Module pour lychee #4
4 changed files with 276 additions and 3 deletions
|
@ -3,4 +3,5 @@
|
|||
drone-server = ./servers/drone.nix;
|
||||
drone-exec-runner = ./servers/drone-exec-runner.nix;
|
||||
wordpress = ./web-apps/wordpress;
|
||||
lychee = ./web-apps/lychee.nix;
|
||||
}
|
||||
|
|
256
modules/lychee.nix
Normal file
256
modules/lychee.nix
Normal file
|
@ -0,0 +1,256 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
let
|
||||
cfg = config.services.lychee;
|
||||
src = pkgs.lychee-gallery;
|
||||
envConf = cfg.settings;
|
||||
in
|
||||
{
|
||||
options.services.lychee = {
|
||||
enable = lib.mkEnableOption "Whether to enable lychee";
|
||||
website = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "localhost";
|
||||
example = "www.example.com";
|
||||
};
|
||||
forceSSL = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = true;
|
||||
description = "Whether to force SSL for the nginx virtual host";
|
||||
};
|
||||
enableACME = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = true;
|
||||
description = "Whether to enableACME for the nginx virtual host";
|
||||
};
|
||||
upload_max_filesize = lib.mkOption {
|
||||
type = lib.types.ints.positive;
|
||||
default = 30;
|
||||
description = "Max uploaded file size";
|
||||
};
|
||||
post_max_size = lib.mkOption {
|
||||
type = lib.types.ints.positive;
|
||||
default = 100;
|
||||
description = "Max post request size";
|
||||
};
|
||||
user = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "lychee";
|
||||
description = "The user that will operate on mutable files";
|
||||
};
|
||||
stateDirectory = lib.mkOption {
|
||||
type = lib.types.path;
|
||||
default = "/var/lib/lychee";
|
||||
};
|
||||
settings = lib.mkOption {
|
||||
default = {};
|
||||
type = lib.types.submodule {
|
||||
freeformType = with lib.types; attrsOf str;
|
||||
options = {
|
||||
DB_DATABASE= lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "${cfg.stateDirectory}/db.sqlite";
|
||||
};
|
||||
APP_NAME= lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "Lychee";
|
||||
};
|
||||
APP_ENV = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "production";
|
||||
};
|
||||
APP_DEBUG = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "\"false\"";
|
||||
};
|
||||
APP_URL = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "https://${cfg.website}";
|
||||
};
|
||||
DEBUGBAR_ENABLED = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "\"false\"";
|
||||
};
|
||||
DB_CONNECTION = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "sqlite";
|
||||
};
|
||||
DB_LOG_SQL = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "\"false\"";
|
||||
};
|
||||
LYCHEE_UPLOADS = lib.mkOption {
|
||||
type = lib.types.path;
|
||||
default = "${cfg.stateDirectory}/www/public/uploads";
|
||||
};
|
||||
CACHE_DRIVER = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "file";
|
||||
};
|
||||
SESSION_DRIVER = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "file";
|
||||
};
|
||||
SESSION_LIFETIME = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "120";
|
||||
};
|
||||
SECURITY_HEADER_HSTS_ENABLE = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "\"false\"";
|
||||
};
|
||||
SESSION_SECURE_COOKIE = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "\"false\"";
|
||||
};
|
||||
REDIS_PASSWORD = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "\"null\"";
|
||||
};
|
||||
REDIS_PORT = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "6379";
|
||||
};
|
||||
MAIL_DRIVER = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "smtp";
|
||||
};
|
||||
TRUSTED_PROXIES = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "\"null\"";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
config = let srcDirsToBindMount = [
|
||||
"app"
|
||||
"bootstrap"
|
||||
"config"
|
||||
"resources"
|
||||
"routes"
|
||||
"scripts"
|
||||
"vendor"
|
||||
];
|
||||
in lib.mkIf cfg.enable {
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts.${cfg.website} = {
|
||||
root = cfg.stateDirectory + "/www/public/";
|
||||
forceSSL = lib.mkDefault cfg.forceSSL;
|
||||
enableACME = lib.mkDefault cfg.enableACME;
|
||||
locations = {
|
||||
"^~ /index.php" = {
|
||||
fastcgiParams = {
|
||||
SCRIPT_FILENAME = "$document_root$fastcgi_script_name";
|
||||
};
|
||||
extraConfig = ''
|
||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||
fastcgi_pass unix:${config.services.phpfpm.pools."${cfg.website}".socket};
|
||||
fastcgi_index index.php;
|
||||
client_max_body_size ${builtins.toString cfg.upload_max_filesize}M;
|
||||
'';
|
||||
};
|
||||
"~ [^/]\.php(/|$)" = {
|
||||
return = "403";
|
||||
};
|
||||
"/uploads/" = {
|
||||
alias = cfg.settings.LYCHEE_UPLOADS;
|
||||
};
|
||||
};
|
||||
extraConfig = ''
|
||||
index index.php;
|
||||
if (!-e $request_filename)
|
||||
{
|
||||
rewrite ^/(.*)$ /index.php?/$1 last;
|
||||
break;
|
||||
}
|
||||
'';
|
||||
};
|
||||
};
|
||||
systemd.tmpfiles.rules = let srcDirToTmpFile = dir: "d ${cfg.stateDirectory}/www/${dir} 0750 ${cfg.user} ${config.services.nginx.group}";
|
||||
in [
|
||||
"d ${cfg.stateDirectory} 0750 ${cfg.user} ${config.services.nginx.group}"
|
||||
"d ${cfg.stateDirectory}/www 0750 ${cfg.user} ${config.services.nginx.group}"
|
||||
"C ${cfg.stateDirectory}/public - ${cfg.user} ${config.services.nginx.group} - ${src}/public"
|
||||
"Z ${cfg.stateDirectory}/public 0750 ${cfg.user} ${config.services.nginx.group} - -"
|
||||
"C ${cfg.stateDirectory}/database - ${cfg.user} ${config.services.nginx.group} - ${src}/database"
|
||||
"Z ${cfg.stateDirectory}/database 0750 ${cfg.user} ${config.services.nginx.group} - -"
|
||||
"C ${cfg.stateDirectory}/bootstrap-cache - ${cfg.user} ${config.services.nginx.group} - ${src}/bootstrap/cache"
|
||||
"Z ${cfg.stateDirectory}/bootstrap-cache 0750 ${cfg.user} ${config.services.nginx.group} - -"
|
||||
"C ${cfg.stateDirectory}/storage - ${cfg.user} ${config.services.nginx.group} - ${src}/storage"
|
||||
"Z ${cfg.stateDirectory}/storage 0750 ${cfg.user} ${config.services.nginx.group} - -"
|
||||
"C ${cfg.settings.LYCHEE_UPLOADS} - ${cfg.user} ${config.services.nginx.group} - ${src}/public/uploads"
|
||||
"Z ${cfg.settings.LYCHEE_UPLOADS} 0750 ${cfg.user} ${config.services.nginx.group} - -"
|
||||
"f ${cfg.settings.DB_DATABASE} 0750 ${cfg.user} ${cfg.user}"
|
||||
"L ${cfg.stateDirectory}/www/artisan - - - - ${src}/artisan"
|
||||
"L ${cfg.stateDirectory}/www/composer.json - - - - ${src}/composer.json"
|
||||
"L ${cfg.stateDirectory}/www/composer.lock - - - - ${src}/composer.lock"
|
||||
"L ${cfg.stateDirectory}/www/version.md - - - - ${src}/version.md"
|
||||
"L ${cfg.stateDirectory}/www/simple_error_template.html - - - - ${src}/simple_error_template.html"
|
||||
] ++ (builtins.map srcDirToTmpFile srcDirsToBindMount);
|
||||
systemd.mounts = let sourceDirToSystemdMount = dir: {
|
||||
before = [ "phpfpm-${cfg.website}.service" ];
|
||||
wantedBy = [ "phpfpm-${cfg.website}.service" ];
|
||||
what = "${src}/${dir}";
|
||||
where = cfg.stateDirectory + "/www/${dir}";
|
||||
options = "bind";
|
||||
};
|
||||
in [{
|
||||
before = [ "phpfpm-${cfg.website}.service" ];
|
||||
wantedBy = [ "phpfpm-${cfg.website}.service" ];
|
||||
what = cfg.stateDirectory + "/storage";
|
||||
where = cfg.stateDirectory + "/www/storage";
|
||||
options = "bind";
|
||||
}] ++ (builtins.map sourceDirToSystemdMount srcDirsToBindMount) ++ [{
|
||||
before = [ "phpfpm-${cfg.website}.service" ];
|
||||
wantedBy = [ "phpfpm-${cfg.website}.service" ];
|
||||
what = cfg.stateDirectory + "/bootstrap-cache";
|
||||
where = cfg.stateDirectory + "/www/bootstrap/cache";
|
||||
options = "bind";
|
||||
}
|
||||
{
|
||||
before = [ "phpfpm-${cfg.website}.service" ];
|
||||
wantedBy = [ "phpfpm-${cfg.website}.service" ];
|
||||
what = cfg.stateDirectory + "/database";
|
||||
where = cfg.stateDirectory + "/www/database";
|
||||
options = "bind";
|
||||
}
|
||||
{
|
||||
before = [ "phpfpm-${cfg.website}.service" ];
|
||||
wantedBy = [ "phpfpm-${cfg.website}.service" ];
|
||||
what = cfg.stateDirectory + "/public";
|
||||
where = cfg.stateDirectory + "/www/public";
|
||||
options = "bind";
|
||||
}];
|
||||
services.phpfpm.pools.${cfg.website} = {
|
||||
user = cfg.user;
|
||||
phpPackage = pkgs.php81.withExtensions ({ enabled, all }:
|
||||
enabled ++ [ all.imagick all.bcmath all.mbstring all.gd]);
|
||||
phpOptions = ''
|
||||
upload_max_filesize = ${builtins.toString cfg.upload_max_filesize}M
|
||||
post_max_size = ${builtins.toString cfg.post_max_size}M
|
||||
'';
|
||||
settings = {
|
||||
"pm" = "dynamic";
|
||||
"pm.max_children" = 75;
|
||||
"pm.start_servers" = 10;
|
||||
"pm.min_spare_servers" = 5;
|
||||
"pm.max_spare_servers" = 20;
|
||||
"pm.max_requests" = 500;
|
||||
"listen.owner" = config.services.nginx.user;
|
||||
"listen.group" = config.services.nginx.group;
|
||||
};
|
||||
phpEnv = {
|
||||
"PATH" = lib.makeBinPath [ pkgs.ffmpeg ];
|
||||
} // envConf;
|
||||
};
|
||||
users.users.${cfg.user} = {
|
||||
isSystemUser = true;
|
||||
home = src;
|
||||
group = cfg.user;
|
||||
};
|
||||
users.groups.${cfg.user} = { };
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
};
|
||||
}
|
||||
|
|
@ -9,6 +9,7 @@ let
|
|||
callPackage f (subsetArgs // extraArgs);
|
||||
self = rec {
|
||||
acme-dns = callPackage ./servers/acme-dns.nix {};
|
||||
lychee-gallery = callPackage ./web-apps/lychee-gallery.nix {};
|
||||
};
|
||||
in
|
||||
self
|
||||
|
|
15
pkgs/web-apps/lychee-gallery.nix
Normal file
15
pkgs/web-apps/lychee-gallery.nix
Normal file
|
@ -0,0 +1,15 @@
|
|||
{ stdenv, fetchzip, pkgs, env ? {} }:
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "Lychee";
|
||||
version = "4.6.2";
|
||||
src = fetchzip {
|
||||
url = "https://github.com/LycheeOrg/Lychee/releases/download/v${version}/Lychee.zip";
|
||||
sha256 = "sha256-dNujUTGaxvc6uZgyanNh9kIzRqfFA9yFhAtexu1sVc4=";
|
||||
};
|
||||
installPhase = ''
|
||||
shopt -s dotglob
|
||||
mkdir $out
|
||||
mv .env.example .env
|
||||
mv * $out/
|
||||
'';
|
||||
}
|
Loading…
Reference in a new issue