c1bddf191f
Instead of directly connecting to LDAP and attempting to bind usernames/password, authenticate users through an OAuth2 flow to Keycloak. This has the advantage of reusing the same SSO we already have for Gerrit, Buildkite, ... However, much of panettone's functionality makes assumptions about LDAP being used. As a result there are some warts introduced by this (for now): * Since LDAP DNs are used as primary keys for users, we have to construct fake DNs based on LDAP usernames It might be sensible to migrate this to the UUIDs used by Keycloak eventually. * LDAP is part of the serving path for issues (for fetching user information), however panettone no longer has a way to fetch arbitrary user information unless it is persisted in its database. To work around this, we construct a "fake" user based only on its DN (i.e. only the username is going to be "correct") and use that to serve issues. * Email notifications no longer work (panettone can not access email addresses) Some of these need to be worked around by persisting some of that information in the panettone database instead, as we don't want to give the service the ability to access arbitrary user information anymore. We can probably do this with the user settings feature that already exists and populate it on launch, but as of this commit email and displayName functionality is simply broken. Change-Id: Id32bf5e09d67f0f1e883024c6e013eb342f03b05 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5772 Reviewed-by: grfn <grfn@gws.fyi> Tested-by: BuildkiteCI |
||
|---|---|---|
| .nixery | ||
| corp | ||
| docs | ||
| fun | ||
| lisp | ||
| net | ||
| nix | ||
| ops | ||
| third_party | ||
| tools | ||
| tvix | ||
| users | ||
| views | ||
| web | ||
| .envrc | ||
| .git-blame-ignore-revs | ||
| .gitignore | ||
| .hgignore | ||
| .mailmap | ||
| .rgignore | ||
| buf.yaml | ||
| default.nix | ||
| LICENSE | ||
| OWNERS | ||
| README.md | ||
| RULES | ||
| rustfmt.toml | ||
depot
This repository is the monorepo for the community around The Virus Lounge, containing our personal tools and infrastructure. Everything in here is built using Nix.
A large portion of the software here is very self-referential, meaning that it exists to sustain the operation of the repository. This is the case because we partially see this as an experiment in tooling for monorepos.
Highlights
Services
-
Source code is available primarily through Sourcegraph on cs.tvl.fyi, where it is searchable and even semantically indexed. A lower-tech view of the repository is also available via cgit-pink on code.tvl.fyi.
The repository can be cloned using
gitfromhttps://cl.tvl.fyi/depot. -
All code in the depot, with the exception of code that is checked in to individual
//usersfolders, needs to be reviewed. We use Gerrit on cl.tvl.fyi for this. -
Issues are tracked via our own issue tracker on b.tvl.fyi. Its source code lives at
//web/panettone/. -
Smaller todo-list entries which do not warrant a separate issue are listed at todo.tvl.fyi.
-
We use Buildkite for CI. Recent builds are listed on tvl.fyi/builds and pipelines are configured dynamically via
//ops/pipelines. -
A search service that makes TVL services available via textual shortcuts is available: atward
All services that we host are deployed on NixOS machines that we manage. Their
configuration is tracked in //ops/{modules,machines}.
Nix
//nix/readTreecontains the Nix code which automatically registers projects in our Nix attribute hierarchy based on their in-tree location//tools/nixerycontains the source code of Nixery, a container registry that can build images ad-hoc from Nix packages//nix/yantscontains Yet Another Nix Type System, which we use for a variety of things throughout the repository//nix/buildGoimplements a Nix library that can build Go software in the style of Bazel'srules_go. Go programs in this repository are built using this library.//nix/buildLispimplements a Nix library that can build Common Lisp software. Currently only SBCL is supported. Lisp programs in this repository are built using this library.//web/blogand//web/atom-feed: A Nix-based static site generator which generates the web page and Atom feed for tazj.in (//users/tazjin/homepage) and tvl.fyi (//web/tvl)//web/bubblegumcontains a CGI-based web framework written in Nix.//nix/nint: A shebang-compatible interpreter wrapper for Nix.//tvixcontains initial work towards a modular architecture for Nix.
We have a variety of other tools and libraries in the //nix folder which may
be of interest.
Packages / Libraries
//net/alcoholic_jwtcontains an easy-to-use JWT-validation library for Rust//net/crimpcontains a high-level HTTP client using cURL for Rust//tools/emacs-pkgscontains various useful Emacs libraries, for example:dottime.elprovides dottime in the Emacs modelinenix-util.elprovides editing utilities for Nix filesterm-switcher.elis an ivy-function for switching between vterm bufferstvl.elprovides helper functions for interacting with the TVL monorepo
//lisp/klatreprovides a grab-bag utility library for Common Lisp
User packages
Contributors to the repository have user directories under
//users, which can be used for
personal or experimental code that does not require review.
Some examples:
//users/grfn/xanthous: A (WIP) TUI RPG, written in Haskell.//users/tazjin/emacs: tazjin's Emacs & EXWM configuration//users/tazjin/finito: A persistent finite-state machine library for Rust.
Licensing
Unless otherwise stated in a subdirectory, all code is licensed under the MIT license. See LICENSE for details.
Contributing
If you'd like to contribute to any of the tools in here, please check out the contribution guidelines and our code of conduct.
IRC users can find us in #tvl on hackint, which is also
reachable via XMPP at #tvl@irc.hackint.org (sic!).
Hackint also provide a web chat.