|
|
|
@ -1,5 +1,18 @@
|
|
|
|
|
let
|
|
|
|
|
nixpkgsOptions = {};
|
|
|
|
|
nixpkgsOptions = {
|
|
|
|
|
overlays = [
|
|
|
|
|
(self: super: {
|
|
|
|
|
/* NOTE: Namespaced under `pkgs.cryto.*` to prevent naming conflicts with upstream nixpkgs */
|
|
|
|
|
cryto = {
|
|
|
|
|
# FIXME: Remove default.nix suffix?
|
|
|
|
|
fetchFromCrytoGit = self.callPackage ./lib/fetch/from-cryto-git.nix {};
|
|
|
|
|
nodeApplication = self.callPackage ./lib/node-application.nix {};
|
|
|
|
|
unpack = self.callPackage ./lib/unpack.nix {};
|
|
|
|
|
mobileProxy = self.callPackage ./packages/mobile-proxy/default.nix { configFile = null; };
|
|
|
|
|
};
|
|
|
|
|
})
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
pkgs = (import (fetchTarball "https://github.com/NixOS/nixpkgs-channels/archive/nixos-19.03.tar.gz") nixpkgsOptions);
|
|
|
|
|
pkgs1803 = (import (fetchTarball "https://github.com/NixOS/nixpkgs-channels/archive/nixos-18.03.tar.gz") nixpkgsOptions);
|
|
|
|
|
presets = {
|
|
|
|
@ -9,6 +22,7 @@ let
|
|
|
|
|
nginxPresets = {
|
|
|
|
|
php = (import ./presets/nginx/php.nix);
|
|
|
|
|
cphpApplication = (import ./presets/nginx/cphp-application.nix);
|
|
|
|
|
reverseProxy = (import ./presets/nginx/reverse-proxy.nix);
|
|
|
|
|
};
|
|
|
|
|
in {
|
|
|
|
|
network = {
|
|
|
|
@ -30,6 +44,9 @@ in {
|
|
|
|
|
{ scheme = "http"; port = 80; path = "/"; host = "books.cryto.net"; description = "books.cryto.net is up"; }
|
|
|
|
|
{ scheme = "http"; port = 80; path = "/"; host = "learn.cryto.net"; description = "learn.cryto.net is up"; }
|
|
|
|
|
{ scheme = "http"; port = 80; path = "/"; host = "vps-list.cryto.net"; description = "vps-list.cryto.net is up"; }
|
|
|
|
|
{ scheme = "http"; port = 80; path = "/"; host = "iomfats.cryto.net"; description = "iomfats.cryto.net is up"; }
|
|
|
|
|
{ scheme = "http"; port = 80; path = "/"; host = "castleroland.cryto.net"; description = "castleroland.cryto.net is up"; }
|
|
|
|
|
{ scheme = "http"; port = 80; path = "/"; host = "awesomedude.cryto.net"; description = "awesomedude.cryto.net is up"; }
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 ];
|
|
|
|
@ -37,6 +54,12 @@ in {
|
|
|
|
|
services.nginx = {
|
|
|
|
|
enable = true;
|
|
|
|
|
virtualHosts = {
|
|
|
|
|
"404.cryto.net" = {
|
|
|
|
|
default = true;
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
return 404;
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
"haless.cryto.net" = {
|
|
|
|
|
locations."/shadow" = {
|
|
|
|
|
alias = ./sources/shadow-generator;
|
|
|
|
@ -101,6 +124,9 @@ in {
|
|
|
|
|
'';
|
|
|
|
|
}))
|
|
|
|
|
];
|
|
|
|
|
"iomfats.cryto.net" = nginxPresets.reverseProxy "http://127.0.0.1:3000/";
|
|
|
|
|
"castleroland.cryto.net" = nginxPresets.reverseProxy "http://127.0.0.1:3000/";
|
|
|
|
|
"awesomedude.cryto.net" = nginxPresets.reverseProxy "http://127.0.0.1:3000/";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
@ -135,5 +161,33 @@ in {
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
users.extraUsers.mobile-proxy = {
|
|
|
|
|
description = "mobile-proxy Service User";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
systemd.services.mobile-proxy = let
|
|
|
|
|
package = pkgs.cryto.mobileProxy.override { configFile = ./data/mobile-proxy/config.jsx; };
|
|
|
|
|
in {
|
|
|
|
|
description = "Mobile Proxy";
|
|
|
|
|
wantedBy = ["multi-user.target"];
|
|
|
|
|
after = ["network.target"];
|
|
|
|
|
|
|
|
|
|
serviceConfig = {
|
|
|
|
|
ExecStart = "${package}/bin/mobile-proxy";
|
|
|
|
|
User = "mobile-proxy";
|
|
|
|
|
Restart = "on-failure";
|
|
|
|
|
PermissionsStartOnly = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
preStart = ''
|
|
|
|
|
mkdir -m 0700 -p /tmp/mobile-proxy-home
|
|
|
|
|
chown mobile-proxy /tmp/mobile-proxy-home
|
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
environment = {
|
|
|
|
|
HOME = "/tmp/mobile-proxy-home";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|