redox/config/x86_64/server-demo.toml

# Configuration for server stack demonstration

include = ["../server.toml"]

# General settings
[general]
# Filesystem size in MiB
filesystem_size = 4096

# Package settings
[packages]
# Daemons
openssh = {}
nginx = {}
rustysd = {}

# Backends
php84 = {}
composer = {}
luajit = {}
python312 = {}
# go = {}
# zig = {}

# Tools
nano = {}
neovim = {}
rsync = {}
vim = {}
sqlite3 = {}
# tmux = {}
htop = {}

# Content
website = {}


[[files]]
path = "/usr/lib/init.d/98_keygen_sh"
data = """
requires_weak 10_net
bash /root/keygen.sh
"""

[[files]]
path = "/usr/lib/init.d/99_rustysd"
data = """
requires_weak 98_keygen_sh
# Undocumented usage of rsdctl, pointing to notifications dir
RSDCTL_ADDR=/var/run/rustysd/control.socket rustysd --conf /etc/rustysd
"""

[[files]]
path = "/etc/rustysd/system/network-online.target"
data = """
[Unit]
Description=The target after networks has online

[Install]
WantedBy=default.target
"""

[[files]]
path = "/etc/rustysd/system/multi-user.target"
data = """
[Unit]
Description=The target after user administrations has online

[Install]
WantedBy=default.target
"""

[[files]]
path = "/etc/rustysd/system/nginx.service"
data = """
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network-online.target

[Service]
Type=simple
ExecStart=/usr/bin/nginx -g "daemon off;"

[Install]
WantedBy=multi-user.target
"""


[[files]]
path = "/etc/rustysd/system/ssh.service"
data = """
[Unit]
Description=OpenBSD Secure Shell server
After=network-online.target

[Service]
Type=simple
ExecStart=/usr/bin/sshd -D

[Install]
WantedBy=multi-user.target
"""



[[files]]
path = "/etc/rustysd/system/php.service"
data = """
[Unit]
Description=OpenBSD Secure Shell server
After=network-online.target

[Service]
Type=simple
# currently php-fpm not that quite work
ExecStart=env PWD=/var/www/html php -S localhost:9000
# ExecStart=/usr/bin/php-fpm --fpm-config /etc/php/84/php-fpm.conf  --nodaemonize

[Install]
WantedBy=multi-user.target
"""

[[files]]
path = "/var/www/html/index.php"
data = """
<?php

echo "Hello from PHP on Redox!";
"""

[[files]]
path = "/var/www/html/phpinfo.php"
data = """
<?php phpinfo();
"""


[[files]]
path = "/var/www/html/README"
data = """
This is a demonstration into PHP server.

At the moment to run composer you have to run it like:
> php /bin/composer install
"""

[[files]]
postinstall = true
data = ""
path = "/etc/nginx/conf.d"
directory = true

[[files]]
postinstall = true
path = "/etc/nginx/nginx.conf"
data = """
user nginx;

# currently nginx does a lot spin locking for some reason
worker_processes 1;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

events {
    worker_connections 1024;
}
http {
    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';
    access_log /var/log/nginx/access.log main;

    include       mime.types;
    include       fastcgi.conf;
    default_type  application/octet-stream;

    include /etc/nginx/conf.d/*.conf;
}
"""

[[files]]
postinstall = true
path = "/etc/nginx/conf.d/localhost.conf"
data = """
server {
    listen       80;
    server_name  localhost;
    root   /usr/share/website;
    absolute_redirect off;

    location / {
        index  index.html index.htm;
    }
}
"""

[[files]]
postinstall = true
path = "/etc/nginx/conf.d/php-www.conf"
data = """
server {
    listen 8081;
    server_name localhost;
    root /var/www/html;

    index index.php index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
    }

    location ~ \\.php$ {
# because we're not using PHP FPM (see rustysd php.service)
#       include fastcgi_params;
#       fastcgi_pass 127.0.0.1:9000;
#       fastcgi_index index.php;
#       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        proxy_pass http://127.0.0.1:9000;
    }
}
"""

[[files]]
postinstall = true
path = "/etc/php/84/php-fpm.conf"
data = """

error_log=/var/log/php-fpm.log
include=/etc/php/84/php-fpm.d/*.conf
"""

[[files]]
postinstall = true
path = "/etc/php/84/php-fpm.d/www.conf"
data = """
[www]
user = user
group = user
listen = 127.0.0.1:9000
pm = static
pm.max_children = 1
"""

[[files]]
postinstall = true
path = "/etc/ssh/sshd_config"
data = """
Port 22
AddressFamily inet
AuthorizedKeysFile	.ssh/authorized_keys
PermitRootLogin yes
PasswordAuthentication yes
PermitEmptyPasswords yes
Subsystem	sftp	/usr/libexec/sftp-server
"""

[users.nobody]
password = ""
shell = "/usr/bin/ion" #TODO: nologin?

[users.nginx]
password = ""
shell = "/usr/bin/ion" #TODO: nologin?

[[files]]
path = "/root/keygen.sh"
data = """
#!/usr/bin/env bash

if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ""
ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N ""
ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ""
fi
"""

[[files]]
path = "/home/user/server.sh"
data = """
#!/usr/bin/env bash

/bin/sshd -D &
nginx -g "daemon off;" &
php-fpm --nodaemonize &
"""

[[files]]
path = "/home/user/Welcome.txt"
data = """
##############################################################################
# Welcome to Redox Server Demo!
#
# This is a quick demonstration of Redox used as server stack.
# At the moment we support SSH, NGINX, Python, PHP. There's more to come
#
# This server demo is insecure by design, we encourage you to get familiar into
#   basics of server security if you wish to use this as a production server.
#
# There should be rustysd already running, if not, you can try start it manually
# > sudo rustysd --conf /etc/rustysd
#
# You can also try running all daemons manually
# > sudo bash server.sh
#
# The server will start port 22 (ssh), 80 (static web) and 8081 (php)
# If you use the Redox OS build system, starting QEMU with `net=redir`
#   should expose those port to 8022, 8080 and 8081.
# Try logging in to console via SSH with `ssh user@localhost -p 8022`
#
##############################################################################
"""