From 77d76253155ef0c2db4e6d32bec264e40433da6d Mon Sep 17 00:00:00 2001
From: moira
Date: Sat, 24 Sep 2022 17:29:42 +0200
Subject: [PATCH 1/2] remove gitlab
---
hosts/parsons/configuration.nix | 2 -
services/gitlab-runner.nix | 64 -------------
services/gitlab.nix | 165 --------------------------------
3 files changed, 231 deletions(-)
delete mode 100644 services/gitlab-runner.nix
delete mode 100644 services/gitlab.nix
diff --git a/hosts/parsons/configuration.nix b/hosts/parsons/configuration.nix
index c8aef57..738b83d 100644
--- a/hosts/parsons/configuration.nix
+++ b/hosts/parsons/configuration.nix
@@ -16,10 +16,8 @@
../../services/hedgedoc-i4f.nix
../../services/mail.nix
../../services/syncthing.nix
- ../../services/gitlab.nix
../../services/gitea.nix
../../services/nginx-pages.nix
- ../../services/gitlab-runner.nix
../../services/lantifa.nix
../../services/vaultwarden.nix
../../services/uffd.nix
diff --git a/services/gitlab-runner.nix b/services/gitlab-runner.nix
deleted file mode 100644
index 6a467d6..0000000
--- a/services/gitlab-runner.nix
+++ /dev/null
@@ -1,64 +0,0 @@
-{config, pkgs, lib, ...}:
-
-{
- services.gitlab-runner = {
- enable = true;
- concurrent = 4;
- services = {
- infra4future = {
- buildsDir = "/persist/var/lib/gitlab-runner/builds";
- dockerImage = "nixos/nix";
- executor = "docker";
- registrationConfigFile = "/persist/var/lib/gitlab-runner/gitlab-runner.env";
- };
- nix = {
- limit = 1; # don't run multiple jobs
- registrationConfigFile = "/persist/var/lib/gitlab-runner/gitlab-runner.env";
- dockerImage = "alpine";
- dockerVolumes = [
- "/nix/store:/nix/store:ro"
- "/nix/var/nix/db:/nix/var/nix/db:ro"
- "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
- ];
- dockerDisableCache = true;
- preBuildScript = pkgs.writeScript "setup-container" ''
- mkdir -p -m 0755 /nix/var/log/nix/drvs
- mkdir -p -m 0755 /nix/var/nix/gcroots
- mkdir -p -m 0755 /nix/var/nix/profiles
- mkdir -p -m 0755 /nix/var/nix/temproots
- mkdir -p -m 0755 /nix/var/nix/userpool
- mkdir -p -m 1777 /nix/var/nix/gcroots/per-user
- mkdir -p -m 1777 /nix/var/nix/profiles/per-user
- mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
- mkdir -p -m 0700 "$HOME/.nix-defexpr"
- . ${pkgs.nix}/etc/profile.d/nix.sh
- ${pkgs.nix}/bin/nix-env -i ${lib.concatStringsSep " " (with pkgs; [ nix cacert git openssh ])}
- ${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixpkgs-unstable
- ${pkgs.nix}/bin/nix-channel --update nixpkgs
- '';
- environmentVariables = {
- ENV = "/etc/profile";
- USER = "root";
- NIX_REMOTE = "daemon";
- PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin";
- NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
- };
- tagList = [ "nix" ];
- };
- };
- };
-
- systemd.services.gitlab-runner.serviceConfig = {
- DynamicUser = lib.mkForce false;
- User = "gitlab-runner";
- };
-
- users.users.gitlab-runner = {
- home = "/persist/var/lib/gitlab-runner";
- extraGroups = [ "docker" ];
- isSystemUser = true;
- group = "nogroup";
- };
-
- virtualisation.docker.storageDriver = "zfs";
-}
diff --git a/services/gitlab.nix b/services/gitlab.nix
deleted file mode 100644
index 8a2c708..0000000
--- a/services/gitlab.nix
+++ /dev/null
@@ -1,165 +0,0 @@
-{config, pkgs, lib, profiles, modules, evalConfig, sources, ...}:
-
-{
- containers.gitlab = {
- autoStart = true;
- privateNetwork = true;
- hostAddress = "192.168.100.1";
- localAddress = "192.168.100.7";
-
- bindMounts = {
- "/persist" = {
- hostPath = "/persist/containers/gitlab";
- isReadOnly = false;
- };
- };
-
- path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
- boot.isContainer = true;
- networking.useDHCP = false;
- users.users.root.hashedPassword = "";
-
- imports = [
- ../modules/mattermost.nix
- ((import sources.nix-hexchen) {}).profiles.nopersist
- ];
-
- nixpkgs.config.allowUnfree = true;
- networking.firewall.enable = false;
- networking.defaultGateway = {
- address = "192.168.100.1";
- interface = "eth0";
- };
-
- services.gitlab = {
- enable = true;
-
- databaseCreateLocally = true;
-
- host = "gitlab.infra4future.de";
- https = true;
- port = 443;
-
- statePath = "/persist/gitlab";
- user = "git";
- databaseUsername = "git";
-
- initialRootPasswordFile = "/persist/secrets/gitlab-root";
- secrets.secretFile = "/persist/secrets/gitlab-secret";
- secrets.dbFile = "/persist/secrets/gitlab-db";
- secrets.otpFile = "/persist/secrets/gitlab-otp";
- secrets.jwsFile = "/persist/secrets/gitlab-jws";
-
- smtp = {
- enable = true;
- address = "mail.hacc.space";
- port = 587;
- authentication = "plain";
- domain = "gitlab.infra4future.de";
- enableStartTLSAuto = true;
- username = "noreply@infra4future.de";
- passwordFile = "/persist/secrets/noreply-pass";
- };
-
- pagesExtraArgs = [ "-listen-proxy" "0.0.0.0:8090" ];
- extraConfig = {
- pages = {
- enabled = true;
- host = "4future.dev";
- port = 443;
- https = true;
- };
- omniauth = {
- enabled = true;
- auto_sign_in_with_provider = "oauth2_generic";
- allow_single_sign_on = ["oauth2_generic"];
- block_auto_created_users = false;
- providers = [
- {
- name = "oauth2_generic";
- label = "infra4future Login";
- app_id = "gitlab";
- app_secret = { _secret = "/persist/secrets/oidc-clientsecret"; };
- args = {
- client_options = {
- site = "https://login.infra4future.de";
- user_info_url = "/oauth2/userinfo";
- authorize_url = "/oauth2/authorize";
- token_url = "/oauth2/token";
- };
- strategy_class ="OmniAuth::Strategies::OAuth2Generic";
- };
- }
- ];
- };
- };
- };
-
- services.redis.enable = true;
- services.postgresql.package = pkgs.postgresql_13;
-
- services.nginx = {
- enable = true;
- recommendedGzipSettings = true;
- recommendedOptimisation = true;
- recommendedTlsSettings = true;
- virtualHosts."gitlab.infra4future.de" = {
- default = true;
- locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
- locations."/".extraConfig = ''
- proxy_redirect off;
- '';
- };
- };
-
- services.openssh.enable = true;
- services.openssh.passwordAuthentication = false;
-
- users.users.git = {
- isSystemUser = true;
- group = "gitlab";
- home = "/persist/gitlab/home";
- uid = 165;
- };
-
- services.coredns = {
- enable = true;
- config = ''
- .:53 {
- forward . 1.1.1.1
- }
- '';
- };
- })).config.system.build.toplevel;
- };
-
- # hexchen.nftables.nat.forwardPorts = [{
- # ports = [ 22 ];
- # destination = "${config.containers.gitlab.localAddress}:22";
- # proto = "tcp";
- # }];
-
- services.nginx.virtualHosts."gitlab.infra4future.de" = {
- locations."/".proxyPass = "http://${config.containers.gitlab.localAddress}:80";
- locations."/".extraConfig = ''
- proxy_set_header X-Nginx-Proxy true;
- proxy_redirect off;
- '';
- enableACME = true;
- forceSSL = true;
- };
-
- services.nginx.virtualHosts."4future.dev" = {
- locations."/".proxyPass = "http://${config.containers.gitlab.localAddress}:8090";
- serverName = "~^((.*)\.)?4future\.dev$";
- useACMEHost = "4future.dev";
- forceSSL = true;
- };
-
- security.acme.certs."4future.dev" = {
- dnsProvider = "cloudflare";
- credentialsFile = "/var/lib/acme/cloudflare.pass";
- extraDomainNames = [ "*.4future.dev" ];
- group = config.services.nginx.group;
- };
-}
From f2c90e5601e6e9068f9ff7779b68b5acdb01dc68 Mon Sep 17 00:00:00 2001
From: stuebinm
Date: Sat, 24 Sep 2022 17:46:48 +0200
Subject: [PATCH 2/2] websites: remove mentions of gitlab.infra4future.de
(one remains for now, will do that later once anyone from students
for future says what to do in that case)
---
websites/hacc.earth/index.html | 6 +++---
websites/hacc.earth/index_de.html | 3 +--
websites/infra4future.de/nutzungsbedingungen.md | 2 +-
websites/muc.hacc.earth/index.html | 17 +++++++----------
4 files changed, 12 insertions(+), 16 deletions(-)
diff --git a/websites/hacc.earth/index.html b/websites/hacc.earth/index.html
index 01ee6dc..8abfd94 100644
--- a/websites/hacc.earth/index.html
+++ b/websites/hacc.earth/index.html
@@ -349,7 +349,7 @@
Regular meetings of the hacc e.V. , usually every 1st and 3rd Wednesday 7:30 p.m. at muCCC . At the moment we meet online on mumble.hacc.space .
Meetings of Klimanotstandbündnis in Siegen . See hacc group page.
- Propose changes to the hacc e.V. infrastructure. You can open an issue on our meta discussion repository or (if you are familiar with Nix) open a merge request on the nixfiles which control a growing part of our infrastructure. Or just ask us via one of hacc e.V. channels above.
+ Propose changes to the hacc e.V. infrastructure. You can open an issue or open a merge request on the nixfiles which control a growing part of our infrastructure. Or just ask us via one of hacc e.V. channels above.
Add you or your project to the hacc directory
@@ -438,7 +438,7 @@ Unfortunately conflicts led to a split between the local chapter Munich and CHT
About this page
The hacc e.V. runs this page (hacc.earth ) but not necessarily the linked projects. You can find more about our activities and involvements on our own page .
-Also the source of the page can be found here . As with the hacc e.V. infrastructure in general you are invited to make change requests or just contact us to ask for changes.
+Also the source of the page can be found here . As with the hacc e.V. infrastructure in general you are invited to make change requests or just contact us to ask for changes.
The hacc logo was designed by Creatives for Future .
@@ -451,7 +451,7 @@ The hacc logo was designed by Creatives
diff --git a/websites/hacc.earth/index_de.html b/websites/hacc.earth/index_de.html
index dc55ada..0f9b8d9 100644
--- a/websites/hacc.earth/index_de.html
+++ b/websites/hacc.earth/index_de.html
@@ -317,8 +317,7 @@
Regelmäßige Treffen von hacc in München , normalerweise jeden ersten und dritten Mittwoch im Monat um 19:00 Uhr beim muCCC . Im Moment treffen wir uns Online auf mumble.hacc.space .
Regelmäßige Treffen des Klimanotstandbündnis in Siegen . Jeden zweiten Sonntag, siehe hacc-Seite.
- Wenn du Vorschläge für Änderungen an unserer Infrastruktur hast, leg bitte einen Issue in unserem Meta-Diskussions-Repo an,
- oder (falls du Nix kennst) erstelle einen Merge Request auf die nixfiles , über die wir einen (größer werdenden) Teil unserer Server verwalten.
+ Wenn du Vorschläge für Änderungen an unserer Infrastruktur hast, leg bitte einen Issue oder erstelle einen Merge Request auf die nixfiles , über die wir einen (größer werdenden) Teil unserer Server verwalten.
diff --git a/websites/infra4future.de/nutzungsbedingungen.md b/websites/infra4future.de/nutzungsbedingungen.md
index ac1d214..cf0934f 100644
--- a/websites/infra4future.de/nutzungsbedingungen.md
+++ b/websites/infra4future.de/nutzungsbedingungen.md
@@ -16,7 +16,7 @@ title: Infra4future
1. Geltungsbereich der Nutzungsbedingungen
- (1) Diese Nutzungsbedingungen gelten für das Online-Angebot Infra4future, das im Internet unter cloud.infra4future.de, talk.infra4future.de, mattermost.infra4future.de, auth.infra4future.de, social.infra4future.de, gitlab.infra4future.de, survey.infra4future.de, live.infra4future.de, 4future.dev und discuss.infra4future.de abrufbar ist. Hierbei handelt es sich um eine Plattform, auf der Nutzer Profile anlegen können.
+ (1) Diese Nutzungsbedingungen gelten für das Online-Angebot Infra4future, das im Internet unter cloud.infra4future.de, talk.infra4future.de, mattermost.infra4future.de, login.infra4future.de, git.infra4future.de, 4future.dev und discuss.infra4future.de abrufbar ist. Hierbei handelt es sich um eine Plattform, auf der Nutzer Profile anlegen können.
(2) Sie können die derzeit gültigen Nutzungsbedingungen unter infra4future.de/nutzungsbedingungen.html abrufen und ausdrucken.
diff --git a/websites/muc.hacc.earth/index.html b/websites/muc.hacc.earth/index.html
index e386de9..a9aa0ba 100644
--- a/websites/muc.hacc.earth/index.html
+++ b/websites/muc.hacc.earth/index.html
@@ -300,14 +300,11 @@ Of course we also did and do support multiple events and groups in Munich and Ge
Regular meetings of the hacc e.V. , usually every 1st and 3rd Wednesday 7:30 p.m. at muCCC . At the moment we meet online on mumble.hacc.space .
Regular matinanence of the hacc e.V. infrastrucutre, usually the Wednesday after the regular meeting sometime in the evening. Normally coordinated on mumble.hacc.space .
- Help us running the hacc e.V. infrastructure like infra4future.de . You can open an issue on our meta discussion repository or (if you are familiar with Nix) open a merge request on the nixfiles which control a growing part of our infrastructure. Or just ask us via one of hacc e.V. channels above.
+ Help us running the hacc e.V. infrastructure like infra4future.de . You can open an issue or create a merge request on the nixfiles which control a growing part of our infrastructure. Or just ask us via one of hacc e.V. channels above.
Interested in streaming and recording? Get in contact with hacc-voc
-
- The hacc blog can always use input. It's based on zola . The source of our blog is here .
-
Use the wiki and add your project!
@@ -403,11 +400,11 @@ registered at the local court Munich VR 208921
raphael or rw
zauberberg
moira
-
- Satzung (statutes)
- Mitgliedsantrag (membership application)
- Vereinfachter Spendennachweis (simplified proof of donation)
+ Satzung (statutes)
+ Mitgliedsantrag (membership application)
+ Vereinfachter Spendennachweis (simplified proof of donation)
@@ -430,7 +427,7 @@ Germany
About this page
-The source of the page can be found here . As with the hacc e.V. infrastructure in general you are invited to make change requests or just contact us to ask for changes.
+The source of the page can be found here . As with the hacc e.V. infrastructure in general you are invited to make change requests or just contact us to ask for changes.
The hacc logo was designed by Creatives for Future .
@@ -443,7 +440,7 @@ The hacc logo was designed by Creatives