dotfiles/nixng/containers/website/default.nix

91 lines
2.2 KiB
Nix
Raw Normal View History

{inputs, ...}: {
flake.nixngConfigurations.website = inputs.nixng.nglib.makeSystem {
system = "x86_64-linux";
name = "nixng-website";
nixpkgs = inputs.nixpkgs-stable;
config = {
pkgs,
lib,
...
}: let
inherit
(lib)
singleton
;
in {
dumb-init = {
enable = true;
type.services = {};
};
init.services.apache2 = {
ensureSomething.link."documentRoot" = {
src = "${inputs.website.packages."x86_64-linux".website}/redalder";
dst = "/var/www";
};
shutdownOnExit = true;
};
services.apache2 = {
enable = true;
configuration = [
{
LoadModule = [
["mpm_event_module" "modules/mod_mpm_event.so"]
["log_config_module" "modules/mod_log_config.so"]
["unixd_module" "modules/mod_unixd.so"]
["authz_core_module" "modules/mod_authz_core.so"]
["dir_module" "modules/mod_dir.so"]
["mime_module" "modules/mod_mime.so"]
];
}
{
Listen = "0.0.0.0:80";
ServerRoot = "/var/www";
ServerName = "blowhole";
PidFile = "/httpd.pid";
User = "www-data";
Group = "www-data";
DocumentRoot = "/var/www";
}
{
ErrorLog = "/dev/stderr";
TransferLog = "/dev/stdout";
LogLevel = "info";
}
{
AddType = singleton [
"image/svg+xml"
"svg"
"svgz"
];
AddEncoding = [
"gzip"
"svgz"
];
TypesConfig = "${pkgs.apacheHttpd}/conf/mime.types";
}
{
Directory."/" = {
Require = ["all" "denied"];
Options = "SymlinksIfOwnerMatch";
};
VirtualHost."*:80".Directory."/var/www" = {
Require = ["all" "granted"];
Options = ["-Indexes" "+FollowSymlinks"];
DirectoryIndex = "index.html";
};
}
];
};
};
};
}