Add hikari3
This commit is contained in:
parent
746e9d3e8a
commit
fa80faefdc
1
.gitattributes
vendored
1
.gitattributes
vendored
|
@ -12,4 +12,5 @@ systems/hikari/files/hosts filter=git-crypt diff=git-crypt
|
|||
systems/hikari/web-development/projects/customer.nix filter=git-crypt diff=git-crypt
|
||||
systems/hikari3/files/hosts filter=git-crypt diff=git-crypt
|
||||
systems/hikari3/web-development/projects/customer.nix filter=git-crypt diff=git-crypt
|
||||
systems/hikari3/web-development/projects/customer/* filter=git-crypt diff=git-crypt
|
||||
projects/** filter=git-crypt diff=git-crypt
|
||||
|
|
|
@ -48,6 +48,10 @@ $GLOBALS['TYPO3_CONF_VARS']['BE']['versionNumberInFilename'] = false;
|
|||
|
||||
$GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'] = '$1$eItwKedf$13XVDVlAwXXMvO4DKw/YQ0';
|
||||
|
||||
if (getenv('GIT_PATH')) {
|
||||
$GLOBALS['TYPO3_CONF_VARS']['SYS']['binSetup'] = 'git=' . getenv('GIT_PATH') . '/git';
|
||||
}
|
||||
|
||||
$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'] = '*.localhost DEVELOPMENT';
|
||||
if (isset($GLOBALS['_SERVER']['HTTP_HOST'])) {
|
||||
$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'] = $GLOBALS['_SERVER']['HTTP_HOST'] . ' DEVELOPMENT';
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
{
|
||||
config
|
||||
,pkgs
|
||||
,hostName
|
||||
,...
|
||||
}:
|
||||
|
||||
|
@ -84,9 +83,7 @@ in {
|
|||
|
||||
TYPO3_CONTEXT = "Development/dsiepmann";
|
||||
TYPO3_ADDITIONAL_CONFIGURATION = "${config.xdg.dataHome}/typo3-configuration/AdditionalConfiguration.inc.php";
|
||||
} // (if hostName == "hikari" then {
|
||||
} else {
|
||||
});
|
||||
};
|
||||
|
||||
shellAliases = {
|
||||
ll = "ls -laphv --color=auto";
|
||||
|
|
|
@ -81,7 +81,7 @@
|
|||
unzip
|
||||
|
||||
gtk-engine-murrine
|
||||
] ++ (if hostName == "hikari" then [
|
||||
] ++ (if hostName == "hikari2" then [
|
||||
# hikari
|
||||
|
||||
acpilight # Used to support xbacklight
|
||||
|
@ -91,6 +91,10 @@
|
|||
# Needs to be installed by ubuntu on ubuntu, therefore only add on hikari
|
||||
sound-juicer
|
||||
|
||||
] else (if hostName == "hikari3" then [
|
||||
# hikari 3
|
||||
(callPackage ./packages/custom/update-nixos-system { })
|
||||
(callPackage ./packages/custom/vpn-reuter-dynamics { })
|
||||
] else [
|
||||
# hikari 2
|
||||
|
||||
|
@ -98,5 +102,5 @@
|
|||
# TODO: Right now only for Ubuntu (hikari2) system
|
||||
(callPackage ./packages/custom/backup { })
|
||||
(callPackage ./packages/custom/vpn-reuter-dynamics { })
|
||||
]);
|
||||
]));
|
||||
}
|
||||
|
|
|
@ -7,8 +7,8 @@
|
|||
|
||||
let
|
||||
|
||||
positionOfCustomerName = if hostName == "hikari" then "5" else "7";
|
||||
mysqlUser = if hostName == "hikari" then "-u daniels" else "";
|
||||
positionOfCustomerName = if hostName == "hikari" then "5" else "6";
|
||||
mysqlUser = if hostName == "hikari2" then "" else "-u daniels";
|
||||
|
||||
in writeShellApplication {
|
||||
name = "custom-project";
|
||||
|
|
|
@ -12,6 +12,10 @@ writeShellApplication {
|
|||
gzip
|
||||
];
|
||||
|
||||
# It might be necessary to execute:
|
||||
# s/utf8mb4_0900_ai_ci/utf8mb4_unicode_520_ci/g
|
||||
# As MariaDB has other collations as MySQL
|
||||
|
||||
text = ''
|
||||
zcat "$1" | pv -s "$(gzip -dc "$1" | wc -c)"
|
||||
'';
|
||||
|
|
|
@ -11,11 +11,13 @@
|
|||
let
|
||||
inherit(config.xsession.windowManager.i3.config) modifier;
|
||||
|
||||
soundSwitcherForHikari2 = if hostName == "hikari" then "" else "-D pulse";
|
||||
soundSwitcher = if hostName == "hikari2" then "-D pulse" else "";
|
||||
keyboardBrightnessDevice = if hostName == "hikari" then "--device smc::kbd_backlight" else "";
|
||||
displayBrightnessDevice = if hostName == "hikari" then "--device acpi_video0" else "";
|
||||
displayBuiltInOutput = if hostName == "hikari" then "eDP-1" else "eDP1";
|
||||
displayDefaults = if hostName == "hikari" then "--output ${displayBuiltInOutput} --mode 1366x768 --scale 1.25x1.25" else "";
|
||||
displayBuiltInOutput = if hostName == "hikari1" then "eDPI" else "eDP-1";
|
||||
displayDefaults = if hostName == "hikari" then "--output ${displayBuiltInOutput} --mode 1366x768 --scale 1.25x1.25" else (
|
||||
if hostName == "hikari3" then "--output ${displayBuiltInOutput} --scale 0.75x0.75" else ""
|
||||
);
|
||||
in {
|
||||
xsession.windowManager.i3 = {
|
||||
enable = true;
|
||||
|
@ -300,9 +302,9 @@ in {
|
|||
"XF86AudioPlay" = "exec cmus-remote --pause";
|
||||
"XF86AudioPrev" = "exec cmus-remote --prev";
|
||||
"XF86AudioNext" = "exec cmus-remote --next";
|
||||
"XF86AudioMute" = "exec \"amixer ${soundSwitcherForHikari2} sset Master 0\"";
|
||||
"XF86AudioRaiseVolume" = "exec \"amixer ${soundSwitcherForHikari2} sset Master 5%+\"";
|
||||
"XF86AudioLowerVolume" = "exec \"amixer ${soundSwitcherForHikari2} sset Master 5%-\"";
|
||||
"XF86AudioMute" = "exec \"amixer ${soundSwitcher} -q set Master toggle\"";
|
||||
"XF86AudioRaiseVolume" = "exec \"amixer ${soundSwitcher} sset Master 5%+\"";
|
||||
"XF86AudioLowerVolume" = "exec \"amixer ${soundSwitcher} sset Master 5%-\"";
|
||||
|
||||
# Switch sound device:
|
||||
# https://askubuntu.com/a/72076/491377
|
||||
|
@ -362,7 +364,8 @@ in {
|
|||
displays = {
|
||||
"a" = "exec xrandr --auto ${displayDefaults} && ${pkgs.brightnessctl}/bin/brightnessctl --device ${displayBrightnessDevice} s 10;";
|
||||
"e" = "exec xrandr --auto --output ${displayBuiltInOutput} --off";
|
||||
"h" = "exec xrandr --output ${displayBuiltInOutput} --off --output DP1 --scale 1x1 --mode 2560x1440";
|
||||
|
||||
"h" = if hostName == "hikari3" then "exec xrandr --output ${displayBuiltInOutput} --off --output DP-3 --scale 1x1 --mode 2560x1440" else "exec xrandr --output ${displayBuiltInOutput} --off --output DP1 --scale 1x1 --mode 2560x1440";
|
||||
"o" = "exec xrandr --output DP2 --primary --mode 3840x2160 --scale 0.65x0.65 --output ${displayBuiltInOutput} --off";
|
||||
|
||||
# Mirror
|
||||
|
|
|
@ -13,7 +13,7 @@ let
|
|||
xinput --set-prop bcm5974 'libinput Natural Scrolling Enabled' 1
|
||||
'';
|
||||
initExtraHikari2 = ''
|
||||
xrandr --auto --brightness 1
|
||||
xrandr --auto --output eDP-1 --brightness 1
|
||||
|
||||
# Enable tapping instead of phsyical click
|
||||
xinput --set-prop 'DELL07E6:00 06CB:76AF Touchpad' 'libinput Tapping Enabled' 1
|
||||
|
@ -21,13 +21,19 @@ let
|
|||
# Use natural scrolling for trackpad
|
||||
xinput --set-prop 'DELL07E6:00 06CB:76AF Touchpad' 'libinput Natural Scrolling Enabled' 1
|
||||
'';
|
||||
initExtraHikari3 = ''
|
||||
xrandr --auto --output eDP-1 --brightness 1
|
||||
|
||||
# Use natural scrolling for trackpad
|
||||
xinput --set-prop 'PIXA3854:00 093A:0274 Touchpad' 'libinput Natural Scrolling Enabled' 1
|
||||
'';
|
||||
in {
|
||||
xsession = {
|
||||
enable = true;
|
||||
|
||||
numlock.enable = true;
|
||||
|
||||
initExtra = (if hostName == "hikari" then initExtraHikari else initExtraHikari2) + ''
|
||||
initExtra = (if hostName == "hikari" then initExtraHikari else (if hostName == "hikari3" then initExtraHikari3 else initExtraHikari2)) + ''
|
||||
# Set backlight of output
|
||||
xbacklight -set 25
|
||||
|
||||
|
|
|
@ -18,7 +18,6 @@ in {
|
|||
./projects/private.nix
|
||||
./projects/service-wrapper.nix
|
||||
./projects/typo3.nix
|
||||
./projects/customer.nix
|
||||
|
||||
];
|
||||
|
||||
|
|
13
systems/hikari3/cachix.nix
Normal file
13
systems/hikari3/cachix.nix
Normal file
|
@ -0,0 +1,13 @@
|
|||
|
||||
# WARN: this file will get overwritten by $ cachix use <name>
|
||||
{ pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
folder = ./cachix;
|
||||
toImport = name: value: folder + ("/" + name);
|
||||
filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key;
|
||||
imports = lib.mapAttrsToList toImport (lib.filterAttrs filterCaches (builtins.readDir folder));
|
||||
in {
|
||||
inherit imports;
|
||||
nix.settings.substituters = ["https://cache.nixos.org/"];
|
||||
}
|
13
systems/hikari3/cachix/fossar.nix
Normal file
13
systems/hikari3/cachix/fossar.nix
Normal file
|
@ -0,0 +1,13 @@
|
|||
|
||||
{
|
||||
nix = {
|
||||
settings = {
|
||||
substituters = [
|
||||
"https://fossar.cachix.org"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"fossar.cachix.org-1:Zv6FuqIboeHPWQS7ysLCJ7UT7xExb4OE8c4LyGb5AsE="
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
146
systems/hikari3/configuration.nix
Normal file
146
systems/hikari3/configuration.nix
Normal file
|
@ -0,0 +1,146 @@
|
|||
# Edit this configuration file to define what should be installed on
|
||||
# your system. help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
|
||||
./cachix.nix
|
||||
|
||||
./web-development
|
||||
];
|
||||
|
||||
# Bootloader.
|
||||
boot = {
|
||||
loader = {
|
||||
systemd-boot.enable = true;
|
||||
efi.canTouchEfiVariables = true;
|
||||
};
|
||||
|
||||
initrd.luks.devices."luks-ac06ecd4-7548-4807-a9c9-a616f8219e5f".device = "/dev/disk/by-uuid/ac06ecd4-7548-4807-a9c9-a616f8219e5f";
|
||||
};
|
||||
networking = {
|
||||
hostName = "hikari3";
|
||||
extraHosts = builtins.readFile ./files/hosts;
|
||||
# wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||
|
||||
# Configure network proxy if necessary
|
||||
# proxy.default = "http://user:password@proxy:port/";
|
||||
# proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
||||
|
||||
# Enable networking
|
||||
networkmanager.enable = true;
|
||||
};
|
||||
|
||||
# Set your time zone.
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
# Select internationalisation properties.
|
||||
i18n = {
|
||||
defaultLocale = "en_US.UTF-8";
|
||||
|
||||
extraLocaleSettings = {
|
||||
LC_ADDRESS = "de_DE.UTF-8";
|
||||
LC_IDENTIFICATION = "de_DE.UTF-8";
|
||||
LC_MEASUREMENT = "de_DE.UTF-8";
|
||||
LC_MONETARY = "de_DE.UTF-8";
|
||||
LC_NAME = "de_DE.UTF-8";
|
||||
LC_NUMERIC = "de_DE.UTF-8";
|
||||
LC_PAPER = "de_DE.UTF-8";
|
||||
LC_TELEPHONE = "de_DE.UTF-8";
|
||||
LC_TIME = "de_DE.UTF-8";
|
||||
};
|
||||
};
|
||||
|
||||
documentation = {
|
||||
dev.enable = false;
|
||||
doc.enable = false;
|
||||
info.enable = false;
|
||||
man.enable = true;
|
||||
nixos.enable = true;
|
||||
};
|
||||
|
||||
programs = {
|
||||
# Enable network manager applet
|
||||
nm-applet.enable = true;
|
||||
dconf.enable = true;
|
||||
};
|
||||
|
||||
services = {
|
||||
# Enable the X11 windowing system.
|
||||
xserver = {
|
||||
enable = true;
|
||||
displayManager.lightdm.enable = true;
|
||||
desktopManager.lxqt.enable = true;
|
||||
|
||||
# Configure keymap in X11
|
||||
xkb = {
|
||||
layout = "us";
|
||||
variant = "";
|
||||
};
|
||||
};
|
||||
|
||||
# Enable automatic login for the user.
|
||||
displayManager.autoLogin = {
|
||||
enable = true;
|
||||
user = "daniels";
|
||||
};
|
||||
};
|
||||
|
||||
# Enable sound with pipewire.
|
||||
sound.enable = true;
|
||||
# sound.mediaKeys.enable = true;
|
||||
hardware.pulseaudio.enable = false;
|
||||
security.rtkit.enable = true;
|
||||
services.pipewire = {
|
||||
enable = true;
|
||||
alsa.enable = true;
|
||||
alsa.support32Bit = true;
|
||||
pulse.enable = true;
|
||||
};
|
||||
|
||||
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||||
users.users.daniels = {
|
||||
isNormalUser = true;
|
||||
description = "Daniel Siepmann";
|
||||
extraGroups = [ "networkmanager" "wheel" ];
|
||||
packages = with pkgs; [
|
||||
i3lock
|
||||
xsel
|
||||
];
|
||||
};
|
||||
|
||||
virtualisation.containers = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
# List packages installed in system profile. To search, run:
|
||||
# $ nix search wget
|
||||
environment.systemPackages = with pkgs; [
|
||||
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
|
||||
git
|
||||
xorg.xbacklight
|
||||
openfortivpn
|
||||
lxqt.pavucontrol-qt
|
||||
];
|
||||
|
||||
environment.variables = {
|
||||
EDITOR = "vim";
|
||||
};
|
||||
|
||||
security = {
|
||||
sudo.execWheelOnly = true;
|
||||
};
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||
# this value at the release version of the first install of this system.
|
||||
# Before changing this value read the documentation for this option
|
||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "23.11"; # Did you read the comment?
|
||||
|
||||
}
|
BIN
systems/hikari3/files/hosts
Normal file
BIN
systems/hikari3/files/hosts
Normal file
Binary file not shown.
48
systems/hikari3/hardware-configuration.nix
Normal file
48
systems/hikari3/hardware-configuration.nix
Normal file
|
@ -0,0 +1,48 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
<nixos-hardware/framework/13-inch/7040-amd>
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot = {
|
||||
initrd = {
|
||||
availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "uas" "sd_mod" ];
|
||||
kernelModules = [ ];
|
||||
};
|
||||
kernelModules = [ "kvm-amd" ];
|
||||
extraModulePackages = [ ];
|
||||
};
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/dd7cefcc-8920-4c3d-9559-962a3a584498";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices."luks-ddc87566-6172-4909-987e-8600b96a41c2".device = "/dev/disk/by-uuid/ddc87566-6172-4909-987e-8600b96a41c2";
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/E402-2F77";
|
||||
fsType = "vfat";
|
||||
options = [ "fmask=0022" "dmask=0022" ];
|
||||
};
|
||||
|
||||
swapDevices = [
|
||||
{ device = "/dev/disk/by-uuid/877afecd-5cdb-452d-82d2-2fb0823d2879"; }
|
||||
];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp193s0f3u2.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
35
systems/hikari3/readme.rst
Normal file
35
systems/hikari3/readme.rst
Normal file
|
@ -0,0 +1,35 @@
|
|||
nixos for hikari
|
||||
================
|
||||
|
||||
Hikari is my old MacBook Air.
|
||||
It runs NixOS.
|
||||
|
||||
I'm using that machine to migrate my existing Ubuntu Setup to NixOS in order to replace Ubuntu in the future.
|
||||
And I use this Setup for my personal use.
|
||||
|
||||
Installation
|
||||
------------
|
||||
|
||||
Update to nixpkgs unstable via:
|
||||
|
||||
nix-channel --add https://nixos.org/channels/nixos-unstable nixos
|
||||
nix-channel --update
|
||||
|
||||
See: https://nixos.wiki/wiki/Nix_channels
|
||||
|
||||
I also need older php versions:
|
||||
|
||||
nix-channel --add https://github.com/fossar/nix-phps/archive/master.tar.gz phps
|
||||
nix-channel --update
|
||||
|
||||
Add hardware channel:
|
||||
|
||||
nix-channel --add https://github.com/NixOS/nixos-hardware/archive/master.tar.gz nixos-hardware
|
||||
nix-channel --update
|
||||
|
||||
See: https://github.com/NixOS/nixos-hardware
|
||||
|
||||
TODOs
|
||||
-----
|
||||
|
||||
* Add docker-compose for Elasticsearch, proxy, solr.
|
134
systems/hikari3/web-development/default.nix
Normal file
134
systems/hikari3/web-development/default.nix
Normal file
|
@ -0,0 +1,134 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
|
||||
let
|
||||
|
||||
mysqlEnsurePermissionsForDevUser = builtins.listToAttrs (
|
||||
map (databaseName: {
|
||||
name = "${databaseName}.*";
|
||||
value = "ALL PRIVILEGES";
|
||||
})
|
||||
config.custom.web-development.databases
|
||||
);
|
||||
|
||||
in {
|
||||
imports = [
|
||||
|
||||
./lib/mkcert.nix
|
||||
|
||||
./projects/service-wrapper.nix
|
||||
./projects/typo3.nix
|
||||
./projects/customer/sa-sa.nix
|
||||
./projects/customer/reu-reu.nix
|
||||
./projects/customer/wm-interdaf.nix
|
||||
./projects/customer/wm-sozio.nix
|
||||
|
||||
];
|
||||
|
||||
options = {
|
||||
|
||||
custom.web-development = {
|
||||
rootPath = lib.mkOption {
|
||||
type = lib.types.path;
|
||||
default = "/var/projects";
|
||||
description = ''
|
||||
The root folder where web development happens.
|
||||
All Projects need to be placed within this folder.
|
||||
'';
|
||||
};
|
||||
databases = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.nonEmptyStr;
|
||||
default = [];
|
||||
example = lib.literalExpression "[namespace_project namespace2_project1]";
|
||||
description = ''
|
||||
A list of all necessary databases.
|
||||
Used to create the databases and grant permissions.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = {
|
||||
|
||||
services = {
|
||||
httpd = {
|
||||
enable = true;
|
||||
|
||||
user = "daniels";
|
||||
|
||||
adminAddr = "apache@hikari.localhost";
|
||||
|
||||
extraModules = [
|
||||
"info"
|
||||
"rewrite"
|
||||
"proxy"
|
||||
"proxy_fcgi"
|
||||
];
|
||||
|
||||
virtualHosts."localhost".locations."/server-info" = {
|
||||
extraConfig = ''
|
||||
SetHandler server-info
|
||||
Require local
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
mysql = {
|
||||
enable = true;
|
||||
|
||||
package = pkgs.mariadb;
|
||||
|
||||
ensureUsers = [
|
||||
{
|
||||
name = "daniels";
|
||||
ensurePermissions = {
|
||||
"*.*" = "ALL PRIVILEGES";
|
||||
};
|
||||
}
|
||||
{
|
||||
# INITIALLY once change dev user to be identified by password
|
||||
# alter user dev@localhost IDENTIFIED VIA mysql_native_password USING PASSWORD('dev');
|
||||
name = "testing";
|
||||
ensurePermissions = {
|
||||
"*.*" = "ALL PRIVILEGES";
|
||||
};
|
||||
}
|
||||
{
|
||||
# INITIALLY once change dev user to be identified by password
|
||||
# alter user dev@localhost IDENTIFIED VIA mysql_native_password USING PASSWORD('dev');
|
||||
name = "dev";
|
||||
ensurePermissions = mysqlEnsurePermissionsForDevUser;
|
||||
}
|
||||
];
|
||||
|
||||
ensureDatabases = [
|
||||
"testing" # Used by TYPO3 functional tests
|
||||
"testing_at" # Used by TYPO3 Acceptance tests
|
||||
] ++ config.custom.web-development.databases;
|
||||
|
||||
settings = {
|
||||
mysqld = {
|
||||
# sql_mode = "SRTICT_TRANS_TABLES;NO_ZERO_IN_DATE;NO_ZERO_DATE;ERROR_FOR_DIVISION_BY_ZERO;NO_ENGINE_SUBSTITUTION";
|
||||
general_log = true;
|
||||
general_log_file = "/var/lib/mysql/query.log";
|
||||
|
||||
# slow_query_log = true;
|
||||
# slow_query_log_file = "/var/lib/mysql/slow_query.log";
|
||||
# long_query_time = 1;
|
||||
|
||||
bind-address = "127.0.0.1";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
# TODO: Improve handling of TYPO3 global configuration
|
||||
# Current issue: The files are copied once.
|
||||
# Changes are not reflected until reboot?
|
||||
# I can edit the copied files, but need to keep files in sync.
|
||||
"C ${config.custom.web-development.rootPath}/own/typo3-configuration - - - - ${config.users.users.daniels.home}/.config/nixpkgs/home/files/typo3-configuration"
|
||||
];
|
||||
|
||||
};
|
||||
}
|
30
systems/hikari3/web-development/lib/create-static.nix
Normal file
30
systems/hikari3/web-development/lib/create-static.nix
Normal file
|
@ -0,0 +1,30 @@
|
|||
{
|
||||
config
|
||||
, domain
|
||||
, relativeDocumentRoot
|
||||
}:
|
||||
|
||||
let
|
||||
documentRoot = "${config.custom.web-development.rootPath}/${relativeDocumentRoot}";
|
||||
in {
|
||||
services = {
|
||||
|
||||
httpd.virtualHosts.${domain} = {
|
||||
forceSSL = true;
|
||||
sslServerCert = "${config.custom.web-development.certFolder}${domain}.pem";
|
||||
sslServerKey = "${config.custom.web-development.certFolder}${domain}-key.pem";
|
||||
|
||||
inherit documentRoot;
|
||||
|
||||
extraConfig = ''
|
||||
<Directory ${documentRoot}>
|
||||
AllowOverride All
|
||||
Require all granted
|
||||
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
|
||||
DirectoryIndex index.html Index.html
|
||||
</Directory>
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
}
|
129
systems/hikari3/web-development/lib/create-typo3.nix
Normal file
129
systems/hikari3/web-development/lib/create-typo3.nix
Normal file
|
@ -0,0 +1,129 @@
|
|||
{
|
||||
config
|
||||
, lib
|
||||
, pkgs
|
||||
, domain
|
||||
, relativeDocumentRoot
|
||||
, databaseName
|
||||
, php
|
||||
}:
|
||||
|
||||
let
|
||||
|
||||
documentRoot = "${config.custom.web-development.rootPath}/${relativeDocumentRoot}";
|
||||
|
||||
phpPackage = php.buildEnv {
|
||||
extensions = { enabled, all }: enabled ++ (with all; [
|
||||
xdebug
|
||||
]);
|
||||
extraConfig = ''
|
||||
max_execution_time = 240
|
||||
max_input_vars = 1500
|
||||
|
||||
display_errors = 1
|
||||
error_reporting = E_ALL
|
||||
|
||||
xdebug.mode = debug
|
||||
xdebug.max_nesting_level = 400
|
||||
'';
|
||||
};
|
||||
|
||||
in {
|
||||
custom.web-development = {
|
||||
|
||||
databases = [databaseName];
|
||||
|
||||
};
|
||||
|
||||
services = {
|
||||
|
||||
httpd.virtualHosts.${domain} = {
|
||||
forceSSL = true;
|
||||
sslServerCert = "${config.custom.web-development.certFolder}${domain}.pem";
|
||||
sslServerKey = "${config.custom.web-development.certFolder}${domain}-key.pem";
|
||||
|
||||
inherit documentRoot;
|
||||
|
||||
extraConfig = ''
|
||||
<Directory ${documentRoot}>
|
||||
AllowOverride None
|
||||
Require all granted
|
||||
DirectoryIndex index.php
|
||||
|
||||
RewriteEngine On
|
||||
|
||||
# Store the current location in an environment variable CWD to use
|
||||
# mod_rewrite in .htaccess files without knowing the RewriteBase
|
||||
RewriteCond $0#%{REQUEST_URI} ([^#]*)#(.*)\1$
|
||||
RewriteRule ^.*$ - [E=CWD:%2]
|
||||
|
||||
# Rule for versioned static files, configured through:
|
||||
# - $GLOBALS['TYPO3_CONF_VARS']['BE']['versionNumberInFilename']
|
||||
# - $GLOBALS['TYPO3_CONF_VARS']['FE']['versionNumberInFilename']
|
||||
# IMPORTANT: This rule has to be the very first RewriteCond in order to work!
|
||||
RewriteCond %{REQUEST_FILENAME} !-f
|
||||
RewriteCond %{REQUEST_FILENAME} !-d
|
||||
RewriteRule ^(.+)\.(\d+)\.(php|js|css|png|jpg|gif|gzip)$ %{ENV:CWD}$1.$3 [L]
|
||||
|
||||
# Access block for folders
|
||||
RewriteRule _(?:recycler|temp)_/ - [F]
|
||||
RewriteRule fileadmin/templates/.*\.(?:txt|ts)$ - [F]
|
||||
RewriteRule ^(?:vendor|typo3_src|typo3temp/var) - [F]
|
||||
RewriteRule (?:typo3conf/ext|typo3/sysext|typo3/ext)/[^/]+/(?:Configuration|Resources/Private|Tests?|Documentation|docs?)/ - [F]
|
||||
|
||||
# Block access to all hidden files and directories with the exception of
|
||||
# the visible content from within the `/.well-known/` hidden directory (RFC 5785).
|
||||
RewriteCond %{REQUEST_URI} "!(^|/)\.well-known/([^./]+./?)+$" [NC]
|
||||
RewriteCond %{SCRIPT_FILENAME} -d [OR]
|
||||
RewriteCond %{SCRIPT_FILENAME} -f
|
||||
RewriteRule (?:^|/)\. - [F]
|
||||
|
||||
# Stop rewrite processing, if we are in any other known directory
|
||||
# NOTE: Add your additional local storages here
|
||||
RewriteRule ^(?:fileadmin/|typo3conf/|typo3temp/|uploads/) - [L]
|
||||
|
||||
# If the file/symlink/directory does not exist but is below /typo3/, redirect to the TYPO3 Backend entry point.
|
||||
RewriteCond %{REQUEST_FILENAME} !-f
|
||||
RewriteCond %{REQUEST_FILENAME} !-d
|
||||
RewriteCond %{REQUEST_FILENAME} !-l
|
||||
RewriteCond %{REQUEST_URI} ^/typo3/.*$
|
||||
RewriteRule ^typo3/(.*)$ %{ENV:CWD}typo3/index.php [QSA,L]
|
||||
|
||||
# If the file/symlink/directory does not exist => Redirect to index.php.
|
||||
# For httpd.conf, you need to prefix each '%{REQUEST_FILENAME}' with '%{DOCUMENT_ROOT}'.
|
||||
RewriteCond %{REQUEST_FILENAME} !-f
|
||||
RewriteCond %{REQUEST_FILENAME} !-d
|
||||
RewriteCond %{REQUEST_FILENAME} !-l
|
||||
RewriteRule ^.*$ %{ENV:CWD}index.php [QSA,L]
|
||||
</Directory>
|
||||
|
||||
<FilesMatch "\.php$">
|
||||
SetHandler "proxy:unix:${config.services.phpfpm.pools."${domain}".socket}|fcgi://${domain}/"
|
||||
</FilesMatch>
|
||||
'';
|
||||
};
|
||||
|
||||
phpfpm.pools.${domain} = {
|
||||
inherit (config.services.httpd) user group;
|
||||
inherit phpPackage;
|
||||
|
||||
settings = {
|
||||
"listen.owner" = config.services.httpd.user;
|
||||
"listen.group" = config.services.httpd.group;
|
||||
"pm" = "ondemand";
|
||||
"pm.max_children" = 15;
|
||||
};
|
||||
|
||||
phpEnv = {
|
||||
TYPO3_ADDITIONAL_CONFIGURATION = "/var/projects/own/typo3-configuration/AdditionalConfiguration.inc.php";
|
||||
TYPO3_DATABASE = databaseName;
|
||||
TYPO3_CONTEXT = "Development/dsiepmann";
|
||||
TYPO3_BASE = "https://${domain}/";
|
||||
|
||||
# Used via TYPO3 API, expose
|
||||
IMAGEMAGICK_PATH = lib.makeBinPath [ pkgs.imagemagick ] + "/";
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
}
|
53
systems/hikari3/web-development/lib/mkcert.nix
Normal file
53
systems/hikari3/web-development/lib/mkcert.nix
Normal file
|
@ -0,0 +1,53 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
|
||||
let
|
||||
certFolder = "/var/projects/own/mkcert";
|
||||
|
||||
domains = builtins.concatStringsSep " " (
|
||||
map (domain: "\"${domain}\"") (
|
||||
builtins.attrNames config.services.httpd.virtualHosts
|
||||
)
|
||||
);
|
||||
|
||||
custom-generate-certs = pkgs.writeShellApplication {
|
||||
name = "custom-generate-certs";
|
||||
|
||||
runtimeInputs = [
|
||||
pkgs.mkcert
|
||||
];
|
||||
|
||||
text = ''
|
||||
mkdir -p ${certFolder}
|
||||
pushd ${certFolder}
|
||||
declare -a domains=(${domains})
|
||||
for domain in "''${domains[@]}"
|
||||
do
|
||||
CAROOT="${certFolder}" mkcert "$domain"
|
||||
done
|
||||
'';
|
||||
};
|
||||
in {
|
||||
options = {
|
||||
custom.web-development = {
|
||||
certFolder = lib.mkOption {
|
||||
type = lib.types.path;
|
||||
default = "${config.custom.web-development.rootPath}/own/mkcert/";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
|
||||
# TODO: Run once before httpd service starts?
|
||||
environment.systemPackages = [
|
||||
custom-generate-certs
|
||||
];
|
||||
|
||||
# NOTE: Disable until root certificate is generated, then add again
|
||||
# Maybe check for file existense and throw proper error message?
|
||||
security.pki.certificates = [
|
||||
(builtins.readFile "${config.custom.web-development.certFolder}rootCA.pem")
|
||||
];
|
||||
|
||||
};
|
||||
}
|
BIN
systems/hikari3/web-development/projects/customer/reu-reu.nix
Normal file
BIN
systems/hikari3/web-development/projects/customer/reu-reu.nix
Normal file
Binary file not shown.
BIN
systems/hikari3/web-development/projects/customer/sa-sa.nix
Normal file
BIN
systems/hikari3/web-development/projects/customer/sa-sa.nix
Normal file
Binary file not shown.
Binary file not shown.
BIN
systems/hikari3/web-development/projects/customer/wm-sozio.nix
Normal file
BIN
systems/hikari3/web-development/projects/customer/wm-sozio.nix
Normal file
Binary file not shown.
13
systems/hikari3/web-development/projects/private.nix
Normal file
13
systems/hikari3/web-development/projects/private.nix
Normal file
|
@ -0,0 +1,13 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
|
||||
let
|
||||
|
||||
php = pkgs.php83;
|
||||
|
||||
in import ./../lib/create-typo3.nix {
|
||||
inherit config lib pkgs php;
|
||||
|
||||
domain = "daniel-siepmann.own.localhost";
|
||||
relativeDocumentRoot = "own/daniel-siepmann/project/public/";
|
||||
databaseName = "own_danielsiepmann";
|
||||
}
|
28
systems/hikari3/web-development/projects/service-wrapper.nix
Normal file
28
systems/hikari3/web-development/projects/service-wrapper.nix
Normal file
|
@ -0,0 +1,28 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
|
||||
let
|
||||
domain = "mailhog.localhost";
|
||||
in {
|
||||
services = {
|
||||
|
||||
httpd.virtualHosts.${domain} = {
|
||||
forceSSL = true;
|
||||
sslServerCert = "${config.custom.web-development.certFolder}${domain}.pem";
|
||||
sslServerKey = "${config.custom.web-development.certFolder}${domain}-key.pem";
|
||||
|
||||
extraConfig = ''
|
||||
RequestHeader unset Authorization
|
||||
ProxyRequests Off
|
||||
ProxyPreserveHost On
|
||||
ProxyPass / http://localhost:8025/
|
||||
ProxyPassReverse / http://localhost:8025/
|
||||
|
||||
# Mailhog specific
|
||||
<LocationMatch /api/v2/websocket>
|
||||
ProxyPass ws://localhost:8025/api/v2/websocket
|
||||
</LocationMatch>
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
}
|
8
systems/hikari3/web-development/projects/typo3.nix
Normal file
8
systems/hikari3/web-development/projects/typo3.nix
Normal file
|
@ -0,0 +1,8 @@
|
|||
{ lib, config, ... }:
|
||||
|
||||
import ./../lib/create-static.nix {
|
||||
inherit config;
|
||||
|
||||
domain = "tea-docs.typo3.localhost";
|
||||
relativeDocumentRoot = "typo3/tea/Documentation-GENERATED-temp/Result/project/0.0.0/";
|
||||
}
|
Loading…
Reference in a new issue