Add NixNG container for the redalder.org website

Signed-off-by: Magic_RB <magic_rb@redalder.org>
2024-11-22 08:04:20 +01:00 · 2023-06-13 23:05:08 +02:00 · 2023-06-13 23:05:08 +02:00 · b513a10c77
parent 099d4133d3
commit b513a10c77
2 changed files with 89 additions and 0 deletions
--- a/flake.nix
+++ b/flake.nix
@ -47,6 +47,7 @@
        nixos/systems/liveusb
        nixos/systems/blowhole

+        nixng/containers/website
        nixng/containers/ds3os
        overlays/udp-over-tcp.nix
        overlays/emacsclient-remote
--- a/nixng/containers/website/default.nix
+++ b/nixng/containers/website/default.nix
@ -0,0 +1,88 @@
+{ inputs, ... }:
+{
+  flake.nixngConfigurations.website = inputs.nixng.nglib.makeSystem {
+    system = "x86_64-linux";
+    name = "nixng-website";
+    inherit (inputs) nixpkgs;
+    config =
+      { pkgs, lib, ... }:
+      let
+        inherit (lib)
+          singleton;
+      in
+      {
+        dumb-init = {
+          enable = true;
+          type.services = {};
+        };
+        init.services.apache2 = {
+          ensureSomething.link."documentRoot" = {
+            src = "${inputs.website."x86_64-linux"}/redalder";
+            dst = "/var/www";
+          };
+          shutdownOnExit = true;
+        };
+        services.apache2 = {
+          enable = true;
+          configuration = [
+            {
+              LoadModule = [
+                [ "mpm_event_module" "modules/mod_mpm_event.so" ]
+                [ "log_config_module" "modules/mod_log_config.so" ]
+                [ "unixd_module" "modules/mod_unixd.so" ]
+                [ "authz_core_module" "modules/mod_authz_core.so" ]
+                [ "dir_module" "modules/mod_dir.so" ]
+                [ "mime_module" "modules/mod_mime.so" ]
+              ];
+            }
+            {
+              Listen = "0.0.0.0:80";
+
+              ServerRoot = "/var/www";
+              ServerName = "blowhole";
+              PidFile = "/httpd.pid";
+
+              User = "www-data";
+              Group = "www-data";
+
+              DocumentRoot = "/var/www";
+            }
+
+            {
+              ErrorLog = "/dev/stderr";
+              TransferLog = "/dev/stdout";
+
+              LogLevel = "info";
+            }
+
+            {
+              AddType = singleton [
+                "image/svg+xml"
+                "svg"
+                "svgz"
+              ];
+              AddEncoding = [
+                "gzip"
+                "svgz"
+              ];
+
+              TypesConfig = "${pkgs.apacheHttpd}/conf/mime.types";
+            }
+
+            {
+              Directory."/" = {
+                Require = [ "all" "denied" ];
+                Options = "SymlinksIfOwnerMatch";
+              };
+
+              VirtualHost."*:80".Directory."/var/www" = {
+                Require = [ "all" "granted" ];
+                Options = [ "-Indexes" "+FollowSymlinks" ];
+                DirectoryIndex = "index.html";
+              };
+            }
+          ];
+        };
+      };
+  };
+}