Initial commit

2024-06-15 11:51:28 +02:00 · 2024-06-15 11:51:28 +02:00 · a4da04692c
commit a4da04692c
11 changed files with 543 additions and 0 deletions
--- a/hosts/sesame/bois-ar.nix
+++ b/hosts/sesame/bois-ar.nix
@ -0,0 +1,108 @@
+{ pkgs, lib, config, ... }:
+let
+  app = "boisar";
+  # domain = "bois-ar.com";
+  domain = "bois-ar.hemono.fr";
+  dataDir = "/srv/http/${app}";
+in {
+  services.phpfpm.pools.${app} = {
+    user = app;
+    settings = {
+      "listen.owner" = config.services.nginx.user;
+      "pm" = "dynamic";
+      "pm.max_children" = 15;
+      "pm.max_requests" = 500;
+      "pm.start_servers" = 2;
+      "pm.min_spare_servers" = 1;
+      "pm.max_spare_servers" = 3;
+      "php_admin_value[error_log]" = "stderr";
+      "php_admin_flag[log_errors]" = true;
+      "catch_workers_output" = true;
+    };
+    phpEnv."PATH" = lib.makeBinPath [ pkgs.php ];
+  };
+  services.nginx = {
+    enable = true;
+    virtualHosts.${domain} = {
+      # serverAliases = ["www.bois-ar.com"];
+      forceSSL = true;
+      enableACME = true;
+      root = dataDir;
+      locations = {
+        "= /favicon.ico" = {
+          extraConfig = ''
+            log_not_found off;
+            access_log off;
+          '';
+        };
+        "= /robots.txt" = {
+          extraConfig = ''
+            allow all;
+            log_not_found off;
+            access_log off;
+          '';
+        };
+        "~ \.php$" = {
+          tryFiles = "$uri =404";
+          extraConfig = ''
+            fastcgi_pass unix:${config.services.phpfpm.pools.${app}.socket};
+            include ${pkgs.nginx}/conf/fastcgi.conf;
+            fastcgi_intercept_errors on;
+          '';
+        };
+        "~* \.(js|css|png|jpg|jpeg|gif|ico)$" = {
+          extraConfig = ''
+            expires max;
+            log_not_found off;
+          '';
+        };
+      };
+      # WP Super Cache rules.
+      # Designed to be included from a 'wordpress-ms-...' configuration file.
+      extraConfig = ''
+        index index.php; # Not related to super cache
+        set $cache_uri $request_uri;
+        # POST requests and urls with a query string should always go to PHP
+        if ($request_method = POST) {
+            set $cache_uri 'null cache';
+        }
+        if ($query_string != "") {
+            set $cache_uri 'null cache';
+        }
+        # Don't cache uris containing the following segments
+        if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
+            set $cache_uri 'null cache';
+        }
+        # Don't use the cache for logged in users or recent commenters
+        if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in") {
+            set $cache_uri 'null cache';
+        }
+      '';
+      # Use cached or actual file if they exists, otherwise pass request to WordPress
+      locations."/" = {
+        tryFiles = "/wp-content/cache/supercache/$http_host/$cache_uri/index-$scheme.html $uri $uri/ /index.php?$args";
+      };
+    };
+  };
+  users.users.${app} = {
+    isSystemUser = true;
+    createHome = true;
+    home = dataDir;
+    homeMode = "750";
+    group = app;
+  };
+  users.groups.${app} = {};
+  users.users.nginx.extraGroups = [ app ];
+  services.mysql = {
+    enable = true;
+    ensureDatabases = [ app ];
+    ensureUsers = [
+      {
+        name = app;
+        ensurePermissions = {
+          "${app}.*" = "ALL PRIVILEGES";
+        };
+      }
+    ];
+  };
+}