1
0
Fork 0

add caddy for ttrss

This commit is contained in:
ibizaman 2022-09-08 23:26:33 -07:00
parent 808dc04885
commit 40a4d308c1
5 changed files with 163 additions and 5 deletions

View file

@ -4,13 +4,13 @@
, utils , utils
}: }:
{ document_root { document_root
, user
, group
, readOnlyPaths ? [] , readOnlyPaths ? []
, readWritePaths ? [] , readWritePaths ? []
, postgresServiceName , postgresServiceName
}: }:
{ TtrssConfig { ...
, TtrssPostgresDB
, ...
}: }:
# Assumptions: # Assumptions:
@ -33,8 +33,8 @@ utils.systemd.mkService rec {
After=network.target ${postgresServiceName} After=network.target ${postgresServiceName}
[Service] [Service]
User=${TtrssConfig.user} User=${user}
Group=${TtrssConfig.group} Group=${group}
ExecStart=${pkgs.php}/bin/php ${fullPath}/update_daemon2.php ExecStart=${pkgs.php}/bin/php ${fullPath}/update_daemon2.php
RuntimeDirectory=${name} RuntimeDirectory=${name}

View file

@ -11,6 +11,10 @@ let
self = { self = {
PostgresDB = callPackage ./PostgresDB {}; PostgresDB = callPackage ./PostgresDB {};
CaddyConfig = callPackage ./caddy/config.nix {inherit utils;};
CaddyService = callPackage ./caddy/unit.nix {inherit utils;};
CaddySiteConfig = callPackage ./caddy/siteconfig.nix {inherit utils;};
TtrssEnvironment = callPackage ./Ttrss/environment.nix {}; TtrssEnvironment = callPackage ./Ttrss/environment.nix {};
TtrssConfig = callPackage ./Ttrss/config.nix {}; TtrssConfig = callPackage ./Ttrss/config.nix {};
TtrssUpdateService = callPackage ./Ttrss/update.nix {inherit utils;}; TtrssUpdateService = callPackage ./Ttrss/update.nix {inherit utils;};

22
caddy/config.nix Normal file
View file

@ -0,0 +1,22 @@
{ stdenv
, pkgs
, utils
}:
{ configDir ? "/etc/caddy"
, configFile ? "Caddyfile"
, siteConfigDir
}:
utils.mkConfigFile {
name = configFile;
dir = configDir;
content = ''
{
# Disable auto https
http_port 10001
https_port 10002
}
import ${siteConfigDir}/*
'';
}

51
caddy/siteconfig.nix Normal file
View file

@ -0,0 +1,51 @@
{ stdenv
, pkgs
, utils
}:
{ siteConfigDir
, runtimeDirectory
, portBinding
, bindService
, useSocket ? false
, serviceRoot ? "/usr/share/webapps/${bindService}"
, phpFpmRuntimeDirectory ? "/run/php-fpm"
, phpFastcgi ? null
, logLevel ? "WARN"
}:
let
content =
[
"root * ${serviceRoot}"
"file_server"
]
++ (
if useSocket
then [
"bind unix/${runtimeDirectory}/${bindService}.sock"
]
else []
)
++ (
if phpFastcgi
then [
"php_fastcgi unix/${phpFpmRuntimeDirectory}/${bindService}.sock"
]
else []
);
in
utils.mkConfigFile {
name = "${bindService}.config";
dir = siteConfigDir;
content = ''
:${builtins.toString portBinding} {
${builtins.concatStringsSep "\n " content}
log {
output stderr
level ${logLevel}
}
}
'';
}

81
caddy/unit.nix Normal file
View file

@ -0,0 +1,81 @@
{ stdenv
, pkgs
, utils
}:
{ user ? "http"
, group ? "http"
, configDir ? "/etc/caddy"
, configFile ? "Caddyfile"
}:
{...}:
utils.systemd.mkService rec {
name = "caddy";
content = ''
[Unit]
Description=Caddy webserver
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Wants=network-online.target systemd-networkd-wait-online.target
StartLimitInterval=14400
StartLimitBurst=10
[Service]
Type=notify
User=${user}
Group=${group}
# Environment=XDG_DATA_HOME=/var/lib
# Environment=XDG_CONFIG_HOME=${configDir}
ExecStart=${pkgs.caddy}/bin/caddy run --environ --config ${configDir}/${configFile}
ExecReload=${pkgs.caddy}/bin/caddy reload --config ${configDir}/${configFile}
# Restart=on-abnormal
# # RuntimeDirectory=caddy
# KillMode=mixed
# KillSignal=SIGQUIT
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
# PrivateDevices=true
PrivateTmp=true
# ProtectKernelTunables=true
# ProtectKernelModules=true
# ProtectControlGroups=true
# ProtectKernelLogs=true
# ProtectHome=true
# ProtectHostname=true
# ProtectClock=true
# RestrictSUIDSGID=true
# LockPersonality=true
# NoNewPrivileges=true
# CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
# ProtectSystem=strict
ProtectSystem=full
# ReadWritePaths=/var/lib/caddy /var/log/caddy
[Install]
WantedBy=multi-user.target
'';
}
# Put this in /etc/caddy/Caddyfile
# {
# # debug
#
# # Disable auto https
# http_port 10001
# https_port 10002
# }
#
# import conf.d/*