Nebucatnetzer
/
nixos
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Move nginx-fpm into options

This commit is contained in:
Andreas Zweili 2023-06-06 21:26:26 +02:00
parent 94503458d7
commit 372222e899
3 changed files with 81 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
modules/default.nix
View File

@ -30,6 +30,7 @@
./services/media-share
./services/nextcloud
./services/nginx-acme-base
./nginx-fpm
./services/pipewire
./services/rclone-webdav
./services/rdp

73
modules/nginx-fpm/default.nix
View File

@ -1,29 +1,58 @@
{ dataDir, documentRoot ? "/var/www/html", domain, port ? "9000", }:
{ inputs, pkgs, ... }:
{ config, lib, pkgs, ... }:
let
cfg = config.services.az-nginx-fpm;
in
{
services = {
az-acme-base.enable = true;
nginx = {
appendHttpConfig = ''
index index.php;
'';
virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
root = dataDir;
locations = {
"~ \\.php$" = {
extraConfig = ''
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
include ${pkgs.nginx}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf;
fastcgi_param SCRIPT_FILENAME ${documentRoot}$fastcgi_script_name;
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:${port};
'';
options = {
services.az-nginx-fpm = {
enable = lib.mkEnableOption "Enable Nginx with config for FPM in a container.";
dataDir = lib.mkOption {
type = lib.types.str;
description = "The directory where the application lives on the host.";
};
documentRoot = lib.mkOption {
type = lib.types.str;
description = "The directory where the FPM expects your code to be.";
default = "/var/www/html";
};
domain = lib.mkOption {
type = lib.types.str;
description = "The domain the service is being run from.";
};
port = lib.mkOption {
type = lib.types.number;
description = "The port FPM listens on.";
default = 9000;
};
};
};
config = lib.mkIf cfg.enable {
services = {
az-acme-base.enable = true;
nginx = {
appendHttpConfig = ''
index index.php;
'';
virtualHosts."${cfg.domain}" = {
enableACME = true;
forceSSL = true;
root = cfg.dataDir;
locations = {
"~ \\.php$" = {
extraConfig = ''
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
include ${pkgs.nginx}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf;
fastcgi_param SCRIPT_FILENAME ${cfg.documentRoot}$fastcgi_script_name;
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:${toString cfg.port};
'';
};
};
};
};
};
};
}

55
modules/ttrss-postgres/default.nix
View File

@ -15,26 +15,41 @@ let
in
{
imports = [
(import "${inputs.self}/modules/nginx-fpm" {
dataDir = "/var/lib/ttrss/html";
inherit domain;
})
"${inputs.self}/modules/postgresql"
];
age.secrets.ttrssEnv.file = "${inputs.self}/scrts/ttrss_env.age";
services.postgresql = {
authentication = "host ttrssdb ttrss 172.16.0.0/12 scram-sha-256";
ensureDatabases = [ "ttrssdb" ];
ensureUsers = [{
name = "ttrss";
ensurePermissions = {
"DATABASE ttrssdb " = "ALL PRIVILEGES";
};
}];
services = {
az-docker.enable = true;
az-nginx-fpm = {
enable = true;
dataDir = "/var/lib/ttrss/html";
domain = domain;
};
nginx.virtualHosts."${domain}".locations = {
"/".extraConfig = ''
try_files $uri $uri/ = 404;
'';
"/tt-rss/cache".extraConfig = ''
aio threads;
internal;
'';
"/tt-rss/backups".extraConfig = ''
internal;
'';
};
postgresql = {
authentication = "host ttrssdb ttrss 172.16.0.0/12 scram-sha-256";
ensureDatabases = [ "ttrssdb" ];
ensureUsers = [{
name = "ttrss";
ensurePermissions = {
"DATABASE ttrssdb " = "ALL PRIVILEGES";
};
}];
};
};
services.az-docker.enable = true;
virtualisation.oci-containers = {
backend = "docker";
containers."ttrss" = {
@ -88,18 +103,6 @@ in
};
};
services.nginx.virtualHosts."${domain}".locations = {
"/".extraConfig = ''
try_files $uri $uri/ = 404;
'';
"/tt-rss/cache".extraConfig = ''
aio threads;
internal;
'';
"/tt-rss/backups".extraConfig = ''
internal;
'';
};
systemd.services.${ttrssService}.after = [ "nginx.service" ];
systemd.services.postgresql.after = [ "${ttrssService}.service" ];
}