Resolve some todos for hikari
Use custom options to define some values only once.
This commit is contained in:
parent
158dc26922
commit
6515fe5e8e
|
@ -11,7 +11,7 @@
|
|||
|
||||
./cachix.nix
|
||||
|
||||
./web-development.nix
|
||||
./web-development
|
||||
];
|
||||
|
||||
boot = {
|
||||
|
|
|
@ -1,83 +0,0 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
|
||||
# TODO: Find way to define project base path "/var/projects/"
|
||||
|
||||
{
|
||||
imports = [
|
||||
./web-development/mkcert.nix
|
||||
|
||||
./web-development/mailhog.localhost.nix
|
||||
|
||||
./web-development/daniel-siepmann.localhost.nix
|
||||
];
|
||||
|
||||
services = {
|
||||
httpd = {
|
||||
enable = true;
|
||||
|
||||
user = "daniels";
|
||||
|
||||
adminAddr = "apache@hikari.localhost";
|
||||
|
||||
extraModules = [
|
||||
"info"
|
||||
"rewrite"
|
||||
"proxy"
|
||||
"proxy_fcgi"
|
||||
];
|
||||
|
||||
virtualHosts."localhost".locations."/server-info" = {
|
||||
extraConfig = ''
|
||||
SetHandler server-info
|
||||
Require local
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
mysql = {
|
||||
enable = true;
|
||||
|
||||
package = pkgs.mariadb;
|
||||
|
||||
ensureUsers = [
|
||||
{
|
||||
name = "daniels";
|
||||
ensurePermissions = {
|
||||
"*.*" = "ALL PRIVILEGES";
|
||||
};
|
||||
}
|
||||
{
|
||||
# INITIALLY once change dev user to be identified by password
|
||||
name = "dev";
|
||||
ensurePermissions = {
|
||||
# TODO: Auto build from defined databases?!
|
||||
"own_danielsiepmann.*" = "ALL PRIVILEGES";
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
ensureDatabases = [
|
||||
"testing" # Used by TYPO3 functional tests
|
||||
"testing_at" # Used by TYPO3 Acceptance tests
|
||||
];
|
||||
|
||||
settings = {
|
||||
mysqld = {
|
||||
# sql_mode = "SRTICT_TRANS_TABLES;NO_ZERO_IN_DATE;NO_ZERO_DATE;ERROR_FOR_DIVISION_BY_ZERO;NO_ENGINE_SUBSTITUTION";
|
||||
general_log = true;
|
||||
general_log_file = "/var/lib/mysql/query.log";
|
||||
|
||||
bind-address = "127.0.0.1";
|
||||
# = "/var/log/mysql/query.log";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
# Would be cool to improve this somehow.
|
||||
# Current issues: The link is created once against nix store.
|
||||
# Changes are not reflected until reboot?
|
||||
"C /var/projects/own/typo3-configuration - - - - ${config.users.users.daniels.home}/.local/share/typo3-configuration"
|
||||
];
|
||||
}
|
|
@ -3,7 +3,7 @@
|
|||
# TODO: Move to template / function and call with variables
|
||||
let
|
||||
domain = "daniel-siepmann.localhost";
|
||||
documentRoot = "/var/projects/own/daniel-siepmann.de/project/public/";
|
||||
documentRoot = "${config.custom.web-development.rootPath}/own/daniel-siepmann.de/project/public/";
|
||||
databaseName = "own_danielsiepmann";
|
||||
phpPackage = pkgs.php82;
|
||||
in {
|
||||
|
@ -11,8 +11,8 @@ in {
|
|||
httpd.virtualHosts.${domain} = {
|
||||
|
||||
forceSSL = true;
|
||||
sslServerCert = "/var/projects/own/mkcert/${domain}.pem";
|
||||
sslServerKey = "/var/projects/own/mkcert/${domain}-key.pem";
|
||||
sslServerCert = "${config.custom.web-development.certFolder}${domain}.pem";
|
||||
sslServerKey = "${config.custom.web-development.certFolder}${domain}-key.pem";
|
||||
|
||||
inherit documentRoot;
|
||||
|
||||
|
|
93
systems/hikari/web-development/default.nix
Normal file
93
systems/hikari/web-development/default.nix
Normal file
|
@ -0,0 +1,93 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./mkcert.nix
|
||||
|
||||
./mailhog.localhost.nix
|
||||
|
||||
./daniel-siepmann.localhost.nix
|
||||
];
|
||||
|
||||
options = {
|
||||
custom.web-development = {
|
||||
rootPath = lib.mkOption {
|
||||
type = lib.types.path;
|
||||
default = "/var/projects";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
|
||||
services = {
|
||||
httpd = {
|
||||
enable = true;
|
||||
|
||||
user = "daniels";
|
||||
|
||||
adminAddr = "apache@hikari.localhost";
|
||||
|
||||
extraModules = [
|
||||
"info"
|
||||
"rewrite"
|
||||
"proxy"
|
||||
"proxy_fcgi"
|
||||
];
|
||||
|
||||
virtualHosts."localhost".locations."/server-info" = {
|
||||
extraConfig = ''
|
||||
SetHandler server-info
|
||||
Require local
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
mysql = {
|
||||
enable = true;
|
||||
|
||||
package = pkgs.mariadb;
|
||||
|
||||
ensureUsers = [
|
||||
{
|
||||
name = "daniels";
|
||||
ensurePermissions = {
|
||||
"*.*" = "ALL PRIVILEGES";
|
||||
};
|
||||
}
|
||||
{
|
||||
# INITIALLY once change dev user to be identified by password
|
||||
name = "dev";
|
||||
ensurePermissions = {
|
||||
# TODO: Auto build from defined databases?!
|
||||
"own_danielsiepmann.*" = "ALL PRIVILEGES";
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
ensureDatabases = [
|
||||
"testing" # Used by TYPO3 functional tests
|
||||
"testing_at" # Used by TYPO3 Acceptance tests
|
||||
];
|
||||
|
||||
settings = {
|
||||
mysqld = {
|
||||
# sql_mode = "SRTICT_TRANS_TABLES;NO_ZERO_IN_DATE;NO_ZERO_DATE;ERROR_FOR_DIVISION_BY_ZERO;NO_ENGINE_SUBSTITUTION";
|
||||
general_log = true;
|
||||
general_log_file = "/var/lib/mysql/query.log";
|
||||
|
||||
bind-address = "127.0.0.1";
|
||||
# = "/var/log/mysql/query.log";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
# Would be cool to improve this somehow.
|
||||
# Current issues: The link is created once against nix store.
|
||||
# Changes are not reflected until reboot?
|
||||
"C ${config.custom.web-development.rootPath}/own/typo3-configuration - - - - ${config.users.users.daniels.home}/.local/share/typo3-configuration"
|
||||
];
|
||||
};
|
||||
}
|
|
@ -7,8 +7,8 @@ in {
|
|||
httpd.virtualHosts.${domain} = {
|
||||
|
||||
forceSSL = true;
|
||||
sslServerCert = "/var/projects/own/mkcert/${domain}.pem";
|
||||
sslServerKey = "/var/projects/own/mkcert/${domain}-key.pem";
|
||||
sslServerCert = "${config.custom.web-development.certFolder}${domain}.pem";
|
||||
sslServerKey = "${config.custom.web-development.certFolder}${domain}-key.pem";
|
||||
|
||||
extraConfig = ''
|
||||
RequestHeader unset Authorization
|
||||
|
|
|
@ -27,12 +27,24 @@ let
|
|||
'';
|
||||
};
|
||||
in {
|
||||
# TODO: Run once before httpd service starts?
|
||||
environment.systemPackages = [
|
||||
custom-generate-certs
|
||||
];
|
||||
options = {
|
||||
custom.web-development = {
|
||||
certFolder = lib.mkOption {
|
||||
type = lib.types.path;
|
||||
default = "${config.custom.web-development.rootPath}/own/mkcert/";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
security.pki.certificateFiles = [
|
||||
/var/projects/own/mkcert/rootCA.pem
|
||||
];
|
||||
config = {
|
||||
# TODO: Run once before httpd service starts?
|
||||
environment.systemPackages = [
|
||||
custom-generate-certs
|
||||
];
|
||||
|
||||
# NOTE: Disable until root certificate is generated, then add again
|
||||
security.pki.certificates = [
|
||||
(builtins.readFile "${config.custom.web-development.certFolder}rootCA.pem")
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue