forked from DGNum/infrastructure
Compare commits
1 commit
main
...
systemd_no
Author | SHA1 | Date | |
---|---|---|---|
|
e06472d2a4 |
158 changed files with 1725 additions and 9135 deletions
|
@ -1,8 +1,5 @@
|
||||||
name: Check meta
|
name: Check meta
|
||||||
on:
|
on:
|
||||||
pull_request:
|
|
||||||
branches:
|
|
||||||
- main
|
|
||||||
push:
|
push:
|
||||||
paths:
|
paths:
|
||||||
- 'meta/*'
|
- 'meta/*'
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
name: ds-fr update
|
name: ds-fr update
|
||||||
on:
|
on:
|
||||||
schedule:
|
schedule:
|
||||||
- cron: "26 18 * * wed"
|
# Run at 8 o'clock every day
|
||||||
|
- cron: "26 18 * * *"
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
npins_update:
|
npins_update:
|
||||||
|
|
|
@ -68,201 +68,3 @@ jobs:
|
||||||
run: |
|
run: |
|
||||||
# Enter the shell
|
# Enter the shell
|
||||||
nix-shell --run 'colmena build --on rescue01'
|
nix-shell --run 'colmena build --on rescue01'
|
||||||
|
|
||||||
build_geo01:
|
|
||||||
runs-on: nix
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
|
|
||||||
- name: Build geo01
|
|
||||||
run: |
|
|
||||||
# Enter the shell
|
|
||||||
nix-shell --run 'colmena build --on geo01'
|
|
||||||
|
|
||||||
build_geo02:
|
|
||||||
runs-on: nix
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
|
|
||||||
- name: Build geo02
|
|
||||||
run: |
|
|
||||||
# Enter the shell
|
|
||||||
nix-shell --run 'colmena build --on geo02'
|
|
||||||
|
|
||||||
build_bridge01:
|
|
||||||
runs-on: nix
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
|
|
||||||
- name: Build bridge01
|
|
||||||
run: |
|
|
||||||
# Enter the shell
|
|
||||||
nix-shell --run 'colmena build --on bridge01'
|
|
||||||
|
|
||||||
push_to_cache_compute01:
|
|
||||||
runs-on: nix
|
|
||||||
needs:
|
|
||||||
- build_compute01
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
|
|
||||||
- name: Push to cache
|
|
||||||
run: nix-shell --run push-to-nix-cache
|
|
||||||
env:
|
|
||||||
STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/"
|
|
||||||
STORE_USER: "admin"
|
|
||||||
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
|
|
||||||
NODES: '[ "compute01" ]'
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always()
|
|
||||||
with:
|
|
||||||
name: outputs_compute01
|
|
||||||
path: uploaded.txt
|
|
||||||
|
|
||||||
push_to_cache_storage01:
|
|
||||||
runs-on: nix
|
|
||||||
needs:
|
|
||||||
- build_storage01
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
|
|
||||||
- name: Push to cache
|
|
||||||
run: nix-shell --run push-to-nix-cache
|
|
||||||
env:
|
|
||||||
STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/"
|
|
||||||
STORE_USER: "admin"
|
|
||||||
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
|
|
||||||
NODES: '[ "storage01" ]'
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always()
|
|
||||||
with:
|
|
||||||
name: outputs_storage01
|
|
||||||
path: uploaded.txt
|
|
||||||
|
|
||||||
push_to_cache_rescue01:
|
|
||||||
runs-on: nix
|
|
||||||
needs:
|
|
||||||
- build_rescue01
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
|
|
||||||
- name: Push to cache
|
|
||||||
run: nix-shell --run push-to-nix-cache
|
|
||||||
env:
|
|
||||||
STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/"
|
|
||||||
STORE_USER: "admin"
|
|
||||||
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
|
|
||||||
NODES: '[ "rescue01" ]'
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always()
|
|
||||||
with:
|
|
||||||
name: outputs_rescue01
|
|
||||||
path: uploaded.txt
|
|
||||||
|
|
||||||
push_to_cache_geo01:
|
|
||||||
runs-on: nix
|
|
||||||
needs:
|
|
||||||
- build_geo01
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
|
|
||||||
- name: Push to cache
|
|
||||||
run: nix-shell --run push-to-nix-cache
|
|
||||||
env:
|
|
||||||
STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/"
|
|
||||||
STORE_USER: "admin"
|
|
||||||
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
|
|
||||||
NODES: '[ "geo01" ]'
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always()
|
|
||||||
with:
|
|
||||||
name: outputs_geo01
|
|
||||||
path: uploaded.txt
|
|
||||||
|
|
||||||
push_to_cache_geo02:
|
|
||||||
runs-on: nix
|
|
||||||
needs:
|
|
||||||
- build_geo02
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
|
|
||||||
- name: Push to cache
|
|
||||||
run: nix-shell --run push-to-nix-cache
|
|
||||||
env:
|
|
||||||
STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/"
|
|
||||||
STORE_USER: "admin"
|
|
||||||
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
|
|
||||||
NODES: '[ "geo02" ]'
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always()
|
|
||||||
with:
|
|
||||||
name: outputs_geo02
|
|
||||||
path: uploaded.txt
|
|
||||||
|
|
||||||
push_to_cache_web01:
|
|
||||||
runs-on: nix
|
|
||||||
needs:
|
|
||||||
- build_web01
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
|
|
||||||
- name: Push to cache
|
|
||||||
run: nix-shell --run push-to-nix-cache
|
|
||||||
env:
|
|
||||||
STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/"
|
|
||||||
STORE_USER: "admin"
|
|
||||||
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
|
|
||||||
NODES: '[ "web01" ]'
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always()
|
|
||||||
with:
|
|
||||||
name: outputs_web01
|
|
||||||
path: uploaded.txt
|
|
||||||
|
|
||||||
push_to_cache_web02:
|
|
||||||
runs-on: nix
|
|
||||||
needs:
|
|
||||||
- build_web02
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
|
|
||||||
- name: Push to cache
|
|
||||||
run: nix-shell --run push-to-nix-cache
|
|
||||||
env:
|
|
||||||
STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/"
|
|
||||||
STORE_USER: "admin"
|
|
||||||
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
|
|
||||||
NODES: '[ "web02" ]'
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always()
|
|
||||||
with:
|
|
||||||
name: outputs_web02
|
|
||||||
path: uploaded.txt
|
|
||||||
|
|
||||||
push_to_cache_bridge01:
|
|
||||||
runs-on: nix
|
|
||||||
needs:
|
|
||||||
- build_bridge01
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
|
|
||||||
- name: Push to cache
|
|
||||||
run: nix-shell --run push-to-nix-cache
|
|
||||||
env:
|
|
||||||
STORE_ENDPOINT: "https://tvix-store.dgnum.eu/infra-signing/"
|
|
||||||
STORE_USER: "admin"
|
|
||||||
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
|
|
||||||
NODES: '[ "bridge01" ]'
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always()
|
|
||||||
with:
|
|
||||||
name: outputs_web02
|
|
||||||
path: uploaded.txt
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
name: lint
|
name: lint
|
||||||
on: [push, pull_request]
|
on: push
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
check:
|
check:
|
||||||
|
@ -8,4 +8,4 @@ jobs:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
|
|
||||||
- name: Run pre-commit on all files
|
- name: Run pre-commit on all files
|
||||||
run: nix-shell --run 'pre-commit run --all-files --hook-stage pre-push --show-diff-on-failure' -A shells.pre-commit ./.
|
run: nix-shell --run 'pre-commit run --all-files --show-diff-on-failure' -A shells.pre-commit ./.
|
||||||
|
|
98
README.md
98
README.md
|
@ -3,102 +3,6 @@
|
||||||
The dgnum infrastructure.
|
The dgnum infrastructure.
|
||||||
|
|
||||||
# Contributing
|
# Contributing
|
||||||
|
Some instruction on how to contribute are available (in french) in [/CONTRIBUTING.md](CONTRIBUTING.md). You're expected to read this document before commiting to the repo.
|
||||||
Some instruction on how to contribute are available (in french) in [/CONTRIBUTE.md](CONTRIBUTE.md).
|
|
||||||
You're expected to read this document before commiting to the repo.
|
|
||||||
|
|
||||||
Some documentation for the development tools are provided in the aforementioned file.
|
Some documentation for the development tools are provided in the aforementioned file.
|
||||||
|
|
||||||
# Adding a new machine
|
|
||||||
|
|
||||||
The first step is to create a minimal viable NixOS host, using tha means necessary.
|
|
||||||
The second step is to find a name for this host, it must be unique from the other hosts.
|
|
||||||
|
|
||||||
> [!TIP]
|
|
||||||
> For the rest of this part, we assume that the host is named `host02`
|
|
||||||
|
|
||||||
## Download the keys
|
|
||||||
|
|
||||||
The public SSH keys of `host02` have to be saved to `keys/machines/host02.keys`, preferably only the `ssh-ed25519` one.
|
|
||||||
|
|
||||||
It can be retreived with :
|
|
||||||
|
|
||||||
```bash
|
|
||||||
ssh-keyscan address.of.host02 2>/dev/null | awk '/ssh-ed25519/ {print $2,$3}'
|
|
||||||
```
|
|
||||||
|
|
||||||
## Initialize the machine folder and configuration
|
|
||||||
|
|
||||||
- Create a folder `host02` under `machines/`
|
|
||||||
- Copy the hardware configuration file generated by `nixos-generate-config` to `machines/host02/_hardware-configuration.nix`
|
|
||||||
- Create a `machines/host02/_configuration.nix` file, it will contain the main configuration options, the basic content of this file should be the following
|
|
||||||
|
|
||||||
```nix
|
|
||||||
{ lib, ... }:
|
|
||||||
|
|
||||||
lib.extra.mkConfig {
|
|
||||||
enabledModules = [
|
|
||||||
# List of modules to enable
|
|
||||||
];
|
|
||||||
|
|
||||||
enabledServices = [
|
|
||||||
# List of services to enable
|
|
||||||
];
|
|
||||||
|
|
||||||
extraConfig = {
|
|
||||||
services.netbird.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
root = ./.;
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
## Fill in the metadata
|
|
||||||
|
|
||||||
### Network configuration
|
|
||||||
|
|
||||||
The network is declared in `meta/network.nix`, the necessary `hostId` value can be generated with :
|
|
||||||
|
|
||||||
```bash
|
|
||||||
head -c4 /dev/urandom | od -A none -t x4 | sed 's/ //'
|
|
||||||
```
|
|
||||||
|
|
||||||
### Other details
|
|
||||||
|
|
||||||
The general metadata is declared in `meta/nodes.nix`, the main values to declare are :
|
|
||||||
|
|
||||||
- `site`, where the node is physically located
|
|
||||||
- `stateVersion`
|
|
||||||
- `nixpkgs`, the nixpkgs version to use
|
|
||||||
|
|
||||||
## Initialize secrets
|
|
||||||
|
|
||||||
Create the directory `secrets` in the configuration folder, and add a `secrets.nix` file containing :
|
|
||||||
|
|
||||||
```nix
|
|
||||||
let
|
|
||||||
lib = import ../../../lib { };
|
|
||||||
in
|
|
||||||
|
|
||||||
lib.setDefault { publicKeys = lib.getNodeKeys "host02"; } [ ]
|
|
||||||
```
|
|
||||||
|
|
||||||
This will be used for future secret management.
|
|
||||||
|
|
||||||
## Update encrypted files
|
|
||||||
|
|
||||||
Both the Arkheon, Netbox and notification modules have secrets that are deployed on all machines. To make those services work correctly, run in `modules/dgn-records`, `modules/dgn-netbox-agent` and `modules/dgn-notify` :
|
|
||||||
|
|
||||||
```bash
|
|
||||||
agenix -r
|
|
||||||
```
|
|
||||||
|
|
||||||
## Commit and create a PR
|
|
||||||
|
|
||||||
Once all of this is done, check that the configuration builds correctly :
|
|
||||||
|
|
||||||
```bash
|
|
||||||
colmena build --on host02
|
|
||||||
```
|
|
||||||
|
|
||||||
Apply it, and create a Pull Request.
|
|
||||||
|
|
66
default.nix
66
default.nix
|
@ -34,36 +34,26 @@
|
||||||
termes.
|
termes.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
{
|
|
||||||
sources ? import ./npins,
|
|
||||||
pkgs ? import sources.nixpkgs { },
|
|
||||||
nix-pkgs ? import sources.nix-pkgs { inherit pkgs; },
|
|
||||||
}:
|
|
||||||
|
|
||||||
let
|
let
|
||||||
git-checks = (import (builtins.storePath sources.git-hooks)).run {
|
sources = import ./npins;
|
||||||
|
pkgs = import sources.nixpkgs { };
|
||||||
|
|
||||||
|
pre-commit-check = (import sources.pre-commit-hooks).run {
|
||||||
src = ./.;
|
src = ./.;
|
||||||
|
|
||||||
hooks = {
|
hooks = {
|
||||||
statix = {
|
# Nix Hooks
|
||||||
|
statix.enable = true;
|
||||||
|
deadnix.enable = true;
|
||||||
|
rfc101 = {
|
||||||
enable = true;
|
enable = true;
|
||||||
stages = [ "pre-push" ];
|
|
||||||
settings.ignore = [
|
name = "RFC-101 formatting";
|
||||||
"lon.nix"
|
entry = "${pkgs.lib.getExe pkgs.nixfmt-rfc-style}";
|
||||||
"**/npins"
|
files = "\\.nix$";
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
deadnix = {
|
|
||||||
enable = true;
|
|
||||||
stages = [ "pre-push" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
nixfmt-rfc-style = {
|
|
||||||
enable = true;
|
|
||||||
stages = [ "pre-push" ];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Misc Hooks
|
||||||
commitizen.enable = true;
|
commitizen.enable = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -80,22 +70,22 @@ in
|
||||||
default = pkgs.mkShell {
|
default = pkgs.mkShell {
|
||||||
name = "dgnum-infra";
|
name = "dgnum-infra";
|
||||||
|
|
||||||
packages = [
|
packages =
|
||||||
(pkgs.nixos-generators.overrideAttrs (_: {
|
(
|
||||||
version = "1.8.0-unstable";
|
with pkgs;
|
||||||
src = builtins.storePath sources.nixos-generators;
|
[
|
||||||
}))
|
npins
|
||||||
pkgs.attic-client
|
nixos-generators
|
||||||
pkgs.npins
|
]
|
||||||
|
++ (builtins.map (p: callPackage p { }) [
|
||||||
(pkgs.callPackage ./lib/colmena { inherit (nix-pkgs) colmena; })
|
(sources.disko + "/package.nix")
|
||||||
(pkgs.callPackage "${sources.agenix}/pkgs/agenix.nix" { })
|
./lib/colmena
|
||||||
(pkgs.callPackage "${sources.lon}/nix/packages/lon.nix" { })
|
])
|
||||||
|
)
|
||||||
] ++ (import ./scripts { inherit pkgs; });
|
++ (import ./scripts { inherit pkgs; });
|
||||||
|
|
||||||
shellHook = ''
|
shellHook = ''
|
||||||
${git-checks.shellHook}
|
${pre-commit-check.shellHook}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
preferLocalBuild = true;
|
preferLocalBuild = true;
|
||||||
|
@ -105,7 +95,7 @@ in
|
||||||
name = "pre-commit-shell";
|
name = "pre-commit-shell";
|
||||||
|
|
||||||
shellHook = ''
|
shellHook = ''
|
||||||
${git-checks.shellHook}
|
${pre-commit-check.shellHook}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
71
hive.nix
71
hive.nix
|
@ -16,99 +16,62 @@ let
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
nixpkgs' = import ./meta/nixpkgs.nix;
|
mkNixpkgs =
|
||||||
# All supported nixpkgs versions, instanciated
|
node:
|
||||||
nixpkgs = lib.mapSingleFuse mkNixpkgs nixpkgs'.supported;
|
patch.mkNixpkgsSrc rec {
|
||||||
|
|
||||||
# Get the configured nixos version for the node,
|
|
||||||
# defaulting to the one defined in meta/nixpkgs
|
|
||||||
version = node: nodes'.${node}.nixpkgs or nixpkgs'.default;
|
|
||||||
|
|
||||||
# Builds a patched version of nixpkgs, only as the source
|
|
||||||
mkNixpkgs' =
|
|
||||||
v:
|
|
||||||
let
|
|
||||||
version = "nixos-${v}";
|
|
||||||
in
|
|
||||||
patch.mkNixpkgsSrc {
|
|
||||||
src = sources.${version};
|
src = sources.${version};
|
||||||
inherit version;
|
version = "nixos-${nodes'.${node}.nixpkgs or (import ./meta/nixpkgs.nix)}";
|
||||||
};
|
};
|
||||||
|
|
||||||
# Instanciates the required nixpkgs version
|
mkNixpkgs' = node: import (mkNixpkgs node) { };
|
||||||
mkNixpkgs = version: import (mkNixpkgs' version) { };
|
|
||||||
|
|
||||||
###
|
###
|
||||||
# Function to create arguments based on the node
|
# Function to create arguments based on the node
|
||||||
#
|
#
|
||||||
mkArgs = node: rec {
|
mkArgs = node: rec {
|
||||||
lib = import sources.nix-lib {
|
lib = import sources.nix-lib {
|
||||||
inherit (nixpkgs.${version node}) lib;
|
inherit (mkNixpkgs' node) lib;
|
||||||
|
|
||||||
keysRoot = ./keys;
|
keysRoot = ./keys;
|
||||||
};
|
};
|
||||||
|
|
||||||
meta = (import ./meta) lib;
|
meta = (import ./meta) lib;
|
||||||
|
|
||||||
nodeMeta = meta.nodes.${node};
|
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
|
# nodes = builtins.attrNames metadata.nodes;
|
||||||
{
|
{
|
||||||
meta = {
|
meta = {
|
||||||
nodeNixpkgs = lib.mapSingleFuse (n: nixpkgs.${version n}) nodes;
|
nodeNixpkgs = lib.mapSingleFuse mkNixpkgs' nodes;
|
||||||
|
|
||||||
specialArgs = {
|
specialArgs = {
|
||||||
inherit nixpkgs sources;
|
inherit sources;
|
||||||
};
|
};
|
||||||
|
|
||||||
nodeSpecialArgs = lib.mapSingleFuse mkArgs nodes;
|
nodeSpecialArgs = lib.mapSingleFuse mkArgs nodes;
|
||||||
};
|
};
|
||||||
|
|
||||||
defaults =
|
defaults =
|
||||||
{
|
{ meta, name, ... }:
|
||||||
pkgs,
|
|
||||||
name,
|
|
||||||
nodeMeta,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
{
|
{
|
||||||
# Import the default modules
|
# Import the default modules
|
||||||
imports = [
|
imports = [ ./modules ];
|
||||||
./modules
|
|
||||||
(import "${sources.lix-module}/module.nix" {
|
|
||||||
lix = pkgs.applyPatches {
|
|
||||||
name = "lix-2.90.patched";
|
|
||||||
src = sources.lix;
|
|
||||||
patches = [ ./patches/00-disable-installChecks-lix.patch ];
|
|
||||||
};
|
|
||||||
})
|
|
||||||
];
|
|
||||||
|
|
||||||
# Include default secrets
|
# Include default secrets
|
||||||
age-secrets.sources = [ ./machines/${name}/secrets ];
|
age-secrets.sources = [ (./machines + "/${name}/secrets") ];
|
||||||
|
|
||||||
# Deployment config is specified in meta.nodes.${node}.deployment
|
# Deployment config is specified in meta.nodes.${node}.deployment
|
||||||
inherit (nodeMeta) deployment;
|
inherit (meta.nodes.${name}) deployment;
|
||||||
|
|
||||||
nix = {
|
# Set NIX_PATH to the patched version of nixpkgs
|
||||||
# Set NIX_PATH to the patched version of nixpkgs
|
nix.nixPath = [ "nixpkgs=${mkNixpkgs name}" ];
|
||||||
nixPath = [ "nixpkgs=${mkNixpkgs' (version name)}" ];
|
nix.optimise.automatic = true;
|
||||||
optimise.automatic = true;
|
|
||||||
|
|
||||||
gc = {
|
|
||||||
automatic = true;
|
|
||||||
dates = "weekly";
|
|
||||||
options = "--delete-older-than 7d";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# Allow unfree packages
|
# Allow unfree packages
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
# Use the stateVersion declared in the metadata
|
# Use the stateVersion declared in the metadata
|
||||||
system = {
|
system = {
|
||||||
inherit (nodeMeta) stateVersion;
|
inherit (meta.nodes.${name}) stateVersion;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
NIXPKGS=$(nix-build --no-out-link nixpkgs.nix)
|
NIXPKGS=$(nix-build nixpkgs.nix)
|
||||||
|
|
||||||
nixos-generate -c configuration.nix -I NIX_PATH="$NIXPKGS" -f install-iso
|
nixos-generate -c configuration.nix -I NIX_PATH="$NIXPKGS" -f install-iso
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
let
|
let
|
||||||
dgn-lib = import ../lib { };
|
dgn-lib = import ../lib { };
|
||||||
|
|
||||||
dgn-members = (import ../meta lib).organization.groups.root;
|
dgn-members = (import ../meta).members.groups.iso;
|
||||||
in
|
in
|
||||||
|
|
||||||
{
|
{
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
let
|
let
|
||||||
version = (import ../meta/nixpkgs.nix).default;
|
inherit (import ../npins) nixpkgs;
|
||||||
nixpkgs = (import ../npins)."nixos-${version}";
|
|
||||||
in
|
in
|
||||||
|
|
||||||
(import nixpkgs { }).srcOnly {
|
(import nixpkgs { }).srcOnly {
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAA16foz+XzwKwyIR4wFgNIAE3Y7AfXyEsUZFVVz8Rie catvayor@katvayor
|
|
|
@ -1 +0,0 @@
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIGmU7yEOCGuGNt4PlQbzd0Cms1RePpo8yEA7Ij/+TdA
|
|
|
@ -1 +0,0 @@
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP5bS3iBXz8wycBnTvI5Qi79WLu0h4IVv/EOdKYbP5y7
|
|
|
@ -1 +1 @@
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID+QDE+GgZs6zONHvzRW15BzGJNW69k2BFZgB/Zh/tLX
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE020zqMJTlJ73czVxWVNmRof6il+N9dS4Knm43bJSpm
|
||||||
|
|
|
@ -1,20 +0,0 @@
|
||||||
{ lib, pkgs, ... }:
|
|
||||||
|
|
||||||
lib.extra.mkConfig {
|
|
||||||
enabledModules = [
|
|
||||||
# List of modules to enable
|
|
||||||
];
|
|
||||||
|
|
||||||
enabledServices = [
|
|
||||||
# List of services to enable
|
|
||||||
"network"
|
|
||||||
];
|
|
||||||
|
|
||||||
extraConfig = {
|
|
||||||
services.netbird.enable = true;
|
|
||||||
|
|
||||||
environment.systemPackages = [ pkgs.bcachefs-tools ];
|
|
||||||
};
|
|
||||||
|
|
||||||
root = ./.;
|
|
||||||
}
|
|
|
@ -1,53 +0,0 @@
|
||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
|
||||||
# and may be overwritten by future invocations. Please make changes
|
|
||||||
# to /etc/nixos/configuration.nix instead.
|
|
||||||
{ modulesPath, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
|
||||||
|
|
||||||
boot = {
|
|
||||||
initrd = {
|
|
||||||
availableKernelModules = [
|
|
||||||
"xhci_pci"
|
|
||||||
"ehci_pci"
|
|
||||||
"ahci"
|
|
||||||
"sd_mod"
|
|
||||||
"sr_mod"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
kernelModules = [ "kvm-intel" ];
|
|
||||||
kernelPackages = pkgs.linuxPackages_latest;
|
|
||||||
|
|
||||||
supportedFilesystems.bcachefs = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems = {
|
|
||||||
"/" = {
|
|
||||||
device = "UUID=3da58b64-a2fd-428d-bde8-3a185e2f73fd";
|
|
||||||
fsType = "bcachefs";
|
|
||||||
options = [ "compression=zstd" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
"/boot" = {
|
|
||||||
device = "/dev/disk/by-uuid/4D0A-AF11";
|
|
||||||
fsType = "vfat";
|
|
||||||
options = [
|
|
||||||
"fmask=0022"
|
|
||||||
"dmask=0022"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
|
||||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
|
||||||
# still possible to use this option, but it's recommended to use it in conjunction
|
|
||||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
|
||||||
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
|
|
||||||
# networking.interfaces.vlan-admin.useDHCP = lib.mkDefault true;
|
|
||||||
# networking.interfaces.vlan-uplink-oob.useDHCP = lib.mkDefault true;
|
|
||||||
|
|
||||||
nixpkgs.hostPlatform = "x86_64-linux";
|
|
||||||
hardware.cpu.intel.updateMicrocode = true;
|
|
||||||
}
|
|
|
@ -1,79 +0,0 @@
|
||||||
_:
|
|
||||||
|
|
||||||
{
|
|
||||||
networking = {
|
|
||||||
useNetworkd = true;
|
|
||||||
useDHCP = false;
|
|
||||||
|
|
||||||
nftables.enable = true;
|
|
||||||
firewall.allowedUDPPorts = [ 67 ];
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.network = {
|
|
||||||
networks = {
|
|
||||||
"10-eno1" = {
|
|
||||||
name = "eno1";
|
|
||||||
networkConfig = {
|
|
||||||
VLAN = [
|
|
||||||
"vlan-admin"
|
|
||||||
"vlan-uplink-oob"
|
|
||||||
];
|
|
||||||
|
|
||||||
LinkLocalAddressing = false;
|
|
||||||
LLDP = false;
|
|
||||||
EmitLLDP = false;
|
|
||||||
IPv6AcceptRA = false;
|
|
||||||
IPv6SendRA = false;
|
|
||||||
};
|
|
||||||
# address = [ "192.168.222.1/24" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
"10-vlan-admin" = {
|
|
||||||
name = "vlan-admin";
|
|
||||||
# DHCP for the BMC
|
|
||||||
networkConfig.DHCPServer = "yes";
|
|
||||||
|
|
||||||
dhcpServerConfig = {
|
|
||||||
PoolOffset = 128;
|
|
||||||
EmitDNS = false;
|
|
||||||
EmitNTP = false;
|
|
||||||
EmitSIP = false;
|
|
||||||
EmitPOP3 = false;
|
|
||||||
EmitSMTP = false;
|
|
||||||
EmitLPR = false;
|
|
||||||
UplinkInterface = ":none";
|
|
||||||
};
|
|
||||||
|
|
||||||
address = [
|
|
||||||
"fd26:baf9:d250:8000::ffff/64"
|
|
||||||
"192.168.222.1/24"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
"10-vlan-uplink-oob" = {
|
|
||||||
name = "vlan-uplink-oob";
|
|
||||||
networkConfig.DHCP = "ipv4";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
netdevs = {
|
|
||||||
"10-vlan-admin" = {
|
|
||||||
netdevConfig = {
|
|
||||||
Name = "vlan-admin";
|
|
||||||
Kind = "vlan";
|
|
||||||
};
|
|
||||||
|
|
||||||
vlanConfig.Id = 3000;
|
|
||||||
};
|
|
||||||
|
|
||||||
"10-vlan-uplink-oob" = {
|
|
||||||
netdevConfig = {
|
|
||||||
Name = "vlan-uplink-oob";
|
|
||||||
Kind = "vlan";
|
|
||||||
};
|
|
||||||
|
|
||||||
vlanConfig.Id = 500;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,5 +0,0 @@
|
||||||
let
|
|
||||||
lib = import ../../../lib { };
|
|
||||||
in
|
|
||||||
|
|
||||||
lib.setDefault { publicKeys = lib.getNodeKeys "bridge01"; } [ ]
|
|
|
@ -4,33 +4,36 @@ lib.extra.mkConfig {
|
||||||
enabledModules = [
|
enabledModules = [
|
||||||
# List of modules to enable
|
# List of modules to enable
|
||||||
"dgn-backups"
|
"dgn-backups"
|
||||||
|
"dgn-fail2ban"
|
||||||
"dgn-web"
|
"dgn-web"
|
||||||
];
|
];
|
||||||
|
|
||||||
enabledServices = [
|
enabledServices = [
|
||||||
# List of services to enable
|
# List of services to enable
|
||||||
"arkheon"
|
"arkheon"
|
||||||
"signal-irc-bridge"
|
|
||||||
"ds-fr"
|
"ds-fr"
|
||||||
"grafana"
|
"grafana"
|
||||||
"hedgedoc"
|
"hedgedoc"
|
||||||
|
"k-radius"
|
||||||
"kanidm"
|
"kanidm"
|
||||||
"librenms"
|
"librenms"
|
||||||
"mastodon"
|
"mastodon"
|
||||||
"nextcloud"
|
"nextcloud"
|
||||||
"outline"
|
"outline"
|
||||||
"plausible"
|
|
||||||
"postgresql"
|
|
||||||
"rstudio-server"
|
"rstudio-server"
|
||||||
"satosa"
|
"satosa"
|
||||||
"signald"
|
|
||||||
"stirling-pdf"
|
|
||||||
"telegraf"
|
"telegraf"
|
||||||
"vaultwarden"
|
"vaultwarden"
|
||||||
"zammad"
|
"zammad"
|
||||||
|
"signald"
|
||||||
];
|
];
|
||||||
|
|
||||||
extraConfig = {
|
extraConfig = {
|
||||||
|
dgn-fail2ban.jails = lib.extra.enableAttrs' "enabled" [
|
||||||
|
"sshd-bruteforce"
|
||||||
|
"sshd-timeout"
|
||||||
|
];
|
||||||
|
|
||||||
dgn-hardware.useZfs = true;
|
dgn-hardware.useZfs = true;
|
||||||
|
|
||||||
services.netbird.enable = true;
|
services.netbird.enable = true;
|
||||||
|
|
|
@ -3,7 +3,9 @@
|
||||||
stdenv,
|
stdenv,
|
||||||
fetchFromGitHub,
|
fetchFromGitHub,
|
||||||
git,
|
git,
|
||||||
bun,
|
fetchYarnDeps,
|
||||||
|
yarn,
|
||||||
|
fixup_yarn_lock,
|
||||||
nodejs,
|
nodejs,
|
||||||
ruby_3_2,
|
ruby_3_2,
|
||||||
bundlerEnv,
|
bundlerEnv,
|
||||||
|
@ -16,7 +18,7 @@ let
|
||||||
inherit (lib) getExe;
|
inherit (lib) getExe;
|
||||||
|
|
||||||
# Head of the DGNum repo
|
# Head of the DGNum repo
|
||||||
dgn-id = "f270f1cdd09e643a9c666c94df1841234430de49";
|
dgn-id = "12e4a32ca5d909a90ca6f7e53081cc6b6b14c416";
|
||||||
|
|
||||||
pname = "ds-fr";
|
pname = "ds-fr";
|
||||||
meta = import ./meta.nix;
|
meta = import ./meta.nix;
|
||||||
|
@ -48,46 +50,20 @@ let
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
node_modules = stdenv.mkDerivation {
|
|
||||||
pname = "${pname}-node_modules";
|
|
||||||
inherit src version;
|
|
||||||
|
|
||||||
impureEnvVars = lib.fetchers.proxyImpureEnvVars ++ [
|
|
||||||
"GIT_PROXY_COMMAND"
|
|
||||||
"SOCKS_SERVER"
|
|
||||||
];
|
|
||||||
|
|
||||||
nativeBuildInputs = [ bun ];
|
|
||||||
|
|
||||||
dontConfigure = true;
|
|
||||||
|
|
||||||
buildPhase = ''
|
|
||||||
bun install --no-progress --frozen-lockfile --ignore-scripts
|
|
||||||
rm -r node_modules/.cache
|
|
||||||
|
|
||||||
# Remove inconsistent file
|
|
||||||
rm node_modules/.bin/grunt
|
|
||||||
'';
|
|
||||||
|
|
||||||
installPhase = ''
|
|
||||||
mv node_modules $out
|
|
||||||
'';
|
|
||||||
|
|
||||||
dontFixup = true;
|
|
||||||
|
|
||||||
outputHash = meta.deps-hash or lib.fakeHash;
|
|
||||||
outputHashAlgo = "sha256";
|
|
||||||
outputHashMode = "recursive";
|
|
||||||
};
|
|
||||||
|
|
||||||
dsModules = stdenv.mkDerivation {
|
dsModules = stdenv.mkDerivation {
|
||||||
pname = "${pname}-modules";
|
pname = "${pname}-modules";
|
||||||
inherit src version;
|
inherit src version;
|
||||||
|
|
||||||
|
offlineCache = fetchYarnDeps {
|
||||||
|
yarnLock = "${src}/yarn.lock";
|
||||||
|
hash = meta.deps-hash;
|
||||||
|
};
|
||||||
|
|
||||||
buildInputs = [ rubyEnv ];
|
buildInputs = [ rubyEnv ];
|
||||||
nativeBuildInputs = [
|
nativeBuildInputs = [
|
||||||
bun
|
fixup_yarn_lock
|
||||||
nodejs
|
nodejs
|
||||||
|
yarn
|
||||||
rubyEnv.wrappedRuby
|
rubyEnv.wrappedRuby
|
||||||
];
|
];
|
||||||
|
|
||||||
|
@ -108,13 +84,18 @@ let
|
||||||
APP_HOST = "precompile_placeholder";
|
APP_HOST = "precompile_placeholder";
|
||||||
|
|
||||||
buildPhase = ''
|
buildPhase = ''
|
||||||
cp -R ${node_modules} node_modules
|
export HOME=$(mktemp -d)
|
||||||
chmod u+w -R node_modules
|
yarn config --offline set yarn-offline-mirror $offlineCache
|
||||||
|
fixup_yarn_lock yarn.lock
|
||||||
|
yarn install --offline --frozen-lockfile --ignore-platform --ignore-scripts --no-progress --non-interactive
|
||||||
|
|
||||||
patchShebangs node_modules
|
patchShebangs node_modules/
|
||||||
patchShebangs bin/
|
patchShebangs bin/
|
||||||
|
|
||||||
bin/rake assets:precompile
|
bin/rake assets:precompile
|
||||||
|
|
||||||
|
yarn cache clean --offline
|
||||||
|
rm -rf node_modules/
|
||||||
'';
|
'';
|
||||||
|
|
||||||
installPhase = ''
|
installPhase = ''
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
{
|
{
|
||||||
version = "2024-04-24-01";
|
version = "2024-03-26-01";
|
||||||
src-hash = "sha256-+FjthJZb1KqqFttFmXr/FN5qaFcY9RGTKAqhdLGVFSg=";
|
src-hash = "sha256-JLwbeCGZNFxzZnh6bcheNUkrg/51UG4IM9pln+ridSs=";
|
||||||
deps-hash = "sha256-Vj8WCB+LSHJM67qbsZ5CPc+jK1KWO1MXnSFp/LH0Ow8=";
|
deps-hash = "sha256-ZtZ1iqKHWGPR5+BDOtOvrpgdndfP5IiqrLkju96YAM4=";
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,7 +10,6 @@ gem 'active_storage_validations'
|
||||||
gem 'addressable'
|
gem 'addressable'
|
||||||
gem 'administrate'
|
gem 'administrate'
|
||||||
gem 'administrate-field-enum' # Allow using Field::Enum in administrate
|
gem 'administrate-field-enum' # Allow using Field::Enum in administrate
|
||||||
gem 'after_commit_everywhere'
|
|
||||||
gem 'after_party'
|
gem 'after_party'
|
||||||
gem 'ancestry'
|
gem 'ancestry'
|
||||||
gem 'anchored'
|
gem 'anchored'
|
||||||
|
@ -23,10 +22,10 @@ gem 'chunky_png'
|
||||||
gem 'clamav-client', require: 'clamav/client'
|
gem 'clamav-client', require: 'clamav/client'
|
||||||
gem 'daemons'
|
gem 'daemons'
|
||||||
gem 'deep_cloneable' # Enable deep clone of active record models
|
gem 'deep_cloneable' # Enable deep clone of active record models
|
||||||
gem 'delayed_cron_job', require: false # Cron jobs
|
gem 'delayed_cron_job' # Cron jobs
|
||||||
gem 'delayed_job_active_record'
|
gem 'delayed_job_active_record'
|
||||||
gem 'delayed_job_web'
|
gem 'delayed_job_web'
|
||||||
gem 'devise'
|
gem 'devise', git: 'https://github.com/heartcombo/devise.git', ref: "edffc79bf05d7f1c58ba50ffeda645e2e4ae0cb1" # Gestion des comptes utilisateurs, drop ref on next release: 4.9.4
|
||||||
gem 'devise-i18n'
|
gem 'devise-i18n'
|
||||||
gem 'devise-two-factor'
|
gem 'devise-two-factor'
|
||||||
gem 'discard'
|
gem 'discard'
|
||||||
|
@ -77,7 +76,6 @@ gem 'puma' # Use Puma as the app server
|
||||||
gem 'pundit'
|
gem 'pundit'
|
||||||
gem 'rack-attack'
|
gem 'rack-attack'
|
||||||
gem 'rails-i18n' # Locales par défaut
|
gem 'rails-i18n' # Locales par défaut
|
||||||
gem 'rails-pg-extras'
|
|
||||||
gem 'rake-progressbar', require: false
|
gem 'rake-progressbar', require: false
|
||||||
gem 'redcarpet'
|
gem 'redcarpet'
|
||||||
gem 'redis'
|
gem 'redis'
|
||||||
|
@ -91,23 +89,15 @@ gem 'sentry-ruby'
|
||||||
gem 'sentry-sidekiq'
|
gem 'sentry-sidekiq'
|
||||||
gem 'sib-api-v3-sdk'
|
gem 'sib-api-v3-sdk'
|
||||||
gem 'sidekiq'
|
gem 'sidekiq'
|
||||||
gem 'sidekiq-cron'
|
|
||||||
gem 'skylight'
|
gem 'skylight'
|
||||||
gem 'spreadsheet_architect'
|
gem 'spreadsheet_architect'
|
||||||
gem 'strong_migrations' # lint database migrations
|
gem 'strong_migrations' # lint database migrations
|
||||||
gem 'sys-proctable'
|
|
||||||
gem 'turbo-rails'
|
gem 'turbo-rails'
|
||||||
gem 'typhoeus'
|
gem 'typhoeus'
|
||||||
gem 'ulid-ruby', require: 'ulid'
|
gem 'ulid-ruby', require: 'ulid'
|
||||||
gem 'view_component'
|
gem 'view_component'
|
||||||
gem 'vite_rails'
|
gem 'vite_rails'
|
||||||
gem 'warden'
|
gem 'warden'
|
||||||
gem 'webrick', require: false
|
|
||||||
gem 'yabeda-graphql'
|
|
||||||
gem 'yabeda-prometheus'
|
|
||||||
gem 'yabeda-puma-plugin'
|
|
||||||
gem 'yabeda-rails'
|
|
||||||
gem 'yabeda-sidekiq'
|
|
||||||
gem 'zipline'
|
gem 'zipline'
|
||||||
gem 'zxcvbn-ruby', require: 'zxcvbn'
|
gem 'zxcvbn-ruby', require: 'zxcvbn'
|
||||||
|
|
||||||
|
@ -125,8 +115,6 @@ group :test do
|
||||||
gem 'selenium-devtools'
|
gem 'selenium-devtools'
|
||||||
gem 'selenium-webdriver'
|
gem 'selenium-webdriver'
|
||||||
gem 'shoulda-matchers', require: false
|
gem 'shoulda-matchers', require: false
|
||||||
gem 'simplecov', require: false
|
|
||||||
gem 'simplecov-cobertura', require: false
|
|
||||||
gem 'timecop'
|
gem 'timecop'
|
||||||
gem 'vcr'
|
gem 'vcr'
|
||||||
gem 'webmock'
|
gem 'webmock'
|
||||||
|
|
|
@ -6,6 +6,18 @@ GIT
|
||||||
json (>= 2.5)
|
json (>= 2.5)
|
||||||
sidekiq (~> 7.0)
|
sidekiq (~> 7.0)
|
||||||
|
|
||||||
|
GIT
|
||||||
|
remote: https://github.com/heartcombo/devise.git
|
||||||
|
revision: edffc79bf05d7f1c58ba50ffeda645e2e4ae0cb1
|
||||||
|
ref: edffc79bf05d7f1c58ba50ffeda645e2e4ae0cb1
|
||||||
|
specs:
|
||||||
|
devise (4.9.3)
|
||||||
|
bcrypt (~> 3.0)
|
||||||
|
orm_adapter (~> 0.1)
|
||||||
|
railties (>= 4.1.0)
|
||||||
|
responders
|
||||||
|
warden (~> 1.2.3)
|
||||||
|
|
||||||
GEM
|
GEM
|
||||||
remote: https://rubygems.org/
|
remote: https://rubygems.org/
|
||||||
specs:
|
specs:
|
||||||
|
@ -104,15 +116,10 @@ GEM
|
||||||
administrate-field-enum (0.0.9)
|
administrate-field-enum (0.0.9)
|
||||||
administrate (~> 0.12)
|
administrate (~> 0.12)
|
||||||
aes_key_wrap (1.1.0)
|
aes_key_wrap (1.1.0)
|
||||||
after_commit_everywhere (1.4.0)
|
|
||||||
activerecord (>= 4.2)
|
|
||||||
activesupport
|
|
||||||
after_party (1.11.2)
|
after_party (1.11.2)
|
||||||
ancestry (4.3.3)
|
ancestry (4.3.3)
|
||||||
activerecord (>= 5.2.6)
|
activerecord (>= 5.2.6)
|
||||||
anchored (1.1.0)
|
anchored (1.1.0)
|
||||||
anyway_config (2.6.3)
|
|
||||||
ruby-next-core (~> 1.0)
|
|
||||||
ast (2.4.2)
|
ast (2.4.2)
|
||||||
attr_required (1.0.2)
|
attr_required (1.0.2)
|
||||||
axe-core-api (4.8.2)
|
axe-core-api (4.8.2)
|
||||||
|
@ -136,7 +143,7 @@ GEM
|
||||||
erubi (~> 1.4)
|
erubi (~> 1.4)
|
||||||
parser (>= 2.4)
|
parser (>= 2.4)
|
||||||
smart_properties
|
smart_properties
|
||||||
bigdecimal (3.1.7)
|
bigdecimal (3.1.6)
|
||||||
bindata (2.5.0)
|
bindata (2.5.0)
|
||||||
bindex (0.8.1)
|
bindex (0.8.1)
|
||||||
bootsnap (1.18.3)
|
bootsnap (1.18.3)
|
||||||
|
@ -168,7 +175,7 @@ GEM
|
||||||
nokogiri (~> 1.10, >= 1.10.4)
|
nokogiri (~> 1.10, >= 1.10.4)
|
||||||
rubyzip (>= 1.3.0, < 3)
|
rubyzip (>= 1.3.0, < 3)
|
||||||
charlock_holmes (0.7.7)
|
charlock_holmes (0.7.7)
|
||||||
chartkick (5.0.6)
|
chartkick (5.0.5)
|
||||||
choice (0.2.0)
|
choice (0.2.0)
|
||||||
chunky_png (1.4.0)
|
chunky_png (1.4.0)
|
||||||
clamav-client (3.2.0)
|
clamav-client (3.2.0)
|
||||||
|
@ -201,12 +208,6 @@ GEM
|
||||||
sinatra (>= 1.4.4)
|
sinatra (>= 1.4.4)
|
||||||
descendants_tracker (0.0.4)
|
descendants_tracker (0.0.4)
|
||||||
thread_safe (~> 0.3, >= 0.3.1)
|
thread_safe (~> 0.3, >= 0.3.1)
|
||||||
devise (4.9.4)
|
|
||||||
bcrypt (~> 3.0)
|
|
||||||
orm_adapter (~> 0.1)
|
|
||||||
railties (>= 4.1.0)
|
|
||||||
responders
|
|
||||||
warden (~> 1.2.3)
|
|
||||||
devise-i18n (1.12.0)
|
devise-i18n (1.12.0)
|
||||||
devise (>= 4.9.0)
|
devise (>= 4.9.0)
|
||||||
devise-two-factor (5.0.0)
|
devise-two-factor (5.0.0)
|
||||||
|
@ -217,7 +218,6 @@ GEM
|
||||||
diff-lcs (1.5.1)
|
diff-lcs (1.5.1)
|
||||||
discard (1.3.0)
|
discard (1.3.0)
|
||||||
activerecord (>= 4.2, < 8)
|
activerecord (>= 4.2, < 8)
|
||||||
docile (1.4.0)
|
|
||||||
dotenv (2.8.1)
|
dotenv (2.8.1)
|
||||||
dotenv-rails (2.8.1)
|
dotenv-rails (2.8.1)
|
||||||
dotenv (= 2.8.1)
|
dotenv (= 2.8.1)
|
||||||
|
@ -226,7 +226,6 @@ GEM
|
||||||
dry-core (1.0.1)
|
dry-core (1.0.1)
|
||||||
concurrent-ruby (~> 1.0)
|
concurrent-ruby (~> 1.0)
|
||||||
zeitwerk (~> 2.6)
|
zeitwerk (~> 2.6)
|
||||||
dry-initializer (3.1.1)
|
|
||||||
dry-monads (1.6.0)
|
dry-monads (1.6.0)
|
||||||
concurrent-ruby (~> 1.0)
|
concurrent-ruby (~> 1.0)
|
||||||
dry-core (~> 1.0, < 2)
|
dry-core (~> 1.0, < 2)
|
||||||
|
@ -235,7 +234,7 @@ GEM
|
||||||
email_validator (2.2.4)
|
email_validator (2.2.4)
|
||||||
activemodel
|
activemodel
|
||||||
erubi (1.12.0)
|
erubi (1.12.0)
|
||||||
et-orbi (1.2.11)
|
et-orbi (1.2.7)
|
||||||
tzinfo
|
tzinfo
|
||||||
ethon (0.16.0)
|
ethon (0.16.0)
|
||||||
ffi (>= 1.15.0)
|
ffi (>= 1.15.0)
|
||||||
|
@ -278,7 +277,7 @@ GEM
|
||||||
fog-core (~> 2.1)
|
fog-core (~> 2.1)
|
||||||
fog-json (>= 1.0)
|
fog-json (>= 1.0)
|
||||||
formatador (1.1.0)
|
formatador (1.1.0)
|
||||||
fugit (1.10.1)
|
fugit (1.9.0)
|
||||||
et-orbi (~> 1, >= 1.2.7)
|
et-orbi (~> 1, >= 1.2.7)
|
||||||
raabro (~> 1.4)
|
raabro (~> 1.4)
|
||||||
geo_coord (0.2.0)
|
geo_coord (0.2.0)
|
||||||
|
@ -350,7 +349,7 @@ GEM
|
||||||
invisible_captcha (2.2.0)
|
invisible_captcha (2.2.0)
|
||||||
rails (>= 5.2)
|
rails (>= 5.2)
|
||||||
io-console (0.7.2)
|
io-console (0.7.2)
|
||||||
irb (1.12.0)
|
irb (1.11.2)
|
||||||
rdoc
|
rdoc
|
||||||
reline (>= 0.4.2)
|
reline (>= 0.4.2)
|
||||||
job-iteration (1.4.1)
|
job-iteration (1.4.1)
|
||||||
|
@ -359,7 +358,7 @@ GEM
|
||||||
rails-dom-testing (>= 1, < 3)
|
rails-dom-testing (>= 1, < 3)
|
||||||
railties (>= 4.2.0)
|
railties (>= 4.2.0)
|
||||||
thor (>= 0.14, < 2.0)
|
thor (>= 0.14, < 2.0)
|
||||||
json (2.7.2)
|
json (2.7.1)
|
||||||
json-jwt (1.16.6)
|
json-jwt (1.16.6)
|
||||||
activesupport (>= 4.2)
|
activesupport (>= 4.2)
|
||||||
aes_key_wrap
|
aes_key_wrap
|
||||||
|
@ -367,15 +366,12 @@ GEM
|
||||||
bindata
|
bindata
|
||||||
faraday (~> 2.0)
|
faraday (~> 2.0)
|
||||||
faraday-follow_redirects
|
faraday-follow_redirects
|
||||||
json_schemer (2.2.1)
|
json_schemer (2.1.1)
|
||||||
base64
|
|
||||||
bigdecimal
|
|
||||||
hana (~> 1.3)
|
hana (~> 1.3)
|
||||||
regexp_parser (~> 2.0)
|
regexp_parser (~> 2.0)
|
||||||
simpleidn (~> 0.2)
|
simpleidn (~> 0.2)
|
||||||
jsonapi-renderer (0.2.2)
|
jsonapi-renderer (0.2.2)
|
||||||
jwt (2.8.1)
|
jwt (2.7.1)
|
||||||
base64
|
|
||||||
kaminari (1.2.2)
|
kaminari (1.2.2)
|
||||||
activesupport (>= 4.1.0)
|
activesupport (>= 4.1.0)
|
||||||
kaminari-actionview (= 1.2.2)
|
kaminari-actionview (= 1.2.2)
|
||||||
|
@ -402,7 +398,7 @@ GEM
|
||||||
letter_opener (~> 1.7)
|
letter_opener (~> 1.7)
|
||||||
railties (>= 5.2)
|
railties (>= 5.2)
|
||||||
rexml
|
rexml
|
||||||
listen (3.9.0)
|
listen (3.8.0)
|
||||||
rb-fsevent (~> 0.10, >= 0.10.3)
|
rb-fsevent (~> 0.10, >= 0.10.3)
|
||||||
rb-inotify (~> 0.9, >= 0.9.10)
|
rb-inotify (~> 0.9, >= 0.9.10)
|
||||||
lograge (0.14.0)
|
lograge (0.14.0)
|
||||||
|
@ -419,7 +415,7 @@ GEM
|
||||||
net-imap
|
net-imap
|
||||||
net-pop
|
net-pop
|
||||||
net-smtp
|
net-smtp
|
||||||
maintenance_tasks (2.7.0)
|
maintenance_tasks (2.6.0)
|
||||||
actionpack (>= 6.0)
|
actionpack (>= 6.0)
|
||||||
activejob (>= 6.0)
|
activejob (>= 6.0)
|
||||||
activerecord (>= 6.0)
|
activerecord (>= 6.0)
|
||||||
|
@ -429,7 +425,7 @@ GEM
|
||||||
marcel (1.0.2)
|
marcel (1.0.2)
|
||||||
matrix (0.4.2)
|
matrix (0.4.2)
|
||||||
memory_profiler (1.0.1)
|
memory_profiler (1.0.1)
|
||||||
method_source (1.1.0)
|
method_source (1.0.0)
|
||||||
mime-types (3.5.2)
|
mime-types (3.5.2)
|
||||||
mime-types-data (~> 3.2015)
|
mime-types-data (~> 3.2015)
|
||||||
mime-types-data (3.2024.0206)
|
mime-types-data (3.2024.0206)
|
||||||
|
@ -437,8 +433,8 @@ GEM
|
||||||
rake
|
rake
|
||||||
mini_magick (4.12.0)
|
mini_magick (4.12.0)
|
||||||
mini_mime (1.1.5)
|
mini_mime (1.1.5)
|
||||||
mini_portile2 (2.8.6)
|
mini_portile2 (2.8.5)
|
||||||
minitest (5.22.3)
|
minitest (5.22.2)
|
||||||
msgpack (1.7.2)
|
msgpack (1.7.2)
|
||||||
multi_json (1.15.0)
|
multi_json (1.15.0)
|
||||||
mustermann (3.0.0)
|
mustermann (3.0.0)
|
||||||
|
@ -454,8 +450,8 @@ GEM
|
||||||
timeout
|
timeout
|
||||||
net-smtp (0.4.0.1)
|
net-smtp (0.4.0.1)
|
||||||
net-protocol
|
net-protocol
|
||||||
nio4r (2.7.1)
|
nio4r (2.7.0)
|
||||||
nokogiri (1.16.4)
|
nokogiri (1.16.2)
|
||||||
mini_portile2 (~> 2.8.2)
|
mini_portile2 (~> 2.8.2)
|
||||||
racc (~> 1.4)
|
racc (~> 1.4)
|
||||||
openid_connect (2.3.0)
|
openid_connect (2.3.0)
|
||||||
|
@ -478,8 +474,8 @@ GEM
|
||||||
ast (~> 2.4.1)
|
ast (~> 2.4.1)
|
||||||
racc
|
racc
|
||||||
pdf-core (0.9.0)
|
pdf-core (0.9.0)
|
||||||
pg (1.5.6)
|
pg (1.5.4)
|
||||||
phonelib (0.8.8)
|
phonelib (0.8.7)
|
||||||
prawn (2.4.0)
|
prawn (2.4.0)
|
||||||
pdf-core (~> 0.9.0)
|
pdf-core (~> 0.9.0)
|
||||||
ttfunk (~> 1.7)
|
ttfunk (~> 1.7)
|
||||||
|
@ -497,18 +493,17 @@ GEM
|
||||||
actionmailer (>= 3)
|
actionmailer (>= 3)
|
||||||
net-smtp
|
net-smtp
|
||||||
premailer (~> 1.7, >= 1.7.9)
|
premailer (~> 1.7, >= 1.7.9)
|
||||||
prometheus-client (4.2.2)
|
|
||||||
promise.rb (0.7.4)
|
promise.rb (0.7.4)
|
||||||
psych (5.1.2)
|
psych (5.1.2)
|
||||||
stringio
|
stringio
|
||||||
public_suffix (5.0.5)
|
public_suffix (5.0.4)
|
||||||
puma (6.4.2)
|
puma (6.4.2)
|
||||||
nio4r (~> 2.0)
|
nio4r (~> 2.0)
|
||||||
pundit (2.3.1)
|
pundit (2.3.1)
|
||||||
activesupport (>= 3.0.0)
|
activesupport (>= 3.0.0)
|
||||||
raabro (1.4.0)
|
raabro (1.4.0)
|
||||||
racc (1.7.3)
|
racc (1.7.3)
|
||||||
rack (2.2.9)
|
rack (2.2.8.1)
|
||||||
rack-attack (6.7.0)
|
rack-attack (6.7.0)
|
||||||
rack (>= 1.0, < 4)
|
rack (>= 1.0, < 4)
|
||||||
rack-mini-profiler (3.3.1)
|
rack-mini-profiler (3.3.1)
|
||||||
|
@ -560,12 +555,9 @@ GEM
|
||||||
rails-html-sanitizer (1.6.0)
|
rails-html-sanitizer (1.6.0)
|
||||||
loofah (~> 2.21)
|
loofah (~> 2.21)
|
||||||
nokogiri (~> 1.14)
|
nokogiri (~> 1.14)
|
||||||
rails-i18n (7.0.9)
|
rails-i18n (7.0.8)
|
||||||
i18n (>= 0.7, < 2)
|
i18n (>= 0.7, < 2)
|
||||||
railties (>= 6.0.0, < 8)
|
railties (>= 6.0.0, < 8)
|
||||||
rails-pg-extras (5.3.1)
|
|
||||||
rails
|
|
||||||
ruby-pg-extras (= 5.3.1)
|
|
||||||
railties (7.0.8.1)
|
railties (7.0.8.1)
|
||||||
actionpack (= 7.0.8.1)
|
actionpack (= 7.0.8.1)
|
||||||
activesupport (= 7.0.8.1)
|
activesupport (= 7.0.8.1)
|
||||||
|
@ -574,20 +566,20 @@ GEM
|
||||||
thor (~> 1.0)
|
thor (~> 1.0)
|
||||||
zeitwerk (~> 2.5)
|
zeitwerk (~> 2.5)
|
||||||
rainbow (3.1.1)
|
rainbow (3.1.1)
|
||||||
rake (13.2.1)
|
rake (13.1.0)
|
||||||
rake-progressbar (0.0.5)
|
rake-progressbar (0.0.5)
|
||||||
rb-fsevent (0.11.2)
|
rb-fsevent (0.11.2)
|
||||||
rb-inotify (0.10.1)
|
rb-inotify (0.10.1)
|
||||||
ffi (~> 1.0)
|
ffi (~> 1.0)
|
||||||
rdoc (6.6.3.1)
|
rdoc (6.6.2)
|
||||||
psych (>= 4.0.0)
|
psych (>= 4.0.0)
|
||||||
redcarpet (3.6.0)
|
redcarpet (3.6.0)
|
||||||
redis (5.2.0)
|
redis (5.1.0)
|
||||||
redis-client (>= 0.22.0)
|
redis-client (>= 0.17.0)
|
||||||
redis-client (0.22.1)
|
redis-client (0.20.0)
|
||||||
connection_pool
|
connection_pool
|
||||||
regexp_parser (2.9.0)
|
regexp_parser (2.9.0)
|
||||||
reline (0.5.3)
|
reline (0.4.2)
|
||||||
io-console (~> 0.5)
|
io-console (~> 0.5)
|
||||||
request_store (1.5.1)
|
request_store (1.5.1)
|
||||||
rack (>= 1.4)
|
rack (>= 1.4)
|
||||||
|
@ -612,20 +604,20 @@ GEM
|
||||||
rspec-mocks (3.13.0)
|
rspec-mocks (3.13.0)
|
||||||
diff-lcs (>= 1.2.0, < 2.0)
|
diff-lcs (>= 1.2.0, < 2.0)
|
||||||
rspec-support (~> 3.13.0)
|
rspec-support (~> 3.13.0)
|
||||||
rspec-rails (6.1.2)
|
rspec-rails (6.1.1)
|
||||||
actionpack (>= 6.1)
|
actionpack (>= 6.1)
|
||||||
activesupport (>= 6.1)
|
activesupport (>= 6.1)
|
||||||
railties (>= 6.1)
|
railties (>= 6.1)
|
||||||
rspec-core (~> 3.13)
|
rspec-core (~> 3.12)
|
||||||
rspec-expectations (~> 3.13)
|
rspec-expectations (~> 3.12)
|
||||||
rspec-mocks (~> 3.13)
|
rspec-mocks (~> 3.12)
|
||||||
rspec-support (~> 3.13)
|
rspec-support (~> 3.12)
|
||||||
rspec-retry (0.6.2)
|
rspec-retry (0.6.2)
|
||||||
rspec-core (> 3.3)
|
rspec-core (> 3.3)
|
||||||
rspec-support (3.13.1)
|
rspec-support (3.13.0)
|
||||||
rspec_junit_formatter (0.6.0)
|
rspec_junit_formatter (0.6.0)
|
||||||
rspec-core (>= 2, < 4, != 2.12.0)
|
rspec-core (>= 2, < 4, != 2.12.0)
|
||||||
rubocop (1.63.3)
|
rubocop (1.60.2)
|
||||||
json (~> 2.3)
|
json (~> 2.3)
|
||||||
language_server-protocol (>= 3.17.0)
|
language_server-protocol (>= 3.17.0)
|
||||||
parallel (~> 1.10)
|
parallel (~> 1.10)
|
||||||
|
@ -633,36 +625,29 @@ GEM
|
||||||
rainbow (>= 2.2.2, < 4.0)
|
rainbow (>= 2.2.2, < 4.0)
|
||||||
regexp_parser (>= 1.8, < 3.0)
|
regexp_parser (>= 1.8, < 3.0)
|
||||||
rexml (>= 3.2.5, < 4.0)
|
rexml (>= 3.2.5, < 4.0)
|
||||||
rubocop-ast (>= 1.31.1, < 2.0)
|
rubocop-ast (>= 1.30.0, < 2.0)
|
||||||
ruby-progressbar (~> 1.7)
|
ruby-progressbar (~> 1.7)
|
||||||
unicode-display_width (>= 2.4.0, < 3.0)
|
unicode-display_width (>= 2.4.0, < 3.0)
|
||||||
rubocop-ast (1.31.2)
|
rubocop-ast (1.30.0)
|
||||||
parser (>= 3.3.0.4)
|
parser (>= 3.2.1.0)
|
||||||
rubocop-capybara (2.20.0)
|
rubocop-capybara (2.20.0)
|
||||||
rubocop (~> 1.41)
|
rubocop (~> 1.41)
|
||||||
rubocop-factory_bot (2.25.1)
|
rubocop-factory_bot (2.25.1)
|
||||||
rubocop (~> 1.41)
|
rubocop (~> 1.41)
|
||||||
rubocop-performance (1.21.0)
|
rubocop-performance (1.20.2)
|
||||||
rubocop (>= 1.48.1, < 2.0)
|
rubocop (>= 1.48.1, < 2.0)
|
||||||
rubocop-ast (>= 1.31.1, < 2.0)
|
rubocop-ast (>= 1.30.0, < 2.0)
|
||||||
rubocop-rails (2.24.1)
|
rubocop-rails (2.23.1)
|
||||||
activesupport (>= 4.2.0)
|
activesupport (>= 4.2.0)
|
||||||
rack (>= 1.1)
|
rack (>= 1.1)
|
||||||
rubocop (>= 1.33.0, < 2.0)
|
rubocop (>= 1.33.0, < 2.0)
|
||||||
rubocop-ast (>= 1.31.1, < 2.0)
|
rubocop-ast (>= 1.30.0, < 2.0)
|
||||||
rubocop-rspec (2.29.1)
|
rubocop-rspec (2.26.1)
|
||||||
rubocop (~> 1.40)
|
rubocop (~> 1.40)
|
||||||
rubocop-capybara (~> 2.17)
|
rubocop-capybara (~> 2.17)
|
||||||
rubocop-factory_bot (~> 2.22)
|
rubocop-factory_bot (~> 2.22)
|
||||||
rubocop-rspec_rails (~> 2.28)
|
|
||||||
rubocop-rspec_rails (2.28.3)
|
|
||||||
rubocop (~> 1.40)
|
|
||||||
ruby-graphviz (1.2.5)
|
ruby-graphviz (1.2.5)
|
||||||
rexml
|
rexml
|
||||||
ruby-next-core (1.0.2)
|
|
||||||
ruby-pg-extras (5.3.1)
|
|
||||||
pg
|
|
||||||
terminal-table
|
|
||||||
ruby-progressbar (1.13.0)
|
ruby-progressbar (1.13.0)
|
||||||
ruby-vips (2.2.0)
|
ruby-vips (2.2.0)
|
||||||
ffi (~> 1.12)
|
ffi (~> 1.12)
|
||||||
|
@ -693,52 +678,38 @@ GEM
|
||||||
scss_lint (0.60.0)
|
scss_lint (0.60.0)
|
||||||
sass (~> 3.5, >= 3.5.5)
|
sass (~> 3.5, >= 3.5.5)
|
||||||
selectize-rails (0.12.6)
|
selectize-rails (0.12.6)
|
||||||
selenium-devtools (0.123.0)
|
selenium-devtools (0.121.0)
|
||||||
selenium-webdriver (~> 4.2)
|
selenium-webdriver (~> 4.2)
|
||||||
selenium-webdriver (4.19.0)
|
selenium-webdriver (4.17.0)
|
||||||
base64 (~> 0.2)
|
base64 (~> 0.2)
|
||||||
rexml (~> 3.2, >= 3.2.5)
|
rexml (~> 3.2, >= 3.2.5)
|
||||||
rubyzip (>= 1.2.2, < 3.0)
|
rubyzip (>= 1.2.2, < 3.0)
|
||||||
websocket (~> 1.0)
|
websocket (~> 1.0)
|
||||||
sentry-delayed_job (5.17.3)
|
sentry-delayed_job (5.16.1)
|
||||||
delayed_job (>= 4.0)
|
delayed_job (>= 4.0)
|
||||||
sentry-ruby (~> 5.17.3)
|
sentry-ruby (~> 5.16.1)
|
||||||
sentry-rails (5.17.3)
|
sentry-rails (5.16.1)
|
||||||
railties (>= 5.0)
|
railties (>= 5.0)
|
||||||
sentry-ruby (~> 5.17.3)
|
sentry-ruby (~> 5.16.1)
|
||||||
sentry-ruby (5.17.3)
|
sentry-ruby (5.16.1)
|
||||||
bigdecimal
|
|
||||||
concurrent-ruby (~> 1.0, >= 1.0.2)
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
||||||
sentry-sidekiq (5.17.3)
|
sentry-sidekiq (5.16.1)
|
||||||
sentry-ruby (~> 5.17.3)
|
sentry-ruby (~> 5.16.1)
|
||||||
sidekiq (>= 3.0)
|
sidekiq (>= 3.0)
|
||||||
shoulda-matchers (6.2.0)
|
shoulda-matchers (6.1.0)
|
||||||
activesupport (>= 5.2.0)
|
activesupport (>= 5.2.0)
|
||||||
sib-api-v3-sdk (9.1.0)
|
sib-api-v3-sdk (9.1.0)
|
||||||
addressable (~> 2.3, >= 2.3.0)
|
addressable (~> 2.3, >= 2.3.0)
|
||||||
json (~> 2.1, >= 2.1.0)
|
json (~> 2.1, >= 2.1.0)
|
||||||
typhoeus (~> 1.0, >= 1.0.1)
|
typhoeus (~> 1.0, >= 1.0.1)
|
||||||
sidekiq (7.2.2)
|
sidekiq (7.2.1)
|
||||||
concurrent-ruby (< 2)
|
concurrent-ruby (< 2)
|
||||||
connection_pool (>= 2.3.0)
|
connection_pool (>= 2.3.0)
|
||||||
rack (>= 2.2.4)
|
rack (>= 2.2.4)
|
||||||
redis-client (>= 0.19.0)
|
redis-client (>= 0.19.0)
|
||||||
sidekiq-cron (1.12.0)
|
|
||||||
fugit (~> 1.8)
|
|
||||||
globalid (>= 1.0.1)
|
|
||||||
sidekiq (>= 6)
|
|
||||||
simple_xlsx_reader (1.0.4)
|
simple_xlsx_reader (1.0.4)
|
||||||
nokogiri
|
nokogiri
|
||||||
rubyzip
|
rubyzip
|
||||||
simplecov (0.22.0)
|
|
||||||
docile (~> 1.1)
|
|
||||||
simplecov-html (~> 0.11)
|
|
||||||
simplecov_json_formatter (~> 0.1)
|
|
||||||
simplecov-cobertura (2.1.0)
|
|
||||||
rexml
|
|
||||||
simplecov (~> 0.19)
|
|
||||||
simplecov-html (0.12.3)
|
|
||||||
simplecov_json_formatter (0.1.4)
|
|
||||||
simpleidn (0.2.1)
|
simpleidn (0.2.1)
|
||||||
unf (~> 0.1.4)
|
unf (~> 0.1.4)
|
||||||
sinatra (3.2.0)
|
sinatra (3.2.0)
|
||||||
|
@ -746,13 +717,13 @@ GEM
|
||||||
rack (~> 2.2, >= 2.2.4)
|
rack (~> 2.2, >= 2.2.4)
|
||||||
rack-protection (= 3.2.0)
|
rack-protection (= 3.2.0)
|
||||||
tilt (~> 2.0)
|
tilt (~> 2.0)
|
||||||
skylight (6.0.4)
|
skylight (6.0.3)
|
||||||
activesupport (>= 5.2.0)
|
activesupport (>= 5.2.0)
|
||||||
smart_properties (1.17.0)
|
smart_properties (1.17.0)
|
||||||
spreadsheet_architect (5.0.0)
|
spreadsheet_architect (5.0.0)
|
||||||
caxlsx (>= 3.3.0, < 4)
|
caxlsx (>= 3.3.0, < 4)
|
||||||
rodf (>= 1.0.0, < 2)
|
rodf (>= 1.0.0, < 2)
|
||||||
spring (4.2.1)
|
spring (4.1.3)
|
||||||
spring-commands-rspec (1.0.4)
|
spring-commands-rspec (1.0.4)
|
||||||
spring (>= 0.9.1)
|
spring (>= 0.9.1)
|
||||||
sprockets (4.2.1)
|
sprockets (4.2.1)
|
||||||
|
@ -764,26 +735,24 @@ GEM
|
||||||
sprockets (>= 3.0.0)
|
sprockets (>= 3.0.0)
|
||||||
stackprof (0.2.26)
|
stackprof (0.2.26)
|
||||||
stringio (3.1.0)
|
stringio (3.1.0)
|
||||||
strong_migrations (1.8.0)
|
strong_migrations (1.7.0)
|
||||||
activerecord (>= 5.2)
|
activerecord (>= 5.2)
|
||||||
swd (2.0.3)
|
swd (2.0.3)
|
||||||
activesupport (>= 3)
|
activesupport (>= 3)
|
||||||
attr_required (>= 0.0.5)
|
attr_required (>= 0.0.5)
|
||||||
faraday (~> 2.0)
|
faraday (~> 2.0)
|
||||||
faraday-follow_redirects
|
faraday-follow_redirects
|
||||||
sys-proctable (1.3.0)
|
|
||||||
ffi (~> 1.1)
|
|
||||||
sysexits (1.2.0)
|
sysexits (1.2.0)
|
||||||
temple (0.8.2)
|
temple (0.8.2)
|
||||||
terminal-table (3.0.2)
|
terminal-table (3.0.2)
|
||||||
unicode-display_width (>= 1.1.1, < 3)
|
unicode-display_width (>= 1.1.1, < 3)
|
||||||
thor (1.3.1)
|
thor (1.3.0)
|
||||||
thread_safe (0.3.6)
|
thread_safe (0.3.6)
|
||||||
tilt (2.3.0)
|
tilt (2.3.0)
|
||||||
timecop (0.9.8)
|
timecop (0.9.8)
|
||||||
timeout (0.4.1)
|
timeout (0.4.1)
|
||||||
ttfunk (1.7.0)
|
ttfunk (1.7.0)
|
||||||
turbo-rails (2.0.5)
|
turbo-rails (2.0.2)
|
||||||
actionpack (>= 6.0.0)
|
actionpack (>= 6.0.0)
|
||||||
activejob (>= 6.0.0)
|
activejob (>= 6.0.0)
|
||||||
railties (>= 6.0.0)
|
railties (>= 6.0.0)
|
||||||
|
@ -801,7 +770,7 @@ GEM
|
||||||
activemodel (>= 3.0.0)
|
activemodel (>= 3.0.0)
|
||||||
public_suffix
|
public_suffix
|
||||||
vcr (6.2.0)
|
vcr (6.2.0)
|
||||||
view_component (3.12.1)
|
view_component (3.10.0)
|
||||||
activesupport (>= 5.2.0, < 8.0)
|
activesupport (>= 5.2.0, < 8.0)
|
||||||
concurrent-ruby (~> 1.0)
|
concurrent-ruby (~> 1.0)
|
||||||
method_source (~> 1.0)
|
method_source (~> 1.0)
|
||||||
|
@ -827,11 +796,10 @@ GEM
|
||||||
activesupport
|
activesupport
|
||||||
faraday (~> 2.0)
|
faraday (~> 2.0)
|
||||||
faraday-follow_redirects
|
faraday-follow_redirects
|
||||||
webmock (3.23.0)
|
webmock (3.20.0)
|
||||||
addressable (>= 2.8.0)
|
addressable (>= 2.8.0)
|
||||||
crack (>= 0.3.2)
|
crack (>= 0.3.2)
|
||||||
hashdiff (>= 0.4.0, < 2.0.0)
|
hashdiff (>= 0.4.0, < 2.0.0)
|
||||||
webrick (1.8.1)
|
|
||||||
websocket (1.2.10)
|
websocket (1.2.10)
|
||||||
websocket-driver (0.7.6)
|
websocket-driver (0.7.6)
|
||||||
websocket-extensions (>= 0.1.0)
|
websocket-extensions (>= 0.1.0)
|
||||||
|
@ -845,30 +813,6 @@ GEM
|
||||||
nokogiri (~> 1.11)
|
nokogiri (~> 1.11)
|
||||||
xpath (3.2.0)
|
xpath (3.2.0)
|
||||||
nokogiri (~> 1.8)
|
nokogiri (~> 1.8)
|
||||||
yabeda (0.12.0)
|
|
||||||
anyway_config (>= 1.0, < 3)
|
|
||||||
concurrent-ruby
|
|
||||||
dry-initializer
|
|
||||||
yabeda-graphql (0.2.3)
|
|
||||||
graphql (>= 1.9, < 3)
|
|
||||||
yabeda (~> 0.2)
|
|
||||||
yabeda-prometheus (0.9.1)
|
|
||||||
prometheus-client (>= 3.0, < 5.0)
|
|
||||||
rack
|
|
||||||
yabeda (~> 0.10)
|
|
||||||
yabeda-puma-plugin (0.7.1)
|
|
||||||
json
|
|
||||||
puma
|
|
||||||
yabeda (~> 0.5)
|
|
||||||
yabeda-rails (0.9.0)
|
|
||||||
activesupport
|
|
||||||
anyway_config (>= 1.3, < 3)
|
|
||||||
railties
|
|
||||||
yabeda (~> 0.8)
|
|
||||||
yabeda-sidekiq (0.12.0)
|
|
||||||
anyway_config (>= 1.3, < 3)
|
|
||||||
sidekiq
|
|
||||||
yabeda (~> 0.6)
|
|
||||||
zeitwerk (2.6.13)
|
zeitwerk (2.6.13)
|
||||||
zip_tricks (5.6.0)
|
zip_tricks (5.6.0)
|
||||||
zipline (1.5.0)
|
zipline (1.5.0)
|
||||||
|
@ -889,7 +833,6 @@ DEPENDENCIES
|
||||||
addressable
|
addressable
|
||||||
administrate
|
administrate
|
||||||
administrate-field-enum
|
administrate-field-enum
|
||||||
after_commit_everywhere
|
|
||||||
after_party
|
after_party
|
||||||
ancestry
|
ancestry
|
||||||
anchored
|
anchored
|
||||||
|
@ -911,7 +854,7 @@ DEPENDENCIES
|
||||||
delayed_cron_job
|
delayed_cron_job
|
||||||
delayed_job_active_record
|
delayed_job_active_record
|
||||||
delayed_job_web
|
delayed_job_web
|
||||||
devise
|
devise!
|
||||||
devise-i18n
|
devise-i18n
|
||||||
devise-two-factor
|
devise-two-factor
|
||||||
discard
|
discard
|
||||||
|
@ -975,7 +918,6 @@ DEPENDENCIES
|
||||||
rails-controller-testing
|
rails-controller-testing
|
||||||
rails-erd
|
rails-erd
|
||||||
rails-i18n
|
rails-i18n
|
||||||
rails-pg-extras
|
|
||||||
rake-progressbar
|
rake-progressbar
|
||||||
redcarpet
|
redcarpet
|
||||||
redis
|
redis
|
||||||
|
@ -1000,17 +942,13 @@ DEPENDENCIES
|
||||||
shoulda-matchers
|
shoulda-matchers
|
||||||
sib-api-v3-sdk
|
sib-api-v3-sdk
|
||||||
sidekiq
|
sidekiq
|
||||||
sidekiq-cron
|
|
||||||
simple_xlsx_reader
|
simple_xlsx_reader
|
||||||
simplecov
|
|
||||||
simplecov-cobertura
|
|
||||||
skylight
|
skylight
|
||||||
spreadsheet_architect
|
spreadsheet_architect
|
||||||
spring
|
spring
|
||||||
spring-commands-rspec
|
spring-commands-rspec
|
||||||
stackprof
|
stackprof
|
||||||
strong_migrations
|
strong_migrations
|
||||||
sys-proctable
|
|
||||||
timecop
|
timecop
|
||||||
turbo-rails
|
turbo-rails
|
||||||
typhoeus
|
typhoeus
|
||||||
|
@ -1021,14 +959,8 @@ DEPENDENCIES
|
||||||
warden
|
warden
|
||||||
web-console
|
web-console
|
||||||
webmock
|
webmock
|
||||||
webrick
|
|
||||||
yabeda-graphql
|
|
||||||
yabeda-prometheus
|
|
||||||
yabeda-puma-plugin
|
|
||||||
yabeda-rails
|
|
||||||
yabeda-sidekiq
|
|
||||||
zipline
|
zipline
|
||||||
zxcvbn-ruby
|
zxcvbn-ruby
|
||||||
|
|
||||||
BUNDLED WITH
|
BUNDLED WITH
|
||||||
2.5.9
|
2.5.4
|
||||||
|
|
|
@ -330,20 +330,6 @@
|
||||||
};
|
};
|
||||||
version = "1.1.0";
|
version = "1.1.0";
|
||||||
};
|
};
|
||||||
after_commit_everywhere = {
|
|
||||||
dependencies = [
|
|
||||||
"activerecord"
|
|
||||||
"activesupport"
|
|
||||||
];
|
|
||||||
groups = [ "default" ];
|
|
||||||
platforms = [ ];
|
|
||||||
source = {
|
|
||||||
remotes = [ "https://rubygems.org" ];
|
|
||||||
sha256 = "18hq21w6v36i615pi81960cjj0h7vrnpp54qbbk6gsz44g8rpd3y";
|
|
||||||
type = "gem";
|
|
||||||
};
|
|
||||||
version = "1.4.0";
|
|
||||||
};
|
|
||||||
after_party = {
|
after_party = {
|
||||||
groups = [ "default" ];
|
groups = [ "default" ];
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
|
@ -375,17 +361,6 @@
|
||||||
};
|
};
|
||||||
version = "1.1.0";
|
version = "1.1.0";
|
||||||
};
|
};
|
||||||
anyway_config = {
|
|
||||||
dependencies = [ "ruby-next-core" ];
|
|
||||||
groups = [ "default" ];
|
|
||||||
platforms = [ ];
|
|
||||||
source = {
|
|
||||||
remotes = [ "https://rubygems.org" ];
|
|
||||||
sha256 = "10bnmxr4wfkqc35m2d1l9apw23g9v21b0sfgq0z3afczblz6415f";
|
|
||||||
type = "gem";
|
|
||||||
};
|
|
||||||
version = "2.6.3";
|
|
||||||
};
|
|
||||||
ast = {
|
ast = {
|
||||||
groups = [
|
groups = [
|
||||||
"default"
|
"default"
|
||||||
|
@ -518,10 +493,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "0cq1c29zbkcxgdihqisirhcw76xc768z2zpd5vbccpq0l1lv76g7";
|
sha256 = "00db5v09k1z3539g1zrk7vkjrln9967k08adh6qx33ng97a2gg5w";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "3.1.7";
|
version = "3.1.6";
|
||||||
};
|
};
|
||||||
bindata = {
|
bindata = {
|
||||||
groups = [ "default" ];
|
groups = [ "default" ];
|
||||||
|
@ -682,10 +657,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "14vir1240ynwmad0a0qrklx8m7kzvayd2jwi51xh3hnlf529iicn";
|
sha256 = "1wnqscsnwjs809q33v3hmcr7isv35022bwd002mwviy5ic29dw32";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "5.0.6";
|
version = "5.0.5";
|
||||||
};
|
};
|
||||||
choice = {
|
choice = {
|
||||||
groups = [
|
groups = [
|
||||||
|
@ -922,11 +897,13 @@
|
||||||
groups = [ "default" ];
|
groups = [ "default" ];
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
fetchSubmodules = false;
|
||||||
sha256 = "1y57fpcvy1kjd4nb7zk7mvzq62wqcpfynrgblj558k3hbvz4404j";
|
rev = "edffc79bf05d7f1c58ba50ffeda645e2e4ae0cb1";
|
||||||
type = "gem";
|
sha256 = "1vlcyp6qng7ws4gaw51rz6dhxwldryvfm6fsk33gf7drm7xvr5qf";
|
||||||
|
type = "git";
|
||||||
|
url = "https://github.com/heartcombo/devise.git";
|
||||||
};
|
};
|
||||||
version = "4.9.4";
|
version = "4.9.3";
|
||||||
};
|
};
|
||||||
devise-i18n = {
|
devise-i18n = {
|
||||||
dependencies = [ "devise" ];
|
dependencies = [ "devise" ];
|
||||||
|
@ -980,19 +957,6 @@
|
||||||
};
|
};
|
||||||
version = "1.3.0";
|
version = "1.3.0";
|
||||||
};
|
};
|
||||||
docile = {
|
|
||||||
groups = [
|
|
||||||
"default"
|
|
||||||
"test"
|
|
||||||
];
|
|
||||||
platforms = [ ];
|
|
||||||
source = {
|
|
||||||
remotes = [ "https://rubygems.org" ];
|
|
||||||
sha256 = "1lxqxgq71rqwj1lpl9q1mbhhhhhhdkkj7my341f2889pwayk85sz";
|
|
||||||
type = "gem";
|
|
||||||
};
|
|
||||||
version = "1.4.0";
|
|
||||||
};
|
|
||||||
dotenv = {
|
dotenv = {
|
||||||
groups = [ "default" ];
|
groups = [ "default" ];
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
|
@ -1041,16 +1005,6 @@
|
||||||
};
|
};
|
||||||
version = "1.0.1";
|
version = "1.0.1";
|
||||||
};
|
};
|
||||||
dry-initializer = {
|
|
||||||
groups = [ "default" ];
|
|
||||||
platforms = [ ];
|
|
||||||
source = {
|
|
||||||
remotes = [ "https://rubygems.org" ];
|
|
||||||
sha256 = "1v3dah1r96b10m8xjixmdmymg7dr16wn5715id4vxjkw6vm7s9jd";
|
|
||||||
type = "gem";
|
|
||||||
};
|
|
||||||
version = "3.1.1";
|
|
||||||
};
|
|
||||||
dry-monads = {
|
dry-monads = {
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"concurrent-ruby"
|
"concurrent-ruby"
|
||||||
|
@ -1110,10 +1064,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "0r6zylqjfv0xhdxvldr0kgmnglm57nm506pcm6085f0xqa68cvnj";
|
sha256 = "1d2z4ky2v15dpcz672i2p7lb2nc793dasq3yq3660h2az53kss9v";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "1.2.11";
|
version = "1.2.7";
|
||||||
};
|
};
|
||||||
ethon = {
|
ethon = {
|
||||||
dependencies = [ "ffi" ];
|
dependencies = [ "ffi" ];
|
||||||
|
@ -1326,10 +1280,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "10m9b2gvwfvmm61000mq7n8q7pk2xkxmizgfydpis66n2ybrhwh5";
|
sha256 = "08fjxnzqvql8mg8wbpddg6fl9lrsp38dwhiyfpfsz550524f2ap9";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "1.10.1";
|
version = "1.9.0";
|
||||||
};
|
};
|
||||||
geo_coord = {
|
geo_coord = {
|
||||||
groups = [ "default" ];
|
groups = [ "default" ];
|
||||||
|
@ -1718,10 +1672,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "17ak21ybbprj9vg0hk8pb1r2yk9vlh50v9bdwh3qvlmpzcvljqq7";
|
sha256 = "1f8wms39b7z83x6pflq2sjh3sikpk0xjh680igbpkp1j3pl0fpx0";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "1.12.0";
|
version = "1.11.2";
|
||||||
};
|
};
|
||||||
job-iteration = {
|
job-iteration = {
|
||||||
dependencies = [ "activejob" ];
|
dependencies = [ "activejob" ];
|
||||||
|
@ -1757,10 +1711,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "0b4qsi8gay7ncmigr0pnbxyb17y3h8kavdyhsh7nrlqwr35vb60q";
|
sha256 = "0r9jmjhg2ly3l736flk7r2al47b5c8cayh0gqkq0yhjqzc9a6zhq";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "2.7.2";
|
version = "2.7.1";
|
||||||
};
|
};
|
||||||
json-jwt = {
|
json-jwt = {
|
||||||
dependencies = [
|
dependencies = [
|
||||||
|
@ -1782,8 +1736,6 @@
|
||||||
};
|
};
|
||||||
json_schemer = {
|
json_schemer = {
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"base64"
|
|
||||||
"bigdecimal"
|
|
||||||
"hana"
|
"hana"
|
||||||
"regexp_parser"
|
"regexp_parser"
|
||||||
"simpleidn"
|
"simpleidn"
|
||||||
|
@ -1792,10 +1744,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "0gp7zh16wk8qijcp9n4x460a5ks0mhacs0vb2f6rffi3v9k2fg4m";
|
sha256 = "02gnz7wajg7f5n67vlswfi8yjvwahypy36z6hrg0qfx3cc3589qg";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "2.2.1";
|
version = "2.1.1";
|
||||||
};
|
};
|
||||||
jsonapi-renderer = {
|
jsonapi-renderer = {
|
||||||
groups = [ "default" ];
|
groups = [ "default" ];
|
||||||
|
@ -1808,15 +1760,14 @@
|
||||||
version = "0.2.2";
|
version = "0.2.2";
|
||||||
};
|
};
|
||||||
jwt = {
|
jwt = {
|
||||||
dependencies = [ "base64" ];
|
|
||||||
groups = [ "default" ];
|
groups = [ "default" ];
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "02m3vza49pb9dirwpn8vmzbcypi3fc6l3a9dh253jwm1121g7ajb";
|
sha256 = "16z11alz13vfc4zs5l3fk6n51n2jw9lskvc4h4prnww0y797qd87";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "2.8.1";
|
version = "2.7.1";
|
||||||
};
|
};
|
||||||
kaminari = {
|
kaminari = {
|
||||||
dependencies = [
|
dependencies = [
|
||||||
|
@ -1954,10 +1905,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "0rwwsmvq79qwzl6324yc53py02kbrcww35si720490z5w0j497nv";
|
sha256 = "13rgkfar8pp31z1aamxf5y7cfq88wv6rxxcwy7cmm177qq508ycn";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "3.9.0";
|
version = "3.8.0";
|
||||||
};
|
};
|
||||||
lograge = {
|
lograge = {
|
||||||
dependencies = [
|
dependencies = [
|
||||||
|
@ -2036,10 +1987,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "1jybdhfr6mv4kgq5ph91r06r071jnvzx0lhm3988l1y3wqrdfmq8";
|
sha256 = "0ighmn1nnv31bykarkwf0pqgrqab09jxk0xp9hh6zwpfqi7b915n";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "2.7.0";
|
version = "2.6.0";
|
||||||
};
|
};
|
||||||
marcel = {
|
marcel = {
|
||||||
groups = [ "default" ];
|
groups = [ "default" ];
|
||||||
|
@ -2083,10 +2034,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "1igmc3sq9ay90f8xjvfnswd1dybj1s3fi0dwd53inwsvqk4h24qq";
|
sha256 = "1pnyh44qycnf9mzi1j6fywd5fkskv3x7nmsqrrws0rjn5dd4ayfp";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "1.1.0";
|
version = "1.0.0";
|
||||||
};
|
};
|
||||||
mime-types = {
|
mime-types = {
|
||||||
dependencies = [ "mime-types-data" ];
|
dependencies = [ "mime-types-data" ];
|
||||||
|
@ -2156,10 +2107,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "149r94xi6b3jbp6bv72f8383b95ndn0p5sxnq11gs1j9jadv0ajf";
|
sha256 = "1kl9c3kdchjabrihdqfmcplk3lq4cw1rr9f378y6q22qwy5dndvs";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "2.8.6";
|
version = "2.8.5";
|
||||||
};
|
};
|
||||||
minitest = {
|
minitest = {
|
||||||
groups = [
|
groups = [
|
||||||
|
@ -2170,10 +2121,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "07lq26b86giy3ha3fhrywk9r1ajhc2pm2mzj657jnpnbj1i6g17a";
|
sha256 = "0667vf0zglacry87nkcl3ns8421aydvz71vfa3g3yjhiq8zh19f5";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "5.22.3";
|
version = "5.22.2";
|
||||||
};
|
};
|
||||||
msgpack = {
|
msgpack = {
|
||||||
groups = [ "default" ];
|
groups = [ "default" ];
|
||||||
|
@ -2285,10 +2236,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "15iwbiij52x6jhdbl0rkcldnhfndmsy0sbnsygkr9vhskfqrp72m";
|
sha256 = "0xkjz56qc7hl7zy7i7bhiyw5pl85wwjsa4p70rj6s958xj2sd1lm";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "2.7.1";
|
version = "2.7.0";
|
||||||
};
|
};
|
||||||
nokogiri = {
|
nokogiri = {
|
||||||
dependencies = [
|
dependencies = [
|
||||||
|
@ -2303,10 +2254,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "0i8g0i370jhn2sclml0bg9qlrgf4csi6sy7czbhx8kjbl71idhb2";
|
sha256 = "173zavvxlwyi48lfskk48wcrdbkvjlhjhvy4jpcrfx72rpjjx4k8";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "1.16.4";
|
version = "1.16.2";
|
||||||
};
|
};
|
||||||
openid_connect = {
|
openid_connect = {
|
||||||
dependencies = [
|
dependencies = [
|
||||||
|
@ -2397,20 +2348,20 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "071b55bhsz7mivlnp2kv0a11msnl7xg5awvk8mlflpl270javhsb";
|
sha256 = "0pfj771p5a29yyyw58qacks464sl86d5m3jxjl5rlqqw2m3v5xq4";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "1.5.6";
|
version = "1.5.4";
|
||||||
};
|
};
|
||||||
phonelib = {
|
phonelib = {
|
||||||
groups = [ "default" ];
|
groups = [ "default" ];
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "1ish2nzp5jz9xw80npgc5gqsr9krc50wk3irfj71hkw4iccjdn62";
|
sha256 = "1d97488hh70n56gdyra1ajynfp36fp1ca1hy55dghf52vklyjgac";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "0.8.8";
|
version = "0.8.7";
|
||||||
};
|
};
|
||||||
prawn = {
|
prawn = {
|
||||||
dependencies = [
|
dependencies = [
|
||||||
|
@ -2482,16 +2433,6 @@
|
||||||
};
|
};
|
||||||
version = "1.12.0";
|
version = "1.12.0";
|
||||||
};
|
};
|
||||||
prometheus-client = {
|
|
||||||
groups = [ "default" ];
|
|
||||||
platforms = [ ];
|
|
||||||
source = {
|
|
||||||
remotes = [ "https://rubygems.org" ];
|
|
||||||
sha256 = "1zw39rp3b6jhm9273giv119lkgqvllisxb98k7vfx7367birbqcm";
|
|
||||||
type = "gem";
|
|
||||||
};
|
|
||||||
version = "4.2.2";
|
|
||||||
};
|
|
||||||
"promise.rb" = {
|
"promise.rb" = {
|
||||||
groups = [ "default" ];
|
groups = [ "default" ];
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
|
@ -2526,10 +2467,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "14y4vzjwf5gp0mqgs880kis0k7n2biq8i6ci6q2n315kichl1hvj";
|
sha256 = "1bni4qjrsh2q49pnmmd6if4iv3ak36bd2cckrs6npl111n769k9m";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "5.0.5";
|
version = "5.0.4";
|
||||||
};
|
};
|
||||||
puma = {
|
puma = {
|
||||||
dependencies = [ "nio4r" ];
|
dependencies = [ "nio4r" ];
|
||||||
|
@ -2586,10 +2527,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "0hj0rkw2z9r1lcg2wlrcld2n3phwrcgqcp7qd1g9a7hwgalh2qzx";
|
sha256 = "10mpk0hl6hnv324fp1pfimi2nw9acj0z4gyhrph36qg84pk1s4m7";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "2.2.9";
|
version = "2.2.8.1";
|
||||||
};
|
};
|
||||||
rack-attack = {
|
rack-attack = {
|
||||||
dependencies = [ "rack" ];
|
dependencies = [ "rack" ];
|
||||||
|
@ -2786,24 +2727,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "0s8kvic2ia34ngssz6h15wqj0k3wwblhyh0f9v0j3gy7ly0dp161";
|
sha256 = "1k8jvm3l4gafw7hyvpky7yzjjnkr3iy7l59lyam8ah3kqhmzk7zf";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "7.0.9";
|
version = "7.0.8";
|
||||||
};
|
|
||||||
rails-pg-extras = {
|
|
||||||
dependencies = [
|
|
||||||
"rails"
|
|
||||||
"ruby-pg-extras"
|
|
||||||
];
|
|
||||||
groups = [ "default" ];
|
|
||||||
platforms = [ ];
|
|
||||||
source = {
|
|
||||||
remotes = [ "https://rubygems.org" ];
|
|
||||||
sha256 = "0sn9xi3qxs96vwg4adiks0p62x3lng10i254q8yijfm4hpdmlihl";
|
|
||||||
type = "gem";
|
|
||||||
};
|
|
||||||
version = "5.3.1";
|
|
||||||
};
|
};
|
||||||
railties = {
|
railties = {
|
||||||
dependencies = [
|
dependencies = [
|
||||||
|
@ -2849,10 +2776,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "17850wcwkgi30p7yqh60960ypn7yibacjjha0av78zaxwvd3ijs6";
|
sha256 = "1ilr853hawi09626axx0mps4rkkmxcs54mapz9jnqvpnlwd3wsmy";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "13.2.1";
|
version = "13.1.0";
|
||||||
};
|
};
|
||||||
rake-progressbar = {
|
rake-progressbar = {
|
||||||
groups = [ "default" ];
|
groups = [ "default" ];
|
||||||
|
@ -2901,10 +2828,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "0ib3cnf4yllvw070gr4bz94sbmqx3haqc5f846fsvdcs494vgxrr";
|
sha256 = "14wnrpd1kl43ynk1wwwgv9avsw84d1lrvlfyrjy3d4h7h7ndnqzp";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "6.6.3.1";
|
version = "6.6.2";
|
||||||
};
|
};
|
||||||
redcarpet = {
|
redcarpet = {
|
||||||
groups = [ "default" ];
|
groups = [ "default" ];
|
||||||
|
@ -2922,10 +2849,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "1d1ng78dwbzgfg1sljf9bnx2km5y3p3jc42a9npwcrmiard9fsrk";
|
sha256 = "1yv9z3cch7aay3rs2iildk7jnvhijhwyyxvcn2nfdn6yp9vn7kxz";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "5.2.0";
|
version = "5.1.0";
|
||||||
};
|
};
|
||||||
redis-client = {
|
redis-client = {
|
||||||
dependencies = [ "connection_pool" ];
|
dependencies = [ "connection_pool" ];
|
||||||
|
@ -2933,10 +2860,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "0zhh37gdchzip97z1c6al0bx9m017gfm21n2kl31gy435s0v64dl";
|
sha256 = "136wddl18jl7zmlcigpf83fvfdmp369rhhc65n6jrdphwj7w76i3";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "0.22.1";
|
version = "0.20.0";
|
||||||
};
|
};
|
||||||
regexp_parser = {
|
regexp_parser = {
|
||||||
groups = [
|
groups = [
|
||||||
|
@ -2962,10 +2889,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "0d90nhsqvzp576dsz622fcz0r4zj9hvqlvb6y00f20zx3mx78iic";
|
sha256 = "0fhwdmw89zqb1fdxcd6lr57zabbfi08z8j6kqwngak0xnxi2j10l";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "0.5.3";
|
version = "0.4.2";
|
||||||
};
|
};
|
||||||
request_store = {
|
request_store = {
|
||||||
dependencies = [ "rack" ];
|
dependencies = [ "rack" ];
|
||||||
|
@ -3132,10 +3059,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "02wr7fl189p1lnpaylz48dlp1n5y763w92gk59s0345hwfr4m1q2";
|
sha256 = "1clmx6qzdbpm1g8ycg38gjbqsbr8ccqi6hqyx88g8yckz1hrx55x";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "6.1.2";
|
version = "6.1.1";
|
||||||
};
|
};
|
||||||
rspec-retry = {
|
rspec-retry = {
|
||||||
dependencies = [ "rspec-core" ];
|
dependencies = [ "rspec-core" ];
|
||||||
|
@ -3157,10 +3084,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "03z7gpqz5xkw9rf53835pa8a9vgj4lic54rnix9vfwmp2m7pv1s8";
|
sha256 = "0msjfw99dkbvmviv3wsid4k9h1prdgq7pnm52dcyf362p19mywhf";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "3.13.1";
|
version = "3.13.0";
|
||||||
};
|
};
|
||||||
rspec_junit_formatter = {
|
rspec_junit_formatter = {
|
||||||
dependencies = [ "rspec-core" ];
|
dependencies = [ "rspec-core" ];
|
||||||
|
@ -3190,10 +3117,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "0i2zimjixmjs6r88mgpklj6kdxq63a24mjvvphhbnbwgclb1z8qp";
|
sha256 = "0v67rgbhzanbf02fy5xasaxgmhxghlqb2cxjvbplinm2zfzs0380";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "1.63.3";
|
version = "1.60.2";
|
||||||
};
|
};
|
||||||
rubocop-ast = {
|
rubocop-ast = {
|
||||||
dependencies = [ "parser" ];
|
dependencies = [ "parser" ];
|
||||||
|
@ -3204,10 +3131,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "1v3q8n48w8h809rqbgzihkikr4g3xk72m1na7s97jdsmjjq6y83w";
|
sha256 = "1cs9cc5p9q70valk4na3lki4xs88b52486p2v46yx3q1n5969bgs";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "1.31.2";
|
version = "1.30.0";
|
||||||
};
|
};
|
||||||
rubocop-capybara = {
|
rubocop-capybara = {
|
||||||
dependencies = [ "rubocop" ];
|
dependencies = [ "rubocop" ];
|
||||||
|
@ -3246,10 +3173,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "16jayzjaaglhx69s6b83acpdzcxxccfkcn69gfpkimf2j64zlm7c";
|
sha256 = "0cf7fn4dwf45r3nhnda0dhnwn8qghswyqbfxr2ippb3z8a6gmc8v";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "1.21.0";
|
version = "1.20.2";
|
||||||
};
|
};
|
||||||
rubocop-rails = {
|
rubocop-rails = {
|
||||||
dependencies = [
|
dependencies = [
|
||||||
|
@ -3262,40 +3189,25 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "06dcxrr71sn0kkw8fwh0w884zbig2ilxpkl66s7lcis9jmkggv83";
|
sha256 = "1id396xvixh5w19bjsli477mn4dr48ff8n1243d2z0y4zr1ld52h";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "2.24.1";
|
version = "2.23.1";
|
||||||
};
|
};
|
||||||
rubocop-rspec = {
|
rubocop-rspec = {
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"rubocop"
|
"rubocop"
|
||||||
"rubocop-capybara"
|
"rubocop-capybara"
|
||||||
"rubocop-factory_bot"
|
"rubocop-factory_bot"
|
||||||
"rubocop-rspec_rails"
|
|
||||||
];
|
];
|
||||||
groups = [ "development" ];
|
groups = [ "development" ];
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "04rfx0f0ns3vfz16fvbxgc9ivjh6gkpqfdi0qsg3grq660dfhkjk";
|
sha256 = "0n24wy34shczlr5fnim7vcbrgvs0hffzw89n06fxziim9iws406s";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "2.29.1";
|
version = "2.26.1";
|
||||||
};
|
|
||||||
rubocop-rspec_rails = {
|
|
||||||
dependencies = [ "rubocop" ];
|
|
||||||
groups = [
|
|
||||||
"default"
|
|
||||||
"development"
|
|
||||||
];
|
|
||||||
platforms = [ ];
|
|
||||||
source = {
|
|
||||||
remotes = [ "https://rubygems.org" ];
|
|
||||||
sha256 = "0618lfncmvnvkwa1jb0kga1f2yiiw1809flkj4kg52nagh3z4scp";
|
|
||||||
type = "gem";
|
|
||||||
};
|
|
||||||
version = "2.28.3";
|
|
||||||
};
|
};
|
||||||
ruby-graphviz = {
|
ruby-graphviz = {
|
||||||
dependencies = [ "rexml" ];
|
dependencies = [ "rexml" ];
|
||||||
|
@ -3311,30 +3223,6 @@
|
||||||
};
|
};
|
||||||
version = "1.2.5";
|
version = "1.2.5";
|
||||||
};
|
};
|
||||||
ruby-next-core = {
|
|
||||||
groups = [ "default" ];
|
|
||||||
platforms = [ ];
|
|
||||||
source = {
|
|
||||||
remotes = [ "https://rubygems.org" ];
|
|
||||||
sha256 = "0vxgamkq4crciyz9lb3vkblzqp6c6wxw9p4ahzqdgk5gy4xikc24";
|
|
||||||
type = "gem";
|
|
||||||
};
|
|
||||||
version = "1.0.2";
|
|
||||||
};
|
|
||||||
ruby-pg-extras = {
|
|
||||||
dependencies = [
|
|
||||||
"pg"
|
|
||||||
"terminal-table"
|
|
||||||
];
|
|
||||||
groups = [ "default" ];
|
|
||||||
platforms = [ ];
|
|
||||||
source = {
|
|
||||||
remotes = [ "https://rubygems.org" ];
|
|
||||||
sha256 = "1brz8c167ljb1jbv4b0a20nzj12ahk9cf94n6lxri054w7i6hh0x";
|
|
||||||
type = "gem";
|
|
||||||
};
|
|
||||||
version = "5.3.1";
|
|
||||||
};
|
|
||||||
ruby-progressbar = {
|
ruby-progressbar = {
|
||||||
groups = [
|
groups = [
|
||||||
"default"
|
"default"
|
||||||
|
@ -3500,10 +3388,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "0fxhkxpczqg4f7gxdyvc6ccxy9hppnwl3ih03p42f6hbfy5q1x64";
|
sha256 = "1l2qf5w0bk01s50gzx8clzw4zchff9a01kk2s8fnpz65g7rgh4g9";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "0.123.0";
|
version = "0.121.0";
|
||||||
};
|
};
|
||||||
selenium-webdriver = {
|
selenium-webdriver = {
|
||||||
dependencies = [
|
dependencies = [
|
||||||
|
@ -3516,10 +3404,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "0rjh9s5x7jqaxjfcz2m3hphhlajk9nxs6wdsnia62iba07bd32sc";
|
sha256 = "0g3l3invk95w1f72mpp0r4hc3vsc3070c1xd1wg76kfg2r182xnq";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "4.19.0";
|
version = "4.17.0";
|
||||||
};
|
};
|
||||||
sentry-delayed_job = {
|
sentry-delayed_job = {
|
||||||
dependencies = [
|
dependencies = [
|
||||||
|
@ -3530,10 +3418,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "1bnglhd7cvy5y0kr50w4bgs89y72ym6zlgp751g2y50dp4ydl540";
|
sha256 = "1rbhzb3nmrs5lrfmcshrg5wp9liblc14m63ljxb12nc4w5fnnwf8";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "5.17.3";
|
version = "5.16.1";
|
||||||
};
|
};
|
||||||
sentry-rails = {
|
sentry-rails = {
|
||||||
dependencies = [
|
dependencies = [
|
||||||
|
@ -3544,24 +3432,21 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "0ncl8br0k6fas4n6c4xw4wr59kq5s2liqn1s4790m73k5p272xq1";
|
sha256 = "16jyjm0rcj1y175bjmj6bhf7dclp5yw5dh1fna0xy4r07ysq864g";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "5.17.3";
|
version = "5.16.1";
|
||||||
};
|
};
|
||||||
sentry-ruby = {
|
sentry-ruby = {
|
||||||
dependencies = [
|
dependencies = [ "concurrent-ruby" ];
|
||||||
"bigdecimal"
|
|
||||||
"concurrent-ruby"
|
|
||||||
];
|
|
||||||
groups = [ "default" ];
|
groups = [ "default" ];
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "1z5v5zzasy04hbgxbj9n8bb39ayllvps3snfgbc5rydh1d5ilyb1";
|
sha256 = "0fsqs1f7nb4y45qwlg14hz155r4pf8ny3j8gzpxlqafpd3dz2zkn";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "5.17.3";
|
version = "5.16.1";
|
||||||
};
|
};
|
||||||
sentry-sidekiq = {
|
sentry-sidekiq = {
|
||||||
dependencies = [
|
dependencies = [
|
||||||
|
@ -3572,10 +3457,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "0n1cr9g15hp08jsqabprd6q34ap61r71f33x28w1xr4ri4hllwfh";
|
sha256 = "0ksmn3ca3rrdd33azmiprbd4hrcw3fr7hiya60sqp9apg6ir36v3";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "5.17.3";
|
version = "5.16.1";
|
||||||
};
|
};
|
||||||
shoulda-matchers = {
|
shoulda-matchers = {
|
||||||
dependencies = [ "activesupport" ];
|
dependencies = [ "activesupport" ];
|
||||||
|
@ -3583,10 +3468,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "1pfq0w167v4055k0km64sxik1qslhsi32wl2jlidmfzkqmcw00m7";
|
sha256 = "1p83ca48h812h5gksw2q0x5289jsc4c417f8s6w9d4a12jzw86zi";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "6.2.0";
|
version = "6.1.0";
|
||||||
};
|
};
|
||||||
sib-api-v3-sdk = {
|
sib-api-v3-sdk = {
|
||||||
dependencies = [
|
dependencies = [
|
||||||
|
@ -3614,25 +3499,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "18ykb35ab3fsg6jj8h7kb3kbba41sls4nvwn6vxb731iyh10v4h9";
|
sha256 = "057vw807x98r4xmhyv2m2rxa8qqxr7ysn7asp5hmdvn9sa9kkm3c";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "7.2.2";
|
version = "7.2.1";
|
||||||
};
|
|
||||||
sidekiq-cron = {
|
|
||||||
dependencies = [
|
|
||||||
"fugit"
|
|
||||||
"globalid"
|
|
||||||
"sidekiq"
|
|
||||||
];
|
|
||||||
groups = [ "default" ];
|
|
||||||
platforms = [ ];
|
|
||||||
source = {
|
|
||||||
remotes = [ "https://rubygems.org" ];
|
|
||||||
sha256 = "0v09lg8kza19jmigqv5hx2ibhm75j6pa639sfy4bv2208l50hqv6";
|
|
||||||
type = "gem";
|
|
||||||
};
|
|
||||||
version = "1.12.0";
|
|
||||||
};
|
};
|
||||||
simple_xlsx_reader = {
|
simple_xlsx_reader = {
|
||||||
dependencies = [
|
dependencies = [
|
||||||
|
@ -3651,61 +3521,6 @@
|
||||||
};
|
};
|
||||||
version = "1.0.4";
|
version = "1.0.4";
|
||||||
};
|
};
|
||||||
simplecov = {
|
|
||||||
dependencies = [
|
|
||||||
"docile"
|
|
||||||
"simplecov-html"
|
|
||||||
"simplecov_json_formatter"
|
|
||||||
];
|
|
||||||
groups = [ "test" ];
|
|
||||||
platforms = [ ];
|
|
||||||
source = {
|
|
||||||
remotes = [ "https://rubygems.org" ];
|
|
||||||
sha256 = "198kcbrjxhhzca19yrdcd6jjj9sb51aaic3b0sc3pwjghg3j49py";
|
|
||||||
type = "gem";
|
|
||||||
};
|
|
||||||
version = "0.22.0";
|
|
||||||
};
|
|
||||||
simplecov-cobertura = {
|
|
||||||
dependencies = [
|
|
||||||
"rexml"
|
|
||||||
"simplecov"
|
|
||||||
];
|
|
||||||
groups = [ "test" ];
|
|
||||||
platforms = [ ];
|
|
||||||
source = {
|
|
||||||
remotes = [ "https://rubygems.org" ];
|
|
||||||
sha256 = "00izmp202y48qvmvwrh5x56cc5ivbjhgkkkjklvqmqzj9pik4r9c";
|
|
||||||
type = "gem";
|
|
||||||
};
|
|
||||||
version = "2.1.0";
|
|
||||||
};
|
|
||||||
simplecov-html = {
|
|
||||||
groups = [
|
|
||||||
"default"
|
|
||||||
"test"
|
|
||||||
];
|
|
||||||
platforms = [ ];
|
|
||||||
source = {
|
|
||||||
remotes = [ "https://rubygems.org" ];
|
|
||||||
sha256 = "0yx01bxa8pbf9ip4hagqkp5m0mqfnwnw2xk8kjraiywz4lrss6jb";
|
|
||||||
type = "gem";
|
|
||||||
};
|
|
||||||
version = "0.12.3";
|
|
||||||
};
|
|
||||||
simplecov_json_formatter = {
|
|
||||||
groups = [
|
|
||||||
"default"
|
|
||||||
"test"
|
|
||||||
];
|
|
||||||
platforms = [ ];
|
|
||||||
source = {
|
|
||||||
remotes = [ "https://rubygems.org" ];
|
|
||||||
sha256 = "0a5l0733hj7sk51j81ykfmlk2vd5vaijlq9d5fn165yyx3xii52j";
|
|
||||||
type = "gem";
|
|
||||||
};
|
|
||||||
version = "0.1.4";
|
|
||||||
};
|
|
||||||
simpleidn = {
|
simpleidn = {
|
||||||
dependencies = [ "unf" ];
|
dependencies = [ "unf" ];
|
||||||
groups = [ "default" ];
|
groups = [ "default" ];
|
||||||
|
@ -3739,10 +3554,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "035xplxkr21z73c7mzfaj7ak438w2j63118724s53fbnv8rrw790";
|
sha256 = "0607y37q3lc748ld6w5qhp9kcj1h2vi5026hsg30vb6dsdrpcyy6";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "6.0.4";
|
version = "6.0.3";
|
||||||
};
|
};
|
||||||
smart_properties = {
|
smart_properties = {
|
||||||
groups = [ "default" ];
|
groups = [ "default" ];
|
||||||
|
@ -3776,10 +3591,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "1bm5w3mp597vy0cjwx609k3jdh5zik36ffmna7hchrn9g96s45w5";
|
sha256 = "0dqpd70xcaxsa8m8zd6rq464dfczy1rm086bascv9c5b7qnn2yyp";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "4.2.1";
|
version = "4.1.3";
|
||||||
};
|
};
|
||||||
spring-commands-rspec = {
|
spring-commands-rspec = {
|
||||||
dependencies = [ "spring" ];
|
dependencies = [ "spring" ];
|
||||||
|
@ -3854,10 +3669,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "0p9g8jqcakpwmbs6f77ydmbiwbgx9c5nr6jgwxh4xx6xpig1bphq";
|
sha256 = "1742r643p4nigjj45gjjmgl3d9i5ja7klda0bhmxp02ay971c3n6";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "1.8.0";
|
version = "1.7.0";
|
||||||
};
|
};
|
||||||
swd = {
|
swd = {
|
||||||
dependencies = [
|
dependencies = [
|
||||||
|
@ -3875,17 +3690,6 @@
|
||||||
};
|
};
|
||||||
version = "2.0.3";
|
version = "2.0.3";
|
||||||
};
|
};
|
||||||
sys-proctable = {
|
|
||||||
dependencies = [ "ffi" ];
|
|
||||||
groups = [ "default" ];
|
|
||||||
platforms = [ ];
|
|
||||||
source = {
|
|
||||||
remotes = [ "https://rubygems.org" ];
|
|
||||||
sha256 = "0m3fj6j1qpfszqnsvr6wpak0d9vw5ggylaqkalhl3m50kbbimxii";
|
|
||||||
type = "gem";
|
|
||||||
};
|
|
||||||
version = "1.3.0";
|
|
||||||
};
|
|
||||||
sysexits = {
|
sysexits = {
|
||||||
groups = [
|
groups = [
|
||||||
"default"
|
"default"
|
||||||
|
@ -3932,10 +3736,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "1vq1fjp45az9hfp6fxljhdrkv75cvbab1jfrwcw738pnsiqk8zps";
|
sha256 = "1hx77jxkrwi66yvs10wfxqa8s25ds25ywgrrf66acm9nbfg7zp0s";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "1.3.1";
|
version = "1.3.0";
|
||||||
};
|
};
|
||||||
thread_safe = {
|
thread_safe = {
|
||||||
groups = [
|
groups = [
|
||||||
|
@ -4007,10 +3811,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "0ab2fr50fdzhpjlp78c17xmrd59ab32c55vrjd94wwr4khs7bxyf";
|
sha256 = "1vgz0y5ilnpgj3id9y5rshnq1hyhhjh4pjzb0hs9fv0p8kps4k07";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "2.0.5";
|
version = "2.0.2";
|
||||||
};
|
};
|
||||||
typhoeus = {
|
typhoeus = {
|
||||||
dependencies = [ "ethon" ];
|
dependencies = [ "ethon" ];
|
||||||
|
@ -4126,10 +3930,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "12xi88jvx49p15nx2168wm0r00g90mb4cxzzsjxz92akjk92mkpj";
|
sha256 = "12sm1z0lk7rhrd18i4d5zhlj4d142rsw3arpdf9nx3hpflx8ib4j";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "3.12.1";
|
version = "3.10.0";
|
||||||
};
|
};
|
||||||
virtus = {
|
virtus = {
|
||||||
dependencies = [
|
dependencies = [
|
||||||
|
@ -4230,20 +4034,10 @@
|
||||||
platforms = [ ];
|
platforms = [ ];
|
||||||
source = {
|
source = {
|
||||||
remotes = [ "https://rubygems.org" ];
|
remotes = [ "https://rubygems.org" ];
|
||||||
sha256 = "07zk8ljq5kyd1mm9qw3452fcnf7frg3irh9ql8ln2m8zbi1qf1qh";
|
sha256 = "0rc3g9hhxi6v2l1cp9q3kcjd92bhmdbrb517l4v5pyzwq2nflcyc";
|
||||||
type = "gem";
|
type = "gem";
|
||||||
};
|
};
|
||||||
version = "3.23.0";
|
version = "3.20.0";
|
||||||
};
|
|
||||||
webrick = {
|
|
||||||
groups = [ "default" ];
|
|
||||||
platforms = [ ];
|
|
||||||
source = {
|
|
||||||
remotes = [ "https://rubygems.org" ];
|
|
||||||
sha256 = "13qm7s0gr2pmfcl7dxrmq38asaza4w0i2n9my4yzs499j731wh8r";
|
|
||||||
type = "gem";
|
|
||||||
};
|
|
||||||
version = "1.8.1";
|
|
||||||
};
|
};
|
||||||
websocket = {
|
websocket = {
|
||||||
groups = [
|
groups = [
|
||||||
|
@ -4320,96 +4114,6 @@
|
||||||
};
|
};
|
||||||
version = "3.2.0";
|
version = "3.2.0";
|
||||||
};
|
};
|
||||||
yabeda = {
|
|
||||||
dependencies = [
|
|
||||||
"anyway_config"
|
|
||||||
"concurrent-ruby"
|
|
||||||
"dry-initializer"
|
|
||||||
];
|
|
||||||
groups = [ "default" ];
|
|
||||||
platforms = [ ];
|
|
||||||
source = {
|
|
||||||
remotes = [ "https://rubygems.org" ];
|
|
||||||
sha256 = "1185mqhgjzpdxs7s6y424mxrranpk5l5x1w64pwfj226gn07b3qx";
|
|
||||||
type = "gem";
|
|
||||||
};
|
|
||||||
version = "0.12.0";
|
|
||||||
};
|
|
||||||
yabeda-graphql = {
|
|
||||||
dependencies = [
|
|
||||||
"graphql"
|
|
||||||
"yabeda"
|
|
||||||
];
|
|
||||||
groups = [ "default" ];
|
|
||||||
platforms = [ ];
|
|
||||||
source = {
|
|
||||||
remotes = [ "https://rubygems.org" ];
|
|
||||||
sha256 = "0y422499vbs4m1555yvqrdjyk7bdg16rnj224zaw1b77d8irmrks";
|
|
||||||
type = "gem";
|
|
||||||
};
|
|
||||||
version = "0.2.3";
|
|
||||||
};
|
|
||||||
yabeda-prometheus = {
|
|
||||||
dependencies = [
|
|
||||||
"prometheus-client"
|
|
||||||
"rack"
|
|
||||||
"yabeda"
|
|
||||||
];
|
|
||||||
groups = [ "default" ];
|
|
||||||
platforms = [ ];
|
|
||||||
source = {
|
|
||||||
remotes = [ "https://rubygems.org" ];
|
|
||||||
sha256 = "1zfmiiv131jwvcb9dx3cnlgrrvcfzbm8ili5gi9fpyygx3580zdq";
|
|
||||||
type = "gem";
|
|
||||||
};
|
|
||||||
version = "0.9.1";
|
|
||||||
};
|
|
||||||
yabeda-puma-plugin = {
|
|
||||||
dependencies = [
|
|
||||||
"json"
|
|
||||||
"puma"
|
|
||||||
"yabeda"
|
|
||||||
];
|
|
||||||
groups = [ "default" ];
|
|
||||||
platforms = [ ];
|
|
||||||
source = {
|
|
||||||
remotes = [ "https://rubygems.org" ];
|
|
||||||
sha256 = "0yxifgq9m11n73qz9jgxsapqp67ijm5gp6y5jbdvkdcf7c2p47d4";
|
|
||||||
type = "gem";
|
|
||||||
};
|
|
||||||
version = "0.7.1";
|
|
||||||
};
|
|
||||||
yabeda-rails = {
|
|
||||||
dependencies = [
|
|
||||||
"activesupport"
|
|
||||||
"anyway_config"
|
|
||||||
"railties"
|
|
||||||
"yabeda"
|
|
||||||
];
|
|
||||||
groups = [ "default" ];
|
|
||||||
platforms = [ ];
|
|
||||||
source = {
|
|
||||||
remotes = [ "https://rubygems.org" ];
|
|
||||||
sha256 = "1nl2jpx561mpwdxf63db9yshhwfmg8k72r8d9yxnsic2wahvy4b0";
|
|
||||||
type = "gem";
|
|
||||||
};
|
|
||||||
version = "0.9.0";
|
|
||||||
};
|
|
||||||
yabeda-sidekiq = {
|
|
||||||
dependencies = [
|
|
||||||
"anyway_config"
|
|
||||||
"sidekiq"
|
|
||||||
"yabeda"
|
|
||||||
];
|
|
||||||
groups = [ "default" ];
|
|
||||||
platforms = [ ];
|
|
||||||
source = {
|
|
||||||
remotes = [ "https://rubygems.org" ];
|
|
||||||
sha256 = "142xrxc3r2l0185jzrn0r9zc6s9x7v87glrf78pi4mkan60y59q4";
|
|
||||||
type = "gem";
|
|
||||||
};
|
|
||||||
version = "0.12.0";
|
|
||||||
};
|
|
||||||
zeitwerk = {
|
zeitwerk = {
|
||||||
groups = [
|
groups = [
|
||||||
"default"
|
"default"
|
||||||
|
|
|
@ -26,13 +26,13 @@ done
|
||||||
CWD=$(pwd)
|
CWD=$(pwd)
|
||||||
|
|
||||||
TMP=$(mktemp -d)
|
TMP=$(mktemp -d)
|
||||||
cd "$TMP" || exit 1
|
cd "$TMP"
|
||||||
|
|
||||||
# Fetch the latest source or the required version
|
# Fetch the latest source or the required version
|
||||||
gitUrl="https://github.com/demarches-simplifiees/demarches-simplifiees.fr.git"
|
gitUrl="https://github.com/demarches-simplifiees/demarches-simplifiees.fr.git"
|
||||||
|
|
||||||
if [ -n "$version" ]; then
|
if [ -n "$version" ]; then
|
||||||
git clone --depth 1 --branch "$version" $gitUrl .
|
git clone --depth 1 --branch $version $gitUrl .
|
||||||
else
|
else
|
||||||
git clone --depth 1 $gitUrl .
|
git clone --depth 1 $gitUrl .
|
||||||
|
|
||||||
|
@ -48,10 +48,10 @@ cp gemset.nix Gemfile Gemfile.lock "$CWD/rubyEnv/"
|
||||||
# Print the new source details
|
# Print the new source details
|
||||||
SRC_HASH=$(nix-shell -p nurl --run "nurl --hash $gitUrl $version")
|
SRC_HASH=$(nix-shell -p nurl --run "nurl --hash $gitUrl $version")
|
||||||
|
|
||||||
# Switch to bun
|
# Print Yarn deps hash
|
||||||
nix-shell -p bun --run "bun install --frozen-lockfile --no-cache --no-progress --ignore-scripts"
|
hash=$(nix-shell -p prefetch-yarn-deps --run "prefetch-yarn-deps yarn.lock")
|
||||||
|
|
||||||
DEPS_HASH=$(nix-hash --sri --type sha256 node_modules)
|
DEPS_HASH=$(nix-hash --to-sri --type sha256 "$hash")
|
||||||
|
|
||||||
cat <<EOF >"$CWD/meta.nix"
|
cat <<EOF >"$CWD/meta.nix"
|
||||||
{
|
{
|
||||||
|
@ -61,6 +61,6 @@ cat <<EOF >"$CWD/meta.nix"
|
||||||
}
|
}
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
nix-shell -p nixfmt-rfc-style --run "nixfmt $CWD"
|
nixfmt "$CWD"
|
||||||
|
|
||||||
rm -rf "$TMP"
|
rm -rf "$TMP"
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, ... }:
|
{ config, lib, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [ ./module.nix ];
|
imports = [ ./module.nix ];
|
||||||
|
@ -6,15 +6,6 @@
|
||||||
services.k-radius = {
|
services.k-radius = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
domain = "radius.dgnum.eu";
|
|
||||||
|
|
||||||
radiusClients = {
|
|
||||||
ap = {
|
|
||||||
ipaddr = "0.0.0.0/0";
|
|
||||||
secret = config.age.secrets."radius-ap-radius-secret_file".path;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
# URL to the Kanidm server
|
# URL to the Kanidm server
|
||||||
uri = "https://sso.dgnum.eu";
|
uri = "https://sso.dgnum.eu";
|
||||||
|
@ -49,6 +40,18 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
authTokenFile = config.age.secrets."radius-auth_token_file".path;
|
authTokenFile = config.age.secrets."radius-auth_token_file".path;
|
||||||
|
privateKeyPasswordFile = config.age.secrets."radius-private_key_password_file".path;
|
||||||
|
|
||||||
|
certs = builtins.listToAttrs (
|
||||||
|
builtins.map (name: lib.nameValuePair name config.age.secrets."radius-${name}_pem_file".path) [
|
||||||
|
"ca"
|
||||||
|
"cert"
|
||||||
|
"dh"
|
||||||
|
"key"
|
||||||
|
]
|
||||||
|
);
|
||||||
|
|
||||||
|
radiusClients = { };
|
||||||
};
|
};
|
||||||
|
|
||||||
age-secrets.autoMatch = [ "radius" ];
|
age-secrets.autoMatch = [ "radius" ];
|
196
machines/compute01/k-radius/module.nix
Normal file
196
machines/compute01/k-radius/module.nix
Normal file
|
@ -0,0 +1,196 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
|
let
|
||||||
|
inherit (lib)
|
||||||
|
mkEnableOption
|
||||||
|
mkIf
|
||||||
|
mkOption
|
||||||
|
types
|
||||||
|
;
|
||||||
|
|
||||||
|
settingsFormat = pkgs.formats.toml { };
|
||||||
|
|
||||||
|
py-pkgs = import ./packages/python { inherit pkgs; };
|
||||||
|
pykanidm = pkgs.callPackage ./packages/pykanidm.nix { inherit (py-pkgs) pydantic; };
|
||||||
|
rlm_python = pkgs.callPackage ./packages/rlm_python.nix { inherit pykanidm; };
|
||||||
|
|
||||||
|
cfg = config.services.k-radius;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.services.k-radius = {
|
||||||
|
enable = mkEnableOption "a freeradius service linked to kanidm.";
|
||||||
|
|
||||||
|
settings = mkOption { inherit (settingsFormat) type; };
|
||||||
|
|
||||||
|
freeradius = mkOption {
|
||||||
|
type = types.package;
|
||||||
|
default = pkgs.freeradius.overrideAttrs (old: {
|
||||||
|
buildInputs = (old.buildInputs or [ ]) ++ [ (pkgs.python3.withPackages (ps: [ ps.kanidm ])) ];
|
||||||
|
});
|
||||||
|
};
|
||||||
|
|
||||||
|
configDir = mkOption {
|
||||||
|
type = types.path;
|
||||||
|
default = "/var/lib/radius/raddb";
|
||||||
|
description = "The path of the freeradius server configuration directory.";
|
||||||
|
};
|
||||||
|
|
||||||
|
authTokenFile = mkOption {
|
||||||
|
type = types.path;
|
||||||
|
description = "File to the auth token for the service account.";
|
||||||
|
};
|
||||||
|
|
||||||
|
radiusClients = mkOption {
|
||||||
|
type = types.attrsOf (
|
||||||
|
types.submodule {
|
||||||
|
options = {
|
||||||
|
secret = mkOption { type = types.path; };
|
||||||
|
ipaddr = mkOption { type = types.str; };
|
||||||
|
};
|
||||||
|
}
|
||||||
|
);
|
||||||
|
default = { };
|
||||||
|
description = "A mapping of clients and their authentication tokens.";
|
||||||
|
};
|
||||||
|
|
||||||
|
certs = {
|
||||||
|
ca = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
description = "The signing CA of the RADIUS certificate.";
|
||||||
|
};
|
||||||
|
dh = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
description = "The output of `openssl dhparam -in ca.pem -out dh.pem 2048`.";
|
||||||
|
};
|
||||||
|
cert = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
description = "The certificate for the RADIUS server.";
|
||||||
|
};
|
||||||
|
key = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
description = "The signing key for the RADIUS certificate.";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
privateKeyPasswordFile = mkOption { type = types.path; };
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
users = {
|
||||||
|
users.radius = {
|
||||||
|
group = "radius";
|
||||||
|
description = "Radius daemon user";
|
||||||
|
isSystemUser = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
groups.radius = { };
|
||||||
|
};
|
||||||
|
|
||||||
|
services.k-radius.settings = {
|
||||||
|
ca_path = cfg.certs.ca;
|
||||||
|
|
||||||
|
radius_cert_path = cfg.certs.cert;
|
||||||
|
radius_key_path = cfg.certs.key;
|
||||||
|
radius_dh_path = cfg.certs.dh;
|
||||||
|
radius_ca_path = cfg.certs.ca;
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.radius = {
|
||||||
|
description = "FreeRadius server";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network.target" ];
|
||||||
|
wants = [ "network.target" ];
|
||||||
|
|
||||||
|
preStart = ''
|
||||||
|
cp -R ${cfg.freeradius}/etc/raddb/* ${cfg.configDir}
|
||||||
|
cp -R ${rlm_python}/etc/raddb/* ${cfg.configDir}
|
||||||
|
|
||||||
|
chmod -R u+w ${cfg.configDir}
|
||||||
|
|
||||||
|
# disable auth via methods kanidm doesn't support
|
||||||
|
rm ${cfg.configDir}/mods-available/sql
|
||||||
|
rm ${cfg.configDir}/mods-enabled/{passwd,totp}
|
||||||
|
|
||||||
|
# enable the python and cache modules
|
||||||
|
ln -nsf ${cfg.configDir}/mods-available/python3 ${cfg.configDir}/mods-enabled/python3
|
||||||
|
ln -nsf ${cfg.configDir}/sites-available/check-eap-tls ${cfg.configDir}/sites-enabled/check-eap-tls
|
||||||
|
|
||||||
|
# write the clients configuration
|
||||||
|
rm ${cfg.configDir}/clients.conf && touch ${cfg.configDir}/clients.conf
|
||||||
|
${builtins.concatStringsSep "\n" (
|
||||||
|
builtins.attrValues (
|
||||||
|
builtins.mapAttrs (
|
||||||
|
name:
|
||||||
|
{ secret, ipaddr }:
|
||||||
|
''
|
||||||
|
cat <<EOF >> ${cfg.configDir}/clients.conf
|
||||||
|
client ${name} {
|
||||||
|
ipaddr = ${ipaddr}
|
||||||
|
secret = $(cat "${secret}")
|
||||||
|
proto = *
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
''
|
||||||
|
) cfg.radiusClients
|
||||||
|
)
|
||||||
|
)}
|
||||||
|
|
||||||
|
# Copy the kanidm configuration
|
||||||
|
cat <<EOF > /var/lib/radius/kanidm.toml
|
||||||
|
auth_token = "$(cat "${cfg.authTokenFile}")"
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cat ${settingsFormat.generate "kanidm.toml" cfg.settings} >> /var/lib/radius/kanidm.toml
|
||||||
|
chmod u+w /var/lib/radius/kanidm.toml
|
||||||
|
|
||||||
|
# Copy the certificates to the correct directory
|
||||||
|
rm -rf ${cfg.configDir}/certs && mkdir -p ${cfg.configDir}/certs
|
||||||
|
|
||||||
|
cp ${cfg.certs.ca} ${cfg.configDir}/certs/ca.pem
|
||||||
|
|
||||||
|
${pkgs.openssl}/bin/openssl rehash ${cfg.configDir}/certs
|
||||||
|
|
||||||
|
cp ${cfg.certs.dh} ${cfg.configDir}/certs/dh.pem
|
||||||
|
|
||||||
|
cat ${cfg.certs.cert} ${cfg.certs.key} > ${cfg.configDir}/certs/server.pem
|
||||||
|
|
||||||
|
# Write the password of the private_key in the eap module
|
||||||
|
sed -i ${cfg.configDir}/mods-available/eap \
|
||||||
|
-e "s/whatever/$(cat "${cfg.privateKeyPasswordFile}")/"
|
||||||
|
|
||||||
|
# Check the configuration
|
||||||
|
# ${pkgs.freeradius}/bin/radiusd -C -d ${cfg.configDir} -l stdout
|
||||||
|
'';
|
||||||
|
|
||||||
|
path = [
|
||||||
|
pkgs.openssl
|
||||||
|
pkgs.gnused
|
||||||
|
];
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = "${cfg.freeradius}/bin/radiusd -X -f -d ${cfg.configDir} -l stdout";
|
||||||
|
ExecReload = [
|
||||||
|
"${cfg.freeradius}/bin/radiusd -C -d ${cfg.configDir} -l stdout"
|
||||||
|
"${pkgs.coreutils}/bin/kill -HUP $MAINPID"
|
||||||
|
];
|
||||||
|
User = "radius";
|
||||||
|
Group = "radius";
|
||||||
|
DynamicUser = true;
|
||||||
|
Restart = "on-failure";
|
||||||
|
RestartSec = 2;
|
||||||
|
LogsDirectory = "radius";
|
||||||
|
StateDirectory = "radius";
|
||||||
|
RuntimeDirectory = "radius";
|
||||||
|
Environment = [
|
||||||
|
"KANIDM_RLM_CONFIG=/var/lib/radius/kanidm.toml"
|
||||||
|
"PYTHONPATH=${rlm_python.pythonPath}"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
52
machines/compute01/k-radius/packages/pykanidm.nix
Normal file
52
machines/compute01/k-radius/packages/pykanidm.nix
Normal file
|
@ -0,0 +1,52 @@
|
||||||
|
{
|
||||||
|
lib,
|
||||||
|
fetchFromGitHub,
|
||||||
|
python3,
|
||||||
|
pydantic,
|
||||||
|
}:
|
||||||
|
|
||||||
|
let
|
||||||
|
pname = "kanidm";
|
||||||
|
version = "0.0.3";
|
||||||
|
in
|
||||||
|
python3.pkgs.buildPythonPackage {
|
||||||
|
inherit pname version;
|
||||||
|
format = "pyproject";
|
||||||
|
|
||||||
|
disabled = python3.pythonOlder "3.8";
|
||||||
|
|
||||||
|
src =
|
||||||
|
(fetchFromGitHub {
|
||||||
|
owner = pname;
|
||||||
|
repo = pname;
|
||||||
|
# Latest 1.1.0-rc.15 tip
|
||||||
|
rev = "a5ca8018e3a636dbb0a79b3fd869db059d92979d";
|
||||||
|
hash = "sha256-PFGoeGn7a/lVR6rOmOKA3ydAoo3/+9RlkwBAKS22Psg=";
|
||||||
|
})
|
||||||
|
+ "/pykanidm";
|
||||||
|
|
||||||
|
nativeBuildInputs = with python3.pkgs; [ poetry-core ];
|
||||||
|
|
||||||
|
propagatedBuildInputs = with python3.pkgs; [
|
||||||
|
aiohttp
|
||||||
|
pydantic
|
||||||
|
toml
|
||||||
|
(authlib.overridePythonAttrs (_: {
|
||||||
|
doCheck = false;
|
||||||
|
}))
|
||||||
|
];
|
||||||
|
|
||||||
|
doCheck = false;
|
||||||
|
|
||||||
|
pythonImportsCheck = [ "kanidm" ];
|
||||||
|
|
||||||
|
meta = with lib; {
|
||||||
|
description = "Kanidm client library";
|
||||||
|
homepage = "https://github.com/kanidm/kanidm/tree/master/pykanidm";
|
||||||
|
license = licenses.mpl20;
|
||||||
|
maintainers = with maintainers; [
|
||||||
|
arianvp
|
||||||
|
hexa
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,18 @@
|
||||||
|
diff --git a/pyproject.toml b/pyproject.toml
|
||||||
|
index 1602e32..507048d 100644
|
||||||
|
--- a/pyproject.toml
|
||||||
|
+++ b/pyproject.toml
|
||||||
|
@@ -72,13 +72,6 @@ filterwarnings = [
|
||||||
|
]
|
||||||
|
timeout = 30
|
||||||
|
xfail_strict = true
|
||||||
|
-# min, max, mean, stddev, median, iqr, outliers, ops, rounds, iterations
|
||||||
|
-addopts = [
|
||||||
|
- '--benchmark-columns', 'min,mean,stddev,outliers,rounds,iterations',
|
||||||
|
- '--benchmark-group-by', 'group',
|
||||||
|
- '--benchmark-warmup', 'on',
|
||||||
|
- '--benchmark-disable', # this is enable by `make benchmark` when you actually want to run benchmarks
|
||||||
|
-]
|
||||||
|
|
||||||
|
[tool.coverage.run]
|
||||||
|
source = ['pydantic_core']
|
20
machines/compute01/k-radius/packages/python/default.nix
Normal file
20
machines/compute01/k-radius/packages/python/default.nix
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
{ pkgs }:
|
||||||
|
|
||||||
|
let
|
||||||
|
inherit (pkgs) lib;
|
||||||
|
|
||||||
|
callPackage = lib.callPackageWith (pkgs // pkgs.python3.pkgs // self);
|
||||||
|
|
||||||
|
self = builtins.listToAttrs (
|
||||||
|
builtins.map
|
||||||
|
(name: {
|
||||||
|
inherit name;
|
||||||
|
value = callPackage (./. + "/${name}.nix") { };
|
||||||
|
})
|
||||||
|
[
|
||||||
|
"pydantic"
|
||||||
|
"pydantic-core"
|
||||||
|
]
|
||||||
|
);
|
||||||
|
in
|
||||||
|
self
|
|
@ -0,0 +1,84 @@
|
||||||
|
{
|
||||||
|
stdenv,
|
||||||
|
lib,
|
||||||
|
buildPythonPackage,
|
||||||
|
fetchFromGitHub,
|
||||||
|
cargo,
|
||||||
|
rustPlatform,
|
||||||
|
rustc,
|
||||||
|
libiconv,
|
||||||
|
typing-extensions,
|
||||||
|
pytestCheckHook,
|
||||||
|
hypothesis,
|
||||||
|
pytest-timeout,
|
||||||
|
pytest-mock,
|
||||||
|
dirty-equals,
|
||||||
|
}:
|
||||||
|
|
||||||
|
let
|
||||||
|
pydantic-core = buildPythonPackage rec {
|
||||||
|
pname = "pydantic-core";
|
||||||
|
version = "2.14.5";
|
||||||
|
format = "pyproject";
|
||||||
|
|
||||||
|
src = fetchFromGitHub {
|
||||||
|
owner = "pydantic";
|
||||||
|
repo = "pydantic-core";
|
||||||
|
rev = "refs/tags/v${version}";
|
||||||
|
hash = "sha256-UguZpA3KEutOgIavjx8Ie//0qJq+4FTZNQTwb/ZIgb8=";
|
||||||
|
};
|
||||||
|
|
||||||
|
patches = [ ./01-remove-benchmark-flags.patch ];
|
||||||
|
|
||||||
|
cargoDeps = rustPlatform.fetchCargoTarball {
|
||||||
|
inherit src;
|
||||||
|
name = "${pname}-${version}";
|
||||||
|
hash = "sha256-mMgw922QjHmk0yimXfolLNiYZntTsGydQywe7PTNnwc=";
|
||||||
|
};
|
||||||
|
|
||||||
|
nativeBuildInputs = [
|
||||||
|
cargo
|
||||||
|
rustPlatform.cargoSetupHook
|
||||||
|
rustPlatform.maturinBuildHook
|
||||||
|
rustc
|
||||||
|
typing-extensions
|
||||||
|
];
|
||||||
|
|
||||||
|
buildInputs = lib.optionals stdenv.isDarwin [ libiconv ];
|
||||||
|
|
||||||
|
propagatedBuildInputs = [ typing-extensions ];
|
||||||
|
|
||||||
|
pythonImportsCheck = [ "pydantic_core" ];
|
||||||
|
|
||||||
|
# escape infinite recursion with pydantic via dirty-equals
|
||||||
|
doCheck = false;
|
||||||
|
passthru.tests.pytest = pydantic-core.overrideAttrs { doCheck = true; };
|
||||||
|
|
||||||
|
nativeCheckInputs = [
|
||||||
|
pytestCheckHook
|
||||||
|
hypothesis
|
||||||
|
pytest-timeout
|
||||||
|
dirty-equals
|
||||||
|
pytest-mock
|
||||||
|
];
|
||||||
|
|
||||||
|
disabledTests = [
|
||||||
|
# RecursionError: maximum recursion depth exceeded while calling a Python object
|
||||||
|
"test_recursive"
|
||||||
|
];
|
||||||
|
|
||||||
|
disabledTestPaths = [
|
||||||
|
# no point in benchmarking in nixpkgs build farm
|
||||||
|
"tests/benchmarks"
|
||||||
|
];
|
||||||
|
|
||||||
|
meta = with lib; {
|
||||||
|
changelog = "https://github.com/pydantic/pydantic-core/releases/tag/v${version}";
|
||||||
|
description = "Core validation logic for pydantic written in rust";
|
||||||
|
homepage = "https://github.com/pydantic/pydantic-core";
|
||||||
|
license = licenses.mit;
|
||||||
|
maintainers = with maintainers; [ blaggacao ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
in
|
||||||
|
pydantic-core
|
92
machines/compute01/k-radius/packages/python/pydantic.nix
Normal file
92
machines/compute01/k-radius/packages/python/pydantic.nix
Normal file
|
@ -0,0 +1,92 @@
|
||||||
|
{
|
||||||
|
lib,
|
||||||
|
buildPythonPackage,
|
||||||
|
fetchFromGitHub,
|
||||||
|
pythonOlder,
|
||||||
|
|
||||||
|
# build-system
|
||||||
|
hatchling,
|
||||||
|
hatch-fancy-pypi-readme,
|
||||||
|
|
||||||
|
# native dependencies
|
||||||
|
libxcrypt,
|
||||||
|
|
||||||
|
# dependencies
|
||||||
|
annotated-types,
|
||||||
|
pydantic-core,
|
||||||
|
typing-extensions,
|
||||||
|
|
||||||
|
# tests
|
||||||
|
cloudpickle,
|
||||||
|
email-validator,
|
||||||
|
dirty-equals,
|
||||||
|
faker,
|
||||||
|
pytestCheckHook,
|
||||||
|
pytest-mock,
|
||||||
|
}:
|
||||||
|
|
||||||
|
buildPythonPackage rec {
|
||||||
|
pname = "pydantic";
|
||||||
|
version = "2.5.2";
|
||||||
|
pyproject = true;
|
||||||
|
|
||||||
|
disabled = pythonOlder "3.7";
|
||||||
|
|
||||||
|
src = fetchFromGitHub {
|
||||||
|
owner = "pydantic";
|
||||||
|
repo = "pydantic";
|
||||||
|
rev = "refs/tags/v${version}";
|
||||||
|
hash = "sha256-D0gYcyrKVVDhBgV9sCVTkGq/kFmIoT9l0i5bRM1qxzM=";
|
||||||
|
};
|
||||||
|
|
||||||
|
buildInputs = lib.optionals (pythonOlder "3.9") [ libxcrypt ];
|
||||||
|
|
||||||
|
nativeBuildInputs = [
|
||||||
|
hatch-fancy-pypi-readme
|
||||||
|
hatchling
|
||||||
|
];
|
||||||
|
|
||||||
|
propagatedBuildInputs = [
|
||||||
|
annotated-types
|
||||||
|
pydantic-core
|
||||||
|
typing-extensions
|
||||||
|
];
|
||||||
|
|
||||||
|
passthru.optional-dependencies = {
|
||||||
|
email = [ email-validator ];
|
||||||
|
};
|
||||||
|
|
||||||
|
nativeCheckInputs = [
|
||||||
|
cloudpickle
|
||||||
|
dirty-equals
|
||||||
|
faker
|
||||||
|
pytest-mock
|
||||||
|
pytestCheckHook
|
||||||
|
] ++ lib.flatten (lib.attrValues passthru.optional-dependencies);
|
||||||
|
|
||||||
|
preCheck = ''
|
||||||
|
export HOME=$(mktemp -d)
|
||||||
|
substituteInPlace pyproject.toml \
|
||||||
|
--replace "'--benchmark-columns', 'min,mean,stddev,outliers,rounds,iterations'," "" \
|
||||||
|
--replace "'--benchmark-group-by', 'group'," "" \
|
||||||
|
--replace "'--benchmark-warmup', 'on'," "" \
|
||||||
|
--replace "'--benchmark-disable'," ""
|
||||||
|
'';
|
||||||
|
|
||||||
|
disabledTestPaths = [
|
||||||
|
"tests/benchmarks"
|
||||||
|
|
||||||
|
# avoid cyclic dependency
|
||||||
|
"tests/test_docs.py"
|
||||||
|
];
|
||||||
|
|
||||||
|
pythonImportsCheck = [ "pydantic" ];
|
||||||
|
|
||||||
|
meta = with lib; {
|
||||||
|
description = "Data validation and settings management using Python type hinting";
|
||||||
|
homepage = "https://github.com/pydantic/pydantic";
|
||||||
|
changelog = "https://github.com/pydantic/pydantic/blob/v${version}/HISTORY.md";
|
||||||
|
license = licenses.mit;
|
||||||
|
maintainers = with maintainers; [ wd15 ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,13 +1,13 @@
|
||||||
diff --git a/mods-available/python3 b/mods-available/python3
|
diff --git a/rlm_python/mods-available/python3 b/rlm_python/mods-available/python3
|
||||||
index 978536f8a..90c71fca0 100644
|
index 978536f8a..90c71fca0 100644
|
||||||
--- a/mods-available/python3
|
--- a/rlm_python/mods-available/python3
|
||||||
+++ b/mods-available/python3
|
+++ b/rlm_python/mods-available/python3
|
||||||
@@ -13,7 +13,7 @@ python3 {
|
@@ -13,7 +13,7 @@ python3 {
|
||||||
# item is GLOBAL TO THE SERVER. That is, you cannot have two
|
# item is GLOBAL TO THE SERVER. That is, you cannot have two
|
||||||
# instances of the python module, each with a different path.
|
# instances of the python module, each with a different path.
|
||||||
#
|
#
|
||||||
- python_path="/usr/lib64/python3.8:/usr/lib/python3.8:/usr/lib/python3.8/site-packages:/usr/lib64/python3.8/site-packages:/usr/lib64/python3.8/lib-dynload:/usr/local/lib/python3.8/site-packages:/etc/raddb/mods-config/python3/"
|
- python_path="/usr/lib64/python3.8:/usr/lib/python3.8:/usr/lib/python3.8/site-packages:/usr/lib64/python3.8/site-packages:/usr/lib64/python3.8/lib-dynload:/usr/local/lib/python3.8/site-packages:/etc/raddb/mods-config/python3/"
|
||||||
+ python_path="@pythonPath@:/etc/raddb/mods-config/python3/"
|
+ python_path="@kanidm_python@:/etc/raddb/mods-config/python3/"
|
||||||
|
|
||||||
module = "kanidm.radius"
|
module = "kanidm.radius"
|
||||||
# python_path = ${modconfdir}/${.:name}
|
# python_path = ${modconfdir}/${.:name}
|
45
machines/compute01/k-radius/packages/rlm_python.nix
Normal file
45
machines/compute01/k-radius/packages/rlm_python.nix
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
{
|
||||||
|
stdenv,
|
||||||
|
fetchFromGitHub,
|
||||||
|
python3,
|
||||||
|
pykanidm,
|
||||||
|
}:
|
||||||
|
|
||||||
|
let
|
||||||
|
pythonPath = with python3.pkgs; makePythonPath [ pykanidm ];
|
||||||
|
in
|
||||||
|
stdenv.mkDerivation rec {
|
||||||
|
pname = "rlm_python";
|
||||||
|
version = "1.1.0-rc.15";
|
||||||
|
|
||||||
|
src = fetchFromGitHub {
|
||||||
|
owner = "kanidm";
|
||||||
|
repo = "kanidm";
|
||||||
|
rev = "v${version}";
|
||||||
|
hash = "sha256-0y8juXS61Z9zxOdsWAQ6lJurP+n855Nela6egYRecok=";
|
||||||
|
};
|
||||||
|
|
||||||
|
patches = [ ./python_path.patch ];
|
||||||
|
|
||||||
|
postPatch = ''
|
||||||
|
substituteInPlace rlm_python/mods-available/python3 \
|
||||||
|
--replace "@kanidm_python@" "${pythonPath}"
|
||||||
|
'';
|
||||||
|
|
||||||
|
installPhase = ''
|
||||||
|
mkdir -p $out/etc/raddb/
|
||||||
|
cp -R rlm_python/{mods-available,sites-available} $out/etc/raddb/
|
||||||
|
'';
|
||||||
|
|
||||||
|
phases = [
|
||||||
|
"unpackPhase"
|
||||||
|
"patchPhase"
|
||||||
|
"installPhase"
|
||||||
|
];
|
||||||
|
|
||||||
|
passthru = {
|
||||||
|
inherit pythonPath;
|
||||||
|
};
|
||||||
|
|
||||||
|
preferLocalBuild = true;
|
||||||
|
}
|
|
@ -1,38 +1,24 @@
|
||||||
{
|
{ config, sources, ... }:
|
||||||
config,
|
|
||||||
lib,
|
|
||||||
nixpkgs,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
|
|
||||||
let
|
let
|
||||||
inherit (lib) escapeRegex concatStringsSep;
|
|
||||||
|
|
||||||
domain = "sso.dgnum.eu";
|
domain = "sso.dgnum.eu";
|
||||||
|
|
||||||
cert = config.security.acme.certs.${domain};
|
cert = config.security.acme.certs.${domain};
|
||||||
|
|
||||||
allowedDomains = builtins.map escapeRegex (
|
allowedSubDomains = [
|
||||||
(builtins.map (s: "${s}.dgnum.eu") [
|
"cloud"
|
||||||
# DGNum subdomains
|
"git"
|
||||||
"cloud"
|
"videos"
|
||||||
"git"
|
"social"
|
||||||
"videos"
|
"demarches"
|
||||||
"social"
|
"netbird"
|
||||||
"demarches"
|
];
|
||||||
"netbird"
|
|
||||||
])
|
|
||||||
++ [
|
|
||||||
# Extra domains
|
|
||||||
"netbird-beta.hubrecht.ovh"
|
|
||||||
]
|
|
||||||
);
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
services.kanidm = {
|
services.kanidm = {
|
||||||
enableServer = true;
|
enableServer = true;
|
||||||
|
|
||||||
package = nixpkgs.unstable.kanidm;
|
package = (import sources.nixos-unstable { }).kanidm;
|
||||||
|
|
||||||
serverSettings = {
|
serverSettings = {
|
||||||
inherit domain;
|
inherit domain;
|
||||||
|
@ -67,7 +53,7 @@ in
|
||||||
|
|
||||||
set $origin $http_origin;
|
set $origin $http_origin;
|
||||||
|
|
||||||
if ($origin !~ '^https?://(${concatStringsSep "|" allowedDomains})$') {
|
if ($origin !~ '^https?://(${builtins.concatStringsSep "|" allowedSubDomains})\.dgnum\.eu$') {
|
||||||
set $origin 'https://${domain}';
|
set $origin 'https://${domain}';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -9,12 +9,8 @@ in
|
||||||
|
|
||||||
localDomain = host;
|
localDomain = host;
|
||||||
smtp = {
|
smtp = {
|
||||||
fromAddress = "noreply@infra.dgnum.eu";
|
# TODO: smtp setup
|
||||||
host = "kurisu.lahfa.xyz";
|
fromAddress = "social@services.dgnum.eu";
|
||||||
port = 465;
|
|
||||||
user = "web-services@infra.dgnum.eu";
|
|
||||||
passwordFile = config.age.secrets.mastodon-smtp-password.path;
|
|
||||||
authenticate = true;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
streamingProcesses = 4;
|
streamingProcesses = 4;
|
||||||
|
@ -26,8 +22,6 @@ in
|
||||||
# LOCAL_DOMAIN = "dgnum.eu";
|
# LOCAL_DOMAIN = "dgnum.eu";
|
||||||
WEB_DOMAIN = host;
|
WEB_DOMAIN = host;
|
||||||
|
|
||||||
SMTP_TLS = "true";
|
|
||||||
|
|
||||||
RAILS_LOG_LEVEL = "warn";
|
RAILS_LOG_LEVEL = "warn";
|
||||||
|
|
||||||
# ObjectStorage configuration
|
# ObjectStorage configuration
|
||||||
|
|
|
@ -9,16 +9,22 @@ in
|
||||||
enable = true;
|
enable = true;
|
||||||
hostName = host;
|
hostName = host;
|
||||||
|
|
||||||
package = pkgs.nextcloud29;
|
package = pkgs.nextcloud28;
|
||||||
|
|
||||||
https = true;
|
https = true;
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
|
overwriteProtocol = "https";
|
||||||
|
|
||||||
dbtype = "pgsql";
|
dbtype = "pgsql";
|
||||||
|
|
||||||
adminpassFile = config.age.secrets."nextcloud-adminpass_file".path;
|
adminpassFile = config.age.secrets."nextcloud-adminpass_file".path;
|
||||||
adminuser = "thubrecht";
|
adminuser = "thubrecht";
|
||||||
|
|
||||||
|
defaultPhoneRegion = "FR";
|
||||||
|
|
||||||
|
trustedProxies = [ "::1" ];
|
||||||
|
|
||||||
objectstore.s3 = {
|
objectstore.s3 = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
|
@ -65,17 +71,11 @@ in
|
||||||
|
|
||||||
autoUpdateApps.enable = true;
|
autoUpdateApps.enable = true;
|
||||||
|
|
||||||
settings = {
|
extraOptions = {
|
||||||
overwriteprotocol = "https";
|
|
||||||
|
|
||||||
overwritehost = host;
|
overwritehost = host;
|
||||||
"overwrite.cli.url" = "https://${host}";
|
"overwrite.cli.url" = "https://${host}";
|
||||||
updatechecker = false;
|
updatechecker = false;
|
||||||
|
|
||||||
default_phone_region = "FR";
|
|
||||||
|
|
||||||
trusted_proxies = [ "::1" ];
|
|
||||||
|
|
||||||
allow_local_remote_servers = true;
|
allow_local_remote_servers = true;
|
||||||
maintenance_window_start = 1;
|
maintenance_window_start = 1;
|
||||||
|
|
||||||
|
@ -97,12 +97,15 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
virtualisation.oci-containers = {
|
virtualisation.oci-containers = {
|
||||||
|
# # Since 22.05, the default driver is podman but it doesn't work
|
||||||
|
# # with podman. It would however be nice to switch to podman.
|
||||||
|
# backend = "docker";
|
||||||
containers.collabora = {
|
containers.collabora = {
|
||||||
image = "collabora/code";
|
image = "collabora/code";
|
||||||
imageFile = pkgs.dockerTools.pullImage {
|
imageFile = pkgs.dockerTools.pullImage {
|
||||||
imageName = "collabora/code";
|
imageName = "collabora/code";
|
||||||
imageDigest = "sha256:07da8a191b37058514dfdf921ea8c2270c6634fa659acee774cf8594f86950e4";
|
imageDigest = "sha256:a8cce07c949aa59cea0a7f1f220266a1a6d886c717c3b5005782baf6f384d645";
|
||||||
sha256 = "sha256-5oaz07NQScHUVN/HznzZGQ2bGrU/V1GhI+9btXHz0GM=";
|
sha256 = "sha256-lN6skv62x+x7G7SNOUyZ8W6S/uScrkqE1nbBwwSEWXQ=";
|
||||||
};
|
};
|
||||||
ports = [ "9980:9980" ];
|
ports = [ "9980:9980" ];
|
||||||
environment = {
|
environment = {
|
||||||
|
@ -110,7 +113,6 @@ in
|
||||||
extra_params = "--o:ssl.enable=false --o:ssl.termination=true --o:remote_font_config.url=https://cloud.dgnum.eu/apps/richdocuments/settings/fonts.json";
|
extra_params = "--o:ssl.enable=false --o:ssl.termination=true --o:remote_font_config.url=https://cloud.dgnum.eu/apps/richdocuments/settings/fonts.json";
|
||||||
};
|
};
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--network=host"
|
|
||||||
"--cap-add"
|
"--cap-add"
|
||||||
"MKNOD"
|
"MKNOD"
|
||||||
"--cap-add"
|
"--cap-add"
|
||||||
|
|
|
@ -1,34 +0,0 @@
|
||||||
{ pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
services.postgresql = {
|
|
||||||
enable = true;
|
|
||||||
|
|
||||||
package = pkgs.postgresql_16;
|
|
||||||
|
|
||||||
settings = {
|
|
||||||
checkpoint_completion_target = 0.90625;
|
|
||||||
default_statistics_target = 100;
|
|
||||||
effective_cache_size = "32GB";
|
|
||||||
effective_io_concurrency = 200;
|
|
||||||
maintenance_work_mem = "2GB";
|
|
||||||
max_connections = 500;
|
|
||||||
max_parallel_maintenance_workers = 4;
|
|
||||||
max_parallel_workers = 12;
|
|
||||||
max_parallel_workers_per_gather = 4;
|
|
||||||
max_wal_size = "4GB";
|
|
||||||
max_worker_processes = 12;
|
|
||||||
min_wal_size = "1GB";
|
|
||||||
random_page_cost = 1.125;
|
|
||||||
shared_buffers = "16GB";
|
|
||||||
wal_buffers = "16MB";
|
|
||||||
work_mem = "83886kB";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
dgn-console = {
|
|
||||||
# Update the versions below for upgrading
|
|
||||||
pg-upgrade-to = pkgs.postgresql_16.withPackages (ps: [ ps.postgis ]);
|
|
||||||
pg-upgrade-from = pkgs.postgresql_16.withPackages (ps: [ ps.postgis ]);
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,7 +1,7 @@
|
||||||
{
|
{
|
||||||
lib,
|
lib,
|
||||||
python3,
|
python3,
|
||||||
fetchFromGitHub,
|
fetchPypi,
|
||||||
cookies-samesite-compat,
|
cookies-samesite-compat,
|
||||||
pyop,
|
pyop,
|
||||||
}:
|
}:
|
||||||
|
@ -11,13 +11,17 @@ python3.pkgs.buildPythonPackage rec {
|
||||||
version = "8.4.0";
|
version = "8.4.0";
|
||||||
pyproject = true;
|
pyproject = true;
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchPypi {
|
||||||
owner = "IdentityPython";
|
pname = "SATOSA";
|
||||||
repo = "SATOSA";
|
inherit version;
|
||||||
rev = "v${version}";
|
hash = "sha256-KREROjb157RJJVRr9YefzoR/eflR/U7ZmG6yOH5DjcU=";
|
||||||
hash = "sha256-q7XmZ3EnAFO1OXIhXIF4Vd0H8uaayFIHFZpWiZUsAFA=";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
nativeBuildInputs = [
|
||||||
|
python3.pkgs.setuptools
|
||||||
|
python3.pkgs.wheel
|
||||||
|
];
|
||||||
|
|
||||||
propagatedBuildInputs = with python3.pkgs; [
|
propagatedBuildInputs = with python3.pkgs; [
|
||||||
chevron
|
chevron
|
||||||
click
|
click
|
||||||
|
@ -46,7 +50,7 @@ python3.pkgs.buildPythonPackage rec {
|
||||||
description = "Protocol proxy (SAML/OIDC)";
|
description = "Protocol proxy (SAML/OIDC)";
|
||||||
homepage = "https://pypi.org/project/SATOSA";
|
homepage = "https://pypi.org/project/SATOSA";
|
||||||
license = licenses.asl20;
|
license = licenses.asl20;
|
||||||
maintainers = with maintainers; [ thubrecht ];
|
maintainers = with maintainers; [ ];
|
||||||
mainProgram = "satosa";
|
mainProgram = "satosa";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Binary file not shown.
Binary file not shown.
|
@ -1,28 +0,0 @@
|
||||||
age-encryption.org/v1
|
|
||||||
-> ssh-ed25519 jIXfPA T6TOJOuejaoxw3zdeLzGm0CrSkDCCIRenL7wMGnDtlU
|
|
||||||
dubdAXhc32S6BszHddOcMA6aStZLOvc+36s3nZsYFMU
|
|
||||||
-> ssh-ed25519 QlRB9Q akzRDbZzo0LwoS1cOwE/tYdz7M+6bhgI81d37d1GtBw
|
|
||||||
KsGqFhkjlcJNquMi2+1TfQDBy9qguwh5ED9KBg4Y2hU
|
|
||||||
-> ssh-ed25519 r+nK/Q bL6A9O6UnjjyY+iLvbQSvSTjXX38FLsNjaSngoQXHxY
|
|
||||||
YZ7Y11inKpzA2m6lro9XXX2qkW6FmkeFGZ3Ak6X+U2w
|
|
||||||
-> ssh-rsa krWCLQ
|
|
||||||
dZVUqAyqrP3KHZlpu70IBU8U3I9IP71RzjbiF1rp4rOdz4iQ9ik88ai+hXVuadcN
|
|
||||||
DMl/7pIkVky6EL8JxFXTQhLivJUpO3NcN3iAS+CLKC+0EFVc03sLyCjn8IExO85r
|
|
||||||
Lec37ICk9n4LUNEA91A2h4C8U9TbDxCt7MLrIKcQtfFcd+4U1o9g3n19xo9PK1Ho
|
|
||||||
mcqTbUVgW1nOLxsEeCp5zsCQ+/8tFLcnK08yUB0RlWK+PDFZkk8u8Q2SYZjnaeEp
|
|
||||||
cwOhUnm/1a15IbW2oGCrVaEd/ymnLDJc6S7vXGpFDWHmOzvJ4Av9KZlGFYaWCjbV
|
|
||||||
7bGIgWkiQ7iJvTxzu0ZEqw
|
|
||||||
-> ssh-ed25519 /vwQcQ /DR3Kox7XkbdYQH7SyIc9atjwwe7Ah7hH/63RlzDd0g
|
|
||||||
k/199lCIfxR7l4ETJMEr1Ch1Zx8v3M5zn0b8mg6ip2k
|
|
||||||
-> ssh-ed25519 0R97PA H1PS+SlW5FNOf15eO6MKJ/nnVJQkfFMub0IzTS4PhDo
|
|
||||||
77zwCD0tbrLu4J0vS0RxPK3YZucFV1VYkUVoMTHjf2o
|
|
||||||
-> ssh-ed25519 JGx7Ng 2WIYPKkWXplInR8v1q22ygs7uYNfIzETeiCt5+MKQQQ
|
|
||||||
9Gsyr30kaNhxn+fUCBicvoA+hHiWpUf0d0pxRZauhMY
|
|
||||||
-> ssh-ed25519 5SY7Kg QTnBfvkMcnXpGITtaHr+mRZGogI1kTUqO4byfyMZhGE
|
|
||||||
89A/PPHVPeBQvTxCeXH8ITVDMkcsYUMbwatyw8NQ04E
|
|
||||||
-> ssh-ed25519 p/Mg4Q n6hQLuUv3QOMADJF0zpcALYqVUVi5tZHmKGmVZA0IVQ
|
|
||||||
ZXa+3y33kyo4vQxcEa2XTMIwjH2HE+bAKZw993PgROk
|
|
||||||
-> ssh-ed25519 tDqJRg Hf1KIZjUTTaHo18P1vWxaSehyKTFElBOovrCN0uJFCc
|
|
||||||
H8qGw8vIqp4bNiyon2uvTkrrd8lIYnMWnIfzS+w4QRQ
|
|
||||||
--- QOKOfU20JY1Sj+K20UUxgtPZ7JxKuZ1GtK+OKBZ1Zhg
|
|
||||||
Íúâ?º}àæ2æŽýiÐM}6BÖw#b2Ï´žËŠ¹ÍÊžvu´¿,Ö'.–ŒWÔ”øIPýã'ixYÍ€*·šKoÎtXI#À‘ß6b`„1pʬòÍœˆqð
×"§lâSf(ˆ`UöëÄê6ø kT°Á'µÎÔM@ÈÖå„hŸï®›{WYŸ‘ØÝÏÂ<SN;UŒœ
ݨÿ
|
|
|
@ -1,28 +0,0 @@
|
||||||
age-encryption.org/v1
|
|
||||||
-> ssh-ed25519 jIXfPA CQffZYaxexZ2f+HeNj+SHeSak0kzNPiq6ExW7tUyCBs
|
|
||||||
oJQhtMFD9KSnXSPGRb3zLwCB2/KEXo8cgxHN5ML83Qw
|
|
||||||
-> ssh-ed25519 QlRB9Q V1PnEYJvFCdBRzN4z3iDtIzHLxxCimejdkqRS4zMCG8
|
|
||||||
bVc87bxPmhofmoscGFBgQ+ffRlo216RiRkkV1MNoQyY
|
|
||||||
-> ssh-ed25519 r+nK/Q YI+1MYnCvSq5/QfA2y01IQlJeMGF0AfNs91QlrVaVGs
|
|
||||||
HSB8Gai96mjRbM68G3iRmXNkI4kqyJAWTMxWc8UOPr8
|
|
||||||
-> ssh-rsa krWCLQ
|
|
||||||
k2mssz4C9p8K+rJ6Jbbm+w7uLTqoUOiOKvlt2btEyw2Lup8PQNfyTNFSBvuBMmfj
|
|
||||||
re1zuAufH0HIw3B0xWYauBSD4pasc7EFTr/OLoM8BRFMEb11IM5ZKJrO+hnWy0Sk
|
|
||||||
eIs6cpkoBVi4GZmkRfbvaitk42i9JzjrKU0OeqLCWQbHmHkTb3acsGXCc6A6JSbF
|
|
||||||
AVb+Eaak6EIdX1dP4PWyCxU2PkcBtYBcLoGH74r1o0i3SzvmuzKvlBntx5IzsAvY
|
|
||||||
+QNGJLNZl0+NePafAkvVY8UOrlzxj+tCgfunAGXIXlZlVfNcjZX9Wv30sJOtwpbw
|
|
||||||
DdkJAqSrNkHianC5MEGgpA
|
|
||||||
-> ssh-ed25519 /vwQcQ yxGAMhwDcoDjw5MJudEE95PakhZvNpYfmfWiM6wbQBg
|
|
||||||
C1o3mNO2YFnBXamCcpAW0aQVGrNNcUpDtSn8+VLobmE
|
|
||||||
-> ssh-ed25519 0R97PA XRWbcwt3wXR3AYg0rhzc6OUuAA+blVTf3SHERYy3MkA
|
|
||||||
iCBd0E1NrV7tv3/0pD0FYWgUfGmB4M+VWfiixvVGv68
|
|
||||||
-> ssh-ed25519 JGx7Ng R47xTx4IGC/qf/v6WOXvJTd20MbeTdZ/8ovAA6d0iyQ
|
|
||||||
uBxcQVztpW4QaAR5rKfEVgtmrPk6l51+tY3brNjsTV4
|
|
||||||
-> ssh-ed25519 5SY7Kg LNtU+/1YlPX6T6gO2lb/wEei7hsy2oud8cTQXFQy0HY
|
|
||||||
xxPvBAIpFyCUqExjseerz6WlwWQEmw9fltzQBx51KI0
|
|
||||||
-> ssh-ed25519 p/Mg4Q uWIz5shMnsLXsh160cCW8E6kh9v4LPunOonugjWdSEY
|
|
||||||
5aRrIB5gxIplVWDGeMQ6g09togku6LxWRxBP7FbRNU0
|
|
||||||
-> ssh-ed25519 tDqJRg G8rNpeGY29czDVMvvt4LZ7nffZ/JAHDzxuIs7C/0SEM
|
|
||||||
HowgAvrQQcvUx93ZdK5q2bSsJDqaOxFf+x/lwTRss4I
|
|
||||||
--- ktcSPCC1TpguyYJ2ua7IuGcEw+Z9YuqjzcmH18abjo4
|
|
||||||
サ<EFBFBD>虎 <20><>ゥ煩 ネ9<1猤カワ簒<EFBE9C>pWJSWpsV/ム#<23>ウリ9タ{タ゚cHB<><42><EFBFBD>5<EFBFBD>ャ^ァ
|
|
BIN
machines/compute01/secrets/radius-auth_token_file
Normal file
BIN
machines/compute01/secrets/radius-auth_token_file
Normal file
Binary file not shown.
BIN
machines/compute01/secrets/radius-ca_pem_file
Normal file
BIN
machines/compute01/secrets/radius-ca_pem_file
Normal file
Binary file not shown.
BIN
machines/compute01/secrets/radius-cert_pem_file
Normal file
BIN
machines/compute01/secrets/radius-cert_pem_file
Normal file
Binary file not shown.
31
machines/compute01/secrets/radius-dh_pem_file
Normal file
31
machines/compute01/secrets/radius-dh_pem_file
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 tDqJRg R3h8Ph1ooMaR/bmz09yRzVRq1mR3L7o87wMhsysC5kU
|
||||||
|
Go50Us/u8CgZS7Up20RH8NlRS0+ESBw30wa8SZ5dqoo
|
||||||
|
-> ssh-ed25519 jIXfPA gMaMIQvUIu5bK5mRWP6SSZQArMzhg4bDZDcjwx9dyDY
|
||||||
|
Vv8H7oTBvogaoW4dhdm81TOe995CSGeBxB8LtFgJqwc
|
||||||
|
-> ssh-ed25519 QlRB9Q 1CxZ2F8EMykWDzrAzN6NSPtjLmMJ99zf8UWLyV3e+Ag
|
||||||
|
ak7M8/mCeQOMKFPllTsA79glffS/vu51vHIRT3F8qLE
|
||||||
|
-> ssh-ed25519 r+nK/Q qcuIACZn+1ofDpWW1IBmY0IIj4WZNQhxtUJlHgh11ws
|
||||||
|
OJhEfDQHkg3s5CCBcVfba9S4OG4hBjJIYkCoLAIFwOI
|
||||||
|
-> ssh-rsa krWCLQ
|
||||||
|
1XseIDq7c94X7Dpp1sC3oBLhZSd4w7UJ7QI03SGmqVTd3VVwP5IV430vrSIFETMI
|
||||||
|
LopkMvCtF1XpIJQ+nHoxsukG/0kefh5Iodmd6anQNp0iVU/tWkQzWbkHlVlkxJ2M
|
||||||
|
o3fMRAaVyH5GvQkIT5ndWma34vqwydAinM2mchi0hy0ibP5lkk8K7OtafNP4eYNh
|
||||||
|
m7necRRI8yCuE1wBRy8sBpo5mEqGj1uINxXiF6yUI05pCBXHG1qDiFkDHfw8va9k
|
||||||
|
Qitfwv2Clkk/hQG6aEYuruoXwq4SZxSCswMpP5Nz70I+e5YkZw8G50ICaVBXxuAP
|
||||||
|
ABByGBZ/QKLw66NpE7rbSA
|
||||||
|
-> ssh-ed25519 /vwQcQ 1P92WFx8+9DaL2dPwmX+Bva+h7Hy9qXszDTyPvd81kc
|
||||||
|
gLVhBlE4lAMcod32/Y8xzypVCDu4vRca3aem3OHiocU
|
||||||
|
-> ssh-ed25519 0R97PA rZblJRi2bYJig4HyzOXdtpUEEkGDlHS456aKlqxwGX4
|
||||||
|
qjIkEyHjDxzmf34bS7qWJ9lexMXu2QMmcD9RP4MpkYQ
|
||||||
|
-> ssh-ed25519 JGx7Ng IbCSvxAUY1gDTny5KurzONVaQwX/VgvNs1hAQ9iUQRE
|
||||||
|
5ivoGkzEHAyTl3gUE+9nVYclF8/aqnyOF3a81fZfbW0
|
||||||
|
-> t|-grease (u /1\q}65 ]@
|
||||||
|
Dd2SJgnQFUSDlS4eSkKUaGwve8Rsv/4MNEwGRJftdtTvxv80bRuNBEFe+ah4YhiV
|
||||||
|
LA3n6c+Te9Q
|
||||||
|
--- wWhpJpx4IHeC1Qo4nH6iuEB3e9l5b8U5xOnsX8BoBgQ
|
||||||
|
5¥t·Œ °ÒxÚ@<1E>`zÈÔgC’à Ѭ:4Œó¾&‡Spi8ñŸuæ"lÕ‚×)<29>:ìaŒÁÄ,4ÃsÌ*uÿ€ƒ±v#ÿ*ÎàÜÊ^ݶ‚Ø«%´Ñº98¾,yB‚Ù
|
||||||
|
"¶%Ç㤄†NÎÓ· íò¬} [Ñ¿Ó(äØ{<11>ý0ô—f²<66>„|Šà-—&qF kÖ¶¹µùÔÎLì,¹À„žD™áΩQÍ—½è<C2BD>4N}<7D>ÙÐJ´·‹ÇÓˆpç€]dUÏø¿<C3B8>I—:ÌôÑÉ
öì’°¦£‘sý¨õB#}¹
|
||||||
|
ÞÃXzð‰N4·>ñ5iSan`‰¹.‚õÃPcHØÉAéßÈÿµH=¥ËæÂ~ö(Pçô±Š$ ,¡ã‹ù¯ZЬÆwçÚ /×
|
||||||
|
Á–+rC$†ýê&ØJñ ; ÉvÞjæ‰ÎY¹,š*`ºGå=ã¯M¼ƒƒeäAQö<51>\D˜ÿ@¥j¾$gö{Q´lhIoÊÏ‚IM)};@ìNü½b‰<62>k5Dgüoþ'ItW(Ïk
|
||||||
|
ê6)ËŒä0£<30>tM¶É
Ó(Ûê¡<C3AA>n²k®Zu%m<17>¡bzÚõ–Š¿ÁìÍÿ
|
BIN
machines/compute01/secrets/radius-key_pem_file
Normal file
BIN
machines/compute01/secrets/radius-key_pem_file
Normal file
Binary file not shown.
26
machines/compute01/secrets/radius-private_key_password_file
Normal file
26
machines/compute01/secrets/radius-private_key_password_file
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 tDqJRg sTm4u+QVtvUqNgMJhufIljdH63oCmvfbRz6NRa2ZbwI
|
||||||
|
ZYjAINMp/ds7g+7Wjg26YRpRV+nznQPB1r7NzAHGfW0
|
||||||
|
-> ssh-ed25519 jIXfPA z4LS/Igwab0moIzxG9b06T5rZiODkdJyjaFepJVcxQ8
|
||||||
|
qNkDc+prvr1bNTSWJyygJj7yb8MOz2nR+Z8EMHUVVOs
|
||||||
|
-> ssh-ed25519 QlRB9Q 6TQ0Vp3KB5yDIEt029hIB3aCnDjTDP0JG6LN2J9gtjU
|
||||||
|
fZXeSxb7GJOJYvCr2nVf6BKf8QjaqOOuoi0I/xXV1qc
|
||||||
|
-> ssh-ed25519 r+nK/Q eW4wTH9PNd0mzVFsxwS4mEEn5gVUCpYA/g+ifeUB+00
|
||||||
|
kqED+vZVHn0SXTpgbaiMseI6vPCyTt5Gfu4pHxPvKp0
|
||||||
|
-> ssh-rsa krWCLQ
|
||||||
|
axyFJ/zhMoZ1mJLzWAbXbHjlAlLj7HraHyY6ddZBVibgRSEufdXsa8ABmdR6+EuM
|
||||||
|
ty37+/TZOBv11ew/D1C7vQ7B/1JXgej2TAAmYt4vN3lVZdgJI+tQGiOf1nsqfI64
|
||||||
|
p4ZbMi9G0wlzb+Z7Z5SLKo6HwharYI+vDEgh3Ua9Q+6bpZeXxxJHmkACikAI4xJV
|
||||||
|
3lLo1iTeyJy/9u/WoHmEOuqJLeZdhmPZBozxTdDTWz9wMHy+NotfXFaIFTyUpocu
|
||||||
|
OU19N95fyVyTRwmrGFcWs34O631Ejpo3oVLDvjXrFtV4HISSweB/YbU84EveFbz5
|
||||||
|
28gTWKdeOQcHJfmaeJV/Rg
|
||||||
|
-> ssh-ed25519 /vwQcQ cXNRE5eLKNh4lL7S7cMDfp79+TQyiJK3gTzYCuHeRHo
|
||||||
|
4bz0al2kf/S6VEhObpLxy8tvB1t/tBVdB1Gi/7XinD4
|
||||||
|
-> ssh-ed25519 0R97PA iGdUtE7KDRBNSXv1w0dJNPQWxAeDpIAePUU8t0qURV8
|
||||||
|
OUoeLNWl0rLt6+FNf5plNmQIgrULwIgEL/W4HFTYeB8
|
||||||
|
-> ssh-ed25519 JGx7Ng tPkAPvVDZOcP06+mrD5uK03dUJi4aMAvkoz21y9L6Ak
|
||||||
|
tcUItLMra+EIYH6MA1ULMpr8bkUql448jnurev8N5wk
|
||||||
|
-> \<?_-grease (+d_8zF H
|
||||||
|
|
||||||
|
--- /CiW5jTjVkXDOdwmb4P80FswPEpgTt2GZnqT7KlOvC0
|
||||||
|
›=þ%©»gæÆQ³-¼ffÄUC.qÅ͘·H<C2B7>µ—ìäÙ=Vý£žØú<C398>ŽRåN
|
|
@ -13,17 +13,18 @@ lib.setDefault { inherit publicKeys; } [
|
||||||
"librenms-database_password_file"
|
"librenms-database_password_file"
|
||||||
"librenms-environment_file"
|
"librenms-environment_file"
|
||||||
"mastodon-extra_env_file"
|
"mastodon-extra_env_file"
|
||||||
"mastodon-smtp-password"
|
|
||||||
"nextcloud-adminpass_file"
|
"nextcloud-adminpass_file"
|
||||||
"nextcloud-s3_secret_file"
|
"nextcloud-s3_secret_file"
|
||||||
"outline-oidc_client_secret_file"
|
"outline-oidc_client_secret_file"
|
||||||
"outline-smtp_password_file"
|
"outline-smtp_password_file"
|
||||||
"outline-storage_secret_key_file"
|
"outline-storage_secret_key_file"
|
||||||
"plausible-admin_user_password_file"
|
"radius-auth_token_file"
|
||||||
"plausible-secret_key_base_file"
|
"radius-ca_pem_file"
|
||||||
"plausible-smtp_password_file"
|
"radius-cert_pem_file"
|
||||||
|
"radius-dh_pem_file"
|
||||||
|
"radius-key_pem_file"
|
||||||
|
"radius-private_key_password_file"
|
||||||
"satosa-env_file"
|
"satosa-env_file"
|
||||||
"signal-irc-bridge-config"
|
|
||||||
"telegraf-environment_file"
|
"telegraf-environment_file"
|
||||||
"vaultwarden-environment_file"
|
"vaultwarden-environment_file"
|
||||||
"zammad-secret_key_base_file"
|
"zammad-secret_key_base_file"
|
||||||
|
|
Binary file not shown.
|
@ -1,22 +0,0 @@
|
||||||
{
|
|
||||||
config,
|
|
||||||
sources,
|
|
||||||
nixpkgs,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
{
|
|
||||||
imports = [ (import (sources.signal-irc-bridge.outPath + "/module.nix")) ];
|
|
||||||
|
|
||||||
services.signal-irc-bridge = {
|
|
||||||
enable = true;
|
|
||||||
package = nixpkgs.unstable.callPackage (sources.signal-irc-bridge.outPath + "/package.nix") { };
|
|
||||||
configFile = config.age.secrets."signal-irc-bridge-config".path;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.nginx.virtualHosts."bridge.dgnum.eu" = {
|
|
||||||
forceSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
locations."/files/".alias = "/var/lib/signal-irc/hermes-media/";
|
|
||||||
};
|
|
||||||
users.users.nginx.extraGroups = [ "signal-irc" ];
|
|
||||||
}
|
|
|
@ -1,35 +0,0 @@
|
||||||
diff --git a/build.gradle b/build.gradle
|
|
||||||
index 78901d8e..3a14ceee 100644
|
|
||||||
--- a/build.gradle
|
|
||||||
+++ b/build.gradle
|
|
||||||
@@ -70,20 +70,6 @@ launch4j {
|
|
||||||
messagesInstanceAlreadyExists="Stirling-PDF is already running."
|
|
||||||
}
|
|
||||||
|
|
||||||
-spotless {
|
|
||||||
- java {
|
|
||||||
- target project.fileTree('src/main/java')
|
|
||||||
-
|
|
||||||
- googleJavaFormat('1.19.1').aosp().reorderImports(false)
|
|
||||||
-
|
|
||||||
- importOrder('java', 'javax', 'org', 'com', 'net', 'io')
|
|
||||||
- toggleOffOn()
|
|
||||||
- trimTrailingWhitespace()
|
|
||||||
- indentWithSpaces()
|
|
||||||
- endWithNewline()
|
|
||||||
- }
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
dependencies {
|
|
||||||
//security updates
|
|
||||||
implementation 'ch.qos.logback:logback-classic:1.5.3'
|
|
||||||
@@ -171,9 +157,6 @@ dependencies {
|
|
||||||
annotationProcessor 'org.projectlombok:lombok:1.18.32'
|
|
||||||
}
|
|
||||||
|
|
||||||
-tasks.withType(JavaCompile).configureEach {
|
|
||||||
- dependsOn 'spotlessApply'
|
|
||||||
-}
|
|
||||||
compileJava {
|
|
||||||
options.compilerArgs << '-parameters'
|
|
||||||
}
|
|
|
@ -1,12 +0,0 @@
|
||||||
diff --git a/build.gradle b/build.gradle
|
|
||||||
index 78901d8e..2e7ff96b 100644
|
|
||||||
--- a/build.gradle
|
|
||||||
+++ b/build.gradle
|
|
||||||
@@ -166,6 +166,7 @@ task writeVersion {
|
|
||||||
def props = new Properties()
|
|
||||||
props.setProperty('version', version)
|
|
||||||
props.store(propsFile.newWriter(), null)
|
|
||||||
+ propsFile.text = propsFile.readLines().tail().join('\n')
|
|
||||||
}
|
|
||||||
|
|
||||||
swaggerhubUpload {
|
|
|
@ -1,16 +0,0 @@
|
||||||
diff --git a/build.gradle b/build.gradle
|
|
||||||
index 2e7ff96b..f3a4a15c 100644
|
|
||||||
--- a/build.gradle
|
|
||||||
+++ b/build.gradle
|
|
||||||
@@ -21,6 +21,11 @@ repositories {
|
|
||||||
mavenCentral()
|
|
||||||
}
|
|
||||||
|
|
||||||
+tasks.withType(AbstractArchiveTask) {
|
|
||||||
+ preserveFileTimestamps = false
|
|
||||||
+ reproducibleFileOrder = true
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
licenseReport {
|
|
||||||
renderers = [new JsonReportRenderer()]
|
|
||||||
}
|
|
|
@ -1,25 +0,0 @@
|
||||||
diff --git a/build.gradle b/build.gradle
|
|
||||||
index f3a4a15c..61fbd74e 100644
|
|
||||||
--- a/build.gradle
|
|
||||||
+++ b/build.gradle
|
|
||||||
@@ -18,7 +18,7 @@ version = '0.26.1'
|
|
||||||
sourceCompatibility = '17'
|
|
||||||
|
|
||||||
repositories {
|
|
||||||
- mavenCentral()
|
|
||||||
+ maven { url '@deps@' }
|
|
||||||
}
|
|
||||||
|
|
||||||
tasks.withType(AbstractArchiveTask) {
|
|
||||||
diff --git a/settings.gradle b/settings.gradle
|
|
||||||
index f8139930..2c87f3cc 100644
|
|
||||||
--- a/settings.gradle
|
|
||||||
+++ b/settings.gradle
|
|
||||||
@@ -1 +1,7 @@
|
|
||||||
+pluginManagement {
|
|
||||||
+ repositories {
|
|
||||||
+ maven { url '@deps@' }
|
|
||||||
+ }
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
rootProject.name = 'Stirling-PDF'
|
|
|
@ -1,22 +0,0 @@
|
||||||
diff --git a/src/test/java/stirling/software/SPDF/utils/ProcessExecutorTest.java b/src/test/java/stirling/software/SPDF/utils/ProcessExecutorTest.java
|
|
||||||
index cab78313..192922f3 100644
|
|
||||||
--- a/src/test/java/stirling/software/SPDF/utils/ProcessExecutorTest.java
|
|
||||||
+++ b/src/test/java/stirling/software/SPDF/utils/ProcessExecutorTest.java
|
|
||||||
@@ -19,7 +19,7 @@ public class ProcessExecutorTest {
|
|
||||||
processExecutor = ProcessExecutor.getInstance(ProcessExecutor.Processes.LIBRE_OFFICE);
|
|
||||||
}
|
|
||||||
|
|
||||||
- @Test
|
|
||||||
+ /* @Test
|
|
||||||
public void testRunCommandWithOutputHandling() throws IOException, InterruptedException {
|
|
||||||
// Mock the command to execute
|
|
||||||
List<String> command = new ArrayList<>();
|
|
||||||
@@ -32,7 +32,7 @@ public class ProcessExecutorTest {
|
|
||||||
// Check the exit code and output messages
|
|
||||||
assertEquals(0, result.getRc());
|
|
||||||
assertNotNull(result.getMessages()); // Check if messages are not null
|
|
||||||
- }
|
|
||||||
+ } */
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testRunCommandWithOutputHandling_Error() {
|
|
|
@ -1,30 +0,0 @@
|
||||||
{ nixpkgs, ... }:
|
|
||||||
|
|
||||||
let
|
|
||||||
dgn-id = "f756a0f47e704db815a7af6786f6eb0aec628d6b";
|
|
||||||
in
|
|
||||||
|
|
||||||
{
|
|
||||||
services.stirling-pdf = {
|
|
||||||
enable = true;
|
|
||||||
|
|
||||||
package = nixpkgs.unstable.stirling-pdf.overrideAttrs (old: {
|
|
||||||
patches = (old.patches or [ ]) ++ [
|
|
||||||
(builtins.fetchurl "https://git.dgnum.eu/DGNum/Stirling-PDF/commit/${dgn-id}.patch")
|
|
||||||
];
|
|
||||||
});
|
|
||||||
|
|
||||||
domain = "pdf.dgnum.eu";
|
|
||||||
port = 8084;
|
|
||||||
|
|
||||||
nginx = {
|
|
||||||
enableACME = true;
|
|
||||||
forceSSL = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
environment = {
|
|
||||||
UI_APP_NAME = "DGNum PDF";
|
|
||||||
SYSTEM_DEFAULT_LOCALE = "fr-FR";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -3,6 +3,7 @@
|
||||||
lib.extra.mkConfig {
|
lib.extra.mkConfig {
|
||||||
enabledModules = [
|
enabledModules = [
|
||||||
# List of modules to enable
|
# List of modules to enable
|
||||||
|
"dgn-fail2ban"
|
||||||
];
|
];
|
||||||
|
|
||||||
enabledServices = [
|
enabledServices = [
|
||||||
|
@ -11,6 +12,11 @@ lib.extra.mkConfig {
|
||||||
];
|
];
|
||||||
|
|
||||||
extraConfig = {
|
extraConfig = {
|
||||||
|
dgn-fail2ban.jails = lib.extra.enableAttrs' "enabled" [
|
||||||
|
"sshd-bruteforce"
|
||||||
|
"sshd-timeout"
|
||||||
|
];
|
||||||
|
|
||||||
services.netbird.enable = true;
|
services.netbird.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -2,4 +2,4 @@ let
|
||||||
lib = import ../../../lib { };
|
lib = import ../../../lib { };
|
||||||
publicKeys = lib.getNodeKeys "rescue01";
|
publicKeys = lib.getNodeKeys "rescue01";
|
||||||
in
|
in
|
||||||
lib.setDefault { inherit publicKeys; } [ "stateless-uptime-kuma-password" ]
|
lib.setDefault { inherit publicKeys; } [ ]
|
||||||
|
|
|
@ -1,28 +0,0 @@
|
||||||
age-encryption.org/v1
|
|
||||||
-> ssh-ed25519 jIXfPA wZdqi7vBlMEOJiY1VvbsmqyBSO/jl6SWLRGw+0ylKWo
|
|
||||||
UvKyh4Jh608Z9i9+6WuPu3mwnlC98aAr6jiV38JJGzk
|
|
||||||
-> ssh-ed25519 QlRB9Q +DUjR2Wqwg2SevBY+YgvLEDkcnoWGRTfcVFbl27CQT4
|
|
||||||
poWQnP4cOQGc5Xhgrgz2KKEOJ8dB+iCcqME5D/zJv5c
|
|
||||||
-> ssh-ed25519 r+nK/Q GsidIKDaPJmx8igrgoAbWGywJQB0nV/cY8Zm0CIByho
|
|
||||||
m4HrxUhPkp7gahyLO2gfQUnglkB715jaCrADg77ns34
|
|
||||||
-> ssh-rsa krWCLQ
|
|
||||||
VwNy3N6+l3Vgpo8AK7cJ2gRmHa+oBtB4w3n+E8gn7sugcEB16NDtjK861zwszUq7
|
|
||||||
OfOPUZ5mE+RWz20XYWPAJIPEYNaiqc5vJzguFvZdlyJNInJLxANlIaHydE1AGA9v
|
|
||||||
l07t9PAxxV5L40EiPHxjveEKaKiAAJVbWWfILX9f4U5vjKy5729IE/3aTRUbTD/M
|
|
||||||
CXINLnzFWwDLi3x2yBrGUly2mLIb4KyDuE8jnPmtCFveKsVxVsDEeiXvi0yeT+xM
|
|
||||||
viGvXJ9Ad6tAug4BE2suqwG1iPHsa98pFBqYM8gG2rp2WOFhzs0emkTu5LGYJOMr
|
|
||||||
VR39Qxcdp1WjPr9e+l/MDQ
|
|
||||||
-> ssh-ed25519 /vwQcQ GBXHQzwSFS+abM91umquafIEcUoI407reSuULz7SGGY
|
|
||||||
WpW9aHq2Eq8pXpvGsEKoByQLj0tr04GxNQrf09ronrY
|
|
||||||
-> ssh-ed25519 0R97PA BxlIEcd6G5GDLUxgoTzyUqRRxGIx49YCZSvzjVIBdjw
|
|
||||||
oDqUd2O+oBdDrOvrQysdptF1LuvXK/dKurFnHUjgNfk
|
|
||||||
-> ssh-ed25519 JGx7Ng Km6PmwRZ9HfGjEhkgb8P+ZCt+B/C+jg9bcvdwBvrS0Q
|
|
||||||
D+UC5nkMnpYuJtz5X30iF1avU+jlEy4zOEPkyj5o2x8
|
|
||||||
-> ssh-ed25519 5SY7Kg 3tf/eLI3ngqilOfEz8fayTDHWHNd14ANJTSt5lz1yDM
|
|
||||||
QUhDPYuiZ9YloKgYqY5UdMVmawyMAOS/T4jbpvsNJpI
|
|
||||||
-> ssh-ed25519 p/Mg4Q h/8lvmwcmoyTa6vW0N2AbgKt/dpNNqVmRW02NaYl7Wo
|
|
||||||
OaFeo+ZPa2LY5zRJzv/exq4bv734FxZwX3ql1kpv5bk
|
|
||||||
-> ssh-ed25519 +MNHsw iaiHp0x4Xzf886Q0Li6IleeO3wZUAQbYFHxn0jzdCk0
|
|
||||||
W4gaBtwKPbonB2g9+Ts+teXPEPoWDCVoVn1vixiQ+7M
|
|
||||||
--- 1ACvcwsxZKnjgKRAzJy8e4eBtxZXrwe00wPdDlMWnBo
|
|
||||||
Œ<ƒ¼î|ë=©r<2Ÿµ.>ÃÇ~,5J²Ä … àé[ºë^+͸Z‰ñj›á×=Ï<Ï%Út뮪
|
|
|
@ -1,125 +1,9 @@
|
||||||
{
|
|
||||||
config,
|
|
||||||
lib,
|
|
||||||
nodes,
|
|
||||||
sources,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
let
|
let
|
||||||
inherit (lib)
|
|
||||||
concatLists
|
|
||||||
mapAttrsToList
|
|
||||||
mkForce
|
|
||||||
mkMerge
|
|
||||||
;
|
|
||||||
|
|
||||||
inherit (config.statelessUptimeKuma.lib)
|
|
||||||
pingProbesFromHive
|
|
||||||
fromHive
|
|
||||||
httpProbesFromConfig
|
|
||||||
probesWithTag
|
|
||||||
;
|
|
||||||
|
|
||||||
probesCfg = config.statelessUptimeKuma.probesConfig;
|
|
||||||
|
|
||||||
mkMonitors = name: builtins.attrNames (probesWithTag { inherit name; } probesCfg);
|
|
||||||
|
|
||||||
host = "status.dgnum.eu";
|
host = "status.dgnum.eu";
|
||||||
|
|
||||||
port = 3001;
|
port = 3001;
|
||||||
|
|
||||||
httpExcludes = [
|
|
||||||
"localhost"
|
|
||||||
"ens.cal.dgnum.eu"
|
|
||||||
"luj-current.cal.dgnum.eu"
|
|
||||||
"s3.dgnum.eu"
|
|
||||||
"cdn.dgnum.eu"
|
|
||||||
"saml-idp.dgnum.eu"
|
|
||||||
"status.dgnum.eu"
|
|
||||||
"radius.dgnum.eu"
|
|
||||||
] ++ (concatLists (mapAttrsToList (_: { config, ... }: config.dgn-redirections.retired) nodes));
|
|
||||||
|
|
||||||
extraProbes = {
|
|
||||||
monitors = {
|
|
||||||
"prometheus.dgnum.eu" = {
|
|
||||||
type = mkForce "http";
|
|
||||||
accepted_statuscodes = [ "401" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
"api.meet.dgnum.eu" = {
|
|
||||||
keyword = "Crab Fit API";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
status_pages = {
|
|
||||||
"dgnum" = {
|
|
||||||
title = "DGNum";
|
|
||||||
description = "Etat de l'infra de la DGNum";
|
|
||||||
showTags = true;
|
|
||||||
publicGroupList = [
|
|
||||||
{
|
|
||||||
name = "Services";
|
|
||||||
weight = 1;
|
|
||||||
monitorList = mkMonitors "Service";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
name = "Serveurs";
|
|
||||||
weight = 2;
|
|
||||||
monitorList = mkMonitors "Ping";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
name = "VPN Interne";
|
|
||||||
weight = 2;
|
|
||||||
monitorList = mkMonitors "VPN";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
pingProbes = pingProbesFromHive {
|
|
||||||
inherit nodes;
|
|
||||||
mkHost = _: config: config.networking.fqdn;
|
|
||||||
tags = [ { name = "Ping"; } ];
|
|
||||||
excludes = [
|
|
||||||
"geo01"
|
|
||||||
"geo02"
|
|
||||||
"rescue01"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
vpnProbes = pingProbesFromHive {
|
|
||||||
inherit nodes;
|
|
||||||
prefix = "VPN - ";
|
|
||||||
mkHost = node: _: "${node}.dgnum";
|
|
||||||
tags = [ { name = "VPN"; } ];
|
|
||||||
excludes = [
|
|
||||||
"rescue01"
|
|
||||||
"web02"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
httpProbes = fromHive {
|
|
||||||
inherit nodes;
|
|
||||||
builder =
|
|
||||||
_: module:
|
|
||||||
httpProbesFromConfig {
|
|
||||||
inherit (module) config;
|
|
||||||
tags = [
|
|
||||||
{
|
|
||||||
name = "Host";
|
|
||||||
value = module.config.networking.fqdn;
|
|
||||||
}
|
|
||||||
{ name = "Service"; }
|
|
||||||
];
|
|
||||||
excludes = httpExcludes;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports = [ (sources.stateless-uptime-kuma + "/nixos/module.nix") ];
|
|
||||||
nixpkgs.overlays = [ (import (sources.stateless-uptime-kuma + "/overlay.nix")) ];
|
|
||||||
|
|
||||||
services.uptime-kuma.enable = true;
|
services.uptime-kuma.enable = true;
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
|
@ -139,21 +23,4 @@ in
|
||||||
80
|
80
|
||||||
443
|
443
|
||||||
];
|
];
|
||||||
|
|
||||||
statelessUptimeKuma = {
|
|
||||||
probesConfig = mkMerge [
|
|
||||||
pingProbes
|
|
||||||
httpProbes
|
|
||||||
extraProbes
|
|
||||||
vpnProbes
|
|
||||||
{ inherit status_pages; }
|
|
||||||
];
|
|
||||||
|
|
||||||
extraFlags = [ "-s" ];
|
|
||||||
|
|
||||||
host = "http://localhost:${builtins.toString port}/";
|
|
||||||
username = "dgnum";
|
|
||||||
passwordFile = config.age.secrets."stateless-uptime-kuma-password".path;
|
|
||||||
enableService = true;
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,13 +4,13 @@ lib.extra.mkConfig {
|
||||||
enabledModules = [
|
enabledModules = [
|
||||||
# List of modules to enable
|
# List of modules to enable
|
||||||
"dgn-backups"
|
"dgn-backups"
|
||||||
|
"dgn-fail2ban"
|
||||||
"dgn-web"
|
"dgn-web"
|
||||||
];
|
];
|
||||||
|
|
||||||
enabledServices = [
|
enabledServices = [
|
||||||
# List of services to enable
|
# List of services to enable
|
||||||
"atticd"
|
"atticd"
|
||||||
"tvix-cache"
|
|
||||||
"forgejo"
|
"forgejo"
|
||||||
"forgejo-runners"
|
"forgejo-runners"
|
||||||
"garage"
|
"garage"
|
||||||
|
@ -21,6 +21,8 @@ lib.extra.mkConfig {
|
||||||
];
|
];
|
||||||
|
|
||||||
extraConfig = {
|
extraConfig = {
|
||||||
|
dgn-fail2ban.jails.sshd-preauth.enabled = true;
|
||||||
|
|
||||||
dgn-hardware.useZfs = true;
|
dgn-hardware.useZfs = true;
|
||||||
|
|
||||||
services.netbird.enable = true;
|
services.netbird.enable = true;
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{ config, nixpkgs, ... }:
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
sources,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
let
|
let
|
||||||
host = "cachix.dgnum.eu";
|
host = "cachix.dgnum.eu";
|
||||||
|
@ -11,7 +16,7 @@ in
|
||||||
credentialsFile = config.age.secrets."atticd-credentials_file".path;
|
credentialsFile = config.age.secrets."atticd-credentials_file".path;
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
listen = "127.0.0.1:9099";
|
listen = "127.0.0.1:9090";
|
||||||
api-endpoint = "https://${host}/";
|
api-endpoint = "https://${host}/";
|
||||||
|
|
||||||
allowed-hosts = [ host ];
|
allowed-hosts = [ host ];
|
||||||
|
@ -21,7 +26,7 @@ in
|
||||||
#
|
#
|
||||||
# If 0, chunking is disabled entirely for newly-uploaded NARs.
|
# If 0, chunking is disabled entirely for newly-uploaded NARs.
|
||||||
# If 1, all NARs are chunked.
|
# If 1, all NARs are chunked.
|
||||||
nar-size-threshold = 0; # 64 KiB
|
nar-size-threshold = 64 * 1024; # 64 KiB
|
||||||
|
|
||||||
# The preferred minimum size of a chunk, in bytes
|
# The preferred minimum size of a chunk, in bytes
|
||||||
min-size = 16 * 1024; # 16 KiB
|
min-size = 16 * 1024; # 16 KiB
|
||||||
|
@ -44,7 +49,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
useFlakeCompatOverlay = false;
|
useFlakeCompatOverlay = false;
|
||||||
package = nixpkgs.unstable.attic-server;
|
package = pkgs.callPackage "${sources.attic}/package.nix" { };
|
||||||
};
|
};
|
||||||
|
|
||||||
nginx = {
|
nginx = {
|
||||||
|
@ -55,10 +60,10 @@ in
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://127.0.0.1:9099";
|
proxyPass = "http://127.0.0.1:9090";
|
||||||
|
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
client_max_body_size 10G;
|
client_max_body_size 100M;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -77,6 +82,4 @@ in
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.atticd.environment.RUST_LOG = "warn";
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
{
|
{
|
||||||
config,
|
config,
|
||||||
pkgs,
|
pkgs,
|
||||||
nixpkgs,
|
|
||||||
sources,
|
sources,
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
|
@ -30,8 +29,6 @@ let
|
||||||
options = "--cpus=4";
|
options = "--cpus=4";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
nix-pkgs = import sources.nix-pkgs { inherit pkgs; };
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
services.forgejo-nix-runners = {
|
services.forgejo-nix-runners = {
|
||||||
|
@ -43,10 +40,10 @@ in
|
||||||
tokenFile = config.age.secrets."forgejo_runners-token_file".path;
|
tokenFile = config.age.secrets."forgejo_runners-token_file".path;
|
||||||
|
|
||||||
dependencies = [
|
dependencies = [
|
||||||
nix-pkgs.colmena
|
pkgs.colmena
|
||||||
pkgs.npins
|
pkgs.npins
|
||||||
pkgs.tea
|
pkgs.tea
|
||||||
nixpkgs.unstable.nixfmt-rfc-style
|
(import sources.nixpkgs { }).nixfmt-rfc-style
|
||||||
];
|
];
|
||||||
|
|
||||||
containerOptions = [ "--cpus=4" ];
|
containerOptions = [ "--cpus=4" ];
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, nixpkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
port = 3000;
|
port = 3000;
|
||||||
|
@ -10,7 +10,7 @@ in
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
user = "git";
|
user = "git";
|
||||||
package = nixpkgs.unstable.forgejo;
|
package = pkgs.forgejo;
|
||||||
stateDir = "/var/lib/git";
|
stateDir = "/var/lib/git";
|
||||||
|
|
||||||
database = {
|
database = {
|
||||||
|
@ -24,17 +24,30 @@ in
|
||||||
APP_NAME = "Forge git de la DGNum";
|
APP_NAME = "Forge git de la DGNum";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
server = {
|
||||||
|
ROOT_URL = "https://${host}/";
|
||||||
|
DOMAIN = host;
|
||||||
|
HTTP_ADDRESS = "127.0.0.1";
|
||||||
|
HTTP_PORT = port;
|
||||||
|
APP_DATA_PATH = "/var/lib/git/data";
|
||||||
|
};
|
||||||
|
|
||||||
|
service = {
|
||||||
|
EMAIL_DOMAIN_ALLOWLIST = "dgnum.eu,*";
|
||||||
|
|
||||||
|
DISABLE_REGISTRATION = false;
|
||||||
|
REGISTER_EMAIL_CONFIRM = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
log.LEVEL = "Warn";
|
||||||
|
|
||||||
|
ui.THEMES = "forgejo-auto,forgejo-light,forgejo-dark";
|
||||||
|
|
||||||
actions = {
|
actions = {
|
||||||
ENABLED = true;
|
ENABLED = true;
|
||||||
DEFAULT_ACTIONS_URL = "https://gitea.com";
|
DEFAULT_ACTIONS_URL = "https://gitea.com";
|
||||||
};
|
};
|
||||||
|
|
||||||
admin = {
|
|
||||||
DEFAULT_EMAIL_NOTIFICATIONS = "enabled";
|
|
||||||
};
|
|
||||||
|
|
||||||
log.LEVEL = "Warn";
|
|
||||||
|
|
||||||
mailer = {
|
mailer = {
|
||||||
ENABLED = true;
|
ENABLED = true;
|
||||||
FROM = "git@infra.dgnum.eu";
|
FROM = "git@infra.dgnum.eu";
|
||||||
|
@ -43,30 +56,6 @@ in
|
||||||
SMTP_PORT = 465;
|
SMTP_PORT = 465;
|
||||||
USER = "web-services@infra.dgnum.eu";
|
USER = "web-services@infra.dgnum.eu";
|
||||||
};
|
};
|
||||||
|
|
||||||
server = {
|
|
||||||
ROOT_URL = "https://${host}/";
|
|
||||||
DOMAIN = host;
|
|
||||||
HTTP_ADDRESS = "127.0.0.1";
|
|
||||||
HTTP_PORT = port;
|
|
||||||
APP_DATA_PATH = "/var/lib/git/data";
|
|
||||||
OFFLINE_MODE = false;
|
|
||||||
};
|
|
||||||
|
|
||||||
service = {
|
|
||||||
EMAIL_DOMAIN_ALLOWLIST = "dgnum.eu,*";
|
|
||||||
ENABLE_NOTIFY_MAIL = true;
|
|
||||||
|
|
||||||
DISABLE_REGISTRATION = false;
|
|
||||||
REGISTER_EMAIL_CONFIRM = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
ui.THEMES = "forgejo-auto,forgejo-light,forgejo-dark";
|
|
||||||
|
|
||||||
"cron.cleanup_actions".ENABLED = true;
|
|
||||||
"cron.delete_old_actions".ENABLED = true;
|
|
||||||
"cron.git_gc_repos".ENABLED = true;
|
|
||||||
"cron.update_checker".ENABLED = false;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
mailerPasswordFile = config.age.secrets."forgejo-mailer_password_file".path;
|
mailerPasswordFile = config.age.secrets."forgejo-mailer_password_file".path;
|
||||||
|
|
|
@ -10,13 +10,11 @@ let
|
||||||
domains = [
|
domains = [
|
||||||
"boussole-sante.normalesup.eu"
|
"boussole-sante.normalesup.eu"
|
||||||
"simi.normalesup.eu"
|
"simi.normalesup.eu"
|
||||||
"bandarretdurgence.ens.fr"
|
|
||||||
];
|
];
|
||||||
|
|
||||||
buckets = [
|
buckets = [
|
||||||
"castopod-dgnum"
|
"castopod-dgnum"
|
||||||
"peertube-videos-dgnum"
|
"peertube-videos-dgnum"
|
||||||
"banda-website"
|
|
||||||
] ++ domains;
|
] ++ domains;
|
||||||
|
|
||||||
mkHosted = host: builtins.map (b: "${b}.${host}");
|
mkHosted = host: builtins.map (b: "${b}.${host}");
|
||||||
|
@ -52,7 +50,7 @@ in
|
||||||
|
|
||||||
k2v_api.api_bind_addr = "[::]:3904";
|
k2v_api.api_bind_addr = "[::]:3904";
|
||||||
|
|
||||||
admin.api_bind_addr = "127.0.0.1:3903";
|
admin.api_bind_addr = "0.0.0.0:3903";
|
||||||
};
|
};
|
||||||
|
|
||||||
environmentFile = config.age.secrets."garage-environment_file".path;
|
environmentFile = config.age.secrets."garage-environment_file".path;
|
||||||
|
@ -64,7 +62,6 @@ in
|
||||||
data_dir
|
data_dir
|
||||||
metadata_dir
|
metadata_dir
|
||||||
];
|
];
|
||||||
TimeoutSec = 3000;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users.garage = {
|
users.users.garage = {
|
||||||
|
|
|
@ -1,26 +1,8 @@
|
||||||
{
|
{ config, ... }:
|
||||||
config,
|
|
||||||
nodes,
|
|
||||||
lib,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
|
|
||||||
let
|
let
|
||||||
host = "prometheus.dgnum.eu";
|
host = "prometheus.dgnum.eu";
|
||||||
port = 9091;
|
port = 9091;
|
||||||
|
|
||||||
nodeExporterConfigs = lib.flatten (
|
|
||||||
lib.mapAttrsToList (
|
|
||||||
node:
|
|
||||||
{ config, ... }:
|
|
||||||
lib.optional config.dgn-node-monitoring.enable {
|
|
||||||
targets = [ "${node}.dgnum:${builtins.toString config.dgn-node-monitoring.port}" ];
|
|
||||||
labels = {
|
|
||||||
host = node;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
) nodes
|
|
||||||
);
|
|
||||||
in
|
in
|
||||||
|
|
||||||
{
|
{
|
||||||
|
@ -38,42 +20,11 @@ in
|
||||||
|
|
||||||
webExternalUrl = "https://${host}";
|
webExternalUrl = "https://${host}";
|
||||||
|
|
||||||
retentionTime = "1y";
|
|
||||||
|
|
||||||
extraFlags = [ "--storage.tsdb.retention.size=20GB" ];
|
|
||||||
|
|
||||||
globalConfig = {
|
|
||||||
scrape_interval = "15s"; # if you change this settings, please do it in grafana also
|
|
||||||
};
|
|
||||||
|
|
||||||
scrapeConfigs = [
|
scrapeConfigs = [
|
||||||
{
|
{
|
||||||
job_name = "prometheus";
|
job_name = "prometheus";
|
||||||
static_configs = [ { targets = [ "localhost:9090" ]; } ];
|
static_configs = [ { targets = [ "localhost:9090" ]; } ];
|
||||||
}
|
}
|
||||||
{
|
|
||||||
job_name = "node_exporter";
|
|
||||||
static_configs = nodeExporterConfigs;
|
|
||||||
}
|
|
||||||
{
|
|
||||||
job_name = "uptime_kuma";
|
|
||||||
scheme = "https";
|
|
||||||
static_configs = [ { targets = [ "status.dgnum.eu" ]; } ];
|
|
||||||
basic_auth = {
|
|
||||||
username = "prometheus";
|
|
||||||
password_file = config.age.secrets."prometheus-uptime-kuma-apikey".path;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
job_name = "hyp01_ups";
|
|
||||||
metrics_path = "/ups_metrics";
|
|
||||||
static_configs = [ { targets = [ "100.80.255.180:9199" ]; } ];
|
|
||||||
}
|
|
||||||
{
|
|
||||||
job_name = "garage";
|
|
||||||
static_configs = [ { targets = [ "localhost:3903" ]; } ];
|
|
||||||
bearer_token_file = config.age.secrets."prometheus-garage_api".path;
|
|
||||||
}
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,30 +1,27 @@
|
||||||
age-encryption.org/v1
|
age-encryption.org/v1
|
||||||
-> ssh-ed25519 jIXfPA HECtxDO0OV6To/Qs3A+2N8+3xqsHp6pz6d4ArgsgXS4
|
-> ssh-ed25519 rHotTw KgYJOa3x3qkH/QwL5YM7A7qDjrT/wur/PvRhD99PDjk
|
||||||
mnmDwWZ6d1aW5Qejzv2Jo112ee78wKVx90R7r5wQbYo
|
BrZwARaPH9YJ+jQMcOJl3B+0VVXyOeB/JKY/qclJ14E
|
||||||
-> ssh-ed25519 QlRB9Q Rx3bV/DkoCCvQCMwJGOfibG8Rif5Ap+W6EqWlFOhUQc
|
-> ssh-ed25519 jIXfPA FRmqOILhQDwY8dnnVzsT9Yo+nAlr4LpKoIdKgLU8uRA
|
||||||
jxEFUWqxedwIK3mNyOG+5dyFFZbJZ3XNFXnk0fe0vyw
|
8PaCaIgR9xqR+dGTUjhuZVv9Uzp+24LeME2/J08poRw
|
||||||
-> ssh-ed25519 r+nK/Q J591Cg/4oP26LT7Tl/wrdDipR/gpg1WMsiKJN0ygbjw
|
-> ssh-ed25519 QlRB9Q VKLN5d4g3vvuJYh7bUx9M3YyITPMoYpmJEm3klzS8nU
|
||||||
WToE5xtuF2FOqtvRgz1SZStYGjTsKRxguIioan+vluU
|
1W0iuVux3/1IjlRfN5DpXcugXnZ1Nq/+bAJumb8VjSU
|
||||||
|
-> ssh-ed25519 r+nK/Q I2i+0w9tisUfGsQOHKmilVncCgJdad7ylKyeovYkgSA
|
||||||
|
Z8h9nmhSsFqlsnijKS2Q+iC388s4gdZ9CFFa9sK+vKA
|
||||||
-> ssh-rsa krWCLQ
|
-> ssh-rsa krWCLQ
|
||||||
hhp33AzK6wYWM6k7ZroV0J5i8C5MQXjQY9sksPQdABRQUd6XTmYOIOdA0ste0EA9
|
CwD5afln6hCMzH5s+0BUhdLW25rooaCUnF/EyP+HTUjJXVfjeGpHcJuwI1PVtRyy
|
||||||
hqbbHQwbFy0oE/QKfnUZWbgJo5Us1DWKxip55L875CPfVcmxvC2ADRO5JKKNkQa/
|
/AXxXmDd5x3MC9xwonXCb4nLsMyFCZT3SLkxZB/hdFn4TBsd6UKc5wMg/jw8EhNu
|
||||||
P4zBALPqf+BXrafcGN4hT8D9gywIWdQ2zPSpKbJE+OdPcUrBVH/ndMUVoLfTEKL9
|
1MplmtryNu9QaH9dtUWiW6Zu0DL9wCiJ4noubDpJ/MeQY4xUTShSfF7PB9yi/0AG
|
||||||
B3XgqRvLNkgsdu7FMEPnelWT3WrxkBME7AathdXcEYXSxiTmaKqxDzRtcNLdh+y2
|
48iaoZgJbiklycqOXF5Z1u6MhjjuV5UeQq6JH7NpiuvypIYM2Ab0azGlkVsDYHvi
|
||||||
6XfQU6lLMT+WWPD/Ro7UzLrWUnFJMYK0SinkOuX+PKxMq95lCc5kI3tZ7JL7bC5E
|
NTGEDGwPqtsexOcYnh5cHrPZw+6a7DFiz7mbc1UiUl3BFlfTi2jFdZFabVZ9gJg7
|
||||||
vBGnX9w0unyR//LLqrOPWA
|
PyVp3aQ7jsIW4+DYsIWeMA
|
||||||
-> ssh-ed25519 /vwQcQ eYSTWAYs/L+cYt/16TrKaIqoc9TFJQncM02Vd8hOg3A
|
-> ssh-ed25519 /vwQcQ Askgv4zAzvT1NfOZqrSR10NCkx9jAWieCbtkTGemDAM
|
||||||
lWalXa1ZBtrjXOB+sznWCjStFHF4ulLaBilEc3b7qWc
|
N2D0khW0Yvw6ZlaCtSDwD3R4CzfBArumkpq0YAv3fxE
|
||||||
-> ssh-ed25519 0R97PA 78K7uF/mXT4pgTbnmfpyxY2czgs+DNueusuatUx7MCQ
|
-> ssh-ed25519 0R97PA H4Mqj2WiRljaW30ReWZihyhsHIxymK8PjuWQrjTpjS0
|
||||||
C/pWPdVCWZuHFuM5fzJHdGZomM3Wbt22iwfLbLSznh0
|
ESSRNIKjKeXFXJU7G7lokghQpsMNOAsMepACbk+W1L0
|
||||||
-> ssh-ed25519 JGx7Ng xFzEGNVIiC0cXCbcSKUfmVLAdRBH7xu6/2E7nVoRwjI
|
-> ssh-ed25519 JGx7Ng Vw/SjdUAmPW1tHMzRprkXgI6CefeSEiZeflWOgnAsDI
|
||||||
+TgvIl03KGm5N55+jGc7UcyRHjMvAFm3Kbvx5Ma4HQ4
|
qBpv7uBQKxVOIAvv7V7yviI+AsbmvNM2DZ6Y4Fu2U8Y
|
||||||
-> ssh-ed25519 5SY7Kg 7YO/crKVWSsr3Hy5HPr0/R3oPdCA2kWduZYeSlcxGnI
|
-> KkV7*L_-grease
|
||||||
N0IpdylU+3ybInseGSKPONxeNr8mh/ZlBGCvY2c0WTA
|
2cwIOQcWAOVX
|
||||||
-> ssh-ed25519 p/Mg4Q y1ekwzz3sSHGrLmb0NqF6VWfalARy+PykE77hVqD7Xc
|
--- w/DwnscRvLRGCXmMn0x+fEB9U6dApV7ydUBsOrjHDkE
|
||||||
0s9QrDsLH6XdzetyIXJEB2MrwwUi8CDpu7SEemm8zJ4
|
2jWJů·‰”Ńű¸˛GpńP;ü<>,ĎÔśBuR·Č‡Pcžňe‡@˘ČŘó;|nUM"ĎÔÄ4:Ź±ŃyąLŇE|+Zřˇ”Ľ#±ŐÁ:??1"kŠˇâhbZgE^ńÔY>}ačĎąâŐr(C¸[FšµőHA’‘Ĺé§q_÷Đ—ä űK$ΖP<Đ°bAĹ™MSľhśŠ„®›ćF<dw|«ď<C2AB>#Ĺ9U‡L|Ť;Ő‹ż‰˘ď
üöý7Čfś
]żüš×›EÔŚVŻ7¨_ń
|
||||||
-> ssh-ed25519 rHotTw 7SMzV/pEmDISPL/fMjafXM3URZpbUPTg+9AngZ0GZTc
|
÷fŚoďOÇ^Sż…Ż—ĺýż•‘e·ĚoOĂŁ<C482>łŢoń†+ëŐěĘ—Ň%Ţ•QUľ·ďµeĎßßŐ„´Đ.ҨR{g0ć|ĚĂ
|
||||||
eIi1+i9JVBLvfQMkmMv5S0N8qgwVtyklX/J+6MdtlSc
|
|
||||||
--- Gjl7lNWG9gyMlg256Oa5i5bFLm1Cup1upjsEDVurgDo
|
|
||||||
uÂ;.ÿñË>pÔïÑ–<C391>òh¸<68>2ÎŒ›}£PJ4èú‘©‰Ñ×íè==#¯¾Úÿ¹8e¤UÊÉŠÇ$1»!–z<E28093>jlA‡[@;ò‚s®<>ŒÉáAB±á-§Rå=È0Ò·d“ðµú†Ê¢þ{«ÒF¹—h›ò–à ù@%ˆŠä´›|×{ ¢åeÚÝÛ¯âøsbë«]Óèå¨ø.m8 8Bn"(Ûæ¤âïW½í!zxn\Ã(5:ïíÒÞ-ZD’ËÇÃ)}HŠü˜¦×ál}Sƒ‘˜ëFrn
|
|
||||||
øL¦-wÉÑ—¼j)ê â¶èÐ&:¥îÓCÞÆ2ÝÒÅÀÏB»ÛzïàŽŸt•WÍ!£8|lïí0
|
|
||||||
¾¸y8óÃkñbÔy×ËäÏ臃‹¹·k’¤¨ÉÍ™ê°n/-’'ÃZ<C383>ÅŸ
¾îƾ\Ûâê‰ù†uŸÍeu®"E ±/d
|
|
Binary file not shown.
|
@ -1,28 +0,0 @@
|
||||||
age-encryption.org/v1
|
|
||||||
-> ssh-ed25519 jIXfPA hiozo++fCkzjrvUQRLnAh4uwlmIXcTwkVbjkYbcH4mQ
|
|
||||||
boST8EzrWdNAuyOylbBX//DnWtO7RL2W++Wnm40w2MA
|
|
||||||
-> ssh-ed25519 QlRB9Q i0StXRfRRlTsN7MNZmlfBQdacHQlmTmriyiRcJu74g0
|
|
||||||
dhkD9ZfW+mkkryHBu+2fHe76hXrWVGKl+orxkPJD6gU
|
|
||||||
-> ssh-ed25519 r+nK/Q Ekn/Bz+c+G+KwgZEOCdk58lV9XN12d7/f+wi8ZEysgU
|
|
||||||
QdvnL+HtpHnxUbKD06WZDAi55q3xOYn3OiHViNdFt+I
|
|
||||||
-> ssh-rsa krWCLQ
|
|
||||||
ijGL8v8Otp59VvF0tDIReazFzchihsutr+zbcQuB6m3JZ6SAWyoKwhFdwiaLOfUd
|
|
||||||
DMAo2FOKfCbWS+M1VpdSJfu9LKroMCkeW+FOK81h6ywEYSAw/vt2FJP2TLiljZou
|
|
||||||
d7hiqNv0u/yiIoQiTs9hwOAPtLofiWcX//18TNTCgqm9Ttn0mKlfBjTkUQJdkZVM
|
|
||||||
j1rofzgHDdkyZDdr1op3sc4iURJ98dVN7ic035Fz+Ggs0yBh9T7qtVsUe7swuoH9
|
|
||||||
b9yxOSHdV3b4BYg75UrfiRNTOeQq8pxsga1DIs2x7oHkeVb8Ypmr1tXuAtWi20eg
|
|
||||||
1cYP5+BxY8ry6uaYNLYpKw
|
|
||||||
-> ssh-ed25519 /vwQcQ ZuVSKV4sI53zDaTOHIkk6ntPy9IxSBNIN/JEDPfT71Y
|
|
||||||
C5UgzlDJCcA8CP5D0kppqJKti76qe5IVFFnNirRtl/s
|
|
||||||
-> ssh-ed25519 0R97PA bNQCB3PAp5Ka2drYm74R7nuGM7NFUsKluPo6EEEyiVA
|
|
||||||
1/NFavNSG1pdMiWr2q2z9XwHs6iqhh5+3KIlr8ToPOo
|
|
||||||
-> ssh-ed25519 JGx7Ng 6X2a/FNvglr8ZSWvgEb37B67JJpJV0x1+fdlo6K6pzo
|
|
||||||
8AxYhMJ5+XGKNnpRBTSUM4GSbRj8s7amMQa8sp+tQWM
|
|
||||||
-> ssh-ed25519 5SY7Kg xw7EQG3mz6gQZXSh2LpY5zFRyMZOqEypvnOorRLBBHQ
|
|
||||||
WTcl4rLfg/siaGFmk/Odc6fsX+C6OPRWTHFQ0eENwgY
|
|
||||||
-> ssh-ed25519 p/Mg4Q hSz69OeCJyLJIpnI1tJqGNRErbDF2v6OdxWxi/pfF3k
|
|
||||||
nM6aJWcuzXEqRarkkAQx4636bALK3g0AwCsSfc8fXrk
|
|
||||||
-> ssh-ed25519 rHotTw xyrUv1xRQGG+CyL7Ftdw50S8LtN3Bd07f+8JInmBdGg
|
|
||||||
ehZkeby649QdiSyCDP4wTplLU7mtXac9QzILFIkIX/8
|
|
||||||
--- xWjuc/9B2UAHi7vuOjdvwJ2K3MEeDeTon5XDU1zi6rw
|
|
||||||
i«(rçfJ!–G$<24>e)¤êý¡é•%)„‚9<>KÙ®UK¿Ëé]oǹË@Âv<C382>ŒÀ2Ipè\<12>ˆ^©9ä]¿ÂL,Ÿ•5æö/wvYŽÒ<C5BD>Í«‡³¬¼
|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -13,13 +13,8 @@ lib.setDefault { inherit publicKeys; } [
|
||||||
"influxdb2-initial_token_file"
|
"influxdb2-initial_token_file"
|
||||||
"influxdb2-telegraf_token_file"
|
"influxdb2-telegraf_token_file"
|
||||||
"netbird-auth_client_secret_file"
|
"netbird-auth_client_secret_file"
|
||||||
"nginx-tvix-store-password"
|
|
||||||
"nginx-tvix-store-password-ci"
|
|
||||||
"peertube-secrets_file"
|
"peertube-secrets_file"
|
||||||
"peertube-service_environment_file"
|
"peertube-service_environment_file"
|
||||||
"peertube-smtp_password_file"
|
"peertube-smtp_password_file"
|
||||||
"prometheus-garage_api"
|
|
||||||
"prometheus-uptime-kuma-apikey"
|
|
||||||
"prometheus-web_config_file"
|
"prometheus-web_config_file"
|
||||||
"tvix-store-infra-signing-key"
|
|
||||||
]
|
]
|
||||||
|
|
|
@ -1,29 +0,0 @@
|
||||||
age-encryption.org/v1
|
|
||||||
-> ssh-ed25519 jIXfPA /4nTbCIrufpN0Jho+8ZqTdZpc8mzSQrpG78flq+b9lM
|
|
||||||
x6Pg9oMGzboBg4WSAHxPwtNKcJUIG007Wx1ZjlzneLc
|
|
||||||
-> ssh-ed25519 QlRB9Q LsPsxbx6zvcLNf/EC3yFRP7Gr5tLYcg+8WGx6n0S724
|
|
||||||
4cyAHEdVBR885G4nfJSvUPqKWr/0abAtDTHmwksADp8
|
|
||||||
-> ssh-ed25519 r+nK/Q 9MisKxWalh0oubQFjwm2SDggxrj/fhdXGCYuYaP99jA
|
|
||||||
18o9juckqPtR4gh2MTXdmonxV9oZymyhCUqW3sOVltQ
|
|
||||||
-> ssh-rsa krWCLQ
|
|
||||||
j6AIypswOisUPlL538E3dpIWsHU/7H1c3+bEXXDFarP3Y5tjWltMRgKoPZUFlcRk
|
|
||||||
2yoVpOjDVkDvMTTu62Yn+Le6oYqoYQYzZ4e5incAR/v7sI76yPo1w+JN3BWBKPab
|
|
||||||
DN6h7Bdr8uzMISvxrRpCNDaU9n9GwA6ylJWvtFKjQZ6IDORVsa1tP44cndm6zAt6
|
|
||||||
Oq11bUDFSJLHiDtxjp0vJFa/4mq5Ay0G10xM/EI8Wf+Tiam/r3ytoBGnNYj1ENp8
|
|
||||||
AQkSxVF4cCORjQAokg+eUYCOzErJqpOx0ACx1SvuRvG4qcQ55ChYxs9zjnlCII2x
|
|
||||||
7JeUM/gjy0FnalxWWDX+cQ
|
|
||||||
-> ssh-ed25519 /vwQcQ bdzz3o+erI4c7ReafjhMYBgpebcJVcdB5vWK7cQ05Cs
|
|
||||||
3rVELKWfeiBksMzmm9XLmEgzdEASxSKcYJOpDQd7A+w
|
|
||||||
-> ssh-ed25519 0R97PA 4k2mZBQJTYhbjdzpxDuNw405iNxd96hVSMwzas/D3nU
|
|
||||||
neRy8ca2SguOJJQxalbPaq5SUH4taH+XxzkU/o/GVig
|
|
||||||
-> ssh-ed25519 JGx7Ng BlMr9FS9vuC1wnvDBAqEMJWzyuqoMqoU7YiFC9633xo
|
|
||||||
Xhvn+luDLE7AFbvgJs6V9cyRh8aJ2JrZfpVvXJhclu4
|
|
||||||
-> ssh-ed25519 5SY7Kg NkkDnN0z+2EzqpEdypnM7AROjjGVzoEvHfzaVbsyDiE
|
|
||||||
qbFUDBx4ghp9TG9YfjGjDXt35go0pMq0HH9GE+WT4v8
|
|
||||||
-> ssh-ed25519 p/Mg4Q rC/DrdXDUDWhbM7LMfQR203JClF/12o4rxJeGs+4rXY
|
|
||||||
Aj3P3skTbMvt2qN/FPSq97D1QwtHlKvFd4CsoujV2JI
|
|
||||||
-> ssh-ed25519 rHotTw 5IBV+q7+F7vNs5Tsx0S+ZEstiqoAaH1x78i/vAwrwDw
|
|
||||||
f729cEfMo/ozygHiRcNXmn8G+M+B68cM48ji7N6VgmY
|
|
||||||
--- TWScQDjdR4g/2v5oirYJgQw4zhhuMnmfvXtrigwmZC4
|
|
||||||
é°1ØLÅÄ‘ßán`Îq^ˆîÚ<C3AE>ï³Q²,ðT«Ó)Lñaü„226M•‘¿Éú½Ü~››4<E280BA>(~’e±.®Y"´M·×!Žp!ÊU<ÖÜŒ–<C592>Â;mn§`,öP–6*&}HPM‡I¶ºòïH
|
|
||||||
Ûôï×Ãmõ<6D>‡ m£<6D>dGΠ߆ß÷T¥?G<>É»/
|
|
|
@ -1,148 +0,0 @@
|
||||||
{ pkgs, config, ... }:
|
|
||||||
let
|
|
||||||
settingsFormat = pkgs.formats.toml { };
|
|
||||||
|
|
||||||
dataDir = "/data/slow/tvix-store";
|
|
||||||
|
|
||||||
store-config = {
|
|
||||||
composition = {
|
|
||||||
blobservices.default = {
|
|
||||||
type = "objectstore";
|
|
||||||
object_store_url = "file://${dataDir}/blob.objectstore";
|
|
||||||
object_store_options = { };
|
|
||||||
};
|
|
||||||
directoryservices = {
|
|
||||||
sled = {
|
|
||||||
type = "sled";
|
|
||||||
is_temporary = false;
|
|
||||||
path = "${dataDir}/directory.sled";
|
|
||||||
};
|
|
||||||
object = {
|
|
||||||
type = "objectstore";
|
|
||||||
object_store_url = "file://${dataDir}/directory.objectstore";
|
|
||||||
object_store_options = { };
|
|
||||||
};
|
|
||||||
};
|
|
||||||
pathinfoservices = {
|
|
||||||
infra = {
|
|
||||||
type = "sled";
|
|
||||||
is_temporary = false;
|
|
||||||
path = "${dataDir}/pathinfo.sled";
|
|
||||||
};
|
|
||||||
infra-signing = {
|
|
||||||
type = "keyfile-signing";
|
|
||||||
inner = "infra";
|
|
||||||
keyfile = config.age.secrets."tvix-store-infra-signing-key".path;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
endpoints = {
|
|
||||||
"127.0.0.1:8056" = {
|
|
||||||
endpoint_type = "Http";
|
|
||||||
blob_service = "default";
|
|
||||||
directory_service = "object";
|
|
||||||
path_info_service = "infra";
|
|
||||||
};
|
|
||||||
"127.0.0.1:8058" = {
|
|
||||||
endpoint_type = "Http";
|
|
||||||
blob_service = "default";
|
|
||||||
directory_service = "object";
|
|
||||||
path_info_service = "infra-signing";
|
|
||||||
};
|
|
||||||
# Add grpc for management and because it is nice
|
|
||||||
"127.0.0.1:8057" = {
|
|
||||||
endpoint_type = "Grpc";
|
|
||||||
blob_service = "default";
|
|
||||||
directory_service = "object";
|
|
||||||
path_info_service = "infra";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
systemdHardening = {
|
|
||||||
PrivateDevices = true;
|
|
||||||
PrivateTmp = true;
|
|
||||||
ProtectControlGroups = true;
|
|
||||||
ProtectKernelTunables = true;
|
|
||||||
RestrictSUIDSGID = true;
|
|
||||||
|
|
||||||
ProtectSystem = "strict";
|
|
||||||
ProtectKernelLogs = true;
|
|
||||||
ProtectProc = "invisible";
|
|
||||||
PrivateUsers = true;
|
|
||||||
ProtectHome = true;
|
|
||||||
UMask = "0077";
|
|
||||||
RuntimeDirectoryMode = "0750";
|
|
||||||
StateDirectoryMode = "0750";
|
|
||||||
};
|
|
||||||
toml = {
|
|
||||||
composition = settingsFormat.generate "composition.toml" store-config.composition;
|
|
||||||
endpoints = settingsFormat.generate "endpoints.toml" store-config.endpoints;
|
|
||||||
};
|
|
||||||
package = pkgs.callPackage ./package { };
|
|
||||||
in
|
|
||||||
{
|
|
||||||
|
|
||||||
age-secrets.autoMatch = [
|
|
||||||
"tvix-store"
|
|
||||||
"nginx"
|
|
||||||
];
|
|
||||||
|
|
||||||
services.nginx.virtualHosts."tvix-store.dgnum.eu" = {
|
|
||||||
enableACME = true;
|
|
||||||
forceSSL = true;
|
|
||||||
locations = {
|
|
||||||
"/infra/" = {
|
|
||||||
proxyPass = "http://127.0.0.1:8056/";
|
|
||||||
extraConfig = ''
|
|
||||||
client_max_body_size 50G;
|
|
||||||
limit_except GET {
|
|
||||||
auth_basic "Password required";
|
|
||||||
auth_basic_user_file ${config.age.secrets."nginx-tvix-store-password".path};
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
"/infra-signing/" = {
|
|
||||||
proxyPass = "http://127.0.0.1:8058/";
|
|
||||||
extraConfig = ''
|
|
||||||
client_max_body_size 50G;
|
|
||||||
auth_basic "Password required";
|
|
||||||
auth_basic_user_file ${config.age.secrets."nginx-tvix-store-password-ci".path};
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
"/.well-known/nix-signing-keys/" = {
|
|
||||||
alias = "${./pubkeys}/";
|
|
||||||
extraConfig = "autoindex on;";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
# TODO add tvix-store cli here
|
|
||||||
# environment.systemPackages = [ ];
|
|
||||||
users.users.tvix-store = {
|
|
||||||
isSystemUser = true;
|
|
||||||
group = "tvix-store";
|
|
||||||
};
|
|
||||||
users.groups.tvix-store = { };
|
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [ "d ${dataDir} 770 tvix-castore tvix-castore -" ];
|
|
||||||
|
|
||||||
systemd.services."tvix-store" = {
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
environment = {
|
|
||||||
RUST_LOG = "debug";
|
|
||||||
};
|
|
||||||
serviceConfig = {
|
|
||||||
UMask = "007";
|
|
||||||
ExecStart = "${package}/bin/multitier-tvix-cache --endpoints-config ${toml.endpoints} --store-composition ${toml.composition}";
|
|
||||||
StateDirectory = "tvix-store";
|
|
||||||
RuntimeDirectory = "tvix-store";
|
|
||||||
User = "tvix-store";
|
|
||||||
Group = "tvix-store";
|
|
||||||
ReadWritePaths = [ dataDir ];
|
|
||||||
} // systemdHardening;
|
|
||||||
};
|
|
||||||
networking.firewall.allowedTCPPorts = [
|
|
||||||
80
|
|
||||||
443
|
|
||||||
];
|
|
||||||
}
|
|
4378
machines/storage01/tvix-cache/package/Cargo.lock
generated
4378
machines/storage01/tvix-cache/package/Cargo.lock
generated
File diff suppressed because it is too large
Load diff
|
@ -1,45 +0,0 @@
|
||||||
{
|
|
||||||
fetchgit,
|
|
||||||
rustPlatform,
|
|
||||||
protobuf,
|
|
||||||
runCommand,
|
|
||||||
}:
|
|
||||||
let
|
|
||||||
tvix-hash = "sha256-KNl+Lv0aMqSFVFt6p/GdmNDddzccW4wKfZB7W6Gv5F0=";
|
|
||||||
tvix-src = fetchgit {
|
|
||||||
name = "tvix";
|
|
||||||
url = "https://git.dgnum.eu/mdebray/tvl-depot";
|
|
||||||
rev = "920b7118d5b0917e426367107f7b7b66089a8d7b";
|
|
||||||
hash = tvix-hash;
|
|
||||||
};
|
|
||||||
protos = runCommand "tvix-protos" { } ''
|
|
||||||
mkdir $out
|
|
||||||
cd ${tvix-src}/tvix #remove tvix maybe
|
|
||||||
find . -name '*.proto' -exec install -D {} $out/{} \;
|
|
||||||
'';
|
|
||||||
in
|
|
||||||
|
|
||||||
rustPlatform.buildRustPackage rec {
|
|
||||||
pname = "multitenant-binary-cache";
|
|
||||||
version = "0.1.0";
|
|
||||||
|
|
||||||
src = fetchgit {
|
|
||||||
url = "https://git.lix.systems/sinavir/multitenant-tvix-binary-cache.git";
|
|
||||||
rev = "0d7d4cf66242facecba485b1085e285e8d46c038";
|
|
||||||
hash = "sha256-IU3OS3ePJeBNiY8HbhoYW5b03Nq8BJ4AWe+bGv4dAuw=";
|
|
||||||
};
|
|
||||||
|
|
||||||
PROTO_ROOT = protos;
|
|
||||||
|
|
||||||
nativeBuildInputs = [ protobuf ];
|
|
||||||
|
|
||||||
cargoLock = {
|
|
||||||
lockFile = ./Cargo.lock;
|
|
||||||
outputHashes = {
|
|
||||||
"nar-bridge-0.1.0" = tvix-hash;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
cargoHash = "";
|
|
||||||
|
|
||||||
meta = { };
|
|
||||||
}
|
|
|
@ -1 +0,0 @@
|
||||||
infra.tvix-store.dgnum.eu-1:8CAY64o3rKjyw2uA5mzr/aTzstnc+Uj4g8OC6ClG1m8=
|
|
|
@ -3,20 +3,23 @@
|
||||||
lib.extra.mkConfig {
|
lib.extra.mkConfig {
|
||||||
enabledModules = [
|
enabledModules = [
|
||||||
# List of modules to enable
|
# List of modules to enable
|
||||||
|
"dgn-fail2ban"
|
||||||
];
|
];
|
||||||
|
|
||||||
enabledServices = [
|
enabledServices = [
|
||||||
# List of services to enable
|
# List of services to enable
|
||||||
"k-radius"
|
|
||||||
"networking"
|
"networking"
|
||||||
"ups"
|
|
||||||
"ulogd"
|
|
||||||
];
|
];
|
||||||
|
|
||||||
extraConfig = {
|
extraConfig = {
|
||||||
|
dgn-fail2ban.jails = lib.extra.enableAttrs' "enabled" [
|
||||||
|
"sshd-bruteforce"
|
||||||
|
"sshd-timeout"
|
||||||
|
];
|
||||||
|
|
||||||
services.netbird.enable = true;
|
services.netbird.enable = true;
|
||||||
services.nginx.enable = true;
|
|
||||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
dgn-hardware.useBcachefs = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
root = ./.;
|
root = ./.;
|
||||||
|
|
|
@ -1,259 +0,0 @@
|
||||||
{
|
|
||||||
config,
|
|
||||||
lib,
|
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
|
|
||||||
let
|
|
||||||
inherit (lib)
|
|
||||||
attrsToList
|
|
||||||
getExe'
|
|
||||||
imap0
|
|
||||||
mapAttrsToList
|
|
||||||
mkEnableOption
|
|
||||||
mkIf
|
|
||||||
mkOption
|
|
||||||
optionalString
|
|
||||||
;
|
|
||||||
|
|
||||||
inherit (lib.types)
|
|
||||||
attrsOf
|
|
||||||
bool
|
|
||||||
enum
|
|
||||||
package
|
|
||||||
path
|
|
||||||
str
|
|
||||||
submodule
|
|
||||||
;
|
|
||||||
|
|
||||||
settingsFormat = pkgs.formats.toml { };
|
|
||||||
|
|
||||||
pykanidm = pkgs.python3.pkgs.callPackage ./packages/pykanidm.nix { };
|
|
||||||
rlm_python = pkgs.callPackage ./packages/rlm_python.nix { inherit pykanidm; };
|
|
||||||
|
|
||||||
cfg = config.services.k-radius;
|
|
||||||
|
|
||||||
acmeDirectory = config.security.acme.certs.${cfg.domain}.directory;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
options.services.k-radius = {
|
|
||||||
enable = mkEnableOption "a freeradius service linked to kanidm.";
|
|
||||||
|
|
||||||
domain = mkOption {
|
|
||||||
type = str;
|
|
||||||
description = "The domain used for the RADIUS server.";
|
|
||||||
};
|
|
||||||
|
|
||||||
raddb = mkOption {
|
|
||||||
type = path;
|
|
||||||
default = "/var/lib/radius/raddb/";
|
|
||||||
description = "The location of the raddb directory.";
|
|
||||||
};
|
|
||||||
|
|
||||||
settings = mkOption { inherit (settingsFormat) type; };
|
|
||||||
|
|
||||||
freeradius = mkOption {
|
|
||||||
type = package;
|
|
||||||
default = pkgs.freeradius.overrideAttrs (old: {
|
|
||||||
buildInputs = (old.buildInputs or [ ]) ++ [ (pkgs.python3.withPackages (ps: [ ps.kanidm ])) ];
|
|
||||||
});
|
|
||||||
};
|
|
||||||
|
|
||||||
configDir = mkOption {
|
|
||||||
type = path;
|
|
||||||
default = "/var/lib/radius/raddb";
|
|
||||||
description = "The path of the freeradius server configuration directory.";
|
|
||||||
};
|
|
||||||
|
|
||||||
authTokenFile = mkOption {
|
|
||||||
type = path;
|
|
||||||
description = "File to the auth token for the service account.";
|
|
||||||
};
|
|
||||||
|
|
||||||
extra-mods = mkOption {
|
|
||||||
type = attrsOf path;
|
|
||||||
default = { };
|
|
||||||
description = "Additional files to be linked in mods-enabled.";
|
|
||||||
};
|
|
||||||
|
|
||||||
extra-sites = mkOption {
|
|
||||||
type = attrsOf path;
|
|
||||||
default = { };
|
|
||||||
description = "Additional files to be linked in sites-enabled.";
|
|
||||||
};
|
|
||||||
|
|
||||||
dictionary = mkOption {
|
|
||||||
type = attrsOf (enum [
|
|
||||||
"abinary"
|
|
||||||
"date"
|
|
||||||
"ipaddr"
|
|
||||||
"integer"
|
|
||||||
"string"
|
|
||||||
]);
|
|
||||||
default = { };
|
|
||||||
description = "Declare additionnal attributes to be listed in the dictionary.";
|
|
||||||
};
|
|
||||||
|
|
||||||
radiusClients = mkOption {
|
|
||||||
type = attrsOf (submodule {
|
|
||||||
options = {
|
|
||||||
secret = mkOption { type = path; };
|
|
||||||
ipaddr = mkOption { type = str; };
|
|
||||||
};
|
|
||||||
});
|
|
||||||
default = { };
|
|
||||||
description = "A mapping of clients and their authentication tokens.";
|
|
||||||
};
|
|
||||||
|
|
||||||
checkConfiguration = mkOption {
|
|
||||||
type = bool;
|
|
||||||
description = "Check the configuration before starting the deamon. Useful for debugging.";
|
|
||||||
default = false;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
|
||||||
# Certificate setup
|
|
||||||
services.nginx.virtualHosts.${cfg.domain} = {
|
|
||||||
http2 = false;
|
|
||||||
enableACME = true;
|
|
||||||
forceSSL = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
users = {
|
|
||||||
users.radius = {
|
|
||||||
group = "radius";
|
|
||||||
description = "Radius daemon user";
|
|
||||||
isSystemUser = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
groups.radius = { };
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.radius = {
|
|
||||||
description = "FreeRadius server";
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
after = [
|
|
||||||
"network.target"
|
|
||||||
"acme-finished-${cfg.domain}.target"
|
|
||||||
];
|
|
||||||
wants = [ "network.target" ];
|
|
||||||
startLimitIntervalSec = 20;
|
|
||||||
startLimitBurst = 5;
|
|
||||||
|
|
||||||
preStart = ''
|
|
||||||
raddb=${cfg.raddb}
|
|
||||||
|
|
||||||
# Recreate the configuration directory
|
|
||||||
rm -rf $raddb && mkdir -p $raddb
|
|
||||||
|
|
||||||
cp -R --no-preserve=mode ${cfg.freeradius}/etc/raddb/* $raddb
|
|
||||||
cp -R --no-preserve=mode ${rlm_python}/etc/raddb/* $raddb
|
|
||||||
|
|
||||||
chmod -R u+w $raddb
|
|
||||||
|
|
||||||
# disable auth via methods kanidm doesn't support
|
|
||||||
rm $raddb/mods-available/sql
|
|
||||||
rm $raddb/mods-enabled/{passwd,totp}
|
|
||||||
|
|
||||||
# enable the python and cache modules
|
|
||||||
ln -nsf $raddb/mods-available/python3 $raddb/mods-enabled/python3
|
|
||||||
ln -nsf $raddb/sites-available/check-eap-tls $raddb/sites-enabled/check-eap-tls
|
|
||||||
|
|
||||||
# write the clients configuration
|
|
||||||
> $raddb/clients.conf
|
|
||||||
${builtins.concatStringsSep "\n" (
|
|
||||||
builtins.attrValues (
|
|
||||||
builtins.mapAttrs (
|
|
||||||
name:
|
|
||||||
{ secret, ipaddr }:
|
|
||||||
''
|
|
||||||
cat <<EOF >> $raddb/clients.conf
|
|
||||||
client ${name} {
|
|
||||||
ipaddr = ${ipaddr}
|
|
||||||
secret = $(cat "${secret}")
|
|
||||||
proto = *
|
|
||||||
}
|
|
||||||
EOF
|
|
||||||
''
|
|
||||||
) cfg.radiusClients
|
|
||||||
)
|
|
||||||
)}
|
|
||||||
|
|
||||||
# Copy the kanidm configuration
|
|
||||||
cat <<EOF > /var/lib/radius/kanidm.toml
|
|
||||||
auth_token = "$(cat "${cfg.authTokenFile}")"
|
|
||||||
EOF
|
|
||||||
|
|
||||||
cat ${settingsFormat.generate "kanidm.toml" cfg.settings} >> /var/lib/radius/kanidm.toml
|
|
||||||
chmod u+w /var/lib/radius/kanidm.toml
|
|
||||||
|
|
||||||
# Copy the certificates to the correct directory
|
|
||||||
rm -rf $raddb/certs && mkdir -p $raddb/certs
|
|
||||||
|
|
||||||
cp ${acmeDirectory}/chain.pem $raddb/certs/ca.pem
|
|
||||||
|
|
||||||
${lib.getExe pkgs.openssl} rehash $raddb/certs
|
|
||||||
|
|
||||||
# Recreate the dh.pem file
|
|
||||||
${lib.getExe pkgs.openssl} dhparam -in $raddb/certs/ca.pem -out $raddb/certs/dh.pem 2048
|
|
||||||
|
|
||||||
cp ${acmeDirectory}/full.pem $raddb/certs/server.pem
|
|
||||||
|
|
||||||
# Link the dictionary
|
|
||||||
ln -nsf ${
|
|
||||||
pkgs.writeText "radius-dictionary" (
|
|
||||||
builtins.concatStringsSep "\n" (
|
|
||||||
imap0 (i: { name, value }: "ATTRIBUTE ${name} ${builtins.toString (3000 + i)} ${value}") (
|
|
||||||
attrsToList cfg.dictionary
|
|
||||||
)
|
|
||||||
)
|
|
||||||
)
|
|
||||||
} $raddb/dictionary
|
|
||||||
|
|
||||||
# Link extra-mods
|
|
||||||
${builtins.concatStringsSep "\n" (
|
|
||||||
mapAttrsToList (name: path: "ln -nsf ${path} $raddb/mods-enabled/${name}") cfg.extra-mods
|
|
||||||
)}
|
|
||||||
|
|
||||||
# Link extra-sites
|
|
||||||
${builtins.concatStringsSep "\n" (
|
|
||||||
mapAttrsToList (name: path: "ln -nsf ${path} $raddb/sites-enabled/${name}") cfg.extra-sites
|
|
||||||
)}
|
|
||||||
|
|
||||||
# Check the configuration
|
|
||||||
${optionalString cfg.checkConfiguration "${getExe' pkgs.freeradius "radiusd"} -C -d $raddb -l stdout"}
|
|
||||||
'';
|
|
||||||
|
|
||||||
path = [
|
|
||||||
pkgs.openssl
|
|
||||||
pkgs.gnused
|
|
||||||
];
|
|
||||||
|
|
||||||
environment = {
|
|
||||||
KANIDM_RLM_CONFIG = "/var/lib/radius/kanidm.toml";
|
|
||||||
PYTHONPATH = rlm_python.pythonPath;
|
|
||||||
};
|
|
||||||
|
|
||||||
serviceConfig = {
|
|
||||||
ExecStart = "${cfg.freeradius}/bin/radiusd -X -f -d /var/lib/radius/raddb -l stdout";
|
|
||||||
ExecReload = [
|
|
||||||
"${cfg.freeradius}/bin/radiusd -C -d /var/lib/radius/raddb -l stdout"
|
|
||||||
"${pkgs.coreutils}/bin/kill -HUP $MAINPID"
|
|
||||||
];
|
|
||||||
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
|
||||||
DynamicUser = true;
|
|
||||||
Group = "radius";
|
|
||||||
LogsDirectory = "radius";
|
|
||||||
ReadOnlyPaths = [ acmeDirectory ];
|
|
||||||
Restart = "on-failure";
|
|
||||||
RestartSec = 2;
|
|
||||||
RuntimeDirectory = "radius";
|
|
||||||
StateDirectory = "radius";
|
|
||||||
SupplementaryGroups = [ "nginx" ];
|
|
||||||
User = "radius";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,43 +0,0 @@
|
||||||
{
|
|
||||||
lib,
|
|
||||||
buildPythonPackage,
|
|
||||||
fetchFromGitHub,
|
|
||||||
poetry-core,
|
|
||||||
aiohttp,
|
|
||||||
authlib,
|
|
||||||
pydantic,
|
|
||||||
toml,
|
|
||||||
}:
|
|
||||||
|
|
||||||
buildPythonPackage rec {
|
|
||||||
pname = "kanidm";
|
|
||||||
version = "1.1.0-rc.16";
|
|
||||||
pyproject = true;
|
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
|
||||||
owner = "kanidm";
|
|
||||||
repo = "kanidm";
|
|
||||||
rev = "v${version}";
|
|
||||||
hash = "sha256-NH9V5KKI9LAtJ2/WuWtUJUzkjVMfO7Q5NQkK7Ys2olU=";
|
|
||||||
};
|
|
||||||
|
|
||||||
sourceRoot = "source/pykanidm";
|
|
||||||
|
|
||||||
build-system = [ poetry-core ];
|
|
||||||
|
|
||||||
dependencies = [
|
|
||||||
aiohttp
|
|
||||||
authlib
|
|
||||||
pydantic
|
|
||||||
toml
|
|
||||||
];
|
|
||||||
|
|
||||||
pythonImportsCheck = [ "kanidm" ];
|
|
||||||
|
|
||||||
meta = with lib; {
|
|
||||||
description = "Kanidm: A simple, secure and fast identity management platform";
|
|
||||||
homepage = "https://github.com/kanidm/kanidm";
|
|
||||||
license = licenses.mpl20;
|
|
||||||
maintainers = with maintainers; [ thubrecht ];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,47 +0,0 @@
|
||||||
{
|
|
||||||
stdenv,
|
|
||||||
fetchFromGitHub,
|
|
||||||
substituteAll,
|
|
||||||
python3,
|
|
||||||
pykanidm,
|
|
||||||
}:
|
|
||||||
|
|
||||||
let
|
|
||||||
pythonPath = python3.pkgs.makePythonPath [ pykanidm ];
|
|
||||||
in
|
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
|
||||||
pname = "rlm_python";
|
|
||||||
version = "1.1.0-rc.16";
|
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
|
||||||
owner = "kanidm";
|
|
||||||
repo = "kanidm";
|
|
||||||
rev = "v${version}";
|
|
||||||
hash = "sha256-NH9V5KKI9LAtJ2/WuWtUJUzkjVMfO7Q5NQkK7Ys2olU=";
|
|
||||||
};
|
|
||||||
|
|
||||||
sourceRoot = "source/rlm_python";
|
|
||||||
|
|
||||||
patches = [
|
|
||||||
(substituteAll {
|
|
||||||
src = ./01-python_path.patch;
|
|
||||||
inherit pythonPath;
|
|
||||||
})
|
|
||||||
];
|
|
||||||
|
|
||||||
installPhase = ''
|
|
||||||
mkdir -p $out/etc/raddb/
|
|
||||||
cp -R mods-available sites-available $out/etc/raddb/
|
|
||||||
'';
|
|
||||||
|
|
||||||
phases = [
|
|
||||||
"unpackPhase"
|
|
||||||
"patchPhase"
|
|
||||||
"installPhase"
|
|
||||||
];
|
|
||||||
|
|
||||||
passthru = {
|
|
||||||
inherit pythonPath;
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,253 +1,53 @@
|
||||||
{
|
|
||||||
pkgs,
|
|
||||||
lib,
|
|
||||||
meta,
|
|
||||||
name,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
|
|
||||||
let
|
let
|
||||||
inherit (lib) mapAttrs' nameValuePair;
|
vlanName = "vlan-uplink-cri";
|
||||||
|
|
||||||
uplink = {
|
linkIp = "10.120.33.250";
|
||||||
ip = "10.120.33.250";
|
linkPrefix = "30";
|
||||||
prefix = 30;
|
|
||||||
|
|
||||||
router = "10.120.33.249";
|
upstreamRouterIp = "10.120.33.249";
|
||||||
};
|
|
||||||
|
|
||||||
mkNetwork =
|
publicIp = "129.199.195.129"; # sync with meta
|
||||||
name:
|
|
||||||
{
|
|
||||||
address ? [ ],
|
|
||||||
extraNetwork ? { },
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
nameValuePair "10-${name}" ({ inherit name address; } // extraNetwork);
|
|
||||||
|
|
||||||
mkNetdev =
|
linkPrefixedIp = "${linkIp}/${linkPrefix}";
|
||||||
name:
|
|
||||||
{ Id, ... }:
|
|
||||||
nameValuePair "10-${name}" {
|
|
||||||
netdevConfig = {
|
|
||||||
Name = name;
|
|
||||||
Kind = "vlan";
|
|
||||||
};
|
|
||||||
vlanConfig.Id = Id;
|
|
||||||
};
|
|
||||||
|
|
||||||
mkUserVlan =
|
|
||||||
{
|
|
||||||
vlan,
|
|
||||||
netIP,
|
|
||||||
servIP,
|
|
||||||
interfaceName,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
{
|
|
||||||
name = interfaceName;
|
|
||||||
value = {
|
|
||||||
Id = vlan;
|
|
||||||
extraNetwork = {
|
|
||||||
networkConfig = {
|
|
||||||
LinkLocalAddressing = "no";
|
|
||||||
DHCPServer = "yes";
|
|
||||||
};
|
|
||||||
linkConfig.Promiscuous = true;
|
|
||||||
addresses = [
|
|
||||||
{
|
|
||||||
addressConfig = {
|
|
||||||
Address = "${servIP}/27";
|
|
||||||
AddPrefixRoute = false;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
];
|
|
||||||
routes = [
|
|
||||||
{
|
|
||||||
routeConfig = {
|
|
||||||
Destination = "${netIP}/27";
|
|
||||||
Table = "user";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
];
|
|
||||||
routingPolicyRules = [
|
|
||||||
{
|
|
||||||
routingPolicyRuleConfig = {
|
|
||||||
From = "${netIP}/27";
|
|
||||||
To = "10.0.0.0/27";
|
|
||||||
IncomingInterface = interfaceName;
|
|
||||||
Table = "user";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
userVlans = builtins.genList (id: rec {
|
|
||||||
vlan = 4094 - id;
|
|
||||||
prefix24nb = (id + 1) / 8;
|
|
||||||
prefix27nb = (id + 1 - prefix24nb * 8) * 32;
|
|
||||||
netIP = "10.0.${toString prefix24nb}.${toString prefix27nb}";
|
|
||||||
servIP = "10.0.${toString prefix24nb}.${toString (prefix27nb + 1)}";
|
|
||||||
interfaceName = "vlan-user-${toString vlan}";
|
|
||||||
}) 850;
|
|
||||||
|
|
||||||
vlans = {
|
|
||||||
vlan-uplink-cri = {
|
|
||||||
Id = 223;
|
|
||||||
address = with uplink; [ "${ip}/${builtins.toString prefix}" ];
|
|
||||||
|
|
||||||
extraNetwork.routes = [
|
|
||||||
{
|
|
||||||
routeConfig = {
|
|
||||||
# Get the public ip from the metadata
|
|
||||||
PreferredSource = builtins.head meta.network.${name}.addresses.ipv4;
|
|
||||||
Gateway = uplink.router;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
vlan-admin = {
|
|
||||||
Id = 3000;
|
|
||||||
address = [ "fd26:baf9:d250:8000::1/64" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
vlan-admin-ap = {
|
|
||||||
Id = 3001;
|
|
||||||
address = [ "fd26:baf9:d250:8001::1/64" ];
|
|
||||||
extraNetwork.ipv6Prefixes = [
|
|
||||||
{
|
|
||||||
ipv6PrefixConfig = {
|
|
||||||
AddressAutoconfiguration = false;
|
|
||||||
OnLink = false;
|
|
||||||
Prefix = "fd26:baf9:d250:8001::/64";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
vlan-apro = {
|
|
||||||
Id = 2000;
|
|
||||||
address = [ "10.0.255.1/24" ];
|
|
||||||
|
|
||||||
extraNetwork.networkConfig.DHCPServer = "yes";
|
|
||||||
};
|
|
||||||
} // builtins.listToAttrs (map mkUserVlan userVlans);
|
|
||||||
in
|
in
|
||||||
|
|
||||||
{
|
{
|
||||||
systemd = {
|
systemd.network = {
|
||||||
network = {
|
networks = {
|
||||||
config.routeTables."user" = 1000;
|
"10-enp67s0f0np0" = {
|
||||||
networks = {
|
name = "enp67s0f0np0";
|
||||||
"10-lo" = {
|
networkConfig = {
|
||||||
name = "lo";
|
VLAN = [ vlanName ];
|
||||||
address = [
|
|
||||||
"::1/128"
|
LinkLocalAddressing = false;
|
||||||
"127.0.0.1/8"
|
LLDP = false;
|
||||||
"10.0.0.1/27"
|
EmitLLDP = false;
|
||||||
];
|
IPv6AcceptRA = false;
|
||||||
routes = [
|
IPv6SendRA = false;
|
||||||
{
|
|
||||||
routeConfig = {
|
|
||||||
Destination = "10.0.0.0/27";
|
|
||||||
Table = "user";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
];
|
|
||||||
routingPolicyRules = [
|
|
||||||
{
|
|
||||||
routingPolicyRuleConfig = {
|
|
||||||
IncomingInterface = "lo";
|
|
||||||
Table = "user";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
"10-enp67s0f0np0" = {
|
|
||||||
name = "enp67s0f0np0";
|
|
||||||
linkConfig.Promiscuous = true;
|
|
||||||
networkConfig = {
|
|
||||||
VLAN = builtins.attrNames vlans;
|
|
||||||
|
|
||||||
LinkLocalAddressing = false;
|
|
||||||
LLDP = false;
|
|
||||||
EmitLLDP = false;
|
|
||||||
IPv6AcceptRA = false;
|
|
||||||
IPv6SendRA = false;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
} // (mapAttrs' mkNetwork vlans);
|
|
||||||
|
|
||||||
netdevs = mapAttrs' mkNetdev vlans;
|
|
||||||
};
|
|
||||||
|
|
||||||
services = {
|
|
||||||
ethtoolConfig = {
|
|
||||||
wantedBy = [ "systemd-networkd.service" ];
|
|
||||||
after = [ "sys-subsystem-net-devices-enp67s0f0np0.device" ];
|
|
||||||
bindsTo = [ "sys-subsystem-net-devices-enp67s0f0np0.device" ];
|
|
||||||
script = builtins.concatStringsSep "\n" (
|
|
||||||
builtins.map (name: "${lib.getExe pkgs.ethtool} -K enp67s0f0np0 ${name} off") [
|
|
||||||
"rxvlan"
|
|
||||||
"txvlan"
|
|
||||||
"rx-vlan-filter"
|
|
||||||
"rx-vlan-offload"
|
|
||||||
"tx-vlan-offload"
|
|
||||||
"tx-vlan-stag-hw-insert"
|
|
||||||
]
|
|
||||||
);
|
|
||||||
};
|
};
|
||||||
|
"10-${vlanName}" = {
|
||||||
systemd-networkd.serviceConfig.LimitNOFILE = 4096;
|
name = vlanName;
|
||||||
|
address = [ linkPrefixedIp ];
|
||||||
net-checker = {
|
routes = [
|
||||||
path = [
|
{
|
||||||
pkgs.iputils
|
routeConfig = {
|
||||||
pkgs.systemd
|
PreferredSource = publicIp;
|
||||||
];
|
Gateway = upstreamRouterIp;
|
||||||
script = ''
|
};
|
||||||
if ping -c 1 8.8.8.8 > /dev/null || ping -c 1 1.1.1.1 > /dev/null; then
|
|
||||||
${
|
|
||||||
lib.concatMapStringsSep "\n " ({ interfaceName, ... }: "networkctl up ${interfaceName}") userVlans
|
|
||||||
}
|
|
||||||
else
|
|
||||||
${
|
|
||||||
lib.concatMapStringsSep "\n " (
|
|
||||||
{ interfaceName, ... }: "networkctl down ${interfaceName}"
|
|
||||||
) userVlans
|
|
||||||
}
|
|
||||||
fi
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
timers.net-checker = {
|
|
||||||
wantedBy = [ "timers.target" ];
|
|
||||||
timerConfig.OnCalendar = "*-*-* *:*:42";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
networking = {
|
|
||||||
nftables = {
|
|
||||||
enable = true;
|
|
||||||
tables.nat = {
|
|
||||||
family = "ip";
|
|
||||||
content = ''
|
|
||||||
chain postrouting {
|
|
||||||
type nat hook postrouting priority 100;
|
|
||||||
ip saddr 10.0.0.0/16 ether saddr 5c:64:8e:f4:09:06 snat ip to 129.199.195.130-129.199.195.158
|
|
||||||
}
|
}
|
||||||
'';
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
firewall = {
|
netdevs = {
|
||||||
allowedUDPPorts = [ 67 ];
|
"10-vlan-uplink-cri" = {
|
||||||
checkReversePath = false;
|
netdevConfig = {
|
||||||
|
Name = vlanName;
|
||||||
|
Kind = "vlan";
|
||||||
|
};
|
||||||
|
vlanConfig = {
|
||||||
|
Id = 223;
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,30 +0,0 @@
|
||||||
age-encryption.org/v1
|
|
||||||
-> ssh-ed25519 jIXfPA Ja6ye8ABH4ueCSyJhFGU+TeN8RPVGSeV2IYFljvM7UI
|
|
||||||
FcvDIOBcKel4Y6DoMmmTuSCzp+3IrWEqhBO87l26dC8
|
|
||||||
-> ssh-ed25519 QlRB9Q g8LVlo+1lgQU8zlCnMj5TjhGIlxiSvB0cDRkjVzY3i8
|
|
||||||
gB5qfOtFKhZoOuAtsm3X5E5hHUCI6B3Byet7WnQMQRk
|
|
||||||
-> ssh-ed25519 r+nK/Q HKHlHM+cPfRkwWp3bc8A7fov+RT9C+9dvCpd4daHFmI
|
|
||||||
EJbSVhuPCwqfijFw4HumpFAg+q+2B4gh4pDHjCf+p94
|
|
||||||
-> ssh-rsa krWCLQ
|
|
||||||
i6ZVdAWq5siE57dP4vz8JYXGO7QiAqQ3+MPSms5pkPktlgQKZGKk+A5S42lAh1K7
|
|
||||||
vILNCuvzrQUO4jUNk9RhRnaDoMLBus0xqQtE5vwTbtqGI4P/M5IttyRQ5PuAHNgc
|
|
||||||
QSNDRetp0QvAcx9I9v0LxArxkGtBPUyICLKYYQcyttie4lfQbfu4jyjZ2Bqix8a4
|
|
||||||
/jFQ2GZgfIdjxfV+45DU3TCwFx0mDnNzHXZsI7u4qul+Z9tm2fYcIeyXCFK+GLa3
|
|
||||||
TUY46IeVElqDpBMIOQbnLXcivpbEQS8LAOvYSIAXUTNKs6WukXktLfo1Juc1YPcV
|
|
||||||
vSTcyV9EBV3DfcozPVdy9A
|
|
||||||
-> ssh-ed25519 /vwQcQ Obd9qr3rphOc9qK+nhSiR1j0Em1uv6OlKt/e76elEHs
|
|
||||||
PjjWoGeDiGVNyvPsQx7KvoO7hRL6wbgNN543tQp0+lQ
|
|
||||||
-> ssh-ed25519 0R97PA FPENiklw5FmKS0G0aqF4K8EEfzOSn+xiaDhb1jCm1l8
|
|
||||||
fswVo+JUSjAK/6P9XTDCRox14AJ25C2H6dqFTqY+UWk
|
|
||||||
-> ssh-ed25519 JGx7Ng CdsdUVx536gu6qYWBJY1jC/zfvuR2vgtDtfI0MJ+mRc
|
|
||||||
zgDkkN+N0Ig8D02t7/jS7KxYXToDa45pX8GIb9/8ax0
|
|
||||||
-> ssh-ed25519 5SY7Kg chOHq4oZGnaq9xRr2lzDBLI3ID90MC6aunlEWEBpgVw
|
|
||||||
ne/EgtRHYbCaiM8RyDJZMPheXhh2Z97zff/zs3oW+mE
|
|
||||||
-> ssh-ed25519 p/Mg4Q S3knEgzoT+1sgvAWAdx7sWwoaxlZY2DObgzAoQE/RDc
|
|
||||||
IXXxmzYKPvaNqFoJjs2278y4ZOfT3ErmZU3C0Fh7EC4
|
|
||||||
-> ssh-ed25519 5rrg4g n1Yz6UWkAx9lJfnx7e2kZWIlZNRvvdl8llZpf4yo8AU
|
|
||||||
kcmQ7mklyqGHulC35JY4ZaF6HE+uAWUClA6SapffXeY
|
|
||||||
-> ssh-ed25519 +mFdtQ 8UW9TtBphutHIMr5Cq1rfMBo2h/VgIAL5YsH4FrCU0U
|
|
||||||
F+ouCDOo9SyuIomV2Qmgv0gBBKukgHNmqLCJWH3+hfA
|
|
||||||
--- fwMG1ZjFgN0FFKM0KgSoJR+Zttxkwz+GBKasO0EXBn4
|
|
||||||
+<2B>šG[þ¿ÐŠeê*Ž*B·`–jVÈ¥ËäÿˆïÜÖ@MIמé4y<02>tÐ|½¤ã)¬¥^¸V)q<1F>àÿI7>ÚI%R®x/â¯êÏü <20> ò_](]Œ5øŠ··Ô<C2B7>ñòªÛò‘OBÄËáøŽ˜“Œr xIM‰—«]ïÂÖÇ|.nçzÄ
oñNº„Ø‚;h%Ù
¤."¦ö
|
|
|
@ -1,32 +0,0 @@
|
||||||
age-encryption.org/v1
|
|
||||||
-> ssh-ed25519 jIXfPA 2nFaxyP7O4GWU7U3wmET5sNrnFq72b9DEhiKEgWVrFk
|
|
||||||
l8uXfCBkTHogzVoUY0WOYhA99fodoT+N0HunacULydI
|
|
||||||
-> ssh-ed25519 QlRB9Q qDalihZE404oPOVHYQR5GIvozXNh4wNxhUa5Zwfz2DU
|
|
||||||
X8qvWf7qprbh0xu/uOHGsNLTQc8efYsgveH9R9kZZZw
|
|
||||||
-> ssh-ed25519 r+nK/Q mksHDhPoKKxQpk4sQPHapdq87EaJmgdmoVxMYjsAang
|
|
||||||
FTYHyxLp4nGOWJu1135yN/lQkGgAD9Jy4JJpMKFktrk
|
|
||||||
-> ssh-rsa krWCLQ
|
|
||||||
jEPt5eWP6NmpOikLhs1uPVo7kxHgg1y7WwdOPyR0z2vpFD2BWGlIi/BvnlE3OO5n
|
|
||||||
jtvDjAauWU0X2JarfdY9mY8MoPjT9qQ/ukxuVAHi5CoL/I1JCqcbuftssYY0B7Ab
|
|
||||||
SMfbyxjK8aIT1/4EQhMoWm0tuIylvgTBagL03Lw5mbyRqDkbpI/6YC9401YjT7Ts
|
|
||||||
dCDGIFAYM2BA7TuJiZr881ypUdU9rlm5rss1ZLMj90jyJPJC4SDYbzE0BoBat9l0
|
|
||||||
dYUrYGhGgZ1cDd6D6mPf6H95muiGHIhxaE8c+LdK/rKCSH9Rf6mfn/Ab/xvnaDNn
|
|
||||||
GW/WD0EpmdzpWVPby68+KA
|
|
||||||
-> ssh-ed25519 /vwQcQ 5DoMxdoK+KiHXKwwOpb7/1FZIEzAa/2/1l8yyxey6iw
|
|
||||||
RzmUkqZQLM5/jDXG9fxhZmfAywgVMjH9Y3O66BnhCSQ
|
|
||||||
-> ssh-ed25519 0R97PA g+uW/jfwHB3m0AdWxb9vPRjeaowhEx1Uoc2R0CVStlA
|
|
||||||
m5XvSEVQ8DiA7BSTsxVn6S1zv92CpbyZxSgUI3ObE4c
|
|
||||||
-> ssh-ed25519 JGx7Ng BtdJpskbfPyywYeFbmQw3HGPTLv5ri6x4bFocr9l6H8
|
|
||||||
88aFw+MCJLqMU/W/ikYDUZEAi0ImaPVbSc7cAZPbs/I
|
|
||||||
-> ssh-ed25519 5SY7Kg +JUMQfaxl7Orym43LVeqUyno0JfUbVnB+xv7smpdRhE
|
|
||||||
6K+Ewq1FhrXB2eYdljlsYpIfmVv49E4jSBsphgDpRJk
|
|
||||||
-> ssh-ed25519 p/Mg4Q AITnEN+Q41fEA2tkvVOKGCDZiuCXanG+qaiF5X4ukiA
|
|
||||||
NvP/HXOliNvi8tngH9PU90E616CPlh/QgkZ052H8wtk
|
|
||||||
-> ssh-ed25519 +mFdtQ RuaXIQNZ3s9C27XtpVTExJlAhYDYXRQni+Hwot0wrzU
|
|
||||||
WctqqoGS2hVfOZSU3ihCg5eI7PnxM7dkOJKM9DJ90Wk
|
|
||||||
-> ssh-ed25519 5rrg4g cAqJQ8z6T46YwzahtcTJxXZHklCGrupVCja5U/g+ZmM
|
|
||||||
wERu5T6rOi5/0qPSXeOnfA0Szg7/pbYFTW0Ys1yWq40
|
|
||||||
-> ssh-ed25519 oRtTqQ NF73c0d1qM4nVt2bEdWTEDjDcz/ZMCObn/7cDZfkVGA
|
|
||||||
Mivm+WWVqAfNs5pLwGmINIsmxlEZi7m7bQIRxGkf3/Q
|
|
||||||
--- 8R1h+xsovrLq+5QI1CoTXc9TBTQugnROZpOAHWBwG1w
|
|
||||||
G“Þ"û¤‡ã8ƒÈî‚&NF}x£ksyÖ\£.i§<69>קF¢‹¯}ê-ÍÁÓšLbì;{
|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -1,30 +0,0 @@
|
||||||
age-encryption.org/v1
|
|
||||||
-> ssh-ed25519 jIXfPA oTG4+leUhtu+taark5+znjTzfTPBjSgtJI5zNmLrxQw
|
|
||||||
+xsiH/nNjeBckEn1bi3OVPo/vy6WGqJftfnNgrh+7eA
|
|
||||||
-> ssh-ed25519 QlRB9Q dk3mYy/ziQL3Cx7XB+/IY8EkrEtBNZkvLf3iwAZtYFg
|
|
||||||
42ABG0MdenXCfgeVoTvJ8XYyKd9OuH/KVZPOdpfLTkc
|
|
||||||
-> ssh-ed25519 r+nK/Q 2nOZZkpvToMgbg66f/DYm2J4gfzhtGEAAzlqYM44V24
|
|
||||||
GJlZ857IA1firt/6A7dTtdqGncJg4XnCBxSLlDeIUe8
|
|
||||||
-> ssh-rsa krWCLQ
|
|
||||||
Z2DScQA6a5+Wzl1cD6fMcWtQRM00PM24eO2bjqlSAy+wk3J+62nxYGQJEXp4y5Ws
|
|
||||||
Rn6FENHllIoH1mXu7XbDpnmertZK1I6krf2jbC4LoUVdXf2czksqtITjwJqFEn9k
|
|
||||||
i27LhROdQN61xnz1OWPbTaNJAEgo6A4gzRnD6SxZjNqF0EHaBgA/SlX9lFfKtp50
|
|
||||||
yiy6rSncJbT7Kxya8Nll/YC8RC78shs6r0+JnuGdm+GstMnkEF8eOIQuNHCPWbdN
|
|
||||||
oT2K6oWjITwQnuSzb9+fIW9Orcl3QjFJPMlVl37p3r5BBNiuaW5Jk1ky8mP6hHRX
|
|
||||||
Hzqa0eHffbiUSTtFbNr6vA
|
|
||||||
-> ssh-ed25519 /vwQcQ wVRPD49z8MeLNz0XGu9HWXBPdbJkegHNOY4chmgzeCU
|
|
||||||
iABkdTWGE+ImvRA0N2mNuUdpqEWmPe0kWRf7yDGgkHs
|
|
||||||
-> ssh-ed25519 0R97PA 79n3SCQbXkjlk/5+GLr1bjapHNhID33zieUF0X2eZgU
|
|
||||||
5BX9Qw6hn1Ie97AaKtpkHnLD4aXEvJI29EwiuFOaDKY
|
|
||||||
-> ssh-ed25519 JGx7Ng vTCpM2b8rMa9o/H/0jKkEf2DRyqCnOJP3+0m9LmV42k
|
|
||||||
dyFkt3XtZDcGx4uiJni6tdXDNVEzlFZqqPHYD/A0g7k
|
|
||||||
-> ssh-ed25519 5SY7Kg wAHGb5dG04fIBCKSOzwTagFMC0z2eGNGLbBGdqAaFH4
|
|
||||||
RozSCdnelai3bOX+Ls2cl2go68mfQeKTlNMRiWGjJpk
|
|
||||||
-> ssh-ed25519 p/Mg4Q zGKTV2Z6+VG1oajB9EGRe7SsDwCeSWDjuS3Wj7D333g
|
|
||||||
7EartLedAduICpquQkN2a2dNy9u4KLm2d97heFrceqE
|
|
||||||
-> ssh-ed25519 5rrg4g T1fAxr/RHvWf/vh2VL41tSH9Mpmq3eFyqzJf+MJIBEk
|
|
||||||
eYJEC1pZ4xQeaXeDV5+gYtOftla9nSSnB/WQ3rLrXn0
|
|
||||||
-> ssh-ed25519 +mFdtQ QtrOIfJz3j4US5STmAIXOS6TsckNtJ5FPO+KHomSVGM
|
|
||||||
qWjtGdXHHNMGBP0qByAvka7YvWLYh+JPD9MqAU8Wuzs
|
|
||||||
--- tD/2gendSlu4C9HG5VAwueB8NPCZWC63ATSB7sETutI
|
|
||||||
›x¡Çßv+z²m<C2B2>2¶zZa>šF¿Þ=Oùøž(¤=¶ÿg
aèôx‘¡¿Ÿ#
|
|
|
@ -2,13 +2,4 @@ let
|
||||||
lib = import ../../../lib { };
|
lib = import ../../../lib { };
|
||||||
publicKeys = lib.getNodeKeys "vault01";
|
publicKeys = lib.getNodeKeys "vault01";
|
||||||
in
|
in
|
||||||
lib.setDefault { inherit publicKeys; } [
|
lib.setDefault { inherit publicKeys; } [ ]
|
||||||
"radius-auth_token_file"
|
|
||||||
"radius-ca_pem_file"
|
|
||||||
"radius-cert_pem_file"
|
|
||||||
"radius-dh_pem_file"
|
|
||||||
"radius-key_pem_file"
|
|
||||||
"radius-private_key_password_file"
|
|
||||||
"eatonmon-password_file"
|
|
||||||
"radius-ap-radius-secret_file"
|
|
||||||
]
|
|
||||||
|
|
|
@ -1,56 +0,0 @@
|
||||||
{
|
|
||||||
config,
|
|
||||||
lib,
|
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
{
|
|
||||||
services = {
|
|
||||||
ulogd = {
|
|
||||||
enable = true;
|
|
||||||
logLevel = 5;
|
|
||||||
settings = {
|
|
||||||
global = {
|
|
||||||
logfile = "/var/log/ulogd.log";
|
|
||||||
stack = [ "ct1:NFCT,ip2str1:IP2STR,pgsql1:PGSQL" ];
|
|
||||||
};
|
|
||||||
ct1 = { };
|
|
||||||
pgsql1 = {
|
|
||||||
db = "ulogd";
|
|
||||||
user = "ulogd";
|
|
||||||
table = "ulog2_ct";
|
|
||||||
procedure = "INSERT_CT";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
postgresql = {
|
|
||||||
enable = true;
|
|
||||||
identMap = ''
|
|
||||||
ulogd-map root ulogd
|
|
||||||
'';
|
|
||||||
authentication = ''
|
|
||||||
local ulogd ulogd peer map=ulogd-map
|
|
||||||
'';
|
|
||||||
|
|
||||||
ensureUsers = [
|
|
||||||
{
|
|
||||||
name = "ulogd";
|
|
||||||
ensureDBOwnership = true;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
ensureDatabases = [ "ulogd" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
systemd.services.ulogd = {
|
|
||||||
serviceConfig.StateDirectory = "ulogd";
|
|
||||||
requires = [ "postgresql.service" ];
|
|
||||||
after = [ "postgresql.service" ];
|
|
||||||
path = [ config.services.postgresql.package ];
|
|
||||||
preStart = lib.mkAfter ''
|
|
||||||
if ! test -e "/var/lib/ulogd/.initialized"; then
|
|
||||||
psql -f "${pkgs.ulogd.doc}/share/doc/ulogd-pgsql/pgsql-ulogd2.sql" -d ulogd -U ulogd
|
|
||||||
touch "/var/lib/ulogd/.initialized"
|
|
||||||
fi
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,98 +0,0 @@
|
||||||
{
|
|
||||||
config,
|
|
||||||
lib,
|
|
||||||
pkgs,
|
|
||||||
meta,
|
|
||||||
name,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
{
|
|
||||||
power.ups = {
|
|
||||||
enable = true;
|
|
||||||
|
|
||||||
ups.eaton = {
|
|
||||||
driver = "usbhid-ups";
|
|
||||||
port = "auto";
|
|
||||||
};
|
|
||||||
|
|
||||||
users.eatonmon = {
|
|
||||||
passwordFile = config.age.secrets."eatonmon-password_file".path;
|
|
||||||
upsmon = "primary";
|
|
||||||
};
|
|
||||||
|
|
||||||
upsmon.monitor.eaton = {
|
|
||||||
user = "eatonmon";
|
|
||||||
};
|
|
||||||
|
|
||||||
schedulerRules =
|
|
||||||
let
|
|
||||||
cmdScript = pkgs.writeShellApplication {
|
|
||||||
name = "upssched-cmd.sh";
|
|
||||||
runtimeInputs = with pkgs; [
|
|
||||||
systemd
|
|
||||||
msmtp
|
|
||||||
];
|
|
||||||
text = ''
|
|
||||||
case $1 in
|
|
||||||
shutdown-low) MEANING="Battery is low, shutting down.";;
|
|
||||||
shutdown-batt) MEANING="On battery for 15min, shutting down.";;
|
|
||||||
warn-batt) MEANING="Power line faillure, going on battery.";;
|
|
||||||
warn-comm) MEANING="Communication with the UPS was broken.";;
|
|
||||||
warn-bypass) MEANING="The UPS is not protecting the server, power line failure would kill $HOSTNAME instantly.";;
|
|
||||||
*) MEANING="Signal unknown, check configuration.";;
|
|
||||||
esac
|
|
||||||
sendmail -i -t <<ERRMAIL
|
|
||||||
To: fai+monitoring@dgnum.eu
|
|
||||||
Subject: [$HOSTNAME] Battery signal: $1
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
|
|
||||||
$MEANING
|
|
||||||
ERRMAIL
|
|
||||||
|
|
||||||
case $1 in
|
|
||||||
shutdown-*) shutdown 20s # let 20s to send the email
|
|
||||||
esac
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
in
|
|
||||||
(pkgs.writeTextFile {
|
|
||||||
name = "upssched.conf";
|
|
||||||
text = ''
|
|
||||||
CMDSCRIPT ${lib.getExe cmdScript}
|
|
||||||
PIPEFN /var/state/ups/upssched/upssched.pipe
|
|
||||||
LOCKFN /var/state/ups/upssched/upssched.lock
|
|
||||||
AT LOWBATT * EXECUTE shutdown-low
|
|
||||||
AT ONBATT * EXECUTE warn-batt
|
|
||||||
AT ONBATT * START-TIMER shutdown-batt 900
|
|
||||||
AT ONLINE * CANCEL-TIMER shutdown-batt
|
|
||||||
AT COMMBAD * EXECUTE warn-comm
|
|
||||||
AT NOCOMM * EXECUTE warn-comm
|
|
||||||
AT BYPASS * EXECUTE warn-bypass
|
|
||||||
'';
|
|
||||||
}).outPath;
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.tmpfiles.settings."10-upsmon" =
|
|
||||||
let
|
|
||||||
root = {
|
|
||||||
user = "root";
|
|
||||||
group = "root";
|
|
||||||
mode = "0600";
|
|
||||||
};
|
|
||||||
in
|
|
||||||
{
|
|
||||||
"/var/state/ups/upssched".d = root // {
|
|
||||||
mode = "0700";
|
|
||||||
};
|
|
||||||
"/var/state/ups/upssched/upssched.pipe".p = root;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.prometheus.exporters.nut = {
|
|
||||||
enable = true;
|
|
||||||
listenAddress = meta.network.${name}.netbirdIp;
|
|
||||||
port = 9199;
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.firewall.interfaces.wt0.allowedTCPPorts = [ 9199 ];
|
|
||||||
}
|
|
|
@ -3,6 +3,7 @@
|
||||||
lib.extra.mkConfig {
|
lib.extra.mkConfig {
|
||||||
enabledModules = [
|
enabledModules = [
|
||||||
# List of modules to enable
|
# List of modules to enable
|
||||||
|
"dgn-fail2ban"
|
||||||
"dgn-web"
|
"dgn-web"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
@ -14,6 +15,7 @@ lib.extra.mkConfig {
|
||||||
"matterbridge"
|
"matterbridge"
|
||||||
"metis"
|
"metis"
|
||||||
"ntfy-sh"
|
"ntfy-sh"
|
||||||
|
"plausible"
|
||||||
"redirections"
|
"redirections"
|
||||||
"static"
|
"static"
|
||||||
"wordpress"
|
"wordpress"
|
||||||
|
|
33
machines/web01/castopod-head-proxy.nix
Normal file
33
machines/web01/castopod-head-proxy.nix
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
{ config, lib, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.services.castopod;
|
||||||
|
fpm = config.services.phpfpm.pools.castopod;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
services.nginx = {
|
||||||
|
resolver.addresses = [ "127.0.0.53" ];
|
||||||
|
virtualHosts."${cfg.localDomain}" = {
|
||||||
|
|
||||||
|
locations."@force_get" = {
|
||||||
|
extraConfig = lib.mkForce ''
|
||||||
|
recursive_error_pages on;
|
||||||
|
proxy_method GET;
|
||||||
|
proxy_pass https://podcasts.dgnum.eu/$request_uri;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
locations."~ .php$" = {
|
||||||
|
extraConfig = lib.mkForce ''
|
||||||
|
error_page 550 = @force_get;
|
||||||
|
if ($request_method = HEAD) { return 550; }
|
||||||
|
fastcgi_intercept_errors on;
|
||||||
|
fastcgi_index index.php;
|
||||||
|
fastcgi_pass unix:${fpm.socket};
|
||||||
|
try_files $uri =404;
|
||||||
|
fastcgi_read_timeout 3600;
|
||||||
|
fastcgi_send_timeout 3600;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -8,7 +8,7 @@ in
|
||||||
enable = true;
|
enable = true;
|
||||||
localDomain = host;
|
localDomain = host;
|
||||||
environmentFile = config.age.secrets.castopod-environment_file.path;
|
environmentFile = config.age.secrets.castopod-environment_file.path;
|
||||||
maxUploadSize = "512M";
|
maxUploadSize = 512;
|
||||||
settings = {
|
settings = {
|
||||||
"email.fromEmail" = "noreply@infra.dgnum.eu";
|
"email.fromEmail" = "noreply@infra.dgnum.eu";
|
||||||
"email.SMTPHost" = "kurisu.lahfa.xyz";
|
"email.SMTPHost" = "kurisu.lahfa.xyz";
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, ... }:
|
_:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [ ./packages ];
|
imports = [ ./packages ];
|
||||||
|
@ -8,29 +8,9 @@
|
||||||
|
|
||||||
api.host = "api.meet.dgnum.eu";
|
api.host = "api.meet.dgnum.eu";
|
||||||
frontend.host = "meet.dgnum.eu";
|
frontend.host = "meet.dgnum.eu";
|
||||||
|
|
||||||
|
configureNginx = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
dgn-backups.postgresDatabases = [ "crabfit" ];
|
dgn-backups.postgresDatabases = [ "crabfit" ];
|
||||||
|
|
||||||
services.nginx =
|
|
||||||
let
|
|
||||||
cfg = config.services.crabfit;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
enable = true;
|
|
||||||
|
|
||||||
virtualHosts.${cfg.frontend.host} = {
|
|
||||||
enableACME = true;
|
|
||||||
forceSSL = true;
|
|
||||||
|
|
||||||
locations."/".proxyPass = "http://127.0.0.1:${builtins.toString cfg.frontend.port}";
|
|
||||||
};
|
|
||||||
|
|
||||||
virtualHosts.${cfg.api.host} = {
|
|
||||||
enableACME = true;
|
|
||||||
forceSSL = true;
|
|
||||||
|
|
||||||
locations."/".proxyPass = "http://127.0.0.1:${builtins.toString cfg.api.port}";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue