};
eldiron = { config, pkgs, ... }:
- let mypkgs = import ./packages.nix;
- mylibs = import ../libs.nix;
+ with import ../libs.nix;
+ let
+ mypkgs = nixpkgs_unstable.callPackage ./packages.nix {
+ inherit checkEnv fetchedGitPrivate fetchedGithub;
+ gitwebOverride = nixpkgs_unstable.gitweb.overrideAttrs(old: {
+ installPhase = old.installPhase + ''
+ cp -r ${./packages/gitweb} $out/gitweb-theme;
+ '';
+ });
+ };
in
{
# FIXME: they are not overriden in packages.nix
chown redis /run/redis
'';
gitolite =
- assert mylibs.checkEnv "NIXOPS_GITOLITE_LDAP_PASSWORD";
+ assert checkEnv "NIXOPS_GITOLITE_LDAP_PASSWORD";
let
- gitolite_ldap_groups = mylibs.wrap {
+ gitolite_ldap_groups = wrap {
name = "gitolite_ldap_groups.sh";
file = ./packages/gitolite_ldap_groups.sh;
vars = {
environment.etc."ssh/ldap_authorized_keys" = let
ldap_authorized_keys =
- assert mylibs.checkEnv "NIXOPS_SSHD_LDAP_PASSWORD";
- mylibs.wrap {
+ assert checkEnv "NIXOPS_SSHD_LDAP_PASSWORD";
+ wrap {
name = "ldap_authorized_keys";
file = ./ldap_authorized_keys.sh;
vars = {
};
ldap = {
modules = [ "ldap" "authnz_ldap" ];
- extraConfig = assert mylibs.checkEnv "NIXOPS_HTTP_LDAP_PASSWORD"; ''
+ extraConfig = assert checkEnv "NIXOPS_HTTP_LDAP_PASSWORD"; ''
<IfModule ldap_module>
LDAPSharedCacheSize 500000
LDAPCacheEntries 1024
security.pam.services = let
pam_ldap = pkgs.pam_ldap;
- pam_ldap_mysql = assert mylibs.checkEnv "NIXOPS_MYSQL_PAM_PASSWORD";
+ pam_ldap_mysql = assert checkEnv "NIXOPS_MYSQL_PAM_PASSWORD";
pkgs.writeText "mysql.conf" ''
host ldap.immae.eu
base dc=immae,dc=eu
-with import ../libs.nix;
-with nixpkgs_unstable;
+{ callPackage, checkEnv, fetchedGitPrivate, fetchedGithub, gitwebOverride }:
let
- connexionswing = import ./packages/connexionswing.nix;
- nextcloud = import ./packages/nextcloud.nix;
- adminer = import ./packages/adminer.nix;
- ympd = import ./packages/ympd.nix;
- gitweb = import ./packages/gitweb.nix;
- mantisbt = import ./packages/mantisbt.nix;
+ connexionswing = callPackage ./packages/connexionswing.nix { inherit checkEnv fetchedGitPrivate; };
+ nextcloud = callPackage ./packages/nextcloud.nix { inherit checkEnv; };
+ adminer = callPackage ./packages/adminer.nix {};
+ ympd = callPackage ./packages/ympd.nix {};
+ gitweb = callPackage ./packages/gitweb.nix { gitweb = gitwebOverride; };
+ mantisbt = callPackage ./packages/mantisbt.nix { inherit checkEnv fetchedGithub; };
in
{
inherit adminer;
-with import ../../libs.nix;
-with nixpkgs_unstable;
+{ stdenv, fetchurl, nginx }:
let
adminer = rec {
- webRoot = pkgs.stdenv.mkDerivation rec {
+ webRoot = stdenv.mkDerivation rec {
version = "4.7.0";
name = "adminer-${version}";
- src = pkgs.fetchurl {
+ src = fetchurl {
url = "https://www.adminer.org/static/download/${version}/${name}.php";
sha256 = "1qq2g7rbfh2vrqfm3g0bz0qs057b049n0mhabnsbd1sgnpvnc5z7";
};
alias = webRoot;
index = "index.php";
extraConfig = ''
- include ${pkgs.nginx}/conf/fastcgi.conf;
+ include ${nginx}/conf/fastcgi.conf;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_param HTTP_PROXY "";
fastcgi_param SCRIPT_FILENAME ${webRoot}/index.php;
-with import ../../libs.nix;
-with nixpkgs_unstable;
+{ lib, checkEnv, writeText, fetchedGitPrivate, stdenv, php, git, cacert }:
let
connexionswing = { environment ? "dev" }: rec {
varDir = "/var/lib/connexionswing_${environment}";
assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_NAME";
assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_SECRET";
assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_EMAIL";
- pkgs.writeText "parameters.yml" ''
+ writeText "parameters.yml" ''
# This file is auto-generated during the composer install
parameters:
database_host: db-1.immae.eu
fi
'';
};
- webappDir = pkgs.stdenv.mkDerivation (fetchedGitPrivate ./connexionswing_master.json // rec {
+ webappDir = stdenv.mkDerivation (fetchedGitPrivate ./connexionswing_master.json // rec {
# FIXME: can we do better than symlink?
# FIXME: imagick optional
# FIXME: initial sync
# FIXME: backup
# FIXME: replace with pkgs.phpPackages.composer
buildPhase = ''
- export GIT_SSL_CAINFO=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
- export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
+ export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
+ export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
ln -sf ../../../../../${varDir}/{medias,uploads} web/images/
ln -sf ${configRoot} app/config/parameters.yml
cp -a . $out
'';
buildInputs = [
- pkgs.php pkgs.git pkgs.cacert
+ php git cacert
];
});
webRoot = "${webappDir}/web";
};
-in
+in
connexionswing
-with import ../../libs.nix;
-with nixpkgs_unstable;
-let
- gitweb = rec {
- varDir = "/var/lib/gitolite";
- webRoot = pkgs.gitweb.overrideAttrs(old: {
- installPhase = old.installPhase + ''
- cp -r ${./gitweb} $out/gitweb-theme;
- '';
- });
- config = pkgs.writeText "gitweb.conf" ''
- $git_temp = "/tmp";
+{ gitweb, writeText, gitolite, git }:
+rec {
+ varDir = "/var/lib/gitolite";
+ webRoot = gitweb;
+ config = writeText "gitweb.conf" ''
+ $git_temp = "/tmp";
- # The directories where your projects are. Must not end with a
- # slash.
- $projectroot = "${varDir}/repositories";
+ # The directories where your projects are. Must not end with a
+ # slash.
+ $projectroot = "${varDir}/repositories";
- $projects_list = "${varDir}/projects.list";
- $strict_export = "true";
+ $projects_list = "${varDir}/projects.list";
+ $strict_export = "true";
- # Base URLs for links displayed in the web interface.
- our @git_base_url_list = qw(ssh://gitolite@git.immae.eu https://git.immae.eu);
+ # Base URLs for links displayed in the web interface.
+ our @git_base_url_list = qw(ssh://gitolite@git.immae.eu https://git.immae.eu);
- $feature{'blame'}{'default'} = [1];
- $feature{'avatar'}{'default'} = ['gravatar'];
- $feature{'highlight'}{'default'} = [1];
+ $feature{'blame'}{'default'} = [1];
+ $feature{'avatar'}{'default'} = ['gravatar'];
+ $feature{'highlight'}{'default'} = [1];
- @stylesheets = ("gitweb-theme/gitweb.css");
- $logo = "gitweb-theme/git-logo.png";
- $favicon = "gitweb-theme/git-favicon.png";
- $javascript = "gitweb-theme/gitweb.js";
- $logo_url = "https://git.immae.eu/";
- $projects_list_group_categories = "true";
- $projects_list_description_width = 60;
- $project_list_default_category = "__Others__";
- '';
- apache = {
- user = "wwwrun";
- group = "wwwrun";
- modules = [ "cgid" ];
- vhostConf = ''
- SetEnv GIT_PROJECT_ROOT ${varDir}/repositories/
- ScriptAliasMatch \
- "(?x)^/(.*/(HEAD | \
- info/refs | \
- objects/(info/[^/]+ | \
- [0-9a-f]{2}/[0-9a-f]{38} | \
- pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
- git-(upload|receive)-pack))$" \
- ${pkgs.git}/libexec/git-core/git-http-backend/$1
+ @stylesheets = ("gitweb-theme/gitweb.css");
+ $logo = "gitweb-theme/git-logo.png";
+ $favicon = "gitweb-theme/git-favicon.png";
+ $javascript = "gitweb-theme/gitweb.js";
+ $logo_url = "https://git.immae.eu/";
+ $projects_list_group_categories = "true";
+ $projects_list_description_width = 60;
+ $project_list_default_category = "__Others__";
+ '';
+ apache = {
+ user = "wwwrun";
+ group = "wwwrun";
+ modules = [ "cgid" ];
+ vhostConf = ''
+ SetEnv GIT_PROJECT_ROOT ${varDir}/repositories/
+ ScriptAliasMatch \
+ "(?x)^/(.*/(HEAD | \
+ info/refs | \
+ objects/(info/[^/]+ | \
+ [0-9a-f]{2}/[0-9a-f]{38} | \
+ pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
+ git-(upload|receive)-pack))$" \
+ ${git}/libexec/git-core/git-http-backend/$1
- <Directory "${pkgs.gitolite}">
- Require all granted
- </Directory>
- <Directory "${pkgs.git}/libexec/git-core">
- Require all granted
- </Directory>
- <Directory "${webRoot}">
- DirectoryIndex gitweb.cgi
- Require all granted
- AllowOverride None
- Options ExecCGI FollowSymLinks
- <Files gitweb.cgi>
- SetHandler cgi-script
- SetEnv GITWEB_CONFIG "${config}"
- </Files>
- </Directory>
- '';
+ <Directory "${gitolite}">
+ Require all granted
+ </Directory>
+ <Directory "${git}/libexec/git-core">
+ Require all granted
+ </Directory>
+ <Directory "${webRoot}">
+ DirectoryIndex gitweb.cgi
+ Require all granted
+ AllowOverride None
+ Options ExecCGI FollowSymLinks
+ <Files gitweb.cgi>
+ SetHandler cgi-script
+ SetEnv GITWEB_CONFIG "${config}"
+ </Files>
+ </Directory>
+ '';
};
-};
-in
- gitweb
+}
-with import ../../libs.nix;
-with nixpkgs_unstable;
+{ lib, checkEnv, writeText, stdenv, fetchurl, fetchedGithub }:
let
# FIXME: check that source-integration and slack still work
mantisbt = let
assert checkEnv "NIXOPS_MANTISBT_DB_PASSWORD";
assert checkEnv "NIXOPS_MANTISBT_MASTER_SALT";
assert checkEnv "NIXOPS_MANTISBT_LDAP_PASSWORD";
- pkgs.writeText "config_inc.php" ''
+ writeText "config_inc.php" ''
<?php
$g_hostname = 'db-1.immae.eu';
$g_db_username = 'mantisbt';
phpFpm = rec {
basedir = builtins.concatStringsSep ":" (
[ webRoot config ]
- ++ pkgs.lib.attrsets.mapAttrsToList (name: value: value) plugins);
+ ++ lib.attrsets.mapAttrsToList (name: value: value) plugins);
socket = "/var/run/phpfpm/mantisbt.sock";
pool = ''
listen = ${socket}
-with import ../../libs.nix;
-with nixpkgs_unstable;
+{ stdenv, fetchurl, checkEnv, writeText, lib }:
let
nextcloud = let
# FIXME: initial sync
# FIXME: backup
buildApp = { appName, version, url, sha256, installPhase ? "mkdir -p $out && cp -R . $out/" }:
- pkgs.stdenv.mkDerivation rec {
+ stdenv.mkDerivation rec {
name = "nextcloud-app-${appName}-${version}";
inherit version;
phases = "unpackPhase installPhase";
assert checkEnv "NIXOPS_NEXTCLOUD_INSTANCE_ID";
assert checkEnv "NIXOPS_NEXTCLOUD_SECRET";
assert checkEnv "NIXOPS_NEXTCLOUD_REDIS_DB_INDEX";
- pkgs.writeText "config.php" ''
+ writeText "config.php" ''
<?php
$CONFIG = array (
'instanceid' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_INSTANCE_ID"}',
rm -r $out/config
ln -sf ${config} $out/config
${builtins.concatStringsSep "\n" (
- pkgs.lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/apps/${name}") apps
+ lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/apps/${name}") apps
)}
'';
meta = {
description = "Sharing solution for files, calendars, contacts and more";
homepage = https://nextcloud.com;
- maintainers = with stdenv.lib.maintainers; [ schneefux bachp globin fpletz ];
- license = stdenv.lib.licenses.agpl3Plus;
- platforms = with stdenv.lib.platforms; unix;
+ maintainers = with lib.maintainers; [ schneefux bachp globin fpletz ];
+ license = lib.licenses.agpl3Plus;
+ platforms = with lib.platforms; unix;
};
};
activationScript = {
phpFpm = rec {
basedir = builtins.concatStringsSep ":" (
[ webRoot varDir config ]
- ++ pkgs.lib.attrsets.mapAttrsToList (name: value: value) apps);
+ ++ lib.attrsets.mapAttrsToList (name: value: value) apps);
socket = "/var/run/phpfpm/nextcloud.sock";
pool = ''
listen = ${socket}
-with import ../../libs.nix;
-with nixpkgs_unstable;
+{}:
let
ympd = rec {
config = {