Skip to content

Instantly share code, notes, and snippets.

@disassembler

disassembler/-

Created August 30, 2017 20:56
Show Gist options
  • Save disassembler/286c2e8da69e783b91e4d8cac9363be3 to your computer and use it in GitHub Desktop.
Save disassembler/286c2e8da69e783b91e4d8cac9363be3 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
-
{ lib, config, pkgs, parameters}:
{
# Use the systemd-boot EFI boot loader.
services = {
caddy = {
enable = true;
email = "disasm@gmail.com";
agree = true;
config = ''
crate.wedlake.lan:443/mitro-core {
log stdout
errors stderr
tls /data/ssl/nginx.crt /data/ssl/nginx.key
proxy / http://localhost:8080/mitro-core/
}
mpd.wedlake.lan:443 {
log stdout
errors stderr
tls /data/ssl/mpd.wedlake.lan.crt /data/ssl/mpd.wedlake.lan.key
#proxy /ws http://localhost:8082/ {
# websocket
#{
proxy / http://localhost:8082/
}
cloud.wedlake.lan:443 {
log stdout
errors stderr
tls /data/ssl/cloud.wedlake.lan.crt /data/ssl/cloud.wedlake.lan.key
root ${pkgs.nextcloud}
fastcgi / 127.0.0.1:9000 php
status 403 /forbidden
rewrite {
r ^/index.php/.*$
to /index.php?{query}
}
# client support (e.g. os x calendar / contacts)
redir /.well-known/carddav /remote.php/carddav 301
redir /.well-known/caldav /remote.php/caldav 301
# remove trailing / as it causes errors with php-fpm
rewrite {
r ^/remote.php/(webdav|caldav|carddav)(\/?)$
to /remote.php/{1}
}
rewrite {
r ^/remote.php/(webdav|caldav|carddav)/(.+)(\/?)$
to /remote.php/{1}/{2}
}
# .htacces / data / config / ... shouldn't be accessible from outside
rewrite {
r ^/(?:\.htaccess|data|config|db_structure\.xml|README)
to /forbidden
}
}
'';
};
phpfpm = {
phpPackage = pkgs.php71;
poolConfigs = {
mypool = ''
listen = 127.0.0.1:9000
user = nginx
pm = dynamic
pm.max_children = 5
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 2
pm.max_requests = 50
env[NEXTCLOUD_CONFIG_DIR] = "/var/nextcloud/config"
'';
};
phpOptions =
''
[opcache]
opcache.enable=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=4000
opcache.revalidate_freq=60
opcache.fast_shutdown=1
'';
};
nginx = {
enable = false;
httpConfig = ''
error_log /var/log/nginx/error.log;
server {
listen [::]:443 ssl;
listen *:443 ssl;
server_name crate.wedlake.lan;
ssl_certificate /data/ssl/nginx.crt;
ssl_certificate_key /data/ssl/nginx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:8080/;
}
}
server {
listen [::]:443 ssl;
listen *:443 ssl;
server_name mpd.wedlake.lan;
ssl_certificate /data/ssl/mpd.wedlake.lan.crt;
ssl_certificate_key /data/ssl/mpd.wedlake.lan.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:8082;
# Websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
'';
};
};
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment