nixos-config/stubbfelnix
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Files
436e999ecbd67c311d780080ccba0ac7cd4e85e6
stubbfelnix/services/nextcloud.nix
stubbfel 436e999ecb update to 21.05
2021-06-26 21:46:23 +02:00

195 lines
7.2 KiB
Nix
Raw Blame History

{ config, pkgs, ... }:
let
myPhp = pkgs.php.buildEnv {
extensions = { all, ... }: with all; [ imagick opcache apcu redis memcached ];
extraConfig = ''
memory_limit=5G
post_max_size=5G
upload_max_filesize=5G
output_buffering=0
'';
};
in
{
# environment.systemPackages = with pkgs; [ nextcloud ];
services.nginx.virtualHosts."cloud.stubbe.rocks" = {
enableACME = true;
forceSSL = true;
serverName = "cloud.stubbe.rocks";
root = "/var/www/nextcloud/";
extraConfig = ''
client_max_body_size 1024M;
fastcgi_buffers 64 4K;
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
add_header Strict-Transport-Security "max-age=31536000;includeSubDomains";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
add_header X-Frame-Options sameorigin;
'';
locations = {
"= /robots.txt" = {
priority = 100;
extraConfig = ''
allow all;
log_not_found off;
access_log off;
'';
};
"/" = {
priority = 900;
extraConfig = "rewrite ^ /index.php;";
};
"^~ /.well-known" = {
priority = 210;
extraConfig = ''
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
try_files $uri $uri/ =404;
'';
};
# PHP files
"~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\\.php(?:$|/)" = {
extraConfig = ''
fastcgi_split_path_info ^(.+\\.php)(/.*)$;
include ${pkgs.nginx}/conf/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass unix:/run/phpfpm/nextcloud.sock;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
'';
};
"~ ^/(?:updater|ocs-provider)(?:$|/)" = {
tryFiles = "$uri/ =404";
index = "index.php";
};
# CSS and JavaScript files
"~* ^/(?!apps-local).*\\.(?:css|js)$" = {
tryFiles = "$uri /index.php$request_uri";
extraConfig = ''
add_header Cache-Control "public, max-age=15778463";
add_header Strict-Transport-Security "max-age=31536000;includeSubDomains";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
add_header X-Frame-Options sameorigin;
'';
};
# Other static assets
"~* ^/(?!apps-local).*\\.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$" = {
tryFiles = "$uri /index.php$request_uri";
extraConfig = ''
add_header Cache-Control "public, max-age=15778463";
add_header Strict-Transport-Security "max-age=31536000;includeSubDomains";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
add_header X-Frame-Options sameorigin;
'';
};
# Locally installed apps:
#
# No need to specify location for PHP files of installed apps???
#
# CSS and JavaScript files for installed apps
"~* ^/apps-local/.*\\.(?:css|js)$" = {
root = "/var/nextcloud";
tryFiles = "$uri =404";
};
# Other static assets for installed apps
"~* ^/apps-local/.*\\.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$" = {
root = "/var/nextcloud";
tryFiles = "$uri =404";
};
"~ ^/(?:build|tests|config|lib|3rdparty|templates|data|\\.|autotest|occ|issue|indie|db_|console)" = {
extraConfig = "deny all;";
};
};
};
users.extraUsers.nextcloud.packages = [
myPhp
# pkgs.phpExtensions74.apcu
# pkgs.phpPackages.memcached
# pkgs.phpPackages.redis
# pkgs.phpPackages.imagick
];
# Option I: PHP-FPM pool for Nextcloud
services.phpfpm.pools.nextcloud = let
phpfpmSocketName = "/run/phpfpm/nextcloud.sock";
phpfpmUser = "nextcloud";
phpfpmGroup = "nextcloud";
server = "nginx";
in
{
settings = {
"listen" = "${phpfpmSocketName}";
"listen.owner" = "${server}";
"listen.group" = "${server}";
"user" = "${phpfpmUser}";
"group" = "${phpfpmGroup}";
"pm" = "dynamic";
"pm.max_children" = "120";
"pm.start_servers" = "12";
"pm.min_spare_servers" = "6";
"pm.max_spare_servers" = "18";
};
phpEnv = {
NEXTCLOUD_CONFIG_DIR = "/var/www/nextcloud/config";
PATH = "/run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin";
};
};
services.phpfpm.phpOptions = ''
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
memory_limit=2G
post_max_size=2G
upload_max_filesize=2G
extension=${pkgs.php74Extensions.redis}/lib/php/extensions/redis.so
extension=${pkgs.php74Extensions.apcu}/lib/php/extensions/apcu.so
extension=${pkgs.php74Extensions.imagick}/lib/php/extensions/imagick.so
extension=${pkgs.php74Extensions.opcache}/lib/php/extensions/opcache.so
extension=${pkgs.php74Extensions.memcached}/lib/php/extensions/memcached.so
'';
# services.phpfpm.phpPackage = myPhp;
services.cron.enable = true;
}
Reference in New Issue View Git Blame Copy Permalink