{ inputs, ... }: { flake.nixngConfigurations.website = inputs.nixng.nglib.makeSystem { system = "x86_64-linux"; name = "nixng-website"; inherit (inputs) nixpkgs; config = { pkgs, lib, ... }: let inherit (lib) singleton; in { dumb-init = { enable = true; type.services = {}; }; init.services.apache2 = { ensureSomething.link."documentRoot" = { src = "${inputs.website.packages."x86_64-linux".website}/redalder"; dst = "/var/www"; }; shutdownOnExit = true; }; services.apache2 = { enable = true; configuration = [ { LoadModule = [ [ "mpm_event_module" "modules/mod_mpm_event.so" ] [ "log_config_module" "modules/mod_log_config.so" ] [ "unixd_module" "modules/mod_unixd.so" ] [ "authz_core_module" "modules/mod_authz_core.so" ] [ "dir_module" "modules/mod_dir.so" ] [ "mime_module" "modules/mod_mime.so" ] ]; } { Listen = "0.0.0.0:80"; ServerRoot = "/var/www"; ServerName = "blowhole"; PidFile = "/httpd.pid"; User = "www-data"; Group = "www-data"; DocumentRoot = "/var/www"; } { ErrorLog = "/dev/stderr"; TransferLog = "/dev/stdout"; LogLevel = "info"; } { AddType = singleton [ "image/svg+xml" "svg" "svgz" ]; AddEncoding = [ "gzip" "svgz" ]; TypesConfig = "${pkgs.apacheHttpd}/conf/mime.types"; } { Directory."/" = { Require = [ "all" "denied" ]; Options = "SymlinksIfOwnerMatch"; }; VirtualHost."*:80".Directory."/var/www" = { Require = [ "all" "granted" ]; Options = [ "-Indexes" "+FollowSymlinks" ]; DirectoryIndex = "index.html"; }; } ]; }; }; }; }