javif89/nix
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Nix valet working

Browse Source
This commit is contained in:
Javier Feliz 2025-08-17 20:51:39 -04:00
parent 065a363242
commit d336c8bf9c
2 changed files with 77 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/desktop/default.nix
View File

@ -9,7 +9,7 @@
{ {
imports = [ imports = [
../common-config.nix ../common-config.nix
# ../../modules/system/nix-valet.nix ../../modules/system/nix-valet.nix
../../modules/system/device-management/logitech.nix ../../modules/system/device-management/logitech.nix
./hardware-configuration.nix ./hardware-configuration.nix
]; ];

110
modules/system/nix-valet.nix
View File

@ -11,18 +11,7 @@
lib, lib,
... ...
}: }:
let
customCaddy = pkgs.xcaddy {
pname = "caddy-frankenphp";
version = "2.7.6";
subPackages = [ "cmd/caddy" ];
plugins = [
"github.com/dunglas/frankenphp/caddy"
];
};
in
{ {
services = { services = {
# Enable dnsmasq # Enable dnsmasq
@ -47,44 +36,92 @@ in
}; };
# Enable PHP-FPM # Enable PHP-FPM
phpfpm = { # phpfpm = {
pools.www = { # pools.www = {
user = "javi"; # user = "javi";
group = "users"; # group = "users";
settings = { # settings = {
"listen.owner" = "javi"; # "listen.owner" = "javi";
"listen.group" = "users"; # "listen.group" = "users";
"listen.mode" = "0660"; # "listen.mode" = "0660";
"pm" = "dynamic"; # "pm" = "dynamic";
"pm.max_children" = 32; # "pm.max_children" = 32;
"pm.start_servers" = 2; # "pm.start_servers" = 2;
"pm.min_spare_servers" = 2; # "pm.min_spare_servers" = 2;
"pm.max_spare_servers" = 4; # "pm.max_spare_servers" = 4;
"pm.max_requests" = 500; # "pm.max_requests" = 500;
}; # };
phpEnv."PATH" = lib.makeBinPath [ pkgs.php ]; # phpEnv."PATH" = lib.makeBinPath [ pkgs.php ];
}; # };
}; # };
# Enable Caddy # Enable Caddy
caddy = { caddy = {
enable = true; enable = true;
package = customCaddy; package = pkgs.frankenphp;
globalConfig = '' globalConfig = ''
auto_https off auto_https off
frankenphp frankenphp
debug
order php_server before file_server order php_server before file_server
''; '';
/*
WORKING CONFIG
map {host} {pname} {
~^(.+)\.test$ $1
default "unknown"
}
root * /home/javi/projects/{pname}/public
# Add file server directive with browse enabled for debugging
file_server browse
# Or for PHP apps, add try_files
try_files {path} {path}/ /index.php?{query}
php_server
*/
extraConfig = '' extraConfig = ''
# Specific subdomain first (more specific routes come first) # Specific subdomain first (more specific routes come first)
http://caddytest.test { http://caddytest.test {
respond "We in caddyland" respond "fuck"
} }
# Wildcard for other .test domains http://*.test, http://*.*.test {
http://*.test { map {host} {project_dir} {
root * /home/javi/projects/{labels.1}/public ~^(.+)\.test$ $1
default "unknown"
}
vars base_path "/home/javi/projects/{project_dir}"
@laravel file {
root {vars.base_path}/public
try_files index.php
}
@jigsaw file {
root {vars.base_path}/build_local
try_files index.html
}
handle @laravel {
root * {vars.base_path}/public
php_server php_server
file_server
try_files {path} {path}/ /index.php?{query}
}
handle @jigsaw {
root * {vars.base_path}/build_local
try_files {path} {path}/ /index.html
file_server
}
handle {
respond "Unknown project type"
}
} }
''; '';
}; };
@ -132,6 +169,11 @@ in
serviceConfig = { serviceConfig = {
User = lib.mkForce "javi"; User = lib.mkForce "javi";
Group = lib.mkForce "users"; Group = lib.mkForce "users";
ProtectHome = lib.mkForce false; # This is key!
ProtectSystem = lib.mkForce false;
PrivateTmp = lib.mkForce false;
# More comprehensive capabilities # More comprehensive capabilities
AmbientCapabilities = [ AmbientCapabilities = [
"CAP_NET_BIND_SERVICE" "CAP_NET_BIND_SERVICE"