chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2024-10-23 05:39:05 +08:00
Code Issues Packages Projects Releases Wiki Activity

add httpapi

Browse Source
This commit is contained in:
陈浩南 2023-11-16 13:18:21 +08:00
parent 790aa5fa2e
commit 8cbad5dc58
5 changed files with 57 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
flake.nix
View File

@ -290,7 +290,7 @@
[ "nix-store" "xn--qbtm095lrg0bfka60z" ]))
// (builtins.listToAttrs (builtins.map
(site: { name = "${site}.chn.moe"; value.upstream.address = "internal.vps7.chn.moe"; })
[ "xn--s8w913fdga" "misskey" "synapse" "send" "kkmeeting" ]));
[ "xn--s8w913fdga" "misskey" "synapse" "send" "kkmeeting" "api" ]));
applications =
{
element.instances."element.chn.moe" = {};
@ -373,6 +373,7 @@
kkmeeting.enable = true;
webdav.enable = true;
};
httpapi.enable = true;
};
};})
];

1
modules/services/default.nix
View File

@ -32,6 +32,7 @@ inputs:
./huginn.nix
./httpua
./fz-new-order
./httpapi.nix
];
options.nixos.services = let inherit (inputs.lib) mkOption types; in
{

49
modules/services/httpapi.nix Normal file
View File

@ -0,0 +1,49 @@
inputs:
{
options.nixos.services.httpapi = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
hostname = mkOption { type = types.nonEmptyStr; default = "api.chn.moe"; };
};
config =
let
inherit (inputs.config.nixos.services) httpapi;
inherit (inputs.lib) mkIf;
inherit (builtins) toString;
in mkIf httpapi.enable
{
nixos.services =
{
phpfpm.instances.httpapi = {};
nginx.https.${httpapi.hostname}.location =
{
"/files".static.root = "/srv/api";
"/led".static =
{
root = "/srv/api";
detectAuth.users = [ "led" ];
};
"/notify.php".php =
{
root = builtins.dirOf inputs.config.sops.templates."httpapi/notify.php".path;
fastcgiPass = inputs.config.nixos.services.phpfpm.instances.httpapi.fastcgi;
};
};
phpfpm.instances.httpapi = {};
};
sops =
{
templates."httpapi/notify.php" =
{
owner = inputs.config.users.users.httpapi.name;
group = inputs.config.users.users.httpapi.group;
content =
let
placeholder = inputs.config.sops.placeholder;
request = "https://api.telegram.org/${placeholder."httpapi/token"}/sendMessage?chat_id=861886506&text=";
in ''<?php print file_get_contents("${request}".urlencode($_GET["message"])); ?>'';
};
secrets."httpapi/token" = {};
};
};
}

33
modules/services/httpapi/default.nix
View File

@ -1,33 +0,0 @@
inputs:
{
options.nixos.services.httpapi = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
hostname = mkOption { type = types.nonEmptyStr; default = "api.chn.moe"; };
};
config =
let
inherit (inputs.config.nixos.services) httpapi;
inherit (inputs.lib) mkIf;
inherit (builtins) toString;
in mkIf httpapi.enable
{
nixos.services =
{
phpfpm.instances.httpapi = {};
nginx.https.${httpapi.hostname}.location =
{
"/led".static =
{
root = "/srv/api";
detectAuth.users = [ "chn" ];
}
}
php =
{
root = toString ./.;
fastcgiPass = inputs.config.nixos.services.phpfpm.instances.httpua.fastcgi;
};
};
};
}

7
secrets/vps7.yaml
View File

@ -3,6 +3,7 @@ acme:
nginx:
detectAuth:
chn: ENC[AES256_GCM,data:Gk0TTbnFcsvIgoDcen6B8w==,iv:kvyvygw9zDwaiTQ2vPFTHQex0EWDFg8M8U22AConQFM=,tag:ewAZ/nXxmTOhDAjW/A2OnA==,type:str]
led: ENC[AES256_GCM,data:Owax7cyp,iv:NCEKyicVCYZNgxJzlO90heUmwPjfXbZEcyXX09XQKI4=,tag:WMTCVMVCD9sJgAhRUsqvYg==,type:str]
maxmind-license: ENC[AES256_GCM,data:9aW4QR3K6S+eTqzIjVlNEwkG0wZ4u5jgRfe7CMwRlJlK4AmcS6c45Q==,iv:cPTN1K4Aag5sohGbCQUZHYTvcwAL7AhF+rrY3OvXGPs=,tag:d9GGUMHnfzRz9Cf2U+dBfw==,type:str]
redis:
rsshub: ENC[AES256_GCM,data:uPnZIjbnRRoWIHlWkZNZkMpIb3Ujnnpb+AisVSVGFv4sfDAuDlAjt39pRdnWkCXJPqtXjJzQ+FeT34cqxTf8Bg==,iv:/jcyAHkxByFnbkmCAYQwda2QRmhW7L/ICoLuCgsVLCI=,tag:M5Q+dh/Bn7FiNpqQGYus4Q==,type:str]
@ -75,6 +76,8 @@ fz-new-order:
username: ENC[AES256_GCM,data:xWP1cesh,iv:11KFZ/J9PScz/oW2+H5BWgw0+ETkCXlcYOMuPpgjEs0=,tag:HswEVzm6ElRjIDsZyEfZcA==,type:str]
password: ENC[AES256_GCM,data:Da/E7ZeZ,iv:gIoheXeTErV3+CtZSEDsX7pGzRahHWlKYQ6QZ6W2eu8=,tag:0oQzQ5DJiS2hqMQfU6JRWw==,type:str]
comment: ENC[AES256_GCM,data:etfZKwbh,iv:XqqF3D0PpCPd2Q/CCu/PAH4SrvXAOu+lIXvSht/KfKk=,tag:7jyG33foxneRK2wvI/5uBg==,type:str]
httpapi:
token: ENC[AES256_GCM,data:fuGJ+5sKr3yob7JbyqtwGBAxnDzxTvoC5XPWHNawOjqC7Ydz6HujpYudG2CUMxt+rA==,iv:Yhg5NqRRp+PYsxNKFUiUydAL1hmz2pr/T0f5GDKV18w=,tag:SZoy0gTzpeq39mEFBTUDLA==,type:str]
sops:
kms: []
gcp_kms: []
@ -99,8 +102,8 @@ sops:
SnFHS1Z0SXUzTFdEd29KTy9DU3Y3R0UKfhh+rUmWDrf+UGjclP57dHipPLFoXSqy
HdelmfV6q4/c7ppx2E+oZw3VNgoZCsrxxzYZfwxHJiZb+5vkE0D8iA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-11-15T13:34:57Z"
mac: ENC[AES256_GCM,data:vpCTk80mgFw3ticYcdnKqlY6ud30w9Zt5H5qrrtabGxaL9JmFuoD6LFhctHTg+u80vCeWNl6xIRfcDw0CQ67aRKdFdbv8KIWPw7El2Em/q0GqL0jk66F93mwo29pPJpU1QVFwCk3ZEgXtkVAweaglkWZVn0QXydpOmf/ceuQcuo=,iv:e6rd/1ZtVdKmI0ksAI6PLKPNxFiIsCramS+ktGUWFII=,tag:1q/KPu5zhFsSf8eP6kuz1g==,type:str]
lastmodified: "2023-11-16T05:14:07Z"
mac: ENC[AES256_GCM,data:rhF6HFubRyk+zk8nVddoXLQ3j6rzZjf2tRwl+B6inX9DKy32zbXKF29nzzk25KSrJOY1rsafiS2pza1eRPRs+I3aJ0v9oWi1qRwoHzSX34ZkGil8uZ5CWh0Xx8md3Zp1bz7JmMYA9IiGbBGty4gjMaJG/7AfP2447eLaJyFADAI=,iv:3g+QKrPGiGzKefp3m1t01QeaF7uJzRZ+NoWJ7h6gQHQ=,tag:wO7eQ3tCGzMUtTrSxdpK+w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3