diff --git a/configuration/default.nix b/configuration/default.nix index 5140352..8c2a678 100644 --- a/configuration/default.nix +++ b/configuration/default.nix @@ -13,15 +13,16 @@ let }) ]; }; - pkgs = (import (fetchTarball "https://github.com/NixOS/nixpkgs-channels/archive/nixos-19.03.tar.gz") nixpkgsOptions); + pkgs = (import (fetchTarball "https://github.com/NixOS/nixpkgs-channels/archive/nixos-20.03.tar.gz") nixpkgsOptions); pkgs1803 = (import (fetchTarball "https://github.com/NixOS/nixpkgs-channels/archive/nixos-18.03.tar.gz") nixpkgsOptions); presets = { base = (import ./presets/base.nix); kvm = (import ./presets/kvm.nix); }; nginxPresets = { - php = (import ./presets/nginx/php.nix); - cphpApplication = (import ./presets/nginx/cphp-application.nix); + # php = (import ./presets/nginx/php.nix); + phpDisabled = (import ./presets/nginx/php-disabled.nix); + # cphpApplication = (import ./presets/nginx/cphp-application.nix); reverseProxy = (import ./presets/nginx/reverse-proxy.nix); letsEncrypt = (import ./presets/nginx/lets-encrypt.nix); }; @@ -114,10 +115,10 @@ in { in lib.mkMerge [ (httpHosts [ # "haless.cryto.net" - "todo.cryto.net" - "books.cryto.net" - "learn.cryto.net" - "vps-list.cryto.net" + # "todo.cryto.net" + # "books.cryto.net" + # "learn.cryto.net" + # "vps-list.cryto.net" "iomfats.cryto.net" "castleroland.cryto.net" "awesomedude.cryto.net" @@ -126,8 +127,8 @@ in { ]) (httpsHosts [ # "haless.cryto.net" - "books.cryto.net" - "vps-list.cryto.net" + # "books.cryto.net" + # "vps-list.cryto.net" "iomfats.cryto.net" "castleroland.cryto.net" "awesomedude.cryto.net" @@ -178,71 +179,75 @@ in { "haless.cryto.net" = lib.mkMerge [ (nginxPresets.letsEncrypt) { - locations."/shadow" = { + locations."/shadow/" = { alias = ./sources/shadow-generator; }; - locations."/knex-mirror" = { + locations."/knex-mirror/" = { alias = ./sources/knex-mirror; }; } ]; "books.cryto.net" = lib.mkMerge [ (nginxPresets.letsEncrypt) - (nginxPresets.php args) /* Temporary hack until I can figure out the mkMerge evaluation order issue */ - { - root = pkgs.stdenv.mkDerivation { - name = "cryto-books"; - src = ./sources/cryto-books; - - installPhase = '' - mkdir -p $out/ - cp -r $src/* $out/ - cp ${../private/cryto-books/credentials.php} $out/credentials.php - ''; - }; - } + (nginxPresets.phpDisabled) + # (nginxPresets.php args) /* Temporary hack until I can figure out the mkMerge evaluation order issue */ + # { + # root = pkgs.stdenv.mkDerivation { + # name = "cryto-books"; + # src = ./sources/cryto-books; + + # installPhase = '' + # mkdir -p $out/ + # cp -r $src/* $out/ + # cp ${../private/cryto-books/credentials.php} $out/credentials.php + # ''; + # }; + # } ]; "todo.cryto.net" = lib.mkMerge [ - (nginxPresets.php args) /* Temporary hack until I can figure out the mkMerge evaluation order issue */ - (nginxPresets.cphpApplication (pkgs.stdenv.mkDerivation { - name = "cryto-todo"; - src = ./sources/cryto-todo; - - installPhase = '' - mkdir -p $out/public_html - cp -r $src/* $out/public_html - cp ${../private/cryto-todo/config.json} $out/config.json - ''; - })) + (nginxPresets.phpDisabled) + # (nginxPresets.php args) /* Temporary hack until I can figure out the mkMerge evaluation order issue */ + # (nginxPresets.cphpApplication (pkgs.stdenv.mkDerivation { + # name = "cryto-todo"; + # src = ./sources/cryto-todo; + + # installPhase = '' + # mkdir -p $out/public_html + # cp -r $src/* $out/public_html + # cp ${../private/cryto-todo/config.json} $out/config.json + # ''; + # })) ]; "learn.cryto.net" = lib.mkMerge [ - (nginxPresets.php args) /* Temporary hack until I can figure out the mkMerge evaluation order issue */ - (nginxPresets.cphpApplication (pkgs.stdenv.mkDerivation { - name = "cryto-learn"; - src = ./sources/cryto-learn; - - installPhase = '' - mkdir -p $out/public_html - cp -r $src/* $out/public_html - cp ${../private/cryto-learn/config.json} $out/config.json - ''; - })) + (nginxPresets.phpDisabled) + # (nginxPresets.php args) /* Temporary hack until I can figure out the mkMerge evaluation order issue */ + # (nginxPresets.cphpApplication (pkgs.stdenv.mkDerivation { + # name = "cryto-learn"; + # src = ./sources/cryto-learn; + + # installPhase = '' + # mkdir -p $out/public_html + # cp -r $src/* $out/public_html + # cp ${../private/cryto-learn/config.json} $out/config.json + # ''; + # })) ]; "vps-list.cryto.net" = lib.mkMerge [ (nginxPresets.letsEncrypt) - (nginxPresets.php args) /* Temporary hack until I can figure out the mkMerge evaluation order issue */ - (nginxPresets.cphpApplication (pkgs.stdenv.mkDerivation { - name = "vps-list"; - src = ./sources/vps-list; - - installPhase = '' - mkdir -p $out/public_html - mkdir -p $out/public_html/cphp - - cp -r $src/* $out/public_html - cp ${../private/vps-list/config.php} $out/public_html/cphp/config.php - ''; - })) + (nginxPresets.phpDisabled) + # (nginxPresets.php args) /* Temporary hack until I can figure out the mkMerge evaluation order issue */ + # (nginxPresets.cphpApplication (pkgs.stdenv.mkDerivation { + # name = "vps-list"; + # src = ./sources/vps-list; + + # installPhase = '' + # mkdir -p $out/public_html + # mkdir -p $out/public_html/cphp + + # cp -r $src/* $out/public_html + # cp ${../private/vps-list/config.php} $out/public_html/cphp/config.php + # ''; + # })) ]; "iomfats.cryto.net" = lib.mkMerge [ (nginxPresets.letsEncrypt) @@ -263,37 +268,39 @@ in { }; }; - services.mysql = { - enable = true; - package = pkgs.mysql55; - }; + # services.mysql = { + # enable = true; + # package = pkgs.mysql55; + # }; - services.phpfpm = { - extraConfig = '' - log_level = notice - ''; - phpPackage = pkgs1803.php56; - pools = { - main = { - listen = "/var/run/phpfpm-main.sock"; - extraConfig = '' - user = nobody - listen.owner = nginx - listen.group = nginx - listen.mode = 0660 - - pm = dynamic - pm.max_children = 75 - pm.start_servers = 10 - pm.min_spare_servers = 5 - pm.max_spare_servers = 20 - pm.max_requests = 500 - - catch_workers_output = yes - ''; - }; - }; - }; + # services.phpfpm = { + # settings = { + # "log_level" = "notice"; + # }; + + # phpPackage = pkgs1803.php56; + + # pools = { + # main = { + # # listen = "/var/run/phpfpm-main.sock"; + # user = "nobody"; + # settings = { + # "listen.owner" = "nginx"; + # "listen.group" = "nginx"; + # "listen.mode" = 0660; + + # "pm" = "dynamic"; + # "pm.max_children" = 75; + # "pm.start_servers" = 10; + # "pm.min_spare_servers" = 5; + # "pm.max_spare_servers" = 20; + # "pm.max_requests" = 500; + + # "catch_workers_output" = true; + # }; + # }; + # }; + # }; users.extraUsers.mobile-proxy = { description = "mobile-proxy Service User"; diff --git a/configuration/presets/base.nix b/configuration/presets/base.nix index d9fc424..5ee9949 100644 --- a/configuration/presets/base.nix +++ b/configuration/presets/base.nix @@ -1,8 +1,11 @@ { pkgs, ... }: { + console = { + font = "Lat2-Terminus16"; + keyMap = "us"; + }; + i18n = { - consoleFont = "Lat2-Terminus16"; - consoleKeyMap = "us"; defaultLocale = "en_US.UTF-8"; }; @@ -35,4 +38,9 @@ dates = "00:00"; options = "--delete-older-than 14d"; }; + + security.acme = { + acceptTerms = true; + email = "admin+certs@cryto.net"; + }; } diff --git a/configuration/presets/nginx/php-disabled.nix b/configuration/presets/nginx/php-disabled.nix new file mode 100644 index 0000000..0b40878 --- /dev/null +++ b/configuration/presets/nginx/php-disabled.nix @@ -0,0 +1,5 @@ +{ + locations."/" = { + return = "503"; + }; +} diff --git a/configuration/presets/nginx/php.nix b/configuration/presets/nginx/php.nix index 6fdcef1..a8d16fe 100644 --- a/configuration/presets/nginx/php.nix +++ b/configuration/presets/nginx/php.nix @@ -6,7 +6,7 @@ locations."~ \.php$" = { extraConfig = '' fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass unix:${config.services.phpfpm.pools.main.listen}; + fastcgi_pass unix:${config.services.phpfpm.pools.main.socket}; fastcgi_index index.php; ''; }; diff --git a/data/dummy-configuration.nix b/data/dummy-configuration.nix index fd9c4ab..62d474e 100644 --- a/data/dummy-configuration.nix +++ b/data/dummy-configuration.nix @@ -9,9 +9,12 @@ boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only + console = { + font = "Lat2-Terminus16"; + keyMap = "us"; + }; + i18n = { - consoleFont = "Lat2-Terminus16"; - consoleKeyMap = "us"; defaultLocale = "en_US.UTF-8"; };