Created
August 22, 2021 20:54
-
-
Save doncatnip/ca561aba7ca0b0dfc545981850243b44 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (use-modules (gnu) | |
| (don packages python-web) | |
| (don packages python-xyz)) | |
| (use-service-modules | |
| networking ssh databases web rsync sysctl) | |
| (use-package-modules | |
| shells vim version-control databases pdf python node tls | |
| python-web python-xyz python-science python-build vpn openldap php certs) | |
| (define %python-packages | |
| (list python-sqlalchemy | |
| python-alembic | |
| python-xlrd | |
| python-pandas | |
| python-openpyxl | |
| python-reportlab | |
| python-slugify | |
| python-watchdog | |
| python-ujson | |
| python-ldap | |
| python-wheel | |
| python-redis | |
| python-starlette | |
| python-uvloop | |
| python-httptools | |
| python-mysqlclient | |
| python-kanone | |
| python-websockets | |
| python-uvicorn | |
| python-holidays)) | |
| (define %essential-packages | |
| (list fish gunicorn python python-pip mysql php node openssl nss-certs)) | |
| (define %additional-packages | |
| (list openconnect vim git python-ipython)) | |
| (define %nginx-server-body | |
| '( "charset utf-8;" | |
| "rewrite ^/$ /app;" | |
| "rewrite ^/verwaltung/index$ /app/management/ permanent;" | |
| "rewrite ^/administration/index$ /app/administration/ permanent;" | |
| "rewrite ^/calendar/index$ /app/calendar/ permanent;" | |
| "set $yii_bootstrap \"index.php\";")) | |
| (define %nginx-locations | |
| (list | |
| ;; vue dev server | |
| (nginx-location-configuration | |
| (uri "/app") | |
| (body '("proxy_pass http://127.0.0.1:3000;"))) | |
| ;; hot reload + nice error feedback (websocket) | |
| (nginx-location-configuration | |
| (uri "/app/_loading/ws") | |
| (body '("proxy_pass http://127.0.0.1:3000;" | |
| "proxy_http_version 1.1;" | |
| "proxy_set_header Upgrade $http_upgrade;" | |
| "proxy_set_header Connection \"Upgrade\";"))) | |
| ;; python backend (websocket) | |
| (nginx-location-configuration | |
| (uri "= /api") | |
| (body '("proxy_pass http://127.0.0.1:8000;" | |
| "proxy_http_version 1.1;" | |
| "proxy_set_header Upgrade $http_upgrade;" | |
| "proxy_set_header Connection \"Upgrade\";"))) | |
| ;; nuxt sse (server side events), not sure what exactly they do, | |
| ;; but they clutter the logs with annoying red error messages | |
| (nginx-location-configuration | |
| (uri "/app/_loading/sse") | |
| (body '("proxy_pass http://127.0.0.1:3000;" | |
| "proxy_http_version 1.1;" | |
| "proxy_set_header Connection \"\";" | |
| "proxy_read_timeout 99999;"))) | |
| ;; as long as we have php crap running, we need to specify which | |
| ;; routes are for python and which are for php | |
| ;; unfortunately nginx does not support multiple locations | |
| ;; for =; and using regexp would be messy, so therefore | |
| ;; lets just repeat this for each route | |
| (nginx-location-configuration | |
| (uri "= /event/import") | |
| (body '("proxy_pass http://127.0.0.1:8000;"))) | |
| (nginx-location-configuration | |
| (uri "= /event/export") | |
| (body '("proxy_pass http://127.0.0.1:8000;"))) | |
| (nginx-location-configuration | |
| (uri "= /inventory/import") | |
| (body '("proxy_pass http://127.0.0.1:8000;"))) | |
| (nginx-location-configuration | |
| (uri "= /inventory/export") | |
| (body '("proxy_pass http://127.0.0.1:8000;"))) | |
| (nginx-location-configuration | |
| (uri "= /address/sticker/to_company") | |
| (body '("proxy_pass http://127.0.0.1:8000;"))) | |
| (nginx-location-configuration | |
| (uri "= /address/sticker/to_employee") | |
| (body '("proxy_pass http://127.0.0.1:8000;"))) | |
| (nginx-location-configuration | |
| (uri "= /vehicle/export/drivers") | |
| (body '("proxy_pass http://127.0.0.1:8000;"))) | |
| ;; legacy php | |
| (nginx-location-configuration | |
| (uri "/") | |
| (body '("index index.html $yii_bootstrap;" | |
| "try_files $uri $uri/ /$yii_bootstrap?$args;"))) | |
| (nginx-location-configuration | |
| (uri "~ .php") | |
| (body '("fastcgi_split_path_info ^(.+.php)(.*)$;" | |
| ;; yii catches the calls to unexising PHP files | |
| "set $fsn /$yii_bootstrap;" | |
| "if (-f $document_root$fastcgi_script_name){" | |
| "set $fsn $fastcgi_script_name;" | |
| "}" | |
| "fastcgi_pass unix:/var/run/php-fpm.sock;" | |
| "fastcgi_param HTTP_PROXY \"\";" | |
| "fastcgi_param SCRIPT_FILENAME $document_root$fsn;" | |
| ;; PATH_INFO and PATH_TRANSLATED can be omitted, | |
| ;; but RFC 3875 specifies them for CGI | |
| "fastcgi_param PATH_INFO $fastcgi_path_info;" | |
| "fastcgi_param PATH_TRANSLATED $document_root$fsn;" | |
| "fastcgi_param QUERY_STRING $query_string;" | |
| "fastcgi_param REQUEST_METHOD $request_method;" | |
| "fastcgi_param CONTENT_TYPE $content_type;" | |
| "fastcgi_param CONTENT_LENGTH $content_length;" | |
| "fastcgi_param SCRIPT_NAME $fastcgi_script_name;" | |
| "fastcgi_param REQUEST_URI $request_uri;" | |
| "fastcgi_param DOCUMENT_URI $document_uri;" | |
| "fastcgi_param DOCUMENT_ROOT $document_root;" | |
| "fastcgi_param SERVER_PROTOCOL $server_protocol;" | |
| "fastcgi_param REQUEST_SCHEME $scheme;" | |
| "fastcgi_param HTTPS $https if_not_empty;" | |
| "fastcgi_param GATEWAY_INTERFACE CGI/1.1;" | |
| "fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;" | |
| "fastcgi_param REMOTE_ADDR $remote_addr;" | |
| "fastcgi_param REMOTE_PORT $remote_port;" | |
| "fastcgi_param SERVER_ADDR $server_addr;" | |
| "fastcgi_param SERVER_PORT $server_port;" | |
| "fastcgi_param SERVER_NAME $server_name;" | |
| ;;PHP only, required if PHP was built with --enable-force-cgi-redirect | |
| "fastcgi_param REDIRECT_STATUS 200;" | |
| ;;Tweak fastcgi buffers, just in case. | |
| "fastcgi_buffer_size 128k;" | |
| "fastcgi_buffers 256 4k;" | |
| "fastcgi_busy_buffers_size 256k;" | |
| "fastcgi_temp_file_write_size 256k;"))))) | |
| (define %nginx-server | |
| (nginx-server-configuration | |
| (server-name '("localhost")) | |
| (listen '("443 ssl")) | |
| (ssl-certificate "/srv/ssl/selfsigned.crt") | |
| (ssl-certificate-key "/srv/ssl/selfsigned.key") | |
| (raw-content %nginx-server-body) | |
| (locations %nginx-locations) | |
| (root "/srv/rsyncd/epas/yii/ap1_epas/web"))) | |
| (operating-system | |
| (locale "en_US.utf8") | |
| (timezone "Europe/Berlin") | |
| (keyboard-layout (keyboard-layout "de" "neo")) | |
| (host-name "epas.vm") | |
| (users (cons* (user-account | |
| (name "root") | |
| (group "root") | |
| (home-directory "/root") | |
| (password (crypt "123" "123")) | |
| (uid 0) | |
| (shell #~(string-append #$fish "/bin/fish"))) | |
| %base-user-accounts)) | |
| (packages | |
| (append | |
| %essential-packages | |
| %python-packages | |
| %additional-packages | |
| %base-packages)) | |
| (services | |
| (append | |
| (list | |
| (service sysctl-service-type | |
| (sysctl-configuration | |
| (settings | |
| '(("fs.file-max" . "100000") | |
| ("fs.inotify.max_user_watches" . "100000"))))) | |
| (service openssh-service-type | |
| (openssh-configuration | |
| (permit-root-login #t))) | |
| (service dhcp-client-service-type) | |
| (service redis-service-type) | |
| (service mysql-service-type) | |
| (service php-fpm-service-type | |
| (php-fpm-configuration | |
| (socket "/var/run/php-fpm.sock"))) | |
| (service nginx-service-type | |
| (nginx-configuration | |
| (server-blocks | |
| (list %nginx-server)))) | |
| (service rsync-service-type)) | |
| %base-services)) | |
| (bootloader | |
| (bootloader-configuration | |
| (bootloader grub-bootloader) | |
| (target "/dev/sda") | |
| (keyboard-layout keyboard-layout) | |
| (timeout 0))) | |
| (file-systems %base-file-systems)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment