nixos-dotfiles

https://git.tonybtw.com/nixos-dotfiles.git git://git.tonybtw.com/nixos-dotfiles.git

1,579 bytes raw

{
  config,
  pkgs,
  lib,
  ...
}: let
  domain = "xmpp.tonybtw.com";
  dataDir = "/var/lib/xmpp-register";
  phpUser = "xmpp-register";
  phpGroup = "xmpp-register";

  phpApp = pkgs.runCommand "xmpp-register-app" {} ''
    mkdir -p $out
    cp ${./xmpp-register/index.php} $out/index.php
  '';
in {
  services.phpfpm.pools.xmpp-register = {
    user = phpUser;
    group = phpGroup;
    settings = {
      "listen.owner" = config.services.nginx.user;
      "listen.group" = config.services.nginx.group;
      "pm" = "ondemand";
      "pm.max_children" = 4;
      "pm.process_idle_timeout" = "10s";
    };
    phpOptions = ''
      session.save_path = "${dataDir}/sessions"
    '';
  };

  services.nginx.virtualHosts.${domain} = {
    forceSSL = true;
    useACMEHost = domain;

    locations."= /register" = {
      return = "301 /register/";
    };

    locations."^~ /register/" = {
      extraConfig = ''
        fastcgi_pass unix:${config.services.phpfpm.pools.xmpp-register.socket};
        include ${pkgs.nginx}/conf/fastcgi_params;
        fastcgi_param SCRIPT_FILENAME ${phpApp}/index.php;
      '';
    };
  };

  users.users.${phpUser} = {
    isSystemUser = true;
    group = phpGroup;
    home = dataDir;
  };
  users.groups.${phpGroup} = {};

  systemd.tmpfiles.rules = [
    "d ${dataDir} 0750 ${phpUser} ${phpGroup} -"
    "d ${dataDir}/sessions 0750 ${phpUser} ${phpGroup} -"
  ];

  security.sudo.extraConfig = ''
    ${phpUser} ALL=(prosody) NOPASSWD: /run/current-system/sw/bin/prosodyctl register *
  '';

  environment.systemPackages = [pkgs.prosody];
}

1	`{`
2	`config,`
3	`pkgs,`
4	`lib,`
5	`...`
6	`}: let`
7	`domain = "xmpp.tonybtw.com";`
8	`dataDir = "/var/lib/xmpp-register";`
9	`phpUser = "xmpp-register";`
10	`phpGroup = "xmpp-register";`
11
12	`phpApp = pkgs.runCommand "xmpp-register-app" {} ''`
13	`mkdir -p $out`
14	`cp ${./xmpp-register/index.php} $out/index.php`
15	`'';`
16	`in {`
17	`services.phpfpm.pools.xmpp-register = {`
18	`user = phpUser;`
19	`group = phpGroup;`
20	`settings = {`
21	`"listen.owner" = config.services.nginx.user;`
22	`"listen.group" = config.services.nginx.group;`
23	`"pm" = "ondemand";`
24	`"pm.max_children" = 4;`
25	`"pm.process_idle_timeout" = "10s";`
26	`};`
27	`phpOptions = ''`
28	`session.save_path = "${dataDir}/sessions"`
29	`'';`
30	`};`
31
32	`services.nginx.virtualHosts.${domain} = {`
33	`forceSSL = true;`
34	`useACMEHost = domain;`
35
36	`locations."= /register" = {`
37	`return = "301 /register/";`
38	`};`
39
40	`locations."^~ /register/" = {`
41	`extraConfig = ''`
42	`fastcgi_pass unix:${config.services.phpfpm.pools.xmpp-register.socket};`
43	`include ${pkgs.nginx}/conf/fastcgi_params;`
44	`fastcgi_param SCRIPT_FILENAME ${phpApp}/index.php;`
45	`'';`
46	`};`
47	`};`
48
49	`users.users.${phpUser} = {`
50	`isSystemUser = true;`
51	`group = phpGroup;`
52	`home = dataDir;`
53	`};`
54	`users.groups.${phpGroup} = {};`
55
56	`systemd.tmpfiles.rules = [`
57	`"d ${dataDir} 0750 ${phpUser} ${phpGroup} -"`
58	`"d ${dataDir}/sessions 0750 ${phpUser} ${phpGroup} -"`
59	`];`
60
61	`security.sudo.extraConfig = ''`
62	`${phpUser} ALL=(prosody) NOPASSWD: /run/current-system/sw/bin/prosodyctl register *`
63	`'';`
64
65	`environment.systemPackages = [pkgs.prosody];`
66	`}`