From 940f18341ee8f1e86a18a3488c41b5bbef909cd1 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Tue, 1 Jan 2019 19:18:08 +0100
Subject: [PATCH] Move packages to specific files

---
 virtual/packages.nix                          | 515 +-----------------
 virtual/packages/adminer.nix                  |  62 +++
 virtual/packages/connexionswing.nix           | 170 ++++++
 .../{ => packages}/connexionswing_master.json |   0
 .../nextcloud-config}/mimetypealiases.json    |   0
 .../nextcloud-config}/mimetypemapping.json    |   0
 virtual/packages/nextcloud.nix                | 260 +++++++++
 virtual/packages/ympd.nix                     |  36 ++
 8 files changed, 532 insertions(+), 511 deletions(-)
 create mode 100644 virtual/packages/adminer.nix
 create mode 100644 virtual/packages/connexionswing.nix
 rename virtual/{ => packages}/connexionswing_master.json (100%)
 rename virtual/{nextcloudConfig => packages/nextcloud-config}/mimetypealiases.json (100%)
 rename virtual/{nextcloudConfig => packages/nextcloud-config}/mimetypemapping.json (100%)
 create mode 100644 virtual/packages/nextcloud.nix
 create mode 100644 virtual/packages/ympd.nix

diff --git a/virtual/packages.nix b/virtual/packages.nix
index a80c29c..3cfa9b6 100644
--- a/virtual/packages.nix
+++ b/virtual/packages.nix
@@ -1,517 +1,10 @@
 with import ../libs.nix;
 with nixpkgs_unstable;
 let
-  connexionswing = { environment ? "dev" }: rec {
-    varDir = "/var/lib/connexionswing_${environment}";
-    envName= lib.strings.toUpper environment;
-    configRoot =
-      # FIXME: spool emails in prod for when immae.eu is down?
-      assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_PASSWORD";
-      assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_USER";
-      assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_NAME";
-      assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_SECRET";
-      assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_EMAIL";
-      pkgs.writeText "parameters.yml" ''
-        # This file is auto-generated during the composer install
-        parameters:
-            database_host: db-1.immae.eu
-            database_port: null
-            database_name: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_NAME"}
-            database_user: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_USER"}
-            database_password: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_PASSWORD"}
-            mailer_transport: smtp
-            mailer_host: mail.immae.eu
-            mailer_user: null
-            mailer_password: null
-            subscription_email: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_EMAIL"}
-            allow_robots: true
-            secret: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_SECRET"}
-      '';
-    phpFpm = rec {
-      socket = "/var/run/phpfpm/connexionswing-${environment}.sock";
-      pool = ''
-        listen = ${socket}
-        user = ${apache.user}
-        group = ${apache.group}
-        listen.owner = ${apache.user}
-        listen.group = ${apache.group}
-        php_admin_value[upload_max_filesize] = 20M
-        php_admin_value[post_max_size] = 20M
-        ;php_admin_flag[log_errors] = on
-        php_admin_value[open_basedir] = "${configRoot}:${webappDir}:${varDir}:/tmp"
-        ${if environment == "dev" then ''
-        pm = ondemand
-        pm.max_children = 5
-        pm.process_idle_timeout = 60
-        env[SYMFONY_DEBUG_MODE] = "yes"
-        '' else ''
-        pm = dynamic
-        pm.max_children = 20
-        pm.start_servers = 2
-        pm.min_spare_servers = 1
-        pm.max_spare_servers = 3
-        ''}'';
-    };
-    apache = {
-      user = "wwwrun";
-      group = "wwwrun";
-      modules = [ "proxy_fcgi" ];
-      vhostConf = ''
-      <FilesMatch "\.php$">
-        SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
-      </FilesMatch>
-
-      <Directory ${varDir}/medias>
-        Options FollowSymLinks
-        AllowOverride None
-        Require all granted
-      </Directory>
-
-      <Directory ${varDir}/uploads>
-        Options FollowSymLinks
-        AllowOverride None
-        Require all granted
-      </Directory>
-
-      ${if environment == "dev" then ''
-      <Location />
-        Use LDAPConnect
-        Require ldap-group   cn=connexionswing.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
-        ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://connexionswing.com\"></html>"
-      </Location>
-
-      <Directory ${webRoot}>
-        Options Indexes FollowSymLinks MultiViews Includes
-        AllowOverride None
-        Require all granted
-
-        DirectoryIndex app_dev.php
-
-        <IfModule mod_negotiation.c>
-        Options -MultiViews
-        </IfModule>
-
-        <IfModule mod_rewrite.c>
-          RewriteEngine On
-
-          RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
-          RewriteRule ^(.*) - [E=BASE:%1]
-
-          # Maintenance script
-          RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f
-          RewriteCond %{SCRIPT_FILENAME} !maintenance.php
-          RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]
-          ErrorDocument 503 /maintenance.php
-
-          # Sets the HTTP_AUTHORIZATION header removed by Apache
-          RewriteCond %{HTTP:Authorization} .
-          RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
-
-          RewriteCond %{ENV:REDIRECT_STATUS} ^$
-          RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
-
-          # If the requested filename exists, simply serve it.
-          # We only want to let Apache serve files and not directories.
-          RewriteCond %{REQUEST_FILENAME} -f
-          RewriteRule ^ - [L]
-
-          # Rewrite all other queries to the front controller.
-          RewriteRule ^ %{ENV:BASE}/app_dev.php [L]
-        </IfModule>
-
-      </Directory>
-      '' else ""}
-      '';
-    };
-    activationScript = {
-      deps = [ "wrappers" ];
-      text = ''
-      install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
-        ${varDir}/medias \
-        ${varDir}/uploads \
-        ${varDir}/var
-      if [ ! -f "${varDir}/currentWebappDir" -o \
-          "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then
-        pushd ${webappDir} > /dev/null
-        $wrapperDir/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup
-        popd > /dev/null
-        echo -n "${webappDir}" > ${varDir}/currentWebappDir
-      fi
-      '';
-    };
-    webappDir = pkgs.stdenv.mkDerivation (fetchedGitPrivate ./connexionswing_master.json // rec {
-      # FIXME: can we do better than symlink?
-      # FIXME: imagick optional
-      # FIXME: initial sync
-      # FIXME: backup
-      buildPhase = ''
-        export GIT_SSL_CAINFO=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
-        export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
-
-        ln -sf ../../../../../${varDir}/{medias,uploads} web/images/
-        ln -sf ${configRoot} app/config/parameters.yml
-        ${if environment == "dev" then "php bin/composer install" else ''
-        SYMFONY_ENV=prod php bin/composer install --no-dev
-        ./bin/console assetic:dump --env=prod --no-debug
-        ''}
-        rm -rf var
-        ln -sf ../../../../../${varDir}/var var
-        '';
-      installPhase = ''
-        cp -a . $out
-        '';
-      buildInputs = [
-        pkgs.php pkgs.git pkgs.cacert
-      ];
-    });
-    webRoot = "${webappDir}/web";
-  };
-
-  nextcloud = let
-    # FIXME: initial sync
-    # FIXME: backup
-    buildApp = { appName, version, url, sha256, installPhase ? "mkdir -p $out && cp -R . $out/" }:
-      pkgs.stdenv.mkDerivation rec {
-        name = "nextcloud-app-${appName}-${version}";
-        inherit version;
-        phases = "unpackPhase installPhase";
-        inherit installPhase;
-        src = fetchurl { inherit url sha256; };
-      };
-    apps = {
-      # FIXME: nextcloud complains that he cannot write into config
-      # directory when an app needs upgrade
-      # /!\ Attention, just changing the version number is not
-      # sufficient when the downloaded file doesn’t contain the version
-      # number in it, sha256 needs to be recomputed
-      audioplayer = buildApp rec {
-        appName = "audioplayer";
-        version = "2.5.0";
-        url = "https://github.com/Rello/${appName}/releases/download/${version}/${appName}-${version}.tar.gz";
-        sha256 = "1pg4y51cv3agy28n4gfc8i7x1ya1yijxrmhpblm1n846vhmwdcm8";
-      };
-      bookmarks = buildApp rec {
-        appName = "bookmarks";
-        version = "0.14.3";
-        url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}-${version}.tar.gz";
-        sha256 = "0s7lkcl70izlkihnml1par0cac0wvckllyyga3jkb7k9vdg7d40c";
-      };
-      calendar = buildApp rec {
-        appName = "calendar";
-        version = "1.6.4";
-        url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz";
-        sha256 = "00dijvcvy7snsjslfbyzvpp9anhms22zp1f0zkj89ln33jmana63";
-      };
-      contacts = buildApp rec {
-        appName = "contacts";
-        version = "3.0.0";
-        url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz";
-        sha256 = "0fafy5kgzr5ldr3hxxxgmnw4y3qpjnv5ha1f1dlmqbc65s8frw7s";
-      };
-      deck = buildApp rec {
-        appName = "deck";
-        version = "0.5.2";
-        url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz";
-        sha256 = "1kygzixxdkp3dbma009p3pw0fj8wgcqcv39n7pay78lh6zi3nic7";
-      };
-      files_markdown = buildApp rec {
-        appName = "files_markdown";
-        version = "2.0.5";
-        url = "https://github.com/icewind1991/${appName}/releases/download/v${version}/${appName}.tar.gz";
-        sha256 = "1dzvy4c6vff2qmkwqw13dx92xdkafaxgnipswjw44mh0ncc2n9ym";
-      };
-      gpxedit = buildApp rec {
-        appName = "gpxedit";
-        version = "0.0.10";
-        url = "https://gitlab.com/eneiluj/gpxedit-oc/wikis/uploads/33d187268c5f6f6a55350d656305701c/${appName}-${version}.tar.gz";
-        sha256 = "0ynpaxm0xhvcj8xax6rm1w0p6j57wbqidhi7bhn268n483gwl2sw";
-      };
-      gpxpod = buildApp rec {
-        appName = "gpxpod";
-        version = "3.0.0";
-        url = "https://gitlab.com/eneiluj/gpxpod-oc/-/archive/v${version}/${appName}-oc-v${version}.tar.gz";
-        sha256 = "0smpi4r3z7zfl1612fb30cwm1xmpiq95c81zzqiwzjf288iys74k";
-      };
-      keeweb = buildApp rec {
-        appName = "keeweb";
-        version = "0.4.0";
-        url = "https://github.com/jhass/nextcloud-keeweb/releases/download/v${version}/${appName}-${version}.tar.gz";
-        sha256 = "0453kkb0a8vfivmibpwpx4bvhyn64jhns6cdfjacmnvbm6d75nj1";
-      };
-      notes = buildApp rec {
-        appName = "notes";
-        version = "2.5.1";
-        url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz";
-        sha256 = "1albzqqsdirzyw8vhvs7r0qm2wqp8vm9vmxm4crhncd85bk01hmh";
-      };
-      ocsms = buildApp rec {
-        appName = "ocsms";
-        version = "2.1.0";
-        url = "https://github.com/nextcloud/${appName}/releases/download/${version}/${appName}-${version}.tar.gz";
-        sha256 = "19xgs82js4sdf6j9478vg9li7za7csvcaa1hbq9nmrq441sbxk9c";
-      };
-      spreed = buildApp rec {
-        appName = "spreed";
-        version = "5.0.0";
-        url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}-${version}.tar.gz";
-        sha256 = "1d48mak1fnf1b28r2687yqamm4pxfg3qyxcj9ny31a6xg2cm0xa7";
-      };
-      tasks = buildApp rec {
-        appName = "tasks";
-        version = "0.9.8";
-        url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz";
-        sha256 = "089m124lfsfk09fqj50x9n7zndq97jp5afgb8s001rpmzym4g6ny";
-      };
-    };
-  in rec {
-    varDir = "/var/lib/nextcloud";
-    config_php =
-      assert checkEnv "NIXOPS_NEXTCLOUD_PASSWORD_SALT";
-      assert checkEnv "NIXOPS_NEXTCLOUD_DB_USER";
-      assert checkEnv "NIXOPS_NEXTCLOUD_DB_PASSWORD";
-      assert checkEnv "NIXOPS_NEXTCLOUD_INSTANCE_ID";
-      assert checkEnv "NIXOPS_NEXTCLOUD_SECRET";
-      assert checkEnv "NIXOPS_NEXTCLOUD_REDIS_DB_INDEX";
-      pkgs.writeText "config.php" ''
-      <?php
-      $CONFIG = array (
-        'instanceid' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_INSTANCE_ID"}',
-        'datadirectory' => '/var/lib/nextcloud/',
-        'passwordsalt' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_PASSWORD_SALT"}',
-        'debug' => false,
-        'dbtype' => 'pgsql',
-        'version' => '15.0.0.10',
-        'dbname' => 'webapps',
-        'dbhost' => '/tmp',
-        'dbtableprefix' => 'oc_',
-        'dbuser' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_DB_USER"}',
-        'dbpassword' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_DB_PASSWORD"}',
-        'installed' => true,
-        'maxZipInputSize' => 0,
-        'allowZipDownload' => true,
-        'forcessl' => true,
-        'theme' => ${"''"},
-        'maintenance' => false,
-        'trusted_domains' =>
-        array (
-          0 => 'cloud.immae.eu',
-        ),
-        'secret' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_SECRET"}',
-        'appstoreenabled' => false,
-        'appstore.experimental.enabled' => true,
-        'loglevel' => 0,
-        'trashbin_retention_obligation' => 'auto',
-        'htaccess.RewriteBase' => '/',
-        'mail_smtpmode' => 'smtp',
-        'mail_smtphost' => 'mail.immae.eu',
-        'mail_smtpname' => ${"''"},
-        'mail_smtppassword' => ${"''"},
-        'mail_from_address' => 'owncloud',
-        'mail_smtpauth' => false,
-        'mail_domain' => 'immae.eu',
-        'memcache.local' => '\\OC\\Memcache\\APCu',
-        'memcache.locking' => '\\OC\\Memcache\\Redis',
-        'filelocking.enabled' => true,
-        'redis' =>
-        array (
-          'host' => 'localhost',
-          'port' => 6379,
-          'dbindex' => ${builtins.getEnv "NIXOPS_NEXTCLOUD_REDIS_DB_INDEX"},
-        ),
-        'overwrite.cli.url' => 'https://cloud.immae.eu',
-        'ldapIgnoreNamingRules' => false,
-        'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory',
-        'config_is_read_only' => true,
-      );
-      '';
-    config = stdenv.mkDerivation rec {
-      name = "nextcloud-config";
-      src = ./nextcloudConfig;
-      phases = "installPhase";
-      installPhase = ''
-        mkdir -p $out
-        cp -r $src/* $out
-        cp ${config_php} $out/config.php
-      '';
-    };
-    webRoot = stdenv.mkDerivation rec {
-      name = "nextcloud-${version}";
-      version = "15.0.0";
-
-      src = fetchurl {
-        url = "https://download.nextcloud.com/server/releases/${name}.tar.bz2";
-        sha256 = "0y7bk1588n5rmmranmmrkajh50074460hr4v052ahg9mf60wbc2v";
-      };
-
-      installPhase = ''
-        mkdir -p $out/
-        cp -R . $out/
-        rm -r $out/config
-        ln -sf ${config} $out/config
-        ${builtins.concatStringsSep "\n" (
-          pkgs.lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/apps/${name}") apps
-        )}
-      '';
-
-      meta = {
-        description = "Sharing solution for files, calendars, contacts and more";
-        homepage = https://nextcloud.com;
-        maintainers = with stdenv.lib.maintainers; [ schneefux bachp globin fpletz ];
-        license = stdenv.lib.licenses.agpl3Plus;
-        platforms = with stdenv.lib.platforms; unix;
-      };
-    };
-    activationScript = {
-      deps = [ ];
-      text = ''
-        install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}
-      '';
-    };
-    apache = {
-      user = "wwwrun";
-      group = "wwwrun";
-      modules = [ "proxy_fcgi" ];
-      vhostConf = ''
-        <Directory ${webRoot}>
-          AcceptPathInfo On
-          DirectoryIndex index.php
-          Options FollowSymlinks
-          Require all granted
-          AllowOverride all
-
-          <IfModule mod_headers.c>
-            Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
-          </IfModule>
-          <FilesMatch "\.php$">
-            CGIPassAuth on
-            SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
-          </FilesMatch>
-
-        </Directory>
-
-        '';
-    };
-    phpFpm = rec {
-      basedir = builtins.concatStringsSep ":" (
-        [ webRoot varDir config ]
-        ++ pkgs.lib.attrsets.mapAttrsToList (name: value: value) apps);
-      socket = "/var/run/phpfpm/nextcloud.sock";
-      pool = ''
-        listen = ${socket}
-        user = ${apache.user}
-        group = ${apache.group}
-        listen.owner = ${apache.user}
-        listen.group = ${apache.group}
-        pm = ondemand
-        pm.max_children = 60
-        pm.process_idle_timeout = 60
-
-        php_admin_value[output_buffering] = 0
-        php_admin_value[max_execution_time] = 1800
-        php_admin_value[zend_extension] = "opcache"
-        ;php_value[opcache.enable] = 1
-        php_value[opcache.enable_cli] = 1
-        php_value[opcache.interned_strings_buffer] = 8
-        php_value[opcache.max_accelerated_files] = 10000
-        php_value[opcache.memory_consumption] = 128
-        php_value[opcache.save_comments] = 1
-        php_value[opcache.revalidate_freq] = 1
-        php_admin_value[memory_limit] = 512M
-
-        php_admin_value[open_basedir] = "${basedir}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp"
-        '';
-    };
-  };
-
-  adminer = rec {
-    webRoot = pkgs.stdenv.mkDerivation rec {
-      version = "4.7.0";
-      name = "adminer-${version}";
-      src = pkgs.fetchurl {
-        url = "https://www.adminer.org/static/download/${version}/${name}.php";
-        sha256 = "1qq2g7rbfh2vrqfm3g0bz0qs057b049n0mhabnsbd1sgnpvnc5z7";
-      };
-      phases = "installPhase";
-      installPhase = ''
-        mkdir -p $out
-        cp $src $out/index.php
-      '';
-    };
-    phpFpm = rec {
-      socket = "/var/run/phpfpm/adminer.sock";
-      pool = ''
-        listen = ${socket}
-        user = ${apache.user}
-        group = ${apache.group}
-        listen.owner = ${apache.user}
-        listen.group = ${apache.group}
-        pm = ondemand
-        pm.max_children = 5
-        pm.process_idle_timeout = 60
-        ;php_admin_flag[log_errors] = on
-        php_admin_value[open_basedir] = "${webRoot}:/tmp"
-        '';
-    };
-    apache = {
-      user = "wwwrun";
-      group = "wwwrun";
-      modules = [ "proxy_fcgi" ];
-      vhostConf = ''
-        Alias /adminer ${webRoot}
-        <Directory ${webRoot}>
-          DirectoryIndex = index.php
-          <FilesMatch "\.php$">
-            SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
-          </FilesMatch>
-        </Directory>
-        '';
-    };
-    nginxConf = {
-      alias = webRoot;
-      index = "index.php";
-      extraConfig = ''
-        include ${pkgs.nginx}/conf/fastcgi.conf;
-        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
-        fastcgi_param HTTP_PROXY "";
-        fastcgi_param SCRIPT_FILENAME ${webRoot}/index.php;
-        fastcgi_pass unix:${phpFpm.socket};
-        fastcgi_index index.php;
-        fastcgi_intercept_errors on;
-        '';
-    };
-  };
-
-  ympd = rec {
-    config = {
-      webPort = "localhost:18001";
-      mpd = {
-        host = "malige.home.immae.eu";
-        port = 6600;
-      };
-    };
-    apache = {
-      modules = [
-        "proxy_wstunnel"
-        ];
-      vhostConf = ''
-        <LocationMatch "^/mpd">
-          Use LDAPConnect
-          Require ldap-group   cn=users,cn=mpd,ou=services,dc=immae,dc=eu
-          Require local
-        </LocationMatch>
-
-        RedirectMatch permanent "^/mpd$" "/mpd/"
-        <Location "/mpd/">
-          ProxyPass http://${config.webPort}/
-          ProxyPassReverse http://${config.webPort}/
-          ProxyPreserveHost on
-        </Location>
-        <Location "/mpd/ws">
-          ProxyPass ws://${config.webPort}/ws
-        </Location>
-      '';
-    };
-  };
+  connexionswing = import ./packages/connexionswing.nix;
+  nextcloud = import ./packages/nextcloud.nix;
+  adminer = import ./packages/adminer.nix;
+  ympd = import ./packages/ympd.nix;
 in
   {
     inherit adminer;
diff --git a/virtual/packages/adminer.nix b/virtual/packages/adminer.nix
new file mode 100644
index 0000000..35fa791
--- /dev/null
+++ b/virtual/packages/adminer.nix
@@ -0,0 +1,62 @@
+with import ../../libs.nix;
+with nixpkgs_unstable;
+let
+  adminer = rec {
+    webRoot = pkgs.stdenv.mkDerivation rec {
+      version = "4.7.0";
+      name = "adminer-${version}";
+      src = pkgs.fetchurl {
+        url = "https://www.adminer.org/static/download/${version}/${name}.php";
+        sha256 = "1qq2g7rbfh2vrqfm3g0bz0qs057b049n0mhabnsbd1sgnpvnc5z7";
+      };
+      phases = "installPhase";
+      installPhase = ''
+        mkdir -p $out
+        cp $src $out/index.php
+      '';
+    };
+    phpFpm = rec {
+      socket = "/var/run/phpfpm/adminer.sock";
+      pool = ''
+        listen = ${socket}
+        user = ${apache.user}
+        group = ${apache.group}
+        listen.owner = ${apache.user}
+        listen.group = ${apache.group}
+        pm = ondemand
+        pm.max_children = 5
+        pm.process_idle_timeout = 60
+        ;php_admin_flag[log_errors] = on
+        php_admin_value[open_basedir] = "${webRoot}:/tmp"
+        '';
+    };
+    apache = {
+      user = "wwwrun";
+      group = "wwwrun";
+      modules = [ "proxy_fcgi" ];
+      vhostConf = ''
+        Alias /adminer ${webRoot}
+        <Directory ${webRoot}>
+          DirectoryIndex = index.php
+          <FilesMatch "\.php$">
+            SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+          </FilesMatch>
+        </Directory>
+        '';
+    };
+    nginxConf = {
+      alias = webRoot;
+      index = "index.php";
+      extraConfig = ''
+        include ${pkgs.nginx}/conf/fastcgi.conf;
+        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+        fastcgi_param HTTP_PROXY "";
+        fastcgi_param SCRIPT_FILENAME ${webRoot}/index.php;
+        fastcgi_pass unix:${phpFpm.socket};
+        fastcgi_index index.php;
+        fastcgi_intercept_errors on;
+        '';
+    };
+  };
+in
+  adminer
diff --git a/virtual/packages/connexionswing.nix b/virtual/packages/connexionswing.nix
new file mode 100644
index 0000000..a0f5fa6
--- /dev/null
+++ b/virtual/packages/connexionswing.nix
@@ -0,0 +1,170 @@
+with import ../../libs.nix;
+with nixpkgs_unstable;
+let
+  connexionswing = { environment ? "dev" }: rec {
+    varDir = "/var/lib/connexionswing_${environment}";
+    envName= lib.strings.toUpper environment;
+    configRoot =
+      # FIXME: spool emails in prod for when immae.eu is down?
+      assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_PASSWORD";
+      assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_USER";
+      assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_NAME";
+      assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_SECRET";
+      assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_EMAIL";
+      pkgs.writeText "parameters.yml" ''
+        # This file is auto-generated during the composer install
+        parameters:
+            database_host: db-1.immae.eu
+            database_port: null
+            database_name: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_NAME"}
+            database_user: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_USER"}
+            database_password: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_PASSWORD"}
+            mailer_transport: smtp
+            mailer_host: mail.immae.eu
+            mailer_user: null
+            mailer_password: null
+            subscription_email: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_EMAIL"}
+            allow_robots: true
+            secret: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_SECRET"}
+      '';
+    phpFpm = rec {
+      socket = "/var/run/phpfpm/connexionswing-${environment}.sock";
+      pool = ''
+        listen = ${socket}
+        user = ${apache.user}
+        group = ${apache.group}
+        listen.owner = ${apache.user}
+        listen.group = ${apache.group}
+        php_admin_value[upload_max_filesize] = 20M
+        php_admin_value[post_max_size] = 20M
+        ;php_admin_flag[log_errors] = on
+        php_admin_value[open_basedir] = "${configRoot}:${webappDir}:${varDir}:/tmp"
+        ${if environment == "dev" then ''
+        pm = ondemand
+        pm.max_children = 5
+        pm.process_idle_timeout = 60
+        env[SYMFONY_DEBUG_MODE] = "yes"
+        '' else ''
+        pm = dynamic
+        pm.max_children = 20
+        pm.start_servers = 2
+        pm.min_spare_servers = 1
+        pm.max_spare_servers = 3
+        ''}'';
+    };
+    apache = {
+      user = "wwwrun";
+      group = "wwwrun";
+      modules = [ "proxy_fcgi" ];
+      vhostConf = ''
+      <FilesMatch "\.php$">
+        SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+      </FilesMatch>
+
+      <Directory ${varDir}/medias>
+        Options FollowSymLinks
+        AllowOverride None
+        Require all granted
+      </Directory>
+
+      <Directory ${varDir}/uploads>
+        Options FollowSymLinks
+        AllowOverride None
+        Require all granted
+      </Directory>
+
+      ${if environment == "dev" then ''
+      <Location />
+        Use LDAPConnect
+        Require ldap-group   cn=connexionswing.immae.eu,cn=httpd,ou=services,dc=immae,dc=eu
+        ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://connexionswing.com\"></html>"
+      </Location>
+
+      <Directory ${webRoot}>
+        Options Indexes FollowSymLinks MultiViews Includes
+        AllowOverride None
+        Require all granted
+
+        DirectoryIndex app_dev.php
+
+        <IfModule mod_negotiation.c>
+        Options -MultiViews
+        </IfModule>
+
+        <IfModule mod_rewrite.c>
+          RewriteEngine On
+
+          RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
+          RewriteRule ^(.*) - [E=BASE:%1]
+
+          # Maintenance script
+          RewriteCond %{DOCUMENT_ROOT}/maintenance.php -f
+          RewriteCond %{SCRIPT_FILENAME} !maintenance.php
+          RewriteRule ^.*$ %{ENV:BASE}/maintenance.php [R=503,L]
+          ErrorDocument 503 /maintenance.php
+
+          # Sets the HTTP_AUTHORIZATION header removed by Apache
+          RewriteCond %{HTTP:Authorization} .
+          RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+
+          RewriteCond %{ENV:REDIRECT_STATUS} ^$
+          RewriteRule ^app_dev\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
+
+          # If the requested filename exists, simply serve it.
+          # We only want to let Apache serve files and not directories.
+          RewriteCond %{REQUEST_FILENAME} -f
+          RewriteRule ^ - [L]
+
+          # Rewrite all other queries to the front controller.
+          RewriteRule ^ %{ENV:BASE}/app_dev.php [L]
+        </IfModule>
+
+      </Directory>
+      '' else ""}
+      '';
+    };
+    activationScript = {
+      deps = [ "wrappers" ];
+      text = ''
+      install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
+        ${varDir}/medias \
+        ${varDir}/uploads \
+        ${varDir}/var
+      if [ ! -f "${varDir}/currentWebappDir" -o \
+          "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then
+        pushd ${webappDir} > /dev/null
+        $wrapperDir/sudo -u wwwrun ./bin/console --env=${environment} cache:clear --no-warmup
+        popd > /dev/null
+        echo -n "${webappDir}" > ${varDir}/currentWebappDir
+      fi
+      '';
+    };
+    webappDir = pkgs.stdenv.mkDerivation (fetchedGitPrivate ./connexionswing_master.json // rec {
+      # FIXME: can we do better than symlink?
+      # FIXME: imagick optional
+      # FIXME: initial sync
+      # FIXME: backup
+      buildPhase = ''
+        export GIT_SSL_CAINFO=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
+        export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
+
+        ln -sf ../../../../../${varDir}/{medias,uploads} web/images/
+        ln -sf ${configRoot} app/config/parameters.yml
+        ${if environment == "dev" then "php bin/composer install" else ''
+        SYMFONY_ENV=prod php bin/composer install --no-dev
+        ./bin/console assetic:dump --env=prod --no-debug
+        ''}
+        rm -rf var
+        ln -sf ../../../../../${varDir}/var var
+        '';
+      installPhase = ''
+        cp -a . $out
+        '';
+      buildInputs = [
+        pkgs.php pkgs.git pkgs.cacert
+      ];
+    });
+    webRoot = "${webappDir}/web";
+  };
+in 
+  connexionswing
diff --git a/virtual/connexionswing_master.json b/virtual/packages/connexionswing_master.json
similarity index 100%
rename from virtual/connexionswing_master.json
rename to virtual/packages/connexionswing_master.json
diff --git a/virtual/nextcloudConfig/mimetypealiases.json b/virtual/packages/nextcloud-config/mimetypealiases.json
similarity index 100%
rename from virtual/nextcloudConfig/mimetypealiases.json
rename to virtual/packages/nextcloud-config/mimetypealiases.json
diff --git a/virtual/nextcloudConfig/mimetypemapping.json b/virtual/packages/nextcloud-config/mimetypemapping.json
similarity index 100%
rename from virtual/nextcloudConfig/mimetypemapping.json
rename to virtual/packages/nextcloud-config/mimetypemapping.json
diff --git a/virtual/packages/nextcloud.nix b/virtual/packages/nextcloud.nix
new file mode 100644
index 0000000..99130e4
--- /dev/null
+++ b/virtual/packages/nextcloud.nix
@@ -0,0 +1,260 @@
+with import ../../libs.nix;
+with nixpkgs_unstable;
+let
+  nextcloud = let
+    # FIXME: initial sync
+    # FIXME: backup
+    buildApp = { appName, version, url, sha256, installPhase ? "mkdir -p $out && cp -R . $out/" }:
+      pkgs.stdenv.mkDerivation rec {
+        name = "nextcloud-app-${appName}-${version}";
+        inherit version;
+        phases = "unpackPhase installPhase";
+        inherit installPhase;
+        src = fetchurl { inherit url sha256; };
+      };
+    apps = {
+      # FIXME: nextcloud complains that he cannot write into config
+      # directory when an app needs upgrade
+      # /!\ Attention, just changing the version number is not
+      # sufficient when the downloaded file doesn’t contain the version
+      # number in it, sha256 needs to be recomputed
+      audioplayer = buildApp rec {
+        appName = "audioplayer";
+        version = "2.5.0";
+        url = "https://github.com/Rello/${appName}/releases/download/${version}/${appName}-${version}.tar.gz";
+        sha256 = "1pg4y51cv3agy28n4gfc8i7x1ya1yijxrmhpblm1n846vhmwdcm8";
+      };
+      bookmarks = buildApp rec {
+        appName = "bookmarks";
+        version = "0.14.3";
+        url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}-${version}.tar.gz";
+        sha256 = "0s7lkcl70izlkihnml1par0cac0wvckllyyga3jkb7k9vdg7d40c";
+      };
+      calendar = buildApp rec {
+        appName = "calendar";
+        version = "1.6.4";
+        url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz";
+        sha256 = "00dijvcvy7snsjslfbyzvpp9anhms22zp1f0zkj89ln33jmana63";
+      };
+      contacts = buildApp rec {
+        appName = "contacts";
+        version = "3.0.0";
+        url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz";
+        sha256 = "0fafy5kgzr5ldr3hxxxgmnw4y3qpjnv5ha1f1dlmqbc65s8frw7s";
+      };
+      deck = buildApp rec {
+        appName = "deck";
+        version = "0.5.2";
+        url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz";
+        sha256 = "1kygzixxdkp3dbma009p3pw0fj8wgcqcv39n7pay78lh6zi3nic7";
+      };
+      files_markdown = buildApp rec {
+        appName = "files_markdown";
+        version = "2.0.5";
+        url = "https://github.com/icewind1991/${appName}/releases/download/v${version}/${appName}.tar.gz";
+        sha256 = "1dzvy4c6vff2qmkwqw13dx92xdkafaxgnipswjw44mh0ncc2n9ym";
+      };
+      gpxedit = buildApp rec {
+        appName = "gpxedit";
+        version = "0.0.10";
+        url = "https://gitlab.com/eneiluj/gpxedit-oc/wikis/uploads/33d187268c5f6f6a55350d656305701c/${appName}-${version}.tar.gz";
+        sha256 = "0ynpaxm0xhvcj8xax6rm1w0p6j57wbqidhi7bhn268n483gwl2sw";
+      };
+      gpxpod = buildApp rec {
+        appName = "gpxpod";
+        version = "3.0.0";
+        url = "https://gitlab.com/eneiluj/gpxpod-oc/-/archive/v${version}/${appName}-oc-v${version}.tar.gz";
+        sha256 = "0smpi4r3z7zfl1612fb30cwm1xmpiq95c81zzqiwzjf288iys74k";
+      };
+      keeweb = buildApp rec {
+        appName = "keeweb";
+        version = "0.4.0";
+        url = "https://github.com/jhass/nextcloud-keeweb/releases/download/v${version}/${appName}-${version}.tar.gz";
+        sha256 = "0453kkb0a8vfivmibpwpx4bvhyn64jhns6cdfjacmnvbm6d75nj1";
+      };
+      notes = buildApp rec {
+        appName = "notes";
+        version = "2.5.1";
+        url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz";
+        sha256 = "1albzqqsdirzyw8vhvs7r0qm2wqp8vm9vmxm4crhncd85bk01hmh";
+      };
+      ocsms = buildApp rec {
+        appName = "ocsms";
+        version = "2.1.0";
+        url = "https://github.com/nextcloud/${appName}/releases/download/${version}/${appName}-${version}.tar.gz";
+        sha256 = "19xgs82js4sdf6j9478vg9li7za7csvcaa1hbq9nmrq441sbxk9c";
+      };
+      spreed = buildApp rec {
+        appName = "spreed";
+        version = "5.0.0";
+        url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}-${version}.tar.gz";
+        sha256 = "1d48mak1fnf1b28r2687yqamm4pxfg3qyxcj9ny31a6xg2cm0xa7";
+      };
+      tasks = buildApp rec {
+        appName = "tasks";
+        version = "0.9.8";
+        url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz";
+        sha256 = "089m124lfsfk09fqj50x9n7zndq97jp5afgb8s001rpmzym4g6ny";
+      };
+    };
+  in rec {
+    varDir = "/var/lib/nextcloud";
+    config_php =
+      assert checkEnv "NIXOPS_NEXTCLOUD_PASSWORD_SALT";
+      assert checkEnv "NIXOPS_NEXTCLOUD_DB_USER";
+      assert checkEnv "NIXOPS_NEXTCLOUD_DB_PASSWORD";
+      assert checkEnv "NIXOPS_NEXTCLOUD_INSTANCE_ID";
+      assert checkEnv "NIXOPS_NEXTCLOUD_SECRET";
+      assert checkEnv "NIXOPS_NEXTCLOUD_REDIS_DB_INDEX";
+      pkgs.writeText "config.php" ''
+      <?php
+      $CONFIG = array (
+        'instanceid' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_INSTANCE_ID"}',
+        'datadirectory' => '/var/lib/nextcloud/',
+        'passwordsalt' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_PASSWORD_SALT"}',
+        'debug' => false,
+        'dbtype' => 'pgsql',
+        'version' => '15.0.0.10',
+        'dbname' => 'webapps',
+        'dbhost' => '/tmp',
+        'dbtableprefix' => 'oc_',
+        'dbuser' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_DB_USER"}',
+        'dbpassword' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_DB_PASSWORD"}',
+        'installed' => true,
+        'maxZipInputSize' => 0,
+        'allowZipDownload' => true,
+        'forcessl' => true,
+        'theme' => ${"''"},
+        'maintenance' => false,
+        'trusted_domains' =>
+        array (
+          0 => 'cloud.immae.eu',
+        ),
+        'secret' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_SECRET"}',
+        'appstoreenabled' => false,
+        'appstore.experimental.enabled' => true,
+        'loglevel' => 0,
+        'trashbin_retention_obligation' => 'auto',
+        'htaccess.RewriteBase' => '/',
+        'mail_smtpmode' => 'smtp',
+        'mail_smtphost' => 'mail.immae.eu',
+        'mail_smtpname' => ${"''"},
+        'mail_smtppassword' => ${"''"},
+        'mail_from_address' => 'owncloud',
+        'mail_smtpauth' => false,
+        'mail_domain' => 'immae.eu',
+        'memcache.local' => '\\OC\\Memcache\\APCu',
+        'memcache.locking' => '\\OC\\Memcache\\Redis',
+        'filelocking.enabled' => true,
+        'redis' =>
+        array (
+          'host' => 'localhost',
+          'port' => 6379,
+          'dbindex' => ${builtins.getEnv "NIXOPS_NEXTCLOUD_REDIS_DB_INDEX"},
+        ),
+        'overwrite.cli.url' => 'https://cloud.immae.eu',
+        'ldapIgnoreNamingRules' => false,
+        'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory',
+        'config_is_read_only' => true,
+      );
+      '';
+    config = stdenv.mkDerivation rec {
+      name = "nextcloud-config";
+      src = ./nextcloud-config;
+      phases = "installPhase";
+      installPhase = ''
+        mkdir -p $out
+        cp -r $src/* $out
+        cp ${config_php} $out/config.php
+      '';
+    };
+    webRoot = stdenv.mkDerivation rec {
+      name = "nextcloud-${version}";
+      version = "15.0.0";
+
+      src = fetchurl {
+        url = "https://download.nextcloud.com/server/releases/${name}.tar.bz2";
+        sha256 = "0y7bk1588n5rmmranmmrkajh50074460hr4v052ahg9mf60wbc2v";
+      };
+
+      installPhase = ''
+        mkdir -p $out/
+        cp -R . $out/
+        rm -r $out/config
+        ln -sf ${config} $out/config
+        ${builtins.concatStringsSep "\n" (
+          pkgs.lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/apps/${name}") apps
+        )}
+      '';
+
+      meta = {
+        description = "Sharing solution for files, calendars, contacts and more";
+        homepage = https://nextcloud.com;
+        maintainers = with stdenv.lib.maintainers; [ schneefux bachp globin fpletz ];
+        license = stdenv.lib.licenses.agpl3Plus;
+        platforms = with stdenv.lib.platforms; unix;
+      };
+    };
+    activationScript = {
+      deps = [ ];
+      text = ''
+        install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}
+      '';
+    };
+    apache = {
+      user = "wwwrun";
+      group = "wwwrun";
+      modules = [ "proxy_fcgi" ];
+      vhostConf = ''
+        <Directory ${webRoot}>
+          AcceptPathInfo On
+          DirectoryIndex index.php
+          Options FollowSymlinks
+          Require all granted
+          AllowOverride all
+
+          <IfModule mod_headers.c>
+            Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
+          </IfModule>
+          <FilesMatch "\.php$">
+            CGIPassAuth on
+            SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+          </FilesMatch>
+
+        </Directory>
+
+        '';
+    };
+    phpFpm = rec {
+      basedir = builtins.concatStringsSep ":" (
+        [ webRoot varDir config ]
+        ++ pkgs.lib.attrsets.mapAttrsToList (name: value: value) apps);
+      socket = "/var/run/phpfpm/nextcloud.sock";
+      pool = ''
+        listen = ${socket}
+        user = ${apache.user}
+        group = ${apache.group}
+        listen.owner = ${apache.user}
+        listen.group = ${apache.group}
+        pm = ondemand
+        pm.max_children = 60
+        pm.process_idle_timeout = 60
+
+        php_admin_value[output_buffering] = 0
+        php_admin_value[max_execution_time] = 1800
+        php_admin_value[zend_extension] = "opcache"
+        ;php_value[opcache.enable] = 1
+        php_value[opcache.enable_cli] = 1
+        php_value[opcache.interned_strings_buffer] = 8
+        php_value[opcache.max_accelerated_files] = 10000
+        php_value[opcache.memory_consumption] = 128
+        php_value[opcache.save_comments] = 1
+        php_value[opcache.revalidate_freq] = 1
+        php_admin_value[memory_limit] = 512M
+
+        php_admin_value[open_basedir] = "${basedir}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp"
+        '';
+    };
+  };
+in
+  nextcloud
diff --git a/virtual/packages/ympd.nix b/virtual/packages/ympd.nix
new file mode 100644
index 0000000..643c860
--- /dev/null
+++ b/virtual/packages/ympd.nix
@@ -0,0 +1,36 @@
+with import ../../libs.nix;
+with nixpkgs_unstable;
+let
+  ympd = rec {
+    config = {
+      webPort = "localhost:18001";
+      mpd = {
+        host = "malige.home.immae.eu";
+        port = 6600;
+      };
+    };
+    apache = {
+      modules = [
+        "proxy_wstunnel"
+        ];
+      vhostConf = ''
+        <LocationMatch "^/mpd">
+          Use LDAPConnect
+          Require ldap-group   cn=users,cn=mpd,ou=services,dc=immae,dc=eu
+          Require local
+        </LocationMatch>
+
+        RedirectMatch permanent "^/mpd$" "/mpd/"
+        <Location "/mpd/">
+          ProxyPass http://${config.webPort}/
+          ProxyPassReverse http://${config.webPort}/
+          ProxyPreserveHost on
+        </Location>
+        <Location "/mpd/ws">
+          ProxyPass ws://${config.webPort}/ws
+        </Location>
+      '';
+    };
+  };
+in
+  ympd
-- 
2.41.0