bekkalokk/nginx: remove commented virtualhost for mediawiki

- change domain from git2 to git1
- enable internal SSH serer
- enable code search
- add custom logos
- update import-user-script to ignore GECOS fields

hosts/bekkalokk/services/gitea/default.nix

@@ -1,7 +1,7 @@
 { config, values, pkgs, ... }:
 let
   cfg = config.services.gitea;
-  domain = "git2.pvv.ntnu.no";
+  domain = "git.pvv.ntnu.no";
   sshPort  = 2222;
 in {
   sops.secrets = {
@@ -33,6 +33,10 @@ in {
         ROOT_URL = "https://${domain}/";
         PROTOCOL = "http+unix";
         SSH_PORT = sshPort;
+	START_SSH_SERVER = true;
+      };
+      indexer = {
+      	REPO_INDEXER_ENABLED = true;
       };
       service.DISABLE_REGISTRATION = true;
       session.COOKIE_SECURE = true;
@@ -41,9 +45,12 @@ in {
         DISABLE_GRAVATAR = true;
         ENABLE_FEDERATED_AVATAR = false;
       };
+      "ui.meta".DESCRIPTION = "Bokstavelig talt programvareverkstedet";
     };
   };
 
+  environment.systemPackages = [ cfg.package ];
+
   services.nginx.virtualHosts."${domain}" = {
     forceSSL = true;
     enableACME = true;
@@ -83,4 +90,13 @@ in {
       Unit = "gitea-import-users.service";
     };
   };
+
+  system.activationScripts.linkGiteaLogo.text = let
+    logo-svg = ../../../../assets/logo_blue_regular.svg;
+    logo-png = ../../../../assets/logo_blue_regular.png;
+  in ''
+    install -Dm444 ${logo-svg} ${cfg.stateDir}/custom/public/img/logo.svg
+    install -Dm444 ${logo-png} ${cfg.stateDir}/custom/public/img/logo.png
+    install -Dm444 ${./loading.apng} ${cfg.stateDir}/custom/public/img/loading.png
+  '';
 }

hosts/bekkalokk/services/gitea/gitea-import-users.py

@@ -12,7 +12,7 @@ if API_TOKEN is None:
 
 GITEA_API_URL = os.getenv('GITEA_API_URL')
 if GITEA_API_URL is None:
-    GITEA_API_URL = 'https://git2.pvv.ntnu.no/api/v1'
+    GITEA_API_URL = 'https://git.pvv.ntnu.no/api/v1'
 
 BANNED_SHELLS = [
     "/usr/bin/nologin",
@@ -22,44 +22,56 @@ BANNED_SHELLS = [
     "/bin/msgsh",
 ]
 
-existing_users = []
+existing_users = {}
 
 
+# This function should only ever be called when adding users
+# from the passwd file
 def add_user(username, name):
-    if username in existing_users:
-        return
-
     user = {
-            "email": username + '@' + EMAIL_DOMAIN,
             "full_name": name,
-            "login_name": username,
-            "password": secrets.token_urlsafe(32),
-            "source_id": 1,  # 1 = SMTP
             "username": username,
-            "must_change_password": False,
-            "visibility": "private",
+            "login_name": username,
+            "visibility": "public",
+            "source_id": 1,  # 1 = SMTP
     }
 
-    r = requests.post(GITEA_API_URL + '/admin/users', json=user,
-                      headers={'Authorization': 'token ' + API_TOKEN})
-    if r.status_code != 201:
-        print('ERR: Failed to create user ' + username + ': ' + r.text)
-        return
+    if username not in existing_users:
+        user["password"] = secrets.token_urlsafe(32)
+        user["must_change_password"] = False
+        user["visibility"] = "private"
+        user["email"] = username + '@' + EMAIL_DOMAIN
 
-    print('Created user ' + username)
-    existing_users.append(username)
+        r = requests.post(GITEA_API_URL + '/admin/users', json=user,
+                          headers={'Authorization': 'token ' + API_TOKEN})
+        if r.status_code != 201:
+            print('ERR: Failed to create user ' + username + ': ' + r.text)
+            return
+
+        print('Created user ' + username)
+        existing_users[username] = user
+
+    else:
+        r = requests.patch(GITEA_API_URL + f'/admin/users/{username}',
+                           json=user,
+                           headers={'Authorization': 'token ' + API_TOKEN})
+        if r.status_code != 200:
+            print('ERR: Failed to update user ' + username + ': ' + r.text)
+            return
+
+        print('Updated user ' + username)
 
 
 def main():
-
     # Fetch existing users
     r = requests.get(GITEA_API_URL + '/admin/users',
                      headers={'Authorization': 'token ' + API_TOKEN})
+
     if r.status_code != 200:
         raise Exception('Failed to get users: ' + r.text)
 
     for user in r.json():
-        existing_users.append(user['login'])
+        existing_users[user['login']] = user
 
     # Read the file, add each user
     with open("/tmp/passwd-import", 'r') as f:
@@ -73,7 +85,7 @@ def main():
                 continue
 
             username = line.split(':')[0]
-            name = line.split(':')[4]
+            name = line.split(':')[4].split(',')[0]
 
             add_user(username, name)
 

hosts/bekkalokk/services/nginx.nix

@@ -12,32 +12,6 @@
     recommendedProxySettings = true;
     recommendedOptimisation = true;
     recommendedGzipSettings = true;
-
-    #virtualHosts = {
-    #  "bekkalokk.pvv.ntnu.no" = {
-    #    forceSSL = true;
-    #    enableACME = true;
-    #    root = "${config.services.mediawiki.finalPackage}/share/mediawiki";
-    #    locations =  {
-    #      "/" = {
-    #        extraConfig = ''
-    #          fastcgi_split_path_info ^(.+\.php)(/.+)$;
-    #          fastcgi_index index.php;
-    #          fastcgi_pass unix:${config.services.phpfpm.pools.mediawiki.socket};
-    #          include ${pkgs.nginx}/conf/fastcgi_params;
-    #          include ${pkgs.nginx}/conf/fastcgi.conf;
-    #        '';
-    #      };
-#
-#	  "/images".root = config.services.mediawiki.uploadsDir;
-#
-#          # "/git" = {
-#         #   proxyPass = "http://unix:${config.services.gitea.settings.server.HTTP_ADDR}";
-#          #   proxyWebsockets = true;
-#          # };
-#        };
-#      };
-#    };
   };
 
   networking.firewall.allowedTCPPorts = [ 80 443 ];