feat: web change site handling, add php to scana11y, add ssh deploy key for gitea
This commit is contained in:
@@ -33,39 +33,7 @@
|
||||
./modules/web/typo3.nix
|
||||
./modules/web/stack.nix
|
||||
|
||||
./sites/autoconfig.cloonar.com.nix
|
||||
./sites/feeds.cloonar.com.nix
|
||||
./sites/webmail.cloonar.com.nix
|
||||
|
||||
./sites/vcard.cloonar.dev.nix
|
||||
./sites/vcard.cloonar.com.nix
|
||||
|
||||
./sites/cloonar.com.nix
|
||||
./sites/gbv-aktuell.at.nix
|
||||
./sites/matomo.cloonar.com.nix
|
||||
./sites/support.cloonar.dev.nix
|
||||
./sites/stage.cloonar-technologies.at.nix
|
||||
|
||||
./sites/stage.scana11y.com.nix
|
||||
./sites/scana11y.com.nix
|
||||
|
||||
./sites/cloonar.dev.nix
|
||||
./sites/paraclub.at.nix
|
||||
./sites/api.paraclub.at.nix
|
||||
./sites/module.paraclub.at.nix
|
||||
./sites/tandem.paraclub.at.nix
|
||||
./sites/paraclub.cloonar.dev.nix
|
||||
./sites/api.paraclub.cloonar.dev.nix
|
||||
./sites/tandem.paraclub.cloonar.dev.nix
|
||||
./sites/module.paraclub.cloonar.dev.nix
|
||||
./sites/gbv-aktuell.cloonar.dev.nix
|
||||
./sites/stage.myhidden.life.nix
|
||||
./sites/stage.korean-skin.care.nix
|
||||
./sites/feeds.jordanrannells.com.nix
|
||||
./sites/dialog-relations.cloonar.dev.nix
|
||||
./sites/dialog-relations.at.nix
|
||||
./sites/lena-schilling.cloonar.dev.nix
|
||||
./sites/lena-schilling.at.nix
|
||||
./sites
|
||||
];
|
||||
|
||||
nixpkgs.overlays = [
|
||||
@@ -108,6 +76,32 @@
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius"
|
||||
];
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /var/lib/nix-ssh-keys 0700 root root -"
|
||||
];
|
||||
sops.secrets.gitea-ssh-key = {
|
||||
path = "/var/lib/nix-ssh-keys/gitea_ed25519";
|
||||
owner = "root";
|
||||
group = "root";
|
||||
mode = "0600";
|
||||
};
|
||||
programs.ssh = {
|
||||
knownHosts = {
|
||||
"git.cloonar.com" = {
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDlUj7eEfS/4+z/3IhFhOTXAfpGEpNv6UWuYSL5OAhus";
|
||||
};
|
||||
};
|
||||
extraConfig = ''
|
||||
Host gitea-internal
|
||||
HostName git.cloonar.com
|
||||
User gitea
|
||||
Port 22
|
||||
IdentitiesOnly yes
|
||||
IdentityFile /var/lib/nix-ssh-keys/gitea_ed25519
|
||||
StrictHostKeyChecking yes
|
||||
'';
|
||||
};
|
||||
|
||||
# backups
|
||||
borgbackup.repo = "u149513-sub8@u149513-sub8.your-backup.de:borg";
|
||||
|
||||
|
||||
@@ -10,6 +10,7 @@ authelia-session-secret: ENC[AES256_GCM,data:/x+cq/QsYyev30mnFiWSd1N+WCKBI4zgAcz
|
||||
authelia-identity-providers-oidc-hmac-secret: ENC[AES256_GCM,data:LWLWRJqhL3qA5w53KVVB1vPUgSVhWrnoaVvD2kqIXmfZXduqj3HYRyWnGuhBsJOrVtw9gX10VT9zADkZtuYjihMEgRF4h6BWhg/nmt2l3ancAkcnn+wkzGhfY/MWwRU74j3DFN4fNMgBRXpv54tzEzoSy5kN3VriYp8f80OsEtM=,iv:V1bzLRB4/Hg+wm/YAoPRVUkAzzRiKZPnBYWVtJ47qN0=,tag:jjgB/Ja2+A7pkASl1+dGRQ==,type:str]
|
||||
authelia-identity-providers-oidc-issuer-certificate-chain: ENC[AES256_GCM,data:gS6YDrngIePu4Uzio/y5JiJYDOJB+HWUlPgoP1jryvsPstfsw7YiksOYENn+ZgbSvjbk0VISSbGo+UH89r441+XBiCPqIVMLPAuSRnyEkVfG2RCSH9zF+SzrpGQreeg0q1TDDJF3YKoVotDKiq5qbagcd11VoNmbilCsrsjSV5wYdBQ3ahRm+283OBF3Coq5XcuF0mwpLuiDLsd9hEmPtaNlb/vd1c5bVMpgSEbPAG5RHaYJIr2zjt5HLNtZbldUbm4QWn4MZnvLHjtcZesTBpC7nvsKR65KJFBNDv7Ymdv3EODxo8J/RJrKVUaS09MfsW1wKIis3n3e+CSfTasRaFGlx1xC5o9b41+6BH18/+rchqivSUWnSikb4SNtKIFZTm9TklhVORWFgDrhthau5bluBGeUDdTOfuro0/bvIw8oKPsCoP5aXEzJDGugJRGCTAgI+qXBBSsLaTRlbDCQKcOozy0OQw7NvZGctOcQNvDzJfVkAPMc2Pph5ItaTWYh3MK9bEqmtCTtp7d/dWdSGjUly4EjhihxXdhbNX+BcaDdziZ/zQuxoTyKMdphAM65yYuAPyq35JnX37Z1i1Zis6lODZA9jxdUki8HTacNCh3Zd54nFD10RejErvXiXgsi0ilzBIaIe8xctPmWbwahabO+efKZ5MEixH2WX3+gb8l6gmEAYE75XfnWV0+QcL9ZvLkY8pUfNP1ZuN23NWNelT4JLPhdNip+l7DvxNVpIMxFmd0sTH452pslGKj/ESyyGl4c9ktwlJCc4+MFGLEIt7y2ZoEdddmO18bFs0TP+JY9GiSwoIQGt7ZnOSebG0MJLWLoVWi26V0QqaG06Ni1/XNHEBJuZD3vP+6sRL+0jMM5irIc5MNE8BkU5zyepaDPSC945ey8VyqDGI7HS5gL034nONvhALh/Lc+WW5uVAZKVSKBrtYUrXa+yyO0vzb42yr+9M5/r6UFW+4DrKtpked3RarakLhafwH4AQXE+ZohZYmVXl7XfD49MqwhWa04atOci5Hc3ZQ==,iv:dPslR8NX+8G8uLIo+wFT46U6XAR8ao2z6/rqzJRlEr4=,tag:Wbo1guFW/ggtZjLLNSoo7Q==,type:str]
|
||||
authelia-identity-providers-oidc-issuer-private-key: ENC[AES256_GCM,data:AmefiXFJ7zEY0AHj7n61f0Ja/FqOf4Gj5WFb0SEf9ozXIlxXj3inayOPd5JB94VcVjNJ33u5XJhTzGwnN0v6QnF/iXdMBosXHdye7+v9H2GjUMFk1CKnsXgq4xEb2hHkYKdT+WBmZFksdjGw7Hl4ySGIWsFwBE3HHTNfQUFhtoEU19jQej8roFnAPIOCLHvskQ7V1OlKfMVdvIwnwep9qsuyNCMSuASjGvv8TDPQARk/1E7IJiROL/jvoTVKL1orcVNx3ibt7+HNsXCR3+g8ra4bKLRbPlKC6tQtdw98171xV83JlTtEEIPztzae0A+O9F7LMveSQveaqiBf/0YURueKQj/sH3nABGBSselO4tEQvudfrxJrQckFaQ4GB0/HoJlnRJsv6XJE5FDdcscIYFfzn6QGCookHhzITvwx/D7kubyZ/mZe/FMrp4Lv5XicUupaCTu1pflrhCpOwxh97Fiun02Ne4snWUAgVKlp7G7EhqDJV4KnNUbrCvpHvW09nNC2V71mkZm4LjLOg+jO0VazVGCzX8pgLm/Li4Tg7PhqQkQDsmgMw6tuxhRCDmzYytowAi4MmIQyewmAos3+TLoaaDb+DDSOhw3SqOX2FdCdEjvk7CY4NTCephvIFOtVpHTdmEX2UU3WNvMnC6/v1wmgQ2WsQQqp3IUvQrLlneAJ2tnBT9MdXvR8tYOBnInvwPzhE/FF1yh+eL/ujhHZ8d5RW8OfO/sIipQsMn+FsMqonbY8DJwQTOzwIa4AfNebeNeZnI/Y2XH149Ot+n2nbrf0stPyMo9xUPo5UBIBd8hsQq4cioEJKFJX2iWxJ7Cna2HxM0GC4FAKpFFrRCf6N8fFJ4U/PUNWX3sCJYvsI1Oq5oDxBmjl/r3SZ5vLumCxeDr9nulg72xxvUyzTA4cAOw5PRDk7Pvqm84Edoz+DzEdonRo4m+j8CU9JLrRS6jWLNDmenZvE4b5jEn6jthxoGzEm5cCoCT0G4BvrEqONq7CmETnGqqDs666qF3vP5UPrTMBwodeGmiPb6no70wuCs4wFSq+Cl6UxbqTPi2oIKSSS/P3XII1xTKIo7FXU4hniUs52awgQD27LfOM85MsibxPl3rp9SQndOmP56BwcE9d21iuEgRrZRhgZppK/rF3g6gyoPqJZGir/Sz50yHpf7DLZ9qiq71t32w/QODCzfMt3s9IvzR0T9xH4UvMauKNZO4+q0InahUNIqks1nUJnKW7a/+Q1nNPOcSDaRFJGOZUR25yaHBsXfOHcyemfIjJ+20gId6v52HBOPqWfIvAvRhNz46i/DUiwpeDSBmGxgQUMM97ruaJidCv6w1BCM4B4A0s9012Ksd4+UnQQEKX8oJ0TZtZbo8lqUyBk3GUOMFKtwMbn8k3CkQMIWTC4WftDXgAp2+jAu3hEV4rxm/+8uYjfNh8+/tTiOvCgJ8jQazJhan/+VDSDg0fk1DjEQBPP5ZAUl3vxw+pw1o5AnjvUOC+1KNBBUc6iUmGZ66NkjflJE5Zo7NC8MLc7D/YADmLQIYe3WwOAZsxg1AqsRkXUqRVAMhipv2RlKesCNpckivyzg3GbZlvcZjQS/bnZHZd8AuORpFnE2JvFD5QydlyFKvL3UdRVA/NkvWHPbQh/JrMCFLXlq5WNnZicx2ib6862B4JtEbNwZYjGKEvYkDXmfBgOx2AeetpO/C9rNNWJfa4SNGJC5D9+UFpoqIWv9YO6aDZ1S4flD+AXUzfoLKFBeLNsOswjwo67n/raQ//Upfpv2qKHYSY7KkWkam7So0uEZlVtrvGM0mkQSyNWY3KWdhII2gAvMzJ2C2iiJH+Geesi+E+29qCePFWJwyxCtf9jVXoR8E25UteMTvzyPRN/gjbRe/Zrbjj85sEQ9s2bDl77gpdC/+xKkZ56UiWA3ZceOG0Aij8yHP0Y+maY9+9Lh2T48LNPmuF9Qt7/IK0iixWZx0O0fzNrzY7HwQN9oFyYMiTILgYK3iVnSy3vIkDqgWfYdtNRurtAviFrSTRNefzvSah5D7TxoNbLqDcNJOMIMcRpxrHhygnP3yb+AFtpUZPiK0zfpybmgAePxWNk3Our7rSil03PXP71R9wwdwO+9N3kMuc4JS2ZnZ/Umz2zXf2tOfBnpkUqMF79VvcLBCVNa7IUucwBSIOkjdpW1f6Yu0b68gMFhBpAM2QNNnV7SL67HTt08rr0Y/k0hJDrXmTQarAb8Io+kSauegWdDyQaGbo71jTJQdIhG2Q4EfyuBGlXZ+rdC3jbbM1sjl/CKSujkSldBMEa2vp6a6aq+Ykt4qz+LN1pa0Oz4GZODY9s5iBoNgByYr++Kc+R0yRayaciZlhm27jALPyq1dBl0NG0F4ldE+KQciMPvpoPF8RBFIxviZrvpMU2ql/3dctoKkvpMXgSblX6iTyAxEeNwkmhDBfZyObrRIyTsDI2rUD3j9LQ+jTEk299cw8P2SGCQFNkl1itSxTyWoefZIEilL3YEgyxuIyDBzPLpmQzyMk4zrOu+zmJYFBm184Wk2Tt6e5b7VzfGurxnPhk/KpaPwJeTJPM44n9UQo/fpnNra89XUqty0fYg8fb2d4XnyMVc2ooZE6vmn8pi6QHwOr6vKhO6LEcok7f3MGafjPs/BW8J8aqGvLoKpEelSEEvhVhBlHQlxoulWZYG6sowGJdLcA95o0hsZmxvL7tB4OpS1ZFjN6Um+0wa0yj3yl1XNuYKmjV1IfXjwowgZ/Lb1tRRxAcxoT2mycr6d2wrbfS7huhTUNZBCHQizOiQcuoRlHeTvu/f8owAwuBb6r0wSGHyDhVmw5Ga73Fk4LkavAEKD1MW+tWeZtioIQT+PKrmVCrbqnx50xVaRmUAvpX5BRnznu06pWKna5Wa6gfjBz48IPGzgaPyRIzw4sdz1AB8ScUd2lT8Ihb/FTZAWOPzSR4CZeIyDvCWuQG89xgeq6bhlZxr7YA3jRIGxUqGq5h3s08k1zG6uCg/1LkythiRUp9rZPiHVVPWlpZl8W1YWhyJVGJVu5aQTgtRZRLlCg+pJvOmKzFLbJSRNv5xdXdTfEp0HTkVWDc+G58nONTz8oygyRIvw7OhSQeOKQtcr6Bzkt1LVIM5vloFGSr0gaI32Db43hiWv90v4mEXWdWDtsSLXyGipVyH8MpeghyMgm6Vps7ogujJVCEJrW2JLbcAvlnlXEDoVSx4qQMOqOFrhwfzDClBuXy7LEZ2bcWsVuNebOA0oZoEkfWkbNO3QX6vp/jUrPWhMu2orm0ZGNeaebXqauc0ueI8IbnBfSI/6DOoVd9MU4fyiApQvRL5jbAcDLHowIKWaSYpV/obVy8U6IvoaFpRJPiaeAo6yFLLEUemt3OrGiPhKrbuHSkHaNyUF5ywSf2Oz8a9eH1MWaSgFjdqLmBtmAogsHS+I1NIfVmytcKNQodPEk6LZjRKbiJ46U3D5/d6j8O7qZ0M6FbuEawTb98Mctx7O3RJJhJiaqdTfL9sS2Oxix5dY39e724iJQ5P1/96T3vGTnX3rV6VQ5/G9X1tfFBSobV0h6iQccH3aUQUPyiRCquxhzRDuo8jkzYIv4TLLFF9Z1mE/FAFkOrNJfIaJ0kppQmAN9JkVdoIvmKBinn1fjK+vGgeOHEdMboSZhbeioW2qRMxkdNQhOMWOUEQ7BHLzxpKUyQiOFmPPnCUEUja5KCvIw/AgTN7p0Ep+WtWmnVedIKG3CZory2a91lFzF574PAAbf4buITM9N4FG/vqoe1k1iLW0WGRgMCYAhUJ9J+ZkV1VHJD86E+ZnAKtM5oEfCs4/eRnOxG/nY4iL+0KIZn47LoEAyFpWuJN9yATT+GwFWXvswDbMD9xm0v3SCL6fjSFIzPzy1WBAKpd5HT2FBElVru5Gk2r4nPA1In6T+Ke7qkcK8bbiyNJSNcLNJfYC8J4NWxV7cTjShOv2RoAV5m9dnB5RZW5/DMQL+aOzfjm178lmuzDfWGa30vRwc6qXxEYsV+tdo7ATldTzAjzuTDMg+M+6NTYNIlLAwQKxs0oHEuqwuhKXjQSw3ZVFRST9oYf6sNFoRMkrWkkV10uvch0NRRCSMR8KtnvfGDrvSqWfVZINEzWZLgtwXvyQ/1TFF203RdeUXzW6pj24R2FNKyMGKHaRyHnrnyNtMEskMuvMiN9nr34o+Tt6hCj/R4bMT42USeTI3oRyRI+vq+fuJADZ03JBXXEC7TJp+K6XGSUowLD8fJxclnTypbHa9rI9dHngxTkkeMxsRwPsYYVT8HCB5D38IsNI15ONRWI9K/kFfVyMEQq/KQ7/Uc5VuhfgXoG64vX73,iv:F/oBMW+PX6ogxHSYMWRS7liolMOc5rqwIJbwYj+J9DM=,tag:7HpCNkBWKFCGoNCq2iK3YQ==,type:str]
|
||||
gitea-ssh-key: ENC[AES256_GCM,data:tLBxtfAN5ZVtfcmmOMBanTMT1biR2gXmIf3Y23KIlhjSKQpYUyyTRhD8jvZo6tzNVUhmH4GB+Pq3JK5vjFkhWzfHb7ZwwsUhbk70BkeMpgVvmMgoLkEWnDoaBm92QkwC8oZ4jlga5V0Zc6Is4f0GSd8BqysP8oGSUXtovDM2l3a3SkJqWxonGLADf6Ne0kow7iNFP5Etfsdy/icINDDDgePCozgU3armaO3OuodyCjNvFOjvdfVrSLgUTNhXCpPxcx3gaOGd/IBGxHp1ghkP118BpgGG2s4sV80vTDv4TJmK/yt53g9gQYEARDAH6XXD39MRQzhCIdXt08GbujSYI1bD0/RcAkD3+tDEDdsvnoFyyYYAJPViTwsjLdvFtFZE/MHwZonUfjMtPI0jTWjUJzvuTzF7lv+YxYpdNoC+FJcf04qlBDgauOzMZVsyD+jgQCOFfQor3n72xeqaLP5TfTPbTxr+ZkThmnoOSOvSx7w8MCyz+JrKUc5Q2nJXp5uVnqdU5zh6x/KRpTNNCjOk,iv:q+hZ+F2IUil6Lew40Z9Yn+uFdT/Y4uyXcibeL9HsXGQ=,tag:JlDjIykE996qaPuZvmTpOg==,type:str]
|
||||
grafana-ldap-password: ENC[AES256_GCM,data:hNB6CRtXW98yqUqInD3LsZ75sA+lVfmbooehni0UKL60qE/XCZm5B9JVO9pjxbIYZN6Eu/RFX+9L9cJVa5jnEo2MVeLS4CSjqC8BHLArlOuEdA5v8vqqJofBpBfXXN5Ca5xeUDJKz2HgtoTg7G5nTkegGZPGrmj5QQiL1xzco38=,iv:ViQAPTGxEWnjLkJlGCdCq5wW+fbr/O9er8/71VjL/GE=,tag:+Mow4cw7tvtkXvV2iSHeQw==,type:str]
|
||||
grafana-admin-password: ENC[AES256_GCM,data:365efRy8xD7SHBnVz6ZJO3l8/lfiZ5vZPZZbxnUmjKKJTMeebLY+P54moStY0wsbU9vk7sCKATCxrS5xy+FQJSgKLoajfz50OMA4+1k3Shl+skbeIikHKwFxqrljFa6HRQ2HTW6KLDPu6Z5Agkima5xdfrtc5R1SnOFg5b6D5NU=,iv:0yZGZVQd35Itj66Ff5hDfDYYx5xsNs/wc887bgMV1MY=,tag:9t8Iffg7kxSjE5eo7iv/RQ==,type:str]
|
||||
grafana-oauth-secret: ENC[AES256_GCM,data:OXsKChjgnDEKG58LarUpdJlDy4FJTrs1lrHH9I4wO+OGb+XdOPokyXSq0Om7aYhp2g40rBcQzfj5tQcgjmvZ27He93HfgxST,iv:pSiu/2G+D/wd2+FormfGiXMm2Ps/5iDDHqUnsIJ37EY=,tag:UN2IZ6/aJJSEcTmXeD9CAQ==,type:str]
|
||||
@@ -63,7 +64,7 @@ sops:
|
||||
elpYSDg2Y09Ia1VEaE9yUWRYMlk4V0UKcsiKxtTdtAT7odCCua7wV/3879QEp2YJ
|
||||
iIVgZIrTg34tEGj8VbACcGINZfid3SSkUM4hnydP72ZOOfijIN21Ew==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-08-01T19:06:34Z"
|
||||
mac: ENC[AES256_GCM,data:gSChxNZosx/pFT61RzHoxJZJGlWyFOFgoItL8uArKIb4rEpKKe+2zHCY59ufIEwaXV1XBHleBqRXc+NvSYFNpwe+5y0GXx6XyU8uezxxC9AwFcr1JZK6+747tY+LNbTBxSURPOAxuGAT63Ivjq+jyTTv2FsfhzdUanF39k2m3xw=,iv:mCNpOh1tTn4PA2+a6l0uijnrorUnyGJbzwQ8Y43Ldhk=,tag:frVneXTzLYljrFrO68Jmog==,type:str]
|
||||
lastmodified: "2025-09-09T08:23:15Z"
|
||||
mac: ENC[AES256_GCM,data:3+6fJxps4pKgGfLdwKq2FMhjxSjCqjmO1QUMeyGRjguEsCTbFrHmQmVjYHkTxADdy0oLBjvKzlZ7iucf2ruJUKr7igq8h30xENyFWnnm25k5dyp03rf9fm11Pzp/IHkPISrUptjC5Q6Azuwfvmso2lqWgc2AH9sTZVYpDS/yJlg=,iv:vktpxPUTVQNWGHyNKsRaFVo5Gx7VnvBw9CiXFOZOLj0=,tag:CWr5G7pRPw89m4neLjHsHw==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
|
||||
37
hosts/web-arm/sites/default.nix
Normal file
37
hosts/web-arm/sites/default.nix
Normal file
@@ -0,0 +1,37 @@
|
||||
{ ... }: {
|
||||
imports = [
|
||||
./autoconfig.cloonar.com.nix
|
||||
./feeds.cloonar.com.nix
|
||||
./webmail.cloonar.com.nix
|
||||
|
||||
./vcard.cloonar.dev.nix
|
||||
./vcard.cloonar.com.nix
|
||||
|
||||
./cloonar.com.nix
|
||||
./gbv-aktuell.at.nix
|
||||
./matomo.cloonar.com.nix
|
||||
./support.cloonar.dev.nix
|
||||
./stage.cloonar-technologies.at.nix
|
||||
|
||||
./stage.scana11y.com.nix
|
||||
./scana11y.com.nix
|
||||
|
||||
./cloonar.dev.nix
|
||||
./paraclub.at.nix
|
||||
./api.paraclub.at.nix
|
||||
./module.paraclub.at.nix
|
||||
./tandem.paraclub.at.nix
|
||||
./paraclub.cloonar.dev.nix
|
||||
./api.paraclub.cloonar.dev.nix
|
||||
./tandem.paraclub.cloonar.dev.nix
|
||||
./module.paraclub.cloonar.dev.nix
|
||||
./gbv-aktuell.cloonar.dev.nix
|
||||
./stage.myhidden.life.nix
|
||||
./stage.korean-skin.care.nix
|
||||
./feeds.jordanrannells.com.nix
|
||||
./dialog-relations.cloonar.dev.nix
|
||||
./dialog-relations.at.nix
|
||||
./lena-schilling.cloonar.dev.nix
|
||||
./lena-schilling.at.nix
|
||||
];
|
||||
}
|
||||
@@ -27,10 +27,50 @@ in {
|
||||
add_header Cache-Control "public";
|
||||
'';
|
||||
|
||||
locations."~ [^/]\.php(/|$)".extraConfig = ''
|
||||
deny all;
|
||||
locations."~ [^/]\\.php(/|$)".extraConfig = ''
|
||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||
if (!-f $document_root$fastcgi_script_name) {
|
||||
return 404;
|
||||
}
|
||||
include ${pkgs.nginx}/conf/fastcgi_params;
|
||||
include ${pkgs.nginx}/conf/fastcgi.conf;
|
||||
fastcgi_buffer_size 32k;
|
||||
fastcgi_buffers 8 16k;
|
||||
fastcgi_connect_timeout 240s;
|
||||
fastcgi_read_timeout 240s;
|
||||
fastcgi_send_timeout 240s;
|
||||
fastcgi_pass unix:${config.services.phpfpm.pools."${domain}".socket};
|
||||
fastcgi_index index.php;
|
||||
'';
|
||||
};
|
||||
|
||||
|
||||
systemd.services."phpfpm-${domain}" = {
|
||||
serviceConfig = {
|
||||
ProtectHome = lib.mkForce "tmpfs";
|
||||
BindPaths = "BindPaths=/var/www/${domain}:/var/www/${domain}";
|
||||
};
|
||||
};
|
||||
|
||||
services.phpfpm.pools."${domain}" = {
|
||||
user = user;
|
||||
settings = {
|
||||
"listen.owner" = config.services.nginx.user;
|
||||
"pm" = "dynamic";
|
||||
"pm.max_children" = 32;
|
||||
"pm.max_requests" = 500;
|
||||
"pm.start_servers" = 2;
|
||||
"pm.min_spare_servers" = 2;
|
||||
"pm.max_spare_servers" = 5;
|
||||
"php_admin_value[error_log]" = "syslog";
|
||||
"php_admin_value[max_execution_time]" = 240;
|
||||
"php_admin_value[max_input_vars]" = 1500;
|
||||
"access.log" = "/var/log/$pool.access.log";
|
||||
};
|
||||
phpPackage = pkgs.php84;
|
||||
phpEnv."PATH" = pkgs.lib.makeBinPath [ pkgs.php84 ];
|
||||
};
|
||||
|
||||
users.users."${user}" = {
|
||||
isNormalUser = true;
|
||||
createHome = true;
|
||||
|
||||
Reference in New Issue
Block a user