refactorisation continuing

hosts/org/configuration.nix

@@ -9,17 +9,10 @@
     [
       ./hardware-configuration.nix
       ./physical.nix
-      ../../profiles/core-hackens
+      ./core-hackens
       ../../secrets
       ./wiki
       ./webpass.nix
-      ./mosquitto.nix
-      ./monitoring
-      ./kfet2mqtt.nix
-      # ./bridge.nix
-      # ./gha.nix
-      # ./sync.nix
-      ./misc
     ];
 
   networking.hostName = "hackens-org"; # Define your hostname.

hosts/org/core-hackens/personal-users.nix

@@ -5,23 +5,23 @@
       isNormalUser = true;
       extraGroups = [ "wheel" ];
       hashedPassword = "$6$y/I6nKCMYUku7$91vTR5kYz4nHyhbuA/j6kPsD8Vfo/Rg7ri6Ympftra9V6emOt/mPg0AScECtYjSIxretvfQ3sPUF1Ho0IWx381";
-      openssh.authorizedKeys.keyFiles = [ ../../pubkeys/raito.keys ];
+      openssh.authorizedKeys.keyFiles = [ ../../../pubkeys/raito.keys ];
     };
     gdoriathdohler = {
       isNormalUser = true;
       extraGroups = [ "wheel" ];
-      openssh.authorizedKeys.keyFiles = [ ../../pubkeys/gdd.keys ];
+      openssh.authorizedKeys.keyFiles = [ ../../../pubkeys/gdd.keys ];
     };
     mdebray = {
       isNormalUser = true;
       extraGroups = [ "wheel" ];
-      openssh.authorizedKeys.keyFiles = [ ../../pubkeys/sinavir.keys ];
+      openssh.authorizedKeys.keyFiles = [ ../../../pubkeys/sinavir.keys ];
     };
     hbarral = {
       isNormalUser = true;
       extraGroups = [ "wheel" ];
-      openssh.authorizedKeys.keyFiles = [ ../../pubkeys/backslash.keys ];
+      openssh.authorizedKeys.keyFiles = [ ../../../pubkeys/backslash.keys ];
     };
-    root.openssh.authorizedKeys.keyFiles = [ ../../pubkeys/beigbeder.keys ]; # Jacques Beigbeder est tjrs root.
+    root.openssh.authorizedKeys.keyFiles = [ ../../../pubkeys/beigbeder.keys ]; # Jacques Beigbeder est tjrs root.
   };
 }

hosts/org/misc/default.nix

@@ -1,12 +0,0 @@
-{ pkgs, ... }:
-{
-  imports = [
-    # ./static-website.nix
-    # ./game2048.nix
-    # ./casauth.nix
-    # ./nds.nix
-    # ./prez.nix
-    # ./public.nix
-    # ./jarvis.nix
-  ];
-}

hosts/org/modules/static-website.nix

@@ -1,26 +0,0 @@
-{ lib, config }:
-
-with lib;
-let
-  cfg = config.services.static-website.config;
-  l = builtins.split cfg.name "/";
-  name = lists.last l;
-in
-{
-  services.static-website.config = lib.mkOption {
-    type = with types; attrsOf (submodule {
-      options.name = mkOption path;
-    });
-  };
-
-  config = {
-    services.nginx.enable = cfg.enable;
-    virtualHosts."${cfg.name}" = {
-      root = "/var/lib/nginx/static/${name}";
-    }
-  };
-}
-
-/* TODO
-ACME
-*/

hosts/org/monitoring/config.yaml

@@ -1,31 +0,0 @@
-mqtt:
- # The MQTT broker to connect to
- server: tcp://new.hackens.org:1883
- # The Topic path to subscribe to. Be aware that you have to specify the wildcard, if you want to follow topics for multiple sensors.
- topic_path: +/+
- # The MQTT QoS level
- qos: 0
- metric_per_topic_config:
-  metric_name_regex: "(?P<deviceid>.*)/(?P<metricname>.*)"
-cache:
- # Timeout. Each received metric will be presented for this time if no update is send via MQTT.
- # Set the timeout to -1 to disable the deletion of metrics from the cache. The exporter presents the ingest timestamp
- # to prometheus.
- timeout: 24h
-metrics:
- # The name of the metric in prometheus
- - prom_name: keft_open
-  # The name of the metric in a MQTT JSON message
-   mqtt_name: open
-  # The prometheus help text for this metric
-   help: K-Fêt opening state
-  # The prometheus type for this metric. Valid values are: "gauge" and "counter"
-   type: gauge
- # The name of the metric in prometheus
- - prom_name: trash_filling
-  # The name of the metric in a MQTT JSON message
-   mqtt_name: trash
-  # The prometheus help text for this metric
-   help: Hackens trash filling state
-  # The prometheus type for this metric. Valid values are: "gauge" and "counter"
-   type: gauge

hosts/org/monitoring/default.nix

@@ -1,40 +0,0 @@
-{ pkgs, lib, config, ... }:
-{
-  imports = [ ../modules/mqtt2prometheus ];
-  services = {
-    prometheus = {
-      enable = true;
-      listenAddress = "127.0.0.1";
-      scrapeConfigs = [
-        {
-          job_name = "mqtt_listener";
-          scrape_interval = "120s";
-          static_configs = [
-            {
-              targets = [
-                "localhost:9641"
-              ];
-            }
-          ];
-        }
-      ];
-    };
-    mqtt2prometheus = {
-      enable = true;
-      package = pkgs.callPackage (import ./mqtt2prometheus.nix) { };
-      config = ./config.yaml;
-    };
-    grafana = {
-      enable = true;
-    };
-    nginx.virtualHosts."monitoring.new.hackens.org" = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/" = {
-        proxyPass = "http://localhost:3000";
-        proxyWebsockets = true;
-      };
-    };
-  };
-  networking.firewall.allowedTCPPorts  = [ 3000 ];
-}

hosts/org/monitoring/mqtt2prometheus.nix

@@ -1,15 +0,0 @@
-{ pkgs, ... }:
-pkgs.buildGoModule rec {
-  pname = "mqtt2prometheus";
-  version = "0.1.6";
-  src = pkgs.fetchFromGitHub {
-    owner = "hikhvar";
-    repo = "mqtt2prometheus";
-    rev = "v${version}";
-    sha256 = "0dz5mrwm231g45i8rbmvaza8bm6cr4jg5vc87h41vnm7xsx815g7";
-  };
-  vendorSha256 = "1fyzij7cakhd6x2hf3rvvslvvxmfmlp881x5rz2qwm04spa18cp4";
-  postInstall = ''
-    mv $out/bin/cmd $out/bin/mqtt2prometheus
-    '';
-}

hosts/org/mosquitto.nix

@@ -5,10 +5,9 @@ in
 {
   services.mosquitto = {
     enable = true;
-    #logType = [ "all" ];
     listeners = [
       {
-        address = "0.0.0.0";
+        address = "10.158.1.1";
         acl = [ "topic readwrite #" ];
         port = port;
         settings = {

hosts/org/orga.nix

@@ -1,3 +0,0 @@
-{ pkgs, lib, config, ... }:
-let
-  sources

hosts/org/wiki/default.nix

@@ -3,10 +3,6 @@ let
   hostname = "new.hackens.org";
 in
 {
-  imports = [
-    ../modules/custom-dokuwiki.nix
-  ];
-  disabledModules = [ "services/web-apps/dokuwiki.nix" ];
 
   networking.firewall.allowedTCPPorts = [ 80 443 ];
 
@@ -60,42 +56,7 @@ in
     aclUse = true;
 
     # Il faut packager les templates
-    templates = let
-      template-bootstrap3 = { version, logo, favicon, apple-touch-icon, dokuwikiPath }:
-        pkgs.stdenv.mkDerivation {
-          name = "bootstrap3";
-          # Download the theme from the dokuwiki site
-          src = pkgs.fetchFromGitHub version;
-          # We need unzip to build this package
-          # buildInputs = [ pkgs.unzip ];
-          # Installing simply means copying all files to the output directory
-          installPhase = ''
-            mkdir -p $out
-            cp -R * $out/
-            rm $out/images/logo.png
-            rm $out/images/favicon.ico
-            rm $out/images/apple-touch-icon.png
-            ln -s ${logo} $out/images/logo.png
-            ln -s ${favicon} $out/images/favicon.ico
-            ln -s ${apple-touch-icon} $out/images/apple-touch-icon.png
-            echo "<?php define('DOKU_INC', getenv('DOKUWIKI_ROOT'));" > $out/doku_inc.php # Lien vers le dokuwiki
-            '';
-        };
-    # And then pass this theme to the template list like this:
-    in [
-      (template-bootstrap3 {
-        version = {
-          owner = "giterlizzi";
-          repo = "dokuwiki-template-bootstrap3";
-          rev="v2020-07-29";
-          sha256="05d6si1lci3a2pgd10iwpwrgl969y7gq4qsn5p1lbgxkraad17af";
-        };
-        logo = ./media/logo.png;
-        favicon = ./media/favicon.ico;
-        apple-touch-icon = ./media/logo.png;
-        dokuwikiPath = "${config.services.dokuwiki.sites."${hostname}".finalPackage}/share/dokuwiki";
-      })
-    ];
+    templates = pkgs.hackens.dokuwikiAddons.bootstrap3;
     plugins = [
       (pkgs.stdenv.mkDerivation {
         name = "commonmark";
@@ -158,7 +119,7 @@ in
     ];
   };
   # On veut php-xml
-  services.phpfpm.pools."dokuwiki-${hostname}".phpPackage = pkgs.lib.mkForce ( pkgs.php74.withExtensions (
+  services.phpfpm.pools."dokuwiki-${hostname}".phpPackage = pkgs.lib.mkForce ( pkgs.php8.withExtensions (
     { all, enabled, ... }:
       enabled ++ [
         all.xml

nur.nix

@@ -0,0 +1,9 @@
+{ pkgs, config, lib, ... }:
+{
+  imports = [
+    ../myModules
+  ];
+  nixpkgs.config.packageOverrides = {
+    hackens = import ./myPkgs { inherit pkgs; };
+  };
+}

profiles/monitoring.nix

@@ -1,72 +0,0 @@
-{ pkgs, config, ... }:
-{
-  # Monitoring
-  services.netdata.enable = true;
-  systemd.services.netdata.restartTriggers = map (name: config.environment.etc."netdata/${name}.conf".source) [
-    "health_alarm_notify"
-    "stream"
-    "fping"
-  ];
-  environment.etc."netdata/stream.conf" = {
-    user = "netdata";
-    group = "netdata";
-    mode = "0600";
-    text = ''
-      # hackens-desktop
-      [074e699a-4206-4e13-baa7-e4524326f1e0]
-        enabled = yes
-        default history = 3600
-        default memory mode = dbengine
-        health enabled by default = auto
-        allow from = 192.168.1.117, 2001:470:1f13:21d:49fd:1d82:d2ff:d868
-
-      # hackens-openwrt
-      [cab3fe1e-576b-420d-b301-84308e44f340]
-        enabled = yes
-        default history = 3600
-        default memory mode = dbengine
-        health enabled by default = auto
-        allow from = 192.168.1.1, 2001:470:1f13:21d::1
-    '';
-  };
-  environment.etc."netdata/health_alarm_notify.conf" = {
-    user = "netdata";
-    group = "netdata";
-    mode = "0600";
-    text = ''
-      # External tools
-      nc="${pkgs.netcat}/bin/nc"
-
-      # IRC configuration
-      SEND_IRC="YES"
-      DEFAULT_RECIPIENT_IRC="#hackens-status"
-      IRC_NETWORK="ens.wtf"
-      IRC_NICKNAME="hackens"
-      IRC_REALNAME="hackENS netdata monitoring"
-    '';
-  };
-  environment.etc."netdata/fping.conf" = {
-    user = "netdata";
-    group = "netdata";
-    mode = "0600";
-    text = ''
-      fping="${pkgs.fping}/bin/fping"
-      hosts="hackens.org hack.ens.fr sas.eleves.ens.fr argonaut.ens.wtf clipper.ens.fr merle.eleves.ens.fr"
-    '';
-  };
-  services.smartd.enable = true;
-  services.smartd.extraOptions = [ "-A /var/log/smartd/" ]; # For netdata.
-
-  # MQTT for every usage, notably OctoPrint events.
-  services.mosquitto = {
-    enable = true;
-    listeners = [
-      {
-        address = "192.168.1.118";
-      }
-    ];
-    settings = {
-      # allow_anonymous = true;
-    };
-  };
-}

shared/myModules/custom-dokuwiki.nix

@@ -9,14 +9,7 @@ let
   webserver = config.services.${cfg.webserver};
   stateDir = hostName: "/var/lib/dokuwiki/${hostName}/data";
 
-  dokuwikiAclAuthConfig = hostName: cfg: pkgs.writeText "acl.auth-${hostName}.php" ''
-    # acl.auth.php
-    # <?php exit()?>
-    #
-    # Access Control Lists
-    #
-    ${toString cfg.acl}
-  '';
+  dokuwikiAclAuthConfig = hostName: cfg: pkgs.writeText "acl.auth-${hostName}.php" "${toString cfg.acl}";
 
   dokuwikiLocalConfig = hostName: cfg: pkgs.writeText "local-${hostName}.php" ''
     <?php
@@ -24,7 +17,7 @@ let
     $conf['superuser'] = '${toString cfg.superUser}';
     $conf['useacl'] = '${toString cfg.aclUse}';
     $conf['disableactions'] = '${cfg.disableActions}';
-    ${toString cfg.extraConfig}
+    ${toString cfg.settings}
   '';
 
   dokuwikiPluginsLocalConfig = hostName: cfg: pkgs.writeText "plugins.local-${hostName}.php" ''
@@ -42,15 +35,6 @@ let
       mkdir -p $out
       cp -r * $out/
 
-      # symlink the dokuwiki config
-      ln -s ${dokuwikiLocalConfig hostName cfg} $out/share/dokuwiki/local.php
-
-      # symlink plugins config
-      ln -s ${dokuwikiPluginsLocalConfig hostName cfg} $out/share/dokuwiki/plugins.local.php
-
-      # symlink acl
-      ln -s ${dokuwikiAclAuthConfig hostName cfg} $out/share/dokuwiki/acl.auth.php
-
       # symlink additional plugin(s) and templates(s)
       ${concatMapStringsSep "\n" (template: "ln -s ${template} $out/share/dokuwiki/lib/tpl/${template.name}") cfg.templates}
       ${concatMapStringsSep "\n" (plugin: "ln -s ${plugin} $out/share/dokuwiki/lib/plugins/${plugin.name}") cfg.plugins}
@@ -69,13 +53,6 @@ let
           description = "Which DokuWiki package to use.";
         };
 
-        finalPackage = mkOption {
-          type = types.package;
-          default = pkg name config;
-          description = "The modified DokuWiki package used by the module.";
-          readOnly = true;
-        };
-
         stateDir = mkOption {
           type = types.path;
           default = "/var/lib/dokuwiki/${name}/data";
@@ -169,26 +146,7 @@ let
           default = [];
           description = ''
                 List of path(s) to respective plugin(s) which are copied from the 'plugin' directory.
-                <note><para>These plugins need to be packaged before use, see example.</para></note>
-          '';
-          example = literalExpression ''
-                let
-                  # Let's package the icalevents plugin
-                  plugin-icalevents = pkgs.stdenv.mkDerivation {
-                    name = "icalevents";
-                    # Download the plugin from the dokuwiki site
-                    src = pkgs.fetchurl {
-                      url = "https://github.com/real-or-random/dokuwiki-plugin-icalevents/releases/download/2017-06-16/dokuwiki-plugin-icalevents-2017-06-16.zip";
-                      sha256 = "e40ed7dd6bbe7fe3363bbbecb4de481d5e42385b5a0f62f6a6ce6bf3a1f9dfa8";
-                    };
-                    sourceRoot = ".";
-                    # We need unzip to build this package
-                    buildInputs = [ pkgs.unzip ];
-                    # Installing simply means copying all files to the output directory
-                    installPhase = "mkdir -p $out; cp -R * $out/";
-                  };
-                # And then pass this theme to the plugin list like this:
-                in [ plugin-icalevents ]
+                It is a good practice to package them.
           '';
         };
 
@@ -197,25 +155,7 @@ let
           default = [];
           description = ''
                 List of path(s) to respective template(s) which are copied from the 'tpl' directory.
-                <note><para>These templates need to be packaged before use, see example.</para></note>
-          '';
-          example = literalExpression ''
-                let
-                  # Let's package the bootstrap3 theme
-                  template-bootstrap3 = pkgs.stdenv.mkDerivation {
-                    name = "bootstrap3";
-                    # Download the theme from the dokuwiki site
-                    src = pkgs.fetchurl {
-                      url = "https://github.com/giterlizzi/dokuwiki-template-bootstrap3/archive/v2019-05-22.zip";
-                      sha256 = "4de5ff31d54dd61bbccaf092c9e74c1af3a4c53e07aa59f60457a8f00cfb23a6";
-                    };
-                    # We need unzip to build this package
-                    buildInputs = [ pkgs.unzip ];
-                    # Installing simply means copying all files to the output directory
-                    installPhase = "mkdir -p $out; cp -R * $out/";
-                  };
-                # And then pass this theme to the template list like this:
-                in [ template-bootstrap3 ]
+                It is a good practice to package them.
           '';
         };
 
@@ -273,14 +213,16 @@ in
           Further nginx configuration can be done by adapting <literal>services.nginx.virtualHosts.&lt;name&gt;</literal>.
           See <xref linkend="opt-services.nginx.virtualHosts"/> for further information.
 
-          Further apache2 configuration can be done by adapting <literal>services.httpd.virtualHosts.&lt;name&gt;</literal>.
-          See <xref linkend="opt-services.httpd.virtualHosts"/> for further information.
+          TO COMPLETE
         '';
       };
 
     };
   };
 
+  
+  disabledModules = [ "services/web-apps/dokuwiki.nix" ];
+
   # implementation
   config = mkIf (eachSite != {}) (mkMerge [{
 
@@ -300,15 +242,11 @@ in
         inherit user;
         group = webserver.group;
 
-        # Not yet compatible with php 8 https://www.dokuwiki.org/requirements
-        # https://github.com/splitbrain/dokuwiki/issues/3545
-        phpPackage = pkgs.php74;
         phpEnv = {
           DOKUWIKI_LOCAL_CONFIG = "${dokuwikiLocalConfig hostName cfg}";
           DOKUWIKI_PLUGINS_LOCAL_CONFIG = "${dokuwikiPluginsLocalConfig hostName cfg}";
           DOKUWIKI_ROOT = "${cfg.finalPackage}/share/dokuwiki/";
-        } // optionalAttrs (cfg.usersFile != null) {
-          DOKUWIKI_USERS_AUTH_CONFIG = "${cfg.usersFile}";
+          DOKUWIKI_USERS_AUTH_CONFIG = "${if cfg.usersFile!= {} then cfg.usersFile else ""}";
         } //optionalAttrs (cfg.aclUse) {
           DOKUWIKI_ACL_AUTH_CONFIG = if (cfg.acl != null) then "${dokuwikiAclAuthConfig hostName cfg}" else "${toString cfg.aclFile}";
         };
@@ -328,6 +266,7 @@ in
       "d ${stateDir hostName}/cache 0750 ${user} ${webserver.group} - -"
       "d ${stateDir hostName}/index 0750 ${user} ${webserver.group} - -"
       "d ${stateDir hostName}/locks 0750 ${user} ${webserver.group} - -"
+      "d ${stateDir hostName}/log 0750 ${user} ${webserver.group} - -"
       "d ${stateDir hostName}/media 0750 ${user} ${webserver.group} - -"
       "d ${stateDir hostName}/media_attic 0750 ${user} ${webserver.group} - -"
       "d ${stateDir hostName}/media_meta 0750 ${user} ${webserver.group} - -"
@@ -352,7 +291,7 @@ in
         root = "${pkg hostName cfg}/share/dokuwiki";
 
         locations = {
-          "~ /(conf/|bin/|inc/|install.php)" = {
+          "~ /(conf/|bin/|inc/|vendor/|install.php)" = {
             extraConfig = "deny all;";
           };
 

shared/myModules/default.nix

@@ -0,0 +1,6 @@
+{ pkgs, config, lib, ...}:
+{
+  imports = [
+    ./custom-dokuwiki.nix
+  ];
+}

shared/myModules/mqtt2prometheus.nix

@@ -19,7 +19,7 @@ in
       default = 9641;
       description = "HTTP port used to expose metrics";
     };
-    config = lib.mkOption { # à nixifier
+    config = lib.mkOption { # à nixifier (un jour)
       type = lib.types.path;
       description = "Path to config file";
     };
@@ -28,7 +28,7 @@ in
     systemd.services."mqtt2prometheus" = {
       enable = true;
       description = "MQTT client which exposes metrics for prometheus monitoring software";
-      after = [ "network.target" ];
+      after = [ "network-online.target" ];
       serviceConfig = {
         ExecStart = "${cfg.package}/bin/mqtt2prometheus -config ${cfg.config} -listen-address ${cfg.listenAddress} -listen-port ${toString cfg.listenPort}";
         Restart = "always";

shared/myPkgs/dokuwiki.nix

@@ -0,0 +1,52 @@
+{ lib, stdenv, fetchFromGitHub, writeText, nixosTests }:
+
+stdenv.mkDerivation rec {
+  pname = "dokuwiki";
+  version = "2022-07-31";
+
+  src = fetchFromGitHub {
+    owner = "splitbrain";
+    repo = pname;
+    rev = "release_stable_${version}";
+    sha256 = "sha256-FreJsajdfoefQHo6rBzkImDUvR3Zb7rBQTYhYvyRJC4=";
+  };
+
+  preload = writeText "preload.php" ''
+  <?php
+
+    $config_cascade = array(
+      'main' => array(
+        'local'     => array(getenv('DOKUWIKI_LOCAL_CONFIG')),
+      ),
+      'acl' => array(
+        'default'   => getenv('DOKUWIKI_ACL_AUTH_CONFIG'),
+      ),
+      'plainauth.users' => array(
+        'default'   => getenv('DOKUWIKI_USERS_AUTH_CONFIG'),
+      ),
+      'plugins' => array(
+        'local' => array(getenv('DOKUWIKI_PLUGINS_LOCAL_CONFIG')),
+      ),
+    );
+  '';
+
+  installPhase = ''
+    mkdir -p $out/share/dokuwiki
+    cp -r * $out/share/dokuwiki
+    cp ${preload} $out/share/dokuwiki/inc/preload.php
+  '';
+
+  patches = [ ./dokuwiki_deep_merge.patch ];
+
+  passthru.tests = {
+    inherit (nixosTests) dokuwiki;
+  };
+
+  meta = with lib; {
+    description = "Simple to use and highly versatile Open Source wiki software that doesn't require a database";
+    license = licenses.gpl2;
+    homepage = "https://www.dokuwiki.org";
+    platforms = platforms.all;
+    maintainers = with maintainers; [ _1000101 ];
+  };
+}

shared/myPkgs/dokuwiki_deep_merge.patch

@@ -0,0 +1,11 @@
+--- a/inc/config_cascade.php
++++ b/inc/config_cascade.php
+@@ -5,7 +5,7 @@
+  * This array configures the default locations of various files in the
+  * DokuWiki directory hierarchy. It can be overriden in inc/preload.php
+  */
+-$config_cascade = array_merge(
++$config_cascade = array_merge_recursive(
+     array(
+         'main' => array(
+             'default'   => array(DOKU_CONF . 'dokuwiki.php'),

shared/nur.nix

@@ -0,0 +1,15 @@
+{ lib, pkgs, ... }:
+let
+  agenix = pkgs.fetchFromGitHub {
+    owner = "ryantm";
+    repo = "agenix";
+    rev = "7e5e58b98c3dcbf497543ff6f22591552ebfe65b";
+  };
+in
+{
+  nixpkgs.config.packageOverrides = {
+    hackens = import ./myPkgs { inherit pkgs; };
+  };
+  imports = [ "${agenix}/modules/age.nix" ]
+    ++ lib.attrValues (import ./myModules);
+}