From 259ea945429b931c3bdf513dd844b8025be2a7dd Mon Sep 17 00:00:00 2001 From: Audrey Dutcher Date: Wed, 23 Apr 2025 12:51:02 -0700 Subject: [PATCH] sunflower: add mspa --- sites/sunflower/configuration.nix | 48 +++++++++++++++++++++++++++---- 1 file changed, 43 insertions(+), 5 deletions(-) diff --git a/sites/sunflower/configuration.nix b/sites/sunflower/configuration.nix index d7a9eeb..41d096d 100644 --- a/sites/sunflower/configuration.nix +++ b/sites/sunflower/configuration.nix @@ -33,10 +33,44 @@ services.postgresql = { enable = true; - ensureDatabases = [ "bingosync" ]; + ensureDatabases = [ + "bingosync" + "mspa" + ]; ensureUsers = [ { name = "bingosync"; ensureDBOwnership = true; } + { name = "mspa"; ensureDBOwnership = true; } ]; + authentication = pkgs.lib.mkOverride 10 '' + #type database DBuser auth-method optional_ident_map + local all all peer map=defaultmap + ''; + identMap = '' + # ArbitraryMapName systemUser DBUser + defaultmap root postgres + defaultmap postgres postgres + defaultmap php-nginx mspa + defaultmap bingosync bingosync + ''; + }; + + users.users.php-nginx = { + isSystemUser = true; + group = "php-nginx"; + }; + users.groups.php-nginx = {}; + + services.phpfpm.pools.nginx = { + user = "php-nginx"; + settings = { + "pm" = "dynamic"; + "listen.owner" = config.services.nginx.user; + "pm.max_children" = 5; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 1; + "pm.max_spare_servers" = 3; + "pm.max_requests" = 500; + }; }; services.nginx = { @@ -50,12 +84,16 @@ default = true; forceSSL = true; enableACME = true; - locations."/" = { - root = "/var/www/rhelmot.io/"; - }; + root = "/var/www/rhelmot.io/"; locations."/secret/" = { basicAuthFile = "/var/lib/rhelmot.io/secret"; - root = "/var/www/rhelmot.io/"; + }; + locations."~ ^/MSPA/(.*\\.php|)$" = { + extraConfig = '' + fastcgi_pass unix:${config.services.phpfpm.pools.nginx.socket}; + fastcgi_index index.php; + ''; + index = "index.php index.html"; }; }; "www.rhelmot.io" = {