lass/2configs/realwallpaper.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

{ config, lib, pkgs, ... }:

let
  hostname = config.krebs.build.host.name;
  inherit (lib)
    nameValuePair
  ;

in {
  krebs.realwallpaper.enable = true;

  system.activationScripts.user-shadow = ''
    ${pkgs.coreutils}/bin/chmod +x /var/realwallpaper
  '';
  services.nginx.virtualHosts.wallpaper = {
    extraConfig = ''
      if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
        return 403;
      }
    '';
    serverAliases = [
      hostname
      "${hostname}.r"
    ];
    locations."/realwallpaper.png".extraConfig = ''
      root /var/realwallpaper/;
    '';
    locations."/realwallpaper-krebs.png".extraConfig = ''
      root /var/realwallpaper/;
    '';
    locations."/realwallpaper-video.mp4".extraConfig = ''
      root /var/realwallpaper/archive;
    '';
  };

  krebs.iptables = {
    tables = {
      filter.INPUT.rules = [
        { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
      ];
    };
  };
}