{ pkgs , storage , const , domain , util , mkContainer , mkContainerConfig , mkContainerDir , mkServer , ... } @args: let address = "10.1.0.14"; fqdn = "paste.${domain}"; package = (pkgs.callPackage ./pastebin args); path = "${storage}/paste"; in { systemd.tmpfiles.rules = map (dir: mkContainerDir "${path}/${dir}") [ "data" "tmp" "nginxtmp" ]; containers.paste = mkContainer address { bindMounts = { "/srv/data" = { hostPath = "${path}/data"; isReadOnly = false; }; "/tmp" = { hostPath = "${path}/tmp"; isReadOnly = false; }; "/var/lib/nginx/tmp" = { hostPath = "${path}/nginxtmp"; isReadOnly = false; }; "/srv/config" = { hostPath = "${path}/config"; isReadOnly = false; }; }; config = { config, lib, ... }: mkContainerConfig { system.stateVersion = const.stateVersion; users.users.root.password = ""; users.mutableUsers = false; networking = { useHostResolvConf = lib.mkForce false; firewall.enable = false; }; environment = { systemPackages = [ package pkgs.neovim ]; variables = { }; }; systemd.packages = [ package ]; users.users.paste = { group = "nginx"; isSystemUser = true; }; services.phpfpm.pools.paste = { user = "paste"; group = "nginx"; phpPackage = pkgs.php; settings = { "pm" = "dynamic"; "php_admin_value[error_log]" = "stderr"; "php_admin_flag[log_errors]" = true; "listen.owner" = "nginx"; "catch_workers_output" = true; "pm.max_children" = "32"; "pm.start_servers" = "2"; "pm.min_spare_servers" = "2"; "pm.max_spare_servers" = "4"; "pm.max_requests" = "500"; }; phpEnv = { # CONFIG_PATH = "${package}/cfg"; }; }; services.nginx = { enable = true; virtualHosts.${fqdn} = mkServer { default = true; root = "${package}"; locations = { "/".extraConfig = '' rewrite ^ /index.php; ''; "~ \\.php$".extraConfig = util.trimTabs '' fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:${config.services.phpfpm.pools.paste.socket}; include ${config.services.nginx.package}/conf/fastcgi.conf; include ${config.services.nginx.package}/conf/fastcgi_params; ''; "~ \\.(js|css|ttf|woff2?|png|jpe?g|svg)$".extraConfig = util.trimTabs '' add_header Cache-Control "public, max-age=15778463"; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; add_header Referrer-Policy no-referrer; access_log off; ''; }; extraConfig = util.trimTabs '' try_files $uri /index.php; ''; }; }; }; }; }