diff --git a/nix/os/containers/webserver.nix b/nix/os/containers/webserver.nix index 931d54a..089f266 100644 --- a/nix/os/containers/webserver.nix +++ b/nix/os/containers/webserver.nix @@ -2,7 +2,7 @@ , localAddress , httpsPort ? 443 }: { - config = { config, pkgs, ... }: { + config = { config, pkgs, lib, ... }: { imports = [ ../profiles/containers/configuration.nix ]; @@ -30,23 +30,16 @@ locations."~ ^(.+\.php)(.*)$".extraConfig = '' fastcgi_split_path_info ^(.+\.php)(.*)$; - fastcgi_pass 127.0.0.1:9000; + fastcgi_pass unix:${config.services.phpfpm.pools.mypool.socket}; fastcgi_index index.php; ''; }; - nixpkgs.config.php = { - imap = false; - openssl = false; - curl = false; - ldap = false; - }; - services.phpfpm.pools.mypool = { - phpPackage = pkgs.php56; - listen = "127.0.0.1:9000"; user = "nobody"; + phpPackage = pkgs.php5; settings = { + "listen.owner" = config.services.nginx.user; "pm" = "dynamic"; "pm.max_children" = 5; "pm.start_servers" = 2; @@ -58,6 +51,13 @@ }; }; + # the custom php5 we're using here has no fpm-systemd, so the default `Type = "notify"` won't work + systemd.services."phpfpm-mypool" = { + serviceConfig = { + Type = lib.mkForce "simple"; + }; + }; + services.mysql = { enable = true; package = pkgs.mariadb; diff --git a/nix/os/devices/vmd32387.contaboserver.net/system.nix b/nix/os/devices/vmd32387.contaboserver.net/system.nix index bdf8d72..2944e09 100644 --- a/nix/os/devices/vmd32387.contaboserver.net/system.nix +++ b/nix/os/devices/vmd32387.contaboserver.net/system.nix @@ -88,6 +88,10 @@ in { ssh = { enable = true; authorizedKeys = keys.users.steveej.openssh; + hostKeys = [ + "/etc/secrets/initrd/ssh_host_rsa_key" + "/etc/secrets/initrd/ssh_host_ed25519_key" + ]; }; }; diff --git a/nix/os/modules/ddclient-ovh.nix b/nix/os/modules/ddclient-ovh.nix index 43d9c1c..f7f9893 100644 --- a/nix/os/modules/ddclient-ovh.nix +++ b/nix/os/modules/ddclient-ovh.nix @@ -12,7 +12,7 @@ in { options.services.ddclientovh = with lib; { enable = mkEnableOption "Enable ddclient-ovh"; domain = mkOption { - type = types.string; + type = types.str; }; }; diff --git a/nix/pkgs/default.nix b/nix/pkgs/default.nix index 1c24ed7..a4c21e9 100644 --- a/nix/pkgs/default.nix +++ b/nix/pkgs/default.nix @@ -1,12 +1,5 @@ { pkgs }: let - # one application requires php5 - nixpkgsWithPhp5 = pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs-channels"; - rev = "846d8f8305192dcc3a63139102698b4ac6b9ef9f"; - sha256 = "1qifgc1q2i4g0ivpfjnxp4jl2cc82gfjws08dsllgw7q7kw4b4rb"; - }; in rec { nixpkgs-master = import {}; @@ -31,7 +24,7 @@ in rec { extraMeta.branch = "5.4"; } // (args.argsOverride or {})); linux_sgx = pkgs.callPackage linux_sgx_pkg {}; - in + in pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor linux_sgx); linuxPackages_sgx_latest = linuxPackages_sgx_540rc3; @@ -47,11 +40,32 @@ in rec { enableStatic = true; }; - php56 = (pkgs.callPackages - "${nixpkgsWithPhp5}/pkgs/development/interpreters/php/default.nix" { + php5 = let + nixpkgsWithPhp5 = pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs-channels"; + rev = "pkgs"; + sha256 = "1qifgc1q2i4g0ivpfjnxp4jl2cc82gfjws08dsllgw7q7kw4b4rb"; + }; + php5 = (pkgs.callPackage "${nixpkgsWithPhp5}/pkgs/development/interpreters/php/default.nix" { + config = (pkgs.lib.attrsets.recursiveUpdate + pkgs.config + { + php = { + imap = false; + openssl = false; + curl = false; + ldap = false; + mcrypt = false; + }; + } + ); + stdenv = pkgs.llvmPackages_6.stdenv; #broken icu = pkgs.icu60; - }) - .php56.overrideAttrs(drv: rec { + }).php56; + in + php5 + .overrideAttrs(attrs: rec { # See https://secure.php.net/ChangeLog-5.php version = "5.6.40"; name = "php-${version}"; @@ -61,6 +75,11 @@ in rec { url = "http://www.php.net/distributions/php-${version}.tar.bz2"; inherit sha256; }; + + configureFlags = attrs.configureFlags ++ [ + "--without-fpm-systemd" + ]; + }); duplicacy = pkgs.callPackage ../pkgs/duplicacy {};