Compare commits

..

12 commits

Author SHA1 Message Date
Your Name
13e949996d Deploiement 2048 bis ; debug staticWebsites.location 2022-04-03 17:26:31 +00:00
Your Name
e8c4ce84c2 Refactorisation: deplacement acme-ssl.nix 2022-04-03 15:54:55 +00:00
Maurice Debray
083b638d77 Ajout de règles location aux sites statiques, deploiement du 2048 2022-04-03 17:44:12 +02:00
Maurice Debray
19c2b1326a Renommages, améliorations mineures 2022-04-03 01:27:30 +02:00
Your Name
5f02d633bd Debug des webhooks 2022-04-02 16:06:41 +00:00
Your Name
783f11a57a webhook: typos 2022-04-02 14:21:46 +00:00
Maurice Debray
b72022b012 Webhook service 2022-04-02 15:47:36 +02:00
Maurice Debray
d605ff2378 activation acme 2022-03-31 12:03:21 +02:00
Your Name
9a3ea38428 Typos 2022-03-31 09:58:42 +00:00
Maurice Debray
409b515df3 Nouveau site de test 2022-03-31 11:50:41 +02:00
Your Name
06add9c83e Site statique, my : Typos 2022-03-31 08:19:43 +00:00
Maurice Debray
72bde6e8d8 Sites statiques, my 2022-03-31 09:36:51 +02:00
150 changed files with 838 additions and 3200 deletions

4
.gitignore vendored
View file

@ -1,4 +0,0 @@
result
result-*
*.swp
/public.tar.gz

View file

@ -1,73 +0,0 @@
let
sources = import ./npins;
metadata = import ./meta.nix;
defaultNixpkgs = importNixpkgsPath "x86_64-linux" sources."nixos-unstable";
inherit (defaultNixpkgs) lib;
revision =
node:
(builtins.fromJSON (builtins.readFile ./npins/sources.json)).pins.${pkgsVersion node}.revision;
mkNode = node: {
${node} =
{
name,
nodes,
...
}:
{
imports = [
./machines/${node}/_configuration.nix
] ++ lib.attrByPath [ "imports" ] [ ] metadata.nodes.${node};
inherit (metadata.nodes.${node}) deployment;
nix.nixPath = builtins.map (n: "${n}=${sources.${n}}") (builtins.attrNames sources) ++ [
"nixpkgs=${mkNixpkgsPath name}"
];
system.nixos.tags = [
(revision node)
];
};
};
pkgsVersion =
node:
lib.attrByPath [
node
"nixpkgs"
] "nixos-unstable" metadata.nodes;
mkNixpkgsPath = node: sources.${pkgsVersion node};
mkNixpkgs = node: {
${node} = importNixpkgsPath (lib.attrByPath [ "arch" ] "x86_64-linux" metadata.nodes.${node}) (
mkNixpkgsPath node
);
};
importNixpkgsPath =
arch: p:
import p {
config.allowUnfree = true;
overlays = import ./pkgs/overlays.nix { inherit sources; };
system = arch;
};
nodes = builtins.attrNames metadata.nodes;
concatAttrs = builtins.foldl' (x: y: x // y) { };
in
{
meta = {
specialArgs = {
inherit sources metadata;
};
nixpkgs = defaultNixpkgs;
nodeNixpkgs = concatAttrs (builtins.map mkNixpkgs nodes);
specialArgs = {
lib = lib;
};
};
}
// (concatAttrs (builtins.map mkNode nodes))

View file

@ -5,32 +5,24 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = [ imports =
# Include the results of the hardware scan. [ # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
./aarch64.nix ../../profiles/hackens
./audio.nix
./dns
./gnome.nix
./i18n.nix
./no-sleep.nix
./programs.nix
./system.nix
./users.nix
./vim.nix
./pixiecore
./networking.nix
./secrets
]; ];
boot.loader.efi.canTouchEfiVariables = true; # Use the GRUB 2 boot loader.
boot.loader.systemd-boot = { boot.loader.grub.enable = true;
enable = true; boot.loader.grub.version = 2;
}; boot.loader.grub.efiSupport = true;
boot.loader.grub.efiInstallAsRemovable = true;
boot.loader.efi.efiSysMountPoint = "/boot"; boot.loader.efi.efiSysMountPoint = "/boot";
boot.loader.grub.device = "nodev"; # or "nodev" for efi only
boot.loader.grub.configurationLimit = 2;
networking.hostName = "hackens-milieu"; # Define your hostname. networking.hostName = "hackens-milieu"; # Define your hostname.
# The global useDHCP flag is deprecated, therefore explicitly set to false here. # The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config # Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour. # replicates the default behaviour.
@ -45,3 +37,4 @@
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "20.09"; # Did you read the comment? system.stateVersion = "20.09"; # Did you read the comment?
} }

View file

@ -0,0 +1,33 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-label/nixos-root";
fsType = "btrfs";
options = [ "ssd" "noatime" "ssd_spread" "discard" "space_cache" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-label/BOOT";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-label/SWAP"; }
];
nix.maxJobs = lib.mkDefault 4;
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
}

View file

@ -0,0 +1,15 @@
{ config, pkgs, ... }:
{
services.staticWebsites.sites = {
"2048" = {
root = pkgs.fetchFromGitHub {
owner = "hackEns";
repo = "2048NdS";
rev = "1df6db154ca22c380eb52844c7a6a7f888fb5610";
sha256 = "1y2v637j0g03g4l80ag72pm9kc46f07npir7ddp8i6x15bzygj1a";
};
hostname = config.my.subZone;
location = "/2048";
};
};
}

View file

@ -0,0 +1,13 @@
# Issue du club reseau
{ config, ... }:
let
my = config.my;
in
{
security.acme.acceptTerms = true;
security.acme.email = my.email;
security.acme.server =
if my.acmeStaging
then "https://acme-staging-v02.api.letsencrypt.org/directory"
else null;
}

View file

@ -5,30 +5,24 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = [ imports =
./_bootloader.nix [
./_networking.nix
./_ssh.nix
./_users.nix
./dokuwiki.nix
./thelounge.nix
./hardware-configuration.nix ./hardware-configuration.nix
./matterbridge.nix ./physical.nix
./nginx.nix ../../profiles/core-hackens
./orga ./hackens-my.nix
./ragb.nix #Services
./snipe-it.nix ./wiki.nix
./secrets
./static-sites.nix
./legacy-redir.nix
./webpass.nix ./webpass.nix
./prometheus.nix ./test-static.nix
./grafana.nix # ./bridge.nix
./kfet-monitor # ./gha.nix
# ./sync.nix
#Modules
./misc
./modules
]; ];
time.timeZone = "Europe/Paris";
networking.hostName = "hackens-org"; # Define your hostname. networking.hostName = "hackens-org"; # Define your hostname.
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
@ -37,6 +31,7 @@
# this value at the release version of the first install of this system. # this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option # Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment? system.stateVersion = "21.11"; # Did you read the comment?
} }

View file

@ -0,0 +1,12 @@
# Inspire du club reseau
{ lib, ... }:
{
imports = [ ./modules/my.nix ];
my = {
email = "hackens@clipper.ens.fr";
acmeStaging = lib.mkDefault true;
debug = false;
subZone = "new.hackens.org";
};
}

View file

@ -0,0 +1,29 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "uhci_hcd" "ahci" "virtio_pci" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/8deb32c9-ee6a-4de8-94da-239c8ec509a2";
fsType = "btrfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/0795-75ED";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/bd7c1c01-ce31-4db3-9c06-70716020e24a"; } ];
}

View file

@ -0,0 +1,12 @@
{ pkgs, ... }:
{
imports = [
# ./static-website.nix
# ./game2048.nix
# ./casauth.nix
# ./nds.nix
# ./prez.nix
# ./public.nix
# ./jarvis.nix
];
}

View file

@ -0,0 +1,9 @@
{ pkgs, ... }:
{
imports = [
./my.nix
./staticWebsites.nix
./nginx.nix
./webhooks.nix
];
}

View file

@ -0,0 +1,28 @@
# Inspiré du club réseau
{ config, lib, ... }:
with lib;
with types;
{
options.my = {
email = mkOption {
description = "Admin email";
type = str;
default = "";
example = "hackens@clipper.ens.fr";
};
acmeStaging = mkOption {
description = "Enable staging servers";
type = bool;
default = false;
};
subZone = mkOption {
description = "Sub zone for hosting the services";
type = str;
};
debug = mkOption {
description = "Debug mode";
type = bool;
default = false;
};
};
}

View file

@ -0,0 +1,64 @@
{ lib, config , ... }:
with lib;
let
eachSite = config.services.staticWebsites.sites;
website = { name, ... }: {
options = {
root = mkOption {
type = types.path;
default = "/var/lib/nginx/static/${name}";
description = "Static files path for the website";
};
hostname = mkOption {
type = types.str;
default = name;
description = "Website hostname";
};
location = mkOption {
type = types.nullOr types.str;
default = null;
description = "Add a location rule if not null";
};
};
};
in
{
options.services.staticWebsites = {
sites = mkOption {
type = types.attrsOf (types.submodule website);
description = "Specification of one or more static websites to serve";
};
debug = mkOption {
type = types.bool;
default = false;
};
};
config = mkIf (eachSite != {}) {
services.nginx = {
enable = true;
virtualHosts = mapAttrs' ( hostname: conf: {
name = conf.hostname;
value = (mkMerge [
{
serverName = conf.hostname;
forceSSL = if config.services.staticWebsites.debug then false else true;
enableACME = if config.services.staticWebsites.debug then false else true;
}
(mkIf (conf.location == null) {
root = conf.root;
})
(mkIf (conf.location != null) {
locations = {
"${conf.location}/" = {
alias = "${conf.root}/";
};
};
})
]);
}) eachSite;
};
};
}

View file

@ -0,0 +1,56 @@
{ pkgs, config, lib, ... }:
with lib;
let
json = pkgs.formats.json {};
cfg = config.services.webhooks;
in
{
options.services.webhooks = {
enable = mkEnableOption "Set up webhooks";
package = mkOption {
type = types.package;
default = pkgs.webhook;
description = "`webhook` package to use";
};
hostname = mkOption {
type = types.str;
description = "The vhost on which webhook will listen";
};
endpoint = mkOption {
type = types.str;
default = "hooks";
description = "The endpoint of the webhooks";
};
hooks = mkOption {
type = json.type;
description = "Configuration for this webhook, check <link xlink:href="https://github.com/adnanh/webhook/blob/master/docs/Hook-Definition.md"/> for supported values";
};
internalPort = mkOption {
type = types.int;
default = 9000;
description = "The local port used to (proxy)pass requests from nginx to webhook";
};
debug = mkOption {
type = types.bool;
default = false;
};
};
config = mkIf cfg.enable {
services.nginx = {
enable = true;
virtualHosts."${cfg.hostname}" = {
locations."${cfg.endpoint}".proxyPass = "http://127.0.0.1:${toString cfg.internalPort}/hooks";
enableACME = if cfg.debug then false else true;
};
};
systemd.services.webhook = {
enable = true;
unitConfig = {
Description = "Small server for creating HTTP hooks";
Documentation = "https://github.com/adnanh/webhook/";
};
script = "${cfg.package}/bin/webhook -nopanic -ip \"127.0.0.1\" -port \"${toString cfg.internalPort}\" -verbose -hooks ${json.generate "conf.json" cfg.hooks}";
wantedBy = [ "mulit-user.target" ];
};
};
}

View file

@ -0,0 +1,15 @@
{ pkgs, ... }:
{
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/vdb"; # or "nodev" for efi only
time.timeZone = "Europe/Paris";
networking.useDHCP = false;
networking.interfaces.eth0 = {
ipv4.addresses = [ { address = "129.199.129.76"; prefixLength = 24; } ];
};
networking.defaultGateway = { address = "129.199.129.1"; interface = "eth0"; };
}

View file

@ -0,0 +1,7 @@
{ config, pkgs, ... }:
{
services.staticWebsites.sites.test = {
hostname = "test.${config.my.subZone}";
root = pkgs.writeTextDir "index.html" "Hello world!";
};
}

View file

@ -0,0 +1,17 @@
{ config, pkgs, ... }:
{
services.webhooks = {
enable = true;
hostname = "test-webhook.${config.my.subZone}";
hooks = [
{
id = "testhook";
execute-command = pkgs.writeScript "echo.sh" ''
#!/bin/sh
echo "Bonjour"
'';
response-message = "Test hook sucess";
}
];
};
}

View file

@ -8,20 +8,19 @@
services.vaultwarden = { services.vaultwarden = {
enable = true; enable = true;
config = { config = {
DOMAIN = "https://pass.hackens.org"; DOMAIN = "https://pass.new.hackens.org";
WEBSOCKET_ENABLED = true; WEBSOCKET_ENABLED = true;
WEBSOCKET_PORT = 10500; WEBSOCKET_PORT = 10500;
SIGNUPS_DOMAINS_WHITELIST = "ens.fr,ens.psl.eu"; SIGNUPS_DOMAINS_WHITELIST = "ens.fr,ens.psl.eu";
ROCKET_PORT = 10501; ROCKET_PORT = 10501;
ROCKET_ADDRESS = "127.0.0.1"; ROCKET_ADDRESS = "127.0.0.1";
LOG_FILE = "/var/lib/bitwarden_rs/logfile"; LOG_FILE = "/var/log/vaultwarden";
SIGNUPS_VERIFY = true; SIGNUPS_VERIFY = true;
}; };
environmentFile = "/etc/secrets/vaultwarden.env"; environmentFile = "/etc/secrets/vaultwarden.env";
}; };
services.nginx.enable = true; services.nginx.virtualHosts."pass.new.hackens.org" = {
services.nginx.virtualHosts."pass.hackens.org" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
@ -37,8 +36,4 @@
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
networking.firewall.allowedTCPPorts = [
80
443
];
} }

View file

@ -0,0 +1,63 @@
{ pkgs, config, ... }:
{
networking.firewall.allowedTCPPorts = [ 80 443 ];
# TODO: move to hackens.org
services.dokuwiki.sites."${config.my.subZone}" = {
enable = true;
extraConfig = ''
$conf['title'] = 'hackEns';
$conf['start'] = 'accueil';
$conf['lang'] = 'fr';
$conf['template'] = 'bootstrap3';
$conf['license'] = 'cc-by-sa';
$conf['breadcrumbs'] = 0; # On s'en fiche de l'historique des pages visitées
$conf['youarehere'] = true; # Par contre on veut notre position dans la hiérarchie du site
# On veut que les liens externes s'ouvrent dans de nouveaux onglets
$conf['target'] = array(
'extern' => '_tab'
);
$conf['htmlok'] = 1; # On peut mettre du html dans les pages
$conf['sitemap'] = 7;
$conf['rss_type'] = 'rss2';
$conf['userewrite'] = 1; # Important, sinon on casse tout avec les règles nginx définies par le module nixos
$conf['useslash'] = 1;
$conf['plugin']['tokenbucketauth']['tba_send_mail'] = 'hackens@clipper.ens.fr'; # Ban auto des IPs qui brute-forcent
$conf['htmlmail'] = 0; # On envoie les mails en plain text
$conf['useacl'] = 1; # On ne veut pas que n'importe qui écrive
'';
pluginsConfig = ''
$plugins['authmysql'] = 0;
$plugins['popularity'] = 0;
$plugins['authpgsql'] = 0;
$plugins['authpdo'] = 0;
$plugins['authldap'] = 0;
'';
disableActions = "register";
superUser = "@admin";
acl = ''
* @ALL 1
* @users 8
'';
# Il faut packager les templates
templates = let
template-bootstrap3 = pkgs.stdenv.mkDerivation {
name = "bootstrap3";
# Download the theme from the dokuwiki site
src = pkgs.fetchurl {
url = "https://github.com/giterlizzi/dokuwiki-template-bootstrap3/archive/v2019-05-22.zip";
sha256 = "4de5ff31d54dd61bbccaf092c9e74c1af3a4c53e07aa59f60457a8f00cfb23a6";
};
# We need unzip to build this package
buildInputs = [ pkgs.unzip ];
# Installing simply means copying all files to the output directory
installPhase = "mkdir -p $out; cp -R * $out/";
};
# And then pass this theme to the template list like this:
in [ template-bootstrap3 ];
};
}

View file

@ -1,54 +0,0 @@
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/sd-card/sd-image-aarch64.nix") # this holds the hardware-config
./bootloader.nix
./secrets
./networking.nix
./users.nix
];
nix.settings.substituters = lib.mkForce [];
networking.hostName = "agb01"; # Define your hostname.
environment.systemPackages = [
(pkgs.writeShellApplication {
name = "run-gw";
runtimeInputs = [
pkgs.curl
(pkgs.python3.withPackages (ps: [
ps.pyjecteur
ps.colour
ps.requests
]))
];
text = "curl -s -n https://agb.hackens.org/api/sse | python ${./script.py}";
})
];
services.openssh.enable = true;
programs.mosh = {
enable = true;
openFirewall = true;
};
# Set your time zone.
time.timeZone = "Europe/Paris";
fonts.enableDefaultPackages = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "unstable"; # Did you read the comment?
}

View file

@ -1,4 +0,0 @@
{pkgs, ...}: {
boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true;
}

View file

@ -1,98 +0,0 @@
{
config,
lib,
pkgs,
...
}: {
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
systemd.network = {
enable = true;
wait-online.anyInterface = true;
networks = {
"10-uplink" = {
name = "enu1u1";
DHCP = "yes";
};
"50-wg0" = {
name = "wg0";
address = [
"10.10.10.5/24"
];
};
"10-wifi" = {
name = "wlan0";
networkConfig.DHCPServer = "yes";
address = [
"192.168.55.1/24"
];
};
};
netdevs = {
"50-wg0" = {
netdevConfig = {
Name = "wg0";
Kind = "wireguard";
};
wireguardConfig.PrivateKeyFile = config.age.secrets."wg".path;
wireguardPeers = [
{
AllowedIPs = [
"10.10.10.0/24"
];
PublicKey = lib.trim (builtins.readFile ../../wg-keys/hackens-org.pub);
Endpoint = "129.199.129.76:1194";
PersistentKeepalive = 5;
}
];
};
};
};
networking = {
useDHCP = false;
nameservers = [
"2620:fe::fe"
"2620:fe::9"
"9.9.9.9"
"149.112.112.112"
];
nftables = {
enable = true;
tables.nat = {
family = "ip";
content = ''
chain postrouting {
type nat hook postrouting priority 100;
ip saddr 192.168.55.0/24 masquerade
}
'';
};
};
firewall.allowedUDPPorts = [ 67 ];
};
services.hostapd = {
enable = true;
radios.wlan0 = {
# countryCode = "FR";
wifi4.enable = false;
wifi5.enable = false;
channel = 7; # ACS doesn't work
networks.wlan0 = {
settings = {
ieee80211w = 0;
wmm_enabled = false;
};
ssid = "agb - wifi";
logLevel = 0;
authentication = {
mode = "wpa2-sha1";
wpaPasswordFile = pkgs.writeText "psk" "azertyuiop"; # TODO : secret
};
};
};
};
}

View file

@ -1,105 +0,0 @@
#!/nix/store/q1p072dnnx7fh7qfcavkmpwn3rgf2xh1-python3-3.12.5-env/bin/python
import json
import logging
import sys
import requests
from colour import Color
from pyjecteur.fixtures import Blinder, LedBar48Ch, Tradi, Wash, Lyre
from pyjecteur.lights import Universe
from pyjecteur.widget import Widget
if False: # True: # True:
logging.basicConfig(level=logging.DEBUG)
else:
logging.basicConfig(level=logging.INFO)
w = Widget("/dev/ttyUSB0")
DIM = {
"blinder": 0.1,
"led_tub": 0.3,
"spot": 0.3,
}
u = Universe(w)
def strToProj(s):
match s:
case "spot":
return Tradi()
case "led_tub":
return LedBar48Ch()
case "blinder":
return LedBar48Ch()
r = requests.get("https://agb.hackens.org/api-docs/patch.json")
patch = r.json()
lights = {}
update = {}
current_addr = 0
for k, v in patch["lights"].items():
lights[k] = strToProj(v["kind"])
u.register(lights[k], v["channels"][0]*3)
print(v["kind"], v["channels"])
# update dmx since some params are set before
lights[k].update_dmx()
logging.info(
f"Light {k} of kind {v['kind']} is at DMX{v['channels'][0]*3+1} (PLS convention)"
)
for i, chan in enumerate(v["channels"]):
update[chan] = (k, i) # put the light name
current_addr += lights[k].address_size
l = Lyre()
u.register(l, 489)
def update_light(address, red, green, blue):
if address not in update:
return
light, chan = update[address]
kind = patch["lights"][light]["kind"]
r, g, b = red * DIM[kind] / 255, (green * DIM[kind]) / 255, (blue * DIM[kind]) / 255
match kind:
case "blinder":
lights[light].colors[chan] = Color(rgb=(r, g, b))
case "led_tub":
lights[light].colors[chan] = Color(rgb=(r, g, b))
case "spot":
lights[light].color = Color(rgb=(r, g, b))
def run():
logging.info("Started")
bump = False
bump_color = None
for line in sys.stdin:
logging.debug(line)
if line.startswith("data:"):
dataStr = line[5:]
logging.info(f"Received: {dataStr}")
data = json.loads(dataStr)
if data["type"] == "Color":
if data["address"] == 90:
r, g, b = data["value"]["red"] /255, data["value"]["green"] /255, data["value"]["blue"] /255
w.color = Color(rgb = (r, g, b))
else:
update_light(data["address"], **data["value"])
else:
l.pan = data["pan"]
l.tilt = data["tilt"]
l.dimmer = data["focus"]
l.color = data["white_button"] *7 + 3
run()

View file

@ -1,11 +0,0 @@
{
pkgs,
config,
lib,
...
}: {
age.secrets."wg" = {
file = ./wg.age;
owner = "systemd-network";
};
}

View file

@ -1,9 +0,0 @@
let
lib = (import <nixpkgs> {}).lib;
readPubkeys = user:
builtins.filter (k: k != "") (lib.splitString "\n"
(builtins.readFile (../../../pubkeys + "/${user}.keys")));
in {
"wg.age".publicKeys = (readPubkeys "catvayor") ++ (readPubkeys "sinavir") ++ (readPubkeys "agb01");
}

View file

@ -1,11 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 5rrg4g Q11014nLdGOukZJV5enI4qoAqDrysWAxYtRN7VTSnTA
oEK2C8A28KrNh4WNcGGQNB9/3ADNHgGxTzOegL49TT8
-> ssh-ed25519 JGx7Ng NH6IB+2tB8fyvE81GF7p8SflY7HH2R3uvx9xC/5HFyQ
4x0x1L0wv6+k04ESLIy+qY/RhVCWtOeyETo1FkAK+8A
-> ssh-ed25519 kXobKQ 7J0f+l8+/mNQ7q8nW0jcg2LqGDARN1K63IJttdQ7JQw
SfFDS4HgjYkp+vGmCwy0c5GIqqWcc4m7mRVQmcsW/pM
-> ssh-ed25519 OZDL4Q M3Lztf8lPH4G7a+QPMY32u3UyhcHMoC08ZRV5UE6Gmo
Kc7116r+3+xa2qRSe22lctbTd/a133tVZzLkWt0XI6k
--- lsOrVi/OJ6AxtmEbB67VKvlFlDnt+sdv1TucqWqGk2w
õnDÜg4ܲ¯*ßM<C39F>!ÙY¿™hA<68>š6‡IÝbFgö{3¢*7d¤¤¦A¬:¼×Ȫ á“±½}ÀˆÝ+lu·¨9Þê

View file

@ -1,14 +0,0 @@
{ ... }:
{
users = {
mutableUsers = false;
users = {
root.openssh.authorizedKeys.keyFiles = [
../../pubkeys/sinavir.keys
../../pubkeys/catvayor.keys
../../pubkeys/soyouzpanda.keys
../../pubkeys/sel.keys
];
};
};
}

View file

@ -1,38 +0,0 @@
{ config, pkgs, lib, modulesPath, ... }:
let
agb-control-box = pkgs.callPackage ./agb { };
in
{
imports = [
"${modulesPath}/installer/sd-card/sd-image-aarch64.nix"
./secrets
./networking.nix
./users.nix
];
sdImage.compressImage = false;
services = {
getty.autologinUser = "root";
openssh.enable = true;
};
networking.hostName = "agb02";
networking.networkmanager.enable = true;
environment.systemPackages = [
agb-control-box
pkgs.libgpiod
];
systemd.services."agb-control-box" = {
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
unitConfig.Description = "The program of the control-box";
serviceConfig = {
Restart = "always";
ExecStart = "${agb-control-box}/bin/agb /dev/gpiochip0";
};
};
system.stateVersion = "24.11";
}

View file

@ -1,214 +0,0 @@
#include <sys/socket.h>
#include <sys/types.h>
#include <arpa/inet.h>
#include <gpiod.hpp>
#include <iostream>
#include <fstream>
#include <thread>
using namespace std::literals::chrono_literals;
constexpr std::chrono::microseconds debounce = 40ms;
constexpr std::chrono::microseconds poll_period = 5ms;
constexpr std::chrono::microseconds autorepeat_delay = 70ms;
constexpr std::chrono::microseconds server_ratelimit = 50ms;
constexpr std::chrono::microseconds retry_timeout = 500ms;
constexpr double joystick_movement = 0.2;
const gpiod::line::offsets drive_down = { 21, 13, 6 };
const gpiod::line::offsets decoder = { 3, 4, 17, 27, 24, 23, 18, 2 }; // lsbf
const gpiod::line::offsets joystick = { 19, 26, 5, 0 }; // x+, y+, x-, y-
const gpiod::line::offset black_button = 20;
const gpiod::line::offset white_button = 16;
const gpiod::line_settings input_settings =
gpiod::line_settings()
.set_direction(gpiod::line::direction::INPUT)
.set_bias(gpiod::line::bias::PULL_UP)
.set_active_low(false)
.set_debounce_period(debounce);
constexpr std::array<uint8_t, 256> decoder_table =
#include "decoder_table.inl"
uint8_t read_decoder_realpos(gpiod::line_request& line_reader){
static gpiod::line::values decoder_read(8);
line_reader.get_values(decoder, decoder_read);
uint8_t graycode = 0;
for(uint8_t i = 0; i < 8; ++i) graycode |= uint8_t(decoder_read[i]) << i;
return decoder_table[graycode];
};
inline void clamp_decoder(uint8_t& decoder, int move){
decoder = uint8_t(std::clamp(decoder + move, 0, 255));
}
int main(const int argc, char const* const* const argv) {
if(argc < 2) {
std::cerr << "usage: agb gpiodevice" << std::endl;
return 1;
}
/// init gpio chip ///
gpiod::chip chip(argv[1]);
gpiod::line_request line_reader =
chip.prepare_request()
.set_consumer("AGB")
.add_line_settings(drive_down,
gpiod::line_settings()
.set_direction(gpiod::line::direction::OUTPUT)
.set_drive(gpiod::line::drive::OPEN_DRAIN)
.set_output_value(gpiod::line::value::INACTIVE)
)
.add_line_settings({ black_button, white_button }, input_settings)
.add_line_settings(joystick,
gpiod::line_settings(input_settings)
.set_active_low(true))
.add_line_settings(decoder,
gpiod::line_settings(input_settings)
.set_debounce_period(0ms))
.do_request();
// let the settings apply
std::this_thread::sleep_for(poll_period);
/// internal state and buffers ///
std::chrono::time_point now = std::chrono::system_clock::now();
gpiod::line::values joystick_read(4);
gpiod::line::values joystick_last_read(4);
line_reader.get_values(joystick, joystick_read);
std::vector<std::chrono::time_point<std::chrono::system_clock>> rising_point = { now, now, now, now };
std::pair<double, double> spot_pos(0.0, 0.0); //TODO: init from server
auto joystick_move = [&](int i) -> double {
if (! bool(joystick_read[i]))
return 0.0;
else if (bool(joystick_last_read[i])){
if (now - rising_point[i] < autorepeat_delay)
return 0.0;
else
return joystick_movement;
} else {
rising_point[i] = now;
return 1.0;
}
};
uint8_t decoder_pos = 0; //TODO: init from server
uint8_t decoder_realpos = read_decoder_realpos(line_reader);
uint8_t white_state = 0;
bool white_pressed = false;
bool black_pressed = false;
bool has_changed = true;
std::chrono::time_point last_send = now;
std::string postData;
/// init server communication ///
int socket_file_desc;
connection:
socket_file_desc = socket(AF_INET, SOCK_STREAM, 0);
{
sockaddr_in socket_addr = {
.sin_family = AF_INET,
.sin_port = htons(1235),
.sin_addr = { .s_addr = inet_addr("10.10.10.1") }
};
while (connect(socket_file_desc,
reinterpret_cast<const sockaddr*>(&socket_addr),
sizeof(socket_addr)) < 0) {
std::cerr << "Failed to open tcp socket, retrying..." << std::endl;
std::this_thread::sleep_for(retry_timeout);
}
std::cout << "Connected." << std::endl;
}
for(;;){
std::this_thread::sleep_for(poll_period);
now = std::chrono::system_clock::now();
/// joystick ///
std::swap(joystick_read, joystick_last_read);
line_reader.get_values(joystick, joystick_read);
spot_pos.first += joystick_move(0);
spot_pos.second += joystick_move(1);
spot_pos.first -= joystick_move(2);
spot_pos.second -= joystick_move(3);
if (bool(joystick_read[0]) || bool(joystick_read[1])
|| bool(joystick_read[2]) || bool(joystick_read[3])){
spot_pos.first = std::clamp(spot_pos.first, 0.0, 255.0);
spot_pos.second = std::clamp(spot_pos.second, 0.0, 255.0);
has_changed = true;
}
/// Buttons ///
bool pressed = bool(line_reader.get_value(black_button));
if(pressed ^ black_pressed)
has_changed = true;
black_pressed = pressed;
pressed = bool(line_reader.get_value(white_button));
if(pressed && !white_pressed){
has_changed = true;
white_state = (white_state + 1)%9;
}
white_pressed = pressed;
/// decoder ///
uint8_t new_realpos = read_decoder_realpos(line_reader);
uint8_t seen_travel = std::abs(int(new_realpos) - int(decoder_realpos));
// CCW
if(seen_travel < 50 && new_realpos < decoder_realpos)
clamp_decoder(decoder_pos, -seen_travel);
if(seen_travel >= 50 && new_realpos > decoder_realpos)
clamp_decoder(decoder_pos, seen_travel - 128);
// CW
if(seen_travel < 50 && new_realpos > decoder_realpos)
clamp_decoder(decoder_pos, seen_travel);
if(seen_travel >= 50 && new_realpos < decoder_realpos)
clamp_decoder(decoder_pos, 128 - seen_travel);
decoder_realpos = new_realpos;
if(seen_travel)
has_changed = true;
/// server notification
if(has_changed && (now - last_send > server_ratelimit)){
postData.clear();
std::format_to(std::back_inserter(postData), "{{"
"\"pan\": {},"
"\"tilt\": {},"
"\"focus\": {},"
"\"white_button\": {},"
"\"black_button\": {}"
"}}\n",
uint8_t(spot_pos.first),
uint8_t(spot_pos.second),
int(decoder_pos),
white_state,
black_pressed
);
int wrote = write(socket_file_desc, postData.data(), postData.size());
if(wrote < postData.size()){
std::cerr << "Failed to send data, reconnecting..." << std::endl;
close(socket_file_desc);
std::this_thread::sleep_for(retry_timeout);
goto connection;
} else {
has_changed = false;
last_send = now;
}
}
}
}

View file

@ -1,132 +0,0 @@
[]() {
std::array<uint8_t, 256> table;
table[127] = 0;
table[63] = 1;
table[62] = 2;
table[58] = 3;
table[56] = 4;
table[184] = 5;
table[152] = 6;
table[24] = 7;
table[8] = 8;
table[72] = 9;
table[73] = 10;
table[77] = 11;
table[79] = 12;
table[15] = 13;
table[47] = 14;
table[175] = 15;
table[191] = 16;
table[159] = 17;
table[31] = 18;
table[29] = 19;
table[28] = 20;
table[92] = 21;
table[76] = 22;
table[12] = 23;
table[4] = 24;
table[36] = 25;
table[164] = 26;
table[166] = 27;
table[167] = 28;
table[135] = 29;
table[151] = 30;
table[215] = 31;
table[223] = 32;
table[207] = 33;
table[143] = 34;
table[142] = 35;
table[14] = 36;
table[46] = 37;
table[38] = 38;
table[6] = 39;
table[2] = 40;
table[18] = 41;
table[82] = 42;
table[83] = 43;
table[211] = 44;
table[195] = 45;
table[203] = 46;
table[235] = 47;
table[239] = 48;
table[231] = 49;
table[199] = 50;
table[71] = 51;
table[7] = 52;
table[23] = 53;
table[19] = 54;
table[3] = 55;
table[1] = 56;
table[9] = 57;
table[41] = 58;
table[169] = 59;
table[233] = 60;
table[225] = 61;
table[229] = 62;
table[245] = 63;
table[247] = 64;
table[243] = 65;
table[227] = 66;
table[163] = 67;
table[131] = 68;
table[139] = 69;
table[137] = 70;
table[129] = 71;
table[128] = 72;
table[132] = 73;
table[148] = 74;
table[212] = 75;
table[244] = 76;
table[240] = 77;
table[242] = 78;
table[250] = 79;
table[251] = 80;
table[249] = 81;
table[241] = 82;
table[209] = 83;
table[193] = 84;
table[197] = 85;
table[196] = 86;
table[192] = 87;
table[64] = 88;
table[66] = 89;
table[74] = 90;
table[106] = 91;
table[122] = 92;
table[120] = 93;
table[121] = 94;
table[125] = 95;
table[253] = 96;
table[252] = 97;
table[248] = 98;
table[232] = 99;
table[224] = 100;
table[226] = 101;
table[98] = 102;
table[96] = 103;
table[32] = 104;
table[33] = 105;
table[37] = 106;
table[53] = 107;
table[61] = 108;
table[60] = 109;
table[188] = 110;
table[190] = 111;
table[254] = 112;
table[126] = 113;
table[124] = 114;
table[116] = 115;
table[112] = 116;
table[113] = 117;
table[49] = 118;
table[48] = 119;
table[16] = 120;
table[144] = 121;
table[146] = 122;
table[154] = 123;
table[158] = 124;
table[30] = 125;
table[94] = 126;
table[95] = 127;
return table;
} ();

View file

@ -1,15 +0,0 @@
{ stdenv, libgpiod }:
stdenv.mkDerivation rec {
pname = "agb";
version = "oct-24";
src = ./.;
buildPhase = ''
g++ --std=c++23 agb.cpp -o agb \
-L${libgpiod}/lib -lgpiodcxx -I${libgpiod}/include \
'';
installPhase = ''
mkdir -p $out/bin
cp agb $out/bin
'';
}

View file

@ -1,47 +0,0 @@
{
config,
lib,
pkgs,
...
}: {
systemd.network = {
enable = true;
networks = {
"50-wg0" = {
name = "wg0";
address = [
"10.10.10.6/24"
];
};
};
netdevs = {
"50-wg0" = {
netdevConfig = {
Name = "wg0";
Kind = "wireguard";
};
wireguardConfig.PrivateKeyFile = config.age.secrets."wg".path;
wireguardPeers = [
{
AllowedIPs = [
"10.10.10.0/24"
];
PublicKey = lib.trim (builtins.readFile ../../wg-keys/hackens-org.pub);
Endpoint = "129.199.129.76:1194";
PersistentKeepalive = 5;
}
];
};
};
};
networking = {
nameservers = [
"2620:fe::fe"
"2620:fe::9"
"9.9.9.9"
"149.112.112.112"
];
};
}

View file

@ -1,11 +0,0 @@
{
pkgs,
config,
lib,
...
}: {
age.secrets."wg" = {
file = ./wg.age;
owner = "systemd-network";
};
}

View file

@ -1,8 +0,0 @@
let
lib = (import <nixpkgs> {}).lib;
readPubkeys = user:
builtins.filter (k: k != "") (lib.splitString "\n"
(builtins.readFile (../../../pubkeys + "/${user}.keys")));
in {
"wg.age".publicKeys = (readPubkeys "catvayor") ++ (readPubkeys "sinavir") ++ (readPubkeys "agb02");
}

Binary file not shown.

View file

@ -1,14 +0,0 @@
{ ... }:
{
users = {
mutableUsers = false;
users = {
root.openssh.authorizedKeys.keyFiles = [
../../pubkeys/sinavir.keys
../../pubkeys/catvayor.keys
../../pubkeys/soyouzpanda.keys
../../pubkeys/sel.keys
];
};
};
}

View file

@ -1,5 +0,0 @@
{ pkgs, ... }:
{
# Enable sound.
# hardware.pulseaudio.enable = true;
}

View file

@ -1,6 +0,0 @@
{ pkgs, ... }:
{
imports =
[
];
}

View file

@ -1,10 +0,0 @@
{ ... }:
{
services.xserver = {
enable = true;
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
};
services.xserver.layout = "fr";
services.autorandr.enable = true;
}

View file

@ -1,50 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
...
}:
{
imports = [
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [
"ehci_pci"
"ahci"
"usbhid"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
# boot.kernelParams = [ "nomodeset" ];
fileSystems."/" = {
device = "/dev/disk/by-label/nixos-root";
fsType = "btrfs";
options = [
"ssd"
"noatime"
"ssd_spread"
"discard"
"space_cache"
];
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/BOOT";
fsType = "vfat";
};
swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ];
nix.maxJobs = lib.mkDefault 4;
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
}

View file

@ -1,33 +0,0 @@
{ lib, config, ... }: {
systemd.network = {
enable = true;
networks."50-wg0" = {
name = "wg0";
address = [
"10.10.10.4/24"
];
};
netdevs = {
"50-wg0" = {
netdevConfig = {
Name = "wg0";
Kind = "wireguard";
};
wireguardConfig.PrivateKeyFile = config.age.secrets."wg".path;
wireguardPeers = [
{
AllowedIPs = [
"10.10.10.0/24"
];
PublicKey = lib.trim (builtins.readFile ../../wg-keys/hackens-org.pub);
Endpoint = "129.199.129.76:1194";
PersistentKeepalive = 5;
}
];
};
};
};
}

View file

@ -1,9 +0,0 @@
{ ... }:
{
systemd.targets = {
sleep.enable = false;
suspend.enable = false;
hibernate.enable = false;
hybrid-sleep.enable = false;
};
}

View file

@ -1,16 +0,0 @@
{ pkgs, config, ... }:
let
netboot_efi = pkgs.fetchurl rec {
version = "2.0.82";
url = "https://github.com/netbootxyz/netboot.xyz/releases/download/${version}/netboot.xyz.efi";
hash = "sha256-cO8MCkroQ0s/j8wnwwIWfnxEvChLeOZw+gD4wrYBAog=";
};
in
{
services.pixiecore = rec {
enable = true;
openFirewall = true;
kernel = "${netboot_efi}";
extraArguments = [ "-d" "--ipxe-efi64" "${kernel}" ];
};
}

View file

@ -1,11 +0,0 @@
{
pkgs,
config,
lib,
...
}: {
age.secrets."wg" = {
file = ./wg.age;
owner = "systemd-network";
};
}

View file

@ -1,8 +0,0 @@
let
lib = (import <nixpkgs> {}).lib;
readPubkeys = user:
builtins.filter (k: k != "") (lib.splitString "\n"
(builtins.readFile (../../../pubkeys + "/${user}.keys")));
in {
"wg.age".publicKeys = (readPubkeys "catvayor") ++ (readPubkeys "sinavir") ++ (readPubkeys "hackens-milieu");
}

View file

@ -1,12 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 5rrg4g B36oMQ2IqhBXDaltfkba8gBjhTzHujh/KtpXmoBfIkE
ga5w9MzfwR2LwlSmeA0ddyx2Fms/ZSp1c8p/rC46OSE
-> ssh-ed25519 JGx7Ng wis78jvQlXpeK0rb50RNgliWwVaPqUYR66Dfxxq8+nk
awK/Il5jYV2s95GxDLkeRas0PjDKKnVE2HjKTOFyQco
-> ssh-ed25519 kXobKQ gYW3wXPQr756wsRQ6nKo4qQtT09OaEsnQmAX4G41PXQ
sa8Bhxfosqf1VNXfj+rS2ryJs9T4sZK13tx5j+NOCm4
-> ssh-ed25519 Dx1R2Q 2BLCykYc4lKLyBnDfJ6J7ZCD8CeX3vt2S2fLkwjeunw
ueU6TaxgeX9Cp98LkHy5pkaUaRGdcTHtV8CopEILv10
--- Ah6a49hN7wxxfR8C8Jczc/2jMAoTJoumYMj4PPKax2I
î)Bš+£Ín
c™ï<EFBFBD>ÁY<EFBFBD>ú-l™k<E284A2>ÛMF+ÞÙ<C39E>r1)æÞ¸aU=<3D>}%\õÔ²¶ =W~ã)Àp6nÜG%ð*ðâšk> ä

View file

@ -1,5 +0,0 @@
{
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only
}

View file

@ -1,45 +0,0 @@
{ pkgs, ... }:
{
imports = [
./wireguard.nix
];
networking.useDHCP = false;
systemd.network = {
enable = true;
netdevs."10-sit-he" = {
netdevConfig = {
Kind = "sit";
Name = "sit-he";
};
tunnelConfig = {
Local = "129.199.129.76";
Remote = "216.66.84.42";
};
};
networks = {
"10-uplink" = {
name = "enp1s0";
DHCP = "no";
address = [
"129.199.129.76/24"
];
networkConfig = {
Gateway = "129.199.129.1";
Tunnel = [ "sit-he" ];
};
};
"10-tun-he" = {
matchConfig.Name = "sit-he";
networkConfig = {
Gateway = [ "2001:470:1f12:d21::1" ];
Description = "HE.NET IPv6 Tunnel (owned by maurice)";
Address = [ "2001:470:1f12:d21::2/64" ];
};
};
};
};
networking.nameservers = [
"1.1.1.1"
"8.8.8.8"
];
}

View file

@ -1,19 +0,0 @@
{ ... }:
{
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.openssh.settings.PasswordAuthentication = false;
services.openssh.ports = [
22
2222
];
# Open ports in the firewall. (In fact not needed)
networking.firewall.allowedTCPPorts = [
22
2222
];
# Mosh <3
programs.mosh.enable = true;
}

View file

@ -1,43 +0,0 @@
{ ... }:
{
users = {
mutableUsers = false;
users = {
rlahfa = {
isNormalUser = true;
extraGroups = [ "wheel" ];
hashedPassword = "$6$y/I6nKCMYUku7$91vTR5kYz4nHyhbuA/j6kPsD8Vfo/Rg7ri6Ympftra9V6emOt/mPg0AScECtYjSIxretvfQ3sPUF1Ho0IWx381";
openssh.authorizedKeys.keyFiles = [ ../../pubkeys/raito.keys ];
};
gdoriathdohler = {
isNormalUser = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keyFiles = [ ../../pubkeys/gdd.keys ];
};
mdebray = {
isNormalUser = true;
extraGroups = [ "wheel" ];
hashedPassword = "$6$ujz06kXa4TgvPAbF$NaXkDuOUpf3.fBRh7JuygtS0V2U/Bz4N3DpbOznO.md44xEdlKwPH/pSbL9CQJBhI5kodaKZeSaoCyhzybBPA/";
openssh.authorizedKeys.keyFiles = [ ../../pubkeys/sinavir.keys ];
};
ecoppens = {
isNormalUser = true;
extraGroups = [ "wheel" ];
hashedPassword = "$2b$05$c7kIDOunRJvgncWq5pmbXupy/wzUzCvN3b/RHgl/BjlUw891wI.Oa";
openssh.authorizedKeys.keyFiles = [ ../../pubkeys/soyouzpanda.keys ];
};
hbarral = {
isNormalUser = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keyFiles = [ ../../pubkeys/backslash.keys ];
};
root.openssh.authorizedKeys.keyFiles = [
../../pubkeys/beigbeder.keys
../../pubkeys/sinavir.keys
../../pubkeys/soyouzpanda.keys
../../pubkeys/catvayor.keys
../../pubkeys/sel.keys
];
};
};
}

View file

@ -1,97 +0,0 @@
{
config,
pkgs,
lib,
...
}:
{
services.nginx.virtualHosts."hackens.org" = {
enableACME = true;
forceSSL = true;
};
# Si tu as des problèmes un jour, vide le cache avant tout
services.dokuwiki.sites."hackens.org" = {
enable = true;
settings = {
template = "bootstrap3";
license = "cc-by-sa";
title = "hackENS";
lang = "fr";
breadcrumbs = 0;
yourarehere = true;
userewrite = 1;
useacl = true;
htmlok = 1;
target._raw = ''
array(
'extern' => '_tab'
);
'';
sitemap = 7;
disableactions = "register";
superuser = "@admin";
start = "accueil";
tpl.bootstrap3 = {
showAddNewPage = "logged";
fluidContainer = 0;
};
plugin.htmlok.htmlok = 1;
};
pluginsConfig = {
authad = false;
authldap = false;
authpdo = false;
authmysql = false;
authpgsql = false;
popularity = false;
};
plugins = [
(pkgs.fetchFromGitHub {
name = "catlist";
owner = "xif-fr";
repo = "dokuwiki-plugin-catlist";
rev = "147793e2b41e8cb6465df888eecfbc4ee54fb68a";
hash = "sha256-kTL0Hm4BeWpmusLnybmBM9JPpx+ss0e/cusDHu6hH2I=";
})
(pkgs.php.buildComposerProject (finalAttrs: {
pname = "commonmark";
name = "commonmark";
version = "1.3.1";
composerStrictValidation = false;
src = pkgs.fetchFromGitHub {
owner = "clockoon";
repo = "dokuwiki-plugin-commonmark";
rev = "671ab735193ffb1324064ff0ddb92f63408b8580";
hash = "sha256-0WFz71O6GLVZ1Mf5eu96cQ3t+H6F6VtlC3hNtlANwBs=";
};
vendorHash = "sha256-QnFdwc6IfdH98Hbm9jt6E/rO+u6I7kZqb7+hRnPra9I=";
postInstall = ''
rm -r $out/share
cp -r . $out
'';
}))
(pkgs.fetchFromGitHub {
name = "htmlok";
owner = "saggi-dw";
repo = "dokuwiki-plugin-htmlok";
rev = "f186dda6240c61079cd9166c1f17aabefa21c7d8";
hash = "sha256-3s+WAb1BG2mq8+wxpQ6HgPJZ+dx6v5e+vMXaOiLYceo=";
})
];
templates = [
(pkgs.fetchFromGitHub {
name = "bootstrap3";
owner = "giterlizzi";
repo = "dokuwiki-template-bootstrap3";
rev = "v2022-07-27";
hash = "sha256-B3Yd4lxdwqfCnfmZdp+i/Mzwn/aEuZ0ovagDxuR6lxo=";
})
];
};
}

View file

@ -1,91 +0,0 @@
{
pkgs,
lib,
config,
...
}:
let
src = pkgs.fetchgit {
url = "https://git.rz.ens.wtf/HackENS/gestiojeux.git";
rev = "HEAD";
hash = "sha256-ly786xct9U4hdsHr7NLl23smnOfE891au9/GXqxpFb4=";
};
in
{
imports =
[
];
systemd.services.django-gestiohackens.serviceConfig = {
DynamicUser = lib.mkForce false;
User = "django-gestiohackens";
SupplementaryGroups = [ "nginx" ];
};
users.users.django-gestiohackens = {
group = "django-gestiohackens";
isSystemUser = true;
};
users.groups.django-gestiohackens = { };
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts."inventaire.hackens.org" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
proxyPass = "http://localhost:51667";
};
"/media/".alias = "/var/lib/django-gestiohackens/media/";
"/static".root = config.services.django.gestiohackens.staticAssets;
};
};
};
services.django.gestiohackens = {
inherit src;
enable = true;
mainModule = "gestiojeux";
port = 51667;
settings = {
DEBUG = false;
CSRF_COOKIE_SECURE = true;
AUTHENS_ALLOW_STAFF = true;
SESSION_COOKIE_SECURE = true;
MEDIA_URL = "media/";
ALLOWED_HOSTS = [ "inventaire.hackens.org" ];
DATABASES = {
"default" = {
"ENGINE" = "django.db.backends.sqlite3";
"NAME" = "/var/lib/django-gestiohackens/db.sqlite3";
};
};
HAYSTACK_CONNECTIONS = {
"default" = {
"ENGINE" = "haystack.backends.whoosh_backend.WhooshEngine";
"PATH" = "/var/lib/django-gestiohackens/whoosh_index";
};
};
MEDIA_ROOT = "/var/lib/django-gestiohackens/media";
};
extraPackages = ps: [
ps.django-autoslug
ps.loadcredential
ps.django-cleanup
ps.django-haystack
ps.django-markdownx
ps.django-tables2
ps.pillow
ps.whoosh
ps.markdown-icons
ps.authens
ps.qrcode
ps.pillow
# Django haystack is drunk
ps.setuptools
];
secrets = {
SECRET_KEY = config.age.secrets.django-gestiohackens.path;
};
};
}

View file

@ -1,59 +0,0 @@
{ config, ... }:
let
host = "grafana.hackens.org";
port = 3033;
in
{
services = {
grafana = {
enable = true;
settings = {
database = {
type = "postgres";
user = "grafana";
host = "/run/postgresql";
};
server = {
domain = host;
enable_gzip = true;
enforce_domain = true;
http_port = port;
root_url = "https://${host}";
router_logging = true;
};
users = {
default_theme = "system";
default_language = "en-GB";
};
};
};
postgresql = {
enable = true;
ensureDatabases = [ "grafana" ];
ensureUsers = [
{
name = "grafana";
ensureDBOwnership = true;
}
];
};
nginx.virtualHosts.${host} = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${builtins.toString port}";
proxyWebsockets = true;
recommendedProxySettings = true;
};
};
};
}

View file

@ -1,39 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [
"uhci_hcd"
"ahci"
"virtio_pci"
"virtio_blk"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/8deb32c9-ee6a-4de8-94da-239c8ec509a2";
fsType = "btrfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/0795-75ED";
fsType = "vfat";
};
swapDevices = [ { device = "/dev/disk/by-uuid/bd7c1c01-ce31-4db3-9c06-70716020e24a"; } ];
}

View file

@ -1,25 +0,0 @@
{ lib, pkgs, ... }:
let
wsScraper = pkgs.callPackage ./websocket-exporter.nix { };
in
{
systemd.services.kfet-open-recorder = {
environment = {
WEBSOCKET_EXPORTER_URI = "wss://cof.ens.fr/ws/k-fet/open";
WEBSOCKET_EXPORTER_MATCH_TYPE = "contains";
WEBSOCKET_EXPORTER_EXPECTED_MESSAGE = "open";
WEBSOCKET_EXPORTER_LISTEN_ADDR = "127.0.0.1";
};
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
wants = [ "network.target" ];
serviceConfig = {
ExecStart = "${lib.getExe wsScraper}";
Restart = "always";
RestartSec = 5;
DynamicUser = true;
StateDirectory = "kfet-open-recorder";
};
};
}

View file

@ -1,61 +0,0 @@
diff --git a/websocket_exporter/probe.py b/websocket_exporter/probe.py
index a95b97e..a7b057e 100644
--- a/websocket_exporter/probe.py
+++ b/websocket_exporter/probe.py
@@ -3,28 +3,29 @@ import logging
from time import perf_counter
from typing import Union
-from websockets import NegotiationError, client, InvalidStatusCode
+from websockets import InvalidStatusCode, NegotiationError, client
-
-EXACT_MATCH = 'exact'
-CONTAINS_MATCH = 'contains'
+EXACT_MATCH = "exact"
+CONTAINS_MATCH = "contains"
class ProbResults(object):
def __init__(self, up: int, latency: float = 0, received: int = 0):
self.up = up
self.latency = round(latency, 2)
- self.received = int(received) if received is not None else "NaN"
+ self.received = int(received) if received is not None else 0
def __str__(self):
if self.up:
return f'Websocket up, latency:{self.latency}s, expected response {"" if self.received else "NOT"} received'
- return f'Webserver DOWN'
+ return f"Webserver DOWN"
class WebSocketProbe(object):
- def __init__(self, uri, message=None, expected=None, match=CONTAINS_MATCH, timeout=10):
+ def __init__(
+ self, uri, message=None, expected=None, match=CONTAINS_MATCH, timeout=10
+ ):
"""
Create a websocket probe that tries establishing a connection and reports the metrics
:param uri: starts with 'ws://' or ws://
@@ -68,13 +69,17 @@ class WebSocketProbe(object):
elapsed = 0
while elapsed < self.timeout:
try:
- resp = await asyncio.wait_for(connection.recv(), timeout=(self.timeout-elapsed))
+ resp = await asyncio.wait_for(
+ connection.recv(), timeout=(self.timeout - elapsed)
+ )
if self._match(resp):
return True
await asyncio.sleep(1)
elapsed += 1
except asyncio.TimeoutError:
- logging.info(f'Time out while waiting for {self.expected_message} from {self.uri}')
+ logging.info(
+ f"Time out while waiting for {self.expected_message} from {self.uri}"
+ )
return None
return None

View file

@ -1,40 +0,0 @@
{
lib,
python3,
fetchFromGitHub,
}:
python3.pkgs.buildPythonApplication rec {
pname = "blackbox-websocket-exporter";
version = "unstable-2021-12-15";
pyproject = true;
src = fetchFromGitHub {
owner = "smohsensh";
repo = "blackbox-websocket-exporter";
rev = "6f9f32396f740fe606bf1b0118a27ad5caa3d9a6";
hash = "sha256-+G7xw5631TllDGNzVK9swbSNfVu4r4glbYIblEa0WqA=";
};
patches = [
./patch
];
nativeBuildInputs = [
python3.pkgs.setuptools
python3.pkgs.wheel
];
propagatedBuildInputs = with python3.pkgs; [
prometheus-client
websockets
];
meta = with lib; {
description = "A Blackbox Websocket Uptime Exporter for Prometheus";
homepage = "https://github.com/smohsensh/blackbox-websocket-exporter";
license = licenses.mit;
maintainers = with maintainers; [ ];
mainProgram = "websocket_exporter";
};
}

View file

@ -1,55 +0,0 @@
{
services.nginx.virtualHosts = {
"www.hackens.org" = {
forceSSL = true;
enableACME = true;
extraConfig = ''
return 301 $scheme://hackens.org$request_uri;
'';
};
"new.hackens.org" = {
forceSSL = true;
enableACME = true;
extraConfig = ''
return 301 $scheme://hackens.org$request_uri;
'';
};
"pass.new.hackens.org" = {
forceSSL = true;
enableACME = true;
extraConfig = ''
return 301 $scheme://pass.hackens.org$request_uri;
'';
};
"known.hackens.org" = {
forceSSL = true;
enableACME = true;
extraConfig = ''
return 301 $scheme://hackens.org/known$request_uri;
'';
};
"prez.hackens.org" = {
forceSSL = true;
enableACME = true;
extraConfig = ''
return 301 $scheme://hackens.org/prez$request_uri;
'';
};
"pub.hackens.org" = {
forceSSL = true;
enableACME = true;
extraConfig = ''
return 301 $scheme://hackens.org/pub$request_uri;
'';
};
"2048.hackens.org" = {
forceSSL = true;
enableACME = true;
extraConfig = ''
return 301 $scheme://hackens.org/2048$request_uri;
'';
};
};
}

View file

@ -1,60 +0,0 @@
{
pkgs,
lib,
config,
...
}:
let
port = 52187;
configFile = pkgs.writeText "metterbridge.toml" ''
[irc]
[irc.ulminfo]
Server="ulminfo.fr:6697" # Ou ens.wtf tu choisis.
Nick="roBOT"
UseTLS=true
Charset="utf8"
PrefixMessagesWithNick=true
RemoteNickFormat="<{NICK}> "
[mattermost]
[mattermost.merle]
WebhookBindAddress="0.0.0.0:${builtins.toString port}"
PrefixMessagesWithNick=false
RemoteNickFormat="{NICK}"
[[gateway]]
name="hackens"
enable=true
[[gateway.inout]]
account="irc.ulminfo"
channel="#hackens"
[[gateway.inout]]
account="mattermost.merle"
channel="town-square"
'';
in
{
systemd.services.matterbridge = {
description = "Matterbridge chat platform bridge";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
script = ''
${pkgs.matterbridge}/bin/matterbridge -conf ${configFile}
'';
serviceConfig = {
User = "matterbridge";
Group = "matterbridge";
Restart = "always";
RestartSec = "10";
EnvironmentFile = config.age.secrets."matterbridge-env".path;
};
};
users.users.matterbridge = {
isSystemUser = true;
group = "matterbridge";
};
users.groups.matterbridge = { };
networking.firewall.allowedTCPPorts = [ port ];
}

View file

@ -1,54 +0,0 @@
{
pkgs,
lib,
config,
...
}:
let
src = pkgs.fetchgit {
url = "https://git.rz.ens.wtf/HackENS/hackens-orga.git";
rev = "HEAD";
hash = "sha256-BiOKGeDPVp7EV/q4S9Zc54jUeBTpfOs5e/MsCPGAk/I=";
};
in
{
imports =
[
];
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts."hackens.org" = {
locations = {
"/orga" = {
proxyPass = "http://localhost:51666/orga";
extraConfig = ''
proxy_set_header SCRIPT_NAME /orga;
'';
};
"/static".root = config.services.django.hackens-orga.staticAssets;
};
};
};
services.django.hackens-orga = {
inherit src;
enable = true;
mainModule = "hackens_orga";
settings = {
DEBUG = false;
ALLOWED_HOSTS = [ "hackens.org" ];
DATABASES = {
"default" = {
"ENGINE" = "django.db.backends.sqlite3";
"NAME" = "/var/lib/django-hackens-orga/db.sqlite3";
};
};
};
extraPackages = p: [
p.authens
];
secrets = {
SECRET_KEY = config.age.secrets.django.path;
};
};
}

View file

@ -1,6 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = [
pkgs.vim
];
}

View file

@ -1,68 +0,0 @@
{ config, ... }:
let
host = "prometheus.hackens.org";
port = 9091;
in
{
services.prometheus = {
enable = true;
inherit port;
checkConfig = "syntax-only";
enableReload = true;
listenAddress = "127.0.0.1";
webConfigFile = config.age.secrets."prometheus-webconf".path;
webExternalUrl = "https://${host}";
retentionTime = "5y";
extraFlags = [ "--storage.tsdb.retention.size=2GB" ];
rules = [
''
groups:
- name: Chrony
rules:
- record: instance:chrony_clock_error_seconds:abs
expr: >
abs(chrony_tracking_last_offset_seconds)
+
chrony_tracking_root_dispersion_seconds
+
(0.5 * chrony_tracking_root_delay_seconds)
''
];
scrapeConfigs = [
{
job_name = "prometheus";
static_configs = [ { targets = [ "localhost:9090" ]; } ];
}
{
job_name = "chrony";
static_configs = [ { targets = [ "10.10.10.3:9123" ]; } ];
}
{
job_name = "kfet";
static_configs = [ { targets = [ "127.0.0.1:9802" ]; } ];
}
];
};
services.nginx.virtualHosts.${host} = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${builtins.toString port}";
proxyWebsockets = true;
recommendedProxySettings = true;
};
};
}

View file

@ -1,80 +0,0 @@
{
sources,
lib,
pkgs,
config,
...
}:
{
services.django.ragb = {
enable = true;
src = pkgs.ragb-src + "/frontend";
settings = {
DEBUG = false;
WEBSOCKET_ENDPOINT = "https://agb.hackens.org/api";
ALLOWED_HOSTS = [
"127.0.0.1"
"agb.hackens.org"
];
DATABASES = {
"default" = {
"ENGINE" = "django.db.backends.sqlite3";
"NAME" = "/var/lib/django-ragb/ragb_frontend.sqlite3";
};
};
};
processes = 2;
threads = 4;
port = 9991;
extraPackages = p: [
p.authens
p.pyjwt
];
secrets = {
SECRET_KEY = config.age.secrets.ragb.path;
JWT_SECRET = config.age.secrets.ragbJWT.path;
};
};
services.nginx.virtualHosts."agb.hackens.org" = {
forceSSL = true;
enableACME = true;
locations = {
"/" = {
proxyPass = "http://localhost:9991";
};
"/api" = {
proxyPass = "http://localhost:9999";
proxyWebsockets = true;
};
"/static".root = config.services.django.ragb.staticAssets;
"= /api-docs" = {
return = "302 /api-docs/";
};
"/api-docs/" = {
alias = "${pkgs.ragb-src + "/api-docs/"}/";
extraConfig = "autoindex on;";
};
"= /api-docs/patch.json".alias = pkgs.ragb-src + "/frontend/patch.json";
};
};
systemd.services.django-ragb.serviceConfig = {
Wants = [ "ragb-backend.service" ];
};
systemd.services.ragb-backend = {
script = ''
export JWT_SECRET=$(cat $CREDENTIALS_DIRECTORY/jwt_secret)
export BK_FILE="$STATE_DIRECTORY/data.json"
export BIND_TCP="10.10.10.1:1235"
export RUST_LOG=debug
${pkgs.ragb-backend}/bin/ragb-backend
'';
serviceConfig = {
LoadCredential = [
"jwt_secret:${config.age.secrets.ragbJWT.path}"
];
DynamicUser = true;
StateDirectory = "ragb-backend";
};
};
}

View file

@ -1,31 +0,0 @@
{ ... }:
{
age.secrets."django" = {
file = ./django.age;
};
age.secrets."ragbJWT" = {
file = ./ragbJWT.age;
};
age.secrets."ragb" = {
file = ./ragb.age;
};
age.secrets."snipeit" = {
file = ./snipeit.age;
owner = "snipeit";
};
age.secrets."django-gestiohackens" = {
file = ./django-gestiohackens.age;
};
age.secrets."matterbridge-env" = {
file = ./matterbridge-env.age;
owner = "matterbridge";
};
age.secrets."wg-key" = {
file = ./wg-key.age;
owner = "systemd-network";
};
age.secrets."prometheus-webconf" = {
file = ./prometheus-webconf;
owner = "prometheus";
};
}

View file

@ -1,30 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 JGx7Ng UMbo24t6bweWPSYr1MUpjW96t3+usu+M3+WmLkJpSTc
vW8wOX/E6p3YEh8rRObScdcKB+uCtVIEOQ58HXSHYRU
-> ssh-ed25519 kXobKQ wEsnzLjnW+tdNvBHYBL+pLQh0GsAviTiD7tODc+5nSc
gW8TEewhh4N0ed6KNe+PYBQuEmuL8iO+KxLQt2imbbo
-> ssh-ed25519 7hZk0g 2Y9Y3DSR9Zt5N1XXckNMlHEpczvsyruqBue54fC4lQY
1UTRMGuN4uXR2ljP+3h7y58dU9C4GCkfKMY6l6GgRas
-> ssh-ed25519 5rrg4g 6ILvq1I6OlTmvxhgo145YUdpNxZomFvCYl7nguL10kI
7DPETzO4s3J4+lHIlkWvo4M0zH2792NttKBIJ09xii4
-> ssh-rsa krWCLQ
LdJzAaTTOSSxXTjLEv2n3pRjDJ8Cv/rLZZCsadK2vIK/2swax5loeprUzx60xRUt
3qLZuXocsE1S8sUq4E0lzyQXmJj3DtgjWFvvhDhsx+UnUPB/S7yojlNPLsqSxJkO
r5p6dvXsngF78BDDlFU/DnDI/tMnH6wL5PqV7iZiosSmASWxHMAQYcWGNZqdV1xl
9q2txZF7LxvE1S2eUOFcXTC7r8Z/kBt7XqPfGyBWI1wYPG2r2Zw+tbO8S04iZExT
Lj2YGnrNGGwNbREoqhMwAxDM6fLVoNnhHXoVQvCkr/wxk+sh2/Lt1ivcTT7Ua2YG
ApaavUan7cEs3ghnanM+6A
-> ssh-ed25519 /vwQcQ oaIOirE4++Kx76xSCoQ8EKmnI3Zh8rzou0XACYVY3Gw
H9DsHQPdKaN/5bz4kf224NiJ8W1ykGx9tARd5UUrMbc
-> ssh-ed25519 0R97PA SujU6d2DMDGX4zxsQwQTLFM2ap/3ni2y7zpU8BksTw0
zLuD8EwORd5aDOFBpE0Nm5gHpi8ChRobg6v7r1sNfMU
-> ssh-ed25519 cvTB5g t62LJ9atiYi5K+CBXXLB9obIZRWBKxrC896q6iCz/mA
WYkA2muGBMuXlO5ebnul3NkidNcyIWecAdNTo03trf0
-> ssh-ed25519 Wu8JLQ 3gzrf2TLDbG3YtMmO0qKVKiEPw+arN8DJvNiC09/4wg
bYCCgA0ve55hKEjGFa+nAelWiYWy6WFHss9R6uEjiUI
-> ssh-ed25519 EIt1vA kKs5NcxlLTt3iGD8stN7nOgOfomKEv2aZZ969dZNFlg
IQT3Fx9Egd4kJ6Q3gsbiymu8EHSrjG1F7T5Uz76Z6Bo
-> ssh-ed25519 X51wxg GU838E9JPhdAkYgRRcYi+gMsFFUTvY4iciFi9b43WhY
vsHQ70mCsW0NUzMKjgRq6czFD8FwIFj6uo/jklPzI68
--- axO8MoSOSkcp2HcVpAz9tQuuf0Unh2Ri20S60/Yq6xA
i¸0ä<36,Û{àu$apG7¢—Ú10Y•&«Øf7(&{3Û]àƒcÝ“ ¶>l¶P"$`ÝU(9¨ì5+°îJî^¼æé‚Ï»|†Õ:~

View file

@ -1,31 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 JGx7Ng IWxk65t5YAq/Sg+0CCcLGJyDhvPydKm1D9rYAfCDjUc
ckB1V+J7Qddbt9EILraMge9RrThyTU2al5Eg6ffD7C4
-> ssh-ed25519 kXobKQ ZEECnMHvZL3+JfkQpSjuzIuGfcLIIcudeiMlanUUBhc
pBWa6DxVrinuv6urFDKPW2kSaa95FVFCXOFwMQ/X1RY
-> ssh-ed25519 7hZk0g la8ZgkcqYQgFzYoqgkZrdSuaK+89mPx9UbiSWGOVXjQ
4NWbJtWRUnZGMMLyDLArvZktfVfhXmgtn7h5oghH5Ms
-> ssh-ed25519 5rrg4g KC9SOs8NJ18pbE4/HwHmX8W5XSeu528dFl2tEt3JfW0
at+D2BMK1UAPsA2fkhMW5uHUjJSK2p+BPeFcfqyD/LA
-> ssh-rsa krWCLQ
U0DpCXNugnsPlWvDJZIwlFA3lCg/uihhLmLFYsdpwpx7kdyRF3KGn9p4X0kfjNQa
PjT7akh+xaCC9a3GRDEsc3B4L6M/91YdiIX5kCtWccT3fFkdC8xrHnVblE0h6vYM
+I4ay5PR9etittiMIb3coanBU5gZpAhCFvSNjWIV3YvchpOtWO2PL8rR9fRqDfmT
BdTZMUOm01vuFuPFKmzKNbQS5ydwydv8BGc1MktqoyhafYVBirnVcwtsTQKZKDEL
CBNgH81down+UFaCi/FTSffkBtBfnl1mzCF3TJ0CrSeEMgyY5yxvtWHUksDzznfJ
C2ev+95nbRYUSM+OOBABHQ
-> ssh-ed25519 /vwQcQ C7TusZYxTvR03xbxEmUf8+ePmdTRBbi4eAeg2+kbAAY
3YpLUT5mmGLSel0vPpDUwPyFav1z/HCAsPsYA7woQas
-> ssh-ed25519 0R97PA iQRH2sRnDsNoWuom8fVt8naGMrVAX3JAPmwnU/pZ3m8
CipYmklGkMXYlWyhatEj7cGk51RNdfkkwlKPz26Q220
-> ssh-ed25519 cvTB5g 05g8kd7yu1+4JzFCrqMEZ6QNsO8VE2egXOUR73fo/hM
AY/8cMfVTyOY4z08Hz6cLnKrM1GYZbbgpwPVnwnJ3NU
-> ssh-ed25519 Wu8JLQ Bn0shD1/Uzb3VdAOuyNeHSzLaboxhAUsqQWXycZYDFc
V2EHtwK0CUdLYCzia43m4WmBxFy8frfR0hkdIkARnl4
-> ssh-ed25519 EIt1vA FmznskIDNtFkD6HD64uL5OS2rwPwT1S5lCirtYFW0Rk
3TKTCN45ygLTcrfSRdsXJZKdoz+A3tP7lXbNn2NOhvk
-> ssh-ed25519 X51wxg X3KyzjW97PF8CFcb0NWW5F6JNMZslmP22d0+r0FRvlo
mZq7lSEnD3Ui7hcloSCdTH/q4mB2q6lFTvzMRS+BCb4
--- 4u64XNKKDMEaWeL4wLdkOgugYTkrqpfoFeG/BW4/zK8
)Éé9çèñ”ÖÙ
È.kâùô}O<>0Š«6ï'¥áJ¼}ŒýW(„ÖÖ·V>dè$ö8icjw hÂ<aöÞ¿43Ð5NŒUºÎÎègYÃ

View file

@ -1,30 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 JGx7Ng 6s1XuhN3TFuW433ZrghssoyScvjqG6tg+ZSvHBwYOjQ
54ijsvv7CO/1L9ib4fgiRAQHmlU2r3j/fbc79qiAo38
-> ssh-ed25519 kXobKQ WMApvaovS/ddPbz7Eh9bCF3SzmUJN1NQGMKzWCJ6jQc
3NehvO3X7uMU/H7g7d4nFsmHk0PhXrRT1XetWUBHAnY
-> ssh-ed25519 7hZk0g RqNPzJqoSY1umAJE/FPZ+MR0R9eCDdxonzuh3uMBRhI
Cfou0mqV4gHGP7OJbgPm8VotU4cM5YVX3iUkd6myU+E
-> ssh-ed25519 5rrg4g mSZUVF9y4vYfBbjgP0UnSfgaGTC3/Yx+fAFquA5022E
1yiri7+CZTSUhPpJlo9f1EraRVl3Ihw4wtjgXJPMRqY
-> ssh-rsa krWCLQ
gMc7ogvibqMuboKqSgqfedIxqyhhljJFp5zI2bK6D5rdcV5CIPVz2xQdk4h678Qg
8pYlg1+UDu+JyXvJgtWZHYMGSs17woIYZmw9UQh+IYMo4Qn89tn4QN4exYwB+7gm
dWEqo7GggWG0Mu2w2OVu2oB1D5aUvF940hUCyl40V7hIkMpJwFfMfvvD04XsScXV
GLpWNYcWIQNaBAxTWRGkpt9jvD1W/DjsOUhOk0BP5hnSPm39awfLFRo3wWFBiaDq
yPRi6P8AJdVWS2n+KdQ1j5dLo19DngkUAmepIR+oiNvgIFKqDAvIB5y30d3guGdP
7zCS7IEOOMLQvBiq99DU2Q
-> ssh-ed25519 /vwQcQ GWEth3AXh2blSPzXzyqaHdRlA+Qmopvdk9DfL69PVlk
sVq7EbVmJ0SnYLueCHB5zOr/aR9QurTqtMIXGdL22cY
-> ssh-ed25519 0R97PA gZLoe8C+FTOXM0i4VWBwBSNSxZhfxG6U3pakRBDwZ0k
LKxzJofqUfdY1swAbRNcOcWfZJ1lbp7S20y+dfjKvUU
-> ssh-ed25519 cvTB5g GbEB6Z/6A/ntU8truri+tshuy5tqYSSo5SF0Brt0VgI
DOkGd68tE85ajEBmKUx9HXiKLjCdUf/tKME6+Ems/RA
-> ssh-ed25519 Wu8JLQ tOF/Dc72uMnmQy4rNjPoRzVhQEuwiYLrmmdCsmJ5wEk
RS5erkX1HIvTDw6g8qrOtZy1zpCphnGw/bqT4F0Q6/8
-> ssh-ed25519 EIt1vA tSBgk0ljTD1pLRsw7axRh2zl+vIMISjrw7zrr01TBB0
hb3kb12kRHCxMeBlxjg6tJpgQpHzJkovH5ncuM4MzNA
-> ssh-ed25519 X51wxg Gy0QJbua5ZoNYDnuQXlPVFxQvm7SSOMUR0uDRI719gk
VEYU1qazlM62F2xsXIFhIAEL4ssWW8o2/e07NguMp88
--- VwkrST6cm5HpWtRWBM4tkk14C/NwtxpBbXHVj6ouyxk
(`WÊ;+u'oÓj Ý<> —õ{ïMÄP0žDèÈ™J}Å<>¯»È{ìætˆ°ïj`ÂK:׸ŠI;™çA2ÿCÕ+ ö\Nú

View file

@ -1,32 +0,0 @@
let
lib = (import <nixpkgs> { }).lib;
readpubkeys =
user:
builtins.filter (k: k != "") (
lib.splitString "\n" (builtins.readFile (../../../pubkeys + "/${user}.keys"))
);
keys =
(readpubkeys "sinavir")
++ (readpubkeys "hackens-host")
++ (readpubkeys "catvayor")
++ (readpubkeys "raito")
++ (readpubkeys "gdd")
++ (readpubkeys "backslash");
in
{
"matterbridge-env.age".publicKeys = keys;
"snipeit.age".publicKeys =
keys;
"ragbJWT.age".publicKeys =
keys;
"ragb.age".publicKeys =
keys;
"django.age".publicKeys =
keys;
"django-gestiohackens.age".publicKeys =
keys;
"wg-key.age".publicKeys =
keys;
"prometheus-webconf".publicKeys =
keys;
}

View file

@ -1,30 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 JGx7Ng XPTwmcI9Xyu3ulX68UgyFhORwDsbTAvcaTDhGKzcAFs
EkDJhGqFqtW4VMIKN9SMU3MrwIf+3Y50Ku0ToKf/wJI
-> ssh-ed25519 kXobKQ /Z+Qh1kUFI+X97VsebUHv51+XyJT2fZWsDF0TFdl0A0
8W13NrPTb1aoDYA5M7Xej5R/DJ2YLyngx/UzIAIVnXU
-> ssh-ed25519 7hZk0g xRggNYJuJGAR4uSeZeoZI7tNqorkc1BDEO+Jz6saKH4
xYKIqp/E0GQ1t5VhOWBpCi8WgLSDDZuKbOg6l7Htjuk
-> ssh-ed25519 5rrg4g hW1VZuxL+eCGeUJDhDXg3L9h1KMp/OTpTvj2bOPIwnU
s3Fvjx/jFCPa6dG5RgJseJPYf4LcojDSq4mtbEza+sc
-> ssh-rsa krWCLQ
AwxiOyNOxRKOA3B6sbnFm97UABVXnuXdddHhl0Qk0jGdJtK/Gg3IQ3RAUPdW46e4
S3LsQ+REqcA33h3DUhh6Yaz3agAvNtqFfp3h3Wy1+tVsIKQx9T6rEg7XcyWlQGg6
/sLkLMKg2kcMxTZFjGlYfoRMu/yMD3I+M/3DMZiccSYTa+Z+cJ13ERDmhLVh5X+j
R/v3JMM0vupwjxWnVdMJNAz2dLNawWTFIBN1IVAgYPyaVrL99H65CPLUAeN2CVx6
I8bEOJ15tk5q8yzX8DwTfJnXYBP+FyN8WVS0v5WfxSvB/ME6VtjeuZRd2h/nPpbc
FKZgZZt94GDjZLl+zHff5w
-> ssh-ed25519 /vwQcQ ct0vQfUsUO8gg2kU41lVDB2acgxuT8hCKWHZwymkFzM
Eu3YaXAVUoF6q2xhk4B77mCTYCqL87rbqZeFNBtYrWA
-> ssh-ed25519 0R97PA xwM4ukaEfI0B93YHSU9f77F6VvnZZctR03regzrDDF4
uoL8wz3iqzB5dnS8z+wRIAu5CmHM8yjnJFduoDtjlAM
-> ssh-ed25519 cvTB5g czmtpirWtnbAjcJEOkLSc2Sfr4SXmtE+e7pS+AE86Co
s20XHgWekxWvP4nypSUZ0YgKWyDobm/3lNA4REUvUGQ
-> ssh-ed25519 Wu8JLQ l4hH8MAJesz5jXzSDf8SDCXNcp8jWJnq0SRYyCCPNB0
Y4XOuoxWXGDnrdhu7aCf8sJNYN/loaKc1bx81KaDAFc
-> ssh-ed25519 EIt1vA eMUqUckKwH5ubKSY8swqT3jfUi9loZKerl9WljV8Hxo
AJL3yBcCaitwOYHL74dymm1cngBf47Yq2jiGJoxeC0g
-> ssh-ed25519 X51wxg I8aIi5liVlYQointFhCCIj5OiRrjhyxWOJdu7JAg3x8
rqPx/8e8e2nNiRwzH61HXA++a5HTyRjMU46c1Tm97yk
--- t53Ft5ztsJLbK0jJZ7uolsbf+NZij6A++98DeqroOro
ºåjKË}§Ú³Ý9QŸ<ïm#ž>EÔ—9+)Äí_³äaTaÔiSR̵}½ RoP= Õëž-Æ<JœÈ”66 Æ+<2B>

View file

@ -1,30 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 JGx7Ng HCBkB8gfYUDnWwaPlGquE39fnEBvm0cEVxL8Vuh/f2Y
yJapxn2cVn0QjEnpGUq+gfdf+V8f5Mji2JhqPUH13WI
-> ssh-ed25519 kXobKQ 9flhpuGn/MgqRlT4AlphvNRf9ktnuyFvyQrK7eeKbXE
hHpPk2m4XWKgbwNv16Vzh8uJkpk0kwN1WqC4G4rGL5E
-> ssh-ed25519 7hZk0g /DQi1BAovPKmel2zgchEhZkxr9v8ZxVXe6SRuX/yjxg
KALPbUNK6YGvSiNfgQGSdZriJokpHUmO/vVtW9Sfm+I
-> ssh-ed25519 5rrg4g NqFtTNIaoTYEhq7SzFCVD+t2AZ03ANe+kqhDQHmd7zA
NDYBZIdGLItcHPmYRHZ1DZ5vhlR1Qt0PPtDqRxfo9hg
-> ssh-rsa krWCLQ
tylZdWKOsro4O2g5Oa34ALB3hDmb5krinvk7sXBKQWj+QaRA/J6geAUq7pHGM+zs
MehzMsdJX4tklCUE8ECh5clwdfnTl57m+V9jdD88CAgscyFsMHdX2BEIjzGN3kB1
jYzDO7sLoOx6k8eiQaPFtxkT/tYPI9vpdyyyxKS5thowmQ99NSZQUHaMTqmC36H3
sCr1uyFPrKTEoCZe9Klsdz2KxaPPd7oOo7J5VU4SeiosPfNFhO9kDQ5xRn3SDClD
PMUFhjRxmWjNY4aQqUxi9lJWK35pb87mZNdaPZXH18mbraTIuI08B3KTrR5112PW
oDTckZo3szhzR2JJ0cTG6Q
-> ssh-ed25519 /vwQcQ b9mdEG1+JMJxDBp6b0wU/JGM4Mldh7w7jf4pghb+ejw
1GfaMyOkfHD/I/OvHNjd1kzdT1vWnbR1fAP4za++c5g
-> ssh-ed25519 0R97PA 0DdkxpjsoA6ERi43skpS7/lyttMlJu5BcNFSAF3+g34
tz3fM0C+zT6enFgiqbKwiBWLTdOS2xKLZQOngRpf5q4
-> ssh-ed25519 cvTB5g aL+EY/DYolrhoaKHPpAvPr3rNO3vThV+uqX9m39jEG4
cnFq0cgCWac07x+6Fu+M9os6wxPxfoHcSJ+8ispYkPk
-> ssh-ed25519 Wu8JLQ wwQGruBxZ8tUHGw08B7ezoPj1ddPlWmemmm8aI6EIRE
0WUod40m3tVP+mTx2B9b/4AoT1kcXAeNVMnj8BLFRuM
-> ssh-ed25519 EIt1vA zYOPPPZgk4NIUyInXyoapCRkg/dshOuRPnKuwJyM7lM
Jn8J2sQn1qrtH4OANx73OYsBChGUB2fuWaB38pEhbm8
-> ssh-ed25519 X51wxg 9ofVG6z1+KwMkk97WViCDfnAXTNgFzQYBBsEYhBP1yw
wwWlCbJ2xOWR9FZw+apjn11MQqKSeyHsRJYvFEV+0VU
--- QU5Ewm2faKYtF6HK7hagXVPSjzqjQbaZ6/wPJ61eDCI
<EFBFBD>ž×ÝnšÓ£*¨…¯;©uï~õls0Ô¤¾íM5fÎjhâå§iž¤Ÿ£ŒÈ6«í%ôH»cv`®$©˜ùYÑ0WW¢

View file

@ -1,22 +0,0 @@
{ config, ... }:
{
services.snipe-it = {
enable = true;
appKeyFile = config.age.secrets."snipeit".path;
config = {
APP_LOCALE = "fr-FR";
APP_TIMEZONE = "Europe/Paris";
};
database = {
createLocally = true;
user = "snipeit";
};
user = "snipeit";
group = "snipeit";
hostName = "inventaire.hackens.org";
nginx = {
enableACME = true;
forceSSL = true;
};
};
}

View file

@ -1,31 +0,0 @@
{ pkgs, lib, ... }:
let
sites = [
"/2048"
"/prez"
"/known"
"/pub"
];
in
{
services.nginx.enable = true;
services.nginx.virtualHosts = {
"hackens.org" = {
forceSSL = true;
enableACME = true;
locations = lib.genAttrs sites (name: {
root = "/var/www";
extraConfig = ''
autoindex on;
charset utf-8;
'';
});
};
};
networking.firewall.allowedTCPPorts = [
80
443
];
}

View file

@ -1,40 +0,0 @@
{
pkgs,
lib,
config,
...
}: {
services.thelounge = {
enable = true;
port = 9000;
extraConfig = {
reverseProxy = true;
host = "127.0.0.1";
public = false;
prefetch = true;
fileUpload = {
enable = true;
};
defaults= {
name= "ulminfo";
host= "ulminfo.fr";
port= 3725;
password= "";
tls= true;
rejectUnauthorized= true;
join= "#hackens";
};
};
};
services.nginx.enable = true;
services.nginx.virtualHosts."irc.hackens.org" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:9000";
proxyWebsockets = true;
};
};
networking.firewall.allowedTCPPorts = [80 443];
}

View file

@ -1,94 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
networking.firewall.trustedInterfaces = [ "wg0" ];
systemd.network = {
enable = true;
networks = {
"50-wg0" = {
name = "wg0";
address = [
"10.10.10.1/24"
];
networkConfig = {
IPv4Forwarding = true;
};
routes = [
{
Destination = "10.10.10.0/24";
Scope = "link";
}
];
};
};
netdevs = {
"50-wg0" = {
netdevConfig = {
Name = "wg0";
Kind = "wireguard";
};
wireguardConfig = {
ListenPort = 1194;
PrivateKeyFile = config.age.secrets."wg-key".path;
};
wireguardPeers = [
{
# hackens-desktop
AllowedIPs = [
"10.10.10.3/32"
];
PublicKey = "h4Nf+e4JIjqOMuM5JtLN298BF/fym9fWKGtRZmS5MVA=";
}
{
# hackens-milieu
AllowedIPs = [
"10.10.10.4/32"
];
PublicKey = lib.trim (builtins.readFile ../../wg-keys/hackens-milieu.pub);
}
{
# agb01
AllowedIPs = [
"10.10.10.5/32"
];
PublicKey = lib.trim (builtins.readFile ../../wg-keys/agb01.pub);
}
{
# agb02
AllowedIPs = [
"10.10.10.6/32"
];
PublicKey = lib.trim (builtins.readFile ../../wg-keys/agb02.pub);
}
{
# soyouzpanda
AllowedIPs = [
"10.10.10.11/32"
];
PublicKey = "/xjWqkiyHY93wqo/Apj5SHP8UaXF4mKQRVwylKC2wy8=";
}
{
# sinavir
AllowedIPs = [
"10.10.10.12/32"
];
PublicKey = "kmc3PexCMKm1Tg8WUDbHaOkcWLl8KUh52CtrDOODf0M=";
}
{
# catvayor
AllowedIPs = [
"10.10.10.13/32"
];
PublicKey = "zIHvCSzk5a94jvnXU4iscbp9RUGzbWpARDMRgHNtMl4=";
}
];
};
};
};
networking.firewall.allowedUDPPorts = [ 1194 ];
}

View file

@ -1,11 +0,0 @@
Put pls key in keys.keys
Put pls mac in networking
# How to get an sd image
```
DRV_PATH=$(colmena eval -E "{ nodes, ...}: nodes.rigel.config.system.build.sdImage.drvPath")
nix-store -r $DRV_PATH
```

View file

@ -1,64 +0,0 @@
{
config,
lib,
pkgs,
modulesPath,
...
}:
let
launchpad = pkgs.python3.withPackages (ps: [
(ps.callPackage ./launchpad.nix { lpminimk3 = ps.callPackage ./lpminimk3.nix { }; })
]);
in
{
imports = [
(modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
./bootloader.nix
./networking.nix
./nix-conf.nix
./programs.nix
./ssh.nix
./users.nix
];
nix.settings.substituters = lib.mkForce [ ];
networking.hostName = "rigel"; # Define your hostname.
# Set your time zone.
time.timeZone = "Europe/Paris";
environment.systemPackages = [
launchpad
];
systemd.services.launchpad = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
path = [
launchpad
pkgs.unixtools.ping
];
script = ''
while ! ping -n -w 1 -c 1 10.1.1.2 &> /dev/null
do
echo "waiting eos"
done
sleep 0.1
python -m eos_midi 10.1.1.2
'';
};
environment.shellAliases = {
r = "systemctl restart launchpad.service";
};
fonts.enableDefaultPackages = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "unstable"; # Did you read the comment?
}

View file

@ -1,5 +0,0 @@
{ pkgs, ... }:
{
boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true;
}

View file

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRA2W8T8rnWIn0xnP2LXSmmB92YuQygkLwLK60rpBG+ PLS@DESKTOP-KK74B9P

View file

@ -1,38 +0,0 @@
{
lib,
buildPythonPackage,
fetchgit,
poetry,
lpminimk3,
python-osc,
}:
buildPythonPackage rec {
pname = "kfet-launchpad-controller";
version = "unstable";
pyproject = true;
src = fetchgit {
url = "https://git.soyouzpanda.fr/soyouzpanda/kfet_launchpad_controller.git";
rev = "58f1086ca7a8a9258da7240987bf26c03182b152";
hash = "sha256-c21BbRKK1AK6roIjdEg3zfMThyijRTK5Z87DBBBjoL0=";
};
nativeBuildInputs = [
poetry
];
propagatedBuildInputs = [
lpminimk3
python-osc
];
pythonImportsCheck = [ "eos_midi" ];
meta = with lib; {
description = "";
homepage = "https://git.soyouzpanda.fr/soyouzpanda/kfet_launchpad_controller.git";
license = licenses.mit;
maintainers = with maintainers; [ ];
};
}

View file

@ -1,40 +0,0 @@
{
lib,
buildPythonPackage,
fetchgit,
poetry-core,
lpminimk3,
python-osc,
}:
buildPythonPackage rec {
pname = "kfet-launchpad-controller";
version = "unstable";
pyproject = true;
src = fetchgit {
url = "https://git.soyouzpanda.fr/soyouzpanda/kfet_launchpad_controller";
rev = "6d7df83cfd2f558d4837474ea101f98439a4f8c5";
hash = "sha256-HkaR1+9NxvyRQ3+iP6pq3Wn6QT+qQRFJBvxHNH6qM0k=";
};
patches = [ ./launchpad.patch ];
nativeBuildInputs = [
poetry-core
];
propagatedBuildInputs = [
lpminimk3
python-osc
];
pythonImportsCheck = [ "eos_midi" ];
meta = with lib; {
description = "";
homepage = "https://git.soyouzpanda.fr/soyouzpanda/kfet_launchpad_controller";
license = licenses.mit;
maintainers = with maintainers; [ ];
};
}

View file

@ -1,13 +0,0 @@
diff --git a/pyproject.toml b/pyproject.toml
index dd2e48c..48339c9 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -42,7 +42,7 @@ black = "*"
[build-system]
-requires = ["poetry>=1.7.1"]
+requires = ["poetry-core"]
build-backend = "poetry.core.masonry.api"
[tool.isort]

View file

@ -1,43 +0,0 @@
{
lib,
buildPythonPackage,
fetchFromGitHub,
setuptools,
wheel,
jsonschema,
python-rtmidi,
websockets,
}:
buildPythonPackage rec {
pname = "lpminimk3";
version = "0.6.2";
pyproject = true;
src = fetchFromGitHub {
owner = "obeezzy";
repo = "lpminimk3";
rev = "v${version}";
hash = "sha256-CVjBUKjLOFaIgCpwNIO/PJ55s7nQ0WMRKKqVS3xOI3g=";
};
nativeBuildInputs = [
setuptools
wheel
];
propagatedBuildInputs = [
jsonschema
python-rtmidi
websockets
];
pythonImportsCheck = [ "lpminimk3" ];
meta = with lib; {
description = "Python API for the Launchpad Mini MK3";
homepage = "https://github.com/obeezzy/lpminimk3";
license = licenses.mit;
maintainers = with maintainers; [ ];
};
}

View file

@ -1,47 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
networking.useDHCP = false;
networking.firewall.allowedUDPPorts = [ 67 ];
systemd.network = {
enable = true;
networks = {
"10-uplink" = {
name = "end0";
networkConfig = {
Address = "10.1.1.1/24";
DHCPServer = "yes";
IPMasquerade = "ipv4";
};
dhcpServerConfig = {
PoolOffset = 100;
PoolSize = 20;
UplinkInterface = ":none";
EmitDNS = "no";
EmitNTP = "no";
EmitSIP = "no";
EmitRouter = "no";
};
dhcpServerStaticLeases = [
{
dhcpServerStaticLeaseConfig = {
Address = "10.1.1.2";
MACAddress = "14:b3:1f:06:3c:2e";
};
}
];
};
};
};
networking.nameservers = [
"2620:fe::fe"
"2620:fe::9"
"9.9.9.9"
"149.112.112.112"
];
}

View file

@ -1,21 +0,0 @@
{
lib,
pkgs,
config,
metadata,
nodes,
name,
...
}:
{
nix.settings = {
trusted-users = [
"root"
"@wheel"
];
extra-experimental-features = [
"nix-command"
"flakes"
];
};
}

View file

@ -1,28 +0,0 @@
{
config,
pkgs,
lib,
...
}:
{
environment.systemPackages = with pkgs; [
sqlite-web
dhcpdump
dig
git
htop
jq
nmap
npins
ripgrep
screen
tcpdump
unzip
vim
wireguard-tools
];
programs.mtr.enable = true;
programs.vim.defaultEditor = true;
}

View file

@ -1,5 +0,0 @@
{ ... }:
{
services.openssh.enable = true;
services.openssh.settings.PasswordAuthentication = true;
}

View file

@ -1,12 +0,0 @@
{ ... }:
{
users.mutableUsers = false;
users.users.root = {
openssh.authorizedKeys.keyFiles = [
../../pubkeys/sinavir.keys
../../pubkeys/soyouzpanda.keys
./keys.keys
];
hashedPassword = "$y$j9T$p6Fe9Gm/C4iLIQBYXCjBn.$zLCzaxrsUDd4/2H5eTXqNch.bVJubrpZNOZgAZqbeV/";
};
}

@ -1 +0,0 @@
Subproject commit 5bb68f24b539db1d9591ea320436b9dbdd2dc354

View file

@ -1,52 +0,0 @@
let
sources = import ./npins;
agenix = sources.agenix + "/modules/age.nix";
djangonix = sources.djangonix + "/module.nix";
metadata = {
nodes = {
hackens-milieu = {
deployment = {
targetHost = "10.10.10.4";
allowLocalDeployment = true;
tags = [ "desktop" ];
};
imports = [ agenix ];
};
agb01 = {
deployment = {
targetHost = "10.10.10.5";
};
arch = "aarch64-linux";
imports = [ agenix ];
};
rigel = {
deployment = {
targetHost = "10.1.1.1";
};
arch = "aarch64-linux";
};
hackens-org = {
deployment = {
targetHost = "10.10.10.1"; # todo make something with ens firewall
tags = [ "server" ];
targetPort = 22;
};
imports = [
agenix
djangonix
];
};
agb02 = {
deployment = {
targetHost = "10.10.10.6";
};
arch = "aarch64-linux";
imports = [ agenix ];
};
};
};
in
metadata

View file

@ -1,73 +0,0 @@
# Generated by npins. Do not modify; will be overwritten regularly
let
data = builtins.fromJSON (builtins.readFile ./sources.json);
version = data.version;
mkSource =
spec:
assert spec ? type;
let
path =
if spec.type == "Git" then
mkGitSource spec
else if spec.type == "GitRelease" then
mkGitSource spec
else if spec.type == "PyPi" then
mkPyPiSource spec
else if spec.type == "Channel" then
mkChannelSource spec
else
builtins.throw "Unknown source type ${spec.type}";
in
spec // { outPath = path; };
mkGitSource =
{
repository,
revision,
url ? null,
hash,
...
}:
assert repository ? type;
# At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository
# In the latter case, there we will always be an url to the tarball
if url != null then
(builtins.fetchTarball {
inherit url;
sha256 = hash; # FIXME: check nix version & use SRI hashes
})
else
assert repository.type == "Git";
builtins.fetchGit {
url = repository.url;
rev = revision;
# hash = hash;
};
mkPyPiSource =
{
url,
hash,
...
}:
builtins.fetchurl {
inherit url;
sha256 = hash;
};
mkChannelSource =
{
url,
hash,
...
}:
builtins.fetchTarball {
inherit url;
sha256 = hash;
};
in
if version == 3 then
builtins.mapAttrs (_: mkSource) data.pins
else
throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`"

View file

@ -1,78 +0,0 @@
{
"pins": {
"agenix": {
"type": "Git",
"repository": {
"type": "GitHub",
"owner": "ryantm",
"repo": "agenix"
},
"branch": "main",
"revision": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
"url": "https://github.com/ryantm/agenix/archive/f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41.tar.gz",
"hash": "1x8nd8hvsq6mvzig122vprwigsr3z2skanig65haqswn7z7amsvg"
},
"disko": {
"type": "Git",
"repository": {
"type": "GitHub",
"owner": "nix-community",
"repo": "disko"
},
"branch": "master",
"revision": "6c5ba9ec9d470c1ca29e7735762c9c366e28f7f5",
"url": "https://github.com/nix-community/disko/archive/6c5ba9ec9d470c1ca29e7735762c9c366e28f7f5.tar.gz",
"hash": "0l0qlwv5qxi58crv45xz9rwfz9hbdp99z70j60jri28ic89lfvpd"
},
"djangonix": {
"type": "Git",
"repository": {
"type": "Git",
"url": "https://git.dgnum.eu/mdebray/djangonix.git"
},
"branch": "master",
"revision": "a61afb48e2478c47360a8efea6f835c3b0f5f503",
"url": null,
"hash": "0a0hnkyhvr6am484m7lg46040icbxzydnycaa1a2hclfnpgrxrdk"
},
"dns.nix": {
"type": "GitRelease",
"repository": {
"type": "GitHub",
"owner": "kirelagin",
"repo": "dns.nix"
},
"pre_releases": false,
"version_upper_bound": null,
"release_prefix": null,
"version": "v1.2.0",
"revision": "a3196708a56dee76186a9415c187473b94e6cbae",
"url": "https://api.github.com/repos/kirelagin/dns.nix/tarball/v1.2.0",
"hash": "011b6ahj4qcf7jw009qgbf6k5dvjmgls88khwzgjr9kxlgbypb90"
},
"nixos-unstable": {
"type": "Git",
"repository": {
"type": "GitHub",
"owner": "NixOS",
"repo": "nixpkgs"
},
"branch": "nixos-unstable",
"revision": "06cf0e1da4208d3766d898b7fdab6513366d45b9",
"url": "https://github.com/NixOS/nixpkgs/archive/06cf0e1da4208d3766d898b7fdab6513366d45b9.tar.gz",
"hash": "0l68zz8mn2kvp9wvc6rgw7dns8vkl7w9y6z92blvgn1wnm9ib6ab"
},
"ragb": {
"type": "Git",
"repository": {
"type": "Git",
"url": "https://git.dgnum.eu/HackENS/ragb"
},
"branch": "main",
"revision": "ddfbbe50e385db3ffbf1dd1bf7ffb6102c968bf5",
"url": null,
"hash": "00zz65qc1yzxlff65qv6818bhnqdbjnwcz00w34hiz0597ancdx0"
}
},
"version": 3
}

View file

@ -1,15 +0,0 @@
diff --git a/authens/views.py b/authens/views.py
index 0478861..b1c93e9 100644
--- a/authens/views.py
+++ b/authens/views.py
@@ -138,8 +138,8 @@ class LogoutView(auth_views.LogoutView):
else:
self.cas_connected = False
- def get_next_page(self):
- next_page = super().get_next_page()
+ def get_success_url(self):
+ next_page = super().get_success_url()
if self.cas_connected:
cas_client = get_cas_client(self.request)

View file

@ -1,24 +0,0 @@
{
python-cas,
django,
ldap,
buildPythonPackage,
}:
buildPythonPackage rec {
pname = "authens";
version = "v0.1b5";
doCheck = false;
patches = [
./01-get-success_url.patch
];
src = builtins.fetchGit {
url = "https://git.eleves.ens.fr/klub-dev-ens/authens.git";
#rev = "master";
#sha256 = "sha256-R0Nw212/BOPHfpspT5wzxtji1vxZ/JOuwr00naklWE8=";
};
propagatedBuildInputs = [
django
ldap
python-cas
];
}

View file

@ -1,39 +0,0 @@
{
lib,
buildPythonPackage,
fetchFromGitHub,
setuptools,
wheel,
django,
}:
buildPythonPackage rec {
pname = "django-autoslug";
version = "1.9.9";
pyproject = true;
src = fetchFromGitHub {
owner = "justinmayer";
repo = "django-autoslug";
rev = "v${version}";
hash = "sha256-IRLY4VaKYXVkSgU/zdY+PSmGrcFB2FlE5L7j0FqisRM=";
};
nativeBuildInputs = [
setuptools
wheel
];
propagatedBuildInputs = [ django ];
# Requires DJANGO_SETTINGS_MODULE
# pythonImportsCheck = [ "autoslug" ];
meta = with lib; {
description = "AutoSlugField for Django";
homepage = "https://github.com/justinmayer/django-autoslug/";
changelog = "https://github.com/justinmayer/django-autoslug/blob/${src.rev}/CHANGELOG.rst";
license = licenses.lgpl3Only;
maintainers = with maintainers; [ thubrecht ];
};
}

View file

@ -1,34 +0,0 @@
{
lib,
buildPythonPackage,
fetchFromGitHub,
setuptools,
wheel,
}:
buildPythonPackage rec {
pname = "loadcredential";
version = "1.2";
pyproject = true;
src = fetchFromGitHub {
owner = "Tom-Hubrecht";
repo = "loadcredential";
rev = "v${version}";
hash = "sha256-rNWFD89h1p1jYWLcfzsa/w8nK3bR4aVJsUPx0UtZnIw=";
};
build-system = [
setuptools
wheel
];
pythonImportsCheck = [ "loadcredential" ];
meta = {
description = "A simple python package to read credentials passed through systemd's LoadCredential, with a fallback on env variables ";
homepage = "https://github.com/Tom-Hubrecht/loadcredential";
license = lib.licenses.mit;
maintainers = [ ]; # with lib.maintainers; [ thubrecht ];
};
}

View file

@ -1,42 +0,0 @@
{
lib,
buildPythonPackage,
fetchFromGitHub,
unittestCheckHook,
setuptools,
wheel,
markdown,
}:
buildPythonPackage rec {
pname = "markdown-icons";
version = "3.1";
pyproject = true;
src = fetchFromGitHub {
owner = "Tom-Hubrecht";
repo = "markdown-icons";
rev = "v${version}";
hash = "sha256-EZY/gyyZ5axInBfvsWLrDeTLDD+m18qSpf5XrVKLOaM=";
};
nativeBuildInputs = [
setuptools
wheel
];
nativeCheckInputs = [ unittestCheckHook ];
propagatedBuildInputs = [ markdown ];
pythonImportsCheck = [ "iconfonts" ];
meta = with lib; {
description = "Easily display icon fonts in markdown";
homepage = "https://github.com/MadLittleMods/markdown-icons";
license = licenses.free;
maintainers = with maintainers; [ thubrecht ];
mainProgram = "markdown-icons";
platforms = platforms.all;
};
}

Some files were not shown because too many files have changed in this diff Show more