From 96edb8a4bac22b024ff063a9293ff41341c2b700 Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Fri, 30 Jan 2026 02:04:19 +0900
Subject: [PATCH] WIP

---
 hosts/temmie/services/nfs-mounts.nix |  2 +-
 hosts/temmie/services/userweb.nix    | 98 ++++++++++++++++++++++++++--
 2 files changed, 94 insertions(+), 6 deletions(-)

diff --git a/hosts/temmie/services/nfs-mounts.nix b/hosts/temmie/services/nfs-mounts.nix
index dd3b751..11d1e56 100644
--- a/hosts/temmie/services/nfs-mounts.nix
+++ b/hosts/temmie/services/nfs-mounts.nix
@@ -1,7 +1,7 @@
 { lib, values, ... }:
 let
   # See microbel:/etc/exports
-  letters = [ "a" "b" "c" "d"  "h" "i" "j" "k" "l" "m" "z" ];
+  letters = [ "a" "b" "c" "d" "h" "i" "j" "k" "l" "m" "z" ];
 in
 {
   systemd.targets."pvv-homedirs" = {
diff --git a/hosts/temmie/services/userweb.nix b/hosts/temmie/services/userweb.nix
index 3cfcebb..85b54e2 100644
--- a/hosts/temmie/services/userweb.nix
+++ b/hosts/temmie/services/userweb.nix
@@ -1,27 +1,115 @@
-{ ... }:
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.services.httpd;
+
+  # https://nixos.org/manual/nixpkgs/stable/#ssec-php-user-guide-installing-with-extensions
+  phpEnv = pkgs.php.buildEnv {
+    extensions = { all, ... }: with all; [
+      imagick
+      opcache
+    ];
+
+    extraConfig = ''
+      display_errors=0
+      post_max_size = 40M
+      upload_max_filesize = 40M
+      extension=sysvsem.so
+    '';
+  };
+
+  perlEnv = pkgs.perl.withPackages (ps: with ps; [
+    TextPDF
+  ]);
+
+  # https://nixos.org/manual/nixpkgs/stable/#python.buildenv-function
+  pythonEnv = pkgs.python3.buildEnv.override {
+    extraLibs = with pkgs.python3Packages; [
+      matplotlib
+      requests
+    ];
+    ignoreCollisions = true;
+  };
+
+  # https://nixos.org/manual/nixpkgs/stable/#sec-building-environment
+  fhsEnv = pkgs.buildEnv {
+    name = "userweb-env";
+    paths = with pkgs; [
+      bash
+
+      perlEnv
+      phpEnv
+      pythonEnv
+
+      gnuplot
+    ];
+  };
+in
 {
   services.httpd = {
     enable = true;
+    adminAddr = "drift@pvv.ntnu.no";
 
-    # extraModules = [];
+    enablePHP = true;
+    phpPackage = phpEnv;
+
+    enablePerl = true;
+
+    extraModules = [
+      "userdir"
+      # TODO: I think the compilation steps of pkgs.apacheHttpdPackages.mod_perl might have some
+      #       incorrect or restrictive assumptions upstream, either nixpkgs or source
+      # {
+      #   name = "perl";
+      #   path = let
+      #     mod_perl = pkgs.apacheHttpdPackages.mod_perl.override {
+      #       apacheHttpd = cfg.package.out;
+      #       perl = perlEnv;
+      #     };
+      #   in "${mod_perl}/modules/mod_perl.so";
+      # }
+    ];
 
     # virtualHosts."userweb.pvv.ntnu.no" = {
     virtualHosts."temmie.pvv.ntnu.no" = {
-
       forceSSL = true;
       enableACME = true;
+
+      extraConfig = ''
+        UserDir /home/pvv-merged/*/web-docs
+        UserDir disabled root
+        UserDir enabled oysteikt
+        AddHandler cgi-script .cgi
+
+        <Directory "/home/pvv-merged/*/web-docs">
+          Options MultiViews Indexes SymLinksIfOwnerMatch ExecCGI IncludesNoExec
+          AllowOverride All
+          Require all granted
+        </Directory>
+      '';
     };
   };
 
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+
   systemd.services.httpd = {
     after = [ "pvv-homedirs.target" ];
     requires = [ "pvv-homedirs.target" ];
 
     serviceConfig = {
       ProtectHome = "tmpfs";
+      RootDirectory = fhsEnv;
+      BindReadOnlyPaths = [
+        builtins.storeDir
+        "/etc"
+      ];
       BindPaths = let
-        letters = [ "a" "b" "c" "d"  "h" "i" "j" "k" "l" "m" "z" ];
-      in map (l: "/run/pvv-home-mounts/${l}:/home/pvv/${l}") letters;
+        homeLetters = [ "a" "b" "c" "d" "h" "i" "j" "k" "l" "m" "z" ];
+      in (map (l: "/run/pvv-home-mounts/${l}:/home/pvv/${l}") homeLetters) ++ [
+        "/run/pvv-home-mounts-merged:/home/pvv-merged/"
+      ];
     };
   };