From 823b5c8206230502fddc3803a483d1320f77d5e4 Mon Sep 17 00:00:00 2001 From: sinavir Date: Tue, 24 Sep 2024 12:33:51 +0200 Subject: [PATCH] commit everything --- hive.nix | 86 ++++++++++------- machines/hackens-milieu/_configuration.nix | 30 +++--- machines/hackens-milieu/audio.nix | 1 - machines/hackens-milieu/default.nix | 8 +- machines/hackens-milieu/dns/default.nix | 15 ++- .../hackens-milieu/hardware-configuration.nix | 51 ++++++---- machines/hackens-milieu/i18n.nix | 3 +- machines/hackens-milieu/no-sleep.nix | 3 +- machines/hackens-milieu/system.nix | 9 +- machines/hackens-milieu/users.nix | 7 +- machines/hackens-milieu/vim.nix | 5 +- machines/hackens-org/_configuration.nix | 39 ++++---- machines/hackens-org/_networking.nix | 19 ++-- machines/hackens-org/_ssh.nix | 13 ++- machines/hackens-org/_users.nix | 9 +- machines/hackens-org/dokuwiki.nix | 12 ++- .../hackens-org/gestiohackens/default.nix | 91 ++++++++++++++++++ .../hackens-org/hardware-configuration.nix | 43 +++++---- machines/hackens-org/kfet-monitor/default.nix | 4 +- .../kfet-monitor/websocket-exporter.nix | 7 +- machines/hackens-org/legacy-redir.nix | 8 +- machines/hackens-org/matterbridge.nix | 8 +- machines/hackens-org/orga/authens.nix | 12 --- machines/hackens-org/orga/default.nix | 26 +++-- machines/hackens-org/programs.nix | 3 +- machines/hackens-org/prometheus.nix | 26 ++--- machines/hackens-org/secrets/default.nix | 10 +- .../secrets/django-gestiohackens.age | 28 ++++++ machines/hackens-org/secrets/secrets.nix | 56 ++++++++--- machines/hackens-org/secrets/snipeit.age | 29 ++++++ machines/hackens-org/snipe-it.nix | 22 +++++ machines/hackens-org/static-sites.nix | 7 +- machines/hackens-org/webpass.nix | 5 +- machines/hackens-org/wireguard.nix | 66 ++++++------- machines/rigel/_configuration.nix | 20 ++-- machines/rigel/bootloader.nix | 3 +- machines/rigel/kfet_lauchpad_controller.nix | 13 +-- machines/rigel/launchpad.nix | 13 +-- machines/rigel/lpminimk3.nix | 17 ++-- machines/rigel/networking.nix | 15 +-- machines/rigel/nix-conf.nix | 13 ++- machines/rigel/programs.nix | 3 +- machines/rigel/ssh.nix | 3 +- machines/rigel/users.nix | 3 +- machines/router/liminix | 1 + meta.nix | 11 ++- npins/default.nix | 96 ++++++++++--------- npins/sources.json | 30 +++--- pkgs/authens/01-get-success_url.patch | 15 +++ pkgs/authens/default.nix | 24 +++++ pkgs/django-autoslug/default.nix | 39 ++++++++ pkgs/loadcredential/default.nix | 34 +++++++ pkgs/markdown-icons/default.nix | 42 ++++++++ pkgs/overlays.nix | 15 ++- .../python-cas/default.nix | 14 ++- 55 files changed, 831 insertions(+), 354 deletions(-) create mode 100644 machines/hackens-org/gestiohackens/default.nix delete mode 100644 machines/hackens-org/orga/authens.nix create mode 100644 machines/hackens-org/secrets/django-gestiohackens.age create mode 100644 machines/hackens-org/secrets/snipeit.age create mode 100644 machines/hackens-org/snipe-it.nix create mode 160000 machines/router/liminix create mode 100644 pkgs/authens/01-get-success_url.patch create mode 100644 pkgs/authens/default.nix create mode 100644 pkgs/django-autoslug/default.nix create mode 100644 pkgs/loadcredential/default.nix create mode 100644 pkgs/markdown-icons/default.nix rename machines/hackens-org/orga/python-cas.nix => pkgs/python-cas/default.nix (69%) diff --git a/hive.nix b/hive.nix index a0faaea..1676f1e 100644 --- a/hive.nix +++ b/hive.nix @@ -6,54 +6,68 @@ let inherit (defaultNixpkgs) lib; - revision = node: (builtins.fromJSON (builtins.readFile ./npins/sources.json)).pins.${pkgsVersion node}.revision; + revision = + node: + (builtins.fromJSON (builtins.readFile ./npins/sources.json)).pins.${pkgsVersion node}.revision; mkNode = node: { - ${node} = { - name, - nodes, - ... - }: { - imports = [./machines/${node}/_configuration.nix] ++ lib.attrByPath [ "imports" ] [] metadata.nodes.${node}; - inherit (metadata.nodes.${node}) deployment; - nix.nixPath = - builtins.map (n: "${n}=${sources.${n}}") (builtins.attrNames sources) - ++ ["nixpkgs=${mkNixpkgsPath name}"]; - system.nixos.tags = [ - (revision node) - ]; - }; + ${node} = + { + name, + nodes, + ... + }: + { + imports = [ + ./machines/${node}/_configuration.nix + ] ++ lib.attrByPath [ "imports" ] [ ] metadata.nodes.${node}; + inherit (metadata.nodes.${node}) deployment; + nix.nixPath = builtins.map (n: "${n}=${sources.${n}}") (builtins.attrNames sources) ++ [ + "nixpkgs=${mkNixpkgsPath name}" + ]; + system.nixos.tags = [ + (revision node) + ]; + }; }; - pkgsVersion = node: lib.attrByPath [ node "nixpkgs" ] "nixos-unstable" metadata.nodes; + pkgsVersion = + node: + lib.attrByPath [ + node + "nixpkgs" + ] "nixos-unstable" metadata.nodes; mkNixpkgsPath = node: sources.${pkgsVersion node}; mkNixpkgs = node: { - ${node} = - importNixpkgsPath - (lib.attrByPath [ "arch" ] "x86_64-linux" metadata.nodes.${node}) - (mkNixpkgsPath node); + ${node} = importNixpkgsPath (lib.attrByPath [ "arch" ] "x86_64-linux" metadata.nodes.${node}) ( + mkNixpkgsPath node + ); }; - importNixpkgsPath = arch: p: import p { - config.allowUnfree = true; - overlays = import ./pkgs/overlays.nix; - system = arch; - }; + importNixpkgsPath = + arch: p: + import p { + config.allowUnfree = true; + overlays = import ./pkgs/overlays.nix; + system = arch; + }; nodes = builtins.attrNames metadata.nodes; - concatAttrs = builtins.foldl' (x: y: x // y) {}; + concatAttrs = builtins.foldl' (x: y: x // y) { }; in - { - meta = { - specialArgs = {inherit metadata;}; - nixpkgs = defaultNixpkgs; - nodeNixpkgs = concatAttrs (builtins.map mkNixpkgs nodes); - specialArgs = { - lib = lib; - }; +{ + meta = { + specialArgs = { + inherit metadata; }; - } - // (concatAttrs (builtins.map mkNode nodes)) + nixpkgs = defaultNixpkgs; + nodeNixpkgs = concatAttrs (builtins.map mkNixpkgs nodes); + specialArgs = { + lib = lib; + }; + }; +} +// (concatAttrs (builtins.map mkNode nodes)) diff --git a/machines/hackens-milieu/_configuration.nix b/machines/hackens-milieu/_configuration.nix index a4d4742..272c7b2 100644 --- a/machines/hackens-milieu/_configuration.nix +++ b/machines/hackens-milieu/_configuration.nix @@ -5,21 +5,20 @@ { config, pkgs, ... }: { - imports = - [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ./aarch64.nix - ./audio.nix - ./dns - ./gnome.nix - ./i18n.nix - ./no-sleep.nix - ./programs.nix - ./system.nix - ./users.nix - ./vim.nix - ]; + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ./aarch64.nix + ./audio.nix + ./dns + ./gnome.nix + ./i18n.nix + ./no-sleep.nix + ./programs.nix + ./system.nix + ./users.nix + ./vim.nix + ]; boot.loader.efi.canTouchEfiVariables = true; boot.loader.systemd-boot = { @@ -43,4 +42,3 @@ # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "20.09"; # Did you read the comment? } - diff --git a/machines/hackens-milieu/audio.nix b/machines/hackens-milieu/audio.nix index 734c6bf..9481e02 100644 --- a/machines/hackens-milieu/audio.nix +++ b/machines/hackens-milieu/audio.nix @@ -1,6 +1,5 @@ { pkgs, ... }: { # Enable sound. - sound.enable = true; hardware.pulseaudio.enable = true; } diff --git a/machines/hackens-milieu/default.nix b/machines/hackens-milieu/default.nix index e46a2c4..3f1e3c9 100644 --- a/machines/hackens-milieu/default.nix +++ b/machines/hackens-milieu/default.nix @@ -1,4 +1,6 @@ -{ pkgs, ... }: { - imports = [ - ]; +{ pkgs, ... }: +{ + imports = + [ + ]; } diff --git a/machines/hackens-milieu/dns/default.nix b/machines/hackens-milieu/dns/default.nix index a6ccd31..bb7c189 100644 --- a/machines/hackens-milieu/dns/default.nix +++ b/machines/hackens-milieu/dns/default.nix @@ -6,7 +6,10 @@ let in { networking = { - nameservers = [ "127.0.0.1" "::1" ]; + nameservers = [ + "127.0.0.1" + "::1" + ]; }; services.dnscrypt-proxy2 = { @@ -17,9 +20,13 @@ in forwarding_rules = ./forwarding.txt; - query_log = if debugDNS then { - file = "/dev/stdout"; - } else {}; + query_log = + if debugDNS then + { + file = "/dev/stdout"; + } + else + { }; sources.public-resolvers = { urls = [ diff --git a/machines/hackens-milieu/hardware-configuration.nix b/machines/hackens-milieu/hardware-configuration.nix index 3c60783..839c639 100644 --- a/machines/hackens-milieu/hardware-configuration.nix +++ b/machines/hackens-milieu/hardware-configuration.nix @@ -1,36 +1,49 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: { - imports = - [ - - ]; + imports = [ + + ]; - boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "sd_mod" "sr_mod" ]; + boot.initrd.availableKernelModules = [ + "ehci_pci" + "ahci" + "usbhid" + "sd_mod" + "sr_mod" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; # boot.kernelParams = [ "nomodeset" ]; - fileSystems."/" = - { - device = "/dev/disk/by-label/nixos-root"; - fsType = "btrfs"; - options = [ "ssd" "noatime" "ssd_spread" "discard" "space_cache" ]; - }; + fileSystems."/" = { + device = "/dev/disk/by-label/nixos-root"; + fsType = "btrfs"; + options = [ + "ssd" + "noatime" + "ssd_spread" + "discard" + "space_cache" + ]; + }; - fileSystems."/boot" = - { - device = "/dev/disk/by-label/BOOT"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-label/BOOT"; + fsType = "vfat"; + }; - swapDevices = - [{ device = "/dev/disk/by-label/SWAP"; }]; + swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ]; nix.maxJobs = lib.mkDefault 4; powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; diff --git a/machines/hackens-milieu/i18n.nix b/machines/hackens-milieu/i18n.nix index 3dc4532..10ba7c6 100644 --- a/machines/hackens-milieu/i18n.nix +++ b/machines/hackens-milieu/i18n.nix @@ -1,4 +1,5 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ i18n.defaultLocale = "en_US.UTF-8"; console = { font = "Lat2-Terminus16"; diff --git a/machines/hackens-milieu/no-sleep.nix b/machines/hackens-milieu/no-sleep.nix index 3b4e880..08c4718 100644 --- a/machines/hackens-milieu/no-sleep.nix +++ b/machines/hackens-milieu/no-sleep.nix @@ -1,4 +1,5 @@ -{ ... }: { +{ ... }: +{ systemd.targets = { sleep.enable = false; suspend.enable = false; diff --git a/machines/hackens-milieu/system.nix b/machines/hackens-milieu/system.nix index 5070118..a2383f2 100644 --- a/machines/hackens-milieu/system.nix +++ b/machines/hackens-milieu/system.nix @@ -1,4 +1,5 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ # Upgrades system.autoUpgrade = { enable = true; @@ -12,8 +13,10 @@ # Auto-GC and store optimizations nix = { - trustedUsers = [ "root" "hackens" ]; - package = pkgs.nixUnstable; + trustedUsers = [ + "root" + "hackens" + ]; gc = { automatic = true; dates = "weekly"; diff --git a/machines/hackens-milieu/users.nix b/machines/hackens-milieu/users.nix index 7d78f84..cb302b0 100644 --- a/machines/hackens-milieu/users.nix +++ b/machines/hackens-milieu/users.nix @@ -11,7 +11,12 @@ in { users.users.hackens = { isNormalUser = true; - extraGroups = [ "wheel" "dialout" "audio" "video" ]; + extraGroups = [ + "wheel" + "dialout" + "audio" + "video" + ]; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDcKULx/AgnqBsgwRX2BfV8waq6JXIkvZHhu9Y8paofM8awq6Om56BZoA7AV45YOcJxO/eFDOxSegXXmt22s4WjIf8I049aMdsW54BNpFpC/h18cMzm5ylKVGHl1ier/WXxpBsA8YU++YdRlGHPpKnhCtYLnBzD4Q5h+05GMIHismNZP1aGpE9s01FuP8eaDDkZUba7oSpn03AA77DBw4/2ZreSbqo96Z6WwiG09KeZvxFtEIk98EQtmiExB2fwsK3/JIxIBCoZHh4SzERcslxxGgzdppd6NhhSh7g523zhiihLaTAPNXBovGm5wcKOU9uWe+pUWEbwV04E+809aVbkJOdYBCtIf8M91meqpupA8jK38uquePHEFvpNr5UmY0qUlJCoqTvoqg9XgrfJVjlPEmYknj/QjQzkA4k19y8njsyEjnYOBL6tsztg6Igl+NZXjBAPuAzxCsfHOtWw1WM5gANwqOL0V9f7+14yST3HwweqjHRj4xky6ritxK+ujfc= hackens@hackens-desktop" diff --git a/machines/hackens-milieu/vim.nix b/machines/hackens-milieu/vim.nix index fbb559e..dc40ddf 100644 --- a/machines/hackens-milieu/vim.nix +++ b/machines/hackens-milieu/vim.nix @@ -1,6 +1,7 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ environment.systemPackages = with pkgs; [ - nixfmt + nixfmt-rfc-style git (neovim.override { vimAlias = true; diff --git a/machines/hackens-org/_configuration.nix b/machines/hackens-org/_configuration.nix index cdb1245..651eff3 100644 --- a/machines/hackens-org/_configuration.nix +++ b/machines/hackens-org/_configuration.nix @@ -5,25 +5,25 @@ { config, pkgs, ... }: { - imports = - [ - ./_bootloader.nix - ./_networking.nix - ./_ssh.nix - ./_users.nix - ./dokuwiki.nix - ./hardware-configuration.nix - ./matterbridge.nix - ./nginx.nix - ./orga - ./secrets - ./static-sites.nix - ./legacy-redir.nix - ./webpass.nix - ./prometheus.nix - ./grafana.nix - ./kfet-monitor - ]; + imports = [ + ./_bootloader.nix + ./_networking.nix + ./_ssh.nix + ./_users.nix + ./dokuwiki.nix + ./hardware-configuration.nix + ./matterbridge.nix + ./nginx.nix + ./orga + ./snipe-it.nix + ./secrets + ./static-sites.nix + ./legacy-redir.nix + ./webpass.nix + ./prometheus.nix + ./grafana.nix + ./kfet-monitor + ]; time.timeZone = "Europe/Paris"; @@ -38,4 +38,3 @@ system.stateVersion = "22.11"; # Did you read the comment? } - diff --git a/machines/hackens-org/_networking.nix b/machines/hackens-org/_networking.nix index e0d5a79..91e594e 100644 --- a/machines/hackens-org/_networking.nix +++ b/machines/hackens-org/_networking.nix @@ -29,14 +29,17 @@ }; }; "10-tun-he" = { - matchConfig.Name = "sit-he"; - networkConfig = { - Gateway = [ "2001:470:1f12:d21::1" ]; - Description = "HE.NET IPv6 Tunnel (owned by maurice)"; - Address = [ "2001:470:1f12:d21::2/64" ]; - }; - }; + matchConfig.Name = "sit-he"; + networkConfig = { + Gateway = [ "2001:470:1f12:d21::1" ]; + Description = "HE.NET IPv6 Tunnel (owned by maurice)"; + Address = [ "2001:470:1f12:d21::2/64" ]; + }; + }; }; }; - networking.nameservers = [ "1.1.1.1" "8.8.8.8" ]; + networking.nameservers = [ + "1.1.1.1" + "8.8.8.8" + ]; } diff --git a/machines/hackens-org/_ssh.nix b/machines/hackens-org/_ssh.nix index 45650d3..1480f0f 100644 --- a/machines/hackens-org/_ssh.nix +++ b/machines/hackens-org/_ssh.nix @@ -1,11 +1,18 @@ -{ ... }: { +{ ... }: +{ # Enable the OpenSSH daemon. services.openssh.enable = true; services.openssh.settings.PasswordAuthentication = false; - services.openssh.ports = [ 22 2222 ]; + services.openssh.ports = [ + 22 + 2222 + ]; # Open ports in the firewall. (In fact not needed) - networking.firewall.allowedTCPPorts = [ 22 2222 ]; + networking.firewall.allowedTCPPorts = [ + 22 + 2222 + ]; # Mosh <3 programs.mosh.enable = true; diff --git a/machines/hackens-org/_users.nix b/machines/hackens-org/_users.nix index 869866b..038d764 100644 --- a/machines/hackens-org/_users.nix +++ b/machines/hackens-org/_users.nix @@ -1,12 +1,12 @@ -{ ... }: { +{ ... }: +{ users = { mutableUsers = false; users = { rlahfa = { isNormalUser = true; extraGroups = [ "wheel" ]; - hashedPassword = - "$6$y/I6nKCMYUku7$91vTR5kYz4nHyhbuA/j6kPsD8Vfo/Rg7ri6Ympftra9V6emOt/mPg0AScECtYjSIxretvfQ3sPUF1Ho0IWx381"; + hashedPassword = "$6$y/I6nKCMYUku7$91vTR5kYz4nHyhbuA/j6kPsD8Vfo/Rg7ri6Ympftra9V6emOt/mPg0AScECtYjSIxretvfQ3sPUF1Ho0IWx381"; openssh.authorizedKeys.keyFiles = [ ../../pubkeys/raito.keys ]; }; gdoriathdohler = { @@ -17,8 +17,7 @@ mdebray = { isNormalUser = true; extraGroups = [ "wheel" ]; - hashedPassword = - "$6$ujz06kXa4TgvPAbF$NaXkDuOUpf3.fBRh7JuygtS0V2U/Bz4N3DpbOznO.md44xEdlKwPH/pSbL9CQJBhI5kodaKZeSaoCyhzybBPA/"; + hashedPassword = "$6$ujz06kXa4TgvPAbF$NaXkDuOUpf3.fBRh7JuygtS0V2U/Bz4N3DpbOznO.md44xEdlKwPH/pSbL9CQJBhI5kodaKZeSaoCyhzybBPA/"; openssh.authorizedKeys.keyFiles = [ ../../pubkeys/sinavir.keys ]; }; ecoppens = { diff --git a/machines/hackens-org/dokuwiki.nix b/machines/hackens-org/dokuwiki.nix index f6daff7..de58fee 100644 --- a/machines/hackens-org/dokuwiki.nix +++ b/machines/hackens-org/dokuwiki.nix @@ -1,4 +1,10 @@ -{ config, pkgs, lib, ... }: { +{ + config, + pkgs, + lib, + ... +}: +{ services.nginx.virtualHosts."hackens.org" = { enableACME = true; @@ -31,7 +37,7 @@ showAddNewPage = "logged"; fluidContainer = 0; }; - plugin.htmlok.htmlok=1; + plugin.htmlok.htmlok = 1; }; pluginsConfig = { @@ -67,7 +73,7 @@ postInstall = '' rm -r $out/share cp -r . $out - ''; + ''; })) (pkgs.fetchFromGitHub { name = "htmlok"; diff --git a/machines/hackens-org/gestiohackens/default.nix b/machines/hackens-org/gestiohackens/default.nix new file mode 100644 index 0000000..f2ba750 --- /dev/null +++ b/machines/hackens-org/gestiohackens/default.nix @@ -0,0 +1,91 @@ +{ + pkgs, + lib, + config, + ... +}: +let + src = pkgs.fetchgit { + url = "https://git.rz.ens.wtf/HackENS/gestiojeux.git"; + rev = "HEAD"; + hash = "sha256-ly786xct9U4hdsHr7NLl23smnOfE891au9/GXqxpFb4="; + }; +in +{ + imports = + [ + ]; + systemd.services.django-gestiohackens.serviceConfig = { + DynamicUser = lib.mkForce false; + User = "django-gestiohackens"; + SupplementaryGroups = [ "nginx" ]; + }; + users.users.django-gestiohackens = { + group = "django-gestiohackens"; + isSystemUser = true; + }; + users.groups.django-gestiohackens = { }; + services.nginx = { + enable = true; + recommendedProxySettings = true; + virtualHosts."inventaire.hackens.org" = { + enableACME = true; + forceSSL = true; + locations = { + "/" = { + proxyPass = "http://localhost:51667"; + }; + "/media/".alias = "/var/lib/django-gestiohackens/media/"; + "/static".root = config.services.django.gestiohackens.staticAssets; + }; + }; + }; + services.django.gestiohackens = { + inherit src; + enable = true; + mainModule = "gestiojeux"; + port = 51667; + settings = { + DEBUG = false; + CSRF_COOKIE_SECURE = true; + AUTHENS_ALLOW_STAFF = true; + SESSION_COOKIE_SECURE = true; + MEDIA_URL = "media/"; + ALLOWED_HOSTS = [ "inventaire.hackens.org" ]; + DATABASES = { + "default" = { + "ENGINE" = "django.db.backends.sqlite3"; + "NAME" = "/var/lib/django-gestiohackens/db.sqlite3"; + }; + }; + HAYSTACK_CONNECTIONS = { + "default" = { + "ENGINE" = "haystack.backends.whoosh_backend.WhooshEngine"; + "PATH" = "/var/lib/django-gestiohackens/whoosh_index"; + }; + }; + MEDIA_ROOT = "/var/lib/django-gestiohackens/media"; + }; + extraPackages = ps: [ + ps.django-autoslug + ps.loadcredential + ps.django-cleanup + ps.django-haystack + ps.django-markdownx + ps.django-tables2 + ps.pillow + ps.whoosh + ps.markdown-icons + ps.authens + + ps.qrcode + ps.pillow + + # Django haystack is drunk + ps.setuptools + ]; + secrets = { + SECRET_KEY = config.age.secrets.django-gestiohackens.path; + }; + }; +} diff --git a/machines/hackens-org/hardware-configuration.nix b/machines/hackens-org/hardware-configuration.nix index 6db90a9..5255ac5 100644 --- a/machines/hackens-org/hardware-configuration.nix +++ b/machines/hackens-org/hardware-configuration.nix @@ -1,32 +1,39 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { - imports = - [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; - boot.initrd.availableKernelModules = [ "uhci_hcd" "ahci" "virtio_pci" "virtio_blk" ]; + boot.initrd.availableKernelModules = [ + "uhci_hcd" + "ahci" + "virtio_pci" + "virtio_blk" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { - device = "/dev/disk/by-uuid/8deb32c9-ee6a-4de8-94da-239c8ec509a2"; - fsType = "btrfs"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/8deb32c9-ee6a-4de8-94da-239c8ec509a2"; + fsType = "btrfs"; + }; - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/0795-75ED"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/0795-75ED"; + fsType = "vfat"; + }; - swapDevices = - [{ device = "/dev/disk/by-uuid/bd7c1c01-ce31-4db3-9c06-70716020e24a"; }]; + swapDevices = [ { device = "/dev/disk/by-uuid/bd7c1c01-ce31-4db3-9c06-70716020e24a"; } ]; } diff --git a/machines/hackens-org/kfet-monitor/default.nix b/machines/hackens-org/kfet-monitor/default.nix index 5fef9e0..79f980b 100644 --- a/machines/hackens-org/kfet-monitor/default.nix +++ b/machines/hackens-org/kfet-monitor/default.nix @@ -1,6 +1,6 @@ -{ lib, pkgs, ...}: +{ lib, pkgs, ... }: let - wsScraper = pkgs.callPackage ./websocket-exporter.nix {}; + wsScraper = pkgs.callPackage ./websocket-exporter.nix { }; in { systemd.services.kfet-open-recorder = { diff --git a/machines/hackens-org/kfet-monitor/websocket-exporter.nix b/machines/hackens-org/kfet-monitor/websocket-exporter.nix index 76961cf..5bdf75d 100644 --- a/machines/hackens-org/kfet-monitor/websocket-exporter.nix +++ b/machines/hackens-org/kfet-monitor/websocket-exporter.nix @@ -1,6 +1,7 @@ -{ lib -, python3 -, fetchFromGitHub +{ + lib, + python3, + fetchFromGitHub, }: python3.pkgs.buildPythonApplication rec { diff --git a/machines/hackens-org/legacy-redir.nix b/machines/hackens-org/legacy-redir.nix index 2fb8bd8..f9fea75 100644 --- a/machines/hackens-org/legacy-redir.nix +++ b/machines/hackens-org/legacy-redir.nix @@ -28,28 +28,28 @@ enableACME = true; extraConfig = '' return 301 $scheme://hackens.org/known$request_uri; - ''; + ''; }; "prez.hackens.org" = { forceSSL = true; enableACME = true; extraConfig = '' return 301 $scheme://hackens.org/prez$request_uri; - ''; + ''; }; "pub.hackens.org" = { forceSSL = true; enableACME = true; extraConfig = '' return 301 $scheme://hackens.org/pub$request_uri; - ''; + ''; }; "2048.hackens.org" = { forceSSL = true; enableACME = true; extraConfig = '' return 301 $scheme://hackens.org/2048$request_uri; - ''; + ''; }; }; } diff --git a/machines/hackens-org/matterbridge.nix b/machines/hackens-org/matterbridge.nix index b4e9237..2ac58c4 100644 --- a/machines/hackens-org/matterbridge.nix +++ b/machines/hackens-org/matterbridge.nix @@ -1,4 +1,9 @@ -{ pkgs, lib, config, ... }: +{ + pkgs, + lib, + config, + ... +}: let port = 52187; configFile = pkgs.writeText "metterbridge.toml" '' @@ -37,7 +42,6 @@ in ${pkgs.matterbridge}/bin/matterbridge -conf ${configFile} ''; - serviceConfig = { User = "matterbridge"; Group = "matterbridge"; diff --git a/machines/hackens-org/orga/authens.nix b/machines/hackens-org/orga/authens.nix deleted file mode 100644 index 32baafb..0000000 --- a/machines/hackens-org/orga/authens.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ lib, fetchgit, pythoncas, django, ldap, buildPythonPackage }: -buildPythonPackage rec { - pname = "authens"; - version = "v0.1b5"; - doCheck = false; - src = fetchgit { - url = "https://git.eleves.ens.fr/klub-dev-ens/authens.git"; - rev = "58747e57b30b47f36a0ed3e7c80850ed7f1edbf9"; - hash = "sha256-R0Nw212/BOPHfpspT5wzxtji1vxZ/JOuwr00naklWE8="; - }; - propagatedBuildInputs = [ django ldap pythoncas ]; -} diff --git a/machines/hackens-org/orga/default.nix b/machines/hackens-org/orga/default.nix index 25c53c7..dcfbb8a 100644 --- a/machines/hackens-org/orga/default.nix +++ b/machines/hackens-org/orga/default.nix @@ -1,14 +1,20 @@ -{ pkgs, lib, config, ... }: +{ + pkgs, + lib, + config, + ... +}: let - src = pkgs.fetchgit { - url = "https://git.rz.ens.wtf/HackENS/hackens-orga.git"; - rev = "HEAD"; - hash = "sha256-BiOKGeDPVp7EV/q4S9Zc54jUeBTpfOs5e/MsCPGAk/I="; - }; + src = pkgs.fetchgit { + url = "https://git.rz.ens.wtf/HackENS/hackens-orga.git"; + rev = "HEAD"; + hash = "sha256-BiOKGeDPVp7EV/q4S9Zc54jUeBTpfOs5e/MsCPGAk/I="; + }; in { - imports = [ - ]; + imports = + [ + ]; services.nginx = { enable = true; recommendedProxySettings = true; @@ -38,8 +44,8 @@ in }; }; }; - extraPackages = p: let pythoncas = (p.callPackage ./python-cas.nix { }); in [ - (p.callPackage ./authens.nix { inherit pythoncas; }) + extraPackages = p: [ + p.authens ]; secrets = { SECRET_KEY = config.age.secrets.django.path; diff --git a/machines/hackens-org/programs.nix b/machines/hackens-org/programs.nix index ef64971..babad24 100644 --- a/machines/hackens-org/programs.nix +++ b/machines/hackens-org/programs.nix @@ -1,4 +1,5 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ environment.systemPackages = [ pkgs.vim ]; diff --git a/machines/hackens-org/prometheus.nix b/machines/hackens-org/prometheus.nix index b766d0f..b7d48b2 100644 --- a/machines/hackens-org/prometheus.nix +++ b/machines/hackens-org/prometheus.nix @@ -24,18 +24,20 @@ in extraFlags = [ "--storage.tsdb.retention.size=2GB" ]; - rules = [ '' - groups: - - name: Chrony - rules: - - record: instance:chrony_clock_error_seconds:abs - expr: > - abs(chrony_tracking_last_offset_seconds) - + - chrony_tracking_root_dispersion_seconds - + - (0.5 * chrony_tracking_root_delay_seconds) - '']; + rules = [ + '' + groups: + - name: Chrony + rules: + - record: instance:chrony_clock_error_seconds:abs + expr: > + abs(chrony_tracking_last_offset_seconds) + + + chrony_tracking_root_dispersion_seconds + + + (0.5 * chrony_tracking_root_delay_seconds) + '' + ]; scrapeConfigs = [ { diff --git a/machines/hackens-org/secrets/default.nix b/machines/hackens-org/secrets/default.nix index c5a3822..121200b 100644 --- a/machines/hackens-org/secrets/default.nix +++ b/machines/hackens-org/secrets/default.nix @@ -1,7 +1,15 @@ -{ ... }: { +{ ... }: +{ age.secrets."django" = { file = ./django.age; }; + age.secrets."snipeit" = { + file = ./snipeit.age; + owner = "snipeit"; + }; + age.secrets."django-gestiohackens" = { + file = ./django-gestiohackens.age; + }; age.secrets."matterbridge-env" = { file = ./matterbridge-env.age; owner = "matterbridge"; diff --git a/machines/hackens-org/secrets/django-gestiohackens.age b/machines/hackens-org/secrets/django-gestiohackens.age new file mode 100644 index 0000000..0c5e0cb --- /dev/null +++ b/machines/hackens-org/secrets/django-gestiohackens.age @@ -0,0 +1,28 @@ +age-encryption.org/v1 +-> ssh-ed25519 JGx7Ng bMdvEX7j6bw5GNBohOahx43feq2/5/j/sm4+gLBCqls +SJAb40fN72h2/e6TFxKyF270xGtBq5EICpQB7Oe6KnU +-> ssh-ed25519 kXobKQ P1Ve/+t8nPrzu0qBL0EVnVH8X8f7/O93pH5ImPGnfVU +cG2dTLsKuY0mJhApuRw4ShlcpjPHfbobN+wxnpW42qE +-> ssh-ed25519 7hZk0g 7cPMy1bOSScXdk5xUiBrWM1noZ7QA9td+ffAlJGuKDg +2GrbxwLERVZgMAsAxhxVkEt2dAwv3lK2tmi+feDi9Bw +-> ssh-rsa krWCLQ +raDB1S2KgNXYYjYQoReSNbsMPBt8qUerW2I5Tiewco5Ao/iGuQPfaMxtuHPvk82r +VIpznCS6ZyEFkyFKCC/rnzgeTmH8LDAuGPSjCFOicq7STjhVqgjdaERkw4s6UxRN +WTQVhuVpRaN8abdxMknQG+1WpkdmlOQG6n+B7JN/Z5AgM4kE891CH+WJcaPetDwO +/wC6+Na3EkgJS2XrK++IveWGmRRy+CZdRNe/NzxNCV2wp+w1BJohHttq7gRc2F7z +58r6GzViXSAZ39QfKMO5e1MrkZHfzshc74jpkMnLWK9QXWsbTbkYJzeYf7wWCm9F +STRR5xQJIZdOEYKNsIfb6Q +-> ssh-ed25519 /vwQcQ gYKVPzT6ZXSc9xfuulV/57pIM1NXJ9IlLF/kJMRMWGw +4FiYaBIoC1hmYayoWUfomIHg2ibtHsBtyYMzMs8OcSA +-> ssh-ed25519 0R97PA GKMaGC4HmLhIL3pNEqiYqZ8a04CYgKt13IcRsJwQ2l8 +/8ePse2mnztxXGJrDLpr1yUcnyrm9AUQgUWV4fUcmXk +-> ssh-ed25519 cvTB5g CBw8+xqz9S9S5t7/TY7oz21WdhIqtWNv0WAbU16bayk +cUmHOQsoyaXkWVwYK9fK+CoAvYtDGcYF+JV3GgxzPYI +-> ssh-ed25519 Wu8JLQ VRDbadjqSTsmF/gkFe/Fg9OcxOFJDur0NJhexgObJy0 +C1/W8PbucQUpYfVomvK0S/JIrHOcdGfpmru7hbvLdGY +-> ssh-ed25519 EIt1vA SlgOWnU5N7XUX/tpp2cOH+7d1fl6qjy5R4D8lyTr004 +UBNV6PrfOB1jRV+GATefjpv1KEGyP06cKD741xzS8Gc +-> ssh-ed25519 X51wxg h1LfGf2RiFSAaUbLjAivqkX/f0rvxAO905NUYCrX7gk +ppAwL7fboGHlPptL2uQU5nBUI1FXCs6Ds3TMzG8WKxA +--- XgL6A4y8r8g55SKB86IIv+vb3Yo3ovpH+KQURMAtwg4 +"ڐb.cbEr{l(ӧP2e#3CP |I0ܥS@ʪQY'5 \ No newline at end of file diff --git a/machines/hackens-org/secrets/secrets.nix b/machines/hackens-org/secrets/secrets.nix index 6a1db12..c7ebc66 100644 --- a/machines/hackens-org/secrets/secrets.nix +++ b/machines/hackens-org/secrets/secrets.nix @@ -1,20 +1,46 @@ let lib = (import { }).lib; - readpubkeys = user: - builtins.filter (k: k != "") - (lib.splitString "\n" (builtins.readFile (../../../pubkeys + "/${user}.keys"))); + readpubkeys = + user: + builtins.filter (k: k != "") ( + lib.splitString "\n" (builtins.readFile (../../../pubkeys + "/${user}.keys")) + ); in { - "matterbridge-env.age".publicKeys = (readpubkeys "sinavir") - ++ (readpubkeys "hackens-host") ++ (readpubkeys "raito") - ++ (readpubkeys "gdd") ++ (readpubkeys "backslash"); - "django.age".publicKeys = (readpubkeys "sinavir") - ++ (readpubkeys "hackens-host") ++ (readpubkeys "raito") - ++ (readpubkeys "gdd") ++ (readpubkeys "backslash"); - "wg-key.age".publicKeys = (readpubkeys "sinavir") - ++ (readpubkeys "hackens-host") ++ (readpubkeys "raito") - ++ (readpubkeys "gdd") ++ (readpubkeys "backslash"); - "prometheus-webconf".publicKeys = (readpubkeys "sinavir") - ++ (readpubkeys "hackens-host") ++ (readpubkeys "raito") - ++ (readpubkeys "gdd") ++ (readpubkeys "backslash"); + "matterbridge-env.age".publicKeys = + (readpubkeys "sinavir") + ++ (readpubkeys "hackens-host") + ++ (readpubkeys "raito") + ++ (readpubkeys "gdd") + ++ (readpubkeys "backslash"); + "snipeit.age".publicKeys = + (readpubkeys "sinavir") + ++ (readpubkeys "hackens-host") + ++ (readpubkeys "raito") + ++ (readpubkeys "gdd") + ++ (readpubkeys "backslash"); + "django.age".publicKeys = + (readpubkeys "sinavir") + ++ (readpubkeys "hackens-host") + ++ (readpubkeys "raito") + ++ (readpubkeys "gdd") + ++ (readpubkeys "backslash"); + "django-gestiohackens.age".publicKeys = + (readpubkeys "sinavir") + ++ (readpubkeys "hackens-host") + ++ (readpubkeys "raito") + ++ (readpubkeys "gdd") + ++ (readpubkeys "backslash"); + "wg-key.age".publicKeys = + (readpubkeys "sinavir") + ++ (readpubkeys "hackens-host") + ++ (readpubkeys "raito") + ++ (readpubkeys "gdd") + ++ (readpubkeys "backslash"); + "prometheus-webconf".publicKeys = + (readpubkeys "sinavir") + ++ (readpubkeys "hackens-host") + ++ (readpubkeys "raito") + ++ (readpubkeys "gdd") + ++ (readpubkeys "backslash"); } diff --git a/machines/hackens-org/secrets/snipeit.age b/machines/hackens-org/secrets/snipeit.age new file mode 100644 index 0000000..7c90bd1 --- /dev/null +++ b/machines/hackens-org/secrets/snipeit.age @@ -0,0 +1,29 @@ +age-encryption.org/v1 +-> ssh-ed25519 JGx7Ng 6OHSOGM9Q4Us9F0dbVCiwWKzse3pRYAgJpAA6IPIdnQ +HqD9hdgqQqM3ZrivBDdYGHXtWF2XF/twsWw+vgsMvFQ +-> ssh-ed25519 kXobKQ PPSORbXqcXh4nyJp9zSiZsPj4M43xnYQTQOwStxRh2A +I3y7+s74YH5clRMT2yqt4EHNF008zVX8qJmymoGZrFM +-> ssh-ed25519 7hZk0g g6OU5HYXe3oc5gwSpHwChaLFxJ367vqOCGUKUOHvvGE +r4/WjMwACs6L8XPdun9C2MlOoBh/osc/16z344C8gTU +-> ssh-rsa krWCLQ +GBk11DEIlkEuqQ8IYRohr86rOGzr9Wh9SMxc5ukxpj1mLtiJhurGS98kpFO1Ybsa +6ik+mxl4OmQqKwsJFFqrOeOg2R4ORwoldDPZT0LB/DoQyVS5DzS6JRjxskvrmows +X7QLfeMZ9HYgpi5wsN++E3a3Kka/ulBAfksw4g+LquZwCP3FBKN/DEwsGCMuWnKW +SkYIBgiEDWCMB4W7QuafDR4sw19e9V06BTqghpjDaxHpG36srA3sfL3X/i6gjgz8 +nV/Hu19qVCLNf08Z+0T3qF4LWLKCFZkZFizttGao5cb6t4Kw/kiLsudPmvVjne6n +jVq5JSrZiSNA0SgJ1cK3dg +-> ssh-ed25519 /vwQcQ 8YA7/bMsUIr5Y/EzZbfeamwmeXD5EwQ6oO7PWiziO3k +tvGAoGnGPCMPgaZ61dWQ/5I3tiVLYkEJGb4D/OfCzYY +-> ssh-ed25519 0R97PA we+Q49vxyES8lHcdsJfDs3RsPvZh097G7jGEpHPCLHk +vlq2ylTC8//Bv4rVaBGesTr7SUd7s7To93FSrz45+4Y +-> ssh-ed25519 cvTB5g EIqyNfE/A1e4lICBqgwviXlM73GL6YH8ADqfIVCGe0U +ajHEiVrEAPk0bxNkbXX6FWDXeom8inTUamq/ToI7Kbg +-> ssh-ed25519 Wu8JLQ +4eSVyk9FMUBjgi65ukfx6MFNr3DomHcONPo71QsrTc +/4Pr60oSZmSneQcUXffq+wEJCt2zHRC1pkn/l6onwog +-> ssh-ed25519 EIt1vA 3M3zoHSBceyiQDLRkeGOjRHLkljrc2xRMOlhZy8Gs0g +C21xBrCwuskiZXSo+Ucl3HDChAO9V2sauGSCdj+2pwI +-> ssh-ed25519 X51wxg EhYdCmwgYWBHj3QAatGYlcX5qMQJaFlwkzyspQLfiTY +L0aeN67YVWuY5aSdQLi1qwyJ3TcwSH/Fs+hAFLZL/DE +--- gUY9ofxPOoMCmNT+HJvc3j83MPBoO1KnxW5UCfsNZ78 +!T{ KWƝL +U(q>.+SG [+jr}ׄ.dcZeW&m}t} \ No newline at end of file diff --git a/machines/hackens-org/snipe-it.nix b/machines/hackens-org/snipe-it.nix new file mode 100644 index 0000000..f3bf650 --- /dev/null +++ b/machines/hackens-org/snipe-it.nix @@ -0,0 +1,22 @@ +{ config, ... }: +{ + services.snipe-it = { + enable = true; + appKeyFile = config.age.secrets."snipeit".path; + config = { + APP_LOCALE = "fr-FR"; + APP_TIMEZONE = "Europe/Paris"; + }; + database = { + createLocally = true; + user = "snipeit"; + }; + user = "snipeit"; + group = "snipeit"; + hostName = "inventaire.hackens.org"; + nginx = { + enableACME = true; + forceSSL = true; + }; + }; +} diff --git a/machines/hackens-org/static-sites.nix b/machines/hackens-org/static-sites.nix index c9a16eb..c5a0ea5 100644 --- a/machines/hackens-org/static-sites.nix +++ b/machines/hackens-org/static-sites.nix @@ -19,10 +19,13 @@ in extraConfig = '' autoindex on; charset utf-8; - ''; + ''; }); }; }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; } diff --git a/machines/hackens-org/webpass.nix b/machines/hackens-org/webpass.nix index 3044f3f..59a84b9 100644 --- a/machines/hackens-org/webpass.nix +++ b/machines/hackens-org/webpass.nix @@ -37,5 +37,8 @@ proxyWebsockets = true; }; }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; } diff --git a/machines/hackens-org/wireguard.nix b/machines/hackens-org/wireguard.nix index 472eaf2..5509b82 100644 --- a/machines/hackens-org/wireguard.nix +++ b/machines/hackens-org/wireguard.nix @@ -3,7 +3,8 @@ lib, pkgs, ... -}: { +}: +{ systemd.network = { enable = true; networks = { @@ -12,15 +13,12 @@ address = [ "10.10.10.1/24" ]; - routes = [{ - routeConfig = { + routes = [ + { Destination = "10.10.10.0/24"; Scope = "link"; - }; - }]; - networkConfig = { - IPForward = true; - }; + } + ]; }; }; netdevs = { @@ -35,37 +33,33 @@ }; wireguardPeers = [ - { #hackens-desktop - wireguardPeerConfig = { - AllowedIPs = [ - "10.10.10.3/32" - ]; - PublicKey = "h4Nf+e4JIjqOMuM5JtLN298BF/fym9fWKGtRZmS5MVA="; - }; + { + # hackens-desktop + AllowedIPs = [ + "10.10.10.3/32" + ]; + PublicKey = "h4Nf+e4JIjqOMuM5JtLN298BF/fym9fWKGtRZmS5MVA="; } - { #bakham (AGB) - wireguardPeerConfig = { - AllowedIPs = [ - "10.10.10.5/32" - ]; - PublicKey = "JpUHFiavhlQfiHfOdUffQP3HLLeStttheACCaqlXAF8="; - }; + { + # bakham (AGB) + AllowedIPs = [ + "10.10.10.5/32" + ]; + PublicKey = "JpUHFiavhlQfiHfOdUffQP3HLLeStttheACCaqlXAF8="; } - { #soyouzpanda - wireguardPeerConfig = { - AllowedIPs = [ - "10.10.10.11/32" - ]; - PublicKey = "/xjWqkiyHY93wqo/Apj5SHP8UaXF4mKQRVwylKC2wy8="; - }; + { + # soyouzpanda + AllowedIPs = [ + "10.10.10.11/32" + ]; + PublicKey = "/xjWqkiyHY93wqo/Apj5SHP8UaXF4mKQRVwylKC2wy8="; } - { #sinavir - wireguardPeerConfig = { - AllowedIPs = [ - "10.10.10.12/32" - ]; - PublicKey = "kmc3PexCMKm1Tg8WUDbHaOkcWLl8KUh52CtrDOODf0M="; - }; + { + # sinavir + AllowedIPs = [ + "10.10.10.12/32" + ]; + PublicKey = "kmc3PexCMKm1Tg8WUDbHaOkcWLl8KUh52CtrDOODf0M="; } ]; }; diff --git a/machines/rigel/_configuration.nix b/machines/rigel/_configuration.nix index 3d58d50..5206b08 100644 --- a/machines/rigel/_configuration.nix +++ b/machines/rigel/_configuration.nix @@ -4,11 +4,13 @@ pkgs, modulesPath, ... -}: let - launchpad = - pkgs.python3.withPackages ( ps: [ (ps.callPackage ./launchpad.nix { lpminimk3 = ps.callPackage ./lpminimk3.nix {}; })]); +}: +let + launchpad = pkgs.python3.withPackages (ps: [ + (ps.callPackage ./launchpad.nix { lpminimk3 = ps.callPackage ./lpminimk3.nix { }; }) + ]); in - { +{ imports = [ (modulesPath + "/installer/sd-card/sd-image-aarch64.nix") ./bootloader.nix @@ -19,8 +21,7 @@ in ./users.nix ]; - nix.settings.substituters = lib.mkForce []; - + nix.settings.substituters = lib.mkForce [ ]; networking.hostName = "rigel"; # Define your hostname. @@ -34,7 +35,10 @@ in systemd.services.launchpad = { wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; - path = [ launchpad pkgs.unixtools.ping ]; + path = [ + launchpad + pkgs.unixtools.ping + ]; script = '' while ! ping -n -w 1 -c 1 10.1.1.2 &> /dev/null do @@ -42,7 +46,7 @@ in done sleep 0.1 python -m eos_midi 10.1.1.2 - ''; + ''; }; environment.shellAliases = { r = "systemctl restart launchpad.service"; diff --git a/machines/rigel/bootloader.nix b/machines/rigel/bootloader.nix index df2338f..27761d3 100644 --- a/machines/rigel/bootloader.nix +++ b/machines/rigel/bootloader.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ boot.loader.grub.enable = false; boot.loader.generic-extlinux-compatible.enable = true; } diff --git a/machines/rigel/kfet_lauchpad_controller.nix b/machines/rigel/kfet_lauchpad_controller.nix index 86cd827..7503781 100644 --- a/machines/rigel/kfet_lauchpad_controller.nix +++ b/machines/rigel/kfet_lauchpad_controller.nix @@ -1,9 +1,10 @@ -{ lib -, buildPythonPackage -, fetchgit -, poetry -, lpminimk3 -, python-osc +{ + lib, + buildPythonPackage, + fetchgit, + poetry, + lpminimk3, + python-osc, }: buildPythonPackage rec { diff --git a/machines/rigel/launchpad.nix b/machines/rigel/launchpad.nix index 23f91fe..8d6f387 100644 --- a/machines/rigel/launchpad.nix +++ b/machines/rigel/launchpad.nix @@ -1,9 +1,10 @@ -{ lib -, buildPythonPackage -, fetchgit -, poetry-core -, lpminimk3 -, python-osc +{ + lib, + buildPythonPackage, + fetchgit, + poetry-core, + lpminimk3, + python-osc, }: buildPythonPackage rec { diff --git a/machines/rigel/lpminimk3.nix b/machines/rigel/lpminimk3.nix index faf2a52..26e0e25 100644 --- a/machines/rigel/lpminimk3.nix +++ b/machines/rigel/lpminimk3.nix @@ -1,11 +1,12 @@ -{ lib -, buildPythonPackage -, fetchFromGitHub -, setuptools -, wheel -, jsonschema -, python-rtmidi -, websockets +{ + lib, + buildPythonPackage, + fetchFromGitHub, + setuptools, + wheel, + jsonschema, + python-rtmidi, + websockets, }: buildPythonPackage rec { diff --git a/machines/rigel/networking.nix b/machines/rigel/networking.nix index c2d4208..9fabfbc 100644 --- a/machines/rigel/networking.nix +++ b/machines/rigel/networking.nix @@ -3,7 +3,8 @@ lib, pkgs, ... -}: { +}: +{ networking.useDHCP = false; networking.firewall.allowedUDPPorts = [ 67 ]; @@ -18,13 +19,13 @@ IPMasquerade = "ipv4"; }; dhcpServerConfig = { - PoolOffset=100; - PoolSize=20; + PoolOffset = 100; + PoolSize = 20; UplinkInterface = ":none"; - EmitDNS="no"; - EmitNTP="no"; - EmitSIP="no"; - EmitRouter="no"; + EmitDNS = "no"; + EmitNTP = "no"; + EmitSIP = "no"; + EmitRouter = "no"; }; dhcpServerStaticLeases = [ { diff --git a/machines/rigel/nix-conf.nix b/machines/rigel/nix-conf.nix index f90ea4b..08ef176 100644 --- a/machines/rigel/nix-conf.nix +++ b/machines/rigel/nix-conf.nix @@ -6,9 +6,16 @@ nodes, name, ... -}: { +}: +{ nix.settings = { - trusted-users = ["root" "@wheel"]; - extra-experimental-features = ["nix-command" "flakes"]; + trusted-users = [ + "root" + "@wheel" + ]; + extra-experimental-features = [ + "nix-command" + "flakes" + ]; }; } diff --git a/machines/rigel/programs.nix b/machines/rigel/programs.nix index 46861d9..0d3e017 100644 --- a/machines/rigel/programs.nix +++ b/machines/rigel/programs.nix @@ -3,7 +3,8 @@ pkgs, lib, ... -}: { +}: +{ environment.systemPackages = with pkgs; [ sqlite-web dhcpdump diff --git a/machines/rigel/ssh.nix b/machines/rigel/ssh.nix index 35829f0..6e7d18b 100644 --- a/machines/rigel/ssh.nix +++ b/machines/rigel/ssh.nix @@ -1,4 +1,5 @@ -{...}: { +{ ... }: +{ services.openssh.enable = true; services.openssh.settings.PasswordAuthentication = true; } diff --git a/machines/rigel/users.nix b/machines/rigel/users.nix index 91ce8a2..7c1c9eb 100644 --- a/machines/rigel/users.nix +++ b/machines/rigel/users.nix @@ -1,4 +1,5 @@ -{...}: { +{ ... }: +{ users.mutableUsers = false; users.users.root = { openssh.authorizedKeys.keyFiles = [ diff --git a/machines/router/liminix b/machines/router/liminix new file mode 160000 index 0000000..5bb68f2 --- /dev/null +++ b/machines/router/liminix @@ -0,0 +1 @@ +Subproject commit 5bb68f24b539db1d9591ea320436b9dbdd2dc354 diff --git a/meta.nix b/meta.nix index 1678889..7721dae 100644 --- a/meta.nix +++ b/meta.nix @@ -8,12 +8,12 @@ let nodes = { hackens-milieu = { deployment = { - targetHost = null; #"milieu.cave.hackens.org"; + targetHost = null; # "milieu.cave.hackens.org"; #targetPort = 4243; allowLocalDeployment = true; tags = [ "desktop" ]; }; - imports = [agenix]; + imports = [ agenix ]; }; rigel = { deployment = { @@ -27,10 +27,13 @@ let tags = [ "server" ]; targetPort = 22; }; - imports = [agenix djangonix]; + imports = [ + agenix + djangonix + ]; }; }; }; in - metadata +metadata diff --git a/npins/default.nix b/npins/default.nix index e5e274a..e52254a 100644 --- a/npins/default.nix +++ b/npins/default.nix @@ -3,65 +3,71 @@ let data = builtins.fromJSON (builtins.readFile ./sources.json); version = data.version; - mkSource = spec: - assert spec ? type; let + mkSource = + spec: + assert spec ? type; + let path = - if spec.type == "Git" - then mkGitSource spec - else if spec.type == "GitRelease" - then mkGitSource spec - else if spec.type == "PyPi" - then mkPyPiSource spec - else if spec.type == "Channel" - then mkChannelSource spec - else builtins.throw "Unknown source type ${spec.type}"; + if spec.type == "Git" then + mkGitSource spec + else if spec.type == "GitRelease" then + mkGitSource spec + else if spec.type == "PyPi" then + mkPyPiSource spec + else if spec.type == "Channel" then + mkChannelSource spec + else + builtins.throw "Unknown source type ${spec.type}"; in - spec // {outPath = path;}; + spec // { outPath = path; }; - mkGitSource = { - repository, - revision, - url ? null, - hash, - ... - }: + mkGitSource = + { + repository, + revision, + url ? null, + hash, + ... + }: assert repository ? type; # At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository # In the latter case, there we will always be an url to the tarball - if url != null - then - (builtins.fetchTarball { - inherit url; - sha256 = hash; # FIXME: check nix version & use SRI hashes - }) - else - assert repository.type == "Git"; - builtins.fetchGit { - url = repository.url; - rev = revision; - # hash = hash; - }; + if url != null then + (builtins.fetchTarball { + inherit url; + sha256 = hash; # FIXME: check nix version & use SRI hashes + }) + else + assert repository.type == "Git"; + builtins.fetchGit { + url = repository.url; + rev = revision; + # hash = hash; + }; - mkPyPiSource = { - url, - hash, - ... - }: + mkPyPiSource = + { + url, + hash, + ... + }: builtins.fetchurl { inherit url; sha256 = hash; }; - mkChannelSource = { - url, - hash, - ... - }: + mkChannelSource = + { + url, + hash, + ... + }: builtins.fetchTarball { inherit url; sha256 = hash; }; in - if version == 3 - then builtins.mapAttrs (_: mkSource) data.pins - else throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`" +if version == 3 then + builtins.mapAttrs (_: mkSource) data.pins +else + throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`" diff --git a/npins/sources.json b/npins/sources.json index 9fe63ab..a0bd0dc 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -8,9 +8,9 @@ "repo": "agenix" }, "branch": "main", - "revision": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9", - "url": "https://github.com/ryantm/agenix/archive/c2fc0762bbe8feb06a2e59a364fa81b3a57671c9.tar.gz", - "hash": "1lpkwinlax40b7xgzspbkm9rsi4a1x48hxhixnni4irxxwnav0ah" + "revision": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", + "url": "https://github.com/ryantm/agenix/archive/f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41.tar.gz", + "hash": "1x8nd8hvsq6mvzig122vprwigsr3z2skanig65haqswn7z7amsvg" }, "disko": { "type": "Git", @@ -20,9 +20,9 @@ "repo": "disko" }, "branch": "master", - "revision": "1bbdb06f14e2621290b250e631cf3d8948e4d19b", - "url": "https://github.com/nix-community/disko/archive/1bbdb06f14e2621290b250e631cf3d8948e4d19b.tar.gz", - "hash": "15qbjnr8gfp0ybd4m0b6fn6bhwmdag1ybn5i217qjy55hrp8zhan" + "revision": "c61e50b63ad50dda5797b1593ad7771be496efbb", + "url": "https://github.com/nix-community/disko/archive/c61e50b63ad50dda5797b1593ad7771be496efbb.tar.gz", + "hash": "1nnz89hsiz0pf73g3b4072fv28z9mrqr14h2347iwf6xhj1d9zhi" }, "djangonix": { "type": "Git", @@ -31,9 +31,9 @@ "url": "https://git.dgnum.eu/mdebray/djangonix.git" }, "branch": "master", - "revision": "5ea9469cc2169c0cd72ea2f5a05fc46f2ad39a9e", + "revision": "a61afb48e2478c47360a8efea6f835c3b0f5f503", "url": null, - "hash": "1wfmr1h2j5i9yrzgczj5gk9fxq26jg90840f9glazfwylki5mp3x" + "hash": "0a0hnkyhvr6am484m7lg46040icbxzydnycaa1a2hclfnpgrxrdk" }, "dns.nix": { "type": "GitRelease", @@ -45,10 +45,10 @@ "pre_releases": false, "version_upper_bound": null, "release_prefix": null, - "version": "v1.1.2", - "revision": "c7b9645da9c0ddce4f9de4ef27ec01bb8108039a", - "url": "https://api.github.com/repos/kirelagin/dns.nix/tarball/v1.1.2", - "hash": "1b95dh15zl0qaf9fvvvvqlambm3plndpy24wwlib0sy4d0zq6y0h" + "version": "v1.2.0", + "revision": "a3196708a56dee76186a9415c187473b94e6cbae", + "url": "https://api.github.com/repos/kirelagin/dns.nix/tarball/v1.2.0", + "hash": "011b6ahj4qcf7jw009qgbf6k5dvjmgls88khwzgjr9kxlgbypb90" }, "nixos-unstable": { "type": "Git", @@ -58,9 +58,9 @@ "repo": "nixpkgs" }, "branch": "nixos-unstable", - "revision": "051f920625ab5aabe37c920346e3e69d7d34400e", - "url": "https://github.com/NixOS/nixpkgs/archive/051f920625ab5aabe37c920346e3e69d7d34400e.tar.gz", - "hash": "08lin51g5x2vv89rs6vmqxnyy8pfysh0wdp6mdxw6l86dpm2rbg2" + "revision": "9357f4f23713673f310988025d9dc261c20e70c6", + "url": "https://github.com/NixOS/nixpkgs/archive/9357f4f23713673f310988025d9dc261c20e70c6.tar.gz", + "hash": "0mr3vfnl8h0214ml7l5hsaq2g9174r3ra0hzcvlqk9kg024siwbf" } }, "version": 3 diff --git a/pkgs/authens/01-get-success_url.patch b/pkgs/authens/01-get-success_url.patch new file mode 100644 index 0000000..c0d7650 --- /dev/null +++ b/pkgs/authens/01-get-success_url.patch @@ -0,0 +1,15 @@ +diff --git a/authens/views.py b/authens/views.py +index 0478861..b1c93e9 100644 +--- a/authens/views.py ++++ b/authens/views.py +@@ -138,8 +138,8 @@ class LogoutView(auth_views.LogoutView): + else: + self.cas_connected = False + +- def get_next_page(self): +- next_page = super().get_next_page() ++ def get_success_url(self): ++ next_page = super().get_success_url() + if self.cas_connected: + cas_client = get_cas_client(self.request) + diff --git a/pkgs/authens/default.nix b/pkgs/authens/default.nix new file mode 100644 index 0000000..e569b04 --- /dev/null +++ b/pkgs/authens/default.nix @@ -0,0 +1,24 @@ +{ + python-cas, + django, + ldap, + buildPythonPackage, +}: +buildPythonPackage rec { + pname = "authens"; + version = "v0.1b5"; + doCheck = false; + patches = [ + ./01-get-success_url.patch + ]; + src = builtins.fetchGit { + url = "https://git.eleves.ens.fr/klub-dev-ens/authens.git"; + #rev = "master"; + #sha256 = "sha256-R0Nw212/BOPHfpspT5wzxtji1vxZ/JOuwr00naklWE8="; + }; + propagatedBuildInputs = [ + django + ldap + python-cas + ]; +} diff --git a/pkgs/django-autoslug/default.nix b/pkgs/django-autoslug/default.nix new file mode 100644 index 0000000..9700f3e --- /dev/null +++ b/pkgs/django-autoslug/default.nix @@ -0,0 +1,39 @@ +{ + lib, + buildPythonPackage, + fetchFromGitHub, + setuptools, + wheel, + django, +}: + +buildPythonPackage rec { + pname = "django-autoslug"; + version = "1.9.9"; + pyproject = true; + + src = fetchFromGitHub { + owner = "justinmayer"; + repo = "django-autoslug"; + rev = "v${version}"; + hash = "sha256-IRLY4VaKYXVkSgU/zdY+PSmGrcFB2FlE5L7j0FqisRM="; + }; + + nativeBuildInputs = [ + setuptools + wheel + ]; + + propagatedBuildInputs = [ django ]; + + # Requires DJANGO_SETTINGS_MODULE + # pythonImportsCheck = [ "autoslug" ]; + + meta = with lib; { + description = "AutoSlugField for Django"; + homepage = "https://github.com/justinmayer/django-autoslug/"; + changelog = "https://github.com/justinmayer/django-autoslug/blob/${src.rev}/CHANGELOG.rst"; + license = licenses.lgpl3Only; + maintainers = with maintainers; [ thubrecht ]; + }; +} diff --git a/pkgs/loadcredential/default.nix b/pkgs/loadcredential/default.nix new file mode 100644 index 0000000..2d8ced5 --- /dev/null +++ b/pkgs/loadcredential/default.nix @@ -0,0 +1,34 @@ +{ + lib, + buildPythonPackage, + fetchFromGitHub, + setuptools, + wheel, +}: + +buildPythonPackage rec { + pname = "loadcredential"; + version = "1.2"; + pyproject = true; + + src = fetchFromGitHub { + owner = "Tom-Hubrecht"; + repo = "loadcredential"; + rev = "v${version}"; + hash = "sha256-rNWFD89h1p1jYWLcfzsa/w8nK3bR4aVJsUPx0UtZnIw="; + }; + + build-system = [ + setuptools + wheel + ]; + + pythonImportsCheck = [ "loadcredential" ]; + + meta = { + description = "A simple python package to read credentials passed through systemd's LoadCredential, with a fallback on env variables "; + homepage = "https://github.com/Tom-Hubrecht/loadcredential"; + license = lib.licenses.mit; + maintainers = [ ]; # with lib.maintainers; [ thubrecht ]; + }; +} diff --git a/pkgs/markdown-icons/default.nix b/pkgs/markdown-icons/default.nix new file mode 100644 index 0000000..a9faa2e --- /dev/null +++ b/pkgs/markdown-icons/default.nix @@ -0,0 +1,42 @@ +{ + lib, + buildPythonPackage, + fetchFromGitHub, + unittestCheckHook, + setuptools, + wheel, + markdown, +}: + +buildPythonPackage rec { + pname = "markdown-icons"; + version = "3.1"; + pyproject = true; + + src = fetchFromGitHub { + owner = "Tom-Hubrecht"; + repo = "markdown-icons"; + rev = "v${version}"; + hash = "sha256-EZY/gyyZ5axInBfvsWLrDeTLDD+m18qSpf5XrVKLOaM="; + }; + + nativeBuildInputs = [ + setuptools + wheel + ]; + + nativeCheckInputs = [ unittestCheckHook ]; + + propagatedBuildInputs = [ markdown ]; + + pythonImportsCheck = [ "iconfonts" ]; + + meta = with lib; { + description = "Easily display icon fonts in markdown"; + homepage = "https://github.com/MadLittleMods/markdown-icons"; + license = licenses.free; + maintainers = with maintainers; [ thubrecht ]; + mainProgram = "markdown-icons"; + platforms = platforms.all; + }; +} diff --git a/pkgs/overlays.nix b/pkgs/overlays.nix index fe51488..569d0f9 100644 --- a/pkgs/overlays.nix +++ b/pkgs/overlays.nix @@ -1 +1,14 @@ -[] +[ + (final: prev: { + python3 = prev.python3.override { + packageOverrides = self: _: { + loadcredential = self.callPackage ./loadcredential { }; + authens = self.callPackage ./authens { }; + python-cas = self.callPackage ./python-cas { }; + + django-autoslug = self.callPackage ./django-autoslug { }; + markdown-icons = self.callPackage ./markdown-icons { }; + }; + }; + }) +] diff --git a/machines/hackens-org/orga/python-cas.nix b/pkgs/python-cas/default.nix similarity index 69% rename from machines/hackens-org/orga/python-cas.nix rename to pkgs/python-cas/default.nix index e0bba1c..42a51cf 100644 --- a/machines/hackens-org/orga/python-cas.nix +++ b/pkgs/python-cas/default.nix @@ -1,4 +1,10 @@ -{ lib, requests, lxml, six, buildPythonPackage, fetchFromGitHub }: +{ + requests, + lxml, + six, + buildPythonPackage, + fetchFromGitHub, +}: buildPythonPackage rec { pname = "python-cas"; version = "1.6.0"; @@ -9,5 +15,9 @@ buildPythonPackage rec { rev = "v1.6.0"; sha512 = "sha512-qnYzgwELUij2EdqA6H17q8vnNUsfI7DkbZSI8CCIGfXOM+cZ7vsWe7CJxzsDUw73sBPB4+zzpLxvb7tpm/IDeg=="; }; - propagatedBuildInputs = [ requests lxml six ]; + propagatedBuildInputs = [ + requests + lxml + six + ]; }