - config = lib.mkIf cfg.enable { - services.websites.env.production.vhostConfs.denise_oms = { - certName = "denise"; - addToCerts = true; - hosts = [ "oms.syanni.eu" ]; - root = null; - extraConfig = [ - '' - ProxyPreserveHost on - ProxyVia On - ProxyRequests Off - ProxyPassMatch ^/.well-known/acme-challenge ! - ProxyPass / unix://${socket}|http://oms.syanni.eu/ - ProxyPassReverse / unix://${socket}|http://oms.syanni.eu/ - '' - ]; - }; - - systemd.services.denise-oms = { - description = "Denise OMS website"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - - serviceConfig = { - Type = "simple"; - WorkingDirectory = varDir; - ExecStart = let - python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.matplotlib p.unidecode ]); - in - "${python}/bin/gunicorn -w4 -p /run/denise_oms/gunicorn.pid --bind unix:${socket} app:app"; - User = "wwwrun"; - Restart = "always"; - RestartSec = "5s"; - PIDFile = "/run/denise_oms/gunicorn.pid"; - RuntimeDirectory = "denise_oms"; - StandardOutput = "journal"; - StandardError = "inherit"; - }; - }; - - security.sudo.extraRules = [ - { - commands = [ - { options = [ "NOPASSWD" ]; command = "${pkgs.systemd}/bin/systemctl restart denise-oms-beta.service"; } - { options = [ "NOPASSWD" ]; command = "${pkgs.systemd}/bin/systemctl restart denise-oms.service"; } - ]; - users = ["buildbot"]; - runAs = "root"; - } - ]; - services.websites.env.integration.vhostConfs.denise_oms_beta = { - certName = "denise"; - addToCerts = true; - hosts = [ "beta.oms.syanni.eu" ]; - root = null; - extraConfig = [ - '' - ProxyPreserveHost on - ProxyVia On - ProxyRequests Off - ProxyPassMatch ^/.well-known/acme-challenge ! - ProxyPass / unix://${socket_beta}|http://beta.oms.syanni.eu/ - ProxyPassReverse / unix://${socket_beta}|http://beta.oms.syanni.eu/ - '' - ]; - }; - - systemd.services.denise-oms-beta = { - description = "Denise OMS beta website"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - - serviceConfig = { - Type = "simple"; - WorkingDirectory = varDirBeta; - ExecStart = let - python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.matplotlib p.unidecode ]); - in - "${python}/bin/gunicorn -w4 -p /run/denise_oms_beta/gunicorn.pid --bind unix:${socket_beta} app:app"; - User = "wwwrun"; - Restart = "always"; - RestartSec = "5s"; - PIDFile = "/run/denise_oms_beta/gunicorn.pid"; - RuntimeDirectory = "denise_oms_beta"; - StandardOutput = "journal"; - StandardError = "inherit"; - }; - }; - }; -} diff --git a/modules/private/websites/denise/production.nix b/modules/private/websites/denise/production.nix deleted file mode 100644 index 9b28e9e..0000000 --- a/modules/private/websites/denise/production.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ lib, config, pkgs, ... }: -let - cfg = config.myServices.websites.denise.production; -in { - options.myServices.websites.denise.production.enable = lib.mkEnableOption "enable Denise's website"; - - config = lib.mkIf cfg.enable { - services.websites.env.production.vhostConfs.denise_production = { - certName = "denise"; - addToCerts = true; - hosts = [ "syanni.eu" "www.syanni.eu" ]; - root = ../_www; - extraConfig = [ - '' - - DirectoryIndex index.htm index.html - Options Indexes FollowSymLinks MultiViews Includes - AllowOverride AuthConfig - Require all granted - - '' - ]; - }; - }; -} -- cgit v1.2.3