From: Ismaël Bouya Date: Mon, 21 Jan 2019 20:06:33 +0000 (+0100) Subject: Move all fixmes to mantisbt issue tracking X-Git-Tag: nur_publish~314 X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=commitdiff_plain;h=a5365ec3d924a91abdd80c4f58d2158472788de9 Move all fixmes to mantisbt issue tracking Fixes https://git.immae.eu/mantisbt/view.php?id=111 --- diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix index 8168abc..48266c8 100644 --- a/virtual/eldiron.nix +++ b/virtual/eldiron.nix @@ -4,13 +4,6 @@ enableRollback = true; }; - # FIXME: improve purity by enforcing sandbox = true in - # /etc/nix/nix.conf (need to do something about environment variables - # before) - - # Full backup: - # The star after /var/lib/* avoids deleting all folders in case of problem - # rsync -e "ssh -i /root/.ssh/id_charon_vpn" -aAXvz --delete --numeric-ids --super --rsync-path="sudo rsync" /var/lib/* immae@immae.eu: eldiron = { config, pkgs, mylibs, myconfig, ... }: with mylibs; { diff --git a/virtual/modules/certificates.nix b/virtual/modules/certificates.nix index 09484e6..7fae729 100644 --- a/virtual/modules/certificates.nix +++ b/virtual/modules/certificates.nix @@ -15,12 +15,9 @@ }; config = { - # FIXME: doesn't work with httpd? security.acme.preliminarySelfsigned = true; security.acme.certs = { - # FIXME: /!\ To create a new certificate, create it before using - # it in httpd "eldiron" = config.services.myCertificates.certConfig // { domain = "eldiron.immae.eu"; }; diff --git a/virtual/modules/databases/default.nix b/virtual/modules/databases/default.nix index b896428..e3a5612 100644 --- a/virtual/modules/databases/default.nix +++ b/virtual/modules/databases/default.nix @@ -57,18 +57,11 @@ in { networking.firewall.allowedTCPPorts = [ 3306 5432 ]; - # FIXME: initial sync - # FIXME: backup - # FIXME: restart after pam - # FIXME: pam access doesn’t work (because of php module) - # FIXME: ssl services.mysql = rec { enable = cfg.mariadb.enable; package = pkgs.mariadb; }; - # Cannot use eldiron: psql complains too much rights on the key, and - # setfacl cannot work properly because of acme prestart script security.acme.certs."postgresql" = config.services.myCertificates.certConfig // { user = "postgres"; group = "postgres"; @@ -83,7 +76,6 @@ in { install -m 0755 -o postgres -g postgres -d /run/postgresql ''; - # FIXME: initial sync services.postgresql = rec { enable = cfg.postgresql.enable; package = pkgs.postgresql; @@ -161,7 +153,6 @@ in { } ]; - # FIXME: backup # Diaspora: 15 # Nextcloud: 14 # Mastodon: 13 diff --git a/virtual/modules/gitolite/default.nix b/virtual/modules/gitolite/default.nix index 78691fa..b8ecb15 100644 --- a/virtual/modules/gitolite/default.nix +++ b/virtual/modules/gitolite/default.nix @@ -68,18 +68,9 @@ in { [ (pkgs.python3.withPackages python-packages) ]; - # FIXME: after initial install, need to - # (1) copy rc file (adjust gitolite_ldap_groups.sh) - # (2) (mark old readonly and) sync repos except gitolite-admin - # rsync -av --exclude=gitolite-admin.git old:/var/lib/gitolite/repositories /var/lib/gitolite/ - # chown -R gitolite:gitolite /var/lib/gitolite - # (3) push force the gitolite-admin to new location (from external point) - # Don't use an existing key, it will take precedence over - # gitolite-admin - # (4) su -u gitolite gitolite setup + # Installation: https://git.immae.eu/mantisbt/view.php?id=93 services.gitolite = { enable = true; - # FIXME: key from ./ssh adminPubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXqRbiHw7QoHADNIEuo4nUT9fSOIEBMdJZH0bkQAxXyJFyCM1IMz0pxsHV0wu9tdkkr36bPEUj2aV5bkYLBN6nxcV2Y49X8bjOSCPfx3n6Own1h+NeZVBj4ZByrFmqCbTxUJIZ2bZKcWOFncML39VmWdsVhNjg0X4NBBehqXRIKr2gt3E/ESAxTYJFm0BnU0baciw9cN0bsRGqvFgf5h2P48CIAfwhVcGmPQnnAwabnosYQzRWxR0OygH5Kd8mePh6FheIRIigfXsDO8f/jdxwut8buvNIf3m5EBr3tUbTsvM+eV3M5vKGt7sk8T64DVtepTSdOOWtp+47ktsnHOMh immae@immae.eu"; }; }; diff --git a/virtual/modules/websites/aten/aten.nix b/virtual/modules/websites/aten/aten.nix index d67f7b7..7eec525 100644 --- a/virtual/modules/websites/aten/aten.nix +++ b/virtual/modules/websites/aten/aten.nix @@ -92,10 +92,6 @@ let ''; }; webappDir = stdenv.mkDerivation (fetchedGitPrivate ./aten.json // rec { - # FIXME: can we do better than symlink? - # FIXME: initial sync - # FIXME: backup - # FIXME: usage statistics buildPhase = '' export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt diff --git a/virtual/modules/websites/commons/stats.nix b/virtual/modules/websites/commons/stats.nix index a7ade3b..b5bf0e0 100644 --- a/virtual/modules/websites/commons/stats.nix +++ b/virtual/modules/websites/commons/stats.nix @@ -6,8 +6,12 @@ in { services.myWebsites.commons.stats = { enable = lib.mkEnableOption "enable statistics"; sites = lib.mkOption { - # FIXME: specify - type = lib.types.listOf (lib.types.unspecified); + type = lib.types.listOf (lib.types.submodule { + options = { + conf = lib.mkOption { type = lib.types.path; }; + name = lib.mkOption { type = lib.types.string; }; + }; + }); default = []; description = "Sites to generate stats"; }; @@ -51,13 +55,10 @@ in { goaccess $TMPFILE --no-progress -o /var/lib/goaccess/${domain}/index.html -p ${conf} ''; in "${d}/bin/stats-${domain}"; - # FIXME: running several goaccess simultaneously seems to be - # bugged? in pkgs.lib.lists.imap0 (i: v: "${toString (i+5)} 0 * * * root ${stats v.name v.conf}") cfg.sites; }; - # FIXME: initial sync system.activationScripts.goaccess = '' mkdir -p /var/lib/goaccess '' + diff --git a/virtual/modules/websites/connexionswing/connexionswing.nix b/virtual/modules/websites/connexionswing/connexionswing.nix index 90cca73..71f3c0b 100644 --- a/virtual/modules/websites/connexionswing/connexionswing.nix +++ b/virtual/modules/websites/connexionswing/connexionswing.nix @@ -4,7 +4,6 @@ let varDir = "/var/lib/connexionswing_${environment}"; envName= lib.strings.toUpper environment; configRoot = - # FIXME: spool emails in prod for when immae.eu is down? assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_PASSWORD"; assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_USER"; assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_NAME"; @@ -149,11 +148,6 @@ let ''; }; webappDir = stdenv.mkDerivation (fetchedGitPrivate ./connexionswing.json // rec { - # FIXME: can we do better than symlink? - # FIXME: imagick optional - # FIXME: initial sync - # FIXME: backup - # FIXME: replace with pkgs.phpPackages.composer buildPhase = '' export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt diff --git a/virtual/modules/websites/default.nix b/virtual/modules/websites/default.nix index 4b1490b..cfd1f86 100644 --- a/virtual/modules/websites/default.nix +++ b/virtual/modules/websites/default.nix @@ -203,7 +203,6 @@ in }; ldap = { modules = [ "ldap" "authnz_ldap" ]; - # FIXME: starttls extraConfig = assert mylibs.checkEnv "NIXOPS_HTTP_LDAP_PASSWORD"; '' LDAPSharedCacheSize 500000 @@ -283,8 +282,6 @@ in ''; }; - # FIXME: logrotate - # FIXME: ipv6 services.httpdProd = makeService "production" config.services.myWebsites.production; services.myWebsites.production.modules = pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig); services.myWebsites.production.extraConfig = (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig)); diff --git a/virtual/modules/websites/ludivine/ludivinecassal.nix b/virtual/modules/websites/ludivine/ludivinecassal.nix index 2d0217b..138ea9f 100644 --- a/virtual/modules/websites/ludivine/ludivinecassal.nix +++ b/virtual/modules/websites/ludivine/ludivinecassal.nix @@ -150,11 +150,8 @@ let ''; }; webappDir = stdenv.mkDerivation (fetchedGitPrivate ./ludivinecassal.json // rec { - # FIXME: can we do better than symlink? - # FIXME: initial sync - # FIXME: backup - # FIXME: miniatures and data need to be in the same dir due to a - # bug in leapt.im (searches for data/../miniatures) + # /!\ miniatures and data need to be in the same dir due to a + # bug in leapt.im (searches for data/../miniatures) buildPhase = '' export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt diff --git a/virtual/modules/websites/piedsjaloux/piedsjaloux.nix b/virtual/modules/websites/piedsjaloux/piedsjaloux.nix index 1c3d8b7..4bbf148 100644 --- a/virtual/modules/websites/piedsjaloux/piedsjaloux.nix +++ b/virtual/modules/websites/piedsjaloux/piedsjaloux.nix @@ -135,15 +135,8 @@ let ''; }; webappDir = stdenv.mkDerivation (fetchedGitPrivate ./piedsjaloux.json // rec { - # FIXME: can we do better than symlink? - # FIXME: initial sync - # FIXME: backup - # FIXME: miniatures and data need to be in the same dir due to a - # bug in leapt.im (searches for data/../miniatures) - # FIXME: var/bootstrap.php.cache doesn't get created - # (cannot work with var as a symlink since the file - # references ..) - # FIXME: configuration change should not trigger a rebuild + # /!\ miniatures and data need to be in the same dir due to a + # bug in leapt.im (searches for data/../miniatures) buildPhase = '' export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt diff --git a/virtual/modules/websites/tellesflorian/tellesflorian.nix b/virtual/modules/websites/tellesflorian/tellesflorian.nix index b6b9d4e..2191b31 100644 --- a/virtual/modules/websites/tellesflorian/tellesflorian.nix +++ b/virtual/modules/websites/tellesflorian/tellesflorian.nix @@ -5,7 +5,6 @@ let varDir = "/var/lib/tellesflorian_${environment}"; envName= lib.strings.toUpper environment; configRoot = - # FIXME: spool emails in prod for when immae.eu is down? assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"; assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"; assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME"; @@ -141,9 +140,6 @@ let ''; }; webappDir = stdenv.mkDerivation (fetchedGitPrivate ./tellesflorian.json // rec { - # FIXME: can we do better than symlink? - # FIXME: initial sync - # FIXME: backup buildPhase = '' export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt diff --git a/virtual/modules/websites/tools/cloud/nextcloud.nix b/virtual/modules/websites/tools/cloud/nextcloud.nix index 5849774..b9c8d04 100644 --- a/virtual/modules/websites/tools/cloud/nextcloud.nix +++ b/virtual/modules/websites/tools/cloud/nextcloud.nix @@ -1,8 +1,6 @@ { stdenv, fetchurl, checkEnv, writeText, lib, phpPackages, php }: let nextcloud = let - # FIXME: initial sync - # FIXME: backup buildApp = { appName, version, url, sha256, installPhase ? "mkdir -p $out && cp -R . $out/" }: stdenv.mkDerivation rec { name = "nextcloud-app-${appName}-${version}"; @@ -12,11 +10,6 @@ let src = fetchurl { inherit url sha256; }; }; apps = { - # FIXME: nextcloud complains that he cannot write into config - # directory when an app needs upgrade - # /!\ Attention, just changing the version number is not - # sufficient when the downloaded file doesn’t contain the version - # number in it, sha256 needs to be recomputed audioplayer = buildApp rec { appName = "audioplayer"; version = "2.5.0"; diff --git a/virtual/modules/websites/tools/dav/davical.nix b/virtual/modules/websites/tools/dav/davical.nix index 697bd60..cf528ad 100644 --- a/virtual/modules/websites/tools/dav/davical.nix +++ b/virtual/modules/websites/tools/dav/davical.nix @@ -15,7 +15,6 @@ let cp -ra dba docs inc scripts tests $out ''; }; - # FIXME: e-mail sending davical = rec { config = assert checkEnv "NIXOPS_DAVICAL_DB_PASSWORD"; diff --git a/virtual/modules/websites/tools/db/default.nix b/virtual/modules/websites/tools/db/default.nix index 20f77c7..2a82bd6 100644 --- a/virtual/modules/websites/tools/db/default.nix +++ b/virtual/modules/websites/tools/db/default.nix @@ -9,7 +9,6 @@ in { }; config = lib.mkIf cfg.enable { - # FIXME: include it in vhostConf ? security.acme.certs."eldiron".extraDomains."db-1.immae.eu" = null; services.myWebsites.tools.modules = adminer.apache.modules; diff --git a/virtual/modules/websites/tools/diaspora/default.nix b/virtual/modules/websites/tools/diaspora/default.nix index 23670dc..8285d6c 100644 --- a/virtual/modules/websites/tools/diaspora/default.nix +++ b/virtual/modules/websites/tools/diaspora/default.nix @@ -11,8 +11,6 @@ in { }; config = lib.mkIf cfg.enable { - # FIXME: Can we use dynamic users from systemd? - # nixos/modules/misc/ids.nix ids.uids.diaspora = 398; ids.gids.diaspora = 398; @@ -63,8 +61,6 @@ in { unitConfig.RequiresMountsFor = diaspora.varDir; }; - # FIXME: initial sync - # FIXME: touch ${diaspora.varDir}/schedule.yml system.activationScripts.diaspora = { deps = [ "users" ]; text = '' @@ -81,7 +77,6 @@ in { services.myWebsites.tools.modules = [ "headers" "proxy" "proxy_http" "proxy_balancer" - # FIXME: probably only one balancer method is needed: "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat" ]; security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null; diff --git a/virtual/modules/websites/tools/diaspora/diaspora.nix b/virtual/modules/websites/tools/diaspora/diaspora.nix index 7880ac5..961e1f8 100644 --- a/virtual/modules/websites/tools/diaspora/diaspora.nix +++ b/virtual/modules/websites/tools/diaspora/diaspora.nix @@ -4,10 +4,6 @@ let name = "diaspora-env"; ruby = ruby_2_4; gemdir = ./.; - # FIXME: it fails if I don’t include all groups - #groups = [ "default" "postgresql" "production" "development" "test" ]; - # Had to remove them from gemset.nix, and remove mysql2 - # Also had to "ungroup" pg in Gemfile gemConfig = defaultGemConfig // { kostya-sigar = attrs: { buildInputs = with pkgs; [ pkgs.perl ]; diff --git a/virtual/modules/websites/tools/git/default.nix b/virtual/modules/websites/tools/git/default.nix index 0a63013..f53350e 100644 --- a/virtual/modules/websites/tools/git/default.nix +++ b/virtual/modules/websites/tools/git/default.nix @@ -10,7 +10,6 @@ in { }; config = lib.mkIf cfg.enable { - # FIXME: include it in vhostConf ? security.acme.certs."eldiron".extraDomains."git.immae.eu" = null; nixpkgs.config.packageOverrides = oldpkgs: rec { diff --git a/virtual/modules/websites/tools/git/mantisbt/mantisbt.nix b/virtual/modules/websites/tools/git/mantisbt/mantisbt.nix index 009c902..c1cb60d 100644 --- a/virtual/modules/websites/tools/git/mantisbt/mantisbt.nix +++ b/virtual/modules/websites/tools/git/mantisbt/mantisbt.nix @@ -1,6 +1,5 @@ { lib, checkEnv, writeText, stdenv, fetchurl, fetchedGithub }: let - # FIXME: check that source-integration and slack still work mantisbt = let plugins = { slack = stdenv.mkDerivation (fetchedGithub ./mantisbt-plugin-slack.json // rec { diff --git a/virtual/modules/websites/tools/mastodon/default.nix b/virtual/modules/websites/tools/mastodon/default.nix index d25a072..25a389b 100644 --- a/virtual/modules/websites/tools/mastodon/default.nix +++ b/virtual/modules/websites/tools/mastodon/default.nix @@ -11,8 +11,6 @@ in { }; config = lib.mkIf cfg.enable { - # FIXME: Can we use dynamic users from systemd? - # nixos/modules/misc/ids.nix ids.uids.mastodon = 399; ids.gids.mastodon = 399; @@ -96,7 +94,6 @@ in { unitConfig.RequiresMountsFor = mastodon.varDir; }; - # FIXME: monitor jobs systemd.services.mastodon-sidekiq = { description = "Mastodon Sidekiq"; wantedBy = [ "multi-user.target" ]; @@ -124,7 +121,6 @@ in { unitConfig.RequiresMountsFor = mastodon.varDir; }; - # FIXME: initial sync system.activationScripts.mastodon = { deps = [ "users" ]; text = '' @@ -135,7 +131,6 @@ in { services.myWebsites.tools.modules = [ "headers" "proxy" "proxy_wstunnel" "proxy_http" "proxy_balancer" - # FIXME: probably only one balancer method is needed: "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat" ]; security.acme.certs."eldiron".extraDomains."mastodon.immae.eu" = null; diff --git a/virtual/modules/websites/tools/mastodon/mastodon.nix b/virtual/modules/websites/tools/mastodon/mastodon.nix index 9457a13..e948852 100644 --- a/virtual/modules/websites/tools/mastodon/mastodon.nix +++ b/virtual/modules/websites/tools/mastodon/mastodon.nix @@ -2,7 +2,6 @@ let varDir = "/var/lib/mastodon_immae"; socketsDir = "/run/mastodon"; - # FIXME: use gemsets and nodejs equivalent mastodon = stdenv.mkDerivation (fetchedGithub ./mastodon.json // rec { buildPhase = '' export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt diff --git a/virtual/modules/websites/tools/mediagoblin/default.nix b/virtual/modules/websites/tools/mediagoblin/default.nix index 388f6b3..99bdce1 100644 --- a/virtual/modules/websites/tools/mediagoblin/default.nix +++ b/virtual/modules/websites/tools/mediagoblin/default.nix @@ -11,8 +11,6 @@ in { }; config = lib.mkIf cfg.enable { - # FIXME: Can we use dynamic users from systemd? - # nixos/modules/misc/ids.nix ids.uids.mediagoblin = 397; ids.gids.mediagoblin = 397; @@ -89,8 +87,6 @@ in { unitConfig.RequiresMountsFor = mediagoblin.varDir; }; - # FIXME: background jobs and upload - # FIXME: initial sync system.activationScripts.mediagoblin = { deps = [ "users" ]; text = '' @@ -105,7 +101,6 @@ in { services.myWebsites.tools.modules = [ "proxy" "proxy_http" "proxy_balancer" - # FIXME: probably only one balancer method is needed: "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat" ]; users.users.wwwrun.extraGroups = [ "mediagoblin" ]; diff --git a/virtual/modules/websites/tools/tools/roundcubemail.nix b/virtual/modules/websites/tools/tools/roundcubemail.nix index 1aa2d87..e1653ae 100644 --- a/virtual/modules/websites/tools/tools/roundcubemail.nix +++ b/virtual/modules/websites/tools/tools/roundcubemail.nix @@ -4,7 +4,6 @@ let plugins = {}; in rec { varDir = "/var/lib/roundcubemail"; - # FIXME: initial sync activationScript = { deps = [ "wrappers" ]; text = '' @@ -14,7 +13,6 @@ let ''; }; config = - # FIXME: LOG_DESTINATION syslog? assert checkEnv "NIXOPS_ROUNDCUBEMAIL_PSQL_URL"; assert checkEnv "NIXOPS_ROUNDCUBEMAIL_SECRET"; writeText "config.php" '' diff --git a/virtual/modules/websites/tools/tools/ttrss.nix b/virtual/modules/websites/tools/tools/ttrss.nix index f7b0f61..2659afd 100644 --- a/virtual/modules/websites/tools/tools/ttrss.nix +++ b/virtual/modules/websites/tools/tools/ttrss.nix @@ -37,7 +37,6 @@ let }; in rec { varDir = "/var/lib/ttrss"; - # FIXME: initial sync activationScript = { deps = [ "wrappers" ]; text = '' @@ -54,7 +53,6 @@ let ''; }; config = - # FIXME: LOG_DESTINATION syslog? assert checkEnv "NIXOPS_TTRSS_DB_PASSWORD"; assert checkEnv "NIXOPS_TTRSS_LDAP_PASSWORD"; writeText "config.php" '' diff --git a/virtual/modules/websites/tools/tools/wallabag.nix b/virtual/modules/websites/tools/tools/wallabag.nix index 92787b8..0b54fff 100644 --- a/virtual/modules/websites/tools/tools/wallabag.nix +++ b/virtual/modules/websites/tools/tools/wallabag.nix @@ -103,7 +103,6 @@ let group = "wwwrun"; modules = [ "proxy_fcgi" ]; vhostConf = '' - # FIXME Alias /assets "${varDir}/assets" Alias /wallabag "${webRoot}"