let
nixpkgsOptions = {
overlays = [
( self : super : {
/* N O T E : N a m e s p a c e d u n d e r ` p k g s . c r y t o . * ` t o p r e v e n t n a m i n g c o n f l i c t s w i t h u p s t r e a m n i x p k g s */
cryto = {
fetchFromCrytoGit = self . callPackage ./lib/fetch/from-cryto-git.nix { } ;
nodeApplication = self . callPackage ./lib/node-application.nix { } ;
unpack = self . callPackage ./lib/unpack.nix { } ;
mobileProxy = self . callPackage ./packages/mobile-proxy { configFile = null ; } ;
} ;
} )
] ;
} ;
pkgs = ( import ( fetchTarball " h t t p s : / / g i t h u b . c o m / N i x O S / n i x p k g s - c h a n n e l s / a r c h i v e / n i x o s - 1 9 . 0 3 . t a r . g z " ) nixpkgsOptions ) ;
pkgs1803 = ( import ( fetchTarball " h t t p s : / / g i t h u b . c o m / N i x O S / n i x p k g s - c h a n n e l s / a r c h i v e / n i x o s - 1 8 . 0 3 . t a r . g z " ) nixpkgsOptions ) ;
presets = {
base = ( import ./presets/base.nix ) ;
kvm = ( import ./presets/kvm.nix ) ;
} ;
nginxPresets = {
php = ( import ./presets/nginx/php.nix ) ;
cphpApplication = ( import ./presets/nginx/cphp-application.nix ) ;
reverseProxy = ( import ./presets/nginx/reverse-proxy.nix ) ;
} ;
in {
network = {
inherit pkgs ;
description = " C r y t o " ;
} ;
" m a c h i n e - h a l e s s - 0 3 . c r y t o . n e t " = { pkgs , lib , config , . . . } @ args : {
system . stateVersion = " 1 9 . 0 3 " ;
imports = [
presets . base
presets . kvm
./hardware-configurations/machine-haless-03.nix
] ;
deployment . healthChecks . http = [
{ scheme = " h t t p " ; port = 80 ; path = " / " ; host = " t o d o . c r y t o . n e t " ; description = " t o d o . c r y t o . n e t i s u p " ; }
{ scheme = " h t t p " ; port = 80 ; path = " / " ; host = " b o o k s . c r y t o . n e t " ; description = " b o o k s . c r y t o . n e t i s u p " ; }
{ scheme = " h t t p " ; port = 80 ; path = " / " ; host = " l e a r n . c r y t o . n e t " ; description = " l e a r n . c r y t o . n e t i s u p " ; }
{ scheme = " h t t p " ; port = 80 ; path = " / " ; host = " v p s - l i s t . c r y t o . n e t " ; description = " v p s - l i s t . c r y t o . n e t i s u p " ; }
{ scheme = " h t t p " ; port = 80 ; path = " / " ; host = " i o m f a t s . c r y t o . n e t " ; description = " i o m f a t s . c r y t o . n e t i s u p " ; }
{ scheme = " h t t p " ; port = 80 ; path = " / " ; host = " c a s t l e r o l a n d . c r y t o . n e t " ; description = " c a s t l e r o l a n d . c r y t o . n e t i s u p " ; }
{ scheme = " h t t p " ; port = 80 ; path = " / " ; host = " a w e s o m e d u d e . c r y t o . n e t " ; description = " a w e s o m e d u d e . c r y t o . n e t i s u p " ; }
] ;
networking . firewall . allowedTCPPorts = [ 80 ] ;
services . nginx = {
enable = true ;
virtualHosts = {
" 4 0 4 . c r y t o . n e t " = {
default = true ;
extraConfig = ''
return 404 ;
'' ;
} ;
" h a l e s s . c r y t o . n e t " = {
locations . " / s h a d o w " = {
alias = ./sources/shadow-generator ;
} ;
locations . " / k n e x - m i r r o r " = {
alias = ./sources/knex-mirror ;
} ;
} ;
" b o o k s . c r y t o . n e t " = lib . mkMerge [
( nginxPresets . php args ) /* T e m p o r a r y h a c k u n t i l I c a n f i g u r e o u t t h e m k M e r g e e v a l u a t i o n o r d e r i s s u e */
{
root = pkgs . stdenv . mkDerivation {
name = " c r y t o - b o o k s " ;
src = ./sources/cryto-books ;
installPhase = ''
mkdir - p $ out /
cp - r $ src /* $ o u t /
cp $ { ../private/cryto-books/credentials.php } $ out/credentials.php
'' ;
} ;
}
] ;
" t o d o . c r y t o . n e t " = lib . mkMerge [
( nginxPresets . php args ) /* T e m p o r a r y h a c k u n t i l I c a n f i g u r e o u t t h e m k M e r g e e v a l u a t i o n o r d e r i s s u e */
( nginxPresets . cphpApplication ( pkgs . stdenv . mkDerivation {
name = " c r y t o - t o d o " ;
src = ./sources/cryto-todo ;
installPhase = ''
mkdir - p $ out/public_html
cp - r $ src /* $ o u t / p u b l i c _ h t m l
cp $ { ../private/cryto-todo/config.json } $ out/config.json
'' ;
} ) )
] ;
" l e a r n . c r y t o . n e t " = lib . mkMerge [
( nginxPresets . php args ) /* T e m p o r a r y h a c k u n t i l I c a n f i g u r e o u t t h e m k M e r g e e v a l u a t i o n o r d e r i s s u e */
( nginxPresets . cphpApplication ( pkgs . stdenv . mkDerivation {
name = " c r y t o - l e a r n " ;
src = ./sources/cryto-learn ;
installPhase = ''
mkdir - p $ out/public_html
cp - r $ src /* $ o u t / p u b l i c _ h t m l
cp $ { ../private/cryto-learn/config.json } $ out/config.json
'' ;
} ) )
] ;
" v p s - l i s t . c r y t o . n e t " = lib . mkMerge [
( nginxPresets . php args ) /* T e m p o r a r y h a c k u n t i l I c a n f i g u r e o u t t h e m k M e r g e e v a l u a t i o n o r d e r i s s u e */
( nginxPresets . cphpApplication ( pkgs . stdenv . mkDerivation {
name = " v p s - l i s t " ;
src = ./sources/vps-list ;
installPhase = ''
mkdir - p $ out/public_html
mkdir - p $ out/public_html/cphp
cp - r $ src /* $ o u t / p u b l i c _ h t m l
cp $ { ../private/vps-list/config.php } $ out/public_html/cphp/config.php
'' ;
} ) )
] ;
" i o m f a t s . c r y t o . n e t " = nginxPresets . reverseProxy " h t t p : / / 1 2 7 . 0 . 0 . 1 : 3 0 0 0 / " ;
" c a s t l e r o l a n d . c r y t o . n e t " = nginxPresets . reverseProxy " h t t p : / / 1 2 7 . 0 . 0 . 1 : 3 0 0 0 / " ;
" a w e s o m e d u d e . c r y t o . n e t " = nginxPresets . reverseProxy " h t t p : / / 1 2 7 . 0 . 0 . 1 : 3 0 0 0 / " ;
} ;
} ;
services . mysql = {
enable = true ;
package = pkgs . mysql55 ;
} ;
services . phpfpm = {
extraConfig = ''
log_level = notice
'' ;
phpPackage = pkgs1803 . php56 ;
pools = {
main = {
listen = " / v a r / r u n / p h p f p m - m a i n . s o c k " ;
extraConfig = ''
user = nobody
listen . owner = nginx
listen . group = nginx
listen . mode = 0660
pm = dynamic
pm . max_children = 75
pm . start_servers = 10
pm . min_spare_servers = 5
pm . max_spare_servers = 20
pm . max_requests = 500
catch_workers_output = yes
'' ;
} ;
} ;
} ;
users . extraUsers . mobile-proxy = {
description = " m o b i l e - p r o x y S e r v i c e U s e r " ;
} ;
systemd . services . mobile-proxy = let
package = pkgs . cryto . mobileProxy . override { configFile = ./data/mobile-proxy/config.jsx ; } ;
in {
description = " M o b i l e P r o x y " ;
wantedBy = [ " m u l t i - u s e r . t a r g e t " ] ;
after = [ " n e t w o r k . t a r g e t " ] ;
serviceConfig = {
ExecStart = " ${ package } / b i n / m o b i l e - p r o x y " ;
User = " m o b i l e - p r o x y " ;
Restart = " o n - f a i l u r e " ;
PermissionsStartOnly = true ;
} ;
preStart = ''
mkdir - m 0700 - p /tmp/mobile-proxy-home
chown mobile-proxy /tmp/mobile-proxy-home
'' ;
environment = {
HOME = " / t m p / m o b i l e - p r o x y - h o m e " ;
} ;
} ;
} ;
}