diff --git a/common/users.nix b/common/users.nix index 7c4cbb9..22002ca 100644 --- a/common/users.nix +++ b/common/users.nix @@ -48,13 +48,13 @@ packages = with pkgs; [ ffmpeg ]; }; - schweby = { + moira = { uid = 1004; shell = pkgs.fish; isNormalUser = true; extraGroups = [ "wheel" "cdrom" ]; openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKqj9RRfthjBl4+y4YH7aWetx5qs2KOE2B0oOw3pjRrQ schweby 2022-05-22" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJrcJRF71+XM5YZj+SaSiGcdVZ0IDxGBXIWssDtHiTtr moira_2022_06" ]; hashedPassword = "$6$zkAsaVdmIduqZxez$GY9aBlYeP41F0it/VbbZzLLLRQhHAbDdFsa3e/1GS9McTuSimMHODg6HqNVEH1zSqD3afhK/0UHfqbtF5qpi90"; }; diff --git a/hosts/parsons/configuration.nix b/hosts/parsons/configuration.nix index 937ea4a..c8aef57 100644 --- a/hosts/parsons/configuration.nix +++ b/hosts/parsons/configuration.nix @@ -17,6 +17,7 @@ ../../services/mail.nix ../../services/syncthing.nix ../../services/gitlab.nix + ../../services/gitea.nix ../../services/nginx-pages.nix ../../services/gitlab-runner.nix ../../services/lantifa.nix diff --git a/pkgs/uffd/default.nix b/pkgs/uffd/default.nix index 9e23c8b..761ff6a 100644 --- a/pkgs/uffd/default.nix +++ b/pkgs/uffd/default.nix @@ -5,12 +5,11 @@ python3Packages.buildPythonPackage rec { version = "2.0.1"; src = fetchzip { - url = - "https://git.cccv.de/uffd/uffd/-/archive/v${version}/uffd-v${version}.tar.gz"; + url = "https://git.cccv.de/uffd/uffd/-/archive/v${version}/uffd-v${version}.tar.gz"; hash = "sha256-KP4J1bw5u7MklaPu2SBFRNyGgkKOBOpft5MMH+em5M4="; }; - patches = [ ./fix-setuppy.patch ./fix-userinfo.patch ]; + patches = [ ./gitea-magic.patch ./fix-setuppy.patch ./fix-userinfo.patch ]; propagatedBuildInputs = with python3Packages; [ flask diff --git a/pkgs/uffd/gitea-magic.patch b/pkgs/uffd/gitea-magic.patch new file mode 100644 index 0000000..a2b3430 --- /dev/null +++ b/pkgs/uffd/gitea-magic.patch @@ -0,0 +1,32 @@ +From e3c0995160a653ef6cd8784b255036585b273b82 Mon Sep 17 00:00:00 2001 +From: stuebinm +Date: Wed, 20 Jul 2022 18:02:15 +0200 +Subject: [PATCH] magic gitea patch + +--- + uffd/oauth2/views.py | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/uffd/oauth2/views.py b/uffd/oauth2/views.py +index d13fd42..94352be 100644 +--- a/uffd/oauth2/views.py ++++ b/uffd/oauth2/views.py +@@ -230,6 +230,15 @@ def oauth_required(*scopes): + @oauth_required('profile') + def userinfo(): + user = request.oauth.user ++ client = request.oauth.client_id ++ if client == "gitea": ++ return jsonify( ++ id=user.unix_uid, ++ full_name=user.displayname, ++ login=user.loginname, ++ email=user.mail, ++ groups=[group.name for group in user.groups] ++ ) + return jsonify( + id=user.unix_uid, + name=user.displayname, +-- +2.36.0 + diff --git a/services/gitea.nix b/services/gitea.nix new file mode 100644 index 0000000..19d5455 --- /dev/null +++ b/services/gitea.nix @@ -0,0 +1,133 @@ +{ config, lib, pkgs, profiles, modules, evalConfig, sources, ... }: + +{ + containers.gitea = { + privateNetwork = true; + hostAddress = "192.168.100.1"; + localAddress = "192.168.100.10"; + autoStart = true; + bindMounts = { + "/persist" = { + hostPath = "/persist/containers/gitea"; + isReadOnly = false; + }; + }; + path = (evalConfig { + hosts = { }; + groups = { }; + } ({ config, lib, pkgs, profiles, modules, sources, ... }: { + boot.isContainer = true; + networking.useDHCP = false; + users.users.root.hashedPassword = ""; + + imports = [ ((import sources.nix-hexchen) { }).profiles.nopersist ]; + + environment.systemPackages = [ pkgs.gitea ]; + + hexchen.bindmounts."/var/lib/gitea" = "/persist/gitea"; + + nixpkgs.config.allowUnfree = true; + networking.firewall.enable = false; + networking.defaultGateway = { + address = "192.168.100.1"; + interface = "eth0"; + }; + services.coredns = { + enable = true; + config = '' + .:53 { + forward . 1.1.1.1 + } + ''; + }; + services.gitea = { + enable = true; + appName = "0x0: git for all creatures"; + rootUrl = "https://git.infra4future.de/"; + httpAddress = "0.0.0.0"; + httpPort = 3000; + lfs.enable = true; + disableRegistration = true; + database.type = "postgres"; + cookieSecure = true; + log.level = "Info"; + # mailerPasswordFile = + # "/var/lib/secrets/noreply"; # see below for access permissions + settings = { + # mailer = { + # ENABLED = true; + # HOST = "0x0.rip:465"; + # FROM = "noreply@0x0.rip"; + # ENVELOPE_FROM = "noreply@0x0.rip"; + # USER = "noreply@0x0.rip"; + + # }; + repository = { + DEFAULT_PRIVATE = "public"; + PREFERRED_LICENSES = "Unlicense"; + DEFAULT_BRANCH = "main"; + }; + oauth2_client = { + ACCOUNT_LINKING = "auto"; + ENABLE_AUTO_REGISTRATION = true; + }; + "repository.pull-requests" = { + DEFAULT_MERGE_STYLE = "merge"; + DEFAULT_MERGE_MESSAGE_ALL_AUTHORS = true; + }; + "repository.upload".FILE_MAX_SIZE = 1024; + server = { + LANDING_PAGE = "explore"; + OFFLINE_MODE = true; + }; + security = { INSTALL_LOCK = true; }; + other = { + SHOW_FOOTER_VERSION = false; + SHOW_FOOTER_TEMPLATE_LOAD_TIME = false; + }; + cron = { + ENABLED = true; + NOTICE_ON_SUCCESS = true; + }; + "cron.update_mirrors" = { + SCHEDULE = "@every 12h"; + PULL_LIMIT = "-1"; + PUSH_LIMIT = "-1"; + }; + "cron.git_gc_repos".ENABLED = true; + "cron.delete_old_actions".ENABLED = true; + }; + }; + services.postgresqlBackup = { + enable = true; + databases = [ "gitea" ]; + startAt = "*-*-* 23:45:00"; + location = "/persist/backups/postgres"; + }; + services.openssh = { + enable = true; + passwordAuthentication = false; + listenAddresses = [ { + addr = "192.168.100.10"; + port = 22; + } ]; + extraConfig = '' + AcceptEnv GIT_PROTOCOL + ''; + }; + })).config.system.build.toplevel; + }; + + services.nginx.virtualHosts."git.infra4future.de" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://${config.containers.gitea.localAddress}:3000"; + }; + }; + hexchen.nftables.nat.forwardPorts = [{ + ports = [ 22 ]; + destination = "${config.containers.gitea.localAddress}:22"; + proto = "tcp"; + }]; +} diff --git a/services/gitlab.nix b/services/gitlab.nix index 5de66be..8a2c708 100644 --- a/services/gitlab.nix +++ b/services/gitlab.nix @@ -133,11 +133,11 @@ })).config.system.build.toplevel; }; - hexchen.nftables.nat.forwardPorts = [{ - ports = [ 22 ]; - destination = "${config.containers.gitlab.localAddress}:22"; - proto = "tcp"; - }]; + # hexchen.nftables.nat.forwardPorts = [{ + # ports = [ 22 ]; + # destination = "${config.containers.gitlab.localAddress}:22"; + # proto = "tcp"; + # }]; services.nginx.virtualHosts."gitlab.infra4future.de" = { locations."/".proxyPass = "http://${config.containers.gitlab.localAddress}:80"; diff --git a/services/lantifa.nix b/services/lantifa.nix index 3b7c04d..e1649d2 100644 --- a/services/lantifa.nix +++ b/services/lantifa.nix @@ -40,7 +40,7 @@ extraConfig = let wikidb = pkgs.fetchzip { url = "https://www.kennel17.co.uk/uploads/testwiki/e/e9/WikiDB.zip"; - sha256 = "0pns9fk1ws54m7rgbfsrxqh6ayab16mmnvzba8m4malljgrbil8b"; + sha256 = "sha256-8pMNQwmGEsbIoSV1s4RL5Xqq4+f+GNOaCB8VlVnbweY="; }; in '' // Configure short URLs @@ -77,8 +77,8 @@ sha256 = "1k0z44jfqsxzwy6jjz3yfibiq8wi845d5iwwh8j3yijn2854fj0i"; }; intersection = pkgs.fetchzip { # This is the DynamicPageList extension - url = "https://extdist.wmflabs.org/dist/extensions/intersection-REL1_36-4a70dbd.tar.gz"; - sha256 = "0s70fqkf5ylpsxy1h3hljic8708j6099mz12b6k03hgwc582yywi"; + url = "https://extdist.wmflabs.org/dist/extensions/intersection-REL1_36-82eb087.tar.gz"; + sha256 = "sha256-TD58DvJ4CFASP4rIc94jeB4SN4zktLe33xZtz/Qg2dk="; }; PageForms = pkgs.fetchzip { url = "https://github.com/wikimedia/mediawiki-extensions-PageForms/archive/5.0.1.zip"; diff --git a/services/mail.nix b/services/mail.nix index 518f973..211a2e1 100644 --- a/services/mail.nix +++ b/services/mail.nix @@ -42,7 +42,7 @@ "raphael@hacc.space".hashedPassword = "$6$QveHpwMcp9mkFVAU$EFuahOrJIxPg.c.WGFHtrP3.onwJYwvP7fiBHHGb9jhosewZ2tEUP.2D3uyDLhd9Cfny6Yp4jDk/Hkjk7/ME1/"; - "schweby@hacc.space".hashedPassword = + "moira@hacc.space".hashedPassword = "$6$BpYhwcZNrkLhVqK$6FMqA/vUkdV4GBlHLSqS5DRCb/CaLDNeIsBcZ8G30heytS/tJj2Ag7b1ovSltTA4PUfhee3pJrz1BkwkA93vN1"; "zauberberg@hacc.space".hashedPassword = @@ -81,7 +81,7 @@ "hexchen@hacc.space" "octycs@hacc.space" "raphael@hacc.space" - "schweby@hacc.space" + "moira@hacc.space" "zauberberg@hacc.space" "stuebinm@hacc.space" "lenny@hacc.space" @@ -89,12 +89,12 @@ # admin: current people with access to the mail server and knowledge on how to use itâ„¢ "admin@hacc.space" = - [ "hexchen@hacc.space" "schweby@hacc.space" "zauberberg@hacc.space" ]; + [ "hexchen@hacc.space" "moira@hacc.space" "zauberberg@hacc.space" ]; # voc: hacc video operation center, various streaming-related things "voc@hacc.space" = [ "hexchen@hacc.space" - "schweby@hacc.space" + "moira@hacc.space" "octycs@hacc.space" "stuebinm@hacc.space" "zauberberg@hacc.space" @@ -105,13 +105,13 @@ # -- Regional: Germany -- # board of hacc e.V. "vorstand@hacc.space" = - [ "raphael@hacc.space" "schweby@hacc.space" "zauberberg@hacc.space" ]; + [ "raphael@hacc.space" "moira@hacc.space" "zauberberg@hacc.space" ]; # members of hacc e.V. "mitglieder@hacc.space" = [ "hexchen@hacc.space" "raphael@hacc.space" - "schweby@hacc.space" + "moira@hacc.space" "zauberberg@hacc.space" "lenny@hacc.space" "octycs@hacc.space" @@ -123,7 +123,7 @@ "hexchen@hacc.space" "octycs@hacc.space" "raphael@hacc.space" - "schweby@hacc.space" + "moira@hacc.space" "zauberberg@hacc.space" "stuebinm@hacc.space" "lenny@hacc.space" diff --git a/services/syncthing.nix b/services/syncthing.nix index 3eff7a7..40bab1c 100644 --- a/services/syncthing.nix +++ b/services/syncthing.nix @@ -7,10 +7,6 @@ configDir = "/persist/var/lib/syncthing/"; dataDir = "/persist/data/syncthing/"; devices = { - schweby = { - addresses = []; # empty = dynamic - id = "YF7DNNS-B63GERK-YFQ7G7Q-2DG7557-VIWFOTK-R3JOS63-T76POBQ-F6MO6AH"; - }; raphael-laptop = { addresses = []; # empty = dynamic id = "72B3T74-NOMJV3X-EVJXTJF-5GGAEZB-ZDKBHXQ-VQNRYEU-YCPA2JP-L6NGAAG"; @@ -25,7 +21,7 @@ folders = { "/persist/data/syncthing/hacc/" = { id = "qt2ly-xvvvs"; - devices = [ "schweby" "conway" "raphael-laptop"]; + devices = [ "conway" "raphael-laptop"]; type = "receiveonly"; versioning = { type = "simple"; @@ -34,7 +30,7 @@ }; "/persist/data/syncthing/hacc_eV_vorstand/" = { id = "twwt7-fxrsr"; - devices = [ "schweby" "conway" "raphael-laptop"]; + devices = [ "conway" "raphael-laptop"]; # type = "receiveencrypted"; # no yet implemented }; }; diff --git a/websites/muc.hacc.earth/index.html b/websites/muc.hacc.earth/index.html index fbc0bb4..e386de9 100644 --- a/websites/muc.hacc.earth/index.html +++ b/websites/muc.hacc.earth/index.html @@ -402,7 +402,7 @@ registered at the local court Munich VR 208921
  • Satzung (statutes)