blob: 0a33bc0a095d716910cdcc092e1d957dd7e4ea1e (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
{ lib, pkgs, config, myconfig, ... }:
let
secrets = myconfig.env.websites.piedsjaloux.integration;
app = pkgs.webapps.piedsjaloux.override { environment = secrets.environment; };
cfg = config.myServices.websites.piedsjaloux.integration;
pcfg = config.services.phpApplication;
in {
options.myServices.websites.piedsjaloux.integration.enable = lib.mkEnableOption "enable PiedsJaloux's website in integration";
config = lib.mkIf cfg.enable {
services.phpApplication.apps.piedsjaloux_dev = {
websiteEnv = "integration";
httpdUser = config.services.httpd.Inte.user;
httpdGroup = config.services.httpd.Inte.group;
inherit (app) webRoot varDir;
varDirPaths = {
"tmp" = "0700";
};
inherit app;
serviceDeps = [ "mysql.service" ];
preStartActions = [
"./bin/console --env=${app.environment} cache:clear --no-warmup"
];
phpOpenbasedir = [ "/tmp" ];
phpPool = ''
php_admin_value[upload_max_filesize] = 20M
php_admin_value[post_max_size] = 20M
;php_admin_flag[log_errors] = on
env[PATH] = ${lib.makeBinPath [ pkgs.apg pkgs.unzip ]}
pm = ondemand
pm.max_children = 5
pm.process_idle_timeout = 60
env[SYMFONY_DEBUG_MODE] = "yes"
'';
phpWatchFiles = [
config.secrets.fullPaths."webapps/${app.environment}-piedsjaloux"
];
};
secrets.keys = [
{
dest = "webapps/${app.environment}-piedsjaloux";
user = config.services.httpd.Inte.user;
group = config.services.httpd.Inte.group;
permissions = "0400";
text = ''
# This file is auto-generated during the composer install
parameters:
database_host: ${secrets.mysql.host}
database_port: ${secrets.mysql.port}
database_name: ${secrets.mysql.name}
database_user: ${secrets.mysql.user}
database_password: ${secrets.mysql.password}
database_server_version: ${pkgs.mariadb.mysqlVersion}
mailer_transport: smtp
mailer_host: 127.0.0.1
mailer_user: null
mailer_password: null
secret: ${secrets.secret}
pdflatex: "${pkgs.texlive.combine { inherit (pkgs.texlive) attachfile preprint scheme-small; }}/bin/pdflatex"
leapt_im:
binary_path: ${pkgs.imagemagick}/bin
'';
}
];
services.websites.env.integration.vhostConfs.piedsjaloux_dev = {
certName = "eldiron";
addToCerts = true;
hosts = [ "piedsjaloux.immae.eu" ];
root = pcfg.webappDirs.piedsjaloux_dev;
extraConfig = [
''
<FilesMatch "\.php$">
SetHandler "proxy:unix:${pcfg.phpListenPaths.piedsjaloux_dev}|fcgi://localhost"
</FilesMatch>
<Location />
Use LDAPConnect
Require ldap-group cn=piedsjaloux.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://piedsjaloux.fr\"></html>"
</Location>
<Directory ${pcfg.webappDirs.piedsjaloux_dev}>
Options Indexes FollowSymLinks MultiViews Includes
AllowOverride None
Require all granted
DirectoryIndex app_dev.php
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
RewriteRule ^(.*) - [E=BASE:%1]
# Maintenance script
RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f
RewriteCond %{SCRIPT_FILENAME} !maintenance.php
RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]
ErrorDocument 503 /maintenance.php
# Sets the HTTP_AUTHORIZATION header removed by Apache
RewriteCond %{HTTP:Authorization} .
RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
# If the requested filename exists, simply serve it.
# We only want to let Apache serve files and not directories.
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^ - [L]
# Rewrite all other queries to the front controller.
RewriteRule ^ %{ENV:BASE}/app_dev.php [L]
</IfModule>
</Directory>
''
];
};
};
}
|
