fruitbasket/modules/userdir.nix

85 lines
2.1 KiB
Nix
Raw Normal View History

2023-09-20 14:07:50 +02:00
{ config, pkgs, ... }:
2023-06-30 13:57:21 +02:00
let
domain = "users.${config.networking.domain}";
2023-06-30 13:57:21 +02:00
port = 8083;
apacheUser = config.services.httpd.user;
in
{
# home directory setup
systemd.tmpfiles.rules = [
"d /etc/skel"
];
environment.extraInit = /*sh*/ ''
if [[ "$HOME" != "/" && "$UID" != 0 ]]; then
umask 002
# home dir: apache may traverse only, creation mode is rw(x)------
setfacl -m u:${apacheUser}:x,d:u::rwx,d:g::-,d:o::- $HOME
mkdir -p $HOME/public_html
# public_html dir: apache and $USER have rwx on everything inside
2023-09-20 14:07:50 +02:00
setfacl -m u:${apacheUser}:rwx,d:u:${apacheUser}:rwx,d:u:''${USER}:rwx $HOME/public_html
2023-06-30 13:57:21 +02:00
fi
'';
services.httpd = {
enable = true;
enablePHP = true;
maxClients = 10;
mpm = "prefork";
2023-09-20 14:07:50 +02:00
extraModules = [ "userdir" ];
2023-06-30 13:57:21 +02:00
virtualHosts.${domain} = {
extraConfig = ''
2023-09-20 14:07:50 +02:00
UserDir disabled root
UserDir /home/users/*/public_html/
2023-09-16 19:39:09 +02:00
<Directory "/home/users/*/public_html">
2023-09-17 14:28:13 +02:00
Options -Indexes +MultiViews +SymLinksIfOwnerMatch +IncludesNoExec
2023-06-30 13:57:21 +02:00
DirectoryIndex index.php index.html
AllowOverride FileInfo AuthConfig Limit Indexes Options=Indexes
2023-09-17 14:28:13 +02:00
<Limit GET POST OPTIONS>
Require all granted
</Limit>
<LimitExcept GET POST OPTIONS>
Require all denied
</LimitExcept>
2023-06-30 13:57:21 +02:00
</Directory>
'';
listen = [{
ip = "127.0.0.1";
inherit port;
}];
};
2023-10-01 19:17:29 +02:00
phpPackage = pkgs.php.buildEnv {
extraConfig = ''
display_errors=0
2023-11-28 18:34:51 +01:00
post_max_size = 40M
upload_max_filesize = 40M
2023-10-01 19:17:29 +02:00
'';
};
2023-06-30 13:57:21 +02:00
};
services.nginx.virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${toString port}";
2023-09-20 14:07:50 +02:00
extraConfig = ''
proxy_intercept_errors on;
error_page 403 404 =404 /404.html;
2023-11-28 18:34:51 +01:00
client_max_body_size 40M;
2023-09-20 14:07:50 +02:00
'';
2023-06-30 13:57:21 +02:00
};
2023-12-15 15:48:40 +01:00
locations."/robots.txt" = {
extraConfig = ''
add_header Content-Type text/plain;
return 200 "User-agent: *\nDisallow: /\n";
'';
};
2023-06-30 13:57:21 +02:00
};
}