Initial commit

Author: tfc

.gitignore

@@ -0,0 +1,3 @@
+nixos.qcow2
+result
+result-*

flake.lock

@@ -0,0 +1,38 @@
+{
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
+    disko.url = "github:nix-community/disko";
+    disko.inputs.nixpkgs.follows = "nixpkgs";
+    flake-parts.url = "github:hercules-ci/flake-parts";
+    nspawn-nixos.url = "/home/tfc/src/nspawn-example";
+  };
+
+  outputs = inputs: inputs.flake-parts.lib.mkFlake { inherit inputs; } {
+    systems = [ "x86_64-linux" "aarch64-linux" ];
+    perSystem = { config, pkgs, system, ... }: {
+      packages =
+        let
+          vmFromModules = modules: (inputs.nixpkgs.lib.nixosSystem {
+            inherit modules system;
+          }).config.system.build.vm;
+        in {
+        vm = vmFromModules [
+          ./qemu-vm.nix
+          ./nginx-php.nix
+        ];
+        vm-containered = vmFromModules [
+          ./qemu-vm.nix
+          ({ ... }: { # NixOS config of within the VM
+            containers.webserver = {
+              autoStart = true;
+              privateNetwork = false;
+              config = { ... }: { # NixOS config of within the container
+                imports = [ ./nginx-php.nix ];
+              };
+            };
+          })
+        ];
+      };
+    };
+  };
+}

flake.nix

@@ -0,0 +1,66 @@
+{ config, lib, pkgs, ... }:
+
+let
+  wwwRoot = ./wwwroot;
+  phpPkgNames = [ "php80" "php81" "php82" ];
+
+  phpPools =
+    let
+      f = phpPkgName: {
+        name = phpPkgName;
+        value = {
+          user = "php";
+          phpPackage = pkgs.${phpPkgName};
+          settings = {
+            "listen.owner" = config.services.nginx.user;
+            "pm" = "dynamic";
+            "pm.max_children" = 32;
+            "pm.max_requests" = 500;
+            "pm.start_servers" = 2;
+            "pm.min_spare_servers" = 1;
+            "pm.max_spare_servers" = 5;
+          };
+        };
+      };
+    in
+      builtins.listToAttrs (map f phpPkgNames);
+
+  nginxLocations =
+    let
+      f = phpPkgName: {
+        name = "/${phpPkgName}";
+        value = {
+          root = wwwRoot;
+          extraConfig = ''
+            rewrite ^/${phpPkgName}(.*)$ /$1 break;
+
+            include ${pkgs.nginx}/conf/fastcgi_params;
+            include ${pkgs.nginx}/conf/fastcgi.conf;
+            fastcgi_pass  unix:${config.services.phpfpm.pools.${phpPkgName}.socket};
+            fastcgi_index index.php;
+            fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
+            fastcgi_param SCRIPT_FILENAME ${wwwRoot}$fastcgi_script_name;
+          '';
+        };
+      };
+    in
+      builtins.listToAttrs (map f phpPkgNames);
+in
+{
+  nixpkgs.config.permittedInsecurePackages = [
+    "openssl-1.1.1v"
+  ];
+
+  services = {
+    phpfpm.pools = phpPools;
+    nginx = {
+      enable = true;
+      virtualHosts.localhost.locations = nginxLocations;
+    };
+  };
+  users.users.php = {
+    isSystemUser = true;
+    group  = "php";
+  };
+  users.groups.php = {};
+}

nginx-php.nix

@@ -0,0 +1,13 @@
+{ config, modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ];
+
+  virtualisation.forwardPorts = [
+    { from = "host"; host.port = 8080; guest.port = 80; }
+  ];
+
+  networking.firewall.enable = false;
+
+  users.users.root.initialPassword = "";
+}

qemu-vm.nix

@@ -0,0 +1,6 @@
+<?php
+
+phpinfo();
+phpinfo(INFO_MODULES);
+
+?>