Compare commits
169 commits
fix/deploy
...
main
Author | SHA1 | Date | |
---|---|---|---|
35853d56e2 | |||
41c914991a | |||
f2c90e5601 | |||
77d7625315 | |||
|
04272968d0 | ||
7e615e6daa | |||
82e70e0151 | |||
6bba15faae | |||
9bf75b9c3d | |||
83cda0f44a | |||
97459d8177 | |||
6aa06aed18 | |||
639410011e | |||
|
7db9dbb4c2 | ||
|
856cd79c37 | ||
3ea537459b | |||
f53cb24d2e | |||
45ceeef189 | |||
e246563f57 | |||
a1c5832a51 | |||
c854e10980 | |||
b5a68e09fd | |||
f9f1eee6fd | |||
|
db5865fff2 | ||
|
65ec0779b7 | ||
4b53211130 | |||
|
86b9d3113c | ||
|
39aaf2e0bb | ||
|
8021685ec8 | ||
8f413da05a | |||
e9d2630ea9 | |||
445a974f97 | |||
4eecd1bad4 | |||
|
430efbc0a5 | ||
|
3dc6b5e3e9 | ||
|
507a144165 | ||
|
7015386cd6 | ||
|
440076bae9 | ||
|
27cc65fb14 | ||
287cb84d82 | |||
|
3ee3c37ccb | ||
39bec9fbd0 | |||
5c85431847 | |||
|
2cf0119ec1 | ||
|
a92ae39d65 | ||
|
f1c3a2d082 | ||
|
93c13debe6 | ||
3e95d6c222 | |||
ca19774c9e | |||
032c49c375 | |||
4b71a216ba | |||
|
17d695c00b | ||
|
7815e32f9f | ||
99811b6711 | |||
1aebabe8a0 | |||
10942ca464 | |||
|
2d429492fe | ||
|
4bf804c025 | ||
|
8716f2b308 | ||
|
6de0b91beb | ||
9937d5ff94 | |||
4ff0bdf3ec | |||
676ba4fc31 | |||
|
569c5652f2 | ||
|
238c1b2c92 | ||
c2c0bd366a | |||
68afbe01b3 | |||
|
fa347008fa | ||
|
c21b1b8ddf | ||
|
02a64a6f31 | ||
b9aa3050d7 | |||
|
6f0d8a6af9 | ||
ad9c1f4481 | |||
f800057478 | |||
ae67b38304 | |||
eb07f34672 | |||
c08ca5f85f | |||
a7896e718f | |||
16245e830f | |||
|
9b38e5fba1 | ||
|
8c527ea552 | ||
|
b96a026565 | ||
|
ba60e3cf76 | ||
|
2a1e692522 | ||
|
af8b16117f | ||
|
bde7afa9ca | ||
928d44fb95 | |||
3ad6a0d2df | |||
|
277d4a1fa7 | ||
|
668a3fa4ee | ||
fccb150d3c | |||
|
e10545d1f8 | ||
6563e0ccfa | |||
|
5432503397 | ||
6d6a2aff67 | |||
|
144bd0d5f5 | ||
1b94984486 | |||
|
6a7e836d22 | ||
|
f78ae0e50a | ||
|
13567e0152 | ||
|
232a90aaf1 | ||
|
0652afa761 | ||
|
34eb8651d8 | ||
|
750b069420 | ||
|
939d7adbb6 | ||
|
09d6d6838d | ||
|
5138da6805 | ||
|
ad5d21cba5 | ||
|
f125de8342 | ||
56cbb7601b | |||
|
2044b77401 | ||
|
3c3e4c0c83 | ||
|
dbf8d74a24 | ||
|
f4089803ff | ||
|
e63af3984c | ||
|
35a563185d | ||
|
982546f73a | ||
|
b9eb988aa0 | ||
|
a113c05025 | ||
|
20398cf2c8 | ||
|
56ad0ed886 | ||
|
fd9e8941c7 | ||
|
95a0e9f04a | ||
|
41acbdd3e0 | ||
|
d367269e87 | ||
|
7dbc22929b | ||
|
35cd963f8c | ||
|
6121acabd7 | ||
|
275d3a16f0 | ||
|
69e49a0020 | ||
|
373926e33b | ||
|
7881b444ba | ||
|
cdeb52f808 | ||
|
f5579bc98e | ||
|
a5063ae960 | ||
|
632bf21200 | ||
|
76c9b07d56 | ||
|
172d0869b3 | ||
|
4b11dbf1d4 | ||
84ac81435e | |||
|
b23582a52f | ||
|
1c65805589 | ||
|
da7beff2fe | ||
|
3541d14c76 | ||
|
479d119b8b | ||
|
0b30d81d13 | ||
|
cf5062adfd | ||
|
cbeb0e86c1 | ||
|
d3e08e0247 | ||
2d0a5b9c22 | |||
20bafd66c5 | |||
|
2c0abd0cc4 | ||
32e13edee1 | |||
69f5448aa3 | |||
|
bfaa6a54ab | ||
|
04375f8152 | ||
|
725517a035 | ||
|
6a408db9c1 | ||
|
776c4d2f0f | ||
|
f6bf8c7c00 | ||
|
df6f0baa71 | ||
|
b092919a53 | ||
|
ab68332e2b | ||
|
d37899698c | ||
|
fec87aa59d | ||
|
378c79f93e | ||
|
e9eb76c2b5 | ||
|
8506265060 | ||
|
644c433809 |
|
@ -1,16 +1,9 @@
|
||||||
stages:
|
stages:
|
||||||
- build
|
- build
|
||||||
|
|
||||||
build-nixda:
|
build-parsons:
|
||||||
tags:
|
tags:
|
||||||
- nix
|
- nix
|
||||||
stage: build
|
stage: build
|
||||||
script:
|
script:
|
||||||
- nix-build -A deploy.nixda
|
- nix-build -A deploy.parsons
|
||||||
|
|
||||||
build-hainich:
|
|
||||||
tags:
|
|
||||||
- nix
|
|
||||||
stage: build
|
|
||||||
script:
|
|
||||||
- nix-build -A deploy.hainich
|
|
||||||
|
|
15
README.md
|
@ -10,6 +10,8 @@ welcome to hacc nixfiles (haccfiles). this is the code describing our nix-based
|
||||||
- `modules/`: home-grown modules for hacc-specific services
|
- `modules/`: home-grown modules for hacc-specific services
|
||||||
- `nix/`: sources files, managed with niv
|
- `nix/`: sources files, managed with niv
|
||||||
- `pkgs/`: packages we built and don't want to upstream
|
- `pkgs/`: packages we built and don't want to upstream
|
||||||
|
- `hosts/`: configuration.nix per host
|
||||||
|
- `services/`: all services we run; imported in appropriate host config
|
||||||
|
|
||||||
## working with the haccfiles
|
## working with the haccfiles
|
||||||
|
|
||||||
|
@ -20,6 +22,19 @@ nix build -f . deploy.$hostname && ./result switch
|
||||||
|
|
||||||
`$hostname` can be replaced with any hostname or group
|
`$hostname` can be replaced with any hostname or group
|
||||||
|
|
||||||
|
## I don't want to build this long dependency / want a cached version!
|
||||||
|
|
||||||
|
If it's still available on parsons from a previous deploy, do:
|
||||||
|
|
||||||
|
```shell
|
||||||
|
nix copy --from ssh://parsons /nix/store/...
|
||||||
|
```
|
||||||
|
|
||||||
|
Note: don't just copy the .drv file (which Nix complains about if it can't
|
||||||
|
build something), that's just the description of how to build it! If you
|
||||||
|
don't know the actual outpath, look in the .drv file (should start with
|
||||||
|
`Derive([("out","[the path you want]"...`)
|
||||||
|
|
||||||
## committing to haccfiles
|
## committing to haccfiles
|
||||||
- Golden Rule: DO NOT COMMIT TO MAIN
|
- Golden Rule: DO NOT COMMIT TO MAIN
|
||||||
- exceptions apply, if you are not sure where to commit, don't commit to main
|
- exceptions apply, if you are not sure where to commit, don't commit to main
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, modules, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
sources = import ../nix/sources.nix;
|
sources = import ../nix/sources.nix;
|
||||||
|
@ -7,10 +7,10 @@ in {
|
||||||
../modules
|
../modules
|
||||||
./users.nix
|
./users.nix
|
||||||
(sources.home-manager + "/nixos")
|
(sources.home-manager + "/nixos")
|
||||||
(sources.pbb-nixfiles + "/modules/nftables")
|
modules.network.nftables
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
|
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages;
|
||||||
boot.kernelParams = [ "quiet" ];
|
boot.kernelParams = [ "quiet" ];
|
||||||
|
|
||||||
networking.domain = lib.mkDefault "hacc.space";
|
networking.domain = lib.mkDefault "hacc.space";
|
||||||
|
@ -36,7 +36,6 @@ in {
|
||||||
security.sudo.wheelNeedsPassword = lib.mkDefault false;
|
security.sudo.wheelNeedsPassword = lib.mkDefault false;
|
||||||
|
|
||||||
i18n.defaultLocale = "en_IE.UTF-8";
|
i18n.defaultLocale = "en_IE.UTF-8";
|
||||||
time.timeZone = "UTC";
|
|
||||||
console = {
|
console = {
|
||||||
font = "Lat2-Terminus16";
|
font = "Lat2-Terminus16";
|
||||||
keyMap = "de";
|
keyMap = "de";
|
||||||
|
@ -45,8 +44,8 @@ in {
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
smartmontools lm_sensors htop tcpdump nload iftop
|
smartmontools lm_sensors htop tcpdump nload iftop
|
||||||
# bottom
|
bottom
|
||||||
ripgrep
|
ripgrep vgrep
|
||||||
git wget
|
git wget
|
||||||
kitty.terminfo
|
kitty.terminfo
|
||||||
rsync pv progress
|
rsync pv progress
|
||||||
|
@ -62,7 +61,7 @@ in {
|
||||||
socat
|
socat
|
||||||
tmux
|
tmux
|
||||||
gnupg
|
gnupg
|
||||||
vim
|
vim neovim
|
||||||
patchelf
|
patchelf
|
||||||
binutils
|
binutils
|
||||||
dnsutils
|
dnsutils
|
||||||
|
@ -70,6 +69,8 @@ in {
|
||||||
nmap
|
nmap
|
||||||
s-tui stress
|
s-tui stress
|
||||||
ffmpeg-full
|
ffmpeg-full
|
||||||
|
bat
|
||||||
|
niv
|
||||||
];
|
];
|
||||||
|
|
||||||
security.acme.email = "info+acme@hacc.space";
|
security.acme.email = "info+acme@hacc.space";
|
||||||
|
@ -77,7 +78,8 @@ in {
|
||||||
|
|
||||||
services.nginx.appendHttpConfig = ''
|
services.nginx.appendHttpConfig = ''
|
||||||
access_log off;
|
access_log off;
|
||||||
|
add_header Permissions-Policy "interest-cohort=()";
|
||||||
'';
|
'';
|
||||||
|
|
||||||
petabyte.nftables.enable = true;
|
networking.nftables.enable = true;
|
||||||
}
|
}
|
||||||
|
|
|
@ -48,13 +48,13 @@
|
||||||
packages = with pkgs; [ ffmpeg ];
|
packages = with pkgs; [ ffmpeg ];
|
||||||
};
|
};
|
||||||
|
|
||||||
schweby = {
|
moira = {
|
||||||
uid = 1004;
|
uid = 1004;
|
||||||
shell = pkgs.fish;
|
shell = pkgs.fish;
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
extraGroups = [ "wheel" "cdrom" ];
|
extraGroups = [ "wheel" "cdrom" ];
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL6JWi0MBDz0Zy4zjauQv28xYmHyapb8D4zeesq91LLE schweby@txsbcct"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJrcJRF71+XM5YZj+SaSiGcdVZ0IDxGBXIWssDtHiTtr moira_2022_06"
|
||||||
];
|
];
|
||||||
hashedPassword = "$6$zkAsaVdmIduqZxez$GY9aBlYeP41F0it/VbbZzLLLRQhHAbDdFsa3e/1GS9McTuSimMHODg6HqNVEH1zSqD3afhK/0UHfqbtF5qpi90";
|
hashedPassword = "$6$zkAsaVdmIduqZxez$GY9aBlYeP41F0it/VbbZzLLLRQhHAbDdFsa3e/1GS9McTuSimMHODg6HqNVEH1zSqD3afhK/0UHfqbtF5qpi90";
|
||||||
};
|
};
|
||||||
|
|
|
@ -2,6 +2,10 @@ rec {
|
||||||
sources = import ./nix/sources.nix;
|
sources = import ./nix/sources.nix;
|
||||||
pkgs = import ./pkgs {};
|
pkgs = import ./pkgs {};
|
||||||
inherit (pkgs) lib;
|
inherit (pkgs) lib;
|
||||||
inherit (import (sources.nix-hexchen + "/lib/hosts.nix") { inherit pkgs; hostsDir = ./hosts; commonImports = [./common]; pkgsPath = ./pkgs; }) hosts groups;
|
inherit (import (sources.nix-hexchen + "/lib/hosts.nix") {
|
||||||
|
inherit pkgs sources;
|
||||||
|
inherit ((import sources.nix-hexchen) {}) modules;
|
||||||
|
hostsDir = ./hosts; commonImports = [./common]; pkgsPath = ./pkgs;
|
||||||
|
}) hosts groups;
|
||||||
deploy = import (sources.nix-hexchen + "/lib/deploy.nix") { inherit pkgs hosts groups; };
|
deploy = import (sources.nix-hexchen + "/lib/deploy.nix") { inherit pkgs hosts groups; };
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,19 +7,21 @@
|
||||||
allowUnfree = true;
|
allowUnfree = true;
|
||||||
};
|
};
|
||||||
# boot.plymouth.splashBeforeUnlock = true;
|
# boot.plymouth.splashBeforeUnlock = true;
|
||||||
users.users.schweby.packages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
pulsemixer pavucontrol
|
pulsemixer pavucontrol
|
||||||
firefox git kitty j4-dmenu-desktop bemenu
|
firefox kitty j4-dmenu-desktop bemenu
|
||||||
breeze-qt5 mako
|
breeze-qt5 mako
|
||||||
mpv youtube-dl
|
mpv youtube-dl
|
||||||
wl-clipboard mumble
|
wl-clipboard mumble
|
||||||
xdg_utils
|
xdg_utils
|
||||||
slurp grim libnotify
|
slurp grim libnotify
|
||||||
_1password-gui
|
_1password-gui
|
||||||
|
gimp
|
||||||
# gnome3.nautilus
|
# gnome3.nautilus
|
||||||
] ++ (with pkgs; [ alacritty picom feh copyq polybar cinnamon.nemo rofi arandr notepadqq nomacs bat ]);
|
] ++ (with pkgs; [ alacritty picom feh copyq polybar cinnamon.nemo rofi arandr notepadqq nomacs imv gthumb ]);
|
||||||
|
|
||||||
sound.enable = true;
|
sound.enable = true;
|
||||||
|
time.timeZone = "Europe/Berlin";
|
||||||
hardware.pulseaudio = {
|
hardware.pulseaudio = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.pulseaudioFull;
|
package = pkgs.pulseaudioFull;
|
||||||
|
|
|
@ -1,138 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
../../common
|
|
||||||
./encboot.nix
|
|
||||||
./hardware.nix
|
|
||||||
./services/murmur.nix
|
|
||||||
./services/mail.nix
|
|
||||||
./services/codimd.nix
|
|
||||||
../../common
|
|
||||||
# ./wireguard.nix
|
|
||||||
./services/nginx.nix
|
|
||||||
# ./k8s.nix
|
|
||||||
./services/docker.nix
|
|
||||||
./services/gitlab-runner.nix
|
|
||||||
./services/lantifa.nix
|
|
||||||
./services/syncthing.nix
|
|
||||||
./services/monitoring.nix
|
|
||||||
./services/workadventure.nix
|
|
||||||
./services/minecraft.nix
|
|
||||||
./services/mattermost.nix
|
|
||||||
];
|
|
||||||
boot.loader.grub.enable = true;
|
|
||||||
boot.loader.grub.version = 2;
|
|
||||||
boot.loader.grub.device = "/dev/sda";
|
|
||||||
boot.supportedFilesystems = [ "zfs" ];
|
|
||||||
|
|
||||||
# stop *something* from loading ip_tables and breaking nftables
|
|
||||||
boot.blacklistedKernelModules = [ "ip_tables" "ip6_tables" "x_tables"];
|
|
||||||
|
|
||||||
|
|
||||||
# networking
|
|
||||||
networking.hostName = "hainich";
|
|
||||||
networking.hostId = "8a58cb2f";
|
|
||||||
networking.useDHCP = true;
|
|
||||||
networking.interfaces.enp6s0.ipv4.addresses = [
|
|
||||||
{
|
|
||||||
address = "46.4.63.148";
|
|
||||||
prefixLength = 27;
|
|
||||||
}
|
|
||||||
|
|
||||||
{
|
|
||||||
address = "46.4.63.158";
|
|
||||||
prefixLength = 27;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
networking.interfaces.enp6s0.ipv6.addresses = [ {
|
|
||||||
address = "2a01:4f8:140:84c9::1";
|
|
||||||
prefixLength = 64;
|
|
||||||
} ];
|
|
||||||
networking.defaultGateway = "46.4.63.129";
|
|
||||||
networking.nameservers = [
|
|
||||||
"1.1.1.1" "1.0.0.1"
|
|
||||||
"2606:4700:4700::1111" "2606:4700:4700::1001"
|
|
||||||
];
|
|
||||||
networking.defaultGateway6 = {
|
|
||||||
address = "fe80::1";
|
|
||||||
interface = "enp6s0";
|
|
||||||
};
|
|
||||||
|
|
||||||
hacc.nftables.nat.enable = true;
|
|
||||||
networking.nat.internalInterfaces = ["ve-+"];
|
|
||||||
networking.nat.internalIPs = [ "192.168.100.0/24" "172.17.0.0/16" ];
|
|
||||||
networking.nat.externalInterface = "enp6s0";
|
|
||||||
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 22 80 443 ];
|
|
||||||
# networking.firewall.allowedUDPPorts = [ ... ];
|
|
||||||
# networking.firewall.enable = false;
|
|
||||||
|
|
||||||
# misc
|
|
||||||
time.timeZone = "UTC";
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
wget vim git
|
|
||||||
];
|
|
||||||
|
|
||||||
services.openssh.enable = true;
|
|
||||||
services.openssh.ports = [ 22 62954 ];
|
|
||||||
|
|
||||||
users.users.root = {
|
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL6JWi0MBDz0Zy4zjauQv28xYmHyapb8D4zeesq91LLE schweby@txsbcct"
|
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvmrk3i04tXfrSlZtHFbG3o6lQgh3ODMWmGDING4TJ4ctidexmMNY15IjVjzXZgQSET1uKLDLITiaPsii8vaWERZfjm3jjub845mpKkKv48nYdM0eCbv7n604CA3lwoB5ebRgULg4oGTi60rQ4trFf3iTkJfmiLsieFBZz7l+DfgeDEjDNSJcrkOggGBrjE5vBXoDimdkNh8kBNwgMDj1kPR/FHDqybSd5hohCJ5FzQg9vzl/x/H1rzJJKYPO4svSgHkYNkeoL84IZNeHom+UEHX0rw2qAIEN6AiHvNUJR38relvQYxbVdDSlaGN3g26H2ehsmolf+U0uQlRAXTHo0NbXNVYOfijFKL/jWxNfH0aRycf09Lu60oY54gkqS/J0GoQe/OGNq1Zy72DI+zAwEzyCGfSDbAgVF7Y3mU2HqcqGqNzu7Ade5oCbLmkT7yzDM3x6IsmT1tO8dYiT8Qv+zFAECkRpw3yDkJkPOxNKg10oM318whMTtM3yqntE90hk= schweby@taxusbaccata"
|
|
||||||
];
|
|
||||||
initialHashedPassword = "$6$F316njEF2$GMF4OmPSF6QgZ3P/DblQ/UFMgoo98bztbdw7X0ygvBGC1UMMIc13Vtxjd/ZGRYW/pEHACZZ7sbRZ48t6xhvO7/";
|
|
||||||
# shell = pkgs.fish;
|
|
||||||
};
|
|
||||||
|
|
||||||
# storage stuffs!
|
|
||||||
services.zfs = {
|
|
||||||
autoSnapshot = {
|
|
||||||
enable = true;
|
|
||||||
frequent = 12;
|
|
||||||
hourly = 18;
|
|
||||||
daily = 3;
|
|
||||||
weekly = 0;
|
|
||||||
monthly = 0;
|
|
||||||
};
|
|
||||||
autoScrub = {
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
boot.kernelPackages = pkgs.linuxPackages;
|
|
||||||
|
|
||||||
services.restic.backups.tardis = {
|
|
||||||
passwordFile = "/etc/restic/system";
|
|
||||||
s3CredentialsFile = "/etc/restic/system.s3creds";
|
|
||||||
paths = [
|
|
||||||
"/data"
|
|
||||||
"/home"
|
|
||||||
"/run/florinori"
|
|
||||||
"/var/lib/containers/codimd/var/lib/codimd"
|
|
||||||
"/var/lib/containers/codimd/var/backup/postgresql"
|
|
||||||
"/var/lib/containers/lantifa/var/lib/mediawiki"
|
|
||||||
"/var/lib/containers/lantifa/var/backup/mysql"
|
|
||||||
"/var/lib/murmur"
|
|
||||||
"/var/lib/syncthing"
|
|
||||||
];
|
|
||||||
pruneOpts = [
|
|
||||||
"--keep-daily 7"
|
|
||||||
"--keep-weekly 5"
|
|
||||||
"--keep-monthly 3"
|
|
||||||
];
|
|
||||||
repository = "b2:tardis-hainich:system";
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
|
||||||
# settings for stateful data, like file locations and database versions
|
|
||||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
|
||||||
# this value at the release version of the first install of this system.
|
|
||||||
# Before changing this value read the documentation for this option
|
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
|
||||||
system.stateVersion = "20.03"; # Did you read the comment?
|
|
||||||
}
|
|
|
@ -1,28 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
boot.initrd.kernelModules = [ "r8169" ]; # add network card driver
|
|
||||||
boot.kernelParams = ["ip=:::::enp6s0:dhcp"]; # enable dhcp on primary network interface
|
|
||||||
boot.initrd.network = {
|
|
||||||
enable = true;
|
|
||||||
ssh = {
|
|
||||||
enable = true;
|
|
||||||
port = 2222;
|
|
||||||
# TODO: Modify system config so that this works
|
|
||||||
# authorizedKeys = with lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else []) config.users.users);
|
|
||||||
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
|
|
||||||
hostKeys = [ /run/keys/ecdsa_host ];
|
|
||||||
};
|
|
||||||
# TODO: curl some webhook here to alert?
|
|
||||||
# possibly quite hard to do, we only have limited wget or netcat available
|
|
||||||
# how this all works:
|
|
||||||
# when someone logs in via ssh, they are prompted to unlock the zfs volume
|
|
||||||
# afterwards zfs is killed in order for the boot to progress
|
|
||||||
# timeout of 120s still applies afaik
|
|
||||||
postCommands = ''
|
|
||||||
zpool import zroot
|
|
||||||
zpool import dpool
|
|
||||||
echo "zfs load-key -a; killall zfs && exit" >> /root/.profile
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,52 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
boot.initrd.availableKernelModules = [ "uhci_hcd" "ahci" "sd_mod" ];
|
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
|
||||||
boot.extraModulePackages = [ ];
|
|
||||||
|
|
||||||
fileSystems."/" =
|
|
||||||
{ device = "zroot/root/nixos";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nix" =
|
|
||||||
{ device = "zroot/root/nixos/nix";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/home" =
|
|
||||||
{ device = "dpool/home";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/var/lib/containers" =
|
|
||||||
{ device = "dpool/containers";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/var/lib/docker" =
|
|
||||||
{ device = "dpool/docker";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/var/lib/gitlab-runner" =
|
|
||||||
{ device = "dpool/gitlab-runner";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/data" =
|
|
||||||
{ device = "dpool/data";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/boot" =
|
|
||||||
{ device = "/dev/disk/by-uuid/40125f55-7fe8-4850-902e-b4d6e22f0335";
|
|
||||||
fsType = "ext2";
|
|
||||||
};
|
|
||||||
|
|
||||||
swapDevices = [ ];
|
|
||||||
|
|
||||||
nix.maxJobs = lib.mkDefault 12;
|
|
||||||
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
|
|
||||||
}
|
|
|
@ -1,125 +0,0 @@
|
||||||
{ config, pkgs, ... }:
|
|
||||||
{
|
|
||||||
services.etcd = {
|
|
||||||
advertiseClientUrls = [
|
|
||||||
"https://[2a0d:eb04:8:10::1]:2379"
|
|
||||||
];
|
|
||||||
listenClientUrls = [
|
|
||||||
"https://[2a0d:eb04:8:10::1]:2379"
|
|
||||||
];
|
|
||||||
listenPeerUrls = [
|
|
||||||
"https://[::1]:2380"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
services.kubernetes = {
|
|
||||||
roles = [ "master" "node" ];
|
|
||||||
flannel.enable = false;
|
|
||||||
addons.dns = {
|
|
||||||
enable = true;
|
|
||||||
clusterIp = "2a0d:eb04:8:11::53";
|
|
||||||
reconcileMode = "EnsureExists";
|
|
||||||
};
|
|
||||||
pki.cfsslAPIExtraSANs = [ "hainich.hacc.space" ];
|
|
||||||
apiserver = {
|
|
||||||
advertiseAddress = "2a0d:eb04:8:10::1";
|
|
||||||
extraSANs = [
|
|
||||||
"2a0d:eb04:8:10::1" "2a0d:eb04:8:11::1" "hainich.hacc.space"
|
|
||||||
];
|
|
||||||
bindAddress = "::";
|
|
||||||
insecureBindAddress = "::1";
|
|
||||||
etcd = {
|
|
||||||
servers = [ "https://[2a0d:eb04:8:10::1]:2379" ];
|
|
||||||
};
|
|
||||||
serviceClusterIpRange = "2a0d:eb04:8:11::/120";
|
|
||||||
extraOpts = "--allow-privileged=true";
|
|
||||||
};
|
|
||||||
controllerManager = {
|
|
||||||
bindAddress = "::";
|
|
||||||
clusterCidr = "2a0d:eb04:8:12::/64";
|
|
||||||
};
|
|
||||||
kubelet = {
|
|
||||||
address = "::";
|
|
||||||
clusterDns = "2a0d:eb04:8:11::53";
|
|
||||||
};
|
|
||||||
proxy = {
|
|
||||||
bindAddress = "::";
|
|
||||||
};
|
|
||||||
scheduler = {
|
|
||||||
address = "::1" ;
|
|
||||||
};
|
|
||||||
apiserverAddress = "https://[2a0d:eb04:8:10::1]:6443";
|
|
||||||
clusterCidr = "2a0d:eb04:8:12::/64";
|
|
||||||
easyCerts = true;
|
|
||||||
masterAddress = "hainich.hacc.space";
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.firewall = {
|
|
||||||
allowedTCPPorts = [ 80 443 6443 ];
|
|
||||||
trustedInterfaces = [
|
|
||||||
"cbr0" "tunnat64"
|
|
||||||
];
|
|
||||||
extraCommands = ''
|
|
||||||
iptables -t nat -A POSTROUTING -o enp6s0 -j SNAT --to 46.4.63.158
|
|
||||||
iptables -A FORWARD -i tunnat64 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -t nat -A PREROUTING -p tcp -d 46.4.63.158 --dport 80 -j DNAT --to-destination 10.255.255.2:80
|
|
||||||
iptables -t nat -A PREROUTING -p tcp -d 46.4.63.158 --dport 443 -j DNAT --to-destination 10.255.255.2:443
|
|
||||||
iptables -t nat -A PREROUTING -p tcp -d 46.4.63.158 --dport 6443 -j DNAT --to-destination 10.255.255.1:443
|
|
||||||
|
|
||||||
ip6tables -A FORWARD -i tunnat64 -j ACCEPT
|
|
||||||
ip6tables -A INPUT -i tunnat64 -j ACCEPT
|
|
||||||
'';
|
|
||||||
extraStopCommands = ''
|
|
||||||
iptables -t nat -D POSTROUTING -o enp6s0 -j SNAT --to 46.4.63.158
|
|
||||||
iptables -D FORWARD -i tunnat64 -j ACCEPT
|
|
||||||
|
|
||||||
iptables -t nat -D PREROUTING -p tcp -d 46.4.63.158 --dport 80 -j DNAT --to-destination 10.255.255.2:80
|
|
||||||
iptables -t nat -D PREROUTING -p tcp -d 46.4.63.158 --dport 443 -j DNAT --to-destination 10.255.255.2:443
|
|
||||||
iptables -t nat -D PREROUTING -p tcp -d 46.4.63.158 --dport 6443 -j DNAT --to-destination 10.255.255.1:443
|
|
||||||
|
|
||||||
ip6tables -A FORWARD -i tunnat64 -j ACCEPT
|
|
||||||
ip6tables -A INPUT -i tunnat64 -j ACCEPT
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.tayga = (let
|
|
||||||
config = pkgs.writeText "tayga.conf" ''
|
|
||||||
tun-device tunnat64
|
|
||||||
ipv4-addr 10.255.255.254
|
|
||||||
prefix 2a0d:eb04:8:10:64::/96
|
|
||||||
dynamic-pool 10.255.255.0/24
|
|
||||||
map 10.255.255.1 2a0d:eb04:8:10::1
|
|
||||||
map 10.255.255.2 2a0d:eb04:8:11::2
|
|
||||||
strict-frag-hdr 1
|
|
||||||
'';
|
|
||||||
startScript = pkgs.writeScriptBin "tayga-start" ''
|
|
||||||
#! ${pkgs.runtimeShell} -e
|
|
||||||
${pkgs.iproute}/bin/ip link set up tunnat64 || true
|
|
||||||
${pkgs.iproute}/bin/ip route add 10.255.255.0/24 dev tunnat64 || true
|
|
||||||
${pkgs.iproute}/bin/ip -6 route add 2a0d:eb04:8:10:64::/96 dev tunnat64 || true
|
|
||||||
${pkgs.tayga}/bin/tayga -d --config ${config}
|
|
||||||
'';
|
|
||||||
in {
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
after = [ "network.target" ];
|
|
||||||
serviceConfig = {
|
|
||||||
ExecStart = ''${startScript}/bin/tayga-start'';
|
|
||||||
};
|
|
||||||
});
|
|
||||||
|
|
||||||
networking.interfaces.cbr0.ipv6.routes = [{
|
|
||||||
address = "2a0d:eb04:8:10::";
|
|
||||||
prefixLength = 60;
|
|
||||||
}];
|
|
||||||
|
|
||||||
networking.interfaces.tunnat64 = {
|
|
||||||
virtual = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
# openebs expects some stuff to be there.
|
|
||||||
system.activationScripts.openebs = ''
|
|
||||||
mkdir -p /usr/lib /usr/sbin
|
|
||||||
ln -sf ${pkgs.zfs.lib}/lib/* /usr/lib/
|
|
||||||
ln -sf ${pkgs.zfs}/bin/zfs /usr/sbin/
|
|
||||||
'';
|
|
||||||
}
|
|
|
@ -1,32 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
virtualisation.oci-containers.containers."ghost-waszumfff" = {
|
|
||||||
autoStart = true;
|
|
||||||
environment = {
|
|
||||||
url = "https://waszumfff.4future.dev";
|
|
||||||
};
|
|
||||||
image = "ghost:alpine";
|
|
||||||
ports = [ "127.0.0.1:2368:2368" ];
|
|
||||||
volumes = [ "/run/florinori:/var/lib/ghost/content" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/run/florinori" =
|
|
||||||
{ device = "dpool/k8s/florinori";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
services.nginx.virtualHosts."waszumfff.4future.dev" = {
|
|
||||||
enableACME = true;
|
|
||||||
forceSSL = true;
|
|
||||||
locations."/" = {
|
|
||||||
proxyPass = "http://127.0.0.1:2368";
|
|
||||||
extraConfig = "
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
proxy_set_header X-Forwarded-Host $http_host;
|
|
||||||
";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,63 +0,0 @@
|
||||||
{config, pkgs, lib, ...}:
|
|
||||||
|
|
||||||
{
|
|
||||||
services.gitlab-runner = {
|
|
||||||
enable = true;
|
|
||||||
concurrent = 4;
|
|
||||||
services = {
|
|
||||||
infra4future = {
|
|
||||||
buildsDir = "/var/lib/gitlab-runner/builds";
|
|
||||||
dockerImage = "nixos/nix";
|
|
||||||
executor = "docker";
|
|
||||||
registrationConfigFile = "/etc/gitlab-runner/gitlab-runner.env";
|
|
||||||
};
|
|
||||||
nix = {
|
|
||||||
limit = 1; # don't run multiple jobs
|
|
||||||
registrationConfigFile = "/etc/gitlab-runner/gitlab-runner.env";
|
|
||||||
dockerImage = "alpine";
|
|
||||||
dockerVolumes = [
|
|
||||||
"/nix/store:/nix/store:ro"
|
|
||||||
"/nix/var/nix/db:/nix/var/nix/db:ro"
|
|
||||||
"/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
|
|
||||||
];
|
|
||||||
dockerDisableCache = true;
|
|
||||||
preBuildScript = pkgs.writeScript "setup-container" ''
|
|
||||||
mkdir -p -m 0755 /nix/var/log/nix/drvs
|
|
||||||
mkdir -p -m 0755 /nix/var/nix/gcroots
|
|
||||||
mkdir -p -m 0755 /nix/var/nix/profiles
|
|
||||||
mkdir -p -m 0755 /nix/var/nix/temproots
|
|
||||||
mkdir -p -m 0755 /nix/var/nix/userpool
|
|
||||||
mkdir -p -m 1777 /nix/var/nix/gcroots/per-user
|
|
||||||
mkdir -p -m 1777 /nix/var/nix/profiles/per-user
|
|
||||||
mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
|
|
||||||
mkdir -p -m 0700 "$HOME/.nix-defexpr"
|
|
||||||
. ${pkgs.nix}/etc/profile.d/nix.sh
|
|
||||||
${pkgs.nix}/bin/nix-env -i ${lib.concatStringsSep " " (with pkgs; [ nix cacert git openssh ])}
|
|
||||||
${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixpkgs-unstable
|
|
||||||
${pkgs.nix}/bin/nix-channel --update nixpkgs
|
|
||||||
'';
|
|
||||||
environmentVariables = {
|
|
||||||
ENV = "/etc/profile";
|
|
||||||
USER = "root";
|
|
||||||
NIX_REMOTE = "daemon";
|
|
||||||
PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin";
|
|
||||||
NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
|
|
||||||
};
|
|
||||||
tagList = [ "nix" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.gitlab-runner.serviceConfig = {
|
|
||||||
DynamicUser = lib.mkForce false;
|
|
||||||
User = "gitlab-runner";
|
|
||||||
};
|
|
||||||
|
|
||||||
users.users.gitlab-runner = {
|
|
||||||
home = "/var/lib/gitlab-runner";
|
|
||||||
extraGroups = [ "docker" ];
|
|
||||||
isSystemUser = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
virtualisation.docker.storageDriver = "zfs";
|
|
||||||
}
|
|
|
@ -1,155 +0,0 @@
|
||||||
{ config, pkgs, lib, ... }:
|
|
||||||
|
|
||||||
let
|
|
||||||
sources = import ../../../nix/sources.nix;
|
|
||||||
in {
|
|
||||||
imports = [
|
|
||||||
sources.nixos-mailserver.outPath
|
|
||||||
];
|
|
||||||
|
|
||||||
mailserver = {
|
|
||||||
mailDirectory = "/data/mail";
|
|
||||||
enable = true;
|
|
||||||
fqdn = "mail.hacc.space";
|
|
||||||
domains = [ "hacc.space" "muc.hacc.space" "hacc.earth" "4future.dev" "4futu.re" "infra4future.de" "discuss.infra4future.de" ];
|
|
||||||
|
|
||||||
loginAccounts = {
|
|
||||||
"hexchen@hacc.space".hashedPassword = "$6$x9skYtRp4dgxC$1y8gPC2BuVqG3kJVSMGgzZv0Bg1T9qxcnBWLIDbANy1d//SQ23Y7s3IMYcEPd1/l/MYWD9Y/Qse6HbT5w5Xwq/";
|
|
||||||
"hexchen@hacc.space".aliases = [ "postmaster@hacc.space" "abuse@hacc.space" ];
|
|
||||||
|
|
||||||
"octycs@hacc.space".hashedPassword = "$6$KceTivtJ$58jxhYF6ULfivNsb3Z0J7PnGea0Hs2wTWh3c9FrKRIAmuOD96u2IDgZRCn6P5NrXA0BL.n6HC2RS3r.4JnOmg.";
|
|
||||||
"octycs@hacc.space".aliases = [ "markus@hacc.space" ];
|
|
||||||
|
|
||||||
"raphael@hacc.space".hashedPassword = "$6$QveHpwMcp9mkFVAU$EFuahOrJIxPg.c.WGFHtrP3.onwJYwvP7fiBHHGb9jhosewZ2tEUP.2D3uyDLhd9Cfny6Yp4jDk/Hkjk7/ME1/";
|
|
||||||
|
|
||||||
"schweby@hacc.space".hashedPassword = "$6$BpYhwcZNrkLhVqK$6FMqA/vUkdV4GBlHLSqS5DRCb/CaLDNeIsBcZ8G30heytS/tJj2Ag7b1ovSltTA4PUfhee3pJrz1BkwkA93vN1";
|
|
||||||
|
|
||||||
"zauberberg@hacc.space".hashedPassword = "$6$ISAaU8X6D$oGKe9WXDWrRpGzHUTdxrxdtg9zuGOlBMuDc82IZhegpsv1bqd550FhZZrI40IjZTA5Hy2MZ8j/0efpnQ4fOQH0";
|
|
||||||
"zauberberg@hacc.space".aliases = [ "lukas@hacc.space" ];
|
|
||||||
|
|
||||||
"stuebinm@hacc.space".hashedPassword = "$6$mjrMQG5smqLRlm$WzmbiZnGlEXGT7hj/n2qz0nvVzGyZfMToCyLRi0wErfVEHI7y7jtWoHqIWnpcHAM29UocsIFFsUCb3XqQCwwB.";
|
|
||||||
|
|
||||||
"lenny@hacc.space".hashedPassword = "$6$EZpv9XImv5F3$p2NSoo5gLxh6NnB3/C6wF8knRTuMHqDXYF3BEscaQuk7qok2Z13xKT/6mFvvSKKBnFCuYptgnfGswmoqIzm/1/";
|
|
||||||
"lenny@hacc.space".aliases = [ "rinderhacc@hacc.space" ];
|
|
||||||
|
|
||||||
# service accounts
|
|
||||||
"noreply@hacc.space".hashedPassword = "$6$YsqMoItITZUzI5wo$5Lejf8XBHRx4LW4VuZ9wJCiBbT4kOV/EZaCdWQ07eVIrkRTZwXWZ5zfsh.olXEFwvpNWN.DBnU.dQc.cC0/ra/";
|
|
||||||
"newsletter@hacc.space".hashedPassword = "$6$f0xKnQxBInd$zbVIi1lTKWauqW.c8sMNLHNwzn81oQrVOiIfJwPa98n9xWz/NkjuWLYuFpK.MSZwNwP7Yv/a/qaOb9v8qv/.N1";
|
|
||||||
"gitlab@infra4future.de".hashedPassword = "$6$8vvkYuxv$9xV5WktsqfgM3cWSxonjtaohm7oqvDC5qsgJCJBATwesjTRxd/QTLa7t7teK8Nzyl.Py26xz.NvYowCZQ4aBE1";
|
|
||||||
"noreply@infra4future.de".hashedPassword = "$6$uaD8bRcT1$gFqhFyu5RUsyUUOG5b.kN.JAJ1rVHvaYhpeRHoMvrERAMgBu1FHu2oDnjTsy.5NKoLc5xpI5uv4Gpy4YbmDmV.";
|
|
||||||
"discuss@infra4future.de".hashedPassword = "$6$8x8/OlMFjq1$S54jdBh7WjrdC6UtbYAHHzMJak7Ai/CjwmWBBbqh7yRHuZt.mfZrsfBNiL3JKBHE7seQ7JYRU99lJKCU6Aujg/";
|
|
||||||
};
|
|
||||||
|
|
||||||
extraVirtualAliases = {
|
|
||||||
# address = forward address;
|
|
||||||
|
|
||||||
# -- International --
|
|
||||||
# info/contact: main entrypoint, anyone can read or reply to this.
|
|
||||||
"info@hacc.space" = [
|
|
||||||
"hexchen@hacc.space"
|
|
||||||
"octycs@hacc.space"
|
|
||||||
"raphael@hacc.space"
|
|
||||||
"schweby@hacc.space"
|
|
||||||
"zauberberg@hacc.space"
|
|
||||||
"stuebinm@hacc.space"
|
|
||||||
"lenny@hacc.space"
|
|
||||||
];
|
|
||||||
# admin: current people with access to the mail server and knowledge on how to use it
|
|
||||||
"admin@hacc.space" = [
|
|
||||||
"hexchen@hacc.space"
|
|
||||||
"schweby@hacc.space"
|
|
||||||
"zauberberg@hacc.space"
|
|
||||||
];
|
|
||||||
# voc: hacc video operation center, various streaming-related things
|
|
||||||
"voc@hacc.space" = [
|
|
||||||
"hexchen@hacc.space"
|
|
||||||
"schweby@hacc.space"
|
|
||||||
"octycs@hacc.space"
|
|
||||||
"stuebinm@hacc.space"
|
|
||||||
"zauberberg@hacc.space"
|
|
||||||
"lenny@hacc.space"
|
|
||||||
];
|
|
||||||
|
|
||||||
# -- Regional: Germany --
|
|
||||||
# board of hacc e.V.
|
|
||||||
"vorstand@hacc.space" = [
|
|
||||||
"raphael@hacc.space"
|
|
||||||
"schweby@hacc.space"
|
|
||||||
"zauberberg@hacc.space"
|
|
||||||
];
|
|
||||||
# members of hacc e.V.
|
|
||||||
"mitglieder@hacc.space" = [
|
|
||||||
"hexchen@hacc.space"
|
|
||||||
"raphael@hacc.space"
|
|
||||||
"schweby@hacc.space"
|
|
||||||
"zauberberg@hacc.space"
|
|
||||||
"lenny@hacc.space"
|
|
||||||
"octycs@hacc.space"
|
|
||||||
];
|
|
||||||
|
|
||||||
# -- Regional: Munich --
|
|
||||||
"muc@hacc.space" = [
|
|
||||||
"hexchen@hacc.space"
|
|
||||||
"octycs@hacc.space"
|
|
||||||
"raphael@hacc.space"
|
|
||||||
"schweby@hacc.space"
|
|
||||||
"zauberberg@hacc.space"
|
|
||||||
"stuebinm@hacc.space"
|
|
||||||
"lenny@hacc.space"
|
|
||||||
];
|
|
||||||
|
|
||||||
# -- c3 world operation centre --
|
|
||||||
"world@muc.hacc.space" = [
|
|
||||||
"hexchen@hacc.space"
|
|
||||||
"stuebinm@hacc.space"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
|
|
||||||
# down nginx and opens port 80.
|
|
||||||
certificateScheme = 3;
|
|
||||||
|
|
||||||
# Enable IMAP and POP3
|
|
||||||
enableImap = true;
|
|
||||||
enablePop3 = true;
|
|
||||||
enableImapSsl = true;
|
|
||||||
enablePop3Ssl = true;
|
|
||||||
|
|
||||||
# Enable the ManageSieve protocol
|
|
||||||
enableManageSieve = true;
|
|
||||||
|
|
||||||
# whether to scan inbound emails for viruses (note that this requires at least
|
|
||||||
# 1 Gb RAM for the server. Without virus scanning 256 MB RAM should be plenty)
|
|
||||||
virusScanning = false;
|
|
||||||
};
|
|
||||||
services.postfix.submissionOptions.smtpd_sender_restrictions = "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
|
|
||||||
services.postfix.submissionsOptions.smtpd_sender_restrictions = "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
|
|
||||||
services.postfix.virtual = ''
|
|
||||||
@4future.dev @hacc.space
|
|
||||||
@4futu.re @hacc.space
|
|
||||||
@hacc.earth @hacc.space
|
|
||||||
@discuss.infra4future.de discuss@infra4future.de
|
|
||||||
admin@infra4future.de admin@hacc.space
|
|
||||||
noreply@infra4future.de admin@hacc.space
|
|
||||||
lukas@infra4future.de zauberberg@hacc.space
|
|
||||||
info@infra4future.de admin@hacc.space
|
|
||||||
postmaster@infra4future.de admin@hacc.space
|
|
||||||
voc@infra4future.de voc@hacc.space
|
|
||||||
haccvoc@infra4future.de voc@hacc.space
|
|
||||||
contact@hacc.space info@hacc.space
|
|
||||||
himmel@hacc.space admin@hacc.space
|
|
||||||
divoc-patches@muc.hacc.space world@muc.hacc.space
|
|
||||||
'';
|
|
||||||
|
|
||||||
systemd.services.alps = {
|
|
||||||
enable = true;
|
|
||||||
script = "${pkgs.alps}/bin/alps -theme alps imaps://mail.hacc.space:993 smtps://mail.hacc.space:465";
|
|
||||||
serviceConfig.WorkingDirectory = "${pkgs.alps}/share/alps";
|
|
||||||
};
|
|
||||||
|
|
||||||
services.nginx.virtualHosts."mail.hacc.space" = {
|
|
||||||
enableACME = true;
|
|
||||||
forceSSL = true;
|
|
||||||
locations."/".proxyPass = "http://[::1]:1323";
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,47 +0,0 @@
|
||||||
{pkgs, lib, config, ...}:
|
|
||||||
|
|
||||||
let
|
|
||||||
sources = import ../../../nix/sources.nix;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
|
||||||
networking.firewall.allowedTCPPorts = [ 25565 ];
|
|
||||||
|
|
||||||
services.minecraft-server = {
|
|
||||||
enable = true;
|
|
||||||
package = (pkgs.minecraft-server.overrideAttrs (old: rec {
|
|
||||||
version = "${sources.papermc.rev}-${sources.papermc.version}";
|
|
||||||
name = "papermc-${version}";
|
|
||||||
src = sources.papermc.outPath;
|
|
||||||
}));
|
|
||||||
declarative = true;
|
|
||||||
eula = true;
|
|
||||||
jvmOpts = "-Xmx1536M -Xms512M -XX:+UseG1GC -XX:+ParallelRefProcEnabled -XX:MaxGCPauseMillis=200 -XX:+UnlockExperimentalVMOptions -XX:+DisableExplicitGC -XX:+AlwaysPreTouch -XX:G1NewSizePercent=30 -XX:G1MaxNewSizePercent=40 -XX:G1HeapRegionSize=8M -XX:G1ReservePercent=20 -XX:G1HeapWastePercent=5 -XX:G1MixedGCCountTarget=4 -XX:InitiatingHeapOccupancyPercent=15 -XX:G1MixedGCLiveThresholdPercent=90 -XX:G1RSetUpdatingPauseTimePercent=5 -XX:SurvivorRatio=32 -XX:+PerfDisableSharedMem -XX:MaxTenuringThreshold=1 -Dusing.aikars.flags=https://mcflags.emc.gs -Daikars.new.flags=true";
|
|
||||||
|
|
||||||
serverProperties = {
|
|
||||||
server-port = "25565";
|
|
||||||
gamemode = "survival";
|
|
||||||
motd = "NixCraft4future";
|
|
||||||
max-players = "20";
|
|
||||||
whitelist = true;
|
|
||||||
force-gamemode = true;
|
|
||||||
difficulty = "easy";
|
|
||||||
allow-flight= false;
|
|
||||||
pvp = false;
|
|
||||||
enable-rcon = false;
|
|
||||||
};
|
|
||||||
|
|
||||||
whitelist = {
|
|
||||||
AaronPirt = "bbb8a319-a0fe-4b7a-bdcc-d7941a7fcfa8";
|
|
||||||
ACY2003 = "e6caedfb-95de-44b6-bea7-962e765f2b74";
|
|
||||||
Hexchen = "137ad280-856c-4f27-b258-b263d4e6863b";
|
|
||||||
laXDer = "98043845-8bac-4d38-a479-d116eea90356";
|
|
||||||
Naigh = "96dd9a77-2a65-415b-8d48-1f00e146dc42";
|
|
||||||
Schweby = "a5680c67-1a85-4a9b-81b6-a3a0b7b52467";
|
|
||||||
wolkenzebratopf = "34f47e5b-3f81-4639-ab6b-97be5e358054";
|
|
||||||
yan_min = "a2d1b6f2-1b58-4433-be67-f9872c4332f1";
|
|
||||||
Zauberberg = "4c59c4c3-f16b-4b7e-b707-9a176958e7cf";
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,42 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
services.prometheus = {
|
|
||||||
enable = true;
|
|
||||||
webExternalUrl = "https://stats.hacc.space";
|
|
||||||
exporters = {
|
|
||||||
dovecot = {
|
|
||||||
enable = true;
|
|
||||||
scopes = [ "user" "global" ];
|
|
||||||
socketPath = "/var/run/dovecot2/old-stats";
|
|
||||||
};
|
|
||||||
nginx.enable = true;
|
|
||||||
node.enable = true;
|
|
||||||
postfix = {
|
|
||||||
enable = true;
|
|
||||||
systemd.enable = true;
|
|
||||||
};
|
|
||||||
rspamd.enable = true;
|
|
||||||
};
|
|
||||||
scrapeConfigs = (lib.mapAttrsToList (name: val:
|
|
||||||
{
|
|
||||||
job_name = "${name}-${config.networking.hostName}";
|
|
||||||
static_configs = [{
|
|
||||||
targets = [ "localhost:${toString val.port}" ];
|
|
||||||
labels.host = config.networking.hostName;
|
|
||||||
}];
|
|
||||||
}
|
|
||||||
) (lib.filterAttrs (_: val: val.enable) config.services.prometheus.exporters));
|
|
||||||
};
|
|
||||||
|
|
||||||
services.dovecot2.extraConfig = ''
|
|
||||||
mail_plugins = $mail_plugins old_stats
|
|
||||||
service old-stats {
|
|
||||||
unix_listener old-stats {
|
|
||||||
user = dovecot-exporter
|
|
||||||
group = dovecot-exporter
|
|
||||||
}
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
services.nginx.statusPage = true;
|
|
||||||
}
|
|
|
@ -1,46 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
let
|
|
||||||
sources = import ../../../nix/sources.nix;
|
|
||||||
in
|
|
||||||
|
|
||||||
let
|
|
||||||
mumblesite = pkgs.stdenv.mkDerivation {
|
|
||||||
name = "mumble.hacc.space-website";
|
|
||||||
src = sources.mumble-website.outPath.outPath;
|
|
||||||
buildPhase = ''
|
|
||||||
${pkgs.jekyll.outPath}/bin/jekyll build
|
|
||||||
'';
|
|
||||||
installPhase = ''
|
|
||||||
mkdir -p $out
|
|
||||||
cp -r _site/* $out
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
in
|
|
||||||
{
|
|
||||||
services.murmur = {
|
|
||||||
enable = true;
|
|
||||||
logDays = -1;
|
|
||||||
welcometext = "Welcome to mumble4future! Brought to you by infra4future. The server is now reachable under mumble.hacc.space, please update your bookmarks.";
|
|
||||||
sslKey = "/var/lib/acme/mumble.hacc.space/key.pem";
|
|
||||||
sslCert = "/var/lib/acme/mumble.hacc.space/fullchain.pem";
|
|
||||||
bandwidth = 128000;
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ config.services.murmur.port ];
|
|
||||||
networking.firewall.allowedUDPPorts = [ config.services.murmur.port ];
|
|
||||||
|
|
||||||
services.nginx.virtualHosts =
|
|
||||||
let vhost = {
|
|
||||||
forceSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
root = mumblesite.outPath;
|
|
||||||
};
|
|
||||||
in {
|
|
||||||
"mumble.infra4future.de" = vhost;
|
|
||||||
"mumble.hacc.space" = vhost;
|
|
||||||
};
|
|
||||||
|
|
||||||
# set ACLs so that the murmur user can read the certificates
|
|
||||||
security.acme.certs."mumble.hacc.space".postRun = "setfacl -Rm u:murmur:rX /var/lib/acme/mumble.hacc.space";
|
|
||||||
}
|
|
|
@ -1,56 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
security.acme.acceptTerms = true;
|
|
||||||
security.acme.email = "info+acme@hacc.space";
|
|
||||||
services.nginx.enable = true;
|
|
||||||
services.nginx.package = pkgs.nginx.override {
|
|
||||||
modules = [ pkgs.nginxModules.rtmp ];
|
|
||||||
};
|
|
||||||
|
|
||||||
# services.nginx.recommendedProxySettings = true;
|
|
||||||
|
|
||||||
services.nginx.virtualHosts = let
|
|
||||||
in {
|
|
||||||
# let all empty subdomains pointing to hainich return 404
|
|
||||||
"hainich.hacc.space" = {
|
|
||||||
default = true;
|
|
||||||
locations."/".return = "404";
|
|
||||||
};
|
|
||||||
"hacc.space" = {
|
|
||||||
enableACME = true;
|
|
||||||
forceSSL = true;
|
|
||||||
locations."/".return = "301 https://hacc.earth";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 1935 ];
|
|
||||||
services.nginx = {
|
|
||||||
appendHttpConfig = ''
|
|
||||||
add_header Permissions-Policy "interest-cohort=()";
|
|
||||||
'';
|
|
||||||
appendConfig = ''
|
|
||||||
rtmp {
|
|
||||||
server {
|
|
||||||
listen 1935;
|
|
||||||
application cutiestream {
|
|
||||||
live on;
|
|
||||||
allow publish all;
|
|
||||||
allow play all;
|
|
||||||
}
|
|
||||||
application ingest {
|
|
||||||
live on;
|
|
||||||
|
|
||||||
record all;
|
|
||||||
record_path /data/ingest;
|
|
||||||
record_unique on;
|
|
||||||
|
|
||||||
# include /var/secrets/ingest.conf;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.nginx.serviceConfig.ReadWriteDirectories = "/data/ingest /var/secrets";
|
|
||||||
}
|
|
|
@ -1,53 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
{
|
|
||||||
services.syncthing = {
|
|
||||||
enable = true;
|
|
||||||
relay.enable = false;
|
|
||||||
openDefaultPorts = true;
|
|
||||||
declarative = {
|
|
||||||
devices = {
|
|
||||||
# schweby
|
|
||||||
txsbcct = {
|
|
||||||
addresses = []; # empty = dynamic
|
|
||||||
id = "AQHOPTO-X3LWJXZ-2SPLSEW-MCVMX3R-VSLPPYE-NIOTDMW-QOYRSDZ-2LR7RAD";
|
|
||||||
};
|
|
||||||
octycs = {
|
|
||||||
addresses = []; # empty = dynamic
|
|
||||||
id = "KIJVGWZ-GRXPAUX-ZOTZDLS-KUKANCC-A2IBZRM-BT3RZK7-5M43O6R-OZD5IQE";
|
|
||||||
};
|
|
||||||
stuebinm-desktop = {
|
|
||||||
addresses = []; # empty = dynamic
|
|
||||||
id = "CWZTKG7-F45LE2O-TIT6IBC-RQD6MLH-K5ECUGJ-LOHJXF3-I2F4R6I-JVMRLAJ";
|
|
||||||
};
|
|
||||||
raphael-laptop = {
|
|
||||||
addresses = []; # empty = dynamic
|
|
||||||
id = "72B3T74-NOMJV3X-EVJXTJF-5GGAEZB-ZDKBHXQ-VQNRYEU-YCPA2JP-L6NGAAG";
|
|
||||||
};
|
|
||||||
# zauberberg
|
|
||||||
conway = {
|
|
||||||
addresses = []; # empty = dynamic
|
|
||||||
id = "HV7IU2N-Q4W3A7F-BSASR43-OB575SM-47FY2UW-7N5GMFM-PX3LWRN-HXBXMQF";
|
|
||||||
};
|
|
||||||
# hexchen
|
|
||||||
storah = {
|
|
||||||
addresses = [ "tcp://46.4.62.95:22000" "quic://46.4.62.95:22000" ];
|
|
||||||
id = "SGHQ2JA-7FJ6CKM-N3I54R4-UOJC5KO-7W22O62-YLTF26F-S7DLZG4-ZLP7HAM";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
folders = {
|
|
||||||
"/var/lib/syncthing/hacc" = {
|
|
||||||
id = "qt2ly-xvvvs";
|
|
||||||
devices = [ "txsbcct" "octycs" "stuebinm-desktop" "conway" "raphael-laptop" "storah" ];
|
|
||||||
type = "receiveonly";
|
|
||||||
versioning = {
|
|
||||||
type = "simple";
|
|
||||||
params.keep = "10";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,102 +0,0 @@
|
||||||
{pkgs, lib, config, ...}:
|
|
||||||
|
|
||||||
let
|
|
||||||
sources = import ../../../nix/sources.nix {};
|
|
||||||
# why the double outPath? Dunno, just niv things …
|
|
||||||
workadventure-nix = sources.workadventure.outPath.outPath;
|
|
||||||
haccmap = sources.haccmap.outPath.outPath;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
# not the most intuitive of container names, but "workadventure" is too long
|
|
||||||
containers.wa-void = {
|
|
||||||
|
|
||||||
# we'll need the outer config to get the turn secret inside the container,
|
|
||||||
# and I'm feeling haskelly so config' it is!
|
|
||||||
config = let config' = config; in {config, pkgs, ...}: {
|
|
||||||
imports = [ workadventure-nix ];
|
|
||||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
|
||||||
|
|
||||||
services.workadventure."void.hacc.space" = {
|
|
||||||
packageset = (
|
|
||||||
import "${workadventure-nix}/wapkgs.nix" {
|
|
||||||
inherit pkgs lib;
|
|
||||||
}
|
|
||||||
).workadventure-xce;
|
|
||||||
|
|
||||||
nginx = {
|
|
||||||
default = true;
|
|
||||||
domain = "void.hacc.space";
|
|
||||||
maps = {
|
|
||||||
serve = true;
|
|
||||||
path = "${haccmap}/";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
frontend.startRoomUrl = "/_/global/void.hacc.space/maps/main.json";
|
|
||||||
|
|
||||||
commonConfig = {
|
|
||||||
webrtc.stun.url = "stun:turn.hacc.space:3478";
|
|
||||||
webrtc.turn = {
|
|
||||||
url = "turn:46.4.63.148";
|
|
||||||
user = "turn";
|
|
||||||
password = config'.services.coturn.static-auth-secret;
|
|
||||||
};
|
|
||||||
jitsi.url = "meet.ffmuc.net";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
privateNetwork = true;
|
|
||||||
hostAddress6 = "fd00::42:14";
|
|
||||||
localAddress6 = "fd00::42:16";
|
|
||||||
|
|
||||||
autoStart = true;
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
services.coturn = {
|
|
||||||
enable = true;
|
|
||||||
realm = "turn.hacc.space";
|
|
||||||
# this is a static "secret" that is also compiled into workadventure,
|
|
||||||
# so it seems ok to put it into the nix store
|
|
||||||
static-auth-secret = "990bc6fc68c720a9159f9c7613b2dcc3cc9ffb4f";
|
|
||||||
use-auth-secret = true;
|
|
||||||
no-cli = true;
|
|
||||||
no-tcp-relay = true;
|
|
||||||
|
|
||||||
cert = config.security.acme.certs."turn.hacc.space".directory + "full.pem";
|
|
||||||
pkey = config.security.acme.certs."turn.hacc.space".directory + "key.pem";
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
services.nginx = {
|
|
||||||
virtualHosts."void.hacc.space" = {
|
|
||||||
forceSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
locations."/" = {
|
|
||||||
proxyPass = "http://[${config.containers.wa-void.localAddress6}]";
|
|
||||||
proxyWebsockets = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
# this isn't actually needed, but acme requires a webserver to serve
|
|
||||||
# challanges, so I guess it's easier to just define a virtualHost here
|
|
||||||
virtualHosts."turn.hacc.space" = {
|
|
||||||
enableACME = true;
|
|
||||||
forceSSL = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
networking.firewall = with config.services.coturn;
|
|
||||||
let
|
|
||||||
ports = [ listening-port tls-listening-port ];
|
|
||||||
in {
|
|
||||||
allowedTCPPorts = [ 80 ] ++ ports;
|
|
||||||
allowedUDPPorts = ports;
|
|
||||||
allowedUDPPortRanges = [
|
|
||||||
{ from = min-port; to = max-port; }
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,34 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
{
|
|
||||||
systemd.services.wireguard-upstream = {
|
|
||||||
wants = [ "wg-upstream-key.service" ];
|
|
||||||
after = [ "wg-upstream-key.service" ];
|
|
||||||
};
|
|
||||||
networking.wireguard.interfaces.upstream = {
|
|
||||||
ips = [ "2a0d:eb04:8:ffff:2::2/128" ];
|
|
||||||
generatePrivateKeyFile = true;
|
|
||||||
privateKeyFile = "/etc/wireguard/upstream.key";
|
|
||||||
listenPort = 51820;
|
|
||||||
peers = [
|
|
||||||
{
|
|
||||||
allowedIPs = [ "::/0" ];
|
|
||||||
endpoint = "103.105.50.220:51823";
|
|
||||||
publicKey = "qL5xKnQ7xLbtTvu0VmLBwHExteJBhmCe5S/0ZoXBeXY=";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
postSetup = ''
|
|
||||||
${pkgs.iproute}/bin/ip addr del dev upstream 2a0d:eb04:8:ffff:2::2/128
|
|
||||||
${pkgs.iproute}/bin/ip addr add dev upstream 2a0d:eb04:8:ffff:2::2/128 peer 2a0d:eb04:8:ffff:2::1/128
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
networking.interfaces.lo.ipv6 = {
|
|
||||||
addresses = [{
|
|
||||||
address = "2a0d:eb04:8:10::1";
|
|
||||||
prefixLength = 128;
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
networking.defaultGateway6 = {
|
|
||||||
address = "2a0d:eb04:8:ffff:2::1";
|
|
||||||
interface = "upstream";
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
|
@ -25,14 +25,15 @@
|
||||||
|
|
||||||
networking.hostName = "nixda"; # Define your hostname.
|
networking.hostName = "nixda"; # Define your hostname.
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [ blackmagicDesktopVideo blender ];
|
environment.systemPackages = with pkgs; [ blackmagicDesktopVideo blender companion ];
|
||||||
|
|
||||||
networking.wg-quick.interfaces.cornbox = {
|
networking.wg-quick.interfaces.cornbox = {
|
||||||
privateKeyFile = "/etc/wireguard/cornbox.key";
|
privateKeyFile = "/etc/wireguard/cornbox.key";
|
||||||
address = [ "195.39.247.67/28" "2a0f:4ac0:1337::12/64" ];
|
address = [ "195.39.247.67/28" "2a0f:4ac0:1337::12/64" ];
|
||||||
postUp = "ip link set dev cornbox mtu 1400";
|
postUp = "/run/wrappers/bin/ping -c5 195.39.247.65";
|
||||||
peers = [
|
peers = [
|
||||||
{
|
{
|
||||||
|
persistentKeepalive = 25;
|
||||||
allowedIPs = [ "2a0f:4ac0:1337::/48" "195.39.247.64/27" ];
|
allowedIPs = [ "2a0f:4ac0:1337::/48" "195.39.247.64/27" ];
|
||||||
publicKey = "8IWyiQL3wKP9CD/4UdS9b8mcbL67mkUyeSPORgEPvV0=";
|
publicKey = "8IWyiQL3wKP9CD/4UdS9b8mcbL67mkUyeSPORgEPvV0=";
|
||||||
endpoint = "cornbox.hetzner.chaoswit.ch:51821";
|
endpoint = "cornbox.hetzner.chaoswit.ch:51821";
|
||||||
|
@ -40,6 +41,34 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.xserver = {
|
||||||
|
enable = true;
|
||||||
|
videoDrivers = [ "nvidia" ];
|
||||||
|
};
|
||||||
|
hardware.nvidia.modesetting.enable = true;
|
||||||
|
|
||||||
|
boot.kernelPackages = pkgs.linuxPackages;
|
||||||
|
boot.blacklistedKernelModules = [ "snd_blackmagic_io" ];
|
||||||
|
|
||||||
|
users.users.stream = {
|
||||||
|
isNormalUser = true;
|
||||||
|
password = "hacchacc";
|
||||||
|
extraGroups = [ "audio" "video" ];
|
||||||
|
openssh.authorizedKeys.keys = with pkgs.lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else []) config.users.users);
|
||||||
|
};
|
||||||
|
|
||||||
|
services.pipewire.enable = true;
|
||||||
|
services.pipewire.pulse.enable = true;
|
||||||
|
hardware.pulseaudio.enable = lib.mkForce false;
|
||||||
|
|
||||||
|
services.udev.extraRules = ''
|
||||||
|
SUBSYSTEM=="input", GROUP="input", MODE="0666"
|
||||||
|
SUBSYSTEM=="usb", ATTRS{idVendor}=="0fd9", ATTRS{idProduct}=="006?", MODE:="666", GROUP="plugdev"
|
||||||
|
KERNEL=="hidraw", ATTRS{idVendor}=="0fd9", ATTRS{idProduct}=="006?", MODE:="666", GROUP="plugdev"
|
||||||
|
SUBSYSTEM=="usb", ATTRS{idVendor}=="ffff", ATTRS{idProduct}=="1f4?", MODE:="666", GROUP="plugdev"
|
||||||
|
KERNEL=="hidraw", ATTRS{idVendor}=="ffff", ATTRS{idProduct}=="1f4?", MODE:="666", GROUP="plugdev"
|
||||||
|
'';
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
# settings for stateful data, like file locations and database versions
|
# settings for stateful data, like file locations and database versions
|
||||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
|
96
hosts/parsons/configuration.nix
Normal file
|
@ -0,0 +1,96 @@
|
||||||
|
{ config, lib, pkgs, sources, modules, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
../../common
|
||||||
|
./hardware.nix
|
||||||
|
modules.encboot
|
||||||
|
modules.network.nftables modules.nftnat
|
||||||
|
((import sources.nix-hexchen) {}).profiles.nopersist
|
||||||
|
|
||||||
|
../../services/nextcloud
|
||||||
|
../../services/mattermost.nix
|
||||||
|
../../services/thelounge.nix
|
||||||
|
../../services/murmur.nix
|
||||||
|
../../services/hedgedoc-hacc.nix
|
||||||
|
../../services/hedgedoc-i4f.nix
|
||||||
|
../../services/mail.nix
|
||||||
|
../../services/syncthing.nix
|
||||||
|
../../services/gitea.nix
|
||||||
|
../../services/nginx-pages.nix
|
||||||
|
../../services/lantifa.nix
|
||||||
|
../../services/vaultwarden.nix
|
||||||
|
../../services/uffd.nix
|
||||||
|
# ../../services/workadventure.nix
|
||||||
|
|
||||||
|
./lxc.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
hexchen.encboot = {
|
||||||
|
enable = true;
|
||||||
|
dataset = "-a";
|
||||||
|
networkDrivers = [ "igb" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.loader.grub.enable = true;
|
||||||
|
boot.loader.grub.version = 2;
|
||||||
|
boot.loader.grub.devices = [ "/dev/nvme0n1" "/dev/nvme1n1" ];
|
||||||
|
boot.supportedFilesystems = [ "zfs" ];
|
||||||
|
|
||||||
|
networking.hostId = "b2867696";
|
||||||
|
networking.useDHCP = true;
|
||||||
|
networking.nftables.enable = true;
|
||||||
|
hexchen.nftables.nat.enable = true;
|
||||||
|
networking.nat.internalInterfaces = ["ve-+"];
|
||||||
|
networking.nat.externalInterface = "enp35s0";
|
||||||
|
|
||||||
|
networking.interfaces.enp35s0.ipv6.addresses = [{
|
||||||
|
address = "2a01:4f9:3a:2ddb::1";
|
||||||
|
prefixLength = 64;
|
||||||
|
}];
|
||||||
|
networking.defaultGateway6 = {
|
||||||
|
address = "fe80::1";
|
||||||
|
interface = "enp35s0";
|
||||||
|
};
|
||||||
|
boot = {
|
||||||
|
kernelModules = [ "nf_nat_ftp" ];
|
||||||
|
kernel.sysctl = {
|
||||||
|
"net.ipv4.conf.all.forwarding" = lib.mkOverride 90 true;
|
||||||
|
"net.ipv4.conf.default.forwarding" = lib.mkOverride 90 true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
virtualHosts = {
|
||||||
|
"parsons.hacc.space" = {
|
||||||
|
default = true;
|
||||||
|
locations."/".return = "404";
|
||||||
|
};
|
||||||
|
"hacc.space" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
locations."/".return = "302 https://hacc.earth";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
|
||||||
|
services.restic.backups.tardis = {
|
||||||
|
passwordFile = "/persist/restic/system";
|
||||||
|
environmentFile = "/persist/restic/system.s3creds";
|
||||||
|
paths = [
|
||||||
|
"/home"
|
||||||
|
"/persist"
|
||||||
|
];
|
||||||
|
pruneOpts = [
|
||||||
|
"--keep-daily 7"
|
||||||
|
"--keep-weekly 5"
|
||||||
|
"--keep-monthly 3"
|
||||||
|
];
|
||||||
|
repository = "b2:tardis-parsons:system";
|
||||||
|
};
|
||||||
|
|
||||||
|
system.stateVersion = "21.05";
|
||||||
|
}
|
65
hosts/parsons/hardware.nix
Normal file
|
@ -0,0 +1,65 @@
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ "kvm-amd" ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{ device = "zroot/local/root";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" =
|
||||||
|
{ device = "/dev/disk/by-uuid/daf2a731-952f-45c7-9c25-49e1a2f56062";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/nix" =
|
||||||
|
{ device = "zroot/local/nix";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/persist" =
|
||||||
|
{ device = "zroot/safe/persist";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/home" =
|
||||||
|
{ device = "zroot/safe/home";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/root" =
|
||||||
|
{ device = "zroot/safe/root";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/var/cache/restic-backups-tardis" =
|
||||||
|
{ device = "zroot/safe/restic-cache";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/tmp" =
|
||||||
|
{ device = "zroot/local/tmp";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/persist/data" =
|
||||||
|
{ device = "dpool/safe/data";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/var/lib/docker" =
|
||||||
|
{ device = "zroot/local/docker";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [ ];
|
||||||
|
|
||||||
|
}
|
36
hosts/parsons/lxc.nix
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
networking.bridges.lxcbr0.interfaces = [];
|
||||||
|
networking.interfaces.lxcbr0.ipv4.addresses = [
|
||||||
|
{
|
||||||
|
address = "10.1.2.1";
|
||||||
|
prefixLength = 24;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
networking.nat.internalInterfaces = [ "lxcbr0" ];
|
||||||
|
|
||||||
|
virtualisation.lxc.enable = true;
|
||||||
|
virtualisation.lxc.systemConfig = ''
|
||||||
|
lxc.bdev.zfs.root = zroot/safe/containers/lxc
|
||||||
|
lxc.lxcpath = /persist/lxc
|
||||||
|
'';
|
||||||
|
|
||||||
|
users.users.root.subUidRanges = [{ count = 65536; startUid = 100000; }];
|
||||||
|
users.users.root.subGidRanges = [{ count = 65536; startGid = 100000; }];
|
||||||
|
|
||||||
|
environment.etc."lxc/share".source = "${pkgs.lxc}/share/lxc";
|
||||||
|
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."onlyoffice.infra4future.de" = {
|
||||||
|
locations."/".proxyPass = "http://10.1.2.233:80";
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."auth.infra4future.de" = {
|
||||||
|
locations."/".proxyPass = "http://10.1.2.104:8080";
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
};
|
||||||
|
}
|
|
@ -5,5 +5,12 @@ in {
|
||||||
imports = [
|
imports = [
|
||||||
./nftnat
|
./nftnat
|
||||||
./decklink.nix
|
./decklink.nix
|
||||||
|
./websites.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
# disabled since vaultwarden defines a dummy bitwarden_rs option that
|
||||||
|
# shows a deprication warning, which conflicts with this module
|
||||||
|
disabledModules = [
|
||||||
|
"services/security/bitwarden_rs/default.nix"
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,18 +6,12 @@ let
|
||||||
|
|
||||||
cfg = config.services.mattermost-patched;
|
cfg = config.services.mattermost-patched;
|
||||||
|
|
||||||
defaultConfig = builtins.fromJSON (builtins.replaceStrings [ "\\u0026" ] [ "&" ]
|
|
||||||
(readFile "${pkgs.mattermost}/config/config.json")
|
|
||||||
);
|
|
||||||
|
|
||||||
database = "postgres://${cfg.localDatabaseUser}:${cfg.localDatabasePassword}@localhost:5432/${cfg.localDatabaseName}?sslmode=disable&connect_timeout=10";
|
database = "postgres://${cfg.localDatabaseUser}:${cfg.localDatabasePassword}@localhost:5432/${cfg.localDatabaseName}?sslmode=disable&connect_timeout=10";
|
||||||
|
|
||||||
mattermostConf = foldl recursiveUpdate defaultConfig
|
mattermostConf = foldl recursiveUpdate {}
|
||||||
[ { ServiceSettings.SiteURL = cfg.siteUrl;
|
[ { ServiceSettings.SiteURL = cfg.siteUrl;
|
||||||
ServiceSettings.ListenAddress = cfg.listenAddress;
|
ServiceSettings.ListenAddress = cfg.listenAddress;
|
||||||
TeamSettings.SiteName = cfg.siteName;
|
TeamSettings.SiteName = cfg.siteName;
|
||||||
SqlSettings.DriverName = "postgres";
|
|
||||||
SqlSettings.DataSource = database;
|
|
||||||
}
|
}
|
||||||
cfg.extraConfig
|
cfg.extraConfig
|
||||||
];
|
];
|
||||||
|
@ -229,7 +223,7 @@ in
|
||||||
User = cfg.user;
|
User = cfg.user;
|
||||||
Group = cfg.group;
|
Group = cfg.group;
|
||||||
ExecStart = "${pkgs.mattermost}/bin/mattermost" +
|
ExecStart = "${pkgs.mattermost}/bin/mattermost" +
|
||||||
(lib.optionalString (!cfg.mutableConfig) " -c ${database}");
|
(if cfg.mutableConfig then " -c ${database}" else " -c ${cfg.statePath}/config/config.json");
|
||||||
WorkingDirectory = "${cfg.statePath}";
|
WorkingDirectory = "${cfg.statePath}";
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
RestartSec = "10";
|
RestartSec = "10";
|
||||||
|
|
755
modules/nextcloud.nix
Normal file
|
@ -0,0 +1,755 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.services.nextcloud-patched;
|
||||||
|
fpm = config.services.phpfpm.pools.nextcloud;
|
||||||
|
|
||||||
|
phpPackage =
|
||||||
|
let
|
||||||
|
base = pkgs.php74;
|
||||||
|
in
|
||||||
|
base.buildEnv {
|
||||||
|
extensions = { enabled, all }: with all;
|
||||||
|
enabled ++ [
|
||||||
|
apcu redis memcached imagick
|
||||||
|
];
|
||||||
|
extraConfig = phpOptionsStr;
|
||||||
|
};
|
||||||
|
|
||||||
|
toKeyValue = generators.toKeyValue {
|
||||||
|
mkKeyValue = generators.mkKeyValueDefault {} " = ";
|
||||||
|
};
|
||||||
|
|
||||||
|
phpOptions = {
|
||||||
|
upload_max_filesize = cfg.maxUploadSize;
|
||||||
|
post_max_size = cfg.maxUploadSize;
|
||||||
|
memory_limit = cfg.maxUploadSize;
|
||||||
|
} // cfg.phpOptions
|
||||||
|
// optionalAttrs cfg.caching.apcu {
|
||||||
|
"apc.enable_cli" = "1";
|
||||||
|
};
|
||||||
|
phpOptionsStr = toKeyValue phpOptions;
|
||||||
|
|
||||||
|
occ = pkgs.writeScriptBin "nextcloud-occ" ''
|
||||||
|
#! ${pkgs.runtimeShell}
|
||||||
|
cd ${cfg.package}
|
||||||
|
sudo=exec
|
||||||
|
if [[ "$USER" != nextcloud ]]; then
|
||||||
|
sudo='exec /run/wrappers/bin/sudo -u nextcloud --preserve-env=NEXTCLOUD_CONFIG_DIR --preserve-env=OC_PASS'
|
||||||
|
fi
|
||||||
|
export NEXTCLOUD_CONFIG_DIR="${cfg.home}/config"
|
||||||
|
$sudo \
|
||||||
|
${phpPackage}/bin/php \
|
||||||
|
occ $*
|
||||||
|
'';
|
||||||
|
|
||||||
|
inherit (config.system) stateVersion;
|
||||||
|
|
||||||
|
in {
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
(mkRemovedOptionModule [ "services" "nextcloud-patched" "nginx" "enable" ] ''
|
||||||
|
The nextcloud module supports `nginx` as reverse-proxy by default and doesn't
|
||||||
|
support other reverse-proxies officially.
|
||||||
|
|
||||||
|
However it's possible to use an alternative reverse-proxy by
|
||||||
|
|
||||||
|
* disabling nginx
|
||||||
|
* setting `listen.owner` & `listen.group` in the phpfpm-pool to a different value
|
||||||
|
|
||||||
|
Further details about this can be found in the `Nextcloud`-section of the NixOS-manual
|
||||||
|
(which can be openend e.g. by running `nixos-help`).
|
||||||
|
'')
|
||||||
|
];
|
||||||
|
|
||||||
|
options.services.nextcloud-patched = {
|
||||||
|
enable = mkEnableOption "nextcloud";
|
||||||
|
hostName = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
description = "FQDN for the nextcloud instance.";
|
||||||
|
};
|
||||||
|
home = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "/var/lib/nextcloud";
|
||||||
|
description = "Storage path of nextcloud.";
|
||||||
|
};
|
||||||
|
logLevel = mkOption {
|
||||||
|
type = types.ints.between 0 4;
|
||||||
|
default = 2;
|
||||||
|
description = "Log level value between 0 (DEBUG) and 4 (FATAL).";
|
||||||
|
};
|
||||||
|
https = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = "Use https for generated links.";
|
||||||
|
};
|
||||||
|
package = mkOption {
|
||||||
|
type = types.package;
|
||||||
|
description = "Which package to use for the Nextcloud instance.";
|
||||||
|
relatedPackages = [ "nextcloud18" "nextcloud19" "nextcloud20" "nextcloud21" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
maxUploadSize = mkOption {
|
||||||
|
default = "512M";
|
||||||
|
type = types.str;
|
||||||
|
description = ''
|
||||||
|
Defines the upload limit for files. This changes the relevant options
|
||||||
|
in php.ini and nginx if enabled.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
skeletonDirectory = mkOption {
|
||||||
|
default = "";
|
||||||
|
type = types.str;
|
||||||
|
description = ''
|
||||||
|
The directory where the skeleton files are located. These files will be
|
||||||
|
copied to the data directory of new users. Leave empty to not copy any
|
||||||
|
skeleton files.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
webfinger = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
Enable this option if you plan on using the webfinger plugin.
|
||||||
|
The appropriate nginx rewrite rules will be added to your configuration.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
phpOptions = mkOption {
|
||||||
|
type = types.attrsOf types.str;
|
||||||
|
default = {
|
||||||
|
short_open_tag = "Off";
|
||||||
|
expose_php = "Off";
|
||||||
|
error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT";
|
||||||
|
display_errors = "stderr";
|
||||||
|
"opcache.enable_cli" = "1";
|
||||||
|
"opcache.interned_strings_buffer" = "8";
|
||||||
|
"opcache.max_accelerated_files" = "10000";
|
||||||
|
"opcache.memory_consumption" = "128";
|
||||||
|
"opcache.revalidate_freq" = "1";
|
||||||
|
"opcache.fast_shutdown" = "1";
|
||||||
|
"openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt";
|
||||||
|
catch_workers_output = "yes";
|
||||||
|
};
|
||||||
|
description = ''
|
||||||
|
Options for PHP's php.ini file for nextcloud.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
poolSettings = mkOption {
|
||||||
|
type = with types; attrsOf (oneOf [ str int bool ]);
|
||||||
|
default = {
|
||||||
|
"pm" = "dynamic";
|
||||||
|
"pm.max_children" = "32";
|
||||||
|
"pm.start_servers" = "2";
|
||||||
|
"pm.min_spare_servers" = "2";
|
||||||
|
"pm.max_spare_servers" = "4";
|
||||||
|
"pm.max_requests" = "500";
|
||||||
|
};
|
||||||
|
description = ''
|
||||||
|
Options for nextcloud's PHP pool. See the documentation on <literal>php-fpm.conf</literal> for details on configuration directives.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
poolConfig = mkOption {
|
||||||
|
type = types.nullOr types.lines;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
Options for nextcloud's PHP pool. See the documentation on <literal>php-fpm.conf</literal> for details on configuration directives.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
config = {
|
||||||
|
dbtype = mkOption {
|
||||||
|
type = types.enum [ "sqlite" "pgsql" "mysql" ];
|
||||||
|
default = "sqlite";
|
||||||
|
description = "Database type.";
|
||||||
|
};
|
||||||
|
dbname = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = "nextcloud";
|
||||||
|
description = "Database name.";
|
||||||
|
};
|
||||||
|
dbuser = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = "nextcloud";
|
||||||
|
description = "Database user.";
|
||||||
|
};
|
||||||
|
dbpass = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
Database password. Use <literal>dbpassFile</literal> to avoid this
|
||||||
|
being world-readable in the <literal>/nix/store</literal>.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
dbpassFile = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
The full path to a file that contains the database password.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
dbhost = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = "localhost";
|
||||||
|
description = ''
|
||||||
|
Database host.
|
||||||
|
|
||||||
|
Note: for using Unix authentication with PostgreSQL, this should be
|
||||||
|
set to <literal>/run/postgresql</literal>.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
dbport = mkOption {
|
||||||
|
type = with types; nullOr (either int str);
|
||||||
|
default = null;
|
||||||
|
description = "Database port.";
|
||||||
|
};
|
||||||
|
dbtableprefix = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
description = "Table prefix in Nextcloud database.";
|
||||||
|
};
|
||||||
|
adminuser = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "root";
|
||||||
|
description = "Admin username.";
|
||||||
|
};
|
||||||
|
adminpass = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
Admin password. Use <literal>adminpassFile</literal> to avoid this
|
||||||
|
being world-readable in the <literal>/nix/store</literal>.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
adminpassFile = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
The full path to a file that contains the admin's password. Must be
|
||||||
|
readable by user <literal>nextcloud</literal>.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
extraTrustedDomains = mkOption {
|
||||||
|
type = types.listOf types.str;
|
||||||
|
default = [];
|
||||||
|
description = ''
|
||||||
|
Trusted domains, from which the nextcloud installation will be
|
||||||
|
acessible. You don't need to add
|
||||||
|
<literal>services.nextcloud.hostname</literal> here.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
trustedProxies = mkOption {
|
||||||
|
type = types.listOf types.str;
|
||||||
|
default = [];
|
||||||
|
description = ''
|
||||||
|
Trusted proxies, to provide if the nextcloud installation is being
|
||||||
|
proxied to secure against e.g. spoofing.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
overwriteProtocol = mkOption {
|
||||||
|
type = types.nullOr (types.enum [ "http" "https" ]);
|
||||||
|
default = null;
|
||||||
|
example = "https";
|
||||||
|
|
||||||
|
description = ''
|
||||||
|
Force Nextcloud to always use HTTPS i.e. for link generation. Nextcloud
|
||||||
|
uses the currently used protocol by default, but when behind a reverse-proxy,
|
||||||
|
it may use <literal>http</literal> for everything although Nextcloud
|
||||||
|
may be served via HTTPS.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
defaultPhoneRegion = mkOption {
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
example = "DE";
|
||||||
|
description = ''
|
||||||
|
<warning>
|
||||||
|
<para>This option exists since Nextcloud 21! If older versions are used,
|
||||||
|
this will throw an eval-error!</para>
|
||||||
|
</warning>
|
||||||
|
|
||||||
|
<link xlink:href="https://www.iso.org/iso-3166-country-codes.html">ISO 3611-1</link>
|
||||||
|
country codes for automatic phone-number detection without a country code.
|
||||||
|
|
||||||
|
With e.g. <literal>DE</literal> set, the <literal>+49</literal> can be omitted for
|
||||||
|
phone-numbers.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
defaultapp = mkOption {
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
example = "files";
|
||||||
|
description = ''
|
||||||
|
This options sets the app that opens as default.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
caching = {
|
||||||
|
apcu = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = true;
|
||||||
|
description = ''
|
||||||
|
Whether to load the APCu module into PHP.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
redis = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
Whether to load the Redis module into PHP.
|
||||||
|
You still need to enable Redis in your config.php.
|
||||||
|
See https://docs.nextcloud.com/server/14/admin_manual/configuration_server/caching_configuration.html
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
memcached = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
Whether to load the Memcached module into PHP.
|
||||||
|
You still need to enable Memcached in your config.php.
|
||||||
|
See https://docs.nextcloud.com/server/14/admin_manual/configuration_server/caching_configuration.html
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
autoUpdateApps = {
|
||||||
|
enable = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
Run regular auto update of all apps installed from the nextcloud app store.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
startAt = mkOption {
|
||||||
|
type = with types; either str (listOf str);
|
||||||
|
default = "05:00:00";
|
||||||
|
example = "Sun 14:00:00";
|
||||||
|
description = ''
|
||||||
|
When to run the update. See `systemd.services.<name>.startAt`.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
occ = mkOption {
|
||||||
|
type = types.package;
|
||||||
|
default = occ;
|
||||||
|
internal = true;
|
||||||
|
description = ''
|
||||||
|
The nextcloud-occ program preconfigured to target this Nextcloud instance.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
extraOptions = mkOption {
|
||||||
|
type = types.attrs;
|
||||||
|
default = "";
|
||||||
|
description = ''
|
||||||
|
Extra options which should be appended to nextcloud's config.php file
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
secretFile = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
Secret options which will be appended to nextcloud's config.php file (written in JSON, in the same
|
||||||
|
form as the `extraOptions` option).
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable (mkMerge [
|
||||||
|
{ assertions = let acfg = cfg.config; in [
|
||||||
|
{ assertion = !(acfg.dbpass != null && acfg.dbpassFile != null);
|
||||||
|
message = "Please specify no more than one of dbpass or dbpassFile";
|
||||||
|
}
|
||||||
|
{ assertion = ((acfg.adminpass != null || acfg.adminpassFile != null)
|
||||||
|
&& !(acfg.adminpass != null && acfg.adminpassFile != null));
|
||||||
|
message = "Please specify exactly one of adminpass or adminpassFile";
|
||||||
|
}
|
||||||
|
{ assertion = versionOlder cfg.package.version "21" -> cfg.config.defaultPhoneRegion == null;
|
||||||
|
message = "The `defaultPhoneRegion'-setting is only supported for Nextcloud >=21!";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
warnings = []
|
||||||
|
++ (optional (cfg.poolConfig != null) ''
|
||||||
|
Using config.services.nextcloud.poolConfig is deprecated and will become unsupported in a future release.
|
||||||
|
Please migrate your configuration to config.services.nextcloud.poolSettings.
|
||||||
|
'')
|
||||||
|
++ (optional (versionOlder cfg.package.version "18") ''
|
||||||
|
A legacy Nextcloud install (from before NixOS 20.03) may be installed.
|
||||||
|
|
||||||
|
You're currently deploying an older version of Nextcloud. This may be needed
|
||||||
|
since Nextcloud doesn't allow major version upgrades that skip multiple
|
||||||
|
versions (i.e. an upgrade from 16 is possible to 17, but not 16 to 18).
|
||||||
|
|
||||||
|
It is assumed that Nextcloud will be upgraded from version 16 to 17.
|
||||||
|
|
||||||
|
* If this is a fresh install, there will be no upgrade to do now.
|
||||||
|
|
||||||
|
* If this server already had Nextcloud installed, first deploy this to your
|
||||||
|
server, and wait until the upgrade to 17 is finished.
|
||||||
|
|
||||||
|
Then, set `services.nextcloud.package` to `pkgs.nextcloud18` to upgrade to
|
||||||
|
Nextcloud version 18. Please note that Nextcloud 19 is already out and it's
|
||||||
|
recommended to upgrade to nextcloud19 after that.
|
||||||
|
'')
|
||||||
|
++ (optional (versionOlder cfg.package.version "19") ''
|
||||||
|
A legacy Nextcloud install (from before NixOS 20.09) may be installed.
|
||||||
|
|
||||||
|
If/After nextcloud18 is installed successfully, you can safely upgrade to
|
||||||
|
nextcloud19. If not, please upgrade to nextcloud18 first since Nextcloud doesn't
|
||||||
|
support upgrades that skip multiple versions (i.e. an upgrade from 17 to 19 isn't
|
||||||
|
possible, but an upgrade from 18 to 19).
|
||||||
|
'')
|
||||||
|
++ (optional (versionOlder cfg.package.version "21") ''
|
||||||
|
The latest Nextcloud release is v21 which can be installed by setting
|
||||||
|
`services.nextcloud.package` to `pkgs.nextcloud21`. Please note that if you're
|
||||||
|
on `pkgs.nextcloud19`, you'll have to install `pkgs.nextcloud20` first.
|
||||||
|
'');
|
||||||
|
|
||||||
|
services.nextcloud-patched.package = with pkgs;
|
||||||
|
mkDefault (
|
||||||
|
if pkgs ? nextcloud
|
||||||
|
then throw ''
|
||||||
|
The `pkgs.nextcloud`-attribute has been removed. If it's supposed to be the default
|
||||||
|
nextcloud defined in an overlay, please set `services.nextcloud.package` to
|
||||||
|
`pkgs.nextcloud`.
|
||||||
|
''
|
||||||
|
else if versionOlder stateVersion "20.03" then nextcloud17
|
||||||
|
else if versionOlder stateVersion "20.09" then nextcloud18
|
||||||
|
else nextcloud19
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
{ systemd.timers.nextcloud-cron = {
|
||||||
|
wantedBy = [ "timers.target" ];
|
||||||
|
timerConfig.OnBootSec = "5m";
|
||||||
|
timerConfig.OnUnitActiveSec = "15m";
|
||||||
|
timerConfig.Unit = "nextcloud-cron.service";
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services = {
|
||||||
|
# When upgrading the Nextcloud package, Nextcloud can report errors such as
|
||||||
|
# "The files of the app [all apps in /var/lib/nextcloud/apps] were not replaced correctly"
|
||||||
|
# Restarting phpfpm on Nextcloud package update fixes these issues (but this is a workaround).
|
||||||
|
phpfpm-nextcloud.restartTriggers = [ cfg.package ];
|
||||||
|
|
||||||
|
nextcloud-setup = let
|
||||||
|
c = cfg.config;
|
||||||
|
writePhpArrary = a: "[${concatMapStringsSep "," (val: ''"${toString val}"'') a}]";
|
||||||
|
overrideConfig = pkgs.writeText "nextcloud-config.php" ''
|
||||||
|
<?php
|
||||||
|
${optionalString (c.dbpassFile != null) ''
|
||||||
|
function nix_read_pwd() {
|
||||||
|
$file = "${c.dbpassFile}";
|
||||||
|
if (!file_exists($file)) {
|
||||||
|
throw new \RuntimeException(sprintf(
|
||||||
|
"Cannot start Nextcloud, dbpass file %s set by NixOS doesn't exist!",
|
||||||
|
$file
|
||||||
|
));
|
||||||
|
}
|
||||||
|
|
||||||
|
return trim(file_get_contents($file));
|
||||||
|
}
|
||||||
|
''}
|
||||||
|
${optionalString (cfg.secretFile != null) ''
|
||||||
|
function nix_read_secrets() {
|
||||||
|
$file = "${cfg.secretFile}";
|
||||||
|
if (!file_exists($file)) {
|
||||||
|
throw new \RuntimeException(sprintf(
|
||||||
|
"Cannot start Nextcloud, secrets file %s set by NixOS doesn't exist!",
|
||||||
|
$file
|
||||||
|
));
|
||||||
|
}
|
||||||
|
|
||||||
|
return json_decode(file_get_contents($file));
|
||||||
|
}
|
||||||
|
''}
|
||||||
|
$CONFIG = [
|
||||||
|
'apps_paths' => [
|
||||||
|
[ 'path' => '${cfg.home}/apps', 'url' => '/apps', 'writable' => false ],
|
||||||
|
[ 'path' => '${cfg.home}/store-apps', 'url' => '/store-apps', 'writable' => true ],
|
||||||
|
],
|
||||||
|
'datadirectory' => '${cfg.home}/data',
|
||||||
|
'skeletondirectory' => '${cfg.skeletonDirectory}',
|
||||||
|
${optionalString cfg.caching.apcu "'memcache.local' => '\\OC\\Memcache\\APCu',"}
|
||||||
|
'log_type' => 'syslog',
|
||||||
|
'log_level' => '${builtins.toString cfg.logLevel}',
|
||||||
|
${optionalString (c.defaultapp != null) "'defaultapp' => '${c.defaultapp}',"}
|
||||||
|
${optionalString (c.overwriteProtocol != null) "'overwriteprotocol' => '${c.overwriteProtocol}',"}
|
||||||
|
${optionalString (c.dbname != null) "'dbname' => '${c.dbname}',"}
|
||||||
|
${optionalString (c.dbhost != null) "'dbhost' => '${c.dbhost}',"}
|
||||||
|
${optionalString (c.dbport != null) "'dbport' => '${toString c.dbport}',"}
|
||||||
|
${optionalString (c.dbuser != null) "'dbuser' => '${c.dbuser}',"}
|
||||||
|
${optionalString (c.dbtableprefix != null) "'dbtableprefix' => '${toString c.dbtableprefix}',"}
|
||||||
|
${optionalString (c.dbpass != null) "'dbpassword' => '${c.dbpass}',"}
|
||||||
|
${optionalString (c.dbpassFile != null) "'dbpassword' => nix_read_pwd(),"}
|
||||||
|
'dbtype' => '${c.dbtype}',
|
||||||
|
'trusted_domains' => ${writePhpArrary ([ cfg.hostName ] ++ c.extraTrustedDomains)},
|
||||||
|
'trusted_proxies' => ${writePhpArrary (c.trustedProxies)},
|
||||||
|
${optionalString (c.defaultPhoneRegion != null) "'default_phone_region' => '${c.defaultPhoneRegion}',"}
|
||||||
|
];
|
||||||
|
|
||||||
|
$EXTRACONFIG = json_decode('${builtins.toJSON cfg.extraOptions}', true);
|
||||||
|
|
||||||
|
array_push($CONFIG, $EXTRACONFIG);
|
||||||
|
${optionalString (cfg.secretFile != null) "array_push($CONFIG, nix_read_secrets());"}
|
||||||
|
'';
|
||||||
|
occInstallCmd = let
|
||||||
|
dbpass = if c.dbpassFile != null
|
||||||
|
then ''"$(<"${toString c.dbpassFile}")"''
|
||||||
|
else if c.dbpass != null
|
||||||
|
then ''"${toString c.dbpass}"''
|
||||||
|
else ''""'';
|
||||||
|
adminpass = if c.adminpassFile != null
|
||||||
|
then ''"$(<"${toString c.adminpassFile}")"''
|
||||||
|
else ''"${toString c.adminpass}"'';
|
||||||
|
installFlags = concatStringsSep " \\\n "
|
||||||
|
(mapAttrsToList (k: v: "${k} ${toString v}") {
|
||||||
|
"--database" = ''"${c.dbtype}"'';
|
||||||
|
# The following attributes are optional depending on the type of
|
||||||
|
# database. Those that evaluate to null on the left hand side
|
||||||
|
# will be omitted.
|
||||||
|
${if c.dbname != null then "--database-name" else null} = ''"${c.dbname}"'';
|
||||||
|
${if c.dbhost != null then "--database-host" else null} = ''"${c.dbhost}"'';
|
||||||
|
${if c.dbport != null then "--database-port" else null} = ''"${toString c.dbport}"'';
|
||||||
|
${if c.dbuser != null then "--database-user" else null} = ''"${c.dbuser}"'';
|
||||||
|
"--database-pass" = dbpass;
|
||||||
|
${if c.dbtableprefix != null
|
||||||
|
then "--database-table-prefix" else null} = ''"${toString c.dbtableprefix}"'';
|
||||||
|
"--admin-user" = ''"${c.adminuser}"'';
|
||||||
|
"--admin-pass" = adminpass;
|
||||||
|
"--data-dir" = ''"${cfg.home}/data"'';
|
||||||
|
});
|
||||||
|
in ''
|
||||||
|
${occ}/bin/nextcloud-occ maintenance:install \
|
||||||
|
${installFlags}
|
||||||
|
'';
|
||||||
|
occSetTrustedDomainsCmd = concatStringsSep "\n" (imap0
|
||||||
|
(i: v: ''
|
||||||
|
${occ}/bin/nextcloud-occ config:system:set trusted_domains \
|
||||||
|
${toString i} --value="${toString v}"
|
||||||
|
'') ([ cfg.hostName ] ++ cfg.config.extraTrustedDomains));
|
||||||
|
|
||||||
|
in {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
before = [ "phpfpm-nextcloud.service" ];
|
||||||
|
path = [ occ ];
|
||||||
|
script = ''
|
||||||
|
chmod og+x ${cfg.home}
|
||||||
|
|
||||||
|
${optionalString (c.dbpassFile != null) ''
|
||||||
|
if [ ! -r "${c.dbpassFile}" ]; then
|
||||||
|
echo "dbpassFile ${c.dbpassFile} is not readable by nextcloud:nextcloud! Aborting..."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
if [ -z "$(<${c.dbpassFile})" ]; then
|
||||||
|
echo "dbpassFile ${c.dbpassFile} is empty!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
''}
|
||||||
|
${optionalString (c.adminpassFile != null) ''
|
||||||
|
if [ ! -r "${c.adminpassFile}" ]; then
|
||||||
|
echo "adminpassFile ${c.adminpassFile} is not readable by nextcloud:nextcloud! Aborting..."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
if [ -z "$(<${c.adminpassFile})" ]; then
|
||||||
|
echo "adminpassFile ${c.adminpassFile} is empty!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
''}
|
||||||
|
|
||||||
|
ln -sf ${cfg.package}/apps ${cfg.home}/
|
||||||
|
|
||||||
|
# create nextcloud directories.
|
||||||
|
# if the directories exist already with wrong permissions, we fix that
|
||||||
|
for dir in ${cfg.home}/config ${cfg.home}/data ${cfg.home}/store-apps; do
|
||||||
|
if [ ! -e $dir ]; then
|
||||||
|
install -o nextcloud -g nextcloud -d $dir
|
||||||
|
elif [ $(stat -c "%G" $dir) != "nextcloud" ]; then
|
||||||
|
chgrp -R nextcloud $dir
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
ln -sf ${overrideConfig} ${cfg.home}/config/override.config.php
|
||||||
|
|
||||||
|
# Do not install if already installed
|
||||||
|
if [[ ! -e ${cfg.home}/config/config.php ]]; then
|
||||||
|
${occInstallCmd}
|
||||||
|
fi
|
||||||
|
|
||||||
|
${occ}/bin/nextcloud-occ upgrade
|
||||||
|
|
||||||
|
${occ}/bin/nextcloud-occ config:system:delete trusted_domains
|
||||||
|
${occSetTrustedDomainsCmd}
|
||||||
|
'';
|
||||||
|
serviceConfig.Type = "oneshot";
|
||||||
|
serviceConfig.User = "nextcloud";
|
||||||
|
};
|
||||||
|
nextcloud-cron = {
|
||||||
|
environment.NEXTCLOUD_CONFIG_DIR = "${cfg.home}/config";
|
||||||
|
serviceConfig.Type = "oneshot";
|
||||||
|
serviceConfig.User = "nextcloud";
|
||||||
|
serviceConfig.ExecStart = "${phpPackage}/bin/php -f ${cfg.package}/cron.php";
|
||||||
|
};
|
||||||
|
nextcloud-update-plugins = mkIf cfg.autoUpdateApps.enable {
|
||||||
|
serviceConfig.Type = "oneshot";
|
||||||
|
serviceConfig.ExecStart = "${occ}/bin/nextcloud-occ app:update --all";
|
||||||
|
serviceConfig.User = "nextcloud";
|
||||||
|
startAt = cfg.autoUpdateApps.startAt;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.phpfpm = {
|
||||||
|
pools.nextcloud = {
|
||||||
|
user = "nextcloud";
|
||||||
|
group = "nextcloud";
|
||||||
|
phpOptions = phpOptionsStr;
|
||||||
|
phpPackage = phpPackage;
|
||||||
|
phpEnv = {
|
||||||
|
NEXTCLOUD_CONFIG_DIR = "${cfg.home}/config";
|
||||||
|
PATH = "/run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin";
|
||||||
|
};
|
||||||
|
settings = mapAttrs (name: mkDefault) {
|
||||||
|
"listen.owner" = config.services.nginx.user;
|
||||||
|
"listen.group" = config.services.nginx.group;
|
||||||
|
} // cfg.poolSettings;
|
||||||
|
extraConfig = cfg.poolConfig;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
users.users.nextcloud = {
|
||||||
|
home = "${cfg.home}";
|
||||||
|
group = "nextcloud";
|
||||||
|
createHome = true;
|
||||||
|
isSystemUser = true;
|
||||||
|
};
|
||||||
|
users.groups.nextcloud.members = [ "nextcloud" config.services.nginx.user ];
|
||||||
|
|
||||||
|
environment.systemPackages = [ occ ];
|
||||||
|
|
||||||
|
services.nginx.enable = mkDefault true;
|
||||||
|
|
||||||
|
services.nginx.virtualHosts.${cfg.hostName} = let
|
||||||
|
major = toInt (versions.major cfg.package.version);
|
||||||
|
in {
|
||||||
|
root = cfg.package;
|
||||||
|
locations = {
|
||||||
|
"= /robots.txt" = {
|
||||||
|
priority = 100;
|
||||||
|
extraConfig = ''
|
||||||
|
allow all;
|
||||||
|
log_not_found off;
|
||||||
|
access_log off;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
"= /" = {
|
||||||
|
priority = 100;
|
||||||
|
extraConfig = ''
|
||||||
|
if ( $http_user_agent ~ ^DavClnt ) {
|
||||||
|
return 302 /remote.php/webdav/$is_args$args;
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
"/" = {
|
||||||
|
priority = 900;
|
||||||
|
extraConfig = "rewrite ^ /index.php;";
|
||||||
|
};
|
||||||
|
"~ ^/store-apps" = {
|
||||||
|
priority = 201;
|
||||||
|
extraConfig = "root ${cfg.home};";
|
||||||
|
};
|
||||||
|
"^~ /.well-known" = {
|
||||||
|
priority = 210;
|
||||||
|
extraConfig = ''
|
||||||
|
absolute_redirect off;
|
||||||
|
location = /.well-known/carddav {
|
||||||
|
return 301 /remote.php/dav;
|
||||||
|
}
|
||||||
|
location = /.well-known/caldav {
|
||||||
|
return 301 /remote.php/dav;
|
||||||
|
}
|
||||||
|
location ~ ^/\.well-known/(?!acme-challenge|pki-validation) {
|
||||||
|
return 301 /index.php$request_uri;
|
||||||
|
}
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
"~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)".extraConfig = ''
|
||||||
|
return 404;
|
||||||
|
'';
|
||||||
|
"~ ^/(?:\\.(?!well-known)|autotest|occ|issue|indie|db_|console)".extraConfig = ''
|
||||||
|
return 404;
|
||||||
|
'';
|
||||||
|
"~ ^\\/(?:index|remote|public|cron|core\\/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|oc[ms]-provider\\/.+|.+\\/richdocumentscode\\/proxy)\\.php(?:$|\\/)" = {
|
||||||
|
priority = 500;
|
||||||
|
extraConfig = ''
|
||||||
|
include ${config.services.nginx.package}/conf/fastcgi.conf;
|
||||||
|
fastcgi_split_path_info ^(.+?\.php)(\\/.*)$;
|
||||||
|
set $path_info $fastcgi_path_info;
|
||||||
|
try_files $fastcgi_script_name =404;
|
||||||
|
fastcgi_param PATH_INFO $path_info;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
fastcgi_param HTTPS ${if cfg.https then "on" else "off"};
|
||||||
|
fastcgi_param modHeadersAvailable true;
|
||||||
|
fastcgi_param front_controller_active true;
|
||||||
|
fastcgi_pass unix:${fpm.socket};
|
||||||
|
fastcgi_intercept_errors on;
|
||||||
|
fastcgi_request_buffering off;
|
||||||
|
fastcgi_read_timeout 120s;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
"~ \\.(?:css|js|woff2?|svg|gif|map)$".extraConfig = ''
|
||||||
|
try_files $uri /index.php$request_uri;
|
||||||
|
expires 6M;
|
||||||
|
access_log off;
|
||||||
|
'';
|
||||||
|
"~ ^\\/(?:updater|ocs-provider|ocm-provider)(?:$|\\/)".extraConfig = ''
|
||||||
|
try_files $uri/ =404;
|
||||||
|
index index.php;
|
||||||
|
'';
|
||||||
|
"~ \\.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$".extraConfig = ''
|
||||||
|
try_files $uri /index.php$request_uri;
|
||||||
|
access_log off;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
extraConfig = ''
|
||||||
|
index index.php index.html /index.php$request_uri;
|
||||||
|
expires 1m;
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
add_header X-Robots-Tag none;
|
||||||
|
add_header X-Download-Options noopen;
|
||||||
|
add_header X-Permitted-Cross-Domain-Policies none;
|
||||||
|
add_header X-Frame-Options sameorigin;
|
||||||
|
add_header Referrer-Policy no-referrer;
|
||||||
|
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
|
||||||
|
client_max_body_size ${cfg.maxUploadSize};
|
||||||
|
fastcgi_buffers 64 4K;
|
||||||
|
fastcgi_hide_header X-Powered-By;
|
||||||
|
gzip on;
|
||||||
|
gzip_vary on;
|
||||||
|
gzip_comp_level 4;
|
||||||
|
gzip_min_length 256;
|
||||||
|
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||||
|
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||||
|
|
||||||
|
${optionalString cfg.webfinger ''
|
||||||
|
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
|
||||||
|
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
|
||||||
|
''}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
||||||
|
]);
|
||||||
|
}
|
|
@ -36,14 +36,12 @@ in {
|
||||||
boot = {
|
boot = {
|
||||||
kernelModules = [ "nf_nat_ftp" ];
|
kernelModules = [ "nf_nat_ftp" ];
|
||||||
kernel.sysctl = {
|
kernel.sysctl = {
|
||||||
"net.ipv4.conf.all.forwarding" = mkOverride 98 true;
|
"net.ipv4.conf.all.forwarding" = mkOverride 90 true;
|
||||||
"net.ipv4.conf.default.forwarding" = mkOverride 98 true;
|
"net.ipv4.conf.default.forwarding" = mkOverride 90 true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
petabyte.nftables = {
|
networking.nftables = {
|
||||||
enable = true;
|
|
||||||
|
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
table ip nat {
|
table ip nat {
|
||||||
chain prerouting {
|
chain prerouting {
|
||||||
|
|
53
modules/websites.nix
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.hacc.websites;
|
||||||
|
in
|
||||||
|
|
||||||
|
{
|
||||||
|
options.hacc.websites = {
|
||||||
|
enable = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
};
|
||||||
|
directory = mkOption {
|
||||||
|
type = types.path;
|
||||||
|
description = "all subdirectories of the given path are expected to contain a (static) website";
|
||||||
|
};
|
||||||
|
ignore = mkOption {
|
||||||
|
type = types.listOf types.str;
|
||||||
|
default = [];
|
||||||
|
description = "subdirectories that shouldn't be published";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
virtualHosts =
|
||||||
|
let
|
||||||
|
subdirs =
|
||||||
|
let dirAttrs = filterAttrs
|
||||||
|
(n: v: v == "directory" || lists.elem n cfg.ignore)
|
||||||
|
(builtins.readDir cfg.directory);
|
||||||
|
in mapAttrsToList (n: v: n) dirAttrs;
|
||||||
|
|
||||||
|
mkWebsite = subdir: {
|
||||||
|
name = subdir;
|
||||||
|
# the nginx virtualhost config (for all sites) goes in here
|
||||||
|
value = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
|
||||||
|
# naive string interpolation is safe here since nix will always immediately
|
||||||
|
# resolve relative paths to absolute paths; it's not lazy about that.
|
||||||
|
locations."/".root =
|
||||||
|
(pkgs.callPackage "${cfg.directory}/${subdir}" {}).outPath;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
in listToAttrs (map mkWebsite subdirs);
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -2,46 +2,40 @@
|
||||||
"haccmap": {
|
"haccmap": {
|
||||||
"branch": "master",
|
"branch": "master",
|
||||||
"repo": "https://gitlab.infra4future.de/hacc/haccspace-rc3-map",
|
"repo": "https://gitlab.infra4future.de/hacc/haccspace-rc3-map",
|
||||||
"rev": "3b99ee7e5bb2f27044784d03572da77d39cb2427",
|
"rev": "9490ebf656ef379e51cb518ec0038e15d6aeaac6",
|
||||||
"type": "git"
|
"type": "git"
|
||||||
},
|
},
|
||||||
"home-manager": {
|
"home-manager": {
|
||||||
"branch": "release-20.09",
|
"branch": "release-21.11",
|
||||||
"description": "Manage a user environment using Nix [maintainer=@rycee] ",
|
"description": "Manage a user environment using Nix [maintainer=@rycee] ",
|
||||||
"homepage": "https://nix-community.github.io/home-manager/",
|
"homepage": "https://nix-community.github.io/home-manager/",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "2aa20ae969f2597c4df10a094440a66e9d7f8c86",
|
"rev": "d93d56ab8c1c6aa575854a79b9d2f69d491db7d0",
|
||||||
"sha256": "0i5fxaxqm53zp767smrn250q1wjywf9c1jmg6vhp28973p7jysah",
|
"sha256": "1fi27zabvqlyc2ggg7wr01j813gs46rswg1i897h9hqkbgqsjkny",
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
"url": "https://github.com/nix-community/home-manager/archive/2aa20ae969f2597c4df10a094440a66e9d7f8c86.tar.gz",
|
"url": "https://github.com/nix-community/home-manager/archive/d93d56ab8c1c6aa575854a79b9d2f69d491db7d0.tar.gz",
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||||
},
|
},
|
||||||
"mattermost-server": {
|
"mattermost-server": {
|
||||||
"branch": "release-5.31",
|
"branch": "master",
|
||||||
"description": "Open source Slack-alternative in Golang and React - Mattermost",
|
"description": "Open source Slack-alternative in Golang and React - Mattermost",
|
||||||
"homepage": "https://mattermost.com",
|
"homepage": "https://mattermost.com",
|
||||||
"owner": "mattermost",
|
"owner": "mattermost",
|
||||||
"repo": "mattermost-server",
|
"repo": "mattermost-server",
|
||||||
"rev": "7d89f8bc6ef757877572ef12f3c3c018858318d6",
|
"rev": "2ea14ef395fad8919b2f4137642a7f50b370ffba",
|
||||||
"sha256": "18ip32asar8c34zhnf29v3a66a433443pz7rxa2f4vnp0ri1jil6",
|
"sha256": "1k5zqnc4yqnad2cw1wpqk22mjra08jz9gf4v692kbrgx3x4d13kh",
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
"url": "https://github.com/mattermost/mattermost-server/archive/7d89f8bc6ef757877572ef12f3c3c018858318d6.tar.gz",
|
"url": "https://github.com/mattermost/mattermost-server/archive/refs/tags/v6.7.2.tar.gz",
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz",
|
"url_template": "https://github.com/<owner>/<repo>/archive/refs/tags/v<version>.tar.gz",
|
||||||
"version": "5.34.2"
|
"version": "6.7.2"
|
||||||
},
|
},
|
||||||
"mattermost-webapp": {
|
"mattermost-webapp": {
|
||||||
"sha256": "1a1z3p166bs7ygnnbhm8b556wxmljnk2sj4q527jpr437f02fl6z",
|
"sha256": "0pwjfklk0q28yza2iny0im5pq3x430jskvq6rvfq7ycx251s98hx",
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
"url": "https://releases.mattermost.com/5.34.2/mattermost-5.34.2-linux-amd64.tar.gz",
|
"url": "https://releases.mattermost.com/6.7.2/mattermost-6.7.2-linux-amd64.tar.gz",
|
||||||
"url_template": "https://releases.mattermost.com/<version>/mattermost-<version>-linux-amd64.tar.gz",
|
"url_template": "https://releases.mattermost.com/<version>/mattermost-<version>-linux-amd64.tar.gz",
|
||||||
"version": "5.34.2"
|
"version": "6.7.2"
|
||||||
},
|
|
||||||
"mumble-website": {
|
|
||||||
"branch": "master",
|
|
||||||
"repo": "https://gitlab.infra4future.de/hacc/infra4future/mumble.infra4future.de.git",
|
|
||||||
"rev": "3a70bf8aa1f4bb56524d36153b84cfb538c4f787",
|
|
||||||
"type": "git"
|
|
||||||
},
|
},
|
||||||
"niv": {
|
"niv": {
|
||||||
"branch": "master",
|
"branch": "master",
|
||||||
|
@ -49,37 +43,42 @@
|
||||||
"homepage": "https://github.com/nmattia/niv",
|
"homepage": "https://github.com/nmattia/niv",
|
||||||
"owner": "nmattia",
|
"owner": "nmattia",
|
||||||
"repo": "niv",
|
"repo": "niv",
|
||||||
"rev": "af958e8057f345ee1aca714c1247ef3ba1c15f5e",
|
"rev": "82e5cd1ad3c387863f0545d7591512e76ab0fc41",
|
||||||
"sha256": "1qjavxabbrsh73yck5dcq8jggvh3r2jkbr6b5nlz5d9yrqm9255n",
|
"sha256": "090l219mzc0gi33i3psgph6s2pwsc8qy4lyrqjdj4qzkvmaj65a7",
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
"url": "https://github.com/nmattia/niv/archive/af958e8057f345ee1aca714c1247ef3ba1c15f5e.tar.gz",
|
"url": "https://github.com/nmattia/niv/archive/82e5cd1ad3c387863f0545d7591512e76ab0fc41.tar.gz",
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||||
},
|
},
|
||||||
"nix-hexchen": {
|
"nix-hexchen": {
|
||||||
"branch": "main",
|
"branch": "main",
|
||||||
"repo": "https://gitlab.com/hexchen/nixfiles.git",
|
"ref": "main",
|
||||||
"rev": "2dfbd032f05ad79176a5756cd76dbda4a828e4d8",
|
"repo": "https://gitlab.com/hexchen/nixfiles",
|
||||||
"type": "git"
|
"rev": "ef358992030e9a6fa975a24bf4d9aa133bc72424",
|
||||||
|
"sha256": "01hcdrpfc8g1bbc96h7gi04zmyxi9vd7392ncadwfkx5xfd2fp17",
|
||||||
|
"type": "tarball",
|
||||||
|
"url": "https://gitlab.com/hexchen/nixfiles/-/archive/ef358992030e9a6fa975a24bf4d9aa133bc72424.tar.gz",
|
||||||
|
"url_template": "<repo>/-/archive/<rev>.tar.gz"
|
||||||
},
|
},
|
||||||
"nixos-mailserver": {
|
"nixos-mailserver": {
|
||||||
"ref": "nixos-20.09",
|
"branch": "nixos-21.11",
|
||||||
|
"ref": "nixos-21.11",
|
||||||
"repo": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver",
|
"repo": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver",
|
||||||
"rev": "fb1cc04c0a517d4200237b02c3472bcaf9104afb",
|
"rev": "6e3a7b2ea6f0d68b82027b988aa25d3423787303",
|
||||||
"sha256": "0vsvgxxg5cgmzwj98171j7h5l028f1yq784alb3lxgbk8znfk51y",
|
"sha256": "1i56llz037x416bw698v8j6arvv622qc0vsycd20lx3yx8n77n44",
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
"url": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/fb1cc04c0a517d4200237b02c3472bcaf9104afb/nixos-mailserver-fb1cc04c0a517d4200237b02c3472bcaf9104afb.tar.gz",
|
"url": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/6e3a7b2ea6f0d68b82027b988aa25d3423787303.tar.gz",
|
||||||
"url_template": "<repo>/-/archive/<rev>.tar.gz"
|
"url_template": "<repo>/-/archive/<rev>.tar.gz"
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"branch": "nixos-20.09",
|
"branch": "nixos-21.11",
|
||||||
"description": "Nix Packages collection",
|
"description": "Nix Packages collection",
|
||||||
"homepage": "",
|
"homepage": "",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "be58d0fbaa401922a090735edfc08442aed69b47",
|
"rev": "eabc38219184cc3e04a974fe31857d8e0eac098d",
|
||||||
"sha256": "0y1a2b1kdn080w8iy6clsi3pp7z2ag1qzkczixbw6b8h9p0km646",
|
"sha256": "04ffwp2gzq0hhz7siskw6qh9ys8ragp7285vi1zh8xjksxn1msc5",
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
"url": "https://github.com/nixos/nixpkgs/archive/be58d0fbaa401922a090735edfc08442aed69b47.tar.gz",
|
"url": "https://github.com/nixos/nixpkgs/archive/eabc38219184cc3e04a974fe31857d8e0eac098d.tar.gz",
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||||
},
|
},
|
||||||
"nixpkgs-unstable": {
|
"nixpkgs-unstable": {
|
||||||
|
@ -88,30 +87,16 @@
|
||||||
"homepage": "",
|
"homepage": "",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "8e4fe32876ca15e3d5eb3ecd3ca0b224417f5f17",
|
"rev": "ae1dc133ea5f1538d035af41e5ddbc2ebcb67b90",
|
||||||
"sha256": "1l7bnn2mlwmbi6s9kqa1g2i66arzshqijym1qmqq5417q5pq1da7",
|
"sha256": "0dq22dagzk76x2ws4dz88w018i6byamd6rnzqizx68bzimg6g7xn",
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
"url": "https://github.com/nixos/nixpkgs/archive/8e4fe32876ca15e3d5eb3ecd3ca0b224417f5f17.tar.gz",
|
"url": "https://github.com/nixos/nixpkgs/archive/ae1dc133ea5f1538d035af41e5ddbc2ebcb67b90.tar.gz",
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||||
},
|
},
|
||||||
"papermc": {
|
|
||||||
"rev": "1.16.5",
|
|
||||||
"sha256": "08nfn417syh680nb1cp59smlvwir33r7fiwwhf3kl2x38nwrzgrl",
|
|
||||||
"type": "file",
|
|
||||||
"url": "https://papermc.io/api/v2/projects/paper/versions/1.16.5/builds/638/downloads/paper-1.16.5-638.jar",
|
|
||||||
"url_template": "https://papermc.io/api/v2/projects/paper/versions/<rev>/builds/<version>/downloads/paper-<rev>-<version>.jar",
|
|
||||||
"version": "638"
|
|
||||||
},
|
|
||||||
"pbb-nixfiles": {
|
|
||||||
"branch": "main",
|
|
||||||
"repo": "https://git.petabyte.dev/petabyteboy/nixfiles.git",
|
|
||||||
"rev": "fbb5aebfcc93383089e1f3d1b1cd07a6d3bab39f",
|
|
||||||
"type": "git"
|
|
||||||
},
|
|
||||||
"workadventure": {
|
"workadventure": {
|
||||||
"branch": "master",
|
"branch": "master",
|
||||||
"repo": "https://stuebinm.eu/git/workadventure-nix",
|
"repo": "https://stuebinm.eu/git/workadventure-nix",
|
||||||
"rev": "cbe9196fba75be98569d7504e7c1d091bcbf053e",
|
"rev": "8db4bbc5eccaac218c68fb0853f1972dadd7a40c",
|
||||||
"type": "git"
|
"type": "git"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -31,8 +31,28 @@ let
|
||||||
if spec ? branch then "refs/heads/${spec.branch}" else
|
if spec ? branch then "refs/heads/${spec.branch}" else
|
||||||
if spec ? tag then "refs/tags/${spec.tag}" else
|
if spec ? tag then "refs/tags/${spec.tag}" else
|
||||||
abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!";
|
abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!";
|
||||||
|
submodules = if spec ? submodules then spec.submodules else false;
|
||||||
|
submoduleArg =
|
||||||
|
let
|
||||||
|
nixSupportsSubmodules = builtins.compareVersions builtins.nixVersion "2.4" >= 0;
|
||||||
|
emptyArgWithWarning =
|
||||||
|
if submodules == true
|
||||||
|
then
|
||||||
|
builtins.trace
|
||||||
|
(
|
||||||
|
"The niv input \"${name}\" uses submodules "
|
||||||
|
+ "but your nix's (${builtins.nixVersion}) builtins.fetchGit "
|
||||||
|
+ "does not support them"
|
||||||
|
)
|
||||||
|
{}
|
||||||
|
else {};
|
||||||
|
in
|
||||||
|
if nixSupportsSubmodules
|
||||||
|
then { inherit submodules; }
|
||||||
|
else emptyArgWithWarning;
|
||||||
in
|
in
|
||||||
builtins.fetchGit { url = spec.repo; inherit (spec) rev; inherit ref; };
|
builtins.fetchGit
|
||||||
|
({ url = spec.repo; inherit (spec) rev; inherit ref; } // submoduleArg);
|
||||||
|
|
||||||
fetch_local = spec: spec.path;
|
fetch_local = spec: spec.path;
|
||||||
|
|
||||||
|
|
|
@ -4,21 +4,21 @@
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "blackmagic-desktop-video";
|
pname = "blackmagic-desktop-video";
|
||||||
version = "11.6";
|
version = "12.2.2";
|
||||||
|
|
||||||
buildInputs = [
|
buildInputs = [
|
||||||
libcxx libcxxabi
|
libcxx libcxxabi
|
||||||
];
|
];
|
||||||
|
|
||||||
src = requireFile {
|
src = requireFile {
|
||||||
name = "Blackmagic_Desktop_Video_Linux_11.6.tar.gz";
|
name = "Blackmagic_Desktop_Video_Linux_12.2.2.tar.gz";
|
||||||
url = "https://www.blackmagicdesign.com/support/download/d399ada95c2b49ffad3031bda413acb5/Linux";
|
url = "https://www.blackmagicdesign.com/support/";
|
||||||
sha256 = "0qwm1b3gy0k7j1bimkxwwr77g8hrsybs9jp90b46kzcy06mcp380";
|
sha256 = "8bca946bd3f002d2d404a74210c881935351e1a0d03f750559b180fdb439ef35";
|
||||||
};
|
};
|
||||||
|
|
||||||
setSourceRoot = ''
|
setSourceRoot = ''
|
||||||
tar xf Blackmagic_Desktop_Video_Linux_11.6/other/x86_64/desktopvideo-11.6a26-x86_64.tar.gz
|
tar xf Blackmagic_Desktop_Video_Linux_12.2.2/other/x86_64/desktopvideo-12.2.2a6-x86_64.tar.gz
|
||||||
sourceRoot=$NIX_BUILD_TOP/desktopvideo-11.6a26-x86_64
|
sourceRoot=$NIX_BUILD_TOP/desktopvideo-12.2.2a6-x86_64
|
||||||
'';
|
'';
|
||||||
|
|
||||||
installPhase = ''
|
installPhase = ''
|
||||||
|
@ -39,7 +39,7 @@ stdenv.mkDerivation rec {
|
||||||
$out/bin/DesktopVideoHelper
|
$out/bin/DesktopVideoHelper
|
||||||
'';
|
'';
|
||||||
|
|
||||||
meta = with stdenv.lib; {
|
meta = with lib; {
|
||||||
homepage = "https://www.blackmagicdesign.com/support/family/capture-and-playback";
|
homepage = "https://www.blackmagicdesign.com/support/family/capture-and-playback";
|
||||||
maintainers = [ maintainers.hexchen ];
|
maintainers = [ maintainers.hexchen ];
|
||||||
license = licenses.unfree;
|
license = licenses.unfree;
|
||||||
|
|
92
pkgs/companion/default.nix
Normal file
|
@ -0,0 +1,92 @@
|
||||||
|
{ stdenv, mkYarnPackage, mkYarnModules, fetchFromGitHub, libsass, python, python3, pkg-config, libusb, fetchurl, nodejs, electron, writeText, makeWrapper, udev, nodePackages, libvips }:
|
||||||
|
|
||||||
|
let
|
||||||
|
version = "2.1.3";
|
||||||
|
source = fetchFromGitHub {
|
||||||
|
owner = "bitfocus";
|
||||||
|
repo = "companion";
|
||||||
|
# rev = "v${version}";
|
||||||
|
rev = "1cc51029a19d7263a09058f73922277ca53a1583";
|
||||||
|
sha256 = "0305wwdic3n20whzhh9zqcd3dwj7hc4fpycs645ncc3sk48azmj0";
|
||||||
|
};
|
||||||
|
nodeHeaders = fetchurl {
|
||||||
|
url = "https://nodejs.org/download/release/v${nodejs.version}/node-v${nodejs.version}-headers.tar.gz";
|
||||||
|
sha256 = "19b0dg8292cjx758wlrvpb3jf520bpyvjal2n7r4fyvk38x9flik";
|
||||||
|
};
|
||||||
|
webui = mkYarnPackage rec {
|
||||||
|
inherit version;
|
||||||
|
pname = "bitfocus-companion-webui";
|
||||||
|
|
||||||
|
src = "${source}/webui";
|
||||||
|
|
||||||
|
configurePhase = "
|
||||||
|
cp -r $node_modules node_modules
|
||||||
|
chmod -R u+w node_modules
|
||||||
|
";
|
||||||
|
buildPhase = "PUBLIC_URL=. yarn build";
|
||||||
|
installPhase = "mv build $out";
|
||||||
|
distPhase = "true";
|
||||||
|
|
||||||
|
yarnNix = ./yarn-webui.nix;
|
||||||
|
|
||||||
|
pkgConfig = {
|
||||||
|
node-sass = {
|
||||||
|
buildInputs = [ libsass python ];
|
||||||
|
postInstall = "node scripts/build.js --tarball=${nodeHeaders}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
yarnModulesNoWorkspace = args: (mkYarnModules args).overrideAttrs(old: {
|
||||||
|
buildPhase = builtins.replaceStrings [" ./package.json"] [" /dev/null; cp deps/*/package.json ."] old.buildPhase;
|
||||||
|
});
|
||||||
|
|
||||||
|
modules = yarnModulesNoWorkspace rec {
|
||||||
|
inherit version;
|
||||||
|
pname = "companion-modules";
|
||||||
|
name = "${pname}-${version}";
|
||||||
|
yarnNix = ./yarn.nix;
|
||||||
|
packageJSON = "${source}/package.json";
|
||||||
|
yarnLock = "${source}/yarn.lock";
|
||||||
|
|
||||||
|
pkgConfig = {
|
||||||
|
node-hid = {
|
||||||
|
buildInputs = [ udev libusb python3 pkg-config ];
|
||||||
|
postInstall = "${nodePackages.node-gyp}/bin/node-gyp rebuild --tarball=${nodeHeaders}";
|
||||||
|
};
|
||||||
|
sharp = {
|
||||||
|
buildInputs = [ libvips pkg-config ];
|
||||||
|
postInstall = ''
|
||||||
|
sed -i "s|<!(node -p \"require(\\\\'./lib/libvips\\\\').minimumLibvipsVersion\")|${libvips.version}|" binding.gyp
|
||||||
|
sed -i "s|<!(node -p \"require(\\\\'./lib/libvips\\\\').pkgConfigPath()\")||" binding.gyp
|
||||||
|
sed -i "s|<!(node -p \"Boolean(require(\\\\'./lib/libvips\\\\').useGlobalLibvips()).toString()\")|true|" binding.gyp
|
||||||
|
sed -i "s|PKG_CONFIG_PATH=\"<(pkg_config_path)\" ||" binding.gyp
|
||||||
|
${nodePackages.node-gyp}/bin/node-gyp rebuild --tarball=${nodeHeaders}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
in stdenv.mkDerivation rec {
|
||||||
|
inherit version webui modules;
|
||||||
|
pname = "bitfocus-companion";
|
||||||
|
|
||||||
|
src = source;
|
||||||
|
|
||||||
|
nativeBuildInputs = [ makeWrapper ];
|
||||||
|
|
||||||
|
configurePhase = "";
|
||||||
|
buildPhase = "";
|
||||||
|
installPhase = ''
|
||||||
|
mkdir -p $out/share
|
||||||
|
cp --no-preserve=mode -r $src "$out/share/companion"
|
||||||
|
echo "nixos-f00baa-0" > $out/share/companion/BUILD
|
||||||
|
ln -s '${webui}' "$out/share/companion/static"
|
||||||
|
cp -r '${modules}/node_modules' "$out/share/companion/node_modules"
|
||||||
|
|
||||||
|
sed -i "s|process.resourcesPath|\"$out/share/companion\"|" $out/share/companion/lib/server_http.js
|
||||||
|
sed -i "s|require('app-root-path')|\"$out/share/companion\"|" $out/share/companion/{app,lib/{schedule,help,instance}}.js
|
||||||
|
|
||||||
|
makeWrapper '${electron}/bin/electron' "$out/bin/companion" \
|
||||||
|
--add-flags "$out/share/companion"
|
||||||
|
'';
|
||||||
|
}
|
478
pkgs/companion/package.json
Executable file
|
@ -0,0 +1,478 @@
|
||||||
|
{
|
||||||
|
"name": "companion",
|
||||||
|
"version": "2.2.0",
|
||||||
|
"description": "Companion",
|
||||||
|
"main": "electron.js",
|
||||||
|
"build": {
|
||||||
|
"productName": "Companion",
|
||||||
|
"appId": "companion.bitfocus.no",
|
||||||
|
"remoteBuild": false,
|
||||||
|
"dmg": {
|
||||||
|
"artifactName": "companion-mac-${arch}.dmg",
|
||||||
|
"sign": true
|
||||||
|
},
|
||||||
|
"mac": {
|
||||||
|
"target": "dmg",
|
||||||
|
"category": "no.bitfocus.companion",
|
||||||
|
"extendInfo": {
|
||||||
|
"LSBackgroundOnly": 1,
|
||||||
|
"LSUIElement": 1
|
||||||
|
},
|
||||||
|
"extraFiles": [
|
||||||
|
{
|
||||||
|
"from": "./node_modules/sharp/vendor/8.10.6/lib",
|
||||||
|
"to": "Frameworks",
|
||||||
|
"filter": [
|
||||||
|
"!glib-2.0/**/*"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"win": {
|
||||||
|
"target": "nsis",
|
||||||
|
"extraFiles": [
|
||||||
|
{
|
||||||
|
"from": "./node_modules/sharp/build/Release",
|
||||||
|
"to": ".",
|
||||||
|
"filter": [
|
||||||
|
"lib*.dll"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"nsis": {
|
||||||
|
"artifactName": "companion-win64.exe",
|
||||||
|
"createStartMenuShortcut": true,
|
||||||
|
"perMachine": true,
|
||||||
|
"oneClick": false,
|
||||||
|
"allowElevation": true,
|
||||||
|
"allowToChangeInstallationDirectory": true,
|
||||||
|
"installerIcon": "icon.ico",
|
||||||
|
"installerSidebar": "compinst.bmp",
|
||||||
|
"uninstallerSidebar": "compinst.bmp"
|
||||||
|
},
|
||||||
|
"directories": {
|
||||||
|
"buildResources": "assets/",
|
||||||
|
"output": "electron-output/"
|
||||||
|
},
|
||||||
|
"linux": {
|
||||||
|
"target": "dir",
|
||||||
|
"extraFiles": [
|
||||||
|
{
|
||||||
|
"from": "./node_modules/sharp/vendor/8.10.6/lib",
|
||||||
|
"to": ".",
|
||||||
|
"filter": [
|
||||||
|
"libvips*.so.*"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"files": [
|
||||||
|
"**/*",
|
||||||
|
"assets/icon.png",
|
||||||
|
"assets/bitfocus-logo.png",
|
||||||
|
"assets/trayTemplate.png",
|
||||||
|
"assets/trayTemplate@2x.png",
|
||||||
|
"!webui/**/*",
|
||||||
|
"!font/*",
|
||||||
|
"!tools/*",
|
||||||
|
"!*.md",
|
||||||
|
"!node_modules/sharp/vendor/lib"
|
||||||
|
],
|
||||||
|
"extraResources": [
|
||||||
|
{
|
||||||
|
"from": "webui/build",
|
||||||
|
"to": "static"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"scripts": {
|
||||||
|
"prod": "./tools/build_writefile.sh && electron .",
|
||||||
|
"dev": "./tools/build_writefile.sh && cross-env DEVELOPER=1 electron .",
|
||||||
|
"update": "./tools/update.sh",
|
||||||
|
"pack": "electron-builder --dir",
|
||||||
|
"dist:webui": "yarn --cwd webui build",
|
||||||
|
"dist:prepare": "./tools/build_writefile.sh ; rm -rf electron-output && yarn dist:webui",
|
||||||
|
"dist": "yarn dist:prepare && yarn electron-rebuild && electron-builder",
|
||||||
|
"electron-rebuild": "yarn dist:prepare:sharp && electron-builder install-app-deps",
|
||||||
|
"testprod": "./node_modules/electron/cli.js .",
|
||||||
|
"macdist": "yarn dist:prepare && yarn dist:prepare:mac-x64 && electron-builder --publish=never --x64 --mac",
|
||||||
|
"macarmdist": "yarn dist:prepare && yarn dist:prepare:mac-arm64 && electron-builder --publish=never --arm64 --mac",
|
||||||
|
"windist": "yarn dist:prepare && yarn dist:prepare:win && electron-builder --publish=never --x64 --win",
|
||||||
|
"lindist": "yarn dist:prepare && yarn dist:prepare:linux && electron-builder --publish=never --x64 --linux",
|
||||||
|
"rpidist": "yarn dist:prepare && yarn dist:prepare:rpi && electron-builder --publish=never --armv7l --linux",
|
||||||
|
"dist:prepare:sharp": "cd node_modules/sharp && rimraf vendor && node install/libvips && node install/dll-copy",
|
||||||
|
"dist:prepare:win": "cross-env npm_config_platform=win32 npm_config_arch=x64 yarn dist:prepare:sharp",
|
||||||
|
"dist:prepare:mac-x64": "cross-env npm_config_platform=darwin npm_config_arch=x64 yarn dist:prepare:sharp",
|
||||||
|
"dist:prepare:mac-arm64": "cross-env npm_config_platform=darwin npm_config_arch=arm64 yarn dist:prepare:sharp",
|
||||||
|
"dist:prepare:linux": "cross-env npm_config_platform=linux npm_config_arch=x64 yarn dist:prepare:sharp",
|
||||||
|
"dist:prepare:rpi": "cross-env npm_config_platform=linux npm_config_arch=arm yarn dist:prepare:sharp",
|
||||||
|
"test": "mocha",
|
||||||
|
"postinstall": "./tools/build_writefile.sh",
|
||||||
|
"headless": "nodemon --ignore './webui/' headless.js",
|
||||||
|
"dev-headless": "./tools/build_writefile.sh && cross-env DEVELOPER=1 nodemon --ignore './webui/' headless.js",
|
||||||
|
"dev-webui": "yarn --cwd webui dev",
|
||||||
|
"format": "prettier --write ."
|
||||||
|
},
|
||||||
|
"repository": "https://github.com/bitfocus/companion",
|
||||||
|
"keywords": [
|
||||||
|
"bitfocus",
|
||||||
|
"companion"
|
||||||
|
],
|
||||||
|
"engines": {
|
||||||
|
"npm": "please-use-yarn",
|
||||||
|
"yarn": "^1.22",
|
||||||
|
"node": "^14.16"
|
||||||
|
},
|
||||||
|
"managed_node_version": "14",
|
||||||
|
"author": "Bitfocus AS",
|
||||||
|
"license": "MIT",
|
||||||
|
"devDependencies": {
|
||||||
|
"asar": "^3.0.3",
|
||||||
|
"aws-sdk": "^2.931.0",
|
||||||
|
"chai": "^4.3.4",
|
||||||
|
"chai-fs": "^2.0.0",
|
||||||
|
"cross-env": "^7.0.3",
|
||||||
|
"electron": "^13.1.2",
|
||||||
|
"electron-builder": "22.11.7",
|
||||||
|
"mocha": "^6.2.3",
|
||||||
|
"nodemon": "^2.0.7",
|
||||||
|
"p-all": "^3.0.0",
|
||||||
|
"prettier": "^2.3.1",
|
||||||
|
"rimraf": "^3.0.2",
|
||||||
|
"s3-upload-stream": "^1.0.7"
|
||||||
|
},
|
||||||
|
"dependencies": {
|
||||||
|
"@sentry/electron": "^2.5.0",
|
||||||
|
"app-root-path": "^3.0.0",
|
||||||
|
"binopsy": "^0.0.0",
|
||||||
|
"check-ip": "^1.1.1",
|
||||||
|
"companion-module-7thsensedesign-delta": "github:bitfocus/companion-module-7thsensedesign-delta#v1.0.1",
|
||||||
|
"companion-module-agf-characterworks": "github:bitfocus/companion-module-agf-characterworks#v1.0.3",
|
||||||
|
"companion-module-aja-helo": "github:bitfocus/companion-module-aja-helo#v1.0.2",
|
||||||
|
"companion-module-aja-kipro": "github:bitfocus/companion-module-aja-kipro#v2.0.11",
|
||||||
|
"companion-module-aja-kumo": "github:bitfocus/companion-module-aja-kumo#v1.0.5",
|
||||||
|
"companion-module-allenheath-dlive-ilive": "github:bitfocus/companion-module-allenheath-dlive-ilive#v1.3.7",
|
||||||
|
"companion-module-allenheath-qu": "github:bitfocus/companion-module-allenheath-qu#v1.0.7",
|
||||||
|
"companion-module-allenheath-sq": "github:bitfocus/companion-module-allenheath-sq#v1.3.8",
|
||||||
|
"companion-module-analogway-eks500": "github:bitfocus/companion-module-analogway-eks500#v1.0.1",
|
||||||
|
"companion-module-analogway-livecore": "github:bitfocus/companion-module-analogway-livecore#v1.1.1",
|
||||||
|
"companion-module-analogway-livepremier": "github:bitfocus/companion-module-analogway-livepremier#v1.0.2",
|
||||||
|
"companion-module-analogway-midra": "github:bitfocus/companion-module-analogway-midra#v1.0.2",
|
||||||
|
"companion-module-analogway-picturall": "github:bitfocus/companion-module-analogway-picturall#v1.2.1",
|
||||||
|
"companion-module-analogway-pls300": "github:bitfocus/companion-module-analogway-pls300#v1.0.3",
|
||||||
|
"companion-module-analogway-vertige": "github:bitfocus/companion-module-analogway-vertige#v1.0.0",
|
||||||
|
"companion-module-analogway-vio": "github:bitfocus/companion-module-analogway-vio#v1.0.1",
|
||||||
|
"companion-module-anomes-millumin": "github:bitfocus/companion-module-anomes-millumin#v1.0.6",
|
||||||
|
"companion-module-arkaos-mediamaster": "github:bitfocus/companion-module-arkaos-mediamaster#v1.0.1",
|
||||||
|
"companion-module-aten-matrix": "github:bitfocus/companion-module-aten-matrix#v1.0.0",
|
||||||
|
"companion-module-audiostrom-liveprofessor": "github:bitfocus/companion-module-audiostrom-liveprofessor#v1.0.0",
|
||||||
|
"companion-module-audivero-unityintercom-client": "github:bitfocus/companion-module-audivero-unityintercom-client#v1.0.2",
|
||||||
|
"companion-module-avishop-hdbaset-matrix": "github:bitfocus/companion-module-avishop-hdbaset-matrix#v1.0.1",
|
||||||
|
"companion-module-avolites-ai": "github:bitfocus/companion-module-avolites-ai#v1.0.1",
|
||||||
|
"companion-module-avolites-titan": "github:bitfocus/companion-module-avolites-titan#v1.1.0",
|
||||||
|
"companion-module-avproconnect-acmx1616-auhd": "github:bitfocus/companion-module-avproconnect-acmx1616-auhd#v1.0.0",
|
||||||
|
"companion-module-avstumpfl-pixera": "github:bitfocus/companion-module-avstumpfl-pixera#v1.0.2",
|
||||||
|
"companion-module-axis-ptz": "github:bitfocus/companion-module-axis-ptz#v1.0.1",
|
||||||
|
"companion-module-barco-dcs": "github:bitfocus/companion-module-barco-dcs#v1.0.4",
|
||||||
|
"companion-module-barco-dp": "github:bitfocus/companion-module-barco-dp#v1.1.2",
|
||||||
|
"companion-module-barco-encore": "github:bitfocus/companion-module-barco-encore#v1.0.1",
|
||||||
|
"companion-module-barco-eventmaster": "github:bitfocus/companion-module-barco-eventmaster#v1.3.6",
|
||||||
|
"companion-module-barco-eventmaster-xml": "github:bitfocus/companion-module-barco-eventmaster-xml#v1.2.4",
|
||||||
|
"companion-module-barco-hdx": "github:bitfocus/companion-module-barco-hdx#v1.1.5",
|
||||||
|
"companion-module-barco-imagepro": "github:bitfocus/companion-module-barco-imagepro#v1.0.1",
|
||||||
|
"companion-module-barco-matrixpro": "github:bitfocus/companion-module-barco-matrixpro#v1.1.0",
|
||||||
|
"companion-module-barco-pds": "github:bitfocus/companion-module-barco-pds#v1.1.5",
|
||||||
|
"companion-module-barco-pulse": "github:bitfocus/companion-module-barco-pulse#v1.1.2",
|
||||||
|
"companion-module-bbc-raven": "github:bitfocus/companion-module-bbc-raven#v1.0.1",
|
||||||
|
"companion-module-behringer-wing": "github:bitfocus/companion-module-behringer-wing#v1.0.5",
|
||||||
|
"companion-module-behringer-x32": "github:bitfocus/companion-module-behringer-x32#v2.7.0",
|
||||||
|
"companion-module-behringer-xair": "github:bitfocus/companion-module-behringer-xair#v1.6.7",
|
||||||
|
"companion-module-biamp-audia": "github:bitfocus/companion-module-biamp-audia#v1.0.1",
|
||||||
|
"companion-module-birddog-studio": "github:bitfocus/companion-module-birddog-studio#v1.0.0",
|
||||||
|
"companion-module-birddog-visca": "github:bitfocus/companion-module-birddog-visca#v1.0.4",
|
||||||
|
"companion-module-bitfocus-companion": "github:bitfocus/companion-module-bitfocus-companion#v1.5.3",
|
||||||
|
"companion-module-bitfocus-snapshot": "github:bitfocus/companion-module-bitfocus-snapshot#v0.0.4",
|
||||||
|
"companion-module-blackbox-boxilla": "github:bitfocus/companion-module-blackbox-boxilla#v1.0.2",
|
||||||
|
"companion-module-blackdiamondvideo-phantom800": "github:bitfocus/companion-module-blackdiamondvideo-phantom800#v1.0.0",
|
||||||
|
"companion-module-bmd-atem": "github:bitfocus/companion-module-bmd-atem#v2.13.0",
|
||||||
|
"companion-module-bmd-audiomonitor": "github:bitfocus/companion-module-bmd-audiomonitor#v1.0.0",
|
||||||
|
"companion-module-bmd-hyperdeck": "github:bitfocus/companion-module-bmd-hyperdeck#v1.2.2",
|
||||||
|
"companion-module-bmd-multiview16": "github:bitfocus/companion-module-bmd-multiview16#v1.0.1",
|
||||||
|
"companion-module-bmd-multiview4": "github:bitfocus/companion-module-bmd-multiview4#v1.3.2",
|
||||||
|
"companion-module-bmd-smartview": "github:bitfocus/companion-module-bmd-smartview#v1.1.3",
|
||||||
|
"companion-module-bmd-teranex": "github:bitfocus/companion-module-bmd-teranex#v1.0.4",
|
||||||
|
"companion-module-bmd-videohub": "github:bitfocus/companion-module-bmd-videohub#v1.3.0",
|
||||||
|
"companion-module-bmd-webpresenterhd": "github:bitfocus/companion-module-bmd-webpresenterhd#v1.0.1",
|
||||||
|
"companion-module-boinx-mimolive": "github:bitfocus/companion-module-boinx-mimolive#v1.0.1",
|
||||||
|
"companion-module-borealsystems-director": "github:bitfocus/companion-module-borealsystems-director#v1.0.0",
|
||||||
|
"companion-module-brightsign-player": "github:bitfocus/companion-module-brightsign-player#v1.1.1",
|
||||||
|
"companion-module-brompton-tessera": "github:bitfocus/companion-module-brompton-tessera#v1.0.0",
|
||||||
|
"companion-module-canon-xf": "github:bitfocus/companion-module-canon-xf#v1.0.0",
|
||||||
|
"companion-module-casparcg-server": "github:bitfocus/companion-module-casparcg-server#v1.0.2",
|
||||||
|
"companion-module-chamsys-magicq-osc": "github:bitfocus/companion-module-chamsys-magicq-osc#v1.0.1",
|
||||||
|
"companion-module-chamsys-magicq-udp": "github:bitfocus/companion-module-chamsys-magicq-udp#v1.0.2",
|
||||||
|
"companion-module-christie-pandorasbox": "github:bitfocus/companion-module-christie-pandorasbox#v2.0.2",
|
||||||
|
"companion-module-christie-projector": "github:bitfocus/companion-module-christie-projector#v2.0.3",
|
||||||
|
"companion-module-christie-spyder": "github:bitfocus/companion-module-christie-spyder#v1.0.0",
|
||||||
|
"companion-module-christie-wd": "github:bitfocus/companion-module-christie-wd#v1.0.6",
|
||||||
|
"companion-module-cisco-cms": "github:bitfocus/companion-module-cisco-cms#v1.0.1",
|
||||||
|
"companion-module-cisco-webex-websocket": "github:bitfocus/companion-module-cisco-webex-websocket#v1.1.0",
|
||||||
|
"companion-module-cockos-reaper": "github:bitfocus/companion-module-cockos-reaper#v1.1.0",
|
||||||
|
"companion-module-connect-webcaster": "github:bitfocus/companion-module-connect-webcaster#v1.0.0",
|
||||||
|
"companion-module-crystal-scte": "github:bitfocus/companion-module-crystal-scte#v1.0.0",
|
||||||
|
"companion-module-dahuasecurity-ptz": "github:bitfocus/companion-module-dahuasecurity-ptz#v1.0.1",
|
||||||
|
"companion-module-dalite-scb": "github:bitfocus/companion-module-dalite-scb#v1.0.0",
|
||||||
|
"companion-module-dashare-multiplay": "github:bitfocus/companion-module-dashare-multiplay#v1.0.1",
|
||||||
|
"companion-module-datapath-fx4": "github:bitfocus/companion-module-datapath-fx4#v1.0.0",
|
||||||
|
"companion-module-dataton-watchout": "github:bitfocus/companion-module-dataton-watchout#v1.2.0",
|
||||||
|
"companion-module-datavideo-dvip": "github:bitfocus/companion-module-datavideo-dvip#v1.0.0",
|
||||||
|
"companion-module-datavideo-visca": "github:bitfocus/companion-module-datavideo-visca#v1.0.3",
|
||||||
|
"companion-module-dcc-ex-commandstation": "github:bitfocus/companion-module-dcc-ex-commandstation#v1.0.0",
|
||||||
|
"companion-module-denon-dn-500bd-mkii": "github:bitfocus/companion-module-denon-dn-500bd-mkii#v1.0.2",
|
||||||
|
"companion-module-denon-receiver": "github:bitfocus/companion-module-denon-receiver#v1.0.1",
|
||||||
|
"companion-module-denon-recorder": "github:bitfocus/companion-module-denon-recorder#v1.0.1",
|
||||||
|
"companion-module-depili-clock-8001": "github:bitfocus/companion-module-depili-clock-8001#v5.1.1",
|
||||||
|
"companion-module-dexon-dimax": "github:bitfocus/companion-module-dexon-dimax#v1.0.3",
|
||||||
|
"companion-module-dexon-divip": "github:bitfocus/companion-module-dexon-divip#v1.0.2",
|
||||||
|
"companion-module-dexon-matrix": "github:bitfocus/companion-module-dexon-matrix#v1.0.1",
|
||||||
|
"companion-module-digico-osc": "github:bitfocus/companion-module-digico-osc#v1.0.2",
|
||||||
|
"companion-module-digitalprojection-highlight": "github:bitfocus/companion-module-digitalprojection-highlight#v1.0.2",
|
||||||
|
"companion-module-disguise": "github:bitfocus/companion-module-disguise#v1.1.0",
|
||||||
|
"companion-module-disguise-mtc": "github:bitfocus/companion-module-disguise-mtc#v1.0.2",
|
||||||
|
"companion-module-dolby-cinemaprocessor": "github:bitfocus/companion-module-dolby-cinemaprocessor#v1.1.0",
|
||||||
|
"companion-module-draco-tera": "github:bitfocus/companion-module-draco-tera#v1.0.4",
|
||||||
|
"companion-module-dsan-limitimer": "github:bitfocus/companion-module-dsan-limitimer#v1.1.1",
|
||||||
|
"companion-module-dsan-perfectcue": "github:bitfocus/companion-module-dsan-perfectcue#v1.0.0",
|
||||||
|
"companion-module-dtvideolabs-playbackproplus": "github:bitfocus/companion-module-dtvideolabs-playbackproplus#v1.0.2",
|
||||||
|
"companion-module-elgato-keylight": "github:bitfocus/companion-module-elgato-keylight#v1.2.2",
|
||||||
|
"companion-module-epiphan-pearl": "github:bitfocus/companion-module-epiphan-pearl#v1.0.7",
|
||||||
|
"companion-module-etc-eos": "github:bitfocus/companion-module-etc-eos#v1.2.1",
|
||||||
|
"companion-module-extron-dxp": "github:bitfocus/companion-module-extron-dxp#v1.0.8",
|
||||||
|
"companion-module-extron-in1604": "github:bitfocus/companion-module-extron-in1604#v1.0.3",
|
||||||
|
"companion-module-extron-ipl-t-pcs4": "github:bitfocus/companion-module-extron-ipl-t-pcs4#v1.0.2",
|
||||||
|
"companion-module-extron-smp111": "github:bitfocus/companion-module-extron-smp111#v1.0.4",
|
||||||
|
"companion-module-extron-smp351": "github:bitfocus/companion-module-extron-smp351#v1.2.0",
|
||||||
|
"companion-module-extron-smx": "github:bitfocus/companion-module-extron-smx#v1.0.4",
|
||||||
|
"companion-module-faithchapel-videoplayoutserver": "github:bitfocus/companion-module-faithchapel-videoplayoutserver#v1.0.1",
|
||||||
|
"companion-module-figure53-go-button": "github:bitfocus/companion-module-figure53-go-button#v1.2.4",
|
||||||
|
"companion-module-figure53-qlab": "github:bitfocus/companion-module-figure53-qlab#v1.2.5",
|
||||||
|
"companion-module-figure53-qlab-advance": "github:bitfocus/companion-module-figure53-qlab-advance#v1.3.8",
|
||||||
|
"companion-module-figure53-qview": "github:bitfocus/companion-module-figure53-qview#v1.0.0",
|
||||||
|
"companion-module-folivora-btt": "github:bitfocus/companion-module-folivora-btt#v1.0.2",
|
||||||
|
"companion-module-fora-hvs": "github:bitfocus/companion-module-fora-hvs#v1.2.4",
|
||||||
|
"companion-module-foscam-ptz": "github:bitfocus/companion-module-foscam-ptz#v1.0.1",
|
||||||
|
"companion-module-gallery-virtualvtrpro": "github:bitfocus/companion-module-gallery-virtualvtrpro#v1.0.1",
|
||||||
|
"companion-module-gammacontrol-gmaestro": "github:bitfocus/companion-module-gammacontrol-gmaestro#v1.0.2",
|
||||||
|
"companion-module-gefen-dvimatrix": "github:bitfocus/companion-module-gefen-dvimatrix#v1.0.1",
|
||||||
|
"companion-module-generic-artnet": "github:bitfocus/companion-module-generic-artnet#v1.0.2",
|
||||||
|
"companion-module-generic-emberplus": "github:bitfocus/companion-module-generic-emberplus#v1.1.1",
|
||||||
|
"companion-module-generic-http": "github:bitfocus/companion-module-generic-http#v1.0.8",
|
||||||
|
"companion-module-generic-mqtt": "github:bitfocus/companion-module-generic-mqtt#v1.2.0",
|
||||||
|
"companion-module-generic-osc": "github:bitfocus/companion-module-generic-osc#v1.0.4",
|
||||||
|
"companion-module-generic-pjlink": "github:bitfocus/companion-module-generic-pjlink#v1.0.5",
|
||||||
|
"companion-module-generic-sacn": "github:bitfocus/companion-module-generic-sacn#v1.0.0",
|
||||||
|
"companion-module-generic-swp08": "github:bitfocus/companion-module-generic-swp08#v1.0.3",
|
||||||
|
"companion-module-generic-tcp-serial": "github:bitfocus/companion-module-generic-tcp-serial#v1.0.2",
|
||||||
|
"companion-module-generic-tcp-udp": "github:bitfocus/companion-module-generic-tcp-udp#v1.0.6",
|
||||||
|
"companion-module-generic-wakeonlan": "github:bitfocus/companion-module-generic-wakeonlan#v1.0.4",
|
||||||
|
"companion-module-generic-websocket": "github:bitfocus/companion-module-generic-websocket#v1.0.0",
|
||||||
|
"companion-module-globalcache-itac-cc": "github:bitfocus/companion-module-globalcache-itac-cc#v1.0.1",
|
||||||
|
"companion-module-globalcache-itac-ir": "github:bitfocus/companion-module-globalcache-itac-ir#v1.0.5",
|
||||||
|
"companion-module-globalcache-itac-sl": "github:bitfocus/companion-module-globalcache-itac-sl#v1.0.3",
|
||||||
|
"companion-module-grassvalley-amp": "github:bitfocus/companion-module-grassvalley-amp#v1.1.3",
|
||||||
|
"companion-module-greenhippo-hippotizer": "github:bitfocus/companion-module-greenhippo-hippotizer#v1.0.2",
|
||||||
|
"companion-module-h2r-graphics": "github:bitfocus/companion-module-h2r-graphics#v1.1.2",
|
||||||
|
"companion-module-haivision-connectdvr": "github:bitfocus/companion-module-haivision-connectdvr#v1.0.9",
|
||||||
|
"companion-module-haivision-kbencoder": "github:bitfocus/companion-module-haivision-kbencoder#v1.0.0",
|
||||||
|
"companion-module-highend-hog4": "github:bitfocus/companion-module-highend-hog4#v1.1.0",
|
||||||
|
"companion-module-hologfx-holographics": "github:bitfocus/companion-module-hologfx-holographics#v1.0.0",
|
||||||
|
"companion-module-homeassistant-server": "github:bitfocus/companion-module-homeassistant-server#v0.6.1",
|
||||||
|
"companion-module-ifelseware-avkey": "github:bitfocus/companion-module-ifelseware-avkey#v1.0.0",
|
||||||
|
"companion-module-ifelseware-avplayback": "github:bitfocus/companion-module-ifelseware-avplayback#v1.0.2",
|
||||||
|
"companion-module-imimot-mitti": "github:bitfocus/companion-module-imimot-mitti#v1.0.8",
|
||||||
|
"companion-module-interactivetechnologies-cueserver": "github:bitfocus/companion-module-interactivetechnologies-cueserver#v1.0.1",
|
||||||
|
"companion-module-irisdown-countdowntimer": "github:bitfocus/companion-module-irisdown-countdowntimer#v1.1.3",
|
||||||
|
"companion-module-irisdown-remoteshowcontrol": "github:bitfocus/companion-module-irisdown-remoteshowcontrol#v1.0.2",
|
||||||
|
"companion-module-jamesholt-x32tc": "github:bitfocus/companion-module-jamesholt-x32tc#v1.0.6",
|
||||||
|
"companion-module-joy-playdeck": "github:bitfocus/companion-module-joy-playdeck#v1.0.1",
|
||||||
|
"companion-module-justmacros-lua": "github:bitfocus/companion-module-justmacros-lua#v1.0.1",
|
||||||
|
"companion-module-jvc-ptz": "github:bitfocus/companion-module-jvc-ptz#v1.0.9",
|
||||||
|
"companion-module-kiloview-ndi": "github:bitfocus/companion-module-kiloview-ndi#v1.0.0",
|
||||||
|
"companion-module-kramer-matrix": "github:bitfocus/companion-module-kramer-matrix#v1.2.1",
|
||||||
|
"companion-module-kramer-vp727": "github:bitfocus/companion-module-kramer-vp727#v1.0.1",
|
||||||
|
"companion-module-kramer-vp734": "github:bitfocus/companion-module-kramer-vp734#v1.0.0",
|
||||||
|
"companion-module-kramer-vp773a": "github:bitfocus/companion-module-kramer-vp773a#v1.0.0",
|
||||||
|
"companion-module-kramer-vs41h": "github:bitfocus/companion-module-kramer-vs41h#v1.0.0",
|
||||||
|
"companion-module-leafcoders-titler": "github:bitfocus/companion-module-leafcoders-titler#v1.0.0",
|
||||||
|
"companion-module-lectrosonics-aspen": "github:bitfocus/companion-module-lectrosonics-aspen#v1.0.0",
|
||||||
|
"companion-module-lightware-lw2": "github:bitfocus/companion-module-lightware-lw2#v1.0.2",
|
||||||
|
"companion-module-lightware-lw3": "github:bitfocus/companion-module-lightware-lw3#v1.0.1",
|
||||||
|
"companion-module-liminalet-zoomosc": "github:bitfocus/companion-module-liminalet-zoomosc#v1.0.8",
|
||||||
|
"companion-module-linkbox-remote": "github:bitfocus/companion-module-linkbox-remote#v1.2.1",
|
||||||
|
"companion-module-livingasone-decoders": "github:bitfocus/companion-module-livingasone-decoders#v1.1.2",
|
||||||
|
"companion-module-ltn-schedule": "github:bitfocus/companion-module-ltn-schedule#v1.0.0",
|
||||||
|
"companion-module-lumens-mediaprocessor": "github:bitfocus/companion-module-lumens-mediaprocessor#v1.0.0",
|
||||||
|
"companion-module-lumens-visca": "github:bitfocus/companion-module-lumens-visca#v1.0.2",
|
||||||
|
"companion-module-lyntec-rpc-breaker": "github:bitfocus/companion-module-lyntec-rpc-breaker#v1.0.3",
|
||||||
|
"companion-module-magewell-proconvert-decoder": "github:bitfocus/companion-module-magewell-proconvert-decoder#v1.0.0",
|
||||||
|
"companion-module-magewell-ultrastream": "github:bitfocus/companion-module-magewell-ultrastream#v0.0.3",
|
||||||
|
"companion-module-magicsoft-recorder": "github:bitfocus/companion-module-magicsoft-recorder#v1.0.0",
|
||||||
|
"companion-module-malighting-grandma2": "github:bitfocus/companion-module-malighting-grandma2#v1.0.10",
|
||||||
|
"companion-module-malighting-msc": "github:bitfocus/companion-module-malighting-msc#v0.2.1",
|
||||||
|
"companion-module-matrox-monarch": "github:bitfocus/companion-module-matrox-monarch#v1.0.0",
|
||||||
|
"companion-module-media-player-classic": "github:bitfocus/companion-module-media-player-classic#v1.0.0",
|
||||||
|
"companion-module-metus-ingest": "github:bitfocus/companion-module-metus-ingest#v1.2.1",
|
||||||
|
"companion-module-middleatlantic-racklink": "github:bitfocus/companion-module-middleatlantic-racklink#v1.0.0",
|
||||||
|
"companion-module-middlethings-middlecontrol": "github:bitfocus/companion-module-middlethings-middlecontrol#v1.0.1",
|
||||||
|
"companion-module-modelighting-edin": "github:bitfocus/companion-module-modelighting-edin#v1.0.0",
|
||||||
|
"companion-module-modulo": "github:bitfocus/companion-module-modulo#v1.0.1",
|
||||||
|
"companion-module-motu-avb": "github:bitfocus/companion-module-motu-avb#v1.0.2",
|
||||||
|
"companion-module-msc-router": "github:bitfocus/companion-module-msc-router#v1.0.2",
|
||||||
|
"companion-module-multicamsystems-multicamsuite": "github:bitfocus/companion-module-multicamsystems-multicamsuite#v1.0.1",
|
||||||
|
"companion-module-muxlab-kvm": "github:bitfocus/companion-module-muxlab-kvm#v1.0.0",
|
||||||
|
"companion-module-neodarque-stagetimer2": "github:bitfocus/companion-module-neodarque-stagetimer2#v1.2.6",
|
||||||
|
"companion-module-netio-powerbox": "github:bitfocus/companion-module-netio-powerbox#v1.0.0",
|
||||||
|
"companion-module-nevion-mrp": "github:bitfocus/companion-module-nevion-mrp#v2.0.2",
|
||||||
|
"companion-module-newbluefx-titler": "github:bitfocus/companion-module-newbluefx-titler#v1.0.1",
|
||||||
|
"companion-module-newtek-ndistudiomonitor": "github:bitfocus/companion-module-newtek-ndistudiomonitor#v1.0.1",
|
||||||
|
"companion-module-newtek-tricaster": "github:bitfocus/companion-module-newtek-tricaster#v1.1.4",
|
||||||
|
"companion-module-nexo-nxamp": "github:bitfocus/companion-module-nexo-nxamp#v1.0.0",
|
||||||
|
"companion-module-nobe-omniscope": "github:bitfocus/companion-module-nobe-omniscope#v1.0.0",
|
||||||
|
"companion-module-noismada-octopuslistener": "github:bitfocus/companion-module-noismada-octopuslistener#v1.0.2",
|
||||||
|
"companion-module-noismada-octopusshowcontrol": "github:bitfocus/companion-module-noismada-octopusshowcontrol#v1.2.0",
|
||||||
|
"companion-module-novastar-controller": "github:bitfocus/companion-module-novastar-controller#v1.0.6",
|
||||||
|
"companion-module-obs-studio": "github:bitfocus/companion-module-obs-studio#v1.0.24",
|
||||||
|
"companion-module-obsidiancontrol-onyx": "github:bitfocus/companion-module-obsidiancontrol-onyx#v1.0.3",
|
||||||
|
"companion-module-octava-pro-dsx": "github:bitfocus/companion-module-octava-pro-dsx#v0.0.1",
|
||||||
|
"companion-module-openlp-http": "github:bitfocus/companion-module-openlp-http#v0.1.1",
|
||||||
|
"companion-module-opensong-api": "github:bitfocus/companion-module-opensong-api#v1.0.1",
|
||||||
|
"companion-module-openweather-rest": "github:bitfocus/companion-module-openweather-rest#v1.0.2",
|
||||||
|
"companion-module-opticis-omm-1000": "github:bitfocus/companion-module-opticis-omm-1000#v1.0.2",
|
||||||
|
"companion-module-optoma-z28s": "github:bitfocus/companion-module-optoma-z28s#v1.0.2",
|
||||||
|
"companion-module-orfast-ndi": "github:bitfocus/companion-module-orfast-ndi#v1.0.0",
|
||||||
|
"companion-module-panasonic-avhs": "github:bitfocus/companion-module-panasonic-avhs#v1.0.4",
|
||||||
|
"companion-module-panasonic-camera-controller": "github:bitfocus/companion-module-panasonic-camera-controller#v1.0.6",
|
||||||
|
"companion-module-panasonic-projector": "github:bitfocus/companion-module-panasonic-projector#v1.0.1",
|
||||||
|
"companion-module-panasonic-ptz": "github:bitfocus/companion-module-panasonic-ptz#v1.0.19",
|
||||||
|
"companion-module-panasonic-tv-th": "github:bitfocus/companion-module-panasonic-tv-th#v0.0.1",
|
||||||
|
"companion-module-pangolin-beyond": "github:bitfocus/companion-module-pangolin-beyond#v1.0.2",
|
||||||
|
"companion-module-phillips-hue": "github:bitfocus/companion-module-phillips-hue#v0.0.4",
|
||||||
|
"companion-module-pixap-pixtimerpro": "github:bitfocus/companion-module-pixap-pixtimerpro#v1.0.6",
|
||||||
|
"companion-module-planningcenter-serviceslive": "github:bitfocus/companion-module-planningcenter-serviceslive#v1.0.5",
|
||||||
|
"companion-module-presentationtools-aps": "github:bitfocus/companion-module-presentationtools-aps#v1.1.0",
|
||||||
|
"companion-module-presentationtools-cuetimer": "github:bitfocus/companion-module-presentationtools-cuetimer#v1.0.0",
|
||||||
|
"companion-module-protopie-bridge": "github:bitfocus/companion-module-protopie-bridge#v1.0.2",
|
||||||
|
"companion-module-prsi-ipower": "github:bitfocus/companion-module-prsi-ipower#v1.0.2",
|
||||||
|
"companion-module-ptzoptics-visca": "github:bitfocus/companion-module-ptzoptics-visca#v1.1.6",
|
||||||
|
"companion-module-qsys-remote-control": "github:bitfocus/companion-module-qsys-remote-control#v1.0.3",
|
||||||
|
"companion-module-radiodj-rest": "github:bitfocus/companion-module-radiodj-rest#v1.0.0",
|
||||||
|
"companion-module-rationalacoustics-smaart3": "github:bitfocus/companion-module-rationalacoustics-smaart3#v1.0.3",
|
||||||
|
"companion-module-renewedvision-propresenter": "github:bitfocus/companion-module-renewedvision-propresenter#v2.4.0",
|
||||||
|
"companion-module-renewedvision-pvp": "github:bitfocus/companion-module-renewedvision-pvp#v1.0.7",
|
||||||
|
"companion-module-resolume-arena": "github:bitfocus/companion-module-resolume-arena#v1.0.5",
|
||||||
|
"companion-module-rocosoft-ptzjoy": "github:bitfocus/companion-module-rocosoft-ptzjoy#v1.0.1",
|
||||||
|
"companion-module-roku-tv": "github:bitfocus/companion-module-roku-tv#v1.0.1",
|
||||||
|
"companion-module-roland-m5000": "github:bitfocus/companion-module-roland-m5000#v1.0.2",
|
||||||
|
"companion-module-roland-v1200hd": "github:bitfocus/companion-module-roland-v1200hd#v1.0.0",
|
||||||
|
"companion-module-roland-v600uhd": "github:bitfocus/companion-module-roland-v600uhd#v1.0.1",
|
||||||
|
"companion-module-roland-v60hd": "github:bitfocus/companion-module-roland-v60hd#v1.0.10",
|
||||||
|
"companion-module-roland-vp42h": "github:bitfocus/companion-module-roland-vp42h#v1.0.0",
|
||||||
|
"companion-module-roland-vr50hd-mk2": "github:bitfocus/companion-module-roland-vr50hd-mk2#v1.0.0",
|
||||||
|
"companion-module-roland-xs42h": "github:bitfocus/companion-module-roland-xs42h#v1.0.0",
|
||||||
|
"companion-module-roland-xs62s": "github:bitfocus/companion-module-roland-xs62s#v1.0.1",
|
||||||
|
"companion-module-roland-xs84h": "github:bitfocus/companion-module-roland-xs84h#v1.0.0",
|
||||||
|
"companion-module-rossvideo-caprica": "github:bitfocus/companion-module-rossvideo-caprica#v1.0.0",
|
||||||
|
"companion-module-rossvideo-nkrouter": "github:bitfocus/companion-module-rossvideo-nkrouter#v1.0.2",
|
||||||
|
"companion-module-rossvideo-rosstalk": "github:bitfocus/companion-module-rossvideo-rosstalk#v1.2.8",
|
||||||
|
"companion-module-rossvideo-xpression": "github:bitfocus/companion-module-rossvideo-xpression#v1.0.2",
|
||||||
|
"companion-module-sain-smart-relay": "github:bitfocus/companion-module-sain-smart-relay#v1.0.0",
|
||||||
|
"companion-module-seervision-suite": "github:bitfocus/companion-module-seervision-suite#v1.1.0",
|
||||||
|
"companion-module-sharp-tv": "github:bitfocus/companion-module-sharp-tv#v1.0.0",
|
||||||
|
"companion-module-showcuesystems-scs": "github:bitfocus/companion-module-showcuesystems-scs#v1.0.1",
|
||||||
|
"companion-module-shure-dis-ccu": "github:bitfocus/companion-module-shure-dis-ccu#v1.0.1",
|
||||||
|
"companion-module-shure-psm1000": "github:bitfocus/companion-module-shure-psm1000#v1.0.0",
|
||||||
|
"companion-module-shure-scm820": "github:bitfocus/companion-module-shure-scm820#v1.0.0",
|
||||||
|
"companion-module-shure-wireless": "github:bitfocus/companion-module-shure-wireless#v1.2.0",
|
||||||
|
"companion-module-sienna-ndimonitor": "github:bitfocus/companion-module-sienna-ndimonitor#v1.0.0",
|
||||||
|
"companion-module-singularlive-studio": "github:bitfocus/companion-module-singularlive-studio#v1.0.7",
|
||||||
|
"companion-module-slack-webhooks": "github:bitfocus/companion-module-slack-webhooks#v1.0.1",
|
||||||
|
"companion-module-softron-movierecorder": "github:bitfocus/companion-module-softron-movierecorder#v1.0.1",
|
||||||
|
"companion-module-softron-ontheairvideo": "github:bitfocus/companion-module-softron-ontheairvideo#v1.0.0",
|
||||||
|
"companion-module-sononum-horae": "github:bitfocus/companion-module-sononum-horae#v1.0.1",
|
||||||
|
"companion-module-sonoran-coyote": "github:bitfocus/companion-module-sonoran-coyote#v1.0.0",
|
||||||
|
"companion-module-sonos-speakers": "github:bitfocus/companion-module-sonos-speakers#v0.2.0",
|
||||||
|
"companion-module-sony-bravia": "github:bitfocus/companion-module-sony-bravia#v1.0.0",
|
||||||
|
"companion-module-sony-visca": "github:bitfocus/companion-module-sony-visca#v1.2.8",
|
||||||
|
"companion-module-soundcraft-ui": "github:bitfocus/companion-module-soundcraft-ui#v2.0.3",
|
||||||
|
"companion-module-sounddevices-pixnet": "github:bitfocus/companion-module-sounddevices-pixnet#v1.0.0",
|
||||||
|
"companion-module-spotify-remote": "github:bitfocus/companion-module-spotify-remote#v1.0.7",
|
||||||
|
"companion-module-spx-gc": "github:bitfocus/companion-module-spx-gc#v1.0.2",
|
||||||
|
"companion-module-studiocoast-vmix": "github:bitfocus/companion-module-studiocoast-vmix#v1.2.22",
|
||||||
|
"companion-module-symetrix-dsp": "github:bitfocus/companion-module-symetrix-dsp#v1.3.0",
|
||||||
|
"companion-module-tallyma-wirelesstally": "github:bitfocus/companion-module-tallyma-wirelesstally#v1.0.1",
|
||||||
|
"companion-module-tascam-bdmp1": "github:bitfocus/companion-module-tascam-bdmp1#v0.1.5",
|
||||||
|
"companion-module-tascam-cd": "github:bitfocus/companion-module-tascam-cd#v1.0.2",
|
||||||
|
"companion-module-techministry-midirelay": "github:bitfocus/companion-module-techministry-midirelay#v2.0.4",
|
||||||
|
"companion-module-techministry-protally": "github:bitfocus/companion-module-techministry-protally#v1.0.0",
|
||||||
|
"companion-module-techministry-tallyarbiter": "github:bitfocus/companion-module-techministry-tallyarbiter#v1.0.2",
|
||||||
|
"companion-module-teracom-tcw181b": "github:bitfocus/companion-module-teracom-tcw181b#v1.0.2",
|
||||||
|
"companion-module-teradek-vidiu": "github:bitfocus/companion-module-teradek-vidiu#v1.0.2",
|
||||||
|
"companion-module-tesla-smart": "github:bitfocus/companion-module-tesla-smart#v1.0.3",
|
||||||
|
"companion-module-thelightingcontroller": "github:bitfocus/companion-module-thelightingcontroller#v1.1.2",
|
||||||
|
"companion-module-thingm-blink1": "github:bitfocus/companion-module-thingm-blink1#v1.2.3",
|
||||||
|
"companion-module-tplink-kasasmartplug": "github:bitfocus/companion-module-tplink-kasasmartplug#v1.0.1",
|
||||||
|
"companion-module-tslproducts-umd": "github:bitfocus/companion-module-tslproducts-umd#v1.2.1",
|
||||||
|
"companion-module-tvone-corio": "github:bitfocus/companion-module-tvone-corio#v1.0.0",
|
||||||
|
"companion-module-twitch-api": "github:bitfocus/companion-module-twitch-api#v1.0.0",
|
||||||
|
"companion-module-ubiquiti-unifi": "github:bitfocus/companion-module-ubiquiti-unifi#v1.0.1",
|
||||||
|
"companion-module-vaddio-ptz": "github:bitfocus/companion-module-vaddio-ptz#v1.0.1",
|
||||||
|
"companion-module-vicreo-hotkey": "github:bitfocus/companion-module-vicreo-hotkey#v2.0.5",
|
||||||
|
"companion-module-vicreo-variablelistener": "github:bitfocus/companion-module-vicreo-variablelistener#v1.0.7",
|
||||||
|
"companion-module-videolan-vlc": "github:bitfocus/companion-module-videolan-vlc#v1.1.12",
|
||||||
|
"companion-module-visualproductions-bstation2": "github:bitfocus/companion-module-visualproductions-bstation2#v1.0.6",
|
||||||
|
"companion-module-vivitek-projector": "github:bitfocus/companion-module-vivitek-projector#v1.0.3",
|
||||||
|
"companion-module-vizio-smartcast": "github:bitfocus/companion-module-vizio-smartcast#v1.1.4",
|
||||||
|
"companion-module-vyv-photon": "github:bitfocus/companion-module-vyv-photon#v1.0.4",
|
||||||
|
"companion-module-wyrestorm-sw0402mv": "github:bitfocus/companion-module-wyrestorm-sw0402mv#v1.0.1",
|
||||||
|
"companion-module-xiamen-sprolink-vd-series": "github:bitfocus/companion-module-xiamen-sprolink-vd-series#v1.0.1",
|
||||||
|
"companion-module-yamaha-rcp": "github:bitfocus/companion-module-yamaha-rcp#v1.6.0",
|
||||||
|
"companion-module-youtube-live": "github:bitfocus/companion-module-youtube-live#v1.1.2",
|
||||||
|
"companion-module-zenvideo-ndirouter": "github:bitfocus/companion-module-zenvideo-ndirouter#v1.0.1",
|
||||||
|
"debug": "^4.2.0",
|
||||||
|
"elgato-stream-deck": "^4.1.0",
|
||||||
|
"emberplus-connection": "^0.0.4",
|
||||||
|
"express": "^4.16.3",
|
||||||
|
"find-process": "1.4.4",
|
||||||
|
"fs-extra": "^10.0.0",
|
||||||
|
"infinitton-idisplay": "^1.0.5",
|
||||||
|
"lodash": "^4.17.20",
|
||||||
|
"mkdirp": "^1.0.4",
|
||||||
|
"moment": "^2.29.1",
|
||||||
|
"network": "^0.4.1",
|
||||||
|
"node-fetch": "^2.6.1",
|
||||||
|
"node-rest-client": "^3.1.0",
|
||||||
|
"osc": "^2.4.1",
|
||||||
|
"pngjs": "^3.3.3",
|
||||||
|
"sharp": "^0.28.3",
|
||||||
|
"shortid": "^2.2.16",
|
||||||
|
"socket.io": "^4.1.2",
|
||||||
|
"strip-ansi": "^5.2.0",
|
||||||
|
"websocket": "^1.0.34",
|
||||||
|
"node-hid": "^2.1.1",
|
||||||
|
"serialport": "^9.2.0",
|
||||||
|
"ws": "^7.4.6"
|
||||||
|
},
|
||||||
|
"collective": {
|
||||||
|
"type": "donorbox",
|
||||||
|
"url": "https://donorbox.org/bitfocus-opensource"
|
||||||
|
},
|
||||||
|
"optionalDependencies": {
|
||||||
|
"@julusian/jpeg-turbo": "^1.1.1"
|
||||||
|
},
|
||||||
|
"resolutions": {
|
||||||
|
"infinitton-idisplay/node-hid": "^2.1.1",
|
||||||
|
"**/osc/serialport": "^9.2.0",
|
||||||
|
"**/osc/ws": "^7.4.6"
|
||||||
|
}
|
||||||
|
}
|
13213
pkgs/companion/yarn-webui.nix
Normal file
10067
pkgs/companion/yarn.nix
Normal file
|
@ -1,48 +1,30 @@
|
||||||
{ stdenv, requireFile, fetchpatch, kernel }:
|
{ stdenv, requireFile, fetchpatch, kernel, lib }:
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "decklink";
|
pname = "decklink";
|
||||||
version = "11.6";
|
version = "12.2.2";
|
||||||
|
|
||||||
src = requireFile {
|
src = requireFile {
|
||||||
name = "Blackmagic_Desktop_Video_Linux_11.6.tar.gz";
|
name = "Blackmagic_Desktop_Video_Linux_12.2.2.tar.gz";
|
||||||
url = "https://www.blackmagicdesign.com/support/download/d399ada95c2b49ffad3031bda413acb5/Linux";
|
url = "https://www.blackmagicdesign.com/support/";
|
||||||
sha256 = "0qwm1b3gy0k7j1bimkxwwr77g8hrsybs9jp90b46kzcy06mcp380";
|
sha256 = "8bca946bd3f002d2d404a74210c881935351e1a0d03f750559b180fdb439ef35";
|
||||||
};
|
};
|
||||||
|
|
||||||
patches = [
|
|
||||||
(fetchpatch {
|
|
||||||
name = "01-fix-makefile.patch";
|
|
||||||
url = "https://aur.archlinux.org/cgit/aur.git/plain/01-fix-makefile.patch?h=decklink&id=8f19ef584c0603105415160d2ba4e8dfa47495ce";
|
|
||||||
sha256 = "1pk8zfi0clmysla25jmcqnq7sx2bnjflrarhqkqbkl8crigyspf5";
|
|
||||||
})
|
|
||||||
(fetchpatch {
|
|
||||||
name = "02-fix-get_user_pages-and-mmap_lock.patch";
|
|
||||||
url = "https://aur.archlinux.org/cgit/aur.git/plain/02-fix-get_user_pages-and-mmap_lock.patch?h=decklink&id=8f19ef584c0603105415160d2ba4e8dfa47495ce";
|
|
||||||
sha256 = "08m4qwrk0vg8rix59y591bjih95d2wp6bmm1p37nyfvhi2n9jw2m";
|
|
||||||
})
|
|
||||||
(fetchpatch {
|
|
||||||
name = "03-fix-have_unlocked_ioctl.patch";
|
|
||||||
url = "https://aur.archlinux.org/cgit/aur.git/plain/03-fix-have_unlocked_ioctl.patch?h=decklink&id=8f19ef584c0603105415160d2ba4e8dfa47495ce";
|
|
||||||
sha256 = "0j9p62qa4mc6ir2v4fzrdapdrvi1dabrjrx1c295pwa3vmsi1x4f";
|
|
||||||
})
|
|
||||||
];
|
|
||||||
|
|
||||||
KERNELDIR = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build";
|
KERNELDIR = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build";
|
||||||
INSTALL_MOD_PATH = placeholder "out";
|
INSTALL_MOD_PATH = placeholder "out";
|
||||||
|
|
||||||
nativeBuildInputs = kernel.moduleBuildDependencies;
|
nativeBuildInputs = kernel.moduleBuildDependencies;
|
||||||
|
|
||||||
setSourceRoot = ''
|
setSourceRoot = ''
|
||||||
tar xf Blackmagic_Desktop_Video_Linux_11.6/other/x86_64/desktopvideo-11.6a26-x86_64.tar.gz
|
tar xf Blackmagic_Desktop_Video_Linux_12.2.2/other/x86_64/desktopvideo-12.2.2a6-x86_64.tar.gz
|
||||||
sourceRoot=$NIX_BUILD_TOP/desktopvideo-11.6a26-x86_64/usr/src
|
sourceRoot=$NIX_BUILD_TOP/desktopvideo-12.2.2a6-x86_64/usr/src
|
||||||
'';
|
'';
|
||||||
|
|
||||||
buildPhase = ''
|
buildPhase = ''
|
||||||
runHook preBuild
|
runHook preBuild
|
||||||
|
|
||||||
make -C $sourceRoot/blackmagic-11.6a26 -j$NIX_BUILD_CORES
|
make -C $sourceRoot/blackmagic-12.2.2a6 -j$NIX_BUILD_CORES
|
||||||
make -C $sourceRoot/blackmagic-io-11.6a26 -j$NIX_BUILD_CORES
|
make -C $sourceRoot/blackmagic-io-12.2.2a6 -j$NIX_BUILD_CORES
|
||||||
|
|
||||||
runHook postBuild
|
runHook postBuild
|
||||||
'';
|
'';
|
||||||
|
@ -50,13 +32,13 @@ stdenv.mkDerivation rec {
|
||||||
installPhase = ''
|
installPhase = ''
|
||||||
runHook preInstall
|
runHook preInstall
|
||||||
|
|
||||||
make -C $KERNELDIR M=$sourceRoot/blackmagic-11.6a26 modules_install
|
make -C $KERNELDIR M=$sourceRoot/blackmagic-12.2.2a6 modules_install
|
||||||
make -C $KERNELDIR M=$sourceRoot/blackmagic-io-11.6a26 modules_install
|
make -C $KERNELDIR M=$sourceRoot/blackmagic-io-12.2.2a6 modules_install
|
||||||
|
|
||||||
runHook postInstall
|
runHook postInstall
|
||||||
'';
|
'';
|
||||||
|
|
||||||
meta = with stdenv.lib; {
|
meta = with lib; {
|
||||||
homepage = "https://www.blackmagicdesign.com/support/family/capture-and-playback";
|
homepage = "https://www.blackmagicdesign.com/support/family/capture-and-playback";
|
||||||
maintainers = [ maintainers.hexchen ];
|
maintainers = [ maintainers.hexchen ];
|
||||||
license = licenses.unfree;
|
license = licenses.unfree;
|
||||||
|
|
|
@ -10,14 +10,13 @@ let
|
||||||
newpkgs = {
|
newpkgs = {
|
||||||
alps = callPackage ./alps {};
|
alps = callPackage ./alps {};
|
||||||
|
|
||||||
docker = (pkgs.callPackage (pkgs.path + "/pkgs/applications/virtualization/docker") {
|
companion = callPackage ./companion {};
|
||||||
iptables = pkgs.writeScriptBin "iptables" ''
|
libvips = callPackage ./libvips {};
|
||||||
#!${pkgs.runtimeShell}
|
|
||||||
echo docker tried to run the following iptables command: $@
|
docker = pkgs.docker.overrideAttrs (super: {
|
||||||
exit 0
|
moby = super.moby.overrideAttrs (super: {
|
||||||
'';
|
extraPath = super.extraPath + ":${pkgs.zfs}/bin";
|
||||||
}).docker_19_03.overrideAttrs (super: {
|
});
|
||||||
extraPath = super.extraPath + ":${pkgs.zfs}/bin";
|
|
||||||
});
|
});
|
||||||
|
|
||||||
linuxPackagesFor = kernel: (pkgs.linuxPackagesFor kernel).extend (_: ksuper: {
|
linuxPackagesFor = kernel: (pkgs.linuxPackagesFor kernel).extend (_: ksuper: {
|
||||||
|
@ -41,8 +40,29 @@ let
|
||||||
});
|
});
|
||||||
|
|
||||||
mattermost = callPackage ./mattermost {};
|
mattermost = callPackage ./mattermost {};
|
||||||
jre_headless = pkgs.jdk11_headless;
|
|
||||||
inherit (unstable) bottom;
|
# a version of the lounge with some extra css that
|
||||||
|
# hides things the hacc-voc doesn't need
|
||||||
|
thelounge-hacked = pkgs.stdenv.mkDerivation {
|
||||||
|
name = "thelounge-hacked";
|
||||||
|
src = pkgs.thelounge;
|
||||||
|
|
||||||
|
phases = [ "buildPhase" "installPhase" ];
|
||||||
|
buildPhase = ''
|
||||||
|
cp $src/* -r .
|
||||||
|
chmod 777 lib/node_modules/thelounge/public/css/style.css
|
||||||
|
cat ${./thelounge/css-patch.css} >> lib/node_modules/thelounge/public/css/style.css
|
||||||
|
'';
|
||||||
|
|
||||||
|
installPhase = ''
|
||||||
|
mkdir -p $out
|
||||||
|
cp * -r $out
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
uffd = callPackage ./uffd {};
|
||||||
|
|
||||||
|
inherit (unstable) bottom vaultwarden vaultwarden-vault;
|
||||||
};
|
};
|
||||||
|
|
||||||
in pkgs.extend(_: _: newpkgs)
|
in pkgs.extend(_: _: newpkgs)
|
||||||
|
|
18
pkgs/libvips/default.nix
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
{
|
||||||
|
stdenv, fetchurl, pkg-config, glib, expat,
|
||||||
|
libjpeg_turbo, libexif, librsvg, libtiff, libpng
|
||||||
|
}:
|
||||||
|
|
||||||
|
stdenv.mkDerivation rec {
|
||||||
|
pname = "libvips";
|
||||||
|
version = "8.11.3";
|
||||||
|
|
||||||
|
src = fetchurl {
|
||||||
|
url = "https://github.com/libvips/libvips/releases/download/v${version}/vips-${version}.tar.gz";
|
||||||
|
sha256 = "00fz7h7vb0qqsc9i2smp3aljwjyb5cin2fiqillv8vvx8wpis2lv";
|
||||||
|
};
|
||||||
|
|
||||||
|
propagatedBuildInputs = [ glib ];
|
||||||
|
buildInputs = [ expat libjpeg_turbo libexif librsvg libtiff libpng ];
|
||||||
|
nativeBuildInputs = [ pkg-config ];
|
||||||
|
}
|
|
@ -1,4 +1,4 @@
|
||||||
{ stdenv, fetchurl, fetchFromGitHub, buildGoPackage, buildEnv }:
|
{ stdenv, fetchurl, fetchFromGitHub, buildGoPackage, buildEnv, lib }:
|
||||||
|
|
||||||
let
|
let
|
||||||
sources = import ../../nix/sources.nix;
|
sources = import ../../nix/sources.nix;
|
||||||
|
@ -12,10 +12,9 @@ let
|
||||||
|
|
||||||
goPackagePath = "github.com/mattermost/mattermost-server";
|
goPackagePath = "github.com/mattermost/mattermost-server";
|
||||||
|
|
||||||
buildFlagsArray = ''
|
ldflags = [
|
||||||
-ldflags=
|
"-X ${goPackagePath}/model.BuildNumber=nixpkgs-${version}"
|
||||||
-X ${goPackagePath}/model.BuildNumber=nixpkgs-${version}
|
];
|
||||||
'';
|
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -40,7 +39,7 @@ in
|
||||||
name = "mattermost-${version}";
|
name = "mattermost-${version}";
|
||||||
paths = [ mattermost-server mattermost-webapp ];
|
paths = [ mattermost-server mattermost-webapp ];
|
||||||
|
|
||||||
meta = with stdenv.lib; {
|
meta = with lib; {
|
||||||
description = "Open-source, self-hosted Slack-alternative";
|
description = "Open-source, self-hosted Slack-alternative";
|
||||||
homepage = "https://www.mattermost.org";
|
homepage = "https://www.mattermost.org";
|
||||||
license = with licenses; [ agpl3 asl20 ];
|
license = with licenses; [ agpl3 asl20 ];
|
||||||
|
|
24
pkgs/thelounge/css-patch.css
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
|
||||||
|
/* Hides extra fields on connect screen */
|
||||||
|
.connect-row:nth-of-type(4) {
|
||||||
|
display: none !important;
|
||||||
|
}
|
||||||
|
|
||||||
|
.connect-row:nth-of-type(2) {
|
||||||
|
display: none !important;
|
||||||
|
}
|
||||||
|
|
||||||
|
.connect-row:nth-of-type(5) {
|
||||||
|
display: none !important;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Hides side panel button */
|
||||||
|
.header > button:first-child {
|
||||||
|
display: none !important;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Hides channel options button (includes leave option) */
|
||||||
|
.header > button:nth-last-child(2) {
|
||||||
|
display: none !important;
|
||||||
|
}
|
34
pkgs/uffd/default.nix
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
{ stdenv, lib, python3Packages, fetchzip }:
|
||||||
|
|
||||||
|
python3Packages.buildPythonPackage rec {
|
||||||
|
pname = "uffd";
|
||||||
|
version = "2.0.1";
|
||||||
|
|
||||||
|
src = fetchzip {
|
||||||
|
url = "https://git.cccv.de/uffd/uffd/-/archive/v${version}/uffd-v${version}.tar.gz";
|
||||||
|
hash = "sha256-KP4J1bw5u7MklaPu2SBFRNyGgkKOBOpft5MMH+em5M4=";
|
||||||
|
};
|
||||||
|
|
||||||
|
patches = [ ./gitea-magic.patch ./fix-setuppy.patch ./fix-userinfo.patch ];
|
||||||
|
|
||||||
|
propagatedBuildInputs = with python3Packages; [
|
||||||
|
flask
|
||||||
|
flask_sqlalchemy
|
||||||
|
flask_migrate
|
||||||
|
qrcode
|
||||||
|
fido2
|
||||||
|
oauthlib
|
||||||
|
flask-babel
|
||||||
|
argon2_cffi
|
||||||
|
itsdangerous
|
||||||
|
alembic
|
||||||
|
Mako
|
||||||
|
];
|
||||||
|
|
||||||
|
postPatch = ''
|
||||||
|
sed -i -e 's/==[0-9.]\+//g' setup.py
|
||||||
|
'';
|
||||||
|
|
||||||
|
doCheck = false;
|
||||||
|
doInstallCheck = false;
|
||||||
|
}
|
34
pkgs/uffd/fix-setuppy.patch
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
--- a/setup.py 2022-04-30 13:12:45.564651955 +0000
|
||||||
|
+++ b/setup.py 2022-04-30 13:17:02.545809513 +0000
|
||||||
|
@@ -41,31 +41,5 @@
|
||||||
|
'Flask-Babel==0.11.2',
|
||||||
|
'alembic==1.0.0',
|
||||||
|
'argon2-cffi==18.3.0',
|
||||||
|
-
|
||||||
|
- # The main dependencies on their own lead to version collisions and pip is
|
||||||
|
- # not very good at resolving them, so we pin the versions from Debian Buster
|
||||||
|
- # for all dependencies.
|
||||||
|
- 'certifi==2018.8.24',
|
||||||
|
- #cffi==1.12.2'
|
||||||
|
- 'cffi # v1.12.2 no longer works with python3.9. Newer versions seem to work fine.',
|
||||||
|
- 'chardet==3.0.4',
|
||||||
|
- 'click==7.0',
|
||||||
|
- 'cryptography==2.6.1',
|
||||||
|
- 'idna==2.6',
|
||||||
|
- 'itsdangerous==0.24',
|
||||||
|
- 'Jinja2==2.10',
|
||||||
|
- 'MarkupSafe==1.1.0',
|
||||||
|
- 'oauthlib==2.1.0',
|
||||||
|
- 'pyasn1==0.4.2',
|
||||||
|
- 'pycparser==2.19',
|
||||||
|
- 'requests==2.21.0',
|
||||||
|
- 'requests-oauthlib==1.0.0',
|
||||||
|
- 'six==1.12.0',
|
||||||
|
- 'SQLAlchemy==1.2.18',
|
||||||
|
- 'urllib3==1.24.1',
|
||||||
|
- 'Werkzeug==0.14.1',
|
||||||
|
- 'python-dateutil==2.7.3',
|
||||||
|
- #editor==1.0.3
|
||||||
|
- 'Mako==1.0.7',
|
||||||
|
],
|
||||||
|
)
|
10
pkgs/uffd/fix-userinfo.patch
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
--- a/uffd/oauth2/views.py 2022-04-30 20:39:53.825474990 +0000
|
||||||
|
+++ b/uffd/oauth2/views.py 2022-04-30 20:40:12.632389377 +0000
|
||||||
|
@@ -234,6 +234,7 @@
|
||||||
|
id=user.unix_uid,
|
||||||
|
name=user.displayname,
|
||||||
|
nickname=user.loginname,
|
||||||
|
+ username=user.loginname,
|
||||||
|
email=user.mail,
|
||||||
|
groups=[group.name for group in user.groups]
|
||||||
|
)
|
32
pkgs/uffd/gitea-magic.patch
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
From e3c0995160a653ef6cd8784b255036585b273b82 Mon Sep 17 00:00:00 2001
|
||||||
|
From: stuebinm <stuebinm@disroot.org>
|
||||||
|
Date: Wed, 20 Jul 2022 18:02:15 +0200
|
||||||
|
Subject: [PATCH] magic gitea patch
|
||||||
|
|
||||||
|
---
|
||||||
|
uffd/oauth2/views.py | 9 +++++++++
|
||||||
|
1 file changed, 9 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/uffd/oauth2/views.py b/uffd/oauth2/views.py
|
||||||
|
index d13fd42..94352be 100644
|
||||||
|
--- a/uffd/oauth2/views.py
|
||||||
|
+++ b/uffd/oauth2/views.py
|
||||||
|
@@ -230,6 +230,15 @@ def oauth_required(*scopes):
|
||||||
|
@oauth_required('profile')
|
||||||
|
def userinfo():
|
||||||
|
user = request.oauth.user
|
||||||
|
+ client = request.oauth.client_id
|
||||||
|
+ if client == "gitea":
|
||||||
|
+ return jsonify(
|
||||||
|
+ id=user.unix_uid,
|
||||||
|
+ full_name=user.displayname,
|
||||||
|
+ login=user.loginname,
|
||||||
|
+ email=user.mail,
|
||||||
|
+ groups=[group.name for group in user.groups]
|
||||||
|
+ )
|
||||||
|
return jsonify(
|
||||||
|
id=user.unix_uid,
|
||||||
|
name=user.displayname,
|
||||||
|
--
|
||||||
|
2.36.0
|
||||||
|
|
133
services/gitea.nix
Normal file
|
@ -0,0 +1,133 @@
|
||||||
|
{ config, lib, pkgs, profiles, modules, evalConfig, sources, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
containers.gitea = {
|
||||||
|
privateNetwork = true;
|
||||||
|
hostAddress = "192.168.100.1";
|
||||||
|
localAddress = "192.168.100.10";
|
||||||
|
autoStart = true;
|
||||||
|
bindMounts = {
|
||||||
|
"/persist" = {
|
||||||
|
hostPath = "/persist/containers/gitea";
|
||||||
|
isReadOnly = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
path = (evalConfig {
|
||||||
|
hosts = { };
|
||||||
|
groups = { };
|
||||||
|
} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
|
||||||
|
boot.isContainer = true;
|
||||||
|
networking.useDHCP = false;
|
||||||
|
users.users.root.hashedPassword = "";
|
||||||
|
|
||||||
|
imports = [ ((import sources.nix-hexchen) { }).profiles.nopersist ];
|
||||||
|
|
||||||
|
environment.systemPackages = [ pkgs.gitea ];
|
||||||
|
|
||||||
|
hexchen.bindmounts."/var/lib/gitea" = "/persist/gitea";
|
||||||
|
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
networking.firewall.enable = false;
|
||||||
|
networking.defaultGateway = {
|
||||||
|
address = "192.168.100.1";
|
||||||
|
interface = "eth0";
|
||||||
|
};
|
||||||
|
services.coredns = {
|
||||||
|
enable = true;
|
||||||
|
config = ''
|
||||||
|
.:53 {
|
||||||
|
forward . 1.1.1.1
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
services.gitea = {
|
||||||
|
enable = true;
|
||||||
|
appName = "0x0: git for all creatures";
|
||||||
|
rootUrl = "https://git.infra4future.de/";
|
||||||
|
httpAddress = "0.0.0.0";
|
||||||
|
httpPort = 3000;
|
||||||
|
lfs.enable = true;
|
||||||
|
disableRegistration = true;
|
||||||
|
database.type = "postgres";
|
||||||
|
cookieSecure = true;
|
||||||
|
log.level = "Info";
|
||||||
|
# mailerPasswordFile =
|
||||||
|
# "/var/lib/secrets/noreply"; # see below for access permissions
|
||||||
|
settings = {
|
||||||
|
# mailer = {
|
||||||
|
# ENABLED = true;
|
||||||
|
# HOST = "0x0.rip:465";
|
||||||
|
# FROM = "noreply@0x0.rip";
|
||||||
|
# ENVELOPE_FROM = "noreply@0x0.rip";
|
||||||
|
# USER = "noreply@0x0.rip";
|
||||||
|
|
||||||
|
# };
|
||||||
|
repository = {
|
||||||
|
DEFAULT_PRIVATE = "public";
|
||||||
|
PREFERRED_LICENSES = "Unlicense";
|
||||||
|
DEFAULT_BRANCH = "main";
|
||||||
|
};
|
||||||
|
oauth2_client = {
|
||||||
|
ACCOUNT_LINKING = "auto";
|
||||||
|
ENABLE_AUTO_REGISTRATION = true;
|
||||||
|
};
|
||||||
|
"repository.pull-requests" = {
|
||||||
|
DEFAULT_MERGE_STYLE = "merge";
|
||||||
|
DEFAULT_MERGE_MESSAGE_ALL_AUTHORS = true;
|
||||||
|
};
|
||||||
|
"repository.upload".FILE_MAX_SIZE = 1024;
|
||||||
|
server = {
|
||||||
|
LANDING_PAGE = "explore";
|
||||||
|
OFFLINE_MODE = true;
|
||||||
|
};
|
||||||
|
security = { INSTALL_LOCK = true; };
|
||||||
|
other = {
|
||||||
|
SHOW_FOOTER_VERSION = false;
|
||||||
|
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
|
||||||
|
};
|
||||||
|
cron = {
|
||||||
|
ENABLED = true;
|
||||||
|
NOTICE_ON_SUCCESS = true;
|
||||||
|
};
|
||||||
|
"cron.update_mirrors" = {
|
||||||
|
SCHEDULE = "@every 12h";
|
||||||
|
PULL_LIMIT = "-1";
|
||||||
|
PUSH_LIMIT = "-1";
|
||||||
|
};
|
||||||
|
"cron.git_gc_repos".ENABLED = true;
|
||||||
|
"cron.delete_old_actions".ENABLED = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
services.postgresqlBackup = {
|
||||||
|
enable = true;
|
||||||
|
databases = [ "gitea" ];
|
||||||
|
startAt = "*-*-* 23:45:00";
|
||||||
|
location = "/persist/backups/postgres";
|
||||||
|
};
|
||||||
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
passwordAuthentication = false;
|
||||||
|
listenAddresses = [ {
|
||||||
|
addr = "192.168.100.10";
|
||||||
|
port = 22;
|
||||||
|
} ];
|
||||||
|
extraConfig = ''
|
||||||
|
AcceptEnv GIT_PROTOCOL
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
})).config.system.build.toplevel;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."git.infra4future.de" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://${config.containers.gitea.localAddress}:3000";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
hexchen.nftables.nat.forwardPorts = [{
|
||||||
|
ports = [ 22 ];
|
||||||
|
destination = "${config.containers.gitea.localAddress}:22";
|
||||||
|
proto = "tcp";
|
||||||
|
}];
|
||||||
|
}
|
|
@ -1,13 +1,32 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, profiles, modules, evalConfig, sources, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
containers.codimd = {
|
containers.pad-hacc = {
|
||||||
privateNetwork = true;
|
privateNetwork = true;
|
||||||
hostAddress = "192.168.100.1";
|
hostAddress = "192.168.100.1";
|
||||||
localAddress = "192.168.100.3";
|
localAddress = "192.168.100.5";
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
config = { config, lib, pkgs, ... }: {
|
bindMounts = {
|
||||||
|
"/persist" = {
|
||||||
|
hostPath = "/persist/containers/pad-hacc";
|
||||||
|
isReadOnly = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
|
||||||
|
boot.isContainer = true;
|
||||||
|
networking.useDHCP = false;
|
||||||
|
users.users.root.hashedPassword = "";
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
((import sources.nix-hexchen) {}).profiles.nopersist
|
||||||
|
];
|
||||||
|
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
networking.firewall.enable = false;
|
networking.firewall.enable = false;
|
||||||
|
networking.defaultGateway = {
|
||||||
|
address = "192.168.100.1";
|
||||||
|
interface = "eth0";
|
||||||
|
};
|
||||||
services.coredns = {
|
services.coredns = {
|
||||||
enable = true;
|
enable = true;
|
||||||
config = ''
|
config = ''
|
||||||
|
@ -23,7 +42,12 @@
|
||||||
allowFreeURL = true;
|
allowFreeURL = true;
|
||||||
allowGravatar = false;
|
allowGravatar = false;
|
||||||
allowOrigin = [ "localhost" "pad.hacc.space" "fff-muc.de" ];
|
allowOrigin = [ "localhost" "pad.hacc.space" "fff-muc.de" ];
|
||||||
dbURL = "postgres://codimd:codimd@localhost:5432/codimd";
|
db = {
|
||||||
|
host = "/run/postgresql";
|
||||||
|
username = "codimd";
|
||||||
|
dialect = "postgres";
|
||||||
|
database = "codimd";
|
||||||
|
};
|
||||||
defaultPermission = "limited";
|
defaultPermission = "limited";
|
||||||
domain = "pad.hacc.space";
|
domain = "pad.hacc.space";
|
||||||
host = "0.0.0.0";
|
host = "0.0.0.0";
|
||||||
|
@ -31,17 +55,18 @@
|
||||||
hsts.preload = false;
|
hsts.preload = false;
|
||||||
email = false;
|
email = false;
|
||||||
oauth2 = {
|
oauth2 = {
|
||||||
authorizationURL = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/auth";
|
authorizationURL = "https://login.infra4future.de/oauth2/authorize";
|
||||||
tokenURL = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/token";
|
tokenURL = "https://login.infra4future.de/oauth2/token";
|
||||||
clientID = "codimd";
|
clientID = "hedgedoc";
|
||||||
clientSecret = "1a730af1-4d6e-4c1d-8f7e-72375c9b8d62";
|
clientSecret = "1a730af1-4d6e-4c1d-8f7e-72375c9b8d62";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
systemd.services.hedgedoc.environment = {
|
systemd.services.hedgedoc.environment = {
|
||||||
"CMD_OAUTH2_USER_PROFILE_URL" = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/userinfo";
|
"CMD_LOGLEVEL" = "warn";
|
||||||
"CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR" = "name";
|
"CMD_OAUTH2_USER_PROFILE_URL" = "https://login.infra4future.de/oauth2/userinfo";
|
||||||
"CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR" = "display-name";
|
"CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR" = "nickname";
|
||||||
|
"CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR" = "name";
|
||||||
"CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR" = "email";
|
"CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR" = "email";
|
||||||
"CMD_OAUTH2_PROVIDERNAME" = "Infra4Future";
|
"CMD_OAUTH2_PROVIDERNAME" = "Infra4Future";
|
||||||
};
|
};
|
||||||
|
@ -54,15 +79,20 @@
|
||||||
"DATABASE codimd" = "ALL PRIVILEGES";
|
"DATABASE codimd" = "ALL PRIVILEGES";
|
||||||
};
|
};
|
||||||
}];
|
}];
|
||||||
|
authentication = ''
|
||||||
|
local all all trust
|
||||||
|
host codimd codimd 127.0.0.1/32 trust
|
||||||
|
'';
|
||||||
|
package = pkgs.postgresql_11;
|
||||||
};
|
};
|
||||||
services.postgresqlBackup = {
|
services.postgresqlBackup = {
|
||||||
enable = true;
|
enable = true;
|
||||||
databases = [ "codimd" ];
|
databases = [ "codimd" ];
|
||||||
startAt = "*-*-* 23:45:00";
|
startAt = "*-*-* 23:45:00";
|
||||||
|
location = "/persist/backups/postgres";
|
||||||
};
|
};
|
||||||
};
|
})).config.system.build.toplevel;
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx.virtualHosts."pad.hacc.earth" = {
|
services.nginx.virtualHosts."pad.hacc.earth" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
@ -73,16 +103,8 @@
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://192.168.100.3:3000";
|
proxyPass = "http://${config.containers.pad-hacc.localAddress}:3000";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
proxy_pass_request_headers on;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
proxy_set_header X-Forwarded-Host $http_host;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection $http_connection;
|
|
||||||
add_header Access-Control-Allow-Origin "*";
|
add_header Access-Control-Allow-Origin "*";
|
||||||
proxy_buffering off;
|
proxy_buffering off;
|
||||||
'';
|
'';
|
96
services/hedgedoc-i4f.nix
Normal file
|
@ -0,0 +1,96 @@
|
||||||
|
{ config, lib, pkgs, modules, evalConfig, sources, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
containers.pad-i4f = {
|
||||||
|
privateNetwork = true;
|
||||||
|
hostAddress = "192.168.100.1";
|
||||||
|
localAddress = "192.168.100.6";
|
||||||
|
autoStart = true;
|
||||||
|
bindMounts = {
|
||||||
|
"/persist" = {
|
||||||
|
hostPath = "/persist/containers/pad-i4f";
|
||||||
|
isReadOnly = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
|
||||||
|
boot.isContainer = true;
|
||||||
|
networking.useDHCP = false;
|
||||||
|
users.users.root.hashedPassword = "";
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
((import sources.nix-hexchen) {}).profiles.nopersist
|
||||||
|
];
|
||||||
|
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
networking.firewall.enable = false;
|
||||||
|
networking.defaultGateway = {
|
||||||
|
address = "192.168.100.1";
|
||||||
|
interface = "eth0";
|
||||||
|
};
|
||||||
|
services.coredns = {
|
||||||
|
enable = true;
|
||||||
|
config = ''
|
||||||
|
.:53 {
|
||||||
|
forward . 1.1.1.1
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
services.hedgedoc = {
|
||||||
|
enable = true;
|
||||||
|
configuration = {
|
||||||
|
allowAnonymous = true;
|
||||||
|
allowFreeURL = true;
|
||||||
|
allowGravatar = false;
|
||||||
|
allowOrigin = [ "localhost" "pad.infra4future.de" "fff-muc.de" ];
|
||||||
|
db = {
|
||||||
|
host = "/run/postgresql";
|
||||||
|
dialect = "postgres";
|
||||||
|
database = "hedgedoc";
|
||||||
|
};
|
||||||
|
defaultPermission = "freely";
|
||||||
|
domain = "pad.infra4future.de";
|
||||||
|
host = "0.0.0.0";
|
||||||
|
protocolUseSSL = true;
|
||||||
|
hsts.preload = false;
|
||||||
|
email = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
systemd.services.hedgedoc.environment = {
|
||||||
|
"CMD_LOGLEVEL" = "warn";
|
||||||
|
};
|
||||||
|
services.postgresql = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.postgresql_11;
|
||||||
|
authentication = ''
|
||||||
|
local all all trust
|
||||||
|
host hedgedoc hedgedoc 127.0.0.1/32 trust
|
||||||
|
'';
|
||||||
|
ensureDatabases = [ "hedgedoc" ];
|
||||||
|
ensureUsers = [{
|
||||||
|
name = "hedgedoc";
|
||||||
|
ensurePermissions = {
|
||||||
|
"DATABASE hedgedoc" = "ALL PRIVILEGES";
|
||||||
|
};
|
||||||
|
}];
|
||||||
|
};
|
||||||
|
services.postgresqlBackup = {
|
||||||
|
enable = true;
|
||||||
|
databases = [ "hedgedoc" ];
|
||||||
|
startAt = "*-*-* 23:45:00";
|
||||||
|
location = "/persist/backups/postgres";
|
||||||
|
};
|
||||||
|
})).config.system.build.toplevel;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."pad.infra4future.de" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://${config.containers.pad-i4f.localAddress}:3000";
|
||||||
|
extraConfig = ''
|
||||||
|
add_header Access-Control-Allow-Origin "*";
|
||||||
|
proxy_buffering off;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,29 +1,46 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, profiles, modules, evalConfig, ... }:
|
||||||
|
|
||||||
let
|
{
|
||||||
unstable = import (import ../../../nix/sources.nix).nixpkgs-unstable {};
|
|
||||||
in {
|
|
||||||
containers.lantifa = {
|
containers.lantifa = {
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
privateNetwork = true;
|
privateNetwork = true;
|
||||||
hostAddress6 = "fd00::42:14";
|
hostAddress = "192.168.100.1";
|
||||||
localAddress6 = "fd00::42:15";
|
localAddress = "192.168.100.8";
|
||||||
|
bindMounts = {
|
||||||
|
"/persist" = {
|
||||||
|
hostPath = "/persist/containers/lantifa";
|
||||||
|
isReadOnly = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = {config, pkgs, ... }: {
|
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
|
||||||
networking.hosts."::1" = [ "wiki.lantifa.org" ];
|
boot.isContainer = true;
|
||||||
networking.firewall.enable = false;
|
networking.useDHCP = false;
|
||||||
|
users.users.root.hashedPassword = "";
|
||||||
|
hexchen.bindmounts."/var/lib/mediawiki" = "/persist/var/lib/mediawiki";
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
((import sources.nix-hexchen) {}).profiles.nopersist
|
||||||
|
];
|
||||||
|
|
||||||
|
networking.hosts."127.0.0.1" = [ "wiki.lantifa.org" ];
|
||||||
users.users.mediawiki.extraGroups = [ "keys" ];
|
users.users.mediawiki.extraGroups = [ "keys" ];
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
networking.firewall.enable = false;
|
||||||
|
networking.defaultGateway = {
|
||||||
|
address = "192.168.100.1";
|
||||||
|
interface = "eth0";
|
||||||
|
};
|
||||||
|
|
||||||
services.mediawiki = {
|
services.mediawiki = {
|
||||||
enable = true;
|
enable = true;
|
||||||
name = "LANtifa";
|
name = "LANtifa";
|
||||||
package = unstable.mediawiki;
|
|
||||||
database.createLocally = true;
|
database.createLocally = true;
|
||||||
passwordFile = "/var/lib/mediawiki/mediawiki-password";
|
passwordFile = "/var/lib/mediawiki/mediawiki-password";
|
||||||
extraConfig = let
|
extraConfig = let
|
||||||
wikidb = pkgs.fetchzip {
|
wikidb = pkgs.fetchzip {
|
||||||
url = "http://www.kennel17.co.uk/uploads/testwiki/archive/e/e9/20210407232657%21WikiDB.zip";
|
url = "https://www.kennel17.co.uk/uploads/testwiki/e/e9/WikiDB.zip";
|
||||||
sha256 = "0d4f2ygglz4w515a7lgw59500q3xmr92xxhsmh8p204yaa769x8v";
|
sha256 = "sha256-8pMNQwmGEsbIoSV1s4RL5Xqq4+f+GNOaCB8VlVnbweY=";
|
||||||
};
|
};
|
||||||
in ''
|
in ''
|
||||||
// Configure short URLs
|
// Configure short URLs
|
||||||
|
@ -60,8 +77,8 @@ in {
|
||||||
sha256 = "1k0z44jfqsxzwy6jjz3yfibiq8wi845d5iwwh8j3yijn2854fj0i";
|
sha256 = "1k0z44jfqsxzwy6jjz3yfibiq8wi845d5iwwh8j3yijn2854fj0i";
|
||||||
};
|
};
|
||||||
intersection = pkgs.fetchzip { # This is the DynamicPageList extension
|
intersection = pkgs.fetchzip { # This is the DynamicPageList extension
|
||||||
url = "https://extdist.wmflabs.org/dist/extensions/intersection-REL1_35-f657385.tar.gz";
|
url = "https://extdist.wmflabs.org/dist/extensions/intersection-REL1_36-82eb087.tar.gz";
|
||||||
sha256 = "0f4bpxdfj5k4ll56s3i6cpgcpfalsff307shdhqhrbl0n3kbr3q0";
|
sha256 = "sha256-TD58DvJ4CFASP4rIc94jeB4SN4zktLe33xZtz/Qg2dk=";
|
||||||
};
|
};
|
||||||
PageForms = pkgs.fetchzip {
|
PageForms = pkgs.fetchzip {
|
||||||
url = "https://github.com/wikimedia/mediawiki-extensions-PageForms/archive/5.0.1.zip";
|
url = "https://github.com/wikimedia/mediawiki-extensions-PageForms/archive/5.0.1.zip";
|
||||||
|
@ -81,16 +98,17 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.mysql.dataDir = "/persist/mysql";
|
||||||
services.mysqlBackup = {
|
services.mysqlBackup = {
|
||||||
enable = true;
|
enable = true;
|
||||||
databases = [ "mediawiki" ];
|
databases = [ "mediawiki" ];
|
||||||
calendar = "*-*-* 23:45:00";
|
calendar = "*-*-* 23:45:00";
|
||||||
};
|
};
|
||||||
};
|
})).config.system.build.toplevel;
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx.virtualHosts."wiki.lantifa.org" = {
|
services.nginx.virtualHosts."wiki.lantifa.org" = {
|
||||||
locations."/".proxyPass = "http://[" + config.containers.lantifa.localAddress6 + "]";
|
locations."/".proxyPass = "http://" + config.containers.lantifa.localAddress + "";
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
};
|
};
|
177
services/mail.nix
Normal file
|
@ -0,0 +1,177 @@
|
||||||
|
{ config, pkgs, lib, sources, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [ sources.nixos-mailserver.outPath ];
|
||||||
|
|
||||||
|
# reduce log spam
|
||||||
|
systemd.services.rspamd.serviceConfig.LogLevelMax =
|
||||||
|
3; # this is set to error because rspamd regularly complains about not enough learns
|
||||||
|
systemd.services.postfix.serviceConfig.LogLevelMax = 5; # = notice
|
||||||
|
systemd.services.dovecot2.serviceConfig.LogLevelMax = 5; # = notice
|
||||||
|
|
||||||
|
# stop postfix from dying if rspamd hiccups
|
||||||
|
systemd.services.postfix.unitConfig = {
|
||||||
|
Requires = lib.mkForce "dovecot2.service opendkim.service";
|
||||||
|
};
|
||||||
|
|
||||||
|
mailserver = {
|
||||||
|
mailDirectory = "/persist/mail";
|
||||||
|
enable = true;
|
||||||
|
fqdn = "mail.hacc.space";
|
||||||
|
monitoring = {
|
||||||
|
enable = true;
|
||||||
|
alertAddress = "admin@hacc.space";
|
||||||
|
};
|
||||||
|
domains = [
|
||||||
|
"hacc.space"
|
||||||
|
"muc.hacc.space"
|
||||||
|
"hacc.earth"
|
||||||
|
"4future.dev"
|
||||||
|
"4futu.re"
|
||||||
|
"infra4future.de"
|
||||||
|
];
|
||||||
|
|
||||||
|
loginAccounts = {
|
||||||
|
"hexchen@hacc.space".hashedPassword =
|
||||||
|
"$6$x9skYtRp4dgxC$1y8gPC2BuVqG3kJVSMGgzZv0Bg1T9qxcnBWLIDbANy1d//SQ23Y7s3IMYcEPd1/l/MYWD9Y/Qse6HbT5w5Xwq/";
|
||||||
|
|
||||||
|
"octycs@hacc.space".hashedPassword =
|
||||||
|
"$6$KceTivtJ$58jxhYF6ULfivNsb3Z0J7PnGea0Hs2wTWh3c9FrKRIAmuOD96u2IDgZRCn6P5NrXA0BL.n6HC2RS3r.4JnOmg.";
|
||||||
|
"octycs@hacc.space".aliases = [ "markus@hacc.space" ];
|
||||||
|
|
||||||
|
"raphael@hacc.space".hashedPassword =
|
||||||
|
"$6$QveHpwMcp9mkFVAU$EFuahOrJIxPg.c.WGFHtrP3.onwJYwvP7fiBHHGb9jhosewZ2tEUP.2D3uyDLhd9Cfny6Yp4jDk/Hkjk7/ME1/";
|
||||||
|
|
||||||
|
"moira@hacc.space".hashedPassword =
|
||||||
|
"$6$BpYhwcZNrkLhVqK$6FMqA/vUkdV4GBlHLSqS5DRCb/CaLDNeIsBcZ8G30heytS/tJj2Ag7b1ovSltTA4PUfhee3pJrz1BkwkA93vN1";
|
||||||
|
|
||||||
|
"zauberberg@hacc.space".hashedPassword =
|
||||||
|
"$6$ISAaU8X6D$oGKe9WXDWrRpGzHUTdxrxdtg9zuGOlBMuDc82IZhegpsv1bqd550FhZZrI40IjZTA5Hy2MZ8j/0efpnQ4fOQH0";
|
||||||
|
"zauberberg@hacc.space".aliases = [ "lukas@hacc.space" ];
|
||||||
|
|
||||||
|
"stuebinm@hacc.space".hashedPassword =
|
||||||
|
"$6$mjrMQG5smqLRlm$WzmbiZnGlEXGT7hj/n2qz0nvVzGyZfMToCyLRi0wErfVEHI7y7jtWoHqIWnpcHAM29UocsIFFsUCb3XqQCwwB.";
|
||||||
|
|
||||||
|
"lenny@hacc.space".hashedPassword =
|
||||||
|
"$6$EZpv9XImv5F3$p2NSoo5gLxh6NnB3/C6wF8knRTuMHqDXYF3BEscaQuk7qok2Z13xKT/6mFvvSKKBnFCuYptgnfGswmoqIzm/1/";
|
||||||
|
"lenny@hacc.space".aliases = [ "rinderhacc@hacc.space" ];
|
||||||
|
|
||||||
|
"finance@muc.hacc.space".hashedPassword =
|
||||||
|
"$6$R3GRmvXwqnMM6q.R$Y9mrUAmMnCScsM6pKjxo2a2XPM7lHrV8FIgK0PzhYvZbxWczo7.O4dk1onYeV1mRx/nXZfkZNjqNCruCn0S2m.";
|
||||||
|
|
||||||
|
"noreply@hacc.space" = {
|
||||||
|
hashedPassword =
|
||||||
|
"$6$YsqMoItITZUzI5wo$5Lejf8XBHRx4LW4VuZ9wJCiBbT4kOV/EZaCdWQ07eVIrkRTZwXWZ5zfsh.olXEFwvpNWN.DBnU.dQc.cC0/ra/";
|
||||||
|
sendOnly = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
"noreply@infra4future.de" = {
|
||||||
|
hashedPassword =
|
||||||
|
"$6$uaD8bRcT1$gFqhFyu5RUsyUUOG5b.kN.JAJ1rVHvaYhpeRHoMvrERAMgBu1FHu2oDnjTsy.5NKoLc5xpI5uv4Gpy4YbmDmV.";
|
||||||
|
sendOnly = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
extraVirtualAliases = {
|
||||||
|
# address = forward address;
|
||||||
|
|
||||||
|
# -- International --
|
||||||
|
# info/contact: main entrypoint, anyone can read or reply to this.
|
||||||
|
"info@hacc.space" = [
|
||||||
|
"hexchen@hacc.space"
|
||||||
|
"octycs@hacc.space"
|
||||||
|
"raphael@hacc.space"
|
||||||
|
"moira@hacc.space"
|
||||||
|
"zauberberg@hacc.space"
|
||||||
|
"stuebinm@hacc.space"
|
||||||
|
"lenny@hacc.space"
|
||||||
|
];
|
||||||
|
|
||||||
|
# admin: current people with access to the mail server and knowledge on how to use it™
|
||||||
|
"admin@hacc.space" =
|
||||||
|
[ "hexchen@hacc.space" "moira@hacc.space" "zauberberg@hacc.space" ];
|
||||||
|
|
||||||
|
# voc: hacc video operation center, various streaming-related things
|
||||||
|
"voc@hacc.space" = [
|
||||||
|
"hexchen@hacc.space"
|
||||||
|
"moira@hacc.space"
|
||||||
|
"octycs@hacc.space"
|
||||||
|
"stuebinm@hacc.space"
|
||||||
|
"zauberberg@hacc.space"
|
||||||
|
"lenny@hacc.space"
|
||||||
|
"raphael@hacc.space"
|
||||||
|
];
|
||||||
|
|
||||||
|
# -- Regional: Germany --
|
||||||
|
# board of hacc e.V.
|
||||||
|
"vorstand@hacc.space" =
|
||||||
|
[ "raphael@hacc.space" "moira@hacc.space" "zauberberg@hacc.space" ];
|
||||||
|
|
||||||
|
# members of hacc e.V.
|
||||||
|
"mitglieder@hacc.space" = [
|
||||||
|
"hexchen@hacc.space"
|
||||||
|
"raphael@hacc.space"
|
||||||
|
"moira@hacc.space"
|
||||||
|
"zauberberg@hacc.space"
|
||||||
|
"lenny@hacc.space"
|
||||||
|
"octycs@hacc.space"
|
||||||
|
"stuebinm@hacc.space"
|
||||||
|
];
|
||||||
|
|
||||||
|
# -- Regional: Munich --
|
||||||
|
"muc@hacc.space" = [
|
||||||
|
"hexchen@hacc.space"
|
||||||
|
"octycs@hacc.space"
|
||||||
|
"raphael@hacc.space"
|
||||||
|
"moira@hacc.space"
|
||||||
|
"zauberberg@hacc.space"
|
||||||
|
"stuebinm@hacc.space"
|
||||||
|
"lenny@hacc.space"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
|
||||||
|
# down nginx and opens port 80.
|
||||||
|
certificateScheme = 3;
|
||||||
|
|
||||||
|
# Only allow implict TLS
|
||||||
|
enableImap = false;
|
||||||
|
enablePop3 = false;
|
||||||
|
|
||||||
|
# Enable the ManageSieve protocol
|
||||||
|
enableManageSieve = true;
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
services.postfix.submissionOptions.smtpd_sender_restrictions =
|
||||||
|
lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
|
||||||
|
services.postfix.submissionsOptions.smtpd_sender_restrictions =
|
||||||
|
lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
|
||||||
|
|
||||||
|
services.postfix.virtual = ''
|
||||||
|
postmaster@hacc.space admin@hacc.space
|
||||||
|
abuse@hacc.space admin@hacc.space
|
||||||
|
contact@hacc.space info@hacc.space
|
||||||
|
hello@hacc.space info@hacc.space
|
||||||
|
haccvoc@hacc.space voc@hacc.space
|
||||||
|
@4future.dev @hacc.space
|
||||||
|
@4futu.re @hacc.space
|
||||||
|
@hacc.earth @hacc.space
|
||||||
|
@infra4future.de @hacc.space
|
||||||
|
'';
|
||||||
|
|
||||||
|
systemd.services.alps = {
|
||||||
|
enable = true;
|
||||||
|
script =
|
||||||
|
"${pkgs.alps}/bin/alps -theme alps imaps://mail.hacc.space:993 smtps://mail.hacc.space:465";
|
||||||
|
serviceConfig.WorkingDirectory = "${pkgs.alps}/share/alps";
|
||||||
|
serviceConfig.Restart = "always";
|
||||||
|
requiredBy = [ "multi-user.target" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."mail.hacc.space" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
locations."/".proxyPass = "http://[::1]:1323";
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,34 +1,51 @@
|
||||||
{config, pkgs, lib, ...}:
|
{config, pkgs, lib, profiles, modules, evalConfig, sources, ...}:
|
||||||
|
|
||||||
{
|
let
|
||||||
|
mattermost = pkgs.mattermost;
|
||||||
|
in {
|
||||||
containers.mattermost = {
|
containers.mattermost = {
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
privateNetwork = true;
|
privateNetwork = true;
|
||||||
hostAddress = "192.168.100.30";
|
hostAddress = "192.168.100.1";
|
||||||
localAddress = "192.168.100.31";
|
localAddress = "192.168.100.3";
|
||||||
|
|
||||||
bindMounts."/secrets" = {
|
bindMounts = {
|
||||||
hostPath = "/var/lib/mattermost/";
|
"/persist" = {
|
||||||
isReadOnly = true;
|
hostPath = "/persist/containers/mattermost";
|
||||||
|
isReadOnly = false;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = {pkgs, config, ...}: {
|
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
|
||||||
|
boot.isContainer = true;
|
||||||
|
networking.useDHCP = false;
|
||||||
|
users.users.root.hashedPassword = "";
|
||||||
|
|
||||||
# have to import these here, since container's dont
|
imports = [
|
||||||
# inherit imports of their environment.
|
../modules/mattermost.nix
|
||||||
imports = [ ../../../modules/mattermost.nix ];
|
((import sources.nix-hexchen) {}).profiles.nopersist
|
||||||
|
];
|
||||||
|
|
||||||
|
nixpkgs.overlays = [ (self: super: { inherit mattermost; }) ];
|
||||||
|
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
networking.firewall.enable = false;
|
networking.firewall.enable = false;
|
||||||
|
networking.defaultGateway = {
|
||||||
|
address = "192.168.100.1";
|
||||||
|
interface = "eth0";
|
||||||
|
};
|
||||||
|
|
||||||
# couldn't figure out how to actually overwrite modules, so now
|
# couldn't figure out how to actually overwrite modules, so now
|
||||||
# there's two mattermost modules ...
|
# there's two mattermost modules ...
|
||||||
services.mattermost-patched = {
|
services.mattermost-patched = {
|
||||||
enable = true;
|
enable = true;
|
||||||
siteUrl = "https://mattermost-beta.infra4future.de";
|
siteUrl = "https://mattermost.infra4future.de";
|
||||||
siteName = "Mattermost - Blabla for Future";
|
siteName = "Mattermost for Future";
|
||||||
listenAddress = "0.0.0.0:3000";
|
listenAddress = "0.0.0.0:3000";
|
||||||
mutableConfig = false;
|
mutableConfig = false;
|
||||||
|
|
||||||
secretConfig = "/secrets/secrets.json";
|
secretConfig = "/persist/mattermost/secrets.json";
|
||||||
|
statePath = "/persist/mattermost";
|
||||||
|
|
||||||
extraConfig = {
|
extraConfig = {
|
||||||
ServiceSettings = {
|
ServiceSettings = {
|
||||||
|
@ -56,10 +73,12 @@
|
||||||
EnableLaTeX = true;
|
EnableLaTeX = true;
|
||||||
ThreadAutoFollow = true;
|
ThreadAutoFollow = true;
|
||||||
EnableSecurityFixAlert = false;
|
EnableSecurityFixAlert = false;
|
||||||
|
CollapsedThreads = "default_on";
|
||||||
};
|
};
|
||||||
TeamSettings = {
|
TeamSettings = {
|
||||||
EnableTeamCreation = true;
|
EnableTeamCreation = true;
|
||||||
EnableUserCreation = true;
|
EnableUserCreation = true;
|
||||||
|
MaxUsersPerTeam = 250;
|
||||||
EnableOpenServer = false;
|
EnableOpenServer = false;
|
||||||
EnableUserDeactivation = true;
|
EnableUserDeactivation = true;
|
||||||
ExperimentalViewArchivedChannels = true;
|
ExperimentalViewArchivedChannels = true;
|
||||||
|
@ -87,7 +106,7 @@
|
||||||
EnableFileAttachments = true;
|
EnableFileAttachments = true;
|
||||||
MaxFileSize = 52428800;
|
MaxFileSize = 52428800;
|
||||||
DriverName = "local";
|
DriverName = "local";
|
||||||
Directory = "/var/lib/mattermost/uploads-storage";
|
Directory = "/persist/mattermost/upload-storage";
|
||||||
EnablePublicLink = true;
|
EnablePublicLink = true;
|
||||||
PublicLinkSalt = "3k7p3yxdhz6798b3b9openfr9rn3ymwu";
|
PublicLinkSalt = "3k7p3yxdhz6798b3b9openfr9rn3ymwu";
|
||||||
};
|
};
|
||||||
|
@ -120,11 +139,11 @@
|
||||||
AnnouncementSettings.EnableBanner = false;
|
AnnouncementSettings.EnableBanner = false;
|
||||||
GitLabSettings = {
|
GitLabSettings = {
|
||||||
Enable = true;
|
Enable = true;
|
||||||
Id = "mattermost-beta";
|
Id = "mattermost";
|
||||||
Scope = "";
|
Scope = "";
|
||||||
AuthEndpoint = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/auth";
|
AuthEndpoint = "https://login.infra4future.de/oauth2/authorize";
|
||||||
TokenEndpoint = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/token";
|
TokenEndpoint = "https://login.infra4future.de/oauth2/token";
|
||||||
UserApiEndpoint = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/userinfo";
|
UserApiEndpoint = "https://login.infra4future.de/oauth2/userinfo";
|
||||||
};
|
};
|
||||||
# for some reason, these don't appear to be working; the startup
|
# for some reason, these don't appear to be working; the startup
|
||||||
# process complaines and sets these back to en
|
# process complaines and sets these back to en
|
||||||
|
@ -159,6 +178,7 @@
|
||||||
ClusterSettings.Enable = false;
|
ClusterSettings.Enable = false;
|
||||||
MetricsSettings.Enable = false;
|
MetricsSettings.Enable = false;
|
||||||
GuestAccountsSettings.Enable = false;
|
GuestAccountsSettings.Enable = false;
|
||||||
|
FeatureFlags.CollapsedThreads = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
# turn of the weirder parts of this module (which insist on passwords
|
# turn of the weirder parts of this module (which insist on passwords
|
||||||
|
@ -169,8 +189,20 @@
|
||||||
localDatabaseCreate = false;
|
localDatabaseCreate = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.mysql = {
|
||||||
|
enable = true;
|
||||||
|
ensureDatabases = [ "mattermost" ];
|
||||||
|
ensureUsers = [ {
|
||||||
|
name = "mattermost";
|
||||||
|
ensurePermissions = { "mattermost.*" = "ALL PRIVILEGES"; };
|
||||||
|
} ];
|
||||||
|
package = pkgs.mysql80;
|
||||||
|
dataDir = "/persist/mysql";
|
||||||
|
};
|
||||||
|
|
||||||
services.postgresql = {
|
services.postgresql = {
|
||||||
enable = lib.mkForce true; # mattermost sets this to false. wtf.
|
enable = lib.mkForce true; # mattermost sets this to false. wtf.
|
||||||
|
package = pkgs.postgresql_11;
|
||||||
ensureDatabases = [ "mattermost" ];
|
ensureDatabases = [ "mattermost" ];
|
||||||
ensureUsers = [ {
|
ensureUsers = [ {
|
||||||
name = "mattermost";
|
name = "mattermost";
|
||||||
|
@ -194,22 +226,21 @@
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
})).config.system.build.toplevel;
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx.virtualHosts."mattermost-beta.infra4future.de" = {
|
services.nginx.virtualHosts."mattermost.infra4future.de" = {
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://${config.containers.mattermost.localAddress}:3000";
|
proxyPass = "http://${config.containers.mattermost.localAddress}:3000";
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
|
extraConfig = ''
|
||||||
|
# Mattermost CSR Patch
|
||||||
|
proxy_hide_header Content-Security-Policy;
|
||||||
|
proxy_hide_header X-Frame-Options;
|
||||||
|
proxy_redirect off;
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.nat = {
|
|
||||||
enable = true;
|
|
||||||
internalInterfaces = [ "ve-mattermost" ];
|
|
||||||
externalInterface = "enp6s0";
|
|
||||||
};
|
|
||||||
|
|
||||||
}
|
}
|
23
services/murmur.nix
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
{ config, lib, pkgs, sources, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
hexchen.bindmounts."/var/lib/murmur" = "/persist/var/lib/murmur";
|
||||||
|
|
||||||
|
services.murmur = {
|
||||||
|
enable = true;
|
||||||
|
logDays = -1;
|
||||||
|
welcometext = "Welcome to mumble4future! Brought to you by infra4future. The server is now reachable under mumble.hacc.space, please update your bookmarks.";
|
||||||
|
sslKey = "/var/lib/acme/mumble.hacc.space/key.pem";
|
||||||
|
sslCert = "/var/lib/acme/mumble.hacc.space/fullchain.pem";
|
||||||
|
bandwidth = 128000;
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ config.services.murmur.port ];
|
||||||
|
networking.firewall.allowedUDPPorts = [ config.services.murmur.port ];
|
||||||
|
|
||||||
|
# the mumble cert has its own group so that both nginx and murmur can read it
|
||||||
|
users.groups.mumblecert = {};
|
||||||
|
security.acme.certs."mumble.hacc.space".group = "mumblecert";
|
||||||
|
users.users.nginx.extraGroups = [ "mumblecert" ];
|
||||||
|
users.users.murmur.extraGroups = [ "mumblecert" ];
|
||||||
|
}
|
116
services/nextcloud/default.nix
Normal file
|
@ -0,0 +1,116 @@
|
||||||
|
{ config, lib, pkgs, profiles, modules, evalConfig, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
containers.nextcloud = {
|
||||||
|
autoStart = true;
|
||||||
|
privateNetwork = true;
|
||||||
|
hostAddress = "192.168.100.1";
|
||||||
|
localAddress = "192.168.100.2";
|
||||||
|
bindMounts = {
|
||||||
|
"/persist" = {
|
||||||
|
hostPath = "/persist/containers/nextcloud";
|
||||||
|
isReadOnly = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
|
||||||
|
boot.isContainer = true;
|
||||||
|
networking.useDHCP = false;
|
||||||
|
users.users.root.hashedPassword = "";
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
((import sources.nix-hexchen) {}).profiles.nopersist
|
||||||
|
../../modules/nextcloud.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
networking.firewall.enable = false;
|
||||||
|
networking.defaultGateway = {
|
||||||
|
address = "192.168.100.1";
|
||||||
|
interface = "eth0";
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.systemPackages = [ pkgs.htop ];
|
||||||
|
|
||||||
|
services.nextcloud-patched = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
# must be set manually; may not be incremented by more than one at
|
||||||
|
# a time, otherwise nextcloud WILL break
|
||||||
|
package = pkgs.nextcloud24;
|
||||||
|
|
||||||
|
home = "/persist/nextcloud";
|
||||||
|
https = true;
|
||||||
|
|
||||||
|
hostName = "cloud.infra4future.de";
|
||||||
|
config = {
|
||||||
|
dbtype = "pgsql";
|
||||||
|
dbuser = "nextcloud";
|
||||||
|
dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
|
||||||
|
dbname = "nextcloud";
|
||||||
|
adminpassFile = "/persist/nextcloud/config/admin_pw";
|
||||||
|
adminuser = "root";
|
||||||
|
defaultapp = "apporder";
|
||||||
|
};
|
||||||
|
|
||||||
|
# multiple pools may be doable using services.phpfpm.pools,
|
||||||
|
# but i have not tried this yet. The nextcloud module defines a
|
||||||
|
# pool "nextcloud"
|
||||||
|
poolSettings = {
|
||||||
|
pm = "dynamic";
|
||||||
|
"pm.max_children" = "32";
|
||||||
|
"pm.max_requests" = "500";
|
||||||
|
"pm.max_spare_servers" = "4";
|
||||||
|
"pm.min_spare_servers" = "2";
|
||||||
|
"pm.start_servers" = "2";
|
||||||
|
};
|
||||||
|
|
||||||
|
extraOptions = {
|
||||||
|
instanceid = "ocxlphb7fbju";
|
||||||
|
datadirectory = "/persist/data/ncdata";
|
||||||
|
loglevel = 0;
|
||||||
|
"overwrite.cli.url" = "https://cloud.infra4future.de";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.postgresql = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.postgresql_11;
|
||||||
|
ensureDatabases = [ "nextcloud" ];
|
||||||
|
ensureUsers = [
|
||||||
|
{ # by default, postgres has unix sockets enabled, and allows a
|
||||||
|
# system user `nextcloud` to log in without other authentication
|
||||||
|
name = "nextcloud";
|
||||||
|
ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
# ensure that postgres is running *before* running the setup
|
||||||
|
systemd.services."nextcloud-setup" = {
|
||||||
|
requires = ["postgresql.service"];
|
||||||
|
after = ["postgresql.service"];
|
||||||
|
};
|
||||||
|
|
||||||
|
services.coredns = {
|
||||||
|
enable = true;
|
||||||
|
config = ''
|
||||||
|
.:53 {
|
||||||
|
forward . 1.1.1.1
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
})).config.system.build.toplevel;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."cloud.infra4future.de" = {
|
||||||
|
locations."/".proxyPass = "http://${config.containers.nextcloud.localAddress}:80";
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
extraConfig = ''
|
||||||
|
proxy_buffering off;
|
||||||
|
client_max_body_size 0;
|
||||||
|
add_header Cache-Control "no-store, no-cache, must-revalidate";
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
9
services/nginx-pages.nix
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
|
||||||
|
{
|
||||||
|
hacc.websites = {
|
||||||
|
enable = true;
|
||||||
|
directory = ../websites;
|
||||||
|
};
|
||||||
|
}
|
39
services/syncthing.nix
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
{
|
||||||
|
services.syncthing = {
|
||||||
|
enable = true;
|
||||||
|
relay.enable = false;
|
||||||
|
openDefaultPorts = true;
|
||||||
|
configDir = "/persist/var/lib/syncthing/";
|
||||||
|
dataDir = "/persist/data/syncthing/";
|
||||||
|
devices = {
|
||||||
|
raphael-laptop = {
|
||||||
|
addresses = []; # empty = dynamic
|
||||||
|
id = "72B3T74-NOMJV3X-EVJXTJF-5GGAEZB-ZDKBHXQ-VQNRYEU-YCPA2JP-L6NGAAG";
|
||||||
|
};
|
||||||
|
# zauberberg
|
||||||
|
conway = {
|
||||||
|
addresses = []; # empty = dynamic
|
||||||
|
id = "HV7IU2N-Q4W3A7F-BSASR43-OB575SM-47FY2UW-7N5GMFM-PX3LWRN-HXBXMQF";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
folders = {
|
||||||
|
"/persist/data/syncthing/hacc/" = {
|
||||||
|
id = "qt2ly-xvvvs";
|
||||||
|
devices = [ "conway" "raphael-laptop"];
|
||||||
|
type = "receiveonly";
|
||||||
|
versioning = {
|
||||||
|
type = "simple";
|
||||||
|
params.keep = "10";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
"/persist/data/syncthing/hacc_eV_vorstand/" = {
|
||||||
|
id = "twwt7-fxrsr";
|
||||||
|
devices = [ "conway" "raphael-laptop"];
|
||||||
|
# type = "receiveencrypted"; # no yet implemented
|
||||||
|
};
|
||||||
|
};
|
||||||
|
overrideFolders = false; # enables workaround for recieveencrypted
|
||||||
|
};
|
||||||
|
}
|
86
services/thelounge.nix
Normal file
|
@ -0,0 +1,86 @@
|
||||||
|
{ config, lib, pkgs, evalConfig, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
# necessary since overlays won't propagate into the
|
||||||
|
# container's config
|
||||||
|
thelounge = pkgs.thelounge-hacked;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
containers.thelounge = {
|
||||||
|
autoStart = true;
|
||||||
|
privateNetwork = true;
|
||||||
|
hostAddress = "192.168.100.1";
|
||||||
|
localAddress = "192.168.100.4";
|
||||||
|
|
||||||
|
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
|
||||||
|
boot.isContainer = true;
|
||||||
|
networking.useDHCP = false;
|
||||||
|
users.users.root.hashedPassword = "";
|
||||||
|
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
networking.firewall.enable = false;
|
||||||
|
networking.defaultGateway = {
|
||||||
|
address = "192.168.100.1";
|
||||||
|
interface = "eth0";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.thelounge = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
extraConfig = {
|
||||||
|
public = true;
|
||||||
|
# respect X-Forwarded-For
|
||||||
|
reverseProxy = true;
|
||||||
|
defaults = {
|
||||||
|
name = "libera chat";
|
||||||
|
host = "irc.eu.libera.chat";
|
||||||
|
port = 6697;
|
||||||
|
# encrypt things!
|
||||||
|
tls = true;
|
||||||
|
# yes, please do actually check the cert …
|
||||||
|
rejectUnauthorized = true;
|
||||||
|
nick = "haccGuest%%%%";
|
||||||
|
join = "#hacc-webchat";
|
||||||
|
};
|
||||||
|
lockNetwork = true;
|
||||||
|
|
||||||
|
# don't log messages (default is text / sqlite)
|
||||||
|
messageStorage = [];
|
||||||
|
|
||||||
|
# darker theme
|
||||||
|
#theme = "morning";
|
||||||
|
|
||||||
|
# these three should result in having link previews
|
||||||
|
# which are fetched only by the server, then proxied
|
||||||
|
# (i.e. clients won't directly connect to arbitrary
|
||||||
|
# domains to get previews)
|
||||||
|
prefetch = true;
|
||||||
|
prefetchStorage = true;
|
||||||
|
disableMediaPreview = true;
|
||||||
|
|
||||||
|
leaveMessage = "happy haccing";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# override the package we use
|
||||||
|
systemd.services.thelounge.serviceConfig.ExecStart =
|
||||||
|
pkgs.lib.mkForce "${thelounge}/bin/thelounge start";
|
||||||
|
|
||||||
|
services.coredns = {
|
||||||
|
enable = true;
|
||||||
|
config = ''
|
||||||
|
.:53 {
|
||||||
|
forward . 1.1.1.1
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
})).config.system.build.toplevel;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."webchat.voc.hacc.space" = {
|
||||||
|
locations."/".proxyPass =
|
||||||
|
"http://${config.containers.thelounge.localAddress}:9000";
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
};
|
||||||
|
}
|
84
services/uffd.nix
Normal file
|
@ -0,0 +1,84 @@
|
||||||
|
{ config, lib, pkgs, profiles, modules, evalConfig, sources, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
uffd = pkgs.uffd;
|
||||||
|
in {
|
||||||
|
containers.uffd = {
|
||||||
|
privateNetwork = true;
|
||||||
|
hostAddress = "192.168.100.1";
|
||||||
|
localAddress = "192.168.100.9";
|
||||||
|
autoStart = true;
|
||||||
|
bindMounts = {
|
||||||
|
"/persist" = {
|
||||||
|
hostPath = "/persist/containers/uffd";
|
||||||
|
isReadOnly = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
|
||||||
|
boot.isContainer = true;
|
||||||
|
networking.useDHCP = false;
|
||||||
|
users.users.root.hashedPassword = "";
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
((import sources.nix-hexchen) {}).profiles.nopersist
|
||||||
|
];
|
||||||
|
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
networking.firewall.enable = false;
|
||||||
|
networking.defaultGateway = {
|
||||||
|
address = "192.168.100.1";
|
||||||
|
interface = "eth0";
|
||||||
|
};
|
||||||
|
services.coredns = {
|
||||||
|
enable = true;
|
||||||
|
config = ''
|
||||||
|
.:53 {
|
||||||
|
forward . 1.1.1.1
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
services.uwsgi = {
|
||||||
|
enable = true;
|
||||||
|
plugins = [ "python3" ];
|
||||||
|
instance = {
|
||||||
|
type = "normal";
|
||||||
|
pythonPackages = self: with self; [ uffd ];
|
||||||
|
module = "uffd:create_app()";
|
||||||
|
# socket = "${config.services.uwsgi.runDir}/uwsgi.sock";
|
||||||
|
http = ":8080";
|
||||||
|
env = [
|
||||||
|
"CONFIG_PATH=/persist/uffd/uffd.conf"
|
||||||
|
];
|
||||||
|
hook-pre-app = "exec:FLASK_APP=${uffd}/lib/python3.9/site-packages/uffd flask db upgrade";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
})).config.system.build.toplevel;
|
||||||
|
};
|
||||||
|
services.nginx.virtualHosts."login.infra4future.de" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
locations = {
|
||||||
|
"/".proxyPass = "http://${config.containers.uffd.localAddress}:8080";
|
||||||
|
"/static".root = "${uffd}/lib/python3.9/site-packages/uffd";
|
||||||
|
"/static/hacc.png".return = "302 https://infra4future.de/assets/img/logo_vernetzung.png";
|
||||||
|
"/static/infra4future.svg".return = "302 https://infra4future.de/assets/img/infra4future.svg";
|
||||||
|
"/static/hedgedoc.svg".return = "302 https://infra4future.de/assets/img/icons/hedgedoc.svg";
|
||||||
|
"/static/mattermost.svg".return = "302 https://infra4future.de/assets/img/icons/mattermost.svg";
|
||||||
|
"/static/nextcloud.svg".return = "302 https://infra4future.de/assets/img/icons/nextcloud.svg";
|
||||||
|
"/static/hot_shit.svg".return = "302 https://infra4future.de/assets/img/icons/hot_shit.svg";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.auamost = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
description = "mattermost aua gruppensync";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network.target" ];
|
||||||
|
serviceConfig.Type = "simple";
|
||||||
|
path = [ pkgs.curl pkgs.jq ];
|
||||||
|
script = "${pkgs.fish}/bin/fish /persist/magic/mattermost-groupsync.fish";
|
||||||
|
startAt = "*:0/15";
|
||||||
|
};
|
||||||
|
}
|
51
services/vaultwarden.nix
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.vaultwarden = {
|
||||||
|
enable = true;
|
||||||
|
config = {
|
||||||
|
DATA_FOLDER="/persist/var/lib/vaultwarden/data";
|
||||||
|
LOG_LEVEL="error";
|
||||||
|
SIGNUPS_ALLOWED=false;
|
||||||
|
SIGNUPS_VERIFY=true;
|
||||||
|
SIGNUPS_DOMAINS_WHITELIST="hacc.space";
|
||||||
|
ORG_CREATION_USERS="admin@hacc.space";
|
||||||
|
INVITATIONS_ALLOWED=true;
|
||||||
|
INVITATION_ORG_NAME="haccwarden";
|
||||||
|
|
||||||
|
TRASH_AUTO_DELETE_DAYS=90;
|
||||||
|
|
||||||
|
DOMAIN="https://pw.hacc.space";
|
||||||
|
ROCKET_ADDRESS="127.0.0.1";
|
||||||
|
ROCKET_PORT=5354;
|
||||||
|
ROCKET_WORKERS=2;
|
||||||
|
|
||||||
|
SMTP_HOST="mail.hacc.space";
|
||||||
|
SMTP_FROM="vaultwarden@hacc.space";
|
||||||
|
SMTP_FROM_NAME="haccwarden";
|
||||||
|
SMTP_PORT=587;
|
||||||
|
SMTP_USERNAME="noreply@infra4future.de";
|
||||||
|
|
||||||
|
};
|
||||||
|
environmentFile = "/persist/var/lib/vaultwarden/vaultwarden.env"; #contains SMTP_PASSWORD
|
||||||
|
dbBackend = "sqlite";
|
||||||
|
backupDir = "/persist/data/vaultwarden_backups/";
|
||||||
|
};
|
||||||
|
|
||||||
|
#work around ProtectSystem=strict, cleanup
|
||||||
|
systemd.services.vaultwarden.serviceConfig = {
|
||||||
|
ReadWritePaths = [ "/persist/var/lib/vaultwarden" ];
|
||||||
|
StateDirectory = lib.mkForce "";
|
||||||
|
};
|
||||||
|
systemd.services.backup-vaultwarden.environment.DATA_FOLDER =
|
||||||
|
lib.mkForce "/persist/var/lib/vaultwarden/data";
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."pw.hacc.space" = {
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://127.0.0.1:5354";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
};
|
||||||
|
}
|
87
services/workadventure.nix
Normal file
|
@ -0,0 +1,87 @@
|
||||||
|
{ config, lib, pkgs, modules, profiles, evalConfig, sources, ... }:
|
||||||
|
let
|
||||||
|
wapkgs = "${sources.workadventure}/wapkgs.nix";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
services.coturn = {
|
||||||
|
enable = true;
|
||||||
|
realm = "void.hacc.space";
|
||||||
|
no-cli = true;
|
||||||
|
lt-cred-mech = true;
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
user=turn:a4c9ad080dc51146611eabd15a27b07fc92850a9ae90c53e7745fce6c5a2c457
|
||||||
|
fingerprint
|
||||||
|
external-ip=135.181.215.233
|
||||||
|
server-name=void.hacc.space
|
||||||
|
prometheus
|
||||||
|
'';
|
||||||
|
|
||||||
|
cert = config.security.acme.certs."void.hacc.space".directory + "full.pem";
|
||||||
|
pkey = config.security.acme.certs."void.hacc.space".directory + "key.pem";
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall = with config.services.coturn;
|
||||||
|
let
|
||||||
|
ports = [ listening-port tls-listening-port ];
|
||||||
|
in {
|
||||||
|
allowedTCPPorts = ports ++ [ 9641 ]; # 9641 is the port for the prometheus endpoint
|
||||||
|
allowedUDPPorts = ports;
|
||||||
|
allowedUDPPortRanges = [
|
||||||
|
{ from = min-port; to = max-port; }
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."void.hacc.space" = {
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://192.168.150.3";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
containers.wa-void = {
|
||||||
|
|
||||||
|
autoStart = true;
|
||||||
|
privateNetwork = true;
|
||||||
|
hostAddress = "192.168.150.1";
|
||||||
|
localAddress = "192.168.150.3";
|
||||||
|
|
||||||
|
|
||||||
|
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
|
||||||
|
boot.isContainer = true;
|
||||||
|
networking.useDHCP = false;
|
||||||
|
users.users.root.hashedPassword = "";
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
"${sources.workadventure.outPath}/default.nix"
|
||||||
|
((import sources.nix-hexchen) {}).profiles.nopersist
|
||||||
|
];
|
||||||
|
|
||||||
|
services.workadventure."void" = {
|
||||||
|
|
||||||
|
packageset = (import wapkgs {inherit pkgs;}).workadventure-xce;
|
||||||
|
|
||||||
|
nginx = {
|
||||||
|
default = true;
|
||||||
|
domain = "https://void.hacc.space";
|
||||||
|
maps.path = "${sources.haccmap.outPath}/";
|
||||||
|
maps.serve = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
frontend.startRoomUrl = "/_/global/void.hacc.space/maps/main.json";
|
||||||
|
commonConfig = {
|
||||||
|
webrtc.stun.url = "stun:void.hacc.space:3478";
|
||||||
|
webrtc.turn = {
|
||||||
|
url = "turn:135.181.215.233";
|
||||||
|
user = "turn";
|
||||||
|
password = "a4c9ad080dc51146611eabd15a27b07fc92850a9ae90c53e7745fce6c5a2c457";
|
||||||
|
};
|
||||||
|
jitsi.url = "meet.ffmuc.net";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
})).config.system.build.toplevel;
|
||||||
|
};
|
||||||
|
}
|
25
websites/hacc.earth/License.md
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
This is free and unencumbered software released into the public domain.
|
||||||
|
|
||||||
|
Anyone is free to copy, modify, publish, use, compile, sell, or
|
||||||
|
distribute this software, either in source code form or as a compiled
|
||||||
|
binary, for any purpose, commercial or non-commercial, and by any
|
||||||
|
means.
|
||||||
|
|
||||||
|
In jurisdictions that recognize copyright laws, the author or authors
|
||||||
|
of this software dedicate any and all copyright interest in the
|
||||||
|
software to the public domain. We make this dedication for the benefit
|
||||||
|
of the public at large and to the detriment of our heirs and
|
||||||
|
successors. We intend this dedication to be an overt act of
|
||||||
|
relinquishment in perpetuity of all present and future rights to this
|
||||||
|
software under copyright law.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||||
|
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
||||||
|
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
|
||||||
|
IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
|
||||||
|
OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
|
||||||
|
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
|
||||||
|
OTHER DEALINGS IN THE SOFTWARE.
|
||||||
|
|
||||||
|
For more information, please refer to <http://unlicense.org/>
|
||||||
|
|
BIN
websites/hacc.earth/assets/ShareTech-Regular.ttf
Normal file
BIN
websites/hacc.earth/assets/favicon.png
Normal file
After Width: | Height: | Size: 3.7 KiB |
BIN
websites/hacc.earth/assets/favicon_color.png
Normal file
After Width: | Height: | Size: 5.2 KiB |
BIN
websites/hacc.earth/assets/globe_cut_mid.jpg
Normal file
After Width: | Height: | Size: 396 KiB |
192
websites/hacc.earth/assets/haccvoc.svg
Normal file
After Width: | Height: | Size: 17 KiB |
92
websites/hacc.earth/assets/infra4future.svg
Normal file
After Width: | Height: | Size: 111 KiB |
39
websites/hacc.earth/assets/logo_header.svg
Normal file
After Width: | Height: | Size: 24 KiB |
94
websites/hacc.earth/assets/logo_header_shadow.svg
Normal file
After Width: | Height: | Size: 49 KiB |
16
websites/hacc.earth/default.nix
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
{ stdenvNoCC }:
|
||||||
|
|
||||||
|
stdenvNoCC.mkDerivation {
|
||||||
|
name = "hacc.earth-static";
|
||||||
|
|
||||||
|
src = ./.;
|
||||||
|
|
||||||
|
phases = [ "buildPhase" ];
|
||||||
|
buildPhase = ''
|
||||||
|
cd $src
|
||||||
|
mkdir -p $out
|
||||||
|
cp -r * $out
|
||||||
|
rm $out/default.nix
|
||||||
|
'';
|
||||||
|
|
||||||
|
}
|
460
websites/hacc.earth/index.html
Normal file
|
@ -0,0 +1,460 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="en">
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||||
|
|
||||||
|
<title>hacc – hackers against climate change</title>
|
||||||
|
|
||||||
|
<link rel="icon" type="image/png" href="assets/favicon.png">
|
||||||
|
<style>
|
||||||
|
@font-face {
|
||||||
|
font-family: 'share-tech';
|
||||||
|
src: url('assets/ShareTech-Regular.ttf') format('truetype');
|
||||||
|
/*font-weight: normal;
|
||||||
|
font-style: normal;*/
|
||||||
|
}
|
||||||
|
|
||||||
|
html {
|
||||||
|
overflow: hidden;
|
||||||
|
height: 100%;
|
||||||
|
}
|
||||||
|
|
||||||
|
body {
|
||||||
|
background-color: #000;
|
||||||
|
color: #fff;
|
||||||
|
font-family: share-tech;
|
||||||
|
margin: 0;
|
||||||
|
|
||||||
|
perspective: 1px;
|
||||||
|
-webkit-perspective: 1px;
|
||||||
|
-webkit-transform-style: preserve-3d;
|
||||||
|
transform-style: preserve-3d;
|
||||||
|
overflow-y: auto;
|
||||||
|
overflow-x: hidden;
|
||||||
|
height: 100%;
|
||||||
|
}
|
||||||
|
|
||||||
|
#globe {
|
||||||
|
position: absolute;
|
||||||
|
top: 0;
|
||||||
|
right: 0;
|
||||||
|
left: 0;
|
||||||
|
|
||||||
|
transform: translateZ(-1px) scale(2);
|
||||||
|
z-index:-1;
|
||||||
|
}
|
||||||
|
#globe > img {
|
||||||
|
height: 100vh;
|
||||||
|
/*position: absolute;
|
||||||
|
right: 0;
|
||||||
|
top: 0;*/
|
||||||
|
float: right;
|
||||||
|
/*width: 30%;*/
|
||||||
|
}
|
||||||
|
|
||||||
|
#bg {
|
||||||
|
position: absolute;
|
||||||
|
top: 40%;
|
||||||
|
right: 0;
|
||||||
|
left: 0;
|
||||||
|
height: 60%;
|
||||||
|
|
||||||
|
transform: translateZ(.25px);
|
||||||
|
z-index:-1;
|
||||||
|
|
||||||
|
background: transparent;
|
||||||
|
background: linear-gradient(0deg, rgba(0,0,0,1) 0%, rgba(0,0,0,0) 100%);
|
||||||
|
}
|
||||||
|
|
||||||
|
#bg::after {
|
||||||
|
background: #000;
|
||||||
|
height: 1000px;
|
||||||
|
width: 100%;
|
||||||
|
bottom: -1000px;
|
||||||
|
position: absolute;
|
||||||
|
content: "";
|
||||||
|
}
|
||||||
|
|
||||||
|
.content {
|
||||||
|
position: relative;
|
||||||
|
top: 100px;
|
||||||
|
margin-left: 150px;
|
||||||
|
margin-right: 150px;
|
||||||
|
|
||||||
|
overflow: hidden;
|
||||||
|
|
||||||
|
-webkit-transform: translateZ(0px);
|
||||||
|
}
|
||||||
|
|
||||||
|
footer.content {
|
||||||
|
top: 50px;
|
||||||
|
color: #cccccc;
|
||||||
|
font-size: 14px;
|
||||||
|
}
|
||||||
|
|
||||||
|
footer a {
|
||||||
|
color: #cccccc;
|
||||||
|
}
|
||||||
|
|
||||||
|
.logo {
|
||||||
|
position: relative;
|
||||||
|
width: 100%;
|
||||||
|
}
|
||||||
|
.logo > img {
|
||||||
|
width: 300px;
|
||||||
|
max-width: 100%;
|
||||||
|
}
|
||||||
|
|
||||||
|
h1 {
|
||||||
|
font-size: 42px;
|
||||||
|
font-weight: 600;
|
||||||
|
display: inline;
|
||||||
|
|
||||||
|
/*margin-bottom: 0;*/
|
||||||
|
background: rgb(59,115,185);
|
||||||
|
background: linear-gradient(90deg, rgb(59, 115, 185) 0%, rgb(229, 35, 33) 100%);
|
||||||
|
background-clip: border-box;
|
||||||
|
color: transparent;
|
||||||
|
-webkit-background-clip: text;
|
||||||
|
background-clip: text;
|
||||||
|
}
|
||||||
|
|
||||||
|
p, li {
|
||||||
|
font-size: 26px;
|
||||||
|
max-width: 900px;
|
||||||
|
}
|
||||||
|
|
||||||
|
a {
|
||||||
|
text-decoration: none;
|
||||||
|
color: #3b73b9;
|
||||||
|
transition: color .1s linear;
|
||||||
|
}
|
||||||
|
a:hover {
|
||||||
|
/*color: #e52321;*/
|
||||||
|
color: #4e9af9;
|
||||||
|
}
|
||||||
|
|
||||||
|
ul {
|
||||||
|
margin-top: 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
.langswitch {
|
||||||
|
//position: -webkit-sticky; /* Safari */
|
||||||
|
//position: sticky;
|
||||||
|
font-size: 30px;
|
||||||
|
max-width: 100px;
|
||||||
|
margin: auto;
|
||||||
|
margin-right: 0px;
|
||||||
|
top: 50px;
|
||||||
|
/*left: 900px;*/
|
||||||
|
/*right: 10px;*/ /*sticky somehow doesn't like right*/
|
||||||
|
text-shadow: 2px 2px 5px black;
|
||||||
|
z-index: 100;
|
||||||
|
}
|
||||||
|
|
||||||
|
.welcome {
|
||||||
|
margin-top: 25vh;
|
||||||
|
width: 60%;
|
||||||
|
}
|
||||||
|
|
||||||
|
.whatwedo {
|
||||||
|
margin-top: 150px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.section {
|
||||||
|
margin-top: 100px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.activities {
|
||||||
|
width: 100%;
|
||||||
|
margin-top: 80px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.activities > div {
|
||||||
|
width: 44%;
|
||||||
|
display: inline-grid;
|
||||||
|
margin-left: 5%;
|
||||||
|
}
|
||||||
|
|
||||||
|
.activities .logo-container {
|
||||||
|
width: 100%;
|
||||||
|
text-align: center;
|
||||||
|
}
|
||||||
|
|
||||||
|
.activities .logo-container img {
|
||||||
|
height: 70px;
|
||||||
|
max-width: 100%;
|
||||||
|
}
|
||||||
|
|
||||||
|
.blink {
|
||||||
|
animation: 1s steps(2) 0s infinite running blink;
|
||||||
|
}
|
||||||
|
@keyframes blink {
|
||||||
|
from { visibility: hidden; }
|
||||||
|
to { visibility: visible; }
|
||||||
|
}
|
||||||
|
|
||||||
|
@media only screen and (max-width: 1000px) {
|
||||||
|
.content {
|
||||||
|
margin-left: 50px;
|
||||||
|
margin-right: 50px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.activities > div {
|
||||||
|
width: 90%;
|
||||||
|
display: block;
|
||||||
|
}
|
||||||
|
|
||||||
|
.activities > div:first-child {
|
||||||
|
margin-bottom: 70px;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@media only screen and (max-width: 650px) {
|
||||||
|
.logo {
|
||||||
|
text-align: center;
|
||||||
|
}
|
||||||
|
|
||||||
|
.welcome {
|
||||||
|
width: 100%;
|
||||||
|
margin-top: 55vh;
|
||||||
|
}
|
||||||
|
|
||||||
|
.content {
|
||||||
|
margin-left: 20px;
|
||||||
|
margin-right: 20px;
|
||||||
|
}
|
||||||
|
|
||||||
|
p, li {
|
||||||
|
font-size: 22px;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@media only screen and (min-width: 768px) {
|
||||||
|
.langswitch {
|
||||||
|
position: -webkit-sticky; /* Safari */
|
||||||
|
position: sticky;
|
||||||
|
font-size: 30px;
|
||||||
|
margin: auto;
|
||||||
|
margin-right: 50px;
|
||||||
|
top: 50px;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
</style>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<div id="globe"><img src="assets/globe_cut_mid.jpg" alt="Die Erde vom Weltall aus gesehen." /></div>
|
||||||
|
<div id="bg"></div>
|
||||||
|
<!--<div class="langswitch"><u><a href="/index.html" style="color: #ffffff">en</a></u>/<a href="/index_de.html" style="color: #ffffff">de</a></div>-->
|
||||||
|
<main class="content" style="z-index: 100">
|
||||||
|
<div class="logo"><img src="assets/logo_header_shadow.svg" alt="hacc. hackers against climate change." /></div>
|
||||||
|
|
||||||
|
<a name="welcometohacc"></a>
|
||||||
|
<div class="welcome">
|
||||||
|
<h1>Welcome to hacc<span class="blink">_</span></h1>
|
||||||
|
<p>
|
||||||
|
“Hackers Against Climate Change" originated as a series of <a href="https://events.ccc.de/congress/2018/wiki/index.php/Session%3AHackers_Against_Climate_Change">self-organized sessions at 35c3</a>. Working groups, spin offs and local chapters formed afterwards and were present at all major CCC events. Join the groups or start your own!</p>
|
||||||
|
<p>More info <a href="#aboutpage">about this page</a> at the bottom.
|
||||||
|
</p>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<a name="contact"></a>
|
||||||
|
<div class="section">
|
||||||
|
<h1>Get in contact<span class="blink"></span></h1>
|
||||||
|
<p>
|
||||||
|
<ul>
|
||||||
|
<li>
|
||||||
|
<a href="https://muc.hacc.earth">hacc e.V.</a>, local chapter Munich<sup><a href="#history">*</a></sup>
|
||||||
|
<ul>
|
||||||
|
<li>
|
||||||
|
<a href="https://web.libera.chat/#hacc">#hacc</a> on irc.libera.chat or as matrix bridge <a href="https://matrix.to/#/#hacc:libera.chat">#hacc:libera.chat</a>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<a href="https://web.libera.chat/#hacc-muc">#hacc-muc</a> on irc.libera.chat or as matrix bridge <a href="https://matrix.to/#/#hacc-muc:libera.chat">#hacc-muc:libera.chat</a>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<a href="https://chaos.social/@hacc">@hacc@chaos.social</a>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<a href="https://mumble.hacc.space/">mumble.hacc.space</a>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
info@hacc.earth
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<a href="https://totalism.org/hacc">CHT hackbase</a>, local chapter Canary Island<sup><a href="#history">*</a></sup>
|
||||||
|
<ul>
|
||||||
|
<li>
|
||||||
|
<a href="https://matrix.to/#/#hacc:matrix.org">#hacc:matrix.org</a>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<a href="https://hacc.uber.space/mailman/listinfo">hacc mailinglists</a>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
</p>
|
||||||
|
<!--
|
||||||
|
<a name="activities"></a>
|
||||||
|
<div class="activities">
|
||||||
|
<div>
|
||||||
|
<a name="haccvoc"></a>
|
||||||
|
<div class="logo-container">
|
||||||
|
<a href="https://hacc.earth#haccvoc"><img src="assets/haccvoc.svg" alt="hacc.voc"></a>
|
||||||
|
</div>
|
||||||
|
<p>
|
||||||
|
If you have an event and need someone
|
||||||
|
to film or livestream it, maybe we have
|
||||||
|
time and can help you!
|
||||||
|
All our recordings and livestreams can be found on <a href="https://hacc.media/">hacc.media</a>; if we stream something live, you'll find us at
|
||||||
|
<a href="https://live.hacc.media/">live.hacc.media</a>.
|
||||||
|
</p>
|
||||||
|
<ul>
|
||||||
|
<li><a href="https://vedge-kongress.de/">v-edge Congress 2020</a> in Munich</li>
|
||||||
|
<li>Filmed and live streamed several stage discussions and press conferences of other * for future groups (see <a href="https://hacc.media/search?tagsOneOf=fff">hacc.media</a>)</li>
|
||||||
|
<li>Livestreams from demonstrations for climate justice</a></li>
|
||||||
|
<li>Our own <a href="https://hacc.media/videos/watch/playlist/e90713e1-44a7-4f8e-9d1d-dd6551587d2f?playlistPosition=1">stage</a> at the Remote Chaos Experience (rc3) 2020</li>
|
||||||
|
<li>Streaming infrastructure for the second and third editions of the <a href="https://studentsforfuture.info/public-climate-school/">Public Climate School</a> by Students for Future</li>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
<div>
|
||||||
|
<a name="infra4future"></a>
|
||||||
|
<div class="logo-container">
|
||||||
|
<a href="https://infra4future.de"><img src="assets/infra4future.svg" alt="infra4future"></a>
|
||||||
|
</div>
|
||||||
|
<p>
|
||||||
|
We provide and administrate server infrastructure
|
||||||
|
for other climate justice groups.
|
||||||
|
</p>
|
||||||
|
<ul>
|
||||||
|
<li>cloud storage, chats, and forums</li>
|
||||||
|
<li><a href="https://mumble.hacc.space">mumble.hacc.space</a>: a voice-chat allowing groups to stay in contact while we can’t physically meet</li>
|
||||||
|
<li>if you need any, look around on the website linked above, write us, or just <a href="https://cloud.infra4future.de/">create an account</a>!</li>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
-->
|
||||||
|
<a name="participate"></a>
|
||||||
|
<div class="section">
|
||||||
|
<h1>Ways to Participate<span class="blink"></span></h1>
|
||||||
|
<p>
|
||||||
|
<ul>
|
||||||
|
<!--<li>Regular open international call usually every 10th and 25th of a month at 18:00 UTC via <a href="https://meet.ffmuc.net/hacc.int">Jitsi</a> organized by the hacc e.V..</li>-->
|
||||||
|
<li>Regular meetings of the <a href="https://muc.hacc.earth">hacc e.V.</a>, usually every 1st and 3rd Wednesday 7:30 p.m. at <a href="https://muc.ccc.de/">muCCC</a>. At the moment we meet online on <a href="https://mumble.hacc.space/">mumble.hacc.space</a>.</li>
|
||||||
|
<li>Meetings of <a href="https://hacc.uber.space/HACC/Europe/DE/NRW/Siegen">Klimanotstandbündnis in Siegen</a>. See hacc group page.</li>
|
||||||
|
<li>
|
||||||
|
Propose changes to the hacc e.V. infrastructure. You can open an issue or open a merge request <a href="https://git.infra4future.de/hacc/haccfiles">on the nixfiles</a> which control a growing part of our infrastructure. Or just ask us via one of hacc e.V. channels above.
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
Add you or your project to the <a href="https://e2h.totalism.org/e2h.php?_=hacc-directory#---_PROJECTS">hacc directory</a>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
Use the <a href="https://hacc.wiki">wiki</a> and add your project!
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
</p>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<a name="chapters"></a>
|
||||||
|
<div class="section">
|
||||||
|
<h1>Local chapters<span class="blink"></span></h1>
|
||||||
|
<p>
|
||||||
|
<ul>
|
||||||
|
<li><a href="https://totalism.org/hacc">CHT hackbase</a> on the Canary Islands, Spain<sup><a href="#history">*</a></sup></li>
|
||||||
|
<li><a href="https://muc.hacc.earth">hackers against climate change e.V.</a>, Munich, Germany<sup><a href="#history">*</a></sup></li>
|
||||||
|
<li><a href="https://hacc.uber.space/HACC/Europe/DE/NRW/Siegen">Klimanotstandbündnis in Siegen</a>, Germany</li>
|
||||||
|
</ul>
|
||||||
|
</p>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<a name="groups"></a>
|
||||||
|
<div class="section">
|
||||||
|
<h1>Spin offs & working groups<span class="blink"></span></h1>
|
||||||
|
<p>
|
||||||
|
There are different spin-offs of the movement originating from the <a href="https://events.ccc.de/congress/2018/wiki/index.php/Session:Hackers_Against_Climate_Change">original hacc sessions</a> and events like the <a href="https://events.ccc.de/camp/2019/wiki/Main_Page">CCCamp2019</a> or working groups associated to hacc.
|
||||||
|
</p>
|
||||||
|
<ul>
|
||||||
|
<li><a href="https://hacc.uber.space/c3sus">c3sus</a>, making Chaos events more sustainable</li>
|
||||||
|
<li><a href="https://altpwr.net/">Eventgrid</a>, developing a green power network for Camps</li>
|
||||||
|
<li><a href="https://infra4future.de">infra4future</a>, offering infrastructure and communcation platforms</li>
|
||||||
|
<li><a href="https://hacc.media/">hacc-voc</a>, doing streams and recordings</li>
|
||||||
|
<li><a href="https://hacc.uber.space/GreenFediverse">GreenFeediverse</a>, providing a list about servers and their renewable energy consumption status</li>
|
||||||
|
</ul>
|
||||||
|
<p>
|
||||||
|
Further project ideas can be found or added in the <a href="https://hacc.wiki">wiki</a> and the <a href="https://e2h.totalism.org/e2h.php?_=hacc-directory#---_PROJECTS">hacc directory</a>.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<a name="similar"></a>
|
||||||
|
<div class="section">
|
||||||
|
<h1>Similar groups<span class="blink"></span></h1>
|
||||||
|
<p>
|
||||||
|
<ul>
|
||||||
|
<li><a href="https://bits-und-baeume.org/regionalzweige/de">Bits & Bäume</a>, with multiple local chapters</li>
|
||||||
|
<li><a href="https://developersforfuture.org">Developers for Future</a></li>
|
||||||
|
</ul>
|
||||||
|
</p>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<a name="weinthepress"></a>
|
||||||
|
<div class="section">
|
||||||
|
<h1>We in the press<span class="blink"></span></h1>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
<ul>
|
||||||
|
<li>Short interview with c3sus and hacc activists in the <a href="https://denkangebot.org">Denkangebot Podacst</a> episode <a href="https://www.denkangebot.org/allgemein/da008-urlaub-auf-dem-hackercamp/">"Urlaub auf dem Hackercamp"</a>, unfortunately in German only</li>
|
||||||
|
<li>
|
||||||
|
Le Monde decided to give us, our posters, and Mate, a <a href="https://www.lemonde.fr/pixels/article/2019/12/30/a-leipzig-hackers-et-militants-pour-le-climat-font-front-commun_6024362_4408996.html">shoutout</a> in their article about the <a href="https://events.ccc.de/congress/2019/wiki/index.php/Main_Page">36c3</a>!
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
</p>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<a name="history"></a>
|
||||||
|
<div class="section">
|
||||||
|
<h1>History of hacc<span class="blink"></span></h1>
|
||||||
|
<p>
|
||||||
|
“Hackers Against Climate Change" originated as a series of <a href="https://events.ccc.de/congress/2018/wiki/index.php/Session%3AHackers_Against_Climate_Change">self-organized sessions at 35c3</a>. In the aftermath members of those sessions started spin offs as mentioned above and local chapters in Siegen, Munich and on the Canary Islands.
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
The local chapter in Siegen initiated the first hacc sessions at 35c3 and afterwards was mainly involved in local activities.
|
||||||
|
<p>
|
||||||
|
The local chapter CHT hackbase cohosted the 35c3 sessions, hosted the session at 36c3 and cohosted the divoc r2r sessions.
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
Inspired by the activities in Siegen, the Munich chapter started their bi-weekly meetings in May 2019. With the approval to use the name by the initiator of the first sessions on May 13th 2020 we eventually founded the German non-profit organization "<a href="https://muc.hacc.earth">hackers against climate change e.V.</a>" on December 9th 2020. Two members of us were part of the 35c3 sessions. Since then we were active at the CCCamp 2019, 36c3, rC3 and divoc r2r.<br>
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
Unfortunately conflicts led to a split between the local chapter Munich and CHT hackbase in July 2021.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<a name="aboutpage"></a>
|
||||||
|
<div class="section">
|
||||||
|
<h1>About this page<span class="blink"></span></h1>
|
||||||
|
<p>
|
||||||
|
The hacc e.V. runs this page (<a href="https://hacc.earth">hacc.earth</a>) but not necessarily the linked projects. You can find more about our activities and involvements on our <a href="https://muc.hacc.earth">own page</a>.<br>
|
||||||
|
Also the source of the page can be found <a href="https://git.infra4future.de/hacc/haccfiles/src/branch/main/websites/hacc.earth">here</a>. As with the hacc e.V. infrastructure in general you are invited to make change requests or just <a href="#contac">contact</a> us to ask for changes.
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
The hacc logo was designed by <a href="https://creativesforfuture.de/">Creatives for Future</a>.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
<div class="section"></div>
|
||||||
|
</main>
|
||||||
|
<footer class="content" style="z-index: 200">
|
||||||
|
<div>
|
||||||
|
<a href="https://git.infra4future.de/hacc/haccfiles/src/branch/main/websites/hacc.earth">Source of hacc.earth</a> •
|
||||||
|
<a href="#contact">Contact</a> •
|
||||||
|
<a href="https://infra4future.de/impressum.html">Imprint</a>
|
||||||
|
</div>
|
||||||
|
</footer>
|
||||||
|
</body>
|
||||||
|
</html>
|
385
websites/hacc.earth/index_de.html
Normal file
|
@ -0,0 +1,385 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="de">
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||||
|
|
||||||
|
<title>hacc – hackers against climate change</title>
|
||||||
|
|
||||||
|
<link rel="icon" type="image/png" href="assets/favicon.png">
|
||||||
|
<style>
|
||||||
|
@font-face {
|
||||||
|
font-family: 'share-tech';
|
||||||
|
src: url('assets/ShareTech-Regular.ttf') format('truetype');
|
||||||
|
/*font-weight: normal;
|
||||||
|
font-style: normal;*/
|
||||||
|
}
|
||||||
|
|
||||||
|
html {
|
||||||
|
overflow: hidden;
|
||||||
|
height: 100%;
|
||||||
|
}
|
||||||
|
|
||||||
|
body {
|
||||||
|
background-color: #000;
|
||||||
|
color: #fff;
|
||||||
|
font-family: share-tech;
|
||||||
|
margin: 0;
|
||||||
|
|
||||||
|
perspective: 1px;
|
||||||
|
-webkit-perspective: 1px;
|
||||||
|
-webkit-transform-style: preserve-3d;
|
||||||
|
transform-style: preserve-3d;
|
||||||
|
overflow-y: auto;
|
||||||
|
overflow-x: hidden;
|
||||||
|
height: 100%;
|
||||||
|
}
|
||||||
|
|
||||||
|
#globe {
|
||||||
|
position: absolute;
|
||||||
|
top: 0;
|
||||||
|
right: 0;
|
||||||
|
left: 0;
|
||||||
|
|
||||||
|
transform: translateZ(-1px) scale(2);
|
||||||
|
z-index:-1;
|
||||||
|
}
|
||||||
|
#globe > img {
|
||||||
|
height: 100vh;
|
||||||
|
/*position: absolute;
|
||||||
|
right: 0;
|
||||||
|
top: 0;*/
|
||||||
|
float: right;
|
||||||
|
/*width: 30%;*/
|
||||||
|
}
|
||||||
|
|
||||||
|
#bg {
|
||||||
|
position: absolute;
|
||||||
|
top: 40%;
|
||||||
|
right: 0;
|
||||||
|
left: 0;
|
||||||
|
height: 60%;
|
||||||
|
|
||||||
|
transform: translateZ(.25px);
|
||||||
|
z-index:-1;
|
||||||
|
|
||||||
|
background: transparent;
|
||||||
|
background: linear-gradient(0deg, rgba(0,0,0,1) 0%, rgba(0,0,0,0) 100%);
|
||||||
|
}
|
||||||
|
|
||||||
|
#bg::after {
|
||||||
|
background: #000;
|
||||||
|
height: 1000px;
|
||||||
|
width: 100%;
|
||||||
|
bottom: -1000px;
|
||||||
|
position: absolute;
|
||||||
|
content: "";
|
||||||
|
}
|
||||||
|
|
||||||
|
.content {
|
||||||
|
position: relative;
|
||||||
|
top: 100px;
|
||||||
|
margin-left: 150px;
|
||||||
|
margin-right: 150px;
|
||||||
|
|
||||||
|
overflow: hidden;
|
||||||
|
|
||||||
|
-webkit-transform: translateZ(0px);
|
||||||
|
}
|
||||||
|
|
||||||
|
footer.content {
|
||||||
|
top: 50px;
|
||||||
|
color: #707070;
|
||||||
|
font-size: 14px;
|
||||||
|
}
|
||||||
|
|
||||||
|
footer a {
|
||||||
|
color: #cccccc;
|
||||||
|
}
|
||||||
|
|
||||||
|
.logo {
|
||||||
|
position: relative;
|
||||||
|
width: 100%;
|
||||||
|
}
|
||||||
|
.logo > img {
|
||||||
|
width: 300px;
|
||||||
|
max-width: 100%;
|
||||||
|
}
|
||||||
|
|
||||||
|
h1 {
|
||||||
|
font-size: 42px;
|
||||||
|
font-weight: 600;
|
||||||
|
display: inline;
|
||||||
|
|
||||||
|
/*margin-bottom: 0;*/
|
||||||
|
background: rgb(59,115,185);
|
||||||
|
background: linear-gradient(90deg, rgb(59, 115, 185) 0%, rgb(229, 35, 33) 100%);
|
||||||
|
background-clip: border-box;
|
||||||
|
color: transparent;
|
||||||
|
-webkit-background-clip: text;
|
||||||
|
background-clip: text;
|
||||||
|
}
|
||||||
|
|
||||||
|
p, li {
|
||||||
|
font-size: 26px;
|
||||||
|
max-width: 900px;
|
||||||
|
}
|
||||||
|
|
||||||
|
a {
|
||||||
|
text-decoration: none;
|
||||||
|
color: #3b73b9;
|
||||||
|
transition: color .1s linear;
|
||||||
|
}
|
||||||
|
a:hover {
|
||||||
|
/*color: #e52321;*/
|
||||||
|
color: #4e9af9;
|
||||||
|
}
|
||||||
|
|
||||||
|
ul {
|
||||||
|
margin-top: 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
.langswitch {
|
||||||
|
//position: -webkit-sticky; /* Safari */
|
||||||
|
//position: sticky;
|
||||||
|
font-size: 30px;
|
||||||
|
max-width: 100px;
|
||||||
|
margin: auto;
|
||||||
|
margin-right: 0px;
|
||||||
|
top: 50px;
|
||||||
|
/*left: 900px;*/
|
||||||
|
/*right: 10px;*/ /*sticky somehow doesn't like right*/
|
||||||
|
text-shadow: 2px 2px 5px black;
|
||||||
|
z-index: 100;
|
||||||
|
}
|
||||||
|
|
||||||
|
.welcome {
|
||||||
|
margin-top: 25vh;
|
||||||
|
width: 60%;
|
||||||
|
}
|
||||||
|
|
||||||
|
.whatwedo {
|
||||||
|
margin-top: 150px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.section {
|
||||||
|
margin-top: 100px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.activities {
|
||||||
|
width: 100%;
|
||||||
|
margin-top: 80px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.activities > div {
|
||||||
|
width: 44%;
|
||||||
|
display: inline-grid;
|
||||||
|
margin-left: 5%;
|
||||||
|
}
|
||||||
|
|
||||||
|
.activities .logo-container {
|
||||||
|
width: 100%;
|
||||||
|
text-align: center;
|
||||||
|
}
|
||||||
|
|
||||||
|
.activities .logo-container img {
|
||||||
|
height: 70px;
|
||||||
|
max-width: 100%;
|
||||||
|
}
|
||||||
|
|
||||||
|
.blink {
|
||||||
|
animation: 1s steps(2) 0s infinite running blink;
|
||||||
|
}
|
||||||
|
@keyframes blink {
|
||||||
|
from { visibility: hidden; }
|
||||||
|
to { visibility: visible; }
|
||||||
|
}
|
||||||
|
|
||||||
|
@media only screen and (max-width: 1000px) {
|
||||||
|
.content {
|
||||||
|
margin-left: 50px;
|
||||||
|
margin-right: 50px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.activities > div {
|
||||||
|
width: 90%;
|
||||||
|
display: block;
|
||||||
|
}
|
||||||
|
|
||||||
|
.activities > div:first-child {
|
||||||
|
margin-bottom: 70px;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@media only screen and (max-width: 650px) {
|
||||||
|
.logo {
|
||||||
|
text-align: center;
|
||||||
|
}
|
||||||
|
|
||||||
|
.welcome {
|
||||||
|
width: 100%;
|
||||||
|
margin-top: 55vh;
|
||||||
|
}
|
||||||
|
|
||||||
|
.content {
|
||||||
|
margin-left: 20px;
|
||||||
|
margin-right: 20px;
|
||||||
|
}
|
||||||
|
|
||||||
|
p, li {
|
||||||
|
font-size: 22px;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@media only screen and (min-width: 768px) {
|
||||||
|
.langswitch {
|
||||||
|
position: -webkit-sticky; /* Safari */
|
||||||
|
position: sticky;
|
||||||
|
font-size: 30px;
|
||||||
|
margin: auto;
|
||||||
|
margin-right: 50px;
|
||||||
|
top: 50px;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
</style>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<div id="globe"><img src="assets/globe_cut_mid.jpg" alt="The Earth, seen from space."/></div>
|
||||||
|
<div id="bg"></div>
|
||||||
|
<div class="langswitch"><a href="/index.html" style="color: #ffffff">en</a>/<u><a href="/index_de.html" style="color: #ffffff">de</a></u></div>
|
||||||
|
<main class="content" style="z-index: 100">
|
||||||
|
<div class="logo"><img src="assets/logo_header_shadow.svg" alt="hacc. hackers against climate change."/></div>
|
||||||
|
|
||||||
|
<a name="welcometohacc"></a>
|
||||||
|
<div class="welcome">
|
||||||
|
<h1>Willkommen bei hacc<span class="blink">_</span></h1>
|
||||||
|
<p>
|
||||||
|
“Hackers Against Climate Change” entstammt einer Serie von <a href="https://events.ccc.de/congress/2018/wiki/index.php/Session:Hackers_Against_Climate_Change">Self-Organized Sessions beim 35c3</a>. Seit dem haben wir mit anderen Klimaschutzgruppen zusammengearbeitet, diese mit technischem Wissen unterstützt, sowie in der Hacker Community auf die Klimakrise aufmerksam gemacht.</p>
|
||||||
|
<p>
|
||||||
|
Zögere nicht mit uns in <a href="#contact">Kontakt</a> zu treten, über verschiedene Kanäle oder bei lokalen <a href="#meetups">Treffen</a>. Treffe uns bei Chaos-Events oder starte Deine eigene lokale Gruppe!
|
||||||
|
</p>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<a name="whatwedo"></a>
|
||||||
|
<div class="whatwedo">
|
||||||
|
<h1>Was wir machen<span class="blink"></span></h1>
|
||||||
|
<p>
|
||||||
|
hacc ist eine Gemeinschaft von Lebewesen die sich zur Aufgabe gemacht haben, im Sinne der <a href="https://www.ccc.de/de/hackerethik">Hackerethik</a> des Chaos Computer Clubs die Klimaschutzbewegung mitzugestalten. Zur Zeit sind unsere bedeutensten Projekte <a href="#haccvoc">hacc.voc</a> und <a href="#infra4future">infra4future</a> (siehe unten).<br>Ein weiteres Projekt ist <a href="https://hacc.uber.space/HACC_CSV">hacc.csv</a>. Dabei steht csv für collaboration, science, visualization und data. Es gibt zwei <a href="https://hacc.uber.space/HACC_Local_Groups">lokale Gruppen</a> in Deutschland, in München und
|
||||||
|
Siegen.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<a name="activities"></a>
|
||||||
|
<div class="activities">
|
||||||
|
<div>
|
||||||
|
<a name="haccvoc"></a>
|
||||||
|
<div class="logo-container">
|
||||||
|
<a href="https://haccvoc.de"><img src="assets/haccvoc.svg" alt="hacc.voc"></a>
|
||||||
|
</div>
|
||||||
|
<p>
|
||||||
|
Du hast ein Event hast brauchst wen um es zu filmen
|
||||||
|
oder live zu streamen? Vielleicht habe wir Zeit und können
|
||||||
|
dir helfen! <br>
|
||||||
|
Alle unsere Aufnahmen landen auf <a href="https://hacc.media">hacc.media</a>;
|
||||||
|
unsere Livestreams sind auf <a href="https://live.hacc.media">live.hacc.media</a>.
|
||||||
|
</p>
|
||||||
|
<ul>
|
||||||
|
<li><a href="https://vedge-kongress.de/">v-edge Congress 2020</a> in München</li>
|
||||||
|
<li>Livestreams und Aufzeichnungen einiger Podiumsdiskussionen und Pressekonferenzen von anderen * for future-Orgas (siehe <a href="https://hacc.media/search?tagsOneOf=fff">hacc.media</a>)</li>
|
||||||
|
<li>Unsere eigene <a href="https://hacc.media/videos/watch/playlist/e90713e1-44a7-4f8e-9d1d-dd6551587d2f?playlistPosition=1">Stage</a> auf der Remote Chaos Experience (rc3) 2020</li>
|
||||||
|
<li>Die Streaming-Infrastruktur für die zweite und dritte Auflage der <a href="https://studentsforfuture.info/public-climate-school/">Public Climate School</a> der Students for Future</li>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
<div>
|
||||||
|
<a name="infra4future"></a>
|
||||||
|
<div class="logo-container">
|
||||||
|
<a href="https://infra4future.de"><img src="assets/infra4future.svg" alt="infra4future"></a>
|
||||||
|
</div>
|
||||||
|
<p>
|
||||||
|
Wir betreiben und administrieren Server-Infrastruktur und stellen diese Klimaschutzgruppen zur Verfügung.
|
||||||
|
</p>
|
||||||
|
<ul>
|
||||||
|
<li>Cloud-Speicher, Chats und Foren</li>
|
||||||
|
<li><a href="https://mumble.hacc.space">mumble.hacc.space</a>: ein Sprach-Chat für Gruppen, die ohne physische Treffen in Kontakt bleiben wollen</li>
|
||||||
|
<li>Wenn Du einen der Dienste benötigst, schau Dich auf der oben verlinkten Seite um, schreib uns oder <a href="https://cloud.infra4future.de/">erstell Dir ein Account</a>!</li>
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<a name="meetups"></a>
|
||||||
|
<div class="section">
|
||||||
|
<h1>Mitmachen<span class="blink"></span></h1>
|
||||||
|
<ul>
|
||||||
|
<li>Regelmäßiger internationaler Call, jeden 10. und 25. im Monat um 18:00 UTC via <a href="https://meet.ffmuc.net/hacc.int">Jitsi</a>.</li>
|
||||||
|
<li>Regelmäßige Treffen von <a href="https://hacc.uber.space/HACC/Europe/DE/BY/Munich">hacc in München</a>, normalerweise jeden ersten und dritten Mittwoch im Monat um 19:00 Uhr beim <a href="https://muc.ccc.de/">muCCC</a>. Im Moment treffen wir uns Online auf <a href="https://mumble.hacc.space/">mumble.hacc.space</a>.</li>
|
||||||
|
<li>Regelmäßige Treffen des <a href="https://hacc.uber.space/HACC/Europe/DE/NRW/Siegen">Klimanotstandbündnis in Siegen</a>. Jeden zweiten Sonntag, siehe hacc-Seite.</li>
|
||||||
|
<li>
|
||||||
|
Wenn du Vorschläge für Änderungen an unserer Infrastruktur hast, leg bitte einen Issue oder erstelle einen Merge Request <a href="https://git.infra4future.de/hacc/haccfiles">auf die nixfiles</a>, über die wir einen (größer werdenden) Teil unserer Server verwalten.
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<a name="contact"></a>
|
||||||
|
<div class="section">
|
||||||
|
<h1>Kontakt<span class="blink"></span></h1>
|
||||||
|
<p>
|
||||||
|
Du kannst uns über verschiedne Kanäle erreichen und mitmachen:
|
||||||
|
</p>
|
||||||
|
<ul>
|
||||||
|
<li>contact-at-hacc.earth</li>
|
||||||
|
<li>Im Fediverse auf <a href="https://chaos.social/@hacc">chaos.social</a></li>
|
||||||
|
<li><a href="https://hacc.wiki">hacc.wiki</a></li>
|
||||||
|
<li><a href="https://infra4future.de">infra4future.de</a></li>
|
||||||
|
<li><a href="https://matrix.to/#/#hacc:libera.chat">#hacc:libera.chat</a></li>
|
||||||
|
<li><a href="https://web.libera.chat/#hacc">#hacc auf irc.libera.chat</a></li>
|
||||||
|
<li><a href="https://mumble.hacc.space">mumble.hacc.space</a></li>
|
||||||
|
<li><a href="https://hacc.uber.space/mailman/listinfo">hacc-Mailinglisten</a></li>
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<a name="othergroups"></a>
|
||||||
|
<div class="section">
|
||||||
|
<h1>Spin offs & Ähnlich Gruppen<span class="blink"></span></h1>
|
||||||
|
<p>
|
||||||
|
Es gibt verschiedene Spin-Offs, die aus der Bewegung der den <a href="https://events.ccc.de/congress/2018/wiki/index.php/Session:Hackers_Against_Climate_Change">ersten hacc-Sessions</a> auf dem 35c3 und Events wie dem <a href="https://events.ccc.de/camp/2019/wiki/Main_Page">CCCamp2019</a> entstanden sind:
|
||||||
|
</p>
|
||||||
|
<ul>
|
||||||
|
<li><a href="https://hacc.uber.space/c3sus">c3sus</a>, Chaos-Events nachhaltig gestalten</li>
|
||||||
|
<li><a href="https://altpwr.net/">Eventgrid</a>, Entwicklung eines lokalen Stromnetzes, für Outdoor-Events wie dem Camp</li>
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Weitere Projektideen gibt es im <a href="https://hacc.wiki">wiki</a>.
|
||||||
|
</p>
|
||||||
|
<h2>Ähnliche Gruppen</h2>
|
||||||
|
<ul>
|
||||||
|
<li><a href="https://bits-und-baeume.org/regionalzweige/de">Bits & Bäume</a> in Dresden, Berlin, Hannover, Dortmund, Köln und Osnabrück</li>
|
||||||
|
<li><a href="https://hackersforfuture.de">Hackers for Future</a> in Regensburg (zur Zeit pausierend)</li>
|
||||||
|
<li><a href="https://developersforfuture.org">Developers for Future</a></li>
|
||||||
|
<li><a href="https://totalism.org">CHT Hackbase</a> auf den Kanarischen Inseln</li>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<a name="weinthepress"></a>
|
||||||
|
<div class="section">
|
||||||
|
<h1>In der Presse<span class="blink"></span></h1>
|
||||||
|
<p>
|
||||||
|
Le Monde hat sich aus unbekannten Gründen entschlossen, uns und unsere Poster (und Mate) in einem <a href="https://www.lemonde.fr/pixels/article/2019/12/30/a-leipzig-hackers-et-militants-pour-le-climat-font-front-commun_6024362_4408996.html">Artikel</a> zum <a href="https://events.ccc.de/congress/2019/wiki/index.php/Main_Page">36c3</a> zu erwähnen!
|
||||||
|
</p>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="section"></div>
|
||||||
|
</main>
|
||||||
|
<footer class="content" style="z-index: 200">
|
||||||
|
<div>
|
||||||
|
<a href="#contact">Kontakt</a> •
|
||||||
|
<a href="https://infra4future.de/impressum.html">Impressum</a>
|
||||||
|
</div>
|
||||||
|
</footer>
|
||||||
|
</body>
|
||||||
|
</html>
|
BIN
websites/help.studentsforfuture.info/.DS_Store
vendored
Normal file
2
websites/help.studentsforfuture.info/.gitignore
vendored
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
.jekyll-cache
|
||||||
|
_site
|
0
websites/help.studentsforfuture.info/.nojekyll
Normal file
31
websites/help.studentsforfuture.info/README.md
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
# SFF Technik Wiki
|
||||||
|
|
||||||
|
?> Gerade wird noch herumgebastelt, deswegen ist einiges unvollständig.
|
||||||
|
|
||||||
|
Hier sammeln wir technische Leitfäden, wie ihr euch mit den bei SFF verwendeten Tools
|
||||||
|
zurechtfindet, und wie ihr digitale Events abhalten & gestalten könnt.
|
||||||
|
Hauptsächlich geht es hier um die [PCS](https://studentsforfuture.info/public-climate-school),
|
||||||
|
aber manches ist vielleicht auch so nützlich.
|
||||||
|
|
||||||
|
**Für ungeklärte Fragen, Ergänzungswünsche oder Feedback wendet euch einfach an den [PCS Tech Support auf Telegram](https://t.me/joinchat/PezzhhOoxeVRGvoxMoi4Sg).**
|
||||||
|
|
||||||
|
**Überblick:**
|
||||||
|
- **[Webseite](website/website.md)**: Hier findet ihr Leitfäden für unsere bundesweite Webseite.
|
||||||
|
- **[Tools](tools/tools.md)**: Hier findet ihr Leitfäden zu einigen Tools zur Organisation, für Social Media, Events, Online-Meetings und Live-Interaktion.
|
||||||
|
- **[Streams](streams/streams)**: Hier erfahrt ihr, wie ihr Veranstaltungen streamen könnt. Außerdem findet ihr hier die technische Stream Dokumentation zu den digitalen PCS.
|
||||||
|
- **[Online-Events](event/online-event.md)**: Hier findet ihr Ressourcen, die euch bei digitalen Events vielleicht helfen können.
|
||||||
|
|
||||||
|
**FAQ:**
|
||||||
|
|
||||||
|
- [Wie kommt mein Format in den Stream? Wie läuft das ab?](/faq?id=wie-kommt-mein-format-in-den-stream-wie-läuft-das-ab)
|
||||||
|
- [Wir haben keinen Streaming-Account. Könnt ihr uns etwas zur Verfügung stellen?](/faq?id=wir-haben-keinen-streaming-account-könnt-ihr-uns-etwas-zur-verfügung-stellen)
|
||||||
|
- [Woher bekomme ich Ortsgruppen Zugang zur Website?](/faq?id=woher-bekomme-ich-ortsgruppen-zugang-zur-website)
|
||||||
|
- [Wie kann ich mit Trollen im meinem Online-Event umgehen?](/faq?id=wie-kann-ich-mit-trollen-im-meinem-online-event-umgehen)
|
||||||
|
- [Wie kann ich mein Online-Event barrierefrei gestalten?](/faq?id=wie-kann-ich-mein-online-event-barrierefrei-gestalten)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
<a href="https://www.youtube.com/watch?v=wn5AE98T8sE"><img src="img/faq/pcs_walkthrough_thumbnail.png" ></a>
|
||||||
|
|
||||||
|
[Hier](https://www.youtube.com/watch?v=wn5AE98T8sE) findest du ein YouTube-Video, in dem wir die aktuellen Tools der PCS-Organisation erklären.
|
||||||
|
|
8
websites/help.studentsforfuture.info/_404.md
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
# Seite nicht gefunden :(
|
||||||
|
|
||||||
|
Falls du auf einen Link geklickt hast, ist der Link vermutlich veraltet.
|
||||||
|
Bitte melde dich beim
|
||||||
|
[PCS Tech Support auf Telegram](https://t.me/joinchat/PezzhhOoxeVRGvoxMoi4Sg), damit
|
||||||
|
das behoben werden kann.
|
||||||
|
|
||||||
|
[Zur Startseite](/)
|
4
websites/help.studentsforfuture.info/_glossary.md
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
##### PCS
|
||||||
|
Public Climate School
|
||||||
|
|
||||||
|
|
36
websites/help.studentsforfuture.info/_sidebar.md
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
- [Start](README.md)
|
||||||
|
- [FAQ](faq.md)
|
||||||
|
- [Webseite](website/website.md)
|
||||||
|
- [Events eintragen](website/events-eintragen.md)
|
||||||
|
- [OG-Homepage einrichten](website/og-homepage.md)
|
||||||
|
- [Tools](tools/tools.md)
|
||||||
|
- [Tools zur Organisation](tools/orga.md)
|
||||||
|
- [Plattform-N](tools/plattform-n.md)
|
||||||
|
- [Rocket.Chat](tools/rocket-chat.md)
|
||||||
|
- [Meistertask](tools/meistertask.md)
|
||||||
|
- [Dieses Wiki](tools/technik-wiki.md)
|
||||||
|
- [Tools für Social Media](tools/socialmedia.md)
|
||||||
|
- [Profilbildgenerator](tools/profilbildgenerator.md)
|
||||||
|
- [Sharepics mit Canva](tools/canva.md)
|
||||||
|
- [Tools fürs Eventmanagement](tools/events.md)
|
||||||
|
- [Eventkalender](tools/eventkalender.md)
|
||||||
|
- [Attending.io](tools/attending.md)
|
||||||
|
- [Tools für Video-Konferenzen](tools/video-conference.md)
|
||||||
|
- [Zoom](tools/zoom.md)
|
||||||
|
- [BigBlueButton](tools/bbb.md)
|
||||||
|
- [JitSi](tools/jitsi.md)
|
||||||
|
- [Tools für Live-Interaktion](tools/live-interaktion.md)
|
||||||
|
- [Tweedback](tools/tweedback.md)
|
||||||
|
- [Streams](streams/streams.md)
|
||||||
|
- [Stream: Zoom zu YouTube](streams/einfach.md)
|
||||||
|
- [Stream: Zoom zu PCS-Server (RTMP)](streams/streamzoomrtpm.md)
|
||||||
|
- [Streams mit OBS](streams/obs.md)
|
||||||
|
- [Troubleshooting](streams/troubleshooting.md)
|
||||||
|
- [Ergänzungen / Optimierungen](streams/optimierungen.md)
|
||||||
|
- [Technische Dok. digitale PCS](streams/pcs-doc.md)
|
||||||
|
- [Überblick PCS 2.0](streams/pcs2.md)
|
||||||
|
- [Überblick PCS 3.0](streams/pcs3.md)
|
||||||
|
- [Online-Events](events/online-events.md)
|
||||||
|
- [Moderation](events/moderation.md)
|
||||||
|
- [Datenschutz](events/datenschutz.md)
|
||||||
|
- [Beispiel PCS Einverständniserklärung](events/einverstaendniserklaerung.md)
|
16
websites/help.studentsforfuture.info/default.nix
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
{ stdenvNoCC }:
|
||||||
|
|
||||||
|
stdenvNoCC.mkDerivation {
|
||||||
|
name = "muc.hacc.earth-static";
|
||||||
|
|
||||||
|
src = ./.;
|
||||||
|
|
||||||
|
phases = [ "buildPhase" ];
|
||||||
|
buildPhase = ''
|
||||||
|
cd $src
|
||||||
|
mkdir -p $out
|
||||||
|
cp -r * $out
|
||||||
|
rm $out/default.nix
|
||||||
|
'';
|
||||||
|
|
||||||
|
}
|
17
websites/help.studentsforfuture.info/events/datenschutz.md
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
# Leitfaden: PCS 2020 zum Thema Datenschutz
|
||||||
|
|
||||||
|
Dadurch, dass die PCS 2020 online stattfindet müssen wir uns auch Gedanken über Datenschutz machen. Dieser Leitfaden kann nicht jeden Fall abdecken und es handelt sich hier nur um Empfehlungen.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## Normaler Vortrag
|
||||||
|
|
||||||
|
Sollte der Vortrag wie eine Vorlesung in diesen Zeiten üblich über eine Konferenzplattform stattfinden jedoch ansonsten nicht weiter gestreamed oder aufgezeichnet werden, reicht meistens ein einfacher Hinweis auf die Datenschutzrichtlinien der Plattform. Dieser sollte vor betreten der Plattform platziert sein. Zum Beispiel an der Stelle an der ihr die Links zu der Vorlesung bewirbt.
|
||||||
|
|
||||||
|
## Aufgezeichneter oder gestreamter Vortrag
|
||||||
|
|
||||||
|
Für einen Vortrag der noch anderweitig zugänglich gemacht werden soll müssen noch weitere Vorkehrung getroffen werden. Alle Menschen die in einem solchen Vortrag zu sehen sind müssen **vor der Verarbeitung ihrer Daten** zugestimmt haben. Zuschauer könnt ihr Beispielsweise mündlich darüber aufklären, dass sie in einem Livestream zu sehen sein werden oder was mit der Aufnahme passiert. Außerdem empfiehlt es sich auch an anderer Stelle darauf hinzuweisen. Beispielsweise kann auf der gleichen Folie auf der zur Interaktion aufgerufen wird, auch der Hinweis stehen, dass eine solche aufgezeichnet wird. Wichtig ist das es nicht die Möglichkeit gibt, dass unfreiwillig oder unwissentlich persönliche Daten (z.B. Äußerungen, Namen etc) verarbeitet/veröffentlicht werden. Um sicher zu gehen könnt empfiehlt sich zu diesem Zweck auch von jedem Teilnehmenden eine Einverständniserklärung unterschreiben zu lassen. Eine weitere Möglichkeit ist es Fragerunden am Ende des Vortrages nicht mit aufzuzeichnen. Bedenkt außerdem auch, dass auch Menschen die erst später der Konferenz beitreten informiert werden müssen. Zum Beispiel im Chat.
|
||||||
|
|
||||||
|
Die Dozierenden solltet ihr außerdem **vorher** darum bitten euch eine Einverständnis Erklärung auszufüllen.
|
||||||
|
|
||||||
|
Beispiele für Einverständniserklärungen findet ihr [hier](events/einverstaendniserklaerung.md).
|
|
@ -0,0 +1,68 @@
|
||||||
|
# Beispiel PCS Einverständniserklärung
|
||||||
|
|
||||||
|
Wenn ihr Veranstaltungen aufzeichnen und veröffentlichen wollt, braucht ihr vermutlich
|
||||||
|
eine Einverständniserklärung. Hier findet ihr Beispiele für die PCS, die ihr für euch
|
||||||
|
anpassen könnt (insb. alles was <mark>markiert</mark> ist).
|
||||||
|
Trotzdem der Disclaimer: **Die Einverständniserklärungen hier sind nur zur Orientierung und ohne Gewährleistung!**
|
||||||
|
|
||||||
|
## Deutsch
|
||||||
|
|
||||||
|
#### Als PDF:
|
||||||
|
Eine Beispieleinverständniserklärung von der PCS 2020 findet ihr <a target="_blank" rel="noopener noreferrer" title="Einverständniserklärung (PDF)" href="einverstaendniserklaerung.pdf">hier</a>.
|
||||||
|
|
||||||
|
#### In Textform:
|
||||||
|
|
||||||
|
_**Einverständniserklärung zur Aufzeichnung von Vorlesungen / Vorträgen im Rahmen der Public Climate School vom <mark>17.-21.05.2021</mark>.**_
|
||||||
|
|
||||||
|
*Ich erkläre mich damit einverstanden, dass von mir Audio-/Videoaufnahmen gemacht
|
||||||
|
werden, die im Rahmen der vom <mark>17.-21.05.2021</mark> stattfindenden Public
|
||||||
|
Climate School online veröffentlicht werden.*
|
||||||
|
|
||||||
|
*Ich versichere, dass innerhalb dieser Aufzeichnungen keine Rechte Dritter verletzt
|
||||||
|
werden.*
|
||||||
|
|
||||||
|
*Ich erkläre, dass ich alle Materialien, die ich in meiner Vorlesung/meinem Vortrag benutze,
|
||||||
|
selbst erstellt habe, bzw. bei der Verwendung fremder Materialien (Texte aus Büchern,
|
||||||
|
Zeitschriften, Bilder, Graphiken, Filmausschnitte, Musiktitel, etc.) diese auf das
|
||||||
|
Urheberrecht nach §60a geprüft habe und diese veröffentlicht werden können.*
|
||||||
|
|
||||||
|
*Ich stelle die <mark>Students for Future Stadt</mark> von allen Ansprüchen Dritter frei, die sich
|
||||||
|
wegen möglicher Urheberrechtsverstöße an die <mark>Students for Future Stadt</mark> wenden.*
|
||||||
|
|
||||||
|
*Ich verpflichte mich außerdem, den Betreiber des genutzten online Servers unverzüglich
|
||||||
|
zu informieren, wenn Dritte Ansprüche auf Grund der ihnen zustehenden Urheber- bzw.
|
||||||
|
Nutzungsrechte in Bezug auf die oben bezeichnete Aufzeichnung geltend machen.*
|
||||||
|
|
||||||
|
*Ich erkläre, dass meine Vorlesung/mein Vortrag und damit die Audio-/Videoaufnahmen
|
||||||
|
und bereitgestellte Foliensätze frei von diskriminierenden Inhalten sind, seien sie
|
||||||
|
rassistisch, sexistisch, antisemitisch, trans\*feindlich, homophob oder anderweitig
|
||||||
|
diskriminierend.*
|
||||||
|
|
||||||
|
*Name, Vorname:
|
||||||
|
Titel des Vortrags:
|
||||||
|
Datum des Vortrags:
|
||||||
|
Datum, Unterschrift:*
|
||||||
|
|
||||||
|
|
||||||
|
## Englisch
|
||||||
|
|
||||||
|
#### In Textform:
|
||||||
|
|
||||||
|
_**Declaration of consent for the recording of lectures in context of the Public Climate School from <mark>May 17 – 21 2021</mark>**_
|
||||||
|
|
||||||
|
*I hereby agree that audio/video recordings may be made of me, that might be published online in the context of the Public Climate School taking place from <mark>17.-21.05.2021</mark>.*
|
||||||
|
|
||||||
|
*I assure that no rights of third parties are violated within these recordings.*
|
||||||
|
|
||||||
|
*I declare that I have created all materials I use in my lecture myself, or when using foreign materials (texts from books, magazines, pictures, graphics, film clips, music titles, etc.) I have checked them for copyright according to §60a UrhG and they can be published.*
|
||||||
|
|
||||||
|
*I indemnify the <mark>Students for Future Stadt</mark> from all claims of third parties who contact the <mark>Students for Future Stadt</mark> regarding possible copyright infringements.*
|
||||||
|
|
||||||
|
*I also undertake to inform the operator of the online server used immediately if third parties assert claims based on the copyrights or rights of use to which they are entitled with regard to the above-mentioned recording.*
|
||||||
|
|
||||||
|
*I declare that my lectures and therefore my audio-/video recordings and slides are free of discriminating contents such as racist, sexist, antisemitic, trans\*hostile, homophobic or otherwise discriminating.*
|
||||||
|
|
||||||
|
*Full name:
|
||||||
|
Title of lecture:
|
||||||
|
Date of lecture:
|
||||||
|
Date, Signature:*
|
|
@ -0,0 +1,3 @@
|
||||||
|
# Moderation
|
||||||
|
|
||||||
|
...
|
32
websites/help.studentsforfuture.info/events/online-events.md
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
# Online-Events
|
||||||
|
|
||||||
|
Hier versuchen wir euch eine Sammlung nützlicher Guides für die Durchführung von
|
||||||
|
Online Veranstaltungen bereitzustellen.
|
||||||
|
|
||||||
|
Typischerweise sind vor jedem Online-Event folgende Fragen zu klären:
|
||||||
|
- **Wie können Menschen teilnehmen?**
|
||||||
|
Meist entweder direkte Teilnahme im Online Meeting, z.B. über Zoom,
|
||||||
|
oder ein Stream, z.B. über YouTube.
|
||||||
|
|
||||||
|
Das hängt von einigen Faktoren ab, u.a. wie viele Teilnehmer:innen erwartet werden,
|
||||||
|
wie interaktiv das Event sein soll, und wie geschlossen der Raum, in dem es stattfindet.
|
||||||
|
Für Workshops eignen sich Meetings, für Podiumsdiskussion sind vermutlich Streams
|
||||||
|
die bessere Wahl. Vorträge lassen sich auf beide Arten gut umsetzen. Hier ist vermutlich
|
||||||
|
die Teilnehmer:innenzahl und Öffentlichkeit ausschlaggebend.
|
||||||
|
|
||||||
|
Theoretisch geht auch eine Kombination: Die Teilnehmer:innen können dem Meeting direkt
|
||||||
|
beitreten, während es gleichzeitig gestreamt wird. In diesem Fall müsstet ihr aber
|
||||||
|
sicherstellen, dass keine Person das Meeting stören kann und dass keine persönlichen
|
||||||
|
Daten im Stream landen können. Außerdem könnten Zuschauer:innen auf YouTube dann z.B.
|
||||||
|
nicht erfahren, wenn Fragen im Zoom Chat gestellt werden.
|
||||||
|
- **Wer kann teilnehemen / braucht es evtl. eine Anmeldung?**
|
||||||
|
Es ist bei allen Optionen möglich, die Teilnahme so einzuschränken, dass nur Menschen
|
||||||
|
mit den richtigen Zugangsdaten oder dem richtigen Link teilnehemen können.
|
||||||
|
Um diese zu verteilen könnt ihr zum Beispiel eine Anmeldung machen.
|
||||||
|
- **Wie sieht die Interaktion mit den Teilnehmer:innen aus?**
|
||||||
|
Fast alle Tools haben einen Chat, den ihr natürlich verwenden könnt, der aber auch schnell
|
||||||
|
unübersichtlich werden kann. Es kann sich daher lohnen, ein eigenes Tool für die Live-Interaktion
|
||||||
|
zu verwenden. Mehr dazu findet ihr auf der [zugehörigen Seite bei den Tools](tools/live-interaktion.md).
|
||||||
|
- **Soll die Veranstaltung aufgezeichnet werden?**
|
||||||
|
Wenn ja, braucht ihr vermutlich eine [Einverständniserklärung](events/datenschutz.md).
|
||||||
|
|
109
websites/help.studentsforfuture.info/faq.md
Normal file
|
@ -0,0 +1,109 @@
|
||||||
|
# **F**requently **A**sked **Q**uestions:
|
||||||
|
|
||||||
|
?> Das FAQ ist noch von der letzten PCS, das heißt insb. die Links werden sich vermutlich noch ändern.
|
||||||
|
|
||||||
|
## Wie kommt mein Format in den Stream? Wie läuft das ab?
|
||||||
|
Das hängt davon ab, was für ein Format es ist bzw. welches Tool ihr verwendet:
|
||||||
|
- **Voraufgezeichnete Videos:**
|
||||||
|
|
||||||
|
könnt ihr uns einfach über einen Cloud Link (z.B. hier: https://fffutu.re/pcs-lecture-upload)
|
||||||
|
oder einen Link zu einem (ungelisteten) YouTube Video schicken. Bitte gebt uns das Video noch vor Beginn der PCS.
|
||||||
|
|
||||||
|
- **Zoom-Veranstaltungen**:
|
||||||
|
|
||||||
|
hier hängt es davon ab, ob ihr das Meeting selbst erstellt habt oder der/die Dozierende.
|
||||||
|
Nur die Person, die das Meeting erstellt hat kann das Livestreaming aktivieren. Wie das geht steht [hier](zoom.md).
|
||||||
|
Ihr bekommt dazu so bald wie möglich die genauen Einstellungen, die ihr da eingeben müsst.
|
||||||
|
Bitte prüft schon im vornherein, ob ihr das in den Einstellungen findet (also ob es bei euch aktiviert ist).
|
||||||
|
|
||||||
|
- **JitSi**:
|
||||||
|
|
||||||
|
Für JitSi im Livestream verwenden wir voraussichtlich eine eigene Instanz. Das bedeutet ihr bekommt von uns so bald wie möglich einen Link zu dem JitSi Raum. Dort könnt ihr dann mit zwei Klicks den Stream starten.
|
||||||
|
Mehr Infos dazu kommen so bald wie möglich. Bitte gebt uns unbedingt vorher bekannt, falls mehr als 6 Personen an diesem Meeting teilnehmen werden.
|
||||||
|
|
||||||
|
- **BigBlueButton**:
|
||||||
|
|
||||||
|
Es tut uns Leid, aber bisher haben wir uns noch nicht mit einem Leitfaden für BigBlueButton beschäftigen können. Deshalb möchten wir euch diesen ausführlichen Leitfaden von HACC (Hackers Against Climate Crisis) wärmstens empfehlen: [Recording a talk with Big Blue Button and obs studio](https://hacc.uber.space/Recording_a_talk_with_Big_Blue_Button_and_obs_studio)
|
||||||
|
|
||||||
|
<a href="https://www.youtube.com/watch?v=dmryPtz-_ME&feature=youtu.be"><img src="img/faq/tutorial_thumbnail.png"></a>
|
||||||
|
|
||||||
|
## Wie kann ich als Dolmer*in teilnehmen?
|
||||||
|
|
||||||
|
- **Den Stream empfangen**
|
||||||
|
1. Über Zoom:
|
||||||
|
|
||||||
|
Sie sitzen mit in dem Zoom Meeting, indem der Vortrag abgehalten wird.
|
||||||
|
|
||||||
|
2. Über VLC:
|
||||||
|
|
||||||
|
Sie empfangen den Stream ohne große Verzögerung auf ihren PC.
|
||||||
|
|
||||||
|
<a href="https://www.youtube.com/watch?v=UBJodCpsUI8">Hier finden Sie die Aufzeichnung des entsprechenden Technik-Briefings.</a>
|
||||||
|
|
||||||
|
- **Übersetzung einsprechen**
|
||||||
|
|
||||||
|
Dafür müssen Sie dem entsprechenden Mumble Channel beitreten. Den Link erhalten Sie von uns. Als Gebärdensprachendolmetscher*in müssen Sie nur dem richtigen Zoom Meeting beitreten und nichts weiter tun. <a href="https://www.youtube.com/watch?v=UBJodCpsUI8">Hier finden Sie eine Aufgabe des Übersetzerinnen-Briefings.</a>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## Wir haben keinen Streaming-Account. Könnt ihr uns etwas zur Verfügung stellen?
|
||||||
|
|
||||||
|
- **Streaming Accounts eurer Uni:**
|
||||||
|
|
||||||
|
werden möglicherweise auch euch als Studenten zur Verfügung gestellt. Viele Universitäten haben zahlreiche Zoom Lizenzen erworben, oder betreiben BigBlueButton Instanzen. Informiert euch also, ob ihr auf diese Weise an einen Account kommt.
|
||||||
|
|
||||||
|
- **Streaming Accounts vom Technik Team:**
|
||||||
|
|
||||||
|
können wir euch zur Verfügung stellen, wenn ihr keine andere Möglichkeit mehr habt. Zurzeit wäre uns es möglich sowohl Zoom, als auch BigBlueButton Instanzen zu stellen. Wir würden die Anzahl der von uns gestellten Instanzen aber gerne in Grenzen halten. Meldet euch dafür im [PCS-Techsupport](https://fffutu.re/pcs-techsupport) auf Telegram.
|
||||||
|
|
||||||
|
## Woher bekomme ich Ortsgruppen Zugang zur Website?
|
||||||
|
|
||||||
|
Richtig, jede Ortsgruppe kann sich auf der Website von [Students for Future Germany](studentsforfuture.info) einloggen.
|
||||||
|
|
||||||
|
**Wenn ihr keine Zugangsdaten (mehr) habt** meldet euch per Telegram im [PCS-Techsupport](https://fffutu.re/pcs-techsupport)
|
||||||
|
|
||||||
|
Wie ihr anschließend eure Kontaktinformationen aktualisiert, eine eigene OG-Homepage erstellt, oder einen Eventkalender anlegt steht [hier](webseite.md).
|
||||||
|
|
||||||
|
## Wie kann ich mit Trollen im meinem Online-Event umgehen?
|
||||||
|
|
||||||
|
Das wichtigste zuerst: **Don't Feed the Troll!** Negativ auf dein Event einzuwirken ist oft das Ziel von Troll-Angriffen.
|
||||||
|
|
||||||
|
Versuche dich deshalb von destruktiven Menschen
|
||||||
|
|
||||||
|
- nicht ablenken zu lassen,
|
||||||
|
- nicht emotional zu reagieren,
|
||||||
|
- und sie nicht in den Fokus zu rücken.
|
||||||
|
|
||||||
|
Verweise als Moderation im Zweifel darauf, nach dem Event weiterzudiskutieren und nicht währenddessen.
|
||||||
|
|
||||||
|
Ansonsten kannst du natürlich technische Hilfsmittel verwenden, wie
|
||||||
|
|
||||||
|
- einen Zoom-Warteraum
|
||||||
|
- Menschen kicken/bannen
|
||||||
|
- die Video/Sprachfunktion für Menschen ausschalten.
|
||||||
|
|
||||||
|
Im [Zoom-Leitfaden](zoom.md) findest du dazu einige nützliche Funktionen.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
**Bitte beachte**, dass wir keine Expert*innen im Umgang mit Trollen sind. Wenn ihr ausführliche Informationen sucht, können wir euch folgende Artikel empfehlen:
|
||||||
|
|
||||||
|
- [Ratgeber: Konstruktiv auf Internet-Trolle reagieren (Klimafakten.de)](https://www.klimafakten.de/meldung/ratgeber-konstruktiv-auf-internet-trolle-reagieren)
|
||||||
|
|
||||||
|
- [Beware of ‘ZoomBombing’: screensharing filth to video calls (TheCrunch.com)](https://techcrunch.com/2020/03/17/zoombombing/?guccounter=1)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## Wie kann ich mein Online-Event barrierefrei gestalten?
|
||||||
|
|
||||||
|
Beim Stichwort Barrierefreiheit kennen wir Möglichkeiten, um folgendes einzubauen:
|
||||||
|
|
||||||
|
- **Live-Untertitel** (braucht Menschen die live Mitschreiben, [Tutorial auf zoom.us](https://support.zoom.us/hc/en-us/articles/207279736))
|
||||||
|
- **Gebärdesprachendolmetscher*in** (braucht Mensch mit diesem Skill)
|
||||||
|
|
||||||
|
Wenn ihr mit Zoom arbeitet wäre beides umsetzbar. Sofern das Teil des Livestreams sein soll, würden wir dann eurem Meeting beitreten und die Untertitel oder den\*die Dolmetscher\*in mit OBS mitschneiden.
|
||||||
|
|
||||||
|
**Bitte sagt uns [hier auf Telegram](https://fffutu.re/pcs-techsupport) sobald wie möglich Bescheid, falls ihr das plant!**
|
||||||
|
|
||||||
|
|
||||||
|
|
BIN
websites/help.studentsforfuture.info/img/.DS_Store
vendored
Normal file
BIN
websites/help.studentsforfuture.info/img/events/attending_io.png
Normal file
After Width: | Height: | Size: 140 KiB |
BIN
websites/help.studentsforfuture.info/img/faq/.DS_Store
vendored
Normal file
BIN
websites/help.studentsforfuture.info/img/faq/audiosetup.jpg
Normal file
After Width: | Height: | Size: 43 KiB |
BIN
websites/help.studentsforfuture.info/img/faq/get_stream.jpg
Normal file
After Width: | Height: | Size: 86 KiB |
BIN
websites/help.studentsforfuture.info/img/faq/get_stream.png
Normal file
After Width: | Height: | Size: 1.1 MiB |
After Width: | Height: | Size: 415 KiB |
After Width: | Height: | Size: 1.7 MiB |
BIN
websites/help.studentsforfuture.info/img/favicon.png
Normal file
After Width: | Height: | Size: 22 KiB |
BIN
websites/help.studentsforfuture.info/img/orga/meistertask.png
Normal file
After Width: | Height: | Size: 1.6 MiB |
After Width: | Height: | Size: 653 KiB |
After Width: | Height: | Size: 724 KiB |
After Width: | Height: | Size: 23 KiB |