Upgrade to latest nixos

14 files changed, 12 insertions, 60 deletions

diff --git a/modules/private/certificates.nix b/modules/private/certificates.nix
index c564d34..bbe4c3b 100644
--- a/modules/private/certificates.nix
+++ b/modules/private/certificates.nix
@@ -12,6 +12,7 @@
           (lib.optionalString config.services.httpd.Inte.enable "systemctl reload httpdInte.service")
           (lib.optionalString config.services.nginx.enable "systemctl reload nginx.service")
         ];
+        extraLegoRenewFlags = [ "--reuse-key" ];
       };
       description = "Default configuration for certificates";
     };
@@ -77,7 +78,7 @@
         # https://github.com/NixOS/nixpkgs/issues/84633
         serviceConfig.RemainAfterExit = lib.mkForce false;
         serviceConfig.WorkingDirectory = lib.mkForce "/var/lib/acme/${k}/.lego";
-        serviceConfig.StateDirectory = lib.mkForce "acme/${k}/.lego acme/${k}";
+        serviceConfig.StateDirectory = lib.mkForce "acme/${k}/.lego acme/${k} acme/.lego/${k} acme/.lego/accounts";
         serviceConfig.ExecStartPost =
           let
             keyName = builtins.replaceStrings ["*"] ["_"] data.domain;
diff --git a/modules/private/mail/sympa.nix b/modules/private/mail/sympa.nix
index 9bd5a57..669c710 100644
--- a/modules/private/mail/sympa.nix
+++ b/modules/private/mail/sympa.nix
@@ -83,7 +83,7 @@ in
           -F 2 \
           -P /run/sympa/wwsympa.pid \
           -s /run/sympa/wwsympa.socket \
-          -- ${pkgs.sympa}/bin/wwsympa.fcgi
+          -- ${pkgs.sympa}/lib/sympa/cgi/wwsympa.fcgi
         '';
         StateDirectory = "sympa";
         ProtectHome = true;
@@ -130,7 +130,7 @@ in
           args = [
             "flags=hqRu"
             "user=sympa"
-            "argv=${pkgs.sympa}/bin/queue"
+            "argv=${pkgs.sympa}/libexec/queue"
             "\${nexthop}"
           ];
         };
@@ -142,7 +142,7 @@ in
           args = [
             "flags=hqRu"
             "user=sympa"
-            "argv=${pkgs.sympa}/bin/bouncequeue"
+            "argv=${pkgs.sympa}/libexec/bouncequeue"
             "\${nexthop}"
           ];
         };
diff --git a/modules/private/websites/chloe/integration.nix b/modules/private/websites/chloe/integration.nix
index e07c5bb..ffae6ec 100644
--- a/modules/private/websites/chloe/integration.nix
+++ b/modules/private/websites/chloe/integration.nix
@@ -55,9 +55,6 @@ in {
         "pm.max_children" = "5";
         "pm.process_idle_timeout" = "60";
       };
-      phpOptions = config.services.phpfpm.phpOptions + ''
-        extension=${pkgs.php72}/lib/php/extensions/mysqli.so
-      '';
       phpPackage = pkgs.php72;
     };
     system.activationScripts.chloe_integration = {
diff --git a/modules/private/websites/chloe/production.nix b/modules/private/websites/chloe/production.nix
index 5cfc40c..b5233c6 100644
--- a/modules/private/websites/chloe/production.nix
+++ b/modules/private/websites/chloe/production.nix
@@ -59,9 +59,6 @@ in {
         "pm.min_spare_servers" = "1";
         "pm.max_spare_servers" = "3";
       };
-      phpOptions = config.services.phpfpm.phpOptions + ''
-        extension=${pkgs.php72}/lib/php/extensions/mysqli.so
-      '';
       phpPackage = pkgs.php72;
     };
     system.activationScripts.chloe_production = {
diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix
index 186a155..f192b3b 100644
--- a/modules/private/websites/default.nix
+++ b/modules/private/websites/default.nix
@@ -100,24 +100,6 @@ in
     users.users.wwwrun.extraGroups = [ "keys" ];
     networking.firewall.allowedTCPPorts = [ 80 443 ];
 
-    nixpkgs.overlays = [ (self: super: rec {
-      php72 = (super.php72.override {
-        config.php.mysqlnd = true;
-        config.php.mysqli = false;
-        config.php.mhash = true; # Is it needed?
-      }).overrideAttrs(old: rec {
-        # Didn't manage to build with mysqli + mysql_config connector
-        configureFlags = old.configureFlags ++ [
-          "--with-mysqli=shared,mysqlnd"
-          ];
-        # preConfigure = (old.preConfigure or "") + ''
-        #   export CPPFLAGS="$CPPFLAGS -I${pkgs.mariadb}/include/mysql/server";
-        #   sed -i -e 's/#include "mysqli_priv.h"/#include "mysqli_priv.h"\n#include <mysql_version.h>/' \
-        #     ext/mysqli/mysqli.c ext/mysqli/mysqli_prop.c
-        #   '';
-      });
-    }) ];
-
     secrets.keys = [{
       dest = "apache-ldap";
       user = "wwwrun";
diff --git a/modules/private/websites/isabelle/aten_app/default.nix b/modules/private/websites/isabelle/aten_app/default.nix
index 1f54ba2..ba98394 100644
--- a/modules/private/websites/isabelle/aten_app/default.nix
+++ b/modules/private/websites/isabelle/aten_app/default.nix
@@ -19,7 +19,7 @@ let
         postInstall = let
           nodeHeaders = fetchurl {
             url = "https://nodejs.org/download/release/v${nodejs.version}/node-v${nodejs.version}-headers.tar.gz";
-            sha256 = "1df3yhlwlvai0m9kvjyknjg11hnw0kj0rnhyzbwvsfjnmr6z8r76";
+            sha256 = "1prvrcvbyal39k9axfwjixs4wfgs1m8xy4prsl0kq0s0n7r7nxzj";
           };
         in
           ''
diff --git a/modules/private/websites/isabelle/iridologie.nix b/modules/private/websites/isabelle/iridologie.nix
index 740a3c6..5fa87ce 100644
--- a/modules/private/websites/isabelle/iridologie.nix
+++ b/modules/private/websites/isabelle/iridologie.nix
@@ -61,9 +61,6 @@ in {
         "pm.min_spare_servers" = "1";
         "pm.max_spare_servers" = "3";
       };
-      phpOptions = config.services.phpfpm.phpOptions + ''
-        extension=${pkgs.php72}/lib/php/extensions/mysqli.so
-      '';
       phpPackage = pkgs.php72;
     };
     system.activationScripts.isabelle_iridologie = {
diff --git a/modules/private/websites/jerome/naturaloutil.nix b/modules/private/websites/jerome/naturaloutil.nix
index fd853bc..95d7e78 100644
--- a/modules/private/websites/jerome/naturaloutil.nix
+++ b/modules/private/websites/jerome/naturaloutil.nix
@@ -61,9 +61,6 @@ in {
       phpEnv = {
         BDD_CONNECT = secretsPath;
       };
-      phpOptions = config.services.phpfpm.phpOptions + ''
-        extension=${pkgs.php72}/lib/php/extensions/mysqli.so
-        '';
       phpPackage = pkgs.php72;
     };
     services.websites.env.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ];
diff --git a/modules/private/websites/papa/maison_bbc.nix b/modules/private/websites/papa/maison_bbc.nix
index ec5673b..5fbc62f 100644
--- a/modules/private/websites/papa/maison_bbc.nix
+++ b/modules/private/websites/papa/maison_bbc.nix
@@ -25,8 +25,7 @@ in {
       };
       phpOptions = config.services.phpfpm.phpOptions + ''
         date.timezone = 'Europe/Paris'
-        extension=${pkgs.php72}/lib/php/extensions/mysqli.so
-        '';
+      '';
       phpPackage = pkgs.php72;
     };
 
diff --git a/modules/private/websites/richie/production.nix b/modules/private/websites/richie/production.nix
index 94c0ca0..d7da458 100644
--- a/modules/private/websites/richie/production.nix
+++ b/modules/private/websites/richie/production.nix
@@ -72,7 +72,6 @@ in
       };
       phpOptions = config.services.phpfpm.phpOptions + ''
         date.timezone = 'Europe/Paris'
-        extension=${pkgs.php72}/lib/php/extensions/mysqli.so
         '';
       phpPackage = pkgs.php72;
     };
diff --git a/modules/private/websites/telio_tortay/production.nix b/modules/private/websites/telio_tortay/production.nix
index 2338f91..16eca74 100644
--- a/modules/private/websites/telio_tortay/production.nix
+++ b/modules/private/websites/telio_tortay/production.nix
@@ -39,8 +39,7 @@ in {
       };
       phpOptions = config.services.phpfpm.phpOptions + ''
         disable_functions = "mail"
-        extension=${pkgs.php72}/lib/php/extensions/mysqli.so
-        '';
+      '';
       phpPackage = pkgs.php72;
     };
     services.websites.env.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ];
diff --git a/modules/private/websites/tools/cloud/default.nix b/modules/private/websites/tools/cloud/default.nix
index 73a837f..0c6bf0d 100644
--- a/modules/private/websites/tools/cloud/default.nix
+++ b/modules/private/websites/tools/cloud/default.nix
@@ -10,11 +10,6 @@ let
     basedir = builtins.concatStringsSep ":" (
       [ nextcloud varDir ]
       ++ builtins.attrValues pkgs.webapps.nextcloud-apps);
-    phpConfig = ''
-      extension=${pkgs.php72Packages.redis}/lib/php/extensions/redis.so
-      extension=${pkgs.php72Packages.apcu}/lib/php/extensions/apcu.so
-      zend_extension=${pkgs.php72}/lib/php/extensions/opcache.so
-      '';
     pool = {
       "listen.owner" = "wwwrun";
       "listen.group" = "wwwrun";
@@ -38,7 +33,7 @@ let
       "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:${basedir}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp";
       "php_admin_value[session.save_path]" = "${varDir}/phpSessions";
     };
-    phpPackage = pkgs.php72;
+    phpPackage = pkgs.php72.withExtensions(e: pkgs.php72.enabledExtensions ++ [ e.redis e.apcu e.opcache ]);
   };
 in {
   options.myServices.websites.tools.cloud = {
@@ -172,8 +167,7 @@ in {
       user = "wwwrun";
       group = "wwwrun";
       settings = phpFpm.pool;
-      phpOptions = config.services.phpfpm.phpOptions + phpFpm.phpConfig;
-      phpPackage = pkgs.php72;
+      phpPackage = pkgs.php72.withExtensions(e: pkgs.php72.enabledExtensions ++ [ e.redis e.apcu e.opcache ]);
     };
 
     services.cron = {
diff --git a/modules/private/websites/tools/mail/default.nix b/modules/private/websites/tools/mail/default.nix
index 217ef1a..7d7904f 100644
--- a/modules/private/websites/tools/mail/default.nix
+++ b/modules/private/websites/tools/mail/default.nix
@@ -64,9 +64,8 @@ in
       settings = roundcubemail.phpFpm.pool;
       phpOptions = config.services.phpfpm.phpOptions + ''
         date.timezone = 'CET'
-        extension=${pkgs.php72Packages.imagick}/lib/php/extensions/imagick.so
       '';
-      phpPackage = pkgs.php72;
+      phpPackage = pkgs.php72.withExtensions(e: pkgs.php72.enabledExtensions ++ [ e.imagick ]);
     };
     services.phpfpm.pools.rainloop = {
       user = "wwwrun";
diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix
index dcda15a..bffcf84 100644
--- a/modules/private/websites/tools/tools/default.nix
+++ b/modules/private/websites/tools/tools/default.nix
@@ -317,13 +317,7 @@ in {
 
           "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/devtools.immae.eu:/tmp";
         };
-        phpOptions = config.services.phpfpm.phpOptions + ''
-          extension=${pkgs.php72}/lib/php/extensions/mysqli.so
-          extension=${pkgs.php72Packages.redis}/lib/php/extensions/redis.so
-          extension=${pkgs.php72Packages.apcu}/lib/php/extensions/apcu.so
-          zend_extension=${pkgs.php72}/lib/php/extensions/opcache.so
-          '';
-        phpPackage = pkgs.php72;
+        phpPackage = pkgs.php72.withExtensions(e: pkgs.php72.enabledExtensions ++ [e.mysqli e.redis e.apcu e.opcache ]);
       };
       adminer = adminer.phpFpm;
       ttrss = {
@@ -361,9 +355,6 @@ in {
         group = "wwwrun";
         settings = dmarc-reports.phpFpm.pool;
         phpEnv = dmarc-reports.phpFpm.phpEnv;
-        phpOptions = config.services.phpfpm.phpOptions + ''
-          extension=${pkgs.php72}/lib/php/extensions/mysqli.so
-        '';
         phpPackage = pkgs.php72;
       };
       dokuwiki = {