From 0164e142e3ce793cb98b237ba2384b3d88a3550c Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 Apr 2018 23:35:13 +0200 Subject: l websites: enableSSL -> onlySSL --- lass/2configs/websites/util.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lass/2configs/websites') diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index 62055d0f..441b7af9 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -16,7 +16,7 @@ rec { in { services.nginx.virtualHosts.${domain} = { enableACME = true; - enableSSL = true; + onlySSL = true; extraConfig = '' listen 80; listen [::]:80; @@ -34,7 +34,7 @@ rec { in { services.nginx.virtualHosts."${domain}" = { enableACME = true; - enableSSL = true; + onlySSL = true; serverAliases = domains; extraConfig = '' listen 80; @@ -148,7 +148,7 @@ rec { in { services.nginx.virtualHosts."${domain}" = { enableACME = true; - enableSSL = true; + onlySSL = true; serverAliases = domains; extraConfig = '' listen 80; -- cgit v1.2.3 From b96f9d898a77bb5a735ad35d1bc1eeeea1833cae Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 23:14:34 +0200 Subject: l websites: move servephpBB to util --- lass/2configs/websites/lassulus.nix | 55 ------------------------------------- lass/2configs/websites/util.nix | 53 +++++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+), 55 deletions(-) (limited to 'lass/2configs/websites') diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 25ca1f45..b9811221 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -6,61 +6,6 @@ let genid ; - servephpBB = domains: - let - domain = head domains; - - in { - services.nginx.virtualHosts."${domain}" = { - enableACME = true; - forceSSL = true; - serverAliases = domains; - extraConfig = '' - index index.php; - root /srv/http/${domain}/; - access_log /tmp/nginx_acc.log; - error_log /tmp/nginx_err.log; - error_page 404 /404.html; - error_page 500 502 503 504 /50x.html; - client_max_body_size 100m; - ''; - locations."/".extraConfig = '' - try_files $uri $uri/ /index.php?$args; - ''; - locations."~ \.php(?:$|/)".extraConfig = '' - fastcgi_split_path_info ^(.+\.php)(/.+)$; - include ${pkgs.nginx}/conf/fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param HTTPS on; - fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice - fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool; - fastcgi_intercept_errors on; - ''; - #Directives to send expires headers and turn off 404 error logging. - locations."~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$".extraConfig = '' - access_log off; - log_not_found off; - expires max; - ''; - }; - services.phpfpm.poolConfigs."${domain}" = '' - listen = /srv/http/${domain}/phpfpm.pool - user = nginx - group = nginx - pm = dynamic - pm.max_children = 25 - pm.start_servers = 5 - pm.min_spare_servers = 3 - pm.max_spare_servers = 20 - listen.owner = nginx - listen.group = nginx - php_admin_value[error_log] = 'stderr' - php_admin_flag[log_errors] = on - catch_workers_output = yes - ''; - }; - in { imports = [ ./default.nix diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index 441b7af9..61b5543c 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -28,6 +28,59 @@ rec { }; }; + servephpBB = domains: + let + domain = head domains; + + in { + services.nginx.virtualHosts."${domain}" = { + serverAliases = domains; + extraConfig = '' + index index.php; + root /srv/http/${domain}/; + access_log /tmp/nginx_acc.log; + error_log /tmp/nginx_err.log; + error_page 404 /404.html; + error_page 500 502 503 504 /50x.html; + client_max_body_size 100m; + ''; + locations."/".extraConfig = '' + try_files $uri $uri/ /index.php?$args; + ''; + locations."~ \.php(?:$|/)".extraConfig = '' + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include ${pkgs.nginx}/conf/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param HTTPS on; + fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice + fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool; + fastcgi_intercept_errors on; + ''; + #Directives to send expires headers and turn off 404 error logging. + locations."~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$".extraConfig = '' + access_log off; + log_not_found off; + expires max; + ''; + }; + services.phpfpm.poolConfigs."${domain}" = '' + listen = /srv/http/${domain}/phpfpm.pool + user = nginx + group = nginx + pm = dynamic + pm.max_children = 25 + pm.start_servers = 5 + pm.min_spare_servers = 3 + pm.max_spare_servers = 20 + listen.owner = nginx + listen.group = nginx + php_admin_value[error_log] = 'stderr' + php_admin_flag[log_errors] = on + catch_workers_output = yes + ''; + }; + serveOwncloud = domains: let domain = head domains; -- cgit v1.2.3 From 1820b1753011eb42bb9be30011e6fbd11993b201 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 23:18:05 +0200 Subject: l: add red.r --- lass/2configs/websites/lassulus.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass/2configs/websites') diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index b9811221..53f1eea5 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -10,7 +10,6 @@ in { imports = [ ./default.nix ../git.nix - (servephpBB [ "rote-allez-fraktion.de" ]) ]; security.acme = { -- cgit v1.2.3 From e8c4f7c0e40a1612731ad9f68ef7f5bb1ec7ce1c Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 7 May 2018 19:57:44 +0200 Subject: l websites utils: forceSSL --- lass/2configs/websites/util.nix | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) (limited to 'lass/2configs/websites') diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index 61b5543c..a11e8e69 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -16,11 +16,7 @@ rec { in { services.nginx.virtualHosts.${domain} = { enableACME = true; - onlySSL = true; - extraConfig = '' - listen 80; - listen [::]:80; - ''; + forceSSL = true; serverAliases = domains; locations."/".extraConfig = '' root /srv/http/${domain}; @@ -87,12 +83,9 @@ rec { in { services.nginx.virtualHosts."${domain}" = { enableACME = true; - onlySSL = true; + forceSSL = true; serverAliases = domains; extraConfig = '' - listen 80; - listen [::]:80; - # Add headers to serve security related headers add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; @@ -201,12 +194,9 @@ rec { in { services.nginx.virtualHosts."${domain}" = { enableACME = true; - onlySSL = true; + forceSSL = true; serverAliases = domains; extraConfig = '' - listen 80; - listen [::]:80; - root /srv/http/${domain}/; index index.php; access_log /tmp/nginx_acc.log; -- cgit v1.2.3 From aecf06a8bfa5e5d444bff6d5c4430250a2684d34 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 14 May 2018 22:06:50 +0200 Subject: l websites domsen: remove old, add new --- lass/2configs/websites/domsen.nix | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'lass/2configs/websites') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 7a72499c..c75cc81f 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -26,12 +26,7 @@ in { ./default.nix ./sqlBackup.nix (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) - (servePage [ - "habsys.de" - "habsys.eu" - "www.habsys.de" - "www.habsys.eu" - ]) + (servePage [ "freemonkey.art" ]) (serveOwncloud [ "o.ubikmedia.de" ]) (serveWordpress [ "ubikmedia.de" -- cgit v1.2.3 From cb41b35641eba3c0e88c87604072405ecc8fc5f7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 14 May 2018 22:09:50 +0200 Subject: l websites domsen: add akayguen --- lass/2configs/websites/domsen.nix | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'lass/2configs/websites') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index c75cc81f..4e8361a1 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -115,6 +115,7 @@ in { { from = "jms@ubikmedia.eu"; to = "jms"; } { from = "ms@ubikmedia.eu"; to = "ms"; } { from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; } + { from = "akayguen@freemonkey.art"; to ="akayguen"; } { from = "testuser@lassul.us"; to = "testuser"; } { from = "testuser@ubikmedia.eu"; to = "testuser"; } @@ -172,5 +173,12 @@ in { createHome = true; }; + users.users.akayguen = { + uid = genid_signed "akayguen"; + home = "/home/akayguen"; + useDefaultShell = true; + createHome = true; + }; + } -- cgit v1.2.3 From efb7452a0c5f0d4109ae188dc6abda46a20e394c Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 14 May 2018 22:20:08 +0200 Subject: l websites util: make ssl optional again --- lass/2configs/websites/util.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lass/2configs/websites') diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index a11e8e69..816449c1 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -16,7 +16,7 @@ rec { in { services.nginx.virtualHosts.${domain} = { enableACME = true; - forceSSL = true; + addSSL = true; serverAliases = domains; locations."/".extraConfig = '' root /srv/http/${domain}; @@ -83,7 +83,7 @@ rec { in { services.nginx.virtualHosts."${domain}" = { enableACME = true; - forceSSL = true; + addSSL = true; serverAliases = domains; extraConfig = '' # Add headers to serve security related headers @@ -194,7 +194,7 @@ rec { in { services.nginx.virtualHosts."${domain}" = { enableACME = true; - forceSSL = true; + addSSL = true; serverAliases = domains; extraConfig = '' root /srv/http/${domain}/; -- cgit v1.2.3 From d6e1ca7e2884787018dd19bec994d093ebc846ec Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 8 Jun 2018 05:02:27 +0200 Subject: l websites domsen: serve www.freemonkey.art --- lass/2configs/websites/domsen.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'lass/2configs/websites') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 4e8361a1..e4f50e2d 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -26,7 +26,10 @@ in { ./default.nix ./sqlBackup.nix (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) - (servePage [ "freemonkey.art" ]) + (servePage [ + "freemonkey.art" + "www.freemonkey.art" + ]) (serveOwncloud [ "o.ubikmedia.de" ]) (serveWordpress [ "ubikmedia.de" -- cgit v1.2.3