manu
/
config-vps
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2afd47e09d'
${ noResults }
config-vps/configuration.nix

137 lines
3.6 KiB
Nix
Raw Blame History Unescape Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

# The is the system definition for vps749417.ovh.net.
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
# Boot loader
boot.loader = {
grub = {
enable = true;
device = "/dev/sda";
};
};
# Network configuration
networking = {
hostName = "vps749417";
useDHCP = false;
interfaces.ens3.useDHCP = true;
firewall.allowedTCPPorts = [ 22 80 443 ];
};
# Time zone
time.timeZone = "Europe/Paris";
# Packages installed in system profile
environment.systemPackages = with pkgs; [
git htop tmux vim wget
];
# OpenSSH daemon
services.openssh = {
enable = true;
passwordAuthentication = false;
};
# Nginx web server
services.nginx = {
enable = true;
virtualHosts."www.beffara.org" = {
default = true;
forceSSL = true;
root = "/data/web/root";
sslCertificate = "/data/web/cert/beffara.org.crt";
sslCertificateKey = "/data/web/cert/beffara.org.key";
locations."/owncloud/" = {
alias = "/data/web/nextcloud/site/";
extraConfig = ''
rewrite ^/owncloud/((cal|card|web)dav.*)$ /owncloud/remote.php/$1 redirect;
'';
};
locations."~ ^/owncloud/.+\.php(/|$)" = {
alias = "/data/web/nextcloud/site/";
extraConfig = ''
fastcgi_pass unix:${config.services.phpfpm.pools.nextcloud.socket};
fastcgi_index index.php;
include ${config.services.nginx.package}/conf/fastcgi.conf;
fastcgi_split_path_info ^/owncloud/(.+\.php)(|/.*)$;
fastcgi_param SCRIPT_NAME /owncloud/$fastcgi_script_name;
'';
};
extraConfig = ''
index index.php index.html;
add_header Strict-Transport-Security "max-age=15768000;";
rewrite ^/.well-known/host-meta /owncloud/public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /owncloud/public.php?service=host-meta-json last;
rewrite ^/.well-known/(cal|card)dav /owncloud/remote.php/$1dav/ redirect;
'';
};
};
# FastCGI server for PHP
services.phpfpm = {
phpOptions = ''
memory_limit = 512M
extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
extension=${pkgs.phpPackages.imagick}/lib/php/extensions/imagick.so
'';
pools.nextcloud = {
user = "nextcloud";
settings = {
"listen.owner" = config.services.nginx.user;
"pm" = "dynamic";
"pm.max_children" = 5;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 1;
"pm.max_spare_servers" = 3;
"pm.max_requests" = 500;
};
};
};
# MySQL database
services.mysql = {
enable = true;
package = pkgs.mariadb;
ensureDatabases = [ "nextcloud" ];
ensureUsers = [
{
name = "nextcloud";
ensurePermissions = { "nextcloud.*" = "ALL PRIVILEGES"; };
}
];
};
# System user accounts
users.users.nextcloud = {
isSystemUser = true;
home = "/data/web/nextcloud";
group = "nextcloud";
};
users.groups.nextcloud = { };
# Initial user account
users.users.manu = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
initialHashedPassword = "$6$40/yq55oyhD2MhbS$fox2DB5Aj4EpbQAx8z6FYEh3Jl3HKa7aHlGbijJukWxOpXIlKqNucBA8Eene7SaUQzHpvrhke9EFZIRxZpl5F/";
};
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "19.09"; # Did you read the comment?
}
Reference in New Issue View Git Blame Copy Permalink