voronind/nix
0
0
Fork 0
Code Issues 40 Pull requests Packages Projects Releases Wiki Activity
nix/container/Paste.nix
Dmitry Voronin 2cc71a7a34 wip
2024-06-09 16:11:25 +03:00

128 lines
2.9 KiB
Nix
Raw Blame History

{ pkgs
, storage
, const
, domain
, util
, mkContainer
, mkContainerConfig
, mkContainerDir
, mkServer
, ... } @args: let
address = "10.1.0.14";
fqdn = "paste.${domain}";
package = (pkgs.callPackage ./pastebin args);
path = "${storage}/paste";
in {
systemd.tmpfiles.rules = map (dir: mkContainerDir "${path}/${dir}") [
"data"
"tmp"
"nginxtmp"
];
containers.paste = mkContainer address {
bindMounts = {
"/srv/data" = {
hostPath = "${path}/data";
isReadOnly = false;
};
"/tmp" = {
hostPath = "${path}/tmp";
isReadOnly = false;
};
"/var/lib/nginx/tmp" = {
hostPath = "${path}/nginxtmp";
isReadOnly = false;
};
"/srv/config" = {
hostPath = "${path}/config";
isReadOnly = false;
};
};
config = { config, lib, ... }: mkContainerConfig {
system.stateVersion = const.stateVersion;
users.users.root.password = "";
users.mutableUsers = false;
networking = {
useHostResolvConf = lib.mkForce false;
firewall.enable = false;
};
environment = {
systemPackages = [ package pkgs.neovim ];
variables = {
};
};
systemd.packages = [ package ];
users.users.paste = {
group = "nginx";
isSystemUser = true;
};
services.phpfpm.pools.paste = {
user = "paste";
group = "nginx";
phpPackage = pkgs.php;
settings = {
"pm" = "dynamic";
"php_admin_value[error_log]" = "stderr";
"php_admin_flag[log_errors]" = true;
"listen.owner" = "nginx";
"catch_workers_output" = true;
"pm.max_children" = "32";
"pm.start_servers" = "2";
"pm.min_spare_servers" = "2";
"pm.max_spare_servers" = "4";
"pm.max_requests" = "500";
};
phpEnv = {
# CONFIG_PATH = "${package}/cfg";
};
};
services.nginx = {
enable = true;
virtualHosts.${fqdn} = mkServer {
default = true;
root = "${package}";
locations = {
"/".extraConfig = ''
rewrite ^ /index.php;
'';
"~ \\.php$".extraConfig = util.trimTabs ''
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools.paste.socket};
include ${config.services.nginx.package}/conf/fastcgi.conf;
include ${config.services.nginx.package}/conf/fastcgi_params;
'';
"~ \\.(js|css|ttf|woff2?|png|jpe?g|svg)$".extraConfig = util.trimTabs ''
add_header Cache-Control "public, max-age=15778463";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
access_log off;
'';
};
extraConfig = util.trimTabs ''
try_files $uri /index.php;
'';
};
};
};
};
}
Reference in a new issue View git blame Copy permalink