{ config, lib, pkgs, ... }: # TODO: Make this confix nix-y, so it doesn't require a metric shitton of # manual intervention to install { containers.engelsystem = { config = { pkgs, lib, config, ... }: let app = "engelsystem"; domain = "himmel.hacc.earth"; dataDir = "/srv/http/${domain}/public"; engelport-py-pack = python-packages: with pkgs.python38Packages; [ mysqlclient ]; engelport-py = pkgs.python38.withPackages engelport-py-pack; in { networking.firewall.enable = false; networking.nameservers = ["1.1.1.1" "1.0.0.1"]; networking.hosts."192.168.100.1" = [ "mail.hacc.space" ]; services.phpfpm.pools.${app} = { user = app; settings = { "listen.owner" = config.services.nginx.user; "pm" = "dynamic"; "pm.max_children" = 32; "pm.max_requests" = 500; "pm.start_servers" = 2; "pm.min_spare_servers" = 2; "pm.max_spare_servers" = 5; "php_admin_value[error_log]" = "stderr"; "php_admin_flag[log_errors]" = true; "catch_workers_output" = true; }; phpEnv."PATH" = lib.makeBinPath [ pkgs.php ]; }; services.nginx = { enable = true; virtualHosts.${domain}.locations = { "/" = { extraConfig = "rewrite ^ /index.php;"; }; "/assets" = { root = dataDir; }; "/index.php" = { root = dataDir; extraConfig = '' include ${pkgs.nginx}/conf/fastcgi.conf; fastcgi_split_path_info ^(.+\.php)(\\/.*)$; try_files $fastcgi_script_name =404; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_pass unix:${config.services.phpfpm.pools.${app}.socket}; fastcgi_intercept_errors on; ''; }; }; }; users.users.${app} = { isSystemUser = true; createHome = true; home = dataDir; group = app; }; users.groups.${app} = {}; services.mysql = { enable = true; ensureDatabases = [ "engelsystem" ]; ensureUsers = [{ name = "engelsystem"; ensurePermissions."engelsystem.*" = "ALL PRIVILEGES"; }]; package = pkgs.mariadb; }; environment.systemPackages = [ pkgs.php pkgs.php74Packages.composer pkgs.yarn engelport-py ]; }; privateNetwork = true; hostAddress = "192.168.100.1"; localAddress = "192.168.100.2"; autoStart = true; }; services.nginx.virtualHosts."himmel.hacc.earth" = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://192.168.100.2"; extraConfig = "add_header Host himmel.hacc.earth;"; }; }; }