From 091ae73429b8853e6ab971bffaccd84bdd59f40d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Thu, 10 Jan 2019 23:02:54 +0100
Subject: Move packages fils to module

---
 virtual/modules/websites/chloe/chloe.nix | 131 +++++++++++++++++++++++++++++++
 1 file changed, 131 insertions(+)
 create mode 100644 virtual/modules/websites/chloe/chloe.nix

(limited to 'virtual/modules/websites/chloe/chloe.nix')

diff --git a/virtual/modules/websites/chloe/chloe.nix b/virtual/modules/websites/chloe/chloe.nix
new file mode 100644
index 0000000..126d8e7
--- /dev/null
+++ b/virtual/modules/websites/chloe/chloe.nix
@@ -0,0 +1,131 @@
+{ stdenv, lib, checkEnv, fetchzip, fetchurl, fetchedGitPrivate, sassc }:
+let
+  chloe = { environment ? "dev" }: rec {
+    varPrefix = "CHLOE";
+    envName= lib.strings.toUpper environment;
+    phpFpm = rec {
+      socket = "/var/run/phpfpm/chloe-${environment}.sock";
+      pool = 
+      assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD";
+      assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER";
+      assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_DB";
+      assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_DN";
+      assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_PASSWORD";
+      assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH";
+      ''
+        listen = ${socket}
+        user = ${apache.user}
+        group = ${apache.group}
+        listen.owner = ${apache.user}
+        listen.group = ${apache.group}
+        php_admin_value[upload_max_filesize] = 20M
+        php_admin_value[post_max_size] = 20M
+        ;php_admin_flag[log_errors] = on
+        php_admin_value[open_basedir] = "${../commons/spip/spip_mes_options.php}:${configDir}:${webRoot}:${varDir}:/tmp"
+        php_admin_value[session.save_path] = "${varDir}/phpSessions"
+        env[SPIP_CONFIG_DIR] = "${configDir}"
+        env[SPIP_VAR_DIR] = "${varDir}"
+        env[SPIP_SITE] = "chloe-${environment}"
+        env[SPIP_LDAP_BASE] = "dc=immae,dc=eu"
+        env[SPIP_LDAP_HOST] = "ldaps://ldap.immae.eu"
+        env[SPIP_LDAP_SEARCH_DN] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_DN"}"
+        env[SPIP_LDAP_SEARCH_PW] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_PASSWORD"}"
+        env[SPIP_LDAP_SEARCH] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH"}"
+        env[SPIP_MYSQL_HOST] = "db-1.immae.eu"
+        env[SPIP_MYSQL_DB] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_DB"}"
+        env[SPIP_MYSQL_USER] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"}"
+        env[SPIP_MYSQL_PASSWORD] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"}"
+        ${if environment == "dev" then ''
+        pm = ondemand
+        pm.max_children = 5
+        pm.process_idle_timeout = 60
+        '' else ''
+        pm = dynamic
+        pm.max_children = 20
+        pm.start_servers = 2
+        pm.min_spare_servers = 1
+        pm.max_spare_servers = 3
+        ''}'';
+    };
+    apache = {
+      user = "wwwrun";
+      group = "wwwrun";
+      modules = [ "proxy_fcgi" ];
+      vhostConf = ''
+        RewriteEngine On
+        ${if environment == "prod" then ''
+        RewriteRule ^/news.rss  /spip.php?page=backend&id_rubrique=1
+        '' else ""}
+
+        <FilesMatch "\.php$">
+          SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+        </FilesMatch>
+
+        <Directory ${webRoot}>
+          DirectoryIndex index.php index.htm index.html
+          Options -Indexes +FollowSymLinks +MultiViews +Includes
+          Include ${webRoot}/htaccess.txt
+
+          AllowOverride AuthConfig FileInfo Limit
+          Require all granted
+        </Directory>
+
+        <DirectoryMatch "${webRoot}/squelettes">
+          Require all denied
+        </DirectoryMatch>
+
+        <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$">
+          Require all denied
+        </FilesMatch>
+
+        ${if environment == "dev" then ''
+        <Location />
+          Use LDAPConnect
+          Require ldap-group cn=chloe.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
+          ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://osteopathe-cc.fr\"></html>"
+        </Location>
+        '' else ''
+        Use Stats osteopathe-cc.fr
+        ''}
+        '';
+    };
+    activationScript = {
+      deps = [ "wrappers" ];
+      text = ''
+        install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} ${varDir}/IMG ${varDir}/tmp ${varDir}/local
+        install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
+      '';
+    };
+    configDir = ./chloe_config;
+    varDir = "/var/lib/chloe_${environment}";
+    siteDir = stdenv.mkDerivation (fetchedGitPrivate ./chloe.json // rec {
+      buildPhase = ''
+        make
+        '';
+      installPhase = ''
+        cp -a . $out
+        '';
+      buildInputs = [ sassc ];
+    });
+    webRoot = stdenv.mkDerivation rec {
+      name = "chloe-${environment}-spip-${version}";
+      version = "3.2";
+      src = fetchzip {
+        url = "http://files.spip.org/spip/stable/spip-${version}.zip";
+        sha256 = "0cacpxs9nv61i3hzd3nbmplq4mp22s886llhacp3n4923jd6snx5";
+      };
+      paches = [ ../commons/spip/spip_ldap_patch.patch ];
+      buildPhase = ''
+        rm -rf IMG local tmp config/remove.txt
+        ln -sf ${../commons/spip/spip_mes_options.php} config/mes_options.php
+        echo "Require all denied" > "config/.htaccess"
+        ln -sf ../../../../../${varDir}/{IMG,local} .
+      '';
+      installPhase = ''
+        cp -a . $out
+        cp -a ${siteDir}/* $out
+      '';
+    };
+  };
+in
+  chloe
-- 
cgit v1.2.3