summaryrefslogtreecommitdiffstats
path: root/makefu/2configs/nginx/euer.wiki.nix
blob: 732c277849ce90c024a2a06def40a553886322c1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
{ config, lib, pkgs, ... }:

with import <stockholm/lib>;
let
  sec = toString <secrets>;
  ext-dom = "wiki.euer.krebsco.de";

  user = config.services.nginx.user;
  group = config.services.nginx.group;
  fpm-socket = "/var/run/php5-fpm.sock";
  hostname = config.krebs.build.host.name;
  tw-upload = pkgs.tw-upload-plugin;
  base-dir = "/var/www/wiki.euer";
  base-cfg = "${base-dir}/twconf.ini";
  wiki-dir = "${base-dir}/store/";
  backup-dir = "${base-dir}/backup/";
  # contains:
  #  user1 = pass1
  #  userN = passN
  # afterwards put /var/www/<ext-dom>/user1.html as tiddlywiki
  tw-pass-file = "${sec}/tw-pass.ini";

in {
  state = [ base-dir ];
  services.phpfpm = {
    # phpfpm does not have an enable option
    poolConfigs  = {
      euer-wiki = ''
        user =  ${user}
        group =  ${group}
        listen = ${fpm-socket}
        listen.owner = ${user}
        listen.group = ${group}
        env[twconf] = ${base-cfg};
        pm = dynamic
        pm.max_children = 5
        pm.start_servers = 2
        pm.min_spare_servers = 1
        pm.max_spare_servers = 3
        chdir = /
        php_admin_value[error_log] = 'stderr'
        php_admin_flag[log_errors] = on
        catch_workers_output = yes
      '';
    };
  };

  systemd.services.prepare-tw = {
    wantedBy = [ "local-fs.target" ];
    before = [ "phpfpm.service" "nginx.service" ];
    serviceConfig = {
      ExecStart = pkgs.writeScript "prepare-tw-service" ''
        #!/bin/sh
        if ! test -d "${base-dir}" ;then
          mkdir -p "${wiki-dir}" "${backup-dir}"

          # write the base configuration
          cat > "${base-cfg}" <<EOF
        [users]
        $(cat "${tw-pass-file}")
        [directories]
        backupdir = ${backup-dir}
        savedir = ${wiki-dir}
        EOF

          chown -R ${user}:${group} "${base-dir}"
          chmod 700  -R "${base-dir}"
        fi
      '';
      Type = "oneshot";
      RemainAfterExit = "yes";
      TimeoutSec = "0";
    };
  };

  services.nginx = {
    enable = mkDefault true;
    recommendedGzipSettings = true;
    virtualHosts = {
      "${ext-dom}" = {
        #serverAliases = [
        #  "wiki.makefu.r"
        #  "wiki.makefu"
        #];
        forceSSL = true;
        enableACME = true;
        locations = {
          "/" = {
            root = wiki-dir;
            index = "makefu.html";
            extraConfig = ''
              expires -1;
              autoindex on;
            '';
          };
          "/store.php" = {
            root = tw-upload;
            extraConfig = ''
              client_max_body_size 200M;
              fastcgi_split_path_info ^(.+\.php)(/.+)$;
              fastcgi_pass unix:${fpm-socket};
              include ${pkgs.nginx}/conf/fastcgi_params;
              include ${pkgs.nginx}/conf/fastcgi.conf;
            '';
          };
        };
      };
    };
  };
}