totoro: set up pancake
This commit is contained in:
parent
4cb36fffbb
commit
2df9344303
2 changed files with 85 additions and 1 deletions
|
@ -175,7 +175,7 @@ in {
|
||||||
certs."int.lukegb.com" = {
|
certs."int.lukegb.com" = {
|
||||||
domain = "*.int.lukegb.com";
|
domain = "*.int.lukegb.com";
|
||||||
dnsProvider = "cloudflare";
|
dnsProvider = "cloudflare";
|
||||||
credentialsFile = machineSecrets.cloudflareCredentials;
|
credentialsFile = secrets.cloudflareCredentials;
|
||||||
extraDomainNames = ["int.lukegb.com"];
|
extraDomainNames = ["int.lukegb.com"];
|
||||||
postRun = ''
|
postRun = ''
|
||||||
systemctl reload nginx
|
systemctl reload nginx
|
||||||
|
|
|
@ -83,6 +83,15 @@ in {
|
||||||
packages = with depot.pkgs; [ irssi ];
|
packages = with depot.pkgs; [ irssi ];
|
||||||
extraGroups = lib.mkAfter [ "libvirtd" ];
|
extraGroups = lib.mkAfter [ "libvirtd" ];
|
||||||
};
|
};
|
||||||
|
users.users.pancake = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = "pancake";
|
||||||
|
home = "/srv/pancake";
|
||||||
|
};
|
||||||
|
users.users.nginx.extraGroups = lib.mkAfter [ "acme" ];
|
||||||
|
users.groups.pancake = {
|
||||||
|
members = ["pancake" "nginx"];
|
||||||
|
};
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
|
||||||
|
@ -90,6 +99,81 @@ in {
|
||||||
"L /var/lib/export - - - - /export"
|
"L /var/lib/export - - - - /export"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
virtualHosts = {
|
||||||
|
"invoices.lukegb.com" = let
|
||||||
|
fastcgi = {
|
||||||
|
extraConfig = ''
|
||||||
|
rewrite ^(.*)$ /index.php break;
|
||||||
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||||
|
fastcgi_index index.php;
|
||||||
|
fastcgi_pass unix:${config.services.phpfpm.pools.pancake.socket};
|
||||||
|
include ${pkgs.nginx}/conf/fastcgi_params;
|
||||||
|
include ${pkgs.nginx}/conf/fastcgi.conf;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
in {
|
||||||
|
root = "/srv/pancake/public_html";
|
||||||
|
useACMEHost = "invoices.lukegb.com";
|
||||||
|
forceSSL = true;
|
||||||
|
locations."/" = {
|
||||||
|
tryFiles = "$uri $uri/ @router";
|
||||||
|
index = "index.html index.php";
|
||||||
|
extraConfig = ''
|
||||||
|
error_page 403 = @router;
|
||||||
|
error_page 404 = @router;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
locations."~ (.php|\\/[^./]+)$" = fastcgi;
|
||||||
|
locations."@router" = fastcgi;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
services.phpfpm = let settingsBase = {
|
||||||
|
"listen.owner" = config.services.nginx.user;
|
||||||
|
"pm" = "dynamic";
|
||||||
|
"pm.max_children" = 32;
|
||||||
|
"pm.max_requests" = 500;
|
||||||
|
"pm.start_servers" = 2;
|
||||||
|
"pm.min_spare_servers" = 2;
|
||||||
|
"pm.max_spare_servers" = 5;
|
||||||
|
"php_admin_value[error_log]" = "stderr";
|
||||||
|
"php_admin_flag[log_errors]" = true;
|
||||||
|
"catch_workers_output" = true;
|
||||||
|
}; in {
|
||||||
|
pools.pancake = {
|
||||||
|
user = "pancake";
|
||||||
|
group = "pancake";
|
||||||
|
settings = settingsBase;
|
||||||
|
phpEnv."PATH" = lib.makeBinPath [ pkgs.php ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
services.mysql = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.mariadb;
|
||||||
|
ensureDatabases = ["pancake"];
|
||||||
|
ensureUsers = [{
|
||||||
|
name = "pancake";
|
||||||
|
ensurePermissions = {
|
||||||
|
"pancake.*" = "ALL PRIVILEGES";
|
||||||
|
};
|
||||||
|
}];
|
||||||
|
};
|
||||||
|
|
||||||
|
security.acme = {
|
||||||
|
acceptTerms = true;
|
||||||
|
email = "letsencrypt@lukegb.com";
|
||||||
|
certs."invoices.lukegb.com" = {
|
||||||
|
domain = "invoices.lukegb.com";
|
||||||
|
dnsProvider = "cloudflare";
|
||||||
|
credentialsFile = secrets.cloudflareCredentials;
|
||||||
|
postRun = ''
|
||||||
|
systemctl reload nginx
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
services.prometheus = {
|
services.prometheus = {
|
||||||
enable = true;
|
enable = true;
|
||||||
stateDir = "export/monitoring/prometheus";
|
stateDir = "export/monitoring/prometheus";
|
||||||
|
|
Loading…
Reference in a new issue