From d467730a35540154afd93daafa54e8aa629f8c8c Mon Sep 17 00:00:00 2001
From: Jeremy Penner <jeremy@sporktania.com>
Date: Thu, 11 Nov 2021 21:04:41 -0500
Subject: [PATCH] bump upload maximums, fix acme

---
 default.nix | 4 +++-
 module.nix  | 1 +
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/default.nix b/default.nix
index b85509f..f516760 100644
--- a/default.nix
+++ b/default.nix
@@ -45,6 +45,8 @@ with pkgs; let
       make install
       cd ..
       sed -i 's:^extension_dir = .*:extension_dir = "'$("$out/bin/php-config" --extension-dir)'":' "$out/lib/php.ini"
+      sed -i 's:^upload_max_filesize = .*:upload_max_filesize = 200M:' "$out/lib/php.ini"
+      sed -i 's:^post_max_size = .*:post_max_size = 200M:' "$out/lib/php.ini"
       echo "extension=suhosin.so" >> "$out/lib/php.ini"
       echo "sendmail_path=/run/wrappers/bin/sendmail -t -i" >> "$out/lib/php.ini"
     '';
@@ -77,7 +79,7 @@ in
         # Block access to "hidden" files and directories whose names begin with a
         # period. This includes directories used by version control systems such
         # as Subversion or Git to store control files.
-        "~ (^|/)\\." = { return = "403"; };
+        "~ (^|/)\\.(?!well-known/)" = { return = "403"; };
         "~ \\.php$" = {
           extraConfig = ''
             client_max_body_size 200m;
diff --git a/module.nix b/module.nix
index 818c434..0fc46c1 100644
--- a/module.nix
+++ b/module.nix
@@ -30,6 +30,7 @@ in {
                 Group = "nginx";
                 RuntimeDirectory = "php52-fpm";
                 LogsDirectory = "php52-fpm";
+                Restart = "always";
             };
         };
     };