feat(ds-fr): Correctly apply patches

machines/compute01/_configuration.nix

@@ -15,7 +15,6 @@ lib.extra.mkConfig {
     "kanidm"
     "mastodon"
     "nextcloud"
-    "onlyoffice"
     "outline"
     "rstudio-server"
     "satosa"

machines/compute01/ds-fr/default.nix

@@ -20,13 +20,6 @@ in {
 
       # S3 storage setup
       ACTIVE_STORAGE_SERVICE = "local";
-      S3_ENDPOINT = "https://s3.dgnum.eu";
-      S3_BUCKET = "demarches-dgnum";
-      S3_REGION = "garage";
-      S3_FORCE_PATH_STYLE = "true";
-      S3_ACCESS_KEY_ID = "GK4d244118eac2336ae0ab2dd9";
-      S3_SECRET_ACCESS_KEY =
-        "61100261fb0a0c861371596f9ffcd1e83134301a6d0c665a077135af04ba18c3";
 
       # SAML_IDP_ENABLED = "enabled";
 

machines/compute01/ds-fr/package/default.nix

@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchpatch, fetchFromGitHub, fetchYarnDeps, yarn, fixup_yarn_lock
+{ lib, stdenv, fetchFromGitHub, git, fetchYarnDeps, yarn, fixup_yarn_lock
 , nodejs, ruby_3_2, bundlerEnv, logDir ? "/var/log/ds-fr"
 , dataDir ? "/var/lib/ds-fr", initialDeploymentDate ? "17941030" }:
 
@@ -51,7 +51,10 @@ let
     patches = [
       # Disable functionnalities as we only precompile assets
       ./patches/build.patch
-    ] ++ dgn-patches;
+    ];
+
+    postPatch = builtins.concatStringsSep "\n"
+      (builtins.map (p: "${git}/bin/git apply -p1 < ${p}") dgn-patches);
 
     OTP_SECRET_KEY = "precompile_placeholder";
     SECRET_KEY_BASE = "precompile_placeholder";
@@ -78,10 +81,7 @@ let
     '';
   };
 
-  dgn-patches = import ./dgnum.nix {
-    inherit fetchpatch;
-    inherit (lib) fakeHash;
-  };
+  dgn-patches = import ./dgnum.nix { };
 
 in stdenv.mkDerivation {
   name = "demarches-simplifiees.fr-${version}";
@@ -97,7 +97,10 @@ in stdenv.mkDerivation {
     ./patches/garage.patch
     ./patches/secrets-fc.patch
     ./patches/uninterlace_png.patch
-  ] ++ dgn-patches;
+  ];
+
+  postPatch = builtins.concatStringsSep "\n"
+    (builtins.map (p: "${git}/bin/git apply -p1 < ${p}") dgn-patches);
 
   buildPhase = ''
     rm -rf public

machines/compute01/ds-fr/package/dgnum.nix

@@ -1,59 +1,28 @@
-{ fetchpatch, fakeHash }:
+_:
 
-builtins.map ({ id, hash ? fakeHash }:
-  fetchpatch {
-    url =
-      "https://git.dgnum.eu/DGNum/demarches-normaliennes/commit/${id}.patch";
-    inherit hash;
-  }) [
+builtins.map (id:
+  builtins.fetchurl
+  "https://git.dgnum.eu/DGNum/demarches-normaliennes/commit/${id}.patch") [
     # remplacement l'arrache de quelques logos vers versions DGNum
-    {
-      id = "05d34a880ebb34265ebbcac0a83625b3a976c348";
-      hash = "sha256-3VTBom8Lz6F/NXvjLzdhBddXS5FerV5eNHUkDPBDeD8=";
-    }
+    "05d34a880ebb34265ebbcac0a83625b3a976c348"
     # ajout des NDD usuels ENS et DGNum pour autoriser les changements d'adresse mail
-    {
-      id = "bc4742aaacb174a55a08baae5f354ada3fba4577";
-      hash = "sha256-LShcRzj/lnFQyJtc9+RxNQq8tsCcdYrwhe2BjqLr1pQ=";
-    }
+    "bc4742aaacb174a55a08baae5f354ada3fba4577"
     # correction des svg des logos DGNum et DN
-    {
-      id = "ee474712a3e50d186acd8bbb52f60c1e4fee2f81";
-      hash = "sha256-yoPCZOPPOk84n2oAISzjzJ8n3eWtsYqPglayRKcJGII=";
-    }
+    "ee474712a3e50d186acd8bbb52f60c1e4fee2f81"
+    # remplacement Marianne - pour l'instant à l'arrache uniquement, logo sera repris et affiné plus tard
+    "1965a47fda2bc50fe4ddb2fbac63deb36b933c6f"
     # modifs Mariannes
-    {
-      id = "222ae5abee8a255cb1fe4e19f6a7769b2df1cafb";
-      hash = "sha256-26+RKT87c1sbpt/No6f6qLGzTU/UC/3+SQVVUd8dtfk=";
-    }
+    "222ae5abee8a255cb1fe4e19f6a7769b2df1cafb"
     # commenter quelques bouts de code inutiles dans l'usage DGNum de DS
-    {
-      id = "ab8b515e3dbd340741a4562ab4f87c520ac99434";
-      hash = "sha256-0yWAgLq5O1A6Rf4j/W/iKerX5f7ZlKE/tbCZ69Us2jo=";
-    }
+    "ab8b515e3dbd340741a4562ab4f87c520ac99434"
     # Update logo-ds.svg and delete commented lines
-    {
-      id = "ff36c4ad62f87086781743e843ec2ccde5eab8b6";
-      hash = "sha256-XRTZXD0j7Uk9fVKRMnYdGhNZ5yk85LNeg6IVotgw840=";
-    }
-    # correction logo DN pour les pages d'erreur
-    {
-      id = "bbe8e7d421466eea2b2ea56abf004bf91e29224c";
-      hash = "sha256-lo0giMktGn9vNBtn31EGSevEK/FXz6+crJNhVGexJec=";
-    }
+    "ff36c4ad62f87086781743e843ec2ccde5eab8b6"
+    # correction logo DN pour pages d'erreur
+    "bbe8e7d421466eea2b2ea56abf004bf91e29224c"
     # normalianisation de DN, texte
-    {
-      id = "0a630f87e214027e6b49073840fd4e1c1074ed2a";
-      hash = "sha256-zu/FtAa/B2eJnpxzZJs1CeA5/Btm25LOjfeHnLLHtmI=";
-    }
+    "0a630f87e214027e6b49073840fd4e1c1074ed2a"
     # modifs sur le fichier en anglais
-    {
-      id = "e9e644a4d86b44cfad339d9e6af4ae4938e13f75";
-      hash = "sha256-LoHzac2lC5YozlXOB4pqIkWPbJk2tq3326Sa+HsHGB8=";
-    }
+    "e9e644a4d86b44cfad339d9e6af4ae4938e13f75"
     # Use our logo in the header
-    {
-      id = "e755b13183da2ea94d8d91de45eae71a1a9fb5b9";
-      hash = "sha256-tt9vlsI6St1XeLe1c6xa2LTlKHHWMGP+pv1Kv2Q9hFU=";
-    }
+    "e755b13183da2ea94d8d91de45eae71a1a9fb5b9"
   ]

machines/compute01/onlyoffice/default.nix

@@ -1,21 +0,0 @@
-{ config, ... }:
-
-let hostname = "documentserver.dgnum.eu";
-in {
-  services.onlyoffice = {
-    inherit hostname;
-
-    enable = true;
-
-    jwtSecretFile = config.age.secrets."onlyoffice-jwt_secret_file".path;
-
-    port = 8015;
-  };
-
-  services.nginx.virtualHosts.${hostname} = {
-    enableACME = true;
-    forceSSL = true;
-  };
-
-  dgn-secrets.matches."^onlyoffice-.*$" = { owner = "onlyoffice"; };
-}

machines/compute01/secrets/onlyoffice-jwt_secret_file

@@ -1,27 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 tDqJRg 9KClo50ZWR0uxGXomkq/qiMAIqmUwZs5zAQB7NP2EQ0
-OLPsgWRhboDtx3w4tSngC6iawgwwsobxH3f1XX0GmaU
--> ssh-ed25519 jIXfPA cwCh2qALAh+KR0a78CA9SL5BtbCj/D2iwv2L6wlIozE
-fgEzTTGl1hOroJJrTNQG2vdKNv2gtzfbPnIV9094fg4
--> ssh-ed25519 QlRB9Q GdXj5z0EnEsK3sZjx7AecFjBaS8QxNwUOXPOy7XHXk4
-pAw0G7tI2kzs53eNFWUcGXI2Hs5HiyhdNDX91a2ovSg
--> ssh-ed25519 r+nK/Q mXwufupz9IqeRPSxVJ9VajjeraMydZaDxbf43X3tUQ4
-UrUtXn4/xxD5rfF+5TJfU6XG+rt0ux76ytQKxGgTQww
--> ssh-rsa krWCLQ
-Z2YF/WRWx6R9iCD6yYBKd+qu0QEgU8zgns05zUV4ntz338FpzgqKXbEdBDlKhTg9
-3x1EZMwmCaHkKadIyNaK+DVu674dslf109qY2Z8Y2uyEuGXDiiKRCM5eMw0eCT7F
-twzjOpo2Ap8dXHaiCz4FHXhTc2FnogPFbcg3G0J3APVyA0xL5T4D5iUN5ZAd6gbR
-IdlETmPHBtJo6WvSUSTNA0XU2aSoFS6PF23nozZWBPvKw74+RGocPFDUzmBcTCrA
-rajfmc4tmZR73amvcm+KwXK+TSeWb0s3PGeIe0ZhbNE8pxYlmhtTfj2xBgv1DIwD
-3W7uOxv44DF/H5RxDoI4Vw
--> ssh-ed25519 /vwQcQ O5sWA0Ju60oTSmxX418csot7EJ5Uop+3o+rly5/xZnQ
-kdBCGvt2M2Jl2Jc/qP2n24mWv3gnBIZ1Zzz6CM7jYko
--> ssh-ed25519 0R97PA kwgDZ+GHfUq45kahcIhFUw7UmT4/pJ+UjpNdp9n6yzE
-2ophUut79+4+aje2geZsfZKijeo24Ag8Gx2vFHj4qT4
--> ssh-ed25519 JGx7Ng 3XWLXYKOWXpcAO54k/QA/Yvb6SsRsnvsRfiLuv+MRD4
-R8/GJ6Gd/Me19vIfhxVthcMrsF9kxTEcwZ9SoQjXvIY
--> tT{}}-grease
-xI7oAXcqMkDwMgGqRuVLbJi9FBF+F1COLvUyseMnHH4tFRm9e8YJ9LiLpfzt0oTp
-p0Qjf1NLqvE5zishlqCwqCww3J+BrrfgGBPtOMiNGQU8Znk4LFFwxoc
---- P7IYBsTzUeccF3jqd+V3h3HaE/rXtZRNgrYNlQVKL0U
-iÀ±ú”
¢åáË/nù•±ÁÄ!«OÂy|È<>&C뚪žlžW¡«2‡-lNˆSÍXcŠRGò}œ˜

machines/compute01/secrets/secrets.nix

@@ -9,7 +9,6 @@ lib.setDefault { inherit publicKeys; } [
   "mastodon-extra_env_file"
   "nextcloud-adminpass_file"
   "nextcloud-s3_secret_file"
-  "onlyoffice-jwt_secret_file"
   "outline-oidc_client_secret_file"
   "outline-smtp_password_file"
   "outline-storage_secret_key_file"

patches/default.nix

@@ -128,18 +128,6 @@
       path = ./castopod.patch;
     }
 
-    # onlyoffice-documentserver: 7.3.3 -> 7.4.0
-    {
-      id = 238182;
-      hash = "sha256-HhdNPOOmQ62IYoG50ZGc0U/dUub2vIQ4fJR/gudoV2Y=";
-    }
-
-    # onlyoffice-documentserver: 7.4.0 -> 7.4.1
-    {
-      id = 252318;
-      hash = "sha256-lI5WYFlxKvava9e+eTI8ZGogIb3uPOLAWFrkxbSlCXI=";
-    }
-
     # nixos/fail2ban: RFC42-ize
     {
       id = 201907;