Compare commits

..

238 commits

Author SHA1 Message Date
35853d56e2 re-add infra4future.de faq
(contains info about how groups work)
2022-09-25 19:20:20 +02:00
41c914991a
Merge remote-tracking branch 'origin/fix/mattermost' 2022-09-24 18:05:44 +02:00
f2c90e5601 websites: remove mentions of gitlab.infra4future.de
(one remains for now, will do that later once anyone from students
for future says what to do in that case)
2022-09-24 17:46:48 +02:00
77d7625315
remove gitlab 2022-09-24 17:29:42 +02:00
hexchen
04272968d0 update and fix mattermost 2022-09-24 14:59:52 +00:00
7e615e6daa
Merge branch 'infra4future.de-update' 2022-09-19 18:12:54 +02:00
82e70e0151
change name 2022-09-19 18:11:54 +02:00
6bba15faae
gitea: git protocol v2 over ssh
cf. https://docs.gitea.io/en-us/config-cheat-sheet/#git-git, entry for
option ENABLE_AUTO_GIT_WIRE_PROTOCOL
2022-09-19 18:11:54 +02:00
9bf75b9c3d
git ssh: switch to gitea (instead of gitlab) 2022-09-19 18:11:54 +02:00
83cda0f44a
gitea: save state under /persist 2022-09-19 18:11:54 +02:00
97459d8177
gitea: enable offline mode 2022-09-19 18:11:54 +02:00
6aa06aed18
gitea: fix uffd login
(note that this actually has to patch uffd)
2022-09-19 18:11:54 +02:00
639410011e
update lantifa source urls & hashes 2022-09-19 18:11:54 +02:00
schweby
7db9dbb4c2
!fixup add missing settings section 2022-09-19 18:11:53 +02:00
schweby
856cd79c37
init basic untested config 2022-09-19 18:11:53 +02:00
3ea537459b
change name 2022-09-12 19:29:51 +02:00
f53cb24d2e update infra4future.de index website 2022-09-07 22:08:36 +02:00
45ceeef189
gitea: git protocol v2 over ssh
cf. https://docs.gitea.io/en-us/config-cheat-sheet/#git-git, entry for
option ENABLE_AUTO_GIT_WIRE_PROTOCOL
2022-08-03 11:26:05 +02:00
e246563f57 git ssh: switch to gitea (instead of gitlab) 2022-08-01 20:54:17 +02:00
a1c5832a51 gitea: save state under /persist 2022-08-01 18:39:46 +02:00
c854e10980
gitea: enable offline mode 2022-07-27 23:26:13 +02:00
b5a68e09fd
gitea: fix uffd login
(note that this actually has to patch uffd)
2022-07-27 23:26:13 +02:00
f9f1eee6fd
update lantifa source urls & hashes 2022-07-27 23:26:13 +02:00
schweby
db5865fff2
!fixup add missing settings section 2022-07-27 23:26:13 +02:00
schweby
65ec0779b7
init basic untested config 2022-07-27 23:26:13 +02:00
4b53211130
mattermost: minor upgrade (6.7.0 -> 6.7.2) 2022-07-27 23:25:46 +02:00
schweby
86b9d3113c
parsons/mail: readd noreply@infra4ure 2022-07-17 19:36:42 +02:00
schweby
39aaf2e0bb
!fixup make virtual addresses actually work
also fix typo
2022-07-10 19:02:45 +02:00
schweby
8021685ec8
update mail config 2022-07-09 20:56:46 +02:00
8f413da05a services/nextcloud: remove mail & redis
(both of these have lots of options, which either do nothing at all or
are misconfigured in some way and don't work. If we want redis-caching,
we can re-add it later, but the current state suggest it's already
working, which it isn't, which is worse)
2022-07-09 20:27:46 +02:00
e9d2630ea9 fix auamost path 2022-07-09 19:11:30 +02:00
445a974f97 magic mattermost group sync 2022-07-09 11:00:57 +02:00
4eecd1bad4 update nextcloud to 24
(apparently we forget to commit this??)
2022-07-09 10:56:58 +02:00
schweby
430efbc0a5
update sources 2022-06-09 14:56:38 +02:00
schweby
3dc6b5e3e9
common/users: update schwebys ssh key 2022-05-22 15:08:42 +02:00
hexchen
507a144165 Add uffd application icons 2022-05-02 16:28:37 +00:00
hexchen
7015386cd6 Fix uffd brand icon 2022-05-02 15:53:27 +00:00
schweby
440076bae9
services/nextcloud: make login work reliably 2022-04-30 23:35:19 +02:00
hexchen
27cc65fb14 feat: new SSO!!!! 🎉 2022-04-30 20:43:12 +00:00
287cb84d82
services/mattermost: bump to 6.6.0 2022-04-16 20:31:58 +02:00
schweby
3ee3c37ccb
sources: updates
CVE-2022-1162
2022-04-06 09:05:25 +02:00
39bec9fbd0
services/mattermost: bump to 6.5.0 2022-03-18 19:28:43 +01:00
5c85431847
mattermost: bump to 6.4.2 (security update) 2022-03-11 14:01:53 +01:00
schweby
2cf0119ec1
sources: updates
update kernel to proteced against CVE-2022-0847
2022-03-07 20:44:33 +01:00
schweby
a92ae39d65
gitlab-ci.yml: disable nixda build
It's known broken. No need to waste time and resources.
Reenable when fixed.
2022-02-27 12:22:30 +01:00
schweby
f1c3a2d082
sources: updates 2022-02-27 12:19:36 +01:00
schweby
93c13debe6
services/mattermost: bump to 6.4.1 2022-02-27 11:57:52 +01:00
3e95d6c222
bump nix/sources.json 2022-02-17 19:49:53 +01:00
ca19774c9e
services/mattermost: bump to 6.4.0 2022-02-17 19:49:38 +01:00
032c49c375
comment out services/workadventure
(we're not using it and it's eating build times, so I've disabled it for
now)
2022-02-17 19:48:45 +01:00
4b71a216ba
services/mattermost: bump to 6.1.3
(another security update)
2022-02-05 01:08:46 +01:00
schweby
17d695c00b
common: add niv 2022-02-04 08:51:39 +01:00
schweby
7815e32f9f
services/mail: reduce logspam
reduce logspam by out mail services by seeting them to logleven 5
(notice) and 3 (error)
2022-02-01 17:07:52 +01:00
99811b6711 bump update nixos-mailserver to 21.11 2022-02-01 14:44:47 +01:00
1aebabe8a0 parsons/restics: s3CredentialsFile is deprecated
This is untested, but the documentation on the s3CredentialsFile option
seems to suggest this should be correct.
2022-02-01 14:03:40 +01:00
10942ca464 bump home manager to 21.11 2022-02-01 14:00:35 +01:00
schweby
2d429492fe
services/mail: stop postfix from dying by rspamd 2022-01-31 21:43:25 +01:00
schweby
4bf804c025
services/syncthing: add Vorstands share
currently the receiveencrypted type is not supported by the nixos module
so we have to set it via the webinterface
2022-01-27 22:53:17 +01:00
schweby
8716f2b308
services/syncthing: update config format 2022-01-27 22:52:49 +01:00
hexchen
6de0b91beb fixer tous les things 2022-01-27 20:20:25 +00:00
9937d5ff94
fixing pad.hacc.space (hopefully)
(I haven't tested this, since I don't want to try the upgrade-adventure
a second time today, but I think this should fix it)
2022-01-27 20:38:06 +01:00
4ff0bdf3ec
whoops, apparently some rebase went wrong
(fixing it back into a buildable state)
2022-01-27 20:38:04 +01:00
676ba4fc31
services/hedgedocs: use socket auth for postgres 2022-01-27 20:37:42 +01:00
schweby
569c5652f2
sources: update 2022-01-27 20:37:40 +01:00
schweby
238c1b2c92
mediawiki cleanup 2022-01-27 20:36:34 +01:00
c2c0bd366a
bump nixpkgs to 21.11
This simply updates nixpkgs to 21.11 (along with a general update of
other sources), then follows the hints given out in the build process
until everything (on parsons) ran through fine.

Some things to note:
 - syncthing's declarative config is gone. Instead, declarative and
   non-declarative configuration can now be mixed, but with
   `overrideDevices` set to true, it _should_ ignore non-declarative
   settings and basically behave the same as before (or at least that's
   how I understood the documentation on that)
 - some postfix options now require a lib.mkForce, since the mail module
   also wants to set them — we should probably look into if the mail
   module has nicer ways of handling our settings now (which I didn't
   do)
 - we no longer import the vaultwarden module from unstable, since it's
   included in nixos 21.11 as-is. We _do_ still import the vaultwarden
   package from unstable, since downgrading sounds like a bad idea.
 - nix build will print a warning that `literalExample` is now
   depricated, but we don't seem to use that — I guess at some point
   we'll have to search through our sources if it doesn't go away

This was not yet deployed, and should probably considered a
work-in-progress.

Building Nixda currently fails decklink seems to have disappeared.
2022-01-27 20:36:17 +01:00
68afbe01b3 services/mattermost: bump to 6.1.2 (security update)
cf. https://mattermost.com/blog/mattermost-security-updates-6-3-1-6-2-2-6-1-2-5-37-7-released/

this supposedly fixes a "medium-level security vulnerability", but
they're not telling us what it is (for now …) :rolls_eyes:

anyways, seems to run fine on parsons.
2022-01-25 02:08:40 +01:00
schweby
fa347008fa
common/default.nix: add vgrep 2022-01-19 22:11:10 +01:00
schweby
c21b1b8ddf
services/syncthing: cleanup clients
remove no longer needed clients due to "new" password sharing
2022-01-19 21:35:03 +01:00
schweby
02a64a6f31
services/hedgedoc: lower loglevel to warn 2022-01-19 21:22:32 +01:00
b9aa3050d7 fix mumble website
This does two things:
 - add a group "mumblecert" which is allowed to read the mumble.hacc.space
   cert, and add both nginx and murmur's users to it
 - remove the website's derivation from services/murmur.nix and instead
   add it to the websites/ dir and handle it the same as all our other sites
2022-01-18 09:08:27 +01:00
schweby
6f0d8a6af9
hotfix: disable mumble website
disable the mumble website because of cert permission issues causes by ad9c1f4481
nginx doesn't start because it can read the cert of the website
2022-01-17 22:37:43 +01:00
ad9c1f4481
security/acme: mumble cert readable by murmur group
the postRun thing doesn't seem to work at all anymore?
2022-01-12 23:51:31 +01:00
f800057478
services/hedgedocs: remove unused module imports 2022-01-12 19:31:31 +01:00
ae67b38304 add the rest of our stativ web pages
however, for some reason, ACME still fails. Hopefully it's just the
rate limit, but it does look suspicious; there' still a
"www.muc.hacc.space" in the log that oughtn't be there …
2022-01-10 23:45:21 +01:00
eb07f34672 modules/website.nix init
idea is to have a directory `websites/` which contains all our static
sites, with the name of each subdirectory also being their domain. Then
Nix can just read that directory during build-time and automatically
generate nginx virtualHosts for all of them (note that the
subdirectories have to contain a `default.nix` specifying how to build
the site for that to work).

Thus we could avoid the dependency on gitlab pages.
2022-01-10 22:57:09 +01:00
c08ca5f85f
update readme
its incompleteness annoys me
2022-01-07 18:16:31 +01:00
a7896e718f
services/workadventure: re-add the hacc assembly map as default map 2022-01-07 17:29:10 +01:00
16245e830f
remove truelove-specific workadventure
This removes the special configuration to make our workadventure useable
for the truelove event and reverts it to just run at void.hacc.space
without authentication etc.

Tbh, not sure if that's actually what we want — do we need a running
workadventure instance at all? Or should we just remove the entire container?
2022-01-01 20:03:32 +01:00
schweby
9b38e5fba1 update sources 2021-12-30 22:58:23 +01:00
schweby
8c527ea552 enable ssh for stream user 2021-12-30 22:30:25 +01:00
schweby
b96a026565 cleanup default apps 2021-12-30 22:30:17 +01:00
schweby
ba60e3cf76 pkgs/blackmagic-desktop-video: update to 12.2.2 2021-12-19 17:13:51 +01:00
schweby
2a1e692522 services/lantifa: set mediawiki-version from 21.11
due to a wikiDB issue the mediawiki version in unstable (37) is not
compatible.
switching to 21.05 would mean a downgrade, so this is the hack until we
fully upgrade to 21.11
2021-12-11 13:20:42 +01:00
schweby
af8b16117f sources: add 21.11 as nixpkgs-new 2021-12-11 13:20:15 +01:00
schweby
bde7afa9ca sources: update 2021-12-11 12:54:02 +01:00
928d44fb95 Added stuebinm@hacc.space to mitglieder@hacc.space 2021-12-01 21:25:27 +00:00
3ad6a0d2df raphael@hacc.space added to voc@hacc.space 2021-12-01 21:22:53 +00:00
schweby
277d4a1fa7 services/nextcloud: fix downloads >1GB
should also gernerally improve performance when large(r) amounts of data
are exchanged
2021-11-22 20:58:39 +01:00
schweby
668a3fa4ee replace stdenv.lib with lib because deprecated 2021-11-19 19:54:19 +01:00
fccb150d3c
bump mattermost: 5.39.2 → 6.1.0 2021-11-17 12:48:56 +01:00
schweby
e10545d1f8 update sources
did not update nixpkgs-unstabele due to a compliler version problem
vaultwarden 2.23 needs rustc 1.57, only rustc 1.56.1 is available
2021-11-16 17:42:52 +01:00
6563e0ccfa add services/workadventure for true-love event 2021-11-09 17:02:43 +00:00
schweby
5432503397 services/mattermost: set MaxUsersPerTeam to 250 2021-11-06 18:11:08 +01:00
6d6a2aff67
bump mattermost 5.39.0 → 5.39.1 (security update)
really, i probably should've just jumped straight to 6.0.2, but whatever 🤷
2021-11-04 17:01:45 +01:00
schweby
144bd0d5f5 remove services/unifi
no longer needed
2021-11-03 15:36:03 +01:00
1b94984486
unbreak vaultwarden backup 2021-10-31 22:22:48 +01:00
schweby
6a7e836d22 pkgs/companion: update hash 2021-10-31 21:37:50 +01:00
schweby
f78ae0e50a sources: updates 2021-10-31 19:40:30 +01:00
schweby
13567e0152 sources: remove pbb-nixfiles
no longer available, also unused
2021-10-31 19:39:32 +01:00
schweby
232a90aaf1 services/nextcloud: replace password with file 2021-10-31 09:19:45 +01:00
schweby
0652afa761 services/nextcloud: set defaultapp to apporder 2021-10-31 08:28:10 +01:00
schweby
34eb8651d8 modules/nextcloud: add option for defaultapp 2021-10-31 08:27:40 +01:00
hexchen
750b069420 services/nginx-pages: fix acme bullshit 2021-10-28 19:02:38 +00:00
schweby
939d7adbb6 pkgs/companion: fix hash
who needs consistent links anyway
should fix nixda not building on parsons
2021-10-27 09:20:20 +02:00
schweby
09d6d6838d service/lantifa: update intersection plugin 2021-10-15 22:27:22 +02:00
schweby
5138da6805 sources: update 2021-10-13 20:31:40 +02:00
schweby
ad5d21cba5 sources: updates 2021-10-01 19:32:27 +02:00
octycs
f125de8342 services/nginx-pages: readd help.studentsforfuture.info 2021-09-28 21:28:54 +02:00
56cbb7601b services/vaultwarden: init vaultwarden 2021-09-28 11:13:25 +00:00
schweby
2044b77401 sources: update 2021-09-19 16:45:18 +02:00
schweby
3c3e4c0c83 pkgs/companion: fix hash of nodeHeaders 2021-09-19 16:37:18 +02:00
schweby
dbf8d74a24 set timezones
default is UTC no need to force it
A desktop shoud be in the commonly used timezone.
Forcing UTC has caused trouble multiple times.
2021-09-19 16:35:38 +02:00
schweby
f4089803ff sources: update mattermost to 5.39 2021-09-18 21:53:25 +02:00
schweby
e63af3984c sources: update 2021-09-18 21:37:57 +02:00
schweby
35a563185d parsons/lantifa: update intersection plugin 2021-09-18 21:36:39 +02:00
schweby
982546f73a sources: update 2021-08-30 15:12:30 +02:00
schweby
b9eb988aa0 parsons/murmur: fix acme
credits for ${pkgs.acl} go to stuebinm
2021-08-30 15:12:30 +02:00
hexchen
a113c05025 pkgs: init bitfocus companion for streamdeck 2021-08-28 14:31:14 +00:00
System administrator
20398cf2c8 stuff 2021-08-25 16:23:34 +00:00
schweby
56ad0ed886 nixda/decklink: bump version of bmv to 12.1
bmv = blackmagicvideo
2021-08-23 19:54:18 +00:00
hexchen
fd9e8941c7 get rid of hainich. migration done. 2021-08-23 19:32:02 +00:00
schweby
95a0e9f04a parsons: init lantifa wiki 2021-08-23 19:32:02 +00:00
hexchen
41acbdd3e0 parsons: deploy unifi controller 2021-08-23 19:32:02 +00:00
hexchen
d367269e87 thelounge: foo 2021-08-23 19:32:02 +00:00
hexchen
7dbc22929b parsons/nginx-pages: add muc.hacc.earth hacc 2021-08-23 19:32:02 +00:00
hexchen
35cd963f8c services/gitlab-runner: init on parsons
also disable ci for hainich
2021-08-23 19:32:02 +00:00
hexchen
6121acabd7 maintenance: update sources, fix mattermost 2021-08-23 19:32:02 +00:00
hexchen
275d3a16f0 parsons: init lxc 2021-08-23 19:32:02 +00:00
hexchen
69e49a0020 services/gitlab: init ssh 2021-08-23 19:32:02 +00:00
hexchen
373926e33b services/gitlab: init on parsons 2021-08-23 19:32:02 +00:00
schweby
7881b444ba parsons: init syncthing 2021-08-23 19:32:02 +00:00
hexchen
cdeb52f808 services/mail: migrate to parsons 2021-08-23 19:32:02 +00:00
schweby
f5579bc98e parsons: config nginx 2021-08-23 19:32:02 +00:00
hexchen
a5063ae960 parsons: small fixes 2021-08-23 19:32:02 +00:00
schweby
632bf21200 parsons: fix hegedocs 2021-08-23 19:32:02 +00:00
schweby
76c9b07d56 parsons: init hegedocs 2021-08-23 19:32:02 +00:00
hexchen
172d0869b3 services/murmur: migrate to parsons 2021-08-23 19:32:02 +00:00
hexchen
4b11dbf1d4 services/thelounge: move to parsons 2021-08-23 19:32:02 +00:00
84ac81435e hainich: hacky version of thelounge as webchat
Intended for KontraIAA; requirements were that it should be a simple and
non-confusing as possible.

I tried both KiwiIRC and thelounge, and found both horrible to
package (a fact not helped by the somewhat opaque structure of
nixpkgs.nodePackages, which does contain a version of thelounge but
will apparently ignore overrides of the src attribute).

Instead, this now contains a very hacky version of thelounge, which
merely takes the already-built version from nixpkgs and glues some extra
css to it which hides potentially confusing fields.

Things hidden on the "connect" screen:
 - the "name" field (since thelounge offers "nick" "name" and "realname"
   by default, which seems too much for something embedded on a website)
 - the "I have a password" checkbox

Things hidden on the general view:
 - the button to open the side panel (the panel itself is not hidden,
   and will appear by itself on wider layouts), so that users will only
   see that one channel
 - the "channel options" menu (which includes a "leave channel" option
   which would effectively break the webchat)

Things not addressed:
 - thelounge has autocompletion for /join /leave, etc. Do we want to
   disable that as well?
 - It would probably useful to suppress all the "x joined the channel"
   messages. Thelounge supports this, but apparently doesn't support
   setting it as default?

Misc:
 - for now, users will be connected to #thelounge on libera.chat, which
   appears to be okay with being used as an experimental channel
 - I allowed prefetching link previews, but only on the server's side
   (i.e. users' browsers won't fetch content from arbitrary sites)
 - not yet tested on hainich, but should work (tested in a NixOS
   container)
 - currently assumes a "webchat.voc.hacc.space" domain (I think we had a
   voc domain? but I forgot where it is …)
2021-08-23 19:32:02 +00:00
schweby
b23582a52f services/mattermost: init on parsons 2021-08-23 19:32:02 +00:00
hexchen
1c65805589 parsons: init backups 2021-08-07 12:05:26 +00:00
hexchen
da7beff2fe services/nextcloud: init on parsons 2021-08-07 12:05:26 +00:00
hexchen
3541d14c76 parsons: add nftables 2021-08-07 12:05:26 +00:00
hexchen
479d119b8b ci: add parsons 2021-08-07 12:05:26 +00:00
hexchen
0b30d81d13 hosts/parsons: init minimal config 2021-08-07 12:05:25 +00:00
hexchen
cf5062adfd sources: update nixpkgs to 21.05
this caused various other changes related to nftables, we are now using
hexchen's fork of pbb's module.
2021-08-07 12:05:25 +00:00
hexchen
cbeb0e86c1 mail: emergency alias 2021-08-03 17:13:46 +00:00
schweby
d3e08e0247
sources: update packages 2021-07-28 22:31:23 +02:00
2d0a5b9c22
Merge branch 'mattermost-reply-threads' of https://gitlab.infra4future.de/hacc/infra/haccfiles into mattermost-reply-threads 2021-07-18 21:28:28 +02:00
20bafd66c5
mattermost: add recommended proxy settings
This unbreaks the keycloak login
2021-07-18 21:26:14 +02:00
schweby
2c0abd0cc4
sources: set template for mattermost-server 2021-07-16 23:45:43 +02:00
32e13edee1
fix hashes
apparently I changed the url but not the hash at some point while
fiddling with the sources.json file.

have I mentioned how much I like niv yet?
2021-07-16 18:14:22 +02:00
69f5448aa3
mattermost 5.34.3 → 5.37.0
Among other things, this contains the "collapsable reply threads" feature
which makes it behave similar to slack.

Also, after spending thirty minutes or so attempting to teach niv that
it should really only fetch the tag "5.37.0" from the mattermost-server
repository and not any other commit, branch, or similar (there is a
"release-5.37" branch, but that seems to be for active development), I
have temporarily given up on it and typed in the urls manually.

Unfortunately, this means that any kind of `niv update` will now break
things. If anyone knows how to use niv correctly for this please patch
this; otherwise I guess we can extract mattermost out from niv again.
2021-07-16 17:45:18 +02:00
schweby
bfaa6a54ab
sources: update packages 2021-07-14 22:36:17 +02:00
schweby
04375f8152
hainich: remove websites
websites are now back on gitlab again
2021-07-14 22:15:03 +02:00
schweby
725517a035
sources: pin hexchen repo 2021-07-01 18:55:12 +02:00
schweby
6a408db9c1
hotfix: add websites to hainich
because gitlab broke websites AGAIN, they are now running on hainich
directly
While this is only a temporary solution, I think it will be as permanent
as they come
2021-06-25 11:38:47 +02:00
schweby
776c4d2f0f
sources: update packages 2021-06-23 23:16:54 +02:00
schweby
f6bf8c7c00
hainich: remove A20 ghost 2021-06-23 23:06:49 +02:00
octycs
df6f0baa71 hainich/mediawiki: Fix broken URL to plugin 2021-06-11 19:08:22 +02:00
schweby
b092919a53 nixda:update desktopvideo to 12.0 2021-06-09 21:58:06 +00:00
schweby
ab68332e2b sources: update packages 2021-06-09 22:30:19 +02:00
schweby
d37899698c
hainich: remove minecraft
nixos and its concepts/service management/update mechanism don't play nice with minecraft
In general some things I wanted to do (e.g. a map) are to spikiely resource intensive to run on a server meant to provide other services consistently
A replacement will be provided soon™
2021-06-06 18:22:24 +02:00
schweby
fec87aa59d
sources: update packages 2021-06-03 17:25:47 +02:00
Lukas
378c79f93e hainich:add hedgedoc for i4f 2021-06-02 19:08:54 +00:00
schweby
e9eb76c2b5
update sources 2021-05-26 22:31:06 +02:00
schweby
8506265060
sources: update packages 2021-05-12 21:41:53 +02:00
schweby
644c433809 hainich: init ghost A20 2021-05-12 19:37:15 +00:00
7d2e5f7576 ci: split up pipelines by host
Rationale: if one build fails, the other one will still continue running.
Especially since we already have some (and will presumably add more)
proprietary software to nixda which may require manual intervention
using nix-prefetch-url, this seems like a good idea.

An alternative would be to just specifiy `--keep-going`, but this seems
likely to lead to unreadable output.

However, I'm not sure what exactly happens when we try to run builds for
both hosts at once on the same nix store — it may be that this isn't the
best idea, but I guess we can just make the pipelines sequential instead
if necessary.

pipeline: fix mistake in build command

(previous commit contained two builds for nixda, none for hainich)
2021-05-10 14:41:42 +00:00
hexchen
3b39b0f316 hainich/gitlab-runner: limit nix builds to 1
running concurrent builds might cause stuff to be redownloaded/rebuilt.
2021-05-10 14:39:51 +00:00
3d8db75c48
mail: add addresses for c3wooc
Assuming I've understood the format of this config correctly, this
should add two new addresses for the c3wooc (one for general contact,
one for patches); both forwarding to its members (currently only hxchn
and me).
2021-05-08 20:06:00 +02:00
schweby
1e57204b7a
sources: update packages 2021-05-01 18:48:15 +02:00
9e7a277b6a workadventure: fix turn ipv4 address
apparently I missed changing that; it still pointed to my own
server (flora.stuebinm.eu) instead of hainich.
2021-04-29 22:20:10 +00:00
schweby
ae8bf7c8f6
sources: manage mattermost with niv
also reenables mattermost
also updated to version 5.34.2
2021-04-28 22:29:31 +02:00
schweby
148741f4c3
sources: update packages 2021-04-28 22:01:02 +02:00
schweby
3067d1b8fb
hainich/mediawiki: set static URL for WikiDB 2021-04-27 11:09:42 +02:00
hexchen
bc684b1626 services/mail: clean up the config file 2021-04-26 17:08:34 +00:00
schweby
908d6df2da
sources: update sources
this also disables mattermost-beta because of a version mismatch with
the development branch
will be readded with MR
2021-04-20 21:52:18 +02:00
schweby
9770b4089a
sources.json: replace refs with branches
refs are the old way of referring to what niv tracks for updates
niv actively encourages to switch to branches or tags so this is done
here
2021-04-20 21:39:17 +02:00
schweby
df31a3da35
hainich/minecraft: get server.jar via sources.json 2021-04-17 17:19:52 +02:00
schweby
3473603f91
sources: add papermc 2021-04-17 17:16:04 +02:00
schweby
243d0bf14d
hainich/minecraft: fix & reorder config
fixes a formatting error in jvmOpts and slightly reoders the config
2021-04-17 17:15:49 +02:00
schweby
75ec36dda2
hainich/mumble: import website from sources.json 2021-04-16 15:54:25 +02:00
schweby
18ed88727f
sources: add mumble-website 2021-04-16 15:52:17 +02:00
6e36ff58e2 workadventure: update and manage sources with niv
Changes:
 - workadventure is now pulled from stuebinm.eu/git via niv, and
   should be updated automatically along with the other sources
 - the same is true for the default map, which gets pulled directly from
   its gitlab sources.
 - this setup may potentially break things if I decide to rename an
   option upstream, but I don't think that'll happen too often
 - made the code a little nicer
 - uses workadventure-xce now, since the tabascoeye version is now gone

Open for discussion:
 - afaik know, the current version of workadventure-xce now contains
   fediventure-specific patches. Do we want that, or should we switch
   to the unfederated version?
2021-04-15 20:12:32 +00:00
hexchen
c3c3bca114 hainich/mail: update mailing lists, remove unused 2021-04-15 20:09:49 +00:00
schweby
1c446bec8d
hainich/hedgedoc: redirect pad.hacc.earth to pad.hacc.space 2021-04-15 14:13:15 +02:00
schweby
25568db129
hainich/nginx: disable interest cohort globally 2021-04-15 10:16:20 +02:00
schweby
0c55ccb47b
hainich: reduce backup retention 2021-04-15 06:37:12 +02:00
schweby
ccb4469922
hainich: Set more sensible snapshot retention time 2021-04-15 06:35:31 +02:00
schweby
b136ca090f
hainich: remove hasenloch 2021-04-15 06:18:26 +02:00
schweby
1f40f1f142
hainich: disable workadventure 2021-04-14 22:47:25 +02:00
schweby
caa45759a1
hainich/minecraft: update to paper 1.16.5-592 2021-04-14 22:43:35 +02:00
schweby
289c82e529
sources: update sources 2021-04-14 22:43:19 +02:00
schweby
7c04319456
hainich/minecraft: update to paper 1.16.5-583 2021-04-07 09:38:09 +02:00
schweby
2112e6e40e
sources: update packages 2021-04-07 09:38:05 +02:00
L3D ワッフルマイスター
b2d2235d4d remove newline in murmur.nix 😉 2021-04-05 06:46:34 +00:00
schweby
ee53d85b94
hainich/mumble: switch to updated site 2021-04-05 08:39:34 +02:00
schweby
6f7c79f93e
sources: update packages 2021-04-04 12:37:40 +02:00
schweby
87b3518ebd
hainich/minecraft: update to paper 1.16.5-576 2021-04-03 21:17:21 +02:00
schweby
cfb0cd5013
hainich/minecraft: add optimised GC options 2021-04-03 21:17:21 +02:00
schweby
d48c7cdcac
pkgs: set jre_headless to jdk11_headless
this is a workaround to be able to use java 11 with the
minecraft-server module
minecraft calls for jre_headless, which is still java 8
newer java version don't ship jre, which now have to be custom built or
the jdk used
2021-04-03 21:07:02 +02:00
schweby
5b37fde996
Merge branch 'mattermost-upgrade' 2021-04-03 10:23:00 +02:00
schweby
6db58c4a01
hasenloch: add FAQ and Contact 2021-04-03 08:00:59 +02:00
schweby
2974b9688b
hasenloch: update to newer version 2021-04-02 16:38:31 +02:00
schweby
a2bd7880b4
hainich/docker: stop docker from loading iptables 2021-03-30 23:59:05 +02:00
schweby
c10caa5b0f
hainich/mattermost: disable container firewall 2021-03-30 23:57:52 +02:00
schweby
78e607a28d
hainich: block x_tables module
this also blocks the x_tables module to prent it from loading
ip_tables
2021-03-30 17:59:26 +02:00
schweby
8a17da7761
sources: update nix packages 2021-03-27 11:53:49 +01:00
schweby
d1e88ef87a
hainich/nginx: disable /var/secrets/ingest.conf
If the file in not present, the preExec check for the config fails and
disrupts the deploy.
Before readding make sure the file will always be present!
2021-03-27 11:48:43 +01:00
schweby
1064836092
Revert "security: remove hexchen"
This reverts commit bab826b1c7.
Also fixes hexchen nix due new logic
2021-03-26 22:04:27 +01:00
schweby
5579a60b4e
Revert "security: remove hexchen mail"
This reverts commit 32b5958279.
2021-03-26 21:53:17 +01:00
schweby
49fa714861
sources: update nix packages 2021-03-25 21:53:21 +01:00
011196f875
mattermost: disable analytics & telemetry
note that this ALSO disables the security alert features of mattermost [1],
which would send us alerts in case of security updates for our current
mattermost version. I have disabled it since it would send information
about our instance (including e.g. the current number of active users) to
mattermost every 24 hours.

Since we now essentially maintain our own set of mattermost packages, I
recommend at least some of us subscribe to the mattermost release blog [2],
and manually update the mattermost sources in `/pkgs/mattermost` as required
(I have done so already). The release blog is also available as an rss feed [3].

[1] https://docs.mattermost.com/administration/telemetry.html#security-update-check-feature
[2] https://mattermost.com/blog/category/releases
[3] https://mattermost.com/blog/category/releases/rss
2021-03-25 15:51:01 +01:00
d3af36bd3c
mattermost: update to version 5.30.3
This should be compatible with the version we currently use, and also include all hot-fixes
etc. which we definitely want to have.
2021-03-25 15:32:47 +01:00
stuebinm
d5cf2abccc
hainich: init mattermost beta 2021-03-24 22:37:38 +01:00
schweby
29e15bc2bd
sources: update nix packages 2021-03-24 22:22:10 +01:00
schweby
e4a0367a51
sources: remove unecessary refs 2021-03-24 21:30:06 +01:00
schweby
b604cee52a
hainich/minecraft: Update to paper 1.16.6-167 2021-03-24 21:13:26 +01:00
schweby
077e8264f7
hainich/hasenloch: set config suitable for r2r 2021-03-24 19:28:22 +01:00
schweby
f54be467b8
hainich/hasenloch: update to r2r version
to update to this version removal of the cache at
*engelsystem/storage/cache is necessary for the site to work
2021-03-24 19:19:33 +01:00
schweby
99d534586a
hainich/minecraft: update to paper 1.16.5-562 2021-03-20 17:09:58 +01:00
schweby
8377d27b87 hainich: init minecraft server
this server replaces the vanilla minecraft server on libocedrus
2021-03-20 16:59:47 +01:00
schweby
071f135ef4
hainich: Blacklist ip_tables and ip6_tables
Prevent **something** (docker) from loading the iptables kernel modules
and breaking nftables
2021-03-20 16:56:56 +01:00
schweby
233ffdd769
hainich/nginx: redirect hacc.space to hacc.earth
redirect was previously managed on libocerus
hacc.space now points to hainich
2021-03-18 19:12:14 +01:00
schweby
77c06c5509
hainich/nginx: let all empty subdomains 404
* make hainich.hacc.space the default virtualHost for nginx
if no host is running on that subdomain, this will be shown
* disable SSL, so no pesky SSL error for empty subdomains anymore
* remove lots of unneeded brackes and semicolons
2021-03-18 19:04:00 +01:00
schweby
94eafe59d2
hainich/nginx: remove rc3 cluster site 2021-03-18 19:01:44 +01:00
dbbdde76c7
mumble.hacc.space: move site from gitlab into nix derivation
Since the delivery of mumble.hacc.space/murmur.hacc.space via gitlab pages
broke (for whatever reason), I've packaged the site into an ad-hoc nix
derivation, which is now delivered locally by nginx instead. This has a
couple benefits (mainly that we no longer depend on gitlab pages), but
also the downside that we can't just update the site via gitlab's CI/CD
pipelines anymore.
2021-03-17 22:35:51 +01:00
schweby
32b5958279 security: remove hexchen mail 2021-03-13 00:27:53 +01:00
schweby
bab826b1c7 security: remove hexchen 2021-03-12 23:53:51 +01:00
schweby
db51a3adde common: set schweby's shell to fish 2021-03-12 12:28:26 +01:00
faee8da700 nixda: bump version of obs to nixpkgs/unstable 2021-03-11 00:12:08 +01:00
schweby
2d4309fdf4 hainich: init workadventure 2021-03-11 00:11:51 +01:00
schweby
d11ca2bb3e sources: update nix packages 2021-03-10 20:59:23 +01:00
hexchen
b186473e68 sources: update nix-hexchen
lots of fancy new stuff, but most importantly: we no longer import all
of my user config, just the very base.

none of that fancy stuff is active right now, this should mostly be a
no-op unless we do the same restructure that i have just done in my
nixfiles here as well.
2021-03-10 20:58:31 +01:00
hexchen
6f2cc7bf7f hainich: remove obsolete nginx host 2021-03-09 10:10:03 +00:00
hexchen
bc58060390 mail: update rinderhacc password and alias 2021-03-09 10:03:18 +00:00
258 changed files with 42557 additions and 1259 deletions

View file

@ -1,9 +1,9 @@
stages:
- build
build:
build-parsons:
tags:
- nix
stage: build
script:
- nix-build -A deploy.all
- nix-build -A deploy.parsons

View file

@ -10,6 +10,8 @@ welcome to hacc nixfiles (haccfiles). this is the code describing our nix-based
- `modules/`: home-grown modules for hacc-specific services
- `nix/`: sources files, managed with niv
- `pkgs/`: packages we built and don't want to upstream
- `hosts/`: configuration.nix per host
- `services/`: all services we run; imported in appropriate host config
## working with the haccfiles
@ -20,6 +22,19 @@ nix build -f . deploy.$hostname && ./result switch
`$hostname` can be replaced with any hostname or group
## I don't want to build this long dependency / want a cached version!
If it's still available on parsons from a previous deploy, do:
```shell
nix copy --from ssh://parsons /nix/store/...
```
Note: don't just copy the .drv file (which Nix complains about if it can't
build something), that's just the description of how to build it! If you
don't know the actual outpath, look in the .drv file (should start with
`Derive([("out","[the path you want]"...`)
## committing to haccfiles
- Golden Rule: DO NOT COMMIT TO MAIN
- exceptions apply, if you are not sure where to commit, don't commit to main

View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ config, lib, pkgs, modules, ... }:
let
sources = import ../nix/sources.nix;
@ -7,10 +7,10 @@ in {
../modules
./users.nix
(sources.home-manager + "/nixos")
(sources.pbb-nixfiles + "/modules/nftables")
modules.network.nftables
];
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages;
boot.kernelParams = [ "quiet" ];
networking.domain = lib.mkDefault "hacc.space";
@ -36,7 +36,6 @@ in {
security.sudo.wheelNeedsPassword = lib.mkDefault false;
i18n.defaultLocale = "en_IE.UTF-8";
time.timeZone = "UTC";
console = {
font = "Lat2-Terminus16";
keyMap = "de";
@ -45,8 +44,8 @@ in {
environment.systemPackages = with pkgs; [
smartmontools lm_sensors htop tcpdump nload iftop
# bottom
ripgrep
bottom
ripgrep vgrep
git wget
kitty.terminfo
rsync pv progress
@ -62,7 +61,7 @@ in {
socat
tmux
gnupg
vim
vim neovim
patchelf
binutils
dnsutils
@ -70,6 +69,8 @@ in {
nmap
s-tui stress
ffmpeg-full
bat
niv
];
security.acme.email = "info+acme@hacc.space";
@ -77,7 +78,8 @@ in {
services.nginx.appendHttpConfig = ''
access_log off;
add_header Permissions-Policy "interest-cohort=()";
'';
petabyte.nftables.enable = true;
networking.nftables.enable = true;
}

View file

@ -4,6 +4,6 @@ let
sources = import ../nix/sources.nix;
in {
imports = [
(sources.nix-hexchen + "/users/hexchen")
(import sources.nix-hexchen {}).users.hexchen.base
];
}

View file

@ -48,12 +48,13 @@
packages = with pkgs; [ ffmpeg ];
};
schweby = {
moira = {
uid = 1004;
shell = pkgs.fish;
isNormalUser = true;
extraGroups = [ "wheel" "cdrom" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL6JWi0MBDz0Zy4zjauQv28xYmHyapb8D4zeesq91LLE schweby@txsbcct"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJrcJRF71+XM5YZj+SaSiGcdVZ0IDxGBXIWssDtHiTtr moira_2022_06"
];
hashedPassword = "$6$zkAsaVdmIduqZxez$GY9aBlYeP41F0it/VbbZzLLLRQhHAbDdFsa3e/1GS9McTuSimMHODg6HqNVEH1zSqD3afhK/0UHfqbtF5qpi90";
};

View file

@ -2,6 +2,10 @@ rec {
sources = import ./nix/sources.nix;
pkgs = import ./pkgs {};
inherit (pkgs) lib;
inherit (import (sources.nix-hexchen + "/lib/hosts.nix") { inherit pkgs; hostsDir = ./hosts; commonImports = [./common]; pkgsPath = ./pkgs; }) hosts groups;
inherit (import (sources.nix-hexchen + "/lib/hosts.nix") {
inherit pkgs sources;
inherit ((import sources.nix-hexchen) {}) modules;
hostsDir = ./hosts; commonImports = [./common]; pkgsPath = ./pkgs;
}) hosts groups;
deploy = import (sources.nix-hexchen + "/lib/deploy.nix") { inherit pkgs hosts groups; };
}

View file

@ -7,19 +7,21 @@
allowUnfree = true;
};
# boot.plymouth.splashBeforeUnlock = true;
users.users.schweby.packages = with pkgs; [
environment.systemPackages = with pkgs; [
pulsemixer pavucontrol
firefox git kitty j4-dmenu-desktop bemenu
firefox kitty j4-dmenu-desktop bemenu
breeze-qt5 mako
mpv youtube-dl
wl-clipboard mumble
xdg_utils
slurp grim libnotify
_1password-gui
gimp
# gnome3.nautilus
] ++ (with pkgs; [ alacritty picom feh copyq polybar cinnamon.nemo rofi arandr notepadqq nomacs bat ]);
] ++ (with pkgs; [ alacritty picom feh copyq polybar cinnamon.nemo rofi arandr notepadqq nomacs imv gthumb ]);
sound.enable = true;
time.timeZone = "Europe/Berlin";
hardware.pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;

View file

@ -1,127 +0,0 @@
{ config, lib, pkgs, ... }:
{
imports = [
../../common
./encboot.nix
./hardware.nix
./services/murmur.nix
./services/mail.nix
./services/codimd.nix
../../common
# ./wireguard.nix
./services/nginx.nix
# ./k8s.nix
./services/docker.nix
./services/gitlab-runner.nix
./services/lantifa.nix
./services/hasenloch.nix
./services/syncthing.nix
./services/monitoring.nix
];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
boot.supportedFilesystems = [ "zfs" ];
# networking
networking.hostName = "hainich";
networking.hostId = "8a58cb2f";
networking.useDHCP = true;
networking.interfaces.enp6s0.ipv4.addresses = [
{
address = "46.4.63.148";
prefixLength = 27;
}
{
address = "46.4.63.158";
prefixLength = 27;
}
];
networking.interfaces.enp6s0.ipv6.addresses = [ {
address = "2a01:4f8:140:84c9::1";
prefixLength = 64;
} ];
networking.defaultGateway = "46.4.63.129";
networking.nameservers = [
"1.1.1.1" "1.0.0.1"
"2606:4700:4700::1111" "2606:4700:4700::1001"
];
networking.defaultGateway6 = {
address = "fe80::1";
interface = "enp6s0";
};
hacc.nftables.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.internalIPs = [ "192.168.100.0/24" "172.17.0.0/16" ];
networking.nat.externalInterface = "enp6s0";
networking.firewall.allowedTCPPorts = [ 22 80 443 ];
# networking.firewall.allowedUDPPorts = [ ... ];
# networking.firewall.enable = false;
# misc
time.timeZone = "UTC";
environment.systemPackages = with pkgs; [
wget vim git
];
services.openssh.enable = true;
services.openssh.ports = [ 22 62954 ];
users.users.root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL6JWi0MBDz0Zy4zjauQv28xYmHyapb8D4zeesq91LLE schweby@txsbcct"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvmrk3i04tXfrSlZtHFbG3o6lQgh3ODMWmGDING4TJ4ctidexmMNY15IjVjzXZgQSET1uKLDLITiaPsii8vaWERZfjm3jjub845mpKkKv48nYdM0eCbv7n604CA3lwoB5ebRgULg4oGTi60rQ4trFf3iTkJfmiLsieFBZz7l+DfgeDEjDNSJcrkOggGBrjE5vBXoDimdkNh8kBNwgMDj1kPR/FHDqybSd5hohCJ5FzQg9vzl/x/H1rzJJKYPO4svSgHkYNkeoL84IZNeHom+UEHX0rw2qAIEN6AiHvNUJR38relvQYxbVdDSlaGN3g26H2ehsmolf+U0uQlRAXTHo0NbXNVYOfijFKL/jWxNfH0aRycf09Lu60oY54gkqS/J0GoQe/OGNq1Zy72DI+zAwEzyCGfSDbAgVF7Y3mU2HqcqGqNzu7Ade5oCbLmkT7yzDM3x6IsmT1tO8dYiT8Qv+zFAECkRpw3yDkJkPOxNKg10oM318whMTtM3yqntE90hk= schweby@taxusbaccata"
];
initialHashedPassword = "$6$F316njEF2$GMF4OmPSF6QgZ3P/DblQ/UFMgoo98bztbdw7X0ygvBGC1UMMIc13Vtxjd/ZGRYW/pEHACZZ7sbRZ48t6xhvO7/";
# shell = pkgs.fish;
};
# storage stuffs!
services.zfs = {
autoSnapshot = {
enable = true;
};
autoScrub = {
enable = true;
};
};
boot.kernelPackages = pkgs.linuxPackages;
services.restic.backups.tardis = {
passwordFile = "/etc/restic/system";
s3CredentialsFile = "/etc/restic/system.s3creds";
paths = [
"/data"
"/home"
"/run/florinori"
"/var/lib/containers/codimd/var/lib/codimd"
"/var/lib/containers/codimd/var/backup/postgresql"
"/var/lib/containers/lantifa/var/lib/mediawiki"
"/var/lib/containers/lantifa/var/backup/mysql"
"/var/lib/murmur"
"/var/lib/syncthing"
];
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 5"
"--keep-monthly 12"
];
repository = "b2:tardis-hainich:system";
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "20.03"; # Did you read the comment?
}

View file

@ -1,28 +0,0 @@
{ config, lib, pkgs, ... }:
{
boot.initrd.kernelModules = [ "r8169" ]; # add network card driver
boot.kernelParams = ["ip=:::::enp6s0:dhcp"]; # enable dhcp on primary network interface
boot.initrd.network = {
enable = true;
ssh = {
enable = true;
port = 2222;
# TODO: Modify system config so that this works
# authorizedKeys = with lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else []) config.users.users);
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
hostKeys = [ /run/keys/ecdsa_host ];
};
# TODO: curl some webhook here to alert?
# possibly quite hard to do, we only have limited wget or netcat available
# how this all works:
# when someone logs in via ssh, they are prompted to unlock the zfs volume
# afterwards zfs is killed in order for the boot to progress
# timeout of 120s still applies afaik
postCommands = ''
zpool import zroot
zpool import dpool
echo "zfs load-key -a; killall zfs && exit" >> /root/.profile
'';
};
}

View file

@ -1,52 +0,0 @@
{ config, lib, pkgs, ... }:
{
boot.initrd.availableKernelModules = [ "uhci_hcd" "ahci" "sd_mod" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "zroot/root/nixos";
fsType = "zfs";
};
fileSystems."/nix" =
{ device = "zroot/root/nixos/nix";
fsType = "zfs";
};
fileSystems."/home" =
{ device = "dpool/home";
fsType = "zfs";
};
fileSystems."/var/lib/containers" =
{ device = "dpool/containers";
fsType = "zfs";
};
fileSystems."/var/lib/docker" =
{ device = "dpool/docker";
fsType = "zfs";
};
fileSystems."/var/lib/gitlab-runner" =
{ device = "dpool/gitlab-runner";
fsType = "zfs";
};
fileSystems."/data" =
{ device = "dpool/data";
fsType = "zfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/40125f55-7fe8-4850-902e-b4d6e22f0335";
fsType = "ext2";
};
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 12;
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
}

View file

@ -1,125 +0,0 @@
{ config, pkgs, ... }:
{
services.etcd = {
advertiseClientUrls = [
"https://[2a0d:eb04:8:10::1]:2379"
];
listenClientUrls = [
"https://[2a0d:eb04:8:10::1]:2379"
];
listenPeerUrls = [
"https://[::1]:2380"
];
};
services.kubernetes = {
roles = [ "master" "node" ];
flannel.enable = false;
addons.dns = {
enable = true;
clusterIp = "2a0d:eb04:8:11::53";
reconcileMode = "EnsureExists";
};
pki.cfsslAPIExtraSANs = [ "hainich.hacc.space" ];
apiserver = {
advertiseAddress = "2a0d:eb04:8:10::1";
extraSANs = [
"2a0d:eb04:8:10::1" "2a0d:eb04:8:11::1" "hainich.hacc.space"
];
bindAddress = "::";
insecureBindAddress = "::1";
etcd = {
servers = [ "https://[2a0d:eb04:8:10::1]:2379" ];
};
serviceClusterIpRange = "2a0d:eb04:8:11::/120";
extraOpts = "--allow-privileged=true";
};
controllerManager = {
bindAddress = "::";
clusterCidr = "2a0d:eb04:8:12::/64";
};
kubelet = {
address = "::";
clusterDns = "2a0d:eb04:8:11::53";
};
proxy = {
bindAddress = "::";
};
scheduler = {
address = "::1" ;
};
apiserverAddress = "https://[2a0d:eb04:8:10::1]:6443";
clusterCidr = "2a0d:eb04:8:12::/64";
easyCerts = true;
masterAddress = "hainich.hacc.space";
};
networking.firewall = {
allowedTCPPorts = [ 80 443 6443 ];
trustedInterfaces = [
"cbr0" "tunnat64"
];
extraCommands = ''
iptables -t nat -A POSTROUTING -o enp6s0 -j SNAT --to 46.4.63.158
iptables -A FORWARD -i tunnat64 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -d 46.4.63.158 --dport 80 -j DNAT --to-destination 10.255.255.2:80
iptables -t nat -A PREROUTING -p tcp -d 46.4.63.158 --dport 443 -j DNAT --to-destination 10.255.255.2:443
iptables -t nat -A PREROUTING -p tcp -d 46.4.63.158 --dport 6443 -j DNAT --to-destination 10.255.255.1:443
ip6tables -A FORWARD -i tunnat64 -j ACCEPT
ip6tables -A INPUT -i tunnat64 -j ACCEPT
'';
extraStopCommands = ''
iptables -t nat -D POSTROUTING -o enp6s0 -j SNAT --to 46.4.63.158
iptables -D FORWARD -i tunnat64 -j ACCEPT
iptables -t nat -D PREROUTING -p tcp -d 46.4.63.158 --dport 80 -j DNAT --to-destination 10.255.255.2:80
iptables -t nat -D PREROUTING -p tcp -d 46.4.63.158 --dport 443 -j DNAT --to-destination 10.255.255.2:443
iptables -t nat -D PREROUTING -p tcp -d 46.4.63.158 --dport 6443 -j DNAT --to-destination 10.255.255.1:443
ip6tables -A FORWARD -i tunnat64 -j ACCEPT
ip6tables -A INPUT -i tunnat64 -j ACCEPT
'';
};
systemd.services.tayga = (let
config = pkgs.writeText "tayga.conf" ''
tun-device tunnat64
ipv4-addr 10.255.255.254
prefix 2a0d:eb04:8:10:64::/96
dynamic-pool 10.255.255.0/24
map 10.255.255.1 2a0d:eb04:8:10::1
map 10.255.255.2 2a0d:eb04:8:11::2
strict-frag-hdr 1
'';
startScript = pkgs.writeScriptBin "tayga-start" ''
#! ${pkgs.runtimeShell} -e
${pkgs.iproute}/bin/ip link set up tunnat64 || true
${pkgs.iproute}/bin/ip route add 10.255.255.0/24 dev tunnat64 || true
${pkgs.iproute}/bin/ip -6 route add 2a0d:eb04:8:10:64::/96 dev tunnat64 || true
${pkgs.tayga}/bin/tayga -d --config ${config}
'';
in {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
ExecStart = ''${startScript}/bin/tayga-start'';
};
});
networking.interfaces.cbr0.ipv6.routes = [{
address = "2a0d:eb04:8:10::";
prefixLength = 60;
}];
networking.interfaces.tunnat64 = {
virtual = true;
};
# openebs expects some stuff to be there.
system.activationScripts.openebs = ''
mkdir -p /usr/lib /usr/sbin
ln -sf ${pkgs.zfs.lib}/lib/* /usr/lib/
ln -sf ${pkgs.zfs}/bin/zfs /usr/sbin/
'';
}

View file

@ -1,85 +0,0 @@
{ config, lib, pkgs, ... }:
{
containers.codimd = {
privateNetwork = true;
hostAddress = "192.168.100.1";
localAddress = "192.168.100.3";
autoStart = true;
config = { config, lib, pkgs, ... }: {
networking.firewall.enable = false;
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
services.hedgedoc = {
enable = true;
configuration = {
allowAnonymous = true;
allowFreeURL = true;
allowGravatar = false;
allowOrigin = [ "localhost" "pad.hacc.space" "fff-muc.de" ];
dbURL = "postgres://codimd:codimd@localhost:5432/codimd";
defaultPermission = "limited";
domain = "pad.hacc.space";
host = "0.0.0.0";
protocolUseSSL = true;
hsts.preload = false;
email = false;
oauth2 = {
authorizationURL = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/auth";
tokenURL = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/token";
clientID = "codimd";
clientSecret = "1a730af1-4d6e-4c1d-8f7e-72375c9b8d62";
};
};
};
systemd.services.hedgedoc.environment = {
"CMD_OAUTH2_USER_PROFILE_URL" = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/userinfo";
"CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR" = "name";
"CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR" = "display-name";
"CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR" = "email";
"CMD_OAUTH2_PROVIDERNAME" = "Infra4Future";
};
services.postgresql = {
enable = true;
ensureDatabases = [ "codimd" ];
ensureUsers = [{
name = "codimd";
ensurePermissions = {
"DATABASE codimd" = "ALL PRIVILEGES";
};
}];
};
services.postgresqlBackup = {
enable = true;
databases = [ "codimd" ];
startAt = "*-*-* 23:45:00";
};
};
};
services.nginx.virtualHosts."pad.hacc.space" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://192.168.100.3:3000";
extraConfig = ''
proxy_pass_request_headers on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
add_header Access-Control-Allow-Origin "*";
proxy_buffering off;
'';
};
};
}

View file

@ -1,32 +0,0 @@
{ config, lib, pkgs, ... }:
{
virtualisation.oci-containers.containers."ghost-waszumfff" = {
autoStart = true;
environment = {
url = "https://waszumfff.4future.dev";
};
image = "ghost:alpine";
ports = [ "127.0.0.1:2368:2368" ];
volumes = [ "/run/florinori:/var/lib/ghost/content" ];
};
fileSystems."/run/florinori" =
{ device = "dpool/k8s/florinori";
fsType = "zfs";
};
services.nginx.virtualHosts."waszumfff.4future.dev" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:2368";
extraConfig = "
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
";
};
};
}

View file

@ -1,62 +0,0 @@
{config, pkgs, lib, ...}:
{
services.gitlab-runner = {
enable = true;
concurrent = 4;
services = {
infra4future = {
buildsDir = "/var/lib/gitlab-runner/builds";
dockerImage = "nixos/nix";
executor = "docker";
registrationConfigFile = "/etc/gitlab-runner/gitlab-runner.env";
};
nix = {
registrationConfigFile = "/etc/gitlab-runner/gitlab-runner.env";
dockerImage = "alpine";
dockerVolumes = [
"/nix/store:/nix/store:ro"
"/nix/var/nix/db:/nix/var/nix/db:ro"
"/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
];
dockerDisableCache = true;
preBuildScript = pkgs.writeScript "setup-container" ''
mkdir -p -m 0755 /nix/var/log/nix/drvs
mkdir -p -m 0755 /nix/var/nix/gcroots
mkdir -p -m 0755 /nix/var/nix/profiles
mkdir -p -m 0755 /nix/var/nix/temproots
mkdir -p -m 0755 /nix/var/nix/userpool
mkdir -p -m 1777 /nix/var/nix/gcroots/per-user
mkdir -p -m 1777 /nix/var/nix/profiles/per-user
mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
mkdir -p -m 0700 "$HOME/.nix-defexpr"
. ${pkgs.nix}/etc/profile.d/nix.sh
${pkgs.nix}/bin/nix-env -i ${lib.concatStringsSep " " (with pkgs; [ nix cacert git openssh ])}
${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixpkgs-unstable
${pkgs.nix}/bin/nix-channel --update nixpkgs
'';
environmentVariables = {
ENV = "/etc/profile";
USER = "root";
NIX_REMOTE = "daemon";
PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin";
NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
};
tagList = [ "nix" ];
};
};
};
systemd.services.gitlab-runner.serviceConfig = {
DynamicUser = lib.mkForce false;
User = "gitlab-runner";
};
users.users.gitlab-runner = {
home = "/var/lib/gitlab-runner";
extraGroups = [ "docker" ];
isSystemUser = true;
};
virtualisation.docker.storageDriver = "zfs";
}

View file

@ -1,81 +0,0 @@
{ pkgs, config, ...}:
{
containers.hasenloch = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.5";
localAddress = "192.168.100.7";
config = { pkgs, config2, ...}: {
services.engelsystem = {
enable = true;
domain = "himmel.hacc.earth";
config = {
url = "https://himmel.hacc.earth";
trusted_proxies = [ "${config.containers.hasenloch.hostAddress}/31" ];
rewrite_urls = true;
app_name = "Hasenloch";
footer_items = {
FAQ = "TODO";
Contact = "TODO";
};
signup_requires_arrival = true;
enable_dect = false;
theme = 10;
database = {
database = "engelsystem";
host = "localhost";
username = "engelsystem";
};
email = {
driver = "smtp";
encryption = "tls";
from = {
address = "noreply@infra4future.de";
name = "divoc Hasenloch";
};
host = "mail.hacc.space";
password = {
_secret = "/var/keys/engelsystem/mail";
};
port = 587;
username = "noreply@infra4future.de";
};
};
};
networking.firewall.allowedTCPPorts = [ 80 ];
networking.firewall.enable = false;
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
};
};
services.nginx.recommendedProxySettings = true;
services.nginx.virtualHosts."himmel.hacc.earth" = {
locations."/".proxyPass = "http://" + config.containers.hasenloch.localAddress;
forceSSL = true;
enableACME = true;
};
networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-hasenloch"];
networking.nat.externalInterface = "enp6s0";
}

View file

@ -1,168 +0,0 @@
{ config, pkgs, lib, ... }:
let
sources = import ../../../nix/sources.nix;
in {
imports = [
sources.nixos-mailserver.outPath
];
mailserver = {
mailDirectory = "/data/mail";
enable = true;
fqdn = "mail.hacc.space";
domains = [ "hacc.space" "hacc.earth" "4future.dev" "4futu.re" "infra4future.de" "discuss.infra4future.de" ];
loginAccounts = {
"hexchen@hacc.space" = {
hashedPassword = "$6$x9skYtRp4dgxC$1y8gPC2BuVqG3kJVSMGgzZv0Bg1T9qxcnBWLIDbANy1d//SQ23Y7s3IMYcEPd1/l/MYWD9Y/Qse6HbT5w5Xwq/";
aliases = [
"postmaster@hacc.space"
"abuse@hacc.space"
];
};
"octycs@hacc.space" = {
hashedPassword = "$6$KceTivtJ$58jxhYF6ULfivNsb3Z0J7PnGea0Hs2wTWh3c9FrKRIAmuOD96u2IDgZRCn6P5NrXA0BL.n6HC2RS3r.4JnOmg.";
aliases = [
"markus@hacc.space"
];
};
"raphael@hacc.space" = {
hashedPassword = "$6$QveHpwMcp9mkFVAU$EFuahOrJIxPg.c.WGFHtrP3.onwJYwvP7fiBHHGb9jhosewZ2tEUP.2D3uyDLhd9Cfny6Yp4jDk/Hkjk7/ME1/";
};
"engelsystem@hacc.space" = {
hashedPassword = "$6$5cIAEhJ7af7M$eJBPQc3ONd.N3HKPFpxfG7liZbUXPvWuSpWVgeG7rmsG7f7.Zdxtodvt5VaXoA3AEiv3GqcY.gKHISK/Gg0ib/";
};
"schweby@hacc.space" = {
hashedPassword = "$6$BpYhwcZNrkLhVqK$6FMqA/vUkdV4GBlHLSqS5DRCb/CaLDNeIsBcZ8G30heytS/tJj2Ag7b1ovSltTA4PUfhee3pJrz1BkwkA93vN1";
};
"zauberberg@hacc.space" = {
hashedPassword = "$6$ISAaU8X6D$oGKe9WXDWrRpGzHUTdxrxdtg9zuGOlBMuDc82IZhegpsv1bqd550FhZZrI40IjZTA5Hy2MZ8j/0efpnQ4fOQH0";
aliases = [
"lukas@hacc.space"
];
};
"talx@hacc.space" = {
hashedPassword = "$6$0hIKRoMJS./JSE$tXizRgphhNM3ZYx216VdRv1OiyZoYXsjGqSudTDu8vB8eZb03Axi31VKV87RXiEGGixdvTsHEKpx032aOzzt31";
};
"unms@hacc.space" = {
hashedPassword = "$6$pYlNP37913$sGE3L722ceP.1Qm5lsffYUN919hPP1xRTrzco3ic3Op21iiknBkOY04eY2l3Um/Bpk/yV89aJD0eaB/5RCbWR1";
};
"noreply@hacc.space" = {
hashedPassword = "$6$YsqMoItITZUzI5wo$5Lejf8XBHRx4LW4VuZ9wJCiBbT4kOV/EZaCdWQ07eVIrkRTZwXWZ5zfsh.olXEFwvpNWN.DBnU.dQc.cC0/ra/";
};
"stuebinm@hacc.space" = {
hashedPassword = "$6$mjrMQG5smqLRlm$WzmbiZnGlEXGT7hj/n2qz0nvVzGyZfMToCyLRi0wErfVEHI7y7jtWoHqIWnpcHAM29UocsIFFsUCb3XqQCwwB.";
};
"newsletter@hacc.space" = {
hashedPassword = "$6$f0xKnQxBInd$zbVIi1lTKWauqW.c8sMNLHNwzn81oQrVOiIfJwPa98n9xWz/NkjuWLYuFpK.MSZwNwP7Yv/a/qaOb9v8qv/.N1";
};
"lenny@hacc.space" = {
hashedPassword = "$6$dR.lhYiJDpsR4.dw$n7bCbyTm97v/O8Ue44n58YwOmmct..Gt5TeAmen8C5FWyPTwTh65XCjwc27gNFVGnZLwsRJwMJ.E9D0oJEzUh0";
};
# service accounts
"gitlab@infra4future.de".hashedPassword = "$6$8vvkYuxv$9xV5WktsqfgM3cWSxonjtaohm7oqvDC5qsgJCJBATwesjTRxd/QTLa7t7teK8Nzyl.Py26xz.NvYowCZQ4aBE1";
"noreply@infra4future.de".hashedPassword = "$6$uaD8bRcT1$gFqhFyu5RUsyUUOG5b.kN.JAJ1rVHvaYhpeRHoMvrERAMgBu1FHu2oDnjTsy.5NKoLc5xpI5uv4Gpy4YbmDmV.";
"discuss@infra4future.de".hashedPassword = "$6$8x8/OlMFjq1$S54jdBh7WjrdC6UtbYAHHzMJak7Ai/CjwmWBBbqh7yRHuZt.mfZrsfBNiL3JKBHE7seQ7JYRU99lJKCU6Aujg/";
};
extraVirtualAliases = {
# address = forward address;
"info@hacc.space" = [
"hexchen@hacc.space"
"octycs@hacc.space"
"raphael@hacc.space"
"schweby@hacc.space"
"zauberberg@hacc.space"
"stuebinm@hacc.space"
"lenny@hacc.space"
];
"himmel@hacc.space" = [
"hexchen@hacc.space"
"schweby@hacc.space"
"zauberberg@hacc.space"
];
"admin@hacc.space" = [
"hexchen@hacc.space"
"schweby@hacc.space"
"zauberberg@hacc.space"
];
"voc@hacc.space" = [
"hexchen@hacc.space"
"schweby@hacc.space"
"octycs@hacc.space"
"stuebinm@hacc.space"
"zauberberg@hacc.space"
"lenny@hacc.space"
];
"vorstand@hacc.space" = [
"raphael@hacc.space"
"schweby@hacc.space"
"zauberberg@hacc.space"
];
"mitglieder@hacc.space" = [
"raphael@hacc.space"
"schweby@hacc.space"
"zauberberg@hacc.space"
"lenny@hacc.space"
"octycs@hacc.space"
];
};
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
# down nginx and opens port 80.
certificateScheme = 3;
# Enable IMAP and POP3
enableImap = true;
enablePop3 = true;
enableImapSsl = true;
enablePop3Ssl = true;
# Enable the ManageSieve protocol
enableManageSieve = true;
# whether to scan inbound emails for viruses (note that this requires at least
# 1 Gb RAM for the server. Without virus scanning 256 MB RAM should be plenty)
virusScanning = false;
};
services.postfix.submissionOptions.smtpd_sender_restrictions = "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
services.postfix.submissionsOptions.smtpd_sender_restrictions = "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
services.postfix.virtual = ''
@4future.dev @hacc.space
@4futu.re @hacc.space
@hacc.earth @hacc.space
@discuss.infra4future.de discuss@infra4future.de
admin@infra4future.de admin@hacc.space
noreply@infra4future.de admin@hacc.space
lukas@infra4future.de zauberberg@hacc.space
info@infra4future.de admin@hacc.space
postmaster@infra4future.de admin@hacc.space
voc@infra4future.de admin@hacc.space
haccvoc@infra4future.de admin@hacc.space
contact@hacc.space info@hacc.space
'';
systemd.services.alps = {
enable = true;
script = "${pkgs.alps}/bin/alps -theme alps imaps://mail.hacc.space:993 smtps://mail.hacc.space:465";
serviceConfig.WorkingDirectory = "${pkgs.alps}/share/alps";
};
services.nginx.virtualHosts."mail.hacc.space" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://[::1]:1323";
};
}

View file

@ -1,42 +0,0 @@
{ config, lib, pkgs, ... }:
{
services.prometheus = {
enable = true;
webExternalUrl = "https://stats.hacc.space";
exporters = {
dovecot = {
enable = true;
scopes = [ "user" "global" ];
socketPath = "/var/run/dovecot2/old-stats";
};
nginx.enable = true;
node.enable = true;
postfix = {
enable = true;
systemd.enable = true;
};
rspamd.enable = true;
};
scrapeConfigs = (lib.mapAttrsToList (name: val:
{
job_name = "${name}-${config.networking.hostName}";
static_configs = [{
targets = [ "localhost:${toString val.port}" ];
labels.host = config.networking.hostName;
}];
}
) (lib.filterAttrs (_: val: val.enable) config.services.prometheus.exporters));
};
services.dovecot2.extraConfig = ''
mail_plugins = $mail_plugins old_stats
service old-stats {
unix_listener old-stats {
user = dovecot-exporter
group = dovecot-exporter
}
}
'';
services.nginx.statusPage = true;
}

View file

@ -1,32 +0,0 @@
{ config, lib, pkgs, ... }:
{
services.murmur = {
enable = true;
logDays = -1;
welcometext = "Welcome to mumble4future! Brought to you by infra4future. The server is now reachable under mumble.hacc.space, please update your bookmarks.";
sslKey = "/var/lib/acme/mumble.hacc.space/key.pem";
sslCert = "/var/lib/acme/mumble.hacc.space/fullchain.pem";
bandwidth = 128000;
};
networking.firewall.allowedTCPPorts = [ config.services.murmur.port ];
networking.firewall.allowedUDPPorts = [ config.services.murmur.port ];
services.nginx.virtualHosts = let
vhost = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "https://hacc.4future.dev/infra4future/mumble.infra4future.de/";
};
};
in {
"mumble.infra4future.de" = vhost;
"mumble.hacc.space" = vhost;
};
# set ACLs so that the murmur user can read the certificates
security.acme.certs."mumble.hacc.space".postRun = "setfacl -Rm u:murmur:rX /var/lib/acme/mumble.hacc.space";
}

View file

@ -1,61 +0,0 @@
{ config, lib, pkgs, ... }:
{
security.acme.acceptTerms = true;
security.acme.email = "info+acme@hacc.space";
services.nginx.enable = true;
services.nginx.package = pkgs.nginx.override {
modules = [ pkgs.nginxModules.rtmp ];
};
# services.nginx.recommendedProxySettings = true;
services.nginx.virtualHosts = let
rc3clustersite = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "https://stuebinm.4future.dev/about-future-website/";
};
in {
"hainich.chaoswit.ch" = {
enableACME = true;
forceSSL = true;
};
"hainich.hacc.space" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
return = "404";
};
};
};
"freedom.rc3.io" = rc3clustersite;
"future.rc3.io" = rc3clustersite;
};
networking.firewall.allowedTCPPorts = [ 1935 ];
services.nginx.appendConfig = ''
rtmp {
server {
listen 1935;
application cutiestream {
live on;
allow publish all;
allow play all;
}
application ingest {
live on;
record all;
record_path /data/ingest;
record_unique on;
include /var/secrets/ingest.conf;
}
}
}
'';
systemd.services.nginx.serviceConfig.ReadWriteDirectories = "/data/ingest /var/secrets";
}

View file

@ -1,53 +0,0 @@
{ config, lib, pkgs, ... }:
{
services.syncthing = {
enable = true;
relay.enable = false;
openDefaultPorts = true;
declarative = {
devices = {
# schweby
txsbcct = {
addresses = []; # empty = dynamic
id = "AQHOPTO-X3LWJXZ-2SPLSEW-MCVMX3R-VSLPPYE-NIOTDMW-QOYRSDZ-2LR7RAD";
};
octycs = {
addresses = []; # empty = dynamic
id = "KIJVGWZ-GRXPAUX-ZOTZDLS-KUKANCC-A2IBZRM-BT3RZK7-5M43O6R-OZD5IQE";
};
stuebinm-desktop = {
addresses = []; # empty = dynamic
id = "CWZTKG7-F45LE2O-TIT6IBC-RQD6MLH-K5ECUGJ-LOHJXF3-I2F4R6I-JVMRLAJ";
};
raphael-laptop = {
addresses = []; # empty = dynamic
id = "72B3T74-NOMJV3X-EVJXTJF-5GGAEZB-ZDKBHXQ-VQNRYEU-YCPA2JP-L6NGAAG";
};
# zauberberg
conway = {
addresses = []; # empty = dynamic
id = "HV7IU2N-Q4W3A7F-BSASR43-OB575SM-47FY2UW-7N5GMFM-PX3LWRN-HXBXMQF";
};
# hexchen
storah = {
addresses = [ "tcp://46.4.62.95:22000" "quic://46.4.62.95:22000" ];
id = "SGHQ2JA-7FJ6CKM-N3I54R4-UOJC5KO-7W22O62-YLTF26F-S7DLZG4-ZLP7HAM";
};
};
folders = {
"/var/lib/syncthing/hacc" = {
id = "qt2ly-xvvvs";
devices = [ "txsbcct" "octycs" "stuebinm-desktop" "conway" "raphael-laptop" "storah" ];
type = "receiveonly";
versioning = {
type = "simple";
params.keep = "10";
};
};
};
};
};
}

View file

@ -1,34 +0,0 @@
{ config, lib, pkgs, ... }:
{
systemd.services.wireguard-upstream = {
wants = [ "wg-upstream-key.service" ];
after = [ "wg-upstream-key.service" ];
};
networking.wireguard.interfaces.upstream = {
ips = [ "2a0d:eb04:8:ffff:2::2/128" ];
generatePrivateKeyFile = true;
privateKeyFile = "/etc/wireguard/upstream.key";
listenPort = 51820;
peers = [
{
allowedIPs = [ "::/0" ];
endpoint = "103.105.50.220:51823";
publicKey = "qL5xKnQ7xLbtTvu0VmLBwHExteJBhmCe5S/0ZoXBeXY=";
}
];
postSetup = ''
${pkgs.iproute}/bin/ip addr del dev upstream 2a0d:eb04:8:ffff:2::2/128
${pkgs.iproute}/bin/ip addr add dev upstream 2a0d:eb04:8:ffff:2::2/128 peer 2a0d:eb04:8:ffff:2::1/128
'';
};
networking.interfaces.lo.ipv6 = {
addresses = [{
address = "2a0d:eb04:8:10::1";
prefixLength = 128;
}];
};
networking.defaultGateway6 = {
address = "2a0d:eb04:8:ffff:2::1";
interface = "upstream";
};
}

View file

@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
{
imports =
@ -25,14 +25,15 @@
networking.hostName = "nixda"; # Define your hostname.
environment.systemPackages = with pkgs; [ blackmagicDesktopVideo blender ];
environment.systemPackages = with pkgs; [ blackmagicDesktopVideo blender companion ];
networking.wg-quick.interfaces.cornbox = {
privateKeyFile = "/etc/wireguard/cornbox.key";
address = [ "195.39.247.67/28" "2a0f:4ac0:1337::12/64" ];
postUp = "ip link set dev cornbox mtu 1400";
postUp = "/run/wrappers/bin/ping -c5 195.39.247.65";
peers = [
{
persistentKeepalive = 25;
allowedIPs = [ "2a0f:4ac0:1337::/48" "195.39.247.64/27" ];
publicKey = "8IWyiQL3wKP9CD/4UdS9b8mcbL67mkUyeSPORgEPvV0=";
endpoint = "cornbox.hetzner.chaoswit.ch:51821";
@ -40,6 +41,34 @@
];
};
services.xserver = {
enable = true;
videoDrivers = [ "nvidia" ];
};
hardware.nvidia.modesetting.enable = true;
boot.kernelPackages = pkgs.linuxPackages;
boot.blacklistedKernelModules = [ "snd_blackmagic_io" ];
users.users.stream = {
isNormalUser = true;
password = "hacchacc";
extraGroups = [ "audio" "video" ];
openssh.authorizedKeys.keys = with pkgs.lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else []) config.users.users);
};
services.pipewire.enable = true;
services.pipewire.pulse.enable = true;
hardware.pulseaudio.enable = lib.mkForce false;
services.udev.extraRules = ''
SUBSYSTEM=="input", GROUP="input", MODE="0666"
SUBSYSTEM=="usb", ATTRS{idVendor}=="0fd9", ATTRS{idProduct}=="006?", MODE:="666", GROUP="plugdev"
KERNEL=="hidraw", ATTRS{idVendor}=="0fd9", ATTRS{idProduct}=="006?", MODE:="666", GROUP="plugdev"
SUBSYSTEM=="usb", ATTRS{idVendor}=="ffff", ATTRS{idProduct}=="1f4?", MODE:="666", GROUP="plugdev"
KERNEL=="hidraw", ATTRS{idVendor}=="ffff", ATTRS{idProduct}=="1f4?", MODE:="666", GROUP="plugdev"
'';
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave

View file

@ -0,0 +1,96 @@
{ config, lib, pkgs, sources, modules, ... }:
{
imports = [
../../common
./hardware.nix
modules.encboot
modules.network.nftables modules.nftnat
((import sources.nix-hexchen) {}).profiles.nopersist
../../services/nextcloud
../../services/mattermost.nix
../../services/thelounge.nix
../../services/murmur.nix
../../services/hedgedoc-hacc.nix
../../services/hedgedoc-i4f.nix
../../services/mail.nix
../../services/syncthing.nix
../../services/gitea.nix
../../services/nginx-pages.nix
../../services/lantifa.nix
../../services/vaultwarden.nix
../../services/uffd.nix
# ../../services/workadventure.nix
./lxc.nix
];
hexchen.encboot = {
enable = true;
dataset = "-a";
networkDrivers = [ "igb" ];
};
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.devices = [ "/dev/nvme0n1" "/dev/nvme1n1" ];
boot.supportedFilesystems = [ "zfs" ];
networking.hostId = "b2867696";
networking.useDHCP = true;
networking.nftables.enable = true;
hexchen.nftables.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "enp35s0";
networking.interfaces.enp35s0.ipv6.addresses = [{
address = "2a01:4f9:3a:2ddb::1";
prefixLength = 64;
}];
networking.defaultGateway6 = {
address = "fe80::1";
interface = "enp35s0";
};
boot = {
kernelModules = [ "nf_nat_ftp" ];
kernel.sysctl = {
"net.ipv4.conf.all.forwarding" = lib.mkOverride 90 true;
"net.ipv4.conf.default.forwarding" = lib.mkOverride 90 true;
};
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
"parsons.hacc.space" = {
default = true;
locations."/".return = "404";
};
"hacc.space" = {
enableACME = true;
forceSSL = true;
locations."/".return = "302 https://hacc.earth";
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.restic.backups.tardis = {
passwordFile = "/persist/restic/system";
environmentFile = "/persist/restic/system.s3creds";
paths = [
"/home"
"/persist"
];
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 5"
"--keep-monthly 3"
];
repository = "b2:tardis-parsons:system";
};
system.stateVersion = "21.05";
}

View file

@ -0,0 +1,65 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "zroot/local/root";
fsType = "zfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/daf2a731-952f-45c7-9c25-49e1a2f56062";
fsType = "ext4";
};
fileSystems."/nix" =
{ device = "zroot/local/nix";
fsType = "zfs";
};
fileSystems."/persist" =
{ device = "zroot/safe/persist";
fsType = "zfs";
};
fileSystems."/home" =
{ device = "zroot/safe/home";
fsType = "zfs";
};
fileSystems."/root" =
{ device = "zroot/safe/root";
fsType = "zfs";
};
fileSystems."/var/cache/restic-backups-tardis" =
{ device = "zroot/safe/restic-cache";
fsType = "zfs";
};
fileSystems."/tmp" =
{ device = "zroot/local/tmp";
fsType = "zfs";
};
fileSystems."/persist/data" =
{ device = "dpool/safe/data";
fsType = "zfs";
};
fileSystems."/var/lib/docker" =
{ device = "zroot/local/docker";
fsType = "zfs";
};
swapDevices = [ ];
}

36
hosts/parsons/lxc.nix Normal file
View file

@ -0,0 +1,36 @@
{ config, lib, pkgs, ... }:
{
networking.bridges.lxcbr0.interfaces = [];
networking.interfaces.lxcbr0.ipv4.addresses = [
{
address = "10.1.2.1";
prefixLength = 24;
}
];
networking.nat.internalInterfaces = [ "lxcbr0" ];
virtualisation.lxc.enable = true;
virtualisation.lxc.systemConfig = ''
lxc.bdev.zfs.root = zroot/safe/containers/lxc
lxc.lxcpath = /persist/lxc
'';
users.users.root.subUidRanges = [{ count = 65536; startUid = 100000; }];
users.users.root.subGidRanges = [{ count = 65536; startGid = 100000; }];
environment.etc."lxc/share".source = "${pkgs.lxc}/share/lxc";
services.nginx.virtualHosts."onlyoffice.infra4future.de" = {
locations."/".proxyPass = "http://10.1.2.233:80";
enableACME = true;
forceSSL = true;
};
services.nginx.virtualHosts."auth.infra4future.de" = {
locations."/".proxyPass = "http://10.1.2.104:8080";
enableACME = true;
forceSSL = true;
};
}

View file

@ -5,5 +5,12 @@ in {
imports = [
./nftnat
./decklink.nix
./websites.nix
];
# disabled since vaultwarden defines a dummy bitwarden_rs option that
# shows a deprication warning, which conflicts with this module
disabledModules = [
"services/security/bitwarden_rs/default.nix"
];
}

251
modules/mattermost.nix Normal file
View file

@ -0,0 +1,251 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.mattermost-patched;
database = "postgres://${cfg.localDatabaseUser}:${cfg.localDatabasePassword}@localhost:5432/${cfg.localDatabaseName}?sslmode=disable&connect_timeout=10";
mattermostConf = foldl recursiveUpdate {}
[ { ServiceSettings.SiteURL = cfg.siteUrl;
ServiceSettings.ListenAddress = cfg.listenAddress;
TeamSettings.SiteName = cfg.siteName;
}
cfg.extraConfig
];
mattermostConfJSON = pkgs.writeText "mattermost-config-raw.json" (builtins.toJSON mattermostConf);
in
{
options = {
services.mattermost-patched = {
enable = mkEnableOption "Mattermost chat server";
statePath = mkOption {
type = types.str;
default = "/var/lib/mattermost";
description = "Mattermost working directory";
};
siteUrl = mkOption {
type = types.str;
example = "https://chat.example.com";
description = ''
URL this Mattermost instance is reachable under, without trailing slash.
'';
};
siteName = mkOption {
type = types.str;
default = "Mattermost";
description = "Name of this Mattermost site.";
};
listenAddress = mkOption {
type = types.str;
default = ":8065";
example = "[::1]:8065";
description = ''
Address and port this Mattermost instance listens to.
'';
};
mutableConfig = mkOption {
type = types.bool;
default = false;
description = ''
Whether the Mattermost config.json is writeable by Mattermost.
Most of the settings can be edited in the system console of
Mattermost if this option is enabled. A template config using
the options specified in services.mattermost will be generated
but won't be overwritten on changes or rebuilds.
If this option is disabled, changes in the system console won't
be possible (default). If an config.json is present, it will be
overwritten!
'';
};
extraConfig = mkOption {
type = types.attrs;
default = { };
description = ''
Addtional configuration options as Nix attribute set in config.json schema.
'';
};
secretConfig = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Path to a json file containing secret config values, which should
not be written into the Nix store. If it is not null (the default)
and mutableConfig is set to false, then the mattermost service will
join the file at this path into its config.
Note that this file cannot be used to overwrite values already
specified by the other options of this module.
'';
};
localDatabaseCreate = mkOption {
type = types.bool;
default = true;
description = ''
Create a local PostgreSQL database for Mattermost automatically.
'';
};
localDatabaseName = mkOption {
type = types.str;
default = "mattermost";
description = ''
Local Mattermost database name.
'';
};
localDatabaseUser = mkOption {
type = types.str;
default = "mattermost";
description = ''
Local Mattermost database username.
'';
};
localDatabasePassword = mkOption {
type = types.str;
default = "mmpgsecret";
description = ''
Password for local Mattermost database user.
'';
};
user = mkOption {
type = types.str;
default = "mattermost";
description = ''
User which runs the Mattermost service.
'';
};
group = mkOption {
type = types.str;
default = "mattermost";
description = ''
Group which runs the Mattermost service.
'';
};
matterircd = {
enable = mkEnableOption "Mattermost IRC bridge";
parameters = mkOption {
type = types.listOf types.str;
default = [ ];
example = [ "-mmserver chat.example.com" "-bind [::]:6667" ];
description = ''
Set commandline parameters to pass to matterircd. See
https://github.com/42wim/matterircd#usage for more information.
'';
};
};
};
};
config = mkMerge [
(mkIf cfg.enable {
users.users = optionalAttrs (cfg.user == "mattermost") {
mattermost = {
group = cfg.group;
uid = config.ids.uids.mattermost;
home = cfg.statePath;
};
};
users.groups = optionalAttrs (cfg.group == "mattermost") {
mattermost.gid = config.ids.gids.mattermost;
};
services.postgresql.enable = cfg.localDatabaseCreate;
# The systemd service will fail to execute the preStart hook
# if the WorkingDirectory does not exist
system.activationScripts.mattermost = ''
mkdir -p ${cfg.statePath}
'';
systemd.services.mattermost = {
description = "Mattermost chat service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "postgresql.service" ];
preStart = ''
mkdir -p ${cfg.statePath}/{data,config,logs}
ln -sf ${pkgs.mattermost}/{bin,fonts,i18n,templates,client} ${cfg.statePath}
'' + lib.optionalString (!cfg.mutableConfig) ''
rm -f ${cfg.statePath}/config/config.json
'' + (if cfg.secretConfig == null
then ''
cp ${mattermostConfJSON} ${cfg.statePath}/config/config.json
''
else ''
${pkgs.jq}/bin/jq -s ".[1] * .[0]" ${cfg.secretConfig} ${mattermostConfJSON} > ${cfg.statePath}/config/config.json
'')
+ ''
${pkgs.mattermost}/bin/mattermost config migrate ${cfg.statePath}/config/config.json ${database}
'' + lib.optionalString cfg.mutableConfig ''
if ! test -e "${cfg.statePath}/config/.initial-created"; then
rm -f ${cfg.statePath}/config/config.json
cp ${mattermostConfJSON} ${cfg.statePath}/config/config.json
touch ${cfg.statePath}/config/.initial-created
fi
'' + lib.optionalString cfg.localDatabaseCreate ''
if ! test -e "${cfg.statePath}/.db-created"; then
${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser} \
${config.services.postgresql.package}/bin/psql postgres -c \
"CREATE ROLE ${cfg.localDatabaseUser} WITH LOGIN NOCREATEDB NOCREATEROLE ENCRYPTED PASSWORD '${cfg.localDatabasePassword}'"
${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser} \
${config.services.postgresql.package}/bin/createdb \
--owner ${cfg.localDatabaseUser} ${cfg.localDatabaseName}
touch ${cfg.statePath}/.db-created
fi
'' + ''
chown ${cfg.user}:${cfg.group} -R ${cfg.statePath}
chmod u+rw,g+r,o-rwx -R ${cfg.statePath}
'';
serviceConfig = {
PermissionsStartOnly = true;
User = cfg.user;
Group = cfg.group;
ExecStart = "${pkgs.mattermost}/bin/mattermost" +
(if cfg.mutableConfig then " -c ${database}" else " -c ${cfg.statePath}/config/config.json");
WorkingDirectory = "${cfg.statePath}";
Restart = "always";
RestartSec = "10";
LimitNOFILE = "49152";
};
unitConfig.JoinsNamespaceOf = mkIf cfg.localDatabaseCreate "postgresql.service";
};
})
(mkIf cfg.matterircd.enable {
systemd.services.matterircd = {
description = "Mattermost IRC bridge service";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "nobody";
Group = "nogroup";
ExecStart = "${pkgs.matterircd}/bin/matterircd ${concatStringsSep " " cfg.matterircd.parameters}";
WorkingDirectory = "/tmp";
PrivateTmp = true;
Restart = "always";
RestartSec = "5";
};
};
})
];
}

755
modules/nextcloud.nix Normal file
View file

@ -0,0 +1,755 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.nextcloud-patched;
fpm = config.services.phpfpm.pools.nextcloud;
phpPackage =
let
base = pkgs.php74;
in
base.buildEnv {
extensions = { enabled, all }: with all;
enabled ++ [
apcu redis memcached imagick
];
extraConfig = phpOptionsStr;
};
toKeyValue = generators.toKeyValue {
mkKeyValue = generators.mkKeyValueDefault {} " = ";
};
phpOptions = {
upload_max_filesize = cfg.maxUploadSize;
post_max_size = cfg.maxUploadSize;
memory_limit = cfg.maxUploadSize;
} // cfg.phpOptions
// optionalAttrs cfg.caching.apcu {
"apc.enable_cli" = "1";
};
phpOptionsStr = toKeyValue phpOptions;
occ = pkgs.writeScriptBin "nextcloud-occ" ''
#! ${pkgs.runtimeShell}
cd ${cfg.package}
sudo=exec
if [[ "$USER" != nextcloud ]]; then
sudo='exec /run/wrappers/bin/sudo -u nextcloud --preserve-env=NEXTCLOUD_CONFIG_DIR --preserve-env=OC_PASS'
fi
export NEXTCLOUD_CONFIG_DIR="${cfg.home}/config"
$sudo \
${phpPackage}/bin/php \
occ $*
'';
inherit (config.system) stateVersion;
in {
imports = [
(mkRemovedOptionModule [ "services" "nextcloud-patched" "nginx" "enable" ] ''
The nextcloud module supports `nginx` as reverse-proxy by default and doesn't
support other reverse-proxies officially.
However it's possible to use an alternative reverse-proxy by
* disabling nginx
* setting `listen.owner` & `listen.group` in the phpfpm-pool to a different value
Further details about this can be found in the `Nextcloud`-section of the NixOS-manual
(which can be openend e.g. by running `nixos-help`).
'')
];
options.services.nextcloud-patched = {
enable = mkEnableOption "nextcloud";
hostName = mkOption {
type = types.str;
description = "FQDN for the nextcloud instance.";
};
home = mkOption {
type = types.str;
default = "/var/lib/nextcloud";
description = "Storage path of nextcloud.";
};
logLevel = mkOption {
type = types.ints.between 0 4;
default = 2;
description = "Log level value between 0 (DEBUG) and 4 (FATAL).";
};
https = mkOption {
type = types.bool;
default = false;
description = "Use https for generated links.";
};
package = mkOption {
type = types.package;
description = "Which package to use for the Nextcloud instance.";
relatedPackages = [ "nextcloud18" "nextcloud19" "nextcloud20" "nextcloud21" ];
};
maxUploadSize = mkOption {
default = "512M";
type = types.str;
description = ''
Defines the upload limit for files. This changes the relevant options
in php.ini and nginx if enabled.
'';
};
skeletonDirectory = mkOption {
default = "";
type = types.str;
description = ''
The directory where the skeleton files are located. These files will be
copied to the data directory of new users. Leave empty to not copy any
skeleton files.
'';
};
webfinger = mkOption {
type = types.bool;
default = false;
description = ''
Enable this option if you plan on using the webfinger plugin.
The appropriate nginx rewrite rules will be added to your configuration.
'';
};
phpOptions = mkOption {
type = types.attrsOf types.str;
default = {
short_open_tag = "Off";
expose_php = "Off";
error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT";
display_errors = "stderr";
"opcache.enable_cli" = "1";
"opcache.interned_strings_buffer" = "8";
"opcache.max_accelerated_files" = "10000";
"opcache.memory_consumption" = "128";
"opcache.revalidate_freq" = "1";
"opcache.fast_shutdown" = "1";
"openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt";
catch_workers_output = "yes";
};
description = ''
Options for PHP's php.ini file for nextcloud.
'';
};
poolSettings = mkOption {
type = with types; attrsOf (oneOf [ str int bool ]);
default = {
"pm" = "dynamic";
"pm.max_children" = "32";
"pm.start_servers" = "2";
"pm.min_spare_servers" = "2";
"pm.max_spare_servers" = "4";
"pm.max_requests" = "500";
};
description = ''
Options for nextcloud's PHP pool. See the documentation on <literal>php-fpm.conf</literal> for details on configuration directives.
'';
};
poolConfig = mkOption {
type = types.nullOr types.lines;
default = null;
description = ''
Options for nextcloud's PHP pool. See the documentation on <literal>php-fpm.conf</literal> for details on configuration directives.
'';
};
config = {
dbtype = mkOption {
type = types.enum [ "sqlite" "pgsql" "mysql" ];
default = "sqlite";
description = "Database type.";
};
dbname = mkOption {
type = types.nullOr types.str;
default = "nextcloud";
description = "Database name.";
};
dbuser = mkOption {
type = types.nullOr types.str;
default = "nextcloud";
description = "Database user.";
};
dbpass = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Database password. Use <literal>dbpassFile</literal> to avoid this
being world-readable in the <literal>/nix/store</literal>.
'';
};
dbpassFile = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
The full path to a file that contains the database password.
'';
};
dbhost = mkOption {
type = types.nullOr types.str;
default = "localhost";
description = ''
Database host.
Note: for using Unix authentication with PostgreSQL, this should be
set to <literal>/run/postgresql</literal>.
'';
};
dbport = mkOption {
type = with types; nullOr (either int str);
default = null;
description = "Database port.";
};
dbtableprefix = mkOption {
type = types.nullOr types.str;
default = null;
description = "Table prefix in Nextcloud database.";
};
adminuser = mkOption {
type = types.str;
default = "root";
description = "Admin username.";
};
adminpass = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Admin password. Use <literal>adminpassFile</literal> to avoid this
being world-readable in the <literal>/nix/store</literal>.
'';
};
adminpassFile = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
The full path to a file that contains the admin's password. Must be
readable by user <literal>nextcloud</literal>.
'';
};
extraTrustedDomains = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Trusted domains, from which the nextcloud installation will be
acessible. You don't need to add
<literal>services.nextcloud.hostname</literal> here.
'';
};
trustedProxies = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Trusted proxies, to provide if the nextcloud installation is being
proxied to secure against e.g. spoofing.
'';
};
overwriteProtocol = mkOption {
type = types.nullOr (types.enum [ "http" "https" ]);
default = null;
example = "https";
description = ''
Force Nextcloud to always use HTTPS i.e. for link generation. Nextcloud
uses the currently used protocol by default, but when behind a reverse-proxy,
it may use <literal>http</literal> for everything although Nextcloud
may be served via HTTPS.
'';
};
defaultPhoneRegion = mkOption {
default = null;
type = types.nullOr types.str;
example = "DE";
description = ''
<warning>
<para>This option exists since Nextcloud 21! If older versions are used,
this will throw an eval-error!</para>
</warning>
<link xlink:href="https://www.iso.org/iso-3166-country-codes.html">ISO 3611-1</link>
country codes for automatic phone-number detection without a country code.
With e.g. <literal>DE</literal> set, the <literal>+49</literal> can be omitted for
phone-numbers.
'';
};
defaultapp = mkOption {
default = null;
type = types.nullOr types.str;
example = "files";
description = ''
This options sets the app that opens as default.
'';
};
};
caching = {
apcu = mkOption {
type = types.bool;
default = true;
description = ''
Whether to load the APCu module into PHP.
'';
};
redis = mkOption {
type = types.bool;
default = false;
description = ''
Whether to load the Redis module into PHP.
You still need to enable Redis in your config.php.
See https://docs.nextcloud.com/server/14/admin_manual/configuration_server/caching_configuration.html
'';
};
memcached = mkOption {
type = types.bool;
default = false;
description = ''
Whether to load the Memcached module into PHP.
You still need to enable Memcached in your config.php.
See https://docs.nextcloud.com/server/14/admin_manual/configuration_server/caching_configuration.html
'';
};
};
autoUpdateApps = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Run regular auto update of all apps installed from the nextcloud app store.
'';
};
startAt = mkOption {
type = with types; either str (listOf str);
default = "05:00:00";
example = "Sun 14:00:00";
description = ''
When to run the update. See `systemd.services.&lt;name&gt;.startAt`.
'';
};
};
occ = mkOption {
type = types.package;
default = occ;
internal = true;
description = ''
The nextcloud-occ program preconfigured to target this Nextcloud instance.
'';
};
extraOptions = mkOption {
type = types.attrs;
default = "";
description = ''
Extra options which should be appended to nextcloud's config.php file
'';
};
secretFile = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Secret options which will be appended to nextcloud's config.php file (written in JSON, in the same
form as the `extraOptions` option).
'';
};
};
config = mkIf cfg.enable (mkMerge [
{ assertions = let acfg = cfg.config; in [
{ assertion = !(acfg.dbpass != null && acfg.dbpassFile != null);
message = "Please specify no more than one of dbpass or dbpassFile";
}
{ assertion = ((acfg.adminpass != null || acfg.adminpassFile != null)
&& !(acfg.adminpass != null && acfg.adminpassFile != null));
message = "Please specify exactly one of adminpass or adminpassFile";
}
{ assertion = versionOlder cfg.package.version "21" -> cfg.config.defaultPhoneRegion == null;
message = "The `defaultPhoneRegion'-setting is only supported for Nextcloud >=21!";
}
];
warnings = []
++ (optional (cfg.poolConfig != null) ''
Using config.services.nextcloud.poolConfig is deprecated and will become unsupported in a future release.
Please migrate your configuration to config.services.nextcloud.poolSettings.
'')
++ (optional (versionOlder cfg.package.version "18") ''
A legacy Nextcloud install (from before NixOS 20.03) may be installed.
You're currently deploying an older version of Nextcloud. This may be needed
since Nextcloud doesn't allow major version upgrades that skip multiple
versions (i.e. an upgrade from 16 is possible to 17, but not 16 to 18).
It is assumed that Nextcloud will be upgraded from version 16 to 17.
* If this is a fresh install, there will be no upgrade to do now.
* If this server already had Nextcloud installed, first deploy this to your
server, and wait until the upgrade to 17 is finished.
Then, set `services.nextcloud.package` to `pkgs.nextcloud18` to upgrade to
Nextcloud version 18. Please note that Nextcloud 19 is already out and it's
recommended to upgrade to nextcloud19 after that.
'')
++ (optional (versionOlder cfg.package.version "19") ''
A legacy Nextcloud install (from before NixOS 20.09) may be installed.
If/After nextcloud18 is installed successfully, you can safely upgrade to
nextcloud19. If not, please upgrade to nextcloud18 first since Nextcloud doesn't
support upgrades that skip multiple versions (i.e. an upgrade from 17 to 19 isn't
possible, but an upgrade from 18 to 19).
'')
++ (optional (versionOlder cfg.package.version "21") ''
The latest Nextcloud release is v21 which can be installed by setting
`services.nextcloud.package` to `pkgs.nextcloud21`. Please note that if you're
on `pkgs.nextcloud19`, you'll have to install `pkgs.nextcloud20` first.
'');
services.nextcloud-patched.package = with pkgs;
mkDefault (
if pkgs ? nextcloud
then throw ''
The `pkgs.nextcloud`-attribute has been removed. If it's supposed to be the default
nextcloud defined in an overlay, please set `services.nextcloud.package` to
`pkgs.nextcloud`.
''
else if versionOlder stateVersion "20.03" then nextcloud17
else if versionOlder stateVersion "20.09" then nextcloud18
else nextcloud19
);
}
{ systemd.timers.nextcloud-cron = {
wantedBy = [ "timers.target" ];
timerConfig.OnBootSec = "5m";
timerConfig.OnUnitActiveSec = "15m";
timerConfig.Unit = "nextcloud-cron.service";
};
systemd.services = {
# When upgrading the Nextcloud package, Nextcloud can report errors such as
# "The files of the app [all apps in /var/lib/nextcloud/apps] were not replaced correctly"
# Restarting phpfpm on Nextcloud package update fixes these issues (but this is a workaround).
phpfpm-nextcloud.restartTriggers = [ cfg.package ];
nextcloud-setup = let
c = cfg.config;
writePhpArrary = a: "[${concatMapStringsSep "," (val: ''"${toString val}"'') a}]";
overrideConfig = pkgs.writeText "nextcloud-config.php" ''
<?php
${optionalString (c.dbpassFile != null) ''
function nix_read_pwd() {
$file = "${c.dbpassFile}";
if (!file_exists($file)) {
throw new \RuntimeException(sprintf(
"Cannot start Nextcloud, dbpass file %s set by NixOS doesn't exist!",
$file
));
}
return trim(file_get_contents($file));
}
''}
${optionalString (cfg.secretFile != null) ''
function nix_read_secrets() {
$file = "${cfg.secretFile}";
if (!file_exists($file)) {
throw new \RuntimeException(sprintf(
"Cannot start Nextcloud, secrets file %s set by NixOS doesn't exist!",
$file
));
}
return json_decode(file_get_contents($file));
}
''}
$CONFIG = [
'apps_paths' => [
[ 'path' => '${cfg.home}/apps', 'url' => '/apps', 'writable' => false ],
[ 'path' => '${cfg.home}/store-apps', 'url' => '/store-apps', 'writable' => true ],
],
'datadirectory' => '${cfg.home}/data',
'skeletondirectory' => '${cfg.skeletonDirectory}',
${optionalString cfg.caching.apcu "'memcache.local' => '\\OC\\Memcache\\APCu',"}
'log_type' => 'syslog',
'log_level' => '${builtins.toString cfg.logLevel}',
${optionalString (c.defaultapp != null) "'defaultapp' => '${c.defaultapp}',"}
${optionalString (c.overwriteProtocol != null) "'overwriteprotocol' => '${c.overwriteProtocol}',"}
${optionalString (c.dbname != null) "'dbname' => '${c.dbname}',"}
${optionalString (c.dbhost != null) "'dbhost' => '${c.dbhost}',"}
${optionalString (c.dbport != null) "'dbport' => '${toString c.dbport}',"}
${optionalString (c.dbuser != null) "'dbuser' => '${c.dbuser}',"}
${optionalString (c.dbtableprefix != null) "'dbtableprefix' => '${toString c.dbtableprefix}',"}
${optionalString (c.dbpass != null) "'dbpassword' => '${c.dbpass}',"}
${optionalString (c.dbpassFile != null) "'dbpassword' => nix_read_pwd(),"}
'dbtype' => '${c.dbtype}',
'trusted_domains' => ${writePhpArrary ([ cfg.hostName ] ++ c.extraTrustedDomains)},
'trusted_proxies' => ${writePhpArrary (c.trustedProxies)},
${optionalString (c.defaultPhoneRegion != null) "'default_phone_region' => '${c.defaultPhoneRegion}',"}
];
$EXTRACONFIG = json_decode('${builtins.toJSON cfg.extraOptions}', true);
array_push($CONFIG, $EXTRACONFIG);
${optionalString (cfg.secretFile != null) "array_push($CONFIG, nix_read_secrets());"}
'';
occInstallCmd = let
dbpass = if c.dbpassFile != null
then ''"$(<"${toString c.dbpassFile}")"''
else if c.dbpass != null
then ''"${toString c.dbpass}"''
else ''""'';
adminpass = if c.adminpassFile != null
then ''"$(<"${toString c.adminpassFile}")"''
else ''"${toString c.adminpass}"'';
installFlags = concatStringsSep " \\\n "
(mapAttrsToList (k: v: "${k} ${toString v}") {
"--database" = ''"${c.dbtype}"'';
# The following attributes are optional depending on the type of
# database. Those that evaluate to null on the left hand side
# will be omitted.
${if c.dbname != null then "--database-name" else null} = ''"${c.dbname}"'';
${if c.dbhost != null then "--database-host" else null} = ''"${c.dbhost}"'';
${if c.dbport != null then "--database-port" else null} = ''"${toString c.dbport}"'';
${if c.dbuser != null then "--database-user" else null} = ''"${c.dbuser}"'';
"--database-pass" = dbpass;
${if c.dbtableprefix != null
then "--database-table-prefix" else null} = ''"${toString c.dbtableprefix}"'';
"--admin-user" = ''"${c.adminuser}"'';
"--admin-pass" = adminpass;
"--data-dir" = ''"${cfg.home}/data"'';
});
in ''
${occ}/bin/nextcloud-occ maintenance:install \
${installFlags}
'';
occSetTrustedDomainsCmd = concatStringsSep "\n" (imap0
(i: v: ''
${occ}/bin/nextcloud-occ config:system:set trusted_domains \
${toString i} --value="${toString v}"
'') ([ cfg.hostName ] ++ cfg.config.extraTrustedDomains));
in {
wantedBy = [ "multi-user.target" ];
before = [ "phpfpm-nextcloud.service" ];
path = [ occ ];
script = ''
chmod og+x ${cfg.home}
${optionalString (c.dbpassFile != null) ''
if [ ! -r "${c.dbpassFile}" ]; then
echo "dbpassFile ${c.dbpassFile} is not readable by nextcloud:nextcloud! Aborting..."
exit 1
fi
if [ -z "$(<${c.dbpassFile})" ]; then
echo "dbpassFile ${c.dbpassFile} is empty!"
exit 1
fi
''}
${optionalString (c.adminpassFile != null) ''
if [ ! -r "${c.adminpassFile}" ]; then
echo "adminpassFile ${c.adminpassFile} is not readable by nextcloud:nextcloud! Aborting..."
exit 1
fi
if [ -z "$(<${c.adminpassFile})" ]; then
echo "adminpassFile ${c.adminpassFile} is empty!"
exit 1
fi
''}
ln -sf ${cfg.package}/apps ${cfg.home}/
# create nextcloud directories.
# if the directories exist already with wrong permissions, we fix that
for dir in ${cfg.home}/config ${cfg.home}/data ${cfg.home}/store-apps; do
if [ ! -e $dir ]; then
install -o nextcloud -g nextcloud -d $dir
elif [ $(stat -c "%G" $dir) != "nextcloud" ]; then
chgrp -R nextcloud $dir
fi
done
ln -sf ${overrideConfig} ${cfg.home}/config/override.config.php
# Do not install if already installed
if [[ ! -e ${cfg.home}/config/config.php ]]; then
${occInstallCmd}
fi
${occ}/bin/nextcloud-occ upgrade
${occ}/bin/nextcloud-occ config:system:delete trusted_domains
${occSetTrustedDomainsCmd}
'';
serviceConfig.Type = "oneshot";
serviceConfig.User = "nextcloud";
};
nextcloud-cron = {
environment.NEXTCLOUD_CONFIG_DIR = "${cfg.home}/config";
serviceConfig.Type = "oneshot";
serviceConfig.User = "nextcloud";
serviceConfig.ExecStart = "${phpPackage}/bin/php -f ${cfg.package}/cron.php";
};
nextcloud-update-plugins = mkIf cfg.autoUpdateApps.enable {
serviceConfig.Type = "oneshot";
serviceConfig.ExecStart = "${occ}/bin/nextcloud-occ app:update --all";
serviceConfig.User = "nextcloud";
startAt = cfg.autoUpdateApps.startAt;
};
};
services.phpfpm = {
pools.nextcloud = {
user = "nextcloud";
group = "nextcloud";
phpOptions = phpOptionsStr;
phpPackage = phpPackage;
phpEnv = {
NEXTCLOUD_CONFIG_DIR = "${cfg.home}/config";
PATH = "/run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin";
};
settings = mapAttrs (name: mkDefault) {
"listen.owner" = config.services.nginx.user;
"listen.group" = config.services.nginx.group;
} // cfg.poolSettings;
extraConfig = cfg.poolConfig;
};
};
users.users.nextcloud = {
home = "${cfg.home}";
group = "nextcloud";
createHome = true;
isSystemUser = true;
};
users.groups.nextcloud.members = [ "nextcloud" config.services.nginx.user ];
environment.systemPackages = [ occ ];
services.nginx.enable = mkDefault true;
services.nginx.virtualHosts.${cfg.hostName} = let
major = toInt (versions.major cfg.package.version);
in {
root = cfg.package;
locations = {
"= /robots.txt" = {
priority = 100;
extraConfig = ''
allow all;
log_not_found off;
access_log off;
'';
};
"= /" = {
priority = 100;
extraConfig = ''
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
'';
};
"/" = {
priority = 900;
extraConfig = "rewrite ^ /index.php;";
};
"~ ^/store-apps" = {
priority = 201;
extraConfig = "root ${cfg.home};";
};
"^~ /.well-known" = {
priority = 210;
extraConfig = ''
absolute_redirect off;
location = /.well-known/carddav {
return 301 /remote.php/dav;
}
location = /.well-known/caldav {
return 301 /remote.php/dav;
}
location ~ ^/\.well-known/(?!acme-challenge|pki-validation) {
return 301 /index.php$request_uri;
}
try_files $uri $uri/ =404;
'';
};
"~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)".extraConfig = ''
return 404;
'';
"~ ^/(?:\\.(?!well-known)|autotest|occ|issue|indie|db_|console)".extraConfig = ''
return 404;
'';
"~ ^\\/(?:index|remote|public|cron|core\\/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|oc[ms]-provider\\/.+|.+\\/richdocumentscode\\/proxy)\\.php(?:$|\\/)" = {
priority = 500;
extraConfig = ''
include ${config.services.nginx.package}/conf/fastcgi.conf;
fastcgi_split_path_info ^(.+?\.php)(\\/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
fastcgi_param PATH_INFO $path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS ${if cfg.https then "on" else "off"};
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass unix:${fpm.socket};
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_read_timeout 120s;
'';
};
"~ \\.(?:css|js|woff2?|svg|gif|map)$".extraConfig = ''
try_files $uri /index.php$request_uri;
expires 6M;
access_log off;
'';
"~ ^\\/(?:updater|ocs-provider|ocm-provider)(?:$|\\/)".extraConfig = ''
try_files $uri/ =404;
index index.php;
'';
"~ \\.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$".extraConfig = ''
try_files $uri /index.php$request_uri;
access_log off;
'';
};
extraConfig = ''
index index.php index.html /index.php$request_uri;
expires 1m;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options sameorigin;
add_header Referrer-Policy no-referrer;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
client_max_body_size ${cfg.maxUploadSize};
fastcgi_buffers 64 4K;
fastcgi_hide_header X-Powered-By;
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
${optionalString cfg.webfinger ''
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
''}
'';
};
}
]);
}

View file

@ -36,14 +36,12 @@ in {
boot = {
kernelModules = [ "nf_nat_ftp" ];
kernel.sysctl = {
"net.ipv4.conf.all.forwarding" = mkOverride 98 true;
"net.ipv4.conf.default.forwarding" = mkOverride 98 true;
"net.ipv4.conf.all.forwarding" = mkOverride 90 true;
"net.ipv4.conf.default.forwarding" = mkOverride 90 true;
};
};
petabyte.nftables = {
enable = true;
networking.nftables = {
extraConfig = ''
table ip nat {
chain prerouting {

53
modules/websites.nix Normal file
View file

@ -0,0 +1,53 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.hacc.websites;
in
{
options.hacc.websites = {
enable = mkOption {
type = types.bool;
default = false;
};
directory = mkOption {
type = types.path;
description = "all subdirectories of the given path are expected to contain a (static) website";
};
ignore = mkOption {
type = types.listOf types.str;
default = [];
description = "subdirectories that shouldn't be published";
};
};
config = mkIf cfg.enable {
services.nginx = {
enable = true;
virtualHosts =
let
subdirs =
let dirAttrs = filterAttrs
(n: v: v == "directory" || lists.elem n cfg.ignore)
(builtins.readDir cfg.directory);
in mapAttrsToList (n: v: n) dirAttrs;
mkWebsite = subdir: {
name = subdir;
# the nginx virtualhost config (for all sites) goes in here
value = {
enableACME = true;
forceSSL = true;
# naive string interpolation is safe here since nix will always immediately
# resolve relative paths to absolute paths; it's not lazy about that.
locations."/".root =
(pkgs.callPackage "${cfg.directory}/${subdir}" {}).outPath;
};
};
in listToAttrs (map mkWebsite subdirs);
};
};
}

View file

@ -1,54 +1,84 @@
{
"haccmap": {
"branch": "master",
"repo": "https://gitlab.infra4future.de/hacc/haccspace-rc3-map",
"rev": "9490ebf656ef379e51cb518ec0038e15d6aeaac6",
"type": "git"
},
"home-manager": {
"branch": "release-20.09",
"branch": "release-21.11",
"description": "Manage a user environment using Nix [maintainer=@rycee] ",
"homepage": "https://nix-community.github.io/home-manager/",
"owner": "nix-community",
"repo": "home-manager",
"rev": "209566c752c4428c7692c134731971193f06b37c",
"sha256": "1canlfkm09ssbgm3hq0kb9d86bdh84jhidxv75g98zq5wgadk7jm",
"rev": "d93d56ab8c1c6aa575854a79b9d2f69d491db7d0",
"sha256": "1fi27zabvqlyc2ggg7wr01j813gs46rswg1i897h9hqkbgqsjkny",
"type": "tarball",
"url": "https://github.com/nix-community/home-manager/archive/209566c752c4428c7692c134731971193f06b37c.tar.gz",
"url": "https://github.com/nix-community/home-manager/archive/d93d56ab8c1c6aa575854a79b9d2f69d491db7d0.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"mattermost-server": {
"branch": "master",
"description": "Open source Slack-alternative in Golang and React - Mattermost",
"homepage": "https://mattermost.com",
"owner": "mattermost",
"repo": "mattermost-server",
"rev": "2ea14ef395fad8919b2f4137642a7f50b370ffba",
"sha256": "1k5zqnc4yqnad2cw1wpqk22mjra08jz9gf4v692kbrgx3x4d13kh",
"type": "tarball",
"url": "https://github.com/mattermost/mattermost-server/archive/refs/tags/v6.7.2.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/refs/tags/v<version>.tar.gz",
"version": "6.7.2"
},
"mattermost-webapp": {
"sha256": "0pwjfklk0q28yza2iny0im5pq3x430jskvq6rvfq7ycx251s98hx",
"type": "tarball",
"url": "https://releases.mattermost.com/6.7.2/mattermost-6.7.2-linux-amd64.tar.gz",
"url_template": "https://releases.mattermost.com/<version>/mattermost-<version>-linux-amd64.tar.gz",
"version": "6.7.2"
},
"niv": {
"branch": "master",
"description": "Easy dependency management for Nix projects",
"homepage": "https://github.com/nmattia/niv",
"owner": "nmattia",
"repo": "niv",
"rev": "af958e8057f345ee1aca714c1247ef3ba1c15f5e",
"sha256": "1qjavxabbrsh73yck5dcq8jggvh3r2jkbr6b5nlz5d9yrqm9255n",
"rev": "82e5cd1ad3c387863f0545d7591512e76ab0fc41",
"sha256": "090l219mzc0gi33i3psgph6s2pwsc8qy4lyrqjdj4qzkvmaj65a7",
"type": "tarball",
"url": "https://github.com/nmattia/niv/archive/af958e8057f345ee1aca714c1247ef3ba1c15f5e.tar.gz",
"url": "https://github.com/nmattia/niv/archive/82e5cd1ad3c387863f0545d7591512e76ab0fc41.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"nix-hexchen": {
"branch": "main",
"ref": "main",
"repo": "https://gitlab.com/hexchen/nixfiles.git",
"rev": "029493c1ad1e30007b25ac37bb09fdc75b4108e3",
"type": "git"
"repo": "https://gitlab.com/hexchen/nixfiles",
"rev": "ef358992030e9a6fa975a24bf4d9aa133bc72424",
"sha256": "01hcdrpfc8g1bbc96h7gi04zmyxi9vd7392ncadwfkx5xfd2fp17",
"type": "tarball",
"url": "https://gitlab.com/hexchen/nixfiles/-/archive/ef358992030e9a6fa975a24bf4d9aa133bc72424.tar.gz",
"url_template": "<repo>/-/archive/<rev>.tar.gz"
},
"nixos-mailserver": {
"ref": "nixos-20.09",
"branch": "nixos-21.11",
"ref": "nixos-21.11",
"repo": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver",
"rev": "fb1cc04c0a517d4200237b02c3472bcaf9104afb",
"sha256": "0vsvgxxg5cgmzwj98171j7h5l028f1yq784alb3lxgbk8znfk51y",
"rev": "6e3a7b2ea6f0d68b82027b988aa25d3423787303",
"sha256": "1i56llz037x416bw698v8j6arvv622qc0vsycd20lx3yx8n77n44",
"type": "tarball",
"url": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/fb1cc04c0a517d4200237b02c3472bcaf9104afb/nixos-mailserver-fb1cc04c0a517d4200237b02c3472bcaf9104afb.tar.gz",
"url": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/6e3a7b2ea6f0d68b82027b988aa25d3423787303.tar.gz",
"url_template": "<repo>/-/archive/<rev>.tar.gz"
},
"nixpkgs": {
"branch": "nixos-20.09",
"branch": "nixos-21.11",
"description": "Nix Packages collection",
"homepage": "",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "721312288f7001215a0d482579cd013dec397d16",
"sha256": "0gfibirsmggm3f4sjq73p091ynayk2r64afks99l0nslbapwnlf8",
"rev": "eabc38219184cc3e04a974fe31857d8e0eac098d",
"sha256": "04ffwp2gzq0hhz7siskw6qh9ys8ragp7285vi1zh8xjksxn1msc5",
"type": "tarball",
"url": "https://github.com/nixos/nixpkgs/archive/721312288f7001215a0d482579cd013dec397d16.tar.gz",
"url": "https://github.com/nixos/nixpkgs/archive/eabc38219184cc3e04a974fe31857d8e0eac098d.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"nixpkgs-unstable": {
@ -57,17 +87,16 @@
"homepage": "",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "c7d0dbe094c988209edac801eb2a0cc21aa498d8",
"sha256": "1rwjfjwwaic56n778fvrmv1s1vzw565gqywrpqv72zrrzmavhyrx",
"rev": "ae1dc133ea5f1538d035af41e5ddbc2ebcb67b90",
"sha256": "0dq22dagzk76x2ws4dz88w018i6byamd6rnzqizx68bzimg6g7xn",
"type": "tarball",
"url": "https://github.com/nixos/nixpkgs/archive/c7d0dbe094c988209edac801eb2a0cc21aa498d8.tar.gz",
"url": "https://github.com/nixos/nixpkgs/archive/ae1dc133ea5f1538d035af41e5ddbc2ebcb67b90.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"pbb-nixfiles": {
"branch": "main",
"ref": "main",
"repo": "https://git.petabyte.dev/petabyteboy/nixfiles.git",
"rev": "a624746cbd089477a155ba01ac3e9d6789e9c54e",
"workadventure": {
"branch": "master",
"repo": "https://stuebinm.eu/git/workadventure-nix",
"rev": "8db4bbc5eccaac218c68fb0853f1972dadd7a40c",
"type": "git"
}
}

View file

@ -31,8 +31,28 @@ let
if spec ? branch then "refs/heads/${spec.branch}" else
if spec ? tag then "refs/tags/${spec.tag}" else
abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!";
submodules = if spec ? submodules then spec.submodules else false;
submoduleArg =
let
nixSupportsSubmodules = builtins.compareVersions builtins.nixVersion "2.4" >= 0;
emptyArgWithWarning =
if submodules == true
then
builtins.trace
(
"The niv input \"${name}\" uses submodules "
+ "but your nix's (${builtins.nixVersion}) builtins.fetchGit "
+ "does not support them"
)
{}
else {};
in
builtins.fetchGit { url = spec.repo; inherit (spec) rev; inherit ref; };
if nixSupportsSubmodules
then { inherit submodules; }
else emptyArgWithWarning;
in
builtins.fetchGit
({ url = spec.repo; inherit (spec) rev; inherit ref; } // submoduleArg);
fetch_local = spec: spec.path;

View file

@ -4,21 +4,21 @@
stdenv.mkDerivation rec {
pname = "blackmagic-desktop-video";
version = "11.6";
version = "12.2.2";
buildInputs = [
libcxx libcxxabi
];
src = requireFile {
name = "Blackmagic_Desktop_Video_Linux_11.6.tar.gz";
url = "https://www.blackmagicdesign.com/support/download/d399ada95c2b49ffad3031bda413acb5/Linux";
sha256 = "0qwm1b3gy0k7j1bimkxwwr77g8hrsybs9jp90b46kzcy06mcp380";
name = "Blackmagic_Desktop_Video_Linux_12.2.2.tar.gz";
url = "https://www.blackmagicdesign.com/support/";
sha256 = "8bca946bd3f002d2d404a74210c881935351e1a0d03f750559b180fdb439ef35";
};
setSourceRoot = ''
tar xf Blackmagic_Desktop_Video_Linux_11.6/other/x86_64/desktopvideo-11.6a26-x86_64.tar.gz
sourceRoot=$NIX_BUILD_TOP/desktopvideo-11.6a26-x86_64
tar xf Blackmagic_Desktop_Video_Linux_12.2.2/other/x86_64/desktopvideo-12.2.2a6-x86_64.tar.gz
sourceRoot=$NIX_BUILD_TOP/desktopvideo-12.2.2a6-x86_64
'';
installPhase = ''
@ -39,7 +39,7 @@ stdenv.mkDerivation rec {
$out/bin/DesktopVideoHelper
'';
meta = with stdenv.lib; {
meta = with lib; {
homepage = "https://www.blackmagicdesign.com/support/family/capture-and-playback";
maintainers = [ maintainers.hexchen ];
license = licenses.unfree;

View file

@ -0,0 +1,92 @@
{ stdenv, mkYarnPackage, mkYarnModules, fetchFromGitHub, libsass, python, python3, pkg-config, libusb, fetchurl, nodejs, electron, writeText, makeWrapper, udev, nodePackages, libvips }:
let
version = "2.1.3";
source = fetchFromGitHub {
owner = "bitfocus";
repo = "companion";
# rev = "v${version}";
rev = "1cc51029a19d7263a09058f73922277ca53a1583";
sha256 = "0305wwdic3n20whzhh9zqcd3dwj7hc4fpycs645ncc3sk48azmj0";
};
nodeHeaders = fetchurl {
url = "https://nodejs.org/download/release/v${nodejs.version}/node-v${nodejs.version}-headers.tar.gz";
sha256 = "19b0dg8292cjx758wlrvpb3jf520bpyvjal2n7r4fyvk38x9flik";
};
webui = mkYarnPackage rec {
inherit version;
pname = "bitfocus-companion-webui";
src = "${source}/webui";
configurePhase = "
cp -r $node_modules node_modules
chmod -R u+w node_modules
";
buildPhase = "PUBLIC_URL=. yarn build";
installPhase = "mv build $out";
distPhase = "true";
yarnNix = ./yarn-webui.nix;
pkgConfig = {
node-sass = {
buildInputs = [ libsass python ];
postInstall = "node scripts/build.js --tarball=${nodeHeaders}";
};
};
};
yarnModulesNoWorkspace = args: (mkYarnModules args).overrideAttrs(old: {
buildPhase = builtins.replaceStrings [" ./package.json"] [" /dev/null; cp deps/*/package.json ."] old.buildPhase;
});
modules = yarnModulesNoWorkspace rec {
inherit version;
pname = "companion-modules";
name = "${pname}-${version}";
yarnNix = ./yarn.nix;
packageJSON = "${source}/package.json";
yarnLock = "${source}/yarn.lock";
pkgConfig = {
node-hid = {
buildInputs = [ udev libusb python3 pkg-config ];
postInstall = "${nodePackages.node-gyp}/bin/node-gyp rebuild --tarball=${nodeHeaders}";
};
sharp = {
buildInputs = [ libvips pkg-config ];
postInstall = ''
sed -i "s|<!(node -p \"require(\\\\'./lib/libvips\\\\').minimumLibvipsVersion\")|${libvips.version}|" binding.gyp
sed -i "s|<!(node -p \"require(\\\\'./lib/libvips\\\\').pkgConfigPath()\")||" binding.gyp
sed -i "s|<!(node -p \"Boolean(require(\\\\'./lib/libvips\\\\').useGlobalLibvips()).toString()\")|true|" binding.gyp
sed -i "s|PKG_CONFIG_PATH=\"<(pkg_config_path)\" ||" binding.gyp
${nodePackages.node-gyp}/bin/node-gyp rebuild --tarball=${nodeHeaders}
'';
};
};
};
in stdenv.mkDerivation rec {
inherit version webui modules;
pname = "bitfocus-companion";
src = source;
nativeBuildInputs = [ makeWrapper ];
configurePhase = "";
buildPhase = "";
installPhase = ''
mkdir -p $out/share
cp --no-preserve=mode -r $src "$out/share/companion"
echo "nixos-f00baa-0" > $out/share/companion/BUILD
ln -s '${webui}' "$out/share/companion/static"
cp -r '${modules}/node_modules' "$out/share/companion/node_modules"
sed -i "s|process.resourcesPath|\"$out/share/companion\"|" $out/share/companion/lib/server_http.js
sed -i "s|require('app-root-path')|\"$out/share/companion\"|" $out/share/companion/{app,lib/{schedule,help,instance}}.js
makeWrapper '${electron}/bin/electron' "$out/bin/companion" \
--add-flags "$out/share/companion"
'';
}

478
pkgs/companion/package.json Executable file
View file

@ -0,0 +1,478 @@
{
"name": "companion",
"version": "2.2.0",
"description": "Companion",
"main": "electron.js",
"build": {
"productName": "Companion",
"appId": "companion.bitfocus.no",
"remoteBuild": false,
"dmg": {
"artifactName": "companion-mac-${arch}.dmg",
"sign": true
},
"mac": {
"target": "dmg",
"category": "no.bitfocus.companion",
"extendInfo": {
"LSBackgroundOnly": 1,
"LSUIElement": 1
},
"extraFiles": [
{
"from": "./node_modules/sharp/vendor/8.10.6/lib",
"to": "Frameworks",
"filter": [
"!glib-2.0/**/*"
]
}
]
},
"win": {
"target": "nsis",
"extraFiles": [
{
"from": "./node_modules/sharp/build/Release",
"to": ".",
"filter": [
"lib*.dll"
]
}
]
},
"nsis": {
"artifactName": "companion-win64.exe",
"createStartMenuShortcut": true,
"perMachine": true,
"oneClick": false,
"allowElevation": true,
"allowToChangeInstallationDirectory": true,
"installerIcon": "icon.ico",
"installerSidebar": "compinst.bmp",
"uninstallerSidebar": "compinst.bmp"
},
"directories": {
"buildResources": "assets/",
"output": "electron-output/"
},
"linux": {
"target": "dir",
"extraFiles": [
{
"from": "./node_modules/sharp/vendor/8.10.6/lib",
"to": ".",
"filter": [
"libvips*.so.*"
]
}
]
},
"files": [
"**/*",
"assets/icon.png",
"assets/bitfocus-logo.png",
"assets/trayTemplate.png",
"assets/trayTemplate@2x.png",
"!webui/**/*",
"!font/*",
"!tools/*",
"!*.md",
"!node_modules/sharp/vendor/lib"
],
"extraResources": [
{
"from": "webui/build",
"to": "static"
}
]
},
"scripts": {
"prod": "./tools/build_writefile.sh && electron .",
"dev": "./tools/build_writefile.sh && cross-env DEVELOPER=1 electron .",
"update": "./tools/update.sh",
"pack": "electron-builder --dir",
"dist:webui": "yarn --cwd webui build",
"dist:prepare": "./tools/build_writefile.sh ; rm -rf electron-output && yarn dist:webui",
"dist": "yarn dist:prepare && yarn electron-rebuild && electron-builder",
"electron-rebuild": "yarn dist:prepare:sharp && electron-builder install-app-deps",
"testprod": "./node_modules/electron/cli.js .",
"macdist": "yarn dist:prepare && yarn dist:prepare:mac-x64 && electron-builder --publish=never --x64 --mac",
"macarmdist": "yarn dist:prepare && yarn dist:prepare:mac-arm64 && electron-builder --publish=never --arm64 --mac",
"windist": "yarn dist:prepare && yarn dist:prepare:win && electron-builder --publish=never --x64 --win",
"lindist": "yarn dist:prepare && yarn dist:prepare:linux && electron-builder --publish=never --x64 --linux",
"rpidist": "yarn dist:prepare && yarn dist:prepare:rpi && electron-builder --publish=never --armv7l --linux",
"dist:prepare:sharp": "cd node_modules/sharp && rimraf vendor && node install/libvips && node install/dll-copy",
"dist:prepare:win": "cross-env npm_config_platform=win32 npm_config_arch=x64 yarn dist:prepare:sharp",
"dist:prepare:mac-x64": "cross-env npm_config_platform=darwin npm_config_arch=x64 yarn dist:prepare:sharp",
"dist:prepare:mac-arm64": "cross-env npm_config_platform=darwin npm_config_arch=arm64 yarn dist:prepare:sharp",
"dist:prepare:linux": "cross-env npm_config_platform=linux npm_config_arch=x64 yarn dist:prepare:sharp",
"dist:prepare:rpi": "cross-env npm_config_platform=linux npm_config_arch=arm yarn dist:prepare:sharp",
"test": "mocha",
"postinstall": "./tools/build_writefile.sh",
"headless": "nodemon --ignore './webui/' headless.js",
"dev-headless": "./tools/build_writefile.sh && cross-env DEVELOPER=1 nodemon --ignore './webui/' headless.js",
"dev-webui": "yarn --cwd webui dev",
"format": "prettier --write ."
},
"repository": "https://github.com/bitfocus/companion",
"keywords": [
"bitfocus",
"companion"
],
"engines": {
"npm": "please-use-yarn",
"yarn": "^1.22",
"node": "^14.16"
},
"managed_node_version": "14",
"author": "Bitfocus AS",
"license": "MIT",
"devDependencies": {
"asar": "^3.0.3",
"aws-sdk": "^2.931.0",
"chai": "^4.3.4",
"chai-fs": "^2.0.0",
"cross-env": "^7.0.3",
"electron": "^13.1.2",
"electron-builder": "22.11.7",
"mocha": "^6.2.3",
"nodemon": "^2.0.7",
"p-all": "^3.0.0",
"prettier": "^2.3.1",
"rimraf": "^3.0.2",
"s3-upload-stream": "^1.0.7"
},
"dependencies": {
"@sentry/electron": "^2.5.0",
"app-root-path": "^3.0.0",
"binopsy": "^0.0.0",
"check-ip": "^1.1.1",
"companion-module-7thsensedesign-delta": "github:bitfocus/companion-module-7thsensedesign-delta#v1.0.1",
"companion-module-agf-characterworks": "github:bitfocus/companion-module-agf-characterworks#v1.0.3",
"companion-module-aja-helo": "github:bitfocus/companion-module-aja-helo#v1.0.2",
"companion-module-aja-kipro": "github:bitfocus/companion-module-aja-kipro#v2.0.11",
"companion-module-aja-kumo": "github:bitfocus/companion-module-aja-kumo#v1.0.5",
"companion-module-allenheath-dlive-ilive": "github:bitfocus/companion-module-allenheath-dlive-ilive#v1.3.7",
"companion-module-allenheath-qu": "github:bitfocus/companion-module-allenheath-qu#v1.0.7",
"companion-module-allenheath-sq": "github:bitfocus/companion-module-allenheath-sq#v1.3.8",
"companion-module-analogway-eks500": "github:bitfocus/companion-module-analogway-eks500#v1.0.1",
"companion-module-analogway-livecore": "github:bitfocus/companion-module-analogway-livecore#v1.1.1",
"companion-module-analogway-livepremier": "github:bitfocus/companion-module-analogway-livepremier#v1.0.2",
"companion-module-analogway-midra": "github:bitfocus/companion-module-analogway-midra#v1.0.2",
"companion-module-analogway-picturall": "github:bitfocus/companion-module-analogway-picturall#v1.2.1",
"companion-module-analogway-pls300": "github:bitfocus/companion-module-analogway-pls300#v1.0.3",
"companion-module-analogway-vertige": "github:bitfocus/companion-module-analogway-vertige#v1.0.0",
"companion-module-analogway-vio": "github:bitfocus/companion-module-analogway-vio#v1.0.1",
"companion-module-anomes-millumin": "github:bitfocus/companion-module-anomes-millumin#v1.0.6",
"companion-module-arkaos-mediamaster": "github:bitfocus/companion-module-arkaos-mediamaster#v1.0.1",
"companion-module-aten-matrix": "github:bitfocus/companion-module-aten-matrix#v1.0.0",
"companion-module-audiostrom-liveprofessor": "github:bitfocus/companion-module-audiostrom-liveprofessor#v1.0.0",
"companion-module-audivero-unityintercom-client": "github:bitfocus/companion-module-audivero-unityintercom-client#v1.0.2",
"companion-module-avishop-hdbaset-matrix": "github:bitfocus/companion-module-avishop-hdbaset-matrix#v1.0.1",
"companion-module-avolites-ai": "github:bitfocus/companion-module-avolites-ai#v1.0.1",
"companion-module-avolites-titan": "github:bitfocus/companion-module-avolites-titan#v1.1.0",
"companion-module-avproconnect-acmx1616-auhd": "github:bitfocus/companion-module-avproconnect-acmx1616-auhd#v1.0.0",
"companion-module-avstumpfl-pixera": "github:bitfocus/companion-module-avstumpfl-pixera#v1.0.2",
"companion-module-axis-ptz": "github:bitfocus/companion-module-axis-ptz#v1.0.1",
"companion-module-barco-dcs": "github:bitfocus/companion-module-barco-dcs#v1.0.4",
"companion-module-barco-dp": "github:bitfocus/companion-module-barco-dp#v1.1.2",
"companion-module-barco-encore": "github:bitfocus/companion-module-barco-encore#v1.0.1",
"companion-module-barco-eventmaster": "github:bitfocus/companion-module-barco-eventmaster#v1.3.6",
"companion-module-barco-eventmaster-xml": "github:bitfocus/companion-module-barco-eventmaster-xml#v1.2.4",
"companion-module-barco-hdx": "github:bitfocus/companion-module-barco-hdx#v1.1.5",
"companion-module-barco-imagepro": "github:bitfocus/companion-module-barco-imagepro#v1.0.1",
"companion-module-barco-matrixpro": "github:bitfocus/companion-module-barco-matrixpro#v1.1.0",
"companion-module-barco-pds": "github:bitfocus/companion-module-barco-pds#v1.1.5",
"companion-module-barco-pulse": "github:bitfocus/companion-module-barco-pulse#v1.1.2",
"companion-module-bbc-raven": "github:bitfocus/companion-module-bbc-raven#v1.0.1",
"companion-module-behringer-wing": "github:bitfocus/companion-module-behringer-wing#v1.0.5",
"companion-module-behringer-x32": "github:bitfocus/companion-module-behringer-x32#v2.7.0",
"companion-module-behringer-xair": "github:bitfocus/companion-module-behringer-xair#v1.6.7",
"companion-module-biamp-audia": "github:bitfocus/companion-module-biamp-audia#v1.0.1",
"companion-module-birddog-studio": "github:bitfocus/companion-module-birddog-studio#v1.0.0",
"companion-module-birddog-visca": "github:bitfocus/companion-module-birddog-visca#v1.0.4",
"companion-module-bitfocus-companion": "github:bitfocus/companion-module-bitfocus-companion#v1.5.3",
"companion-module-bitfocus-snapshot": "github:bitfocus/companion-module-bitfocus-snapshot#v0.0.4",
"companion-module-blackbox-boxilla": "github:bitfocus/companion-module-blackbox-boxilla#v1.0.2",
"companion-module-blackdiamondvideo-phantom800": "github:bitfocus/companion-module-blackdiamondvideo-phantom800#v1.0.0",
"companion-module-bmd-atem": "github:bitfocus/companion-module-bmd-atem#v2.13.0",
"companion-module-bmd-audiomonitor": "github:bitfocus/companion-module-bmd-audiomonitor#v1.0.0",
"companion-module-bmd-hyperdeck": "github:bitfocus/companion-module-bmd-hyperdeck#v1.2.2",
"companion-module-bmd-multiview16": "github:bitfocus/companion-module-bmd-multiview16#v1.0.1",
"companion-module-bmd-multiview4": "github:bitfocus/companion-module-bmd-multiview4#v1.3.2",
"companion-module-bmd-smartview": "github:bitfocus/companion-module-bmd-smartview#v1.1.3",
"companion-module-bmd-teranex": "github:bitfocus/companion-module-bmd-teranex#v1.0.4",
"companion-module-bmd-videohub": "github:bitfocus/companion-module-bmd-videohub#v1.3.0",
"companion-module-bmd-webpresenterhd": "github:bitfocus/companion-module-bmd-webpresenterhd#v1.0.1",
"companion-module-boinx-mimolive": "github:bitfocus/companion-module-boinx-mimolive#v1.0.1",
"companion-module-borealsystems-director": "github:bitfocus/companion-module-borealsystems-director#v1.0.0",
"companion-module-brightsign-player": "github:bitfocus/companion-module-brightsign-player#v1.1.1",
"companion-module-brompton-tessera": "github:bitfocus/companion-module-brompton-tessera#v1.0.0",
"companion-module-canon-xf": "github:bitfocus/companion-module-canon-xf#v1.0.0",
"companion-module-casparcg-server": "github:bitfocus/companion-module-casparcg-server#v1.0.2",
"companion-module-chamsys-magicq-osc": "github:bitfocus/companion-module-chamsys-magicq-osc#v1.0.1",
"companion-module-chamsys-magicq-udp": "github:bitfocus/companion-module-chamsys-magicq-udp#v1.0.2",
"companion-module-christie-pandorasbox": "github:bitfocus/companion-module-christie-pandorasbox#v2.0.2",
"companion-module-christie-projector": "github:bitfocus/companion-module-christie-projector#v2.0.3",
"companion-module-christie-spyder": "github:bitfocus/companion-module-christie-spyder#v1.0.0",
"companion-module-christie-wd": "github:bitfocus/companion-module-christie-wd#v1.0.6",
"companion-module-cisco-cms": "github:bitfocus/companion-module-cisco-cms#v1.0.1",
"companion-module-cisco-webex-websocket": "github:bitfocus/companion-module-cisco-webex-websocket#v1.1.0",
"companion-module-cockos-reaper": "github:bitfocus/companion-module-cockos-reaper#v1.1.0",
"companion-module-connect-webcaster": "github:bitfocus/companion-module-connect-webcaster#v1.0.0",
"companion-module-crystal-scte": "github:bitfocus/companion-module-crystal-scte#v1.0.0",
"companion-module-dahuasecurity-ptz": "github:bitfocus/companion-module-dahuasecurity-ptz#v1.0.1",
"companion-module-dalite-scb": "github:bitfocus/companion-module-dalite-scb#v1.0.0",
"companion-module-dashare-multiplay": "github:bitfocus/companion-module-dashare-multiplay#v1.0.1",
"companion-module-datapath-fx4": "github:bitfocus/companion-module-datapath-fx4#v1.0.0",
"companion-module-dataton-watchout": "github:bitfocus/companion-module-dataton-watchout#v1.2.0",
"companion-module-datavideo-dvip": "github:bitfocus/companion-module-datavideo-dvip#v1.0.0",
"companion-module-datavideo-visca": "github:bitfocus/companion-module-datavideo-visca#v1.0.3",
"companion-module-dcc-ex-commandstation": "github:bitfocus/companion-module-dcc-ex-commandstation#v1.0.0",
"companion-module-denon-dn-500bd-mkii": "github:bitfocus/companion-module-denon-dn-500bd-mkii#v1.0.2",
"companion-module-denon-receiver": "github:bitfocus/companion-module-denon-receiver#v1.0.1",
"companion-module-denon-recorder": "github:bitfocus/companion-module-denon-recorder#v1.0.1",
"companion-module-depili-clock-8001": "github:bitfocus/companion-module-depili-clock-8001#v5.1.1",
"companion-module-dexon-dimax": "github:bitfocus/companion-module-dexon-dimax#v1.0.3",
"companion-module-dexon-divip": "github:bitfocus/companion-module-dexon-divip#v1.0.2",
"companion-module-dexon-matrix": "github:bitfocus/companion-module-dexon-matrix#v1.0.1",
"companion-module-digico-osc": "github:bitfocus/companion-module-digico-osc#v1.0.2",
"companion-module-digitalprojection-highlight": "github:bitfocus/companion-module-digitalprojection-highlight#v1.0.2",
"companion-module-disguise": "github:bitfocus/companion-module-disguise#v1.1.0",
"companion-module-disguise-mtc": "github:bitfocus/companion-module-disguise-mtc#v1.0.2",
"companion-module-dolby-cinemaprocessor": "github:bitfocus/companion-module-dolby-cinemaprocessor#v1.1.0",
"companion-module-draco-tera": "github:bitfocus/companion-module-draco-tera#v1.0.4",
"companion-module-dsan-limitimer": "github:bitfocus/companion-module-dsan-limitimer#v1.1.1",
"companion-module-dsan-perfectcue": "github:bitfocus/companion-module-dsan-perfectcue#v1.0.0",
"companion-module-dtvideolabs-playbackproplus": "github:bitfocus/companion-module-dtvideolabs-playbackproplus#v1.0.2",
"companion-module-elgato-keylight": "github:bitfocus/companion-module-elgato-keylight#v1.2.2",
"companion-module-epiphan-pearl": "github:bitfocus/companion-module-epiphan-pearl#v1.0.7",
"companion-module-etc-eos": "github:bitfocus/companion-module-etc-eos#v1.2.1",
"companion-module-extron-dxp": "github:bitfocus/companion-module-extron-dxp#v1.0.8",
"companion-module-extron-in1604": "github:bitfocus/companion-module-extron-in1604#v1.0.3",
"companion-module-extron-ipl-t-pcs4": "github:bitfocus/companion-module-extron-ipl-t-pcs4#v1.0.2",
"companion-module-extron-smp111": "github:bitfocus/companion-module-extron-smp111#v1.0.4",
"companion-module-extron-smp351": "github:bitfocus/companion-module-extron-smp351#v1.2.0",
"companion-module-extron-smx": "github:bitfocus/companion-module-extron-smx#v1.0.4",
"companion-module-faithchapel-videoplayoutserver": "github:bitfocus/companion-module-faithchapel-videoplayoutserver#v1.0.1",
"companion-module-figure53-go-button": "github:bitfocus/companion-module-figure53-go-button#v1.2.4",
"companion-module-figure53-qlab": "github:bitfocus/companion-module-figure53-qlab#v1.2.5",
"companion-module-figure53-qlab-advance": "github:bitfocus/companion-module-figure53-qlab-advance#v1.3.8",
"companion-module-figure53-qview": "github:bitfocus/companion-module-figure53-qview#v1.0.0",
"companion-module-folivora-btt": "github:bitfocus/companion-module-folivora-btt#v1.0.2",
"companion-module-fora-hvs": "github:bitfocus/companion-module-fora-hvs#v1.2.4",
"companion-module-foscam-ptz": "github:bitfocus/companion-module-foscam-ptz#v1.0.1",
"companion-module-gallery-virtualvtrpro": "github:bitfocus/companion-module-gallery-virtualvtrpro#v1.0.1",
"companion-module-gammacontrol-gmaestro": "github:bitfocus/companion-module-gammacontrol-gmaestro#v1.0.2",
"companion-module-gefen-dvimatrix": "github:bitfocus/companion-module-gefen-dvimatrix#v1.0.1",
"companion-module-generic-artnet": "github:bitfocus/companion-module-generic-artnet#v1.0.2",
"companion-module-generic-emberplus": "github:bitfocus/companion-module-generic-emberplus#v1.1.1",
"companion-module-generic-http": "github:bitfocus/companion-module-generic-http#v1.0.8",
"companion-module-generic-mqtt": "github:bitfocus/companion-module-generic-mqtt#v1.2.0",
"companion-module-generic-osc": "github:bitfocus/companion-module-generic-osc#v1.0.4",
"companion-module-generic-pjlink": "github:bitfocus/companion-module-generic-pjlink#v1.0.5",
"companion-module-generic-sacn": "github:bitfocus/companion-module-generic-sacn#v1.0.0",
"companion-module-generic-swp08": "github:bitfocus/companion-module-generic-swp08#v1.0.3",
"companion-module-generic-tcp-serial": "github:bitfocus/companion-module-generic-tcp-serial#v1.0.2",
"companion-module-generic-tcp-udp": "github:bitfocus/companion-module-generic-tcp-udp#v1.0.6",
"companion-module-generic-wakeonlan": "github:bitfocus/companion-module-generic-wakeonlan#v1.0.4",
"companion-module-generic-websocket": "github:bitfocus/companion-module-generic-websocket#v1.0.0",
"companion-module-globalcache-itac-cc": "github:bitfocus/companion-module-globalcache-itac-cc#v1.0.1",
"companion-module-globalcache-itac-ir": "github:bitfocus/companion-module-globalcache-itac-ir#v1.0.5",
"companion-module-globalcache-itac-sl": "github:bitfocus/companion-module-globalcache-itac-sl#v1.0.3",
"companion-module-grassvalley-amp": "github:bitfocus/companion-module-grassvalley-amp#v1.1.3",
"companion-module-greenhippo-hippotizer": "github:bitfocus/companion-module-greenhippo-hippotizer#v1.0.2",
"companion-module-h2r-graphics": "github:bitfocus/companion-module-h2r-graphics#v1.1.2",
"companion-module-haivision-connectdvr": "github:bitfocus/companion-module-haivision-connectdvr#v1.0.9",
"companion-module-haivision-kbencoder": "github:bitfocus/companion-module-haivision-kbencoder#v1.0.0",
"companion-module-highend-hog4": "github:bitfocus/companion-module-highend-hog4#v1.1.0",
"companion-module-hologfx-holographics": "github:bitfocus/companion-module-hologfx-holographics#v1.0.0",
"companion-module-homeassistant-server": "github:bitfocus/companion-module-homeassistant-server#v0.6.1",
"companion-module-ifelseware-avkey": "github:bitfocus/companion-module-ifelseware-avkey#v1.0.0",
"companion-module-ifelseware-avplayback": "github:bitfocus/companion-module-ifelseware-avplayback#v1.0.2",
"companion-module-imimot-mitti": "github:bitfocus/companion-module-imimot-mitti#v1.0.8",
"companion-module-interactivetechnologies-cueserver": "github:bitfocus/companion-module-interactivetechnologies-cueserver#v1.0.1",
"companion-module-irisdown-countdowntimer": "github:bitfocus/companion-module-irisdown-countdowntimer#v1.1.3",
"companion-module-irisdown-remoteshowcontrol": "github:bitfocus/companion-module-irisdown-remoteshowcontrol#v1.0.2",
"companion-module-jamesholt-x32tc": "github:bitfocus/companion-module-jamesholt-x32tc#v1.0.6",
"companion-module-joy-playdeck": "github:bitfocus/companion-module-joy-playdeck#v1.0.1",
"companion-module-justmacros-lua": "github:bitfocus/companion-module-justmacros-lua#v1.0.1",
"companion-module-jvc-ptz": "github:bitfocus/companion-module-jvc-ptz#v1.0.9",
"companion-module-kiloview-ndi": "github:bitfocus/companion-module-kiloview-ndi#v1.0.0",
"companion-module-kramer-matrix": "github:bitfocus/companion-module-kramer-matrix#v1.2.1",
"companion-module-kramer-vp727": "github:bitfocus/companion-module-kramer-vp727#v1.0.1",
"companion-module-kramer-vp734": "github:bitfocus/companion-module-kramer-vp734#v1.0.0",
"companion-module-kramer-vp773a": "github:bitfocus/companion-module-kramer-vp773a#v1.0.0",
"companion-module-kramer-vs41h": "github:bitfocus/companion-module-kramer-vs41h#v1.0.0",
"companion-module-leafcoders-titler": "github:bitfocus/companion-module-leafcoders-titler#v1.0.0",
"companion-module-lectrosonics-aspen": "github:bitfocus/companion-module-lectrosonics-aspen#v1.0.0",
"companion-module-lightware-lw2": "github:bitfocus/companion-module-lightware-lw2#v1.0.2",
"companion-module-lightware-lw3": "github:bitfocus/companion-module-lightware-lw3#v1.0.1",
"companion-module-liminalet-zoomosc": "github:bitfocus/companion-module-liminalet-zoomosc#v1.0.8",
"companion-module-linkbox-remote": "github:bitfocus/companion-module-linkbox-remote#v1.2.1",
"companion-module-livingasone-decoders": "github:bitfocus/companion-module-livingasone-decoders#v1.1.2",
"companion-module-ltn-schedule": "github:bitfocus/companion-module-ltn-schedule#v1.0.0",
"companion-module-lumens-mediaprocessor": "github:bitfocus/companion-module-lumens-mediaprocessor#v1.0.0",
"companion-module-lumens-visca": "github:bitfocus/companion-module-lumens-visca#v1.0.2",
"companion-module-lyntec-rpc-breaker": "github:bitfocus/companion-module-lyntec-rpc-breaker#v1.0.3",
"companion-module-magewell-proconvert-decoder": "github:bitfocus/companion-module-magewell-proconvert-decoder#v1.0.0",
"companion-module-magewell-ultrastream": "github:bitfocus/companion-module-magewell-ultrastream#v0.0.3",
"companion-module-magicsoft-recorder": "github:bitfocus/companion-module-magicsoft-recorder#v1.0.0",
"companion-module-malighting-grandma2": "github:bitfocus/companion-module-malighting-grandma2#v1.0.10",
"companion-module-malighting-msc": "github:bitfocus/companion-module-malighting-msc#v0.2.1",
"companion-module-matrox-monarch": "github:bitfocus/companion-module-matrox-monarch#v1.0.0",
"companion-module-media-player-classic": "github:bitfocus/companion-module-media-player-classic#v1.0.0",
"companion-module-metus-ingest": "github:bitfocus/companion-module-metus-ingest#v1.2.1",
"companion-module-middleatlantic-racklink": "github:bitfocus/companion-module-middleatlantic-racklink#v1.0.0",
"companion-module-middlethings-middlecontrol": "github:bitfocus/companion-module-middlethings-middlecontrol#v1.0.1",
"companion-module-modelighting-edin": "github:bitfocus/companion-module-modelighting-edin#v1.0.0",
"companion-module-modulo": "github:bitfocus/companion-module-modulo#v1.0.1",
"companion-module-motu-avb": "github:bitfocus/companion-module-motu-avb#v1.0.2",
"companion-module-msc-router": "github:bitfocus/companion-module-msc-router#v1.0.2",
"companion-module-multicamsystems-multicamsuite": "github:bitfocus/companion-module-multicamsystems-multicamsuite#v1.0.1",
"companion-module-muxlab-kvm": "github:bitfocus/companion-module-muxlab-kvm#v1.0.0",
"companion-module-neodarque-stagetimer2": "github:bitfocus/companion-module-neodarque-stagetimer2#v1.2.6",
"companion-module-netio-powerbox": "github:bitfocus/companion-module-netio-powerbox#v1.0.0",
"companion-module-nevion-mrp": "github:bitfocus/companion-module-nevion-mrp#v2.0.2",
"companion-module-newbluefx-titler": "github:bitfocus/companion-module-newbluefx-titler#v1.0.1",
"companion-module-newtek-ndistudiomonitor": "github:bitfocus/companion-module-newtek-ndistudiomonitor#v1.0.1",
"companion-module-newtek-tricaster": "github:bitfocus/companion-module-newtek-tricaster#v1.1.4",
"companion-module-nexo-nxamp": "github:bitfocus/companion-module-nexo-nxamp#v1.0.0",
"companion-module-nobe-omniscope": "github:bitfocus/companion-module-nobe-omniscope#v1.0.0",
"companion-module-noismada-octopuslistener": "github:bitfocus/companion-module-noismada-octopuslistener#v1.0.2",
"companion-module-noismada-octopusshowcontrol": "github:bitfocus/companion-module-noismada-octopusshowcontrol#v1.2.0",
"companion-module-novastar-controller": "github:bitfocus/companion-module-novastar-controller#v1.0.6",
"companion-module-obs-studio": "github:bitfocus/companion-module-obs-studio#v1.0.24",
"companion-module-obsidiancontrol-onyx": "github:bitfocus/companion-module-obsidiancontrol-onyx#v1.0.3",
"companion-module-octava-pro-dsx": "github:bitfocus/companion-module-octava-pro-dsx#v0.0.1",
"companion-module-openlp-http": "github:bitfocus/companion-module-openlp-http#v0.1.1",
"companion-module-opensong-api": "github:bitfocus/companion-module-opensong-api#v1.0.1",
"companion-module-openweather-rest": "github:bitfocus/companion-module-openweather-rest#v1.0.2",
"companion-module-opticis-omm-1000": "github:bitfocus/companion-module-opticis-omm-1000#v1.0.2",
"companion-module-optoma-z28s": "github:bitfocus/companion-module-optoma-z28s#v1.0.2",
"companion-module-orfast-ndi": "github:bitfocus/companion-module-orfast-ndi#v1.0.0",
"companion-module-panasonic-avhs": "github:bitfocus/companion-module-panasonic-avhs#v1.0.4",
"companion-module-panasonic-camera-controller": "github:bitfocus/companion-module-panasonic-camera-controller#v1.0.6",
"companion-module-panasonic-projector": "github:bitfocus/companion-module-panasonic-projector#v1.0.1",
"companion-module-panasonic-ptz": "github:bitfocus/companion-module-panasonic-ptz#v1.0.19",
"companion-module-panasonic-tv-th": "github:bitfocus/companion-module-panasonic-tv-th#v0.0.1",
"companion-module-pangolin-beyond": "github:bitfocus/companion-module-pangolin-beyond#v1.0.2",
"companion-module-phillips-hue": "github:bitfocus/companion-module-phillips-hue#v0.0.4",
"companion-module-pixap-pixtimerpro": "github:bitfocus/companion-module-pixap-pixtimerpro#v1.0.6",
"companion-module-planningcenter-serviceslive": "github:bitfocus/companion-module-planningcenter-serviceslive#v1.0.5",
"companion-module-presentationtools-aps": "github:bitfocus/companion-module-presentationtools-aps#v1.1.0",
"companion-module-presentationtools-cuetimer": "github:bitfocus/companion-module-presentationtools-cuetimer#v1.0.0",
"companion-module-protopie-bridge": "github:bitfocus/companion-module-protopie-bridge#v1.0.2",
"companion-module-prsi-ipower": "github:bitfocus/companion-module-prsi-ipower#v1.0.2",
"companion-module-ptzoptics-visca": "github:bitfocus/companion-module-ptzoptics-visca#v1.1.6",
"companion-module-qsys-remote-control": "github:bitfocus/companion-module-qsys-remote-control#v1.0.3",
"companion-module-radiodj-rest": "github:bitfocus/companion-module-radiodj-rest#v1.0.0",
"companion-module-rationalacoustics-smaart3": "github:bitfocus/companion-module-rationalacoustics-smaart3#v1.0.3",
"companion-module-renewedvision-propresenter": "github:bitfocus/companion-module-renewedvision-propresenter#v2.4.0",
"companion-module-renewedvision-pvp": "github:bitfocus/companion-module-renewedvision-pvp#v1.0.7",
"companion-module-resolume-arena": "github:bitfocus/companion-module-resolume-arena#v1.0.5",
"companion-module-rocosoft-ptzjoy": "github:bitfocus/companion-module-rocosoft-ptzjoy#v1.0.1",
"companion-module-roku-tv": "github:bitfocus/companion-module-roku-tv#v1.0.1",
"companion-module-roland-m5000": "github:bitfocus/companion-module-roland-m5000#v1.0.2",
"companion-module-roland-v1200hd": "github:bitfocus/companion-module-roland-v1200hd#v1.0.0",
"companion-module-roland-v600uhd": "github:bitfocus/companion-module-roland-v600uhd#v1.0.1",
"companion-module-roland-v60hd": "github:bitfocus/companion-module-roland-v60hd#v1.0.10",
"companion-module-roland-vp42h": "github:bitfocus/companion-module-roland-vp42h#v1.0.0",
"companion-module-roland-vr50hd-mk2": "github:bitfocus/companion-module-roland-vr50hd-mk2#v1.0.0",
"companion-module-roland-xs42h": "github:bitfocus/companion-module-roland-xs42h#v1.0.0",
"companion-module-roland-xs62s": "github:bitfocus/companion-module-roland-xs62s#v1.0.1",
"companion-module-roland-xs84h": "github:bitfocus/companion-module-roland-xs84h#v1.0.0",
"companion-module-rossvideo-caprica": "github:bitfocus/companion-module-rossvideo-caprica#v1.0.0",
"companion-module-rossvideo-nkrouter": "github:bitfocus/companion-module-rossvideo-nkrouter#v1.0.2",
"companion-module-rossvideo-rosstalk": "github:bitfocus/companion-module-rossvideo-rosstalk#v1.2.8",
"companion-module-rossvideo-xpression": "github:bitfocus/companion-module-rossvideo-xpression#v1.0.2",
"companion-module-sain-smart-relay": "github:bitfocus/companion-module-sain-smart-relay#v1.0.0",
"companion-module-seervision-suite": "github:bitfocus/companion-module-seervision-suite#v1.1.0",
"companion-module-sharp-tv": "github:bitfocus/companion-module-sharp-tv#v1.0.0",
"companion-module-showcuesystems-scs": "github:bitfocus/companion-module-showcuesystems-scs#v1.0.1",
"companion-module-shure-dis-ccu": "github:bitfocus/companion-module-shure-dis-ccu#v1.0.1",
"companion-module-shure-psm1000": "github:bitfocus/companion-module-shure-psm1000#v1.0.0",
"companion-module-shure-scm820": "github:bitfocus/companion-module-shure-scm820#v1.0.0",
"companion-module-shure-wireless": "github:bitfocus/companion-module-shure-wireless#v1.2.0",
"companion-module-sienna-ndimonitor": "github:bitfocus/companion-module-sienna-ndimonitor#v1.0.0",
"companion-module-singularlive-studio": "github:bitfocus/companion-module-singularlive-studio#v1.0.7",
"companion-module-slack-webhooks": "github:bitfocus/companion-module-slack-webhooks#v1.0.1",
"companion-module-softron-movierecorder": "github:bitfocus/companion-module-softron-movierecorder#v1.0.1",
"companion-module-softron-ontheairvideo": "github:bitfocus/companion-module-softron-ontheairvideo#v1.0.0",
"companion-module-sononum-horae": "github:bitfocus/companion-module-sononum-horae#v1.0.1",
"companion-module-sonoran-coyote": "github:bitfocus/companion-module-sonoran-coyote#v1.0.0",
"companion-module-sonos-speakers": "github:bitfocus/companion-module-sonos-speakers#v0.2.0",
"companion-module-sony-bravia": "github:bitfocus/companion-module-sony-bravia#v1.0.0",
"companion-module-sony-visca": "github:bitfocus/companion-module-sony-visca#v1.2.8",
"companion-module-soundcraft-ui": "github:bitfocus/companion-module-soundcraft-ui#v2.0.3",
"companion-module-sounddevices-pixnet": "github:bitfocus/companion-module-sounddevices-pixnet#v1.0.0",
"companion-module-spotify-remote": "github:bitfocus/companion-module-spotify-remote#v1.0.7",
"companion-module-spx-gc": "github:bitfocus/companion-module-spx-gc#v1.0.2",
"companion-module-studiocoast-vmix": "github:bitfocus/companion-module-studiocoast-vmix#v1.2.22",
"companion-module-symetrix-dsp": "github:bitfocus/companion-module-symetrix-dsp#v1.3.0",
"companion-module-tallyma-wirelesstally": "github:bitfocus/companion-module-tallyma-wirelesstally#v1.0.1",
"companion-module-tascam-bdmp1": "github:bitfocus/companion-module-tascam-bdmp1#v0.1.5",
"companion-module-tascam-cd": "github:bitfocus/companion-module-tascam-cd#v1.0.2",
"companion-module-techministry-midirelay": "github:bitfocus/companion-module-techministry-midirelay#v2.0.4",
"companion-module-techministry-protally": "github:bitfocus/companion-module-techministry-protally#v1.0.0",
"companion-module-techministry-tallyarbiter": "github:bitfocus/companion-module-techministry-tallyarbiter#v1.0.2",
"companion-module-teracom-tcw181b": "github:bitfocus/companion-module-teracom-tcw181b#v1.0.2",
"companion-module-teradek-vidiu": "github:bitfocus/companion-module-teradek-vidiu#v1.0.2",
"companion-module-tesla-smart": "github:bitfocus/companion-module-tesla-smart#v1.0.3",
"companion-module-thelightingcontroller": "github:bitfocus/companion-module-thelightingcontroller#v1.1.2",
"companion-module-thingm-blink1": "github:bitfocus/companion-module-thingm-blink1#v1.2.3",
"companion-module-tplink-kasasmartplug": "github:bitfocus/companion-module-tplink-kasasmartplug#v1.0.1",
"companion-module-tslproducts-umd": "github:bitfocus/companion-module-tslproducts-umd#v1.2.1",
"companion-module-tvone-corio": "github:bitfocus/companion-module-tvone-corio#v1.0.0",
"companion-module-twitch-api": "github:bitfocus/companion-module-twitch-api#v1.0.0",
"companion-module-ubiquiti-unifi": "github:bitfocus/companion-module-ubiquiti-unifi#v1.0.1",
"companion-module-vaddio-ptz": "github:bitfocus/companion-module-vaddio-ptz#v1.0.1",
"companion-module-vicreo-hotkey": "github:bitfocus/companion-module-vicreo-hotkey#v2.0.5",
"companion-module-vicreo-variablelistener": "github:bitfocus/companion-module-vicreo-variablelistener#v1.0.7",
"companion-module-videolan-vlc": "github:bitfocus/companion-module-videolan-vlc#v1.1.12",
"companion-module-visualproductions-bstation2": "github:bitfocus/companion-module-visualproductions-bstation2#v1.0.6",
"companion-module-vivitek-projector": "github:bitfocus/companion-module-vivitek-projector#v1.0.3",
"companion-module-vizio-smartcast": "github:bitfocus/companion-module-vizio-smartcast#v1.1.4",
"companion-module-vyv-photon": "github:bitfocus/companion-module-vyv-photon#v1.0.4",
"companion-module-wyrestorm-sw0402mv": "github:bitfocus/companion-module-wyrestorm-sw0402mv#v1.0.1",
"companion-module-xiamen-sprolink-vd-series": "github:bitfocus/companion-module-xiamen-sprolink-vd-series#v1.0.1",
"companion-module-yamaha-rcp": "github:bitfocus/companion-module-yamaha-rcp#v1.6.0",
"companion-module-youtube-live": "github:bitfocus/companion-module-youtube-live#v1.1.2",
"companion-module-zenvideo-ndirouter": "github:bitfocus/companion-module-zenvideo-ndirouter#v1.0.1",
"debug": "^4.2.0",
"elgato-stream-deck": "^4.1.0",
"emberplus-connection": "^0.0.4",
"express": "^4.16.3",
"find-process": "1.4.4",
"fs-extra": "^10.0.0",
"infinitton-idisplay": "^1.0.5",
"lodash": "^4.17.20",
"mkdirp": "^1.0.4",
"moment": "^2.29.1",
"network": "^0.4.1",
"node-fetch": "^2.6.1",
"node-rest-client": "^3.1.0",
"osc": "^2.4.1",
"pngjs": "^3.3.3",
"sharp": "^0.28.3",
"shortid": "^2.2.16",
"socket.io": "^4.1.2",
"strip-ansi": "^5.2.0",
"websocket": "^1.0.34",
"node-hid": "^2.1.1",
"serialport": "^9.2.0",
"ws": "^7.4.6"
},
"collective": {
"type": "donorbox",
"url": "https://donorbox.org/bitfocus-opensource"
},
"optionalDependencies": {
"@julusian/jpeg-turbo": "^1.1.1"
},
"resolutions": {
"infinitton-idisplay/node-hid": "^2.1.1",
"**/osc/serialport": "^9.2.0",
"**/osc/ws": "^7.4.6"
}
}

13213
pkgs/companion/yarn-webui.nix Normal file

File diff suppressed because it is too large Load diff

10067
pkgs/companion/yarn.nix Normal file

File diff suppressed because it is too large Load diff

View file

@ -1,48 +1,30 @@
{ stdenv, requireFile, fetchpatch, kernel }:
{ stdenv, requireFile, fetchpatch, kernel, lib }:
stdenv.mkDerivation rec {
pname = "decklink";
version = "11.6";
version = "12.2.2";
src = requireFile {
name = "Blackmagic_Desktop_Video_Linux_11.6.tar.gz";
url = "https://www.blackmagicdesign.com/support/download/d399ada95c2b49ffad3031bda413acb5/Linux";
sha256 = "0qwm1b3gy0k7j1bimkxwwr77g8hrsybs9jp90b46kzcy06mcp380";
name = "Blackmagic_Desktop_Video_Linux_12.2.2.tar.gz";
url = "https://www.blackmagicdesign.com/support/";
sha256 = "8bca946bd3f002d2d404a74210c881935351e1a0d03f750559b180fdb439ef35";
};
patches = [
(fetchpatch {
name = "01-fix-makefile.patch";
url = "https://aur.archlinux.org/cgit/aur.git/plain/01-fix-makefile.patch?h=decklink&id=8f19ef584c0603105415160d2ba4e8dfa47495ce";
sha256 = "1pk8zfi0clmysla25jmcqnq7sx2bnjflrarhqkqbkl8crigyspf5";
})
(fetchpatch {
name = "02-fix-get_user_pages-and-mmap_lock.patch";
url = "https://aur.archlinux.org/cgit/aur.git/plain/02-fix-get_user_pages-and-mmap_lock.patch?h=decklink&id=8f19ef584c0603105415160d2ba4e8dfa47495ce";
sha256 = "08m4qwrk0vg8rix59y591bjih95d2wp6bmm1p37nyfvhi2n9jw2m";
})
(fetchpatch {
name = "03-fix-have_unlocked_ioctl.patch";
url = "https://aur.archlinux.org/cgit/aur.git/plain/03-fix-have_unlocked_ioctl.patch?h=decklink&id=8f19ef584c0603105415160d2ba4e8dfa47495ce";
sha256 = "0j9p62qa4mc6ir2v4fzrdapdrvi1dabrjrx1c295pwa3vmsi1x4f";
})
];
KERNELDIR = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build";
INSTALL_MOD_PATH = placeholder "out";
nativeBuildInputs = kernel.moduleBuildDependencies;
setSourceRoot = ''
tar xf Blackmagic_Desktop_Video_Linux_11.6/other/x86_64/desktopvideo-11.6a26-x86_64.tar.gz
sourceRoot=$NIX_BUILD_TOP/desktopvideo-11.6a26-x86_64/usr/src
tar xf Blackmagic_Desktop_Video_Linux_12.2.2/other/x86_64/desktopvideo-12.2.2a6-x86_64.tar.gz
sourceRoot=$NIX_BUILD_TOP/desktopvideo-12.2.2a6-x86_64/usr/src
'';
buildPhase = ''
runHook preBuild
make -C $sourceRoot/blackmagic-11.6a26 -j$NIX_BUILD_CORES
make -C $sourceRoot/blackmagic-io-11.6a26 -j$NIX_BUILD_CORES
make -C $sourceRoot/blackmagic-12.2.2a6 -j$NIX_BUILD_CORES
make -C $sourceRoot/blackmagic-io-12.2.2a6 -j$NIX_BUILD_CORES
runHook postBuild
'';
@ -50,13 +32,13 @@ stdenv.mkDerivation rec {
installPhase = ''
runHook preInstall
make -C $KERNELDIR M=$sourceRoot/blackmagic-11.6a26 modules_install
make -C $KERNELDIR M=$sourceRoot/blackmagic-io-11.6a26 modules_install
make -C $KERNELDIR M=$sourceRoot/blackmagic-12.2.2a6 modules_install
make -C $KERNELDIR M=$sourceRoot/blackmagic-io-12.2.2a6 modules_install
runHook postInstall
'';
meta = with stdenv.lib; {
meta = with lib; {
homepage = "https://www.blackmagicdesign.com/support/family/capture-and-playback";
maintainers = [ maintainers.hexchen ];
license = licenses.unfree;

View file

@ -3,15 +3,21 @@
let
sources = import ../nix/sources.nix;
pkgs = import sources.nixpkgs args;
unstable = import sources.nixpkgs-unstable args;
callPackage = pkgs.lib.callPackageWith (pkgs // newpkgs);
newpkgs = {
alps = callPackage ./alps {};
companion = callPackage ./companion {};
libvips = callPackage ./libvips {};
docker = pkgs.docker.overrideAttrs (super: {
moby = super.moby.overrideAttrs (super: {
extraPath = super.extraPath + ":${pkgs.zfs}/bin";
});
});
linuxPackagesFor = kernel: (pkgs.linuxPackagesFor kernel).extend (_: ksuper: {
decklink = callPackage ./decklink { kernel = ksuper.kernel; };
@ -19,7 +25,7 @@ let
blackmagicDesktopVideo = callPackage ./blackmagic-desktop-video { };
obs-studio = pkgs.obs-studio.overrideAttrs (_: rec {
obs-studio = unstable.obs-studio.overrideAttrs (_: rec {
wrapLibraries = with (pkgs // newpkgs); [
xorg.libX11.out
libvlc
@ -33,7 +39,30 @@ let
'';
});
peertube = callPackage ./peertube { nodejs = pkgs.nodejs-12_x; };
mattermost = callPackage ./mattermost {};
# a version of the lounge with some extra css that
# hides things the hacc-voc doesn't need
thelounge-hacked = pkgs.stdenv.mkDerivation {
name = "thelounge-hacked";
src = pkgs.thelounge;
phases = [ "buildPhase" "installPhase" ];
buildPhase = ''
cp $src/* -r .
chmod 777 lib/node_modules/thelounge/public/css/style.css
cat ${./thelounge/css-patch.css} >> lib/node_modules/thelounge/public/css/style.css
'';
installPhase = ''
mkdir -p $out
cp * -r $out
'';
};
uffd = callPackage ./uffd {};
inherit (unstable) bottom vaultwarden vaultwarden-vault;
};
in pkgs.extend(_: _: newpkgs)

18
pkgs/libvips/default.nix Normal file
View file

@ -0,0 +1,18 @@
{
stdenv, fetchurl, pkg-config, glib, expat,
libjpeg_turbo, libexif, librsvg, libtiff, libpng
}:
stdenv.mkDerivation rec {
pname = "libvips";
version = "8.11.3";
src = fetchurl {
url = "https://github.com/libvips/libvips/releases/download/v${version}/vips-${version}.tar.gz";
sha256 = "00fz7h7vb0qqsc9i2smp3aljwjyb5cin2fiqillv8vvx8wpis2lv";
};
propagatedBuildInputs = [ glib ];
buildInputs = [ expat libjpeg_turbo libexif librsvg libtiff libpng ];
nativeBuildInputs = [ pkg-config ];
}

View file

@ -0,0 +1,49 @@
{ stdenv, fetchurl, fetchFromGitHub, buildGoPackage, buildEnv, lib }:
let
sources = import ../../nix/sources.nix;
version = sources.mattermost-webapp.version;
mattermost-server = buildGoPackage rec {
pname = "mattermost-server";
inherit version;
src = sources.mattermost-server.outPath;
goPackagePath = "github.com/mattermost/mattermost-server";
ldflags = [
"-X ${goPackagePath}/model.BuildNumber=nixpkgs-${version}"
];
};
mattermost-webapp = stdenv.mkDerivation {
pname = "mattermost-webapp";
inherit version;
src = sources.mattermost-webapp;
installPhase = ''
mkdir -p $out
cp -r client $out
cp -r i18n $out
cp -r fonts $out
cp -r templates $out
cp -r config $out
'';
};
in
buildEnv {
name = "mattermost-${version}";
paths = [ mattermost-server mattermost-webapp ];
meta = with lib; {
description = "Open-source, self-hosted Slack-alternative";
homepage = "https://www.mattermost.org";
license = with licenses; [ agpl3 asl20 ];
maintainers = with maintainers; [ fpletz ryantm ];
platforms = platforms.unix;
};
}

View file

@ -1,141 +0,0 @@
{ stdenv, yarn2nix-moretea, lib, nodePackages, fetchFromGitHub, fetchurl, youtube-dl, jq, nodejs }:
let
inherit (yarn2nix-moretea) mkYarnPackage defaultYarnFlags;
in rec {
mkYarnModules = args: (yarn2nix-moretea.mkYarnModules args).overrideAttrs(old: {
buildPhase = builtins.replaceStrings [" ./package.json"] [" /dev/null; cp deps/*/package.json ."] old.buildPhase;
});
source = stdenv.mkDerivation {
name = "peertube-src";
src = fetchFromGitHub {
owner = "Chocobozzz";
repo = "peertube";
rev = "v3.0.1";
sha256 = "0zrrhc5kml7mqxafmr8yggiakjh3a33wvn2m1i6ij112nkjyv1bc";
};
phases = [ "unpackPhase" "patchPhase" "installPhase" "fixupPhase" ];
patches = [ ./fix-yarnlock.patch ];
installPhase = ''
mkdir $out
cp -a . $out
'';
fixupPhase = ''
patchShebangs $out/scripts
'';
};
nodeHeaders = fetchurl {
url = "https://nodejs.org/download/release/v${nodejs.version}/node-v${nodejs.version}-headers.tar.gz";
sha256 = "18nsc6qc3f367vk63bm3wwmcw6lwi8jqxgv025jnv9mc539zx4iy";
};
yarnModulesConfig = {
bcrypt = {
buildInputs = [ nodePackages.node-pre-gyp ];
postInstall = let
bcrypt_version = "5.0.0";
bcrypt_lib = fetchurl {
url = "https://github.com/kelektiv/node.bcrypt.js/releases/download/v${bcrypt_version}/bcrypt_lib-v${bcrypt_version}-napi-v3-linux-x64-glibc.tar.gz";
sha256 = "0j3p2px1xb17sw3gpm8l4apljajxxfflal1yy552mhpzhi21wccn";
};
in
''
if [ "${bcrypt_version}" != "$(cat package.json | ${jq}/bin/jq -r .version)" ]; then
echo "Mismatching version please update bcrypt in derivation"
false
fi
mkdir -p lib/binding && tar -C lib/binding -xf ${bcrypt_lib}
patchShebangs ../node-pre-gyp
npm run install
'';
};
utf-8-validate = {
buildInputs = [ nodePackages.node-gyp-build ];
};
youtube-dl = {
postInstall = ''
mkdir bin
ln -s ${youtube-dl}/bin/youtube-dl bin/youtube-dl
cat > bin/details <<EOF
{"version":"${youtube-dl.version}","path":null,"exec":"youtube-dl"}
EOF
'';
};
};
serverModules = mkYarnModules rec {
pname = "peertube-server-yarn-modules";
version = "3.0.1";
name = "${pname}-${version}";
packageJSON = "${source}/package.json";
yarnLock = "${source}/yarn.lock";
pkgConfig = yarnModulesConfig;
};
clientModules = mkYarnModules rec {
pname = "peertube-client-yarn-modules";
version = "3.0.1";
name = "${pname}-${version}";
packageJSON = "${source}/client/package.json";
yarnLock = "${source}/client/yarn.lock";
pkgConfig = yarnModulesConfig;
};
serverModulesProd = serverModules.overrideAttrs (_: {
yarnFlags = defaultYarnFlags ++ [ "--production" ];
});
server = stdenv.mkDerivation {
pname = "peertube-server";
version = "3.0.1";
src = source;
nativeBuildInputs = [ nodePackages.npm ];
buildPhase = ''
ln -s ${serverModules}/node_modules ./
rm -rf ./dist
npm run build:server
'';
installPhase = ''
mkdir $out
cp -a dist $out
'';
};
client = stdenv.mkDerivation {
pname = "peertube-client";
version = "3.0.1";
src = source;
buildPhase = ''
ln -s ${serverModules}/node_modules .
cp -a ${clientModules}/node_modules client/
chmod -R +w client/node_modules
npm run build:client
'';
installPhase = ''
mkdir $out
cp -a client/dist $out
'';
buildInputs = [ nodejs ];
};
package = stdenv.mkDerivation {
pname = "peertube";
version = "3.0.1";
src = source;
buildPhase = ''
ln -s ${serverModulesProd}/node_modules .
rm -rf dist && cp -a ${server}/dist dist
rm -rf client/dist && cp -a ${client}/dist client/
'';
installPhase = ''
mkdir $out
cp -a * $out
ln -s /tmp $out/.cache
'';
};
}

View file

@ -1,28 +0,0 @@
diff --git a/client/yarn.lock b/client/yarn.lock
index d27cdaec8..26706a9fc 100644
--- a/client/yarn.lock
+++ b/client/yarn.lock
@@ -5703,7 +5703,8 @@ http-errors@~1.7.2:
"http-node@github:feross/http-node#webtorrent":
version "1.2.0"
- resolved "https://codeload.github.com/feross/http-node/tar.gz/342ef8624495343ffd050bd0808b3750cf0e3974"
+ resolved "https://codeload.github.com/feross/http-node/tar.gz/342ef8624495343ffd050bd0808b3750cf0e3974#33fa312d37f0000b17acdb1a5086565400419a13"
+ integrity sha1-M/oxLTfwAAsXrNsaUIZWVABBmhM=
dependencies:
chrome-net "^3.3.3"
freelist "^1.0.3"
diff --git a/yarn.lock b/yarn.lock
index 61a2ea05e..c742276c7 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -3873,7 +3873,8 @@ http-errors@~1.7.2:
"http-node@github:feross/http-node#webtorrent":
version "1.2.0"
- resolved "https://codeload.github.com/feross/http-node/tar.gz/342ef8624495343ffd050bd0808b3750cf0e3974"
+ resolved "https://codeload.github.com/feross/http-node/tar.gz/342ef8624495343ffd050bd0808b3750cf0e3974#33fa312d37f0000b17acdb1a5086565400419a13"
+ integrity sha1-M/oxLTfwAAsXrNsaUIZWVABBmhM=
dependencies:
chrome-net "^3.3.3"
freelist "^1.0.3"

View file

@ -0,0 +1,24 @@
/* Hides extra fields on connect screen */
.connect-row:nth-of-type(4) {
display: none !important;
}
.connect-row:nth-of-type(2) {
display: none !important;
}
.connect-row:nth-of-type(5) {
display: none !important;
}
/* Hides side panel button */
.header > button:first-child {
display: none !important;
}
/* Hides channel options button (includes leave option) */
.header > button:nth-last-child(2) {
display: none !important;
}

34
pkgs/uffd/default.nix Normal file
View file

@ -0,0 +1,34 @@
{ stdenv, lib, python3Packages, fetchzip }:
python3Packages.buildPythonPackage rec {
pname = "uffd";
version = "2.0.1";
src = fetchzip {
url = "https://git.cccv.de/uffd/uffd/-/archive/v${version}/uffd-v${version}.tar.gz";
hash = "sha256-KP4J1bw5u7MklaPu2SBFRNyGgkKOBOpft5MMH+em5M4=";
};
patches = [ ./gitea-magic.patch ./fix-setuppy.patch ./fix-userinfo.patch ];
propagatedBuildInputs = with python3Packages; [
flask
flask_sqlalchemy
flask_migrate
qrcode
fido2
oauthlib
flask-babel
argon2_cffi
itsdangerous
alembic
Mako
];
postPatch = ''
sed -i -e 's/==[0-9.]\+//g' setup.py
'';
doCheck = false;
doInstallCheck = false;
}

View file

@ -0,0 +1,34 @@
--- a/setup.py 2022-04-30 13:12:45.564651955 +0000
+++ b/setup.py 2022-04-30 13:17:02.545809513 +0000
@@ -41,31 +41,5 @@
'Flask-Babel==0.11.2',
'alembic==1.0.0',
'argon2-cffi==18.3.0',
-
- # The main dependencies on their own lead to version collisions and pip is
- # not very good at resolving them, so we pin the versions from Debian Buster
- # for all dependencies.
- 'certifi==2018.8.24',
- #cffi==1.12.2'
- 'cffi # v1.12.2 no longer works with python3.9. Newer versions seem to work fine.',
- 'chardet==3.0.4',
- 'click==7.0',
- 'cryptography==2.6.1',
- 'idna==2.6',
- 'itsdangerous==0.24',
- 'Jinja2==2.10',
- 'MarkupSafe==1.1.0',
- 'oauthlib==2.1.0',
- 'pyasn1==0.4.2',
- 'pycparser==2.19',
- 'requests==2.21.0',
- 'requests-oauthlib==1.0.0',
- 'six==1.12.0',
- 'SQLAlchemy==1.2.18',
- 'urllib3==1.24.1',
- 'Werkzeug==0.14.1',
- 'python-dateutil==2.7.3',
- #editor==1.0.3
- 'Mako==1.0.7',
],
)

View file

@ -0,0 +1,10 @@
--- a/uffd/oauth2/views.py 2022-04-30 20:39:53.825474990 +0000
+++ b/uffd/oauth2/views.py 2022-04-30 20:40:12.632389377 +0000
@@ -234,6 +234,7 @@
id=user.unix_uid,
name=user.displayname,
nickname=user.loginname,
+ username=user.loginname,
email=user.mail,
groups=[group.name for group in user.groups]
)

View file

@ -0,0 +1,32 @@
From e3c0995160a653ef6cd8784b255036585b273b82 Mon Sep 17 00:00:00 2001
From: stuebinm <stuebinm@disroot.org>
Date: Wed, 20 Jul 2022 18:02:15 +0200
Subject: [PATCH] magic gitea patch
---
uffd/oauth2/views.py | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/uffd/oauth2/views.py b/uffd/oauth2/views.py
index d13fd42..94352be 100644
--- a/uffd/oauth2/views.py
+++ b/uffd/oauth2/views.py
@@ -230,6 +230,15 @@ def oauth_required(*scopes):
@oauth_required('profile')
def userinfo():
user = request.oauth.user
+ client = request.oauth.client_id
+ if client == "gitea":
+ return jsonify(
+ id=user.unix_uid,
+ full_name=user.displayname,
+ login=user.loginname,
+ email=user.mail,
+ groups=[group.name for group in user.groups]
+ )
return jsonify(
id=user.unix_uid,
name=user.displayname,
--
2.36.0

133
services/gitea.nix Normal file
View file

@ -0,0 +1,133 @@
{ config, lib, pkgs, profiles, modules, evalConfig, sources, ... }:
{
containers.gitea = {
privateNetwork = true;
hostAddress = "192.168.100.1";
localAddress = "192.168.100.10";
autoStart = true;
bindMounts = {
"/persist" = {
hostPath = "/persist/containers/gitea";
isReadOnly = false;
};
};
path = (evalConfig {
hosts = { };
groups = { };
} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
boot.isContainer = true;
networking.useDHCP = false;
users.users.root.hashedPassword = "";
imports = [ ((import sources.nix-hexchen) { }).profiles.nopersist ];
environment.systemPackages = [ pkgs.gitea ];
hexchen.bindmounts."/var/lib/gitea" = "/persist/gitea";
nixpkgs.config.allowUnfree = true;
networking.firewall.enable = false;
networking.defaultGateway = {
address = "192.168.100.1";
interface = "eth0";
};
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
services.gitea = {
enable = true;
appName = "0x0: git for all creatures";
rootUrl = "https://git.infra4future.de/";
httpAddress = "0.0.0.0";
httpPort = 3000;
lfs.enable = true;
disableRegistration = true;
database.type = "postgres";
cookieSecure = true;
log.level = "Info";
# mailerPasswordFile =
# "/var/lib/secrets/noreply"; # see below for access permissions
settings = {
# mailer = {
# ENABLED = true;
# HOST = "0x0.rip:465";
# FROM = "noreply@0x0.rip";
# ENVELOPE_FROM = "noreply@0x0.rip";
# USER = "noreply@0x0.rip";
# };
repository = {
DEFAULT_PRIVATE = "public";
PREFERRED_LICENSES = "Unlicense";
DEFAULT_BRANCH = "main";
};
oauth2_client = {
ACCOUNT_LINKING = "auto";
ENABLE_AUTO_REGISTRATION = true;
};
"repository.pull-requests" = {
DEFAULT_MERGE_STYLE = "merge";
DEFAULT_MERGE_MESSAGE_ALL_AUTHORS = true;
};
"repository.upload".FILE_MAX_SIZE = 1024;
server = {
LANDING_PAGE = "explore";
OFFLINE_MODE = true;
};
security = { INSTALL_LOCK = true; };
other = {
SHOW_FOOTER_VERSION = false;
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
};
cron = {
ENABLED = true;
NOTICE_ON_SUCCESS = true;
};
"cron.update_mirrors" = {
SCHEDULE = "@every 12h";
PULL_LIMIT = "-1";
PUSH_LIMIT = "-1";
};
"cron.git_gc_repos".ENABLED = true;
"cron.delete_old_actions".ENABLED = true;
};
};
services.postgresqlBackup = {
enable = true;
databases = [ "gitea" ];
startAt = "*-*-* 23:45:00";
location = "/persist/backups/postgres";
};
services.openssh = {
enable = true;
passwordAuthentication = false;
listenAddresses = [ {
addr = "192.168.100.10";
port = 22;
} ];
extraConfig = ''
AcceptEnv GIT_PROTOCOL
'';
};
})).config.system.build.toplevel;
};
services.nginx.virtualHosts."git.infra4future.de" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://${config.containers.gitea.localAddress}:3000";
};
};
hexchen.nftables.nat.forwardPorts = [{
ports = [ 22 ];
destination = "${config.containers.gitea.localAddress}:22";
proto = "tcp";
}];
}

113
services/hedgedoc-hacc.nix Normal file
View file

@ -0,0 +1,113 @@
{ config, lib, pkgs, profiles, modules, evalConfig, sources, ... }:
{
containers.pad-hacc = {
privateNetwork = true;
hostAddress = "192.168.100.1";
localAddress = "192.168.100.5";
autoStart = true;
bindMounts = {
"/persist" = {
hostPath = "/persist/containers/pad-hacc";
isReadOnly = false;
};
};
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
boot.isContainer = true;
networking.useDHCP = false;
users.users.root.hashedPassword = "";
imports = [
((import sources.nix-hexchen) {}).profiles.nopersist
];
nixpkgs.config.allowUnfree = true;
networking.firewall.enable = false;
networking.defaultGateway = {
address = "192.168.100.1";
interface = "eth0";
};
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
services.hedgedoc = {
enable = true;
configuration = {
allowAnonymous = true;
allowFreeURL = true;
allowGravatar = false;
allowOrigin = [ "localhost" "pad.hacc.space" "fff-muc.de" ];
db = {
host = "/run/postgresql";
username = "codimd";
dialect = "postgres";
database = "codimd";
};
defaultPermission = "limited";
domain = "pad.hacc.space";
host = "0.0.0.0";
protocolUseSSL = true;
hsts.preload = false;
email = false;
oauth2 = {
authorizationURL = "https://login.infra4future.de/oauth2/authorize";
tokenURL = "https://login.infra4future.de/oauth2/token";
clientID = "hedgedoc";
clientSecret = "1a730af1-4d6e-4c1d-8f7e-72375c9b8d62";
};
};
};
systemd.services.hedgedoc.environment = {
"CMD_LOGLEVEL" = "warn";
"CMD_OAUTH2_USER_PROFILE_URL" = "https://login.infra4future.de/oauth2/userinfo";
"CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR" = "nickname";
"CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR" = "name";
"CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR" = "email";
"CMD_OAUTH2_PROVIDERNAME" = "Infra4Future";
};
services.postgresql = {
enable = true;
ensureDatabases = [ "codimd" ];
ensureUsers = [{
name = "codimd";
ensurePermissions = {
"DATABASE codimd" = "ALL PRIVILEGES";
};
}];
authentication = ''
local all all trust
host codimd codimd 127.0.0.1/32 trust
'';
package = pkgs.postgresql_11;
};
services.postgresqlBackup = {
enable = true;
databases = [ "codimd" ];
startAt = "*-*-* 23:45:00";
location = "/persist/backups/postgres";
};
})).config.system.build.toplevel;
};
services.nginx.virtualHosts."pad.hacc.earth" = {
enableACME = true;
forceSSL = true;
globalRedirect = "pad.hacc.space";
};
services.nginx.virtualHosts."pad.hacc.space" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://${config.containers.pad-hacc.localAddress}:3000";
extraConfig = ''
add_header Access-Control-Allow-Origin "*";
proxy_buffering off;
'';
};
};
}

96
services/hedgedoc-i4f.nix Normal file
View file

@ -0,0 +1,96 @@
{ config, lib, pkgs, modules, evalConfig, sources, ... }:
{
containers.pad-i4f = {
privateNetwork = true;
hostAddress = "192.168.100.1";
localAddress = "192.168.100.6";
autoStart = true;
bindMounts = {
"/persist" = {
hostPath = "/persist/containers/pad-i4f";
isReadOnly = false;
};
};
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
boot.isContainer = true;
networking.useDHCP = false;
users.users.root.hashedPassword = "";
imports = [
((import sources.nix-hexchen) {}).profiles.nopersist
];
nixpkgs.config.allowUnfree = true;
networking.firewall.enable = false;
networking.defaultGateway = {
address = "192.168.100.1";
interface = "eth0";
};
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
services.hedgedoc = {
enable = true;
configuration = {
allowAnonymous = true;
allowFreeURL = true;
allowGravatar = false;
allowOrigin = [ "localhost" "pad.infra4future.de" "fff-muc.de" ];
db = {
host = "/run/postgresql";
dialect = "postgres";
database = "hedgedoc";
};
defaultPermission = "freely";
domain = "pad.infra4future.de";
host = "0.0.0.0";
protocolUseSSL = true;
hsts.preload = false;
email = false;
};
};
systemd.services.hedgedoc.environment = {
"CMD_LOGLEVEL" = "warn";
};
services.postgresql = {
enable = true;
package = pkgs.postgresql_11;
authentication = ''
local all all trust
host hedgedoc hedgedoc 127.0.0.1/32 trust
'';
ensureDatabases = [ "hedgedoc" ];
ensureUsers = [{
name = "hedgedoc";
ensurePermissions = {
"DATABASE hedgedoc" = "ALL PRIVILEGES";
};
}];
};
services.postgresqlBackup = {
enable = true;
databases = [ "hedgedoc" ];
startAt = "*-*-* 23:45:00";
location = "/persist/backups/postgres";
};
})).config.system.build.toplevel;
};
services.nginx.virtualHosts."pad.infra4future.de" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://${config.containers.pad-i4f.localAddress}:3000";
extraConfig = ''
add_header Access-Control-Allow-Origin "*";
proxy_buffering off;
'';
};
};
}

View file

@ -1,29 +1,46 @@
{ config, lib, pkgs, ... }:
{ config, lib, pkgs, profiles, modules, evalConfig, ... }:
let
unstable = import (import ../../../nix/sources.nix).nixpkgs-unstable {};
in {
{
containers.lantifa = {
autoStart = true;
privateNetwork = true;
hostAddress6 = "fd00::42:14";
localAddress6 = "fd00::42:15";
hostAddress = "192.168.100.1";
localAddress = "192.168.100.8";
bindMounts = {
"/persist" = {
hostPath = "/persist/containers/lantifa";
isReadOnly = false;
};
};
config = {config, pkgs, ... }: {
networking.hosts."::1" = [ "wiki.lantifa.org" ];
networking.firewall.enable = false;
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
boot.isContainer = true;
networking.useDHCP = false;
users.users.root.hashedPassword = "";
hexchen.bindmounts."/var/lib/mediawiki" = "/persist/var/lib/mediawiki";
imports = [
((import sources.nix-hexchen) {}).profiles.nopersist
];
networking.hosts."127.0.0.1" = [ "wiki.lantifa.org" ];
users.users.mediawiki.extraGroups = [ "keys" ];
nixpkgs.config.allowUnfree = true;
networking.firewall.enable = false;
networking.defaultGateway = {
address = "192.168.100.1";
interface = "eth0";
};
services.mediawiki = {
enable = true;
name = "LANtifa";
package = unstable.mediawiki;
database.createLocally = true;
passwordFile = "/var/lib/mediawiki/mediawiki-password";
extraConfig = let
wikidb = pkgs.fetchzip {
url = "http://www.kennel17.co.uk/uploads/testwiki/e/e9/WikiDB.zip";
sha256 = "0d4f2ygglz4w515a7lgw59500q3xmr92xxhsmh8p204yaa769x8v";
url = "https://www.kennel17.co.uk/uploads/testwiki/e/e9/WikiDB.zip";
sha256 = "sha256-8pMNQwmGEsbIoSV1s4RL5Xqq4+f+GNOaCB8VlVnbweY=";
};
in ''
// Configure short URLs
@ -60,8 +77,8 @@ in {
sha256 = "1k0z44jfqsxzwy6jjz3yfibiq8wi845d5iwwh8j3yijn2854fj0i";
};
intersection = pkgs.fetchzip { # This is the DynamicPageList extension
url = "https://extdist.wmflabs.org/dist/extensions/intersection-REL1_35-f657385.tar.gz";
sha256 = "0f4bpxdfj5k4ll56s3i6cpgcpfalsff307shdhqhrbl0n3kbr3q0";
url = "https://extdist.wmflabs.org/dist/extensions/intersection-REL1_36-82eb087.tar.gz";
sha256 = "sha256-TD58DvJ4CFASP4rIc94jeB4SN4zktLe33xZtz/Qg2dk=";
};
PageForms = pkgs.fetchzip {
url = "https://github.com/wikimedia/mediawiki-extensions-PageForms/archive/5.0.1.zip";
@ -81,16 +98,17 @@ in {
};
};
services.mysql.dataDir = "/persist/mysql";
services.mysqlBackup = {
enable = true;
databases = [ "mediawiki" ];
calendar = "*-*-* 23:45:00";
};
};
})).config.system.build.toplevel;
};
services.nginx.virtualHosts."wiki.lantifa.org" = {
locations."/".proxyPass = "http://[" + config.containers.lantifa.localAddress6 + "]";
locations."/".proxyPass = "http://" + config.containers.lantifa.localAddress + "";
forceSSL = true;
enableACME = true;
};

177
services/mail.nix Normal file
View file

@ -0,0 +1,177 @@
{ config, pkgs, lib, sources, ... }:
{
imports = [ sources.nixos-mailserver.outPath ];
# reduce log spam
systemd.services.rspamd.serviceConfig.LogLevelMax =
3; # this is set to error because rspamd regularly complains about not enough learns
systemd.services.postfix.serviceConfig.LogLevelMax = 5; # = notice
systemd.services.dovecot2.serviceConfig.LogLevelMax = 5; # = notice
# stop postfix from dying if rspamd hiccups
systemd.services.postfix.unitConfig = {
Requires = lib.mkForce "dovecot2.service opendkim.service";
};
mailserver = {
mailDirectory = "/persist/mail";
enable = true;
fqdn = "mail.hacc.space";
monitoring = {
enable = true;
alertAddress = "admin@hacc.space";
};
domains = [
"hacc.space"
"muc.hacc.space"
"hacc.earth"
"4future.dev"
"4futu.re"
"infra4future.de"
];
loginAccounts = {
"hexchen@hacc.space".hashedPassword =
"$6$x9skYtRp4dgxC$1y8gPC2BuVqG3kJVSMGgzZv0Bg1T9qxcnBWLIDbANy1d//SQ23Y7s3IMYcEPd1/l/MYWD9Y/Qse6HbT5w5Xwq/";
"octycs@hacc.space".hashedPassword =
"$6$KceTivtJ$58jxhYF6ULfivNsb3Z0J7PnGea0Hs2wTWh3c9FrKRIAmuOD96u2IDgZRCn6P5NrXA0BL.n6HC2RS3r.4JnOmg.";
"octycs@hacc.space".aliases = [ "markus@hacc.space" ];
"raphael@hacc.space".hashedPassword =
"$6$QveHpwMcp9mkFVAU$EFuahOrJIxPg.c.WGFHtrP3.onwJYwvP7fiBHHGb9jhosewZ2tEUP.2D3uyDLhd9Cfny6Yp4jDk/Hkjk7/ME1/";
"moira@hacc.space".hashedPassword =
"$6$BpYhwcZNrkLhVqK$6FMqA/vUkdV4GBlHLSqS5DRCb/CaLDNeIsBcZ8G30heytS/tJj2Ag7b1ovSltTA4PUfhee3pJrz1BkwkA93vN1";
"zauberberg@hacc.space".hashedPassword =
"$6$ISAaU8X6D$oGKe9WXDWrRpGzHUTdxrxdtg9zuGOlBMuDc82IZhegpsv1bqd550FhZZrI40IjZTA5Hy2MZ8j/0efpnQ4fOQH0";
"zauberberg@hacc.space".aliases = [ "lukas@hacc.space" ];
"stuebinm@hacc.space".hashedPassword =
"$6$mjrMQG5smqLRlm$WzmbiZnGlEXGT7hj/n2qz0nvVzGyZfMToCyLRi0wErfVEHI7y7jtWoHqIWnpcHAM29UocsIFFsUCb3XqQCwwB.";
"lenny@hacc.space".hashedPassword =
"$6$EZpv9XImv5F3$p2NSoo5gLxh6NnB3/C6wF8knRTuMHqDXYF3BEscaQuk7qok2Z13xKT/6mFvvSKKBnFCuYptgnfGswmoqIzm/1/";
"lenny@hacc.space".aliases = [ "rinderhacc@hacc.space" ];
"finance@muc.hacc.space".hashedPassword =
"$6$R3GRmvXwqnMM6q.R$Y9mrUAmMnCScsM6pKjxo2a2XPM7lHrV8FIgK0PzhYvZbxWczo7.O4dk1onYeV1mRx/nXZfkZNjqNCruCn0S2m.";
"noreply@hacc.space" = {
hashedPassword =
"$6$YsqMoItITZUzI5wo$5Lejf8XBHRx4LW4VuZ9wJCiBbT4kOV/EZaCdWQ07eVIrkRTZwXWZ5zfsh.olXEFwvpNWN.DBnU.dQc.cC0/ra/";
sendOnly = true;
};
"noreply@infra4future.de" = {
hashedPassword =
"$6$uaD8bRcT1$gFqhFyu5RUsyUUOG5b.kN.JAJ1rVHvaYhpeRHoMvrERAMgBu1FHu2oDnjTsy.5NKoLc5xpI5uv4Gpy4YbmDmV.";
sendOnly = true;
};
};
extraVirtualAliases = {
# address = forward address;
# -- International --
# info/contact: main entrypoint, anyone can read or reply to this.
"info@hacc.space" = [
"hexchen@hacc.space"
"octycs@hacc.space"
"raphael@hacc.space"
"moira@hacc.space"
"zauberberg@hacc.space"
"stuebinm@hacc.space"
"lenny@hacc.space"
];
# admin: current people with access to the mail server and knowledge on how to use it™
"admin@hacc.space" =
[ "hexchen@hacc.space" "moira@hacc.space" "zauberberg@hacc.space" ];
# voc: hacc video operation center, various streaming-related things
"voc@hacc.space" = [
"hexchen@hacc.space"
"moira@hacc.space"
"octycs@hacc.space"
"stuebinm@hacc.space"
"zauberberg@hacc.space"
"lenny@hacc.space"
"raphael@hacc.space"
];
# -- Regional: Germany --
# board of hacc e.V.
"vorstand@hacc.space" =
[ "raphael@hacc.space" "moira@hacc.space" "zauberberg@hacc.space" ];
# members of hacc e.V.
"mitglieder@hacc.space" = [
"hexchen@hacc.space"
"raphael@hacc.space"
"moira@hacc.space"
"zauberberg@hacc.space"
"lenny@hacc.space"
"octycs@hacc.space"
"stuebinm@hacc.space"
];
# -- Regional: Munich --
"muc@hacc.space" = [
"hexchen@hacc.space"
"octycs@hacc.space"
"raphael@hacc.space"
"moira@hacc.space"
"zauberberg@hacc.space"
"stuebinm@hacc.space"
"lenny@hacc.space"
];
};
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
# down nginx and opens port 80.
certificateScheme = 3;
# Only allow implict TLS
enableImap = false;
enablePop3 = false;
# Enable the ManageSieve protocol
enableManageSieve = true;
};
services.postfix.submissionOptions.smtpd_sender_restrictions =
lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
services.postfix.submissionsOptions.smtpd_sender_restrictions =
lib.mkForce "reject_non_fqdn_sender,reject_unknown_sender_domain,permit";
services.postfix.virtual = ''
postmaster@hacc.space admin@hacc.space
abuse@hacc.space admin@hacc.space
contact@hacc.space info@hacc.space
hello@hacc.space info@hacc.space
haccvoc@hacc.space voc@hacc.space
@4future.dev @hacc.space
@4futu.re @hacc.space
@hacc.earth @hacc.space
@infra4future.de @hacc.space
'';
systemd.services.alps = {
enable = true;
script =
"${pkgs.alps}/bin/alps -theme alps imaps://mail.hacc.space:993 smtps://mail.hacc.space:465";
serviceConfig.WorkingDirectory = "${pkgs.alps}/share/alps";
serviceConfig.Restart = "always";
requiredBy = [ "multi-user.target" ];
};
services.nginx.virtualHosts."mail.hacc.space" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://[::1]:1323";
};
}

246
services/mattermost.nix Normal file
View file

@ -0,0 +1,246 @@
{config, pkgs, lib, profiles, modules, evalConfig, sources, ...}:
let
mattermost = pkgs.mattermost;
in {
containers.mattermost = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.1";
localAddress = "192.168.100.3";
bindMounts = {
"/persist" = {
hostPath = "/persist/containers/mattermost";
isReadOnly = false;
};
};
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
boot.isContainer = true;
networking.useDHCP = false;
users.users.root.hashedPassword = "";
imports = [
../modules/mattermost.nix
((import sources.nix-hexchen) {}).profiles.nopersist
];
nixpkgs.overlays = [ (self: super: { inherit mattermost; }) ];
nixpkgs.config.allowUnfree = true;
networking.firewall.enable = false;
networking.defaultGateway = {
address = "192.168.100.1";
interface = "eth0";
};
# couldn't figure out how to actually overwrite modules, so now
# there's two mattermost modules ...
services.mattermost-patched = {
enable = true;
siteUrl = "https://mattermost.infra4future.de";
siteName = "Mattermost for Future";
listenAddress = "0.0.0.0:3000";
mutableConfig = false;
secretConfig = "/persist/mattermost/secrets.json";
statePath = "/persist/mattermost";
extraConfig = {
ServiceSettings = {
TrustedProxyIPHeader = [ "X-Forwarded-For" "X-Real-Ip" ];
ReadTimeout = 300;
WriteTimeout = 600;
IdleTimeout = 60;
MaximumLoginAttempts = 10;
AllowCorsFrom = "*.infra4future.de/*";
WebserverMode = "gzip";
EnableCustomEmoji = true;
EnableEmojiPicker = true;
EnableGifPicker = false;
RestrictCustomEmojiCreation = "all";
RestrictPostDelete = "all";
AllowEditPost = "always";
PostEditTimeout = -1;
EnableTutorial = false;
ExperimentalChannelSidebarOrganization = "default_on";
ExperimentalChannelOrganization = true;
ExperimentalDataPrefetch = true;
EnableEmailInvitations = true;
DisableLegacyMFA = true;
EnableSVGs = true;
EnableLaTeX = true;
ThreadAutoFollow = true;
EnableSecurityFixAlert = false;
CollapsedThreads = "default_on";
};
TeamSettings = {
EnableTeamCreation = true;
EnableUserCreation = true;
MaxUsersPerTeam = 250;
EnableOpenServer = false;
EnableUserDeactivation = true;
ExperimentalViewArchivedChannels = true;
ExperimentalEnableAutomaticReplies = true;
};
LogSettings = {
EnableConsole = true;
ConsoleLevel = "ERROR";
EnableDiagnostics = false;
EnableWebhookDebugging = false;
};
NotificationLogSettings = {
EnableConsole = true;
ConsoleLevel = "INFO";
};
PasswordSettings = {
MinimumLength = 10;
# turn of all the bullshit requirements
Lowercase = false;
Number = false;
Uppercase = false;
Symbol = false;
};
FileSettings = {
EnableFileAttachments = true;
MaxFileSize = 52428800;
DriverName = "local";
Directory = "/persist/mattermost/upload-storage";
EnablePublicLink = true;
PublicLinkSalt = "3k7p3yxdhz6798b3b9openfr9rn3ymwu";
};
EmailSettings = {
EnableSignUpWithEmail = false;
EnableSignInWithEmail = false;
EnableSignInWithUsername = false;
SendEmailNotifications = true;
FeedbackName = "mattermost";
FeedbackEmail = "mattermost@infra4future.de";
ReplyToAddress = "mattermost@infra4future.de";
FeedbackOrganization = "infra4future.de";
EnableSMTPAuth = true;
SMTPUsername = "noreply@infra4future.de";
SMTPServer = "mail.hacc.space";
};
RateLimitSettings.Enable = false;
PrivacySettings = {
ShowEmailAddress = false;
ShowFullName = true;
};
SupportSettings = {
TermsOfServiceLink = "https://infra4future.de/nutzungsbedingungen.html";
PrivacyPolicyLink = "https://infra4future.de/nutzungsbedingungen.html";
AboutLink = "https://infra4future.de";
SupportEmail = "info@infra4future.de";
CustomTermsOfServiceEnabled = false;
EnableAskCommunityLink = true;
};
AnnouncementSettings.EnableBanner = false;
GitLabSettings = {
Enable = true;
Id = "mattermost";
Scope = "";
AuthEndpoint = "https://login.infra4future.de/oauth2/authorize";
TokenEndpoint = "https://login.infra4future.de/oauth2/token";
UserApiEndpoint = "https://login.infra4future.de/oauth2/userinfo";
};
# for some reason, these don't appear to be working; the startup
# process complaines and sets these back to en
LocalizationSettings = {
DefaultServerLocale = "de";
DefaultClientLocale = "de";
AvailableLocales = "de,en";
};
MessageExportSettings.EnableExport = false;
# plugins appear to have trouble with the read-only filesystem; it may
# be necessary to manually change their paths etc.
PluginSettings = {
Enable = true;
EnableUploads = true;
Plugins = {
bigbluebutton = {
adminonly = false;
base_url = "https://bbb.infra4future.de/bigbluebutton/api";
salt = "zKCsNeaEniC115ynHOsZopgA4iTiJjzgeiPNoCEc";
};
"com.github.matterpoll.matterpoll" = {
experimentalui = true;
trigger = "poll";
};
};
PluginStates = {
bigbluebutton.Enable = true;
"com.github.matterpoll.matterpoll".Enable = true;
};
};
ComplianceSettings.Enable = false;
ClusterSettings.Enable = false;
MetricsSettings.Enable = false;
GuestAccountsSettings.Enable = false;
FeatureFlags.CollapsedThreads = true;
};
# turn of the weirder parts of this module (which insist on passwords
# in nix files, instead of just using socket-based authentication)
#
# It will still attempt to use its default password, but postgres will
# just let it in regardless of that.
localDatabaseCreate = false;
};
services.mysql = {
enable = true;
ensureDatabases = [ "mattermost" ];
ensureUsers = [ {
name = "mattermost";
ensurePermissions = { "mattermost.*" = "ALL PRIVILEGES"; };
} ];
package = pkgs.mysql80;
dataDir = "/persist/mysql";
};
services.postgresql = {
enable = lib.mkForce true; # mattermost sets this to false. wtf.
package = pkgs.postgresql_11;
ensureDatabases = [ "mattermost" ];
ensureUsers = [ {
name = "mattermost";
ensurePermissions = { "DATABASE mattermost" = "ALL PRIVILEGES"; };
} ];
authentication = lib.mkForce ''
# Generated file; do not edit!
local all all trust
host mattermost mattermost ::1/128 trust
'';
};
networking.firewall.allowedTCPPorts = [ 3000 ];
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
})).config.system.build.toplevel;
};
services.nginx.virtualHosts."mattermost.infra4future.de" = {
locations."/" = {
proxyPass = "http://${config.containers.mattermost.localAddress}:3000";
proxyWebsockets = true;
extraConfig = ''
# Mattermost CSR Patch
proxy_hide_header Content-Security-Policy;
proxy_hide_header X-Frame-Options;
proxy_redirect off;
'';
};
forceSSL = true;
enableACME = true;
};
}

23
services/murmur.nix Normal file
View file

@ -0,0 +1,23 @@
{ config, lib, pkgs, sources, ... }:
{
hexchen.bindmounts."/var/lib/murmur" = "/persist/var/lib/murmur";
services.murmur = {
enable = true;
logDays = -1;
welcometext = "Welcome to mumble4future! Brought to you by infra4future. The server is now reachable under mumble.hacc.space, please update your bookmarks.";
sslKey = "/var/lib/acme/mumble.hacc.space/key.pem";
sslCert = "/var/lib/acme/mumble.hacc.space/fullchain.pem";
bandwidth = 128000;
};
networking.firewall.allowedTCPPorts = [ config.services.murmur.port ];
networking.firewall.allowedUDPPorts = [ config.services.murmur.port ];
# the mumble cert has its own group so that both nginx and murmur can read it
users.groups.mumblecert = {};
security.acme.certs."mumble.hacc.space".group = "mumblecert";
users.users.nginx.extraGroups = [ "mumblecert" ];
users.users.murmur.extraGroups = [ "mumblecert" ];
}

View file

@ -0,0 +1,116 @@
{ config, lib, pkgs, profiles, modules, evalConfig, ... }:
{
containers.nextcloud = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.1";
localAddress = "192.168.100.2";
bindMounts = {
"/persist" = {
hostPath = "/persist/containers/nextcloud";
isReadOnly = false;
};
};
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
boot.isContainer = true;
networking.useDHCP = false;
users.users.root.hashedPassword = "";
imports = [
((import sources.nix-hexchen) {}).profiles.nopersist
../../modules/nextcloud.nix
];
nixpkgs.config.allowUnfree = true;
networking.firewall.enable = false;
networking.defaultGateway = {
address = "192.168.100.1";
interface = "eth0";
};
environment.systemPackages = [ pkgs.htop ];
services.nextcloud-patched = {
enable = true;
# must be set manually; may not be incremented by more than one at
# a time, otherwise nextcloud WILL break
package = pkgs.nextcloud24;
home = "/persist/nextcloud";
https = true;
hostName = "cloud.infra4future.de";
config = {
dbtype = "pgsql";
dbuser = "nextcloud";
dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
dbname = "nextcloud";
adminpassFile = "/persist/nextcloud/config/admin_pw";
adminuser = "root";
defaultapp = "apporder";
};
# multiple pools may be doable using services.phpfpm.pools,
# but i have not tried this yet. The nextcloud module defines a
# pool "nextcloud"
poolSettings = {
pm = "dynamic";
"pm.max_children" = "32";
"pm.max_requests" = "500";
"pm.max_spare_servers" = "4";
"pm.min_spare_servers" = "2";
"pm.start_servers" = "2";
};
extraOptions = {
instanceid = "ocxlphb7fbju";
datadirectory = "/persist/data/ncdata";
loglevel = 0;
"overwrite.cli.url" = "https://cloud.infra4future.de";
};
};
services.postgresql = {
enable = true;
package = pkgs.postgresql_11;
ensureDatabases = [ "nextcloud" ];
ensureUsers = [
{ # by default, postgres has unix sockets enabled, and allows a
# system user `nextcloud` to log in without other authentication
name = "nextcloud";
ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
}
];
};
# ensure that postgres is running *before* running the setup
systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
};
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
})).config.system.build.toplevel;
};
services.nginx.virtualHosts."cloud.infra4future.de" = {
locations."/".proxyPass = "http://${config.containers.nextcloud.localAddress}:80";
enableACME = true;
forceSSL = true;
extraConfig = ''
proxy_buffering off;
client_max_body_size 0;
add_header Cache-Control "no-store, no-cache, must-revalidate";
'';
};
}

9
services/nginx-pages.nix Normal file
View file

@ -0,0 +1,9 @@
{ config, pkgs, ... }:
{
hacc.websites = {
enable = true;
directory = ../websites;
};
}

39
services/syncthing.nix Normal file
View file

@ -0,0 +1,39 @@
{ config, lib, pkgs, ... }:
{
services.syncthing = {
enable = true;
relay.enable = false;
openDefaultPorts = true;
configDir = "/persist/var/lib/syncthing/";
dataDir = "/persist/data/syncthing/";
devices = {
raphael-laptop = {
addresses = []; # empty = dynamic
id = "72B3T74-NOMJV3X-EVJXTJF-5GGAEZB-ZDKBHXQ-VQNRYEU-YCPA2JP-L6NGAAG";
};
# zauberberg
conway = {
addresses = []; # empty = dynamic
id = "HV7IU2N-Q4W3A7F-BSASR43-OB575SM-47FY2UW-7N5GMFM-PX3LWRN-HXBXMQF";
};
};
folders = {
"/persist/data/syncthing/hacc/" = {
id = "qt2ly-xvvvs";
devices = [ "conway" "raphael-laptop"];
type = "receiveonly";
versioning = {
type = "simple";
params.keep = "10";
};
};
"/persist/data/syncthing/hacc_eV_vorstand/" = {
id = "twwt7-fxrsr";
devices = [ "conway" "raphael-laptop"];
# type = "receiveencrypted"; # no yet implemented
};
};
overrideFolders = false; # enables workaround for recieveencrypted
};
}

86
services/thelounge.nix Normal file
View file

@ -0,0 +1,86 @@
{ config, lib, pkgs, evalConfig, ... }:
let
# necessary since overlays won't propagate into the
# container's config
thelounge = pkgs.thelounge-hacked;
in
{
containers.thelounge = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.1";
localAddress = "192.168.100.4";
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
boot.isContainer = true;
networking.useDHCP = false;
users.users.root.hashedPassword = "";
nixpkgs.config.allowUnfree = true;
networking.firewall.enable = false;
networking.defaultGateway = {
address = "192.168.100.1";
interface = "eth0";
};
services.thelounge = {
enable = true;
extraConfig = {
public = true;
# respect X-Forwarded-For
reverseProxy = true;
defaults = {
name = "libera chat";
host = "irc.eu.libera.chat";
port = 6697;
# encrypt things!
tls = true;
# yes, please do actually check the cert …
rejectUnauthorized = true;
nick = "haccGuest%%%%";
join = "#hacc-webchat";
};
lockNetwork = true;
# don't log messages (default is text / sqlite)
messageStorage = [];
# darker theme
#theme = "morning";
# these three should result in having link previews
# which are fetched only by the server, then proxied
# (i.e. clients won't directly connect to arbitrary
# domains to get previews)
prefetch = true;
prefetchStorage = true;
disableMediaPreview = true;
leaveMessage = "happy haccing";
};
};
# override the package we use
systemd.services.thelounge.serviceConfig.ExecStart =
pkgs.lib.mkForce "${thelounge}/bin/thelounge start";
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
})).config.system.build.toplevel;
};
services.nginx.virtualHosts."webchat.voc.hacc.space" = {
locations."/".proxyPass =
"http://${config.containers.thelounge.localAddress}:9000";
enableACME = true;
forceSSL = true;
};
}

84
services/uffd.nix Normal file
View file

@ -0,0 +1,84 @@
{ config, lib, pkgs, profiles, modules, evalConfig, sources, ... }:
let
uffd = pkgs.uffd;
in {
containers.uffd = {
privateNetwork = true;
hostAddress = "192.168.100.1";
localAddress = "192.168.100.9";
autoStart = true;
bindMounts = {
"/persist" = {
hostPath = "/persist/containers/uffd";
isReadOnly = false;
};
};
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
boot.isContainer = true;
networking.useDHCP = false;
users.users.root.hashedPassword = "";
imports = [
((import sources.nix-hexchen) {}).profiles.nopersist
];
nixpkgs.config.allowUnfree = true;
networking.firewall.enable = false;
networking.defaultGateway = {
address = "192.168.100.1";
interface = "eth0";
};
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
services.uwsgi = {
enable = true;
plugins = [ "python3" ];
instance = {
type = "normal";
pythonPackages = self: with self; [ uffd ];
module = "uffd:create_app()";
# socket = "${config.services.uwsgi.runDir}/uwsgi.sock";
http = ":8080";
env = [
"CONFIG_PATH=/persist/uffd/uffd.conf"
];
hook-pre-app = "exec:FLASK_APP=${uffd}/lib/python3.9/site-packages/uffd flask db upgrade";
};
};
})).config.system.build.toplevel;
};
services.nginx.virtualHosts."login.infra4future.de" = {
enableACME = true;
forceSSL = true;
locations = {
"/".proxyPass = "http://${config.containers.uffd.localAddress}:8080";
"/static".root = "${uffd}/lib/python3.9/site-packages/uffd";
"/static/hacc.png".return = "302 https://infra4future.de/assets/img/logo_vernetzung.png";
"/static/infra4future.svg".return = "302 https://infra4future.de/assets/img/infra4future.svg";
"/static/hedgedoc.svg".return = "302 https://infra4future.de/assets/img/icons/hedgedoc.svg";
"/static/mattermost.svg".return = "302 https://infra4future.de/assets/img/icons/mattermost.svg";
"/static/nextcloud.svg".return = "302 https://infra4future.de/assets/img/icons/nextcloud.svg";
"/static/hot_shit.svg".return = "302 https://infra4future.de/assets/img/icons/hot_shit.svg";
};
};
systemd.services.auamost = {
enable = true;
description = "mattermost aua gruppensync";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig.Type = "simple";
path = [ pkgs.curl pkgs.jq ];
script = "${pkgs.fish}/bin/fish /persist/magic/mattermost-groupsync.fish";
startAt = "*:0/15";
};
}

51
services/vaultwarden.nix Normal file
View file

@ -0,0 +1,51 @@
{ config, lib, pkgs, ... }:
{
services.vaultwarden = {
enable = true;
config = {
DATA_FOLDER="/persist/var/lib/vaultwarden/data";
LOG_LEVEL="error";
SIGNUPS_ALLOWED=false;
SIGNUPS_VERIFY=true;
SIGNUPS_DOMAINS_WHITELIST="hacc.space";
ORG_CREATION_USERS="admin@hacc.space";
INVITATIONS_ALLOWED=true;
INVITATION_ORG_NAME="haccwarden";
TRASH_AUTO_DELETE_DAYS=90;
DOMAIN="https://pw.hacc.space";
ROCKET_ADDRESS="127.0.0.1";
ROCKET_PORT=5354;
ROCKET_WORKERS=2;
SMTP_HOST="mail.hacc.space";
SMTP_FROM="vaultwarden@hacc.space";
SMTP_FROM_NAME="haccwarden";
SMTP_PORT=587;
SMTP_USERNAME="noreply@infra4future.de";
};
environmentFile = "/persist/var/lib/vaultwarden/vaultwarden.env"; #contains SMTP_PASSWORD
dbBackend = "sqlite";
backupDir = "/persist/data/vaultwarden_backups/";
};
#work around ProtectSystem=strict, cleanup
systemd.services.vaultwarden.serviceConfig = {
ReadWritePaths = [ "/persist/var/lib/vaultwarden" ];
StateDirectory = lib.mkForce "";
};
systemd.services.backup-vaultwarden.environment.DATA_FOLDER =
lib.mkForce "/persist/var/lib/vaultwarden/data";
services.nginx.virtualHosts."pw.hacc.space" = {
locations."/" = {
proxyPass = "http://127.0.0.1:5354";
proxyWebsockets = true;
};
forceSSL = true;
enableACME = true;
};
}

View file

@ -0,0 +1,87 @@
{ config, lib, pkgs, modules, profiles, evalConfig, sources, ... }:
let
wapkgs = "${sources.workadventure}/wapkgs.nix";
in
{
services.coturn = {
enable = true;
realm = "void.hacc.space";
no-cli = true;
lt-cred-mech = true;
extraConfig = ''
user=turn:a4c9ad080dc51146611eabd15a27b07fc92850a9ae90c53e7745fce6c5a2c457
fingerprint
external-ip=135.181.215.233
server-name=void.hacc.space
prometheus
'';
cert = config.security.acme.certs."void.hacc.space".directory + "full.pem";
pkey = config.security.acme.certs."void.hacc.space".directory + "key.pem";
};
networking.firewall = with config.services.coturn;
let
ports = [ listening-port tls-listening-port ];
in {
allowedTCPPorts = ports ++ [ 9641 ]; # 9641 is the port for the prometheus endpoint
allowedUDPPorts = ports;
allowedUDPPortRanges = [
{ from = min-port; to = max-port; }
];
};
services.nginx.virtualHosts."void.hacc.space" = {
locations."/" = {
proxyPass = "http://192.168.150.3";
proxyWebsockets = true;
};
enableACME = true;
forceSSL = true;
};
containers.wa-void = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.150.1";
localAddress = "192.168.150.3";
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
boot.isContainer = true;
networking.useDHCP = false;
users.users.root.hashedPassword = "";
imports = [
"${sources.workadventure.outPath}/default.nix"
((import sources.nix-hexchen) {}).profiles.nopersist
];
services.workadventure."void" = {
packageset = (import wapkgs {inherit pkgs;}).workadventure-xce;
nginx = {
default = true;
domain = "https://void.hacc.space";
maps.path = "${sources.haccmap.outPath}/";
maps.serve = true;
};
frontend.startRoomUrl = "/_/global/void.hacc.space/maps/main.json";
commonConfig = {
webrtc.stun.url = "stun:void.hacc.space:3478";
webrtc.turn = {
url = "turn:135.181.215.233";
user = "turn";
password = "a4c9ad080dc51146611eabd15a27b07fc92850a9ae90c53e7745fce6c5a2c457";
};
jitsi.url = "meet.ffmuc.net";
};
};
})).config.system.build.toplevel;
};
}

View file

@ -0,0 +1,25 @@
This is free and unencumbered software released into the public domain.
Anyone is free to copy, modify, publish, use, compile, sell, or
distribute this software, either in source code form or as a compiled
binary, for any purpose, commercial or non-commercial, and by any
means.
In jurisdictions that recognize copyright laws, the author or authors
of this software dedicate any and all copyright interest in the
software to the public domain. We make this dedication for the benefit
of the public at large and to the detriment of our heirs and
successors. We intend this dedication to be an overt act of
relinquishment in perpetuity of all present and future rights to this
software under copyright law.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.
For more information, please refer to <http://unlicense.org/>

Binary file not shown.

Binary file not shown.

After

Width:  |  Height:  |  Size: 3.7 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 5.2 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 396 KiB

File diff suppressed because one or more lines are too long

After

Width:  |  Height:  |  Size: 17 KiB

File diff suppressed because one or more lines are too long

After

Width:  |  Height:  |  Size: 111 KiB

File diff suppressed because one or more lines are too long

After

Width:  |  Height:  |  Size: 24 KiB

File diff suppressed because one or more lines are too long

After

Width:  |  Height:  |  Size: 49 KiB

View file

@ -0,0 +1,16 @@
{ stdenvNoCC }:
stdenvNoCC.mkDerivation {
name = "hacc.earth-static";
src = ./.;
phases = [ "buildPhase" ];
buildPhase = ''
cd $src
mkdir -p $out
cp -r * $out
rm $out/default.nix
'';
}

View file

@ -0,0 +1,460 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>hacc &ndash; hackers against climate change</title>
<link rel="icon" type="image/png" href="assets/favicon.png">
<style>
@font-face {
font-family: 'share-tech';
src: url('assets/ShareTech-Regular.ttf') format('truetype');
/*font-weight: normal;
font-style: normal;*/
}
html {
overflow: hidden;
height: 100%;
}
body {
background-color: #000;
color: #fff;
font-family: share-tech;
margin: 0;
perspective: 1px;
-webkit-perspective: 1px;
-webkit-transform-style: preserve-3d;
transform-style: preserve-3d;
overflow-y: auto;
overflow-x: hidden;
height: 100%;
}
#globe {
position: absolute;
top: 0;
right: 0;
left: 0;
transform: translateZ(-1px) scale(2);
z-index:-1;
}
#globe > img {
height: 100vh;
/*position: absolute;
right: 0;
top: 0;*/
float: right;
/*width: 30%;*/
}
#bg {
position: absolute;
top: 40%;
right: 0;
left: 0;
height: 60%;
transform: translateZ(.25px);
z-index:-1;
background: transparent;
background: linear-gradient(0deg, rgba(0,0,0,1) 0%, rgba(0,0,0,0) 100%);
}
#bg::after {
background: #000;
height: 1000px;
width: 100%;
bottom: -1000px;
position: absolute;
content: "";
}
.content {
position: relative;
top: 100px;
margin-left: 150px;
margin-right: 150px;
overflow: hidden;
-webkit-transform: translateZ(0px);
}
footer.content {
top: 50px;
color: #cccccc;
font-size: 14px;
}
footer a {
color: #cccccc;
}
.logo {
position: relative;
width: 100%;
}
.logo > img {
width: 300px;
max-width: 100%;
}
h1 {
font-size: 42px;
font-weight: 600;
display: inline;
/*margin-bottom: 0;*/
background: rgb(59,115,185);
background: linear-gradient(90deg, rgb(59, 115, 185) 0%, rgb(229, 35, 33) 100%);
background-clip: border-box;
color: transparent;
-webkit-background-clip: text;
background-clip: text;
}
p, li {
font-size: 26px;
max-width: 900px;
}
a {
text-decoration: none;
color: #3b73b9;
transition: color .1s linear;
}
a:hover {
/*color: #e52321;*/
color: #4e9af9;
}
ul {
margin-top: 0;
}
.langswitch {
//position: -webkit-sticky; /* Safari */
//position: sticky;
font-size: 30px;
max-width: 100px;
margin: auto;
margin-right: 0px;
top: 50px;
/*left: 900px;*/
/*right: 10px;*/ /*sticky somehow doesn't like right*/
text-shadow: 2px 2px 5px black;
z-index: 100;
}
.welcome {
margin-top: 25vh;
width: 60%;
}
.whatwedo {
margin-top: 150px;
}
.section {
margin-top: 100px;
}
.activities {
width: 100%;
margin-top: 80px;
}
.activities > div {
width: 44%;
display: inline-grid;
margin-left: 5%;
}
.activities .logo-container {
width: 100%;
text-align: center;
}
.activities .logo-container img {
height: 70px;
max-width: 100%;
}
.blink {
animation: 1s steps(2) 0s infinite running blink;
}
@keyframes blink {
from { visibility: hidden; }
to { visibility: visible; }
}
@media only screen and (max-width: 1000px) {
.content {
margin-left: 50px;
margin-right: 50px;
}
.activities > div {
width: 90%;
display: block;
}
.activities > div:first-child {
margin-bottom: 70px;
}
}
@media only screen and (max-width: 650px) {
.logo {
text-align: center;
}
.welcome {
width: 100%;
margin-top: 55vh;
}
.content {
margin-left: 20px;
margin-right: 20px;
}
p, li {
font-size: 22px;
}
}
@media only screen and (min-width: 768px) {
.langswitch {
position: -webkit-sticky; /* Safari */
position: sticky;
font-size: 30px;
margin: auto;
margin-right: 50px;
top: 50px;
}
}
</style>
</head>
<body>
<div id="globe"><img src="assets/globe_cut_mid.jpg" alt="Die Erde vom Weltall aus gesehen." /></div>
<div id="bg"></div>
<!--<div class="langswitch"><u><a href="/index.html" style="color: #ffffff">en</a></u>/<a href="/index_de.html" style="color: #ffffff">de</a></div>-->
<main class="content" style="z-index: 100">
<div class="logo"><img src="assets/logo_header_shadow.svg" alt="hacc. hackers against climate change." /></div>
<a name="welcometohacc"></a>
<div class="welcome">
<h1>Welcome to hacc<span class="blink">_</span></h1>
<p>
“Hackers Against Climate Change" originated as a series of <a href="https://events.ccc.de/congress/2018/wiki/index.php/Session%3AHackers_Against_Climate_Change">self-organized sessions at 35c3</a>. Working groups, spin offs and local chapters formed afterwards and were present at all major CCC events. Join the groups or start your own!</p>
<p>More info <a href="#aboutpage">about this page</a> at the bottom.
</p>
</div>
<a name="contact"></a>
<div class="section">
<h1>Get in contact<span class="blink"></span></h1>
<p>
<ul>
<li>
<a href="https://muc.hacc.earth">hacc e.V.</a>, local chapter Munich<sup><a href="#history">*</a></sup>
<ul>
<li>
<a href="https://web.libera.chat/#hacc">#hacc</a> on irc.libera.chat or as matrix bridge <a href="https://matrix.to/#/#hacc:libera.chat">#hacc:libera.chat</a>
</li>
<li>
<a href="https://web.libera.chat/#hacc-muc">#hacc-muc</a> on irc.libera.chat or as matrix bridge <a href="https://matrix.to/#/#hacc-muc:libera.chat">#hacc-muc:libera.chat</a>
</li>
<li>
<a href="https://chaos.social/@hacc">@hacc@chaos.social</a>
</li>
<li>
<a href="https://mumble.hacc.space/">mumble.hacc.space</a>
</li>
<li>
info@hacc.earth
</li>
</ul>
</li>
<li>
<a href="https://totalism.org/hacc">CHT hackbase</a>, local chapter Canary Island<sup><a href="#history">*</a></sup>
<ul>
<li>
<a href="https://matrix.to/#/#hacc:matrix.org">#hacc:matrix.org</a>
</li>
</ul>
</li>
<li>
<a href="https://hacc.uber.space/mailman/listinfo">hacc mailinglists</a>
</li>
</ul>
</p>
<!--
<a name="activities"></a>
<div class="activities">
<div>
<a name="haccvoc"></a>
<div class="logo-container">
<a href="https://hacc.earth#haccvoc"><img src="assets/haccvoc.svg" alt="hacc.voc"></a>
</div>
<p>
If you have an event and need someone
to film or livestream it, maybe we have
time and can help you!
All our recordings and livestreams can be found on <a href="https://hacc.media/">hacc.media</a>; if we stream something live, you'll find us at
<a href="https://live.hacc.media/">live.hacc.media</a>.
</p>
<ul>
<li><a href="https://vedge-kongress.de/">v-edge Congress 2020</a> in Munich</li>
<li>Filmed and live streamed several stage discussions and press conferences of other * for future groups (see <a href="https://hacc.media/search?tagsOneOf=fff">hacc.media</a>)</li>
<li>Livestreams from demonstrations for climate justice</a></li>
<li>Our own <a href="https://hacc.media/videos/watch/playlist/e90713e1-44a7-4f8e-9d1d-dd6551587d2f?playlistPosition=1">stage</a> at the Remote Chaos Experience (rc3) 2020</li>
<li>Streaming infrastructure for the second and third editions of the <a href="https://studentsforfuture.info/public-climate-school/">Public Climate School</a> by Students for Future</li>
</ul>
</div>
<div>
<a name="infra4future"></a>
<div class="logo-container">
<a href="https://infra4future.de"><img src="assets/infra4future.svg" alt="infra4future"></a>
</div>
<p>
We provide and administrate server infrastructure
for other climate justice groups.
</p>
<ul>
<li>cloud storage, chats, and forums</li>
<li><a href="https://mumble.hacc.space">mumble.hacc.space</a>: a voice-chat allowing groups to stay in contact while we cant physically meet</li>
<li>if you need any, look around on the website linked above, write us, or just <a href="https://cloud.infra4future.de/">create an account</a>!</li>
</ul>
</div>
</div>
</div>
-->
<a name="participate"></a>
<div class="section">
<h1>Ways to Participate<span class="blink"></span></h1>
<p>
<ul>
<!--<li>Regular open international call usually every 10th and 25th of a month at 18:00 UTC via <a href="https://meet.ffmuc.net/hacc.int">Jitsi</a> organized by the hacc e.V..</li>-->
<li>Regular meetings of the <a href="https://muc.hacc.earth">hacc e.V.</a>, usually every 1st and 3rd Wednesday 7:30 p.m. at <a href="https://muc.ccc.de/">muCCC</a>. At the moment we meet online on <a href="https://mumble.hacc.space/">mumble.hacc.space</a>.</li>
<li>Meetings of <a href="https://hacc.uber.space/HACC/Europe/DE/NRW/Siegen">Klimanotstandbündnis in Siegen</a>. See hacc group page.</li>
<li>
Propose changes to the hacc e.V. infrastructure. You can open an issue or open a merge request <a href="https://git.infra4future.de/hacc/haccfiles">on the nixfiles</a> which control a growing part of our infrastructure. Or just ask us via one of hacc e.V. channels above.
</li>
<li>
Add you or your project to the <a href="https://e2h.totalism.org/e2h.php?_=hacc-directory#---_PROJECTS">hacc directory</a>
</li>
<li>
Use the <a href="https://hacc.wiki">wiki</a> and add your project!
</li>
</ul>
</p>
</div>
<a name="chapters"></a>
<div class="section">
<h1>Local chapters<span class="blink"></span></h1>
<p>
<ul>
<li><a href="https://totalism.org/hacc">CHT hackbase</a> on the Canary Islands, Spain<sup><a href="#history">*</a></sup></li>
<li><a href="https://muc.hacc.earth">hackers against climate change e.V.</a>, Munich, Germany<sup><a href="#history">*</a></sup></li>
<li><a href="https://hacc.uber.space/HACC/Europe/DE/NRW/Siegen">Klimanotstandbündnis in Siegen</a>, Germany</li>
</ul>
</p>
</div>
<a name="groups"></a>
<div class="section">
<h1>Spin offs &amp; working groups<span class="blink"></span></h1>
<p>
There are different spin-offs of the movement originating from the <a href="https://events.ccc.de/congress/2018/wiki/index.php/Session:Hackers_Against_Climate_Change">original hacc sessions</a> and events like the <a href="https://events.ccc.de/camp/2019/wiki/Main_Page">CCCamp2019</a> or working groups associated to hacc.
</p>
<ul>
<li><a href="https://hacc.uber.space/c3sus">c3sus</a>, making Chaos events more sustainable</li>
<li><a href="https://altpwr.net/">Eventgrid</a>, developing a green power network for Camps</li>
<li><a href="https://infra4future.de">infra4future</a>, offering infrastructure and communcation platforms</li>
<li><a href="https://hacc.media/">hacc-voc</a>, doing streams and recordings</li>
<li><a href="https://hacc.uber.space/GreenFediverse">GreenFeediverse</a>, providing a list about servers and their renewable energy consumption status</li>
</ul>
<p>
Further project ideas can be found or added in the <a href="https://hacc.wiki">wiki</a> and the <a href="https://e2h.totalism.org/e2h.php?_=hacc-directory#---_PROJECTS">hacc directory</a>.
</p>
<a name="similar"></a>
<div class="section">
<h1>Similar groups<span class="blink"></span></h1>
<p>
<ul>
<li><a href="https://bits-und-baeume.org/regionalzweige/de">Bits &amp; Bäume</a>, with multiple local chapters</li>
<li><a href="https://developersforfuture.org">Developers for Future</a></li>
</ul>
</p>
</div>
<a name="weinthepress"></a>
<div class="section">
<h1>We in the press<span class="blink"></span></h1>
<p>
<ul>
<li>Short interview with c3sus and hacc activists in the <a href="https://denkangebot.org">Denkangebot Podacst</a> episode <a href="https://www.denkangebot.org/allgemein/da008-urlaub-auf-dem-hackercamp/">"Urlaub auf dem Hackercamp"</a>, unfortunately in German only</li>
<li>
Le Monde decided to give us, our posters, and Mate, a <a href="https://www.lemonde.fr/pixels/article/2019/12/30/a-leipzig-hackers-et-militants-pour-le-climat-font-front-commun_6024362_4408996.html">shoutout</a> in their article about the <a href="https://events.ccc.de/congress/2019/wiki/index.php/Main_Page">36c3</a>!
</li>
</ul>
</p>
</div>
<a name="history"></a>
<div class="section">
<h1>History of hacc<span class="blink"></span></h1>
<p>
“Hackers Against Climate Change" originated as a series of <a href="https://events.ccc.de/congress/2018/wiki/index.php/Session%3AHackers_Against_Climate_Change">self-organized sessions at 35c3</a>. In the aftermath members of those sessions started spin offs as mentioned above and local chapters in Siegen, Munich and on the Canary Islands.
</p>
<p>
The local chapter in Siegen initiated the first hacc sessions at 35c3 and afterwards was mainly involved in local activities.
<p>
The local chapter CHT hackbase cohosted the 35c3 sessions, hosted the session at 36c3 and cohosted the divoc r2r sessions.
</p>
<p>
Inspired by the activities in Siegen, the Munich chapter started their bi-weekly meetings in May 2019. With the approval to use the name by the initiator of the first sessions on May 13th 2020 we eventually founded the German non-profit organization "<a href="https://muc.hacc.earth">hackers against climate change e.V.</a>" on December 9th 2020. Two members of us were part of the 35c3 sessions. Since then we were active at the CCCamp 2019, 36c3, rC3 and divoc r2r.<br>
</p>
<p>
Unfortunately conflicts led to a split between the local chapter Munich and CHT hackbase in July 2021.
</p>
<a name="aboutpage"></a>
<div class="section">
<h1>About this page<span class="blink"></span></h1>
<p>
The hacc e.V. runs this page (<a href="https://hacc.earth">hacc.earth</a>) but not necessarily the linked projects. You can find more about our activities and involvements on our <a href="https://muc.hacc.earth">own page</a>.<br>
Also the source of the page can be found <a href="https://git.infra4future.de/hacc/haccfiles/src/branch/main/websites/hacc.earth">here</a>. As with the hacc e.V. infrastructure in general you are invited to make change requests or just <a href="#contac">contact</a> us to ask for changes.
</p>
<p>
The hacc logo was designed by <a href="https://creativesforfuture.de/">Creatives for Future</a>.
</p>
</div>
<div class="section"></div>
</main>
<footer class="content" style="z-index: 200">
<div>
<a href="https://git.infra4future.de/hacc/haccfiles/src/branch/main/websites/hacc.earth">Source of hacc.earth</a> &bull;
<a href="#contact">Contact</a> &bull;
<a href="https://infra4future.de/impressum.html">Imprint</a>
</div>
</footer>
</body>
</html>

View file

@ -0,0 +1,385 @@
<!DOCTYPE html>
<html lang="de">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>hacc &ndash; hackers against climate change</title>
<link rel="icon" type="image/png" href="assets/favicon.png">
<style>
@font-face {
font-family: 'share-tech';
src: url('assets/ShareTech-Regular.ttf') format('truetype');
/*font-weight: normal;
font-style: normal;*/
}
html {
overflow: hidden;
height: 100%;
}
body {
background-color: #000;
color: #fff;
font-family: share-tech;
margin: 0;
perspective: 1px;
-webkit-perspective: 1px;
-webkit-transform-style: preserve-3d;
transform-style: preserve-3d;
overflow-y: auto;
overflow-x: hidden;
height: 100%;
}
#globe {
position: absolute;
top: 0;
right: 0;
left: 0;
transform: translateZ(-1px) scale(2);
z-index:-1;
}
#globe > img {
height: 100vh;
/*position: absolute;
right: 0;
top: 0;*/
float: right;
/*width: 30%;*/
}
#bg {
position: absolute;
top: 40%;
right: 0;
left: 0;
height: 60%;
transform: translateZ(.25px);
z-index:-1;
background: transparent;
background: linear-gradient(0deg, rgba(0,0,0,1) 0%, rgba(0,0,0,0) 100%);
}
#bg::after {
background: #000;
height: 1000px;
width: 100%;
bottom: -1000px;
position: absolute;
content: "";
}
.content {
position: relative;
top: 100px;
margin-left: 150px;
margin-right: 150px;
overflow: hidden;
-webkit-transform: translateZ(0px);
}
footer.content {
top: 50px;
color: #707070;
font-size: 14px;
}
footer a {
color: #cccccc;
}
.logo {
position: relative;
width: 100%;
}
.logo > img {
width: 300px;
max-width: 100%;
}
h1 {
font-size: 42px;
font-weight: 600;
display: inline;
/*margin-bottom: 0;*/
background: rgb(59,115,185);
background: linear-gradient(90deg, rgb(59, 115, 185) 0%, rgb(229, 35, 33) 100%);
background-clip: border-box;
color: transparent;
-webkit-background-clip: text;
background-clip: text;
}
p, li {
font-size: 26px;
max-width: 900px;
}
a {
text-decoration: none;
color: #3b73b9;
transition: color .1s linear;
}
a:hover {
/*color: #e52321;*/
color: #4e9af9;
}
ul {
margin-top: 0;
}
.langswitch {
//position: -webkit-sticky; /* Safari */
//position: sticky;
font-size: 30px;
max-width: 100px;
margin: auto;
margin-right: 0px;
top: 50px;
/*left: 900px;*/
/*right: 10px;*/ /*sticky somehow doesn't like right*/
text-shadow: 2px 2px 5px black;
z-index: 100;
}
.welcome {
margin-top: 25vh;
width: 60%;
}
.whatwedo {
margin-top: 150px;
}
.section {
margin-top: 100px;
}
.activities {
width: 100%;
margin-top: 80px;
}
.activities > div {
width: 44%;
display: inline-grid;
margin-left: 5%;
}
.activities .logo-container {
width: 100%;
text-align: center;
}
.activities .logo-container img {
height: 70px;
max-width: 100%;
}
.blink {
animation: 1s steps(2) 0s infinite running blink;
}
@keyframes blink {
from { visibility: hidden; }
to { visibility: visible; }
}
@media only screen and (max-width: 1000px) {
.content {
margin-left: 50px;
margin-right: 50px;
}
.activities > div {
width: 90%;
display: block;
}
.activities > div:first-child {
margin-bottom: 70px;
}
}
@media only screen and (max-width: 650px) {
.logo {
text-align: center;
}
.welcome {
width: 100%;
margin-top: 55vh;
}
.content {
margin-left: 20px;
margin-right: 20px;
}
p, li {
font-size: 22px;
}
}
@media only screen and (min-width: 768px) {
.langswitch {
position: -webkit-sticky; /* Safari */
position: sticky;
font-size: 30px;
margin: auto;
margin-right: 50px;
top: 50px;
}
}
</style>
</head>
<body>
<div id="globe"><img src="assets/globe_cut_mid.jpg" alt="The Earth, seen from space."/></div>
<div id="bg"></div>
<div class="langswitch"><a href="/index.html" style="color: #ffffff">en</a>/<u><a href="/index_de.html" style="color: #ffffff">de</a></u></div>
<main class="content" style="z-index: 100">
<div class="logo"><img src="assets/logo_header_shadow.svg" alt="hacc. hackers against climate change."/></div>
<a name="welcometohacc"></a>
<div class="welcome">
<h1>Willkommen bei hacc<span class="blink">_</span></h1>
<p>
“Hackers Against Climate Change” entstammt einer Serie von <a href="https://events.ccc.de/congress/2018/wiki/index.php/Session:Hackers_Against_Climate_Change">Self-Organized Sessions beim 35c3</a>. Seit dem haben wir mit anderen Klimaschutzgruppen zusammengearbeitet, diese mit technischem Wissen unterstützt, sowie in der Hacker Community auf die Klimakrise aufmerksam gemacht.</p>
<p>
Zögere nicht mit uns in <a href="#contact">Kontakt</a> zu treten, über verschiedene Kanäle oder bei lokalen <a href="#meetups">Treffen</a>. Treffe uns bei Chaos-Events oder starte Deine eigene lokale Gruppe!
</p>
</div>
<a name="whatwedo"></a>
<div class="whatwedo">
<h1>Was wir machen<span class="blink"></span></h1>
<p>
hacc ist eine Gemeinschaft von Lebewesen die sich zur Aufgabe gemacht haben, im Sinne der <a href="https://www.ccc.de/de/hackerethik">Hackerethik</a> des Chaos Computer Clubs die Klimaschutzbewegung mitzugestalten. Zur Zeit sind unsere bedeutensten Projekte <a href="#haccvoc">hacc.voc</a> und <a href="#infra4future">infra4future</a> (siehe unten).<br>Ein weiteres Projekt ist <a href="https://hacc.uber.space/HACC_CSV">hacc.csv</a>. Dabei steht csv für collaboration, science, visualization und data. Es gibt zwei <a href="https://hacc.uber.space/HACC_Local_Groups">lokale Gruppen</a> in Deutschland, in München und
Siegen.
</p>
<a name="activities"></a>
<div class="activities">
<div>
<a name="haccvoc"></a>
<div class="logo-container">
<a href="https://haccvoc.de"><img src="assets/haccvoc.svg" alt="hacc.voc"></a>
</div>
<p>
Du hast ein Event hast brauchst wen um es zu filmen
oder live zu streamen? Vielleicht habe wir Zeit und können
dir helfen! <br>
Alle unsere Aufnahmen landen auf <a href="https://hacc.media">hacc.media</a>;
unsere Livestreams sind auf <a href="https://live.hacc.media">live.hacc.media</a>.
</p>
<ul>
<li><a href="https://vedge-kongress.de/">v-edge Congress 2020</a> in München</li>
<li>Livestreams und Aufzeichnungen einiger Podiumsdiskussionen und Pressekonferenzen von anderen * for future-Orgas (siehe <a href="https://hacc.media/search?tagsOneOf=fff">hacc.media</a>)</li>
<li>Unsere eigene <a href="https://hacc.media/videos/watch/playlist/e90713e1-44a7-4f8e-9d1d-dd6551587d2f?playlistPosition=1">Stage</a> auf der Remote Chaos Experience (rc3) 2020</li>
<li>Die Streaming-Infrastruktur für die zweite und dritte Auflage der <a href="https://studentsforfuture.info/public-climate-school/">Public Climate School</a> der Students for Future</li>
</ul>
</div>
<div>
<a name="infra4future"></a>
<div class="logo-container">
<a href="https://infra4future.de"><img src="assets/infra4future.svg" alt="infra4future"></a>
</div>
<p>
Wir betreiben und administrieren Server-Infrastruktur und stellen diese Klimaschutzgruppen zur Verfügung.
</p>
<ul>
<li>Cloud-Speicher, Chats und Foren</li>
<li><a href="https://mumble.hacc.space">mumble.hacc.space</a>: ein Sprach-Chat für Gruppen, die ohne physische Treffen in Kontakt bleiben wollen</li>
<li>Wenn Du einen der Dienste benötigst, schau Dich auf der oben verlinkten Seite um, schreib uns oder <a href="https://cloud.infra4future.de/">erstell Dir ein Account</a>!</li>
</ul>
</div>
</div>
</div>
<a name="meetups"></a>
<div class="section">
<h1>Mitmachen<span class="blink"></span></h1>
<ul>
<li>Regelmäßiger internationaler Call, jeden 10. und 25. im Monat um 18:00 UTC via <a href="https://meet.ffmuc.net/hacc.int">Jitsi</a>.</li>
<li>Regelmäßige Treffen von <a href="https://hacc.uber.space/HACC/Europe/DE/BY/Munich">hacc in München</a>, normalerweise jeden ersten und dritten Mittwoch im Monat um 19:00 Uhr beim <a href="https://muc.ccc.de/">muCCC</a>. Im Moment treffen wir uns Online auf <a href="https://mumble.hacc.space/">mumble.hacc.space</a>.</li>
<li>Regelmäßige Treffen des <a href="https://hacc.uber.space/HACC/Europe/DE/NRW/Siegen">Klimanotstandbündnis in Siegen</a>. Jeden zweiten Sonntag, siehe hacc-Seite.</li>
<li>
Wenn du Vorschläge für Änderungen an unserer Infrastruktur hast, leg bitte einen Issue oder erstelle einen Merge Request <a href="https://git.infra4future.de/hacc/haccfiles">auf die nixfiles</a>, über die wir einen (größer werdenden) Teil unserer Server verwalten.
</li>
</ul>
</div>
<a name="contact"></a>
<div class="section">
<h1>Kontakt<span class="blink"></span></h1>
<p>
Du kannst uns über verschiedne Kanäle erreichen und mitmachen:
</p>
<ul>
<li>contact-at-hacc.earth</li>
<li>Im Fediverse auf <a href="https://chaos.social/@hacc">chaos.social</a></li>
<li><a href="https://hacc.wiki">hacc.wiki</a></li>
<li><a href="https://infra4future.de">infra4future.de</a></li>
<li><a href="https://matrix.to/#/#hacc:libera.chat">#hacc:libera.chat</a></li>
<li><a href="https://web.libera.chat/#hacc">#hacc auf irc.libera.chat</a></li>
<li><a href="https://mumble.hacc.space">mumble.hacc.space</a></li>
<li><a href="https://hacc.uber.space/mailman/listinfo">hacc-Mailinglisten</a></li>
</ul>
</div>
<a name="othergroups"></a>
<div class="section">
<h1>Spin offs &amp; Ähnlich Gruppen<span class="blink"></span></h1>
<p>
Es gibt verschiedene Spin-Offs, die aus der Bewegung der den <a href="https://events.ccc.de/congress/2018/wiki/index.php/Session:Hackers_Against_Climate_Change">ersten hacc-Sessions</a> auf dem 35c3 und Events wie dem <a href="https://events.ccc.de/camp/2019/wiki/Main_Page">CCCamp2019</a> entstanden sind:
</p>
<ul>
<li><a href="https://hacc.uber.space/c3sus">c3sus</a>, Chaos-Events nachhaltig gestalten</li>
<li><a href="https://altpwr.net/">Eventgrid</a>, Entwicklung eines lokalen Stromnetzes, für Outdoor-Events wie dem Camp</li>
</ul>
<p>
Weitere Projektideen gibt es im <a href="https://hacc.wiki">wiki</a>.
</p>
<h2>Ähnliche Gruppen</h2>
<ul>
<li><a href="https://bits-und-baeume.org/regionalzweige/de">Bits &amp; Bäume</a> in Dresden, Berlin, Hannover, Dortmund, Köln und Osnabrück</li>
<li><a href="https://hackersforfuture.de">Hackers for Future</a> in Regensburg (zur Zeit pausierend)</li>
<li><a href="https://developersforfuture.org">Developers for Future</a></li>
<li><a href="https://totalism.org">CHT Hackbase</a> auf den Kanarischen Inseln</li>
</ul>
</div>
<a name="weinthepress"></a>
<div class="section">
<h1>In der Presse<span class="blink"></span></h1>
<p>
Le Monde hat sich aus unbekannten Gründen entschlossen, uns und unsere Poster (und Mate) in einem <a href="https://www.lemonde.fr/pixels/article/2019/12/30/a-leipzig-hackers-et-militants-pour-le-climat-font-front-commun_6024362_4408996.html">Artikel</a> zum <a href="https://events.ccc.de/congress/2019/wiki/index.php/Main_Page">36c3</a> zu erwähnen!
</p>
</div>
<div class="section"></div>
</main>
<footer class="content" style="z-index: 200">
<div>
<a href="#contact">Kontakt</a> &bull;
<a href="https://infra4future.de/impressum.html">Impressum</a>
</div>
</footer>
</body>
</html>

Binary file not shown.

View file

@ -0,0 +1,2 @@
.jekyll-cache
_site

View file

@ -0,0 +1,31 @@
# SFF Technik Wiki
?> Gerade wird noch herumgebastelt, deswegen ist einiges unvollständig.
Hier sammeln wir technische Leitfäden, wie ihr euch mit den bei SFF verwendeten Tools
zurechtfindet, und wie ihr digitale Events abhalten & gestalten könnt.
Hauptsächlich geht es hier um die [PCS](https://studentsforfuture.info/public-climate-school),
aber manches ist vielleicht auch so nützlich.
**Für ungeklärte Fragen, Ergänzungswünsche oder Feedback wendet euch einfach an den [PCS Tech Support auf Telegram](https://t.me/joinchat/PezzhhOoxeVRGvoxMoi4Sg).**
**Überblick:**
- **[Webseite](website/website.md)**: Hier findet ihr Leitfäden für unsere bundesweite Webseite.
- **[Tools](tools/tools.md)**: Hier findet ihr Leitfäden zu einigen Tools zur Organisation, für Social Media, Events, Online-Meetings und Live-Interaktion.
- **[Streams](streams/streams)**: Hier erfahrt ihr, wie ihr Veranstaltungen streamen könnt. Außerdem findet ihr hier die technische Stream Dokumentation zu den digitalen PCS.
- **[Online-Events](event/online-event.md)**: Hier findet ihr Ressourcen, die euch bei digitalen Events vielleicht helfen können.
**FAQ:**
- [Wie kommt mein Format in den Stream? Wie läuft das ab?](/faq?id=wie-kommt-mein-format-in-den-stream-wie-läuft-das-ab)
- [Wir haben keinen Streaming-Account. Könnt ihr uns etwas zur Verfügung stellen?](/faq?id=wir-haben-keinen-streaming-account-könnt-ihr-uns-etwas-zur-verfügung-stellen)
- [Woher bekomme ich Ortsgruppen Zugang zur Website?](/faq?id=woher-bekomme-ich-ortsgruppen-zugang-zur-website)
- [Wie kann ich mit Trollen im meinem Online-Event umgehen?](/faq?id=wie-kann-ich-mit-trollen-im-meinem-online-event-umgehen)
- [Wie kann ich mein Online-Event barrierefrei gestalten?](/faq?id=wie-kann-ich-mein-online-event-barrierefrei-gestalten)
---
<a href="https://www.youtube.com/watch?v=wn5AE98T8sE"><img src="img/faq/pcs_walkthrough_thumbnail.png" ></a>
[Hier](https://www.youtube.com/watch?v=wn5AE98T8sE) findest du ein YouTube-Video, in dem wir die aktuellen Tools der PCS-Organisation erklären.

View file

@ -0,0 +1,8 @@
# Seite nicht gefunden :(
Falls du auf einen Link geklickt hast, ist der Link vermutlich veraltet.
Bitte melde dich beim
[PCS Tech Support auf Telegram](https://t.me/joinchat/PezzhhOoxeVRGvoxMoi4Sg), damit
das behoben werden kann.
[Zur Startseite](/)

View file

@ -0,0 +1,4 @@
##### PCS
Public Climate School

View file

@ -0,0 +1,36 @@
- [Start](README.md)
- [FAQ](faq.md)
- [Webseite](website/website.md)
- [Events eintragen](website/events-eintragen.md)
- [OG-Homepage einrichten](website/og-homepage.md)
- [Tools](tools/tools.md)
- [Tools zur Organisation](tools/orga.md)
- [Plattform-N](tools/plattform-n.md)
- [Rocket.Chat](tools/rocket-chat.md)
- [Meistertask](tools/meistertask.md)
- [Dieses Wiki](tools/technik-wiki.md)
- [Tools für Social Media](tools/socialmedia.md)
- [Profilbildgenerator](tools/profilbildgenerator.md)
- [Sharepics mit Canva](tools/canva.md)
- [Tools fürs Eventmanagement](tools/events.md)
- [Eventkalender](tools/eventkalender.md)
- [Attending.io](tools/attending.md)
- [Tools für Video-Konferenzen](tools/video-conference.md)
- [Zoom](tools/zoom.md)
- [BigBlueButton](tools/bbb.md)
- [JitSi](tools/jitsi.md)
- [Tools für Live-Interaktion](tools/live-interaktion.md)
- [Tweedback](tools/tweedback.md)
- [Streams](streams/streams.md)
- [Stream: Zoom zu YouTube](streams/einfach.md)
- [Stream: Zoom zu PCS-Server (RTMP)](streams/streamzoomrtpm.md)
- [Streams mit OBS](streams/obs.md)
- [Troubleshooting](streams/troubleshooting.md)
- [Ergänzungen / Optimierungen](streams/optimierungen.md)
- [Technische Dok. digitale PCS](streams/pcs-doc.md)
- [Überblick PCS 2.0](streams/pcs2.md)
- [Überblick PCS 3.0](streams/pcs3.md)
- [Online-Events](events/online-events.md)
- [Moderation](events/moderation.md)
- [Datenschutz](events/datenschutz.md)
- [Beispiel PCS Einverständniserklärung](events/einverstaendniserklaerung.md)

View file

@ -0,0 +1,16 @@
{ stdenvNoCC }:
stdenvNoCC.mkDerivation {
name = "muc.hacc.earth-static";
src = ./.;
phases = [ "buildPhase" ];
buildPhase = ''
cd $src
mkdir -p $out
cp -r * $out
rm $out/default.nix
'';
}

View file

@ -0,0 +1,17 @@
# Leitfaden: PCS 2020 zum Thema Datenschutz
Dadurch, dass die PCS 2020 online stattfindet müssen wir uns auch Gedanken über Datenschutz machen. Dieser Leitfaden kann nicht jeden Fall abdecken und es handelt sich hier nur um Empfehlungen.
## Normaler Vortrag
Sollte der Vortrag wie eine Vorlesung in diesen Zeiten üblich über eine Konferenzplattform stattfinden jedoch ansonsten nicht weiter gestreamed oder aufgezeichnet werden, reicht meistens ein einfacher Hinweis auf die Datenschutzrichtlinien der Plattform. Dieser sollte vor betreten der Plattform platziert sein. Zum Beispiel an der Stelle an der ihr die Links zu der Vorlesung bewirbt.
## Aufgezeichneter oder gestreamter Vortrag
Für einen Vortrag der noch anderweitig zugänglich gemacht werden soll müssen noch weitere Vorkehrung getroffen werden. Alle Menschen die in einem solchen Vortrag zu sehen sind müssen **vor der Verarbeitung ihrer Daten** zugestimmt haben. Zuschauer könnt ihr Beispielsweise mündlich darüber aufklären, dass sie in einem Livestream zu sehen sein werden oder was mit der Aufnahme passiert. Außerdem empfiehlt es sich auch an anderer Stelle darauf hinzuweisen. Beispielsweise kann auf der gleichen Folie auf der zur Interaktion aufgerufen wird, auch der Hinweis stehen, dass eine solche aufgezeichnet wird. Wichtig ist das es nicht die Möglichkeit gibt, dass unfreiwillig oder unwissentlich persönliche Daten (z.B. Äußerungen, Namen etc) verarbeitet/veröffentlicht werden. Um sicher zu gehen könnt empfiehlt sich zu diesem Zweck auch von jedem Teilnehmenden eine Einverständniserklärung unterschreiben zu lassen. Eine weitere Möglichkeit ist es Fragerunden am Ende des Vortrages nicht mit aufzuzeichnen. Bedenkt außerdem auch, dass auch Menschen die erst später der Konferenz beitreten informiert werden müssen. Zum Beispiel im Chat.
Die Dozierenden solltet ihr außerdem **vorher** darum bitten euch eine Einverständnis Erklärung auszufüllen.
Beispiele für Einverständniserklärungen findet ihr [hier](events/einverstaendniserklaerung.md).

View file

@ -0,0 +1,68 @@
# Beispiel PCS Einverständniserklärung
Wenn ihr Veranstaltungen aufzeichnen und veröffentlichen wollt, braucht ihr vermutlich
eine Einverständniserklärung. Hier findet ihr Beispiele für die PCS, die ihr für euch
anpassen könnt (insb. alles was <mark>markiert</mark> ist).
Trotzdem der Disclaimer: **Die Einverständniserklärungen hier sind nur zur Orientierung und ohne Gewährleistung!**
## Deutsch
#### Als PDF:
Eine Beispieleinverständniserklärung von der PCS 2020 findet ihr <a target="_blank" rel="noopener noreferrer" title="Einverständniserklärung (PDF)" href="einverstaendniserklaerung.pdf">hier</a>.
#### In Textform:
_**Einverständniserklärung zur Aufzeichnung von Vorlesungen / Vorträgen im Rahmen der Public Climate School vom <mark>17.-21.05.2021</mark>.**_
*Ich erkläre mich damit einverstanden, dass von mir Audio-/Videoaufnahmen gemacht
werden, die im Rahmen der vom <mark>17.-21.05.2021</mark> stattfindenden Public
Climate School online veröffentlicht werden.*
*Ich versichere, dass innerhalb dieser Aufzeichnungen keine Rechte Dritter verletzt
werden.*
*Ich erkläre, dass ich alle Materialien, die ich in meiner Vorlesung/meinem Vortrag benutze,
selbst erstellt habe, bzw. bei der Verwendung fremder Materialien (Texte aus Büchern,
Zeitschriften, Bilder, Graphiken, Filmausschnitte, Musiktitel, etc.) diese auf das
Urheberrecht nach §60a geprüft habe und diese veröffentlicht werden können.*
*Ich stelle die <mark>Students for Future Stadt</mark> von allen Ansprüchen Dritter frei, die sich
wegen möglicher Urheberrechtsverstöße an die <mark>Students for Future Stadt</mark> wenden.*
*Ich verpflichte mich außerdem, den Betreiber des genutzten online Servers unverzüglich
zu informieren, wenn Dritte Ansprüche auf Grund der ihnen zustehenden Urheber- bzw.
Nutzungsrechte in Bezug auf die oben bezeichnete Aufzeichnung geltend machen.*
*Ich erkläre, dass meine Vorlesung/mein Vortrag und damit die Audio-/Videoaufnahmen
und bereitgestellte Foliensätze frei von diskriminierenden Inhalten sind, seien sie
rassistisch, sexistisch, antisemitisch, trans\*feindlich, homophob oder anderweitig
diskriminierend.*
*Name, Vorname:
Titel des Vortrags:
Datum des Vortrags:
Datum, Unterschrift:*
## Englisch
#### In Textform:
_**Declaration of consent for the recording of lectures in context of the Public Climate School from <mark>May 17 21 2021</mark>**_
*I hereby agree that audio/video recordings may be made of me, that might be published online in the context of the Public Climate School taking place from <mark>17.-21.05.2021</mark>.*
*I assure that no rights of third parties are violated within these recordings.*
*I declare that I have created all materials I use in my lecture myself, or when using foreign materials (texts from books, magazines, pictures, graphics, film clips, music titles, etc.) I have checked them for copyright according to §60a UrhG and they can be published.*
*I indemnify the <mark>Students for Future Stadt</mark> from all claims of third parties who contact the <mark>Students for Future Stadt</mark> regarding possible copyright infringements.*
*I also undertake to inform the operator of the online server used immediately if third parties assert claims based on the copyrights or rights of use to which they are entitled with regard to the above-mentioned recording.*
*I declare that my lectures and therefore my audio-/video recordings and slides are free of discriminating contents such as racist, sexist, antisemitic, trans\*hostile, homophobic or otherwise discriminating.*
*Full name:
Title of lecture:
Date of lecture:
Date, Signature:*

View file

@ -0,0 +1,3 @@
# Moderation
...

View file

@ -0,0 +1,32 @@
# Online-Events
Hier versuchen wir euch eine Sammlung nützlicher Guides für die Durchführung von
Online Veranstaltungen bereitzustellen.
Typischerweise sind vor jedem Online-Event folgende Fragen zu klären:
- **Wie können Menschen teilnehmen?**
Meist entweder direkte Teilnahme im Online Meeting, z.B. über Zoom,
oder ein Stream, z.B. über YouTube.
Das hängt von einigen Faktoren ab, u.a. wie viele Teilnehmer:innen erwartet werden,
wie interaktiv das Event sein soll, und wie geschlossen der Raum, in dem es stattfindet.
Für Workshops eignen sich Meetings, für Podiumsdiskussion sind vermutlich Streams
die bessere Wahl. Vorträge lassen sich auf beide Arten gut umsetzen. Hier ist vermutlich
die Teilnehmer:innenzahl und Öffentlichkeit ausschlaggebend.
Theoretisch geht auch eine Kombination: Die Teilnehmer:innen können dem Meeting direkt
beitreten, während es gleichzeitig gestreamt wird. In diesem Fall müsstet ihr aber
sicherstellen, dass keine Person das Meeting stören kann und dass keine persönlichen
Daten im Stream landen können. Außerdem könnten Zuschauer:innen auf YouTube dann z.B.
nicht erfahren, wenn Fragen im Zoom Chat gestellt werden.
- **Wer kann teilnehemen / braucht es evtl. eine Anmeldung?**
Es ist bei allen Optionen möglich, die Teilnahme so einzuschränken, dass nur Menschen
mit den richtigen Zugangsdaten oder dem richtigen Link teilnehemen können.
Um diese zu verteilen könnt ihr zum Beispiel eine Anmeldung machen.
- **Wie sieht die Interaktion mit den Teilnehmer:innen aus?**
Fast alle Tools haben einen Chat, den ihr natürlich verwenden könnt, der aber auch schnell
unübersichtlich werden kann. Es kann sich daher lohnen, ein eigenes Tool für die Live-Interaktion
zu verwenden. Mehr dazu findet ihr auf der [zugehörigen Seite bei den Tools](tools/live-interaktion.md).
- **Soll die Veranstaltung aufgezeichnet werden?**
Wenn ja, braucht ihr vermutlich eine [Einverständniserklärung](events/datenschutz.md).

View file

@ -0,0 +1,109 @@
# **F**requently **A**sked **Q**uestions:
?> Das FAQ ist noch von der letzten PCS, das heißt insb. die Links werden sich vermutlich noch ändern.
## Wie kommt mein Format in den Stream? Wie läuft das ab?
Das hängt davon ab, was für ein Format es ist bzw. welches Tool ihr verwendet:
- **Voraufgezeichnete Videos:**
könnt ihr uns einfach über einen Cloud Link (z.B. hier: https://fffutu.re/pcs-lecture-upload)
oder einen Link zu einem (ungelisteten) YouTube Video schicken. Bitte gebt uns das Video noch vor Beginn der PCS.
- **Zoom-Veranstaltungen**:
hier hängt es davon ab, ob ihr das Meeting selbst erstellt habt oder der/die Dozierende.
Nur die Person, die das Meeting erstellt hat kann das Livestreaming aktivieren. Wie das geht steht [hier](zoom.md).
Ihr bekommt dazu so bald wie möglich die genauen Einstellungen, die ihr da eingeben müsst.
Bitte prüft schon im vornherein, ob ihr das in den Einstellungen findet (also ob es bei euch aktiviert ist).
- **JitSi**:
Für JitSi im Livestream verwenden wir voraussichtlich eine eigene Instanz. Das bedeutet ihr bekommt von uns so bald wie möglich einen Link zu dem JitSi Raum. Dort könnt ihr dann mit zwei Klicks den Stream starten.
Mehr Infos dazu kommen so bald wie möglich. Bitte gebt uns unbedingt vorher bekannt, falls mehr als 6 Personen an diesem Meeting teilnehmen werden.
- **BigBlueButton**:
Es tut uns Leid, aber bisher haben wir uns noch nicht mit einem Leitfaden für BigBlueButton beschäftigen können. Deshalb möchten wir euch diesen ausführlichen Leitfaden von HACC (Hackers Against Climate Crisis) wärmstens empfehlen: [Recording a talk with Big Blue Button and obs studio](https://hacc.uber.space/Recording_a_talk_with_Big_Blue_Button_and_obs_studio)
<a href="https://www.youtube.com/watch?v=dmryPtz-_ME&feature=youtu.be"><img src="img/faq/tutorial_thumbnail.png"></a>
## Wie kann ich als Dolmer*in teilnehmen?
- **Den Stream empfangen**
1. Über Zoom:
Sie sitzen mit in dem Zoom Meeting, indem der Vortrag abgehalten wird.
2. Über VLC:
Sie empfangen den Stream ohne große Verzögerung auf ihren PC.
<a href="https://www.youtube.com/watch?v=UBJodCpsUI8">Hier finden Sie die Aufzeichnung des entsprechenden Technik-Briefings.</a>
- **Übersetzung einsprechen**
Dafür müssen Sie dem entsprechenden Mumble Channel beitreten. Den Link erhalten Sie von uns. Als Gebärdensprachendolmetscher*in müssen Sie nur dem richtigen Zoom Meeting beitreten und nichts weiter tun. <a href="https://www.youtube.com/watch?v=UBJodCpsUI8">Hier finden Sie eine Aufgabe des Übersetzerinnen-Briefings.</a>
## Wir haben keinen Streaming-Account. Könnt ihr uns etwas zur Verfügung stellen?
- **Streaming Accounts eurer Uni:**
werden möglicherweise auch euch als Studenten zur Verfügung gestellt. Viele Universitäten haben zahlreiche Zoom Lizenzen erworben, oder betreiben BigBlueButton Instanzen. Informiert euch also, ob ihr auf diese Weise an einen Account kommt.
- **Streaming Accounts vom Technik Team:**
können wir euch zur Verfügung stellen, wenn ihr keine andere Möglichkeit mehr habt. Zurzeit wäre uns es möglich sowohl Zoom, als auch BigBlueButton Instanzen zu stellen. Wir würden die Anzahl der von uns gestellten Instanzen aber gerne in Grenzen halten. Meldet euch dafür im [PCS-Techsupport](https://fffutu.re/pcs-techsupport) auf Telegram.
## Woher bekomme ich Ortsgruppen Zugang zur Website?
Richtig, jede Ortsgruppe kann sich auf der Website von [Students for Future Germany](studentsforfuture.info) einloggen.
**Wenn ihr keine Zugangsdaten (mehr) habt** meldet euch per Telegram im [PCS-Techsupport](https://fffutu.re/pcs-techsupport)
Wie ihr anschließend eure Kontaktinformationen aktualisiert, eine eigene OG-Homepage erstellt, oder einen Eventkalender anlegt steht [hier](webseite.md).
## Wie kann ich mit Trollen im meinem Online-Event umgehen?
Das wichtigste zuerst: **Don't Feed the Troll!** Negativ auf dein Event einzuwirken ist oft das Ziel von Troll-Angriffen.
Versuche dich deshalb von destruktiven Menschen
- nicht ablenken zu lassen,
- nicht emotional zu reagieren,
- und sie nicht in den Fokus zu rücken.
Verweise als Moderation im Zweifel darauf, nach dem Event weiterzudiskutieren und nicht währenddessen.
Ansonsten kannst du natürlich technische Hilfsmittel verwenden, wie
- einen Zoom-Warteraum
- Menschen kicken/bannen
- die Video/Sprachfunktion für Menschen ausschalten.
Im [Zoom-Leitfaden](zoom.md) findest du dazu einige nützliche Funktionen.
**Bitte beachte**, dass wir keine Expert*innen im Umgang mit Trollen sind. Wenn ihr ausführliche Informationen sucht, können wir euch folgende Artikel empfehlen:
- [Ratgeber: Konstruktiv auf Internet-Trolle reagieren (Klimafakten.de)](https://www.klimafakten.de/meldung/ratgeber-konstruktiv-auf-internet-trolle-reagieren)
- [Beware of ZoomBombing: screensharing filth to video calls (TheCrunch.com)](https://techcrunch.com/2020/03/17/zoombombing/?guccounter=1)
## Wie kann ich mein Online-Event barrierefrei gestalten?
Beim Stichwort Barrierefreiheit kennen wir Möglichkeiten, um folgendes einzubauen:
- **Live-Untertitel** (braucht Menschen die live Mitschreiben, [Tutorial auf zoom.us](https://support.zoom.us/hc/en-us/articles/207279736))
- **Gebärdesprachendolmetscher*in** (braucht Mensch mit diesem Skill)
Wenn ihr mit Zoom arbeitet wäre beides umsetzbar. Sofern das Teil des Livestreams sein soll, würden wir dann eurem Meeting beitreten und die Untertitel oder den\*die Dolmetscher\*in mit OBS mitschneiden.
**Bitte sagt uns [hier auf Telegram](https://fffutu.re/pcs-techsupport) sobald wie möglich Bescheid, falls ihr das plant!**

Binary file not shown.

Binary file not shown.

After

Width:  |  Height:  |  Size: 140 KiB

Binary file not shown.

Binary file not shown.

After

Width:  |  Height:  |  Size: 43 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 86 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 1.1 MiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 415 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 1.7 MiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 22 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 1.6 MiB

Some files were not shown because too many files have changed in this diff Show more