diff --git a/hosts/web-01.cloonar.com/sites/paraclub.cloonar.dev.nix b/hosts/web-01.cloonar.com/sites/paraclub.cloonar.dev.nix index 61d862e..76ab03d 100644 --- a/hosts/web-01.cloonar.com/sites/paraclub.cloonar.dev.nix +++ b/hosts/web-01.cloonar.com/sites/paraclub.cloonar.dev.nix @@ -3,28 +3,6 @@ let domain = "paraclub.cloonar.dev"; dataDir = "/var/www/${domain}"; in { - systemd.services."phpfpm-${domain}".serviceConfig.ProtectHome = lib.mkForce false; - - services.phpfpm.pools."${domain}" = { - user = domain; - settings = { - "listen.owner" = config.services.nginx.user; - "pm" = "dynamic"; - "pm.max_children" = 32; - "pm.max_requests" = 500; - "pm.start_servers" = 2; - "pm.min_spare_servers" = 2; - "pm.max_spare_servers" = 5; - "php_admin_value[error_log]" = "/var/log/$pool.error.log"; - "php_admin_flag[log_errors]" = true; - "php_admin_value[display_errors]" = true; - "catch_workers_output" = true; - "access.log" = "/var/log/$pool.access.log"; - }; - phpPackage = pkgs.nur.repos.izorkin.php74; - phpEnv."PATH" = lib.makeBinPath [ pkgs.nur.repos.izorkin.php74 ]; - }; - services.nginx.virtualHosts."${domain}" = { forceSSL = true; enableACME = true; @@ -37,35 +15,46 @@ in { ''; locations."/".extraConfig = '' - index index.php index.html; - try_files $uri $uri/ /index.php$is_args$args; + index index.html; + ''; + + locations."~* \.(jpe?g|png)$".extraConfig = '' + set $red Z; + + if ($http_accept ~* "webp") { + set $red A; + } + + if (-f $document_root/webp/$request_uri.webp) { + set $red "''${red}B"; + } + + if ($red = "AB") { + add_header Vary Accept; + rewrite ^ /webp/$request_uri.webp; + } + ''; + + locations."~* \.(js|jpg|gif|png|webp|css|woff2)$".extraConfig = '' + expires 365d; + add_header Pragma "public"; + add_header Cache-Control "public"; ''; locations."~ [^/]\.php(/|$)".extraConfig = '' - fastcgi_split_path_info ^(.+?\.php)(/.*)$; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - include ${pkgs.nginx}/conf/fastcgi_params; - include ${pkgs.nginx}/conf/fastcgi.conf; - fastcgi_buffer_size 32k; - fastcgi_buffers 8 16k; - fastcgi_connect_timeout 240s; - fastcgi_read_timeout 240s; - fastcgi_send_timeout 240s; - fastcgi_pass unix:${config.services.phpfpm.pools."${domain}".socket}; - fastcgi_index index.php; + deny all; ''; }; users.users."${domain}" = { - isSystemUser = true; + isNormalUser = true; createHome = true; home = dataDir; homeMode= "770"; #home = "/home/${domain}"; group = "nginx"; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDbSqS0TrJnmihjuIwLY74jKmuErF5jarQeVEQbnl7k8DDfVXP6DKybK2wVRIrAMN2VQzgXWWyRj2wNZrvq1whZon6CrEDxDVN/VDGS99pazczbrypmycVnPsevtS3wrEhiQrwCplkPxoZGlSAPGtx3SOzql+iG7xrhJfuPDCgwIboKf8Tir170aflH7ZfXqUX+V5QMbOn+roT8Tj7vUd/za3o3okJQrW3NUHT6/0TDkGsn+lJp30e94GF5RDLUJgM8pBf45WM94dv1uEfRI7+AQJZRta3X2VNSbb8I2dPNLmgxYQaW1VtwGP/RfxoFESdQubN74p+VxNeP7z5AFiZfhEYb0yiAwXiavN7fStXX/MKXxMicS2fdGzieXLWpLol70xx19492kOnlzoiPKJRosNw8N60R+AkbPYdwl5z5uKDn1ve79YaWB3KWS5Pcr9IT1wZAc48UePL6QtcDppHe8tUflPP5h/LCKOmAioWG59YF5pKfYNLSXJzmiudzzrs=" + ]; }; users.groups.${domain} = {}; - - services.mysqlBackup.databases = [ "paraclub" ]; }