From 0e11d7af9981c0b24f52c9d15b8b107a8d78b17f Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 19 Sep 2017 20:24:32 +0200
Subject: l websites lassulus: serveBB

---
 lass/2configs/websites/lassulus.nix | 56 +++++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)

(limited to 'lass/2configs/websites/lassulus.nix')

diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index d37dd530..17c39a5f 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -6,10 +6,66 @@ let
     genid
   ;
 
+  servephpBB = domains:
+    let
+      domain = head domains;
+
+    in {
+      services.nginx.virtualHosts."${domain}" = {
+        enableACME = true;
+        forceSSL = true;
+        serverAliases = domains;
+        extraConfig = ''
+          index index.php;
+          root /srv/http/${domain}/;
+          access_log /tmp/nginx_acc.log;
+          error_log /tmp/nginx_err.log;
+          error_page 404 /404.html;
+          error_page 500 502 503 504 /50x.html;
+          client_max_body_size 100m;
+        '';
+        locations."/".extraConfig = ''
+          try_files $uri $uri/ /index.php?$args;
+        '';
+        locations."~ \.php(?:$|/)".extraConfig =  ''
+          fastcgi_split_path_info ^(.+\.php)(/.+)$;
+          include ${pkgs.nginx}/conf/fastcgi_params;
+          fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+          fastcgi_param PATH_INFO $fastcgi_path_info;
+          fastcgi_param HTTPS on;
+          fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
+          fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
+          fastcgi_intercept_errors on;
+        '';
+        #Directives to send expires headers and turn off 404 error logging.
+        locations."~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$".extraConfig = ''
+          access_log off;
+          log_not_found off;
+          expires max;
+        '';
+      };
+      services.phpfpm.poolConfigs."${domain}" = ''
+        listen = /srv/http/${domain}/phpfpm.pool
+        user = nginx
+        group = nginx
+        pm = dynamic
+        pm.max_children = 25
+        pm.start_servers = 5
+        pm.min_spare_servers = 3
+        pm.max_spare_servers = 20
+        listen.owner = nginx
+        listen.group = nginx
+        php_admin_value[error_log] = 'stderr'
+        php_admin_flag[log_errors] = on
+        catch_workers_output = yes
+      '';
+    };
+
 in {
   imports = [
     ./default.nix
     ../git.nix
+    (servephpBB [ "rote-allez-fraktion.de" ])
   ];
 
   security.acme = {
-- 
cgit v1.2.3