From 56e6ec5d8acecbfdc411203a9728f37f5b388788 Mon Sep 17 00:00:00 2001
From: teidesu <alina@tei.su>
Date: Thu, 6 Jun 2024 15:14:49 +0300
Subject: [PATCH] chore(koi): migrated phpfront from desu-arm

---
 hosts/koi/configuration.nix     |  1 +
 hosts/koi/services/phpfront.nix | 72 +++++++++++++++++++++++++++++++++
 2 files changed, 73 insertions(+)
 create mode 100644 hosts/koi/services/phpfront.nix

diff --git a/hosts/koi/configuration.nix b/hosts/koi/configuration.nix
index 38a625a..56cd748 100755
--- a/hosts/koi/configuration.nix
+++ b/hosts/koi/configuration.nix
@@ -16,6 +16,7 @@
     ./services/coredns.nix
     ./services/sing-box.nix
     ./services/nginx.nix
+    ./services/phpfront.nix
     ./services/landing
 
     ./containers/uxplay.nix
diff --git a/hosts/koi/services/phpfront.nix b/hosts/koi/services/phpfront.nix
new file mode 100644
index 0000000..8dbc400
--- /dev/null
+++ b/hosts/koi/services/phpfront.nix
@@ -0,0 +1,72 @@
+{ pkgs, lib, config, ... }:
+
+{
+  services.phpfpm.pools.phpfront = {
+    user = "phpfront";
+    settings = {
+      "listen.owner" = config.services.nginx.user;
+      "pm" = "dynamic";
+      "pm.max_children" = 32;
+      "pm.max_requests" = 500;
+      "pm.start_servers" = 2;
+      "pm.min_spare_servers" = 2;
+      "pm.max_spare_servers" = 5;
+      "php_admin_value[error_log]" = "stderr";
+      "php_admin_flag[log_errors]" = true;
+      "catch_workers_output" = true;
+    };
+    phpOptions = ''
+      short_open_tag = On
+    '';
+    phpEnv."PATH" = lib.makeBinPath [ pkgs.php ];
+  };
+
+  services.nginx.virtualHosts."tei.su" = {
+    forceSSL = true;
+    useACMEHost = "tei.su";
+
+    root = "/srv/phpfront"; # outside flake for now, todo
+    extraConfig = ''
+      index index.html index.php;
+    '';
+
+    locations."/.well-known/" = {
+      extraConfig = ''
+        add_header 'Access-Control-Allow-Origin' '*';
+      '';
+    };
+
+    locations."/_secure/" = {
+      # too lazy to migrate old logic for now, just error out
+      extraConfig = "return 403;";
+    };
+
+    locations."/" = {
+      extraConfig = ''
+        try_files $uri $uri/ =404;
+
+        rewrite ^/?(\$|donate)$ /donate.php;
+        rewrite ^/ava320.jpg$ /ava320.php;
+        rewrite ^/pfrepl https://teidesu.github.io/protoflex/repl redirect;
+        rewrite ^/im\.mp3 https://vk.com/mp3/cc_ice_melts.mp3 redirect;
+      '';
+    };
+
+    locations."~ \\.php$ " = {
+      extraConfig = ''
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_pass unix:${config.services.phpfpm.pools.phpfront.socket};
+        fastcgi_index index.php;
+        include ${pkgs.nginx}/conf/fastcgi.conf;
+      '';
+    };
+  };
+
+  users.users.phpfront = {
+    isSystemUser = true;
+    createHome = true;
+    home = "/srv/phpfront";
+    group  = "phpfront";
+  };
+  users.groups.phpfront = {};
+}
\ No newline at end of file