nix/container/Paste.nix

135 lines
3.3 KiB
Nix
Raw Normal View History

{
2024-11-04 04:37:29 +03:00
__findFile,
config,
container,
lib,
pkgs,
util,
...
} @args: let
cfg = config.container.module.paste;
package = (pkgs.callPackage <package/privatebin> args);
in {
options.container.module.paste = {
enable = lib.mkEnableOption "the text share platform.";
address = lib.mkOption {
default = "10.1.0.14";
type = lib.types.str;
};
port = lib.mkOption {
default = 80;
type = lib.types.int;
};
domain = lib.mkOption {
default = "paste.${config.container.domain}";
type = lib.types.str;
};
storage = lib.mkOption {
default = "${config.container.storage}/paste";
type = lib.types.str;
};
};
2024-11-04 04:37:29 +03:00
config = lib.mkIf cfg.enable {
systemd.tmpfiles.rules = container.mkContainerDir cfg [
"config"
"data"
"nginxtmp"
"tmp"
];
2024-06-25 04:04:39 +03:00
2024-11-04 04:37:29 +03:00
containers.paste = container.mkContainer cfg {
bindMounts = {
"/srv/data" = {
hostPath = "${cfg.storage}/data";
isReadOnly = false;
};
"/tmp" = {
hostPath = "${cfg.storage}/tmp";
isReadOnly = false;
};
"/var/lib/nginx/tmp" = {
hostPath = "${cfg.storage}/nginxtmp";
isReadOnly = false;
};
"/srv/config" = {
hostPath = "${cfg.storage}/config";
isReadOnly = false;
};
};
2024-06-25 04:04:39 +03:00
2024-11-04 04:37:29 +03:00
config = { config, ... }: container.mkContainerConfig cfg {
environment.systemPackages = [
package
];
systemd.packages = [
package
];
2024-06-25 04:04:39 +03:00
2024-11-04 04:37:29 +03:00
users.users.paste = {
group = "nginx";
isSystemUser = true;
};
2024-11-04 04:37:29 +03:00
services = {
phpfpm.pools.paste = {
group = "nginx";
user = "paste";
phpPackage = pkgs.php;
settings = {
"catch_workers_output" = true;
"listen.owner" = "nginx";
"php_admin_flag[log_errors]" = true;
"php_admin_value[error_log]" = "stderr";
"pm" = "dynamic";
"pm.max_children" = "32";
"pm.max_requests" = "500";
"pm.max_spare_servers" = "4";
"pm.min_spare_servers" = "2";
"pm.start_servers" = "2";
};
phpEnv = {
# CONFIG_PATH = "${package}/cfg"; # NOTE: Not working?
};
};
2024-11-04 04:37:29 +03:00
nginx = {
enable = true;
virtualHosts.${cfg.domain} = container.mkServer {
default = true;
root = "${package}";
locations = {
"/".extraConfig = util.trimTabs ''
rewrite ^ /index.php;
'';
2024-11-04 04:37:29 +03:00
"~ \\.php$".extraConfig = util.trimTabs ''
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools.paste.socket};
include ${config.services.nginx.package}/conf/fastcgi.conf;
include ${config.services.nginx.package}/conf/fastcgi_params;
'';
2024-11-04 04:37:29 +03:00
"~ \\.(js|css|ttf|woff2?|png|jpe?g|svg)$".extraConfig = util.trimTabs ''
add_header Cache-Control "public, max-age=15778463";
add_header Referrer-Policy no-referrer;
add_header X-Content-Type-Options nosniff;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Robots-Tag none;
add_header X-XSS-Protection "1; mode=block";
access_log off;
'';
};
2024-06-25 04:04:39 +03:00
2024-11-04 04:37:29 +03:00
extraConfig = util.trimTabs ''
try_files $uri /index.php;
'';
};
};
};
};
};
};
}