{ options, config, pkgs, lib, ... }: with lib; let cfg = config.services.ctucx-things; in { options = { services.ctucx-things = with lib; { enable = mkEnableOption "ctucx-things - simple inventory management web-app"; nginx = { enable = mkEnableOption ""; enableACME = mkEnableOption ""; domain = mkOption { type = types.str; }; }; package = mkOption { type = types.package; default = pkgs.ctucx-things; }; user = mkOption { type = types.str; default = "ctucx-things"; }; group = mkOption { type = types.str; default = "ctucx-things"; }; storagePath = mkOption { type = types.str; default = "/var/lib/ctucx-things"; }; }; }; config = lib.mkIf cfg.enable { users.groups."${cfg.group}" = {}; users.users."${cfg.user}" = { isSystemUser = true; home = cfg.storagePath; createHome = true; group = cfg.group; }; services.phpfpm.pools.ctucx-things = { user = cfg.user; group = cfg.group; phpEnv = { THINGS_STORAGE_PATH = cfg.storagePath; }; settings = { pm = "dynamic"; "listen.owner" = config.services.nginx.user; "pm.max_children" = 1; "pm.start_servers" = 1; "pm.min_spare_servers" = 1; "pm.max_spare_servers" = 1; "pm.max_requests" = 500; }; }; services.nginx = lib.mkIf cfg.nginx.enable { virtualHosts."${cfg.nginx.domain}" = { enableACME = lib.mkIf cfg.nginx.enableACME true; forceSSL = lib.mkIf cfg.nginx.enableACME true; root = cfg.package; locations = { "/".index = "index.php"; "/".tryFiles = "$uri $uri/ /index.php"; "~ \.php$".extraConfig = '' fastcgi_pass unix:${config.services.phpfpm.pools.ctucx-things.socket}; fastcgi_index index.php; ''; }; }; }; }; }