wurzel/fruitbasket
9
1
Fork 0
Code Issues 5 Pull requests Packages Projects Releases Wiki Activity

include uptsream nginx config for grav

Browse source
This commit is contained in:
Rouven Seifert 2023-08-16 13:57:10 +02:00
parent aaf49311fc
commit 89404e80d3
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
2 changed files with 16 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
flake.nix
View file

@ -72,6 +72,7 @@
./modules/stream.nix ./modules/stream.nix
./modules/sogo.nix ./modules/sogo.nix
./modules/vm.nix ./modules/vm.nix
./modules/website.nix
"${nixpkgs}/nixos/modules/virtualisation/qemu-vm.nix" "${nixpkgs}/nixos/modules/virtualisation/qemu-vm.nix"
{ {
_module.args.buildVM = true; _module.args.buildVM = true;

24
modules/website.nix
View file

@ -1,6 +1,5 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let
www-domain = "www.${config.fsr.domain}";
user = "fsr-web"; user = "fsr-web";
group = "fsr-web"; group = "fsr-web";
in in
@ -30,29 +29,36 @@ in
phpEnv."PATH" = lib.makeBinPath [ pkgs.php ]; phpEnv."PATH" = lib.makeBinPath [ pkgs.php ];
}; };
services.nginx = rec { services.nginx = {
virtualHosts.${www-domain} = { virtualHosts."${config.fsr.domain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
root = "/srv/web/ifsrde"; root = "/srv/web/ifsrde";
locations = { locations = {
"= /" = { "/" = {
extraConfig = '' tryFiles = "$uri $uri/ /index.php?$query_string;";
rewrite ^ /index.php;
'';
}; };
"~ \.php$" = { "~ \.php$" = {
extraConfig = '' extraConfig = ''
try_files $uri =404; try_files $uri =404;
fastcgi_pass unix:${config.services.phpfpm.pools.ifsrde.socket}; fastcgi_pass unix:${config.services.phpfpm.pools.ifsrde.socket};
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php; fastcgi_index index.php;
include ${pkgs.nginx}/conf/fastcgi_params; include ${pkgs.nginx}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf; include ${pkgs.nginx}/conf/fastcgi.conf;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
''; '';
}; };
# security
"~* /(\.git|cache|bin|logs|backup|tests)/.*$".return = "403";
# deny running scripts inside core system folders
"~* /(system|vendor)/.*\.(txt|xml|md|html|json|yaml|yml|php|pl|py|cgi|twig|sh|bat)$".return = "403";
# deny running scripts inside user folder
"~* /user/.*\.(txt|md|json|yaml|yml|php|pl|py|cgi|twig|sh|bat)$".return = "403";
# deny access to specific files in the root folder
"~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess)".return = "403";
## End - Security
}; };
}; };
# ifsr.de without www
virtualHosts.${config.fsr.domain} = virtualHosts.${www-domain};
}; };
} }