diff --git a/containers/website.nix b/containers/website.nix new file mode 100644 index 0000000..a0a9411 --- /dev/null +++ b/containers/website.nix @@ -0,0 +1,82 @@ +websiteBase: nglib: +(nglib "x86_64-linux").makeSystem { + system = "x86_64-linux"; + name = "nixng-website"; + config = ({ pkgs, options, ... }: { + dumb-init = { + enable = true; + type.services = {}; + }; + init.services.apache2 = { + ensureSomething.link."documentRoot" = { + src = "${websiteBase pkgs}"; + dst = "/var/www"; + }; + shutdownOnExit = true; + }; + services.apache2 = { + enable = true; + configuration = [ + { + LoadModule = [ + [ "mpm_event_module" "modules/mod_mpm_event.so" ] + [ "log_config_module" "modules/mod_log_config.so" ] + [ "unixd_module" "modules/mod_unixd.so" ] + [ "authz_core_module" "modules/mod_authz_core.so" ] + [ "dir_module" "modules/mod_dir.so" ] + [ "mime_module" "modules/mod_mime.so" ] + ]; + } + { + Listen = "0.0.0.0:80"; + + ServerRoot = "/var/www"; + ServerName = "blowhole"; + PidFile = "/httpd.pid"; + + User = "www-data"; + Group = "www-data"; + + DocumentRoot = "/var/www"; + } + + { + ErrorLog = "/dev/stderr"; + TransferLog = "/dev/stdout"; + + LogLevel = "info"; + } + + { + AddType = [ + [ "image/svg+xml" "svg" "svgz" ] + ]; + AddEncoding = [ "gzip" "svgz" ]; + + TypesConfig = "${pkgs.apacheHttpd}/conf/mime.types"; + } + + { + Directory = { + "/" = { + Require = [ "all" "denied" ]; + Options = "SymlinksIfOwnerMatch"; + }; + }; + + VirtualHost = { + "*:80" = { + Directory = { + "/var/www" = { + Require = [ "all" "granted" ]; + Options = [ "-Indexes" "+FollowSymlinks" ]; + DirectoryIndex = "index.html"; + }; + }; + }; + }; + } + ]; + }; + }); +} diff --git a/flake.lock b/flake.lock index fc030d7..ccc0a4f 100644 --- a/flake.lock +++ b/flake.lock @@ -1,15 +1,31 @@ { "nodes": { + "emacs-htmlize": { + "flake": false, + "locked": { + "lastModified": 1597563983, + "narHash": "sha256-wiRnlWKYQSvQijrymSkEbsW3581LOeuTItkxvTgHXDE=", + "owner": "hniksic", + "repo": "emacs-htmlize", + "rev": "49205105898ba8993b5253beec55d8bddd820a70", + "type": "github" + }, + "original": { + "owner": "hniksic", + "repo": "emacs-htmlize", + "type": "github" + } + }, "nixng": { "inputs": { "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1619975252, - "narHash": "sha256-Amx08/6MpMPLkqAukuIDjjxXdoAaZ/ruD88b3oC+Zbw=", + "lastModified": 1620770515, + "narHash": "sha256-J4nAIF3m9baEfqQPfyiB54/wrXNGTHZ83WIFoHvkbdY=", "ref": "master", - "rev": "f3929584d72e2b741e243d4439a2874011b6d994", - "revCount": 61, + "rev": "39472145c70d6071c7fa669ae39ee21c524f92e1", + "revCount": 73, "type": "git", "url": "https://gitea.redalder.org/Magic_RB/NixNG" }, @@ -18,6 +34,23 @@ "url": "https://gitea.redalder.org/Magic_RB/NixNG" } }, + "nixng_2": { + "inputs": { + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1619975252, + "narHash": "sha256-Amx08/6MpMPLkqAukuIDjjxXdoAaZ/ruD88b3oC+Zbw=", + "path": "/nix/store/qq21z50yf6aqbccrz3qxp3alqka5ddbw-source", + "rev": "f3929584d72e2b741e243d4439a2874011b6d994", + "revCount": 61, + "type": "path" + }, + "original": { + "id": "nixng", + "type": "indirect" + } + }, "nixpkgs": { "locked": { "lastModified": 1617271991, @@ -44,10 +77,74 @@ "type": "indirect" } }, + "nixpkgs_3": { + "locked": { + "lastModified": 1617271991, + "narHash": "sha256-VdzjIQaT1FtycNid0iPSVr44Jrstoox6QRLrwCY1uG0=", + "path": "/nix/store/p86a44r69akjvyg0nid33kh9mg15h9lq-source", + "rev": "da7f4c4842520167f65c20ad75ecdbd14e27ae91", + "type": "path" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1614447571, + "narHash": "sha256-kHshBYBAAL0sx7DwwrPyfvtUwidQ9aWXy0XrL5RQFhY=", + "path": "/nix/store/fsfirablmv207i01zz3zsd20nkd0cbcq-source", + "rev": "d303eee16ce8dee5c0b5b8e5f6323f561c189ec5", + "type": "path" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "org-thtml": { + "flake": false, + "locked": { + "lastModified": 1609698765, + "narHash": "sha256-+WfRXEhwEV24MSH5Vg0hz0joJkvkQ4Qeqt4BRY0cZSA=", + "owner": "juanjosegarciaripoll", + "repo": "org-thtml", + "rev": "0c84e993a7e9ae9fc1fd5e34f7713d6526f03cd0", + "type": "github" + }, + "original": { + "owner": "juanjosegarciaripoll", + "repo": "org-thtml", + "type": "github" + } + }, "root": { "inputs": { "nixng": "nixng", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_2", + "website": "website" + } + }, + "website": { + "inputs": { + "emacs-htmlize": "emacs-htmlize", + "nixng": "nixng_2", + "nixpkgs": "nixpkgs_4", + "org-thtml": "org-thtml" + }, + "locked": { + "lastModified": 1620814650, + "narHash": "sha256-mLn49fhYS1OS9nfNsE/MCoZUXl7496RMeX0+JfYSJc8=", + "ref": "master", + "rev": "e2249619a8d75339a0f0038121e24b245b9ba691", + "revCount": 20, + "type": "git", + "url": "https://gitea.redalder.org/Magic_RB/website" + }, + "original": { + "type": "git", + "url": "https://gitea.redalder.org/Magic_RB/website" } } }, diff --git a/flake.nix b/flake.nix index a166d80..9eacbbf 100644 --- a/flake.nix +++ b/flake.nix @@ -2,9 +2,8 @@ inputs = { nixpkgs.url = "nixpkgs"; - nixng = { - url = "git+https://gitea.redalder.org/Magic_RB/NixNG"; - }; + nixng.url = "git+https://gitea.redalder.org/Magic_RB/NixNG"; + website.url = "git+https://gitea.redalder.org/Magic_RB/website"; }; outputs = { self, nixpkgs, nixng, ... }@inputs: @@ -13,6 +12,8 @@ containers = { hydra = (import ./containers/hydra.nix nixng.lib).hydra; hydraPostgresql = (import ./containers/hydra.nix nixng.lib).postgresql; + ingress = (import ./containers/ingress.nix nixng.lib); + website = (import ./containers/website.nix inputs.website.website nixng.lib); }; in {