summaryrefslogtreecommitdiffstats
path: root/lass/2configs/websites
diff options
context:
space:
mode:
authorjeschli <jeschli@gmail.com>2018-06-19 09:52:04 +0200
committerjeschli <jeschli@gmail.com>2018-06-19 09:52:04 +0200
commit324a8615f19c267d67b8a96d8e74b648c875ba04 (patch)
tree8f7444a8e69ae254354a83a119d1c62bfaf95989 /lass/2configs/websites
parent2a3f60d6fb3cd8d5f1ead4e5ff43fc9364eedad3 (diff)
parent8eca9165ce6ffaba1076a916bfa475eb935f0a6f (diff)
Merge remote-tracking branch 'origin/staging/jeschli'
Diffstat (limited to 'lass/2configs/websites')
-rw-r--r--lass/2configs/websites/domsen.nix14
-rw-r--r--lass/2configs/websites/lassulus.nix56
-rw-r--r--lass/2configs/websites/util.nix69
3 files changed, 66 insertions, 73 deletions
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 7a72499c9..e4f50e2d1 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -27,10 +27,8 @@ in {
./sqlBackup.nix
(servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
(servePage [
- "habsys.de"
- "habsys.eu"
- "www.habsys.de"
- "www.habsys.eu"
+ "freemonkey.art"
+ "www.freemonkey.art"
])
(serveOwncloud [ "o.ubikmedia.de" ])
(serveWordpress [
@@ -120,6 +118,7 @@ in {
{ from = "jms@ubikmedia.eu"; to = "jms"; }
{ from = "ms@ubikmedia.eu"; to = "ms"; }
{ from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; }
+ { from = "akayguen@freemonkey.art"; to ="akayguen"; }
{ from = "testuser@lassul.us"; to = "testuser"; }
{ from = "testuser@ubikmedia.eu"; to = "testuser"; }
@@ -177,5 +176,12 @@ in {
createHome = true;
};
+ users.users.akayguen = {
+ uid = genid_signed "akayguen";
+ home = "/home/akayguen";
+ useDefaultShell = true;
+ createHome = true;
+ };
+
}
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index 25ca1f455..53f1eea5c 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -6,66 +6,10 @@ let
genid
;
- servephpBB = domains:
- let
- domain = head domains;
-
- in {
- services.nginx.virtualHosts."${domain}" = {
- enableACME = true;
- forceSSL = true;
- serverAliases = domains;
- extraConfig = ''
- index index.php;
- root /srv/http/${domain}/;
- access_log /tmp/nginx_acc.log;
- error_log /tmp/nginx_err.log;
- error_page 404 /404.html;
- error_page 500 502 503 504 /50x.html;
- client_max_body_size 100m;
- '';
- locations."/".extraConfig = ''
- try_files $uri $uri/ /index.php?$args;
- '';
- locations."~ \.php(?:$|/)".extraConfig = ''
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- include ${pkgs.nginx}/conf/fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_param PATH_INFO $fastcgi_path_info;
- fastcgi_param HTTPS on;
- fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
- fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
- fastcgi_intercept_errors on;
- '';
- #Directives to send expires headers and turn off 404 error logging.
- locations."~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$".extraConfig = ''
- access_log off;
- log_not_found off;
- expires max;
- '';
- };
- services.phpfpm.poolConfigs."${domain}" = ''
- listen = /srv/http/${domain}/phpfpm.pool
- user = nginx
- group = nginx
- pm = dynamic
- pm.max_children = 25
- pm.start_servers = 5
- pm.min_spare_servers = 3
- pm.max_spare_servers = 20
- listen.owner = nginx
- listen.group = nginx
- php_admin_value[error_log] = 'stderr'
- php_admin_flag[log_errors] = on
- catch_workers_output = yes
- '';
- };
-
in {
imports = [
./default.nix
../git.nix
- (servephpBB [ "rote-allez-fraktion.de" ])
];
security.acme = {
diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix
index 62055d0fd..816449c14 100644
--- a/lass/2configs/websites/util.nix
+++ b/lass/2configs/websites/util.nix
@@ -16,11 +16,7 @@ rec {
in {
services.nginx.virtualHosts.${domain} = {
enableACME = true;
- enableSSL = true;
- extraConfig = ''
- listen 80;
- listen [::]:80;
- '';
+ addSSL = true;
serverAliases = domains;
locations."/".extraConfig = ''
root /srv/http/${domain};
@@ -28,18 +24,68 @@ rec {
};
};
+ servephpBB = domains:
+ let
+ domain = head domains;
+
+ in {
+ services.nginx.virtualHosts."${domain}" = {
+ serverAliases = domains;
+ extraConfig = ''
+ index index.php;
+ root /srv/http/${domain}/;
+ access_log /tmp/nginx_acc.log;
+ error_log /tmp/nginx_err.log;
+ error_page 404 /404.html;
+ error_page 500 502 503 504 /50x.html;
+ client_max_body_size 100m;
+ '';
+ locations."/".extraConfig = ''
+ try_files $uri $uri/ /index.php?$args;
+ '';
+ locations."~ \.php(?:$|/)".extraConfig = ''
+ fastcgi_split_path_info ^(.+\.php)(/.+)$;
+ include ${pkgs.nginx}/conf/fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ fastcgi_param PATH_INFO $fastcgi_path_info;
+ fastcgi_param HTTPS on;
+ fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
+ fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
+ fastcgi_intercept_errors on;
+ '';
+ #Directives to send expires headers and turn off 404 error logging.
+ locations."~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$".extraConfig = ''
+ access_log off;
+ log_not_found off;
+ expires max;
+ '';
+ };
+ services.phpfpm.poolConfigs."${domain}" = ''
+ listen = /srv/http/${domain}/phpfpm.pool
+ user = nginx
+ group = nginx
+ pm = dynamic
+ pm.max_children = 25
+ pm.start_servers = 5
+ pm.min_spare_servers = 3
+ pm.max_spare_servers = 20
+ listen.owner = nginx
+ listen.group = nginx
+ php_admin_value[error_log] = 'stderr'
+ php_admin_flag[log_errors] = on
+ catch_workers_output = yes
+ '';
+ };
+
serveOwncloud = domains:
let
domain = head domains;
in {
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
- enableSSL = true;
+ addSSL = true;
serverAliases = domains;
extraConfig = ''
- listen 80;
- listen [::]:80;
-
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
@@ -148,12 +194,9 @@ rec {
in {
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
- enableSSL = true;
+ addSSL = true;
serverAliases = domains;
extraConfig = ''
- listen 80;
- listen [::]:80;
-
root /srv/http/${domain}/;
index index.php;
access_log /tmp/nginx_acc.log;