forked from hacc/haccfiles
Compare commits
56 commits
fix/mail_l
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| 35853d56e2 | |||
41c914991a
|
|||
| f2c90e5601 | |||
|
77d7625315
|
|||
|
04272968d0 | ||
|
7e615e6daa
|
|||
|
82e70e0151
|
|||
|
6bba15faae
|
|||
|
9bf75b9c3d
|
|||
|
83cda0f44a
|
|||
|
97459d8177
|
|||
|
6aa06aed18
|
|||
|
639410011e
|
|||
|
|
7db9dbb4c2
|
||
|
|
856cd79c37
|
||
|
3ea537459b
|
|||
| f53cb24d2e | |||
| 45ceeef189 | |||
| e246563f57 | |||
| a1c5832a51 | |||
| c854e10980 | |||
| b5a68e09fd | |||
| f9f1eee6fd | |||
|
|
db5865fff2 | ||
|
|
65ec0779b7 | ||
| 4b53211130 | |||
|
|
86b9d3113c
|
||
|
|
39aaf2e0bb
|
||
|
|
8021685ec8
|
||
| 8f413da05a | |||
| e9d2630ea9 | |||
| 445a974f97 | |||
| 4eecd1bad4 | |||
|
|
430efbc0a5
|
||
|
|
3dc6b5e3e9
|
||
|
|
507a144165 | ||
|
|
7015386cd6 | ||
|
|
440076bae9
|
||
|
|
27cc65fb14 | ||
| 287cb84d82 | |||
|
|
3ee3c37ccb
|
||
| 39bec9fbd0 | |||
| 5c85431847 | |||
|
|
2cf0119ec1
|
||
|
|
a92ae39d65
|
||
|
|
f1c3a2d082
|
||
|
|
93c13debe6
|
||
| 3e95d6c222 | |||
| ca19774c9e | |||
| 032c49c375 | |||
| 4b71a216ba | |||
|
|
17d695c00b
|
||
|
|
7815e32f9f
|
||
| 99811b6711 | |||
| 1aebabe8a0 | |||
| 10942ca464 |
33 changed files with 700 additions and 462 deletions
|
|
@ -7,10 +7,3 @@ build-parsons:
|
|||
stage: build
|
||||
script:
|
||||
- nix-build -A deploy.parsons
|
||||
|
||||
build-nixda:
|
||||
tags:
|
||||
- nix
|
||||
stage: build
|
||||
script:
|
||||
- nix-build -A deploy.nixda
|
||||
|
|
|
|||
|
|
@ -70,6 +70,7 @@ in {
|
|||
s-tui stress
|
||||
ffmpeg-full
|
||||
bat
|
||||
niv
|
||||
];
|
||||
|
||||
security.acme.email = "info+acme@hacc.space";
|
||||
|
|
|
|||
|
|
@ -48,13 +48,13 @@
|
|||
packages = with pkgs; [ ffmpeg ];
|
||||
};
|
||||
|
||||
schweby = {
|
||||
moira = {
|
||||
uid = 1004;
|
||||
shell = pkgs.fish;
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" "cdrom" ];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL6JWi0MBDz0Zy4zjauQv28xYmHyapb8D4zeesq91LLE schweby@txsbcct"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJrcJRF71+XM5YZj+SaSiGcdVZ0IDxGBXIWssDtHiTtr moira_2022_06"
|
||||
];
|
||||
hashedPassword = "$6$zkAsaVdmIduqZxez$GY9aBlYeP41F0it/VbbZzLLLRQhHAbDdFsa3e/1GS9McTuSimMHODg6HqNVEH1zSqD3afhK/0UHfqbtF5qpi90";
|
||||
};
|
||||
|
|
|
|||
|
|
@ -16,12 +16,12 @@
|
|||
../../services/hedgedoc-i4f.nix
|
||||
../../services/mail.nix
|
||||
../../services/syncthing.nix
|
||||
../../services/gitlab.nix
|
||||
../../services/gitea.nix
|
||||
../../services/nginx-pages.nix
|
||||
../../services/gitlab-runner.nix
|
||||
../../services/lantifa.nix
|
||||
../../services/vaultwarden.nix
|
||||
../../services/workadventure.nix
|
||||
../../services/uffd.nix
|
||||
# ../../services/workadventure.nix
|
||||
|
||||
./lxc.nix
|
||||
];
|
||||
|
|
@ -79,7 +79,7 @@
|
|||
|
||||
services.restic.backups.tardis = {
|
||||
passwordFile = "/persist/restic/system";
|
||||
s3CredentialsFile = "/persist/restic/system.s3creds";
|
||||
environmentFile = "/persist/restic/system.s3creds";
|
||||
paths = [
|
||||
"/home"
|
||||
"/persist"
|
||||
|
|
|
|||
|
|
@ -6,13 +6,9 @@ let
|
|||
|
||||
cfg = config.services.mattermost-patched;
|
||||
|
||||
defaultConfig = builtins.fromJSON (builtins.replaceStrings [ "\\u0026" ] [ "&" ]
|
||||
(readFile "${pkgs.mattermost}/config/config.json")
|
||||
);
|
||||
|
||||
database = "postgres://${cfg.localDatabaseUser}:${cfg.localDatabasePassword}@localhost:5432/${cfg.localDatabaseName}?sslmode=disable&connect_timeout=10";
|
||||
|
||||
mattermostConf = foldl recursiveUpdate defaultConfig
|
||||
mattermostConf = foldl recursiveUpdate {}
|
||||
[ { ServiceSettings.SiteURL = cfg.siteUrl;
|
||||
ServiceSettings.ListenAddress = cfg.listenAddress;
|
||||
TeamSettings.SiteName = cfg.siteName;
|
||||
|
|
@ -227,7 +223,7 @@ in
|
|||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
ExecStart = "${pkgs.mattermost}/bin/mattermost" +
|
||||
(lib.optionalString (!cfg.mutableConfig) " -c ${database}");
|
||||
(if cfg.mutableConfig then " -c ${database}" else " -c ${cfg.statePath}/config/config.json");
|
||||
WorkingDirectory = "${cfg.statePath}";
|
||||
Restart = "always";
|
||||
RestartSec = "10";
|
||||
|
|
|
|||
|
|
@ -6,15 +6,15 @@
|
|||
"type": "git"
|
||||
},
|
||||
"home-manager": {
|
||||
"branch": "release-21.05",
|
||||
"branch": "release-21.11",
|
||||
"description": "Manage a user environment using Nix [maintainer=@rycee] ",
|
||||
"homepage": "https://nix-community.github.io/home-manager/",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "7329ffc6e911106494183557fc249180d5422929",
|
||||
"sha256": "1liqvc6bhfypscbvq953j8izw806xn4vklh86zyqpkmsa5ac0yvp",
|
||||
"rev": "d93d56ab8c1c6aa575854a79b9d2f69d491db7d0",
|
||||
"sha256": "1fi27zabvqlyc2ggg7wr01j813gs46rswg1i897h9hqkbgqsjkny",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/nix-community/home-manager/archive/7329ffc6e911106494183557fc249180d5422929.tar.gz",
|
||||
"url": "https://github.com/nix-community/home-manager/archive/d93d56ab8c1c6aa575854a79b9d2f69d491db7d0.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||
},
|
||||
"mattermost-server": {
|
||||
|
|
@ -23,19 +23,19 @@
|
|||
"homepage": "https://mattermost.com",
|
||||
"owner": "mattermost",
|
||||
"repo": "mattermost-server",
|
||||
"rev": "8f352436049776b5bd7c006bb03992d8fe2f029f",
|
||||
"sha256": "1sy0kydp87pwby0whgq678jq1zpivqndip81787r9b3dqcyq47cp",
|
||||
"rev": "2ea14ef395fad8919b2f4137642a7f50b370ffba",
|
||||
"sha256": "1k5zqnc4yqnad2cw1wpqk22mjra08jz9gf4v692kbrgx3x4d13kh",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/mattermost/mattermost-server/archive/refs/tags/v6.1.2.tar.gz",
|
||||
"url": "https://github.com/mattermost/mattermost-server/archive/refs/tags/v6.7.2.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/refs/tags/v<version>.tar.gz",
|
||||
"version": "6.1.2"
|
||||
"version": "6.7.2"
|
||||
},
|
||||
"mattermost-webapp": {
|
||||
"sha256": "1m337g6yqjmfk1n39l8sx83hrz0fzipwkqvnkwj7nrs7j3yhndw0",
|
||||
"sha256": "0pwjfklk0q28yza2iny0im5pq3x430jskvq6rvfq7ycx251s98hx",
|
||||
"type": "tarball",
|
||||
"url": "https://releases.mattermost.com/6.1.2/mattermost-6.1.2-linux-amd64.tar.gz",
|
||||
"url": "https://releases.mattermost.com/6.7.2/mattermost-6.7.2-linux-amd64.tar.gz",
|
||||
"url_template": "https://releases.mattermost.com/<version>/mattermost-<version>-linux-amd64.tar.gz",
|
||||
"version": "6.1.2"
|
||||
"version": "6.7.2"
|
||||
},
|
||||
"niv": {
|
||||
"branch": "master",
|
||||
|
|
@ -43,10 +43,10 @@
|
|||
"homepage": "https://github.com/nmattia/niv",
|
||||
"owner": "nmattia",
|
||||
"repo": "niv",
|
||||
"rev": "5830a4dd348d77e39a0f3c4c762ff2663b602d4c",
|
||||
"sha256": "1d3lsrqvci4qz2hwjrcnd8h5vfkg8aypq3sjd4g3izbc8frwz5sm",
|
||||
"rev": "82e5cd1ad3c387863f0545d7591512e76ab0fc41",
|
||||
"sha256": "090l219mzc0gi33i3psgph6s2pwsc8qy4lyrqjdj4qzkvmaj65a7",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/nmattia/niv/archive/5830a4dd348d77e39a0f3c4c762ff2663b602d4c.tar.gz",
|
||||
"url": "https://github.com/nmattia/niv/archive/82e5cd1ad3c387863f0545d7591512e76ab0fc41.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||
},
|
||||
"nix-hexchen": {
|
||||
|
|
@ -60,13 +60,13 @@
|
|||
"url_template": "<repo>/-/archive/<rev>.tar.gz"
|
||||
},
|
||||
"nixos-mailserver": {
|
||||
"branch": "nixos-21.05",
|
||||
"ref": "nixos-21.05",
|
||||
"branch": "nixos-21.11",
|
||||
"ref": "nixos-21.11",
|
||||
"repo": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver",
|
||||
"rev": "5675b122a947b40e551438df6a623efad19fd2e7",
|
||||
"sha256": "1fwhb7a5v9c98nzhf3dyqf3a5ianqh7k50zizj8v5nmj3blxw4pi",
|
||||
"rev": "6e3a7b2ea6f0d68b82027b988aa25d3423787303",
|
||||
"sha256": "1i56llz037x416bw698v8j6arvv622qc0vsycd20lx3yx8n77n44",
|
||||
"type": "tarball",
|
||||
"url": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/5675b122a947b40e551438df6a623efad19fd2e7.tar.gz",
|
||||
"url": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/6e3a7b2ea6f0d68b82027b988aa25d3423787303.tar.gz",
|
||||
"url_template": "<repo>/-/archive/<rev>.tar.gz"
|
||||
},
|
||||
"nixpkgs": {
|
||||
|
|
@ -75,10 +75,10 @@
|
|||
"homepage": "",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "6c4b9f1a2fd761e2d384ef86cff0d208ca27fdca",
|
||||
"sha256": "1yl5gj0mzczhl1j8sl8iqpwa1jzsgr12fdszw9rq13cdig2a2r5f",
|
||||
"rev": "eabc38219184cc3e04a974fe31857d8e0eac098d",
|
||||
"sha256": "04ffwp2gzq0hhz7siskw6qh9ys8ragp7285vi1zh8xjksxn1msc5",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/nixos/nixpkgs/archive/6c4b9f1a2fd761e2d384ef86cff0d208ca27fdca.tar.gz",
|
||||
"url": "https://github.com/nixos/nixpkgs/archive/eabc38219184cc3e04a974fe31857d8e0eac098d.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||
},
|
||||
"nixpkgs-unstable": {
|
||||
|
|
@ -87,10 +87,10 @@
|
|||
"homepage": "",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "945ec499041db73043f745fad3b2a3a01e826081",
|
||||
"sha256": "1ixv310sjw0r5vda4yfwp3snyha2i9h7aqygd43cyvdk2qsjk8pq",
|
||||
"rev": "ae1dc133ea5f1538d035af41e5ddbc2ebcb67b90",
|
||||
"sha256": "0dq22dagzk76x2ws4dz88w018i6byamd6rnzqizx68bzimg6g7xn",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/nixos/nixpkgs/archive/945ec499041db73043f745fad3b2a3a01e826081.tar.gz",
|
||||
"url": "https://github.com/nixos/nixpkgs/archive/ae1dc133ea5f1538d035af41e5ddbc2ebcb67b90.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||
},
|
||||
"workadventure": {
|
||||
|
|
|
|||
|
|
@ -31,8 +31,28 @@ let
|
|||
if spec ? branch then "refs/heads/${spec.branch}" else
|
||||
if spec ? tag then "refs/tags/${spec.tag}" else
|
||||
abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!";
|
||||
submodules = if spec ? submodules then spec.submodules else false;
|
||||
submoduleArg =
|
||||
let
|
||||
nixSupportsSubmodules = builtins.compareVersions builtins.nixVersion "2.4" >= 0;
|
||||
emptyArgWithWarning =
|
||||
if submodules == true
|
||||
then
|
||||
builtins.trace
|
||||
(
|
||||
"The niv input \"${name}\" uses submodules "
|
||||
+ "but your nix's (${builtins.nixVersion}) builtins.fetchGit "
|
||||
+ "does not support them"
|
||||
)
|
||||
{}
|
||||
else {};
|
||||
in
|
||||
if nixSupportsSubmodules
|
||||
then { inherit submodules; }
|
||||
else emptyArgWithWarning;
|
||||
in
|
||||
builtins.fetchGit { url = spec.repo; inherit (spec) rev; inherit ref; };
|
||||
builtins.fetchGit
|
||||
({ url = spec.repo; inherit (spec) rev; inherit ref; } // submoduleArg);
|
||||
|
||||
fetch_local = spec: spec.path;
|
||||
|
||||
|
|
|
|||
|
|
@ -60,6 +60,8 @@ let
|
|||
'';
|
||||
};
|
||||
|
||||
uffd = callPackage ./uffd {};
|
||||
|
||||
inherit (unstable) bottom vaultwarden vaultwarden-vault;
|
||||
};
|
||||
|
||||
|
|
|
|||
34
pkgs/uffd/default.nix
Normal file
34
pkgs/uffd/default.nix
Normal file
|
|
@ -0,0 +1,34 @@
|
|||
{ stdenv, lib, python3Packages, fetchzip }:
|
||||
|
||||
python3Packages.buildPythonPackage rec {
|
||||
pname = "uffd";
|
||||
version = "2.0.1";
|
||||
|
||||
src = fetchzip {
|
||||
url = "https://git.cccv.de/uffd/uffd/-/archive/v${version}/uffd-v${version}.tar.gz";
|
||||
hash = "sha256-KP4J1bw5u7MklaPu2SBFRNyGgkKOBOpft5MMH+em5M4=";
|
||||
};
|
||||
|
||||
patches = [ ./gitea-magic.patch ./fix-setuppy.patch ./fix-userinfo.patch ];
|
||||
|
||||
propagatedBuildInputs = with python3Packages; [
|
||||
flask
|
||||
flask_sqlalchemy
|
||||
flask_migrate
|
||||
qrcode
|
||||
fido2
|
||||
oauthlib
|
||||
flask-babel
|
||||
argon2_cffi
|
||||
itsdangerous
|
||||
alembic
|
||||
Mako
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
sed -i -e 's/==[0-9.]\+//g' setup.py
|
||||
'';
|
||||
|
||||
doCheck = false;
|
||||
doInstallCheck = false;
|
||||
}
|
||||
34
pkgs/uffd/fix-setuppy.patch
Normal file
34
pkgs/uffd/fix-setuppy.patch
Normal file
|
|
@ -0,0 +1,34 @@
|
|||
--- a/setup.py 2022-04-30 13:12:45.564651955 +0000
|
||||
+++ b/setup.py 2022-04-30 13:17:02.545809513 +0000
|
||||
@@ -41,31 +41,5 @@
|
||||
'Flask-Babel==0.11.2',
|
||||
'alembic==1.0.0',
|
||||
'argon2-cffi==18.3.0',
|
||||
-
|
||||
- # The main dependencies on their own lead to version collisions and pip is
|
||||
- # not very good at resolving them, so we pin the versions from Debian Buster
|
||||
- # for all dependencies.
|
||||
- 'certifi==2018.8.24',
|
||||
- #cffi==1.12.2'
|
||||
- 'cffi # v1.12.2 no longer works with python3.9. Newer versions seem to work fine.',
|
||||
- 'chardet==3.0.4',
|
||||
- 'click==7.0',
|
||||
- 'cryptography==2.6.1',
|
||||
- 'idna==2.6',
|
||||
- 'itsdangerous==0.24',
|
||||
- 'Jinja2==2.10',
|
||||
- 'MarkupSafe==1.1.0',
|
||||
- 'oauthlib==2.1.0',
|
||||
- 'pyasn1==0.4.2',
|
||||
- 'pycparser==2.19',
|
||||
- 'requests==2.21.0',
|
||||
- 'requests-oauthlib==1.0.0',
|
||||
- 'six==1.12.0',
|
||||
- 'SQLAlchemy==1.2.18',
|
||||
- 'urllib3==1.24.1',
|
||||
- 'Werkzeug==0.14.1',
|
||||
- 'python-dateutil==2.7.3',
|
||||
- #editor==1.0.3
|
||||
- 'Mako==1.0.7',
|
||||
],
|
||||
)
|
||||
10
pkgs/uffd/fix-userinfo.patch
Normal file
10
pkgs/uffd/fix-userinfo.patch
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
--- a/uffd/oauth2/views.py 2022-04-30 20:39:53.825474990 +0000
|
||||
+++ b/uffd/oauth2/views.py 2022-04-30 20:40:12.632389377 +0000
|
||||
@@ -234,6 +234,7 @@
|
||||
id=user.unix_uid,
|
||||
name=user.displayname,
|
||||
nickname=user.loginname,
|
||||
+ username=user.loginname,
|
||||
email=user.mail,
|
||||
groups=[group.name for group in user.groups]
|
||||
)
|
||||
32
pkgs/uffd/gitea-magic.patch
Normal file
32
pkgs/uffd/gitea-magic.patch
Normal file
|
|
@ -0,0 +1,32 @@
|
|||
From e3c0995160a653ef6cd8784b255036585b273b82 Mon Sep 17 00:00:00 2001
|
||||
From: stuebinm <stuebinm@disroot.org>
|
||||
Date: Wed, 20 Jul 2022 18:02:15 +0200
|
||||
Subject: [PATCH] magic gitea patch
|
||||
|
||||
---
|
||||
uffd/oauth2/views.py | 9 +++++++++
|
||||
1 file changed, 9 insertions(+)
|
||||
|
||||
diff --git a/uffd/oauth2/views.py b/uffd/oauth2/views.py
|
||||
index d13fd42..94352be 100644
|
||||
--- a/uffd/oauth2/views.py
|
||||
+++ b/uffd/oauth2/views.py
|
||||
@@ -230,6 +230,15 @@ def oauth_required(*scopes):
|
||||
@oauth_required('profile')
|
||||
def userinfo():
|
||||
user = request.oauth.user
|
||||
+ client = request.oauth.client_id
|
||||
+ if client == "gitea":
|
||||
+ return jsonify(
|
||||
+ id=user.unix_uid,
|
||||
+ full_name=user.displayname,
|
||||
+ login=user.loginname,
|
||||
+ email=user.mail,
|
||||
+ groups=[group.name for group in user.groups]
|
||||
+ )
|
||||
return jsonify(
|
||||
id=user.unix_uid,
|
||||
name=user.displayname,
|
||||
--
|
||||
2.36.0
|
||||
|
||||
133
services/gitea.nix
Normal file
133
services/gitea.nix
Normal file
|
|
@ -0,0 +1,133 @@
|
|||
{ config, lib, pkgs, profiles, modules, evalConfig, sources, ... }:
|
||||
|
||||
{
|
||||
containers.gitea = {
|
||||
privateNetwork = true;
|
||||
hostAddress = "192.168.100.1";
|
||||
localAddress = "192.168.100.10";
|
||||
autoStart = true;
|
||||
bindMounts = {
|
||||
"/persist" = {
|
||||
hostPath = "/persist/containers/gitea";
|
||||
isReadOnly = false;
|
||||
};
|
||||
};
|
||||
path = (evalConfig {
|
||||
hosts = { };
|
||||
groups = { };
|
||||
} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
|
||||
boot.isContainer = true;
|
||||
networking.useDHCP = false;
|
||||
users.users.root.hashedPassword = "";
|
||||
|
||||
imports = [ ((import sources.nix-hexchen) { }).profiles.nopersist ];
|
||||
|
||||
environment.systemPackages = [ pkgs.gitea ];
|
||||
|
||||
hexchen.bindmounts."/var/lib/gitea" = "/persist/gitea";
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
networking.firewall.enable = false;
|
||||
networking.defaultGateway = {
|
||||
address = "192.168.100.1";
|
||||
interface = "eth0";
|
||||
};
|
||||
services.coredns = {
|
||||
enable = true;
|
||||
config = ''
|
||||
.:53 {
|
||||
forward . 1.1.1.1
|
||||
}
|
||||
'';
|
||||
};
|
||||
services.gitea = {
|
||||
enable = true;
|
||||
appName = "0x0: git for all creatures";
|
||||
rootUrl = "https://git.infra4future.de/";
|
||||
httpAddress = "0.0.0.0";
|
||||
httpPort = 3000;
|
||||
lfs.enable = true;
|
||||
disableRegistration = true;
|
||||
database.type = "postgres";
|
||||
cookieSecure = true;
|
||||
log.level = "Info";
|
||||
# mailerPasswordFile =
|
||||
# "/var/lib/secrets/noreply"; # see below for access permissions
|
||||
settings = {
|
||||
# mailer = {
|
||||
# ENABLED = true;
|
||||
# HOST = "0x0.rip:465";
|
||||
# FROM = "noreply@0x0.rip";
|
||||
# ENVELOPE_FROM = "noreply@0x0.rip";
|
||||
# USER = "noreply@0x0.rip";
|
||||
|
||||
# };
|
||||
repository = {
|
||||
DEFAULT_PRIVATE = "public";
|
||||
PREFERRED_LICENSES = "Unlicense";
|
||||
DEFAULT_BRANCH = "main";
|
||||
};
|
||||
oauth2_client = {
|
||||
ACCOUNT_LINKING = "auto";
|
||||
ENABLE_AUTO_REGISTRATION = true;
|
||||
};
|
||||
"repository.pull-requests" = {
|
||||
DEFAULT_MERGE_STYLE = "merge";
|
||||
DEFAULT_MERGE_MESSAGE_ALL_AUTHORS = true;
|
||||
};
|
||||
"repository.upload".FILE_MAX_SIZE = 1024;
|
||||
server = {
|
||||
LANDING_PAGE = "explore";
|
||||
OFFLINE_MODE = true;
|
||||
};
|
||||
security = { INSTALL_LOCK = true; };
|
||||
other = {
|
||||
SHOW_FOOTER_VERSION = false;
|
||||
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
|
||||
};
|
||||
cron = {
|
||||
ENABLED = true;
|
||||
NOTICE_ON_SUCCESS = true;
|
||||
};
|
||||
"cron.update_mirrors" = {
|
||||
SCHEDULE = "@every 12h";
|
||||
PULL_LIMIT = "-1";
|
||||
PUSH_LIMIT = "-1";
|
||||
};
|
||||
"cron.git_gc_repos".ENABLED = true;
|
||||
"cron.delete_old_actions".ENABLED = true;
|
||||
};
|
||||
};
|
||||
services.postgresqlBackup = {
|
||||
enable = true;
|
||||
databases = [ "gitea" ];
|
||||
startAt = "*-*-* 23:45:00";
|
||||
location = "/persist/backups/postgres";
|
||||
};
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
passwordAuthentication = false;
|
||||
listenAddresses = [ {
|
||||
addr = "192.168.100.10";
|
||||
port = 22;
|
||||
} ];
|
||||
extraConfig = ''
|
||||
AcceptEnv GIT_PROTOCOL
|
||||
'';
|
||||
};
|
||||
})).config.system.build.toplevel;
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."git.infra4future.de" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://${config.containers.gitea.localAddress}:3000";
|
||||
};
|
||||
};
|
||||
hexchen.nftables.nat.forwardPorts = [{
|
||||
ports = [ 22 ];
|
||||
destination = "${config.containers.gitea.localAddress}:22";
|
||||
proto = "tcp";
|
||||
}];
|
||||
}
|
||||
|
|
@ -1,64 +0,0 @@
|
|||
{config, pkgs, lib, ...}:
|
||||
|
||||
{
|
||||
services.gitlab-runner = {
|
||||
enable = true;
|
||||
concurrent = 4;
|
||||
services = {
|
||||
infra4future = {
|
||||
buildsDir = "/persist/var/lib/gitlab-runner/builds";
|
||||
dockerImage = "nixos/nix";
|
||||
executor = "docker";
|
||||
registrationConfigFile = "/persist/var/lib/gitlab-runner/gitlab-runner.env";
|
||||
};
|
||||
nix = {
|
||||
limit = 1; # don't run multiple jobs
|
||||
registrationConfigFile = "/persist/var/lib/gitlab-runner/gitlab-runner.env";
|
||||
dockerImage = "alpine";
|
||||
dockerVolumes = [
|
||||
"/nix/store:/nix/store:ro"
|
||||
"/nix/var/nix/db:/nix/var/nix/db:ro"
|
||||
"/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
|
||||
];
|
||||
dockerDisableCache = true;
|
||||
preBuildScript = pkgs.writeScript "setup-container" ''
|
||||
mkdir -p -m 0755 /nix/var/log/nix/drvs
|
||||
mkdir -p -m 0755 /nix/var/nix/gcroots
|
||||
mkdir -p -m 0755 /nix/var/nix/profiles
|
||||
mkdir -p -m 0755 /nix/var/nix/temproots
|
||||
mkdir -p -m 0755 /nix/var/nix/userpool
|
||||
mkdir -p -m 1777 /nix/var/nix/gcroots/per-user
|
||||
mkdir -p -m 1777 /nix/var/nix/profiles/per-user
|
||||
mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
|
||||
mkdir -p -m 0700 "$HOME/.nix-defexpr"
|
||||
. ${pkgs.nix}/etc/profile.d/nix.sh
|
||||
${pkgs.nix}/bin/nix-env -i ${lib.concatStringsSep " " (with pkgs; [ nix cacert git openssh ])}
|
||||
${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixpkgs-unstable
|
||||
${pkgs.nix}/bin/nix-channel --update nixpkgs
|
||||
'';
|
||||
environmentVariables = {
|
||||
ENV = "/etc/profile";
|
||||
USER = "root";
|
||||
NIX_REMOTE = "daemon";
|
||||
PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin";
|
||||
NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
|
||||
};
|
||||
tagList = [ "nix" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.gitlab-runner.serviceConfig = {
|
||||
DynamicUser = lib.mkForce false;
|
||||
User = "gitlab-runner";
|
||||
};
|
||||
|
||||
users.users.gitlab-runner = {
|
||||
home = "/persist/var/lib/gitlab-runner";
|
||||
extraGroups = [ "docker" ];
|
||||
isSystemUser = true;
|
||||
group = "nogroup";
|
||||
};
|
||||
|
||||
virtualisation.docker.storageDriver = "zfs";
|
||||
}
|
||||
|
|
@ -1,168 +0,0 @@
|
|||
{config, pkgs, lib, profiles, modules, evalConfig, sources, ...}:
|
||||
|
||||
{
|
||||
containers.gitlab = {
|
||||
autoStart = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "192.168.100.1";
|
||||
localAddress = "192.168.100.7";
|
||||
|
||||
bindMounts = {
|
||||
"/persist" = {
|
||||
hostPath = "/persist/containers/gitlab";
|
||||
isReadOnly = false;
|
||||
};
|
||||
};
|
||||
|
||||
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
|
||||
boot.isContainer = true;
|
||||
networking.useDHCP = false;
|
||||
users.users.root.hashedPassword = "";
|
||||
|
||||
imports = [
|
||||
../modules/mattermost.nix
|
||||
((import sources.nix-hexchen) {}).profiles.nopersist
|
||||
];
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
networking.firewall.enable = false;
|
||||
networking.defaultGateway = {
|
||||
address = "192.168.100.1";
|
||||
interface = "eth0";
|
||||
};
|
||||
|
||||
services.gitlab = {
|
||||
enable = true;
|
||||
|
||||
databaseCreateLocally = true;
|
||||
|
||||
host = "gitlab.infra4future.de";
|
||||
https = true;
|
||||
port = 443;
|
||||
|
||||
statePath = "/persist/gitlab";
|
||||
user = "git";
|
||||
databaseUsername = "git";
|
||||
|
||||
initialRootPasswordFile = "/persist/secrets/gitlab-root";
|
||||
secrets.secretFile = "/persist/secrets/gitlab-secret";
|
||||
secrets.dbFile = "/persist/secrets/gitlab-db";
|
||||
secrets.otpFile = "/persist/secrets/gitlab-otp";
|
||||
secrets.jwsFile = "/persist/secrets/gitlab-jws";
|
||||
|
||||
smtp = {
|
||||
enable = true;
|
||||
address = "mail.hacc.space";
|
||||
port = 587;
|
||||
authentication = "plain";
|
||||
domain = "gitlab.infra4future.de";
|
||||
enableStartTLSAuto = true;
|
||||
username = "noreply@infra4future.de";
|
||||
passwordFile = "/persist/secrets/noreply-pass";
|
||||
};
|
||||
|
||||
pagesExtraArgs = [ "-listen-proxy" "0.0.0.0:8090" ];
|
||||
extraConfig = {
|
||||
pages = {
|
||||
enabled = true;
|
||||
host = "4future.dev";
|
||||
port = 443;
|
||||
https = true;
|
||||
};
|
||||
omniauth = {
|
||||
enabled = true;
|
||||
auto_sign_in_with_provider = "openid_connect";
|
||||
allow_single_sign_on = ["openid_connect"];
|
||||
block_auto_created_users = false;
|
||||
providers = [
|
||||
{
|
||||
name = "openid_connect";
|
||||
label = "infra4future Login";
|
||||
args = {
|
||||
name = "openid_connect";
|
||||
scope = ["openid" "profile" "email"];
|
||||
response_type = "code";
|
||||
issuer = "https://auth.infra4future.de/auth/realms/forfuture";
|
||||
discovery = true;
|
||||
client_auth_method = "query";
|
||||
uid_field = "username";
|
||||
client_options = {
|
||||
identifier = "gitlab";
|
||||
secret = { _secret = "/persist/secrets/oidc-clientsecret"; };
|
||||
redirect_uri = "https://gitlab.infra4future.de/users/auth/openid_connect/callback";
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.redis.enable = true;
|
||||
services.postgresql.package = pkgs.postgresql_13;
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedTlsSettings = true;
|
||||
virtualHosts."gitlab.infra4future.de" = {
|
||||
default = true;
|
||||
locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
|
||||
locations."/".extraConfig = ''
|
||||
proxy_redirect off;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
services.openssh.enable = true;
|
||||
services.openssh.passwordAuthentication = false;
|
||||
|
||||
users.users.git = {
|
||||
isSystemUser = true;
|
||||
group = "gitlab";
|
||||
home = "/persist/gitlab/home";
|
||||
uid = 165;
|
||||
};
|
||||
|
||||
services.coredns = {
|
||||
enable = true;
|
||||
config = ''
|
||||
.:53 {
|
||||
forward . 1.1.1.1
|
||||
}
|
||||
'';
|
||||
};
|
||||
})).config.system.build.toplevel;
|
||||
};
|
||||
|
||||
hexchen.nftables.nat.forwardPorts = [{
|
||||
ports = [ 22 ];
|
||||
destination = "${config.containers.gitlab.localAddress}:22";
|
||||
proto = "tcp";
|
||||
}];
|
||||
|
||||
services.nginx.virtualHosts."gitlab.infra4future.de" = {
|
||||
locations."/".proxyPass = "http://${config.containers.gitlab.localAddress}:80";
|
||||
locations."/".extraConfig = ''
|
||||
proxy_set_header X-Nginx-Proxy true;
|
||||
proxy_redirect off;
|
||||
'';
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."4future.dev" = {
|
||||
locations."/".proxyPass = "http://${config.containers.gitlab.localAddress}:8090";
|
||||
serverName = "~^((.*)\.)?4future\.dev$";
|
||||
useACMEHost = "4future.dev";
|
||||
forceSSL = true;
|
||||
};
|
||||
|
||||
security.acme.certs."4future.dev" = {
|
||||
dnsProvider = "cloudflare";
|
||||
credentialsFile = "/var/lib/acme/cloudflare.pass";
|
||||
extraDomainNames = [ "*.4future.dev" ];
|
||||
group = config.services.nginx.group;
|
||||
};
|
||||
}
|
||||
|
|
@ -55,8 +55,8 @@
|
|||
hsts.preload = false;
|
||||
email = false;
|
||||
oauth2 = {
|
||||
authorizationURL = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/auth";
|
||||
tokenURL = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/token";
|
||||
authorizationURL = "https://login.infra4future.de/oauth2/authorize";
|
||||
tokenURL = "https://login.infra4future.de/oauth2/token";
|
||||
clientID = "hedgedoc";
|
||||
clientSecret = "1a730af1-4d6e-4c1d-8f7e-72375c9b8d62";
|
||||
};
|
||||
|
|
@ -64,9 +64,9 @@
|
|||
};
|
||||
systemd.services.hedgedoc.environment = {
|
||||
"CMD_LOGLEVEL" = "warn";
|
||||
"CMD_OAUTH2_USER_PROFILE_URL" = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/userinfo";
|
||||
"CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR" = "name";
|
||||
"CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR" = "display-name";
|
||||
"CMD_OAUTH2_USER_PROFILE_URL" = "https://login.infra4future.de/oauth2/userinfo";
|
||||
"CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR" = "nickname";
|
||||
"CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR" = "name";
|
||||
"CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR" = "email";
|
||||
"CMD_OAUTH2_PROVIDERNAME" = "Infra4Future";
|
||||
};
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@
|
|||
extraConfig = let
|
||||
wikidb = pkgs.fetchzip {
|
||||
url = "https://www.kennel17.co.uk/uploads/testwiki/e/e9/WikiDB.zip";
|
||||
sha256 = "0pns9fk1ws54m7rgbfsrxqh6ayab16mmnvzba8m4malljgrbil8b";
|
||||
sha256 = "sha256-8pMNQwmGEsbIoSV1s4RL5Xqq4+f+GNOaCB8VlVnbweY=";
|
||||
};
|
||||
in ''
|
||||
// Configure short URLs
|
||||
|
|
@ -77,8 +77,8 @@
|
|||
sha256 = "1k0z44jfqsxzwy6jjz3yfibiq8wi845d5iwwh8j3yijn2854fj0i";
|
||||
};
|
||||
intersection = pkgs.fetchzip { # This is the DynamicPageList extension
|
||||
url = "https://extdist.wmflabs.org/dist/extensions/intersection-REL1_36-4a70dbd.tar.gz";
|
||||
sha256 = "0s70fqkf5ylpsxy1h3hljic8708j6099mz12b6k03hgwc582yywi";
|
||||
url = "https://extdist.wmflabs.org/dist/extensions/intersection-REL1_36-82eb087.tar.gz";
|
||||
sha256 = "sha256-TD58DvJ4CFASP4rIc94jeB4SN4zktLe33xZtz/Qg2dk=";
|
||||
};
|
||||
PageForms = pkgs.fetchzip {
|
||||
url = "https://github.com/wikimedia/mediawiki-extensions-PageForms/archive/5.0.1.zip";
|
||||
|
|
|
|||
|
|
@ -1,161 +1,169 @@
|
|||
{ config, pkgs, lib, sources, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
sources.nixos-mailserver.outPath
|
||||
];
|
||||
imports = [ sources.nixos-mailserver.outPath ];
|
||||
|
||||
# reduce log spam
|
||||
systemd.services.rspamd.serviceConfig.LogLevelMax = 3; # this is set to error because rspamd regularly complains about not enough learns
|
||||
systemd.services.rspamd.serviceConfig.LogLevelMax =
|
||||
3; # this is set to error because rspamd regularly complains about not enough learns
|
||||
systemd.services.postfix.serviceConfig.LogLevelMax = 5; # = notice
|
||||
systemd.services.dovecot2.serviceConfig.LogLevelMax = 5; # = notice
|
||||
|
||||
# stop postfix from dying if rspamd hiccups
|
||||
systemd.services.postfix.unitConfig = {
|
||||
Requires = lib.mkForce "dovecot2.service opendkim.service";
|
||||
Requires = lib.mkForce "dovecot2.service opendkim.service";
|
||||
};
|
||||
|
||||
mailserver = {
|
||||
mailDirectory = "/persist/mail";
|
||||
enable = true;
|
||||
fqdn = "mail.hacc.space";
|
||||
domains = [ "hacc.space" "muc.hacc.space" "hacc.earth" "4future.dev" "4futu.re" "infra4future.de" "discuss.infra4future.de" ];
|
||||
monitoring = {
|
||||
enable = true;
|
||||
alertAddress = "admin@hacc.space";
|
||||
};
|
||||
domains = [
|
||||
"hacc.space"
|
||||
"muc.hacc.space"
|
||||
"hacc.earth"
|
||||
"4future.dev"
|
||||
"4futu.re"
|
||||
"infra4future.de"
|
||||
];
|
||||
|
||||
loginAccounts = {
|
||||
"hexchen@hacc.space".hashedPassword = "$6$x9skYtRp4dgxC$1y8gPC2BuVqG3kJVSMGgzZv0Bg1T9qxcnBWLIDbANy1d//SQ23Y7s3IMYcEPd1/l/MYWD9Y/Qse6HbT5w5Xwq/";
|
||||
"hexchen@hacc.space".aliases = [ "postmaster@hacc.space" "abuse@hacc.space" "hexchen@infra4future.de" ];
|
||||
"hexchen@hacc.space".hashedPassword =
|
||||
"$6$x9skYtRp4dgxC$1y8gPC2BuVqG3kJVSMGgzZv0Bg1T9qxcnBWLIDbANy1d//SQ23Y7s3IMYcEPd1/l/MYWD9Y/Qse6HbT5w5Xwq/";
|
||||
|
||||
"octycs@hacc.space".hashedPassword = "$6$KceTivtJ$58jxhYF6ULfivNsb3Z0J7PnGea0Hs2wTWh3c9FrKRIAmuOD96u2IDgZRCn6P5NrXA0BL.n6HC2RS3r.4JnOmg.";
|
||||
"octycs@hacc.space".aliases = [ "markus@hacc.space" ];
|
||||
"octycs@hacc.space".hashedPassword =
|
||||
"$6$KceTivtJ$58jxhYF6ULfivNsb3Z0J7PnGea0Hs2wTWh3c9FrKRIAmuOD96u2IDgZRCn6P5NrXA0BL.n6HC2RS3r.4JnOmg.";
|
||||
"octycs@hacc.space".aliases = [ "markus@hacc.space" ];
|
||||
|
||||
"raphael@hacc.space".hashedPassword = "$6$QveHpwMcp9mkFVAU$EFuahOrJIxPg.c.WGFHtrP3.onwJYwvP7fiBHHGb9jhosewZ2tEUP.2D3uyDLhd9Cfny6Yp4jDk/Hkjk7/ME1/";
|
||||
"raphael@hacc.space".hashedPassword =
|
||||
"$6$QveHpwMcp9mkFVAU$EFuahOrJIxPg.c.WGFHtrP3.onwJYwvP7fiBHHGb9jhosewZ2tEUP.2D3uyDLhd9Cfny6Yp4jDk/Hkjk7/ME1/";
|
||||
|
||||
"schweby@hacc.space".hashedPassword = "$6$BpYhwcZNrkLhVqK$6FMqA/vUkdV4GBlHLSqS5DRCb/CaLDNeIsBcZ8G30heytS/tJj2Ag7b1ovSltTA4PUfhee3pJrz1BkwkA93vN1";
|
||||
"moira@hacc.space".hashedPassword =
|
||||
"$6$BpYhwcZNrkLhVqK$6FMqA/vUkdV4GBlHLSqS5DRCb/CaLDNeIsBcZ8G30heytS/tJj2Ag7b1ovSltTA4PUfhee3pJrz1BkwkA93vN1";
|
||||
|
||||
"zauberberg@hacc.space".hashedPassword = "$6$ISAaU8X6D$oGKe9WXDWrRpGzHUTdxrxdtg9zuGOlBMuDc82IZhegpsv1bqd550FhZZrI40IjZTA5Hy2MZ8j/0efpnQ4fOQH0";
|
||||
"zauberberg@hacc.space".aliases = [ "lukas@hacc.space" ];
|
||||
"zauberberg@hacc.space".hashedPassword =
|
||||
"$6$ISAaU8X6D$oGKe9WXDWrRpGzHUTdxrxdtg9zuGOlBMuDc82IZhegpsv1bqd550FhZZrI40IjZTA5Hy2MZ8j/0efpnQ4fOQH0";
|
||||
"zauberberg@hacc.space".aliases = [ "lukas@hacc.space" ];
|
||||
|
||||
"stuebinm@hacc.space".hashedPassword = "$6$mjrMQG5smqLRlm$WzmbiZnGlEXGT7hj/n2qz0nvVzGyZfMToCyLRi0wErfVEHI7y7jtWoHqIWnpcHAM29UocsIFFsUCb3XqQCwwB.";
|
||||
"stuebinm@hacc.space".hashedPassword =
|
||||
"$6$mjrMQG5smqLRlm$WzmbiZnGlEXGT7hj/n2qz0nvVzGyZfMToCyLRi0wErfVEHI7y7jtWoHqIWnpcHAM29UocsIFFsUCb3XqQCwwB.";
|
||||
|
||||
"lenny@hacc.space".hashedPassword = "$6$EZpv9XImv5F3$p2NSoo5gLxh6NnB3/C6wF8knRTuMHqDXYF3BEscaQuk7qok2Z13xKT/6mFvvSKKBnFCuYptgnfGswmoqIzm/1/";
|
||||
"lenny@hacc.space".aliases = [ "rinderhacc@hacc.space" ];
|
||||
"lenny@hacc.space".hashedPassword =
|
||||
"$6$EZpv9XImv5F3$p2NSoo5gLxh6NnB3/C6wF8knRTuMHqDXYF3BEscaQuk7qok2Z13xKT/6mFvvSKKBnFCuYptgnfGswmoqIzm/1/";
|
||||
"lenny@hacc.space".aliases = [ "rinderhacc@hacc.space" ];
|
||||
|
||||
"finance@muc.hacc.space".hashedPassword = "$6$R3GRmvXwqnMM6q.R$Y9mrUAmMnCScsM6pKjxo2a2XPM7lHrV8FIgK0PzhYvZbxWczo7.O4dk1onYeV1mRx/nXZfkZNjqNCruCn0S2m.";
|
||||
"finance@muc.hacc.space".hashedPassword =
|
||||
"$6$R3GRmvXwqnMM6q.R$Y9mrUAmMnCScsM6pKjxo2a2XPM7lHrV8FIgK0PzhYvZbxWczo7.O4dk1onYeV1mRx/nXZfkZNjqNCruCn0S2m.";
|
||||
|
||||
# service accounts
|
||||
"noreply@hacc.space".hashedPassword = "$6$YsqMoItITZUzI5wo$5Lejf8XBHRx4LW4VuZ9wJCiBbT4kOV/EZaCdWQ07eVIrkRTZwXWZ5zfsh.olXEFwvpNWN.DBnU.dQc.cC0/ra/";
|
||||
"newsletter@hacc.space".hashedPassword = "$6$f0xKnQxBInd$zbVIi1lTKWauqW.c8sMNLHNwzn81oQrVOiIfJwPa98n9xWz/NkjuWLYuFpK.MSZwNwP7Yv/a/qaOb9v8qv/.N1";
|
||||
"gitlab@infra4future.de".hashedPassword = "$6$8vvkYuxv$9xV5WktsqfgM3cWSxonjtaohm7oqvDC5qsgJCJBATwesjTRxd/QTLa7t7teK8Nzyl.Py26xz.NvYowCZQ4aBE1";
|
||||
"noreply@infra4future.de".hashedPassword = "$6$uaD8bRcT1$gFqhFyu5RUsyUUOG5b.kN.JAJ1rVHvaYhpeRHoMvrERAMgBu1FHu2oDnjTsy.5NKoLc5xpI5uv4Gpy4YbmDmV.";
|
||||
"discuss@infra4future.de".hashedPassword = "$6$8x8/OlMFjq1$S54jdBh7WjrdC6UtbYAHHzMJak7Ai/CjwmWBBbqh7yRHuZt.mfZrsfBNiL3JKBHE7seQ7JYRU99lJKCU6Aujg/";
|
||||
"noreply@hacc.space" = {
|
||||
hashedPassword =
|
||||
"$6$YsqMoItITZUzI5wo$5Lejf8XBHRx4LW4VuZ9wJCiBbT4kOV/EZaCdWQ07eVIrkRTZwXWZ5zfsh.olXEFwvpNWN.DBnU.dQc.cC0/ra/";
|
||||
sendOnly = true;
|
||||
};
|
||||
|
||||
"noreply@infra4future.de" = {
|
||||
hashedPassword =
|
||||
"$6$uaD8bRcT1$gFqhFyu5RUsyUUOG5b.kN.JAJ1rVHvaYhpeRHoMvrERAMgBu1FHu2oDnjTsy.5NKoLc5xpI5uv4Gpy4YbmDmV.";
|
||||
sendOnly = true;
|
||||
};
|
||||
};
|
||||
|
||||
extraVirtualAliases = {
|
||||
# address = forward address;
|
||||
# address = forward address;
|
||||
|
||||
# -- International --
|
||||
# info/contact: main entrypoint, anyone can read or reply to this.
|
||||
"info@hacc.space" = [
|
||||
"hexchen@hacc.space"
|
||||
"octycs@hacc.space"
|
||||
"raphael@hacc.space"
|
||||
"schweby@hacc.space"
|
||||
"zauberberg@hacc.space"
|
||||
"stuebinm@hacc.space"
|
||||
"lenny@hacc.space"
|
||||
];
|
||||
# admin: current people with access to the mail server and knowledge on how to use it
|
||||
"admin@hacc.space" = [
|
||||
"hexchen@hacc.space"
|
||||
"schweby@hacc.space"
|
||||
"zauberberg@hacc.space"
|
||||
];
|
||||
# voc: hacc video operation center, various streaming-related things
|
||||
"voc@hacc.space" = [
|
||||
"hexchen@hacc.space"
|
||||
"schweby@hacc.space"
|
||||
"octycs@hacc.space"
|
||||
"stuebinm@hacc.space"
|
||||
"zauberberg@hacc.space"
|
||||
"lenny@hacc.space"
|
||||
"raphael@hacc.space"
|
||||
];
|
||||
# -- International --
|
||||
# info/contact: main entrypoint, anyone can read or reply to this.
|
||||
"info@hacc.space" = [
|
||||
"hexchen@hacc.space"
|
||||
"octycs@hacc.space"
|
||||
"raphael@hacc.space"
|
||||
"moira@hacc.space"
|
||||
"zauberberg@hacc.space"
|
||||
"stuebinm@hacc.space"
|
||||
"lenny@hacc.space"
|
||||
];
|
||||
|
||||
# -- Regional: Germany --
|
||||
# board of hacc e.V.
|
||||
"vorstand@hacc.space" = [
|
||||
"raphael@hacc.space"
|
||||
"schweby@hacc.space"
|
||||
"zauberberg@hacc.space"
|
||||
];
|
||||
# members of hacc e.V.
|
||||
"mitglieder@hacc.space" = [
|
||||
"hexchen@hacc.space"
|
||||
"raphael@hacc.space"
|
||||
"schweby@hacc.space"
|
||||
"zauberberg@hacc.space"
|
||||
"lenny@hacc.space"
|
||||
"octycs@hacc.space"
|
||||
"stuebinm@hacc.space"
|
||||
];
|
||||
# admin: current people with access to the mail server and knowledge on how to use it™
|
||||
"admin@hacc.space" =
|
||||
[ "hexchen@hacc.space" "moira@hacc.space" "zauberberg@hacc.space" ];
|
||||
|
||||
# -- Regional: Munich --
|
||||
"muc@hacc.space" = [
|
||||
"hexchen@hacc.space"
|
||||
"octycs@hacc.space"
|
||||
"raphael@hacc.space"
|
||||
"schweby@hacc.space"
|
||||
"zauberberg@hacc.space"
|
||||
"stuebinm@hacc.space"
|
||||
"lenny@hacc.space"
|
||||
];
|
||||
# voc: hacc video operation center, various streaming-related things
|
||||
"voc@hacc.space" = [
|
||||
"hexchen@hacc.space"
|
||||
"moira@hacc.space"
|
||||
"octycs@hacc.space"
|
||||
"stuebinm@hacc.space"
|
||||
"zauberberg@hacc.space"
|
||||
"lenny@hacc.space"
|
||||
"raphael@hacc.space"
|
||||
];
|
||||
|
||||
# -- c3 world operation centre --
|
||||
"world@muc.hacc.space" = [
|
||||
"hexchen@hacc.space"
|
||||
"stuebinm@hacc.space"
|
||||
];
|
||||
# -- Regional: Germany --
|
||||
# board of hacc e.V.
|
||||
"vorstand@hacc.space" =
|
||||
[ "raphael@hacc.space" "moira@hacc.space" "zauberberg@hacc.space" ];
|
||||
|
||||
# members of hacc e.V.
|
||||
"mitglieder@hacc.space" = [
|
||||
"hexchen@hacc.space"
|
||||
"raphael@hacc.space"
|
||||
"moira@hacc.space"
|
||||
"zauberberg@hacc.space"
|
||||
"lenny@hacc.space"
|
||||
"octycs@hacc.space"
|
||||
"stuebinm@hacc.space"
|
||||
];
|
||||
|
||||
# -- Regional: Munich --
|
||||
"muc@hacc.space" = [
|
||||
"hexchen@hacc.space"
|
||||
"octycs@hacc.space"
|
||||
"raphael@hacc.space"
|
||||
"moira@hacc.space"
|
||||
"zauberberg@hacc.space"
|
||||
"stuebinm@hacc.space"
|
||||
"lenny@hacc.space"
|
||||
];
|
||||
};
|
||||
|
||||
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
|
||||
# down nginx and opens port 80.
|
||||
certificateScheme = 3;
|
||||
|
||||
# Enable IMAP and POP3
|
||||
enableImap = true;
|
||||
enablePop3 = true;
|
||||
enableImapSsl = true;
|
||||
enablePop3Ssl = true;
|
||||
# Only allow implict TLS
|
||||
enableImap = false;
|
||||
enablePop3 = false;
|
||||
|
||||
# Enable the ManageSieve protocol
|
||||
enableManageSieve = true;
|
||||
|
||||
# whether to scan inbound emails for viruses (note that this requires at least
|
||||
# 1 Gb RAM for the server. Without virus scanning 256 MB RAM should be plenty)
|
||||
virusScanning = false;
|
||||
};
|
||||
services.postfix.submissionOptions.smtpd_sender_restrictions = lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
|
||||
services.postfix.submissionsOptions.smtpd_sender_restrictions = lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
|
||||
|
||||
services.postfix.submissionOptions.smtpd_sender_restrictions =
|
||||
lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
|
||||
services.postfix.submissionsOptions.smtpd_sender_restrictions =
|
||||
lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
|
||||
|
||||
services.postfix.virtual = ''
|
||||
postmaster@hacc.space admin@hacc.space
|
||||
abuse@hacc.space admin@hacc.space
|
||||
contact@hacc.space info@hacc.space
|
||||
hello@hacc.space info@hacc.space
|
||||
haccvoc@hacc.space voc@hacc.space
|
||||
@4future.dev @hacc.space
|
||||
@4futu.re @hacc.space
|
||||
@hacc.earth @hacc.space
|
||||
@discuss.infra4future.de discuss@infra4future.de
|
||||
admin@infra4future.de admin@hacc.space
|
||||
noreply@infra4future.de admin@hacc.space
|
||||
lukas@infra4future.de zauberberg@hacc.space
|
||||
info@infra4future.de admin@hacc.space
|
||||
postmaster@infra4future.de admin@hacc.space
|
||||
voc@infra4future.de voc@hacc.space
|
||||
haccvoc@infra4future.de voc@hacc.space
|
||||
contact@hacc.space info@hacc.space
|
||||
himmel@hacc.space admin@hacc.space
|
||||
divoc-patches@muc.hacc.space world@muc.hacc.space
|
||||
@infra4future.de @hacc.space
|
||||
'';
|
||||
|
||||
systemd.services.alps = {
|
||||
enable = true;
|
||||
script = "${pkgs.alps}/bin/alps -theme alps imaps://mail.hacc.space:993 smtps://mail.hacc.space:465";
|
||||
script =
|
||||
"${pkgs.alps}/bin/alps -theme alps imaps://mail.hacc.space:993 smtps://mail.hacc.space:465";
|
||||
serviceConfig.WorkingDirectory = "${pkgs.alps}/share/alps";
|
||||
serviceConfig.Restart = "always";
|
||||
requiredBy = [ "multi-user.target" ];
|
||||
|
|
|
|||
|
|
@ -141,9 +141,9 @@ in {
|
|||
Enable = true;
|
||||
Id = "mattermost";
|
||||
Scope = "";
|
||||
AuthEndpoint = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/auth";
|
||||
TokenEndpoint = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/token";
|
||||
UserApiEndpoint = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/userinfo";
|
||||
AuthEndpoint = "https://login.infra4future.de/oauth2/authorize";
|
||||
TokenEndpoint = "https://login.infra4future.de/oauth2/token";
|
||||
UserApiEndpoint = "https://login.infra4future.de/oauth2/userinfo";
|
||||
};
|
||||
# for some reason, these don't appear to be working; the startup
|
||||
# process complaines and sets these back to en
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@
|
|||
|
||||
# must be set manually; may not be incremented by more than one at
|
||||
# a time, otherwise nextcloud WILL break
|
||||
package = pkgs.nextcloud21;
|
||||
package = pkgs.nextcloud24;
|
||||
|
||||
home = "/persist/nextcloud";
|
||||
https = true;
|
||||
|
|
@ -52,8 +52,6 @@
|
|||
defaultapp = "apporder";
|
||||
};
|
||||
|
||||
caching.redis = true;
|
||||
|
||||
# multiple pools may be doable using services.phpfpm.pools,
|
||||
# but i have not tried this yet. The nextcloud module defines a
|
||||
# pool "nextcloud"
|
||||
|
|
@ -68,36 +66,10 @@
|
|||
|
||||
extraOptions = {
|
||||
instanceid = "ocxlphb7fbju";
|
||||
redis = {
|
||||
host = "/run/redis/redis.sock";
|
||||
port = 0;
|
||||
dbindex = 0;
|
||||
password = "secret";
|
||||
timeout = 1.5;
|
||||
};
|
||||
datadirectory = "/persist/data/ncdata";
|
||||
mail_smtpmode = "smtp";
|
||||
mail_smtpsecure = "ssl";
|
||||
mail_sendmailmode = "smtp";
|
||||
mail_from_address = "noreply";
|
||||
mail_domain = "infra4future.de";
|
||||
mail_smtpauthtype = "PLAIN";
|
||||
mail_smtpauth = 1;
|
||||
mail_smtphost = "mail.hacc.space";
|
||||
mail_smtpport = 465;
|
||||
mail_smtpname = "noreply@infra4future.de";
|
||||
loglevel = 0;
|
||||
"overwrite.cli.url" = "https://cloud.infra4future.de";
|
||||
};
|
||||
|
||||
# passwordsalt, secret, and mail_smtppassword go in here
|
||||
secretFile = "/persist/secrets.json";
|
||||
|
||||
};
|
||||
|
||||
services.redis = {
|
||||
enable = true;
|
||||
unixSocket = "/var/run/redis/redis.sock";
|
||||
};
|
||||
|
||||
services.postgresql = {
|
||||
|
|
@ -137,6 +109,7 @@
|
|||
extraConfig = ''
|
||||
proxy_buffering off;
|
||||
client_max_body_size 0;
|
||||
add_header Cache-Control "no-store, no-cache, must-revalidate";
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -7,10 +7,6 @@
|
|||
configDir = "/persist/var/lib/syncthing/";
|
||||
dataDir = "/persist/data/syncthing/";
|
||||
devices = {
|
||||
schweby = {
|
||||
addresses = []; # empty = dynamic
|
||||
id = "YF7DNNS-B63GERK-YFQ7G7Q-2DG7557-VIWFOTK-R3JOS63-T76POBQ-F6MO6AH";
|
||||
};
|
||||
raphael-laptop = {
|
||||
addresses = []; # empty = dynamic
|
||||
id = "72B3T74-NOMJV3X-EVJXTJF-5GGAEZB-ZDKBHXQ-VQNRYEU-YCPA2JP-L6NGAAG";
|
||||
|
|
@ -25,7 +21,7 @@
|
|||
folders = {
|
||||
"/persist/data/syncthing/hacc/" = {
|
||||
id = "qt2ly-xvvvs";
|
||||
devices = [ "schweby" "conway" "raphael-laptop"];
|
||||
devices = [ "conway" "raphael-laptop"];
|
||||
type = "receiveonly";
|
||||
versioning = {
|
||||
type = "simple";
|
||||
|
|
@ -34,7 +30,7 @@
|
|||
};
|
||||
"/persist/data/syncthing/hacc_eV_vorstand/" = {
|
||||
id = "twwt7-fxrsr";
|
||||
devices = [ "schweby" "conway" "raphael-laptop"];
|
||||
devices = [ "conway" "raphael-laptop"];
|
||||
# type = "receiveencrypted"; # no yet implemented
|
||||
};
|
||||
};
|
||||
|
|
|
|||
84
services/uffd.nix
Normal file
84
services/uffd.nix
Normal file
|
|
@ -0,0 +1,84 @@
|
|||
{ config, lib, pkgs, profiles, modules, evalConfig, sources, ... }:
|
||||
|
||||
let
|
||||
uffd = pkgs.uffd;
|
||||
in {
|
||||
containers.uffd = {
|
||||
privateNetwork = true;
|
||||
hostAddress = "192.168.100.1";
|
||||
localAddress = "192.168.100.9";
|
||||
autoStart = true;
|
||||
bindMounts = {
|
||||
"/persist" = {
|
||||
hostPath = "/persist/containers/uffd";
|
||||
isReadOnly = false;
|
||||
};
|
||||
};
|
||||
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
|
||||
boot.isContainer = true;
|
||||
networking.useDHCP = false;
|
||||
users.users.root.hashedPassword = "";
|
||||
|
||||
imports = [
|
||||
((import sources.nix-hexchen) {}).profiles.nopersist
|
||||
];
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
networking.firewall.enable = false;
|
||||
networking.defaultGateway = {
|
||||
address = "192.168.100.1";
|
||||
interface = "eth0";
|
||||
};
|
||||
services.coredns = {
|
||||
enable = true;
|
||||
config = ''
|
||||
.:53 {
|
||||
forward . 1.1.1.1
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
services.uwsgi = {
|
||||
enable = true;
|
||||
plugins = [ "python3" ];
|
||||
instance = {
|
||||
type = "normal";
|
||||
pythonPackages = self: with self; [ uffd ];
|
||||
module = "uffd:create_app()";
|
||||
# socket = "${config.services.uwsgi.runDir}/uwsgi.sock";
|
||||
http = ":8080";
|
||||
env = [
|
||||
"CONFIG_PATH=/persist/uffd/uffd.conf"
|
||||
];
|
||||
hook-pre-app = "exec:FLASK_APP=${uffd}/lib/python3.9/site-packages/uffd flask db upgrade";
|
||||
};
|
||||
};
|
||||
})).config.system.build.toplevel;
|
||||
};
|
||||
services.nginx.virtualHosts."login.infra4future.de" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations = {
|
||||
"/".proxyPass = "http://${config.containers.uffd.localAddress}:8080";
|
||||
"/static".root = "${uffd}/lib/python3.9/site-packages/uffd";
|
||||
"/static/hacc.png".return = "302 https://infra4future.de/assets/img/logo_vernetzung.png";
|
||||
"/static/infra4future.svg".return = "302 https://infra4future.de/assets/img/infra4future.svg";
|
||||
"/static/hedgedoc.svg".return = "302 https://infra4future.de/assets/img/icons/hedgedoc.svg";
|
||||
"/static/mattermost.svg".return = "302 https://infra4future.de/assets/img/icons/mattermost.svg";
|
||||
"/static/nextcloud.svg".return = "302 https://infra4future.de/assets/img/icons/nextcloud.svg";
|
||||
"/static/hot_shit.svg".return = "302 https://infra4future.de/assets/img/icons/hot_shit.svg";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.auamost = {
|
||||
enable = true;
|
||||
|
||||
description = "mattermost aua gruppensync";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
serviceConfig.Type = "simple";
|
||||
path = [ pkgs.curl pkgs.jq ];
|
||||
script = "${pkgs.fish}/bin/fish /persist/magic/mattermost-groupsync.fish";
|
||||
startAt = "*:0/15";
|
||||
};
|
||||
}
|
||||
|
|
@ -349,7 +349,7 @@
|
|||
<li>Regular meetings of the <a href="https://muc.hacc.earth">hacc e.V.</a>, usually every 1st and 3rd Wednesday 7:30 p.m. at <a href="https://muc.ccc.de/">muCCC</a>. At the moment we meet online on <a href="https://mumble.hacc.space/">mumble.hacc.space</a>.</li>
|
||||
<li>Meetings of <a href="https://hacc.uber.space/HACC/Europe/DE/NRW/Siegen">Klimanotstandbündnis in Siegen</a>. See hacc group page.</li>
|
||||
<li>
|
||||
Propose changes to the hacc e.V. infrastructure. You can open an issue on our <a href="https://gitlab.infra4future.de/hacc/infra/meta">meta discussion repository</a> or (if you are familiar with Nix) open a merge request <a href="https://gitlab.infra4future.de/hacc/infra/haccfiles">on the nixfiles</a> which control a growing part of our infrastructure. Or just ask us via one of hacc e.V. channels above.
|
||||
Propose changes to the hacc e.V. infrastructure. You can open an issue or open a merge request <a href="https://git.infra4future.de/hacc/haccfiles">on the nixfiles</a> which control a growing part of our infrastructure. Or just ask us via one of hacc e.V. channels above.
|
||||
</li>
|
||||
<li>
|
||||
Add you or your project to the <a href="https://e2h.totalism.org/e2h.php?_=hacc-directory#---_PROJECTS">hacc directory</a>
|
||||
|
|
@ -438,7 +438,7 @@ Unfortunately conflicts led to a split between the local chapter Munich and CHT
|
|||
<h1>About this page<span class="blink"></span></h1>
|
||||
<p>
|
||||
The hacc e.V. runs this page (<a href="https://hacc.earth">hacc.earth</a>) but not necessarily the linked projects. You can find more about our activities and involvements on our <a href="https://muc.hacc.earth">own page</a>.<br>
|
||||
Also the source of the page can be found <a href="https://gitlab.infra4future.de/hacc/infra4future/hacc.earth">here</a>. As with the hacc e.V. infrastructure in general you are invited to make change requests or just <a href="#contac">contact</a> us to ask for changes.
|
||||
Also the source of the page can be found <a href="https://git.infra4future.de/hacc/haccfiles/src/branch/main/websites/hacc.earth">here</a>. As with the hacc e.V. infrastructure in general you are invited to make change requests or just <a href="#contac">contact</a> us to ask for changes.
|
||||
</p>
|
||||
<p>
|
||||
The hacc logo was designed by <a href="https://creativesforfuture.de/">Creatives for Future</a>.
|
||||
|
|
@ -451,7 +451,7 @@ The hacc logo was designed by <a href="https://creativesforfuture.de/">Creatives
|
|||
</main>
|
||||
<footer class="content" style="z-index: 200">
|
||||
<div>
|
||||
<a href="https://gitlab.infra4future.de/hacc/infra4future/hacc.earth">Source of hacc.earth</a> •
|
||||
<a href="https://git.infra4future.de/hacc/haccfiles/src/branch/main/websites/hacc.earth">Source of hacc.earth</a> •
|
||||
<a href="#contact">Contact</a> •
|
||||
<a href="https://infra4future.de/impressum.html">Imprint</a>
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -317,8 +317,7 @@
|
|||
<li>Regelmäßige Treffen von <a href="https://hacc.uber.space/HACC/Europe/DE/BY/Munich">hacc in München</a>, normalerweise jeden ersten und dritten Mittwoch im Monat um 19:00 Uhr beim <a href="https://muc.ccc.de/">muCCC</a>. Im Moment treffen wir uns Online auf <a href="https://mumble.hacc.space/">mumble.hacc.space</a>.</li>
|
||||
<li>Regelmäßige Treffen des <a href="https://hacc.uber.space/HACC/Europe/DE/NRW/Siegen">Klimanotstandbündnis in Siegen</a>. Jeden zweiten Sonntag, siehe hacc-Seite.</li>
|
||||
<li>
|
||||
Wenn du Vorschläge für Änderungen an unserer Infrastruktur hast, leg bitte einen Issue <a href="https://gitlab.infra4future.de/hacc/infra/meta">in unserem Meta-Diskussions-Repo</a> an,
|
||||
oder (falls du Nix kennst) erstelle einen Merge Request <a href="https://gitlab.infra4future.de/hacc/infra/haccfiles">auf die nixfiles</a>, über die wir einen (größer werdenden) Teil unserer Server verwalten.
|
||||
Wenn du Vorschläge für Änderungen an unserer Infrastruktur hast, leg bitte einen Issue oder erstelle einen Merge Request <a href="https://git.infra4future.de/hacc/haccfiles">auf die nixfiles</a>, über die wir einen (größer werdenden) Teil unserer Server verwalten.
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
|
|
|
|||
1
websites/infra4future.de/assets/img/icons/hedgedoc.svg
Normal file
1
websites/infra4future.de/assets/img/icons/hedgedoc.svg
Normal file
File diff suppressed because one or more lines are too long
|
After Width: | Height: | Size: 10 KiB |
48
websites/infra4future.de/assets/img/icons/hot_shit.svg
Normal file
48
websites/infra4future.de/assets/img/icons/hot_shit.svg
Normal file
|
|
@ -0,0 +1,48 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
|
||||
<svg width="100%" height="100%" viewBox="0 0 32 32" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2;">
|
||||
<metadata>
|
||||
<rdf:RDF xmlns:cc="http://web.resource.org/cc/"
|
||||
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
|
||||
xmlns:dc = "http://purl.org/dc/elements/1.1/"
|
||||
>
|
||||
|
||||
<rdf:Description rdf:about="">
|
||||
<dc:title>Mutant Standard emoji 2020.04</dc:title>
|
||||
</rdf:Description>
|
||||
|
||||
<cc:work rdf:about="">
|
||||
<cc:license rdf:resource="http://creativecommons.org/licenses/by-nc-sa/4.0/"/>
|
||||
<cc:attributionName>Dzuk</cc:attributionName>
|
||||
<cc:attributionURL>http://mutant.tech/</cc:attributionURL>
|
||||
</cc:work>
|
||||
|
||||
</rdf:RDF>
|
||||
</metadata>
|
||||
|
||||
<rect id="hot_shit" x="0" y="0.017" width="32" height="32" style="fill:none;"/>
|
||||
<clipPath id="_clip1">
|
||||
<rect x="0" y="0.017" width="32" height="32"/>
|
||||
</clipPath>
|
||||
<g clip-path="url(#_clip1)">
|
||||
<g id="outline">
|
||||
<path d="M25,5.015c0,-2.761 2.238,-4.998 4.998,-4.998l2.002,0l0,5.716c0,1.257 -0.464,2.406 -1.232,3.284l1.232,0c0,0 0,7.412 0,7.412c0,3.638 -2.949,6.588 -6.587,6.588l-4.413,0l0,-3.786l-2,0l0,-5.048c-0.835,0.266 -1.715,0.405 -2.608,0.405l-2.392,0l0,-5.106c0,-2.283 0.907,-4.473 2.521,-6.087c1.615,-1.614 3.804,-2.521 6.087,-2.521l2.392,0l0,4.141Z"/>
|
||||
<path d="M16.002,2.017c1.591,0 3.116,0.632 4.241,1.756c0.921,0.921 1.511,2.109 1.695,3.383c1.454,0.283 2.803,0.994 3.866,2.057c1.406,1.406 2.196,3.313 2.196,5.302l0,0.004c0,0.502 -0.05,1 -0.149,1.485c0.657,0.361 1.266,0.816 1.806,1.356c1.488,1.488 2.33,3.503 2.343,5.607l0,0.05c0,2.121 -0.843,4.156 -2.343,5.657c-1.5,1.5 -3.535,2.343 -5.657,2.343c0,0 -16,0 -16.006,0c-0.884,-0.003 -1.763,-0.148 -2.599,-0.436c-1.35,-0.465 -2.564,-1.294 -3.488,-2.381c-0.677,-0.795 -1.195,-1.723 -1.517,-2.717c-0.258,-0.794 -0.387,-1.625 -0.39,-2.46l0,-0.056c0.013,-2.104 0.855,-4.119 2.343,-5.607c0.54,-0.54 1.149,-0.995 1.806,-1.356c-0.099,-0.485 -0.149,-0.983 -0.149,-1.485l0,-0.004c0,-1.989 0.79,-3.896 2.196,-5.302c0.799,-0.799 1.759,-1.399 2.804,-1.768l0,-3.428c0.027,-1.071 0.828,-1.916 1.897,-1.998l0.103,-0.002l5.002,0Z"/>
|
||||
</g>
|
||||
<g id="emoji">
|
||||
<path d="M21,10.716c-1.233,1.199 -2.886,1.872 -4.608,1.872l-0.392,0c0,0 0,-1.384 0,-3.106c0,-1.753 0.696,-3.434 1.935,-4.673c1.24,-1.239 2.92,-1.935 4.673,-1.935l0.392,0c0,0 0,1.383 0,3.106c0,0.428 -0.041,0.851 -0.122,1.265c0.362,-0.149 0.754,-0.228 1.154,-0.228l1.968,0l0,4.282c0.495,-0.183 1.029,-0.282 1.587,-0.282l2.413,0l0,5.412c0,2.534 -2.054,4.588 -4.587,4.588l-2.413,0l0,-3.786l-0.032,0l-1.968,0l0,-6.515Zm9,-8.699l0,3.716c0,1.656 -1.342,2.998 -2.998,2.998l-0.002,0c0,0 0,-1.927 0,-3.716c0,-1.656 1.342,-2.998 2.998,-2.998l0.002,0Z" style="fill:#f08c00;"/>
|
||||
<path d="M21.032,6.017l0.968,0l0,3.18c0.322,-0.117 0.669,-0.18 1.032,-0.18l0.968,0l0,4.781c0.538,-0.486 1.25,-0.781 2.032,-0.781l1.968,0c0,0 0,2.077 0,3.968c0,1.674 -1.357,3.032 -3.032,3.032l-1.968,0l0,-3.782c-0.538,0.486 -1.25,0.782 -2.032,0.782l-0.968,0l0,-4.18c-0.322,0.116 -0.669,0.18 -1.032,0.18l-0.968,0c0,0 0,-2.077 0,-3.969c0,-1.674 1.357,-3.031 3.032,-3.031Z" style="fill:#ffbf36;"/>
|
||||
<path d="M16.002,4.017c1.06,0 2.077,0.421 2.827,1.171c0.75,0.749 1.171,1.766 1.171,2.827l0,0.004c0,0.339 -0.043,0.674 -0.127,0.998l0.629,0c1.458,0 2.857,0.579 3.888,1.61c1.031,1.031 1.61,2.43 1.61,3.888l0,0.004c0,0.933 -0.237,1.841 -0.678,2.645c1.097,0.248 2.112,0.802 2.921,1.61c1.116,1.116 1.747,2.628 1.757,4.205l0,0.038c0,1.591 -0.632,3.117 -1.757,4.242c-1.126,1.126 -2.652,1.758 -4.243,1.758l-16,0c-0.664,-0.002 -1.326,-0.111 -1.954,-0.327c-1.012,-0.349 -1.923,-0.97 -2.616,-1.786c-0.508,-0.596 -0.896,-1.292 -1.138,-2.037c-0.193,-0.598 -0.29,-1.223 -0.292,-1.85l0,-0.038c0.01,-1.577 0.641,-3.089 1.757,-4.205c0.809,-0.808 1.824,-1.362 2.921,-1.61c-0.441,-0.804 -0.678,-1.712 -0.678,-2.645l0,-0.004c0,-1.458 0.579,-2.857 1.61,-3.888c0.975,-0.974 2.277,-1.545 3.648,-1.605l-0.004,-0.01c-0.167,-0.481 -0.252,-0.986 -0.254,-1.495l0,-3.5l5.002,0Z" style="fill:#9a6f42;"/>
|
||||
<path d="M10.731,25.852c-0.071,-0.048 -0.136,-0.105 -0.195,-0.172c-0.279,-0.321 -0.324,-0.783 -0.113,-1.153c0.353,-0.618 0.733,-1.283 1.089,-1.906c0.92,-1.611 2.633,-2.604 4.487,-2.604c0.001,0 0.001,0 0.002,0c1.854,0 3.567,0.993 4.487,2.604c0.356,0.623 0.736,1.288 1.089,1.906c0.211,0.37 0.166,0.832 -0.113,1.153c-0.059,0.067 -0.124,0.124 -0.195,0.172l-5.269,-1.835l-5.269,1.835Z" style="fill:#352412;"/>
|
||||
<path d="M16.107,23.017c1.828,0 3.558,0.831 4.7,2.259l0.462,0.576c-0.271,0.183 -0.619,0.225 -0.931,0.1c-0.379,-0.152 -0.753,-0.301 -1.086,-0.435c-0.827,-0.33 -1.71,-0.5 -2.6,-0.5l-1.304,0c-0.89,0 -1.773,0.17 -2.6,0.5c-0.333,0.134 -0.707,0.283 -1.086,0.435c-0.312,0.125 -0.66,0.083 -0.931,-0.1l0.462,-0.576c1.142,-1.428 2.872,-2.259 4.7,-2.259l0.214,0Z" style="fill:#1f140a;"/>
|
||||
<g>
|
||||
<path d="M11,12.017c0.271,0 0.534,0.036 0.784,0.103c0.216,0.88 1.799,4.711 2.216,4.398l0,0.501c0,0.795 -0.316,1.557 -0.878,2.12c-0.562,0.562 -1.325,0.878 -2.12,0.878c-0.001,0 -0.001,0 -0.002,0c-1.657,0 -3,-1.343 -3,-3c0,-0.655 0,-1.348 0,-2.002c0,-0.795 0.316,-1.558 0.878,-2.12c0.562,-0.562 1.325,-0.878 2.12,-0.878l0.002,0Z" style="fill:#fff;"/>
|
||||
<path d="M11.784,12.12c1.277,0.345 2.216,1.511 2.216,2.897l0,1.501c-0.417,0.313 -0.936,0.499 -1.498,0.499l-0.004,0c-1.38,0 -2.498,-1.119 -2.498,-2.498l0,-0.004c0,-1.132 0.752,-2.088 1.784,-2.395Z"/>
|
||||
</g>
|
||||
<g>
|
||||
<path d="M21,12.017c0.271,0 0.534,0.036 0.784,0.103c0.216,0.88 1.799,4.711 2.216,4.398l0,0.501c0,0.795 -0.316,1.557 -0.878,2.12c-0.562,0.562 -1.325,0.878 -2.12,0.878c-0.001,0 -0.001,0 -0.002,0c-1.657,0 -3,-1.343 -3,-3c0,-0.655 0,-1.348 0,-2.002c0,-0.795 0.316,-1.558 0.878,-2.12c0.562,-0.562 1.325,-0.878 2.12,-0.878l0.002,0Z" style="fill:#fff;"/>
|
||||
<path d="M21.784,12.12c1.277,0.345 2.216,1.511 2.216,2.897l0,1.501c-0.417,0.313 -0.936,0.499 -1.498,0.499l-0.004,0c-1.38,0 -2.498,-1.119 -2.498,-2.498l0,-0.004c0,-1.132 0.752,-2.088 1.784,-2.395Z"/>
|
||||
</g>
|
||||
</g>
|
||||
</g>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 6.3 KiB |
1
websites/infra4future.de/assets/img/icons/mattermost.svg
Normal file
1
websites/infra4future.de/assets/img/icons/mattermost.svg
Normal file
File diff suppressed because one or more lines are too long
|
After Width: | Height: | Size: 6.3 KiB |
3
websites/infra4future.de/assets/img/icons/nextcloud.svg
Normal file
3
websites/infra4future.de/assets/img/icons/nextcloud.svg
Normal file
File diff suppressed because one or more lines are too long
|
After Width: | Height: | Size: 10 KiB |
92
websites/infra4future.de/assets/img/infra4future.svg
Normal file
92
websites/infra4future.de/assets/img/infra4future.svg
Normal file
File diff suppressed because one or more lines are too long
|
After Width: | Height: | Size: 111 KiB |
BIN
websites/infra4future.de/assets/img/logo_vernetzung.png
Normal file
BIN
websites/infra4future.de/assets/img/logo_vernetzung.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 1.4 MiB |
|
|
@ -23,34 +23,47 @@ Die Nutzung ist für alle offen! Einfach bei dem Login-Screen auf Registrieren k
|
|||
{% include a-name.html name="services" %}
|
||||
# Dienste
|
||||
|
||||
Bisher haben wir auf diesem Server schon einige Dienste installiert, darunter:
|
||||
Sobald ihr einen Account für infra4future habt, könnt ihr euch mit diesem zu allen diesen Diensten einloggen ohne euch für jeden nochmal extra registrieren zu müssen. Eine vollständige Liste an für euch nutzbaren Diensten findet ihr unter [login.infra4future.de](https://login.infra4future.de). Dort könnt ihr außerdem euren Account verwalten und z.B. das Passwort, Mailadresse, oder Anzeigenamen ändern.
|
||||
|
||||
Aktuell betreiben wir:
|
||||
|
||||
- [Nextcloud](https://cloud.infra4future.de), mit dem ihr Dateien mit eurer Gruppe oder allen Teilen könnt, sowie einige Erweiterungen:
|
||||
- *Deck* und *Tasks* zum Verwalten (und Überblick-Behalten) über all die Projekte, die mensch so startet
|
||||
- ein Kalender
|
||||
- Collabora — erlaubt euch, übliche Office-Dokumente direkt online zu bearbeiten
|
||||
- ein Kochbuch, denn Essen ist wichtig für den Widerstand! 🍲
|
||||
- Onlyoffice — erlaubt euch, übliche Office-Dokumente direkt online zu bearbeiten
|
||||
- [Mattermost](https://mattermost.infra4future.de), eine Plattform zur Echtzeitkommunikation, ähnlich zu Slack.
|
||||
- [Discourse](https://discuss.infra4future.de), ein Forum für asynchrone Kommunikation
|
||||
- [Mumble](https://mumble.hacc.space), für Telefonkonferenzen.
|
||||
- [LimeSurvey](https://survey.infra4future.de), ein Tool zum Erstellen und Durchführen von Umfragen
|
||||
- [GitLab](https://gitlab.infra4future.de) und [GitLab Pages](https://gitlab.infra4future.de/help/user/project/pages/index.md), eine Hostingplattform für git-Repositories, zum gemeinschaftlichen auf-Software-einhacken (und Webseiten hosten).
|
||||
- [hacc.media](https://hacc.media), unsere Videoplattform für Vorträge und ähnliches mit Klimabezug (schreibt uns eine Mail, falls ihr eure Aufnahmen dort auch sehen wollt)
|
||||
|
||||
Sobald ihr einen Account für infra4future habt, könnt ihr euch mit diesem zu allen diesen Diensten einloggen ohne euch für jeden nochmal extra registrieren zu müssen.
|
||||
- [Mumble](https://mumble.hacc.space), für Audiokonferenzen.
|
||||
- [Hedgedoc](https://pad.infra4future.de), für schnelle, kollaborative Notizen.
|
||||
- [Gitea](https://git.infra4future.de), eine Hostingplattform für git-Repositories, zum gemeinschaftlichen auf-Software-einhacken.
|
||||
|
||||
Falls das eure Bedürfnisse noch nicht abdeckt oder ihr andere coole Software haben die ihr gerne benutzen würdet, meldet euch bei uns — wir können nichts versprechen, aber wenn möglich fügen wir gerne auch noch weitere Dienste dazu.
|
||||
|
||||
{% include banner.html quote="It is our predicament that we live in a finite world, and yet we behave as if it were infinite." author="Naomi Klein" %}
|
||||
|
||||
|
||||
|
||||
{% include a-name.html name="faq" %}
|
||||
# Frequently Asked Questions
|
||||
|
||||
|
||||
{% include faq.html question="Wo kann ich meinen Account bearbeiten?" answer="Deine persönlichen Details kannst du global auf https://auth.infra4future.de/auth/realms/forfuture/account" %}
|
||||
{% include faq.html question="Ich suche einen Dienst für Videotelefonie" answer="Wir haben unseren Jitsi Dienst aufgrund des hohen Wartungsaufwands eingestellt. Wir können aber [meet.ffmuc.net](https://meet.ffmuc.net/) oder [senfcall.de](https://www.senfcall.de/) empfehlen!" %}
|
||||
|
||||
{% include faq.html question="Wo kann ich meinen Account bearbeiten?"
|
||||
answer="Dein Passwort, deine Mailadresse und deinen Anzeigenamen kannst du
|
||||
auf [login.infra4future.de](https://login.infra4future.de) bearbeiten." %}
|
||||
{% include faq.html question="Wie füge ich Menschen zu meiner Gruppe hinzu?"
|
||||
answer="Da alle Accounts zentral über
|
||||
[login.infra4future.de](https://login.infra4future.de) verwaltet werden,
|
||||
werden auch die Zugehörigkeiten zu einzelnen Gruppen dort verwaltet.
|
||||
|
||||
Natürlich gibt es auch Gruppen bzw. Teams in Mattermost und Nextcloud; diese
|
||||
werden möglichst automatisch auf einem Stand mit login.infra4future.de gehalten.
|
||||
Leider gilt das nicht anders herum — fügt also bitte neue Leute nicht direkt
|
||||
in Mattermost zu eurem Team hinzu, sondern auf login.infra4future.de oder schickt
|
||||
ihnen einen Einladungslink. Andernfalls kann es sein, dass sie automatisch
|
||||
wieder entfernt werden.
|
||||
" %}
|
||||
{% include faq.html question="Wie erstelle ich Einladungslinks für meine Gruppe?"
|
||||
answer="Wenn du Teil der Moderation deines Teams bist, kannst du Einladungslinks
|
||||
unter [login.infra4future.de/invite](https://login.infra4future.de/invite)
|
||||
erstellen. Diese können sowohl benutzt werden, um neue Accounts zu erstellen,
|
||||
als auch, um mit einem bereits existierenden Account einer weiteren Gruppe
|
||||
beizutreten.
|
||||
" %}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ title: Infra4future
|
|||
|
||||
1. Geltungsbereich der Nutzungsbedingungen
|
||||
|
||||
(1) Diese Nutzungsbedingungen gelten für das Online-Angebot Infra4future, das im Internet unter cloud.infra4future.de, talk.infra4future.de, mattermost.infra4future.de, auth.infra4future.de, social.infra4future.de, gitlab.infra4future.de, survey.infra4future.de, live.infra4future.de, 4future.dev und discuss.infra4future.de abrufbar ist. Hierbei handelt es sich um eine Plattform, auf der Nutzer Profile anlegen können.
|
||||
(1) Diese Nutzungsbedingungen gelten für das Online-Angebot Infra4future, das im Internet unter cloud.infra4future.de, talk.infra4future.de, mattermost.infra4future.de, login.infra4future.de, git.infra4future.de, 4future.dev und discuss.infra4future.de abrufbar ist. Hierbei handelt es sich um eine Plattform, auf der Nutzer Profile anlegen können.
|
||||
|
||||
(2) Sie können die derzeit gültigen Nutzungsbedingungen unter infra4future.de/nutzungsbedingungen.html abrufen und ausdrucken.
|
||||
|
||||
|
|
|
|||
|
|
@ -300,14 +300,11 @@ Of course we also did and do support multiple events and groups in Munich and Ge
|
|||
<ul>
|
||||
<li>Regular meetings of the <a href="https://muc.hacc.earth">hacc e.V.</a>, usually every 1st and 3rd Wednesday 7:30 p.m. at <a href="https://muc.ccc.de/">muCCC</a>. At the moment we meet online on <a href="https://mumble.hacc.space/">mumble.hacc.space</a>.</li>
|
||||
<li>Regular matinanence of the <a href="https://muc.hacc.earth">hacc e.V.</a> infrastrucutre, usually the Wednesday after the regular meeting sometime in the evening. Normally coordinated on <a href="https://mumble.hacc.space/">mumble.hacc.space</a>.</li>
|
||||
<li>Help us running the hacc e.V. infrastructure like <a href="https://infra4future.de">infra4future.de</a>. You can open an issue on our <a href="https://gitlab.infra4future.de/hacc/infra/meta">meta discussion repository</a> or (if you are familiar with Nix) open a merge request <a href="https://gitlab.infra4future.de/hacc/infra/haccfiles">on the nixfiles</a> which control a growing part of our infrastructure. Or just ask us via one of hacc e.V. channels above.
|
||||
<li>Help us running the hacc e.V. infrastructure like <a href="https://infra4future.de">infra4future.de</a>. You can open an issue or create a merge request <a href="https://git.infra4future.de/hacc/haccfiles">on the nixfiles</a> which control a growing part of our infrastructure. Or just ask us via one of hacc e.V. channels above.
|
||||
</li>
|
||||
<li>
|
||||
Interested in streaming and recording? Get in <a href="#contact">contact with hacc-voc</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="https://hacc.4future.dev/infra4future/blog-zola">The hacc blog</a> can always use input. It's based on <a href="https://getzola.org">zola</a>. The source of our blog is <a href="https://gitlab.infra4future.de/hacc/infra4future/blog-zola">here</a>.
|
||||
</li>
|
||||
<li>
|
||||
Use the <a href="https://hacc.wiki">wiki</a> and add your project!
|
||||
</li>
|
||||
|
|
@ -402,12 +399,12 @@ registered at the local court Munich VR 208921
|
|||
<ul>
|
||||
<li>raphael or rw</li>
|
||||
<li>zauberberg</li>
|
||||
<li>schweby</li>
|
||||
</ul
|
||||
<li>moira</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li><a href="https://gitlab.infra4future.de/hacc/verein/satzung">Satzung</a> (statutes)</li>
|
||||
<li><a href="https://gitlab.infra4future.de/hacc/verein/mitgliedsantrag">Mitgliedsantrag</a> (membership application)</li>
|
||||
<li><a href="https://gitlab.infra4future.de/hacc/verein/zuwendungen">Vereinfachter Spendennachweis</a> (simplified proof of donation)</li>
|
||||
<li><a href="https://git.infra4future.de/hacc/satzung">Satzung</a> (statutes)</li>
|
||||
<li><a href="https://git.infra4future.de/hacc/mitgliedsantrag">Mitgliedsantrag</a> (membership application)</li>
|
||||
<li><a href="https://git.infra4future.de/hacc/zuwendungen">Vereinfachter Spendennachweis</a> (simplified proof of donation)</li>
|
||||
</ul>
|
||||
</p>
|
||||
<p>
|
||||
|
|
@ -430,7 +427,7 @@ Germany<br>
|
|||
<div class="section">
|
||||
<h1>About this page<span class="blink"></span></h1>
|
||||
<p>
|
||||
The source of the page can be found <a href="https://gitlab.infra4future.de/hacc/infra4future/muc.hacc.earth">here</a>. As with the hacc e.V. infrastructure in general you are invited to make change requests or just <a href="#contac">contact</a> us to ask for changes.
|
||||
The source of the page can be found <a href="https://git.infra4future.de/hacc/haccfiles/src/branch/main/websites/muc.hacc.earth">here</a>. As with the hacc e.V. infrastructure in general you are invited to make change requests or just <a href="#contac">contact</a> us to ask for changes.
|
||||
</p>
|
||||
<p>
|
||||
The hacc logo was designed by <a href="https://creativesforfuture.de/">Creatives for Future</a>.
|
||||
|
|
@ -443,7 +440,7 @@ The hacc logo was designed by <a href="https://creativesforfuture.de/">Creatives
|
|||
</main>
|
||||
<footer class="content" style="z-index: 200">
|
||||
<div>
|
||||
<a href="https://gitlab.infra4future.de/hacc/infra4future/muc.hacc.earth">Source of muc.hacc.earth</a> •
|
||||
<a href="https://git.infra4future.de/hacc/haccfiles/src/branch/main/websites/muc.hacc.earth">Source of muc.hacc.earth</a> •
|
||||
<a href="#contact">Contact</a> •
|
||||
<a href="https://infra4future.de/impressum.html">Imprint</a>
|
||||
</div>
|
||||
|
|
|
|||
Loading…
Reference in a new issue