diff --git a/containers/baikal.nix b/containers/baikal.nix new file mode 100644 index 0000000..933df2d --- /dev/null +++ b/containers/baikal.nix @@ -0,0 +1,150 @@ +{ nglib, nixpkgs }: +nglib.makeSystem { + inherit nixpkgs; + system = "x86_64-linux"; + name = "baikal"; + config = ({ pkgs, config, ... }: + { + config = { + dumb-init = { + enable = true; + type.services = { }; + }; + + init.services.baikal = { + shutdownOnExit = true; + enabled = true; + script = + let + baikal = + pkgs.fetchzip { + url = "https://github.com/sabre-io/Baikal/releases/download/0.9.2/baikal-0.9.2.zip"; + sha256 = "sha256-xOxO7Ppuw+d8KUJWAM9SNl/U0pezzWvY8bpTvFQrZN0="; + }; + in + pkgs.writeShellScript "baikal-script" + '' + set -e + mkdir -p /var/www + if ! [ -z "$(ls -A /var/www)" ] ; then + rm -r /var/www/* + fi + + ${pkgs.xorg.lndir}/bin/lndir -silent ${baikal} /var/www/ + + rm -r /var/www/config /var/www/Specific + + mkdir -p /var/baikal/specific /var/baikal/config + chown www-data:www-data -R /var/baikal + ln -s /var/baikal/specific /var/www/Specific + ln -s /var/baikal/config /var/www/config + ls -lahR /var/baikal + + while :; do sleep 2073600; done + ''; + }; + + init.services.apache2 = { + shutdownOnExit = true; + ensureSomething.create."documentRoot" = + { dst = "/var/www"; + type = "directory"; + }; + }; + + services.php-fpm = { + pools = { + main = { + createUserGroup = false; + phpSettings = { + "user" = "www-data"; + }; + fpmSettings = { + "pm" = "dynamic"; + "pm.max_children" = 75; + "pm.start_servers" = 10; + "pm.min_spare_servers" = 5; + "pm.max_spare_servers" = 20; + "pm.max_requests" = 500; + }; + }; + }; + }; + + services.apache2 = { + enable = true; + envsubst = true; + configuration = [ + { + LoadModule = [ + [ "mpm_event_module" "modules/mod_mpm_event.so" ] + [ "log_config_module" "modules/mod_log_config.so" ] + [ "unixd_module" "modules/mod_unixd.so" ] + [ "authz_core_module" "modules/mod_authz_core.so" ] + [ "dir_module" "modules/mod_dir.so" ] + [ "mime_module" "modules/mod_mime.so" ] + [ "proxy_module" "modules/mod_proxy.so" ] + [ "proxy_fcgi_module" "modules/mod_proxy_fcgi.so" ] + ]; + } + { + Listen = "0.0.0.0:80"; + + ServerRoot = "/var/www"; + ServerName = "blowhole"; + PidFile = "/httpd.pid"; + + DocumentRoot = "/var/www"; + + User = "www-data"; + Group = "www-data"; + } + + { + ErrorLog = "/dev/stderr"; + TransferLog = "/dev/stdout"; + + LogLevel = "info"; + } + + { + AddType = [ + [ "image/svg+xml" "svg" "svgz" ] + ]; + AddEncoding = [ "gzip" "svgz" ]; + + TypesConfig = "${pkgs.apacheHttpd}/conf/mime.types"; + } + + { + Directory = { + "/" = { + Require = [ "all" "denied" ]; + Options = "SymlinksIfOwnerMatch"; + }; + }; + + VirtualHost = { + "*:80" = { + ProxyPassMatch = + [ + "^/(.*\.php(/.*)?)$" + "unix:${config.services.php-fpm.pools.main.socket}|fcgi://./var/www/" + ]; + + Directory = { + "/var/www" = { + Require = [ "all" "granted" ]; + AllowOverride = [ "all" ]; + Options = [ "-Indexes" "+FollowSymlinks" ]; + DirectoryIndex = "index.php"; + }; + }; + }; + }; + } + ]; + }; + }; + }); +} diff --git a/flake.nix b/flake.nix index ee87168..be2e37d 100644 --- a/flake.nix +++ b/flake.nix @@ -45,6 +45,7 @@ zigbee2mqtt = import ./containers/zigbee2mqtt.nix base; home-assistant = import ./containers/home-assistant.nix base; reicio = import ./containers/reicio.nix base; + baikal = import ./containers/baikal.nix base; }; hydraJobs =