diff options
Diffstat (limited to 'lass/2configs')
-rw-r--r-- | lass/2configs/baseX.nix | 1 | ||||
-rw-r--r-- | lass/2configs/exim-smarthost.nix | 1 | ||||
-rw-r--r-- | lass/2configs/websites/lassulus.nix | 56 |
3 files changed, 58 insertions, 0 deletions
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 0e0273dcc..f6390ce4d 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -79,6 +79,7 @@ in { youtube-tools rxvt_unicode + termite ]; fonts.fonts = [ diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index a70d58828..c9d7a369a 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -42,6 +42,7 @@ with import <stockholm/lib>; { from = "securityfocus@lassul.us"; to = lass.mail; } { from = "radio@lassul.us"; to = lass.mail; } { from = "btce@lassul.us"; to = lass.mail; } + { from = "raf@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index d37dd5301..17c39a5f4 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -6,10 +6,66 @@ let genid ; + servephpBB = domains: + let + domain = head domains; + + in { + services.nginx.virtualHosts."${domain}" = { + enableACME = true; + forceSSL = true; + serverAliases = domains; + extraConfig = '' + index index.php; + root /srv/http/${domain}/; + access_log /tmp/nginx_acc.log; + error_log /tmp/nginx_err.log; + error_page 404 /404.html; + error_page 500 502 503 504 /50x.html; + client_max_body_size 100m; + ''; + locations."/".extraConfig = '' + try_files $uri $uri/ /index.php?$args; + ''; + locations."~ \.php(?:$|/)".extraConfig = '' + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include ${pkgs.nginx}/conf/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param HTTPS on; + fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice + fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool; + fastcgi_intercept_errors on; + ''; + #Directives to send expires headers and turn off 404 error logging. + locations."~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$".extraConfig = '' + access_log off; + log_not_found off; + expires max; + ''; + }; + services.phpfpm.poolConfigs."${domain}" = '' + listen = /srv/http/${domain}/phpfpm.pool + user = nginx + group = nginx + pm = dynamic + pm.max_children = 25 + pm.start_servers = 5 + pm.min_spare_servers = 3 + pm.max_spare_servers = 20 + listen.owner = nginx + listen.group = nginx + php_admin_value[error_log] = 'stderr' + php_admin_flag[log_errors] = on + catch_workers_output = yes + ''; + }; + in { imports = [ ./default.nix ../git.nix + (servephpBB [ "rote-allez-fraktion.de" ]) ]; security.acme = { |