chore: pre-commit hooks are supposed to be run....
All checks were successful
build configuration / build_vault01 (push) Successful in 1m5s
build configuration / build_web02 (push) Successful in 1m6s
build configuration / build_compute01 (push) Successful in 1m11s
build configuration / build_storage01 (push) Successful in 1m10s
lint / check (push) Successful in 24s
build configuration / build_web01 (push) Successful in 1m33s
build configuration / build_rescue01 (push) Successful in 49s

This commit is contained in:
sinavir 2024-03-10 01:03:30 +01:00
parent d946894d8f
commit 581fa6b560
21 changed files with 348 additions and 382 deletions

View file

@ -1,4 +1,5 @@
/* Copyright :
/*
Copyright :
- Maurice Debray <maurice.debray@dgnum.eu> 2023
- Tom Hubrecht <tom.hubrecht@dgnum.eu> 2023
@ -59,9 +60,9 @@ let
in
{
nodes = builtins.mapAttrs (host: { site, ... }: "${host}.${site}.infra.dgnum.eu") (
import ./meta/nodes.nix
);
nodes = builtins.mapAttrs (
host: { site, ... }: "${host}.${site}.infra.dgnum.eu"
) (import ./meta/nodes.nix);
dns = import ./meta/dns.nix;

View file

@ -33,7 +33,7 @@ in
openssh.enable = true;
};
users.users.root.openssh.authorizedKeys.keyFiles =
builtins.map (m: dgn-lib.mkRel ../keys "${m}.keys")
dgn-members;
users.users.root.openssh.authorizedKeys.keyFiles = builtins.map (
m: dgn-lib.mkRel ../keys "${m}.keys"
) dgn-members;
}

View file

@ -20,10 +20,9 @@ lib.extra
getNodeKeys =
node:
let
names =
builtins.foldl' (names: group: names ++ meta.organization.groups.${group})
(meta.nodes.${node}.admins ++ [ "/machines/${node}" ])
meta.nodes.${node}.adminGroups;
names = builtins.foldl' (names: group: names ++ meta.organization.groups.${group}) (
meta.nodes.${node}.admins ++ [ "/machines/${node}" ]
) meta.nodes.${node}.adminGroups;
in
rootKeys ++ (getAllKeys names);

View file

@ -10,13 +10,11 @@
(import sources.nixos-unstable {
overlays = [ (import (sources.arkheon.outPath + "/overlay.nix")) ];
}).python3.withPackages
(
ps: [
(ps: [
ps.arkheon
ps.daphne
ps.psycopg2
]
);
]);
domain = "arkheon.dgnum.eu";

View file

@ -29,11 +29,9 @@ in
freeradius = mkOption {
type = types.package;
default = pkgs.freeradius.overrideAttrs (
old: {
default = pkgs.freeradius.overrideAttrs (old: {
buildInputs = (old.buildInputs or [ ]) ++ [ (pkgs.python3.withPackages (ps: [ ps.kanidm ])) ];
}
);
});
};
configDir = mkOption {
@ -126,8 +124,7 @@ in
rm ${cfg.configDir}/clients.conf && touch ${cfg.configDir}/clients.conf
${builtins.concatStringsSep "\n" (
builtins.attrValues (
builtins.mapAttrs
(
builtins.mapAttrs (
name:
{ secret, ipaddr }:
''
@ -139,8 +136,7 @@ in
}
EOF
''
)
cfg.radiusClients
) cfg.radiusClients
)
)}

View file

@ -31,7 +31,9 @@ python3.pkgs.buildPythonPackage {
aiohttp
pydantic
toml
(authlib.overridePythonAttrs (_: { doCheck = false; }))
(authlib.overridePythonAttrs (_: {
doCheck = false;
}))
];
doCheck = false;

View file

@ -12,12 +12,10 @@ in
package =
(pkgs.librenms.override { inherit (config.services.librenms) dataDir logDir; }).overrideAttrs
(
old: {
(old: {
patches = (old.patches or [ ]) ++ [ ./kanidm.patch ];
vendorHash = "sha256-2RgtMXQp4fTE+WloO36rtfytO4Sh2q0plt8WkWxEGHI=";
}
);
});
hostname = host;

View file

@ -198,13 +198,11 @@ in
poolConfig = mkOption {
type =
with types;
attrsOf (
oneOf [
attrsOf (oneOf [
str
int
bool
]
);
]);
default = {
"pm" = "dynamic";
"pm.max_children" = 32;
@ -221,9 +219,9 @@ in
nginx = mkOption {
type = types.submodule (
recursiveUpdate
(import "${modulesPath}/services/web-servers/nginx/vhost-options.nix" { inherit config lib; })
{ }
recursiveUpdate (import "${modulesPath}/services/web-servers/nginx/vhost-options.nix" {
inherit config lib;
}) { }
);
default = { };
example = literalExpression ''
@ -392,9 +390,9 @@ in
}
// (lib.optionalAttrs cfg.distributedPoller.enable {
"distributed_poller" = true;
"distributed_poller_name" =
lib.mkIf (cfg.distributedPoller.name != null)
cfg.distributedPoller.name;
"distributed_poller_name" = lib.mkIf (
cfg.distributedPoller.name != null
) cfg.distributedPoller.name;
"distributed_poller_group" = cfg.distributedPoller.group;
"distributed_billing" = cfg.distributedPoller.distributedBilling;
"distributed_poller_memcached_host" = cfg.distributedPoller.memcachedHost;

View file

@ -23,12 +23,10 @@ let
mkYamlFiles =
files: builtins.attrValues (builtins.mapAttrs (name: yamlFormat.generate "${name}.yaml") files);
pyEnv = cfg.package.python.withPackages (
ps: [
pyEnv = cfg.package.python.withPackages (ps: [
cfg.package
ps.gunicorn
]
);
]);
in
{
options.services.satosa = {

View file

@ -30,9 +30,9 @@ let
managementFormat = pkgs.formats.json { };
settingsFile = settingsFormat.generate "setup.env" (
builtins.mapAttrs
(_: val: if builtins.isList val then ''"${builtins.concatStringsSep " " val}"'' else val)
settings
builtins.mapAttrs (
_: val: if builtins.isList val then ''"${builtins.concatStringsSep " " val}"'' else val
) settings
);
managementFile = managementFormat.generate "config.json" cfg.managementConfig;
@ -106,9 +106,9 @@ let
NETBIRD_AUTH_DEVICE_AUTH_ENDPOINT = "";
NETBIRD_AUTH_PKCE_REDIRECT_URL_PORTS = [ "53000" ];
NETBIRD_AUTH_PKCE_REDIRECT_URLS =
builtins.map (p: "http://localhost:${p}")
cfg.settings.NETBIRD_AUTH_PKCE_REDIRECT_URL_PORTS or NETBIRD_AUTH_PKCE_REDIRECT_URL_PORTS;
NETBIRD_AUTH_PKCE_REDIRECT_URLS = builtins.map (
p: "http://localhost:${p}"
) cfg.settings.NETBIRD_AUTH_PKCE_REDIRECT_URL_PORTS or NETBIRD_AUTH_PKCE_REDIRECT_URL_PORTS;
}
// (optionalAttrs cfg.setupAutoOidc {
NETBIRD_AUTH_PKCE_AUTHORIZATION_ENDPOINT = "$NETBIRD_AUTH_PKCE_AUTHORIZATION_ENDPOINT";
@ -138,15 +138,13 @@ in
type =
with types;
attrsOf (
nullOr (
oneOf [
nullOr (oneOf [
(listOf str)
bool
int
float
str
]
)
])
);
defaultText = lib.literalExpression ''
{
@ -493,8 +491,9 @@ in
export AUTH_AUTHORITY="$NETBIRD_AUTH_AUTHORITY"
export AUTH_CLIENT_ID="$NETBIRD_AUTH_CLIENT_ID"
${optionalString (cfg.secretFiles.AUTH_CLIENT_SECRET == null)
''export AUTH_CLIENT_SECRET="$NETBIRD_AUTH_CLIENT_SECRET"''}
${optionalString (
cfg.secretFiles.AUTH_CLIENT_SECRET == null
) ''export AUTH_CLIENT_SECRET="$NETBIRD_AUTH_CLIENT_SECRET"''}
export AUTH_AUDIENCE="$NETBIRD_AUTH_AUDIENCE"
export AUTH_REDIRECT_URI="$NETBIRD_AUTH_REDIRECT_URI"
export AUTH_SILENT_REDIRECT_URI="$NETBIRD_AUTH_SILENT_REDIRECT_URI"

View file

@ -11,8 +11,7 @@
frontend_url ? "crab.fit",
}:
stdenv.mkDerivation (
finalAttrs: {
stdenv.mkDerivation (finalAttrs: {
pname = "crabfit-frontend";
version = "unstable-2023-08-02";
@ -111,5 +110,4 @@ stdenv.mkDerivation (
license = licenses.gpl3;
maintainers = with maintainers; [ thubrecht ];
};
}
)
})

View file

@ -28,7 +28,9 @@ in
package = mkOption {
type = types.package;
default = package.overrideAttrs (_: { buildInputs = [ ]; });
default = package.overrideAttrs (_: {
buildInputs = [ ];
});
};
domain = mkOption { type = types.str; };
@ -38,22 +40,18 @@ in
let
inherit (types) attrsOf port submodule;
in
attrsOf (
submodule {
attrsOf (submodule {
options = {
port = mkOption { type = port; };
calendars = mkOption { inherit (jsonFormat) type; };
};
}
);
});
default = { };
};
};
config = mkIf cfg.enable {
systemd.services =
mapAttrs'
(
systemd.services = mapAttrs' (
name:
{ port, calendars }:
nameValuePair "linkal-${name}" {
@ -66,8 +64,7 @@ in
}";
};
}
)
cfg.calendarGroups;
) cfg.calendarGroups;
# Configure bind for DNS certificate validation on *.cal.dgnum.eu.
# services.bind = {
@ -107,9 +104,7 @@ in
services.nginx = {
enable = true;
virtualHosts =
mapAttrs'
(
virtualHosts = mapAttrs' (
name:
{ port, ... }:
nameValuePair "${name}.${cfg.domain}" {
@ -119,8 +114,7 @@ in
locations."/".proxyPass = "http://127.0.0.1:${builtins.toString port}/";
}
)
cfg.calendarGroups;
) cfg.calendarGroups;
};
};
}

View file

@ -16,9 +16,7 @@ in
forceSSL = true;
root = metis.production;
locations =
lib.mapAttrs'
(
locations = lib.mapAttrs' (
name: value:
lib.nameValuePair "/cal/${name}/" {
extraConfig = ''
@ -28,8 +26,7 @@ in
proxy_pass ${value};
'';
}
)
providers;
) providers;
extraConfig = ''
rewrite ^/calendrier(.*)$ $1 permanent;

View file

@ -6,16 +6,14 @@ let
mkRetired =
hosts:
builtins.listToAttrs (
builtins.map
(name: {
builtins.map (name: {
inherit name;
value = {
enableACME = true;
forceSSL = true;
locations."/".return = "301 https://${retired_host}/${name}";
};
})
hosts
}) hosts
);
mkSub = domain: builtins.map (s: "${s}.${domain}");

View file

@ -150,9 +150,7 @@ in
DMARC = [ { p = "none"; } ];
DKIM = kurisuDKIM;
subdomains =
mapAttrs'
(
subdomains = mapAttrs' (
host:
{ site, ... }:
nameValuePair "${host}.${site}" (
@ -162,8 +160,7 @@ in
AAAA = ipv6;
}
)
)
meta.nodes;
) meta.nodes;
};
};
}

View file

@ -10,7 +10,8 @@
# nixpkgs = "unstable" or "22.11"; # nixpkgs version
# }
/* Liste des différents sites :
/*
Liste des différents sites :
- dmi01 -> VM du NPSPI
- par01 -> Salle serveur sous le pavillon Pasteur
- par02 -> Local DGNum Jourdan

View file

@ -38,8 +38,7 @@ in
options = {
organization = {
members = mkOption {
type = attrsOf (
submodule {
type = attrsOf (submodule {
options = {
name = mkOption {
type = str;
@ -55,8 +54,7 @@ in
'';
};
};
}
);
});
description = ''
Members of the DGNum organization.

View file

@ -1,4 +1,5 @@
/* To add a new member add an attribute to `members`
/*
To add a new member add an attribute to `members`
Then add the key to the required groups.
*/

View file

@ -83,8 +83,8 @@ in
# Admins have root access to the node
dgn-access-control.users.root = mkDefault admins;
users.users =
builtins.mapAttrs (_: members: { openssh.authorizedKeys.keys = lib.extra.getAllKeys members; })
cfg.users;
users.users = builtins.mapAttrs (_: members: {
openssh.authorizedKeys.keys = lib.extra.getAllKeys members;
}) cfg.users;
};
}

View file

@ -37,9 +37,9 @@ let
{
startAt = starts.${name};
key = config.age.secrets."bupstash-put_key".path;
repositoryCommands =
lib.extra.mapSingleFuse (host: "ssh -i /etc/ssh/ssh_host_ed25519_key bupstash-repo@${host}.dgnum")
to;
repositoryCommands = lib.extra.mapSingleFuse (
host: "ssh -i /etc/ssh/ssh_host_ed25519_key bupstash-repo@${host}.dgnum"
) to;
}
// settings
);
@ -58,8 +58,7 @@ in
};
jobs = mkOption {
type = attrsOf (
submodule {
type = attrsOf (submodule {
options = {
to = mkOption {
type = listOf str;
@ -78,17 +77,14 @@ in
description = "Base bupstash job config.";
};
};
}
);
});
default = { };
description = "List of bupstash jobs.";
};
};
config = {
dgn-backups.jobs =
lib.extra.mapFuse
(db: {
dgn-backups.jobs = lib.extra.mapFuse (db: {
"${db}-db".settings = {
user = "postgres";
command = [
@ -96,8 +92,7 @@ in
db
];
};
})
cfg.postgresDatabases;
}) cfg.postgresDatabases;
services.bupstash = {
repositories = {

View file

@ -41,8 +41,7 @@ in
};
};
config = mkIf cfg.enable (
mkMerge [
config = mkIf cfg.enable (mkMerge [
{
hardware.enableRedistributableFirmware = true;
hardware.cpu.intel.updateMicrocode = true;
@ -91,6 +90,5 @@ in
};
};
})
]
);
]);
}