Compare commits
No commits in common. "5622bc37480b2a93768baecfa3a814c43c880b13" and "df8c11180bbdc505463684267f60116b6e02bd12" have entirely different histories.
5622bc3748
...
df8c11180b
10 changed files with 113 additions and 91 deletions
|
@ -1,23 +1,9 @@
|
|||
_:
|
||||
|
||||
let
|
||||
sources = import ../npins;
|
||||
|
||||
nix-lib = import sources.nix-lib {
|
||||
inherit ((import sources.nixpkgs { })) lib;
|
||||
|
||||
keysRoot = ../keys;
|
||||
metaRoot = ../meta;
|
||||
};
|
||||
sources = import ../npins;
|
||||
in
|
||||
|
||||
in nix-lib // (with nix-lib; {
|
||||
# Get publickeys associated to a node
|
||||
getNodeKeys = node:
|
||||
let
|
||||
meta = import ../meta;
|
||||
names =
|
||||
builtins.foldl' (names: group: names ++ meta.members.groups.${group})
|
||||
(meta.nodes.${node}.admins ++ [ "/machines/${node}" ])
|
||||
(meta.nodes.${node}.adminGroups ++ [ "root" ]);
|
||||
in getAllKeys names;
|
||||
})
|
||||
import sources.nix-lib { inherit lib; keysRoot = ../keys; metaRoot = ../meta; }
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
{ config, ... }:
|
||||
{ config, lib, dgn-lib, ... }:
|
||||
|
||||
let host = "demarches.dgnum.eu";
|
||||
let
|
||||
inherit (dgn-lib) setDefault;
|
||||
|
||||
host = "demarches.dgnum.eu";
|
||||
in {
|
||||
imports = [ ./module.nix ];
|
||||
|
||||
|
@ -25,8 +28,7 @@ in {
|
|||
S3_REGION = "garage";
|
||||
S3_FORCE_PATH_STYLE = "true";
|
||||
S3_ACCESS_KEY_ID = "GK4d244118eac2336ae0ab2dd9";
|
||||
S3_SECRET_ACCESS_KEY =
|
||||
"61100261fb0a0c861371596f9ffcd1e83134301a6d0c665a077135af04ba18c3";
|
||||
S3_SECRET_ACCESS_KEY = "61100261fb0a0c861371596f9ffcd1e83134301a6d0c665a077135af04ba18c3";
|
||||
|
||||
# SAML_IDP_ENABLED = "enabled";
|
||||
|
||||
|
@ -49,7 +51,8 @@ in {
|
|||
CONTACT_EMAIL = "demarches@infra.dgnum.eu";
|
||||
EQUIPE_EMAIL = "equipe@infra.dgnum.eu";
|
||||
TECH_EMAIL = "tech@infra.dgnum.eu";
|
||||
NO_REPLY_EMAIL = ''"Ne pas répondre <demarches@infra.dgnum.eu>"'';
|
||||
NO_REPLY_EMAIL =
|
||||
''"Ne pas répondre <demarches@infra.dgnum.eu>"'';
|
||||
OLD_CONTACT_EMAIL = "";
|
||||
CONTACT_PHONE = "";
|
||||
|
||||
|
@ -60,7 +63,10 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
dgn-secrets.matches."^ds_fr-.*$" = { owner = "ds-fr"; };
|
||||
dgn-secrets.options = [
|
||||
(setDefault { owner = "ds-fr"; }
|
||||
(builtins.filter (lib.hasPrefix "ds_fr") config.dgn-secrets.names))
|
||||
];
|
||||
|
||||
users.users.ds-fr.extraGroups = [ "sendmail" ];
|
||||
}
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
{ config, ... }:
|
||||
{ config, lib, dgn-lib, ... }:
|
||||
|
||||
let host = "social.dgnum.eu";
|
||||
let
|
||||
inherit (dgn-lib) setDefault;
|
||||
|
||||
host = "social.dgnum.eu";
|
||||
in {
|
||||
services.mastodon = {
|
||||
enable = true;
|
||||
|
@ -36,5 +39,8 @@ in {
|
|||
extraEnvFiles = [ config.age.secrets."mastodon-extra_env_file".path ];
|
||||
};
|
||||
|
||||
dgn-secrets.matches."^mastodon-.*$" = { owner = "mastodon"; };
|
||||
dgn-secrets.options = [
|
||||
(setDefault { owner = "mastodon"; }
|
||||
(builtins.filter (lib.hasPrefix "mastodon-") config.dgn-secrets.names))
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, dgn-lib, ... }:
|
||||
|
||||
let host = "cloud.dgnum.eu";
|
||||
let
|
||||
inherit (dgn-lib) setDefault;
|
||||
|
||||
host = "cloud.dgnum.eu";
|
||||
in {
|
||||
services.nextcloud = {
|
||||
enable = true;
|
||||
|
@ -68,5 +71,8 @@ in {
|
|||
exif
|
||||
];
|
||||
|
||||
dgn-secrets.matches."^nextcloud-.*$" = { owner = "nextcloud"; };
|
||||
dgn-secrets.options = [
|
||||
(setDefault { owner = "nextcloud"; }
|
||||
(builtins.filter (lib.hasPrefix "nextcloud-") config.dgn-secrets.names))
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
{ config, ... }:
|
||||
{ config, lib, dgn-lib, ... }:
|
||||
|
||||
let host = "docs.dgnum.eu";
|
||||
let
|
||||
inherit (dgn-lib) setDefault;
|
||||
|
||||
host = "docs.dgnum.eu";
|
||||
in {
|
||||
services.outline = {
|
||||
enable = true;
|
||||
|
@ -54,5 +57,8 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
dgn-secrets.matches."^outline-.*$" = { owner = "outline"; };
|
||||
dgn-secrets.options = [
|
||||
(setDefault { owner = "outline"; }
|
||||
(builtins.filter (lib.hasPrefix "outline-") config.dgn-secrets.names))
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
{ config, ... }:
|
||||
{ config, lib, dgn-lib, ... }:
|
||||
|
||||
let host = "saml-idp.dgnum.eu";
|
||||
let
|
||||
inherit (dgn-lib) setDefault;
|
||||
|
||||
host = "saml-idp.dgnum.eu";
|
||||
in {
|
||||
|
||||
imports = [ ./module.nix ];
|
||||
|
@ -144,5 +147,8 @@ in {
|
|||
forceSSL = true;
|
||||
};
|
||||
|
||||
dgn-secrets.matches."^satosa-.*$" = { owner = "satosa"; };
|
||||
dgn-secrets.options = [
|
||||
(setDefault { owner = "satosa"; }
|
||||
(builtins.filter (lib.hasPrefix "satosa-") config.dgn-secrets.names))
|
||||
];
|
||||
}
|
||||
|
|
|
@ -51,5 +51,5 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
dgn-secrets.matches."^zammad-.*$" = { owner = "zammad"; };
|
||||
dgn-secrets.options = [{ zammad-secret_key_base_file.owner = "zammad"; }];
|
||||
}
|
||||
|
|
|
@ -1,8 +1,11 @@
|
|||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, dgn-lib, ... }:
|
||||
|
||||
let
|
||||
inherit (dgn-lib) setDefault;
|
||||
|
||||
port = 3000;
|
||||
host = "git.dgnum.eu";
|
||||
|
||||
in {
|
||||
services.forgejo = {
|
||||
enable = true;
|
||||
|
@ -19,7 +22,9 @@ in {
|
|||
};
|
||||
|
||||
settings = {
|
||||
DEFAULT = { APP_NAME = "Forge git de la DGNum"; };
|
||||
DEFAULT = {
|
||||
APP_NAME = "Forge git de la DGNum";
|
||||
};
|
||||
|
||||
server = {
|
||||
ROOT_URL = "https://${host}/";
|
||||
|
@ -85,5 +90,8 @@ in {
|
|||
|
||||
users.groups.git = { };
|
||||
|
||||
dgn-secrets.matches."^forgejo-.*$" = { owner = "git"; };
|
||||
dgn-secrets.options = [
|
||||
(setDefault { owner = "git"; }
|
||||
(builtins.filter (lib.hasPrefix "forgejo-") config.dgn-secrets.names))
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,6 +1,10 @@
|
|||
{ config, ... }:
|
||||
{ config, lib, dgn-lib, ... }:
|
||||
|
||||
let
|
||||
inherit (dgn-lib) setDefault;
|
||||
|
||||
host = "videos.dgnum.eu";
|
||||
|
||||
let host = "videos.dgnum.eu";
|
||||
in {
|
||||
services.peertube = {
|
||||
enable = true;
|
||||
|
@ -59,5 +63,8 @@ in {
|
|||
forceSSL = true;
|
||||
};
|
||||
|
||||
dgn-secrets.matches."^peertube-.*$" = { owner = "peertube"; };
|
||||
dgn-secrets.options = [
|
||||
(setDefault { owner = "peertube"; }
|
||||
(builtins.filter (lib.hasPrefix "peertube-") config.dgn-secrets.names))
|
||||
];
|
||||
}
|
||||
|
|
|
@ -39,12 +39,14 @@ let
|
|||
|
||||
types;
|
||||
|
||||
inherit (dgn-lib) getSecrets mkBaseSecrets recursiveFuse;
|
||||
inherit (dgn-lib)
|
||||
getSecrets
|
||||
mkBaseSecrets
|
||||
recursiveFuse;
|
||||
|
||||
cfg = config.dgn-secrets;
|
||||
|
||||
optionsType = with types;
|
||||
submodule ({ config, ... }: {
|
||||
optionsType = with types; submodule ({ config, ... }: {
|
||||
options = {
|
||||
mode = mkOption {
|
||||
type = str;
|
||||
|
@ -71,8 +73,9 @@ let
|
|||
};
|
||||
};
|
||||
});
|
||||
in
|
||||
|
||||
in {
|
||||
{
|
||||
options.dgn-secrets = {
|
||||
sources = mkOption {
|
||||
type = with types; listOf path;
|
||||
|
@ -92,30 +95,18 @@ in {
|
|||
|
||||
names = mkOption {
|
||||
type = with types; listOf str;
|
||||
default = builtins.foldl' (acc: dir: acc ++ (dgn-lib.getSecrets dir)) [ ]
|
||||
cfg.sources;
|
||||
default = builtins.foldl' (acc: dir: acc ++ (dgn-lib.getSecrets dir)) [ ] cfg.sources;
|
||||
description = ''
|
||||
List of the names of the secrets.
|
||||
'';
|
||||
};
|
||||
|
||||
matches = mkOption {
|
||||
type = with types; attrsOf optionsType;
|
||||
default = { };
|
||||
description = ''
|
||||
Matches of secret names associated to options.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
dgn-secrets.options = builtins.concatLists (builtins.attrValues
|
||||
(builtins.mapAttrs (pattern: options:
|
||||
builtins.map (secret: { ${secret} = options; })
|
||||
(builtins.filter (secret: builtins.match pattern secret != null)
|
||||
cfg.names)) cfg.matches));
|
||||
|
||||
age.secrets = recursiveFuse (cfg.options
|
||||
++ (builtins.map (dir: mkBaseSecrets dir (getSecrets dir)) cfg.sources));
|
||||
age.secrets = recursiveFuse (cfg.options ++ (
|
||||
builtins.map
|
||||
(dir: mkBaseSecrets dir (getSecrets dir))
|
||||
cfg.sources
|
||||
));
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue