feat(todolist): use static slapd user data for knownUsers
Since the slapd data is static and generated using nix, we can simply move the user list into ops/users, so it's recognized by readTree and we can use it as ops.users both in ops/nixos/tvl-slapd and web/todolist as a general purpose user registry for depot. Update docs/REVIEWS.md as well. Change-Id: I35caaaab70a5578c47cedc7f33077dd513766290 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2419 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
This commit is contained in:
parent
c033229a61
commit
2d136e0327
4 changed files with 138 additions and 141 deletions
|
@ -113,7 +113,7 @@ instructions:
|
|||
|
||||
1. Be a member of `##tvl-dev` or `##tvl`.
|
||||
2. Clone the depot locally (via `git clone "https://cl.tvl.fyi/depot"`).
|
||||
3. Create a user entry in our LDAP server in [tvl-slapd/default.nix][tvl-slapd].
|
||||
3. Create a user entry in our LDAP server in [ops/users][ops-users].
|
||||
|
||||
We recommend using ARGON2 password hashes, which can be created
|
||||
with the `slappasswd` tool if OpenLDAP was compiled with ARGON2
|
||||
|
@ -149,5 +149,5 @@ The email address is a [public group][].
|
|||
[Gerrit walkthrough]: https://gerrit-review.googlesource.com/Documentation/intro-gerrit-walkthrough.html
|
||||
[OWNERS]: https://cl.tvl.fyi/plugins/owners/Documentation/config.md
|
||||
[guidelines]: ./CONTRIBUTING.md#commit-messages
|
||||
[tvl-slapd]: ../ops/nixos/tvl-slapd/default.nix
|
||||
[ops-users]: ../ops/users/default.nix
|
||||
[public group]: https://groups.google.com/a/tazj.in/forum/?hl=en#!forum/depot
|
||||
|
|
|
@ -24,136 +24,8 @@ let
|
|||
userPassword: ${u.password}
|
||||
'');
|
||||
|
||||
users = [
|
||||
{
|
||||
username = "andi";
|
||||
email = "andi@notmuch.email";
|
||||
password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$8lefg7+8UPAEh9Ott8zH0A$7YuLRraTC1IgxTNTxFJF03AWmqBS3GX2+vfD4XVTrb0";
|
||||
}
|
||||
{
|
||||
username = "artemist";
|
||||
email = "me@artem.ist";
|
||||
password = "{SSHA}N6Tl/txGQwlmVa7xVJCXpGcD1U4bJaI+";
|
||||
}
|
||||
{
|
||||
username = "camsbury";
|
||||
email = "camsbury7@gmail.com";
|
||||
password = "{SSHA}r6/I/zefrAb1jWTdhuqWik0CXT8E+/E5";
|
||||
}
|
||||
{
|
||||
username = "cynthia";
|
||||
email = "cynthia@tvl.fyi";
|
||||
password = "{ARGON2}$argon2id$v=19$m=65536,t=4,p=1$TxjbMGenhEmkyYLrg5uGhbr60THB86YeRZg5bPdiTJo$k9gbRlAPjmxwdUwzbavvsAVkckgQZ0jS2oTtvZBPysk";
|
||||
}
|
||||
{
|
||||
username = "edef";
|
||||
email = "edef@edef.eu";
|
||||
password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$OORx4ERbkgvTmuYCJA8cIw$i5qaBzHkRVw7Tl+wZsTFTDqJwF0vuZqhW3VpknMYMc0";
|
||||
}
|
||||
{
|
||||
username = "ericvolp12";
|
||||
email = "ericvolp12@gmail.com";
|
||||
password = "{SSHA}pSepaQ+/5KBLfJtRR5rfxGU8goAsXgvk";
|
||||
}
|
||||
{
|
||||
username = "eta";
|
||||
email = "eta@theta.eu.org";
|
||||
password = "{SSHA}sOR5xzi7Lfv376XGQA8Hf6jyhTvo0XYc";
|
||||
}
|
||||
{
|
||||
username = "etu";
|
||||
email = "etu@failar.nu";
|
||||
password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$RUrW8C9mWAkBSlkwSTH5dw$n3FXTeu41nDQfvJPI7TT3tcgwPmPJl8hPtaZ58qLq9A";
|
||||
}
|
||||
{
|
||||
username = "firefly";
|
||||
email = "firefly@firefly.nu";
|
||||
password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$RYVVkFoi3A1yYkI8J2zUwg$GUERvgHvU8SGjQmilDJGZu50hYRAHw+ejtuL+Skygs8";
|
||||
}
|
||||
{
|
||||
username = "glittershark";
|
||||
email = "grfn@gws.fyi";
|
||||
password = "{SSHA}i7PSAsXwJT3jjmmvU77aar/tU/YPDCEO";
|
||||
}
|
||||
{
|
||||
username = "htbf";
|
||||
email = "h-tvl@htbf.dev";
|
||||
password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$2iVXQQfd26icaIguHJg/CQ$hA9ziqn7kQ06AV6uQxJCGXoG8f+LWmH+nVlk00a1n/c";
|
||||
}
|
||||
{
|
||||
username = "isomer";
|
||||
email = "isomer@tvl.fyi";
|
||||
password = "{SSHA}OhWQkPJgH1rRJqYIaMUbbKC4iLEzvCev";
|
||||
}
|
||||
{
|
||||
username = "lukegb";
|
||||
email = "lukegb@tvl.fyi";
|
||||
password = "{SSHA}7a85VNhpFElFw+N5xcjgGmt4HnBsaGp4";
|
||||
}
|
||||
{
|
||||
username = "multi";
|
||||
email = "depot@in-addr.xyz";
|
||||
password = "{ARGON2}$argon2i$v=19$m=4096,t=3,p=1$qCfXhZUVft1YVPx7H4x7rw$dhtwtCrEMSpZfWQJbw2wpo5XHqiJqoZkiKeEbE6AdX0";
|
||||
}
|
||||
{
|
||||
username = "nyanotech";
|
||||
email = "nyanotechnology@gmail.com";
|
||||
password = "{SSHA}NIJ2RCRb1+Q4Bs63cyE91VZyiN47DG6y";
|
||||
}
|
||||
{
|
||||
username = "Profpatsch";
|
||||
email = "mail@profpatsch.de";
|
||||
password = "{SSHA}jcFXxRplMFxH4gpa0X5VdUzW64T95TwQ";
|
||||
}
|
||||
{
|
||||
username = "sterni";
|
||||
email = "sternenseemann@systemli.org";
|
||||
password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$+NbF1izPMGqN5bASCBDV9g$aqBVplHwiyDpflZUmLtjkLWzKhxi7hwjm5fOwfbKohU";
|
||||
}
|
||||
{
|
||||
username = "q3k";
|
||||
email = "q3k@q3k.org";
|
||||
password = "{SSHA}BEccJdtnhVLDzOn+pxNfayNi3QFcEABE";
|
||||
}
|
||||
{
|
||||
username = "qyliss";
|
||||
displayName = "Alyssa Ross";
|
||||
email = "hi@alyssa.is";
|
||||
password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$+uTpAKrN452D8wa7OFqPnw$GYi9/zns5iJCXDp1VuTPPsa35M5vkD6+rC8riT8cEHI";
|
||||
}
|
||||
{
|
||||
username = "riking";
|
||||
displayName = "kanepyork";
|
||||
email = "rikingcoding@gmail.com";
|
||||
password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$o2OcfhfKOry+UrcmODyQCw$qloaQgoIRDESwaA3yqPxxy8sgLk3mrjYFBbF41elVrM";
|
||||
}
|
||||
{
|
||||
username = "tazjin";
|
||||
email = "mail@tazj.in";
|
||||
password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$wOPEl9D3kSke//oLtbvqrg$j0npwwXgaXQ/emefKUwL59tH8hdmtzbgH2rQzWSmE2Y";
|
||||
}
|
||||
{
|
||||
username = "implr";
|
||||
email = "implr@hackerspace.pl";
|
||||
password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$SHRFps5sVgyUXYdmqGPw9g$tEx9DwKK1RjWlw52GLwOZ/iHep+QJboaZE83f1pXSwQ";
|
||||
}
|
||||
{
|
||||
username = "v";
|
||||
displayName = "V";
|
||||
email = "v@anomalous.eu";
|
||||
password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$Wa11vk3gQKhJr1uzvtRTRQ$RHfvcC2j6rDUgWfezm05N03LeGIEezeKtmFmt+rfvM4";
|
||||
}
|
||||
{
|
||||
username = "ben";
|
||||
email = "tvl@benjojo.co.uk";
|
||||
password = "{SSHA}Zi48mSPsRMEPhff44w4RHi0SjjyhjWk1";
|
||||
}
|
||||
{
|
||||
username = "jamie";
|
||||
email = "jamie@kwiius.com";
|
||||
password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$OkAMHVAfQ3nJhBffYJwk7Q$JV3DrF9eOU+4VL6I+nkaMUUOMqWuNzdp7N7U5Xwa3fg";
|
||||
}
|
||||
];
|
||||
inherit (config.depot.ops) users;
|
||||
|
||||
in {
|
||||
# Use our patched OpenLDAP derivation which enables stronger password hashing.
|
||||
#
|
||||
|
|
132
ops/users/default.nix
Normal file
132
ops/users/default.nix
Normal file
|
@ -0,0 +1,132 @@
|
|||
{ ... }:
|
||||
|
||||
[
|
||||
{
|
||||
username = "andi";
|
||||
email = "andi@notmuch.email";
|
||||
password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$8lefg7+8UPAEh9Ott8zH0A$7YuLRraTC1IgxTNTxFJF03AWmqBS3GX2+vfD4XVTrb0";
|
||||
}
|
||||
{
|
||||
username = "artemist";
|
||||
email = "me@artem.ist";
|
||||
password = "{SSHA}N6Tl/txGQwlmVa7xVJCXpGcD1U4bJaI+";
|
||||
}
|
||||
{
|
||||
username = "camsbury";
|
||||
email = "camsbury7@gmail.com";
|
||||
password = "{SSHA}r6/I/zefrAb1jWTdhuqWik0CXT8E+/E5";
|
||||
}
|
||||
{
|
||||
username = "cynthia";
|
||||
email = "cynthia@tvl.fyi";
|
||||
password = "{ARGON2}$argon2id$v=19$m=65536,t=4,p=1$TxjbMGenhEmkyYLrg5uGhbr60THB86YeRZg5bPdiTJo$k9gbRlAPjmxwdUwzbavvsAVkckgQZ0jS2oTtvZBPysk";
|
||||
}
|
||||
{
|
||||
username = "edef";
|
||||
email = "edef@edef.eu";
|
||||
password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$OORx4ERbkgvTmuYCJA8cIw$i5qaBzHkRVw7Tl+wZsTFTDqJwF0vuZqhW3VpknMYMc0";
|
||||
}
|
||||
{
|
||||
username = "ericvolp12";
|
||||
email = "ericvolp12@gmail.com";
|
||||
password = "{SSHA}pSepaQ+/5KBLfJtRR5rfxGU8goAsXgvk";
|
||||
}
|
||||
{
|
||||
username = "eta";
|
||||
email = "eta@theta.eu.org";
|
||||
password = "{SSHA}sOR5xzi7Lfv376XGQA8Hf6jyhTvo0XYc";
|
||||
}
|
||||
{
|
||||
username = "etu";
|
||||
email = "etu@failar.nu";
|
||||
password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$RUrW8C9mWAkBSlkwSTH5dw$n3FXTeu41nDQfvJPI7TT3tcgwPmPJl8hPtaZ58qLq9A";
|
||||
}
|
||||
{
|
||||
username = "firefly";
|
||||
email = "firefly@firefly.nu";
|
||||
password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$RYVVkFoi3A1yYkI8J2zUwg$GUERvgHvU8SGjQmilDJGZu50hYRAHw+ejtuL+Skygs8";
|
||||
}
|
||||
{
|
||||
username = "glittershark";
|
||||
email = "grfn@gws.fyi";
|
||||
password = "{SSHA}i7PSAsXwJT3jjmmvU77aar/tU/YPDCEO";
|
||||
}
|
||||
{
|
||||
username = "htbf";
|
||||
email = "h-tvl@htbf.dev";
|
||||
password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$2iVXQQfd26icaIguHJg/CQ$hA9ziqn7kQ06AV6uQxJCGXoG8f+LWmH+nVlk00a1n/c";
|
||||
}
|
||||
{
|
||||
username = "isomer";
|
||||
email = "isomer@tvl.fyi";
|
||||
password = "{SSHA}OhWQkPJgH1rRJqYIaMUbbKC4iLEzvCev";
|
||||
}
|
||||
{
|
||||
username = "lukegb";
|
||||
email = "lukegb@tvl.fyi";
|
||||
password = "{SSHA}7a85VNhpFElFw+N5xcjgGmt4HnBsaGp4";
|
||||
}
|
||||
{
|
||||
username = "multi";
|
||||
email = "depot@in-addr.xyz";
|
||||
password = "{ARGON2}$argon2i$v=19$m=4096,t=3,p=1$qCfXhZUVft1YVPx7H4x7rw$dhtwtCrEMSpZfWQJbw2wpo5XHqiJqoZkiKeEbE6AdX0";
|
||||
}
|
||||
{
|
||||
username = "nyanotech";
|
||||
email = "nyanotechnology@gmail.com";
|
||||
password = "{SSHA}NIJ2RCRb1+Q4Bs63cyE91VZyiN47DG6y";
|
||||
}
|
||||
{
|
||||
username = "Profpatsch";
|
||||
email = "mail@profpatsch.de";
|
||||
password = "{SSHA}jcFXxRplMFxH4gpa0X5VdUzW64T95TwQ";
|
||||
}
|
||||
{
|
||||
username = "sterni";
|
||||
email = "sternenseemann@systemli.org";
|
||||
password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$+NbF1izPMGqN5bASCBDV9g$aqBVplHwiyDpflZUmLtjkLWzKhxi7hwjm5fOwfbKohU";
|
||||
}
|
||||
{
|
||||
username = "q3k";
|
||||
email = "q3k@q3k.org";
|
||||
password = "{SSHA}BEccJdtnhVLDzOn+pxNfayNi3QFcEABE";
|
||||
}
|
||||
{
|
||||
username = "qyliss";
|
||||
displayName = "Alyssa Ross";
|
||||
email = "hi@alyssa.is";
|
||||
password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$+uTpAKrN452D8wa7OFqPnw$GYi9/zns5iJCXDp1VuTPPsa35M5vkD6+rC8riT8cEHI";
|
||||
}
|
||||
{
|
||||
username = "riking";
|
||||
displayName = "kanepyork";
|
||||
email = "rikingcoding@gmail.com";
|
||||
password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$o2OcfhfKOry+UrcmODyQCw$qloaQgoIRDESwaA3yqPxxy8sgLk3mrjYFBbF41elVrM";
|
||||
}
|
||||
{
|
||||
username = "tazjin";
|
||||
email = "mail@tazj.in";
|
||||
password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$wOPEl9D3kSke//oLtbvqrg$j0npwwXgaXQ/emefKUwL59tH8hdmtzbgH2rQzWSmE2Y";
|
||||
}
|
||||
{
|
||||
username = "implr";
|
||||
email = "implr@hackerspace.pl";
|
||||
password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$SHRFps5sVgyUXYdmqGPw9g$tEx9DwKK1RjWlw52GLwOZ/iHep+QJboaZE83f1pXSwQ";
|
||||
}
|
||||
{
|
||||
username = "v";
|
||||
displayName = "V";
|
||||
email = "v@anomalous.eu";
|
||||
password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$Wa11vk3gQKhJr1uzvtRTRQ$RHfvcC2j6rDUgWfezm05N03LeGIEezeKtmFmt+rfvM4";
|
||||
}
|
||||
{
|
||||
username = "ben";
|
||||
email = "tvl@benjojo.co.uk";
|
||||
password = "{SSHA}Zi48mSPsRMEPhff44w4RHi0SjjyhjWk1";
|
||||
}
|
||||
{
|
||||
username = "jamie";
|
||||
email = "jamie@kwiius.com";
|
||||
password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$OkAMHVAfQ3nJhBffYJwk7Q$JV3DrF9eOU+4VL6I+nkaMUUOMqWuNzdp7N7U5Xwa3fg";
|
||||
}
|
||||
]
|
|
@ -20,19 +20,12 @@ let
|
|||
fromJSON
|
||||
head
|
||||
readFile
|
||||
map
|
||||
;
|
||||
|
||||
inherit (lib) concatStringsSep;
|
||||
|
||||
# We should extract this from TVL slapd, but that data is not easily
|
||||
# accessible right now.
|
||||
knownUsers = [
|
||||
"tazjin"
|
||||
"riking"
|
||||
"Profpatsch"
|
||||
"grfn"
|
||||
"lukegb"
|
||||
];
|
||||
knownUsers = map (u: u.username) depot.ops.users;
|
||||
|
||||
todo = struct {
|
||||
file = string;
|
||||
|
|
Loading…
Reference in a new issue