config/profiles/web/services/censordodge.nix

50 lines
1.4 KiB
Nix

{ config, pkgs, lib, mkDomain, ... }:
{
# CensorDodge
# A lightweight and customisable web proxy
/** /
services.phpfpm.pools.censordodge = {
user = "censordodge";
group = "censordodge";
settings = {
"listen.owner" = config.services.nginx.user;
"listen.group" = config.services.nginx.group;
"pm" = "dynamic";
"pm.max_children" = "32";
"pm.start_servers" = "2";
"pm.min_spare_servers" = "2";
"pm.max_spare_servers" = "4";
"pm.max_requests" = "500";
};
};
services.nginx.virtualHosts.${mkDomain "censordodge"} = {
forceSSL = true; # addSSL = true;
enableACME = true; #useACMEHost = acmeDomain;
root = pkgs.fetchFromGitHub {
owner = "ryanmab";
repo = "CensorDodge";
rev = "2480e8269190ca8618e41dc581f9d55f4ce9f333";
sha256 = "8R3lyxF22HXui4pJytMcqwwa5TDXIJb6fWII934IhEA=";
};
extraConfig = ''
index index.php;
'';
locations."/".extraConfig = ''
try_files $uri $uri/ /index.php?$args;
'';
locations."~ \.php$".extraConfig = ''
include ${config.services.nginx.package}/conf/fastcgi.conf;
fastcgi_pass unix:${config.services.phpfpm.pools.censordodge.socket};
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
'';
};
users.users.censordodge = {
isSystemUser = true;
group = "censordodge";
};
users.groups.censordodge = {};
/**/
}