From 01f21083a897b86bf148f1d2bb9c8edca4d3786a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Fri, 25 Jan 2019 23:15:08 +0100 Subject: Rename virtual folder to nixops Fixes https://git.immae.eu/mantisbt/view.php?id=82 --- nixops/modules/websites/chloe/chloe.json | 14 +++ nixops/modules/websites/chloe/chloe.nix | 123 +++++++++++++++++++++ .../websites/chloe/chloe_config_dev/chmod.php | 4 + .../websites/chloe/chloe_config_dev/connect.php | 6 + .../websites/chloe/chloe_config_dev/ldap.php | 9 ++ .../websites/chloe/chloe_config_prod/chmod.php | 4 + .../websites/chloe/chloe_config_prod/connect.php | 6 + .../websites/chloe/chloe_config_prod/ldap.php | 9 ++ nixops/modules/websites/chloe/default.nix | 72 ++++++++++++ nixops/modules/websites/chloe/goaccess.conf | 99 +++++++++++++++++ 10 files changed, 346 insertions(+) create mode 100644 nixops/modules/websites/chloe/chloe.json create mode 100644 nixops/modules/websites/chloe/chloe.nix create mode 100644 nixops/modules/websites/chloe/chloe_config_dev/chmod.php create mode 100644 nixops/modules/websites/chloe/chloe_config_dev/connect.php create mode 100644 nixops/modules/websites/chloe/chloe_config_dev/ldap.php create mode 100644 nixops/modules/websites/chloe/chloe_config_prod/chmod.php create mode 100644 nixops/modules/websites/chloe/chloe_config_prod/connect.php create mode 100644 nixops/modules/websites/chloe/chloe_config_prod/ldap.php create mode 100644 nixops/modules/websites/chloe/default.nix create mode 100644 nixops/modules/websites/chloe/goaccess.conf (limited to 'nixops/modules/websites/chloe') diff --git a/nixops/modules/websites/chloe/chloe.json b/nixops/modules/websites/chloe/chloe.json new file mode 100644 index 0000000..686d751 --- /dev/null +++ b/nixops/modules/websites/chloe/chloe.json @@ -0,0 +1,14 @@ +{ + "tag": "96fc4eb-master", + "meta": { + "name": "chloe", + "url": "gitolite@git.immae.eu:perso/Immae/Sites/Chloe", + "branch": "master" + }, + "git": { + "url": "gitolite@git.immae.eu:perso/Immae/Sites/Chloe", + "rev": "96fc4eb0099a29b0f9a58fb4eaec4bf14ac65f0a", + "sha256": "0mf15j6z86j2smm2k360cmm5djhcjbs9949pznwi57kw97vkm1s3", + "fetchSubmodules": true + } +} diff --git a/nixops/modules/websites/chloe/chloe.nix b/nixops/modules/websites/chloe/chloe.nix new file mode 100644 index 0000000..355cca7 --- /dev/null +++ b/nixops/modules/websites/chloe/chloe.nix @@ -0,0 +1,123 @@ +{ stdenv, lib, fetchzip, fetchurl, fetchedGitPrivate, sassc }: +let + chloe = { config }: rec { + environment = config.environment; + phpFpm = rec { + socket = "/var/run/phpfpm/chloe-${environment}.sock"; + pool = '' + listen = ${socket} + user = ${apache.user} + group = ${apache.group} + listen.owner = ${apache.user} + listen.group = ${apache.group} + php_admin_value[upload_max_filesize] = 20M + php_admin_value[post_max_size] = 20M + ;php_admin_flag[log_errors] = on + php_admin_value[open_basedir] = "${../commons/spip/spip_mes_options.php}:${configDir}:${webRoot}:${varDir}:/tmp" + php_admin_value[session.save_path] = "${varDir}/phpSessions" + env[SPIP_CONFIG_DIR] = "${configDir}" + env[SPIP_VAR_DIR] = "${varDir}" + env[SPIP_SITE] = "chloe-${environment}" + env[SPIP_LDAP_BASE] = "dc=immae,dc=eu" + env[SPIP_LDAP_HOST] = "ldaps://ldap.immae.eu" + env[SPIP_LDAP_SEARCH_DN] = "${config.ldap.dn}" + env[SPIP_LDAP_SEARCH_PW] = "${config.ldap.password}" + env[SPIP_LDAP_SEARCH] = "${config.ldap.search}" + env[SPIP_MYSQL_HOST] = "db-1.immae.eu" + env[SPIP_MYSQL_DB] = "${config.mysql.name}" + env[SPIP_MYSQL_USER] = "${config.mysql.user}" + env[SPIP_MYSQL_PASSWORD] = "${config.mysql.password}" + ${if environment == "dev" then '' + pm = ondemand + pm.max_children = 5 + pm.process_idle_timeout = 60 + '' else '' + pm = dynamic + pm.max_children = 20 + pm.start_servers = 2 + pm.min_spare_servers = 1 + pm.max_spare_servers = 3 + ''}''; + }; + apache = { + user = "wwwrun"; + group = "wwwrun"; + modules = [ "proxy_fcgi" ]; + vhostConf = '' + RewriteEngine On + ${if environment == "prod" then '' + RewriteRule ^/news.rss /spip.php?page=backend&id_rubrique=1 + '' else ""} + + + SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" + + + + DirectoryIndex index.php index.htm index.html + Options -Indexes +FollowSymLinks +MultiViews +Includes + Include ${webRoot}/htaccess.txt + + AllowOverride AuthConfig FileInfo Limit + Require all granted + + + + Require all denied + + + + Require all denied + + + ${if environment == "dev" then '' + + Use LDAPConnect + Require ldap-group cn=chloe.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu + ErrorDocument 401 "" + + '' else '' + Use Stats osteopathe-cc.fr + ''} + ''; + }; + activationScript = { + deps = [ "wrappers" ]; + text = '' + install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} ${varDir}/IMG ${varDir}/tmp ${varDir}/local + install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions + ''; + }; + configDir = ./chloe_config_ + environment; + varDir = "/var/lib/chloe_${environment}"; + siteDir = stdenv.mkDerivation (fetchedGitPrivate ./chloe.json // rec { + buildPhase = '' + make + ''; + installPhase = '' + cp -a . $out + ''; + buildInputs = [ sassc ]; + }); + webRoot = stdenv.mkDerivation rec { + name = "chloe-${environment}-spip-${version}"; + version = "3.2.3"; + src = fetchzip { + url = "https://files.spip.net/spip/archives/SPIP-v${version}.zip"; + sha256 = "1r1mjvsnrp6mvkgjakvi3x4ms8m8k5mp93micbbg8r99fj7qlfkq"; + }; + paches = [ ../commons/spip/spip_ldap_patch.patch ]; + buildPhase = '' + rm -rf IMG local tmp config/remove.txt + ln -sf ${../commons/spip/spip_mes_options.php} config/mes_options.php + echo "Require all denied" > "config/.htaccess" + ln -sf ../../../../../${varDir}/{IMG,local} . + ''; + installPhase = '' + cp -a . $out + cp -a ${siteDir}/* $out + ''; + }; + }; +in + chloe diff --git a/nixops/modules/websites/chloe/chloe_config_dev/chmod.php b/nixops/modules/websites/chloe/chloe_config_dev/chmod.php new file mode 100644 index 0000000..aae16cd --- /dev/null +++ b/nixops/modules/websites/chloe/chloe_config_dev/chmod.php @@ -0,0 +1,4 @@ + \ No newline at end of file diff --git a/nixops/modules/websites/chloe/chloe_config_dev/connect.php b/nixops/modules/websites/chloe/chloe_config_dev/connect.php new file mode 100644 index 0000000..2e4439f --- /dev/null +++ b/nixops/modules/websites/chloe/chloe_config_dev/connect.php @@ -0,0 +1,6 @@ + diff --git a/nixops/modules/websites/chloe/chloe_config_dev/ldap.php b/nixops/modules/websites/chloe/chloe_config_dev/ldap.php new file mode 100644 index 0000000..825b7ed --- /dev/null +++ b/nixops/modules/websites/chloe/chloe_config_dev/ldap.php @@ -0,0 +1,9 @@ + array('sAMAccountName','uid','login','userid','cn','sn'),'nom' => 'cn','email' => 'mail','bio' => 'description',); +$GLOBALS['ldap_search'] = getenv("SPIP_LDAP_SEARCH"); +?> diff --git a/nixops/modules/websites/chloe/chloe_config_prod/chmod.php b/nixops/modules/websites/chloe/chloe_config_prod/chmod.php new file mode 100644 index 0000000..aae16cd --- /dev/null +++ b/nixops/modules/websites/chloe/chloe_config_prod/chmod.php @@ -0,0 +1,4 @@ + \ No newline at end of file diff --git a/nixops/modules/websites/chloe/chloe_config_prod/connect.php b/nixops/modules/websites/chloe/chloe_config_prod/connect.php new file mode 100644 index 0000000..2e4439f --- /dev/null +++ b/nixops/modules/websites/chloe/chloe_config_prod/connect.php @@ -0,0 +1,6 @@ + diff --git a/nixops/modules/websites/chloe/chloe_config_prod/ldap.php b/nixops/modules/websites/chloe/chloe_config_prod/ldap.php new file mode 100644 index 0000000..825b7ed --- /dev/null +++ b/nixops/modules/websites/chloe/chloe_config_prod/ldap.php @@ -0,0 +1,9 @@ + array('sAMAccountName','uid','login','userid','cn','sn'),'nom' => 'cn','email' => 'mail','bio' => 'description',); +$GLOBALS['ldap_search'] = getenv("SPIP_LDAP_SEARCH"); +?> diff --git a/nixops/modules/websites/chloe/default.nix b/nixops/modules/websites/chloe/default.nix new file mode 100644 index 0000000..94cd4be --- /dev/null +++ b/nixops/modules/websites/chloe/default.nix @@ -0,0 +1,72 @@ +{ lib, pkgs, config, myconfig, mylibs, ... }: +let + chloe = pkgs.callPackage ./chloe.nix { inherit (mylibs) fetchedGitPrivate; }; + chloe_dev = chloe { + config = myconfig.env.websites.chloe.integration; + }; + chloe_prod = chloe { + config = myconfig.env.websites.chloe.production; + }; + + cfg = config.services.myWebsites.Chloe; +in { + options.services.myWebsites.Chloe = { + production = { + enable = lib.mkEnableOption "enable Chloe's website in production"; + }; + integration = { + enable = lib.mkEnableOption "enable Chloe's website in integration"; + }; + }; + + imports = [ + ../commons/stats.nix + ]; + + config = lib.mkMerge [ + (lib.mkIf cfg.production.enable { + services.myWebsites.commons.stats.enable = true; + services.myWebsites.commons.stats.sites = [ + { + name = "osteopathe-cc.fr"; + conf = ./goaccess.conf; + } + ]; + + security.acme.certs."chloe" = config.services.myCertificates.certConfig // { + domain = "osteopathe-cc.fr"; + extraDomains = { + "www.osteopathe-cc.fr" = null; + }; + }; + + services.myPhpfpm.poolConfigs.chloe_prod = chloe_prod.phpFpm.pool; + services.myPhpfpm.poolPhpConfigs.chloe_prod = '' + extension=${pkgs.php}/lib/php/extensions/mysqli.so + ''; + system.activationScripts.chloe_prod = chloe_prod.activationScript; + services.myWebsites.production.modules = chloe_prod.apache.modules; + services.myWebsites.production.vhostConfs.chloe = { + certName = "chloe"; + hosts = ["osteopathe-cc.fr" "www.osteopathe-cc.fr" ]; + root = chloe_prod.webRoot; + extraConfig = [ chloe_prod.apache.vhostConf ]; + }; + }) + (lib.mkIf cfg.integration.enable { + security.acme.certs."eldiron".extraDomains."chloe.immae.eu" = null; + services.myPhpfpm.poolConfigs.chloe_dev = chloe_dev.phpFpm.pool; + services.myPhpfpm.poolPhpConfigs.chloe_dev = '' + extension=${pkgs.php}/lib/php/extensions/mysqli.so + ''; + system.activationScripts.chloe_dev = chloe_dev.activationScript; + services.myWebsites.integration.modules = chloe_dev.apache.modules; + services.myWebsites.integration.vhostConfs.chloe = { + certName = "eldiron"; + hosts = ["chloe.immae.eu" ]; + root = chloe_dev.webRoot; + extraConfig = [ chloe_dev.apache.vhostConf ]; + }; + }) + ]; +} diff --git a/nixops/modules/websites/chloe/goaccess.conf b/nixops/modules/websites/chloe/goaccess.conf new file mode 100644 index 0000000..89cff6d --- /dev/null +++ b/nixops/modules/websites/chloe/goaccess.conf @@ -0,0 +1,99 @@ +time-format %H:%M:%S +date-format %d/%b/%Y + +#sur immae.eu +#log-format %v %h %^[%d:%t %^] "%r" %s %b "%R" "%u" $^ + +log-format VCOMBINED +#= %v:%^ %h %^[%d:%t %^] "%r" %s %b "%R" "%u" + +html-prefs {"theme":"bright","layout":"vertical"} + +exclude-ip 188.165.209.148 +exclude-ip 178.33.252.96 +exclude-ip 2001:41d0:2:9c94::1 +exclude-ip 2001:41d0:2:9c94:: +exclude-ip 176.9.151.89 +exclude-ip 2a01:4f8:160:3445:: +exclude-ip 82.255.56.72 + +no-query-string true + +keep-db-files true +load-from-disk true +db-path /var/lib/goaccess/osteopathe-cc.fr + +ignore-panel REFERRERS +ignore-panel KEYPHRASES + +static-file .css +static-file .js +static-file .jpg +static-file .png +static-file .gif +static-file .ico +static-file .jpeg +static-file .pdf +static-file .csv +static-file .mpeg +static-file .mpg +static-file .swf +static-file .woff +static-file .woff2 +static-file .xls +static-file .xlsx +static-file .doc +static-file .docx +static-file .ppt +static-file .pptx +static-file .txt +static-file .zip +static-file .ogg +static-file .mp3 +static-file .mp4 +static-file .exe +static-file .iso +static-file .gz +static-file .rar +static-file .svg +static-file .bmp +static-file .tar +static-file .tgz +static-file .tiff +static-file .tif +static-file .ttf +static-file .flv +#static-file .less +#static-file .ac3 +#static-file .avi +#static-file .bz2 +#static-file .class +#static-file .cue +#static-file .dae +#static-file .dat +#static-file .dts +#static-file .ejs +#static-file .eot +#static-file .eps +#static-file .img +#static-file .jar +#static-file .map +#static-file .mid +#static-file .midi +#static-file .ogv +#static-file .webm +#static-file .mkv +#static-file .odp +#static-file .ods +#static-file .odt +#static-file .otf +#static-file .pict +#static-file .pls +#static-file .ps +#static-file .qt +#static-file .rm +#static-file .svgz +#static-file .wav +#static-file .webp + + -- cgit v1.2.3