l 4: add more helpers for wordpress hosting

This commit is contained in:
lassulus 2016-04-11 16:49:52 +02:00
parent 0a5f8b64b2
commit 1773a9cd92

View File

@ -33,6 +33,34 @@ rec {
};
};
manageCerts = domains:
let
domain = head domains;
in {
security.acme = {
certs."${domain}" = {
email = "lassulus@gmail.com";
webroot = "/var/lib/acme/challenges/${domain}";
plugins = [
"account_key.json"
"key.pem"
"fullchain.pem"
];
group = "nginx";
allowKeysForGroup = true;
extraDomains = genAttrs domains (_: null);
};
};
krebs.nginx.servers."${domain}" = {
locations = [
(nameValuePair "/.well-known/acme-challenge" ''
root /var/lib/acme/challenges/${domain}/;
'')
];
};
};
ssl = domain:
{
imports = [
@ -176,4 +204,56 @@ rec {
'';
};
serveWordpress = domains:
let
domain = head domains;
in {
krebs.nginx.servers."${domain}" = {
server-names = domains;
extraConfig = ''
root /srv/http/${domain}/;
index index.php;
access_log /tmp/nginx_acc.log;
error_log /tmp/nginx_err.log;
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
'';
locations = [
(nameValuePair "/" ''
try_files $uri $uri/ /index.php?$args;
'')
(nameValuePair "~ \.php$" ''
fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool;
include ${pkgs.nginx}/conf/fastcgi.conf;
'')
(nameValuePair "~ /\\." ''
deny all;
'')
#Directives to send expires headers and turn off 404 error logging.
(nameValuePair "~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$" ''
access_log off;
log_not_found off;
expires max;
'')
];
};
services.phpfpm.poolConfigs."${domain}" = ''
listen = /srv/http/${domain}/phpfpm.pool
user = nginx
group = nginx
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
listen.owner = nginx
listen.group = nginx
# errors to journal
php_admin_value[error_log] = 'stderr'
php_admin_flag[log_errors] = on
catch_workers_output = yes
'';
};
}