Add hikari3

.gitattributes

@@ -12,4 +12,5 @@ systems/hikari/files/hosts filter=git-crypt diff=git-crypt
 systems/hikari/web-development/projects/customer.nix filter=git-crypt diff=git-crypt
 systems/hikari3/files/hosts filter=git-crypt diff=git-crypt
 systems/hikari3/web-development/projects/customer.nix filter=git-crypt diff=git-crypt
+systems/hikari3/web-development/projects/customer/* filter=git-crypt diff=git-crypt
 projects/** filter=git-crypt diff=git-crypt

home/files/typo3-configuration/SystemSettings.php

@@ -48,6 +48,10 @@ $GLOBALS['TYPO3_CONF_VARS']['BE']['versionNumberInFilename'] = false;
 
 $GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'] = '$1$eItwKedf$13XVDVlAwXXMvO4DKw/YQ0';
 
+if (getenv('GIT_PATH')) {
+    $GLOBALS['TYPO3_CONF_VARS']['SYS']['binSetup'] = 'git=' . getenv('GIT_PATH') . '/git';
+}
+
 $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'] = '*.localhost DEVELOPMENT';
 if (isset($GLOBALS['_SERVER']['HTTP_HOST'])) {
     $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'] = $GLOBALS['_SERVER']['HTTP_HOST'] . ' DEVELOPMENT';

home/home.nix

@@ -1,7 +1,6 @@
 {
   config
   ,pkgs
-  ,hostName
   ,...
 }:
 
@@ -84,9 +83,7 @@ in {
 
       TYPO3_CONTEXT = "Development/dsiepmann";
       TYPO3_ADDITIONAL_CONFIGURATION = "${config.xdg.dataHome}/typo3-configuration/AdditionalConfiguration.inc.php";
-    } // (if hostName == "hikari" then {
-    } else {
-    });
+    };
 
     shellAliases = {
       ll = "ls -laphv --color=auto";

home/packages.nix

@@ -81,7 +81,7 @@
     unzip
 
     gtk-engine-murrine
-  ] ++ (if hostName == "hikari" then [
+  ] ++ (if hostName == "hikari2" then [
     # hikari
 
     acpilight # Used to support xbacklight
@@ -91,6 +91,10 @@
     # Needs to be installed by ubuntu on ubuntu, therefore only add on hikari
     sound-juicer
 
+  ] else (if hostName == "hikari3" then [
+    # hikari 3
+    (callPackage ./packages/custom/update-nixos-system { })
+    (callPackage ./packages/custom/vpn-reuter-dynamics { })
   ] else [
     # hikari 2
 
@@ -98,5 +102,5 @@
     # TODO: Right now only for Ubuntu (hikari2) system
     (callPackage ./packages/custom/backup { })
     (callPackage ./packages/custom/vpn-reuter-dynamics { })
-  ]);
+  ]));
 }

home/packages/custom/project/default.nix

@@ -7,8 +7,8 @@
 
 let
 
-  positionOfCustomerName = if hostName == "hikari" then "5" else "7";
-  mysqlUser = if hostName == "hikari" then "-u daniels" else "";
+  positionOfCustomerName = if hostName == "hikari" then "5" else "6";
+  mysqlUser = if hostName == "hikari2" then "" else "-u daniels";
 
 in writeShellApplication {
   name = "custom-project";

home/packages/custom/zcat-progress/default.nix

@@ -12,6 +12,10 @@ writeShellApplication {
     gzip
   ];
 
+  # It might be necessary to execute:
+  #     s/utf8mb4_0900_ai_ci/utf8mb4_unicode_520_ci/g
+  # As MariaDB has other collations as MySQL
+
   text = ''
     zcat "$1" | pv -s "$(gzip -dc "$1" | wc -c)"
   '';

home/windowManager/i3.nix

@@ -11,11 +11,13 @@
 let
   inherit(config.xsession.windowManager.i3.config) modifier;
 
-  soundSwitcherForHikari2 = if hostName == "hikari" then "" else "-D pulse";
+  soundSwitcher = if hostName == "hikari2" then "-D pulse" else "";
   keyboardBrightnessDevice = if hostName == "hikari" then "--device smc::kbd_backlight" else "";
   displayBrightnessDevice = if hostName == "hikari" then "--device acpi_video0" else "";
-  displayBuiltInOutput = if hostName == "hikari" then "eDP-1" else "eDP1";
-  displayDefaults = if hostName == "hikari" then "--output ${displayBuiltInOutput} --mode 1366x768 --scale 1.25x1.25" else "";
+  displayBuiltInOutput = if hostName == "hikari1" then "eDPI" else "eDP-1";
+  displayDefaults = if hostName == "hikari" then "--output ${displayBuiltInOutput} --mode 1366x768 --scale 1.25x1.25" else (
+    if hostName == "hikari3" then "--output ${displayBuiltInOutput} --scale 0.75x0.75" else ""
+  );
 in {
   xsession.windowManager.i3 = {
     enable = true;
@@ -300,9 +302,9 @@ in {
         "XF86AudioPlay" = "exec cmus-remote --pause";
         "XF86AudioPrev" = "exec cmus-remote --prev";
         "XF86AudioNext" = "exec cmus-remote --next";
-        "XF86AudioMute" = "exec \"amixer ${soundSwitcherForHikari2} sset Master 0\"";
-        "XF86AudioRaiseVolume" = "exec \"amixer ${soundSwitcherForHikari2} sset Master 5%+\"";
-        "XF86AudioLowerVolume" = "exec \"amixer ${soundSwitcherForHikari2} sset Master 5%-\"";
+        "XF86AudioMute" = "exec \"amixer ${soundSwitcher} -q set Master toggle\"";
+        "XF86AudioRaiseVolume" = "exec \"amixer ${soundSwitcher} sset Master 5%+\"";
+        "XF86AudioLowerVolume" = "exec \"amixer ${soundSwitcher} sset Master 5%-\"";
 
         # Switch sound device:
         # https://askubuntu.com/a/72076/491377
@@ -362,7 +364,8 @@ in {
         displays = {
           "a" = "exec xrandr --auto ${displayDefaults} && ${pkgs.brightnessctl}/bin/brightnessctl --device ${displayBrightnessDevice} s 10;";
           "e" = "exec xrandr --auto --output ${displayBuiltInOutput} --off";
-          "h" = "exec xrandr --output ${displayBuiltInOutput} --off --output DP1 --scale 1x1 --mode 2560x1440";
+  
+          "h" = if hostName == "hikari3" then "exec xrandr --output ${displayBuiltInOutput} --off --output DP-3 --scale 1x1 --mode 2560x1440" else "exec xrandr --output ${displayBuiltInOutput} --off --output DP1 --scale 1x1 --mode 2560x1440";
           "o" = "exec xrandr --output DP2 --primary --mode 3840x2160 --scale 0.65x0.65 --output ${displayBuiltInOutput} --off";
 
           # Mirror

home/xsession.nix

@@ -13,7 +13,7 @@ let
     xinput --set-prop bcm5974 'libinput Natural Scrolling Enabled' 1
   '';
   initExtraHikari2 = ''
-    xrandr --auto --brightness 1
+    xrandr --auto --output eDP-1 --brightness 1
 
     # Enable tapping instead of phsyical click
     xinput --set-prop 'DELL07E6:00 06CB:76AF Touchpad' 'libinput Tapping Enabled' 1
@@ -21,13 +21,19 @@ let
     # Use natural scrolling for trackpad
     xinput --set-prop 'DELL07E6:00 06CB:76AF Touchpad' 'libinput Natural Scrolling Enabled' 1
   '';
+  initExtraHikari3 = ''
+    xrandr --auto --output eDP-1 --brightness 1
+
+    # Use natural scrolling for trackpad
+    xinput --set-prop 'PIXA3854:00 093A:0274 Touchpad' 'libinput Natural Scrolling Enabled' 1
+  '';
 in {
   xsession = {
     enable = true;
 
     numlock.enable = true;
 
-    initExtra = (if hostName == "hikari" then initExtraHikari else initExtraHikari2) + ''
+    initExtra = (if hostName == "hikari" then initExtraHikari else (if hostName == "hikari3" then initExtraHikari3 else initExtraHikari2)) + ''
       # Set backlight of output
       xbacklight -set 25
 

systems/hikari/web-development/default.nix

@@ -18,7 +18,6 @@ in {
     ./projects/private.nix
     ./projects/service-wrapper.nix
     ./projects/typo3.nix
-    ./projects/customer.nix
 
   ];
 

systems/hikari3/cachix.nix

@@ -0,0 +1,13 @@
+
+# WARN: this file will get overwritten by $ cachix use <name>
+{ pkgs, lib, ... }:
+
+let
+  folder = ./cachix;
+  toImport = name: value: folder + ("/" + name);
+  filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key;
+  imports = lib.mapAttrsToList toImport (lib.filterAttrs filterCaches (builtins.readDir folder));
+in {
+  inherit imports;
+  nix.settings.substituters = ["https://cache.nixos.org/"];
+}

systems/hikari3/cachix/fossar.nix

@@ -0,0 +1,13 @@
+
+{
+  nix = {
+    settings = {
+      substituters = [
+        "https://fossar.cachix.org"
+      ];
+      trusted-public-keys = [
+        "fossar.cachix.org-1:Zv6FuqIboeHPWQS7ysLCJ7UT7xExb4OE8c4LyGb5AsE="
+      ];
+    };
+  };
+}

systems/hikari3/configuration.nix

@@ -0,0 +1,146 @@
+# Edit this configuration file to define what should be installed on
+# your system.  help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+
+    ./cachix.nix
+
+    ./web-development
+  ];
+
+  # Bootloader.
+  boot = {
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+
+    initrd.luks.devices."luks-ac06ecd4-7548-4807-a9c9-a616f8219e5f".device = "/dev/disk/by-uuid/ac06ecd4-7548-4807-a9c9-a616f8219e5f";
+  };
+  networking = {
+    hostName = "hikari3";
+    extraHosts = builtins.readFile ./files/hosts;
+    # wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+
+    # Configure network proxy if necessary
+    # proxy.default = "http://user:password@proxy:port/";
+    # proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+    # Enable networking
+    networkmanager.enable = true;
+  };
+
+  # Set your time zone.
+  time.timeZone = "Europe/Berlin";
+
+  # Select internationalisation properties.
+  i18n = {
+    defaultLocale = "en_US.UTF-8";
+
+    extraLocaleSettings = {
+      LC_ADDRESS = "de_DE.UTF-8";
+      LC_IDENTIFICATION = "de_DE.UTF-8";
+      LC_MEASUREMENT = "de_DE.UTF-8";
+      LC_MONETARY = "de_DE.UTF-8";
+      LC_NAME = "de_DE.UTF-8";
+      LC_NUMERIC = "de_DE.UTF-8";
+      LC_PAPER = "de_DE.UTF-8";
+      LC_TELEPHONE = "de_DE.UTF-8";
+      LC_TIME = "de_DE.UTF-8";
+    };
+  };
+
+  documentation = {
+    dev.enable = false;
+    doc.enable = false;
+    info.enable = false;
+    man.enable = true;
+    nixos.enable = true;
+  };
+
+  programs = {
+    # Enable network manager applet
+    nm-applet.enable = true;
+    dconf.enable = true;
+  };
+
+  services = {
+    # Enable the X11 windowing system.
+    xserver = {
+      enable = true;
+      displayManager.lightdm.enable = true;
+      desktopManager.lxqt.enable = true;
+
+      # Configure keymap in X11
+      xkb = {
+        layout = "us";
+        variant = "";
+      };
+    };
+
+    # Enable automatic login for the user.
+    displayManager.autoLogin = {
+      enable = true;
+      user = "daniels";
+    };
+  };
+
+  # Enable sound with pipewire.
+  sound.enable = true;
+  # sound.mediaKeys.enable = true;
+  hardware.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+  };
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.daniels = {
+    isNormalUser = true;
+    description = "Daniel Siepmann";
+    extraGroups = [ "networkmanager" "wheel" ];
+    packages = with pkgs; [
+      i3lock
+      xsel
+    ];
+  };
+
+  virtualisation.containers = {
+    enable = true;
+  };
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+    git
+    xorg.xbacklight
+    openfortivpn
+    lxqt.pavucontrol-qt
+  ];
+
+  environment.variables = {
+    EDITOR = "vim";
+  };
+
+  security = {
+    sudo.execWheelOnly = true;
+  };
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.11"; # Did you read the comment?
+
+}

systems/hikari3/hardware-configuration.nix

@@ -0,0 +1,48 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [
+    <nixos-hardware/framework/13-inch/7040-amd>
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot = {
+    initrd = {
+      availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "uas" "sd_mod" ];
+      kernelModules = [ ];
+    };
+    kernelModules = [ "kvm-amd" ];
+    extraModulePackages = [ ];
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/dd7cefcc-8920-4c3d-9559-962a3a584498";
+    fsType = "ext4";
+  };
+
+  boot.initrd.luks.devices."luks-ddc87566-6172-4909-987e-8600b96a41c2".device = "/dev/disk/by-uuid/ddc87566-6172-4909-987e-8600b96a41c2";
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/E402-2F77";
+    fsType = "vfat";
+    options = [ "fmask=0022" "dmask=0022" ];
+  };
+
+  swapDevices = [
+    { device = "/dev/disk/by-uuid/877afecd-5cdb-452d-82d2-2fb0823d2879"; }
+  ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp193s0f3u2.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

systems/hikari3/readme.rst

@@ -0,0 +1,35 @@
+nixos for hikari
+================
+
+Hikari is my old MacBook Air.
+It runs NixOS.
+
+I'm using that machine to migrate my existing Ubuntu Setup to NixOS in order to replace Ubuntu in the future.
+And I use this Setup for my personal use.
+
+Installation
+------------
+
+Update to nixpkgs unstable via:
+
+        nix-channel --add https://nixos.org/channels/nixos-unstable nixos 
+        nix-channel --update
+
+See: https://nixos.wiki/wiki/Nix_channels
+
+I also need older php versions:
+
+        nix-channel --add https://github.com/fossar/nix-phps/archive/master.tar.gz phps
+        nix-channel --update
+
+Add hardware channel:
+
+        nix-channel --add https://github.com/NixOS/nixos-hardware/archive/master.tar.gz nixos-hardware
+        nix-channel --update
+
+See: https://github.com/NixOS/nixos-hardware
+
+TODOs
+-----
+
+* Add docker-compose for Elasticsearch, proxy, solr.

systems/hikari3/web-development/default.nix

@@ -0,0 +1,134 @@
+{ pkgs, config, lib, ... }:
+
+let
+
+  mysqlEnsurePermissionsForDevUser = builtins.listToAttrs (
+    map (databaseName: {
+      name = "${databaseName}.*";
+      value = "ALL PRIVILEGES";
+    })
+    config.custom.web-development.databases
+  );
+
+in {
+  imports = [
+
+    ./lib/mkcert.nix
+
+    ./projects/service-wrapper.nix
+    ./projects/typo3.nix
+    ./projects/customer/sa-sa.nix
+    ./projects/customer/reu-reu.nix
+    ./projects/customer/wm-interdaf.nix
+    ./projects/customer/wm-sozio.nix
+
+  ];
+
+  options = {
+
+    custom.web-development = {
+      rootPath = lib.mkOption {
+        type = lib.types.path;
+        default = "/var/projects";
+        description = ''
+          The root folder where web development happens.
+          All Projects need to be placed within this folder.
+        '';
+      };
+      databases = lib.mkOption {
+        type = lib.types.listOf lib.types.nonEmptyStr;
+        default = [];
+        example = lib.literalExpression "[namespace_project namespace2_project1]";
+        description = ''
+          A list of all necessary databases.
+          Used to create the databases and grant permissions.
+        '';
+      };
+    };
+
+  };
+
+  config = {
+
+    services = {
+      httpd = {
+        enable = true;
+
+        user = "daniels";
+
+        adminAddr = "apache@hikari.localhost";
+
+        extraModules = [
+          "info"
+          "rewrite"
+          "proxy"
+          "proxy_fcgi"
+        ];
+
+        virtualHosts."localhost".locations."/server-info" = {
+          extraConfig = ''
+            SetHandler server-info
+            Require local
+          '';
+        };
+      };
+
+      mysql = {
+        enable = true;
+
+        package = pkgs.mariadb;
+
+        ensureUsers = [
+          {
+            name = "daniels";
+            ensurePermissions = {
+              "*.*" = "ALL PRIVILEGES";
+            };
+          }
+          {
+            # INITIALLY once change dev user to be identified by password
+            # alter user dev@localhost IDENTIFIED VIA mysql_native_password USING PASSWORD('dev');
+            name = "testing";
+            ensurePermissions = {
+              "*.*" = "ALL PRIVILEGES";
+            };
+          }
+          {
+            # INITIALLY once change dev user to be identified by password
+            # alter user dev@localhost IDENTIFIED VIA mysql_native_password USING PASSWORD('dev');
+            name = "dev";
+            ensurePermissions = mysqlEnsurePermissionsForDevUser;
+          }
+        ];
+
+        ensureDatabases = [
+          "testing" # Used by TYPO3 functional tests
+          "testing_at" # Used by TYPO3 Acceptance tests
+        ] ++ config.custom.web-development.databases;
+
+        settings = {
+          mysqld = {
+            # sql_mode = "SRTICT_TRANS_TABLES;NO_ZERO_IN_DATE;NO_ZERO_DATE;ERROR_FOR_DIVISION_BY_ZERO;NO_ENGINE_SUBSTITUTION";
+            general_log = true;
+            general_log_file = "/var/lib/mysql/query.log";
+
+            # slow_query_log = true;
+            # slow_query_log_file = "/var/lib/mysql/slow_query.log";
+            # long_query_time = 1;
+
+            bind-address = "127.0.0.1";
+          };
+        };
+      };
+    };
+
+    systemd.tmpfiles.rules = [
+      # TODO: Improve handling of TYPO3 global configuration
+      # Current issue: The files are copied once.
+      # Changes are not reflected until reboot?
+      # I can edit the copied files, but need to keep files in sync.
+      "C ${config.custom.web-development.rootPath}/own/typo3-configuration - - - - ${config.users.users.daniels.home}/.config/nixpkgs/home/files/typo3-configuration"
+    ];
+
+  };
+}

systems/hikari3/web-development/lib/create-static.nix

@@ -0,0 +1,30 @@
+{
+  config
+  , domain
+  , relativeDocumentRoot
+}:
+
+let
+  documentRoot = "${config.custom.web-development.rootPath}/${relativeDocumentRoot}";
+in {
+  services = {
+
+    httpd.virtualHosts.${domain} = {
+      forceSSL = true;
+      sslServerCert = "${config.custom.web-development.certFolder}${domain}.pem";
+      sslServerKey = "${config.custom.web-development.certFolder}${domain}-key.pem";
+
+      inherit documentRoot;
+
+      extraConfig = ''
+        <Directory ${documentRoot}>
+            AllowOverride All
+            Require all granted
+            Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+            DirectoryIndex index.html Index.html
+        </Directory>
+      '';
+    };
+
+  };
+}

systems/hikari3/web-development/lib/create-typo3.nix

@@ -0,0 +1,129 @@
+{
+  config
+  , lib
+  , pkgs
+  , domain
+  , relativeDocumentRoot
+  , databaseName
+  , php
+}:
+
+let
+
+  documentRoot = "${config.custom.web-development.rootPath}/${relativeDocumentRoot}";
+
+  phpPackage = php.buildEnv {
+    extensions = { enabled, all }: enabled ++ (with all; [
+      xdebug
+    ]);
+    extraConfig = ''
+      max_execution_time = 240
+      max_input_vars = 1500
+
+      display_errors = 1
+      error_reporting = E_ALL
+
+      xdebug.mode = debug
+      xdebug.max_nesting_level = 400
+    '';
+  };
+
+in {
+  custom.web-development = {
+
+    databases = [databaseName];
+
+  };
+
+  services = {
+
+    httpd.virtualHosts.${domain} = {
+      forceSSL = true;
+      sslServerCert = "${config.custom.web-development.certFolder}${domain}.pem";
+      sslServerKey = "${config.custom.web-development.certFolder}${domain}-key.pem";
+
+      inherit documentRoot;
+
+      extraConfig = ''
+        <Directory ${documentRoot}>
+            AllowOverride None
+            Require all granted
+            DirectoryIndex index.php
+
+            RewriteEngine On
+
+            # Store the current location in an environment variable CWD to use
+            # mod_rewrite in .htaccess files without knowing the RewriteBase
+            RewriteCond $0#%{REQUEST_URI} ([^#]*)#(.*)\1$
+            RewriteRule ^.*$ - [E=CWD:%2]
+
+            # Rule for versioned static files, configured through:
+            # - $GLOBALS['TYPO3_CONF_VARS']['BE']['versionNumberInFilename']
+            # - $GLOBALS['TYPO3_CONF_VARS']['FE']['versionNumberInFilename']
+            # IMPORTANT: This rule has to be the very first RewriteCond in order to work!
+            RewriteCond %{REQUEST_FILENAME} !-f
+            RewriteCond %{REQUEST_FILENAME} !-d
+            RewriteRule ^(.+)\.(\d+)\.(php|js|css|png|jpg|gif|gzip)$ %{ENV:CWD}$1.$3 [L]
+
+            # Access block for folders
+            RewriteRule _(?:recycler|temp)_/ - [F]
+            RewriteRule fileadmin/templates/.*\.(?:txt|ts)$ - [F]
+            RewriteRule ^(?:vendor|typo3_src|typo3temp/var) - [F]
+            RewriteRule (?:typo3conf/ext|typo3/sysext|typo3/ext)/[^/]+/(?:Configuration|Resources/Private|Tests?|Documentation|docs?)/ - [F]
+
+            # Block access to all hidden files and directories with the exception of
+            # the visible content from within the `/.well-known/` hidden directory (RFC 5785).
+            RewriteCond %{REQUEST_URI} "!(^|/)\.well-known/([^./]+./?)+$" [NC]
+            RewriteCond %{SCRIPT_FILENAME} -d [OR]
+            RewriteCond %{SCRIPT_FILENAME} -f
+            RewriteRule (?:^|/)\. - [F]
+
+            # Stop rewrite processing, if we are in any other known directory
+            # NOTE: Add your additional local storages here
+            RewriteRule ^(?:fileadmin/|typo3conf/|typo3temp/|uploads/) - [L]
+
+            # If the file/symlink/directory does not exist but is below /typo3/, redirect to the TYPO3 Backend entry point.
+            RewriteCond %{REQUEST_FILENAME} !-f
+            RewriteCond %{REQUEST_FILENAME} !-d
+            RewriteCond %{REQUEST_FILENAME} !-l
+            RewriteCond %{REQUEST_URI} ^/typo3/.*$
+            RewriteRule ^typo3/(.*)$ %{ENV:CWD}typo3/index.php [QSA,L]
+
+            # If the file/symlink/directory does not exist => Redirect to index.php.
+            # For httpd.conf, you need to prefix each '%{REQUEST_FILENAME}' with '%{DOCUMENT_ROOT}'.
+            RewriteCond %{REQUEST_FILENAME} !-f
+            RewriteCond %{REQUEST_FILENAME} !-d
+            RewriteCond %{REQUEST_FILENAME} !-l
+            RewriteRule ^.*$ %{ENV:CWD}index.php [QSA,L]
+        </Directory>
+
+        <FilesMatch "\.php$">
+            SetHandler  "proxy:unix:${config.services.phpfpm.pools."${domain}".socket}|fcgi://${domain}/"
+        </FilesMatch>
+      '';
+    };
+
+    phpfpm.pools.${domain} = {
+      inherit (config.services.httpd) user group;
+      inherit phpPackage;
+
+      settings = {
+        "listen.owner" = config.services.httpd.user;
+        "listen.group" = config.services.httpd.group;
+        "pm" = "ondemand";
+        "pm.max_children" = 15;
+      };
+
+      phpEnv = {
+        TYPO3_ADDITIONAL_CONFIGURATION = "/var/projects/own/typo3-configuration/AdditionalConfiguration.inc.php";
+        TYPO3_DATABASE = databaseName;
+        TYPO3_CONTEXT = "Development/dsiepmann";
+        TYPO3_BASE = "https://${domain}/";
+
+        # Used via TYPO3 API, expose
+        IMAGEMAGICK_PATH = lib.makeBinPath [ pkgs.imagemagick ] + "/";
+      };
+    };
+
+  };
+}

systems/hikari3/web-development/lib/mkcert.nix

@@ -0,0 +1,53 @@
+{ pkgs, lib, config, ... }:
+
+let
+  certFolder = "/var/projects/own/mkcert";
+
+  domains = builtins.concatStringsSep " " (
+    map (domain: "\"${domain}\"") (
+      builtins.attrNames config.services.httpd.virtualHosts
+    )
+  );
+
+  custom-generate-certs = pkgs.writeShellApplication {
+    name = "custom-generate-certs";
+
+    runtimeInputs = [
+      pkgs.mkcert
+    ];
+
+    text = ''
+      mkdir -p ${certFolder}
+      pushd ${certFolder}
+      declare -a domains=(${domains})
+      for domain in "''${domains[@]}"
+      do
+        CAROOT="${certFolder}" mkcert "$domain"
+      done
+    '';
+  };
+in {
+  options = {
+    custom.web-development = {
+      certFolder = lib.mkOption {
+        type = lib.types.path;
+        default = "${config.custom.web-development.rootPath}/own/mkcert/";
+      };
+    };
+  };
+
+  config = {
+
+    # TODO: Run once before httpd service starts?
+    environment.systemPackages = [
+      custom-generate-certs
+    ];
+
+    # NOTE: Disable until root certificate is generated, then add again
+    # Maybe check for file existense and throw proper error message?
+    security.pki.certificates = [
+      (builtins.readFile "${config.custom.web-development.certFolder}rootCA.pem")
+    ];
+
+  };
+}

systems/hikari3/web-development/projects/private.nix

@@ -0,0 +1,13 @@
+{ pkgs, lib, config, ... }:
+
+let
+
+  php = pkgs.php83;
+
+in import ./../lib/create-typo3.nix {
+  inherit config lib pkgs php;
+
+  domain = "daniel-siepmann.own.localhost";
+  relativeDocumentRoot = "own/daniel-siepmann/project/public/";
+  databaseName = "own_danielsiepmann";
+}

systems/hikari3/web-development/projects/service-wrapper.nix

@@ -0,0 +1,28 @@
+{ pkgs, lib, config, ... }:
+
+let
+  domain = "mailhog.localhost";
+in {
+  services = {
+
+    httpd.virtualHosts.${domain} = {
+      forceSSL = true;
+      sslServerCert = "${config.custom.web-development.certFolder}${domain}.pem";
+      sslServerKey = "${config.custom.web-development.certFolder}${domain}-key.pem";
+
+      extraConfig = ''
+        RequestHeader unset Authorization
+        ProxyRequests Off
+        ProxyPreserveHost On
+        ProxyPass / http://localhost:8025/
+        ProxyPassReverse / http://localhost:8025/
+
+        # Mailhog specific
+        <LocationMatch /api/v2/websocket>
+          ProxyPass ws://localhost:8025/api/v2/websocket
+        </LocationMatch>
+      '';
+    };
+
+  };
+}

systems/hikari3/web-development/projects/typo3.nix

@@ -0,0 +1,8 @@
+{ lib, config, ... }:
+
+import ./../lib/create-static.nix {
+  inherit config;
+
+  domain = "tea-docs.typo3.localhost";
+  relativeDocumentRoot = "typo3/tea/Documentation-GENERATED-temp/Result/project/0.0.0/";
+}