From 091ae73429b8853e6ab971bffaccd84bdd59f40d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Thu, 10 Jan 2019 23:02:54 +0100 Subject: Move packages fils to module --- virtual/modules/websites.nix | 10 +- virtual/modules/websites/aten.nix | 60 ------- virtual/modules/websites/aten/aten.json | 14 ++ virtual/modules/websites/aten/aten.nix | 126 ++++++++++++++ virtual/modules/websites/aten/default.nix | 64 ++++++++ virtual/modules/websites/aten/goaccess.conf | 99 +++++++++++ virtual/modules/websites/chloe.nix | 58 ------- virtual/modules/websites/chloe/chloe.json | 14 ++ virtual/modules/websites/chloe/chloe.nix | 131 +++++++++++++++ .../modules/websites/chloe/chloe_config/chmod.php | 4 + .../websites/chloe/chloe_config/connect.php | 6 + .../modules/websites/chloe/chloe_config/ldap.php | 9 + virtual/modules/websites/chloe/default.nix | 62 +++++++ virtual/modules/websites/chloe/goaccess.conf | 99 +++++++++++ .../websites/commons/spip/spip_ldap_patch.patch | 60 +++++++ .../websites/commons/spip/spip_mes_options.php | 18 ++ virtual/modules/websites/connexionswing.nix | 62 ------- .../websites/connexionswing/connexionswing.json | 14 ++ .../websites/connexionswing/connexionswing.nix | 181 +++++++++++++++++++++ .../modules/websites/connexionswing/default.nix | 66 ++++++++ .../modules/websites/connexionswing/goaccess.conf | 99 +++++++++++ virtual/modules/websites/ludivine.nix | 60 ------- virtual/modules/websites/ludivine/default.nix | 60 +++++++ virtual/modules/websites/ludivine/goaccess.conf | 99 +++++++++++ .../modules/websites/ludivine/ludivinecassal.json | 14 ++ .../modules/websites/ludivine/ludivinecassal.nix | 181 +++++++++++++++++++++ virtual/modules/websites/piedsjaloux.nix | 63 ------- virtual/modules/websites/piedsjaloux/default.nix | 63 +++++++ virtual/modules/websites/piedsjaloux/goaccess.conf | 99 +++++++++++ .../modules/websites/piedsjaloux/piedsjaloux.json | 14 ++ .../modules/websites/piedsjaloux/piedsjaloux.nix | 171 +++++++++++++++++++ 31 files changed, 1772 insertions(+), 308 deletions(-) delete mode 100644 virtual/modules/websites/aten.nix create mode 100644 virtual/modules/websites/aten/aten.json create mode 100644 virtual/modules/websites/aten/aten.nix create mode 100644 virtual/modules/websites/aten/default.nix create mode 100644 virtual/modules/websites/aten/goaccess.conf delete mode 100644 virtual/modules/websites/chloe.nix create mode 100644 virtual/modules/websites/chloe/chloe.json create mode 100644 virtual/modules/websites/chloe/chloe.nix create mode 100644 virtual/modules/websites/chloe/chloe_config/chmod.php create mode 100644 virtual/modules/websites/chloe/chloe_config/connect.php create mode 100644 virtual/modules/websites/chloe/chloe_config/ldap.php create mode 100644 virtual/modules/websites/chloe/default.nix create mode 100644 virtual/modules/websites/chloe/goaccess.conf create mode 100644 virtual/modules/websites/commons/spip/spip_ldap_patch.patch create mode 100644 virtual/modules/websites/commons/spip/spip_mes_options.php delete mode 100644 virtual/modules/websites/connexionswing.nix create mode 100644 virtual/modules/websites/connexionswing/connexionswing.json create mode 100644 virtual/modules/websites/connexionswing/connexionswing.nix create mode 100644 virtual/modules/websites/connexionswing/default.nix create mode 100644 virtual/modules/websites/connexionswing/goaccess.conf delete mode 100644 virtual/modules/websites/ludivine.nix create mode 100644 virtual/modules/websites/ludivine/default.nix create mode 100644 virtual/modules/websites/ludivine/goaccess.conf create mode 100644 virtual/modules/websites/ludivine/ludivinecassal.json create mode 100644 virtual/modules/websites/ludivine/ludivinecassal.nix delete mode 100644 virtual/modules/websites/piedsjaloux.nix create mode 100644 virtual/modules/websites/piedsjaloux/default.nix create mode 100644 virtual/modules/websites/piedsjaloux/goaccess.conf create mode 100644 virtual/modules/websites/piedsjaloux/piedsjaloux.json create mode 100644 virtual/modules/websites/piedsjaloux/piedsjaloux.nix (limited to 'virtual/modules') diff --git a/virtual/modules/websites.nix b/virtual/modules/websites.nix index cbd7de0..d794c7a 100644 --- a/virtual/modules/websites.nix +++ b/virtual/modules/websites.nix @@ -59,11 +59,11 @@ let in { imports = [ - ./websites/chloe.nix - ./websites/ludivine.nix - ./websites/aten.nix - ./websites/piedsjaloux.nix - ./websites/connexionswing.nix + ./websites/chloe + ./websites/ludivine + ./websites/aten + ./websites/piedsjaloux + ./websites/connexionswing # built using: # sed -e "s/services\.httpd/services\.httpdProd/g" .nix-defexpr/channels/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix # And removed users / groups diff --git a/virtual/modules/websites/aten.nix b/virtual/modules/websites/aten.nix deleted file mode 100644 index 4688db3..0000000 --- a/virtual/modules/websites/aten.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ lib, pkgs, config, mylibs, ... }: -let - aten = pkgs.callPackage ../../packages/aten.nix { inherit (mylibs) checkEnv fetchedGitPrivate; }; - aten_dev = aten { environment = "dev"; }; - aten_prod = aten { environment = "prod"; }; - - cfg = config.services.myWebsites.Aten; -in { - options.services.myWebsites.Aten = { - production = { - enable = lib.mkEnableOption "enable Aten's website in production"; - }; - integration = { - enable = lib.mkEnableOption "enable Aten's website in integration"; - }; - }; - - config = lib.mkMerge [ - (lib.mkIf cfg.production.enable { - services.myWebsites.commons.stats.enable = true; - services.myWebsites.commons.stats.sites = [ - { - name = "aten.pro"; - conf = ../../packages/aten_goaccess.conf; - } - ]; - - security.acme.certs."aten" = config.services.myCertificates.certConfig // { - domain = "aten.pro"; - extraDomains = { - "www.aten.pro" = null; - }; - }; - - services.phpfpm.poolConfigs.aten_prod = aten_prod.phpFpm.pool; - system.activationScripts.aten_prod = aten_prod.activationScript; - services.myWebsites.apacheConfig.aten_prod.modules = aten_prod.apache.modules; - services.myWebsites.production.modules = aten_prod.apache.modules; - services.myWebsites.production.vhostConfs.aten = { - certName = "aten"; - hosts = [ "aten.pro" "www.aten.pro" ]; - root = aten_prod.webRoot; - extraConfig = [ aten_prod.apache.vhostConf ]; - }; - }) - (lib.mkIf cfg.integration.enable { - security.acme.certs."eldiron".extraDomains."dev.aten.pro" = null; - services.phpfpm.poolConfigs.aten_dev = aten_dev.phpFpm.pool; - system.activationScripts.aten_dev = aten_dev.activationScript; - services.myWebsites.integration.modules = aten_dev.apache.modules; - services.myWebsites.integration.vhostConfs.aten = { - certName = "eldiron"; - hosts = [ "dev.aten.pro" ]; - root = aten_dev.webRoot; - extraConfig = [ aten_dev.apache.vhostConf ]; - }; - }) - ]; -} - diff --git a/virtual/modules/websites/aten/aten.json b/virtual/modules/websites/aten/aten.json new file mode 100644 index 0000000..53569b6 --- /dev/null +++ b/virtual/modules/websites/aten/aten.json @@ -0,0 +1,14 @@ +{ + "tag": "b99537f-master", + "meta": { + "name": "aten", + "url": "gitolite@git.immae.eu:perso/Immae/Sites/Aten", + "branch": "master" + }, + "git": { + "url": "gitolite@git.immae.eu:perso/Immae/Sites/Aten", + "rev": "b99537fdad41291afb4f1bb8b2e2aa4081c71fae", + "sha256": "15mlyik6zivxwry6zc906bqnivxhby27yr8kj4lg5n68pvb877dn", + "fetchSubmodules": true + } +} diff --git a/virtual/modules/websites/aten/aten.nix b/virtual/modules/websites/aten/aten.nix new file mode 100644 index 0000000..d67f7b7 --- /dev/null +++ b/virtual/modules/websites/aten/aten.nix @@ -0,0 +1,126 @@ +{ lib, checkEnv, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages, yarn }: +let + aten = { environment ? "dev" }: rec { + varPrefix = "ATEN"; + varDir = "/var/lib/aten_${environment}"; + envName= lib.strings.toUpper environment; + phpFpm = rec { + socket = "/var/run/phpfpm/aten-${environment}.sock"; + pool = '' + listen = ${socket} + user = ${apache.user} + group = ${apache.group} + listen.owner = ${apache.user} + listen.group = ${apache.group} + php_admin_value[upload_max_filesize] = 20M + php_admin_value[post_max_size] = 20M + ;php_admin_flag[log_errors] = on + php_admin_value[open_basedir] = "${webappDir}:${varDir}:/tmp" + php_admin_value[session.save_path] = "${varDir}/phpSessions" + ${if environment == "dev" then '' + pm = ondemand + pm.max_children = 5 + pm.process_idle_timeout = 60 + env[SYMFONY_DEBUG_MODE] = "yes" + '' else '' + pm = dynamic + pm.max_children = 20 + pm.start_servers = 2 + pm.min_spare_servers = 1 + pm.max_spare_servers = 3 + ''}''; + }; + apache = { + user = "wwwrun"; + group = "wwwrun"; + modules = [ "proxy_fcgi" ]; + vhostConf = + assert checkEnv "NIXOPS_${varPrefix}_${envName}_SECRET"; + assert checkEnv "NIXOPS_${varPrefix}_${envName}_PSQL_URL"; + '' + + SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" + + + SetEnv APP_ENV "${environment}" + SetEnv APP_SECRET "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_SECRET"} + SetEnv DATABASE_URL "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_PSQL_URL"} + + ${if environment == "dev" then '' + + Use LDAPConnect + Require ldap-group cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu + ErrorDocument 401 "" + + + + Use LDAPConnect + Require ldap-group cn=dev.aten.pro,cn=httpd,ou=services,dc=immae,dc=eu + ErrorDocument 401 "" + + '' else '' + Use Stats aten.pro + + + Use LDAPConnect + Require ldap-group cn=aten.pro,cn=httpd,ou=services,dc=immae,dc=eu + ErrorDocument 401 "" + + ''} + + + Options Indexes FollowSymLinks MultiViews Includes + AllowOverride All + Require all granted + DirectoryIndex index.php + FallbackResource /index.php + + ''; + }; + activationScript = { + deps = [ "wrappers" ]; + text = '' + install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} + install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions + if [ ! -f "${varDir}/currentWebappDir" -o \ + "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then + pushd ${webappDir} > /dev/null + $wrapperDir/sudo -u wwwrun APP_ENV=${environment} ./bin/console --env=${environment} cache:clear --no-warmup + popd > /dev/null + echo -n "${webappDir}" > ${varDir}/currentWebappDir + fi + ''; + }; + webappDir = stdenv.mkDerivation (fetchedGitPrivate ./aten.json // rec { + # FIXME: can we do better than symlink? + # FIXME: initial sync + # FIXME: backup + # FIXME: usage statistics + buildPhase = '' + export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt + export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt + export APP_ENV="${environment}" + export DATABASE_URL="${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_PSQL_URL"}" + export APP_SECRET="${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_SECRET"}" + + ${if environment == "dev" then '' + composer install + '' else '' + SYMFONY_ENV=prod composer install --no-dev + ''} + yarn install + yarn run encore production + rm -rf var + ln -sf ../../../../../${varDir} var + ''; + installPhase = '' + cp -a . $out + ''; + buildInputs = [ + php git cacert phpPackages.composer yarn + ]; + }); + webRoot = "${webappDir}/public"; + }; +in + aten diff --git a/virtual/modules/websites/aten/default.nix b/virtual/modules/websites/aten/default.nix new file mode 100644 index 0000000..d9db75c --- /dev/null +++ b/virtual/modules/websites/aten/default.nix @@ -0,0 +1,64 @@ +{ lib, pkgs, config, mylibs, ... }: +let + aten = pkgs.callPackage ./aten.nix { inherit (mylibs) checkEnv fetchedGitPrivate; }; + aten_dev = aten { environment = "dev"; }; + aten_prod = aten { environment = "prod"; }; + + cfg = config.services.myWebsites.Aten; +in { + options.services.myWebsites.Aten = { + production = { + enable = lib.mkEnableOption "enable Aten's website in production"; + }; + integration = { + enable = lib.mkEnableOption "enable Aten's website in integration"; + }; + }; + + imports = [ + ../commons/stats.nix + ]; + + config = lib.mkMerge [ + (lib.mkIf cfg.production.enable { + services.myWebsites.commons.stats.enable = true; + services.myWebsites.commons.stats.sites = [ + { + name = "aten.pro"; + conf = ./goaccess.conf; + } + ]; + + security.acme.certs."aten" = config.services.myCertificates.certConfig // { + domain = "aten.pro"; + extraDomains = { + "www.aten.pro" = null; + }; + }; + + services.phpfpm.poolConfigs.aten_prod = aten_prod.phpFpm.pool; + system.activationScripts.aten_prod = aten_prod.activationScript; + services.myWebsites.apacheConfig.aten_prod.modules = aten_prod.apache.modules; + services.myWebsites.production.modules = aten_prod.apache.modules; + services.myWebsites.production.vhostConfs.aten = { + certName = "aten"; + hosts = [ "aten.pro" "www.aten.pro" ]; + root = aten_prod.webRoot; + extraConfig = [ aten_prod.apache.vhostConf ]; + }; + }) + (lib.mkIf cfg.integration.enable { + security.acme.certs."eldiron".extraDomains."dev.aten.pro" = null; + services.phpfpm.poolConfigs.aten_dev = aten_dev.phpFpm.pool; + system.activationScripts.aten_dev = aten_dev.activationScript; + services.myWebsites.integration.modules = aten_dev.apache.modules; + services.myWebsites.integration.vhostConfs.aten = { + certName = "eldiron"; + hosts = [ "dev.aten.pro" ]; + root = aten_dev.webRoot; + extraConfig = [ aten_dev.apache.vhostConf ]; + }; + }) + ]; +} + diff --git a/virtual/modules/websites/aten/goaccess.conf b/virtual/modules/websites/aten/goaccess.conf new file mode 100644 index 0000000..07cce57 --- /dev/null +++ b/virtual/modules/websites/aten/goaccess.conf @@ -0,0 +1,99 @@ +time-format %H:%M:%S +date-format %d/%b/%Y + +#sur immae.eu +#log-format %v %h %^[%d:%t %^] "%r" %s %b "%R" "%u" $^ + +log-format VCOMBINED +#= %v:%^ %h %^[%d:%t %^] "%r" %s %b "%R" "%u" + +html-prefs {"theme":"bright","layout":"vertical"} + +exclude-ip 188.165.209.148 +exclude-ip 178.33.252.96 +exclude-ip 2001:41d0:2:9c94::1 +exclude-ip 2001:41d0:2:9c94:: +exclude-ip 176.9.151.89 +exclude-ip 2a01:4f8:160:3445:: +exclude-ip 82.255.56.72 + +no-query-string true + +keep-db-files true +load-from-disk true +db-path /var/lib/goaccess/aten.pro + +ignore-panel REFERRERS +ignore-panel KEYPHRASES + +static-file .css +static-file .js +static-file .jpg +static-file .png +static-file .gif +static-file .ico +static-file .jpeg +static-file .pdf +static-file .csv +static-file .mpeg +static-file .mpg +static-file .swf +static-file .woff +static-file .woff2 +static-file .xls +static-file .xlsx +static-file .doc +static-file .docx +static-file .ppt +static-file .pptx +static-file .txt +static-file .zip +static-file .ogg +static-file .mp3 +static-file .mp4 +static-file .exe +static-file .iso +static-file .gz +static-file .rar +static-file .svg +static-file .bmp +static-file .tar +static-file .tgz +static-file .tiff +static-file .tif +static-file .ttf +static-file .flv +#static-file .less +#static-file .ac3 +#static-file .avi +#static-file .bz2 +#static-file .class +#static-file .cue +#static-file .dae +#static-file .dat +#static-file .dts +#static-file .ejs +#static-file .eot +#static-file .eps +#static-file .img +#static-file .jar +#static-file .map +#static-file .mid +#static-file .midi +#static-file .ogv +#static-file .webm +#static-file .mkv +#static-file .odp +#static-file .ods +#static-file .odt +#static-file .otf +#static-file .pict +#static-file .pls +#static-file .ps +#static-file .qt +#static-file .rm +#static-file .svgz +#static-file .wav +#static-file .webp + + diff --git a/virtual/modules/websites/chloe.nix b/virtual/modules/websites/chloe.nix deleted file mode 100644 index 3309dd2..0000000 --- a/virtual/modules/websites/chloe.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ lib, pkgs, config, mylibs, ... }: -let - chloe = pkgs.callPackage ../../packages/chloe.nix { inherit (mylibs) checkEnv fetchedGitPrivate; }; - chloe_dev = chloe { environment = "dev"; }; - chloe_prod = chloe { environment = "prod"; }; - - cfg = config.services.myWebsites.Chloe; -in { - options.services.myWebsites.Chloe = { - production = { - enable = lib.mkEnableOption "enable Chloe's website in production"; - }; - integration = { - enable = lib.mkEnableOption "enable Chloe's website in integration"; - }; - }; - - config = lib.mkMerge [ - (lib.mkIf cfg.production.enable { - services.myWebsites.commons.stats.enable = true; - services.myWebsites.commons.stats.sites = [ - { - name = "osteopathe-cc.fr"; - conf = ../../packages/chloe_goaccess.conf; - } - ]; - - security.acme.certs."chloe" = config.services.myCertificates.certConfig // { - domain = "osteopathe-cc.fr"; - extraDomains = { - "www.osteopathe-cc.fr" = null; - }; - }; - - services.phpfpm.poolConfigs.chloe_prod = chloe_prod.phpFpm.pool; - system.activationScripts.chloe_prod = chloe_prod.activationScript; - services.myWebsites.production.modules = chloe_prod.apache.modules; - services.myWebsites.production.vhostConfs.chloe = { - certName = "chloe"; - hosts = ["osteopathe-cc.fr" "www.osteopathe-cc.fr" ]; - root = chloe_prod.webRoot; - extraConfig = [ chloe_prod.apache.vhostConf ]; - }; - }) - (lib.mkIf cfg.integration.enable { - security.acme.certs."eldiron".extraDomains."chloe.immae.eu" = null; - services.phpfpm.poolConfigs.chloe_dev = chloe_dev.phpFpm.pool; - system.activationScripts.chloe_dev = chloe_dev.activationScript; - services.myWebsites.integration.modules = chloe_dev.apache.modules; - services.myWebsites.integration.vhostConfs.chloe = { - certName = "eldiron"; - hosts = ["chloe.immae.eu" ]; - root = chloe_dev.webRoot; - extraConfig = [ chloe_dev.apache.vhostConf ]; - }; - }) - ]; -} diff --git a/virtual/modules/websites/chloe/chloe.json b/virtual/modules/websites/chloe/chloe.json new file mode 100644 index 0000000..686d751 --- /dev/null +++ b/virtual/modules/websites/chloe/chloe.json @@ -0,0 +1,14 @@ +{ + "tag": "96fc4eb-master", + "meta": { + "name": "chloe", + "url": "gitolite@git.immae.eu:perso/Immae/Sites/Chloe", + "branch": "master" + }, + "git": { + "url": "gitolite@git.immae.eu:perso/Immae/Sites/Chloe", + "rev": "96fc4eb0099a29b0f9a58fb4eaec4bf14ac65f0a", + "sha256": "0mf15j6z86j2smm2k360cmm5djhcjbs9949pznwi57kw97vkm1s3", + "fetchSubmodules": true + } +} diff --git a/virtual/modules/websites/chloe/chloe.nix b/virtual/modules/websites/chloe/chloe.nix new file mode 100644 index 0000000..126d8e7 --- /dev/null +++ b/virtual/modules/websites/chloe/chloe.nix @@ -0,0 +1,131 @@ +{ stdenv, lib, checkEnv, fetchzip, fetchurl, fetchedGitPrivate, sassc }: +let + chloe = { environment ? "dev" }: rec { + varPrefix = "CHLOE"; + envName= lib.strings.toUpper environment; + phpFpm = rec { + socket = "/var/run/phpfpm/chloe-${environment}.sock"; + pool = + assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"; + assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"; + assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_DB"; + assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_DN"; + assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_PASSWORD"; + assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH"; + '' + listen = ${socket} + user = ${apache.user} + group = ${apache.group} + listen.owner = ${apache.user} + listen.group = ${apache.group} + php_admin_value[upload_max_filesize] = 20M + php_admin_value[post_max_size] = 20M + ;php_admin_flag[log_errors] = on + php_admin_value[open_basedir] = "${../commons/spip/spip_mes_options.php}:${configDir}:${webRoot}:${varDir}:/tmp" + php_admin_value[session.save_path] = "${varDir}/phpSessions" + env[SPIP_CONFIG_DIR] = "${configDir}" + env[SPIP_VAR_DIR] = "${varDir}" + env[SPIP_SITE] = "chloe-${environment}" + env[SPIP_LDAP_BASE] = "dc=immae,dc=eu" + env[SPIP_LDAP_HOST] = "ldaps://ldap.immae.eu" + env[SPIP_LDAP_SEARCH_DN] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_DN"}" + env[SPIP_LDAP_SEARCH_PW] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_PASSWORD"}" + env[SPIP_LDAP_SEARCH] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH"}" + env[SPIP_MYSQL_HOST] = "db-1.immae.eu" + env[SPIP_MYSQL_DB] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_DB"}" + env[SPIP_MYSQL_USER] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"}" + env[SPIP_MYSQL_PASSWORD] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"}" + ${if environment == "dev" then '' + pm = ondemand + pm.max_children = 5 + pm.process_idle_timeout = 60 + '' else '' + pm = dynamic + pm.max_children = 20 + pm.start_servers = 2 + pm.min_spare_servers = 1 + pm.max_spare_servers = 3 + ''}''; + }; + apache = { + user = "wwwrun"; + group = "wwwrun"; + modules = [ "proxy_fcgi" ]; + vhostConf = '' + RewriteEngine On + ${if environment == "prod" then '' + RewriteRule ^/news.rss /spip.php?page=backend&id_rubrique=1 + '' else ""} + + + SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" + + + + DirectoryIndex index.php index.htm index.html + Options -Indexes +FollowSymLinks +MultiViews +Includes + Include ${webRoot}/htaccess.txt + + AllowOverride AuthConfig FileInfo Limit + Require all granted + + + + Require all denied + + + + Require all denied + + + ${if environment == "dev" then '' + + Use LDAPConnect + Require ldap-group cn=chloe.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu + ErrorDocument 401 "" + + '' else '' + Use Stats osteopathe-cc.fr + ''} + ''; + }; + activationScript = { + deps = [ "wrappers" ]; + text = '' + install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} ${varDir}/IMG ${varDir}/tmp ${varDir}/local + install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions + ''; + }; + configDir = ./chloe_config; + varDir = "/var/lib/chloe_${environment}"; + siteDir = stdenv.mkDerivation (fetchedGitPrivate ./chloe.json // rec { + buildPhase = '' + make + ''; + installPhase = '' + cp -a . $out + ''; + buildInputs = [ sassc ]; + }); + webRoot = stdenv.mkDerivation rec { + name = "chloe-${environment}-spip-${version}"; + version = "3.2"; + src = fetchzip { + url = "http://files.spip.org/spip/stable/spip-${version}.zip"; + sha256 = "0cacpxs9nv61i3hzd3nbmplq4mp22s886llhacp3n4923jd6snx5"; + }; + paches = [ ../commons/spip/spip_ldap_patch.patch ]; + buildPhase = '' + rm -rf IMG local tmp config/remove.txt + ln -sf ${../commons/spip/spip_mes_options.php} config/mes_options.php + echo "Require all denied" > "config/.htaccess" + ln -sf ../../../../../${varDir}/{IMG,local} . + ''; + installPhase = '' + cp -a . $out + cp -a ${siteDir}/* $out + ''; + }; + }; +in + chloe diff --git a/virtual/modules/websites/chloe/chloe_config/chmod.php b/virtual/modules/websites/chloe/chloe_config/chmod.php new file mode 100644 index 0000000..aae16cd --- /dev/null +++ b/virtual/modules/websites/chloe/chloe_config/chmod.php @@ -0,0 +1,4 @@ + \ No newline at end of file diff --git a/virtual/modules/websites/chloe/chloe_config/connect.php b/virtual/modules/websites/chloe/chloe_config/connect.php new file mode 100644 index 0000000..2e4439f --- /dev/null +++ b/virtual/modules/websites/chloe/chloe_config/connect.php @@ -0,0 +1,6 @@ + diff --git a/virtual/modules/websites/chloe/chloe_config/ldap.php b/virtual/modules/websites/chloe/chloe_config/ldap.php new file mode 100644 index 0000000..825b7ed --- /dev/null +++ b/virtual/modules/websites/chloe/chloe_config/ldap.php @@ -0,0 +1,9 @@ + array('sAMAccountName','uid','login','userid','cn','sn'),'nom' => 'cn','email' => 'mail','bio' => 'description',); +$GLOBALS['ldap_search'] = getenv("SPIP_LDAP_SEARCH"); +?> diff --git a/virtual/modules/websites/chloe/default.nix b/virtual/modules/websites/chloe/default.nix new file mode 100644 index 0000000..72a9b6f --- /dev/null +++ b/virtual/modules/websites/chloe/default.nix @@ -0,0 +1,62 @@ +{ lib, pkgs, config, mylibs, ... }: +let + chloe = pkgs.callPackage ./chloe.nix { inherit (mylibs) checkEnv fetchedGitPrivate; }; + chloe_dev = chloe { environment = "dev"; }; + chloe_prod = chloe { environment = "prod"; }; + + cfg = config.services.myWebsites.Chloe; +in { + options.services.myWebsites.Chloe = { + production = { + enable = lib.mkEnableOption "enable Chloe's website in production"; + }; + integration = { + enable = lib.mkEnableOption "enable Chloe's website in integration"; + }; + }; + + imports = [ + ../commons/stats.nix + ]; + + config = lib.mkMerge [ + (lib.mkIf cfg.production.enable { + services.myWebsites.commons.stats.enable = true; + services.myWebsites.commons.stats.sites = [ + { + name = "osteopathe-cc.fr"; + conf = ./goaccess.conf; + } + ]; + + security.acme.certs."chloe" = config.services.myCertificates.certConfig // { + domain = "osteopathe-cc.fr"; + extraDomains = { + "www.osteopathe-cc.fr" = null; + }; + }; + + services.phpfpm.poolConfigs.chloe_prod = chloe_prod.phpFpm.pool; + system.activationScripts.chloe_prod = chloe_prod.activationScript; + services.myWebsites.production.modules = chloe_prod.apache.modules; + services.myWebsites.production.vhostConfs.chloe = { + certName = "chloe"; + hosts = ["osteopathe-cc.fr" "www.osteopathe-cc.fr" ]; + root = chloe_prod.webRoot; + extraConfig = [ chloe_prod.apache.vhostConf ]; + }; + }) + (lib.mkIf cfg.integration.enable { + security.acme.certs."eldiron".extraDomains."chloe.immae.eu" = null; + services.phpfpm.poolConfigs.chloe_dev = chloe_dev.phpFpm.pool; + system.activationScripts.chloe_dev = chloe_dev.activationScript; + services.myWebsites.integration.modules = chloe_dev.apache.modules; + services.myWebsites.integration.vhostConfs.chloe = { + certName = "eldiron"; + hosts = ["chloe.immae.eu" ]; + root = chloe_dev.webRoot; + extraConfig = [ chloe_dev.apache.vhostConf ]; + }; + }) + ]; +} diff --git a/virtual/modules/websites/chloe/goaccess.conf b/virtual/modules/websites/chloe/goaccess.conf new file mode 100644 index 0000000..89cff6d --- /dev/null +++ b/virtual/modules/websites/chloe/goaccess.conf @@ -0,0 +1,99 @@ +time-format %H:%M:%S +date-format %d/%b/%Y + +#sur immae.eu +#log-format %v %h %^[%d:%t %^] "%r" %s %b "%R" "%u" $^ + +log-format VCOMBINED +#= %v:%^ %h %^[%d:%t %^] "%r" %s %b "%R" "%u" + +html-prefs {"theme":"bright","layout":"vertical"} + +exclude-ip 188.165.209.148 +exclude-ip 178.33.252.96 +exclude-ip 2001:41d0:2:9c94::1 +exclude-ip 2001:41d0:2:9c94:: +exclude-ip 176.9.151.89 +exclude-ip 2a01:4f8:160:3445:: +exclude-ip 82.255.56.72 + +no-query-string true + +keep-db-files true +load-from-disk true +db-path /var/lib/goaccess/osteopathe-cc.fr + +ignore-panel REFERRERS +ignore-panel KEYPHRASES + +static-file .css +static-file .js +static-file .jpg +static-file .png +static-file .gif +static-file .ico +static-file .jpeg +static-file .pdf +static-file .csv +static-file .mpeg +static-file .mpg +static-file .swf +static-file .woff +static-file .woff2 +static-file .xls +static-file .xlsx +static-file .doc +static-file .docx +static-file .ppt +static-file .pptx +static-file .txt +static-file .zip +static-file .ogg +static-file .mp3 +static-file .mp4 +static-file .exe +static-file .iso +static-file .gz +static-file .rar +static-file .svg +static-file .bmp +static-file .tar +static-file .tgz +static-file .tiff +static-file .tif +static-file .ttf +static-file .flv +#static-file .less +#static-file .ac3 +#static-file .avi +#static-file .bz2 +#static-file .class +#static-file .cue +#static-file .dae +#static-file .dat +#static-file .dts +#static-file .ejs +#static-file .eot +#static-file .eps +#static-file .img +#static-file .jar +#static-file .map +#static-file .mid +#static-file .midi +#static-file .ogv +#static-file .webm +#static-file .mkv +#static-file .odp +#static-file .ods +#static-file .odt +#static-file .otf +#static-file .pict +#static-file .pls +#static-file .ps +#static-file .qt +#static-file .rm +#static-file .svgz +#static-file .wav +#static-file .webp + + diff --git a/virtual/modules/websites/commons/spip/spip_ldap_patch.patch b/virtual/modules/websites/commons/spip/spip_ldap_patch.patch new file mode 100644 index 0000000..653c909 --- /dev/null +++ b/virtual/modules/websites/commons/spip/spip_ldap_patch.patch @@ -0,0 +1,60 @@ +--- old/ecrire/auth/ldap.php 2017-06-08 21:58:17.000000000 +0200 ++++ new/ecrire/auth/ldap.php 2017-06-10 02:54:02.687954143 +0200 +@@ -171,24 +171,41 @@ + $desc = isset($ldap['attributes']) && $ldap['attributes'] ? $ldap['attributes'] : $GLOBALS['ldap_attributes'] ; + + $logins = is_array($desc['login']) ? $desc['login'] : array($desc['login']); ++ if (isset($GLOBALS['ldap_search'])) { ++ $search_query = str_replace("%user%", $login_search, $GLOBALS['ldap_search']); ++ $result = @ldap_search($ldap_link, $ldap_base, $search_query, array("dn")); ++ $info = @ldap_get_entries($ldap_link, $result); ++ // Ne pas accepter les resultats si plus d'une entree ++ // (on veut un attribut unique) + +- // Tenter une recherche pour essayer de retrouver le DN +- foreach ($logins as $att) { +- $result = @ldap_search($ldap_link, $ldap_base, "$att=$login_search", array("dn")); +- $info = @ldap_get_entries($ldap_link, $result); +- // Ne pas accepter les resultats si plus d'une entree +- // (on veut un attribut unique) ++ if (is_array($info) and $info['count'] == 1) { ++ $dn = $info[0]['dn']; ++ if (!$checkpass) { ++ return $dn; ++ } ++ if (@ldap_bind($ldap_link, $dn, $pass)) { ++ return $dn; ++ } ++ } ++ } else { ++ // Tenter une recherche pour essayer de retrouver le DN ++ foreach ($logins as $att) { ++ $result = @ldap_search($ldap_link, $ldap_base, "$att=$login_search", array("dn")); ++ $info = @ldap_get_entries($ldap_link, $result); ++ // Ne pas accepter les resultats si plus d'une entree ++ // (on veut un attribut unique) + +- if (is_array($info) and $info['count'] == 1) { +- $dn = $info[0]['dn']; +- if (!$checkpass) { +- return $dn; +- } +- if (@ldap_bind($ldap_link, $dn, $pass)) { +- return $dn; +- } +- } +- } ++ if (is_array($info) and $info['count'] == 1) { ++ $dn = $info[0]['dn']; ++ if (!$checkpass) { ++ return $dn; ++ } ++ if (@ldap_bind($ldap_link, $dn, $pass)) { ++ return $dn; ++ } ++ } ++ } ++ } + + if ($checkpass and !isset($dn)) { + // Si echec, essayer de deviner le DN diff --git a/virtual/modules/websites/commons/spip/spip_mes_options.php b/virtual/modules/websites/commons/spip/spip_mes_options.php new file mode 100644 index 0000000..8db8389 --- /dev/null +++ b/virtual/modules/websites/commons/spip/spip_mes_options.php @@ -0,0 +1,18 @@ + diff --git a/virtual/modules/websites/connexionswing.nix b/virtual/modules/websites/connexionswing.nix deleted file mode 100644 index 9fc0cec..0000000 --- a/virtual/modules/websites/connexionswing.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ lib, pkgs, config, mylibs, ... }: -let - connexionswing = pkgs.callPackage ../../packages/connexionswing.nix { inherit (mylibs) checkEnv fetchedGitPrivate; }; - connexionswing_dev = connexionswing { environment = "dev"; }; - connexionswing_prod = connexionswing { environment = "prod"; }; - - cfg = config.services.myWebsites.Connexionswing; -in { - options.services.myWebsites.Connexionswing = { - production = { - enable = lib.mkEnableOption "enable Connexionswing's website in production"; - }; - integration = { - enable = lib.mkEnableOption "enable Connexionswing's website in integration"; - }; - }; - - config = lib.mkMerge [ - (lib.mkIf cfg.production.enable { - services.myWebsites.commons.stats.enable = true; - services.myWebsites.commons.stats.sites = [ - { - name = "connexionswing.com"; - conf = ../../packages/connexionswing_goaccess.conf; - } - ]; - - security.acme.certs."connexionswing" = config.services.myCertificates.certConfig // { - domain = "connexionswing.com"; - extraDomains = { - "www.connexionswing.com" = null; - "sandetludo.com" = null; - "www.sandetludo.com" = null; - }; - }; - - services.phpfpm.poolConfigs.connexionswing_prod = connexionswing_prod.phpFpm.pool; - system.activationScripts.connexionswing_prod = connexionswing_prod.activationScript; - services.myWebsites.production.modules = connexionswing_prod.apache.modules; - services.myWebsites.production.vhostConfs.connexionswing = { - certName = "connexionswing"; - hosts = ["connexionswing.com" "sandetludo.com" "www.connexionswing.com" "www.sandetludo.com" ]; - root = connexionswing_prod.webRoot; - extraConfig = [ connexionswing_prod.apache.vhostConf ]; - }; - }) - (lib.mkIf cfg.integration.enable { - security.acme.certs."eldiron".extraDomains."sandetludo.immae.eu" = null; - security.acme.certs."eldiron".extraDomains."connexionswing.immae.eu" = null; - services.phpfpm.poolConfigs.connexionswing_dev = connexionswing_dev.phpFpm.pool; - system.activationScripts.connexionswing_dev = connexionswing_dev.activationScript; - services.myWebsites.integration.modules = connexionswing_dev.apache.modules; - services.myWebsites.integration.vhostConfs.connexionswing = { - certName = "eldiron"; - hosts = ["connexionswing.immae.eu" "sandetludo.immae.eu" ]; - root = connexionswing_dev.webRoot; - extraConfig = [ connexionswing_dev.apache.vhostConf ]; - }; - }) - ]; -} - diff --git a/virtual/modules/websites/connexionswing/connexionswing.json b/virtual/modules/websites/connexionswing/connexionswing.json new file mode 100644 index 0000000..146c5f6 --- /dev/null +++ b/virtual/modules/websites/connexionswing/connexionswing.json @@ -0,0 +1,14 @@ +{ + "tag": "0330478-master", + "meta": { + "name": "connexionswing", + "url": "gitolite@git.immae.eu:perso/Immae/Projets/Connexionswing", + "branch": "master" + }, + "git": { + "url": "gitolite@git.immae.eu:perso/Immae/Projets/Connexionswing", + "rev": "0330478cd256e6e36f525d3d0a247bad06de319f", + "sha256": "1sh97965winvbmpzqhjidhqry9840fa701wvr4vxywccyg4dyr17", + "fetchSubmodules": true + } +} diff --git a/virtual/modules/websites/connexionswing/connexionswing.nix b/virtual/modules/websites/connexionswing/connexionswing.nix new file mode 100644 index 0000000..90cca73 --- /dev/null +++ b/virtual/modules/websites/connexionswing/connexionswing.nix @@ -0,0 +1,181 @@ +{ lib, checkEnv, writeText, fetchedGitPrivate, stdenv, php, git, cacert }: +let + connexionswing = { environment ? "dev" }: rec { + varDir = "/var/lib/connexionswing_${environment}"; + envName= lib.strings.toUpper environment; + configRoot = + # FIXME: spool emails in prod for when immae.eu is down? + assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_PASSWORD"; + assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_USER"; + assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_NAME"; + assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_SECRET"; + assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_EMAIL"; + writeText "parameters.yml" '' + # This file is auto-generated during the composer install + parameters: + database_host: db-1.immae.eu + database_port: null + database_name: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_NAME"} + database_user: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_USER"} + database_password: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_PASSWORD"} + mailer_transport: smtp + mailer_host: mail.immae.eu + mailer_user: null + mailer_password: null + subscription_email: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_EMAIL"} + allow_robots: true + secret: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_SECRET"} + ''; + phpFpm = rec { + socket = "/var/run/phpfpm/connexionswing-${environment}.sock"; + pool = '' + listen = ${socket} + user = ${apache.user} + group = ${apache.group} + listen.owner = ${apache.user} + listen.group = ${apache.group} + php_admin_value[upload_max_filesize] = 20M + php_admin_value[post_max_size] = 20M + ;php_admin_flag[log_errors] = on + php_admin_value[open_basedir] = "${configRoot}:${webappDir}:${varDir}:/tmp" + php_admin_value[session.save_path] = "${varDir}/phpSessions" + ${if environment == "dev" then '' + pm = ondemand + pm.max_children = 5 + pm.process_idle_timeout = 60 + env[SYMFONY_DEBUG_MODE] = "yes" + '' else '' + pm = dynamic + pm.max_children = 20 + pm.start_servers = 2 + pm.min_spare_servers = 1 + pm.max_spare_servers = 3 + ''}''; + }; + apache = { + user = "wwwrun"; + group = "wwwrun"; + modules = [ "proxy_fcgi" ]; + vhostConf = '' + + SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" + + + + Options FollowSymLinks + AllowOverride None + Require all granted + + + + Options FollowSymLinks + AllowOverride None + Require all granted + + + ${if environment == "dev" then '' + + Use LDAPConnect + Require ldap-group cn=connexionswing.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu + ErrorDocument 401 "" + + + + Options Indexes FollowSymLinks MultiViews Includes + AllowOverride None + Require all granted + + DirectoryIndex app_dev.php + + + Options -MultiViews + + + + RewriteEngine On + + RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$ + RewriteRule ^(.*) - [E=BASE:%1] + + # Maintenance script + RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f + RewriteCond %{SCRIPT_FILENAME} !maintenance.php + RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L] + ErrorDocument 503 /maintenance.php + + # Sets the HTTP_AUTHORIZATION header removed by Apache + RewriteCond %{HTTP:Authorization} . + RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] + + RewriteCond %{ENV:REDIRECT_STATUS} ^$ + RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L] + + # If the requested filename exists, simply serve it. + # We only want to let Apache serve files and not directories. + RewriteCond %{REQUEST_FILENAME} -f + RewriteRule ^ - [L] + + # Rewrite all other queries to the front controller. + RewriteRule ^ %{ENV:BASE}/app_dev.php [L] + + + + '' else '' + Use Stats connexionswing.com + + + Options Indexes FollowSymLinks MultiViews Includes + AllowOverride All + Require all granted + + ''} + ''; + }; + activationScript = { + deps = [ "wrappers" ]; + text = '' + install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ + ${varDir}/medias \ + ${varDir}/uploads \ + ${varDir}/var + install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions + if [ ! -f "${varDir}/currentWebappDir" -o \ + "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then + pushd ${webappDir} > /dev/null + $wrapperDir/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup + popd > /dev/null + echo -n "${webappDir}" > ${varDir}/currentWebappDir + fi + ''; + }; + webappDir = stdenv.mkDerivation (fetchedGitPrivate ./connexionswing.json // rec { + # FIXME: can we do better than symlink? + # FIXME: imagick optional + # FIXME: initial sync + # FIXME: backup + # FIXME: replace with pkgs.phpPackages.composer + buildPhase = '' + export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt + export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt + + ln -sf ../../../../../${varDir}/{medias,uploads} web/images/ + ln -sf ${configRoot} app/config/parameters.yml + sed -i -e "/Incenteev..ParameterHandler..ScriptHandler::buildParameters/d" composer.json + ${if environment == "dev" then "php bin/composer install" else '' + SYMFONY_ENV=prod php bin/composer install --no-dev + ./bin/console assetic:dump --env=prod --no-debug + ''} + rm -rf var + ln -sf ../../../../../${varDir}/var var + ''; + installPhase = '' + cp -a . $out + ''; + buildInputs = [ + php git cacert + ]; + }); + webRoot = "${webappDir}/web"; + }; +in + connexionswing diff --git a/virtual/modules/websites/connexionswing/default.nix b/virtual/modules/websites/connexionswing/default.nix new file mode 100644 index 0000000..636b16e --- /dev/null +++ b/virtual/modules/websites/connexionswing/default.nix @@ -0,0 +1,66 @@ +{ lib, pkgs, config, mylibs, ... }: +let + connexionswing = pkgs.callPackage ./connexionswing.nix { inherit (mylibs) checkEnv fetchedGitPrivate; }; + connexionswing_dev = connexionswing { environment = "dev"; }; + connexionswing_prod = connexionswing { environment = "prod"; }; + + cfg = config.services.myWebsites.Connexionswing; +in { + options.services.myWebsites.Connexionswing = { + production = { + enable = lib.mkEnableOption "enable Connexionswing's website in production"; + }; + integration = { + enable = lib.mkEnableOption "enable Connexionswing's website in integration"; + }; + }; + + imports = [ + ../commons/stats.nix + ]; + + config = lib.mkMerge [ + (lib.mkIf cfg.production.enable { + services.myWebsites.commons.stats.enable = true; + services.myWebsites.commons.stats.sites = [ + { + name = "connexionswing.com"; + conf = ./goaccess.conf; + } + ]; + + security.acme.certs."connexionswing" = config.services.myCertificates.certConfig // { + domain = "connexionswing.com"; + extraDomains = { + "www.connexionswing.com" = null; + "sandetludo.com" = null; + "www.sandetludo.com" = null; + }; + }; + + services.phpfpm.poolConfigs.connexionswing_prod = connexionswing_prod.phpFpm.pool; + system.activationScripts.connexionswing_prod = connexionswing_prod.activationScript; + services.myWebsites.production.modules = connexionswing_prod.apache.modules; + services.myWebsites.production.vhostConfs.connexionswing = { + certName = "connexionswing"; + hosts = ["connexionswing.com" "sandetludo.com" "www.connexionswing.com" "www.sandetludo.com" ]; + root = connexionswing_prod.webRoot; + extraConfig = [ connexionswing_prod.apache.vhostConf ]; + }; + }) + (lib.mkIf cfg.integration.enable { + security.acme.certs."eldiron".extraDomains."sandetludo.immae.eu" = null; + security.acme.certs."eldiron".extraDomains."connexionswing.immae.eu" = null; + services.phpfpm.poolConfigs.connexionswing_dev = connexionswing_dev.phpFpm.pool; + system.activationScripts.connexionswing_dev = connexionswing_dev.activationScript; + services.myWebsites.integration.modules = connexionswing_dev.apache.modules; + services.myWebsites.integration.vhostConfs.connexionswing = { + certName = "eldiron"; + hosts = ["connexionswing.immae.eu" "sandetludo.immae.eu" ]; + root = connexionswing_dev.webRoot; + extraConfig = [ connexionswing_dev.apache.vhostConf ]; + }; + }) + ]; +} + diff --git a/virtual/modules/websites/connexionswing/goaccess.conf b/virtual/modules/websites/connexionswing/goaccess.conf new file mode 100644 index 0000000..05ad083 --- /dev/null +++ b/virtual/modules/websites/connexionswing/goaccess.conf @@ -0,0 +1,99 @@ +time-format %H:%M:%S +date-format %d/%b/%Y + +#sur immae.eu +#log-format %v %h %^[%d:%t %^] "%r" %s %b "%R" "%u" $^ + +log-format VCOMBINED +#= %v:%^ %h %^[%d:%t %^] "%r" %s %b "%R" "%u" + +html-prefs {"theme":"bright","layout":"vertical"} + +exclude-ip 188.165.209.148 +exclude-ip 178.33.252.96 +exclude-ip 2001:41d0:2:9c94::1 +exclude-ip 2001:41d0:2:9c94:: +exclude-ip 176.9.151.89 +exclude-ip 2a01:4f8:160:3445:: +exclude-ip 82.255.56.72 + +no-query-string true + +keep-db-files true +load-from-disk true +db-path /var/lib/goaccess/connexionswing.com + +ignore-panel REFERRERS +ignore-panel KEYPHRASES + +static-file .css +static-file .js +static-file .jpg +static-file .png +static-file .gif +static-file .ico +static-file .jpeg +static-file .pdf +static-file .csv +static-file .mpeg +static-file .mpg +static-file .swf +static-file .woff +static-file .woff2 +static-file .xls +static-file .xlsx +static-file .doc +static-file .docx +static-file .ppt +static-file .pptx +static-file .txt +static-file .zip +static-file .ogg +static-file .mp3 +static-file .mp4 +static-file .exe +static-file .iso +static-file .gz +static-file .rar +static-file .svg +static-file .bmp +static-file .tar +static-file .tgz +static-file .tiff +static-file .tif +static-file .ttf +static-file .flv +#static-file .less +#static-file .ac3 +#static-file .avi +#static-file .bz2 +#static-file .class +#static-file .cue +#static-file .dae +#static-file .dat +#static-file .dts +#static-file .ejs +#static-file .eot +#static-file .eps +#static-file .img +#static-file .jar +#static-file .map +#static-file .mid +#static-file .midi +#static-file .ogv +#static-file .webm +#static-file .mkv +#static-file .odp +#static-file .ods +#static-file .odt +#static-file .otf +#static-file .pict +#static-file .pls +#static-file .ps +#static-file .qt +#static-file .rm +#static-file .svgz +#static-file .wav +#static-file .webp + + diff --git a/virtual/modules/websites/ludivine.nix b/virtual/modules/websites/ludivine.nix deleted file mode 100644 index b3c1c51..0000000 --- a/virtual/modules/websites/ludivine.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ lib, pkgs, config, mylibs, ... }: -let - ludivinecassal = pkgs.callPackage ../../packages/ludivinecassal.nix { inherit (mylibs) checkEnv fetchedGitPrivate; }; - ludivinecassal_dev = ludivinecassal { environment = "dev"; }; - ludivinecassal_prod = ludivinecassal { environment = "prod"; }; - - cfg = config.services.myWebsites.Ludivine; -in { - options.services.myWebsites.Ludivine = { - production = { - enable = lib.mkEnableOption "enable Ludivine's website in production"; - }; - integration = { - enable = lib.mkEnableOption "enable Ludivine's website in integration"; - }; - }; - - config = lib.mkMerge [ - (lib.mkIf cfg.production.enable { - services.myWebsites.commons.stats.enable = true; - services.myWebsites.commons.stats.sites = [ - { - name = "ludivinecassal.com"; - conf = ../../packages/ludivinecassal_goaccess.conf; - } - ]; - - security.acme.certs."ludivinecassal" = config.services.myCertificates.certConfig // { - domain = "ludivinecassal.com"; - extraDomains = { - "www.ludivinecassal.com" = null; - }; - }; - - services.phpfpm.poolConfigs.ludivinecassal_prod = ludivinecassal_prod.phpFpm.pool; - system.activationScripts.ludivinecassal_prod = ludivinecassal_prod.activationScript; - services.myWebsites.production.modules = ludivinecassal_prod.apache.modules; - services.myWebsites.production.vhostConfs.ludivine = { - certName = "ludivinecassal"; - hosts = ["ludivinecassal.com" "www.ludivinecassal.com" ]; - root = ludivinecassal_prod.webRoot; - extraConfig = [ ludivinecassal_prod.apache.vhostConf ]; - }; - }) - (lib.mkIf cfg.integration.enable { - security.acme.certs."eldiron".extraDomains."ludivine.immae.eu" = null; - - services.phpfpm.poolConfigs.ludivinecassal_dev = ludivinecassal_dev.phpFpm.pool; - system.activationScripts.ludivinecassal_dev = ludivinecassal_dev.activationScript; - services.myWebsites.apacheConfig.ludivinecassal_dev.modules = ludivinecassal_dev.apache.modules; - services.myWebsites.integration.modules = ludivinecassal_dev.apache.modules; - services.myWebsites.integration.vhostConfs.ludivine = { - certName = "eldiron"; - hosts = [ "ludivine.immae.eu" ]; - root = ludivinecassal_dev.webRoot; - extraConfig = [ ludivinecassal_dev.apache.vhostConf ]; - }; - }) - ]; -} diff --git a/virtual/modules/websites/ludivine/default.nix b/virtual/modules/websites/ludivine/default.nix new file mode 100644 index 0000000..ed719ba --- /dev/null +++ b/virtual/modules/websites/ludivine/default.nix @@ -0,0 +1,60 @@ +{ lib, pkgs, config, mylibs, ... }: +let + ludivinecassal = pkgs.callPackage ./ludivinecassal.nix { inherit (mylibs) checkEnv fetchedGitPrivate; }; + ludivinecassal_dev = ludivinecassal { environment = "dev"; }; + ludivinecassal_prod = ludivinecassal { environment = "prod"; }; + + cfg = config.services.myWebsites.Ludivine; +in { + options.services.myWebsites.Ludivine = { + production = { + enable = lib.mkEnableOption "enable Ludivine's website in production"; + }; + integration = { + enable = lib.mkEnableOption "enable Ludivine's website in integration"; + }; + }; + + config = lib.mkMerge [ + (lib.mkIf cfg.production.enable { + services.myWebsites.commons.stats.enable = true; + services.myWebsites.commons.stats.sites = [ + { + name = "ludivinecassal.com"; + conf = ./goaccess.conf; + } + ]; + + security.acme.certs."ludivinecassal" = config.services.myCertificates.certConfig // { + domain = "ludivinecassal.com"; + extraDomains = { + "www.ludivinecassal.com" = null; + }; + }; + + services.phpfpm.poolConfigs.ludivinecassal_prod = ludivinecassal_prod.phpFpm.pool; + system.activationScripts.ludivinecassal_prod = ludivinecassal_prod.activationScript; + services.myWebsites.production.modules = ludivinecassal_prod.apache.modules; + services.myWebsites.production.vhostConfs.ludivine = { + certName = "ludivinecassal"; + hosts = ["ludivinecassal.com" "www.ludivinecassal.com" ]; + root = ludivinecassal_prod.webRoot; + extraConfig = [ ludivinecassal_prod.apache.vhostConf ]; + }; + }) + (lib.mkIf cfg.integration.enable { + security.acme.certs."eldiron".extraDomains."ludivine.immae.eu" = null; + + services.phpfpm.poolConfigs.ludivinecassal_dev = ludivinecassal_dev.phpFpm.pool; + system.activationScripts.ludivinecassal_dev = ludivinecassal_dev.activationScript; + services.myWebsites.apacheConfig.ludivinecassal_dev.modules = ludivinecassal_dev.apache.modules; + services.myWebsites.integration.modules = ludivinecassal_dev.apache.modules; + services.myWebsites.integration.vhostConfs.ludivine = { + certName = "eldiron"; + hosts = [ "ludivine.immae.eu" ]; + root = ludivinecassal_dev.webRoot; + extraConfig = [ ludivinecassal_dev.apache.vhostConf ]; + }; + }) + ]; +} diff --git a/virtual/modules/websites/ludivine/goaccess.conf b/virtual/modules/websites/ludivine/goaccess.conf new file mode 100644 index 0000000..25e5f63 --- /dev/null +++ b/virtual/modules/websites/ludivine/goaccess.conf @@ -0,0 +1,99 @@ +time-format %H:%M:%S +date-format %d/%b/%Y + +#sur immae.eu +#log-format %v %h %^[%d:%t %^] "%r" %s %b "%R" "%u" $^ + +log-format VCOMBINED +#= %v:%^ %h %^[%d:%t %^] "%r" %s %b "%R" "%u" + +html-prefs {"theme":"bright","layout":"vertical"} + +exclude-ip 188.165.209.148 +exclude-ip 178.33.252.96 +exclude-ip 2001:41d0:2:9c94::1 +exclude-ip 2001:41d0:2:9c94:: +exclude-ip 176.9.151.89 +exclude-ip 2a01:4f8:160:3445:: +exclude-ip 82.255.56.72 + +no-query-string true + +keep-db-files true +load-from-disk true +db-path /var/lib/goaccess/ludivinecassal.com + +ignore-panel REFERRERS +ignore-panel KEYPHRASES + +static-file .css +static-file .js +static-file .jpg +static-file .png +static-file .gif +static-file .ico +static-file .jpeg +static-file .pdf +static-file .csv +static-file .mpeg +static-file .mpg +static-file .swf +static-file .woff +static-file .woff2 +static-file .xls +static-file .xlsx +static-file .doc +static-file .docx +static-file .ppt +static-file .pptx +static-file .txt +static-file .zip +static-file .ogg +static-file .mp3 +static-file .mp4 +static-file .exe +static-file .iso +static-file .gz +static-file .rar +static-file .svg +static-file .bmp +static-file .tar +static-file .tgz +static-file .tiff +static-file .tif +static-file .ttf +static-file .flv +#static-file .less +#static-file .ac3 +#static-file .avi +#static-file .bz2 +#static-file .class +#static-file .cue +#static-file .dae +#static-file .dat +#static-file .dts +#static-file .ejs +#static-file .eot +#static-file .eps +#static-file .img +#static-file .jar +#static-file .map +#static-file .mid +#static-file .midi +#static-file .ogv +#static-file .webm +#static-file .mkv +#static-file .odp +#static-file .ods +#static-file .odt +#static-file .otf +#static-file .pict +#static-file .pls +#static-file .ps +#static-file .qt +#static-file .rm +#static-file .svgz +#static-file .wav +#static-file .webp + + diff --git a/virtual/modules/websites/ludivine/ludivinecassal.json b/virtual/modules/websites/ludivine/ludivinecassal.json new file mode 100644 index 0000000..89667c0 --- /dev/null +++ b/virtual/modules/websites/ludivine/ludivinecassal.json @@ -0,0 +1,14 @@ +{ + "tag": "4327b82-master", + "meta": { + "name": "ludivinecassal", + "url": "gitolite@git.immae.eu:perso/Immae/Sites/Ludivine", + "branch": "master" + }, + "git": { + "url": "gitolite@git.immae.eu:perso/Immae/Sites/Ludivine", + "rev": "4327b82ec00cc514bfce5aa7155bcdbcc871c065", + "sha256": "1c5hnzvyvj45j61v2v5mh1l405ih74f58isr9dq21428kcfc2gyd", + "fetchSubmodules": true + } +} diff --git a/virtual/modules/websites/ludivine/ludivinecassal.nix b/virtual/modules/websites/ludivine/ludivinecassal.nix new file mode 100644 index 0000000..ac63735 --- /dev/null +++ b/virtual/modules/websites/ludivine/ludivinecassal.nix @@ -0,0 +1,181 @@ +{ lib, checkEnv, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages, ruby, sass, imagemagick }: +let + ludivinecassal = { environment ? "dev" }: rec { + varPrefix = "LUDIVINECASSAL"; + varDir = "/var/lib/ludivinecassal_${environment}"; + envName= lib.strings.toUpper environment; + configRoot = + assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"; + assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"; + assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME"; + assert checkEnv "NIXOPS_${varPrefix}_${envName}_SECRET"; + assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_PASSWORD"; + assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH_DN"; + assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH_FILTER"; + writeText "parameters.yml" '' + # This file is auto-generated during the composer install + parameters: + database_host: db-1.immae.eu + database_port: null + database_name: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME"} + database_user: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"} + database_password: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"} + mailer_transport: smtp + mailer_host: mail.immae.eu + mailer_user: null + mailer_password: null + secret: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_SECRET"} + ldap_host: ldap.immae.eu + ldap_port: 636 + ldap_version: 3 + ldap_ssl: true + ldap_tls: false + ldap_user_bind: 'uid={username},ou=users,dc=immae,dc=eu' + ldap_base_dn: 'dc=immae,dc=eu' + ldap_search_dn: '${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH_DN"}' + ldap_search_password: '${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_PASSWORD"}' + ldap_search_filter: '${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH_FILTER"}' + leapt_im: + binary_path: ${imagemagick}/bin + assetic: + sass: ${sass}/bin/sass + ruby: ${ruby}/bin/ruby + ''; + phpFpm = rec { + socket = "/var/run/phpfpm/ludivinecassal-${environment}.sock"; + pool = '' + listen = ${socket} + user = ${apache.user} + group = ${apache.group} + listen.owner = ${apache.user} + listen.group = ${apache.group} + php_admin_value[upload_max_filesize] = 20M + php_admin_value[post_max_size] = 20M + ;php_admin_flag[log_errors] = on + php_admin_value[open_basedir] = "${configRoot}:${webappDir}:${varDir}:/tmp" + php_admin_value[session.save_path] = "${varDir}/phpSessions" + ${if environment == "dev" then '' + pm = ondemand + pm.max_children = 5 + pm.process_idle_timeout = 60 + env[SYMFONY_DEBUG_MODE] = "yes" + '' else '' + pm = dynamic + pm.max_children = 20 + pm.start_servers = 2 + pm.min_spare_servers = 1 + pm.max_spare_servers = 3 + ''}''; + }; + apache = { + user = "wwwrun"; + group = "wwwrun"; + modules = [ "proxy_fcgi" ]; + vhostConf = '' + + SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" + + + ${if environment == "dev" then '' + + Use LDAPConnect + Require ldap-group cn=ludivine.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu + ErrorDocument 401 "" + + + + Options Indexes FollowSymLinks MultiViews Includes + AllowOverride None + Require all granted + + DirectoryIndex app_dev.php + + + Options -MultiViews + + + + RewriteEngine On + + RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$ + RewriteRule ^(.*) - [E=BASE:%1] + + # Maintenance script + RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f + RewriteCond %{SCRIPT_FILENAME} !maintenance.php + RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L] + ErrorDocument 503 /maintenance.php + + # Sets the HTTP_AUTHORIZATION header removed by Apache + RewriteCond %{HTTP:Authorization} . + RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] + + RewriteCond %{ENV:REDIRECT_STATUS} ^$ + RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L] + + # If the requested filename exists, simply serve it. + # We only want to let Apache serve files and not directories. + RewriteCond %{REQUEST_FILENAME} -f + RewriteRule ^ - [L] + + # Rewrite all other queries to the front controller. + RewriteRule ^ %{ENV:BASE}/app_dev.php [L] + + + + '' else '' + Use Stats ludivinecassal.com + + + Options Indexes FollowSymLinks MultiViews Includes + AllowOverride All + Require all granted + + ''} + ''; + }; + activationScript = { + deps = [ "wrappers" ]; + text = '' + install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} + install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions + if [ ! -f "${varDir}/currentWebappDir" -o \ + "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then + pushd ${webappDir} > /dev/null + $wrapperDir/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup + popd > /dev/null + echo -n "${webappDir}" > ${varDir}/currentWebappDir + fi + ''; + }; + webappDir = stdenv.mkDerivation (fetchedGitPrivate ./ludivinecassal.json // rec { + # FIXME: can we do better than symlink? + # FIXME: initial sync + # FIXME: backup + # FIXME: miniatures and data need to be in the same dir due to a + # bug in leapt.im (searches for data/../miniatures) + buildPhase = '' + export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt + export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt + + ln -sf ${configRoot} app/config/parameters.yml + sed -i -e "/Incenteev..ParameterHandler..ScriptHandler::buildParameters/d" composer.json + ${if environment == "dev" then '' + composer install + '' else '' + SYMFONY_ENV=prod composer install --no-dev + ''} + rm -rf var + ln -sf ../../../../../${varDir} var + ''; + installPhase = '' + cp -a . $out + ''; + buildInputs = [ + php git cacert phpPackages.composer sass + ]; + }); + webRoot = "${webappDir}/web"; + }; +in + ludivinecassal diff --git a/virtual/modules/websites/piedsjaloux.nix b/virtual/modules/websites/piedsjaloux.nix deleted file mode 100644 index 451ae52..0000000 --- a/virtual/modules/websites/piedsjaloux.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ lib, pkgs, config, mylibs, ... }: -let - piedsjaloux = pkgs.callPackage ../../packages/piedsjaloux.nix { inherit (mylibs) checkEnv fetchedGitPrivate; }; - piedsjaloux_dev = piedsjaloux { environment = "dev"; }; - piedsjaloux_prod = piedsjaloux { environment = "prod"; }; - - cfg = config.services.myWebsites.PiedsJaloux; -in { - options.services.myWebsites.PiedsJaloux = { - production = { - enable = lib.mkEnableOption "enable PiedsJaloux's website in production"; - }; - integration = { - enable = lib.mkEnableOption "enable PiedsJaloux's website in integration"; - }; - }; - - imports = [ - ./commons/stats.nix - ]; - - config = lib.mkMerge [ - (lib.mkIf cfg.production.enable { - services.myWebsites.commons.stats.enable = true; - services.myWebsites.commons.stats.sites = [ - { - name = "piedsjaloux.fr"; - conf = ../../packages/piedsjaloux_goaccess.conf; - } - ]; - - security.acme.certs."piedsjaloux" = config.services.myCertificates.certConfig // { - domain = "piedsjaloux.fr"; - extraDomains = { - "www.piedsjaloux.fr" = null; - }; - }; - - services.phpfpm.poolConfigs.piedsjaloux_prod = piedsjaloux_prod.phpFpm.pool; - system.activationScripts.piedsjaloux_prod = piedsjaloux_prod.activationScript; - services.myWebsites.production.modules = piedsjaloux_prod.apache.modules; - services.myWebsites.production.vhostConfs.piedsjaloux = { - certName = "piedsjaloux"; - hosts = [ "piedsjaloux.fr" "www.piedsjaloux.fr" ]; - root = piedsjaloux_prod.webRoot; - extraConfig = [ piedsjaloux_prod.apache.vhostConf ]; - }; - }) - (lib.mkIf cfg.integration.enable { - security.acme.certs."eldiron".extraDomains."piedsjaloux.immae.eu" = null; - services.phpfpm.poolConfigs.piedsjaloux_dev = piedsjaloux_dev.phpFpm.pool; - system.activationScripts.piedsjaloux_dev = piedsjaloux_dev.activationScript; - services.myWebsites.integration.modules = piedsjaloux_dev.apache.modules; - services.myWebsites.integration.vhostConfs.piedsjaloux = { - certName = "eldiron"; - hosts = [ "piedsjaloux.immae.eu" ]; - root = piedsjaloux_dev.webRoot; - extraConfig = [ piedsjaloux_dev.apache.vhostConf ]; - }; - }) - ]; -} - diff --git a/virtual/modules/websites/piedsjaloux/default.nix b/virtual/modules/websites/piedsjaloux/default.nix new file mode 100644 index 0000000..bf74173 --- /dev/null +++ b/virtual/modules/websites/piedsjaloux/default.nix @@ -0,0 +1,63 @@ +{ lib, pkgs, config, mylibs, ... }: +let + piedsjaloux = pkgs.callPackage ./piedsjaloux.nix { inherit (mylibs) checkEnv fetchedGitPrivate; }; + piedsjaloux_dev = piedsjaloux { environment = "dev"; }; + piedsjaloux_prod = piedsjaloux { environment = "prod"; }; + + cfg = config.services.myWebsites.PiedsJaloux; +in { + options.services.myWebsites.PiedsJaloux = { + production = { + enable = lib.mkEnableOption "enable PiedsJaloux's website in production"; + }; + integration = { + enable = lib.mkEnableOption "enable PiedsJaloux's website in integration"; + }; + }; + + imports = [ + ../commons/stats.nix + ]; + + config = lib.mkMerge [ + (lib.mkIf cfg.production.enable { + services.myWebsites.commons.stats.enable = true; + services.myWebsites.commons.stats.sites = [ + { + name = "piedsjaloux.fr"; + conf = ./goaccess.conf; + } + ]; + + security.acme.certs."piedsjaloux" = config.services.myCertificates.certConfig // { + domain = "piedsjaloux.fr"; + extraDomains = { + "www.piedsjaloux.fr" = null; + }; + }; + + services.phpfpm.poolConfigs.piedsjaloux_prod = piedsjaloux_prod.phpFpm.pool; + system.activationScripts.piedsjaloux_prod = piedsjaloux_prod.activationScript; + services.myWebsites.production.modules = piedsjaloux_prod.apache.modules; + services.myWebsites.production.vhostConfs.piedsjaloux = { + certName = "piedsjaloux"; + hosts = [ "piedsjaloux.fr" "www.piedsjaloux.fr" ]; + root = piedsjaloux_prod.webRoot; + extraConfig = [ piedsjaloux_prod.apache.vhostConf ]; + }; + }) + (lib.mkIf cfg.integration.enable { + security.acme.certs."eldiron".extraDomains."piedsjaloux.immae.eu" = null; + services.phpfpm.poolConfigs.piedsjaloux_dev = piedsjaloux_dev.phpFpm.pool; + system.activationScripts.piedsjaloux_dev = piedsjaloux_dev.activationScript; + services.myWebsites.integration.modules = piedsjaloux_dev.apache.modules; + services.myWebsites.integration.vhostConfs.piedsjaloux = { + certName = "eldiron"; + hosts = [ "piedsjaloux.immae.eu" ]; + root = piedsjaloux_dev.webRoot; + extraConfig = [ piedsjaloux_dev.apache.vhostConf ]; + }; + }) + ]; +} + diff --git a/virtual/modules/websites/piedsjaloux/goaccess.conf b/virtual/modules/websites/piedsjaloux/goaccess.conf new file mode 100644 index 0000000..3950f7e --- /dev/null +++ b/virtual/modules/websites/piedsjaloux/goaccess.conf @@ -0,0 +1,99 @@ +time-format %H:%M:%S +date-format %d/%b/%Y + +#sur immae.eu +#log-format %v %h %^[%d:%t %^] "%r" %s %b "%R" "%u" $^ + +log-format VCOMBINED +#= %v:%^ %h %^[%d:%t %^] "%r" %s %b "%R" "%u" + +html-prefs {"theme":"bright","layout":"vertical"} + +exclude-ip 188.165.209.148 +exclude-ip 178.33.252.96 +exclude-ip 2001:41d0:2:9c94::1 +exclude-ip 2001:41d0:2:9c94:: +exclude-ip 176.9.151.89 +exclude-ip 2a01:4f8:160:3445:: +exclude-ip 82.255.56.72 + +no-query-string true + +keep-db-files true +load-from-disk true +db-path /var/lib/goaccess/piedsjaloux.fr + +ignore-panel REFERRERS +ignore-panel KEYPHRASES + +static-file .css +static-file .js +static-file .jpg +static-file .png +static-file .gif +static-file .ico +static-file .jpeg +static-file .pdf +static-file .csv +static-file .mpeg +static-file .mpg +static-file .swf +static-file .woff +static-file .woff2 +static-file .xls +static-file .xlsx +static-file .doc +static-file .docx +static-file .ppt +static-file .pptx +static-file .txt +static-file .zip +static-file .ogg +static-file .mp3 +static-file .mp4 +static-file .exe +static-file .iso +static-file .gz +static-file .rar +static-file .svg +static-file .bmp +static-file .tar +static-file .tgz +static-file .tiff +static-file .tif +static-file .ttf +static-file .flv +#static-file .less +#static-file .ac3 +#static-file .avi +#static-file .bz2 +#static-file .class +#static-file .cue +#static-file .dae +#static-file .dat +#static-file .dts +#static-file .ejs +#static-file .eot +#static-file .eps +#static-file .img +#static-file .jar +#static-file .map +#static-file .mid +#static-file .midi +#static-file .ogv +#static-file .webm +#static-file .mkv +#static-file .odp +#static-file .ods +#static-file .odt +#static-file .otf +#static-file .pict +#static-file .pls +#static-file .ps +#static-file .qt +#static-file .rm +#static-file .svgz +#static-file .wav +#static-file .webp + + diff --git a/virtual/modules/websites/piedsjaloux/piedsjaloux.json b/virtual/modules/websites/piedsjaloux/piedsjaloux.json new file mode 100644 index 0000000..c4aae16 --- /dev/null +++ b/virtual/modules/websites/piedsjaloux/piedsjaloux.json @@ -0,0 +1,14 @@ +{ + "tag": "c7a5593-master", + "meta": { + "name": "piedsjaloux", + "url": "gitolite@git.immae.eu:Pieds_jaloux/NewSite", + "branch": "master" + }, + "git": { + "url": "gitolite@git.immae.eu:Pieds_jaloux/NewSite", + "rev": "c7a5593c37040c6f1f57f8163bc13256aabf6b3e", + "sha256": "1zvyd90d6xns6ypnp1p3fgbcl30pqwdv335qagbbjak1cn8jaq4l", + "fetchSubmodules": true + } +} diff --git a/virtual/modules/websites/piedsjaloux/piedsjaloux.nix b/virtual/modules/websites/piedsjaloux/piedsjaloux.nix new file mode 100644 index 0000000..1c3d8b7 --- /dev/null +++ b/virtual/modules/websites/piedsjaloux/piedsjaloux.nix @@ -0,0 +1,171 @@ +{ lib, checkEnv, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages, texlive, imagemagick }: +let + piedsjaloux = { environment ? "dev" }: rec { + varPrefix = "PIEDSJALOUX"; + varDir = "/var/lib/piedsjaloux_${environment}"; + envName= lib.strings.toUpper environment; + configRoot = + assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"; + assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"; + assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME"; + assert checkEnv "NIXOPS_${varPrefix}_${envName}_SECRET"; + writeText "parameters.yml" '' + # This file is auto-generated during the composer install + parameters: + database_host: db-1.immae.eu + database_port: null + database_name: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME"} + database_user: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"} + database_password: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"} + mailer_transport: smtp + mailer_host: mail.immae.eu + mailer_user: null + mailer_password: null + secret: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_SECRET"} + pdflatex: "${texlive.combine { inherit (texlive) attachfile preprint scheme-small; }}/bin/pdflatex" + leapt_im: + binary_path: ${imagemagick}/bin + ''; + phpFpm = rec { + socket = "/var/run/phpfpm/piedsjaloux-${environment}.sock"; + pool = '' + listen = ${socket} + user = ${apache.user} + group = ${apache.group} + listen.owner = ${apache.user} + listen.group = ${apache.group} + php_admin_value[upload_max_filesize] = 20M + php_admin_value[post_max_size] = 20M + ;php_admin_flag[log_errors] = on + php_admin_value[open_basedir] = "${configRoot}:${webappDir}:${varDir}:/tmp" + php_admin_value[session.save_path] = "${varDir}/phpSessions" + ${if environment == "dev" then '' + pm = ondemand + pm.max_children = 5 + pm.process_idle_timeout = 60 + env[SYMFONY_DEBUG_MODE] = "yes" + '' else '' + pm = dynamic + pm.max_children = 20 + pm.start_servers = 2 + pm.min_spare_servers = 1 + pm.max_spare_servers = 3 + ''}''; + }; + apache = { + user = "wwwrun"; + group = "wwwrun"; + modules = [ "proxy_fcgi" ]; + vhostConf = '' + + SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" + + + ${if environment == "dev" then '' + + Use LDAPConnect + Require ldap-group cn=piedsjaloux.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu + ErrorDocument 401 "" + + + + Options Indexes FollowSymLinks MultiViews Includes + AllowOverride None + Require all granted + + DirectoryIndex app_dev.php + + + Options -MultiViews + + + + RewriteEngine On + + RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$ + RewriteRule ^(.*) - [E=BASE:%1] + + # Maintenance script + RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f + RewriteCond %{SCRIPT_FILENAME} !maintenance.php + RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L] + ErrorDocument 503 /maintenance.php + + # Sets the HTTP_AUTHORIZATION header removed by Apache + RewriteCond %{HTTP:Authorization} . + RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] + + RewriteCond %{ENV:REDIRECT_STATUS} ^$ + RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L] + + # If the requested filename exists, simply serve it. + # We only want to let Apache serve files and not directories. + RewriteCond %{REQUEST_FILENAME} -f + RewriteRule ^ - [L] + + # Rewrite all other queries to the front controller. + RewriteRule ^ %{ENV:BASE}/app_dev.php [L] + + + + '' else '' + Use Stats piedsjaloux.fr + + + Options Indexes FollowSymLinks MultiViews Includes + AllowOverride All + Require all granted + + ''} + ''; + }; + activationScript = { + deps = [ "wrappers" ]; + text = '' + install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ + ${varDir}/tmp + install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions + if [ ! -f "${varDir}/currentWebappDir" -o \ + "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then + pushd ${webappDir} > /dev/null + $wrapperDir/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup + popd > /dev/null + echo -n "${webappDir}" > ${varDir}/currentWebappDir + fi + ''; + }; + webappDir = stdenv.mkDerivation (fetchedGitPrivate ./piedsjaloux.json // rec { + # FIXME: can we do better than symlink? + # FIXME: initial sync + # FIXME: backup + # FIXME: miniatures and data need to be in the same dir due to a + # bug in leapt.im (searches for data/../miniatures) + # FIXME: var/bootstrap.php.cache doesn't get created + # (cannot work with var as a symlink since the file + # references ..) + # FIXME: configuration change should not trigger a rebuild + buildPhase = '' + export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt + export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt + + ln -sf ${configRoot} app/config/parameters.yml + sed -i -e "/Incenteev..ParameterHandler..ScriptHandler::buildParameters/d" composer.json + ${if environment == "dev" then '' + composer install + '' else '' + SYMFONY_ENV=prod composer install --no-dev + ''} + rm -rf var + ln -sf ../../../../../${varDir} var + ''; + installPhase = '' + cp -a . $out + ''; + buildInputs = [ + php git cacert phpPackages.composer + ]; + }); + webRoot = "${webappDir}/web"; + }; +in + piedsjaloux -- cgit v1.2.3