peter
/
haccfiles
forked from hacc/haccfiles
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

merge into: peter:nixdapatchpatch
Branches Tags
peter:peter-mail
peter:license
peter:main
peter:fix/mattermost
peter:ssl_mumble
peter:moira_name_change
peter:init-gitea
peter:fix-mail
peter:nextcloud-config-cleanup
peter:mattermost-group-sync
peter:nextcloud24
peter:schweby-main-patch-74823
peter:nixdapatchpatch
peter:fix/mail_logspam
peter:fix/postfix_dying
peter:update/update-companion
peter:refactor/v2
peter:no_companion
peter:potato-obs
peter:update/mattermost-6-0-0
peter:update/WikiDB-5.0.4
peter:feature/shortcutdomain
peter:feature/limesurvey
peter:matrix-synapse
peter:feature/keytracker
peter:feature/wink
peter:feature/pluto-notebooks
peter:nixda-stuff
peter:zauberberg-password
peter:fix/deploy-gc
peter:hedgedoc_samesite_cookie
peter:pad.hacc.earth-redirect
peter:5-hacc-space-expired
peter:nextcloud
peter:obs-addons
peter:peertube
peter:nix-dns
peter:immae_peertube
peter:sympa
peter:funkwhale
hacc:main
hacc:24_04-remove-nftables_ruleset
hacc:nicer-nftables
hacc:monit-onlyoffice-restart
hacc:mattermost-kanidm
hacc:mattermost-update
hacc:removing-nix-hexchen
hacc:onlyoffice-nix
hacc:nextcloud-docs-on-website
...
pull from: peter:main
Branches Tags
peter:peter-mail
peter:license
peter:main
peter:fix/mattermost
peter:ssl_mumble
peter:moira_name_change
peter:init-gitea
peter:fix-mail
peter:nextcloud-config-cleanup
peter:mattermost-group-sync
peter:nextcloud24
peter:schweby-main-patch-74823
peter:nixdapatchpatch
peter:fix/mail_logspam
peter:fix/postfix_dying
peter:update/update-companion
peter:refactor/v2
peter:no_companion
peter:potato-obs
peter:update/mattermost-6-0-0
peter:update/WikiDB-5.0.4
peter:feature/shortcutdomain
peter:feature/limesurvey
peter:matrix-synapse
peter:feature/keytracker
peter:feature/wink
peter:feature/pluto-notebooks
peter:nixda-stuff
peter:zauberberg-password
peter:fix/deploy-gc
peter:hedgedoc_samesite_cookie
peter:pad.hacc.earth-redirect
peter:5-hacc-space-expired
peter:nextcloud
peter:obs-addons
peter:peertube
peter:nix-dns
peter:immae_peertube
peter:sympa
peter:funkwhale
hacc:main
hacc:24_04-remove-nftables_ruleset
hacc:nicer-nftables
hacc:monit-onlyoffice-restart
hacc:mattermost-kanidm
hacc:mattermost-update
hacc:removing-nix-hexchen
hacc:onlyoffice-nix
hacc:nextcloud-docs-on-website

66 Commits
nixdapatch ... main

Author SHA1 Message Date
stuebinm 35853d56e2 re-add infra4future.de faq 
(contains info about how groups work)
 2022-09-25 19:20:20 +02:00
Moira 41c914991a
Merge remote-tracking branch 'origin/fix/mattermost' 2022-09-24 18:05:44 +02:00
stuebinm f2c90e5601 websites: remove mentions of gitlab.infra4future.de 
(one remains for now, will do that later once anyone from students
for future says what to do in that case)
 2022-09-24 17:46:48 +02:00
Moira 77d7625315
remove gitlab 2022-09-24 17:29:42 +02:00
hexchen 04272968d0 update and fix mattermost 2022-09-24 14:59:52 +00:00
Moira 7e615e6daa
Merge branch 'infra4future.de-update' 2022-09-19 18:12:54 +02:00
Moira 82e70e0151
change name 2022-09-19 18:11:54 +02:00
stuebinm 6bba15faae
gitea: git protocol v2 over ssh 
cf. https://docs.gitea.io/en-us/config-cheat-sheet/#git-git, entry for
option ENABLE_AUTO_GIT_WIRE_PROTOCOL
 2022-09-19 18:11:54 +02:00
stuebinm 9bf75b9c3d
git ssh: switch to gitea (instead of gitlab) 2022-09-19 18:11:54 +02:00
stuebinm 83cda0f44a
gitea: save state under /persist 2022-09-19 18:11:54 +02:00
stuebinm 97459d8177
gitea: enable offline mode 2022-09-19 18:11:54 +02:00
stuebinm 6aa06aed18
gitea: fix uffd login 
(note that this actually has to patch uffd)
 2022-09-19 18:11:54 +02:00
stuebinm 639410011e
update lantifa source urls & hashes 2022-09-19 18:11:54 +02:00
schweby 7db9dbb4c2
!fixup add missing settings section 2022-09-19 18:11:53 +02:00
schweby 856cd79c37
init basic untested config 2022-09-19 18:11:53 +02:00
Moira 3ea537459b
change name 2022-09-12 19:29:51 +02:00
stuebinm f53cb24d2e update infra4future.de index website 2022-09-07 22:08:36 +02:00
stuebinm 45ceeef189
gitea: git protocol v2 over ssh 
cf. https://docs.gitea.io/en-us/config-cheat-sheet/#git-git, entry for
option ENABLE_AUTO_GIT_WIRE_PROTOCOL
 2022-08-03 11:26:05 +02:00
stuebinm e246563f57 git ssh: switch to gitea (instead of gitlab) 2022-08-01 20:54:17 +02:00
stuebinm a1c5832a51 gitea: save state under /persist 2022-08-01 18:39:46 +02:00
stuebinm c854e10980
gitea: enable offline mode 2022-07-27 23:26:13 +02:00
stuebinm b5a68e09fd
gitea: fix uffd login 
(note that this actually has to patch uffd)
 2022-07-27 23:26:13 +02:00
stuebinm f9f1eee6fd
update lantifa source urls & hashes 2022-07-27 23:26:13 +02:00
schweby db5865fff2
!fixup add missing settings section 2022-07-27 23:26:13 +02:00
schweby 65ec0779b7
init basic untested config 2022-07-27 23:26:13 +02:00
stuebinm 4b53211130
mattermost: minor upgrade (6.7.0 -> 6.7.2) 2022-07-27 23:25:46 +02:00
schweby 86b9d3113c
parsons/mail: readd noreply@infra4ure 2022-07-17 19:36:42 +02:00
schweby 39aaf2e0bb
!fixup make virtual addresses actually work 
also fix typo
 2022-07-10 19:02:45 +02:00
schweby 8021685ec8
update mail config 2022-07-09 20:56:46 +02:00
stuebinm 8f413da05a services/nextcloud: remove mail & redis 
(both of these have lots of options, which either do nothing at all or
are misconfigured in some way and don't work. If we want redis-caching,
we can re-add it later, but the current state suggest it's already
working, which it isn't, which is worse)
 2022-07-09 20:27:46 +02:00
stuebinm e9d2630ea9 fix auamost path 2022-07-09 19:11:30 +02:00
stuebinm 445a974f97 magic mattermost group sync 2022-07-09 11:00:57 +02:00
stuebinm 4eecd1bad4 update nextcloud to 24 
(apparently we forget to commit this??)
 2022-07-09 10:56:58 +02:00
schweby 430efbc0a5
update sources 2022-06-09 14:56:38 +02:00
schweby 3dc6b5e3e9
common/users: update schwebys ssh key 2022-05-22 15:08:42 +02:00
hexchen 507a144165 Add uffd application icons 2022-05-02 16:28:37 +00:00
hexchen 7015386cd6 Fix uffd brand icon 2022-05-02 15:53:27 +00:00
schweby 440076bae9
services/nextcloud: make login work reliably 2022-04-30 23:35:19 +02:00
hexchen 27cc65fb14 feat: new SSO!!!! 🎉 2022-04-30 20:43:12 +00:00
stuebinm 287cb84d82
services/mattermost: bump to 6.6.0 2022-04-16 20:31:58 +02:00
schweby 3ee3c37ccb
sources: updates 
CVE-2022-1162
 2022-04-06 09:05:25 +02:00
stuebinm 39bec9fbd0
services/mattermost: bump to 6.5.0 2022-03-18 19:28:43 +01:00
stuebinm 5c85431847
mattermost: bump to 6.4.2 (security update) 2022-03-11 14:01:53 +01:00
schweby 2cf0119ec1
sources: updates 
update kernel to proteced against CVE-2022-0847
 2022-03-07 20:44:33 +01:00
schweby a92ae39d65
gitlab-ci.yml: disable nixda build 
It's known broken. No need to waste time and resources.
Reenable when fixed.
 2022-02-27 12:22:30 +01:00
schweby f1c3a2d082
sources: updates 2022-02-27 12:19:36 +01:00
schweby 93c13debe6
services/mattermost: bump to 6.4.1 2022-02-27 11:57:52 +01:00
stuebinm 3e95d6c222
bump nix/sources.json 2022-02-17 19:49:53 +01:00
stuebinm ca19774c9e
services/mattermost: bump to 6.4.0 2022-02-17 19:49:38 +01:00
stuebinm 032c49c375
comment out services/workadventure 
(we're not using it and it's eating build times, so I've disabled it for
now)
 2022-02-17 19:48:45 +01:00
stuebinm 4b71a216ba
services/mattermost: bump to 6.1.3 
(another security update)
 2022-02-05 01:08:46 +01:00
schweby 17d695c00b
common: add niv 2022-02-04 08:51:39 +01:00
schweby 7815e32f9f
services/mail: reduce logspam 
reduce logspam by out mail services by seeting them to logleven 5
(notice) and 3 (error)
 2022-02-01 17:07:52 +01:00
stuebinm 99811b6711 bump update nixos-mailserver to 21.11 2022-02-01 14:44:47 +01:00
stuebinm 1aebabe8a0 parsons/restics: s3CredentialsFile is deprecated 
This is untested, but the documentation on the s3CredentialsFile option
seems to suggest this should be correct.
 2022-02-01 14:03:40 +01:00
stuebinm 10942ca464 bump home manager to 21.11 2022-02-01 14:00:35 +01:00
schweby 2d429492fe
services/mail: stop postfix from dying by rspamd 2022-01-31 21:43:25 +01:00
schweby 4bf804c025
services/syncthing: add Vorstands share 
currently the receiveencrypted type is not supported by the nixos module
so we have to set it via the webinterface
 2022-01-27 22:53:17 +01:00
schweby 8716f2b308
services/syncthing: update config format 2022-01-27 22:52:49 +01:00
hexchen 6de0b91beb fixer tous les things 2022-01-27 20:20:25 +00:00
stuebinm 9937d5ff94
fixing pad.hacc.space (hopefully) 
(I haven't tested this, since I don't want to try the upgrade-adventure
a second time today, but I think this should fix it)
 2022-01-27 20:38:06 +01:00
stuebinm 4ff0bdf3ec
whoops, apparently some rebase went wrong 
(fixing it back into a buildable state)
 2022-01-27 20:38:04 +01:00
stuebinm 676ba4fc31
services/hedgedocs: use socket auth for postgres 2022-01-27 20:37:42 +01:00
schweby 569c5652f2
sources: update 2022-01-27 20:37:40 +01:00
schweby 238c1b2c92
mediawiki cleanup 2022-01-27 20:36:34 +01:00
stuebinm c2c0bd366a
bump nixpkgs to 21.11 
This simply updates nixpkgs to 21.11 (along with a general update of
other sources), then follows the hints given out in the build process
until everything (on parsons) ran through fine.

Some things to note:
 - syncthing's declarative config is gone. Instead, declarative and
   non-declarative configuration can now be mixed, but with
   `overrideDevices` set to true, it _should_ ignore non-declarative
   settings and basically behave the same as before (or at least that's
   how I understood the documentation on that)
 - some postfix options now require a lib.mkForce, since the mail module
   also wants to set them — we should probably look into if the mail
   module has nicer ways of handling our settings now (which I didn't
   do)
 - we no longer import the vaultwarden module from unstable, since it's
   included in nixos 21.11 as-is. We _do_ still import the vaultwarden
   package from unstable, since downgrading sounds like a bad idea.
 - nix build will print a warning that `literalExample` is now
   depricated, but we don't seem to use that — I guess at some point
   we'll have to search through our sources if it doesn't go away

This was not yet deployed, and should probably considered a
work-in-progress.

Building Nixda currently fails decklink seems to have disappeared.
 2022-01-27 20:36:17 +01:00
36 changed files with 754 additions and 504 deletions
Show Stats Expand all files Collapse all files

7
.gitlab-ci.yml
View File

@ -7,10 +7,3 @@ build-parsons:
stage: build
script:
- nix-build -A deploy.parsons
build-nixda:
tags:
- nix
stage: build
script:
- nix-build -A deploy.nixda

1
common/default.nix
View File

@ -70,6 +70,7 @@ in {
s-tui stress
ffmpeg-full
bat
niv
];
security.acme.email = "info+acme@hacc.space";

4
common/users.nix
View File

@ -48,13 +48,13 @@
packages = with pkgs; [ ffmpeg ];
};
schweby = {
moira = {
uid = 1004;
shell = pkgs.fish;
isNormalUser = true;
extraGroups = [ "wheel" "cdrom" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL6JWi0MBDz0Zy4zjauQv28xYmHyapb8D4zeesq91LLE schweby@txsbcct"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJrcJRF71+XM5YZj+SaSiGcdVZ0IDxGBXIWssDtHiTtr moira_2022_06"
];
hashedPassword = "$6$zkAsaVdmIduqZxez$GY9aBlYeP41F0it/VbbZzLLLRQhHAbDdFsa3e/1GS9McTuSimMHODg6HqNVEH1zSqD3afhK/0UHfqbtF5qpi90";
};

8
hosts/parsons/configuration.nix
View File

@ -16,12 +16,12 @@
../../services/hedgedoc-i4f.nix
../../services/mail.nix
../../services/syncthing.nix
../../services/gitlab.nix
../../services/gitea.nix
../../services/nginx-pages.nix
../../services/gitlab-runner.nix
../../services/lantifa.nix
../../services/vaultwarden.nix
../../services/workadventure.nix
../../services/uffd.nix
# ../../services/workadventure.nix
./lxc.nix
];
@ -79,7 +79,7 @@
services.restic.backups.tardis = {
passwordFile = "/persist/restic/system";
s3CredentialsFile = "/persist/restic/system.s3creds";
environmentFile = "/persist/restic/system.s3creds";
paths = [
"/home"
"/persist"

1
modules/default.nix
View File

@ -6,7 +6,6 @@ in {
./nftnat
./decklink.nix
./websites.nix
"${sources.nixpkgs-unstable}/nixos/modules/services/security/vaultwarden"
];
# disabled since vaultwarden defines a dummy bitwarden_rs option that

8
modules/mattermost.nix
View File

@ -6,13 +6,9 @@ let
cfg = config.services.mattermost-patched;
defaultConfig = builtins.fromJSON (builtins.replaceStrings [ "\\u0026" ] [ "&" ]
(readFile "${pkgs.mattermost}/config/config.json")
);
database = "postgres://${cfg.localDatabaseUser}:${cfg.localDatabasePassword}@localhost:5432/${cfg.localDatabaseName}?sslmode=disable&connect_timeout=10";
mattermostConf = foldl recursiveUpdate defaultConfig
mattermostConf = foldl recursiveUpdate {}
[ { ServiceSettings.SiteURL = cfg.siteUrl;
ServiceSettings.ListenAddress = cfg.listenAddress;
TeamSettings.SiteName = cfg.siteName;
@ -227,7 +223,7 @@ in
User = cfg.user;
Group = cfg.group;
ExecStart = "${pkgs.mattermost}/bin/mattermost" +
(lib.optionalString (!cfg.mutableConfig) " -c ${database}");
(if cfg.mutableConfig then " -c ${database}" else " -c ${cfg.statePath}/config/config.json");
WorkingDirectory = "${cfg.statePath}";
Restart = "always";
RestartSec = "10";

62
nix/sources.json
View File

@ -6,15 +6,15 @@
"type": "git"
},
"home-manager": {
"branch": "release-21.05",
"branch": "release-21.11",
"description": "Manage a user environment using Nix [maintainer=@rycee] ",
"homepage": "https://nix-community.github.io/home-manager/",
"owner": "nix-community",
"repo": "home-manager",
"rev": "7329ffc6e911106494183557fc249180d5422929",
"sha256": "1liqvc6bhfypscbvq953j8izw806xn4vklh86zyqpkmsa5ac0yvp",
"rev": "d93d56ab8c1c6aa575854a79b9d2f69d491db7d0",
"sha256": "1fi27zabvqlyc2ggg7wr01j813gs46rswg1i897h9hqkbgqsjkny",
"type": "tarball",
"url": "https://github.com/nix-community/home-manager/archive/7329ffc6e911106494183557fc249180d5422929.tar.gz",
"url": "https://github.com/nix-community/home-manager/archive/d93d56ab8c1c6aa575854a79b9d2f69d491db7d0.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"mattermost-server": {
@ -23,19 +23,19 @@
"homepage": "https://mattermost.com",
"owner": "mattermost",
"repo": "mattermost-server",
"rev": "3172adfce9d98fe8f9c98ccd0a0fdbb52291ae0a",
"sha256": "1sy0kydp87pwby0whgq678jq1zpivqndip81787r9b3dqcyq47cp",
"rev": "2ea14ef395fad8919b2f4137642a7f50b370ffba",
"sha256": "1k5zqnc4yqnad2cw1wpqk22mjra08jz9gf4v692kbrgx3x4d13kh",
"type": "tarball",
"url": "https://github.com/mattermost/mattermost-server/archive/refs/tags/v6.1.2.tar.gz",
"url": "https://github.com/mattermost/mattermost-server/archive/refs/tags/v6.7.2.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/refs/tags/v<version>.tar.gz",
"version": "6.1.2"
"version": "6.7.2"
},
"mattermost-webapp": {
"sha256": "1m337g6yqjmfk1n39l8sx83hrz0fzipwkqvnkwj7nrs7j3yhndw0",
"sha256": "0pwjfklk0q28yza2iny0im5pq3x430jskvq6rvfq7ycx251s98hx",
"type": "tarball",
"url": "https://releases.mattermost.com/6.1.2/mattermost-6.1.2-linux-amd64.tar.gz",
"url": "https://releases.mattermost.com/6.7.2/mattermost-6.7.2-linux-amd64.tar.gz",
"url_template": "https://releases.mattermost.com/<version>/mattermost-<version>-linux-amd64.tar.gz",
"version": "6.1.2"
"version": "6.7.2"
},
"niv": {
"branch": "master",
@ -43,10 +43,10 @@
"homepage": "https://github.com/nmattia/niv",
"owner": "nmattia",
"repo": "niv",
"rev": "5830a4dd348d77e39a0f3c4c762ff2663b602d4c",
"sha256": "1d3lsrqvci4qz2hwjrcnd8h5vfkg8aypq3sjd4g3izbc8frwz5sm",
"rev": "82e5cd1ad3c387863f0545d7591512e76ab0fc41",
"sha256": "090l219mzc0gi33i3psgph6s2pwsc8qy4lyrqjdj4qzkvmaj65a7",
"type": "tarball",
"url": "https://github.com/nmattia/niv/archive/5830a4dd348d77e39a0f3c4c762ff2663b602d4c.tar.gz",
"url": "https://github.com/nmattia/niv/archive/82e5cd1ad3c387863f0545d7591512e76ab0fc41.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"nix-hexchen": {
@ -60,37 +60,25 @@
"url_template": "<repo>/-/archive/<rev>.tar.gz"
},
"nixos-mailserver": {
"branch": "nixos-21.05",
"ref": "nixos-21.05",
"branch": "nixos-21.11",
"ref": "nixos-21.11",
"repo": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver",
"rev": "5675b122a947b40e551438df6a623efad19fd2e7",
"sha256": "1fwhb7a5v9c98nzhf3dyqf3a5ianqh7k50zizj8v5nmj3blxw4pi",
"rev": "6e3a7b2ea6f0d68b82027b988aa25d3423787303",
"sha256": "1i56llz037x416bw698v8j6arvv622qc0vsycd20lx3yx8n77n44",
"type": "tarball",
"url": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/5675b122a947b40e551438df6a623efad19fd2e7.tar.gz",
"url": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/6e3a7b2ea6f0d68b82027b988aa25d3423787303.tar.gz",
"url_template": "<repo>/-/archive/<rev>.tar.gz"
},
"nixpkgs": {
"branch": "nixos-21.05",
"description": "Nix Packages collection",
"homepage": "",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "7bca80140fc7732c7357b26002db3d87b3ba4c61",
"sha256": "0vyjpf1jw4cvw7kfbk055faq08q4swz6v1h2mf9zw4r8frhqa73w",
"type": "tarball",
"url": "https://github.com/nixos/nixpkgs/archive/7bca80140fc7732c7357b26002db3d87b3ba4c61.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"nixpkgs-new": {
"branch": "nixos-21.11",
"description": "Nix Packages collection",
"homepage": "",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "8588b14a397e045692d0a87192810b6dddf53003",
"sha256": "15srsgbhgn27wa4kz4x0gfqbsdnwig0h0y8gj2h4nnw92nrxpvnm",
"rev": "eabc38219184cc3e04a974fe31857d8e0eac098d",
"sha256": "04ffwp2gzq0hhz7siskw6qh9ys8ragp7285vi1zh8xjksxn1msc5",
"type": "tarball",
"url": "https://github.com/nixos/nixpkgs/archive/8588b14a397e045692d0a87192810b6dddf53003.tar.gz",
"url": "https://github.com/nixos/nixpkgs/archive/eabc38219184cc3e04a974fe31857d8e0eac098d.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"nixpkgs-unstable": {
@ -99,10 +87,10 @@
"homepage": "",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "ac169ec6371f0d835542db654a65e0f2feb07838",
"sha256": "0bwjyz15sr5f7z0niwls9127hikp2b6fggisysk0cnk3l6fa8abh",
"rev": "ae1dc133ea5f1538d035af41e5ddbc2ebcb67b90",
"sha256": "0dq22dagzk76x2ws4dz88w018i6byamd6rnzqizx68bzimg6g7xn",
"type": "tarball",
"url": "https://github.com/nixos/nixpkgs/archive/ac169ec6371f0d835542db654a65e0f2feb07838.tar.gz",
"url": "https://github.com/nixos/nixpkgs/archive/ae1dc133ea5f1538d035af41e5ddbc2ebcb67b90.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"workadventure": {

22
nix/sources.nix
View File

@ -31,8 +31,28 @@ let
if spec ? branch then "refs/heads/${spec.branch}" else
if spec ? tag then "refs/tags/${spec.tag}" else
abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!";
submodules = if spec ? submodules then spec.submodules else false;
submoduleArg =
let
nixSupportsSubmodules = builtins.compareVersions builtins.nixVersion "2.4" >= 0;
emptyArgWithWarning =
if submodules == true
then
builtins.trace
(
"The niv input \"${name}\" uses submodules "
+ "but your nix's (${builtins.nixVersion}) builtins.fetchGit "
+ "does not support them"
)
{}
else {};
in
if nixSupportsSubmodules
then { inherit submodules; }
else emptyArgWithWarning;
in
builtins.fetchGit { url = spec.repo; inherit (spec) rev; inherit ref; };
builtins.fetchGit
({ url = spec.repo; inherit (spec) rev; inherit ref; } // submoduleArg);
fetch_local = spec: spec.path;

3
pkgs/default.nix
View File

@ -4,7 +4,6 @@ let
sources = import ../nix/sources.nix;
pkgs = import sources.nixpkgs args;
unstable = import sources.nixpkgs-unstable args;
new = import sources.nixpkgs-new args;
callPackage = pkgs.lib.callPackageWith (pkgs // newpkgs);
@ -61,6 +60,8 @@ let
'';
};
uffd = callPackage ./uffd {};
inherit (unstable) bottom vaultwarden vaultwarden-vault;
};

7
pkgs/mattermost/default.nix
View File

@ -12,10 +12,9 @@ let
goPackagePath = "github.com/mattermost/mattermost-server";
buildFlagsArray = ''
-ldflags=
-X ${goPackagePath}/model.BuildNumber=nixpkgs-${version}
'';
ldflags = [
"-X ${goPackagePath}/model.BuildNumber=nixpkgs-${version}"
];
};

34
pkgs/uffd/default.nix Normal file
View File

@ -0,0 +1,34 @@
{ stdenv, lib, python3Packages, fetchzip }:
python3Packages.buildPythonPackage rec {
pname = "uffd";
version = "2.0.1";
src = fetchzip {
url = "https://git.cccv.de/uffd/uffd/-/archive/v${version}/uffd-v${version}.tar.gz";
hash = "sha256-KP4J1bw5u7MklaPu2SBFRNyGgkKOBOpft5MMH+em5M4=";
};
patches = [ ./gitea-magic.patch ./fix-setuppy.patch ./fix-userinfo.patch ];
propagatedBuildInputs = with python3Packages; [
flask
flask_sqlalchemy
flask_migrate
qrcode
fido2
oauthlib
flask-babel
argon2_cffi
itsdangerous
alembic
Mako
];
postPatch = ''
sed -i -e 's/==[0-9.]\+//g' setup.py
'';
doCheck = false;
doInstallCheck = false;
}

34
pkgs/uffd/fix-setuppy.patch Normal file
View File

@ -0,0 +1,34 @@
--- a/setup.py 2022-04-30 13:12:45.564651955 +0000
+++ b/setup.py 2022-04-30 13:17:02.545809513 +0000
@@ -41,31 +41,5 @@
'Flask-Babel==0.11.2',
'alembic==1.0.0',
'argon2-cffi==18.3.0',
-
- # The main dependencies on their own lead to version collisions and pip is
- # not very good at resolving them, so we pin the versions from Debian Buster
- # for all dependencies.
- 'certifi==2018.8.24',
- #cffi==1.12.2'
- 'cffi # v1.12.2 no longer works with python3.9. Newer versions seem to work fine.',
- 'chardet==3.0.4',
- 'click==7.0',
- 'cryptography==2.6.1',
- 'idna==2.6',
- 'itsdangerous==0.24',
- 'Jinja2==2.10',
- 'MarkupSafe==1.1.0',
- 'oauthlib==2.1.0',
- 'pyasn1==0.4.2',
- 'pycparser==2.19',
- 'requests==2.21.0',
- 'requests-oauthlib==1.0.0',
- 'six==1.12.0',
- 'SQLAlchemy==1.2.18',
- 'urllib3==1.24.1',
- 'Werkzeug==0.14.1',
- 'python-dateutil==2.7.3',
- #editor==1.0.3
- 'Mako==1.0.7',
],
)

10
pkgs/uffd/fix-userinfo.patch Normal file
View File

@ -0,0 +1,10 @@
--- a/uffd/oauth2/views.py 2022-04-30 20:39:53.825474990 +0000
+++ b/uffd/oauth2/views.py 2022-04-30 20:40:12.632389377 +0000
@@ -234,6 +234,7 @@
id=user.unix_uid,
name=user.displayname,
nickname=user.loginname,
+ username=user.loginname,
email=user.mail,
groups=[group.name for group in user.groups]
)

32
pkgs/uffd/gitea-magic.patch Normal file
View File

@ -0,0 +1,32 @@
From e3c0995160a653ef6cd8784b255036585b273b82 Mon Sep 17 00:00:00 2001
From: stuebinm <stuebinm@disroot.org>
Date: Wed, 20 Jul 2022 18:02:15 +0200
Subject: [PATCH] magic gitea patch
---
uffd/oauth2/views.py | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/uffd/oauth2/views.py b/uffd/oauth2/views.py
index d13fd42..94352be 100644
--- a/uffd/oauth2/views.py
+++ b/uffd/oauth2/views.py
@@ -230,6 +230,15 @@ def oauth_required(*scopes):
@oauth_required('profile')
def userinfo():
user = request.oauth.user
+ client = request.oauth.client_id
+ if client == "gitea":
+ return jsonify(
+ id=user.unix_uid,
+ full_name=user.displayname,
+ login=user.loginname,
+ email=user.mail,
+ groups=[group.name for group in user.groups]
+ )
return jsonify(
id=user.unix_uid,
name=user.displayname,
--
2.36.0

133
services/gitea.nix Normal file
View File

@ -0,0 +1,133 @@
{ config, lib, pkgs, profiles, modules, evalConfig, sources, ... }:
{
containers.gitea = {
privateNetwork = true;
hostAddress = "192.168.100.1";
localAddress = "192.168.100.10";
autoStart = true;
bindMounts = {
"/persist" = {
hostPath = "/persist/containers/gitea";
isReadOnly = false;
};
};
path = (evalConfig {
hosts = { };
groups = { };
} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
boot.isContainer = true;
networking.useDHCP = false;
users.users.root.hashedPassword = "";
imports = [ ((import sources.nix-hexchen) { }).profiles.nopersist ];
environment.systemPackages = [ pkgs.gitea ];
hexchen.bindmounts."/var/lib/gitea" = "/persist/gitea";
nixpkgs.config.allowUnfree = true;
networking.firewall.enable = false;
networking.defaultGateway = {
address = "192.168.100.1";
interface = "eth0";
};
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
services.gitea = {
enable = true;
appName = "0x0: git for all creatures";
rootUrl = "https://git.infra4future.de/";
httpAddress = "0.0.0.0";
httpPort = 3000;
lfs.enable = true;
disableRegistration = true;
database.type = "postgres";
cookieSecure = true;
log.level = "Info";
# mailerPasswordFile =
# "/var/lib/secrets/noreply"; # see below for access permissions
settings = {
# mailer = {
# ENABLED = true;
# HOST = "0x0.rip:465";
# FROM = "noreply@0x0.rip";
# ENVELOPE_FROM = "noreply@0x0.rip";
# USER = "noreply@0x0.rip";
# };
repository = {
DEFAULT_PRIVATE = "public";
PREFERRED_LICENSES = "Unlicense";
DEFAULT_BRANCH = "main";
};
oauth2_client = {
ACCOUNT_LINKING = "auto";
ENABLE_AUTO_REGISTRATION = true;
};
"repository.pull-requests" = {
DEFAULT_MERGE_STYLE = "merge";
DEFAULT_MERGE_MESSAGE_ALL_AUTHORS = true;
};
"repository.upload".FILE_MAX_SIZE = 1024;
server = {
LANDING_PAGE = "explore";
OFFLINE_MODE = true;
};
security = { INSTALL_LOCK = true; };
other = {
SHOW_FOOTER_VERSION = false;
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
};
cron = {
ENABLED = true;
NOTICE_ON_SUCCESS = true;
};
"cron.update_mirrors" = {
SCHEDULE = "@every 12h";
PULL_LIMIT = "-1";
PUSH_LIMIT = "-1";
};
"cron.git_gc_repos".ENABLED = true;
"cron.delete_old_actions".ENABLED = true;
};
};
services.postgresqlBackup = {
enable = true;
databases = [ "gitea" ];
startAt = "*-*-* 23:45:00";
location = "/persist/backups/postgres";
};
services.openssh = {
enable = true;
passwordAuthentication = false;
listenAddresses = [ {
addr = "192.168.100.10";
port = 22;
} ];
extraConfig = ''
AcceptEnv GIT_PROTOCOL
'';
};
})).config.system.build.toplevel;
};
services.nginx.virtualHosts."git.infra4future.de" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://${config.containers.gitea.localAddress}:3000";
};
};
hexchen.nftables.nat.forwardPorts = [{
ports = [ 22 ];
destination = "${config.containers.gitea.localAddress}:22";
proto = "tcp";
}];
}

63
services/gitlab-runner.nix
View File

@ -1,63 +0,0 @@
{config, pkgs, lib, ...}:
{
services.gitlab-runner = {
enable = true;
concurrent = 4;
services = {
infra4future = {
buildsDir = "/persist/var/lib/gitlab-runner/builds";
dockerImage = "nixos/nix";
executor = "docker";
registrationConfigFile = "/persist/var/lib/gitlab-runner/gitlab-runner.env";
};
nix = {
limit = 1; # don't run multiple jobs
registrationConfigFile = "/persist/var/lib/gitlab-runner/gitlab-runner.env";
dockerImage = "alpine";
dockerVolumes = [
"/nix/store:/nix/store:ro"
"/nix/var/nix/db:/nix/var/nix/db:ro"
"/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
];
dockerDisableCache = true;
preBuildScript = pkgs.writeScript "setup-container" ''
mkdir -p -m 0755 /nix/var/log/nix/drvs
mkdir -p -m 0755 /nix/var/nix/gcroots
mkdir -p -m 0755 /nix/var/nix/profiles
mkdir -p -m 0755 /nix/var/nix/temproots
mkdir -p -m 0755 /nix/var/nix/userpool
mkdir -p -m 1777 /nix/var/nix/gcroots/per-user
mkdir -p -m 1777 /nix/var/nix/profiles/per-user
mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
mkdir -p -m 0700 "$HOME/.nix-defexpr"
. ${pkgs.nix}/etc/profile.d/nix.sh
${pkgs.nix}/bin/nix-env -i ${lib.concatStringsSep " " (with pkgs; [ nix cacert git openssh ])}
${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixpkgs-unstable
${pkgs.nix}/bin/nix-channel --update nixpkgs
'';
environmentVariables = {
ENV = "/etc/profile";
USER = "root";
NIX_REMOTE = "daemon";
PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin";
NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
};
tagList = [ "nix" ];
};
};
};
systemd.services.gitlab-runner.serviceConfig = {
DynamicUser = lib.mkForce false;
User = "gitlab-runner";
};
users.users.gitlab-runner = {
home = "/persist/var/lib/gitlab-runner";
extraGroups = [ "docker" ];
isSystemUser = true;
};
virtualisation.docker.storageDriver = "zfs";
}

168
services/gitlab.nix
View File

@ -1,168 +0,0 @@
{config, pkgs, lib, profiles, modules, evalConfig, sources, ...}:
{
containers.gitlab = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.1";
localAddress = "192.168.100.7";
bindMounts = {
"/persist" = {
hostPath = "/persist/containers/gitlab";
isReadOnly = false;
};
};
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
boot.isContainer = true;
networking.useDHCP = false;
users.users.root.hashedPassword = "";
imports = [
../modules/mattermost.nix
((import sources.nix-hexchen) {}).profiles.nopersist
];
nixpkgs.config.allowUnfree = true;
networking.firewall.enable = false;
networking.defaultGateway = {
address = "192.168.100.1";
interface = "eth0";
};
services.gitlab = {
enable = true;
databaseCreateLocally = true;
host = "gitlab.infra4future.de";
https = true;
port = 443;
statePath = "/persist/gitlab";
user = "git";
databaseUsername = "git";
initialRootPasswordFile = "/persist/secrets/gitlab-root";
secrets.secretFile = "/persist/secrets/gitlab-secret";
secrets.dbFile = "/persist/secrets/gitlab-db";
secrets.otpFile = "/persist/secrets/gitlab-otp";
secrets.jwsFile = "/persist/secrets/gitlab-jws";
smtp = {
enable = true;
address = "mail.hacc.space";
port = 587;
authentication = "plain";
domain = "gitlab.infra4future.de";
enableStartTLSAuto = true;
username = "noreply@infra4future.de";
passwordFile = "/persist/secrets/noreply-pass";
};
pagesExtraArgs = [ "-listen-proxy" "0.0.0.0:8090" ];
extraConfig = {
pages = {
enabled = true;
host = "4future.dev";
port = 443;
https = true;
};
omniauth = {
enabled = true;
auto_sign_in_with_provider = "openid_connect";
allow_single_sign_on = ["openid_connect"];
block_auto_created_users = false;
providers = [
{
name = "openid_connect";
label = "infra4future Login";
args = {
name = "openid_connect";
scope = ["openid" "profile" "email"];
response_type = "code";
issuer = "https://auth.infra4future.de/auth/realms/forfuture";
discovery = true;
client_auth_method = "query";
uid_field = "username";
client_options = {
identifier = "gitlab";
secret = { _secret = "/persist/secrets/oidc-clientsecret"; };
redirect_uri = "https://gitlab.infra4future.de/users/auth/openid_connect/callback";
};
};
}
];
};
};
};
services.redis.enable = true;
services.postgresql.package = pkgs.postgresql_13;
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
virtualHosts."gitlab.infra4future.de" = {
default = true;
locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
locations."/".extraConfig = ''
proxy_redirect off;
'';
};
};
services.openssh.enable = true;
services.openssh.passwordAuthentication = false;
users.users.git = {
isSystemUser = true;
group = "gitlab";
home = "/persist/gitlab/home";
uid = 165;
};
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
})).config.system.build.toplevel;
};
hexchen.nftables.nat.forwardPorts = [{
ports = [ 22 ];
destination = "${config.containers.gitlab.localAddress}:22";
proto = "tcp";
}];
services.nginx.virtualHosts."gitlab.infra4future.de" = {
locations."/".proxyPass = "http://${config.containers.gitlab.localAddress}:80";
locations."/".extraConfig = ''
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
'';
enableACME = true;
forceSSL = true;
};
services.nginx.virtualHosts."4future.dev" = {
locations."/".proxyPass = "http://${config.containers.gitlab.localAddress}:8090";
serverName = "~^((.*)\.)?4future\.dev$";
useACMEHost = "4future.dev";
forceSSL = true;
};
security.acme.certs."4future.dev" = {
dnsProvider = "cloudflare";
credentialsFile = "/var/lib/acme/cloudflare.pass";
extraDomainNames = [ "*.4future.dev" ];
group = config.services.nginx.group;
};
}

22
services/hedgedoc-hacc.nix
View File

@ -42,7 +42,12 @@
allowFreeURL = true;
allowGravatar = false;
allowOrigin = [ "localhost" "pad.hacc.space" "fff-muc.de" ];
dbURL = "postgres://codimd:codimd@localhost:5432/codimd";
db = {
host = "/run/postgresql";
username = "codimd";
dialect = "postgres";
database = "codimd";
};
defaultPermission = "limited";
domain = "pad.hacc.space";
host = "0.0.0.0";
@ -50,8 +55,8 @@
hsts.preload = false;
email = false;
oauth2 = {
authorizationURL = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/auth";
tokenURL = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/token";
authorizationURL = "https://login.infra4future.de/oauth2/authorize";
tokenURL = "https://login.infra4future.de/oauth2/token";
clientID = "hedgedoc";
clientSecret = "1a730af1-4d6e-4c1d-8f7e-72375c9b8d62";
};
@ -59,9 +64,9 @@
};
systemd.services.hedgedoc.environment = {
"CMD_LOGLEVEL" = "warn";
"CMD_OAUTH2_USER_PROFILE_URL" = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/userinfo";
"CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR" = "name";
"CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR" = "display-name";
"CMD_OAUTH2_USER_PROFILE_URL" = "https://login.infra4future.de/oauth2/userinfo";
"CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR" = "nickname";
"CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR" = "name";
"CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR" = "email";
"CMD_OAUTH2_PROVIDERNAME" = "Infra4Future";
};
@ -74,6 +79,11 @@
"DATABASE codimd" = "ALL PRIVILEGES";
};
}];
authentication = ''
local all all trust
host codimd codimd 127.0.0.1/32 trust
'';
package = pkgs.postgresql_11;
};
services.postgresqlBackup = {
enable = true;

7
services/hedgedoc-i4f.nix
View File

@ -42,7 +42,11 @@
allowFreeURL = true;
allowGravatar = false;
allowOrigin = [ "localhost" "pad.infra4future.de" "fff-muc.de" ];
dbURL = "postgres://hedgedoc:hedgedoc@localhost:5432/hedgedoc";
db = {
host = "/run/postgresql";
dialect = "postgres";
database = "hedgedoc";
};
defaultPermission = "freely";
domain = "pad.infra4future.de";
host = "0.0.0.0";
@ -56,6 +60,7 @@
};
services.postgresql = {
enable = true;
package = pkgs.postgresql_11;
authentication = ''
local all all trust
host hedgedoc hedgedoc 127.0.0.1/32 trust

11
services/lantifa.nix
View File

@ -1,8 +1,6 @@
{ config, lib, pkgs, profiles, modules, evalConfig, ... }:
let
new = import (import ../nix/sources.nix).nixpkgs-new {};
in {
{
containers.lantifa = {
autoStart = true;
privateNetwork = true;
@ -37,13 +35,12 @@ in {
services.mediawiki = {
enable = true;
name = "LANtifa";
package = new.mediawiki;
database.createLocally = true;
passwordFile = "/var/lib/mediawiki/mediawiki-password";
extraConfig = let
wikidb = pkgs.fetchzip {
url = "https://www.kennel17.co.uk/uploads/testwiki/e/e9/WikiDB.zip";
sha256 = "0pns9fk1ws54m7rgbfsrxqh6ayab16mmnvzba8m4malljgrbil8b";
sha256 = "sha256-8pMNQwmGEsbIoSV1s4RL5Xqq4+f+GNOaCB8VlVnbweY=";
};
in ''
// Configure short URLs
@ -80,8 +77,8 @@ in {
sha256 = "1k0z44jfqsxzwy6jjz3yfibiq8wi845d5iwwh8j3yijn2854fj0i";
};
intersection = pkgs.fetchzip { # This is the DynamicPageList extension
url = "https://extdist.wmflabs.org/dist/extensions/intersection-REL1_36-4a70dbd.tar.gz";
sha256 = "0s70fqkf5ylpsxy1h3hljic8708j6099mz12b6k03hgwc582yywi";
url = "https://extdist.wmflabs.org/dist/extensions/intersection-REL1_36-82eb087.tar.gz";
sha256 = "sha256-TD58DvJ4CFASP4rIc94jeB4SN4zktLe33xZtz/Qg2dk=";
};
PageForms = pkgs.fetchzip {
url = "https://github.com/wikimedia/mediawiki-extensions-PageForms/archive/5.0.1.zip";

226
services/mail.nix
View File

@ -1,151 +1,169 @@
{ config, pkgs, lib, sources, ... }:
{
imports = [
sources.nixos-mailserver.outPath
];
imports = [ sources.nixos-mailserver.outPath ];
# reduce log spam
systemd.services.rspamd.serviceConfig.LogLevelMax =
3; # this is set to error because rspamd regularly complains about not enough learns
systemd.services.postfix.serviceConfig.LogLevelMax = 5; # = notice
systemd.services.dovecot2.serviceConfig.LogLevelMax = 5; # = notice
# stop postfix from dying if rspamd hiccups
systemd.services.postfix.unitConfig = {
Requires = lib.mkForce "dovecot2.service opendkim.service";
};
mailserver = {
mailDirectory = "/persist/mail";
enable = true;
fqdn = "mail.hacc.space";
domains = [ "hacc.space" "muc.hacc.space" "hacc.earth" "4future.dev" "4futu.re" "infra4future.de" "discuss.infra4future.de" ];
monitoring = {
enable = true;
alertAddress = "admin@hacc.space";
};
domains = [
"hacc.space"
"muc.hacc.space"
"hacc.earth"
"4future.dev"
"4futu.re"
"infra4future.de"
];
loginAccounts = {
"hexchen@hacc.space".hashedPassword = "$6$x9skYtRp4dgxC$1y8gPC2BuVqG3kJVSMGgzZv0Bg1T9qxcnBWLIDbANy1d//SQ23Y7s3IMYcEPd1/l/MYWD9Y/Qse6HbT5w5Xwq/";
"hexchen@hacc.space".aliases = [ "postmaster@hacc.space" "abuse@hacc.space" "hexchen@infra4future.de" ];
"hexchen@hacc.space".hashedPassword =
"$6$x9skYtRp4dgxC$1y8gPC2BuVqG3kJVSMGgzZv0Bg1T9qxcnBWLIDbANy1d//SQ23Y7s3IMYcEPd1/l/MYWD9Y/Qse6HbT5w5Xwq/";
"octycs@hacc.space".hashedPassword = "$6$KceTivtJ$58jxhYF6ULfivNsb3Z0J7PnGea0Hs2wTWh3c9FrKRIAmuOD96u2IDgZRCn6P5NrXA0BL.n6HC2RS3r.4JnOmg.";
"octycs@hacc.space".aliases = [ "markus@hacc.space" ];
"octycs@hacc.space".hashedPassword =
"$6$KceTivtJ$58jxhYF6ULfivNsb3Z0J7PnGea0Hs2wTWh3c9FrKRIAmuOD96u2IDgZRCn6P5NrXA0BL.n6HC2RS3r.4JnOmg.";
"octycs@hacc.space".aliases = [ "markus@hacc.space" ];
"raphael@hacc.space".hashedPassword = "$6$QveHpwMcp9mkFVAU$EFuahOrJIxPg.c.WGFHtrP3.onwJYwvP7fiBHHGb9jhosewZ2tEUP.2D3uyDLhd9Cfny6Yp4jDk/Hkjk7/ME1/";
"raphael@hacc.space".hashedPassword =
"$6$QveHpwMcp9mkFVAU$EFuahOrJIxPg.c.WGFHtrP3.onwJYwvP7fiBHHGb9jhosewZ2tEUP.2D3uyDLhd9Cfny6Yp4jDk/Hkjk7/ME1/";
"schweby@hacc.space".hashedPassword = "$6$BpYhwcZNrkLhVqK$6FMqA/vUkdV4GBlHLSqS5DRCb/CaLDNeIsBcZ8G30heytS/tJj2Ag7b1ovSltTA4PUfhee3pJrz1BkwkA93vN1";
"moira@hacc.space".hashedPassword =
"$6$BpYhwcZNrkLhVqK$6FMqA/vUkdV4GBlHLSqS5DRCb/CaLDNeIsBcZ8G30heytS/tJj2Ag7b1ovSltTA4PUfhee3pJrz1BkwkA93vN1";
"zauberberg@hacc.space".hashedPassword = "$6$ISAaU8X6D$oGKe9WXDWrRpGzHUTdxrxdtg9zuGOlBMuDc82IZhegpsv1bqd550FhZZrI40IjZTA5Hy2MZ8j/0efpnQ4fOQH0";
"zauberberg@hacc.space".aliases = [ "lukas@hacc.space" ];
"zauberberg@hacc.space".hashedPassword =
"$6$ISAaU8X6D$oGKe9WXDWrRpGzHUTdxrxdtg9zuGOlBMuDc82IZhegpsv1bqd550FhZZrI40IjZTA5Hy2MZ8j/0efpnQ4fOQH0";
"zauberberg@hacc.space".aliases = [ "lukas@hacc.space" ];
"stuebinm@hacc.space".hashedPassword = "$6$mjrMQG5smqLRlm$WzmbiZnGlEXGT7hj/n2qz0nvVzGyZfMToCyLRi0wErfVEHI7y7jtWoHqIWnpcHAM29UocsIFFsUCb3XqQCwwB.";
"stuebinm@hacc.space".hashedPassword =
"$6$mjrMQG5smqLRlm$WzmbiZnGlEXGT7hj/n2qz0nvVzGyZfMToCyLRi0wErfVEHI7y7jtWoHqIWnpcHAM29UocsIFFsUCb3XqQCwwB.";
"lenny@hacc.space".hashedPassword = "$6$EZpv9XImv5F3$p2NSoo5gLxh6NnB3/C6wF8knRTuMHqDXYF3BEscaQuk7qok2Z13xKT/6mFvvSKKBnFCuYptgnfGswmoqIzm/1/";
"lenny@hacc.space".aliases = [ "rinderhacc@hacc.space" ];
"lenny@hacc.space".hashedPassword =
"$6$EZpv9XImv5F3$p2NSoo5gLxh6NnB3/C6wF8knRTuMHqDXYF3BEscaQuk7qok2Z13xKT/6mFvvSKKBnFCuYptgnfGswmoqIzm/1/";
"lenny@hacc.space".aliases = [ "rinderhacc@hacc.space" ];
"finance@muc.hacc.space".hashedPassword = "$6$R3GRmvXwqnMM6q.R$Y9mrUAmMnCScsM6pKjxo2a2XPM7lHrV8FIgK0PzhYvZbxWczo7.O4dk1onYeV1mRx/nXZfkZNjqNCruCn0S2m.";
"finance@muc.hacc.space".hashedPassword =
"$6$R3GRmvXwqnMM6q.R$Y9mrUAmMnCScsM6pKjxo2a2XPM7lHrV8FIgK0PzhYvZbxWczo7.O4dk1onYeV1mRx/nXZfkZNjqNCruCn0S2m.";
# service accounts
"noreply@hacc.space".hashedPassword = "$6$YsqMoItITZUzI5wo$5Lejf8XBHRx4LW4VuZ9wJCiBbT4kOV/EZaCdWQ07eVIrkRTZwXWZ5zfsh.olXEFwvpNWN.DBnU.dQc.cC0/ra/";
"newsletter@hacc.space".hashedPassword = "$6$f0xKnQxBInd$zbVIi1lTKWauqW.c8sMNLHNwzn81oQrVOiIfJwPa98n9xWz/NkjuWLYuFpK.MSZwNwP7Yv/a/qaOb9v8qv/.N1";
"gitlab@infra4future.de".hashedPassword = "$6$8vvkYuxv$9xV5WktsqfgM3cWSxonjtaohm7oqvDC5qsgJCJBATwesjTRxd/QTLa7t7teK8Nzyl.Py26xz.NvYowCZQ4aBE1";
"noreply@infra4future.de".hashedPassword = "$6$uaD8bRcT1$gFqhFyu5RUsyUUOG5b.kN.JAJ1rVHvaYhpeRHoMvrERAMgBu1FHu2oDnjTsy.5NKoLc5xpI5uv4Gpy4YbmDmV.";
"discuss@infra4future.de".hashedPassword = "$6$8x8/OlMFjq1$S54jdBh7WjrdC6UtbYAHHzMJak7Ai/CjwmWBBbqh7yRHuZt.mfZrsfBNiL3JKBHE7seQ7JYRU99lJKCU6Aujg/";
"noreply@hacc.space" = {
hashedPassword =
"$6$YsqMoItITZUzI5wo$5Lejf8XBHRx4LW4VuZ9wJCiBbT4kOV/EZaCdWQ07eVIrkRTZwXWZ5zfsh.olXEFwvpNWN.DBnU.dQc.cC0/ra/";
sendOnly = true;
};
"noreply@infra4future.de" = {
hashedPassword =
"$6$uaD8bRcT1$gFqhFyu5RUsyUUOG5b.kN.JAJ1rVHvaYhpeRHoMvrERAMgBu1FHu2oDnjTsy.5NKoLc5xpI5uv4Gpy4YbmDmV.";
sendOnly = true;
};
};
extraVirtualAliases = {
# address = forward address;
# address = forward address;
# -- International --
# info/contact: main entrypoint, anyone can read or reply to this.
"info@hacc.space" = [
"hexchen@hacc.space"
"octycs@hacc.space"
"raphael@hacc.space"
"schweby@hacc.space"
"zauberberg@hacc.space"
"stuebinm@hacc.space"
"lenny@hacc.space"
];
# admin: current people with access to the mail server and knowledge on how to use it
"admin@hacc.space" = [
"hexchen@hacc.space"
"schweby@hacc.space"
"zauberberg@hacc.space"
];
# voc: hacc video operation center, various streaming-related things
"voc@hacc.space" = [
"hexchen@hacc.space"
"schweby@hacc.space"
"octycs@hacc.space"
"stuebinm@hacc.space"
"zauberberg@hacc.space"
"lenny@hacc.space"
"raphael@hacc.space"
];
# -- International --
# info/contact: main entrypoint, anyone can read or reply to this.
"info@hacc.space" = [
"hexchen@hacc.space"
"octycs@hacc.space"
"raphael@hacc.space"
"moira@hacc.space"
"zauberberg@hacc.space"
"stuebinm@hacc.space"
"lenny@hacc.space"
];
# -- Regional: Germany --
# board of hacc e.V.
"vorstand@hacc.space" = [
"raphael@hacc.space"
"schweby@hacc.space"
"zauberberg@hacc.space"
];
# members of hacc e.V.
"mitglieder@hacc.space" = [
"hexchen@hacc.space"
"raphael@hacc.space"
"schweby@hacc.space"
"zauberberg@hacc.space"
"lenny@hacc.space"
"octycs@hacc.space"
"stuebinm@hacc.space"
];
# admin: current people with access to the mail server and knowledge on how to use it™
"admin@hacc.space" =
[ "hexchen@hacc.space" "moira@hacc.space" "zauberberg@hacc.space" ];
# -- Regional: Munich --
"muc@hacc.space" = [
"hexchen@hacc.space"
"octycs@hacc.space"
"raphael@hacc.space"
"schweby@hacc.space"
"zauberberg@hacc.space"
"stuebinm@hacc.space"
"lenny@hacc.space"
];
# voc: hacc video operation center, various streaming-related things
"voc@hacc.space" = [
"hexchen@hacc.space"
"moira@hacc.space"
"octycs@hacc.space"
"stuebinm@hacc.space"
"zauberberg@hacc.space"
"lenny@hacc.space"
"raphael@hacc.space"
];
# -- c3 world operation centre --
"world@muc.hacc.space" = [
"hexchen@hacc.space"
"stuebinm@hacc.space"
];
# -- Regional: Germany --
# board of hacc e.V.
"vorstand@hacc.space" =
[ "raphael@hacc.space" "moira@hacc.space" "zauberberg@hacc.space" ];
# members of hacc e.V.
"mitglieder@hacc.space" = [
"hexchen@hacc.space"
"raphael@hacc.space"
"moira@hacc.space"
"zauberberg@hacc.space"
"lenny@hacc.space"
"octycs@hacc.space"
"stuebinm@hacc.space"
];
# -- Regional: Munich --
"muc@hacc.space" = [
"hexchen@hacc.space"
"octycs@hacc.space"
"raphael@hacc.space"
"moira@hacc.space"
"zauberberg@hacc.space"
"stuebinm@hacc.space"
"lenny@hacc.space"
];
};
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
# down nginx and opens port 80.
certificateScheme = 3;
# Enable IMAP and POP3
enableImap = true;
enablePop3 = true;
enableImapSsl = true;
enablePop3Ssl = true;
# Only allow implict TLS
enableImap = false;
enablePop3 = false;
# Enable the ManageSieve protocol
enableManageSieve = true;
# whether to scan inbound emails for viruses (note that this requires at least
# 1 Gb RAM for the server. Without virus scanning 256 MB RAM should be plenty)
virusScanning = false;
};
services.postfix.submissionOptions.smtpd_sender_restrictions = "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
services.postfix.submissionsOptions.smtpd_sender_restrictions = "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
services.postfix.submissionOptions.smtpd_sender_restrictions =
lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
services.postfix.submissionsOptions.smtpd_sender_restrictions =
lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
services.postfix.virtual = ''
postmaster@hacc.space admin@hacc.space
abuse@hacc.space admin@hacc.space
contact@hacc.space info@hacc.space
hello@hacc.space info@hacc.space
haccvoc@hacc.space voc@hacc.space
@4future.dev @hacc.space
@4futu.re @hacc.space
@hacc.earth @hacc.space
@discuss.infra4future.de discuss@infra4future.de
admin@infra4future.de admin@hacc.space
noreply@infra4future.de admin@hacc.space
lukas@infra4future.de zauberberg@hacc.space
info@infra4future.de admin@hacc.space
postmaster@infra4future.de admin@hacc.space
voc@infra4future.de voc@hacc.space
haccvoc@infra4future.de voc@hacc.space
contact@hacc.space info@hacc.space
himmel@hacc.space admin@hacc.space
divoc-patches@muc.hacc.space world@muc.hacc.space
@infra4future.de @hacc.space
'';
systemd.services.alps = {
enable = true;
script = "${pkgs.alps}/bin/alps -theme alps imaps://mail.hacc.space:993 smtps://mail.hacc.space:465";
script =
"${pkgs.alps}/bin/alps -theme alps imaps://mail.hacc.space:993 smtps://mail.hacc.space:465";
serviceConfig.WorkingDirectory = "${pkgs.alps}/share/alps";
serviceConfig.Restart = "always";
requiredBy = [ "multi-user.target" ];

7
services/mattermost.nix
View File

@ -141,9 +141,9 @@ in {
Enable = true;
Id = "mattermost";
Scope = "";
AuthEndpoint = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/auth";
TokenEndpoint = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/token";
UserApiEndpoint = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/userinfo";
AuthEndpoint = "https://login.infra4future.de/oauth2/authorize";
TokenEndpoint = "https://login.infra4future.de/oauth2/token";
UserApiEndpoint = "https://login.infra4future.de/oauth2/userinfo";
};
# for some reason, these don't appear to be working; the startup
# process complaines and sets these back to en
@ -202,6 +202,7 @@ in {
services.postgresql = {
enable = lib.mkForce true; # mattermost sets this to false. wtf.
package = pkgs.postgresql_11;
ensureDatabases = [ "mattermost" ];
ensureUsers = [ {
name = "mattermost";

32
services/nextcloud/default.nix
View File

@ -36,7 +36,7 @@
# must be set manually; may not be incremented by more than one at
# a time, otherwise nextcloud WILL break
package = pkgs.nextcloud21;
package = pkgs.nextcloud24;
home = "/persist/nextcloud";
https = true;
@ -52,8 +52,6 @@
defaultapp = "apporder";
};
caching.redis = true;
# multiple pools may be doable using services.phpfpm.pools,
# but i have not tried this yet. The nextcloud module defines a
# pool "nextcloud"
@ -68,40 +66,15 @@
extraOptions = {
instanceid = "ocxlphb7fbju";
redis = {
host = "/run/redis/redis.sock";
port = 0;
dbindex = 0;
password = "secret";
timeout = 1.5;
};
datadirectory = "/persist/data/ncdata";
mail_smtpmode = "smtp";
mail_smtpsecure = "ssl";
mail_sendmailmode = "smtp";
mail_from_address = "noreply";
mail_domain = "infra4future.de";
mail_smtpauthtype = "PLAIN";
mail_smtpauth = 1;
mail_smtphost = "mail.hacc.space";
mail_smtpport = 465;
mail_smtpname = "noreply@infra4future.de";
loglevel = 0;
"overwrite.cli.url" = "https://cloud.infra4future.de";
};
# passwordsalt, secret, and mail_smtppassword go in here
secretFile = "/persist/secrets.json";
};
services.redis = {
enable = true;
unixSocket = "/var/run/redis/redis.sock";
};
services.postgresql = {
enable = true;
package = pkgs.postgresql_11;
ensureDatabases = [ "nextcloud" ];
ensureUsers = [
{ # by default, postgres has unix sockets enabled, and allows a
@ -136,6 +109,7 @@
extraConfig = ''
proxy_buffering off;
client_max_body_size 0;
add_header Cache-Control "no-store, no-cache, must-revalidate";
'';
};

52
services/syncthing.nix
View File

@ -6,36 +6,34 @@
openDefaultPorts = true;
configDir = "/persist/var/lib/syncthing/";
dataDir = "/persist/data/syncthing/";
declarative = {
devices = {
schweby = {
addresses = []; # empty = dynamic
id = "YF7DNNS-B63GERK-YFQ7G7Q-2DG7557-VIWFOTK-R3JOS63-T76POBQ-F6MO6AH";
};
raphael-laptop = {
addresses = []; # empty = dynamic
id = "72B3T74-NOMJV3X-EVJXTJF-5GGAEZB-ZDKBHXQ-VQNRYEU-YCPA2JP-L6NGAAG";
};
# zauberberg
conway = {
addresses = []; # empty = dynamic
id = "HV7IU2N-Q4W3A7F-BSASR43-OB575SM-47FY2UW-7N5GMFM-PX3LWRN-HXBXMQF";
};
devices = {
raphael-laptop = {
addresses = []; # empty = dynamic
id = "72B3T74-NOMJV3X-EVJXTJF-5GGAEZB-ZDKBHXQ-VQNRYEU-YCPA2JP-L6NGAAG";
};
folders = {
"/persist/data/syncthing/hacc/" = {
id = "qt2ly-xvvvs";
devices = [ "schweby" "conway" "raphael-laptop"];
type = "receiveonly";
versioning = {
type = "simple";
params.keep = "10";
};
};
# zauberberg
conway = {
addresses = []; # empty = dynamic
id = "HV7IU2N-Q4W3A7F-BSASR43-OB575SM-47FY2UW-7N5GMFM-PX3LWRN-HXBXMQF";
};
};
folders = {
"/persist/data/syncthing/hacc/" = {
id = "qt2ly-xvvvs";
devices = [ "conway" "raphael-laptop"];
type = "receiveonly";
versioning = {
type = "simple";
params.keep = "10";
};
};
"/persist/data/syncthing/hacc_eV_vorstand/" = {
id = "twwt7-fxrsr";
devices = [ "conway" "raphael-laptop"];
# type = "receiveencrypted"; # no yet implemented
};
};
overrideFolders = false; # enables workaround for recieveencrypted
};
}

84
services/uffd.nix Normal file
View File

@ -0,0 +1,84 @@
{ config, lib, pkgs, profiles, modules, evalConfig, sources, ... }:
let
uffd = pkgs.uffd;
in {
containers.uffd = {
privateNetwork = true;
hostAddress = "192.168.100.1";
localAddress = "192.168.100.9";
autoStart = true;
bindMounts = {
"/persist" = {
hostPath = "/persist/containers/uffd";
isReadOnly = false;
};
};
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
boot.isContainer = true;
networking.useDHCP = false;
users.users.root.hashedPassword = "";
imports = [
((import sources.nix-hexchen) {}).profiles.nopersist
];
nixpkgs.config.allowUnfree = true;
networking.firewall.enable = false;
networking.defaultGateway = {
address = "192.168.100.1";
interface = "eth0";
};
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
services.uwsgi = {
enable = true;
plugins = [ "python3" ];
instance = {
type = "normal";
pythonPackages = self: with self; [ uffd ];
module = "uffd:create_app()";
# socket = "${config.services.uwsgi.runDir}/uwsgi.sock";
http = ":8080";
env = [
"CONFIG_PATH=/persist/uffd/uffd.conf"
];
hook-pre-app = "exec:FLASK_APP=${uffd}/lib/python3.9/site-packages/uffd flask db upgrade";
};
};
})).config.system.build.toplevel;
};
services.nginx.virtualHosts."login.infra4future.de" = {
enableACME = true;
forceSSL = true;
locations = {
"/".proxyPass = "http://${config.containers.uffd.localAddress}:8080";
"/static".root = "${uffd}/lib/python3.9/site-packages/uffd";
"/static/hacc.png".return = "302 https://infra4future.de/assets/img/logo_vernetzung.png";
"/static/infra4future.svg".return = "302 https://infra4future.de/assets/img/infra4future.svg";
"/static/hedgedoc.svg".return = "302 https://infra4future.de/assets/img/icons/hedgedoc.svg";
"/static/mattermost.svg".return = "302 https://infra4future.de/assets/img/icons/mattermost.svg";
"/static/nextcloud.svg".return = "302 https://infra4future.de/assets/img/icons/nextcloud.svg";
"/static/hot_shit.svg".return = "302 https://infra4future.de/assets/img/icons/hot_shit.svg";
};
};
systemd.services.auamost = {
enable = true;
description = "mattermost aua gruppensync";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig.Type = "simple";
path = [ pkgs.curl pkgs.jq ];
script = "${pkgs.fish}/bin/fish /persist/magic/mattermost-groupsync.fish";
startAt = "*:0/15";
};
}

6
websites/hacc.earth/index.html
View File

@ -349,7 +349,7 @@
<li>Regular meetings of the <a href="https://muc.hacc.earth">hacc e.V.</a>, usually every 1st and 3rd Wednesday 7:30 p.m. at <a href="https://muc.ccc.de/">muCCC</a>. At the moment we meet online on <a href="https://mumble.hacc.space/">mumble.hacc.space</a>.</li>
<li>Meetings of <a href="https://hacc.uber.space/HACC/Europe/DE/NRW/Siegen">Klimanotstandbündnis in Siegen</a>. See hacc group page.</li>
<li>
Propose changes to the hacc e.V. infrastructure. You can open an issue on our <a href="https://gitlab.infra4future.de/hacc/infra/meta">meta discussion repository</a> or (if you are familiar with Nix) open a merge request <a href="https://gitlab.infra4future.de/hacc/infra/haccfiles">on the nixfiles</a> which control a growing part of our infrastructure. Or just ask us via one of hacc e.V. channels above.
Propose changes to the hacc e.V. infrastructure. You can open an issue or open a merge request <a href="https://git.infra4future.de/hacc/haccfiles">on the nixfiles</a> which control a growing part of our infrastructure. Or just ask us via one of hacc e.V. channels above.
</li>
<li>
Add you or your project to the <a href="https://e2h.totalism.org/e2h.php?_=hacc-directory#---_PROJECTS">hacc directory</a>
@ -438,7 +438,7 @@ Unfortunately conflicts led to a split between the local chapter Munich and CHT
<h1>About this page<span class="blink"></span></h1>
<p>
The hacc e.V. runs this page (<a href="https://hacc.earth">hacc.earth</a>) but not necessarily the linked projects. You can find more about our activities and involvements on our <a href="https://muc.hacc.earth">own page</a>.<br>
Also the source of the page can be found <a href="https://gitlab.infra4future.de/hacc/infra4future/hacc.earth">here</a>. As with the hacc e.V. infrastructure in general you are invited to make change requests or just <a href="#contac">contact</a> us to ask for changes.
Also the source of the page can be found <a href="https://git.infra4future.de/hacc/haccfiles/src/branch/main/websites/hacc.earth">here</a>. As with the hacc e.V. infrastructure in general you are invited to make change requests or just <a href="#contac">contact</a> us to ask for changes.
</p>
<p>
The hacc logo was designed by <a href="https://creativesforfuture.de/">Creatives for Future</a>.
@ -451,7 +451,7 @@ The hacc logo was designed by <a href="https://creativesforfuture.de/">Creatives
</main>
<footer class="content" style="z-index: 200">
<div>
<a href="https://gitlab.infra4future.de/hacc/infra4future/hacc.earth">Source of hacc.earth</a> &bull;
<a href="https://git.infra4future.de/hacc/haccfiles/src/branch/main/websites/hacc.earth">Source of hacc.earth</a> &bull;
<a href="#contact">Contact</a> &bull;
<a href="https://infra4future.de/impressum.html">Imprint</a>
</div>

3
websites/hacc.earth/index_de.html
View File

@ -317,8 +317,7 @@
<li>Regelmäßige Treffen von <a href="https://hacc.uber.space/HACC/Europe/DE/BY/Munich">hacc in München</a>, normalerweise jeden ersten und dritten Mittwoch im Monat um 19:00 Uhr beim <a href="https://muc.ccc.de/">muCCC</a>. Im Moment treffen wir uns Online auf <a href="https://mumble.hacc.space/">mumble.hacc.space</a>.</li>
<li>Regelmäßige Treffen des <a href="https://hacc.uber.space/HACC/Europe/DE/NRW/Siegen">Klimanotstandbündnis in Siegen</a>. Jeden zweiten Sonntag, siehe hacc-Seite.</li>
<li>
Wenn du Vorschläge für Änderungen an unserer Infrastruktur hast, leg bitte einen Issue <a href="https://gitlab.infra4future.de/hacc/infra/meta">in unserem Meta-Diskussions-Repo</a> an,
oder (falls du Nix kennst) erstelle einen Merge Request <a href="https://gitlab.infra4future.de/hacc/infra/haccfiles">auf die nixfiles</a>, über die wir einen (größer werdenden) Teil unserer Server verwalten.
Wenn du Vorschläge für Änderungen an unserer Infrastruktur hast, leg bitte einen Issue oder erstelle einen Merge Request <a href="https://git.infra4future.de/hacc/haccfiles">auf die nixfiles</a>, über die wir einen (größer werdenden) Teil unserer Server verwalten.
</li>
</ul>

1
websites/infra4future.de/assets/img/icons/hedgedoc.svg Normal file
View File

File diff suppressed because one or more lines are too long
Side by Side

After

Width:  |  Height:  |  Size: 10 KiB

48
websites/infra4future.de/assets/img/icons/hot_shit.svg Normal file
View File

@ -0,0 +1,48 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg width="100%" height="100%" viewBox="0 0 32 32" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2;">
<metadata>
<rdf:RDF xmlns:cc="http://web.resource.org/cc/"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:dc = "http://purl.org/dc/elements/1.1/"
>
<rdf:Description rdf:about="">
<dc:title>Mutant Standard emoji 2020.04</dc:title>
</rdf:Description>
<cc:work rdf:about="">
<cc:license rdf:resource="http://creativecommons.org/licenses/by-nc-sa/4.0/"/>
<cc:attributionName>Dzuk</cc:attributionName>
<cc:attributionURL>http://mutant.tech/</cc:attributionURL>
</cc:work>
</rdf:RDF>
</metadata>
<rect id="hot_shit" x="0" y="0.017" width="32" height="32" style="fill:none;"/>
<clipPath id="_clip1">
<rect x="0" y="0.017" width="32" height="32"/>
</clipPath>
<g clip-path="url(#_clip1)">
<g id="outline">
<path d="M25,5.015c0,-2.761 2.238,-4.998 4.998,-4.998l2.002,0l0,5.716c0,1.257 -0.464,2.406 -1.232,3.284l1.232,0c0,0 0,7.412 0,7.412c0,3.638 -2.949,6.588 -6.587,6.588l-4.413,0l0,-3.786l-2,0l0,-5.048c-0.835,0.266 -1.715,0.405 -2.608,0.405l-2.392,0l0,-5.106c0,-2.283 0.907,-4.473 2.521,-6.087c1.615,-1.614 3.804,-2.521 6.087,-2.521l2.392,0l0,4.141Z"/>
<path d="M16.002,2.017c1.591,0 3.116,0.632 4.241,1.756c0.921,0.921 1.511,2.109 1.695,3.383c1.454,0.283 2.803,0.994 3.866,2.057c1.406,1.406 2.196,3.313 2.196,5.302l0,0.004c0,0.502 -0.05,1 -0.149,1.485c0.657,0.361 1.266,0.816 1.806,1.356c1.488,1.488 2.33,3.503 2.343,5.607l0,0.05c0,2.121 -0.843,4.156 -2.343,5.657c-1.5,1.5 -3.535,2.343 -5.657,2.343c0,0 -16,0 -16.006,0c-0.884,-0.003 -1.763,-0.148 -2.599,-0.436c-1.35,-0.465 -2.564,-1.294 -3.488,-2.381c-0.677,-0.795 -1.195,-1.723 -1.517,-2.717c-0.258,-0.794 -0.387,-1.625 -0.39,-2.46l0,-0.056c0.013,-2.104 0.855,-4.119 2.343,-5.607c0.54,-0.54 1.149,-0.995 1.806,-1.356c-0.099,-0.485 -0.149,-0.983 -0.149,-1.485l0,-0.004c0,-1.989 0.79,-3.896 2.196,-5.302c0.799,-0.799 1.759,-1.399 2.804,-1.768l0,-3.428c0.027,-1.071 0.828,-1.916 1.897,-1.998l0.103,-0.002l5.002,0Z"/>
</g>
<g id="emoji">
<path d="M21,10.716c-1.233,1.199 -2.886,1.872 -4.608,1.872l-0.392,0c0,0 0,-1.384 0,-3.106c0,-1.753 0.696,-3.434 1.935,-4.673c1.24,-1.239 2.92,-1.935 4.673,-1.935l0.392,0c0,0 0,1.383 0,3.106c0,0.428 -0.041,0.851 -0.122,1.265c0.362,-0.149 0.754,-0.228 1.154,-0.228l1.968,0l0,4.282c0.495,-0.183 1.029,-0.282 1.587,-0.282l2.413,0l0,5.412c0,2.534 -2.054,4.588 -4.587,4.588l-2.413,0l0,-3.786l-0.032,0l-1.968,0l0,-6.515Zm9,-8.699l0,3.716c0,1.656 -1.342,2.998 -2.998,2.998l-0.002,0c0,0 0,-1.927 0,-3.716c0,-1.656 1.342,-2.998 2.998,-2.998l0.002,0Z" style="fill:#f08c00;"/>
<path d="M21.032,6.017l0.968,0l0,3.18c0.322,-0.117 0.669,-0.18 1.032,-0.18l0.968,0l0,4.781c0.538,-0.486 1.25,-0.781 2.032,-0.781l1.968,0c0,0 0,2.077 0,3.968c0,1.674 -1.357,3.032 -3.032,3.032l-1.968,0l0,-3.782c-0.538,0.486 -1.25,0.782 -2.032,0.782l-0.968,0l0,-4.18c-0.322,0.116 -0.669,0.18 -1.032,0.18l-0.968,0c0,0 0,-2.077 0,-3.969c0,-1.674 1.357,-3.031 3.032,-3.031Z" style="fill:#ffbf36;"/>
<path d="M16.002,4.017c1.06,0 2.077,0.421 2.827,1.171c0.75,0.749 1.171,1.766 1.171,2.827l0,0.004c0,0.339 -0.043,0.674 -0.127,0.998l0.629,0c1.458,0 2.857,0.579 3.888,1.61c1.031,1.031 1.61,2.43 1.61,3.888l0,0.004c0,0.933 -0.237,1.841 -0.678,2.645c1.097,0.248 2.112,0.802 2.921,1.61c1.116,1.116 1.747,2.628 1.757,4.205l0,0.038c0,1.591 -0.632,3.117 -1.757,4.242c-1.126,1.126 -2.652,1.758 -4.243,1.758l-16,0c-0.664,-0.002 -1.326,-0.111 -1.954,-0.327c-1.012,-0.349 -1.923,-0.97 -2.616,-1.786c-0.508,-0.596 -0.896,-1.292 -1.138,-2.037c-0.193,-0.598 -0.29,-1.223 -0.292,-1.85l0,-0.038c0.01,-1.577 0.641,-3.089 1.757,-4.205c0.809,-0.808 1.824,-1.362 2.921,-1.61c-0.441,-0.804 -0.678,-1.712 -0.678,-2.645l0,-0.004c0,-1.458 0.579,-2.857 1.61,-3.888c0.975,-0.974 2.277,-1.545 3.648,-1.605l-0.004,-0.01c-0.167,-0.481 -0.252,-0.986 -0.254,-1.495l0,-3.5l5.002,0Z" style="fill:#9a6f42;"/>
<path d="M10.731,25.852c-0.071,-0.048 -0.136,-0.105 -0.195,-0.172c-0.279,-0.321 -0.324,-0.783 -0.113,-1.153c0.353,-0.618 0.733,-1.283 1.089,-1.906c0.92,-1.611 2.633,-2.604 4.487,-2.604c0.001,0 0.001,0 0.002,0c1.854,0 3.567,0.993 4.487,2.604c0.356,0.623 0.736,1.288 1.089,1.906c0.211,0.37 0.166,0.832 -0.113,1.153c-0.059,0.067 -0.124,0.124 -0.195,0.172l-5.269,-1.835l-5.269,1.835Z" style="fill:#352412;"/>
<path d="M16.107,23.017c1.828,0 3.558,0.831 4.7,2.259l0.462,0.576c-0.271,0.183 -0.619,0.225 -0.931,0.1c-0.379,-0.152 -0.753,-0.301 -1.086,-0.435c-0.827,-0.33 -1.71,-0.5 -2.6,-0.5l-1.304,0c-0.89,0 -1.773,0.17 -2.6,0.5c-0.333,0.134 -0.707,0.283 -1.086,0.435c-0.312,0.125 -0.66,0.083 -0.931,-0.1l0.462,-0.576c1.142,-1.428 2.872,-2.259 4.7,-2.259l0.214,0Z" style="fill:#1f140a;"/>
<g>
<path d="M11,12.017c0.271,0 0.534,0.036 0.784,0.103c0.216,0.88 1.799,4.711 2.216,4.398l0,0.501c0,0.795 -0.316,1.557 -0.878,2.12c-0.562,0.562 -1.325,0.878 -2.12,0.878c-0.001,0 -0.001,0 -0.002,0c-1.657,0 -3,-1.343 -3,-3c0,-0.655 0,-1.348 0,-2.002c0,-0.795 0.316,-1.558 0.878,-2.12c0.562,-0.562 1.325,-0.878 2.12,-0.878l0.002,0Z" style="fill:#fff;"/>
<path d="M11.784,12.12c1.277,0.345 2.216,1.511 2.216,2.897l0,1.501c-0.417,0.313 -0.936,0.499 -1.498,0.499l-0.004,0c-1.38,0 -2.498,-1.119 -2.498,-2.498l0,-0.004c0,-1.132 0.752,-2.088 1.784,-2.395Z"/>
</g>
<g>
<path d="M21,12.017c0.271,0 0.534,0.036 0.784,0.103c0.216,0.88 1.799,4.711 2.216,4.398l0,0.501c0,0.795 -0.316,1.557 -0.878,2.12c-0.562,0.562 -1.325,0.878 -2.12,0.878c-0.001,0 -0.001,0 -0.002,0c-1.657,0 -3,-1.343 -3,-3c0,-0.655 0,-1.348 0,-2.002c0,-0.795 0.316,-1.558 0.878,-2.12c0.562,-0.562 1.325,-0.878 2.12,-0.878l0.002,0Z" style="fill:#fff;"/>
<path d="M21.784,12.12c1.277,0.345 2.216,1.511 2.216,2.897l0,1.501c-0.417,0.313 -0.936,0.499 -1.498,0.499l-0.004,0c-1.38,0 -2.498,-1.119 -2.498,-2.498l0,-0.004c0,-1.132 0.752,-2.088 1.784,-2.395Z"/>
</g>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 6.3 KiB

1
websites/infra4future.de/assets/img/icons/mattermost.svg Normal file
View File

File diff suppressed because one or more lines are too long
Side by Side

After

Width:  |  Height:  |  Size: 6.3 KiB

3
websites/infra4future.de/assets/img/icons/nextcloud.svg Normal file
View File

File diff suppressed because one or more lines are too long
Side by Side

After

Width:  |  Height:  |  Size: 10 KiB

92
websites/infra4future.de/assets/img/infra4future.svg Normal file
View File

File diff suppressed because one or more lines are too long
Side by Side

After

Width:  |  Height:  |  Size: 111 KiB

BIN
websites/infra4future.de/assets/img/logo_vernetzung.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.4 MiB

45
websites/infra4future.de/index.md
View File

@ -23,34 +23,47 @@ Die Nutzung ist für alle offen! Einfach bei dem Login-Screen auf Registrieren k
{% include a-name.html name="services" %}
# Dienste
Bisher haben wir auf diesem Server schon einige Dienste installiert, darunter:
Sobald ihr einen Account für infra4future habt, könnt ihr euch mit diesem zu allen diesen Diensten einloggen ohne euch für jeden nochmal extra registrieren zu müssen. Eine vollständige Liste an für euch nutzbaren Diensten findet ihr unter [login.infra4future.de](https://login.infra4future.de). Dort könnt ihr außerdem euren Account verwalten und z.B. das Passwort, Mailadresse, oder Anzeigenamen ändern.
Aktuell betreiben wir:
- [Nextcloud](https://cloud.infra4future.de), mit dem ihr Dateien mit eurer Gruppe oder allen Teilen könnt, sowie einige Erweiterungen:
- *Deck* und *Tasks* zum Verwalten (und Überblick-Behalten) über all die Projekte, die mensch so startet
- ein Kalender
- Collabora — erlaubt euch, übliche Office-Dokumente direkt online zu bearbeiten
- ein Kochbuch, denn Essen ist wichtig für den Widerstand! 🍲
- Onlyoffice — erlaubt euch, übliche Office-Dokumente direkt online zu bearbeiten
- [Mattermost](https://mattermost.infra4future.de), eine Plattform zur Echtzeitkommunikation, ähnlich zu Slack.
- [Discourse](https://discuss.infra4future.de), ein Forum für asynchrone Kommunikation
- [Mumble](https://mumble.hacc.space), für Telefonkonferenzen.
- [LimeSurvey](https://survey.infra4future.de), ein Tool zum Erstellen und Durchführen von Umfragen
- [GitLab](https://gitlab.infra4future.de) und [GitLab Pages](https://gitlab.infra4future.de/help/user/project/pages/index.md), eine Hostingplattform für git-Repositories, zum gemeinschaftlichen auf-Software-einhacken (und Webseiten hosten).
- [hacc.media](https://hacc.media), unsere Videoplattform für Vorträge und ähnliches mit Klimabezug (schreibt uns eine Mail, falls ihr eure Aufnahmen dort auch sehen wollt)
Sobald ihr einen Account für infra4future habt, könnt ihr euch mit diesem zu allen diesen Diensten einloggen ohne euch für jeden nochmal extra registrieren zu müssen.
- [Mumble](https://mumble.hacc.space), für Audiokonferenzen.
- [Hedgedoc](https://pad.infra4future.de), für schnelle, kollaborative Notizen.
- [Gitea](https://git.infra4future.de), eine Hostingplattform für git-Repositories, zum gemeinschaftlichen auf-Software-einhacken.
Falls das eure Bedürfnisse noch nicht abdeckt oder ihr andere coole Software haben die ihr gerne benutzen würdet, meldet euch bei uns — wir können nichts versprechen, aber wenn möglich fügen wir gerne auch noch weitere Dienste dazu.
{% include banner.html quote="It is our predicament that we live in a finite world, and yet we behave as if it were infinite." author="Naomi Klein" %}
{% include a-name.html name="faq" %}
# Frequently Asked Questions
{% include faq.html question="Wo kann ich meinen Account bearbeiten?" answer="Deine persönlichen Details kannst du global auf https://auth.infra4future.de/auth/realms/forfuture/account" %}
{% include faq.html question="Ich suche einen Dienst für Videotelefonie" answer="Wir haben unseren Jitsi Dienst aufgrund des hohen Wartungsaufwands eingestellt. Wir können aber [meet.ffmuc.net](https://meet.ffmuc.net/) oder [senfcall.de](https://www.senfcall.de/) empfehlen!" %}
{% include faq.html question="Wo kann ich meinen Account bearbeiten?"
answer="Dein Passwort, deine Mailadresse und deinen Anzeigenamen kannst du
auf [login.infra4future.de](https://login.infra4future.de) bearbeiten." %}
{% include faq.html question="Wie füge ich Menschen zu meiner Gruppe hinzu?"
answer="Da alle Accounts zentral über
[login.infra4future.de](https://login.infra4future.de) verwaltet werden,
werden auch die Zugehörigkeiten zu einzelnen Gruppen dort verwaltet.
Natürlich gibt es auch Gruppen bzw. Teams in Mattermost und Nextcloud; diese
werden möglichst automatisch auf einem Stand mit login.infra4future.de gehalten.
Leider gilt das nicht anders herum — fügt also bitte neue Leute nicht direkt
in Mattermost zu eurem Team hinzu, sondern auf login.infra4future.de oder schickt
ihnen einen Einladungslink. Andernfalls kann es sein, dass sie automatisch
wieder entfernt werden.
" %}
{% include faq.html question="Wie erstelle ich Einladungslinks für meine Gruppe?"
answer="Wenn du Teil der Moderation deines Teams bist, kannst du Einladungslinks
unter [login.infra4future.de/invite](https://login.infra4future.de/invite)
erstellen. Diese können sowohl benutzt werden, um neue Accounts zu erstellen,
als auch, um mit einem bereits existierenden Account einer weiteren Gruppe
beizutreten.
" %}

2
websites/infra4future.de/nutzungsbedingungen.md
View File

@ -16,7 +16,7 @@ title: Infra4future
1. Geltungsbereich der Nutzungsbedingungen
(1) Diese Nutzungsbedingungen gelten für das Online-Angebot Infra4future, das im Internet unter cloud.infra4future.de, talk.infra4future.de, mattermost.infra4future.de, auth.infra4future.de, social.infra4future.de, gitlab.infra4future.de, survey.infra4future.de, live.infra4future.de, 4future.dev und discuss.infra4future.de abrufbar ist. Hierbei handelt es sich um eine Plattform, auf der Nutzer Profile anlegen können.
(1) Diese Nutzungsbedingungen gelten für das Online-Angebot Infra4future, das im Internet unter cloud.infra4future.de, talk.infra4future.de, mattermost.infra4future.de, login.infra4future.de, git.infra4future.de, 4future.dev und discuss.infra4future.de abrufbar ist. Hierbei handelt es sich um eine Plattform, auf der Nutzer Profile anlegen können.
(2) Sie können die derzeit gültigen Nutzungsbedingungen unter infra4future.de/nutzungsbedingungen.html abrufen und ausdrucken.

19
websites/muc.hacc.earth/index.html
View File

@ -300,14 +300,11 @@ Of course we also did and do support multiple events and groups in Munich and Ge
<ul>
<li>Regular meetings of the <a href="https://muc.hacc.earth">hacc e.V.</a>, usually every 1st and 3rd Wednesday 7:30 p.m. at <a href="https://muc.ccc.de/">muCCC</a>. At the moment we meet online on <a href="https://mumble.hacc.space/">mumble.hacc.space</a>.</li>
<li>Regular matinanence of the <a href="https://muc.hacc.earth">hacc e.V.</a> infrastrucutre, usually the Wednesday after the regular meeting sometime in the evening. Normally coordinated on <a href="https://mumble.hacc.space/">mumble.hacc.space</a>.</li>
<li>Help us running the hacc e.V. infrastructure like <a href="https://infra4future.de">infra4future.de</a>. You can open an issue on our <a href="https://gitlab.infra4future.de/hacc/infra/meta">meta discussion repository</a> or (if you are familiar with Nix) open a merge request <a href="https://gitlab.infra4future.de/hacc/infra/haccfiles">on the nixfiles</a> which control a growing part of our infrastructure. Or just ask us via one of hacc e.V. channels above.
<li>Help us running the hacc e.V. infrastructure like <a href="https://infra4future.de">infra4future.de</a>. You can open an issue or create a merge request <a href="https://git.infra4future.de/hacc/haccfiles">on the nixfiles</a> which control a growing part of our infrastructure. Or just ask us via one of hacc e.V. channels above.
</li>
<li>
Interested in streaming and recording? Get in <a href="#contact">contact with hacc-voc</a>
</li>
<li>
<a href="https://hacc.4future.dev/infra4future/blog-zola">The hacc blog</a> can always use input. It's based on <a href="https://getzola.org">zola</a>. The source of our blog is <a href="https://gitlab.infra4future.de/hacc/infra4future/blog-zola">here</a>.
</li>
<li>
Use the <a href="https://hacc.wiki">wiki</a> and add your project!
</li>
@ -402,12 +399,12 @@ registered at the local court Munich VR 208921
<ul>
<li>raphael or rw</li>
<li>zauberberg</li>
<li>schweby</li>
</ul
<li>moira</li>
</ul>
</li>
<li><a href="https://gitlab.infra4future.de/hacc/verein/satzung">Satzung</a> (statutes)</li>
<li><a href="https://gitlab.infra4future.de/hacc/verein/mitgliedsantrag">Mitgliedsantrag</a> (membership application)</li>
<li><a href="https://gitlab.infra4future.de/hacc/verein/zuwendungen">Vereinfachter Spendennachweis</a> (simplified proof of donation)</li>
<li><a href="https://git.infra4future.de/hacc/satzung">Satzung</a> (statutes)</li>
<li><a href="https://git.infra4future.de/hacc/mitgliedsantrag">Mitgliedsantrag</a> (membership application)</li>
<li><a href="https://git.infra4future.de/hacc/zuwendungen">Vereinfachter Spendennachweis</a> (simplified proof of donation)</li>
</ul>
</p>
<p>
@ -430,7 +427,7 @@ Germany<br>
<div class="section">
<h1>About this page<span class="blink"></span></h1>
<p>
The source of the page can be found <a href="https://gitlab.infra4future.de/hacc/infra4future/muc.hacc.earth">here</a>. As with the hacc e.V. infrastructure in general you are invited to make change requests or just <a href="#contac">contact</a> us to ask for changes.
The source of the page can be found <a href="https://git.infra4future.de/hacc/haccfiles/src/branch/main/websites/muc.hacc.earth">here</a>. As with the hacc e.V. infrastructure in general you are invited to make change requests or just <a href="#contac">contact</a> us to ask for changes.
</p>
<p>
The hacc logo was designed by <a href="https://creativesforfuture.de/">Creatives for Future</a>.
@ -443,7 +440,7 @@ The hacc logo was designed by <a href="https://creativesforfuture.de/">Creatives
</main>
<footer class="content" style="z-index: 200">
<div>
<a href="https://gitlab.infra4future.de/hacc/infra4future/muc.hacc.earth">Source of muc.hacc.earth</a> &bull;
<a href="https://git.infra4future.de/hacc/haccfiles/src/branch/main/websites/muc.hacc.earth">Source of muc.hacc.earth</a> &bull;
<a href="#contact">Contact</a> &bull;
<a href="https://infra4future.de/impressum.html">Imprint</a>
</div>