VFIO profile: some changes. Remove jira.

config/profiles/vfio/profile.nix

@@ -1,11 +1,13 @@
 { config, pkgs, lib, ... }: with lib; let
   win10-toggler = pkgs.writeShellScriptBin "win10-toggle" ''
-if systemctl --user is-active konawall-rotation.timer --quiet; then
-	systemctl --user stop konawall-rotation.timer
+REQUEST="$0"
+if [[ "REQUEST" = "on" ]]; then
+  sudo win10-vm-pinning $(cat $XDG_RUNTIME_DIR/win10-vm.pid)
+  systemctl --user stop konawall-rotation.timer
 else
+  sudo win10-vm-pinning
 	systemctl --user start konawall-rotation.timer
 fi
-sudo win10-vm-pinning $(cat $XDG_RUNTIME_DIR/win10-vm.pid)
   '';
   win10-start-pane = pkgs.writeShellScriptBin "win10-start-pane" ''
 sudo disk-mapper-part /dev/disk/by-id/ata-ST2000DM008-2FR102_WK301C3H-part2
@@ -122,19 +124,17 @@ in {
         };
         wantedBy = ["sysinit.target"];
       };
-      cpuset = {
-      type = "cgroup";
-      what = "cpuset";
-      where = "/sys/fs/cgroup/cpuset";
-      wantedBy = singleton "multi-user.target";
-      options = "cpuset";
-    };
     in [
-      cpuset
       (hugepages { where = "/dev/hugepages"; options = "mode=0775"; })
       (hugepages { where = "/dev/hugepages1G"; options = "pagesize=1GB,mode=0775"; })
     ];
 
+    fileSystems."/sys/fs/cgroup/cpuset" = {
+      device = "cpuset";
+      fsType = "cgroup";
+      noCheck = true;
+    };
+
     systemd.services.preallocate-huggies = {
       wantedBy = singleton "multi-user.target";
       serviceConfig = {

config/services/jira.nix

@@ -0,0 +1,56 @@
+{ config, pkgs, lib, tf, ... }: with lib; {
+  services.jira = {
+    enable = true;
+  };
+
+
+  deploy.tf.dns.records.services_jira = {
+    inherit (config.network.dns) zone;
+    domain = "jira";
+    cname = { inherit (config.network.addresses.public) target; };
+  };
+
+  systemd.services.jiraPostgresSQLInit = {
+    after = [ "postgresql.service" ];
+    before = [ "jira.service" ];
+    bindsTo = [ "postgresql.service" ];
+    path = [ config.services.postgresql.package ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+      User = "postgres";
+      Group = "postgres";
+    };
+    script = ''
+      set -o errexit -o pipefail -o nounset -o errtrace
+      shopt -s inherit_errexit
+      create_role="$(mktemp)"
+      trap 'rm -f "$create_role"' ERR EXIT
+      echo "CREATE ROLE jira WITH LOGIN PASSWORD '$(<'${config.secrets.files.jira-postgres-file.path}')' CREATEDB" > "$create_role"
+      psql -tAc "SELECT 1 FROM pg_roles WHERE rolname='jira'" | grep -q 1 || psql -tA --file="$create_role"
+      psql -tAc "SELECT 1 FROM pg_database WHERE datname = 'jira'" | grep -q 1 || psql -tAc 'CREATE DATABASE "jira" OWNER "jira"'
+    '';
+  };
+
+
+  kw.secrets.variables.jira-postgres = {
+    path = "secrets/jira";
+    field = "password";
+  };
+
+  secrets.files.jira-postgres-file = {
+    text = "${tf.variables.jira-postgres.ref}";
+    owner = "postgres";
+    group = "jira";
+  };
+
+  users.users.nginx.extraGroups = [ "jira" ];
+  services.nginx.virtualHosts."jira.${config.network.dns.domain}" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:8091";
+      proxyWebsockets = true;
+    };
+  };
+}

config/services/nginx.nix

@@ -39,7 +39,8 @@ with lib;
   };
 
   security.acme = {
-    defaults.email = config.network.dns.email;
+    #defaults.email = config.network.dns.email;
+    email = config.network.dns.email;
     acceptTerms = true;
   };
 }

config/tf

@@ -1 +1 @@
-Subproject commit ab39c7fb9a3bb8250abbce9b66a1ede088919f12
+Subproject commit d8a25e3cb44bbf66a710f4dcc6bd7d19e60fb233

config/users/kat/dev/packages.nix

@@ -2,6 +2,7 @@
 
 {
   home.packages = with pkgs; [
+    jq
     hyperfine
     hexyl
     tokei