From 1a64deeb894dc95e2645a75771732c6cc53a79ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Wed, 4 Oct 2023 01:35:06 +0200 Subject: Squash changes containing private information There were a lot of changes since the previous commit, but a lot of them contained personnal information about users. All thos changes got stashed into a single commit (history is kept in a different place) and private information was moved in a separate private repository --- modules/private/websites/richie/production.nix | 106 ------------------------- 1 file changed, 106 deletions(-) delete mode 100644 modules/private/websites/richie/production.nix (limited to 'modules/private/websites/richie/production.nix') diff --git a/modules/private/websites/richie/production.nix b/modules/private/websites/richie/production.nix deleted file mode 100644 index a548cff..0000000 --- a/modules/private/websites/richie/production.nix +++ /dev/null @@ -1,106 +0,0 @@ -{ lib, config, pkgs, ... }: -let - cfg = config.myServices.websites.richie.production; - vardir = "/var/lib/richie_production"; - richieSrc = pkgs.stdenv.mkDerivation rec { - version = pkgs.sources.websites-richie-app.version; - pname = "richie"; - name = "${pname}-${version}"; - src = pkgs.sources.websites-richie-app; - phases = "installPhase"; - installPhase = '' - cp -a $src $out - chmod -R u+w $out - ln -sf ${vardir}/files $out/ - ln -sf ${vardir}/drapeaux $out/images/ - ln -sf ${vardir}/photos $out/ - sed -i "s@localedef --list-archive@localedef --list-archive /run/current-system/sw/lib/locale/locale-archive@" $out/admin/parametres.php - ''; - }; - secretPath = config.secrets.fullPaths."websites/richie/production"; - apacheUser = config.services.httpd.Prod.user; - apacheGroup = config.services.httpd.Prod.group; -in -{ - options.myServices.websites.richie.production.enable = lib.mkEnableOption "enable Richie's website"; - config = lib.mkIf cfg.enable { - services.webstats.sites = [ { name = "europe-richie.org"; } ]; - - secrets.keys."websites/richie/production" = { - user = apacheUser; - group = apacheGroup; - permissions = "0400"; - text = with config.myEnv.websites.richie; '' - Auth('${smtp_mailer.user}', '${smtp_mailer.password}'); - ?> - ''; - }; - system.activationScripts.richie_production = { - deps = [ "httpd" ]; - text = '' - install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d /var/lib/php/sessions/richie_production - install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${vardir} - ''; - }; - services.phpfpm.pools.richie_production = { - user = apacheUser; - group = apacheGroup; - settings = { - "listen.owner" = apacheUser; - "listen.group" = apacheGroup; - - "pm" = "ondemand"; - "pm.max_children" = "5"; - "pm.process_idle_timeout" = "60"; - - "php_admin_value[open_basedir]" = "${vardir}:/var/lib/php/sessions/richie_production:${secretPath}:${richieSrc}:/tmp"; - "php_admin_value[session.save_path]" = "/var/lib/php/sessions/richie_production"; - }; - phpEnv = { - PATH = "/run/current-system/sw/bin:${lib.makeBinPath [ pkgs.imagemagick ]}"; - BDD_CONNECT = secretPath; - }; - phpOptions = config.services.phpfpm.phpOptions + '' - date.timezone = 'Europe/Paris' - ''; - phpPackage = pkgs.php72; - }; - services.websites.env.production.modules = [ "proxy_fcgi" ]; - services.websites.env.production.vhostConfs.richie_production = { - certName = "richie"; - addToCerts = true; - certMainHost = "europe-richie.org"; - hosts = [ "europe-richie.org" "www.europe-richie.org" ]; - root = richieSrc; - extraConfig = [ - '' - Use Stats europe-richie.org - ErrorDocument 404 /404.html - - Require all denied - - - DirectoryIndex index.php index.htm index.html - Options Indexes FollowSymLinks MultiViews Includes - AllowOverride None - Require all granted - - - SetHandler "proxy:unix:${config.services.phpfpm.pools.richie_production.socket}|fcgi://localhost" - - - '' - ]; - }; - }; -} -- cgit v1.2.3