diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2018-12-13 21:25:24 +0100 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-05-24 01:40:13 +0200 |
commit | 252dd7d899b7a0deea1537cc5d2d48b825afffb0 (patch) | |
tree | f51c3c9cd7429b0b9553a840f26bee489be045bc /modules/private/websites/chloe | |
download | NUR-252dd7d899b7a0deea1537cc5d2d48b825afffb0.tar.gz NUR-252dd7d899b7a0deea1537cc5d2d48b825afffb0.tar.zst NUR-252dd7d899b7a0deea1537cc5d2d48b825afffb0.zip |
Initial commit published for NURnur_root
Diffstat (limited to 'modules/private/websites/chloe')
-rw-r--r-- | modules/private/websites/chloe/builder.nix | 102 | ||||
-rw-r--r-- | modules/private/websites/chloe/config/chmod.php | 4 | ||||
-rw-r--r-- | modules/private/websites/chloe/config/connect.php | 15 | ||||
-rw-r--r-- | modules/private/websites/chloe/config/ldap.php | 9 | ||||
-rw-r--r-- | modules/private/websites/chloe/integration.nix | 36 | ||||
-rw-r--r-- | modules/private/websites/chloe/production.nix | 38 |
6 files changed, 204 insertions, 0 deletions
diff --git a/modules/private/websites/chloe/builder.nix b/modules/private/websites/chloe/builder.nix new file mode 100644 index 00000000..f65e9a95 --- /dev/null +++ b/modules/private/websites/chloe/builder.nix | |||
@@ -0,0 +1,102 @@ | |||
1 | { apacheUser, apacheGroup, chloe, config }: | ||
2 | rec { | ||
3 | app = chloe.override { inherit (config) environment; }; | ||
4 | phpFpm = rec { | ||
5 | serviceDeps = [ "mysql.service" ]; | ||
6 | socket = "/var/run/phpfpm/chloe-${app.environment}.sock"; | ||
7 | pool = '' | ||
8 | user = ${apacheUser} | ||
9 | group = ${apacheGroup} | ||
10 | listen.owner = ${apacheUser} | ||
11 | listen.group = ${apacheGroup} | ||
12 | php_admin_value[upload_max_filesize] = 20M | ||
13 | php_admin_value[post_max_size] = 20M | ||
14 | ;php_admin_flag[log_errors] = on | ||
15 | php_admin_value[open_basedir] = "${app.spipConfig}:${configDir}:${app}:${app.varDir}:/tmp" | ||
16 | php_admin_value[session.save_path] = "${app.varDir}/phpSessions" | ||
17 | ${if app.environment == "dev" then '' | ||
18 | pm = ondemand | ||
19 | pm.max_children = 5 | ||
20 | pm.process_idle_timeout = 60 | ||
21 | '' else '' | ||
22 | pm = dynamic | ||
23 | pm.max_children = 20 | ||
24 | pm.start_servers = 2 | ||
25 | pm.min_spare_servers = 1 | ||
26 | pm.max_spare_servers = 3 | ||
27 | ''}''; | ||
28 | }; | ||
29 | keys = [{ | ||
30 | dest = "webapps/${app.environment}-chloe"; | ||
31 | user = apacheUser; | ||
32 | group = apacheGroup; | ||
33 | permissions = "0400"; | ||
34 | text = '' | ||
35 | SetEnv SPIP_CONFIG_DIR "${configDir}" | ||
36 | SetEnv SPIP_VAR_DIR "${app.varDir}" | ||
37 | SetEnv SPIP_SITE "chloe-${app.environment}" | ||
38 | SetEnv SPIP_LDAP_BASE "dc=immae,dc=eu" | ||
39 | SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu" | ||
40 | SetEnv SPIP_LDAP_SEARCH_DN "${config.ldap.dn}" | ||
41 | SetEnv SPIP_LDAP_SEARCH_PW "${config.ldap.password}" | ||
42 | SetEnv SPIP_LDAP_SEARCH "${config.ldap.search}" | ||
43 | SetEnv SPIP_MYSQL_HOST "${config.mysql.host}" | ||
44 | SetEnv SPIP_MYSQL_PORT "${config.mysql.port}" | ||
45 | SetEnv SPIP_MYSQL_DB "${config.mysql.name}" | ||
46 | SetEnv SPIP_MYSQL_USER "${config.mysql.user}" | ||
47 | SetEnv SPIP_MYSQL_PASSWORD "${config.mysql.password}" | ||
48 | ''; | ||
49 | }]; | ||
50 | apache = rec { | ||
51 | modules = [ "proxy_fcgi" ]; | ||
52 | webappName = "chloe_${app.environment}"; | ||
53 | root = "/run/current-system/webapps/${webappName}"; | ||
54 | vhostConf = '' | ||
55 | Include /var/secrets/webapps/${app.environment}-chloe | ||
56 | |||
57 | RewriteEngine On | ||
58 | ${if app.environment == "prod" then '' | ||
59 | RewriteRule ^/news.rss /spip.php?page=backend&id_rubrique=1 | ||
60 | '' else ""} | ||
61 | |||
62 | <FilesMatch "\.php$"> | ||
63 | SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" | ||
64 | </FilesMatch> | ||
65 | |||
66 | <Directory ${root}> | ||
67 | DirectoryIndex index.php index.htm index.html | ||
68 | Options -Indexes +FollowSymLinks +MultiViews +Includes | ||
69 | Include ${root}/htaccess.txt | ||
70 | |||
71 | AllowOverride AuthConfig FileInfo Limit | ||
72 | Require all granted | ||
73 | </Directory> | ||
74 | |||
75 | <DirectoryMatch "${root}/squelettes"> | ||
76 | Require all denied | ||
77 | </DirectoryMatch> | ||
78 | |||
79 | <FilesMatch "(.htaccess|rewrite-rules|.gitignore)$"> | ||
80 | Require all denied | ||
81 | </FilesMatch> | ||
82 | |||
83 | ${if app.environment == "dev" then '' | ||
84 | <Location /> | ||
85 | Use LDAPConnect | ||
86 | Require ldap-group cn=chloe.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu | ||
87 | ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://osteopathe-cc.fr\"></html>" | ||
88 | </Location> | ||
89 | '' else '' | ||
90 | Use Stats osteopathe-cc.fr | ||
91 | ''} | ||
92 | ''; | ||
93 | }; | ||
94 | activationScript = { | ||
95 | deps = [ "wrappers" ]; | ||
96 | text = '' | ||
97 | install -m 0755 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir} ${app.varDir}/IMG ${app.varDir}/tmp ${app.varDir}/local | ||
98 | install -m 0750 -o ${apacheUser} -g ${apacheGroup} -d ${app.varDir}/phpSessions | ||
99 | ''; | ||
100 | }; | ||
101 | configDir = ./config; | ||
102 | } | ||
diff --git a/modules/private/websites/chloe/config/chmod.php b/modules/private/websites/chloe/config/chmod.php new file mode 100644 index 00000000..aae16cdf --- /dev/null +++ b/modules/private/websites/chloe/config/chmod.php | |||
@@ -0,0 +1,4 @@ | |||
1 | <?php | ||
2 | if (!defined("_ECRIRE_INC_VERSION")) return; | ||
3 | if (!defined('_SPIP_CHMOD')) define('_SPIP_CHMOD', 0777); | ||
4 | ?> \ No newline at end of file | ||
diff --git a/modules/private/websites/chloe/config/connect.php b/modules/private/websites/chloe/config/connect.php new file mode 100644 index 00000000..18b09330 --- /dev/null +++ b/modules/private/websites/chloe/config/connect.php | |||
@@ -0,0 +1,15 @@ | |||
1 | <?php | ||
2 | if (!defined("_ECRIRE_INC_VERSION")) return; | ||
3 | define('_MYSQL_SET_SQL_MODE',true); | ||
4 | $GLOBALS['spip_connect_version'] = 0.7; | ||
5 | spip_connect_db( | ||
6 | getenv("SPIP_MYSQL_HOST"), | ||
7 | getenv("SPIP_MYSQL_PORT"), | ||
8 | getenv("SPIP_MYSQL_USER"), | ||
9 | getenv("SPIP_MYSQL_PASSWORD"), | ||
10 | getenv("SPIP_MYSQL_DB"), | ||
11 | 'mysql', | ||
12 | 'spip', | ||
13 | 'ldap.php' | ||
14 | ); | ||
15 | ?> | ||
diff --git a/modules/private/websites/chloe/config/ldap.php b/modules/private/websites/chloe/config/ldap.php new file mode 100644 index 00000000..825b7edb --- /dev/null +++ b/modules/private/websites/chloe/config/ldap.php | |||
@@ -0,0 +1,9 @@ | |||
1 | <?php | ||
2 | if (!defined("_ECRIRE_INC_VERSION")) return; | ||
3 | $GLOBALS['ldap_base'] = getenv("SPIP_LDAP_BASE"); | ||
4 | $GLOBALS['ldap_link'] = @ldap_connect(getenv("SPIP_LDAP_HOST")); | ||
5 | @ldap_set_option($GLOBALS['ldap_link'],LDAP_OPT_PROTOCOL_VERSION,'3'); | ||
6 | @ldap_bind($GLOBALS['ldap_link'],getenv("SPIP_LDAP_SEARCH_DN"), getenv("SPIP_LDAP_SEARCH_PW")); | ||
7 | $GLOBALS['ldap_champs'] = array('login' => array('sAMAccountName','uid','login','userid','cn','sn'),'nom' => 'cn','email' => 'mail','bio' => 'description',); | ||
8 | $GLOBALS['ldap_search'] = getenv("SPIP_LDAP_SEARCH"); | ||
9 | ?> | ||
diff --git a/modules/private/websites/chloe/integration.nix b/modules/private/websites/chloe/integration.nix new file mode 100644 index 00000000..c42a4282 --- /dev/null +++ b/modules/private/websites/chloe/integration.nix | |||
@@ -0,0 +1,36 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | ||
2 | let | ||
3 | chloe = pkgs.callPackage ./builder.nix { | ||
4 | inherit (pkgs.webapps) chloe; | ||
5 | config = myconfig.env.websites.chloe.integration; | ||
6 | apacheUser = config.services.httpd.Inte.user; | ||
7 | apacheGroup = config.services.httpd.Inte.group; | ||
8 | }; | ||
9 | |||
10 | cfg = config.myServices.websites.chloe.integration; | ||
11 | in { | ||
12 | options.myServices.websites.chloe.integration.enable = lib.mkEnableOption "enable Chloe's website in integration"; | ||
13 | |||
14 | config = lib.mkIf cfg.enable { | ||
15 | secrets.keys = chloe.keys; | ||
16 | systemd.services.phpfpm-chloe_dev.after = lib.mkAfter chloe.phpFpm.serviceDeps; | ||
17 | systemd.services.phpfpm-chloe_dev.wants = chloe.phpFpm.serviceDeps; | ||
18 | services.phpfpm.pools.chloe_dev = { | ||
19 | listen = chloe.phpFpm.socket; | ||
20 | extraConfig = chloe.phpFpm.pool; | ||
21 | phpOptions = config.services.phpfpm.phpOptions + '' | ||
22 | extension=${pkgs.php}/lib/php/extensions/mysqli.so | ||
23 | ''; | ||
24 | }; | ||
25 | system.activationScripts.chloe_dev = chloe.activationScript; | ||
26 | myServices.websites.webappDirs."${chloe.apache.webappName}" = chloe.app.webRoot; | ||
27 | services.websites.integration.modules = chloe.apache.modules; | ||
28 | services.websites.integration.vhostConfs.chloe = { | ||
29 | certName = "eldiron"; | ||
30 | addToCerts = true; | ||
31 | hosts = ["chloe.immae.eu" ]; | ||
32 | root = chloe.apache.root; | ||
33 | extraConfig = [ chloe.apache.vhostConf ]; | ||
34 | }; | ||
35 | }; | ||
36 | } | ||
diff --git a/modules/private/websites/chloe/production.nix b/modules/private/websites/chloe/production.nix new file mode 100644 index 00000000..0bf2d8fd --- /dev/null +++ b/modules/private/websites/chloe/production.nix | |||
@@ -0,0 +1,38 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | ||
2 | let | ||
3 | chloe = pkgs.callPackage ./builder.nix { | ||
4 | inherit (pkgs.webapps) chloe; | ||
5 | config = myconfig.env.websites.chloe.production; | ||
6 | apacheUser = config.services.httpd.Prod.user; | ||
7 | apacheGroup = config.services.httpd.Prod.group; | ||
8 | }; | ||
9 | |||
10 | cfg = config.myServices.websites.chloe.production; | ||
11 | in { | ||
12 | options.myServices.websites.chloe.production.enable = lib.mkEnableOption "enable Chloe's website in production"; | ||
13 | |||
14 | config = lib.mkIf cfg.enable { | ||
15 | secrets.keys = chloe.keys; | ||
16 | services.webstats.sites = [ { name = "osteopathe-cc.fr"; } ]; | ||
17 | |||
18 | systemd.services.phpfpm-chloe_prod.after = lib.mkAfter chloe.phpFpm.serviceDeps; | ||
19 | systemd.services.phpfpm-chloe_prod.wants = chloe.phpFpm.serviceDeps; | ||
20 | services.phpfpm.pools.chloe_prod = { | ||
21 | listen = chloe.phpFpm.socket; | ||
22 | extraConfig = chloe.phpFpm.pool; | ||
23 | phpOptions = config.services.phpfpm.phpOptions + '' | ||
24 | extension=${pkgs.php}/lib/php/extensions/mysqli.so | ||
25 | ''; | ||
26 | }; | ||
27 | system.activationScripts.chloe_prod = chloe.activationScript; | ||
28 | myServices.websites.webappDirs."${chloe.apache.webappName}" = chloe.app.webRoot; | ||
29 | services.websites.production.modules = chloe.apache.modules; | ||
30 | services.websites.production.vhostConfs.chloe = { | ||
31 | certName = "chloe"; | ||
32 | certMainHost = "osteopathe-cc.fr"; | ||
33 | hosts = ["osteopathe-cc.fr" "www.osteopathe-cc.fr" ]; | ||
34 | root = chloe.apache.root; | ||
35 | extraConfig = [ chloe.apache.vhostConf ]; | ||
36 | }; | ||
37 | }; | ||
38 | } | ||