You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

193 lines
5.8 KiB

  1. let
  2. nixpkgsOptions = {
  3. overlays = [
  4. (self: super: {
  5. /* NOTE: Namespaced under `pkgs.cryto.*` to prevent naming conflicts with upstream nixpkgs */
  6. cryto = {
  7. fetchFromCrytoGit = self.callPackage ./lib/fetch/from-cryto-git.nix {};
  8. nodeApplication = self.callPackage ./lib/node-application.nix {};
  9. unpack = self.callPackage ./lib/unpack.nix {};
  10. mobileProxy = self.callPackage ./packages/mobile-proxy { configFile = null; };
  11. };
  12. })
  13. ];
  14. };
  15. pkgs = (import (fetchTarball "https://github.com/NixOS/nixpkgs-channels/archive/nixos-19.03.tar.gz") nixpkgsOptions);
  16. pkgs1803 = (import (fetchTarball "https://github.com/NixOS/nixpkgs-channels/archive/nixos-18.03.tar.gz") nixpkgsOptions);
  17. presets = {
  18. base = (import ./presets/base.nix);
  19. kvm = (import ./presets/kvm.nix);
  20. };
  21. nginxPresets = {
  22. php = (import ./presets/nginx/php.nix);
  23. cphpApplication = (import ./presets/nginx/cphp-application.nix);
  24. reverseProxy = (import ./presets/nginx/reverse-proxy.nix);
  25. };
  26. in {
  27. network = {
  28. inherit pkgs;
  29. description = "Cryto";
  30. };
  31. "machine-haless-03.cryto.net" = { pkgs, lib, config, ... }@args: {
  32. system.stateVersion = "19.03";
  33. imports = [
  34. presets.base
  35. presets.kvm
  36. ./hardware-configurations/machine-haless-03.nix
  37. ];
  38. deployment.healthChecks.http = [
  39. { scheme = "http"; port = 80; path = "/"; host = "todo.cryto.net"; description = "todo.cryto.net is up"; }
  40. { scheme = "http"; port = 80; path = "/"; host = "books.cryto.net"; description = "books.cryto.net is up"; }
  41. { scheme = "http"; port = 80; path = "/"; host = "learn.cryto.net"; description = "learn.cryto.net is up"; }
  42. { scheme = "http"; port = 80; path = "/"; host = "vps-list.cryto.net"; description = "vps-list.cryto.net is up"; }
  43. { scheme = "http"; port = 80; path = "/"; host = "iomfats.cryto.net"; description = "iomfats.cryto.net is up"; }
  44. { scheme = "http"; port = 80; path = "/"; host = "castleroland.cryto.net"; description = "castleroland.cryto.net is up"; }
  45. { scheme = "http"; port = 80; path = "/"; host = "awesomedude.cryto.net"; description = "awesomedude.cryto.net is up"; }
  46. ];
  47. networking.firewall.allowedTCPPorts = [ 80 ];
  48. services.nginx = {
  49. enable = true;
  50. virtualHosts = {
  51. "404.cryto.net" = {
  52. default = true;
  53. extraConfig = ''
  54. return 404;
  55. '';
  56. };
  57. "haless.cryto.net" = {
  58. locations."/shadow" = {
  59. alias = ./sources/shadow-generator;
  60. };
  61. locations."/knex-mirror" = {
  62. alias = ./sources/knex-mirror;
  63. };
  64. };
  65. "books.cryto.net" = lib.mkMerge [
  66. (nginxPresets.php args) /* Temporary hack until I can figure out the mkMerge evaluation order issue */
  67. {
  68. root = pkgs.stdenv.mkDerivation {
  69. name = "cryto-books";
  70. src = ./sources/cryto-books;
  71. installPhase = ''
  72. mkdir -p $out/
  73. cp -r $src/* $out/
  74. cp ${../private/cryto-books/credentials.php} $out/credentials.php
  75. '';
  76. };
  77. }
  78. ];
  79. "todo.cryto.net" = lib.mkMerge [
  80. (nginxPresets.php args) /* Temporary hack until I can figure out the mkMerge evaluation order issue */
  81. (nginxPresets.cphpApplication (pkgs.stdenv.mkDerivation {
  82. name = "cryto-todo";
  83. src = ./sources/cryto-todo;
  84. installPhase = ''
  85. mkdir -p $out/public_html
  86. cp -r $src/* $out/public_html
  87. cp ${../private/cryto-todo/config.json} $out/config.json
  88. '';
  89. }))
  90. ];
  91. "learn.cryto.net" = lib.mkMerge [
  92. (nginxPresets.php args) /* Temporary hack until I can figure out the mkMerge evaluation order issue */
  93. (nginxPresets.cphpApplication (pkgs.stdenv.mkDerivation {
  94. name = "cryto-learn";
  95. src = ./sources/cryto-learn;
  96. installPhase = ''
  97. mkdir -p $out/public_html
  98. cp -r $src/* $out/public_html
  99. cp ${../private/cryto-learn/config.json} $out/config.json
  100. '';
  101. }))
  102. ];
  103. "vps-list.cryto.net" = lib.mkMerge [
  104. (nginxPresets.php args) /* Temporary hack until I can figure out the mkMerge evaluation order issue */
  105. (nginxPresets.cphpApplication (pkgs.stdenv.mkDerivation {
  106. name = "vps-list";
  107. src = ./sources/vps-list;
  108. installPhase = ''
  109. mkdir -p $out/public_html
  110. mkdir -p $out/public_html/cphp
  111. cp -r $src/* $out/public_html
  112. cp ${../private/vps-list/config.php} $out/public_html/cphp/config.php
  113. '';
  114. }))
  115. ];
  116. "iomfats.cryto.net" = nginxPresets.reverseProxy "http://127.0.0.1:3000/";
  117. "castleroland.cryto.net" = nginxPresets.reverseProxy "http://127.0.0.1:3000/";
  118. "awesomedude.cryto.net" = nginxPresets.reverseProxy "http://127.0.0.1:3000/";
  119. };
  120. };
  121. services.mysql = {
  122. enable = true;
  123. package = pkgs.mysql55;
  124. };
  125. services.phpfpm = {
  126. extraConfig = ''
  127. log_level = notice
  128. '';
  129. phpPackage = pkgs1803.php56;
  130. pools = {
  131. main = {
  132. listen = "/var/run/phpfpm-main.sock";
  133. extraConfig = ''
  134. user = nobody
  135. listen.owner = nginx
  136. listen.group = nginx
  137. listen.mode = 0660
  138. pm = dynamic
  139. pm.max_children = 75
  140. pm.start_servers = 10
  141. pm.min_spare_servers = 5
  142. pm.max_spare_servers = 20
  143. pm.max_requests = 500
  144. catch_workers_output = yes
  145. '';
  146. };
  147. };
  148. };
  149. users.extraUsers.mobile-proxy = {
  150. description = "mobile-proxy Service User";
  151. };
  152. systemd.services.mobile-proxy = let
  153. package = pkgs.cryto.mobileProxy.override { configFile = ./data/mobile-proxy/config.jsx; };
  154. in {
  155. description = "Mobile Proxy";
  156. wantedBy = ["multi-user.target"];
  157. after = ["network.target"];
  158. serviceConfig = {
  159. ExecStart = "${package}/bin/mobile-proxy";
  160. User = "mobile-proxy";
  161. Restart = "on-failure";
  162. PermissionsStartOnly = true;
  163. };
  164. preStart = ''
  165. mkdir -m 0700 -p /tmp/mobile-proxy-home
  166. chown mobile-proxy /tmp/mobile-proxy-home
  167. '';
  168. environment = {
  169. HOME = "/tmp/mobile-proxy-home";
  170. };
  171. };
  172. };
  173. }