nixpkgsOptions = {
overlays = [
(self: super: {
/* NOTE: Namespaced under `pkgs.cryto.*` to prevent naming conflicts with upstream nixpkgs */
cryto = {
fetchFromCrytoGit = self.callPackage ./lib/fetch/from-cryto-git.nix {};
nodeApplication = self.callPackage ./lib/node-application.nix {};
unpack = self.callPackage ./lib/unpack.nix {};
mobileProxy = self.callPackage ./packages/mobile-proxy { configFile = null; };
pkgs = (import (fetchTarball "") nixpkgsOptions);
pkgs1803 = (import (fetchTarball "") nixpkgsOptions);
presets = {
base = (import ./presets/base.nix);
kvm = (import ./presets/kvm.nix);
nginxPresets = {
php = (import ./presets/nginx/php.nix);
cphpApplication = (import ./presets/nginx/cphp-application.nix);
reverseProxy = (import ./presets/nginx/reverse-proxy.nix);
in {
network = {
inherit pkgs;
description = "Cryto";
"" = { pkgs, lib, config, ... }@args: {
system.stateVersion = "19.03";
imports = [
deployment.healthChecks.http = [
{ scheme = "http"; port = 80; path = "/"; host = ""; description = " is up"; }
{ scheme = "http"; port = 80; path = "/"; host = ""; description = " is up"; }
{ scheme = "http"; port = 80; path = "/"; host = ""; description = " is up"; }
{ scheme = "http"; port = 80; path = "/"; host = ""; description = " is up"; }
{ scheme = "http"; port = 80; path = "/"; host = ""; description = " is up"; }
{ scheme = "http"; port = 80; path = "/"; host = ""; description = " is up"; }
{ scheme = "http"; port = 80; path = "/"; host = ""; description = " is up"; }
networking.firewall.allowedTCPPorts = [ 80 ];
services.nginx = {
enable = true;
virtualHosts = {
"" = {
default = true;
extraConfig = ''
return 404;
"" = {
locations."/shadow" = {
alias = ./sources/shadow-generator;
locations."/knex-mirror" = {
alias = ./sources/knex-mirror;
"" = lib.mkMerge [
(nginxPresets.php args) /* Temporary hack until I can figure out the mkMerge evaluation order issue */
root = pkgs.stdenv.mkDerivation {
name = "cryto-books";
src = ./sources/cryto-books;
installPhase = ''
mkdir -p $out/
cp -r $src/* $out/
cp ${../private/cryto-books/credentials.php} $out/credentials.php
"" = lib.mkMerge [
(nginxPresets.php args) /* Temporary hack until I can figure out the mkMerge evaluation order issue */
(nginxPresets.cphpApplication (pkgs.stdenv.mkDerivation {
name = "cryto-todo";
src = ./sources/cryto-todo;
installPhase = ''
mkdir -p $out/public_html
cp -r $src/* $out/public_html
cp ${../private/cryto-todo/config.json} $out/config.json
"" = lib.mkMerge [
(nginxPresets.php args) /* Temporary hack until I can figure out the mkMerge evaluation order issue */
(nginxPresets.cphpApplication (pkgs.stdenv.mkDerivation {
name = "cryto-learn";
src = ./sources/cryto-learn;
installPhase = ''
mkdir -p $out/public_html
cp -r $src/* $out/public_html
cp ${../private/cryto-learn/config.json} $out/config.json
"" = lib.mkMerge [
(nginxPresets.php args) /* Temporary hack until I can figure out the mkMerge evaluation order issue */
(nginxPresets.cphpApplication (pkgs.stdenv.mkDerivation {
name = "vps-list";
src = ./sources/vps-list;
installPhase = ''
mkdir -p $out/public_html
mkdir -p $out/public_html/cphp
cp -r $src/* $out/public_html
cp ${../private/vps-list/config.php} $out/public_html/cphp/config.php
"" = nginxPresets.reverseProxy "";
"" = nginxPresets.reverseProxy "";
"" = nginxPresets.reverseProxy "";
services.mysql = {
enable = true;
package = pkgs.mysql55;
services.phpfpm = {
extraConfig = ''
log_level = notice
phpPackage = pkgs1803.php56;
pools = {
main = {
listen = "/var/run/phpfpm-main.sock";
extraConfig = ''
user = nobody
listen.owner = nginx = nginx
listen.mode = 0660
pm = dynamic
pm.max_children = 75
pm.start_servers = 10
pm.min_spare_servers = 5
pm.max_spare_servers = 20
pm.max_requests = 500
catch_workers_output = yes
}; = {
description = "mobile-proxy Service User";
}; = let
package = pkgs.cryto.mobileProxy.override { configFile = ./data/mobile-proxy/config.jsx; };
in {
description = "Mobile Proxy";
wantedBy = [""];
after = [""];
serviceConfig = {
ExecStart = "${package}/bin/mobile-proxy";
User = "mobile-proxy";
Restart = "on-failure";
PermissionsStartOnly = true;
preStart = ''
mkdir -m 0700 -p /tmp/mobile-proxy-home
chown mobile-proxy /tmp/mobile-proxy-home
environment = {
HOME = "/tmp/mobile-proxy-home";