{ nglib, nixpkgs }: nglib.makeSystem { inherit nixpkgs; system = "x86_64-linux"; name = "baikal"; config = ({ pkgs, config, ... }: { config = { dumb-init = { enable = true; type.services = { }; }; init.services.baikal = { shutdownOnExit = true; enabled = true; script = let baikal = pkgs.fetchzip { url = "https://github.com/sabre-io/Baikal/releases/download/0.9.2/baikal-0.9.2.zip"; sha256 = "sha256-/LdwMVy0aGaj2B5db107duYl7oKcA/BuMXt/zZxlsZw="; extraPostFetch = '' patch -p1 -d "$out" < ${./baikal/baikal-project-uri.patch} ''; }; in pkgs.writeShellScript "baikal-script" '' set -ex mkdir -p /var/www if ! [ -z "$(ls -A /var/www)" ] ; then rm -r /var/www/* fi ${pkgs.xorg.lndir}/bin/lndir -silent ${baikal} /var/www/ rm -r /var/www/config /var/www/Specific mkdir -p /var/baikal/specific /var/baikal/config /var/webdav ln -s /var/baikal/specific /var/www/Specific ln -s /var/baikal/config /var/www/config chown www-data:www-data -R /var/baikal /var/webdav while :; do sleep 2073600; done ''; }; init.services.apache2 = { shutdownOnExit = true; ensureSomething.create."documentRoot" = { dst = "/var/www"; type = "directory"; persistent = true; }; }; # init.services.php-fpm.shutdownOnExit = true; services.php-fpm = { fpmSettings = { "error_log" = "/proc/self/fd/1"; }; pools = { main = { createUserGroup = false; phpSettings = { "user" = "www-data"; }; fpmSettings = { "pm" = "dynamic"; "pm.max_children" = 75; "pm.start_servers" = 10; "pm.min_spare_servers" = 5; "pm.max_spare_servers" = 20; "pm.max_requests" = 500; }; }; }; }; services.apache2 = { enable = true; envsubst = true; # package = # pkgs.apacheHttpd.override # { aprutil = # pkgs.aprutil.overrideAttrs # (old: # { configureFlags = # old.configureFlags ++ # [ "--with-sqlite3" ]; # buildInputs = # old.buildInputs ++ # [ pkgs.sqlite.dev # ]; # } ); # }; configuration = [ { LoadModule = [ [ "mpm_event_module" "modules/mod_mpm_event.so" ] [ "log_config_module" "modules/mod_log_config.so" ] [ "unixd_module" "modules/mod_unixd.so" ] [ "authz_core_module" "modules/mod_authz_core.so" ] [ "dir_module" "modules/mod_dir.so" ] [ "mime_module" "modules/mod_mime.so" ] [ "proxy_module" "modules/mod_proxy.so" ] [ "proxy_fcgi_module" "modules/mod_proxy_fcgi.so" ] [ "rewrite_module" "modules/mod_rewrite.so" ] [ "alias_module" "modules/mod_alias.so" ] [ "authn_core_module" "modules/mod_authn_core.so" ] [ "dav_module" "modules/mod_dav.so" ] [ "dav_fs_module" "modules/mod_dav_fs.so" ] [ "auth_digest_module" "modules/mod_auth_digest.so" ] [ "auth_basic_module" "modules/mod_auth_basic.so" ] [ "dbd_module" "modules/mod_dbd.so" ] [ "authn_dbd_module" "modules/mod_authn_dbd.so" ] [ "authz_user_module" "modules/mod_authz_user.so" ] [ "authz_host_module" "modules/mod_authz_host.so" ] [ "headers_module" "modules/mod_headers.so" ] ]; } { Listen = "0.0.0.0:80"; ServerRoot = "/var/www"; ServerName = "blowhole"; PidFile = "/httpd.pid"; DocumentRoot = "/var/www"; User = "www-data"; Group = "www-data"; } { ErrorLog = "/dev/stderr"; TransferLog = "/dev/stdout"; LogLevel = "info"; } { AddType = [ [ "image/svg+xml" "svg" "svgz" ] ]; AddEncoding = [ "gzip" "svgz" ]; TypesConfig = "${pkgs.apacheHttpd}/conf/mime.types"; } { Directory."/" = { Require = [ "all" "denied" ]; Options = "SymlinksIfOwnerMatch"; }; VirtualHost."*:80" = { DocumentRoot = "/var/www/"; RewriteEngine = "off"; LogLevel = [ "alert" "rewrite:trace3" ]; RewriteRule = [ [ "/.well-known/carddav" "/dav.php" "[R=308,L]" ] [ "/.well-known/caldav" "/dav.php" "[R=308,L]" ] # [ "^/baikal/(.*)\.php$" "unix:${config.services.php-fpm.pools.main.socket}|fcgi:///var/www/html/$0" ] # [ "^/dav(.*)$" "/webdav/%{LA-U:REMOTE_USER}" "" ] # [ "^/baikal(.*)$" "/var/www/html/$1" "" ] ]; # DBDriver = "sqlite3"; # DBDParams = "/var/baikal/specific/db.sqlite"; # DBDMin = 4; # DBDKeep = 8; # DBDMax = 20; # DBDExptime = 300; # Location."/var/www/html/baikal" = { # Require = [ "all" "granted" ]; # AllowOverride = [ "all" ]; # Options = [ "-Indexes" "+FollowSymlinks" ]; # DirectoryIndex = "index.php"; # RewriteRule = [ "^/baikal/(.*)$" "/" ]; # }; Location."/var/www/html/" = { Header = [ [ "set" "X-Baikal-Uri" "http://localhost:8088/baikal" ] [ "set" "Host" "http://localhost:8088/baikal" ] ]; Options = [ "-Indexes" "+FollowSymlinks" ]; Require = [ "all" "granted" ]; AllowOverride = [ "all" ]; # ProxyPass = [ "unix:${config.services.php-fpm.pools.main.socket}|fcgi:///var/www/html/" ]; }; # "/var/webdav" = { # DAV = "on"; # AuthType = "Digest"; # AuthName = "BaikalDAV"; # Require = "valid-user"; # AuthDigestProvider = [ "dbd" ]; # AuthDBDUserRealmQuery = "\"SELECT digesta1 FROM users WHERE username = %s\""; # AuthDBDUserPWQuery = "\"SELECT digesta1 FROM users WHERE username = %s\""; # Options = [ "+Indexes" "+FollowSymLinks" "+MultiViews" ]; # AllowOverride = [ "all" ]; # }; }; } ]; }; }; }); }