nixos 16.09 -> 17.03

README.md

@@ -9,7 +9,7 @@ Systems
 
 Physical server. Mostly used for files. (storage: 6 TB hdd + 256GB ssd, RAM: 8GB, 2 cores ht)
 
-- [git hosting](./modules/gogs.nix)
+- [git hosting](./roles/gogs.nix)
 - [public files](./roles/pub.nix)
 - torrents
 - [quassel](./roles/quassel.nix)

conf

@@ -12,7 +12,7 @@ git)
 	eval ${@:3}
 	;;
 stable)
-	export NIX_PATH="nixpkgs=https://nixos.org/channels/nixos-16.09/nixexprs.tar.xz:nixos-config=`pwd`/logical/$2.nix:$NIX_PATH"
+	export NIX_PATH="nixpkgs=https://nixos.org/channels/nixos-17.03/nixexprs.tar.xz:nixos-config=`pwd`/logical/$2.nix:$NIX_PATH"
 	eval ${@:3}
 	;;
 channel)

logical/frumar.nix

@@ -10,10 +10,10 @@ in
 {
   imports =
     [ # Include the results of the hardware scan.
-      ../psysical/fractal.nix
+      ../physical/fractal.nix
       ../roles/common.nix
      ../modules/nginx.nix
-      ../modules/gogs.nix # todo: better separation here
+      ../roles/gogs.nix
       ../modules/tor-hidden-service.nix
       ../roles/quassel.nix
       ../roles/pub.nix
@@ -26,7 +26,6 @@ in
   # The NixOS release to be compatible with for stateful data such as databases.
   system.stateVersion = "15.09";
 
-  gogs.domain = "git.yori.cc";
   nginxssl.enable = true;
 
   # hidden SSH service

logical/pennyworth.nix

@@ -7,9 +7,6 @@
 let
   secrets = import <secrets>;
   yoricc = import ../packages/yori-cc.nix;
-  luadbi = pkgs.callPackage ../packages/luadbi.nix {};
-  acmeWebRoot = "/etc/sslcerts/acmeroot";
-  acmeKeyDir = "${config.security.acme.directory}/yori.cc";
 in
 {
   imports = [

modules/gogs.nix

@@ -1,86 +0,0 @@
-{ config, pkgs, lib, ... }:
-let
-  gitHome = "/var/gogs";
-  gogs = pkgs.callPackage ../packages/gogs.nix { };
-  gogsPort = 8001;
-  domain = config.gogs.domain;
-  gogsConfig = pkgs.writeText "gogs.ini" ''
-APP_NAME = Gogs: Go Git Service
-RUN_USER = git
-RUN_MODE = prod
-[database]
-DB_TYPE = sqlite3
-HOST = 127.0.0.1:3306
-NAME = gogs
-USER = root
-PASSWD = 
-SSL_MODE = disable
-PATH = ${gitHome}/data/gogs.db
-[repository]
-ROOT = ${gitHome}/gogs-repositories
-[server]
-DOMAIN = ${domain}
-HTTP_PORT = ${toString gogsPort}
-ROOT_URL = https://${domain}/
-DISABLE_SSH = false
-SSH_PORT = 22
-OFFLINE_MODE = false
-[mailer]
-ENABLED = false
-[service]
-REGISTER_EMAIL_CONFIRM = false
-ENABLE_NOTIFY_MAIL = false
-DISABLE_REGISTRATION = true
-REQUIRE_SIGNIN_VIEW = false
-[picture]
-DISABLE_GRAVATAR = false
-AVATAR_UPLOAD_PATH = ${gitHome}/data/avatars
-[session]
-PROVIDER = file
-[log]
-ROOT_PATH = ${gitHome}/logs
-MODE = file
-LEVEL = Info
-[security]
-INSTALL_LOCK = true
-'';
-inherit (lib) mkOption types;
-in
-{
-    #imports = [./nginx.nix];
-    options.gogs = {
-      domain = mkOption {
-        type = types.string;
-        description = "The domain to run the servers on";
-        default = {};
-        example = "git.domain.com";
-      };
-    };
-    config = 
-{
-  users.extraUsers.git = { home = gitHome; extraGroups = [ "git" ]; useDefaultShell = true;};
-  users.extraGroups.git = { };
-  systemd.services.gogs = {
-    path = with pkgs; [ git openssh bash ];
-    wantedBy = [ "multi-user.target" ];
-    serviceConfig = {
-      Type = "simple";
-      Restart = "always";
-      User = "git";
-      Group = "git";
-      ExecStart = "${gogs}/gogs web -c ${gogsConfig}";
-      WorkingDirectory = gitHome;
-    };
-  };
-  services.nginx.virtualHosts.${domain} = {
-    forceSSL = true;
-    enableACME = true;
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:${toString gogsPort}";
-      extraConfig = ''
-        proxy_buffering off;
-      '';
-    };
-  };
-};
-}

packages/yori-cc.nix

@@ -3,12 +3,12 @@ with import <nixpkgs> {};
 let gogitget = callPackage ./gogitget.nix {}; in
 
 stdenv.mkDerivation {
-  name = "yori-cc-1.3";
+  name = "yori-cc-1.3.5";
   
   src = gogitget {
     "url" = "git@git.yori.cc:yorick/yori-cc.git";
-    "rev" = "db207b9fd74a1036d2272c38dcbb6de504cf590a";
-    "sha256" = "1rqsv7pdij15f6nxxwggw58q12ggl6g7gjjq73sbdz1v9x78xbzp";
+    "rev" = "f049e4330dfb64bbbaf700897269c003fce8b5c4";
+    "sha256" = "1x8knlsp7cx52sr15gr0yhj1vl8ncznrqn4nvaycgwmhr1kysffr";
   };
   
   buildInputs = [ ];

roles/asterisk.nix

@@ -5,37 +5,22 @@
 	services.asterisk = {
 		enable = true;
 		#extraArguments = ["-vvvddd"];
-		confFiles."asterisk.conf" = ''
-	[directories]
-	astetcdir => /etc/asterisk/
-	astmoddir => ${pkgs.asterisk}/lib/asterisk/modules
-	astvarlibdir => /var/lib/asterisk
-	astdbdir => /var/lib/asterisk
-	astkeydir => /var/lib/asterisk
-	astdatadir => /var/lib/asterisk
-	astagidir => /var/lib/asterisk/agi-bin
-	astspooldir => /var/spool/asterisk
-	astrundir => /var/run/asterisk
-	astlogdir => /var/log/asterisk
-	astsbindir => ${pkgs.asterisk}/sbin
-		'';
-	};
-	environment.etc = {
-	    # Loading all modules by default is considered sensible by the authors of
-	    # "Asterisk: The Definitive Guide". Secure sites will likely want to
-		# specify their own "modules.conf" in the confFiles option.
-		"asterisk/modules.conf".text = ''
-		  [modules]
-		  autoload=yes
-		'';
-
-		# Use syslog for logging so logs can be viewed with journalctl
-		"asterisk/logger.conf".text = ''
+		confFiles."logger.conf" = ''
 		  [general]
 		  [logfiles]
 		  syslog.local0 => notice,warning,error
 		  console => debug,notice,warning,error,verbose,dtmf,fax
 		'';
+		confFiles."extensions.conf" = ''
+			[from-sim]
+			  exten => _X.,1,Verbose(Call from Limesco SIM [''${CALLERID(num)}] to [''${EXTEN}])
+			  same  =>     n,Dial(SIP/speakup01/''${EXTEN})
+
+			[from-speakup]
+			; Vervang ... door de rest van je DIY-nummer:
+			  exten => 31626972516,1,Verbose(Call from SpeakUp [''${CALLERID(num)}] to [''${EXTEN}])
+			  same  =>        n,Dial(SIP/limesco/''${EXTEN})
+		'';
 	};
 	environment.systemPackages = with pkgs; [
 	  asterisk

roles/gogs.nix

@@ -0,0 +1,58 @@
+{ config, pkgs, lib, ... }:
+let
+  gitHome = "/var/gogs";
+  gogs = pkgs.callPackage ../packages/gogs.nix { };
+  gogsPort = 8001;
+  domain = "git.yori.cc";
+in
+{
+  imports = [
+    ../modules/nginx.nix
+  ];
+
+  users.extraUsers.git = { home = gitHome; extraGroups = [ "git" ]; useDefaultShell = true;};
+  users.extraGroups.git = { };
+  services.gogs = rec {
+    enable = true;
+    user = "git";
+    group = "git";
+    database.user = "root";
+    stateDir = gitHome;
+    repositoryRoot = "${stateDir}/gogs-repositories";
+    rootUrl = "https://${domain}/";
+    httpAddress = "localhost";
+    httpPort = gogsPort;
+    extraConfig = ''
+      [service]
+      REGISTER_EMAIL_CONFIRM = false
+      ENABLE_NOTIFY_MAIL = false
+      DISABLE_REGISTRATION = true
+      REQUIRE_SIGNIN_VIEW = false
+      [picture]
+      DISABLE_GRAVATAR = false
+      AVATAR_UPLOAD_PATH = ${gitHome}/data/avatars
+      [mailer]
+      ENABLED = false
+      [session]
+      PROVIDER = file
+      [log]
+      ROOT_PATH = ${gitHome}/logs
+      MODE = file
+      LEVEL = Info
+      [server]
+      DISABLE_ROUTER_LOG  = true
+    '';
+    inherit domain;
+  };
+  users.extraUsers.gogs.createHome = lib.mkForce false;
+  services.nginx.virtualHosts.${domain} = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:${toString gogsPort}";
+      extraConfig = ''
+        proxy_buffering off;
+      '';
+    };
+  };
+}

roles/mail.nix

@@ -1,5 +1,6 @@
 { config, pkgs, lib, ... }:
 let secrets = import <secrets>;
+acmeKeyDir = "${config.security.acme.directory}/yori.cc";
 in
 {
   imports = [

roles/quassel.nix

@@ -19,7 +19,7 @@
         interfaces = ["0.0.0.0"];
       };
       environment.systemPackages = [
-        pkgs.kde4.quasselDaemon
+        pkgs.quasselDaemon
       ];
       networking.firewall.allowedTCPPorts = [4242];
     };

roles/xmpp.nix

@@ -2,6 +2,7 @@
 
 let
   luadbi = pkgs.callPackage ../packages/luadbi.nix {};
+  acmeKeyDir = "${config.security.acme.directory}/yori.cc";
 in
 {
   # XMPP