From c08ff3391fd289558b96e711ecd61bc456c65a5e Mon Sep 17 00:00:00 2001 From: Bun Date: Sat, 12 Jul 2025 02:56:43 -0400 Subject: [PATCH] Add optional php to nginx --- hosts/midas/services/nginx/nixfox/default.nix | 78 +++++++------------ .../server/matrix/element/default.nix | 2 +- .../minecraft/servers/uberbeta/default.nix | 8 +- .../system/services/server/nginx/default.nix | 1 + .../services/server/nginx/php/default.nix | 21 +++++ 5 files changed, 60 insertions(+), 50 deletions(-) create mode 100644 modules/system/services/server/nginx/php/default.nix diff --git a/hosts/midas/services/nginx/nixfox/default.nix b/hosts/midas/services/nginx/nixfox/default.nix index 0a3260c0..1a2c08ab 100644 --- a/hosts/midas/services/nginx/nixfox/default.nix +++ b/hosts/midas/services/nginx/nixfox/default.nix @@ -1,60 +1,42 @@ -{ config, lib, pkgs, ... }: +{ config, pkgs, ... }: { - services = { - # The main nginx domain - nginx.virtualHosts = { - "nixfox.ca" = { - enableACME = true; - addSSL = true; - root = "/var/www/nixfox-reborn/public"; + services.nginx.virtualHosts = { + "nixfox.ca" = { + default = true; + enableACME = true; + addSSL = true; - locations = { - "/".extraConfig = '' - error_page 404 /404.html; - ''; + root = "/var/www/nixfox-reborn/public"; - "~ \\.php$".extraConfig = '' - fastcgi_index index.php; - fastcgi_pass unix:${config.services.phpfpm.pools.nginx.socket}; - ''; + locations = { + "/".extraConfig = '' + error_page 404 /404.html; + ''; - "/.well-known/matrix/client".extraConfig = '' - default_type application/json; - return 200 '{ - "m.homeserver": { "base_url": "https://matrix.nixfox.ca" }, - "m.identity_server": { "base_url": "https://matrix.org" } - }'; - ''; + "~ \\.php$".extraConfig = '' + fastcgi_index index.php; + fastcgi_pass unix:${config.services.phpfpm.pools.nginx.socket}; + ''; - "/.well-known/matrix/server".extraConfig = '' - default_type application/json; - return 200 '{ "m.server": "matrix.nixfox.ca:443" }'; - ''; - }; - }; + "/.well-known/matrix/client".extraConfig = '' + default_type application/json; + return 200 '{ + "m.homeserver": { "base_url": "https://matrix.nixfox.ca" }, + "m.identity_server": { "base_url": "https://matrix.org" } + }'; + ''; - "old.nixfox.ca" = { - enableACME = true; - addSSL = true; - root = "/var/www/landing-page"; + "/.well-known/matrix/server".extraConfig = '' + default_type application/json; + return 200 '{ "m.server": "matrix.nixfox.ca:443" }'; + ''; }; }; - # Enable PHP for some fancy stuff - phpfpm.pools.nginx = { - user = "nobody"; - settings = { - "pm" = "dynamic"; - "pm.max_children" = 75; - "pm.start_servers" = 10; - "pm.min_spare_servers" = 5; - "pm.max_spare_servers" = 20; - "pm.max_requests" = 500; - "listen.owner" = config.services.nginx.user; - "listen.group" = config.services.nginx.group; - "listen.mode" = "0660"; - "catch_workers_output" = 1; - }; + "old.nixfox.ca" = { + enableACME = true; + addSSL = true; + root = "/var/www/landing-page"; }; }; } diff --git a/modules/system/services/server/matrix/element/default.nix b/modules/system/services/server/matrix/element/default.nix index a1ba1067..70b8275d 100644 --- a/modules/system/services/server/matrix/element/default.nix +++ b/modules/system/services/server/matrix/element/default.nix @@ -8,7 +8,7 @@ server_name = "matrix.${config.vars.primeDomain}"; }; branding = { - auth_header_logo_url = "https://www.${config.vars.primeDomain}/images/copyright/profile.png"; + auth_header_logo_url = "https://${config.vars.primeDomain}/nixfoxlogo.png"; #welcome_background_url = "https://www.${config.vars.primeDomain}/images/backgrounds/template-background.png"; }; embedded_pages.home_url = "https://www.${config.vars.primeDomain}/"; diff --git a/modules/system/services/server/minecraft/servers/uberbeta/default.nix b/modules/system/services/server/minecraft/servers/uberbeta/default.nix index ef2a6334..119f4572 100644 --- a/modules/system/services/server/minecraft/servers/uberbeta/default.nix +++ b/modules/system/services/server/minecraft/servers/uberbeta/default.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, nodes, ... }: let uberBukkit = pkgs.fetchurl { url = "https://github.com/Moresteck/uberbukkit/releases/download/2.0.2-241217-1442-3a5552b/uberbukkit-2.0.2.jar"; @@ -18,4 +18,10 @@ in { }; cloudflare-dyndns.domains = lib.mkIf config.services.minecraft-servers.servers.uberbeta.enable [ "beta.${config.vars.primeDomain}" ]; }; + + networking.firewall.extraInputRules = let + targetHosts = lib.attrValues (lib.mapAttrs (_: node: node.config.deployment.targetHost) nodes); + in lib.mkIf config.services.minecraft-servers.servers.uberbeta.enable '' + ip6 saddr { ${lib.concatStringsSep ", " targetHosts} } tcp dport 30005 accept + ''; } diff --git a/modules/system/services/server/nginx/default.nix b/modules/system/services/server/nginx/default.nix index 0981fe41..755f15ca 100644 --- a/modules/system/services/server/nginx/default.nix +++ b/modules/system/services/server/nginx/default.nix @@ -2,6 +2,7 @@ { imports = [ ./acme + ./php ./user ]; diff --git a/modules/system/services/server/nginx/php/default.nix b/modules/system/services/server/nginx/php/default.nix new file mode 100644 index 00000000..ab6213be --- /dev/null +++ b/modules/system/services/server/nginx/php/default.nix @@ -0,0 +1,21 @@ +{ config, lib, ... }: +{ + # Enable optional PHP socket + config = lib.mkIf config.services.nginx.enable { + services.phpfpm.pools.nginx = { + user = "nobody"; + settings = { + "pm" = "dynamic"; + "pm.max_children" = 75; + "pm.start_servers" = 10; + "pm.min_spare_servers" = 5; + "pm.max_spare_servers" = 20; + "pm.max_requests" = 500; + "listen.owner" = config.services.nginx.user; + "listen.group" = config.services.nginx.group; + "listen.mode" = "0660"; + "catch_workers_output" = 1; + }; + }; + }; +}