dotfiles/nixng/containers/website/default.nix

89 lines
2.3 KiB
Nix
Raw Normal View History

{ inputs, ... }:
{
flake.nixngConfigurations.website = inputs.nixng.nglib.makeSystem {
system = "x86_64-linux";
name = "nixng-website";
inherit (inputs) nixpkgs;
config =
{ pkgs, lib, ... }:
let
inherit (lib)
singleton;
in
{
dumb-init = {
enable = true;
type.services = {};
};
init.services.apache2 = {
ensureSomething.link."documentRoot" = {
src = "${inputs.website.website."x86_64-linux"}/redalder";
dst = "/var/www";
};
shutdownOnExit = true;
};
services.apache2 = {
enable = true;
configuration = [
{
LoadModule = [
[ "mpm_event_module" "modules/mod_mpm_event.so" ]
[ "log_config_module" "modules/mod_log_config.so" ]
[ "unixd_module" "modules/mod_unixd.so" ]
[ "authz_core_module" "modules/mod_authz_core.so" ]
[ "dir_module" "modules/mod_dir.so" ]
[ "mime_module" "modules/mod_mime.so" ]
];
}
{
Listen = "0.0.0.0:80";
ServerRoot = "/var/www";
ServerName = "blowhole";
PidFile = "/httpd.pid";
User = "www-data";
Group = "www-data";
DocumentRoot = "/var/www";
}
{
ErrorLog = "/dev/stderr";
TransferLog = "/dev/stdout";
LogLevel = "info";
}
{
AddType = singleton [
"image/svg+xml"
"svg"
"svgz"
];
AddEncoding = [
"gzip"
"svgz"
];
TypesConfig = "${pkgs.apacheHttpd}/conf/mime.types";
}
{
Directory."/" = {
Require = [ "all" "denied" ];
Options = "SymlinksIfOwnerMatch";
};
VirtualHost."*:80".Directory."/var/www" = {
Require = [ "all" "granted" ];
Options = [ "-Indexes" "+FollowSymlinks" ];
DirectoryIndex = "index.html";
};
}
];
};
};
};
}