Merge branch 'main' into fix/mattermost
This commit is contained in:
commit
277f173b11
7 changed files with 12 additions and 247 deletions
|
@ -16,10 +16,8 @@
|
|||
../../services/hedgedoc-i4f.nix
|
||||
../../services/mail.nix
|
||||
../../services/syncthing.nix
|
||||
../../services/gitlab.nix
|
||||
../../services/gitea.nix
|
||||
../../services/nginx-pages.nix
|
||||
../../services/gitlab-runner.nix
|
||||
../../services/lantifa.nix
|
||||
../../services/vaultwarden.nix
|
||||
../../services/uffd.nix
|
||||
|
|
|
@ -1,64 +0,0 @@
|
|||
{config, pkgs, lib, ...}:
|
||||
|
||||
{
|
||||
services.gitlab-runner = {
|
||||
enable = true;
|
||||
concurrent = 4;
|
||||
services = {
|
||||
infra4future = {
|
||||
buildsDir = "/persist/var/lib/gitlab-runner/builds";
|
||||
dockerImage = "nixos/nix";
|
||||
executor = "docker";
|
||||
registrationConfigFile = "/persist/var/lib/gitlab-runner/gitlab-runner.env";
|
||||
};
|
||||
nix = {
|
||||
limit = 1; # don't run multiple jobs
|
||||
registrationConfigFile = "/persist/var/lib/gitlab-runner/gitlab-runner.env";
|
||||
dockerImage = "alpine";
|
||||
dockerVolumes = [
|
||||
"/nix/store:/nix/store:ro"
|
||||
"/nix/var/nix/db:/nix/var/nix/db:ro"
|
||||
"/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
|
||||
];
|
||||
dockerDisableCache = true;
|
||||
preBuildScript = pkgs.writeScript "setup-container" ''
|
||||
mkdir -p -m 0755 /nix/var/log/nix/drvs
|
||||
mkdir -p -m 0755 /nix/var/nix/gcroots
|
||||
mkdir -p -m 0755 /nix/var/nix/profiles
|
||||
mkdir -p -m 0755 /nix/var/nix/temproots
|
||||
mkdir -p -m 0755 /nix/var/nix/userpool
|
||||
mkdir -p -m 1777 /nix/var/nix/gcroots/per-user
|
||||
mkdir -p -m 1777 /nix/var/nix/profiles/per-user
|
||||
mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
|
||||
mkdir -p -m 0700 "$HOME/.nix-defexpr"
|
||||
. ${pkgs.nix}/etc/profile.d/nix.sh
|
||||
${pkgs.nix}/bin/nix-env -i ${lib.concatStringsSep " " (with pkgs; [ nix cacert git openssh ])}
|
||||
${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixpkgs-unstable
|
||||
${pkgs.nix}/bin/nix-channel --update nixpkgs
|
||||
'';
|
||||
environmentVariables = {
|
||||
ENV = "/etc/profile";
|
||||
USER = "root";
|
||||
NIX_REMOTE = "daemon";
|
||||
PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin";
|
||||
NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
|
||||
};
|
||||
tagList = [ "nix" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.gitlab-runner.serviceConfig = {
|
||||
DynamicUser = lib.mkForce false;
|
||||
User = "gitlab-runner";
|
||||
};
|
||||
|
||||
users.users.gitlab-runner = {
|
||||
home = "/persist/var/lib/gitlab-runner";
|
||||
extraGroups = [ "docker" ];
|
||||
isSystemUser = true;
|
||||
group = "nogroup";
|
||||
};
|
||||
|
||||
virtualisation.docker.storageDriver = "zfs";
|
||||
}
|
|
@ -1,165 +0,0 @@
|
|||
{config, pkgs, lib, profiles, modules, evalConfig, sources, ...}:
|
||||
|
||||
{
|
||||
containers.gitlab = {
|
||||
autoStart = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "192.168.100.1";
|
||||
localAddress = "192.168.100.7";
|
||||
|
||||
bindMounts = {
|
||||
"/persist" = {
|
||||
hostPath = "/persist/containers/gitlab";
|
||||
isReadOnly = false;
|
||||
};
|
||||
};
|
||||
|
||||
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
|
||||
boot.isContainer = true;
|
||||
networking.useDHCP = false;
|
||||
users.users.root.hashedPassword = "";
|
||||
|
||||
imports = [
|
||||
../modules/mattermost.nix
|
||||
((import sources.nix-hexchen) {}).profiles.nopersist
|
||||
];
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
networking.firewall.enable = false;
|
||||
networking.defaultGateway = {
|
||||
address = "192.168.100.1";
|
||||
interface = "eth0";
|
||||
};
|
||||
|
||||
services.gitlab = {
|
||||
enable = true;
|
||||
|
||||
databaseCreateLocally = true;
|
||||
|
||||
host = "gitlab.infra4future.de";
|
||||
https = true;
|
||||
port = 443;
|
||||
|
||||
statePath = "/persist/gitlab";
|
||||
user = "git";
|
||||
databaseUsername = "git";
|
||||
|
||||
initialRootPasswordFile = "/persist/secrets/gitlab-root";
|
||||
secrets.secretFile = "/persist/secrets/gitlab-secret";
|
||||
secrets.dbFile = "/persist/secrets/gitlab-db";
|
||||
secrets.otpFile = "/persist/secrets/gitlab-otp";
|
||||
secrets.jwsFile = "/persist/secrets/gitlab-jws";
|
||||
|
||||
smtp = {
|
||||
enable = true;
|
||||
address = "mail.hacc.space";
|
||||
port = 587;
|
||||
authentication = "plain";
|
||||
domain = "gitlab.infra4future.de";
|
||||
enableStartTLSAuto = true;
|
||||
username = "noreply@infra4future.de";
|
||||
passwordFile = "/persist/secrets/noreply-pass";
|
||||
};
|
||||
|
||||
pagesExtraArgs = [ "-listen-proxy" "0.0.0.0:8090" ];
|
||||
extraConfig = {
|
||||
pages = {
|
||||
enabled = true;
|
||||
host = "4future.dev";
|
||||
port = 443;
|
||||
https = true;
|
||||
};
|
||||
omniauth = {
|
||||
enabled = true;
|
||||
auto_sign_in_with_provider = "oauth2_generic";
|
||||
allow_single_sign_on = ["oauth2_generic"];
|
||||
block_auto_created_users = false;
|
||||
providers = [
|
||||
{
|
||||
name = "oauth2_generic";
|
||||
label = "infra4future Login";
|
||||
app_id = "gitlab";
|
||||
app_secret = { _secret = "/persist/secrets/oidc-clientsecret"; };
|
||||
args = {
|
||||
client_options = {
|
||||
site = "https://login.infra4future.de";
|
||||
user_info_url = "/oauth2/userinfo";
|
||||
authorize_url = "/oauth2/authorize";
|
||||
token_url = "/oauth2/token";
|
||||
};
|
||||
strategy_class ="OmniAuth::Strategies::OAuth2Generic";
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.redis.enable = true;
|
||||
services.postgresql.package = pkgs.postgresql_13;
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedTlsSettings = true;
|
||||
virtualHosts."gitlab.infra4future.de" = {
|
||||
default = true;
|
||||
locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
|
||||
locations."/".extraConfig = ''
|
||||
proxy_redirect off;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
services.openssh.enable = true;
|
||||
services.openssh.passwordAuthentication = false;
|
||||
|
||||
users.users.git = {
|
||||
isSystemUser = true;
|
||||
group = "gitlab";
|
||||
home = "/persist/gitlab/home";
|
||||
uid = 165;
|
||||
};
|
||||
|
||||
services.coredns = {
|
||||
enable = true;
|
||||
config = ''
|
||||
.:53 {
|
||||
forward . 1.1.1.1
|
||||
}
|
||||
'';
|
||||
};
|
||||
})).config.system.build.toplevel;
|
||||
};
|
||||
|
||||
# hexchen.nftables.nat.forwardPorts = [{
|
||||
# ports = [ 22 ];
|
||||
# destination = "${config.containers.gitlab.localAddress}:22";
|
||||
# proto = "tcp";
|
||||
# }];
|
||||
|
||||
services.nginx.virtualHosts."gitlab.infra4future.de" = {
|
||||
locations."/".proxyPass = "http://${config.containers.gitlab.localAddress}:80";
|
||||
locations."/".extraConfig = ''
|
||||
proxy_set_header X-Nginx-Proxy true;
|
||||
proxy_redirect off;
|
||||
'';
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."4future.dev" = {
|
||||
locations."/".proxyPass = "http://${config.containers.gitlab.localAddress}:8090";
|
||||
serverName = "~^((.*)\.)?4future\.dev$";
|
||||
useACMEHost = "4future.dev";
|
||||
forceSSL = true;
|
||||
};
|
||||
|
||||
security.acme.certs."4future.dev" = {
|
||||
dnsProvider = "cloudflare";
|
||||
credentialsFile = "/var/lib/acme/cloudflare.pass";
|
||||
extraDomainNames = [ "*.4future.dev" ];
|
||||
group = config.services.nginx.group;
|
||||
};
|
||||
}
|
|
@ -349,7 +349,7 @@
|
|||
<li>Regular meetings of the <a href="https://muc.hacc.earth">hacc e.V.</a>, usually every 1st and 3rd Wednesday 7:30 p.m. at <a href="https://muc.ccc.de/">muCCC</a>. At the moment we meet online on <a href="https://mumble.hacc.space/">mumble.hacc.space</a>.</li>
|
||||
<li>Meetings of <a href="https://hacc.uber.space/HACC/Europe/DE/NRW/Siegen">Klimanotstandbündnis in Siegen</a>. See hacc group page.</li>
|
||||
<li>
|
||||
Propose changes to the hacc e.V. infrastructure. You can open an issue on our <a href="https://gitlab.infra4future.de/hacc/infra/meta">meta discussion repository</a> or (if you are familiar with Nix) open a merge request <a href="https://gitlab.infra4future.de/hacc/infra/haccfiles">on the nixfiles</a> which control a growing part of our infrastructure. Or just ask us via one of hacc e.V. channels above.
|
||||
Propose changes to the hacc e.V. infrastructure. You can open an issue or open a merge request <a href="https://git.infra4future.de/hacc/haccfiles">on the nixfiles</a> which control a growing part of our infrastructure. Or just ask us via one of hacc e.V. channels above.
|
||||
</li>
|
||||
<li>
|
||||
Add you or your project to the <a href="https://e2h.totalism.org/e2h.php?_=hacc-directory#---_PROJECTS">hacc directory</a>
|
||||
|
@ -438,7 +438,7 @@ Unfortunately conflicts led to a split between the local chapter Munich and CHT
|
|||
<h1>About this page<span class="blink"></span></h1>
|
||||
<p>
|
||||
The hacc e.V. runs this page (<a href="https://hacc.earth">hacc.earth</a>) but not necessarily the linked projects. You can find more about our activities and involvements on our <a href="https://muc.hacc.earth">own page</a>.<br>
|
||||
Also the source of the page can be found <a href="https://gitlab.infra4future.de/hacc/infra4future/hacc.earth">here</a>. As with the hacc e.V. infrastructure in general you are invited to make change requests or just <a href="#contac">contact</a> us to ask for changes.
|
||||
Also the source of the page can be found <a href="https://git.infra4future.de/hacc/haccfiles/src/branch/main/websites/hacc.earth">here</a>. As with the hacc e.V. infrastructure in general you are invited to make change requests or just <a href="#contac">contact</a> us to ask for changes.
|
||||
</p>
|
||||
<p>
|
||||
The hacc logo was designed by <a href="https://creativesforfuture.de/">Creatives for Future</a>.
|
||||
|
@ -451,7 +451,7 @@ The hacc logo was designed by <a href="https://creativesforfuture.de/">Creatives
|
|||
</main>
|
||||
<footer class="content" style="z-index: 200">
|
||||
<div>
|
||||
<a href="https://gitlab.infra4future.de/hacc/infra4future/hacc.earth">Source of hacc.earth</a> •
|
||||
<a href="https://git.infra4future.de/hacc/haccfiles/src/branch/main/websites/hacc.earth">Source of hacc.earth</a> •
|
||||
<a href="#contact">Contact</a> •
|
||||
<a href="https://infra4future.de/impressum.html">Imprint</a>
|
||||
</div>
|
||||
|
|
|
@ -317,8 +317,7 @@
|
|||
<li>Regelmäßige Treffen von <a href="https://hacc.uber.space/HACC/Europe/DE/BY/Munich">hacc in München</a>, normalerweise jeden ersten und dritten Mittwoch im Monat um 19:00 Uhr beim <a href="https://muc.ccc.de/">muCCC</a>. Im Moment treffen wir uns Online auf <a href="https://mumble.hacc.space/">mumble.hacc.space</a>.</li>
|
||||
<li>Regelmäßige Treffen des <a href="https://hacc.uber.space/HACC/Europe/DE/NRW/Siegen">Klimanotstandbündnis in Siegen</a>. Jeden zweiten Sonntag, siehe hacc-Seite.</li>
|
||||
<li>
|
||||
Wenn du Vorschläge für Änderungen an unserer Infrastruktur hast, leg bitte einen Issue <a href="https://gitlab.infra4future.de/hacc/infra/meta">in unserem Meta-Diskussions-Repo</a> an,
|
||||
oder (falls du Nix kennst) erstelle einen Merge Request <a href="https://gitlab.infra4future.de/hacc/infra/haccfiles">auf die nixfiles</a>, über die wir einen (größer werdenden) Teil unserer Server verwalten.
|
||||
Wenn du Vorschläge für Änderungen an unserer Infrastruktur hast, leg bitte einen Issue oder erstelle einen Merge Request <a href="https://git.infra4future.de/hacc/haccfiles">auf die nixfiles</a>, über die wir einen (größer werdenden) Teil unserer Server verwalten.
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@ title: Infra4future
|
|||
|
||||
1. Geltungsbereich der Nutzungsbedingungen
|
||||
|
||||
(1) Diese Nutzungsbedingungen gelten für das Online-Angebot Infra4future, das im Internet unter cloud.infra4future.de, talk.infra4future.de, mattermost.infra4future.de, auth.infra4future.de, social.infra4future.de, gitlab.infra4future.de, survey.infra4future.de, live.infra4future.de, 4future.dev und discuss.infra4future.de abrufbar ist. Hierbei handelt es sich um eine Plattform, auf der Nutzer Profile anlegen können.
|
||||
(1) Diese Nutzungsbedingungen gelten für das Online-Angebot Infra4future, das im Internet unter cloud.infra4future.de, talk.infra4future.de, mattermost.infra4future.de, login.infra4future.de, git.infra4future.de, 4future.dev und discuss.infra4future.de abrufbar ist. Hierbei handelt es sich um eine Plattform, auf der Nutzer Profile anlegen können.
|
||||
|
||||
(2) Sie können die derzeit gültigen Nutzungsbedingungen unter infra4future.de/nutzungsbedingungen.html abrufen und ausdrucken.
|
||||
|
||||
|
|
|
@ -300,14 +300,11 @@ Of course we also did and do support multiple events and groups in Munich and Ge
|
|||
<ul>
|
||||
<li>Regular meetings of the <a href="https://muc.hacc.earth">hacc e.V.</a>, usually every 1st and 3rd Wednesday 7:30 p.m. at <a href="https://muc.ccc.de/">muCCC</a>. At the moment we meet online on <a href="https://mumble.hacc.space/">mumble.hacc.space</a>.</li>
|
||||
<li>Regular matinanence of the <a href="https://muc.hacc.earth">hacc e.V.</a> infrastrucutre, usually the Wednesday after the regular meeting sometime in the evening. Normally coordinated on <a href="https://mumble.hacc.space/">mumble.hacc.space</a>.</li>
|
||||
<li>Help us running the hacc e.V. infrastructure like <a href="https://infra4future.de">infra4future.de</a>. You can open an issue on our <a href="https://gitlab.infra4future.de/hacc/infra/meta">meta discussion repository</a> or (if you are familiar with Nix) open a merge request <a href="https://gitlab.infra4future.de/hacc/infra/haccfiles">on the nixfiles</a> which control a growing part of our infrastructure. Or just ask us via one of hacc e.V. channels above.
|
||||
<li>Help us running the hacc e.V. infrastructure like <a href="https://infra4future.de">infra4future.de</a>. You can open an issue or create a merge request <a href="https://git.infra4future.de/hacc/haccfiles">on the nixfiles</a> which control a growing part of our infrastructure. Or just ask us via one of hacc e.V. channels above.
|
||||
</li>
|
||||
<li>
|
||||
Interested in streaming and recording? Get in <a href="#contact">contact with hacc-voc</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="https://hacc.4future.dev/infra4future/blog-zola">The hacc blog</a> can always use input. It's based on <a href="https://getzola.org">zola</a>. The source of our blog is <a href="https://gitlab.infra4future.de/hacc/infra4future/blog-zola">here</a>.
|
||||
</li>
|
||||
<li>
|
||||
Use the <a href="https://hacc.wiki">wiki</a> and add your project!
|
||||
</li>
|
||||
|
@ -403,11 +400,11 @@ registered at the local court Munich VR 208921
|
|||
<li>raphael or rw</li>
|
||||
<li>zauberberg</li>
|
||||
<li>moira</li>
|
||||
</ul
|
||||
</ul>
|
||||
</li>
|
||||
<li><a href="https://gitlab.infra4future.de/hacc/verein/satzung">Satzung</a> (statutes)</li>
|
||||
<li><a href="https://gitlab.infra4future.de/hacc/verein/mitgliedsantrag">Mitgliedsantrag</a> (membership application)</li>
|
||||
<li><a href="https://gitlab.infra4future.de/hacc/verein/zuwendungen">Vereinfachter Spendennachweis</a> (simplified proof of donation)</li>
|
||||
<li><a href="https://git.infra4future.de/hacc/satzung">Satzung</a> (statutes)</li>
|
||||
<li><a href="https://git.infra4future.de/hacc/mitgliedsantrag">Mitgliedsantrag</a> (membership application)</li>
|
||||
<li><a href="https://git.infra4future.de/hacc/zuwendungen">Vereinfachter Spendennachweis</a> (simplified proof of donation)</li>
|
||||
</ul>
|
||||
</p>
|
||||
<p>
|
||||
|
@ -430,7 +427,7 @@ Germany<br>
|
|||
<div class="section">
|
||||
<h1>About this page<span class="blink"></span></h1>
|
||||
<p>
|
||||
The source of the page can be found <a href="https://gitlab.infra4future.de/hacc/infra4future/muc.hacc.earth">here</a>. As with the hacc e.V. infrastructure in general you are invited to make change requests or just <a href="#contac">contact</a> us to ask for changes.
|
||||
The source of the page can be found <a href="https://git.infra4future.de/hacc/haccfiles/src/branch/main/websites/muc.hacc.earth">here</a>. As with the hacc e.V. infrastructure in general you are invited to make change requests or just <a href="#contac">contact</a> us to ask for changes.
|
||||
</p>
|
||||
<p>
|
||||
The hacc logo was designed by <a href="https://creativesforfuture.de/">Creatives for Future</a>.
|
||||
|
@ -443,7 +440,7 @@ The hacc logo was designed by <a href="https://creativesforfuture.de/">Creatives
|
|||
</main>
|
||||
<footer class="content" style="z-index: 200">
|
||||
<div>
|
||||
<a href="https://gitlab.infra4future.de/hacc/infra4future/muc.hacc.earth">Source of muc.hacc.earth</a> •
|
||||
<a href="https://git.infra4future.de/hacc/haccfiles/src/branch/main/websites/muc.hacc.earth">Source of muc.hacc.earth</a> •
|
||||
<a href="#contact">Contact</a> •
|
||||
<a href="https://infra4future.de/impressum.html">Imprint</a>
|
||||
</div>
|
||||
|
|
Loading…
Reference in a new issue