steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions
infra/nix/os/containers/webserver.nix

169 lines
3.9 KiB
Nix
Raw Normal View History

containers: make all variables explicit Instead of merging the argument set just make all arguments explicit.
2020-09-15 17:21:28 +02:00
{ hostAddress
, localAddress
srv0,webserver: expose port 80 so ACME can verify the certificate
2021-02-07 17:01:17 +01:00
, httpPort ? 80
containers: make all variables explicit Instead of merging the argument set just make all arguments explicit.
2020-09-15 17:21:28 +02:00
, httpsPort ? 443
webserver: configure hedgedoc
2021-05-24 19:50:36 +02:00
}:
let
passwords = import ../../variables/passwords.crypt.nix;
in {
nixos: adjust to 20.09 changes Most notably the php5 expression needed to be reworked.
2020-10-18 20:14:11 +02:00
config = { config, pkgs, lib, ... }: {
nix/os/containers: configure ddclient-ovh respectively
2019-02-03 11:58:07 +01:00
imports = [
nix/os/containers: add new profile
2019-02-03 14:31:21 +01:00
../profiles/containers/configuration.nix
nix/os/containers: configure ddclient-ovh respectively
2019-02-03 11:58:07 +01:00
];
nix/os,CFB4ED74: add webserver container
2019-01-28 15:50:31 +01:00
networking.firewall.enable = false;
nix/os/containers: configure ddclient-ovh respectively
2019-02-03 11:58:07 +01:00
services.ddclientovh = {
enable = true;
domain = "www.stefanjunker.de";
};
containers/webserver: use ACME for cert generation
2021-01-01 12:00:48 +01:00
security.acme = {
acceptTerms = true;
certs."www.stefanjunker.de".email = "mail@stefanjunker.de";
srv0,webserver: expose port 80 so ACME can verify the certificate
2021-02-07 17:01:17 +01:00
preliminarySelfsigned = true;
# can be used for debugging
# server = "https://acme-staging-v02.api.letsencrypt.org/directory";
containers/webserver: use ACME for cert generation
2021-01-01 12:00:48 +01:00
};
nix/os/containers/webserver: use php56 and drop the chroot
2019-02-03 12:58:56 +01:00
services.nginx.enable = true;
webserver: configure hedgedoc
2021-05-24 19:50:36 +02:00
services.nginx.recommendedProxySettings = true;
containers/webserver: use ACME for cert generation
2021-01-01 12:00:48 +01:00
services.nginx.virtualHosts."www.stefanjunker.de" = {
nix/os/containers/webserver: use php56 and drop the chroot
2019-02-03 12:58:56 +01:00
default = true;
srv0,webserver: expose port 80 so ACME can verify the certificate
2021-02-07 17:01:17 +01:00
addSSL = true;
listen = [
{
addr = "0.0.0.0";
port = httpPort;
ssl = false;
}
{
addr = "0.0.0.0";
port = httpsPort;
ssl = true;
}
];
nix/os/containers/webserver: use php56 and drop the chroot
2019-02-03 12:58:56 +01:00
root = "/var/www/stefanjunker.de/htdocs";
nix/os,CFB4ED74: add webserver container
2019-01-28 15:50:31 +01:00
containers/webserver: use ACME for cert generation
2021-01-01 12:00:48 +01:00
enableACME = true;
srv0,webserver: expose port 80 so ACME can verify the certificate
2021-02-07 17:01:17 +01:00
# serverAliases = [
# "www.stefanjunker.de"
# ];
containers/webserver: use ACME for cert generation
2021-01-01 12:00:48 +01:00
# sslCertificate = "/etc/secrets/stefanjunker.de/nginx/nginx.crt";
# sslCertificateKey = "/etc/secrets/stefanjunker.de/nginx/nginx.key";
nix/os/containers/webserver: use php56 and drop the chroot
2019-02-03 12:58:56 +01:00
locations."/fi" = {
index = "index.php";
nix/os,CFB4ED74: add webserver container
2019-01-28 15:50:31 +01:00
};
nix/os/containers/webserver: use php56 and drop the chroot
2019-02-03 12:58:56 +01:00
locations."~ ^(.+\.php)(.*)$".extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(.*)$;
nixos: adjust to 20.09 changes Most notably the php5 expression needed to be reworked.
2020-10-18 20:14:11 +02:00
fastcgi_pass unix:${config.services.phpfpm.pools.mypool.socket};
nix/os/containers/webserver: use php56 and drop the chroot
2019-02-03 12:58:56 +01:00
fastcgi_index index.php;
nix/os,CFB4ED74: add webserver container
2019-01-28 15:50:31 +01:00
'';
webserver: configure hedgedoc
2021-05-24 19:50:36 +02:00
locations."/hedgedoc/" = {
proxyPass = "http://127.0.0.1:3000/";
};
locations."/hedgedoc/socket.io/" = {
proxyPass = "http://127.0.0.1:3000/socket.io/";
proxyWebsockets = true;
};
nix/os,CFB4ED74: add webserver container
2019-01-28 15:50:31 +01:00
};
nix/os/devices/vmd32387.contaboserver.net: update to NixOS 20.03
2020-03-15 09:57:21 +01:00
services.phpfpm.pools.mypool = {
user = "nobody";
nixos: adjust to 20.09 changes Most notably the php5 expression needed to be reworked.
2020-10-18 20:14:11 +02:00
phpPackage = pkgs.php5;
nix/os/devices/vmd32387.contaboserver.net: update to NixOS 20.03
2020-03-15 09:57:21 +01:00
settings = {
nixos: adjust to 20.09 changes Most notably the php5 expression needed to be reworked.
2020-10-18 20:14:11 +02:00
"listen.owner" = config.services.nginx.user;
nix/os/devices/vmd32387.contaboserver.net: update to NixOS 20.03
2020-03-15 09:57:21 +01:00
"pm" = "dynamic";
"pm.max_children" = 5;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 1;
"pm.max_spare_servers" = 3;
"pm.max_requests" = 500;
"php_admin_value[error_reporting]" = "E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED";
};
};
nix/os/containers/webserver: use php56 and drop the chroot
2019-02-03 12:58:56 +01:00
nixos: adjust to 20.09 changes Most notably the php5 expression needed to be reworked.
2020-10-18 20:14:11 +02:00
# the custom php5 we're using here has no fpm-systemd, so the default `Type = "notify"` won't work
systemd.services."phpfpm-mypool" = {
serviceConfig = {
Type = lib.mkForce "simple";
};
};
nix/os/containers/webserver: use php56 and drop the chroot
2019-02-03 12:58:56 +01:00
services.mysql = {
nix/os,CFB4ED74: add webserver container
2019-01-28 15:50:31 +01:00
enable = true;
nix/os/containers/webserver: use php56 and drop the chroot
2019-02-03 12:58:56 +01:00
package = pkgs.mariadb;
nix/os,CFB4ED74: add webserver container
2019-01-28 15:50:31 +01:00
};
webserver: configure hedgedoc
2021-05-24 19:50:36 +02:00
services.hedgedoc = {
enable = true;
configuration = {
domain = "www.stefanjunker.de";
urlPath = "hedgedoc";
protocolUseSSL = true;
db = {
dialect = "sqlite";
storage = "/var/lib/codimd/db.codimd.sqlite";
};
allowAnonymous = false;
# oauth2 provider config
inherit (passwords.www_stefanjunker_de_hedgedoc) dropbox;
};
};
nix/os,CFB4ED74: add webserver container
2019-01-28 15:50:31 +01:00
};
autoStart = true;
bindMounts = {
nix/os/containers/webserver: use php56 and drop the chroot
2019-02-03 12:58:56 +01:00
"/etc/secrets/" = {
hostPath = "/var/lib/container-volumes/webserver/etc-secrets";
isReadOnly = true;
};
"/var/www" = {
hostPath = "/var/lib/container-volumes/webserver/var-www";
nix/os,CFB4ED74: add webserver container
2019-01-28 15:50:31 +01:00
isReadOnly = false;
};
nix/os/containers/webserver: use php56 and drop the chroot
2019-02-03 12:58:56 +01:00
"/var/lib/mysql" = {
hostPath = "/var/lib/container-volumes/webserver/var-lib-mysql";
isReadOnly = false;
};
webserver: configure hedgedoc
2021-05-24 19:50:36 +02:00
"/var/lib/codimd" = {
hostPath = "/var/lib/container-volumes/webserver/var-lib-codimd";
isReadOnly = false;
};
nix/os,CFB4ED74: add webserver container
2019-01-28 15:50:31 +01:00
};
privateNetwork = true;
forwardPorts = [
srv0,webserver: expose port 80 so ACME can verify the certificate
2021-02-07 17:01:17 +01:00
{
# http
containerPort = 80;
hostPort = httpPort;
protocol = "tcp";
}
nix/os,CFB4ED74: add webserver container
2019-01-28 15:50:31 +01:00
{
nix/os/containers/webserver: use php56 and drop the chroot
2019-02-03 12:58:56 +01:00
# https
nix/os,CFB4ED74: add webserver container
2019-01-28 15:50:31 +01:00
containerPort = 443;
containers: make all host ports configurable
2020-09-14 19:38:36 +02:00
hostPort = httpsPort;
nix/os,CFB4ED74: add webserver container
2019-01-28 15:50:31 +01:00
protocol = "tcp";
}
];
containers: make all variables explicit Instead of merging the argument set just make all arguments explicit.
2020-09-15 17:21:28 +02:00
inherit hostAddress localAddress;
nix/os,CFB4ED74: add webserver container
2019-01-28 15:50:31 +01:00
}
Reference in a new issue Copy permalink