Merge branch 'main' into infra4future.de-update

This commit is contained in:
Moira 2022-09-19 16:15:24 +00:00
commit 0152186bfe
10 changed files with 188 additions and 27 deletions

View file

@ -48,13 +48,13 @@
packages = with pkgs; [ ffmpeg ];
};
schweby = {
moira = {
uid = 1004;
shell = pkgs.fish;
isNormalUser = true;
extraGroups = [ "wheel" "cdrom" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKqj9RRfthjBl4+y4YH7aWetx5qs2KOE2B0oOw3pjRrQ schweby 2022-05-22"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJrcJRF71+XM5YZj+SaSiGcdVZ0IDxGBXIWssDtHiTtr moira_2022_06"
];
hashedPassword = "$6$zkAsaVdmIduqZxez$GY9aBlYeP41F0it/VbbZzLLLRQhHAbDdFsa3e/1GS9McTuSimMHODg6HqNVEH1zSqD3afhK/0UHfqbtF5qpi90";
};

View file

@ -17,6 +17,7 @@
../../services/mail.nix
../../services/syncthing.nix
../../services/gitlab.nix
../../services/gitea.nix
../../services/nginx-pages.nix
../../services/gitlab-runner.nix
../../services/lantifa.nix

View file

@ -5,12 +5,11 @@ python3Packages.buildPythonPackage rec {
version = "2.0.1";
src = fetchzip {
url =
"https://git.cccv.de/uffd/uffd/-/archive/v${version}/uffd-v${version}.tar.gz";
url = "https://git.cccv.de/uffd/uffd/-/archive/v${version}/uffd-v${version}.tar.gz";
hash = "sha256-KP4J1bw5u7MklaPu2SBFRNyGgkKOBOpft5MMH+em5M4=";
};
patches = [ ./fix-setuppy.patch ./fix-userinfo.patch ];
patches = [ ./gitea-magic.patch ./fix-setuppy.patch ./fix-userinfo.patch ];
propagatedBuildInputs = with python3Packages; [
flask

View file

@ -0,0 +1,32 @@
From e3c0995160a653ef6cd8784b255036585b273b82 Mon Sep 17 00:00:00 2001
From: stuebinm <stuebinm@disroot.org>
Date: Wed, 20 Jul 2022 18:02:15 +0200
Subject: [PATCH] magic gitea patch
---
uffd/oauth2/views.py | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/uffd/oauth2/views.py b/uffd/oauth2/views.py
index d13fd42..94352be 100644
--- a/uffd/oauth2/views.py
+++ b/uffd/oauth2/views.py
@@ -230,6 +230,15 @@ def oauth_required(*scopes):
@oauth_required('profile')
def userinfo():
user = request.oauth.user
+ client = request.oauth.client_id
+ if client == "gitea":
+ return jsonify(
+ id=user.unix_uid,
+ full_name=user.displayname,
+ login=user.loginname,
+ email=user.mail,
+ groups=[group.name for group in user.groups]
+ )
return jsonify(
id=user.unix_uid,
name=user.displayname,
--
2.36.0

133
services/gitea.nix Normal file
View file

@ -0,0 +1,133 @@
{ config, lib, pkgs, profiles, modules, evalConfig, sources, ... }:
{
containers.gitea = {
privateNetwork = true;
hostAddress = "192.168.100.1";
localAddress = "192.168.100.10";
autoStart = true;
bindMounts = {
"/persist" = {
hostPath = "/persist/containers/gitea";
isReadOnly = false;
};
};
path = (evalConfig {
hosts = { };
groups = { };
} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
boot.isContainer = true;
networking.useDHCP = false;
users.users.root.hashedPassword = "";
imports = [ ((import sources.nix-hexchen) { }).profiles.nopersist ];
environment.systemPackages = [ pkgs.gitea ];
hexchen.bindmounts."/var/lib/gitea" = "/persist/gitea";
nixpkgs.config.allowUnfree = true;
networking.firewall.enable = false;
networking.defaultGateway = {
address = "192.168.100.1";
interface = "eth0";
};
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
services.gitea = {
enable = true;
appName = "0x0: git for all creatures";
rootUrl = "https://git.infra4future.de/";
httpAddress = "0.0.0.0";
httpPort = 3000;
lfs.enable = true;
disableRegistration = true;
database.type = "postgres";
cookieSecure = true;
log.level = "Info";
# mailerPasswordFile =
# "/var/lib/secrets/noreply"; # see below for access permissions
settings = {
# mailer = {
# ENABLED = true;
# HOST = "0x0.rip:465";
# FROM = "noreply@0x0.rip";
# ENVELOPE_FROM = "noreply@0x0.rip";
# USER = "noreply@0x0.rip";
# };
repository = {
DEFAULT_PRIVATE = "public";
PREFERRED_LICENSES = "Unlicense";
DEFAULT_BRANCH = "main";
};
oauth2_client = {
ACCOUNT_LINKING = "auto";
ENABLE_AUTO_REGISTRATION = true;
};
"repository.pull-requests" = {
DEFAULT_MERGE_STYLE = "merge";
DEFAULT_MERGE_MESSAGE_ALL_AUTHORS = true;
};
"repository.upload".FILE_MAX_SIZE = 1024;
server = {
LANDING_PAGE = "explore";
OFFLINE_MODE = true;
};
security = { INSTALL_LOCK = true; };
other = {
SHOW_FOOTER_VERSION = false;
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
};
cron = {
ENABLED = true;
NOTICE_ON_SUCCESS = true;
};
"cron.update_mirrors" = {
SCHEDULE = "@every 12h";
PULL_LIMIT = "-1";
PUSH_LIMIT = "-1";
};
"cron.git_gc_repos".ENABLED = true;
"cron.delete_old_actions".ENABLED = true;
};
};
services.postgresqlBackup = {
enable = true;
databases = [ "gitea" ];
startAt = "*-*-* 23:45:00";
location = "/persist/backups/postgres";
};
services.openssh = {
enable = true;
passwordAuthentication = false;
listenAddresses = [ {
addr = "192.168.100.10";
port = 22;
} ];
extraConfig = ''
AcceptEnv GIT_PROTOCOL
'';
};
})).config.system.build.toplevel;
};
services.nginx.virtualHosts."git.infra4future.de" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://${config.containers.gitea.localAddress}:3000";
};
};
hexchen.nftables.nat.forwardPorts = [{
ports = [ 22 ];
destination = "${config.containers.gitea.localAddress}:22";
proto = "tcp";
}];
}

View file

@ -133,11 +133,11 @@
})).config.system.build.toplevel;
};
hexchen.nftables.nat.forwardPorts = [{
ports = [ 22 ];
destination = "${config.containers.gitlab.localAddress}:22";
proto = "tcp";
}];
# hexchen.nftables.nat.forwardPorts = [{
# ports = [ 22 ];
# destination = "${config.containers.gitlab.localAddress}:22";
# proto = "tcp";
# }];
services.nginx.virtualHosts."gitlab.infra4future.de" = {
locations."/".proxyPass = "http://${config.containers.gitlab.localAddress}:80";

View file

@ -40,7 +40,7 @@
extraConfig = let
wikidb = pkgs.fetchzip {
url = "https://www.kennel17.co.uk/uploads/testwiki/e/e9/WikiDB.zip";
sha256 = "0pns9fk1ws54m7rgbfsrxqh6ayab16mmnvzba8m4malljgrbil8b";
sha256 = "sha256-8pMNQwmGEsbIoSV1s4RL5Xqq4+f+GNOaCB8VlVnbweY=";
};
in ''
// Configure short URLs
@ -77,8 +77,8 @@
sha256 = "1k0z44jfqsxzwy6jjz3yfibiq8wi845d5iwwh8j3yijn2854fj0i";
};
intersection = pkgs.fetchzip { # This is the DynamicPageList extension
url = "https://extdist.wmflabs.org/dist/extensions/intersection-REL1_36-4a70dbd.tar.gz";
sha256 = "0s70fqkf5ylpsxy1h3hljic8708j6099mz12b6k03hgwc582yywi";
url = "https://extdist.wmflabs.org/dist/extensions/intersection-REL1_36-82eb087.tar.gz";
sha256 = "sha256-TD58DvJ4CFASP4rIc94jeB4SN4zktLe33xZtz/Qg2dk=";
};
PageForms = pkgs.fetchzip {
url = "https://github.com/wikimedia/mediawiki-extensions-PageForms/archive/5.0.1.zip";

View file

@ -42,7 +42,7 @@
"raphael@hacc.space".hashedPassword =
"$6$QveHpwMcp9mkFVAU$EFuahOrJIxPg.c.WGFHtrP3.onwJYwvP7fiBHHGb9jhosewZ2tEUP.2D3uyDLhd9Cfny6Yp4jDk/Hkjk7/ME1/";
"schweby@hacc.space".hashedPassword =
"moira@hacc.space".hashedPassword =
"$6$BpYhwcZNrkLhVqK$6FMqA/vUkdV4GBlHLSqS5DRCb/CaLDNeIsBcZ8G30heytS/tJj2Ag7b1ovSltTA4PUfhee3pJrz1BkwkA93vN1";
"zauberberg@hacc.space".hashedPassword =
@ -81,7 +81,7 @@
"hexchen@hacc.space"
"octycs@hacc.space"
"raphael@hacc.space"
"schweby@hacc.space"
"moira@hacc.space"
"zauberberg@hacc.space"
"stuebinm@hacc.space"
"lenny@hacc.space"
@ -89,12 +89,12 @@
# admin: current people with access to the mail server and knowledge on how to use it™
"admin@hacc.space" =
[ "hexchen@hacc.space" "schweby@hacc.space" "zauberberg@hacc.space" ];
[ "hexchen@hacc.space" "moira@hacc.space" "zauberberg@hacc.space" ];
# voc: hacc video operation center, various streaming-related things
"voc@hacc.space" = [
"hexchen@hacc.space"
"schweby@hacc.space"
"moira@hacc.space"
"octycs@hacc.space"
"stuebinm@hacc.space"
"zauberberg@hacc.space"
@ -105,13 +105,13 @@
# -- Regional: Germany --
# board of hacc e.V.
"vorstand@hacc.space" =
[ "raphael@hacc.space" "schweby@hacc.space" "zauberberg@hacc.space" ];
[ "raphael@hacc.space" "moira@hacc.space" "zauberberg@hacc.space" ];
# members of hacc e.V.
"mitglieder@hacc.space" = [
"hexchen@hacc.space"
"raphael@hacc.space"
"schweby@hacc.space"
"moira@hacc.space"
"zauberberg@hacc.space"
"lenny@hacc.space"
"octycs@hacc.space"
@ -123,7 +123,7 @@
"hexchen@hacc.space"
"octycs@hacc.space"
"raphael@hacc.space"
"schweby@hacc.space"
"moira@hacc.space"
"zauberberg@hacc.space"
"stuebinm@hacc.space"
"lenny@hacc.space"

View file

@ -7,10 +7,6 @@
configDir = "/persist/var/lib/syncthing/";
dataDir = "/persist/data/syncthing/";
devices = {
schweby = {
addresses = []; # empty = dynamic
id = "YF7DNNS-B63GERK-YFQ7G7Q-2DG7557-VIWFOTK-R3JOS63-T76POBQ-F6MO6AH";
};
raphael-laptop = {
addresses = []; # empty = dynamic
id = "72B3T74-NOMJV3X-EVJXTJF-5GGAEZB-ZDKBHXQ-VQNRYEU-YCPA2JP-L6NGAAG";
@ -25,7 +21,7 @@
folders = {
"/persist/data/syncthing/hacc/" = {
id = "qt2ly-xvvvs";
devices = [ "schweby" "conway" "raphael-laptop"];
devices = [ "conway" "raphael-laptop"];
type = "receiveonly";
versioning = {
type = "simple";
@ -34,7 +30,7 @@
};
"/persist/data/syncthing/hacc_eV_vorstand/" = {
id = "twwt7-fxrsr";
devices = [ "schweby" "conway" "raphael-laptop"];
devices = [ "conway" "raphael-laptop"];
# type = "receiveencrypted"; # no yet implemented
};
};

View file

@ -402,7 +402,7 @@ registered at the local court Munich VR 208921
<ul>
<li>raphael or rw</li>
<li>zauberberg</li>
<li>schweby</li>
<li>moira</li>
</ul
</li>
<li><a href="https://gitlab.infra4future.de/hacc/verein/satzung">Satzung</a> (statutes)</li>