Compare commits

...

2 Commits

Author SHA1 Message Date
Oystein Kristoffer Tveit 1afc8841a9
bekkalokk/nginx: remove commented virtualhost for mediawiki 2023-09-07 18:53:05 +02:00
Oystein Kristoffer Tveit b4b6b4971a
bekkalokk/gitea: misc changes
- change domain from git2 to git1
- enable internal SSH serer
- enable code search
- add custom logos
- update import-user-script to ignore GECOS fields
2023-09-07 18:53:05 +02:00
4 changed files with 50 additions and 48 deletions

View File

@ -1,7 +1,7 @@
{ config, values, pkgs, ... }:
let
cfg = config.services.gitea;
domain = "git2.pvv.ntnu.no";
domain = "git.pvv.ntnu.no";
sshPort = 2222;
in {
sops.secrets = {
@ -33,6 +33,10 @@ in {
ROOT_URL = "https://${domain}/";
PROTOCOL = "http+unix";
SSH_PORT = sshPort;
START_SSH_SERVER = true;
};
indexer = {
REPO_INDEXER_ENABLED = true;
};
service.DISABLE_REGISTRATION = true;
session.COOKIE_SECURE = true;
@ -41,9 +45,12 @@ in {
DISABLE_GRAVATAR = true;
ENABLE_FEDERATED_AVATAR = false;
};
"ui.meta".DESCRIPTION = "Bokstavelig talt programvareverkstedet";
};
};
environment.systemPackages = [ cfg.package ];
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
@ -83,4 +90,13 @@ in {
Unit = "gitea-import-users.service";
};
};
system.activationScripts.linkGiteaLogo.text = let
logo-svg = ../../../../assets/logo_blue_regular.svg;
logo-png = ../../../../assets/logo_blue_regular.png;
in ''
install -Dm444 ${logo-svg} ${cfg.stateDir}/custom/public/img/logo.svg
install -Dm444 ${logo-png} ${cfg.stateDir}/custom/public/img/logo.png
install -Dm444 ${./loading.apng} ${cfg.stateDir}/custom/public/img/loading.png
'';
}

View File

@ -12,7 +12,7 @@ if API_TOKEN is None:
GITEA_API_URL = os.getenv('GITEA_API_URL')
if GITEA_API_URL is None:
GITEA_API_URL = 'https://git2.pvv.ntnu.no/api/v1'
GITEA_API_URL = 'https://git.pvv.ntnu.no/api/v1'
BANNED_SHELLS = [
"/usr/bin/nologin",
@ -22,24 +22,26 @@ BANNED_SHELLS = [
"/bin/msgsh",
]
existing_users = []
existing_users = {}
# This function should only ever be called when adding users
# from the passwd file
def add_user(username, name):
if username in existing_users:
return
user = {
"email": username + '@' + EMAIL_DOMAIN,
"full_name": name,
"login_name": username,
"password": secrets.token_urlsafe(32),
"source_id": 1, # 1 = SMTP
"username": username,
"must_change_password": False,
"visibility": "private",
"login_name": username,
"visibility": "public",
"source_id": 1, # 1 = SMTP
}
if username not in existing_users:
user["password"] = secrets.token_urlsafe(32)
user["must_change_password"] = False
user["visibility"] = "private"
user["email"] = username + '@' + EMAIL_DOMAIN
r = requests.post(GITEA_API_URL + '/admin/users', json=user,
headers={'Authorization': 'token ' + API_TOKEN})
if r.status_code != 201:
@ -47,19 +49,29 @@ def add_user(username, name):
return
print('Created user ' + username)
existing_users.append(username)
existing_users[username] = user
else:
r = requests.patch(GITEA_API_URL + f'/admin/users/{username}',
json=user,
headers={'Authorization': 'token ' + API_TOKEN})
if r.status_code != 200:
print('ERR: Failed to update user ' + username + ': ' + r.text)
return
print('Updated user ' + username)
def main():
# Fetch existing users
r = requests.get(GITEA_API_URL + '/admin/users',
headers={'Authorization': 'token ' + API_TOKEN})
if r.status_code != 200:
raise Exception('Failed to get users: ' + r.text)
for user in r.json():
existing_users.append(user['login'])
existing_users[user['login']] = user
# Read the file, add each user
with open("/tmp/passwd-import", 'r') as f:
@ -73,7 +85,7 @@ def main():
continue
username = line.split(':')[0]
name = line.split(':')[4]
name = line.split(':')[4].split(',')[0]
add_user(username, name)

Binary file not shown.

After

Width:  |  Height:  |  Size: 1.1 MiB

View File

@ -12,32 +12,6 @@
recommendedProxySettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
#virtualHosts = {
# "bekkalokk.pvv.ntnu.no" = {
# forceSSL = true;
# enableACME = true;
# root = "${config.services.mediawiki.finalPackage}/share/mediawiki";
# locations = {
# "/" = {
# extraConfig = ''
# fastcgi_split_path_info ^(.+\.php)(/.+)$;
# fastcgi_index index.php;
# fastcgi_pass unix:${config.services.phpfpm.pools.mediawiki.socket};
# include ${pkgs.nginx}/conf/fastcgi_params;
# include ${pkgs.nginx}/conf/fastcgi.conf;
# '';
# };
#
# "/images".root = config.services.mediawiki.uploadsDir;
#
# # "/git" = {
# # proxyPass = "http://unix:${config.services.gitea.settings.server.HTTP_ADDR}";
# # proxyWebsockets = true;
# # };
# };
# };
# };
};
networking.firewall.allowedTCPPorts = [ 80 443 ];