ryan.freumh.org / nixos
btw i use nix
fork atom
nixos / modules / freumh.nix
at master 4.2 kB view raw
1{ 2 pkgs, 3 config, 4 lib, 5 ... 6}: 7 8let 9 cfg = config.custom; 10in 11{ 12 options.custom.freumh.enable = lib.mkEnableOption "freumh"; 13 14 config = lib.mkIf cfg.freumh.enable { 15 security.acme = { 16 defaults.email = "${config.custom.username}@${config.networking.domain}"; 17 acceptTerms = true; 18 }; 19 20 services.phpfpm.pools.freumh = { 21 user = "php"; 22 group = "php"; 23 settings = { 24 "listen.owner" = config.services.nginx.user; 25 "pm" = "dynamic"; 26 "pm.max_children" = 32; 27 "pm.max_requests" = 500; 28 "pm.start_servers" = 2; 29 "pm.min_spare_servers" = 2; 30 "pm.max_spare_servers" = 5; 31 "php_admin_value[error_log]" = "stderr"; 32 "php_admin_flag[log_errors]" = true; 33 "catch_workers_output" = true; 34 }; 35 phpEnv."PATH" = lib.makeBinPath [ pkgs.php ]; 36 }; 37 users.users.php = { 38 isSystemUser = true; 39 group = "php"; 40 }; 41 users.groups.php = { }; 42 43 security.acme-eon.nginxCerts = [ config.networking.domain ]; 44 services.nginx = { 45 enable = true; 46 virtualHosts."${config.networking.domain}" = { 47 forceSSL = true; 48 locations."/root" = 49 let 50 random-root = pkgs.writeScript "random-root.php" '' 51 <?php 52 $dir = '/var/roots/'; 53 $files = glob($dir . '/*.*'); 54 $file = $files[array_rand($files)]; 55 header('Content-Type: ' . mime_content_type($file)); 56 header('X-Id: ' . pathinfo($file, PATHINFO_FILENAME)); 57 readfile($file); 58 ?> 59 ''; 60 in 61 { 62 extraConfig = '' 63 fastcgi_pass unix:${config.services.phpfpm.pools.freumh.socket}; 64 include ${pkgs.nginx}/conf/fastcgi_params; 65 fastcgi_param SCRIPT_FILENAME ${random-root}; 66 ''; 67 }; 68 locations."/index.html".root = pkgs.writeTextFile { 69 name = "freumh"; 70 text = '' 71 <html> 72 <head> 73 <style> 74 body, html { 75 height: 100%; 76 margin: 0; 77 } 78 .bg { 79 height: 100%; 80 background-position: center; 81 background-repeat: no-repeat; 82 background-size: cover; 83 } 84 @media (prefers-color-scheme: dark) { 85 body { 86 filter: invert(1); 87 } 88 } 89 </style> 90 <script> 91 function fetchImage() { 92 fetch('root') 93 .then(response => { 94 const id = response.headers.get('X-Id'); 95 const link = document.getElementById('link'); 96 link.href = `https://images.wur.nl/digital/collection/coll13/id/''${id}/rec/1`; 97 return response.blob(); 98 }) 99 .then(blob => { 100 const url = URL.createObjectURL(blob); 101 document.getElementById('bg').style.backgroundImage = `url(''${url})`; 102 }) 103 .catch(error => { 104 console.error('Error fetching image:', error); 105 }); 106 } 107 window.onload = fetchImage; 108 </script> 109 </head> 110 <body style="background-color:#ebebeb; text-align: center;"> 111 <a id="link" style="color: #040404"> 112 <div id="bg" class="bg"></div> 113 </a> 114 </body> 115 </pre> 116 ''; 117 destination = "/index.html"; 118 }; 119 locations."/404.html".extraConfig = '' 120 return 200 ""; 121 ''; 122 locations."/.well-known/security.txt".root = pkgs.writeTextFile { 123 name = "freumh-security.txt"; 124 text = '' 125 Contact: mailto:security@freumh.org 126 ''; 127 destination = "/.well-known/security.txt"; 128 }; 129 extraConfig = '' 130 error_page 404 /404.html; 131 ''; 132 }; 133 }; 134 }; 135}