From f8026b6e4c869aa108f6361c8ccd50890657994d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Sat, 18 May 2019 10:49:00 +0200 Subject: Move personal websites to modules --- nixops/modules/websites/aten/aten.nix | 104 ------------- nixops/modules/websites/aten/default.nix | 66 -------- nixops/modules/websites/capitaines/default.nix | 51 ------- .../websites/capitaines/mastodon_static/index.html | 29 ---- .../websites/capitaines/mastodon_static/oops.png | Bin 120305 -> 0 bytes nixops/modules/websites/chloe/chloe.nix | 105 ------------- .../websites/chloe/chloe_config_dev/chmod.php | 4 - .../websites/chloe/chloe_config_dev/connect.php | 15 -- .../websites/chloe/chloe_config_dev/ldap.php | 9 -- .../websites/chloe/chloe_config_prod/chmod.php | 4 - .../websites/chloe/chloe_config_prod/connect.php | 15 -- .../websites/chloe/chloe_config_prod/ldap.php | 9 -- nixops/modules/websites/chloe/default.nix | 69 --------- .../websites/connexionswing/connexionswing.nix | 166 --------------------- nixops/modules/websites/connexionswing/default.nix | 68 --------- nixops/modules/websites/default.nix | 42 ------ nixops/modules/websites/emilia/default.nix | 73 --------- nixops/modules/websites/emilia/moodle/pause.html | 48 ------ nixops/modules/websites/ftp/denisejerome.nix | 35 ----- nixops/modules/websites/ftp/florian.nix | 68 --------- nixops/modules/websites/ftp/immae.nix | 68 --------- nixops/modules/websites/ftp/jerome.nix | 90 ----------- nixops/modules/websites/ftp/leila.nix | 86 ----------- nixops/modules/websites/ftp/nassime.nix | 38 ----- nixops/modules/websites/ftp/papa.nix | 53 ------- nixops/modules/websites/ftp/release.nix | 43 ------ nixops/modules/websites/ftp/temp.nix | 40 ----- nixops/modules/websites/ludivine/default.nix | 66 -------- .../modules/websites/ludivine/ludivinecassal.nix | 157 ------------------- nixops/modules/websites/piedsjaloux/default.nix | 66 -------- .../modules/websites/piedsjaloux/piedsjaloux.nix | 146 ------------------ nixops/modules/websites/tellesflorian/default.nix | 40 ----- .../websites/tellesflorian/tellesflorian.nix | 154 ------------------- 33 files changed, 2027 deletions(-) delete mode 100644 nixops/modules/websites/aten/aten.nix delete mode 100644 nixops/modules/websites/aten/default.nix delete mode 100644 nixops/modules/websites/capitaines/default.nix delete mode 100644 nixops/modules/websites/capitaines/mastodon_static/index.html delete mode 100644 nixops/modules/websites/capitaines/mastodon_static/oops.png delete mode 100644 nixops/modules/websites/chloe/chloe.nix delete mode 100644 nixops/modules/websites/chloe/chloe_config_dev/chmod.php delete mode 100644 nixops/modules/websites/chloe/chloe_config_dev/connect.php delete mode 100644 nixops/modules/websites/chloe/chloe_config_dev/ldap.php delete mode 100644 nixops/modules/websites/chloe/chloe_config_prod/chmod.php delete mode 100644 nixops/modules/websites/chloe/chloe_config_prod/connect.php delete mode 100644 nixops/modules/websites/chloe/chloe_config_prod/ldap.php delete mode 100644 nixops/modules/websites/chloe/default.nix delete mode 100644 nixops/modules/websites/connexionswing/connexionswing.nix delete mode 100644 nixops/modules/websites/connexionswing/default.nix delete mode 100644 nixops/modules/websites/emilia/default.nix delete mode 100644 nixops/modules/websites/emilia/moodle/pause.html delete mode 100644 nixops/modules/websites/ftp/denisejerome.nix delete mode 100644 nixops/modules/websites/ftp/florian.nix delete mode 100644 nixops/modules/websites/ftp/immae.nix delete mode 100644 nixops/modules/websites/ftp/jerome.nix delete mode 100644 nixops/modules/websites/ftp/leila.nix delete mode 100644 nixops/modules/websites/ftp/nassime.nix delete mode 100644 nixops/modules/websites/ftp/papa.nix delete mode 100644 nixops/modules/websites/ftp/release.nix delete mode 100644 nixops/modules/websites/ftp/temp.nix delete mode 100644 nixops/modules/websites/ludivine/default.nix delete mode 100644 nixops/modules/websites/ludivine/ludivinecassal.nix delete mode 100644 nixops/modules/websites/piedsjaloux/default.nix delete mode 100644 nixops/modules/websites/piedsjaloux/piedsjaloux.nix delete mode 100644 nixops/modules/websites/tellesflorian/default.nix delete mode 100644 nixops/modules/websites/tellesflorian/tellesflorian.nix (limited to 'nixops') diff --git a/nixops/modules/websites/aten/aten.nix b/nixops/modules/websites/aten/aten.nix deleted file mode 100644 index 04876a1..0000000 --- a/nixops/modules/websites/aten/aten.nix +++ /dev/null @@ -1,104 +0,0 @@ -{ aten, lib, config }: rec { - app = aten.override { inherit (config) environment; }; - phpFpm = rec { - preStart = '' - if [ ! -f "${app.varDir}/currentWebappDir" -o \ - ! -f "${app.varDir}/currentKey" -o \ - "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \ - || ! sha512sum -c --status ${app.varDir}/currentKey; then - pushd ${app} > /dev/null - /run/wrappers/bin/sudo -u wwwrun APP_ENV=${app.environment} ./bin/console --env=${app.environment} cache:clear --no-warmup - popd > /dev/null - echo -n "${app}" > ${app.varDir}/currentWebappDir - sha512sum /var/secrets/webapps/${app.environment}-aten > ${app.varDir}/currentKey - fi - ''; - serviceDeps = [ "postgresql.service" ]; - socket = "/var/run/phpfpm/aten-${app.environment}.sock"; - pool = '' - listen = ${socket} - user = ${apache.user} - group = ${apache.group} - listen.owner = ${apache.user} - listen.group = ${apache.group} - php_admin_value[upload_max_filesize] = 20M - php_admin_value[post_max_size] = 20M - ;php_admin_flag[log_errors] = on - php_admin_value[open_basedir] = "${app}:${app.varDir}:/tmp" - php_admin_value[session.save_path] = "${app.varDir}/phpSessions" - ${if app.environment == "dev" then '' - pm = ondemand - pm.max_children = 5 - pm.process_idle_timeout = 60 - env[SYMFONY_DEBUG_MODE] = "yes" - '' else '' - pm = dynamic - pm.max_children = 20 - pm.start_servers = 2 - pm.min_spare_servers = 1 - pm.max_spare_servers = 3 - ''}''; - }; - keys = [{ - dest = "webapps/${app.environment}-aten"; - user = apache.user; - group = apache.group; - permissions = "0400"; - text = '' - SetEnv APP_ENV "${app.environment}" - SetEnv APP_SECRET "${config.secret}" - SetEnv DATABASE_URL "${config.psql_url}" - ''; - }]; - apache = rec { - user = "wwwrun"; - group = "wwwrun"; - modules = [ "proxy_fcgi" ]; - webappName = "aten_${app.environment}"; - root = "/run/current-system/webapps/${webappName}"; - vhostConf = '' - - SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" - - - Include /var/secrets/webapps/${app.environment}-aten - - ${if app.environment == "dev" then '' - - Use LDAPConnect - Require ldap-group cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu - ErrorDocument 401 "" - - - - Use LDAPConnect - Require ldap-group cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu - ErrorDocument 401 "" - - '' else '' - Use Stats aten.pro - - - Use LDAPConnect - Require ldap-group cn=aten.pro,cn=httpd,ou=services,dc=immae,dc=eu - ErrorDocument 401 "" - - ''} - - - Options Indexes FollowSymLinks MultiViews Includes - AllowOverride All - Require all granted - DirectoryIndex index.php - FallbackResource /index.php - - ''; - }; - activationScript = { - deps = [ "wrappers" ]; - text = '' - install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} - install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions - ''; - }; -} diff --git a/nixops/modules/websites/aten/default.nix b/nixops/modules/websites/aten/default.nix deleted file mode 100644 index a9e75b6..0000000 --- a/nixops/modules/websites/aten/default.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ lib, pkgs, config, myconfig, ... }: -let - aten_dev = pkgs.callPackage ./aten.nix { - inherit (pkgs.webapps) aten; - config = myconfig.env.websites.aten.integration; - }; - aten_prod = pkgs.callPackage ./aten.nix { - inherit (pkgs.webapps) aten; - config = myconfig.env.websites.aten.production; - }; - - cfg = config.services.myWebsites.Aten; -in { - options.services.myWebsites.Aten = { - production = { - enable = lib.mkEnableOption "enable Aten's website in production"; - }; - integration = { - enable = lib.mkEnableOption "enable Aten's website in integration"; - }; - }; - - config = lib.mkMerge [ - (lib.mkIf cfg.production.enable { - secrets.keys = aten_prod.keys; - services.webstats.sites = [ { name = "aten.pro"; } ]; - - services.myPhpfpm.preStart.aten_prod = aten_prod.phpFpm.preStart; - services.myPhpfpm.serviceDependencies.aten_prod = aten_prod.phpFpm.serviceDeps; - services.myPhpfpm.poolConfigs.aten_prod = aten_prod.phpFpm.pool; - system.activationScripts.aten_prod = aten_prod.activationScript; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${aten_prod.app.webRoot} $out/webapps/${aten_prod.apache.webappName} - ''; - services.websites.production.modules = aten_prod.apache.modules; - services.websites.production.vhostConfs.aten = { - certName = "aten"; - certMainHost = "aten.pro"; - hosts = [ "aten.pro" "www.aten.pro" ]; - root = aten_prod.apache.root; - extraConfig = [ aten_prod.apache.vhostConf ]; - }; - }) - (lib.mkIf cfg.integration.enable { - secrets.keys = aten_dev.keys; - services.myPhpfpm.preStart.aten_dev = aten_dev.phpFpm.preStart; - services.myPhpfpm.serviceDependencies.aten_dev = aten_dev.phpFpm.serviceDeps; - services.myPhpfpm.poolConfigs.aten_dev = aten_dev.phpFpm.pool; - system.activationScripts.aten_dev = aten_dev.activationScript; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${aten_dev.app.webRoot} $out/webapps/${aten_dev.apache.webappName} - ''; - services.websites.integration.modules = aten_dev.apache.modules; - services.websites.integration.vhostConfs.aten = { - certName = "eldiron"; - addToCerts = true; - hosts = [ "dev.aten.pro" ]; - root = aten_dev.apache.root; - extraConfig = [ aten_dev.apache.vhostConf ]; - }; - }) - ]; -} - diff --git a/nixops/modules/websites/capitaines/default.nix b/nixops/modules/websites/capitaines/default.nix deleted file mode 100644 index 4bbf488..0000000 --- a/nixops/modules/websites/capitaines/default.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ lib, pkgs, config, myconfig, ... }: -let - cfg = config.services.myWebsites.Capitaines; - env = myconfig.env.websites.capitaines; - webappName = "capitaines_mastodon"; - root = "/run/current-system/webapps/${webappName}"; - siteDir = ./mastodon_static; -in { - options.services.myWebsites.Capitaines = { - production = { - enable = lib.mkEnableOption "enable Capitaines's website"; - }; - }; - - config = lib.mkIf cfg.production.enable { - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${siteDir} $out/webapps/${webappName} - ''; - - services.websites.production.vhostConfs.capitaines_mastodon = { - certName = "capitaines"; - certMainHost = "mastodon.capitaines.fr"; - hosts = [ "mastodon.capitaines.fr" ]; - root = root; - extraConfig = [ - '' - ErrorDocument 404 /index.html - - DirectoryIndex index.html - Options Indexes FollowSymLinks MultiViews Includes - Require all granted - - '' - ]; - }; - - services.websites.production.vhostConfs.capitaines = { - certName = "capitaines"; - addToCerts = true; - hosts = [ "capitaines.fr" ]; - root = "/run/current-system/webapps/_www"; - extraConfig = [ '' - - DirectoryIndex index.htm - Require all granted - - '' ]; - }; - }; -} diff --git a/nixops/modules/websites/capitaines/mastodon_static/index.html b/nixops/modules/websites/capitaines/mastodon_static/index.html deleted file mode 100644 index fae4152..0000000 --- a/nixops/modules/websites/capitaines/mastodon_static/index.html +++ /dev/null @@ -1,29 +0,0 @@ - - - - - This instance is now closed - Mastodon - - - -
- Mastodon -

Sorry, this instance is closed now.

-
- - diff --git a/nixops/modules/websites/capitaines/mastodon_static/oops.png b/nixops/modules/websites/capitaines/mastodon_static/oops.png deleted file mode 100644 index 0abddad..0000000 Binary files a/nixops/modules/websites/capitaines/mastodon_static/oops.png and /dev/null differ diff --git a/nixops/modules/websites/chloe/chloe.nix b/nixops/modules/websites/chloe/chloe.nix deleted file mode 100644 index 2847b9d..0000000 --- a/nixops/modules/websites/chloe/chloe.nix +++ /dev/null @@ -1,105 +0,0 @@ -{ chloe, config }: -rec { - app = chloe.override { inherit (config) environment; }; - phpFpm = rec { - serviceDeps = [ "mysql.service" ]; - socket = "/var/run/phpfpm/chloe-${app.environment}.sock"; - pool = '' - listen = ${socket} - user = ${apache.user} - group = ${apache.group} - listen.owner = ${apache.user} - listen.group = ${apache.group} - php_admin_value[upload_max_filesize] = 20M - php_admin_value[post_max_size] = 20M - ;php_admin_flag[log_errors] = on - php_admin_value[open_basedir] = "${app.spipConfig}:${configDir}:${app}:${app.varDir}:/tmp" - php_admin_value[session.save_path] = "${app.varDir}/phpSessions" - ${if app.environment == "dev" then '' - pm = ondemand - pm.max_children = 5 - pm.process_idle_timeout = 60 - '' else '' - pm = dynamic - pm.max_children = 20 - pm.start_servers = 2 - pm.min_spare_servers = 1 - pm.max_spare_servers = 3 - ''}''; - }; - keys = [{ - dest = "webapps/${app.environment}-chloe"; - user = apache.user; - group = apache.group; - permissions = "0400"; - text = '' - SetEnv SPIP_CONFIG_DIR "${configDir}" - SetEnv SPIP_VAR_DIR "${app.varDir}" - SetEnv SPIP_SITE "chloe-${app.environment}" - SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu" - SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu" - SetEnv SPIP_LDAP_SEARCH_DN "${config.ldap.dn}" - SetEnv SPIP_LDAP_SEARCH_PW "${config.ldap.password}" - SetEnv SPIP_LDAP_SEARCH "${config.ldap.search}" - SetEnv SPIP_MYSQL_HOST "${config.mysql.host}" - SetEnv SPIP_MYSQL_PORT "${config.mysql.port}" - SetEnv SPIP_MYSQL_DB "${config.mysql.name}" - SetEnv SPIP_MYSQL_USER "${config.mysql.user}" - SetEnv SPIP_MYSQL_PASSWORD "${config.mysql.password}" - ''; - }]; - apache = rec { - user = "wwwrun"; - group = "wwwrun"; - modules = [ "proxy_fcgi" ]; - webappName = "chloe_${app.environment}"; - root = "/run/current-system/webapps/${webappName}"; - vhostConf = '' - Include /var/secrets/webapps/${app.environment}-chloe - - RewriteEngine On - ${if app.environment == "prod" then '' - RewriteRule ^/news.rss /spip.php?page=backend&id_rubrique=1 - '' else ""} - - - SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" - - - - DirectoryIndex index.php index.htm index.html - Options -Indexes +FollowSymLinks +MultiViews +Includes - Include ${root}/htaccess.txt - - AllowOverride AuthConfig FileInfo Limit - Require all granted - - - - Require all denied - - - - Require all denied - - - ${if app.environment == "dev" then '' - - Use LDAPConnect - Require ldap-group cn=chloe.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu - ErrorDocument 401 "" - - '' else '' - Use Stats osteopathe-cc.fr - ''} - ''; - }; - activationScript = { - deps = [ "wrappers" ]; - text = '' - install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local - install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions - ''; - }; - configDir = ./chloe_config_ + app.environment; -} diff --git a/nixops/modules/websites/chloe/chloe_config_dev/chmod.php b/nixops/modules/websites/chloe/chloe_config_dev/chmod.php deleted file mode 100644 index aae16cd..0000000 --- a/nixops/modules/websites/chloe/chloe_config_dev/chmod.php +++ /dev/null @@ -1,4 +0,0 @@ - \ No newline at end of file diff --git a/nixops/modules/websites/chloe/chloe_config_dev/connect.php b/nixops/modules/websites/chloe/chloe_config_dev/connect.php deleted file mode 100644 index 18b0933..0000000 --- a/nixops/modules/websites/chloe/chloe_config_dev/connect.php +++ /dev/null @@ -1,15 +0,0 @@ - diff --git a/nixops/modules/websites/chloe/chloe_config_dev/ldap.php b/nixops/modules/websites/chloe/chloe_config_dev/ldap.php deleted file mode 100644 index 825b7ed..0000000 --- a/nixops/modules/websites/chloe/chloe_config_dev/ldap.php +++ /dev/null @@ -1,9 +0,0 @@ - array('sAMAccountName','uid','login','userid','cn','sn'),'nom' => 'cn','email' => 'mail','bio' => 'description',); -$GLOBALS['ldap_search'] = getenv("SPIP_LDAP_SEARCH"); -?> diff --git a/nixops/modules/websites/chloe/chloe_config_prod/chmod.php b/nixops/modules/websites/chloe/chloe_config_prod/chmod.php deleted file mode 100644 index aae16cd..0000000 --- a/nixops/modules/websites/chloe/chloe_config_prod/chmod.php +++ /dev/null @@ -1,4 +0,0 @@ - \ No newline at end of file diff --git a/nixops/modules/websites/chloe/chloe_config_prod/connect.php b/nixops/modules/websites/chloe/chloe_config_prod/connect.php deleted file mode 100644 index 18b0933..0000000 --- a/nixops/modules/websites/chloe/chloe_config_prod/connect.php +++ /dev/null @@ -1,15 +0,0 @@ - diff --git a/nixops/modules/websites/chloe/chloe_config_prod/ldap.php b/nixops/modules/websites/chloe/chloe_config_prod/ldap.php deleted file mode 100644 index 825b7ed..0000000 --- a/nixops/modules/websites/chloe/chloe_config_prod/ldap.php +++ /dev/null @@ -1,9 +0,0 @@ - array('sAMAccountName','uid','login','userid','cn','sn'),'nom' => 'cn','email' => 'mail','bio' => 'description',); -$GLOBALS['ldap_search'] = getenv("SPIP_LDAP_SEARCH"); -?> diff --git a/nixops/modules/websites/chloe/default.nix b/nixops/modules/websites/chloe/default.nix deleted file mode 100644 index 8e801b5..0000000 --- a/nixops/modules/websites/chloe/default.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ lib, pkgs, config, myconfig, ... }: -let - chloe_dev = pkgs.callPackage ./chloe.nix { - inherit (pkgs.webapps) chloe; - config = myconfig.env.websites.chloe.integration; - }; - chloe_prod = pkgs.callPackage ./chloe.nix { - inherit (pkgs.webapps) chloe; - config = myconfig.env.websites.chloe.production; - }; - - cfg = config.services.myWebsites.Chloe; -in { - options.services.myWebsites.Chloe = { - production = { - enable = lib.mkEnableOption "enable Chloe's website in production"; - }; - integration = { - enable = lib.mkEnableOption "enable Chloe's website in integration"; - }; - }; - - config = lib.mkMerge [ - (lib.mkIf cfg.production.enable { - secrets.keys = chloe_prod.keys; - services.webstats.sites = [ { name = "osteopathe-cc.fr"; } ]; - - services.myPhpfpm.serviceDependencies.chloe_prod = chloe_prod.phpFpm.serviceDeps; - services.myPhpfpm.poolConfigs.chloe_prod = chloe_prod.phpFpm.pool; - services.myPhpfpm.poolPhpConfigs.chloe_prod = '' - extension=${pkgs.php}/lib/php/extensions/mysqli.so - ''; - system.activationScripts.chloe_prod = chloe_prod.activationScript; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${chloe_prod.app.webRoot} $out/webapps/${chloe_prod.apache.webappName} - ''; - services.websites.production.modules = chloe_prod.apache.modules; - services.websites.production.vhostConfs.chloe = { - certName = "chloe"; - certMainHost = "osteopathe-cc.fr"; - hosts = ["osteopathe-cc.fr" "www.osteopathe-cc.fr" ]; - root = chloe_prod.apache.root; - extraConfig = [ chloe_prod.apache.vhostConf ]; - }; - }) - (lib.mkIf cfg.integration.enable { - secrets.keys = chloe_dev.keys; - services.myPhpfpm.serviceDependencies.chloe_dev = chloe_dev.phpFpm.serviceDeps; - services.myPhpfpm.poolConfigs.chloe_dev = chloe_dev.phpFpm.pool; - services.myPhpfpm.poolPhpConfigs.chloe_dev = '' - extension=${pkgs.php}/lib/php/extensions/mysqli.so - ''; - system.activationScripts.chloe_dev = chloe_dev.activationScript; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${chloe_dev.app.webRoot} $out/webapps/${chloe_dev.apache.webappName} - ''; - services.websites.integration.modules = chloe_dev.apache.modules; - services.websites.integration.vhostConfs.chloe = { - certName = "eldiron"; - addToCerts = true; - hosts = ["chloe.immae.eu" ]; - root = chloe_dev.apache.root; - extraConfig = [ chloe_dev.apache.vhostConf ]; - }; - }) - ]; -} diff --git a/nixops/modules/websites/connexionswing/connexionswing.nix b/nixops/modules/websites/connexionswing/connexionswing.nix deleted file mode 100644 index 77b839c..0000000 --- a/nixops/modules/websites/connexionswing/connexionswing.nix +++ /dev/null @@ -1,166 +0,0 @@ -{ connexionswing, pkgs, phpPackages, config }: -rec { - app = connexionswing.override { inherit (config) environment; }; - keys = [{ - dest = "webapps/${app.environment}-connexionswing"; - user = apache.user; - group = apache.group; - permissions = "0400"; - text = '' - # This file is auto-generated during the composer install - parameters: - database_host: ${config.mysql.host} - database_port: ${config.mysql.port} - database_name: ${config.mysql.name} - database_user: ${config.mysql.user} - database_password: ${config.mysql.password} - database_server_version: ${pkgs.mariadb.mysqlVersion} - mailer_transport: sendmail - mailer_host: null - mailer_user: null - mailer_password: null - subscription_email: ${config.email} - allow_robots: true - secret: ${config.secret} - ${if app.environment == "prod" then '' - services: - swiftmailer.mailer.default.transport: - class: Swift_SendmailTransport - arguments: ['/run/wrappers/bin/sendmail -bs'] - '' else ""} - ''; - }]; - phpFpm = rec { - preStart = '' - if [ ! -f "${app.varDir}/currentWebappDir" -o \ - ! -f "${app.varDir}/currentKey" -o \ - "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \ - || ! sha512sum -c --status ${app.varDir}/currentKey; then - pushd ${app} > /dev/null - /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${app.environment} cache:clear --no-warmup - popd > /dev/null - echo -n "${app}" > ${app.varDir}/currentWebappDir - sha512sum /var/secrets/webapps/${app.environment}-connexionswing > ${app.varDir}/currentKey - fi - ''; - serviceDeps = [ "mysql.service" ]; - socket = "/var/run/phpfpm/connexionswing-${app.environment}.sock"; - phpConfig = '' - extension=${phpPackages.imagick}/lib/php/extensions/imagick.so - ''; - pool = '' - listen = ${socket} - user = ${apache.user} - group = ${apache.group} - listen.owner = ${apache.user} - listen.group = ${apache.group} - php_admin_value[upload_max_filesize] = 20M - php_admin_value[post_max_size] = 20M - ;php_admin_flag[log_errors] = on - php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/secrets/webapps/${app.environment}-connexionswing:${app}:${app.varDir}:/tmp" - php_admin_value[session.save_path] = "${app.varDir}/phpSessions" - ${if app.environment == "dev" then '' - pm = ondemand - pm.max_children = 5 - pm.process_idle_timeout = 60 - env[SYMFONY_DEBUG_MODE] = "yes" - '' else '' - pm = dynamic - pm.max_children = 20 - pm.start_servers = 2 - pm.min_spare_servers = 1 - pm.max_spare_servers = 3 - ''}''; - }; - apache = rec { - user = "wwwrun"; - group = "wwwrun"; - modules = [ "proxy_fcgi" ]; - webappName = "connexionswing_${app.environment}"; - root = "/run/current-system/webapps/${webappName}"; - vhostConf = '' - - SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" - - - - Options FollowSymLinks - AllowOverride None - Require all granted - - - - Options FollowSymLinks - AllowOverride None - Require all granted - - - ${if app.environment == "dev" then '' - - Use LDAPConnect - Require ldap-group cn=connexionswing.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu - ErrorDocument 401 "" - - - - Options Indexes FollowSymLinks MultiViews Includes - AllowOverride None - Require all granted - - DirectoryIndex app_dev.php - - - Options -MultiViews - - - - RewriteEngine On - - RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$ - RewriteRule ^(.*) - [E=BASE:%1] - - # Maintenance script - RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f - RewriteCond %{SCRIPT_FILENAME} !maintenance.php - RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L] - ErrorDocument 503 /maintenance.php - - # Sets the HTTP_AUTHORIZATION header removed by Apache - RewriteCond %{HTTP:Authorization} . - RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] - - RewriteCond %{ENV:REDIRECT_STATUS} ^$ - RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L] - - # If the requested filename exists, simply serve it. - # We only want to let Apache serve files and not directories. - RewriteCond %{REQUEST_FILENAME} -f - RewriteRule ^ - [L] - - # Rewrite all other queries to the front controller. - RewriteRule ^ %{ENV:BASE}/app_dev.php [L] - - - - '' else '' - Use Stats connexionswing.com - - - Options Indexes FollowSymLinks MultiViews Includes - AllowOverride All - Require all granted - - ''} - ''; - }; - activationScript = { - deps = [ "wrappers" ]; - text = '' - install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} \ - ${app.varDir}/medias \ - ${app.varDir}/uploads \ - ${app.varDir}/var - install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions - ''; - }; -} diff --git a/nixops/modules/websites/connexionswing/default.nix b/nixops/modules/websites/connexionswing/default.nix deleted file mode 100644 index 20c5166..0000000 --- a/nixops/modules/websites/connexionswing/default.nix +++ /dev/null @@ -1,68 +0,0 @@ -{ lib, pkgs, config, myconfig, ... }: -let - connexionswing_dev = pkgs.callPackage ./connexionswing.nix { - inherit (pkgs.webapps) connexionswing; - config = myconfig.env.websites.connexionswing.integration; - }; - connexionswing_prod = pkgs.callPackage ./connexionswing.nix { - inherit (pkgs.webapps) connexionswing; - config = myconfig.env.websites.connexionswing.production; - }; - - cfg = config.services.myWebsites.Connexionswing; -in { - options.services.myWebsites.Connexionswing = { - production = { - enable = lib.mkEnableOption "enable Connexionswing's website in production"; - }; - integration = { - enable = lib.mkEnableOption "enable Connexionswing's website in integration"; - }; - }; - - config = lib.mkMerge [ - (lib.mkIf cfg.production.enable { - secrets.keys = connexionswing_prod.keys; - services.webstats.sites = [ { name = "connexionswing.com"; } ]; - - services.myPhpfpm.preStart.connexionswing_prod = connexionswing_prod.phpFpm.preStart; - services.myPhpfpm.serviceDependencies.connexionswing_prod = connexionswing_prod.phpFpm.serviceDeps; - services.myPhpfpm.poolConfigs.connexionswing_prod = connexionswing_prod.phpFpm.pool; - services.myPhpfpm.poolPhpConfigs.connexionswing_prod = connexionswing_prod.phpFpm.phpConfig; - system.activationScripts.connexionswing_prod = connexionswing_prod.activationScript; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${connexionswing_prod.app.webRoot} $out/webapps/${connexionswing_prod.apache.webappName} - ''; - services.websites.production.modules = connexionswing_prod.apache.modules; - services.websites.production.vhostConfs.connexionswing = { - certName = "connexionswing"; - certMainHost = "connexionswing.com"; - hosts = ["connexionswing.com" "sandetludo.com" "www.connexionswing.com" "www.sandetludo.com" ]; - root = connexionswing_prod.apache.root; - extraConfig = [ connexionswing_prod.apache.vhostConf ]; - }; - }) - (lib.mkIf cfg.integration.enable { - secrets.keys = connexionswing_dev.keys; - services.myPhpfpm.preStart.connexionswing_dev = connexionswing_dev.phpFpm.preStart; - services.myPhpfpm.serviceDependencies.connexionswing_dev = connexionswing_dev.phpFpm.serviceDeps; - services.myPhpfpm.poolConfigs.connexionswing_dev = connexionswing_dev.phpFpm.pool; - services.myPhpfpm.poolPhpConfigs.connexionswing_dev = connexionswing_dev.phpFpm.phpConfig; - system.activationScripts.connexionswing_dev = connexionswing_dev.activationScript; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${connexionswing_dev.app.webRoot} $out/webapps/${connexionswing_dev.apache.webappName} - ''; - services.websites.integration.modules = connexionswing_dev.apache.modules; - services.websites.integration.vhostConfs.connexionswing = { - certName = "eldiron"; - addToCerts = true; - hosts = ["connexionswing.immae.eu" "sandetludo.immae.eu" ]; - root = connexionswing_dev.apache.root; - extraConfig = [ connexionswing_dev.apache.vhostConf ]; - }; - }) - ]; -} - diff --git a/nixops/modules/websites/default.nix b/nixops/modules/websites/default.nix index 432ad3c..584892a 100644 --- a/nixops/modules/websites/default.nix +++ b/nixops/modules/websites/default.nix @@ -66,23 +66,6 @@ let in { imports = [ - ./chloe - ./ludivine - ./aten - ./piedsjaloux - ./connexionswing - ./tellesflorian - ./emilia - ./capitaines - ./ftp/jerome.nix - ./ftp/nassime.nix - ./ftp/florian.nix - ./ftp/denisejerome.nix - ./ftp/leila.nix - ./ftp/papa.nix - ./ftp/immae.nix - ./ftp/release.nix - ./ftp/temp.nix ./tools/db.nix ./tools/tools ./tools/dav @@ -133,31 +116,6 @@ in services.myWebsites.tools.etherpad-lite.enable = true; services.myWebsites.tools.peertube.enable = true; - services.myWebsites.Chloe.production.enable = true; - services.myWebsites.Ludivine.production.enable = true; - services.myWebsites.Aten.production.enable = true; - services.myWebsites.PiedsJaloux.production.enable = true; - services.myWebsites.Connexionswing.production.enable = true; - services.myWebsites.Jerome.production.enable = true; - services.myWebsites.Nassime.production.enable = true; - services.myWebsites.Florian.production.enable = true; - services.myWebsites.Leila.production.enable = true; - services.myWebsites.Papa.production.enable = true; - services.myWebsites.DeniseJerome.production.enable = true; - services.myWebsites.Emilia.production.enable = true; - services.myWebsites.Capitaines.production.enable = true; - services.myWebsites.Immae.production.enable = true; - services.myWebsites.Release.production.enable = true; - services.myWebsites.Temp.production.enable = true; - - services.myWebsites.Chloe.integration.enable = true; - services.myWebsites.Ludivine.integration.enable = true; - services.myWebsites.Aten.integration.enable = true; - services.myWebsites.PiedsJaloux.integration.enable = true; - services.myWebsites.Connexionswing.integration.enable = true; - services.myWebsites.TellesFlorian.integration.enable = true; - services.myWebsites.Florian.integration.enable = true; - secrets.keys = [{ dest = "apache-ldap"; user = "wwwrun"; diff --git a/nixops/modules/websites/emilia/default.nix b/nixops/modules/websites/emilia/default.nix deleted file mode 100644 index 47257b7..0000000 --- a/nixops/modules/websites/emilia/default.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ lib, pkgs, config, myconfig, ... }: -let - cfg = config.services.myWebsites.Emilia; - env = myconfig.env.websites.emilia; - varDir = "/var/lib/moodle"; - siteDir = ./moodle; - webappName = "emilia_moodle"; - root = "/run/current-system/webapps/${webappName}"; - # php_admin_value[upload_max_filesize] = 50000000 - # php_admin_value[post_max_size] = 50000000 - configFile = '' - dbtype = 'pgsql'; - $CFG->dblibrary = 'native'; - $CFG->dbhost = '${env.postgresql.host}'; - $CFG->dbname = '${env.postgresql.database}'; - $CFG->dbuser = '${env.postgresql.user}'; - $CFG->dbpass = '${env.postgresql.password}'; - $CFG->prefix = 'mdl_'; - $CFG->dboptions = array ( - 'dbpersist' => 0, - 'dbport' => '${env.postgreesql.port}', - 'dbsocket' => '${env.postgresql.password}', - ); - - $CFG->wwwroot = 'https://www.saison-photo.org'; - $CFG->dataroot = '${varDir}'; - $CFG->admin = 'admin'; - - $CFG->directorypermissions = 02777; - - require_once(__DIR__ . '/lib/setup.php'); - - // There is no php closing tag in this file, - // it is intentional because it prevents trailing whitespace problems! - ''; -in { - options.services.myWebsites.Emilia = { - production = { - enable = lib.mkEnableOption "enable Emilia's website"; - }; - }; - - config = lib.mkIf cfg.production.enable { - system.activationScripts.emilia = '' - install -m 0755 -o wwwrun -g wwwrun -d ${varDir} - ''; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${siteDir} $out/webapps/${webappName} - ''; - services.websites.production.vhostConfs.emilia = { - certName = "emilia"; - certMainHost = "saison-photo.org"; - hosts = [ "saison-photo.org" "www.saison-photo.org" ]; - root = root; - extraConfig = [ - '' - - DirectoryIndex pause.html - Options Indexes FollowSymLinks MultiViews Includes - Require all granted - - '' - ]; - }; - }; -} diff --git a/nixops/modules/websites/emilia/moodle/pause.html b/nixops/modules/websites/emilia/moodle/pause.html deleted file mode 100644 index 8b99c59..0000000 --- a/nixops/modules/websites/emilia/moodle/pause.html +++ /dev/null @@ -1,48 +0,0 @@ - - - - Pause - - - - -
-

Site web en pause !

-
-

Le site et les cours de photographie sont actuellement en pause.

-
-
- - diff --git a/nixops/modules/websites/ftp/denisejerome.nix b/nixops/modules/websites/ftp/denisejerome.nix deleted file mode 100644 index 884fb62..0000000 --- a/nixops/modules/websites/ftp/denisejerome.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ lib, pkgs, config, myconfig, ... }: -let - cfg = config.services.myWebsites.DeniseJerome; - varDir = "/var/lib/ftp/denisejerome"; - env = myconfig.env.websites.denisejerome; -in { - options.services.myWebsites.DeniseJerome = { - production = { - enable = lib.mkEnableOption "enable Denise Jerome's website"; - }; - }; - - config = lib.mkIf cfg.production.enable { - services.webstats.sites = [ { name = "denisejerome.piedsjaloux.fr"; } ]; - - services.websites.production.vhostConfs.denisejerome = { - certName = "denisejerome"; - certMainHost = "denisejerome.piedsjaloux.fr"; - hosts = ["denisejerome.piedsjaloux.fr" ]; - root = varDir; - extraConfig = [ - '' - Use Stats denisejerome.piedsjaloux.fr - - - DirectoryIndex index.htm index.html - Options Indexes FollowSymLinks MultiViews Includes - AllowOverride AuthConfig - Require all granted - - '' - ]; - }; - }; -} diff --git a/nixops/modules/websites/ftp/florian.nix b/nixops/modules/websites/ftp/florian.nix deleted file mode 100644 index ebd461e..0000000 --- a/nixops/modules/websites/ftp/florian.nix +++ /dev/null @@ -1,68 +0,0 @@ -{ lib, pkgs, config, myconfig, ... }: -let - adminer = pkgs.callPackage ../commons/adminer.nix {}; - cfg = config.services.myWebsites.Florian; - varDir = "/var/lib/ftp/florian"; - env = myconfig.env.websites.florian; -in { - options.services.myWebsites.Florian = { - production = { - enable = lib.mkEnableOption "enable Florian's website production"; - }; - integration = { - enable = lib.mkEnableOption "enable Florian's website integration"; - }; - }; - - config = lib.mkMerge [ - (lib.mkIf cfg.production.enable { - security.acme.certs."ftp".extraDomains."tellesflorian.com" = null; - - services.websites.production.modules = adminer.apache.modules; - services.websites.production.vhostConfs.florian = { - certName = "florian"; - certMainHost = "tellesflorian.com"; - hosts = [ "tellesflorian.com" "www.tellesflorian.com" ]; - root = "${varDir}/tellesflorian.com"; - extraConfig = [ - adminer.apache.vhostConf - '' - ServerAdmin ${env.server_admin} - - - DirectoryIndex index.php index.htm index.html - Options Indexes FollowSymLinks MultiViews Includes - AllowOverride None - Require all granted - - '' - ]; - }; - }) - - (lib.mkIf cfg.integration.enable { - security.acme.certs."ftp".extraDomains."florian.immae.eu" = null; - - services.websites.integration.modules = adminer.apache.modules; - services.websites.integration.vhostConfs.florian = { - certName = "eldiron"; - addToCerts = true; - hosts = [ "florian.immae.eu" ]; - root = "${varDir}/florian.immae.eu"; - extraConfig = [ - adminer.apache.vhostConf - '' - ServerAdmin ${env.server_admin} - - - DirectoryIndex index.php index.htm index.html - Options Indexes FollowSymLinks MultiViews Includes - AllowOverride None - Require all granted - - '' - ]; - }; - }) - ]; -} diff --git a/nixops/modules/websites/ftp/immae.nix b/nixops/modules/websites/ftp/immae.nix deleted file mode 100644 index 2ba30a1..0000000 --- a/nixops/modules/websites/ftp/immae.nix +++ /dev/null @@ -1,68 +0,0 @@ -{ lib, pkgs, config, myconfig, ... }: -let - cfg = config.services.myWebsites.Immae; - varDir = "/var/lib/ftp/immae"; - env = myconfig.env.websites.immae; -in { - options.services.myWebsites.Immae = { - production = { - enable = lib.mkEnableOption "enable Immae's website"; - }; - }; - - config = lib.mkIf cfg.production.enable { - services.webstats.sites = [ { name = "www.immae.eu"; } ]; - - services.myPhpfpm.poolConfigs.immae = '' - listen = /run/phpfpm/immae.sock - user = wwwrun - group = wwwrun - listen.owner = wwwrun - listen.group = wwwrun - - pm = ondemand - pm.max_children = 5 - pm.process_idle_timeout = 60 - - php_admin_value[open_basedir] = "${varDir}:/tmp" - ''; - services.websites.production.modules = [ "proxy_fcgi" ]; - services.websites.production.vhostConfs.immae = { - certName = "eldiron"; - addToCerts = true; - hosts = [ "www.immae.eu" ]; - root = varDir; - extraConfig = [ - '' - Use Stats www.immae.eu - - - SetHandler "proxy:unix:/run/phpfpm/immae.sock|fcgi://localhost" - - - - DirectoryIndex index.php index.htm index.html - Options Indexes FollowSymLinks MultiViews Includes - AllowOverride All - Require all granted - - - - Use LDAPConnect - Require ldap-group cn=blog,cn=immae.eu,ou=services,dc=immae,dc=eu - - '' - ]; - }; - - services.websites.production.vhostConfs.bouya = { - certName = "eldiron"; - addToCerts = true; - hosts = [ "bouya.org" "www.bouya.org" ]; - root = null; - extraConfig = [ '' - RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://www.normalesup.org/~bouya/ - '' ]; - }; - }; -} diff --git a/nixops/modules/websites/ftp/jerome.nix b/nixops/modules/websites/ftp/jerome.nix deleted file mode 100644 index d00c42d..0000000 --- a/nixops/modules/websites/ftp/jerome.nix +++ /dev/null @@ -1,90 +0,0 @@ -{ lib, pkgs, config, myconfig, ... }: -let - adminer = pkgs.callPackage ../commons/adminer.nix {}; - cfg = config.services.myWebsites.Jerome; - varDir = "/var/lib/ftp/jerome"; - env = myconfig.env.websites.jerome; -in { - options.services.myWebsites.Jerome = { - production = { - enable = lib.mkEnableOption "enable Jerome's website"; - }; - }; - - config = lib.mkIf cfg.production.enable { - services.webstats.sites = [ { name = "naturaloutil.immae.eu"; } ]; - - security.acme.certs."ftp".extraDomains."naturaloutil.immae.eu" = null; - - secrets.keys = [{ - dest = "webapps/prod-naturaloutil"; - user = "wwwrun"; - group = "wwwrun"; - permissions = "0400"; - text = '' - ssl_set(NULL, NULL, "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt", NULL, NULL); - '' else ""} - $database = connect_db($db, $mysql_server, $mysql_base, $mysql_user, $mysql_password); - ?> - ''; - }]; - services.myPhpfpm.serviceDependencies.jerome = [ "mysql.service" ]; - services.myPhpfpm.poolConfigs.jerome = '' - listen = /run/phpfpm/naturaloutil.sock - user = wwwrun - group = wwwrun - listen.owner = wwwrun - listen.group = wwwrun - - pm = ondemand - pm.max_children = 5 - pm.process_idle_timeout = 60 - - env[BDD_CONNECT] = "/var/secrets/webapps/prod-naturaloutil" - php_admin_value[open_basedir] = "/var/secrets/webapps/prod-naturaloutil:${varDir}:/tmp" - ''; - services.myPhpfpm.poolPhpConfigs.jerome = '' - extension=${pkgs.php}/lib/php/extensions/mysqli.so - ''; - services.websites.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ]; - services.websites.production.vhostConfs.naturaloutil = { - certName = "naturaloutil"; - certMainHost = "naturaloutil.immae.eu"; - hosts = ["naturaloutil.immae.eu" ]; - root = varDir; - extraConfig = [ - adminer.apache.vhostConf - '' - Use Stats naturaloutil.immae.eu - ServerAdmin ${env.server_admin} - ErrorLog "${varDir}/logs/error_log" - CustomLog "${varDir}/logs/access_log" combined - - - SetHandler "proxy:unix:/run/phpfpm/naturaloutil.sock|fcgi://localhost" - - - - AllowOverride None - Require all denied - - - DirectoryIndex index.php index.htm index.html - Options Indexes FollowSymLinks MultiViews Includes - AllowOverride None - Require all granted - - '' - ]; - }; - }; -} diff --git a/nixops/modules/websites/ftp/leila.nix b/nixops/modules/websites/ftp/leila.nix deleted file mode 100644 index 14bfa20..0000000 --- a/nixops/modules/websites/ftp/leila.nix +++ /dev/null @@ -1,86 +0,0 @@ -{ lib, pkgs, config, ... }: -let - cfg = config.services.myWebsites.Leila; - varDir = "/var/lib/ftp/leila"; -in { - options.services.myWebsites.Leila = { - production = { - enable = lib.mkEnableOption "enable Leila's website in production"; - }; - }; - - config = (lib.mkIf cfg.production.enable { - services.myPhpfpm.poolConfigs.leila = '' - listen = /run/phpfpm/leila.sock - user = wwwrun - group = wwwrun - listen.owner = wwwrun - listen.group = wwwrun - - pm = ondemand - pm.max_children = 5 - pm.process_idle_timeout = 60 - - php_admin_value[open_basedir] = "${varDir}:/tmp" - ''; - - services.webstats.sites = [ - { name = "leila.bouya.org"; } - { name = "chorale.leila.bouya.org"; } - ]; - - services.websites.production.modules = [ "proxy_fcgi" ]; - services.websites.production.vhostConfs.leila_chorale = { - certName = "leila"; - addToCerts = true; - hosts = [ "chorale.leila.bouya.org" "chorale-vocanta.fr.nf" "www.chorale-vocanta.fr.nf" ]; - root = "${varDir}/Chorale"; - extraConfig = [ - '' - Use Stats chorale.leila.bouya.org - - DirectoryIndex index.php index.htm index.html - Options Indexes FollowSymLinks MultiViews Includes - AllowOverride None - - Use LDAPConnect - Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu - - - SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost" - - - '' - ]; - }; - services.websites.production.vhostConfs.leila = { - certName = "leila"; - certMainHost = "leila.bouya.org"; - hosts = [ "leila.bouya.org" ]; - root = varDir; - extraConfig = [ - '' - Use Stats leila.bouya.org - - DirectoryIndex index.htm index.html - Options Indexes FollowSymLinks MultiViews Includes - AllowOverride None - - Use LDAPConnect - Require ldap-group cn=chorale.leila.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu - - - SetHandler "proxy:unix:/run/phpfpm/leila.sock|fcgi://localhost" - - - - DirectoryIndex index.htm index.html - Options Indexes FollowSymLinks MultiViews Includes - AllowOverride None - Require all granted - - '' - ]; - }; - }); -} diff --git a/nixops/modules/websites/ftp/nassime.nix b/nixops/modules/websites/ftp/nassime.nix deleted file mode 100644 index 3c982d3..0000000 --- a/nixops/modules/websites/ftp/nassime.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ lib, pkgs, config, myconfig, ... }: -let - cfg = config.services.myWebsites.Nassime; - varDir = "/var/lib/ftp/nassime"; - env = myconfig.env.websites.nassime; -in { - options.services.myWebsites.Nassime = { - production = { - enable = lib.mkEnableOption "enable Nassime's website"; - }; - }; - - config = lib.mkIf cfg.production.enable { - services.webstats.sites = [ { name = "nassime.bouya.org"; } ]; - - security.acme.certs."ftp".extraDomains."nassime.bouya.org" = null; - - services.websites.production.vhostConfs.nassime = { - certName = "nassime"; - certMainHost = "nassime.bouya.org"; - hosts = ["nassime.bouya.org" ]; - root = varDir; - extraConfig = [ - '' - Use Stats nassime.bouya.org - ServerAdmin ${env.server_admin} - - - DirectoryIndex index.php index.htm index.html - Options Indexes FollowSymLinks MultiViews Includes - AllowOverride None - Require all granted - - '' - ]; - }; - }; -} diff --git a/nixops/modules/websites/ftp/papa.nix b/nixops/modules/websites/ftp/papa.nix deleted file mode 100644 index c8d05ef..0000000 --- a/nixops/modules/websites/ftp/papa.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ lib, pkgs, config, myconfig, ... }: -let - cfg = config.services.myWebsites.Papa; - varDir = "/var/lib/ftp/papa"; -in { - options.services.myWebsites.Papa = { - production = { - enable = lib.mkEnableOption "enable Papa's website"; - }; - }; - - config = lib.mkIf cfg.production.enable { - security.acme.certs."ftp".extraDomains."surveillance.maison.bbc.bouya.org" = null; - - services.cron = { - systemCronJobs = let - script = pkgs.writeScript "cleanup-papa" '' - #!${pkgs.stdenv.shell} - d=$(date -d "7 days ago" +%Y%m%d) - for i in /var/lib/ftp/papa/*/20[0-9][0-9][0-9][0-9][0-9][0-9]; do - if [ "$d" -gt $(basename $i) ]; then - rm -rf "$i" - fi - done - ''; - in - [ - '' - 0 6 * * * wwwrun ${script} - '' - ]; - }; - - services.websites.production.vhostConfs.papa = { - certName = "papa"; - certMainHost = "surveillance.maison.bbc.bouya.org"; - hosts = [ "surveillance.maison.bbc.bouya.org" ]; - root = varDir; - extraConfig = [ - '' - Use Apaxy "${varDir}" "title .duplicity-ignore" - - Use LDAPConnect - Options Indexes - AllowOverride None - Require ldap-group cn=surveillance.maison.bbc.bouya.org,cn=httpd,ou=services,dc=immae,dc=eu - - '' - ]; - }; - }; -} - diff --git a/nixops/modules/websites/ftp/release.nix b/nixops/modules/websites/ftp/release.nix deleted file mode 100644 index db3487f..0000000 --- a/nixops/modules/websites/ftp/release.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ lib, pkgs, config, myconfig, ... }: -let - cfg = config.services.myWebsites.Release; - varDir = "/var/lib/ftp/release.immae.eu"; - env = myconfig.env.websites.release; -in { - options.services.myWebsites.Release = { - production = { - enable = lib.mkEnableOption "enable Release' website"; - }; - }; - - config = lib.mkIf cfg.production.enable { - services.webstats.sites = [ { name = "release.immae.eu"; } ]; - - services.websites.production.vhostConfs.release = { - certName = "eldiron"; - addToCerts = true; - hosts = [ "release.immae.eu" ]; - root = varDir; - extraConfig = [ - '' - Use Stats release.immae.eu - - Use Apaxy "${varDir}" "title .duplicity-ignore" - - Use LDAPConnect - Options Indexes - AllowOverride All - Require all granted - - - - Use LDAPConnect - Options Indexes FollowSymlinks - AllowOverride None - Require all granted - - '' - ]; - }; - }; -} diff --git a/nixops/modules/websites/ftp/temp.nix b/nixops/modules/websites/ftp/temp.nix deleted file mode 100644 index 86dfde3..0000000 --- a/nixops/modules/websites/ftp/temp.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ lib, pkgs, config, myconfig, ... }: -let - cfg = config.services.myWebsites.Temp; - varDir = "/var/lib/ftp/temp.immae.eu"; - env = myconfig.env.websites.temp; -in { - options.services.myWebsites.Temp = { - production = { - enable = lib.mkEnableOption "enable Temp' website"; - }; - }; - - config = lib.mkIf cfg.production.enable { - services.websites.production.modules = [ "headers" ]; - services.websites.production.vhostConfs.temp = { - certName = "eldiron"; - addToCerts = true; - hosts = [ "temp.immae.eu" ]; - root = varDir; - extraConfig = [ - '' - Use Apaxy "${varDir}" "title .duplicity-ignore" - - Header set Content-Disposition attachment - - - Options -Indexes - AllowOverride None - Require all granted - - - - Options Indexes - - '' - ]; - }; - }; -} - diff --git a/nixops/modules/websites/ludivine/default.nix b/nixops/modules/websites/ludivine/default.nix deleted file mode 100644 index 70d5199..0000000 --- a/nixops/modules/websites/ludivine/default.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ lib, pkgs, config, myconfig, ... }: -let - ludivinecassal_dev = pkgs.callPackage ./ludivinecassal.nix { - inherit (pkgs.webapps) ludivinecassal; - config = myconfig.env.websites.ludivinecassal.integration; - }; - ludivinecassal_prod = pkgs.callPackage ./ludivinecassal.nix { - inherit (pkgs.webapps) ludivinecassal; - config = myconfig.env.websites.ludivinecassal.production; - }; - - cfg = config.services.myWebsites.Ludivine; -in { - options.services.myWebsites.Ludivine = { - production = { - enable = lib.mkEnableOption "enable Ludivine's website in production"; - }; - integration = { - enable = lib.mkEnableOption "enable Ludivine's website in integration"; - }; - }; - - config = lib.mkMerge [ - (lib.mkIf cfg.production.enable { - secrets.keys = ludivinecassal_prod.keys; - services.webstats.sites = [ { name = "ludivinecassal.com"; } ]; - - services.myPhpfpm.preStart.ludivinecassal_prod = ludivinecassal_prod.phpFpm.preStart; - services.myPhpfpm.serviceDependencies.ludivinecassal_prod = ludivinecassal_prod.phpFpm.serviceDeps; - services.myPhpfpm.poolConfigs.ludivinecassal_prod = ludivinecassal_prod.phpFpm.pool; - system.activationScripts.ludivinecassal_prod = ludivinecassal_prod.activationScript; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${ludivinecassal_prod.app.webRoot} $out/webapps/${ludivinecassal_prod.apache.webappName} - ''; - services.websites.production.modules = ludivinecassal_prod.apache.modules; - services.websites.production.vhostConfs.ludivine = { - certName = "ludivinecassal"; - certMainHost = "ludivinecassal.com"; - hosts = ["ludivinecassal.com" "www.ludivinecassal.com" ]; - root = ludivinecassal_prod.apache.root; - extraConfig = [ ludivinecassal_prod.apache.vhostConf ]; - }; - }) - (lib.mkIf cfg.integration.enable { - secrets.keys = ludivinecassal_dev.keys; - - services.myPhpfpm.preStart.ludivinecassal_dev = ludivinecassal_dev.phpFpm.preStart; - services.myPhpfpm.serviceDependencies.ludivinecassal_dev = ludivinecassal_dev.phpFpm.serviceDeps; - services.myPhpfpm.poolConfigs.ludivinecassal_dev = ludivinecassal_dev.phpFpm.pool; - system.activationScripts.ludivinecassal_dev = ludivinecassal_dev.activationScript; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${ludivinecassal_dev.app.webRoot} $out/webapps/${ludivinecassal_dev.apache.webappName} - ''; - services.websites.integration.modules = ludivinecassal_dev.apache.modules; - services.websites.integration.vhostConfs.ludivine = { - certName = "eldiron"; - addToCerts = true; - hosts = [ "ludivine.immae.eu" ]; - root = ludivinecassal_dev.apache.root; - extraConfig = [ ludivinecassal_dev.apache.vhostConf ]; - }; - }) - ]; -} diff --git a/nixops/modules/websites/ludivine/ludivinecassal.nix b/nixops/modules/websites/ludivine/ludivinecassal.nix deleted file mode 100644 index 39fd088..0000000 --- a/nixops/modules/websites/ludivine/ludivinecassal.nix +++ /dev/null @@ -1,157 +0,0 @@ -{ config, ludivinecassal, pkgs, ruby, sass, imagemagick }: -rec { - app = ludivinecassal.override { inherit (config) environment; }; - varDir = "/var/lib/ludivinecassal_${app.environment}"; - keys = [{ - dest = "webapps/${app.environment}-ludivinecassal"; - user = apache.user; - group = apache.group; - permissions = "0400"; - text = '' - # This file is auto-generated during the composer install - parameters: - database_host: ${config.mysql.host} - database_port: ${config.mysql.port} - database_name: ${config.mysql.name} - database_user: ${config.mysql.user} - database_password: ${config.mysql.password} - database_server_version: ${pkgs.mariadb.mysqlVersion} - mailer_transport: smtp - mailer_host: 127.0.0.1 - mailer_user: null - mailer_password: null - secret: ${config.secret} - ldap_host: ldap.immae.eu - ldap_port: 636 - ldap_version: 3 - ldap_ssl: true - ldap_tls: false - ldap_user_bind: 'uid={username},ou=users,dc=immae,dc=eu' - ldap_base_dn: 'dc=immae,dc=eu' - ldap_search_dn: '${config.ldap.dn}' - ldap_search_password: '${config.ldap.password}' - ldap_search_filter: '${config.ldap.search}' - leapt_im: - binary_path: ${imagemagick}/bin - assetic: - sass: ${sass}/bin/sass - ruby: ${ruby}/bin/ruby - ''; - }]; - phpFpm = rec { - preStart = '' - if [ ! -f "${app.varDir}/currentWebappDir" -o \ - ! -f "${app.varDir}/currentKey" -o \ - "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \ - || ! sha512sum -c --status ${app.varDir}/currentKey; then - pushd ${app} > /dev/null - /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${app.environment} cache:clear --no-warmup - popd > /dev/null - echo -n "${app}" > ${app.varDir}/currentWebappDir - sha512sum /var/secrets/webapps/${app.environment}-ludivinecassal > ${app.varDir}/currentKey - fi - ''; - serviceDeps = [ "mysql.service" ]; - socket = "/var/run/phpfpm/ludivinecassal-${app.environment}.sock"; - pool = '' - listen = ${socket} - user = ${apache.user} - group = ${apache.group} - listen.owner = ${apache.user} - listen.group = ${apache.group} - php_admin_value[upload_max_filesize] = 20M - php_admin_value[post_max_size] = 20M - ;php_admin_flag[log_errors] = on - php_admin_value[open_basedir] = "/var/secrets/webapps/${app.environment}-ludivinecassal:${app}:${app.varDir}:/tmp" - php_admin_value[session.save_path] = "${app.varDir}/phpSessions" - ${if app.environment == "dev" then '' - pm = ondemand - pm.max_children = 5 - pm.process_idle_timeout = 60 - env[SYMFONY_DEBUG_MODE] = "yes" - '' else '' - pm = dynamic - pm.max_children = 20 - pm.start_servers = 2 - pm.min_spare_servers = 1 - pm.max_spare_servers = 3 - ''}''; - }; - apache = rec { - user = "wwwrun"; - group = "wwwrun"; - modules = [ "proxy_fcgi" ]; - webappName = "ludivine_${app.environment}"; - root = "/run/current-system/webapps/${webappName}"; - vhostConf = '' - - SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" - - - ${if app.environment == "dev" then '' - - Use LDAPConnect - Require ldap-group cn=ludivine.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu - ErrorDocument 401 "" - - - - Options Indexes FollowSymLinks MultiViews Includes - AllowOverride None - Require all granted - - DirectoryIndex app_dev.php - - - Options -MultiViews - - - - RewriteEngine On - - RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$ - RewriteRule ^(.*) - [E=BASE:%1] - - # Maintenance script - RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f - RewriteCond %{SCRIPT_FILENAME} !maintenance.php - RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L] - ErrorDocument 503 /maintenance.php - - # Sets the HTTP_AUTHORIZATION header removed by Apache - RewriteCond %{HTTP:Authorization} . - RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] - - RewriteCond %{ENV:REDIRECT_STATUS} ^$ - RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L] - - # If the requested filename exists, simply serve it. - # We only want to let Apache serve files and not directories. - RewriteCond %{REQUEST_FILENAME} -f - RewriteRule ^ - [L] - - # Rewrite all other queries to the front controller. - RewriteRule ^ %{ENV:BASE}/app_dev.php [L] - - - - '' else '' - Use Stats ludivinecassal.com - - - Options Indexes FollowSymLinks MultiViews Includes - AllowOverride All - Require all granted - - ''} - ''; - }; - activationScript = { - deps = [ "wrappers" ]; - text = '' - install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} - install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/tmp - install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions - ''; - }; -} diff --git a/nixops/modules/websites/piedsjaloux/default.nix b/nixops/modules/websites/piedsjaloux/default.nix deleted file mode 100644 index a5ee24f..0000000 --- a/nixops/modules/websites/piedsjaloux/default.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ lib, pkgs, config, myconfig, ... }: -let - piedsjaloux_dev = pkgs.callPackage ./piedsjaloux.nix { - inherit (pkgs.webapps) piedsjaloux; - config = myconfig.env.websites.piedsjaloux.integration; - }; - piedsjaloux_prod = pkgs.callPackage ./piedsjaloux.nix { - inherit (pkgs.webapps) piedsjaloux; - config = myconfig.env.websites.piedsjaloux.production; - }; - - cfg = config.services.myWebsites.PiedsJaloux; -in { - options.services.myWebsites.PiedsJaloux = { - production = { - enable = lib.mkEnableOption "enable PiedsJaloux's website in production"; - }; - integration = { - enable = lib.mkEnableOption "enable PiedsJaloux's website in integration"; - }; - }; - - config = lib.mkMerge [ - (lib.mkIf cfg.production.enable { - secrets.keys = piedsjaloux_prod.keys; - services.webstats.sites = [ { name = "piedsjaloux.fr"; } ]; - - services.myPhpfpm.preStart.piedsjaloux_prod = piedsjaloux_prod.phpFpm.preStart; - services.myPhpfpm.serviceDependencies.piedsjaloux_prod = piedsjaloux_prod.phpFpm.serviceDeps; - services.myPhpfpm.poolConfigs.piedsjaloux_prod = piedsjaloux_prod.phpFpm.pool; - system.activationScripts.piedsjaloux_prod = piedsjaloux_prod.activationScript; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${piedsjaloux_prod.app.webRoot} $out/webapps/${piedsjaloux_prod.apache.webappName} - ''; - services.websites.production.modules = piedsjaloux_prod.apache.modules; - services.websites.production.vhostConfs.piedsjaloux = { - certName = "piedsjaloux"; - certMainHost = "piedsjaloux.fr"; - hosts = [ "piedsjaloux.fr" "www.piedsjaloux.fr" ]; - root = piedsjaloux_prod.apache.root; - extraConfig = [ piedsjaloux_prod.apache.vhostConf ]; - }; - }) - (lib.mkIf cfg.integration.enable { - secrets.keys = piedsjaloux_dev.keys; - services.myPhpfpm.preStart.piedsjaloux_dev = piedsjaloux_dev.phpFpm.preStart; - services.myPhpfpm.serviceDependencies.piedsjaloux_dev = piedsjaloux_dev.phpFpm.serviceDeps; - services.myPhpfpm.poolConfigs.piedsjaloux_dev = piedsjaloux_dev.phpFpm.pool; - system.activationScripts.piedsjaloux_dev = piedsjaloux_dev.activationScript; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${piedsjaloux_dev.app.webRoot} $out/webapps/${piedsjaloux_dev.apache.webappName} - ''; - services.websites.integration.modules = piedsjaloux_dev.apache.modules; - services.websites.integration.vhostConfs.piedsjaloux = { - certName = "eldiron"; - addToCerts = true; - hosts = [ "piedsjaloux.immae.eu" ]; - root = piedsjaloux_dev.apache.root; - extraConfig = [ piedsjaloux_dev.apache.vhostConf ]; - }; - }) - ]; -} - diff --git a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix b/nixops/modules/websites/piedsjaloux/piedsjaloux.nix deleted file mode 100644 index 97f8946..0000000 --- a/nixops/modules/websites/piedsjaloux/piedsjaloux.nix +++ /dev/null @@ -1,146 +0,0 @@ -{ piedsjaloux, config, pkgs, lib, texlive, imagemagick }: -rec { - app = piedsjaloux.override { inherit (config) environment; }; - varDir = "/var/lib/piedsjaloux_${app.environment}"; - keys = [{ - dest = "webapps/${app.environment}-piedsjaloux"; - user = apache.user; - group = apache.group; - permissions = "0400"; - text = '' - # This file is auto-generated during the composer install - parameters: - database_host: ${config.mysql.host} - database_port: ${config.mysql.port} - database_name: ${config.mysql.name} - database_user: ${config.mysql.user} - database_password: ${config.mysql.password} - database_server_version: ${pkgs.mariadb.mysqlVersion} - mailer_transport: smtp - mailer_host: 127.0.0.1 - mailer_user: null - mailer_password: null - secret: ${config.secret} - pdflatex: "${texlive.combine { inherit (texlive) attachfile preprint scheme-small; }}/bin/pdflatex" - leapt_im: - binary_path: ${imagemagick}/bin - ''; - }]; - phpFpm = rec { - preStart = '' - if [ ! -f "${app.varDir}/currentWebappDir" -o \ - ! -f "${app.varDir}/currentKey" -o \ - "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \ - || ! sha512sum -c --status ${app.varDir}/currentKey; then - pushd ${app} > /dev/null - /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${app.environment} cache:clear --no-warmup - popd > /dev/null - echo -n "${app}" > ${app.varDir}/currentWebappDir - sha512sum /var/secrets/webapps/${app.environment}-piedsjaloux > ${app.varDir}/currentKey - fi - ''; - serviceDeps = [ "mysql.service" ]; - socket = "/var/run/phpfpm/piedsjaloux-${app.environment}.sock"; - pool = '' - listen = ${socket} - user = ${apache.user} - group = ${apache.group} - listen.owner = ${apache.user} - listen.group = ${apache.group} - php_admin_value[upload_max_filesize] = 20M - php_admin_value[post_max_size] = 20M - ;php_admin_flag[log_errors] = on - php_admin_value[open_basedir] = "/var/secrets/webapps/${app.environment}-piedsjaloux:${app}:${app.varDir}:/tmp" - php_admin_value[session.save_path] = "${app.varDir}/phpSessions" - env[PATH] = ${lib.makeBinPath [ pkgs.apg pkgs.unzip ]} - ${if app.environment == "dev" then '' - pm = ondemand - pm.max_children = 5 - pm.process_idle_timeout = 60 - env[SYMFONY_DEBUG_MODE] = "yes" - '' else '' - pm = dynamic - pm.max_children = 20 - pm.start_servers = 2 - pm.min_spare_servers = 1 - pm.max_spare_servers = 3 - ''}''; - }; - apache = rec { - user = "wwwrun"; - group = "wwwrun"; - modules = [ "proxy_fcgi" ]; - webappName = "piedsjaloux_${app.environment}"; - root = "/run/current-system/webapps/${webappName}"; - vhostConf = '' - - SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" - - - ${if app.environment == "dev" then '' - - Use LDAPConnect - Require ldap-group cn=piedsjaloux.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu - ErrorDocument 401 "" - - - - Options Indexes FollowSymLinks MultiViews Includes - AllowOverride None - Require all granted - - DirectoryIndex app_dev.php - - - Options -MultiViews - - - - RewriteEngine On - - RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$ - RewriteRule ^(.*) - [E=BASE:%1] - - # Maintenance script - RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f - RewriteCond %{SCRIPT_FILENAME} !maintenance.php - RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L] - ErrorDocument 503 /maintenance.php - - # Sets the HTTP_AUTHORIZATION header removed by Apache - RewriteCond %{HTTP:Authorization} . - RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] - - RewriteCond %{ENV:REDIRECT_STATUS} ^$ - RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L] - - # If the requested filename exists, simply serve it. - # We only want to let Apache serve files and not directories. - RewriteCond %{REQUEST_FILENAME} -f - RewriteRule ^ - [L] - - # Rewrite all other queries to the front controller. - RewriteRule ^ %{ENV:BASE}/app_dev.php [L] - - - - '' else '' - Use Stats piedsjaloux.fr - - - Options Indexes FollowSymLinks MultiViews Includes - AllowOverride All - Require all granted - - ''} - ''; - }; - activationScript = { - deps = [ "wrappers" ]; - text = '' - install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} \ - ${app.varDir}/tmp - install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions - ''; - }; -} diff --git a/nixops/modules/websites/tellesflorian/default.nix b/nixops/modules/websites/tellesflorian/default.nix deleted file mode 100644 index bbbde07..0000000 --- a/nixops/modules/websites/tellesflorian/default.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ lib, pkgs, config, myconfig, ... }: -let - adminer = pkgs.callPackage ../commons/adminer.nix {}; - - tellesflorian_dev = pkgs.callPackage ./tellesflorian.nix { - inherit (pkgs.webapps) tellesflorian; - config = myconfig.env.websites.tellesflorian.integration; - }; - - cfg = config.services.myWebsites.TellesFlorian; -in { - options.services.myWebsites.TellesFlorian = { - integration = { - enable = lib.mkEnableOption "enable Florian Telles's website in integration"; - }; - }; - - config = lib.mkIf cfg.integration.enable { - secrets.keys = tellesflorian_dev.keys; - services.myPhpfpm.preStart.tellesflorian_dev = tellesflorian_dev.phpFpm.preStart; - services.myPhpfpm.serviceDependencies.tellesflorian_dev = tellesflorian_dev.phpFpm.serviceDeps; - services.myPhpfpm.poolConfigs.tellesflorian_dev = tellesflorian_dev.phpFpm.pool; - system.activationScripts.tellesflorian_dev = tellesflorian_dev.activationScript; - system.extraSystemBuilderCmds = '' - mkdir -p $out/webapps - ln -s ${tellesflorian_dev.app.webRoot} $out/webapps/${tellesflorian_dev.apache.webappName} - ''; - services.websites.integration.modules = adminer.apache.modules ++ tellesflorian_dev.apache.modules; - services.websites.integration.vhostConfs.tellesflorian = { - certName = "eldiron"; - addToCerts = true; - hosts = ["app.tellesflorian.com" ]; - root = tellesflorian_dev.apache.root; - extraConfig = [ - tellesflorian_dev.apache.vhostConf - adminer.apache.vhostConf - ]; - }; - }; -} diff --git a/nixops/modules/websites/tellesflorian/tellesflorian.nix b/nixops/modules/websites/tellesflorian/tellesflorian.nix deleted file mode 100644 index 5955431..0000000 --- a/nixops/modules/websites/tellesflorian/tellesflorian.nix +++ /dev/null @@ -1,154 +0,0 @@ -{ tellesflorian, config }: -rec { - app = tellesflorian.override { inherit (config) environment; }; - keys = [ - { - dest = "webapps/${app.environment}-tellesflorian-passwords"; - user = apache.user; - group = apache.group; - permissions = "0400"; - text = '' - invite:${config.invite_passwords} - ''; - } - { - dest = "webapps/${app.environment}-tellesflorian"; - user = apache.user; - group = apache.group; - permissions = "0400"; - text = '' - # This file is auto-generated during the composer install - parameters: - database_host: ${config.mysql.host} - database_port: ${config.mysql.port} - database_name: ${config.mysql.name} - database_user: ${config.mysql.user} - database_password: ${config.mysql.password} - mailer_transport: smtp - mailer_host: 127.0.0.1 - mailer_user: null - mailer_password: null - secret: ${config.secret} - ''; - } - ]; - phpFpm = rec { - preStart = '' - if [ ! -f "${app.varDir}/currentWebappDir" -o \ - ! -f "${app.varDir}/currentKey" -o \ - "${app}" != "$(cat ${app.varDir}/currentWebappDir 2>/dev/null)" ] \ - || ! sha512sum -c --status ${app.varDir}/currentKey; then - pushd ${app} > /dev/null - /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=${app.environment} cache:clear --no-warmup - popd > /dev/null - echo -n "${app}" > ${app.varDir}/currentWebappDir - sha512sum /var/secrets/webapps/${app.environment}-tellesflorian > ${app.varDir}/currentKey - fi - ''; - serviceDeps = [ "mysql.service" ]; - socket = "/var/run/phpfpm/floriantelles-${app.environment}.sock"; - pool = '' - listen = ${socket} - user = ${apache.user} - group = ${apache.group} - listen.owner = ${apache.user} - listen.group = ${apache.group} - php_admin_value[upload_max_filesize] = 20M - php_admin_value[post_max_size] = 20M - ;php_admin_flag[log_errors] = on - php_admin_value[open_basedir] = "/var/secrets/webapps/${app.environment}-tellesflorian:${app}:${app.varDir}:/tmp" - php_admin_value[session.save_path] = "${app.varDir}/phpSessions" - ${if app.environment == "dev" then '' - pm = ondemand - pm.max_children = 5 - pm.process_idle_timeout = 60 - env[SYMFONY_DEBUG_MODE] = "yes" - '' else '' - pm = dynamic - pm.max_children = 20 - pm.start_servers = 2 - pm.min_spare_servers = 1 - pm.max_spare_servers = 3 - ''}''; - }; - apache = rec { - user = "wwwrun"; - group = "wwwrun"; - modules = [ "proxy_fcgi" ]; - webappName = "florian_${app.environment}"; - root = "/run/current-system/webapps/${webappName}"; - vhostConf = '' - - SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" - - - ${if app.environment == "dev" then '' - - AuthBasicProvider file ldap - Use LDAPConnect - Require ldap-group cn=app.tellesflorian.com,cn=httpd,ou=services,dc=immae,dc=eu - - AuthUserFile "/var/secrets/webapps/${app.environment}-tellesflorian-passwords" - Require user "invite" - - ErrorDocument 401 "" - - - - Options Indexes FollowSymLinks MultiViews Includes - AllowOverride None - Require all granted - - DirectoryIndex app_dev.php - - - Options -MultiViews - - - - RewriteEngine On - - RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$ - RewriteRule ^(.*) - [E=BASE:%1] - - # Maintenance script - RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f - RewriteCond %{SCRIPT_FILENAME} !maintenance.php - RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L] - ErrorDocument 503 /maintenance.php - - # Sets the HTTP_AUTHORIZATION header removed by Apache - RewriteCond %{HTTP:Authorization} . - RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] - - RewriteCond %{ENV:REDIRECT_STATUS} ^$ - RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L] - - # If the requested filename exists, simply serve it. - # We only want to let Apache serve files and not directories. - RewriteCond %{REQUEST_FILENAME} -f - RewriteRule ^ - [L] - - # Rewrite all other queries to the front controller. - RewriteRule ^ %{ENV:BASE}/app_dev.php [L] - - - - '' else '' - - Options Indexes FollowSymLinks MultiViews Includes - AllowOverride All - Require all granted - - ''} - ''; - }; - activationScript = { - deps = [ "wrappers" ]; - text = '' - install -m 0755 -o ${apache.user} -g ${apache.group} -d ${app.varDir} \ - ${app.varDir}/var - install -m 0750 -o ${apache.user} -g ${apache.group} -d ${app.varDir}/phpSessions - ''; - }; -} -- cgit v1.2.3