nixfmt; better phpfpm settings; working systemd unit
This commit is contained in:
parent
cdfc2b380e
commit
5000b09caa
2 changed files with 24 additions and 32 deletions
|
@ -3,8 +3,7 @@ let
|
||||||
cfg = config.services.lychee;
|
cfg = config.services.lychee;
|
||||||
src = cfg.package;
|
src = cfg.package;
|
||||||
envConf = cfg.settings;
|
envConf = cfg.settings;
|
||||||
in
|
in {
|
||||||
{
|
|
||||||
options.services.lychee = {
|
options.services.lychee = {
|
||||||
enable = lib.mkEnableOption "Whether to enable lychee";
|
enable = lib.mkEnableOption "Whether to enable lychee";
|
||||||
website = lib.mkOption {
|
website = lib.mkOption {
|
||||||
|
@ -12,9 +11,7 @@ in
|
||||||
default = "localhost";
|
default = "localhost";
|
||||||
example = "www.example.com";
|
example = "www.example.com";
|
||||||
};
|
};
|
||||||
package = lib.mkOption {
|
package = lib.mkOption { type = lib.types.path; };
|
||||||
type = lib.types.path;
|
|
||||||
};
|
|
||||||
forceSSL = lib.mkOption {
|
forceSSL = lib.mkOption {
|
||||||
type = lib.types.bool;
|
type = lib.types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
|
@ -41,7 +38,7 @@ in
|
||||||
description = "The user that will operate on mutable files";
|
description = "The user that will operate on mutable files";
|
||||||
};
|
};
|
||||||
settings = lib.mkOption {
|
settings = lib.mkOption {
|
||||||
default = {};
|
default = { };
|
||||||
type = lib.types.submodule {
|
type = lib.types.submodule {
|
||||||
freeformType = with lib.types; attrsOf str;
|
freeformType = with lib.types; attrsOf str;
|
||||||
options = {
|
options = {
|
||||||
|
@ -55,7 +52,7 @@ in
|
||||||
};
|
};
|
||||||
DB_LOG_SQL = lib.mkOption {
|
DB_LOG_SQL = lib.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
default = "\"false\"";
|
default = ''"false"'';
|
||||||
};
|
};
|
||||||
CACHE_DRIVER = lib.mkOption {
|
CACHE_DRIVER = lib.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
|
@ -71,15 +68,15 @@ in
|
||||||
};
|
};
|
||||||
SECURITY_HEADER_HSTS_ENABLE = lib.mkOption {
|
SECURITY_HEADER_HSTS_ENABLE = lib.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
default = "\"false\"";
|
default = ''"false"'';
|
||||||
};
|
};
|
||||||
SESSION_SECURE_COOKIE = lib.mkOption {
|
SESSION_SECURE_COOKIE = lib.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
default = "\"false\"";
|
default = ''"false"'';
|
||||||
};
|
};
|
||||||
REDIS_PASSWORD = lib.mkOption {
|
REDIS_PASSWORD = lib.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
default = "\"null\"";
|
default = ''"null"'';
|
||||||
};
|
};
|
||||||
REDIS_PORT = lib.mkOption {
|
REDIS_PORT = lib.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
|
@ -107,14 +104,16 @@ in
|
||||||
};
|
};
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||||
fastcgi_pass unix:${config.services.phpfpm.pools."${cfg.website}".socket};
|
fastcgi_pass unix:${
|
||||||
|
config.services.phpfpm.pools."${cfg.website}".socket
|
||||||
|
};
|
||||||
fastcgi_index index.php;
|
fastcgi_index index.php;
|
||||||
client_max_body_size ${builtins.toString cfg.upload_max_filesize}M;
|
client_max_body_size ${
|
||||||
|
builtins.toString cfg.upload_max_filesize
|
||||||
|
}M;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
"~ [^/]\.php(/|$)" = {
|
"~ [^/].php(/|$)" = { return = "403"; };
|
||||||
return = "403";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
index index.php;
|
index index.php;
|
||||||
|
@ -128,7 +127,9 @@ in
|
||||||
};
|
};
|
||||||
systemd.services."lychee-install" = {
|
systemd.services."lychee-install" = {
|
||||||
wantedBy = [ "phpfpm-${cfg.website}.service" ];
|
wantedBy = [ "phpfpm-${cfg.website}.service" ];
|
||||||
script = let rsync = pkgs.rsync; in ''
|
before = [ "phpfpm-${cfg.website}.service" ];
|
||||||
|
script = let rsync = pkgs.rsync;
|
||||||
|
in ''
|
||||||
${rsync}/bin/rsync -a --ignore-existing ${src}/ $STATE_DIRECTORY
|
${rsync}/bin/rsync -a --ignore-existing ${src}/ $STATE_DIRECTORY
|
||||||
chmod u+w $STATE_DIRECTORY/
|
chmod u+w $STATE_DIRECTORY/
|
||||||
chmod u+w $STATE_DIRECTORY/.env
|
chmod u+w $STATE_DIRECTORY/.env
|
||||||
|
@ -163,24 +164,16 @@ in
|
||||||
services.phpfpm.pools.${cfg.website} = {
|
services.phpfpm.pools.${cfg.website} = {
|
||||||
user = cfg.user;
|
user = cfg.user;
|
||||||
phpPackage = pkgs.php81.withExtensions ({ enabled, all }:
|
phpPackage = pkgs.php81.withExtensions ({ enabled, all }:
|
||||||
enabled ++ [ all.imagick all.bcmath all.mbstring all.gd]);
|
enabled ++ [ all.imagick all.bcmath all.mbstring all.gd ]);
|
||||||
phpOptions = ''
|
phpOptions = ''
|
||||||
upload_max_filesize = ${builtins.toString cfg.upload_max_filesize}M
|
upload_max_filesize = ${builtins.toString cfg.upload_max_filesize}M
|
||||||
post_max_size = ${builtins.toString cfg.post_max_size}M
|
post_max_size = ${builtins.toString cfg.post_max_size}M
|
||||||
'';
|
'';
|
||||||
settings = {
|
settings = {
|
||||||
"pm" = "dynamic";
|
|
||||||
"pm.max_children" = 75;
|
|
||||||
"pm.start_servers" = 10;
|
|
||||||
"pm.min_spare_servers" = 5;
|
|
||||||
"pm.max_spare_servers" = 20;
|
|
||||||
"pm.max_requests" = 500;
|
|
||||||
"listen.owner" = config.services.nginx.user;
|
"listen.owner" = config.services.nginx.user;
|
||||||
"listen.group" = config.services.nginx.group;
|
"listen.group" = config.services.nginx.group;
|
||||||
};
|
};
|
||||||
phpEnv = {
|
phpEnv = { "PATH" = lib.makeBinPath [ pkgs.ffmpeg ]; } // envConf;
|
||||||
"PATH" = lib.makeBinPath [ pkgs.ffmpeg ];
|
|
||||||
} // envConf;
|
|
||||||
};
|
};
|
||||||
users.users.${cfg.user} = {
|
users.users.${cfg.user} = {
|
||||||
isSystemUser = lib.mkDefault true;
|
isSystemUser = lib.mkDefault true;
|
||||||
|
@ -188,7 +181,6 @@ in
|
||||||
group = lib.mkDefault cfg.user;
|
group = lib.mkDefault cfg.user;
|
||||||
};
|
};
|
||||||
users.groups.${cfg.user} = { };
|
users.groups.${cfg.user} = { };
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ pkgs ? import <nixpkgs> {}, myPkgs ? import ../.. {}}:
|
{ pkgs ? import <nixpkgs> { }, myPkgs ? import ../.. { } }:
|
||||||
pkgs.nixosTest ({
|
pkgs.nixosTest ({
|
||||||
# NixOS tests are run inside a virtual machine, and here we specify system of the machine.
|
# NixOS tests are run inside a virtual machine, and here we specify system of the machine.
|
||||||
nodes = {
|
nodes = {
|
||||||
|
@ -26,6 +26,6 @@ pkgs.nixosTest ({
|
||||||
};
|
};
|
||||||
testScript = ''
|
testScript = ''
|
||||||
start_all()
|
start_all()
|
||||||
server.wait_for_unit("default.target")
|
server.wait_for_unit("phpfpm-localhost.service")
|
||||||
'';
|
'';
|
||||||
})
|
})
|
||||||
|
|
Loading…
Reference in a new issue