From be33c95c83d90a1ec325010e0cc40e1a45a49b3a Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Mon, 11 May 2026 21:10:58 +0900
Subject: [PATCH] bekkalokk/website: more logging, specify timeouts, ban spooky
 funcs, fake sendmail

---
 hosts/bekkalokk/services/website/default.nix | 33 +++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)

diff --git a/hosts/bekkalokk/services/website/default.nix b/hosts/bekkalokk/services/website/default.nix
index 9a35cb6..56abdf5 100644
--- a/hosts/bekkalokk/services/website/default.nix
+++ b/hosts/bekkalokk/services/website/default.nix
@@ -80,9 +80,40 @@ in {
   };
 
   services.phpfpm.pools."pvv-nettsiden".settings = {
-    # "php_admin_value[error_log]" = "stderr";
+    "php_admin_value[error_log]" = "syslog";
     "php_admin_flag[log_errors]" = true;
     "catch_workers_output" = true;
+
+    "php_admin_value[max_execution_time]" = "30";
+    "request_terminate_timeout" = "60s";
+
+    "php_admin_value[sendmail_path]" = let
+      fakeSendmail = pkgs.writeShellApplication {
+        name = "fake-sendmail";
+        text = ''
+          TIMESTAMP="$(date +%Y-%m-%d-%H-%M-%S-%N)"
+          (
+            echo "SENDMAIL ARGS:"
+            echo "$@"
+            echo "SENDMAIL STDIN:"
+            cat -
+          ) > "/var/lib/pvv-nettsiden/emails/$TIMESTAMP.mail"
+        '';
+      };
+    in lib.getExe fakeSendmail;
+
+    "php_admin_value[disable_functions]" = lib.concatStringsSep "," [
+      "curl_exec"
+      "curl_multi_exec"
+      "exec"
+      "parse_ini_file"
+      "passthru"
+      "popen"
+      "proc_open"
+      "shell_exec"
+      "show_source"
+      "system"
+    ];
   };
 
   services.nginx.virtualHosts."pvv.ntnu.no" = {