From 3b30956d9e5fd25bbfa3b54610af1f7866b1d2e8 Mon Sep 17 00:00:00 2001
From: emily <ek@kyouma.net>
Date: Tue, 9 Jan 2024 17:02:32 +0100
Subject: [PATCH] added fernglas

---
 config/hosts/web02/configuration.nix | 50 +++++++++++-----------------
 flake.nix                            |  2 ++
 2 files changed, 22 insertions(+), 30 deletions(-)

diff --git a/config/hosts/web02/configuration.nix b/config/hosts/web02/configuration.nix
index c79e5cb..2d004bd 100644
--- a/config/hosts/web02/configuration.nix
+++ b/config/hosts/web02/configuration.nix
@@ -1,5 +1,6 @@
-{ config, pkgs, lib, ... }: 
+{ config, inputs, pkgs, lib, ... }: 
 let 
+  bmpPort = 11019;
   extraConfig = ''
     add_header Strict-Transport-Security 	$hsts_header;
     #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
@@ -17,7 +18,7 @@ let
 in { 
   networking = {
     hostName = "web02";
-    firewall.allowedTCPPorts = [ 80 443 ];
+    firewall.allowedTCPPorts = [ 80 443 bmpPort ];
     firewall.allowedUDPPorts = [ 443 ];
   };
   systemd.network.networks."98-eth-default" = {
@@ -32,23 +33,22 @@ in {
     group = "lg";
   };
   users.groups."lg" = {};
-  services.phpfpm.pools."lg" = {
-    user = "lg";
-    settings = {
-      "listen.owner" = config.services.nginx.user;
-      "pm" = "dynamic";
-      "pm.max_children" = 32;
-      "pm.max_requests" = 500;
-      "pm.start_servers" = 2;
-      "pm.min_spare_servers" = 2;
-      "pm.max_spare_servers" = 5;
-      "php_admin_value[error_log]" = "stderr";
-      "php_admin_flag[log_errors]" = true;
-      "catch_workers_output" = true;
-    };
-    phpEnv."PATH" = lib.makeBinPath [ pkgs.php ];
-  };
   services.vnstat.enable = true;
+  services.fernglas = {
+    enable = true;
+    settings = {
+      api.bind = "[::1]:3000";
+      collectors = {
+        bmp_collector = {
+          collector_type = "Bmp";
+          bind = "[::]:${toString bmpPort}";
+          peers = {
+            "45.150.123.0" = {};
+          };
+        };
+      }; 
+    };
+  };
   services.nginx = {
     package = pkgs.nginxQuic;
     enable = true;
@@ -106,19 +106,9 @@ in {
         };
       };
       "lg.kyouma.net" = {
-        root = "/var/www/lg.kyouma.net";
         useACMEHost = "kyouma.net";
-        locations."/".tryFiles = "$uri /$uri /index.php$is_args$args";
-        locations."~ \\.php$".extraConfig = ''
-          fastcgi_split_path_info ^(.+\.php)(/.+)$;
-          fastcgi_pass unix:${config.services.phpfpm.pools.lg.socket};
-          fastcgi_index index.php;
-          fastcgi_buffering on;
-          fastcgi_buffer_size 1k;
-          fastcgi_buffers 128 1k;
-          include ${pkgs.nginxQuic}/conf/fastcgi_params;
-          include ${pkgs.nginxQuic}/conf/fastcgi.conf;
-        '';
+        locations."/".root = inputs.fernglas.packages.${config.nixpkgs.hostPlatform.system}.fernglas-frontend;
+        locations."/api/".proxyPass = "http://${config.services.fernglas.settings.api.bind}";
       };
     };
   };
diff --git a/flake.nix b/flake.nix
index b1e6228..6e2f51a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -3,6 +3,7 @@
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
     nixos-hardware.url = "github:nixos/nixos-hardware";
+    fernglas.url = "github:wobcom/fernglas";
   };
 
   outputs = { self, nixpkgs, nixos-hardware, ... }@attrs: {
@@ -11,6 +12,7 @@
         system = "x86_64-linux";
         specialArgs = attrs;
         modules = [
+          fernglas.nixosModules.default
           ./config/common
           ./config/lxc.nix
           ./config/hosts/web02/configuration.nix