]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - virtual/eldiron.nix
projects / perso / Immae / Config / Nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Refactor websites.
[perso/Immae/Config/Nix.git] / virtual / eldiron.nix
diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix
index cefef7048977cc70b0ecea12710368b776288751..097052124b5b8878294e9e3be54ecb64b3bac1f5 100644 (file)
--- a/virtual/eldiron.nix
+++ b/virtual/eldiron.nix
@@ -9,11 +9,6 @@
   # rsync -e "ssh -i /root/.ssh/id_charon_vpn" -aAXvz --delete --numeric-ids --super --rsync-path="sudo rsync" /var/lib/* immae@immae.eu:
   eldiron = { config, pkgs, mylibs, myconfig, ... }:
     with mylibs;
-    let
-        mypkgs = pkgs.callPackage ./packages.nix {
-          inherit checkEnv fetchedGit fetchedGithub;
-        };
-    in
   {
     _module.args = {
       mylibs = import ../libs.nix;
@@ -28,22 +23,20 @@
 
     imports = [
       ./modules/certificates.nix
-      ./modules/gitolite.nix
-      ./modules/gitweb
-      ./modules/databases.nix
+      ./modules/gitolite
+      ./modules/databases
       ./modules/websites
-      ./modules/websites/phpfpm
     ];
     services.myGitolite.enable = true;
-    services.myGitweb.enable = true;
     services.myDatabases.enable = true;
     services.myWebsites.production.enable = true;
     services.myWebsites.integration.enable = true;
+    services.myWebsites.tools.enable = true;
 
     networking = {
       firewall = {
         enable = true;
-        allowedTCPPorts = [ 22 9418 ];
+        allowedTCPPorts = [ 22 ];
       };
     };
 
@@ -67,74 +60,17 @@
       };
     };
 
-    environment.systemPackages = let
-      # FIXME: move it to nextcloud
-      occ = pkgs.writeScriptBin "nextcloud-occ" ''
-        #! ${pkgs.stdenv.shell}
-        cd ${mypkgs.nextcloud.webRoot}
-        NEXTCLOUD_CONFIG_DIR="${mypkgs.nextcloud.webRoot}/config" \
-          exec \
-          ${pkgs.php}/bin/php \
-          -c ${pkgs.php}/etc/php.ini \
-          occ $*
-        '';
-    in [
+    environment.systemPackages = [
       pkgs.telnet
       pkgs.htop
       pkgs.vim
-      occ
     ];
 
-    security.acme.certs."eldiron".extraDomains = {
-      "db-1.immae.eu" = null;
-      "tools.immae.eu" = null;
-      "cloud.immae.eu" = null;
-      "dav.immae.eu" = null;
-    };
-
     services.openssh.extraConfig = ''
       AuthorizedKeysCommand     /etc/ssh/ldap_authorized_keys
       AuthorizedKeysCommandUser nobody
       '';
 
-    services.ympd = mypkgs.ympd.config // { enable = false; };
-
-    services.myPhpfpm = {
-      phpPackage = pkgs.php;
-      phpOptions = ''
-        session.save_path = "/var/lib/php/sessions"
-        session.gc_maxlifetime = 60*60*24*15
-        session.cache_expire = 60*24*30
-        '';
-      extraConfig = ''
-        log_level = notice
-        '';
-      poolPhpConfigs = {
-        nextcloud = mypkgs.nextcloud.phpFpm.phpConfig;
-      };
-      poolConfigs = {
-        adminer = mypkgs.adminer.phpFpm.pool;
-        nextcloud = mypkgs.nextcloud.phpFpm.pool;
-        mantisbt = mypkgs.mantisbt.phpFpm.pool;
-        ttrss = mypkgs.ttrss.phpFpm.pool;
-        roundcubemail = mypkgs.roundcubemail.phpFpm.pool;
-        davical = mypkgs.davical.phpFpm.pool;
-      };
-    };
-
-    system.activationScripts = {
-      nextcloud = mypkgs.nextcloud.activationScript;
-      ttrss = mypkgs.ttrss.activationScript;
-      roundcubemail = mypkgs.roundcubemail.activationScript;
-      httpd = ''
-        install -d -m 0755 /var/lib/acme/acme-challenge
-        install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions
-        install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/adminer
-        install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/mantisbt
-        install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/davical
-        '';
-    };
-
     environment.etc."ssh/ldap_authorized_keys" = let
       ldap_authorized_keys =
         assert checkEnv "NIXOPS_SSHD_LDAP_PASSWORD";
@@ -155,19 +91,5 @@
       source = ldap_authorized_keys;
     };
 
-    systemd.services.tt-rss = {
-      description = "Tiny Tiny RSS feeds update daemon";
-      serviceConfig = {
-        User = "wwwrun";
-        ExecStart = "${pkgs.php}/bin/php ${mypkgs.ttrss.webRoot}/update.php --daemon";
-        StandardOutput = "syslog";
-        StandardError = "syslog";
-        PermissionsStartOnly = true;
-      };
-
-      wantedBy = [ "multi-user.target" ];
-      requires = ["postgresql.service"];
-      after = ["network.target" "postgresql.service"];
-    };
   };
 }
My infrastructure configuration