summaryrefslogtreecommitdiffstats
path: root/makefu/2configs/deployment/owncloud.nix
diff options
context:
space:
mode:
authorlassulus <lassulus@lassul.us>2019-10-16 11:39:55 +0200
committerlassulus <lassulus@lassul.us>2019-10-16 11:39:55 +0200
commit1cfe17faa0b5b2d062da0b3cdbda34b1241dac02 (patch)
tree2ae25beec60641929e65d22b05a241eff656b8c0 /makefu/2configs/deployment/owncloud.nix
parent005d456ef42ca1a371131a558e834944ce2e616f (diff)
parent349ccf95e76dec7d3eb87b96cc8bb8bcb3317dc0 (diff)
Merge remote-tracking branch 'gum/19.09'
Diffstat (limited to 'makefu/2configs/deployment/owncloud.nix')
-rw-r--r--makefu/2configs/deployment/owncloud.nix86
1 files changed, 47 insertions, 39 deletions
diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix
index 6f073fd4c..59dfa3203 100644
--- a/makefu/2configs/deployment/owncloud.nix
+++ b/makefu/2configs/deployment/owncloud.nix
@@ -110,6 +110,10 @@ let
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
+ add_header X-Frame-Options SAMEORIGIN;
+ add_header X-Download-Options noopen;
+ add_header X-Permitted-Cross-Domain-Policies none;
+
# Optional: Don't log access to assets
access_log off;
'';
@@ -118,23 +122,25 @@ let
access_log off;
'';
};
- services.phpfpm.poolConfigs."${domain}" = ''
- listen = ${socket}
- user = nginx
- group = nginx
- pm = dynamic
- pm.max_children = 32
- pm.max_requests = 500
- pm.start_servers = 2
- pm.min_spare_servers = 2
- pm.max_spare_servers = 5
- listen.owner = nginx
- listen.group = nginx
- php_admin_value[error_log] = 'stderr'
- php_admin_flag[log_errors] = on
- env[PATH] = ${lib.makeBinPath [ pkgs.php ]}
- catch_workers_output = yes
- '';
+ services.phpfpm.pools."${domain}" = {
+ user = "nginx";
+ group = "nginx";
+ listen = socket;
+ settings = {
+ "pm" = "dynamic";
+ "pm.max_children" = 32;
+ "pm.max_requests" = 500;
+ "pm.start_servers" = 2;
+ "pm.min_spare_servers" = 2;
+ "pm.max_spare_servers" = 5;
+ };
+ extraConfig = ''
+ php_admin_value[error_log] = 'stderr'
+ php_admin_flag[log_errors] = on
+ env[PATH] = ${lib.makeBinPath [ pkgs.php ]}
+ catch_workers_output = yes
+ '';
+ };
services.phpfpm.phpOptions = ''
opcache.enable=1
opcache.enable_cli=1
@@ -171,27 +177,29 @@ in {
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.redis.enable = true;
- services.mysql = {
- enable = false;
- package = pkgs.mariadb;
- rootPassword = config.krebs.secret.files.mysql_rootPassword.path;
- initialDatabases = [
- # Or use writeText instead of literalExample?
- #{ name = "nextcloud"; schema = literalExample "./nextcloud.sql"; }
- {
- name = "nextcloud";
- schema = pkgs.writeText "nextcloud.sql"
- ''
- create user if not exists 'nextcloud'@'localhost' identified by 'password';
- grant all privileges on nextcloud.* to 'nextcloud'@'localhost' identified by 'password';
- '';
- }
- ];
- };
+
+ #services.mysql = {
+ # enable = false;
+ # package = pkgs.mariadb;
+ # rootPassword = config.krebs.secret.files.mysql_rootPassword.path;
+ # initialDatabases = [
+ # # Or use writeText instead of literalExample?
+ # #{ name = "nextcloud"; schema = literalExample "./nextcloud.sql"; }
+ # {
+ # name = "nextcloud";
+ # schema = pkgs.writeText "nextcloud.sql"
+ # ''
+ # create user if not exists 'nextcloud'@'localhost' identified by 'password';
+ # grant all privileges on nextcloud.* to 'nextcloud'@'localhost' identified by 'password';
+ # '';
+ # }
+ # ];
+ #};
+
# dataDir is only defined after mysql is enabled
- # krebs.secret.files.mysql_rootPassword = {
- # path = "${config.services.mysql.dataDir}/mysql_rootPassword";
- # owner.name = "root";
- # source-path = toString <secrets> + "/mysql_rootPassword";
- # };
+ #krebs.secret.files.mysql_rootPassword = {
+ # path = "${config.services.mysql.dataDir}/mysql_rootPassword";
+ # owner.name = "root";
+ # source-path = toString <secrets> + "/mysql_rootPassword";
+ #};
}