diff --git a/.gitattributes b/.gitattributes index aeda6bf..f18b823 100644 --- a/.gitattributes +++ b/.gitattributes @@ -12,4 +12,5 @@ systems/hikari/files/hosts filter=git-crypt diff=git-crypt systems/hikari/web-development/projects/customer.nix filter=git-crypt diff=git-crypt systems/hikari3/files/hosts filter=git-crypt diff=git-crypt systems/hikari3/web-development/projects/customer.nix filter=git-crypt diff=git-crypt +systems/hikari3/web-development/projects/customer/* filter=git-crypt diff=git-crypt projects/** filter=git-crypt diff=git-crypt diff --git a/home/files/typo3-configuration/SystemSettings.php b/home/files/typo3-configuration/SystemSettings.php index 615a9aa..bb5287f 100644 --- a/home/files/typo3-configuration/SystemSettings.php +++ b/home/files/typo3-configuration/SystemSettings.php @@ -48,6 +48,10 @@ $GLOBALS['TYPO3_CONF_VARS']['BE']['versionNumberInFilename'] = false; $GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'] = '$1$eItwKedf$13XVDVlAwXXMvO4DKw/YQ0'; +if (getenv('GIT_PATH')) { + $GLOBALS['TYPO3_CONF_VARS']['SYS']['binSetup'] = 'git=' . getenv('GIT_PATH') . '/git'; +} + $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'] = '*.localhost DEVELOPMENT'; if (isset($GLOBALS['_SERVER']['HTTP_HOST'])) { $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'] = $GLOBALS['_SERVER']['HTTP_HOST'] . ' DEVELOPMENT'; diff --git a/home/home.nix b/home/home.nix index 5bebd66..e34bce7 100644 --- a/home/home.nix +++ b/home/home.nix @@ -1,7 +1,6 @@ { config ,pkgs - ,hostName ,... }: @@ -84,9 +83,7 @@ in { TYPO3_CONTEXT = "Development/dsiepmann"; TYPO3_ADDITIONAL_CONFIGURATION = "${config.xdg.dataHome}/typo3-configuration/AdditionalConfiguration.inc.php"; - } // (if hostName == "hikari" then { - } else { - }); + }; shellAliases = { ll = "ls -laphv --color=auto"; diff --git a/home/packages.nix b/home/packages.nix index 11d9010..0df0067 100644 --- a/home/packages.nix +++ b/home/packages.nix @@ -81,7 +81,7 @@ unzip gtk-engine-murrine - ] ++ (if hostName == "hikari" then [ + ] ++ (if hostName == "hikari2" then [ # hikari acpilight # Used to support xbacklight @@ -91,6 +91,10 @@ # Needs to be installed by ubuntu on ubuntu, therefore only add on hikari sound-juicer + ] else (if hostName == "hikari3" then [ + # hikari 3 + (callPackage ./packages/custom/update-nixos-system { }) + (callPackage ./packages/custom/vpn-reuter-dynamics { }) ] else [ # hikari 2 @@ -98,5 +102,5 @@ # TODO: Right now only for Ubuntu (hikari2) system (callPackage ./packages/custom/backup { }) (callPackage ./packages/custom/vpn-reuter-dynamics { }) - ]); + ])); } diff --git a/home/packages/custom/project/default.nix b/home/packages/custom/project/default.nix index 69ac68b..580d809 100644 --- a/home/packages/custom/project/default.nix +++ b/home/packages/custom/project/default.nix @@ -7,8 +7,8 @@ let - positionOfCustomerName = if hostName == "hikari" then "5" else "7"; - mysqlUser = if hostName == "hikari" then "-u daniels" else ""; + positionOfCustomerName = if hostName == "hikari" then "5" else "6"; + mysqlUser = if hostName == "hikari2" then "" else "-u daniels"; in writeShellApplication { name = "custom-project"; diff --git a/home/packages/custom/zcat-progress/default.nix b/home/packages/custom/zcat-progress/default.nix index fe3b9c1..95af686 100644 --- a/home/packages/custom/zcat-progress/default.nix +++ b/home/packages/custom/zcat-progress/default.nix @@ -12,6 +12,10 @@ writeShellApplication { gzip ]; + # It might be necessary to execute: + # s/utf8mb4_0900_ai_ci/utf8mb4_unicode_520_ci/g + # As MariaDB has other collations as MySQL + text = '' zcat "$1" | pv -s "$(gzip -dc "$1" | wc -c)" ''; diff --git a/home/windowManager/i3.nix b/home/windowManager/i3.nix index c1a51a8..d5d1cc9 100644 --- a/home/windowManager/i3.nix +++ b/home/windowManager/i3.nix @@ -11,11 +11,13 @@ let inherit(config.xsession.windowManager.i3.config) modifier; - soundSwitcherForHikari2 = if hostName == "hikari" then "" else "-D pulse"; + soundSwitcher = if hostName == "hikari2" then "-D pulse" else ""; keyboardBrightnessDevice = if hostName == "hikari" then "--device smc::kbd_backlight" else ""; displayBrightnessDevice = if hostName == "hikari" then "--device acpi_video0" else ""; - displayBuiltInOutput = if hostName == "hikari" then "eDP-1" else "eDP1"; - displayDefaults = if hostName == "hikari" then "--output ${displayBuiltInOutput} --mode 1366x768 --scale 1.25x1.25" else ""; + displayBuiltInOutput = if hostName == "hikari1" then "eDPI" else "eDP-1"; + displayDefaults = if hostName == "hikari" then "--output ${displayBuiltInOutput} --mode 1366x768 --scale 1.25x1.25" else ( + if hostName == "hikari3" then "--output ${displayBuiltInOutput} --scale 0.75x0.75" else "" + ); in { xsession.windowManager.i3 = { enable = true; @@ -300,9 +302,9 @@ in { "XF86AudioPlay" = "exec cmus-remote --pause"; "XF86AudioPrev" = "exec cmus-remote --prev"; "XF86AudioNext" = "exec cmus-remote --next"; - "XF86AudioMute" = "exec \"amixer ${soundSwitcherForHikari2} sset Master 0\""; - "XF86AudioRaiseVolume" = "exec \"amixer ${soundSwitcherForHikari2} sset Master 5%+\""; - "XF86AudioLowerVolume" = "exec \"amixer ${soundSwitcherForHikari2} sset Master 5%-\""; + "XF86AudioMute" = "exec \"amixer ${soundSwitcher} -q set Master toggle\""; + "XF86AudioRaiseVolume" = "exec \"amixer ${soundSwitcher} sset Master 5%+\""; + "XF86AudioLowerVolume" = "exec \"amixer ${soundSwitcher} sset Master 5%-\""; # Switch sound device: # https://askubuntu.com/a/72076/491377 @@ -362,7 +364,8 @@ in { displays = { "a" = "exec xrandr --auto ${displayDefaults} && ${pkgs.brightnessctl}/bin/brightnessctl --device ${displayBrightnessDevice} s 10;"; "e" = "exec xrandr --auto --output ${displayBuiltInOutput} --off"; - "h" = "exec xrandr --output ${displayBuiltInOutput} --off --output DP1 --scale 1x1 --mode 2560x1440"; + + "h" = if hostName == "hikari3" then "exec xrandr --output ${displayBuiltInOutput} --off --output DP-3 --scale 1x1 --mode 2560x1440" else "exec xrandr --output ${displayBuiltInOutput} --off --output DP1 --scale 1x1 --mode 2560x1440"; "o" = "exec xrandr --output DP2 --primary --mode 3840x2160 --scale 0.65x0.65 --output ${displayBuiltInOutput} --off"; # Mirror diff --git a/home/xsession.nix b/home/xsession.nix index 26cc658..aee1171 100644 --- a/home/xsession.nix +++ b/home/xsession.nix @@ -13,7 +13,7 @@ let xinput --set-prop bcm5974 'libinput Natural Scrolling Enabled' 1 ''; initExtraHikari2 = '' - xrandr --auto --brightness 1 + xrandr --auto --output eDP-1 --brightness 1 # Enable tapping instead of phsyical click xinput --set-prop 'DELL07E6:00 06CB:76AF Touchpad' 'libinput Tapping Enabled' 1 @@ -21,13 +21,19 @@ let # Use natural scrolling for trackpad xinput --set-prop 'DELL07E6:00 06CB:76AF Touchpad' 'libinput Natural Scrolling Enabled' 1 ''; + initExtraHikari3 = '' + xrandr --auto --output eDP-1 --brightness 1 + + # Use natural scrolling for trackpad + xinput --set-prop 'PIXA3854:00 093A:0274 Touchpad' 'libinput Natural Scrolling Enabled' 1 + ''; in { xsession = { enable = true; numlock.enable = true; - initExtra = (if hostName == "hikari" then initExtraHikari else initExtraHikari2) + '' + initExtra = (if hostName == "hikari" then initExtraHikari else (if hostName == "hikari3" then initExtraHikari3 else initExtraHikari2)) + '' # Set backlight of output xbacklight -set 25 diff --git a/systems/hikari/web-development/default.nix b/systems/hikari/web-development/default.nix index ef063ca..0d54fa9 100644 --- a/systems/hikari/web-development/default.nix +++ b/systems/hikari/web-development/default.nix @@ -18,7 +18,6 @@ in { ./projects/private.nix ./projects/service-wrapper.nix ./projects/typo3.nix - ./projects/customer.nix ]; diff --git a/systems/hikari3/cachix.nix b/systems/hikari3/cachix.nix new file mode 100644 index 0000000..ecd2d39 --- /dev/null +++ b/systems/hikari3/cachix.nix @@ -0,0 +1,13 @@ + +# WARN: this file will get overwritten by $ cachix use +{ pkgs, lib, ... }: + +let + folder = ./cachix; + toImport = name: value: folder + ("/" + name); + filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key; + imports = lib.mapAttrsToList toImport (lib.filterAttrs filterCaches (builtins.readDir folder)); +in { + inherit imports; + nix.settings.substituters = ["https://cache.nixos.org/"]; +} diff --git a/systems/hikari3/cachix/fossar.nix b/systems/hikari3/cachix/fossar.nix new file mode 100644 index 0000000..0e266e4 --- /dev/null +++ b/systems/hikari3/cachix/fossar.nix @@ -0,0 +1,13 @@ + +{ + nix = { + settings = { + substituters = [ + "https://fossar.cachix.org" + ]; + trusted-public-keys = [ + "fossar.cachix.org-1:Zv6FuqIboeHPWQS7ysLCJ7UT7xExb4OE8c4LyGb5AsE=" + ]; + }; + }; +} diff --git a/systems/hikari3/configuration.nix b/systems/hikari3/configuration.nix new file mode 100644 index 0000000..16db28b --- /dev/null +++ b/systems/hikari3/configuration.nix @@ -0,0 +1,146 @@ +# Edit this configuration file to define what should be installed on +# your system. help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = [ + ./hardware-configuration.nix + + ./cachix.nix + + ./web-development + ]; + + # Bootloader. + boot = { + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + + initrd.luks.devices."luks-ac06ecd4-7548-4807-a9c9-a616f8219e5f".device = "/dev/disk/by-uuid/ac06ecd4-7548-4807-a9c9-a616f8219e5f"; + }; + networking = { + hostName = "hikari3"; + extraHosts = builtins.readFile ./files/hosts; + # wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Configure network proxy if necessary + # proxy.default = "http://user:password@proxy:port/"; + # proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Enable networking + networkmanager.enable = true; + }; + + # Set your time zone. + time.timeZone = "Europe/Berlin"; + + # Select internationalisation properties. + i18n = { + defaultLocale = "en_US.UTF-8"; + + extraLocaleSettings = { + LC_ADDRESS = "de_DE.UTF-8"; + LC_IDENTIFICATION = "de_DE.UTF-8"; + LC_MEASUREMENT = "de_DE.UTF-8"; + LC_MONETARY = "de_DE.UTF-8"; + LC_NAME = "de_DE.UTF-8"; + LC_NUMERIC = "de_DE.UTF-8"; + LC_PAPER = "de_DE.UTF-8"; + LC_TELEPHONE = "de_DE.UTF-8"; + LC_TIME = "de_DE.UTF-8"; + }; + }; + + documentation = { + dev.enable = false; + doc.enable = false; + info.enable = false; + man.enable = true; + nixos.enable = true; + }; + + programs = { + # Enable network manager applet + nm-applet.enable = true; + dconf.enable = true; + }; + + services = { + # Enable the X11 windowing system. + xserver = { + enable = true; + displayManager.lightdm.enable = true; + desktopManager.lxqt.enable = true; + + # Configure keymap in X11 + xkb = { + layout = "us"; + variant = ""; + }; + }; + + # Enable automatic login for the user. + displayManager.autoLogin = { + enable = true; + user = "daniels"; + }; + }; + + # Enable sound with pipewire. + sound.enable = true; + # sound.mediaKeys.enable = true; + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.daniels = { + isNormalUser = true; + description = "Daniel Siepmann"; + extraGroups = [ "networkmanager" "wheel" ]; + packages = with pkgs; [ + i3lock + xsel + ]; + }; + + virtualisation.containers = { + enable = true; + }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + git + xorg.xbacklight + openfortivpn + lxqt.pavucontrol-qt + ]; + + environment.variables = { + EDITOR = "vim"; + }; + + security = { + sudo.execWheelOnly = true; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.11"; # Did you read the comment? + +} diff --git a/systems/hikari3/files/hosts b/systems/hikari3/files/hosts new file mode 100644 index 0000000..2932c42 Binary files /dev/null and b/systems/hikari3/files/hosts differ diff --git a/systems/hikari3/hardware-configuration.nix b/systems/hikari3/hardware-configuration.nix new file mode 100644 index 0000000..0298d08 --- /dev/null +++ b/systems/hikari3/hardware-configuration.nix @@ -0,0 +1,48 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ + + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + initrd = { + availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "uas" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ ]; + }; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/dd7cefcc-8920-4c3d-9559-962a3a584498"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."luks-ddc87566-6172-4909-987e-8600b96a41c2".device = "/dev/disk/by-uuid/ddc87566-6172-4909-987e-8600b96a41c2"; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/E402-2F77"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/877afecd-5cdb-452d-82d2-2fb0823d2879"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp193s0f3u2.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/systems/hikari3/readme.rst b/systems/hikari3/readme.rst new file mode 100644 index 0000000..be93e24 --- /dev/null +++ b/systems/hikari3/readme.rst @@ -0,0 +1,35 @@ +nixos for hikari +================ + +Hikari is my old MacBook Air. +It runs NixOS. + +I'm using that machine to migrate my existing Ubuntu Setup to NixOS in order to replace Ubuntu in the future. +And I use this Setup for my personal use. + +Installation +------------ + +Update to nixpkgs unstable via: + + nix-channel --add https://nixos.org/channels/nixos-unstable nixos + nix-channel --update + +See: https://nixos.wiki/wiki/Nix_channels + +I also need older php versions: + + nix-channel --add https://github.com/fossar/nix-phps/archive/master.tar.gz phps + nix-channel --update + +Add hardware channel: + + nix-channel --add https://github.com/NixOS/nixos-hardware/archive/master.tar.gz nixos-hardware + nix-channel --update + +See: https://github.com/NixOS/nixos-hardware + +TODOs +----- + +* Add docker-compose for Elasticsearch, proxy, solr. diff --git a/systems/hikari3/web-development/default.nix b/systems/hikari3/web-development/default.nix new file mode 100644 index 0000000..57709d5 --- /dev/null +++ b/systems/hikari3/web-development/default.nix @@ -0,0 +1,134 @@ +{ pkgs, config, lib, ... }: + +let + + mysqlEnsurePermissionsForDevUser = builtins.listToAttrs ( + map (databaseName: { + name = "${databaseName}.*"; + value = "ALL PRIVILEGES"; + }) + config.custom.web-development.databases + ); + +in { + imports = [ + + ./lib/mkcert.nix + + ./projects/service-wrapper.nix + ./projects/typo3.nix + ./projects/customer/sa-sa.nix + ./projects/customer/reu-reu.nix + ./projects/customer/wm-interdaf.nix + ./projects/customer/wm-sozio.nix + + ]; + + options = { + + custom.web-development = { + rootPath = lib.mkOption { + type = lib.types.path; + default = "/var/projects"; + description = '' + The root folder where web development happens. + All Projects need to be placed within this folder. + ''; + }; + databases = lib.mkOption { + type = lib.types.listOf lib.types.nonEmptyStr; + default = []; + example = lib.literalExpression "[namespace_project namespace2_project1]"; + description = '' + A list of all necessary databases. + Used to create the databases and grant permissions. + ''; + }; + }; + + }; + + config = { + + services = { + httpd = { + enable = true; + + user = "daniels"; + + adminAddr = "apache@hikari.localhost"; + + extraModules = [ + "info" + "rewrite" + "proxy" + "proxy_fcgi" + ]; + + virtualHosts."localhost".locations."/server-info" = { + extraConfig = '' + SetHandler server-info + Require local + ''; + }; + }; + + mysql = { + enable = true; + + package = pkgs.mariadb; + + ensureUsers = [ + { + name = "daniels"; + ensurePermissions = { + "*.*" = "ALL PRIVILEGES"; + }; + } + { + # INITIALLY once change dev user to be identified by password + # alter user dev@localhost IDENTIFIED VIA mysql_native_password USING PASSWORD('dev'); + name = "testing"; + ensurePermissions = { + "*.*" = "ALL PRIVILEGES"; + }; + } + { + # INITIALLY once change dev user to be identified by password + # alter user dev@localhost IDENTIFIED VIA mysql_native_password USING PASSWORD('dev'); + name = "dev"; + ensurePermissions = mysqlEnsurePermissionsForDevUser; + } + ]; + + ensureDatabases = [ + "testing" # Used by TYPO3 functional tests + "testing_at" # Used by TYPO3 Acceptance tests + ] ++ config.custom.web-development.databases; + + settings = { + mysqld = { + # sql_mode = "SRTICT_TRANS_TABLES;NO_ZERO_IN_DATE;NO_ZERO_DATE;ERROR_FOR_DIVISION_BY_ZERO;NO_ENGINE_SUBSTITUTION"; + general_log = true; + general_log_file = "/var/lib/mysql/query.log"; + + # slow_query_log = true; + # slow_query_log_file = "/var/lib/mysql/slow_query.log"; + # long_query_time = 1; + + bind-address = "127.0.0.1"; + }; + }; + }; + }; + + systemd.tmpfiles.rules = [ + # TODO: Improve handling of TYPO3 global configuration + # Current issue: The files are copied once. + # Changes are not reflected until reboot? + # I can edit the copied files, but need to keep files in sync. + "C ${config.custom.web-development.rootPath}/own/typo3-configuration - - - - ${config.users.users.daniels.home}/.config/nixpkgs/home/files/typo3-configuration" + ]; + + }; +} diff --git a/systems/hikari3/web-development/lib/create-static.nix b/systems/hikari3/web-development/lib/create-static.nix new file mode 100644 index 0000000..da16ec8 --- /dev/null +++ b/systems/hikari3/web-development/lib/create-static.nix @@ -0,0 +1,30 @@ +{ + config + , domain + , relativeDocumentRoot +}: + +let + documentRoot = "${config.custom.web-development.rootPath}/${relativeDocumentRoot}"; +in { + services = { + + httpd.virtualHosts.${domain} = { + forceSSL = true; + sslServerCert = "${config.custom.web-development.certFolder}${domain}.pem"; + sslServerKey = "${config.custom.web-development.certFolder}${domain}-key.pem"; + + inherit documentRoot; + + extraConfig = '' + + AllowOverride All + Require all granted + Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec + DirectoryIndex index.html Index.html + + ''; + }; + + }; +} diff --git a/systems/hikari3/web-development/lib/create-typo3.nix b/systems/hikari3/web-development/lib/create-typo3.nix new file mode 100644 index 0000000..1317f67 --- /dev/null +++ b/systems/hikari3/web-development/lib/create-typo3.nix @@ -0,0 +1,129 @@ +{ + config + , lib + , pkgs + , domain + , relativeDocumentRoot + , databaseName + , php +}: + +let + + documentRoot = "${config.custom.web-development.rootPath}/${relativeDocumentRoot}"; + + phpPackage = php.buildEnv { + extensions = { enabled, all }: enabled ++ (with all; [ + xdebug + ]); + extraConfig = '' + max_execution_time = 240 + max_input_vars = 1500 + + display_errors = 1 + error_reporting = E_ALL + + xdebug.mode = debug + xdebug.max_nesting_level = 400 + ''; + }; + +in { + custom.web-development = { + + databases = [databaseName]; + + }; + + services = { + + httpd.virtualHosts.${domain} = { + forceSSL = true; + sslServerCert = "${config.custom.web-development.certFolder}${domain}.pem"; + sslServerKey = "${config.custom.web-development.certFolder}${domain}-key.pem"; + + inherit documentRoot; + + extraConfig = '' + + AllowOverride None + Require all granted + DirectoryIndex index.php + + RewriteEngine On + + # Store the current location in an environment variable CWD to use + # mod_rewrite in .htaccess files without knowing the RewriteBase + RewriteCond $0#%{REQUEST_URI} ([^#]*)#(.*)\1$ + RewriteRule ^.*$ - [E=CWD:%2] + + # Rule for versioned static files, configured through: + # - $GLOBALS['TYPO3_CONF_VARS']['BE']['versionNumberInFilename'] + # - $GLOBALS['TYPO3_CONF_VARS']['FE']['versionNumberInFilename'] + # IMPORTANT: This rule has to be the very first RewriteCond in order to work! + RewriteCond %{REQUEST_FILENAME} !-f + RewriteCond %{REQUEST_FILENAME} !-d + RewriteRule ^(.+)\.(\d+)\.(php|js|css|png|jpg|gif|gzip)$ %{ENV:CWD}$1.$3 [L] + + # Access block for folders + RewriteRule _(?:recycler|temp)_/ - [F] + RewriteRule fileadmin/templates/.*\.(?:txt|ts)$ - [F] + RewriteRule ^(?:vendor|typo3_src|typo3temp/var) - [F] + RewriteRule (?:typo3conf/ext|typo3/sysext|typo3/ext)/[^/]+/(?:Configuration|Resources/Private|Tests?|Documentation|docs?)/ - [F] + + # Block access to all hidden files and directories with the exception of + # the visible content from within the `/.well-known/` hidden directory (RFC 5785). + RewriteCond %{REQUEST_URI} "!(^|/)\.well-known/([^./]+./?)+$" [NC] + RewriteCond %{SCRIPT_FILENAME} -d [OR] + RewriteCond %{SCRIPT_FILENAME} -f + RewriteRule (?:^|/)\. - [F] + + # Stop rewrite processing, if we are in any other known directory + # NOTE: Add your additional local storages here + RewriteRule ^(?:fileadmin/|typo3conf/|typo3temp/|uploads/) - [L] + + # If the file/symlink/directory does not exist but is below /typo3/, redirect to the TYPO3 Backend entry point. + RewriteCond %{REQUEST_FILENAME} !-f + RewriteCond %{REQUEST_FILENAME} !-d + RewriteCond %{REQUEST_FILENAME} !-l + RewriteCond %{REQUEST_URI} ^/typo3/.*$ + RewriteRule ^typo3/(.*)$ %{ENV:CWD}typo3/index.php [QSA,L] + + # If the file/symlink/directory does not exist => Redirect to index.php. + # For httpd.conf, you need to prefix each '%{REQUEST_FILENAME}' with '%{DOCUMENT_ROOT}'. + RewriteCond %{REQUEST_FILENAME} !-f + RewriteCond %{REQUEST_FILENAME} !-d + RewriteCond %{REQUEST_FILENAME} !-l + RewriteRule ^.*$ %{ENV:CWD}index.php [QSA,L] + + + + SetHandler "proxy:unix:${config.services.phpfpm.pools."${domain}".socket}|fcgi://${domain}/" + + ''; + }; + + phpfpm.pools.${domain} = { + inherit (config.services.httpd) user group; + inherit phpPackage; + + settings = { + "listen.owner" = config.services.httpd.user; + "listen.group" = config.services.httpd.group; + "pm" = "ondemand"; + "pm.max_children" = 15; + }; + + phpEnv = { + TYPO3_ADDITIONAL_CONFIGURATION = "/var/projects/own/typo3-configuration/AdditionalConfiguration.inc.php"; + TYPO3_DATABASE = databaseName; + TYPO3_CONTEXT = "Development/dsiepmann"; + TYPO3_BASE = "https://${domain}/"; + + # Used via TYPO3 API, expose + IMAGEMAGICK_PATH = lib.makeBinPath [ pkgs.imagemagick ] + "/"; + }; + }; + + }; +} diff --git a/systems/hikari3/web-development/lib/mkcert.nix b/systems/hikari3/web-development/lib/mkcert.nix new file mode 100644 index 0000000..6598136 --- /dev/null +++ b/systems/hikari3/web-development/lib/mkcert.nix @@ -0,0 +1,53 @@ +{ pkgs, lib, config, ... }: + +let + certFolder = "/var/projects/own/mkcert"; + + domains = builtins.concatStringsSep " " ( + map (domain: "\"${domain}\"") ( + builtins.attrNames config.services.httpd.virtualHosts + ) + ); + + custom-generate-certs = pkgs.writeShellApplication { + name = "custom-generate-certs"; + + runtimeInputs = [ + pkgs.mkcert + ]; + + text = '' + mkdir -p ${certFolder} + pushd ${certFolder} + declare -a domains=(${domains}) + for domain in "''${domains[@]}" + do + CAROOT="${certFolder}" mkcert "$domain" + done + ''; + }; +in { + options = { + custom.web-development = { + certFolder = lib.mkOption { + type = lib.types.path; + default = "${config.custom.web-development.rootPath}/own/mkcert/"; + }; + }; + }; + + config = { + + # TODO: Run once before httpd service starts? + environment.systemPackages = [ + custom-generate-certs + ]; + + # NOTE: Disable until root certificate is generated, then add again + # Maybe check for file existense and throw proper error message? + security.pki.certificates = [ + (builtins.readFile "${config.custom.web-development.certFolder}rootCA.pem") + ]; + + }; +} diff --git a/systems/hikari/web-development/projects/customer.nix b/systems/hikari3/web-development/projects/customer.nix similarity index 100% rename from systems/hikari/web-development/projects/customer.nix rename to systems/hikari3/web-development/projects/customer.nix diff --git a/systems/hikari3/web-development/projects/customer/reu-reu.nix b/systems/hikari3/web-development/projects/customer/reu-reu.nix new file mode 100644 index 0000000..b63a5a3 Binary files /dev/null and b/systems/hikari3/web-development/projects/customer/reu-reu.nix differ diff --git a/systems/hikari3/web-development/projects/customer/sa-sa.nix b/systems/hikari3/web-development/projects/customer/sa-sa.nix new file mode 100644 index 0000000..7e05ddf Binary files /dev/null and b/systems/hikari3/web-development/projects/customer/sa-sa.nix differ diff --git a/systems/hikari3/web-development/projects/customer/wm-interdaf.nix b/systems/hikari3/web-development/projects/customer/wm-interdaf.nix new file mode 100644 index 0000000..73ae200 Binary files /dev/null and b/systems/hikari3/web-development/projects/customer/wm-interdaf.nix differ diff --git a/systems/hikari3/web-development/projects/customer/wm-sozio.nix b/systems/hikari3/web-development/projects/customer/wm-sozio.nix new file mode 100644 index 0000000..8892e0e Binary files /dev/null and b/systems/hikari3/web-development/projects/customer/wm-sozio.nix differ diff --git a/systems/hikari3/web-development/projects/private.nix b/systems/hikari3/web-development/projects/private.nix new file mode 100644 index 0000000..771d83d --- /dev/null +++ b/systems/hikari3/web-development/projects/private.nix @@ -0,0 +1,13 @@ +{ pkgs, lib, config, ... }: + +let + + php = pkgs.php83; + +in import ./../lib/create-typo3.nix { + inherit config lib pkgs php; + + domain = "daniel-siepmann.own.localhost"; + relativeDocumentRoot = "own/daniel-siepmann/project/public/"; + databaseName = "own_danielsiepmann"; +} diff --git a/systems/hikari3/web-development/projects/service-wrapper.nix b/systems/hikari3/web-development/projects/service-wrapper.nix new file mode 100644 index 0000000..7e78f12 --- /dev/null +++ b/systems/hikari3/web-development/projects/service-wrapper.nix @@ -0,0 +1,28 @@ +{ pkgs, lib, config, ... }: + +let + domain = "mailhog.localhost"; +in { + services = { + + httpd.virtualHosts.${domain} = { + forceSSL = true; + sslServerCert = "${config.custom.web-development.certFolder}${domain}.pem"; + sslServerKey = "${config.custom.web-development.certFolder}${domain}-key.pem"; + + extraConfig = '' + RequestHeader unset Authorization + ProxyRequests Off + ProxyPreserveHost On + ProxyPass / http://localhost:8025/ + ProxyPassReverse / http://localhost:8025/ + + # Mailhog specific + + ProxyPass ws://localhost:8025/api/v2/websocket + + ''; + }; + + }; +} diff --git a/systems/hikari3/web-development/projects/typo3.nix b/systems/hikari3/web-development/projects/typo3.nix new file mode 100644 index 0000000..bd4596e --- /dev/null +++ b/systems/hikari3/web-development/projects/typo3.nix @@ -0,0 +1,8 @@ +{ lib, config, ... }: + +import ./../lib/create-static.nix { + inherit config; + + domain = "tea-docs.typo3.localhost"; + relativeDocumentRoot = "typo3/tea/Documentation-GENERATED-temp/Result/project/0.0.0/"; +}