aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--virtual/eldiron.nix7
-rw-r--r--virtual/modules/certificates.nix3
-rw-r--r--virtual/modules/databases/default.nix9
-rw-r--r--virtual/modules/gitolite/default.nix11
-rw-r--r--virtual/modules/websites/aten/aten.nix4
-rw-r--r--virtual/modules/websites/commons/stats.nix11
-rw-r--r--virtual/modules/websites/connexionswing/connexionswing.nix6
-rw-r--r--virtual/modules/websites/default.nix3
-rw-r--r--virtual/modules/websites/ludivine/ludivinecassal.nix7
-rw-r--r--virtual/modules/websites/piedsjaloux/piedsjaloux.nix11
-rw-r--r--virtual/modules/websites/tellesflorian/tellesflorian.nix4
-rw-r--r--virtual/modules/websites/tools/cloud/nextcloud.nix7
-rw-r--r--virtual/modules/websites/tools/dav/davical.nix1
-rw-r--r--virtual/modules/websites/tools/db/default.nix1
-rw-r--r--virtual/modules/websites/tools/diaspora/default.nix5
-rw-r--r--virtual/modules/websites/tools/diaspora/diaspora.nix4
-rw-r--r--virtual/modules/websites/tools/git/default.nix1
-rw-r--r--virtual/modules/websites/tools/git/mantisbt/mantisbt.nix1
-rw-r--r--virtual/modules/websites/tools/mastodon/default.nix5
-rw-r--r--virtual/modules/websites/tools/mastodon/mastodon.nix1
-rw-r--r--virtual/modules/websites/tools/mediagoblin/default.nix5
-rw-r--r--virtual/modules/websites/tools/tools/roundcubemail.nix2
-rw-r--r--virtual/modules/websites/tools/tools/ttrss.nix2
-rw-r--r--virtual/modules/websites/tools/tools/wallabag.nix1
24 files changed, 11 insertions, 101 deletions
diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix
index 8168abc..48266c8 100644
--- a/virtual/eldiron.nix
+++ b/virtual/eldiron.nix
@@ -4,13 +4,6 @@
4 enableRollback = true; 4 enableRollback = true;
5 }; 5 };
6 6
7 # FIXME: improve purity by enforcing sandbox = true in
8 # /etc/nix/nix.conf (need to do something about environment variables
9 # before)
10
11 # Full backup:
12 # The star after /var/lib/* avoids deleting all folders in case of problem
13 # rsync -e "ssh -i /root/.ssh/id_charon_vpn" -aAXvz --delete --numeric-ids --super --rsync-path="sudo rsync" /var/lib/* immae@immae.eu:
14 eldiron = { config, pkgs, mylibs, myconfig, ... }: 7 eldiron = { config, pkgs, mylibs, myconfig, ... }:
15 with mylibs; 8 with mylibs;
16 { 9 {
diff --git a/virtual/modules/certificates.nix b/virtual/modules/certificates.nix
index 09484e6..7fae729 100644
--- a/virtual/modules/certificates.nix
+++ b/virtual/modules/certificates.nix
@@ -15,12 +15,9 @@
15 }; 15 };
16 16
17 config = { 17 config = {
18 # FIXME: doesn't work with httpd?
19 security.acme.preliminarySelfsigned = true; 18 security.acme.preliminarySelfsigned = true;
20 19
21 security.acme.certs = { 20 security.acme.certs = {
22 # FIXME: /!\ To create a new certificate, create it before using
23 # it in httpd
24 "eldiron" = config.services.myCertificates.certConfig // { 21 "eldiron" = config.services.myCertificates.certConfig // {
25 domain = "eldiron.immae.eu"; 22 domain = "eldiron.immae.eu";
26 }; 23 };
diff --git a/virtual/modules/databases/default.nix b/virtual/modules/databases/default.nix
index b896428..e3a5612 100644
--- a/virtual/modules/databases/default.nix
+++ b/virtual/modules/databases/default.nix
@@ -57,18 +57,11 @@ in {
57 57
58 networking.firewall.allowedTCPPorts = [ 3306 5432 ]; 58 networking.firewall.allowedTCPPorts = [ 3306 5432 ];
59 59
60 # FIXME: initial sync
61 # FIXME: backup
62 # FIXME: restart after pam
63 # FIXME: pam access doesn’t work (because of php module)
64 # FIXME: ssl
65 services.mysql = rec { 60 services.mysql = rec {
66 enable = cfg.mariadb.enable; 61 enable = cfg.mariadb.enable;
67 package = pkgs.mariadb; 62 package = pkgs.mariadb;
68 }; 63 };
69 64
70 # Cannot use eldiron: psql complains too much rights on the key, and
71 # setfacl cannot work properly because of acme prestart script
72 security.acme.certs."postgresql" = config.services.myCertificates.certConfig // { 65 security.acme.certs."postgresql" = config.services.myCertificates.certConfig // {
73 user = "postgres"; 66 user = "postgres";
74 group = "postgres"; 67 group = "postgres";
@@ -83,7 +76,6 @@ in {
83 install -m 0755 -o postgres -g postgres -d /run/postgresql 76 install -m 0755 -o postgres -g postgres -d /run/postgresql
84 ''; 77 '';
85 78
86 # FIXME: initial sync
87 services.postgresql = rec { 79 services.postgresql = rec {
88 enable = cfg.postgresql.enable; 80 enable = cfg.postgresql.enable;
89 package = pkgs.postgresql; 81 package = pkgs.postgresql;
@@ -161,7 +153,6 @@ in {
161 } 153 }
162 ]; 154 ];
163 155
164 # FIXME: backup
165 # Diaspora: 15 156 # Diaspora: 15
166 # Nextcloud: 14 157 # Nextcloud: 14
167 # Mastodon: 13 158 # Mastodon: 13
diff --git a/virtual/modules/gitolite/default.nix b/virtual/modules/gitolite/default.nix
index 78691fa..b8ecb15 100644
--- a/virtual/modules/gitolite/default.nix
+++ b/virtual/modules/gitolite/default.nix
@@ -68,18 +68,9 @@ in {
68 [ 68 [
69 (pkgs.python3.withPackages python-packages) 69 (pkgs.python3.withPackages python-packages)
70 ]; 70 ];
71 # FIXME: after initial install, need to 71 # Installation: https://git.immae.eu/mantisbt/view.php?id=93
72 # (1) copy rc file (adjust gitolite_ldap_groups.sh)
73 # (2) (mark old readonly and) sync repos except gitolite-admin
74 # rsync -av --exclude=gitolite-admin.git old:/var/lib/gitolite/repositories /var/lib/gitolite/
75 # chown -R gitolite:gitolite /var/lib/gitolite
76 # (3) push force the gitolite-admin to new location (from external point)
77 # Don't use an existing key, it will take precedence over
78 # gitolite-admin
79 # (4) su -u gitolite gitolite setup
80 services.gitolite = { 72 services.gitolite = {
81 enable = true; 73 enable = true;
82 # FIXME: key from ./ssh
83 adminPubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXqRbiHw7QoHADNIEuo4nUT9fSOIEBMdJZH0bkQAxXyJFyCM1IMz0pxsHV0wu9tdkkr36bPEUj2aV5bkYLBN6nxcV2Y49X8bjOSCPfx3n6Own1h+NeZVBj4ZByrFmqCbTxUJIZ2bZKcWOFncML39VmWdsVhNjg0X4NBBehqXRIKr2gt3E/ESAxTYJFm0BnU0baciw9cN0bsRGqvFgf5h2P48CIAfwhVcGmPQnnAwabnosYQzRWxR0OygH5Kd8mePh6FheIRIigfXsDO8f/jdxwut8buvNIf3m5EBr3tUbTsvM+eV3M5vKGt7sk8T64DVtepTSdOOWtp+47ktsnHOMh immae@immae.eu"; 74 adminPubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXqRbiHw7QoHADNIEuo4nUT9fSOIEBMdJZH0bkQAxXyJFyCM1IMz0pxsHV0wu9tdkkr36bPEUj2aV5bkYLBN6nxcV2Y49X8bjOSCPfx3n6Own1h+NeZVBj4ZByrFmqCbTxUJIZ2bZKcWOFncML39VmWdsVhNjg0X4NBBehqXRIKr2gt3E/ESAxTYJFm0BnU0baciw9cN0bsRGqvFgf5h2P48CIAfwhVcGmPQnnAwabnosYQzRWxR0OygH5Kd8mePh6FheIRIigfXsDO8f/jdxwut8buvNIf3m5EBr3tUbTsvM+eV3M5vKGt7sk8T64DVtepTSdOOWtp+47ktsnHOMh immae@immae.eu";
84 }; 75 };
85 }; 76 };
diff --git a/virtual/modules/websites/aten/aten.nix b/virtual/modules/websites/aten/aten.nix
index d67f7b7..7eec525 100644
--- a/virtual/modules/websites/aten/aten.nix
+++ b/virtual/modules/websites/aten/aten.nix
@@ -92,10 +92,6 @@ let
92 ''; 92 '';
93 }; 93 };
94 webappDir = stdenv.mkDerivation (fetchedGitPrivate ./aten.json // rec { 94 webappDir = stdenv.mkDerivation (fetchedGitPrivate ./aten.json // rec {
95 # FIXME: can we do better than symlink?
96 # FIXME: initial sync
97 # FIXME: backup
98 # FIXME: usage statistics
99 buildPhase = '' 95 buildPhase = ''
100 export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt 96 export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
101 export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt 97 export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
diff --git a/virtual/modules/websites/commons/stats.nix b/virtual/modules/websites/commons/stats.nix
index a7ade3b..b5bf0e0 100644
--- a/virtual/modules/websites/commons/stats.nix
+++ b/virtual/modules/websites/commons/stats.nix
@@ -6,8 +6,12 @@ in {
6 services.myWebsites.commons.stats = { 6 services.myWebsites.commons.stats = {
7 enable = lib.mkEnableOption "enable statistics"; 7 enable = lib.mkEnableOption "enable statistics";
8 sites = lib.mkOption { 8 sites = lib.mkOption {
9 # FIXME: specify 9 type = lib.types.listOf (lib.types.submodule {
10 type = lib.types.listOf (lib.types.unspecified); 10 options = {
11 conf = lib.mkOption { type = lib.types.path; };
12 name = lib.mkOption { type = lib.types.string; };
13 };
14 });
11 default = []; 15 default = [];
12 description = "Sites to generate stats"; 16 description = "Sites to generate stats";
13 }; 17 };
@@ -51,13 +55,10 @@ in {
51 goaccess $TMPFILE --no-progress -o /var/lib/goaccess/${domain}/index.html -p ${conf} 55 goaccess $TMPFILE --no-progress -o /var/lib/goaccess/${domain}/index.html -p ${conf}
52 ''; 56 '';
53 in "${d}/bin/stats-${domain}"; 57 in "${d}/bin/stats-${domain}";
54 # FIXME: running several goaccess simultaneously seems to be
55 # bugged?
56 in 58 in
57 pkgs.lib.lists.imap0 (i: v: "${toString (i+5)} 0 * * * root ${stats v.name v.conf}") cfg.sites; 59 pkgs.lib.lists.imap0 (i: v: "${toString (i+5)} 0 * * * root ${stats v.name v.conf}") cfg.sites;
58 }; 60 };
59 61
60 # FIXME: initial sync
61 system.activationScripts.goaccess = '' 62 system.activationScripts.goaccess = ''
62 mkdir -p /var/lib/goaccess 63 mkdir -p /var/lib/goaccess
63 '' + 64 '' +
diff --git a/virtual/modules/websites/connexionswing/connexionswing.nix b/virtual/modules/websites/connexionswing/connexionswing.nix
index 90cca73..71f3c0b 100644
--- a/virtual/modules/websites/connexionswing/connexionswing.nix
+++ b/virtual/modules/websites/connexionswing/connexionswing.nix
@@ -4,7 +4,6 @@ let
4 varDir = "/var/lib/connexionswing_${environment}"; 4 varDir = "/var/lib/connexionswing_${environment}";
5 envName= lib.strings.toUpper environment; 5 envName= lib.strings.toUpper environment;
6 configRoot = 6 configRoot =
7 # FIXME: spool emails in prod for when immae.eu is down?
8 assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_PASSWORD"; 7 assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_PASSWORD";
9 assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_USER"; 8 assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_USER";
10 assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_NAME"; 9 assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_NAME";
@@ -149,11 +148,6 @@ let
149 ''; 148 '';
150 }; 149 };
151 webappDir = stdenv.mkDerivation (fetchedGitPrivate ./connexionswing.json // rec { 150 webappDir = stdenv.mkDerivation (fetchedGitPrivate ./connexionswing.json // rec {
152 # FIXME: can we do better than symlink?
153 # FIXME: imagick optional
154 # FIXME: initial sync
155 # FIXME: backup
156 # FIXME: replace with pkgs.phpPackages.composer
157 buildPhase = '' 151 buildPhase = ''
158 export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt 152 export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
159 export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt 153 export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
diff --git a/virtual/modules/websites/default.nix b/virtual/modules/websites/default.nix
index 4b1490b..cfd1f86 100644
--- a/virtual/modules/websites/default.nix
+++ b/virtual/modules/websites/default.nix
@@ -203,7 +203,6 @@ in
203 }; 203 };
204 ldap = { 204 ldap = {
205 modules = [ "ldap" "authnz_ldap" ]; 205 modules = [ "ldap" "authnz_ldap" ];
206 # FIXME: starttls
207 extraConfig = assert mylibs.checkEnv "NIXOPS_HTTP_LDAP_PASSWORD"; '' 206 extraConfig = assert mylibs.checkEnv "NIXOPS_HTTP_LDAP_PASSWORD"; ''
208 <IfModule ldap_module> 207 <IfModule ldap_module>
209 LDAPSharedCacheSize 500000 208 LDAPSharedCacheSize 500000
@@ -283,8 +282,6 @@ in
283 ''; 282 '';
284 }; 283 };
285 284
286 # FIXME: logrotate
287 # FIXME: ipv6
288 services.httpdProd = makeService "production" config.services.myWebsites.production; 285 services.httpdProd = makeService "production" config.services.myWebsites.production;
289 services.myWebsites.production.modules = pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig); 286 services.myWebsites.production.modules = pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig);
290 services.myWebsites.production.extraConfig = (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig)); 287 services.myWebsites.production.extraConfig = (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig));
diff --git a/virtual/modules/websites/ludivine/ludivinecassal.nix b/virtual/modules/websites/ludivine/ludivinecassal.nix
index 2d0217b..138ea9f 100644
--- a/virtual/modules/websites/ludivine/ludivinecassal.nix
+++ b/virtual/modules/websites/ludivine/ludivinecassal.nix
@@ -150,11 +150,8 @@ let
150 ''; 150 '';
151 }; 151 };
152 webappDir = stdenv.mkDerivation (fetchedGitPrivate ./ludivinecassal.json // rec { 152 webappDir = stdenv.mkDerivation (fetchedGitPrivate ./ludivinecassal.json // rec {
153 # FIXME: can we do better than symlink? 153 # /!\ miniatures and data need to be in the same dir due to a
154 # FIXME: initial sync 154 # bug in leapt.im (searches for data/../miniatures)
155 # FIXME: backup
156 # FIXME: miniatures and data need to be in the same dir due to a
157 # bug in leapt.im (searches for data/../miniatures)
158 buildPhase = '' 155 buildPhase = ''
159 export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt 156 export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
160 export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt 157 export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
diff --git a/virtual/modules/websites/piedsjaloux/piedsjaloux.nix b/virtual/modules/websites/piedsjaloux/piedsjaloux.nix
index 1c3d8b7..4bbf148 100644
--- a/virtual/modules/websites/piedsjaloux/piedsjaloux.nix
+++ b/virtual/modules/websites/piedsjaloux/piedsjaloux.nix
@@ -135,15 +135,8 @@ let
135 ''; 135 '';
136 }; 136 };
137 webappDir = stdenv.mkDerivation (fetchedGitPrivate ./piedsjaloux.json // rec { 137 webappDir = stdenv.mkDerivation (fetchedGitPrivate ./piedsjaloux.json // rec {
138 # FIXME: can we do better than symlink? 138 # /!\ miniatures and data need to be in the same dir due to a
139 # FIXME: initial sync 139 # bug in leapt.im (searches for data/../miniatures)
140 # FIXME: backup
141 # FIXME: miniatures and data need to be in the same dir due to a
142 # bug in leapt.im (searches for data/../miniatures)
143 # FIXME: var/bootstrap.php.cache doesn't get created
144 # (cannot work with var as a symlink since the file
145 # references ..)
146 # FIXME: configuration change should not trigger a rebuild
147 buildPhase = '' 140 buildPhase = ''
148 export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt 141 export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
149 export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt 142 export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
diff --git a/virtual/modules/websites/tellesflorian/tellesflorian.nix b/virtual/modules/websites/tellesflorian/tellesflorian.nix
index b6b9d4e..2191b31 100644
--- a/virtual/modules/websites/tellesflorian/tellesflorian.nix
+++ b/virtual/modules/websites/tellesflorian/tellesflorian.nix
@@ -5,7 +5,6 @@ let
5 varDir = "/var/lib/tellesflorian_${environment}"; 5 varDir = "/var/lib/tellesflorian_${environment}";
6 envName= lib.strings.toUpper environment; 6 envName= lib.strings.toUpper environment;
7 configRoot = 7 configRoot =
8 # FIXME: spool emails in prod for when immae.eu is down?
9 assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"; 8 assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD";
10 assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"; 9 assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER";
11 assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME"; 10 assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME";
@@ -141,9 +140,6 @@ let
141 ''; 140 '';
142 }; 141 };
143 webappDir = stdenv.mkDerivation (fetchedGitPrivate ./tellesflorian.json // rec { 142 webappDir = stdenv.mkDerivation (fetchedGitPrivate ./tellesflorian.json // rec {
144 # FIXME: can we do better than symlink?
145 # FIXME: initial sync
146 # FIXME: backup
147 buildPhase = '' 143 buildPhase = ''
148 export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt 144 export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
149 export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt 145 export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
diff --git a/virtual/modules/websites/tools/cloud/nextcloud.nix b/virtual/modules/websites/tools/cloud/nextcloud.nix
index 5849774..b9c8d04 100644
--- a/virtual/modules/websites/tools/cloud/nextcloud.nix
+++ b/virtual/modules/websites/tools/cloud/nextcloud.nix
@@ -1,8 +1,6 @@
1{ stdenv, fetchurl, checkEnv, writeText, lib, phpPackages, php }: 1{ stdenv, fetchurl, checkEnv, writeText, lib, phpPackages, php }:
2let 2let
3 nextcloud = let 3 nextcloud = let
4 # FIXME: initial sync
5 # FIXME: backup
6 buildApp = { appName, version, url, sha256, installPhase ? "mkdir -p $out && cp -R . $out/" }: 4 buildApp = { appName, version, url, sha256, installPhase ? "mkdir -p $out && cp -R . $out/" }:
7 stdenv.mkDerivation rec { 5 stdenv.mkDerivation rec {
8 name = "nextcloud-app-${appName}-${version}"; 6 name = "nextcloud-app-${appName}-${version}";
@@ -12,11 +10,6 @@ let
12 src = fetchurl { inherit url sha256; }; 10 src = fetchurl { inherit url sha256; };
13 }; 11 };
14 apps = { 12 apps = {
15 # FIXME: nextcloud complains that he cannot write into config
16 # directory when an app needs upgrade
17 # /!\ Attention, just changing the version number is not
18 # sufficient when the downloaded file doesn’t contain the version
19 # number in it, sha256 needs to be recomputed
20 audioplayer = buildApp rec { 13 audioplayer = buildApp rec {
21 appName = "audioplayer"; 14 appName = "audioplayer";
22 version = "2.5.0"; 15 version = "2.5.0";
diff --git a/virtual/modules/websites/tools/dav/davical.nix b/virtual/modules/websites/tools/dav/davical.nix
index 697bd60..cf528ad 100644
--- a/virtual/modules/websites/tools/dav/davical.nix
+++ b/virtual/modules/websites/tools/dav/davical.nix
@@ -15,7 +15,6 @@ let
15 cp -ra dba docs inc scripts tests $out 15 cp -ra dba docs inc scripts tests $out
16 ''; 16 '';
17 }; 17 };
18 # FIXME: e-mail sending
19 davical = rec { 18 davical = rec {
20 config = 19 config =
21 assert checkEnv "NIXOPS_DAVICAL_DB_PASSWORD"; 20 assert checkEnv "NIXOPS_DAVICAL_DB_PASSWORD";
diff --git a/virtual/modules/websites/tools/db/default.nix b/virtual/modules/websites/tools/db/default.nix
index 20f77c7..2a82bd6 100644
--- a/virtual/modules/websites/tools/db/default.nix
+++ b/virtual/modules/websites/tools/db/default.nix
@@ -9,7 +9,6 @@ in {
9 }; 9 };
10 10
11 config = lib.mkIf cfg.enable { 11 config = lib.mkIf cfg.enable {
12 # FIXME: include it in vhostConf ?
13 security.acme.certs."eldiron".extraDomains."db-1.immae.eu" = null; 12 security.acme.certs."eldiron".extraDomains."db-1.immae.eu" = null;
14 13
15 services.myWebsites.tools.modules = adminer.apache.modules; 14 services.myWebsites.tools.modules = adminer.apache.modules;
diff --git a/virtual/modules/websites/tools/diaspora/default.nix b/virtual/modules/websites/tools/diaspora/default.nix
index 23670dc..8285d6c 100644
--- a/virtual/modules/websites/tools/diaspora/default.nix
+++ b/virtual/modules/websites/tools/diaspora/default.nix
@@ -11,8 +11,6 @@ in {
11 }; 11 };
12 12
13 config = lib.mkIf cfg.enable { 13 config = lib.mkIf cfg.enable {
14 # FIXME: Can we use dynamic users from systemd?
15 # nixos/modules/misc/ids.nix
16 ids.uids.diaspora = 398; 14 ids.uids.diaspora = 398;
17 ids.gids.diaspora = 398; 15 ids.gids.diaspora = 398;
18 16
@@ -63,8 +61,6 @@ in {
63 unitConfig.RequiresMountsFor = diaspora.varDir; 61 unitConfig.RequiresMountsFor = diaspora.varDir;
64 }; 62 };
65 63
66 # FIXME: initial sync
67 # FIXME: touch ${diaspora.varDir}/schedule.yml
68 system.activationScripts.diaspora = { 64 system.activationScripts.diaspora = {
69 deps = [ "users" ]; 65 deps = [ "users" ];
70 text = '' 66 text = ''
@@ -81,7 +77,6 @@ in {
81 77
82 services.myWebsites.tools.modules = [ 78 services.myWebsites.tools.modules = [
83 "headers" "proxy" "proxy_http" "proxy_balancer" 79 "headers" "proxy" "proxy_http" "proxy_balancer"
84 # FIXME: probably only one balancer method is needed:
85 "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat" 80 "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat"
86 ]; 81 ];
87 security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null; 82 security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null;
diff --git a/virtual/modules/websites/tools/diaspora/diaspora.nix b/virtual/modules/websites/tools/diaspora/diaspora.nix
index 7880ac5..961e1f8 100644
--- a/virtual/modules/websites/tools/diaspora/diaspora.nix
+++ b/virtual/modules/websites/tools/diaspora/diaspora.nix
@@ -4,10 +4,6 @@ let
4 name = "diaspora-env"; 4 name = "diaspora-env";
5 ruby = ruby_2_4; 5 ruby = ruby_2_4;
6 gemdir = ./.; 6 gemdir = ./.;
7 # FIXME: it fails if I don’t include all groups
8 #groups = [ "default" "postgresql" "production" "development" "test" ];
9 # Had to remove them from gemset.nix, and remove mysql2
10 # Also had to "ungroup" pg in Gemfile
11 gemConfig = defaultGemConfig // { 7 gemConfig = defaultGemConfig // {
12 kostya-sigar = attrs: { 8 kostya-sigar = attrs: {
13 buildInputs = with pkgs; [ pkgs.perl ]; 9 buildInputs = with pkgs; [ pkgs.perl ];
diff --git a/virtual/modules/websites/tools/git/default.nix b/virtual/modules/websites/tools/git/default.nix
index 0a63013..f53350e 100644
--- a/virtual/modules/websites/tools/git/default.nix
+++ b/virtual/modules/websites/tools/git/default.nix
@@ -10,7 +10,6 @@ in {
10 }; 10 };
11 11
12 config = lib.mkIf cfg.enable { 12 config = lib.mkIf cfg.enable {
13 # FIXME: include it in vhostConf ?
14 security.acme.certs."eldiron".extraDomains."git.immae.eu" = null; 13 security.acme.certs."eldiron".extraDomains."git.immae.eu" = null;
15 14
16 nixpkgs.config.packageOverrides = oldpkgs: rec { 15 nixpkgs.config.packageOverrides = oldpkgs: rec {
diff --git a/virtual/modules/websites/tools/git/mantisbt/mantisbt.nix b/virtual/modules/websites/tools/git/mantisbt/mantisbt.nix
index 009c902..c1cb60d 100644
--- a/virtual/modules/websites/tools/git/mantisbt/mantisbt.nix
+++ b/virtual/modules/websites/tools/git/mantisbt/mantisbt.nix
@@ -1,6 +1,5 @@
1{ lib, checkEnv, writeText, stdenv, fetchurl, fetchedGithub }: 1{ lib, checkEnv, writeText, stdenv, fetchurl, fetchedGithub }:
2let 2let
3 # FIXME: check that source-integration and slack still work
4 mantisbt = let 3 mantisbt = let
5 plugins = { 4 plugins = {
6 slack = stdenv.mkDerivation (fetchedGithub ./mantisbt-plugin-slack.json // rec { 5 slack = stdenv.mkDerivation (fetchedGithub ./mantisbt-plugin-slack.json // rec {
diff --git a/virtual/modules/websites/tools/mastodon/default.nix b/virtual/modules/websites/tools/mastodon/default.nix
index d25a072..25a389b 100644
--- a/virtual/modules/websites/tools/mastodon/default.nix
+++ b/virtual/modules/websites/tools/mastodon/default.nix
@@ -11,8 +11,6 @@ in {
11 }; 11 };
12 12
13 config = lib.mkIf cfg.enable { 13 config = lib.mkIf cfg.enable {
14 # FIXME: Can we use dynamic users from systemd?
15 # nixos/modules/misc/ids.nix
16 ids.uids.mastodon = 399; 14 ids.uids.mastodon = 399;
17 ids.gids.mastodon = 399; 15 ids.gids.mastodon = 399;
18 16
@@ -96,7 +94,6 @@ in {
96 unitConfig.RequiresMountsFor = mastodon.varDir; 94 unitConfig.RequiresMountsFor = mastodon.varDir;
97 }; 95 };
98 96
99 # FIXME: monitor jobs
100 systemd.services.mastodon-sidekiq = { 97 systemd.services.mastodon-sidekiq = {
101 description = "Mastodon Sidekiq"; 98 description = "Mastodon Sidekiq";
102 wantedBy = [ "multi-user.target" ]; 99 wantedBy = [ "multi-user.target" ];
@@ -124,7 +121,6 @@ in {
124 unitConfig.RequiresMountsFor = mastodon.varDir; 121 unitConfig.RequiresMountsFor = mastodon.varDir;
125 }; 122 };
126 123
127 # FIXME: initial sync
128 system.activationScripts.mastodon = { 124 system.activationScripts.mastodon = {
129 deps = [ "users" ]; 125 deps = [ "users" ];
130 text = '' 126 text = ''
@@ -135,7 +131,6 @@ in {
135 131
136 services.myWebsites.tools.modules = [ 132 services.myWebsites.tools.modules = [
137 "headers" "proxy" "proxy_wstunnel" "proxy_http" "proxy_balancer" 133 "headers" "proxy" "proxy_wstunnel" "proxy_http" "proxy_balancer"
138 # FIXME: probably only one balancer method is needed:
139 "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat" 134 "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat"
140 ]; 135 ];
141 security.acme.certs."eldiron".extraDomains."mastodon.immae.eu" = null; 136 security.acme.certs."eldiron".extraDomains."mastodon.immae.eu" = null;
diff --git a/virtual/modules/websites/tools/mastodon/mastodon.nix b/virtual/modules/websites/tools/mastodon/mastodon.nix
index 9457a13..e948852 100644
--- a/virtual/modules/websites/tools/mastodon/mastodon.nix
+++ b/virtual/modules/websites/tools/mastodon/mastodon.nix
@@ -2,7 +2,6 @@
2let 2let
3 varDir = "/var/lib/mastodon_immae"; 3 varDir = "/var/lib/mastodon_immae";
4 socketsDir = "/run/mastodon"; 4 socketsDir = "/run/mastodon";
5 # FIXME: use gemsets and nodejs equivalent
6 mastodon = stdenv.mkDerivation (fetchedGithub ./mastodon.json // rec { 5 mastodon = stdenv.mkDerivation (fetchedGithub ./mastodon.json // rec {
7 buildPhase = '' 6 buildPhase = ''
8 export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt 7 export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
diff --git a/virtual/modules/websites/tools/mediagoblin/default.nix b/virtual/modules/websites/tools/mediagoblin/default.nix
index 388f6b3..99bdce1 100644
--- a/virtual/modules/websites/tools/mediagoblin/default.nix
+++ b/virtual/modules/websites/tools/mediagoblin/default.nix
@@ -11,8 +11,6 @@ in {
11 }; 11 };
12 12
13 config = lib.mkIf cfg.enable { 13 config = lib.mkIf cfg.enable {
14 # FIXME: Can we use dynamic users from systemd?
15 # nixos/modules/misc/ids.nix
16 ids.uids.mediagoblin = 397; 14 ids.uids.mediagoblin = 397;
17 ids.gids.mediagoblin = 397; 15 ids.gids.mediagoblin = 397;
18 16
@@ -89,8 +87,6 @@ in {
89 unitConfig.RequiresMountsFor = mediagoblin.varDir; 87 unitConfig.RequiresMountsFor = mediagoblin.varDir;
90 }; 88 };
91 89
92 # FIXME: background jobs and upload
93 # FIXME: initial sync
94 system.activationScripts.mediagoblin = { 90 system.activationScripts.mediagoblin = {
95 deps = [ "users" ]; 91 deps = [ "users" ];
96 text = '' 92 text = ''
@@ -105,7 +101,6 @@ in {
105 101
106 services.myWebsites.tools.modules = [ 102 services.myWebsites.tools.modules = [
107 "proxy" "proxy_http" "proxy_balancer" 103 "proxy" "proxy_http" "proxy_balancer"
108 # FIXME: probably only one balancer method is needed:
109 "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat" 104 "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat"
110 ]; 105 ];
111 users.users.wwwrun.extraGroups = [ "mediagoblin" ]; 106 users.users.wwwrun.extraGroups = [ "mediagoblin" ];
diff --git a/virtual/modules/websites/tools/tools/roundcubemail.nix b/virtual/modules/websites/tools/tools/roundcubemail.nix
index 1aa2d87..e1653ae 100644
--- a/virtual/modules/websites/tools/tools/roundcubemail.nix
+++ b/virtual/modules/websites/tools/tools/roundcubemail.nix
@@ -4,7 +4,6 @@ let
4 plugins = {}; 4 plugins = {};
5 in rec { 5 in rec {
6 varDir = "/var/lib/roundcubemail"; 6 varDir = "/var/lib/roundcubemail";
7 # FIXME: initial sync
8 activationScript = { 7 activationScript = {
9 deps = [ "wrappers" ]; 8 deps = [ "wrappers" ];
10 text = '' 9 text = ''
@@ -14,7 +13,6 @@ let
14 ''; 13 '';
15 }; 14 };
16 config = 15 config =
17 # FIXME: LOG_DESTINATION syslog?
18 assert checkEnv "NIXOPS_ROUNDCUBEMAIL_PSQL_URL"; 16 assert checkEnv "NIXOPS_ROUNDCUBEMAIL_PSQL_URL";
19 assert checkEnv "NIXOPS_ROUNDCUBEMAIL_SECRET"; 17 assert checkEnv "NIXOPS_ROUNDCUBEMAIL_SECRET";
20 writeText "config.php" '' 18 writeText "config.php" ''
diff --git a/virtual/modules/websites/tools/tools/ttrss.nix b/virtual/modules/websites/tools/tools/ttrss.nix
index f7b0f61..2659afd 100644
--- a/virtual/modules/websites/tools/tools/ttrss.nix
+++ b/virtual/modules/websites/tools/tools/ttrss.nix
@@ -37,7 +37,6 @@ let
37 }; 37 };
38 in rec { 38 in rec {
39 varDir = "/var/lib/ttrss"; 39 varDir = "/var/lib/ttrss";
40 # FIXME: initial sync
41 activationScript = { 40 activationScript = {
42 deps = [ "wrappers" ]; 41 deps = [ "wrappers" ];
43 text = '' 42 text = ''
@@ -54,7 +53,6 @@ let
54 ''; 53 '';
55 }; 54 };
56 config = 55 config =
57 # FIXME: LOG_DESTINATION syslog?
58 assert checkEnv "NIXOPS_TTRSS_DB_PASSWORD"; 56 assert checkEnv "NIXOPS_TTRSS_DB_PASSWORD";
59 assert checkEnv "NIXOPS_TTRSS_LDAP_PASSWORD"; 57 assert checkEnv "NIXOPS_TTRSS_LDAP_PASSWORD";
60 writeText "config.php" '' 58 writeText "config.php" ''
diff --git a/virtual/modules/websites/tools/tools/wallabag.nix b/virtual/modules/websites/tools/tools/wallabag.nix
index 92787b8..0b54fff 100644
--- a/virtual/modules/websites/tools/tools/wallabag.nix
+++ b/virtual/modules/websites/tools/tools/wallabag.nix
@@ -103,7 +103,6 @@ let
103 group = "wwwrun"; 103 group = "wwwrun";
104 modules = [ "proxy_fcgi" ]; 104 modules = [ "proxy_fcgi" ];
105 vhostConf = '' 105 vhostConf = ''
106 # FIXME
107 Alias /assets "${varDir}/assets" 106 Alias /assets "${varDir}/assets"
108 Alias /wallabag "${webRoot}" 107 Alias /wallabag "${webRoot}"
109 <Directory "${webRoot}"> 108 <Directory "${webRoot}">
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-15 11:10:32 +0000