{ ... } @ args: let in args // { config = { config, pkgs, ... }: { imports = [ ../profiles/containers/configuration.nix ]; networking.firewall.enable = false; services.ddclientovh = { enable = true; domain = "www.stefanjunker.de"; }; services.nginx.enable = true; services.nginx.virtualHosts."stefanjunker.de" = { default = true; onlySSL = true; root = "/var/www/stefanjunker.de/htdocs"; sslCertificate = "/etc/secrets/stefanjunker.de/nginx/nginx.crt"; sslCertificateKey = "/etc/secrets/stefanjunker.de/nginx/nginx.key"; locations."/fi" = { index = "index.php"; }; locations."~ ^(.+\.php)(.*)$".extraConfig = '' fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; ''; }; nixpkgs.config.php = { imap = false; openssl = false; curl = false; ldap = false; }; services.phpfpm.pools.mypool = { phpPackage = pkgs.php56; listen = "127.0.0.1:9000"; user = "nobody"; settings = { "pm" = "dynamic"; "pm.max_children" = 5; "pm.start_servers" = 2; "pm.min_spare_servers" = 1; "pm.max_spare_servers" = 3; "pm.max_requests" = 500; "php_admin_value[error_reporting]" = "E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED"; }; }; services.mysql = { enable = true; package = pkgs.mariadb; }; }; autoStart = true; bindMounts = { "/etc/secrets/" = { hostPath = "/var/lib/container-volumes/webserver/etc-secrets"; isReadOnly = true; }; "/var/www" = { hostPath = "/var/lib/container-volumes/webserver/var-www"; isReadOnly = false; }; "/var/lib/mysql" = { hostPath = "/var/lib/container-volumes/webserver/var-lib-mysql"; isReadOnly = false; }; }; privateNetwork = true; forwardPorts = [ { # https containerPort = 443; hostPort = 443; protocol = "tcp"; } ]; }