HackENS/hackens-org-configurations
5
0
Fork 0
Code Issues 2 Pull requests 1 Projects Releases Packages Wiki Activity

commit everything

Browse source
This commit is contained in:
sinavir 2024-09-24 12:33:51 +02:00
parent 0054c74806
commit 823b5c8206
55 changed files with 831 additions and 354 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

86
hive.nix
View file

@ -6,54 +6,68 @@ let
inherit (defaultNixpkgs) lib; inherit (defaultNixpkgs) lib;
revision = node: (builtins.fromJSON (builtins.readFile ./npins/sources.json)).pins.${pkgsVersion node}.revision; revision =
node:
(builtins.fromJSON (builtins.readFile ./npins/sources.json)).pins.${pkgsVersion node}.revision;
mkNode = node: { mkNode = node: {
${node} = { ${node} =
name, {
nodes, name,
... nodes,
}: { ...
imports = [./machines/${node}/_configuration.nix] ++ lib.attrByPath [ "imports" ] [] metadata.nodes.${node}; }:
inherit (metadata.nodes.${node}) deployment; {
nix.nixPath = imports = [
builtins.map (n: "${n}=${sources.${n}}") (builtins.attrNames sources) ./machines/${node}/_configuration.nix
++ ["nixpkgs=${mkNixpkgsPath name}"]; ] ++ lib.attrByPath [ "imports" ] [ ] metadata.nodes.${node};
system.nixos.tags = [ inherit (metadata.nodes.${node}) deployment;
(revision node) nix.nixPath = builtins.map (n: "${n}=${sources.${n}}") (builtins.attrNames sources) ++ [
]; "nixpkgs=${mkNixpkgsPath name}"
}; ];
system.nixos.tags = [
(revision node)
];
};
}; };
pkgsVersion = node: lib.attrByPath [ node "nixpkgs" ] "nixos-unstable" metadata.nodes; pkgsVersion =
node:
lib.attrByPath [
node
"nixpkgs"
] "nixos-unstable" metadata.nodes;
mkNixpkgsPath = node: sources.${pkgsVersion node}; mkNixpkgsPath = node: sources.${pkgsVersion node};
mkNixpkgs = node: { mkNixpkgs = node: {
${node} = ${node} = importNixpkgsPath (lib.attrByPath [ "arch" ] "x86_64-linux" metadata.nodes.${node}) (
importNixpkgsPath mkNixpkgsPath node
(lib.attrByPath [ "arch" ] "x86_64-linux" metadata.nodes.${node}) );
(mkNixpkgsPath node);
}; };
importNixpkgsPath = arch: p: import p { importNixpkgsPath =
config.allowUnfree = true; arch: p:
overlays = import ./pkgs/overlays.nix; import p {
system = arch; config.allowUnfree = true;
}; overlays = import ./pkgs/overlays.nix;
system = arch;
};
nodes = builtins.attrNames metadata.nodes; nodes = builtins.attrNames metadata.nodes;
concatAttrs = builtins.foldl' (x: y: x // y) {}; concatAttrs = builtins.foldl' (x: y: x // y) { };
in in
{ {
meta = { meta = {
specialArgs = {inherit metadata;}; specialArgs = {
nixpkgs = defaultNixpkgs; inherit metadata;
nodeNixpkgs = concatAttrs (builtins.map mkNixpkgs nodes);
specialArgs = {
lib = lib;
};
}; };
} nixpkgs = defaultNixpkgs;
// (concatAttrs (builtins.map mkNode nodes)) nodeNixpkgs = concatAttrs (builtins.map mkNixpkgs nodes);
specialArgs = {
lib = lib;
};
};
}
// (concatAttrs (builtins.map mkNode nodes))

30
machines/hackens-milieu/_configuration.nix
View file

@ -5,21 +5,20 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = imports = [
[ # Include the results of the hardware scan.
# Include the results of the hardware scan. ./hardware-configuration.nix
./hardware-configuration.nix ./aarch64.nix
./aarch64.nix ./audio.nix
./audio.nix ./dns
./dns ./gnome.nix
./gnome.nix ./i18n.nix
./i18n.nix ./no-sleep.nix
./no-sleep.nix ./programs.nix
./programs.nix ./system.nix
./system.nix ./users.nix
./users.nix ./vim.nix
./vim.nix ];
];
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.loader.systemd-boot = { boot.loader.systemd-boot = {
@ -43,4 +42,3 @@
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "20.09"; # Did you read the comment? system.stateVersion = "20.09"; # Did you read the comment?
} }

1
machines/hackens-milieu/audio.nix
View file

@ -1,6 +1,5 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
# Enable sound. # Enable sound.
sound.enable = true;
hardware.pulseaudio.enable = true; hardware.pulseaudio.enable = true;
} }

8
machines/hackens-milieu/default.nix
View file

@ -1,4 +1,6 @@
{ pkgs, ... }: { { pkgs, ... }:
imports = [ {
]; imports =
[
];
} }

15
machines/hackens-milieu/dns/default.nix
View file

@ -6,7 +6,10 @@ let
in in
{ {
networking = { networking = {
nameservers = [ "127.0.0.1" "::1" ]; nameservers = [
"127.0.0.1"
"::1"
];
}; };
services.dnscrypt-proxy2 = { services.dnscrypt-proxy2 = {
@ -17,9 +20,13 @@ in
forwarding_rules = ./forwarding.txt; forwarding_rules = ./forwarding.txt;
query_log = if debugDNS then { query_log =
file = "/dev/stdout"; if debugDNS then
} else {}; {
file = "/dev/stdout";
}
else
{ };
sources.public-resolvers = { sources.public-resolvers = {
urls = [ urls = [

51
machines/hackens-milieu/hardware-configuration.nix
View file

@ -1,36 +1,49 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
{ {
imports = imports = [
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
<nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
];
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "sd_mod" "sr_mod" ]; boot.initrd.availableKernelModules = [
"ehci_pci"
"ahci"
"usbhid"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
# boot.kernelParams = [ "nomodeset" ]; # boot.kernelParams = [ "nomodeset" ];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-label/nixos-root";
device = "/dev/disk/by-label/nixos-root"; fsType = "btrfs";
fsType = "btrfs"; options = [
options = [ "ssd" "noatime" "ssd_spread" "discard" "space_cache" ]; "ssd"
}; "noatime"
"ssd_spread"
"discard"
"space_cache"
];
};
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-label/BOOT";
device = "/dev/disk/by-label/BOOT"; fsType = "vfat";
fsType = "vfat"; };
};
swapDevices = swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ];
[{ device = "/dev/disk/by-label/SWAP"; }];
nix.maxJobs = lib.mkDefault 4; nix.maxJobs = lib.mkDefault 4;
powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; powerManagement.cpuFreqGovernor = lib.mkDefault "performance";

3
machines/hackens-milieu/i18n.nix
View file

@ -1,4 +1,5 @@
{ pkgs, ... }: { { pkgs, ... }:
{
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
console = { console = {
font = "Lat2-Terminus16"; font = "Lat2-Terminus16";

3
machines/hackens-milieu/no-sleep.nix
View file

@ -1,4 +1,5 @@
{ ... }: { { ... }:
{
systemd.targets = { systemd.targets = {
sleep.enable = false; sleep.enable = false;
suspend.enable = false; suspend.enable = false;

9
machines/hackens-milieu/system.nix
View file

@ -1,4 +1,5 @@
{ pkgs, ... }: { { pkgs, ... }:
{
# Upgrades # Upgrades
system.autoUpgrade = { system.autoUpgrade = {
enable = true; enable = true;
@ -12,8 +13,10 @@
# Auto-GC and store optimizations # Auto-GC and store optimizations
nix = { nix = {
trustedUsers = [ "root" "hackens" ]; trustedUsers = [
package = pkgs.nixUnstable; "root"
"hackens"
];
gc = { gc = {
automatic = true; automatic = true;
dates = "weekly"; dates = "weekly";

7
machines/hackens-milieu/users.nix
View file

@ -11,7 +11,12 @@ in
{ {
users.users.hackens = { users.users.hackens = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" "dialout" "audio" "video" ]; extraGroups = [
"wheel"
"dialout"
"audio"
"video"
];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDcKULx/AgnqBsgwRX2BfV8waq6JXIkvZHhu9Y8paofM8awq6Om56BZoA7AV45YOcJxO/eFDOxSegXXmt22s4WjIf8I049aMdsW54BNpFpC/h18cMzm5ylKVGHl1ier/WXxpBsA8YU++YdRlGHPpKnhCtYLnBzD4Q5h+05GMIHismNZP1aGpE9s01FuP8eaDDkZUba7oSpn03AA77DBw4/2ZreSbqo96Z6WwiG09KeZvxFtEIk98EQtmiExB2fwsK3/JIxIBCoZHh4SzERcslxxGgzdppd6NhhSh7g523zhiihLaTAPNXBovGm5wcKOU9uWe+pUWEbwV04E+809aVbkJOdYBCtIf8M91meqpupA8jK38uquePHEFvpNr5UmY0qUlJCoqTvoqg9XgrfJVjlPEmYknj/QjQzkA4k19y8njsyEjnYOBL6tsztg6Igl+NZXjBAPuAzxCsfHOtWw1WM5gANwqOL0V9f7+14yST3HwweqjHRj4xky6ritxK+ujfc= hackens@hackens-desktop" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDcKULx/AgnqBsgwRX2BfV8waq6JXIkvZHhu9Y8paofM8awq6Om56BZoA7AV45YOcJxO/eFDOxSegXXmt22s4WjIf8I049aMdsW54BNpFpC/h18cMzm5ylKVGHl1ier/WXxpBsA8YU++YdRlGHPpKnhCtYLnBzD4Q5h+05GMIHismNZP1aGpE9s01FuP8eaDDkZUba7oSpn03AA77DBw4/2ZreSbqo96Z6WwiG09KeZvxFtEIk98EQtmiExB2fwsK3/JIxIBCoZHh4SzERcslxxGgzdppd6NhhSh7g523zhiihLaTAPNXBovGm5wcKOU9uWe+pUWEbwV04E+809aVbkJOdYBCtIf8M91meqpupA8jK38uquePHEFvpNr5UmY0qUlJCoqTvoqg9XgrfJVjlPEmYknj/QjQzkA4k19y8njsyEjnYOBL6tsztg6Igl+NZXjBAPuAzxCsfHOtWw1WM5gANwqOL0V9f7+14yST3HwweqjHRj4xky6ritxK+ujfc= hackens@hackens-desktop"

5
machines/hackens-milieu/vim.nix
View file

@ -1,6 +1,7 @@
{ pkgs, ... }: { { pkgs, ... }:
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
nixfmt nixfmt-rfc-style
git git
(neovim.override { (neovim.override {
vimAlias = true; vimAlias = true;

39
machines/hackens-org/_configuration.nix
View file

@ -5,25 +5,25 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = imports = [
[ ./_bootloader.nix
./_bootloader.nix ./_networking.nix
./_networking.nix ./_ssh.nix
./_ssh.nix ./_users.nix
./_users.nix ./dokuwiki.nix
./dokuwiki.nix ./hardware-configuration.nix
./hardware-configuration.nix ./matterbridge.nix
./matterbridge.nix ./nginx.nix
./nginx.nix ./orga
./orga ./snipe-it.nix
./secrets ./secrets
./static-sites.nix ./static-sites.nix
./legacy-redir.nix ./legacy-redir.nix
./webpass.nix ./webpass.nix
./prometheus.nix ./prometheus.nix
./grafana.nix ./grafana.nix
./kfet-monitor ./kfet-monitor
]; ];
time.timeZone = "Europe/Paris"; time.timeZone = "Europe/Paris";
@ -38,4 +38,3 @@
system.stateVersion = "22.11"; # Did you read the comment? system.stateVersion = "22.11"; # Did you read the comment?
} }

19
machines/hackens-org/_networking.nix
View file

@ -29,14 +29,17 @@
}; };
}; };
"10-tun-he" = { "10-tun-he" = {
matchConfig.Name = "sit-he"; matchConfig.Name = "sit-he";
networkConfig = { networkConfig = {
Gateway = [ "2001:470:1f12:d21::1" ]; Gateway = [ "2001:470:1f12:d21::1" ];
Description = "HE.NET IPv6 Tunnel (owned by maurice)"; Description = "HE.NET IPv6 Tunnel (owned by maurice)";
Address = [ "2001:470:1f12:d21::2/64" ]; Address = [ "2001:470:1f12:d21::2/64" ];
}; };
}; };
}; };
}; };
networking.nameservers = [ "1.1.1.1" "8.8.8.8" ]; networking.nameservers = [
"1.1.1.1"
"8.8.8.8"
];
} }

13
machines/hackens-org/_ssh.nix
View file

@ -1,11 +1,18 @@
{ ... }: { { ... }:
{
# Enable the OpenSSH daemon. # Enable the OpenSSH daemon.
services.openssh.enable = true; services.openssh.enable = true;
services.openssh.settings.PasswordAuthentication = false; services.openssh.settings.PasswordAuthentication = false;
services.openssh.ports = [ 22 2222 ]; services.openssh.ports = [
22
2222
];
# Open ports in the firewall. (In fact not needed) # Open ports in the firewall. (In fact not needed)
networking.firewall.allowedTCPPorts = [ 22 2222 ]; networking.firewall.allowedTCPPorts = [
22
2222
];
# Mosh <3 # Mosh <3
programs.mosh.enable = true; programs.mosh.enable = true;

9
machines/hackens-org/_users.nix
View file

@ -1,12 +1,12 @@
{ ... }: { { ... }:
{
users = { users = {
mutableUsers = false; mutableUsers = false;
users = { users = {
rlahfa = { rlahfa = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
hashedPassword = hashedPassword = "$6$y/I6nKCMYUku7$91vTR5kYz4nHyhbuA/j6kPsD8Vfo/Rg7ri6Ympftra9V6emOt/mPg0AScECtYjSIxretvfQ3sPUF1Ho0IWx381";
"$6$y/I6nKCMYUku7$91vTR5kYz4nHyhbuA/j6kPsD8Vfo/Rg7ri6Ympftra9V6emOt/mPg0AScECtYjSIxretvfQ3sPUF1Ho0IWx381";
openssh.authorizedKeys.keyFiles = [ ../../pubkeys/raito.keys ]; openssh.authorizedKeys.keyFiles = [ ../../pubkeys/raito.keys ];
}; };
gdoriathdohler = { gdoriathdohler = {
@ -17,8 +17,7 @@
mdebray = { mdebray = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
hashedPassword = hashedPassword = "$6$ujz06kXa4TgvPAbF$NaXkDuOUpf3.fBRh7JuygtS0V2U/Bz4N3DpbOznO.md44xEdlKwPH/pSbL9CQJBhI5kodaKZeSaoCyhzybBPA/";
"$6$ujz06kXa4TgvPAbF$NaXkDuOUpf3.fBRh7JuygtS0V2U/Bz4N3DpbOznO.md44xEdlKwPH/pSbL9CQJBhI5kodaKZeSaoCyhzybBPA/";
openssh.authorizedKeys.keyFiles = [ ../../pubkeys/sinavir.keys ]; openssh.authorizedKeys.keyFiles = [ ../../pubkeys/sinavir.keys ];
}; };
ecoppens = { ecoppens = {

12
machines/hackens-org/dokuwiki.nix
View file

@ -1,4 +1,10 @@
{ config, pkgs, lib, ... }: { {
config,
pkgs,
lib,
...
}:
{
services.nginx.virtualHosts."hackens.org" = { services.nginx.virtualHosts."hackens.org" = {
enableACME = true; enableACME = true;
@ -31,7 +37,7 @@
showAddNewPage = "logged"; showAddNewPage = "logged";
fluidContainer = 0; fluidContainer = 0;
}; };
plugin.htmlok.htmlok=1; plugin.htmlok.htmlok = 1;
}; };
pluginsConfig = { pluginsConfig = {
@ -67,7 +73,7 @@
postInstall = '' postInstall = ''
rm -r $out/share rm -r $out/share
cp -r . $out cp -r . $out
''; '';
})) }))
(pkgs.fetchFromGitHub { (pkgs.fetchFromGitHub {
name = "htmlok"; name = "htmlok";

91
machines/hackens-org/gestiohackens/default.nix Normal file
View file

@ -0,0 +1,91 @@
{
pkgs,
lib,
config,
...
}:
let
src = pkgs.fetchgit {
url = "https://git.rz.ens.wtf/HackENS/gestiojeux.git";
rev = "HEAD";
hash = "sha256-ly786xct9U4hdsHr7NLl23smnOfE891au9/GXqxpFb4=";
};
in
{
imports =
[
];
systemd.services.django-gestiohackens.serviceConfig = {
DynamicUser = lib.mkForce false;
User = "django-gestiohackens";
SupplementaryGroups = [ "nginx" ];
};
users.users.django-gestiohackens = {
group = "django-gestiohackens";
isSystemUser = true;
};
users.groups.django-gestiohackens = { };
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts."inventaire.hackens.org" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
proxyPass = "http://localhost:51667";
};
"/media/".alias = "/var/lib/django-gestiohackens/media/";
"/static".root = config.services.django.gestiohackens.staticAssets;
};
};
};
services.django.gestiohackens = {
inherit src;
enable = true;
mainModule = "gestiojeux";
port = 51667;
settings = {
DEBUG = false;
CSRF_COOKIE_SECURE = true;
AUTHENS_ALLOW_STAFF = true;
SESSION_COOKIE_SECURE = true;
MEDIA_URL = "media/";
ALLOWED_HOSTS = [ "inventaire.hackens.org" ];
DATABASES = {
"default" = {
"ENGINE" = "django.db.backends.sqlite3";
"NAME" = "/var/lib/django-gestiohackens/db.sqlite3";
};
};
HAYSTACK_CONNECTIONS = {
"default" = {
"ENGINE" = "haystack.backends.whoosh_backend.WhooshEngine";
"PATH" = "/var/lib/django-gestiohackens/whoosh_index";
};
};
MEDIA_ROOT = "/var/lib/django-gestiohackens/media";
};
extraPackages = ps: [
ps.django-autoslug
ps.loadcredential
ps.django-cleanup
ps.django-haystack
ps.django-markdownx
ps.django-tables2
ps.pillow
ps.whoosh
ps.markdown-icons
ps.authens
ps.qrcode
ps.pillow
# Django haystack is drunk
ps.setuptools
];
secrets = {
SECRET_KEY = config.age.secrets.django-gestiohackens.path;
};
};
}

43
machines/hackens-org/hardware-configuration.nix
View file

@ -1,32 +1,39 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = imports = [
[ (modulesPath + "/profiles/qemu-guest.nix")
(modulesPath + "/profiles/qemu-guest.nix") ];
];
boot.initrd.availableKernelModules = [ "uhci_hcd" "ahci" "virtio_pci" "virtio_blk" ]; boot.initrd.availableKernelModules = [
"uhci_hcd"
"ahci"
"virtio_pci"
"virtio_blk"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/8deb32c9-ee6a-4de8-94da-239c8ec509a2";
device = "/dev/disk/by-uuid/8deb32c9-ee6a-4de8-94da-239c8ec509a2"; fsType = "btrfs";
fsType = "btrfs"; };
};
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/0795-75ED";
device = "/dev/disk/by-uuid/0795-75ED"; fsType = "vfat";
fsType = "vfat"; };
};
swapDevices = swapDevices = [ { device = "/dev/disk/by-uuid/bd7c1c01-ce31-4db3-9c06-70716020e24a"; } ];
[{ device = "/dev/disk/by-uuid/bd7c1c01-ce31-4db3-9c06-70716020e24a"; }];
} }

4
machines/hackens-org/kfet-monitor/default.nix
View file

@ -1,6 +1,6 @@
{ lib, pkgs, ...}: { lib, pkgs, ... }:
let let
wsScraper = pkgs.callPackage ./websocket-exporter.nix {}; wsScraper = pkgs.callPackage ./websocket-exporter.nix { };
in in
{ {
systemd.services.kfet-open-recorder = { systemd.services.kfet-open-recorder = {

7
machines/hackens-org/kfet-monitor/websocket-exporter.nix
View file

@ -1,6 +1,7 @@
{ lib {
, python3 lib,
, fetchFromGitHub python3,
fetchFromGitHub,
}: }:
python3.pkgs.buildPythonApplication rec { python3.pkgs.buildPythonApplication rec {

8
machines/hackens-org/legacy-redir.nix
View file

@ -28,28 +28,28 @@
enableACME = true; enableACME = true;
extraConfig = '' extraConfig = ''
return 301 $scheme://hackens.org/known$request_uri; return 301 $scheme://hackens.org/known$request_uri;
''; '';
}; };
"prez.hackens.org" = { "prez.hackens.org" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
extraConfig = '' extraConfig = ''
return 301 $scheme://hackens.org/prez$request_uri; return 301 $scheme://hackens.org/prez$request_uri;
''; '';
}; };
"pub.hackens.org" = { "pub.hackens.org" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
extraConfig = '' extraConfig = ''
return 301 $scheme://hackens.org/pub$request_uri; return 301 $scheme://hackens.org/pub$request_uri;
''; '';
}; };
"2048.hackens.org" = { "2048.hackens.org" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
extraConfig = '' extraConfig = ''
return 301 $scheme://hackens.org/2048$request_uri; return 301 $scheme://hackens.org/2048$request_uri;
''; '';
}; };
}; };
} }

8
machines/hackens-org/matterbridge.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
port = 52187; port = 52187;
configFile = pkgs.writeText "metterbridge.toml" '' configFile = pkgs.writeText "metterbridge.toml" ''
@ -37,7 +42,6 @@ in
${pkgs.matterbridge}/bin/matterbridge -conf ${configFile} ${pkgs.matterbridge}/bin/matterbridge -conf ${configFile}
''; '';
serviceConfig = { serviceConfig = {
User = "matterbridge"; User = "matterbridge";
Group = "matterbridge"; Group = "matterbridge";

12
machines/hackens-org/orga/authens.nix
View file

@ -1,12 +0,0 @@
{ lib, fetchgit, pythoncas, django, ldap, buildPythonPackage }:
buildPythonPackage rec {
pname = "authens";
version = "v0.1b5";
doCheck = false;
src = fetchgit {
url = "https://git.eleves.ens.fr/klub-dev-ens/authens.git";
rev = "58747e57b30b47f36a0ed3e7c80850ed7f1edbf9";
hash = "sha256-R0Nw212/BOPHfpspT5wzxtji1vxZ/JOuwr00naklWE8=";
};
propagatedBuildInputs = [ django ldap pythoncas ];
}

26
machines/hackens-org/orga/default.nix
View file

@ -1,14 +1,20 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
src = pkgs.fetchgit { src = pkgs.fetchgit {
url = "https://git.rz.ens.wtf/HackENS/hackens-orga.git"; url = "https://git.rz.ens.wtf/HackENS/hackens-orga.git";
rev = "HEAD"; rev = "HEAD";
hash = "sha256-BiOKGeDPVp7EV/q4S9Zc54jUeBTpfOs5e/MsCPGAk/I="; hash = "sha256-BiOKGeDPVp7EV/q4S9Zc54jUeBTpfOs5e/MsCPGAk/I=";
}; };
in in
{ {
imports = [ imports =
]; [
];
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedProxySettings = true; recommendedProxySettings = true;
@ -38,8 +44,8 @@ in
}; };
}; };
}; };
extraPackages = p: let pythoncas = (p.callPackage ./python-cas.nix { }); in [ extraPackages = p: [
(p.callPackage ./authens.nix { inherit pythoncas; }) p.authens
]; ];
secrets = { secrets = {
SECRET_KEY = config.age.secrets.django.path; SECRET_KEY = config.age.secrets.django.path;

3
machines/hackens-org/programs.nix
View file

@ -1,4 +1,5 @@
{ pkgs, ... }: { { pkgs, ... }:
{
environment.systemPackages = [ environment.systemPackages = [
pkgs.vim pkgs.vim
]; ];

26
machines/hackens-org/prometheus.nix
View file

@ -24,18 +24,20 @@ in
extraFlags = [ "--storage.tsdb.retention.size=2GB" ]; extraFlags = [ "--storage.tsdb.retention.size=2GB" ];
rules = [ '' rules = [
groups: ''
- name: Chrony groups:
rules: - name: Chrony
- record: instance:chrony_clock_error_seconds:abs rules:
expr: > - record: instance:chrony_clock_error_seconds:abs
abs(chrony_tracking_last_offset_seconds) expr: >
+ abs(chrony_tracking_last_offset_seconds)
chrony_tracking_root_dispersion_seconds +
+ chrony_tracking_root_dispersion_seconds
(0.5 * chrony_tracking_root_delay_seconds) +
'']; (0.5 * chrony_tracking_root_delay_seconds)
''
];
scrapeConfigs = [ scrapeConfigs = [
{ {

10
machines/hackens-org/secrets/default.nix
View file

@ -1,7 +1,15 @@
{ ... }: { { ... }:
{
age.secrets."django" = { age.secrets."django" = {
file = ./django.age; file = ./django.age;
}; };
age.secrets."snipeit" = {
file = ./snipeit.age;
owner = "snipeit";
};
age.secrets."django-gestiohackens" = {
file = ./django-gestiohackens.age;
};
age.secrets."matterbridge-env" = { age.secrets."matterbridge-env" = {
file = ./matterbridge-env.age; file = ./matterbridge-env.age;
owner = "matterbridge"; owner = "matterbridge";

28
machines/hackens-org/secrets/django-gestiohackens.age Normal file
View file

@ -0,0 +1,28 @@
age-encryption.org/v1
-> ssh-ed25519 JGx7Ng bMdvEX7j6bw5GNBohOahx43feq2/5/j/sm4+gLBCqls
SJAb40fN72h2/e6TFxKyF270xGtBq5EICpQB7Oe6KnU
-> ssh-ed25519 kXobKQ P1Ve/+t8nPrzu0qBL0EVnVH8X8f7/O93pH5ImPGnfVU
cG2dTLsKuY0mJhApuRw4ShlcpjPHfbobN+wxnpW42qE
-> ssh-ed25519 7hZk0g 7cPMy1bOSScXdk5xUiBrWM1noZ7QA9td+ffAlJGuKDg
2GrbxwLERVZgMAsAxhxVkEt2dAwv3lK2tmi+feDi9Bw
-> ssh-rsa krWCLQ
raDB1S2KgNXYYjYQoReSNbsMPBt8qUerW2I5Tiewco5Ao/iGuQPfaMxtuHPvk82r
VIpznCS6ZyEFkyFKCC/rnzgeTmH8LDAuGPSjCFOicq7STjhVqgjdaERkw4s6UxRN
WTQVhuVpRaN8abdxMknQG+1WpkdmlOQG6n+B7JN/Z5AgM4kE891CH+WJcaPetDwO
/wC6+Na3EkgJS2XrK++IveWGmRRy+CZdRNe/NzxNCV2wp+w1BJohHttq7gRc2F7z
58r6GzViXSAZ39QfKMO5e1MrkZHfzshc74jpkMnLWK9QXWsbTbkYJzeYf7wWCm9F
STRR5xQJIZdOEYKNsIfb6Q
-> ssh-ed25519 /vwQcQ gYKVPzT6ZXSc9xfuulV/57pIM1NXJ9IlLF/kJMRMWGw
4FiYaBIoC1hmYayoWUfomIHg2ibtHsBtyYMzMs8OcSA
-> ssh-ed25519 0R97PA GKMaGC4HmLhIL3pNEqiYqZ8a04CYgKt13IcRsJwQ2l8
/8ePse2mnztxXGJrDLpr1yUcnyrm9AUQgUWV4fUcmXk
-> ssh-ed25519 cvTB5g CBw8+xqz9S9S5t7/TY7oz21WdhIqtWNv0WAbU16bayk
cUmHOQsoyaXkWVwYK9fK+CoAvYtDGcYF+JV3GgxzPYI
-> ssh-ed25519 Wu8JLQ VRDbadjqSTsmF/gkFe/Fg9OcxOFJDur0NJhexgObJy0
C1/W8PbucQUpYfVomvK0S/JIrHOcdGfpmru7hbvLdGY
-> ssh-ed25519 EIt1vA SlgOWnU5N7XUX/tpp2cOH+7d1fl6qjy5R4D8lyTr004
UBNV6PrfOB1jRV+GATefjpv1KEGyP06cKD741xzS8Gc
-> ssh-ed25519 X51wxg h1LfGf2RiFSAaUbLjAivqkX/f0rvxAO905NUYCrX7gk
ppAwL7fboGHlPptL2uQU5nBUI1FXCs6Ds3TMzG8WKxA
--- XgL6A4y8r8g55SKB86IIv+vb3Yo3ovpH+KQURMAtwg4
"Ú<> b.äcb¾Er<45>÷¹š·{»¦Öl(Ó§PßÄ2…e#ùòõ”3¾<33>ÏC‡P¹…˜I0ÔÜ¥S@ʪëQ¸ÝYæ'5…<35>µ

56
machines/hackens-org/secrets/secrets.nix
View file

@ -1,20 +1,46 @@
let let
lib = (import <nixpkgs> { }).lib; lib = (import <nixpkgs> { }).lib;
readpubkeys = user: readpubkeys =
builtins.filter (k: k != "") user:
(lib.splitString "\n" (builtins.readFile (../../../pubkeys + "/${user}.keys"))); builtins.filter (k: k != "") (
lib.splitString "\n" (builtins.readFile (../../../pubkeys + "/${user}.keys"))
);
in in
{ {
"matterbridge-env.age".publicKeys = (readpubkeys "sinavir") "matterbridge-env.age".publicKeys =
++ (readpubkeys "hackens-host") ++ (readpubkeys "raito") (readpubkeys "sinavir")
++ (readpubkeys "gdd") ++ (readpubkeys "backslash"); ++ (readpubkeys "hackens-host")
"django.age".publicKeys = (readpubkeys "sinavir") ++ (readpubkeys "raito")
++ (readpubkeys "hackens-host") ++ (readpubkeys "raito") ++ (readpubkeys "gdd")
++ (readpubkeys "gdd") ++ (readpubkeys "backslash"); ++ (readpubkeys "backslash");
"wg-key.age".publicKeys = (readpubkeys "sinavir") "snipeit.age".publicKeys =
++ (readpubkeys "hackens-host") ++ (readpubkeys "raito") (readpubkeys "sinavir")
++ (readpubkeys "gdd") ++ (readpubkeys "backslash"); ++ (readpubkeys "hackens-host")
"prometheus-webconf".publicKeys = (readpubkeys "sinavir") ++ (readpubkeys "raito")
++ (readpubkeys "hackens-host") ++ (readpubkeys "raito") ++ (readpubkeys "gdd")
++ (readpubkeys "gdd") ++ (readpubkeys "backslash"); ++ (readpubkeys "backslash");
"django.age".publicKeys =
(readpubkeys "sinavir")
++ (readpubkeys "hackens-host")
++ (readpubkeys "raito")
++ (readpubkeys "gdd")
++ (readpubkeys "backslash");
"django-gestiohackens.age".publicKeys =
(readpubkeys "sinavir")
++ (readpubkeys "hackens-host")
++ (readpubkeys "raito")
++ (readpubkeys "gdd")
++ (readpubkeys "backslash");
"wg-key.age".publicKeys =
(readpubkeys "sinavir")
++ (readpubkeys "hackens-host")
++ (readpubkeys "raito")
++ (readpubkeys "gdd")
++ (readpubkeys "backslash");
"prometheus-webconf".publicKeys =
(readpubkeys "sinavir")
++ (readpubkeys "hackens-host")
++ (readpubkeys "raito")
++ (readpubkeys "gdd")
++ (readpubkeys "backslash");
} }

29
machines/hackens-org/secrets/snipeit.age Normal file
View file

@ -0,0 +1,29 @@
age-encryption.org/v1
-> ssh-ed25519 JGx7Ng 6OHSOGM9Q4Us9F0dbVCiwWKzse3pRYAgJpAA6IPIdnQ
HqD9hdgqQqM3ZrivBDdYGHXtWF2XF/twsWw+vgsMvFQ
-> ssh-ed25519 kXobKQ PPSORbXqcXh4nyJp9zSiZsPj4M43xnYQTQOwStxRh2A
I3y7+s74YH5clRMT2yqt4EHNF008zVX8qJmymoGZrFM
-> ssh-ed25519 7hZk0g g6OU5HYXe3oc5gwSpHwChaLFxJ367vqOCGUKUOHvvGE
r4/WjMwACs6L8XPdun9C2MlOoBh/osc/16z344C8gTU
-> ssh-rsa krWCLQ
GBk11DEIlkEuqQ8IYRohr86rOGzr9Wh9SMxc5ukxpj1mLtiJhurGS98kpFO1Ybsa
6ik+mxl4OmQqKwsJFFqrOeOg2R4ORwoldDPZT0LB/DoQyVS5DzS6JRjxskvrmows
X7QLfeMZ9HYgpi5wsN++E3a3Kka/ulBAfksw4g+LquZwCP3FBKN/DEwsGCMuWnKW
SkYIBgiEDWCMB4W7QuafDR4sw19e9V06BTqghpjDaxHpG36srA3sfL3X/i6gjgz8
nV/Hu19qVCLNf08Z+0T3qF4LWLKCFZkZFizttGao5cb6t4Kw/kiLsudPmvVjne6n
jVq5JSrZiSNA0SgJ1cK3dg
-> ssh-ed25519 /vwQcQ 8YA7/bMsUIr5Y/EzZbfeamwmeXD5EwQ6oO7PWiziO3k
tvGAoGnGPCMPgaZ61dWQ/5I3tiVLYkEJGb4D/OfCzYY
-> ssh-ed25519 0R97PA we+Q49vxyES8lHcdsJfDs3RsPvZh097G7jGEpHPCLHk
vlq2ylTC8//Bv4rVaBGesTr7SUd7s7To93FSrz45+4Y
-> ssh-ed25519 cvTB5g EIqyNfE/A1e4lICBqgwviXlM73GL6YH8ADqfIVCGe0U
ajHEiVrEAPk0bxNkbXX6FWDXeom8inTUamq/ToI7Kbg
-> ssh-ed25519 Wu8JLQ +4eSVyk9FMUBjgi65ukfx6MFNr3DomHcONPo71QsrTc
/4Pr60oSZmSneQcUXffq+wEJCt2zHRC1pkn/l6onwog
-> ssh-ed25519 EIt1vA 3M3zoHSBceyiQDLRkeGOjRHLkljrc2xRMOlhZy8Gs0g
C21xBrCwuskiZXSo+Ucl3HDChAO9V2sauGSCdj+2pwI
-> ssh-ed25519 X51wxg EhYdCmwgYWBHj3QAatGYlcX5qMQJaFlwkzyspQLfiTY
L0aeN67YVWuY5aSdQLi1qwyJ3TcwSH/Fs+hAFLZL/DE
--- gUY9ofxPOoMCmNT+HJvc3j83MPBoO1KnxW5UCfsNZ78
­Š!T°{˜ KWÆ<57>L
¢Uðƒ(q>.¾+ÏSG¤ãð [¯+j¿rý}ׄ„<E2809E>¾¥ý.d¢c…„âZeW¸&m}t}

22
machines/hackens-org/snipe-it.nix Normal file
View file

@ -0,0 +1,22 @@
{ config, ... }:
{
services.snipe-it = {
enable = true;
appKeyFile = config.age.secrets."snipeit".path;
config = {
APP_LOCALE = "fr-FR";
APP_TIMEZONE = "Europe/Paris";
};
database = {
createLocally = true;
user = "snipeit";
};
user = "snipeit";
group = "snipeit";
hostName = "inventaire.hackens.org";
nginx = {
enableACME = true;
forceSSL = true;
};
};
}

7
machines/hackens-org/static-sites.nix
View file

@ -19,10 +19,13 @@ in
extraConfig = '' extraConfig = ''
autoindex on; autoindex on;
charset utf-8; charset utf-8;
''; '';
}); });
}; };
}; };
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [
80
443
];
} }

5
machines/hackens-org/webpass.nix
View file

@ -37,5 +37,8 @@
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [
80
443
];
} }

66
machines/hackens-org/wireguard.nix
View file

@ -3,7 +3,8 @@
lib, lib,
pkgs, pkgs,
... ...
}: { }:
{
systemd.network = { systemd.network = {
enable = true; enable = true;
networks = { networks = {
@ -12,15 +13,12 @@
address = [ address = [
"10.10.10.1/24" "10.10.10.1/24"
]; ];
routes = [{ routes = [
routeConfig = { {
Destination = "10.10.10.0/24"; Destination = "10.10.10.0/24";
Scope = "link"; Scope = "link";
}; }
}]; ];
networkConfig = {
IPForward = true;
};
}; };
}; };
netdevs = { netdevs = {
@ -35,37 +33,33 @@
}; };
wireguardPeers = [ wireguardPeers = [
{ #hackens-desktop {
wireguardPeerConfig = { # hackens-desktop
AllowedIPs = [ AllowedIPs = [
"10.10.10.3/32" "10.10.10.3/32"
]; ];
PublicKey = "h4Nf+e4JIjqOMuM5JtLN298BF/fym9fWKGtRZmS5MVA="; PublicKey = "h4Nf+e4JIjqOMuM5JtLN298BF/fym9fWKGtRZmS5MVA=";
};
} }
{ #bakham (AGB) {
wireguardPeerConfig = { # bakham (AGB)
AllowedIPs = [ AllowedIPs = [
"10.10.10.5/32" "10.10.10.5/32"
]; ];
PublicKey = "JpUHFiavhlQfiHfOdUffQP3HLLeStttheACCaqlXAF8="; PublicKey = "JpUHFiavhlQfiHfOdUffQP3HLLeStttheACCaqlXAF8=";
};
} }
{ #soyouzpanda {
wireguardPeerConfig = { # soyouzpanda
AllowedIPs = [ AllowedIPs = [
"10.10.10.11/32" "10.10.10.11/32"
]; ];
PublicKey = "/xjWqkiyHY93wqo/Apj5SHP8UaXF4mKQRVwylKC2wy8="; PublicKey = "/xjWqkiyHY93wqo/Apj5SHP8UaXF4mKQRVwylKC2wy8=";
};
} }
{ #sinavir {
wireguardPeerConfig = { # sinavir
AllowedIPs = [ AllowedIPs = [
"10.10.10.12/32" "10.10.10.12/32"
]; ];
PublicKey = "kmc3PexCMKm1Tg8WUDbHaOkcWLl8KUh52CtrDOODf0M="; PublicKey = "kmc3PexCMKm1Tg8WUDbHaOkcWLl8KUh52CtrDOODf0M=";
};
} }
]; ];
}; };

20
machines/rigel/_configuration.nix
View file

@ -4,11 +4,13 @@
pkgs, pkgs,
modulesPath, modulesPath,
... ...
}: let }:
launchpad = let
pkgs.python3.withPackages ( ps: [ (ps.callPackage ./launchpad.nix { lpminimk3 = ps.callPackage ./lpminimk3.nix {}; })]); launchpad = pkgs.python3.withPackages (ps: [
(ps.callPackage ./launchpad.nix { lpminimk3 = ps.callPackage ./lpminimk3.nix { }; })
]);
in in
{ {
imports = [ imports = [
(modulesPath + "/installer/sd-card/sd-image-aarch64.nix") (modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
./bootloader.nix ./bootloader.nix
@ -19,8 +21,7 @@ in
./users.nix ./users.nix
]; ];
nix.settings.substituters = lib.mkForce []; nix.settings.substituters = lib.mkForce [ ];
networking.hostName = "rigel"; # Define your hostname. networking.hostName = "rigel"; # Define your hostname.
@ -34,7 +35,10 @@ in
systemd.services.launchpad = { systemd.services.launchpad = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; after = [ "network.target" ];
path = [ launchpad pkgs.unixtools.ping ]; path = [
launchpad
pkgs.unixtools.ping
];
script = '' script = ''
while ! ping -n -w 1 -c 1 10.1.1.2 &> /dev/null while ! ping -n -w 1 -c 1 10.1.1.2 &> /dev/null
do do
@ -42,7 +46,7 @@ in
done done
sleep 0.1 sleep 0.1
python -m eos_midi 10.1.1.2 python -m eos_midi 10.1.1.2
''; '';
}; };
environment.shellAliases = { environment.shellAliases = {
r = "systemctl restart launchpad.service"; r = "systemctl restart launchpad.service";

3
machines/rigel/bootloader.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: { { pkgs, ... }:
{
boot.loader.grub.enable = false; boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true; boot.loader.generic-extlinux-compatible.enable = true;
} }

13
machines/rigel/kfet_lauchpad_controller.nix
View file

@ -1,9 +1,10 @@
{ lib {
, buildPythonPackage lib,
, fetchgit buildPythonPackage,
, poetry fetchgit,
, lpminimk3 poetry,
, python-osc lpminimk3,
python-osc,
}: }:
buildPythonPackage rec { buildPythonPackage rec {

13
machines/rigel/launchpad.nix
View file

@ -1,9 +1,10 @@
{ lib {
, buildPythonPackage lib,
, fetchgit buildPythonPackage,
, poetry-core fetchgit,
, lpminimk3 poetry-core,
, python-osc lpminimk3,
python-osc,
}: }:
buildPythonPackage rec { buildPythonPackage rec {

17
machines/rigel/lpminimk3.nix
View file

@ -1,11 +1,12 @@
{ lib {
, buildPythonPackage lib,
, fetchFromGitHub buildPythonPackage,
, setuptools fetchFromGitHub,
, wheel setuptools,
, jsonschema wheel,
, python-rtmidi jsonschema,
, websockets python-rtmidi,
websockets,
}: }:
buildPythonPackage rec { buildPythonPackage rec {

15
machines/rigel/networking.nix
View file

@ -3,7 +3,8 @@
lib, lib,
pkgs, pkgs,
... ...
}: { }:
{
networking.useDHCP = false; networking.useDHCP = false;
networking.firewall.allowedUDPPorts = [ 67 ]; networking.firewall.allowedUDPPorts = [ 67 ];
@ -18,13 +19,13 @@
IPMasquerade = "ipv4"; IPMasquerade = "ipv4";
}; };
dhcpServerConfig = { dhcpServerConfig = {
PoolOffset=100; PoolOffset = 100;
PoolSize=20; PoolSize = 20;
UplinkInterface = ":none"; UplinkInterface = ":none";
EmitDNS="no"; EmitDNS = "no";
EmitNTP="no"; EmitNTP = "no";
EmitSIP="no"; EmitSIP = "no";
EmitRouter="no"; EmitRouter = "no";
}; };
dhcpServerStaticLeases = [ dhcpServerStaticLeases = [
{ {

13
machines/rigel/nix-conf.nix
View file

@ -6,9 +6,16 @@
nodes, nodes,
name, name,
... ...
}: { }:
{
nix.settings = { nix.settings = {
trusted-users = ["root" "@wheel"]; trusted-users = [
extra-experimental-features = ["nix-command" "flakes"]; "root"
"@wheel"
];
extra-experimental-features = [
"nix-command"
"flakes"
];
}; };
} }

3
machines/rigel/programs.nix
View file

@ -3,7 +3,8 @@
pkgs, pkgs,
lib, lib,
... ...
}: { }:
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
sqlite-web sqlite-web
dhcpdump dhcpdump

3
machines/rigel/ssh.nix
View file

@ -1,4 +1,5 @@
{...}: { { ... }:
{
services.openssh.enable = true; services.openssh.enable = true;
services.openssh.settings.PasswordAuthentication = true; services.openssh.settings.PasswordAuthentication = true;
} }

3
machines/rigel/users.nix
View file

@ -1,4 +1,5 @@
{...}: { { ... }:
{
users.mutableUsers = false; users.mutableUsers = false;
users.users.root = { users.users.root = {
openssh.authorizedKeys.keyFiles = [ openssh.authorizedKeys.keyFiles = [

1
machines/router/liminix Submodule

@ -0,0 +1 @@
Subproject commit 5bb68f24b539db1d9591ea320436b9dbdd2dc354

11
meta.nix
View file

@ -8,12 +8,12 @@ let
nodes = { nodes = {
hackens-milieu = { hackens-milieu = {
deployment = { deployment = {
targetHost = null; #"milieu.cave.hackens.org"; targetHost = null; # "milieu.cave.hackens.org";
#targetPort = 4243; #targetPort = 4243;
allowLocalDeployment = true; allowLocalDeployment = true;
tags = [ "desktop" ]; tags = [ "desktop" ];
}; };
imports = [agenix]; imports = [ agenix ];
}; };
rigel = { rigel = {
deployment = { deployment = {
@ -27,10 +27,13 @@ let
tags = [ "server" ]; tags = [ "server" ];
targetPort = 22; targetPort = 22;
}; };
imports = [agenix djangonix]; imports = [
agenix
djangonix
];
}; };
}; };
}; };
in in
metadata metadata

96
npins/default.nix
View file

@ -3,65 +3,71 @@ let
data = builtins.fromJSON (builtins.readFile ./sources.json); data = builtins.fromJSON (builtins.readFile ./sources.json);
version = data.version; version = data.version;
mkSource = spec: mkSource =
assert spec ? type; let spec:
assert spec ? type;
let
path = path =
if spec.type == "Git" if spec.type == "Git" then
then mkGitSource spec mkGitSource spec
else if spec.type == "GitRelease" else if spec.type == "GitRelease" then
then mkGitSource spec mkGitSource spec
else if spec.type == "PyPi" else if spec.type == "PyPi" then
then mkPyPiSource spec mkPyPiSource spec
else if spec.type == "Channel" else if spec.type == "Channel" then
then mkChannelSource spec mkChannelSource spec
else builtins.throw "Unknown source type ${spec.type}"; else
builtins.throw "Unknown source type ${spec.type}";
in in
spec // {outPath = path;}; spec // { outPath = path; };
mkGitSource = { mkGitSource =
repository, {
revision, repository,
url ? null, revision,
hash, url ? null,
... hash,
}: ...
}:
assert repository ? type; assert repository ? type;
# At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository # At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository
# In the latter case, there we will always be an url to the tarball # In the latter case, there we will always be an url to the tarball
if url != null if url != null then
then (builtins.fetchTarball {
(builtins.fetchTarball { inherit url;
inherit url; sha256 = hash; # FIXME: check nix version & use SRI hashes
sha256 = hash; # FIXME: check nix version & use SRI hashes })
}) else
else assert repository.type == "Git";
assert repository.type == "Git"; builtins.fetchGit {
builtins.fetchGit { url = repository.url;
url = repository.url; rev = revision;
rev = revision; # hash = hash;
# hash = hash; };
};
mkPyPiSource = { mkPyPiSource =
url, {
hash, url,
... hash,
}: ...
}:
builtins.fetchurl { builtins.fetchurl {
inherit url; inherit url;
sha256 = hash; sha256 = hash;
}; };
mkChannelSource = { mkChannelSource =
url, {
hash, url,
... hash,
}: ...
}:
builtins.fetchTarball { builtins.fetchTarball {
inherit url; inherit url;
sha256 = hash; sha256 = hash;
}; };
in in
if version == 3 if version == 3 then
then builtins.mapAttrs (_: mkSource) data.pins builtins.mapAttrs (_: mkSource) data.pins
else throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`" else
throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`"

30
npins/sources.json
View file

@ -8,9 +8,9 @@
"repo": "agenix" "repo": "agenix"
}, },
"branch": "main", "branch": "main",
"revision": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9", "revision": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
"url": "https://github.com/ryantm/agenix/archive/c2fc0762bbe8feb06a2e59a364fa81b3a57671c9.tar.gz", "url": "https://github.com/ryantm/agenix/archive/f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41.tar.gz",
"hash": "1lpkwinlax40b7xgzspbkm9rsi4a1x48hxhixnni4irxxwnav0ah" "hash": "1x8nd8hvsq6mvzig122vprwigsr3z2skanig65haqswn7z7amsvg"
}, },
"disko": { "disko": {
"type": "Git", "type": "Git",
@ -20,9 +20,9 @@
"repo": "disko" "repo": "disko"
}, },
"branch": "master", "branch": "master",
"revision": "1bbdb06f14e2621290b250e631cf3d8948e4d19b", "revision": "c61e50b63ad50dda5797b1593ad7771be496efbb",
"url": "https://github.com/nix-community/disko/archive/1bbdb06f14e2621290b250e631cf3d8948e4d19b.tar.gz", "url": "https://github.com/nix-community/disko/archive/c61e50b63ad50dda5797b1593ad7771be496efbb.tar.gz",
"hash": "15qbjnr8gfp0ybd4m0b6fn6bhwmdag1ybn5i217qjy55hrp8zhan" "hash": "1nnz89hsiz0pf73g3b4072fv28z9mrqr14h2347iwf6xhj1d9zhi"
}, },
"djangonix": { "djangonix": {
"type": "Git", "type": "Git",
@ -31,9 +31,9 @@
"url": "https://git.dgnum.eu/mdebray/djangonix.git" "url": "https://git.dgnum.eu/mdebray/djangonix.git"
}, },
"branch": "master", "branch": "master",
"revision": "5ea9469cc2169c0cd72ea2f5a05fc46f2ad39a9e", "revision": "a61afb48e2478c47360a8efea6f835c3b0f5f503",
"url": null, "url": null,
"hash": "1wfmr1h2j5i9yrzgczj5gk9fxq26jg90840f9glazfwylki5mp3x" "hash": "0a0hnkyhvr6am484m7lg46040icbxzydnycaa1a2hclfnpgrxrdk"
}, },
"dns.nix": { "dns.nix": {
"type": "GitRelease", "type": "GitRelease",
@ -45,10 +45,10 @@
"pre_releases": false, "pre_releases": false,
"version_upper_bound": null, "version_upper_bound": null,
"release_prefix": null, "release_prefix": null,
"version": "v1.1.2", "version": "v1.2.0",
"revision": "c7b9645da9c0ddce4f9de4ef27ec01bb8108039a", "revision": "a3196708a56dee76186a9415c187473b94e6cbae",
"url": "https://api.github.com/repos/kirelagin/dns.nix/tarball/v1.1.2", "url": "https://api.github.com/repos/kirelagin/dns.nix/tarball/v1.2.0",
"hash": "1b95dh15zl0qaf9fvvvvqlambm3plndpy24wwlib0sy4d0zq6y0h" "hash": "011b6ahj4qcf7jw009qgbf6k5dvjmgls88khwzgjr9kxlgbypb90"
}, },
"nixos-unstable": { "nixos-unstable": {
"type": "Git", "type": "Git",
@ -58,9 +58,9 @@
"repo": "nixpkgs" "repo": "nixpkgs"
}, },
"branch": "nixos-unstable", "branch": "nixos-unstable",
"revision": "051f920625ab5aabe37c920346e3e69d7d34400e", "revision": "9357f4f23713673f310988025d9dc261c20e70c6",
"url": "https://github.com/NixOS/nixpkgs/archive/051f920625ab5aabe37c920346e3e69d7d34400e.tar.gz", "url": "https://github.com/NixOS/nixpkgs/archive/9357f4f23713673f310988025d9dc261c20e70c6.tar.gz",
"hash": "08lin51g5x2vv89rs6vmqxnyy8pfysh0wdp6mdxw6l86dpm2rbg2" "hash": "0mr3vfnl8h0214ml7l5hsaq2g9174r3ra0hzcvlqk9kg024siwbf"
} }
}, },
"version": 3 "version": 3

15
pkgs/authens/01-get-success_url.patch Normal file
View file

@ -0,0 +1,15 @@
diff --git a/authens/views.py b/authens/views.py
index 0478861..b1c93e9 100644
--- a/authens/views.py
+++ b/authens/views.py
@@ -138,8 +138,8 @@ class LogoutView(auth_views.LogoutView):
else:
self.cas_connected = False
- def get_next_page(self):
- next_page = super().get_next_page()
+ def get_success_url(self):
+ next_page = super().get_success_url()
if self.cas_connected:
cas_client = get_cas_client(self.request)

24
pkgs/authens/default.nix Normal file
View file

@ -0,0 +1,24 @@
{
python-cas,
django,
ldap,
buildPythonPackage,
}:
buildPythonPackage rec {
pname = "authens";
version = "v0.1b5";
doCheck = false;
patches = [
./01-get-success_url.patch
];
src = builtins.fetchGit {
url = "https://git.eleves.ens.fr/klub-dev-ens/authens.git";
#rev = "master";
#sha256 = "sha256-R0Nw212/BOPHfpspT5wzxtji1vxZ/JOuwr00naklWE8=";
};
propagatedBuildInputs = [
django
ldap
python-cas
];
}

39
pkgs/django-autoslug/default.nix Normal file
View file

@ -0,0 +1,39 @@
{
lib,
buildPythonPackage,
fetchFromGitHub,
setuptools,
wheel,
django,
}:
buildPythonPackage rec {
pname = "django-autoslug";
version = "1.9.9";
pyproject = true;
src = fetchFromGitHub {
owner = "justinmayer";
repo = "django-autoslug";
rev = "v${version}";
hash = "sha256-IRLY4VaKYXVkSgU/zdY+PSmGrcFB2FlE5L7j0FqisRM=";
};
nativeBuildInputs = [
setuptools
wheel
];
propagatedBuildInputs = [ django ];
# Requires DJANGO_SETTINGS_MODULE
# pythonImportsCheck = [ "autoslug" ];
meta = with lib; {
description = "AutoSlugField for Django";
homepage = "https://github.com/justinmayer/django-autoslug/";
changelog = "https://github.com/justinmayer/django-autoslug/blob/${src.rev}/CHANGELOG.rst";
license = licenses.lgpl3Only;
maintainers = with maintainers; [ thubrecht ];
};
}

34
pkgs/loadcredential/default.nix Normal file
View file

@ -0,0 +1,34 @@
{
lib,
buildPythonPackage,
fetchFromGitHub,
setuptools,
wheel,
}:
buildPythonPackage rec {
pname = "loadcredential";
version = "1.2";
pyproject = true;
src = fetchFromGitHub {
owner = "Tom-Hubrecht";
repo = "loadcredential";
rev = "v${version}";
hash = "sha256-rNWFD89h1p1jYWLcfzsa/w8nK3bR4aVJsUPx0UtZnIw=";
};
build-system = [
setuptools
wheel
];
pythonImportsCheck = [ "loadcredential" ];
meta = {
description = "A simple python package to read credentials passed through systemd's LoadCredential, with a fallback on env variables ";
homepage = "https://github.com/Tom-Hubrecht/loadcredential";
license = lib.licenses.mit;
maintainers = [ ]; # with lib.maintainers; [ thubrecht ];
};
}

42
pkgs/markdown-icons/default.nix Normal file
View file

@ -0,0 +1,42 @@
{
lib,
buildPythonPackage,
fetchFromGitHub,
unittestCheckHook,
setuptools,
wheel,
markdown,
}:
buildPythonPackage rec {
pname = "markdown-icons";
version = "3.1";
pyproject = true;
src = fetchFromGitHub {
owner = "Tom-Hubrecht";
repo = "markdown-icons";
rev = "v${version}";
hash = "sha256-EZY/gyyZ5axInBfvsWLrDeTLDD+m18qSpf5XrVKLOaM=";
};
nativeBuildInputs = [
setuptools
wheel
];
nativeCheckInputs = [ unittestCheckHook ];
propagatedBuildInputs = [ markdown ];
pythonImportsCheck = [ "iconfonts" ];
meta = with lib; {
description = "Easily display icon fonts in markdown";
homepage = "https://github.com/MadLittleMods/markdown-icons";
license = licenses.free;
maintainers = with maintainers; [ thubrecht ];
mainProgram = "markdown-icons";
platforms = platforms.all;
};
}

15
pkgs/overlays.nix
View file

@ -1 +1,14 @@
[] [
(final: prev: {
python3 = prev.python3.override {
packageOverrides = self: _: {
loadcredential = self.callPackage ./loadcredential { };
authens = self.callPackage ./authens { };
python-cas = self.callPackage ./python-cas { };
django-autoslug = self.callPackage ./django-autoslug { };
markdown-icons = self.callPackage ./markdown-icons { };
};
};
})
]

14
machines/hackens-org/orga/python-cas.nix → pkgs/python-cas/default.nix
View file

@ -1,4 +1,10 @@
{ lib, requests, lxml, six, buildPythonPackage, fetchFromGitHub }: {
requests,
lxml,
six,
buildPythonPackage,
fetchFromGitHub,
}:
buildPythonPackage rec { buildPythonPackage rec {
pname = "python-cas"; pname = "python-cas";
version = "1.6.0"; version = "1.6.0";
@ -9,5 +15,9 @@ buildPythonPackage rec {
rev = "v1.6.0"; rev = "v1.6.0";
sha512 = "sha512-qnYzgwELUij2EdqA6H17q8vnNUsfI7DkbZSI8CCIGfXOM+cZ7vsWe7CJxzsDUw73sBPB4+zzpLxvb7tpm/IDeg=="; sha512 = "sha512-qnYzgwELUij2EdqA6H17q8vnNUsfI7DkbZSI8CCIGfXOM+cZ7vsWe7CJxzsDUw73sBPB4+zzpLxvb7tpm/IDeg==";
}; };
propagatedBuildInputs = [ requests lxml six ]; propagatedBuildInputs = [
requests
lxml
six
];
} }