Merge branch 'main' into infra4future.de-update

common/users.nix

@@ -48,13 +48,13 @@
       packages = with pkgs; [ ffmpeg ];
     };
 
-    schweby = {
+    moira = {
       uid = 1004;
       shell = pkgs.fish;
       isNormalUser = true;
       extraGroups = [ "wheel" "cdrom" ];
       openssh.authorizedKeys.keys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKqj9RRfthjBl4+y4YH7aWetx5qs2KOE2B0oOw3pjRrQ schweby 2022-05-22"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJrcJRF71+XM5YZj+SaSiGcdVZ0IDxGBXIWssDtHiTtr moira_2022_06"
       ];
       hashedPassword = "$6$zkAsaVdmIduqZxez$GY9aBlYeP41F0it/VbbZzLLLRQhHAbDdFsa3e/1GS9McTuSimMHODg6HqNVEH1zSqD3afhK/0UHfqbtF5qpi90";
     };

hosts/parsons/configuration.nix

@@ -17,6 +17,7 @@
     ../../services/mail.nix
     ../../services/syncthing.nix
     ../../services/gitlab.nix
+    ../../services/gitea.nix
     ../../services/nginx-pages.nix
     ../../services/gitlab-runner.nix
     ../../services/lantifa.nix

pkgs/uffd/default.nix

@@ -5,12 +5,11 @@ python3Packages.buildPythonPackage rec {
   version = "2.0.1";
 
   src = fetchzip {
-    url =
+    url = "https://git.cccv.de/uffd/uffd/-/archive/v${version}/uffd-v${version}.tar.gz";
-      "https://git.cccv.de/uffd/uffd/-/archive/v${version}/uffd-v${version}.tar.gz";
     hash = "sha256-KP4J1bw5u7MklaPu2SBFRNyGgkKOBOpft5MMH+em5M4=";
   };
 
-  patches = [ ./fix-setuppy.patch ./fix-userinfo.patch ];
+  patches = [ ./gitea-magic.patch ./fix-setuppy.patch ./fix-userinfo.patch ];
 
   propagatedBuildInputs = with python3Packages; [
     flask

pkgs/uffd/gitea-magic.patch

@@ -0,0 +1,32 @@
+From e3c0995160a653ef6cd8784b255036585b273b82 Mon Sep 17 00:00:00 2001
+From: stuebinm <stuebinm@disroot.org>
+Date: Wed, 20 Jul 2022 18:02:15 +0200
+Subject: [PATCH] magic gitea patch
+
+---
+ uffd/oauth2/views.py | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/uffd/oauth2/views.py b/uffd/oauth2/views.py
+index d13fd42..94352be 100644
+--- a/uffd/oauth2/views.py
++++ b/uffd/oauth2/views.py
+@@ -230,6 +230,15 @@ def oauth_required(*scopes):
+ @oauth_required('profile')
+ def userinfo():
+ 	user = request.oauth.user
++	client = request.oauth.client_id
++	if client == "gitea":
++		return jsonify(
++	    		id=user.unix_uid,
++    			full_name=user.displayname,
++	    		login=user.loginname,
++			email=user.mail,
++    			groups=[group.name for group in user.groups]
++		)
+ 	return jsonify(
+ 		id=user.unix_uid,
+ 		name=user.displayname,
+-- 
+2.36.0
+

services/gitea.nix

@@ -0,0 +1,133 @@
+{ config, lib, pkgs, profiles, modules, evalConfig, sources, ... }:
+
+{
+  containers.gitea = {
+    privateNetwork = true;
+    hostAddress = "192.168.100.1";
+    localAddress = "192.168.100.10";
+    autoStart = true;
+    bindMounts = {
+      "/persist" = {
+        hostPath = "/persist/containers/gitea";
+        isReadOnly = false;
+      };
+    };
+    path = (evalConfig {
+      hosts = { };
+      groups = { };
+    } ({ config, lib, pkgs, profiles, modules, sources, ... }: {
+      boot.isContainer = true;
+      networking.useDHCP = false;
+      users.users.root.hashedPassword = "";
+
+      imports = [ ((import sources.nix-hexchen) { }).profiles.nopersist ];
+
+      environment.systemPackages = [ pkgs.gitea ];
+
+      hexchen.bindmounts."/var/lib/gitea" = "/persist/gitea";
+
+      nixpkgs.config.allowUnfree = true;
+      networking.firewall.enable = false;
+      networking.defaultGateway = {
+        address = "192.168.100.1";
+        interface = "eth0";
+      };
+      services.coredns = {
+        enable = true;
+        config = ''
+          .:53 {
+            forward . 1.1.1.1
+          }
+        '';
+      };
+      services.gitea = {
+        enable = true;
+        appName = "0x0: git for all creatures";
+        rootUrl = "https://git.infra4future.de/";
+        httpAddress = "0.0.0.0";
+        httpPort = 3000;
+        lfs.enable = true;
+        disableRegistration = true;
+        database.type = "postgres";
+        cookieSecure = true;
+        log.level = "Info";
+        #  mailerPasswordFile =
+        #    "/var/lib/secrets/noreply"; # see below for access permissions
+        settings = {
+          #    mailer = {
+          #      ENABLED = true;
+          #      HOST = "0x0.rip:465";
+          #      FROM = "noreply@0x0.rip";
+          #      ENVELOPE_FROM = "noreply@0x0.rip";
+          #      USER = "noreply@0x0.rip";
+
+          #    };
+          repository = {
+            DEFAULT_PRIVATE = "public";
+            PREFERRED_LICENSES = "Unlicense";
+            DEFAULT_BRANCH = "main";
+          };
+          oauth2_client = {
+            ACCOUNT_LINKING = "auto";
+            ENABLE_AUTO_REGISTRATION = true;
+          };
+          "repository.pull-requests" = {
+            DEFAULT_MERGE_STYLE = "merge";
+            DEFAULT_MERGE_MESSAGE_ALL_AUTHORS = true;
+          };
+          "repository.upload".FILE_MAX_SIZE = 1024;
+          server = {
+            LANDING_PAGE = "explore";
+            OFFLINE_MODE = true;
+          };
+          security = { INSTALL_LOCK = true; };
+          other = {
+            SHOW_FOOTER_VERSION = false;
+            SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
+          };
+          cron = {
+            ENABLED = true;
+            NOTICE_ON_SUCCESS = true;
+          };
+          "cron.update_mirrors" = {
+            SCHEDULE = "@every 12h";
+            PULL_LIMIT = "-1";
+            PUSH_LIMIT = "-1";
+          };
+          "cron.git_gc_repos".ENABLED = true;
+          "cron.delete_old_actions".ENABLED = true;
+        };
+      };
+      services.postgresqlBackup = {
+        enable = true;
+        databases = [ "gitea" ];
+        startAt = "*-*-* 23:45:00";
+        location = "/persist/backups/postgres";
+      };
+      services.openssh = {
+        enable = true;
+        passwordAuthentication = false;
+        listenAddresses = [ {
+          addr = "192.168.100.10";
+          port = 22;
+        } ];
+        extraConfig = ''
+          AcceptEnv GIT_PROTOCOL
+        '';
+      };
+    })).config.system.build.toplevel;
+  };
+
+  services.nginx.virtualHosts."git.infra4future.de" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://${config.containers.gitea.localAddress}:3000";
+    };
+  };
+  hexchen.nftables.nat.forwardPorts = [{
+    ports = [ 22 ];
+    destination = "${config.containers.gitea.localAddress}:22";
+    proto = "tcp";
+  }];
+}

services/gitlab.nix

@@ -133,11 +133,11 @@
     })).config.system.build.toplevel;
   };
 
-  hexchen.nftables.nat.forwardPorts = [{
+  # hexchen.nftables.nat.forwardPorts = [{
-    ports = [ 22 ];
+  #   ports = [ 22 ];
-    destination = "${config.containers.gitlab.localAddress}:22";
+  #   destination = "${config.containers.gitlab.localAddress}:22";
-    proto = "tcp";
+  #   proto = "tcp";
-  }];
+  # }];
 
   services.nginx.virtualHosts."gitlab.infra4future.de" = {
     locations."/".proxyPass = "http://${config.containers.gitlab.localAddress}:80";

services/lantifa.nix

@@ -40,7 +40,7 @@
         extraConfig = let
           wikidb = pkgs.fetchzip {
             url = "https://www.kennel17.co.uk/uploads/testwiki/e/e9/WikiDB.zip";
-            sha256 = "0pns9fk1ws54m7rgbfsrxqh6ayab16mmnvzba8m4malljgrbil8b";
+            sha256 = "sha256-8pMNQwmGEsbIoSV1s4RL5Xqq4+f+GNOaCB8VlVnbweY=";
           };
         in ''
           // Configure short URLs
@@ -77,8 +77,8 @@
             sha256 = "1k0z44jfqsxzwy6jjz3yfibiq8wi845d5iwwh8j3yijn2854fj0i";
           };
           intersection = pkgs.fetchzip {  # This is the DynamicPageList extension
-            url = "https://extdist.wmflabs.org/dist/extensions/intersection-REL1_36-4a70dbd.tar.gz";
+            url = "https://extdist.wmflabs.org/dist/extensions/intersection-REL1_36-82eb087.tar.gz";
-            sha256 = "0s70fqkf5ylpsxy1h3hljic8708j6099mz12b6k03hgwc582yywi";
+            sha256 = "sha256-TD58DvJ4CFASP4rIc94jeB4SN4zktLe33xZtz/Qg2dk=";
           };
           PageForms = pkgs.fetchzip {
             url = "https://github.com/wikimedia/mediawiki-extensions-PageForms/archive/5.0.1.zip";

services/mail.nix

@@ -42,7 +42,7 @@
       "raphael@hacc.space".hashedPassword =
         "$6$QveHpwMcp9mkFVAU$EFuahOrJIxPg.c.WGFHtrP3.onwJYwvP7fiBHHGb9jhosewZ2tEUP.2D3uyDLhd9Cfny6Yp4jDk/Hkjk7/ME1/";
 
-      "schweby@hacc.space".hashedPassword =
+      "moira@hacc.space".hashedPassword =
         "$6$BpYhwcZNrkLhVqK$6FMqA/vUkdV4GBlHLSqS5DRCb/CaLDNeIsBcZ8G30heytS/tJj2Ag7b1ovSltTA4PUfhee3pJrz1BkwkA93vN1";
 
       "zauberberg@hacc.space".hashedPassword =
@@ -81,7 +81,7 @@
         "hexchen@hacc.space"
         "octycs@hacc.space"
         "raphael@hacc.space"
-        "schweby@hacc.space"
+        "moira@hacc.space"
         "zauberberg@hacc.space"
         "stuebinm@hacc.space"
         "lenny@hacc.space"
@@ -89,12 +89,12 @@
 
       # admin: current people with access to the mail server and knowledge on how to use it™
       "admin@hacc.space" =
-        [ "hexchen@hacc.space" "schweby@hacc.space" "zauberberg@hacc.space" ];
+        [ "hexchen@hacc.space" "moira@hacc.space" "zauberberg@hacc.space" ];
 
       # voc: hacc video operation center, various streaming-related things
       "voc@hacc.space" = [
         "hexchen@hacc.space"
-        "schweby@hacc.space"
+        "moira@hacc.space"
         "octycs@hacc.space"
         "stuebinm@hacc.space"
         "zauberberg@hacc.space"
@@ -105,13 +105,13 @@
       # -- Regional: Germany --
       # board of hacc e.V.
       "vorstand@hacc.space" =
-        [ "raphael@hacc.space" "schweby@hacc.space" "zauberberg@hacc.space" ];
+        [ "raphael@hacc.space" "moira@hacc.space" "zauberberg@hacc.space" ];
 
       # members of hacc e.V.
       "mitglieder@hacc.space" = [
         "hexchen@hacc.space"
         "raphael@hacc.space"
-        "schweby@hacc.space"
+        "moira@hacc.space"
         "zauberberg@hacc.space"
         "lenny@hacc.space"
         "octycs@hacc.space"
@@ -123,7 +123,7 @@
         "hexchen@hacc.space"
         "octycs@hacc.space"
         "raphael@hacc.space"
-        "schweby@hacc.space"
+        "moira@hacc.space"
         "zauberberg@hacc.space"
         "stuebinm@hacc.space"
         "lenny@hacc.space"

services/syncthing.nix

@@ -7,10 +7,6 @@
     configDir = "/persist/var/lib/syncthing/";
     dataDir = "/persist/data/syncthing/";
     devices = {
-      schweby = {
-        addresses = []; # empty = dynamic
-        id = "YF7DNNS-B63GERK-YFQ7G7Q-2DG7557-VIWFOTK-R3JOS63-T76POBQ-F6MO6AH";
-      };
       raphael-laptop = {
         addresses = []; # empty = dynamic
         id = "72B3T74-NOMJV3X-EVJXTJF-5GGAEZB-ZDKBHXQ-VQNRYEU-YCPA2JP-L6NGAAG";
@@ -25,7 +21,7 @@
     folders = {
       "/persist/data/syncthing/hacc/" = {
         id = "qt2ly-xvvvs";
-        devices = [ "schweby" "conway" "raphael-laptop"];
+        devices = [ "conway" "raphael-laptop"];
         type = "receiveonly";
         versioning = {
           type = "simple";
@@ -34,7 +30,7 @@
       };
       "/persist/data/syncthing/hacc_eV_vorstand/" = {
         id = "twwt7-fxrsr";
-        devices = [ "schweby" "conway" "raphael-laptop"];
+        devices = [ "conway" "raphael-laptop"];
 #        type = "receiveencrypted"; # no yet implemented
       };
     };

websites/muc.hacc.earth/index.html

@@ -402,7 +402,7 @@ registered at the local court Munich VR 208921
                         <ul>
                             <li>raphael or rw</li>
                             <li>zauberberg</li>
-                            <li>schweby</li>
+                            <li>moira</li>
                         </ul
                     </li>
                     <li><a href="https://gitlab.infra4future.de/hacc/verein/satzung">Satzung</a> (statutes)</li>