You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

192 lines
5.8 KiB

let
nixpkgsOptions = {
overlays = [
(self: super: {
/* NOTE: Namespaced under `pkgs.cryto.*` to prevent naming conflicts with upstream nixpkgs */
cryto = {
fetchFromCrytoGit = self.callPackage ./lib/fetch/from-cryto-git.nix {};
nodeApplication = self.callPackage ./lib/node-application.nix {};
unpack = self.callPackage ./lib/unpack.nix {};
mobileProxy = self.callPackage ./packages/mobile-proxy { configFile = null; };
};
})
];
};
pkgs = (import (fetchTarball "https://github.com/NixOS/nixpkgs-channels/archive/nixos-19.03.tar.gz") nixpkgsOptions);
pkgs1803 = (import (fetchTarball "https://github.com/NixOS/nixpkgs-channels/archive/nixos-18.03.tar.gz") nixpkgsOptions);
presets = {
base = (import ./presets/base.nix);
kvm = (import ./presets/kvm.nix);
};
nginxPresets = {
php = (import ./presets/nginx/php.nix);
cphpApplication = (import ./presets/nginx/cphp-application.nix);
reverseProxy = (import ./presets/nginx/reverse-proxy.nix);
};
in {
network = {
inherit pkgs;
description = "Cryto";
};
"machine-haless-03.cryto.net" = { pkgs, lib, config, ... }@args: {
system.stateVersion = "19.03";
imports = [
presets.base
presets.kvm
./hardware-configurations/machine-haless-03.nix
];
deployment.healthChecks.http = [
{ scheme = "http"; port = 80; path = "/"; host = "todo.cryto.net"; description = "todo.cryto.net is up"; }
{ scheme = "http"; port = 80; path = "/"; host = "books.cryto.net"; description = "books.cryto.net is up"; }
{ scheme = "http"; port = 80; path = "/"; host = "learn.cryto.net"; description = "learn.cryto.net is up"; }
{ scheme = "http"; port = 80; path = "/"; host = "vps-list.cryto.net"; description = "vps-list.cryto.net is up"; }
{ scheme = "http"; port = 80; path = "/"; host = "iomfats.cryto.net"; description = "iomfats.cryto.net is up"; }
{ scheme = "http"; port = 80; path = "/"; host = "castleroland.cryto.net"; description = "castleroland.cryto.net is up"; }
{ scheme = "http"; port = 80; path = "/"; host = "awesomedude.cryto.net"; description = "awesomedude.cryto.net is up"; }
];
networking.firewall.allowedTCPPorts = [ 80 ];
services.nginx = {
enable = true;
virtualHosts = {
"404.cryto.net" = {
default = true;
extraConfig = ''
return 404;
'';
};
"haless.cryto.net" = {
locations."/shadow" = {
alias = ./sources/shadow-generator;
};
locations."/knex-mirror" = {
alias = ./sources/knex-mirror;
};
};
"books.cryto.net" = lib.mkMerge [
(nginxPresets.php args) /* Temporary hack until I can figure out the mkMerge evaluation order issue */
{
root = pkgs.stdenv.mkDerivation {
name = "cryto-books";
src = ./sources/cryto-books;
installPhase = ''
mkdir -p $out/
cp -r $src/* $out/
cp ${../private/cryto-books/credentials.php} $out/credentials.php
'';
};
}
];
"todo.cryto.net" = lib.mkMerge [
(nginxPresets.php args) /* Temporary hack until I can figure out the mkMerge evaluation order issue */
(nginxPresets.cphpApplication (pkgs.stdenv.mkDerivation {
name = "cryto-todo";
src = ./sources/cryto-todo;
installPhase = ''
mkdir -p $out/public_html
cp -r $src/* $out/public_html
cp ${../private/cryto-todo/config.json} $out/config.json
'';
}))
];
"learn.cryto.net" = lib.mkMerge [
(nginxPresets.php args) /* Temporary hack until I can figure out the mkMerge evaluation order issue */
(nginxPresets.cphpApplication (pkgs.stdenv.mkDerivation {
name = "cryto-learn";
src = ./sources/cryto-learn;
installPhase = ''
mkdir -p $out/public_html
cp -r $src/* $out/public_html
cp ${../private/cryto-learn/config.json} $out/config.json
'';
}))
];
"vps-list.cryto.net" = lib.mkMerge [
(nginxPresets.php args) /* Temporary hack until I can figure out the mkMerge evaluation order issue */
(nginxPresets.cphpApplication (pkgs.stdenv.mkDerivation {
name = "vps-list";
src = ./sources/vps-list;
installPhase = ''
mkdir -p $out/public_html
mkdir -p $out/public_html/cphp
cp -r $src/* $out/public_html
cp ${../private/vps-list/config.php} $out/public_html/cphp/config.php
'';
}))
];
"iomfats.cryto.net" = nginxPresets.reverseProxy "http://127.0.0.1:3000/";
"castleroland.cryto.net" = nginxPresets.reverseProxy "http://127.0.0.1:3000/";
"awesomedude.cryto.net" = nginxPresets.reverseProxy "http://127.0.0.1:3000/";
};
};
services.mysql = {
enable = true;
package = pkgs.mysql55;
};
services.phpfpm = {
extraConfig = ''
log_level = notice
'';
phpPackage = pkgs1803.php56;
pools = {
main = {
listen = "/var/run/phpfpm-main.sock";
extraConfig = ''
user = nobody
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
pm = dynamic
pm.max_children = 75
pm.start_servers = 10
pm.min_spare_servers = 5
pm.max_spare_servers = 20
pm.max_requests = 500
catch_workers_output = yes
'';
};
};
};
users.extraUsers.mobile-proxy = {
description = "mobile-proxy Service User";
};
systemd.services.mobile-proxy = let
package = pkgs.cryto.mobileProxy.override { configFile = ./data/mobile-proxy/config.jsx; };
in {
description = "Mobile Proxy";
wantedBy = ["multi-user.target"];
after = ["network.target"];
serviceConfig = {
ExecStart = "${package}/bin/mobile-proxy";
User = "mobile-proxy";
Restart = "on-failure";
PermissionsStartOnly = true;
};
preStart = ''
mkdir -m 0700 -p /tmp/mobile-proxy-home
chown mobile-proxy /tmp/mobile-proxy-home
'';
environment = {
HOME = "/tmp/mobile-proxy-home";
};
};
};
}