diff --git a/modules/web-apps/lychee/default.nix b/modules/web-apps/lychee/default.nix index 1387f34..9989a1e 100644 --- a/modules/web-apps/lychee/default.nix +++ b/modules/web-apps/lychee/default.nix @@ -3,8 +3,7 @@ let cfg = config.services.lychee; src = cfg.package; envConf = cfg.settings; -in -{ +in { options.services.lychee = { enable = lib.mkEnableOption "Whether to enable lychee"; website = lib.mkOption { @@ -12,9 +11,7 @@ in default = "localhost"; example = "www.example.com"; }; - package = lib.mkOption { - type = lib.types.path; - }; + package = lib.mkOption { type = lib.types.path; }; forceSSL = lib.mkOption { type = lib.types.bool; default = false; @@ -41,7 +38,7 @@ in description = "The user that will operate on mutable files"; }; settings = lib.mkOption { - default = {}; + default = { }; type = lib.types.submodule { freeformType = with lib.types; attrsOf str; options = { @@ -55,7 +52,7 @@ in }; DB_LOG_SQL = lib.mkOption { type = lib.types.str; - default = "\"false\""; + default = ''"false"''; }; CACHE_DRIVER = lib.mkOption { type = lib.types.str; @@ -71,15 +68,15 @@ in }; SECURITY_HEADER_HSTS_ENABLE = lib.mkOption { type = lib.types.str; - default = "\"false\""; + default = ''"false"''; }; SESSION_SECURE_COOKIE = lib.mkOption { type = lib.types.str; - default = "\"false\""; + default = ''"false"''; }; REDIS_PASSWORD = lib.mkOption { type = lib.types.str; - default = "\"null\""; + default = ''"null"''; }; REDIS_PORT = lib.mkOption { type = lib.types.str; @@ -107,14 +104,16 @@ in }; extraConfig = '' fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:${config.services.phpfpm.pools."${cfg.website}".socket}; + fastcgi_pass unix:${ + config.services.phpfpm.pools."${cfg.website}".socket + }; fastcgi_index index.php; - client_max_body_size ${builtins.toString cfg.upload_max_filesize}M; + client_max_body_size ${ + builtins.toString cfg.upload_max_filesize + }M; ''; }; - "~ [^/]\.php(/|$)" = { - return = "403"; - }; + "~ [^/].php(/|$)" = { return = "403"; }; }; extraConfig = '' index index.php; @@ -128,7 +127,9 @@ in }; systemd.services."lychee-install" = { wantedBy = [ "phpfpm-${cfg.website}.service" ]; - script = let rsync = pkgs.rsync; in '' + before = [ "phpfpm-${cfg.website}.service" ]; + script = let rsync = pkgs.rsync; + in '' ${rsync}/bin/rsync -a --ignore-existing ${src}/ $STATE_DIRECTORY chmod u+w $STATE_DIRECTORY/ chmod u+w $STATE_DIRECTORY/.env @@ -137,7 +138,7 @@ in chmod -R u+w $STATE_DIRECTORY/storage/ chmod -R u+w $STATE_DIRECTORY/public/ chmod -R u+w $STATE_DIRECTORY/bootstrap/cache/ - ''; + ''; serviceConfig = { Type = "oneshot"; StateDirectory = "lychee"; @@ -163,24 +164,16 @@ in services.phpfpm.pools.${cfg.website} = { user = cfg.user; phpPackage = pkgs.php81.withExtensions ({ enabled, all }: - enabled ++ [ all.imagick all.bcmath all.mbstring all.gd]); + enabled ++ [ all.imagick all.bcmath all.mbstring all.gd ]); phpOptions = '' upload_max_filesize = ${builtins.toString cfg.upload_max_filesize}M post_max_size = ${builtins.toString cfg.post_max_size}M - ''; + ''; settings = { - "pm" = "dynamic"; - "pm.max_children" = 75; - "pm.start_servers" = 10; - "pm.min_spare_servers" = 5; - "pm.max_spare_servers" = 20; - "pm.max_requests" = 500; "listen.owner" = config.services.nginx.user; "listen.group" = config.services.nginx.group; }; - phpEnv = { - "PATH" = lib.makeBinPath [ pkgs.ffmpeg ]; - } // envConf; + phpEnv = { "PATH" = lib.makeBinPath [ pkgs.ffmpeg ]; } // envConf; }; users.users.${cfg.user} = { isSystemUser = lib.mkDefault true; @@ -188,7 +181,6 @@ in group = lib.mkDefault cfg.user; }; users.groups.${cfg.user} = { }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; }; } diff --git a/modules/web-apps/lychee/test.nix b/modules/web-apps/lychee/test.nix index 9ab0608..65a489d 100644 --- a/modules/web-apps/lychee/test.nix +++ b/modules/web-apps/lychee/test.nix @@ -1,4 +1,4 @@ -{ pkgs ? import {}, myPkgs ? import ../.. {}}: +{ pkgs ? import { }, myPkgs ? import ../.. { } }: pkgs.nixosTest ({ # NixOS tests are run inside a virtual machine, and here we specify system of the machine. nodes = { @@ -26,6 +26,6 @@ pkgs.nixosTest ({ }; testScript = '' start_all() - server.wait_for_unit("default.target") - ''; + server.wait_for_unit("phpfpm-localhost.service") + ''; })