2020-09-15 17:21:28 +02:00
|
|
|
{ hostAddress
|
|
|
|
|
, localAddress
|
2021-02-07 17:01:17 +01:00
|
|
|
, httpPort ? 80
|
2020-09-15 17:21:28 +02:00
|
|
|
, httpsPort ? 443
|
|
|
|
|
}: {
|
2020-10-18 20:14:11 +02:00
|
|
|
config = { config, pkgs, lib, ... }: {
|
2019-02-03 11:58:07 +01:00
|
|
|
imports = [
|
2019-02-03 14:31:21 +01:00
|
|
|
../profiles/containers/configuration.nix
|
2019-02-03 11:58:07 +01:00
|
|
|
];
|
|
|
|
|
|
2019-01-28 15:50:31 +01:00
|
|
|
networking.firewall.enable = false;
|
|
|
|
|
|
2019-02-03 11:58:07 +01:00
|
|
|
services.ddclientovh = {
|
|
|
|
|
enable = true;
|
|
|
|
|
domain = "www.stefanjunker.de";
|
|
|
|
|
};
|
|
|
|
|
|
2021-01-01 12:00:48 +01:00
|
|
|
security.acme = {
|
|
|
|
|
acceptTerms = true;
|
|
|
|
|
certs."www.stefanjunker.de".email = "mail@stefanjunker.de";
|
2021-02-07 17:01:17 +01:00
|
|
|
preliminarySelfsigned = true;
|
|
|
|
|
|
|
|
|
|
# can be used for debugging
|
|
|
|
|
# server = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
2021-01-01 12:00:48 +01:00
|
|
|
};
|
|
|
|
|
|
2019-02-03 12:58:56 +01:00
|
|
|
services.nginx.enable = true;
|
2021-01-01 12:00:48 +01:00
|
|
|
services.nginx.virtualHosts."www.stefanjunker.de" = {
|
2019-02-03 12:58:56 +01:00
|
|
|
default = true;
|
2021-02-07 17:01:17 +01:00
|
|
|
addSSL = true;
|
|
|
|
|
listen = [
|
|
|
|
|
{
|
|
|
|
|
addr = "0.0.0.0";
|
|
|
|
|
port = httpPort;
|
|
|
|
|
ssl = false;
|
|
|
|
|
}
|
|
|
|
|
{
|
|
|
|
|
addr = "0.0.0.0";
|
|
|
|
|
port = httpsPort;
|
|
|
|
|
ssl = true;
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
|
2019-02-03 12:58:56 +01:00
|
|
|
root = "/var/www/stefanjunker.de/htdocs";
|
2019-01-28 15:50:31 +01:00
|
|
|
|
2021-01-01 12:00:48 +01:00
|
|
|
enableACME = true;
|
2021-02-07 17:01:17 +01:00
|
|
|
# serverAliases = [
|
|
|
|
|
# "www.stefanjunker.de"
|
|
|
|
|
# ];
|
2021-01-01 12:00:48 +01:00
|
|
|
# sslCertificate = "/etc/secrets/stefanjunker.de/nginx/nginx.crt";
|
|
|
|
|
# sslCertificateKey = "/etc/secrets/stefanjunker.de/nginx/nginx.key";
|
2019-02-03 12:58:56 +01:00
|
|
|
|
|
|
|
|
locations."/fi" = {
|
|
|
|
|
index = "index.php";
|
2019-01-28 15:50:31 +01:00
|
|
|
};
|
2019-02-03 12:58:56 +01:00
|
|
|
|
|
|
|
|
locations."~ ^(.+\.php)(.*)$".extraConfig = ''
|
|
|
|
|
fastcgi_split_path_info ^(.+\.php)(.*)$;
|
|
|
|
|
|
2020-10-18 20:14:11 +02:00
|
|
|
fastcgi_pass unix:${config.services.phpfpm.pools.mypool.socket};
|
2019-02-03 12:58:56 +01:00
|
|
|
fastcgi_index index.php;
|
2019-01-28 15:50:31 +01:00
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2020-03-15 09:57:21 +01:00
|
|
|
services.phpfpm.pools.mypool = {
|
|
|
|
|
user = "nobody";
|
2020-10-18 20:14:11 +02:00
|
|
|
phpPackage = pkgs.php5;
|
2020-03-15 09:57:21 +01:00
|
|
|
settings = {
|
2020-10-18 20:14:11 +02:00
|
|
|
"listen.owner" = config.services.nginx.user;
|
2020-03-15 09:57:21 +01:00
|
|
|
"pm" = "dynamic";
|
|
|
|
|
"pm.max_children" = 5;
|
|
|
|
|
"pm.start_servers" = 2;
|
|
|
|
|
"pm.min_spare_servers" = 1;
|
|
|
|
|
"pm.max_spare_servers" = 3;
|
|
|
|
|
"pm.max_requests" = 500;
|
|
|
|
|
|
|
|
|
|
"php_admin_value[error_reporting]" = "E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED";
|
|
|
|
|
};
|
|
|
|
|
};
|
2019-02-03 12:58:56 +01:00
|
|
|
|
2020-10-18 20:14:11 +02:00
|
|
|
# the custom php5 we're using here has no fpm-systemd, so the default `Type = "notify"` won't work
|
|
|
|
|
systemd.services."phpfpm-mypool" = {
|
|
|
|
|
serviceConfig = {
|
|
|
|
|
Type = lib.mkForce "simple";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2019-02-03 12:58:56 +01:00
|
|
|
services.mysql = {
|
2019-01-28 15:50:31 +01:00
|
|
|
enable = true;
|
2019-02-03 12:58:56 +01:00
|
|
|
package = pkgs.mariadb;
|
2019-01-28 15:50:31 +01:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
autoStart = true;
|
|
|
|
|
|
|
|
|
|
bindMounts = {
|
2019-02-03 12:58:56 +01:00
|
|
|
"/etc/secrets/" = {
|
|
|
|
|
hostPath = "/var/lib/container-volumes/webserver/etc-secrets";
|
|
|
|
|
isReadOnly = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
"/var/www" = {
|
|
|
|
|
hostPath = "/var/lib/container-volumes/webserver/var-www";
|
2019-01-28 15:50:31 +01:00
|
|
|
isReadOnly = false;
|
|
|
|
|
};
|
|
|
|
|
|
2019-02-03 12:58:56 +01:00
|
|
|
"/var/lib/mysql" = {
|
|
|
|
|
hostPath = "/var/lib/container-volumes/webserver/var-lib-mysql";
|
|
|
|
|
isReadOnly = false;
|
|
|
|
|
};
|
2019-01-28 15:50:31 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
privateNetwork = true;
|
|
|
|
|
forwardPorts = [
|
2021-02-07 17:01:17 +01:00
|
|
|
{
|
|
|
|
|
# http
|
|
|
|
|
containerPort = 80;
|
|
|
|
|
hostPort = httpPort;
|
|
|
|
|
protocol = "tcp";
|
|
|
|
|
}
|
2019-01-28 15:50:31 +01:00
|
|
|
{
|
2019-02-03 12:58:56 +01:00
|
|
|
# https
|
2019-01-28 15:50:31 +01:00
|
|
|
containerPort = 443;
|
2020-09-14 19:38:36 +02:00
|
|
|
hostPort = httpsPort;
|
2019-01-28 15:50:31 +01:00
|
|
|
protocol = "tcp";
|
|
|
|
|
}
|
|
|
|
|
];
|
2020-09-15 17:21:28 +02:00
|
|
|
|
|
|
|
|
inherit hostAddress localAddress;
|
2019-01-28 15:50:31 +01:00
|
|
|
}
|
