forgot what i added lmao
This commit is contained in:
parent
4d1653f976
commit
74ae09fa18
|
@ -187,6 +187,7 @@ in {
|
||||||
"rivervalleychocolate.com".php = true;
|
"rivervalleychocolate.com".php = true;
|
||||||
"tac.yugoslavia.best".dataDir = "/var/www/tac.yugoslavia.best/public";
|
"tac.yugoslavia.best".dataDir = "/var/www/tac.yugoslavia.best/public";
|
||||||
"tac.yugoslavia.best".php = true;
|
"tac.yugoslavia.best".php = true;
|
||||||
|
"tac.yugoslavia.best".phpHandlePathing = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
nitter = {
|
nitter = {
|
||||||
|
|
|
@ -27,6 +27,24 @@ let
|
||||||
description = "Does this site use php (phpfpm)?";
|
description = "Does this site use php (phpfpm)?";
|
||||||
default = false;
|
default = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
phpHandlePathing = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
description = "Let PHP handle pathing (for eg. Laravel)";
|
||||||
|
default = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
disableLogsForMisc = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
description = "Disables access logs for /favicon.ico and /robots.txt";
|
||||||
|
default = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
denySensitivePaths = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
description = "Disables access to paths starting with a . (except well-known) to prevent leaking potentially sensitive data";
|
||||||
|
default = true;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
in {
|
in {
|
||||||
options.modules.services.staticSites = mkOption {
|
options.modules.services.staticSites = mkOption {
|
||||||
|
@ -48,14 +66,50 @@ in {
|
||||||
|
|
||||||
services.nginx.virtualHosts = mkMerge (mapAttrsToList (domain: site: {
|
services.nginx.virtualHosts = mkMerge (mapAttrsToList (domain: site: {
|
||||||
${domain} = {
|
${domain} = {
|
||||||
locations."/".basicAuth = site.auth;
|
locations = mkMerge [
|
||||||
locations."~ \.php$".extraConfig = mkIf site.php ''
|
{ "/".basicAuth = site.auth; }
|
||||||
fastcgi_pass unix:${config.services.phpfpm.pools."${domain}".socket};
|
|
||||||
fastcgi_index index.php;
|
( mkIf site.php { "/".index = "index.php index.html"; })
|
||||||
include ${pkgs.nginx}/conf/fastcgi_params;
|
|
||||||
include ${pkgs.nginx}/conf/fastcgi.conf;
|
( mkIf site.disableLogsForMisc {
|
||||||
'';
|
"= /favicon.ico".extraConfig = ''
|
||||||
locations."/".index = mkIf site.php "index.php index.html";
|
access_log off;
|
||||||
|
log_not_found off;
|
||||||
|
'';
|
||||||
|
"= /robots.txt".extraConfig = ''
|
||||||
|
access_log off;
|
||||||
|
log_not_found off;
|
||||||
|
'';
|
||||||
|
})
|
||||||
|
|
||||||
|
( mkIf site.denySensitivePaths {
|
||||||
|
"${''~ /\.(?!well-known).*''}".extraConfig = ''deny all;'';
|
||||||
|
})
|
||||||
|
|
||||||
|
( mkIf (site.php && (!site.phpHandlePathing)) {
|
||||||
|
"${''~ \.php$''}".extraConfig = ''
|
||||||
|
fastcgi_pass unix:${config.services.phpfpm.pools."${domain}".socket};
|
||||||
|
fastcgi_index index.php;
|
||||||
|
include ${pkgs.nginx}/conf/fastcgi_params;
|
||||||
|
include ${pkgs.nginx}/conf/fastcgi.conf;
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
( mkIf (site.php && site.phpHandlePathing) {
|
||||||
|
"${''~ \.php$''}".extraConfig = ''
|
||||||
|
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
|
||||||
|
fastcgi_pass unix:${config.services.phpfpm.pools."${domain}".socket};
|
||||||
|
fastcgi_index index.php;
|
||||||
|
include ${pkgs.nginx}/conf/fastcgi_params;
|
||||||
|
include ${pkgs.nginx}/conf/fastcgi.conf;
|
||||||
|
'';
|
||||||
|
"/".extraConfig = ''
|
||||||
|
try_files $uri $uri/ /index.php?$query_string;
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
)
|
||||||
|
];
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
root = site.dataDir;
|
root = site.dataDir;
|
||||||
|
|
Loading…
Reference in New Issue