forked from hacc/haccfiles
118 lines
4.8 KiB
Nix
118 lines
4.8 KiB
Nix
{ config, lib, pkgs, evalConfig, ... }:
|
|
|
|
{
|
|
containers.uffd = {
|
|
privateNetwork = true;
|
|
hostAddress = "192.168.100.1";
|
|
localAddress = "192.168.100.9";
|
|
autoStart = true;
|
|
ephemeral = true;
|
|
bindMounts = {
|
|
"/persist" = {
|
|
hostPath = "/persist/containers/uffd";
|
|
isReadOnly = false;
|
|
};
|
|
};
|
|
path = evalConfig ({ config, lib, pkgs, ... }: {
|
|
services.uwsgi = {
|
|
enable = true;
|
|
plugins = [ "python3" ];
|
|
instance = {
|
|
type = "normal";
|
|
pythonPackages = _: [ pkgs.uffd ];
|
|
module = "uffd:create_app()";
|
|
# socket = "${config.services.uwsgi.runDir}/uwsgi.sock";
|
|
http = ":8080";
|
|
env = [
|
|
"CONFIG_PATH=/persist/uffd/uffd.conf"
|
|
];
|
|
hook-pre-app = "exec:FLASK_APP=${pkgs.uffd}/lib/python3.10/site-packages/uffd flask db upgrade";
|
|
};
|
|
};
|
|
});
|
|
};
|
|
services.nginx.virtualHosts."login.infra4future.de" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations = {
|
|
"/".proxyPass = "http://${config.containers.uffd.localAddress}:8080";
|
|
"/static".root = "${pkgs.uffd}/lib/python3.10/site-packages/uffd";
|
|
"/static/hacc.png".return = "302 https://infra4future.de/assets/img/logo_vernetzung.png";
|
|
"/static/infra4future.svg".return = "302 https://infra4future.de/assets/img/infra4future.svg";
|
|
"/static/hedgedoc.svg".return = "302 https://infra4future.de/assets/img/icons/hedgedoc.svg";
|
|
"/static/mattermost.svg".return = "302 https://infra4future.de/assets/img/icons/mattermost.svg";
|
|
"/static/nextcloud.svg".return = "302 https://infra4future.de/assets/img/icons/nextcloud.svg";
|
|
"/static/hot_shit.svg".return = "302 https://infra4future.de/assets/img/icons/hot_shit.svg";
|
|
};
|
|
};
|
|
|
|
systemd.services.auamost = {
|
|
enable = true;
|
|
|
|
description = "mattermost aua gruppensync";
|
|
wantedBy = [ "multi-user.target" ];
|
|
after = [ "network.target" ];
|
|
serviceConfig.Type = "simple";
|
|
path = [ pkgs.fish pkgs.curl pkgs.jq ];
|
|
script = (pkgs.writeTextFile {
|
|
name = "auamost.fish";
|
|
executable = true;
|
|
checkPhase = ''
|
|
${lib.getExe pkgs.fish} -n $target
|
|
'';
|
|
text = ''
|
|
#!${lib.getExe pkgs.fish}
|
|
source /run/secrets/auamost/secrets.fish
|
|
|
|
for i in (seq 1 (count $groups))
|
|
set team $teams[$i]
|
|
set group $groups[$i]
|
|
set users (curl -u $uffd_token --basic https://login.infra4future.de/api/v1/getusers -d group="$group")
|
|
set usernames (echo "$users" | jq -c "[.[] | .loginname]")
|
|
for user in (echo "$users" | jq -c ".[]")
|
|
set id (echo "$user" | jq .id)
|
|
set username (echo "$user" | jq .loginname)
|
|
set email (echo "$user" | jq .email)
|
|
curl -H $mattermost_token \
|
|
-H "Content-Type: application/json" https://mattermost.infra4future.de/api/v4/users \
|
|
-d '{"email": '"$email"', "username": '"$username"', "auth_service": "gitlab", "auth_data": "'"$id"'"}'
|
|
end
|
|
set userids (curl -H $mattermost_token \
|
|
-H "Content-Type: application/json" https://mattermost.infra4future.de/api/v4/users/usernames \
|
|
-d "$usernames" | jq '[.[] | {user_id: .id, team_id: "'$team'"} ]')
|
|
curl -H $mattermost_token \
|
|
-H "Content-Type: application/json" https://mattermost.infra4future.de/api/v4/teams/"$team"/members/batch \
|
|
-d "$userids"
|
|
|
|
if test "$group" = "hacc"
|
|
continue
|
|
end
|
|
|
|
set current_members (curl -H $mattermost_token \
|
|
-H "Content-Type: application/json" https://mattermost.infra4future.de/api/v4/teams/"$team"/members | jq '[.[] | .user_id]')
|
|
|
|
# membership relations don't contain e.g. usernames, so fetch those, too
|
|
set current_users (curl -H $mattermost_token \
|
|
-H "Content-Type: application/json" https://mattermost.infra4future.de/api/v4/users/ids \
|
|
-d "$current_members" | jq -c '.[]')
|
|
|
|
set userids (echo "$userids" | jq -c ".[].user_id")
|
|
for member in $current_users
|
|
set id (echo $member | jq .id)
|
|
if not contains -i $id $userids > /dev/null then
|
|
set id_unquoted (echo $member | jq -r .id)
|
|
echo removing $id_unquoted (echo $member | jq '.email') from $team \($group\)
|
|
curl -X DELETE -H $mattermost_token \
|
|
-H "Content-Type: application/json" https://mattermost.infra4future.de/api/v4/teams/"$team"/members/"$id_unquoted"
|
|
end
|
|
end
|
|
end
|
|
'';
|
|
}).outPath;
|
|
startAt = "*:0/15";
|
|
};
|
|
|
|
sops.secrets."auamost/secrets.fish" = { };
|
|
|
|
environment.systemPackages = with pkgs; [ curl jq ];
|
|
}
|