diff options
Diffstat (limited to 'virtual/modules')
23 files changed, 11 insertions, 94 deletions
diff --git a/virtual/modules/certificates.nix b/virtual/modules/certificates.nix index 09484e6..7fae729 100644 --- a/virtual/modules/certificates.nix +++ b/virtual/modules/certificates.nix | |||
@@ -15,12 +15,9 @@ | |||
15 | }; | 15 | }; |
16 | 16 | ||
17 | config = { | 17 | config = { |
18 | # FIXME: doesn't work with httpd? | ||
19 | security.acme.preliminarySelfsigned = true; | 18 | security.acme.preliminarySelfsigned = true; |
20 | 19 | ||
21 | security.acme.certs = { | 20 | security.acme.certs = { |
22 | # FIXME: /!\ To create a new certificate, create it before using | ||
23 | # it in httpd | ||
24 | "eldiron" = config.services.myCertificates.certConfig // { | 21 | "eldiron" = config.services.myCertificates.certConfig // { |
25 | domain = "eldiron.immae.eu"; | 22 | domain = "eldiron.immae.eu"; |
26 | }; | 23 | }; |
diff --git a/virtual/modules/databases/default.nix b/virtual/modules/databases/default.nix index b896428..e3a5612 100644 --- a/virtual/modules/databases/default.nix +++ b/virtual/modules/databases/default.nix | |||
@@ -57,18 +57,11 @@ in { | |||
57 | 57 | ||
58 | networking.firewall.allowedTCPPorts = [ 3306 5432 ]; | 58 | networking.firewall.allowedTCPPorts = [ 3306 5432 ]; |
59 | 59 | ||
60 | # FIXME: initial sync | ||
61 | # FIXME: backup | ||
62 | # FIXME: restart after pam | ||
63 | # FIXME: pam access doesn’t work (because of php module) | ||
64 | # FIXME: ssl | ||
65 | services.mysql = rec { | 60 | services.mysql = rec { |
66 | enable = cfg.mariadb.enable; | 61 | enable = cfg.mariadb.enable; |
67 | package = pkgs.mariadb; | 62 | package = pkgs.mariadb; |
68 | }; | 63 | }; |
69 | 64 | ||
70 | # Cannot use eldiron: psql complains too much rights on the key, and | ||
71 | # setfacl cannot work properly because of acme prestart script | ||
72 | security.acme.certs."postgresql" = config.services.myCertificates.certConfig // { | 65 | security.acme.certs."postgresql" = config.services.myCertificates.certConfig // { |
73 | user = "postgres"; | 66 | user = "postgres"; |
74 | group = "postgres"; | 67 | group = "postgres"; |
@@ -83,7 +76,6 @@ in { | |||
83 | install -m 0755 -o postgres -g postgres -d /run/postgresql | 76 | install -m 0755 -o postgres -g postgres -d /run/postgresql |
84 | ''; | 77 | ''; |
85 | 78 | ||
86 | # FIXME: initial sync | ||
87 | services.postgresql = rec { | 79 | services.postgresql = rec { |
88 | enable = cfg.postgresql.enable; | 80 | enable = cfg.postgresql.enable; |
89 | package = pkgs.postgresql; | 81 | package = pkgs.postgresql; |
@@ -161,7 +153,6 @@ in { | |||
161 | } | 153 | } |
162 | ]; | 154 | ]; |
163 | 155 | ||
164 | # FIXME: backup | ||
165 | # Diaspora: 15 | 156 | # Diaspora: 15 |
166 | # Nextcloud: 14 | 157 | # Nextcloud: 14 |
167 | # Mastodon: 13 | 158 | # Mastodon: 13 |
diff --git a/virtual/modules/gitolite/default.nix b/virtual/modules/gitolite/default.nix index 78691fa..b8ecb15 100644 --- a/virtual/modules/gitolite/default.nix +++ b/virtual/modules/gitolite/default.nix | |||
@@ -68,18 +68,9 @@ in { | |||
68 | [ | 68 | [ |
69 | (pkgs.python3.withPackages python-packages) | 69 | (pkgs.python3.withPackages python-packages) |
70 | ]; | 70 | ]; |
71 | # FIXME: after initial install, need to | 71 | # Installation: https://git.immae.eu/mantisbt/view.php?id=93 |
72 | # (1) copy rc file (adjust gitolite_ldap_groups.sh) | ||
73 | # (2) (mark old readonly and) sync repos except gitolite-admin | ||
74 | # rsync -av --exclude=gitolite-admin.git old:/var/lib/gitolite/repositories /var/lib/gitolite/ | ||
75 | # chown -R gitolite:gitolite /var/lib/gitolite | ||
76 | # (3) push force the gitolite-admin to new location (from external point) | ||
77 | # Don't use an existing key, it will take precedence over | ||
78 | # gitolite-admin | ||
79 | # (4) su -u gitolite gitolite setup | ||
80 | services.gitolite = { | 72 | services.gitolite = { |
81 | enable = true; | 73 | enable = true; |
82 | # FIXME: key from ./ssh | ||
83 | adminPubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXqRbiHw7QoHADNIEuo4nUT9fSOIEBMdJZH0bkQAxXyJFyCM1IMz0pxsHV0wu9tdkkr36bPEUj2aV5bkYLBN6nxcV2Y49X8bjOSCPfx3n6Own1h+NeZVBj4ZByrFmqCbTxUJIZ2bZKcWOFncML39VmWdsVhNjg0X4NBBehqXRIKr2gt3E/ESAxTYJFm0BnU0baciw9cN0bsRGqvFgf5h2P48CIAfwhVcGmPQnnAwabnosYQzRWxR0OygH5Kd8mePh6FheIRIigfXsDO8f/jdxwut8buvNIf3m5EBr3tUbTsvM+eV3M5vKGt7sk8T64DVtepTSdOOWtp+47ktsnHOMh immae@immae.eu"; | 74 | adminPubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXqRbiHw7QoHADNIEuo4nUT9fSOIEBMdJZH0bkQAxXyJFyCM1IMz0pxsHV0wu9tdkkr36bPEUj2aV5bkYLBN6nxcV2Y49X8bjOSCPfx3n6Own1h+NeZVBj4ZByrFmqCbTxUJIZ2bZKcWOFncML39VmWdsVhNjg0X4NBBehqXRIKr2gt3E/ESAxTYJFm0BnU0baciw9cN0bsRGqvFgf5h2P48CIAfwhVcGmPQnnAwabnosYQzRWxR0OygH5Kd8mePh6FheIRIigfXsDO8f/jdxwut8buvNIf3m5EBr3tUbTsvM+eV3M5vKGt7sk8T64DVtepTSdOOWtp+47ktsnHOMh immae@immae.eu"; |
84 | }; | 75 | }; |
85 | }; | 76 | }; |
diff --git a/virtual/modules/websites/aten/aten.nix b/virtual/modules/websites/aten/aten.nix index d67f7b7..7eec525 100644 --- a/virtual/modules/websites/aten/aten.nix +++ b/virtual/modules/websites/aten/aten.nix | |||
@@ -92,10 +92,6 @@ let | |||
92 | ''; | 92 | ''; |
93 | }; | 93 | }; |
94 | webappDir = stdenv.mkDerivation (fetchedGitPrivate ./aten.json // rec { | 94 | webappDir = stdenv.mkDerivation (fetchedGitPrivate ./aten.json // rec { |
95 | # FIXME: can we do better than symlink? | ||
96 | # FIXME: initial sync | ||
97 | # FIXME: backup | ||
98 | # FIXME: usage statistics | ||
99 | buildPhase = '' | 95 | buildPhase = '' |
100 | export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt | 96 | export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt |
101 | export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt | 97 | export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt |
diff --git a/virtual/modules/websites/commons/stats.nix b/virtual/modules/websites/commons/stats.nix index a7ade3b..b5bf0e0 100644 --- a/virtual/modules/websites/commons/stats.nix +++ b/virtual/modules/websites/commons/stats.nix | |||
@@ -6,8 +6,12 @@ in { | |||
6 | services.myWebsites.commons.stats = { | 6 | services.myWebsites.commons.stats = { |
7 | enable = lib.mkEnableOption "enable statistics"; | 7 | enable = lib.mkEnableOption "enable statistics"; |
8 | sites = lib.mkOption { | 8 | sites = lib.mkOption { |
9 | # FIXME: specify | 9 | type = lib.types.listOf (lib.types.submodule { |
10 | type = lib.types.listOf (lib.types.unspecified); | 10 | options = { |
11 | conf = lib.mkOption { type = lib.types.path; }; | ||
12 | name = lib.mkOption { type = lib.types.string; }; | ||
13 | }; | ||
14 | }); | ||
11 | default = []; | 15 | default = []; |
12 | description = "Sites to generate stats"; | 16 | description = "Sites to generate stats"; |
13 | }; | 17 | }; |
@@ -51,13 +55,10 @@ in { | |||
51 | goaccess $TMPFILE --no-progress -o /var/lib/goaccess/${domain}/index.html -p ${conf} | 55 | goaccess $TMPFILE --no-progress -o /var/lib/goaccess/${domain}/index.html -p ${conf} |
52 | ''; | 56 | ''; |
53 | in "${d}/bin/stats-${domain}"; | 57 | in "${d}/bin/stats-${domain}"; |
54 | # FIXME: running several goaccess simultaneously seems to be | ||
55 | # bugged? | ||
56 | in | 58 | in |
57 | pkgs.lib.lists.imap0 (i: v: "${toString (i+5)} 0 * * * root ${stats v.name v.conf}") cfg.sites; | 59 | pkgs.lib.lists.imap0 (i: v: "${toString (i+5)} 0 * * * root ${stats v.name v.conf}") cfg.sites; |
58 | }; | 60 | }; |
59 | 61 | ||
60 | # FIXME: initial sync | ||
61 | system.activationScripts.goaccess = '' | 62 | system.activationScripts.goaccess = '' |
62 | mkdir -p /var/lib/goaccess | 63 | mkdir -p /var/lib/goaccess |
63 | '' + | 64 | '' + |
diff --git a/virtual/modules/websites/connexionswing/connexionswing.nix b/virtual/modules/websites/connexionswing/connexionswing.nix index 90cca73..71f3c0b 100644 --- a/virtual/modules/websites/connexionswing/connexionswing.nix +++ b/virtual/modules/websites/connexionswing/connexionswing.nix | |||
@@ -4,7 +4,6 @@ let | |||
4 | varDir = "/var/lib/connexionswing_${environment}"; | 4 | varDir = "/var/lib/connexionswing_${environment}"; |
5 | envName= lib.strings.toUpper environment; | 5 | envName= lib.strings.toUpper environment; |
6 | configRoot = | 6 | configRoot = |
7 | # FIXME: spool emails in prod for when immae.eu is down? | ||
8 | assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_PASSWORD"; | 7 | assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_PASSWORD"; |
9 | assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_USER"; | 8 | assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_USER"; |
10 | assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_NAME"; | 9 | assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_NAME"; |
@@ -149,11 +148,6 @@ let | |||
149 | ''; | 148 | ''; |
150 | }; | 149 | }; |
151 | webappDir = stdenv.mkDerivation (fetchedGitPrivate ./connexionswing.json // rec { | 150 | webappDir = stdenv.mkDerivation (fetchedGitPrivate ./connexionswing.json // rec { |
152 | # FIXME: can we do better than symlink? | ||
153 | # FIXME: imagick optional | ||
154 | # FIXME: initial sync | ||
155 | # FIXME: backup | ||
156 | # FIXME: replace with pkgs.phpPackages.composer | ||
157 | buildPhase = '' | 151 | buildPhase = '' |
158 | export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt | 152 | export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt |
159 | export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt | 153 | export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt |
diff --git a/virtual/modules/websites/default.nix b/virtual/modules/websites/default.nix index 4b1490b..cfd1f86 100644 --- a/virtual/modules/websites/default.nix +++ b/virtual/modules/websites/default.nix | |||
@@ -203,7 +203,6 @@ in | |||
203 | }; | 203 | }; |
204 | ldap = { | 204 | ldap = { |
205 | modules = [ "ldap" "authnz_ldap" ]; | 205 | modules = [ "ldap" "authnz_ldap" ]; |
206 | # FIXME: starttls | ||
207 | extraConfig = assert mylibs.checkEnv "NIXOPS_HTTP_LDAP_PASSWORD"; '' | 206 | extraConfig = assert mylibs.checkEnv "NIXOPS_HTTP_LDAP_PASSWORD"; '' |
208 | <IfModule ldap_module> | 207 | <IfModule ldap_module> |
209 | LDAPSharedCacheSize 500000 | 208 | LDAPSharedCacheSize 500000 |
@@ -283,8 +282,6 @@ in | |||
283 | ''; | 282 | ''; |
284 | }; | 283 | }; |
285 | 284 | ||
286 | # FIXME: logrotate | ||
287 | # FIXME: ipv6 | ||
288 | services.httpdProd = makeService "production" config.services.myWebsites.production; | 285 | services.httpdProd = makeService "production" config.services.myWebsites.production; |
289 | services.myWebsites.production.modules = pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig); | 286 | services.myWebsites.production.modules = pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig); |
290 | services.myWebsites.production.extraConfig = (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig)); | 287 | services.myWebsites.production.extraConfig = (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig)); |
diff --git a/virtual/modules/websites/ludivine/ludivinecassal.nix b/virtual/modules/websites/ludivine/ludivinecassal.nix index 2d0217b..138ea9f 100644 --- a/virtual/modules/websites/ludivine/ludivinecassal.nix +++ b/virtual/modules/websites/ludivine/ludivinecassal.nix | |||
@@ -150,11 +150,8 @@ let | |||
150 | ''; | 150 | ''; |
151 | }; | 151 | }; |
152 | webappDir = stdenv.mkDerivation (fetchedGitPrivate ./ludivinecassal.json // rec { | 152 | webappDir = stdenv.mkDerivation (fetchedGitPrivate ./ludivinecassal.json // rec { |
153 | # FIXME: can we do better than symlink? | 153 | # /!\ miniatures and data need to be in the same dir due to a |
154 | # FIXME: initial sync | 154 | # bug in leapt.im (searches for data/../miniatures) |
155 | # FIXME: backup | ||
156 | # FIXME: miniatures and data need to be in the same dir due to a | ||
157 | # bug in leapt.im (searches for data/../miniatures) | ||
158 | buildPhase = '' | 155 | buildPhase = '' |
159 | export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt | 156 | export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt |
160 | export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt | 157 | export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt |
diff --git a/virtual/modules/websites/piedsjaloux/piedsjaloux.nix b/virtual/modules/websites/piedsjaloux/piedsjaloux.nix index 1c3d8b7..4bbf148 100644 --- a/virtual/modules/websites/piedsjaloux/piedsjaloux.nix +++ b/virtual/modules/websites/piedsjaloux/piedsjaloux.nix | |||
@@ -135,15 +135,8 @@ let | |||
135 | ''; | 135 | ''; |
136 | }; | 136 | }; |
137 | webappDir = stdenv.mkDerivation (fetchedGitPrivate ./piedsjaloux.json // rec { | 137 | webappDir = stdenv.mkDerivation (fetchedGitPrivate ./piedsjaloux.json // rec { |
138 | # FIXME: can we do better than symlink? | 138 | # /!\ miniatures and data need to be in the same dir due to a |
139 | # FIXME: initial sync | 139 | # bug in leapt.im (searches for data/../miniatures) |
140 | # FIXME: backup | ||
141 | # FIXME: miniatures and data need to be in the same dir due to a | ||
142 | # bug in leapt.im (searches for data/../miniatures) | ||
143 | # FIXME: var/bootstrap.php.cache doesn't get created | ||
144 | # (cannot work with var as a symlink since the file | ||
145 | # references ..) | ||
146 | # FIXME: configuration change should not trigger a rebuild | ||
147 | buildPhase = '' | 140 | buildPhase = '' |
148 | export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt | 141 | export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt |
149 | export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt | 142 | export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt |
diff --git a/virtual/modules/websites/tellesflorian/tellesflorian.nix b/virtual/modules/websites/tellesflorian/tellesflorian.nix index b6b9d4e..2191b31 100644 --- a/virtual/modules/websites/tellesflorian/tellesflorian.nix +++ b/virtual/modules/websites/tellesflorian/tellesflorian.nix | |||
@@ -5,7 +5,6 @@ let | |||
5 | varDir = "/var/lib/tellesflorian_${environment}"; | 5 | varDir = "/var/lib/tellesflorian_${environment}"; |
6 | envName= lib.strings.toUpper environment; | 6 | envName= lib.strings.toUpper environment; |
7 | configRoot = | 7 | configRoot = |
8 | # FIXME: spool emails in prod for when immae.eu is down? | ||
9 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"; | 8 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"; |
10 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"; | 9 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"; |
11 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME"; | 10 | assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME"; |
@@ -141,9 +140,6 @@ let | |||
141 | ''; | 140 | ''; |
142 | }; | 141 | }; |
143 | webappDir = stdenv.mkDerivation (fetchedGitPrivate ./tellesflorian.json // rec { | 142 | webappDir = stdenv.mkDerivation (fetchedGitPrivate ./tellesflorian.json // rec { |
144 | # FIXME: can we do better than symlink? | ||
145 | # FIXME: initial sync | ||
146 | # FIXME: backup | ||
147 | buildPhase = '' | 143 | buildPhase = '' |
148 | export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt | 144 | export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt |
149 | export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt | 145 | export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt |
diff --git a/virtual/modules/websites/tools/cloud/nextcloud.nix b/virtual/modules/websites/tools/cloud/nextcloud.nix index 5849774..b9c8d04 100644 --- a/virtual/modules/websites/tools/cloud/nextcloud.nix +++ b/virtual/modules/websites/tools/cloud/nextcloud.nix | |||
@@ -1,8 +1,6 @@ | |||
1 | { stdenv, fetchurl, checkEnv, writeText, lib, phpPackages, php }: | 1 | { stdenv, fetchurl, checkEnv, writeText, lib, phpPackages, php }: |
2 | let | 2 | let |
3 | nextcloud = let | 3 | nextcloud = let |
4 | # FIXME: initial sync | ||
5 | # FIXME: backup | ||
6 | buildApp = { appName, version, url, sha256, installPhase ? "mkdir -p $out && cp -R . $out/" }: | 4 | buildApp = { appName, version, url, sha256, installPhase ? "mkdir -p $out && cp -R . $out/" }: |
7 | stdenv.mkDerivation rec { | 5 | stdenv.mkDerivation rec { |
8 | name = "nextcloud-app-${appName}-${version}"; | 6 | name = "nextcloud-app-${appName}-${version}"; |
@@ -12,11 +10,6 @@ let | |||
12 | src = fetchurl { inherit url sha256; }; | 10 | src = fetchurl { inherit url sha256; }; |
13 | }; | 11 | }; |
14 | apps = { | 12 | apps = { |
15 | # FIXME: nextcloud complains that he cannot write into config | ||
16 | # directory when an app needs upgrade | ||
17 | # /!\ Attention, just changing the version number is not | ||
18 | # sufficient when the downloaded file doesn’t contain the version | ||
19 | # number in it, sha256 needs to be recomputed | ||
20 | audioplayer = buildApp rec { | 13 | audioplayer = buildApp rec { |
21 | appName = "audioplayer"; | 14 | appName = "audioplayer"; |
22 | version = "2.5.0"; | 15 | version = "2.5.0"; |
diff --git a/virtual/modules/websites/tools/dav/davical.nix b/virtual/modules/websites/tools/dav/davical.nix index 697bd60..cf528ad 100644 --- a/virtual/modules/websites/tools/dav/davical.nix +++ b/virtual/modules/websites/tools/dav/davical.nix | |||
@@ -15,7 +15,6 @@ let | |||
15 | cp -ra dba docs inc scripts tests $out | 15 | cp -ra dba docs inc scripts tests $out |
16 | ''; | 16 | ''; |
17 | }; | 17 | }; |
18 | # FIXME: e-mail sending | ||
19 | davical = rec { | 18 | davical = rec { |
20 | config = | 19 | config = |
21 | assert checkEnv "NIXOPS_DAVICAL_DB_PASSWORD"; | 20 | assert checkEnv "NIXOPS_DAVICAL_DB_PASSWORD"; |
diff --git a/virtual/modules/websites/tools/db/default.nix b/virtual/modules/websites/tools/db/default.nix index 20f77c7..2a82bd6 100644 --- a/virtual/modules/websites/tools/db/default.nix +++ b/virtual/modules/websites/tools/db/default.nix | |||
@@ -9,7 +9,6 @@ in { | |||
9 | }; | 9 | }; |
10 | 10 | ||
11 | config = lib.mkIf cfg.enable { | 11 | config = lib.mkIf cfg.enable { |
12 | # FIXME: include it in vhostConf ? | ||
13 | security.acme.certs."eldiron".extraDomains."db-1.immae.eu" = null; | 12 | security.acme.certs."eldiron".extraDomains."db-1.immae.eu" = null; |
14 | 13 | ||
15 | services.myWebsites.tools.modules = adminer.apache.modules; | 14 | services.myWebsites.tools.modules = adminer.apache.modules; |
diff --git a/virtual/modules/websites/tools/diaspora/default.nix b/virtual/modules/websites/tools/diaspora/default.nix index 23670dc..8285d6c 100644 --- a/virtual/modules/websites/tools/diaspora/default.nix +++ b/virtual/modules/websites/tools/diaspora/default.nix | |||
@@ -11,8 +11,6 @@ in { | |||
11 | }; | 11 | }; |
12 | 12 | ||
13 | config = lib.mkIf cfg.enable { | 13 | config = lib.mkIf cfg.enable { |
14 | # FIXME: Can we use dynamic users from systemd? | ||
15 | # nixos/modules/misc/ids.nix | ||
16 | ids.uids.diaspora = 398; | 14 | ids.uids.diaspora = 398; |
17 | ids.gids.diaspora = 398; | 15 | ids.gids.diaspora = 398; |
18 | 16 | ||
@@ -63,8 +61,6 @@ in { | |||
63 | unitConfig.RequiresMountsFor = diaspora.varDir; | 61 | unitConfig.RequiresMountsFor = diaspora.varDir; |
64 | }; | 62 | }; |
65 | 63 | ||
66 | # FIXME: initial sync | ||
67 | # FIXME: touch ${diaspora.varDir}/schedule.yml | ||
68 | system.activationScripts.diaspora = { | 64 | system.activationScripts.diaspora = { |
69 | deps = [ "users" ]; | 65 | deps = [ "users" ]; |
70 | text = '' | 66 | text = '' |
@@ -81,7 +77,6 @@ in { | |||
81 | 77 | ||
82 | services.myWebsites.tools.modules = [ | 78 | services.myWebsites.tools.modules = [ |
83 | "headers" "proxy" "proxy_http" "proxy_balancer" | 79 | "headers" "proxy" "proxy_http" "proxy_balancer" |
84 | # FIXME: probably only one balancer method is needed: | ||
85 | "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat" | 80 | "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat" |
86 | ]; | 81 | ]; |
87 | security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null; | 82 | security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null; |
diff --git a/virtual/modules/websites/tools/diaspora/diaspora.nix b/virtual/modules/websites/tools/diaspora/diaspora.nix index 7880ac5..961e1f8 100644 --- a/virtual/modules/websites/tools/diaspora/diaspora.nix +++ b/virtual/modules/websites/tools/diaspora/diaspora.nix | |||
@@ -4,10 +4,6 @@ let | |||
4 | name = "diaspora-env"; | 4 | name = "diaspora-env"; |
5 | ruby = ruby_2_4; | 5 | ruby = ruby_2_4; |
6 | gemdir = ./.; | 6 | gemdir = ./.; |
7 | # FIXME: it fails if I don’t include all groups | ||
8 | #groups = [ "default" "postgresql" "production" "development" "test" ]; | ||
9 | # Had to remove them from gemset.nix, and remove mysql2 | ||
10 | # Also had to "ungroup" pg in Gemfile | ||
11 | gemConfig = defaultGemConfig // { | 7 | gemConfig = defaultGemConfig // { |
12 | kostya-sigar = attrs: { | 8 | kostya-sigar = attrs: { |
13 | buildInputs = with pkgs; [ pkgs.perl ]; | 9 | buildInputs = with pkgs; [ pkgs.perl ]; |
diff --git a/virtual/modules/websites/tools/git/default.nix b/virtual/modules/websites/tools/git/default.nix index 0a63013..f53350e 100644 --- a/virtual/modules/websites/tools/git/default.nix +++ b/virtual/modules/websites/tools/git/default.nix | |||
@@ -10,7 +10,6 @@ in { | |||
10 | }; | 10 | }; |
11 | 11 | ||
12 | config = lib.mkIf cfg.enable { | 12 | config = lib.mkIf cfg.enable { |
13 | # FIXME: include it in vhostConf ? | ||
14 | security.acme.certs."eldiron".extraDomains."git.immae.eu" = null; | 13 | security.acme.certs."eldiron".extraDomains."git.immae.eu" = null; |
15 | 14 | ||
16 | nixpkgs.config.packageOverrides = oldpkgs: rec { | 15 | nixpkgs.config.packageOverrides = oldpkgs: rec { |
diff --git a/virtual/modules/websites/tools/git/mantisbt/mantisbt.nix b/virtual/modules/websites/tools/git/mantisbt/mantisbt.nix index 009c902..c1cb60d 100644 --- a/virtual/modules/websites/tools/git/mantisbt/mantisbt.nix +++ b/virtual/modules/websites/tools/git/mantisbt/mantisbt.nix | |||
@@ -1,6 +1,5 @@ | |||
1 | { lib, checkEnv, writeText, stdenv, fetchurl, fetchedGithub }: | 1 | { lib, checkEnv, writeText, stdenv, fetchurl, fetchedGithub }: |
2 | let | 2 | let |
3 | # FIXME: check that source-integration and slack still work | ||
4 | mantisbt = let | 3 | mantisbt = let |
5 | plugins = { | 4 | plugins = { |
6 | slack = stdenv.mkDerivation (fetchedGithub ./mantisbt-plugin-slack.json // rec { | 5 | slack = stdenv.mkDerivation (fetchedGithub ./mantisbt-plugin-slack.json // rec { |
diff --git a/virtual/modules/websites/tools/mastodon/default.nix b/virtual/modules/websites/tools/mastodon/default.nix index d25a072..25a389b 100644 --- a/virtual/modules/websites/tools/mastodon/default.nix +++ b/virtual/modules/websites/tools/mastodon/default.nix | |||
@@ -11,8 +11,6 @@ in { | |||
11 | }; | 11 | }; |
12 | 12 | ||
13 | config = lib.mkIf cfg.enable { | 13 | config = lib.mkIf cfg.enable { |
14 | # FIXME: Can we use dynamic users from systemd? | ||
15 | # nixos/modules/misc/ids.nix | ||
16 | ids.uids.mastodon = 399; | 14 | ids.uids.mastodon = 399; |
17 | ids.gids.mastodon = 399; | 15 | ids.gids.mastodon = 399; |
18 | 16 | ||
@@ -96,7 +94,6 @@ in { | |||
96 | unitConfig.RequiresMountsFor = mastodon.varDir; | 94 | unitConfig.RequiresMountsFor = mastodon.varDir; |
97 | }; | 95 | }; |
98 | 96 | ||
99 | # FIXME: monitor jobs | ||
100 | systemd.services.mastodon-sidekiq = { | 97 | systemd.services.mastodon-sidekiq = { |
101 | description = "Mastodon Sidekiq"; | 98 | description = "Mastodon Sidekiq"; |
102 | wantedBy = [ "multi-user.target" ]; | 99 | wantedBy = [ "multi-user.target" ]; |
@@ -124,7 +121,6 @@ in { | |||
124 | unitConfig.RequiresMountsFor = mastodon.varDir; | 121 | unitConfig.RequiresMountsFor = mastodon.varDir; |
125 | }; | 122 | }; |
126 | 123 | ||
127 | # FIXME: initial sync | ||
128 | system.activationScripts.mastodon = { | 124 | system.activationScripts.mastodon = { |
129 | deps = [ "users" ]; | 125 | deps = [ "users" ]; |
130 | text = '' | 126 | text = '' |
@@ -135,7 +131,6 @@ in { | |||
135 | 131 | ||
136 | services.myWebsites.tools.modules = [ | 132 | services.myWebsites.tools.modules = [ |
137 | "headers" "proxy" "proxy_wstunnel" "proxy_http" "proxy_balancer" | 133 | "headers" "proxy" "proxy_wstunnel" "proxy_http" "proxy_balancer" |
138 | # FIXME: probably only one balancer method is needed: | ||
139 | "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat" | 134 | "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat" |
140 | ]; | 135 | ]; |
141 | security.acme.certs."eldiron".extraDomains."mastodon.immae.eu" = null; | 136 | security.acme.certs."eldiron".extraDomains."mastodon.immae.eu" = null; |
diff --git a/virtual/modules/websites/tools/mastodon/mastodon.nix b/virtual/modules/websites/tools/mastodon/mastodon.nix index 9457a13..e948852 100644 --- a/virtual/modules/websites/tools/mastodon/mastodon.nix +++ b/virtual/modules/websites/tools/mastodon/mastodon.nix | |||
@@ -2,7 +2,6 @@ | |||
2 | let | 2 | let |
3 | varDir = "/var/lib/mastodon_immae"; | 3 | varDir = "/var/lib/mastodon_immae"; |
4 | socketsDir = "/run/mastodon"; | 4 | socketsDir = "/run/mastodon"; |
5 | # FIXME: use gemsets and nodejs equivalent | ||
6 | mastodon = stdenv.mkDerivation (fetchedGithub ./mastodon.json // rec { | 5 | mastodon = stdenv.mkDerivation (fetchedGithub ./mastodon.json // rec { |
7 | buildPhase = '' | 6 | buildPhase = '' |
8 | export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt | 7 | export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt |
diff --git a/virtual/modules/websites/tools/mediagoblin/default.nix b/virtual/modules/websites/tools/mediagoblin/default.nix index 388f6b3..99bdce1 100644 --- a/virtual/modules/websites/tools/mediagoblin/default.nix +++ b/virtual/modules/websites/tools/mediagoblin/default.nix | |||
@@ -11,8 +11,6 @@ in { | |||
11 | }; | 11 | }; |
12 | 12 | ||
13 | config = lib.mkIf cfg.enable { | 13 | config = lib.mkIf cfg.enable { |
14 | # FIXME: Can we use dynamic users from systemd? | ||
15 | # nixos/modules/misc/ids.nix | ||
16 | ids.uids.mediagoblin = 397; | 14 | ids.uids.mediagoblin = 397; |
17 | ids.gids.mediagoblin = 397; | 15 | ids.gids.mediagoblin = 397; |
18 | 16 | ||
@@ -89,8 +87,6 @@ in { | |||
89 | unitConfig.RequiresMountsFor = mediagoblin.varDir; | 87 | unitConfig.RequiresMountsFor = mediagoblin.varDir; |
90 | }; | 88 | }; |
91 | 89 | ||
92 | # FIXME: background jobs and upload | ||
93 | # FIXME: initial sync | ||
94 | system.activationScripts.mediagoblin = { | 90 | system.activationScripts.mediagoblin = { |
95 | deps = [ "users" ]; | 91 | deps = [ "users" ]; |
96 | text = '' | 92 | text = '' |
@@ -105,7 +101,6 @@ in { | |||
105 | 101 | ||
106 | services.myWebsites.tools.modules = [ | 102 | services.myWebsites.tools.modules = [ |
107 | "proxy" "proxy_http" "proxy_balancer" | 103 | "proxy" "proxy_http" "proxy_balancer" |
108 | # FIXME: probably only one balancer method is needed: | ||
109 | "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat" | 104 | "lbmethod_byrequests" "lbmethod_bytraffic" "lbmethod_bybusyness" "lbmethod_heartbeat" |
110 | ]; | 105 | ]; |
111 | users.users.wwwrun.extraGroups = [ "mediagoblin" ]; | 106 | users.users.wwwrun.extraGroups = [ "mediagoblin" ]; |
diff --git a/virtual/modules/websites/tools/tools/roundcubemail.nix b/virtual/modules/websites/tools/tools/roundcubemail.nix index 1aa2d87..e1653ae 100644 --- a/virtual/modules/websites/tools/tools/roundcubemail.nix +++ b/virtual/modules/websites/tools/tools/roundcubemail.nix | |||
@@ -4,7 +4,6 @@ let | |||
4 | plugins = {}; | 4 | plugins = {}; |
5 | in rec { | 5 | in rec { |
6 | varDir = "/var/lib/roundcubemail"; | 6 | varDir = "/var/lib/roundcubemail"; |
7 | # FIXME: initial sync | ||
8 | activationScript = { | 7 | activationScript = { |
9 | deps = [ "wrappers" ]; | 8 | deps = [ "wrappers" ]; |
10 | text = '' | 9 | text = '' |
@@ -14,7 +13,6 @@ let | |||
14 | ''; | 13 | ''; |
15 | }; | 14 | }; |
16 | config = | 15 | config = |
17 | # FIXME: LOG_DESTINATION syslog? | ||
18 | assert checkEnv "NIXOPS_ROUNDCUBEMAIL_PSQL_URL"; | 16 | assert checkEnv "NIXOPS_ROUNDCUBEMAIL_PSQL_URL"; |
19 | assert checkEnv "NIXOPS_ROUNDCUBEMAIL_SECRET"; | 17 | assert checkEnv "NIXOPS_ROUNDCUBEMAIL_SECRET"; |
20 | writeText "config.php" '' | 18 | writeText "config.php" '' |
diff --git a/virtual/modules/websites/tools/tools/ttrss.nix b/virtual/modules/websites/tools/tools/ttrss.nix index f7b0f61..2659afd 100644 --- a/virtual/modules/websites/tools/tools/ttrss.nix +++ b/virtual/modules/websites/tools/tools/ttrss.nix | |||
@@ -37,7 +37,6 @@ let | |||
37 | }; | 37 | }; |
38 | in rec { | 38 | in rec { |
39 | varDir = "/var/lib/ttrss"; | 39 | varDir = "/var/lib/ttrss"; |
40 | # FIXME: initial sync | ||
41 | activationScript = { | 40 | activationScript = { |
42 | deps = [ "wrappers" ]; | 41 | deps = [ "wrappers" ]; |
43 | text = '' | 42 | text = '' |
@@ -54,7 +53,6 @@ let | |||
54 | ''; | 53 | ''; |
55 | }; | 54 | }; |
56 | config = | 55 | config = |
57 | # FIXME: LOG_DESTINATION syslog? | ||
58 | assert checkEnv "NIXOPS_TTRSS_DB_PASSWORD"; | 56 | assert checkEnv "NIXOPS_TTRSS_DB_PASSWORD"; |
59 | assert checkEnv "NIXOPS_TTRSS_LDAP_PASSWORD"; | 57 | assert checkEnv "NIXOPS_TTRSS_LDAP_PASSWORD"; |
60 | writeText "config.php" '' | 58 | writeText "config.php" '' |
diff --git a/virtual/modules/websites/tools/tools/wallabag.nix b/virtual/modules/websites/tools/tools/wallabag.nix index 92787b8..0b54fff 100644 --- a/virtual/modules/websites/tools/tools/wallabag.nix +++ b/virtual/modules/websites/tools/tools/wallabag.nix | |||
@@ -103,7 +103,6 @@ let | |||
103 | group = "wwwrun"; | 103 | group = "wwwrun"; |
104 | modules = [ "proxy_fcgi" ]; | 104 | modules = [ "proxy_fcgi" ]; |
105 | vhostConf = '' | 105 | vhostConf = '' |
106 | # FIXME | ||
107 | Alias /assets "${varDir}/assets" | 106 | Alias /assets "${varDir}/assets" |
108 | Alias /wallabag "${webRoot}" | 107 | Alias /wallabag "${webRoot}" |
109 | <Directory "${webRoot}"> | 108 | <Directory "${webRoot}"> |