{ __findFile, config, container, lib, pkgs, util, ... } @args: let cfg = config.container.module.paste; package = (pkgs.callPackage args); in { options.container.module.paste = { enable = lib.mkEnableOption "the text share platform."; address = lib.mkOption { default = "10.1.0.14"; type = lib.types.str; }; port = lib.mkOption { default = 80; type = lib.types.int; }; domain = lib.mkOption { default = "paste.${config.container.domain}"; type = lib.types.str; }; storage = lib.mkOption { default = "${config.container.storage}/paste"; type = lib.types.str; }; }; config = lib.mkIf cfg.enable { systemd.tmpfiles.rules = container.mkContainerDir cfg [ "config" "data" "nginxtmp" "tmp" ]; containers.paste = container.mkContainer cfg { bindMounts = { "/srv/data" = { hostPath = "${cfg.storage}/data"; isReadOnly = false; }; "/tmp" = { hostPath = "${cfg.storage}/tmp"; isReadOnly = false; }; "/var/lib/nginx/tmp" = { hostPath = "${cfg.storage}/nginxtmp"; isReadOnly = false; }; "/srv/config" = { hostPath = "${cfg.storage}/config"; isReadOnly = false; }; }; config = { config, ... }: container.mkContainerConfig cfg { environment.systemPackages = [ package ]; systemd.packages = [ package ]; users.users.paste = { group = "nginx"; isSystemUser = true; }; services = { phpfpm.pools.paste = { group = "nginx"; user = "paste"; phpPackage = pkgs.php; settings = { "catch_workers_output" = true; "listen.owner" = "nginx"; "php_admin_flag[log_errors]" = true; "php_admin_value[error_log]" = "stderr"; "pm" = "dynamic"; "pm.max_children" = "32"; "pm.max_requests" = "500"; "pm.max_spare_servers" = "4"; "pm.min_spare_servers" = "2"; "pm.start_servers" = "2"; }; phpEnv = { # CONFIG_PATH = "${package}/cfg"; # NOTE: Not working? }; }; nginx = { enable = true; virtualHosts.${cfg.domain} = container.mkServer { default = true; root = "${package}"; locations = { "/".extraConfig = util.trimTabs '' rewrite ^ /index.php; ''; "~ \\.php$".extraConfig = util.trimTabs '' fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:${config.services.phpfpm.pools.paste.socket}; include ${config.services.nginx.package}/conf/fastcgi.conf; include ${config.services.nginx.package}/conf/fastcgi_params; ''; "~ \\.(js|css|ttf|woff2?|png|jpe?g|svg)$".extraConfig = util.trimTabs '' add_header Cache-Control "public, max-age=15778463"; add_header Referrer-Policy no-referrer; add_header X-Content-Type-Options nosniff; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; add_header X-Robots-Tag none; add_header X-XSS-Protection "1; mode=block"; access_log off; ''; }; extraConfig = util.trimTabs '' try_files $uri /index.php; ''; }; }; }; }; }; }; }