41 lines
871 B
Nix
41 lines
871 B
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
let
|
|
hostname = config.krebs.build.host.name;
|
|
inherit (lib)
|
|
nameValuePair
|
|
;
|
|
|
|
in {
|
|
krebs.realwallpaper.enable = true;
|
|
|
|
system.activationScripts.user-shadow = ''
|
|
${pkgs.coreutils}/bin/chmod +x /var/realwallpaper
|
|
'';
|
|
services.nginx.virtualHosts.wallpaper = {
|
|
extraConfig = ''
|
|
if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
|
|
return 403;
|
|
}
|
|
'';
|
|
serverAliases = [
|
|
hostname
|
|
"${hostname}.r"
|
|
];
|
|
locations."/realwallpaper.png".extraConfig = ''
|
|
root /var/realwallpaper/;
|
|
'';
|
|
locations."/realwallpaper-krebs.png".extraConfig = ''
|
|
root /var/realwallpaper/;
|
|
'';
|
|
};
|
|
|
|
krebs.iptables = {
|
|
tables = {
|
|
filter.INPUT.rules = [
|
|
{ predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
|
|
];
|
|
};
|
|
};
|
|
}
|