felixalb/nixos-config
felixalb
/
nixos-config
mirror of https://git.feal.no/felixalb/nixos-config.git
2
2
Fork 0
Code Issues Activity
nixos-config/hosts/malcolm/services/www-kinealbrigtsen-no.nix

97 lines
2.6 KiB
Nix
Raw Permalink Blame History

{ config, pkgs, lib, ... }:
{
users.users.www-kinealbrigtsen-no = {
isSystemUser = true;
group = "www-kinealbrigtsen-no";
};
users.groups.www-kinealbrigtsen-no = { };
services.mysql.ensureDatabases = [
"www_kinealbrigtsen_no"
];
services.mysql.ensureUsers = [
{
name = "www-kinealbrigtsen-no";
ensurePermissions = {
# "www_kinealbrigtsen_no.*" = "ALL PRIVILEGES"; # For upgrades and special procedures
"www_kinealbrigtsen_no.*" = "SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, INDEX";
};
}
];
services.phpfpm.pools.www-kinealbrigtsen-no = {
user = "www-kinealbrigtsen-no";
group = "www-kinealbrigtsen-no";
phpOptions = lib.generators.toKeyValue {} {
upload_max_filesize = "1000M";
post_max_size = "1000M";
memory_limit = "1000M";
};
settings = {
"listen.owner" = config.services.nginx.user;
"listen.group" = config.services.nginx.group;
"pm" = "dynamic";
"pm.max_children" = 32;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 2;
"pm.max_spare_servers" = 4;
"pm.process_idle_timeout" = "10s";
"pm.max_requests" = 1000;
};
};
services.nginx.virtualHosts."kinealbrigtsen.no" = {
serverAliases = [ "www.kinealbrigtsen.no" ];
root = "/var/www/www-kinealbrigtsen-no";
locations = {
"/".extraConfig = ''
try_files $uri $uri/ /index.php?$args;
'';
"~ \\.php$".extraConfig = ''
include ${config.services.nginx.package}/conf/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:${config.services.phpfpm.pools.www-kinealbrigtsen-no.socket};
'';
"~ /\\.ht".extraConfig = ''
deny all;
'';
"/favicon.ico".extraConfig = ''
log_not_found off;
access_log off;
'';
"/robots.txt".extraConfig = ''
allow all;
log_not_found off;
access_log off;
'';
"~* \\.(js|css|png|jpg|jpeg|gif|ico)$".extraConfig = ''
expires max;
log_not_found off;
'';
};
extraConfig = ''
index index.php index.html;
set_real_ip_from 192.168.11.0/24;
real_ip_header X-Forwarded-For;
add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
add_header 'Referrer-Policy' 'origin-when-cross-origin';
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
'';
};
# TODO:
# - Configure a mailer so wp_mail() works
# - Enable periodic backups
}
Reference in New Issue View Git Blame Copy Permalink