feat: add Sel's key everywhere

feat(agb01): add Sel's keys
feat(ragb): Commit all the hotfixes
2024-11-13 17:05:04 +01:00 · 2024-11-13 13:53:48 +01:00 · 2024-11-07 20:58:01 +01:00 · 2024-10-22 00:46:43 +02:00 · 2024-10-15 16:53:44 +02:00 · 2024-10-15 13:35:12 +02:00
150 changed files with 3201 additions and 839 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,4 @@
 result
 result-*
 *.swp
 /public.tar.gz
--- a/hive.nix
+++ b/hive.nix
@ -0,0 +1,73 @@
 let
  sources = import ./npins;
  metadata = import ./meta.nix;
  defaultNixpkgs = importNixpkgsPath "x86_64-linux" sources."nixos-unstable";
  inherit (defaultNixpkgs) lib;
  revision =
    node:
    (builtins.fromJSON (builtins.readFile ./npins/sources.json)).pins.${pkgsVersion node}.revision;
  mkNode = node: {
    ${node} =
      {
        name,
        nodes,
        ...
      }:
      {
        imports = [
          ./machines/${node}/_configuration.nix
        ] ++ lib.attrByPath [ "imports" ] [ ] metadata.nodes.${node};
        inherit (metadata.nodes.${node}) deployment;
        nix.nixPath = builtins.map (n: "${n}=${sources.${n}}") (builtins.attrNames sources) ++ [
          "nixpkgs=${mkNixpkgsPath name}"
        ];
        system.nixos.tags = [
          (revision node)
        ];
      };
  };
  pkgsVersion =
    node:
    lib.attrByPath [
      node
      "nixpkgs"
    ] "nixos-unstable" metadata.nodes;
  mkNixpkgsPath = node: sources.${pkgsVersion node};
  mkNixpkgs = node: {
    ${node} = importNixpkgsPath (lib.attrByPath [ "arch" ] "x86_64-linux" metadata.nodes.${node}) (
      mkNixpkgsPath node
    );
  };
  importNixpkgsPath =
    arch: p:
    import p {
      config.allowUnfree = true;
      overlays = import ./pkgs/overlays.nix { inherit sources; };
      system = arch;
    };
  nodes = builtins.attrNames metadata.nodes;
  concatAttrs = builtins.foldl' (x: y: x // y) { };
 in
 {
  meta = {
    specialArgs = {
      inherit sources metadata;
    };
    nixpkgs = defaultNixpkgs;
    nodeNixpkgs = concatAttrs (builtins.map mkNixpkgs nodes);
    specialArgs = {
      lib = lib;
    };
  };
 }
 // (concatAttrs (builtins.map mkNode nodes))
--- a/hosts/hackens-milieu/hardware-configuration.nix
+++ b/hosts/hackens-milieu/hardware-configuration.nix
@ -1,33 +0,0 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, ... }:
 {
  imports =
    [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
    ];
  boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "sd_mod" "sr_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  fileSystems."/" =
    { device = "/dev/disk/by-label/nixos-root";
      fsType = "btrfs";
      options = [ "ssd" "noatime" "ssd_spread" "discard" "space_cache" ];
    };
  fileSystems."/boot" =
    { device = "/dev/disk/by-label/BOOT";
      fsType = "vfat";
    };
  swapDevices =
    [ { device = "/dev/disk/by-label/SWAP"; }
    ];
  nix.maxJobs = lib.mkDefault 4;
  powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
 }
--- a/hosts/hackens-org/2048.nix
+++ b/hosts/hackens-org/2048.nix
@ -1,15 +0,0 @@
 { config, pkgs, ... }:
 {
  services.staticWebsites.sites = {
    "2048" = {
      root = pkgs.fetchFromGitHub {
        owner = "hackEns";
        repo = "2048NdS";
        rev = "1df6db154ca22c380eb52844c7a6a7f888fb5610";
        sha256 = "1y2v637j0g03g4l80ag72pm9kc46f07npir7ddp8i6x15bzygj1a";
      };
      hostname = config.my.subZone;
      location = "/2048";
    };
  };
 }
--- a/hosts/hackens-org/acme-ssl.nix
+++ b/hosts/hackens-org/acme-ssl.nix
@ -1,13 +0,0 @@
 # Issue du club reseau
 { config, ... }:
 let
    my = config.my;
 in
 {
  security.acme.acceptTerms = true;
  security.acme.email = my.email;
  security.acme.server =
    if my.acmeStaging
    then "https://acme-staging-v02.api.letsencrypt.org/directory"
    else null;
 }
--- a/hosts/hackens-org/hackens-my.nix
+++ b/hosts/hackens-org/hackens-my.nix
@ -1,12 +0,0 @@
 # Inspire du club reseau
 { lib, ... }:
 {
  imports = [ ./modules/my.nix ];
  my = {
    email = "hackens@clipper.ens.fr";
    acmeStaging = lib.mkDefault true;
    debug = false;
    subZone = "new.hackens.org";
  };
 }
--- a/hosts/hackens-org/hardware-configuration.nix
+++ b/hosts/hackens-org/hardware-configuration.nix
@ -1,29 +0,0 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/profiles/qemu-guest.nix")
    ];
  boot.initrd.availableKernelModules = [ "uhci_hcd" "ahci" "virtio_pci" "virtio_blk" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  fileSystems."/" =
    { device = "/dev/disk/by-uuid/8deb32c9-ee6a-4de8-94da-239c8ec509a2";
      fsType = "btrfs";
    };
  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/0795-75ED";
      fsType = "vfat";
    };
  swapDevices =
    [ { device = "/dev/disk/by-uuid/bd7c1c01-ce31-4db3-9c06-70716020e24a"; } ];
 }
--- a/hosts/hackens-org/misc/default.nix
+++ b/hosts/hackens-org/misc/default.nix
@ -1,12 +0,0 @@
 { pkgs, ... }:
 {
  imports = [
    # ./static-website.nix
    # ./game2048.nix
    # ./casauth.nix
    # ./nds.nix
    # ./prez.nix
    # ./public.nix
    # ./jarvis.nix
  ];
 }
--- a/hosts/hackens-org/modules/default.nix
+++ b/hosts/hackens-org/modules/default.nix
@ -1,9 +0,0 @@
 { pkgs, ... }:
 {
  imports = [
    ./my.nix
    ./staticWebsites.nix
    ./nginx.nix
    ./webhooks.nix
  ];
 }
--- a/hosts/hackens-org/modules/my.nix
+++ b/hosts/hackens-org/modules/my.nix
@ -1,28 +0,0 @@
 # Inspiré du club réseau
 { config, lib, ... }:
 with lib;
 with types;
 {
  options.my = {
    email = mkOption {
      description = "Admin email";
      type = str;
      default = "";
      example = "hackens@clipper.ens.fr";
    };
    acmeStaging = mkOption {
      description = "Enable staging servers";
      type = bool;
      default = false;
    };
    subZone = mkOption {
      description = "Sub zone for hosting the services";
      type = str;
    };
    debug = mkOption {
      description = "Debug mode";
      type = bool;
      default = false;
    };
  };
 }
--- a/hosts/hackens-org/modules/staticWebsites.nix
+++ b/hosts/hackens-org/modules/staticWebsites.nix
@ -1,64 +0,0 @@
 { lib, config , ... }:
 with lib;
 let
  eachSite = config.services.staticWebsites.sites;
  website = { name, ... }: {
    options = {
      root = mkOption {
        type = types.path;
        default = "/var/lib/nginx/static/${name}";
        description = "Static files path for the website";
      };
      hostname = mkOption {
        type = types.str;
        default = name;
        description = "Website hostname";
      };
      location = mkOption {
        type = types.nullOr types.str;
        default = null;
        description = "Add a location rule if not null";
      };
    };
  };
 in
 {
  options.services.staticWebsites = {
    sites = mkOption {
      type = types.attrsOf (types.submodule website);
      description = "Specification of one or more static websites to serve";
    };
    debug = mkOption {
      type = types.bool;
      default = false;
    };
  };
  config = mkIf (eachSite != {}) {
    services.nginx = {
      enable = true;
      virtualHosts = mapAttrs' ( hostname: conf: {
        name = conf.hostname;
        value = (mkMerge [
          {
            serverName = conf.hostname;
            forceSSL = if config.services.staticWebsites.debug then false else true;
            enableACME = if config.services.staticWebsites.debug then false else true;
          }
          (mkIf (conf.location == null) {
            root = conf.root;
          })
          (mkIf (conf.location != null) {
            locations = {
              "${conf.location}/" = {
                alias = "${conf.root}/";
              };
            };
          })
          ]);
        }) eachSite;
    };
  };
 }
--- a/hosts/hackens-org/modules/webhooks.nix
+++ b/hosts/hackens-org/modules/webhooks.nix
@ -1,56 +0,0 @@
 { pkgs, config, lib, ... }:
 with lib;
 let
  json = pkgs.formats.json {};
  cfg = config.services.webhooks;
 in
 {
  options.services.webhooks = {
    enable = mkEnableOption "Set up webhooks";
    package = mkOption {
      type = types.package;
      default = pkgs.webhook;
      description = "`webhook` package to use";
    };
    hostname = mkOption {
      type = types.str;
      description = "The vhost on which webhook will listen";
    };
    endpoint = mkOption {
      type = types.str;
      default = "hooks";
      description = "The endpoint of the webhooks";
    };
    hooks = mkOption {
      type = json.type;
      description = "Configuration for this webhook, check <link xlink:href="https://github.com/adnanh/webhook/blob/master/docs/Hook-Definition.md"/> for supported values";
    };
    internalPort = mkOption {
      type = types.int;
      default = 9000;
      description = "The local port used to (proxy)pass requests from nginx to webhook";
    };
    debug = mkOption {
      type = types.bool;
      default = false;
    };
  };
  config = mkIf cfg.enable {
    services.nginx = {
      enable = true;
      virtualHosts."${cfg.hostname}" = {
        locations."${cfg.endpoint}".proxyPass = "http://127.0.0.1:${toString cfg.internalPort}/hooks";
        enableACME = if cfg.debug then false else true;
      };
    };
    systemd.services.webhook = {
      enable = true;
      unitConfig = {
        Description = "Small server for creating HTTP hooks";
        Documentation = "https://github.com/adnanh/webhook/";
      };
      script = "${cfg.package}/bin/webhook -nopanic -ip \"127.0.0.1\" -port \"${toString cfg.internalPort}\" -verbose -hooks ${json.generate "conf.json" cfg.hooks}";
      wantedBy = [ "mulit-user.target" ];
    };
  };
 }
--- a/hosts/hackens-org/physical.nix
+++ b/hosts/hackens-org/physical.nix
@ -1,15 +0,0 @@
 { pkgs, ... }:
 {
  # Use the GRUB 2 boot loader.
  boot.loader.grub.enable = true;
  boot.loader.grub.version = 2;
  boot.loader.grub.device = "/dev/vdb"; # or "nodev" for efi only
  time.timeZone = "Europe/Paris";
  networking.useDHCP = false;
  networking.interfaces.eth0 = {
    ipv4.addresses = [ { address = "129.199.129.76"; prefixLength = 24; } ];
  };
  networking.defaultGateway = { address = "129.199.129.1"; interface = "eth0"; };
 }
--- a/hosts/hackens-org/test-static.nix
+++ b/hosts/hackens-org/test-static.nix
@ -1,7 +0,0 @@
 { config, pkgs, ... }:
 {
  services.staticWebsites.sites.test = {
    hostname = "test.${config.my.subZone}";
    root = pkgs.writeTextDir "index.html" "Hello world!";
  };
 }
--- a/hosts/hackens-org/test-webhook.nix
+++ b/hosts/hackens-org/test-webhook.nix
@ -1,17 +0,0 @@
 { config, pkgs, ... }:
 {
  services.webhooks = {
    enable = true;
    hostname = "test-webhook.${config.my.subZone}";
    hooks = [
      {
        id = "testhook";
        execute-command = pkgs.writeScript "echo.sh" ''
          #!/bin/sh
          echo "Bonjour"
          '';
        response-message = "Test hook sucess";
      }
    ];
  };
 }
--- a/hosts/hackens-org/wiki.nix
+++ b/hosts/hackens-org/wiki.nix
@ -1,63 +0,0 @@
 { pkgs, config, ... }:
 {
  networking.firewall.allowedTCPPorts = [ 80 443 ];
  # TODO: move to hackens.org
  services.dokuwiki.sites."${config.my.subZone}" = {
    enable = true;
    extraConfig = ''
      $conf['title'] = 'hackEns';
      $conf['start'] = 'accueil';
      $conf['lang'] = 'fr';
      $conf['template'] = 'bootstrap3';
      $conf['license'] = 'cc-by-sa';
      $conf['breadcrumbs'] = 0; # On s'en fiche de l'historique des pages visitées
      $conf['youarehere'] = true; # Par contre on veut notre position dans la hiérarchie du site
      # On veut que les liens externes s'ouvrent dans de nouveaux onglets
      $conf['target'] = array(
        'extern' => '_tab'
      );
      $conf['htmlok'] = 1; # On peut mettre du html dans les pages
      $conf['sitemap'] = 7;
      $conf['rss_type'] = 'rss2';
      $conf['userewrite'] = 1; # Important, sinon on casse tout avec les règles nginx définies par le module nixos
      $conf['useslash'] = 1;
      $conf['plugin']['tokenbucketauth']['tba_send_mail'] = 'hackens@clipper.ens.fr'; # Ban auto des IPs qui brute-forcent
      $conf['htmlmail'] = 0; # On envoie les mails en plain text
      $conf['useacl'] = 1; # On ne veut pas que n'importe qui écrive
    '';
    pluginsConfig = ''
      $plugins['authmysql'] = 0;
      $plugins['popularity'] = 0;
      $plugins['authpgsql'] = 0;
      $plugins['authpdo'] = 0;
      $plugins['authldap'] = 0;
    '';
    disableActions = "register";
    superUser = "@admin";
    acl = ''
      *	@ALL	1
      *	@users  8
    '';
    # Il faut packager les templates
    templates = let
      template-bootstrap3 = pkgs.stdenv.mkDerivation {
        name = "bootstrap3";
        # Download the theme from the dokuwiki site
        src = pkgs.fetchurl {
          url = "https://github.com/giterlizzi/dokuwiki-template-bootstrap3/archive/v2019-05-22.zip";
          sha256 = "4de5ff31d54dd61bbccaf092c9e74c1af3a4c53e07aa59f60457a8f00cfb23a6";
        };
        # We need unzip to build this package
        buildInputs = [ pkgs.unzip ];
        # Installing simply means copying all files to the output directory
        installPhase = "mkdir -p $out; cp -R * $out/";
      };
    # And then pass this theme to the template list like this:
    in [ template-bootstrap3 ];
  };
 }
--- a/machines/agb01/_configuration.nix
+++ b/machines/agb01/_configuration.nix
@ -0,0 +1,54 @@
 {
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }:
  {
  imports = [
    (modulesPath + "/installer/sd-card/sd-image-aarch64.nix") # this holds the hardware-config
    ./bootloader.nix
    ./secrets
    ./networking.nix
    ./users.nix
  ];
  nix.settings.substituters = lib.mkForce [];
  networking.hostName = "agb01"; # Define your hostname.
  environment.systemPackages = [
    (pkgs.writeShellApplication {
      name = "run-gw";
      runtimeInputs = [
        pkgs.curl
        (pkgs.python3.withPackages (ps: [
          ps.pyjecteur
          ps.colour
          ps.requests
        ]))
      ];
      text = "curl -s -n https://agb.hackens.org/api/sse | python ${./script.py}";
    })
  ];
  services.openssh.enable = true;
  programs.mosh = {
    enable = true;
    openFirewall = true;
  };
  # Set your time zone.
  time.timeZone = "Europe/Paris";
  fonts.enableDefaultPackages = true;
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "unstable"; # Did you read the comment?
 }
--- a/machines/agb01/bootloader.nix
+++ b/machines/agb01/bootloader.nix
@ -0,0 +1,4 @@
 {pkgs, ...}: {
  boot.loader.grub.enable = false;
  boot.loader.generic-extlinux-compatible.enable = true;
 }
--- a/machines/agb01/networking.nix
+++ b/machines/agb01/networking.nix
@ -0,0 +1,98 @@
 {
  config,
  lib,
  pkgs,
  ...
 }: {
  boot.kernel.sysctl."net.ipv4.ip_forward" = true;
  systemd.network = {
    enable = true;
    wait-online.anyInterface = true;
    networks = {
      "10-uplink" = {
        name = "enu1u1";
        DHCP = "yes";
      };
      "50-wg0" = {
        name = "wg0";
        address = [
          "10.10.10.5/24"
        ];
      };
      "10-wifi" = {
        name = "wlan0";
        networkConfig.DHCPServer = "yes";
        address = [
          "192.168.55.1/24"
        ];
      };
    };
    netdevs = {
      "50-wg0" = {
        netdevConfig = {
          Name = "wg0";
          Kind = "wireguard";
        };
        wireguardConfig.PrivateKeyFile = config.age.secrets."wg".path;
        wireguardPeers = [
          {
            AllowedIPs = [
              "10.10.10.0/24"
            ];
            PublicKey = lib.trim (builtins.readFile ../../wg-keys/hackens-org.pub);
            Endpoint = "129.199.129.76:1194";
            PersistentKeepalive = 5;
          }
        ];
      };
    };
  };
  networking = {
    useDHCP = false;
    nameservers = [
      "2620:fe::fe"
      "2620:fe::9"
      "9.9.9.9"
      "149.112.112.112"
    ];
    nftables = {
      enable = true;
      tables.nat = {
        family = "ip";
        content = ''
          chain postrouting {
            type nat hook postrouting priority 100;
            ip saddr 192.168.55.0/24 masquerade
          }
        '';
      };
    };
    firewall.allowedUDPPorts = [ 67 ];
  };
  services.hostapd = {
    enable = true;
    radios.wlan0 = {
      # countryCode = "FR";
      wifi4.enable = false;
      wifi5.enable = false;
      channel = 7; # ACS doesn't work
      networks.wlan0 = {
        settings = {
          ieee80211w = 0;
          wmm_enabled = false;
        };
        ssid = "agb - wifi";
        logLevel = 0;
        authentication = {
          mode = "wpa2-sha1";
          wpaPasswordFile = pkgs.writeText "psk" "azertyuiop"; # TODO : secret
        };
      };
    };
  };
 }
--- a/machines/agb01/script.py
+++ b/machines/agb01/script.py
@ -0,0 +1,105 @@
 #!/nix/store/q1p072dnnx7fh7qfcavkmpwn3rgf2xh1-python3-3.12.5-env/bin/python
 import json
 import logging
 import sys
 import requests
 from colour import Color
 from pyjecteur.fixtures import Blinder, LedBar48Ch, Tradi, Wash, Lyre
 from pyjecteur.lights import Universe
 from pyjecteur.widget import Widget
 if False:  # True:  # True:
    logging.basicConfig(level=logging.DEBUG)
 else:
    logging.basicConfig(level=logging.INFO)
 w = Widget("/dev/ttyUSB0")
 DIM = {
    "blinder": 0.1,
    "led_tub": 0.3,
    "spot": 0.3,
 }
 u = Universe(w)
 def strToProj(s):
    match s:
        case "spot":
            return Tradi()
        case "led_tub":
            return LedBar48Ch()
        case "blinder":
            return LedBar48Ch()
 r = requests.get("https://agb.hackens.org/api-docs/patch.json")
 patch = r.json()
 lights = {}
 update = {}
 current_addr = 0
 for k, v in patch["lights"].items():
    lights[k] = strToProj(v["kind"])
    u.register(lights[k], v["channels"][0]*3)
    print(v["kind"], v["channels"])
    # update dmx since some params are set before
    lights[k].update_dmx()
    logging.info(
        f"Light {k} of kind {v['kind']} is at DMX{v['channels'][0]*3+1} (PLS convention)"
    )
    for i, chan in enumerate(v["channels"]):
        update[chan] = (k, i)  # put the light name
    current_addr += lights[k].address_size
 l = Lyre()
 u.register(l, 489)
 def update_light(address, red, green, blue):
    if address not in update:
        return
    light, chan = update[address]
    kind = patch["lights"][light]["kind"]
    r, g, b = red * DIM[kind] / 255, (green * DIM[kind]) / 255, (blue * DIM[kind]) / 255
    match kind:
        case "blinder":
            lights[light].colors[chan] = Color(rgb=(r, g, b))
        case "led_tub":
            lights[light].colors[chan] = Color(rgb=(r, g, b))
        case "spot":
            lights[light].color = Color(rgb=(r, g, b))
 def run():
    logging.info("Started")
    bump = False
    bump_color = None
    for line in sys.stdin:
        logging.debug(line)
        if line.startswith("data:"):
            dataStr = line[5:]
            logging.info(f"Received: {dataStr}")
            data = json.loads(dataStr)
            if data["type"] == "Color":
                if data["address"] == 90:
                    r, g, b = data["value"]["red"] /255, data["value"]["green"] /255, data["value"]["blue"] /255
                    w.color = Color(rgb = (r, g, b))
                else:
                    update_light(data["address"], **data["value"])
            else:
                l.pan = data["pan"]
                l.tilt = data["tilt"]
                l.dimmer = data["focus"]
                l.color = data["white_button"] *7 + 3
 run()
--- a/machines/agb01/secrets/default.nix
+++ b/machines/agb01/secrets/default.nix
@ -0,0 +1,11 @@
 {
  pkgs,
  config,
  lib,
  ...
 }: {
  age.secrets."wg" = {
    file = ./wg.age;
    owner = "systemd-network";
  };
 }
--- a/machines/agb01/secrets/secrets.nix
+++ b/machines/agb01/secrets/secrets.nix
@ -0,0 +1,9 @@
 let
  lib = (import <nixpkgs> {}).lib;
  readPubkeys = user:
    builtins.filter (k: k != "") (lib.splitString "\n"
      (builtins.readFile (../../../pubkeys + "/${user}.keys")));
 in {
  "wg.age".publicKeys = (readPubkeys "catvayor") ++ (readPubkeys "sinavir") ++ (readPubkeys "agb01");
 }
--- a/machines/agb01/secrets/wg.age
+++ b/machines/agb01/secrets/wg.age
@ -0,0 +1,11 @@
 age-encryption.org/v1
 -> ssh-ed25519 5rrg4g Q11014nLdGOukZJV5enI4qoAqDrysWAxYtRN7VTSnTA
 oEK2C8A28KrNh4WNcGGQNB9/3ADNHgGxTzOegL49TT8
 -> ssh-ed25519 JGx7Ng NH6IB+2tB8fyvE81GF7p8SflY7HH2R3uvx9xC/5HFyQ
 4x0x1L0wv6+k04ESLIy+qY/RhVCWtOeyETo1FkAK+8A
 -> ssh-ed25519 kXobKQ 7J0f+l8+/mNQ7q8nW0jcg2LqGDARN1K63IJttdQ7JQw
 SfFDS4HgjYkp+vGmCwy0c5GIqqWcc4m7mRVQmcsW/pM
 -> ssh-ed25519 OZDL4Q M3Lztf8lPH4G7a+QPMY32u3UyhcHMoC08ZRV5UE6Gmo
 Kc7116r+3+xa2qRSe22lctbTd/a133tVZzLkWt0XI6k
 --- lsOrVi/OJ6AxtmEbB67VKvlFlDnt+sdv1TucqWqGk2w
 ‚õnDÜg4Ü²¯*ßM<C39F>!ÙY¿™‘hA<68>š6‡IÝbFgö{3¢*7d¤¤¦A¬:¼×Èª á“±½}ÀˆÝ+lu·¨9Þê
--- a/machines/agb01/users.nix
+++ b/machines/agb01/users.nix
@ -0,0 +1,14 @@
 { ... }:
 {
  users = {
    mutableUsers = false;
    users = {
      root.openssh.authorizedKeys.keyFiles = [
        ../../pubkeys/sinavir.keys
        ../../pubkeys/catvayor.keys
        ../../pubkeys/soyouzpanda.keys
        ../../pubkeys/sel.keys
      ];
    };
  };
 }
--- a/machines/agb02/_configuration.nix
+++ b/machines/agb02/_configuration.nix
@ -0,0 +1,38 @@
 { config, pkgs, lib, modulesPath, ... }:
 let
  agb-control-box = pkgs.callPackage ./agb { };
 in
 {
  imports = [
    "${modulesPath}/installer/sd-card/sd-image-aarch64.nix"
    ./secrets
    ./networking.nix
    ./users.nix
  ];
  sdImage.compressImage = false;
  services = {
    getty.autologinUser = "root";
    openssh.enable = true;
  };
  networking.hostName = "agb02";
  networking.networkmanager.enable = true;
  environment.systemPackages = [
    agb-control-box
    pkgs.libgpiod
  ];
  systemd.services."agb-control-box" = {
    wantedBy = [ "multi-user.target" ];
    wants = [ "network-online.target" ];
    after = [ "network-online.target" ];
    unitConfig.Description = "The program of the control-box";
    serviceConfig = {
      Restart = "always";
      ExecStart = "${agb-control-box}/bin/agb /dev/gpiochip0";
    };
  };
  system.stateVersion = "24.11";
 }
--- a/machines/agb02/agb/agb.cpp
+++ b/machines/agb02/agb/agb.cpp
@ -0,0 +1,214 @@
 #include <sys/socket.h>
 #include <sys/types.h>
 #include <arpa/inet.h>
 #include <gpiod.hpp>
 #include <iostream>
 #include <fstream>
 #include <thread>
 using namespace std::literals::chrono_literals;
 constexpr std::chrono::microseconds debounce = 40ms;
 constexpr std::chrono::microseconds poll_period = 5ms;
 constexpr std::chrono::microseconds autorepeat_delay = 70ms;
 constexpr std::chrono::microseconds server_ratelimit = 50ms;
 constexpr std::chrono::microseconds retry_timeout = 500ms;
 constexpr double joystick_movement = 0.2;
 const gpiod::line::offsets drive_down = { 21, 13, 6 };
 const gpiod::line::offsets decoder = { 3, 4, 17, 27, 24, 23, 18, 2 }; // lsbf
 const gpiod::line::offsets joystick = { 19, 26, 5, 0 }; // x+, y+, x-, y-
 const gpiod::line::offset black_button = 20;
 const gpiod::line::offset white_button = 16;
 const gpiod::line_settings input_settings =
  gpiod::line_settings()
    .set_direction(gpiod::line::direction::INPUT)
    .set_bias(gpiod::line::bias::PULL_UP)
    .set_active_low(false)
    .set_debounce_period(debounce);
 constexpr std::array<uint8_t, 256> decoder_table =
  #include "decoder_table.inl"
 uint8_t read_decoder_realpos(gpiod::line_request& line_reader){
  static gpiod::line::values decoder_read(8);
  line_reader.get_values(decoder, decoder_read);
  uint8_t graycode = 0;
  for(uint8_t i = 0; i < 8; ++i) graycode |= uint8_t(decoder_read[i]) << i;
  return decoder_table[graycode];
 };
 inline void clamp_decoder(uint8_t& decoder, int move){
  decoder = uint8_t(std::clamp(decoder + move, 0, 255));
 }
 int main(const int argc, char const* const* const argv) {
  if(argc < 2) {
    std::cerr << "usage: agb gpiodevice" << std::endl;
    return 1;
  }
  /// init gpio chip ///
  gpiod::chip chip(argv[1]);
  gpiod::line_request line_reader =
    chip.prepare_request()
      .set_consumer("AGB")
      .add_line_settings(drive_down,
        gpiod::line_settings()
          .set_direction(gpiod::line::direction::OUTPUT)
          .set_drive(gpiod::line::drive::OPEN_DRAIN)
          .set_output_value(gpiod::line::value::INACTIVE)
      )
      .add_line_settings({ black_button, white_button }, input_settings)
      .add_line_settings(joystick,
          gpiod::line_settings(input_settings)
            .set_active_low(true))
      .add_line_settings(decoder,
          gpiod::line_settings(input_settings)
            .set_debounce_period(0ms))
      .do_request();
  // let the settings apply
  std::this_thread::sleep_for(poll_period);
  /// internal state and buffers ///
  std::chrono::time_point now = std::chrono::system_clock::now();
  gpiod::line::values joystick_read(4);
  gpiod::line::values joystick_last_read(4);
  line_reader.get_values(joystick, joystick_read);
  std::vector<std::chrono::time_point<std::chrono::system_clock>> rising_point = { now, now, now, now };
  std::pair<double, double> spot_pos(0.0, 0.0); //TODO: init from server
  auto joystick_move = [&](int i) -> double {
    if (! bool(joystick_read[i]))
      return 0.0;
    else if (bool(joystick_last_read[i])){
      if (now - rising_point[i] < autorepeat_delay)
        return 0.0;
      else
        return joystick_movement;
    } else {
      rising_point[i] = now;
      return 1.0;
    }
  };
  uint8_t decoder_pos = 0; //TODO: init from server
  uint8_t decoder_realpos = read_decoder_realpos(line_reader);
  uint8_t white_state = 0;
  bool white_pressed = false;
  bool black_pressed = false;
  bool has_changed = true;
  std::chrono::time_point last_send = now;
  std::string postData;
  /// init server communication ///
  int socket_file_desc;
 connection:
  socket_file_desc = socket(AF_INET, SOCK_STREAM, 0);
  {
    sockaddr_in socket_addr = {
      .sin_family = AF_INET,
      .sin_port = htons(1235),
      .sin_addr = { .s_addr = inet_addr("10.10.10.1") }
    };
    while (connect(socket_file_desc,
                   reinterpret_cast<const sockaddr*>(&socket_addr),
                   sizeof(socket_addr)) < 0) {
      std::cerr << "Failed to open tcp socket, retrying..." << std::endl;
      std::this_thread::sleep_for(retry_timeout);
    }
    std::cout << "Connected." << std::endl;
  }
  for(;;){
    std::this_thread::sleep_for(poll_period);
    now = std::chrono::system_clock::now();
    /// joystick ///
    std::swap(joystick_read, joystick_last_read);
    line_reader.get_values(joystick, joystick_read);
    spot_pos.first  += joystick_move(0);
    spot_pos.second += joystick_move(1);
    spot_pos.first  -= joystick_move(2);
    spot_pos.second -= joystick_move(3);
    if (bool(joystick_read[0]) || bool(joystick_read[1])
        || bool(joystick_read[2]) || bool(joystick_read[3])){
      spot_pos.first = std::clamp(spot_pos.first, 0.0, 255.0);
      spot_pos.second = std::clamp(spot_pos.second, 0.0, 255.0);
      has_changed = true;
    }
    /// Buttons ///
    bool pressed = bool(line_reader.get_value(black_button));
    if(pressed ^ black_pressed)
      has_changed = true;
    black_pressed = pressed;
    pressed = bool(line_reader.get_value(white_button));
    if(pressed && !white_pressed){
      has_changed = true;
      white_state = (white_state + 1)%9;
    }
    white_pressed = pressed;
    /// decoder ///
    uint8_t new_realpos = read_decoder_realpos(line_reader);
    uint8_t seen_travel = std::abs(int(new_realpos) - int(decoder_realpos));
    // CCW
    if(seen_travel < 50 && new_realpos < decoder_realpos)
      clamp_decoder(decoder_pos, -seen_travel);
    if(seen_travel >= 50 && new_realpos > decoder_realpos)
      clamp_decoder(decoder_pos, seen_travel - 128);
    // CW
    if(seen_travel < 50 && new_realpos > decoder_realpos)
      clamp_decoder(decoder_pos, seen_travel);
    if(seen_travel >= 50 && new_realpos < decoder_realpos)
      clamp_decoder(decoder_pos, 128 - seen_travel);
    decoder_realpos = new_realpos;
    if(seen_travel)
      has_changed = true;
    /// server notification
    if(has_changed && (now - last_send > server_ratelimit)){
      postData.clear();
      std::format_to(std::back_inserter(postData), "{{"
          "\"pan\": {},"
          "\"tilt\": {},"
          "\"focus\": {},"
          "\"white_button\": {},"
          "\"black_button\": {}"
        "}}\n",
        uint8_t(spot_pos.first),
        uint8_t(spot_pos.second),
        int(decoder_pos),
        white_state,
        black_pressed
      );
      int wrote = write(socket_file_desc, postData.data(), postData.size());
      if(wrote < postData.size()){
        std::cerr << "Failed to send data, reconnecting..." << std::endl;
        close(socket_file_desc);
        std::this_thread::sleep_for(retry_timeout);
        goto connection;
      } else {
        has_changed = false;
        last_send = now;
      }
    }
  }
 }
--- a/machines/agb02/agb/decoder_table.inl
+++ b/machines/agb02/agb/decoder_table.inl
@ -0,0 +1,132 @@
 []() {
  std::array<uint8_t, 256> table;
 	table[127] = 0;
 	table[63] = 1;
 	table[62] = 2;
 	table[58] = 3;
 	table[56] = 4;
 	table[184] = 5;
 	table[152] = 6;
 	table[24] = 7;
 	table[8] = 8;
 	table[72] = 9;
 	table[73] = 10;
 	table[77] = 11;
 	table[79] = 12;
 	table[15] = 13;
 	table[47] = 14;
 	table[175] = 15;
 	table[191] = 16;
 	table[159] = 17;
 	table[31] = 18;
 	table[29] = 19;
 	table[28] = 20;
 	table[92] = 21;
 	table[76] = 22;
 	table[12] = 23;
 	table[4] = 24;
 	table[36] = 25;
 	table[164] = 26;
 	table[166] = 27;
 	table[167] = 28;
 	table[135] = 29;
 	table[151] = 30;
 	table[215] = 31;
 	table[223] = 32;
 	table[207] = 33;
 	table[143] = 34;
 	table[142] = 35;
 	table[14] = 36;
 	table[46] = 37;
 	table[38] = 38;
 	table[6] = 39;
 	table[2] = 40;
 	table[18] = 41;
 	table[82] = 42;
 	table[83] = 43;
 	table[211] = 44;
 	table[195] = 45;
 	table[203] = 46;
 	table[235] = 47;
 	table[239] = 48;
 	table[231] = 49;
 	table[199] = 50;
 	table[71] = 51;
 	table[7] = 52;
 	table[23] = 53;
 	table[19] = 54;
 	table[3] = 55;
 	table[1] = 56;
 	table[9] = 57;
 	table[41] = 58;
 	table[169] = 59;
 	table[233] = 60;
 	table[225] = 61;
 	table[229] = 62;
 	table[245] = 63;
 	table[247] = 64;
 	table[243] = 65;
 	table[227] = 66;
 	table[163] = 67;
 	table[131] = 68;
 	table[139] = 69;
 	table[137] = 70;
 	table[129] = 71;
 	table[128] = 72;
 	table[132] = 73;
 	table[148] = 74;
 	table[212] = 75;
 	table[244] = 76;
 	table[240] = 77;
 	table[242] = 78;
 	table[250] = 79;
 	table[251] = 80;
 	table[249] = 81;
 	table[241] = 82;
 	table[209] = 83;
 	table[193] = 84;
 	table[197] = 85;
 	table[196] = 86;
 	table[192] = 87;
 	table[64] = 88;
 	table[66] = 89;
 	table[74] = 90;
 	table[106] = 91;
 	table[122] = 92;
 	table[120] = 93;
 	table[121] = 94;
 	table[125] = 95;
 	table[253] = 96;
 	table[252] = 97;
 	table[248] = 98;
 	table[232] = 99;
 	table[224] = 100;
 	table[226] = 101;
 	table[98] = 102;
 	table[96] = 103;
 	table[32] = 104;
 	table[33] = 105;
 	table[37] = 106;
 	table[53] = 107;
 	table[61] = 108;
 	table[60] = 109;
 	table[188] = 110;
 	table[190] = 111;
 	table[254] = 112;
 	table[126] = 113;
 	table[124] = 114;
 	table[116] = 115;
 	table[112] = 116;
 	table[113] = 117;
 	table[49] = 118;
 	table[48] = 119;
 	table[16] = 120;
 	table[144] = 121;
 	table[146] = 122;
 	table[154] = 123;
 	table[158] = 124;
 	table[30] = 125;
 	table[94] = 126;
 	table[95] = 127;
  return table;
 } ();
--- a/machines/agb02/agb/default.nix
+++ b/machines/agb02/agb/default.nix
@ -0,0 +1,15 @@
 { stdenv, libgpiod }:
 stdenv.mkDerivation rec {
  pname = "agb";
  version = "oct-24";
  src = ./.;
  buildPhase = ''
    g++ --std=c++23 agb.cpp -o agb \
      -L${libgpiod}/lib -lgpiodcxx -I${libgpiod}/include \
  '';
  installPhase = ''
    mkdir -p $out/bin
    cp agb $out/bin
  '';
 }
--- a/machines/agb02/networking.nix
+++ b/machines/agb02/networking.nix
@ -0,0 +1,47 @@
 {
  config,
  lib,
  pkgs,
  ...
 }: {
  systemd.network = {
    enable = true;
    networks = {
      "50-wg0" = {
        name = "wg0";
        address = [
          "10.10.10.6/24"
        ];
      };
    };
    netdevs = {
      "50-wg0" = {
        netdevConfig = {
          Name = "wg0";
          Kind = "wireguard";
        };
        wireguardConfig.PrivateKeyFile = config.age.secrets."wg".path;
        wireguardPeers = [
          {
            AllowedIPs = [
              "10.10.10.0/24"
            ];
            PublicKey = lib.trim (builtins.readFile ../../wg-keys/hackens-org.pub);
            Endpoint = "129.199.129.76:1194";
            PersistentKeepalive = 5;
          }
        ];
      };
    };
  };
  networking = {
    nameservers = [
      "2620:fe::fe"
      "2620:fe::9"
      "9.9.9.9"
      "149.112.112.112"
    ];
  };
 }
--- a/machines/agb02/secrets/default.nix
+++ b/machines/agb02/secrets/default.nix
@ -0,0 +1,11 @@
 {
  pkgs,
  config,
  lib,
  ...
 }: {
  age.secrets."wg" = {
    file = ./wg.age;
    owner = "systemd-network";
  };
 }
--- a/machines/agb02/secrets/secrets.nix
+++ b/machines/agb02/secrets/secrets.nix
@ -0,0 +1,8 @@
 let
  lib = (import <nixpkgs> {}).lib;
  readPubkeys = user:
    builtins.filter (k: k != "") (lib.splitString "\n"
      (builtins.readFile (../../../pubkeys + "/${user}.keys")));
 in {
  "wg.age".publicKeys = (readPubkeys "catvayor") ++ (readPubkeys "sinavir") ++ (readPubkeys "agb02");
 }
--- a/machines/agb02/secrets/wg.age
+++ b/machines/agb02/secrets/wg.age
--- a/machines/agb02/users.nix
+++ b/machines/agb02/users.nix
@ -0,0 +1,14 @@
 { ... }:
 {
  users = {
    mutableUsers = false;
    users = {
      root.openssh.authorizedKeys.keyFiles = [
        ../../pubkeys/sinavir.keys
        ../../pubkeys/catvayor.keys
        ../../pubkeys/soyouzpanda.keys
        ../../pubkeys/sel.keys
      ];
    };
  };
 }
--- a/machines/hackens-milieu/_configuration.nix
+++ b/machines/hackens-milieu/_configuration.nix
@ -5,24 +5,32 @@
 { config, pkgs, ... }:
 {
-  imports =
+  imports = [
-    [ # Include the results of the hardware scan.
+    # Include the results of the hardware scan.
-      ./hardware-configuration.nix
+    ./hardware-configuration.nix
-      ../../profiles/hackens
+    ./aarch64.nix
-    ];
+    ./audio.nix
    ./dns
    ./gnome.nix
    ./i18n.nix
    ./no-sleep.nix
    ./programs.nix
    ./system.nix
    ./users.nix
    ./vim.nix
    ./pixiecore
    ./networking.nix
    ./secrets
  ];
-  # Use the GRUB 2 boot loader.
+  boot.loader.efi.canTouchEfiVariables = true;
-  boot.loader.grub.enable = true;
+  boot.loader.systemd-boot = {
-  boot.loader.grub.version = 2;
+    enable = true;
-  boot.loader.grub.efiSupport = true;
+  };
  boot.loader.grub.efiInstallAsRemovable = true;
  boot.loader.efi.efiSysMountPoint = "/boot";
  boot.loader.grub.device = "nodev"; # or "nodev" for efi only
  boot.loader.grub.configurationLimit = 2;
  networking.hostName = "hackens-milieu"; # Define your hostname.
  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
  # Per-interface useDHCP will be mandatory in the future, so this generated config
  # replicates the default behaviour.
@ -37,4 +45,3 @@
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "20.09"; # Did you read the comment?
 }
--- a/machines/hackens-milieu/aarch64.nix
+++ b/machines/hackens-milieu/aarch64.nix
--- a/machines/hackens-milieu/audio.nix
+++ b/machines/hackens-milieu/audio.nix
@ -0,0 +1,5 @@
 { pkgs, ... }:
 {
  # Enable sound.
 #  hardware.pulseaudio.enable = true;
 }
--- a/machines/hackens-milieu/default.nix
+++ b/machines/hackens-milieu/default.nix
@ -0,0 +1,6 @@
 { pkgs, ... }:
 {
  imports =
    [
    ];
 }
--- a/machines/hackens-milieu/dns/default.nix
+++ b/machines/hackens-milieu/dns/default.nix
@ -6,7 +6,10 @@ let
 in
 {
  networking = {
-    nameservers = [ "127.0.0.1" "::1" ];
+    nameservers = [
      "127.0.0.1"
      "::1"
    ];
  };
  services.dnscrypt-proxy2 = {
@ -15,11 +18,15 @@ in
      ipv6_servers = true;
      require_dnssec = true;
-      forwarding_rules = ./dns/forwarding.txt;
+      forwarding_rules = ./forwarding.txt;
-      query_log = if debugDNS then {
+      query_log =
-        file = "/dev/stdout";
+        if debugDNS then
-      } else {};
+          {
            file = "/dev/stdout";
          }
        else
          { };
      sources.public-resolvers = {
        urls = [
--- a/machines/hackens-milieu/dns/forwarding.txt
+++ b/machines/hackens-milieu/dns/forwarding.txt
--- a/machines/hackens-milieu/gnome.nix
+++ b/machines/hackens-milieu/gnome.nix
@ -0,0 +1,10 @@
 { ... }:
 {
  services.xserver = {
    enable = true;
    displayManager.gdm.enable = true;
    desktopManager.gnome.enable = true;
  };
  services.xserver.layout = "fr";
  services.autorandr.enable = true;
 }
--- a/machines/hackens-milieu/hardware-configuration.nix
+++ b/machines/hackens-milieu/hardware-configuration.nix
@ -0,0 +1,50 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [
    <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
  ];
  boot.initrd.availableKernelModules = [
    "ehci_pci"
    "ahci"
    "usbhid"
    "sd_mod"
    "sr_mod"
  ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  # boot.kernelParams = [ "nomodeset" ];
  fileSystems."/" = {
    device = "/dev/disk/by-label/nixos-root";
    fsType = "btrfs";
    options = [
      "ssd"
      "noatime"
      "ssd_spread"
      "discard"
      "space_cache"
    ];
  };
  fileSystems."/boot" = {
    device = "/dev/disk/by-label/BOOT";
    fsType = "vfat";
  };
  swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ];
  nix.maxJobs = lib.mkDefault 4;
  powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
 }
--- a/machines/hackens-milieu/i18n.nix
+++ b/machines/hackens-milieu/i18n.nix
@ -1,4 +1,5 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
 {
  i18n.defaultLocale = "en_US.UTF-8";
  console = {
    font = "Lat2-Terminus16";
--- a/machines/hackens-milieu/networking.nix
+++ b/machines/hackens-milieu/networking.nix
@ -0,0 +1,33 @@
 { lib, config, ... }: {
  systemd.network = {
    enable = true;
    networks."50-wg0" = {
      name = "wg0";
      address = [
        "10.10.10.4/24"
      ];
    };
    netdevs = {
      "50-wg0" = {
        netdevConfig = {
          Name = "wg0";
          Kind = "wireguard";
        };
        wireguardConfig.PrivateKeyFile = config.age.secrets."wg".path;
        wireguardPeers = [
          {
            AllowedIPs = [
              "10.10.10.0/24"
            ];
            PublicKey = lib.trim (builtins.readFile ../../wg-keys/hackens-org.pub);
            Endpoint = "129.199.129.76:1194";
            PersistentKeepalive = 5;
          }
        ];
      };
    };
  };
 }
--- a/machines/hackens-milieu/nightworker.nix
+++ b/machines/hackens-milieu/nightworker.nix
--- a/machines/hackens-milieu/no-sleep.nix
+++ b/machines/hackens-milieu/no-sleep.nix
@ -0,0 +1,9 @@
 { ... }:
 {
  systemd.targets = {
    sleep.enable = false;
    suspend.enable = false;
    hibernate.enable = false;
    hybrid-sleep.enable = false;
  };
 }
--- a/machines/hackens-milieu/pixiecore/default.nix
+++ b/machines/hackens-milieu/pixiecore/default.nix
@ -0,0 +1,16 @@
 { pkgs, config, ... }:
 let
  netboot_efi = pkgs.fetchurl rec {
    version = "2.0.82";
    url = "https://github.com/netbootxyz/netboot.xyz/releases/download/${version}/netboot.xyz.efi";
    hash = "sha256-cO8MCkroQ0s/j8wnwwIWfnxEvChLeOZw+gD4wrYBAog=";
  };
 in
 {
  services.pixiecore = rec {
    enable = true;
    openFirewall = true;
    kernel = "${netboot_efi}";
    extraArguments = [ "-d" "--ipxe-efi64" "${kernel}" ];
  };
 }
--- a/machines/hackens-milieu/programs.nix
+++ b/machines/hackens-milieu/programs.nix
@ -6,45 +6,41 @@
  programs.wireshark.enable = true;
  environment.systemPackages = with pkgs; [
    kitty
    # Todolist
    taskwarrior
    # Slicers
    prusa-slicer super-slicer
    # CAD/3D
    blender freecad openscad kicad-with-packages3d
    # Microcontrollers
    arduino arduino-cli stm32flash stm32loader
    # FPGA
    # python38Packages.nmigen python38Packages.nmigen-soc python38Packages.nmigen-boards
    verilog verilator yosys symbiyosys mcy
    # Reverse engineering
    ghidra-bin apktool pwndbg
    radare2
    # IRC
    weechat
-    # Editors
+    # Latex
-    vscodium emacs neovim
+    texlive.combined.scheme-full
    # Editors
    vscodium
    emacs
    neovim
    arduino
    # Utilities
    minicom
    smartmontools
-    starship
+    wget
-    wget firefox ripgrep chromium
+    firefox
    ungoogled-chromium
    ripgrep
    fd
    nmap
    htop
    dnsutils
-    ncdu lazygit
+    ncdu
    lazygit
    alacritty
    # Networking
-    speedtest-cli iperf
+    speedtest-cli
    iperf
-    # CNC
+    # Serial
-    inkscape
+    minicom
    tio
    # Deploy
    colmena
  ];
  programs.chromium = {
--- a/machines/hackens-milieu/secrets/default.nix
+++ b/machines/hackens-milieu/secrets/default.nix
@ -0,0 +1,11 @@
 {
  pkgs,
  config,
  lib,
  ...
 }: {
  age.secrets."wg" = {
    file = ./wg.age;
    owner = "systemd-network";
  };
 }
--- a/machines/hackens-milieu/secrets/secrets.nix
+++ b/machines/hackens-milieu/secrets/secrets.nix
@ -0,0 +1,8 @@
 let
  lib = (import <nixpkgs> {}).lib;
  readPubkeys = user:
    builtins.filter (k: k != "") (lib.splitString "\n"
      (builtins.readFile (../../../pubkeys + "/${user}.keys")));
 in {
  "wg.age".publicKeys = (readPubkeys "catvayor") ++ (readPubkeys "sinavir") ++ (readPubkeys "hackens-milieu");
 }
--- a/machines/hackens-milieu/secrets/wg.age
+++ b/machines/hackens-milieu/secrets/wg.age
@ -0,0 +1,12 @@
 age-encryption.org/v1
 -> ssh-ed25519 5rrg4g B36oMQ2IqhBXDaltfkba8gBjhTzHujh/KtpXmoBfIkE
 ga5w9MzfwR2LwlSmeA0ddyx2Fms/ZSp1c8p/rC46OSE
 -> ssh-ed25519 JGx7Ng wis78jvQlXpeK0rb50RNgliWwVaPqUYR66Dfxxq8+nk
 awK/Il5jYV2s95GxDLkeRas0PjDKKnVE2HjKTOFyQco
 -> ssh-ed25519 kXobKQ gYW3wXPQr756wsRQ6nKo4qQtT09OaEsnQmAX4G41PXQ
 sa8Bhxfosqf1VNXfj+rS2ryJs9T4sZK13tx5j+NOCm4
 -> ssh-ed25519 Dx1R2Q 2BLCykYc4lKLyBnDfJ6J7ZCD8CeX3vt2S2fLkwjeunw
 ueU6TaxgeX9Cp98LkHy5pkaUaRGdcTHtV8CopEILv10
 --- Ah6a49hN7wxxfR8C8Jczc/2jMAoTJoumYMj4PPKax2I
 î)Bš+£Ín
 c™ï<EFBFBD>›ÁY<EFBFBD>ú-l™k<E284A2>ÛMF+ÞÙ<C39E>r1)æÞ‹¸aU=<3D>}%\õÔ²¶=W~ã)Àp6nÜG%ð*ðâšk>	ä
--- a/machines/hackens-milieu/system.nix
+++ b/machines/hackens-milieu/system.nix
@ -1,14 +1,22 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
 {
  # Upgrades
  system.autoUpgrade = {
    enable = true;
    allowReboot = false;
  };
  # SSD stuff
  services.fstrim = {
    enable = true;
  };
  # Auto-GC and store optimizations
  nix = {
-    trustedUsers = [ "root" "hackens" ];
+    trustedUsers = [
-    package = pkgs.nixUnstable;
+      "root"
      "hackens"
    ];
    gc = {
      automatic = true;
      dates = "weekly";
@ -24,7 +32,13 @@
  };
  services.locate.enable = true;
  # ssh
  services.openssh.enable = true;
  services.openssh.passwordAuthentication = false;
  # We are on a trusted network
  networking.firewall.enable = false;
  documentation.info.enable = false;
 }
--- a/machines/hackens-milieu/users.nix
+++ b/machines/hackens-milieu/users.nix
@ -1,23 +1,32 @@
 { pkgs, ... }:
 let
  superadmins = [
    ../../pubkeys/raito.keys
    ../../pubkeys/gdd.keys
    ../../pubkeys/BiBi.keys
    ../../pubkeys/sinavir.keys
    ../../pubkeys/soyouzpanda.keys
    ../../pubkeys/catvayor.keys
    ../../pubkeys/sel.keys
  ];
 in
 {
  users.users.hackens = {
    isNormalUser = true;
-    extraGroups = [ "wheel" ];
+    extraGroups = [
      "wheel"
      "dialout"
      "audio"
      "video"
    ];
-    openssh.authorizedKeys.keys = [ 
+    openssh.authorizedKeys.keys = [
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDcKULx/AgnqBsgwRX2BfV8waq6JXIkvZHhu9Y8paofM8awq6Om56BZoA7AV45YOcJxO/eFDOxSegXXmt22s4WjIf8I049aMdsW54BNpFpC/h18cMzm5ylKVGHl1ier/WXxpBsA8YU++YdRlGHPpKnhCtYLnBzD4Q5h+05GMIHismNZP1aGpE9s01FuP8eaDDkZUba7oSpn03AA77DBw4/2ZreSbqo96Z6WwiG09KeZvxFtEIk98EQtmiExB2fwsK3/JIxIBCoZHh4SzERcslxxGgzdppd6NhhSh7g523zhiihLaTAPNXBovGm5wcKOU9uWe+pUWEbwV04E+809aVbkJOdYBCtIf8M91meqpupA8jK38uquePHEFvpNr5UmY0qUlJCoqTvoqg9XgrfJVjlPEmYknj/QjQzkA4k19y8njsyEjnYOBL6tsztg6Igl+NZXjBAPuAzxCsfHOtWw1WM5gANwqOL0V9f7+14yST3HwweqjHRj4xky6ritxK+ujfc= hackens@hackens-desktop"
    ];
-    openssh.authorizedKeys.keyFiles = [
+    openssh.authorizedKeys.keyFiles = superadmins;
      ../../pubkeys/raito.keys
      ../../pubkeys/gdd.keys
    ];
  };
  users.users.root = {
-    openssh.authorizedKeys.keyFiles = [
+    openssh.authorizedKeys.keyFiles = superadmins;
      ./pubkeys/raito.keys
      ./pubkeys/gdd.keys
    ];
  };
 }
--- a/machines/hackens-milieu/vim.nix
+++ b/machines/hackens-milieu/vim.nix
@ -1,10 +1,10 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
 {
  environment.systemPackages = with pkgs; [
-    nixfmt
+    nixfmt-rfc-style
    git
    (neovim.override {
      vimAlias = true;
      configure.plug.plugins = with vimPlugins; [ vim-nix vim-lastplace ];
    })
  ];
 }
--- a/machines/hackens-org/_bootloader.nix
+++ b/machines/hackens-org/_bootloader.nix
@ -0,0 +1,5 @@
 {
  # Use the GRUB 2 boot loader.
  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only
 }
--- a/machines/hackens-org/_configuration.nix
+++ b/machines/hackens-org/_configuration.nix
@ -5,23 +5,29 @@
 { config, pkgs, ... }:
 {
-  imports =
+  imports = [
-    [
+    ./_bootloader.nix
-      ./hardware-configuration.nix
+    ./_networking.nix
-      ./physical.nix
+    ./_ssh.nix
-      ../../profiles/core-hackens
+    ./_users.nix
-      ./hackens-my.nix
+    ./dokuwiki.nix
-      #Services
+    ./thelounge.nix
-      ./wiki.nix
+    ./hardware-configuration.nix
-      ./webpass.nix
+    ./matterbridge.nix
-      ./test-static.nix
+    ./nginx.nix
-      # ./bridge.nix
+    ./orga
-      # ./gha.nix
+    ./ragb.nix
-      # ./sync.nix
+    ./snipe-it.nix
-      #Modules
+    ./secrets
-      ./misc
+    ./static-sites.nix
-      ./modules
+    ./legacy-redir.nix
-    ];
+    ./webpass.nix
    ./prometheus.nix
    ./grafana.nix
    ./kfet-monitor
  ];
  time.timeZone = "Europe/Paris";
  networking.hostName = "hackens-org"; # Define your hostname.
@ -31,7 +37,6 @@
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "21.11"; # Did you read the comment?
+  system.stateVersion = "22.11"; # Did you read the comment?
 }
--- a/machines/hackens-org/_networking.nix
+++ b/machines/hackens-org/_networking.nix
@ -0,0 +1,45 @@
 { pkgs, ... }:
 {
  imports = [
    ./wireguard.nix
  ];
  networking.useDHCP = false;
  systemd.network = {
    enable = true;
    netdevs."10-sit-he" = {
      netdevConfig = {
        Kind = "sit";
        Name = "sit-he";
      };
      tunnelConfig = {
        Local = "129.199.129.76";
        Remote = "216.66.84.42";
      };
    };
    networks = {
      "10-uplink" = {
        name = "enp1s0";
        DHCP = "no";
        address = [
          "129.199.129.76/24"
        ];
        networkConfig = {
          Gateway = "129.199.129.1";
          Tunnel = [ "sit-he" ];
        };
      };
      "10-tun-he" = {
        matchConfig.Name = "sit-he";
        networkConfig = {
          Gateway = [ "2001:470:1f12:d21::1" ];
          Description = "HE.NET IPv6 Tunnel (owned by maurice)";
          Address = [ "2001:470:1f12:d21::2/64" ];
        };
      };
    };
  };
  networking.nameservers = [
    "1.1.1.1"
    "8.8.8.8"
  ];
 }
--- a/machines/hackens-org/_ssh.nix
+++ b/machines/hackens-org/_ssh.nix
@ -0,0 +1,19 @@
 { ... }:
 {
  # Enable the OpenSSH daemon.
  services.openssh.enable = true;
  services.openssh.settings.PasswordAuthentication = false;
  services.openssh.ports = [
    22
    2222
  ];
  # Open ports in the firewall. (In fact not needed)
  networking.firewall.allowedTCPPorts = [
    22
    2222
  ];
  # Mosh <3
  programs.mosh.enable = true;
 }
--- a/machines/hackens-org/_users.nix
+++ b/machines/hackens-org/_users.nix
@ -0,0 +1,43 @@
 { ... }:
 {
  users = {
    mutableUsers = false;
    users = {
      rlahfa = {
        isNormalUser = true;
        extraGroups = [ "wheel" ];
        hashedPassword = "$6$y/I6nKCMYUku7$91vTR5kYz4nHyhbuA/j6kPsD8Vfo/Rg7ri6Ympftra9V6emOt/mPg0AScECtYjSIxretvfQ3sPUF1Ho0IWx381";
        openssh.authorizedKeys.keyFiles = [ ../../pubkeys/raito.keys ];
      };
      gdoriathdohler = {
        isNormalUser = true;
        extraGroups = [ "wheel" ];
        openssh.authorizedKeys.keyFiles = [ ../../pubkeys/gdd.keys ];
      };
      mdebray = {
        isNormalUser = true;
        extraGroups = [ "wheel" ];
        hashedPassword = "$6$ujz06kXa4TgvPAbF$NaXkDuOUpf3.fBRh7JuygtS0V2U/Bz4N3DpbOznO.md44xEdlKwPH/pSbL9CQJBhI5kodaKZeSaoCyhzybBPA/";
        openssh.authorizedKeys.keyFiles = [ ../../pubkeys/sinavir.keys ];
      };
      ecoppens = {
        isNormalUser = true;
        extraGroups = [ "wheel" ];
        hashedPassword = "$2b$05$c7kIDOunRJvgncWq5pmbXupy/wzUzCvN3b/RHgl/BjlUw891wI.Oa";
        openssh.authorizedKeys.keyFiles = [ ../../pubkeys/soyouzpanda.keys ];
      };
      hbarral = {
        isNormalUser = true;
        extraGroups = [ "wheel" ];
        openssh.authorizedKeys.keyFiles = [ ../../pubkeys/backslash.keys ];
      };
      root.openssh.authorizedKeys.keyFiles = [
        ../../pubkeys/beigbeder.keys
        ../../pubkeys/sinavir.keys
        ../../pubkeys/soyouzpanda.keys
        ../../pubkeys/catvayor.keys
        ../../pubkeys/sel.keys
      ];
    };
  };
 }
--- a/machines/hackens-org/dokuwiki.nix
+++ b/machines/hackens-org/dokuwiki.nix
@ -0,0 +1,97 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 {
  services.nginx.virtualHosts."hackens.org" = {
    enableACME = true;
    forceSSL = true;
  };
  # Si tu as des problèmes un jour, vide le cache avant tout
  services.dokuwiki.sites."hackens.org" = {
    enable = true;
    settings = {
      template = "bootstrap3";
      license = "cc-by-sa";
      title = "hackENS";
      lang = "fr";
      breadcrumbs = 0;
      yourarehere = true;
      userewrite = 1;
      useacl = true;
      htmlok = 1;
      target._raw = ''
        array(
          'extern' => '_tab'
        );
      '';
      sitemap = 7;
      disableactions = "register";
      superuser = "@admin";
      start = "accueil";
      tpl.bootstrap3 = {
        showAddNewPage = "logged";
        fluidContainer = 0;
      };
      plugin.htmlok.htmlok = 1;
    };
    pluginsConfig = {
      authad = false;
      authldap = false;
      authpdo = false;
      authmysql = false;
      authpgsql = false;
      popularity = false;
    };
    plugins = [
      (pkgs.fetchFromGitHub {
        name = "catlist";
        owner = "xif-fr";
        repo = "dokuwiki-plugin-catlist";
        rev = "147793e2b41e8cb6465df888eecfbc4ee54fb68a";
        hash = "sha256-kTL0Hm4BeWpmusLnybmBM9JPpx+ss0e/cusDHu6hH2I=";
      })
      (pkgs.php.buildComposerProject (finalAttrs: {
        pname = "commonmark";
        name = "commonmark";
        version = "1.3.1";
        composerStrictValidation = false;
        src = pkgs.fetchFromGitHub {
          owner = "clockoon";
          repo = "dokuwiki-plugin-commonmark";
          rev = "671ab735193ffb1324064ff0ddb92f63408b8580";
          hash = "sha256-0WFz71O6GLVZ1Mf5eu96cQ3t+H6F6VtlC3hNtlANwBs=";
        };
        vendorHash = "sha256-QnFdwc6IfdH98Hbm9jt6E/rO+u6I7kZqb7+hRnPra9I=";
        postInstall = ''
          rm -r $out/share
          cp -r . $out
        '';
      }))
      (pkgs.fetchFromGitHub {
        name = "htmlok";
        owner = "saggi-dw";
        repo = "dokuwiki-plugin-htmlok";
        rev = "f186dda6240c61079cd9166c1f17aabefa21c7d8";
        hash = "sha256-3s+WAb1BG2mq8+wxpQ6HgPJZ+dx6v5e+vMXaOiLYceo=";
      })
    ];
    templates = [
      (pkgs.fetchFromGitHub {
        name = "bootstrap3";
        owner = "giterlizzi";
        repo = "dokuwiki-template-bootstrap3";
        rev = "v2022-07-27";
        hash = "sha256-B3Yd4lxdwqfCnfmZdp+i/Mzwn/aEuZ0ovagDxuR6lxo=";
      })
    ];
  };
 }
--- a/machines/hackens-org/gestiohackens/default.nix
+++ b/machines/hackens-org/gestiohackens/default.nix
@ -0,0 +1,91 @@
 {
  pkgs,
  lib,
  config,
  ...
 }:
 let
  src = pkgs.fetchgit {
    url = "https://git.rz.ens.wtf/HackENS/gestiojeux.git";
    rev = "HEAD";
    hash = "sha256-ly786xct9U4hdsHr7NLl23smnOfE891au9/GXqxpFb4=";
  };
 in
 {
  imports =
    [
    ];
  systemd.services.django-gestiohackens.serviceConfig = {
    DynamicUser = lib.mkForce false;
    User = "django-gestiohackens";
    SupplementaryGroups = [ "nginx" ];
  };
  users.users.django-gestiohackens = {
    group = "django-gestiohackens";
    isSystemUser = true;
  };
  users.groups.django-gestiohackens = { };
  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    virtualHosts."inventaire.hackens.org" = {
      enableACME = true;
      forceSSL = true;
      locations = {
        "/" = {
          proxyPass = "http://localhost:51667";
        };
        "/media/".alias = "/var/lib/django-gestiohackens/media/";
        "/static".root = config.services.django.gestiohackens.staticAssets;
      };
    };
  };
  services.django.gestiohackens = {
    inherit src;
    enable = true;
    mainModule = "gestiojeux";
    port = 51667;
    settings = {
      DEBUG = false;
      CSRF_COOKIE_SECURE = true;
      AUTHENS_ALLOW_STAFF = true;
      SESSION_COOKIE_SECURE = true;
      MEDIA_URL = "media/";
      ALLOWED_HOSTS = [ "inventaire.hackens.org" ];
      DATABASES = {
        "default" = {
          "ENGINE" = "django.db.backends.sqlite3";
          "NAME" = "/var/lib/django-gestiohackens/db.sqlite3";
        };
      };
      HAYSTACK_CONNECTIONS = {
        "default" = {
          "ENGINE" = "haystack.backends.whoosh_backend.WhooshEngine";
          "PATH" = "/var/lib/django-gestiohackens/whoosh_index";
        };
      };
      MEDIA_ROOT = "/var/lib/django-gestiohackens/media";
    };
    extraPackages = ps: [
      ps.django-autoslug
      ps.loadcredential
      ps.django-cleanup
      ps.django-haystack
      ps.django-markdownx
      ps.django-tables2
      ps.pillow
      ps.whoosh
      ps.markdown-icons
      ps.authens
      ps.qrcode
      ps.pillow
      # Django haystack is drunk
      ps.setuptools
    ];
    secrets = {
      SECRET_KEY = config.age.secrets.django-gestiohackens.path;
    };
  };
 }
--- a/machines/hackens-org/grafana.nix
+++ b/machines/hackens-org/grafana.nix
@ -0,0 +1,59 @@
 { config, ... }:
 let
  host = "grafana.hackens.org";
  port = 3033;
 in
 {
  services = {
    grafana = {
      enable = true;
      settings = {
        database = {
          type = "postgres";
          user = "grafana";
          host = "/run/postgresql";
        };
        server = {
          domain = host;
          enable_gzip = true;
          enforce_domain = true;
          http_port = port;
          root_url = "https://${host}";
          router_logging = true;
        };
        users = {
          default_theme = "system";
          default_language = "en-GB";
        };
      };
    };
    postgresql = {
      enable = true;
      ensureDatabases = [ "grafana" ];
      ensureUsers = [
        {
          name = "grafana";
          ensureDBOwnership = true;
        }
      ];
    };
    nginx.virtualHosts.${host} = {
      enableACME = true;
      forceSSL = true;
      locations."/" = {
        proxyPass = "http://127.0.0.1:${builtins.toString port}";
        proxyWebsockets = true;
        recommendedProxySettings = true;
      };
    };
  };
 }
--- a/machines/hackens-org/hardware-configuration.nix
+++ b/machines/hackens-org/hardware-configuration.nix
@ -0,0 +1,39 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 {
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }:
 {
  imports = [
    (modulesPath + "/profiles/qemu-guest.nix")
  ];
  boot.initrd.availableKernelModules = [
    "uhci_hcd"
    "ahci"
    "virtio_pci"
    "virtio_blk"
  ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  fileSystems."/" = {
    device = "/dev/disk/by-uuid/8deb32c9-ee6a-4de8-94da-239c8ec509a2";
    fsType = "btrfs";
  };
  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/0795-75ED";
    fsType = "vfat";
  };
  swapDevices = [ { device = "/dev/disk/by-uuid/bd7c1c01-ce31-4db3-9c06-70716020e24a"; } ];
 }
--- a/machines/hackens-org/kfet-monitor/default.nix
+++ b/machines/hackens-org/kfet-monitor/default.nix
@ -0,0 +1,25 @@
 { lib, pkgs, ... }:
 let
  wsScraper = pkgs.callPackage ./websocket-exporter.nix { };
 in
 {
  systemd.services.kfet-open-recorder = {
    environment = {
      WEBSOCKET_EXPORTER_URI = "wss://cof.ens.fr/ws/k-fet/open";
      WEBSOCKET_EXPORTER_MATCH_TYPE = "contains";
      WEBSOCKET_EXPORTER_EXPECTED_MESSAGE = "open";
      WEBSOCKET_EXPORTER_LISTEN_ADDR = "127.0.0.1";
    };
    wantedBy = [ "multi-user.target" ];
    after = [ "network.target" ];
    wants = [ "network.target" ];
    serviceConfig = {
      ExecStart = "${lib.getExe wsScraper}";
      Restart = "always";
      RestartSec = 5;
      DynamicUser = true;
      StateDirectory = "kfet-open-recorder";
    };
  };
 }
--- a/machines/hackens-org/kfet-monitor/patch
+++ b/machines/hackens-org/kfet-monitor/patch
@ -0,0 +1,61 @@
 diff --git a/websocket_exporter/probe.py b/websocket_exporter/probe.py
 index a95b97e..a7b057e 100644
 --- a/websocket_exporter/probe.py
 +++ b/websocket_exporter/probe.py
@@ -3,28 +3,29 @@ import logging
 from time import perf_counter
 from typing import Union
 -from websockets import NegotiationError, client, InvalidStatusCode
 +from websockets import InvalidStatusCode, NegotiationError, client
 -
 -EXACT_MATCH = 'exact'
 -CONTAINS_MATCH = 'contains'
 +EXACT_MATCH = "exact"
 +CONTAINS_MATCH = "contains"
 class ProbResults(object):
     def __init__(self, up: int, latency: float = 0, received: int = 0):
         self.up = up
         self.latency = round(latency, 2)
 -        self.received = int(received) if received is not None else "NaN"
 +        self.received = int(received) if received is not None else 0
     def __str__(self):
         if self.up:
             return f'Websocket up, latency:{self.latency}s, expected response {"" if self.received else "NOT"} received'
 -        return f'Webserver DOWN'
 +        return f"Webserver DOWN"
 class WebSocketProbe(object):
 -    def __init__(self, uri, message=None, expected=None, match=CONTAINS_MATCH, timeout=10):
 +    def __init__(
 +        self, uri, message=None, expected=None, match=CONTAINS_MATCH, timeout=10
 +    ):
         """
         Create a websocket probe that tries establishing a connection and reports the metrics
         :param uri: starts with 'ws://' or ws://
@@ -68,13 +69,17 @@ class WebSocketProbe(object):
         elapsed = 0
         while elapsed < self.timeout:
             try:
 -                resp = await asyncio.wait_for(connection.recv(), timeout=(self.timeout-elapsed))
 +                resp = await asyncio.wait_for(
 +                    connection.recv(), timeout=(self.timeout - elapsed)
 +                )
                 if self._match(resp):
                     return True
                 await asyncio.sleep(1)
                 elapsed += 1
             except asyncio.TimeoutError:
 -                logging.info(f'Time out while waiting for {self.expected_message} from {self.uri}')
 +                logging.info(
 +                    f"Time out while waiting for {self.expected_message} from {self.uri}"
 +                )
                 return None
         return None
--- a/machines/hackens-org/kfet-monitor/websocket-exporter.nix
+++ b/machines/hackens-org/kfet-monitor/websocket-exporter.nix
@ -0,0 +1,40 @@
 {
  lib,
  python3,
  fetchFromGitHub,
 }:
 python3.pkgs.buildPythonApplication rec {
  pname = "blackbox-websocket-exporter";
  version = "unstable-2021-12-15";
  pyproject = true;
  src = fetchFromGitHub {
    owner = "smohsensh";
    repo = "blackbox-websocket-exporter";
    rev = "6f9f32396f740fe606bf1b0118a27ad5caa3d9a6";
    hash = "sha256-+G7xw5631TllDGNzVK9swbSNfVu4r4glbYIblEa0WqA=";
  };
  patches = [
    ./patch
  ];
  nativeBuildInputs = [
    python3.pkgs.setuptools
    python3.pkgs.wheel
  ];
  propagatedBuildInputs = with python3.pkgs; [
    prometheus-client
    websockets
  ];
  meta = with lib; {
    description = "A Blackbox Websocket Uptime Exporter for Prometheus";
    homepage = "https://github.com/smohsensh/blackbox-websocket-exporter";
    license = licenses.mit;
    maintainers = with maintainers; [ ];
    mainProgram = "websocket_exporter";
  };
 }
--- a/machines/hackens-org/legacy-redir.nix
+++ b/machines/hackens-org/legacy-redir.nix
@ -0,0 +1,55 @@
 {
  services.nginx.virtualHosts = {
    "www.hackens.org" = {
      forceSSL = true;
      enableACME = true;
      extraConfig = ''
        return 301 $scheme://hackens.org$request_uri;
      '';
    };
    "new.hackens.org" = {
      forceSSL = true;
      enableACME = true;
      extraConfig = ''
        return 301 $scheme://hackens.org$request_uri;
      '';
    };
    "pass.new.hackens.org" = {
      forceSSL = true;
      enableACME = true;
      extraConfig = ''
        return 301 $scheme://pass.hackens.org$request_uri;
      '';
    };
    "known.hackens.org" = {
      forceSSL = true;
      enableACME = true;
      extraConfig = ''
        return 301 $scheme://hackens.org/known$request_uri;
      '';
    };
    "prez.hackens.org" = {
      forceSSL = true;
      enableACME = true;
      extraConfig = ''
        return 301 $scheme://hackens.org/prez$request_uri;
      '';
    };
    "pub.hackens.org" = {
      forceSSL = true;
      enableACME = true;
      extraConfig = ''
        return 301 $scheme://hackens.org/pub$request_uri;
      '';
    };
    "2048.hackens.org" = {
      forceSSL = true;
      enableACME = true;
      extraConfig = ''
        return 301 $scheme://hackens.org/2048$request_uri;
      '';
    };
  };
 }
--- a/machines/hackens-org/matterbridge.nix
+++ b/machines/hackens-org/matterbridge.nix
@ -0,0 +1,60 @@
 {
  pkgs,
  lib,
  config,
  ...
 }:
 let
  port = 52187;
  configFile = pkgs.writeText "metterbridge.toml" ''
    [irc]
        [irc.ulminfo]
        Server="ulminfo.fr:6697" # Ou ens.wtf tu choisis.
        Nick="roBOT"
            UseTLS=true
            Charset="utf8"
            PrefixMessagesWithNick=true
            RemoteNickFormat="<{NICK}> "
    [mattermost]
        [mattermost.merle]
            WebhookBindAddress="0.0.0.0:${builtins.toString port}"
            PrefixMessagesWithNick=false
            RemoteNickFormat="{NICK}"
    [[gateway]]
    name="hackens"
    enable=true
        [[gateway.inout]]
        account="irc.ulminfo"
        channel="#hackens"
        [[gateway.inout]]
        account="mattermost.merle"
        channel="town-square"
  '';
 in
 {
  systemd.services.matterbridge = {
    description = "Matterbridge chat platform bridge";
    wantedBy = [ "multi-user.target" ];
    after = [ "network.target" ];
    script = ''
      ${pkgs.matterbridge}/bin/matterbridge -conf ${configFile}
    '';
    serviceConfig = {
      User = "matterbridge";
      Group = "matterbridge";
      Restart = "always";
      RestartSec = "10";
      EnvironmentFile = config.age.secrets."matterbridge-env".path;
    };
  };
  users.users.matterbridge = {
    isSystemUser = true;
    group = "matterbridge";
  };
  users.groups.matterbridge = { };
  networking.firewall.allowedTCPPorts = [ port ];
 }
--- a/hosts/hackens-org/modules/nginx.nix
+++ b/hosts/hackens-org/modules/nginx.nix
--- a/machines/hackens-org/orga/default.nix
+++ b/machines/hackens-org/orga/default.nix
@ -0,0 +1,54 @@
 {
  pkgs,
  lib,
  config,
  ...
 }:
 let
  src = pkgs.fetchgit {
    url = "https://git.rz.ens.wtf/HackENS/hackens-orga.git";
    rev = "HEAD";
    hash = "sha256-BiOKGeDPVp7EV/q4S9Zc54jUeBTpfOs5e/MsCPGAk/I=";
  };
 in
 {
  imports =
    [
    ];
  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    virtualHosts."hackens.org" = {
      locations = {
        "/orga" = {
          proxyPass = "http://localhost:51666/orga";
          extraConfig = ''
            proxy_set_header SCRIPT_NAME /orga;
          '';
        };
        "/static".root = config.services.django.hackens-orga.staticAssets;
      };
    };
  };
  services.django.hackens-orga = {
    inherit src;
    enable = true;
    mainModule = "hackens_orga";
    settings = {
      DEBUG = false;
      ALLOWED_HOSTS = [ "hackens.org" ];
      DATABASES = {
        "default" = {
          "ENGINE" = "django.db.backends.sqlite3";
          "NAME" = "/var/lib/django-hackens-orga/db.sqlite3";
        };
      };
    };
    extraPackages = p: [
      p.authens
    ];
    secrets = {
      SECRET_KEY = config.age.secrets.django.path;
    };
  };
 }
--- a/machines/hackens-org/programs.nix
+++ b/machines/hackens-org/programs.nix
@ -0,0 +1,6 @@
 { pkgs, ... }:
 {
  environment.systemPackages = [
    pkgs.vim
  ];
 }
--- a/machines/hackens-org/prometheus.nix
+++ b/machines/hackens-org/prometheus.nix
@ -0,0 +1,68 @@
 { config, ... }:
 let
  host = "prometheus.hackens.org";
  port = 9091;
 in
 {
  services.prometheus = {
    enable = true;
    inherit port;
    checkConfig = "syntax-only";
    enableReload = true;
    listenAddress = "127.0.0.1";
    webConfigFile = config.age.secrets."prometheus-webconf".path;
    webExternalUrl = "https://${host}";
    retentionTime = "5y";
    extraFlags = [ "--storage.tsdb.retention.size=2GB" ];
    rules = [
      ''
        groups:
          - name: Chrony
            rules:
              - record: instance:chrony_clock_error_seconds:abs
                expr: >
                  abs(chrony_tracking_last_offset_seconds)
                  +
                  chrony_tracking_root_dispersion_seconds
                  +
                  (0.5 * chrony_tracking_root_delay_seconds)
      ''
    ];
    scrapeConfigs = [
      {
        job_name = "prometheus";
        static_configs = [ { targets = [ "localhost:9090" ]; } ];
      }
      {
        job_name = "chrony";
        static_configs = [ { targets = [ "10.10.10.3:9123" ]; } ];
      }
      {
        job_name = "kfet";
        static_configs = [ { targets = [ "127.0.0.1:9802" ]; } ];
      }
    ];
  };
  services.nginx.virtualHosts.${host} = {
    enableACME = true;
    forceSSL = true;
    locations."/" = {
      proxyPass = "http://127.0.0.1:${builtins.toString port}";
      proxyWebsockets = true;
      recommendedProxySettings = true;
    };
  };
 }
--- a/machines/hackens-org/ragb.nix
+++ b/machines/hackens-org/ragb.nix
@ -0,0 +1,80 @@
 {
  sources,
  lib,
  pkgs,
  config,
  ...
 }:
 {
  services.django.ragb = {
    enable = true;
    src = pkgs.ragb-src + "/frontend";
    settings = {
      DEBUG = false;
      WEBSOCKET_ENDPOINT = "https://agb.hackens.org/api";
      ALLOWED_HOSTS = [
        "127.0.0.1"
        "agb.hackens.org"
      ];
      DATABASES = {
        "default" = {
          "ENGINE" = "django.db.backends.sqlite3";
          "NAME" = "/var/lib/django-ragb/ragb_frontend.sqlite3";
        };
      };
    };
    processes = 2;
    threads = 4;
    port = 9991;
    extraPackages = p: [
      p.authens
      p.pyjwt
    ];
    secrets = {
      SECRET_KEY = config.age.secrets.ragb.path;
      JWT_SECRET = config.age.secrets.ragbJWT.path;
    };
  };
  services.nginx.virtualHosts."agb.hackens.org" = {
    forceSSL = true;
    enableACME = true;
    locations = {
      "/" = {
        proxyPass = "http://localhost:9991";
      };
      "/api" = {
        proxyPass = "http://localhost:9999";
        proxyWebsockets = true;
      };
      "/static".root = config.services.django.ragb.staticAssets;
      "= /api-docs" = {
        return = "302 /api-docs/";
      };
      "/api-docs/" = {
        alias = "${pkgs.ragb-src + "/api-docs/"}/";
        extraConfig = "autoindex on;";
      };
      "= /api-docs/patch.json".alias = pkgs.ragb-src + "/frontend/patch.json";
    };
  };
  systemd.services.django-ragb.serviceConfig = {
    Wants = [ "ragb-backend.service" ];
  };
  systemd.services.ragb-backend = {
    script = ''
      export JWT_SECRET=$(cat $CREDENTIALS_DIRECTORY/jwt_secret)
      export BK_FILE="$STATE_DIRECTORY/data.json"
      export BIND_TCP="10.10.10.1:1235"
      export RUST_LOG=debug
      ${pkgs.ragb-backend}/bin/ragb-backend
    '';
    serviceConfig = {
      LoadCredential = [
        "jwt_secret:${config.age.secrets.ragbJWT.path}"
      ];
      DynamicUser = true;
      StateDirectory = "ragb-backend";
    };
  };
 }
--- a/machines/hackens-org/secrets/default.nix
+++ b/machines/hackens-org/secrets/default.nix
@ -0,0 +1,31 @@
 { ... }:
 {
  age.secrets."django" = {
    file = ./django.age;
  };
  age.secrets."ragbJWT" = {
    file = ./ragbJWT.age;
  };
  age.secrets."ragb" = {
    file = ./ragb.age;
  };
  age.secrets."snipeit" = {
    file = ./snipeit.age;
    owner = "snipeit";
  };
  age.secrets."django-gestiohackens" = {
    file = ./django-gestiohackens.age;
  };
  age.secrets."matterbridge-env" = {
    file = ./matterbridge-env.age;
    owner = "matterbridge";
  };
  age.secrets."wg-key" = {
    file = ./wg-key.age;
    owner = "systemd-network";
  };
  age.secrets."prometheus-webconf" = {
    file = ./prometheus-webconf;
    owner = "prometheus";
  };
 }
--- a/machines/hackens-org/secrets/django-gestiohackens.age
+++ b/machines/hackens-org/secrets/django-gestiohackens.age
@ -0,0 +1,30 @@
 age-encryption.org/v1
 -> ssh-ed25519 JGx7Ng UMbo24t6bweWPSYr1MUpjW96t3+usu+M3+WmLkJpSTc
 vW8wOX/E6p3YEh8rRObScdcKB+uCtVIEOQ58HXSHYRU
 -> ssh-ed25519 kXobKQ wEsnzLjnW+tdNvBHYBL+pLQh0GsAviTiD7tODc+5nSc
 gW8TEewhh4N0ed6KNe+PYBQuEmuL8iO+KxLQt2imbbo
 -> ssh-ed25519 7hZk0g 2Y9Y3DSR9Zt5N1XXckNMlHEpczvsyruqBue54fC4lQY
 1UTRMGuN4uXR2ljP+3h7y58dU9C4GCkfKMY6l6GgRas
 -> ssh-ed25519 5rrg4g 6ILvq1I6OlTmvxhgo145YUdpNxZomFvCYl7nguL10kI
 7DPETzO4s3J4+lHIlkWvo4M0zH2792NttKBIJ09xii4
 -> ssh-rsa krWCLQ
 LdJzAaTTOSSxXTjLEv2n3pRjDJ8Cv/rLZZCsadK2vIK/2swax5loeprUzx60xRUt
 3qLZuXocsE1S8sUq4E0lzyQXmJj3DtgjWFvvhDhsx+UnUPB/S7yojlNPLsqSxJkO
 r5p6dvXsngF78BDDlFU/DnDI/tMnH6wL5PqV7iZiosSmASWxHMAQYcWGNZqdV1xl
 9q2txZF7LxvE1S2eUOFcXTC7r8Z/kBt7XqPfGyBWI1wYPG2r2Zw+tbO8S04iZExT
 Lj2YGnrNGGwNbREoqhMwAxDM6fLVoNnhHXoVQvCkr/wxk+sh2/Lt1ivcTT7Ua2YG
 ApaavUan7cEs3ghnanM+6A
 -> ssh-ed25519 /vwQcQ oaIOirE4++Kx76xSCoQ8EKmnI3Zh8rzou0XACYVY3Gw
 H9DsHQPdKaN/5bz4kf224NiJ8W1ykGx9tARd5UUrMbc
 -> ssh-ed25519 0R97PA SujU6d2DMDGX4zxsQwQTLFM2ap/3ni2y7zpU8BksTw0
 zLuD8EwORd5aDOFBpE0Nm5gHpi8ChRobg6v7r1sNfMU
 -> ssh-ed25519 cvTB5g t62LJ9atiYi5K+CBXXLB9obIZRWBKxrC896q6iCz/mA
 WYkA2muGBMuXlO5ebnul3NkidNcyIWecAdNTo03trf0
 -> ssh-ed25519 Wu8JLQ 3gzrf2TLDbG3YtMmO0qKVKiEPw+arN8DJvNiC09/4wg
 bYCCgA0ve55hKEjGFa+nAelWiYWy6WFHss9R6uEjiUI
 -> ssh-ed25519 EIt1vA kKs5NcxlLTt3iGD8stN7nOgOfomKEv2aZZ969dZNFlg
 IQT3Fx9Egd4kJ6Q3gsbiymu8EHSrjG1F7T5Uz76Z6Bo
 -> ssh-ed25519 X51wxg GU838E9JPhdAkYgRRcYi+gMsFFUTvY4iciFi9b43WhY
 vsHQ70mCsW0NUzMKjgRq6czFD8FwIFj6uo/jklPzI68
 --- axO8MoSOSkcp2HcVpAz9tQuuf0Unh2Ri20S60/Yq6xA
 i¸0ä<3›6,Û{àu›$apG7¢—Ú10Y•&«Øf7(&{3Û]àƒcÝ“ ¶>l¶P"$`ÝU(9¨ì5+°îJî^¼æé‚Ï»|†Õ:~
--- a/machines/hackens-org/secrets/django.age
+++ b/machines/hackens-org/secrets/django.age
@ -0,0 +1,31 @@
 age-encryption.org/v1
 -> ssh-ed25519 JGx7Ng IWxk65t5YAq/Sg+0CCcLGJyDhvPydKm1D9rYAfCDjUc
 ckB1V+J7Qddbt9EILraMge9RrThyTU2al5Eg6ffD7C4
 -> ssh-ed25519 kXobKQ ZEECnMHvZL3+JfkQpSjuzIuGfcLIIcudeiMlanUUBhc
 pBWa6DxVrinuv6urFDKPW2kSaa95FVFCXOFwMQ/X1RY
 -> ssh-ed25519 7hZk0g la8ZgkcqYQgFzYoqgkZrdSuaK+89mPx9UbiSWGOVXjQ
 4NWbJtWRUnZGMMLyDLArvZktfVfhXmgtn7h5oghH5Ms
 -> ssh-ed25519 5rrg4g KC9SOs8NJ18pbE4/HwHmX8W5XSeu528dFl2tEt3JfW0
 at+D2BMK1UAPsA2fkhMW5uHUjJSK2p+BPeFcfqyD/LA
 -> ssh-rsa krWCLQ
 U0DpCXNugnsPlWvDJZIwlFA3lCg/uihhLmLFYsdpwpx7kdyRF3KGn9p4X0kfjNQa
 PjT7akh+xaCC9a3GRDEsc3B4L6M/91YdiIX5kCtWccT3fFkdC8xrHnVblE0h6vYM
 +I4ay5PR9etittiMIb3coanBU5gZpAhCFvSNjWIV3YvchpOtWO2PL8rR9fRqDfmT
 BdTZMUOm01vuFuPFKmzKNbQS5ydwydv8BGc1MktqoyhafYVBirnVcwtsTQKZKDEL
 CBNgH81down+UFaCi/FTSffkBtBfnl1mzCF3TJ0CrSeEMgyY5yxvtWHUksDzznfJ
 C2ev+95nbRYUSM+OOBABHQ
 -> ssh-ed25519 /vwQcQ C7TusZYxTvR03xbxEmUf8+ePmdTRBbi4eAeg2+kbAAY
 3YpLUT5mmGLSel0vPpDUwPyFav1z/HCAsPsYA7woQas
 -> ssh-ed25519 0R97PA iQRH2sRnDsNoWuom8fVt8naGMrVAX3JAPmwnU/pZ3m8
 CipYmklGkMXYlWyhatEj7cGk51RNdfkkwlKPz26Q220
 -> ssh-ed25519 cvTB5g 05g8kd7yu1+4JzFCrqMEZ6QNsO8VE2egXOUR73fo/hM
 AY/8cMfVTyOY4z08Hz6cLnKrM1GYZbbgpwPVnwnJ3NU
 -> ssh-ed25519 Wu8JLQ Bn0shD1/Uzb3VdAOuyNeHSzLaboxhAUsqQWXycZYDFc
 V2EHtwK0CUdLYCzia43m4WmBxFy8frfR0hkdIkARnl4
 -> ssh-ed25519 EIt1vA FmznskIDNtFkD6HD64uL5OS2rwPwT1S5lCirtYFW0Rk
 3TKTCN45ygLTcrfSRdsXJZKdoz+A3tP7lXbNn2NOhvk
 -> ssh-ed25519 X51wxg X3KyzjW97PF8CFcb0NWW5F6JNMZslmP22d0+r0FRvlo
 mZq7lSEnD3Ui7hcloSCdTH/q4mB2q6lFTvzMRS+BCb4
 --- 4u64XNKKDMEaWeL4wLdkOgugYTkrqpfoFeG/BW4/zK8
 )Éé9çèñ”ÖÙ
 È.kâùô}O<>0Š«6ï'¥áJ¼}ŒýW(„ÖÖ·V>dè$ö8icjw	hÂ<aöÞ¿4›3Ð5NŒUºÎÎègYÃ
--- a/machines/hackens-org/secrets/matterbridge-env.age
+++ b/machines/hackens-org/secrets/matterbridge-env.age
--- a/machines/hackens-org/secrets/prometheus-webconf
+++ b/machines/hackens-org/secrets/prometheus-webconf
--- a/machines/hackens-org/secrets/ragb.age
+++ b/machines/hackens-org/secrets/ragb.age
@ -0,0 +1,30 @@
 age-encryption.org/v1
 -> ssh-ed25519 JGx7Ng 6s1XuhN3TFuW433ZrghssoyScvjqG6tg+ZSvHBwYOjQ
 54ijsvv7CO/1L9ib4fgiRAQHmlU2r3j/fbc79qiAo38
 -> ssh-ed25519 kXobKQ WMApvaovS/ddPbz7Eh9bCF3SzmUJN1NQGMKzWCJ6jQc
 3NehvO3X7uMU/H7g7d4nFsmHk0PhXrRT1XetWUBHAnY
 -> ssh-ed25519 7hZk0g RqNPzJqoSY1umAJE/FPZ+MR0R9eCDdxonzuh3uMBRhI
 Cfou0mqV4gHGP7OJbgPm8VotU4cM5YVX3iUkd6myU+E
 -> ssh-ed25519 5rrg4g mSZUVF9y4vYfBbjgP0UnSfgaGTC3/Yx+fAFquA5022E
 1yiri7+CZTSUhPpJlo9f1EraRVl3Ihw4wtjgXJPMRqY
 -> ssh-rsa krWCLQ
 gMc7ogvibqMuboKqSgqfedIxqyhhljJFp5zI2bK6D5rdcV5CIPVz2xQdk4h678Qg
 8pYlg1+UDu+JyXvJgtWZHYMGSs17woIYZmw9UQh+IYMo4Qn89tn4QN4exYwB+7gm
 dWEqo7GggWG0Mu2w2OVu2oB1D5aUvF940hUCyl40V7hIkMpJwFfMfvvD04XsScXV
 GLpWNYcWIQNaBAxTWRGkpt9jvD1W/DjsOUhOk0BP5hnSPm39awfLFRo3wWFBiaDq
 yPRi6P8AJdVWS2n+KdQ1j5dLo19DngkUAmepIR+oiNvgIFKqDAvIB5y30d3guGdP
 7zCS7IEOOMLQvBiq99DU2Q
 -> ssh-ed25519 /vwQcQ GWEth3AXh2blSPzXzyqaHdRlA+Qmopvdk9DfL69PVlk
 sVq7EbVmJ0SnYLueCHB5zOr/aR9QurTqtMIXGdL22cY
 -> ssh-ed25519 0R97PA gZLoe8C+FTOXM0i4VWBwBSNSxZhfxG6U3pakRBDwZ0k
 LKxzJofqUfdY1swAbRNcOcWfZJ1lbp7S20y+dfjKvUU
 -> ssh-ed25519 cvTB5g GbEB6Z/6A/ntU8truri+tshuy5tqYSSo5SF0Brt0VgI
 DOkGd68tE85ajEBmKUx9HXiKLjCdUf/tKME6+Ems/RA
 -> ssh-ed25519 Wu8JLQ tOF/Dc72uMnmQy4rNjPoRzVhQEuwiYLrmmdCsmJ5wEk
 RS5erkX1HIvTDw6g8qrOtZy1zpCphnGw/bqT4F0Q6/8
 -> ssh-ed25519 EIt1vA tSBgk0ljTD1pLRsw7axRh2zl+vIMISjrw7zrr01TBB0
 hb3kb12kRHCxMeBlxjg6tJpgQpHzJkovH5ncuM4MzNA
 -> ssh-ed25519 X51wxg Gy0QJbua5ZoNYDnuQXlPVFxQvm7SSOMUR0uDRI719gk
 VEYU1qazlM62F2xsXIFhIAEL4ssWW8o2/e07NguMp88
 --- VwkrST6cm5HpWtRWBM4tkk14C/NwtxpBbXHVj6ouyxk
 (`WÊ;+u'oÓj	Ý<>—õ{ïMÄP0ž‡›DèÈ™J}Å<>¯»È{ìætˆ°ïj`ÂK:×¸ŠI;™çA2ÿCÕ+ ö\Nú
--- a/machines/hackens-org/secrets/ragbJWT.age
+++ b/machines/hackens-org/secrets/ragbJWT.age
--- a/machines/hackens-org/secrets/secrets.nix
+++ b/machines/hackens-org/secrets/secrets.nix
@ -0,0 +1,32 @@
 let
  lib = (import <nixpkgs> { }).lib;
  readpubkeys =
    user:
    builtins.filter (k: k != "") (
      lib.splitString "\n" (builtins.readFile (../../../pubkeys + "/${user}.keys"))
    );
  keys = 
    (readpubkeys "sinavir")
    ++ (readpubkeys "hackens-host")
    ++ (readpubkeys "catvayor")
    ++ (readpubkeys "raito")
    ++ (readpubkeys "gdd")
    ++ (readpubkeys "backslash");
 in
 {
  "matterbridge-env.age".publicKeys = keys;
  "snipeit.age".publicKeys =
    keys;
  "ragbJWT.age".publicKeys =
    keys;
  "ragb.age".publicKeys =
    keys;
  "django.age".publicKeys =
    keys;
  "django-gestiohackens.age".publicKeys =
    keys;
  "wg-key.age".publicKeys =
    keys;
  "prometheus-webconf".publicKeys =
    keys;
 }
--- a/machines/hackens-org/secrets/snipeit.age
+++ b/machines/hackens-org/secrets/snipeit.age
@ -0,0 +1,30 @@
 age-encryption.org/v1
 -> ssh-ed25519 JGx7Ng XPTwmcI9Xyu3ulX68UgyFhORwDsbTAvcaTDhGKzcAFs
 EkDJhGqFqtW4VMIKN9SMU3MrwIf+3Y50Ku0ToKf/wJI
 -> ssh-ed25519 kXobKQ /Z+Qh1kUFI+X97VsebUHv51+XyJT2fZWsDF0TFdl0A0
 8W13NrPTb1aoDYA5M7Xej5R/DJ2YLyngx/UzIAIVnXU
 -> ssh-ed25519 7hZk0g xRggNYJuJGAR4uSeZeoZI7tNqorkc1BDEO+Jz6saKH4
 xYKIqp/E0GQ1t5VhOWBpCi8WgLSDDZuKbOg6l7Htjuk
 -> ssh-ed25519 5rrg4g hW1VZuxL+eCGeUJDhDXg3L9h1KMp/OTpTvj2bOPIwnU
 s3Fvjx/jFCPa6dG5RgJseJPYf4LcojDSq4mtbEza+sc
 -> ssh-rsa krWCLQ
 AwxiOyNOxRKOA3B6sbnFm97UABVXnuXdddHhl0Qk0jGdJtK/Gg3IQ3RAUPdW46e4
 S3LsQ+REqcA33h3DUhh6Yaz3agAvNtqFfp3h3Wy1+tVsIKQx9T6rEg7XcyWlQGg6
 /sLkLMKg2kcMxTZFjGlYfoRMu/yMD3I+M/3DMZiccSYTa+Z+cJ13ERDmhLVh5X+j
 R/v3JMM0vupwjxWnVdMJNAz2dLNawWTFIBN1IVAgYPyaVrL99H65CPLUAeN2CVx6
 I8bEOJ15tk5q8yzX8DwTfJnXYBP+FyN8WVS0v5WfxSvB/ME6VtjeuZRd2h/nPpbc
 FKZgZZt94GDjZLl+zHff5w
 -> ssh-ed25519 /vwQcQ ct0vQfUsUO8gg2kU41lVDB2acgxuT8hCKWHZwymkFzM
 Eu3YaXAVUoF6q2xhk4B77mCTYCqL87rbqZeFNBtYrWA
 -> ssh-ed25519 0R97PA xwM4ukaEfI0B93YHSU9f77F6VvnZZctR03regzrDDF4
 uoL8wz3iqzB5dnS8z+wRIAu5CmHM8yjnJFduoDtjlAM
 -> ssh-ed25519 cvTB5g czmtpirWtnbAjcJEOkLSc2Sfr4SXmtE+e7pS+AE86Co
 s20XHgWekxWvP4nypSUZ0YgKWyDobm/3lNA4REUvUGQ
 -> ssh-ed25519 Wu8JLQ l4hH8MAJesz5jXzSDf8SDCXNcp8jWJnq0SRYyCCPNB0
 Y4XOuoxWXGDnrdhu7aCf8sJNYN/loaKc1bx81KaDAFc
 -> ssh-ed25519 EIt1vA eMUqUckKwH5ubKSY8swqT3jfUi9loZKerl9WljV8Hxo
 AJL3yBcCaitwOYHL74dymm1cngBf47Yq2jiGJoxeC0g
 -> ssh-ed25519 X51wxg I8aIi5liVlYQointFhCCIj5OiRrjhyxWOJdu7JAg3x8
 rqPx/8e8e2nNiRwzH61HXA++a5HTyRjMU46c1Tm97yk
 --- t53Ft5ztsJLbK0jJZ7uolsbf+NZij6A++98DeqroOro
 ºåjKËïŽ¨}§Ú³Ý9QÅ¸<ïm#ž>EÔ—9’+)Äí‚_³äaTaÔiSRÌµ}½ RoP=Õëž-Æ<JœÈ”66Æ+<2B>
--- a/machines/hackens-org/secrets/wg-key.age
+++ b/machines/hackens-org/secrets/wg-key.age
@ -0,0 +1,30 @@
 age-encryption.org/v1
 -> ssh-ed25519 JGx7Ng HCBkB8gfYUDnWwaPlGquE39fnEBvm0cEVxL8Vuh/f2Y
 yJapxn2cVn0QjEnpGUq+gfdf+V8f5Mji2JhqPUH13WI
 -> ssh-ed25519 kXobKQ 9flhpuGn/MgqRlT4AlphvNRf9ktnuyFvyQrK7eeKbXE
 hHpPk2m4XWKgbwNv16Vzh8uJkpk0kwN1WqC4G4rGL5E
 -> ssh-ed25519 7hZk0g /DQi1BAovPKmel2zgchEhZkxr9v8ZxVXe6SRuX/yjxg
 KALPbUNK6YGvSiNfgQGSdZriJokpHUmO/vVtW9Sfm+I
 -> ssh-ed25519 5rrg4g NqFtTNIaoTYEhq7SzFCVD+t2AZ03ANe+kqhDQHmd7zA
 NDYBZIdGLItcHPmYRHZ1DZ5vhlR1Qt0PPtDqRxfo9hg
 -> ssh-rsa krWCLQ
 tylZdWKOsro4O2g5Oa34ALB3hDmb5krinvk7sXBKQWj+QaRA/J6geAUq7pHGM+zs
 MehzMsdJX4tklCUE8ECh5clwdfnTl57m+V9jdD88CAgscyFsMHdX2BEIjzGN3kB1
 jYzDO7sLoOx6k8eiQaPFtxkT/tYPI9vpdyyyxKS5thowmQ99NSZQUHaMTqmC36H3
 sCr1uyFPrKTEoCZe9Klsdz2KxaPPd7oOo7J5VU4SeiosPfNFhO9kDQ5xRn3SDClD
 PMUFhjRxmWjNY4aQqUxi9lJWK35pb87mZNdaPZXH18mbraTIuI08B3KTrR5112PW
 oDTckZo3szhzR2JJ0cTG6Q
 -> ssh-ed25519 /vwQcQ b9mdEG1+JMJxDBp6b0wU/JGM4Mldh7w7jf4pghb+ejw
 1GfaMyOkfHD/I/OvHNjd1kzdT1vWnbR1fAP4za++c5g
 -> ssh-ed25519 0R97PA 0DdkxpjsoA6ERi43skpS7/lyttMlJu5BcNFSAF3+g34
 tz3fM0C+zT6enFgiqbKwiBWLTdOS2xKLZQOngRpf5q4
 -> ssh-ed25519 cvTB5g aL+EY/DYolrhoaKHPpAvPr3rNO3vThV+uqX9m39jEG4
 cnFq0cgCWac07x+6Fu+M9os6wxPxfoHcSJ+8ispYkPk
 -> ssh-ed25519 Wu8JLQ wwQGruBxZ8tUHGw08B7ezoPj1ddPlWmemmm8aI6EIRE
 0WUod40m3tVP+mTx2B9b/4AoT1kcXAeNVMnj8BLFRuM
 -> ssh-ed25519 EIt1vA zYOPPPZgk4NIUyInXyoapCRkg/dshOuRPnKuwJyM7lM
 Jn8J2sQn1qrtH4OANx73OYsBChGUB2fuWaB38pEhbm8
 -> ssh-ed25519 X51wxg 9ofVG6z1+KwMkk97WViCDfnAXTNgFzQYBBsEYhBP1yw
 wwWlCbJ2xOWR9FZw+apjn11MQqKSeyHsRJYvFEV+0VU
 --- QU5Ewm2faKYtF6HK7hagXVPSjzqjQbaZ6/wPJ61eDCI
 fÞ<EFBFBD>ž×ÝnšÓ£*¨…¯;©uï~õls0Ô¤¾íM5fÎjhâå‘§iž¤Ÿ£ŒÈ6«í%ôH»cv`®$©˜ùYÑ0WW¢
--- a/machines/hackens-org/snipe-it.nix
+++ b/machines/hackens-org/snipe-it.nix
@ -0,0 +1,22 @@
 { config, ... }:
 {
  services.snipe-it = {
    enable = true;
    appKeyFile = config.age.secrets."snipeit".path;
    config = {
      APP_LOCALE = "fr-FR";
      APP_TIMEZONE = "Europe/Paris";
    };
    database = {
      createLocally = true;
      user = "snipeit";
    };
    user = "snipeit";
    group = "snipeit";
    hostName = "inventaire.hackens.org";
    nginx = {
      enableACME = true;
      forceSSL = true;
    };
  };
 }
--- a/machines/hackens-org/static-sites.nix
+++ b/machines/hackens-org/static-sites.nix
@ -0,0 +1,31 @@
 { pkgs, lib, ... }:
 let
  sites = [
    "/2048"
    "/prez"
    "/known"
    "/pub"
  ];
 in
 {
  services.nginx.enable = true;
  services.nginx.virtualHosts = {
    "hackens.org" = {
      forceSSL = true;
      enableACME = true;
      locations = lib.genAttrs sites (name: {
        root = "/var/www";
        extraConfig = ''
          autoindex on;
          charset utf-8;
        '';
      });
    };
  };
  networking.firewall.allowedTCPPorts = [
    80
    443
  ];
 }
--- a/machines/hackens-org/thelounge.nix
+++ b/machines/hackens-org/thelounge.nix
@ -0,0 +1,40 @@
 {
  pkgs,
  lib,
  config,
  ...
 }: {
  services.thelounge = {
    enable = true;
    port = 9000;
    extraConfig = {
      reverseProxy = true;
      host = "127.0.0.1";
      public = false;
      prefetch = true;
      fileUpload = {
        enable = true;
      };
      defaults= {
        name= "ulminfo";
        host= "ulminfo.fr";
        port= 3725;
        password= "";
        tls= true;
        rejectUnauthorized= true;
        join= "#hackens";
      };
    };
  };
  services.nginx.enable = true;
  services.nginx.virtualHosts."irc.hackens.org" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://localhost:9000";
      proxyWebsockets = true;
    };
  };
  networking.firewall.allowedTCPPorts = [80 443];
 }
--- a/machines/hackens-org/webpass.nix
+++ b/machines/hackens-org/webpass.nix
@ -8,19 +8,20 @@
  services.vaultwarden = {
    enable = true;
    config = {
-      DOMAIN = "https://pass.new.hackens.org";
+      DOMAIN = "https://pass.hackens.org";
      WEBSOCKET_ENABLED = true;
      WEBSOCKET_PORT = 10500;
      SIGNUPS_DOMAINS_WHITELIST = "ens.fr,ens.psl.eu";
      ROCKET_PORT = 10501;
      ROCKET_ADDRESS = "127.0.0.1";
-      LOG_FILE = "/var/log/vaultwarden";
+      LOG_FILE = "/var/lib/bitwarden_rs/logfile";
      SIGNUPS_VERIFY = true;
    };
    environmentFile = "/etc/secrets/vaultwarden.env";
  };
-  services.nginx.virtualHosts."pass.new.hackens.org" = {
+  services.nginx.enable = true;
  services.nginx.virtualHosts."pass.hackens.org" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
@ -36,4 +37,8 @@
      proxyWebsockets = true;
    };
  };
  networking.firewall.allowedTCPPorts = [
    80
    443
  ];
 }
--- a/machines/hackens-org/wireguard.nix
+++ b/machines/hackens-org/wireguard.nix
@ -0,0 +1,94 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  networking.firewall.trustedInterfaces = [ "wg0" ];
  systemd.network = {
    enable = true;
    networks = {
      "50-wg0" = {
        name = "wg0";
        address = [
          "10.10.10.1/24"
        ];
        networkConfig = {
          IPv4Forwarding = true;
        };
        routes = [
          {
            Destination = "10.10.10.0/24";
            Scope = "link";
          }
        ];
      };
    };
    netdevs = {
      "50-wg0" = {
        netdevConfig = {
          Name = "wg0";
          Kind = "wireguard";
        };
        wireguardConfig = {
          ListenPort = 1194;
          PrivateKeyFile = config.age.secrets."wg-key".path;
        };
        wireguardPeers = [
          {
            # hackens-desktop
            AllowedIPs = [
              "10.10.10.3/32"
            ];
            PublicKey = "h4Nf+e4JIjqOMuM5JtLN298BF/fym9fWKGtRZmS5MVA=";
          }
          {
            # hackens-milieu
            AllowedIPs = [
              "10.10.10.4/32"
            ];
            PublicKey = lib.trim (builtins.readFile ../../wg-keys/hackens-milieu.pub);
          }
          {
            # agb01
            AllowedIPs = [
              "10.10.10.5/32"
            ];
            PublicKey = lib.trim (builtins.readFile ../../wg-keys/agb01.pub);
          }
          {
            # agb02
            AllowedIPs = [
              "10.10.10.6/32"
            ];
            PublicKey = lib.trim (builtins.readFile ../../wg-keys/agb02.pub);
          }
          {
            # soyouzpanda
            AllowedIPs = [
              "10.10.10.11/32"
            ];
            PublicKey = "/xjWqkiyHY93wqo/Apj5SHP8UaXF4mKQRVwylKC2wy8=";
          }
          {
            # sinavir
            AllowedIPs = [
              "10.10.10.12/32"
            ];
            PublicKey = "kmc3PexCMKm1Tg8WUDbHaOkcWLl8KUh52CtrDOODf0M=";
          }
          {
            # catvayor
            AllowedIPs = [
              "10.10.10.13/32"
            ];
            PublicKey = "zIHvCSzk5a94jvnXU4iscbp9RUGzbWpARDMRgHNtMl4=";
          }
        ];
      };
    };
  };
  networking.firewall.allowedUDPPorts = [ 1194 ];
 }
--- a/machines/rigel/README.md
+++ b/machines/rigel/README.md
@ -0,0 +1,11 @@
 Put pls key in keys.keys
 Put pls mac in networking
 # How to get an sd image
 ```
 DRV_PATH=$(colmena eval -E "{ nodes, ...}: nodes.rigel.config.system.build.sdImage.drvPath")
 nix-store -r $DRV_PATH
 ```
--- a/machines/rigel/_configuration.nix
+++ b/machines/rigel/_configuration.nix
@ -0,0 +1,64 @@
 {
  config,
  lib,
  pkgs,
  modulesPath,
  ...
 }:
 let
  launchpad = pkgs.python3.withPackages (ps: [
    (ps.callPackage ./launchpad.nix { lpminimk3 = ps.callPackage ./lpminimk3.nix { }; })
  ]);
 in
 {
  imports = [
    (modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
    ./bootloader.nix
    ./networking.nix
    ./nix-conf.nix
    ./programs.nix
    ./ssh.nix
    ./users.nix
  ];
  nix.settings.substituters = lib.mkForce [ ];
  networking.hostName = "rigel"; # Define your hostname.
  # Set your time zone.
  time.timeZone = "Europe/Paris";
  environment.systemPackages = [
    launchpad
  ];
  systemd.services.launchpad = {
    wantedBy = [ "multi-user.target" ];
    after = [ "network.target" ];
    path = [
      launchpad
      pkgs.unixtools.ping
    ];
    script = ''
      while ! ping -n -w 1 -c 1 10.1.1.2 &> /dev/null
      do
          echo "waiting eos"
      done
      sleep 0.1
      python -m eos_midi 10.1.1.2
    '';
  };
  environment.shellAliases = {
    r = "systemctl restart launchpad.service";
  };
  fonts.enableDefaultPackages = true;
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "unstable"; # Did you read the comment?
 }
--- a/machines/rigel/bootloader.nix
+++ b/machines/rigel/bootloader.nix
@ -0,0 +1,5 @@
 { pkgs, ... }:
 {
  boot.loader.grub.enable = false;
  boot.loader.generic-extlinux-compatible.enable = true;
 }
--- a/machines/rigel/keys.keys
+++ b/machines/rigel/keys.keys
@ -0,0 +1 @@
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRA2W8T8rnWIn0xnP2LXSmmB92YuQygkLwLK60rpBG+ PLS@DESKTOP-KK74B9P
--- a/machines/rigel/kfet_lauchpad_controller.nix
+++ b/machines/rigel/kfet_lauchpad_controller.nix
@ -0,0 +1,38 @@
 {
  lib,
  buildPythonPackage,
  fetchgit,
  poetry,
  lpminimk3,
  python-osc,
 }:
 buildPythonPackage rec {
  pname = "kfet-launchpad-controller";
  version = "unstable";
  pyproject = true;
  src = fetchgit {
    url = "https://git.soyouzpanda.fr/soyouzpanda/kfet_launchpad_controller.git";
    rev = "58f1086ca7a8a9258da7240987bf26c03182b152";
    hash = "sha256-c21BbRKK1AK6roIjdEg3zfMThyijRTK5Z87DBBBjoL0=";
  };
  nativeBuildInputs = [
    poetry
  ];
  propagatedBuildInputs = [
    lpminimk3
    python-osc
  ];
  pythonImportsCheck = [ "eos_midi" ];
  meta = with lib; {
    description = "";
    homepage = "https://git.soyouzpanda.fr/soyouzpanda/kfet_launchpad_controller.git";
    license = licenses.mit;
    maintainers = with maintainers; [ ];
  };
 }
--- a/machines/rigel/launchpad.nix
+++ b/machines/rigel/launchpad.nix
@ -0,0 +1,40 @@
 {
  lib,
  buildPythonPackage,
  fetchgit,
  poetry-core,
  lpminimk3,
  python-osc,
 }:
 buildPythonPackage rec {
  pname = "kfet-launchpad-controller";
  version = "unstable";
  pyproject = true;
  src = fetchgit {
    url = "https://git.soyouzpanda.fr/soyouzpanda/kfet_launchpad_controller";
    rev = "6d7df83cfd2f558d4837474ea101f98439a4f8c5";
    hash = "sha256-HkaR1+9NxvyRQ3+iP6pq3Wn6QT+qQRFJBvxHNH6qM0k=";
  };
  patches = [ ./launchpad.patch ];
  nativeBuildInputs = [
    poetry-core
  ];
  propagatedBuildInputs = [
    lpminimk3
    python-osc
  ];
  pythonImportsCheck = [ "eos_midi" ];
  meta = with lib; {
    description = "";
    homepage = "https://git.soyouzpanda.fr/soyouzpanda/kfet_launchpad_controller";
    license = licenses.mit;
    maintainers = with maintainers; [ ];
  };
 }
--- a/machines/rigel/launchpad.patch
+++ b/machines/rigel/launchpad.patch
@ -0,0 +1,13 @@
 diff --git a/pyproject.toml b/pyproject.toml
 index dd2e48c..48339c9 100644
 --- a/pyproject.toml
 +++ b/pyproject.toml
@@ -42,7 +42,7 @@ black = "*"
 [build-system]
 -requires = ["poetry>=1.7.1"]
 +requires = ["poetry-core"]
 build-backend = "poetry.core.masonry.api"
 [tool.isort]
--- a/machines/rigel/lpminimk3.nix
+++ b/machines/rigel/lpminimk3.nix
@ -0,0 +1,43 @@
 {
  lib,
  buildPythonPackage,
  fetchFromGitHub,
  setuptools,
  wheel,
  jsonschema,
  python-rtmidi,
  websockets,
 }:
 buildPythonPackage rec {
  pname = "lpminimk3";
  version = "0.6.2";
  pyproject = true;
  src = fetchFromGitHub {
    owner = "obeezzy";
    repo = "lpminimk3";
    rev = "v${version}";
    hash = "sha256-CVjBUKjLOFaIgCpwNIO/PJ55s7nQ0WMRKKqVS3xOI3g=";
  };
  nativeBuildInputs = [
    setuptools
    wheel
  ];
  propagatedBuildInputs = [
    jsonschema
    python-rtmidi
    websockets
  ];
  pythonImportsCheck = [ "lpminimk3" ];
  meta = with lib; {
    description = "Python API for the Launchpad Mini MK3";
    homepage = "https://github.com/obeezzy/lpminimk3";
    license = licenses.mit;
    maintainers = with maintainers; [ ];
  };
 }
--- a/machines/rigel/networking.nix
+++ b/machines/rigel/networking.nix
@ -0,0 +1,47 @@
 {
  config,
  lib,
  pkgs,
  ...
 }:
 {
  networking.useDHCP = false;
  networking.firewall.allowedUDPPorts = [ 67 ];
  systemd.network = {
    enable = true;
    networks = {
      "10-uplink" = {
        name = "end0";
        networkConfig = {
          Address = "10.1.1.1/24";
          DHCPServer = "yes";
          IPMasquerade = "ipv4";
        };
        dhcpServerConfig = {
          PoolOffset = 100;
          PoolSize = 20;
          UplinkInterface = ":none";
          EmitDNS = "no";
          EmitNTP = "no";
          EmitSIP = "no";
          EmitRouter = "no";
        };
        dhcpServerStaticLeases = [
          {
            dhcpServerStaticLeaseConfig = {
              Address = "10.1.1.2";
              MACAddress = "14:b3:1f:06:3c:2e";
            };
          }
        ];
      };
    };
  };
  networking.nameservers = [
    "2620:fe::fe"
    "2620:fe::9"
    "9.9.9.9"
    "149.112.112.112"
  ];
 }
--- a/machines/rigel/nix-conf.nix
+++ b/machines/rigel/nix-conf.nix
@ -0,0 +1,21 @@
 {
  lib,
  pkgs,
  config,
  metadata,
  nodes,
  name,
  ...
 }:
 {
  nix.settings = {
    trusted-users = [
      "root"
      "@wheel"
    ];
    extra-experimental-features = [
      "nix-command"
      "flakes"
    ];
  };
 }
--- a/machines/rigel/programs.nix
+++ b/machines/rigel/programs.nix
@ -0,0 +1,28 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 {
  environment.systemPackages = with pkgs; [
    sqlite-web
    dhcpdump
    dig
    git
    htop
    jq
    nmap
    npins
    ripgrep
    screen
    tcpdump
    unzip
    vim
    wireguard-tools
  ];
  programs.mtr.enable = true;
  programs.vim.defaultEditor = true;
 }
--- a/machines/rigel/ssh.nix
+++ b/machines/rigel/ssh.nix
@ -0,0 +1,5 @@
 { ... }:
 {
  services.openssh.enable = true;
  services.openssh.settings.PasswordAuthentication = true;
 }
--- a/machines/rigel/users.nix
+++ b/machines/rigel/users.nix
@ -0,0 +1,12 @@
 { ... }:
 {
  users.mutableUsers = false;
  users.users.root = {
    openssh.authorizedKeys.keyFiles = [
      ../../pubkeys/sinavir.keys
      ../../pubkeys/soyouzpanda.keys
      ./keys.keys
    ];
    hashedPassword = "$y$j9T$p6Fe9Gm/C4iLIQBYXCjBn.$zLCzaxrsUDd4/2H5eTXqNch.bVJubrpZNOZgAZqbeV/";
  };
 }
--- a/Show more
+++ b/Show more
Author	SHA1	Message	Date
catvayor	4baab56308	feat: add Sel's key everywhere	2024-11-13 17:05:04 +01:00
Sélène Corbineau	8f0980a52c	feat(agb01): add Sel's keys	2024-11-13 13:53:48 +01:00
sinavir	54170c0ee9	feat(ragb): Commit all the hotfixes	2024-11-07 20:58:01 +01:00
catvayor	da09ce104a	feat(pixiecore): use netboot.xyz	2024-10-22 00:46:43 +02:00
catvayor	fecddb1f77	feat(agb02/control-box): auto-reconnect and white_button cycle	2024-10-15 16:53:44 +02:00
catvayor	bcc156c5fc	fix(agb02/control-box): gpio mapping and network wait	2024-10-15 13:35:12 +02:00
catvayor	071cf7741f	feat(agb02/gpio): auto-repeat on joystick	2024-10-14 17:44:22 +02:00
sinavir	6733ec2b77	feat(pkgs/pyjecteur): update	2024-10-13 21:15:02 +02:00
sinavir	3376137ef8	feat(pkgs/ragb): update	2024-10-13 21:15:02 +02:00
catvayor	5f779aef09	fix(agb02): joystick on 0-255	2024-10-13 21:09:25 +02:00
sinavir	5bbc38c6ca	feat(hackens-org): Trust vpn	2024-10-13 19:54:23 +02:00
catvayor	f976bed8c8	feat(agb02): mapping	2024-10-13 19:54:23 +02:00
catvayor	fed5e28372	fix(shell): give sources to overlays	2024-10-13 16:35:26 +02:00
catvayor	8de7773129	feat(agb02): protocol change	2024-10-13 10:42:30 +02:00
catvayor	012e5fb772	feat(agb02): api implementation	2024-10-12 18:44:41 +02:00
sinavir	2d51b7265d	feat(agb01): enable mosh	2024-10-12 17:46:04 +02:00
sinavir	8356e15211	feat(hackens-org): deploy ragb server	2024-10-12 17:45:41 +02:00
catvayor	d5a8c00539	feat(agb02): fix decoder readings	2024-10-12 16:00:59 +02:00
catvayor	af71fc1063	feat(wg-agb02): connecting to wireguard	2024-10-12 15:16:18 +02:00
catvayor	891b02e96d	feat(milieu): add alacritty and tio	2024-10-12 13:53:10 +02:00
catvayor	b4ddf471c8	feat(milieu): add arduino to hacken-milieu <3 salsifi	2024-10-12 09:52:08 +02:00
catvayor	4d997935ad	feat(wg-milieu): connected hackens-milieu to wireguard	2024-10-12 09:45:29 +02:00
catvayor	f43db5224f	feat(agb02): gpio reader sketch	2024-10-12 00:41:04 +02:00
sinavir	81289eb5da	fix(shell): Use agenix overlay	2024-10-11 14:30:27 +02:00
catvayor	706795d38d	feat(shell.nix): init	2024-10-11 13:17:56 +02:00
catvayor	58fe7351c9	feat(agb02): enable hostapd	2024-10-11 12:56:05 +02:00
sinavir	fee3314add	fix(ssh keys): fix secret decryption on agb01	2024-10-10 23:26:56 +02:00
catvayor	dc5a99fee0	feat(hackens-org): add catvayor	2024-10-10 21:04:18 +02:00
catvayor	194bf6a672	feat(agb02): init	2024-10-10 15:58:45 +02:00
sinavir	660ca4a71a	fix(org): Add ip forwarding on vpn	2024-10-10 01:23:50 +02:00
sinavir	113a78a7a0	feat(agb01): init	2024-10-10 01:00:01 +02:00
sinavir	85da820b24	feat(irc): The lounge	2024-10-09 23:32:10 +02:00
sinavir	53e06aa3d6	fix(networking): Predictable interface names	2024-10-09 23:32:00 +02:00
catvayor	89e52b8a74	feat(pixiecore): enable for milieu	2024-10-03 18:07:52 +02:00
catvayor	cfbcf819ee	update not applied on hackens-org	2024-10-01 23:56:15 +02:00
catvayor	defdfbb08d	feat(milieu): add catvayor	2024-10-01 23:55:24 +02:00
catvayor	2b8162ec2a	fix(milieu): build	2024-10-01 23:54:47 +02:00
sinavir	823b5c8206	commit everything	2024-09-24 13:42:57 +02:00
sinavir	0054c74806	org: orga v2	2024-06-11 14:41:57 +02:00
sinavir	1d56410e26	org: patch kfet monitoring	2024-06-09 15:27:25 +02:00
sinavir	22ba6b0237	org: monitor kfet	2024-04-13 23:40:41 +02:00
sinavir	20cd845627	org: deploy monitoring of clock	2024-04-01 15:53:31 +02:00
sinavir	b9e36f0767	milieu: add colmena	2024-04-01 15:53:01 +02:00
sinavir	24ede21b8b	update	2024-03-29 23:50:22 +01:00
sinavir	7b925313c8	milieu: refactor	2024-03-29 23:50:17 +01:00
sinavir	41861a743b	rigel: add readme	2024-03-15 13:14:23 +01:00
sinavir	5be59e32d1	rigel: init (raspi-pls)	2024-03-08 17:04:42 +01:00
sinavir	2766c9dbbf	org: vpn	2024-03-03 12:16:09 +01:00
sinavir	06f82ef82b	add ecoppens	2024-02-20 21:38:36 +01:00
sinavir	cacff10e47	router: remove from main. Dev is know made on dev-router branch	2024-01-23 13:41:45 +01:00
sinavir	fc28547693	router: patch dtbsize in liminix	2024-01-19 19:46:05 +01:00
sinavir	50b22e0dcd	router: add some utils	2024-01-19 19:45:38 +01:00
sinavir	dcde00c428	router: simplify the config for testing We don't even boot so why are we doing complicated stuff	2024-01-19 19:45:01 +01:00
sinavir	19439ea13a	liminix: update	2024-01-19 19:43:23 +01:00
sinavir	d52f45442e	org: deploy ipv6 and vpn	2024-01-12 18:07:38 +01:00
sinavir	dd370bdebb	desktop: clean up	2024-01-12 16:19:31 +01:00
Raito Bezarius	9acf72a648	router: clean up and fix it	2024-01-11 01:25:59 +01:00
sinavir	3354f5b221	org: update	2024-01-08 20:08:55 +01:00
sinavir	e00e55460c	org: add 2222 ssh port	2023-12-20 19:53:39 +01:00
sinavir	db5c4008b8	org: migrate to hackens.org	2023-12-20 19:53:09 +01:00
sinavir	eabf2556bd	hackens-org: use networkd	2023-12-19 13:34:37 +01:00
sinavir	e660c216de	big refactor	2023-12-19 13:27:58 +01:00
hackens server	4d681f5f93	Update hackens-orga	2023-09-27 14:33:26 +02:00
hackens server	ae0ab8a439	Add static sites	2023-07-25 18:59:13 +02:00
hackens server	49ffb15fb3	update orga; add bk spi	2023-04-05 09:36:42 +02:00
hackens server	3851a66193	add_hackens_orga	2023-03-08 00:48:11 +01:00
hackens server	6f28af8576	enable mosh	2023-02-24 14:55:31 +01:00
hackens server	141e1ce8dd	nixpkgs-fmt	2023-02-24 14:43:35 +01:00
hackens server	2693fbf8cb	matterbridge	2023-02-24 14:43:18 +01:00
hackens server	42d63b428a	working wiki	2023-02-24 14:40:14 +01:00
HackENS milieu	ccafd8797a	RYAN commit les changements de la config bordel	2023-02-06 18:20:02 +01:00
HackENS milieu	7a5d85ec79	milieu: add ungoogled-chromium, move to kernel 6, update raito.keys	2023-01-31 22:48:10 +01:00
HackENS milieu	733f868d0c	programs: add fd, flush sinavir work	2023-01-17 20:55:22 +01:00
HackENS milieu	a9f9bd0cc5	gros menage chez hackens milieu	2023-01-15 18:34:00 +01:00
sinavir	2aadb17158	oauth for wiki	2023-01-14 19:14:54 +01:00
hackens server	bbcadab707	better conf for wiki	2023-01-14 15:45:32 +01:00
hackens server	b6e90593a1	fix wrong wiki plugin version	2023-01-13 13:47:35 +01:00
sinavir	75fd47230d	wiki	2023-01-13 13:27:38 +01:00
hackens server	648ab4aea8	nixfmt	2023-01-12 18:40:38 +01:00
hackens server	f7337345f4	bugfix	2023-01-12 18:39:33 +01:00
sinavir	0ac470c493	~	2023-01-12 18:11:50 +01:00
sinavir	dd8ec6c18e	refactorisation continuing	2022-08-31 03:30:59 +02:00
sinavir	1c5790c0f7	renaming	2022-08-08 13:20:43 +02:00
HackENS milieu	2029a5ccb2	gitignore	2022-07-30 08:45:54 +02:00
HackENS milieu	7613a24981	milieu update	2022-07-30 08:44:32 +02:00
hackens server	936f613834	age	2022-06-11 21:12:42 +02:00
hackens server	9680562642	age; refactor (un peu) wiki; misc	2022-06-09 22:13:12 +02:00
hackens server	87545d9e8b	kaycloak	2022-05-18 21:37:08 +02:00
sinavir	ecfc58fecd	catlist plugin for dokuwiki	2022-05-05 18:02:42 +02:00
hackens server	5d23db8e14	config nginx valide pour grafana	2022-05-05 17:31:18 +02:00
sinavir	3d5b2d9dda	grafana accessible depuis l'extérieur	2022-04-29 15:20:42 +02:00
hackens server	a4a8fed358	monitoring de la poubelle	2022-04-29 15:09:56 +02:00
hackens server	e6e8092613	adduser hbarral	2022-04-29 15:09:13 +02:00
sinavir	353070ef08	graphana	2022-04-26 00:55:00 +02:00
sinavir	a6fc45f870	kfet2mqtt	2022-04-25 10:11:02 +02:00
hackens server	7ab97c1643	ajouter prometheus à configuration.nix; changer l'adresse d'ecoute	2022-04-25 01:26:15 +02:00
sinavir	63ee851b2d	Merge pull request 'prometheus' (#10 ) from prometheus into master Reviewed-on: https://git.rz.ens.wtf/HackENS/hackens-org-configurations/pulls/10	2022-04-25 01:02:21 +02:00
sinavir	ab6a7352a1	prometheus	2022-04-25 00:53:18 +02:00
Maurice Debray	c30492cfde	template module prometheus; package mqtt2prometheus	2022-04-24 12:22:16 +02:00
hackens server	7038f3a5cf	Plugin markdown pour le wiki	2022-04-20 13:00:46 +02:00
hackens server	5eab094b2e	Droits d'ecriture broker mqtt	2022-04-15 00:27:42 +02:00
hackens server	122a2b458a	Ajout du broker mqtt à la config	2022-04-13 17:17:34 +02:00
sinavir	42f69f6fc4	Merge pull request 'mqtt_broker' (#9 ) from mqtt_broker into master Reviewed-on: https://git.rz.ens.wtf/HackENS/hackens-org-configurations/pulls/9	2022-04-13 17:09:57 +02:00
hackens server	dec2dd0ad2	Enlever l'authentification	2022-04-13 17:00:40 +02:00
sinavir	1f72377e61	Merge pull request 'Nouvelle clef pour maurice' (#7 ) from nouvelle_clef_maurice into master Reviewed-on: https://git.rz.ens.wtf/HackENS/hackens-org-configurations/pulls/7	2022-04-13 11:58:41 +02:00
hackens server	44f895d58a	forceSSL for wiki	2022-04-13 01:41:22 +02:00
hackens server	08bcd00451	enlever la variable debug	2022-04-13 01:16:35 +02:00
sinavir	34ab26c22c	Merge pull request 'Wiki qui marche' (#8 ) from sinavir/amélioration_template into master Reviewed-on: https://git.rz.ens.wtf/HackENS/hackens-org-configurations/pulls/8	2022-04-13 01:02:47 +02:00
sinavir	733062750a	Merge branch 'master' into sinavir/amélioration_template	2022-04-13 01:01:43 +02:00
hackens server	b914f3a119	Fix acme email for pass-store	2022-04-13 00:57:44 +02:00
sinavir	bb99bc313d	MQTT Brocker	2022-04-10 17:56:04 +02:00
sinavir	a343de6dfa	debug=false	2022-04-06 14:27:57 +02:00
sinavir	a41f9a5873	Custom module	2022-04-06 14:23:43 +02:00
sinavir	1213ddaccd	nouvelle clef pour maurice	2022-04-06 12:29:03 +02:00
Maurice Debray	b75803557d	ACME, refactorisation	2022-03-31 11:36:08 +02:00
Maurice Debray	deffeb3ef5	Essai de fix le template mais tjrs cassé	2022-03-28 16:49:30 +02:00
Maurice Debray	0d171f8026	ajout php-xml pour le template	2022-03-17 00:05:23 +01:00
Maurice Debray	7dd00fe792	Ajout du logo d'hackens	2022-03-16 23:45:00 +01:00
Maurice Debray	4877158066	logo et version récente du template	2022-03-13 12:08:33 +01:00
		`@ -0,0 +1 @@`
							`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRA2W8T8rnWIn0xnP2LXSmmB92YuQygkLwLK60rpBG+ PLS@DESKTOP-KK74B9P`