Refactor websites.

This commit refactors websites into module per "vhost".

45 files changed, 261 insertions, 295 deletions

diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix
index cefef70..0970521 100644
--- a/virtual/eldiron.nix
+++ b/virtual/eldiron.nix
@@ -9,11 +9,6 @@
   # rsync -e "ssh -i /root/.ssh/id_charon_vpn" -aAXvz --delete --numeric-ids --super --rsync-path="sudo rsync" /var/lib/* immae@immae.eu:
   eldiron = { config, pkgs, mylibs, myconfig, ... }:
     with mylibs;
-    let
-        mypkgs = pkgs.callPackage ./packages.nix {
-          inherit checkEnv fetchedGit fetchedGithub;
-        };
-    in
   {
     _module.args = {
       mylibs = import ../libs.nix;
@@ -28,22 +23,20 @@
 
     imports = [
       ./modules/certificates.nix
-      ./modules/gitolite.nix
-      ./modules/gitweb
-      ./modules/databases.nix
+      ./modules/gitolite
+      ./modules/databases
       ./modules/websites
-      ./modules/websites/phpfpm
     ];
     services.myGitolite.enable = true;
-    services.myGitweb.enable = true;
     services.myDatabases.enable = true;
     services.myWebsites.production.enable = true;
     services.myWebsites.integration.enable = true;
+    services.myWebsites.tools.enable = true;
 
     networking = {
       firewall = {
         enable = true;
-        allowedTCPPorts = [ 22 9418 ];
+        allowedTCPPorts = [ 22 ];
       };
     };
 
@@ -67,74 +60,17 @@
       };
     };
 
-    environment.systemPackages = let
-      # FIXME: move it to nextcloud
-      occ = pkgs.writeScriptBin "nextcloud-occ" ''
-        #! ${pkgs.stdenv.shell}
-        cd ${mypkgs.nextcloud.webRoot}
-        NEXTCLOUD_CONFIG_DIR="${mypkgs.nextcloud.webRoot}/config" \
-          exec \
-          ${pkgs.php}/bin/php \
-          -c ${pkgs.php}/etc/php.ini \
-          occ $*
-        '';
-    in [
+    environment.systemPackages = [
       pkgs.telnet
       pkgs.htop
       pkgs.vim
-      occ
     ];
 
-    security.acme.certs."eldiron".extraDomains = {
-      "db-1.immae.eu" = null;
-      "tools.immae.eu" = null;
-      "cloud.immae.eu" = null;
-      "dav.immae.eu" = null;
-    };
-
     services.openssh.extraConfig = ''
       AuthorizedKeysCommand     /etc/ssh/ldap_authorized_keys
       AuthorizedKeysCommandUser nobody
       '';
 
-    services.ympd = mypkgs.ympd.config // { enable = false; };
-
-    services.myPhpfpm = {
-      phpPackage = pkgs.php;
-      phpOptions = ''
-        session.save_path = "/var/lib/php/sessions"
-        session.gc_maxlifetime = 60*60*24*15
-        session.cache_expire = 60*24*30
-        '';
-      extraConfig = ''
-        log_level = notice
-        '';
-      poolPhpConfigs = {
-        nextcloud = mypkgs.nextcloud.phpFpm.phpConfig;
-      };
-      poolConfigs = {
-        adminer = mypkgs.adminer.phpFpm.pool;
-        nextcloud = mypkgs.nextcloud.phpFpm.pool;
-        mantisbt = mypkgs.mantisbt.phpFpm.pool;
-        ttrss = mypkgs.ttrss.phpFpm.pool;
-        roundcubemail = mypkgs.roundcubemail.phpFpm.pool;
-        davical = mypkgs.davical.phpFpm.pool;
-      };
-    };
-
-    system.activationScripts = {
-      nextcloud = mypkgs.nextcloud.activationScript;
-      ttrss = mypkgs.ttrss.activationScript;
-      roundcubemail = mypkgs.roundcubemail.activationScript;
-      httpd = ''
-        install -d -m 0755 /var/lib/acme/acme-challenge
-        install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions
-        install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/adminer
-        install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/mantisbt
-        install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/davical
-        '';
-    };
-
     environment.etc."ssh/ldap_authorized_keys" = let
       ldap_authorized_keys =
         assert checkEnv "NIXOPS_SSHD_LDAP_PASSWORD";
@@ -155,19 +91,5 @@
       source = ldap_authorized_keys;
     };
 
-    systemd.services.tt-rss = {
-      description = "Tiny Tiny RSS feeds update daemon";
-      serviceConfig = {
-        User = "wwwrun";
-        ExecStart = "${pkgs.php}/bin/php ${mypkgs.ttrss.webRoot}/update.php --daemon";
-        StandardOutput = "syslog";
-        StandardError = "syslog";
-        PermissionsStartOnly = true;
-      };
-
-      wantedBy = [ "multi-user.target" ];
-      requires = ["postgresql.service"];
-      after = ["network.target" "postgresql.service"];
-    };
   };
 }
diff --git a/virtual/modules/databases.nix b/virtual/modules/databases/default.nix
index de4ace6..de4ace6 100644
--- a/virtual/modules/databases.nix
+++ b/virtual/modules/databases/default.nix
diff --git a/virtual/modules/postgresql_run_socket_path.patch b/virtual/modules/databases/postgresql_run_socket_path.patch
index b558c7b..b558c7b 100644
--- a/virtual/modules/postgresql_run_socket_path.patch
+++ b/virtual/modules/databases/postgresql_run_socket_path.patch
diff --git a/virtual/modules/gitolite.nix b/virtual/modules/gitolite/default.nix
index d6b9c79..78691fa 100644
--- a/virtual/modules/gitolite.nix
+++ b/virtual/modules/gitolite/default.nix
@@ -24,6 +24,8 @@ in {
       });
     };
 
+    networking.firewall.allowedTCPPorts = [ 9418 ];
+
     services.gitDaemon = {
       enable = true;
       user = "gitolite";
@@ -36,7 +38,7 @@ in {
       let
       gitolite_ldap_groups = mylibs.wrap {
         name = "gitolite_ldap_groups.sh";
-        file = ./gitolite/gitolite_ldap_groups.sh;
+        file = ./gitolite_ldap_groups.sh;
         vars = {
           LDAP_PASS = builtins.getEnv "NIXOPS_GITOLITE_LDAP_PASSWORD";
         };
diff --git a/virtual/modules/gitweb/default.nix b/virtual/modules/gitweb/default.nix
deleted file mode 100644
index 2a860ba..0000000
--- a/virtual/modules/gitweb/default.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{ lib, pkgs, config, mylibs, ... }:
-let
-    # FIXME: add buildbot
-    gitweb = pkgs.callPackage ./gitweb.nix { gitoliteDir = config.services.myGitolite.gitoliteDir; };
-    cfg = config.services.myGitweb;
-in {
-  options.services.myGitweb = {
-    enable = lib.mkEnableOption "my gitweb service";
-  };
-
-  config = lib.mkIf cfg.enable {
-    security.acme.certs."eldiron".extraDomains."git.immae.eu" = null;
-
-    nixpkgs.config.packageOverrides = oldpkgs: rec {
-      gitweb = oldpkgs.gitweb.overrideAttrs(old: {
-        installPhase = old.installPhase + ''
-          cp -r ${./theme} $out/gitweb-theme;
-          '';
-      });
-    };
-
-    services.myWebsites.tools.modules = gitweb.apache.modules;
-    services.myWebsites.tools.vhostConfs.git = {
-      certName    = "eldiron";
-      hosts       = ["git.immae.eu" ];
-      root        = gitweb.webRoot;
-      extraConfig = [ gitweb.apache.vhostConf ];
-    };
-  };
-}
diff --git a/virtual/packages/adminer.nix b/virtual/modules/websites/commons/adminer.nix
index 7094e45..7094e45 100644
--- a/virtual/packages/adminer.nix
+++ b/virtual/modules/websites/commons/adminer.nix
diff --git a/virtual/modules/websites/default.nix b/virtual/modules/websites/default.nix
index b027b81..6b31381 100644
--- a/virtual/modules/websites/default.nix
+++ b/virtual/modules/websites/default.nix
@@ -91,11 +91,18 @@ in
     ./aten
     ./piedsjaloux
     ./connexionswing
+    ./tools/db
+    ./tools/tools
+    ./tools/dav
+    ./tools/cloud
+    ./tools/git
     # built using:
     # sed -e "s/services\.httpd/services\.httpdProd/g" .nix-defexpr/channels/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix
     # And removed users / groups
     ./apache/httpd_prod.nix
     ./apache/httpd_inte.nix
+    # Adapted from base phpfpm
+    ./phpfpm
   ];
 
   options.services.myWebsites = {
@@ -155,6 +162,12 @@ in
       phpPackages = oldpkgs.php72Packages.override { inherit php; };
     };
 
+    services.myWebsites.tools.databases.enable = true;
+    services.myWebsites.tools.tools.enable = true;
+    services.myWebsites.tools.dav.enable = true;
+    services.myWebsites.tools.cloud.enable = true;
+    services.myWebsites.tools.git.enable = true;
+
     services.myWebsites.Chloe.production.enable = cfg.production.enable;
     services.myWebsites.Ludivine.production.enable = cfg.production.enable;
     services.myWebsites.Aten.production.enable = cfg.production.enable;
@@ -227,6 +240,28 @@ in
       };
     };
 
+    system.activationScripts = {
+      httpd = ''
+        install -d -m 0755 /var/lib/acme/acme-challenge
+        install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions
+        install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/adminer
+        install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/mantisbt
+        install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/davical
+        '';
+    };
+
+    services.myPhpfpm = {
+      phpPackage = pkgs.php;
+      phpOptions = ''
+        session.save_path = "/var/lib/php/sessions"
+        session.gc_maxlifetime = 60*60*24*15
+        session.cache_expire = 60*24*30
+        '';
+      extraConfig = ''
+        log_level = notice
+        '';
+    };
+
     # FIXME: logrotate
     # FIXME: ipv6
     services.httpdProd = makeService "production" config.services.myWebsites.production;
@@ -238,63 +273,7 @@ in
     services.myWebsites.integration.extraConfig = (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig));
 
     services.httpd = makeService "tools" config.services.myWebsites.tools;
-    services.myWebsites.tools.modules =
-      mypkgs.adminer.apache.modules ++
-      mypkgs.nextcloud.apache.modules ++
-      mypkgs.ympd.apache.modules ++
-      mypkgs.mantisbt.apache.modules ++
-      mypkgs.ttrss.apache.modules ++
-      mypkgs.roundcubemail.apache.modules ++
-      pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig);
+    services.myWebsites.tools.modules = pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig);
     services.myWebsites.tools.extraConfig = (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig));
-    # FIXME: move them all to separate modules
-    services.myWebsites.tools.vhostConfs.eldiron = {
-      certName    = "eldiron";
-      hosts       = ["eldiron.immae.eu" ];
-      root        = ../../www;
-      extraConfig = [ "DirectoryIndex index.htm" ];
-    };
-    services.myWebsites.tools.vhostConfs.db-1 = {
-      certName    = "eldiron";
-      hosts       = ["db-1.immae.eu" ];
-      root        = null;
-      extraConfig = [ mypkgs.adminer.apache.vhostConf ];
-    };
-    services.myWebsites.tools.vhostConfs.tools = {
-      certName    = "eldiron";
-      hosts       = ["tools.immae.eu" ];
-      root        = null;
-      extraConfig = [
-        mypkgs.adminer.apache.vhostConf
-        mypkgs.ympd.apache.vhostConf
-        mypkgs.ttrss.apache.vhostConf
-        mypkgs.roundcubemail.apache.vhostConf
-      ];
-    };
-    services.myWebsites.tools.vhostConfs.dav = {
-      certName    = "eldiron";
-      hosts       = ["dav.immae.eu" ];
-      root        = null;
-      extraConfig = [
-        mypkgs.infcloud.apache.vhostConf
-        mypkgs.davical.apache.vhostConf
-      ];
-    };
-    services.myWebsites.tools.vhostConfs.cloud = {
-      certName    = "eldiron";
-      hosts       = ["cloud.immae.eu" ];
-      root        = mypkgs.nextcloud.webRoot;
-      extraConfig = [
-        mypkgs.nextcloud.apache.vhostConf
-      ];
-    };
-    services.myWebsites.tools.vhostConfs.git.extraConfig = [
-      mypkgs.mantisbt.apache.vhostConf
-      ''
-        RewriteEngine on
-        RewriteCond %{REQUEST_URI}       ^/releases
-        RewriteRule /releases(.*)        https://release.immae.eu$1 [P,L]
-        ''
-    ];
   };
 }
diff --git a/virtual/modules/websites/tools/cloud/default.nix b/virtual/modules/websites/tools/cloud/default.nix
new file mode 100644
index 0000000..7dd5c6e
--- /dev/null
+++ b/virtual/modules/websites/tools/cloud/default.nix
@@ -0,0 +1,45 @@
+{ lib, pkgs, config, mylibs, ... }:
+let
+    nextcloud = pkgs.callPackage ./nextcloud.nix { inherit (mylibs) checkEnv; };
+
+    cfg = config.services.myWebsites.tools.cloud;
+in {
+  options.services.myWebsites.tools.cloud = {
+    enable = lib.mkEnableOption "enable cloud website";
+  };
+
+  config = lib.mkIf cfg.enable {
+    security.acme.certs."eldiron".extraDomains."cloud.immae.eu" = null;
+
+    services.myWebsites.tools.modules = nextcloud.apache.modules;
+
+    services.myWebsites.tools.vhostConfs.cloud = {
+      certName    = "eldiron";
+      hosts       = ["cloud.immae.eu" ];
+      root        = nextcloud.webRoot;
+      extraConfig = [
+        nextcloud.apache.vhostConf
+      ];
+    };
+
+    environment.systemPackages = let
+      occ = pkgs.writeScriptBin "nextcloud-occ" ''
+        #! ${pkgs.stdenv.shell}
+        cd ${nextcloud.webRoot}
+        NEXTCLOUD_CONFIG_DIR="${nextcloud.webRoot}/config" \
+          exec \
+          ${pkgs.php}/bin/php \
+          -c ${pkgs.php}/etc/php.ini \
+          occ $*
+        '';
+    in [ occ ];
+
+    system.activationScripts.nextcloud = nextcloud.activationScript;
+
+    services.myPhpfpm = {
+      poolPhpConfigs.nextcloud = nextcloud.phpFpm.phpConfig;
+      poolConfigs.nextcloud = nextcloud.phpFpm.pool;
+    };
+
+  };
+}
diff --git a/virtual/packages/nextcloud-config/mimetypealiases.json b/virtual/modules/websites/tools/cloud/nextcloud-config/mimetypealiases.json
index 3806e53..3806e53 100644
--- a/virtual/packages/nextcloud-config/mimetypealiases.json
+++ b/virtual/modules/websites/tools/cloud/nextcloud-config/mimetypealiases.json
diff --git a/virtual/packages/nextcloud-config/mimetypemapping.json b/virtual/modules/websites/tools/cloud/nextcloud-config/mimetypemapping.json
index 2db4691..2db4691 100644
--- a/virtual/packages/nextcloud-config/mimetypemapping.json
+++ b/virtual/modules/websites/tools/cloud/nextcloud-config/mimetypemapping.json
diff --git a/virtual/packages/nextcloud.nix b/virtual/modules/websites/tools/cloud/nextcloud.nix
index b8d8e59..b8d8e59 100644
--- a/virtual/packages/nextcloud.nix
+++ b/virtual/modules/websites/tools/cloud/nextcloud.nix
diff --git a/virtual/packages/davical.nix b/virtual/modules/websites/tools/dav/davical.nix
index f539ba6..697bd60 100644
--- a/virtual/packages/davical.nix
+++ b/virtual/modules/websites/tools/dav/davical.nix
@@ -96,6 +96,7 @@ let
     apache = {
       user = "wwwrun";
       group = "wwwrun";
+      modules = [ "proxy_fcgi" ];
       vhostConf = ''
         Alias /davical "${webRoot}"
         Alias /caldav.php  "${webRoot}/caldav.php"
diff --git a/virtual/packages/davical_19eb79ebf9250e5f339675319902458c40ed1755.patch b/virtual/modules/websites/tools/dav/davical_19eb79ebf9250e5f339675319902458c40ed1755.patch
index 2a08a5c..2a08a5c 100644
--- a/virtual/packages/davical_19eb79ebf9250e5f339675319902458c40ed1755.patch
+++ b/virtual/modules/websites/tools/dav/davical_19eb79ebf9250e5f339675319902458c40ed1755.patch
diff --git a/virtual/modules/websites/tools/dav/default.nix b/virtual/modules/websites/tools/dav/default.nix
new file mode 100644
index 0000000..201da38
--- /dev/null
+++ b/virtual/modules/websites/tools/dav/default.nix
@@ -0,0 +1,33 @@
+{ lib, pkgs, config, mylibs, ... }:
+let
+    infcloud = pkgs.callPackage ./infcloud.nix {};
+    davical = pkgs.callPackage ./davical.nix { inherit (mylibs) checkEnv; };
+
+    cfg = config.services.myWebsites.tools.dav;
+in {
+  options.services.myWebsites.tools.dav = {
+    enable = lib.mkEnableOption "enable dav website";
+  };
+
+  config = lib.mkIf cfg.enable {
+    security.acme.certs."eldiron".extraDomains."dav.immae.eu" = null;
+
+    services.myWebsites.tools.modules = davical.apache.modules;
+
+    services.myWebsites.tools.vhostConfs.dav = {
+      certName    = "eldiron";
+      hosts       = ["dav.immae.eu" ];
+      root        = null;
+      extraConfig = [
+        infcloud.apache.vhostConf
+        davical.apache.vhostConf
+      ];
+    };
+
+    services.myPhpfpm.poolConfigs = {
+      davical = davical.phpFpm.pool;
+    };
+
+  };
+}
+
diff --git a/virtual/packages/infcloud.nix b/virtual/modules/websites/tools/dav/infcloud.nix
index 876578b..876578b 100644
--- a/virtual/packages/infcloud.nix
+++ b/virtual/modules/websites/tools/dav/infcloud.nix
diff --git a/virtual/packages/infcloud_config.js b/virtual/modules/websites/tools/dav/infcloud_config.js
index ba73860..ba73860 100644
--- a/virtual/packages/infcloud_config.js
+++ b/virtual/modules/websites/tools/dav/infcloud_config.js
diff --git a/virtual/modules/websites/tools/db/default.nix b/virtual/modules/websites/tools/db/default.nix
new file mode 100644
index 0000000..20f77c7
--- /dev/null
+++ b/virtual/modules/websites/tools/db/default.nix
@@ -0,0 +1,23 @@
+{ lib, pkgs, config, mylibs, ... }:
+let
+    adminer = pkgs.callPackage ../../commons/adminer.nix {};
+
+    cfg = config.services.myWebsites.tools.databases;
+in {
+  options.services.myWebsites.tools.databases = {
+    enable = lib.mkEnableOption "enable database's website";
+  };
+
+  config = lib.mkIf cfg.enable {
+    # FIXME: include it in vhostConf ?
+    security.acme.certs."eldiron".extraDomains."db-1.immae.eu" = null;
+
+    services.myWebsites.tools.modules = adminer.apache.modules;
+    services.myWebsites.tools.vhostConfs.db-1 = {
+      certName    = "eldiron";
+      hosts       = ["db-1.immae.eu" ];
+      root        = null;
+      extraConfig = [ adminer.apache.vhostConf ];
+    };
+  };
+}
diff --git a/virtual/modules/websites/tools/git/default.nix b/virtual/modules/websites/tools/git/default.nix
new file mode 100644
index 0000000..0a63013
--- /dev/null
+++ b/virtual/modules/websites/tools/git/default.nix
@@ -0,0 +1,46 @@
+{ lib, pkgs, config, mylibs, ... }:
+let
+    mantisbt = pkgs.callPackage ./mantisbt/mantisbt.nix { inherit (mylibs) checkEnv fetchedGithub; };
+    gitweb = pkgs.callPackage ./gitweb/gitweb.nix { gitoliteDir = config.services.myGitolite.gitoliteDir; };
+
+    cfg = config.services.myWebsites.tools.git;
+in {
+  options.services.myWebsites.tools.git = {
+    enable = lib.mkEnableOption "enable git's website";
+  };
+
+  config = lib.mkIf cfg.enable {
+    # FIXME: include it in vhostConf ?
+    security.acme.certs."eldiron".extraDomains."git.immae.eu" = null;
+
+    nixpkgs.config.packageOverrides = oldpkgs: rec {
+      gitweb = oldpkgs.gitweb.overrideAttrs(old: {
+        installPhase = old.installPhase + ''
+          cp -r ${./gitweb/theme} $out/gitweb-theme;
+          '';
+      });
+    };
+
+    services.myWebsites.tools.modules =
+      gitweb.apache.modules ++
+      mantisbt.apache.modules;
+
+    services.myWebsites.tools.vhostConfs.git = {
+      certName    = "eldiron";
+      hosts       = ["git.immae.eu" ];
+      root        = gitweb.webRoot;
+      extraConfig = [
+        gitweb.apache.vhostConf
+        mantisbt.apache.vhostConf
+        ''
+          RewriteEngine on
+          RewriteCond %{REQUEST_URI}       ^/releases
+          RewriteRule /releases(.*)        https://release.immae.eu$1 [P,L]
+          ''
+      ];
+    };
+    services.myPhpfpm.poolConfigs = {
+      mantisbt = mantisbt.phpFpm.pool;
+    };
+  };
+}
diff --git a/virtual/modules/gitweb/gitweb.nix b/virtual/modules/websites/tools/git/gitweb/gitweb.nix
index 7b4dcac..7b4dcac 100644
--- a/virtual/modules/gitweb/gitweb.nix
+++ b/virtual/modules/websites/tools/git/gitweb/gitweb.nix
diff --git a/virtual/modules/gitweb/theme/git-favicon.png b/virtual/modules/websites/tools/git/gitweb/theme/git-favicon.png
index 4fa44bb..4fa44bb 100644
--- a/virtual/modules/gitweb/theme/git-favicon.png
+++ b/virtual/modules/websites/tools/git/gitweb/theme/git-favicon.png
diff --git a/virtual/modules/gitweb/theme/git-logo.png b/virtual/modules/websites/tools/git/gitweb/theme/git-logo.png
index fdaf7b7..fdaf7b7 100644
--- a/virtual/modules/gitweb/theme/git-logo.png
+++ b/virtual/modules/websites/tools/git/gitweb/theme/git-logo.png
diff --git a/virtual/modules/gitweb/theme/gitweb.css b/virtual/modules/websites/tools/git/gitweb/theme/gitweb.css
index 83e0742..83e0742 100644
--- a/virtual/modules/gitweb/theme/gitweb.css
+++ b/virtual/modules/websites/tools/git/gitweb/theme/gitweb.css
diff --git a/virtual/modules/gitweb/theme/gitweb.js b/virtual/modules/websites/tools/git/gitweb/theme/gitweb.js
index 72f3cfa..72f3cfa 100644
--- a/virtual/modules/gitweb/theme/gitweb.js
+++ b/virtual/modules/websites/tools/git/gitweb/theme/gitweb.js
diff --git a/virtual/packages/mantisbt-plugin-slack.json b/virtual/modules/websites/tools/git/mantisbt/mantisbt-plugin-slack.json
index 54ea38b..54ea38b 100644
--- a/virtual/packages/mantisbt-plugin-slack.json
+++ b/virtual/modules/websites/tools/git/mantisbt/mantisbt-plugin-slack.json
diff --git a/virtual/packages/mantisbt-plugin-source-integration.json b/virtual/modules/websites/tools/git/mantisbt/mantisbt-plugin-source-integration.json
index e36a68c..e36a68c 100644
--- a/virtual/packages/mantisbt-plugin-source-integration.json
+++ b/virtual/modules/websites/tools/git/mantisbt/mantisbt-plugin-source-integration.json
diff --git a/virtual/packages/mantisbt-plugin-source-integration_Source.API.php.diff b/virtual/modules/websites/tools/git/mantisbt/mantisbt-plugin-source-integration_Source.API.php.diff
index c355144..c355144 100644
--- a/virtual/packages/mantisbt-plugin-source-integration_Source.API.php.diff
+++ b/virtual/modules/websites/tools/git/mantisbt/mantisbt-plugin-source-integration_Source.API.php.diff
diff --git a/virtual/packages/mantisbt.nix b/virtual/modules/websites/tools/git/mantisbt/mantisbt.nix
index 335cb7d..009c902 100644
--- a/virtual/packages/mantisbt.nix
+++ b/virtual/modules/websites/tools/git/mantisbt/mantisbt.nix
@@ -64,10 +64,10 @@ let
         sha256 = "0jnrqz6r2hf53v0k1lh3il7hlfiphn61r9wgg6mzyywkjxwq07md";
       };
       patches = [
-        ./mantisbt-patches/bug_report.php.diff
-        ./mantisbt-patches/bug_report_page.php.diff
-        ./mantisbt-patches/bugnote_add.php.diff
-        ./mantisbt-patches/bugnote_add_inc.php.diff
+        ./patches/bug_report.php.diff
+        ./patches/bug_report_page.php.diff
+        ./patches/bugnote_add.php.diff
+        ./patches/bugnote_add_inc.php.diff
         ];
       installPhase = ''
         cp -a . $out
diff --git a/virtual/packages/mantisbt-patches/bug_report.php.diff b/virtual/modules/websites/tools/git/mantisbt/patches/bug_report.php.diff
index a520043..a520043 100644
--- a/virtual/packages/mantisbt-patches/bug_report.php.diff
+++ b/virtual/modules/websites/tools/git/mantisbt/patches/bug_report.php.diff
diff --git a/virtual/packages/mantisbt-patches/bug_report_page.php.diff b/virtual/modules/websites/tools/git/mantisbt/patches/bug_report_page.php.diff
index 80dea91..80dea91 100644
--- a/virtual/packages/mantisbt-patches/bug_report_page.php.diff
+++ b/virtual/modules/websites/tools/git/mantisbt/patches/bug_report_page.php.diff
diff --git a/virtual/packages/mantisbt-patches/bugnote_add.php.diff b/virtual/modules/websites/tools/git/mantisbt/patches/bugnote_add.php.diff
index 4509f0a..4509f0a 100644
--- a/virtual/packages/mantisbt-patches/bugnote_add.php.diff
+++ b/virtual/modules/websites/tools/git/mantisbt/patches/bugnote_add.php.diff
diff --git a/virtual/packages/mantisbt-patches/bugnote_add_inc.php.diff b/virtual/modules/websites/tools/git/mantisbt/patches/bugnote_add_inc.php.diff
index a8589c7..a8589c7 100644
--- a/virtual/packages/mantisbt-patches/bugnote_add_inc.php.diff
+++ b/virtual/modules/websites/tools/git/mantisbt/patches/bugnote_add_inc.php.diff
diff --git a/virtual/modules/websites/tools/tools/default.nix b/virtual/modules/websites/tools/tools/default.nix
new file mode 100644
index 0000000..f29ac11
--- /dev/null
+++ b/virtual/modules/websites/tools/tools/default.nix
@@ -0,0 +1,65 @@
+{ lib, pkgs, config, mylibs, ... }:
+let
+    adminer = pkgs.callPackage ../../commons/adminer.nix {};
+    ympd = pkgs.callPackage ./ympd.nix {};
+    ttrss = pkgs.callPackage ./ttrss.nix { inherit (mylibs) checkEnv fetchedGithub fetchedGit; };
+    roundcubemail = pkgs.callPackage ./roundcubemail.nix { inherit (mylibs) checkEnv; };
+
+    cfg = config.services.myWebsites.tools.tools;
+in {
+  options.services.myWebsites.tools.tools = {
+    enable = lib.mkEnableOption "enable tools website";
+  };
+
+  config = lib.mkIf cfg.enable {
+    security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
+
+    services.myWebsites.tools.modules =
+      adminer.apache.modules
+      ++ ympd.apache.modules
+      ++ ttrss.apache.modules
+      ++ roundcubemail.apache.modules;
+
+    services.ympd = ympd.config // { enable = false; };
+
+    services.myWebsites.tools.vhostConfs.tools = {
+      certName    = "eldiron";
+      hosts       = ["tools.immae.eu" ];
+      root        = null;
+      extraConfig = [
+        adminer.apache.vhostConf
+        ympd.apache.vhostConf
+        ttrss.apache.vhostConf
+        roundcubemail.apache.vhostConf
+      ];
+    };
+
+    services.myPhpfpm.poolConfigs = {
+      adminer = adminer.phpFpm.pool;
+      ttrss = ttrss.phpFpm.pool;
+      roundcubemail = roundcubemail.phpFpm.pool;
+    };
+
+    system.activationScripts = {
+      ttrss = ttrss.activationScript;
+      roundcubemail = roundcubemail.activationScript;
+    };
+
+    systemd.services.tt-rss = {
+      description = "Tiny Tiny RSS feeds update daemon";
+      serviceConfig = {
+        User = "wwwrun";
+        ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
+        StandardOutput = "syslog";
+        StandardError = "syslog";
+        PermissionsStartOnly = true;
+      };
+
+      wantedBy = [ "multi-user.target" ];
+      requires = ["postgresql.service"];
+      after = ["network.target" "postgresql.service"];
+    };
+
+  };
+}
+
diff --git a/virtual/packages/roundcubemail.nix b/virtual/modules/websites/tools/tools/roundcubemail.nix
index 1aa2d87..1aa2d87 100644
--- a/virtual/packages/roundcubemail.nix
+++ b/virtual/modules/websites/tools/tools/roundcubemail.nix
diff --git a/virtual/packages/tt-rss.json b/virtual/modules/websites/tools/tools/tt-rss.json
index e2731b0..e2731b0 100644
--- a/virtual/packages/tt-rss.json
+++ b/virtual/modules/websites/tools/tools/tt-rss.json
diff --git a/virtual/packages/ttrss-af-feedmod_type_replace.patch b/virtual/modules/websites/tools/tools/ttrss-af-feedmod_type_replace.patch
index d622577..d622577 100644
--- a/virtual/packages/ttrss-af-feedmod_type_replace.patch
+++ b/virtual/modules/websites/tools/tools/ttrss-af-feedmod_type_replace.patch
diff --git a/virtual/packages/ttrss-af_feedmod.json b/virtual/modules/websites/tools/tools/ttrss-af_feedmod.json
index e57fcce..e57fcce 100644
--- a/virtual/packages/ttrss-af_feedmod.json
+++ b/virtual/modules/websites/tools/tools/ttrss-af_feedmod.json
diff --git a/virtual/packages/ttrss-auth-ldap.json b/virtual/modules/websites/tools/tools/ttrss-auth-ldap.json
index c8aaab5..c8aaab5 100644
--- a/virtual/packages/ttrss-auth-ldap.json
+++ b/virtual/modules/websites/tools/tools/ttrss-auth-ldap.json
diff --git a/virtual/packages/ttrss-feediron.json b/virtual/modules/websites/tools/tools/ttrss-feediron.json
index 5dbec92..5dbec92 100644
--- a/virtual/packages/ttrss-feediron.json
+++ b/virtual/modules/websites/tools/tools/ttrss-feediron.json
diff --git a/virtual/packages/ttrss-feediron_json_reformat.patch b/virtual/modules/websites/tools/tools/ttrss-feediron_json_reformat.patch
index e1c44d9..e1c44d9 100644
--- a/virtual/packages/ttrss-feediron_json_reformat.patch
+++ b/virtual/modules/websites/tools/tools/ttrss-feediron_json_reformat.patch
diff --git a/virtual/packages/ttrss-ff_instagram.json b/virtual/modules/websites/tools/tools/ttrss-ff_instagram.json
index 1f241b9..1f241b9 100644
--- a/virtual/packages/ttrss-ff_instagram.json
+++ b/virtual/modules/websites/tools/tools/ttrss-ff_instagram.json
diff --git a/virtual/packages/ttrss-tumblr_gdpr_ua.json b/virtual/modules/websites/tools/tools/ttrss-tumblr_gdpr_ua.json
index eafbcfe..eafbcfe 100644
--- a/virtual/packages/ttrss-tumblr_gdpr_ua.json
+++ b/virtual/modules/websites/tools/tools/ttrss-tumblr_gdpr_ua.json
diff --git a/virtual/packages/ttrss.nix b/virtual/modules/websites/tools/tools/ttrss.nix
index f7b0f61..f7b0f61 100644
--- a/virtual/packages/ttrss.nix
+++ b/virtual/modules/websites/tools/tools/ttrss.nix
diff --git a/virtual/packages/ympd.nix b/virtual/modules/websites/tools/tools/ympd.nix
index 74bf2e5..74bf2e5 100644
--- a/virtual/packages/ympd.nix
+++ b/virtual/modules/websites/tools/tools/ympd.nix
diff --git a/virtual/packages.nix b/virtual/packages.nix
deleted file mode 100644
index 1f01ba7..0000000
--- a/virtual/packages.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ callPackage, checkEnv, fetchedGit, fetchedGithub }:
-let
-  nextcloud = callPackage ./packages/nextcloud.nix { inherit checkEnv; };
-  adminer = callPackage ./packages/adminer.nix {};
-  ympd = callPackage ./packages/ympd.nix {};
-  mantisbt = callPackage ./packages/mantisbt.nix { inherit checkEnv fetchedGithub; };
-  ttrss = callPackage ./packages/ttrss.nix { inherit checkEnv fetchedGithub fetchedGit; };
-  roundcubemail = callPackage ./packages/roundcubemail.nix { inherit checkEnv; };
-  infcloud = callPackage ./packages/infcloud.nix {};
-  davical = callPackage ./packages/davical.nix { inherit checkEnv; };
-in
-  {
-    inherit adminer;
-    inherit ympd;
-    inherit nextcloud;
-    inherit mantisbt;
-    inherit ttrss;
-    inherit roundcubemail;
-    inherit infcloud;
-    inherit davical;
-  }
diff --git a/virtual/packages/test_goaccess.conf b/virtual/packages/test_goaccess.conf
deleted file mode 100644
index d4f243a..0000000
--- a/virtual/packages/test_goaccess.conf
+++ /dev/null
@@ -1,99 +0,0 @@
-time-format %H:%M:%S
-date-format %d/%b/%Y
-
-#sur immae.eu
-#log-format %v %h %^[%d:%t %^] "%r" %s %b "%R" "%u" $^
-
-log-format VCOMBINED
-#= %v:%^ %h %^[%d:%t %^] "%r" %s %b "%R" "%u"
-
-html-prefs {"theme":"bright","layout":"vertical"}
-
-exclude-ip 188.165.209.148
-exclude-ip 178.33.252.96
-exclude-ip 2001:41d0:2:9c94::1
-exclude-ip 2001:41d0:2:9c94::
-exclude-ip 176.9.151.89
-exclude-ip 2a01:4f8:160:3445::
-exclude-ip 82.255.56.72
-
-no-query-string true
-
-keep-db-files true
-load-from-disk true
-db-path /var/lib/goaccess/cloud.immae.eu
-
-ignore-panel REFERRERS
-ignore-panel KEYPHRASES
-
-static-file .css
-static-file .js
-static-file .jpg
-static-file .png
-static-file .gif
-static-file .ico
-static-file .jpeg
-static-file .pdf
-static-file .csv
-static-file .mpeg
-static-file .mpg
-static-file .swf
-static-file .woff
-static-file .woff2
-static-file .xls
-static-file .xlsx
-static-file .doc
-static-file .docx
-static-file .ppt
-static-file .pptx
-static-file .txt
-static-file .zip
-static-file .ogg
-static-file .mp3
-static-file .mp4
-static-file .exe
-static-file .iso
-static-file .gz
-static-file .rar
-static-file .svg
-static-file .bmp
-static-file .tar
-static-file .tgz
-static-file .tiff
-static-file .tif
-static-file .ttf
-static-file .flv
-#static-file .less
-#static-file .ac3
-#static-file .avi
-#static-file .bz2
-#static-file .class
-#static-file .cue
-#static-file .dae
-#static-file .dat
-#static-file .dts
-#static-file .ejs
-#static-file .eot
-#static-file .eps
-#static-file .img
-#static-file .jar
-#static-file .map
-#static-file .mid
-#static-file .midi
-#static-file .ogv
-#static-file .webm
-#static-file .mkv
-#static-file .odp
-#static-file .ods
-#static-file .odt
-#static-file .otf
-#static-file .pict
-#static-file .pls
-#static-file .ps
-#static-file .qt
-#static-file .rm
-#static-file .svgz
-#static-file .wav
-#static-file .webp
-
-