From 8cbad5dc58ad9e8001f3ccf5eea46a3e398eb2c4 Mon Sep 17 00:00:00 2001
From: chn <chn@chn.moe>
Date: Thu, 16 Nov 2023 13:18:21 +0800
Subject: [PATCH] add httpapi

---
 flake.nix                            |  3 +-
 modules/services/default.nix         |  1 +
 modules/services/httpapi.nix         | 49 ++++++++++++++++++++++++++++
 modules/services/httpapi/default.nix | 33 -------------------
 secrets/vps7.yaml                    |  7 ++--
 5 files changed, 57 insertions(+), 36 deletions(-)
 create mode 100644 modules/services/httpapi.nix
 delete mode 100644 modules/services/httpapi/default.nix

diff --git a/flake.nix b/flake.nix
index 4812d706..7fb71561 100644
--- a/flake.nix
+++ b/flake.nix
@@ -290,7 +290,7 @@
                     [ "nix-store" "xn--qbtm095lrg0bfka60z" ]))
                   // (builtins.listToAttrs (builtins.map
                     (site: { name = "${site}.chn.moe"; value.upstream.address = "internal.vps7.chn.moe"; })
-                    [ "xn--s8w913fdga" "misskey" "synapse" "send" "kkmeeting" ]));
+                    [ "xn--s8w913fdga" "misskey" "synapse" "send" "kkmeeting" "api" ]));
                   applications =
                   {
                     element.instances."element.chn.moe" = {};
@@ -373,6 +373,7 @@
                   kkmeeting.enable = true;
                   webdav.enable = true;
                 };
+                httpapi.enable = true;
               };
             };})
           ];
diff --git a/modules/services/default.nix b/modules/services/default.nix
index 97c86c86..e3b862b1 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -32,6 +32,7 @@ inputs:
     ./huginn.nix
     ./httpua
     ./fz-new-order
+    ./httpapi.nix
   ];
   options.nixos.services = let inherit (inputs.lib) mkOption types; in
   {
diff --git a/modules/services/httpapi.nix b/modules/services/httpapi.nix
new file mode 100644
index 00000000..69d084f8
--- /dev/null
+++ b/modules/services/httpapi.nix
@@ -0,0 +1,49 @@
+inputs:
+{
+  options.nixos.services.httpapi = let inherit (inputs.lib) mkOption types; in
+  {
+    enable = mkOption { type = types.bool; default = false; };
+    hostname = mkOption { type = types.nonEmptyStr; default = "api.chn.moe"; };
+  };
+  config =
+    let
+      inherit (inputs.config.nixos.services) httpapi;
+      inherit (inputs.lib) mkIf;
+      inherit (builtins) toString;
+    in mkIf httpapi.enable
+    {
+      nixos.services =
+      {
+        phpfpm.instances.httpapi = {};
+        nginx.https.${httpapi.hostname}.location =
+        {
+          "/files".static.root = "/srv/api";
+          "/led".static =
+          {
+            root = "/srv/api";
+            detectAuth.users = [ "led" ];
+          };
+          "/notify.php".php =
+          {
+            root = builtins.dirOf inputs.config.sops.templates."httpapi/notify.php".path;
+            fastcgiPass = inputs.config.nixos.services.phpfpm.instances.httpapi.fastcgi;
+          };
+        };
+        phpfpm.instances.httpapi = {};
+      };
+      sops =
+      {
+        templates."httpapi/notify.php" =
+        {
+          owner = inputs.config.users.users.httpapi.name;
+          group = inputs.config.users.users.httpapi.group;
+          content =
+            let
+              placeholder = inputs.config.sops.placeholder;
+              request = "https://api.telegram.org/${placeholder."httpapi/token"}/sendMessage?chat_id=861886506&text=";
+            in ''<?php print file_get_contents("${request}".urlencode($_GET["message"])); ?>'';
+        };
+        secrets."httpapi/token" = {};
+      };
+    };
+}
diff --git a/modules/services/httpapi/default.nix b/modules/services/httpapi/default.nix
deleted file mode 100644
index b9ae5770..00000000
--- a/modules/services/httpapi/default.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-inputs:
-{
-  options.nixos.services.httpapi = let inherit (inputs.lib) mkOption types; in
-  {
-    enable = mkOption { type = types.bool; default = false; };
-    hostname = mkOption { type = types.nonEmptyStr; default = "api.chn.moe"; };
-  };
-  config =
-    let
-      inherit (inputs.config.nixos.services) httpapi;
-      inherit (inputs.lib) mkIf;
-      inherit (builtins) toString;
-    in mkIf httpapi.enable
-    {
-      nixos.services =
-      {
-        phpfpm.instances.httpapi = {};
-        nginx.https.${httpapi.hostname}.location =
-        {
-          "/led".static =
-          {
-            root = "/srv/api";
-            detectAuth.users = [ "chn" ];
-          }
-        }
-        php =
-        {
-          root = toString ./.;
-          fastcgiPass = inputs.config.nixos.services.phpfpm.instances.httpua.fastcgi;
-        };
-      };
-    };
-}
diff --git a/secrets/vps7.yaml b/secrets/vps7.yaml
index f9ecfa08..026e1512 100644
--- a/secrets/vps7.yaml
+++ b/secrets/vps7.yaml
@@ -3,6 +3,7 @@ acme:
 nginx:
     detectAuth:
         chn: ENC[AES256_GCM,data:Gk0TTbnFcsvIgoDcen6B8w==,iv:kvyvygw9zDwaiTQ2vPFTHQex0EWDFg8M8U22AConQFM=,tag:ewAZ/nXxmTOhDAjW/A2OnA==,type:str]
+        led: ENC[AES256_GCM,data:Owax7cyp,iv:NCEKyicVCYZNgxJzlO90heUmwPjfXbZEcyXX09XQKI4=,tag:WMTCVMVCD9sJgAhRUsqvYg==,type:str]
     maxmind-license: ENC[AES256_GCM,data:9aW4QR3K6S+eTqzIjVlNEwkG0wZ4u5jgRfe7CMwRlJlK4AmcS6c45Q==,iv:cPTN1K4Aag5sohGbCQUZHYTvcwAL7AhF+rrY3OvXGPs=,tag:d9GGUMHnfzRz9Cf2U+dBfw==,type:str]
 redis:
     rsshub: ENC[AES256_GCM,data:uPnZIjbnRRoWIHlWkZNZkMpIb3Ujnnpb+AisVSVGFv4sfDAuDlAjt39pRdnWkCXJPqtXjJzQ+FeT34cqxTf8Bg==,iv:/jcyAHkxByFnbkmCAYQwda2QRmhW7L/ICoLuCgsVLCI=,tag:M5Q+dh/Bn7FiNpqQGYus4Q==,type:str]
@@ -75,6 +76,8 @@ fz-new-order:
         username: ENC[AES256_GCM,data:xWP1cesh,iv:11KFZ/J9PScz/oW2+H5BWgw0+ETkCXlcYOMuPpgjEs0=,tag:HswEVzm6ElRjIDsZyEfZcA==,type:str]
         password: ENC[AES256_GCM,data:Da/E7ZeZ,iv:gIoheXeTErV3+CtZSEDsX7pGzRahHWlKYQ6QZ6W2eu8=,tag:0oQzQ5DJiS2hqMQfU6JRWw==,type:str]
         comment: ENC[AES256_GCM,data:etfZKwbh,iv:XqqF3D0PpCPd2Q/CCu/PAH4SrvXAOu+lIXvSht/KfKk=,tag:7jyG33foxneRK2wvI/5uBg==,type:str]
+httpapi:
+    token: ENC[AES256_GCM,data:fuGJ+5sKr3yob7JbyqtwGBAxnDzxTvoC5XPWHNawOjqC7Ydz6HujpYudG2CUMxt+rA==,iv:Yhg5NqRRp+PYsxNKFUiUydAL1hmz2pr/T0f5GDKV18w=,tag:SZoy0gTzpeq39mEFBTUDLA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -99,8 +102,8 @@ sops:
             SnFHS1Z0SXUzTFdEd29KTy9DU3Y3R0UKfhh+rUmWDrf+UGjclP57dHipPLFoXSqy
             HdelmfV6q4/c7ppx2E+oZw3VNgoZCsrxxzYZfwxHJiZb+5vkE0D8iA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-11-15T13:34:57Z"
-    mac: ENC[AES256_GCM,data:vpCTk80mgFw3ticYcdnKqlY6ud30w9Zt5H5qrrtabGxaL9JmFuoD6LFhctHTg+u80vCeWNl6xIRfcDw0CQ67aRKdFdbv8KIWPw7El2Em/q0GqL0jk66F93mwo29pPJpU1QVFwCk3ZEgXtkVAweaglkWZVn0QXydpOmf/ceuQcuo=,iv:e6rd/1ZtVdKmI0ksAI6PLKPNxFiIsCramS+ktGUWFII=,tag:1q/KPu5zhFsSf8eP6kuz1g==,type:str]
+    lastmodified: "2023-11-16T05:14:07Z"
+    mac: ENC[AES256_GCM,data:rhF6HFubRyk+zk8nVddoXLQ3j6rzZjf2tRwl+B6inX9DKy32zbXKF29nzzk25KSrJOY1rsafiS2pza1eRPRs+I3aJ0v9oWi1qRwoHzSX34ZkGil8uZ5CWh0Xx8md3Zp1bz7JmMYA9IiGbBGty4gjMaJG/7AfP2447eLaJyFADAI=,iv:3g+QKrPGiGzKefp3m1t01QeaF7uJzRZ+NoWJ7h6gQHQ=,tag:wO7eQ3tCGzMUtTrSxdpK+w==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3