You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
193 lines
5.8 KiB
Nix
193 lines
5.8 KiB
Nix
let
|
|
nixpkgsOptions = {
|
|
overlays = [
|
|
(self: super: {
|
|
/* NOTE: Namespaced under `pkgs.cryto.*` to prevent naming conflicts with upstream nixpkgs */
|
|
cryto = {
|
|
fetchFromCrytoGit = self.callPackage ./lib/fetch/from-cryto-git.nix {};
|
|
nodeApplication = self.callPackage ./lib/node-application.nix {};
|
|
unpack = self.callPackage ./lib/unpack.nix {};
|
|
mobileProxy = self.callPackage ./packages/mobile-proxy { configFile = null; };
|
|
};
|
|
})
|
|
];
|
|
};
|
|
pkgs = (import (fetchTarball "https://github.com/NixOS/nixpkgs-channels/archive/nixos-19.03.tar.gz") nixpkgsOptions);
|
|
pkgs1803 = (import (fetchTarball "https://github.com/NixOS/nixpkgs-channels/archive/nixos-18.03.tar.gz") nixpkgsOptions);
|
|
presets = {
|
|
base = (import ./presets/base.nix);
|
|
kvm = (import ./presets/kvm.nix);
|
|
};
|
|
nginxPresets = {
|
|
php = (import ./presets/nginx/php.nix);
|
|
cphpApplication = (import ./presets/nginx/cphp-application.nix);
|
|
reverseProxy = (import ./presets/nginx/reverse-proxy.nix);
|
|
};
|
|
in {
|
|
network = {
|
|
inherit pkgs;
|
|
description = "Cryto";
|
|
};
|
|
|
|
"machine-haless-03.cryto.net" = { pkgs, lib, config, ... }@args: {
|
|
system.stateVersion = "19.03";
|
|
|
|
imports = [
|
|
presets.base
|
|
presets.kvm
|
|
./hardware-configurations/machine-haless-03.nix
|
|
];
|
|
|
|
deployment.healthChecks.http = [
|
|
{ scheme = "http"; port = 80; path = "/"; host = "todo.cryto.net"; description = "todo.cryto.net is up"; }
|
|
{ scheme = "http"; port = 80; path = "/"; host = "books.cryto.net"; description = "books.cryto.net is up"; }
|
|
{ scheme = "http"; port = 80; path = "/"; host = "learn.cryto.net"; description = "learn.cryto.net is up"; }
|
|
{ scheme = "http"; port = 80; path = "/"; host = "vps-list.cryto.net"; description = "vps-list.cryto.net is up"; }
|
|
{ scheme = "http"; port = 80; path = "/"; host = "iomfats.cryto.net"; description = "iomfats.cryto.net is up"; }
|
|
{ scheme = "http"; port = 80; path = "/"; host = "castleroland.cryto.net"; description = "castleroland.cryto.net is up"; }
|
|
{ scheme = "http"; port = 80; path = "/"; host = "awesomedude.cryto.net"; description = "awesomedude.cryto.net is up"; }
|
|
];
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 ];
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
virtualHosts = {
|
|
"404.cryto.net" = {
|
|
default = true;
|
|
extraConfig = ''
|
|
return 404;
|
|
'';
|
|
};
|
|
"haless.cryto.net" = {
|
|
locations."/shadow" = {
|
|
alias = ./sources/shadow-generator;
|
|
};
|
|
locations."/knex-mirror" = {
|
|
alias = ./sources/knex-mirror;
|
|
};
|
|
};
|
|
"books.cryto.net" = lib.mkMerge [
|
|
(nginxPresets.php args) /* Temporary hack until I can figure out the mkMerge evaluation order issue */
|
|
{
|
|
root = pkgs.stdenv.mkDerivation {
|
|
name = "cryto-books";
|
|
src = ./sources/cryto-books;
|
|
|
|
installPhase = ''
|
|
mkdir -p $out/
|
|
cp -r $src/* $out/
|
|
cp ${../private/cryto-books/credentials.php} $out/credentials.php
|
|
'';
|
|
};
|
|
}
|
|
];
|
|
"todo.cryto.net" = lib.mkMerge [
|
|
(nginxPresets.php args) /* Temporary hack until I can figure out the mkMerge evaluation order issue */
|
|
(nginxPresets.cphpApplication (pkgs.stdenv.mkDerivation {
|
|
name = "cryto-todo";
|
|
src = ./sources/cryto-todo;
|
|
|
|
installPhase = ''
|
|
mkdir -p $out/public_html
|
|
cp -r $src/* $out/public_html
|
|
cp ${../private/cryto-todo/config.json} $out/config.json
|
|
'';
|
|
}))
|
|
];
|
|
"learn.cryto.net" = lib.mkMerge [
|
|
(nginxPresets.php args) /* Temporary hack until I can figure out the mkMerge evaluation order issue */
|
|
(nginxPresets.cphpApplication (pkgs.stdenv.mkDerivation {
|
|
name = "cryto-learn";
|
|
src = ./sources/cryto-learn;
|
|
|
|
installPhase = ''
|
|
mkdir -p $out/public_html
|
|
cp -r $src/* $out/public_html
|
|
cp ${../private/cryto-learn/config.json} $out/config.json
|
|
'';
|
|
}))
|
|
];
|
|
"vps-list.cryto.net" = lib.mkMerge [
|
|
(nginxPresets.php args) /* Temporary hack until I can figure out the mkMerge evaluation order issue */
|
|
(nginxPresets.cphpApplication (pkgs.stdenv.mkDerivation {
|
|
name = "vps-list";
|
|
src = ./sources/vps-list;
|
|
|
|
installPhase = ''
|
|
mkdir -p $out/public_html
|
|
mkdir -p $out/public_html/cphp
|
|
|
|
cp -r $src/* $out/public_html
|
|
cp ${../private/vps-list/config.php} $out/public_html/cphp/config.php
|
|
'';
|
|
}))
|
|
];
|
|
"iomfats.cryto.net" = nginxPresets.reverseProxy "http://127.0.0.1:3000/";
|
|
"castleroland.cryto.net" = nginxPresets.reverseProxy "http://127.0.0.1:3000/";
|
|
"awesomedude.cryto.net" = nginxPresets.reverseProxy "http://127.0.0.1:3000/";
|
|
};
|
|
};
|
|
|
|
services.mysql = {
|
|
enable = true;
|
|
package = pkgs.mysql55;
|
|
};
|
|
|
|
services.phpfpm = {
|
|
extraConfig = ''
|
|
log_level = notice
|
|
'';
|
|
phpPackage = pkgs1803.php56;
|
|
pools = {
|
|
main = {
|
|
listen = "/var/run/phpfpm-main.sock";
|
|
extraConfig = ''
|
|
user = nobody
|
|
listen.owner = nginx
|
|
listen.group = nginx
|
|
listen.mode = 0660
|
|
|
|
pm = dynamic
|
|
pm.max_children = 75
|
|
pm.start_servers = 10
|
|
pm.min_spare_servers = 5
|
|
pm.max_spare_servers = 20
|
|
pm.max_requests = 500
|
|
|
|
catch_workers_output = yes
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
|
|
users.extraUsers.mobile-proxy = {
|
|
description = "mobile-proxy Service User";
|
|
};
|
|
|
|
systemd.services.mobile-proxy = let
|
|
package = pkgs.cryto.mobileProxy.override { configFile = ./data/mobile-proxy/config.jsx; };
|
|
in {
|
|
description = "Mobile Proxy";
|
|
wantedBy = ["multi-user.target"];
|
|
after = ["network.target"];
|
|
|
|
serviceConfig = {
|
|
ExecStart = "${package}/bin/mobile-proxy";
|
|
User = "mobile-proxy";
|
|
Restart = "on-failure";
|
|
PermissionsStartOnly = true;
|
|
};
|
|
|
|
preStart = ''
|
|
mkdir -m 0700 -p /tmp/mobile-proxy-home
|
|
chown mobile-proxy /tmp/mobile-proxy-home
|
|
'';
|
|
|
|
environment = {
|
|
HOME = "/tmp/mobile-proxy-home";
|
|
};
|
|
};
|
|
};
|
|
}
|