Kiwi/logical.nix

## logical.nix
{ cert ? "", key ? "" }: {
  server = { config, pkgs, ... }: {
    services.openssh.enable = true;
    services.panamax.enable = false;
  };

  hidden = { config, lib, pkgs, ... }: with lib; {
    options = {
      owncloudHost = lib.mkOption {
        default = "";
        description = "Hostname where owncloud listens.";
      };
    };
    config = {
      # and drupal needs this:
      system.activationScripts.fuck_u = ''
        mkdir -p /run/mysqld
        ln -s /tmp/mysql.sock /run/mysqld/mysqld.sock || true
      '';
      services = {
        postgresql = {
          enable = true;
          package = pkgs.postgresql92;
        };

        # post mysql script expects this:
        mysql.extraOptions = ''
          socket = /tmp/mysql.sock
        '';

        # civicrm cron for sending emails
        cron.enable = true;
        cron.systemCronJobs = [
          "*/15 * * * * nginx ${pkgs.wget}/bin/wget --no-check-certificate -O - -q -t 1 'https://localhost:4455/sites/all/modules/civicrm/bin/cron.php?name=cronie&pass=<hidden>&key=<hidden>'"
        ];

        # much faster responses if using newer php
        phpfpm.phpPackage = pkgs.php56;

        drupal = {
          enable = true;
          hostName = "hidden.beje.si";
          dbPassword = "hidden";
          adminUser = "admin";
          adminPassword = "hidden";
          listenAddress = "0.0.0.0";
          listenPort = "4455";
          enableSSL = mkIf (cert != "" && key != "") true;
          sslCertificate = mkIf (cert != "") cert;
          sslCertificateKey = mkIf (key != "") key;
          cronKey = "hidden";
        };

        postfix = {
          enable = true;
          setSendmail = true;
        };

        httpd = {
          enable = true;
          adminAddr = "admin@example.org";
          sslServerCert = mkIf (cert != "") cert;
          sslServerKey = mkIf (key != "") key;
          enableSSL = mkIf (cert != "" && key != "") true;
          extraSubservices = [{
            serviceType = "owncloud";
            dbServer = "localhost:/tmp/.s.PGSQL.5432";
            dbPassword = "hidden";
            adminUser = "admin";
            adminPassword = "hidden"; # changeme
            libreofficePath = "";
            overwriteHost = config.owncloudHost;
          }
          {
            serviceType = "limesurvey";
            dbPassword = "hidden";
            urlPrefix = "/survey";
            adminPassword = "hidden";
          }];
        };
      };
    };
  };
}

## physical.nix
{
  server = { config, pkgs, lib, ... }: {
    imports = [
      <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
      <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
    ];

    boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_blk" ];
    boot.loader.grub.device = "/dev/vda";

    fileSystems."/" = {
      device = "/dev/disk/by-uuid/942e5-ea2a-489e-a30f-46f16e0";
      fsType = "ext4";
    };

    networking.hostName = "hidden";
    networking.domain = "beje.si";
    networking.hostId = "hidden";
    networking.interfaces.eth0.ip4 = [{
      address = "hi.dd.en.174";
      prefixLength = 27;
    }];
    networking.defaultGateway = "hi.dd.en.161";
    networking.nameservers = [ "hi.dd.en.2" "hi.dd.en.4" ];

    networking.nat.enable = true;
    networking.nat.internalInterfaces = ["ve-+"];
    networking.nat.externalInterface = "eth0";
    networking.nat.forwardPorts = [{
      sourcePort = 80;
      destination = "hi.dd.en..2:80";
    }
    {
      sourcePort = 443;
      destination = "hi.dd.en.2:443";
    }
    {
      sourcePort = 4455;
      destination = "hi.dd.en.2:4455";
    }];

    deployment.targetEnv = "none";
    deployment.targetHost = "hidden.beje.si";
  };

  hidden = { config, pkgs, ... }: {
    deployment.targetEnv = "container";
    deployment.container.host = "hidden.beje.si";
    networking.firewall.trustedInterfaces = [ "eth0" ];
    environment.systemPackages = [ pkgs.tmux ];

    owncloudHost = "hidden.beje.si";
  };
}
	{ cert ? "", key ? "" }: {
	server = { config, pkgs, ... }: {
	services.openssh.enable = true;
	services.panamax.enable = false;
	};

	hidden = { config, lib, pkgs, ... }: with lib; {
	options = {
	owncloudHost = lib.mkOption {
	default = "";
	description = "Hostname where owncloud listens.";
	};
	};
	config = {
	# and drupal needs this:
	system.activationScripts.fuck_u = ''
	mkdir -p /run/mysqld
	ln -s /tmp/mysql.sock /run/mysqld/mysqld.sock \|\| true
	'';
	services = {
	postgresql = {
	enable = true;
	package = pkgs.postgresql92;
	};

	# post mysql script expects this:
	mysql.extraOptions = ''
	socket = /tmp/mysql.sock
	'';

	# civicrm cron for sending emails
	cron.enable = true;
	cron.systemCronJobs = [
	"/15 * * * nginx ${pkgs.wget}/bin/wget --no-check-certificate -O - -q -t 1 'https://localhost:4455/sites/all/modules/civicrm/bin/cron.php?name=cronie&pass=<hidden>&key=<hidden>'"
	];

	# much faster responses if using newer php
	phpfpm.phpPackage = pkgs.php56;

	drupal = {
	enable = true;
	hostName = "hidden.beje.si";
	dbPassword = "hidden";
	adminUser = "admin";
	adminPassword = "hidden";
	listenAddress = "0.0.0.0";
	listenPort = "4455";
	enableSSL = mkIf (cert != "" && key != "") true;
	sslCertificate = mkIf (cert != "") cert;
	sslCertificateKey = mkIf (key != "") key;
	cronKey = "hidden";
	};

	postfix = {
	enable = true;
	setSendmail = true;
	};

	httpd = {
	enable = true;
	adminAddr = "admin@example.org";
	sslServerCert = mkIf (cert != "") cert;
	sslServerKey = mkIf (key != "") key;
	enableSSL = mkIf (cert != "" && key != "") true;
	extraSubservices = [{
	serviceType = "owncloud";
	dbServer = "localhost:/tmp/.s.PGSQL.5432";
	dbPassword = "hidden";
	adminUser = "admin";
	adminPassword = "hidden"; # changeme
	libreofficePath = "";
	overwriteHost = config.owncloudHost;
	}
	{
	serviceType = "limesurvey";
	dbPassword = "hidden";
	urlPrefix = "/survey";
	adminPassword = "hidden";
	}];
	};
	};
	};
	};
	}
	{
	server = { config, pkgs, lib, ... }: {
	imports = [
	<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
	<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
	];

	boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_blk" ];
	boot.loader.grub.device = "/dev/vda";

	fileSystems."/" = {
	device = "/dev/disk/by-uuid/942e5-ea2a-489e-a30f-46f16e0";
	fsType = "ext4";
	};

	networking.hostName = "hidden";
	networking.domain = "beje.si";
	networking.hostId = "hidden";
	networking.interfaces.eth0.ip4 = [{
	address = "hi.dd.en.174";
	prefixLength = 27;
	}];
	networking.defaultGateway = "hi.dd.en.161";
	networking.nameservers = [ "hi.dd.en.2" "hi.dd.en.4" ];

	networking.nat.enable = true;
	networking.nat.internalInterfaces = ["ve-+"];
	networking.nat.externalInterface = "eth0";
	networking.nat.forwardPorts = [{
	sourcePort = 80;
	destination = "hi.dd.en..2:80";
	}
	{
	sourcePort = 443;
	destination = "hi.dd.en.2:443";
	}
	{
	sourcePort = 4455;
	destination = "hi.dd.en.2:4455";
	}];

	deployment.targetEnv = "none";
	deployment.targetHost = "hidden.beje.si";
	};

	hidden = { config, pkgs, ... }: {
	deployment.targetEnv = "container";
	deployment.container.host = "hidden.beje.si";
	networking.firewall.trustedInterfaces = [ "eth0" ];
	environment.systemPackages = [ pkgs.tmux ];

	owncloudHost = "hidden.beje.si";
	};
	}