From 84ebd8c02132131d893fd9bb92ea523e59272649 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 28 Oct 2015 21:31:07 +0100
Subject: m 1 wry: serve euer wiki

---
 makefu/2configs/nginx/euer.wiki.nix | 114 ++++++++++++++++++++++++++++++++++++
 1 file changed, 114 insertions(+)
 create mode 100644 makefu/2configs/nginx/euer.wiki.nix

(limited to 'makefu/2configs/nginx')

diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix
new file mode 100644
index 000000000..1e1834b1b
--- /dev/null
+++ b/makefu/2configs/nginx/euer.wiki.nix
@@ -0,0 +1,114 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+  ssl_cert = "/root/secrets/wildcard.krebsco.de.crt";
+  ssl_key  = "/root/secrets/wildcard.krebsco.de.key";
+  user = config.services.nginx.user;
+  group = config.services.nginx.group;
+  fpm-socket = "/var/run/php5-fpm.sock";
+  hostname = config.krebs.build.host.name;
+  tw-upload = pkgs.tw-upload-plugin;
+  base-dir = "/var/www/wiki.euer";
+  base-cfg = "${base-dir}/twconf.ini";
+  wiki-dir = "${base-dir}/store/";
+  backup-dir = "${base-dir}/backup/";
+  # contains:
+  #  user1 = pass1
+  #  userN = passN
+  tw-pass-file = "/root/secrets/tw-pass.ini";
+  external-ip = head config.krebs.build.host.nets.internet.addrs4;
+  internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
+in {
+  services.phpfpm = {
+    # phpfpm does not have an enable option
+    poolConfigs  = {
+      euer-wiki = ''
+        user =  ${user}
+        group =  ${group}
+        listen = ${fpm-socket}
+        listen.owner = ${user}
+        listen.group = ${group}
+        env[twconf] = ${base-cfg};
+        pm = dynamic
+        pm.max_children = 5
+        pm.start_servers = 2
+        pm.min_spare_servers = 1
+        pm.max_spare_servers = 3
+        chdir = /
+        # errors to journal
+        php_admin_value[error_log] = 'stderr'
+        php_admin_flag[log_errors] = on
+        catch_workers_output = yes
+      '';
+    };
+  };
+
+  systemd.services.prepare-tw = {
+    wantedBy = [ "local-fs.target" ];
+    before = [ "phpfpm.service" ];
+    serviceConfig = {
+      ExecStart = pkgs.writeScript "prepare-tw-service" ''
+        #!/bin/sh
+        mkdir -p "${wiki-dir}" "${backup-dir}"
+
+        # write the base configuration
+        cat > "${base-cfg}" <<EOF
+        [users]
+        $(cat "${tw-pass-file}")
+        [directories]
+        backupdir = ${backup-dir}
+        savedir = ${wiki-dir}
+        EOF
+        chown -R ${user}:${group} "${base-dir}"
+        chmod 700  -R "${base-dir}"
+      '';
+      Type = "oneshot";
+      RemainAfterExit = "yes";
+      TimeoutSec = "0";
+    };
+  };
+
+  krebs.nginx = {
+    enable = mkDefault true;
+    servers = {
+      euer-wiki = {
+        listen = [ "${external-ip}:80" "${external-ip}:443 ssl"
+                   "${internal-ip}:80" "${internal-ip}:443 ssl" ];
+        server-names = [
+          "wiki.euer.krebsco.de"
+          "wiki.makefu.retiolum"
+          "wiki.makefu"
+        ];
+        extraConfig = ''
+          gzip on;
+          gzip_buffers 4 32k;
+          gzip_types  text/plain application/x-javascript text/css;
+          ssl_certificate ${ssl_cert};
+          ssl_certificate_key ${ssl_key};
+          default_type text/plain;
+
+          if ($scheme = http){
+            return 301 https://$server_name$request_uri;
+          }
+
+        '';
+        locations = [
+          (nameValuePair "/" ''
+            root ${wiki-dir};
+            expires -1;
+            autoindex on;
+          '')
+          (nameValuePair "/store.php" ''
+            root ${tw-upload};
+            client_max_body_size 200M;
+            fastcgi_split_path_info ^(.+\.php)(/.+)$;
+            fastcgi_pass unix:${fpm-socket};
+            include ${pkgs.nginx}/conf/fastcgi_params;
+            include ${pkgs.nginx}/conf/fastcgi.conf;
+          '')
+        ];
+      };
+    };
+  };
+}
-- 
cgit v1.2.3


From 8bc538b9e7bdf6fa9d93d1662ee1b889e0a5d458 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 29 Oct 2015 09:28:27 +0100
Subject: m 2 euer.blog: init (untested)

---
 makefu/2configs/nginx/euer.blog.nix | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 makefu/2configs/nginx/euer.blog.nix

(limited to 'makefu/2configs/nginx')

diff --git a/makefu/2configs/nginx/euer.blog.nix b/makefu/2configs/nginx/euer.blog.nix
new file mode 100644
index 000000000..a8be1993b
--- /dev/null
+++ b/makefu/2configs/nginx/euer.blog.nix
@@ -0,0 +1,29 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+  ssl_cert = "/root/secrets/wildcard.krebsco.de.crt";
+  ssl_key  = "/root/secrets/wildcard.krebsco.de.key";
+  hostname = krebs.build.host.name;
+in {
+  krebs.nginx = {
+    enable = mkDefault true;
+    servers = {
+      euer-blog = {
+        listen = [ "80" "443 ssl" ];
+        server-names = [ "euer.krebsco.de" "euer.blog.krebsco.de" "blog.${hostname}" ];
+        extraConfig = ''
+          gzip on;
+          gzip_buffers 4 32k;
+          gzip_types  text/plain application/x-javascript text/css;
+          ssl_certificate ${ssl_cert};
+          ssl_certificate_key ${ssl_key};
+          default_type text/plain;
+        '';
+        locations = singleton (nameValuePair "/" ''
+          root /var/www/euer.blog/;
+        '');
+      };
+    };
+  };
+}
-- 
cgit v1.2.3


From 6410fd0f8557658fa5e180844def32f8bda7313d Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 29 Oct 2015 10:55:54 +0100
Subject: m 2 *: s,/root/secrets,<secrets>,

---
 makefu/2configs/nginx/euer.blog.nix | 5 +++--
 makefu/2configs/nginx/euer.wiki.nix | 7 ++++---
 2 files changed, 7 insertions(+), 5 deletions(-)

(limited to 'makefu/2configs/nginx')

diff --git a/makefu/2configs/nginx/euer.blog.nix b/makefu/2configs/nginx/euer.blog.nix
index a8be1993b..e97050ec4 100644
--- a/makefu/2configs/nginx/euer.blog.nix
+++ b/makefu/2configs/nginx/euer.blog.nix
@@ -2,8 +2,9 @@
 
 with lib;
 let
-  ssl_cert = "/root/secrets/wildcard.krebsco.de.crt";
-  ssl_key  = "/root/secrets/wildcard.krebsco.de.key";
+  sec = toString <secrets>;
+  ssl_cert = "${sec}/wildcard.krebsco.de.crt";
+  ssl_key  = "${sec}/wildcard.krebsco.de.key";
   hostname = krebs.build.host.name;
 in {
   krebs.nginx = {
diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix
index 1e1834b1b..fbcfe2047 100644
--- a/makefu/2configs/nginx/euer.wiki.nix
+++ b/makefu/2configs/nginx/euer.wiki.nix
@@ -2,8 +2,9 @@
 
 with lib;
 let
-  ssl_cert = "/root/secrets/wildcard.krebsco.de.crt";
-  ssl_key  = "/root/secrets/wildcard.krebsco.de.key";
+  sec = toString <secrets>;
+  ssl_cert = "${sec}/wildcard.krebsco.de.crt";
+  ssl_key  = "${sec}/wildcard.krebsco.de.key";
   user = config.services.nginx.user;
   group = config.services.nginx.group;
   fpm-socket = "/var/run/php5-fpm.sock";
@@ -16,7 +17,7 @@ let
   # contains:
   #  user1 = pass1
   #  userN = passN
-  tw-pass-file = "/root/secrets/tw-pass.ini";
+  tw-pass-file = "${sec}/tw-pass.ini";
   external-ip = head config.krebs.build.host.nets.internet.addrs4;
   internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
 in {
-- 
cgit v1.2.3