From 2058b8f9553288629a60c3d07e0f0cf7ce522811 Mon Sep 17 00:00:00 2001 From: quitte Date: Thu, 19 Oct 2023 11:54:15 +0200 Subject: [PATCH] add infoscreen, manual and sharepic websites --- flake.nix | 3 ++ modules/infoscreen.nix | 14 ++++++++++ modules/manual.nix | 14 ++++++++++ modules/sharepic.nix | 62 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 93 insertions(+) create mode 100644 modules/infoscreen.nix create mode 100644 modules/manual.nix create mode 100644 modules/sharepic.nix diff --git a/flake.nix b/flake.nix index a998aa4..9d16c52 100755 --- a/flake.nix +++ b/flake.nix @@ -58,6 +58,9 @@ ./modules/gitea.nix ./modules/fail2ban.nix ./modules/kanboard.nix + ./modules/infoscreen.nix + ./modules/manual.nix + ./modules/sharepic.nix { sops.defaultSopsFile = ./secrets/quitte.yaml; } diff --git a/modules/infoscreen.nix b/modules/infoscreen.nix new file mode 100644 index 0000000..389c440 --- /dev/null +++ b/modules/infoscreen.nix @@ -0,0 +1,14 @@ +{ pkgs, config, lib, ... }: +let + domain = "infoscreen.${config.networking.domain}"; +in +{ + services.nginx = { + enable = true; + virtualHosts."${domain}" = { + addSSL = true; + enableACME = true; + root = "/srv/web/infoscreen/dist"; + }; + }; +} diff --git a/modules/manual.nix b/modules/manual.nix new file mode 100644 index 0000000..ab58e76 --- /dev/null +++ b/modules/manual.nix @@ -0,0 +1,14 @@ +{ pkgs, config, lib, ... }: +let + domain = "manual.${config.networking.domain}"; +in +{ + services.nginx = { + enable = true; + virtualHosts."${domain}" = { + addSSL = true; + enableACME = true; + root = "/srv/web/manual-website/site"; + }; + }; +} diff --git a/modules/sharepic.nix b/modules/sharepic.nix new file mode 100644 index 0000000..765def0 --- /dev/null +++ b/modules/sharepic.nix @@ -0,0 +1,62 @@ +{ pkgs, config, lib, ... }: +let + domain = "sharepic.${config.networking.domain}"; + user = "sharepic"; + group = "sharepic"; +in +{ + users.users.${user} = { + group = group; + isSystemUser = true; + }; + users.groups.${group} = { }; + + services.phpfpm.pools.sharepic = { + user = "sharepic"; + group = "sharepic"; + settings = { + "listen.owner" = config.services.nginx.user; + "pm" = "dynamic"; + "pm.max_children" = 32; + "pm.max_requests" = 500; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 2; + "pm.max_spare_servers" = 5; + "php_admin_value[error_log]" = "stderr"; + "php_admin_flag[log_errors]" = true; + "catch_workers_output" = true; + }; + phpEnv."PATH" = lib.makeBinPath [ pkgs.php ]; + }; + + services.nginx = { + enable = true; + + virtualHosts."${domain}" = { + addSSL = true; + enableACME = true; + root = "/srv/web/sharepic"; + extraConfig = '' + index index.php index.html; + ''; + + locations = { + "/" = { + tryFiles = "$uri $uri/ =404"; + }; + "~ \.php$" = { + extraConfig = '' + try_files $uri =404; + fastcgi_pass unix:${config.services.phpfpm.pools.sharepic.socket}; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + include ${pkgs.nginx}/conf/fastcgi_params; + include ${pkgs.nginx}/conf/fastcgi.conf; + fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; + ''; + }; + "/data".return = "403"; + }; + }; + }; +}